diff --git a/.air.toml b/.air.toml
new file mode 100644
index 0000000..e7e5c07
--- /dev/null
+++ b/.air.toml
@@ -0,0 +1,22 @@
+# Working directory
+root = "."
+tmp_dir = ".tmp"
+
+[build]
+# Just plain old shell command. You could use `make` as well.
+cmd = "make build"
+# Binary file yields from `cmd`.
+full_bin = "build/sentinel hub start -c ./config.yaml"
+# This log file places in your tmp_dir.
+log = "air_errors.log"
+# Watch these filename extensions.
+include_ext = ["go"]
+# Ignore these filename extensions or directories.
+exclude_dir = [".tmp", "sql", "frontend", "data", "schema", "scripts"]
+# It's not necessary to trigger build each time file changes if it's too frequent.
+delay = 1000           # ms
+send_interrupt = true
+kill_delay = 500000000
+
+[log]
+time = true
diff --git a/.gitignore b/.gitignore
index 6b8e310..c829d8c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,6 +35,9 @@ go.work.sum
 # .vscode/
 
 data
+data-agent
 build
 config.yaml
+config-agent.yaml
 dist
+.tmp
diff --git a/Dockerfile b/Dockerfile
index 0b6fc8c..4eddaa0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,7 +16,7 @@ COPY frontend/ ./
 RUN pnpm run build
 
 # Backend build stage
-FROM golang:1.25.0-alpine AS backend-builder
+FROM golang:1.25.1-alpine AS backend-builder
 
 # Define build arguments for version, commit, and date.
 ARG VERSION="unknown"
@@ -54,4 +54,4 @@ WORKDIR /root/
 COPY --from=backend-builder /app/bin/sentinel .
 
 # Run the binary
-CMD ["./sentinel", "start"]
+ENTRYPOINT ["./sentinel"]
diff --git a/Makefile b/Makefile
index a6c5b50..b94b3a9 100644
--- a/Makefile
+++ b/Makefile
@@ -4,10 +4,11 @@
 
 # Variables
 BINARY_NAME=sentinel
-MAIN_PATH=./cmd/sentinel
+SENTINEL_PATH=./cmd/sentinel
 BUILD_DIR=./build
 VERSION?=dev
 LDFLAGS=-ldflags="-w -s -X main.version=${VERSION}"
+MIGRATIONS_DIR	 = ./sql/migrations/
 
 # Default target
 help: ## Show this help message
@@ -17,36 +18,44 @@ help: ## Show this help message
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  %-15s %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
 # Development
-dev: ## Run in development mode with auto-reload
-	go run $(MAIN_PATH) start
+hub: ## Run in development mode with auto-reload
+	go run $(SENTINEL_PATH) hub start -c ./config.yaml
+
+agent: ## Run in development mode with auto-reload
+	go run $(SENTINEL_PATH) agent start -c ./config-agent.yaml
+
+migrateup:
+	go run $(SENTINEL_PATH) migrations up -db-path ./data/hub/sqlite/db.sqlite
+
+migratedown:
+	go run $(SENTINEL_PATH) migrations down -db-path ./data/hub/sqlite/db.sqlite
+
+air:
+	air -c .air.toml
 
 run: build ## Build and run the application
 	./$(BUILD_DIR)/$(BINARY_NAME)
 
-runtcpserver:
-	go run ./cmd/tcpserver
-
-rungrpcserver:
-	go run ./cmd/grpcserver
+runtestservers:
+	go run ./cmd/testserver -http -grpc -tcp
 
 front:
 	cd frontend && pnpm dev
 
 # Build targets
-build: deps ## Build the application
-	@mkdir -p $(BUILD_DIR)
-	go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME) $(MAIN_PATH)
+build:
+	go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME) $(SENTINEL_PATH)
 
 
 build-linux: deps ## Build for Linux
 	@mkdir -p $(BUILD_DIR)
-	GOOS=linux GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-linux $(MAIN_PATH)
+	GOOS=linux GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-linux $(SENTINEL_PATH)
 
 build-all: deps ## Build for all platforms
 	@mkdir -p $(BUILD_DIR)
-	GOOS=linux GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-linux-amd64 $(MAIN_PATH)
-	GOOS=darwin GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-darwin-amd64 $(MAIN_PATH)
-	GOOS=windows GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-windows-amd64.exe $(MAIN_PATH)
+	GOOS=linux GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-linux-amd64 $(SENTINEL_PATH)
+	GOOS=darwin GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-darwin-amd64 $(SENTINEL_PATH)
+	GOOS=windows GOARCH=amd64 go build $(LDFLAGS) -o $(BUILD_DIR)/$(BINARY_NAME)-windows-amd64.exe $(SENTINEL_PATH)
 
 # Dependencies
 deps: ## Download dependencies
@@ -115,9 +124,11 @@ clean: ## Clean build artifacts
 	rm -f coverage.out coverage.html
 	docker-compose down --volumes --remove-orphans || true
 
-# Database
-init-db: ## Initialize database directory
-	mkdir -p data
+# db-create-migration:
+# 	migrate create -ext sql -format unix -dir "$(MIGRATIONS_DIR)" $(filter-out $@,$(MAKECMDGOALS))
+
+db-create-migration:
+	go run ./cmd/sentinel migrations create -p ./sql/migrations -name $(filter-out $@,$(MAKECMDGOALS))
 
 # Configuration
 init-config: ## Copy example configuration
@@ -133,3 +144,26 @@ genswagger:
 	rm -rf ./docs/*
 	swag fmt -d ./internal/web
 	swag init -o docs/docsv1 --dir ./internal/web -g handlers.go --parseDependency
+
+genenvs:
+	go run ./cmd/sentinel config genenvs
+
+gensql:
+	pgxgen crud
+	pgxgen sqlc generate
+
+genproto: ## Generate protobuf code
+	buf lint
+	rm -rf ./internal/hub/hubserver/api/*
+	rm -rf frontend/src/api/gen/*
+	buf generate
+	rm -rf frontend/src/api/gen/sentinel/hub
+
+grpcui-hub:
+	grpcui --plaintext localhost:8080
+
+grpcui-server:
+	grpcui --plaintext localhost:8080
+
+%:
+	@:
diff --git a/README.md b/README.md
index 4b2c887..d553b98 100644
--- a/README.md
+++ b/README.md
@@ -123,9 +123,6 @@ monitoring:
     default_timeout: 10s
     default_retries: 5
 
-database:
-  path: "./data/db.sqlite"
-
 notifications:
   enabled: true
   urls:
@@ -218,7 +215,7 @@ The gRPC monitor supports three types of checks:
 
 ## Notification Setup
 
-Sentinel uses [Shoutrrr](https://github.com/containrrr/shoutrrr) for notifications, which supports multiple providers
+Sentinel uses [Shoutrrr](https://github.com/nicholas-fedor/shoutrrr) for notifications, which supports multiple providers
 
 You can configure multiple notification providers simultaneously. If one provider fails, notifications will still be sent to the others:
 
diff --git a/buf.gen.yaml b/buf.gen.yaml
new file mode 100644
index 0000000..8f73e9d
--- /dev/null
+++ b/buf.gen.yaml
@@ -0,0 +1,19 @@
+version: v2
+managed:
+  enabled: true
+  override:
+    - file_option: go_package_prefix
+      value: github.com/sxwebdev/sentinel/internal/hub/hubserver/api
+plugins:
+  - remote: buf.build/protocolbuffers/go:v1.36.9
+    out: internal/hub/hubserver/api
+    opt: paths=source_relative
+  - remote: buf.build/connectrpc/go:v1.18.1
+    out: internal/hub/hubserver/api
+    opt: paths=source_relative
+  - remote: buf.build/bufbuild/es:v2.9.0
+    out: frontend/src/api/gen
+    opt: target=ts
+  - remote: buf.build/connectrpc/query-es:v2.2.0
+    out: frontend/src/api/gen
+    opt: target=ts
diff --git a/buf.yaml b/buf.yaml
new file mode 100644
index 0000000..ff6c1e1
--- /dev/null
+++ b/buf.yaml
@@ -0,0 +1,20 @@
+version: v2
+modules:
+  - path: schema
+lint:
+  use:
+    - COMMENT_SERVICE
+    - STANDARD
+  except:
+    - FIELD_NOT_REQUIRED
+    - PACKAGE_NO_IMPORT_CYCLE
+  disallow_comment_ignores: true
+  rpc_allow_google_protobuf_empty_requests: true
+  rpc_allow_google_protobuf_empty_responses: true
+
+breaking:
+  use:
+    - FILE
+  except:
+    - EXTENSION_NO_DELETE
+    - FIELD_SAME_DEFAULT
diff --git a/cmd/grpcserver/main.go b/cmd/grpcserver/main.go
deleted file mode 100644
index d022b9b..0000000
--- a/cmd/grpcserver/main.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package main
-
-import (
-	"flag"
-	"fmt"
-	"log"
-	"net"
-	"os"
-	"os/signal"
-	"syscall"
-
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/health"
-	"google.golang.org/grpc/health/grpc_health_v1"
-	"google.golang.org/grpc/reflection"
-)
-
-var port = flag.Int("port", 50051, "The server port")
-
-func main() {
-	flag.Parse()
-
-	if err := run(); err != nil {
-		log.Fatalf("Failed to run server: %v", err)
-	}
-}
-
-func run() error {
-	addr := fmt.Sprintf("localhost:%d", *port)
-	log.Printf("Starting gRPC server on %s\n", addr)
-
-	lis, err := net.Listen("tcp", addr)
-	if err != nil {
-		return fmt.Errorf("failed to listen: %w", err)
-	}
-
-	// Create gRPC server
-	grpcServer := grpc.NewServer()
-
-	// Create and register health server
-	healthServer := health.NewServer()
-	grpc_health_v1.RegisterHealthServer(grpcServer, healthServer)
-
-	// Register gRPC reflection service for debugging
-	reflection.Register(grpcServer)
-
-	// Set initial serving status
-	healthServer.SetServingStatus("", grpc_health_v1.HealthCheckResponse_SERVING)
-	healthServer.SetServingStatus("health", grpc_health_v1.HealthCheckResponse_SERVING)
-	healthServer.SetServingStatus("test-service", grpc_health_v1.HealthCheckResponse_SERVING)
-
-	// Start server in a goroutine
-	serverErr := make(chan error, 1)
-	go func() {
-		if err := grpcServer.Serve(lis); err != nil {
-			serverErr <- fmt.Errorf("failed to serve: %w", err)
-		}
-	}()
-
-	// Wait for interrupt signal or server error
-	sigChan := make(chan os.Signal, 1)
-	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
-
-	select {
-	case <-sigChan:
-		// Graceful shutdown
-	case err := <-serverErr:
-		return err
-	}
-
-	// Graceful shutdown
-	grpcServer.GracefulStop()
-
-	return nil
-}
-
-// simulateServiceStatusChanges simulates service status changes for testing
-// func simulateServiceStatusChanges(healthServer *health.Server) {
-// 	ticker := time.NewTicker(30 * time.Second)
-// 	defer ticker.Stop()
-
-// 	status := grpc_health_v1.HealthCheckResponse_SERVING
-
-// 	for range ticker.C {
-// 		// Toggle service status for testing
-// 		if status == grpc_health_v1.HealthCheckResponse_SERVING {
-// 			status = grpc_health_v1.HealthCheckResponse_NOT_SERVING
-// 			log.Println("Setting test-service status to NOT_SERVING")
-// 		} else {
-// 			status = grpc_health_v1.HealthCheckResponse_SERVING
-// 			log.Println("Setting test-service status to SERVING")
-// 		}
-
-// 		healthServer.SetServingStatus("test-service", status)
-// 	}
-// }
diff --git a/cmd/sentinel/agent.go b/cmd/sentinel/agent.go
new file mode 100644
index 0000000..03cb010
--- /dev/null
+++ b/cmd/sentinel/agent.go
@@ -0,0 +1,83 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/sxwebdev/sentinel/internal/agent"
+	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/tkcrm/mx/launcher"
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/service"
+	"github.com/tkcrm/mx/service/pingpong"
+	"github.com/urfave/cli/v3"
+)
+
+func agentCMD() *cli.Command {
+	return &cli.Command{
+		Name:  "agent",
+		Usage: "agent commands",
+		Commands: []*cli.Command{
+			{
+				Name:  "start",
+				Usage: "start the agent",
+				Flags: []cli.Flag{cfgPathsFlag()},
+				Action: func(ctx context.Context, cl *cli.Command) error {
+					conf := new(config.ConfigAgent)
+					if err := config.Load(conf, envAgentPrefix, cl.StringSlice("config")); err != nil {
+						return fmt.Errorf("failed to load config: %w", err)
+					}
+
+					loggerOpts := append(defaultLoggerOpts(), logger.WithConfig(conf.Log))
+
+					l := logger.NewExtended(loggerOpts...)
+					defer func() {
+						_ = l.Sync()
+					}()
+
+					// init launcher
+					ln := launcher.New(
+						launcher.WithVersion(version),
+						launcher.WithName(appName),
+						launcher.WithLogger(l),
+						launcher.WithContext(ctx),
+						launcher.WithRunnerServicesSequence(launcher.RunnerServicesSequenceFifo),
+						launcher.WithOpsConfig(conf.Ops),
+						launcher.WithAppStartStopLog(true),
+					)
+
+					// check if exists data dir, if not create it
+					if _, err := os.Stat(conf.AgentDataDir()); os.IsNotExist(err) {
+						l.Infof("creating data directory in %s", conf.AgentDataDir())
+						if err := os.MkdirAll(conf.AgentDataDir(), 0o700); err != nil {
+							return fmt.Errorf("failed to create data dir: %w", err)
+						}
+					}
+
+					// get system info
+					systemInfo := models.GetSystemInfo(version, commitHash, buildDate)
+
+					// init receiver
+					// rc := receiver.New()
+
+					// init agent service
+					ag, err := agent.New(ctx, l, conf, *systemInfo)
+					if err != nil {
+						return fmt.Errorf("failed to init agent: %w", err)
+					}
+
+					// register services
+					ln.ServicesRunner().Register(
+						service.New(service.WithService(pingpong.New(l))),
+						// service.New(service.WithService(rc)),
+						service.New(service.WithService(ag)),
+					)
+
+					return ln.Run()
+				},
+			},
+		},
+	}
+}
diff --git a/cmd/sentinel/config.go b/cmd/sentinel/config.go
index 5212652..b628e32 100644
--- a/cmd/sentinel/config.go
+++ b/cmd/sentinel/config.go
@@ -8,15 +8,15 @@ import (
 
 	"github.com/goccy/go-yaml"
 	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/xconfig"
 	"github.com/urfave/cli/v3"
 )
 
-func cfgPathsFlag() *cli.StringFlag {
-	return &cli.StringFlag{
+func cfgPathsFlag() *cli.StringSliceFlag {
+	return &cli.StringSliceFlag{
 		Name:    "config",
 		Aliases: []string{"c"},
-		Value:   "config.yaml",
-		Usage:   "allows you to use your own paths to configuration files. by default it uses config.yaml",
+		Usage:   "allows you to use your own paths to configuration files",
 	}
 }
 
@@ -29,23 +29,40 @@ func configCMD() *cli.Command {
 				Name:  "genenvs",
 				Usage: "generate config yaml template",
 				Action: func(_ context.Context, _ *cli.Command) error {
-					conf := new(config.Config)
-
-					conf, err := config.Load("")
-					if err != nil {
-						return fmt.Errorf("failed to load config: %w", err)
+					data := []struct {
+						fileName  string
+						envPrefix string
+						conf      any
+					}{
+						{
+							fileName:  "config.template.yaml",
+							envPrefix: envHubPrefix,
+							conf:      new(config.ConfigHub),
+						},
+						{
+							fileName:  "config-agent.template.yaml",
+							envPrefix: envAgentPrefix,
+							conf:      new(config.ConfigAgent),
+						},
 					}
 
-					buf := bytes.NewBuffer(nil)
-					enc := yaml.NewEncoder(buf, yaml.Indent(2))
-					defer enc.Close()
+					for _, d := range data {
+						_, err := xconfig.Load(d.conf, xconfig.WithEnvPrefix(d.envPrefix))
+						if err != nil {
+							return fmt.Errorf("failed to generate markdown: %w", err)
+						}
 
-					if err := enc.Encode(conf); err != nil {
-						return fmt.Errorf("failed to encode yaml: %w", err)
-					}
+						buf := bytes.NewBuffer(nil)
+						enc := yaml.NewEncoder(buf, yaml.Indent(2))
+						defer enc.Close()
+
+						if err := enc.Encode(d.conf); err != nil {
+							return fmt.Errorf("failed to encode yaml: %w", err)
+						}
 
-					if err := os.WriteFile("config.template.yaml", buf.Bytes(), 0o600); err != nil {
-						return fmt.Errorf("failed to write file: %w", err)
+						if err := os.WriteFile(d.fileName, buf.Bytes(), 0o600); err != nil {
+							return fmt.Errorf("failed to write file: %w", err)
+						}
 					}
 
 					return nil
diff --git a/cmd/sentinel/hub.go b/cmd/sentinel/hub.go
new file mode 100644
index 0000000..c08337d
--- /dev/null
+++ b/cmd/sentinel/hub.go
@@ -0,0 +1,224 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/alertresolver"
+	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/sentinel/internal/datamigrations"
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/receiver"
+	"github.com/sxwebdev/sentinel/internal/scheduler"
+	"github.com/sxwebdev/sentinel/internal/servers"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/sxwebdev/sentinel/internal/store/badgerdb"
+	updater "github.com/sxwebdev/sentinel/internal/updated"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"github.com/sxwebdev/sentinel/pkg/locker"
+	"github.com/sxwebdev/sentinel/pkg/migrator"
+	"github.com/sxwebdev/sentinel/pkg/sqlite"
+	"github.com/sxwebdev/sentinel/sql"
+	"github.com/sxwebdev/tokenmanager"
+	"github.com/tkcrm/mx/launcher"
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/service"
+	"github.com/tkcrm/mx/service/pingpong"
+	"github.com/urfave/cli/v3"
+)
+
+func hubStartCMD() *cli.Command {
+	return &cli.Command{
+		Name:  "hub",
+		Usage: "hub commands",
+		Commands: []*cli.Command{
+			{
+				Name:  "start",
+				Usage: "start the server",
+				Flags: []cli.Flag{cfgPathsFlag()},
+				Action: func(ctx context.Context, cl *cli.Command) error {
+					conf := new(config.ConfigHub)
+					if err := config.Load(conf, envHubPrefix, cl.StringSlice("config")); err != nil {
+						return fmt.Errorf("failed to load config: %w", err)
+					}
+
+					loggerOpts := append(defaultLoggerOpts(), logger.WithConfig(conf.Log))
+
+					l := logger.NewExtended(loggerOpts...)
+					defer func() {
+						_ = l.Sync()
+					}()
+
+					// init launcher
+					ln := launcher.New(
+						launcher.WithVersion(version),
+						launcher.WithName(appName),
+						launcher.WithLogger(l),
+						launcher.WithContext(ctx),
+						launcher.WithRunnerServicesSequence(launcher.RunnerServicesSequenceLifo),
+						launcher.WithOpsConfig(conf.Ops),
+						launcher.WithAppStartStopLog(true),
+					)
+
+					// check if exists data dir, if not create it
+					if _, err := os.Stat(conf.HubDataDir()); os.IsNotExist(err) {
+						l.Infof("creating data directory in %s", conf.HubDataDir())
+						if err := os.MkdirAll(conf.HubDataDir(), 0o700); err != nil {
+							return fmt.Errorf("failed to create data dir: %w", err)
+						}
+					}
+
+					var authConfig config.AuthConfig
+
+					// get file datadir/hub/secrets.json
+					// if not exists create it with generated values
+					secretsFilePath := filepath.Join(conf.HubDataDir(), "secrets.json")
+					if _, err := os.Stat(secretsFilePath); os.IsNotExist(err) {
+						l.Infof("creating secrets file in %s", secretsFilePath)
+						if err := os.MkdirAll(filepath.Dir(secretsFilePath), 0o700); err != nil {
+							return fmt.Errorf("failed to create secrets dir: %w", err)
+						}
+
+						accessToken, err := utils.GenerateRandomString(48, "")
+						if err != nil {
+							return fmt.Errorf("failed to generate access token secret key: %w", err)
+						}
+
+						refreshToken, err := utils.GenerateRandomString(48, "")
+						if err != nil {
+							return fmt.Errorf("failed to generate refresh token secret key: %w", err)
+						}
+
+						authConfig = config.AuthConfig{
+							AccessTokenSecretKey:  accessToken,
+							RefreshTokenSecretKey: refreshToken,
+						}
+
+						data, err := json.MarshalIndent(authConfig, "", "  ")
+						if err != nil {
+							return fmt.Errorf("failed to marshal secrets: %w", err)
+						}
+
+						if err := os.WriteFile(secretsFilePath, data, 0o600); err != nil {
+							return fmt.Errorf("failed to create secrets file: %w", err)
+						}
+					} else {
+						data, err := os.ReadFile(secretsFilePath)
+						if err != nil {
+							return fmt.Errorf("failed to read secrets file: %w", err)
+						}
+
+						if err := json.Unmarshal(data, &authConfig); err != nil {
+							return fmt.Errorf("failed to unmarshal secrets file: %w", err)
+						}
+
+						if authConfig.AccessTokenSecretKey == "" || authConfig.RefreshTokenSecretKey == "" {
+							return fmt.Errorf("invalid secrets file: missing keys")
+						}
+					}
+
+					// set default timezone
+					var err error
+					time.Local, err = time.LoadLocation(conf.Timezone)
+					if err != nil {
+						return fmt.Errorf("failed to set timezone: %w", err)
+					}
+
+					sqliteDbPath := filepath.Join(conf.HubDataDir(), "sqlite", sqliteDBFile)
+
+					// init sqlite
+					sqliteDB, err := sqlite.New(ctx, sqliteDbPath)
+					if err != nil {
+						return fmt.Errorf("failed to initialize sqlite: %w", err)
+					}
+
+					// init badger
+					var kvStore tokenmanager.ITokenStore
+
+					var badgerDB *badgerdb.DB
+					if conf.KvDbEngine == "badgerdb" {
+						badgerDbPath := filepath.Join(conf.HubDataDir(), "badger")
+						badgerDB, err = badgerdb.New(l, badgerDbPath)
+						if err != nil {
+							return fmt.Errorf("failed to initialize badgerdb: %w", err)
+						}
+						kvStore = badgerDB
+					} else {
+						kvStore = tokenmanager.NewMemoryTokenStore()
+					}
+
+					l.Infof("using kv store: %s", conf.KvDbEngine)
+
+					// Print SQLite version if using SQLite storage
+					sqliteVersion, err := sqliteDB.GetSQLiteVersion(ctx)
+					if err != nil {
+						return fmt.Errorf("failed to get SQLite version: %w", err)
+					}
+					l.Infof("SQLite version: %s", sqliteVersion)
+
+					// check and run all migrations
+					m := migrator.New(l, sql.MigrationsFS, sql.MigrationsPath, datamigrations.Migrations)
+					if err := m.MigrateUpAll(ctx, sqliteDbPath); err != nil {
+						return fmt.Errorf("failed to run migrations: %w", err)
+					}
+
+					st, err := store.New(sqliteDB.DB, kvStore)
+					if err != nil {
+						return fmt.Errorf("failed to initialize store: %w", err)
+					}
+
+					systemInfo := models.GetSystemInfo(version, commitHash, buildDate)
+					systemInfo.SqliteVersion = sqliteVersion
+
+					// Init receiver
+					rc := receiver.New()
+
+					// Initialize dispatcher
+					dispatcher := dispatcher.New()
+
+					baseServices := baseservices.New(l, st, authConfig, rc, dispatcher, systemInfo)
+
+					// init alert resolver
+					ar := alertresolver.New(l, baseServices)
+
+					// Initialize scheduler
+					sched := scheduler.New(l, rc, baseServices, ar)
+
+					availableUpdateData := locker.New(models.AvailableUpdate{})
+
+					// Initialize upgrader if configured
+					updater, err := updater.New(l, conf.Updater, version, availableUpdateData)
+					if err != nil {
+						return fmt.Errorf("failed to initialize upgrader: %w", err)
+					}
+
+					srv := servers.New(ctx, l, conf.Server.Addr, baseServices, ar, systemInfo, availableUpdateData)
+
+					// register services
+					ln.ServicesRunner().Register(
+						service.New(service.WithService(pingpong.New(l))),
+						service.New(service.WithService(sqliteDB)),
+						service.New(service.WithService(updater)),
+						service.New(service.WithService(rc)),
+						service.New(service.WithService(dispatcher)),
+						service.New(service.WithService(sched)),
+						service.New(service.WithService(srv)),
+						service.New(service.WithService(baseServices.Notifications().Sender())),
+					)
+
+					if badgerDB != nil {
+						ln.ServicesRunner().Register(service.New(service.WithService(badgerDB)))
+					}
+
+					return ln.Run()
+				},
+			},
+		},
+	}
+}
diff --git a/cmd/sentinel/main.go b/cmd/sentinel/main.go
index 69ea018..452e765 100644
--- a/cmd/sentinel/main.go
+++ b/cmd/sentinel/main.go
@@ -14,10 +14,13 @@ import (
 )
 
 var (
-	appName    = "sentinel"
-	version    = "local"
-	commitHash = "unknown"
-	buildDate  = "unknown"
+	appName        = "sentinel"
+	version        = "local"
+	commitHash     = "unknown"
+	buildDate      = "unknown"
+	envHubPrefix   = "SENTINEL_"
+	envAgentPrefix = "SENTINEL_AGENT_"
+	sqliteDBFile   = "db.sqlite"
 )
 
 func getBuildVersion() string {
@@ -43,15 +46,29 @@ func main() {
 
 	l := logger.NewExtended(defaultLoggerOpts()...)
 
+	// check if os args constains agent command
+	if len(os.Args) > 1 && os.Args[1] == "agent" {
+		appName = "sentinel-agent"
+	}
+
 	app := &cli.Command{
 		Name:    appName,
 		Usage:   "A CLI application for " + appName,
 		Version: getBuildVersion(),
 		Suggest: true,
 		Commands: []*cli.Command{
-			startCMD(),
+			hubStartCMD(),
+			agentCMD(),
 			configCMD(),
+			migrationsCMD(),
 			versionCMD(),
+			{
+				Name: "migratedb",
+				Commands: []*cli.Command{
+					exportCmd(),
+					importCmd(),
+				},
+			},
 		},
 	}
 
diff --git a/cmd/sentinel/migrate_data.go b/cmd/sentinel/migrate_data.go
new file mode 100644
index 0000000..7de0b97
--- /dev/null
+++ b/cmd/sentinel/migrate_data.go
@@ -0,0 +1,359 @@
+package main
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/sxwebdev/sentinel/pkg/sqlite"
+	"github.com/urfave/cli/v3"
+	_ "modernc.org/sqlite"
+)
+
+// -------- Old schema structs (export format) --------
+
+type ServiceOld struct {
+	ID        string          `json:"id"`
+	Name      string          `json:"name"`
+	Protocol  string          `json:"protocol"`
+	Interval  string          `json:"interval"` // time.Duration string (e.g., "1s", "250ms")
+	Timeout   string          `json:"timeout"`
+	Retries   int64           `json:"retries"`
+	Tags      json.RawMessage `json:"tags"`
+	Config    json.RawMessage `json:"config"`
+	IsEnabled bool            `json:"is_enabled"`
+	CreatedAt *time.Time      `json:"created_at,omitempty"`
+	UpdatedAt *time.Time      `json:"updated_at,omitempty"`
+}
+
+type StateOld struct {
+	ID               string     `json:"id"`
+	ServiceID        string     `json:"service_id"`
+	Status           string     `json:"status"`
+	LastCheck        *time.Time `json:"last_check"`
+	NextCheck        *time.Time `json:"next_check"`
+	LastError        *string    `json:"last_error"`
+	ConsecutiveFails int64      `json:"consecutive_fails"`
+	ConsecutiveSucc  int64      `json:"consecutive_success"`
+	TotalChecks      int64      `json:"total_checks"`
+	ResponseTimeNS   *int64     `json:"response_time_ns"`
+	CreatedAt        *time.Time `json:"created_at"`
+	UpdatedAt        *time.Time `json:"updated_at"`
+}
+
+type IncidentOld struct {
+	ID         string     `json:"id"`
+	ServiceID  string     `json:"service_id"`
+	StartTime  time.Time  `json:"start_time"`
+	EndTime    *time.Time `json:"end_time"`
+	Error      string     `json:"error"`
+	DurationNS *int64     `json:"duration_ns"`
+	Resolved   bool       `json:"resolved"`
+	CreatedAt  *time.Time `json:"created_at"`
+	UpdatedAt  *time.Time `json:"updated_at"`
+}
+
+func parseDurationMS(s string) (int64, error) {
+	if strings.TrimSpace(s) == "" {
+		return 0, nil
+	}
+	d, err := time.ParseDuration(s)
+	if err != nil {
+		return 0, err
+	}
+	return d.Milliseconds(), nil
+}
+
+func readAll[T any](ctx context.Context, db *sql.DB, query string, scan func(*sql.Rows) (T, error)) ([]T, error) {
+	rows, err := db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var out []T
+	for rows.Next() {
+		v, err := scan(rows)
+		if err != nil {
+			return nil, err
+		}
+		out = append(out, v)
+	}
+	return out, rows.Err()
+}
+
+func exportCmd() *cli.Command {
+	return &cli.Command{
+		Name:  "export",
+		Usage: "Export old schema tables to JSON files (services/service_states/incidents)",
+		Flags: []cli.Flag{
+			&cli.StringFlag{Name: "db", Required: true, Usage: "Path to SQLite DB file"},
+			&cli.StringFlag{Name: "out", Required: true, Usage: "Output directory for JSON files"},
+		},
+		Action: func(ctx context.Context, c *cli.Command) error {
+			dbpath := c.String("db")
+			outDir := c.String("out")
+			if err := os.MkdirAll(outDir, 0o755); err != nil {
+				return err
+			}
+			db, err := sql.Open("sqlite", fmt.Sprintf("file:%s?_busy_timeout=5000&_pragma=foreign_keys(ON)", dbpath))
+			if err != nil {
+				return err
+			}
+			defer db.Close()
+
+			ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+			defer cancel()
+
+			// services
+			services, err := readAll(ctx, db, `SELECT id,name,protocol,interval,timeout,retries,tags,config,is_enabled,created_at,updated_at FROM services`, func(r *sql.Rows) (ServiceOld, error) {
+				var s ServiceOld
+				var tags, cfg []byte
+				if err := r.Scan(&s.ID, &s.Name, &s.Protocol, &s.Interval, &s.Timeout, &s.Retries, &tags, &cfg, &s.IsEnabled, &s.CreatedAt, &s.UpdatedAt); err != nil {
+					return s, err
+				}
+				s.Tags = append([]byte(nil), tags...)
+				s.Config = append([]byte(nil), cfg...)
+				return s, nil
+			})
+			if err != nil {
+				return err
+			}
+
+			// service_states
+			states, err := readAll(ctx, db, `SELECT id,service_id,status,last_check,next_check,last_error,consecutive_fails,consecutive_success,total_checks,response_time_ns,created_at,updated_at FROM service_states`, func(r *sql.Rows) (StateOld, error) {
+				var s StateOld
+				if err := r.Scan(&s.ID, &s.ServiceID, &s.Status, &s.LastCheck, &s.NextCheck, &s.LastError, &s.ConsecutiveFails, &s.ConsecutiveSucc, &s.TotalChecks, &s.ResponseTimeNS, &s.CreatedAt, &s.UpdatedAt); err != nil {
+					return s, err
+				}
+				return s, nil
+			})
+			if err != nil {
+				return err
+			}
+
+			// incidents
+			incidents, err := readAll(ctx, db, `SELECT id,service_id,start_time,end_time,error,duration_ns,resolved,created_at,updated_at FROM incidents`, func(r *sql.Rows) (IncidentOld, error) {
+				var s IncidentOld
+				if err := r.Scan(&s.ID, &s.ServiceID, &s.StartTime, &s.EndTime, &s.Error, &s.DurationNS, &s.Resolved, &s.CreatedAt, &s.UpdatedAt); err != nil {
+					return s, err
+				}
+				return s, nil
+			})
+			if err != nil {
+				return err
+			}
+
+			// write files
+			write := func(name string, v any) error {
+				b, err := json.MarshalIndent(v, "", "  ")
+				if err != nil {
+					return err
+				}
+				return os.WriteFile(filepath.Join(outDir, name), b, 0o644)
+			}
+
+			if err := write("services.old.json", services); err != nil {
+				return err
+			}
+			if err := write("service_states.old.json", states); err != nil {
+				return err
+			}
+			if err := write("incidents.old.json", incidents); err != nil {
+				return err
+			}
+
+			fmt.Printf("Exported %d services, %d states, %d incidents to %s\n", len(services), len(states), len(incidents), outDir)
+			return nil
+		},
+	}
+}
+
+func importCmd() *cli.Command {
+	return &cli.Command{
+		Name:  "import",
+		Usage: "Import JSON into NEW schema (converts durations to ms)",
+		Flags: []cli.Flag{
+			&cli.StringFlag{Name: "db", Required: true, Usage: "Path to NEW SQLite DB file"},
+			&cli.StringFlag{Name: "in", Required: true, Usage: "Input directory with JSON files"},
+		},
+		Action: func(ctx context.Context, c *cli.Command) error {
+			dbpath := c.String("db")
+			inDir := c.String("in")
+
+			dsn := sqlite.GetDSN(dbpath)
+			db, err := sql.Open("sqlite", dsn)
+			if err != nil {
+				return err
+			}
+			defer db.Close()
+
+			ctx, cancel := context.WithTimeout(ctx, 60*time.Second)
+			defer cancel()
+
+			tx, err := db.BeginTx(ctx, nil)
+			if err != nil {
+				return err
+			}
+			defer func() {
+				if err != nil {
+					_ = tx.Rollback()
+				}
+			}()
+
+			// Load JSON
+			var svcsOld []ServiceOld
+			var stsOld []StateOld
+			var incOld []IncidentOld
+			if err = readJSON(filepath.Join(inDir, "services.old.json"), &svcsOld); err != nil {
+				return err
+			}
+			if err = readJSON(filepath.Join(inDir, "service_states.old.json"), &stsOld); err != nil {
+				return err
+			}
+			if err = readJSON(filepath.Join(inDir, "incidents.old.json"), &incOld); err != nil {
+				return err
+			}
+
+			// Convert & insert
+			if err = insertServices(ctx, tx, svcsOld); err != nil {
+				return fmt.Errorf("services: %w", err)
+			}
+			if err = insertStates(ctx, tx, stsOld); err != nil {
+				return fmt.Errorf("service_states: %w", err)
+			}
+			if err = insertIncidents(ctx, tx, incOld); err != nil {
+				return fmt.Errorf("incidents: %w", err)
+			}
+
+			if err = tx.Commit(); err != nil {
+				return err
+			}
+			_, _ = db.Exec(`PRAGMA integrity_check;`)
+			_, _ = db.Exec(`PRAGMA optimize;`)
+			fmt.Println("Import OK")
+			return nil
+		},
+	}
+}
+
+func insertServices(ctx context.Context, tx *sql.Tx, in []ServiceOld) error {
+	stmt, err := tx.PrepareContext(ctx, `
+		INSERT INTO services (id,name,protocol,interval,timeout,retries,tags,config,is_enabled,created_at,updated_at)
+		VALUES (?,?,?,?,?,?,?,?,?,COALESCE(?,CURRENT_TIMESTAMP),COALESCE(?,CURRENT_TIMESTAMP))`)
+	if err != nil {
+		return err
+	}
+	defer stmt.Close()
+	for _, s := range in {
+		intervalMS, err := parseDurationMS(s.Interval)
+		if err != nil {
+			return fmt.Errorf("id=%s interval %q: %w", s.ID, s.Interval, err)
+		}
+		timeoutMS, err := parseDurationMS(s.Timeout)
+		if err != nil {
+			return fmt.Errorf("id=%s timeout %q: %w", s.ID, s.Timeout, err)
+		}
+		protocol := s.Protocol
+		if protocol == "" {
+			protocol = "unknown"
+		}
+		if s.Tags == nil {
+			s.Tags = json.RawMessage("[]")
+		}
+		if s.Config == nil {
+			s.Config = json.RawMessage("{}")
+		}
+		if _, err := stmt.ExecContext(ctx, s.ID, s.Name, protocol, intervalMS, timeoutMS, s.Retries, s.Tags, s.Config, s.IsEnabled, formatDate(s.CreatedAt), formatDate(s.UpdatedAt)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func insertStates(ctx context.Context, tx *sql.Tx, in []StateOld) error {
+	stmt, err := tx.PrepareContext(ctx, `
+		INSERT INTO service_states (id,service_id,status,last_check,last_error,consecutive_fails,consecutive_success,total_checks,avg_response_time,created_at,updated_at)
+		VALUES (?,?,?,?,?,?,?,?,?,COALESCE(?,CURRENT_TIMESTAMP),COALESCE(?,CURRENT_TIMESTAMP))`)
+	if err != nil {
+		return err
+	}
+	defer stmt.Close()
+	for _, s := range in {
+		var avgMS *int64
+		if s.ResponseTimeNS != nil {
+			v := *s.ResponseTimeNS / 1_000_000
+			avgMS = &v
+		}
+		if _, err := stmt.ExecContext(ctx, s.ID, s.ServiceID, s.Status, formatDate(s.LastCheck), s.LastError, s.ConsecutiveFails, s.ConsecutiveSucc, s.TotalChecks, avgMS, formatDate(s.CreatedAt), formatDate(s.UpdatedAt)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func parseTimeFlexible(s string) (time.Time, error) {
+	formats := []string{time.RFC3339Nano, time.RFC3339, "2006-01-02 15:04:05", "2006-01-02 15:04:05Z07:00"}
+	for _, f := range formats {
+		if t, err := time.Parse(f, s); err == nil {
+			return t, nil
+		}
+	}
+	return time.Time{}, errors.New("unsupported time format: " + s)
+}
+
+func insertIncidents(ctx context.Context, tx *sql.Tx, in []IncidentOld) error {
+	stmt, err := tx.PrepareContext(ctx, `
+		INSERT INTO incidents (id,service_id,error,duration,started_at,resolved_at,created_at,updated_at)
+		VALUES (?,?,?,?,?,?,COALESCE(?,CURRENT_TIMESTAMP),COALESCE(?,CURRENT_TIMESTAMP))`)
+	if err != nil {
+		return err
+	}
+	defer stmt.Close()
+	for _, s := range in {
+		var dur *int64
+		if s.DurationNS != nil {
+			v := *s.DurationNS / 1_000_000
+			dur = &v
+		} else if s.EndTime != nil && !s.EndTime.IsZero() && !s.StartTime.IsZero() {
+			if st, err1 := parseTimeFlexible(s.StartTime.String()); err1 == nil {
+				if et, err2 := parseTimeFlexible(s.EndTime.String()); err2 == nil {
+					v := et.Sub(st).Milliseconds()
+					dur = &v
+				}
+			}
+		}
+
+		var resolvedAt *string
+		if s.Resolved && s.EndTime != nil {
+			endTime := formatDate(s.EndTime)
+			resolvedAt = endTime
+		}
+
+		if _, err := stmt.ExecContext(ctx, s.ID, s.ServiceID, s.Error, dur, formatDate(&s.StartTime), resolvedAt, formatDate(s.CreatedAt), formatDate(s.UpdatedAt)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func readJSON(path string, v any) error {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(b, v)
+}
+
+func formatDate(t *time.Time) *string {
+	if t == nil {
+		return nil
+	}
+	formatted := t.Format("2006-01-02 15:04:05")
+	return &formatted
+}
diff --git a/cmd/sentinel/migrations.go b/cmd/sentinel/migrations.go
new file mode 100644
index 0000000..359c35f
--- /dev/null
+++ b/cmd/sentinel/migrations.go
@@ -0,0 +1,19 @@
+package main
+
+import (
+	"github.com/sxwebdev/sentinel/internal/datamigrations"
+	"github.com/sxwebdev/sentinel/pkg/migrator"
+	"github.com/sxwebdev/sentinel/sql"
+	"github.com/tkcrm/mx/logger"
+	"github.com/urfave/cli/v3"
+)
+
+func migrationsCMD() *cli.Command {
+	opts := append(
+		defaultLoggerOpts(),
+		logger.WithConsoleColored(true),
+		logger.WithLogFormat(logger.LoggerFormatConsole),
+	)
+	l := logger.NewExtended(opts...)
+	return migrator.CliCmd(l, sql.MigrationsFS, sql.MigrationsPath, datamigrations.Migrations)
+}
diff --git a/cmd/sentinel/start.go b/cmd/sentinel/start.go
deleted file mode 100644
index 5b3d6a7..0000000
--- a/cmd/sentinel/start.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"runtime"
-	"time"
-
-	"github.com/sxwebdev/sentinel/internal/config"
-	"github.com/sxwebdev/sentinel/internal/monitor"
-	"github.com/sxwebdev/sentinel/internal/notifier"
-	"github.com/sxwebdev/sentinel/internal/receiver"
-	"github.com/sxwebdev/sentinel/internal/scheduler"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/upgrader"
-	"github.com/sxwebdev/sentinel/internal/web"
-	"github.com/tkcrm/mx/launcher"
-	"github.com/tkcrm/mx/logger"
-	"github.com/tkcrm/mx/service"
-	"github.com/tkcrm/mx/service/pingpong"
-	"github.com/urfave/cli/v3"
-)
-
-func startCMD() *cli.Command {
-	return &cli.Command{
-		Name:  "start",
-		Usage: "start the server",
-		Flags: []cli.Flag{cfgPathsFlag()},
-		Action: func(ctx context.Context, cl *cli.Command) error {
-			conf, err := config.Load(cl.String("config"))
-			if err != nil {
-				return fmt.Errorf("failed to load config: %w", err)
-			}
-
-			loggerOpts := append(defaultLoggerOpts(), logger.WithConfig(conf.Log))
-
-			l := logger.NewExtended(loggerOpts...)
-			defer func() {
-				_ = l.Sync()
-			}()
-
-			// init launcher
-			ln := launcher.New(
-				launcher.WithVersion(version),
-				launcher.WithName(appName),
-				launcher.WithLogger(l),
-				launcher.WithContext(ctx),
-				launcher.WithRunnerServicesSequence(launcher.RunnerServicesSequenceFifo),
-				launcher.WithOpsConfig(conf.Ops),
-				launcher.WithAppStartStopLog(true),
-			)
-
-			// set default timezone
-			time.Local, err = time.LoadLocation(conf.Timezone)
-			if err != nil {
-				return fmt.Errorf("failed to set timezone: %w", err)
-			}
-
-			// Initialize storage
-			store, err := storage.NewStorage(storage.StorageTypeSQLite, conf.Database.Path)
-			if err != nil {
-				return fmt.Errorf("failed to initialize storage: %w", err)
-			}
-
-			// Print SQLite version if using SQLite storage
-			sqliteVersion, err := store.GetSQLiteVersion(ctx)
-			if err != nil {
-				return fmt.Errorf("failed to get SQLite version: %w", err)
-			}
-			l.Infof("SQLite version: %s", sqliteVersion)
-
-			// Initialize notifier
-			var notif *notifier.Notifier
-			if conf.Notifications.Enabled {
-				notif, err = notifier.New(l, conf.Notifications.URLs)
-				if err != nil {
-					return fmt.Errorf("failed to initialize notifier: %w", err)
-				}
-			}
-
-			// Init receiver
-			rc := receiver.New()
-
-			// Initialize upgrader if configured
-			upgr, err := upgrader.New(l, conf.Upgrader)
-			if err != nil {
-				return fmt.Errorf("failed to initialize upgrader: %w", err)
-			}
-
-			// Create monitor service
-			monitorService := monitor.NewMonitorService(store, conf, notif, rc)
-
-			// Initialize scheduler
-			sched := scheduler.New(l, monitorService, rc)
-
-			webServer, err := web.NewServer(l, conf, web.ServerInfo{
-				Version:       version,
-				CommitHash:    commitHash,
-				BuildDate:     buildDate,
-				GoVersion:     runtime.Version(),
-				SqliteVersion: sqliteVersion,
-				OS:            runtime.GOOS,
-				Arch:          runtime.GOARCH,
-			}, monitorService, store, rc, upgr)
-			if err != nil {
-				return fmt.Errorf("failed to initialize web server: %w", err)
-			}
-
-			// register services
-			ln.ServicesRunner().Register(
-				service.New(service.WithService(pingpong.New(l))),
-				service.New(service.WithService(store)),
-				service.New(service.WithService(rc)),
-				service.New(service.WithService(sched)),
-				service.New(service.WithService(webServer)),
-			)
-
-			if notif != nil {
-				ln.ServicesRunner().Register(
-					service.New(service.WithService(notif)),
-				)
-			}
-
-			return ln.Run()
-		},
-	}
-}
diff --git a/cmd/tcpserver/main.go b/cmd/tcpserver/main.go
deleted file mode 100644
index 4d9d91a..0000000
--- a/cmd/tcpserver/main.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package main
-
-import (
-	"bufio"
-	"fmt"
-	"net"
-	"time"
-
-	"github.com/sxwebdev/sentinel/internal/utils"
-)
-
-func main() {
-	if err := run(); err != nil {
-		fmt.Println("Error:", err)
-	}
-}
-
-func run() error {
-	listener, err := net.Listen("tcp", "127.0.0.1:12345")
-	if err != nil {
-		return fmt.Errorf("failed to start server: %w", err)
-	}
-	defer listener.Close()
-
-	fmt.Println("Server is listening on 127.0.0.1:12345")
-
-	for {
-		conn, err := listener.Accept()
-		if err != nil {
-			fmt.Println("Failed to accept connection:", err)
-			continue
-		}
-		fmt.Println("Client connected:", conn.RemoteAddr())
-		go handleConnection(conn)
-	}
-}
-
-func handleConnection(conn net.Conn) {
-	defer func() {
-		conn.Close()
-		fmt.Printf("Connection closed: %s\n\n", conn.RemoteAddr())
-	}()
-
-	// Set connection timeout - close if no data received in 5 seconds
-	conn.SetReadDeadline(time.Now().Add(5 * time.Second))
-
-	var accumulated []byte
-	reader := bufio.NewReader(conn)
-
-	for {
-		buffer := make([]byte, 1024)
-		n, err := reader.Read(buffer)
-		if err != nil {
-			if utils.IsErrTimeout(err) {
-				break
-			}
-
-			fmt.Println("failed to read from connection:", err)
-			return
-		}
-
-		if n == 0 {
-			break
-		}
-
-		// Accumulate received data
-		accumulated = append(accumulated, buffer[:n]...)
-
-		// If no more data buffered, client likely finished sending
-		if reader.Buffered() == 0 {
-			break
-		}
-	}
-
-	// Now process the complete message
-	if len(accumulated) == 0 {
-		fmt.Println("No data received from client")
-		return
-	}
-
-	msg := string(accumulated)
-	fmt.Println("Complete message received:", msg)
-
-	// Simple ping-pong protocol - exact match
-	switch msg {
-	case "ping":
-		fmt.Println("Sending pong")
-		_, err := conn.Write([]byte("pong"))
-		if err != nil {
-			fmt.Println("Failed to send response:", err)
-		}
-	case "noresponse":
-		fmt.Println("No response expected")
-	default:
-		fmt.Printf("Unknown message '%s', sending ok\n", msg)
-		_, err := conn.Write([]byte("ok"))
-		if err != nil {
-			fmt.Println("Failed to send response:", err)
-		}
-	}
-}
diff --git a/cmd/testapi/README.md b/cmd/testapi/README.md
deleted file mode 100644
index 6611ad6..0000000
--- a/cmd/testapi/README.md
+++ /dev/null
@@ -1,248 +0,0 @@
-# Sentinel API Integration Tests
-
-This package contains comprehensive integration tests for the Sentinel monitoring system API.
-
-## What is tested
-
-### Core API functions:
-
-- ✅ Dashboard and statistics
-- ✅ Service CRUD operations (Create, Read, Update, Delete)
-- ✅ Service filtering by various parameters
-- ✅ Result pagination
-- ✅ Incident management
-- ✅ Tag operations
-- ✅ Service statistics
-- ✅ Manual service checks
-- ✅ Error handling
-
-### Monitoring protocols:
-
-- ✅ HTTP/HTTPS monitoring with support for:
-  - Multiple endpoints
-  - Various HTTP methods (GET, POST, PUT, DELETE)
-  - Headers and request body
-  - Basic authentication
-  - JSON Path validation
-  - Execution conditions (all/any)
-- ✅ TCP monitoring with data sending and receiving
-- ✅ gRPC monitoring with various check types
-
-### Filters and query parameters:
-
-- ✅ Filtering by service name
-- ✅ Filtering by tags (single and multiple)
-- ✅ Filtering by status (up/down/unknown)
-- ✅ Filtering by enabled status (enabled/disabled)
-- ✅ Filtering by protocol (http/tcp/grpc)
-- ✅ Sorting by name and creation date
-- ✅ Pagination with configurable page size
-- ✅ Incident filtering by time
-- ✅ Incident filtering by resolution status
-
-### Data model validation:
-
-- ✅ Configuration structures for all protocols
-- ✅ DTO conversions
-- ✅ API response models
-- ✅ Error models
-- ✅ Pagination structures
-
-### Error handling:
-
-- ✅ Invalid JSON data
-- ✅ Missing required fields
-- ✅ Invalid parameter values
-- ✅ Operations on non-existent resources
-- ✅ Configuration validation errors
-
-## Test structure
-
-### Files:
-
-- `main.go` - Main file with basic tests and test environment setup
-- `extended_tests.go` - Extended tests for complex scenarios
-- `model_tests.go` - Data model validation tests
-
-### Test cases:
-
-#### Basic tests (main.go):
-
-1. **TestHealthCheck** - main page availability check
-2. **TestDashboardStats** - dashboard statistics API test
-3. **TestCreateServices** - creating test services of all types
-4. **TestGetServices** - getting service list
-5. **TestServiceFilters** - testing service filters
-6. **TestServiceDetail** - getting detailed service information
-7. **TestUpdateService** - service update
-8. **TestServiceStats** - getting service statistics
-9. **TestServiceCheck** - manual service check trigger
-10. **TestIncidents** - incident operations
-11. **TestIncidentFilters** - incident filtering
-12. **TestTags** - tag operations
-13. **TestPagination** - basic pagination testing
-14. **TestErrorHandling** - error handling
-15. **TestDeleteService** - service deletion
-
-#### Extended tests (extended_tests.go):
-
-1. **TestAdvancedServiceFilters** - complex filter combinations
-2. **TestServiceCRUDCompleteFlow** - complete service lifecycle
-3. **TestAdvancedIncidentManagement** - advanced incident management
-4. **TestCompleteProtocolConfigurations** - testing all protocols
-5. **TestAdvancedPaginationAndSorting** - advanced pagination and sorting
-6. **TestAdvancedErrorScenarios** - complex error scenarios
-7. **TestStatsWithDifferentParameters** - statistics with various parameters
-
-#### Model tests (model_tests.go):
-
-1. **TestModelsValidation** - monitoring configuration validation
-2. **TestServiceDTOFields** - service DTO field verification
-3. **TestIncidentFields** - incident field verification
-4. **TestResponseModels** - response model verification
-5. **TestServiceStatsModel** - service statistics model verification
-6. **TestPaginationResponseModel** - paginated response model verification
-
-## Running tests
-
-### Prerequisites:
-
-- Go 1.21+
-- Sentinel project dependencies must be installed
-
-### Run command:
-
-```bash
-cd cmd/testapi
-go run *.go test
-```
-
-### Expected output:
-
-```
-Running TestHealthCheck...
-PASS: TestHealthCheck
-Running TestDashboardStats...
-PASS: TestDashboardStats
-...
-Running TestPaginationResponseModel...
-PASS: TestPaginationResponseModel
-
-All tests passed!
-```
-
-### In case of errors:
-
-```
-Running TestCreateServices...
-FAIL: TestCreateServices - service 0: HTTP 400: Service name is required
-...
-
-2 test(s) failed
-```
-
-## Test data
-
-Tests create the following test services:
-
-1. **HTTP Test Service 1** (enabled)
-
-   - Protocol: HTTP
-   - Endpoint: https://httpbin.org/status/200
-   - Tags: [http, production, api]
-
-2. **HTTP Test Service 2** (disabled)
-
-   - Protocol: HTTP
-   - Endpoint: https://httpbin.org/status/404
-   - Tags: [http, staging, web]
-
-3. **TCP Test Service** (enabled)
-
-   - Protocol: TCP
-   - Endpoint: google.com:80
-   - Tags: [tcp, database, production]
-
-4. **gRPC Test Service** (enabled)
-
-   - Protocol: gRPC
-   - Endpoint: grpc.example.com:443
-   - Tags: [grpc, api, microservice]
-
-5. **Disabled Service** (disabled)
-   - Protocol: HTTP
-   - Endpoint: https://httpbin.org/status/500
-   - Tags: [disabled, test]
-
-## API endpoint coverage
-
-### Dashboard
-
-- `GET /` - main page
-- `GET /api/v1/dashboard/stats` - dashboard statistics
-
-### Services
-
-- `GET /api/v1/services` - service list with filters
-- `POST /api/v1/services` - service creation
-- `GET /api/v1/services/{id}` - service details
-- `PUT /api/v1/services/{id}` - service update
-- `DELETE /api/v1/services/{id}` - service deletion
-- `POST /api/v1/services/{id}/check` - manual check
-- `POST /api/v1/services/{id}/resolve` - incident resolution
-- `GET /api/v1/services/{id}/stats` - service statistics
-
-### Incidents
-
-- `GET /api/v1/incidents` - all incidents list
-- `GET /api/v1/services/{id}/incidents` - service incidents
-- `DELETE /api/v1/services/{id}/incidents/{incidentId}` - incident deletion
-
-### Tags
-
-- `GET /api/v1/tags` - tags list
-- `GET /api/v1/tags/count` - tags with usage count
-
-## Testing features
-
-### Test isolation
-
-- Each test run uses a temporary SQLite database
-- Test server runs on port 8899
-- All resources are cleaned up after test completion
-
-### External dependencies
-
-- Tests use httpbin.org for HTTP checks
-- TCP tests use google.com:80
-- gRPC tests use mock endpoints
-
-### Concurrency
-
-- Tests run sequentially for predictability
-- Each test can create and delete its own resources
-
-## Test configuration
-
-Tests use the following configuration:
-
-- **Database**: temporary SQLite
-- **Server**: localhost:8899
-- **Monitoring interval**: 30 seconds (default)
-- **Timeout**: 5 seconds (default)
-- **Retries**: 3 (default)
-- **Timezone**: UTC
-- **Notifications**: disabled
-
-## Debugging
-
-For debugging, you can add additional logging to test code or use Go debugger. Tests output detailed error messages indicating the specific problem location.
-
-## Extending tests
-
-To add new tests:
-
-1. Create a new function in the appropriate file
-2. Add it to the test array in the main() function
-3. Ensure the test returns an error on failure
-4. Add resource cleanup if necessary
diff --git a/cmd/testapi/extended_tests.go b/cmd/testapi/extended_tests.go
deleted file mode 100644
index dcb3a7e..0000000
--- a/cmd/testapi/extended_tests.go
+++ /dev/null
@@ -1,982 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"fmt"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/sxwebdev/sentinel/internal/monitors"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/web"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-)
-
-// Extended tests for comprehensive API coverage
-
-func testAdvancedServiceFilters(s *TestSuite) error {
-	// Test complex tag filtering with multiple tags
-	resp, err := s.makeRequest("GET", "/api/v1/services?tags=production,api", nil)
-	if err != nil {
-		return err
-	}
-
-	var result dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	// Each service should have both tags
-	for _, service := range result.Items {
-		hasProduction := false
-		hasAPI := false
-		for _, tag := range service.Tags {
-			if tag == "production" {
-				hasProduction = true
-			}
-			if tag == "api" {
-				hasAPI = true
-			}
-		}
-		if !hasProduction || !hasAPI {
-			return fmt.Errorf("service %s doesn't have both required tags", service.Name)
-		}
-	}
-
-	// Test status filtering
-	resp, err = s.makeRequest("GET", "/api/v1/services?status=up", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	for _, service := range result.Items {
-		if service.Status != storage.StatusUp {
-			return fmt.Errorf("service %s status is not 'up'", service.Name)
-		}
-	}
-
-	// Test ordering by created_at
-	resp, err = s.makeRequest("GET", "/api/v1/services?order_by=created_at", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	// Services should be ordered (assuming creation order)
-	if len(result.Items) > 1 {
-		fmt.Printf("Order test: found %d services\n", len(result.Items))
-	}
-
-	return nil
-}
-
-func testServiceCRUDCompleteFlow(s *TestSuite) error {
-	// Create a new service with complex HTTP config
-	complexHTTPService := web.CreateUpdateServiceRequest{
-		Name:     "Complex HTTP Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 15000, // 15s
-		Timeout:  10000, // 10s
-		Retries:  2,
-		Tags:     []string{"complex", "test", "http"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 8000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Main API",
-						URL:            "https://httpbin.org/get",
-						Method:         "GET",
-						ExpectedStatus: 200,
-						Headers: map[string]string{
-							"Authorization": "Bearer test-token",
-							"User-Agent":    "Sentinel-Test",
-						},
-					},
-					{
-						Name:           "Health Check",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-					{
-						Name:           "POST Endpoint",
-						URL:            "https://httpbin.org/post",
-						Method:         "POST",
-						ExpectedStatus: 200,
-						Body:           `{"test": "data"}`,
-						Headers: map[string]string{
-							"Content-Type": "application/json",
-						},
-					},
-				},
-				Condition: "all", // All endpoints must pass
-			},
-		},
-		IsEnabled: true,
-	}
-
-	// Create service
-	resp, err := s.makeRequest("POST", "/api/v1/services", complexHTTPService)
-	if err != nil {
-		return fmt.Errorf("create complex service: %w", err)
-	}
-
-	var createdService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdService); err != nil {
-		return fmt.Errorf("decode created service: %w", err)
-	}
-
-	serviceID := createdService.ID
-
-	// Verify creation
-	if createdService.Name != complexHTTPService.Name {
-		return fmt.Errorf("name mismatch in created service")
-	}
-	if createdService.Protocol != complexHTTPService.Protocol {
-		return fmt.Errorf("protocol mismatch in created service")
-	}
-	if createdService.Config.HTTP == nil {
-		return fmt.Errorf("HTTP config is nil in created service")
-	}
-	if len(createdService.Config.HTTP.Endpoints) != 3 {
-		return fmt.Errorf("expected 3 endpoints, got %d", len(createdService.Config.HTTP.Endpoints))
-	}
-
-	// Test service detail retrieval
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return fmt.Errorf("get service detail: %w", err)
-	}
-
-	var serviceDetail web.ServiceDTO
-	if err := s.decodeResponse(resp, &serviceDetail); err != nil {
-		return fmt.Errorf("decode service detail: %w", err)
-	}
-
-	if serviceDetail.ID != serviceID {
-		return fmt.Errorf("service detail ID mismatch")
-	}
-
-	// Update service - modify configuration
-	updatedConfig := complexHTTPService
-	updatedConfig.Name = "Updated Complex HTTP Service"
-	updatedConfig.Interval = 45000 // 45s
-	updatedConfig.Tags = append(updatedConfig.Tags, "updated")
-
-	// Remove one endpoint
-	updatedConfig.Config.HTTP.Endpoints = updatedConfig.Config.HTTP.Endpoints[:2]
-	updatedConfig.Config.HTTP.Condition = "any" // Any endpoint can pass
-
-	resp, err = s.makeRequest("PUT", "/api/v1/services/"+serviceID, updatedConfig)
-	if err != nil {
-		return fmt.Errorf("update service: %w", err)
-	}
-
-	var updatedService web.ServiceDTO
-	if err := s.decodeResponse(resp, &updatedService); err != nil {
-		return fmt.Errorf("decode updated service: %w", err)
-	}
-
-	// Verify updates
-	if updatedService.Name != updatedConfig.Name {
-		return fmt.Errorf("updated name mismatch")
-	}
-	if updatedService.Interval != updatedConfig.Interval {
-		return fmt.Errorf("updated interval mismatch")
-	}
-	if len(updatedService.Config.HTTP.Endpoints) != 2 {
-		return fmt.Errorf("expected 2 endpoints after update, got %d", len(updatedService.Config.HTTP.Endpoints))
-	}
-	if updatedService.Config.HTTP.Condition != "any" {
-		return fmt.Errorf("condition not updated")
-	}
-
-	// Trigger manual check
-	resp, err = s.makeRequest("POST", "/api/v1/services/"+serviceID+"/check", nil)
-	if err != nil {
-		return fmt.Errorf("trigger check: %w", err)
-	}
-
-	var checkResult web.SuccessResponse
-	if err := s.decodeResponse(resp, &checkResult); err != nil {
-		return fmt.Errorf("decode check result: %w", err)
-	}
-
-	if checkResult.Message == "" {
-		return fmt.Errorf("empty check result message")
-	}
-
-	// Wait a bit and check service stats
-	time.Sleep(100 * time.Millisecond)
-
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/stats?days=1", nil)
-	if err != nil {
-		return fmt.Errorf("get service stats: %w", err)
-	}
-
-	var stats web.ServiceStats
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return fmt.Errorf("decode service stats: %w", err)
-	}
-
-	if stats.ServiceID != serviceID {
-		return fmt.Errorf("stats service ID mismatch")
-	}
-
-	// Get service incidents
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents", nil)
-	if err != nil {
-		return fmt.Errorf("get service incidents: %w", err)
-	}
-
-	var incidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &incidents); err != nil {
-		return fmt.Errorf("decode service incidents: %w", err)
-	}
-
-	// All incidents should belong to this service
-	for _, incident := range incidents.Items {
-		if incident.ServiceID != serviceID {
-			return fmt.Errorf("incident %s doesn't belong to service %s", incident.ID, serviceID)
-		}
-	}
-
-	// Delete the service
-	resp, err = s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return fmt.Errorf("delete service: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusNoContent {
-		return fmt.Errorf("delete service: expected 204, got %d", resp.StatusCode)
-	}
-
-	// Verify deletion
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return fmt.Errorf("verify deletion: %w", err)
-	}
-
-	if resp.StatusCode == http.StatusOK {
-		return fmt.Errorf("service still exists after deletion")
-	}
-
-	return nil
-}
-
-func testAdvancedIncidentManagement(s *TestSuite) error {
-	// Create a dedicated service for incident testing
-	testService := web.CreateUpdateServiceRequest{
-		Name:     "Incident Management Test Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 30000,
-		Timeout:  5000,
-		Retries:  3,
-		Tags:     []string{"incident-test"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Test Endpoint",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	// Create the test service
-	resp, err := s.makeRequest("POST", "/api/v1/services", testService)
-	if err != nil {
-		return fmt.Errorf("create incident test service: %w", err)
-	}
-
-	var createdService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdService); err != nil {
-		return fmt.Errorf("decode incident test service: %w", err)
-	}
-
-	serviceID := createdService.ID
-
-	// Ensure cleanup
-	defer func() {
-		s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	}()
-
-	// Get service incidents with various filters
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents?resolved=false", nil)
-	if err != nil {
-		return err
-	}
-
-	var unresolvedIncidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &unresolvedIncidents); err != nil {
-		return err
-	}
-
-	// All incidents should be unresolved
-	for _, incident := range unresolvedIncidents.Items {
-		if incident.Resolved {
-			return fmt.Errorf("found resolved incident when filtering for unresolved")
-		}
-	}
-
-	// Get resolved incidents
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents?resolved=true", nil)
-	if err != nil {
-		return err
-	}
-
-	var resolvedIncidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &resolvedIncidents); err != nil {
-		return err
-	}
-
-	// All incidents should be resolved
-	for _, incident := range resolvedIncidents.Items {
-		if !incident.Resolved {
-			return fmt.Errorf("found unresolved incident when filtering for resolved")
-		}
-	}
-
-	// Test time-based filtering
-	now := time.Now()
-	yesterday := now.AddDate(0, 0, -1)
-	tomorrow := now.AddDate(0, 0, 1)
-
-	// Filter by time range
-	timeParams := fmt.Sprintf("start_time=%s&end_time=%s",
-		url.QueryEscape(yesterday.Format(time.RFC3339)),
-		url.QueryEscape(tomorrow.Format(time.RFC3339)))
-
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents?"+timeParams, nil)
-	if err != nil {
-		return err
-	}
-
-	var timeFilteredIncidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &timeFilteredIncidents); err != nil {
-		return err
-	}
-
-	// Test pagination for incidents
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents?page=1&page_size=5", nil)
-	if err != nil {
-		return err
-	}
-
-	var paginatedIncidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &paginatedIncidents); err != nil {
-		return err
-	}
-
-	if len(paginatedIncidents.Items) > 5 {
-		return fmt.Errorf("page size not respected for incidents: got %d items", len(paginatedIncidents.Items))
-	}
-
-	// Test resolve service incidents
-	resp, err = s.makeRequest("POST", "/api/v1/services/"+serviceID+"/resolve", nil)
-	if err != nil {
-		return err
-	}
-
-	var resolveResult web.SuccessResponse
-	if err := s.decodeResponse(resp, &resolveResult); err != nil {
-		return err
-	}
-
-	if resolveResult.Message == "" {
-		return fmt.Errorf("empty resolve result message")
-	}
-
-	// Test global incident search
-	resp, err = s.makeRequest("GET", "/api/v1/incidents?search="+serviceID, nil)
-	if err != nil {
-		return err
-	}
-
-	var searchResults dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &searchResults); err != nil {
-		return err
-	}
-
-	// All results should be related to the searched service
-	for _, incident := range searchResults.Items {
-		if incident.ServiceID != serviceID && incident.ID != serviceID {
-			// Check if the search term appears in service name or incident data
-			hasSearchTerm := false
-			if incident.ServiceID == serviceID || incident.ID == serviceID {
-				hasSearchTerm = true
-			}
-			if !hasSearchTerm {
-				return fmt.Errorf("search result doesn't match search criteria")
-			}
-		}
-	}
-
-	return nil
-}
-
-func testCompleteProtocolConfigurations(s *TestSuite) error {
-	// Test TCP service with advanced configuration
-	tcpService := web.CreateUpdateServiceRequest{
-		Name:     "Advanced TCP Service",
-		Protocol: storage.ServiceProtocolTypeTCP,
-		Interval: 20000,
-		Timeout:  8000,
-		Retries:  2,
-		Tags:     []string{"tcp", "advanced", "database"},
-		Config: monitors.Config{
-			TCP: &monitors.TCPConfig{
-				Endpoint:   "google.com:80",
-				SendData:   "GET / HTTP/1.1\r\nHost: google.com\r\n\r\n",
-				ExpectData: "HTTP/1.1",
-			},
-		},
-		IsEnabled: true,
-	}
-
-	resp, err := s.makeRequest("POST", "/api/v1/services", tcpService)
-	if err != nil {
-		return fmt.Errorf("create TCP service: %w", err)
-	}
-
-	var createdTCPService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdTCPService); err != nil {
-		return fmt.Errorf("decode TCP service: %w", err)
-	}
-
-	if createdTCPService.Config.TCP == nil {
-		return fmt.Errorf("TCP config is nil")
-	}
-	if createdTCPService.Config.TCP.Endpoint != tcpService.Config.TCP.Endpoint {
-		return fmt.Errorf("TCP endpoint mismatch")
-	}
-	if createdTCPService.Config.TCP.SendData != tcpService.Config.TCP.SendData {
-		return fmt.Errorf("TCP send data mismatch")
-	}
-
-	tcpServiceID := createdTCPService.ID
-
-	// Test gRPC service with advanced configuration
-	grpcService := web.CreateUpdateServiceRequest{
-		Name:     "Advanced gRPC Service",
-		Protocol: storage.ServiceProtocolTypeGRPC,
-		Interval: 25000,
-		Timeout:  10000,
-		Retries:  3,
-		Tags:     []string{"grpc", "advanced", "microservice"},
-		Config: monitors.Config{
-			GRPC: &monitors.GRPCConfig{
-				Endpoint:    "grpc.example.com:443",
-				CheckType:   "health",
-				ServiceName: "example.HealthService",
-				TLS:         true,
-				InsecureTLS: false,
-			},
-		},
-		IsEnabled: true,
-	}
-
-	resp, err = s.makeRequest("POST", "/api/v1/services", grpcService)
-	if err != nil {
-		return fmt.Errorf("create gRPC service: %w", err)
-	}
-
-	var createdGRPCService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdGRPCService); err != nil {
-		return fmt.Errorf("decode gRPC service: %w", err)
-	}
-
-	if createdGRPCService.Config.GRPC == nil {
-		return fmt.Errorf("gRPC config is nil")
-	}
-	if createdGRPCService.Config.GRPC.Endpoint != grpcService.Config.GRPC.Endpoint {
-		return fmt.Errorf("gRPC endpoint mismatch")
-	}
-	if createdGRPCService.Config.GRPC.CheckType != grpcService.Config.GRPC.CheckType {
-		return fmt.Errorf("gRPC check type mismatch")
-	}
-	if createdGRPCService.Config.GRPC.TLS != grpcService.Config.GRPC.TLS {
-		return fmt.Errorf("gRPC TLS setting mismatch")
-	}
-
-	grpcServiceID := createdGRPCService.ID
-
-	// Test both services individually
-	services := []struct {
-		id       string
-		protocol storage.ServiceProtocolType
-	}{
-		{tcpServiceID, storage.ServiceProtocolTypeTCP},
-		{grpcServiceID, storage.ServiceProtocolTypeGRPC},
-	}
-
-	for _, svc := range services {
-		// Test service detail
-		resp, err = s.makeRequest("GET", "/api/v1/services/"+svc.id, nil)
-		if err != nil {
-			return fmt.Errorf("get %s service detail: %w", svc.protocol, err)
-		}
-
-		var serviceDetail web.ServiceDTO
-		if err := s.decodeResponse(resp, &serviceDetail); err != nil {
-			return fmt.Errorf("decode %s service detail: %w", svc.protocol, err)
-		}
-
-		if serviceDetail.Protocol != svc.protocol {
-			return fmt.Errorf("%s service protocol mismatch", svc.protocol)
-		}
-
-		// Test service check
-		resp, err = s.makeRequest("POST", "/api/v1/services/"+svc.id+"/check", nil)
-		if err != nil {
-			return fmt.Errorf("trigger %s service check: %w", svc.protocol, err)
-		}
-
-		var checkResult web.SuccessResponse
-		if err := s.decodeResponse(resp, &checkResult); err != nil {
-			return fmt.Errorf("decode %s check result: %w", svc.protocol, err)
-		}
-
-		// Test service stats
-		resp, err = s.makeRequest("GET", "/api/v1/services/"+svc.id+"/stats", nil)
-		if err != nil {
-			return fmt.Errorf("get %s service stats: %w", svc.protocol, err)
-		}
-
-		var stats web.ServiceStats
-		if err := s.decodeResponse(resp, &stats); err != nil {
-			return fmt.Errorf("decode %s service stats: %w", svc.protocol, err)
-		}
-
-		if stats.ServiceID != svc.id {
-			return fmt.Errorf("%s service stats ID mismatch", svc.protocol)
-		}
-	}
-
-	// Clean up - delete both services
-	for _, svc := range services {
-		resp, err = s.makeRequest("DELETE", "/api/v1/services/"+svc.id, nil)
-		if err != nil {
-			return fmt.Errorf("delete %s service: %w", svc.protocol, err)
-		}
-
-		if resp.StatusCode != http.StatusNoContent {
-			return fmt.Errorf("delete %s service: expected 204, got %d", svc.protocol, resp.StatusCode)
-		}
-	}
-
-	return nil
-}
-
-func testAdvancedPaginationAndSorting(s *TestSuite) error {
-	// Create multiple services for better pagination testing
-	testServices := []web.CreateUpdateServiceRequest{}
-	for i := 0; i < 10; i++ {
-		service := web.CreateUpdateServiceRequest{
-			Name:     fmt.Sprintf("Pagination Test Service %02d", i),
-			Protocol: storage.ServiceProtocolTypeHTTP,
-			Interval: 30000,
-			Timeout:  5000,
-			Retries:  3,
-			Tags:     []string{fmt.Sprintf("page-test-%d", i%3), "pagination"},
-			Config: monitors.Config{
-				HTTP: &monitors.HTTPConfig{
-					Timeout: 5000,
-					Endpoints: []monitors.EndpointConfig{
-						{
-							Name:           "Test Endpoint",
-							URL:            "https://httpbin.org/status/200",
-							Method:         "GET",
-							ExpectedStatus: 200,
-						},
-					},
-				},
-			},
-			IsEnabled: i%2 == 0, // Alternate enabled/disabled
-		}
-		testServices = append(testServices, service)
-	}
-
-	// Create all test services
-	createdIDs := []string{}
-	for i, service := range testServices {
-		resp, err := s.makeRequest("POST", "/api/v1/services", service)
-		if err != nil {
-			return fmt.Errorf("create pagination test service %d: %w", i, err)
-		}
-
-		var created web.ServiceDTO
-		if err := s.decodeResponse(resp, &created); err != nil {
-			return fmt.Errorf("decode pagination test service %d: %w", i, err)
-		}
-
-		createdIDs = append(createdIDs, created.ID)
-	}
-
-	// Test various page sizes
-	pageSizes := []int{3, 5, 7}
-	for _, pageSize := range pageSizes {
-		page := 1
-		allItems := []web.ServiceDTO{}
-		seenIDs := make(map[string]bool)
-
-		for {
-			resp, err := s.makeRequest("GET",
-				fmt.Sprintf("/api/v1/services?page=%d&page_size=%d&order_by=name", page, pageSize), nil)
-			if err != nil {
-				return fmt.Errorf("pagination test page %d size %d: %w", page, pageSize, err)
-			}
-
-			var result dbutils.FindResponseWithCount[web.ServiceDTO]
-			if err := s.decodeResponse(resp, &result); err != nil {
-				return fmt.Errorf("decode pagination test page %d size %d: %w", page, pageSize, err)
-			}
-
-			if len(result.Items) == 0 {
-				break // No more items
-			}
-
-			if len(result.Items) > pageSize {
-				return fmt.Errorf("page size exceeded: requested %d, got %d", pageSize, len(result.Items))
-			}
-
-			// Check for duplicates
-			for _, item := range result.Items {
-				if seenIDs[item.ID] {
-					return fmt.Errorf("duplicate item %s found across pages", item.ID)
-				}
-				seenIDs[item.ID] = true
-				allItems = append(allItems, item)
-			}
-
-			page++
-			if page > 20 { // Safety break
-				break
-			}
-		}
-
-		// Check if items are properly sorted by name
-		for i := 1; i < len(allItems); i++ {
-			if allItems[i-1].Name > allItems[i].Name {
-				return fmt.Errorf("items not sorted by name: %s > %s", allItems[i-1].Name, allItems[i].Name)
-			}
-		}
-	}
-
-	// Test ordering by created_at
-	resp, err := s.makeRequest("GET", "/api/v1/services?order_by=created_at&page_size=20", nil)
-	if err != nil {
-		return fmt.Errorf("order by created_at test: %w", err)
-	}
-
-	var orderedResult dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &orderedResult); err != nil {
-		return fmt.Errorf("decode order by created_at test: %w", err)
-	}
-
-	// Clean up - delete all test services
-	for _, id := range createdIDs {
-		_, err := s.makeRequest("DELETE", "/api/v1/services/"+id, nil)
-		if err != nil {
-			// Log error but continue cleanup
-			fmt.Printf("Warning: failed to delete test service %s: %v\n", id, err)
-		}
-	}
-
-	return nil
-}
-
-func testAdvancedErrorScenarios(s *TestSuite) error {
-	// Test various error conditions
-
-	// 1. Invalid JSON in request body
-	invalidJSON := bytes.NewBuffer([]byte(`{"name": "test", "protocol": "http", invalid json`))
-	req, _ := http.NewRequest("POST", s.baseURL+"/api/v1/services", invalidJSON)
-	req.Header.Set("Content-Type", "application/json")
-	resp, err := s.client.Do(req)
-	if err != nil {
-		return fmt.Errorf("invalid JSON test request: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("invalid JSON: expected 400, got %d", resp.StatusCode)
-	}
-
-	// 2. Missing required fields
-	incompleteService := map[string]interface{}{
-		"protocol": "http",
-		// Missing name
-	}
-
-	resp, err = s.makeRequest("POST", "/api/v1/services", incompleteService)
-	if err != nil {
-		return fmt.Errorf("incomplete service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("incomplete service: expected 400, got %d", resp.StatusCode)
-	}
-
-	// 3. Invalid protocol
-	invalidProtocolService := web.CreateUpdateServiceRequest{
-		Name:     "Invalid Protocol Service",
-		Protocol: "invalid-protocol",
-		Config:   monitors.Config{},
-	}
-
-	resp, err = s.makeRequest("POST", "/api/v1/services", invalidProtocolService)
-	if err != nil {
-		return fmt.Errorf("invalid protocol test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("invalid protocol: expected 400, got %d", resp.StatusCode)
-	}
-
-	// 4. Invalid query parameters
-	invalidQueries := []string{
-		"?status=invalid-status",
-		"?protocol=invalid-protocol",
-		"?order_by=invalid-field",
-		"?page=0",
-		"?page_size=0",
-		"?page_size=1000",
-	}
-
-	for _, query := range invalidQueries {
-		resp, err = s.makeRequest("GET", "/api/v1/services"+query, nil)
-		if err != nil {
-			return fmt.Errorf("invalid query %s test: %w", query, err)
-		}
-
-		if resp.StatusCode != http.StatusBadRequest {
-			return fmt.Errorf("invalid query %s: expected 400, got %d", query, resp.StatusCode)
-		}
-	}
-
-	// 5. Operations on non-existent service
-	nonExistentID := "non-existent-service-id"
-
-	// GET non-existent service
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+nonExistentID, nil)
-	if err != nil {
-		return fmt.Errorf("get non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("get non-existent service: expected 500, got %d", resp.StatusCode)
-	}
-
-	// UPDATE non-existent service
-	updateReq := web.CreateUpdateServiceRequest{
-		Name:     "Updated Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 60000,
-		Timeout:  10000,
-		Retries:  3,
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 30000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "test",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	resp, err = s.makeRequest("PUT", "/api/v1/services/"+nonExistentID, updateReq)
-	if err != nil {
-		return fmt.Errorf("update non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("update non-existent service: expected 500, got %d", resp.StatusCode)
-	}
-
-	// DELETE non-existent service
-	resp, err = s.makeRequest("DELETE", "/api/v1/services/"+nonExistentID, nil)
-	if err != nil {
-		return fmt.Errorf("delete non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("delete non-existent service: expected 500, got %d", resp.StatusCode)
-	}
-
-	// CHECK non-existent service
-	resp, err = s.makeRequest("POST", "/api/v1/services/"+nonExistentID+"/check", nil)
-	if err != nil {
-		return fmt.Errorf("check non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusNotFound {
-		return fmt.Errorf("check non-existent service: expected 404, got %d", resp.StatusCode)
-	}
-
-	// RESOLVE non-existent service
-	resp, err = s.makeRequest("POST", "/api/v1/services/"+nonExistentID+"/resolve", nil)
-	if err != nil {
-		return fmt.Errorf("resolve non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("resolve non-existent service: expected 500, got %d", resp.StatusCode)
-	}
-
-	// STATS for non-existent service
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+nonExistentID+"/stats", nil)
-	if err != nil {
-		return fmt.Errorf("stats non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("stats non-existent service: expected 500, got %d", resp.StatusCode)
-	}
-
-	// INCIDENTS for non-existent service
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+nonExistentID+"/incidents", nil)
-	if err != nil {
-		return fmt.Errorf("incidents non-existent service test: %w", err)
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("incidents non-existent service: expected 400, got %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func testStatsWithDifferentParameters(s *TestSuite) error {
-	// Create a dedicated service for stats testing
-	testService := web.CreateUpdateServiceRequest{
-		Name:     "Stats Test Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 30000,
-		Timeout:  5000,
-		Retries:  3,
-		Tags:     []string{"stats-test"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Test Endpoint",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	// Create the test service
-	resp, err := s.makeRequest("POST", "/api/v1/services", testService)
-	if err != nil {
-		return fmt.Errorf("create stats test service: %w", err)
-	}
-
-	var createdService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdService); err != nil {
-		return fmt.Errorf("decode stats test service: %w", err)
-	}
-
-	serviceID := createdService.ID
-
-	// Ensure cleanup
-	defer func() {
-		s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	}()
-
-	// Test different days parameters
-	daysTests := []struct {
-		days     string
-		expected bool
-	}{
-		{"1", true},
-		{"7", true},
-		{"30", true},
-		{"365", true},
-		{"0", true},   // Should work with 0 days
-		{"-1", true},  // Negative should be handled gracefully
-		{"abc", true}, // Invalid string should default to 30
-		{"", true},    // Empty should default to 30
-	}
-
-	for _, test := range daysTests {
-		path := "/api/v1/services/" + serviceID + "/stats"
-		if test.days != "" {
-			path += "?days=" + test.days
-		}
-
-		resp, err := s.makeRequest("GET", path, nil)
-		if err != nil {
-			if test.expected {
-				return fmt.Errorf("stats with days=%s failed: %w", test.days, err)
-			}
-			continue // Expected to fail
-		}
-
-		if !test.expected {
-			return fmt.Errorf("stats with days=%s should have failed but didn't", test.days)
-		}
-
-		var stats web.ServiceStats
-		if err := s.decodeResponse(resp, &stats); err != nil {
-			return fmt.Errorf("decode stats with days=%s: %w", test.days, err)
-		}
-
-		if stats.ServiceID != serviceID {
-			return fmt.Errorf("stats service ID mismatch for days=%s", test.days)
-		}
-
-		// Basic validation of stats
-		if stats.UptimePercentage < 0 || stats.UptimePercentage > 100 {
-			return fmt.Errorf("invalid uptime percentage for days=%s: %f", test.days, stats.UptimePercentage)
-		}
-	}
-
-	return nil
-}
-
-// Helper function to add extended tests to the main test suite
-func getExtendedTests() []struct {
-	name string
-	fn   func(*TestSuite) error
-} {
-	return []struct {
-		name string
-		fn   func(*TestSuite) error
-	}{
-		{"TestAdvancedServiceFilters", testAdvancedServiceFilters},
-		{"TestServiceCRUDCompleteFlow", testServiceCRUDCompleteFlow},
-		{"TestAdvancedIncidentManagement", testAdvancedIncidentManagement},
-		{"TestCompleteProtocolConfigurations", testCompleteProtocolConfigurations},
-		{"TestAdvancedPaginationAndSorting", testAdvancedPaginationAndSorting},
-		{"TestAdvancedErrorScenarios", testAdvancedErrorScenarios},
-		{"TestStatsWithDifferentParameters", testStatsWithDifferentParameters},
-	}
-}
diff --git a/cmd/testapi/main.go b/cmd/testapi/main.go
deleted file mode 100644
index 2c08c5c..0000000
--- a/cmd/testapi/main.go
+++ /dev/null
@@ -1,955 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"reflect"
-	"time"
-
-	"github.com/sxwebdev/sentinel/internal/config"
-	"github.com/sxwebdev/sentinel/internal/monitor"
-	"github.com/sxwebdev/sentinel/internal/monitors"
-	"github.com/sxwebdev/sentinel/internal/notifier"
-	"github.com/sxwebdev/sentinel/internal/receiver"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/upgrader"
-	"github.com/sxwebdev/sentinel/internal/web"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-	"github.com/tkcrm/mx/logger"
-)
-
-type TestSuite struct {
-	server       *web.Server
-	baseURL      string
-	client       *http.Client
-	stor         storage.Storage
-	ctx          context.Context
-	services     map[string]*web.ServiceDTO
-	incidents    map[string]*web.Incident
-	testServices []TestService
-}
-
-type TestService struct {
-	Name     string
-	Protocol storage.ServiceProtocolType
-	Tags     []string
-	Config   monitors.Config
-	Enabled  bool
-}
-
-var testServices = []TestService{
-	{
-		Name:     "HTTP Test Service 1",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Tags:     []string{"http", "production", "api"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Health Check",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		Enabled: true,
-	},
-	{
-		Name:     "HTTP Test Service 2",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Tags:     []string{"http", "staging", "web"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 3000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Home Page",
-						URL:            "https://httpbin.org/status/404",
-						Method:         "GET",
-						ExpectedStatus: 404,
-					},
-				},
-			},
-		},
-		Enabled: false,
-	},
-	{
-		Name:     "TCP Test Service",
-		Protocol: storage.ServiceProtocolTypeTCP,
-		Tags:     []string{"tcp", "database", "production"},
-		Config: monitors.Config{
-			TCP: &monitors.TCPConfig{
-				Endpoint: "google.com:80",
-			},
-		},
-		Enabled: true,
-	},
-	{
-		Name:     "gRPC Test Service",
-		Protocol: storage.ServiceProtocolTypeGRPC,
-		Tags:     []string{"grpc", "api", "microservice"},
-		Config: monitors.Config{
-			GRPC: &monitors.GRPCConfig{
-				Endpoint:  "grpc.example.com:443",
-				CheckType: "connectivity",
-				TLS:       true,
-			},
-		},
-		Enabled: true,
-	},
-	{
-		Name:     "Disabled Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Tags:     []string{"disabled", "test"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Test Endpoint",
-						URL:            "https://httpbin.org/status/500",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		Enabled: false,
-	},
-}
-
-func main() {
-	if len(os.Args) < 2 || os.Args[1] != "test" {
-		fmt.Println("Usage: go run main.go test")
-		os.Exit(1)
-	}
-
-	// Run tests
-	suite, err := setupTestSuite()
-	if err != nil {
-		log.Fatalf("Failed to setup test suite: %v", err)
-	}
-	defer suite.cleanup()
-
-	// Run all tests
-	tests := []struct {
-		name string
-		fn   func(*TestSuite) error
-	}{
-		{"TestHealthCheck", testHealthCheck},
-		{"TestDashboardStats", testDashboardStats},
-		{"TestCreateServices", testCreateServices},
-		{"TestGetServices", testGetServices},
-		{"TestServiceFilters", testServiceFilters},
-		{"TestServiceDetail", testServiceDetail},
-		{"TestUpdateService", testUpdateService},
-		{"TestServiceStats", testServiceStats},
-		{"TestServiceCheck", testServiceCheck},
-		{"TestIncidents", testIncidents},
-		{"TestIncidentFilters", testIncidentFilters},
-		{"TestTags", testTags},
-		{"TestPagination", testPagination},
-		{"TestErrorHandling", testErrorHandling},
-		{"TestDeleteService", testDeleteService},
-	}
-
-	// Add extended tests
-	extendedTests := getExtendedTests()
-	tests = append(tests, extendedTests...)
-
-	// Add model validation tests
-	modelTests := getModelValidationTests()
-	tests = append(tests, modelTests...)
-
-	failed := 0
-	for _, test := range tests {
-		fmt.Printf("Running %s...\n", test.name)
-		if err := test.fn(suite); err != nil {
-			fmt.Printf("FAIL: %s - %v\n", test.name, err)
-			failed++
-		} else {
-			fmt.Printf("PASS: %s\n", test.name)
-		}
-	}
-
-	if failed > 0 {
-		fmt.Printf("\n%d test(s) failed\n", failed)
-		os.Exit(1)
-	} else {
-		fmt.Println("\nAll tests passed!")
-	}
-}
-
-func setupTestSuite() (*TestSuite, error) {
-	ctx := context.Background()
-
-	// Create temporary database file
-	tmpDir, err := os.MkdirTemp("", "sentinel_test_*")
-	if err != nil {
-		return nil, fmt.Errorf("failed to create temp dir: %w", err)
-	}
-
-	dbPath := filepath.Join(tmpDir, "test.db")
-
-	// Load config
-	cfg := &config.Config{
-		Database: config.DatabaseConfig{
-			Path: dbPath,
-		},
-		Monitoring: config.MonitoringConfig{
-			Global: config.GlobalConfig{
-				DefaultInterval: time.Minute,
-				DefaultTimeout:  5 * time.Second,
-				DefaultRetries:  5,
-			},
-		},
-		Server: config.ServerConfig{
-			Host:     "localhost",
-			Port:     8899, // Use different port for testing
-			BaseHost: "localhost:8899",
-		},
-		Timezone: "UTC",
-	}
-
-	l := logger.Default()
-
-	// Initialize storage
-	stor, err := storage.NewStorage(storage.StorageTypeSQLite, dbPath)
-	if err != nil {
-		return nil, fmt.Errorf("failed to initialize storage: %w", err)
-	}
-
-	// Initialize notifier (disabled for tests)
-	var notif *notifier.Notifier
-
-	// Initialize receiver
-	rc := receiver.New()
-	if err := rc.Start(ctx); err != nil {
-		return nil, fmt.Errorf("failed to start receiver: %w", err)
-	}
-
-	// Initialize upgrader if configured
-	upgr, err := upgrader.New(l, cfg.Upgrader)
-	if err != nil {
-		return nil, fmt.Errorf("failed to initialize upgrader: %w", err)
-	}
-
-	// Create monitor service
-	monitorService := monitor.NewMonitorService(stor, cfg, notif, rc)
-
-	// Create web server
-	webServer, err := web.NewServer(l, cfg, web.ServerInfo{}, monitorService, stor, rc, upgr)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create web server: %w", err)
-	}
-
-	// Start server in background
-	go func() {
-		if err := webServer.App().Listen(fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)); err != nil {
-			log.Printf("Server error: %v", err)
-		}
-	}()
-
-	// Wait a bit for server to start
-	time.Sleep(100 * time.Millisecond)
-
-	suite := &TestSuite{
-		server:       webServer,
-		baseURL:      fmt.Sprintf("http://%s:%d", cfg.Server.Host, cfg.Server.Port),
-		client:       &http.Client{Timeout: 10 * time.Second},
-		stor:         stor,
-		ctx:          ctx,
-		services:     make(map[string]*web.ServiceDTO),
-		incidents:    make(map[string]*web.Incident),
-		testServices: testServices,
-	}
-
-	return suite, nil
-}
-
-func (s *TestSuite) cleanup() {
-	if s.stor != nil {
-		s.stor.Stop(context.Background())
-	}
-}
-
-func (s *TestSuite) makeRequest(method, path string, body interface{}) (*http.Response, error) {
-	var reqBody io.Reader
-	if body != nil {
-		jsonBody, err := json.Marshal(body)
-		if err != nil {
-			return nil, err
-		}
-		reqBody = bytes.NewBuffer(jsonBody)
-	}
-
-	req, err := http.NewRequest(method, s.baseURL+path, reqBody)
-	if err != nil {
-		return nil, err
-	}
-
-	if body != nil {
-		req.Header.Set("Content-Type", "application/json")
-	}
-
-	return s.client.Do(req)
-}
-
-func (s *TestSuite) decodeResponse(resp *http.Response, target interface{}) error {
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode >= 400 {
-		var errResp web.ErrorResponse
-		if err := json.Unmarshal(body, &errResp); err != nil {
-			return fmt.Errorf("HTTP %d: %s", resp.StatusCode, string(body))
-		}
-		return fmt.Errorf("HTTP %d: %s", resp.StatusCode, errResp.Error)
-	}
-
-	return json.Unmarshal(body, target)
-}
-
-// Test cases implementation
-
-func testHealthCheck(s *TestSuite) error {
-	resp, err := s.makeRequest("GET", "/", nil)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("expected status 200, got %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func testDashboardStats(s *TestSuite) error {
-	resp, err := s.makeRequest("GET", "/api/v1/dashboard/stats", nil)
-	if err != nil {
-		return err
-	}
-
-	var stats web.DashboardStats
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return err
-	}
-
-	// Basic validation
-	if stats.TotalServices < 0 {
-		return fmt.Errorf("total services should be >= 0, got %d", stats.TotalServices)
-	}
-
-	return nil
-}
-
-func testCreateServices(s *TestSuite) error {
-	for i, testSvc := range s.testServices {
-		createReq := web.CreateUpdateServiceRequest{
-			Name:      testSvc.Name,
-			Protocol:  testSvc.Protocol,
-			Interval:  30000, // 30s
-			Timeout:   5000,  // 5s
-			Retries:   3,
-			Tags:      testSvc.Tags,
-			Config:    testSvc.Config,
-			IsEnabled: testSvc.Enabled,
-		}
-
-		resp, err := s.makeRequest("POST", "/api/v1/services", createReq)
-		if err != nil {
-			return fmt.Errorf("service %d: %w", i, err)
-		}
-
-		var service web.ServiceDTO
-		if err := s.decodeResponse(resp, &service); err != nil {
-			return fmt.Errorf("service %d: %w", i, err)
-		}
-
-		// Validate response
-		if service.ID == "" {
-			return fmt.Errorf("service %d: missing ID", i)
-		}
-		if service.Name != testSvc.Name {
-			return fmt.Errorf("service %d: name mismatch", i)
-		}
-		if service.Protocol != testSvc.Protocol {
-			return fmt.Errorf("service %d: protocol mismatch", i)
-		}
-		if !reflect.DeepEqual(service.Tags, testSvc.Tags) {
-			return fmt.Errorf("service %d: tags mismatch", i)
-		}
-		if service.IsEnabled != testSvc.Enabled {
-			return fmt.Errorf("service %d: enabled status mismatch", i)
-		}
-
-		s.services[service.Name] = &service
-	}
-
-	return nil
-}
-
-func testGetServices(s *TestSuite) error {
-	resp, err := s.makeRequest("GET", "/api/v1/services", nil)
-	if err != nil {
-		return err
-	}
-
-	var result dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	if int(result.Count) != len(s.testServices) {
-		return fmt.Errorf("expected %d services, got %d", len(s.testServices), result.Count)
-	}
-
-	if len(result.Items) != len(s.testServices) {
-		return fmt.Errorf("expected %d items, got %d", len(s.testServices), len(result.Items))
-	}
-
-	return nil
-}
-
-func testServiceFilters(s *TestSuite) error {
-	// Test filter by name
-	resp, err := s.makeRequest("GET", "/api/v1/services?name=HTTP Test Service 1", nil)
-	if err != nil {
-		return err
-	}
-
-	var result dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	if result.Count != 1 {
-		return fmt.Errorf("name filter: expected 1 service, got %d", result.Count)
-	}
-	if result.Items[0].Name != "HTTP Test Service 1" {
-		return fmt.Errorf("name filter: wrong service returned")
-	}
-
-	// Test filter by protocol
-	resp, err = s.makeRequest("GET", "/api/v1/services?protocol=http", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	expectedHTTPServices := 0
-	for _, svc := range s.testServices {
-		if svc.Protocol == storage.ServiceProtocolTypeHTTP {
-			expectedHTTPServices++
-		}
-	}
-
-	if int(result.Count) != expectedHTTPServices {
-		return fmt.Errorf("protocol filter: expected %d HTTP services, got %d", expectedHTTPServices, result.Count)
-	}
-
-	// Test filter by tags
-	resp, err = s.makeRequest("GET", "/api/v1/services?tags=production", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	expectedProdServices := 0
-	for _, svc := range s.testServices {
-		for _, tag := range svc.Tags {
-			if tag == "production" {
-				expectedProdServices++
-				break
-			}
-		}
-	}
-
-	if int(result.Count) != expectedProdServices {
-		return fmt.Errorf("tags filter: expected %d production services, got %d", expectedProdServices, result.Count)
-	}
-
-	// Test filter by enabled status
-	resp, err = s.makeRequest("GET", "/api/v1/services?is_enabled=true", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	expectedEnabledServices := 0
-	for _, svc := range s.testServices {
-		if svc.Enabled {
-			expectedEnabledServices++
-		}
-	}
-
-	if int(result.Count) != expectedEnabledServices {
-		return fmt.Errorf("enabled filter: expected %d enabled services, got %d", expectedEnabledServices, result.Count)
-	}
-
-	// Test ordering
-	resp, err = s.makeRequest("GET", "/api/v1/services?order_by=name", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	// Check if results are ordered by name
-	for i := 1; i < len(result.Items); i++ {
-		if result.Items[i-1].Name > result.Items[i].Name {
-			return fmt.Errorf("services are not ordered by name")
-		}
-	}
-
-	// Test multiple filters
-	resp, err = s.makeRequest("GET", "/api/v1/services?protocol=http&tags=production&is_enabled=true", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	// Validate each service matches all filters
-	for _, item := range result.Items {
-		if item.Protocol != storage.ServiceProtocolTypeHTTP {
-			return fmt.Errorf("multiple filters: service %s doesn't match protocol filter", item.Name)
-		}
-		if !item.IsEnabled {
-			return fmt.Errorf("multiple filters: service %s doesn't match enabled filter", item.Name)
-		}
-		hasProdTag := false
-		for _, tag := range item.Tags {
-			if tag == "production" {
-				hasProdTag = true
-				break
-			}
-		}
-		if !hasProdTag {
-			return fmt.Errorf("multiple filters: service %s doesn't have production tag", item.Name)
-		}
-	}
-
-	return nil
-}
-
-func testServiceDetail(s *TestSuite) error {
-	// Get first service
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	resp, err := s.makeRequest("GET", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return err
-	}
-
-	var service web.ServiceDTO
-	if err := s.decodeResponse(resp, &service); err != nil {
-		return err
-	}
-
-	if service.ID != serviceID {
-		return fmt.Errorf("service detail: ID mismatch")
-	}
-
-	// Test non-existent service
-	resp, err = s.makeRequest("GET", "/api/v1/services/non-existent", nil)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("expected 500 for non-existent service, got %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func testUpdateService(s *TestSuite) error {
-	// Get first service
-	var service *web.ServiceDTO
-	for _, svc := range s.services {
-		service = svc
-		break
-	}
-
-	// Update service
-	updateReq := web.CreateUpdateServiceRequest{
-		Name:      service.Name + " Updated",
-		Protocol:  service.Protocol,
-		Interval:  60000, // 60s
-		Timeout:   10000, // 10s
-		Retries:   5,
-		Tags:      append(service.Tags, "updated"),
-		Config:    service.Config,
-		IsEnabled: !service.IsEnabled,
-	}
-
-	resp, err := s.makeRequest("PUT", "/api/v1/services/"+service.ID, updateReq)
-	if err != nil {
-		return err
-	}
-
-	var updatedService web.ServiceDTO
-	if err := s.decodeResponse(resp, &updatedService); err != nil {
-		return err
-	}
-
-	// Validate updates
-	if updatedService.Name != updateReq.Name {
-		return fmt.Errorf("update: name not updated")
-	}
-	if updatedService.Interval != updateReq.Interval {
-		return fmt.Errorf("update: interval not updated")
-	}
-	if updatedService.Timeout != updateReq.Timeout {
-		return fmt.Errorf("update: timeout not updated")
-	}
-	if updatedService.Retries != updateReq.Retries {
-		return fmt.Errorf("update: retries not updated")
-	}
-	if updatedService.IsEnabled != updateReq.IsEnabled {
-		return fmt.Errorf("update: enabled status not updated")
-	}
-
-	return nil
-}
-
-func testServiceStats(s *TestSuite) error {
-	// Get first service
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	// Test service stats
-	resp, err := s.makeRequest("GET", "/api/v1/services/"+serviceID+"/stats", nil)
-	if err != nil {
-		return err
-	}
-
-	var stats web.ServiceStats
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return err
-	}
-
-	if stats.ServiceID != serviceID {
-		return fmt.Errorf("stats: service ID mismatch")
-	}
-
-	// Test with custom days parameter
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/stats?days=7", nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func testServiceCheck(s *TestSuite) error {
-	// Get first service
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	// Trigger check
-	resp, err := s.makeRequest("POST", "/api/v1/services/"+serviceID+"/check", nil)
-	if err != nil {
-		return err
-	}
-
-	var result web.SuccessResponse
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	if result.Message == "" {
-		return fmt.Errorf("check: empty success message")
-	}
-
-	return nil
-}
-
-func testIncidents(s *TestSuite) error {
-	// Test get all incidents
-	resp, err := s.makeRequest("GET", "/api/v1/incidents", nil)
-	if err != nil {
-		return err
-	}
-
-	var incidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &incidents); err != nil {
-		return err
-	}
-
-	// Get first service for service-specific incidents
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	// Test service incidents
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents", nil)
-	if err != nil {
-		return err
-	}
-
-	var serviceIncidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &serviceIncidents); err != nil {
-		return err
-	}
-
-	// All incidents should belong to the service
-	for _, incident := range serviceIncidents.Items {
-		if incident.ServiceID != serviceID {
-			return fmt.Errorf("incident %s doesn't belong to service %s", incident.ID, serviceID)
-		}
-	}
-
-	return nil
-}
-
-func testIncidentFilters(s *TestSuite) error {
-	// Get first service
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	// Test filter by resolved status
-	resp, err := s.makeRequest("GET", "/api/v1/services/"+serviceID+"/incidents?resolved=false", nil)
-	if err != nil {
-		return err
-	}
-
-	var incidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &incidents); err != nil {
-		return err
-	}
-
-	// All incidents should be unresolved
-	for _, incident := range incidents.Items {
-		if incident.Resolved {
-			return fmt.Errorf("incident filter: found resolved incident when filtering for unresolved")
-		}
-	}
-
-	// Test time-based filtering
-	now := time.Now()
-	yesterday := now.AddDate(0, 0, -1)
-	resp, err = s.makeRequest("GET", "/api/v1/incidents?start_time="+url.QueryEscape(yesterday.Format(time.RFC3339)), nil)
-	if err != nil {
-		return err
-	}
-
-	if err := s.decodeResponse(resp, &incidents); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func testTags(s *TestSuite) error {
-	// Test get all tags
-	resp, err := s.makeRequest("GET", "/api/v1/tags", nil)
-	if err != nil {
-		return err
-	}
-
-	var tags []string
-	if err := s.decodeResponse(resp, &tags); err != nil {
-		return err
-	}
-
-	// Collect expected tags
-	expectedTags := make(map[string]bool)
-	for _, svc := range s.testServices {
-		for _, tag := range svc.Tags {
-			expectedTags[tag] = true
-		}
-	}
-
-	// Check if all expected tags are present
-	tagSet := make(map[string]bool)
-	for _, tag := range tags {
-		tagSet[tag] = true
-	}
-
-	for expectedTag := range expectedTags {
-		if !tagSet[expectedTag] {
-			return fmt.Errorf("tags: missing expected tag %s", expectedTag)
-		}
-	}
-
-	// Test get tags with count
-	resp, err = s.makeRequest("GET", "/api/v1/tags/count", nil)
-	if err != nil {
-		return err
-	}
-
-	var tagsWithCount map[string]int
-	if err := s.decodeResponse(resp, &tagsWithCount); err != nil {
-		return err
-	}
-
-	// Validate counts
-	for tag, count := range tagsWithCount {
-		if count <= 0 {
-			return fmt.Errorf("tags count: tag %s has invalid count %d", tag, count)
-		}
-	}
-
-	return nil
-}
-
-func testPagination(s *TestSuite) error {
-	// Test services pagination
-	resp, err := s.makeRequest("GET", "/api/v1/services?page=1&page_size=2", nil)
-	if err != nil {
-		return err
-	}
-
-	var result dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return err
-	}
-
-	if len(result.Items) > 2 {
-		return fmt.Errorf("pagination: page size not respected, got %d items", len(result.Items))
-	}
-
-	// Test second page
-	resp, err = s.makeRequest("GET", "/api/v1/services?page=2&page_size=2", nil)
-	if err != nil {
-		return err
-	}
-
-	var result2 dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result2); err != nil {
-		return err
-	}
-
-	// Make sure pages don't overlap
-	if len(result.Items) > 0 && len(result2.Items) > 0 {
-		for _, item1 := range result.Items {
-			for _, item2 := range result2.Items {
-				if item1.ID == item2.ID {
-					return fmt.Errorf("pagination: services overlap between pages")
-				}
-			}
-		}
-	}
-
-	return nil
-}
-
-func testErrorHandling(s *TestSuite) error {
-	// Test invalid service creation
-	invalidService := web.CreateUpdateServiceRequest{
-		Name:     "", // Empty name should fail
-		Protocol: storage.ServiceProtocolTypeHTTP,
-	}
-
-	resp, err := s.makeRequest("POST", "/api/v1/services", invalidService)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("error handling: expected 400 for invalid service, got %d", resp.StatusCode)
-	}
-
-	// Test invalid query parameters
-	resp, err = s.makeRequest("GET", "/api/v1/services?status=invalid", nil)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("error handling: expected 400 for invalid status filter, got %d", resp.StatusCode)
-	}
-
-	// Test invalid pagination
-	resp, err = s.makeRequest("GET", "/api/v1/services?page=0", nil)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusBadRequest {
-		return fmt.Errorf("error handling: expected 400 for invalid page, got %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func testDeleteService(s *TestSuite) error {
-	// Get a service to delete
-	var serviceID string
-	for _, svc := range s.services {
-		serviceID = svc.ID
-		break
-	}
-
-	// Delete service
-	resp, err := s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusNoContent {
-		return fmt.Errorf("delete: expected 204, got %d", resp.StatusCode)
-	}
-
-	// Verify service is deleted
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode != http.StatusInternalServerError {
-		return fmt.Errorf("delete: service still exists after deletion")
-	}
-
-	return nil
-}
diff --git a/cmd/testapi/model_tests.go b/cmd/testapi/model_tests.go
deleted file mode 100644
index b0d8275..0000000
--- a/cmd/testapi/model_tests.go
+++ /dev/null
@@ -1,602 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"reflect"
-
-	"github.com/sxwebdev/sentinel/internal/monitors"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/web"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-)
-
-// Model validation tests
-
-func testModelsValidation(s *TestSuite) error {
-	// Test HTTP config validation
-	httpConfig := monitors.Config{
-		HTTP: &monitors.HTTPConfig{
-			Timeout: 5000,
-			Endpoints: []monitors.EndpointConfig{
-				{
-					Name:           "Valid Endpoint",
-					URL:            "https://example.com/api",
-					Method:         "GET",
-					ExpectedStatus: 200,
-					Headers: map[string]string{
-						"Authorization": "Bearer token",
-						"Content-Type":  "application/json",
-					},
-					Body:     `{"test": true}`,
-					JSONPath: "$.status",
-					Username: "user",
-					Password: "pass",
-				},
-			},
-			Condition: "all",
-		},
-	}
-
-	if err := httpConfig.Validate(storage.ServiceProtocolTypeHTTP); err != nil {
-		return fmt.Errorf("valid HTTP config should not fail validation: %w", err)
-	}
-
-	// Test invalid HTTP config - missing endpoints
-	invalidHTTPConfig := monitors.Config{
-		HTTP: &monitors.HTTPConfig{
-			Timeout:   5000,
-			Endpoints: []monitors.EndpointConfig{}, // Empty endpoints
-		},
-	}
-
-	if err := invalidHTTPConfig.Validate(storage.ServiceProtocolTypeHTTP); err == nil {
-		return fmt.Errorf("HTTP config with empty endpoints should fail validation")
-	}
-
-	// Test invalid HTTP config - invalid endpoint
-	invalidEndpointConfig := monitors.Config{
-		HTTP: &monitors.HTTPConfig{
-			Timeout: 5000,
-			Endpoints: []monitors.EndpointConfig{
-				{
-					Name:           "", // Empty name
-					URL:            "invalid-url",
-					Method:         "INVALID",
-					ExpectedStatus: 999, // Invalid status
-				},
-			},
-		},
-	}
-
-	if err := invalidEndpointConfig.Validate(storage.ServiceProtocolTypeHTTP); err == nil {
-		return fmt.Errorf("HTTP config with invalid endpoint should fail validation")
-	}
-
-	// Test TCP config validation
-	tcpConfig := monitors.Config{
-		TCP: &monitors.TCPConfig{
-			Endpoint:   "example.com:80",
-			SendData:   "test data",
-			ExpectData: "expected response",
-		},
-	}
-
-	if err := tcpConfig.Validate(storage.ServiceProtocolTypeTCP); err != nil {
-		return fmt.Errorf("valid TCP config should not fail validation: %w", err)
-	}
-
-	// Test invalid TCP config - missing endpoint
-	invalidTCPConfig := monitors.Config{
-		TCP: &monitors.TCPConfig{
-			Endpoint: "", // Empty endpoint
-		},
-	}
-
-	if err := invalidTCPConfig.Validate(storage.ServiceProtocolTypeTCP); err == nil {
-		return fmt.Errorf("TCP config with empty endpoint should fail validation")
-	}
-
-	// Test gRPC config validation
-	grpcConfig := monitors.Config{
-		GRPC: &monitors.GRPCConfig{
-			Endpoint:    "grpc.example.com:443",
-			CheckType:   "health",
-			ServiceName: "ExampleService",
-			TLS:         true,
-			InsecureTLS: false,
-		},
-	}
-
-	if err := grpcConfig.Validate(storage.ServiceProtocolTypeGRPC); err != nil {
-		return fmt.Errorf("valid gRPC config should not fail validation: %w", err)
-	}
-
-	// Test invalid gRPC config - missing endpoint
-	invalidGRPCConfig := monitors.Config{
-		GRPC: &monitors.GRPCConfig{
-			Endpoint:  "", // Empty endpoint
-			CheckType: "invalid-type",
-		},
-	}
-
-	if err := invalidGRPCConfig.Validate(storage.ServiceProtocolTypeGRPC); err == nil {
-		return fmt.Errorf("gRPC config with empty endpoint should fail validation")
-	}
-
-	// Test config with wrong protocol
-	httpConfigForTCP := monitors.Config{
-		HTTP: &monitors.HTTPConfig{
-			Timeout: 5000,
-			Endpoints: []monitors.EndpointConfig{
-				{
-					Name:           "Test",
-					URL:            "https://example.com",
-					Method:         "GET",
-					ExpectedStatus: 200,
-				},
-			},
-		},
-	}
-
-	if err := httpConfigForTCP.Validate(storage.ServiceProtocolTypeTCP); err == nil {
-		return fmt.Errorf("HTTP config should fail validation for TCP protocol")
-	}
-
-	return nil
-}
-
-func testServiceDTOFields(s *TestSuite) error {
-	// Create a test service to validate DTO conversion
-	testService := web.CreateUpdateServiceRequest{
-		Name:     "DTO Test Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 30000,
-		Timeout:  5000,
-		Retries:  3,
-		Tags:     []string{"dto", "test", "validation"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Test Endpoint",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	// Create service
-	resp, err := s.makeRequest("POST", "/api/v1/services", testService)
-	if err != nil {
-		return fmt.Errorf("create DTO test service: %w", err)
-	}
-
-	var service web.ServiceDTO
-	if err := s.decodeResponse(resp, &service); err != nil {
-		return fmt.Errorf("decode DTO test service: %w", err)
-	}
-
-	// Validate all DTO fields
-	if service.ID == "" {
-		return fmt.Errorf("service ID should not be empty")
-	}
-	if service.Name != testService.Name {
-		return fmt.Errorf("service name mismatch")
-	}
-	if service.Protocol != testService.Protocol {
-		return fmt.Errorf("service protocol mismatch")
-	}
-	if service.Interval != testService.Interval {
-		return fmt.Errorf("service interval mismatch")
-	}
-	if service.Timeout != testService.Timeout {
-		return fmt.Errorf("service timeout mismatch")
-	}
-	if service.Retries != testService.Retries {
-		return fmt.Errorf("service retries mismatch")
-	}
-	if !reflect.DeepEqual(service.Tags, testService.Tags) {
-		return fmt.Errorf("service tags mismatch")
-	}
-	if service.IsEnabled != testService.IsEnabled {
-		return fmt.Errorf("service enabled status mismatch")
-	}
-
-	// Check config conversion
-	if service.Config.HTTP == nil {
-		return fmt.Errorf("HTTP config should not be nil")
-	}
-	if service.Config.HTTP.Timeout != testService.Config.HTTP.Timeout {
-		return fmt.Errorf("HTTP config timeout mismatch")
-	}
-	if len(service.Config.HTTP.Endpoints) != len(testService.Config.HTTP.Endpoints) {
-		return fmt.Errorf("HTTP endpoints count mismatch")
-	}
-
-	// Check endpoint details
-	endpoint := service.Config.HTTP.Endpoints[0]
-	originalEndpoint := testService.Config.HTTP.Endpoints[0]
-	if endpoint.Name != originalEndpoint.Name {
-		return fmt.Errorf("endpoint name mismatch")
-	}
-	if endpoint.URL != originalEndpoint.URL {
-		return fmt.Errorf("endpoint URL mismatch")
-	}
-	if endpoint.Method != originalEndpoint.Method {
-		return fmt.Errorf("endpoint method mismatch")
-	}
-	if endpoint.ExpectedStatus != originalEndpoint.ExpectedStatus {
-		return fmt.Errorf("endpoint expected status mismatch")
-	}
-
-	// Check state fields are present (even if default values)
-	if service.ActiveIncidents < 0 {
-		return fmt.Errorf("active incidents should be >= 0")
-	}
-	if service.TotalIncidents < 0 {
-		return fmt.Errorf("total incidents should be >= 0")
-	}
-	if service.ConsecutiveFails < 0 {
-		return fmt.Errorf("consecutive fails should be >= 0")
-	}
-	if service.ConsecutiveSuccess < 0 {
-		return fmt.Errorf("consecutive success should be >= 0")
-	}
-	if service.TotalChecks < 0 {
-		return fmt.Errorf("total checks should be >= 0")
-	}
-
-	// Status should be one of the valid values
-	validStatuses := []storage.ServiceStatus{
-		storage.StatusUnknown,
-		storage.StatusUp,
-		storage.StatusDown,
-		storage.StatusMaintenance,
-	}
-	isValidStatus := false
-	for _, validStatus := range validStatuses {
-		if service.Status == validStatus {
-			isValidStatus = true
-			break
-		}
-	}
-	if !isValidStatus {
-		return fmt.Errorf("invalid service status: %s", service.Status)
-	}
-
-	// Clean up
-	if _, err := s.makeRequest("DELETE", "/api/v1/services/"+service.ID, nil); err != nil {
-		return fmt.Errorf("cleanup DTO test service: %w", err)
-	}
-
-	return nil
-}
-
-func testIncidentFields(s *TestSuite) error {
-	// Get incidents to validate structure
-	resp, err := s.makeRequest("GET", "/api/v1/incidents?page_size=1", nil)
-	if err != nil {
-		return fmt.Errorf("get incidents for validation: %w", err)
-	}
-
-	var incidents dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &incidents); err != nil {
-		return fmt.Errorf("decode incidents for validation: %w", err)
-	}
-
-	if len(incidents.Items) > 0 {
-		incident := incidents.Items[0]
-
-		// Validate incident fields
-		if incident.ID == "" {
-			return fmt.Errorf("incident ID should not be empty")
-		}
-		if incident.ServiceID == "" {
-			return fmt.Errorf("incident service ID should not be empty")
-		}
-		if incident.ServiceName == "" {
-			return fmt.Errorf("incident service name should not be empty")
-		}
-		if incident.Status == "" {
-			return fmt.Errorf("incident status should not be empty")
-		}
-		if incident.Message == "" {
-			return fmt.Errorf("incident message should not be empty")
-		}
-
-		// StartedAt should be a valid time
-		if incident.StartedAt.IsZero() {
-			return fmt.Errorf("incident started at should not be zero")
-		}
-
-		// If resolved, ResolvedAt should not be nil
-		if incident.Resolved && incident.ResolvedAt == nil {
-			return fmt.Errorf("resolved incident should have resolved at time")
-		}
-
-		// If not resolved, ResolvedAt should be nil
-		if !incident.Resolved && incident.ResolvedAt != nil {
-			return fmt.Errorf("unresolved incident should not have resolved at time")
-		}
-
-		// Duration should be a valid string
-		if incident.Duration == "" {
-			return fmt.Errorf("incident duration should not be empty")
-		}
-	}
-
-	return nil
-}
-
-func testResponseModels(s *TestSuite) error {
-	// Test ErrorResponse
-	resp, err := s.makeRequest("GET", "/api/v1/services/non-existent", nil)
-	if err != nil {
-		return fmt.Errorf("test error response: %w", err)
-	}
-
-	if resp.StatusCode >= 400 {
-		var errorResp web.ErrorResponse
-		if err := s.decodeResponse(resp, &errorResp); err == nil {
-			if errorResp.Error == "" {
-				return fmt.Errorf("error response should have non-empty error message")
-			}
-		}
-	}
-
-	// Test SuccessResponse by triggering a check
-	// Create a test service first to ensure we have a valid service ID
-	createReq := web.CreateUpdateServiceRequest{
-		Name:     "Test Service for Response Models",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 60000,
-		Timeout:  10000,
-		Retries:  3,
-		Tags:     []string{"test", "response-models"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 30000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "test",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	resp, err = s.makeRequest("POST", "/api/v1/services", createReq)
-	if err != nil {
-		return fmt.Errorf("create test service: %w", err)
-	}
-
-	var createResponse web.ServiceDTO
-	if err := s.decodeResponse(resp, &createResponse); err != nil {
-		return fmt.Errorf("decode create service response: %w", err)
-	}
-
-	serviceID := createResponse.ID
-
-	// Now test the service check endpoint
-	resp, err = s.makeRequest("POST", "/api/v1/services/"+serviceID+"/check", nil)
-	if err != nil {
-		return fmt.Errorf("test success response: %w", err)
-	}
-
-	var successResp web.SuccessResponse
-	if err := s.decodeResponse(resp, &successResp); err != nil {
-		return fmt.Errorf("decode success response: %w", err)
-	}
-
-	if successResp.Message == "" {
-		return fmt.Errorf("success response should have non-empty message")
-	}
-
-	// Clean up: delete the test service
-	_, err = s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	if err != nil {
-		return fmt.Errorf("cleanup test service: %w", err)
-	}
-
-	// Test DashboardStats
-	resp, err = s.makeRequest("GET", "/api/v1/dashboard/stats", nil)
-	if err != nil {
-		return fmt.Errorf("test dashboard stats: %w", err)
-	}
-
-	var stats web.DashboardStats
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return fmt.Errorf("decode dashboard stats: %w", err)
-	}
-
-	// Validate stats fields
-	if stats.TotalServices < 0 {
-		return fmt.Errorf("total services should be >= 0")
-	}
-	if stats.ServicesUp < 0 {
-		return fmt.Errorf("services up should be >= 0")
-	}
-	if stats.ServicesDown < 0 {
-		return fmt.Errorf("services down should be >= 0")
-	}
-	if stats.ServicesUnknown < 0 {
-		return fmt.Errorf("services unknown should be >= 0")
-	}
-	if stats.ActiveIncidents < 0 {
-		return fmt.Errorf("active incidents should be >= 0")
-	}
-	if stats.UptimePercentage < 0 || stats.UptimePercentage > 100 {
-		return fmt.Errorf("uptime percentage should be between 0 and 100")
-	}
-	if stats.TotalChecks < 0 {
-		return fmt.Errorf("total checks should be >= 0")
-	}
-	if stats.ChecksPerMinute < 0 {
-		return fmt.Errorf("checks per minute should be >= 0")
-	}
-
-	// Protocols map should contain valid protocols
-	for protocol, count := range stats.Protocols {
-		validProtocols := []storage.ServiceProtocolType{
-			storage.ServiceProtocolTypeHTTP,
-			storage.ServiceProtocolTypeTCP,
-			storage.ServiceProtocolTypeGRPC,
-		}
-		isValid := false
-		for _, validProtocol := range validProtocols {
-			if protocol == validProtocol {
-				isValid = true
-				break
-			}
-		}
-		if !isValid {
-			return fmt.Errorf("invalid protocol in stats: %s", protocol)
-		}
-		if count < 0 {
-			return fmt.Errorf("protocol count should be >= 0")
-		}
-	}
-
-	return nil
-}
-
-func testServiceStatsModel(s *TestSuite) error {
-	// Create a dedicated service for stats model testing
-	testService := web.CreateUpdateServiceRequest{
-		Name:     "Stats Model Test Service",
-		Protocol: storage.ServiceProtocolTypeHTTP,
-		Interval: 30000,
-		Timeout:  5000,
-		Retries:  3,
-		Tags:     []string{"stats-model-test"},
-		Config: monitors.Config{
-			HTTP: &monitors.HTTPConfig{
-				Timeout: 5000,
-				Endpoints: []monitors.EndpointConfig{
-					{
-						Name:           "Test Endpoint",
-						URL:            "https://httpbin.org/status/200",
-						Method:         "GET",
-						ExpectedStatus: 200,
-					},
-				},
-			},
-		},
-		IsEnabled: true,
-	}
-
-	// Create the test service
-	resp, err := s.makeRequest("POST", "/api/v1/services", testService)
-	if err != nil {
-		return fmt.Errorf("create stats model test service: %w", err)
-	}
-
-	var createdService web.ServiceDTO
-	if err := s.decodeResponse(resp, &createdService); err != nil {
-		return fmt.Errorf("decode stats model test service: %w", err)
-	}
-
-	serviceID := createdService.ID
-
-	// Ensure cleanup
-	defer func() {
-		s.makeRequest("DELETE", "/api/v1/services/"+serviceID, nil)
-	}()
-
-	resp, err = s.makeRequest("GET", "/api/v1/services/"+serviceID+"/stats", nil)
-	if err != nil {
-		return fmt.Errorf("get service stats: %w", err)
-	}
-
-	var stats web.ServiceStats
-	if err := s.decodeResponse(resp, &stats); err != nil {
-		return fmt.Errorf("decode service stats: %w", err)
-	}
-
-	// Validate stats fields
-	if stats.ServiceID != serviceID {
-		return fmt.Errorf("service stats service ID mismatch")
-	}
-	if stats.TotalIncidents < 0 {
-		return fmt.Errorf("total incidents should be >= 0")
-	}
-	if stats.UptimePercentage < 0 || stats.UptimePercentage > 100 {
-		return fmt.Errorf("uptime percentage should be between 0 and 100")
-	}
-	if stats.TotalDowntime < 0 {
-		return fmt.Errorf("total downtime should be >= 0")
-	}
-	if stats.Period <= 0 {
-		return fmt.Errorf("period should be > 0")
-	}
-	if stats.AvgResponseTime < 0 {
-		return fmt.Errorf("avg response time should be >= 0")
-	}
-
-	return nil
-}
-
-func testPaginationResponseModel(s *TestSuite) error {
-	// Test services pagination response
-	resp, err := s.makeRequest("GET", "/api/v1/services?page=1&page_size=3", nil)
-	if err != nil {
-		return fmt.Errorf("get paginated services: %w", err)
-	}
-
-	var result dbutils.FindResponseWithCount[web.ServiceDTO]
-	if err := s.decodeResponse(resp, &result); err != nil {
-		return fmt.Errorf("decode paginated services: %w", err)
-	}
-
-	// Validate pagination structure
-	// Count is uint32, so it's always >= 0
-	if len(result.Items) > 3 {
-		return fmt.Errorf("items should not exceed page size")
-	}
-
-	// Test incidents pagination response
-	resp, err = s.makeRequest("GET", "/api/v1/incidents?page=1&page_size=5", nil)
-	if err != nil {
-		return fmt.Errorf("get paginated incidents: %w", err)
-	}
-
-	var incidentResult dbutils.FindResponseWithCount[web.Incident]
-	if err := s.decodeResponse(resp, &incidentResult); err != nil {
-		return fmt.Errorf("decode paginated incidents: %w", err)
-	}
-
-	// Validate pagination structure
-	// Count is uint32, so it's always >= 0
-	if len(incidentResult.Items) > 5 {
-		return fmt.Errorf("incident items should not exceed page size")
-	}
-
-	return nil
-}
-
-// Helper function to add model validation tests
-func getModelValidationTests() []struct {
-	name string
-	fn   func(*TestSuite) error
-} {
-	return []struct {
-		name string
-		fn   func(*TestSuite) error
-	}{
-		{"TestModelsValidation", testModelsValidation},
-		{"TestServiceDTOFields", testServiceDTOFields},
-		{"TestIncidentFields", testIncidentFields},
-		{"TestResponseModels", testResponseModels},
-		{"TestServiceStatsModel", testServiceStatsModel},
-		{"TestPaginationResponseModel", testPaginationResponseModel},
-	}
-}
diff --git a/cmd/testserver/main.go b/cmd/testserver/main.go
new file mode 100644
index 0000000..5de25d3
--- /dev/null
+++ b/cmd/testserver/main.go
@@ -0,0 +1,300 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/health"
+	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/reflection"
+)
+
+var (
+	enableTCP  = flag.Bool("tcp", false, "Enable TCP server")
+	enableGRPC = flag.Bool("grpc", false, "Enable gRPC server")
+	enableHTTP = flag.Bool("http", false, "Enable HTTP server")
+	tcpPort    = flag.Int("tcp-port", 12345, "TCP server port")
+	grpcPort   = flag.Int("grpc-port", 50051, "gRPC server port")
+	httpPort   = flag.Int("http-port", 8085, "HTTP server port")
+)
+
+func main() {
+	flag.Parse()
+
+	// Check if at least one server is enabled
+	if !*enableTCP && !*enableGRPC && !*enableHTTP {
+		log.Fatal("At least one server must be enabled. Use -tcp, -grpc, or -http flags.")
+	}
+
+	if err := run(); err != nil {
+		log.Fatalf("Failed to run servers: %v", err)
+	}
+}
+
+func run() error {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	var wg sync.WaitGroup
+	errChan := make(chan error, 3) // Buffer for all possible servers
+
+	// Start enabled servers
+	if *enableTCP {
+		wg.Go(func() {
+			log.Printf("Starting TCP server on port %d", *tcpPort)
+			if err := runTCPServer(ctx, *tcpPort); err != nil {
+				errChan <- fmt.Errorf("TCP server error: %w", err)
+			}
+		})
+	}
+
+	if *enableGRPC {
+		wg.Go(func() {
+			log.Printf("Starting gRPC server on port %d", *grpcPort)
+			if err := runGRPCServer(ctx, *grpcPort); err != nil {
+				errChan <- fmt.Errorf("gRPC server error: %w", err)
+			}
+		})
+	}
+
+	if *enableHTTP {
+		wg.Go(func() {
+			log.Printf("Starting HTTP server on port %d", *httpPort)
+			if err := runHTTPServer(ctx, *httpPort); err != nil {
+				errChan <- fmt.Errorf("HTTP server error: %w", err)
+			}
+		})
+	}
+
+	// Wait for interrupt signal or server error
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
+
+	select {
+	case <-sigChan:
+		log.Println("Received interrupt signal, shutting down...")
+		cancel() // Signal all servers to stop
+	case err := <-errChan:
+		log.Printf("Server error: %v", err)
+		cancel()
+		return err
+	}
+
+	// Wait for all servers to shut down gracefully
+	done := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(done)
+	}()
+
+	select {
+	case <-done:
+		log.Println("All servers shut down gracefully")
+	case <-time.After(10 * time.Second):
+		log.Println("Timeout waiting for servers to shut down")
+	}
+
+	return nil
+}
+
+// runTCPServer runs the TCP server with original logic from cmd/tcpserver/main.go
+func runTCPServer(ctx context.Context, port int) error {
+	addr := fmt.Sprintf("localhost:%d", port)
+	listener, err := net.Listen("tcp", addr)
+	if err != nil {
+		return fmt.Errorf("failed to start TCP server: %w", err)
+	}
+	defer listener.Close()
+
+	// Channel to signal when to stop accepting new connections
+	stopChan := make(chan struct{})
+
+	// Goroutine to handle context cancellation
+	go func() {
+		<-ctx.Done()
+		close(stopChan)
+		listener.Close() // This will cause Accept() to return an error
+	}()
+
+	for {
+		select {
+		case <-stopChan:
+			return nil
+		default:
+		}
+
+		conn, err := listener.Accept()
+		if err != nil {
+			select {
+			case <-stopChan:
+				return nil // Expected error due to context cancellation
+			default:
+				log.Printf("Failed to accept TCP connection: %v", err)
+				continue
+			}
+		}
+
+		// log.Printf("TCP client connected: %s", conn.RemoteAddr())
+		go handleTCPConnection(conn)
+	}
+}
+
+// handleTCPConnection handles individual TCP connections (original logic from cmd/tcpserver/main.go)
+func handleTCPConnection(conn net.Conn) {
+	defer func() {
+		conn.Close()
+		// log.Printf("TCP connection closed: %s\n", conn.RemoteAddr())
+	}()
+
+	// Set connection timeout - close if no data received in 5 seconds
+	conn.SetReadDeadline(time.Now().Add(5 * time.Second))
+
+	var accumulated []byte
+	reader := bufio.NewReader(conn)
+
+	for {
+		buffer := make([]byte, 1024)
+		n, err := reader.Read(buffer)
+		if err != nil {
+			if utils.IsErrTimeout(err) {
+				break
+			}
+			log.Printf("Failed to read from TCP connection: %v", err)
+			return
+		}
+
+		if n == 0 {
+			break
+		}
+
+		// Accumulate received data
+		accumulated = append(accumulated, buffer[:n]...)
+
+		// If no more data buffered, client likely finished sending
+		if reader.Buffered() == 0 {
+			break
+		}
+	}
+
+	// Now process the complete message
+	if len(accumulated) == 0 {
+		log.Println("No data received from TCP client")
+		return
+	}
+
+	msg := string(accumulated)
+	// log.Printf("TCP complete message received: %s", msg)
+
+	// Simple ping-pong protocol - exact match
+	switch msg {
+	case "ping":
+		// log.Println("TCP: Sending pong")
+		_, err := conn.Write([]byte("pong"))
+		if err != nil {
+			log.Printf("Failed to send TCP response: %v", err)
+		}
+	case "noresponse":
+		log.Println("TCP: No response expected")
+	default:
+		log.Printf("TCP: Unknown message '%s', sending ok", msg)
+		_, err := conn.Write([]byte("ok"))
+		if err != nil {
+			log.Printf("Failed to send TCP response: %v", err)
+		}
+	}
+}
+
+// runGRPCServer runs the gRPC server with original logic from cmd/grpcserver/main.go
+func runGRPCServer(ctx context.Context, port int) error {
+	addr := fmt.Sprintf("localhost:%d", port)
+
+	lis, err := net.Listen("tcp", addr)
+	if err != nil {
+		return fmt.Errorf("failed to listen: %w", err)
+	}
+
+	// Create gRPC server
+	grpcServer := grpc.NewServer()
+
+	// Create and register health server
+	healthServer := health.NewServer()
+	grpc_health_v1.RegisterHealthServer(grpcServer, healthServer)
+
+	// Register gRPC reflection service for debugging
+	reflection.Register(grpcServer)
+
+	// Set initial serving status
+	healthServer.SetServingStatus("", grpc_health_v1.HealthCheckResponse_SERVING)
+	healthServer.SetServingStatus("health", grpc_health_v1.HealthCheckResponse_SERVING)
+	healthServer.SetServingStatus("test-service", grpc_health_v1.HealthCheckResponse_SERVING)
+
+	// Start server in a goroutine
+	serverErr := make(chan error, 1)
+	go func() {
+		if err := grpcServer.Serve(lis); err != nil {
+			serverErr <- fmt.Errorf("failed to serve: %w", err)
+		}
+	}()
+
+	// Wait for context cancellation or server error
+	select {
+	case <-ctx.Done():
+		// Graceful shutdown
+		log.Println("Shutting down gRPC server...")
+		grpcServer.GracefulStop()
+		return nil
+	case err := <-serverErr:
+		return err
+	}
+}
+
+// runHTTPServer runs a simple HTTP server using standard library
+func runHTTPServer(ctx context.Context, port int) error {
+	mux := http.NewServeMux()
+
+	// Simple handler that returns {"ok":true}
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"ok":true}`))
+	})
+
+	server := &http.Server{
+		Addr:    fmt.Sprintf(":%d", port),
+		Handler: mux,
+	}
+
+	// Start server in a goroutine
+	serverErr := make(chan error, 1)
+	go func() {
+		if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			serverErr <- fmt.Errorf("failed to start HTTP server: %w", err)
+		}
+	}()
+
+	// Wait for context cancellation or server error
+	select {
+	case <-ctx.Done():
+		log.Println("Shutting down HTTP server...")
+		shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+		if err := server.Shutdown(shutdownCtx); err != nil {
+			return fmt.Errorf("failed to shutdown HTTP server: %w", err)
+		}
+		return nil
+	case err := <-serverErr:
+		return err
+	}
+}
diff --git a/config-agent.template.yaml b/config-agent.template.yaml
new file mode 100644
index 0000000..436b3d1
--- /dev/null
+++ b/config-agent.template.yaml
@@ -0,0 +1,33 @@
+log:
+  format: json
+  level: info
+  console_colored: false
+  trace: fatal
+  with_caller: false
+  with_stack_trace: false
+ops:
+  enabled: false
+  network: tcp
+  tracing_enabled: false
+  metrics:
+    enabled: false
+    path: /metrics
+    port: "10000"
+    basic_auth:
+      enabled: false
+      username: ""
+      password: ""
+  healthy:
+    enabled: false
+    path: /healthy
+    port: "10000"
+  profiler:
+    enabled: false
+    path: /debug/pprof
+    port: "10000"
+    write_timeout: 60
+hub_server:
+  name: connectrpc-client
+  addr: ""
+data_dir: ./data
+token: ""
diff --git a/config.template.yaml b/config.template.yaml
index 8f88de6..c726991 100644
--- a/config.template.yaml
+++ b/config.template.yaml
@@ -1,49 +1,39 @@
 log:
-  format: ""
-  level: ""
+  format: json
+  level: info
   console_colored: false
-  trace: ""
+  trace: fatal
   with_caller: false
   with_stack_trace: false
 ops:
   enabled: false
-  network: ""
+  network: tcp
   tracing_enabled: false
   metrics:
     enabled: false
-    path: ""
-    port: ""
+    path: /metrics
+    port: "10000"
     basic_auth:
       enabled: false
       username: ""
       password: ""
   healthy:
     enabled: false
-    path: ""
-    port: ""
+    path: /healthy
+    port: "10000"
   profiler:
     enabled: false
-    path: ""
-    port: ""
-    write_timeout: 0
+    path: /debug/pprof
+    port: "10000"
+    write_timeout: 60
+data_dir: ./data
 server:
-  port: 8080
-  host: 0.0.0.0
-  base_host: localhost:8080
-  frontend:
-    base_url: http://localhost:8080/api/v1
-    socket_url: ws://localhost:8080/ws
+  addr: :8080
   auth:
-    enabled: false
-    users: []
-monitoring:
-  global:
-    default_interval: 60s
-    default_timeout: 10s
-    default_retries: 5
-database:
-  path: ./data/db.sqlite
-notifications:
-  enabled: false
-  urls: []
+    access_token_secret_key: ""
+    refresh_token_secret_key: ""
 timezone: UTC
+updater:
+  is_enabled: false
+  command: ""
+kv_db_engine: inmemory
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 7bfb380..5c3728d 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -1,5 +1,6 @@
 services:
   sentinel:
+    container_name: sentinel
     build:
       context: .
       dockerfile: Dockerfile
@@ -7,6 +8,7 @@ services:
         VERSION: local-dev
         COMMIT_HASH: local
         BUILD_DATE: local
+    command: ["hub", "start", "--config", "./config.yaml"]
     ports:
       - "8080:8080"
     volumes:
diff --git a/docker-compose.yml b/docker-compose.yml
index 3349c6c..493c0d0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,8 @@
 services:
   sentinel:
+    container_name: sentinel
     image: sxwebdev/sentinel:latest
+    command: ["hub", "start", "--config", "./config.yaml"]
     ports:
       - "8080:8080"
     volumes:
diff --git a/docs/docsv1/docs.go b/docs/docsv1/docs.go
deleted file mode 100644
index 9fa6fa5..0000000
--- a/docs/docsv1/docs.go
+++ /dev/null
@@ -1,1412 +0,0 @@
-// Package docsv1 Code generated by swaggo/swag. DO NOT EDIT
-package docsv1
-
-import "github.com/swaggo/swag"
-
-const docTemplate = `{
-    "schemes": {{ marshal .Schemes }},
-    "swagger": "2.0",
-    "info": {
-        "description": "{{escape .Description}}",
-        "title": "{{.Title}}",
-        "termsOfService": "http://swagger.io/terms/",
-        "contact": {
-            "name": "API Support",
-            "url": "http://www.swagger.io/support",
-            "email": "support@swagger.io"
-        },
-        "license": {
-            "name": "Apache 2.0",
-            "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
-        },
-        "version": "{{.Version}}"
-    },
-    "host": "{{.Host}}",
-    "basePath": "{{.BasePath}}",
-    "paths": {
-        "/dashboard/stats": {
-            "get": {
-                "description": "Returns statistics for the dashboard",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "dashboard"
-                ],
-                "summary": "Get dashboard statistics",
-                "responses": {
-                    "200": {
-                        "description": "Dashboard statistics",
-                        "schema": {
-                            "$ref": "#/definitions/web.DashboardStats"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/incidents": {
-            "get": {
-                "description": "Returns a list of recent incidents across all services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get recent incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Filter by service ID or incident ID",
-                        "name": "search",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by resolved status",
-                        "name": "resolved",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (default 1)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 100)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of incidents",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-storage_Incident"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/incidents/stats": {
-            "get": {
-                "description": "Returns the stats of incidents by date range",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get incidents stats by date range",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Start time (RFC3339 format)",
-                        "name": "start_time",
-                        "in": "query",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "End time (RFC3339 format)",
-                        "name": "end_time",
-                        "in": "query",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Incidents stats by date range",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/web.getIncidentsStatsItem"
-                            }
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/health": {
-            "get": {
-                "description": "Checks the health of the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Health check",
-                "responses": {
-                    "200": {
-                        "description": "Health check successful",
-                        "schema": {
-                            "$ref": "#/definitions/web.healthCheckResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/info": {
-            "get": {
-                "description": "Returns basic information about the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Get server info",
-                "responses": {
-                    "200": {
-                        "description": "Server information",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServerInfoResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/upgrade": {
-            "get": {
-                "description": "Triggers a manual upgrade of the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Manual upgrade",
-                "responses": {
-                    "200": {
-                        "description": "Upgrade initiated successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services": {
-            "get": {
-                "description": "Returns a list of all services with their current states",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Get all services",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Filter by service name",
-                        "name": "name",
-                        "in": "query"
-                    },
-                    {
-                        "type": "array",
-                        "items": {
-                            "type": "string"
-                        },
-                        "collectionFormat": "csv",
-                        "description": "Filter by service tags",
-                        "name": "tags",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by service status",
-                        "name": "status",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by enabled status",
-                        "name": "is_enabled",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by protocol",
-                        "name": "protocol",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Order by field",
-                        "name": "order_by",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (for pagination)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 20)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of services with states",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-web_ServiceDTO"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "post": {
-                "description": "Creates a new service for monitoring",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Create new service",
-                "parameters": [
-                    {
-                        "description": "Service configuration",
-                        "name": "service",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/web.CreateUpdateServiceRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "201": {
-                        "description": "Service created",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}": {
-            "get": {
-                "description": "Returns detailed information about a specific service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Get service details",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service details with state",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "put": {
-                "description": "Updates an existing service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Update service",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "description": "New service configuration",
-                        "name": "service",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/web.CreateUpdateServiceRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service updated",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "delete": {
-                "description": "Deletes a service from the monitoring system",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Delete service",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "Service deleted"
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/check": {
-            "post": {
-                "description": "Triggers a manual check of service status",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Trigger service check",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Check triggered successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/incidents": {
-            "get": {
-                "description": "Returns a list of incidents for a specific service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get service incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by incident ID",
-                        "name": "incident_id",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by resolved status",
-                        "name": "resolved",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (for pagination)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 20)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of incidents",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-storage_Incident"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/incidents/{incidentId}": {
-            "delete": {
-                "description": "Deletes a specific incident for a service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Delete incident",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "Incident ID",
-                        "name": "incidentId",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "Incident deleted"
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Incident not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/resolve": {
-            "post": {
-                "description": "Forcefully resolves all active incidents for a service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Resolve service incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Incidents resolved successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/stats": {
-            "get": {
-                "description": "Returns service statistics for the specified period",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "statistics"
-                ],
-                "summary": "Get service statistics",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of days (default 30)",
-                        "name": "days",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service statistics",
-                        "schema": {
-                            "$ref": "#/definitions/storage.ServiceStats"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/tags": {
-            "get": {
-                "description": "Retrieves all unique tags used across services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "tags"
-                ],
-                "summary": "Get all tags",
-                "responses": {
-                    "200": {
-                        "description": "List of unique tags",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "type": "string"
-                            }
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/tags/count": {
-            "get": {
-                "description": "Retrieves all unique tags along with their usage count across services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "tags"
-                ],
-                "summary": "Get all tags with usage count",
-                "responses": {
-                    "200": {
-                        "description": "Map of tags with their usage count",
-                        "schema": {
-                            "type": "object",
-                            "additionalProperties": {
-                                "type": "integer"
-                            }
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        }
-    },
-    "definitions": {
-        "dbutils.FindResponseWithCount-storage_Incident": {
-            "type": "object",
-            "properties": {
-                "count": {
-                    "type": "integer"
-                },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/storage.Incident"
-                    }
-                }
-            }
-        },
-        "dbutils.FindResponseWithCount-web_ServiceDTO": {
-            "type": "object",
-            "properties": {
-                "count": {
-                    "type": "integer"
-                },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/web.ServiceDTO"
-                    }
-                }
-            }
-        },
-        "monitors.Config": {
-            "type": "object",
-            "properties": {
-                "grpc": {
-                    "$ref": "#/definitions/monitors.GRPCConfig"
-                },
-                "http": {
-                    "$ref": "#/definitions/monitors.HTTPConfig"
-                },
-                "tcp": {
-                    "$ref": "#/definitions/monitors.TCPConfig"
-                }
-            }
-        },
-        "monitors.EndpointConfig": {
-            "type": "object",
-            "required": [
-                "expected_status",
-                "method",
-                "name",
-                "url"
-            ],
-            "properties": {
-                "body": {
-                    "type": "string"
-                },
-                "expected_status": {
-                    "type": "integer",
-                    "maximum": 599,
-                    "minimum": 100
-                },
-                "headers": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "string"
-                    }
-                },
-                "json_path": {
-                    "description": "Path to extract value from JSON response",
-                    "type": "string"
-                },
-                "method": {
-                    "type": "string",
-                    "enum": [
-                        "GET",
-                        "POST",
-                        "PUT",
-                        "DELETE",
-                        "HEAD",
-                        "OPTIONS"
-                    ]
-                },
-                "name": {
-                    "type": "string"
-                },
-                "password": {
-                    "description": "Basic Auth password",
-                    "type": "string"
-                },
-                "url": {
-                    "type": "string"
-                },
-                "username": {
-                    "description": "Basic Auth username",
-                    "type": "string"
-                }
-            }
-        },
-        "monitors.GRPCConfig": {
-            "type": "object",
-            "required": [
-                "check_type",
-                "endpoint"
-            ],
-            "properties": {
-                "check_type": {
-                    "type": "string",
-                    "enum": [
-                        "health",
-                        "reflection",
-                        "connectivity"
-                    ]
-                },
-                "endpoint": {
-                    "type": "string"
-                },
-                "insecure_tls": {
-                    "type": "boolean"
-                },
-                "service_name": {
-                    "type": "string"
-                },
-                "tls": {
-                    "type": "boolean"
-                }
-            }
-        },
-        "monitors.HTTPConfig": {
-            "type": "object",
-            "required": [
-                "endpoints"
-            ],
-            "properties": {
-                "condition": {
-                    "type": "string"
-                },
-                "endpoints": {
-                    "type": "array",
-                    "minItems": 1,
-                    "items": {
-                        "$ref": "#/definitions/monitors.EndpointConfig"
-                    }
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 30000
-                }
-            }
-        },
-        "monitors.TCPConfig": {
-            "type": "object",
-            "required": [
-                "endpoint"
-            ],
-            "properties": {
-                "endpoint": {
-                    "type": "string"
-                },
-                "expect_data": {
-                    "type": "string"
-                },
-                "send_data": {
-                    "type": "string"
-                }
-            }
-        },
-        "storage.Incident": {
-            "type": "object",
-            "properties": {
-                "duration": {
-                    "type": "integer"
-                },
-                "end_time": {
-                    "type": "string"
-                },
-                "error": {
-                    "type": "string"
-                },
-                "id": {
-                    "type": "string"
-                },
-                "resolved": {
-                    "type": "boolean"
-                },
-                "service_id": {
-                    "type": "string"
-                },
-                "start_time": {
-                    "type": "string"
-                }
-            }
-        },
-        "storage.ServiceProtocolType": {
-            "type": "string",
-            "enum": [
-                "http",
-                "tcp",
-                "grpc"
-            ],
-            "x-enum-varnames": [
-                "ServiceProtocolTypeHTTP",
-                "ServiceProtocolTypeTCP",
-                "ServiceProtocolTypeGRPC"
-            ]
-        },
-        "storage.ServiceStats": {
-            "type": "object",
-            "properties": {
-                "avg_response_time": {
-                    "type": "integer"
-                },
-                "period": {
-                    "type": "integer"
-                },
-                "service_id": {
-                    "type": "string"
-                },
-                "total_downtime": {
-                    "type": "integer"
-                },
-                "total_incidents": {
-                    "type": "integer"
-                },
-                "uptime_percentage": {
-                    "type": "number"
-                }
-            }
-        },
-        "storage.ServiceStatus": {
-            "type": "string",
-            "enum": [
-                "unknown",
-                "up",
-                "down",
-                "maintenance"
-            ],
-            "x-enum-varnames": [
-                "StatusUnknown",
-                "StatusUp",
-                "StatusDown",
-                "StatusMaintenance"
-            ]
-        },
-        "web.AvailableUpdate": {
-            "type": "object",
-            "properties": {
-                "description": {
-                    "type": "string"
-                },
-                "is_available_manual": {
-                    "type": "boolean"
-                },
-                "tag_name": {
-                    "type": "string"
-                },
-                "url": {
-                    "type": "string"
-                }
-            }
-        },
-        "web.CreateUpdateServiceRequest": {
-            "type": "object",
-            "properties": {
-                "config": {
-                    "$ref": "#/definitions/monitors.Config"
-                },
-                "interval": {
-                    "type": "integer",
-                    "example": 60000
-                },
-                "is_enabled": {
-                    "type": "boolean",
-                    "example": true
-                },
-                "name": {
-                    "type": "string",
-                    "example": "Web Server"
-                },
-                "protocol": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceProtocolType"
-                        }
-                    ],
-                    "example": "http"
-                },
-                "retries": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "tags": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    },
-                    "example": [
-                        "web",
-                        "production"
-                    ]
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 10000
-                }
-            }
-        },
-        "web.DashboardStats": {
-            "description": "Dashboard statistics",
-            "type": "object",
-            "properties": {
-                "active_incidents": {
-                    "type": "integer",
-                    "example": 2
-                },
-                "avg_response_time": {
-                    "type": "integer",
-                    "example": 150
-                },
-                "checks_per_minute": {
-                    "type": "integer",
-                    "example": 60
-                },
-                "last_check_time": {
-                    "type": "string"
-                },
-                "protocols": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "integer"
-                    }
-                },
-                "services_down": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "services_unknown": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "services_up": {
-                    "type": "integer",
-                    "example": 8
-                },
-                "total_checks": {
-                    "type": "integer",
-                    "example": 1000
-                },
-                "total_services": {
-                    "type": "integer",
-                    "example": 10
-                },
-                "uptime_percentage": {
-                    "type": "number",
-                    "example": 95.5
-                }
-            }
-        },
-        "web.ErrorResponse": {
-            "description": "Error response",
-            "type": "object",
-            "properties": {
-                "error": {
-                    "type": "string",
-                    "example": "Error description"
-                }
-            }
-        },
-        "web.ServerInfoResponse": {
-            "type": "object",
-            "properties": {
-                "arch": {
-                    "type": "string",
-                    "example": "amd64"
-                },
-                "available_update": {
-                    "$ref": "#/definitions/web.AvailableUpdate"
-                },
-                "build_date": {
-                    "type": "string",
-                    "example": "2023-10-01T12:00:00Z"
-                },
-                "commit_hash": {
-                    "type": "string",
-                    "example": "abc123def456"
-                },
-                "go_version": {
-                    "type": "string",
-                    "example": "go1.24.4"
-                },
-                "os": {
-                    "type": "string",
-                    "example": "linux"
-                },
-                "sqlite_version": {
-                    "type": "string",
-                    "example": "3.50.1"
-                },
-                "version": {
-                    "type": "string",
-                    "example": "1.0.0"
-                }
-            }
-        },
-        "web.ServiceDTO": {
-            "type": "object",
-            "properties": {
-                "active_incidents": {
-                    "type": "integer",
-                    "example": 2
-                },
-                "config": {
-                    "$ref": "#/definitions/monitors.Config"
-                },
-                "consecutive_fails": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "consecutive_success": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "id": {
-                    "type": "string",
-                    "example": "service-1"
-                },
-                "interval": {
-                    "type": "integer",
-                    "example": 60000
-                },
-                "is_enabled": {
-                    "type": "boolean",
-                    "example": true
-                },
-                "last_check": {
-                    "type": "string",
-                    "example": "2023-10-01T12:00:00Z"
-                },
-                "last_error": {
-                    "type": "string",
-                    "example": "Connection timeout"
-                },
-                "name": {
-                    "type": "string",
-                    "example": "Web Server"
-                },
-                "next_check": {
-                    "type": "string",
-                    "example": "2023-10-01T12:05:00Z"
-                },
-                "protocol": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceProtocolType"
-                        }
-                    ],
-                    "example": "http"
-                },
-                "response_time": {
-                    "type": "integer",
-                    "example": 150000000
-                },
-                "retries": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "status": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceStatus"
-                        }
-                    ],
-                    "example": "up / down / unknown"
-                },
-                "tags": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    },
-                    "example": [
-                        "web",
-                        "production"
-                    ]
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 10000
-                },
-                "total_checks": {
-                    "type": "integer",
-                    "example": 100
-                },
-                "total_incidents": {
-                    "type": "integer",
-                    "example": 10
-                }
-            }
-        },
-        "web.SuccessResponse": {
-            "description": "Successful response",
-            "type": "object",
-            "properties": {
-                "message": {
-                    "type": "string",
-                    "example": "Operation completed successfully"
-                }
-            }
-        },
-        "web.getIncidentsStatsItem": {
-            "type": "object",
-            "properties": {
-                "avg_duration": {
-                    "type": "integer"
-                },
-                "avg_duration_human": {
-                    "type": "string"
-                },
-                "count": {
-                    "type": "integer"
-                },
-                "date": {
-                    "type": "string"
-                },
-                "total_duration": {
-                    "type": "integer"
-                },
-                "total_duration_human": {
-                    "type": "string"
-                }
-            }
-        },
-        "web.healthCheckResponse": {
-            "type": "object",
-            "properties": {
-                "status": {
-                    "type": "string",
-                    "example": "healthy"
-                }
-            }
-        }
-    },
-    "securityDefinitions": {
-        "BasicAuth": {
-            "type": "basic"
-        }
-    }
-}`
-
-// SwaggerInfo holds exported Swagger Info so clients can modify it
-var SwaggerInfo = &swag.Spec{
-	Version:          "1.0",
-	Host:             "",
-	BasePath:         "/api/v1",
-	Schemes:          []string{},
-	Title:            "Sentinel Monitoring API",
-	Description:      "API for service monitoring and incident management",
-	InfoInstanceName: "swagger",
-	SwaggerTemplate:  docTemplate,
-	LeftDelim:        "{{",
-	RightDelim:       "}}",
-}
-
-func init() {
-	swag.Register(SwaggerInfo.InstanceName(), SwaggerInfo)
-}
diff --git a/docs/docsv1/swagger.json b/docs/docsv1/swagger.json
deleted file mode 100644
index 382fb79..0000000
--- a/docs/docsv1/swagger.json
+++ /dev/null
@@ -1,1387 +0,0 @@
-{
-    "swagger": "2.0",
-    "info": {
-        "description": "API for service monitoring and incident management",
-        "title": "Sentinel Monitoring API",
-        "termsOfService": "http://swagger.io/terms/",
-        "contact": {
-            "name": "API Support",
-            "url": "http://www.swagger.io/support",
-            "email": "support@swagger.io"
-        },
-        "license": {
-            "name": "Apache 2.0",
-            "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
-        },
-        "version": "1.0"
-    },
-    "basePath": "/api/v1",
-    "paths": {
-        "/dashboard/stats": {
-            "get": {
-                "description": "Returns statistics for the dashboard",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "dashboard"
-                ],
-                "summary": "Get dashboard statistics",
-                "responses": {
-                    "200": {
-                        "description": "Dashboard statistics",
-                        "schema": {
-                            "$ref": "#/definitions/web.DashboardStats"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/incidents": {
-            "get": {
-                "description": "Returns a list of recent incidents across all services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get recent incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Filter by service ID or incident ID",
-                        "name": "search",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by resolved status",
-                        "name": "resolved",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (default 1)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 100)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of incidents",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-storage_Incident"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/incidents/stats": {
-            "get": {
-                "description": "Returns the stats of incidents by date range",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get incidents stats by date range",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Start time (RFC3339 format)",
-                        "name": "start_time",
-                        "in": "query",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "End time (RFC3339 format)",
-                        "name": "end_time",
-                        "in": "query",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Incidents stats by date range",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/web.getIncidentsStatsItem"
-                            }
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/health": {
-            "get": {
-                "description": "Checks the health of the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Health check",
-                "responses": {
-                    "200": {
-                        "description": "Health check successful",
-                        "schema": {
-                            "$ref": "#/definitions/web.healthCheckResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/info": {
-            "get": {
-                "description": "Returns basic information about the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Get server info",
-                "responses": {
-                    "200": {
-                        "description": "Server information",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServerInfoResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/server/upgrade": {
-            "get": {
-                "description": "Triggers a manual upgrade of the server",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "server"
-                ],
-                "summary": "Manual upgrade",
-                "responses": {
-                    "200": {
-                        "description": "Upgrade initiated successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services": {
-            "get": {
-                "description": "Returns a list of all services with their current states",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Get all services",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Filter by service name",
-                        "name": "name",
-                        "in": "query"
-                    },
-                    {
-                        "type": "array",
-                        "items": {
-                            "type": "string"
-                        },
-                        "collectionFormat": "csv",
-                        "description": "Filter by service tags",
-                        "name": "tags",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by service status",
-                        "name": "status",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by enabled status",
-                        "name": "is_enabled",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by protocol",
-                        "name": "protocol",
-                        "in": "query"
-                    },
-                    {
-                        "type": "string",
-                        "description": "Order by field",
-                        "name": "order_by",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (for pagination)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 20)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of services with states",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-web_ServiceDTO"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "post": {
-                "description": "Creates a new service for monitoring",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Create new service",
-                "parameters": [
-                    {
-                        "description": "Service configuration",
-                        "name": "service",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/web.CreateUpdateServiceRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "201": {
-                        "description": "Service created",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}": {
-            "get": {
-                "description": "Returns detailed information about a specific service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Get service details",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service details with state",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "put": {
-                "description": "Updates an existing service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Update service",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "description": "New service configuration",
-                        "name": "service",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/web.CreateUpdateServiceRequest"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service updated",
-                        "schema": {
-                            "$ref": "#/definitions/web.ServiceDTO"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            },
-            "delete": {
-                "description": "Deletes a service from the monitoring system",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Delete service",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "Service deleted"
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/check": {
-            "post": {
-                "description": "Triggers a manual check of service status",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "services"
-                ],
-                "summary": "Trigger service check",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Check triggered successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Service not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/incidents": {
-            "get": {
-                "description": "Returns a list of incidents for a specific service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Get service incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "Filter by incident ID",
-                        "name": "incident_id",
-                        "in": "query"
-                    },
-                    {
-                        "type": "boolean",
-                        "description": "Filter by resolved status",
-                        "name": "resolved",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Page number (for pagination)",
-                        "name": "page",
-                        "in": "query"
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of items per page (default 20)",
-                        "name": "page_size",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "List of incidents",
-                        "schema": {
-                            "$ref": "#/definitions/dbutils.FindResponseWithCount-storage_Incident"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/incidents/{incidentId}": {
-            "delete": {
-                "description": "Deletes a specific incident for a service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Delete incident",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "string",
-                        "description": "Incident ID",
-                        "name": "incidentId",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "204": {
-                        "description": "Incident deleted"
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "404": {
-                        "description": "Incident not found",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/resolve": {
-            "post": {
-                "description": "Forcefully resolves all active incidents for a service",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "incidents"
-                ],
-                "summary": "Resolve service incidents",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Incidents resolved successfully",
-                        "schema": {
-                            "$ref": "#/definitions/web.SuccessResponse"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/services/{id}/stats": {
-            "get": {
-                "description": "Returns service statistics for the specified period",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "statistics"
-                ],
-                "summary": "Get service statistics",
-                "parameters": [
-                    {
-                        "type": "string",
-                        "description": "Service ID",
-                        "name": "id",
-                        "in": "path",
-                        "required": true
-                    },
-                    {
-                        "type": "integer",
-                        "description": "Number of days (default 30)",
-                        "name": "days",
-                        "in": "query"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Service statistics",
-                        "schema": {
-                            "$ref": "#/definitions/storage.ServiceStats"
-                        }
-                    },
-                    "400": {
-                        "description": "Bad request",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/tags": {
-            "get": {
-                "description": "Retrieves all unique tags used across services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "tags"
-                ],
-                "summary": "Get all tags",
-                "responses": {
-                    "200": {
-                        "description": "List of unique tags",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "type": "string"
-                            }
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        },
-        "/tags/count": {
-            "get": {
-                "description": "Retrieves all unique tags along with their usage count across services",
-                "consumes": [
-                    "application/json"
-                ],
-                "produces": [
-                    "application/json"
-                ],
-                "tags": [
-                    "tags"
-                ],
-                "summary": "Get all tags with usage count",
-                "responses": {
-                    "200": {
-                        "description": "Map of tags with their usage count",
-                        "schema": {
-                            "type": "object",
-                            "additionalProperties": {
-                                "type": "integer"
-                            }
-                        }
-                    },
-                    "500": {
-                        "description": "Internal server error",
-                        "schema": {
-                            "$ref": "#/definitions/web.ErrorResponse"
-                        }
-                    }
-                }
-            }
-        }
-    },
-    "definitions": {
-        "dbutils.FindResponseWithCount-storage_Incident": {
-            "type": "object",
-            "properties": {
-                "count": {
-                    "type": "integer"
-                },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/storage.Incident"
-                    }
-                }
-            }
-        },
-        "dbutils.FindResponseWithCount-web_ServiceDTO": {
-            "type": "object",
-            "properties": {
-                "count": {
-                    "type": "integer"
-                },
-                "items": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/web.ServiceDTO"
-                    }
-                }
-            }
-        },
-        "monitors.Config": {
-            "type": "object",
-            "properties": {
-                "grpc": {
-                    "$ref": "#/definitions/monitors.GRPCConfig"
-                },
-                "http": {
-                    "$ref": "#/definitions/monitors.HTTPConfig"
-                },
-                "tcp": {
-                    "$ref": "#/definitions/monitors.TCPConfig"
-                }
-            }
-        },
-        "monitors.EndpointConfig": {
-            "type": "object",
-            "required": [
-                "expected_status",
-                "method",
-                "name",
-                "url"
-            ],
-            "properties": {
-                "body": {
-                    "type": "string"
-                },
-                "expected_status": {
-                    "type": "integer",
-                    "maximum": 599,
-                    "minimum": 100
-                },
-                "headers": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "string"
-                    }
-                },
-                "json_path": {
-                    "description": "Path to extract value from JSON response",
-                    "type": "string"
-                },
-                "method": {
-                    "type": "string",
-                    "enum": [
-                        "GET",
-                        "POST",
-                        "PUT",
-                        "DELETE",
-                        "HEAD",
-                        "OPTIONS"
-                    ]
-                },
-                "name": {
-                    "type": "string"
-                },
-                "password": {
-                    "description": "Basic Auth password",
-                    "type": "string"
-                },
-                "url": {
-                    "type": "string"
-                },
-                "username": {
-                    "description": "Basic Auth username",
-                    "type": "string"
-                }
-            }
-        },
-        "monitors.GRPCConfig": {
-            "type": "object",
-            "required": [
-                "check_type",
-                "endpoint"
-            ],
-            "properties": {
-                "check_type": {
-                    "type": "string",
-                    "enum": [
-                        "health",
-                        "reflection",
-                        "connectivity"
-                    ]
-                },
-                "endpoint": {
-                    "type": "string"
-                },
-                "insecure_tls": {
-                    "type": "boolean"
-                },
-                "service_name": {
-                    "type": "string"
-                },
-                "tls": {
-                    "type": "boolean"
-                }
-            }
-        },
-        "monitors.HTTPConfig": {
-            "type": "object",
-            "required": [
-                "endpoints"
-            ],
-            "properties": {
-                "condition": {
-                    "type": "string"
-                },
-                "endpoints": {
-                    "type": "array",
-                    "minItems": 1,
-                    "items": {
-                        "$ref": "#/definitions/monitors.EndpointConfig"
-                    }
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 30000
-                }
-            }
-        },
-        "monitors.TCPConfig": {
-            "type": "object",
-            "required": [
-                "endpoint"
-            ],
-            "properties": {
-                "endpoint": {
-                    "type": "string"
-                },
-                "expect_data": {
-                    "type": "string"
-                },
-                "send_data": {
-                    "type": "string"
-                }
-            }
-        },
-        "storage.Incident": {
-            "type": "object",
-            "properties": {
-                "duration": {
-                    "type": "integer"
-                },
-                "end_time": {
-                    "type": "string"
-                },
-                "error": {
-                    "type": "string"
-                },
-                "id": {
-                    "type": "string"
-                },
-                "resolved": {
-                    "type": "boolean"
-                },
-                "service_id": {
-                    "type": "string"
-                },
-                "start_time": {
-                    "type": "string"
-                }
-            }
-        },
-        "storage.ServiceProtocolType": {
-            "type": "string",
-            "enum": [
-                "http",
-                "tcp",
-                "grpc"
-            ],
-            "x-enum-varnames": [
-                "ServiceProtocolTypeHTTP",
-                "ServiceProtocolTypeTCP",
-                "ServiceProtocolTypeGRPC"
-            ]
-        },
-        "storage.ServiceStats": {
-            "type": "object",
-            "properties": {
-                "avg_response_time": {
-                    "type": "integer"
-                },
-                "period": {
-                    "type": "integer"
-                },
-                "service_id": {
-                    "type": "string"
-                },
-                "total_downtime": {
-                    "type": "integer"
-                },
-                "total_incidents": {
-                    "type": "integer"
-                },
-                "uptime_percentage": {
-                    "type": "number"
-                }
-            }
-        },
-        "storage.ServiceStatus": {
-            "type": "string",
-            "enum": [
-                "unknown",
-                "up",
-                "down",
-                "maintenance"
-            ],
-            "x-enum-varnames": [
-                "StatusUnknown",
-                "StatusUp",
-                "StatusDown",
-                "StatusMaintenance"
-            ]
-        },
-        "web.AvailableUpdate": {
-            "type": "object",
-            "properties": {
-                "description": {
-                    "type": "string"
-                },
-                "is_available_manual": {
-                    "type": "boolean"
-                },
-                "tag_name": {
-                    "type": "string"
-                },
-                "url": {
-                    "type": "string"
-                }
-            }
-        },
-        "web.CreateUpdateServiceRequest": {
-            "type": "object",
-            "properties": {
-                "config": {
-                    "$ref": "#/definitions/monitors.Config"
-                },
-                "interval": {
-                    "type": "integer",
-                    "example": 60000
-                },
-                "is_enabled": {
-                    "type": "boolean",
-                    "example": true
-                },
-                "name": {
-                    "type": "string",
-                    "example": "Web Server"
-                },
-                "protocol": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceProtocolType"
-                        }
-                    ],
-                    "example": "http"
-                },
-                "retries": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "tags": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    },
-                    "example": [
-                        "web",
-                        "production"
-                    ]
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 10000
-                }
-            }
-        },
-        "web.DashboardStats": {
-            "description": "Dashboard statistics",
-            "type": "object",
-            "properties": {
-                "active_incidents": {
-                    "type": "integer",
-                    "example": 2
-                },
-                "avg_response_time": {
-                    "type": "integer",
-                    "example": 150
-                },
-                "checks_per_minute": {
-                    "type": "integer",
-                    "example": 60
-                },
-                "last_check_time": {
-                    "type": "string"
-                },
-                "protocols": {
-                    "type": "object",
-                    "additionalProperties": {
-                        "type": "integer"
-                    }
-                },
-                "services_down": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "services_unknown": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "services_up": {
-                    "type": "integer",
-                    "example": 8
-                },
-                "total_checks": {
-                    "type": "integer",
-                    "example": 1000
-                },
-                "total_services": {
-                    "type": "integer",
-                    "example": 10
-                },
-                "uptime_percentage": {
-                    "type": "number",
-                    "example": 95.5
-                }
-            }
-        },
-        "web.ErrorResponse": {
-            "description": "Error response",
-            "type": "object",
-            "properties": {
-                "error": {
-                    "type": "string",
-                    "example": "Error description"
-                }
-            }
-        },
-        "web.ServerInfoResponse": {
-            "type": "object",
-            "properties": {
-                "arch": {
-                    "type": "string",
-                    "example": "amd64"
-                },
-                "available_update": {
-                    "$ref": "#/definitions/web.AvailableUpdate"
-                },
-                "build_date": {
-                    "type": "string",
-                    "example": "2023-10-01T12:00:00Z"
-                },
-                "commit_hash": {
-                    "type": "string",
-                    "example": "abc123def456"
-                },
-                "go_version": {
-                    "type": "string",
-                    "example": "go1.24.4"
-                },
-                "os": {
-                    "type": "string",
-                    "example": "linux"
-                },
-                "sqlite_version": {
-                    "type": "string",
-                    "example": "3.50.1"
-                },
-                "version": {
-                    "type": "string",
-                    "example": "1.0.0"
-                }
-            }
-        },
-        "web.ServiceDTO": {
-            "type": "object",
-            "properties": {
-                "active_incidents": {
-                    "type": "integer",
-                    "example": 2
-                },
-                "config": {
-                    "$ref": "#/definitions/monitors.Config"
-                },
-                "consecutive_fails": {
-                    "type": "integer",
-                    "example": 1
-                },
-                "consecutive_success": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "id": {
-                    "type": "string",
-                    "example": "service-1"
-                },
-                "interval": {
-                    "type": "integer",
-                    "example": 60000
-                },
-                "is_enabled": {
-                    "type": "boolean",
-                    "example": true
-                },
-                "last_check": {
-                    "type": "string",
-                    "example": "2023-10-01T12:00:00Z"
-                },
-                "last_error": {
-                    "type": "string",
-                    "example": "Connection timeout"
-                },
-                "name": {
-                    "type": "string",
-                    "example": "Web Server"
-                },
-                "next_check": {
-                    "type": "string",
-                    "example": "2023-10-01T12:05:00Z"
-                },
-                "protocol": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceProtocolType"
-                        }
-                    ],
-                    "example": "http"
-                },
-                "response_time": {
-                    "type": "integer",
-                    "example": 150000000
-                },
-                "retries": {
-                    "type": "integer",
-                    "example": 5
-                },
-                "status": {
-                    "allOf": [
-                        {
-                            "$ref": "#/definitions/storage.ServiceStatus"
-                        }
-                    ],
-                    "example": "up / down / unknown"
-                },
-                "tags": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    },
-                    "example": [
-                        "web",
-                        "production"
-                    ]
-                },
-                "timeout": {
-                    "type": "integer",
-                    "example": 10000
-                },
-                "total_checks": {
-                    "type": "integer",
-                    "example": 100
-                },
-                "total_incidents": {
-                    "type": "integer",
-                    "example": 10
-                }
-            }
-        },
-        "web.SuccessResponse": {
-            "description": "Successful response",
-            "type": "object",
-            "properties": {
-                "message": {
-                    "type": "string",
-                    "example": "Operation completed successfully"
-                }
-            }
-        },
-        "web.getIncidentsStatsItem": {
-            "type": "object",
-            "properties": {
-                "avg_duration": {
-                    "type": "integer"
-                },
-                "avg_duration_human": {
-                    "type": "string"
-                },
-                "count": {
-                    "type": "integer"
-                },
-                "date": {
-                    "type": "string"
-                },
-                "total_duration": {
-                    "type": "integer"
-                },
-                "total_duration_human": {
-                    "type": "string"
-                }
-            }
-        },
-        "web.healthCheckResponse": {
-            "type": "object",
-            "properties": {
-                "status": {
-                    "type": "string",
-                    "example": "healthy"
-                }
-            }
-        }
-    },
-    "securityDefinitions": {
-        "BasicAuth": {
-            "type": "basic"
-        }
-    }
-}
\ No newline at end of file
diff --git a/docs/docsv1/swagger.yaml b/docs/docsv1/swagger.yaml
deleted file mode 100644
index 2ad658e..0000000
--- a/docs/docsv1/swagger.yaml
+++ /dev/null
@@ -1,934 +0,0 @@
-basePath: /api/v1
-definitions:
-  dbutils.FindResponseWithCount-storage_Incident:
-    properties:
-      count:
-        type: integer
-      items:
-        items:
-          $ref: '#/definitions/storage.Incident'
-        type: array
-    type: object
-  dbutils.FindResponseWithCount-web_ServiceDTO:
-    properties:
-      count:
-        type: integer
-      items:
-        items:
-          $ref: '#/definitions/web.ServiceDTO'
-        type: array
-    type: object
-  monitors.Config:
-    properties:
-      grpc:
-        $ref: '#/definitions/monitors.GRPCConfig'
-      http:
-        $ref: '#/definitions/monitors.HTTPConfig'
-      tcp:
-        $ref: '#/definitions/monitors.TCPConfig'
-    type: object
-  monitors.EndpointConfig:
-    properties:
-      body:
-        type: string
-      expected_status:
-        maximum: 599
-        minimum: 100
-        type: integer
-      headers:
-        additionalProperties:
-          type: string
-        type: object
-      json_path:
-        description: Path to extract value from JSON response
-        type: string
-      method:
-        enum:
-        - GET
-        - POST
-        - PUT
-        - DELETE
-        - HEAD
-        - OPTIONS
-        type: string
-      name:
-        type: string
-      password:
-        description: Basic Auth password
-        type: string
-      url:
-        type: string
-      username:
-        description: Basic Auth username
-        type: string
-    required:
-    - expected_status
-    - method
-    - name
-    - url
-    type: object
-  monitors.GRPCConfig:
-    properties:
-      check_type:
-        enum:
-        - health
-        - reflection
-        - connectivity
-        type: string
-      endpoint:
-        type: string
-      insecure_tls:
-        type: boolean
-      service_name:
-        type: string
-      tls:
-        type: boolean
-    required:
-    - check_type
-    - endpoint
-    type: object
-  monitors.HTTPConfig:
-    properties:
-      condition:
-        type: string
-      endpoints:
-        items:
-          $ref: '#/definitions/monitors.EndpointConfig'
-        minItems: 1
-        type: array
-      timeout:
-        example: 30000
-        type: integer
-    required:
-    - endpoints
-    type: object
-  monitors.TCPConfig:
-    properties:
-      endpoint:
-        type: string
-      expect_data:
-        type: string
-      send_data:
-        type: string
-    required:
-    - endpoint
-    type: object
-  storage.Incident:
-    properties:
-      duration:
-        type: integer
-      end_time:
-        type: string
-      error:
-        type: string
-      id:
-        type: string
-      resolved:
-        type: boolean
-      service_id:
-        type: string
-      start_time:
-        type: string
-    type: object
-  storage.ServiceProtocolType:
-    enum:
-    - http
-    - tcp
-    - grpc
-    type: string
-    x-enum-varnames:
-    - ServiceProtocolTypeHTTP
-    - ServiceProtocolTypeTCP
-    - ServiceProtocolTypeGRPC
-  storage.ServiceStats:
-    properties:
-      avg_response_time:
-        type: integer
-      period:
-        type: integer
-      service_id:
-        type: string
-      total_downtime:
-        type: integer
-      total_incidents:
-        type: integer
-      uptime_percentage:
-        type: number
-    type: object
-  storage.ServiceStatus:
-    enum:
-    - unknown
-    - up
-    - down
-    - maintenance
-    type: string
-    x-enum-varnames:
-    - StatusUnknown
-    - StatusUp
-    - StatusDown
-    - StatusMaintenance
-  web.AvailableUpdate:
-    properties:
-      description:
-        type: string
-      is_available_manual:
-        type: boolean
-      tag_name:
-        type: string
-      url:
-        type: string
-    type: object
-  web.CreateUpdateServiceRequest:
-    properties:
-      config:
-        $ref: '#/definitions/monitors.Config'
-      interval:
-        example: 60000
-        type: integer
-      is_enabled:
-        example: true
-        type: boolean
-      name:
-        example: Web Server
-        type: string
-      protocol:
-        allOf:
-        - $ref: '#/definitions/storage.ServiceProtocolType'
-        example: http
-      retries:
-        example: 5
-        type: integer
-      tags:
-        example:
-        - web
-        - production
-        items:
-          type: string
-        type: array
-      timeout:
-        example: 10000
-        type: integer
-    type: object
-  web.DashboardStats:
-    description: Dashboard statistics
-    properties:
-      active_incidents:
-        example: 2
-        type: integer
-      avg_response_time:
-        example: 150
-        type: integer
-      checks_per_minute:
-        example: 60
-        type: integer
-      last_check_time:
-        type: string
-      protocols:
-        additionalProperties:
-          type: integer
-        type: object
-      services_down:
-        example: 1
-        type: integer
-      services_unknown:
-        example: 1
-        type: integer
-      services_up:
-        example: 8
-        type: integer
-      total_checks:
-        example: 1000
-        type: integer
-      total_services:
-        example: 10
-        type: integer
-      uptime_percentage:
-        example: 95.5
-        type: number
-    type: object
-  web.ErrorResponse:
-    description: Error response
-    properties:
-      error:
-        example: Error description
-        type: string
-    type: object
-  web.ServerInfoResponse:
-    properties:
-      arch:
-        example: amd64
-        type: string
-      available_update:
-        $ref: '#/definitions/web.AvailableUpdate'
-      build_date:
-        example: "2023-10-01T12:00:00Z"
-        type: string
-      commit_hash:
-        example: abc123def456
-        type: string
-      go_version:
-        example: go1.24.4
-        type: string
-      os:
-        example: linux
-        type: string
-      sqlite_version:
-        example: 3.50.1
-        type: string
-      version:
-        example: 1.0.0
-        type: string
-    type: object
-  web.ServiceDTO:
-    properties:
-      active_incidents:
-        example: 2
-        type: integer
-      config:
-        $ref: '#/definitions/monitors.Config'
-      consecutive_fails:
-        example: 1
-        type: integer
-      consecutive_success:
-        example: 5
-        type: integer
-      id:
-        example: service-1
-        type: string
-      interval:
-        example: 60000
-        type: integer
-      is_enabled:
-        example: true
-        type: boolean
-      last_check:
-        example: "2023-10-01T12:00:00Z"
-        type: string
-      last_error:
-        example: Connection timeout
-        type: string
-      name:
-        example: Web Server
-        type: string
-      next_check:
-        example: "2023-10-01T12:05:00Z"
-        type: string
-      protocol:
-        allOf:
-        - $ref: '#/definitions/storage.ServiceProtocolType'
-        example: http
-      response_time:
-        example: 150000000
-        type: integer
-      retries:
-        example: 5
-        type: integer
-      status:
-        allOf:
-        - $ref: '#/definitions/storage.ServiceStatus'
-        example: up / down / unknown
-      tags:
-        example:
-        - web
-        - production
-        items:
-          type: string
-        type: array
-      timeout:
-        example: 10000
-        type: integer
-      total_checks:
-        example: 100
-        type: integer
-      total_incidents:
-        example: 10
-        type: integer
-    type: object
-  web.SuccessResponse:
-    description: Successful response
-    properties:
-      message:
-        example: Operation completed successfully
-        type: string
-    type: object
-  web.getIncidentsStatsItem:
-    properties:
-      avg_duration:
-        type: integer
-      avg_duration_human:
-        type: string
-      count:
-        type: integer
-      date:
-        type: string
-      total_duration:
-        type: integer
-      total_duration_human:
-        type: string
-    type: object
-  web.healthCheckResponse:
-    properties:
-      status:
-        example: healthy
-        type: string
-    type: object
-info:
-  contact:
-    email: support@swagger.io
-    name: API Support
-    url: http://www.swagger.io/support
-  description: API for service monitoring and incident management
-  license:
-    name: Apache 2.0
-    url: http://www.apache.org/licenses/LICENSE-2.0.html
-  termsOfService: http://swagger.io/terms/
-  title: Sentinel Monitoring API
-  version: "1.0"
-paths:
-  /dashboard/stats:
-    get:
-      consumes:
-      - application/json
-      description: Returns statistics for the dashboard
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Dashboard statistics
-          schema:
-            $ref: '#/definitions/web.DashboardStats'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get dashboard statistics
-      tags:
-      - dashboard
-  /incidents:
-    get:
-      consumes:
-      - application/json
-      description: Returns a list of recent incidents across all services
-      parameters:
-      - description: Filter by service ID or incident ID
-        in: query
-        name: search
-        type: string
-      - description: Filter by resolved status
-        in: query
-        name: resolved
-        type: boolean
-      - description: Page number (default 1)
-        in: query
-        name: page
-        type: integer
-      - description: Number of items per page (default 100)
-        in: query
-        name: page_size
-        type: integer
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: List of incidents
-          schema:
-            $ref: '#/definitions/dbutils.FindResponseWithCount-storage_Incident'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get recent incidents
-      tags:
-      - incidents
-  /incidents/stats:
-    get:
-      consumes:
-      - application/json
-      description: Returns the stats of incidents by date range
-      parameters:
-      - description: Start time (RFC3339 format)
-        in: query
-        name: start_time
-        required: true
-        type: string
-      - description: End time (RFC3339 format)
-        in: query
-        name: end_time
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Incidents stats by date range
-          schema:
-            items:
-              $ref: '#/definitions/web.getIncidentsStatsItem'
-            type: array
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get incidents stats by date range
-      tags:
-      - incidents
-  /server/health:
-    get:
-      consumes:
-      - application/json
-      description: Checks the health of the server
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Health check successful
-          schema:
-            $ref: '#/definitions/web.healthCheckResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Health check
-      tags:
-      - server
-  /server/info:
-    get:
-      consumes:
-      - application/json
-      description: Returns basic information about the server
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Server information
-          schema:
-            $ref: '#/definitions/web.ServerInfoResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get server info
-      tags:
-      - server
-  /server/upgrade:
-    get:
-      consumes:
-      - application/json
-      description: Triggers a manual upgrade of the server
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Upgrade initiated successfully
-          schema:
-            $ref: '#/definitions/web.SuccessResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Manual upgrade
-      tags:
-      - server
-  /services:
-    get:
-      consumes:
-      - application/json
-      description: Returns a list of all services with their current states
-      parameters:
-      - description: Filter by service name
-        in: query
-        name: name
-        type: string
-      - collectionFormat: csv
-        description: Filter by service tags
-        in: query
-        items:
-          type: string
-        name: tags
-        type: array
-      - description: Filter by service status
-        in: query
-        name: status
-        type: string
-      - description: Filter by enabled status
-        in: query
-        name: is_enabled
-        type: boolean
-      - description: Filter by protocol
-        in: query
-        name: protocol
-        type: string
-      - description: Order by field
-        in: query
-        name: order_by
-        type: string
-      - description: Page number (for pagination)
-        in: query
-        name: page
-        type: integer
-      - description: Number of items per page (default 20)
-        in: query
-        name: page_size
-        type: integer
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: List of services with states
-          schema:
-            $ref: '#/definitions/dbutils.FindResponseWithCount-web_ServiceDTO'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get all services
-      tags:
-      - services
-    post:
-      consumes:
-      - application/json
-      description: Creates a new service for monitoring
-      parameters:
-      - description: Service configuration
-        in: body
-        name: service
-        required: true
-        schema:
-          $ref: '#/definitions/web.CreateUpdateServiceRequest'
-      produces:
-      - application/json
-      responses:
-        "201":
-          description: Service created
-          schema:
-            $ref: '#/definitions/web.ServiceDTO'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Create new service
-      tags:
-      - services
-  /services/{id}:
-    delete:
-      consumes:
-      - application/json
-      description: Deletes a service from the monitoring system
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "204":
-          description: Service deleted
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Delete service
-      tags:
-      - services
-    get:
-      consumes:
-      - application/json
-      description: Returns detailed information about a specific service
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Service details with state
-          schema:
-            $ref: '#/definitions/web.ServiceDTO'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "404":
-          description: Service not found
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get service details
-      tags:
-      - services
-    put:
-      consumes:
-      - application/json
-      description: Updates an existing service
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: New service configuration
-        in: body
-        name: service
-        required: true
-        schema:
-          $ref: '#/definitions/web.CreateUpdateServiceRequest'
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Service updated
-          schema:
-            $ref: '#/definitions/web.ServiceDTO'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "404":
-          description: Service not found
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Update service
-      tags:
-      - services
-  /services/{id}/check:
-    post:
-      consumes:
-      - application/json
-      description: Triggers a manual check of service status
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Check triggered successfully
-          schema:
-            $ref: '#/definitions/web.SuccessResponse'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "404":
-          description: Service not found
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Trigger service check
-      tags:
-      - services
-  /services/{id}/incidents:
-    get:
-      consumes:
-      - application/json
-      description: Returns a list of incidents for a specific service
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: Filter by incident ID
-        in: query
-        name: incident_id
-        type: string
-      - description: Filter by resolved status
-        in: query
-        name: resolved
-        type: boolean
-      - description: Page number (for pagination)
-        in: query
-        name: page
-        type: integer
-      - description: Number of items per page (default 20)
-        in: query
-        name: page_size
-        type: integer
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: List of incidents
-          schema:
-            $ref: '#/definitions/dbutils.FindResponseWithCount-storage_Incident'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get service incidents
-      tags:
-      - incidents
-  /services/{id}/incidents/{incidentId}:
-    delete:
-      consumes:
-      - application/json
-      description: Deletes a specific incident for a service
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: Incident ID
-        in: path
-        name: incidentId
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "204":
-          description: Incident deleted
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "404":
-          description: Incident not found
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Delete incident
-      tags:
-      - incidents
-  /services/{id}/resolve:
-    post:
-      consumes:
-      - application/json
-      description: Forcefully resolves all active incidents for a service
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Incidents resolved successfully
-          schema:
-            $ref: '#/definitions/web.SuccessResponse'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Resolve service incidents
-      tags:
-      - incidents
-  /services/{id}/stats:
-    get:
-      consumes:
-      - application/json
-      description: Returns service statistics for the specified period
-      parameters:
-      - description: Service ID
-        in: path
-        name: id
-        required: true
-        type: string
-      - description: Number of days (default 30)
-        in: query
-        name: days
-        type: integer
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Service statistics
-          schema:
-            $ref: '#/definitions/storage.ServiceStats'
-        "400":
-          description: Bad request
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get service statistics
-      tags:
-      - statistics
-  /tags:
-    get:
-      consumes:
-      - application/json
-      description: Retrieves all unique tags used across services
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: List of unique tags
-          schema:
-            items:
-              type: string
-            type: array
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get all tags
-      tags:
-      - tags
-  /tags/count:
-    get:
-      consumes:
-      - application/json
-      description: Retrieves all unique tags along with their usage count across services
-      produces:
-      - application/json
-      responses:
-        "200":
-          description: Map of tags with their usage count
-          schema:
-            additionalProperties:
-              type: integer
-            type: object
-        "500":
-          description: Internal server error
-          schema:
-            $ref: '#/definitions/web.ErrorResponse'
-      summary: Get all tags with usage count
-      tags:
-      - tags
-securityDefinitions:
-  BasicAuth:
-    type: basic
-swagger: "2.0"
diff --git a/frontend/index.html b/frontend/index.html
index d17235f..6b3127d 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -2,14 +2,14 @@
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <link rel="icon" type="image/svg+xml" href="/logo.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <link rel="preconnect" href="https://rsms.me/" />
     <link rel="stylesheet" href="https://rsms.me/inter/inter.css" />
     <title>Sentinel</title>
   </head>
-  <body>
-    <div id="root"></div>
+  <body class="text-foreground overscroll-none antialiased">
+    <div id="root" class="root bg-background"></div>
     <script type="module" src="/src/main.tsx"></script>
   </body>
 </html>
diff --git a/frontend/orval.config.ts b/frontend/orval.config.ts
deleted file mode 100644
index 2db046e..0000000
--- a/frontend/orval.config.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-import { defineConfig } from "orval";
-
-export default defineConfig({
-  api: {
-    input: "../docs/docsv1/swagger.json", // путь к Swagger JSON
-    output: {
-      mode: "tags-split", // или 'split' / 'single'
-      target: "./src/shared/api/generated.ts", // куда будет сгенерировано
-      schemas: "./src/shared/types/model", // типы
-      client: "axios",
-      override: {
-        mutator: {
-          path: "./src/shared/api/baseApi.ts",
-          name: "customFetcher",
-        },
-      },
-    },
-    hooks: {
-      afterAllFilesWrite: "pnpm format",
-    },
-  },
-});
diff --git a/frontend/package.json b/frontend/package.json
index 92cffb4..edfea1d 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -4,26 +4,31 @@
   "version": "0.0.0",
   "type": "module",
   "scripts": {
-    "dev": "vite --host",
+    "dev": "vite",
     "build": "tsc -b && vite build",
     "lint": "eslint .",
     "preview": "vite preview",
     "format": "prettier --config .prettierrc --write .",
-    "format-check": "prettier --config .prettierrc --check .",
-    "gen-api": "rm src/shared/types/model/* && npx orval"
+    "format-check": "prettier --config .prettierrc --check ."
   },
   "dependencies": {
+    "@bufbuild/protobuf": "^2.9.0",
+    "@connectrpc/connect": "^2.1.0",
+    "@connectrpc/connect-query": "^2.2.0",
+    "@connectrpc/connect-web": "^2.1.0",
+    "@tanstack/react-form": "^1.23.7",
+    "@tanstack/react-query": "^5.90.2",
     "@tanstack/react-router": "^1.131.36",
     "@tanstack/react-router-devtools": "^1.131.36",
     "@tanstack/react-table": "^8.21.3",
-    "axios": "^1.11.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
     "emblor": "^1.4.8",
     "formik": "^2.4.6",
     "lucide-react": "^0.543.0",
-    "radix-ui": "^1.4.3",
+    "prism-react-renderer": "^2.4.1",
+    "radix-ui": "latest",
     "react": "^19.1.1",
     "react-dom": "^19.1.1",
     "react-markdown": "^10.1.0",
@@ -33,13 +38,14 @@
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.3.1",
     "tailwindcss": "^4.1.13",
+    "tw-animate-css": "^1.3.8",
     "yup": "^1.7.0",
-    "zustand": "^5.0.8",
-    "tw-animate-css": "^1.3.8"
+    "zod": "^4.1.11",
+    "zustand": "^5.0.8"
   },
   "devDependencies": {
-    "@tailwindcss/vite": "^4.1.13",
     "@eslint/js": "^9.35.0",
+    "@tailwindcss/vite": "^4.1.13",
     "@tanstack/router-plugin": "^1.131.36",
     "@types/node": "^24.3.1",
     "@types/react": "^19.1.12",
@@ -49,7 +55,6 @@
     "eslint-plugin-react-hooks": "^5.2.0",
     "eslint-plugin-react-refresh": "^0.4.20",
     "globals": "^16.3.0",
-    "orval": "^7.11.2",
     "prettier": "3.6.2",
     "prettier-plugin-tailwindcss": "^0.6.14",
     "typescript": "~5.9.2",
diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml
index bc68f50..24cbeca 100644
--- a/frontend/pnpm-lock.yaml
+++ b/frontend/pnpm-lock.yaml
@@ -8,6 +8,24 @@ importers:
 
   .:
     dependencies:
+      '@bufbuild/protobuf':
+        specifier: ^2.9.0
+        version: 2.9.0
+      '@connectrpc/connect':
+        specifier: ^2.1.0
+        version: 2.1.0(@bufbuild/protobuf@2.9.0)
+      '@connectrpc/connect-query':
+        specifier: ^2.2.0
+        version: 2.2.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))(@tanstack/query-core@5.90.2)(@tanstack/react-query@5.90.2(react@19.1.1))(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
+      '@connectrpc/connect-web':
+        specifier: ^2.1.0
+        version: 2.1.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))
+      '@tanstack/react-form':
+        specifier: ^1.23.7
+        version: 1.23.7(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
+      '@tanstack/react-query':
+        specifier: ^5.90.2
+        version: 5.90.2(react@19.1.1)
       '@tanstack/react-router':
         specifier: ^1.131.36
         version: 1.131.36(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
@@ -17,9 +35,6 @@ importers:
       '@tanstack/react-table':
         specifier: ^8.21.3
         version: 8.21.3(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      axios:
-        specifier: ^1.11.0
-        version: 1.11.0
       class-variance-authority:
         specifier: ^0.7.1
         version: 0.7.1
@@ -38,8 +53,11 @@ importers:
       lucide-react:
         specifier: ^0.543.0
         version: 0.543.0(react@19.1.1)
+      prism-react-renderer:
+        specifier: ^2.4.1
+        version: 2.4.1(react@19.1.1)
       radix-ui:
-        specifier: ^1.4.3
+        specifier: latest
         version: 1.4.3(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
       react:
         specifier: ^19.1.1
@@ -74,6 +92,9 @@ importers:
       yup:
         specifier: ^1.7.0
         version: 1.7.0
+      zod:
+        specifier: ^4.1.11
+        version: 4.1.11
       zustand:
         specifier: ^5.0.8
         version: 5.0.8(@types/react@19.1.12)(immer@10.1.1)(react@19.1.1)(use-sync-external-store@1.5.0(react@19.1.1))
@@ -111,9 +132,6 @@ importers:
       globals:
         specifier: ^16.3.0
         version: 16.3.0
-      orval:
-        specifier: ^7.11.2
-        version: 7.11.2(openapi-types@12.1.3)
       prettier:
         specifier: 3.6.2
         version: 3.6.2
@@ -136,25 +154,6 @@ packages:
     resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==}
     engines: {node: '>=6.0.0'}
 
-  '@apidevtools/json-schema-ref-parser@11.7.2':
-    resolution: {integrity: sha512-4gY54eEGEstClvEkGnwVkTkrx0sqwemEFG5OSRRn3tD91XH0+Q8XIkYIfo7IwEWPpJZwILb9GUXeShtplRc/eA==}
-    engines: {node: '>= 16'}
-
-  '@apidevtools/openapi-schemas@2.1.0':
-    resolution: {integrity: sha512-Zc1AlqrJlX3SlpupFGpiLi2EbteyP7fXmUOGup6/DnkRgjP9bgMM/ag+n91rsv0U1Gpz0H3VILA/o3bW7Ua6BQ==}
-    engines: {node: '>=10'}
-
-  '@apidevtools/swagger-methods@3.0.2':
-    resolution: {integrity: sha512-QAkD5kK2b1WfjDS/UQn/qQkbwF31uqRjPTrsCs5ZG9BQGAkjwvqGFjjPqAuzac/IYzpPtRzjCP1WrTuAIjMrXg==}
-
-  '@apidevtools/swagger-parser@10.1.1':
-    resolution: {integrity: sha512-u/kozRnsPO/x8QtKYJOqoGtC4kH6yg1lfYkB9Au0WhYB0FNLpyFusttQtvhlwjtG3rOwiRz4D8DnnXa8iEpIKA==}
-    peerDependencies:
-      openapi-types: '>=7'
-
-  '@asyncapi/specs@6.8.1':
-    resolution: {integrity: sha512-czHoAk3PeXTLR+X8IUaD+IpT+g+zUvkcgMDJVothBsan+oHN3jfcFcFUNdOPAAFoUCQN1hXF1dWuphWy05THlA==}
-
   '@babel/code-frame@7.27.1':
     resolution: {integrity: sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==}
     engines: {node: '>=6.9.0'}
@@ -288,6 +287,36 @@ packages:
     resolution: {integrity: sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==}
     engines: {node: '>=6.9.0'}
 
+  '@bufbuild/protobuf@2.9.0':
+    resolution: {integrity: sha512-rnJenoStJ8nvmt9Gzye8nkYd6V22xUAnu4086ER7h1zJ508vStko4pMvDeQ446ilDTFpV5wnoc5YS7XvMwwMqA==}
+
+  '@connectrpc/connect-query-core@2.2.0':
+    resolution: {integrity: sha512-t/CuxW/vP84y2iyS+PnbAnBwgOTYMzHXTSoBUKC1vIn706aNiZP40Y6mGJybglyH63RhAPcOdUgzG7DjzaAHCw==}
+    peerDependencies:
+      '@bufbuild/protobuf': 2.x
+      '@connectrpc/connect': ^2.0.1
+      '@tanstack/query-core': '>=5.62.0'
+
+  '@connectrpc/connect-query@2.2.0':
+    resolution: {integrity: sha512-oQ+coXOwBmfl4/t6EOrTfzW0zdoGDe3kvUYqZHrbzORkRFd693Cz8PxuDBjRCjmBPhDRCQMxFhR1jn2+SbgEKQ==}
+    peerDependencies:
+      '@bufbuild/protobuf': 2.x
+      '@connectrpc/connect': ^2.0.1
+      '@tanstack/react-query': '>=5.62.0'
+      react: ^18 || ^19
+      react-dom: ^18 || ^19
+
+  '@connectrpc/connect-web@2.1.0':
+    resolution: {integrity: sha512-4IBFeMeXS1RVtmmFE/MwH+vWq/5vDRKys70va+DAaWDh83Rdy0iUQOJbITUDzvonlY5as3vwfs5yy9Yp2miHSw==}
+    peerDependencies:
+      '@bufbuild/protobuf': ^2.7.0
+      '@connectrpc/connect': 2.1.0
+
+  '@connectrpc/connect@2.1.0':
+    resolution: {integrity: sha512-xhiwnYlJNHzmFsRw+iSPIwXR/xweTvTw8x5HiwWp10sbVtd4OpOXbRgE7V58xs1EC17fzusF1f5uOAy24OkBuA==}
+    peerDependencies:
+      '@bufbuild/protobuf': ^2.7.0
+
   '@esbuild/aix-ppc64@0.25.9':
     resolution: {integrity: sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==}
     engines: {node: '>=18'}
@@ -488,9 +517,6 @@ packages:
     resolution: {integrity: sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@exodus/schemasafe@1.3.0':
-    resolution: {integrity: sha512-5Aap/GaRupgNx/feGBwLLTVv8OQFfv3pq2lPRzPg9R+IOBnDgghTGW7l7EuVXOvg5cc/xSAlRW8rBrjIC3Nvqw==}
-
   '@floating-ui/core@1.7.2':
     resolution: {integrity: sha512-wNB5ooIKHQc+Kui96jE/n69rHFWAVoxn5CAzL1Xdd8FG03cgY3MLO+GF9U3W737fYDSgPWA6MReKhBQBop6Pcw==}
 
@@ -506,9 +532,6 @@ packages:
   '@floating-ui/utils@0.2.10':
     resolution: {integrity: sha512-aGTxbpbg8/b5JfU1HXSrbH3wXZuLPJcNEcZQFMxLs3oSzgtVu6nFPkbbGGUvBcUjKV2YyB9Wxxabo+HEH9tcRQ==}
 
-  '@gerrit0/mini-shiki@3.8.1':
-    resolution: {integrity: sha512-HVZW+8pxoOExr5ZMPK15U79jQAZTO/S6i5byQyyZGjtNj+qaYd82cizTncwFzTQgiLo8uUBym6vh+/1tfJklTw==}
-
   '@humanfs/core@0.19.1':
     resolution: {integrity: sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==}
     engines: {node: '>=18.18.0'}
@@ -529,14 +552,6 @@ packages:
     resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
     engines: {node: '>=18.18'}
 
-  '@ibm-cloud/openapi-ruleset-utilities@1.9.0':
-    resolution: {integrity: sha512-AoFbSarOqFBYH+1TZ9Ahkm2IWYSi5v0pBk88fpV+5b3qGJukypX8PwvCWADjuyIccKg48/F73a6hTTkBzDQ2UA==}
-    engines: {node: '>=16.0.0'}
-
-  '@ibm-cloud/openapi-ruleset@1.31.1':
-    resolution: {integrity: sha512-3WK2FREmDA2aadCjD71PE7tx5evyvmhg80ts1kXp2IzXIA0ZJ7guGM66tj40kxaqwpMSGchwEnnfYswntav76g==}
-    engines: {node: '>=16.0.0'}
-
   '@isaacs/fs-minipass@4.0.1':
     resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==}
     engines: {node: '>=18.0.0'}
@@ -560,27 +575,6 @@ packages:
   '@jridgewell/trace-mapping@0.3.29':
     resolution: {integrity: sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ==}
 
-  '@jsdevtools/ono@7.1.3':
-    resolution: {integrity: sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==}
-
-  '@jsep-plugin/assignment@1.3.0':
-    resolution: {integrity: sha512-VVgV+CXrhbMI3aSusQyclHkenWSAm95WaiKrMxRFam3JSUiIaQjoMIw2sEs/OX4XifnqeQUN4DYbJjlA8EfktQ==}
-    engines: {node: '>= 10.16.0'}
-    peerDependencies:
-      jsep: ^0.4.0||^1.0.0
-
-  '@jsep-plugin/regex@1.0.4':
-    resolution: {integrity: sha512-q7qL4Mgjs1vByCaTnDFcBnV9HS7GVPJX5vyVoCgZHNSC9rjwIlmbXG5sUuorR5ndfHAIlJ8pVStxvjXHbNvtUg==}
-    engines: {node: '>= 10.16.0'}
-    peerDependencies:
-      jsep: ^0.4.0||^1.0.0
-
-  '@jsep-plugin/ternary@1.1.4':
-    resolution: {integrity: sha512-ck5wiqIbqdMX6WRQztBL7ASDty9YLgJ3sSAK5ZpBzXeySvFGCzIvM6UiAI4hTZ22fEcYQVV/zhUbNscggW+Ukg==}
-    engines: {node: '>= 10.16.0'}
-    peerDependencies:
-      jsep: ^0.4.0||^1.0.0
-
   '@nodelib/fs.scandir@2.1.5':
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
@@ -593,36 +587,6 @@ packages:
     resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
     engines: {node: '>= 8'}
 
-  '@orval/angular@7.11.2':
-    resolution: {integrity: sha512-v7I3MXlc1DTFHZlCo10uqBmss/4puXi1EbYdlYGfeZ2sYQiwtRFEYAMnSIxHzMtdtI4jd7iDEH0fZRA7W6yloA==}
-
-  '@orval/axios@7.11.2':
-    resolution: {integrity: sha512-X5TJTFofCeJrQcHWoH0wz/032DBhPOQuZUUOPYO3DItOnq9/nfHJYKnUfg13wtYw0LVjCxyTZpeGLUBZnY804A==}
-
-  '@orval/core@7.11.2':
-    resolution: {integrity: sha512-5k2j4ro53yZ3J+tGMu3LpLgVb2OBtxNDgyrJik8qkrFyuORBLx/a+AJRFoPYwZmtnMZzzRXoH4J/fbpW5LXIyg==}
-
-  '@orval/fetch@7.11.2':
-    resolution: {integrity: sha512-FuupASqk4Dn8ZET7u5Ra5djKy22KfRfec60zRR/o5+L5iQkWKEe/A5DBT1PwjTMnp9789PEGlFPQjZNwMG98Tg==}
-
-  '@orval/hono@7.11.2':
-    resolution: {integrity: sha512-SddhKMYMB/dJH3YQx3xi0Zd+4tfhrEkqJdqQaYLXgENJiw0aGbdaZTdY6mb/e6qP38TTK6ME2PkYOqwkl2DQ7g==}
-
-  '@orval/mcp@7.11.2':
-    resolution: {integrity: sha512-9kGKko8wLuCbeETp8Pd8lXLtBpLzEJfR2kl2m19AI3nAoHXE/Tnn3KgjMIg0qvCcsRXGXdYJB7wfxy2URdAxVA==}
-
-  '@orval/mock@7.11.2':
-    resolution: {integrity: sha512-+uRq6BT6NU2z0UQtgeD6FMuLAxQ5bjJ5PZK3AsbDYFRSmAWUWoeaQcoWyF38F4t7ez779beGs3AlUg+z0Ec4rQ==}
-
-  '@orval/query@7.11.2':
-    resolution: {integrity: sha512-C/it+wNfcDtuvpB6h/78YwWU+Rjk7eU1Av8jAoGnvxMRli4nnzhSZ83HMILGhYQbE9WcfNZxQJ6OaBoTWqACPg==}
-
-  '@orval/swr@7.11.2':
-    resolution: {integrity: sha512-95GkKLVy67xJvsiVvK4nTOsCpebWM54FvQdKQaqlJ0FGCNUbqDjVRwBKbjP6dLc/B3wTmBAWlFSLbdVmjGCTYg==}
-
-  '@orval/zod@7.11.2':
-    resolution: {integrity: sha512-4MzTg5Wms8/LlM3CbYu80dvCbP88bVlQjnYsBdFXuEv0K2GYkBCAhVOrmXCVrPXE89neV6ABkvWQeuKZQpkdxQ==}
-
   '@radix-ui/number@1.1.1':
     resolution: {integrity: sha512-MkKCwxlXTgz6CFoJx3pCwn07GKp36+aZyu/u2Ln2VrA5DcdyCZkASEDBTd8x5whTQQL5CiYf4prXKLcgQdv29g==}
 
@@ -833,19 +797,6 @@ packages:
       '@types/react-dom':
         optional: true
 
-  '@radix-ui/react-dialog@1.1.14':
-    resolution: {integrity: sha512-+CpweKjqpzTmwRwcYECQcNYbI8V9VSQt0SNFKeEBLgfucbsLssU6Ppq7wUdNXEGb573bMjFhVjKVll8rmV6zMw==}
-    peerDependencies:
-      '@types/react': '*'
-      '@types/react-dom': '*'
-      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
-      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
-    peerDependenciesMeta:
-      '@types/react':
-        optional: true
-      '@types/react-dom':
-        optional: true
-
   '@radix-ui/react-dialog@1.1.15':
     resolution: {integrity: sha512-TCglVRtzlffRNxRMEyR36DGBLJpeusFcgMVD9PZEzAKnUs1lKCgX5u9BmC2Yg+LL9MgZDugFFs1Vl+Jp4t/PGw==}
     peerDependencies:
@@ -1739,94 +1690,6 @@ packages:
     cpu: [x64]
     os: [win32]
 
-  '@shikijs/engine-oniguruma@3.8.1':
-    resolution: {integrity: sha512-KGQJZHlNY7c656qPFEQpIoqOuC4LrxjyNndRdzk5WKB/Ie87+NJCF1xo9KkOUxwxylk7rT6nhlZyTGTC4fCe1g==}
-
-  '@shikijs/langs@3.8.1':
-    resolution: {integrity: sha512-TjOFg2Wp1w07oKnXjs0AUMb4kJvujML+fJ1C5cmEj45lhjbUXtziT1x2bPQb9Db6kmPhkG5NI2tgYW1/DzhUuQ==}
-
-  '@shikijs/themes@3.8.1':
-    resolution: {integrity: sha512-Vu3t3BBLifc0GB0UPg2Pox1naTemrrvyZv2lkiSw3QayVV60me1ujFQwPZGgUTmwXl1yhCPW8Lieesm0CYruLQ==}
-
-  '@shikijs/types@3.8.1':
-    resolution: {integrity: sha512-5C39Q8/8r1I26suLh+5TPk1DTrbY/kn3IdWA5HdizR0FhlhD05zx5nKCqhzSfDHH3p4S0ZefxWd77DLV+8FhGg==}
-
-  '@shikijs/vscode-textmate@10.0.2':
-    resolution: {integrity: sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg==}
-
-  '@stoplight/better-ajv-errors@1.0.3':
-    resolution: {integrity: sha512-0p9uXkuB22qGdNfy3VeEhxkU5uwvp/KrBTAbrLBURv6ilxIVwanKwjMc41lQfIVgPGcOkmLbTolfFrSsueu7zA==}
-    engines: {node: ^12.20 || >= 14.13}
-    peerDependencies:
-      ajv: '>=8'
-
-  '@stoplight/json-ref-readers@1.2.2':
-    resolution: {integrity: sha512-nty0tHUq2f1IKuFYsLM4CXLZGHdMn+X/IwEUIpeSOXt0QjMUbL0Em57iJUDzz+2MkWG83smIigNZ3fauGjqgdQ==}
-    engines: {node: '>=8.3.0'}
-
-  '@stoplight/json-ref-resolver@3.1.6':
-    resolution: {integrity: sha512-YNcWv3R3n3U6iQYBsFOiWSuRGE5su1tJSiX6pAPRVk7dP0L7lqCteXGzuVRQ0gMZqUl8v1P0+fAKxF6PLo9B5A==}
-    engines: {node: '>=8.3.0'}
-
-  '@stoplight/json@3.21.7':
-    resolution: {integrity: sha512-xcJXgKFqv/uCEgtGlPxy3tPA+4I+ZI4vAuMJ885+ThkTHFVkC+0Fm58lA9NlsyjnkpxFh4YiQWpH+KefHdbA0A==}
-    engines: {node: '>=8.3.0'}
-
-  '@stoplight/ordered-object-literal@1.0.5':
-    resolution: {integrity: sha512-COTiuCU5bgMUtbIFBuyyh2/yVVzlr5Om0v5utQDgBCuQUOPgU1DwoffkTfg4UBQOvByi5foF4w4T+H9CoRe5wg==}
-    engines: {node: '>=8'}
-
-  '@stoplight/path@1.3.2':
-    resolution: {integrity: sha512-lyIc6JUlUA8Ve5ELywPC8I2Sdnh1zc1zmbYgVarhXIp9YeAB0ReeqmGEOWNtlHkbP2DAA1AL65Wfn2ncjK/jtQ==}
-    engines: {node: '>=8'}
-
-  '@stoplight/spectral-core@1.20.0':
-    resolution: {integrity: sha512-5hBP81nCC1zn1hJXL/uxPNRKNcB+/pEIHgCjPRpl/w/qy9yC9ver04tw1W0l/PMiv0UeB5dYgozXVQ4j5a6QQQ==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-formats@1.8.2':
-    resolution: {integrity: sha512-c06HB+rOKfe7tuxg0IdKDEA5XnjL2vrn/m/OVIIxtINtBzphZrOgtRn7epQ5bQF5SWp84Ue7UJWaGgDwVngMFw==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-functions@1.10.1':
-    resolution: {integrity: sha512-obu8ZfoHxELOapfGsCJixKZXZcffjg+lSoNuttpmUFuDzVLT3VmH8QkPXfOGOL5Pz80BR35ClNAToDkdnYIURg==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-parsers@1.0.5':
-    resolution: {integrity: sha512-ANDTp2IHWGvsQDAY85/jQi9ZrF4mRrA5bciNHX+PUxPr4DwS6iv4h+FVWJMVwcEYdpyoIdyL+SRmHdJfQEPmwQ==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-ref-resolver@1.0.5':
-    resolution: {integrity: sha512-gj3TieX5a9zMW29z3mBlAtDOCgN3GEc1VgZnCVlr5irmR4Qi5LuECuFItAq4pTn5Zu+sW5bqutsCH7D4PkpyAA==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-rulesets@1.22.0':
-    resolution: {integrity: sha512-l2EY2jiKKLsvnPfGy+pXC0LeGsbJzcQP5G/AojHgf+cwN//VYxW1Wvv4WKFx/CLmLxc42mJYF2juwWofjWYNIQ==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/spectral-runtime@1.1.4':
-    resolution: {integrity: sha512-YHbhX3dqW0do6DhiPSgSGQzr6yQLlWybhKwWx0cqxjMwxej3TqLv3BXMfIUYFKKUqIwH4Q2mV8rrMM8qD2N0rQ==}
-    engines: {node: ^16.20 || ^18.18 || >= 20.17}
-
-  '@stoplight/types@13.20.0':
-    resolution: {integrity: sha512-2FNTv05If7ib79VPDA/r9eUet76jewXFH2y2K5vuge6SXbRHtWBhcaRmu+6QpF4/WRNoJj5XYRSwLGXDxysBGA==}
-    engines: {node: ^12.20 || >=14.13}
-
-  '@stoplight/types@13.6.0':
-    resolution: {integrity: sha512-dzyuzvUjv3m1wmhPfq82lCVYGcXG0xUYgqnWfCq3PCVR4BKFhjdkHrnJ+jIDoMKvXb05AZP/ObQF6+NpDo29IQ==}
-    engines: {node: ^12.20 || >=14.13}
-
-  '@stoplight/types@14.1.1':
-    resolution: {integrity: sha512-/kjtr+0t0tjKr+heVfviO9FrU/uGLc+QNX3fHJc19xsCNYqU7lVhaXxDmEID9BZTjG+/r9pK9xP/xU02XGg65g==}
-    engines: {node: ^12.20 || >=14.13}
-
-  '@stoplight/yaml-ast-parser@0.0.50':
-    resolution: {integrity: sha512-Pb6M8TDO9DtSVla9yXSTAxmo9GVEouq5P40DWXdOie69bXogZTkgvopCq+yEvTMA0F6PEvdJmbtTV3ccIp11VQ==}
-
-  '@stoplight/yaml@4.3.0':
-    resolution: {integrity: sha512-JZlVFE6/dYpP9tQmV0/ADfn32L9uFarHWxfcRhReKUnljz1ZiUM5zpX+PH8h5CJs6lao3TuFqnPm9IJJCEkE2w==}
-    engines: {node: '>=10.8'}
-
   '@swc/core-darwin-arm64@1.13.3':
     resolution: {integrity: sha512-ux0Ws4pSpBTqbDS9GlVP354MekB1DwYlbxXU3VhnDr4GBcCOimpocx62x7cFJkSpEBF8bmX8+/TTCGKh4PbyXw==}
     engines: {node: '>=10'}
@@ -1992,10 +1855,34 @@ packages:
     peerDependencies:
       vite: ^5.2.0 || ^6 || ^7
 
+  '@tanstack/devtools-event-client@0.3.3':
+    resolution: {integrity: sha512-RfV+OPV/M3CGryYqTue684u10jUt55PEqeBOnOtCe6tAmHI9Iqyc8nHeDhWPEV9715gShuauFVaMc9RiUVNdwg==}
+    engines: {node: '>=18'}
+
+  '@tanstack/form-core@1.24.3':
+    resolution: {integrity: sha512-e+HzSD49NWr4aIqJWtPPzmi+/phBJAP3nSPN8dvxwmJWqAxuB/cH138EcmCFf3+oA7j3BXvwvTY0I+8UweGPjQ==}
+
   '@tanstack/history@1.131.2':
     resolution: {integrity: sha512-cs1WKawpXIe+vSTeiZUuSBy8JFjEuDgdMKZFRLKwQysKo8y2q6Q1HvS74Yw+m5IhOW1nTZooa6rlgdfXcgFAaw==}
     engines: {node: '>=12'}
 
+  '@tanstack/query-core@5.90.2':
+    resolution: {integrity: sha512-k/TcR3YalnzibscALLwxeiLUub6jN5EDLwKDiO7q5f4ICEoptJ+n9+7vcEFy5/x/i6Q+Lb/tXrsKCggf5uQJXQ==}
+
+  '@tanstack/react-form@1.23.7':
+    resolution: {integrity: sha512-p/j9Gi2+s135sOjj48RjM+6xZQr1FVpliQlETLYBEGmmmxWHgYYs2b62mTDSnuv7AqtuZhpQ+t0CRFVfbQLsFA==}
+    peerDependencies:
+      '@tanstack/react-start': ^1.130.10
+      react: ^17.0.0 || ^18.0.0 || ^19.0.0
+    peerDependenciesMeta:
+      '@tanstack/react-start':
+        optional: true
+
+  '@tanstack/react-query@5.90.2':
+    resolution: {integrity: sha512-CLABiR+h5PYfOWr/z+vWFt5VsOA2ekQeRQBFSKlcoW6Ndx/f8rfyVmq4LbgOM4GG2qtxAxjLYLOpCNTYm4uKzw==}
+    peerDependencies:
+      react: ^18 || ^19
+
   '@tanstack/react-router-devtools@1.131.36':
     resolution: {integrity: sha512-2huBmW+mqPoJs6ZHfjuunEkVRfgWZh67IUjgdSyqdaYGLa3qsG3zcG4bpTIq6HwJuzcK00JRM3AQ4NLPdttaJQ==}
     engines: {node: '>=12'}
@@ -2017,6 +1904,12 @@ packages:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
       react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
+  '@tanstack/react-store@0.7.7':
+    resolution: {integrity: sha512-qqT0ufegFRDGSof9D/VqaZgjNgp4tRPHZIJq2+QIHkMUtHjaJ0lYrrXjeIUJvjnTbgPfSD1XgOMEt0lmANn6Zg==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
+      react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
+
   '@tanstack/react-table@8.21.3':
     resolution: {integrity: sha512-5nNMTSETP4ykGegmVkhjcS8tTLW6Vl4axfEGQN3v0zdHYbK4UfoqfPChclTrJ4EoK9QynqAu9oUf8VEmrpZ5Ww==}
     engines: {node: '>=12'}
@@ -2072,6 +1965,9 @@ packages:
   '@tanstack/store@0.7.2':
     resolution: {integrity: sha512-RP80Z30BYiPX2Pyo0Nyw4s1SJFH2jyM6f9i3HfX4pA+gm5jsnYryscdq2aIQLnL4TaGuQMO+zXmN9nh1Qck+Pg==}
 
+  '@tanstack/store@0.7.7':
+    resolution: {integrity: sha512-xa6pTan1bcaqYDS9BDpSiS63qa6EoDkPN9RsRaxHuDdVDNntzq3xNwR5YKTU/V3SkSyC9T4YVOPh2zRQN0nhIQ==}
+
   '@tanstack/table-core@8.21.3':
     resolution: {integrity: sha512-ldZXEhOBb8Is7xLs01fR3YEc3DERiz5silj8tnGkFZytt1abEvl/GhUmCE0PMLaMPTa3Jk4HbKmRlHmu+gCftg==}
     engines: {node: '>=12'}
@@ -2110,9 +2006,6 @@ packages:
   '@types/debug@4.1.12':
     resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==}
 
-  '@types/es-aggregate-error@1.0.6':
-    resolution: {integrity: sha512-qJ7LIFp06h1QE1aVxbVd+zJP2wdaugYXYfd6JxsyRMrYHaxb6itXPogW2tz+ylUJ1n1b+JF1PHyYCfYHm0dvUg==}
-
   '@types/estree-jsx@1.0.5':
     resolution: {integrity: sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg==}
 
@@ -2137,6 +2030,9 @@ packages:
   '@types/node@24.3.1':
     resolution: {integrity: sha512-3vXmQDXy+woz+gnrTvuvNrPzekOi+Ds0ReMxw0LzBiK3a+1k0kQn9f2NWk+lgD4rJehFUmYy2gMhJ2ZI+7YP9g==}
 
+  '@types/prismjs@1.26.5':
+    resolution: {integrity: sha512-AUZTa7hQ2KY5L7AmtSiqxlhWxb4ina0yd8hNbl4TWuqnv/pFP0nDMb3YrfSBf4hJVGLh2YEIBfKaBW/9UEl6IQ==}
+
   '@types/react-dom@19.1.9':
     resolution: {integrity: sha512-qXRuZaOsAdXKFyOhRBg6Lqqc0yay13vN7KrIg4L7N4aaHN68ma9OK3NE1BoDFgFOTfM7zg+3/8+2n8rLUH3OKQ==}
     peerDependencies:
@@ -2151,9 +2047,6 @@ packages:
   '@types/unist@3.0.3':
     resolution: {integrity: sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==}
 
-  '@types/urijs@1.19.25':
-    resolution: {integrity: sha512-XOfUup9r3Y06nFAZh3WvO0rBU4OtlfPB/vgxpjg+NRdGU6CN6djdc6OEiH+PcqHCY6eFLo9Ista73uarf4gnBg==}
-
   '@typescript-eslint/eslint-plugin@8.43.0':
     resolution: {integrity: sha512-8tg+gt7ENL7KewsKMKDHXR1vm8tt9eMxjJBYINf6swonlWgkYn5NwyIgXpbbDxTNU5DgpDFfj95prcTq2clIQQ==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
@@ -2222,10 +2115,6 @@ packages:
     peerDependencies:
       vite: ^4 || ^5 || ^6 || ^7
 
-  abort-controller@3.0.0:
-    resolution: {integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==}
-    engines: {node: '>=6.5'}
-
   acorn-jsx@5.3.2:
     resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
     peerDependencies:
@@ -2236,41 +2125,9 @@ packages:
     engines: {node: '>=0.4.0'}
     hasBin: true
 
-  ajv-draft-04@1.0.0:
-    resolution: {integrity: sha512-mv00Te6nmYbRp5DCwclxtt7yV/joXJPGS7nM+97GdxvuttCOfgI3K4U25zboyeX0O+myI8ERluxQe5wljMmVIw==}
-    peerDependencies:
-      ajv: ^8.5.0
-    peerDependenciesMeta:
-      ajv:
-        optional: true
-
-  ajv-errors@3.0.0:
-    resolution: {integrity: sha512-V3wD15YHfHz6y0KdhYFjyy9vWtEVALT9UrxfN3zqlI6dMioHnJrqOYfyPKol3oqrnCM9uwkcdCwkJ0WUcbLMTQ==}
-    peerDependencies:
-      ajv: ^8.0.1
-
-  ajv-formats@2.1.1:
-    resolution: {integrity: sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==}
-    peerDependencies:
-      ajv: ^8.0.0
-    peerDependenciesMeta:
-      ajv:
-        optional: true
-
   ajv@6.12.6:
     resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
 
-  ajv@8.17.1:
-    resolution: {integrity: sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==}
-
-  ansi-colors@4.1.3:
-    resolution: {integrity: sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==}
-    engines: {node: '>=6'}
-
-  ansi-regex@5.0.1:
-    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
-    engines: {node: '>=8'}
-
   ansi-styles@4.3.0:
     resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
     engines: {node: '>=8'}
@@ -2290,44 +2147,14 @@ packages:
     resolution: {integrity: sha512-ik3ZgC9dY/lYVVM++OISsaYDeg1tb0VtP5uL3ouh1koGOaUMDPpbFIei4JkFimWUFPn90sbMNMXQAIVOlnYKJA==}
     engines: {node: '>=10'}
 
-  array-buffer-byte-length@1.0.2:
-    resolution: {integrity: sha512-LHE+8BuR7RYGDKvnrmcuSq3tDcKv9OFEXQt/HpbZhY7V6h0zlUXutnAD82GiFx9rdieCMjkvtcsPqBwgUl1Iiw==}
-    engines: {node: '>= 0.4'}
-
   array-move@3.0.1:
     resolution: {integrity: sha512-H3Of6NIn2nNU1gsVDqDnYKY/LCdWvCMMOWifNGhKcVQgiZ6nOek39aESOvro6zmueP07exSl93YLvkN4fZOkSg==}
     engines: {node: '>=10'}
 
-  array-union@2.1.0:
-    resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
-    engines: {node: '>=8'}
-
-  arraybuffer.prototype.slice@1.0.4:
-    resolution: {integrity: sha512-BNoCY6SXXPQ7gF2opIP4GBE+Xw7U+pHMYKuzjgCN3GwiaIR09UUeKfheyIry77QtrCBlC0KK0q5/TER/tYh3PQ==}
-    engines: {node: '>= 0.4'}
-
   ast-types@0.16.1:
     resolution: {integrity: sha512-6t10qk83GOG8p0vKmaCr8eiilZwO171AvbROMtvvNiwrTly62t+7XkA8RdIIVbpMhCASAsxgAzdRSwh6nw/5Dg==}
     engines: {node: '>=4'}
 
-  astring@1.9.0:
-    resolution: {integrity: sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==}
-    hasBin: true
-
-  async-function@1.0.0:
-    resolution: {integrity: sha512-hsU18Ae8CDTR6Kgu9DYf0EbCr/a5iGL0rytQDobUcdpYOKokk8LEjVphnXkDkgpi0wYVsqrXuP0bZxJaTqdgoA==}
-    engines: {node: '>= 0.4'}
-
-  asynckit@0.4.0:
-    resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
-
-  available-typed-arrays@1.0.7:
-    resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==}
-    engines: {node: '>= 0.4'}
-
-  axios@1.11.0:
-    resolution: {integrity: sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA==}
-
   babel-dead-code-elimination@1.0.10:
     resolution: {integrity: sha512-DV5bdJZTzZ0zn0DC24v3jD7Mnidh6xhKa4GfKCbq3sfW8kaWhDdZjP3i81geA8T33tdYqWKw4D3fVv0CwEgKVA==}
 
@@ -2356,25 +2183,6 @@ packages:
     engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7}
     hasBin: true
 
-  cac@6.7.14:
-    resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==}
-    engines: {node: '>=8'}
-
-  call-bind-apply-helpers@1.0.2:
-    resolution: {integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==}
-    engines: {node: '>= 0.4'}
-
-  call-bind@1.0.8:
-    resolution: {integrity: sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==}
-    engines: {node: '>= 0.4'}
-
-  call-bound@1.0.4:
-    resolution: {integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==}
-    engines: {node: '>= 0.4'}
-
-  call-me-maybe@1.0.2:
-    resolution: {integrity: sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==}
-
   callsites@3.1.0:
     resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
     engines: {node: '>=6'}
@@ -2405,10 +2213,6 @@ packages:
     resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
     engines: {node: '>= 8.10.0'}
 
-  chokidar@4.0.3:
-    resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==}
-    engines: {node: '>= 14.16.0'}
-
   chownr@3.0.0:
     resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==}
     engines: {node: '>=18'}
@@ -2416,10 +2220,6 @@ packages:
   class-variance-authority@0.7.1:
     resolution: {integrity: sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==}
 
-  cliui@8.0.1:
-    resolution: {integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==}
-    engines: {node: '>=12'}
-
   clsx@2.1.1:
     resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==}
     engines: {node: '>=6'}
@@ -2443,16 +2243,9 @@ packages:
   color-name@1.1.4:
     resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
 
-  combined-stream@1.0.8:
-    resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==}
-    engines: {node: '>= 0.8'}
-
   comma-separated-tokens@2.0.3:
     resolution: {integrity: sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg==}
 
-  compare-versions@6.1.1:
-    resolution: {integrity: sha512-4hm4VPpIecmlg59CHXnRDnqGplJFrbLG4aFEl5vl6cK1u76ws3LLvX7ikFnTDl5vo39sjWD6AaDPYodJp/NNHg==}
-
   concat-map@0.0.1:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
 
@@ -2513,18 +2306,6 @@ packages:
     resolution: {integrity: sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==}
     engines: {node: '>=12'}
 
-  data-view-buffer@1.0.2:
-    resolution: {integrity: sha512-EmKO5V3OLXh1rtK2wgXRansaK1/mtVdTUEiEI0W8RkvgT05kfxaH29PliLnpLP73yYO6142Q72QNa8Wx/A5CqQ==}
-    engines: {node: '>= 0.4'}
-
-  data-view-byte-length@1.0.2:
-    resolution: {integrity: sha512-tuhGbE6CfTM9+5ANGf+oQb72Ky/0+s3xKUpHvShfiz2RxMFgFPjsXuRLBVMtvMs15awe45SRb83D6wH4ew6wlQ==}
-    engines: {node: '>= 0.4'}
-
-  data-view-byte-offset@1.0.1:
-    resolution: {integrity: sha512-BS8PfmtDGnrgYdOonGZQdLZslWIeCGFP9tpan0hi1Co2Zr2NKADsvGYA8XxuG/4UWgJ6Cjtv+YJnB6MM69QGlQ==}
-    engines: {node: '>= 0.4'}
-
   debug@4.4.1:
     resolution: {integrity: sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==}
     engines: {node: '>=6.0'}
@@ -2537,6 +2318,9 @@ packages:
   decimal.js-light@2.5.1:
     resolution: {integrity: sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==}
 
+  decode-formdata@0.9.0:
+    resolution: {integrity: sha512-q5uwOjR3Um5YD+ZWPOF/1sGHVW9A5rCrRwITQChRXlmPkxDFBqCm4jNTIVdGHNH9OnR+V9MoZVgRhsFb+ARbUw==}
+
   decode-named-character-reference@1.2.0:
     resolution: {integrity: sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==}
 
@@ -2547,22 +2331,6 @@ packages:
     resolution: {integrity: sha512-R9hc1Xa/NOBi9WRVUWg19rl1UB7Tt4kuPd+thNJgFZoxXsTz7ncaPaeIm+40oSGuP33DfMb4sZt1QIGiJzC4EA==}
     engines: {node: '>=0.10.0'}
 
-  define-data-property@1.1.4:
-    resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==}
-    engines: {node: '>= 0.4'}
-
-  define-properties@1.2.1:
-    resolution: {integrity: sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==}
-    engines: {node: '>= 0.4'}
-
-  delayed-stream@1.0.0:
-    resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==}
-    engines: {node: '>=0.4.0'}
-
-  dependency-graph@0.11.0:
-    resolution: {integrity: sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==}
-    engines: {node: '>= 0.6.0'}
-
   dequal@2.0.3:
     resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==}
     engines: {node: '>=6'}
@@ -2574,6 +2342,9 @@ packages:
   detect-node-es@1.1.0:
     resolution: {integrity: sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==}
 
+  devalue@5.4.1:
+    resolution: {integrity: sha512-YtoaOfsqjbZQKGIMRYDWKjUmSB4VJ/RElB+bXZawQAQYAo4xu08GKTMVlsZDTF6R2MbAgjcAQRPI5eIyRAT2OQ==}
+
   devlop@1.1.0:
     resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==}
 
@@ -2581,17 +2352,9 @@ packages:
     resolution: {integrity: sha512-sSuxWU5j5SR9QQji/o2qMvqRNYRDOcBTgsJ/DeCf4iSN4gW+gNMXM7wFIP+fdXZxoNiAnHUTGjCr+TSWXdRDKg==}
     engines: {node: '>=0.3.1'}
 
-  dir-glob@3.0.1:
-    resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==}
-    engines: {node: '>=8'}
-
   dom-helpers@5.2.1:
     resolution: {integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==}
 
-  dunder-proto@1.0.1:
-    resolution: {integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==}
-    engines: {node: '>= 0.4'}
-
   electron-to-chromium@1.5.203:
     resolution: {integrity: sha512-uz4i0vLhfm6dLZWbz/iH88KNDV+ivj5+2SA+utpgjKaj9Q0iDLuwk6Idhe9BTxciHudyx6IvTvijhkPvFGUQ0g==}
 
@@ -2601,52 +2364,10 @@ packages:
       react: ^18.0.0
       react-dom: ^18.0.0
 
-  emoji-regex@8.0.0:
-    resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
-
   enhanced-resolve@5.18.3:
     resolution: {integrity: sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww==}
     engines: {node: '>=10.13.0'}
 
-  enquirer@2.4.1:
-    resolution: {integrity: sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==}
-    engines: {node: '>=8.6'}
-
-  entities@4.5.0:
-    resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==}
-    engines: {node: '>=0.12'}
-
-  es-abstract@1.24.0:
-    resolution: {integrity: sha512-WSzPgsdLtTcQwm4CROfS5ju2Wa1QQcVeT37jFjYzdFz1r9ahadC8B8/a4qxJxM+09F18iumCdRmlr96ZYkQvEg==}
-    engines: {node: '>= 0.4'}
-
-  es-aggregate-error@1.0.14:
-    resolution: {integrity: sha512-3YxX6rVb07B5TV11AV5wsL7nQCHXNwoHPsQC8S4AmBiqYhyNCJ5BRKXkXyDJvs8QzXN20NgRtxe3dEEQD9NLHA==}
-    engines: {node: '>= 0.4'}
-
-  es-define-property@1.0.1:
-    resolution: {integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==}
-    engines: {node: '>= 0.4'}
-
-  es-errors@1.3.0:
-    resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==}
-    engines: {node: '>= 0.4'}
-
-  es-object-atoms@1.1.1:
-    resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==}
-    engines: {node: '>= 0.4'}
-
-  es-set-tostringtag@2.1.0:
-    resolution: {integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==}
-    engines: {node: '>= 0.4'}
-
-  es-to-primitive@1.3.0:
-    resolution: {integrity: sha512-w+5mJ3GuFL+NjVtJlvydShqE1eN3h3PbI7/5LAsYJP/2qtuMXjfL2LpHSRqo4b4eSF5K/DH1JXKUAHSB2UW50g==}
-    engines: {node: '>= 0.4'}
-
-  es6-promise@3.3.1:
-    resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==}
-
   esbuild@0.25.9:
     resolution: {integrity: sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==}
     engines: {node: '>=18'}
@@ -2725,17 +2446,9 @@ packages:
     resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
     engines: {node: '>=0.10.0'}
 
-  event-target-shim@5.0.1:
-    resolution: {integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==}
-    engines: {node: '>=6'}
-
   eventemitter3@4.0.7:
     resolution: {integrity: sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==}
 
-  execa@5.1.1:
-    resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
-    engines: {node: '>=10'}
-
   extend@3.0.2:
     resolution: {integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==}
 
@@ -2756,15 +2469,6 @@ packages:
   fast-levenshtein@2.0.6:
     resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
 
-  fast-memoize@2.5.2:
-    resolution: {integrity: sha512-Ue0LwpDYErFbmNnZSF0UH6eImUwDmogUO1jyE+JbN2gsQz/jICm1Ve7t9QT0rNSsfJt+Hs4/S3GnsDVjL4HVrw==}
-
-  fast-safe-stringify@2.1.1:
-    resolution: {integrity: sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==}
-
-  fast-uri@3.0.6:
-    resolution: {integrity: sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==}
-
   fastq@1.19.1:
     resolution: {integrity: sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==}
 
@@ -2796,75 +2500,24 @@ packages:
   flatted@3.3.3:
     resolution: {integrity: sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==}
 
-  follow-redirects@1.15.9:
-    resolution: {integrity: sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==}
-    engines: {node: '>=4.0'}
-    peerDependencies:
-      debug: '*'
-    peerDependenciesMeta:
-      debug:
-        optional: true
-
-  for-each@0.3.5:
-    resolution: {integrity: sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg==}
-    engines: {node: '>= 0.4'}
-
-  form-data@4.0.4:
-    resolution: {integrity: sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==}
-    engines: {node: '>= 6'}
-
   formik@2.4.6:
     resolution: {integrity: sha512-A+2EI7U7aG296q2TLGvNapDNTZp1khVt5Vk0Q/fyfSROss0V/V6+txt2aJnwEos44IxTCW/LYAi/zgWzlevj+g==}
     peerDependencies:
       react: '>=16.8.0'
 
-  fs-extra@11.3.0:
-    resolution: {integrity: sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==}
-    engines: {node: '>=14.14'}
-
   fsevents@2.3.3:
     resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
     engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
     os: [darwin]
 
-  function-bind@1.1.2:
-    resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==}
-
-  function.prototype.name@1.1.8:
-    resolution: {integrity: sha512-e5iwyodOHhbMr/yNrc7fDYG4qlbIvI5gajyzPnb5TCwyhjApznQh1BMFou9b30SevY43gCJKXycoCBjMbsuW0Q==}
-    engines: {node: '>= 0.4'}
-
-  functions-have-names@1.2.3:
-    resolution: {integrity: sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==}
-
   gensync@1.0.0-beta.2:
     resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==}
     engines: {node: '>=6.9.0'}
 
-  get-caller-file@2.0.5:
-    resolution: {integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==}
-    engines: {node: 6.* || 8.* || >= 10.*}
-
-  get-intrinsic@1.3.0:
-    resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==}
-    engines: {node: '>= 0.4'}
-
   get-nonce@1.0.1:
     resolution: {integrity: sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==}
     engines: {node: '>=6'}
 
-  get-proto@1.0.1:
-    resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==}
-    engines: {node: '>= 0.4'}
-
-  get-stream@6.0.1:
-    resolution: {integrity: sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==}
-    engines: {node: '>=10'}
-
-  get-symbol-description@1.1.0:
-    resolution: {integrity: sha512-w9UMqWwJxHNOvoNzSJ2oPF5wvYcvP7jUvYzhp67yEhTi17ZDBBC1z9pTdGuzjD+EFIqLSYRweZjqfiPzQ06Ebg==}
-    engines: {node: '>= 0.4'}
-
   get-tsconfig@4.10.1:
     resolution: {integrity: sha512-auHyJ4AgMz7vgS8Hp3N6HXSmlMdUyhSUrfBF16w153rxtLIEOE+HGqaBppczZvnHLqQJfiHotCYpNhl0lUROFQ==}
 
@@ -2884,56 +2537,21 @@ packages:
     resolution: {integrity: sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ==}
     engines: {node: '>=18'}
 
-  globalthis@1.0.4:
-    resolution: {integrity: sha512-DpLKbNU4WylpxJykQujfCcwYWiV/Jhm50Goo0wrVILAv5jOr9d+H+UR3PhSCD2rCCEIg0uc+G+muBTwD54JhDQ==}
-    engines: {node: '>= 0.4'}
-
-  globby@11.1.0:
-    resolution: {integrity: sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==}
-    engines: {node: '>=10'}
-
   goober@2.1.16:
     resolution: {integrity: sha512-erjk19y1U33+XAMe1VTvIONHYoSqE4iS7BYUZfHaqeohLmnC0FdxEh7rQU+6MZ4OajItzjZFSRtVANrQwNq6/g==}
     peerDependencies:
       csstype: ^3.0.10
 
-  gopd@1.2.0:
-    resolution: {integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==}
-    engines: {node: '>= 0.4'}
-
   graceful-fs@4.2.11:
     resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==}
 
   graphemer@1.4.0:
     resolution: {integrity: sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==}
 
-  has-bigints@1.1.0:
-    resolution: {integrity: sha512-R3pbpkcIqv2Pm3dUwgjclDRVmWpTJW2DcMzcIhEXEx1oh/CEMObMm3KLmRJOdvhM7o4uQBnwr8pzRK2sJWIqfg==}
-    engines: {node: '>= 0.4'}
-
   has-flag@4.0.0:
     resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
     engines: {node: '>=8'}
 
-  has-property-descriptors@1.0.2:
-    resolution: {integrity: sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==}
-
-  has-proto@1.2.0:
-    resolution: {integrity: sha512-KIL7eQPfHQRC8+XluaIw7BHUwwqL19bQn4hzNgdr+1wXoU0KKj6rufu47lhY7KbJR2C6T6+PfyN0Ea7wkSS+qQ==}
-    engines: {node: '>= 0.4'}
-
-  has-symbols@1.1.0:
-    resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==}
-    engines: {node: '>= 0.4'}
-
-  has-tostringtag@1.0.2:
-    resolution: {integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==}
-    engines: {node: '>= 0.4'}
-
-  hasown@2.0.2:
-    resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==}
-    engines: {node: '>= 0.4'}
-
   hast-util-to-jsx-runtime@2.3.6:
     resolution: {integrity: sha512-zl6s8LwNyo1P9uw+XJGvZtdFF1GdAkOg8ujOw+4Pyb76874fLps4ueHXDhXWdk6YHQ6OgUtinliG7RsYvCbbBg==}
 
@@ -2946,13 +2564,6 @@ packages:
   html-url-attributes@3.0.1:
     resolution: {integrity: sha512-ol6UPyBWqsrO6EJySPz2O7ZSr856WDrEzM5zMqp+FJJLGMW35cLYmmZnl0vztAZxRUoNZJFTCohfjuIJ8I4QBQ==}
 
-  http2-client@1.3.5:
-    resolution: {integrity: sha512-EC2utToWl4RKfs5zd36Mxq7nzHHBuomZboI0yYL6Y0RmBgT7Sgkq4rQ0ezFTYoIsSs7Tm9SJe+o2FcAg6GBhGA==}
-
-  human-signals@2.1.0:
-    resolution: {integrity: sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==}
-    engines: {node: '>=10.17.0'}
-
   ignore@5.3.2:
     resolution: {integrity: sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==}
     engines: {node: '>= 4'}
@@ -2964,9 +2575,6 @@ packages:
   immer@10.1.1:
     resolution: {integrity: sha512-s2MPrmjovJcoMaHtx6K11Ra7oD05NT97w1IC5zpMkT6Atjr7H8LjaDd81iIxUYpMKSRRNMJE703M1Fhr/TctHw==}
 
-  immer@9.0.21:
-    resolution: {integrity: sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==}
-
   import-fresh@3.3.1:
     resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==}
     engines: {node: '>=6'}
@@ -2978,10 +2586,6 @@ packages:
   inline-style-parser@0.2.4:
     resolution: {integrity: sha512-0aO8FkhNZlj/ZIbNi7Lxxr12obT7cL1moPfE4tg1LkX7LlLfC6DeX4l2ZEud1ukP9jNQyNnfzQVqwbwmAATY4Q==}
 
-  internal-slot@1.1.0:
-    resolution: {integrity: sha512-4gd7VpWNQNB4UKKCFFVcp1AVv+FMOgs9NKzjHKusc8jTMhd5eL1NqQqOpE0KzMds804/yHlglp3uxgluOqAPLw==}
-    engines: {node: '>= 0.4'}
-
   internmap@2.0.3:
     resolution: {integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==}
     engines: {node: '>=12'}
@@ -2992,38 +2596,10 @@ packages:
   is-alphanumerical@2.0.1:
     resolution: {integrity: sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==}
 
-  is-array-buffer@3.0.5:
-    resolution: {integrity: sha512-DDfANUiiG2wC1qawP66qlTugJeL5HyzMpfr8lLK+jMQirGzNod0B12cFB/9q838Ru27sBwfw78/rdoU7RERz6A==}
-    engines: {node: '>= 0.4'}
-
-  is-async-function@2.1.1:
-    resolution: {integrity: sha512-9dgM/cZBnNvjzaMYHVoxxfPj2QXt22Ev7SuuPrs+xav0ukGB0S6d4ydZdEiM48kLx5kDV+QBPrpVnFyefL8kkQ==}
-    engines: {node: '>= 0.4'}
-
-  is-bigint@1.1.0:
-    resolution: {integrity: sha512-n4ZT37wG78iz03xPRKJrHTdZbe3IicyucEtdRsV5yglwc3GyUfbAfpSeD0FJ41NbUNSt5wbhqfp1fS+BgnvDFQ==}
-    engines: {node: '>= 0.4'}
-
   is-binary-path@2.1.0:
     resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
     engines: {node: '>=8'}
 
-  is-boolean-object@1.2.2:
-    resolution: {integrity: sha512-wa56o2/ElJMYqjCjGkXri7it5FbebW5usLw/nPmCMs5DeZ7eziSYZhSmPRn0txqeW4LnAmQQU7FgqLpsEFKM4A==}
-    engines: {node: '>= 0.4'}
-
-  is-callable@1.2.7:
-    resolution: {integrity: sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==}
-    engines: {node: '>= 0.4'}
-
-  is-data-view@1.0.2:
-    resolution: {integrity: sha512-RKtWF8pGmS87i2D6gqQu/l7EYRlVdfzemCJN/P3UOs//x1QE7mfhvzHIApBTRf7axvT6DMGwSwBXYCT0nfB9xw==}
-    engines: {node: '>= 0.4'}
-
-  is-date-object@1.1.0:
-    resolution: {integrity: sha512-PwwhEakHVKTdRNVOw+/Gyh0+MzlCl4R6qKvkhuvLtPMggI1WAHt9sOwZxQLSGpUaDnrdyDsomoRgNnCfKNSXXg==}
-    engines: {node: '>= 0.4'}
-
   is-decimal@2.0.1:
     resolution: {integrity: sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==}
 
@@ -3031,18 +2607,6 @@ packages:
     resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
     engines: {node: '>=0.10.0'}
 
-  is-finalizationregistry@1.1.1:
-    resolution: {integrity: sha512-1pC6N8qWJbWoPtEjgcL2xyhQOP491EQjeUo3qTKcmV8YSDDJrOepfG8pcC7h/QgnQHYSv0mJ3Z/ZWxmatVrysg==}
-    engines: {node: '>= 0.4'}
-
-  is-fullwidth-code-point@3.0.0:
-    resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==}
-    engines: {node: '>=8'}
-
-  is-generator-function@1.1.0:
-    resolution: {integrity: sha512-nPUB5km40q9e8UfN/Zc24eLlzdSf9OfKByBw9CIdw4H1giPMeA0OIJvbchsCu4npfI2QcMVBsGEBHKZ7wLTWmQ==}
-    engines: {node: '>= 0.4'}
-
   is-glob@4.0.3:
     resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
     engines: {node: '>=0.10.0'}
@@ -3050,18 +2614,6 @@ packages:
   is-hexadecimal@2.0.1:
     resolution: {integrity: sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==}
 
-  is-map@2.0.3:
-    resolution: {integrity: sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==}
-    engines: {node: '>= 0.4'}
-
-  is-negative-zero@2.0.3:
-    resolution: {integrity: sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==}
-    engines: {node: '>= 0.4'}
-
-  is-number-object@1.1.1:
-    resolution: {integrity: sha512-lZhclumE1G6VYD8VHe35wFaIif+CTy5SJIi5+3y4psDgWu4wPDoBhF8NxUOinEc7pHgiTsT6MaBb92rKhhD+Xw==}
-    engines: {node: '>= 0.4'}
-
   is-number@7.0.0:
     resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
     engines: {node: '>=0.12.0'}
@@ -3070,49 +2622,6 @@ packages:
     resolution: {integrity: sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==}
     engines: {node: '>=12'}
 
-  is-regex@1.2.1:
-    resolution: {integrity: sha512-MjYsKHO5O7mCsmRGxWcLWheFqN9DJ/2TmngvjKXihe6efViPqc274+Fx/4fYj/r03+ESvBdTXK0V6tA3rgez1g==}
-    engines: {node: '>= 0.4'}
-
-  is-set@2.0.3:
-    resolution: {integrity: sha512-iPAjerrse27/ygGLxw+EBR9agv9Y6uLeYVJMu+QNCoouJ1/1ri0mGrcWpfCqFZuzzx3WjtwxG098X+n4OuRkPg==}
-    engines: {node: '>= 0.4'}
-
-  is-shared-array-buffer@1.0.4:
-    resolution: {integrity: sha512-ISWac8drv4ZGfwKl5slpHG9OwPNty4jOWPRIhBpxOoD+hqITiwuipOQ2bNthAzwA3B4fIjO4Nln74N0S9byq8A==}
-    engines: {node: '>= 0.4'}
-
-  is-stream@2.0.1:
-    resolution: {integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==}
-    engines: {node: '>=8'}
-
-  is-string@1.1.1:
-    resolution: {integrity: sha512-BtEeSsoaQjlSPBemMQIrY1MY0uM6vnS1g5fmufYOtnxLGUZM2178PKbhsk7Ffv58IX+ZtcvoGwccYsh0PglkAA==}
-    engines: {node: '>= 0.4'}
-
-  is-symbol@1.1.1:
-    resolution: {integrity: sha512-9gGx6GTtCQM73BgmHQXfDmLtfjjTUDSyoxTCbp5WtoixAhfgsDirWIcVQ/IHpvI5Vgd5i/J5F7B9cN/WlVbC/w==}
-    engines: {node: '>= 0.4'}
-
-  is-typed-array@1.1.15:
-    resolution: {integrity: sha512-p3EcsicXjit7SaskXHs1hA91QxgTw46Fv6EFKKGS5DRFLD8yKnohjF3hxoju94b/OcMZoQukzpPpBE9uLVKzgQ==}
-    engines: {node: '>= 0.4'}
-
-  is-weakmap@2.0.2:
-    resolution: {integrity: sha512-K5pXYOm9wqY1RgjpL3YTkF39tni1XajUIkawTLUo9EZEVUFga5gSQJF8nNS7ZwJQ02y+1YCNYcMh+HIf1ZqE+w==}
-    engines: {node: '>= 0.4'}
-
-  is-weakref@1.1.1:
-    resolution: {integrity: sha512-6i9mGWSlqzNMEqpCp93KwRS1uUOodk2OJ6b+sq7ZPDSy2WuI5NFIxp/254TytR8ftefexkWn5xNiHUNpPOfSew==}
-    engines: {node: '>= 0.4'}
-
-  is-weakset@2.0.4:
-    resolution: {integrity: sha512-mfcwb6IzQyOKTs84CQMrOwW4gQcaTOAWJ0zzJCl2WSPDrWk/OzDaImWFH3djXhb24g4eudZfLRozAvPGw4d9hQ==}
-    engines: {node: '>= 0.4'}
-
-  isarray@2.0.5:
-    resolution: {integrity: sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==}
-
   isbot@5.1.29:
     resolution: {integrity: sha512-DelDWWoa3mBoyWTq3wjp+GIWx/yZdN7zLUE7NFhKjAiJ+uJVRkbLlwykdduCE4sPUUy8mlTYTmdhBUYu91F+sw==}
     engines: {node: '>=18'}
@@ -3131,10 +2640,6 @@ packages:
     resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
     hasBin: true
 
-  jsep@1.4.0:
-    resolution: {integrity: sha512-B7qPcEVE3NVkmSJbaYxvv4cHkVW7DQsZz13pUMrfS8z8Q/BuShN+gcTXrUlPiGqM2/t/EEaI030bpxMqY8gMlw==}
-    engines: {node: '>= 10.16.0'}
-
   jsesc@3.1.0:
     resolution: {integrity: sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==}
     engines: {node: '>=6'}
@@ -3146,9 +2651,6 @@ packages:
   json-schema-traverse@0.4.1:
     resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
 
-  json-schema-traverse@1.0.0:
-    resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==}
-
   json-stable-stringify-without-jsonify@1.0.1:
     resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
 
@@ -3157,31 +2659,9 @@ packages:
     engines: {node: '>=6'}
     hasBin: true
 
-  jsonc-parser@2.2.1:
-    resolution: {integrity: sha512-o6/yDBYccGvTz1+QFevz6l6OBZ2+fMVu2JZ9CIhzsYRX4mjaK5IyX9eldUdCmga16zlgQxyrj5pt9kzuj2C02w==}
-
-  jsonfile@6.1.0:
-    resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==}
-
-  jsonpath-plus@10.3.0:
-    resolution: {integrity: sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==}
-    engines: {node: '>=18.0.0'}
-    hasBin: true
-
-  jsonpointer@5.0.1:
-    resolution: {integrity: sha512-p/nXbhSEcu3pZRdkW1OfJhpsVtW1gd4Wa1fnQc9YLiTfAjn0312eMKimbdIQzuZl9aa9xUGaRlP9T/CJE/ditQ==}
-    engines: {node: '>=0.10.0'}
-
-  jsonschema@1.5.0:
-    resolution: {integrity: sha512-K+A9hhqbn0f3pJX17Q/7H6yQfD/5OXgdrR5UE12gMXCiN9D5Xq2o5mddV2QEcX/bjla99ASsAAQUyMCCRWAEhw==}
-
   keyv@4.5.4:
     resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==}
 
-  leven@3.1.0:
-    resolution: {integrity: sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==}
-    engines: {node: '>=6'}
-
   levn@0.4.1:
     resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
     engines: {node: '>= 0.8.0'}
@@ -3250,9 +2730,6 @@ packages:
     resolution: {integrity: sha512-xi6IyHML+c9+Q3W0S4fCQJOym42pyurFiJUHEcEyHS0CeKzia4yZDEsLlqOFykxOdHpNy0NmvVO31vcSqAxJCg==}
     engines: {node: '>= 12.0.0'}
 
-  linkify-it@5.0.0:
-    resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==}
-
   locate-path@6.0.0:
     resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
     engines: {node: '>=10'}
@@ -3260,37 +2737,12 @@ packages:
   lodash-es@4.17.21:
     resolution: {integrity: sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==}
 
-  lodash.isempty@4.4.0:
-    resolution: {integrity: sha512-oKMuF3xEeqDltrGMfDxAPGIVMSSRv8tbRSODbrs4KGsRRLEhrW8N8Rd4DRgB2+621hY8A8XwwrTVhXWpxFvMzg==}
-
   lodash.merge@4.6.2:
     resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
 
-  lodash.omitby@4.6.0:
-    resolution: {integrity: sha512-5OrRcIVR75M288p4nbI2WLAf3ndw2GD9fyNv3Bc15+WCxJDdZ4lYndSxGd7hnG6PVjiJTeJE2dHEGhIuKGicIQ==}
-
-  lodash.topath@4.5.2:
-    resolution: {integrity: sha512-1/W4dM+35DwvE/iEd1M9ekewOSTlpFekhw9mhAtrwjVqUr83/ilQiyAvmg4tVX7Unkcfl1KC+i9WdaT4B6aQcg==}
-
-  lodash.uniq@4.5.0:
-    resolution: {integrity: sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==}
-
-  lodash.uniqby@4.7.0:
-    resolution: {integrity: sha512-e/zcLx6CSbmaEgFHCA7BnoQKyCtKMxnuWrJygbwPs/AIn+IMKl66L8/s+wBUn5LRw2pZx3bUHibiV1b6aTWIww==}
-
-  lodash.uniqwith@4.5.0:
-    resolution: {integrity: sha512-7lYL8bLopMoy4CTICbxygAUq6CdRJ36vFc80DucPueUee+d5NBRxz3FdT9Pes/HEx5mPoT9jwnsEJWz1N7uq7Q==}
-
   lodash@4.17.21:
     resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
 
-  loglevel-plugin-prefix@0.8.4:
-    resolution: {integrity: sha512-WpG9CcFAOjz/FtNht+QJeGpvVl/cdR6P0z6OcXSkr8wFJOsV2GRj2j10JLfjuA4aYkcKCNIEqRGCyTife9R8/g==}
-
-  loglevel@1.9.2:
-    resolution: {integrity: sha512-HgMmCqIJSAKqo68l0rS2AanEWfkxaZ5wNiEFb5ggm08lDs9Xl2KxBlX3PTcaD2chBM1gXAYf491/M2Rv8Jwayg==}
-    engines: {node: '>= 0.6.0'}
-
   longest-streak@3.1.0:
     resolution: {integrity: sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==}
 
@@ -3306,23 +2758,12 @@ packages:
     peerDependencies:
       react: ^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
-  lunr@2.3.9:
-    resolution: {integrity: sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==}
-
   magic-string@0.30.19:
     resolution: {integrity: sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw==}
 
-  markdown-it@14.1.0:
-    resolution: {integrity: sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==}
-    hasBin: true
-
   markdown-table@3.0.4:
     resolution: {integrity: sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw==}
 
-  math-intrinsics@1.1.0:
-    resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
-    engines: {node: '>= 0.4'}
-
   mdast-util-find-and-replace@3.0.2:
     resolution: {integrity: sha512-Tmd1Vg/m3Xz43afeNxDIhWRtFZgM2VLyaf4vSTYwudTyeuTneoL3qtWMA5jeLyz/O1vDJmmV4QuScFCA2tBPwg==}
 
@@ -3368,12 +2809,6 @@ packages:
   mdast-util-to-string@4.0.0:
     resolution: {integrity: sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg==}
 
-  mdurl@2.0.0:
-    resolution: {integrity: sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==}
-
-  merge-stream@2.0.0:
-    resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==}
-
   merge2@1.4.1:
     resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
     engines: {node: '>= 8'}
@@ -3466,25 +2901,9 @@ packages:
     resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==}
     engines: {node: '>=8.6'}
 
-  mime-db@1.52.0:
-    resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==}
-    engines: {node: '>= 0.6'}
-
-  mime-types@2.1.35:
-    resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==}
-    engines: {node: '>= 0.6'}
-
-  mimic-fn@2.1.0:
-    resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==}
-    engines: {node: '>=6'}
-
   minimatch@3.1.2:
     resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
 
-  minimatch@6.2.0:
-    resolution: {integrity: sha512-sauLxniAmvnhhRjFwPNnJKaPFYyddAgbYdeUpHULtCT/GhzdCx/MDNy+Y40lBxTQUrMzDE8e0S43Z5uqfO0REg==}
-    engines: {node: '>=10'}
-
   minimatch@9.0.5:
     resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==}
     engines: {node: '>=16 || 14 >=14.17'}
@@ -3513,94 +2932,21 @@ packages:
   natural-compare@1.4.0:
     resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
 
-  nimma@0.2.3:
-    resolution: {integrity: sha512-1ZOI8J+1PKKGceo/5CT5GfQOG6H8I2BencSK06YarZ2wXwH37BSSUWldqJmMJYA5JfqDqffxDXynt6f11AyKcA==}
-    engines: {node: ^12.20 || >=14.13}
-
-  node-fetch-h2@2.3.0:
-    resolution: {integrity: sha512-ofRW94Ab0T4AOh5Fk8t0h8OBWrmjb0SSB20xh1H8YnPV9EJ+f5AMoYSUQ2zgJ4Iq2HAK0I2l5/Nequ8YzFS3Hg==}
-    engines: {node: 4.x || >=6.0.0}
-
-  node-fetch@2.7.0:
-    resolution: {integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==}
-    engines: {node: 4.x || >=6.0.0}
-    peerDependencies:
-      encoding: ^0.1.0
-    peerDependenciesMeta:
-      encoding:
-        optional: true
-
-  node-readfiles@0.2.0:
-    resolution: {integrity: sha512-SU00ZarexNlE4Rjdm83vglt5Y9yiQ+XI1XpflWlb7q7UTN1JUItm69xMeiQCTxtTfnzt+83T8Cx+vI2ED++VDA==}
-
-  node-releases@2.0.19:
-    resolution: {integrity: sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw==}
+  node-releases@2.0.19:
+    resolution: {integrity: sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw==}
 
   normalize-path@3.0.0:
     resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
     engines: {node: '>=0.10.0'}
 
-  npm-run-path@4.0.1:
-    resolution: {integrity: sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==}
-    engines: {node: '>=8'}
-
-  oas-kit-common@1.0.8:
-    resolution: {integrity: sha512-pJTS2+T0oGIwgjGpw7sIRU8RQMcUoKCDWFLdBqKB2BNmGpbBMH2sdqAaOXUg8OzonZHU0L7vfJu1mJFEiYDWOQ==}
-
-  oas-linter@3.2.2:
-    resolution: {integrity: sha512-KEGjPDVoU5K6swgo9hJVA/qYGlwfbFx+Kg2QB/kd7rzV5N8N5Mg6PlsoCMohVnQmo+pzJap/F610qTodKzecGQ==}
-
-  oas-resolver@2.5.6:
-    resolution: {integrity: sha512-Yx5PWQNZomfEhPPOphFbZKi9W93CocQj18NlD2Pa4GWZzdZpSJvYwoiuurRI7m3SpcChrnO08hkuQDL3FGsVFQ==}
-    hasBin: true
-
-  oas-schema-walker@1.1.5:
-    resolution: {integrity: sha512-2yucenq1a9YPmeNExoUa9Qwrt9RFkjqaMAA1X+U7sbb0AqBeTIdMHky9SQQ6iN94bO5NW0W4TRYXerG+BdAvAQ==}
-
-  oas-validator@5.0.8:
-    resolution: {integrity: sha512-cu20/HE5N5HKqVygs3dt94eYJfBi0TsZvPVXDhbXQHiEityDN+RROTleefoKRKKJ9dFAF2JBkDHgvWj0sjKGmw==}
-
   object-assign@4.1.1:
     resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
     engines: {node: '>=0.10.0'}
 
-  object-inspect@1.13.4:
-    resolution: {integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==}
-    engines: {node: '>= 0.4'}
-
-  object-keys@1.1.1:
-    resolution: {integrity: sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==}
-    engines: {node: '>= 0.4'}
-
-  object.assign@4.1.7:
-    resolution: {integrity: sha512-nK28WOo+QIjBkDduTINE4JkF/UJJKyf2EJxvJKfblDpyg0Q+pkOHNTL0Qwy6NP6FhE/EnzV73BxxqcJaXY9anw==}
-    engines: {node: '>= 0.4'}
-
-  onetime@5.1.2:
-    resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==}
-    engines: {node: '>=6'}
-
-  openapi-types@12.1.3:
-    resolution: {integrity: sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw==}
-
-  openapi3-ts@4.2.2:
-    resolution: {integrity: sha512-+9g4actZKeb3czfi9gVQ4Br2Ju3KwhCAQJBNaKgye5KggqcBLIhFHH+nIkcm0BUX00TrAJl6dH4JWgM4G4JWrw==}
-
-  openapi3-ts@4.4.0:
-    resolution: {integrity: sha512-9asTNB9IkKEzWMcHmVZE7Ts3kC9G7AFHfs8i7caD8HbI76gEjdkId4z/AkP83xdZsH7PLAnnbl47qZkXuxpArw==}
-
   optionator@0.9.4:
     resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==}
     engines: {node: '>= 0.8.0'}
 
-  orval@7.11.2:
-    resolution: {integrity: sha512-Cjc/dgnQwAOkvymzvPpFqFc2nQwZ29E+ZFWUI8yKejleHaoFKIdwvkM/b1njtLEjePDcF0hyqXXCTz2wWaXLig==}
-    hasBin: true
-
-  own-keys@1.0.1:
-    resolution: {integrity: sha512-qFOyK5PjiWZd+QQIh+1jhdb9LpxTF0qs7Pm8o5QHYZ0M3vKqSqzsZaEB6oWlxZ+q2sJBMI/Ktgd2N5ZwQoRHfg==}
-    engines: {node: '>= 0.4'}
-
   p-limit@3.1.0:
     resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
     engines: {node: '>=10'}
@@ -3624,10 +2970,6 @@ packages:
     resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
     engines: {node: '>=8'}
 
-  path-type@4.0.0:
-    resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==}
-    engines: {node: '>=8'}
-
   picocolors@1.1.1:
     resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
 
@@ -3639,14 +2981,6 @@ packages:
     resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
     engines: {node: '>=12'}
 
-  pony-cause@1.1.1:
-    resolution: {integrity: sha512-PxkIc/2ZpLiEzQXu5YRDOUgBlfGYBY8156HY5ZcRAwwonMk5W/MrJP2LLkG/hF7GEQzaHo2aS7ho6ZLCOvf+6g==}
-    engines: {node: '>=12.0.0'}
-
-  possible-typed-array-names@1.1.0:
-    resolution: {integrity: sha512-/+5VFTchJDoVj3bhoqi6UeymcD00DAwb1nJwamzPvHEszJ4FpF6SNNbUbOS8yI56qHzdV8eK0qEfOSiodkTdxg==}
-    engines: {node: '>= 0.4'}
-
   postcss@8.5.6:
     resolution: {integrity: sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==}
     engines: {node: ^10 || ^12 || >=14}
@@ -3721,6 +3055,11 @@ packages:
     engines: {node: '>=14'}
     hasBin: true
 
+  prism-react-renderer@2.4.1:
+    resolution: {integrity: sha512-ey8Ls/+Di31eqzUxC46h8MksNuGx/n0AAC8uKpwFau4RPDYLuE3EXTp8N8G2vX2N7UC/+IXeNUnlWBGGcAG+Ig==}
+    peerDependencies:
+      react: '>=16.0.0'
+
   prop-types@15.8.1:
     resolution: {integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==}
 
@@ -3730,13 +3069,6 @@ packages:
   property-information@7.1.0:
     resolution: {integrity: sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==}
 
-  proxy-from-env@1.1.0:
-    resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==}
-
-  punycode.js@2.3.1:
-    resolution: {integrity: sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==}
-    engines: {node: '>=6'}
-
   punycode@2.3.1:
     resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
     engines: {node: '>=6'}
@@ -3857,10 +3189,6 @@ packages:
     resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
     engines: {node: '>=8.10.0'}
 
-  readdirp@4.1.2:
-    resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==}
-    engines: {node: '>= 14.18.0'}
-
   recast@0.23.11:
     resolution: {integrity: sha512-YTUo+Flmw4ZXiWfQKGcwwc11KnoRAYgzAE2E7mXKCjSviTKShtxBsN6YUUBB2gtaBzKzeKunxhUwNHQuRryhWA==}
     engines: {node: '>= 4'}
@@ -3875,17 +3203,6 @@ packages:
       react: ^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
       react-dom: ^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
-  reflect.getprototypeof@1.0.10:
-    resolution: {integrity: sha512-00o4I+DVrefhv+nX0ulyi3biSHCPDe+yLv5o/p6d/UVlirijB8E16FtfwSAi4g3tcqrQ4lRAqQSoFEZJehYEcw==}
-    engines: {node: '>= 0.4'}
-
-  reftools@1.1.9:
-    resolution: {integrity: sha512-OVede/NQE13xBQ+ob5CKd5KyeJYU2YInb1bmV4nRoOfquZPkAkxuOXicSe1PvqIuZZ4kD13sPKBbR7UFDmli6w==}
-
-  regexp.prototype.flags@1.5.4:
-    resolution: {integrity: sha512-dYqgNSZbDwkaJ2ceRd9ojCGjBq+mOm9LmtXnAnEGyHhN/5R7iDW2TRw3h+o/jCFxus3P2LfWIIiwowAjANm7IA==}
-    engines: {node: '>= 0.4'}
-
   remark-gfm@4.0.1:
     resolution: {integrity: sha512-1quofZ2RQ9EWdeN34S79+KExV1764+wCUGop5CPL1WGdD0ocPpu91lzPGbwWMECpEpd42kJGQwzRfyov9j4yNg==}
 
@@ -3898,14 +3215,6 @@ packages:
   remark-stringify@11.0.0:
     resolution: {integrity: sha512-1OSmLd3awB/t8qdoEOMazZkNsfVTeY4fTsgzcQFdXNq8ToTN4ZGwrMnlda4K6smTFKD+GRV6O48i6Z4iKgPPpw==}
 
-  require-directory@2.1.1:
-    resolution: {integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==}
-    engines: {node: '>=0.10.0'}
-
-  require-from-string@2.0.2:
-    resolution: {integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==}
-    engines: {node: '>=0.10.0'}
-
   resolve-from@4.0.0:
     resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
     engines: {node: '>=4'}
@@ -3925,21 +3234,6 @@ packages:
   run-parallel@1.2.0:
     resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
 
-  safe-array-concat@1.1.3:
-    resolution: {integrity: sha512-AURm5f0jYEOydBj7VQlVvDrjeFgthDdEF5H1dP+6mNpoXOMo1quQqJ4wvJDyRZ9+pO3kGWoOdmV08cSv2aJV6Q==}
-    engines: {node: '>=0.4'}
-
-  safe-push-apply@1.0.0:
-    resolution: {integrity: sha512-iKE9w/Z7xCzUMIZqdBsp6pEQvwuEebH4vdpjcDWnyzaI6yl6O9FHvVpmGelvEHNsoY6wGblkxR6Zty/h00WiSA==}
-    engines: {node: '>= 0.4'}
-
-  safe-regex-test@1.1.0:
-    resolution: {integrity: sha512-x/+Cz4YrimQxQccJf5mKEbIa1NzeCRNI5Ecl/ekmlYaampdNLPalVyIcCZNNH3MvmqBugV5TMYZXv0ljslUlaw==}
-    engines: {node: '>= 0.4'}
-
-  safe-stable-stringify@1.1.1:
-    resolution: {integrity: sha512-ERq4hUjKDbJfE4+XtZLFPCDi8Vb1JqaxAPTxWFLBx8XcAlf9Bda/ZJdVezs/NAfsMQScyIlUMx+Yeu7P7rx5jw==}
-
   scheduler@0.26.0:
     resolution: {integrity: sha512-NlHwttCI/l5gCPR3D1nNXtWABUmBwvZpEQiD4IXSbIDq8BzLIK/7Ir5gTFSGZDUu37K5cMNp0hFtzO38sC7gWA==}
 
@@ -3962,18 +3256,6 @@ packages:
     resolution: {integrity: sha512-RbcPH1n5cfwKrru7v7+zrZvjLurgHhGyso3HTyGtRivGWgYjbOmGuivCQaORNELjNONoK35nj28EoWul9sb1zQ==}
     engines: {node: '>=10'}
 
-  set-function-length@1.2.2:
-    resolution: {integrity: sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==}
-    engines: {node: '>= 0.4'}
-
-  set-function-name@2.0.2:
-    resolution: {integrity: sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==}
-    engines: {node: '>= 0.4'}
-
-  set-proto@1.0.0:
-    resolution: {integrity: sha512-RJRdvCo6IAnPdsvP/7m6bsQqNnn1FCBX5ZNtFL98MmFF/4xAIJTIg1YbHW5DC2W5SKZanrC6i4HsJqlajw/dZw==}
-    engines: {node: '>= 0.4'}
-
   shebang-command@2.0.0:
     resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
     engines: {node: '>=8'}
@@ -3982,51 +3264,6 @@ packages:
     resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
     engines: {node: '>=8'}
 
-  should-equal@2.0.0:
-    resolution: {integrity: sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA==}
-
-  should-format@3.0.3:
-    resolution: {integrity: sha512-hZ58adtulAk0gKtua7QxevgUaXTTXxIi8t41L3zo9AHvjXO1/7sdLECuHeIN2SRtYXpNkmhoUP2pdeWgricQ+Q==}
-
-  should-type-adaptors@1.1.0:
-    resolution: {integrity: sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA==}
-
-  should-type@1.4.0:
-    resolution: {integrity: sha512-MdAsTu3n25yDbIe1NeN69G4n6mUnJGtSJHygX3+oN0ZbO3DTiATnf7XnYJdGT42JCXurTb1JI0qOBR65shvhPQ==}
-
-  should-util@1.0.1:
-    resolution: {integrity: sha512-oXF8tfxx5cDk8r2kYqlkUJzZpDBqVY/II2WhvU0n9Y3XYvAYRmeaf1PvvIvTgPnv4KJ+ES5M0PyDq5Jp+Ygy2g==}
-
-  should@13.2.3:
-    resolution: {integrity: sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ==}
-
-  side-channel-list@1.0.0:
-    resolution: {integrity: sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==}
-    engines: {node: '>= 0.4'}
-
-  side-channel-map@1.0.1:
-    resolution: {integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==}
-    engines: {node: '>= 0.4'}
-
-  side-channel-weakmap@1.0.2:
-    resolution: {integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==}
-    engines: {node: '>= 0.4'}
-
-  side-channel@1.1.0:
-    resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==}
-    engines: {node: '>= 0.4'}
-
-  signal-exit@3.0.7:
-    resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
-
-  simple-eval@1.0.1:
-    resolution: {integrity: sha512-LH7FpTAkeD+y5xQC4fzS+tFtaNlvt3Ib1zKzvhjv/Y+cioV4zIuw4IZr2yhRLu67CWL7FR9/6KXKnjRoZTvGGQ==}
-    engines: {node: '>=12'}
-
-  slash@3.0.0:
-    resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==}
-    engines: {node: '>=8'}
-
   solid-js@1.9.9:
     resolution: {integrity: sha512-A0ZBPJQldAeGCTW0YRYJmt7RCeh5rbFfPZ2aOttgYnctHE7HgKeHCBB/PVc2P7eOfmNXqMFFFoYYdm3S4dcbkA==}
 
@@ -4051,41 +3288,9 @@ packages:
   space-separated-tokens@2.0.2:
     resolution: {integrity: sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==}
 
-  stop-iteration-iterator@1.1.0:
-    resolution: {integrity: sha512-eLoXW/DHyl62zxY4SCaIgnRhuMr6ri4juEYARS8E6sCEqzKpOiE521Ucofdx+KnDZl5xmvGYaaKCk5FEOxJCoQ==}
-    engines: {node: '>= 0.4'}
-
-  string-argv@0.3.2:
-    resolution: {integrity: sha512-aqD2Q0144Z+/RqG52NeHEkZauTAUWJO8c6yTftGJKO3Tja5tUgIfmIl6kExvhtxSDP7fXB6DvzkfMpCd/F3G+Q==}
-    engines: {node: '>=0.6.19'}
-
-  string-width@4.2.3:
-    resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==}
-    engines: {node: '>=8'}
-
-  string.prototype.trim@1.2.10:
-    resolution: {integrity: sha512-Rs66F0P/1kedk5lyYyH9uBzuiI/kNRmwJAR9quK6VOtIpZ2G+hMZd+HQbbv25MgCA6gEffoMZYxlTod4WcdrKA==}
-    engines: {node: '>= 0.4'}
-
-  string.prototype.trimend@1.0.9:
-    resolution: {integrity: sha512-G7Ok5C6E/j4SGfyLCloXTrngQIQU3PWtXGst3yM7Bea9FRURf1S42ZHlZZtsNque2FN2PoUhfZXYLNWwEr4dLQ==}
-    engines: {node: '>= 0.4'}
-
-  string.prototype.trimstart@1.0.8:
-    resolution: {integrity: sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==}
-    engines: {node: '>= 0.4'}
-
   stringify-entities@4.0.4:
     resolution: {integrity: sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg==}
 
-  strip-ansi@6.0.1:
-    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
-    engines: {node: '>=8'}
-
-  strip-final-newline@2.0.0:
-    resolution: {integrity: sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==}
-    engines: {node: '>=6'}
-
   strip-json-comments@3.1.1:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
@@ -4100,10 +3305,6 @@ packages:
     resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
     engines: {node: '>=8'}
 
-  swagger2openapi@7.0.8:
-    resolution: {integrity: sha512-upi/0ZGkYgEcLeGieoz8gT74oWHA0E7JivX7aN9mAf+Tc7BQoRBvnIGHoPDw+f9TXTW4s6kGYCZJtauP6OYp7g==}
-    hasBin: true
-
   tailwind-merge@3.3.1:
     resolution: {integrity: sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g==}
 
@@ -4138,9 +3339,6 @@ packages:
   toposort@2.0.2:
     resolution: {integrity: sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==}
 
-  tr46@0.0.3:
-    resolution: {integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==}
-
   trim-lines@3.0.1:
     resolution: {integrity: sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg==}
 
@@ -4153,19 +3351,6 @@ packages:
     peerDependencies:
       typescript: '>=4.8.4'
 
-  tsconfck@2.1.2:
-    resolution: {integrity: sha512-ghqN1b0puy3MhhviwO2kGF8SeMDNhEbnKxjK7h6+fvY9JAxqvXi8y5NAHSQv687OVboS2uZIByzGd45/YxrRHg==}
-    engines: {node: ^14.13.1 || ^16 || >=18}
-    hasBin: true
-    peerDependencies:
-      typescript: ^4.3.5 || ^5.0.0
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-
-  tslib@1.14.1:
-    resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==}
-
   tslib@2.0.1:
     resolution: {integrity: sha512-SgIkNheinmEBgx1IUNirK0TUD4X9yjjBRTqqjggWCU3pUEqIk3/Uwl3yRixYKT6WjQuGiwDv4NomL3wqRCj+CQ==}
 
@@ -4188,35 +3373,6 @@ packages:
     resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==}
     engines: {node: '>=12.20'}
 
-  typed-array-buffer@1.0.3:
-    resolution: {integrity: sha512-nAYYwfY3qnzX30IkA6AQZjVbtK6duGontcQm1WSG1MD94YLqK0515GNApXkoxKOWMusVssAHWLh9SeaoefYFGw==}
-    engines: {node: '>= 0.4'}
-
-  typed-array-byte-length@1.0.3:
-    resolution: {integrity: sha512-BaXgOuIxz8n8pIq3e7Atg/7s+DpiYrxn4vdot3w9KbnBhcRQq6o3xemQdIfynqSeXeDrF32x+WvfzmOjPiY9lg==}
-    engines: {node: '>= 0.4'}
-
-  typed-array-byte-offset@1.0.4:
-    resolution: {integrity: sha512-bTlAFB/FBYMcuX81gbL4OcpH5PmlFHqlCCpAl8AlEzMz5k53oNDvN8p1PNOWLEmI2x4orp3raOFB51tv9X+MFQ==}
-    engines: {node: '>= 0.4'}
-
-  typed-array-length@1.0.7:
-    resolution: {integrity: sha512-3KS2b+kL7fsuk/eJZ7EQdnEmQoaho/r6KUef7hxvltNA5DR8NAUM+8wJMbJyZ4G9/7i3v5zPBIMN5aybAh2/Jg==}
-    engines: {node: '>= 0.4'}
-
-  typedoc-plugin-markdown@4.8.1:
-    resolution: {integrity: sha512-ug7fc4j0SiJxSwBGLncpSo8tLvrT9VONvPUQqQDTKPxCoFQBADLli832RGPtj6sfSVJebNSrHZQRUdEryYH/7g==}
-    engines: {node: '>= 18'}
-    peerDependencies:
-      typedoc: 0.28.x
-
-  typedoc@0.28.7:
-    resolution: {integrity: sha512-lpz0Oxl6aidFkmS90VQDQjk/Qf2iw0IUvFqirdONBdj7jPSN9mGXhy66BcGNDxx5ZMyKKiBVAREvPEzT6Uxipw==}
-    engines: {node: '>= 18', pnpm: '>= 10'}
-    hasBin: true
-    peerDependencies:
-      typescript: 5.0.x || 5.1.x || 5.2.x || 5.3.x || 5.4.x || 5.5.x || 5.6.x || 5.7.x || 5.8.x
-
   typescript-eslint@8.43.0:
     resolution: {integrity: sha512-FyRGJKUGvcFekRRcBKFBlAhnp4Ng8rhe8tuvvkR9OiU0gfd4vyvTRQHEckO6VDlH57jbeUQem2IpqPq9kLJH+w==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
@@ -4229,13 +3385,6 @@ packages:
     engines: {node: '>=14.17'}
     hasBin: true
 
-  uc.micro@2.1.0:
-    resolution: {integrity: sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==}
-
-  unbox-primitive@1.1.0:
-    resolution: {integrity: sha512-nWJ91DjeOkej/TA8pXQ3myruKpKEYgqvpw9lz4OPHj/NWFNluYrjbz9j01CJ8yKQd2g4jFoOkINCTW2I5LEEyw==}
-    engines: {node: '>= 0.4'}
-
   undici-types@7.10.0:
     resolution: {integrity: sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==}
 
@@ -4257,10 +3406,6 @@ packages:
   unist-util-visit@5.0.0:
     resolution: {integrity: sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg==}
 
-  universalify@2.0.1:
-    resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==}
-    engines: {node: '>= 10.0.0'}
-
   unplugin@2.3.6:
     resolution: {integrity: sha512-+/MdXl8bLTXI2lJF22gUBeCFqZruEpL/oM9f8wxCuKh9+Mw9qeul3gTqgbKpMeOFlusCzc0s7x2Kax2xKW+FQg==}
     engines: {node: '>=18.12.0'}
@@ -4274,9 +3419,6 @@ packages:
   uri-js@4.4.1:
     resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
 
-  urijs@1.19.11:
-    resolution: {integrity: sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==}
-
   use-callback-ref@1.3.3:
     resolution: {integrity: sha512-jQL3lRnocaFtu3V00JToYz/4QkNWswxijDaCVNZRiRTO3HQDLsdu1ZtmIUvV4yPp+rvWm5j0y0TG/S61cuijTg==}
     engines: {node: '>=10'}
@@ -4302,14 +3444,6 @@ packages:
     peerDependencies:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
-  utility-types@3.11.0:
-    resolution: {integrity: sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==}
-    engines: {node: '>= 4'}
-
-  validator@13.15.15:
-    resolution: {integrity: sha512-BgWVbCI72aIQy937xbawcs+hrVaN/CZ2UwutgaJ36hGqRrLNM+f5LUT/YPRbo8IV/ASeFzXszezV+y2+rq3l8A==}
-    engines: {node: '>= 0.10'}
-
   vfile-message@4.0.3:
     resolution: {integrity: sha512-QTHzsGd1EhbZs4AsQ20JX1rC3cOlt/IWJruk893DfLRr57lcnOeMaWG4K0JrRta4mIJZKth2Au3mM3u03/JWKw==}
 
@@ -4359,31 +3493,9 @@ packages:
       yaml:
         optional: true
 
-  webidl-conversions@3.0.1:
-    resolution: {integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==}
-
   webpack-virtual-modules@0.6.2:
     resolution: {integrity: sha512-66/V2i5hQanC51vBQKPH4aI8NMAcBW59FVBs+rC7eGHupMyfn34q7rZIE+ETlJ+XTevqfUhVVBgSUNSW2flEUQ==}
 
-  whatwg-url@5.0.0:
-    resolution: {integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==}
-
-  which-boxed-primitive@1.1.1:
-    resolution: {integrity: sha512-TbX3mj8n0odCBFVlY8AxkqcHASw3L60jIuF8jFP78az3C2YhmGvqbHBpAjTRH2/xqYunrJ9g1jSyjCjpoWzIAA==}
-    engines: {node: '>= 0.4'}
-
-  which-builtin-type@1.2.1:
-    resolution: {integrity: sha512-6iBczoX+kDQ7a3+YJBnh3T+KZRxM/iYNPXicqk66/Qfm1b93iu+yOImkg0zHbj5LNOcNv1TEADiZ0xa34B4q6Q==}
-    engines: {node: '>= 0.4'}
-
-  which-collection@1.0.2:
-    resolution: {integrity: sha512-K4jVyjnBdgvc86Y6BkaLZEN933SwYOuBFkdmBu9ZfkcAbdVbpITnDmjvZ/aQjRXQrv5EPkTnD1s39GiiqbngCw==}
-    engines: {node: '>= 0.4'}
-
-  which-typed-array@1.1.19:
-    resolution: {integrity: sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==}
-    engines: {node: '>= 0.4'}
-
   which@2.0.2:
     resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
     engines: {node: '>= 8'}
@@ -4393,14 +3505,6 @@ packages:
     resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
     engines: {node: '>=0.10.0'}
 
-  wrap-ansi@7.0.0:
-    resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==}
-    engines: {node: '>=10'}
-
-  y18n@5.0.8:
-    resolution: {integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==}
-    engines: {node: '>=10'}
-
   yallist@3.1.1:
     resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==}
 
@@ -4408,23 +3512,11 @@ packages:
     resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==}
     engines: {node: '>=18'}
 
-  yaml@1.10.2:
-    resolution: {integrity: sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==}
-    engines: {node: '>= 6'}
-
   yaml@2.8.0:
     resolution: {integrity: sha512-4lLa/EcQCB0cJkyts+FpIRx5G/llPxfP6VQU5KByHEhLxY3IJCH0f0Hy1MHI8sClTvsIb8qwRJ6R/ZdlDJ/leQ==}
     engines: {node: '>= 14.6'}
     hasBin: true
 
-  yargs-parser@21.1.1:
-    resolution: {integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==}
-    engines: {node: '>=12'}
-
-  yargs@17.7.2:
-    resolution: {integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==}
-    engines: {node: '>=12'}
-
   yocto-queue@0.1.0:
     resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
     engines: {node: '>=10'}
@@ -4435,6 +3527,9 @@ packages:
   zod@3.25.76:
     resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
 
+  zod@4.1.11:
+    resolution: {integrity: sha512-WPsqwxITS2tzx1bzhIKsEs19ABD5vmCVa4xBo2tq/SrV4RNZtfws1EnCWQXM6yh8bD08a1idvkB5MZSBiZsjwg==}
+
   zustand@5.0.8:
     resolution: {integrity: sha512-gyPKpIaxY9XcO2vSMrLbiER7QMAMGOQZVRdJ6Zi782jkbzZygq5GI9nG8g+sMgitRtndwaBSl7uiqC49o1SSiw==}
     engines: {node: '>=12.20.0'}
@@ -4463,31 +3558,6 @@ snapshots:
       '@jridgewell/gen-mapping': 0.3.12
       '@jridgewell/trace-mapping': 0.3.29
 
-  '@apidevtools/json-schema-ref-parser@11.7.2':
-    dependencies:
-      '@jsdevtools/ono': 7.1.3
-      '@types/json-schema': 7.0.15
-      js-yaml: 4.1.0
-
-  '@apidevtools/openapi-schemas@2.1.0': {}
-
-  '@apidevtools/swagger-methods@3.0.2': {}
-
-  '@apidevtools/swagger-parser@10.1.1(openapi-types@12.1.3)':
-    dependencies:
-      '@apidevtools/json-schema-ref-parser': 11.7.2
-      '@apidevtools/openapi-schemas': 2.1.0
-      '@apidevtools/swagger-methods': 3.0.2
-      '@jsdevtools/ono': 7.1.3
-      ajv: 8.17.1
-      ajv-draft-04: 1.0.0(ajv@8.17.1)
-      call-me-maybe: 1.0.2
-      openapi-types: 12.1.3
-
-  '@asyncapi/specs@6.8.1':
-    dependencies:
-      '@types/json-schema': 7.0.15
-
   '@babel/code-frame@7.27.1':
     dependencies:
       '@babel/helper-validator-identifier': 7.27.1
@@ -4676,6 +3746,34 @@ snapshots:
       '@babel/helper-string-parser': 7.27.1
       '@babel/helper-validator-identifier': 7.27.1
 
+  '@bufbuild/protobuf@2.9.0': {}
+
+  '@connectrpc/connect-query-core@2.2.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))(@tanstack/query-core@5.90.2)':
+    dependencies:
+      '@bufbuild/protobuf': 2.9.0
+      '@connectrpc/connect': 2.1.0(@bufbuild/protobuf@2.9.0)
+      '@tanstack/query-core': 5.90.2
+
+  '@connectrpc/connect-query@2.2.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))(@tanstack/query-core@5.90.2)(@tanstack/react-query@5.90.2(react@19.1.1))(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
+    dependencies:
+      '@bufbuild/protobuf': 2.9.0
+      '@connectrpc/connect': 2.1.0(@bufbuild/protobuf@2.9.0)
+      '@connectrpc/connect-query-core': 2.2.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))(@tanstack/query-core@5.90.2)
+      '@tanstack/react-query': 5.90.2(react@19.1.1)
+      react: 19.1.1
+      react-dom: 19.1.1(react@19.1.1)
+    transitivePeerDependencies:
+      - '@tanstack/query-core'
+
+  '@connectrpc/connect-web@2.1.0(@bufbuild/protobuf@2.9.0)(@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0))':
+    dependencies:
+      '@bufbuild/protobuf': 2.9.0
+      '@connectrpc/connect': 2.1.0(@bufbuild/protobuf@2.9.0)
+
+  '@connectrpc/connect@2.1.0(@bufbuild/protobuf@2.9.0)':
+    dependencies:
+      '@bufbuild/protobuf': 2.9.0
+
   '@esbuild/aix-ppc64@0.25.9':
     optional: true
 
@@ -4803,8 +3901,6 @@ snapshots:
       '@eslint/core': 0.15.2
       levn: 0.4.1
 
-  '@exodus/schemasafe@1.3.0': {}
-
   '@floating-ui/core@1.7.2':
     dependencies:
       '@floating-ui/utils': 0.2.10
@@ -4822,14 +3918,6 @@ snapshots:
 
   '@floating-ui/utils@0.2.10': {}
 
-  '@gerrit0/mini-shiki@3.8.1':
-    dependencies:
-      '@shikijs/engine-oniguruma': 3.8.1
-      '@shikijs/langs': 3.8.1
-      '@shikijs/themes': 3.8.1
-      '@shikijs/types': 3.8.1
-      '@shikijs/vscode-textmate': 10.0.2
-
   '@humanfs/core@0.19.1': {}
 
   '@humanfs/node@0.16.6':
@@ -4843,24 +3931,6 @@ snapshots:
 
   '@humanwhocodes/retry@0.4.3': {}
 
-  '@ibm-cloud/openapi-ruleset-utilities@1.9.0': {}
-
-  '@ibm-cloud/openapi-ruleset@1.31.1':
-    dependencies:
-      '@ibm-cloud/openapi-ruleset-utilities': 1.9.0
-      '@stoplight/spectral-formats': 1.8.2
-      '@stoplight/spectral-functions': 1.10.1
-      '@stoplight/spectral-rulesets': 1.22.0
-      chalk: 4.1.2
-      jsonschema: 1.5.0
-      lodash: 4.17.21
-      loglevel: 1.9.2
-      loglevel-plugin-prefix: 0.8.4
-      minimatch: 6.2.0
-      validator: 13.15.15
-    transitivePeerDependencies:
-      - encoding
-
   '@isaacs/fs-minipass@4.0.1':
     dependencies:
       minipass: 7.1.2
@@ -4886,20 +3956,6 @@ snapshots:
       '@jridgewell/resolve-uri': 3.1.2
       '@jridgewell/sourcemap-codec': 1.5.4
 
-  '@jsdevtools/ono@7.1.3': {}
-
-  '@jsep-plugin/assignment@1.3.0(jsep@1.4.0)':
-    dependencies:
-      jsep: 1.4.0
-
-  '@jsep-plugin/regex@1.0.4(jsep@1.4.0)':
-    dependencies:
-      jsep: 1.4.0
-
-  '@jsep-plugin/ternary@1.1.4(jsep@1.4.0)':
-    dependencies:
-      jsep: 1.4.0
-
   '@nodelib/fs.scandir@2.1.5':
     dependencies:
       '@nodelib/fs.stat': 2.0.5
@@ -4912,112 +3968,6 @@ snapshots:
       '@nodelib/fs.scandir': 2.1.5
       fastq: 1.19.1
 
-  '@orval/angular@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/axios@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/core@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@apidevtools/swagger-parser': 10.1.1(openapi-types@12.1.3)
-      '@ibm-cloud/openapi-ruleset': 1.31.1
-      acorn: 8.15.0
-      ajv: 8.17.1
-      chalk: 4.1.2
-      compare-versions: 6.1.1
-      debug: 4.4.1
-      esbuild: 0.25.9
-      esutils: 2.0.3
-      fs-extra: 11.3.0
-      globby: 11.1.0
-      lodash.isempty: 4.4.0
-      lodash.uniq: 4.5.0
-      lodash.uniqby: 4.7.0
-      lodash.uniqwith: 4.5.0
-      micromatch: 4.0.8
-      openapi3-ts: 4.4.0
-      swagger2openapi: 7.0.8
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/fetch@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/hono@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      '@orval/zod': 7.11.2(openapi-types@12.1.3)
-      lodash.uniq: 4.5.0
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/mcp@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      '@orval/fetch': 7.11.2(openapi-types@12.1.3)
-      '@orval/zod': 7.11.2(openapi-types@12.1.3)
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/mock@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      openapi3-ts: 4.4.0
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/query@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      '@orval/fetch': 7.11.2(openapi-types@12.1.3)
-      lodash.omitby: 4.6.0
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/swr@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      '@orval/fetch': 7.11.2(openapi-types@12.1.3)
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  '@orval/zod@7.11.2(openapi-types@12.1.3)':
-    dependencies:
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      lodash.uniq: 4.5.0
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
   '@radix-ui/number@1.1.1': {}
 
   '@radix-ui/primitive@1.0.0':
@@ -5242,28 +4192,6 @@ snapshots:
       '@types/react': 19.1.12
       '@types/react-dom': 19.1.9(@types/react@19.1.12)
 
-  '@radix-ui/react-dialog@1.1.14(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
-    dependencies:
-      '@radix-ui/primitive': 1.1.2
-      '@radix-ui/react-compose-refs': 1.1.2(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-context': 1.1.2(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-dismissable-layer': 1.1.10(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      '@radix-ui/react-focus-guards': 1.1.2(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-focus-scope': 1.1.7(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      '@radix-ui/react-id': 1.1.1(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-portal': 1.1.9(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      '@radix-ui/react-presence': 1.1.4(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
-      '@radix-ui/react-slot': 1.2.3(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-use-controllable-state': 1.2.2(@types/react@19.1.12)(react@19.1.1)
-      aria-hidden: 1.2.6
-      react: 19.1.1
-      react-dom: 19.1.1(react@19.1.1)
-      react-remove-scroll: 2.7.1(@types/react@19.1.12)(react@19.1.1)
-    optionalDependencies:
-      '@types/react': 19.1.12
-      '@types/react-dom': 19.1.9(@types/react@19.1.12)
-
   '@radix-ui/react-dialog@1.1.15(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
     dependencies:
       '@radix-ui/primitive': 1.1.3
@@ -6189,212 +5117,29 @@ snapshots:
   '@rollup/rollup-win32-x64-msvc@4.44.2':
     optional: true
 
-  '@shikijs/engine-oniguruma@3.8.1':
-    dependencies:
-      '@shikijs/types': 3.8.1
-      '@shikijs/vscode-textmate': 10.0.2
+  '@swc/core-darwin-arm64@1.13.3':
+    optional: true
 
-  '@shikijs/langs@3.8.1':
-    dependencies:
-      '@shikijs/types': 3.8.1
+  '@swc/core-darwin-x64@1.13.3':
+    optional: true
 
-  '@shikijs/themes@3.8.1':
-    dependencies:
-      '@shikijs/types': 3.8.1
+  '@swc/core-linux-arm-gnueabihf@1.13.3':
+    optional: true
 
-  '@shikijs/types@3.8.1':
-    dependencies:
-      '@shikijs/vscode-textmate': 10.0.2
-      '@types/hast': 3.0.4
+  '@swc/core-linux-arm64-gnu@1.13.3':
+    optional: true
 
-  '@shikijs/vscode-textmate@10.0.2': {}
+  '@swc/core-linux-arm64-musl@1.13.3':
+    optional: true
 
-  '@stoplight/better-ajv-errors@1.0.3(ajv@8.17.1)':
-    dependencies:
-      ajv: 8.17.1
-      jsonpointer: 5.0.1
-      leven: 3.1.0
+  '@swc/core-linux-x64-gnu@1.13.3':
+    optional: true
 
-  '@stoplight/json-ref-readers@1.2.2':
-    dependencies:
-      node-fetch: 2.7.0
-      tslib: 1.14.1
-    transitivePeerDependencies:
-      - encoding
+  '@swc/core-linux-x64-musl@1.13.3':
+    optional: true
 
-  '@stoplight/json-ref-resolver@3.1.6':
-    dependencies:
-      '@stoplight/json': 3.21.7
-      '@stoplight/path': 1.3.2
-      '@stoplight/types': 13.20.0
-      '@types/urijs': 1.19.25
-      dependency-graph: 0.11.0
-      fast-memoize: 2.5.2
-      immer: 9.0.21
-      lodash: 4.17.21
-      tslib: 2.8.1
-      urijs: 1.19.11
-
-  '@stoplight/json@3.21.7':
-    dependencies:
-      '@stoplight/ordered-object-literal': 1.0.5
-      '@stoplight/path': 1.3.2
-      '@stoplight/types': 13.20.0
-      jsonc-parser: 2.2.1
-      lodash: 4.17.21
-      safe-stable-stringify: 1.1.1
-
-  '@stoplight/ordered-object-literal@1.0.5': {}
-
-  '@stoplight/path@1.3.2': {}
-
-  '@stoplight/spectral-core@1.20.0':
-    dependencies:
-      '@stoplight/better-ajv-errors': 1.0.3(ajv@8.17.1)
-      '@stoplight/json': 3.21.7
-      '@stoplight/path': 1.3.2
-      '@stoplight/spectral-parsers': 1.0.5
-      '@stoplight/spectral-ref-resolver': 1.0.5
-      '@stoplight/spectral-runtime': 1.1.4
-      '@stoplight/types': 13.6.0
-      '@types/es-aggregate-error': 1.0.6
-      '@types/json-schema': 7.0.15
-      ajv: 8.17.1
-      ajv-errors: 3.0.0(ajv@8.17.1)
-      ajv-formats: 2.1.1(ajv@8.17.1)
-      es-aggregate-error: 1.0.14
-      jsonpath-plus: 10.3.0
-      lodash: 4.17.21
-      lodash.topath: 4.5.2
-      minimatch: 3.1.2
-      nimma: 0.2.3
-      pony-cause: 1.1.1
-      simple-eval: 1.0.1
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/spectral-formats@1.8.2':
-    dependencies:
-      '@stoplight/json': 3.21.7
-      '@stoplight/spectral-core': 1.20.0
-      '@types/json-schema': 7.0.15
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/spectral-functions@1.10.1':
-    dependencies:
-      '@stoplight/better-ajv-errors': 1.0.3(ajv@8.17.1)
-      '@stoplight/json': 3.21.7
-      '@stoplight/spectral-core': 1.20.0
-      '@stoplight/spectral-formats': 1.8.2
-      '@stoplight/spectral-runtime': 1.1.4
-      ajv: 8.17.1
-      ajv-draft-04: 1.0.0(ajv@8.17.1)
-      ajv-errors: 3.0.0(ajv@8.17.1)
-      ajv-formats: 2.1.1(ajv@8.17.1)
-      lodash: 4.17.21
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/spectral-parsers@1.0.5':
-    dependencies:
-      '@stoplight/json': 3.21.7
-      '@stoplight/types': 14.1.1
-      '@stoplight/yaml': 4.3.0
-      tslib: 2.8.1
-
-  '@stoplight/spectral-ref-resolver@1.0.5':
-    dependencies:
-      '@stoplight/json-ref-readers': 1.2.2
-      '@stoplight/json-ref-resolver': 3.1.6
-      '@stoplight/spectral-runtime': 1.1.4
-      dependency-graph: 0.11.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/spectral-rulesets@1.22.0':
-    dependencies:
-      '@asyncapi/specs': 6.8.1
-      '@stoplight/better-ajv-errors': 1.0.3(ajv@8.17.1)
-      '@stoplight/json': 3.21.7
-      '@stoplight/spectral-core': 1.20.0
-      '@stoplight/spectral-formats': 1.8.2
-      '@stoplight/spectral-functions': 1.10.1
-      '@stoplight/spectral-runtime': 1.1.4
-      '@stoplight/types': 13.20.0
-      '@types/json-schema': 7.0.15
-      ajv: 8.17.1
-      ajv-formats: 2.1.1(ajv@8.17.1)
-      json-schema-traverse: 1.0.0
-      leven: 3.1.0
-      lodash: 4.17.21
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/spectral-runtime@1.1.4':
-    dependencies:
-      '@stoplight/json': 3.21.7
-      '@stoplight/path': 1.3.2
-      '@stoplight/types': 13.20.0
-      abort-controller: 3.0.0
-      lodash: 4.17.21
-      node-fetch: 2.7.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - encoding
-
-  '@stoplight/types@13.20.0':
-    dependencies:
-      '@types/json-schema': 7.0.15
-      utility-types: 3.11.0
-
-  '@stoplight/types@13.6.0':
-    dependencies:
-      '@types/json-schema': 7.0.15
-      utility-types: 3.11.0
-
-  '@stoplight/types@14.1.1':
-    dependencies:
-      '@types/json-schema': 7.0.15
-      utility-types: 3.11.0
-
-  '@stoplight/yaml-ast-parser@0.0.50': {}
-
-  '@stoplight/yaml@4.3.0':
-    dependencies:
-      '@stoplight/ordered-object-literal': 1.0.5
-      '@stoplight/types': 14.1.1
-      '@stoplight/yaml-ast-parser': 0.0.50
-      tslib: 2.8.1
-
-  '@swc/core-darwin-arm64@1.13.3':
-    optional: true
-
-  '@swc/core-darwin-x64@1.13.3':
-    optional: true
-
-  '@swc/core-linux-arm-gnueabihf@1.13.3':
-    optional: true
-
-  '@swc/core-linux-arm64-gnu@1.13.3':
-    optional: true
-
-  '@swc/core-linux-arm64-musl@1.13.3':
-    optional: true
-
-  '@swc/core-linux-x64-gnu@1.13.3':
-    optional: true
-
-  '@swc/core-linux-x64-musl@1.13.3':
-    optional: true
-
-  '@swc/core-win32-arm64-msvc@1.13.3':
-    optional: true
+  '@swc/core-win32-arm64-msvc@1.13.3':
+    optional: true
 
   '@swc/core-win32-ia32-msvc@1.13.3':
     optional: true
@@ -6495,8 +5240,32 @@ snapshots:
       tailwindcss: 4.1.13
       vite: 7.1.5(@types/node@24.3.1)(jiti@2.5.1)(lightningcss@1.30.1)(tsx@4.20.4)(yaml@2.8.0)
 
+  '@tanstack/devtools-event-client@0.3.3': {}
+
+  '@tanstack/form-core@1.24.3':
+    dependencies:
+      '@tanstack/devtools-event-client': 0.3.3
+      '@tanstack/store': 0.7.7
+
   '@tanstack/history@1.131.2': {}
 
+  '@tanstack/query-core@5.90.2': {}
+
+  '@tanstack/react-form@1.23.7(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
+    dependencies:
+      '@tanstack/form-core': 1.24.3
+      '@tanstack/react-store': 0.7.7(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
+      decode-formdata: 0.9.0
+      devalue: 5.4.1
+      react: 19.1.1
+    transitivePeerDependencies:
+      - react-dom
+
+  '@tanstack/react-query@5.90.2(react@19.1.1)':
+    dependencies:
+      '@tanstack/query-core': 5.90.2
+      react: 19.1.1
+
   '@tanstack/react-router-devtools@1.131.36(@tanstack/react-router@1.131.36(react-dom@19.1.1(react@19.1.1))(react@19.1.1))(@tanstack/router-core@1.131.36)(csstype@3.1.3)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)(solid-js@1.9.9)(tiny-invariant@1.3.3)':
     dependencies:
       '@tanstack/react-router': 1.131.36(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
@@ -6527,6 +5296,13 @@ snapshots:
       react-dom: 19.1.1(react@19.1.1)
       use-sync-external-store: 1.5.0(react@19.1.1)
 
+  '@tanstack/react-store@0.7.7(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
+    dependencies:
+      '@tanstack/store': 0.7.7
+      react: 19.1.1
+      react-dom: 19.1.1(react@19.1.1)
+      use-sync-external-store: 1.5.0(react@19.1.1)
+
   '@tanstack/react-table@8.21.3(react-dom@19.1.1(react@19.1.1))(react@19.1.1)':
     dependencies:
       '@tanstack/table-core': 8.21.3
@@ -6601,6 +5377,8 @@ snapshots:
 
   '@tanstack/store@0.7.2': {}
 
+  '@tanstack/store@0.7.7': {}
+
   '@tanstack/table-core@8.21.3': {}
 
   '@tanstack/virtual-file-routes@1.131.2': {}
@@ -6633,10 +5411,6 @@ snapshots:
     dependencies:
       '@types/ms': 2.1.0
 
-  '@types/es-aggregate-error@1.0.6':
-    dependencies:
-      '@types/node': 24.3.1
-
   '@types/estree-jsx@1.0.5':
     dependencies:
       '@types/estree': 1.0.8
@@ -6664,6 +5438,8 @@ snapshots:
     dependencies:
       undici-types: 7.10.0
 
+  '@types/prismjs@1.26.5': {}
+
   '@types/react-dom@19.1.9(@types/react@19.1.12)':
     dependencies:
       '@types/react': 19.1.12
@@ -6676,8 +5452,6 @@ snapshots:
 
   '@types/unist@3.0.3': {}
 
-  '@types/urijs@1.19.25': {}
-
   '@typescript-eslint/eslint-plugin@8.43.0(@typescript-eslint/parser@8.43.0(eslint@9.35.0(jiti@2.5.1))(typescript@5.9.2))(eslint@9.35.0(jiti@2.5.1))(typescript@5.9.2)':
     dependencies:
       '@eslint-community/regexpp': 4.12.1
@@ -6781,28 +5555,12 @@ snapshots:
     transitivePeerDependencies:
       - '@swc/helpers'
 
-  abort-controller@3.0.0:
-    dependencies:
-      event-target-shim: 5.0.1
-
   acorn-jsx@5.3.2(acorn@8.15.0):
     dependencies:
       acorn: 8.15.0
 
   acorn@8.15.0: {}
 
-  ajv-draft-04@1.0.0(ajv@8.17.1):
-    optionalDependencies:
-      ajv: 8.17.1
-
-  ajv-errors@3.0.0(ajv@8.17.1):
-    dependencies:
-      ajv: 8.17.1
-
-  ajv-formats@2.1.1(ajv@8.17.1):
-    optionalDependencies:
-      ajv: 8.17.1
-
   ajv@6.12.6:
     dependencies:
       fast-deep-equal: 3.1.3
@@ -6810,17 +5568,6 @@ snapshots:
       json-schema-traverse: 0.4.1
       uri-js: 4.4.1
 
-  ajv@8.17.1:
-    dependencies:
-      fast-deep-equal: 3.1.3
-      fast-uri: 3.0.6
-      json-schema-traverse: 1.0.0
-      require-from-string: 2.0.2
-
-  ansi-colors@4.1.3: {}
-
-  ansi-regex@5.0.1: {}
-
   ansi-styles@4.3.0:
     dependencies:
       color-convert: 2.0.1
@@ -6838,47 +5585,12 @@ snapshots:
     dependencies:
       tslib: 2.8.1
 
-  array-buffer-byte-length@1.0.2:
-    dependencies:
-      call-bound: 1.0.4
-      is-array-buffer: 3.0.5
-
   array-move@3.0.1: {}
 
-  array-union@2.1.0: {}
-
-  arraybuffer.prototype.slice@1.0.4:
-    dependencies:
-      array-buffer-byte-length: 1.0.2
-      call-bind: 1.0.8
-      define-properties: 1.2.1
-      es-abstract: 1.24.0
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-      is-array-buffer: 3.0.5
-
   ast-types@0.16.1:
     dependencies:
       tslib: 2.8.1
 
-  astring@1.9.0: {}
-
-  async-function@1.0.0: {}
-
-  asynckit@0.4.0: {}
-
-  available-typed-arrays@1.0.7:
-    dependencies:
-      possible-typed-array-names: 1.1.0
-
-  axios@1.11.0:
-    dependencies:
-      follow-redirects: 1.15.9
-      form-data: 4.0.4
-      proxy-from-env: 1.1.0
-    transitivePeerDependencies:
-      - debug
-
   babel-dead-code-elimination@1.0.10:
     dependencies:
       '@babel/core': 7.28.3
@@ -6914,27 +5626,6 @@ snapshots:
       node-releases: 2.0.19
       update-browserslist-db: 1.1.3(browserslist@4.25.2)
 
-  cac@6.7.14: {}
-
-  call-bind-apply-helpers@1.0.2:
-    dependencies:
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-
-  call-bind@1.0.8:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      es-define-property: 1.0.1
-      get-intrinsic: 1.3.0
-      set-function-length: 1.2.2
-
-  call-bound@1.0.4:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      get-intrinsic: 1.3.0
-
-  call-me-maybe@1.0.2: {}
-
   callsites@3.1.0: {}
 
   caniuse-lite@1.0.30001735: {}
@@ -6966,22 +5657,12 @@ snapshots:
     optionalDependencies:
       fsevents: 2.3.3
 
-  chokidar@4.0.3:
-    dependencies:
-      readdirp: 4.1.2
-
   chownr@3.0.0: {}
 
   class-variance-authority@0.7.1:
     dependencies:
       clsx: 2.1.1
 
-  cliui@8.0.1:
-    dependencies:
-      string-width: 4.2.3
-      strip-ansi: 6.0.1
-      wrap-ansi: 7.0.0
-
   clsx@2.1.1: {}
 
   cmdk@0.2.1(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1):
@@ -6995,7 +5676,7 @@ snapshots:
   cmdk@1.1.1(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1):
     dependencies:
       '@radix-ui/react-compose-refs': 1.1.2(@types/react@19.1.12)(react@19.1.1)
-      '@radix-ui/react-dialog': 1.1.14(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
+      '@radix-ui/react-dialog': 1.1.15(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
       '@radix-ui/react-id': 1.1.1(@types/react@19.1.12)(react@19.1.1)
       '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1)
       react: 19.1.1
@@ -7010,14 +5691,8 @@ snapshots:
 
   color-name@1.1.4: {}
 
-  combined-stream@1.0.8:
-    dependencies:
-      delayed-stream: 1.0.0
-
   comma-separated-tokens@2.0.3: {}
 
-  compare-versions@6.1.1: {}
-
   concat-map@0.0.1: {}
 
   convert-source-map@2.0.0: {}
@@ -7070,30 +5745,14 @@ snapshots:
 
   d3-timer@3.0.1: {}
 
-  data-view-buffer@1.0.2:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      is-data-view: 1.0.2
-
-  data-view-byte-length@1.0.2:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      is-data-view: 1.0.2
-
-  data-view-byte-offset@1.0.1:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      is-data-view: 1.0.2
-
   debug@4.4.1:
     dependencies:
       ms: 2.1.3
 
   decimal.js-light@2.5.1: {}
 
+  decode-formdata@0.9.0: {}
+
   decode-named-character-reference@1.2.0:
     dependencies:
       character-entities: 2.0.2
@@ -7102,49 +5761,25 @@ snapshots:
 
   deepmerge@2.2.1: {}
 
-  define-data-property@1.1.4:
-    dependencies:
-      es-define-property: 1.0.1
-      es-errors: 1.3.0
-      gopd: 1.2.0
-
-  define-properties@1.2.1:
-    dependencies:
-      define-data-property: 1.1.4
-      has-property-descriptors: 1.0.2
-      object-keys: 1.1.1
-
-  delayed-stream@1.0.0: {}
-
-  dependency-graph@0.11.0: {}
-
   dequal@2.0.3: {}
 
   detect-libc@2.0.4: {}
 
   detect-node-es@1.1.0: {}
 
+  devalue@5.4.1: {}
+
   devlop@1.1.0:
     dependencies:
       dequal: 2.0.3
 
   diff@8.0.2: {}
 
-  dir-glob@3.0.1:
-    dependencies:
-      path-type: 4.0.0
-
   dom-helpers@5.2.1:
     dependencies:
       '@babel/runtime': 7.27.6
       csstype: 3.1.3
 
-  dunder-proto@1.0.1:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      es-errors: 1.3.0
-      gopd: 1.2.0
-
   electron-to-chromium@1.5.203: {}
 
   emblor@1.4.8(@types/react-dom@19.1.9(@types/react@19.1.12))(@types/react@19.1.12)(react-dom@19.1.1(react@19.1.1))(react@19.1.1):
@@ -7163,111 +5798,11 @@ snapshots:
       - '@types/react'
       - '@types/react-dom'
 
-  emoji-regex@8.0.0: {}
-
   enhanced-resolve@5.18.3:
     dependencies:
       graceful-fs: 4.2.11
       tapable: 2.2.2
 
-  enquirer@2.4.1:
-    dependencies:
-      ansi-colors: 4.1.3
-      strip-ansi: 6.0.1
-
-  entities@4.5.0: {}
-
-  es-abstract@1.24.0:
-    dependencies:
-      array-buffer-byte-length: 1.0.2
-      arraybuffer.prototype.slice: 1.0.4
-      available-typed-arrays: 1.0.7
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      data-view-buffer: 1.0.2
-      data-view-byte-length: 1.0.2
-      data-view-byte-offset: 1.0.1
-      es-define-property: 1.0.1
-      es-errors: 1.3.0
-      es-object-atoms: 1.1.1
-      es-set-tostringtag: 2.1.0
-      es-to-primitive: 1.3.0
-      function.prototype.name: 1.1.8
-      get-intrinsic: 1.3.0
-      get-proto: 1.0.1
-      get-symbol-description: 1.1.0
-      globalthis: 1.0.4
-      gopd: 1.2.0
-      has-property-descriptors: 1.0.2
-      has-proto: 1.2.0
-      has-symbols: 1.1.0
-      hasown: 2.0.2
-      internal-slot: 1.1.0
-      is-array-buffer: 3.0.5
-      is-callable: 1.2.7
-      is-data-view: 1.0.2
-      is-negative-zero: 2.0.3
-      is-regex: 1.2.1
-      is-set: 2.0.3
-      is-shared-array-buffer: 1.0.4
-      is-string: 1.1.1
-      is-typed-array: 1.1.15
-      is-weakref: 1.1.1
-      math-intrinsics: 1.1.0
-      object-inspect: 1.13.4
-      object-keys: 1.1.1
-      object.assign: 4.1.7
-      own-keys: 1.0.1
-      regexp.prototype.flags: 1.5.4
-      safe-array-concat: 1.1.3
-      safe-push-apply: 1.0.0
-      safe-regex-test: 1.1.0
-      set-proto: 1.0.0
-      stop-iteration-iterator: 1.1.0
-      string.prototype.trim: 1.2.10
-      string.prototype.trimend: 1.0.9
-      string.prototype.trimstart: 1.0.8
-      typed-array-buffer: 1.0.3
-      typed-array-byte-length: 1.0.3
-      typed-array-byte-offset: 1.0.4
-      typed-array-length: 1.0.7
-      unbox-primitive: 1.1.0
-      which-typed-array: 1.1.19
-
-  es-aggregate-error@1.0.14:
-    dependencies:
-      define-data-property: 1.1.4
-      define-properties: 1.2.1
-      es-abstract: 1.24.0
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-      globalthis: 1.0.4
-      has-property-descriptors: 1.0.2
-      set-function-name: 2.0.2
-
-  es-define-property@1.0.1: {}
-
-  es-errors@1.3.0: {}
-
-  es-object-atoms@1.1.1:
-    dependencies:
-      es-errors: 1.3.0
-
-  es-set-tostringtag@2.1.0:
-    dependencies:
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-      has-tostringtag: 1.0.2
-      hasown: 2.0.2
-
-  es-to-primitive@1.3.0:
-    dependencies:
-      is-callable: 1.2.7
-      is-date-object: 1.1.0
-      is-symbol: 1.1.1
-
-  es6-promise@3.3.1: {}
-
   esbuild@0.25.9:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.25.9
@@ -7384,22 +5919,8 @@ snapshots:
 
   esutils@2.0.3: {}
 
-  event-target-shim@5.0.1: {}
-
   eventemitter3@4.0.7: {}
 
-  execa@5.1.1:
-    dependencies:
-      cross-spawn: 7.0.6
-      get-stream: 6.0.1
-      human-signals: 2.1.0
-      is-stream: 2.0.1
-      merge-stream: 2.0.0
-      npm-run-path: 4.0.1
-      onetime: 5.1.2
-      signal-exit: 3.0.7
-      strip-final-newline: 2.0.0
-
   extend@3.0.2: {}
 
   fast-deep-equal@3.1.3: {}
@@ -7418,12 +5939,6 @@ snapshots:
 
   fast-levenshtein@2.0.6: {}
 
-  fast-memoize@2.5.2: {}
-
-  fast-safe-stringify@2.1.1: {}
-
-  fast-uri@3.0.6: {}
-
   fastq@1.19.1:
     dependencies:
       reusify: 1.1.0
@@ -7452,20 +5967,6 @@ snapshots:
 
   flatted@3.3.3: {}
 
-  follow-redirects@1.15.9: {}
-
-  for-each@0.3.5:
-    dependencies:
-      is-callable: 1.2.7
-
-  form-data@4.0.4:
-    dependencies:
-      asynckit: 0.4.0
-      combined-stream: 1.0.8
-      es-set-tostringtag: 2.1.0
-      hasown: 2.0.2
-      mime-types: 2.1.35
-
   formik@2.4.6(react@19.1.1):
     dependencies:
       '@types/hoist-non-react-statics': 3.3.6
@@ -7478,60 +5979,13 @@ snapshots:
       tiny-warning: 1.0.3
       tslib: 2.8.1
 
-  fs-extra@11.3.0:
-    dependencies:
-      graceful-fs: 4.2.11
-      jsonfile: 6.1.0
-      universalify: 2.0.1
-
   fsevents@2.3.3:
     optional: true
 
-  function-bind@1.1.2: {}
-
-  function.prototype.name@1.1.8:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      define-properties: 1.2.1
-      functions-have-names: 1.2.3
-      hasown: 2.0.2
-      is-callable: 1.2.7
-
-  functions-have-names@1.2.3: {}
-
   gensync@1.0.0-beta.2: {}
 
-  get-caller-file@2.0.5: {}
-
-  get-intrinsic@1.3.0:
-    dependencies:
-      call-bind-apply-helpers: 1.0.2
-      es-define-property: 1.0.1
-      es-errors: 1.3.0
-      es-object-atoms: 1.1.1
-      function-bind: 1.1.2
-      get-proto: 1.0.1
-      gopd: 1.2.0
-      has-symbols: 1.1.0
-      hasown: 2.0.2
-      math-intrinsics: 1.1.0
-
   get-nonce@1.0.1: {}
 
-  get-proto@1.0.1:
-    dependencies:
-      dunder-proto: 1.0.1
-      es-object-atoms: 1.1.1
-
-  get-stream@6.0.1: {}
-
-  get-symbol-description@1.1.0:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-
   get-tsconfig@4.10.1:
     dependencies:
       resolve-pkg-maps: 1.0.0
@@ -7548,52 +6002,16 @@ snapshots:
 
   globals@16.3.0: {}
 
-  globalthis@1.0.4:
-    dependencies:
-      define-properties: 1.2.1
-      gopd: 1.2.0
-
-  globby@11.1.0:
-    dependencies:
-      array-union: 2.1.0
-      dir-glob: 3.0.1
-      fast-glob: 3.3.3
-      ignore: 5.3.2
-      merge2: 1.4.1
-      slash: 3.0.0
-
   goober@2.1.16(csstype@3.1.3):
     dependencies:
       csstype: 3.1.3
 
-  gopd@1.2.0: {}
-
   graceful-fs@4.2.11: {}
 
   graphemer@1.4.0: {}
 
-  has-bigints@1.1.0: {}
-
   has-flag@4.0.0: {}
 
-  has-property-descriptors@1.0.2:
-    dependencies:
-      es-define-property: 1.0.1
-
-  has-proto@1.2.0:
-    dependencies:
-      dunder-proto: 1.0.1
-
-  has-symbols@1.1.0: {}
-
-  has-tostringtag@1.0.2:
-    dependencies:
-      has-symbols: 1.1.0
-
-  hasown@2.0.2:
-    dependencies:
-      function-bind: 1.1.2
-
   hast-util-to-jsx-runtime@2.3.6:
     dependencies:
       '@types/estree': 1.0.8
@@ -7624,10 +6042,6 @@ snapshots:
 
   html-url-attributes@3.0.1: {}
 
-  http2-client@1.3.5: {}
-
-  human-signals@2.1.0: {}
-
   ignore@5.3.2: {}
 
   ignore@7.0.5: {}
@@ -7635,8 +6049,6 @@ snapshots:
   immer@10.1.1:
     optional: true
 
-  immer@9.0.21: {}
-
   import-fresh@3.3.1:
     dependencies:
       parent-module: 1.0.1
@@ -7646,12 +6058,6 @@ snapshots:
 
   inline-style-parser@0.2.4: {}
 
-  internal-slot@1.1.0:
-    dependencies:
-      es-errors: 1.3.0
-      hasown: 2.0.2
-      side-channel: 1.1.0
-
   internmap@2.0.3: {}
 
   is-alphabetical@2.0.1: {}
@@ -7661,125 +6067,24 @@ snapshots:
       is-alphabetical: 2.0.1
       is-decimal: 2.0.1
 
-  is-array-buffer@3.0.5:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      get-intrinsic: 1.3.0
-
-  is-async-function@2.1.1:
-    dependencies:
-      async-function: 1.0.0
-      call-bound: 1.0.4
-      get-proto: 1.0.1
-      has-tostringtag: 1.0.2
-      safe-regex-test: 1.1.0
-
-  is-bigint@1.1.0:
-    dependencies:
-      has-bigints: 1.1.0
-
   is-binary-path@2.1.0:
     dependencies:
       binary-extensions: 2.3.0
 
-  is-boolean-object@1.2.2:
-    dependencies:
-      call-bound: 1.0.4
-      has-tostringtag: 1.0.2
-
-  is-callable@1.2.7: {}
-
-  is-data-view@1.0.2:
-    dependencies:
-      call-bound: 1.0.4
-      get-intrinsic: 1.3.0
-      is-typed-array: 1.1.15
-
-  is-date-object@1.1.0:
-    dependencies:
-      call-bound: 1.0.4
-      has-tostringtag: 1.0.2
-
   is-decimal@2.0.1: {}
 
   is-extglob@2.1.1: {}
 
-  is-finalizationregistry@1.1.1:
-    dependencies:
-      call-bound: 1.0.4
-
-  is-fullwidth-code-point@3.0.0: {}
-
-  is-generator-function@1.1.0:
-    dependencies:
-      call-bound: 1.0.4
-      get-proto: 1.0.1
-      has-tostringtag: 1.0.2
-      safe-regex-test: 1.1.0
-
   is-glob@4.0.3:
     dependencies:
       is-extglob: 2.1.1
 
   is-hexadecimal@2.0.1: {}
 
-  is-map@2.0.3: {}
-
-  is-negative-zero@2.0.3: {}
-
-  is-number-object@1.1.1:
-    dependencies:
-      call-bound: 1.0.4
-      has-tostringtag: 1.0.2
-
   is-number@7.0.0: {}
 
   is-plain-obj@4.1.0: {}
 
-  is-regex@1.2.1:
-    dependencies:
-      call-bound: 1.0.4
-      gopd: 1.2.0
-      has-tostringtag: 1.0.2
-      hasown: 2.0.2
-
-  is-set@2.0.3: {}
-
-  is-shared-array-buffer@1.0.4:
-    dependencies:
-      call-bound: 1.0.4
-
-  is-stream@2.0.1: {}
-
-  is-string@1.1.1:
-    dependencies:
-      call-bound: 1.0.4
-      has-tostringtag: 1.0.2
-
-  is-symbol@1.1.1:
-    dependencies:
-      call-bound: 1.0.4
-      has-symbols: 1.1.0
-      safe-regex-test: 1.1.0
-
-  is-typed-array@1.1.15:
-    dependencies:
-      which-typed-array: 1.1.19
-
-  is-weakmap@2.0.2: {}
-
-  is-weakref@1.1.1:
-    dependencies:
-      call-bound: 1.0.4
-
-  is-weakset@2.0.4:
-    dependencies:
-      call-bound: 1.0.4
-      get-intrinsic: 1.3.0
-
-  isarray@2.0.5: {}
-
   isbot@5.1.29: {}
 
   isexe@2.0.0: {}
@@ -7792,44 +6097,20 @@ snapshots:
     dependencies:
       argparse: 2.0.1
 
-  jsep@1.4.0: {}
-
   jsesc@3.1.0: {}
 
   json-buffer@3.0.1: {}
 
   json-schema-traverse@0.4.1: {}
 
-  json-schema-traverse@1.0.0: {}
-
   json-stable-stringify-without-jsonify@1.0.1: {}
 
   json5@2.2.3: {}
 
-  jsonc-parser@2.2.1: {}
-
-  jsonfile@6.1.0:
-    dependencies:
-      universalify: 2.0.1
-    optionalDependencies:
-      graceful-fs: 4.2.11
-
-  jsonpath-plus@10.3.0:
-    dependencies:
-      '@jsep-plugin/assignment': 1.3.0(jsep@1.4.0)
-      '@jsep-plugin/regex': 1.0.4(jsep@1.4.0)
-      jsep: 1.4.0
-
-  jsonpointer@5.0.1: {}
-
-  jsonschema@1.5.0: {}
-
   keyv@4.5.4:
     dependencies:
       json-buffer: 3.0.1
 
-  leven@3.1.0: {}
-
   levn@0.4.1:
     dependencies:
       prelude-ls: 1.2.1
@@ -7880,36 +6161,16 @@ snapshots:
       lightningcss-win32-arm64-msvc: 1.30.1
       lightningcss-win32-x64-msvc: 1.30.1
 
-  linkify-it@5.0.0:
-    dependencies:
-      uc.micro: 2.1.0
-
   locate-path@6.0.0:
     dependencies:
       p-locate: 5.0.0
 
   lodash-es@4.17.21: {}
 
-  lodash.isempty@4.4.0: {}
-
   lodash.merge@4.6.2: {}
 
-  lodash.omitby@4.6.0: {}
-
-  lodash.topath@4.5.2: {}
-
-  lodash.uniq@4.5.0: {}
-
-  lodash.uniqby@4.7.0: {}
-
-  lodash.uniqwith@4.5.0: {}
-
   lodash@4.17.21: {}
 
-  loglevel-plugin-prefix@0.8.4: {}
-
-  loglevel@1.9.2: {}
-
   longest-streak@3.1.0: {}
 
   loose-envify@1.4.0:
@@ -7924,25 +6185,12 @@ snapshots:
     dependencies:
       react: 19.1.1
 
-  lunr@2.3.9: {}
-
   magic-string@0.30.19:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.5
 
-  markdown-it@14.1.0:
-    dependencies:
-      argparse: 2.0.1
-      entities: 4.5.0
-      linkify-it: 5.0.0
-      mdurl: 2.0.0
-      punycode.js: 2.3.1
-      uc.micro: 2.1.0
-
   markdown-table@3.0.4: {}
 
-  math-intrinsics@1.1.0: {}
-
   mdast-util-find-and-replace@3.0.2:
     dependencies:
       '@types/mdast': 4.0.4
@@ -8096,10 +6344,6 @@ snapshots:
     dependencies:
       '@types/mdast': 4.0.4
 
-  mdurl@2.0.0: {}
-
-  merge-stream@2.0.0: {}
-
   merge2@1.4.1: {}
 
   micromark-core-commonmark@2.0.3:
@@ -8298,22 +6542,10 @@ snapshots:
       braces: 3.0.3
       picomatch: 2.3.1
 
-  mime-db@1.52.0: {}
-
-  mime-types@2.1.35:
-    dependencies:
-      mime-db: 1.52.0
-
-  mimic-fn@2.1.0: {}
-
   minimatch@3.1.2:
     dependencies:
       brace-expansion: 1.1.12
 
-  minimatch@6.2.0:
-    dependencies:
-      brace-expansion: 2.0.2
-
   minimatch@9.0.5:
     dependencies:
       brace-expansion: 2.0.2
@@ -8332,96 +6564,12 @@ snapshots:
 
   natural-compare@1.4.0: {}
 
-  nimma@0.2.3:
-    dependencies:
-      '@jsep-plugin/regex': 1.0.4(jsep@1.4.0)
-      '@jsep-plugin/ternary': 1.1.4(jsep@1.4.0)
-      astring: 1.9.0
-      jsep: 1.4.0
-    optionalDependencies:
-      jsonpath-plus: 10.3.0
-      lodash.topath: 4.5.2
-
-  node-fetch-h2@2.3.0:
-    dependencies:
-      http2-client: 1.3.5
-
-  node-fetch@2.7.0:
-    dependencies:
-      whatwg-url: 5.0.0
-
-  node-readfiles@0.2.0:
-    dependencies:
-      es6-promise: 3.3.1
-
   node-releases@2.0.19: {}
 
   normalize-path@3.0.0: {}
 
-  npm-run-path@4.0.1:
-    dependencies:
-      path-key: 3.1.1
-
-  oas-kit-common@1.0.8:
-    dependencies:
-      fast-safe-stringify: 2.1.1
-
-  oas-linter@3.2.2:
-    dependencies:
-      '@exodus/schemasafe': 1.3.0
-      should: 13.2.3
-      yaml: 1.10.2
-
-  oas-resolver@2.5.6:
-    dependencies:
-      node-fetch-h2: 2.3.0
-      oas-kit-common: 1.0.8
-      reftools: 1.1.9
-      yaml: 1.10.2
-      yargs: 17.7.2
-
-  oas-schema-walker@1.1.5: {}
-
-  oas-validator@5.0.8:
-    dependencies:
-      call-me-maybe: 1.0.2
-      oas-kit-common: 1.0.8
-      oas-linter: 3.2.2
-      oas-resolver: 2.5.6
-      oas-schema-walker: 1.1.5
-      reftools: 1.1.9
-      should: 13.2.3
-      yaml: 1.10.2
-
   object-assign@4.1.1: {}
 
-  object-inspect@1.13.4: {}
-
-  object-keys@1.1.1: {}
-
-  object.assign@4.1.7:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      define-properties: 1.2.1
-      es-object-atoms: 1.1.1
-      has-symbols: 1.1.0
-      object-keys: 1.1.1
-
-  onetime@5.1.2:
-    dependencies:
-      mimic-fn: 2.1.0
-
-  openapi-types@12.1.3: {}
-
-  openapi3-ts@4.2.2:
-    dependencies:
-      yaml: 2.8.0
-
-  openapi3-ts@4.4.0:
-    dependencies:
-      yaml: 2.8.0
-
   optionator@0.9.4:
     dependencies:
       deep-is: 0.1.4
@@ -8431,45 +6579,6 @@ snapshots:
       type-check: 0.4.0
       word-wrap: 1.2.5
 
-  orval@7.11.2(openapi-types@12.1.3):
-    dependencies:
-      '@apidevtools/swagger-parser': 10.1.1(openapi-types@12.1.3)
-      '@orval/angular': 7.11.2(openapi-types@12.1.3)
-      '@orval/axios': 7.11.2(openapi-types@12.1.3)
-      '@orval/core': 7.11.2(openapi-types@12.1.3)
-      '@orval/fetch': 7.11.2(openapi-types@12.1.3)
-      '@orval/hono': 7.11.2(openapi-types@12.1.3)
-      '@orval/mcp': 7.11.2(openapi-types@12.1.3)
-      '@orval/mock': 7.11.2(openapi-types@12.1.3)
-      '@orval/query': 7.11.2(openapi-types@12.1.3)
-      '@orval/swr': 7.11.2(openapi-types@12.1.3)
-      '@orval/zod': 7.11.2(openapi-types@12.1.3)
-      ajv: 8.17.1
-      cac: 6.7.14
-      chalk: 4.1.2
-      chokidar: 4.0.3
-      enquirer: 2.4.1
-      execa: 5.1.1
-      find-up: 5.0.0
-      fs-extra: 11.3.0
-      lodash.uniq: 4.5.0
-      openapi3-ts: 4.2.2
-      string-argv: 0.3.2
-      tsconfck: 2.1.2(typescript@5.9.2)
-      typedoc: 0.28.7(typescript@5.9.2)
-      typedoc-plugin-markdown: 4.8.1(typedoc@0.28.7(typescript@5.9.2))
-      typescript: 5.9.2
-    transitivePeerDependencies:
-      - encoding
-      - openapi-types
-      - supports-color
-
-  own-keys@1.0.1:
-    dependencies:
-      get-intrinsic: 1.3.0
-      object-keys: 1.1.1
-      safe-push-apply: 1.0.0
-
   p-limit@3.1.0:
     dependencies:
       yocto-queue: 0.1.0
@@ -8496,18 +6605,12 @@ snapshots:
 
   path-key@3.1.1: {}
 
-  path-type@4.0.0: {}
-
   picocolors@1.1.1: {}
 
   picomatch@2.3.1: {}
 
   picomatch@4.0.3: {}
 
-  pony-cause@1.1.1: {}
-
-  possible-typed-array-names@1.1.0: {}
-
   postcss@8.5.6:
     dependencies:
       nanoid: 3.3.11
@@ -8522,6 +6625,12 @@ snapshots:
 
   prettier@3.6.2: {}
 
+  prism-react-renderer@2.4.1(react@19.1.1):
+    dependencies:
+      '@types/prismjs': 1.26.5
+      clsx: 2.1.1
+      react: 19.1.1
+
   prop-types@15.8.1:
     dependencies:
       loose-envify: 1.4.0
@@ -8532,10 +6641,6 @@ snapshots:
 
   property-information@7.1.0: {}
 
-  proxy-from-env@1.1.0: {}
-
-  punycode.js@2.3.1: {}
-
   punycode@2.3.1: {}
 
   queue-microtask@1.2.3: {}
@@ -8713,8 +6818,6 @@ snapshots:
     dependencies:
       picomatch: 2.3.1
 
-  readdirp@4.1.2: {}
-
   recast@0.23.11:
     dependencies:
       ast-types: 0.16.1
@@ -8740,28 +6843,6 @@ snapshots:
       tiny-invariant: 1.3.3
       victory-vendor: 36.9.2
 
-  reflect.getprototypeof@1.0.10:
-    dependencies:
-      call-bind: 1.0.8
-      define-properties: 1.2.1
-      es-abstract: 1.24.0
-      es-errors: 1.3.0
-      es-object-atoms: 1.1.1
-      get-intrinsic: 1.3.0
-      get-proto: 1.0.1
-      which-builtin-type: 1.2.1
-
-  reftools@1.1.9: {}
-
-  regexp.prototype.flags@1.5.4:
-    dependencies:
-      call-bind: 1.0.8
-      define-properties: 1.2.1
-      es-errors: 1.3.0
-      get-proto: 1.0.1
-      gopd: 1.2.0
-      set-function-name: 2.0.2
-
   remark-gfm@4.0.1:
     dependencies:
       '@types/mdast': 4.0.4
@@ -8796,10 +6877,6 @@ snapshots:
       mdast-util-to-markdown: 2.1.2
       unified: 11.0.5
 
-  require-directory@2.1.1: {}
-
-  require-from-string@2.0.2: {}
-
   resolve-from@4.0.0: {}
 
   resolve-pkg-maps@1.0.0: {}
@@ -8836,27 +6913,6 @@ snapshots:
     dependencies:
       queue-microtask: 1.2.3
 
-  safe-array-concat@1.1.3:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      get-intrinsic: 1.3.0
-      has-symbols: 1.1.0
-      isarray: 2.0.5
-
-  safe-push-apply@1.0.0:
-    dependencies:
-      es-errors: 1.3.0
-      isarray: 2.0.5
-
-  safe-regex-test@1.1.0:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      is-regex: 1.2.1
-
-  safe-stable-stringify@1.1.1: {}
-
   scheduler@0.26.0: {}
 
   semver@6.3.1: {}
@@ -8869,96 +6925,12 @@ snapshots:
 
   seroval@1.3.2: {}
 
-  set-function-length@1.2.2:
-    dependencies:
-      define-data-property: 1.1.4
-      es-errors: 1.3.0
-      function-bind: 1.1.2
-      get-intrinsic: 1.3.0
-      gopd: 1.2.0
-      has-property-descriptors: 1.0.2
-
-  set-function-name@2.0.2:
-    dependencies:
-      define-data-property: 1.1.4
-      es-errors: 1.3.0
-      functions-have-names: 1.2.3
-      has-property-descriptors: 1.0.2
-
-  set-proto@1.0.0:
-    dependencies:
-      dunder-proto: 1.0.1
-      es-errors: 1.3.0
-      es-object-atoms: 1.1.1
-
   shebang-command@2.0.0:
     dependencies:
       shebang-regex: 3.0.0
 
   shebang-regex@3.0.0: {}
 
-  should-equal@2.0.0:
-    dependencies:
-      should-type: 1.4.0
-
-  should-format@3.0.3:
-    dependencies:
-      should-type: 1.4.0
-      should-type-adaptors: 1.1.0
-
-  should-type-adaptors@1.1.0:
-    dependencies:
-      should-type: 1.4.0
-      should-util: 1.0.1
-
-  should-type@1.4.0: {}
-
-  should-util@1.0.1: {}
-
-  should@13.2.3:
-    dependencies:
-      should-equal: 2.0.0
-      should-format: 3.0.3
-      should-type: 1.4.0
-      should-type-adaptors: 1.1.0
-      should-util: 1.0.1
-
-  side-channel-list@1.0.0:
-    dependencies:
-      es-errors: 1.3.0
-      object-inspect: 1.13.4
-
-  side-channel-map@1.0.1:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-      object-inspect: 1.13.4
-
-  side-channel-weakmap@1.0.2:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      get-intrinsic: 1.3.0
-      object-inspect: 1.13.4
-      side-channel-map: 1.0.1
-
-  side-channel@1.1.0:
-    dependencies:
-      es-errors: 1.3.0
-      object-inspect: 1.13.4
-      side-channel-list: 1.0.0
-      side-channel-map: 1.0.1
-      side-channel-weakmap: 1.0.2
-
-  signal-exit@3.0.7: {}
-
-  simple-eval@1.0.1:
-    dependencies:
-      jsep: 1.4.0
-
-  slash@3.0.0: {}
-
   solid-js@1.9.9:
     dependencies:
       csstype: 3.1.3
@@ -8978,53 +6950,11 @@ snapshots:
 
   space-separated-tokens@2.0.2: {}
 
-  stop-iteration-iterator@1.1.0:
-    dependencies:
-      es-errors: 1.3.0
-      internal-slot: 1.1.0
-
-  string-argv@0.3.2: {}
-
-  string-width@4.2.3:
-    dependencies:
-      emoji-regex: 8.0.0
-      is-fullwidth-code-point: 3.0.0
-      strip-ansi: 6.0.1
-
-  string.prototype.trim@1.2.10:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      define-data-property: 1.1.4
-      define-properties: 1.2.1
-      es-abstract: 1.24.0
-      es-object-atoms: 1.1.1
-      has-property-descriptors: 1.0.2
-
-  string.prototype.trimend@1.0.9:
-    dependencies:
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      define-properties: 1.2.1
-      es-object-atoms: 1.1.1
-
-  string.prototype.trimstart@1.0.8:
-    dependencies:
-      call-bind: 1.0.8
-      define-properties: 1.2.1
-      es-object-atoms: 1.1.1
-
   stringify-entities@4.0.4:
     dependencies:
       character-entities-html4: 2.1.0
       character-entities-legacy: 3.0.0
 
-  strip-ansi@6.0.1:
-    dependencies:
-      ansi-regex: 5.0.1
-
-  strip-final-newline@2.0.0: {}
-
   strip-json-comments@3.1.1: {}
 
   style-to-js@1.1.17:
@@ -9039,22 +6969,6 @@ snapshots:
     dependencies:
       has-flag: 4.0.0
 
-  swagger2openapi@7.0.8:
-    dependencies:
-      call-me-maybe: 1.0.2
-      node-fetch: 2.7.0
-      node-fetch-h2: 2.3.0
-      node-readfiles: 0.2.0
-      oas-kit-common: 1.0.8
-      oas-resolver: 2.5.6
-      oas-schema-walker: 1.1.5
-      oas-validator: 5.0.8
-      reftools: 1.1.9
-      yaml: 1.10.2
-      yargs: 17.7.2
-    transitivePeerDependencies:
-      - encoding
-
   tailwind-merge@3.3.1: {}
 
   tailwindcss@4.1.13: {}
@@ -9087,8 +7001,6 @@ snapshots:
 
   toposort@2.0.2: {}
 
-  tr46@0.0.3: {}
-
   trim-lines@3.0.1: {}
 
   trough@2.2.0: {}
@@ -9097,12 +7009,6 @@ snapshots:
     dependencies:
       typescript: 5.9.2
 
-  tsconfck@2.1.2(typescript@5.9.2):
-    optionalDependencies:
-      typescript: 5.9.2
-
-  tslib@1.14.1: {}
-
   tslib@2.0.1: {}
 
   tslib@2.8.1: {}
@@ -9122,52 +7028,6 @@ snapshots:
 
   type-fest@2.19.0: {}
 
-  typed-array-buffer@1.0.3:
-    dependencies:
-      call-bound: 1.0.4
-      es-errors: 1.3.0
-      is-typed-array: 1.1.15
-
-  typed-array-byte-length@1.0.3:
-    dependencies:
-      call-bind: 1.0.8
-      for-each: 0.3.5
-      gopd: 1.2.0
-      has-proto: 1.2.0
-      is-typed-array: 1.1.15
-
-  typed-array-byte-offset@1.0.4:
-    dependencies:
-      available-typed-arrays: 1.0.7
-      call-bind: 1.0.8
-      for-each: 0.3.5
-      gopd: 1.2.0
-      has-proto: 1.2.0
-      is-typed-array: 1.1.15
-      reflect.getprototypeof: 1.0.10
-
-  typed-array-length@1.0.7:
-    dependencies:
-      call-bind: 1.0.8
-      for-each: 0.3.5
-      gopd: 1.2.0
-      is-typed-array: 1.1.15
-      possible-typed-array-names: 1.1.0
-      reflect.getprototypeof: 1.0.10
-
-  typedoc-plugin-markdown@4.8.1(typedoc@0.28.7(typescript@5.9.2)):
-    dependencies:
-      typedoc: 0.28.7(typescript@5.9.2)
-
-  typedoc@0.28.7(typescript@5.9.2):
-    dependencies:
-      '@gerrit0/mini-shiki': 3.8.1
-      lunr: 2.3.9
-      markdown-it: 14.1.0
-      minimatch: 9.0.5
-      typescript: 5.9.2
-      yaml: 2.8.0
-
   typescript-eslint@8.43.0(eslint@9.35.0(jiti@2.5.1))(typescript@5.9.2):
     dependencies:
       '@typescript-eslint/eslint-plugin': 8.43.0(@typescript-eslint/parser@8.43.0(eslint@9.35.0(jiti@2.5.1))(typescript@5.9.2))(eslint@9.35.0(jiti@2.5.1))(typescript@5.9.2)
@@ -9181,15 +7041,6 @@ snapshots:
 
   typescript@5.9.2: {}
 
-  uc.micro@2.1.0: {}
-
-  unbox-primitive@1.1.0:
-    dependencies:
-      call-bound: 1.0.4
-      has-bigints: 1.1.0
-      has-symbols: 1.1.0
-      which-boxed-primitive: 1.1.1
-
   undici-types@7.10.0: {}
 
   unified@11.0.5:
@@ -9225,8 +7076,6 @@ snapshots:
       unist-util-is: 6.0.0
       unist-util-visit-parents: 6.0.1
 
-  universalify@2.0.1: {}
-
   unplugin@2.3.6:
     dependencies:
       '@jridgewell/remapping': 2.3.5
@@ -9244,8 +7093,6 @@ snapshots:
     dependencies:
       punycode: 2.3.1
 
-  urijs@1.19.11: {}
-
   use-callback-ref@1.3.3(@types/react@19.1.12)(react@19.1.1):
     dependencies:
       react: 19.1.1
@@ -9265,10 +7112,6 @@ snapshots:
     dependencies:
       react: 19.1.1
 
-  utility-types@3.11.0: {}
-
-  validator@13.15.15: {}
-
   vfile-message@4.0.3:
     dependencies:
       '@types/unist': 3.0.3
@@ -9312,89 +7155,20 @@ snapshots:
       tsx: 4.20.4
       yaml: 2.8.0
 
-  webidl-conversions@3.0.1: {}
-
   webpack-virtual-modules@0.6.2: {}
 
-  whatwg-url@5.0.0:
-    dependencies:
-      tr46: 0.0.3
-      webidl-conversions: 3.0.1
-
-  which-boxed-primitive@1.1.1:
-    dependencies:
-      is-bigint: 1.1.0
-      is-boolean-object: 1.2.2
-      is-number-object: 1.1.1
-      is-string: 1.1.1
-      is-symbol: 1.1.1
-
-  which-builtin-type@1.2.1:
-    dependencies:
-      call-bound: 1.0.4
-      function.prototype.name: 1.1.8
-      has-tostringtag: 1.0.2
-      is-async-function: 2.1.1
-      is-date-object: 1.1.0
-      is-finalizationregistry: 1.1.1
-      is-generator-function: 1.1.0
-      is-regex: 1.2.1
-      is-weakref: 1.1.1
-      isarray: 2.0.5
-      which-boxed-primitive: 1.1.1
-      which-collection: 1.0.2
-      which-typed-array: 1.1.19
-
-  which-collection@1.0.2:
-    dependencies:
-      is-map: 2.0.3
-      is-set: 2.0.3
-      is-weakmap: 2.0.2
-      is-weakset: 2.0.4
-
-  which-typed-array@1.1.19:
-    dependencies:
-      available-typed-arrays: 1.0.7
-      call-bind: 1.0.8
-      call-bound: 1.0.4
-      for-each: 0.3.5
-      get-proto: 1.0.1
-      gopd: 1.2.0
-      has-tostringtag: 1.0.2
-
   which@2.0.2:
     dependencies:
       isexe: 2.0.0
 
   word-wrap@1.2.5: {}
 
-  wrap-ansi@7.0.0:
-    dependencies:
-      ansi-styles: 4.3.0
-      string-width: 4.2.3
-      strip-ansi: 6.0.1
-
-  y18n@5.0.8: {}
-
   yallist@3.1.1: {}
 
   yallist@5.0.0: {}
 
-  yaml@1.10.2: {}
-
-  yaml@2.8.0: {}
-
-  yargs-parser@21.1.1: {}
-
-  yargs@17.7.2:
-    dependencies:
-      cliui: 8.0.1
-      escalade: 3.2.0
-      get-caller-file: 2.0.5
-      require-directory: 2.1.1
-      string-width: 4.2.3
-      y18n: 5.0.8
-      yargs-parser: 21.1.1
+  yaml@2.8.0:
+    optional: true
 
   yocto-queue@0.1.0: {}
 
@@ -9407,6 +7181,8 @@ snapshots:
 
   zod@3.25.76: {}
 
+  zod@4.1.11: {}
+
   zustand@5.0.8(@types/react@19.1.12)(immer@10.1.1)(react@19.1.1)(use-sync-external-store@1.5.0(react@19.1.1)):
     optionalDependencies:
       '@types/react': 19.1.12
diff --git a/frontend/public/logo.svg b/frontend/public/logo.svg
new file mode 100644
index 0000000..5d8f168
--- /dev/null
+++ b/frontend/public/logo.svg
@@ -0,0 +1,10 @@
+<svg
+  width="26"
+  height="38"
+  viewBox="0 0 26 38"
+  fill="#ffffff"
+  xmlns="http://www.w3.org/2000/svg"
+
+>
+  <path d="M25.1973 26.1602C25.1973 28.097 24.709 29.9362 23.7324 31.6777C22.7559 33.403 21.234 34.8027 19.167 35.877C17.1162 36.9512 14.4632 37.4883 11.208 37.4883C9.5804 37.4883 8.14811 37.415 6.91113 37.2686C5.69043 37.1221 4.55111 36.8861 3.49316 36.5605C2.43522 36.2188 1.33659 35.7793 0.197266 35.2422V26.6484C2.13411 27.625 4.08724 28.3737 6.05664 28.8945C8.02604 29.3991 9.80827 29.6514 11.4033 29.6514C12.3636 29.6514 13.1449 29.5374 13.7471 29.3096C14.3656 29.0817 14.8213 28.7725 15.1143 28.3818C15.4072 27.9749 15.5537 27.5111 15.5537 26.9902C15.5537 26.3717 15.334 25.8509 14.8945 25.4277C14.4714 24.9883 13.7878 24.5326 12.8438 24.0605C11.8997 23.5885 10.6546 23.0026 9.1084 22.3027C7.79004 21.6842 6.59375 21.0495 5.51953 20.3984C4.46159 19.7474 3.55013 19.0068 2.78516 18.1768C2.03646 17.3304 1.45866 16.3457 1.05176 15.2227C0.644857 14.0996 0.441406 12.7731 0.441406 11.2432C0.441406 8.94824 1.00293 7.02767 2.12598 5.48145C3.2653 3.91895 4.84408 2.74707 6.8623 1.96582C8.89681 1.18457 11.2406 0.793945 13.8936 0.793945C16.221 0.793945 18.3125 1.05436 20.168 1.5752C22.0397 2.09603 23.7161 2.6901 25.1973 3.35742L22.2432 10.8037C20.7132 10.1038 19.2077 9.55046 17.7266 9.14355C16.2454 8.72038 14.8701 8.50879 13.6006 8.50879C12.7705 8.50879 12.0869 8.61458 11.5498 8.82617C11.029 9.02148 10.6383 9.29004 10.3779 9.63184C10.1338 9.97363 10.0117 10.3643 10.0117 10.8037C10.0117 11.3571 10.2233 11.8535 10.6465 12.293C11.0859 12.7324 11.8102 13.2126 12.8193 13.7334C13.8447 14.238 15.2363 14.8971 16.9941 15.7109C18.7357 16.4922 20.2168 17.3385 21.4375 18.25C22.6582 19.1452 23.5859 20.2275 24.2207 21.4971C24.8717 22.7503 25.1973 24.3047 25.1973 26.1602Z" />
+</svg>
\ No newline at end of file
diff --git a/frontend/public/vite.svg b/frontend/public/vite.svg
deleted file mode 100644
index e7b8dfb..0000000
--- a/frontend/public/vite.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
\ No newline at end of file
diff --git a/frontend/src/api/api.ts b/frontend/src/api/api.ts
new file mode 100644
index 0000000..bdf0d3e
--- /dev/null
+++ b/frontend/src/api/api.ts
@@ -0,0 +1,88 @@
+import {
+  Code,
+  ConnectError,
+  createClient,
+  type Interceptor,
+} from "@connectrpc/connect";
+import { createConnectTransport } from "@connectrpc/connect-web";
+import { QueryClient } from "@tanstack/react-query";
+
+import { NotificationService } from "./gen/sentinel/notifications/v1/notifications_pb";
+import { AgentsService } from "./gen/sentinel/agents/v1/agents_pb";
+import { AuthService } from "./gen/sentinel/auth/v1/auth_pb";
+import { ProjectsService } from "./gen/sentinel/projects/v1/projects_pb";
+import { SystemService } from "./gen/sentinel/system/v1/service_pb";
+import { useAuthStore } from "@/app/stores/auth";
+import { useProjectStore } from "@/app/stores/projects";
+
+export const VITE_SERVER_API_BASE_URL =
+  import.meta.env.VITE_SERVER_API_BASE_URL || window.location.origin + "/api";
+
+const skipAuthMethods = ["RefreshToken", "Authorization"];
+
+const authInterceptor: Interceptor = (next) => async (req) => {
+  const { session, refreshToken } = useAuthStore.getState();
+  const { selectedProjectId } = useProjectStore.getState();
+
+  if (selectedProjectId) {
+    req.header.set("X-Project-ID", selectedProjectId);
+  }
+
+  if (session?.accessToken) {
+    req.header.set("Authorization", `Bearer ${session.accessToken}`);
+  }
+
+  try {
+    return await next(req);
+  } catch (error) {
+    if (
+      error instanceof ConnectError &&
+      error.code === Code.Unauthenticated &&
+      !skipAuthMethods.includes(req.method.name)
+    ) {
+      try {
+        await refreshToken();
+        if (!session?.accessToken) {
+          throw new Error("No access token");
+        }
+
+        req.header.set("Authorization", `Bearer ${session?.accessToken}`);
+        return await next(req);
+      } catch (refreshError) {
+        console.error("Failed to refresh token:", refreshError);
+        throw refreshError;
+      }
+    }
+    throw error;
+  }
+
+  // try {
+  //   return await next(req);
+  // } catch (error) {
+  //   if (error instanceof ConnectError && error.code === Code.Unauthenticated) {
+  //     clear();
+  //     window.location.href = "/login";
+  //   }
+  //   throw error;
+  // }
+};
+
+export const connectTransport = createConnectTransport({
+  baseUrl: VITE_SERVER_API_BASE_URL,
+  interceptors: [authInterceptor],
+});
+
+export const connectQueryClient = new QueryClient();
+
+export const systemClient = createClient(SystemService, connectTransport);
+
+export const authClient = createClient(AuthService, connectTransport);
+
+export const projectsClient = createClient(ProjectsService, connectTransport);
+
+export const agentsClient = createClient(AgentsService, connectTransport);
+
+export const notificationsClient = createClient(
+  NotificationService,
+  connectTransport,
+);
diff --git a/frontend/src/api/gen/sentinel/agents/v1/agents-AgentsService_connectquery.ts b/frontend/src/api/gen/sentinel/agents/v1/agents-AgentsService_connectquery.ts
new file mode 100644
index 0000000..b0c763d
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/agents/v1/agents-AgentsService_connectquery.ts
@@ -0,0 +1,30 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/agents/v1/agents.proto (package sentinel.agents.v1, syntax proto3)
+/* eslint-disable */
+
+import { AgentsService } from "./agents_pb";
+
+/**
+ * @generated from rpc sentinel.agents.v1.AgentsService.AgentsList
+ */
+export const agentsList = AgentsService.method.agentsList;
+
+/**
+ * @generated from rpc sentinel.agents.v1.AgentsService.AgentsGet
+ */
+export const agentsGet = AgentsService.method.agentsGet;
+
+/**
+ * @generated from rpc sentinel.agents.v1.AgentsService.AgentsCreate
+ */
+export const agentsCreate = AgentsService.method.agentsCreate;
+
+/**
+ * @generated from rpc sentinel.agents.v1.AgentsService.AgentsUpdate
+ */
+export const agentsUpdate = AgentsService.method.agentsUpdate;
+
+/**
+ * @generated from rpc sentinel.agents.v1.AgentsService.AgentsDelete
+ */
+export const agentsDelete = AgentsService.method.agentsDelete;
diff --git a/frontend/src/api/gen/sentinel/agents/v1/agents_pb.ts b/frontend/src/api/gen/sentinel/agents/v1/agents_pb.ts
new file mode 100644
index 0000000..490d840
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/agents/v1/agents_pb.ts
@@ -0,0 +1,537 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/agents/v1/agents.proto (package sentinel.agents.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { SystemInfo } from "../../system/v1/service_pb";
+import { file_sentinel_system_v1_service } from "../../system/v1/service_pb";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/agents/v1/agents.proto.
+ */
+export const file_sentinel_agents_v1_agents: GenFile = /*@__PURE__*/
+  fileDesc("Ch9zZW50aW5lbC9hZ2VudHMvdjEvYWdlbnRzLnByb3RvEhJzZW50aW5lbC5hZ2VudHMudjEiDQoLQWdlbnRDb25maWcikAQKBUFnZW50EgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSEgoKdG9rZW5faGludBgEIAEoCRIYCgtmaW5nZXJwcmludBgFIAEoCUgAiAEBEisKBGtpbmQYBiABKA4yHS5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRLaW5kEi8KBnN0YXR1cxgHIAEoDjIfLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudFN0YXR1cxISCgppc19lbmFibGVkGAggASgIEhUKCGxvY2F0aW9uGAkgASgJSAGIAQESDAoEdGFncxgKIAMoCRIvCgZjb25maWcYCyABKAsyHy5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRDb25maWcSMwoLc3lzdGVtX2luZm8YDCABKAsyHi5zZW50aW5lbC5zeXN0ZW0udjEuU3lzdGVtSW5mbxIwCgxsYXN0X3NlZW5fYXQYDSABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEi4KCmNyZWF0ZWRfYXQYDiABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEi4KCnVwZGF0ZWRfYXQYDyABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wQg4KDF9maW5nZXJwcmludEILCglfbG9jYXRpb24iEwoRQWdlbnRzTGlzdFJlcXVlc3QiTQoSQWdlbnRzTGlzdFJlc3BvbnNlEigKBWl0ZW1zGAEgAygLMhkuc2VudGluZWwuYWdlbnRzLnYxLkFnZW50Eg0KBWNvdW50GAIgASgNIh4KEEFnZW50c0dldFJlcXVlc3QSCgoCaWQYASABKAkiPAoRQWdlbnRzR2V0UmVzcG9uc2USJwoEaXRlbRgBIAEoCzIZLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudCKLAQoTQWdlbnRzQ3JlYXRlUmVxdWVzdBIMCgRuYW1lGAEgASgJEhMKC2Rlc2NyaXB0aW9uGAIgASgJEhIKCmlzX2VuYWJsZWQYAyABKAgSDAoEdGFncxgEIAMoCRIvCgZjb25maWcYBSABKAsyHy5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRDb25maWci7QIKFEFnZW50c0NyZWF0ZVJlc3BvbnNlEgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSDQoFdG9rZW4YBCABKAkSEgoKdG9rZW5faGludBgFIAEoCRIvCgZzdGF0dXMYBiABKA4yHy5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRTdGF0dXMSKwoEa2luZBgHIAEoDjIdLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudEtpbmQSEgoKaXNfZW5hYmxlZBgIIAEoCBIVCghsb2NhdGlvbhgJIAEoCUgAiAEBEgwKBHRhZ3MYCiADKAkSLwoGY29uZmlnGAsgASgLMh8uc2VudGluZWwuYWdlbnRzLnYxLkFnZW50Q29uZmlnEi4KCmNyZWF0ZWRfYXQYDCABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wQgsKCV9sb2NhdGlvbiK7AQoTQWdlbnRzVXBkYXRlUmVxdWVzdBIKCgJpZBgBIAEoCRIMCgRuYW1lGAIgASgJEhMKC2Rlc2NyaXB0aW9uGAMgASgJEhIKCmlzX2VuYWJsZWQYBCABKAgSFQoIbG9jYXRpb24YBSABKAlIAIgBARIMCgR0YWdzGAYgAygJEi8KBmNvbmZpZxgHIAEoCzIfLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudENvbmZpZ0ILCglfbG9jYXRpb24iPwoUQWdlbnRzVXBkYXRlUmVzcG9uc2USJwoEaXRlbRgBIAEoCzIZLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudCIhChNBZ2VudHNEZWxldGVSZXF1ZXN0EgoKAmlkGAEgASgJIhYKFEFnZW50c0RlbGV0ZVJlc3BvbnNlIhgKFkFnZW50c1N1YnNjcmliZVJlcXVlc3QiGQoXQWdlbnRzU3Vic2NyaWJlUmVzcG9uc2UqXwoLQWdlbnRTdGF0dXMSHAoYQUdFTlRfU1RBVFVTX1VOU1BFQ0lGSUVEEAASFwoTQUdFTlRfU1RBVFVTX0FDVElWRRABEhkKFUFHRU5UX1NUQVRVU19JTkFDVElWRRACKlQKCUFnZW50S2luZBIaChZBR0VOVF9LSU5EX1VOU1BFQ0lGSUVEEAASEgoOQUdFTlRfS0lORF9IVUIQARIXChNBR0VOVF9LSU5EX0VYVEVSTkFMEAIy3QQKDUFnZW50c1NlcnZpY2USWwoKQWdlbnRzTGlzdBIlLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudHNMaXN0UmVxdWVzdBomLnNlbnRpbmVsLmFnZW50cy52MS5BZ2VudHNMaXN0UmVzcG9uc2USWAoJQWdlbnRzR2V0EiQuc2VudGluZWwuYWdlbnRzLnYxLkFnZW50c0dldFJlcXVlc3QaJS5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRzR2V0UmVzcG9uc2USYQoMQWdlbnRzQ3JlYXRlEicuc2VudGluZWwuYWdlbnRzLnYxLkFnZW50c0NyZWF0ZVJlcXVlc3QaKC5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRzQ3JlYXRlUmVzcG9uc2USYQoMQWdlbnRzVXBkYXRlEicuc2VudGluZWwuYWdlbnRzLnYxLkFnZW50c1VwZGF0ZVJlcXVlc3QaKC5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRzVXBkYXRlUmVzcG9uc2USYQoMQWdlbnRzRGVsZXRlEicuc2VudGluZWwuYWdlbnRzLnYxLkFnZW50c0RlbGV0ZVJlcXVlc3QaKC5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRzRGVsZXRlUmVzcG9uc2USbAoPQWdlbnRzU3Vic2NyaWJlEiouc2VudGluZWwuYWdlbnRzLnYxLkFnZW50c1N1YnNjcmliZVJlcXVlc3QaKy5zZW50aW5lbC5hZ2VudHMudjEuQWdlbnRzU3Vic2NyaWJlUmVzcG9uc2UwAULkAQoWY29tLnNlbnRpbmVsLmFnZW50cy52MUILQWdlbnRzUHJvdG9QAVpTZ2l0aHViLmNvbS9zeHdlYmRldi9zZW50aW5lbC9pbnRlcm5hbC9odWIvaHVic2VydmVyL2FwaS9zZW50aW5lbC9hZ2VudHMvdjE7YWdlbnRzdjGiAgNTQViqAhJTZW50aW5lbC5BZ2VudHMuVjHKAhJTZW50aW5lbFxBZ2VudHNcVjHiAh5TZW50aW5lbFxBZ2VudHNcVjFcR1BCTWV0YWRhdGHqAhRTZW50aW5lbDo6QWdlbnRzOjpWMWIGcHJvdG8z", [file_google_protobuf_timestamp, file_sentinel_system_v1_service]);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentConfig
+ */
+export type AgentConfig = Message<"sentinel.agents.v1.AgentConfig"> & {
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentConfig.
+ * Use `create(AgentConfigSchema)` to create a new message.
+ */
+export const AgentConfigSchema: GenMessage<AgentConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 0);
+
+/**
+ * @generated from message sentinel.agents.v1.Agent
+ */
+export type Agent = Message<"sentinel.agents.v1.Agent"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: string token_hint = 4;
+   */
+  tokenHint: string;
+
+  /**
+   * @generated from field: optional string fingerprint = 5;
+   */
+  fingerprint?: string;
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentKind kind = 6;
+   */
+  kind: AgentKind;
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentStatus status = 7;
+   */
+  status: AgentStatus;
+
+  /**
+   * @generated from field: bool is_enabled = 8;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: optional string location = 9;
+   */
+  location?: string;
+
+  /**
+   * @generated from field: repeated string tags = 10;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentConfig config = 11;
+   */
+  config?: AgentConfig;
+
+  /**
+   * @generated from field: sentinel.system.v1.SystemInfo system_info = 12;
+   */
+  systemInfo?: SystemInfo;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp last_seen_at = 13;
+   */
+  lastSeenAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 14;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 15;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.Agent.
+ * Use `create(AgentSchema)` to create a new message.
+ */
+export const AgentSchema: GenMessage<Agent> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 1);
+
+/**
+ * AgentsList agents lists all agents.
+ *
+ * @generated from message sentinel.agents.v1.AgentsListRequest
+ */
+export type AgentsListRequest = Message<"sentinel.agents.v1.AgentsListRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsListRequest.
+ * Use `create(AgentsListRequestSchema)` to create a new message.
+ */
+export const AgentsListRequestSchema: GenMessage<AgentsListRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 2);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsListResponse
+ */
+export type AgentsListResponse = Message<"sentinel.agents.v1.AgentsListResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.agents.v1.Agent items = 1;
+   */
+  items: Agent[];
+
+  /**
+   * @generated from field: uint32 count = 2;
+   */
+  count: number;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsListResponse.
+ * Use `create(AgentsListResponseSchema)` to create a new message.
+ */
+export const AgentsListResponseSchema: GenMessage<AgentsListResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 3);
+
+/**
+ * AgentsGet agent gets an agent by ID.
+ *
+ * @generated from message sentinel.agents.v1.AgentsGetRequest
+ */
+export type AgentsGetRequest = Message<"sentinel.agents.v1.AgentsGetRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsGetRequest.
+ * Use `create(AgentsGetRequestSchema)` to create a new message.
+ */
+export const AgentsGetRequestSchema: GenMessage<AgentsGetRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 4);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsGetResponse
+ */
+export type AgentsGetResponse = Message<"sentinel.agents.v1.AgentsGetResponse"> & {
+  /**
+   * @generated from field: sentinel.agents.v1.Agent item = 1;
+   */
+  item?: Agent;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsGetResponse.
+ * Use `create(AgentsGetResponseSchema)` to create a new message.
+ */
+export const AgentsGetResponseSchema: GenMessage<AgentsGetResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 5);
+
+/**
+ * AgentsCreate agent creates a new agent.
+ *
+ * @generated from message sentinel.agents.v1.AgentsCreateRequest
+ */
+export type AgentsCreateRequest = Message<"sentinel.agents.v1.AgentsCreateRequest"> & {
+  /**
+   * @generated from field: string name = 1;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 2;
+   */
+  description: string;
+
+  /**
+   * @generated from field: bool is_enabled = 3;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: repeated string tags = 4;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentConfig config = 5;
+   */
+  config?: AgentConfig;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsCreateRequest.
+ * Use `create(AgentsCreateRequestSchema)` to create a new message.
+ */
+export const AgentsCreateRequestSchema: GenMessage<AgentsCreateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 6);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsCreateResponse
+ */
+export type AgentsCreateResponse = Message<"sentinel.agents.v1.AgentsCreateResponse"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: string token = 4;
+   */
+  token: string;
+
+  /**
+   * @generated from field: string token_hint = 5;
+   */
+  tokenHint: string;
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentStatus status = 6;
+   */
+  status: AgentStatus;
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentKind kind = 7;
+   */
+  kind: AgentKind;
+
+  /**
+   * @generated from field: bool is_enabled = 8;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: optional string location = 9;
+   */
+  location?: string;
+
+  /**
+   * @generated from field: repeated string tags = 10;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentConfig config = 11;
+   */
+  config?: AgentConfig;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 12;
+   */
+  createdAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsCreateResponse.
+ * Use `create(AgentsCreateResponseSchema)` to create a new message.
+ */
+export const AgentsCreateResponseSchema: GenMessage<AgentsCreateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 7);
+
+/**
+ * AgentsUpdate agent updates an existing agent.
+ *
+ * @generated from message sentinel.agents.v1.AgentsUpdateRequest
+ */
+export type AgentsUpdateRequest = Message<"sentinel.agents.v1.AgentsUpdateRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: bool is_enabled = 4;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: optional string location = 5;
+   */
+  location?: string;
+
+  /**
+   * @generated from field: repeated string tags = 6;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.agents.v1.AgentConfig config = 7;
+   */
+  config?: AgentConfig;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsUpdateRequest.
+ * Use `create(AgentsUpdateRequestSchema)` to create a new message.
+ */
+export const AgentsUpdateRequestSchema: GenMessage<AgentsUpdateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 8);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsUpdateResponse
+ */
+export type AgentsUpdateResponse = Message<"sentinel.agents.v1.AgentsUpdateResponse"> & {
+  /**
+   * @generated from field: sentinel.agents.v1.Agent item = 1;
+   */
+  item?: Agent;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsUpdateResponse.
+ * Use `create(AgentsUpdateResponseSchema)` to create a new message.
+ */
+export const AgentsUpdateResponseSchema: GenMessage<AgentsUpdateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 9);
+
+/**
+ * Delete agent deletes an agent by ID.
+ *
+ * @generated from message sentinel.agents.v1.AgentsDeleteRequest
+ */
+export type AgentsDeleteRequest = Message<"sentinel.agents.v1.AgentsDeleteRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsDeleteRequest.
+ * Use `create(AgentsDeleteRequestSchema)` to create a new message.
+ */
+export const AgentsDeleteRequestSchema: GenMessage<AgentsDeleteRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 10);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsDeleteResponse
+ */
+export type AgentsDeleteResponse = Message<"sentinel.agents.v1.AgentsDeleteResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsDeleteResponse.
+ * Use `create(AgentsDeleteResponseSchema)` to create a new message.
+ */
+export const AgentsDeleteResponseSchema: GenMessage<AgentsDeleteResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 11);
+
+/**
+ * AgentsSubscribe subscribes to agent events.
+ *
+ * @generated from message sentinel.agents.v1.AgentsSubscribeRequest
+ */
+export type AgentsSubscribeRequest = Message<"sentinel.agents.v1.AgentsSubscribeRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsSubscribeRequest.
+ * Use `create(AgentsSubscribeRequestSchema)` to create a new message.
+ */
+export const AgentsSubscribeRequestSchema: GenMessage<AgentsSubscribeRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 12);
+
+/**
+ * @generated from message sentinel.agents.v1.AgentsSubscribeResponse
+ */
+export type AgentsSubscribeResponse = Message<"sentinel.agents.v1.AgentsSubscribeResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.agents.v1.AgentsSubscribeResponse.
+ * Use `create(AgentsSubscribeResponseSchema)` to create a new message.
+ */
+export const AgentsSubscribeResponseSchema: GenMessage<AgentsSubscribeResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_agents_v1_agents, 13);
+
+/**
+ * @generated from enum sentinel.agents.v1.AgentStatus
+ */
+export enum AgentStatus {
+  /**
+   * @generated from enum value: AGENT_STATUS_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: AGENT_STATUS_ACTIVE = 1;
+   */
+  ACTIVE = 1,
+
+  /**
+   * @generated from enum value: AGENT_STATUS_INACTIVE = 2;
+   */
+  INACTIVE = 2,
+}
+
+/**
+ * Describes the enum sentinel.agents.v1.AgentStatus.
+ */
+export const AgentStatusSchema: GenEnum<AgentStatus> = /*@__PURE__*/
+  enumDesc(file_sentinel_agents_v1_agents, 0);
+
+/**
+ * @generated from enum sentinel.agents.v1.AgentKind
+ */
+export enum AgentKind {
+  /**
+   * @generated from enum value: AGENT_KIND_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: AGENT_KIND_HUB = 1;
+   */
+  HUB = 1,
+
+  /**
+   * @generated from enum value: AGENT_KIND_EXTERNAL = 2;
+   */
+  EXTERNAL = 2,
+}
+
+/**
+ * Describes the enum sentinel.agents.v1.AgentKind.
+ */
+export const AgentKindSchema: GenEnum<AgentKind> = /*@__PURE__*/
+  enumDesc(file_sentinel_agents_v1_agents, 1);
+
+/**
+ * AgentsService is the service for managing agents.
+ *
+ * @generated from service sentinel.agents.v1.AgentsService
+ */
+export const AgentsService: GenService<{
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsList
+   */
+  agentsList: {
+    methodKind: "unary";
+    input: typeof AgentsListRequestSchema;
+    output: typeof AgentsListResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsGet
+   */
+  agentsGet: {
+    methodKind: "unary";
+    input: typeof AgentsGetRequestSchema;
+    output: typeof AgentsGetResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsCreate
+   */
+  agentsCreate: {
+    methodKind: "unary";
+    input: typeof AgentsCreateRequestSchema;
+    output: typeof AgentsCreateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsUpdate
+   */
+  agentsUpdate: {
+    methodKind: "unary";
+    input: typeof AgentsUpdateRequestSchema;
+    output: typeof AgentsUpdateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsDelete
+   */
+  agentsDelete: {
+    methodKind: "unary";
+    input: typeof AgentsDeleteRequestSchema;
+    output: typeof AgentsDeleteResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.agents.v1.AgentsService.AgentsSubscribe
+   */
+  agentsSubscribe: {
+    methodKind: "server_streaming";
+    input: typeof AgentsSubscribeRequestSchema;
+    output: typeof AgentsSubscribeResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_agents_v1_agents, 0);
+
diff --git a/frontend/src/api/gen/sentinel/auth/v1/auth-AuthService_connectquery.ts b/frontend/src/api/gen/sentinel/auth/v1/auth-AuthService_connectquery.ts
new file mode 100644
index 0000000..c28cb3d
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/auth/v1/auth-AuthService_connectquery.ts
@@ -0,0 +1,44 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/auth/v1/auth.proto (package sentinel.auth.v1, syntax proto3)
+/* eslint-disable */
+
+import { AuthService } from "./auth_pb";
+
+/**
+ * Auth 
+ *
+ * @generated from rpc sentinel.auth.v1.AuthService.Authorization
+ */
+export const authorization = AuthService.method.authorization;
+
+/**
+ * @generated from rpc sentinel.auth.v1.AuthService.Authenticate
+ */
+export const authenticate = AuthService.method.authenticate;
+
+/**
+ * @generated from rpc sentinel.auth.v1.AuthService.RefreshToken
+ */
+export const refreshToken = AuthService.method.refreshToken;
+
+/**
+ * @generated from rpc sentinel.auth.v1.AuthService.Logout
+ */
+export const logout = AuthService.method.logout;
+
+/**
+ * Sessions 
+ *
+ * @generated from rpc sentinel.auth.v1.AuthService.ActiveSessions
+ */
+export const activeSessions = AuthService.method.activeSessions;
+
+/**
+ * @generated from rpc sentinel.auth.v1.AuthService.DeleteSession
+ */
+export const deleteSession = AuthService.method.deleteSession;
+
+/**
+ * @generated from rpc sentinel.auth.v1.AuthService.TerminateAllSessions
+ */
+export const terminateAllSessions = AuthService.method.terminateAllSessions;
diff --git a/frontend/src/api/gen/sentinel/auth/v1/auth_pb.ts b/frontend/src/api/gen/sentinel/auth/v1/auth_pb.ts
new file mode 100644
index 0000000..b29cbf1
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/auth/v1/auth_pb.ts
@@ -0,0 +1,489 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/auth/v1/auth.proto (package sentinel.auth.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { User } from "../../users/v1/users_pb";
+import { file_sentinel_users_v1_users } from "../../users/v1/users_pb";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/auth/v1/auth.proto.
+ */
+export const file_sentinel_auth_v1_auth: GenFile = /*@__PURE__*/
+  fileDesc("ChtzZW50aW5lbC9hdXRoL3YxL2F1dGgucHJvdG8SEHNlbnRpbmVsLmF1dGgudjEipQEKCkRldmljZUluZm8SEQoJZGV2aWNlX2lkGAEgASgJEjEKC2RldmljZV90eXBlGAIgASgOMhwuc2VudGluZWwuYXV0aC52MS5EZXZpY2VUeXBlEhMKC2RldmljZV9uYW1lGAMgASgJEhMKC2ZpbmdlcnByaW50GAQgASgJEhIKCm9zX3ZlcnNpb24YBSABKAkSEwoLYXBwX3ZlcnNpb24YBiABKAkiiQEKB1Nlc3Npb24SMQoLZGV2aWNlX2luZm8YASABKAsyHC5zZW50aW5lbC5hdXRoLnYxLkRldmljZUluZm8SDwoHY291bnRyeRgCIAEoCRIKCgJpcBgDIAEoCRIuCgpjcmVhdGVkX2F0GAQgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCJqChRBdXRob3JpemF0aW9uUmVxdWVzdBINCgVlbWFpbBgBIAEoCRIQCghwYXNzd29yZBgCIAEoCRIxCgtkZXZpY2VfaW5mbxgEIAEoCzIcLnNlbnRpbmVsLmF1dGgudjEuRGV2aWNlSW5mbyL6AQoLQXV0aFBheWxvYWQSFAoMYWNjZXNzX3Rva2VuGAEgASgJEhUKDXJlZnJlc2hfdG9rZW4YAiABKAkSOwoXYWNjZXNzX3Rva2VuX2V4cGlyZWRfYXQYAyABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEjwKGHJlZnJlc2hfdG9rZW5fZXhwaXJlZF9hdBgEIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASEQoJZGV2aWNlX2lkGAUgASgJEhwKD29yZ2FuaXphdGlvbl9pZBgGIAEoCUgAiAEBQhIKEF9vcmdhbml6YXRpb25faWQicwoVQXV0aG9yaXphdGlvblJlc3BvbnNlEjMKDGF1dGhfcGF5bG9hZBgBIAEoCzIdLnNlbnRpbmVsLmF1dGgudjEuQXV0aFBheWxvYWQSJQoEdXNlchgCIAEoCzIXLnNlbnRpbmVsLnVzZXJzLnYxLlVzZXIiKwoTQXV0aGVudGljYXRlUmVxdWVzdBIUCgxhY2Nlc3NfdG9rZW4YASABKAkiPQoUQXV0aGVudGljYXRlUmVzcG9uc2USJQoEdXNlchgCIAEoCzIXLnNlbnRpbmVsLnVzZXJzLnYxLlVzZXIiLAoTUmVmcmVzaFRva2VuUmVxdWVzdBIVCg1yZWZyZXNoX3Rva2VuGAEgASgJIr4BChRSZWZyZXNoVG9rZW5SZXNwb25zZRIUCgxhY2Nlc3NfdG9rZW4YASABKAkSFQoNcmVmcmVzaF90b2tlbhgCIAEoCRI7ChdhY2Nlc3NfdG9rZW5fZXhwaXJlZF9hdBgDIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASPAoYcmVmcmVzaF90b2tlbl9leHBpcmVkX2F0GAQgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCIXChVBY3RpdmVTZXNzaW9uc1JlcXVlc3QiRQoWQWN0aXZlU2Vzc2lvbnNSZXNwb25zZRIrCghzZXNzaW9ucxgBIAMoCzIZLnNlbnRpbmVsLmF1dGgudjEuU2Vzc2lvbiIpChREZWxldGVTZXNzaW9uUmVxdWVzdBIRCglkZXZpY2VfaWQYASABKAkiFwoVRGVsZXRlU2Vzc2lvblJlc3BvbnNlIkMKG1Rlcm1pbmF0ZUFsbFNlc3Npb25zUmVxdWVzdBIWCglkZXZpY2VfaWQYASABKAlIAIgBAUIMCgpfZGV2aWNlX2lkIh4KHFRlcm1pbmF0ZUFsbFNlc3Npb25zUmVzcG9uc2UiDwoNTG9nb3V0UmVxdWVzdCIQCg5Mb2dvdXRSZXNwb25zZSo+CgpEZXZpY2VUeXBlEhsKF0RFVklDRV9UWVBFX1VOU1BFQ0lGSUVEEAASEwoPREVWSUNFX1RZUEVfV0VCEAEyxgUKC0F1dGhTZXJ2aWNlEmIKDUF1dGhvcml6YXRpb24SJi5zZW50aW5lbC5hdXRoLnYxLkF1dGhvcml6YXRpb25SZXF1ZXN0Gicuc2VudGluZWwuYXV0aC52MS5BdXRob3JpemF0aW9uUmVzcG9uc2UiABJfCgxBdXRoZW50aWNhdGUSJS5zZW50aW5lbC5hdXRoLnYxLkF1dGhlbnRpY2F0ZVJlcXVlc3QaJi5zZW50aW5lbC5hdXRoLnYxLkF1dGhlbnRpY2F0ZVJlc3BvbnNlIgASXwoMUmVmcmVzaFRva2VuEiUuc2VudGluZWwuYXV0aC52MS5SZWZyZXNoVG9rZW5SZXF1ZXN0GiYuc2VudGluZWwuYXV0aC52MS5SZWZyZXNoVG9rZW5SZXNwb25zZSIAEk0KBkxvZ291dBIfLnNlbnRpbmVsLmF1dGgudjEuTG9nb3V0UmVxdWVzdBogLnNlbnRpbmVsLmF1dGgudjEuTG9nb3V0UmVzcG9uc2UiABJlCg5BY3RpdmVTZXNzaW9ucxInLnNlbnRpbmVsLmF1dGgudjEuQWN0aXZlU2Vzc2lvbnNSZXF1ZXN0Giguc2VudGluZWwuYXV0aC52MS5BY3RpdmVTZXNzaW9uc1Jlc3BvbnNlIgASYgoNRGVsZXRlU2Vzc2lvbhImLnNlbnRpbmVsLmF1dGgudjEuRGVsZXRlU2Vzc2lvblJlcXVlc3QaJy5zZW50aW5lbC5hdXRoLnYxLkRlbGV0ZVNlc3Npb25SZXNwb25zZSIAEncKFFRlcm1pbmF0ZUFsbFNlc3Npb25zEi0uc2VudGluZWwuYXV0aC52MS5UZXJtaW5hdGVBbGxTZXNzaW9uc1JlcXVlc3QaLi5zZW50aW5lbC5hdXRoLnYxLlRlcm1pbmF0ZUFsbFNlc3Npb25zUmVzcG9uc2UiAELUAQoUY29tLnNlbnRpbmVsLmF1dGgudjFCCUF1dGhQcm90b1ABWk9naXRodWIuY29tL3N4d2ViZGV2L3NlbnRpbmVsL2ludGVybmFsL2h1Yi9odWJzZXJ2ZXIvYXBpL3NlbnRpbmVsL2F1dGgvdjE7YXV0aHYxogIDU0FYqgIQU2VudGluZWwuQXV0aC5WMcoCEFNlbnRpbmVsXEF1dGhcVjHiAhxTZW50aW5lbFxBdXRoXFYxXEdQQk1ldGFkYXRh6gISU2VudGluZWw6OkF1dGg6OlYxYgZwcm90bzM", [file_google_protobuf_timestamp, file_sentinel_users_v1_users]);
+
+/**
+ * @generated from message sentinel.auth.v1.DeviceInfo
+ */
+export type DeviceInfo = Message<"sentinel.auth.v1.DeviceInfo"> & {
+  /**
+   * @generated from field: string device_id = 1;
+   */
+  deviceId: string;
+
+  /**
+   * @generated from field: sentinel.auth.v1.DeviceType device_type = 2;
+   */
+  deviceType: DeviceType;
+
+  /**
+   * @generated from field: string device_name = 3;
+   */
+  deviceName: string;
+
+  /**
+   * @generated from field: string fingerprint = 4;
+   */
+  fingerprint: string;
+
+  /**
+   * @generated from field: string os_version = 5;
+   */
+  osVersion: string;
+
+  /**
+   * @generated from field: string app_version = 6;
+   */
+  appVersion: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.DeviceInfo.
+ * Use `create(DeviceInfoSchema)` to create a new message.
+ */
+export const DeviceInfoSchema: GenMessage<DeviceInfo> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 0);
+
+/**
+ * @generated from message sentinel.auth.v1.Session
+ */
+export type Session = Message<"sentinel.auth.v1.Session"> & {
+  /**
+   * @generated from field: sentinel.auth.v1.DeviceInfo device_info = 1;
+   */
+  deviceInfo?: DeviceInfo;
+
+  /**
+   * @generated from field: string country = 2;
+   */
+  country: string;
+
+  /**
+   * @generated from field: string ip = 3;
+   */
+  ip: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 4;
+   */
+  createdAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.Session.
+ * Use `create(SessionSchema)` to create a new message.
+ */
+export const SessionSchema: GenMessage<Session> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 1);
+
+/**
+ * Authorization
+ *
+ * @generated from message sentinel.auth.v1.AuthorizationRequest
+ */
+export type AuthorizationRequest = Message<"sentinel.auth.v1.AuthorizationRequest"> & {
+  /**
+   * @generated from field: string email = 1;
+   */
+  email: string;
+
+  /**
+   * @generated from field: string password = 2;
+   */
+  password: string;
+
+  /**
+   * @generated from field: sentinel.auth.v1.DeviceInfo device_info = 4;
+   */
+  deviceInfo?: DeviceInfo;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.AuthorizationRequest.
+ * Use `create(AuthorizationRequestSchema)` to create a new message.
+ */
+export const AuthorizationRequestSchema: GenMessage<AuthorizationRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 2);
+
+/**
+ * @generated from message sentinel.auth.v1.AuthPayload
+ */
+export type AuthPayload = Message<"sentinel.auth.v1.AuthPayload"> & {
+  /**
+   * @generated from field: string access_token = 1;
+   */
+  accessToken: string;
+
+  /**
+   * @generated from field: string refresh_token = 2;
+   */
+  refreshToken: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp access_token_expired_at = 3;
+   */
+  accessTokenExpiredAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp refresh_token_expired_at = 4;
+   */
+  refreshTokenExpiredAt?: Timestamp;
+
+  /**
+   * @generated from field: string device_id = 5;
+   */
+  deviceId: string;
+
+  /**
+   * @generated from field: optional string organization_id = 6;
+   */
+  organizationId?: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.AuthPayload.
+ * Use `create(AuthPayloadSchema)` to create a new message.
+ */
+export const AuthPayloadSchema: GenMessage<AuthPayload> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 3);
+
+/**
+ * @generated from message sentinel.auth.v1.AuthorizationResponse
+ */
+export type AuthorizationResponse = Message<"sentinel.auth.v1.AuthorizationResponse"> & {
+  /**
+   * @generated from field: sentinel.auth.v1.AuthPayload auth_payload = 1;
+   */
+  authPayload?: AuthPayload;
+
+  /**
+   * @generated from field: sentinel.users.v1.User user = 2;
+   */
+  user?: User;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.AuthorizationResponse.
+ * Use `create(AuthorizationResponseSchema)` to create a new message.
+ */
+export const AuthorizationResponseSchema: GenMessage<AuthorizationResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 4);
+
+/**
+ * Authenticate
+ *
+ * @generated from message sentinel.auth.v1.AuthenticateRequest
+ */
+export type AuthenticateRequest = Message<"sentinel.auth.v1.AuthenticateRequest"> & {
+  /**
+   * @generated from field: string access_token = 1;
+   */
+  accessToken: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.AuthenticateRequest.
+ * Use `create(AuthenticateRequestSchema)` to create a new message.
+ */
+export const AuthenticateRequestSchema: GenMessage<AuthenticateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 5);
+
+/**
+ * @generated from message sentinel.auth.v1.AuthenticateResponse
+ */
+export type AuthenticateResponse = Message<"sentinel.auth.v1.AuthenticateResponse"> & {
+  /**
+   * @generated from field: sentinel.users.v1.User user = 2;
+   */
+  user?: User;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.AuthenticateResponse.
+ * Use `create(AuthenticateResponseSchema)` to create a new message.
+ */
+export const AuthenticateResponseSchema: GenMessage<AuthenticateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 6);
+
+/**
+ * Refresh token
+ *
+ * @generated from message sentinel.auth.v1.RefreshTokenRequest
+ */
+export type RefreshTokenRequest = Message<"sentinel.auth.v1.RefreshTokenRequest"> & {
+  /**
+   * @generated from field: string refresh_token = 1;
+   */
+  refreshToken: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.RefreshTokenRequest.
+ * Use `create(RefreshTokenRequestSchema)` to create a new message.
+ */
+export const RefreshTokenRequestSchema: GenMessage<RefreshTokenRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 7);
+
+/**
+ * @generated from message sentinel.auth.v1.RefreshTokenResponse
+ */
+export type RefreshTokenResponse = Message<"sentinel.auth.v1.RefreshTokenResponse"> & {
+  /**
+   * @generated from field: string access_token = 1;
+   */
+  accessToken: string;
+
+  /**
+   * @generated from field: string refresh_token = 2;
+   */
+  refreshToken: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp access_token_expired_at = 3;
+   */
+  accessTokenExpiredAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp refresh_token_expired_at = 4;
+   */
+  refreshTokenExpiredAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.RefreshTokenResponse.
+ * Use `create(RefreshTokenResponseSchema)` to create a new message.
+ */
+export const RefreshTokenResponseSchema: GenMessage<RefreshTokenResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 8);
+
+/**
+ * Active sessions
+ *
+ * @generated from message sentinel.auth.v1.ActiveSessionsRequest
+ */
+export type ActiveSessionsRequest = Message<"sentinel.auth.v1.ActiveSessionsRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.auth.v1.ActiveSessionsRequest.
+ * Use `create(ActiveSessionsRequestSchema)` to create a new message.
+ */
+export const ActiveSessionsRequestSchema: GenMessage<ActiveSessionsRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 9);
+
+/**
+ * @generated from message sentinel.auth.v1.ActiveSessionsResponse
+ */
+export type ActiveSessionsResponse = Message<"sentinel.auth.v1.ActiveSessionsResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.auth.v1.Session sessions = 1;
+   */
+  sessions: Session[];
+};
+
+/**
+ * Describes the message sentinel.auth.v1.ActiveSessionsResponse.
+ * Use `create(ActiveSessionsResponseSchema)` to create a new message.
+ */
+export const ActiveSessionsResponseSchema: GenMessage<ActiveSessionsResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 10);
+
+/**
+ * Delete session
+ *
+ * @generated from message sentinel.auth.v1.DeleteSessionRequest
+ */
+export type DeleteSessionRequest = Message<"sentinel.auth.v1.DeleteSessionRequest"> & {
+  /**
+   * @generated from field: string device_id = 1;
+   */
+  deviceId: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.DeleteSessionRequest.
+ * Use `create(DeleteSessionRequestSchema)` to create a new message.
+ */
+export const DeleteSessionRequestSchema: GenMessage<DeleteSessionRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 11);
+
+/**
+ * @generated from message sentinel.auth.v1.DeleteSessionResponse
+ */
+export type DeleteSessionResponse = Message<"sentinel.auth.v1.DeleteSessionResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.auth.v1.DeleteSessionResponse.
+ * Use `create(DeleteSessionResponseSchema)` to create a new message.
+ */
+export const DeleteSessionResponseSchema: GenMessage<DeleteSessionResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 12);
+
+/**
+ * Terminate all sessions
+ *
+ * @generated from message sentinel.auth.v1.TerminateAllSessionsRequest
+ */
+export type TerminateAllSessionsRequest = Message<"sentinel.auth.v1.TerminateAllSessionsRequest"> & {
+  /**
+   * Current device id. This session will not be terminated.
+   * If not set, all sessions will be terminated.
+   *
+   * @generated from field: optional string device_id = 1;
+   */
+  deviceId?: string;
+};
+
+/**
+ * Describes the message sentinel.auth.v1.TerminateAllSessionsRequest.
+ * Use `create(TerminateAllSessionsRequestSchema)` to create a new message.
+ */
+export const TerminateAllSessionsRequestSchema: GenMessage<TerminateAllSessionsRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 13);
+
+/**
+ * @generated from message sentinel.auth.v1.TerminateAllSessionsResponse
+ */
+export type TerminateAllSessionsResponse = Message<"sentinel.auth.v1.TerminateAllSessionsResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.auth.v1.TerminateAllSessionsResponse.
+ * Use `create(TerminateAllSessionsResponseSchema)` to create a new message.
+ */
+export const TerminateAllSessionsResponseSchema: GenMessage<TerminateAllSessionsResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 14);
+
+/**
+ * Logout
+ *
+ * @generated from message sentinel.auth.v1.LogoutRequest
+ */
+export type LogoutRequest = Message<"sentinel.auth.v1.LogoutRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.auth.v1.LogoutRequest.
+ * Use `create(LogoutRequestSchema)` to create a new message.
+ */
+export const LogoutRequestSchema: GenMessage<LogoutRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 15);
+
+/**
+ * @generated from message sentinel.auth.v1.LogoutResponse
+ */
+export type LogoutResponse = Message<"sentinel.auth.v1.LogoutResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.auth.v1.LogoutResponse.
+ * Use `create(LogoutResponseSchema)` to create a new message.
+ */
+export const LogoutResponseSchema: GenMessage<LogoutResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_auth_v1_auth, 16);
+
+/**
+ * @generated from enum sentinel.auth.v1.DeviceType
+ */
+export enum DeviceType {
+  /**
+   * @generated from enum value: DEVICE_TYPE_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: DEVICE_TYPE_WEB = 1;
+   */
+  WEB = 1,
+}
+
+/**
+ * Describes the enum sentinel.auth.v1.DeviceType.
+ */
+export const DeviceTypeSchema: GenEnum<DeviceType> = /*@__PURE__*/
+  enumDesc(file_sentinel_auth_v1_auth, 0);
+
+/**
+ * AuthService is the service for authentication and authorization.
+ *
+ * @generated from service sentinel.auth.v1.AuthService
+ */
+export const AuthService: GenService<{
+  /**
+   * Auth 
+   *
+   * @generated from rpc sentinel.auth.v1.AuthService.Authorization
+   */
+  authorization: {
+    methodKind: "unary";
+    input: typeof AuthorizationRequestSchema;
+    output: typeof AuthorizationResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.auth.v1.AuthService.Authenticate
+   */
+  authenticate: {
+    methodKind: "unary";
+    input: typeof AuthenticateRequestSchema;
+    output: typeof AuthenticateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.auth.v1.AuthService.RefreshToken
+   */
+  refreshToken: {
+    methodKind: "unary";
+    input: typeof RefreshTokenRequestSchema;
+    output: typeof RefreshTokenResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.auth.v1.AuthService.Logout
+   */
+  logout: {
+    methodKind: "unary";
+    input: typeof LogoutRequestSchema;
+    output: typeof LogoutResponseSchema;
+  },
+  /**
+   * Sessions 
+   *
+   * @generated from rpc sentinel.auth.v1.AuthService.ActiveSessions
+   */
+  activeSessions: {
+    methodKind: "unary";
+    input: typeof ActiveSessionsRequestSchema;
+    output: typeof ActiveSessionsResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.auth.v1.AuthService.DeleteSession
+   */
+  deleteSession: {
+    methodKind: "unary";
+    input: typeof DeleteSessionRequestSchema;
+    output: typeof DeleteSessionResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.auth.v1.AuthService.TerminateAllSessions
+   */
+  terminateAllSessions: {
+    methodKind: "unary";
+    input: typeof TerminateAllSessionsRequestSchema;
+    output: typeof TerminateAllSessionsResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_auth_v1_auth, 0);
+
diff --git a/frontend/src/api/gen/sentinel/common/v1/common_pb.ts b/frontend/src/api/gen/sentinel/common/v1/common_pb.ts
new file mode 100644
index 0000000..5d346f1
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/common/v1/common_pb.ts
@@ -0,0 +1,46 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/common/v1/common.proto (package sentinel.common.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/common/v1/common.proto.
+ */
+export const file_sentinel_common_v1_common: GenFile = /*@__PURE__*/
+  fileDesc("Ch9zZW50aW5lbC9jb21tb24vdjEvY29tbW9uLnByb3RvEhJzZW50aW5lbC5jb21tb24udjEijwEKEUZpbmRSZXF1ZXN0Q29tbW9uEhEKBHBhZ2UYASABKA1IAIgBARIWCglwYWdlX3NpemUYAiABKA1IAYgBARIVCghvcmRlcl9ieRgDIAEoCUgCiAEBEhQKDGlzX2FzY19vcmRlchgEIAEoCEIHCgVfcGFnZUIMCgpfcGFnZV9zaXplQgsKCV9vcmRlcl9ieULkAQoWY29tLnNlbnRpbmVsLmNvbW1vbi52MUILQ29tbW9uUHJvdG9QAVpTZ2l0aHViLmNvbS9zeHdlYmRldi9zZW50aW5lbC9pbnRlcm5hbC9odWIvaHVic2VydmVyL2FwaS9zZW50aW5lbC9jb21tb24vdjE7Y29tbW9udjGiAgNTQ1iqAhJTZW50aW5lbC5Db21tb24uVjHKAhJTZW50aW5lbFxDb21tb25cVjHiAh5TZW50aW5lbFxDb21tb25cVjFcR1BCTWV0YWRhdGHqAhRTZW50aW5lbDo6Q29tbW9uOjpWMWIGcHJvdG8z");
+
+/**
+ * @generated from message sentinel.common.v1.FindRequestCommon
+ */
+export type FindRequestCommon = Message<"sentinel.common.v1.FindRequestCommon"> & {
+  /**
+   * @generated from field: optional uint32 page = 1;
+   */
+  page?: number;
+
+  /**
+   * @generated from field: optional uint32 page_size = 2;
+   */
+  pageSize?: number;
+
+  /**
+   * @generated from field: optional string order_by = 3;
+   */
+  orderBy?: string;
+
+  /**
+   * @generated from field: bool is_asc_order = 4;
+   */
+  isAscOrder: boolean;
+};
+
+/**
+ * Describes the message sentinel.common.v1.FindRequestCommon.
+ * Use `create(FindRequestCommonSchema)` to create a new message.
+ */
+export const FindRequestCommonSchema: GenMessage<FindRequestCommon> = /*@__PURE__*/
+  messageDesc(file_sentinel_common_v1_common, 0);
+
diff --git a/frontend/src/api/gen/sentinel/notifications/v1/notifications-NotificationService_connectquery.ts b/frontend/src/api/gen/sentinel/notifications/v1/notifications-NotificationService_connectquery.ts
new file mode 100644
index 0000000..4287229
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/notifications/v1/notifications-NotificationService_connectquery.ts
@@ -0,0 +1,40 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/notifications/v1/notifications.proto (package sentinel.notifications.v1, syntax proto3)
+/* eslint-disable */
+
+import { NotificationService } from "./notifications_pb";
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.ProvidersList
+ */
+export const providersList = NotificationService.method.providersList;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderCreate
+ */
+export const providerCreate = NotificationService.method.providerCreate;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderUpdate
+ */
+export const providerUpdate = NotificationService.method.providerUpdate;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderDelete
+ */
+export const providerDelete = NotificationService.method.providerDelete;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderTest
+ */
+export const providerTest = NotificationService.method.providerTest;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.HistoryList
+ */
+export const historyList = NotificationService.method.historyList;
+
+/**
+ * @generated from rpc sentinel.notifications.v1.NotificationService.HistoryDeleteAll
+ */
+export const historyDeleteAll = NotificationService.method.historyDeleteAll;
diff --git a/frontend/src/api/gen/sentinel/notifications/v1/notifications_pb.ts b/frontend/src/api/gen/sentinel/notifications/v1/notifications_pb.ts
new file mode 100644
index 0000000..800fade
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/notifications/v1/notifications_pb.ts
@@ -0,0 +1,552 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/notifications/v1/notifications.proto (package sentinel.notifications.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { FindRequestCommon } from "../../common/v1/common_pb";
+import { file_sentinel_common_v1_common } from "../../common/v1/common_pb";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/notifications/v1/notifications.proto.
+ */
+export const file_sentinel_notifications_v1_notifications: GenFile = /*@__PURE__*/
+  fileDesc("Ci1zZW50aW5lbC9ub3RpZmljYXRpb25zL3YxL25vdGlmaWNhdGlvbnMucHJvdG8SGXNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEiHQoOU2hvdXRycnJDb25maWcSCwoDdXJsGAEgASgJIlkKDlByb3ZpZGVyQ29uZmlnEj0KCHNob3V0cnJyGAEgASgLMikuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5TaG91dHJyckNvbmZpZ0gAQggKBmNvbmZpZyL8AQoIUHJvdmlkZXISCgoCaWQYASABKAkSNQoEdHlwZRgCIAEoDjInLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuUHJvdmlkZXJUeXBlEjkKBmNvbmZpZxgDIAEoCzIpLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuUHJvdmlkZXJDb25maWcSEgoKaXNfZW5hYmxlZBgEIAEoCBIuCgpjcmVhdGVkX2F0GAUgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgp1cGRhdGVkX2F0GAYgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCLgAgoLSGlzdG9yeUl0ZW0SCgoCaWQYASABKAkSDwoHbWVzc2FnZRgCIAEoCRIOCgZzdGF0dXMYAyABKAkSFQoIcmVzcG9uc2UYBCABKAlIAIgBARIQCghhdHRlbXB0cxgFIAEoAxIaCg1lcnJvcl9tZXNzYWdlGAYgASgJSAGIAQESMwoPbGFzdF9hdHRlbXB0X2F0GAcgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIrCgdzZW50X2F0GAggASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgpjcmVhdGVkX2F0GAkgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgp1cGRhdGVkX2F0GAogASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcEILCglfcmVzcG9uc2VCEAoOX2Vycm9yX21lc3NhZ2UiFgoUUHJvdmlkZXJzTGlzdFJlcXVlc3QiSwoVUHJvdmlkZXJzTGlzdFJlc3BvbnNlEjIKBWl0ZW1zGAEgAygLMiMuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5Qcm92aWRlciKdAQoVUHJvdmlkZXJDcmVhdGVSZXF1ZXN0EjUKBHR5cGUYASABKA4yJy5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyVHlwZRI5CgZjb25maWcYAiABKAsyKS5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyQ29uZmlnEhIKCmlzX2VuYWJsZWQYAyABKAgiSwoWUHJvdmlkZXJDcmVhdGVSZXNwb25zZRIxCgRpdGVtGAEgASgLMiMuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5Qcm92aWRlciKpAQoVUHJvdmlkZXJVcGRhdGVSZXF1ZXN0EgoKAmlkGAEgASgJEjUKBHR5cGUYAiABKA4yJy5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyVHlwZRI5CgZjb25maWcYAyABKAsyKS5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyQ29uZmlnEhIKCmlzX2VuYWJsZWQYBCABKAgiSwoWUHJvdmlkZXJVcGRhdGVSZXNwb25zZRIxCgRpdGVtGAEgASgLMiMuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5Qcm92aWRlciIjChVQcm92aWRlckRlbGV0ZVJlcXVlc3QSCgoCaWQYASABKAkiGAoWUHJvdmlkZXJEZWxldGVSZXNwb25zZSIhChNQcm92aWRlclRlc3RSZXF1ZXN0EgoKAmlkGAEgASgJIhYKFFByb3ZpZGVyVGVzdFJlc3BvbnNlIlsKEkhpc3RvcnlMaXN0UmVxdWVzdBI1CgZjb21tb24YASABKAsyJS5zZW50aW5lbC5jb21tb24udjEuRmluZFJlcXVlc3RDb21tb24SDgoGc3RhdHVzGAIgASgJIlsKE0hpc3RvcnlMaXN0UmVzcG9uc2USNQoFaXRlbXMYASADKAsyJi5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLkhpc3RvcnlJdGVtEg0KBWNvdW50GAIgASgNIhkKF0hpc3RvcnlEZWxldGVBbGxSZXF1ZXN0IhoKGEhpc3RvcnlEZWxldGVBbGxSZXNwb25zZSIZChdIaXN0b3J5U3Vic2NyaWJlUmVxdWVzdCIaChhIaXN0b3J5U3Vic2NyaWJlUmVzcG9uc2UqSQoMUHJvdmlkZXJUeXBlEh0KGVBST1ZJREVSX1RZUEVfVU5TUEVDSUZJRUQQABIaChZQUk9WSURFUl9UWVBFX1NIT1VUUlJSEAEyyQcKE05vdGlmaWNhdGlvblNlcnZpY2UScgoNUHJvdmlkZXJzTGlzdBIvLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuUHJvdmlkZXJzTGlzdFJlcXVlc3QaMC5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyc0xpc3RSZXNwb25zZRJ1Cg5Qcm92aWRlckNyZWF0ZRIwLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuUHJvdmlkZXJDcmVhdGVSZXF1ZXN0GjEuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5Qcm92aWRlckNyZWF0ZVJlc3BvbnNlEnUKDlByb3ZpZGVyVXBkYXRlEjAuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5Qcm92aWRlclVwZGF0ZVJlcXVlc3QaMS5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyVXBkYXRlUmVzcG9uc2USdQoOUHJvdmlkZXJEZWxldGUSMC5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyRGVsZXRlUmVxdWVzdBoxLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuUHJvdmlkZXJEZWxldGVSZXNwb25zZRJvCgxQcm92aWRlclRlc3QSLi5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyVGVzdFJlcXVlc3QaLy5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLlByb3ZpZGVyVGVzdFJlc3BvbnNlEmwKC0hpc3RvcnlMaXN0Ei0uc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5IaXN0b3J5TGlzdFJlcXVlc3QaLi5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLkhpc3RvcnlMaXN0UmVzcG9uc2USewoQSGlzdG9yeURlbGV0ZUFsbBIyLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuSGlzdG9yeURlbGV0ZUFsbFJlcXVlc3QaMy5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxLkhpc3RvcnlEZWxldGVBbGxSZXNwb25zZRJ9ChBIaXN0b3J5U3Vic2NyaWJlEjIuc2VudGluZWwubm90aWZpY2F0aW9ucy52MS5IaXN0b3J5U3Vic2NyaWJlUmVxdWVzdBozLnNlbnRpbmVsLm5vdGlmaWNhdGlvbnMudjEuSGlzdG9yeVN1YnNjcmliZVJlc3BvbnNlMAFCnAIKHWNvbS5zZW50aW5lbC5ub3RpZmljYXRpb25zLnYxQhJOb3RpZmljYXRpb25zUHJvdG9QAVphZ2l0aHViLmNvbS9zeHdlYmRldi9zZW50aW5lbC9pbnRlcm5hbC9odWIvaHVic2VydmVyL2FwaS9zZW50aW5lbC9ub3RpZmljYXRpb25zL3YxO25vdGlmaWNhdGlvbnN2MaICA1NOWKoCGVNlbnRpbmVsLk5vdGlmaWNhdGlvbnMuVjHKAhlTZW50aW5lbFxOb3RpZmljYXRpb25zXFYx4gIlU2VudGluZWxcTm90aWZpY2F0aW9uc1xWMVxHUEJNZXRhZGF0YeoCG1NlbnRpbmVsOjpOb3RpZmljYXRpb25zOjpWMWIGcHJvdG8z", [file_google_protobuf_timestamp, file_sentinel_common_v1_common]);
+
+/**
+ * @generated from message sentinel.notifications.v1.ShoutrrrConfig
+ */
+export type ShoutrrrConfig = Message<"sentinel.notifications.v1.ShoutrrrConfig"> & {
+  /**
+   * @generated from field: string url = 1;
+   */
+  url: string;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ShoutrrrConfig.
+ * Use `create(ShoutrrrConfigSchema)` to create a new message.
+ */
+export const ShoutrrrConfigSchema: GenMessage<ShoutrrrConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 0);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProviderConfig
+ */
+export type ProviderConfig = Message<"sentinel.notifications.v1.ProviderConfig"> & {
+  /**
+   * @generated from oneof sentinel.notifications.v1.ProviderConfig.config
+   */
+  config: {
+    /**
+     * @generated from field: sentinel.notifications.v1.ShoutrrrConfig shoutrrr = 1;
+     */
+    value: ShoutrrrConfig;
+    case: "shoutrrr";
+  } | { case: undefined; value?: undefined };
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderConfig.
+ * Use `create(ProviderConfigSchema)` to create a new message.
+ */
+export const ProviderConfigSchema: GenMessage<ProviderConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 1);
+
+/**
+ * @generated from message sentinel.notifications.v1.Provider
+ */
+export type Provider = Message<"sentinel.notifications.v1.Provider"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderType type = 2;
+   */
+  type: ProviderType;
+
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderConfig config = 3;
+   */
+  config?: ProviderConfig;
+
+  /**
+   * @generated from field: bool is_enabled = 4;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 5;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 6;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.Provider.
+ * Use `create(ProviderSchema)` to create a new message.
+ */
+export const ProviderSchema: GenMessage<Provider> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 2);
+
+/**
+ * @generated from message sentinel.notifications.v1.HistoryItem
+ */
+export type HistoryItem = Message<"sentinel.notifications.v1.HistoryItem"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string message = 2;
+   */
+  message: string;
+
+  /**
+   * @generated from field: string status = 3;
+   */
+  status: string;
+
+  /**
+   * @generated from field: optional string response = 4;
+   */
+  response?: string;
+
+  /**
+   * @generated from field: int64 attempts = 5;
+   */
+  attempts: bigint;
+
+  /**
+   * @generated from field: optional string error_message = 6;
+   */
+  errorMessage?: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp last_attempt_at = 7;
+   */
+  lastAttemptAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp sent_at = 8;
+   */
+  sentAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 9;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 10;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistoryItem.
+ * Use `create(HistoryItemSchema)` to create a new message.
+ */
+export const HistoryItemSchema: GenMessage<HistoryItem> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 3);
+
+/**
+ * ProvidersList lists all notification providers.
+ *
+ * @generated from message sentinel.notifications.v1.ProvidersListRequest
+ */
+export type ProvidersListRequest = Message<"sentinel.notifications.v1.ProvidersListRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProvidersListRequest.
+ * Use `create(ProvidersListRequestSchema)` to create a new message.
+ */
+export const ProvidersListRequestSchema: GenMessage<ProvidersListRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 4);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProvidersListResponse
+ */
+export type ProvidersListResponse = Message<"sentinel.notifications.v1.ProvidersListResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.notifications.v1.Provider items = 1;
+   */
+  items: Provider[];
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProvidersListResponse.
+ * Use `create(ProvidersListResponseSchema)` to create a new message.
+ */
+export const ProvidersListResponseSchema: GenMessage<ProvidersListResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 5);
+
+/**
+ * ProviderCreate creates a new notification provider.
+ *
+ * @generated from message sentinel.notifications.v1.ProviderCreateRequest
+ */
+export type ProviderCreateRequest = Message<"sentinel.notifications.v1.ProviderCreateRequest"> & {
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderType type = 1;
+   */
+  type: ProviderType;
+
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderConfig config = 2;
+   */
+  config?: ProviderConfig;
+
+  /**
+   * @generated from field: bool is_enabled = 3;
+   */
+  isEnabled: boolean;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderCreateRequest.
+ * Use `create(ProviderCreateRequestSchema)` to create a new message.
+ */
+export const ProviderCreateRequestSchema: GenMessage<ProviderCreateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 6);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProviderCreateResponse
+ */
+export type ProviderCreateResponse = Message<"sentinel.notifications.v1.ProviderCreateResponse"> & {
+  /**
+   * @generated from field: sentinel.notifications.v1.Provider item = 1;
+   */
+  item?: Provider;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderCreateResponse.
+ * Use `create(ProviderCreateResponseSchema)` to create a new message.
+ */
+export const ProviderCreateResponseSchema: GenMessage<ProviderCreateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 7);
+
+/**
+ * ProviderUpdate updates an existing notification provider.
+ *
+ * @generated from message sentinel.notifications.v1.ProviderUpdateRequest
+ */
+export type ProviderUpdateRequest = Message<"sentinel.notifications.v1.ProviderUpdateRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderType type = 2;
+   */
+  type: ProviderType;
+
+  /**
+   * @generated from field: sentinel.notifications.v1.ProviderConfig config = 3;
+   */
+  config?: ProviderConfig;
+
+  /**
+   * @generated from field: bool is_enabled = 4;
+   */
+  isEnabled: boolean;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderUpdateRequest.
+ * Use `create(ProviderUpdateRequestSchema)` to create a new message.
+ */
+export const ProviderUpdateRequestSchema: GenMessage<ProviderUpdateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 8);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProviderUpdateResponse
+ */
+export type ProviderUpdateResponse = Message<"sentinel.notifications.v1.ProviderUpdateResponse"> & {
+  /**
+   * @generated from field: sentinel.notifications.v1.Provider item = 1;
+   */
+  item?: Provider;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderUpdateResponse.
+ * Use `create(ProviderUpdateResponseSchema)` to create a new message.
+ */
+export const ProviderUpdateResponseSchema: GenMessage<ProviderUpdateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 9);
+
+/**
+ * ProviderDelete deletes a notification provider.
+ *
+ * @generated from message sentinel.notifications.v1.ProviderDeleteRequest
+ */
+export type ProviderDeleteRequest = Message<"sentinel.notifications.v1.ProviderDeleteRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderDeleteRequest.
+ * Use `create(ProviderDeleteRequestSchema)` to create a new message.
+ */
+export const ProviderDeleteRequestSchema: GenMessage<ProviderDeleteRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 10);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProviderDeleteResponse
+ */
+export type ProviderDeleteResponse = Message<"sentinel.notifications.v1.ProviderDeleteResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderDeleteResponse.
+ * Use `create(ProviderDeleteResponseSchema)` to create a new message.
+ */
+export const ProviderDeleteResponseSchema: GenMessage<ProviderDeleteResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 11);
+
+/**
+ * ProviderTest sends a test notification using the specified provider.
+ *
+ * @generated from message sentinel.notifications.v1.ProviderTestRequest
+ */
+export type ProviderTestRequest = Message<"sentinel.notifications.v1.ProviderTestRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderTestRequest.
+ * Use `create(ProviderTestRequestSchema)` to create a new message.
+ */
+export const ProviderTestRequestSchema: GenMessage<ProviderTestRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 12);
+
+/**
+ * @generated from message sentinel.notifications.v1.ProviderTestResponse
+ */
+export type ProviderTestResponse = Message<"sentinel.notifications.v1.ProviderTestResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.ProviderTestResponse.
+ * Use `create(ProviderTestResponseSchema)` to create a new message.
+ */
+export const ProviderTestResponseSchema: GenMessage<ProviderTestResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 13);
+
+/**
+ * History retrieves the notification history with optional filters.
+ *
+ * @generated from message sentinel.notifications.v1.HistoryListRequest
+ */
+export type HistoryListRequest = Message<"sentinel.notifications.v1.HistoryListRequest"> & {
+  /**
+   * @generated from field: sentinel.common.v1.FindRequestCommon common = 1;
+   */
+  common?: FindRequestCommon;
+
+  /**
+   * @generated from field: string status = 2;
+   */
+  status: string;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistoryListRequest.
+ * Use `create(HistoryListRequestSchema)` to create a new message.
+ */
+export const HistoryListRequestSchema: GenMessage<HistoryListRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 14);
+
+/**
+ * @generated from message sentinel.notifications.v1.HistoryListResponse
+ */
+export type HistoryListResponse = Message<"sentinel.notifications.v1.HistoryListResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.notifications.v1.HistoryItem items = 1;
+   */
+  items: HistoryItem[];
+
+  /**
+   * @generated from field: uint32 count = 2;
+   */
+  count: number;
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistoryListResponse.
+ * Use `create(HistoryListResponseSchema)` to create a new message.
+ */
+export const HistoryListResponseSchema: GenMessage<HistoryListResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 15);
+
+/**
+ * HistoryDeleteAll deletes all notification history items.
+ *
+ * @generated from message sentinel.notifications.v1.HistoryDeleteAllRequest
+ */
+export type HistoryDeleteAllRequest = Message<"sentinel.notifications.v1.HistoryDeleteAllRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistoryDeleteAllRequest.
+ * Use `create(HistoryDeleteAllRequestSchema)` to create a new message.
+ */
+export const HistoryDeleteAllRequestSchema: GenMessage<HistoryDeleteAllRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 16);
+
+/**
+ * @generated from message sentinel.notifications.v1.HistoryDeleteAllResponse
+ */
+export type HistoryDeleteAllResponse = Message<"sentinel.notifications.v1.HistoryDeleteAllResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistoryDeleteAllResponse.
+ * Use `create(HistoryDeleteAllResponseSchema)` to create a new message.
+ */
+export const HistoryDeleteAllResponseSchema: GenMessage<HistoryDeleteAllResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 17);
+
+/**
+ * HistorySubscribe subscribes to real-time notification history updates.
+ *
+ * @generated from message sentinel.notifications.v1.HistorySubscribeRequest
+ */
+export type HistorySubscribeRequest = Message<"sentinel.notifications.v1.HistorySubscribeRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistorySubscribeRequest.
+ * Use `create(HistorySubscribeRequestSchema)` to create a new message.
+ */
+export const HistorySubscribeRequestSchema: GenMessage<HistorySubscribeRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 18);
+
+/**
+ * @generated from message sentinel.notifications.v1.HistorySubscribeResponse
+ */
+export type HistorySubscribeResponse = Message<"sentinel.notifications.v1.HistorySubscribeResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.notifications.v1.HistorySubscribeResponse.
+ * Use `create(HistorySubscribeResponseSchema)` to create a new message.
+ */
+export const HistorySubscribeResponseSchema: GenMessage<HistorySubscribeResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_notifications_v1_notifications, 19);
+
+/**
+ * @generated from enum sentinel.notifications.v1.ProviderType
+ */
+export enum ProviderType {
+  /**
+   * @generated from enum value: PROVIDER_TYPE_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: PROVIDER_TYPE_SHOUTRRR = 1;
+   */
+  SHOUTRRR = 1,
+}
+
+/**
+ * Describes the enum sentinel.notifications.v1.ProviderType.
+ */
+export const ProviderTypeSchema: GenEnum<ProviderType> = /*@__PURE__*/
+  enumDesc(file_sentinel_notifications_v1_notifications, 0);
+
+/**
+ * NotificationService is the service for managing notification providers and
+ * history.
+ *
+ * @generated from service sentinel.notifications.v1.NotificationService
+ */
+export const NotificationService: GenService<{
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.ProvidersList
+   */
+  providersList: {
+    methodKind: "unary";
+    input: typeof ProvidersListRequestSchema;
+    output: typeof ProvidersListResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderCreate
+   */
+  providerCreate: {
+    methodKind: "unary";
+    input: typeof ProviderCreateRequestSchema;
+    output: typeof ProviderCreateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderUpdate
+   */
+  providerUpdate: {
+    methodKind: "unary";
+    input: typeof ProviderUpdateRequestSchema;
+    output: typeof ProviderUpdateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderDelete
+   */
+  providerDelete: {
+    methodKind: "unary";
+    input: typeof ProviderDeleteRequestSchema;
+    output: typeof ProviderDeleteResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.ProviderTest
+   */
+  providerTest: {
+    methodKind: "unary";
+    input: typeof ProviderTestRequestSchema;
+    output: typeof ProviderTestResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.HistoryList
+   */
+  historyList: {
+    methodKind: "unary";
+    input: typeof HistoryListRequestSchema;
+    output: typeof HistoryListResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.HistoryDeleteAll
+   */
+  historyDeleteAll: {
+    methodKind: "unary";
+    input: typeof HistoryDeleteAllRequestSchema;
+    output: typeof HistoryDeleteAllResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.notifications.v1.NotificationService.HistorySubscribe
+   */
+  historySubscribe: {
+    methodKind: "server_streaming";
+    input: typeof HistorySubscribeRequestSchema;
+    output: typeof HistorySubscribeResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_notifications_v1_notifications, 0);
+
diff --git a/frontend/src/api/gen/sentinel/projects/v1/projects-ProjectsService_connectquery.ts b/frontend/src/api/gen/sentinel/projects/v1/projects-ProjectsService_connectquery.ts
new file mode 100644
index 0000000..8de874c
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/projects/v1/projects-ProjectsService_connectquery.ts
@@ -0,0 +1,30 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/projects/v1/projects.proto (package sentinel.projects.v1, syntax proto3)
+/* eslint-disable */
+
+import { ProjectsService } from "./projects_pb";
+
+/**
+ * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectsList
+ */
+export const projectsList = ProjectsService.method.projectsList;
+
+/**
+ * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectCreate
+ */
+export const projectCreate = ProjectsService.method.projectCreate;
+
+/**
+ * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectGet
+ */
+export const projectGet = ProjectsService.method.projectGet;
+
+/**
+ * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectUpdate
+ */
+export const projectUpdate = ProjectsService.method.projectUpdate;
+
+/**
+ * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectDelete
+ */
+export const projectDelete = ProjectsService.method.projectDelete;
diff --git a/frontend/src/api/gen/sentinel/projects/v1/projects_pb.ts b/frontend/src/api/gen/sentinel/projects/v1/projects_pb.ts
new file mode 100644
index 0000000..04c6dc1
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/projects/v1/projects_pb.ts
@@ -0,0 +1,352 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/projects/v1/projects.proto (package sentinel.projects.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/projects/v1/projects.proto.
+ */
+export const file_sentinel_projects_v1_projects: GenFile = /*@__PURE__*/
+  fileDesc("CiNzZW50aW5lbC9wcm9qZWN0cy92MS9wcm9qZWN0cy5wcm90bxIUc2VudGluZWwucHJvamVjdHMudjEiTAoWUHJvamVjdE1vbml0b3JEZWZhdWx0cxIQCghpbnRlcnZhbBgBIAEoAxIPCgd0aW1lb3V0GAIgASgDEg8KB3JldHJpZXMYAyABKAMiWQoPUHJvamVjdFNldHRpbmdzEkYKEG1vbml0b3JfZGVmYXVsdHMYASABKAsyLC5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0TW9uaXRvckRlZmF1bHRzItEBCgdQcm9qZWN0EgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSNwoIc2V0dGluZ3MYBiABKAsyJS5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0U2V0dGluZ3MSLgoKY3JlYXRlZF9hdBgEIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASLgoKdXBkYXRlZF9hdBgFIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAiFQoTUHJvamVjdHNMaXN0UmVxdWVzdCJEChRQcm9qZWN0c0xpc3RSZXNwb25zZRIsCgVpdGVtcxgBIAMoCzIdLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3QicgoUUHJvamVjdENyZWF0ZVJlcXVlc3QSDAoEbmFtZRgBIAEoCRITCgtkZXNjcmlwdGlvbhgCIAEoCRI3CghzZXR0aW5ncxgDIAEoCzIlLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3RTZXR0aW5ncyJEChVQcm9qZWN0Q3JlYXRlUmVzcG9uc2USKwoEaXRlbRgBIAEoCzIdLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3QiHwoRUHJvamVjdEdldFJlcXVlc3QSCgoCaWQYASABKAkiQQoSUHJvamVjdEdldFJlc3BvbnNlEisKBGl0ZW0YASABKAsyHS5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0In4KFFByb2plY3RVcGRhdGVSZXF1ZXN0EgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSNwoIc2V0dGluZ3MYBCABKAsyJS5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0U2V0dGluZ3MiRAoVUHJvamVjdFVwZGF0ZVJlc3BvbnNlEisKBGl0ZW0YASABKAsyHS5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0IiIKFFByb2plY3REZWxldGVSZXF1ZXN0EgoKAmlkGAEgASgJIhcKFVByb2plY3REZWxldGVSZXNwb25zZTKXBAoPUHJvamVjdHNTZXJ2aWNlEmUKDFByb2plY3RzTGlzdBIpLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3RzTGlzdFJlcXVlc3QaKi5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0c0xpc3RSZXNwb25zZRJoCg1Qcm9qZWN0Q3JlYXRlEiouc2VudGluZWwucHJvamVjdHMudjEuUHJvamVjdENyZWF0ZVJlcXVlc3QaKy5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0Q3JlYXRlUmVzcG9uc2USXwoKUHJvamVjdEdldBInLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3RHZXRSZXF1ZXN0Giguc2VudGluZWwucHJvamVjdHMudjEuUHJvamVjdEdldFJlc3BvbnNlEmgKDVByb2plY3RVcGRhdGUSKi5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0VXBkYXRlUmVxdWVzdBorLnNlbnRpbmVsLnByb2plY3RzLnYxLlByb2plY3RVcGRhdGVSZXNwb25zZRJoCg1Qcm9qZWN0RGVsZXRlEiouc2VudGluZWwucHJvamVjdHMudjEuUHJvamVjdERlbGV0ZVJlcXVlc3QaKy5zZW50aW5lbC5wcm9qZWN0cy52MS5Qcm9qZWN0RGVsZXRlUmVzcG9uc2VC9AEKGGNvbS5zZW50aW5lbC5wcm9qZWN0cy52MUINUHJvamVjdHNQcm90b1ABWldnaXRodWIuY29tL3N4d2ViZGV2L3NlbnRpbmVsL2ludGVybmFsL2h1Yi9odWJzZXJ2ZXIvYXBpL3NlbnRpbmVsL3Byb2plY3RzL3YxO3Byb2plY3RzdjGiAgNTUFiqAhRTZW50aW5lbC5Qcm9qZWN0cy5WMcoCFFNlbnRpbmVsXFByb2plY3RzXFYx4gIgU2VudGluZWxcUHJvamVjdHNcVjFcR1BCTWV0YWRhdGHqAhZTZW50aW5lbDo6UHJvamVjdHM6OlYxYgZwcm90bzM", [file_google_protobuf_timestamp]);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectMonitorDefaults
+ */
+export type ProjectMonitorDefaults = Message<"sentinel.projects.v1.ProjectMonitorDefaults"> & {
+  /**
+   * in milliseconds
+   *
+   * @generated from field: int64 interval = 1;
+   */
+  interval: bigint;
+
+  /**
+   * in milliseconds
+   *
+   * @generated from field: int64 timeout = 2;
+   */
+  timeout: bigint;
+
+  /**
+   * @generated from field: int64 retries = 3;
+   */
+  retries: bigint;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectMonitorDefaults.
+ * Use `create(ProjectMonitorDefaultsSchema)` to create a new message.
+ */
+export const ProjectMonitorDefaultsSchema: GenMessage<ProjectMonitorDefaults> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 0);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectSettings
+ */
+export type ProjectSettings = Message<"sentinel.projects.v1.ProjectSettings"> & {
+  /**
+   * @generated from field: sentinel.projects.v1.ProjectMonitorDefaults monitor_defaults = 1;
+   */
+  monitorDefaults?: ProjectMonitorDefaults;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectSettings.
+ * Use `create(ProjectSettingsSchema)` to create a new message.
+ */
+export const ProjectSettingsSchema: GenMessage<ProjectSettings> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 1);
+
+/**
+ * @generated from message sentinel.projects.v1.Project
+ */
+export type Project = Message<"sentinel.projects.v1.Project"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: sentinel.projects.v1.ProjectSettings settings = 6;
+   */
+  settings?: ProjectSettings;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 4;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 5;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.Project.
+ * Use `create(ProjectSchema)` to create a new message.
+ */
+export const ProjectSchema: GenMessage<Project> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 2);
+
+/**
+ * ProjectsListRequest is the request message for listing projects.
+ *
+ * @generated from message sentinel.projects.v1.ProjectsListRequest
+ */
+export type ProjectsListRequest = Message<"sentinel.projects.v1.ProjectsListRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectsListRequest.
+ * Use `create(ProjectsListRequestSchema)` to create a new message.
+ */
+export const ProjectsListRequestSchema: GenMessage<ProjectsListRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 3);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectsListResponse
+ */
+export type ProjectsListResponse = Message<"sentinel.projects.v1.ProjectsListResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.projects.v1.Project items = 1;
+   */
+  items: Project[];
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectsListResponse.
+ * Use `create(ProjectsListResponseSchema)` to create a new message.
+ */
+export const ProjectsListResponseSchema: GenMessage<ProjectsListResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 4);
+
+/**
+ * ProjectCreateRequest is the request message for creating a project.
+ *
+ * @generated from message sentinel.projects.v1.ProjectCreateRequest
+ */
+export type ProjectCreateRequest = Message<"sentinel.projects.v1.ProjectCreateRequest"> & {
+  /**
+   * @generated from field: string name = 1;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 2;
+   */
+  description: string;
+
+  /**
+   * @generated from field: sentinel.projects.v1.ProjectSettings settings = 3;
+   */
+  settings?: ProjectSettings;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectCreateRequest.
+ * Use `create(ProjectCreateRequestSchema)` to create a new message.
+ */
+export const ProjectCreateRequestSchema: GenMessage<ProjectCreateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 5);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectCreateResponse
+ */
+export type ProjectCreateResponse = Message<"sentinel.projects.v1.ProjectCreateResponse"> & {
+  /**
+   * @generated from field: sentinel.projects.v1.Project item = 1;
+   */
+  item?: Project;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectCreateResponse.
+ * Use `create(ProjectCreateResponseSchema)` to create a new message.
+ */
+export const ProjectCreateResponseSchema: GenMessage<ProjectCreateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 6);
+
+/**
+ * ProjectGetRequest is the request message for getting a project.
+ *
+ * @generated from message sentinel.projects.v1.ProjectGetRequest
+ */
+export type ProjectGetRequest = Message<"sentinel.projects.v1.ProjectGetRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectGetRequest.
+ * Use `create(ProjectGetRequestSchema)` to create a new message.
+ */
+export const ProjectGetRequestSchema: GenMessage<ProjectGetRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 7);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectGetResponse
+ */
+export type ProjectGetResponse = Message<"sentinel.projects.v1.ProjectGetResponse"> & {
+  /**
+   * @generated from field: sentinel.projects.v1.Project item = 1;
+   */
+  item?: Project;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectGetResponse.
+ * Use `create(ProjectGetResponseSchema)` to create a new message.
+ */
+export const ProjectGetResponseSchema: GenMessage<ProjectGetResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 8);
+
+/**
+ * ProjectUpdateRequest is the request message for updating a project.
+ *
+ * @generated from message sentinel.projects.v1.ProjectUpdateRequest
+ */
+export type ProjectUpdateRequest = Message<"sentinel.projects.v1.ProjectUpdateRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: sentinel.projects.v1.ProjectSettings settings = 4;
+   */
+  settings?: ProjectSettings;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectUpdateRequest.
+ * Use `create(ProjectUpdateRequestSchema)` to create a new message.
+ */
+export const ProjectUpdateRequestSchema: GenMessage<ProjectUpdateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 9);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectUpdateResponse
+ */
+export type ProjectUpdateResponse = Message<"sentinel.projects.v1.ProjectUpdateResponse"> & {
+  /**
+   * @generated from field: sentinel.projects.v1.Project item = 1;
+   */
+  item?: Project;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectUpdateResponse.
+ * Use `create(ProjectUpdateResponseSchema)` to create a new message.
+ */
+export const ProjectUpdateResponseSchema: GenMessage<ProjectUpdateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 10);
+
+/**
+ * ProjectDeleteRequest is the request message for deleting a project.
+ *
+ * @generated from message sentinel.projects.v1.ProjectDeleteRequest
+ */
+export type ProjectDeleteRequest = Message<"sentinel.projects.v1.ProjectDeleteRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectDeleteRequest.
+ * Use `create(ProjectDeleteRequestSchema)` to create a new message.
+ */
+export const ProjectDeleteRequestSchema: GenMessage<ProjectDeleteRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 11);
+
+/**
+ * @generated from message sentinel.projects.v1.ProjectDeleteResponse
+ */
+export type ProjectDeleteResponse = Message<"sentinel.projects.v1.ProjectDeleteResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.projects.v1.ProjectDeleteResponse.
+ * Use `create(ProjectDeleteResponseSchema)` to create a new message.
+ */
+export const ProjectDeleteResponseSchema: GenMessage<ProjectDeleteResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_projects_v1_projects, 12);
+
+/**
+ * ProjectsService is the service for managing projects.
+ *
+ * @generated from service sentinel.projects.v1.ProjectsService
+ */
+export const ProjectsService: GenService<{
+  /**
+   * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectsList
+   */
+  projectsList: {
+    methodKind: "unary";
+    input: typeof ProjectsListRequestSchema;
+    output: typeof ProjectsListResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectCreate
+   */
+  projectCreate: {
+    methodKind: "unary";
+    input: typeof ProjectCreateRequestSchema;
+    output: typeof ProjectCreateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectGet
+   */
+  projectGet: {
+    methodKind: "unary";
+    input: typeof ProjectGetRequestSchema;
+    output: typeof ProjectGetResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectUpdate
+   */
+  projectUpdate: {
+    methodKind: "unary";
+    input: typeof ProjectUpdateRequestSchema;
+    output: typeof ProjectUpdateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.projects.v1.ProjectsService.ProjectDelete
+   */
+  projectDelete: {
+    methodKind: "unary";
+    input: typeof ProjectDeleteRequestSchema;
+    output: typeof ProjectDeleteResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_projects_v1_projects, 0);
+
diff --git a/frontend/src/api/gen/sentinel/resources/v1/service-ResourcesService_connectquery.ts b/frontend/src/api/gen/sentinel/resources/v1/service-ResourcesService_connectquery.ts
new file mode 100644
index 0000000..f626856
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/resources/v1/service-ResourcesService_connectquery.ts
@@ -0,0 +1,30 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/resources/v1/service.proto (package sentinel.resources.v1, syntax proto3)
+/* eslint-disable */
+
+import { ResourcesService } from "./service_pb";
+
+/**
+ * @generated from rpc sentinel.resources.v1.ResourcesService.ResourcesList
+ */
+export const resourcesList = ResourcesService.method.resourcesList;
+
+/**
+ * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceGet
+ */
+export const resourceGet = ResourcesService.method.resourceGet;
+
+/**
+ * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceCreate
+ */
+export const resourceCreate = ResourcesService.method.resourceCreate;
+
+/**
+ * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceUpdate
+ */
+export const resourceUpdate = ResourcesService.method.resourceUpdate;
+
+/**
+ * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceDelete
+ */
+export const resourceDelete = ResourcesService.method.resourceDelete;
diff --git a/frontend/src/api/gen/sentinel/resources/v1/service_pb.ts b/frontend/src/api/gen/sentinel/resources/v1/service_pb.ts
new file mode 100644
index 0000000..434a6e2
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/resources/v1/service_pb.ts
@@ -0,0 +1,399 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/resources/v1/service.proto (package sentinel.resources.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { FindRequestCommon } from "../../common/v1/common_pb";
+import { file_sentinel_common_v1_common } from "../../common/v1/common_pb";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/resources/v1/service.proto.
+ */
+export const file_sentinel_resources_v1_service: GenFile = /*@__PURE__*/
+  fileDesc("CiNzZW50aW5lbC9yZXNvdXJjZXMvdjEvc2VydmljZS5wcm90bxIVc2VudGluZWwucmVzb3VyY2VzLnYxIgkKB1BheWxvYWQinwIKCFJlc291cmNlEgoKAmlkGAEgASgJEhIKCnByb2plY3RfaWQYAiABKAkSDAoEbmFtZRgDIAEoCRITCgtkZXNjcmlwdGlvbhgEIAEoCRIxCgRraW5kGAUgASgOMiMuc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlS2luZBIMCgR0YWdzGAYgAygJEi8KB3BheWxvYWQYByABKAsyHi5zZW50aW5lbC5yZXNvdXJjZXMudjEuUGF5bG9hZBIuCgpjcmVhdGVkX2F0GAggASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgp1cGRhdGVkX2F0GAkgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCJNChRSZXNvdXJjZXNMaXN0UmVxdWVzdBI1CgZjb21tb24YASABKAsyJS5zZW50aW5lbC5jb21tb24udjEuRmluZFJlcXVlc3RDb21tb24iVgoVUmVzb3VyY2VzTGlzdFJlc3BvbnNlEi4KBWl0ZW1zGAEgAygLMh8uc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlEg0KBWNvdW50GAIgASgNIiAKElJlc291cmNlR2V0UmVxdWVzdBIKCgJpZBgBIAEoCSJEChNSZXNvdXJjZUdldFJlc3BvbnNlEi0KBGl0ZW0YASABKAsyHy5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2Ui0wEKFVJlc291cmNlQ3JlYXRlUmVxdWVzdBISCgpwcm9qZWN0X2lkGAEgASgJEhEKCWFnZW50X2lkcxgCIAMoCRIMCgRuYW1lGAMgASgJEhMKC2Rlc2NyaXB0aW9uGAQgASgJEjEKBGtpbmQYBSABKA4yIy5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2VLaW5kEgwKBHRhZ3MYBiADKAkSLwoHcGF5bG9hZBgHIAEoCzIeLnNlbnRpbmVsLnJlc291cmNlcy52MS5QYXlsb2FkIkcKFlJlc291cmNlQ3JlYXRlUmVzcG9uc2USLQoEaXRlbRgBIAEoCzIfLnNlbnRpbmVsLnJlc291cmNlcy52MS5SZXNvdXJjZSKYAQoVUmVzb3VyY2VVcGRhdGVSZXF1ZXN0EgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLZGVzY3JpcHRpb24YAyABKAkSDAoEdGFncxgEIAMoCRIvCgdwYXlsb2FkGAUgASgLMh4uc2VudGluZWwucmVzb3VyY2VzLnYxLlBheWxvYWQSEQoJYWdlbnRfaWRzGAYgAygJIkcKFlJlc291cmNlVXBkYXRlUmVzcG9uc2USLQoEaXRlbRgBIAEoCzIfLnNlbnRpbmVsLnJlc291cmNlcy52MS5SZXNvdXJjZSIjChVSZXNvdXJjZURlbGV0ZVJlcXVlc3QSCgoCaWQYASABKAkiGAoWUmVzb3VyY2VEZWxldGVSZXNwb25zZSpiCgxSZXNvdXJjZUtpbmQSHQoZUkVTT1VSQ0VfS0lORF9VTlNQRUNJRklFRBAAEhkKFVJFU09VUkNFX0tJTkRfU0VSVklDRRABEhgKFFJFU09VUkNFX0tJTkRfU0VSVkVSEAIysQQKEFJlc291cmNlc1NlcnZpY2USagoNUmVzb3VyY2VzTGlzdBIrLnNlbnRpbmVsLnJlc291cmNlcy52MS5SZXNvdXJjZXNMaXN0UmVxdWVzdBosLnNlbnRpbmVsLnJlc291cmNlcy52MS5SZXNvdXJjZXNMaXN0UmVzcG9uc2USZAoLUmVzb3VyY2VHZXQSKS5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2VHZXRSZXF1ZXN0Giouc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlR2V0UmVzcG9uc2USbQoOUmVzb3VyY2VDcmVhdGUSLC5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2VDcmVhdGVSZXF1ZXN0Gi0uc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlQ3JlYXRlUmVzcG9uc2USbQoOUmVzb3VyY2VVcGRhdGUSLC5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2VVcGRhdGVSZXF1ZXN0Gi0uc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlVXBkYXRlUmVzcG9uc2USbQoOUmVzb3VyY2VEZWxldGUSLC5zZW50aW5lbC5yZXNvdXJjZXMudjEuUmVzb3VyY2VEZWxldGVSZXF1ZXN0Gi0uc2VudGluZWwucmVzb3VyY2VzLnYxLlJlc291cmNlRGVsZXRlUmVzcG9uc2VC+gEKGWNvbS5zZW50aW5lbC5yZXNvdXJjZXMudjFCDFNlcnZpY2VQcm90b1ABWllnaXRodWIuY29tL3N4d2ViZGV2L3NlbnRpbmVsL2ludGVybmFsL2h1Yi9odWJzZXJ2ZXIvYXBpL3NlbnRpbmVsL3Jlc291cmNlcy92MTtyZXNvdXJjZXN2MaICA1NSWKoCFVNlbnRpbmVsLlJlc291cmNlcy5WMcoCFVNlbnRpbmVsXFJlc291cmNlc1xWMeICIVNlbnRpbmVsXFJlc291cmNlc1xWMVxHUEJNZXRhZGF0YeoCF1NlbnRpbmVsOjpSZXNvdXJjZXM6OlYxYgZwcm90bzM", [file_google_protobuf_timestamp, file_sentinel_common_v1_common]);
+
+/**
+ * @generated from message sentinel.resources.v1.Payload
+ */
+export type Payload = Message<"sentinel.resources.v1.Payload"> & {
+};
+
+/**
+ * Describes the message sentinel.resources.v1.Payload.
+ * Use `create(PayloadSchema)` to create a new message.
+ */
+export const PayloadSchema: GenMessage<Payload> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 0);
+
+/**
+ * @generated from message sentinel.resources.v1.Resource
+ */
+export type Resource = Message<"sentinel.resources.v1.Resource"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string project_id = 2;
+   */
+  projectId: string;
+
+  /**
+   * @generated from field: string name = 3;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 4;
+   */
+  description: string;
+
+  /**
+   * @generated from field: sentinel.resources.v1.ResourceKind kind = 5;
+   */
+  kind: ResourceKind;
+
+  /**
+   * @generated from field: repeated string tags = 6;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.resources.v1.Payload payload = 7;
+   */
+  payload?: Payload;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 8;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 9;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.Resource.
+ * Use `create(ResourceSchema)` to create a new message.
+ */
+export const ResourceSchema: GenMessage<Resource> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 1);
+
+/**
+ * ResourcesList requests a list of resources.
+ *
+ * @generated from message sentinel.resources.v1.ResourcesListRequest
+ */
+export type ResourcesListRequest = Message<"sentinel.resources.v1.ResourcesListRequest"> & {
+  /**
+   * @generated from field: sentinel.common.v1.FindRequestCommon common = 1;
+   */
+  common?: FindRequestCommon;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourcesListRequest.
+ * Use `create(ResourcesListRequestSchema)` to create a new message.
+ */
+export const ResourcesListRequestSchema: GenMessage<ResourcesListRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 2);
+
+/**
+ * @generated from message sentinel.resources.v1.ResourcesListResponse
+ */
+export type ResourcesListResponse = Message<"sentinel.resources.v1.ResourcesListResponse"> & {
+  /**
+   * @generated from field: repeated sentinel.resources.v1.Resource items = 1;
+   */
+  items: Resource[];
+
+  /**
+   * @generated from field: uint32 count = 2;
+   */
+  count: number;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourcesListResponse.
+ * Use `create(ResourcesListResponseSchema)` to create a new message.
+ */
+export const ResourcesListResponseSchema: GenMessage<ResourcesListResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 3);
+
+/**
+ * ResourceGet requests a resource by ID.
+ *
+ * @generated from message sentinel.resources.v1.ResourceGetRequest
+ */
+export type ResourceGetRequest = Message<"sentinel.resources.v1.ResourceGetRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceGetRequest.
+ * Use `create(ResourceGetRequestSchema)` to create a new message.
+ */
+export const ResourceGetRequestSchema: GenMessage<ResourceGetRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 4);
+
+/**
+ * @generated from message sentinel.resources.v1.ResourceGetResponse
+ */
+export type ResourceGetResponse = Message<"sentinel.resources.v1.ResourceGetResponse"> & {
+  /**
+   * @generated from field: sentinel.resources.v1.Resource item = 1;
+   */
+  item?: Resource;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceGetResponse.
+ * Use `create(ResourceGetResponseSchema)` to create a new message.
+ */
+export const ResourceGetResponseSchema: GenMessage<ResourceGetResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 5);
+
+/**
+ * ResourceCreate creates a new resource.
+ *
+ * @generated from message sentinel.resources.v1.ResourceCreateRequest
+ */
+export type ResourceCreateRequest = Message<"sentinel.resources.v1.ResourceCreateRequest"> & {
+  /**
+   * @generated from field: string project_id = 1;
+   */
+  projectId: string;
+
+  /**
+   * @generated from field: repeated string agent_ids = 2;
+   */
+  agentIds: string[];
+
+  /**
+   * @generated from field: string name = 3;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 4;
+   */
+  description: string;
+
+  /**
+   * @generated from field: sentinel.resources.v1.ResourceKind kind = 5;
+   */
+  kind: ResourceKind;
+
+  /**
+   * @generated from field: repeated string tags = 6;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.resources.v1.Payload payload = 7;
+   */
+  payload?: Payload;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceCreateRequest.
+ * Use `create(ResourceCreateRequestSchema)` to create a new message.
+ */
+export const ResourceCreateRequestSchema: GenMessage<ResourceCreateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 6);
+
+/**
+ * @generated from message sentinel.resources.v1.ResourceCreateResponse
+ */
+export type ResourceCreateResponse = Message<"sentinel.resources.v1.ResourceCreateResponse"> & {
+  /**
+   * @generated from field: sentinel.resources.v1.Resource item = 1;
+   */
+  item?: Resource;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceCreateResponse.
+ * Use `create(ResourceCreateResponseSchema)` to create a new message.
+ */
+export const ResourceCreateResponseSchema: GenMessage<ResourceCreateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 7);
+
+/**
+ * ResourceUpdate updates an existing resource.
+ *
+ * @generated from message sentinel.resources.v1.ResourceUpdateRequest
+ */
+export type ResourceUpdateRequest = Message<"sentinel.resources.v1.ResourceUpdateRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string description = 3;
+   */
+  description: string;
+
+  /**
+   * @generated from field: repeated string tags = 4;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.resources.v1.Payload payload = 5;
+   */
+  payload?: Payload;
+
+  /**
+   * @generated from field: repeated string agent_ids = 6;
+   */
+  agentIds: string[];
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceUpdateRequest.
+ * Use `create(ResourceUpdateRequestSchema)` to create a new message.
+ */
+export const ResourceUpdateRequestSchema: GenMessage<ResourceUpdateRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 8);
+
+/**
+ * @generated from message sentinel.resources.v1.ResourceUpdateResponse
+ */
+export type ResourceUpdateResponse = Message<"sentinel.resources.v1.ResourceUpdateResponse"> & {
+  /**
+   * @generated from field: sentinel.resources.v1.Resource item = 1;
+   */
+  item?: Resource;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceUpdateResponse.
+ * Use `create(ResourceUpdateResponseSchema)` to create a new message.
+ */
+export const ResourceUpdateResponseSchema: GenMessage<ResourceUpdateResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 9);
+
+/**
+ * ResourceDelete deletes a resource by ID.
+ *
+ * @generated from message sentinel.resources.v1.ResourceDeleteRequest
+ */
+export type ResourceDeleteRequest = Message<"sentinel.resources.v1.ResourceDeleteRequest"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceDeleteRequest.
+ * Use `create(ResourceDeleteRequestSchema)` to create a new message.
+ */
+export const ResourceDeleteRequestSchema: GenMessage<ResourceDeleteRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 10);
+
+/**
+ * @generated from message sentinel.resources.v1.ResourceDeleteResponse
+ */
+export type ResourceDeleteResponse = Message<"sentinel.resources.v1.ResourceDeleteResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.resources.v1.ResourceDeleteResponse.
+ * Use `create(ResourceDeleteResponseSchema)` to create a new message.
+ */
+export const ResourceDeleteResponseSchema: GenMessage<ResourceDeleteResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_resources_v1_service, 11);
+
+/**
+ * @generated from enum sentinel.resources.v1.ResourceKind
+ */
+export enum ResourceKind {
+  /**
+   * @generated from enum value: RESOURCE_KIND_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: RESOURCE_KIND_SERVICE = 1;
+   */
+  SERVICE = 1,
+
+  /**
+   * @generated from enum value: RESOURCE_KIND_SERVER = 2;
+   */
+  SERVER = 2,
+}
+
+/**
+ * Describes the enum sentinel.resources.v1.ResourceKind.
+ */
+export const ResourceKindSchema: GenEnum<ResourceKind> = /*@__PURE__*/
+  enumDesc(file_sentinel_resources_v1_service, 0);
+
+/**
+ * ResourcesService is the service for managing resources.
+ *
+ * @generated from service sentinel.resources.v1.ResourcesService
+ */
+export const ResourcesService: GenService<{
+  /**
+   * @generated from rpc sentinel.resources.v1.ResourcesService.ResourcesList
+   */
+  resourcesList: {
+    methodKind: "unary";
+    input: typeof ResourcesListRequestSchema;
+    output: typeof ResourcesListResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceGet
+   */
+  resourceGet: {
+    methodKind: "unary";
+    input: typeof ResourceGetRequestSchema;
+    output: typeof ResourceGetResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceCreate
+   */
+  resourceCreate: {
+    methodKind: "unary";
+    input: typeof ResourceCreateRequestSchema;
+    output: typeof ResourceCreateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceUpdate
+   */
+  resourceUpdate: {
+    methodKind: "unary";
+    input: typeof ResourceUpdateRequestSchema;
+    output: typeof ResourceUpdateResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.resources.v1.ResourcesService.ResourceDelete
+   */
+  resourceDelete: {
+    methodKind: "unary";
+    input: typeof ResourceDeleteRequestSchema;
+    output: typeof ResourceDeleteResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_resources_v1_service, 0);
+
diff --git a/frontend/src/api/gen/sentinel/service/v1/service_pb.ts b/frontend/src/api/gen/sentinel/service/v1/service_pb.ts
new file mode 100644
index 0000000..7690176
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/service/v1/service_pb.ts
@@ -0,0 +1,320 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/service/v1/service.proto (package sentinel.service.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/service/v1/service.proto.
+ */
+export const file_sentinel_service_v1_service: GenFile = /*@__PURE__*/
+  fileDesc("CiFzZW50aW5lbC9zZXJ2aWNlL3YxL3NlcnZpY2UucHJvdG8SE3NlbnRpbmVsLnNlcnZpY2UudjEi/AIKCkhUVFBDb25maWcSQQoJZW5kcG9pbnRzGAEgAygLMi4uc2VudGluZWwuc2VydmljZS52MS5IVFRQQ29uZmlnLkVuZHBvaW50Q29uZmlnEhEKCWNvbmRpdGlvbhgCIAEoCRqXAgoORW5kcG9pbnRDb25maWcSDAoEbmFtZRgBIAEoCRILCgN1cmwYAiABKAkSDgoGbWV0aG9kGAMgASgJEkwKB2hlYWRlcnMYBCADKAsyOy5zZW50aW5lbC5zZXJ2aWNlLnYxLkhUVFBDb25maWcuRW5kcG9pbnRDb25maWcuSGVhZGVyc0VudHJ5EgwKBGJvZHkYBSABKAkSFwoPZXhwZWN0ZWRfc3RhdHVzGAYgASgFEhEKCWpzb25fcGF0aBgHIAEoCRIQCgh1c2VybmFtZRgIIAEoCRIQCghwYXNzd29yZBgJIAEoCRouCgxIZWFkZXJzRW50cnkSCwoDa2V5GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4ASJFCglUQ1BDb25maWcSEAoIZW5kcG9pbnQYASABKAkSEQoJc2VuZF9kYXRhGAIgASgJEhMKC2V4cGVjdF9kYXRhGAMgASgJImsKCkdSUENDb25maWcSEAoIZW5kcG9pbnQYASABKAkSEgoKY2hlY2tfdHlwZRgCIAEoCRIUCgxzZXJ2aWNlX25hbWUYAyABKAkSCwoDdGxzGAQgASgIEhQKDGluc2VjdXJlX3RscxgFIAEoCCLtAQoNU2VydmljZUNvbmZpZxI5CgtodHRwX2NvbmZpZxgBIAEoCzIfLnNlbnRpbmVsLnNlcnZpY2UudjEuSFRUUENvbmZpZ0gAiAEBEjcKCnRjcF9jb25maWcYAiABKAsyHi5zZW50aW5lbC5zZXJ2aWNlLnYxLlRDUENvbmZpZ0gBiAEBEjkKC2dycGNfY29uZmlnGAMgASgLMh8uc2VudGluZWwuc2VydmljZS52MS5HUlBDQ29uZmlnSAKIAQFCDgoMX2h0dHBfY29uZmlnQg0KC190Y3BfY29uZmlnQg4KDF9ncnBjX2NvbmZpZyLnAgoHU2VydmljZRIKCgJpZBgBIAEoCRIMCgRuYW1lGAIgASgJEjYKCHByb3RvY29sGAMgASgOMiQuc2VudGluZWwuc2VydmljZS52MS5TZXJ2aWNlUHJvdG9jb2wSEAoIaW50ZXJ2YWwYBCABKAMSDwoHdGltZW91dBgFIAEoAxIPCgdyZXRyaWVzGAYgASgDEgwKBHRhZ3MYByADKAkSMgoGY29uZmlnGAggASgLMiIuc2VudGluZWwuc2VydmljZS52MS5TZXJ2aWNlQ29uZmlnEiAKGGlzX25vdGlmaWNhdGlvbnNfZW5hYmxlZBgJIAEoCBISCgppc19lbmFibGVkGAogASgIEi4KCmNyZWF0ZWRfYXQYCyABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wEi4KCnVwZGF0ZWRfYXQYDCABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wKoMBCg9TZXJ2aWNlUHJvdG9jb2wSIAocU0VSVklDRV9QUk9UT0NPTF9VTlNQRUNJRklFRBAAEhkKFVNFUlZJQ0VfUFJPVE9DT0xfSFRUUBABEhgKFFNFUlZJQ0VfUFJPVE9DT0xfVENQEAISGQoVU0VSVklDRV9QUk9UT0NPTF9HUlBDEAMqewoNU2VydmljZVN0YXR1cxIeChpTRVJWSUNFX1NUQVRVU19VTlNQRUNJRklFRBAAEhoKFlNFUlZJQ0VfU1RBVFVTX1VOS05PV04QARIVChFTRVJWSUNFX1NUQVRVU19VUBACEhcKE1NFUlZJQ0VfU1RBVFVTX0RPV04QA0LsAQoXY29tLnNlbnRpbmVsLnNlcnZpY2UudjFCDFNlcnZpY2VQcm90b1ABWlVnaXRodWIuY29tL3N4d2ViZGV2L3NlbnRpbmVsL2ludGVybmFsL2h1Yi9odWJzZXJ2ZXIvYXBpL3NlbnRpbmVsL3NlcnZpY2UvdjE7c2VydmljZXYxogIDU1NYqgITU2VudGluZWwuU2VydmljZS5WMcoCE1NlbnRpbmVsXFNlcnZpY2VcVjHiAh9TZW50aW5lbFxTZXJ2aWNlXFYxXEdQQk1ldGFkYXRh6gIVU2VudGluZWw6OlNlcnZpY2U6OlYxYgZwcm90bzM", [file_google_protobuf_timestamp]);
+
+/**
+ * @generated from message sentinel.service.v1.HTTPConfig
+ */
+export type HTTPConfig = Message<"sentinel.service.v1.HTTPConfig"> & {
+  /**
+   * @generated from field: repeated sentinel.service.v1.HTTPConfig.EndpointConfig endpoints = 1;
+   */
+  endpoints: HTTPConfig_EndpointConfig[];
+
+  /**
+   * @generated from field: string condition = 2;
+   */
+  condition: string;
+};
+
+/**
+ * Describes the message sentinel.service.v1.HTTPConfig.
+ * Use `create(HTTPConfigSchema)` to create a new message.
+ */
+export const HTTPConfigSchema: GenMessage<HTTPConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 0);
+
+/**
+ * @generated from message sentinel.service.v1.HTTPConfig.EndpointConfig
+ */
+export type HTTPConfig_EndpointConfig = Message<"sentinel.service.v1.HTTPConfig.EndpointConfig"> & {
+  /**
+   * @generated from field: string name = 1;
+   */
+  name: string;
+
+  /**
+   * @generated from field: string url = 2;
+   */
+  url: string;
+
+  /**
+   * @generated from field: string method = 3;
+   */
+  method: string;
+
+  /**
+   * @generated from field: map<string, string> headers = 4;
+   */
+  headers: { [key: string]: string };
+
+  /**
+   * @generated from field: string body = 5;
+   */
+  body: string;
+
+  /**
+   * @generated from field: int32 expected_status = 6;
+   */
+  expectedStatus: number;
+
+  /**
+   * @generated from field: string json_path = 7;
+   */
+  jsonPath: string;
+
+  /**
+   * @generated from field: string username = 8;
+   */
+  username: string;
+
+  /**
+   * @generated from field: string password = 9;
+   */
+  password: string;
+};
+
+/**
+ * Describes the message sentinel.service.v1.HTTPConfig.EndpointConfig.
+ * Use `create(HTTPConfig_EndpointConfigSchema)` to create a new message.
+ */
+export const HTTPConfig_EndpointConfigSchema: GenMessage<HTTPConfig_EndpointConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 0, 0);
+
+/**
+ * @generated from message sentinel.service.v1.TCPConfig
+ */
+export type TCPConfig = Message<"sentinel.service.v1.TCPConfig"> & {
+  /**
+   * @generated from field: string endpoint = 1;
+   */
+  endpoint: string;
+
+  /**
+   * @generated from field: string send_data = 2;
+   */
+  sendData: string;
+
+  /**
+   * @generated from field: string expect_data = 3;
+   */
+  expectData: string;
+};
+
+/**
+ * Describes the message sentinel.service.v1.TCPConfig.
+ * Use `create(TCPConfigSchema)` to create a new message.
+ */
+export const TCPConfigSchema: GenMessage<TCPConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 1);
+
+/**
+ * @generated from message sentinel.service.v1.GRPCConfig
+ */
+export type GRPCConfig = Message<"sentinel.service.v1.GRPCConfig"> & {
+  /**
+   * @generated from field: string endpoint = 1;
+   */
+  endpoint: string;
+
+  /**
+   * @generated from field: string check_type = 2;
+   */
+  checkType: string;
+
+  /**
+   * @generated from field: string service_name = 3;
+   */
+  serviceName: string;
+
+  /**
+   * @generated from field: bool tls = 4;
+   */
+  tls: boolean;
+
+  /**
+   * @generated from field: bool insecure_tls = 5;
+   */
+  insecureTls: boolean;
+};
+
+/**
+ * Describes the message sentinel.service.v1.GRPCConfig.
+ * Use `create(GRPCConfigSchema)` to create a new message.
+ */
+export const GRPCConfigSchema: GenMessage<GRPCConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 2);
+
+/**
+ * @generated from message sentinel.service.v1.ServiceConfig
+ */
+export type ServiceConfig = Message<"sentinel.service.v1.ServiceConfig"> & {
+  /**
+   * @generated from field: optional sentinel.service.v1.HTTPConfig http_config = 1;
+   */
+  httpConfig?: HTTPConfig;
+
+  /**
+   * @generated from field: optional sentinel.service.v1.TCPConfig tcp_config = 2;
+   */
+  tcpConfig?: TCPConfig;
+
+  /**
+   * @generated from field: optional sentinel.service.v1.GRPCConfig grpc_config = 3;
+   */
+  grpcConfig?: GRPCConfig;
+};
+
+/**
+ * Describes the message sentinel.service.v1.ServiceConfig.
+ * Use `create(ServiceConfigSchema)` to create a new message.
+ */
+export const ServiceConfigSchema: GenMessage<ServiceConfig> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 3);
+
+/**
+ * @generated from message sentinel.service.v1.Service
+ */
+export type Service = Message<"sentinel.service.v1.Service"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * @generated from field: sentinel.service.v1.ServiceProtocol protocol = 3;
+   */
+  protocol: ServiceProtocol;
+
+  /**
+   * @generated from field: int64 interval = 4;
+   */
+  interval: bigint;
+
+  /**
+   * @generated from field: int64 timeout = 5;
+   */
+  timeout: bigint;
+
+  /**
+   * @generated from field: int64 retries = 6;
+   */
+  retries: bigint;
+
+  /**
+   * @generated from field: repeated string tags = 7;
+   */
+  tags: string[];
+
+  /**
+   * @generated from field: sentinel.service.v1.ServiceConfig config = 8;
+   */
+  config?: ServiceConfig;
+
+  /**
+   * @generated from field: bool is_notifications_enabled = 9;
+   */
+  isNotificationsEnabled: boolean;
+
+  /**
+   * @generated from field: bool is_enabled = 10;
+   */
+  isEnabled: boolean;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 11;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 12;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.service.v1.Service.
+ * Use `create(ServiceSchema)` to create a new message.
+ */
+export const ServiceSchema: GenMessage<Service> = /*@__PURE__*/
+  messageDesc(file_sentinel_service_v1_service, 4);
+
+/**
+ * @generated from enum sentinel.service.v1.ServiceProtocol
+ */
+export enum ServiceProtocol {
+  /**
+   * @generated from enum value: SERVICE_PROTOCOL_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: SERVICE_PROTOCOL_HTTP = 1;
+   */
+  HTTP = 1,
+
+  /**
+   * @generated from enum value: SERVICE_PROTOCOL_TCP = 2;
+   */
+  TCP = 2,
+
+  /**
+   * @generated from enum value: SERVICE_PROTOCOL_GRPC = 3;
+   */
+  GRPC = 3,
+}
+
+/**
+ * Describes the enum sentinel.service.v1.ServiceProtocol.
+ */
+export const ServiceProtocolSchema: GenEnum<ServiceProtocol> = /*@__PURE__*/
+  enumDesc(file_sentinel_service_v1_service, 0);
+
+/**
+ * @generated from enum sentinel.service.v1.ServiceStatus
+ */
+export enum ServiceStatus {
+  /**
+   * @generated from enum value: SERVICE_STATUS_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+
+  /**
+   * @generated from enum value: SERVICE_STATUS_UNKNOWN = 1;
+   */
+  UNKNOWN = 1,
+
+  /**
+   * @generated from enum value: SERVICE_STATUS_UP = 2;
+   */
+  UP = 2,
+
+  /**
+   * @generated from enum value: SERVICE_STATUS_DOWN = 3;
+   */
+  DOWN = 3,
+}
+
+/**
+ * Describes the enum sentinel.service.v1.ServiceStatus.
+ */
+export const ServiceStatusSchema: GenEnum<ServiceStatus> = /*@__PURE__*/
+  enumDesc(file_sentinel_service_v1_service, 1);
+
diff --git a/frontend/src/api/gen/sentinel/system/v1/service-SystemService_connectquery.ts b/frontend/src/api/gen/sentinel/system/v1/service-SystemService_connectquery.ts
new file mode 100644
index 0000000..e71e2de
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/system/v1/service-SystemService_connectquery.ts
@@ -0,0 +1,25 @@
+// @generated by protoc-gen-connect-query v2.2.0 with parameter "target=ts"
+// @generated from file sentinel/system/v1/service.proto (package sentinel.system.v1, syntax proto3)
+/* eslint-disable */
+
+import { SystemService } from "./service_pb";
+
+/**
+ * @generated from rpc sentinel.system.v1.SystemService.CheckIsInitialized
+ */
+export const checkIsInitialized = SystemService.method.checkIsInitialized;
+
+/**
+ * @generated from rpc sentinel.system.v1.SystemService.Initialize
+ */
+export const initialize = SystemService.method.initialize;
+
+/**
+ * @generated from rpc sentinel.system.v1.SystemService.GetSystemInfo
+ */
+export const getSystemInfo = SystemService.method.getSystemInfo;
+
+/**
+ * @generated from rpc sentinel.system.v1.SystemService.CheckForUpdates
+ */
+export const checkForUpdates = SystemService.method.checkForUpdates;
diff --git a/frontend/src/api/gen/sentinel/system/v1/service_pb.ts b/frontend/src/api/gen/sentinel/system/v1/service_pb.ts
new file mode 100644
index 0000000..b2fa285
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/system/v1/service_pb.ts
@@ -0,0 +1,325 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/system/v1/service.proto (package sentinel.system.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/system/v1/service.proto.
+ */
+export const file_sentinel_system_v1_service: GenFile = /*@__PURE__*/
+  fileDesc("CiBzZW50aW5lbC9zeXN0ZW0vdjEvc2VydmljZS5wcm90bxISc2VudGluZWwuc3lzdGVtLnYxItoBCg9BdmFpbGFibGVVcGRhdGUSFwoPY3VycmVudF92ZXJzaW9uGAEgASgJEhQKDGlzX2F2YWlsYWJsZRgCIAEoCBI8CgdkZXRhaWxzGAMgASgLMisuc2VudGluZWwuc3lzdGVtLnYxLkF2YWlsYWJsZVVwZGF0ZS5EZXRhaWxzGloKB0RldGFpbHMSGwoTaXNfYXZhaWxhYmxlX21hbnVhbBgBIAEoCBIQCgh0YWdfbmFtZRgCIAEoCRILCgN1cmwYAyABKAkSEwoLZGVzY3JpcHRpb24YBCABKAkijQIKClN5c3RlbUluZm8SDwoHdmVyc2lvbhgBIAEoCRITCgtjb21taXRfaGFzaBgCIAEoCRISCgpidWlsZF9kYXRlGAMgASgJEhIKCmdvX3ZlcnNpb24YBCABKAkSFgoOc3FsaXRlX3ZlcnNpb24YBSABKAkSCgoCb3MYBiABKAkSDAoEYXJjaBgHIAEoCRIQCghob3N0bmFtZRgIIAEoCRIWCg5rZXJuZWxfdmVyc2lvbhgJIAEoCRIRCgljcHVfbW9kZWwYCiABKAkSEgoKaXBfYWRkcmVzcxgLIAEoCRIuCgpzdGFydGVkX2F0GAwgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCIbChlDaGVja0lzSW5pdGlhbGl6ZWRSZXF1ZXN0IjQKGkNoZWNrSXNJbml0aWFsaXplZFJlc3BvbnNlEhYKDmlzX2luaXRpYWxpemVkGAEgASgIIjQKEUluaXRpYWxpemVSZXF1ZXN0Eg0KBWVtYWlsGAEgASgJEhAKCHBhc3N3b3JkGAIgASgJIhQKEkluaXRpYWxpemVSZXNwb25zZSIWChRHZXRTeXN0ZW1JbmZvUmVxdWVzdCJFChVHZXRTeXN0ZW1JbmZvUmVzcG9uc2USLAoEaW5mbxgBIAEoCzIeLnNlbnRpbmVsLnN5c3RlbS52MS5TeXN0ZW1JbmZvIhgKFkNoZWNrRm9yVXBkYXRlc1JlcXVlc3QiTAoXQ2hlY2tGb3JVcGRhdGVzUmVzcG9uc2USMQoEaW5mbxgBIAEoCzIjLnNlbnRpbmVsLnN5c3RlbS52MS5BdmFpbGFibGVVcGRhdGUyswMKDVN5c3RlbVNlcnZpY2UScwoSQ2hlY2tJc0luaXRpYWxpemVkEi0uc2VudGluZWwuc3lzdGVtLnYxLkNoZWNrSXNJbml0aWFsaXplZFJlcXVlc3QaLi5zZW50aW5lbC5zeXN0ZW0udjEuQ2hlY2tJc0luaXRpYWxpemVkUmVzcG9uc2USWwoKSW5pdGlhbGl6ZRIlLnNlbnRpbmVsLnN5c3RlbS52MS5Jbml0aWFsaXplUmVxdWVzdBomLnNlbnRpbmVsLnN5c3RlbS52MS5Jbml0aWFsaXplUmVzcG9uc2USZAoNR2V0U3lzdGVtSW5mbxIoLnNlbnRpbmVsLnN5c3RlbS52MS5HZXRTeXN0ZW1JbmZvUmVxdWVzdBopLnNlbnRpbmVsLnN5c3RlbS52MS5HZXRTeXN0ZW1JbmZvUmVzcG9uc2USagoPQ2hlY2tGb3JVcGRhdGVzEiouc2VudGluZWwuc3lzdGVtLnYxLkNoZWNrRm9yVXBkYXRlc1JlcXVlc3QaKy5zZW50aW5lbC5zeXN0ZW0udjEuQ2hlY2tGb3JVcGRhdGVzUmVzcG9uc2VC5QEKFmNvbS5zZW50aW5lbC5zeXN0ZW0udjFCDFNlcnZpY2VQcm90b1ABWlNnaXRodWIuY29tL3N4d2ViZGV2L3NlbnRpbmVsL2ludGVybmFsL2h1Yi9odWJzZXJ2ZXIvYXBpL3NlbnRpbmVsL3N5c3RlbS92MTtzeXN0ZW12MaICA1NTWKoCElNlbnRpbmVsLlN5c3RlbS5WMcoCElNlbnRpbmVsXFN5c3RlbVxWMeICHlNlbnRpbmVsXFN5c3RlbVxWMVxHUEJNZXRhZGF0YeoCFFNlbnRpbmVsOjpTeXN0ZW06OlYxYgZwcm90bzM", [file_google_protobuf_timestamp]);
+
+/**
+ * AvailableUpdate represents information about an available update
+ *
+ * @generated from message sentinel.system.v1.AvailableUpdate
+ */
+export type AvailableUpdate = Message<"sentinel.system.v1.AvailableUpdate"> & {
+  /**
+   * @generated from field: string current_version = 1;
+   */
+  currentVersion: string;
+
+  /**
+   * @generated from field: bool is_available = 2;
+   */
+  isAvailable: boolean;
+
+  /**
+   * @generated from field: sentinel.system.v1.AvailableUpdate.Details details = 3;
+   */
+  details?: AvailableUpdate_Details;
+};
+
+/**
+ * Describes the message sentinel.system.v1.AvailableUpdate.
+ * Use `create(AvailableUpdateSchema)` to create a new message.
+ */
+export const AvailableUpdateSchema: GenMessage<AvailableUpdate> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 0);
+
+/**
+ * @generated from message sentinel.system.v1.AvailableUpdate.Details
+ */
+export type AvailableUpdate_Details = Message<"sentinel.system.v1.AvailableUpdate.Details"> & {
+  /**
+   * @generated from field: bool is_available_manual = 1;
+   */
+  isAvailableManual: boolean;
+
+  /**
+   * @generated from field: string tag_name = 2;
+   */
+  tagName: string;
+
+  /**
+   * @generated from field: string url = 3;
+   */
+  url: string;
+
+  /**
+   * @generated from field: string description = 4;
+   */
+  description: string;
+};
+
+/**
+ * Describes the message sentinel.system.v1.AvailableUpdate.Details.
+ * Use `create(AvailableUpdate_DetailsSchema)` to create a new message.
+ */
+export const AvailableUpdate_DetailsSchema: GenMessage<AvailableUpdate_Details> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 0, 0);
+
+/**
+ * SystemInfo represents information about the server
+ *
+ * @generated from message sentinel.system.v1.SystemInfo
+ */
+export type SystemInfo = Message<"sentinel.system.v1.SystemInfo"> & {
+  /**
+   * @generated from field: string version = 1;
+   */
+  version: string;
+
+  /**
+   * @generated from field: string commit_hash = 2;
+   */
+  commitHash: string;
+
+  /**
+   * @generated from field: string build_date = 3;
+   */
+  buildDate: string;
+
+  /**
+   * @generated from field: string go_version = 4;
+   */
+  goVersion: string;
+
+  /**
+   * @generated from field: string sqlite_version = 5;
+   */
+  sqliteVersion: string;
+
+  /**
+   * @generated from field: string os = 6;
+   */
+  os: string;
+
+  /**
+   * @generated from field: string arch = 7;
+   */
+  arch: string;
+
+  /**
+   * @generated from field: string hostname = 8;
+   */
+  hostname: string;
+
+  /**
+   * @generated from field: string kernel_version = 9;
+   */
+  kernelVersion: string;
+
+  /**
+   * @generated from field: string cpu_model = 10;
+   */
+  cpuModel: string;
+
+  /**
+   * @generated from field: string ip_address = 11;
+   */
+  ipAddress: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp started_at = 12;
+   */
+  startedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.system.v1.SystemInfo.
+ * Use `create(SystemInfoSchema)` to create a new message.
+ */
+export const SystemInfoSchema: GenMessage<SystemInfo> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 1);
+
+/**
+ * CheckIsInitializedRequest
+ *
+ * @generated from message sentinel.system.v1.CheckIsInitializedRequest
+ */
+export type CheckIsInitializedRequest = Message<"sentinel.system.v1.CheckIsInitializedRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.system.v1.CheckIsInitializedRequest.
+ * Use `create(CheckIsInitializedRequestSchema)` to create a new message.
+ */
+export const CheckIsInitializedRequestSchema: GenMessage<CheckIsInitializedRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 2);
+
+/**
+ * @generated from message sentinel.system.v1.CheckIsInitializedResponse
+ */
+export type CheckIsInitializedResponse = Message<"sentinel.system.v1.CheckIsInitializedResponse"> & {
+  /**
+   * @generated from field: bool is_initialized = 1;
+   */
+  isInitialized: boolean;
+};
+
+/**
+ * Describes the message sentinel.system.v1.CheckIsInitializedResponse.
+ * Use `create(CheckIsInitializedResponseSchema)` to create a new message.
+ */
+export const CheckIsInitializedResponseSchema: GenMessage<CheckIsInitializedResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 3);
+
+/**
+ * InitializeRequest
+ *
+ * @generated from message sentinel.system.v1.InitializeRequest
+ */
+export type InitializeRequest = Message<"sentinel.system.v1.InitializeRequest"> & {
+  /**
+   * @generated from field: string email = 1;
+   */
+  email: string;
+
+  /**
+   * @generated from field: string password = 2;
+   */
+  password: string;
+};
+
+/**
+ * Describes the message sentinel.system.v1.InitializeRequest.
+ * Use `create(InitializeRequestSchema)` to create a new message.
+ */
+export const InitializeRequestSchema: GenMessage<InitializeRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 4);
+
+/**
+ * @generated from message sentinel.system.v1.InitializeResponse
+ */
+export type InitializeResponse = Message<"sentinel.system.v1.InitializeResponse"> & {
+};
+
+/**
+ * Describes the message sentinel.system.v1.InitializeResponse.
+ * Use `create(InitializeResponseSchema)` to create a new message.
+ */
+export const InitializeResponseSchema: GenMessage<InitializeResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 5);
+
+/**
+ * GetSystemInfoRequest
+ *
+ * @generated from message sentinel.system.v1.GetSystemInfoRequest
+ */
+export type GetSystemInfoRequest = Message<"sentinel.system.v1.GetSystemInfoRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.system.v1.GetSystemInfoRequest.
+ * Use `create(GetSystemInfoRequestSchema)` to create a new message.
+ */
+export const GetSystemInfoRequestSchema: GenMessage<GetSystemInfoRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 6);
+
+/**
+ * @generated from message sentinel.system.v1.GetSystemInfoResponse
+ */
+export type GetSystemInfoResponse = Message<"sentinel.system.v1.GetSystemInfoResponse"> & {
+  /**
+   * @generated from field: sentinel.system.v1.SystemInfo info = 1;
+   */
+  info?: SystemInfo;
+};
+
+/**
+ * Describes the message sentinel.system.v1.GetSystemInfoResponse.
+ * Use `create(GetSystemInfoResponseSchema)` to create a new message.
+ */
+export const GetSystemInfoResponseSchema: GenMessage<GetSystemInfoResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 7);
+
+/**
+ * CheckForUpdatesRequest
+ *
+ * @generated from message sentinel.system.v1.CheckForUpdatesRequest
+ */
+export type CheckForUpdatesRequest = Message<"sentinel.system.v1.CheckForUpdatesRequest"> & {
+};
+
+/**
+ * Describes the message sentinel.system.v1.CheckForUpdatesRequest.
+ * Use `create(CheckForUpdatesRequestSchema)` to create a new message.
+ */
+export const CheckForUpdatesRequestSchema: GenMessage<CheckForUpdatesRequest> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 8);
+
+/**
+ * @generated from message sentinel.system.v1.CheckForUpdatesResponse
+ */
+export type CheckForUpdatesResponse = Message<"sentinel.system.v1.CheckForUpdatesResponse"> & {
+  /**
+   * @generated from field: sentinel.system.v1.AvailableUpdate info = 1;
+   */
+  info?: AvailableUpdate;
+};
+
+/**
+ * Describes the message sentinel.system.v1.CheckForUpdatesResponse.
+ * Use `create(CheckForUpdatesResponseSchema)` to create a new message.
+ */
+export const CheckForUpdatesResponseSchema: GenMessage<CheckForUpdatesResponse> = /*@__PURE__*/
+  messageDesc(file_sentinel_system_v1_service, 9);
+
+/**
+ * SystemService is the service for system information
+ *
+ * @generated from service sentinel.system.v1.SystemService
+ */
+export const SystemService: GenService<{
+  /**
+   * @generated from rpc sentinel.system.v1.SystemService.CheckIsInitialized
+   */
+  checkIsInitialized: {
+    methodKind: "unary";
+    input: typeof CheckIsInitializedRequestSchema;
+    output: typeof CheckIsInitializedResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.system.v1.SystemService.Initialize
+   */
+  initialize: {
+    methodKind: "unary";
+    input: typeof InitializeRequestSchema;
+    output: typeof InitializeResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.system.v1.SystemService.GetSystemInfo
+   */
+  getSystemInfo: {
+    methodKind: "unary";
+    input: typeof GetSystemInfoRequestSchema;
+    output: typeof GetSystemInfoResponseSchema;
+  },
+  /**
+   * @generated from rpc sentinel.system.v1.SystemService.CheckForUpdates
+   */
+  checkForUpdates: {
+    methodKind: "unary";
+    input: typeof CheckForUpdatesRequestSchema;
+    output: typeof CheckForUpdatesResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_sentinel_system_v1_service, 0);
+
diff --git a/frontend/src/api/gen/sentinel/users/v1/users_pb.ts b/frontend/src/api/gen/sentinel/users/v1/users_pb.ts
new file mode 100644
index 0000000..7f9f8fa
--- /dev/null
+++ b/frontend/src/api/gen/sentinel/users/v1/users_pb.ts
@@ -0,0 +1,63 @@
+// @generated by protoc-gen-es v2.9.0 with parameter "target=ts"
+// @generated from file sentinel/users/v1/users.proto (package sentinel.users.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file sentinel/users/v1/users.proto.
+ */
+export const file_sentinel_users_v1_users: GenFile = /*@__PURE__*/
+  fileDesc("Ch1zZW50aW5lbC91c2Vycy92MS91c2Vycy5wcm90bxIRc2VudGluZWwudXNlcnMudjEitgEKBFVzZXISCgoCaWQYASABKAkSDQoFZW1haWwYAiABKAkSEQoJZnVsbF9uYW1lGAMgASgJEgwKBHJvbGUYBCABKAkSEgoKYXZhdGFyX3VybBgFIAEoCRIuCgpjcmVhdGVkX2F0GAYgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgp1cGRhdGVkX2F0GAcgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcELcAQoVY29tLnNlbnRpbmVsLnVzZXJzLnYxQgpVc2Vyc1Byb3RvUAFaUWdpdGh1Yi5jb20vc3h3ZWJkZXYvc2VudGluZWwvaW50ZXJuYWwvaHViL2h1YnNlcnZlci9hcGkvc2VudGluZWwvdXNlcnMvdjE7dXNlcnN2MaICA1NVWKoCEVNlbnRpbmVsLlVzZXJzLlYxygIRU2VudGluZWxcVXNlcnNcVjHiAh1TZW50aW5lbFxVc2Vyc1xWMVxHUEJNZXRhZGF0YeoCE1NlbnRpbmVsOjpVc2Vyczo6VjFiBnByb3RvMw", [file_google_protobuf_timestamp]);
+
+/**
+ * @generated from message sentinel.users.v1.User
+ */
+export type User = Message<"sentinel.users.v1.User"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: string email = 2;
+   */
+  email: string;
+
+  /**
+   * @generated from field: string full_name = 3;
+   */
+  fullName: string;
+
+  /**
+   * @generated from field: string role = 4;
+   */
+  role: string;
+
+  /**
+   * @generated from field: string avatar_url = 5;
+   */
+  avatarUrl: string;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp created_at = 6;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * @generated from field: google.protobuf.Timestamp updated_at = 7;
+   */
+  updatedAt?: Timestamp;
+};
+
+/**
+ * Describes the message sentinel.users.v1.User.
+ * Use `create(UserSchema)` to create a new message.
+ */
+export const UserSchema: GenMessage<User> = /*@__PURE__*/
+  messageDesc(file_sentinel_users_v1_users, 0);
+
diff --git a/frontend/src/app/app.tsx b/frontend/src/app/app.tsx
new file mode 100644
index 0000000..6f149b9
--- /dev/null
+++ b/frontend/src/app/app.tsx
@@ -0,0 +1,73 @@
+import { RouterProvider } from "@tanstack/react-router";
+
+import { useAuthStore } from "./stores/auth";
+import { router } from "../router";
+import { useSystemStore } from "./stores/system";
+import PageLoader from "@/shared/components/pageLoader";
+import { useUserPreferenceStore } from "./stores/userPreferience";
+import { useEffect } from "react";
+import { useShallow } from "zustand/react/shallow";
+
+const App = () => {
+  const { initTheme } = useUserPreferenceStore(
+    useShallow((s) => ({ initTheme: s.initTheme })),
+  );
+
+  const {
+    isLoading: isSystemLoading,
+    isSystemInitialized,
+    checkIsInitialized,
+    error,
+  } = useSystemStore(
+    useShallow((s) => ({
+      isLoading: s.isLoading,
+      error: s.error,
+      isSystemInitialized: s.isSystemInitialized,
+      checkIsInitialized: s.checkIsInitialized,
+    })),
+  );
+
+  const { isLoading, isAuthenticated, init } = useAuthStore(
+    useShallow((s) => ({
+      isLoading: s.isLoading,
+      isAuthenticated: s.isAuthenticated,
+      init: s.init,
+    })),
+  );
+
+  // Initialize theme on app load
+  useEffect(() => {
+    initTheme();
+  }, [initTheme]);
+
+  // Initialize system state on app load
+  useEffect(() => {
+    checkIsInitialized();
+  }, [checkIsInitialized]);
+
+  // Initialize auth on app load
+  useEffect(() => {
+    if (!isSystemLoading) return;
+    init();
+  }, [isSystemLoading, init]);
+
+  if (error) {
+    throw error;
+  }
+
+  if (isSystemLoading || isLoading) {
+    return <PageLoader />;
+  }
+
+  return (
+    <RouterProvider
+      router={router}
+      context={{
+        isAuthenticated: isAuthenticated,
+        isSystemInitialized: isSystemInitialized,
+      }}
+    />
+  );
+};
+
+export default App;
diff --git a/frontend/src/app/layout.tsx b/frontend/src/app/layout.tsx
new file mode 100644
index 0000000..89dfbb5
--- /dev/null
+++ b/frontend/src/app/layout.tsx
@@ -0,0 +1,34 @@
+import {
+  SidebarInset,
+  SidebarProvider,
+  SidebarTrigger,
+} from "@/shared/components/ui/sidebar";
+import { AppSidebar } from "@/shared/components/sidebar/sidebar";
+import { ThemeToggle } from "@/shared/components/theme-toggle";
+import { SystemInfo } from "@/features/apiInfo/systemInfo";
+
+type LayoutProps = {
+  children: React.ReactNode;
+};
+
+export default function Layout({ children }: LayoutProps) {
+  return (
+    <SidebarProvider>
+      <AppSidebar />
+      <SidebarInset>
+        <header className="bg-background sticky top-0 z-10 flex h-16 shrink-0 items-center justify-between gap-2 border-b transition-[width,height] ease-linear group-has-data-[collapsible=icon]/sidebar-wrapper:h-12">
+          <div className="flex items-center gap-2 px-4">
+            <SidebarTrigger className="-ml-1" />
+          </div>
+          <div className="flex items-center gap-2 px-4">
+            <SystemInfo />
+            <ThemeToggle />
+          </div>
+        </header>
+        <div className="bg-background text-foreground flex-1 p-4 pt-0">
+          <div className="container mx-auto max-w-6xl py-6">{children}</div>
+        </div>
+      </SidebarInset>
+    </SidebarProvider>
+  );
+}
diff --git a/frontend/src/app/layouts/parts/Header.tsx b/frontend/src/app/layouts/parts/Header.tsx
deleted file mode 100644
index bb9b647..0000000
--- a/frontend/src/app/layouts/parts/Header.tsx
+++ /dev/null
@@ -1,165 +0,0 @@
-import { Link } from "@tanstack/react-router";
-
-import { HouseIcon, BookXIcon } from "lucide-react";
-
-import { Button } from "@shared/components/ui/button";
-import {
-  NavigationMenu,
-  NavigationMenuItem,
-  NavigationMenuList,
-} from "@shared/components/ui/navigation-menu";
-import {
-  Popover,
-  PopoverContent,
-  PopoverTrigger,
-} from "@shared/components/ui/popover";
-import { cn } from "@/shared/lib/utils";
-import ServiceCreate from "@/pages/service/serviceCreate";
-import { UpdateBanner } from "@/features/apiInfo/update-banner";
-import { ServerInfo } from "@/features/apiInfo/server-info";
-
-// Navigation links array
-const navigationLinks = [
-  { href: "/", label: "Dashboard", icon: HouseIcon, active: true },
-  { href: "/incidents", label: "Incidents", icon: BookXIcon, active: true },
-  // { href: "/certificates", label: "Certificates", icon: ShieldCheck },
-];
-
-function NavigationMenuLink({
-  className,
-  ...props
-}: React.ComponentProps<typeof Link>) {
-  return (
-    <Link
-      data-slot="navigation-menu-link"
-      className={cn(
-        "data-[status]:focus:bg-accent data-[status]:hover:bg-accent data-[status]:bg-accent data-[status]:text-accent-foreground hover:bg-accent focus:bg-accent focus:text-accent-foreground focus-visible:ring-ring/50 [&_svg:not([class*='text-'])]:text-muted-foreground flex flex-col gap-1 rounded-sm p-2 text-sm transition-all outline-none focus-visible:ring-[3px] focus-visible:outline-1 [&_svg:not([class*='size-'])]:size-4",
-        className,
-      )}
-      {...props}
-    />
-  );
-}
-
-export default function Component() {
-  return (
-    <header className="text-card-foreground">
-      <div className="flex items-center justify-between gap-4">
-        {/* Left side */}
-        <div className="flex flex-1 items-center gap-2">
-          {/* Mobile menu trigger */}
-          <Popover>
-            <PopoverTrigger asChild>
-              <Button
-                className="group size-8 md:hidden"
-                variant="ghost"
-                size="icon"
-              >
-                <svg
-                  className="pointer-events-none"
-                  width={16}
-                  height={16}
-                  viewBox="0 0 24 24"
-                  fill="none"
-                  stroke="currentColor"
-                  strokeWidth="2"
-                  strokeLinecap="round"
-                  strokeLinejoin="round"
-                  xmlns="http://www.w3.org/2000/svg"
-                >
-                  <path
-                    d="M4 12L20 12"
-                    className="origin-center -translate-y-[7px] transition-all duration-300 ease-[cubic-bezier(.5,.85,.25,1.1)] group-aria-expanded:translate-x-0 group-aria-expanded:translate-y-0 group-aria-expanded:rotate-[315deg]"
-                  />
-                  <path
-                    d="M4 12H20"
-                    className="origin-center transition-all duration-300 ease-[cubic-bezier(.5,.85,.25,1.8)] group-aria-expanded:rotate-45"
-                  />
-                  <path
-                    d="M4 12H20"
-                    className="origin-center translate-y-[7px] transition-all duration-300 ease-[cubic-bezier(.5,.85,.25,1.1)] group-aria-expanded:translate-y-0 group-aria-expanded:rotate-[135deg]"
-                  />
-                </svg>
-              </Button>
-            </PopoverTrigger>
-            <PopoverContent align="start" className="w-36 p-1 md:hidden">
-              <NavigationMenu className="max-w-none *:w-full">
-                <NavigationMenuList className="flex-col items-start gap-0 md:gap-2">
-                  {navigationLinks.map((link, index) => {
-                    const Icon = link.icon;
-                    return (
-                      <NavigationMenuItem key={index} className="w-full">
-                        <NavigationMenuLink
-                          to={link.href}
-                          className="flex-row items-center gap-2 py-1.5"
-                        >
-                          <Icon
-                            size={16}
-                            className="text-muted-foreground/80"
-                            aria-hidden="true"
-                          />
-                          <span>{link.label}</span>
-                        </NavigationMenuLink>
-                      </NavigationMenuItem>
-                    );
-                  })}
-                </NavigationMenuList>
-              </NavigationMenu>
-            </PopoverContent>
-          </Popover>
-
-          <NavigationMenu className="max-md:hidden">
-            <NavigationMenuList className="gap-2">
-              {navigationLinks.map((link, index) => {
-                const Icon = link.icon;
-                return (
-                  <NavigationMenuItem key={index}>
-                    <NavigationMenuLink
-                      to={link.href}
-                      className="text-foreground hover:text-primary flex-row items-center gap-2 py-1.5 font-medium"
-                      key={index}
-                    >
-                      <Icon
-                        size={16}
-                        className="text-muted-foreground/80"
-                        aria-hidden="true"
-                      />
-                      <span>{link.label}</span>
-                    </NavigationMenuLink>
-                  </NavigationMenuItem>
-                );
-              })}
-            </NavigationMenuList>
-          </NavigationMenu>
-        </div>
-
-        {/* Middle side: Logo */}
-        <UpdateBanner />
-
-        {/* Right side: Actions */}
-        <div className="flex flex-1 items-center justify-end gap-2">
-          <ServerInfo />
-
-          {/* <Button
-            className="size-8 rounded-full"
-            size="icon"
-            variant="ghost"
-            aria-label="Settings"
-          >
-            <Link to="/settings">
-              <SettingsIcon
-                size={16}
-                aria-hidden="true"
-                className="text-muted-foreground"
-              />
-            </Link>
-          </Button> */}
-
-          <span className="ml-3">
-            <ServiceCreate />
-          </span>
-        </div>
-      </div>
-    </header>
-  );
-}
diff --git a/frontend/src/app/protected.tsx b/frontend/src/app/protected.tsx
new file mode 100644
index 0000000..71057d5
--- /dev/null
+++ b/frontend/src/app/protected.tsx
@@ -0,0 +1,36 @@
+import PageLoader from "@/shared/components/pageLoader";
+import Layout from "./layout";
+import { useProjectStore } from "./stores/projects";
+import ProjectCreate from "@/pages/projects/create";
+import { useShallow } from "zustand/react/shallow";
+import { useEffect } from "react";
+
+type ProtectedWrapperProps = {
+  children: React.ReactNode;
+};
+
+const ProtectedWrapper = ({ children }: ProtectedWrapperProps) => {
+  const { isLoading, projects, loadProjects } = useProjectStore(
+    useShallow((s) => ({
+      isLoading: s.isLoading,
+      projects: s.projects,
+      loadProjects: s.loadProjects,
+    })),
+  );
+
+  useEffect(() => {
+    loadProjects();
+  }, [loadProjects]);
+
+  if (isLoading) {
+    return <PageLoader />;
+  }
+
+  if (projects.length === 0) {
+    return <ProjectCreate />;
+  }
+
+  return <Layout>{children}</Layout>;
+};
+
+export default ProtectedWrapper;
diff --git a/frontend/src/app/stores/auth.ts b/frontend/src/app/stores/auth.ts
new file mode 100644
index 0000000..06ad6d5
--- /dev/null
+++ b/frontend/src/app/stores/auth.ts
@@ -0,0 +1,285 @@
+import { create } from "zustand";
+import { persist } from "zustand/middleware";
+import type { User } from "@/api/gen/sentinel/users/v1/users_pb";
+import { type AuthorizationResponse } from "@/api/gen/sentinel/auth/v1/auth_pb";
+import {
+  AuthorizationRequestSchema,
+  AuthenticateRequestSchema,
+  RefreshTokenRequestSchema,
+  LogoutRequestSchema,
+  DeviceInfoSchema,
+  DeviceType,
+} from "@/api/gen/sentinel/auth/v1/auth_pb";
+import { Code, ConnectError } from "@connectrpc/connect";
+import { create as createMsg } from "@bufbuild/protobuf";
+import { timestampDate } from "@bufbuild/protobuf/wkt";
+
+import { authClient } from "@/api/api";
+import { toast } from "sonner";
+
+export type AuthSession = {
+  accessToken: string;
+  refreshToken: string;
+  accessTokenExpiredAt: string;
+  refreshTokenExpiredAt: string;
+  deviceId: string;
+};
+
+export type AuthError = {
+  name: string;
+  message: string;
+};
+
+export interface AuthStoreState {
+  // state
+  isLoading: boolean;
+  isAuthenticated: boolean;
+  user?: User;
+  session?: AuthSession | null;
+
+  // actions
+  init: () => Promise<void>;
+  authorization: (email: string, password: string) => Promise<void>;
+  refreshToken: () => Promise<void>;
+  logout: () => Promise<void>;
+  clear: () => void;
+}
+
+export const useAuthStore = create<AuthStoreState>()(
+  persist(
+    (set, get) => {
+      // Interval for token refresh: checks every 30 seconds
+      let refreshInterval: ReturnType<typeof setInterval> | null = null;
+
+      const startRefreshInterval = () => {
+        if (refreshInterval) return;
+
+        refreshInterval = setInterval(() => {
+          const session = get().session;
+          if (!session || !session.accessTokenExpiredAt) return;
+
+          const expiresAt = new Date(session.accessTokenExpiredAt).getTime();
+          const now = Date.now();
+          const timeLeft = expiresAt - now;
+
+          // If less than 5 minutes left, refresh token
+          if (timeLeft < 5 * 60 * 1000) {
+            get().refreshToken();
+          }
+        }, 30 * 1000);
+      };
+
+      // Start interval immediately
+      startRefreshInterval();
+
+      return {
+        isLoading: false,
+        isAuthenticated: false,
+        user: undefined,
+        session: null,
+
+        clear: () => {
+          // Stop refresh interval
+          if (refreshInterval) {
+            clearInterval(refreshInterval);
+            refreshInterval = null;
+          }
+
+          set({
+            isLoading: false,
+            isAuthenticated: false,
+            user: undefined,
+            session: null,
+          });
+        },
+
+        init: async () => {
+          set({ isLoading: true });
+
+          const session = get().session;
+          if (!session) {
+            get().clear();
+            return;
+          }
+
+          // Refresh token expired -> clear
+          if (Date.now() >= new Date(session.refreshTokenExpiredAt).getTime()) {
+            get().clear();
+            return;
+          }
+
+          let currentSession = session;
+          // Access token expired -> try refresh
+          if (
+            Date.now() >=
+            new Date(currentSession.accessTokenExpiredAt).getTime()
+          ) {
+            try {
+              const res = await authClient.refreshToken(
+                createMsg(RefreshTokenRequestSchema, {
+                  refreshToken: currentSession.refreshToken,
+                }),
+              );
+              if (!res.accessTokenExpiredAt || !res.refreshTokenExpiredAt) {
+                throw new Error("missing token expiration in response");
+              }
+              currentSession = {
+                accessToken: res.accessToken,
+                refreshToken: res.refreshToken,
+                accessTokenExpiredAt: timestampDate(
+                  res.accessTokenExpiredAt,
+                ).toISOString(),
+                refreshTokenExpiredAt: timestampDate(
+                  res.refreshTokenExpiredAt,
+                ).toISOString(),
+                deviceId: currentSession.deviceId,
+              };
+              set({ session: currentSession, isAuthenticated: true });
+            } catch (e) {
+              if (e instanceof ConnectError) {
+                if (e.code === Code.Unauthenticated) {
+                  get().clear();
+                }
+                toast.error(e.rawMessage);
+              }
+              return;
+            }
+          }
+
+          // Authenticate to fetch user
+          try {
+            const res = await authClient.authenticate(
+              createMsg(AuthenticateRequestSchema, {
+                accessToken: currentSession.accessToken,
+              }),
+            );
+            set({ user: res.user, isAuthenticated: true, isLoading: false });
+          } catch (e) {
+            if (e instanceof ConnectError) {
+              if (e.code === Code.Unauthenticated) {
+                get().clear();
+                return;
+              }
+              toast.error(e.rawMessage);
+            } else {
+              toast.error(
+                `Failed to authenticate user ${(e as Error)?.message}`,
+              );
+            }
+            set({ isLoading: false });
+          }
+        },
+
+        authorization: async (email: string, password: string) => {
+          try {
+            const res: AuthorizationResponse = await authClient.authorization(
+              createMsg(AuthorizationRequestSchema, {
+                email,
+                password,
+                deviceInfo: createMsg(DeviceInfoSchema, {
+                  deviceId: get().session?.deviceId || "",
+                  deviceType: DeviceType.WEB,
+                  deviceName: navigator.userAgent,
+                }),
+              }),
+            );
+            if (
+              !res.authPayload ||
+              !res.authPayload.accessTokenExpiredAt ||
+              !res.authPayload.refreshTokenExpiredAt
+            ) {
+              throw new Error("missing token expiration in response");
+            }
+            const session: AuthSession = {
+              accessToken: res.authPayload.accessToken,
+              refreshToken: res.authPayload.refreshToken,
+              accessTokenExpiredAt: timestampDate(
+                res.authPayload.accessTokenExpiredAt,
+              ).toISOString(),
+              refreshTokenExpiredAt: timestampDate(
+                res.authPayload.refreshTokenExpiredAt,
+              ).toISOString(),
+              deviceId: res.authPayload.deviceId,
+            };
+            set({ session, user: res.user, isAuthenticated: true });
+
+            // Restart refresh interval after successful authorization
+            startRefreshInterval();
+          } catch (e) {
+            if (e instanceof ConnectError) {
+              toast.error(e.rawMessage);
+            } else if (e instanceof Error) {
+              toast.error(e.message);
+            } else {
+              toast.error("An unknown error occurred during authorization");
+            }
+            throw e;
+          }
+        },
+
+        refreshToken: async (): Promise<void> => {
+          const session = get().session;
+          if (
+            !session ||
+            !session.refreshToken ||
+            !session.refreshTokenExpiredAt
+          ) {
+            get().clear();
+            return;
+          }
+
+          // If refresh token expired, signal Unauthenticated-like condition, but don't clear here
+          if (Date.now() >= new Date(session.refreshTokenExpiredAt).getTime()) {
+            get().clear();
+            return;
+          }
+
+          try {
+            const res = await authClient.refreshToken(
+              createMsg(RefreshTokenRequestSchema, {
+                refreshToken: session.refreshToken,
+              }),
+            );
+
+            if (!res.accessTokenExpiredAt || !res.refreshTokenExpiredAt) {
+              throw new Error("missing token expiration in response");
+            }
+
+            const newSession: AuthSession = {
+              accessToken: res.accessToken,
+              refreshToken: res.refreshToken,
+              accessTokenExpiredAt: timestampDate(
+                res.accessTokenExpiredAt,
+              ).toISOString(),
+              refreshTokenExpiredAt: timestampDate(
+                res.refreshTokenExpiredAt,
+              ).toISOString(),
+              deviceId: session.deviceId,
+            };
+            set({ session: newSession, isAuthenticated: true });
+            return;
+          } catch (e) {
+            console.log("refresh token error", e);
+            get().clear();
+            window.location.href = "/login";
+          }
+        },
+
+        logout: async () => {
+          try {
+            await authClient.logout(createMsg(LogoutRequestSchema));
+          } catch {
+            // ignore network/logging errors
+          } finally {
+            get().clear();
+          }
+        },
+      };
+    },
+    {
+      name: "authStore",
+      version: 1,
+      partialize: (state: AuthStoreState) => ({ session: state.session }),
+    },
+  ),
+);
diff --git a/frontend/src/app/stores/projects.ts b/frontend/src/app/stores/projects.ts
new file mode 100644
index 0000000..0021fed
--- /dev/null
+++ b/frontend/src/app/stores/projects.ts
@@ -0,0 +1,96 @@
+import { projectsClient } from "@/api/api";
+import {
+  ProjectCreateRequestSchema,
+  type Project,
+} from "@/api/gen/sentinel/projects/v1/projects_pb";
+import { ConnectError } from "@connectrpc/connect";
+import { toast } from "sonner";
+import { create } from "zustand";
+import { persist } from "zustand/middleware";
+import { create as createProto } from "@bufbuild/protobuf";
+
+type ProjectStore = {
+  isLoading: boolean;
+  selectedProjectId?: string;
+  projects: Project[];
+  selectProject: (id: string | undefined) => void;
+  selectedProject: () => Project | undefined;
+  loadProjects: () => Promise<void>;
+  createProject: (name: string, description: string) => Promise<void>;
+};
+
+export const useProjectStore = create<ProjectStore>()(
+  persist(
+    (set, get) => ({
+      isLoading: true,
+      projects: [],
+      selectProject: (id: string | undefined) => {
+        set({ selectedProjectId: id });
+        window.location.reload();
+      },
+      selectedProject: () => {
+        const { selectedProjectId, projects } = get();
+        const selectedProject = projects.find(
+          (p) => p.id === selectedProjectId,
+        );
+
+        if (selectedProject) {
+          return selectedProject;
+        }
+
+        if (projects.length > 0) {
+          return projects[0];
+        }
+
+        return undefined;
+      },
+      loadProjects: async () => {
+        try {
+          const data = await projectsClient.projectsList({});
+          set({ projects: data.items });
+
+          const selectedProjectId = get().selectedProjectId;
+          if (!selectedProjectId && data.items.length > 0) {
+            set({ selectedProjectId: data.items[0].id });
+          }
+        } catch (error) {
+          if (error instanceof ConnectError) {
+            toast.error(error.rawMessage);
+          } else {
+            console.error("Failed to load projects:", error);
+          }
+        } finally {
+          set({ isLoading: false });
+        }
+      },
+      createProject: async (name: string, description: string) => {
+        try {
+          const res = await projectsClient.projectCreate(
+            createProto(ProjectCreateRequestSchema, {
+              name,
+              description,
+            }),
+          );
+
+          await get().loadProjects();
+
+          set({ selectedProjectId: res.item?.id });
+
+          window.location.reload();
+        } catch (error) {
+          if (error instanceof ConnectError) {
+            toast.error(error.rawMessage);
+          } else {
+            console.error("Failed to create project:", error);
+          }
+        }
+      },
+    }),
+    {
+      name: "projectStore",
+      partialize: (state) => ({
+        selectedProjectId: state.selectedProjectId,
+      }),
+    },
+  ),
+);
diff --git a/frontend/src/app/stores/system.ts b/frontend/src/app/stores/system.ts
new file mode 100644
index 0000000..2505d91
--- /dev/null
+++ b/frontend/src/app/stores/system.ts
@@ -0,0 +1,52 @@
+import { systemClient } from "@/api/api";
+import { ConnectError } from "@connectrpc/connect";
+import { toast } from "sonner";
+import { create } from "zustand";
+import { create as createProto } from "@bufbuild/protobuf";
+import {
+  CheckIsInitializedRequestSchema,
+  InitializeRequestSchema,
+} from "@/api/gen/sentinel/system/v1/service_pb";
+
+type SystemStore = {
+  isLoading: boolean;
+  error?: unknown;
+  isSystemInitialized: boolean;
+  initializeSystem: (email: string, password: string) => Promise<void>;
+  checkIsInitialized: () => Promise<void>;
+};
+
+export const useSystemStore = create<SystemStore>()((set) => ({
+  isLoading: true,
+  isSystemInitialized: false,
+  checkIsInitialized: async () => {
+    try {
+      const data = await systemClient.checkIsInitialized(
+        createProto(CheckIsInitializedRequestSchema),
+      );
+      set({ isSystemInitialized: data.isInitialized });
+    } catch (error) {
+      set({ error: error });
+    } finally {
+      set({ isLoading: false });
+    }
+  },
+  initializeSystem: async (email: string, password: string) => {
+    try {
+      await systemClient.initialize(
+        createProto(InitializeRequestSchema, {
+          email,
+          password,
+        }),
+      );
+      set({ isSystemInitialized: true });
+      toast.success("System initialized successfully");
+    } catch (error) {
+      if (error instanceof ConnectError) {
+        toast.error(error.rawMessage);
+      } else {
+        console.error("Failed to initialize system:", error);
+      }
+    }
+  },
+}));
diff --git a/frontend/src/app/stores/userPreferience.ts b/frontend/src/app/stores/userPreferience.ts
new file mode 100644
index 0000000..d5449f7
--- /dev/null
+++ b/frontend/src/app/stores/userPreferience.ts
@@ -0,0 +1,45 @@
+import { create } from "zustand";
+import { persist } from "zustand/middleware";
+
+type Theme = "none" | "dark" | "light";
+
+type UserPreferenceStore = {
+  theme: Theme;
+  toggleTheme: () => void;
+  initTheme: () => void;
+};
+
+export const useUserPreferenceStore = create<UserPreferenceStore>()(
+  persist(
+    (set, get) => ({
+      theme: "none",
+      toggleTheme: () => {
+        const currentTheme = get().theme;
+        const newTheme = currentTheme === "dark" ? "light" : "dark";
+        set({ theme: newTheme });
+        get().initTheme();
+      },
+      initTheme: () => {
+        const systemTheme = window.matchMedia("(prefers-color-scheme: dark)")
+          .matches
+          ? "dark"
+          : "light";
+
+        if (get().theme === "none") {
+          set({ theme: systemTheme });
+        }
+
+        const root = window.document.documentElement;
+
+        root.classList.remove("light", "dark");
+        root.classList.add(get().theme);
+      },
+    }),
+    {
+      name: "userPreferenceStore",
+      partialize: (state) => ({
+        theme: state.theme,
+      }),
+    },
+  ),
+);
diff --git a/frontend/src/entities/ActivityIndicatorSVG/ActivityIndicatorSVG.tsx b/frontend/src/entities/ActivityIndicatorSVG/ActivityIndicatorSVG.tsx
index bc2c645..afe2561 100644
--- a/frontend/src/entities/ActivityIndicatorSVG/ActivityIndicatorSVG.tsx
+++ b/frontend/src/entities/ActivityIndicatorSVG/ActivityIndicatorSVG.tsx
@@ -1,6 +1,5 @@
 export const ActivityIndicatorSVG = ({ active = true, size = 16 }) => {
   const color = active ? "#3b82f6" : "#ef4444";
-  const pulseColor = active ? "#3b82f6" : "#ef4444";
 
   return (
     <svg
@@ -9,7 +8,7 @@ export const ActivityIndicatorSVG = ({ active = true, size = 16 }) => {
       viewBox="0 0 32 32"
       style={{ display: "inline-block", verticalAlign: "middle" }}
     >
-      <circle cx="16" cy="16" r="8" fill={pulseColor} opacity="0.3">
+      <circle cx="16" cy="16" r="8" fill={color} opacity="0.3">
         <animate
           attributeName="r"
           values="8;15"
diff --git a/frontend/src/entities/confirmDialog/confirmDialog.tsx b/frontend/src/entities/confirmDialog/confirmDialog.tsx
index 302aa77..d2c5f81 100644
--- a/frontend/src/entities/confirmDialog/confirmDialog.tsx
+++ b/frontend/src/entities/confirmDialog/confirmDialog.tsx
@@ -1,12 +1,13 @@
 import {
-  Dialog,
-  DialogTitle,
-  DialogHeader,
-  DialogContent,
-  DialogDescription,
-  DialogFooter,
-  Button,
-} from "@/shared/components/ui";
+  AlertDialog,
+  AlertDialogContent,
+  AlertDialogDescription,
+  AlertDialogFooter,
+  AlertDialogHeader,
+  AlertDialogTitle,
+  AlertDialogAction,
+  AlertDialogCancel,
+} from "@/shared/components/ui/alert-dialog";
 
 interface ConfirmDialogProps {
   open: boolean;
@@ -28,25 +29,30 @@ export const ConfirmDialog = ({
   content,
 }: ConfirmDialogProps) => {
   return (
-    <Dialog open={open} onOpenChange={() => setOpen(null)}>
-      <DialogContent>
-        <DialogHeader>
-          <DialogTitle>{title}</DialogTitle>
-          <DialogDescription>{description}</DialogDescription>
-        </DialogHeader>
+    <AlertDialog open={open} onOpenChange={() => setOpen(null)}>
+      <AlertDialogContent>
+        <AlertDialogHeader>
+          <AlertDialogTitle>{title}</AlertDialogTitle>
+          <AlertDialogDescription>{description}</AlertDialogDescription>
+        </AlertDialogHeader>
         {content && content}
-        <DialogFooter>
-          <Button variant="outline" onClick={() => setOpen(null)}>
+        <AlertDialogFooter>
+          <AlertDialogCancel onClick={() => setOpen(null)}>
             Cancel
-          </Button>
+          </AlertDialogCancel>
           {type === "delete" && (
-            <Button variant="destructive" onClick={onSubmit}>
+            <AlertDialogAction
+              className="bg-destructive hover:bg-destructive/90 dark:text-white"
+              onClick={onSubmit}
+            >
               Delete
-            </Button>
+            </AlertDialogAction>
           )}
-          {type === "default" && <Button onClick={onSubmit}>Submit</Button>}
-        </DialogFooter>
-      </DialogContent>
-    </Dialog>
+          {type === "default" && (
+            <AlertDialogAction onClick={onSubmit}></AlertDialogAction>
+          )}
+        </AlertDialogFooter>
+      </AlertDialogContent>
+    </AlertDialog>
   );
 };
diff --git a/frontend/src/entities/errorRouter/ErrorBoundary.tsx b/frontend/src/entities/errorRouter/ErrorBoundary.tsx
new file mode 100644
index 0000000..c8b2681
--- /dev/null
+++ b/frontend/src/entities/errorRouter/ErrorBoundary.tsx
@@ -0,0 +1,91 @@
+import { Component, type ReactNode } from "react";
+import { Button } from "@/shared/components/ui";
+import { ConnectError } from "@connectrpc/connect";
+
+export type ErrorData = {
+  status: number;
+  name?: string;
+  message: string;
+  details?: string;
+};
+
+interface ErrorBoundaryProps {
+  children: ReactNode;
+}
+
+interface ErrorBoundaryState {
+  error: Error | null;
+}
+
+export class ErrorBoundary extends Component<
+  ErrorBoundaryProps,
+  ErrorBoundaryState
+> {
+  state: ErrorBoundaryState = {
+    error: null,
+  };
+
+  static getDerivedStateFromError(error: Error) {
+    return { error };
+  }
+
+  handleReload = () => {
+    this.setState({ error: null });
+    window.location.reload();
+  };
+
+  render() {
+    if (this.state.error) {
+      const errorData: ErrorData = {
+        status: 500,
+        name: this.state.error.name,
+        message: this.state.error.message,
+        // details: this.state.error.details,
+      };
+
+      if (this.state.error instanceof ConnectError) {
+        errorData.status = 500;
+        errorData.name = this.state.error.name;
+        errorData.message =
+          this.state.error.rawMessage ||
+          this.state.error.message ||
+          "Unknown error";
+        errorData.details = this.state.error.details.join(", ") || undefined;
+      }
+
+      if (errorData.message == "Failed to fetch") {
+        errorData.status = 503;
+        errorData.name = "Service Unavailable";
+        errorData.message =
+          "The server is currently unreachable. Please try again later.";
+        errorData.details = undefined;
+      }
+
+      return (
+        <div className="flex min-h-svh w-full items-center justify-center p-6 md:p-10">
+          <div className="w-full max-w-sm">
+            <div className="flex flex-col items-center gap-4 py-10 text-center">
+              <div className="text-4xl font-bold">{errorData.status}</div>
+              <div className="text-2xl font-semibold">
+                {errorData.name || "Something went wrong"}
+              </div>
+              <div className="text-muted-foreground max-w-md text-sm break-words">
+                {errorData.message}
+                {errorData.details && (
+                  <div className="mt-2 text-xs opacity-75">
+                    {errorData.details}
+                  </div>
+                )}
+              </div>
+              <div className="flex gap-2">
+                <Button onClick={this.handleReload}>Reload page</Button>
+              </div>
+            </div>
+          </div>
+        </div>
+      );
+    }
+
+    return this.props.children;
+  }
+}
diff --git a/frontend/src/entities/errorRouter/index.tsx b/frontend/src/entities/errorRouter/index.tsx
index a6bfeb6..9bef98a 100644
--- a/frontend/src/entities/errorRouter/index.tsx
+++ b/frontend/src/entities/errorRouter/index.tsx
@@ -1,9 +1,8 @@
 import { useRouter, type ErrorRouteComponent } from "@tanstack/react-router";
 import { Button } from "@/shared/components/ui";
-import { isAxiosError, type AxiosError } from "axios";
-import type { WebErrorResponse } from "@/shared/types/model/webErrorResponse";
+import { ConnectError } from "@connectrpc/connect";
 
-type errorData = {
+export type ErrorData = {
   status: number;
   message: string;
   details?: string;
@@ -13,20 +12,16 @@ type errorData = {
 const ErrorRouter: ErrorRouteComponent = ({ error, reset }) => {
   const router = useRouter();
 
-  const errorData: errorData = {
+  const errorData: ErrorData = {
     status: 500,
     message: error.name,
     details: error.message,
   };
 
-  const axiosErr: AxiosError<WebErrorResponse> | undefined = isAxiosError(error)
-    ? error
-    : undefined;
-
-  if (axiosErr) {
-    errorData.status = axiosErr.response?.status || 500;
-    errorData.message = axiosErr.message || "Unknown error";
-    errorData.details = axiosErr.response?.data.error;
+  if (error instanceof ConnectError) {
+    errorData.status = error.code;
+    errorData.message = error.rawMessage || error.message || "Unknown error";
+    errorData.details = error.details.join(", ") || undefined;
   }
 
   const handleReload = async () => {
diff --git a/frontend/src/entities/infoStatsCard/infoCardStats.tsx b/frontend/src/entities/infoStatsCard/infoCardStats.tsx
index aff7619..8be2da6 100644
--- a/frontend/src/entities/infoStatsCard/infoCardStats.tsx
+++ b/frontend/src/entities/infoStatsCard/infoCardStats.tsx
@@ -12,14 +12,16 @@ interface InfoCardStatsProps {
 
 export const InfoCardStats = ({ title, value }: InfoCardStatsProps) => {
   return (
-    <Card className="flex flex-col justify-center gap-2">
-      <CardHeader>
+    <Card className="flex flex-col justify-center gap-0 py-4 md:gap-2 md:py-6">
+      <CardHeader className="px-4 md:px-6">
         <CardTitle className="text-center text-xl font-bold md:text-2xl">
           {value}
         </CardTitle>
       </CardHeader>
-      <CardContent>
-        <p className="text-muted-foreground text-center">{title}</p>
+      <CardContent className="px-4 md:px-6">
+        <p className="text-muted-foreground text-center text-sm md:text-base">
+          {title}
+        </p>
       </CardContent>
     </Card>
   );
diff --git a/frontend/src/features/apiInfo/server-info.tsx b/frontend/src/features/apiInfo/systemInfo.tsx
similarity index 55%
rename from frontend/src/features/apiInfo/server-info.tsx
rename to frontend/src/features/apiInfo/systemInfo.tsx
index c6ab628..13620f5 100644
--- a/frontend/src/features/apiInfo/server-info.tsx
+++ b/frontend/src/features/apiInfo/systemInfo.tsx
@@ -1,5 +1,5 @@
-import { useServerStore } from "@/pages/dashboard/store/useServerStore";
-import { Badge } from "@/shared/components/ui";
+import { getSystemInfo } from "@/api/gen/sentinel/system/v1/service-SystemService_connectquery";
+import { useQuery } from "@connectrpc/connect-query";
 import { Button } from "@shared/components/ui/button";
 import {
   Popover,
@@ -8,25 +8,16 @@ import {
 } from "@shared/components/ui/popover";
 import { Info } from "lucide-react";
 
-export const ServerInfo = () => {
-  const serverInfo = useServerStore((s) => s.serverInfo);
+export const SystemInfo = () => {
+  const q = useQuery(getSystemInfo);
 
-  if (!serverInfo) return null;
+  if (!q.data) return null;
 
   return (
     <Popover>
       <PopoverTrigger asChild>
-        <Button
-          className="size-8 rounded-full"
-          size="icon"
-          variant="ghost"
-          aria-label="Server info"
-        >
-          <Info
-            size={16}
-            aria-hidden="true"
-            className="text-muted-foreground"
-          />
+        <Button size="icon" variant="ghost" aria-label="Server info">
+          <Info size={16} className="size-5" aria-hidden="true" />
         </Button>
       </PopoverTrigger>
       <PopoverContent className="max-w-[180px] py-3 shadow-none" side="top">
@@ -34,38 +25,33 @@ export const ServerInfo = () => {
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">Sentinel version</span>
             <span className="flex items-center justify-between font-medium">
-              {serverInfo.version}
-              {serverInfo.available_update ? (
-                <Badge className="ml-2 bg-rose-500 text-white">Outdated</Badge>
-              ) : (
-                <Badge className="ml-2 bg-emerald-500 text-white">Latest</Badge>
-              )}
+              {q.data.info?.version}
             </span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">Go version</span>
-            <span className="font-medium">{serverInfo.go_version}</span>
+            <span className="font-medium">{q.data.info?.goVersion}</span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">SQLite version</span>
-            <span className="font-medium">{serverInfo.sqlite_version}</span>
+            <span className="font-medium">{q.data.info?.sqliteVersion}</span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">OS</span>
-            <span className="font-medium">{serverInfo.os}</span>
+            <span className="font-medium">{q.data.info?.os}</span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">Arch</span>
-            <span className="font-medium">{serverInfo.arch}</span>
+            <span className="font-medium">{q.data.info?.arch}</span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">Build date</span>
-            <span className="font-medium">{serverInfo.build_date}</span>
+            <span className="font-medium">{q.data.info?.buildDate}</span>
           </li>
           <li className="grid gap-0.5">
             <span className="text-muted-foreground">Commit hash</span>
             <span className="font-medium">
-              {serverInfo.commit_hash?.slice(0, 8) || "N/A"}
+              {q.data.info?.commitHash?.slice(0, 8) || "N/A"}
             </span>
           </li>
         </ul>
diff --git a/frontend/src/features/apiInfo/update-banner.tsx b/frontend/src/features/apiInfo/update-banner.tsx
deleted file mode 100644
index 122b355..0000000
--- a/frontend/src/features/apiInfo/update-banner.tsx
+++ /dev/null
@@ -1,121 +0,0 @@
-import {
-  Button,
-  Dialog,
-  DialogClose,
-  DialogContent,
-  DialogFooter,
-  DialogDescription,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from "@/shared/components/ui";
-import {
-  AlertDialog,
-  AlertDialogAction,
-  AlertDialogCancel,
-  AlertDialogContent,
-  AlertDialogDescription,
-  AlertDialogFooter,
-  AlertDialogHeader,
-  AlertDialogTitle,
-  AlertDialogTrigger,
-} from "@/shared/components/ui/alert-dialog";
-import Markdown from "react-markdown";
-import { LoaderCircleIcon, SparklesIcon } from "lucide-react";
-import remarkGfm from "remark-gfm";
-import { useServerStore } from "@/pages/dashboard/store/useServerStore";
-
-export const UpdateBanner = () => {
-  const serverStore = useServerStore();
-
-  if (!serverStore.isUpdateAvailable) return null;
-
-  return (
-    <div className="hidden md:block">
-      <Dialog>
-        <DialogTrigger asChild>
-          <Button size="sm" variant="ghost" className="min-w-24">
-            <SparklesIcon size={16} />
-            Available new update
-          </Button>
-        </DialogTrigger>
-        <DialogContent className="flex max-h-[85vh] flex-col gap-0 p-0 sm:max-h-[min(840px,95vh)] sm:max-w-2xl [&>button:last-child]:top-3.5">
-          <DialogHeader className="contents space-y-0 text-left">
-            <DialogTitle className="border-b px-6 py-4 text-base">
-              🚀 Available new update
-            </DialogTitle>
-          </DialogHeader>
-
-          <DialogDescription asChild>
-            <div className="changelog flex-1 overflow-y-auto overscroll-contain p-6">
-              {/* Current version */}
-              <div className="mb-3 text-lg font-semibold">
-                Current version:{" "}
-                <span className="text-zinc-500">
-                  {serverStore.serverInfo?.version}
-                </span>
-              </div>
-
-              {/* New version */}
-              <Markdown remarkPlugins={[remarkGfm]}>
-                {serverStore.serverInfo?.available_update?.description}
-              </Markdown>
-            </div>
-          </DialogDescription>
-
-          <DialogFooter className="flex-shrink-0 border-t px-6 py-4 sm:items-center">
-            <DialogClose asChild>
-              <Button variant="outline">Close</Button>
-            </DialogClose>
-
-            <Button variant="default">
-              <a
-                href={serverStore.serverInfo?.available_update?.url}
-                target="_blank"
-              >
-                Release details
-              </a>
-            </Button>
-
-            {serverStore.serverInfo?.available_update?.is_available_manual && (
-              <AlertDialog>
-                <AlertDialogTrigger asChild>
-                  <Button variant="default" disabled={serverStore.isUpdating}>
-                    {serverStore.isUpdating && (
-                      <LoaderCircleIcon
-                        className="-ms-1 animate-spin"
-                        size={16}
-                        aria-hidden="true"
-                      />
-                    )}
-                    Upgrade
-                  </Button>
-                </AlertDialogTrigger>
-                <AlertDialogContent>
-                  <AlertDialogHeader>
-                    <AlertDialogTitle>Are you sure?</AlertDialogTitle>
-                    <AlertDialogDescription>
-                      This will upgrade the server to the latest version. The
-                      server will restart, and you will be redirected to the
-                      dashboard after the upgrade is complete.
-                      <br />
-                      <br />
-                      Please ensure you have a backup of your data before
-                      proceeding.
-                    </AlertDialogDescription>
-                  </AlertDialogHeader>
-                  <AlertDialogFooter>
-                    <AlertDialogCancel>Cancel</AlertDialogCancel>
-                    <AlertDialogAction onClick={() => serverStore.doUpgrade()}>
-                      Let's do it!
-                    </AlertDialogAction>
-                  </AlertDialogFooter>
-                </AlertDialogContent>
-              </AlertDialog>
-            )}
-          </DialogFooter>
-        </DialogContent>
-      </Dialog>
-    </div>
-  );
-};
diff --git a/frontend/src/features/apiInfo/updateBanner.tsx b/frontend/src/features/apiInfo/updateBanner.tsx
new file mode 100644
index 0000000..38b2537
--- /dev/null
+++ b/frontend/src/features/apiInfo/updateBanner.tsx
@@ -0,0 +1,79 @@
+import {
+  Button,
+  Dialog,
+  DialogClose,
+  DialogContent,
+  DialogFooter,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+  Badge,
+} from "@/shared/components/ui";
+import Markdown from "react-markdown";
+import { SparklesIcon } from "lucide-react";
+import remarkGfm from "remark-gfm";
+import { useQuery } from "@connectrpc/connect-query";
+import { checkForUpdates } from "@/api/gen/sentinel/system/v1/service-SystemService_connectquery";
+import {
+  SidebarMenuButton,
+  SidebarMenuItem,
+} from "@/shared/components/ui/sidebar";
+
+export const UpdateBanner = () => {
+  const { data } = useQuery(checkForUpdates);
+
+  if (!data || !data.info?.isAvailable) return null;
+
+  return (
+    <Dialog>
+      <DialogTrigger asChild>
+        <SidebarMenuItem>
+          <SidebarMenuButton className="group/update-banner flex w-full cursor-pointer items-center justify-between">
+            <div className="flex shrink-0 items-center gap-2">
+              <SparklesIcon className="size-4 transition-transform duration-300 group-hover/update-banner:rotate-[90deg]" />{" "}
+              <span>Available update</span>
+            </div>
+            <Badge variant="outline" className="bg-background">
+              {data.info?.details?.tagName}
+            </Badge>
+          </SidebarMenuButton>
+        </SidebarMenuItem>
+      </DialogTrigger>
+      <DialogContent className="flex max-h-[85vh] flex-col gap-0 p-0 sm:max-h-[min(840px,95vh)] sm:max-w-2xl [&>button:last-child]:top-3.5">
+        <DialogHeader className="contents space-y-0 text-left">
+          <DialogTitle className="border-b px-6 py-4 text-base">
+            🚀 Available new update
+          </DialogTitle>
+        </DialogHeader>
+
+        <DialogDescription asChild>
+          <div className="changelog flex-1 overflow-y-auto overscroll-contain p-6">
+            {/* Current version */}
+            <div className="mb-3 text-lg font-semibold">
+              Current version:{" "}
+              <span className="text-zinc-500">{data.info?.currentVersion}</span>
+            </div>
+
+            {/* New version */}
+            <Markdown remarkPlugins={[remarkGfm]}>
+              {data.info?.details?.description}
+            </Markdown>
+          </div>
+        </DialogDescription>
+
+        <DialogFooter className="flex-shrink-0 border-t px-6 py-4 sm:items-center">
+          <DialogClose asChild>
+            <Button variant="outline">Close</Button>
+          </DialogClose>
+
+          <Button variant="default">
+            <a href={data.info?.details?.url} target="_blank">
+              Release details
+            </a>
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+};
diff --git a/frontend/src/features/service/serviceForm.tsx b/frontend/src/features/service/serviceForm.tsx
index 8c10305..8bc0af0 100644
--- a/frontend/src/features/service/serviceForm.tsx
+++ b/frontend/src/features/service/serviceForm.tsx
@@ -20,7 +20,7 @@ import {
 import { PlusIcon, TrashIcon } from "lucide-react";
 import * as Yup from "yup";
 import InputTag from "@/shared/components/ui/inputTag";
-import type { WebCreateUpdateServiceRequest } from "@/shared/types/model";
+import { toast } from "sonner";
 
 export interface ServiceFormRef {
   submitForm: () => void;
@@ -239,24 +239,21 @@ const HTTPForm = React.memo(
                 <Textarea
                   {...field}
                   value={field.value ?? ""}
-                  placeholder="// Example: return Math.abs(results.main.value - results.backup.value) > 5;"
+                  placeholder={`// Example 1: Math.abs(results.main.value - results.backup.value) > 5\n// Example 2: results.main.ok == true`}
                 />
               )}
             </FastField>
             <small className="text-muted-foreground text-xs">
               JavaScript condition that returns true to trigger an incident.
+              <br />
               Available variables:
               <code className="font-mono text-xs">
-                results.endpoint_name.value
+                <i className="ml-1">results.endpoint_name.</i>
+                <strong>your_value</strong>
               </code>
-              ,{" "}
-              <code className="font-mono text-xs">
-                results.endpoint_name.success
-              </code>
-              , etc.
             </small>
           </div>
-          <div className="flex flex-col gap-2">
+          {/* <div className="flex flex-col gap-2">
             <Label>Timeout(milliseconds)</Label>
             <FastField name="config.http.timeout">
               {({ field }: FieldProps) => (
@@ -275,7 +272,7 @@ const HTTPForm = React.memo(
                 />
               )}
             </FastField>
-          </div>
+          </div> */}
           {(values.config?.http?.endpoints || []).map((_, index: number) => (
             <Card key={index}>
               <CardHeader>
@@ -468,14 +465,25 @@ const HTTPForm = React.memo(
 
 export const ServiceForm = forwardRef<ServiceFormRef, ServiceFormProps>(
   ({ initialValues, onSubmit, onFormStateChange }, ref) => {
+    const [agents, setAgents] = React.useState<WebAgentDTO[] | undefined>([]);
+
     const formikRef =
       React.useRef<FormikProps<WebCreateUpdateServiceRequest> | null>(null);
+
     const lastStateRef = React.useRef({
       isSubmitting: false,
       isValid: false,
       dirty: false,
     });
 
+    // load agents
+    React.useEffect(() => {
+      getAgents()
+        .getSettingsAgents()
+        .then(({ items }) => setAgents(items))
+        .catch(() => toast.error("Failed to load agents"));
+    }, []);
+
     // Стабильная функция для отложенного обновления состояния
     const updateFormState = React.useCallback(
       (state: { isSubmitting: boolean; isValid: boolean; dirty: boolean }) => {
@@ -508,6 +516,7 @@ export const ServiceForm = forwardRef<ServiceFormRef, ServiceFormProps>(
         return formikRef.current?.dirty || false;
       },
     }));
+
     const grpcSchema = Yup.object({
       endpoint: Yup.string().required("GRPC endpoint is required"),
     });
@@ -746,6 +755,45 @@ export const ServiceForm = forwardRef<ServiceFormRef, ServiceFormProps>(
                   )}
                 </FastField>
               </div>
+              <div className="flex flex-col gap-2">
+                <Label>Agents</Label>
+                <Field name="agent_ids">
+                  {({ field }: FieldProps) => (
+                    <Select
+                      value={
+                        Array.isArray(field.value)
+                          ? (field.value[0] ?? "")
+                          : (field.value ?? "")
+                      }
+                      onValueChange={(value) =>
+                        setFieldValue("agent_ids", value ? [value] : [])
+                      }
+                    >
+                      <SelectTrigger className="w-full">
+                        <SelectValue
+                          className="w-full"
+                          placeholder="Select an agent"
+                        />
+                      </SelectTrigger>
+                      <SelectContent>
+                        {agents?.map((agent) => (
+                          <SelectItem
+                            key={agent.id}
+                            value={agent?.id as string}
+                          >
+                            {agent.name}
+                          </SelectItem>
+                        ))}
+                        {agents?.length === 0 && (
+                          <SelectItem value="none" disabled>
+                            No agents available
+                          </SelectItem>
+                        )}
+                      </SelectContent>
+                    </Select>
+                  )}
+                </Field>
+              </div>
               <div className="flex flex-col gap-2">
                 <Label>Enabled Service</Label>
                 <Field name="is_enabled">
diff --git a/frontend/src/main.tsx b/frontend/src/main.tsx
index 6922f05..46e3167 100644
--- a/frontend/src/main.tsx
+++ b/frontend/src/main.tsx
@@ -1,41 +1,25 @@
-import { StrictMode } from "react";
 import { createRoot } from "react-dom/client";
-import { RouterProvider, createRouter } from "@tanstack/react-router";
-
-//import App from "@app/App";
+import { TransportProvider } from "@connectrpc/connect-query";
+import { QueryClientProvider } from "@tanstack/react-query";
+import { Toaster } from "sonner";
 
 import "@shared/styles/index.css";
 
-// Import the generated route tree
-import { routeTree } from "./routeTree.gen";
-import { Loader } from "@/entities/loader/loader";
-import NotFound from "@/pages/notFound/notFound";
-import ErrorRouter from "./entities/errorRouter";
-
-// Create a new router instance
-const router = createRouter({
-  routeTree,
-  defaultPreload: "intent",
-  defaultStaleTime: Infinity,
-  scrollRestoration: true,
-  defaultPendingComponent: Loader,
-  defaultNotFoundComponent: NotFound,
-  defaultErrorComponent: ErrorRouter,
-});
-
-// Register the router instance for type safety
-declare module "@tanstack/react-router" {
-  interface Register {
-    router: typeof router;
-  }
-}
+import { connectQueryClient, connectTransport } from "./api/api";
+import App from "@app/app";
+import { ErrorBoundary } from "./entities/errorRouter/ErrorBoundary";
 
 const rootElement = document.getElementById("root")!;
 if (!rootElement.innerHTML) {
   const root = createRoot(rootElement);
   root.render(
-    <StrictMode>
-      <RouterProvider router={router} />
-    </StrictMode>,
+    <ErrorBoundary>
+      <TransportProvider transport={connectTransport}>
+        <QueryClientProvider client={connectQueryClient}>
+          <App />
+          <Toaster />
+        </QueryClientProvider>
+      </TransportProvider>
+    </ErrorBoundary>,
   );
 }
diff --git a/frontend/src/pages/agents/agents.tsx b/frontend/src/pages/agents/agents.tsx
new file mode 100644
index 0000000..93f99b1
--- /dev/null
+++ b/frontend/src/pages/agents/agents.tsx
@@ -0,0 +1,613 @@
+import { agentsClient, VITE_SERVER_API_BASE_URL } from "@/api/api";
+import {
+  agentsCreate,
+  agentsDelete,
+  agentsList,
+  agentsUpdate,
+} from "@/api/gen/sentinel/agents/v1/agents-AgentsService_connectquery";
+import {
+  AgentKind,
+  AgentsSubscribeRequestSchema,
+  AgentStatus,
+  type Agent,
+} from "@/api/gen/sentinel/agents/v1/agents_pb";
+import { ConfirmDialog } from "@/entities/confirmDialog/confirmDialog";
+import { P } from "@/shared/components/typography";
+import {
+  Badge,
+  Button,
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuGroup,
+  DropdownMenuItem,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  DialogClose,
+  DialogFooter,
+  Field,
+  FieldError,
+  FieldGroup,
+  FieldLabel,
+  Input,
+  Switch,
+  Card,
+  CardContent,
+  CardHeader,
+  CardTitle,
+  CardDescription,
+  CardAction,
+} from "@/shared/components/ui";
+import { Separator } from "@/shared/components/ui/separator";
+import { timestampDate } from "@bufbuild/protobuf/wkt";
+import { useQuery, useMutation } from "@connectrpc/connect-query";
+import { EllipsisIcon, PlusIcon } from "lucide-react";
+import { useCallback, useEffect, useRef, useState } from "react";
+import { toast } from "sonner";
+import { useForm } from "@tanstack/react-form";
+import * as z from "zod";
+import InputTag from "@/shared/components/ui/inputTag";
+import {
+  Alert,
+  AlertDescription,
+  AlertTitle,
+} from "@/shared/components/ui/alert";
+import { CodeBlock } from "@/shared/components/ui/code";
+import { useSubscriptionRefetch } from "@/shared/hooks/useSubscriptionRefetch";
+import { create } from "@bufbuild/protobuf";
+
+const statusTypeName = (type: AgentStatus): string => {
+  switch (type) {
+    case AgentStatus.ACTIVE:
+      return "active";
+    case AgentStatus.INACTIVE:
+      return "inactive";
+    case AgentStatus.UNSPECIFIED:
+      return "unspecified";
+    default:
+      return "unknown";
+  }
+};
+
+const kindTypeName = (type: AgentKind): string => {
+  switch (type) {
+    case AgentKind.HUB:
+      return "hub";
+    case AgentKind.EXTERNAL:
+      return "external";
+    default:
+      return "unknown";
+  }
+};
+
+const environmentsCodeBlock = (token = "<agent_token>") => {
+  return `HUB_SERVER_ADDR=${VITE_SERVER_API_BASE_URL}
+TOKEN=${token}`;
+};
+
+const yamlCodeBlock = (token = "<agent_token>") => {
+  return `hub_server:
+  addr: ${VITE_SERVER_API_BASE_URL}
+token: ${token}`;
+};
+
+const formSchema = z.object({
+  name: z.string().min(2, "Name must be at least 2 characters long"),
+  description: z.union([z.string(), z.undefined()]),
+  isEnabled: z.boolean(),
+  tags: z.array(z.string()),
+});
+
+const formInitialValues = (agent?: Agent): z.infer<typeof formSchema> => {
+  return {
+    name: agent?.name || "",
+    description: agent?.description,
+    isEnabled: agent?.isEnabled ?? true,
+    tags: agent?.tags || [],
+  };
+};
+
+type UpsertAgentProps = {
+  open: boolean;
+  agent?: Agent;
+  onClose: () => void;
+  onSubmit: (data: z.infer<typeof formSchema>) => Promise<void>;
+  createdToken?: string;
+};
+
+const UpsertAgent = ({
+  open,
+  agent,
+  onClose,
+  onSubmit,
+  createdToken,
+}: UpsertAgentProps) => {
+  const form = useForm({
+    defaultValues: formInitialValues(agent),
+    validators: {
+      onSubmit: formSchema,
+    },
+    onSubmit: ({ formApi, value }) => {
+      onSubmit(value).then(() => formApi.reset());
+    },
+  });
+
+  useEffect(() => {
+    if (open) {
+      form.reset(formInitialValues(agent));
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [open, agent?.id]);
+
+  // If we are in create mode (no agent) and have a created token, show instructions instead of form
+  const isCreateMode = !agent;
+
+  return (
+    <Dialog open={open} onOpenChange={onClose}>
+      <DialogContent className="w-full">
+        <DialogHeader>
+          <DialogTitle>
+            {agent
+              ? "Edit Agent"
+              : createdToken
+                ? "Agent Created"
+                : "Add Agent"}
+          </DialogTitle>
+          <DialogDescription>
+            {agent
+              ? "Update the agent details and click on the Update button."
+              : createdToken
+                ? "The agent has been created successfully. Here are the environment variables to connect your agent to the Sentinel hub:"
+                : "Fill out the form below to create a new agent."}
+          </DialogDescription>
+        </DialogHeader>
+        {isCreateMode && createdToken ? (
+          <>
+            <Alert>
+              <AlertTitle>Important!</AlertTitle>
+              <AlertDescription>
+                Please copy and store this token securely. You won't be able to
+                see it again!
+              </AlertDescription>
+            </Alert>
+
+            <P>Example for environment variables:</P>
+            <CodeBlock
+              code={environmentsCodeBlock(createdToken)}
+              language="markup"
+              className="text-sm"
+            />
+
+            <P>Example for YAML file:</P>
+            <CodeBlock
+              code={yamlCodeBlock(createdToken)}
+              language="yaml"
+              className="text-sm"
+            />
+
+            <DialogFooter>
+              <DialogClose asChild>
+                <Button variant="outline">Close</Button>
+              </DialogClose>
+            </DialogFooter>
+          </>
+        ) : (
+          <>
+            <form
+              id="upsert-agent-form"
+              onSubmit={(e) => {
+                e.preventDefault();
+                e.stopPropagation();
+                form.handleSubmit();
+              }}
+              className="space-y-8"
+            >
+              <FieldGroup>
+                <form.Field
+                  name="name"
+                  children={(field) => {
+                    const isInvalid =
+                      field.state.meta.isTouched && !field.state.meta.isValid;
+                    return (
+                      <Field data-invalid={isInvalid}>
+                        <FieldLabel htmlFor={field.name}>Name</FieldLabel>
+                        <Input
+                          id={field.name}
+                          name={field.name}
+                          value={field.state.value}
+                          onBlur={field.handleBlur}
+                          onChange={(e) => field.handleChange(e.target.value)}
+                          aria-invalid={isInvalid}
+                          placeholder="Agent name"
+                          autoComplete="off"
+                        />
+                        {isInvalid && (
+                          <FieldError errors={field.state.meta.errors} />
+                        )}
+                      </Field>
+                    );
+                  }}
+                />
+
+                <form.Field
+                  name="description"
+                  children={(field) => {
+                    const isInvalid =
+                      field.state.meta.isTouched && !field.state.meta.isValid;
+                    return (
+                      <Field data-invalid={isInvalid}>
+                        <FieldLabel htmlFor={field.name}>
+                          Description
+                        </FieldLabel>
+                        <Input
+                          id={field.name}
+                          name={field.name}
+                          value={field.state.value}
+                          onBlur={field.handleBlur}
+                          onChange={(e) => field.handleChange(e.target.value)}
+                          aria-invalid={isInvalid}
+                          placeholder="Agent description"
+                          autoComplete="off"
+                        />
+                        {isInvalid && (
+                          <FieldError errors={field.state.meta.errors} />
+                        )}
+                      </Field>
+                    );
+                  }}
+                />
+
+                <form.Field
+                  name="isEnabled"
+                  children={(field) => (
+                    <Field>
+                      <div className="flex flex-row items-center justify-between">
+                        <FieldLabel htmlFor={field.name}>Is enabled</FieldLabel>
+                        <Switch
+                          id={field.name}
+                          name={field.name}
+                          checked={field.state.value}
+                          onCheckedChange={(checked) =>
+                            field.handleChange(!!checked)
+                          }
+                        />
+                      </div>
+                    </Field>
+                  )}
+                />
+
+                <form.Field
+                  name="tags"
+                  children={(field) => (
+                    <Field>
+                      <FieldLabel htmlFor={field.name}>Tags</FieldLabel>
+                      <InputTag
+                        tags={field.state.value.map(
+                          (tag: string, index: number) => ({
+                            id: index.toString(),
+                            text: tag,
+                          }),
+                        )}
+                        setTags={(tags) => {
+                          const items: string[] = [];
+                          for (const tag of tags as { text: string }[]) {
+                            items.push(tag.text);
+                          }
+
+                          field.handleChange(items);
+                        }}
+                      />
+                    </Field>
+                  )}
+                />
+              </FieldGroup>
+            </form>
+            <DialogFooter className="mt-2">
+              <DialogClose asChild>
+                <Button variant="outline">Cancel</Button>
+              </DialogClose>
+              <Button disabled={!form.state.isValid} form="upsert-agent-form">
+                {agent ? "Update" : "Create"}
+              </Button>
+            </DialogFooter>
+          </>
+        )}
+      </DialogContent>
+    </Dialog>
+  );
+};
+
+const AgentsPage = () => {
+  const [deleteAgentId, setDeleteAgentId] = useState<string | undefined>();
+  const [upsertAgentOpen, setUpsertAgentOpen] = useState(false);
+  const [agent, setAgent] = useState<Agent | undefined>();
+  const [createdToken, setCreatedToken] = useState<string | undefined>();
+
+  const q = useQuery(agentsList);
+
+  const createMutation = useMutation(agentsCreate, {
+    onSuccess: (res) => {
+      toast.success("Agent created successfully");
+      setCreatedToken(res?.token);
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to create agent");
+    },
+  });
+
+  const updateMutation = useMutation(agentsUpdate, {
+    onSuccess: () => {
+      toast.success("Agent updated successfully");
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to update agent");
+    },
+  });
+
+  const deleteMutation = useMutation(agentsDelete, {
+    onSuccess: () => {
+      toast.success("Agent deleted successfully");
+      void q.refetch();
+      setDeleteAgentId(undefined);
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to delete agent");
+    },
+  });
+
+  const onCreateAgent = useCallback(
+    async (data: z.infer<typeof formSchema>) => {
+      await createMutation.mutateAsync(data);
+    },
+    [createMutation],
+  );
+
+  const onUpdateAgent = useCallback(
+    async (data: z.infer<typeof formSchema>) => {
+      if (!agent) return;
+      await updateMutation.mutateAsync({ id: agent.id, ...data });
+    },
+    [agent, updateMutation],
+  );
+
+  const onDeleteAgent = useCallback(async () => {
+    if (!deleteAgentId) return;
+    await deleteMutation.mutateAsync({ id: deleteAgentId });
+  }, [deleteAgentId, deleteMutation]);
+
+  // setup subscription to refetch on new events
+  const subRef = useRef<{ abort: () => void } | null>(null);
+  useSubscriptionRefetch({
+    refetch: q.refetch,
+    subscribe: (signal) =>
+      agentsClient.agentsSubscribe(create(AgentsSubscribeRequestSchema), {
+        signal,
+      }),
+    debounceTimeout: 300,
+    onErrorFn: (error) => {
+      toast.error(`subscription error: ${error}`);
+    },
+    ref: subRef,
+  });
+
+  return (
+    <>
+      <ConfirmDialog
+        open={!!deleteAgentId}
+        setOpen={() => setDeleteAgentId(undefined)}
+        onSubmit={onDeleteAgent}
+        title="Delete an agent"
+        description="Are you sure you want to delete this agent?"
+        type="delete"
+      />
+      <UpsertAgent
+        open={upsertAgentOpen}
+        agent={agent}
+        onClose={() => {
+          setUpsertAgentOpen(false);
+          setAgent(undefined);
+          setCreatedToken(undefined);
+        }}
+        onSubmit={async (data) => {
+          if (agent) {
+            onUpdateAgent(data);
+          } else {
+            await onCreateAgent(data);
+            // Keep dialog open to show token content
+          }
+          if (agent) {
+            setUpsertAgentOpen(false);
+            setAgent(undefined);
+          }
+        }}
+        createdToken={createdToken}
+      />
+      <Card className="gap-3">
+        <CardHeader>
+          <CardTitle className="text-2xl">Agents</CardTitle>
+          <CardDescription>Manage application agents</CardDescription>
+
+          <CardAction>
+            <Button
+              size="sm"
+              variant="secondary"
+              onClick={() => {
+                setAgent(undefined);
+                setUpsertAgentOpen(true);
+              }}
+            >
+              <PlusIcon size={16} /> Add Agent
+            </Button>
+          </CardAction>
+        </CardHeader>
+        <CardContent>
+          <Separator className="my-2 hidden md:block" />
+          <P className="text-muted-foreground text-sm leading-relaxed">
+            Agents embed into your internal infrastructure, collect data for
+            specified services, and send it to the Sentinel hub.
+            <br />
+            On this page, you can create, update, and delete agents, as well as
+            check their status.
+          </P>
+
+          <P className="text-muted-foreground text-sm leading-relaxed">
+            To connect an agent to this Sentinel hub, you need to set the
+            following environment variables in your agent's environment:
+          </P>
+
+          <CodeBlock
+            code={environmentsCodeBlock()}
+            language="markup"
+            className="mt-4 text-sm"
+          />
+
+          <P className="text-muted-foreground text-sm leading-relaxed">
+            Alternatively, you can use a YAML configuration file with the
+            following content:
+          </P>
+
+          <CodeBlock
+            code={yamlCodeBlock()}
+            language="yaml"
+            className="mt-4 text-sm"
+          />
+
+          <Separator className="my-5" />
+
+          <div className="overflow-hidden rounded-md border">
+            <Table>
+              <TableHeader>
+                <TableRow className="bg-muted/50">
+                  <TableHead>Name</TableHead>
+                  <TableHead>Kind</TableHead>
+                  <TableHead>Status</TableHead>
+                  <TableHead>Token</TableHead>
+                  <TableHead>Is enabled</TableHead>
+                  <TableHead>Version</TableHead>
+                  <TableHead>Last seen at</TableHead>
+                  <TableHead></TableHead>
+                </TableRow>
+              </TableHeader>
+              <TableBody>
+                {q.data?.items?.length === 0 ? (
+                  <TableRow>
+                    <TableCell colSpan={8} className="h-24 text-center">
+                      No agents found.
+                    </TableCell>
+                  </TableRow>
+                ) : (
+                  q.data?.items?.map((item) => (
+                    <TableRow key={item.id}>
+                      <TableCell>{item.name}</TableCell>
+                      <TableCell>
+                        <Badge
+                          variant={
+                            item.kind === AgentKind.HUB
+                              ? "secondary"
+                              : "outline"
+                          }
+                        >
+                          {kindTypeName(item.kind)}
+                        </Badge>
+                      </TableCell>
+                      <TableCell>
+                        <Badge
+                          variant={
+                            item.status === AgentStatus.ACTIVE
+                              ? "success"
+                              : item.status === AgentStatus.INACTIVE
+                                ? "error"
+                                : item.status === AgentStatus.UNSPECIFIED
+                                  ? "warning"
+                                  : "info"
+                          }
+                        >
+                          {statusTypeName(item.status)}
+                        </Badge>
+                      </TableCell>
+                      <TableCell>
+                        {item.tokenHint ? (
+                          <span className="font-mono">{item.tokenHint}</span>
+                        ) : (
+                          <span className="text-muted-foreground">N/A</span>
+                        )}
+                      </TableCell>
+                      <TableCell>
+                        <Badge variant={item.isEnabled ? "success" : "warning"}>
+                          {item.isEnabled ? "enabled" : "disabled"}
+                        </Badge>
+                      </TableCell>
+                      <TableCell>{item.systemInfo?.version || "N/A"}</TableCell>
+                      <TableCell>
+                        {item.lastSeenAt
+                          ? timestampDate(item.lastSeenAt).toLocaleString()
+                          : "N/A"}
+                      </TableCell>
+                      <TableCell>
+                        <DropdownMenu>
+                          <DropdownMenuTrigger asChild>
+                            <div className="flex justify-end">
+                              <Button
+                                size="icon"
+                                variant="ghost"
+                                className="shadow-none"
+                                aria-label="Actions"
+                              >
+                                <EllipsisIcon size={16} aria-hidden="true" />
+                              </Button>
+                            </div>
+                          </DropdownMenuTrigger>
+                          <DropdownMenuContent align="end">
+                            <DropdownMenuGroup>
+                              <DropdownMenuItem
+                                onClick={() => {
+                                  setAgent(item);
+                                  setUpsertAgentOpen(true);
+                                }}
+                              >
+                                Edit
+                              </DropdownMenuItem>
+                              {/* <DropdownMenuItem>Refresh token</DropdownMenuItem> */}
+                            </DropdownMenuGroup>
+
+                            {item.kind != AgentKind.HUB && (
+                              <>
+                                <DropdownMenuSeparator />
+                                <DropdownMenuItem
+                                  className="text-destructive focus:text-destructive"
+                                  onClick={() => {
+                                    setDeleteAgentId(item?.id);
+                                  }}
+                                >
+                                  <span>Delete</span>
+                                </DropdownMenuItem>
+                              </>
+                            )}
+                          </DropdownMenuContent>
+                        </DropdownMenu>
+                      </TableCell>
+                    </TableRow>
+                  ))
+                )}
+              </TableBody>
+            </Table>
+          </div>
+        </CardContent>
+      </Card>
+    </>
+  );
+};
+
+export default AgentsPage;
diff --git a/frontend/src/pages/dashboard/dashboard.tsx b/frontend/src/pages/dashboard/dashboard.tsx
index 3794b7b..e6130ab 100644
--- a/frontend/src/pages/dashboard/dashboard.tsx
+++ b/frontend/src/pages/dashboard/dashboard.tsx
@@ -9,11 +9,11 @@ import {
 import { useDashboardLogic } from "./hooks/useDashboardLogic";
 import { InfoCardStats } from "@/entities/infoStatsCard/infoCardStats";
 import { Loader } from "@/entities/loader/loader";
-import type { GetDashboardStatsResult } from "@/shared/api/dashboard/dashboard";
+import type { GetDashboardStatsResult } from "@/shared/api/gen/dashboard/dashboard";
 import { getProtocolDisplayName } from "@/shared/lib/getProtocolDisplayName";
 import { ServiceTable } from "../service/serviceTable";
 import { useWsLogic } from "./hooks/useWsLogic";
-import { ChartIncidentsStats } from "./incidents-stats";
+import { ChartIncidentsStats } from "./incidentStats";
 
 const formatNumber = (value: number) => {
   return Intl.NumberFormat().format(value);
@@ -26,7 +26,7 @@ const infoKeysDashboard = [
   { key: "active_incidents", label: "Active incidents" },
   {
     key: "avg_response_time",
-    label: "Average response time (ms)",
+    label: "Avg response time",
     valueFormatter: (value: string) => `${formatNumber(Number(value))}ms`,
   },
   {
@@ -36,7 +36,7 @@ const infoKeysDashboard = [
   },
   {
     key: "uptime_percentage",
-    label: "Uptime",
+    label: "Uptime (last 30 days)",
     valueFormatter: (value: string) => `${Number(value).toFixed(1)}%`,
   },
   {
@@ -54,7 +54,7 @@ const Dashboard = () => {
 
   return (
     <div className="flex flex-col gap-4 lg:gap-6">
-      <div className="grid grid-cols-1 gap-3 sm:grid-cols-2 md:grid-cols-3 md:gap-6 lg:grid-cols-4">
+      <div className="grid grid-cols-2 gap-3 sm:grid-cols-2 md:grid-cols-3 md:gap-6 lg:grid-cols-4">
         {infoKeysDashboard.map((item) => {
           const value =
             dashboardInfo[
diff --git a/frontend/src/pages/dashboard/hooks/useDashboardLogic.tsx b/frontend/src/pages/dashboard/hooks/useDashboardLogic.tsx
deleted file mode 100644
index cf3ab20..0000000
--- a/frontend/src/pages/dashboard/hooks/useDashboardLogic.tsx
+++ /dev/null
@@ -1,25 +0,0 @@
-import { useEffect } from "react";
-import { useShallow } from "zustand/react/shallow";
-import { useDashboardStore } from "../store/useDashboardStore";
-
-export const useDashboardLogic = () => {
-  const { dashboardInfo, setStats, loadStats } = useDashboardStore(
-    useShallow((s) => ({
-      dashboardInfo: s.dashboardInfo,
-      setStats: s.setStats,
-      loadStats: s.loadStats,
-    })),
-  );
-
-  useEffect(() => {
-    loadStats();
-
-    return () => {
-      setStats(null);
-    };
-  }, [loadStats, setStats]);
-
-  return {
-    dashboardInfo,
-  };
-};
diff --git a/frontend/src/pages/dashboard/hooks/useWsLogic.tsx b/frontend/src/pages/dashboard/hooks/useWsLogic.tsx
deleted file mode 100644
index 9a27766..0000000
--- a/frontend/src/pages/dashboard/hooks/useWsLogic.tsx
+++ /dev/null
@@ -1,49 +0,0 @@
-import { useDashboardStore } from "@/pages/dashboard/store/useDashboardStore";
-import { useEffect } from "react";
-import { socketUrl } from "@/shared/api/baseApi";
-import useWebSocket from "react-use-websocket";
-import { useServiceTableStore } from "@/pages/service/store/useServiceTableStore";
-import { useShallow } from "zustand/react/shallow";
-
-export const useWsLogic = () => {
-  const { setStats } = useDashboardStore();
-  const {
-    deleteServiceInData,
-    setUpdateService,
-    setUpdateAllServices,
-    addServiceInData,
-  } = useServiceTableStore(
-    useShallow((s) => ({
-      deleteServiceInData: s.deleteServiceInData,
-      setUpdateService: s.setUpdateService,
-      setUpdateAllServices: s.setUpdateAllServices,
-      addServiceInData: s.addServiceInData,
-    })),
-  );
-
-  const { lastMessage } = useWebSocket(socketUrl, {
-    shouldReconnect: () => true,
-  });
-
-  useEffect(() => {
-    if (!lastMessage) return;
-    const data = JSON.parse(lastMessage.data);
-    switch (data.type) {
-      case "stats_update":
-        setStats(data.data);
-        break;
-      case "service_deleted":
-        deleteServiceInData(data.data.id);
-        break;
-      case "service_updated":
-        setUpdateService(data.data);
-        break;
-      case "service_created":
-        addServiceInData(data.data);
-        break;
-      case "service_updated_state":
-        setUpdateAllServices(data.data);
-        break;
-    }
-  }, [lastMessage]);
-};
diff --git a/frontend/src/pages/dashboard/incidents-stats.tsx b/frontend/src/pages/dashboard/incidentStats.tsx
similarity index 98%
rename from frontend/src/pages/dashboard/incidents-stats.tsx
rename to frontend/src/pages/dashboard/incidentStats.tsx
index 22242a0..a3e0c7c 100644
--- a/frontend/src/pages/dashboard/incidents-stats.tsx
+++ b/frontend/src/pages/dashboard/incidentStats.tsx
@@ -17,7 +17,7 @@ import {
   SelectTrigger,
   SelectValue,
 } from "@/shared/components/ui/select";
-import { getIncidents } from "@/shared/api/incidents/incidents";
+import { getIncidents } from "@/shared/api/gen/incidents/incidents";
 import { useEffect, useMemo } from "react";
 import { toast } from "sonner";
 
@@ -90,8 +90,8 @@ export function ChartIncidentsStats() {
 
     getIncidents()
       .getIncidentsStats({
-        start_time: startTime.toISOString(),
-        end_time: endTime.toISOString(),
+        started_at: startTime.toISOString(),
+        resolved_at: endTime.toISOString(),
       })
       .then((response) => {
         const formattedData = response.map((item) => ({
@@ -138,7 +138,7 @@ export function ChartIncidentsStats() {
 
   return (
     <Card className="pt-0">
-      <CardHeader className="flex flex-col gap-2 space-y-0 border-b py-6 md:flex-row md:items-center md:py-0">
+      <CardHeader className="flex flex-col gap-2 space-y-0 border-b py-6 md:flex-row md:items-center">
         <div className="grid flex-1 gap-1">
           <CardTitle>Incidents stats</CardTitle>
           <CardDescription>
diff --git a/frontend/src/pages/dashboard/store/useDashboardStore.ts b/frontend/src/pages/dashboard/store/useDashboardStore.ts
deleted file mode 100644
index eda93c7..0000000
--- a/frontend/src/pages/dashboard/store/useDashboardStore.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-import { create } from "zustand";
-import {
-  type GetDashboardStatsResult,
-  getDashboard,
-} from "@/shared/api/dashboard/dashboard";
-
-interface DashboardStore {
-  dashboardInfo: GetDashboardStatsResult | null;
-  setStats: (dashboardInfo: GetDashboardStatsResult | null) => void;
-
-  loadStats: () => Promise<void>;
-}
-
-const initialState = {
-  dashboardInfo: null,
-};
-
-export const useDashboardStore = create<DashboardStore>((set) => ({
-  ...initialState,
-  setStats: (dashboardInfo) => set({ dashboardInfo }),
-  loadStats: async () => {
-    const response = await getDashboard().getDashboardStats();
-    set({ dashboardInfo: response });
-  },
-}));
diff --git a/frontend/src/pages/dashboard/store/useServerStore.ts b/frontend/src/pages/dashboard/store/useServerStore.ts
deleted file mode 100644
index a2e1d96..0000000
--- a/frontend/src/pages/dashboard/store/useServerStore.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-import { create } from "zustand";
-import type { WebServerInfoResponse } from "@/shared/types/model";
-import { getServer } from "@/shared/api/server/server";
-import { toast } from "sonner";
-
-interface ServerStore {
-  serverInfo: WebServerInfoResponse | null;
-  isLoading: boolean;
-  isUpdateAvailable: boolean;
-  isUpdating: boolean;
-
-  loadInfo: () => Promise<void>;
-  doUpgrade: () => Promise<void>;
-}
-
-const initialState = {
-  serverInfo: null,
-  isLoading: false,
-  isUpdateAvailable: false,
-  isUpdating: false,
-};
-
-export const useServerStore = create<ServerStore>((set, get) => {
-  const store = {
-    ...initialState,
-    loadInfo: async () => {
-      try {
-        set({ isLoading: true });
-        const info = await getServer().getServerInfo();
-        set({
-          serverInfo: info,
-          isLoading: false,
-          isUpdateAvailable: info.available_update !== undefined,
-        });
-      } catch (error) {
-        set({
-          isLoading: false,
-        });
-
-        toast.error(error instanceof Error ? error.message : "Unknown error");
-      }
-    },
-    doUpgrade: async () => {
-      const { isUpdating, isUpdateAvailable } = get();
-
-      if (isUpdating) {
-        return;
-      }
-
-      if (!isUpdateAvailable) {
-        toast.info("No updates available");
-        return;
-      }
-
-      const toastID = toast.loading("Upgrading server...");
-
-      try {
-        set({ isUpdating: true });
-        await getServer().getServerUpgrade();
-
-        const interval = setInterval(() => {
-          getServer()
-            .getServerHealth()
-            .then((health) => {
-              if (health.status === "healthy") {
-                toast.dismiss(toastID);
-
-                set({ isUpdating: false, isUpdateAvailable: false });
-                clearInterval(interval);
-                toast.success("Server upgraded successfully!", {
-                  description: "The page will refresh in 2 seconds.",
-                  closeButton: true,
-                  duration: Infinity,
-                });
-                setTimeout(() => {
-                  window.location.reload();
-                }, 2000);
-              } else {
-                toast.info("Server is still upgrading, please wait...");
-              }
-            })
-            .catch(() => {
-              // Ignore errors, will retry
-            });
-        }, 1000);
-      } catch (error) {
-        toast.dismiss(toastID);
-        set({ isUpdating: false });
-        toast.error("Failed to upgrade server", {
-          description: error instanceof Error ? error.message : "Unknown error",
-          closeButton: true,
-          duration: Infinity,
-        });
-      }
-    },
-  };
-
-  store.loadInfo();
-
-  return store;
-});
diff --git a/frontend/src/pages/error/index.tsx b/frontend/src/pages/error/index.tsx
new file mode 100644
index 0000000..5ae132d
--- /dev/null
+++ b/frontend/src/pages/error/index.tsx
@@ -0,0 +1,53 @@
+import { Button } from "@/shared/components/ui";
+import { ConnectError } from "@connectrpc/connect";
+import React from "react";
+
+export type ErrorData = {
+  status: number;
+  message: string;
+  details?: string;
+};
+
+interface PageErrorProps {
+  error: Error | ConnectError | ErrorData;
+  onReload?: () => void;
+}
+
+export const AppError: React.FC<PageErrorProps> = ({ error, onReload }) => {
+  let errorData: ErrorData = {
+    status: 500,
+    message: "Unknown error",
+    details: undefined,
+  };
+
+  if (error instanceof ConnectError) {
+    errorData.status = error.code;
+    errorData.message = error.rawMessage || error.message || "Unknown error";
+    errorData.details = error.details?.join(", ") || undefined;
+  } else if (error instanceof Error) {
+    errorData.message = error.message;
+    errorData.details = error.stack;
+  } else if (typeof error === "object" && error !== null) {
+    errorData = { ...errorData, ...error };
+  }
+
+  return (
+    <div className="flex min-h-screen flex-col items-center justify-center gap-4 py-10 text-center">
+      <div className="text-4xl font-bold">{errorData.status}</div>
+      <div className="text-2xl font-semibold">Something went wrong</div>
+      <div className="text-muted-foreground max-w-md text-sm break-words">
+        {errorData.message}
+        {errorData.details && (
+          <div className="mt-2 text-xs opacity-75">{errorData.details}</div>
+        )}
+      </div>
+      <div className="flex gap-2">
+        <Button onClick={onReload || (() => window.location.reload())}>
+          Reload page
+        </Button>
+      </div>
+    </div>
+  );
+};
+
+export default AppError;
diff --git a/frontend/src/pages/projects/create.tsx b/frontend/src/pages/projects/create.tsx
new file mode 100644
index 0000000..831b26b
--- /dev/null
+++ b/frontend/src/pages/projects/create.tsx
@@ -0,0 +1,96 @@
+import { Button } from "@/shared/components/ui/button";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from "@/shared/components/ui/card";
+import { Field, FieldGroup, FieldLabel } from "@/shared/components/ui/field";
+import { Input } from "@/shared/components/ui/input";
+import { toast } from "sonner";
+import { useState } from "react";
+import { Spinner } from "@/shared/components/ui/spinner";
+import { useProjectStore } from "@/app/stores/projects";
+import Logo from "@/shared/components/logo";
+
+export function ProjectCreate({ ...props }: React.ComponentProps<"div">) {
+  const [name, setName] = useState("");
+  const [description, setDescription] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+
+  const projectsStore = useProjectStore();
+
+  const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+
+    if (!name) {
+      toast.error("Please fill in all required fields");
+      return;
+    }
+
+    try {
+      setIsLoading(true);
+      await projectsStore.createProject(name, description);
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <div
+      className="flex min-h-svh w-full items-center justify-center p-6 md:p-10"
+      {...props}
+    >
+      <div className="w-full max-w-sm">
+        <div className="flex flex-col gap-6">
+          <Logo className="h-7 w-auto" />
+          <Card>
+            <CardHeader>
+              <CardTitle>Create your first project</CardTitle>
+              <CardDescription>
+                Enter your project details below to get started
+              </CardDescription>
+            </CardHeader>
+            <CardContent>
+              <form onSubmit={handleSubmit}>
+                <FieldGroup>
+                  <Field>
+                    <FieldLabel htmlFor="name" required>
+                      Name
+                    </FieldLabel>
+                    <Input
+                      id="name"
+                      type="text"
+                      placeholder="Name"
+                      required
+                      value={name}
+                      onChange={(e) => setName(e.target.value)}
+                    />
+                  </Field>
+                  <Field>
+                    <FieldLabel htmlFor="description">Description</FieldLabel>
+                    <Input
+                      id="description"
+                      type="text"
+                      placeholder="Description"
+                      value={description}
+                      onChange={(e) => setDescription(e.target.value)}
+                    />
+                  </Field>
+                  <Field>
+                    <Button type="submit">
+                      {isLoading ? <Spinner /> : "Create Project"}
+                    </Button>
+                  </Field>
+                </FieldGroup>
+              </form>
+            </CardContent>
+          </Card>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default ProjectCreate;
diff --git a/frontend/src/pages/projects/index.ts b/frontend/src/pages/projects/index.ts
new file mode 100644
index 0000000..c626200
--- /dev/null
+++ b/frontend/src/pages/projects/index.ts
@@ -0,0 +1 @@
+export * from "./create";
diff --git a/frontend/src/pages/public/initSystem.tsx b/frontend/src/pages/public/initSystem.tsx
new file mode 100644
index 0000000..9cd79eb
--- /dev/null
+++ b/frontend/src/pages/public/initSystem.tsx
@@ -0,0 +1,97 @@
+import { cn } from "@/shared/lib/utils";
+import { Button } from "@/shared/components/ui/button";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from "@/shared/components/ui/card";
+import { Field, FieldGroup, FieldLabel } from "@/shared/components/ui/field";
+import { Input } from "@/shared/components/ui/input";
+import { toast } from "sonner";
+import { useState } from "react";
+import { useAuthStore } from "@/app/stores/auth";
+import { Spinner } from "@/shared/components/ui/spinner";
+import { useNavigate } from "@tanstack/react-router";
+import Logo from "@/shared/components/logo";
+import { useSystemStore } from "@/app/stores/system";
+
+export function InitSystemPage({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+  const authorization = useAuthStore((s) => s.authorization);
+  const systemStore = useSystemStore();
+  const navigate = useNavigate();
+
+  const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+
+    if (!email || !password) {
+      toast.error("Please fill in all fields");
+      return;
+    }
+
+    try {
+      setIsLoading(true);
+      await systemStore.initializeSystem(email, password);
+      await authorization(email, password);
+      navigate({ to: "/" });
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <div className={cn("flex flex-col gap-6", className)} {...props}>
+      <Logo className="h-7 w-auto" />
+      <Card>
+        <CardHeader>
+          <CardTitle>Initialize system</CardTitle>
+          <CardDescription>
+            Enter your email below to initialize the system.
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form onSubmit={handleSubmit}>
+            <FieldGroup>
+              <Field>
+                <FieldLabel htmlFor="email">Email</FieldLabel>
+                <Input
+                  id="email"
+                  type="email"
+                  placeholder="email@example.com"
+                  required
+                  value={email}
+                  onChange={(e) => setEmail(e.target.value)}
+                />
+              </Field>
+              <Field>
+                <div className="flex items-center">
+                  <FieldLabel htmlFor="password">Password</FieldLabel>
+                </div>
+                <Input
+                  id="password"
+                  type="password"
+                  placeholder="Password"
+                  required
+                  value={password}
+                  onChange={(e) => setPassword(e.target.value)}
+                />
+              </Field>
+              <Field>
+                <Button type="submit">
+                  {isLoading ? <Spinner /> : "Initialize System"}
+                </Button>
+              </Field>
+            </FieldGroup>
+          </form>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}
diff --git a/frontend/src/pages/public/loginPage.tsx b/frontend/src/pages/public/loginPage.tsx
new file mode 100644
index 0000000..6f0f73d
--- /dev/null
+++ b/frontend/src/pages/public/loginPage.tsx
@@ -0,0 +1,97 @@
+import { cn } from "@/shared/lib/utils";
+import { Button } from "@/shared/components/ui/button";
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from "@/shared/components/ui/card";
+import { Field, FieldGroup, FieldLabel } from "@/shared/components/ui/field";
+import { Input } from "@/shared/components/ui/input";
+import { toast } from "sonner";
+import { useState } from "react";
+import { useAuthStore } from "@/app/stores/auth";
+import { Spinner } from "@/shared/components/ui/spinner";
+import { useNavigate } from "@tanstack/react-router";
+import Logo from "@/shared/components/logo";
+
+export function LoginPage({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+  const authorization = useAuthStore((s) => s.authorization);
+  const navigate = useNavigate();
+
+  const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+    e.stopPropagation();
+
+    if (!email || !password) {
+      toast.error("Please fill in all fields");
+      return;
+    }
+
+    try {
+      setIsLoading(true);
+      await authorization(email, password);
+      navigate({ to: "/" });
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <div className={cn("flex flex-col gap-6", className)} {...props}>
+      <Logo className="h-7 w-auto" />
+      <Card>
+        <CardHeader>
+          <CardTitle>Login to your account</CardTitle>
+          <CardDescription>
+            Enter your credentials to login to your account
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          <form id="login-form" onSubmit={handleSubmit}>
+            <FieldGroup>
+              <Field>
+                <FieldLabel htmlFor="email">Email</FieldLabel>
+                <Input
+                  id="email"
+                  type="email"
+                  name="email"
+                  placeholder="email@example.com"
+                  required
+                  value={email}
+                  onChange={(e) => setEmail(e.target.value)}
+                />
+              </Field>
+              <Field>
+                <FieldLabel htmlFor="password">Password</FieldLabel>
+                <Input
+                  id="password"
+                  type="password"
+                  name="password"
+                  placeholder="Password"
+                  required
+                  value={password}
+                  onChange={(e) => setPassword(e.target.value)}
+                />
+              </Field>
+            </FieldGroup>
+          </form>
+          <Button
+            form="login-form"
+            className="mt-8 w-full"
+            disabled={isLoading}
+          >
+            {isLoading ? <Spinner /> : "Login"}
+          </Button>
+        </CardContent>
+      </Card>
+    </div>
+  );
+}
diff --git a/frontend/src/pages/service/components/incidentsList.tsx b/frontend/src/pages/service/components/incidentsList.tsx
index 32a25ab..fc9179f 100644
--- a/frontend/src/pages/service/components/incidentsList.tsx
+++ b/frontend/src/pages/service/components/incidentsList.tsx
@@ -17,17 +17,17 @@ import { ExpandableText } from "@/shared/components/expandableText";
 import { formatDuration } from "@/shared/utils";
 import PaginationTable from "@/shared/components/paginationTable";
 import type {
-  DbutilsFindResponseWithCountStorageIncident,
+  StorecmnFindResponseWithCountModelsIncident,
   GetServicesIdIncidentsParams,
-  StorageIncident,
+  ModelsIncident,
 } from "@/shared/types/model";
 
 interface IncidentsListProps {
-  incidentsData: DbutilsFindResponseWithCountStorageIncident;
+  incidentsData: StorecmnFindResponseWithCountModelsIncident;
   incidentsCount: number | null;
   filters: GetServicesIdIncidentsParams;
   setFilters: (filters: Partial<GetServicesIdIncidentsParams>) => void;
-  setDeleteIncident: (incident: StorageIncident) => void;
+  setDeleteIncident: (incident: ModelsIncident) => void;
 }
 
 export const IncidentsList = ({
@@ -71,7 +71,7 @@ export const IncidentsList = ({
           </div>
         ) : (
           <div className="space-y-3">
-            {incidentsData?.items?.map((incident: StorageIncident) => (
+            {incidentsData?.items?.map((incident: ModelsIncident) => (
               <div
                 key={incident.id}
                 className="bg-card flex items-center gap-4 rounded-lg border p-4 transition-shadow hover:shadow-sm"
@@ -84,7 +84,7 @@ export const IncidentsList = ({
                         <div
                           className={cn(
                             "h-2.5 w-2.5 rounded-full",
-                            incident.resolved
+                            incident.resolved_at
                               ? "bg-emerald-400"
                               : "bg-rose-400",
                           )}
@@ -92,7 +92,7 @@ export const IncidentsList = ({
                       </TooltipTrigger>
                       <TooltipContent>
                         <p>
-                          {incident.resolved
+                          {incident.resolved_at
                             ? "Incident resolved"
                             : "Active incident"}
                         </p>
@@ -143,14 +143,10 @@ export const IncidentsList = ({
                     </TooltipProvider>
 
                     <Badge
-                      variant={incident.resolved ? "default" : "destructive"}
-                      className={cn(
-                        "text-xs font-medium",
-                        incident.resolved && "bg-emerald-100 text-emerald-600",
-                        !incident.resolved && "bg-rose-100 text-rose-600",
-                      )}
+                      variant={incident.resolved_at ? "success" : "error"}
+                      className="text-xs font-medium"
                     >
-                      {incident.resolved ? "Resolved" : "Active"}
+                      {incident.resolved_at ? "Resolved" : "Active"}
                     </Badge>
                   </div>
 
@@ -165,22 +161,22 @@ export const IncidentsList = ({
                     <div>
                       <span className="font-medium">Started:</span>{" "}
                       {new Date(
-                        incident?.start_time ?? "",
+                        incident?.started_at ?? "",
                       ).toLocaleDateString()}{" "}
                       at{" "}
                       {new Date(
-                        incident?.start_time ?? "",
+                        incident?.started_at ?? "",
                       ).toLocaleTimeString()}
                     </div>
-                    {incident?.end_time && (
+                    {incident?.resolved_at && (
                       <div>
                         <span className="font-medium">Ended:</span>{" "}
                         {new Date(
-                          incident?.end_time ?? "",
+                          incident?.resolved_at ?? "",
                         ).toLocaleDateString()}{" "}
                         at{" "}
                         {new Date(
-                          incident?.end_time ?? "",
+                          incident?.resolved_at ?? "",
                         ).toLocaleTimeString()}
                       </div>
                     )}
diff --git a/frontend/src/pages/service/components/serviceOverview.tsx b/frontend/src/pages/service/components/serviceOverview.tsx
index a4c1581..776669d 100644
--- a/frontend/src/pages/service/components/serviceOverview.tsx
+++ b/frontend/src/pages/service/components/serviceOverview.tsx
@@ -23,7 +23,6 @@ import type { WebServiceDTO } from "@/shared/types/model";
 interface ServiceOverviewProps {
   serviceDetailData: WebServiceDTO;
   onCheckService: (serviceId: string) => void;
-  setResolveIncident: (value: boolean) => void;
 }
 
 export const ServiceOverview = ({
@@ -41,11 +40,11 @@ export const ServiceOverview = ({
               className={cn(
                 "text-xs font-semibold md:text-sm",
                 serviceDetailData?.status === "up" &&
-                  "bg-emerald-100 text-emerald-600",
+                  "bg-emerald-100 text-emerald-600 dark:bg-emerald-600 dark:text-emerald-100",
                 serviceDetailData?.status === "down" &&
-                  "bg-rose-100 text-rose-600",
+                  "bg-rose-100 text-rose-600 dark:bg-rose-600 dark:text-rose-100",
                 serviceDetailData?.status === "unknown" &&
-                  "bg-yellow-100 text-yellow-600",
+                  "bg-yellow-100 text-yellow-600 dark:bg-yellow-600 dark:text-yellow-100",
               )}
             >
               {serviceDetailData?.status?.toLocaleUpperCase() ?? ""}
@@ -104,6 +103,7 @@ export const ServiceOverview = ({
 
             <Button
               size="sm"
+              variant="secondary"
               className={cn("ml-auto", isMobile && "w-full")}
               disabled={!serviceDetailData?.is_enabled}
               onClick={() => onCheckService(serviceDetailData?.id ?? "")}
diff --git a/frontend/src/pages/service/components/serviceStats.tsx b/frontend/src/pages/service/components/serviceStats.tsx
index 0a9f295..3424c49 100644
--- a/frontend/src/pages/service/components/serviceStats.tsx
+++ b/frontend/src/pages/service/components/serviceStats.tsx
@@ -1,9 +1,12 @@
 import { InfoCardStats } from "@/entities/infoStatsCard/infoCardStats";
-import type { WebServiceDTO, StorageServiceStats } from "@/shared/types/model";
+import type {
+  WebServiceDTO,
+  ServiceStats as ModelServiceStats,
+} from "@/shared/types/model";
 
 interface ServiceStatsProps {
   serviceDetailData: WebServiceDTO;
-  serviceStatsData: StorageServiceStats;
+  serviceStatsData: ModelServiceStats;
 }
 
 export const ServiceStats = ({
@@ -22,14 +25,14 @@ export const ServiceStats = ({
       description: "Total Checks",
     },
     {
-      value: `${((serviceStatsData?.avg_response_time ?? 0) / 1000000).toFixed(1)} ms`,
+      value: `${(serviceStatsData?.avg_response_time ?? 0).toFixed(1)} ms`,
       key: "avg_response_time",
       description: "Avg Response Time",
     },
     {
       value: `${(serviceStatsData?.uptime_percentage ?? 0).toFixed(1)}%`,
       key: "uptime",
-      description: "Uptime",
+      description: "Uptime (last 30 days)",
     },
     {
       value: serviceDetailData?.consecutive_success,
@@ -44,7 +47,7 @@ export const ServiceStats = ({
   ];
 
   return (
-    <div className="grid grid-cols-1 gap-4 md:grid-cols-3">
+    <div className="grid grid-cols-2 gap-4 md:grid-cols-3 md:gap-6">
       {cardStats.map((stat) => (
         <InfoCardStats
           key={stat.key}
diff --git a/frontend/src/pages/service/hooks/useCreateFromService.ts b/frontend/src/pages/service/hooks/useCreateFromService.ts
index 5d39eda..15b2844 100644
--- a/frontend/src/pages/service/hooks/useCreateFromService.ts
+++ b/frontend/src/pages/service/hooks/useCreateFromService.ts
@@ -1,6 +1,6 @@
 import { useMemo } from "react";
 import { useServiceTableStore } from "../store/useServiceTableStore";
-import { getServices } from "@/shared/api/services/services";
+import { getServices } from "@/shared/api/gen/services/services";
 import { toast } from "sonner";
 import type { WebCreateUpdateServiceRequest } from "@/shared/types/model";
 
diff --git a/frontend/src/pages/service/hooks/useServiceCreate.ts b/frontend/src/pages/service/hooks/useServiceCreate.ts
index dd1ac76..dbf00f9 100644
--- a/frontend/src/pages/service/hooks/useServiceCreate.ts
+++ b/frontend/src/pages/service/hooks/useServiceCreate.ts
@@ -1,54 +1,53 @@
 import { useState } from "react";
 import { toast } from "sonner";
 import type { WebCreateUpdateServiceRequest } from "@/shared/types/model";
-import { getServices } from "@/shared/api/services/services";
+import { getServices } from "@/shared/api/gen/services/services";
+
+// Create initial values
+const initialValues: WebCreateUpdateServiceRequest = {
+  name: "",
+  protocol: "http",
+  interval: 60000,
+  timeout: 10000,
+  retries: 5,
+  tags: [],
+  is_enabled: true,
+  config: {
+    http: {
+      condition: "",
+      endpoints: [
+        {
+          name: "",
+          url: "",
+          expected_status: 200,
+          method: "GET",
+          body: "",
+          headers: {},
+          json_path: "",
+          username: "",
+          password: "",
+        },
+      ],
+    },
+    tcp: {
+      endpoint: "",
+      expect_data: "",
+      send_data: "",
+    },
+    grpc: {
+      endpoint: "",
+      check_type: "health",
+      tls: true,
+      service_name: "",
+      insecure_tls: false,
+    },
+  },
+};
 
 export const useServiceCreate = () => {
   const [isOpenModal, setIsOpenModal] = useState(false);
   const { postServices } = getServices();
 
-  // Create initial values
-  const initialValues: WebCreateUpdateServiceRequest = {
-    name: "",
-    protocol: "http",
-    interval: 60000,
-    timeout: 10000,
-    retries: 5,
-    tags: [],
-    is_enabled: true,
-    config: {
-      http: {
-        condition: "",
-        timeout: 0,
-        endpoints: [
-          {
-            name: "",
-            url: "",
-            expected_status: 200,
-            method: "GET",
-            body: "",
-            headers: {},
-            json_path: "",
-            username: "",
-            password: "",
-          },
-        ],
-      },
-      tcp: {
-        endpoint: "",
-        expect_data: "",
-        send_data: "",
-      },
-      grpc: {
-        endpoint: "",
-        check_type: "health",
-        tls: true,
-        service_name: "",
-        insecure_tls: false,
-      },
-    },
-  };
-
   // Handle create service
   const onCreateService = async (values: WebCreateUpdateServiceRequest) => {
     return await postServices(values)
diff --git a/frontend/src/pages/service/hooks/useServiceDetail.ts b/frontend/src/pages/service/hooks/useServiceDetail.ts
index d5a452e..e3f123b 100644
--- a/frontend/src/pages/service/hooks/useServiceDetail.ts
+++ b/frontend/src/pages/service/hooks/useServiceDetail.ts
@@ -3,9 +3,9 @@ import { useEffect } from "react";
 import { toast } from "sonner";
 import { useServiceDetailStore } from "../store/useServiceDeteilStore";
 import useWebSocket from "react-use-websocket";
-import { getServices } from "@/shared/api/services/services";
-import { getIncidents } from "@/shared/api/incidents/incidents";
-import { getStatistics } from "@/shared/api/statistics/statistics";
+import { getServices } from "@/shared/api/gen/services/services";
+import { getIncidents } from "@/shared/api/gen/incidents/incidents";
+import { getStatistics } from "@/shared/api/gen/statistics/statistics";
 
 export const useServiceDetail = (serviceID: string) => {
   const {
@@ -13,7 +13,6 @@ export const useServiceDetail = (serviceID: string) => {
     serviceDetailData,
     incidentsData,
     serviceStatsData,
-    resolveIncident,
     filters,
     setDeleteIncident,
     setServiceDetailData,
@@ -21,16 +20,12 @@ export const useServiceDetail = (serviceID: string) => {
     setServiceStatsData,
     setFilters,
     setUpdateServiceStatsData,
-    setResolveIncident,
   } = useServiceDetailStore();
 
   const { postServicesIdCheck, getServicesId } = getServices();
   const { getServicesIdStats } = getStatistics();
-  const {
-    getServicesIdIncidents,
-    deleteServicesIdIncidentsIncidentId,
-    postServicesIdResolve,
-  } = getIncidents();
+  const { getServicesIdIncidents, deleteServicesIdIncidentsIncidentId } =
+    getIncidents();
 
   // Get service
   const getServiceDetail = async () => {
@@ -52,7 +47,7 @@ export const useServiceDetail = (serviceID: string) => {
     // });
   };
 
-  //Check service
+  // Check service
   const onCheckService = async (id: string) => {
     await postServicesIdCheck(id)
       .then(() => {
@@ -91,23 +86,6 @@ export const useServiceDetail = (serviceID: string) => {
       });
   };
 
-  // Resolve incident
-  const onResolveIncident = async () => {
-    await postServicesIdResolve(serviceID ?? "")
-      .then(() => {
-        getServiceDetail();
-        getAllIncidents();
-        getServiceStats();
-        toast.success("Incident resolved");
-      })
-      .catch((err) => {
-        toast.error(err.response.data.error);
-      })
-      .finally(() => {
-        setResolveIncident(false);
-      });
-  };
-
   // WebSocket connection to update service stats
   const { lastMessage } = useWebSocket(socketUrl, {
     shouldReconnect: () => true,
@@ -147,13 +125,10 @@ export const useServiceDetail = (serviceID: string) => {
     serviceDetailData,
     incidentsData,
     serviceStatsData,
-    resolveIncident,
     filters,
     onCheckService,
     onDeleteIncident,
-    onResolveIncident,
     setFilters,
     setDeleteIncident,
-    setResolveIncident,
   };
 };
diff --git a/frontend/src/pages/service/hooks/useServiceTable.tsx b/frontend/src/pages/service/hooks/useServiceTable.tsx
index 9c36121..56711c0 100644
--- a/frontend/src/pages/service/hooks/useServiceTable.tsx
+++ b/frontend/src/pages/service/hooks/useServiceTable.tsx
@@ -29,8 +29,8 @@ import {
 import { toast } from "sonner";
 import { useServiceTableStore } from "../store/useServiceTableStore";
 import { ActivityIndicatorSVG } from "@/entities/ActivityIndicatorSVG/ActivityIndicatorSVG";
-import { getServices } from "@/shared/api/services/services";
-import { getTags } from "@/shared/api/tags/tags";
+import { getServices } from "@/shared/api/gen/services/services";
+import { getTags } from "@/shared/api/gen/tags/tags";
 import type { WebServiceDTO } from "@/shared/types/model";
 
 export const useServiceTable = () => {
@@ -105,7 +105,7 @@ export const useServiceTable = () => {
         },
       },
       {
-        header: "Service ",
+        header: "Service",
         accessorKey: "service",
         cell: ({ row }) => {
           return (
@@ -128,10 +128,11 @@ export const useServiceTable = () => {
               className={cn(
                 "text-xs font-semibold",
                 row.original?.status === "up" &&
-                  "bg-emerald-100 text-emerald-600",
-                row.original?.status === "down" && "bg-rose-100 text-rose-600",
+                  "bg-emerald-100 text-emerald-600 dark:bg-emerald-600 dark:text-emerald-100",
+                row.original?.status === "down" &&
+                  "bg-rose-100 text-rose-600 dark:bg-rose-600 dark:text-rose-100",
                 row.original?.status === "unknown" &&
-                  "bg-yellow-100 text-yellow-600",
+                  "bg-yellow-100 text-yellow-600 dark:bg-yellow-600 dark:text-yellow-100",
               )}
             >
               {row.original?.status?.toUpperCase()}
diff --git a/frontend/src/pages/service/hooks/useServiceUpdate.ts b/frontend/src/pages/service/hooks/useServiceUpdate.ts
index 529bc1e..0fd8796 100644
--- a/frontend/src/pages/service/hooks/useServiceUpdate.ts
+++ b/frontend/src/pages/service/hooks/useServiceUpdate.ts
@@ -6,7 +6,7 @@ import type {
   WebCreateUpdateServiceRequest,
   WebServiceDTO,
 } from "@/shared/types/model";
-import { getServices } from "@/shared/api/services/services";
+import { getServices } from "@/shared/api/gen/services/services";
 
 export const useServiceUpdate = () => {
   const [serviceData, setServiceData] = useState<WebServiceDTO | null>(null);
diff --git a/frontend/src/pages/service/serviceCreate.tsx b/frontend/src/pages/service/serviceCreate.tsx
index 3ddf945..f0e9e88 100644
--- a/frontend/src/pages/service/serviceCreate.tsx
+++ b/frontend/src/pages/service/serviceCreate.tsx
@@ -39,7 +39,7 @@ const ServiceCreate = () => {
   return (
     <Dialog open={isOpenModal} onOpenChange={setIsOpenModal}>
       <DialogTrigger asChild>
-        <Button size="sm">
+        <Button size="sm" variant="outline">
           <PlusIcon />
           {isMobile ? "Add" : "Add Service"}
         </Button>
diff --git a/frontend/src/pages/service/serviceDetail.tsx b/frontend/src/pages/service/serviceDetail.tsx
index d6334b0..a8d6818 100644
--- a/frontend/src/pages/service/serviceDetail.tsx
+++ b/frontend/src/pages/service/serviceDetail.tsx
@@ -14,15 +14,12 @@ const ServiceDetail = ({ serviceID }: ServiceDetailProps) => {
     filters,
     incidentsData,
     deleteIncident,
-    resolveIncident,
     serviceDetailData,
     serviceStatsData,
     setFilters,
     onCheckService,
     setDeleteIncident,
     onDeleteIncident,
-    setResolveIncident,
-    onResolveIncident,
   } = useServiceDetail(serviceID);
 
   if (!serviceDetailData || !incidentsData || !serviceStatsData)
@@ -30,14 +27,6 @@ const ServiceDetail = ({ serviceID }: ServiceDetailProps) => {
 
   return (
     <>
-      <ConfirmDialog
-        open={resolveIncident}
-        setOpen={() => setResolveIncident(false)}
-        onSubmit={onResolveIncident}
-        title="Resolve Incident"
-        description="Are you sure you want to resolve this incident?"
-        type="default"
-      />
       <ConfirmDialog
         open={!!deleteIncident}
         setOpen={() => setDeleteIncident(null)}
@@ -51,7 +40,6 @@ const ServiceDetail = ({ serviceID }: ServiceDetailProps) => {
         <ServiceOverview
           serviceDetailData={serviceDetailData}
           onCheckService={onCheckService}
-          setResolveIncident={setResolveIncident}
         />
 
         <ServiceStats
diff --git a/frontend/src/pages/service/serviceTable.tsx b/frontend/src/pages/service/serviceTable.tsx
index 43d2ecf..5312a64 100644
--- a/frontend/src/pages/service/serviceTable.tsx
+++ b/frontend/src/pages/service/serviceTable.tsx
@@ -62,7 +62,7 @@ export const ServiceTable = ({ protocols }: ServiceTableProps) => {
               clear
             />
             <MultiSelect
-              className="lg:col-span-2"
+              className="dark:bg-input/30 lg:col-span-2"
               options={
                 allTags?.map((tag) => ({
                   label: `${tag} (${countAllTags?.[tag] ?? 0})`,
@@ -117,9 +117,9 @@ export const ServiceTable = ({ protocols }: ServiceTableProps) => {
           </div>
           <div className="border-border overflow-hidden rounded-xl border">
             <Table>
-              <TableHeader className="rounded-t-lg bg-gray-100">
+              <TableHeader>
                 {table.getHeaderGroups().map((headerGroup) => (
-                  <TableRow key={headerGroup.id}>
+                  <TableRow key={headerGroup.id} className="bg-muted/50">
                     {headerGroup.headers.map((header, idx) => {
                       return (
                         <TableHead
diff --git a/frontend/src/pages/service/store/useServiceDeteilStore.ts b/frontend/src/pages/service/store/useServiceDeteilStore.ts
index 4a33fc1..b2cf26e 100644
--- a/frontend/src/pages/service/store/useServiceDeteilStore.ts
+++ b/frontend/src/pages/service/store/useServiceDeteilStore.ts
@@ -1,36 +1,31 @@
 import type {
-  DbutilsFindResponseWithCountStorageIncident,
+  StorecmnFindResponseWithCountModelsIncident,
   GetServicesIdIncidentsParams,
-  StorageIncident,
+  ModelsIncident,
   WebServiceDTO,
-  StorageServiceStats,
+  ServiceStats,
 } from "@/shared/types/model";
 import { create } from "zustand";
 
 interface ServiceDetailStore {
-  deleteIncident: StorageIncident | null;
+  deleteIncident: ModelsIncident | null;
   serviceDetailData: WebServiceDTO | null;
-  resolveIncident: boolean;
-  incidentsData: DbutilsFindResponseWithCountStorageIncident | null;
+  incidentsData: StorecmnFindResponseWithCountModelsIncident | null;
   filters: GetServicesIdIncidentsParams;
-  serviceStatsData: StorageServiceStats | null;
+  serviceStatsData: ServiceStats | null;
   setFilters: (value: Partial<ServiceDetailStore["filters"]>) => void;
-  setDeleteIncident: (deleteIncident: StorageIncident | null) => void;
-  setResolveIncident: (resolveIncident: boolean) => void;
+  setDeleteIncident: (deleteIncident: ModelsIncident | null) => void;
   setServiceDetailData: (serviceDetailData: WebServiceDTO | null) => void;
   setIncidentsData: (
-    incidentsData: DbutilsFindResponseWithCountStorageIncident | null,
-  ) => void;
-  setServiceStatsData: (serviceStatsData: StorageServiceStats | null) => void;
-  setUpdateServiceStatsData: (
-    serviceStatsData: StorageServiceStats | null,
+    incidentsData: StorecmnFindResponseWithCountModelsIncident | null,
   ) => void;
+  setServiceStatsData: (serviceStatsData: ServiceStats | null) => void;
+  setUpdateServiceStatsData: (serviceStatsData: ServiceStats | null) => void;
 }
 
 const initialState = {
   deleteIncident: null,
   serviceDetailData: null,
-  resolveIncident: false,
   incidentsData: null,
 
   filters: {
@@ -45,7 +40,6 @@ export const useServiceDetailStore = create<ServiceDetailStore>((set) => ({
   setDeleteIncident: (deleteIncident) => set({ deleteIncident }),
   setFilters: (filters) =>
     set((state) => ({ filters: { ...state.filters, ...filters } })),
-  setResolveIncident: (resolveIncident) => set({ resolveIncident }),
   setServiceDetailData: (serviceDetailData) => set({ serviceDetailData }),
   setIncidentsData: (incidentsData) => set({ incidentsData }),
   setServiceStatsData: (serviceStatsData) => set({ serviceStatsData }),
diff --git a/frontend/src/pages/service/store/useServiceTableStore.ts b/frontend/src/pages/service/store/useServiceTableStore.ts
index ec45285..390293f 100644
--- a/frontend/src/pages/service/store/useServiceTableStore.ts
+++ b/frontend/src/pages/service/store/useServiceTableStore.ts
@@ -1,6 +1,9 @@
 import { create } from "zustand";
-import type { GetTagsCountResult, GetTagsResult } from "@/shared/api/tags/tags";
-import type { GetServicesResult } from "@/shared/api/services/services";
+import type {
+  GetTagsCountResult,
+  GetTagsResult,
+} from "@/shared/api/gen/tags/tags";
+import type { GetServicesResult } from "@/shared/api/gen/services/services";
 import type { WebServiceDTO } from "@/shared/types/model";
 
 interface ServiceTableStore {
diff --git a/frontend/src/pages/settings/general.tsx b/frontend/src/pages/settings/general.tsx
new file mode 100644
index 0000000..682e986
--- /dev/null
+++ b/frontend/src/pages/settings/general.tsx
@@ -0,0 +1,362 @@
+import {
+  projectDelete,
+  projectGet,
+  projectUpdate,
+} from "@/api/gen/sentinel/projects/v1/projects-ProjectsService_connectquery";
+import type { Project } from "@/api/gen/sentinel/projects/v1/projects_pb";
+import { useProjectStore } from "@/app/stores/projects";
+import { H4, P } from "@/shared/components/typography";
+import {
+  Card,
+  CardContent,
+  CardHeader,
+  CardTitle,
+  Separator,
+  Field,
+  FieldError,
+  FieldGroup,
+  FieldLabel,
+  Input,
+  Button,
+  Textarea,
+  AlertDialog,
+  AlertDialogHeader,
+  AlertDialogTitle,
+  AlertDialogDescription,
+  AlertDialogTrigger,
+  AlertDialogContent,
+  AlertDialogFooter,
+  AlertDialogCancel,
+} from "@/shared/components/ui";
+import {
+  Item,
+  ItemActions,
+  ItemContent,
+  ItemDescription,
+  ItemTitle,
+} from "@/shared/components/ui/item";
+import { Spinner } from "@/shared/components/ui/spinner";
+import { useMutation, useQuery } from "@connectrpc/connect-query";
+import { useForm } from "@tanstack/react-form";
+import { SaveIcon, TrashIcon } from "lucide-react";
+import { toast } from "sonner";
+import * as z from "zod";
+import { useShallow } from "zustand/react/shallow";
+
+const formSchema = z.object({
+  name: z.string().min(1, "Project name is required"),
+  description: z.union([z.string(), z.undefined()]),
+  settings: z.object({
+    monitorDefaults: z.object({
+      interval: z.bigint().min(BigInt(1), "Interval must be positive"),
+      timeout: z.bigint().min(BigInt(1), "Timeout must be positive"),
+      retries: z.bigint().min(BigInt(0), "Retries must be zero or positive"),
+    }),
+  }),
+});
+
+const formInitialValues = (project?: Project): z.infer<typeof formSchema> => ({
+  name: project?.name ?? "",
+  description: project?.description ?? "",
+  settings: {
+    monitorDefaults: {
+      interval: project?.settings?.monitorDefaults?.interval ?? BigInt(60000),
+      timeout: project?.settings?.monitorDefaults?.timeout ?? BigInt(10000),
+      retries: project?.settings?.monitorDefaults?.retries ?? BigInt(10),
+    },
+  },
+});
+
+const GeneralSettingsPage = () => {
+  const { selectedProjectId, selectProject, loadProjects } = useProjectStore(
+    useShallow((s) => ({
+      selectedProjectId: s.selectedProjectId,
+      loadProjects: s.loadProjects,
+      selectProject: s.selectProject,
+    })),
+  );
+
+  const q = useQuery(projectGet, { id: selectedProjectId! });
+
+  const updateMutation = useMutation(projectUpdate, {
+    onSuccess: () => {
+      toast.success("Project updated successfully");
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to update project");
+    },
+  });
+
+  const deleteMutation = useMutation(projectDelete, {
+    onSuccess: () => {
+      selectProject(undefined);
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to delete project");
+    },
+  });
+
+  const form = useForm({
+    defaultValues: formInitialValues(q.data?.item),
+    validators: {
+      onSubmit: formSchema,
+      onChange: formSchema,
+    },
+    onSubmit: async ({ formApi, value }) => {
+      // call the mutation to update the project
+      const data = await updateMutation.mutateAsync({
+        id: selectedProjectId!,
+        ...value,
+      });
+
+      // update form values to the latest returned from the server
+      formApi.reset(formInitialValues(data.item), { keepDefaultValues: true });
+
+      // reload projects in case name changed
+      loadProjects();
+    },
+  });
+
+  return (
+    <>
+      <H4>General</H4>
+      <P className="text-muted-foreground text-sm leading-relaxed">
+        On this page you can edit general settings for your account.
+      </P>
+      <Separator className="my-5" />
+      <Card>
+        <CardHeader>
+          <CardTitle>Project settings</CardTitle>
+        </CardHeader>
+        <CardContent>
+          <form
+            id="general-form"
+            onSubmit={(e) => {
+              e.preventDefault();
+              e.stopPropagation();
+              form.handleSubmit();
+            }}
+            className="space-y-8"
+          >
+            <FieldGroup>
+              <form.Field
+                name="name"
+                children={(field) => {
+                  const isInvalid =
+                    field.state.meta.isTouched && !field.state.meta.isValid;
+                  return (
+                    <Field data-invalid={isInvalid}>
+                      <FieldLabel htmlFor={field.name}>Name</FieldLabel>
+                      <Input
+                        id={field.name}
+                        name={field.name}
+                        value={field.state.value}
+                        onBlur={field.handleBlur}
+                        onChange={(e) => field.handleChange(e.target.value)}
+                        aria-invalid={isInvalid}
+                        placeholder="Name"
+                        autoComplete="off"
+                      />
+                      {isInvalid && (
+                        <FieldError errors={field.state.meta.errors} />
+                      )}
+                    </Field>
+                  );
+                }}
+              />
+
+              <form.Field
+                name="description"
+                children={(field) => {
+                  const isInvalid =
+                    field.state.meta.isTouched && !field.state.meta.isValid;
+                  return (
+                    <Field data-invalid={isInvalid}>
+                      <FieldLabel htmlFor={field.name}>Description</FieldLabel>
+                      <Textarea
+                        id={field.name}
+                        name={field.name}
+                        value={field.state.value}
+                        onBlur={field.handleBlur}
+                        onChange={(e) => field.handleChange(e.target.value)}
+                        aria-invalid={isInvalid}
+                        placeholder="Description"
+                        autoComplete="off"
+                        rows={4}
+                      />
+                      {isInvalid && (
+                        <FieldError errors={field.state.meta.errors} />
+                      )}
+                    </Field>
+                  );
+                }}
+              />
+              <div className="grid grid-cols-1 gap-4 md:grid-cols-3">
+                <form.Field
+                  name="settings.monitorDefaults.interval"
+                  children={(field) => {
+                    const isInvalid =
+                      field.state.meta.isTouched && !field.state.meta.isValid;
+                    return (
+                      <Field data-invalid={isInvalid}>
+                        <FieldLabel htmlFor={field.name}>
+                          Default Interval (ms)
+                        </FieldLabel>
+                        <Input
+                          id={field.name}
+                          name={field.name}
+                          type="number"
+                          value={field.state.value.toString()}
+                          onBlur={field.handleBlur}
+                          onChange={(e) =>
+                            field.handleChange(BigInt(e.target.value))
+                          }
+                          aria-invalid={isInvalid}
+                          placeholder="Default Interval"
+                          autoComplete="off"
+                        />
+                        {isInvalid && (
+                          <FieldError errors={field.state.meta.errors} />
+                        )}
+                      </Field>
+                    );
+                  }}
+                />
+                <form.Field
+                  name="settings.monitorDefaults.timeout"
+                  children={(field) => {
+                    const isInvalid =
+                      field.state.meta.isTouched && !field.state.meta.isValid;
+                    return (
+                      <Field data-invalid={isInvalid}>
+                        <FieldLabel htmlFor={field.name}>
+                          Default Timeout (ms)
+                        </FieldLabel>
+                        <Input
+                          id={field.name}
+                          name={field.name}
+                          type="number"
+                          value={field.state.value.toString()}
+                          onBlur={field.handleBlur}
+                          onChange={(e) =>
+                            field.handleChange(BigInt(e.target.value))
+                          }
+                          aria-invalid={isInvalid}
+                          placeholder="Default Timeout"
+                          autoComplete="off"
+                        />
+                        {isInvalid && (
+                          <FieldError errors={field.state.meta.errors} />
+                        )}
+                      </Field>
+                    );
+                  }}
+                />
+                <form.Field
+                  name="settings.monitorDefaults.retries"
+                  children={(field) => {
+                    const isInvalid =
+                      field.state.meta.isTouched && !field.state.meta.isValid;
+                    return (
+                      <Field data-invalid={isInvalid}>
+                        <FieldLabel htmlFor={field.name}>Retries</FieldLabel>
+                        <Input
+                          id={field.name}
+                          name={field.name}
+                          type="number"
+                          value={field.state.value.toString()}
+                          onBlur={field.handleBlur}
+                          onChange={(e) =>
+                            field.handleChange(BigInt(e.target.value))
+                          }
+                          aria-invalid={isInvalid}
+                          placeholder="Retries"
+                          autoComplete="off"
+                        />
+                        {isInvalid && (
+                          <FieldError errors={field.state.meta.errors} />
+                        )}
+                      </Field>
+                    );
+                  }}
+                />
+              </div>
+            </FieldGroup>
+            <form.Subscribe
+              selector={(state) => [
+                state.isValid,
+                state.isSubmitting,
+                state.isDefaultValue,
+              ]}
+              children={([isValid, isSubmitting, isDefaultValue]) => {
+                return (
+                  <Button
+                    disabled={!isValid || isDefaultValue}
+                    form="general-form"
+                  >
+                    {isSubmitting ? <Spinner /> : <SaveIcon />}
+                    Save settings
+                  </Button>
+                );
+              }}
+            />
+          </form>
+        </CardContent>
+      </Card>
+      <H4 className="mt-10">Danger zone</H4>
+      <P className="text-muted-foreground text-sm leading-relaxed">
+        Dangerous actions that can result in data loss or other serious
+        consequences.
+      </P>
+      <Item
+        variant="outline"
+        className="border-destructive bg-destructive/5 dark:bg-destructive/20 mt-4"
+      >
+        <ItemContent>
+          <ItemTitle>Delete this project</ItemTitle>
+          <ItemDescription>
+            Once you delete a project, there is no going back. Please be
+            certain.
+          </ItemDescription>
+        </ItemContent>
+        <ItemActions>
+          <AlertDialog>
+            <AlertDialogTrigger asChild>
+              <Button variant="destructive">Delete this project</Button>
+            </AlertDialogTrigger>
+
+            <AlertDialogContent>
+              <AlertDialogHeader>
+                <AlertDialogTitle>Are you sure?</AlertDialogTitle>
+                <AlertDialogDescription>
+                  Are you sure you want to delete{" "}
+                  <span className="font-extrabold text-zinc-950">
+                    {q.data?.item?.name}
+                  </span>{" "}
+                  project?
+                  <br />
+                  This action cannot be undone.
+                </AlertDialogDescription>
+              </AlertDialogHeader>
+              <AlertDialogFooter>
+                <AlertDialogCancel>Cancel</AlertDialogCancel>
+                <Button
+                  variant="destructive"
+                  onClick={() => {
+                    deleteMutation.mutate({ id: selectedProjectId });
+                  }}
+                >
+                  <TrashIcon />
+                  Yes, delete this project
+                </Button>
+              </AlertDialogFooter>
+            </AlertDialogContent>
+          </AlertDialog>
+        </ItemActions>
+      </Item>
+    </>
+  );
+};
+
+export default GeneralSettingsPage;
diff --git a/frontend/src/pages/settings/index.tsx b/frontend/src/pages/settings/index.tsx
deleted file mode 100644
index 44523f5..0000000
--- a/frontend/src/pages/settings/index.tsx
+++ /dev/null
@@ -1,9 +0,0 @@
-const Settings = () => {
-  return (
-    <div>
-      <h1>Settings</h1>
-    </div>
-  );
-};
-
-export default Settings;
diff --git a/frontend/src/pages/settings/layout.tsx b/frontend/src/pages/settings/layout.tsx
new file mode 100644
index 0000000..4e7c74f
--- /dev/null
+++ b/frontend/src/pages/settings/layout.tsx
@@ -0,0 +1,128 @@
+import {
+  Link,
+  Outlet,
+  linkOptions,
+  useLocation,
+  useNavigate,
+} from "@tanstack/react-router";
+import { BellIcon, OctagonAlertIcon, SettingsIcon } from "lucide-react";
+
+import {
+  Card,
+  CardContent,
+  CardHeader,
+  CardTitle,
+  CardDescription,
+} from "@/shared/components/ui/card";
+
+import {
+  Select,
+  SelectContent,
+  SelectItem,
+  SelectTrigger,
+  SelectValue,
+} from "@/shared/components/ui/select";
+import { Separator } from "@/shared/components/ui/separator";
+import { cn } from "@/shared/lib/utils";
+import { buttonVariants } from "@/shared/components/ui/button";
+
+const menuItems = [
+  linkOptions({
+    to: "/settings",
+    label: (
+      <>
+        <SettingsIcon size={16} /> General
+      </>
+    ),
+    activeOptions: { exact: true },
+  }),
+  linkOptions({
+    to: "/settings/notifications",
+    label: (
+      <>
+        <BellIcon size={16} /> Notifications
+      </>
+    ),
+  }),
+  linkOptions({
+    to: "/settings/notifications-history",
+    label: (
+      <>
+        <OctagonAlertIcon size={16} /> Notifications history
+      </>
+    ),
+  }),
+];
+
+const SettingsLayout = () => {
+  const navigate = useNavigate();
+  const { pathname } = useLocation();
+
+  // Determine the closest matching menu item for the current pathname
+  const selectedTo =
+    menuItems
+      .map((item) => item.to)
+      .sort((a, b) => b.length - a.length)
+      .find((to) => pathname === to || pathname.startsWith(to + "/")) ??
+    "/settings";
+
+  return (
+    <Card className="gap-3">
+      <CardHeader>
+        <CardTitle className="text-2xl">Settings</CardTitle>
+        <CardDescription>Manage application settings</CardDescription>
+        <Separator className="my-2 hidden md:block" />
+      </CardHeader>
+      <CardContent>
+        <div className="flex flex-col gap-3.5 md:flex-row md:gap-5 lg:gap-12">
+          <aside className="min-w-40 md:max-w-52">
+            {/* Mobile View */}
+            <div className="md:hidden">
+              <Select
+                onValueChange={(value) => navigate({ to: value })}
+                value={selectedTo}
+              >
+                <SelectTrigger className="my-3.5 w-full">
+                  <SelectValue placeholder="Select page" />
+                </SelectTrigger>
+                <SelectContent>
+                  {menuItems.map((item) => (
+                    <SelectItem key={item.to} value={item.to}>
+                      <span className="flex items-center gap-2 truncate">
+                        {item.label}
+                      </span>
+                    </SelectItem>
+                  ))}
+                </SelectContent>
+              </Select>
+              <Separator />
+            </div>
+
+            {/* Desktop View */}
+            <nav className="sticky top-22 hidden gap-1 md:grid">
+              {menuItems.map((option) => (
+                <Link
+                  key={option.to}
+                  {...option}
+                  className={cn(
+                    buttonVariants({ variant: "ghost" }),
+                    "flex items-center justify-start gap-3 truncate duration-50",
+                    "hover:bg-accent/50",
+                  )}
+                  activeProps={{ className: `bg-muted hover:bg-accent/70` }}
+                >
+                  {option.label}
+                </Link>
+              ))}
+            </nav>
+          </aside>
+          <div className="min-w-0 flex-1">
+            <Outlet />
+          </div>
+        </div>
+      </CardContent>
+    </Card>
+  );
+};
+
+export default SettingsLayout;
diff --git a/frontend/src/pages/settings/notification-history.tsx b/frontend/src/pages/settings/notification-history.tsx
new file mode 100644
index 0000000..05fee74
--- /dev/null
+++ b/frontend/src/pages/settings/notification-history.tsx
@@ -0,0 +1,166 @@
+import { notificationsClient } from "@/api/api";
+import {
+  historyDeleteAll,
+  historyList,
+} from "@/api/gen/sentinel/notifications/v1/notifications-NotificationService_connectquery";
+import { HistorySubscribeRequestSchema } from "@/api/gen/sentinel/notifications/v1/notifications_pb";
+import PaginationTable from "@/shared/components/paginationTable";
+import { H4, P } from "@/shared/components/typography";
+import { Badge, Button } from "@/shared/components/ui";
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from "@/shared/components/ui/popover";
+import { Separator } from "@/shared/components/ui/separator";
+import {
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+} from "@/shared/components/ui/table";
+import { create } from "@bufbuild/protobuf";
+import { timestampDate } from "@bufbuild/protobuf/wkt";
+import { useMutation, useQuery } from "@connectrpc/connect-query";
+import { useRef, useState } from "react";
+import { useSubscriptionRefetch } from "@/shared/hooks/useSubscriptionRefetch";
+import { toast } from "sonner";
+import { TrashIcon } from "lucide-react";
+
+const NotificationHistoryPage = () => {
+  const [filters, setFilters] = useState({ page: 1, pageSize: 10 });
+  const q = useQuery(historyList, {
+    common: { page: filters.page, pageSize: filters.pageSize },
+  });
+
+  const deleteAllMutation = useMutation(historyDeleteAll, {
+    onSuccess: () => {
+      toast.success("All notifications deleted successfully");
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to delete notifications");
+    },
+  });
+
+  // setup subscription to refetch on new events
+  const subRef = useRef<{ abort: () => void } | null>(null);
+  useSubscriptionRefetch({
+    refetch: q.refetch,
+    subscribe: (signal) =>
+      notificationsClient.historySubscribe(
+        create(HistorySubscribeRequestSchema),
+        { signal },
+      ),
+    debounceTimeout: 300,
+    onErrorFn: (error) => {
+      toast.error(`subscription error: ${error}`);
+    },
+    ref: subRef,
+  });
+
+  return (
+    <>
+      <H4 className="flex justify-between">
+        <span> Notification history</span>
+        <Button
+          size="sm"
+          variant="destructive"
+          onClick={() => {
+            deleteAllMutation.mutate({});
+          }}
+        >
+          <TrashIcon size={16} /> Delete all notifications
+        </Button>
+      </H4>
+      <P className="text-muted-foreground text-sm leading-relaxed">
+        On this page you can view the history of notifications sent by the
+        system.
+        <br />
+        Old notifications are automatically deleted after 30 days.
+      </P>
+      <Separator className="my-5" />
+      <div className="overflow-hidden rounded-md border">
+        <Table>
+          <TableHeader>
+            <TableRow className="bg-muted/50">
+              <TableHead className="w-[180px]">Message</TableHead>
+              <TableHead>Status</TableHead>
+              <TableHead>Attempts</TableHead>
+              <TableHead>Sent at</TableHead>
+              <TableHead>Created at</TableHead>
+            </TableRow>
+          </TableHeader>
+          <TableBody>
+            {q.data?.items.length === 0 ? (
+              <TableRow>
+                <TableCell colSpan={5} className="h-24 text-center">
+                  No notifications found.
+                </TableCell>
+              </TableRow>
+            ) : (
+              q.data?.items?.map((item) => (
+                <TableRow key={item.id}>
+                  <TableCell>
+                    <Popover>
+                      <PopoverTrigger>
+                        <span className="cursor-pointer truncate text-sm">
+                          {item.message.slice(0, 20) +
+                            (item.message.length > 20 ? "..." : "")}
+                        </span>
+                      </PopoverTrigger>
+                      <PopoverContent>
+                        <div className="text-sm break-words">
+                          {item.message.split("\n").map((line, i, arr) => (
+                            <span key={i}>
+                              {line}
+                              {i < arr.length - 1 ? <br /> : null}
+                            </span>
+                          ))}
+                        </div>
+                      </PopoverContent>
+                    </Popover>
+                  </TableCell>
+                  <TableCell>
+                    <Badge
+                      variant={item.status === "sent" ? "success" : "info"}
+                    >
+                      {item.status}
+                    </Badge>
+                  </TableCell>
+                  <TableCell>{item.attempts}</TableCell>
+                  <TableCell>
+                    {item.sentAt
+                      ? timestampDate(item.sentAt).toLocaleString()
+                      : null}
+                  </TableCell>
+                  <TableCell>
+                    {item.createdAt
+                      ? timestampDate(item.createdAt).toLocaleString()
+                      : null}
+                  </TableCell>
+                </TableRow>
+              ))
+            )}
+          </TableBody>
+        </Table>
+      </div>
+      <PaginationTable
+        selectedRows={filters.pageSize}
+        setSelectedRows={(value) =>
+          setFilters((prev) => ({ ...prev, pageSize: value }))
+        }
+        selectedPage={filters.page}
+        setSelectedPage={(value) =>
+          setFilters((prev) => ({ ...prev, page: value }))
+        }
+        totalPages={Math.ceil((q.data?.count ?? 0) / filters.pageSize)}
+        className="mt-4 px-0"
+      />
+    </>
+  );
+};
+
+export default NotificationHistoryPage;
diff --git a/frontend/src/pages/settings/notifications.tsx b/frontend/src/pages/settings/notifications.tsx
new file mode 100644
index 0000000..975c96b
--- /dev/null
+++ b/frontend/src/pages/settings/notifications.tsx
@@ -0,0 +1,456 @@
+// import { connectQueryClient } from "@/api/api";
+import {
+  providerCreate,
+  providerDelete,
+  providersList,
+  providerTest,
+  providerUpdate,
+} from "@/api/gen/sentinel/notifications/v1/notifications-NotificationService_connectquery";
+import {
+  ProviderType,
+  type Provider,
+  type ProviderConfig,
+  ProviderConfigSchema,
+  ShoutrrrConfigSchema,
+  ProviderCreateRequestSchema,
+  ProviderUpdateRequestSchema,
+} from "@/api/gen/sentinel/notifications/v1/notifications_pb";
+import { create } from "@bufbuild/protobuf";
+import { ConfirmDialog } from "@/entities/confirmDialog/confirmDialog";
+import { H4, P } from "@/shared/components/typography";
+import {
+  Badge,
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuGroup,
+  DropdownMenuItem,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  DialogClose,
+  DialogFooter,
+  Field,
+  FieldError,
+  FieldGroup,
+  FieldLabel,
+  Input,
+  Switch,
+} from "@/shared/components/ui";
+import { Button } from "@/shared/components/ui/button";
+import { Separator } from "@/shared/components/ui/separator";
+import {
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+} from "@/shared/components/ui/table";
+import { useMutation, useQuery } from "@connectrpc/connect-query";
+import { EllipsisIcon, PlusIcon } from "lucide-react";
+import { useForm } from "@tanstack/react-form";
+import { useCallback, useEffect, useState } from "react";
+import { toast } from "sonner";
+import * as z from "zod";
+
+const configByProviderType = (type: ProviderType, config?: ProviderConfig) => {
+  switch (type) {
+    case ProviderType.SHOUTRRR: {
+      // cut middle symbols for long urls
+      if (!config?.config?.value?.url) return null;
+      const url = config.config.value.url;
+      if (url.length > 30) {
+        return url.slice(0, 15) + "..." + url.slice(-15);
+      }
+      return url;
+    }
+    default:
+      return null;
+  }
+};
+
+const providerTypeName = (type: ProviderType): string => {
+  switch (type) {
+    case ProviderType.SHOUTRRR:
+      return "shoutrrr";
+    default:
+      return "unknown";
+  }
+};
+
+const formSchema = z.object({
+  url: z.string().min(1, "URL is required"),
+  isEnabled: z.boolean(),
+});
+
+const formInitialValues = (provider?: Provider): z.infer<typeof formSchema> => {
+  return {
+    url: provider?.config?.config?.value?.url || "",
+    isEnabled: provider?.isEnabled ?? true,
+  };
+};
+
+type UpsertProviderProps = {
+  open: boolean;
+  provider?: Provider;
+  onClose: () => void;
+  onSubmit: (data: z.infer<typeof formSchema>) => Promise<void>;
+};
+
+const UpsertProvider = ({
+  open,
+  provider,
+  onClose,
+  onSubmit,
+}: UpsertProviderProps) => {
+  const form = useForm({
+    defaultValues: formInitialValues(provider),
+    validators: {
+      onSubmit: formSchema,
+    },
+    onSubmit: ({ formApi, value }) => {
+      onSubmit(value).then(() => formApi.reset());
+    },
+  });
+
+  useEffect(() => {
+    if (open) {
+      form.reset(formInitialValues(provider));
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [open, provider?.id]);
+
+  return (
+    <Dialog open={open} onOpenChange={onClose}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>
+            {provider ? "Edit Provider" : "Add Provider"}
+          </DialogTitle>
+          <DialogDescription>
+            {provider
+              ? "Update the provider details and click on the Update button."
+              : "Fill out the form below to create a new provider."}
+          </DialogDescription>
+        </DialogHeader>
+        <form
+          id="upsert-provider-form"
+          onSubmit={(e) => {
+            e.preventDefault();
+            e.stopPropagation();
+            form.handleSubmit();
+          }}
+          className="space-y-8"
+        >
+          <FieldGroup>
+            <form.Field
+              name="url"
+              children={(field) => {
+                const isInvalid =
+                  field.state.meta.isTouched && !field.state.meta.isValid;
+                return (
+                  <Field data-invalid={isInvalid}>
+                    <FieldLabel htmlFor={field.name}>URL</FieldLabel>
+                    <Input
+                      id={field.name}
+                      name={field.name}
+                      value={field.state.value}
+                      onBlur={field.handleBlur}
+                      onChange={(e) => field.handleChange(e.target.value)}
+                      aria-invalid={isInvalid}
+                      placeholder="Provider URL"
+                      autoComplete="off"
+                    />
+                    {isInvalid && (
+                      <FieldError errors={field.state.meta.errors} />
+                    )}
+                  </Field>
+                );
+              }}
+            />
+
+            <form.Field
+              name="isEnabled"
+              children={(field) => (
+                <Field>
+                  <div className="flex flex-row items-center justify-between">
+                    <FieldLabel htmlFor={field.name}>Is enabled</FieldLabel>
+                    <Switch
+                      id={field.name}
+                      name={field.name}
+                      checked={field.state.value}
+                      onCheckedChange={(checked) =>
+                        field.handleChange(!!checked)
+                      }
+                    />
+                  </div>
+                </Field>
+              )}
+            />
+          </FieldGroup>
+        </form>
+        <DialogFooter className="mt-2">
+          <DialogClose asChild>
+            <Button variant="outline">Cancel</Button>
+          </DialogClose>
+          <Button disabled={!form.state.isValid} form="upsert-provider-form">
+            {provider ? "Update" : "Create"}
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+};
+
+const NotificationsPage = () => {
+  const [deleteProviderId, setDeleteProviderId] = useState<
+    string | undefined
+  >();
+  const [upsertProviderOpen, setUpsertProviderOpen] = useState(false);
+  const [provider, setProvider] = useState<Provider | undefined>();
+
+  const q = useQuery(providersList);
+
+  const createMutation = useMutation(providerCreate, {
+    onSuccess: () => {
+      toast.success("Provider created successfully");
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to create provider");
+    },
+  });
+
+  const updateMutation = useMutation(providerUpdate, {
+    onSuccess: () => {
+      toast.success("Provider updated successfully");
+      void q.refetch();
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to update provider");
+    },
+  });
+
+  const deleteMutation = useMutation(providerDelete, {
+    onSuccess: () => {
+      toast.success("Provider deleted successfully");
+      void q.refetch();
+      setDeleteProviderId(undefined);
+    },
+    onError: (error) => {
+      toast.error((error as Error).message || "Failed to delete provider");
+    },
+  });
+
+  const testMutation = useMutation(providerTest, {
+    onSuccess: () => {
+      toast.success("Test notification sent successfully");
+    },
+    onError: (error) => {
+      toast.error(
+        (error as Error).message || "Failed to send test notification",
+      );
+    },
+  });
+
+  const onCreateProvider = useCallback(
+    async (data: z.infer<typeof formSchema>) => {
+      const createRequest = create(ProviderCreateRequestSchema, {
+        type: ProviderType.SHOUTRRR,
+        config: create(ProviderConfigSchema, {
+          config: {
+            case: "shoutrrr",
+            value: create(ShoutrrrConfigSchema, { url: data.url }),
+          },
+        }),
+        isEnabled: data.isEnabled,
+      });
+      await createMutation.mutateAsync(createRequest);
+    },
+    [createMutation],
+  );
+
+  const onUpdateProvider = useCallback(
+    async (data: z.infer<typeof formSchema>) => {
+      if (!provider) return;
+
+      // Build full update request, preserving type and updating config oneof
+      await updateMutation.mutateAsync(
+        create(ProviderUpdateRequestSchema, {
+          id: provider.id,
+          type: provider.type,
+          config: create(ProviderConfigSchema, {
+            config: {
+              case: "shoutrrr",
+              value: create(ShoutrrrConfigSchema, { url: data.url }),
+            },
+          }),
+          isEnabled: data.isEnabled,
+        }),
+      );
+    },
+    [provider, updateMutation],
+  );
+
+  const onDeleteProvider = useCallback(async () => {
+    if (!deleteProviderId) return;
+    await deleteMutation.mutateAsync({ id: deleteProviderId });
+  }, [deleteMutation, deleteProviderId]);
+
+  const onToggleIsEnabledProvider = useCallback(
+    async (p: Provider) => {
+      await updateMutation.mutateAsync(
+        create(ProviderUpdateRequestSchema, {
+          id: p.id,
+          type: p.type,
+          config: p.config,
+          isEnabled: !p.isEnabled,
+        }),
+      );
+    },
+    [updateMutation],
+  );
+
+  const onTestProvider = useCallback(
+    async (provider: Provider) => {
+      await testMutation.mutateAsync({ id: provider.id });
+    },
+    [testMutation],
+  );
+
+  return (
+    <>
+      <ConfirmDialog
+        open={!!deleteProviderId}
+        setOpen={() => setDeleteProviderId(undefined)}
+        onSubmit={onDeleteProvider}
+        title="Delete a provider"
+        description="Are you sure you want to delete this provider?"
+        type="delete"
+      />
+      <UpsertProvider
+        open={upsertProviderOpen}
+        provider={provider}
+        onClose={() => {
+          setUpsertProviderOpen(false);
+          setProvider(undefined);
+        }}
+        onSubmit={async (data) => {
+          if (provider) {
+            onUpdateProvider(data);
+          } else {
+            onCreateProvider(data);
+          }
+          setUpsertProviderOpen(false);
+          setProvider(undefined);
+        }}
+      />
+      <H4 className="flex justify-between">
+        <span>Notifications</span>
+        <Button
+          size="sm"
+          variant="secondary"
+          onClick={() => {
+            setProvider(undefined);
+            setUpsertProviderOpen(true);
+          }}
+        >
+          <PlusIcon size={16} /> Add Provider
+        </Button>
+      </H4>
+      <P className="text-muted-foreground text-sm leading-relaxed">
+        Manage your notification providers here.
+        <br />
+        You can add, edit, or remove providers to receive alerts and updates.
+      </P>
+      <Separator className="my-5" />
+      <div className="overflow-hidden rounded-md border">
+        <Table>
+          <TableHeader>
+            <TableRow className="bg-muted/50">
+              <TableHead>Provider type</TableHead>
+              <TableHead>Is enabled</TableHead>
+              <TableHead>Config</TableHead>
+              <TableHead></TableHead>
+            </TableRow>
+          </TableHeader>
+          <TableBody>
+            {q.data?.items?.length === 0 ? (
+              <TableRow>
+                <TableCell colSpan={4} className="h-24 text-center">
+                  No providers found.
+                </TableCell>
+              </TableRow>
+            ) : (
+              q.data?.items?.map((item) => (
+                <TableRow key={item.id}>
+                  <TableCell>{providerTypeName(item.type)}</TableCell>
+                  <TableCell>
+                    <Badge variant={item.isEnabled ? "success" : "warning"}>
+                      {item.isEnabled ? "Enabled" : "Disabled"}
+                    </Badge>
+                  </TableCell>
+                  <TableCell>
+                    {configByProviderType(item.type, item.config)}
+                  </TableCell>
+                  <TableCell>
+                    <DropdownMenu>
+                      <DropdownMenuTrigger asChild>
+                        <div className="flex justify-end">
+                          <Button
+                            size="icon"
+                            variant="ghost"
+                            className="shadow-none"
+                            aria-label="Actions"
+                          >
+                            <EllipsisIcon size={16} aria-hidden="true" />
+                          </Button>
+                        </div>
+                      </DropdownMenuTrigger>
+                      <DropdownMenuContent align="end">
+                        <DropdownMenuItem onClick={() => onTestProvider(item)}>
+                          Test
+                        </DropdownMenuItem>
+                        <DropdownMenuSeparator />
+                        <DropdownMenuGroup>
+                          <DropdownMenuItem
+                            onClick={() => {
+                              setProvider(item);
+                              setUpsertProviderOpen(true);
+                            }}
+                          >
+                            Edit
+                          </DropdownMenuItem>
+                          <DropdownMenuItem
+                            onClick={() => onToggleIsEnabledProvider(item)}
+                          >
+                            {item.isEnabled ? "Disable" : "Enable"}
+                          </DropdownMenuItem>
+                        </DropdownMenuGroup>
+                        <DropdownMenuSeparator />
+                        <DropdownMenuItem
+                          className="text-destructive focus:text-destructive"
+                          onClick={() => {
+                            setDeleteProviderId(item?.id);
+                          }}
+                        >
+                          <span>Delete</span>
+                        </DropdownMenuItem>
+                      </DropdownMenuContent>
+                    </DropdownMenu>
+                  </TableCell>
+                </TableRow>
+              ))
+            )}
+          </TableBody>
+        </Table>
+      </div>
+    </>
+  );
+};
+
+export default NotificationsPage;
diff --git a/frontend/src/routeTree.gen.ts b/frontend/src/routeTree.gen.ts
index 635b060..2c126c4 100644
--- a/frontend/src/routeTree.gen.ts
+++ b/frontend/src/routeTree.gen.ts
@@ -9,86 +9,288 @@
 // Additionally, you should also exclude this file from your linter and/or formatter to prevent it from being checked or modified.
 
 import { Route as rootRouteImport } from './routes/__root'
-import { Route as IncidentsRouteImport } from './routes/incidents'
-import { Route as IndexRouteImport } from './routes/index'
-import { Route as ServiceService_idRouteImport } from './routes/service/$service_id'
+import { Route as PublicRouteImport } from './routes/_public'
+import { Route as AuthenticatedRouteImport } from './routes/_authenticated'
+import { Route as AuthenticatedIndexRouteImport } from './routes/_authenticated/index'
+import { Route as PublicLoginRouteImport } from './routes/_public/login'
+import { Route as PublicInitsystemRouteImport } from './routes/_public/initsystem'
+import { Route as AuthenticatedSettingsRouteImport } from './routes/_authenticated/settings'
+import { Route as AuthenticatedAgentsRouteImport } from './routes/_authenticated/agents'
+import { Route as AuthenticatedSettingsIndexRouteImport } from './routes/_authenticated/settings/index'
+import { Route as AuthenticatedSettingsNotificationsHistoryRouteImport } from './routes/_authenticated/settings/notifications-history'
+import { Route as AuthenticatedSettingsNotificationsRouteImport } from './routes/_authenticated/settings/notifications'
+import { Route as AuthenticatedServiceService_idRouteImport } from './routes/_authenticated/service/$service_id'
 
-const IncidentsRoute = IncidentsRouteImport.update({
-  id: '/incidents',
-  path: '/incidents',
+const PublicRoute = PublicRouteImport.update({
+  id: '/_public',
   getParentRoute: () => rootRouteImport,
 } as any)
-const IndexRoute = IndexRouteImport.update({
+const AuthenticatedRoute = AuthenticatedRouteImport.update({
+  id: '/_authenticated',
+  getParentRoute: () => rootRouteImport,
+} as any)
+const AuthenticatedIndexRoute = AuthenticatedIndexRouteImport.update({
   id: '/',
   path: '/',
-  getParentRoute: () => rootRouteImport,
+  getParentRoute: () => AuthenticatedRoute,
 } as any)
-const ServiceService_idRoute = ServiceService_idRouteImport.update({
-  id: '/service/$service_id',
-  path: '/service/$service_id',
-  getParentRoute: () => rootRouteImport,
+const PublicLoginRoute = PublicLoginRouteImport.update({
+  id: '/login',
+  path: '/login',
+  getParentRoute: () => PublicRoute,
+} as any)
+const PublicInitsystemRoute = PublicInitsystemRouteImport.update({
+  id: '/initsystem',
+  path: '/initsystem',
+  getParentRoute: () => PublicRoute,
 } as any)
+const AuthenticatedSettingsRoute = AuthenticatedSettingsRouteImport.update({
+  id: '/settings',
+  path: '/settings',
+  getParentRoute: () => AuthenticatedRoute,
+} as any)
+const AuthenticatedAgentsRoute = AuthenticatedAgentsRouteImport.update({
+  id: '/agents',
+  path: '/agents',
+  getParentRoute: () => AuthenticatedRoute,
+} as any)
+const AuthenticatedSettingsIndexRoute =
+  AuthenticatedSettingsIndexRouteImport.update({
+    id: '/',
+    path: '/',
+    getParentRoute: () => AuthenticatedSettingsRoute,
+  } as any)
+const AuthenticatedSettingsNotificationsHistoryRoute =
+  AuthenticatedSettingsNotificationsHistoryRouteImport.update({
+    id: '/notifications-history',
+    path: '/notifications-history',
+    getParentRoute: () => AuthenticatedSettingsRoute,
+  } as any)
+const AuthenticatedSettingsNotificationsRoute =
+  AuthenticatedSettingsNotificationsRouteImport.update({
+    id: '/notifications',
+    path: '/notifications',
+    getParentRoute: () => AuthenticatedSettingsRoute,
+  } as any)
+const AuthenticatedServiceService_idRoute =
+  AuthenticatedServiceService_idRouteImport.update({
+    id: '/service/$service_id',
+    path: '/service/$service_id',
+    getParentRoute: () => AuthenticatedRoute,
+  } as any)
 
 export interface FileRoutesByFullPath {
-  '/': typeof IndexRoute
-  '/incidents': typeof IncidentsRoute
-  '/service/$service_id': typeof ServiceService_idRoute
+  '/agents': typeof AuthenticatedAgentsRoute
+  '/settings': typeof AuthenticatedSettingsRouteWithChildren
+  '/initsystem': typeof PublicInitsystemRoute
+  '/login': typeof PublicLoginRoute
+  '/': typeof AuthenticatedIndexRoute
+  '/service/$service_id': typeof AuthenticatedServiceService_idRoute
+  '/settings/notifications': typeof AuthenticatedSettingsNotificationsRoute
+  '/settings/notifications-history': typeof AuthenticatedSettingsNotificationsHistoryRoute
+  '/settings/': typeof AuthenticatedSettingsIndexRoute
 }
 export interface FileRoutesByTo {
-  '/': typeof IndexRoute
-  '/incidents': typeof IncidentsRoute
-  '/service/$service_id': typeof ServiceService_idRoute
+  '/agents': typeof AuthenticatedAgentsRoute
+  '/initsystem': typeof PublicInitsystemRoute
+  '/login': typeof PublicLoginRoute
+  '/': typeof AuthenticatedIndexRoute
+  '/service/$service_id': typeof AuthenticatedServiceService_idRoute
+  '/settings/notifications': typeof AuthenticatedSettingsNotificationsRoute
+  '/settings/notifications-history': typeof AuthenticatedSettingsNotificationsHistoryRoute
+  '/settings': typeof AuthenticatedSettingsIndexRoute
 }
 export interface FileRoutesById {
   __root__: typeof rootRouteImport
-  '/': typeof IndexRoute
-  '/incidents': typeof IncidentsRoute
-  '/service/$service_id': typeof ServiceService_idRoute
+  '/_authenticated': typeof AuthenticatedRouteWithChildren
+  '/_public': typeof PublicRouteWithChildren
+  '/_authenticated/agents': typeof AuthenticatedAgentsRoute
+  '/_authenticated/settings': typeof AuthenticatedSettingsRouteWithChildren
+  '/_public/initsystem': typeof PublicInitsystemRoute
+  '/_public/login': typeof PublicLoginRoute
+  '/_authenticated/': typeof AuthenticatedIndexRoute
+  '/_authenticated/service/$service_id': typeof AuthenticatedServiceService_idRoute
+  '/_authenticated/settings/notifications': typeof AuthenticatedSettingsNotificationsRoute
+  '/_authenticated/settings/notifications-history': typeof AuthenticatedSettingsNotificationsHistoryRoute
+  '/_authenticated/settings/': typeof AuthenticatedSettingsIndexRoute
 }
 export interface FileRouteTypes {
   fileRoutesByFullPath: FileRoutesByFullPath
-  fullPaths: '/' | '/incidents' | '/service/$service_id'
+  fullPaths:
+    | '/agents'
+    | '/settings'
+    | '/initsystem'
+    | '/login'
+    | '/'
+    | '/service/$service_id'
+    | '/settings/notifications'
+    | '/settings/notifications-history'
+    | '/settings/'
   fileRoutesByTo: FileRoutesByTo
-  to: '/' | '/incidents' | '/service/$service_id'
-  id: '__root__' | '/' | '/incidents' | '/service/$service_id'
+  to:
+    | '/agents'
+    | '/initsystem'
+    | '/login'
+    | '/'
+    | '/service/$service_id'
+    | '/settings/notifications'
+    | '/settings/notifications-history'
+    | '/settings'
+  id:
+    | '__root__'
+    | '/_authenticated'
+    | '/_public'
+    | '/_authenticated/agents'
+    | '/_authenticated/settings'
+    | '/_public/initsystem'
+    | '/_public/login'
+    | '/_authenticated/'
+    | '/_authenticated/service/$service_id'
+    | '/_authenticated/settings/notifications'
+    | '/_authenticated/settings/notifications-history'
+    | '/_authenticated/settings/'
   fileRoutesById: FileRoutesById
 }
 export interface RootRouteChildren {
-  IndexRoute: typeof IndexRoute
-  IncidentsRoute: typeof IncidentsRoute
-  ServiceService_idRoute: typeof ServiceService_idRoute
+  AuthenticatedRoute: typeof AuthenticatedRouteWithChildren
+  PublicRoute: typeof PublicRouteWithChildren
 }
 
 declare module '@tanstack/react-router' {
   interface FileRoutesByPath {
-    '/incidents': {
-      id: '/incidents'
-      path: '/incidents'
-      fullPath: '/incidents'
-      preLoaderRoute: typeof IncidentsRouteImport
+    '/_public': {
+      id: '/_public'
+      path: ''
+      fullPath: ''
+      preLoaderRoute: typeof PublicRouteImport
+      parentRoute: typeof rootRouteImport
+    }
+    '/_authenticated': {
+      id: '/_authenticated'
+      path: ''
+      fullPath: ''
+      preLoaderRoute: typeof AuthenticatedRouteImport
       parentRoute: typeof rootRouteImport
     }
-    '/': {
-      id: '/'
+    '/_authenticated/': {
+      id: '/_authenticated/'
       path: '/'
       fullPath: '/'
-      preLoaderRoute: typeof IndexRouteImport
-      parentRoute: typeof rootRouteImport
+      preLoaderRoute: typeof AuthenticatedIndexRouteImport
+      parentRoute: typeof AuthenticatedRoute
+    }
+    '/_public/login': {
+      id: '/_public/login'
+      path: '/login'
+      fullPath: '/login'
+      preLoaderRoute: typeof PublicLoginRouteImport
+      parentRoute: typeof PublicRoute
+    }
+    '/_public/initsystem': {
+      id: '/_public/initsystem'
+      path: '/initsystem'
+      fullPath: '/initsystem'
+      preLoaderRoute: typeof PublicInitsystemRouteImport
+      parentRoute: typeof PublicRoute
+    }
+    '/_authenticated/settings': {
+      id: '/_authenticated/settings'
+      path: '/settings'
+      fullPath: '/settings'
+      preLoaderRoute: typeof AuthenticatedSettingsRouteImport
+      parentRoute: typeof AuthenticatedRoute
+    }
+    '/_authenticated/agents': {
+      id: '/_authenticated/agents'
+      path: '/agents'
+      fullPath: '/agents'
+      preLoaderRoute: typeof AuthenticatedAgentsRouteImport
+      parentRoute: typeof AuthenticatedRoute
+    }
+    '/_authenticated/settings/': {
+      id: '/_authenticated/settings/'
+      path: '/'
+      fullPath: '/settings/'
+      preLoaderRoute: typeof AuthenticatedSettingsIndexRouteImport
+      parentRoute: typeof AuthenticatedSettingsRoute
+    }
+    '/_authenticated/settings/notifications-history': {
+      id: '/_authenticated/settings/notifications-history'
+      path: '/notifications-history'
+      fullPath: '/settings/notifications-history'
+      preLoaderRoute: typeof AuthenticatedSettingsNotificationsHistoryRouteImport
+      parentRoute: typeof AuthenticatedSettingsRoute
     }
-    '/service/$service_id': {
-      id: '/service/$service_id'
+    '/_authenticated/settings/notifications': {
+      id: '/_authenticated/settings/notifications'
+      path: '/notifications'
+      fullPath: '/settings/notifications'
+      preLoaderRoute: typeof AuthenticatedSettingsNotificationsRouteImport
+      parentRoute: typeof AuthenticatedSettingsRoute
+    }
+    '/_authenticated/service/$service_id': {
+      id: '/_authenticated/service/$service_id'
       path: '/service/$service_id'
       fullPath: '/service/$service_id'
-      preLoaderRoute: typeof ServiceService_idRouteImport
-      parentRoute: typeof rootRouteImport
+      preLoaderRoute: typeof AuthenticatedServiceService_idRouteImport
+      parentRoute: typeof AuthenticatedRoute
     }
   }
 }
 
+interface AuthenticatedSettingsRouteChildren {
+  AuthenticatedSettingsNotificationsRoute: typeof AuthenticatedSettingsNotificationsRoute
+  AuthenticatedSettingsNotificationsHistoryRoute: typeof AuthenticatedSettingsNotificationsHistoryRoute
+  AuthenticatedSettingsIndexRoute: typeof AuthenticatedSettingsIndexRoute
+}
+
+const AuthenticatedSettingsRouteChildren: AuthenticatedSettingsRouteChildren = {
+  AuthenticatedSettingsNotificationsRoute:
+    AuthenticatedSettingsNotificationsRoute,
+  AuthenticatedSettingsNotificationsHistoryRoute:
+    AuthenticatedSettingsNotificationsHistoryRoute,
+  AuthenticatedSettingsIndexRoute: AuthenticatedSettingsIndexRoute,
+}
+
+const AuthenticatedSettingsRouteWithChildren =
+  AuthenticatedSettingsRoute._addFileChildren(
+    AuthenticatedSettingsRouteChildren,
+  )
+
+interface AuthenticatedRouteChildren {
+  AuthenticatedAgentsRoute: typeof AuthenticatedAgentsRoute
+  AuthenticatedSettingsRoute: typeof AuthenticatedSettingsRouteWithChildren
+  AuthenticatedIndexRoute: typeof AuthenticatedIndexRoute
+  AuthenticatedServiceService_idRoute: typeof AuthenticatedServiceService_idRoute
+}
+
+const AuthenticatedRouteChildren: AuthenticatedRouteChildren = {
+  AuthenticatedAgentsRoute: AuthenticatedAgentsRoute,
+  AuthenticatedSettingsRoute: AuthenticatedSettingsRouteWithChildren,
+  AuthenticatedIndexRoute: AuthenticatedIndexRoute,
+  AuthenticatedServiceService_idRoute: AuthenticatedServiceService_idRoute,
+}
+
+const AuthenticatedRouteWithChildren = AuthenticatedRoute._addFileChildren(
+  AuthenticatedRouteChildren,
+)
+
+interface PublicRouteChildren {
+  PublicInitsystemRoute: typeof PublicInitsystemRoute
+  PublicLoginRoute: typeof PublicLoginRoute
+}
+
+const PublicRouteChildren: PublicRouteChildren = {
+  PublicInitsystemRoute: PublicInitsystemRoute,
+  PublicLoginRoute: PublicLoginRoute,
+}
+
+const PublicRouteWithChildren =
+  PublicRoute._addFileChildren(PublicRouteChildren)
+
 const rootRouteChildren: RootRouteChildren = {
-  IndexRoute: IndexRoute,
-  IncidentsRoute: IncidentsRoute,
-  ServiceService_idRoute: ServiceService_idRoute,
+  AuthenticatedRoute: AuthenticatedRouteWithChildren,
+  PublicRoute: PublicRouteWithChildren,
 }
 export const routeTree = rootRouteImport
   ._addFileChildren(rootRouteChildren)
diff --git a/frontend/src/router.ts b/frontend/src/router.ts
new file mode 100644
index 0000000..6244314
--- /dev/null
+++ b/frontend/src/router.ts
@@ -0,0 +1,27 @@
+import { createRouter } from "@tanstack/react-router";
+import { routeTree } from "./routeTree.gen";
+import { Loader } from "./entities/loader/loader";
+import NotFound from "./pages/notFound/notFound";
+import ErrorRouter from "./entities/errorRouter";
+
+// Create a new router instance
+export const router = createRouter({
+  routeTree,
+  defaultPreload: "intent",
+  defaultStaleTime: Infinity,
+  scrollRestoration: true,
+  defaultPendingComponent: Loader,
+  defaultNotFoundComponent: NotFound,
+  defaultErrorComponent: ErrorRouter,
+  context: {
+    isSystemInitialized: false,
+    isAuthenticated: false,
+  },
+});
+
+// Register the router instance for type safety
+declare module "@tanstack/react-router" {
+  interface Register {
+    router: typeof router;
+  }
+}
diff --git a/frontend/src/routes/__root.tsx b/frontend/src/routes/__root.tsx
index a0ce309..f778d97 100644
--- a/frontend/src/routes/__root.tsx
+++ b/frontend/src/routes/__root.tsx
@@ -1,20 +1,16 @@
-import { createRootRoute, Outlet } from "@tanstack/react-router";
-import { TanStackRouterDevtools } from "@tanstack/react-router-devtools";
-import { Toaster } from "sonner";
+import { createRootRouteWithContext, Outlet } from "@tanstack/react-router";
+// import { TanStackRouterDevtools } from "@tanstack/react-router-devtools";
 
-import Header from "@/app/layouts/parts/Header";
+interface RouterContext {
+  isSystemInitialized: boolean;
+  isAuthenticated: boolean;
+}
 
-const RootComponent = () => (
-  <>
-    <div className="mx-auto flex w-full max-w-6xl flex-col gap-8 p-6 md:py-8 xl:px-0">
-      <Header />
+export const Route = createRootRouteWithContext<RouterContext>()({
+  component: () => (
+    <>
       <Outlet />
-    </div>
-    <Toaster />
-    <TanStackRouterDevtools />
-  </>
-);
-
-export const Route = createRootRoute({
-  component: RootComponent,
+      {/* <TanStackRouterDevtools /> */}
+    </>
+  ),
 });
diff --git a/frontend/src/routes/_authenticated.tsx b/frontend/src/routes/_authenticated.tsx
new file mode 100644
index 0000000..175198f
--- /dev/null
+++ b/frontend/src/routes/_authenticated.tsx
@@ -0,0 +1,22 @@
+import ProtectedWrapper from "@/app/protected";
+import { createFileRoute, redirect, Outlet } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_authenticated")({
+  beforeLoad: ({ context }) => {
+    if (!context.isSystemInitialized) {
+      throw redirect({
+        to: "/initsystem",
+      });
+    }
+    if (!context.isAuthenticated) {
+      throw redirect({
+        to: "/login",
+      });
+    }
+  },
+  component: () => (
+    <ProtectedWrapper>
+      <Outlet />
+    </ProtectedWrapper>
+  ),
+});
diff --git a/frontend/src/routes/_authenticated/agents.tsx b/frontend/src/routes/_authenticated/agents.tsx
new file mode 100644
index 0000000..42f23a4
--- /dev/null
+++ b/frontend/src/routes/_authenticated/agents.tsx
@@ -0,0 +1,10 @@
+import AgentsPage from "@/pages/agents/agents";
+import { createFileRoute } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_authenticated/agents")({
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return <AgentsPage />;
+}
diff --git a/frontend/src/routes/_authenticated/index.tsx b/frontend/src/routes/_authenticated/index.tsx
new file mode 100644
index 0000000..a919660
--- /dev/null
+++ b/frontend/src/routes/_authenticated/index.tsx
@@ -0,0 +1,20 @@
+import { createFileRoute } from "@tanstack/react-router";
+// import Dashboard from "@/pages/dashboard/dashboard";
+
+const Dashboard = () => {
+  return (
+    <div className="flex flex-col gap-6">
+      <h1 className="text-2xl font-bold">Dashboard</h1>
+      <div className="grid auto-rows-min gap-4 md:grid-cols-3">
+        <div className="bg-muted/50 aspect-video rounded-xl" />
+        <div className="bg-muted/50 aspect-video rounded-xl" />
+        <div className="bg-muted/50 aspect-video rounded-xl" />
+      </div>
+      <div className="bg-muted/50 min-h-[100vh] flex-1 rounded-xl md:min-h-min" />
+    </div>
+  );
+};
+
+export const Route = createFileRoute("/_authenticated/")({
+  component: Dashboard,
+});
diff --git a/frontend/src/routes/service/$service_id.tsx b/frontend/src/routes/_authenticated/service/$service_id.tsx
similarity index 79%
rename from frontend/src/routes/service/$service_id.tsx
rename to frontend/src/routes/_authenticated/service/$service_id.tsx
index da4e675..76b4ba6 100644
--- a/frontend/src/routes/service/$service_id.tsx
+++ b/frontend/src/routes/_authenticated/service/$service_id.tsx
@@ -6,6 +6,6 @@ const ServiceDetailComponent = () => {
   return <ServiceDetail serviceID={service_id} />;
 };
 
-export const Route = createFileRoute("/service/$service_id")({
+export const Route = createFileRoute("/_authenticated/service/$service_id")({
   component: ServiceDetailComponent,
 });
diff --git a/frontend/src/routes/_authenticated/settings.tsx b/frontend/src/routes/_authenticated/settings.tsx
new file mode 100644
index 0000000..740ca41
--- /dev/null
+++ b/frontend/src/routes/_authenticated/settings.tsx
@@ -0,0 +1,10 @@
+import { createFileRoute } from "@tanstack/react-router";
+import SettingsLayout from "@/pages/settings/layout";
+
+export const Route = createFileRoute("/_authenticated/settings")({
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return <SettingsLayout />;
+}
diff --git a/frontend/src/routes/_authenticated/settings/index.tsx b/frontend/src/routes/_authenticated/settings/index.tsx
new file mode 100644
index 0000000..5c515b3
--- /dev/null
+++ b/frontend/src/routes/_authenticated/settings/index.tsx
@@ -0,0 +1,6 @@
+import { createFileRoute } from "@tanstack/react-router";
+import GeneralSettingsPage from "@/pages/settings/general";
+
+export const Route = createFileRoute("/_authenticated/settings/")({
+  component: () => <GeneralSettingsPage />,
+});
diff --git a/frontend/src/routes/_authenticated/settings/notifications-history.tsx b/frontend/src/routes/_authenticated/settings/notifications-history.tsx
new file mode 100644
index 0000000..4771694
--- /dev/null
+++ b/frontend/src/routes/_authenticated/settings/notifications-history.tsx
@@ -0,0 +1,10 @@
+import NotificationHistoryPage from "@/pages/settings/notification-history";
+import { createFileRoute } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_authenticated/settings/notifications-history")({
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return <NotificationHistoryPage />;
+}
diff --git a/frontend/src/routes/_authenticated/settings/notifications.tsx b/frontend/src/routes/_authenticated/settings/notifications.tsx
new file mode 100644
index 0000000..18a2bbb
--- /dev/null
+++ b/frontend/src/routes/_authenticated/settings/notifications.tsx
@@ -0,0 +1,10 @@
+import { createFileRoute } from "@tanstack/react-router";
+import NotificationsPage from "@/pages/settings/notifications";
+
+export const Route = createFileRoute("/_authenticated/settings/notifications")({
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return <NotificationsPage />;
+}
diff --git a/frontend/src/routes/_public.tsx b/frontend/src/routes/_public.tsx
new file mode 100644
index 0000000..41587b9
--- /dev/null
+++ b/frontend/src/routes/_public.tsx
@@ -0,0 +1,24 @@
+import { ThemeToggle } from "@/shared/components/theme-toggle";
+import { createFileRoute, Outlet, redirect } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_public")({
+  beforeLoad: async ({ context }) => {
+    if (context.isAuthenticated) {
+      throw redirect({ to: "/" });
+    }
+  },
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return (
+    <div className="flex min-h-svh w-full items-center justify-center p-6 md:p-10">
+      <header className="absolute top-0 z-10 flex h-16 w-full shrink-0 items-center justify-end gap-2 border-b border-b-transparent px-4 transition-[width,height] ease-linear">
+        <ThemeToggle />
+      </header>
+      <div className="w-full max-w-sm">
+        <Outlet />
+      </div>
+    </div>
+  );
+}
diff --git a/frontend/src/routes/_public/initsystem.tsx b/frontend/src/routes/_public/initsystem.tsx
new file mode 100644
index 0000000..6cf8c5f
--- /dev/null
+++ b/frontend/src/routes/_public/initsystem.tsx
@@ -0,0 +1,13 @@
+import { InitSystemPage } from "@/pages/public/initSystem";
+import { createFileRoute, redirect } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_public/initsystem")({
+  beforeLoad: ({ context }) => {
+    if (context.isSystemInitialized) {
+      throw redirect({
+        to: "/login",
+      });
+    }
+  },
+  component: () => <InitSystemPage />,
+});
diff --git a/frontend/src/routes/_public/login.tsx b/frontend/src/routes/_public/login.tsx
new file mode 100644
index 0000000..fe3247f
--- /dev/null
+++ b/frontend/src/routes/_public/login.tsx
@@ -0,0 +1,17 @@
+import { LoginPage } from "@/pages/public/loginPage";
+import { createFileRoute, redirect } from "@tanstack/react-router";
+
+export const Route = createFileRoute("/_public/login")({
+  beforeLoad: ({ context }) => {
+    if (!context.isSystemInitialized) {
+      throw redirect({
+        to: "/initsystem",
+      });
+    }
+  },
+  component: RouteComponent,
+});
+
+function RouteComponent() {
+  return <LoginPage />;
+}
diff --git a/frontend/src/routes/incidents.tsx b/frontend/src/routes/incidents.tsx
deleted file mode 100644
index b606e8e..0000000
--- a/frontend/src/routes/incidents.tsx
+++ /dev/null
@@ -1,281 +0,0 @@
-import { useState } from "react";
-import { getIncidents } from "@/shared/api/incidents/incidents";
-import { ExpandableText } from "@/shared/components/expandableText";
-import PaginationTable from "@/shared/components/paginationTable";
-import {
-  Badge,
-  Button,
-  Card,
-  CardContent,
-  CardHeader,
-  CardTitle,
-  Tooltip,
-  TooltipContent,
-  TooltipProvider,
-  TooltipTrigger,
-} from "@/shared/components/ui";
-import { cn } from "@/shared/lib/utils";
-import type {
-  DbutilsFindResponseWithCountStorageIncident,
-  GetIncidentsParams,
-  StorageIncident,
-  WebErrorResponse,
-} from "@/shared/types/model";
-import { formatDuration } from "@/shared/utils/duration";
-import { createFileRoute, useRouter } from "@tanstack/react-router";
-import { CheckIcon, CircleAlertIcon, CopyIcon, TrashIcon } from "lucide-react";
-import { toast } from "sonner";
-import type { AxiosError } from "axios";
-
-export const Route = createFileRoute("/incidents")({
-  component: RouteComponent,
-  loaderDeps: ({
-    search: { page = 1, page_size = 10 },
-  }: {
-    search: GetIncidentsParams;
-  }) => ({
-    page,
-    page_size,
-  }),
-  loader: ({ deps: { page, page_size } }) =>
-    getIncidents().getIncidents({ page, page_size }),
-  gcTime: 0,
-});
-
-function RouteComponent() {
-  const data = Route.useLoaderData();
-
-  return <IncidentsList incidentsData={data} />;
-}
-
-interface IncidentsListProps {
-  incidentsData: DbutilsFindResponseWithCountStorageIncident;
-}
-
-export const IncidentsList = ({ incidentsData }: IncidentsListProps) => {
-  const deps = Route.useLoaderDeps();
-  const nav = Route.useNavigate();
-  const router = useRouter();
-
-  // State to track copied incident IDs
-  const [copiedIncidents, setCopiedIncidents] = useState<Set<string>>(
-    new Set(),
-  );
-
-  const handleCopyIncidentId = async (incidentId: string) => {
-    try {
-      await navigator.clipboard.writeText(incidentId);
-      setCopiedIncidents((prev) => new Set(prev).add(incidentId));
-      setTimeout(() => {
-        setCopiedIncidents((prev) => {
-          const newSet = new Set(prev);
-          newSet.delete(incidentId);
-          return newSet;
-        });
-      }, 1500);
-    } catch (err) {
-      toast.error("Failed to copy incident ID", {
-        description: (err as Error).message,
-      });
-    }
-  };
-
-  const handleDeleteIncident = async (
-    serviceId: string,
-    incidentId: string,
-  ) => {
-    try {
-      await getIncidents().deleteServicesIdIncidentsIncidentId(
-        serviceId,
-        incidentId,
-      );
-      router.invalidate();
-      toast.success("Incident deleted", { description: `ID: ${incidentId}` });
-    } catch (err: unknown) {
-      toast.error("Failed to delete incident", {
-        description:
-          (err as AxiosError<WebErrorResponse>)?.response?.data?.error ||
-          (err as Error).message,
-      });
-    }
-  };
-
-  return (
-    <Card className="gap-3">
-      <CardHeader>
-        <CardTitle className="pb-0 text-xl">Recent Incidents</CardTitle>
-      </CardHeader>
-      <CardContent>
-        {incidentsData.items?.length === 0 ? (
-          <div className="py-12 text-center">
-            <CircleAlertIcon className="text-muted-foreground/50 mx-auto mb-4 h-12 w-12" />
-            <p className="text-muted-foreground">No incidents found</p>
-          </div>
-        ) : (
-          <div className="space-y-3">
-            {incidentsData?.items?.map((incident: StorageIncident) => (
-              <div
-                key={incident.id}
-                className="bg-card flex items-center gap-4 rounded-lg border p-4 transition-shadow hover:shadow-sm"
-              >
-                {/* Status Indicator */}
-                <div className="flex-shrink-0">
-                  <TooltipProvider>
-                    <Tooltip>
-                      <TooltipTrigger>
-                        <div
-                          className={cn(
-                            "h-2.5 w-2.5 rounded-full",
-                            incident.resolved
-                              ? "bg-emerald-400"
-                              : "bg-rose-400",
-                          )}
-                        />
-                      </TooltipTrigger>
-                      <TooltipContent showArrow className="dark">
-                        <p>
-                          {incident.resolved
-                            ? "Incident resolved"
-                            : "Active incident"}
-                        </p>
-                      </TooltipContent>
-                    </Tooltip>
-                  </TooltipProvider>
-                </div>
-
-                {/* Main Content */}
-                <div className="min-w-0 flex-1 space-y-2">
-                  <div className="flex flex-wrap items-center gap-2 text-sm">
-                    <TooltipProvider delayDuration={0}>
-                      <Tooltip>
-                        <TooltipTrigger asChild>
-                          <button
-                            onClick={() =>
-                              handleCopyIncidentId(incident.id ?? "")
-                            }
-                            className="text-foreground inline-flex cursor-pointer items-center gap-1.5 rounded px-1 py-0.5 font-medium transition-colors duration-200 hover:bg-blue-50 hover:text-blue-600"
-                            aria-label={
-                              copiedIncidents.has(incident.id ?? "")
-                                ? "Copied"
-                                : "Copy incident ID"
-                            }
-                          >
-                            #{incident.id?.slice(-6)}
-                            <div className="flex h-3.5 w-3.5 items-center justify-center">
-                              {copiedIncidents.has(incident.id ?? "") ? (
-                                <CheckIcon
-                                  className="stroke-emerald-500 transition-all duration-200"
-                                  aria-hidden="true"
-                                />
-                              ) : (
-                                <CopyIcon
-                                  aria-hidden="true"
-                                  className="transition-all duration-200"
-                                />
-                              )}
-                            </div>
-                          </button>
-                        </TooltipTrigger>
-                        <TooltipContent
-                          showArrow
-                          className="dark px-2 py-1 text-xs"
-                        >
-                          {copiedIncidents.has(incident.id ?? "")
-                            ? "Copied!"
-                            : "Click to copy ID"}
-                        </TooltipContent>
-                      </Tooltip>
-                    </TooltipProvider>
-
-                    <Badge
-                      variant={incident.resolved ? "default" : "destructive"}
-                      className={cn(
-                        "text-xs font-medium",
-                        incident.resolved && "bg-emerald-100 text-emerald-600",
-                        !incident.resolved && "bg-rose-100 text-rose-600",
-                      )}
-                    >
-                      {incident.resolved ? "Resolved" : "Active"}
-                    </Badge>
-                  </div>
-
-                  <div className="text-muted-foreground text-sm">
-                    <ExpandableText
-                      content={incident?.error ?? ""}
-                      className="text-muted-foreground text-sm"
-                    />
-                  </div>
-
-                  <div className="text-muted-foreground flex flex-wrap gap-2 text-xs md:gap-4">
-                    <div>
-                      <span className="font-medium">Started:</span>{" "}
-                      {new Date(
-                        incident?.start_time ?? "",
-                      ).toLocaleDateString()}{" "}
-                      at{" "}
-                      {new Date(
-                        incident?.start_time ?? "",
-                      ).toLocaleTimeString()}
-                    </div>
-                    {incident?.end_time && (
-                      <div>
-                        <span className="font-medium">Ended:</span>{" "}
-                        {new Date(
-                          incident?.end_time ?? "",
-                        ).toLocaleDateString()}{" "}
-                        at{" "}
-                        {new Date(
-                          incident?.end_time ?? "",
-                        ).toLocaleTimeString()}
-                      </div>
-                    )}
-                    {incident.duration && (
-                      <div>
-                        <span className="font-medium">Duration:</span>{" "}
-                        {formatDuration(Number(incident?.duration ?? 0))}
-                      </div>
-                    )}
-                  </div>
-                </div>
-
-                {/* Action Button */}
-                <div className="flex-shrink-0">
-                  <Button
-                    size="sm"
-                    variant="ghost"
-                    className="h-8 w-8 p-0 opacity-50 hover:opacity-100"
-                    onClick={() =>
-                      handleDeleteIncident(
-                        incident.service_id as string,
-                        incident.id as string,
-                      )
-                    }
-                  >
-                    <TrashIcon className="h-3.5 w-3.5" />
-                  </Button>
-                </div>
-              </div>
-            ))}
-
-            <div className="pt-4">
-              <PaginationTable
-                className="px-0"
-                selectedRows={deps.page_size ?? 0}
-                setSelectedRows={(value) => {
-                  nav({ search: { page_size: value, page: deps.page } });
-                }}
-                selectedPage={deps.page ?? 0}
-                setSelectedPage={(value) => {
-                  nav({ search: { page_size: deps.page_size, page: value } });
-                }}
-                totalPages={Math.ceil(
-                  (incidentsData?.count ?? 0) / (deps.page_size ?? 0),
-                )}
-              />
-            </div>
-          </div>
-        )}
-      </CardContent>
-    </Card>
-  );
-};
diff --git a/frontend/src/routes/index.tsx b/frontend/src/routes/index.tsx
deleted file mode 100644
index 5e79494..0000000
--- a/frontend/src/routes/index.tsx
+++ /dev/null
@@ -1,6 +0,0 @@
-import { createFileRoute } from "@tanstack/react-router";
-import Dashboard from "@/pages/dashboard/dashboard";
-
-export const Route = createFileRoute("/")({
-  component: Dashboard,
-});
diff --git a/frontend/src/shared/api/baseApi.ts b/frontend/src/shared/api/baseApi.ts
deleted file mode 100644
index f366efa..0000000
--- a/frontend/src/shared/api/baseApi.ts
+++ /dev/null
@@ -1,73 +0,0 @@
-import axios from "axios";
-
-// Get configuration from environment variables or server injection
-declare global {
-  interface Window {
-    __SENTINEL_CONFIG__?: {
-      baseUrl: string;
-      socketUrl: string;
-    };
-  }
-}
-
-// Priority: env variables > server config > defaults
-const getConfig = () => {
-  // First try environment variables (Vite)
-  const envBaseUrl = import.meta.env.VITE_API_BASE_URL;
-  const envSocketUrl = import.meta.env.VITE_SOCKET_URL;
-
-  if (envBaseUrl && envSocketUrl) {
-    return {
-      baseUrl: envBaseUrl,
-      socketUrl: envSocketUrl,
-    };
-  }
-
-  // Fallback to server config
-  if (window.__SENTINEL_CONFIG__) {
-    return window.__SENTINEL_CONFIG__;
-  }
-
-  // Final fallback to defaults (use current host)
-  const currentHost = window.location.hostname;
-  const protocol = window.location.protocol === "https:" ? "https:" : "http:";
-  const wsProtocol = window.location.protocol === "https:" ? "wss:" : "ws:";
-
-  return {
-    baseUrl: `${protocol}//${currentHost}:8080/api/v1`,
-    socketUrl: `${wsProtocol}//${currentHost}:8080/ws`,
-  };
-};
-
-const config = getConfig();
-
-const $api = axios.create({
-  baseURL: config.baseUrl,
-});
-
-// $api is used in orval-generated functions for making HTTP requests
-export const customFetcher = async <T>({
-  url,
-  method,
-  data,
-  params,
-  headers,
-}: {
-  url: string;
-  method: string;
-  data?: T;
-  params?: Record<string, unknown>;
-  headers?: Record<string, string>;
-}): Promise<T> => {
-  const response = await $api.request<T>({
-    url,
-    method,
-    data,
-    params,
-    headers,
-  });
-
-  return response.data;
-};
-
-export const socketUrl = config.socketUrl;
diff --git a/frontend/src/shared/api/dashboard/dashboard.ts b/frontend/src/shared/api/dashboard/dashboard.ts
deleted file mode 100644
index f0794cb..0000000
--- a/frontend/src/shared/api/dashboard/dashboard.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebDashboardStats } from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getDashboard = () => {
-  /**
-   * Returns statistics for the dashboard
-   * @summary Get dashboard statistics
-   */
-  const getDashboardStats = () => {
-    return customFetcher<WebDashboardStats>({
-      url: `/dashboard/stats`,
-      method: "GET",
-    });
-  };
-  return { getDashboardStats };
-};
-export type GetDashboardStatsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getDashboard>["getDashboardStats"]>>
->;
diff --git a/frontend/src/shared/api/incidents/incidents.ts b/frontend/src/shared/api/incidents/incidents.ts
deleted file mode 100644
index 67ad91a..0000000
--- a/frontend/src/shared/api/incidents/incidents.ts
+++ /dev/null
@@ -1,105 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type {
-  DbutilsFindResponseWithCountStorageIncident,
-  GetIncidentsParams,
-  GetIncidentsStatsParams,
-  GetServicesIdIncidentsParams,
-  WebGetIncidentsStatsItem,
-  WebSuccessResponse,
-} from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getIncidents = () => {
-  /**
-   * Returns a list of recent incidents across all services
-   * @summary Get recent incidents
-   */
-  const getIncidents = (params?: GetIncidentsParams) => {
-    return customFetcher<DbutilsFindResponseWithCountStorageIncident>({
-      url: `/incidents`,
-      method: "GET",
-      params,
-    });
-  };
-  /**
-   * Returns the stats of incidents by date range
-   * @summary Get incidents stats by date range
-   */
-  const getIncidentsStats = (params: GetIncidentsStatsParams) => {
-    return customFetcher<WebGetIncidentsStatsItem[]>({
-      url: `/incidents/stats`,
-      method: "GET",
-      params,
-    });
-  };
-  /**
-   * Returns a list of incidents for a specific service
-   * @summary Get service incidents
-   */
-  const getServicesIdIncidents = (
-    id: string,
-    params?: GetServicesIdIncidentsParams,
-  ) => {
-    return customFetcher<DbutilsFindResponseWithCountStorageIncident>({
-      url: `/services/${id}/incidents`,
-      method: "GET",
-      params,
-    });
-  };
-  /**
-   * Deletes a specific incident for a service
-   * @summary Delete incident
-   */
-  const deleteServicesIdIncidentsIncidentId = (
-    id: string,
-    incidentId: string,
-  ) => {
-    return customFetcher<null>({
-      url: `/services/${id}/incidents/${incidentId}`,
-      method: "DELETE",
-    });
-  };
-  /**
-   * Forcefully resolves all active incidents for a service
-   * @summary Resolve service incidents
-   */
-  const postServicesIdResolve = (id: string) => {
-    return customFetcher<WebSuccessResponse>({
-      url: `/services/${id}/resolve`,
-      method: "POST",
-    });
-  };
-  return {
-    getIncidents,
-    getIncidentsStats,
-    getServicesIdIncidents,
-    deleteServicesIdIncidentsIncidentId,
-    postServicesIdResolve,
-  };
-};
-export type GetIncidentsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getIncidents>["getIncidents"]>>
->;
-export type GetIncidentsStatsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getIncidents>["getIncidentsStats"]>>
->;
-export type GetServicesIdIncidentsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getIncidents>["getServicesIdIncidents"]>>
->;
-export type DeleteServicesIdIncidentsIncidentIdResult = NonNullable<
-  Awaited<
-    ReturnType<
-      ReturnType<typeof getIncidents>["deleteServicesIdIncidentsIncidentId"]
-    >
-  >
->;
-export type PostServicesIdResolveResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getIncidents>["postServicesIdResolve"]>>
->;
diff --git a/frontend/src/shared/api/info/info.ts b/frontend/src/shared/api/info/info.ts
deleted file mode 100644
index e3aa9bb..0000000
--- a/frontend/src/shared/api/info/info.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Generated by orval v7.11.1 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebServerInfoResponse } from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getInfo = () => {
-  /**
-   * Returns basic information about the server
-   * @summary Get server info
-   */
-  const getServerInfo = () => {
-    return customFetcher<WebServerInfoResponse>({
-      url: `/server/info`,
-      method: "GET",
-    });
-  };
-  return { getServerInfo };
-};
-export type GetServerInfoResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getInfo>["getServerInfo"]>>
->;
diff --git a/frontend/src/shared/api/server/server.ts b/frontend/src/shared/api/server/server.ts
deleted file mode 100644
index ae6b17b..0000000
--- a/frontend/src/shared/api/server/server.ts
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type {
-  WebHealthCheckResponse,
-  WebServerInfoResponse,
-  WebSuccessResponse,
-} from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getServer = () => {
-  /**
-   * Checks the health of the server
-   * @summary Health check
-   */
-  const getServerHealth = () => {
-    return customFetcher<WebHealthCheckResponse>({
-      url: `/server/health`,
-      method: "GET",
-    });
-  };
-  /**
-   * Returns basic information about the server
-   * @summary Get server info
-   */
-  const getServerInfo = () => {
-    return customFetcher<WebServerInfoResponse>({
-      url: `/server/info`,
-      method: "GET",
-    });
-  };
-  /**
-   * Triggers a manual upgrade of the server
-   * @summary Manual upgrade
-   */
-  const getServerUpgrade = () => {
-    return customFetcher<WebSuccessResponse>({
-      url: `/server/upgrade`,
-      method: "GET",
-    });
-  };
-  return { getServerHealth, getServerInfo, getServerUpgrade };
-};
-export type GetServerHealthResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServer>["getServerHealth"]>>
->;
-export type GetServerInfoResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServer>["getServerInfo"]>>
->;
-export type GetServerUpgradeResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServer>["getServerUpgrade"]>>
->;
diff --git a/frontend/src/shared/api/services/services.ts b/frontend/src/shared/api/services/services.ts
deleted file mode 100644
index c0f7b48..0000000
--- a/frontend/src/shared/api/services/services.ts
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type {
-  DbutilsFindResponseWithCountWebServiceDTO,
-  GetServicesParams,
-  WebCreateUpdateServiceRequest,
-  WebServiceDTO,
-  WebSuccessResponse,
-} from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getServices = () => {
-  /**
-   * Returns a list of all services with their current states
-   * @summary Get all services
-   */
-  const getServices = (params?: GetServicesParams) => {
-    return customFetcher<DbutilsFindResponseWithCountWebServiceDTO>({
-      url: `/services`,
-      method: "GET",
-      params,
-    });
-  };
-  /**
-   * Creates a new service for monitoring
-   * @summary Create new service
-   */
-  const postServices = (
-    webCreateUpdateServiceRequest: WebCreateUpdateServiceRequest,
-  ) => {
-    return customFetcher<WebServiceDTO>({
-      url: `/services`,
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      data: webCreateUpdateServiceRequest,
-    });
-  };
-  /**
-   * Returns detailed information about a specific service
-   * @summary Get service details
-   */
-  const getServicesId = (id: string) => {
-    return customFetcher<WebServiceDTO>({
-      url: `/services/${id}`,
-      method: "GET",
-    });
-  };
-  /**
-   * Updates an existing service
-   * @summary Update service
-   */
-  const putServicesId = (
-    id: string,
-    webCreateUpdateServiceRequest: WebCreateUpdateServiceRequest,
-  ) => {
-    return customFetcher<WebServiceDTO>({
-      url: `/services/${id}`,
-      method: "PUT",
-      headers: { "Content-Type": "application/json" },
-      data: webCreateUpdateServiceRequest,
-    });
-  };
-  /**
-   * Deletes a service from the monitoring system
-   * @summary Delete service
-   */
-  const deleteServicesId = (id: string) => {
-    return customFetcher<null>({ url: `/services/${id}`, method: "DELETE" });
-  };
-  /**
-   * Triggers a manual check of service status
-   * @summary Trigger service check
-   */
-  const postServicesIdCheck = (id: string) => {
-    return customFetcher<WebSuccessResponse>({
-      url: `/services/${id}/check`,
-      method: "POST",
-    });
-  };
-  return {
-    getServices,
-    postServices,
-    getServicesId,
-    putServicesId,
-    deleteServicesId,
-    postServicesIdCheck,
-  };
-};
-export type GetServicesResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["getServices"]>>
->;
-export type PostServicesResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["postServices"]>>
->;
-export type GetServicesIdResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["getServicesId"]>>
->;
-export type PutServicesIdResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["putServicesId"]>>
->;
-export type DeleteServicesIdResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["deleteServicesId"]>>
->;
-export type PostServicesIdCheckResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getServices>["postServicesIdCheck"]>>
->;
diff --git a/frontend/src/shared/api/statistics/statistics.ts b/frontend/src/shared/api/statistics/statistics.ts
deleted file mode 100644
index 064ce2d..0000000
--- a/frontend/src/shared/api/statistics/statistics.ts
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type {
-  GetServicesIdStatsParams,
-  StorageServiceStats,
-} from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getStatistics = () => {
-  /**
-   * Returns service statistics for the specified period
-   * @summary Get service statistics
-   */
-  const getServicesIdStats = (
-    id: string,
-    params?: GetServicesIdStatsParams,
-  ) => {
-    return customFetcher<StorageServiceStats>({
-      url: `/services/${id}/stats`,
-      method: "GET",
-      params,
-    });
-  };
-  return { getServicesIdStats };
-};
-export type GetServicesIdStatsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getStatistics>["getServicesIdStats"]>>
->;
diff --git a/frontend/src/shared/api/tags/tags.ts b/frontend/src/shared/api/tags/tags.ts
deleted file mode 100644
index 1d865d4..0000000
--- a/frontend/src/shared/api/tags/tags.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { GetTagsCount200 } from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getTags = () => {
-  /**
-   * Retrieves all unique tags used across services
-   * @summary Get all tags
-   */
-  const getTags = () => {
-    return customFetcher<string[]>({ url: `/tags`, method: "GET" });
-  };
-  /**
-   * Retrieves all unique tags along with their usage count across services
-   * @summary Get all tags with usage count
-   */
-  const getTagsCount = () => {
-    return customFetcher<GetTagsCount200>({
-      url: `/tags/count`,
-      method: "GET",
-    });
-  };
-  return { getTags, getTagsCount };
-};
-export type GetTagsResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getTags>["getTags"]>>
->;
-export type GetTagsCountResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getTags>["getTagsCount"]>>
->;
diff --git a/frontend/src/shared/api/upgrade/upgrade.ts b/frontend/src/shared/api/upgrade/upgrade.ts
deleted file mode 100644
index f3ad448..0000000
--- a/frontend/src/shared/api/upgrade/upgrade.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Generated by orval v7.11.1 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebSuccessResponse } from "../../types/model";
-
-import { customFetcher } from ".././baseApi";
-
-export const getUpgrade = () => {
-  /**
-   * Triggers a manual upgrade of the server
-   * @summary Manual upgrade
-   */
-  const getServerUpgrade = () => {
-    return customFetcher<WebSuccessResponse>({
-      url: `/server/upgrade`,
-      method: "GET",
-    });
-  };
-  return { getServerUpgrade };
-};
-export type GetServerUpgradeResult = NonNullable<
-  Awaited<ReturnType<ReturnType<typeof getUpgrade>["getServerUpgrade"]>>
->;
diff --git a/frontend/src/shared/components/expandableText.tsx b/frontend/src/shared/components/expandableText.tsx
index 23d66c3..994c5eb 100644
--- a/frontend/src/shared/components/expandableText.tsx
+++ b/frontend/src/shared/components/expandableText.tsx
@@ -1,6 +1,7 @@
 import { useState, useRef, useLayoutEffect } from "react";
 import { cn } from "@/shared/lib/utils";
 import { ChevronDown, ChevronUp } from "lucide-react";
+import { Button } from "./ui";
 
 interface ExpandableTextProps {
   content: string;
@@ -53,9 +54,10 @@ export const ExpandableText = ({ content, className }: ExpandableTextProps) => {
 
       {/* Show toggle button if content is truncated OR currently expanded */}
       {(isTruncated || isExpanded) && (
-        <button
+        <Button
           onClick={toggleExpansion}
-          className="mt-2 inline-flex items-center gap-1 rounded-md bg-blue-50 px-2 py-1 text-xs font-medium text-blue-600 transition-colors duration-200 hover:bg-blue-100 hover:text-blue-700"
+          variant="secondary"
+          className="mt-2 h-8 gap-1 px-1.5 py-1 text-xs"
         >
           {isExpanded ? (
             <>
@@ -68,7 +70,7 @@ export const ExpandableText = ({ content, className }: ExpandableTextProps) => {
               Show more
             </>
           )}
-        </button>
+        </Button>
       )}
     </div>
   );
diff --git a/frontend/src/shared/components/logo.tsx b/frontend/src/shared/components/logo.tsx
new file mode 100644
index 0000000..9c39a78
--- /dev/null
+++ b/frontend/src/shared/components/logo.tsx
@@ -0,0 +1,23 @@
+import { cn } from "../lib/utils";
+
+type LogoProps = React.SVGProps<SVGSVGElement> & {
+  className?: string;
+};
+
+const Logo = ({ className, ...props }: LogoProps) => {
+  return (
+    <svg
+      width="240"
+      height="38"
+      viewBox="0 0 240 38"
+      fill="#000000"
+      xmlns="http://www.w3.org/2000/svg"
+      className={cn("fill-black dark:fill-white/90", className)}
+      {...props}
+    >
+      <path d="M25.1973 26.1602C25.1973 28.097 24.709 29.9362 23.7324 31.6777C22.7559 33.403 21.234 34.8027 19.167 35.877C17.1162 36.9512 14.4632 37.4883 11.208 37.4883C9.5804 37.4883 8.14811 37.415 6.91113 37.2686C5.69043 37.1221 4.55111 36.8861 3.49316 36.5605C2.43522 36.2188 1.33659 35.7793 0.197266 35.2422V26.6484C2.13411 27.625 4.08724 28.3737 6.05664 28.8945C8.02604 29.3991 9.80827 29.6514 11.4033 29.6514C12.3636 29.6514 13.1449 29.5374 13.7471 29.3096C14.3656 29.0817 14.8213 28.7725 15.1143 28.3818C15.4072 27.9749 15.5537 27.5111 15.5537 26.9902C15.5537 26.3717 15.334 25.8509 14.8945 25.4277C14.4714 24.9883 13.7878 24.5326 12.8438 24.0605C11.8997 23.5885 10.6546 23.0026 9.1084 22.3027C7.79004 21.6842 6.59375 21.0495 5.51953 20.3984C4.46159 19.7474 3.55013 19.0068 2.78516 18.1768C2.03646 17.3304 1.45866 16.3457 1.05176 15.2227C0.644857 14.0996 0.441406 12.7731 0.441406 11.2432C0.441406 8.94824 1.00293 7.02767 2.12598 5.48145C3.2653 3.91895 4.84408 2.74707 6.8623 1.96582C8.89681 1.18457 11.2406 0.793945 13.8936 0.793945C16.221 0.793945 18.3125 1.05436 20.168 1.5752C22.0397 2.09603 23.7161 2.6901 25.1973 3.35742L22.2432 10.8037C20.7132 10.1038 19.2077 9.55046 17.7266 9.14355C16.2454 8.72038 14.8701 8.50879 13.6006 8.50879C12.7705 8.50879 12.0869 8.61458 11.5498 8.82617C11.029 9.02148 10.6383 9.29004 10.3779 9.63184C10.1338 9.97363 10.0117 10.3643 10.0117 10.8037C10.0117 11.3571 10.2233 11.8535 10.6465 12.293C11.0859 12.7324 11.8102 13.2126 12.8193 13.7334C13.8447 14.238 15.2363 14.8971 16.9941 15.7109C18.7357 16.4922 20.2168 17.3385 21.4375 18.25C22.6582 19.1452 23.5859 20.2275 24.2207 21.4971C24.8717 22.7503 25.1973 24.3047 25.1973 26.1602ZM51.9062 37H30.7148V1.30664H51.9062V9.0459H40.3584V14.6611H51.0518V22.4004H40.3584V29.1387H51.9062V37ZM92.1406 37H79.4941L66.457 11.8535H66.2373C66.3187 12.6185 66.3919 13.5381 66.457 14.6123C66.5221 15.6865 66.5791 16.7852 66.6279 17.9082C66.6768 19.015 66.7012 20.016 66.7012 20.9111V37H58.1562V1.30664H70.7539L83.7422 26.1113H83.8887C83.8398 25.3301 83.791 24.4268 83.7422 23.4014C83.6934 22.3597 83.6445 21.3099 83.5957 20.252C83.5632 19.194 83.5469 18.2581 83.5469 17.4443V1.30664H92.1406V37ZM115.603 37H105.959V9.19238H97.2432V1.30664H124.294V9.19238H115.603V37ZM129.396 37V1.30664H139.089V37H129.396ZM180.812 37H168.166L155.129 11.8535H154.909C154.991 12.6185 155.064 13.5381 155.129 14.6123C155.194 15.6865 155.251 16.7852 155.3 17.9082C155.349 19.015 155.373 20.016 155.373 20.9111V37H146.828V1.30664H159.426L172.414 26.1113H172.561C172.512 25.3301 172.463 24.4268 172.414 23.4014C172.365 22.3597 172.316 21.3099 172.268 20.252C172.235 19.194 172.219 18.2581 172.219 17.4443V1.30664H180.812V37ZM209.719 37H188.527V1.30664H209.719V9.0459H198.171V14.6611H208.864V22.4004H198.171V29.1387H209.719V37ZM215.969 37V1.30664H225.612V29.2119H239.357V37H215.969Z" />
+    </svg>
+  );
+};
+
+export default Logo;
diff --git a/frontend/src/shared/components/logoSmall.tsx b/frontend/src/shared/components/logoSmall.tsx
new file mode 100644
index 0000000..1ba7065
--- /dev/null
+++ b/frontend/src/shared/components/logoSmall.tsx
@@ -0,0 +1,23 @@
+import { cn } from "../lib/utils";
+
+type LogoProps = React.SVGProps<SVGSVGElement> & {
+  className?: string;
+};
+
+const LogoSmall = ({ className, ...props }: LogoProps) => {
+  return (
+    <svg
+      width="26"
+      height="38"
+      viewBox="0 0 26 38"
+      fill="#000000"
+      xmlns="http://www.w3.org/2000/svg"
+      className={cn("fill-black dark:fill-white", className)}
+      {...props}
+    >
+      <path d="M25.1973 26.1602C25.1973 28.097 24.709 29.9362 23.7324 31.6777C22.7559 33.403 21.234 34.8027 19.167 35.877C17.1162 36.9512 14.4632 37.4883 11.208 37.4883C9.5804 37.4883 8.14811 37.415 6.91113 37.2686C5.69043 37.1221 4.55111 36.8861 3.49316 36.5605C2.43522 36.2188 1.33659 35.7793 0.197266 35.2422V26.6484C2.13411 27.625 4.08724 28.3737 6.05664 28.8945C8.02604 29.3991 9.80827 29.6514 11.4033 29.6514C12.3636 29.6514 13.1449 29.5374 13.7471 29.3096C14.3656 29.0817 14.8213 28.7725 15.1143 28.3818C15.4072 27.9749 15.5537 27.5111 15.5537 26.9902C15.5537 26.3717 15.334 25.8509 14.8945 25.4277C14.4714 24.9883 13.7878 24.5326 12.8438 24.0605C11.8997 23.5885 10.6546 23.0026 9.1084 22.3027C7.79004 21.6842 6.59375 21.0495 5.51953 20.3984C4.46159 19.7474 3.55013 19.0068 2.78516 18.1768C2.03646 17.3304 1.45866 16.3457 1.05176 15.2227C0.644857 14.0996 0.441406 12.7731 0.441406 11.2432C0.441406 8.94824 1.00293 7.02767 2.12598 5.48145C3.2653 3.91895 4.84408 2.74707 6.8623 1.96582C8.89681 1.18457 11.2406 0.793945 13.8936 0.793945C16.221 0.793945 18.3125 1.05436 20.168 1.5752C22.0397 2.09603 23.7161 2.6901 25.1973 3.35742L22.2432 10.8037C20.7132 10.1038 19.2077 9.55046 17.7266 9.14355C16.2454 8.72038 14.8701 8.50879 13.6006 8.50879C12.7705 8.50879 12.0869 8.61458 11.5498 8.82617C11.029 9.02148 10.6383 9.29004 10.3779 9.63184C10.1338 9.97363 10.0117 10.3643 10.0117 10.8037C10.0117 11.3571 10.2233 11.8535 10.6465 12.293C11.0859 12.7324 11.8102 13.2126 12.8193 13.7334C13.8447 14.238 15.2363 14.8971 16.9941 15.7109C18.7357 16.4922 20.2168 17.3385 21.4375 18.25C22.6582 19.1452 23.5859 20.2275 24.2207 21.4971C24.8717 22.7503 25.1973 24.3047 25.1973 26.1602Z" />
+    </svg>
+  );
+};
+
+export default LogoSmall;
diff --git a/frontend/src/shared/components/pageLoader.tsx b/frontend/src/shared/components/pageLoader.tsx
new file mode 100644
index 0000000..49a4d8d
--- /dev/null
+++ b/frontend/src/shared/components/pageLoader.tsx
@@ -0,0 +1,11 @@
+import { Spinner } from "./ui/spinner";
+
+const PageLoader = () => {
+  return (
+    <div className="flex h-screen w-full items-center justify-center">
+      <Spinner className="size-6" />
+    </div>
+  );
+};
+
+export default PageLoader;
diff --git a/frontend/src/shared/components/sidebar/nav-main.tsx b/frontend/src/shared/components/sidebar/nav-main.tsx
new file mode 100644
index 0000000..2e505a8
--- /dev/null
+++ b/frontend/src/shared/components/sidebar/nav-main.tsx
@@ -0,0 +1,97 @@
+"use client";
+
+import { Link, type LinkOptions } from "@tanstack/react-router";
+
+import { type LucideIcon } from "lucide-react";
+
+import { Collapsible } from "@/shared/components/ui/collapsible";
+import {
+  SidebarGroup,
+  SidebarMenu,
+  SidebarMenuButton,
+  SidebarMenuItem,
+} from "@/shared/components/ui/sidebar";
+import { cn } from "@/shared/lib/utils";
+
+type NavMainItem = LinkOptions & {
+  to: string;
+  title: string;
+  icon?: LucideIcon;
+};
+
+type NavMainProps = {
+  items: {
+    main: NavMainItem & { isActive?: boolean };
+    items?: NavMainItem[];
+  }[];
+};
+
+export function NavMain({ items }: NavMainProps) {
+  return (
+    <SidebarGroup>
+      {/* <SidebarGroupLabel>Application</SidebarGroupLabel> */}
+      <SidebarMenu>
+        {items.map((option) => (
+          <Collapsible
+            key={option.main.title}
+            asChild
+            defaultOpen={option.main.isActive}
+          >
+            <SidebarMenuItem>
+              <SidebarMenuButton asChild tooltip={option.main.title}>
+                <Link
+                  key={option.main.to}
+                  {...option}
+                  to={option.main.to}
+                  className="text-sm/6 font-medium"
+                  activeProps={{
+                    className: cn(
+                      "bg-sidebar-accent text-sidebar-accent-foreground hover:bg-sidebar-accent/70",
+                    ),
+                  }}
+                >
+                  {option.main.icon && <option.main.icon />}
+                  <span>{option.main.title}</span>
+                </Link>
+              </SidebarMenuButton>
+              {/* {option.items?.length ? (
+                <>
+                  <CollapsibleTrigger asChild>
+                    <SidebarMenuAction className="data-[state=open]:rotate-90">
+                      <ChevronRight />
+                      <span className="sr-only">Toggle</span>
+                    </SidebarMenuAction>
+                  </CollapsibleTrigger>
+                  <CollapsibleContent>
+                    <SidebarMenuSub>
+                      {option.items?.map((subOption) => (
+                        <SidebarMenuSubItem key={subOption.to}>
+                          <SidebarMenuSubButton asChild>
+                            <Link
+                              key={subOption.to}
+                              {...subOption}
+                              to={subOption.to}
+                              className="text-sm/6"
+                              activeProps={{
+                                className: cn(
+                                  "bg-sidebar-accent text-sidebar-accent-foreground hover:bg-sidebar-accent/70",
+                                ),
+                              }}
+                            >
+                              {subOption.icon && <subOption.icon />}
+                              <span>{subOption.title}</span>
+                            </Link>
+                          </SidebarMenuSubButton>
+                        </SidebarMenuSubItem>
+                      ))}
+                    </SidebarMenuSub>
+                  </CollapsibleContent>
+                </>
+              ) : null} */}
+            </SidebarMenuItem>
+          </Collapsible>
+        ))}
+      </SidebarMenu>
+    </SidebarGroup>
+  );
+}
diff --git a/frontend/src/shared/components/sidebar/nav-user.tsx b/frontend/src/shared/components/sidebar/nav-user.tsx
new file mode 100644
index 0000000..e84652f
--- /dev/null
+++ b/frontend/src/shared/components/sidebar/nav-user.tsx
@@ -0,0 +1,111 @@
+"use client";
+
+import { ChevronsUpDown, LogOut } from "lucide-react";
+
+import {
+  Avatar,
+  AvatarFallback,
+  AvatarImage,
+} from "@/shared/components/ui/avatar";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuLabel,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+} from "@/shared/components/ui/dropdown-menu";
+import {
+  SidebarMenu,
+  SidebarMenuButton,
+  SidebarMenuItem,
+  useSidebar,
+} from "@/shared/components/ui/sidebar";
+import { useNavigate } from "@tanstack/react-router";
+import { useAuthStore } from "@/app/stores/auth";
+
+// splitUserFullName
+function splitUserFullName(fullName: string | undefined): string {
+  if (!fullName) return "U";
+  const [firstName, ...lastName] = fullName.split(" ");
+  return firstName.charAt(0) + (lastName[0]?.charAt(0) ?? "");
+}
+
+export function NavUser() {
+  const { isMobile } = useSidebar();
+  const navigate = useNavigate();
+  const authStore = useAuthStore();
+
+  return (
+    <SidebarMenu>
+      <SidebarMenuItem>
+        <DropdownMenu>
+          <DropdownMenuTrigger asChild>
+            <SidebarMenuButton
+              size="lg"
+              className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground cursor-pointer"
+            >
+              <Avatar className="h-8 w-8 rounded-lg">
+                <AvatarImage
+                  src={authStore.user?.avatarUrl}
+                  alt={authStore.user?.fullName}
+                />
+                <AvatarFallback className="rounded-lg">
+                  {splitUserFullName(authStore.user?.fullName)}
+                </AvatarFallback>
+              </Avatar>
+              <div className="grid flex-1 text-left text-sm leading-tight">
+                <span className="truncate font-medium">
+                  {authStore.user?.fullName}
+                </span>
+                <span className="truncate text-xs">
+                  {authStore.user?.email}
+                </span>
+              </div>
+              <ChevronsUpDown className="ml-auto size-4" />
+            </SidebarMenuButton>
+          </DropdownMenuTrigger>
+          <DropdownMenuContent
+            className="w-(--radix-dropdown-menu-trigger-width) min-w-56 rounded-lg"
+            side={isMobile ? "bottom" : "right"}
+            align="end"
+            sideOffset={4}
+          >
+            <DropdownMenuLabel className="p-0 font-normal">
+              <div className="flex items-center gap-2 px-1 py-1.5 text-left text-sm">
+                <Avatar className="h-8 w-8 rounded-lg">
+                  <AvatarImage
+                    src={authStore.user?.avatarUrl}
+                    alt={authStore.user?.fullName}
+                  />
+                  <AvatarFallback className="rounded-lg">
+                    {splitUserFullName(authStore.user?.fullName)}
+                  </AvatarFallback>
+                </Avatar>
+                <div className="grid flex-1 text-left text-sm leading-tight">
+                  <span className="truncate font-medium">
+                    {authStore.user?.fullName}
+                  </span>
+                  <span className="truncate text-xs">
+                    {authStore.user?.email}
+                  </span>
+                </div>
+              </div>
+            </DropdownMenuLabel>
+            <DropdownMenuSeparator />
+            <DropdownMenuItem
+              onClick={() => {
+                authStore.logout().finally(() => {
+                  navigate({ to: "/login" });
+                });
+              }}
+            >
+              <LogOut />
+              Log out
+            </DropdownMenuItem>
+          </DropdownMenuContent>
+        </DropdownMenu>
+      </SidebarMenuItem>
+    </SidebarMenu>
+  );
+}
diff --git a/frontend/src/shared/components/sidebar/project-switcher.tsx b/frontend/src/shared/components/sidebar/project-switcher.tsx
new file mode 100644
index 0000000..20adfac
--- /dev/null
+++ b/frontend/src/shared/components/sidebar/project-switcher.tsx
@@ -0,0 +1,202 @@
+import { ChevronsUpDown, Plus } from "lucide-react";
+
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuLabel,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+} from "@/shared/components/ui/dropdown-menu";
+import {
+  SidebarMenu,
+  SidebarMenuButton,
+  SidebarMenuItem,
+  useSidebar,
+} from "@/shared/components/ui/sidebar";
+import { useProjectStore } from "@/app/stores/projects";
+import { useShallow } from "zustand/react/shallow";
+import {
+  Button,
+  Dialog,
+  DialogClose,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+  Input,
+} from "../ui";
+import { Field, FieldGroup, FieldLabel } from "../ui/field";
+import { useState } from "react";
+import { toast } from "sonner";
+import { Spinner } from "../ui/spinner";
+import { cn } from "@/shared/lib/utils";
+import LogoSmall from "../logoSmall";
+
+type AddProjectProps = {
+  open: boolean;
+  setOpen: (open: boolean) => void;
+};
+
+const AddProject = ({ open, setOpen }: AddProjectProps) => {
+  const [name, setName] = useState("");
+  const [description, setDescription] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+
+  const projectsStore = useProjectStore();
+
+  const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+    e.stopPropagation();
+
+    if (!name) {
+      toast.error("Please fill in all required fields");
+      return;
+    }
+
+    try {
+      setIsLoading(true);
+      await projectsStore.createProject(name, description);
+      setOpen(false);
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={setOpen}>
+      <DialogTrigger asChild></DialogTrigger>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>Create Project</DialogTitle>
+          <DialogDescription>
+            Fill out the form below to create a new project.
+          </DialogDescription>
+        </DialogHeader>
+        <form onSubmit={handleSubmit} className="space-y-8">
+          <FieldGroup>
+            <Field>
+              <FieldLabel htmlFor="name" required>
+                Name
+              </FieldLabel>
+              <Input
+                id="name"
+                type="text"
+                placeholder="Name"
+                required
+                value={name}
+                onChange={(e) => setName(e.target.value)}
+              />
+            </Field>
+            <Field>
+              <FieldLabel htmlFor="description">Description</FieldLabel>
+              <Input
+                id="description"
+                type="text"
+                placeholder="Description"
+                value={description}
+                onChange={(e) => setDescription(e.target.value)}
+              />
+            </Field>
+          </FieldGroup>
+          <DialogFooter>
+            <DialogClose asChild>
+              <Button variant="outline">Cancel</Button>
+            </DialogClose>
+            <Button disabled={isLoading}>
+              {isLoading ? <Spinner /> : "Create Project"}
+            </Button>
+          </DialogFooter>
+        </form>
+      </DialogContent>
+    </Dialog>
+  );
+};
+
+export function ProjectSwitcher() {
+  const [open, setOpen] = useState(false);
+  const { isMobile } = useSidebar();
+  const { projects, selectedProjectId, selectedProject, selectProject } =
+    useProjectStore(
+      useShallow((state) => ({
+        projects: state.projects,
+        selectedProjectId: state.selectedProjectId,
+        selectedProject: state.selectedProject,
+        selectProject: state.selectProject,
+      })),
+    );
+
+  if (!selectedProjectId) {
+    return null;
+  }
+
+  const activeProject = selectedProject();
+
+  return (
+    <>
+      <AddProject open={open} setOpen={setOpen} />
+      <SidebarMenu>
+        <SidebarMenuItem>
+          <DropdownMenu>
+            <DropdownMenuTrigger asChild>
+              <SidebarMenuButton
+                size="lg"
+                className="data-[state=open]:bg-sidebar-accent data-[state=open]:text-sidebar-accent-foreground"
+              >
+                <div className="bg-sidebar-primary text-sidebar-primary-foreground flex aspect-square size-8 items-center justify-center rounded-lg">
+                  <LogoSmall className="size-4 fill-white transition-all dark:fill-white/60" />
+                </div>
+                <div className="grid flex-1 text-left text-sm leading-tight">
+                  <span className="truncate font-medium">
+                    {activeProject?.name}
+                  </span>
+                  <span className="truncate text-xs">
+                    {activeProject?.description}
+                  </span>
+                </div>
+                <ChevronsUpDown className="ml-auto" />
+              </SidebarMenuButton>
+            </DropdownMenuTrigger>
+            <DropdownMenuContent
+              className="w-(--radix-dropdown-menu-trigger-width) min-w-56 rounded-lg"
+              align="start"
+              side={isMobile ? "bottom" : "right"}
+              sideOffset={4}
+            >
+              <DropdownMenuLabel className="text-muted-foreground text-xs">
+                Projects
+              </DropdownMenuLabel>
+              {projects.map((project) => (
+                <DropdownMenuItem
+                  key={project.id}
+                  onClick={() => selectProject(project.id)}
+                  className={cn("cursor-pointer gap-2 p-2", {
+                    "bg-sidebar-accent text-sidebar-accent-foreground":
+                      project.id === selectedProjectId,
+                  })}
+                >
+                  {project.name}
+                </DropdownMenuItem>
+              ))}
+              <DropdownMenuSeparator />
+
+              <DropdownMenuItem
+                className="cursor-pointer gap-2 p-2"
+                onClick={() => setOpen(true)}
+              >
+                <div className="flex size-6 items-center justify-center rounded-md border bg-transparent">
+                  <Plus className="size-4" />
+                </div>
+                <div className="text-muted-foreground font-medium">
+                  Add project
+                </div>
+              </DropdownMenuItem>
+            </DropdownMenuContent>
+          </DropdownMenu>
+        </SidebarMenuItem>
+      </SidebarMenu>
+    </>
+  );
+}
diff --git a/frontend/src/shared/components/sidebar/sidebar.tsx b/frontend/src/shared/components/sidebar/sidebar.tsx
new file mode 100644
index 0000000..7bf495d
--- /dev/null
+++ b/frontend/src/shared/components/sidebar/sidebar.tsx
@@ -0,0 +1,69 @@
+import { linkOptions } from "@tanstack/react-router";
+
+import {
+  Sidebar,
+  SidebarContent,
+  SidebarFooter,
+  SidebarHeader,
+  SidebarRail,
+} from "@/shared/components/ui/sidebar";
+import { HouseIcon, SettingsIcon, GlassesIcon } from "lucide-react";
+
+import { ProjectSwitcher } from "./project-switcher";
+import { NavUser } from "./nav-user";
+import { NavMain } from "./nav-main";
+import { UpdateBanner } from "@/features/apiInfo/updateBanner";
+
+const navMain = [
+  {
+    main: linkOptions({
+      to: "/",
+      title: "Dashboard",
+      icon: HouseIcon,
+    }),
+  },
+  {
+    main: linkOptions({
+      to: "/agents",
+      title: "Agents",
+      icon: GlassesIcon,
+    }),
+  },
+  {
+    main: linkOptions({
+      to: "/settings",
+      title: "Settings",
+      icon: SettingsIcon,
+    }),
+    items: [
+      linkOptions({
+        to: "/settings/notifications",
+        title: "Notifications",
+      }),
+      linkOptions({
+        to: "/settings/notifications-history",
+        title: "Notifications history",
+      }),
+    ],
+  },
+];
+
+type AppSidebarProps = React.ComponentProps<typeof Sidebar>;
+
+export function AppSidebar({ ...props }: AppSidebarProps) {
+  return (
+    <Sidebar collapsible="icon" {...props}>
+      <SidebarHeader>
+        <ProjectSwitcher />
+      </SidebarHeader>
+      <SidebarContent>
+        <NavMain items={navMain} />
+      </SidebarContent>
+      <SidebarFooter>
+        <UpdateBanner />
+        <NavUser />
+      </SidebarFooter>
+      <SidebarRail />
+    </Sidebar>
+  );
+}
diff --git a/frontend/src/shared/components/theme-toggle.tsx b/frontend/src/shared/components/theme-toggle.tsx
new file mode 100644
index 0000000..05725de
--- /dev/null
+++ b/frontend/src/shared/components/theme-toggle.tsx
@@ -0,0 +1,24 @@
+import { MoonStarIcon, SunIcon } from "lucide-react";
+import { Button } from "@/shared/components/ui/button";
+import { useUserPreferenceStore } from "@/app/stores/userPreferience";
+import { useShallow } from "zustand/react/shallow";
+
+export function ThemeToggle() {
+  const { toggleTheme } = useUserPreferenceStore(
+    useShallow((s) => ({
+      toggleTheme: s.toggleTheme,
+    })),
+  );
+
+  return (
+    <Button
+      variant="ghost"
+      size="icon"
+      aria-label="Toggle theme"
+      onClick={() => toggleTheme()}
+    >
+      <SunIcon className="size-5 -rotate-90 transition-all dark:rotate-0 dark:opacity-0" />
+      <MoonStarIcon className="absolute size-5 -rotate-90 opacity-0 transition-all dark:rotate-0 dark:opacity-100" />
+    </Button>
+  );
+}
diff --git a/frontend/src/shared/components/typography/index.tsx b/frontend/src/shared/components/typography/index.tsx
new file mode 100644
index 0000000..e7e0302
--- /dev/null
+++ b/frontend/src/shared/components/typography/index.tsx
@@ -0,0 +1,181 @@
+import { cn } from "@/shared/lib/utils";
+
+export function H1({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h1
+      className={cn(
+        "scroll-m-20 text-4xl font-extrabold tracking-tight text-balance",
+        className,
+      )}
+    >
+      {children}
+    </h1>
+  );
+}
+
+export function H2({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h2
+      className={cn(
+        "scroll-m-20 border-b pb-2 text-3xl font-semibold tracking-tight first:mt-0",
+        className,
+      )}
+    >
+      {children}
+    </h2>
+  );
+}
+
+export function H3({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h3
+      className={cn(
+        "scroll-m-20 text-2xl font-semibold tracking-tight",
+        className,
+      )}
+    >
+      {children}
+    </h3>
+  );
+}
+
+export function H4({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h4
+      className={cn(
+        "scroll-m-20 text-xl font-medium tracking-tight",
+        className,
+      )}
+    >
+      {children}
+    </h4>
+  );
+}
+
+export function H5({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h5
+      className={cn(
+        "scroll-m-20 text-lg font-medium tracking-tight",
+        className,
+      )}
+    >
+      {children}
+    </h5>
+  );
+}
+
+export function H6({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <h6
+      className={cn(
+        "scroll-m-20 text-base font-medium tracking-tight",
+        className,
+      )}
+    >
+      {children}
+    </h6>
+  );
+}
+
+export function P({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <p className={cn("leading-7 [&:not(:first-child)]:mt-3", className)}>
+      {children}
+    </p>
+  );
+}
+
+export function Blockquote({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <blockquote className={cn("mt-6 border-l-2 pl-6 italic", className)}>
+      {children}
+    </blockquote>
+  );
+}
+
+export function InlineCode({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <code
+      className={cn(
+        "bg-muted relative rounded px-[0.3rem] py-[0.2rem] font-mono text-sm",
+        className,
+      )}
+    >
+      {children}
+    </code>
+  );
+}
+
+export function BlockCode({
+  children,
+  className,
+}: {
+  children?: React.ReactNode;
+  className?: string;
+}) {
+  return (
+    <pre
+      className={cn(
+        "bg-muted relative rounded px-[0.3rem] py-[0.2rem] font-mono text-sm",
+        className,
+      )}
+    >
+      {children}
+    </pre>
+  );
+}
diff --git a/frontend/src/shared/components/ui/alert-dialog.tsx b/frontend/src/shared/components/ui/alert-dialog.tsx
index f3894b9..2a5b2fe 100644
--- a/frontend/src/shared/components/ui/alert-dialog.tsx
+++ b/frontend/src/shared/components/ui/alert-dialog.tsx
@@ -52,7 +52,7 @@ function AlertDialogContent({
       <AlertDialogPrimitive.Content
         data-slot="alert-dialog-content"
         className={cn(
-          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-1/2 left-1/2 z-50 grid max-h-[calc(100%-2rem)] w-full max-w-[calc(100%-2rem)] -translate-x-1/2 -translate-y-1/2 gap-4 overflow-y-auto rounded-xl border p-6 shadow-lg duration-200 sm:max-w-100",
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 sm:max-w-lg",
           className,
         )}
         {...props}
@@ -68,7 +68,7 @@ function AlertDialogHeader({
   return (
     <div
       data-slot="alert-dialog-header"
-      className={cn("flex flex-col gap-1 text-center sm:text-left", className)}
+      className={cn("flex flex-col gap-2 text-center sm:text-left", className)}
       {...props}
     />
   );
@@ -82,7 +82,7 @@ function AlertDialogFooter({
     <div
       data-slot="alert-dialog-footer"
       className={cn(
-        "flex flex-col-reverse gap-3 sm:flex-row sm:justify-end",
+        "flex flex-col-reverse gap-2 sm:flex-row sm:justify-end",
         className,
       )}
       {...props}
@@ -142,14 +142,14 @@ function AlertDialogCancel({
 
 export {
   AlertDialog,
-  AlertDialogAction,
-  AlertDialogCancel,
+  AlertDialogPortal,
+  AlertDialogOverlay,
+  AlertDialogTrigger,
   AlertDialogContent,
-  AlertDialogDescription,
-  AlertDialogFooter,
   AlertDialogHeader,
-  AlertDialogOverlay,
-  AlertDialogPortal,
+  AlertDialogFooter,
   AlertDialogTitle,
-  AlertDialogTrigger,
+  AlertDialogDescription,
+  AlertDialogAction,
+  AlertDialogCancel,
 };
diff --git a/frontend/src/shared/components/ui/alert.tsx b/frontend/src/shared/components/ui/alert.tsx
index f30a211..eda8e2f 100644
--- a/frontend/src/shared/components/ui/alert.tsx
+++ b/frontend/src/shared/components/ui/alert.tsx
@@ -4,7 +4,7 @@ import { cva, type VariantProps } from "class-variance-authority";
 import { cn } from "@shared/lib/utils";
 
 const alertVariants = cva(
-  "relative w-full rounded-lg border border-zinc-200 px-4 py-3 text-sm grid has-[>svg]:grid-cols-[calc(var(--spacing)*4)_1fr] grid-cols-[0_1fr] has-[>svg]:gap-x-3 gap-y-0.5 items-start [&>svg]:size-4 [&>svg]:translate-y-0.5 [&>svg]:text-current",
+  "relative w-full rounded-lg border px-4 py-3 text-sm grid has-[>svg]:grid-cols-[calc(var(--spacing)*4)_1fr] grid-cols-[0_1fr] has-[>svg]:gap-x-3 gap-y-0.5 items-start [&>svg]:size-4 [&>svg]:translate-y-0.5 [&>svg]:text-current",
   {
     variants: {
       variant: {
diff --git a/frontend/src/shared/components/ui/avatar.tsx b/frontend/src/shared/components/ui/avatar.tsx
new file mode 100644
index 0000000..89d1f9c
--- /dev/null
+++ b/frontend/src/shared/components/ui/avatar.tsx
@@ -0,0 +1,51 @@
+import * as React from "react"
+import { Avatar as AvatarPrimitive } from "radix-ui"
+
+import { cn } from "@shared/lib/utils"
+
+function Avatar({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Root>) {
+  return (
+    <AvatarPrimitive.Root
+      data-slot="avatar"
+      className={cn(
+        "relative flex size-8 shrink-0 overflow-hidden rounded-full",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function AvatarImage({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Image>) {
+  return (
+    <AvatarPrimitive.Image
+      data-slot="avatar-image"
+      className={cn("aspect-square size-full", className)}
+      {...props}
+    />
+  )
+}
+
+function AvatarFallback({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Fallback>) {
+  return (
+    <AvatarPrimitive.Fallback
+      data-slot="avatar-fallback"
+      className={cn(
+        "bg-muted flex size-full items-center justify-center rounded-full",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Avatar, AvatarImage, AvatarFallback }
diff --git a/frontend/src/shared/components/ui/badge.tsx b/frontend/src/shared/components/ui/badge.tsx
index c34df73..30e76f8 100644
--- a/frontend/src/shared/components/ui/badge.tsx
+++ b/frontend/src/shared/components/ui/badge.tsx
@@ -15,6 +15,13 @@ const badgeVariants = cva(
           "border-transparent bg-secondary text-secondary-foreground [a&]:hover:bg-secondary/90",
         destructive:
           "border-transparent bg-destructive text-white [a&]:hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
+        success:
+          "border-transparent bg-emerald-100 text-emerald-600 dark:bg-emerald-300/30 dark:text-emerald-400",
+        warning:
+          "border-transparent bg-yellow-100 text-yellow-600 dark:bg-yellow-300/30 dark:text-yellow-500",
+        error:
+          "border-transparent bg-rose-100 text-rose-600 dark:bg-rose-300/30 dark:text-rose-400",
+        info: "border-transparent bg-blue-100 text-blue-600 dark:bg-blue-300/30 dark:text-blue-400",
         outline:
           "text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground",
       },
diff --git a/frontend/src/shared/components/ui/button-group.tsx b/frontend/src/shared/components/ui/button-group.tsx
new file mode 100644
index 0000000..7b4e041
--- /dev/null
+++ b/frontend/src/shared/components/ui/button-group.tsx
@@ -0,0 +1,83 @@
+import { Slot as SlotPrimitive } from "radix-ui"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@shared/lib/utils"
+import { Separator } from "@shared/components/ui/separator"
+
+const buttonGroupVariants = cva(
+  "flex w-fit items-stretch [&>*]:focus-visible:z-10 [&>*]:focus-visible:relative [&>[data-slot=select-trigger]:not([class*='w-'])]:w-fit [&>input]:flex-1 has-[select[aria-hidden=true]:last-child]:[&>[data-slot=select-trigger]:last-of-type]:rounded-r-md has-[>[data-slot=button-group]]:gap-2",
+  {
+    variants: {
+      orientation: {
+        horizontal:
+          "[&>*:not(:first-child)]:rounded-l-none [&>*:not(:first-child)]:border-l-0 [&>*:not(:last-child)]:rounded-r-none",
+        vertical:
+          "flex-col [&>*:not(:first-child)]:rounded-t-none [&>*:not(:first-child)]:border-t-0 [&>*:not(:last-child)]:rounded-b-none",
+      },
+    },
+    defaultVariants: {
+      orientation: "horizontal",
+    },
+  }
+)
+
+function ButtonGroup({
+  className,
+  orientation,
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof buttonGroupVariants>) {
+  return (
+    <div
+      role="group"
+      data-slot="button-group"
+      data-orientation={orientation}
+      className={cn(buttonGroupVariants({ orientation }), className)}
+      {...props}
+    />
+  )
+}
+
+function ButtonGroupText({
+  className,
+  asChild = false,
+  ...props
+}: React.ComponentProps<"div"> & {
+  asChild?: boolean
+}) {
+  const Comp = asChild ? SlotPrimitive.Slot : "div"
+
+  return (
+    <Comp
+      className={cn(
+        "bg-muted flex items-center gap-2 rounded-md border px-4 text-sm font-medium shadow-xs [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function ButtonGroupSeparator({
+  className,
+  orientation = "vertical",
+  ...props
+}: React.ComponentProps<typeof Separator>) {
+  return (
+    <Separator
+      data-slot="button-group-separator"
+      orientation={orientation}
+      className={cn(
+        "bg-input relative !m-0 self-stretch data-[orientation=vertical]:h-auto",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export {
+  ButtonGroup,
+  ButtonGroupSeparator,
+  ButtonGroupText,
+  buttonGroupVariants,
+}
diff --git a/frontend/src/shared/components/ui/button.tsx b/frontend/src/shared/components/ui/button.tsx
index 12151bb..0441fc7 100644
--- a/frontend/src/shared/components/ui/button.tsx
+++ b/frontend/src/shared/components/ui/button.tsx
@@ -9,23 +9,24 @@ const buttonVariants = cva(
   {
     variants: {
       variant: {
-        default:
-          "bg-primary text-primary-foreground shadow-xs hover:bg-primary/90",
+        default: "bg-primary text-primary-foreground hover:bg-primary/90",
         destructive:
-          "bg-destructive text-white shadow-xs hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
+          "bg-destructive text-white hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
         outline:
           "border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50",
         secondary:
-          "bg-secondary text-secondary-foreground shadow-xs hover:bg-secondary/80",
+          "bg-secondary text-secondary-foreground hover:bg-secondary/80",
         ghost:
           "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
         link: "text-primary underline-offset-4 hover:underline",
       },
       size: {
-        default: "h-9 px-4 py-2 has-[>svg]:px-3",
-        sm: "h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5",
-        lg: "h-10 rounded-md px-6 has-[>svg]:px-4",
-        icon: "size-9",
+        "default": "h-9 px-4 py-2 has-[>svg]:px-3",
+        "sm": "h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5",
+        "lg": "h-10 rounded-md px-6 has-[>svg]:px-4",
+        "icon": "size-9",
+        "icon-sm": "size-8",
+        "icon-lg": "size-10",
       },
     },
     defaultVariants: {
diff --git a/frontend/src/shared/components/ui/card.tsx b/frontend/src/shared/components/ui/card.tsx
index ec032d8..b02237d 100644
--- a/frontend/src/shared/components/ui/card.tsx
+++ b/frontend/src/shared/components/ui/card.tsx
@@ -7,7 +7,7 @@ function Card({ className, ...props }: React.ComponentProps<"div">) {
     <div
       data-slot="card"
       className={cn(
-        "bg-card text-card-foreground flex flex-col gap-6 rounded-xl border border-zinc-200 py-3.5 md:py-6",
+        "bg-card text-card-foreground flex flex-col gap-6 rounded-xl border py-6",
         className,
       )}
       {...props}
@@ -20,7 +20,7 @@ function CardHeader({ className, ...props }: React.ComponentProps<"div">) {
     <div
       data-slot="card-header"
       className={cn(
-        "@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-1.5 px-3.5 has-data-[slot=card-action]:grid-cols-[1fr_auto] md:px-6 [.border-b]:pb-6",
+        "@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-1.5 px-6 has-data-[slot=card-action]:grid-cols-[1fr_auto] [.border-b]:pb-6",
         className,
       )}
       {...props}
@@ -65,7 +65,7 @@ function CardContent({ className, ...props }: React.ComponentProps<"div">) {
   return (
     <div
       data-slot="card-content"
-      className={cn("px-3.5 md:px-6", className)}
+      className={cn("px-6", className)}
       {...props}
     />
   );
@@ -75,10 +75,7 @@ function CardFooter({ className, ...props }: React.ComponentProps<"div">) {
   return (
     <div
       data-slot="card-footer"
-      className={cn(
-        "flex items-center px-3.5 md:px-6 [.border-t]:pt-6",
-        className,
-      )}
+      className={cn("flex items-center px-6 [.border-t]:pt-6", className)}
       {...props}
     />
   );
diff --git a/frontend/src/shared/components/ui/code.tsx b/frontend/src/shared/components/ui/code.tsx
new file mode 100644
index 0000000..3d49c3b
--- /dev/null
+++ b/frontend/src/shared/components/ui/code.tsx
@@ -0,0 +1,76 @@
+import * as React from "react";
+import { Highlight, themes, Prism, type Language } from "prism-react-renderer";
+import { cn } from "@/shared/lib/utils";
+import { useUserPreferenceStore } from "@/app/stores/userPreferience";
+import { useShallow } from "zustand/react/shallow";
+
+type Props = {
+  code: string;
+  language?: Language;
+  maxHeight?: string;
+  className?: string;
+};
+
+export function CodeBlock({
+  code,
+  language = "tsx",
+  maxHeight,
+  className = "",
+}: Props) {
+  const [copied, setCopied] = React.useState(false);
+  const { currentTheme } = useUserPreferenceStore(
+    useShallow((s) => ({ currentTheme: s.theme })),
+  );
+
+  const onCopy = async () => {
+    try {
+      await navigator.clipboard.writeText(code);
+      setCopied(true);
+      setTimeout(() => setCopied(false), 2000);
+    } catch {
+      // ignore
+    }
+  };
+
+  const theme = currentTheme === "dark" ? themes.oneDark : themes.github;
+
+  return (
+    <div
+      className={cn(
+        "relative overflow-hidden rounded-lg border border-black/10 dark:border-white/10",
+        className,
+      )}
+    >
+      <button
+        onClick={onCopy}
+        aria-label="Copy code"
+        className="absolute top-2 right-2 z-10 cursor-pointer rounded-md bg-[#ebeced] px-2 py-1 text-xs font-medium transition hover:bg-[#dedfe1] dark:bg-[#3d4148] dark:hover:bg-[#54565d]"
+        type="button"
+      >
+        {copied ? "Copied" : "Copy"}
+      </button>
+
+      <Highlight
+        code={code.trimEnd()}
+        language={language}
+        theme={theme}
+        prism={Prism}
+      >
+        {({ className, style, tokens, getLineProps, getTokenProps }) => (
+          <pre
+            className={`${className} m-0 overflow-auto p-4`}
+            style={{ ...style, maxHeight }}
+          >
+            {tokens.map((line, i) => (
+              <div key={i} {...getLineProps({ line })}>
+                {line.map((token, key) => (
+                  <span key={key} {...getTokenProps({ token })} />
+                ))}
+              </div>
+            ))}
+          </pre>
+        )}
+      </Highlight>
+    </div>
+  );
+}
diff --git a/frontend/src/shared/components/ui/collapsible.tsx b/frontend/src/shared/components/ui/collapsible.tsx
new file mode 100644
index 0000000..63fc8ef
--- /dev/null
+++ b/frontend/src/shared/components/ui/collapsible.tsx
@@ -0,0 +1,31 @@
+import { Collapsible as CollapsiblePrimitive } from "radix-ui"
+
+function Collapsible({
+  ...props
+}: React.ComponentProps<typeof CollapsiblePrimitive.Root>) {
+  return <CollapsiblePrimitive.Root data-slot="collapsible" {...props} />
+}
+
+function CollapsibleTrigger({
+  ...props
+}: React.ComponentProps<typeof CollapsiblePrimitive.CollapsibleTrigger>) {
+  return (
+    <CollapsiblePrimitive.CollapsibleTrigger
+      data-slot="collapsible-trigger"
+      {...props}
+    />
+  )
+}
+
+function CollapsibleContent({
+  ...props
+}: React.ComponentProps<typeof CollapsiblePrimitive.CollapsibleContent>) {
+  return (
+    <CollapsiblePrimitive.CollapsibleContent
+      data-slot="collapsible-content"
+      {...props}
+    />
+  )
+}
+
+export { Collapsible, CollapsibleTrigger, CollapsibleContent }
diff --git a/frontend/src/shared/components/ui/copy.tsx b/frontend/src/shared/components/ui/copy.tsx
new file mode 100644
index 0000000..a0aa1f4
--- /dev/null
+++ b/frontend/src/shared/components/ui/copy.tsx
@@ -0,0 +1,71 @@
+import { useState } from "react";
+import { CheckIcon, CopyIcon } from "lucide-react";
+
+import { Button } from "@/shared/components/ui/button";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@/shared/components/ui/tooltip";
+import { cn } from "@/shared/lib/utils";
+import { toast } from "sonner";
+
+interface CopyToClipboardProps {
+  text: string;
+}
+
+export default function CopyToClipboard({ text }: CopyToClipboardProps) {
+  const [copied, setCopied] = useState<boolean>(false);
+
+  const handleCopy = async () => {
+    try {
+      await navigator.clipboard.writeText(text);
+      setCopied(true);
+      setTimeout(() => setCopied(false), 1500);
+    } catch (err) {
+      toast.error("Failed to copy text: " + (err as Error).message);
+    }
+  };
+
+  return (
+    <TooltipProvider delayDuration={0}>
+      <Tooltip>
+        <TooltipTrigger asChild>
+          <Button
+            variant="outline"
+            size="icon"
+            className="disabled:opacity-100"
+            onClick={handleCopy}
+            aria-label={copied ? "Copied" : "Copy to clipboard"}
+            disabled={copied}
+          >
+            <div
+              className={cn(
+                "transition-all",
+                copied ? "scale-100 opacity-100" : "scale-0 opacity-0",
+              )}
+            >
+              <CheckIcon
+                className="stroke-emerald-500"
+                size={16}
+                aria-hidden="true"
+              />
+            </div>
+            <div
+              className={cn(
+                "absolute transition-all",
+                copied ? "scale-0 opacity-0" : "scale-100 opacity-100",
+              )}
+            >
+              <CopyIcon size={16} aria-hidden="true" />
+            </div>
+          </Button>
+        </TooltipTrigger>
+        <TooltipContent className="px-2 py-1 text-xs">
+          Click to copy
+        </TooltipContent>
+      </Tooltip>
+    </TooltipProvider>
+  );
+}
diff --git a/frontend/src/shared/components/ui/dialog.tsx b/frontend/src/shared/components/ui/dialog.tsx
index 2dd7666..50394a6 100644
--- a/frontend/src/shared/components/ui/dialog.tsx
+++ b/frontend/src/shared/components/ui/dialog.tsx
@@ -36,7 +36,7 @@ function DialogOverlay({
     <DialogPrimitive.Overlay
       data-slot="dialog-overlay"
       className={cn(
-        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/80",
         className,
       )}
       {...props}
diff --git a/frontend/src/shared/components/ui/empty.tsx b/frontend/src/shared/components/ui/empty.tsx
new file mode 100644
index 0000000..f553ded
--- /dev/null
+++ b/frontend/src/shared/components/ui/empty.tsx
@@ -0,0 +1,104 @@
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@shared/lib/utils"
+
+function Empty({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="empty"
+      className={cn(
+        "flex min-w-0 flex-1 flex-col items-center justify-center gap-6 rounded-lg border-dashed p-6 text-center text-balance md:p-12",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function EmptyHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="empty-header"
+      className={cn(
+        "flex max-w-sm flex-col items-center gap-2 text-center",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+const emptyMediaVariants = cva(
+  "flex shrink-0 items-center justify-center mb-2 [&_svg]:pointer-events-none [&_svg]:shrink-0",
+  {
+    variants: {
+      variant: {
+        default: "bg-transparent",
+        icon: "bg-muted text-foreground flex size-10 shrink-0 items-center justify-center rounded-lg [&_svg:not([class*='size-'])]:size-6",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+function EmptyMedia({
+  className,
+  variant = "default",
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof emptyMediaVariants>) {
+  return (
+    <div
+      data-slot="empty-icon"
+      data-variant={variant}
+      className={cn(emptyMediaVariants({ variant, className }))}
+      {...props}
+    />
+  )
+}
+
+function EmptyTitle({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="empty-title"
+      className={cn("text-lg font-medium tracking-tight", className)}
+      {...props}
+    />
+  )
+}
+
+function EmptyDescription({ className, ...props }: React.ComponentProps<"p">) {
+  return (
+    <div
+      data-slot="empty-description"
+      className={cn(
+        "text-muted-foreground [&>a:hover]:text-primary text-sm/relaxed [&>a]:underline [&>a]:underline-offset-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function EmptyContent({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="empty-content"
+      className={cn(
+        "flex w-full max-w-sm min-w-0 flex-col items-center gap-4 text-sm text-balance",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export {
+  Empty,
+  EmptyHeader,
+  EmptyTitle,
+  EmptyDescription,
+  EmptyContent,
+  EmptyMedia,
+}
diff --git a/frontend/src/shared/components/ui/field.tsx b/frontend/src/shared/components/ui/field.tsx
new file mode 100644
index 0000000..e78421d
--- /dev/null
+++ b/frontend/src/shared/components/ui/field.tsx
@@ -0,0 +1,242 @@
+import { useMemo } from "react"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@shared/lib/utils"
+import { Label } from "@shared/components/ui/label"
+import { Separator } from "@shared/components/ui/separator"
+
+function FieldSet({ className, ...props }: React.ComponentProps<"fieldset">) {
+  return (
+    <fieldset
+      data-slot="field-set"
+      className={cn(
+        "flex flex-col gap-6",
+        "has-[>[data-slot=checkbox-group]]:gap-3 has-[>[data-slot=radio-group]]:gap-3",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldLegend({
+  className,
+  variant = "legend",
+  ...props
+}: React.ComponentProps<"legend"> & { variant?: "legend" | "label" }) {
+  return (
+    <legend
+      data-slot="field-legend"
+      data-variant={variant}
+      className={cn(
+        "mb-3 font-medium",
+        "data-[variant=legend]:text-base",
+        "data-[variant=label]:text-sm",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldGroup({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="field-group"
+      className={cn(
+        "group/field-group @container/field-group flex w-full flex-col gap-7 data-[slot=checkbox-group]:gap-3 [&>[data-slot=field-group]]:gap-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+const fieldVariants = cva(
+  "group/field flex w-full gap-3 data-[invalid=true]:text-destructive",
+  {
+    variants: {
+      orientation: {
+        vertical: ["flex-col [&>*]:w-full [&>.sr-only]:w-auto"],
+        horizontal: [
+          "flex-row items-center",
+          "[&>[data-slot=field-label]]:flex-auto",
+          "has-[>[data-slot=field-content]]:items-start has-[>[data-slot=field-content]]:[&>[role=checkbox],[role=radio]]:mt-px",
+        ],
+        responsive: [
+          "flex-col [&>*]:w-full [&>.sr-only]:w-auto @md/field-group:flex-row @md/field-group:items-center @md/field-group:[&>*]:w-auto",
+          "@md/field-group:[&>[data-slot=field-label]]:flex-auto",
+          "@md/field-group:has-[>[data-slot=field-content]]:items-start @md/field-group:has-[>[data-slot=field-content]]:[&>[role=checkbox],[role=radio]]:mt-px",
+        ],
+      },
+    },
+    defaultVariants: {
+      orientation: "vertical",
+    },
+  }
+)
+
+function Field({
+  className,
+  orientation = "vertical",
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof fieldVariants>) {
+  return (
+    <div
+      role="group"
+      data-slot="field"
+      data-orientation={orientation}
+      className={cn(fieldVariants({ orientation }), className)}
+      {...props}
+    />
+  )
+}
+
+function FieldContent({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="field-content"
+      className={cn(
+        "group/field-content flex flex-1 flex-col gap-1.5 leading-snug",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldLabel({
+  className,
+  ...props
+}: React.ComponentProps<typeof Label>) {
+  return (
+    <Label
+      data-slot="field-label"
+      className={cn(
+        "group/field-label peer/field-label flex w-fit gap-2 leading-snug group-data-[disabled=true]/field:opacity-50",
+        "has-[>[data-slot=field]]:w-full has-[>[data-slot=field]]:flex-col has-[>[data-slot=field]]:rounded-md has-[>[data-slot=field]]:border [&>*]:data-[slot=field]:p-4",
+        "has-data-[state=checked]:bg-primary/5 has-data-[state=checked]:border-primary dark:has-data-[state=checked]:bg-primary/10",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldTitle({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="field-label"
+      className={cn(
+        "flex w-fit items-center gap-2 text-sm leading-snug font-medium group-data-[disabled=true]/field:opacity-50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldDescription({ className, ...props }: React.ComponentProps<"p">) {
+  return (
+    <p
+      data-slot="field-description"
+      className={cn(
+        "text-muted-foreground text-sm leading-normal font-normal group-has-[[data-orientation=horizontal]]/field:text-balance",
+        "last:mt-0 nth-last-2:-mt-1 [[data-variant=legend]+&]:-mt-1.5",
+        "[&>a:hover]:text-primary [&>a]:underline [&>a]:underline-offset-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function FieldSeparator({
+  children,
+  className,
+  ...props
+}: React.ComponentProps<"div"> & {
+  children?: React.ReactNode
+}) {
+  return (
+    <div
+      data-slot="field-separator"
+      data-content={!!children}
+      className={cn(
+        "relative -my-2 h-5 text-sm group-data-[variant=outline]/field-group:-mb-2",
+        className
+      )}
+      {...props}
+    >
+      <Separator className="absolute inset-0 top-1/2" />
+      {children && (
+        <span
+          className="bg-background text-muted-foreground relative mx-auto block w-fit px-2"
+          data-slot="field-separator-content"
+        >
+          {children}
+        </span>
+      )}
+    </div>
+  )
+}
+
+function FieldError({
+  className,
+  children,
+  errors,
+  ...props
+}: React.ComponentProps<"div"> & {
+  errors?: Array<{ message?: string } | undefined>
+}) {
+  const content = useMemo(() => {
+    if (children) {
+      return children
+    }
+
+    if (!errors) {
+      return null
+    }
+
+    if (errors?.length === 1 && errors[0]?.message) {
+      return errors[0].message
+    }
+
+    return (
+      <ul className="ml-4 flex list-disc flex-col gap-1">
+        {errors.map(
+          (error, index) =>
+            error?.message && <li key={index}>{error.message}</li>
+        )}
+      </ul>
+    )
+  }, [children, errors])
+
+  if (!content) {
+    return null
+  }
+
+  return (
+    <div
+      role="alert"
+      data-slot="field-error"
+      className={cn("text-destructive text-sm font-normal", className)}
+      {...props}
+    >
+      {content}
+    </div>
+  )
+}
+
+export {
+  Field,
+  FieldLabel,
+  FieldDescription,
+  FieldError,
+  FieldGroup,
+  FieldLegend,
+  FieldSeparator,
+  FieldSet,
+  FieldContent,
+  FieldTitle,
+}
diff --git a/frontend/src/shared/components/ui/index.ts b/frontend/src/shared/components/ui/index.ts
index edc5c46..c985772 100644
--- a/frontend/src/shared/components/ui/index.ts
+++ b/frontend/src/shared/components/ui/index.ts
@@ -15,3 +15,9 @@ export * from "./pagination";
 export * from "./progress";
 export * from "./inputTag";
 export * from "./selectWithClear";
+export * from "./multiselect";
+export * from "./field";
+export * from "./switch";
+export * from "./separator";
+export * from "./alert-dialog";
+export * from "./copy";
diff --git a/frontend/src/shared/components/ui/input-group.tsx b/frontend/src/shared/components/ui/input-group.tsx
new file mode 100644
index 0000000..2f29533
--- /dev/null
+++ b/frontend/src/shared/components/ui/input-group.tsx
@@ -0,0 +1,168 @@
+import * as React from "react"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@shared/lib/utils"
+import { Button } from "@shared/components/ui/button"
+import { Input } from "@shared/components/ui/input"
+import { Textarea } from "@shared/components/ui/textarea"
+
+function InputGroup({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="input-group"
+      role="group"
+      className={cn(
+        "group/input-group border-input dark:bg-input/30 relative flex w-full items-center rounded-md border shadow-xs transition-[color,box-shadow] outline-none",
+        "h-9 has-[>textarea]:h-auto",
+
+        // Variants based on alignment.
+        "has-[>[data-align=inline-start]]:[&>input]:pl-2",
+        "has-[>[data-align=inline-end]]:[&>input]:pr-2",
+        "has-[>[data-align=block-start]]:h-auto has-[>[data-align=block-start]]:flex-col has-[>[data-align=block-start]]:[&>input]:pb-3",
+        "has-[>[data-align=block-end]]:h-auto has-[>[data-align=block-end]]:flex-col has-[>[data-align=block-end]]:[&>input]:pt-3",
+
+        // Focus state.
+        "has-[[data-slot=input-group-control]:focus-visible]:border-ring has-[[data-slot=input-group-control]:focus-visible]:ring-ring/50 has-[[data-slot=input-group-control]:focus-visible]:ring-[3px]",
+
+        // Error state.
+        "has-[[data-slot][aria-invalid=true]]:ring-destructive/20 has-[[data-slot][aria-invalid=true]]:border-destructive dark:has-[[data-slot][aria-invalid=true]]:ring-destructive/40",
+
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+const inputGroupAddonVariants = cva(
+  "text-muted-foreground flex h-auto cursor-text items-center justify-center gap-2 py-1.5 text-sm font-medium select-none [&>svg:not([class*='size-'])]:size-4 [&>kbd]:rounded-[calc(var(--radius)-5px)] group-data-[disabled=true]/input-group:opacity-50",
+  {
+    variants: {
+      align: {
+        "inline-start":
+          "order-first pl-3 has-[>button]:ml-[-0.45rem] has-[>kbd]:ml-[-0.35rem]",
+        "inline-end":
+          "order-last pr-3 has-[>button]:mr-[-0.45rem] has-[>kbd]:mr-[-0.35rem]",
+        "block-start":
+          "order-first w-full justify-start px-3 pt-3 [.border-b]:pb-3 group-has-[>input]/input-group:pt-2.5",
+        "block-end":
+          "order-last w-full justify-start px-3 pb-3 [.border-t]:pt-3 group-has-[>input]/input-group:pb-2.5",
+      },
+    },
+    defaultVariants: {
+      align: "inline-start",
+    },
+  }
+)
+
+function InputGroupAddon({
+  className,
+  align = "inline-start",
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof inputGroupAddonVariants>) {
+  return (
+    <div
+      role="group"
+      data-slot="input-group-addon"
+      data-align={align}
+      className={cn(inputGroupAddonVariants({ align }), className)}
+      onClick={(e) => {
+        if ((e.target as HTMLElement).closest("button")) {
+          return
+        }
+        e.currentTarget.parentElement?.querySelector("input")?.focus()
+      }}
+      {...props}
+    />
+  )
+}
+
+const inputGroupButtonVariants = cva(
+  "text-sm shadow-none flex gap-2 items-center",
+  {
+    variants: {
+      size: {
+        xs: "h-6 gap-1 px-2 rounded-[calc(var(--radius)-5px)] [&>svg:not([class*='size-'])]:size-3.5 has-[>svg]:px-2",
+        sm: "h-8 px-2.5 gap-1.5 rounded-md has-[>svg]:px-2.5",
+        "icon-xs":
+          "size-6 rounded-[calc(var(--radius)-5px)] p-0 has-[>svg]:p-0",
+        "icon-sm": "size-8 p-0 has-[>svg]:p-0",
+      },
+    },
+    defaultVariants: {
+      size: "xs",
+    },
+  }
+)
+
+function InputGroupButton({
+  className,
+  type = "button",
+  variant = "ghost",
+  size = "xs",
+  ...props
+}: Omit<React.ComponentProps<typeof Button>, "size"> &
+  VariantProps<typeof inputGroupButtonVariants>) {
+  return (
+    <Button
+      type={type}
+      data-size={size}
+      variant={variant}
+      className={cn(inputGroupButtonVariants({ size }), className)}
+      {...props}
+    />
+  )
+}
+
+function InputGroupText({ className, ...props }: React.ComponentProps<"span">) {
+  return (
+    <span
+      className={cn(
+        "text-muted-foreground flex items-center gap-2 text-sm [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function InputGroupInput({
+  className,
+  ...props
+}: React.ComponentProps<"input">) {
+  return (
+    <Input
+      data-slot="input-group-control"
+      className={cn(
+        "flex-1 rounded-none border-0 bg-transparent shadow-none focus-visible:ring-0 dark:bg-transparent",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function InputGroupTextarea({
+  className,
+  ...props
+}: React.ComponentProps<"textarea">) {
+  return (
+    <Textarea
+      data-slot="input-group-control"
+      className={cn(
+        "flex-1 resize-none rounded-none border-0 bg-transparent py-3 shadow-none focus-visible:ring-0 dark:bg-transparent",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export {
+  InputGroup,
+  InputGroupAddon,
+  InputGroupButton,
+  InputGroupText,
+  InputGroupInput,
+  InputGroupTextarea,
+}
diff --git a/frontend/src/shared/components/ui/input.tsx b/frontend/src/shared/components/ui/input.tsx
index 854374a..be0ff4c 100644
--- a/frontend/src/shared/components/ui/input.tsx
+++ b/frontend/src/shared/components/ui/input.tsx
@@ -1,6 +1,6 @@
-import * as React from "react";
+import * as React from "react"
 
-import { cn } from "@shared/lib/utils";
+import { cn } from "@shared/lib/utils"
 
 function Input({ className, type, ...props }: React.ComponentProps<"input">) {
   return (
@@ -8,14 +8,14 @@ function Input({ className, type, ...props }: React.ComponentProps<"input">) {
       type={type}
       data-slot="input"
       className={cn(
-        "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground dark:bg-input/30 border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base shadow-xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
+        "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground dark:bg-input/30 border-input h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base shadow-xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
         "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]",
         "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
-        className,
+        className
       )}
       {...props}
     />
-  );
+  )
 }
 
-export { Input };
+export { Input }
diff --git a/frontend/src/shared/components/ui/inputTag.tsx b/frontend/src/shared/components/ui/inputTag.tsx
index be66cee..b4df4d0 100644
--- a/frontend/src/shared/components/ui/inputTag.tsx
+++ b/frontend/src/shared/components/ui/inputTag.tsx
@@ -19,7 +19,7 @@ export default function InputTag({ tags, setTags }: InputTagProps) {
         placeholder="Add a tag"
         styleClasses={{
           inlineTagsContainer:
-            "border-input rounded-md bg-white shadow-xs transition-[color,box-shadow] focus-within:border-ring outline-none focus-within:ring-[3px] focus-within:ring-ring/50 p-1 gap-1",
+            "border-input rounded-md bg-white dark:bg-input/30 shadow-xs transition-[color,box-shadow] focus-within:border-ring outline-none focus-within:ring-[3px] focus-within:ring-ring/50 p-1 gap-1",
           input: "w-full min-w-[80px] shadow-none px-2 h-7 outline-none",
           tag: {
             body: "h-7 relative bg-background border border-input hover:bg-background rounded-md font-medium text-xs ps-2 pe-7",
diff --git a/frontend/src/shared/components/ui/item.tsx b/frontend/src/shared/components/ui/item.tsx
new file mode 100644
index 0000000..c2af190
--- /dev/null
+++ b/frontend/src/shared/components/ui/item.tsx
@@ -0,0 +1,193 @@
+import * as React from "react"
+import { Slot as SlotPrimitive } from "radix-ui"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@shared/lib/utils"
+import { Separator } from "@shared/components/ui/separator"
+
+function ItemGroup({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      role="list"
+      data-slot="item-group"
+      className={cn("group/item-group flex flex-col", className)}
+      {...props}
+    />
+  )
+}
+
+function ItemSeparator({
+  className,
+  ...props
+}: React.ComponentProps<typeof Separator>) {
+  return (
+    <Separator
+      data-slot="item-separator"
+      orientation="horizontal"
+      className={cn("my-0", className)}
+      {...props}
+    />
+  )
+}
+
+const itemVariants = cva(
+  "group/item flex items-center border border-transparent text-sm rounded-md transition-colors [a]:hover:bg-accent/50 [a]:transition-colors duration-100 flex-wrap outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]",
+  {
+    variants: {
+      variant: {
+        default: "bg-transparent",
+        outline: "border-border",
+        muted: "bg-muted/50",
+      },
+      size: {
+        default: "p-4 gap-4 ",
+        sm: "py-3 px-4 gap-2.5",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+      size: "default",
+    },
+  }
+)
+
+function Item({
+  className,
+  variant = "default",
+  size = "default",
+  asChild = false,
+  ...props
+}: React.ComponentProps<"div"> &
+  VariantProps<typeof itemVariants> & { asChild?: boolean }) {
+  const Comp = asChild ? SlotPrimitive.Slot : "div"
+  return (
+    <Comp
+      data-slot="item"
+      data-variant={variant}
+      data-size={size}
+      className={cn(itemVariants({ variant, size, className }))}
+      {...props}
+    />
+  )
+}
+
+const itemMediaVariants = cva(
+  "flex shrink-0 items-center justify-center gap-2 group-has-[[data-slot=item-description]]/item:self-start [&_svg]:pointer-events-none group-has-[[data-slot=item-description]]/item:translate-y-0.5",
+  {
+    variants: {
+      variant: {
+        default: "bg-transparent",
+        icon: "size-8 border rounded-sm bg-muted [&_svg:not([class*='size-'])]:size-4",
+        image:
+          "size-10 rounded-sm overflow-hidden [&_img]:size-full [&_img]:object-cover",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+function ItemMedia({
+  className,
+  variant = "default",
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof itemMediaVariants>) {
+  return (
+    <div
+      data-slot="item-media"
+      data-variant={variant}
+      className={cn(itemMediaVariants({ variant, className }))}
+      {...props}
+    />
+  )
+}
+
+function ItemContent({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="item-content"
+      className={cn(
+        "flex flex-1 flex-col gap-1 [&+[data-slot=item-content]]:flex-none",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function ItemTitle({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="item-title"
+      className={cn(
+        "flex w-fit items-center gap-2 text-sm leading-snug font-medium",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function ItemDescription({ className, ...props }: React.ComponentProps<"p">) {
+  return (
+    <p
+      data-slot="item-description"
+      className={cn(
+        "text-muted-foreground line-clamp-2 text-sm leading-normal font-normal text-balance",
+        "[&>a:hover]:text-primary [&>a]:underline [&>a]:underline-offset-4",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function ItemActions({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="item-actions"
+      className={cn("flex items-center gap-2", className)}
+      {...props}
+    />
+  )
+}
+
+function ItemHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="item-header"
+      className={cn(
+        "flex basis-full items-center justify-between gap-2",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function ItemFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="item-footer"
+      className={cn(
+        "flex basis-full items-center justify-between gap-2",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export {
+  Item,
+  ItemMedia,
+  ItemContent,
+  ItemActions,
+  ItemGroup,
+  ItemSeparator,
+  ItemTitle,
+  ItemDescription,
+  ItemHeader,
+  ItemFooter,
+}
diff --git a/frontend/src/shared/components/ui/label.tsx b/frontend/src/shared/components/ui/label.tsx
index 6f4d12f..4627423 100644
--- a/frontend/src/shared/components/ui/label.tsx
+++ b/frontend/src/shared/components/ui/label.tsx
@@ -1,5 +1,3 @@
-"use client";
-
 import * as React from "react";
 import { Label as LabelPrimitive } from "radix-ui";
 
diff --git a/frontend/src/shared/components/ui/separator.tsx b/frontend/src/shared/components/ui/separator.tsx
new file mode 100644
index 0000000..ebff5cb
--- /dev/null
+++ b/frontend/src/shared/components/ui/separator.tsx
@@ -0,0 +1,28 @@
+"use client"
+
+import * as React from "react"
+import { Separator as SeparatorPrimitive } from "radix-ui"
+
+import { cn } from "@shared/lib/utils"
+
+function Separator({
+  className,
+  orientation = "horizontal",
+  decorative = true,
+  ...props
+}: React.ComponentProps<typeof SeparatorPrimitive.Root>) {
+  return (
+    <SeparatorPrimitive.Root
+      data-slot="separator"
+      decorative={decorative}
+      orientation={orientation}
+      className={cn(
+        "bg-border shrink-0 data-[orientation=horizontal]:h-px data-[orientation=horizontal]:w-full data-[orientation=vertical]:h-full data-[orientation=vertical]:w-px",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Separator }
diff --git a/frontend/src/shared/components/ui/sheet.tsx b/frontend/src/shared/components/ui/sheet.tsx
new file mode 100644
index 0000000..c8e54b0
--- /dev/null
+++ b/frontend/src/shared/components/ui/sheet.tsx
@@ -0,0 +1,139 @@
+"use client"
+
+import * as React from "react"
+import { Dialog as SheetPrimitive } from "radix-ui"
+import { XIcon } from "lucide-react"
+
+import { cn } from "@shared/lib/utils"
+
+function Sheet({ ...props }: React.ComponentProps<typeof SheetPrimitive.Root>) {
+  return <SheetPrimitive.Root data-slot="sheet" {...props} />
+}
+
+function SheetTrigger({
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Trigger>) {
+  return <SheetPrimitive.Trigger data-slot="sheet-trigger" {...props} />
+}
+
+function SheetClose({
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Close>) {
+  return <SheetPrimitive.Close data-slot="sheet-close" {...props} />
+}
+
+function SheetPortal({
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Portal>) {
+  return <SheetPrimitive.Portal data-slot="sheet-portal" {...props} />
+}
+
+function SheetOverlay({
+  className,
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Overlay>) {
+  return (
+    <SheetPrimitive.Overlay
+      data-slot="sheet-overlay"
+      className={cn(
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function SheetContent({
+  className,
+  children,
+  side = "right",
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Content> & {
+  side?: "top" | "right" | "bottom" | "left"
+}) {
+  return (
+    <SheetPortal>
+      <SheetOverlay />
+      <SheetPrimitive.Content
+        data-slot="sheet-content"
+        className={cn(
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out fixed z-50 flex flex-col gap-4 shadow-lg transition ease-in-out data-[state=closed]:duration-300 data-[state=open]:duration-500",
+          side === "right" &&
+            "data-[state=closed]:slide-out-to-right data-[state=open]:slide-in-from-right inset-y-0 right-0 h-full w-3/4 border-l sm:max-w-sm",
+          side === "left" &&
+            "data-[state=closed]:slide-out-to-left data-[state=open]:slide-in-from-left inset-y-0 left-0 h-full w-3/4 border-r sm:max-w-sm",
+          side === "top" &&
+            "data-[state=closed]:slide-out-to-top data-[state=open]:slide-in-from-top inset-x-0 top-0 h-auto border-b",
+          side === "bottom" &&
+            "data-[state=closed]:slide-out-to-bottom data-[state=open]:slide-in-from-bottom inset-x-0 bottom-0 h-auto border-t",
+          className
+        )}
+        {...props}
+      >
+        {children}
+        <SheetPrimitive.Close className="ring-offset-background focus:ring-ring data-[state=open]:bg-secondary absolute top-4 right-4 rounded-xs opacity-70 transition-opacity hover:opacity-100 focus:ring-2 focus:ring-offset-2 focus:outline-hidden disabled:pointer-events-none">
+          <XIcon className="size-4" />
+          <span className="sr-only">Close</span>
+        </SheetPrimitive.Close>
+      </SheetPrimitive.Content>
+    </SheetPortal>
+  )
+}
+
+function SheetHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sheet-header"
+      className={cn("flex flex-col gap-1.5 p-4", className)}
+      {...props}
+    />
+  )
+}
+
+function SheetFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sheet-footer"
+      className={cn("mt-auto flex flex-col gap-2 p-4", className)}
+      {...props}
+    />
+  )
+}
+
+function SheetTitle({
+  className,
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Title>) {
+  return (
+    <SheetPrimitive.Title
+      data-slot="sheet-title"
+      className={cn("text-foreground font-semibold", className)}
+      {...props}
+    />
+  )
+}
+
+function SheetDescription({
+  className,
+  ...props
+}: React.ComponentProps<typeof SheetPrimitive.Description>) {
+  return (
+    <SheetPrimitive.Description
+      data-slot="sheet-description"
+      className={cn("text-muted-foreground text-sm", className)}
+      {...props}
+    />
+  )
+}
+
+export {
+  Sheet,
+  SheetTrigger,
+  SheetClose,
+  SheetContent,
+  SheetHeader,
+  SheetFooter,
+  SheetTitle,
+  SheetDescription,
+}
diff --git a/frontend/src/shared/components/ui/sidebar.tsx b/frontend/src/shared/components/ui/sidebar.tsx
new file mode 100644
index 0000000..ac4e61e
--- /dev/null
+++ b/frontend/src/shared/components/ui/sidebar.tsx
@@ -0,0 +1,726 @@
+"use client";
+
+import * as React from "react";
+import { Slot as SlotPrimitive } from "radix-ui";
+import { cva, type VariantProps } from "class-variance-authority";
+import { PanelLeftIcon } from "lucide-react";
+
+import { useIsMobile } from "@shared/hooks/use-mobile";
+import { cn } from "@shared/lib/utils";
+import { Button } from "@shared/components/ui/button";
+import { Input } from "@shared/components/ui/input";
+import { Separator } from "@shared/components/ui/separator";
+import {
+  Sheet,
+  SheetContent,
+  SheetDescription,
+  SheetHeader,
+  SheetTitle,
+} from "@shared/components/ui/sheet";
+import { Skeleton } from "@shared/components/ui/skeleton";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@shared/components/ui/tooltip";
+
+const SIDEBAR_COOKIE_NAME = "sidebar_state";
+const SIDEBAR_COOKIE_MAX_AGE = 60 * 60 * 24 * 7;
+const SIDEBAR_WIDTH = "16rem";
+const SIDEBAR_WIDTH_MOBILE = "18rem";
+const SIDEBAR_WIDTH_ICON = "3rem";
+const SIDEBAR_KEYBOARD_SHORTCUT = "b";
+
+type SidebarContextProps = {
+  state: "expanded" | "collapsed";
+  open: boolean;
+  setOpen: (open: boolean) => void;
+  openMobile: boolean;
+  setOpenMobile: (open: boolean) => void;
+  isMobile: boolean;
+  toggleSidebar: () => void;
+};
+
+const SidebarContext = React.createContext<SidebarContextProps | null>(null);
+
+function useSidebar() {
+  const context = React.useContext(SidebarContext);
+  if (!context) {
+    throw new Error("useSidebar must be used within a SidebarProvider.");
+  }
+
+  return context;
+}
+
+function SidebarProvider({
+  defaultOpen = true,
+  open: openProp,
+  onOpenChange: setOpenProp,
+  className,
+  style,
+  children,
+  ...props
+}: React.ComponentProps<"div"> & {
+  defaultOpen?: boolean;
+  open?: boolean;
+  onOpenChange?: (open: boolean) => void;
+}) {
+  const isMobile = useIsMobile();
+  const [openMobile, setOpenMobile] = React.useState(false);
+
+  // This is the internal state of the sidebar.
+  // We use openProp and setOpenProp for control from outside the component.
+  const [_open, _setOpen] = React.useState(defaultOpen);
+  const open = openProp ?? _open;
+  const setOpen = React.useCallback(
+    (value: boolean | ((value: boolean) => boolean)) => {
+      const openState = typeof value === "function" ? value(open) : value;
+      if (setOpenProp) {
+        setOpenProp(openState);
+      } else {
+        _setOpen(openState);
+      }
+
+      // This sets the cookie to keep the sidebar state.
+      document.cookie = `${SIDEBAR_COOKIE_NAME}=${openState}; path=/; max-age=${SIDEBAR_COOKIE_MAX_AGE}`;
+    },
+    [setOpenProp, open],
+  );
+
+  // Helper to toggle the sidebar.
+  const toggleSidebar = React.useCallback(() => {
+    return isMobile ? setOpenMobile((open) => !open) : setOpen((open) => !open);
+  }, [isMobile, setOpen, setOpenMobile]);
+
+  // Adds a keyboard shortcut to toggle the sidebar.
+  React.useEffect(() => {
+    const handleKeyDown = (event: KeyboardEvent) => {
+      if (
+        event.key === SIDEBAR_KEYBOARD_SHORTCUT &&
+        (event.metaKey || event.ctrlKey)
+      ) {
+        event.preventDefault();
+        toggleSidebar();
+      }
+    };
+
+    window.addEventListener("keydown", handleKeyDown);
+    return () => window.removeEventListener("keydown", handleKeyDown);
+  }, [toggleSidebar]);
+
+  // We add a state so that we can do data-state="expanded" or "collapsed".
+  // This makes it easier to style the sidebar with Tailwind classes.
+  const state = open ? "expanded" : "collapsed";
+
+  const contextValue = React.useMemo<SidebarContextProps>(
+    () => ({
+      state,
+      open,
+      setOpen,
+      isMobile,
+      openMobile,
+      setOpenMobile,
+      toggleSidebar,
+    }),
+    [state, open, setOpen, isMobile, openMobile, setOpenMobile, toggleSidebar],
+  );
+
+  return (
+    <SidebarContext.Provider value={contextValue}>
+      <TooltipProvider delayDuration={0}>
+        <div
+          data-slot="sidebar-wrapper"
+          style={
+            {
+              "--sidebar-width": SIDEBAR_WIDTH,
+              "--sidebar-width-icon": SIDEBAR_WIDTH_ICON,
+              ...style,
+            } as React.CSSProperties
+          }
+          className={cn(
+            "group/sidebar-wrapper has-data-[variant=inset]:bg-sidebar flex min-h-svh w-full",
+            className,
+          )}
+          {...props}
+        >
+          {children}
+        </div>
+      </TooltipProvider>
+    </SidebarContext.Provider>
+  );
+}
+
+function Sidebar({
+  side = "left",
+  variant = "sidebar",
+  collapsible = "offcanvas",
+  className,
+  children,
+  ...props
+}: React.ComponentProps<"div"> & {
+  side?: "left" | "right";
+  variant?: "sidebar" | "floating" | "inset";
+  collapsible?: "offcanvas" | "icon" | "none";
+}) {
+  const { isMobile, state, openMobile, setOpenMobile } = useSidebar();
+
+  if (collapsible === "none") {
+    return (
+      <div
+        data-slot="sidebar"
+        className={cn(
+          "bg-sidebar text-sidebar-foreground flex h-full w-(--sidebar-width) flex-col",
+          className,
+        )}
+        {...props}
+      >
+        {children}
+      </div>
+    );
+  }
+
+  if (isMobile) {
+    return (
+      <Sheet open={openMobile} onOpenChange={setOpenMobile} {...props}>
+        <SheetContent
+          data-sidebar="sidebar"
+          data-slot="sidebar"
+          data-mobile="true"
+          className="bg-sidebar text-sidebar-foreground w-(--sidebar-width) p-0 [&>button]:hidden"
+          style={
+            {
+              "--sidebar-width": SIDEBAR_WIDTH_MOBILE,
+            } as React.CSSProperties
+          }
+          side={side}
+        >
+          <SheetHeader className="sr-only">
+            <SheetTitle>Sidebar</SheetTitle>
+            <SheetDescription>Displays the mobile sidebar.</SheetDescription>
+          </SheetHeader>
+          <div className="flex h-full w-full flex-col">{children}</div>
+        </SheetContent>
+      </Sheet>
+    );
+  }
+
+  return (
+    <div
+      className="group peer text-sidebar-foreground hidden md:block"
+      data-state={state}
+      data-collapsible={state === "collapsed" ? collapsible : ""}
+      data-variant={variant}
+      data-side={side}
+      data-slot="sidebar"
+    >
+      {/* This is what handles the sidebar gap on desktop */}
+      <div
+        data-slot="sidebar-gap"
+        className={cn(
+          "relative w-(--sidebar-width) bg-transparent transition-[width] duration-200 ease-linear",
+          "group-data-[collapsible=offcanvas]:w-0",
+          "group-data-[side=right]:rotate-180",
+          variant === "floating" || variant === "inset"
+            ? "group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)+(--spacing(4)))]"
+            : "group-data-[collapsible=icon]:w-(--sidebar-width-icon)",
+        )}
+      />
+      <div
+        data-slot="sidebar-container"
+        className={cn(
+          "fixed inset-y-0 z-10 hidden h-svh w-(--sidebar-width) transition-[left,right,width] duration-200 ease-linear md:flex",
+          side === "left"
+            ? "left-0 group-data-[collapsible=offcanvas]:left-[calc(var(--sidebar-width)*-1)]"
+            : "right-0 group-data-[collapsible=offcanvas]:right-[calc(var(--sidebar-width)*-1)]",
+          // Adjust the padding for floating and inset variants.
+          variant === "floating" || variant === "inset"
+            ? "p-2 group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)+(--spacing(4))+2px)]"
+            : "group-data-[collapsible=icon]:w-(--sidebar-width-icon) group-data-[side=left]:border-r group-data-[side=right]:border-l",
+          className,
+        )}
+        {...props}
+      >
+        <div
+          data-sidebar="sidebar"
+          data-slot="sidebar-inner"
+          className="bg-sidebar group-data-[variant=floating]:border-sidebar-border flex h-full w-full flex-col group-data-[variant=floating]:rounded-lg group-data-[variant=floating]:border group-data-[variant=floating]:shadow-sm"
+        >
+          {children}
+        </div>
+      </div>
+    </div>
+  );
+}
+
+function SidebarTrigger({
+  className,
+  onClick,
+  ...props
+}: React.ComponentProps<typeof Button>) {
+  const { toggleSidebar } = useSidebar();
+
+  return (
+    <Button
+      data-sidebar="trigger"
+      data-slot="sidebar-trigger"
+      variant="ghost"
+      size="icon"
+      className={cn("size-7", className)}
+      onClick={(event) => {
+        onClick?.(event);
+        toggleSidebar();
+      }}
+      {...props}
+    >
+      <PanelLeftIcon />
+      <span className="sr-only">Toggle Sidebar</span>
+    </Button>
+  );
+}
+
+function SidebarRail({ className, ...props }: React.ComponentProps<"button">) {
+  const { toggleSidebar } = useSidebar();
+
+  return (
+    <button
+      data-sidebar="rail"
+      data-slot="sidebar-rail"
+      aria-label="Toggle Sidebar"
+      tabIndex={-1}
+      onClick={toggleSidebar}
+      title="Toggle Sidebar"
+      className={cn(
+        "hover:after:bg-sidebar-border absolute inset-y-0 z-20 hidden w-4 -translate-x-1/2 transition-all ease-linear group-data-[side=left]:-right-4 group-data-[side=right]:left-0 after:absolute after:inset-y-0 after:left-1/2 after:w-[2px] sm:flex",
+        "in-data-[side=left]:cursor-w-resize in-data-[side=right]:cursor-e-resize",
+        "[[data-side=left][data-state=collapsed]_&]:cursor-e-resize [[data-side=right][data-state=collapsed]_&]:cursor-w-resize",
+        "hover:group-data-[collapsible=offcanvas]:bg-sidebar group-data-[collapsible=offcanvas]:translate-x-0 group-data-[collapsible=offcanvas]:after:left-full",
+        "[[data-side=left][data-collapsible=offcanvas]_&]:-right-2",
+        "[[data-side=right][data-collapsible=offcanvas]_&]:-left-2",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarInset({ className, ...props }: React.ComponentProps<"main">) {
+  return (
+    <main
+      data-slot="sidebar-inset"
+      className={cn(
+        "bg-background relative flex w-full flex-1 flex-col",
+        "md:peer-data-[variant=inset]:m-2 md:peer-data-[variant=inset]:ml-0 md:peer-data-[variant=inset]:rounded-xl md:peer-data-[variant=inset]:shadow-sm md:peer-data-[variant=inset]:peer-data-[state=collapsed]:ml-2",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarInput({
+  className,
+  ...props
+}: React.ComponentProps<typeof Input>) {
+  return (
+    <Input
+      data-slot="sidebar-input"
+      data-sidebar="input"
+      className={cn("bg-background h-8 w-full shadow-none", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-header"
+      data-sidebar="header"
+      className={cn("flex flex-col gap-2 p-2", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-footer"
+      data-sidebar="footer"
+      className={cn("flex flex-col gap-2 p-2", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarSeparator({
+  className,
+  ...props
+}: React.ComponentProps<typeof Separator>) {
+  return (
+    <Separator
+      data-slot="sidebar-separator"
+      data-sidebar="separator"
+      className={cn("bg-sidebar-border mx-2 w-auto", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarContent({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-content"
+      data-sidebar="content"
+      className={cn(
+        "flex min-h-0 flex-1 flex-col gap-2 overflow-auto group-data-[collapsible=icon]:overflow-hidden",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarGroup({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-group"
+      data-sidebar="group"
+      className={cn("relative flex w-full min-w-0 flex-col p-2", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarGroupLabel({
+  className,
+  asChild = false,
+  ...props
+}: React.ComponentProps<"div"> & { asChild?: boolean }) {
+  const Comp = asChild ? SlotPrimitive.Slot : "div";
+
+  return (
+    <Comp
+      data-slot="sidebar-group-label"
+      data-sidebar="group-label"
+      className={cn(
+        "text-sidebar-foreground/70 ring-sidebar-ring flex h-8 shrink-0 items-center rounded-md px-2 text-xs font-medium outline-hidden transition-[margin,opacity] duration-200 ease-linear focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
+        "group-data-[collapsible=icon]:-mt-8 group-data-[collapsible=icon]:opacity-0",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarGroupAction({
+  className,
+  asChild = false,
+  ...props
+}: React.ComponentProps<"button"> & { asChild?: boolean }) {
+  const Comp = asChild ? SlotPrimitive.Slot : "button";
+
+  return (
+    <Comp
+      data-slot="sidebar-group-action"
+      data-sidebar="group-action"
+      className={cn(
+        "text-sidebar-foreground ring-sidebar-ring hover:bg-sidebar-accent hover:text-sidebar-accent-foreground absolute top-3.5 right-3 flex aspect-square w-5 items-center justify-center rounded-md p-0 outline-hidden transition-transform focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
+        // Increases the hit area of the button on mobile.
+        "after:absolute after:-inset-2 md:after:hidden",
+        "group-data-[collapsible=icon]:hidden",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarGroupContent({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-group-content"
+      data-sidebar="group-content"
+      className={cn("w-full text-sm", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenu({ className, ...props }: React.ComponentProps<"ul">) {
+  return (
+    <ul
+      data-slot="sidebar-menu"
+      data-sidebar="menu"
+      className={cn("flex w-full min-w-0 flex-col gap-1", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenuItem({ className, ...props }: React.ComponentProps<"li">) {
+  return (
+    <li
+      data-slot="sidebar-menu-item"
+      data-sidebar="menu-item"
+      className={cn("group/menu-item relative", className)}
+      {...props}
+    />
+  );
+}
+
+const sidebarMenuButtonVariants = cva(
+  "peer/menu-button flex w-full items-center gap-2 overflow-hidden rounded-md p-2 text-left text-sm outline-hidden ring-sidebar-ring transition-[width,height,padding] hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 group-has-data-[sidebar=menu-action]/menu-item:pr-8 aria-disabled:pointer-events-none aria-disabled:opacity-50 data-[active=true]:bg-sidebar-accent data-[active=true]:font-medium data-[active=true]:text-sidebar-accent-foreground data-[state=open]:hover:bg-sidebar-accent data-[state=open]:hover:text-sidebar-accent-foreground group-data-[collapsible=icon]:size-8! group-data-[collapsible=icon]:p-2! [&>span:last-child]:truncate [&>svg]:size-4 [&>svg]:shrink-0",
+  {
+    variants: {
+      variant: {
+        default: "hover:bg-sidebar-accent hover:text-sidebar-accent-foreground",
+        outline:
+          "bg-background shadow-[0_0_0_1px_hsl(var(--sidebar-border))] hover:bg-sidebar-accent hover:text-sidebar-accent-foreground hover:shadow-[0_0_0_1px_hsl(var(--sidebar-accent))]",
+      },
+      size: {
+        default: "h-8 text-sm",
+        sm: "h-7 text-xs",
+        lg: "h-12 text-sm group-data-[collapsible=icon]:p-0!",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+      size: "default",
+    },
+  },
+);
+
+function SidebarMenuButton({
+  asChild = false,
+  isActive = false,
+  variant = "default",
+  size = "default",
+  tooltip,
+  className,
+  ...props
+}: React.ComponentProps<"button"> & {
+  asChild?: boolean;
+  isActive?: boolean;
+  tooltip?: string | React.ComponentProps<typeof TooltipContent>;
+} & VariantProps<typeof sidebarMenuButtonVariants>) {
+  const Comp = asChild ? SlotPrimitive.Slot : "button";
+  const { isMobile, state } = useSidebar();
+
+  const button = (
+    <Comp
+      data-slot="sidebar-menu-button"
+      data-sidebar="menu-button"
+      data-size={size}
+      data-active={isActive}
+      className={cn(sidebarMenuButtonVariants({ variant, size }), className)}
+      {...props}
+    />
+  );
+
+  if (!tooltip) {
+    return button;
+  }
+
+  if (typeof tooltip === "string") {
+    tooltip = {
+      children: tooltip,
+    };
+  }
+
+  return (
+    <Tooltip>
+      <TooltipTrigger asChild>{button}</TooltipTrigger>
+      <TooltipContent
+        side="right"
+        align="center"
+        hidden={state !== "collapsed" || isMobile}
+        {...tooltip}
+      />
+    </Tooltip>
+  );
+}
+
+function SidebarMenuAction({
+  className,
+  asChild = false,
+  showOnHover = false,
+  ...props
+}: React.ComponentProps<"button"> & {
+  asChild?: boolean;
+  showOnHover?: boolean;
+}) {
+  const Comp = asChild ? SlotPrimitive.Slot : "button";
+
+  return (
+    <Comp
+      data-slot="sidebar-menu-action"
+      data-sidebar="menu-action"
+      className={cn(
+        "text-sidebar-foreground ring-sidebar-ring hover:bg-sidebar-accent hover:text-sidebar-accent-foreground peer-hover/menu-button:text-sidebar-accent-foreground absolute top-1.5 right-1 flex aspect-square w-5 items-center justify-center rounded-md p-0 outline-hidden transition-transform focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
+        // Increases the hit area of the button on mobile.
+        "after:absolute after:-inset-2 md:after:hidden",
+        "peer-data-[size=sm]/menu-button:top-1",
+        "peer-data-[size=default]/menu-button:top-1.5",
+        "peer-data-[size=lg]/menu-button:top-2.5",
+        "group-data-[collapsible=icon]:hidden",
+        showOnHover &&
+          "peer-data-[active=true]/menu-button:text-sidebar-accent-foreground group-focus-within/menu-item:opacity-100 group-hover/menu-item:opacity-100 data-[state=open]:opacity-100 md:opacity-0",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenuBadge({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="sidebar-menu-badge"
+      data-sidebar="menu-badge"
+      className={cn(
+        "text-sidebar-foreground pointer-events-none absolute right-1 flex h-5 min-w-5 items-center justify-center rounded-md px-1 text-xs font-medium tabular-nums select-none",
+        "peer-hover/menu-button:text-sidebar-accent-foreground peer-data-[active=true]/menu-button:text-sidebar-accent-foreground",
+        "peer-data-[size=sm]/menu-button:top-1",
+        "peer-data-[size=default]/menu-button:top-1.5",
+        "peer-data-[size=lg]/menu-button:top-2.5",
+        "group-data-[collapsible=icon]:hidden",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenuSkeleton({
+  className,
+  showIcon = false,
+  ...props
+}: React.ComponentProps<"div"> & {
+  showIcon?: boolean;
+}) {
+  // Random width between 50 to 90%.
+  const width = React.useMemo(() => {
+    return `${Math.floor(Math.random() * 40) + 50}%`;
+  }, []);
+
+  return (
+    <div
+      data-slot="sidebar-menu-skeleton"
+      data-sidebar="menu-skeleton"
+      className={cn("flex h-8 items-center gap-2 rounded-md px-2", className)}
+      {...props}
+    >
+      {showIcon && (
+        <Skeleton
+          className="size-4 rounded-md"
+          data-sidebar="menu-skeleton-icon"
+        />
+      )}
+      <Skeleton
+        className="h-4 max-w-(--skeleton-width) flex-1"
+        data-sidebar="menu-skeleton-text"
+        style={
+          {
+            "--skeleton-width": width,
+          } as React.CSSProperties
+        }
+      />
+    </div>
+  );
+}
+
+function SidebarMenuSub({ className, ...props }: React.ComponentProps<"ul">) {
+  return (
+    <ul
+      data-slot="sidebar-menu-sub"
+      data-sidebar="menu-sub"
+      className={cn(
+        "border-sidebar-border mx-3.5 flex min-w-0 translate-x-px flex-col gap-1 border-l px-2.5 py-0.5",
+        "group-data-[collapsible=icon]:hidden",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenuSubItem({
+  className,
+  ...props
+}: React.ComponentProps<"li">) {
+  return (
+    <li
+      data-slot="sidebar-menu-sub-item"
+      data-sidebar="menu-sub-item"
+      className={cn("group/menu-sub-item relative", className)}
+      {...props}
+    />
+  );
+}
+
+function SidebarMenuSubButton({
+  asChild = false,
+  size = "md",
+  isActive = false,
+  className,
+  ...props
+}: React.ComponentProps<"a"> & {
+  asChild?: boolean;
+  size?: "sm" | "md";
+  isActive?: boolean;
+}) {
+  const Comp = asChild ? SlotPrimitive.Slot : "a";
+
+  return (
+    <Comp
+      data-slot="sidebar-menu-sub-button"
+      data-sidebar="menu-sub-button"
+      data-size={size}
+      data-active={isActive}
+      className={cn(
+        "text-sidebar-foreground ring-sidebar-ring hover:bg-sidebar-accent hover:text-sidebar-accent-foreground active:bg-sidebar-accent active:text-sidebar-accent-foreground [&>svg]:text-sidebar-accent-foreground flex h-7 min-w-0 -translate-x-px items-center gap-2 overflow-hidden rounded-md px-2 outline-hidden focus-visible:ring-2 disabled:pointer-events-none disabled:opacity-50 aria-disabled:pointer-events-none aria-disabled:opacity-50 [&>span:last-child]:truncate [&>svg]:size-4 [&>svg]:shrink-0",
+        "data-[active=true]:bg-sidebar-accent data-[active=true]:text-sidebar-accent-foreground",
+        size === "sm" && "text-xs",
+        size === "md" && "text-sm",
+        "group-data-[collapsible=icon]:hidden",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+export {
+  Sidebar,
+  SidebarContent,
+  SidebarFooter,
+  SidebarGroup,
+  SidebarGroupAction,
+  SidebarGroupContent,
+  SidebarGroupLabel,
+  SidebarHeader,
+  SidebarInput,
+  SidebarInset,
+  SidebarMenu,
+  SidebarMenuAction,
+  SidebarMenuBadge,
+  SidebarMenuButton,
+  SidebarMenuItem,
+  SidebarMenuSkeleton,
+  SidebarMenuSub,
+  SidebarMenuSubButton,
+  SidebarMenuSubItem,
+  SidebarProvider,
+  SidebarRail,
+  SidebarSeparator,
+  SidebarTrigger,
+  useSidebar,
+};
diff --git a/frontend/src/shared/components/ui/skeleton.tsx b/frontend/src/shared/components/ui/skeleton.tsx
new file mode 100644
index 0000000..f15f492
--- /dev/null
+++ b/frontend/src/shared/components/ui/skeleton.tsx
@@ -0,0 +1,13 @@
+import { cn } from "@shared/lib/utils"
+
+function Skeleton({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="skeleton"
+      className={cn("bg-accent animate-pulse rounded-md", className)}
+      {...props}
+    />
+  )
+}
+
+export { Skeleton }
diff --git a/frontend/src/shared/components/ui/spinner.tsx b/frontend/src/shared/components/ui/spinner.tsx
new file mode 100644
index 0000000..fbb90b3
--- /dev/null
+++ b/frontend/src/shared/components/ui/spinner.tsx
@@ -0,0 +1,16 @@
+import { Loader2Icon } from "lucide-react"
+
+import { cn } from "@shared/lib/utils"
+
+function Spinner({ className, ...props }: React.ComponentProps<"svg">) {
+  return (
+    <Loader2Icon
+      role="status"
+      aria-label="Loading"
+      className={cn("size-4 animate-spin", className)}
+      {...props}
+    />
+  )
+}
+
+export { Spinner }
diff --git a/frontend/src/shared/components/ui/textarea.tsx b/frontend/src/shared/components/ui/textarea.tsx
index 56f8447..2354559 100644
--- a/frontend/src/shared/components/ui/textarea.tsx
+++ b/frontend/src/shared/components/ui/textarea.tsx
@@ -1,6 +1,6 @@
-import * as React from "react";
+import * as React from "react"
 
-import { cn } from "@shared/lib/utils";
+import { cn } from "@shared/lib/utils"
 
 function Textarea({ className, ...props }: React.ComponentProps<"textarea">) {
   return (
@@ -8,11 +8,11 @@ function Textarea({ className, ...props }: React.ComponentProps<"textarea">) {
       data-slot="textarea"
       className={cn(
         "border-input placeholder:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive dark:bg-input/30 flex field-sizing-content min-h-16 w-full rounded-md border bg-transparent px-3 py-2 text-base shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
-        className,
+        className
       )}
       {...props}
     />
-  );
+  )
 }
 
-export { Textarea };
+export { Textarea }
diff --git a/frontend/src/shared/components/ui/tooltip.tsx b/frontend/src/shared/components/ui/tooltip.tsx
index 621378e..c97ae2d 100644
--- a/frontend/src/shared/components/ui/tooltip.tsx
+++ b/frontend/src/shared/components/ui/tooltip.tsx
@@ -1,9 +1,7 @@
-"use client";
+import * as React from "react"
+import { Tooltip as TooltipPrimitive } from "radix-ui"
 
-import * as React from "react";
-import { Tooltip as TooltipPrimitive } from "radix-ui";
-
-import { cn } from "@shared/lib/utils";
+import { cn } from "@shared/lib/utils"
 
 function TooltipProvider({
   delayDuration = 0,
@@ -15,7 +13,7 @@ function TooltipProvider({
       delayDuration={delayDuration}
       {...props}
     />
-  );
+  )
 }
 
 function Tooltip({
@@ -25,42 +23,37 @@ function Tooltip({
     <TooltipProvider>
       <TooltipPrimitive.Root data-slot="tooltip" {...props} />
     </TooltipProvider>
-  );
+  )
 }
 
 function TooltipTrigger({
   ...props
 }: React.ComponentProps<typeof TooltipPrimitive.Trigger>) {
-  return <TooltipPrimitive.Trigger data-slot="tooltip-trigger" {...props} />;
+  return <TooltipPrimitive.Trigger data-slot="tooltip-trigger" {...props} />
 }
 
 function TooltipContent({
   className,
-  sideOffset = 4,
-  showArrow = false,
+  sideOffset = 0,
   children,
   ...props
-}: React.ComponentProps<typeof TooltipPrimitive.Content> & {
-  showArrow?: boolean;
-}) {
+}: React.ComponentProps<typeof TooltipPrimitive.Content>) {
   return (
     <TooltipPrimitive.Portal>
       <TooltipPrimitive.Content
         data-slot="tooltip-content"
         sideOffset={sideOffset}
         className={cn(
-          "bg-popover text-popover-foreground animate-in fade-in-0 zoom-in-95 data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=closed]:zoom-out-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 relative z-50 max-w-70 rounded-md border px-3 py-1.5 text-sm",
-          className,
+          "bg-foreground text-background animate-in fade-in-0 zoom-in-95 data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=closed]:zoom-out-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 w-fit origin-(--radix-tooltip-content-transform-origin) rounded-md px-3 py-1.5 text-xs text-balance",
+          className
         )}
         {...props}
       >
         {children}
-        {showArrow && (
-          <TooltipPrimitive.Arrow className="fill-popover -my-px drop-shadow-[0_1px_0_var(--border)]" />
-        )}
+        <TooltipPrimitive.Arrow className="bg-foreground fill-foreground z-50 size-2.5 translate-y-[calc(-50%_-_2px)] rotate-45 rounded-[2px]" />
       </TooltipPrimitive.Content>
     </TooltipPrimitive.Portal>
-  );
+  )
 }
 
-export { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger };
+export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider }
diff --git a/frontend/src/shared/hooks/use-mobile.ts b/frontend/src/shared/hooks/use-mobile.ts
new file mode 100644
index 0000000..2b0fe1d
--- /dev/null
+++ b/frontend/src/shared/hooks/use-mobile.ts
@@ -0,0 +1,19 @@
+import * as React from "react"
+
+const MOBILE_BREAKPOINT = 768
+
+export function useIsMobile() {
+  const [isMobile, setIsMobile] = React.useState<boolean | undefined>(undefined)
+
+  React.useEffect(() => {
+    const mql = window.matchMedia(`(max-width: ${MOBILE_BREAKPOINT - 1}px)`)
+    const onChange = () => {
+      setIsMobile(window.innerWidth < MOBILE_BREAKPOINT)
+    }
+    mql.addEventListener("change", onChange)
+    setIsMobile(window.innerWidth < MOBILE_BREAKPOINT)
+    return () => mql.removeEventListener("change", onChange)
+  }, [])
+
+  return !!isMobile
+}
diff --git a/frontend/src/shared/hooks/useSubscriptionRefetch.ts b/frontend/src/shared/hooks/useSubscriptionRefetch.ts
new file mode 100644
index 0000000..8cf2bae
--- /dev/null
+++ b/frontend/src/shared/hooks/useSubscriptionRefetch.ts
@@ -0,0 +1,100 @@
+import { Code, ConnectError } from "@connectrpc/connect";
+import { useEffect, useRef } from "react";
+
+export type SubscribeFn<T> = (
+  signal: AbortSignal,
+) => AsyncIterable<T> | Promise<AsyncIterable<T>>;
+
+export interface UseSubscriptionRefetchOptions<T> {
+  // function to call to refetch data; kept in ref outside deps
+  refetch: () => Promise<unknown> | unknown;
+  // function that returns an async iterable subscription; receives AbortSignal
+  subscribe: SubscribeFn<T>;
+  // debounce window for trailing refetches
+  debounceTimeout?: number;
+  // optional error handler
+  onErrorFn?: (err: unknown) => void;
+  // optional data handler called for every event received
+  onDataFn?: (event: T) => void;
+  // external ref to control start/stop if needed (optional)
+  ref?: React.RefObject<{ abort: () => void } | null>;
+}
+
+/**
+ * Subscribes to an async-iterable stream (e.g., server-sent updates).
+ * Performs immediate refetch on first event (leading) and at most one trailing refetch
+ * after a cooldown of debounceTimeout ms, coalescing bursts.
+ */
+export function useSubscriptionRefetch<T = unknown>({
+  refetch,
+  subscribe,
+  debounceTimeout = 300,
+  onErrorFn,
+  onDataFn,
+  ref,
+}: UseSubscriptionRefetchOptions<T>) {
+  const refetchRef = useRef(refetch);
+  refetchRef.current = refetch;
+
+  useEffect(() => {
+    const abort = new AbortController();
+    let inCooldown = false;
+    let scheduleTimer: number | undefined;
+    let trailingNeeded = false;
+
+    const scheduleRefetch = () => {
+      if (!inCooldown) {
+        // leading
+        void refetchRef.current?.();
+        inCooldown = true;
+        scheduleTimer = window.setTimeout(() => {
+          const shouldRunTrailing = trailingNeeded;
+          trailingNeeded = false;
+          inCooldown = false;
+          if (shouldRunTrailing) {
+            void refetchRef.current?.();
+          }
+        }, debounceTimeout);
+      } else {
+        // request single trailing
+        trailingNeeded = true;
+      }
+    };
+
+    const run = async () => {
+      try {
+        const iterable = await subscribe(abort.signal);
+        for await (const event of iterable) {
+          // invoke data handler if provided (non-blocking)
+          try {
+            onDataFn?.(event as T);
+          } catch (handlerErr) {
+            onErrorFn?.(handlerErr);
+          }
+          scheduleRefetch();
+        }
+      } catch (e) {
+        if (e instanceof ConnectError) {
+          if (e.code === Code.Aborted || e.code === Code.Canceled) return;
+        }
+        onErrorFn?.(e);
+      }
+    };
+
+    // expose abort via external ref if provided
+    if (ref) {
+      ref.current = { abort: () => abort.abort() };
+    }
+
+    run();
+
+    return () => {
+      if (scheduleTimer) window.clearTimeout(scheduleTimer);
+      abort.abort();
+      if (ref) ref.current = null;
+    };
+    // subscribe and debounceTimeout are stable inputs from caller context
+    // refetch is read from ref to avoid deps churn
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [subscribe, debounceTimeout]);
+}
diff --git a/frontend/src/shared/styles/index.css b/frontend/src/shared/styles/index.css
index 49c59c8..1fc17ff 100644
--- a/frontend/src/shared/styles/index.css
+++ b/frontend/src/shared/styles/index.css
@@ -82,13 +82,13 @@
   --chart-6: oklch(0.488 0.243 264.376);
 
   --sidebar: oklch(0.985 0 0);
-  --sidebar-foreground: oklch(0.141 0.005 285.823);
-  --sidebar-primary: oklch(0.21 0.006 285.885);
+  --sidebar-foreground: oklch(0.145 0 0);
+  --sidebar-primary: oklch(0.205 0 0);
   --sidebar-primary-foreground: oklch(0.985 0 0);
-  --sidebar-accent: oklch(0.967 0.001 286.375);
-  --sidebar-accent-foreground: oklch(0.21 0.006 285.885);
-  --sidebar-border: oklch(0.92 0.004 286.32);
-  --sidebar-ring: oklch(0.871 0.006 286.286);
+  --sidebar-accent: oklch(0.97 0 0);
+  --sidebar-accent-foreground: oklch(0.205 0 0);
+  --sidebar-border: oklch(0.922 0 0);
+  --sidebar-ring: oklch(0.708 0 0);
 }
 
 .dark {
@@ -120,12 +120,12 @@
 
   --sidebar: oklch(0.205 0 0);
   --sidebar-foreground: oklch(0.985 0 0);
-  --sidebar-primary: oklch(0.488 0.243 264.376);
+  --sidebar-primary: oklch(0.1 0 0);
   --sidebar-primary-foreground: oklch(0.985 0 0);
   --sidebar-accent: oklch(0.269 0 0);
   --sidebar-accent-foreground: oklch(0.985 0 0);
-  --sidebar-border: oklch(0.274 0.006 286.033);
-  --sidebar-ring: oklch(0.442 0.017 285.786);
+  --sidebar-border: oklch(1 0 0 / 10%);
+  --sidebar-ring: oklch(0.439 0 0);
 }
 
 @layer base {
@@ -145,6 +145,11 @@
 
 body {
   line-height: 1.6;
+  position: relative;
+}
+
+.root {
+  isolation: isolate;
 }
 
 .incident-details {
diff --git a/frontend/src/shared/types/model/dbutilsFindResponseWithCountStorageIncident.ts b/frontend/src/shared/types/model/dbutilsFindResponseWithCountStorageIncident.ts
deleted file mode 100644
index 939cbf6..0000000
--- a/frontend/src/shared/types/model/dbutilsFindResponseWithCountStorageIncident.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { StorageIncident } from "./storageIncident";
-
-export interface DbutilsFindResponseWithCountStorageIncident {
-  count?: number;
-  items?: StorageIncident[];
-}
diff --git a/frontend/src/shared/types/model/dbutilsFindResponseWithCountWebServiceDTO.ts b/frontend/src/shared/types/model/dbutilsFindResponseWithCountWebServiceDTO.ts
deleted file mode 100644
index 96c1b4b..0000000
--- a/frontend/src/shared/types/model/dbutilsFindResponseWithCountWebServiceDTO.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebServiceDTO } from "./webServiceDTO";
-
-export interface DbutilsFindResponseWithCountWebServiceDTO {
-  count?: number;
-  items?: WebServiceDTO[];
-}
diff --git a/frontend/src/shared/types/model/getIncidentsParams.ts b/frontend/src/shared/types/model/getIncidentsParams.ts
deleted file mode 100644
index ee44bfe..0000000
--- a/frontend/src/shared/types/model/getIncidentsParams.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetIncidentsParams = {
-  /**
-   * Filter by service ID or incident ID
-   */
-  search?: string;
-  /**
-   * Filter by resolved status
-   */
-  resolved?: boolean;
-  /**
-   * Page number (default 1)
-   */
-  page?: number;
-  /**
-   * Number of items per page (default 100)
-   */
-  page_size?: number;
-};
diff --git a/frontend/src/shared/types/model/getIncidentsStatsParams.ts b/frontend/src/shared/types/model/getIncidentsStatsParams.ts
deleted file mode 100644
index 1f6b463..0000000
--- a/frontend/src/shared/types/model/getIncidentsStatsParams.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetIncidentsStatsParams = {
-  /**
-   * Start time (RFC3339 format)
-   */
-  start_time: string;
-  /**
-   * End time (RFC3339 format)
-   */
-  end_time: string;
-};
diff --git a/frontend/src/shared/types/model/getServicesIdIncidentsParams.ts b/frontend/src/shared/types/model/getServicesIdIncidentsParams.ts
deleted file mode 100644
index 850b310..0000000
--- a/frontend/src/shared/types/model/getServicesIdIncidentsParams.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetServicesIdIncidentsParams = {
-  /**
-   * Filter by incident ID
-   */
-  incident_id?: string;
-  /**
-   * Filter by resolved status
-   */
-  resolved?: boolean;
-  /**
-   * Page number (for pagination)
-   */
-  page?: number;
-  /**
-   * Number of items per page (default 20)
-   */
-  page_size?: number;
-};
diff --git a/frontend/src/shared/types/model/getServicesIdStatsParams.ts b/frontend/src/shared/types/model/getServicesIdStatsParams.ts
deleted file mode 100644
index bd089bd..0000000
--- a/frontend/src/shared/types/model/getServicesIdStatsParams.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetServicesIdStatsParams = {
-  /**
-   * Number of days (default 30)
-   */
-  days?: number;
-};
diff --git a/frontend/src/shared/types/model/getServicesParams.ts b/frontend/src/shared/types/model/getServicesParams.ts
deleted file mode 100644
index 7615399..0000000
--- a/frontend/src/shared/types/model/getServicesParams.ts
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetServicesParams = {
-  /**
-   * Filter by service name
-   */
-  name?: string;
-  /**
-   * Filter by service tags
-   */
-  tags?: string[];
-  /**
-   * Filter by service status
-   */
-  status?: string;
-  /**
-   * Filter by enabled status
-   */
-  is_enabled?: boolean;
-  /**
-   * Filter by protocol
-   */
-  protocol?: string;
-  /**
-   * Order by field
-   */
-  order_by?: string;
-  /**
-   * Page number (for pagination)
-   */
-  page?: number;
-  /**
-   * Number of items per page (default 20)
-   */
-  page_size?: number;
-};
diff --git a/frontend/src/shared/types/model/getTagsCount200.ts b/frontend/src/shared/types/model/getTagsCount200.ts
deleted file mode 100644
index 25721a1..0000000
--- a/frontend/src/shared/types/model/getTagsCount200.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type GetTagsCount200 = { [key: string]: number };
diff --git a/frontend/src/shared/types/model/index.ts b/frontend/src/shared/types/model/index.ts
deleted file mode 100644
index a0ce08c..0000000
--- a/frontend/src/shared/types/model/index.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export * from "./dbutilsFindResponseWithCountStorageIncident";
-export * from "./dbutilsFindResponseWithCountWebServiceDTO";
-export * from "./getIncidentsParams";
-export * from "./getIncidentsStatsParams";
-export * from "./getServicesIdIncidentsParams";
-export * from "./getServicesIdStatsParams";
-export * from "./getServicesParams";
-export * from "./getTagsCount200";
-export * from "./monitorsConfig";
-export * from "./monitorsEndpointConfig";
-export * from "./monitorsEndpointConfigHeaders";
-export * from "./monitorsEndpointConfigMethod";
-export * from "./monitorsGRPCConfig";
-export * from "./monitorsGRPCConfigCheckType";
-export * from "./monitorsHTTPConfig";
-export * from "./monitorsTCPConfig";
-export * from "./storageIncident";
-export * from "./storageServiceProtocolType";
-export * from "./storageServiceStats";
-export * from "./storageServiceStatus";
-export * from "./webAvailableUpdate";
-export * from "./webCreateUpdateServiceRequest";
-export * from "./webDashboardStats";
-export * from "./webDashboardStatsProtocols";
-export * from "./webErrorResponse";
-export * from "./webGetIncidentsStatsItem";
-export * from "./webHealthCheckResponse";
-export * from "./webServerInfoResponse";
-export * from "./webServiceDTO";
-export * from "./webSuccessResponse";
diff --git a/frontend/src/shared/types/model/monitorsConfig.ts b/frontend/src/shared/types/model/monitorsConfig.ts
deleted file mode 100644
index ae9cc65..0000000
--- a/frontend/src/shared/types/model/monitorsConfig.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsGRPCConfig } from "./monitorsGRPCConfig";
-import type { MonitorsHTTPConfig } from "./monitorsHTTPConfig";
-import type { MonitorsTCPConfig } from "./monitorsTCPConfig";
-
-export interface MonitorsConfig {
-  grpc?: MonitorsGRPCConfig;
-  http?: MonitorsHTTPConfig;
-  tcp?: MonitorsTCPConfig;
-}
diff --git a/frontend/src/shared/types/model/monitorsEndpointConfig.ts b/frontend/src/shared/types/model/monitorsEndpointConfig.ts
deleted file mode 100644
index 1837434..0000000
--- a/frontend/src/shared/types/model/monitorsEndpointConfig.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsEndpointConfigHeaders } from "./monitorsEndpointConfigHeaders";
-import type { MonitorsEndpointConfigMethod } from "./monitorsEndpointConfigMethod";
-
-export interface MonitorsEndpointConfig {
-  body?: string;
-  /**
-   * @minimum 100
-   * @maximum 599
-   */
-  expected_status: number;
-  headers?: MonitorsEndpointConfigHeaders;
-  /** Path to extract value from JSON response */
-  json_path?: string;
-  method: MonitorsEndpointConfigMethod;
-  name: string;
-  /** Basic Auth password */
-  password?: string;
-  url: string;
-  /** Basic Auth username */
-  username?: string;
-}
diff --git a/frontend/src/shared/types/model/monitorsEndpointConfigHeaders.ts b/frontend/src/shared/types/model/monitorsEndpointConfigHeaders.ts
deleted file mode 100644
index 46f63e7..0000000
--- a/frontend/src/shared/types/model/monitorsEndpointConfigHeaders.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type MonitorsEndpointConfigHeaders = { [key: string]: string };
diff --git a/frontend/src/shared/types/model/monitorsEndpointConfigMethod.ts b/frontend/src/shared/types/model/monitorsEndpointConfigMethod.ts
deleted file mode 100644
index d994817..0000000
--- a/frontend/src/shared/types/model/monitorsEndpointConfigMethod.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type MonitorsEndpointConfigMethod =
-  (typeof MonitorsEndpointConfigMethod)[keyof typeof MonitorsEndpointConfigMethod];
-
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const MonitorsEndpointConfigMethod = {
-  GET: "GET",
-  POST: "POST",
-  PUT: "PUT",
-  DELETE: "DELETE",
-  HEAD: "HEAD",
-  OPTIONS: "OPTIONS",
-} as const;
diff --git a/frontend/src/shared/types/model/monitorsGRPCConfig.ts b/frontend/src/shared/types/model/monitorsGRPCConfig.ts
deleted file mode 100644
index 8ac070c..0000000
--- a/frontend/src/shared/types/model/monitorsGRPCConfig.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsGRPCConfigCheckType } from "./monitorsGRPCConfigCheckType";
-
-export interface MonitorsGRPCConfig {
-  check_type: MonitorsGRPCConfigCheckType;
-  endpoint: string;
-  insecure_tls?: boolean;
-  service_name?: string;
-  tls?: boolean;
-}
diff --git a/frontend/src/shared/types/model/monitorsGRPCConfigCheckType.ts b/frontend/src/shared/types/model/monitorsGRPCConfigCheckType.ts
deleted file mode 100644
index 77c6c1b..0000000
--- a/frontend/src/shared/types/model/monitorsGRPCConfigCheckType.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type MonitorsGRPCConfigCheckType =
-  (typeof MonitorsGRPCConfigCheckType)[keyof typeof MonitorsGRPCConfigCheckType];
-
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const MonitorsGRPCConfigCheckType = {
-  health: "health",
-  reflection: "reflection",
-  connectivity: "connectivity",
-} as const;
diff --git a/frontend/src/shared/types/model/monitorsHTTPConfig.ts b/frontend/src/shared/types/model/monitorsHTTPConfig.ts
deleted file mode 100644
index 15ebb63..0000000
--- a/frontend/src/shared/types/model/monitorsHTTPConfig.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsEndpointConfig } from "./monitorsEndpointConfig";
-
-export interface MonitorsHTTPConfig {
-  condition?: string;
-  /** @minItems 1 */
-  endpoints: MonitorsEndpointConfig[];
-  timeout?: number;
-}
diff --git a/frontend/src/shared/types/model/monitorsTCPConfig.ts b/frontend/src/shared/types/model/monitorsTCPConfig.ts
deleted file mode 100644
index d8ef63e..0000000
--- a/frontend/src/shared/types/model/monitorsTCPConfig.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface MonitorsTCPConfig {
-  endpoint: string;
-  expect_data?: string;
-  send_data?: string;
-}
diff --git a/frontend/src/shared/types/model/storageIncident.ts b/frontend/src/shared/types/model/storageIncident.ts
deleted file mode 100644
index 20ad4d8..0000000
--- a/frontend/src/shared/types/model/storageIncident.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface StorageIncident {
-  duration?: number;
-  end_time?: string;
-  error?: string;
-  id?: string;
-  resolved?: boolean;
-  service_id?: string;
-  start_time?: string;
-}
diff --git a/frontend/src/shared/types/model/storageServiceProtocolType.ts b/frontend/src/shared/types/model/storageServiceProtocolType.ts
deleted file mode 100644
index 2b1f8d9..0000000
--- a/frontend/src/shared/types/model/storageServiceProtocolType.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type StorageServiceProtocolType =
-  (typeof StorageServiceProtocolType)[keyof typeof StorageServiceProtocolType];
-
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const StorageServiceProtocolType = {
-  ServiceProtocolTypeHTTP: "http",
-  ServiceProtocolTypeTCP: "tcp",
-  ServiceProtocolTypeGRPC: "grpc",
-} as const;
diff --git a/frontend/src/shared/types/model/storageServiceStats.ts b/frontend/src/shared/types/model/storageServiceStats.ts
deleted file mode 100644
index 55207a4..0000000
--- a/frontend/src/shared/types/model/storageServiceStats.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface StorageServiceStats {
-  avg_response_time?: number;
-  period?: number;
-  service_id?: string;
-  total_downtime?: number;
-  total_incidents?: number;
-  uptime_percentage?: number;
-}
diff --git a/frontend/src/shared/types/model/storageServiceStatus.ts b/frontend/src/shared/types/model/storageServiceStatus.ts
deleted file mode 100644
index bdb2a44..0000000
--- a/frontend/src/shared/types/model/storageServiceStatus.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type StorageServiceStatus =
-  (typeof StorageServiceStatus)[keyof typeof StorageServiceStatus];
-
-// eslint-disable-next-line @typescript-eslint/no-redeclare
-export const StorageServiceStatus = {
-  StatusUnknown: "unknown",
-  StatusUp: "up",
-  StatusDown: "down",
-  StatusMaintenance: "maintenance",
-} as const;
diff --git a/frontend/src/shared/types/model/webAvailableUpdate.ts b/frontend/src/shared/types/model/webAvailableUpdate.ts
deleted file mode 100644
index b02e0e0..0000000
--- a/frontend/src/shared/types/model/webAvailableUpdate.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface WebAvailableUpdate {
-  description?: string;
-  is_available_manual?: boolean;
-  tag_name?: string;
-  url?: string;
-}
diff --git a/frontend/src/shared/types/model/webCreateUpdateServiceRequest.ts b/frontend/src/shared/types/model/webCreateUpdateServiceRequest.ts
deleted file mode 100644
index 6c1a5f0..0000000
--- a/frontend/src/shared/types/model/webCreateUpdateServiceRequest.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsConfig } from "./monitorsConfig";
-import type { StorageServiceProtocolType } from "./storageServiceProtocolType";
-
-export interface WebCreateUpdateServiceRequest {
-  config?: MonitorsConfig;
-  interval?: number;
-  is_enabled?: boolean;
-  name?: string;
-  protocol?: StorageServiceProtocolType;
-  retries?: number;
-  tags?: string[];
-  timeout?: number;
-}
diff --git a/frontend/src/shared/types/model/webDashboardStats.ts b/frontend/src/shared/types/model/webDashboardStats.ts
deleted file mode 100644
index b8648a5..0000000
--- a/frontend/src/shared/types/model/webDashboardStats.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebDashboardStatsProtocols } from "./webDashboardStatsProtocols";
-
-/**
- * Dashboard statistics
- */
-export interface WebDashboardStats {
-  active_incidents?: number;
-  avg_response_time?: number;
-  checks_per_minute?: number;
-  last_check_time?: string;
-  protocols?: WebDashboardStatsProtocols;
-  services_down?: number;
-  services_unknown?: number;
-  services_up?: number;
-  total_checks?: number;
-  total_services?: number;
-  uptime_percentage?: number;
-}
diff --git a/frontend/src/shared/types/model/webDashboardStatsProtocols.ts b/frontend/src/shared/types/model/webDashboardStatsProtocols.ts
deleted file mode 100644
index 26d299f..0000000
--- a/frontend/src/shared/types/model/webDashboardStatsProtocols.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export type WebDashboardStatsProtocols = { [key: string]: number };
diff --git a/frontend/src/shared/types/model/webErrorResponse.ts b/frontend/src/shared/types/model/webErrorResponse.ts
deleted file mode 100644
index 9739477..0000000
--- a/frontend/src/shared/types/model/webErrorResponse.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-/**
- * Error response
- */
-export interface WebErrorResponse {
-  error?: string;
-}
diff --git a/frontend/src/shared/types/model/webGetIncidentsStatsItem.ts b/frontend/src/shared/types/model/webGetIncidentsStatsItem.ts
deleted file mode 100644
index 11d68c7..0000000
--- a/frontend/src/shared/types/model/webGetIncidentsStatsItem.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface WebGetIncidentsStatsItem {
-  avg_duration?: number;
-  avg_duration_human?: string;
-  count?: number;
-  date?: string;
-  total_duration?: number;
-  total_duration_human?: string;
-}
diff --git a/frontend/src/shared/types/model/webHealthCheckResponse.ts b/frontend/src/shared/types/model/webHealthCheckResponse.ts
deleted file mode 100644
index 40d010f..0000000
--- a/frontend/src/shared/types/model/webHealthCheckResponse.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-export interface WebHealthCheckResponse {
-  status?: string;
-}
diff --git a/frontend/src/shared/types/model/webServerInfoResponse.ts b/frontend/src/shared/types/model/webServerInfoResponse.ts
deleted file mode 100644
index 270799d..0000000
--- a/frontend/src/shared/types/model/webServerInfoResponse.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { WebAvailableUpdate } from "./webAvailableUpdate";
-
-export interface WebServerInfoResponse {
-  arch?: string;
-  available_update?: WebAvailableUpdate;
-  build_date?: string;
-  commit_hash?: string;
-  go_version?: string;
-  os?: string;
-  sqlite_version?: string;
-  version?: string;
-}
diff --git a/frontend/src/shared/types/model/webServiceDTO.ts b/frontend/src/shared/types/model/webServiceDTO.ts
deleted file mode 100644
index 0e9ae69..0000000
--- a/frontend/src/shared/types/model/webServiceDTO.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-import type { MonitorsConfig } from "./monitorsConfig";
-import type { StorageServiceProtocolType } from "./storageServiceProtocolType";
-import type { StorageServiceStatus } from "./storageServiceStatus";
-
-export interface WebServiceDTO {
-  active_incidents?: number;
-  config?: MonitorsConfig;
-  consecutive_fails?: number;
-  consecutive_success?: number;
-  id?: string;
-  interval?: number;
-  is_enabled?: boolean;
-  last_check?: string;
-  last_error?: string;
-  name?: string;
-  next_check?: string;
-  protocol?: StorageServiceProtocolType;
-  response_time?: number;
-  retries?: number;
-  status?: StorageServiceStatus;
-  tags?: string[];
-  timeout?: number;
-  total_checks?: number;
-  total_incidents?: number;
-}
diff --git a/frontend/src/shared/types/model/webSuccessResponse.ts b/frontend/src/shared/types/model/webSuccessResponse.ts
deleted file mode 100644
index 87b8df8..0000000
--- a/frontend/src/shared/types/model/webSuccessResponse.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-/**
- * Generated by orval v7.11.2 🍺
- * Do not edit manually.
- * Sentinel Monitoring API
- * API for service monitoring and incident management
- * OpenAPI spec version: 1.0
- */
-
-/**
- * Successful response
- */
-export interface WebSuccessResponse {
-  message?: string;
-}
diff --git a/frontend/src/shared/utils/duration.ts b/frontend/src/shared/utils/duration.ts
index 5191464..4b1da25 100644
--- a/frontend/src/shared/utils/duration.ts
+++ b/frontend/src/shared/utils/duration.ts
@@ -1,6 +1,6 @@
-// Helper function to format duration from nanoseconds to human readable format
-export const formatDuration = (nanoseconds: number) => {
-  const seconds = Math.floor(nanoseconds / 1000000000);
+// Helper function to format duration from milliseconds to human readable format
+export const formatDuration = (milliseconds: number) => {
+  const seconds = Math.floor(milliseconds / 1000);
   const minutes = Math.floor(seconds / 60);
   const hours = Math.floor(minutes / 60);
   const days = Math.floor(hours / 24);
@@ -16,7 +16,9 @@ export const formatDuration = (nanoseconds: number) => {
   } else if (minutes > 0) {
     const remainingSeconds = seconds % 60;
     return `${minutes}m ${remainingSeconds}s`;
-  } else {
+  } else if (seconds > 0) {
     return `${seconds}s`;
+  } else {
+    return `${milliseconds}ms`;
   }
 };
diff --git a/frontend/tsconfig.app.json b/frontend/tsconfig.app.json
index 8de5e62..4450c21 100644
--- a/frontend/tsconfig.app.json
+++ b/frontend/tsconfig.app.json
@@ -10,6 +10,7 @@
     "paths": {
       "@/*": ["./src/*"],
       "@app/*": ["./src/app/*"],
+      "@layouts/*": ["./src/layouts/*"],
       "@processes/*": ["./src/processes/*"],
       "@pages/*": ["./src/pages/*"],
       "@widgets/*": ["./src/widgets/*"],
@@ -29,7 +30,7 @@
     "strict": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
-    "erasableSyntaxOnly": true,
+    "erasableSyntaxOnly": false,
     "noFallthroughCasesInSwitch": true,
     "noUncheckedSideEffectImports": true
   },
diff --git a/frontend/tsconfig.json b/frontend/tsconfig.json
index 2672624..18c1918 100644
--- a/frontend/tsconfig.json
+++ b/frontend/tsconfig.json
@@ -9,6 +9,7 @@
     "paths": {
       "@/*": ["./src/*"],
       "@app/*": ["./src/app/*"],
+      "@layouts/*": ["./src/layouts/*"],
       "@processes/*": ["./src/processes/*"],
       "@pages/*": ["./src/pages/*"],
       "@widgets/*": ["./src/widgets/*"],
diff --git a/frontend/tsconfig.node.json b/frontend/tsconfig.node.json
index f85a399..e879ef1 100644
--- a/frontend/tsconfig.node.json
+++ b/frontend/tsconfig.node.json
@@ -17,7 +17,7 @@
     "strict": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
-    "erasableSyntaxOnly": true,
+    "erasableSyntaxOnly": false,
     "noFallthroughCasesInSwitch": true,
     "noUncheckedSideEffectImports": true
   },
diff --git a/frontend/vite.config.ts b/frontend/vite.config.ts
index dadeca3..e263371 100644
--- a/frontend/vite.config.ts
+++ b/frontend/vite.config.ts
@@ -18,6 +18,7 @@ export default defineConfig({
     alias: {
       "@": path.resolve(__dirname, "./src"),
       "@app": path.resolve(__dirname, "./src/app"),
+      "@layouts": path.resolve(__dirname, "./src/layouts"),
       "@processes": path.resolve(__dirname, "./src/processes"),
       "@pages": path.resolve(__dirname, "./src/pages"),
       "@widgets": path.resolve(__dirname, "./src/widgets"),
diff --git a/go.mod b/go.mod
index d1c8a17..291c43a 100644
--- a/go.mod
+++ b/go.mod
@@ -1,104 +1,100 @@
 module github.com/sxwebdev/sentinel
 
-go 1.25.0
+go 1.25.1
 
 require (
+	connectrpc.com/authn v0.2.0
+	connectrpc.com/connect v1.19.1
+	connectrpc.com/cors v0.1.0
+	connectrpc.com/grpchealth v1.4.0
+	connectrpc.com/grpcreflect v1.3.0
 	github.com/Masterminds/semver/v3 v3.4.0
-	github.com/containrrr/shoutrrr v0.8.0
-	github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994
-	github.com/dromara/carbon/v2 v2.6.11
-	github.com/go-playground/validator/v10 v10.27.0
+	github.com/dgraph-io/badger/v4 v4.8.0
+	github.com/dop251/goja v0.0.0-20251008123653-cf18d89f3cf6
+	github.com/georgysavva/scany/v2 v2.1.4
+	github.com/go-playground/validator/v10 v10.28.0
+	github.com/gobeam/stringy v0.0.7
 	github.com/goccy/go-yaml v1.18.0
-	github.com/gofiber/contrib/websocket v1.3.4
-	github.com/gofiber/fiber/v2 v2.52.9
-	github.com/huandu/go-sqlbuilder v1.36.1
+	github.com/huandu/go-sqlbuilder v1.38.0
+	github.com/nicholas-fedor/shoutrrr v0.10.1
 	github.com/oklog/ulid/v2 v2.1.1
 	github.com/puzpuzpuz/xsync/v3 v3.5.1
+	github.com/rs/cors v1.11.1
+	github.com/samber/lo v1.52.0
+	github.com/shirou/gopsutil/v4 v4.25.9
 	github.com/stretchr/testify v1.11.1
-	github.com/swaggo/fiber-swagger v1.3.0
-	github.com/swaggo/swag v1.16.6
+	github.com/sxwebdev/tokenmanager v0.0.0-20251005001529-91c1410e16c1
+	github.com/sxwebdev/xconfig v0.2.0
+	github.com/sxwebdev/xconfig/decoders/xconfigyaml v0.0.0-20250917185517-9fc0b932f57a
+	github.com/tkcrm/modules v0.0.0-20250909093305-a0b86c209cc5
 	github.com/tkcrm/mx v0.2.34
+	github.com/tkcrm/mx/clients/connectrpc_client v0.0.0-20250618055556-3f77aaa9ddbd
+	github.com/tkcrm/mx/transport/connectrpc_transport v0.0.0-20250618055556-3f77aaa9ddbd
 	github.com/urfave/cli/v3 v3.4.1
-	google.golang.org/grpc v1.75.0
-	modernc.org/sqlite v1.38.2
+	go.akshayshah.org/connectproto v0.6.0
+	golang.org/x/crypto v0.43.0
+	golang.org/x/net v0.46.0
+	google.golang.org/grpc v1.76.0
+	google.golang.org/protobuf v1.36.10
+	modernc.org/sqlite v1.39.1
 )
 
 require (
-	github.com/KyleBanks/depth v1.2.1 // indirect
-	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgraph-io/ristretto/v2 v2.3.0 // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fasthttp/websocket v1.5.12 // indirect
+	github.com/ebitengine/purego v0.9.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/jsonpointer v0.22.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.1 // indirect
-	github.com/go-openapi/spec v0.21.0 // indirect
-	github.com/go-openapi/swag v0.24.1 // indirect
-	github.com/go-openapi/swag/cmdutils v0.24.0 // indirect
-	github.com/go-openapi/swag/conv v0.24.0 // indirect
-	github.com/go-openapi/swag/fileutils v0.24.0 // indirect
-	github.com/go-openapi/swag/jsonname v0.24.0 // indirect
-	github.com/go-openapi/swag/jsonutils v0.24.0 // indirect
-	github.com/go-openapi/swag/loading v0.24.0 // indirect
-	github.com/go-openapi/swag/mangling v0.24.0 // indirect
-	github.com/go-openapi/swag/netutils v0.24.0 // indirect
-	github.com/go-openapi/swag/stringutils v0.24.0 // indirect
-	github.com/go-openapi/swag/typeutils v0.24.0 // indirect
-	github.com/go-openapi/swag/yamlutils v0.24.0 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-sourcemap/sourcemap v2.1.4+incompatible // indirect
-	github.com/google/pprof v0.0.0-20250903194437-c28834ac2320 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/google/flatbuffers v25.9.23+incompatible // indirect
+	github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/huandu/go-clone v1.7.3 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/lib/pq v1.10.9 // indirect
+	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
 	github.com/prometheus/client_golang v1.23.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.66.1 // indirect
+	github.com/prometheus/common v0.67.1 // indirect
 	github.com/prometheus/procfs v0.17.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/rogpeppe/go-internal v1.14.1 // indirect
-	github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287 // indirect
-	github.com/swaggo/files v1.0.1 // indirect
-	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	github.com/valyala/fasthttp v1.65.0 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.15 // indirect
+	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
 	go.opentelemetry.io/otel v1.38.0 // indirect
 	go.opentelemetry.io/otel/metric v1.38.0 // indirect
 	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	golang.org/x/crypto v0.42.0 // indirect
-	golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b // indirect
-	golang.org/x/mod v0.28.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b // indirect
 	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
-	golang.org/x/tools v0.36.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 // indirect
-	google.golang.org/protobuf v1.36.9 // indirect
+	golang.org/x/sys v0.37.0 // indirect
+	golang.org/x/text v0.30.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.66.8 // indirect
+	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 9148476..07bc789 100644
--- a/go.sum
+++ b/go.sum
@@ -1,221 +1,202 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
-github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
+connectrpc.com/authn v0.2.0 h1:epZK23EG7GP062dNn34wnhZfREcCXDzIu2nlocva9r8=
+connectrpc.com/authn v0.2.0/go.mod h1:R9qxaacWwJVNuQWYyh7lJgEhBZ/w9NqvA4ivxOgw8x0=
+connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
+connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/cors v0.1.0 h1:f3gTXJyDZPrDIZCQ567jxfD9PAIpopHiRDnJRt3QuOQ=
+connectrpc.com/cors v0.1.0/go.mod h1:v8SJZCPfHtGH1zsm+Ttajpozd4cYIUryl4dFB6QEpfg=
+connectrpc.com/grpchealth v1.4.0 h1:MJC96JLelARPgZTiRF9KRfY/2N9OcoQvF2EWX07v2IE=
+connectrpc.com/grpchealth v1.4.0/go.mod h1:WhW6m1EzTmq3Ky1FE8EfkIpSDc6TfUx2M2KqZO3ts/Q=
+connectrpc.com/grpcreflect v1.3.0 h1:Y4V+ACf8/vOb1XOc251Qun7jMB75gCUNw6llvB9csXc=
+connectrpc.com/grpcreflect v1.3.0/go.mod h1:nfloOtCS8VUQOQ1+GTdFzVg2CJo4ZGaat8JIovCtDYs=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/agiledragon/gomonkey/v2 v2.3.1/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY=
-github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
-github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
-github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/containrrr/shoutrrr v0.8.0 h1:mfG2ATzIS7NR2Ec6XL+xyoHzN97H8WPjir8aYzJUSec=
-github.com/containrrr/shoutrrr v0.8.0/go.mod h1:ioyQAyu1LJY6sILuNyKaQaw+9Ttik5QePU8atnAdO2o=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cockroachdb/cockroach-go/v2 v2.2.0 h1:/5znzg5n373N/3ESjHF5SMLxiW4RKB05Ql//KWfeTFs=
+github.com/cockroachdb/cockroach-go/v2 v2.2.0/go.mod h1:u3MiKYGupPPjkn3ozknpMUpxPaNLTFWAya419/zv6eI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgraph-io/badger/v4 v4.8.0 h1:JYph1ChBijCw8SLeybvPINizbDKWZ5n/GYbz2yhN/bs=
+github.com/dgraph-io/badger/v4 v4.8.0/go.mod h1:U6on6e8k/RTbUWxqKR0MvugJuVmkxSNc79ap4917h4w=
+github.com/dgraph-io/ristretto/v2 v2.3.0 h1:qTQ38m7oIyd4GAed/QkUZyPFNMnvVWyazGXRwvOt5zk=
+github.com/dgraph-io/ristretto/v2 v2.3.0/go.mod h1:gpoRV3VzrEY1a9dWAYV6T1U7YzfgttXdd/ZzL1s9OZM=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da h1:aIftn67I1fkbMa512G+w+Pxci9hJPB8oMnkcP3iZF38=
+github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
 github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
-github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994 h1:aQYWswi+hRL2zJqGacdCZx32XjKYV8ApXFGntw79XAM=
-github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4=
-github.com/dromara/carbon/v2 v2.6.11 h1:wnAWZ+sbza1uXw3r05hExNSCaBPFaarWfUvYAX86png=
-github.com/dromara/carbon/v2 v2.6.11/go.mod h1:7GXqCUplwN1s1b4whGk2zX4+g4CMCoDIZzmjlyt0vLY=
+github.com/dop251/goja v0.0.0-20251008123653-cf18d89f3cf6 h1:6dE1TmjqkY6tehR4A67gDNhvDtuZ54ocu7ab4K9o540=
+github.com/dop251/goja v0.0.0-20251008123653-cf18d89f3cf6/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/fasthttp/websocket v1.5.12 h1:e4RGPpWW2HTbL3zV0Y/t7g0ub294LkiuXXUuTOUInlE=
-github.com/fasthttp/websocket v1.5.12/go.mod h1:I+liyL7/4moHojiOgUOIKEWm9EIxHqxZChS+aMFltyg=
+github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k=
+github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
 github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
 github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/georgysavva/scany/v2 v2.1.4 h1:nrzHEJ4oQVRoiKmocRqA1IyGOmM/GQOEsg9UjMR5Ip4=
+github.com/georgysavva/scany/v2 v2.1.4/go.mod h1:fqp9yHZzM/PFVa3/rYEC57VmDx+KDch0LoqrJzkvtos=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.22.0 h1:TmMhghgNef9YXxTu1tOopo+0BGEytxA+okbry0HjZsM=
-github.com/go-openapi/jsonpointer v0.22.0/go.mod h1:xt3jV88UtExdIkkL7NloURjRQjbeUgcxFblMjq2iaiU=
-github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
-github.com/go-openapi/jsonreference v0.21.1 h1:bSKrcl8819zKiOgxkbVNRUBIr6Wwj9KYrDbMjRs0cDA=
-github.com/go-openapi/jsonreference v0.21.1/go.mod h1:PWs8rO4xxTUqKGu+lEvvCxD5k2X7QYkKAepJyCmSTT8=
-github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
-github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
-github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.24.1 h1:DPdYTZKo6AQCRqzwr/kGkxJzHhpKxZ9i/oX0zag+MF8=
-github.com/go-openapi/swag v0.24.1/go.mod h1:sm8I3lCPlspsBBwUm1t5oZeWZS0s7m/A+Psg0ooRU0A=
-github.com/go-openapi/swag/cmdutils v0.24.0 h1:KlRCffHwXFI6E5MV9n8o8zBRElpY4uK4yWyAMWETo9I=
-github.com/go-openapi/swag/cmdutils v0.24.0/go.mod h1:uxib2FAeQMByyHomTlsP8h1TtPd54Msu2ZDU/H5Vuf8=
-github.com/go-openapi/swag/conv v0.24.0 h1:ejB9+7yogkWly6pnruRX45D1/6J+ZxRu92YFivx54ik=
-github.com/go-openapi/swag/conv v0.24.0/go.mod h1:jbn140mZd7EW2g8a8Y5bwm8/Wy1slLySQQ0ND6DPc2c=
-github.com/go-openapi/swag/fileutils v0.24.0 h1:U9pCpqp4RUytnD689Ek/N1d2N/a//XCeqoH508H5oak=
-github.com/go-openapi/swag/fileutils v0.24.0/go.mod h1:3SCrCSBHyP1/N+3oErQ1gP+OX1GV2QYFSnrTbzwli90=
-github.com/go-openapi/swag/jsonname v0.24.0 h1:2wKS9bgRV/xB8c62Qg16w4AUiIrqqiniJFtZGi3dg5k=
-github.com/go-openapi/swag/jsonname v0.24.0/go.mod h1:GXqrPzGJe611P7LG4QB9JKPtUZ7flE4DOVechNaDd7Q=
-github.com/go-openapi/swag/jsonutils v0.24.0 h1:F1vE1q4pg1xtO3HTyJYRmEuJ4jmIp2iZ30bzW5XgZts=
-github.com/go-openapi/swag/jsonutils v0.24.0/go.mod h1:vBowZtF5Z4DDApIoxcIVfR8v0l9oq5PpYRUuteVu6f0=
-github.com/go-openapi/swag/loading v0.24.0 h1:ln/fWTwJp2Zkj5DdaX4JPiddFC5CHQpvaBKycOlceYc=
-github.com/go-openapi/swag/loading v0.24.0/go.mod h1:gShCN4woKZYIxPxbfbyHgjXAhO61m88tmjy0lp/LkJk=
-github.com/go-openapi/swag/mangling v0.24.0 h1:PGOQpViCOUroIeak/Uj/sjGAq9LADS3mOyjznmHy2pk=
-github.com/go-openapi/swag/mangling v0.24.0/go.mod h1:Jm5Go9LHkycsz0wfoaBDkdc4CkpuSnIEf62brzyCbhc=
-github.com/go-openapi/swag/netutils v0.24.0 h1:Bz02HRjYv8046Ycg/w80q3g9QCWeIqTvlyOjQPDjD8w=
-github.com/go-openapi/swag/netutils v0.24.0/go.mod h1:WRgiHcYTnx+IqfMCtu0hy9oOaPR0HnPbmArSRN1SkZM=
-github.com/go-openapi/swag/stringutils v0.24.0 h1:i4Z/Jawf9EvXOLUbT97O0HbPUja18VdBxeadyAqS1FM=
-github.com/go-openapi/swag/stringutils v0.24.0/go.mod h1:5nUXB4xA0kw2df5PRipZDslPJgJut+NjL7D25zPZ/4w=
-github.com/go-openapi/swag/typeutils v0.24.0 h1:d3szEGzGDf4L2y1gYOSSLeK6h46F+zibnEas2Jm/wIw=
-github.com/go-openapi/swag/typeutils v0.24.0/go.mod h1:q8C3Kmk/vh2VhpCLaoR2MVWOGP8y7Jc8l82qCTd1DYI=
-github.com/go-openapi/swag/yamlutils v0.24.0 h1:bhw4894A7Iw6ne+639hsBNRHg9iZg/ISrOVr+sJGp4c=
-github.com/go-openapi/swag/yamlutils v0.24.0/go.mod h1:DpKv5aYuaGm/sULePoeiG8uwMpZSfReo1HR3Ik0yaG8=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
-github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
+github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
 github.com/go-sourcemap/sourcemap v2.1.4+incompatible h1:a+iTbH5auLKxaNwQFg0B+TCYl6lbukKPc7b5x0n1s6Q=
 github.com/go-sourcemap/sourcemap v2.1.4+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gobeam/stringy v0.0.7 h1:TD8SfhedUoiANhW88JlJqfrMsihskIRpU/VTsHGnAps=
+github.com/gobeam/stringy v0.0.7/go.mod h1:W3620X9dJHf2FSZF5fRnWekHcHQjwmCz8ZQ2d1qloqE=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
 github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
-github.com/gofiber/contrib/websocket v1.3.4 h1:tWeBdbJ8q0WFQXariLN4dBIbGH9KBU75s0s7YXplOSg=
-github.com/gofiber/contrib/websocket v1.3.4/go.mod h1:kTFBPC6YENCnKfKx0BoOFjgXxdz7E85/STdkmZPEmPs=
-github.com/gofiber/fiber/v2 v2.32.0/go.mod h1:CMy5ZLiXkn6qwthrl03YMyW1NLfj0rhxz2LKl4t7ZTY=
-github.com/gofiber/fiber/v2 v2.52.9 h1:YjKl5DOiyP3j0mO61u3NTmK7or8GzzWzCFzkboyP5cw=
-github.com/gofiber/fiber/v2 v2.52.9/go.mod h1:YEcBbO/FB+5M1IZNBP9FO3J9281zgPAreiI1oqg8nDw=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA=
+github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A=
+github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/flatbuffers v25.9.23+incompatible h1:rGZKv+wOb6QPzIdkM2KxhBZCDrA0DeN6DNmRDrqIsQU=
+github.com/google/flatbuffers v25.9.23+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/pprof v0.0.0-20250903194437-c28834ac2320 h1:c7ayAhbRP9HnEl/hg/WQOM9s0snWztfW6feWXZbGHw0=
-github.com/google/pprof v0.0.0-20250903194437-c28834ac2320/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
+github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d h1:KJIErDwbSHjnp/SGzE5ed8Aol7JsKiI5X7yWKAtzhM0=
+github.com/google/pprof v0.0.0-20251007162407-5df77e3f7d1d/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/huandu/go-assert v1.1.5/go.mod h1:yOLvuqZwmcHIC5rIzrBhT7D3Q9c3GFnd0JrPVhn/06U=
 github.com/huandu/go-assert v1.1.6 h1:oaAfYxq9KNDi9qswn/6aE0EydfxSa+tWZC1KabNitYs=
 github.com/huandu/go-assert v1.1.6/go.mod h1:JuIfbmYG9ykwvuxoJ3V8TB5QP+3+ajIA54Y44TmkMxs=
-github.com/huandu/go-sqlbuilder v1.36.1 h1:4S17aR2BPW8L2PeotAD4iVhSMjwzk6CO8ABmp3tMEhY=
-github.com/huandu/go-sqlbuilder v1.36.1/go.mod h1:59Zjq93ndlKI6O5kHmkXQpDgriBAPMKuhByEOy6xYK8=
+github.com/huandu/go-clone v1.7.3 h1:rtQODA+ABThEn6J5LBTppJfKmZy/FwfpMUWa8d01TTQ=
+github.com/huandu/go-clone v1.7.3/go.mod h1:ReGivhG6op3GYr+UY3lS6mxjKp7MIGTknuU5TbTVaXE=
+github.com/huandu/go-sqlbuilder v1.38.0 h1:QvjPFwm6y3kpg/8cmvfVgliqDjcgdQx4/wxdu1f3eIE=
+github.com/huandu/go-sqlbuilder v1.38.0/go.mod h1:zdONH67liL+/TvoUMwnZP/sUYGSSvHh9psLe/HpXn8E=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
-github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk=
+github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
+github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
+github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2A=
+github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
+github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
-github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/microsoft/go-mssqldb v1.6.0 h1:mM3gYdVwEPFrlg/Dvr2DNVEgYFG7L42l+dGc67NNNpc=
+github.com/microsoft/go-mssqldb v1.6.0/go.mod h1:00mDtPbeQCRGC1HwOOR5K/gr30P1NcEG0vx6Kbv2aJU=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
-github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
+github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/nicholas-fedor/shoutrrr v0.10.1 h1:dXkEnE9VkDTkuhfmZrg9+nKluYA81urEwSQBFXNqOLI=
+github.com/nicholas-fedor/shoutrrr v0.10.1/go.mod h1:Or06vN+JT5pbyiqLVrGbHMNfsK8hdSpl0pZz7iCnqJQ=
 github.com/oklog/ulid/v2 v2.1.1 h1:suPZ4ARWLOJLegGFiZZ1dFAkqzhMjL3J1TzI+5wHz8s=
 github.com/oklog/ulid/v2 v2.1.1/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
-github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
-github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
-github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
-github.com/otiai10/copy v1.7.0/go.mod h1:rmRl6QPdJj6EiUqXQ/4Nn2lLXoNQjFCQbbNrxgc/t3U=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.3.3/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
+github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE=
+github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw=
+github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
+github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
 github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
 github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
-github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
+github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI=
+github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q=
 github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0=
 github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw=
 github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg=
 github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
-github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287 h1:qIQ0tWF9vxGtkJa24bR+2i53WBCz1nW/Pc47oVYauC4=
-github.com/savsgio/gotils v0.0.0-20250408102913-196191ec6287/go.mod h1:sM7Mt7uEoCeFSCBM+qBrqvEo+/9vdmj19wzp3yzUhmg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
+github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
+github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
+github.com/shirou/gopsutil/v4 v4.25.9 h1:JImNpf6gCVhKgZhtaAHJ0serfFGtlfIlSC08eaKdTrU=
+github.com/shirou/gopsutil/v4 v4.25.9/go.mod h1:gxIxoC+7nQRwUl/xNhutXlD8lq+jxTgpIkEf3rADHL8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/swaggo/fiber-swagger v1.3.0 h1:RMjIVDleQodNVdKuu7GRs25Eq8RVXK7MwY9f5jbobNg=
-github.com/swaggo/fiber-swagger v1.3.0/go.mod h1:18MuDqBkYEiUmeM/cAAB8CI28Bi62d/mys39j1QqF9w=
-github.com/swaggo/files v0.0.0-20220610200504-28940afbdbfe/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w=
-github.com/swaggo/files v1.0.1 h1:J1bVJ4XHZNq0I46UU90611i9/YzdrF7x92oX1ig5IdE=
-github.com/swaggo/files v1.0.1/go.mod h1:0qXmMNH6sXNf+73t65aKeB+ApmgxdnkQzVTAj2uaMUg=
-github.com/swaggo/swag v1.8.1/go.mod h1:ugemnJsPZm/kRwFUnzBlbHRd0JY9zE1M4F+uy2pAaPQ=
-github.com/swaggo/swag v1.16.6 h1:qBNcx53ZaX+M5dxVyTrgQ0PJ/ACK+NzhwcbieTt+9yI=
-github.com/swaggo/swag v1.16.6/go.mod h1:ngP2etMK5a0P3QBizic5MEwpRmluJZPHjXcMoj4Xesg=
+github.com/sxwebdev/tokenmanager v0.0.0-20251005001529-91c1410e16c1 h1:YSJn9p8uiiNy+az+T426clYTNNT/alnZSMvRF2X9QKg=
+github.com/sxwebdev/tokenmanager v0.0.0-20251005001529-91c1410e16c1/go.mod h1:VNajdCRMIriyhiVwU+JCX/XqS+7gOM1OyFghRFxXtoc=
+github.com/sxwebdev/xconfig v0.0.0-20250917185517-9fc0b932f57a h1:3QsG+FAmZ9V7MI16p49yqhLoMDaI5k/Ci5pInO5xl5E=
+github.com/sxwebdev/xconfig v0.0.0-20250917185517-9fc0b932f57a/go.mod h1:G0LSWAtUyWR4RdvDarnbgM1/LCYSB23hr4tm6HBhfUQ=
+github.com/sxwebdev/xconfig v0.2.0 h1:1HR26pcIiVaUUaO5qLMdHuIFLkewSWo5IFvYhAfBF+4=
+github.com/sxwebdev/xconfig v0.2.0/go.mod h1:G0LSWAtUyWR4RdvDarnbgM1/LCYSB23hr4tm6HBhfUQ=
+github.com/sxwebdev/xconfig/decoders/xconfigyaml v0.0.0-20250917185517-9fc0b932f57a h1:ZJ0xDxSDwo9GzhwfkNZl0ZdnBBqe7alWetKF+860Ohw=
+github.com/sxwebdev/xconfig/decoders/xconfigyaml v0.0.0-20250917185517-9fc0b932f57a/go.mod h1:cGLysNNHvnNHKYFVsHfudRZ7BbjXlaDBjFQXiBN4B30=
+github.com/tkcrm/modules v0.0.0-20250909093305-a0b86c209cc5 h1:rqtgAZFbz/Vdnyf6GvoUEP4DWgqvj6/PsI3Gce81h5A=
+github.com/tkcrm/modules v0.0.0-20250909093305-a0b86c209cc5/go.mod h1:uYV10lVr7Ba+Udzdc9kBUMeGd7xILwALLs4yZC7aAyA=
 github.com/tkcrm/mx v0.2.34 h1:reTg836KS00FI+QMBTQIa2wh6/Z28PE7cHBtTw7Y5nQ=
 github.com/tkcrm/mx v0.2.34/go.mod h1:9N8UrILT8mg0IWb2MMtq2MqOMW1CQVIMmEh9ML37N+0=
-github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
+github.com/tkcrm/mx/clients/connectrpc_client v0.0.0-20250618055556-3f77aaa9ddbd h1:CJcZARvmjFLp4MunOGi1fsOJSOzGiMudJ59LfIQzDKs=
+github.com/tkcrm/mx/clients/connectrpc_client v0.0.0-20250618055556-3f77aaa9ddbd/go.mod h1:cpUdawPD7PoUL55hbQZbbbp4+hbPbw0QEWLDMu46bOk=
+github.com/tkcrm/mx/transport/connectrpc_transport v0.0.0-20250618055556-3f77aaa9ddbd h1:a2zSOXliAdXfGKPH9h6QJWpfh0Uv/zfShlp+JzB85Ns=
+github.com/tkcrm/mx/transport/connectrpc_transport v0.0.0-20250618055556-3f77aaa9ddbd/go.mod h1:vGkbLZEJ5vhAumATg5oCXKDQwVmsSKsgps2qyLp+oT4=
+github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
+github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
+github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
+github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
 github.com/urfave/cli/v3 v3.4.1 h1:1M9UOCy5bLmGnuu1yn3t3CB4rG79Rtoxuv1sPhnm6qM=
 github.com/urfave/cli/v3 v3.4.1/go.mod h1:FJSKtM/9AiiTOJL4fJ6TbMUkxBXn7GO9guZqoZtpYpo=
-github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
-github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
-github.com/valyala/fasthttp v1.35.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
-github.com/valyala/fasthttp v1.36.0/go.mod h1:t/G+3rLek+CyY9bnIE+YlMRddxVAAGjhxndDB4i4C0I=
-github.com/valyala/fasthttp v1.65.0 h1:j/u3uzFEGFfRxw79iYzJN+TteTJwbYkru9uDp3d0Yf8=
-github.com/valyala/fasthttp v1.65.0/go.mod h1:P/93/YkKPMsKSnATEeELUCkG8a7Y+k99uxNHVbKINr4=
-github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
-github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
-github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
-github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
+github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+go.akshayshah.org/attest v1.0.0 h1:f66BDlh/xo2KjIfmtqOFlj5cpn6mvGrP1LXY3Tex4L0=
+go.akshayshah.org/attest v1.0.0/go.mod h1:PnWzcW5j9dkyGwTlBmUsYpPnHG0AUPrs1RQ+HrldWO0=
+go.akshayshah.org/connectproto v0.6.0 h1:tqmysQF2AfvUeYS03mRAAZTFpiQeXqhGIDnH1GO2D2U=
+go.akshayshah.org/connectproto v0.6.0/go.mod h1:uA9TR/6MhBlLn0fh8VXRyL26EKTJlimWao4jbz7JHbA=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
 go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
@@ -228,111 +209,66 @@ go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6
 go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
 go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
 go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
-go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
-go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0=
-golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
-golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
+go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b h1:18qgiDvlvH7kk8Ioa8Ov+K6xCi0GMvmGfGW0sgd/SYA=
+golang.org/x/exp v0.0.0-20251009144603-d2f985daa21b/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
+golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
+golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
+golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 h1:/OQuEa4YWtDt7uQWHd3q3sUMb+QOLQUg1xa8CEsRv5w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og=
-google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4=
-google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
-google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
-google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f h1:1FTH6cpXFsENbPR5Bu8NQddPSaUUE6NA2XdZdDSAJK4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251014184007-4626949a642f/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
+google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-modernc.org/cc/v4 v4.26.4 h1:jPhG8oNjtTYuP2FA4YefTJ/wioNUGALmGuEWt7SUR6s=
-modernc.org/cc/v4 v4.26.4/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/cc/v4 v4.26.5 h1:xM3bX7Mve6G8K8b+T11ReenJOT+BmVqQj0FY5T4+5Y4=
+modernc.org/cc/v4 v4.26.5/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.28.1 h1:wPKYn5EC/mYTqBO373jKjvX2n+3+aK7+sICCv4Fjy1A=
 modernc.org/ccgo/v4 v4.28.1/go.mod h1:uD+4RnfrVgE6ec9NGguUNdhqzNIeeomeXf6CL0GTE5Q=
-modernc.org/fileutil v1.3.28 h1:Vp156KUA2nPu9F1NEv036x9UGOjg2qsi5QlWTjZmtMk=
-modernc.org/fileutil v1.3.28/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
+modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.66.8 h1:/awsvTnyN/sNjvJm6S3lb7KZw5WV4ly/sBEG7ZUzmIE=
-modernc.org/libc v1.66.8/go.mod h1:aVdcY7udcawRqauu0HukYYxtBSizV+R80n/6aQe9D5k=
+modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
+modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -341,8 +277,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.38.2 h1:Aclu7+tgjgcQVShZqim41Bbw9Cho0y/7WzYptXqkEek=
-modernc.org/sqlite v1.38.2/go.mod h1:cPTJYSlgg3Sfg046yBShXENNtPrWrDX8bsbAQBzgQ5E=
+modernc.org/sqlite v1.39.1 h1:H+/wGFzuSCIEVCvXYVHX5RQglwhMOvtHSv+VtidL2r4=
+modernc.org/sqlite v1.39.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
diff --git a/internal/agent/agent.go b/internal/agent/agent.go
new file mode 100644
index 0000000..ef89a01
--- /dev/null
+++ b/internal/agent/agent.go
@@ -0,0 +1,121 @@
+package agent
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+
+	"github.com/sxwebdev/sentinel/internal/checker"
+	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/tkcrm/mx/logger"
+)
+
+type Agent struct {
+	logger logger.Logger
+
+	config     *config.ConfigAgent
+	systemInfo models.SystemInfo
+
+	token       string
+	fingerprint string
+
+	client  *client
+	checker *checker.Checker
+	// receiver       *receiver.Receiver
+	checkResultsCh chan checkResult
+
+	mu sync.RWMutex
+	// services      []*models.Service
+	currentState  connectionState
+	changeStateCh chan connectionState
+	isConnection  atomic.Bool
+}
+
+// New creates a new Agent instance
+func New(
+	ctx context.Context,
+	l logger.Logger,
+	config *config.ConfigAgent,
+	// receiver *receiver.Receiver,
+	systemInfo models.SystemInfo,
+) (*Agent, error) {
+	a := &Agent{
+		logger: l,
+		config: config,
+		// receiver:       receiver,
+		systemInfo:     systemInfo,
+		changeStateCh:  make(chan connectionState, 1),
+		checkResultsCh: make(chan checkResult, 100),
+	}
+
+	a.token = config.Token
+	a.fingerprint = a.getFingerprint()
+
+	a.checker = checker.New(
+		l,
+		nil,
+		a.onSuccess,
+		a.onFailure,
+	)
+
+	var err error
+	a.client, err = newClient(
+		ctx,
+		a.logger,
+		a.token,
+		a.fingerprint,
+		a.systemInfo,
+		config.HubServer,
+		a.changeStateCh,
+		a.checkResultsCh,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return a, nil
+}
+
+// Name returns the name of the agent
+func (s *Agent) Name() string {
+	return "sentinel-agent"
+}
+
+// Start starts the agent
+func (s *Agent) Start(ctx context.Context) error {
+	go s.initConnection(ctx)
+
+	errCh := make(chan error, 1)
+	go func() {
+		errCh <- s.checker.Start(ctx)
+	}()
+
+	return <-errCh
+}
+
+// Stop stops the agent
+func (s *Agent) Stop(ctx context.Context) error {
+	return s.checker.Stop(ctx)
+}
+
+// setState sets the connection state
+func (s *Agent) setState(state connectionState) {
+	s.mu.Lock()
+	s.currentState = state
+	s.mu.Unlock()
+}
+
+// getState returns the current connection state
+func (s *Agent) getState() connectionState {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.currentState
+}
+
+// setServices sets the services fetched from the hub server
+// func (s *Agent) setServices(services []*models.Service) {
+// 	s.mu.Lock()
+// 	s.services = services
+// 	s.mu.Unlock()
+// }
diff --git a/internal/agent/checker.go b/internal/agent/checker.go
new file mode 100644
index 0000000..ac614f3
--- /dev/null
+++ b/internal/agent/checker.go
@@ -0,0 +1,38 @@
+package agent
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type checkResult struct {
+	serviceID            string
+	status               models.ServiceStatus
+	checkedAt            time.Time
+	responseMessage      string
+	responseErrorMessage string
+	responseTime         time.Duration
+}
+
+func (s *Agent) onSuccess(ctx context.Context, serviceID string, responseTime time.Duration) error {
+	s.checkResultsCh <- checkResult{
+		serviceID:    serviceID,
+		status:       models.ServiceStatusUp,
+		checkedAt:    time.Now(),
+		responseTime: responseTime,
+	}
+	return nil
+}
+
+func (s *Agent) onFailure(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error {
+	s.checkResultsCh <- checkResult{
+		serviceID:            serviceID,
+		status:               models.ServiceStatusDown,
+		checkedAt:            time.Now(),
+		responseErrorMessage: checkErr.Error(),
+		responseTime:         responseTime,
+	}
+	return nil
+}
diff --git a/internal/agent/client.go b/internal/agent/client.go
new file mode 100644
index 0000000..f5811ff
--- /dev/null
+++ b/internal/agent/client.go
@@ -0,0 +1,239 @@
+package agent
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+	"net/http"
+	"sync/atomic"
+	"time"
+
+	"connectrpc.com/connect"
+	hubv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1/hubv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/tkcrm/mx/clients/connectrpc_client"
+	"github.com/tkcrm/mx/logger"
+	"golang.org/x/net/http2"
+	"google.golang.org/protobuf/types/known/emptypb"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type client struct {
+	logger logger.Logger
+
+	gCtx context.Context
+
+	fingerprint string
+	systemInfo  models.SystemInfo
+
+	changeStateCh  chan<- connectionState
+	checkResultsCh <-chan checkResult
+
+	agentsService hubv1connect.HubServiceClient
+}
+
+func newClient(
+	gCtx context.Context,
+	l logger.Logger,
+	token string,
+	fingerprint string,
+	systemInfo models.SystemInfo,
+	connectRPCConfig connectrpc_client.Config,
+	changeStateCh chan<- connectionState,
+	checkResultsCh <-chan checkResult,
+) (*client, error) {
+	c := &client{
+		logger:         l,
+		gCtx:           gCtx,
+		fingerprint:    fingerprint,
+		systemInfo:     systemInfo,
+		changeStateCh:  changeStateCh,
+		checkResultsCh: checkResultsCh,
+	}
+
+	h2cTransport := &http2.Transport{
+		AllowHTTP: true,
+		DialTLS: func(network, addr string, _ *tls.Config) (net.Conn, error) {
+			return net.Dial(network, addr)
+		},
+	}
+
+	agentsService, err := connectrpc_client.New(
+		connectRPCConfig, l,
+		hubv1connect.NewHubServiceClient,
+		connectrpc_client.WithContext(gCtx),
+		connectrpc_client.WithConnectrpcOpts(
+			connect.WithInterceptors(
+				newInterceptor(token),
+			),
+		),
+		connectrpc_client.WithHttpClient(
+			&http.Client{Transport: h2cTransport},
+		),
+	)
+	if err != nil {
+		return nil, err
+	}
+	c.agentsService = agentsService
+
+	return c, nil
+}
+
+// Ping checks the connectivity with the hub server.
+func (c *client) Ping(ctx context.Context) error {
+	_, err := c.agentsService.Ping(ctx, connect.NewRequest(&emptypb.Empty{}))
+	return err
+}
+
+// Authenticate authenticates the client with the hub server.
+func (c *client) Authenticate(ctx context.Context) error {
+	_, err := c.agentsService.Authenticate(ctx, connect.NewRequest(&hubv1.AuthenticateRequest{
+		Fingerprint: c.fingerprint,
+	}))
+	return err
+}
+
+// ReportSystemInfo reports the system information to the hub server.
+func (c *client) ReportSystemInfo(ctx context.Context) error {
+	_, err := c.agentsService.ReportSystemInfo(ctx, connect.NewRequest(&hubv1.ReportSystemInfoRequest{
+		Status:     ptconverts.ConvertAgentStatusToProto(models.AgentStatusTypeActive),
+		SystemInfo: ptconverts.ConvertSystemInfoToProto(c.systemInfo),
+	}))
+	return err
+}
+
+// FetchServices fetches the list of services from the hub server.
+// func (c *client) FetchServices(ctx context.Context) ([]*models.Service, error) {
+// 	resp, err := c.agentsService.FetchServices(ctx, connect.NewRequest(&hubv1.FetchServicesRequest{}))
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	services := make([]*models.Service, 0, len(resp.Msg.Services))
+// 	for _, svcProto := range resp.Msg.Services {
+// 		svc, err := ptconverts.ConvertServiceFromProto(svcProto)
+// 		if err != nil {
+// 			return nil, err
+// 		}
+
+// 		services = append(services, svc)
+// 	}
+
+// 	return services, nil
+// }
+
+// SubscribeServices subscribes to service updates from the hub server.
+// func (c *client) SubscribeServices(ctx context.Context, handler func(eventType subscribeServiceType, svcID string, svc *models.Service)) error {
+// 	c.logger.Infoln("subscribed to service updates")
+// 	defer func() {
+// 		c.changeStateCh <- connectionStateDisconnected
+// 		c.logger.Infoln("unsubscribing from service updates")
+// 	}()
+
+// 	stream, err := c.agentsService.SubscribeServices(ctx, connect.NewRequest(&hubv1.SubscribeServicesRequest{}))
+// 	if err != nil {
+// 		return err
+// 	}
+
+// 	defer func() {
+// 		if err := stream.Close(); err != nil {
+// 			c.logger.Errorf("failed to close stream: %s", err)
+// 		}
+// 	}()
+
+// 	for stream.Receive() {
+// 		msg := stream.Msg()
+
+// 		eventType := subscribeServiceTypeUpsert
+// 		var svcID string
+// 		if msg.GetDelete() != nil {
+// 			eventType = subscribeServiceTypeDelete
+// 			svcID = msg.GetDelete().GetServiceId()
+// 		}
+
+// 		var svc *models.Service
+// 		if msg.GetUpsert() != nil {
+// 			svcID = msg.GetUpsert().GetService().GetId()
+// 			svc, err = ptconverts.ConvertServiceFromProto(msg.GetUpsert().GetService())
+// 			if err != nil {
+// 				return err
+// 			}
+// 		}
+
+// 		handler(eventType, svcID, svc)
+// 	}
+
+// 	return nil
+// }
+
+// StreamChecks streams check results to the hub server.
+func (c *client) StreamChecks(ctx context.Context) error {
+	stream := c.agentsService.StreamChecks(ctx)
+
+	defer stream.CloseResponse()
+
+	errChan := make(chan error, 1)
+	// confirmedChan := make(chan uint64, 1)
+	var lastSentSequence atomic.Uint64
+	var lastConfirmedSequence atomic.Uint64
+
+	// handle confirmations
+	go func() {
+		for c.gCtx.Err() == nil {
+			res, err := stream.Receive()
+			if err != nil {
+				errChan <- err
+			}
+
+			// confirmedChan <- res.GetUptoSeq()
+			lastConfirmedSequence.Store(res.GetUptoSeq())
+		}
+	}()
+
+	// send check results
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-c.gCtx.Done():
+			return nil
+		case err := <-errChan:
+			// try to send last message again with delay
+			return err
+			// 	case <-confirmedChan:
+			// try to send next chunk with results
+		case res := <-c.checkResultsCh:
+			for c.gCtx.Err() == nil {
+				if lastSentSequence.Load() != lastConfirmedSequence.Load() {
+					time.Sleep(5 * time.Millisecond)
+					continue
+				}
+
+				err := stream.Send(&hubv1.StreamChecksRequest{
+					Seq: lastSentSequence.Load() + 1,
+					Results: []*hubv1.CheckResult{
+						{
+							ServiceId:            res.serviceID,
+							Status:               ptconverts.ConvertServiceStatusToProto(res.status),
+							CheckedAt:            timestamppb.New(res.checkedAt),
+							ResponseMessage:      res.responseMessage,
+							ResponseErrorMessage: res.responseErrorMessage,
+							ResponseTime:         int64(res.responseTime.Milliseconds()),
+						},
+					},
+				})
+				if err != nil {
+					// try to send again
+					c.logger.Errorf("failed to send check result, retrying: %s", err)
+					time.Sleep(1 * time.Second)
+					continue
+				}
+
+				lastSentSequence.Add(1)
+				break
+			}
+		}
+	}
+}
diff --git a/internal/agent/connection.go b/internal/agent/connection.go
new file mode 100644
index 0000000..32f7b39
--- /dev/null
+++ b/internal/agent/connection.go
@@ -0,0 +1,154 @@
+package agent
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/tkcrm/modules/pkg/retry"
+)
+
+// connectionState represents the state of the connection.
+type connectionState uint8
+
+const (
+	connectionStateDisconnected connectionState = iota // No active connection
+	connectionStateConnected                           // Connected
+)
+
+// String returns the string representation of the ConnectionState.
+func (cs connectionState) String() string {
+	switch cs {
+	case connectionStateDisconnected:
+		return "disconnected"
+	case connectionStateConnected:
+		return "connected"
+	default:
+		return "unknown"
+	}
+}
+
+// initConnection is a goroutine that manages the connection lifecycle.
+func (s *Agent) initConnection(ctx context.Context) {
+	// immediately try to connect
+	go func() {
+		s.changeStateCh <- connectionStateDisconnected
+	}()
+
+	// main connection loop
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case newState := <-s.changeStateCh:
+			s.setState(newState)
+
+			s.logger.Infoln("connection state changed to:", newState.String())
+
+			if newState == connectionStateDisconnected {
+				if !s.isConnection.CompareAndSwap(false, true) {
+					continue
+				}
+
+				if err := retry.New(
+					retry.WithContext(ctx),
+					retry.WithPolicy(retry.PolicyInfinite),
+					retry.WithDelay(2*time.Second),
+				).Do(func() error {
+					s.logger.Infoln("try to connecting to hub server:", s.config.HubServer.Addr)
+					err := s.connect(ctx)
+					if err != nil {
+						s.logger.Errorln("failed to connect to hub server:", err)
+					}
+					return err
+				}); err != nil {
+					s.logger.Errorf("unexpected error while connecting to hub server: %s", err)
+				}
+			}
+		}
+	}
+}
+
+// connect establishes a connection to the hub server.
+func (s *Agent) connect(ctx context.Context) error {
+	defer s.isConnection.Store(false)
+
+	if state := s.getState(); state == connectionStateConnected {
+		s.logger.Error("already connected to hub server")
+		return nil
+	}
+
+	if err := s.client.Authenticate(ctx); err != nil {
+		return fmt.Errorf("failed to authenticate on hub: %w", err)
+	}
+
+	s.logger.Infoln("successfully authenticated to hub server")
+
+	s.logger.Infoln("reporting system info to hub server")
+
+	if err := s.client.ReportSystemInfo(ctx); err != nil {
+		return fmt.Errorf("failed to report system info: %w", err)
+	}
+
+	s.logger.Infoln("system info reported successfully")
+
+	s.logger.Infoln("fetching services from hub server")
+
+	// services, err := s.client.FetchServices(ctx)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to fetch services: %w", err)
+	// }
+
+	// s.logger.Infoln("services fetched successfully count:", len(services))
+
+	// for _, svc := range services {
+	// 	s.checker.AddService(ctx, checker.AddServiceParams{
+	// 		ID:        svc.ID,
+	// 		Name:      svc.Name,
+	// 		Protocol:  svc.Protocol,
+	// 		IsEnabled: svc.IsEnabled,
+	// 		Interval:  time.Duration(svc.Interval) * time.Millisecond,
+	// 		Timeout:   time.Duration(svc.Timeout) * time.Millisecond,
+	// 		Retries:   svc.Retries,
+	// 		Config:    svc.Config.ConvertToMap(),
+	// 	})
+	// }
+
+	// if len(services) > 0 {
+	// 	s.logger.Infoln("added services to checker count:", len(services))
+	// }
+
+	s.changeStateCh <- connectionStateConnected
+
+	// subscribe to service updates
+	// go func() {
+	// 	if err := s.client.SubscribeServices(ctx, func(eventType subscribeServiceType, serviceID string, service *models.Service) {
+	// 		switch eventType {
+	// 		case subscribeServiceTypeUpsert:
+	// 			s.checker.AddService(ctx, checker.AddServiceParams{
+	// 				ID:        service.ID,
+	// 				Name:      service.Name,
+	// 				Protocol:  service.Protocol,
+	// 				IsEnabled: service.IsEnabled,
+	// 				Interval:  time.Duration(service.Interval) * time.Millisecond,
+	// 				Timeout:   time.Duration(service.Timeout) * time.Millisecond,
+	// 				Retries:   service.Retries,
+	// 				Config:    service.Config.ConvertToMap(),
+	// 			})
+	// 		case subscribeServiceTypeDelete:
+	// 			s.checker.DeleteService(serviceID)
+	// 		}
+	// 	}); err != nil {
+	// 		s.logger.Errorf("error while subscribing to services: %v", err)
+	// 	}
+	// }()
+
+	// stream check results
+	go func() {
+		if err := s.client.StreamChecks(ctx); err != nil {
+			s.logger.Errorf("error while streaming checks: %v", err)
+		}
+	}()
+
+	return nil
+}
diff --git a/internal/agent/fingerprint.go b/internal/agent/fingerprint.go
new file mode 100644
index 0000000..a2153ca
--- /dev/null
+++ b/internal/agent/fingerprint.go
@@ -0,0 +1,40 @@
+package agent
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"log/slog"
+	"os"
+	"path/filepath"
+
+	"github.com/shirou/gopsutil/v4/host"
+)
+
+func (a *Agent) getFingerprint() string {
+	// first look for a fingerprint in the data directory
+	if a.config.DataDir != "" {
+		if fp, err := os.ReadFile(filepath.Join(a.config.AgentDataDir(), "fingerprint")); err == nil {
+			return string(fp)
+		}
+	}
+
+	// if no fingerprint is found, generate one
+	fingerprint, err := host.HostID()
+	if err != nil || fingerprint == "" {
+		fingerprint = a.systemInfo.Hostname + a.systemInfo.CpuModel
+	}
+
+	// hash fingerprint
+	sum := sha256.Sum256([]byte(fingerprint))
+	fingerprint = hex.EncodeToString(sum[:24])
+
+	// save fingerprint to data directory
+	if a.config.DataDir != "" {
+		err = os.WriteFile(filepath.Join(a.config.AgentDataDir(), "fingerprint"), []byte(fingerprint), 0o644)
+		if err != nil {
+			slog.Warn("Failed to save fingerprint", "err", err)
+		}
+	}
+
+	return fingerprint
+}
diff --git a/internal/agent/interceptor.go b/internal/agent/interceptor.go
new file mode 100644
index 0000000..b237e3d
--- /dev/null
+++ b/internal/agent/interceptor.go
@@ -0,0 +1,45 @@
+package agent
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+)
+
+// interceptor is a client-side Connect interceptor that injects the
+// Authorization header into every outgoing request.
+type interceptor struct {
+	token string
+}
+
+// newInterceptor creates a new interceptor that will set
+// Authorization: Sentinel <token> on all requests.
+func newInterceptor(token string) connect.Interceptor { //nolint:ireturn
+	return &interceptor{token: token}
+}
+
+// WrapUnary sets the Authorization header for unary RPCs.
+func (i *interceptor) WrapUnary(next connect.UnaryFunc) connect.UnaryFunc { //nolint:ireturn
+	return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+		// Set header only on client side; on handler side Header() returns request headers from client.
+		if req.Spec().IsClient {
+			req.Header().Set("Authorization", "Sentinel "+i.token)
+		}
+		return next(ctx, req)
+	}
+}
+
+// WrapStreamingClient sets the Authorization header for streaming RPCs (client-side).
+func (i *interceptor) WrapStreamingClient(next connect.StreamingClientFunc) connect.StreamingClientFunc { //nolint:ireturn
+	return func(ctx context.Context, spec connect.Spec) connect.StreamingClientConn {
+		conn := next(ctx, spec)
+		// The request headers are sent with the first call to Send; set before that happens.
+		conn.RequestHeader().Set("Authorization", "Sentinel "+i.token)
+		return conn
+	}
+}
+
+// WrapStreamingHandler is a no-op for client-side interceptor; just forward.
+func (i *interceptor) WrapStreamingHandler(next connect.StreamingHandlerFunc) connect.StreamingHandlerFunc { //nolint:ireturn
+	return next
+}
diff --git a/internal/agent/types.go b/internal/agent/types.go
new file mode 100644
index 0000000..3bbbc82
--- /dev/null
+++ b/internal/agent/types.go
@@ -0,0 +1,8 @@
+package agent
+
+type subscribeServiceType int
+
+const (
+	subscribeServiceTypeUpsert subscribeServiceType = iota + 1
+	subscribeServiceTypeDelete
+)
diff --git a/internal/alertresolver/alertresolver.go b/internal/alertresolver/alertresolver.go
new file mode 100644
index 0000000..387c9b8
--- /dev/null
+++ b/internal/alertresolver/alertresolver.go
@@ -0,0 +1,238 @@
+package alertresolver
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/tkcrm/mx/logger"
+)
+
+type AlertResolver struct {
+	logger       logger.Logger
+	baseservices *baseservices.BaseServices
+}
+
+func New(l logger.Logger, baseservices *baseservices.BaseServices) *AlertResolver {
+	return &AlertResolver{
+		logger:       l,
+		baseservices: baseservices,
+	}
+}
+
+// RecordSuccess records a successful check for a service
+func (m *AlertResolver) RecordSuccess(ctx context.Context, serviceID string, responseTime time.Duration) error {
+	// Get current service state
+	// serviceState, err := m.baseservices.ServiceStates().GetByServiceID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to get service state: %w", err)
+	// }
+
+	// // Update state
+	// now := time.Now()
+	// updateParams := servicestate.UpdateParams{
+	// 	ServiceState: models.ServiceState{
+	// 		Status:             models.ServiceStatusUp,
+	// 		LastCheck:          &now,
+	// 		AvgResponseTime:    utils.Pointer(responseTime.Milliseconds()),
+	// 		ConsecutiveFails:   0,
+	// 		ConsecutiveSuccess: serviceState.ConsecutiveSuccess + 1,
+	// 		TotalChecks:        serviceState.TotalChecks + 1,
+	// 		LastError:          nil,
+	// 	},
+	// 	FieldMask: dbutils.FieldMask[repo_service_states.ColumnName]{
+	// 		repo_service_states.ColumnNameServiceStatesStatus,
+	// 		repo_service_states.ColumnNameServiceStatesLastCheck,
+	// 		repo_service_states.ColumnNameServiceStatesAvgResponseTime,
+	// 		repo_service_states.ColumnNameServiceStatesConsecutiveFails,
+	// 		repo_service_states.ColumnNameServiceStatesConsecutiveSuccess,
+	// 		repo_service_states.ColumnNameServiceStatesTotalChecks,
+	// 		repo_service_states.ColumnNameServiceStatesLastError,
+	// 	},
+	// }
+
+	// // Save to database
+	// if _, err := m.baseservices.ServiceStates().Update(ctx, serviceState.ID, updateParams); err != nil {
+	// 	return fmt.Errorf("failed to update service state: %w", err)
+	// }
+
+	// // Resolve any active incidents
+	// if err := m.resolveActiveIncidents(ctx, serviceID); err != nil {
+	// 	return err
+	// }
+
+	return nil
+}
+
+// RecordFailure records a failed check for a service
+func (m *AlertResolver) RecordFailure(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error {
+	// Get current service state
+	// serviceState, err := m.baseservices.ServiceStates().GetByServiceID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to get service state: %w", err)
+	// }
+
+	// // Update state
+	// now := time.Now()
+	// wasUp := serviceState.Status == models.ServiceStatusUp || serviceState.Status == models.ServiceStatusUnknown
+
+	// updateParams := servicestate.UpdateParams{
+	// 	ServiceState: models.ServiceState{
+	// 		Status:             models.ServiceStatusDown,
+	// 		LastCheck:          &now,
+	// 		AvgResponseTime:    utils.Pointer(responseTime.Milliseconds()),
+	// 		ConsecutiveFails:   serviceState.ConsecutiveFails + 1,
+	// 		ConsecutiveSuccess: 0,
+	// 		TotalChecks:        serviceState.TotalChecks + 1,
+	// 		LastError:          utils.Pointer(checkErr.Error()),
+	// 	},
+	// 	FieldMask: dbutils.FieldMask[repo_service_states.ColumnName]{
+	// 		repo_service_states.ColumnNameServiceStatesStatus,
+	// 		repo_service_states.ColumnNameServiceStatesLastCheck,
+	// 		repo_service_states.ColumnNameServiceStatesAvgResponseTime,
+	// 		repo_service_states.ColumnNameServiceStatesConsecutiveFails,
+	// 		repo_service_states.ColumnNameServiceStatesConsecutiveSuccess,
+	// 		repo_service_states.ColumnNameServiceStatesTotalChecks,
+	// 		repo_service_states.ColumnNameServiceStatesLastError,
+	// 	},
+	// }
+
+	// // Save to database
+	// if _, err := m.baseservices.ServiceStates().Update(ctx, serviceState.ID, updateParams); err != nil {
+	// 	return fmt.Errorf("failed to update service state: %w", err)
+	// }
+
+	// // Create incident if service was up before
+	// if wasUp {
+	// 	if err := m.createIncident(ctx, serviceID, checkErr); err != nil {
+	// 		return fmt.Errorf("failed to create incident: %w", err)
+	// 	}
+	// }
+
+	return nil
+}
+
+// createIncident creates a new incident when a service goes down
+func (m *AlertResolver) createIncident(ctx context.Context, serviceID string, err error) error {
+	// Save incident to storage
+	// incident, err := m.baseservices.Incidents().Create(ctx, incidents.CreateParams{
+	// 	ServiceID: serviceID,
+	// 	Error:     err.Error(),
+	// })
+	// if err != nil {
+	// 	return fmt.Errorf("failed to save incident: %w", err)
+	// }
+
+	// // Get current service from database
+	// svc, err := m.baseservices.Services().GetViewByID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("service %s not found in database: %w", serviceID, err)
+	// }
+
+	// // Send alert notification
+	// message := m.formatAlertMessage(svc, incident)
+	// if err := m.baseservices.Notifications().History().SendAlert(ctx, serviceID, incident.ID, message); err != nil {
+	// 	m.logger.Errorf("failed to send alert notification: %v", err)
+	// }
+
+	return nil
+}
+
+// resolveActiveIncidents resolves the active incident when a service recovers
+func (m *AlertResolver) resolveActiveIncidents(ctx context.Context, serviceID string) error {
+	// Get service
+	// svc, err := m.baseservices.Services().GetViewByID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to get service: %w", err)
+	// }
+
+	// // Resolve all active incidents for this service
+	// incidents, err := m.baseservices.Incidents().GetAllUnresolvedByServiceID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to resolve incidents: %w", err)
+	// }
+
+	// if len(incidents) == 0 {
+	// 	// No active incidents to resolve
+	// 	return nil
+	// }
+
+	// for _, incident := range incidents {
+	// 	resolverIncident, err := m.baseservices.Incidents().ResolveByID(ctx, incident.ID)
+	// 	if err != nil {
+	// 		return fmt.Errorf("failed to resolve incident %s: %w", incident.ID, err)
+	// 	}
+
+	// 	message := m.formatRecoveryMessage(svc, resolverIncident)
+	// 	if err := m.baseservices.Notifications().History().SendAlert(ctx, svc.ID, resolverIncident.ID, message); err != nil {
+	// 		m.logger.Errorf("failed to send recovery notification for %s: %v", svc.Name, err)
+	// 	}
+	// }
+
+	return nil
+}
+
+// formatAlertMessage formats an alert message
+func (s *AlertResolver) formatAlertMessage(service *models.ServiceFullView, incident *models.Incident) string {
+	tags := "-"
+	if len(service.Tags) > 0 {
+		tags = strings.Join(service.Tags, ", ")
+	}
+
+	return fmt.Sprintf(
+		"🔴 [ALERT] %s is DOWN\n\n"+
+			"• Service: %s\n"+
+			"• Tags: %s\n"+
+			"• Error: %s\n"+
+			"• Started: %s\n"+
+			"• Incident ID: %s",
+		service.Name,
+		service.Name,
+		tags,
+		incident.Summary,
+		incident.CreatedAt.Format("2006-01-02 15:04:05"),
+		incident.ID,
+	)
+}
+
+// formatRecoveryMessage formats a recovery message
+func (s *AlertResolver) formatRecoveryMessage(service *models.ServiceFullView, incident *models.Incident) string {
+	// var duration string
+	// if incident.Duration != nil {
+	// 	duration = utils.FormatDuration(time.Duration(*incident.Duration) * time.Millisecond)
+	// } else {
+	// 	duration = utils.FormatDuration(time.Since(incident.CreatedAt))
+	// }
+
+	// var resolvedAt string
+	// if incident.ResolvedAt != nil {
+	// 	resolvedAt = incident.ResolvedAt.Format("2006-01-02 15:04:05")
+	// } else {
+	// 	resolvedAt = time.Now().Format("2006-01-02 15:04:05")
+	// }
+
+	// tags := "-"
+	// if len(service.Tags) > 0 {
+	// 	tags = strings.Join(service.Tags, ", ")
+	// }
+
+	// return fmt.Sprintf(
+	// 	"🟢 [RECOVERY] %s is UP\n\n"+
+	// 		"• Service: %s\n"+
+	// 		"• Tags: %s\n"+
+	// 		"• Downtime: %s\n"+
+	// 		"• Recovered: %s\n"+
+	// 		"• Incident ID: %s",
+	// 	service.Name,
+	// 	service.Name,
+	// 	tags,
+	// 	duration,
+	// 	resolvedAt,
+	// 	incident.ID,
+	// )
+
+	return ""
+}
diff --git a/internal/apiserver/agents.go b/internal/apiserver/agents.go
new file mode 100644
index 0000000..4f73578
--- /dev/null
+++ b/internal/apiserver/agents.go
@@ -0,0 +1,232 @@
+package apiserver
+
+import (
+	"context"
+	"net/http"
+
+	"connectrpc.com/connect"
+	agentsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_agents"
+	"github.com/tkcrm/modules/pkg/db/dbutils"
+	"github.com/tkcrm/mx/logger"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type AgentsServer struct {
+	gCtx   context.Context
+	logger logger.Logger
+
+	bs *baseservices.BaseServices
+
+	agentsv1connect.UnimplementedAgentsServiceHandler
+}
+
+func newAgentsServer(
+	gCtx context.Context,
+	logger logger.Logger,
+	bs *baseservices.BaseServices,
+) *AgentsServer {
+	return &AgentsServer{
+		gCtx:   gCtx,
+		logger: logger,
+		bs:     bs,
+	}
+}
+
+// Name returns the name of the agents server
+func (s *AgentsServer) Name() string { return agentsv1connect.AgentsServiceName }
+
+// RegisterHandler registers the agents server handler
+func (s *AgentsServer) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return agentsv1connect.NewAgentsServiceHandler(s, opts...)
+}
+
+// AgentsList lists all agents
+func (s *AgentsServer) AgentsList(
+	ctx context.Context,
+	_ *connect.Request[agentsv1.AgentsListRequest],
+) (*connect.Response[agentsv1.AgentsListResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	data, err := s.bs.Agents().Find(ctx, agents.FindParams{
+		ProjectID: ctxData.Project.ID,
+	})
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&agentsv1.AgentsListResponse{
+		Items: make([]*agentsv1.Agent, 0, len(data.Items)),
+		Count: data.Count,
+	})
+
+	for _, a := range data.Items {
+		agent, err := ptconverts.ConvertAgentToProto(a)
+		if err != nil {
+			return nil, newConnectError(err)
+		}
+		res.Msg.Items = append(res.Msg.Items, agent)
+	}
+
+	return res, nil
+}
+
+// AgentsGet returns agent by ID
+func (s *AgentsServer) AgentsGet(
+	ctx context.Context,
+	req *connect.Request[agentsv1.AgentsGetRequest],
+) (*connect.Response[agentsv1.AgentsGetResponse], error) {
+	item, err := s.bs.Agents().GetByID(ctx, req.Msg.GetId())
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	pbitem, err := ptconverts.ConvertAgentToProto(item)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	return connect.NewResponse(&agentsv1.AgentsGetResponse{Item: pbitem}), nil
+}
+
+// AgentsCreate creates a new agent
+func (s *AgentsServer) AgentsCreate(
+	ctx context.Context,
+	req *connect.Request[agentsv1.AgentsCreateRequest],
+) (*connect.Response[agentsv1.AgentsCreateResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	params := agents.CreateParams{
+		Name:        req.Msg.GetName(),
+		Description: req.Msg.Description,
+		Kind:        models.AgentKindTypeExternal,
+		Tags:        append([]string(nil), req.Msg.GetTags()...),
+		Config:      models.AgentConfig{},
+		IsEnabled:   req.Msg.GetIsEnabled(),
+		ProjectID:   ctxData.Project.ID,
+	}
+
+	created, err := s.bs.Agents().Create(ctx, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	cfg, err := ptconverts.ConvertAgentConfigToProto(created.Config)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	pbitem := &agentsv1.AgentsCreateResponse{
+		Id:          created.ID,
+		Name:        created.Name,
+		Description: created.Description,
+		Token:       created.Token,
+		TokenHint:   created.TokenHint,
+		Status:      ptconverts.ConvertAgentStatusToProto(created.Status),
+		IsEnabled:   created.IsEnabled,
+		Tags:        created.Tags,
+		Config:      cfg,
+		CreatedAt:   timestamppb.New(created.CreatedAt),
+	}
+
+	return connect.NewResponse(pbitem), nil
+}
+
+// AgentsUpdate updates an agent by ID
+func (s *AgentsServer) AgentsUpdate(
+	ctx context.Context,
+	req *connect.Request[agentsv1.AgentsUpdateRequest],
+) (*connect.Response[agentsv1.AgentsUpdateResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	params := agents.UpdateParams{
+		Name:        req.Msg.GetName(),
+		Description: req.Msg.Description,
+		IsEnabled:   req.Msg.GetIsEnabled(),
+		Tags:        req.Msg.GetTags(),
+		Config:      models.AgentConfig{},
+		FieldMask: dbutils.FieldMask[repo_agents.ColumnName]{
+			repo_agents.ColumnNameAgentsName,
+			repo_agents.ColumnNameAgentsDescription,
+			repo_agents.ColumnNameAgentsIsEnabled,
+			repo_agents.ColumnNameAgentsTags,
+			repo_agents.ColumnNameAgentsConfig,
+		},
+	}
+
+	item, err := s.bs.Agents().Update(ctx, req.Msg.GetId(), ctxData.Project.ID, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	pbitem, err := ptconverts.ConvertAgentToProto(item)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	return connect.NewResponse(&agentsv1.AgentsUpdateResponse{Item: pbitem}), nil
+}
+
+// AgentsDelete deletes an agent by ID
+func (s *AgentsServer) AgentsDelete(
+	ctx context.Context,
+	req *connect.Request[agentsv1.AgentsDeleteRequest],
+) (*connect.Response[agentsv1.AgentsDeleteResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	if err := s.bs.Agents().Delete(ctx, req.Msg.GetId(), ctxData.Project.ID); err != nil {
+		return nil, newConnectError(err)
+	}
+	return connect.NewResponse(&agentsv1.AgentsDeleteResponse{}), nil
+}
+
+func (s *AgentsServer) AgentsSubscribe(
+	ctx context.Context,
+	req *connect.Request[agentsv1.AgentsSubscribeRequest],
+	stream *connect.ServerStream[agentsv1.AgentsSubscribeResponse],
+) error {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return newConnectError(err)
+	}
+
+	broker := s.bs.Dispatcher().Agents()
+	sub := broker.Subscribe()
+	defer broker.Unsubscribe(sub)
+
+	for ctx.Err() == nil {
+		select {
+		case msg := <-sub:
+			if msg.ProjectID != ctxData.Project.ID {
+				continue
+			}
+
+			if err := stream.Send(&agentsv1.AgentsSubscribeResponse{}); err != nil {
+				s.logger.Errorf("failed to send agent subscription update: %v", err)
+			}
+		case <-ctx.Done():
+			return nil
+		case <-s.gCtx.Done():
+			return nil
+		}
+	}
+
+	return nil
+}
diff --git a/internal/apiserver/auth.go b/internal/apiserver/auth.go
new file mode 100644
index 0000000..8733eb0
--- /dev/null
+++ b/internal/apiserver/auth.go
@@ -0,0 +1,265 @@
+package apiserver
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"connectrpc.com/connect"
+	authpbv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect"
+	"github.com/sxwebdev/sentinel/internal/servers/hutils"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/auth"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type AuthServer struct {
+	baseServices *baseservices.BaseServices
+
+	authv1connect.UnimplementedAuthServiceHandler
+}
+
+func newAuthServer(
+	baseServices *baseservices.BaseServices,
+) *AuthServer {
+	return &AuthServer{
+		baseServices: baseServices,
+	}
+}
+
+func (s *AuthServer) Name() string { return authv1connect.AuthServiceName }
+
+func (s *AuthServer) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return authv1connect.NewAuthServiceHandler(s, opts...)
+}
+
+/*
+
+	Authorization
+
+*/
+
+func (s *AuthServer) Authorization(
+	ctx context.Context,
+	req *connect.Request[authpbv1.AuthorizationRequest],
+) (*connect.Response[authpbv1.AuthorizationResponse], error) {
+	req.Msg.Email = hutils.NormalizeEmail(req.Msg.GetEmail())
+
+	if req.Msg.GetEmail() == "" {
+		return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("email is required"))
+	}
+
+	deviceInfo := req.Msg.GetDeviceInfo()
+	if deviceInfo == nil {
+		return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("device info is required"))
+	}
+
+	sessData := auth.SessionData{
+		DeviceInfo: auth.DeviceInfo{
+			DeviceID:    deviceInfo.GetDeviceId(),
+			DeviceType:  convertPbToDeviceType(deviceInfo.GetDeviceType()),
+			DeviceName:  deviceInfo.GetDeviceName(),
+			Fingerprint: deviceInfo.GetFingerprint(),
+			OSVersion:   deviceInfo.GetOsVersion(),
+			AppVersion:  deviceInfo.GetAppVersion(),
+		},
+	}
+
+	data, err := s.baseServices.Auth().Authorization(ctx, req.Msg.GetEmail(), req.Msg.GetPassword(), sessData)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	resp := &authpbv1.AuthorizationResponse{
+		AuthPayload: &authpbv1.AuthPayload{
+			AccessToken:           data.SessionPair.AccessToken,
+			RefreshToken:          data.SessionPair.RefreshToken,
+			AccessTokenExpiredAt:  timestamppb.New(data.AccessTokenData.Expiry),
+			RefreshTokenExpiredAt: timestamppb.New(data.RefreshTokenData.Expiry),
+			DeviceId:              data.AccessTokenData.AdditionalData.DeviceInfo.DeviceID,
+		},
+		User: ptconverts.ConvertUserToProto(data.User),
+	}
+
+	res := connect.NewResponse(resp)
+
+	return res, nil
+}
+
+/*
+Authenticate
+*/
+func (s *AuthServer) Authenticate(
+	ctx context.Context,
+	req *connect.Request[authpbv1.AuthenticateRequest],
+) (*connect.Response[authpbv1.AuthenticateResponse], error) {
+	if req.Msg.GetAccessToken() == "" {
+		return nil, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("access token is required"))
+	}
+
+	claims, err := s.baseServices.Auth().Manager().Authenticate(ctx, req.Msg.GetAccessToken())
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("invalid access token: %w", err))
+	}
+
+	if claims == nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("empty claims"))
+	}
+
+	// get user
+	user, err := s.baseServices.Users().GetByID(ctx, claims.UserID)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("get user id: %w", err))
+	}
+
+	resp := &authpbv1.AuthenticateResponse{
+		User: ptconverts.ConvertUserToProto(user),
+	}
+
+	res := connect.NewResponse(resp)
+
+	return res, nil
+}
+
+/*
+
+	RefreshToken
+
+*/
+
+func (s *AuthServer) RefreshToken(
+	ctx context.Context,
+	req *connect.Request[authpbv1.RefreshTokenRequest],
+) (*connect.Response[authpbv1.RefreshTokenResponse], error) {
+	data, err := s.baseServices.Auth().RefreshToken(ctx, req.Msg.RefreshToken)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	res := connect.NewResponse(&authpbv1.RefreshTokenResponse{
+		AccessToken:           data.SessionPair.AccessToken,
+		RefreshToken:          data.SessionPair.RefreshToken,
+		AccessTokenExpiredAt:  timestamppb.New(data.AccessTokenData.Expiry),
+		RefreshTokenExpiredAt: timestamppb.New(data.RefreshTokenData.Expiry),
+	})
+
+	return res, nil
+}
+
+// ActiveSessions
+func (s *AuthServer) ActiveSessions(
+	ctx context.Context,
+	_ *connect.Request[authpbv1.ActiveSessionsRequest],
+) (*connect.Response[authpbv1.ActiveSessionsResponse], error) {
+	userData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	data, err := s.baseServices.Auth().Manager().GetAllSessions(ctx, userData.User.ID)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	sessions := make([]*authpbv1.Session, 0, len(data))
+	for _, session := range data {
+		if session.AdditionalData.Country == "" {
+			session.AdditionalData.Country = "Unknown"
+		}
+
+		if session.AdditionalData.IP == "" {
+			session.AdditionalData.IP = "Unknown"
+		}
+
+		sessions = append(sessions, &authpbv1.Session{
+			DeviceInfo: &authpbv1.DeviceInfo{
+				DeviceId:    session.AdditionalData.DeviceInfo.DeviceID,
+				DeviceType:  convertDeviceTypeToPb(session.AdditionalData.DeviceInfo.DeviceType),
+				DeviceName:  session.AdditionalData.DeviceInfo.DeviceName,
+				Fingerprint: session.AdditionalData.DeviceInfo.Fingerprint,
+				OsVersion:   session.AdditionalData.DeviceInfo.OSVersion,
+				AppVersion:  session.AdditionalData.DeviceInfo.AppVersion,
+			},
+			Country:   session.AdditionalData.Country,
+			Ip:        session.AdditionalData.IP,
+			CreatedAt: timestamppb.New(session.AdditionalData.CreatedAt),
+		})
+	}
+
+	res := connect.NewResponse(&authpbv1.ActiveSessionsResponse{
+		Sessions: sessions,
+	})
+
+	return res, nil
+}
+
+// DeleteSession
+func (s *AuthServer) DeleteSession(
+	ctx context.Context,
+	req *connect.Request[authpbv1.DeleteSessionRequest],
+) (*connect.Response[authpbv1.DeleteSessionResponse], error) {
+	userData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	if err := s.baseServices.Auth().Manager().DeleteSession(ctx, userData.User.ID, req.Msg.GetDeviceId()); err != nil {
+		return nil, newConnectError(err)
+	}
+
+	return connect.NewResponse(new(authpbv1.DeleteSessionResponse)), nil
+}
+
+// TerminateAllSessions
+func (s *AuthServer) TerminateAllSessions(
+	ctx context.Context,
+	req *connect.Request[authpbv1.TerminateAllSessionsRequest],
+) (*connect.Response[authpbv1.TerminateAllSessionsResponse], error) {
+	userData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	if err := s.baseServices.Auth().Manager().TerminateAllSessions(ctx, userData.User.ID, req.Msg.GetDeviceId()); err != nil {
+		return nil, newConnectError(err)
+	}
+
+	return connect.NewResponse(new(authpbv1.TerminateAllSessionsResponse)), nil
+}
+
+// Logout
+func (s *AuthServer) Logout(
+	ctx context.Context,
+	_ *connect.Request[authpbv1.LogoutRequest],
+) (*connect.Response[authpbv1.LogoutResponse], error) {
+	userData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	if err := s.baseServices.Auth().Manager().Logout(ctx, userData.AccessToken); err != nil {
+		return nil, newConnectError(err)
+	}
+
+	return connect.NewResponse(new(authpbv1.LogoutResponse)), nil
+}
+
+func convertPbToDeviceType(t authpbv1.DeviceType) auth.DeviceType {
+	switch t {
+	case authpbv1.DeviceType_DEVICE_TYPE_WEB:
+		return auth.DeviceTypeWeb
+	default:
+		return auth.DeviceTypeUnknown
+	}
+}
+
+func convertDeviceTypeToPb(t auth.DeviceType) authpbv1.DeviceType {
+	switch t {
+	case auth.DeviceTypeWeb:
+		return authpbv1.DeviceType_DEVICE_TYPE_WEB
+	default:
+		return authpbv1.DeviceType_DEVICE_TYPE_UNSPECIFIED
+	}
+}
diff --git a/internal/apiserver/connecthealth/grpchealth.go b/internal/apiserver/connecthealth/grpchealth.go
new file mode 100644
index 0000000..aabffcf
--- /dev/null
+++ b/internal/apiserver/connecthealth/grpchealth.go
@@ -0,0 +1,32 @@
+package connecthealth
+
+import (
+	"context"
+	"net/http"
+
+	"connectrpc.com/connect"
+	"connectrpc.com/grpchealth"
+)
+
+type HealthCheckService struct {
+	checker grpchealth.Checker
+}
+
+func NewHealthCheckService(serverNames []string) *HealthCheckService {
+	checker := grpchealth.NewStaticChecker(serverNames...)
+	return &HealthCheckService{
+		checker: checker,
+	}
+}
+
+func (h *HealthCheckService) Name() string {
+	return grpchealth.HealthV1ServiceName
+}
+
+func (h *HealthCheckService) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return grpchealth.NewHandler(h.checker, opts...)
+}
+
+func (h *HealthCheckService) Check(ctx context.Context, req *grpchealth.CheckRequest) (*grpchealth.CheckResponse, error) {
+	return h.checker.Check(ctx, req)
+}
diff --git a/internal/apiserver/errors.go b/internal/apiserver/errors.go
new file mode 100644
index 0000000..17eee08
--- /dev/null
+++ b/internal/apiserver/errors.go
@@ -0,0 +1,28 @@
+package apiserver
+
+import (
+	"errors"
+	"fmt"
+
+	"connectrpc.com/connect"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+var (
+	ErrNotFound          = connect.NewError(connect.CodeNotFound, fmt.Errorf("entity not found"))
+	ErrFieldMaskRequired = connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("field mask is required"))
+)
+
+func newConnectError(err error) *connect.Error {
+	if errors.Is(err, storecmn.ErrNotFound) {
+		return ErrNotFound
+	}
+	return connect.NewError(connect.CodeInternal, err)
+}
+
+func newConnectErrorWithCode(code connect.Code, err error) *connect.Error {
+	if errors.Is(err, storecmn.ErrNotFound) {
+		return ErrNotFound
+	}
+	return connect.NewError(code, err)
+}
diff --git a/internal/apiserver/helpers.go b/internal/apiserver/helpers.go
new file mode 100644
index 0000000..51618fa
--- /dev/null
+++ b/internal/apiserver/helpers.go
@@ -0,0 +1,17 @@
+package apiserver
+
+import (
+	"context"
+	"errors"
+
+	"connectrpc.com/authn"
+)
+
+func getUserDataContext(ctx context.Context) (*UserDataContext, error) {
+	u, ok := authn.GetInfo(ctx).(*UserDataContext)
+	if !ok || u == nil || u.User == nil {
+		return nil, errors.New("no user data in context")
+	}
+
+	return u, nil
+}
diff --git a/internal/apiserver/middlewares.go b/internal/apiserver/middlewares.go
new file mode 100644
index 0000000..53e3ff0
--- /dev/null
+++ b/internal/apiserver/middlewares.go
@@ -0,0 +1,104 @@
+package apiserver
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"connectrpc.com/authn"
+	"connectrpc.com/connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/auth"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/pkg/rbacconnect"
+	"github.com/sxwebdev/tokenmanager"
+)
+
+type UserDataContext struct {
+	User        *models.User
+	Project     *models.Project
+	AccessToken string
+	Claims      *tokenmanager.Data[auth.SessionData]
+}
+
+type Middlewares struct {
+	bs       *baseservices.BaseServices
+	rbacProv *rbacconnect.Provider
+}
+
+func NewMiddlewares(
+	bs *baseservices.BaseServices,
+	rbacProv *rbacconnect.Provider,
+) *Middlewares {
+	return &Middlewares{
+		bs:       bs,
+		rbacProv: rbacProv,
+	}
+}
+
+func (s *Middlewares) Auth() *authn.Middleware {
+	authFn := func(ctx context.Context, req *http.Request) (any, error) {
+		// infer method from request
+		proc, ok := authn.InferProcedure(req.URL)
+		if !ok || proc == "" {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to infer procedure"))
+		}
+		svc, pkg := rbacconnect.SplitProc(proc)
+
+		pol := s.rbacProv.Get()
+		if pol == nil {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("rbac policy is nil"))
+		}
+
+		// check if anonymous access is allowed
+		if pol.Evaluate(proc, svc, pkg, []rbacconnect.Role{UserRoleAnonymous}).Allowed {
+			// yes — skip authentication (anonymous)
+			return nil, nil
+		}
+
+		// get access token from header
+		parts := strings.SplitN(req.Header.Get("Authorization"), " ", 2)
+		if len(parts) < 2 || parts[0] != "Bearer" {
+			err := authn.Errorf("expected Bearer authentication scheme")
+			return nil, err
+		}
+
+		accessToken := parts[1]
+
+		// check access token in auth service
+		claims, err := s.bs.Auth().Manager().Authenticate(ctx, accessToken)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("invalid access token: %w", err))
+		}
+
+		if claims == nil {
+			return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("empty claims"))
+		}
+
+		// get user
+		user, err := s.bs.Users().GetByID(ctx, claims.UserID)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("get user id: %w", err))
+		}
+
+		ud := &UserDataContext{
+			User:        user,
+			AccessToken: accessToken,
+			Claims:      claims,
+		}
+
+		if pid := req.Header.Get("X-Project-ID"); pid != "" {
+			project, err := s.bs.Projects().GetByID(ctx, pid)
+			if err != nil {
+				return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("get project id: %w", err))
+			}
+			ud.Project = project
+		}
+
+		return ud, nil
+	}
+
+	return authn.NewMiddleware(authFn)
+}
diff --git a/internal/apiserver/notifications.go b/internal/apiserver/notifications.go
new file mode 100644
index 0000000..18840fb
--- /dev/null
+++ b/internal/apiserver/notifications.go
@@ -0,0 +1,335 @@
+package apiserver
+
+import (
+	"context"
+	"net/http"
+
+	"connectrpc.com/connect"
+	notificationsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/internal/services/notifications"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/tkcrm/mx/logger"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type NotificationsServer struct {
+	gCtx   context.Context
+	logger logger.Logger
+
+	bs *baseservices.BaseServices
+
+	notificationsv1connect.UnimplementedNotificationServiceHandler
+}
+
+func newNotificationsServer(
+	gCtx context.Context,
+	logger logger.Logger,
+	bs *baseservices.BaseServices,
+) *NotificationsServer {
+	return &NotificationsServer{
+		gCtx:   gCtx,
+		logger: logger,
+		bs:     bs,
+	}
+}
+
+// Name returns the name of the notifications server
+func (s *NotificationsServer) Name() string { return notificationsv1connect.NotificationServiceName }
+
+// RegisterHandler registers the notifications server handler
+func (s *NotificationsServer) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return notificationsv1connect.NewNotificationServiceHandler(s, opts...)
+}
+
+// ProvidersList lists all notification providers
+func (s *NotificationsServer) ProvidersList(
+	ctx context.Context,
+	_ *connect.Request[notificationsv1.ProvidersListRequest],
+) (*connect.Response[notificationsv1.ProvidersListResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	data, err := s.bs.Notifications().Providers().GetAll(ctx, ctxData.Project.ID)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&notificationsv1.ProvidersListResponse{
+		Items: make([]*notificationsv1.Provider, 0, len(data)),
+	})
+
+	for _, p := range data {
+		provider, err := convertNotificationProviderToProto(p)
+		if err != nil {
+			return nil, newConnectError(err)
+		}
+		res.Msg.Items = append(res.Msg.Items, provider)
+	}
+
+	return res, nil
+}
+
+// ProviderCreate creates a new notification provider
+func (s *NotificationsServer) ProviderCreate(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.ProviderCreateRequest],
+) (*connect.Response[notificationsv1.ProviderCreateResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	params := buildCreateParamsFromProto(req.Msg)
+	params.ProjectID = ctxData.Project.ID
+
+	created, err := s.bs.Notifications().Providers().Create(ctx, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	p, err := convertNotificationProviderToProto(created)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&notificationsv1.ProviderCreateResponse{Item: p})
+	return res, nil
+}
+
+// ProviderUpdate updates an existing notification provider
+func (s *NotificationsServer) ProviderUpdate(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.ProviderUpdateRequest],
+) (*connect.Response[notificationsv1.ProviderUpdateResponse], error) {
+	id := req.Msg.GetId()
+	params, err := buildUpdateParamsFromProto(req.Msg)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	updated, err := s.bs.Notifications().Providers().Update(ctx, id, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	p, err := convertNotificationProviderToProto(updated)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&notificationsv1.ProviderUpdateResponse{Item: p})
+	return res, nil
+}
+
+// ProviderDelete deletes a notification provider by ID
+func (s *NotificationsServer) ProviderDelete(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.ProviderDeleteRequest],
+) (*connect.Response[notificationsv1.ProviderDeleteResponse], error) {
+	id := req.Msg.GetId()
+	if err := s.bs.Notifications().Providers().Delete(ctx, id); err != nil {
+		return nil, newConnectError(err)
+	}
+	res := connect.NewResponse(&notificationsv1.ProviderDeleteResponse{})
+	return res, nil
+}
+
+// ProviderTest sends a test notification using the specified provider ID
+func (s *NotificationsServer) ProviderTest(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.ProviderTestRequest],
+) (*connect.Response[notificationsv1.ProviderTestResponse], error) {
+	id := req.Msg.GetId()
+	if err := s.bs.Notifications().Providers().Test(ctx, id); err != nil {
+		return nil, newConnectError(err)
+	}
+	res := connect.NewResponse(&notificationsv1.ProviderTestResponse{})
+	return res, nil
+}
+
+// HistoryList retrieves notification history with optional filters
+func (s *NotificationsServer) HistoryList(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.HistoryListRequest],
+) (*connect.Response[notificationsv1.HistoryListResponse], error) {
+	var page, pageSize *uint32
+	var orderBy string
+	if c := req.Msg.GetCommon(); c != nil {
+		if c.Page != nil {
+			page = c.Page
+		}
+		if c.PageSize != nil {
+			pageSize = c.PageSize
+		}
+		if c.OrderBy != nil {
+			orderBy = *c.OrderBy
+		}
+	}
+
+	data, err := s.bs.Notifications().History().Find(ctx, notifications.FindHistoryParams{
+		Status:   req.Msg.GetStatus(),
+		OrderBy:  orderBy,
+		Page:     page,
+		PageSize: pageSize,
+	})
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&notificationsv1.HistoryListResponse{
+		Items: make([]*notificationsv1.HistoryItem, 0, len(data.Items)),
+		Count: data.Count,
+	})
+
+	for _, h := range data.Items {
+		res.Msg.Items = append(res.Msg.Items, ptconverts.ConvertHistoryViewToProto(h))
+	}
+	return res, nil
+}
+
+func convertNotificationProviderToProto(p *models.NotificationProvider) (*notificationsv1.Provider, error) {
+	config := &notificationsv1.ProviderConfig{}
+	switch p.ProviderType {
+	case models.NotificationProviderTypeShoutrrr:
+		cfg := &models.NotificationProviderShoutrrrConfig{}
+		if err := p.Config.ConvertToAny(cfg); err != nil {
+			return nil, err
+		}
+		config.Config = &notificationsv1.ProviderConfig_Shoutrrr{
+			Shoutrrr: &notificationsv1.ShoutrrrConfig{
+				Url: cfg.URL,
+			},
+		}
+	}
+
+	return &notificationsv1.Provider{
+		Id:        p.ID,
+		Type:      convertNotificationProviderTypeToProto(p.ProviderType),
+		Config:    config,
+		IsEnabled: p.IsEnabled,
+		CreatedAt: timestamppb.New(p.CreatedAt),
+		UpdatedAt: timestamppb.New(p.UpdatedAt),
+	}, nil
+}
+
+func convertNotificationProviderTypeToProto(t models.NotificationProviderType) notificationsv1.ProviderType {
+	switch t {
+	case models.NotificationProviderTypeShoutrrr:
+		return notificationsv1.ProviderType_PROVIDER_TYPE_SHOUTRRR
+	default:
+		return notificationsv1.ProviderType_PROVIDER_TYPE_UNSPECIFIED
+	}
+}
+
+// convertNotificationProviderTypeFromProto converts proto enum to internal model type
+func convertNotificationProviderTypeFromProto(t notificationsv1.ProviderType) models.NotificationProviderType {
+	switch t {
+	case notificationsv1.ProviderType_PROVIDER_TYPE_SHOUTRRR:
+		return models.NotificationProviderTypeShoutrrr
+	default:
+		return ""
+	}
+}
+
+// buildCreateParamsFromProto builds CreateProviderParams from proto request
+func buildCreateParamsFromProto(req *notificationsv1.ProviderCreateRequest) notifications.CreateProviderParams {
+	cfg := map[string]any{}
+	if c := req.GetConfig(); c != nil {
+		switch x := c.Config.(type) {
+		case *notificationsv1.ProviderConfig_Shoutrrr:
+			if x.Shoutrrr != nil {
+				cfg["url"] = x.Shoutrrr.GetUrl()
+			}
+		}
+	}
+
+	return notifications.CreateProviderParams{
+		ProviderType: convertNotificationProviderTypeFromProto(req.GetType()),
+		Config:       cfg,
+		IsEnabled:    req.GetIsEnabled(),
+	}
+}
+
+// buildUpdateParamsFromProto builds UpdateProviderParams from proto request
+func buildUpdateParamsFromProto(req *notificationsv1.ProviderUpdateRequest) (notifications.UpdateProviderParams, error) {
+	// Convert config oneof into JSONField
+	m := map[string]any{}
+	if c := req.GetConfig(); c != nil {
+		switch x := c.Config.(type) {
+		case *notificationsv1.ProviderConfig_Shoutrrr:
+			if x.Shoutrrr != nil {
+				m["url"] = x.Shoutrrr.GetUrl()
+			}
+		}
+	}
+
+	jf := storecmn.JSONField("{}")
+	if err := jf.UnmarshalFromAny(m); err != nil {
+		return notifications.UpdateProviderParams{}, err
+	}
+
+	return notifications.UpdateProviderParams{
+		ProviderType: convertNotificationProviderTypeFromProto(req.GetType()),
+		Config:       jf,
+		IsEnabled:    req.GetIsEnabled(),
+	}, nil
+}
+
+// HistoryDeleteAll deletes all notification history items
+func (s *NotificationsServer) HistoryDeleteAll(
+	ctx context.Context,
+	_ *connect.Request[notificationsv1.HistoryDeleteAllRequest],
+) (*connect.Response[notificationsv1.HistoryDeleteAllResponse], error) {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	if err := s.bs.Notifications().History().DeleteAllByProjectID(ctx, ctxData.Project.ID); err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&notificationsv1.HistoryDeleteAllResponse{})
+	return res, nil
+}
+
+// HistorySubscribe streams real-time notification history updates to the client
+func (s *NotificationsServer) HistorySubscribe(
+	ctx context.Context,
+	req *connect.Request[notificationsv1.HistorySubscribeRequest],
+	stream *connect.ServerStream[notificationsv1.HistorySubscribeResponse],
+) error {
+	ctxData, err := getUserDataContext(ctx)
+	if err != nil {
+		return newConnectError(err)
+	}
+
+	broker := s.bs.Dispatcher().NotificationHistory()
+	sub := broker.Subscribe()
+	defer broker.Unsubscribe(sub)
+
+	for ctx.Err() == nil {
+		select {
+		case msg := <-sub:
+			if msg.ProjectID != ctxData.Project.ID {
+				continue
+			}
+
+			if err := stream.Send(&notificationsv1.HistorySubscribeResponse{}); err != nil {
+				s.logger.Errorf("failed to send notification history update: %v", err)
+			}
+		case <-ctx.Done():
+			return nil
+		case <-s.gCtx.Done():
+			return nil
+		}
+	}
+
+	return nil
+}
diff --git a/internal/apiserver/policies.go b/internal/apiserver/policies.go
new file mode 100644
index 0000000..33969eb
--- /dev/null
+++ b/internal/apiserver/policies.go
@@ -0,0 +1,61 @@
+package apiserver
+
+import (
+	"connectrpc.com/grpchealth"
+	"connectrpc.com/grpcreflect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/pkg/rbacconnect"
+)
+
+const (
+	UserRoleAnonymous rbacconnect.Role = "anon"
+	UserRoleSetup     rbacconnect.Role = "setup"
+)
+
+func UserPolicy() *rbacconnect.Policy {
+	b := rbacconnect.NewPolicyBuilder().
+		WithSuperRoles(models.UserRoleRoot).
+		WithDefaultAllow(true)
+
+	// Deny anonymous users to access setup procedures
+	b.When(rbacconnect.Any()).Deny(UserRoleAnonymous)
+
+	allowAnonServices := []string{
+		grpcreflect.ReflectV1AlphaServiceName, // reflection
+		grpcreflect.ReflectV1ServiceName,
+		grpchealth.HealthV1ServiceName, // health
+	}
+	rbacconnect.AllowServices(b, UserRoleAnonymous, allowAnonServices...)
+
+	allowAnonProcs := []string{
+		authv1connect.AuthServiceAuthorizationProcedure,
+		authv1connect.AuthServiceAuthenticateProcedure,
+		authv1connect.AuthServiceRefreshTokenProcedure,
+		systemv1connect.SystemServiceCheckIsInitializedProcedure,
+		systemv1connect.SystemServiceInitializeProcedure,
+	}
+	rbacconnect.AllowProcs(b, UserRoleAnonymous, allowAnonProcs...)
+
+	// Deny users in setup mode to access other procedures
+	b.When(rbacconnect.Any()).Deny(UserRoleSetup)
+
+	rbacconnect.AllowProcs(b, UserRoleSetup,
+		systemv1connect.SystemServiceCheckIsInitializedProcedure,
+		systemv1connect.SystemServiceInitializeProcedure,
+	)
+
+	// Deny regular users to access admin-only procedures
+	rbacconnect.DenyProcs(b, models.UserRoleUser,
+		notificationsv1connect.NotificationServiceHistoryDeleteAllProcedure,
+		notificationsv1connect.NotificationServiceProviderUpdateProcedure,
+		notificationsv1connect.NotificationServiceProviderDeleteProcedure,
+		agentsv1connect.AgentsServiceAgentsDeleteProcedure,
+		agentsv1connect.AgentsServiceAgentsUpdateProcedure,
+	)
+
+	return b.Build()
+}
diff --git a/internal/apiserver/projects.go b/internal/apiserver/projects.go
new file mode 100644
index 0000000..1866363
--- /dev/null
+++ b/internal/apiserver/projects.go
@@ -0,0 +1,142 @@
+package apiserver
+
+import (
+	"context"
+	"net/http"
+
+	"connectrpc.com/connect"
+	projectsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1/projectsv1connect"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/internal/services/projects"
+)
+
+type ProjectsServer struct {
+	bs *baseservices.BaseServices
+
+	projectsv1connect.UnimplementedProjectsServiceHandler
+}
+
+func newProjectsServer(
+	bs *baseservices.BaseServices,
+) *ProjectsServer {
+	return &ProjectsServer{
+		bs: bs,
+	}
+}
+
+// Name returns the name of the projects server
+func (s *ProjectsServer) Name() string { return projectsv1connect.ProjectsServiceName }
+
+// RegisterHandler registers the projects server handler
+func (s *ProjectsServer) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return projectsv1connect.NewProjectsServiceHandler(s, opts...)
+}
+
+// ProjectsList returns the list of projects
+func (s *ProjectsServer) ProjectsList(
+	ctx context.Context,
+	_ *connect.Request[projectsv1.ProjectsListRequest],
+) (*connect.Response[projectsv1.ProjectsListResponse], error) {
+	data, err := s.bs.Projects().GetAll(ctx)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	projects := make([]*projectsv1.Project, 0, len(data))
+	for _, project := range data {
+		projects = append(projects, ptconverts.ConvertProjectToProto(project))
+	}
+
+	res := connect.NewResponse(&projectsv1.ProjectsListResponse{
+		Items: projects,
+	})
+
+	return res, nil
+}
+
+// ProjectCreate creates a new project
+func (s *ProjectsServer) ProjectCreate(
+	ctx context.Context,
+	req *connect.Request[projectsv1.ProjectCreateRequest],
+) (*connect.Response[projectsv1.ProjectCreateResponse], error) {
+	params := projects.CreateParams{
+		Name:        req.Msg.GetName(),
+		Description: req.Msg.GetDescription(),
+		Settings:    ptconverts.ConvertProjectSettingsFromProto(req.Msg.GetSettings()),
+	}
+
+	data, err := s.bs.Projects().Create(ctx, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&projectsv1.ProjectCreateResponse{
+		Item: ptconverts.ConvertProjectToProto(data),
+	})
+
+	return res, nil
+}
+
+// ProjectGet returns a project by ID
+func (s *ProjectsServer) ProjectGet(
+	ctx context.Context,
+	req *connect.Request[projectsv1.ProjectGetRequest],
+) (*connect.Response[projectsv1.ProjectGetResponse], error) {
+	data, err := s.bs.Projects().GetByID(ctx, req.Msg.GetId())
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+	if data == nil {
+		return nil, connect.NewError(connect.CodeNotFound, nil)
+	}
+
+	res := connect.NewResponse(&projectsv1.ProjectGetResponse{
+		Item: ptconverts.ConvertProjectToProto(data),
+	})
+
+	return res, nil
+}
+
+// ProjectUpdate updates a project by ID
+func (s *ProjectsServer) ProjectUpdate(
+	ctx context.Context,
+	req *connect.Request[projectsv1.ProjectUpdateRequest],
+) (*connect.Response[projectsv1.ProjectUpdateResponse], error) {
+	params := projects.UpdateParams{
+		ID:          req.Msg.GetId(),
+		Name:        req.Msg.GetName(),
+		Description: req.Msg.GetDescription(),
+		Settings:    ptconverts.ConvertProjectSettingsFromProto(req.Msg.GetSettings()),
+	}
+
+	data, err := s.bs.Projects().Update(ctx, params)
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+	if data == nil {
+		return nil, connect.NewError(connect.CodeNotFound, nil)
+	}
+
+	res := connect.NewResponse(&projectsv1.ProjectUpdateResponse{
+		Item: ptconverts.ConvertProjectToProto(data),
+	})
+
+	return res, nil
+}
+
+// ProjectDelete deletes a project by ID
+func (s *ProjectsServer) ProjectDelete(
+	ctx context.Context,
+	req *connect.Request[projectsv1.ProjectDeleteRequest],
+) (*connect.Response[projectsv1.ProjectDeleteResponse], error) {
+	err := s.bs.Projects().Delete(ctx, req.Msg.GetId())
+	if err != nil {
+		return nil, newConnectError(err)
+	}
+
+	res := connect.NewResponse(&projectsv1.ProjectDeleteResponse{})
+
+	return res, nil
+}
diff --git a/internal/apiserver/server.go b/internal/apiserver/server.go
new file mode 100644
index 0000000..0176695
--- /dev/null
+++ b/internal/apiserver/server.go
@@ -0,0 +1,92 @@
+package apiserver
+
+import (
+	"context"
+
+	"connectrpc.com/grpchealth"
+	"github.com/sxwebdev/sentinel/internal/apiserver/connecthealth"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1/projectsv1connect"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/pkg/locker"
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/transport/connectrpc_transport"
+)
+
+type Server struct {
+	healthChecker interface {
+		grpchealth.Checker
+		connectrpc_transport.ConnectRPCService
+	}
+
+	systemServer interface {
+		systemv1connect.SystemServiceHandler
+		connectrpc_transport.ConnectRPCService
+	}
+
+	authServer interface {
+		authv1connect.AuthServiceHandler
+		connectrpc_transport.ConnectRPCService
+	}
+
+	projectsServer interface {
+		projectsv1connect.ProjectsServiceHandler
+		connectrpc_transport.ConnectRPCService
+	}
+
+	agentsServer interface {
+		agentsv1connect.AgentsServiceHandler
+		connectrpc_transport.ConnectRPCService
+	}
+
+	notificationsServer interface {
+		notificationsv1connect.NotificationServiceHandler
+		connectrpc_transport.ConnectRPCService
+	}
+}
+
+func New(
+	gCtx context.Context,
+	logger logger.Logger,
+	bs *baseservices.BaseServices,
+	systemInfo *models.SystemInfo,
+	availableUpdateData *locker.Locker[models.AvailableUpdate],
+) *Server {
+	s := &Server{
+		systemServer:        newSystemServer(bs, systemInfo, availableUpdateData),
+		authServer:          newAuthServer(bs),
+		projectsServer:      newProjectsServer(bs),
+		agentsServer:        newAgentsServer(gCtx, logger, bs),
+		notificationsServer: newNotificationsServer(gCtx, logger, bs),
+	}
+
+	s.healthChecker = connecthealth.NewHealthCheckService(s.AllServerNames())
+
+	return s
+}
+
+func (s *Server) AllServers() []connectrpc_transport.ConnectRPCService {
+	return []connectrpc_transport.ConnectRPCService{
+		s.healthChecker,
+		s.systemServer,
+		s.authServer,
+		s.projectsServer,
+		s.agentsServer,
+		s.notificationsServer,
+	}
+}
+
+func (s *Server) AllServerNames() []string {
+	res := make([]string, 0, len(s.AllServers()))
+	for _, srv := range s.AllServers() {
+		if srv == nil {
+			continue
+		}
+		res = append(res, srv.Name())
+	}
+	return res
+}
diff --git a/internal/apiserver/system.go b/internal/apiserver/system.go
new file mode 100644
index 0000000..6cef20c
--- /dev/null
+++ b/internal/apiserver/system.go
@@ -0,0 +1,114 @@
+package apiserver
+
+import (
+	"context"
+	"net/http"
+
+	"connectrpc.com/connect"
+	systemv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/pkg/locker"
+)
+
+type SystemServer struct {
+	bs *baseservices.BaseServices
+
+	systemInfo          *models.SystemInfo
+	availableUpdateData *locker.Locker[models.AvailableUpdate]
+
+	systemv1connect.UnimplementedSystemServiceHandler
+}
+
+func newSystemServer(
+	bs *baseservices.BaseServices,
+	systemInfo *models.SystemInfo,
+	availableUpdateData *locker.Locker[models.AvailableUpdate],
+) *SystemServer {
+	return &SystemServer{
+		bs:                  bs,
+		systemInfo:          systemInfo,
+		availableUpdateData: availableUpdateData,
+	}
+}
+
+// Name returns the name of the system server
+func (s *SystemServer) Name() string { return systemv1connect.SystemServiceName }
+
+// RegisterHandler registers the system server handler
+func (s *SystemServer) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return systemv1connect.NewSystemServiceHandler(s, opts...)
+}
+
+// CheckIsInitialized checks if the system is initialized
+func (s *SystemServer) CheckIsInitialized(
+	ctx context.Context,
+	_ *connect.Request[systemv1.CheckIsInitializedRequest],
+) (*connect.Response[systemv1.CheckIsInitializedResponse], error) {
+	isInitialized, err := s.bs.System().CheckIsInitialized(ctx)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, err)
+	}
+
+	res := connect.NewResponse(&systemv1.CheckIsInitializedResponse{
+		IsInitialized: isInitialized,
+	})
+
+	return res, nil
+}
+
+// Initialize initializes the system
+func (s *SystemServer) Initialize(
+	ctx context.Context,
+	req *connect.Request[systemv1.InitializeRequest],
+) (*connect.Response[systemv1.InitializeResponse], error) {
+	if req.Msg.GetEmail() == "" || req.Msg.GetPassword() == "" {
+		return nil, connect.NewError(connect.CodeInvalidArgument, nil)
+	}
+
+	err := s.bs.System().Initialize(ctx, req.Msg.GetEmail(), req.Msg.GetPassword())
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, err)
+	}
+
+	res := connect.NewResponse(&systemv1.InitializeResponse{})
+
+	return res, nil
+}
+
+// GetSystemInfo returns system information
+func (s *SystemServer) GetSystemInfo(
+	_ context.Context,
+	_ *connect.Request[systemv1.GetSystemInfoRequest],
+) (*connect.Response[systemv1.GetSystemInfoResponse], error) {
+	res := connect.NewResponse(&systemv1.GetSystemInfoResponse{
+		Info: ptconverts.ConvertSystemInfoToProto(*s.systemInfo),
+	})
+
+	return res, nil
+}
+
+// CheckForUpdates checks for available updates
+func (s *SystemServer) CheckForUpdates(
+	_ context.Context,
+	_ *connect.Request[systemv1.CheckForUpdatesRequest],
+) (*connect.Response[systemv1.CheckForUpdatesResponse], error) {
+	availableUpdate := s.availableUpdateData.Get()
+
+	res := connect.NewResponse(&systemv1.CheckForUpdatesResponse{
+		Info: &systemv1.AvailableUpdate{
+			CurrentVersion: availableUpdate.CurrentVersion,
+			IsAvailable:    availableUpdate.IsAvailable,
+			Details: &systemv1.AvailableUpdate_Details{
+				IsAvailableManual: availableUpdate.Details.IsAvailableManual,
+				TagName:           availableUpdate.Details.TagName,
+				Url:               availableUpdate.Details.URL,
+				Description:       availableUpdate.Details.Description,
+			},
+		},
+	})
+
+	return res, nil
+}
diff --git a/internal/checker/checker.go b/internal/checker/checker.go
new file mode 100644
index 0000000..26e9f02
--- /dev/null
+++ b/internal/checker/checker.go
@@ -0,0 +1,396 @@
+package checker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/puzpuzpuz/xsync/v3"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/monitors"
+	"github.com/sxwebdev/sentinel/internal/receiver"
+	"github.com/tkcrm/mx/logger"
+)
+
+type Checker struct {
+	logger logger.Logger
+
+	isHub     bool
+	isStopped bool
+
+	receiver *receiver.Receiver
+
+	// Job management, key is service ID
+	jobs *xsync.MapOf[string, *job]
+	wg   sync.WaitGroup
+
+	onSuccessFn func(ctx context.Context, serviceID string, responseTime time.Duration) error
+	onFailureFn func(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error
+}
+
+func New(
+	l logger.Logger,
+	receiver *receiver.Receiver,
+	onSuccessFn func(ctx context.Context, serviceID string, responseTime time.Duration) error,
+	onFailureFn func(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error,
+) *Checker {
+	return &Checker{
+		logger:      l,
+		receiver:    receiver,
+		jobs:        xsync.NewMapOf[string, *job](),
+		onSuccessFn: onSuccessFn,
+		onFailureFn: onFailureFn,
+	}
+}
+
+// Name returns the name of the service
+func (c *Checker) Name() string {
+	return "checker"
+}
+
+// Start begins monitoring all configured services
+func (s *Checker) Start(ctx context.Context) error {
+	errChan := make(chan error, 1)
+	go func() {
+		errChan <- s.subscribeEvents(ctx)
+	}()
+
+	select {
+	case err := <-errChan:
+		return err
+	case <-ctx.Done():
+	}
+
+	return nil
+}
+
+func (s *Checker) Stop(ctx context.Context) error {
+	s.isStopped = true
+
+	s.stopAll()
+	s.wg.Wait()
+	return nil
+}
+
+// SetIsHub sets whether the checker is running in hub mode
+func (s *Checker) SetIsHub(isHub bool) {
+	s.isHub = isHub
+}
+
+// stopAll stops monitoring for all services
+func (s *Checker) stopAll() {
+	s.jobs.Range(func(key string, value *job) bool {
+		// Cancel any ongoing checks
+		if value.checkCancel != nil {
+			value.checkCancel()
+		}
+
+		select {
+		case <-value.stopChan:
+			// Channel already closed
+		default:
+			close(value.stopChan)
+		}
+		if value.ticker != nil {
+			value.ticker.Stop()
+		}
+		return true
+	})
+}
+
+type AddServiceParams struct {
+	ID        string
+	Name      string
+	Protocol  models.ServiceProtocolType
+	IsEnabled bool
+	Interval  time.Duration
+	Timeout   time.Duration
+	Retries   int64
+	Config    map[string]any
+	FromHub   bool
+}
+
+// AddService adds a service to be monitored
+func (s *Checker) AddService(ctx context.Context, svc AddServiceParams) {
+	if s.isStopped {
+		s.logger.Warnf("Checker is stopped, cannot add service: %s (ID: %s)", svc.Name, svc.ID)
+		return
+	}
+
+	// Only add enabled services to monitoring
+	if !svc.IsEnabled {
+		s.logger.Warnf("Skipping disabled service: %s (ID: %s)", svc.Name, svc.ID)
+		return
+	}
+
+	if s.isHub && !svc.FromHub {
+		s.logger.Warnf("Skipping non-hub service in hub mode: %s (ID: %s)", svc.Name, svc.ID)
+		return
+	}
+
+	// Create new service job with minimal info
+	checkCtx, checkCancel := context.WithCancel(ctx)
+	job := &job{
+		serviceID:       svc.ID,
+		serviceName:     svc.Name,
+		serviceProtocol: svc.Protocol,
+		interval:        svc.Interval,
+		timeout:         svc.Timeout,
+		retries:         svc.Retries,
+		serviceConfig:   svc.Config,
+		stopChan:        make(chan struct{}),
+		checkCtx:        checkCtx,
+		checkCancel:     checkCancel,
+	}
+
+	s.addJob(ctx, job)
+}
+
+// DeleteService removes a service from monitoring
+func (s *Checker) DeleteService(serviceID string) {
+	s.removeJob(serviceID)
+}
+
+// CheckService manually triggers a check for a specific service
+func (s *Checker) CheckService(serviceID string) error {
+	job, exists := s.jobs.Load(serviceID)
+	if !exists {
+		return ErrServiceNotFound
+	}
+
+	return s.performCheck(job)
+}
+
+// addJob adds a new job to the scheduler
+func (s *Checker) addJob(ctx context.Context, job *job) {
+	// Check if job already exists
+	if existingJob, exists := s.jobs.Load(job.serviceID); exists {
+		// Cancel any ongoing checks for the existing job
+		if existingJob.checkCancel != nil {
+			existingJob.checkCancel()
+		}
+
+		// Stop existing job gracefully
+		select {
+		case <-existingJob.stopChan:
+			// Channel already closed
+		default:
+			close(existingJob.stopChan)
+		}
+		if existingJob.ticker != nil {
+			existingJob.ticker.Stop()
+		}
+	}
+
+	// Store the new job
+	s.jobs.Store(job.serviceID, job)
+
+	// Start monitoring in a new goroutine
+	s.wg.Go(func() {
+		s.monitorService(ctx, job)
+	})
+}
+
+// removeJob removes a service dynamically (for runtime removals)
+func (s *Checker) removeJob(serviceID string) {
+	job, exists := s.jobs.Load(serviceID)
+	if !exists {
+		return
+	}
+
+	// Cancel any ongoing checks for this job
+	if job.checkCancel != nil {
+		job.checkCancel()
+	}
+
+	// Stop the monitoring gracefully
+	select {
+	case <-job.stopChan:
+		// Channel already closed
+	default:
+		close(job.stopChan)
+	}
+	if job.ticker != nil {
+		job.ticker.Stop()
+	}
+
+	// Remove from services map
+	s.jobs.Delete(serviceID)
+}
+
+// monitorService runs the monitoring loop for a single service
+func (s *Checker) monitorService(ctx context.Context, job *job) {
+	// Create ticker for regular checks
+	job.ticker = time.NewTicker(job.interval)
+	defer job.ticker.Stop()
+
+	// Perform initial check
+	if err := s.performCheck(job); err != nil {
+		s.logger.Errorf("Error performing initial check for service %s: %v", job.serviceName, err)
+		return
+	}
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-job.stopChan:
+			return
+		case <-job.ticker.C:
+			if err := s.performCheck(job); err != nil && !errors.Is(err, context.Canceled) {
+				s.logger.Errorf("error performing check for service %s: %v", job.serviceName, err)
+				continue
+			}
+		}
+	}
+}
+
+func (s *Checker) subscribeEvents(ctx context.Context) error {
+	if s.receiver == nil {
+		return nil
+	}
+
+	broker := s.receiver.TriggerService()
+	sub := broker.Subscribe()
+	defer broker.Unsubscribe(sub)
+
+	for ctx.Err() == nil {
+		select {
+		case item := <-sub:
+			switch item.EventType {
+			case receiver.TriggerServiceEventTypeCheck:
+				if err := s.CheckService(item.Svc.ID); err != nil {
+					s.logger.Errorf("check service error: %v", err)
+				}
+			case receiver.TriggerServiceEventTypeCreated:
+				s.AddService(ctx, AddServiceParams{
+					ID:        item.Svc.ID,
+					Name:      item.Svc.Name,
+					Protocol:  item.Svc.Protocol,
+					IsEnabled: item.Svc.IsEnabled,
+					Interval:  time.Duration(item.Svc.Interval) * time.Millisecond,
+					Timeout:   time.Duration(item.Svc.Timeout) * time.Millisecond,
+					Retries:   item.Svc.Retries,
+					Config:    item.Svc.Config,
+					FromHub:   true,
+				})
+			case receiver.TriggerServiceEventTypeUpdated:
+				// Check if service was disabled
+				if !item.Svc.IsEnabled {
+					s.removeJob(item.Svc.ID)
+				} else {
+					// Update or add to monitoring if service is enabled
+					s.AddService(ctx, AddServiceParams{
+						ID:        item.Svc.ID,
+						Name:      item.Svc.Name,
+						Protocol:  item.Svc.Protocol,
+						IsEnabled: item.Svc.IsEnabled,
+						Interval:  time.Duration(item.Svc.Interval) * time.Millisecond,
+						Timeout:   time.Duration(item.Svc.Timeout) * time.Millisecond,
+						Retries:   item.Svc.Retries,
+						Config:    item.Svc.Config,
+						FromHub:   true,
+					})
+				}
+			case receiver.TriggerServiceEventTypeDeleted:
+				s.removeJob(item.Svc.ID)
+			}
+
+		case <-ctx.Done():
+			return nil
+		}
+	}
+
+	return nil
+}
+
+// performCheck executes a health check for a service
+func (s *Checker) performCheck(job *job) error {
+	if !job.inProgress.CompareAndSwap(false, true) {
+		// Another check is already in progress
+		return nil
+	}
+	defer job.inProgress.Store(false)
+
+	// Check if job context is cancelled (handles job updates/deletions)
+	if job.checkCtx.Err() != nil {
+		return job.checkCtx.Err()
+	}
+
+	// Create monitor for this check
+	monitor, err := monitors.NewMonitor(monitors.MonitorParams{
+		ServiceName: job.serviceName,
+		Protocol:    job.serviceProtocol,
+		Timeout:     job.timeout,
+		Config:      job.serviceConfig,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to create monitor for %s: %w", job.serviceName, err)
+	}
+
+	// Ensure monitor resources are cleaned up
+	defer func() {
+		if closer, ok := monitor.(io.Closer); ok {
+			if err := closer.Close(); err != nil {
+				s.logger.Errorf("Error closing monitor for %s: %v", job.serviceName, err)
+			}
+		}
+	}()
+
+	// Perform the check with retries
+	var lastErr error
+	var lastAttemptResponseTime time.Duration
+
+	for attempt := int64(1); attempt <= job.retries; attempt++ {
+		// Create context with timeout for this specific check
+		attemptCtx, cancel := context.WithTimeout(job.checkCtx, job.timeout)
+
+		// Measure time for this specific attempt
+		attemptStartTime := time.Now()
+		err := monitor.Check(attemptCtx)
+		attemptResponseTime := time.Since(attemptStartTime)
+		lastAttemptResponseTime = attemptResponseTime
+
+		// Cancel context immediately after use to avoid memory leak
+		cancel()
+
+		if err == nil {
+			if attempt == 1 {
+				s.logger.Debugf("service %s check successful in %v", job.serviceName, attemptResponseTime)
+			} else {
+				s.logger.Debugf("service %s check successful (attempt %d/%d) in %v", job.serviceName, attempt, job.retries, attemptResponseTime)
+			}
+
+			if err := s.onSuccessFn(job.checkCtx, job.serviceID, attemptResponseTime); err != nil {
+				return err
+			}
+
+			return nil
+		}
+
+		lastErr = err
+
+		// If not the last attempt, wait a bit before retrying
+		if attempt < job.retries {
+			// Check if job context is cancelled before retrying
+			select {
+			case <-job.checkCtx.Done():
+				// Job context cancelled, stop retrying
+				return job.checkCtx.Err()
+			case <-time.After(time.Millisecond * 500 * time.Duration(attempt)):
+				// Exponential backoff - continue to next attempt
+			}
+		}
+
+		s.logger.Debugf("service %s check failed (attempt %d/%d): %s", job.serviceName, attempt, job.retries, err)
+	}
+
+	if err := s.onFailureFn(job.checkCtx, job.serviceID, lastErr, lastAttemptResponseTime); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/checker/errors.go b/internal/checker/errors.go
new file mode 100644
index 0000000..39f18ac
--- /dev/null
+++ b/internal/checker/errors.go
@@ -0,0 +1,6 @@
+package checker
+
+import "errors"
+
+// ErrServiceNotFound is returned when a service is not found
+var ErrServiceNotFound = errors.New("service not found")
diff --git a/internal/checker/job.go b/internal/checker/job.go
new file mode 100644
index 0000000..db07136
--- /dev/null
+++ b/internal/checker/job.go
@@ -0,0 +1,26 @@
+package checker
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+// job represents a scheduled monitoring job for a service
+type job struct {
+	serviceID       string
+	serviceName     string
+	serviceConfig   map[string]any
+	serviceProtocol models.ServiceProtocolType
+	interval        time.Duration
+	timeout         time.Duration
+	retries         int64
+	ticker          *time.Ticker
+	stopChan        chan struct{}
+	inProgress      atomic.Bool
+	// Context and cancel function for canceling ongoing checks
+	checkCtx    context.Context
+	checkCancel context.CancelFunc
+}
diff --git a/internal/config/agent.go b/internal/config/agent.go
new file mode 100644
index 0000000..a69fc63
--- /dev/null
+++ b/internal/config/agent.go
@@ -0,0 +1,22 @@
+package config
+
+import (
+	"path/filepath"
+
+	"github.com/tkcrm/mx/clients/connectrpc_client"
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/ops"
+)
+
+type ConfigAgent struct {
+	Log       logger.Config
+	Ops       ops.Config
+	HubServer connectrpc_client.Config `yaml:"hub_server"`
+	DataDir   string                   `yaml:"data_dir" validate:"required" default:"./data"`
+	Token     string                   `yaml:"token" validate:"required"`
+}
+
+// AgentDataDir returns the data directory for the agent
+func (c *ConfigAgent) AgentDataDir() string {
+	return filepath.Join(c.DataDir, "agent")
+}
diff --git a/internal/config/config.go b/internal/config/config.go
deleted file mode 100644
index 7b1e332..0000000
--- a/internal/config/config.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package config
-
-import (
-	"time"
-
-	"github.com/tkcrm/mx/logger"
-	"github.com/tkcrm/mx/ops"
-)
-
-// Config represents the main configuration structure
-type Config struct {
-	Log           logger.Config
-	Ops           ops.Config
-	Server        ServerConfig        `yaml:"server"`
-	Monitoring    MonitoringConfig    `yaml:"monitoring"`
-	Database      DatabaseConfig      `yaml:"database"`
-	Notifications NotificationsConfig `yaml:"notifications"`
-	Timezone      string              `yaml:"timezone"`
-	Upgrader      Upgrader            `yaml:"upgrader"`
-}
-
-// ServerConfig holds web server configuration
-type ServerConfig struct {
-	Port     int            `yaml:"port"`
-	Host     string         `yaml:"host"`
-	BaseHost string         `yaml:"base_host"`
-	Frontend FrontendConfig `yaml:"frontend"`
-	Auth     AuthConfig     `yaml:"auth"`
-}
-
-// AuthConfig holds authentication settings
-type AuthConfig struct {
-	Enabled bool       `yaml:"enabled"`
-	Users   []UserAuth `yaml:"users"`
-}
-
-// UserAuth represents a user with basic auth credentials
-type UserAuth struct {
-	Username string `yaml:"username"`
-	Password string `yaml:"password"`
-}
-
-// FrontendConfig holds frontend-specific configuration
-type FrontendConfig struct {
-	BaseURL   string `yaml:"base_url"`
-	SocketURL string `yaml:"socket_url"`
-}
-
-// MonitoringConfig holds global monitoring settings
-type MonitoringConfig struct {
-	Global GlobalConfig `yaml:"global"`
-}
-
-// GlobalConfig holds default monitoring parameters
-type GlobalConfig struct {
-	DefaultInterval time.Duration `yaml:"default_interval"`
-	DefaultTimeout  time.Duration `yaml:"default_timeout"`
-	DefaultRetries  int           `yaml:"default_retries"`
-}
-
-// DatabaseConfig holds database settings
-type DatabaseConfig struct {
-	Path string `yaml:"path"`
-}
-
-// NotificationsConfig holds notification settings for multiple providers
-type NotificationsConfig struct {
-	Enabled bool     `yaml:"enabled"`
-	URLs    []string `yaml:"urls"`
-}
-
-type Upgrader struct {
-	IsEnabled bool   `yaml:"is_enabled"`
-	Command   string `yaml:"command"`
-}
diff --git a/internal/config/hub.go b/internal/config/hub.go
new file mode 100644
index 0000000..c7bb785
--- /dev/null
+++ b/internal/config/hub.go
@@ -0,0 +1,59 @@
+package config
+
+import (
+	"fmt"
+	"path/filepath"
+	"time"
+
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/ops"
+)
+
+// ConfigHub represents the main configuration structure
+type ConfigHub struct {
+	Log        logger.Config
+	Ops        ops.Config
+	DataDir    string       `yaml:"data_dir" validate:"required" default:"./data"`
+	Server     ServerConfig `yaml:"server"`
+	Timezone   string       `yaml:"timezone" default:"UTC"`
+	Updater    Updater      `yaml:"updater"`
+	KvDbEngine string       `yaml:"kv_db_engine" default:"inmemory" example:"inmemory, badgerdb" validate:"oneof=inmemory badgerdb"`
+}
+
+// HubDataDir returns the data directory for the hub
+func (c *ConfigHub) HubDataDir() string {
+	return filepath.Join(c.DataDir, "hub")
+}
+
+// ServerConfig holds web server configuration
+type ServerConfig struct {
+	Addr string     `yaml:"addr" default:":8080"`
+	Auth AuthConfig `yaml:"auth"`
+}
+
+// AuthConfig holds authentication settings
+type AuthConfig struct {
+	AccessTokenSecretKey  string `json:"access_token_secret_key"`
+	RefreshTokenSecretKey string `json:"refresh_token_secret_key"`
+}
+
+// UserAuth represents a user with basic auth credentials
+type UserAuth struct {
+	Username string `yaml:"username"`
+	Password string `yaml:"password"`
+}
+
+type Updater struct {
+	IsEnabled bool   `yaml:"is_enabled"`
+	Command   string `yaml:"command"`
+}
+
+// Validate checks if configuration is valid
+func (c *ConfigHub) Validate() error {
+	// Validate timezone
+	if _, err := time.LoadLocation(c.Timezone); err != nil {
+		return fmt.Errorf("invalid timezone: %w", err)
+	}
+
+	return nil
+}
diff --git a/internal/config/load.go b/internal/config/load.go
index 812cef9..74b56ed 100644
--- a/internal/config/load.go
+++ b/internal/config/load.go
@@ -2,136 +2,41 @@ package config
 
 import (
 	"fmt"
-	"os"
-	"regexp"
-	"time"
 
-	"github.com/goccy/go-yaml"
+	"github.com/go-playground/validator/v10"
+	"github.com/sxwebdev/xconfig"
+	"github.com/sxwebdev/xconfig/decoders/xconfigyaml"
+	"github.com/sxwebdev/xconfig/plugins/loader"
+	"github.com/sxwebdev/xconfig/plugins/validate"
 )
 
 // Load reads and parses the configuration file
-func Load(path string) (*Config, error) {
-	// Check if file exists
-	if _, err := os.Stat(path); os.IsNotExist(err) {
-		var cfg Config
-		if err := cfg.setDefaults(); err != nil {
-			return nil, fmt.Errorf("failed to set defaults: %w", err)
-		}
-		return &cfg, nil
-	}
-
-	data, err := os.ReadFile(path)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read config file: %w", err)
-	}
-
-	// Expand environment variables
-	expanded := expandEnvVars(string(data))
-
-	var cfg Config
-	if err := yaml.Unmarshal([]byte(expanded), &cfg); err != nil {
-		return nil, fmt.Errorf("failed to parse config file: %w", err)
-	}
-
-	// Apply defaults and validate
-	if err := cfg.setDefaults(); err != nil {
-		return nil, fmt.Errorf("failed to set defaults: %w", err)
-	}
-
-	if err := cfg.validate(); err != nil {
-		return nil, fmt.Errorf("config validation failed: %w", err)
-	}
-
-	return &cfg, nil
-}
-
-// expandEnvVars replaces ${VAR} with environment variable values
-func expandEnvVars(s string) string {
-	re := regexp.MustCompile(`\$\{([^}]+)\}`)
-	return re.ReplaceAllStringFunc(s, func(match string) string {
-		varName := match[2 : len(match)-1] // Remove ${ and }
-		if value := os.Getenv(varName); value != "" {
-			return value
-		}
-		return match // Return original if env var not found
+func Load(conf any, envPrefix string, configPaths []string) error {
+	loader, err := loader.NewLoader(map[string]loader.Unmarshal{
+		"yaml": xconfigyaml.New().Unmarshal,
 	})
-}
-
-// setDefaults applies default values to configuration
-func (c *Config) setDefaults() error {
-	// Server defaults
-	if c.Server.Host == "" {
-		c.Server.Host = "0.0.0.0"
-	}
-	if c.Server.Port == 0 {
-		c.Server.Port = 8080
-	}
-	if c.Server.BaseHost == "" {
-		c.Server.BaseHost = "localhost:8080"
-	}
-
-	// Frontend defaults
-	if c.Server.Frontend.BaseURL == "" {
-		// Auto-detect protocol based on BaseHost or use HTTP as default
-		protocol := "http"
-		if c.Server.BaseHost != "localhost:8080" && c.Server.BaseHost != "127.0.0.1:8080" {
-			// For production domains, assume HTTPS
-			protocol = "https"
-		}
-		c.Server.Frontend.BaseURL = fmt.Sprintf("%s://%s/api/v1", protocol, c.Server.BaseHost)
-	}
-	if c.Server.Frontend.SocketURL == "" {
-		// Auto-detect protocol based on BaseHost or use WS as default
-		protocol := "ws"
-		if c.Server.BaseHost != "localhost:8080" && c.Server.BaseHost != "127.0.0.1:8080" {
-			// For production domains, assume WSS
-			protocol = "wss"
-		}
-		c.Server.Frontend.SocketURL = fmt.Sprintf("%s://%s/ws", protocol, c.Server.BaseHost)
-	}
-
-	// Monitoring defaults
-	if c.Monitoring.Global.DefaultInterval == 0 {
-		c.Monitoring.Global.DefaultInterval = time.Minute
-	}
-	if c.Monitoring.Global.DefaultTimeout == 0 {
-		c.Monitoring.Global.DefaultTimeout = 10 * time.Second
-	}
-	if c.Monitoring.Global.DefaultRetries == 0 {
-		c.Monitoring.Global.DefaultRetries = 5
-	}
-
-	// Database defaults
-	if c.Database.Path == "" {
-		c.Database.Path = "./data/db.sqlite"
-	}
-
-	// Timezone defaults
-	if c.Timezone == "" {
-		c.Timezone = "UTC"
+	if err != nil {
+		return fmt.Errorf("failed to create config loader: %w", err)
 	}
 
-	return nil
-}
-
-// validate checks if configuration is valid
-func (c *Config) validate() error {
-	// Validate notifications config if enabled
-	if c.Notifications.Enabled {
-		if len(c.Notifications.URLs) == 0 {
-			return fmt.Errorf("notification URLs are required when notifications are enabled")
-		}
-
-		for i, url := range c.Notifications.URLs {
-			if url == "" {
-				return fmt.Errorf("notification URL at index %d cannot be empty", i)
-			}
+	for _, path := range configPaths {
+		if err := loader.AddFile(path, false); err != nil {
+			return fmt.Errorf("failed to add config file %q: %w", path, err)
 		}
 	}
 
-	// Validate timezone
-	if _, err := time.LoadLocation(c.Timezone); err != nil {
-		return fmt.Errorf("invalid timezone: %w", err)
+	_, err = xconfig.Load(conf,
+		xconfig.WithEnvPrefix(envPrefix),
+		xconfig.WithLoader(loader),
+		xconfig.WithDisallowUnknownFields(),
+		xconfig.WithPlugins(
+			validate.New(func(a any) error {
+				return validator.New().Struct(a)
+			}),
+		),
+	)
+	if err != nil {
+		return err
 	}
 
 	return nil
diff --git a/internal/datamigrations/migrations.go b/internal/datamigrations/migrations.go
new file mode 100644
index 0000000..c541ecb
--- /dev/null
+++ b/internal/datamigrations/migrations.go
@@ -0,0 +1,5 @@
+package datamigrations
+
+import "github.com/sxwebdev/sentinel/pkg/migrator"
+
+var Migrations = migrator.DataMigrations{}
diff --git a/internal/dispatcher/base_message.go b/internal/dispatcher/base_message.go
new file mode 100644
index 0000000..1da5291
--- /dev/null
+++ b/internal/dispatcher/base_message.go
@@ -0,0 +1,18 @@
+package dispatcher
+
+type EventType string
+
+const (
+	EventTypeCreate EventType = "create"
+	EventTypeUpdate EventType = "update"
+	EventTypeDelete EventType = "delete"
+)
+
+type BaseMessage struct {
+	ProjectID string
+	EventType EventType
+}
+
+func NewBaseMessage(eventType EventType, projectID string) BaseMessage {
+	return BaseMessage{ProjectID: projectID, EventType: eventType}
+}
diff --git a/internal/dispatcher/dispatcher.go b/internal/dispatcher/dispatcher.go
new file mode 100644
index 0000000..47db093
--- /dev/null
+++ b/internal/dispatcher/dispatcher.go
@@ -0,0 +1,48 @@
+package dispatcher
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/pkg/broker"
+)
+
+type Dispatcher struct {
+	agents                *broker.Broker[BaseMessage]
+	notificationProviders *broker.Broker[BaseMessage]
+	notificationHistory   *broker.Broker[BaseMessage]
+}
+
+func New() *Dispatcher {
+	return &Dispatcher{
+		agents:                broker.NewBroker[BaseMessage](),
+		notificationProviders: broker.NewBroker[BaseMessage](),
+		notificationHistory:   broker.NewBroker[BaseMessage](),
+	}
+}
+
+func (s *Dispatcher) Name() string { return "dispatcher" }
+
+func (s *Dispatcher) Start(_ context.Context) error {
+	go s.agents.Start()
+	go s.notificationProviders.Start()
+	go s.notificationHistory.Start()
+	return nil
+}
+
+func (s *Dispatcher) Stop(_ context.Context) error {
+	s.agents.Stop()
+	s.notificationProviders.Stop()
+	s.notificationHistory.Stop()
+	return nil
+}
+
+// Agents returns the agents broker
+func (s *Dispatcher) Agents() *broker.Broker[BaseMessage] { return s.agents }
+
+// NotificationProviders returns the notification providers broker
+func (s *Dispatcher) NotificationProviders() *broker.Broker[BaseMessage] {
+	return s.notificationProviders
+}
+
+// NotificationHistory returns the notification history broker
+func (s *Dispatcher) NotificationHistory() *broker.Broker[BaseMessage] { return s.notificationHistory }
diff --git a/internal/hub/hubserver/api/sentinel/agents/v1/agents.pb.go b/internal/hub/hubserver/api/sentinel/agents/v1/agents.pb.go
new file mode 100644
index 0000000..0542bef
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/agents/v1/agents.pb.go
@@ -0,0 +1,1189 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/agents/v1/agents.proto
+
+package agentsv1
+
+import (
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type AgentStatus int32
+
+const (
+	AgentStatus_AGENT_STATUS_UNSPECIFIED AgentStatus = 0
+	AgentStatus_AGENT_STATUS_ACTIVE      AgentStatus = 1
+	AgentStatus_AGENT_STATUS_INACTIVE    AgentStatus = 2
+)
+
+// Enum value maps for AgentStatus.
+var (
+	AgentStatus_name = map[int32]string{
+		0: "AGENT_STATUS_UNSPECIFIED",
+		1: "AGENT_STATUS_ACTIVE",
+		2: "AGENT_STATUS_INACTIVE",
+	}
+	AgentStatus_value = map[string]int32{
+		"AGENT_STATUS_UNSPECIFIED": 0,
+		"AGENT_STATUS_ACTIVE":      1,
+		"AGENT_STATUS_INACTIVE":    2,
+	}
+)
+
+func (x AgentStatus) Enum() *AgentStatus {
+	p := new(AgentStatus)
+	*p = x
+	return p
+}
+
+func (x AgentStatus) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AgentStatus) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_agents_v1_agents_proto_enumTypes[0].Descriptor()
+}
+
+func (AgentStatus) Type() protoreflect.EnumType {
+	return &file_sentinel_agents_v1_agents_proto_enumTypes[0]
+}
+
+func (x AgentStatus) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AgentStatus.Descriptor instead.
+func (AgentStatus) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{0}
+}
+
+type AgentKind int32
+
+const (
+	AgentKind_AGENT_KIND_UNSPECIFIED AgentKind = 0
+	AgentKind_AGENT_KIND_HUB         AgentKind = 1
+	AgentKind_AGENT_KIND_EXTERNAL    AgentKind = 2
+)
+
+// Enum value maps for AgentKind.
+var (
+	AgentKind_name = map[int32]string{
+		0: "AGENT_KIND_UNSPECIFIED",
+		1: "AGENT_KIND_HUB",
+		2: "AGENT_KIND_EXTERNAL",
+	}
+	AgentKind_value = map[string]int32{
+		"AGENT_KIND_UNSPECIFIED": 0,
+		"AGENT_KIND_HUB":         1,
+		"AGENT_KIND_EXTERNAL":    2,
+	}
+)
+
+func (x AgentKind) Enum() *AgentKind {
+	p := new(AgentKind)
+	*p = x
+	return p
+}
+
+func (x AgentKind) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (AgentKind) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_agents_v1_agents_proto_enumTypes[1].Descriptor()
+}
+
+func (AgentKind) Type() protoreflect.EnumType {
+	return &file_sentinel_agents_v1_agents_proto_enumTypes[1]
+}
+
+func (x AgentKind) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use AgentKind.Descriptor instead.
+func (AgentKind) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{1}
+}
+
+type AgentConfig struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentConfig) Reset() {
+	*x = AgentConfig{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentConfig) ProtoMessage() {}
+
+func (x *AgentConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentConfig.ProtoReflect.Descriptor instead.
+func (*AgentConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{0}
+}
+
+type Agent struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	TokenHint     string                 `protobuf:"bytes,4,opt,name=token_hint,json=tokenHint,proto3" json:"token_hint,omitempty"`
+	Fingerprint   *string                `protobuf:"bytes,5,opt,name=fingerprint,proto3,oneof" json:"fingerprint,omitempty"`
+	Kind          AgentKind              `protobuf:"varint,6,opt,name=kind,proto3,enum=sentinel.agents.v1.AgentKind" json:"kind,omitempty"`
+	Status        AgentStatus            `protobuf:"varint,7,opt,name=status,proto3,enum=sentinel.agents.v1.AgentStatus" json:"status,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,8,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	Location      *string                `protobuf:"bytes,9,opt,name=location,proto3,oneof" json:"location,omitempty"`
+	Tags          []string               `protobuf:"bytes,10,rep,name=tags,proto3" json:"tags,omitempty"`
+	Config        *AgentConfig           `protobuf:"bytes,11,opt,name=config,proto3" json:"config,omitempty"`
+	SystemInfo    *v1.SystemInfo         `protobuf:"bytes,12,opt,name=system_info,json=systemInfo,proto3" json:"system_info,omitempty"`
+	LastSeenAt    *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=last_seen_at,json=lastSeenAt,proto3" json:"last_seen_at,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Agent) Reset() {
+	*x = Agent{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Agent) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Agent) ProtoMessage() {}
+
+func (x *Agent) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Agent.ProtoReflect.Descriptor instead.
+func (*Agent) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Agent) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Agent) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Agent) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Agent) GetTokenHint() string {
+	if x != nil {
+		return x.TokenHint
+	}
+	return ""
+}
+
+func (x *Agent) GetFingerprint() string {
+	if x != nil && x.Fingerprint != nil {
+		return *x.Fingerprint
+	}
+	return ""
+}
+
+func (x *Agent) GetKind() AgentKind {
+	if x != nil {
+		return x.Kind
+	}
+	return AgentKind_AGENT_KIND_UNSPECIFIED
+}
+
+func (x *Agent) GetStatus() AgentStatus {
+	if x != nil {
+		return x.Status
+	}
+	return AgentStatus_AGENT_STATUS_UNSPECIFIED
+}
+
+func (x *Agent) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *Agent) GetLocation() string {
+	if x != nil && x.Location != nil {
+		return *x.Location
+	}
+	return ""
+}
+
+func (x *Agent) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *Agent) GetConfig() *AgentConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *Agent) GetSystemInfo() *v1.SystemInfo {
+	if x != nil {
+		return x.SystemInfo
+	}
+	return nil
+}
+
+func (x *Agent) GetLastSeenAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.LastSeenAt
+	}
+	return nil
+}
+
+func (x *Agent) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *Agent) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+// AgentsList agents lists all agents.
+type AgentsListRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsListRequest) Reset() {
+	*x = AgentsListRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsListRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsListRequest) ProtoMessage() {}
+
+func (x *AgentsListRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsListRequest.ProtoReflect.Descriptor instead.
+func (*AgentsListRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{2}
+}
+
+type AgentsListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Items         []*Agent               `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"`
+	Count         uint32                 `protobuf:"varint,2,opt,name=count,proto3" json:"count,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsListResponse) Reset() {
+	*x = AgentsListResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsListResponse) ProtoMessage() {}
+
+func (x *AgentsListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsListResponse.ProtoReflect.Descriptor instead.
+func (*AgentsListResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *AgentsListResponse) GetItems() []*Agent {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *AgentsListResponse) GetCount() uint32 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
+// AgentsGet agent gets an agent by ID.
+type AgentsGetRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsGetRequest) Reset() {
+	*x = AgentsGetRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsGetRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsGetRequest) ProtoMessage() {}
+
+func (x *AgentsGetRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsGetRequest.ProtoReflect.Descriptor instead.
+func (*AgentsGetRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *AgentsGetRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type AgentsGetResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Agent                 `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsGetResponse) Reset() {
+	*x = AgentsGetResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsGetResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsGetResponse) ProtoMessage() {}
+
+func (x *AgentsGetResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsGetResponse.ProtoReflect.Descriptor instead.
+func (*AgentsGetResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *AgentsGetResponse) GetItem() *Agent {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// AgentsCreate agent creates a new agent.
+type AgentsCreateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Name          string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,3,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	Tags          []string               `protobuf:"bytes,4,rep,name=tags,proto3" json:"tags,omitempty"`
+	Config        *AgentConfig           `protobuf:"bytes,5,opt,name=config,proto3" json:"config,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsCreateRequest) Reset() {
+	*x = AgentsCreateRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsCreateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsCreateRequest) ProtoMessage() {}
+
+func (x *AgentsCreateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsCreateRequest.ProtoReflect.Descriptor instead.
+func (*AgentsCreateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *AgentsCreateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *AgentsCreateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *AgentsCreateRequest) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *AgentsCreateRequest) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *AgentsCreateRequest) GetConfig() *AgentConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+type AgentsCreateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Token         string                 `protobuf:"bytes,4,opt,name=token,proto3" json:"token,omitempty"`
+	TokenHint     string                 `protobuf:"bytes,5,opt,name=token_hint,json=tokenHint,proto3" json:"token_hint,omitempty"`
+	Status        AgentStatus            `protobuf:"varint,6,opt,name=status,proto3,enum=sentinel.agents.v1.AgentStatus" json:"status,omitempty"`
+	Kind          AgentKind              `protobuf:"varint,7,opt,name=kind,proto3,enum=sentinel.agents.v1.AgentKind" json:"kind,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,8,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	Location      *string                `protobuf:"bytes,9,opt,name=location,proto3,oneof" json:"location,omitempty"`
+	Tags          []string               `protobuf:"bytes,10,rep,name=tags,proto3" json:"tags,omitempty"`
+	Config        *AgentConfig           `protobuf:"bytes,11,opt,name=config,proto3" json:"config,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsCreateResponse) Reset() {
+	*x = AgentsCreateResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsCreateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsCreateResponse) ProtoMessage() {}
+
+func (x *AgentsCreateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsCreateResponse.ProtoReflect.Descriptor instead.
+func (*AgentsCreateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *AgentsCreateResponse) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetToken() string {
+	if x != nil {
+		return x.Token
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetTokenHint() string {
+	if x != nil {
+		return x.TokenHint
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetStatus() AgentStatus {
+	if x != nil {
+		return x.Status
+	}
+	return AgentStatus_AGENT_STATUS_UNSPECIFIED
+}
+
+func (x *AgentsCreateResponse) GetKind() AgentKind {
+	if x != nil {
+		return x.Kind
+	}
+	return AgentKind_AGENT_KIND_UNSPECIFIED
+}
+
+func (x *AgentsCreateResponse) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *AgentsCreateResponse) GetLocation() string {
+	if x != nil && x.Location != nil {
+		return *x.Location
+	}
+	return ""
+}
+
+func (x *AgentsCreateResponse) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *AgentsCreateResponse) GetConfig() *AgentConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *AgentsCreateResponse) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+// AgentsUpdate agent updates an existing agent.
+type AgentsUpdateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,4,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	Location      *string                `protobuf:"bytes,5,opt,name=location,proto3,oneof" json:"location,omitempty"`
+	Tags          []string               `protobuf:"bytes,6,rep,name=tags,proto3" json:"tags,omitempty"`
+	Config        *AgentConfig           `protobuf:"bytes,7,opt,name=config,proto3" json:"config,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsUpdateRequest) Reset() {
+	*x = AgentsUpdateRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsUpdateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsUpdateRequest) ProtoMessage() {}
+
+func (x *AgentsUpdateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsUpdateRequest.ProtoReflect.Descriptor instead.
+func (*AgentsUpdateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *AgentsUpdateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *AgentsUpdateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *AgentsUpdateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *AgentsUpdateRequest) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *AgentsUpdateRequest) GetLocation() string {
+	if x != nil && x.Location != nil {
+		return *x.Location
+	}
+	return ""
+}
+
+func (x *AgentsUpdateRequest) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *AgentsUpdateRequest) GetConfig() *AgentConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+type AgentsUpdateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Agent                 `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsUpdateResponse) Reset() {
+	*x = AgentsUpdateResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsUpdateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsUpdateResponse) ProtoMessage() {}
+
+func (x *AgentsUpdateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsUpdateResponse.ProtoReflect.Descriptor instead.
+func (*AgentsUpdateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *AgentsUpdateResponse) GetItem() *Agent {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// Delete agent deletes an agent by ID.
+type AgentsDeleteRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsDeleteRequest) Reset() {
+	*x = AgentsDeleteRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsDeleteRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsDeleteRequest) ProtoMessage() {}
+
+func (x *AgentsDeleteRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsDeleteRequest.ProtoReflect.Descriptor instead.
+func (*AgentsDeleteRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *AgentsDeleteRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type AgentsDeleteResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsDeleteResponse) Reset() {
+	*x = AgentsDeleteResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsDeleteResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsDeleteResponse) ProtoMessage() {}
+
+func (x *AgentsDeleteResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsDeleteResponse.ProtoReflect.Descriptor instead.
+func (*AgentsDeleteResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{11}
+}
+
+// AgentsSubscribe subscribes to agent events.
+type AgentsSubscribeRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsSubscribeRequest) Reset() {
+	*x = AgentsSubscribeRequest{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsSubscribeRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsSubscribeRequest) ProtoMessage() {}
+
+func (x *AgentsSubscribeRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsSubscribeRequest.ProtoReflect.Descriptor instead.
+func (*AgentsSubscribeRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{12}
+}
+
+type AgentsSubscribeResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AgentsSubscribeResponse) Reset() {
+	*x = AgentsSubscribeResponse{}
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AgentsSubscribeResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AgentsSubscribeResponse) ProtoMessage() {}
+
+func (x *AgentsSubscribeResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_agents_v1_agents_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AgentsSubscribeResponse.ProtoReflect.Descriptor instead.
+func (*AgentsSubscribeResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_agents_v1_agents_proto_rawDescGZIP(), []int{13}
+}
+
+var File_sentinel_agents_v1_agents_proto protoreflect.FileDescriptor
+
+const file_sentinel_agents_v1_agents_proto_rawDesc = "" +
+	"\n" +
+	"\x1fsentinel/agents/v1/agents.proto\x12\x12sentinel.agents.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a sentinel/system/v1/service.proto\"\r\n" +
+	"\vAgentConfig\"\x9e\x05\n" +
+	"\x05Agent\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x1d\n" +
+	"\n" +
+	"token_hint\x18\x04 \x01(\tR\ttokenHint\x12%\n" +
+	"\vfingerprint\x18\x05 \x01(\tH\x00R\vfingerprint\x88\x01\x01\x121\n" +
+	"\x04kind\x18\x06 \x01(\x0e2\x1d.sentinel.agents.v1.AgentKindR\x04kind\x127\n" +
+	"\x06status\x18\a \x01(\x0e2\x1f.sentinel.agents.v1.AgentStatusR\x06status\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\b \x01(\bR\tisEnabled\x12\x1f\n" +
+	"\blocation\x18\t \x01(\tH\x01R\blocation\x88\x01\x01\x12\x12\n" +
+	"\x04tags\x18\n" +
+	" \x03(\tR\x04tags\x127\n" +
+	"\x06config\x18\v \x01(\v2\x1f.sentinel.agents.v1.AgentConfigR\x06config\x12?\n" +
+	"\vsystem_info\x18\f \x01(\v2\x1e.sentinel.system.v1.SystemInfoR\n" +
+	"systemInfo\x12<\n" +
+	"\flast_seen_at\x18\r \x01(\v2\x1a.google.protobuf.TimestampR\n" +
+	"lastSeenAt\x129\n" +
+	"\n" +
+	"created_at\x18\x0e \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\x0f \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAtB\x0e\n" +
+	"\f_fingerprintB\v\n" +
+	"\t_location\"\x13\n" +
+	"\x11AgentsListRequest\"[\n" +
+	"\x12AgentsListResponse\x12/\n" +
+	"\x05items\x18\x01 \x03(\v2\x19.sentinel.agents.v1.AgentR\x05items\x12\x14\n" +
+	"\x05count\x18\x02 \x01(\rR\x05count\"\"\n" +
+	"\x10AgentsGetRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"B\n" +
+	"\x11AgentsGetResponse\x12-\n" +
+	"\x04item\x18\x01 \x01(\v2\x19.sentinel.agents.v1.AgentR\x04item\"\xb7\x01\n" +
+	"\x13AgentsCreateRequest\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\x03 \x01(\bR\tisEnabled\x12\x12\n" +
+	"\x04tags\x18\x04 \x03(\tR\x04tags\x127\n" +
+	"\x06config\x18\x05 \x01(\v2\x1f.sentinel.agents.v1.AgentConfigR\x06config\"\xd2\x03\n" +
+	"\x14AgentsCreateResponse\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x14\n" +
+	"\x05token\x18\x04 \x01(\tR\x05token\x12\x1d\n" +
+	"\n" +
+	"token_hint\x18\x05 \x01(\tR\ttokenHint\x127\n" +
+	"\x06status\x18\x06 \x01(\x0e2\x1f.sentinel.agents.v1.AgentStatusR\x06status\x121\n" +
+	"\x04kind\x18\a \x01(\x0e2\x1d.sentinel.agents.v1.AgentKindR\x04kind\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\b \x01(\bR\tisEnabled\x12\x1f\n" +
+	"\blocation\x18\t \x01(\tH\x00R\blocation\x88\x01\x01\x12\x12\n" +
+	"\x04tags\x18\n" +
+	" \x03(\tR\x04tags\x127\n" +
+	"\x06config\x18\v \x01(\v2\x1f.sentinel.agents.v1.AgentConfigR\x06config\x129\n" +
+	"\n" +
+	"created_at\x18\f \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAtB\v\n" +
+	"\t_location\"\xf5\x01\n" +
+	"\x13AgentsUpdateRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\x04 \x01(\bR\tisEnabled\x12\x1f\n" +
+	"\blocation\x18\x05 \x01(\tH\x00R\blocation\x88\x01\x01\x12\x12\n" +
+	"\x04tags\x18\x06 \x03(\tR\x04tags\x127\n" +
+	"\x06config\x18\a \x01(\v2\x1f.sentinel.agents.v1.AgentConfigR\x06configB\v\n" +
+	"\t_location\"E\n" +
+	"\x14AgentsUpdateResponse\x12-\n" +
+	"\x04item\x18\x01 \x01(\v2\x19.sentinel.agents.v1.AgentR\x04item\"%\n" +
+	"\x13AgentsDeleteRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x16\n" +
+	"\x14AgentsDeleteResponse\"\x18\n" +
+	"\x16AgentsSubscribeRequest\"\x19\n" +
+	"\x17AgentsSubscribeResponse*_\n" +
+	"\vAgentStatus\x12\x1c\n" +
+	"\x18AGENT_STATUS_UNSPECIFIED\x10\x00\x12\x17\n" +
+	"\x13AGENT_STATUS_ACTIVE\x10\x01\x12\x19\n" +
+	"\x15AGENT_STATUS_INACTIVE\x10\x02*T\n" +
+	"\tAgentKind\x12\x1a\n" +
+	"\x16AGENT_KIND_UNSPECIFIED\x10\x00\x12\x12\n" +
+	"\x0eAGENT_KIND_HUB\x10\x01\x12\x17\n" +
+	"\x13AGENT_KIND_EXTERNAL\x10\x022\xdd\x04\n" +
+	"\rAgentsService\x12[\n" +
+	"\n" +
+	"AgentsList\x12%.sentinel.agents.v1.AgentsListRequest\x1a&.sentinel.agents.v1.AgentsListResponse\x12X\n" +
+	"\tAgentsGet\x12$.sentinel.agents.v1.AgentsGetRequest\x1a%.sentinel.agents.v1.AgentsGetResponse\x12a\n" +
+	"\fAgentsCreate\x12'.sentinel.agents.v1.AgentsCreateRequest\x1a(.sentinel.agents.v1.AgentsCreateResponse\x12a\n" +
+	"\fAgentsUpdate\x12'.sentinel.agents.v1.AgentsUpdateRequest\x1a(.sentinel.agents.v1.AgentsUpdateResponse\x12a\n" +
+	"\fAgentsDelete\x12'.sentinel.agents.v1.AgentsDeleteRequest\x1a(.sentinel.agents.v1.AgentsDeleteResponse\x12l\n" +
+	"\x0fAgentsSubscribe\x12*.sentinel.agents.v1.AgentsSubscribeRequest\x1a+.sentinel.agents.v1.AgentsSubscribeResponse0\x01B\xe4\x01\n" +
+	"\x16com.sentinel.agents.v1B\vAgentsProtoP\x01ZSgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1;agentsv1\xa2\x02\x03SAX\xaa\x02\x12Sentinel.Agents.V1\xca\x02\x12Sentinel\\Agents\\V1\xe2\x02\x1eSentinel\\Agents\\V1\\GPBMetadata\xea\x02\x14Sentinel::Agents::V1b\x06proto3"
+
+var (
+	file_sentinel_agents_v1_agents_proto_rawDescOnce sync.Once
+	file_sentinel_agents_v1_agents_proto_rawDescData []byte
+)
+
+func file_sentinel_agents_v1_agents_proto_rawDescGZIP() []byte {
+	file_sentinel_agents_v1_agents_proto_rawDescOnce.Do(func() {
+		file_sentinel_agents_v1_agents_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_agents_v1_agents_proto_rawDesc), len(file_sentinel_agents_v1_agents_proto_rawDesc)))
+	})
+	return file_sentinel_agents_v1_agents_proto_rawDescData
+}
+
+var file_sentinel_agents_v1_agents_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_sentinel_agents_v1_agents_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_sentinel_agents_v1_agents_proto_goTypes = []any{
+	(AgentStatus)(0),                // 0: sentinel.agents.v1.AgentStatus
+	(AgentKind)(0),                  // 1: sentinel.agents.v1.AgentKind
+	(*AgentConfig)(nil),             // 2: sentinel.agents.v1.AgentConfig
+	(*Agent)(nil),                   // 3: sentinel.agents.v1.Agent
+	(*AgentsListRequest)(nil),       // 4: sentinel.agents.v1.AgentsListRequest
+	(*AgentsListResponse)(nil),      // 5: sentinel.agents.v1.AgentsListResponse
+	(*AgentsGetRequest)(nil),        // 6: sentinel.agents.v1.AgentsGetRequest
+	(*AgentsGetResponse)(nil),       // 7: sentinel.agents.v1.AgentsGetResponse
+	(*AgentsCreateRequest)(nil),     // 8: sentinel.agents.v1.AgentsCreateRequest
+	(*AgentsCreateResponse)(nil),    // 9: sentinel.agents.v1.AgentsCreateResponse
+	(*AgentsUpdateRequest)(nil),     // 10: sentinel.agents.v1.AgentsUpdateRequest
+	(*AgentsUpdateResponse)(nil),    // 11: sentinel.agents.v1.AgentsUpdateResponse
+	(*AgentsDeleteRequest)(nil),     // 12: sentinel.agents.v1.AgentsDeleteRequest
+	(*AgentsDeleteResponse)(nil),    // 13: sentinel.agents.v1.AgentsDeleteResponse
+	(*AgentsSubscribeRequest)(nil),  // 14: sentinel.agents.v1.AgentsSubscribeRequest
+	(*AgentsSubscribeResponse)(nil), // 15: sentinel.agents.v1.AgentsSubscribeResponse
+	(*v1.SystemInfo)(nil),           // 16: sentinel.system.v1.SystemInfo
+	(*timestamppb.Timestamp)(nil),   // 17: google.protobuf.Timestamp
+}
+var file_sentinel_agents_v1_agents_proto_depIdxs = []int32{
+	1,  // 0: sentinel.agents.v1.Agent.kind:type_name -> sentinel.agents.v1.AgentKind
+	0,  // 1: sentinel.agents.v1.Agent.status:type_name -> sentinel.agents.v1.AgentStatus
+	2,  // 2: sentinel.agents.v1.Agent.config:type_name -> sentinel.agents.v1.AgentConfig
+	16, // 3: sentinel.agents.v1.Agent.system_info:type_name -> sentinel.system.v1.SystemInfo
+	17, // 4: sentinel.agents.v1.Agent.last_seen_at:type_name -> google.protobuf.Timestamp
+	17, // 5: sentinel.agents.v1.Agent.created_at:type_name -> google.protobuf.Timestamp
+	17, // 6: sentinel.agents.v1.Agent.updated_at:type_name -> google.protobuf.Timestamp
+	3,  // 7: sentinel.agents.v1.AgentsListResponse.items:type_name -> sentinel.agents.v1.Agent
+	3,  // 8: sentinel.agents.v1.AgentsGetResponse.item:type_name -> sentinel.agents.v1.Agent
+	2,  // 9: sentinel.agents.v1.AgentsCreateRequest.config:type_name -> sentinel.agents.v1.AgentConfig
+	0,  // 10: sentinel.agents.v1.AgentsCreateResponse.status:type_name -> sentinel.agents.v1.AgentStatus
+	1,  // 11: sentinel.agents.v1.AgentsCreateResponse.kind:type_name -> sentinel.agents.v1.AgentKind
+	2,  // 12: sentinel.agents.v1.AgentsCreateResponse.config:type_name -> sentinel.agents.v1.AgentConfig
+	17, // 13: sentinel.agents.v1.AgentsCreateResponse.created_at:type_name -> google.protobuf.Timestamp
+	2,  // 14: sentinel.agents.v1.AgentsUpdateRequest.config:type_name -> sentinel.agents.v1.AgentConfig
+	3,  // 15: sentinel.agents.v1.AgentsUpdateResponse.item:type_name -> sentinel.agents.v1.Agent
+	4,  // 16: sentinel.agents.v1.AgentsService.AgentsList:input_type -> sentinel.agents.v1.AgentsListRequest
+	6,  // 17: sentinel.agents.v1.AgentsService.AgentsGet:input_type -> sentinel.agents.v1.AgentsGetRequest
+	8,  // 18: sentinel.agents.v1.AgentsService.AgentsCreate:input_type -> sentinel.agents.v1.AgentsCreateRequest
+	10, // 19: sentinel.agents.v1.AgentsService.AgentsUpdate:input_type -> sentinel.agents.v1.AgentsUpdateRequest
+	12, // 20: sentinel.agents.v1.AgentsService.AgentsDelete:input_type -> sentinel.agents.v1.AgentsDeleteRequest
+	14, // 21: sentinel.agents.v1.AgentsService.AgentsSubscribe:input_type -> sentinel.agents.v1.AgentsSubscribeRequest
+	5,  // 22: sentinel.agents.v1.AgentsService.AgentsList:output_type -> sentinel.agents.v1.AgentsListResponse
+	7,  // 23: sentinel.agents.v1.AgentsService.AgentsGet:output_type -> sentinel.agents.v1.AgentsGetResponse
+	9,  // 24: sentinel.agents.v1.AgentsService.AgentsCreate:output_type -> sentinel.agents.v1.AgentsCreateResponse
+	11, // 25: sentinel.agents.v1.AgentsService.AgentsUpdate:output_type -> sentinel.agents.v1.AgentsUpdateResponse
+	13, // 26: sentinel.agents.v1.AgentsService.AgentsDelete:output_type -> sentinel.agents.v1.AgentsDeleteResponse
+	15, // 27: sentinel.agents.v1.AgentsService.AgentsSubscribe:output_type -> sentinel.agents.v1.AgentsSubscribeResponse
+	22, // [22:28] is the sub-list for method output_type
+	16, // [16:22] is the sub-list for method input_type
+	16, // [16:16] is the sub-list for extension type_name
+	16, // [16:16] is the sub-list for extension extendee
+	0,  // [0:16] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_agents_v1_agents_proto_init() }
+func file_sentinel_agents_v1_agents_proto_init() {
+	if File_sentinel_agents_v1_agents_proto != nil {
+		return
+	}
+	file_sentinel_agents_v1_agents_proto_msgTypes[1].OneofWrappers = []any{}
+	file_sentinel_agents_v1_agents_proto_msgTypes[7].OneofWrappers = []any{}
+	file_sentinel_agents_v1_agents_proto_msgTypes[8].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_agents_v1_agents_proto_rawDesc), len(file_sentinel_agents_v1_agents_proto_rawDesc)),
+			NumEnums:      2,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_agents_v1_agents_proto_goTypes,
+		DependencyIndexes: file_sentinel_agents_v1_agents_proto_depIdxs,
+		EnumInfos:         file_sentinel_agents_v1_agents_proto_enumTypes,
+		MessageInfos:      file_sentinel_agents_v1_agents_proto_msgTypes,
+	}.Build()
+	File_sentinel_agents_v1_agents_proto = out.File
+	file_sentinel_agents_v1_agents_proto_goTypes = nil
+	file_sentinel_agents_v1_agents_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect/agents.connect.go b/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect/agents.connect.go
new file mode 100644
index 0000000..fbecdaa
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/agents/v1/agentsv1connect/agents.connect.go
@@ -0,0 +1,253 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/agents/v1/agents.proto
+
+package agentsv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// AgentsServiceName is the fully-qualified name of the AgentsService service.
+	AgentsServiceName = "sentinel.agents.v1.AgentsService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// AgentsServiceAgentsListProcedure is the fully-qualified name of the AgentsService's AgentsList
+	// RPC.
+	AgentsServiceAgentsListProcedure = "/sentinel.agents.v1.AgentsService/AgentsList"
+	// AgentsServiceAgentsGetProcedure is the fully-qualified name of the AgentsService's AgentsGet RPC.
+	AgentsServiceAgentsGetProcedure = "/sentinel.agents.v1.AgentsService/AgentsGet"
+	// AgentsServiceAgentsCreateProcedure is the fully-qualified name of the AgentsService's
+	// AgentsCreate RPC.
+	AgentsServiceAgentsCreateProcedure = "/sentinel.agents.v1.AgentsService/AgentsCreate"
+	// AgentsServiceAgentsUpdateProcedure is the fully-qualified name of the AgentsService's
+	// AgentsUpdate RPC.
+	AgentsServiceAgentsUpdateProcedure = "/sentinel.agents.v1.AgentsService/AgentsUpdate"
+	// AgentsServiceAgentsDeleteProcedure is the fully-qualified name of the AgentsService's
+	// AgentsDelete RPC.
+	AgentsServiceAgentsDeleteProcedure = "/sentinel.agents.v1.AgentsService/AgentsDelete"
+	// AgentsServiceAgentsSubscribeProcedure is the fully-qualified name of the AgentsService's
+	// AgentsSubscribe RPC.
+	AgentsServiceAgentsSubscribeProcedure = "/sentinel.agents.v1.AgentsService/AgentsSubscribe"
+)
+
+// AgentsServiceClient is a client for the sentinel.agents.v1.AgentsService service.
+type AgentsServiceClient interface {
+	AgentsList(context.Context, *connect.Request[v1.AgentsListRequest]) (*connect.Response[v1.AgentsListResponse], error)
+	AgentsGet(context.Context, *connect.Request[v1.AgentsGetRequest]) (*connect.Response[v1.AgentsGetResponse], error)
+	AgentsCreate(context.Context, *connect.Request[v1.AgentsCreateRequest]) (*connect.Response[v1.AgentsCreateResponse], error)
+	AgentsUpdate(context.Context, *connect.Request[v1.AgentsUpdateRequest]) (*connect.Response[v1.AgentsUpdateResponse], error)
+	AgentsDelete(context.Context, *connect.Request[v1.AgentsDeleteRequest]) (*connect.Response[v1.AgentsDeleteResponse], error)
+	AgentsSubscribe(context.Context, *connect.Request[v1.AgentsSubscribeRequest]) (*connect.ServerStreamForClient[v1.AgentsSubscribeResponse], error)
+}
+
+// NewAgentsServiceClient constructs a client for the sentinel.agents.v1.AgentsService service. By
+// default, it uses the Connect protocol with the binary Protobuf Codec, asks for gzipped responses,
+// and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply the
+// connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewAgentsServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) AgentsServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	agentsServiceMethods := v1.File_sentinel_agents_v1_agents_proto.Services().ByName("AgentsService").Methods()
+	return &agentsServiceClient{
+		agentsList: connect.NewClient[v1.AgentsListRequest, v1.AgentsListResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsListProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsList")),
+			connect.WithClientOptions(opts...),
+		),
+		agentsGet: connect.NewClient[v1.AgentsGetRequest, v1.AgentsGetResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsGetProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsGet")),
+			connect.WithClientOptions(opts...),
+		),
+		agentsCreate: connect.NewClient[v1.AgentsCreateRequest, v1.AgentsCreateResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsCreateProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsCreate")),
+			connect.WithClientOptions(opts...),
+		),
+		agentsUpdate: connect.NewClient[v1.AgentsUpdateRequest, v1.AgentsUpdateResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsUpdateProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsUpdate")),
+			connect.WithClientOptions(opts...),
+		),
+		agentsDelete: connect.NewClient[v1.AgentsDeleteRequest, v1.AgentsDeleteResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsDeleteProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsDelete")),
+			connect.WithClientOptions(opts...),
+		),
+		agentsSubscribe: connect.NewClient[v1.AgentsSubscribeRequest, v1.AgentsSubscribeResponse](
+			httpClient,
+			baseURL+AgentsServiceAgentsSubscribeProcedure,
+			connect.WithSchema(agentsServiceMethods.ByName("AgentsSubscribe")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// agentsServiceClient implements AgentsServiceClient.
+type agentsServiceClient struct {
+	agentsList      *connect.Client[v1.AgentsListRequest, v1.AgentsListResponse]
+	agentsGet       *connect.Client[v1.AgentsGetRequest, v1.AgentsGetResponse]
+	agentsCreate    *connect.Client[v1.AgentsCreateRequest, v1.AgentsCreateResponse]
+	agentsUpdate    *connect.Client[v1.AgentsUpdateRequest, v1.AgentsUpdateResponse]
+	agentsDelete    *connect.Client[v1.AgentsDeleteRequest, v1.AgentsDeleteResponse]
+	agentsSubscribe *connect.Client[v1.AgentsSubscribeRequest, v1.AgentsSubscribeResponse]
+}
+
+// AgentsList calls sentinel.agents.v1.AgentsService.AgentsList.
+func (c *agentsServiceClient) AgentsList(ctx context.Context, req *connect.Request[v1.AgentsListRequest]) (*connect.Response[v1.AgentsListResponse], error) {
+	return c.agentsList.CallUnary(ctx, req)
+}
+
+// AgentsGet calls sentinel.agents.v1.AgentsService.AgentsGet.
+func (c *agentsServiceClient) AgentsGet(ctx context.Context, req *connect.Request[v1.AgentsGetRequest]) (*connect.Response[v1.AgentsGetResponse], error) {
+	return c.agentsGet.CallUnary(ctx, req)
+}
+
+// AgentsCreate calls sentinel.agents.v1.AgentsService.AgentsCreate.
+func (c *agentsServiceClient) AgentsCreate(ctx context.Context, req *connect.Request[v1.AgentsCreateRequest]) (*connect.Response[v1.AgentsCreateResponse], error) {
+	return c.agentsCreate.CallUnary(ctx, req)
+}
+
+// AgentsUpdate calls sentinel.agents.v1.AgentsService.AgentsUpdate.
+func (c *agentsServiceClient) AgentsUpdate(ctx context.Context, req *connect.Request[v1.AgentsUpdateRequest]) (*connect.Response[v1.AgentsUpdateResponse], error) {
+	return c.agentsUpdate.CallUnary(ctx, req)
+}
+
+// AgentsDelete calls sentinel.agents.v1.AgentsService.AgentsDelete.
+func (c *agentsServiceClient) AgentsDelete(ctx context.Context, req *connect.Request[v1.AgentsDeleteRequest]) (*connect.Response[v1.AgentsDeleteResponse], error) {
+	return c.agentsDelete.CallUnary(ctx, req)
+}
+
+// AgentsSubscribe calls sentinel.agents.v1.AgentsService.AgentsSubscribe.
+func (c *agentsServiceClient) AgentsSubscribe(ctx context.Context, req *connect.Request[v1.AgentsSubscribeRequest]) (*connect.ServerStreamForClient[v1.AgentsSubscribeResponse], error) {
+	return c.agentsSubscribe.CallServerStream(ctx, req)
+}
+
+// AgentsServiceHandler is an implementation of the sentinel.agents.v1.AgentsService service.
+type AgentsServiceHandler interface {
+	AgentsList(context.Context, *connect.Request[v1.AgentsListRequest]) (*connect.Response[v1.AgentsListResponse], error)
+	AgentsGet(context.Context, *connect.Request[v1.AgentsGetRequest]) (*connect.Response[v1.AgentsGetResponse], error)
+	AgentsCreate(context.Context, *connect.Request[v1.AgentsCreateRequest]) (*connect.Response[v1.AgentsCreateResponse], error)
+	AgentsUpdate(context.Context, *connect.Request[v1.AgentsUpdateRequest]) (*connect.Response[v1.AgentsUpdateResponse], error)
+	AgentsDelete(context.Context, *connect.Request[v1.AgentsDeleteRequest]) (*connect.Response[v1.AgentsDeleteResponse], error)
+	AgentsSubscribe(context.Context, *connect.Request[v1.AgentsSubscribeRequest], *connect.ServerStream[v1.AgentsSubscribeResponse]) error
+}
+
+// NewAgentsServiceHandler builds an HTTP handler from the service implementation. It returns the
+// path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewAgentsServiceHandler(svc AgentsServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	agentsServiceMethods := v1.File_sentinel_agents_v1_agents_proto.Services().ByName("AgentsService").Methods()
+	agentsServiceAgentsListHandler := connect.NewUnaryHandler(
+		AgentsServiceAgentsListProcedure,
+		svc.AgentsList,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsList")),
+		connect.WithHandlerOptions(opts...),
+	)
+	agentsServiceAgentsGetHandler := connect.NewUnaryHandler(
+		AgentsServiceAgentsGetProcedure,
+		svc.AgentsGet,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsGet")),
+		connect.WithHandlerOptions(opts...),
+	)
+	agentsServiceAgentsCreateHandler := connect.NewUnaryHandler(
+		AgentsServiceAgentsCreateProcedure,
+		svc.AgentsCreate,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsCreate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	agentsServiceAgentsUpdateHandler := connect.NewUnaryHandler(
+		AgentsServiceAgentsUpdateProcedure,
+		svc.AgentsUpdate,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsUpdate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	agentsServiceAgentsDeleteHandler := connect.NewUnaryHandler(
+		AgentsServiceAgentsDeleteProcedure,
+		svc.AgentsDelete,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsDelete")),
+		connect.WithHandlerOptions(opts...),
+	)
+	agentsServiceAgentsSubscribeHandler := connect.NewServerStreamHandler(
+		AgentsServiceAgentsSubscribeProcedure,
+		svc.AgentsSubscribe,
+		connect.WithSchema(agentsServiceMethods.ByName("AgentsSubscribe")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.agents.v1.AgentsService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case AgentsServiceAgentsListProcedure:
+			agentsServiceAgentsListHandler.ServeHTTP(w, r)
+		case AgentsServiceAgentsGetProcedure:
+			agentsServiceAgentsGetHandler.ServeHTTP(w, r)
+		case AgentsServiceAgentsCreateProcedure:
+			agentsServiceAgentsCreateHandler.ServeHTTP(w, r)
+		case AgentsServiceAgentsUpdateProcedure:
+			agentsServiceAgentsUpdateHandler.ServeHTTP(w, r)
+		case AgentsServiceAgentsDeleteProcedure:
+			agentsServiceAgentsDeleteHandler.ServeHTTP(w, r)
+		case AgentsServiceAgentsSubscribeProcedure:
+			agentsServiceAgentsSubscribeHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedAgentsServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedAgentsServiceHandler struct{}
+
+func (UnimplementedAgentsServiceHandler) AgentsList(context.Context, *connect.Request[v1.AgentsListRequest]) (*connect.Response[v1.AgentsListResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsList is not implemented"))
+}
+
+func (UnimplementedAgentsServiceHandler) AgentsGet(context.Context, *connect.Request[v1.AgentsGetRequest]) (*connect.Response[v1.AgentsGetResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsGet is not implemented"))
+}
+
+func (UnimplementedAgentsServiceHandler) AgentsCreate(context.Context, *connect.Request[v1.AgentsCreateRequest]) (*connect.Response[v1.AgentsCreateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsCreate is not implemented"))
+}
+
+func (UnimplementedAgentsServiceHandler) AgentsUpdate(context.Context, *connect.Request[v1.AgentsUpdateRequest]) (*connect.Response[v1.AgentsUpdateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsUpdate is not implemented"))
+}
+
+func (UnimplementedAgentsServiceHandler) AgentsDelete(context.Context, *connect.Request[v1.AgentsDeleteRequest]) (*connect.Response[v1.AgentsDeleteResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsDelete is not implemented"))
+}
+
+func (UnimplementedAgentsServiceHandler) AgentsSubscribe(context.Context, *connect.Request[v1.AgentsSubscribeRequest], *connect.ServerStream[v1.AgentsSubscribeResponse]) error {
+	return connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.agents.v1.AgentsService.AgentsSubscribe is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/auth/v1/auth.pb.go b/internal/hub/hubserver/api/sentinel/auth/v1/auth.pb.go
new file mode 100644
index 0000000..e18f551
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/auth/v1/auth.pb.go
@@ -0,0 +1,1114 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/auth/v1/auth.proto
+
+package authv1
+
+import (
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/users/v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type DeviceType int32
+
+const (
+	DeviceType_DEVICE_TYPE_UNSPECIFIED DeviceType = 0
+	DeviceType_DEVICE_TYPE_WEB         DeviceType = 1
+)
+
+// Enum value maps for DeviceType.
+var (
+	DeviceType_name = map[int32]string{
+		0: "DEVICE_TYPE_UNSPECIFIED",
+		1: "DEVICE_TYPE_WEB",
+	}
+	DeviceType_value = map[string]int32{
+		"DEVICE_TYPE_UNSPECIFIED": 0,
+		"DEVICE_TYPE_WEB":         1,
+	}
+)
+
+func (x DeviceType) Enum() *DeviceType {
+	p := new(DeviceType)
+	*p = x
+	return p
+}
+
+func (x DeviceType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (DeviceType) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_auth_v1_auth_proto_enumTypes[0].Descriptor()
+}
+
+func (DeviceType) Type() protoreflect.EnumType {
+	return &file_sentinel_auth_v1_auth_proto_enumTypes[0]
+}
+
+func (x DeviceType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use DeviceType.Descriptor instead.
+func (DeviceType) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{0}
+}
+
+type DeviceInfo struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	DeviceId      string                 `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
+	DeviceType    DeviceType             `protobuf:"varint,2,opt,name=device_type,json=deviceType,proto3,enum=sentinel.auth.v1.DeviceType" json:"device_type,omitempty"`
+	DeviceName    string                 `protobuf:"bytes,3,opt,name=device_name,json=deviceName,proto3" json:"device_name,omitempty"`
+	Fingerprint   string                 `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
+	OsVersion     string                 `protobuf:"bytes,5,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
+	AppVersion    string                 `protobuf:"bytes,6,opt,name=app_version,json=appVersion,proto3" json:"app_version,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeviceInfo) Reset() {
+	*x = DeviceInfo{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeviceInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeviceInfo) ProtoMessage() {}
+
+func (x *DeviceInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeviceInfo.ProtoReflect.Descriptor instead.
+func (*DeviceInfo) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *DeviceInfo) GetDeviceId() string {
+	if x != nil {
+		return x.DeviceId
+	}
+	return ""
+}
+
+func (x *DeviceInfo) GetDeviceType() DeviceType {
+	if x != nil {
+		return x.DeviceType
+	}
+	return DeviceType_DEVICE_TYPE_UNSPECIFIED
+}
+
+func (x *DeviceInfo) GetDeviceName() string {
+	if x != nil {
+		return x.DeviceName
+	}
+	return ""
+}
+
+func (x *DeviceInfo) GetFingerprint() string {
+	if x != nil {
+		return x.Fingerprint
+	}
+	return ""
+}
+
+func (x *DeviceInfo) GetOsVersion() string {
+	if x != nil {
+		return x.OsVersion
+	}
+	return ""
+}
+
+func (x *DeviceInfo) GetAppVersion() string {
+	if x != nil {
+		return x.AppVersion
+	}
+	return ""
+}
+
+type Session struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	DeviceInfo    *DeviceInfo            `protobuf:"bytes,1,opt,name=device_info,json=deviceInfo,proto3" json:"device_info,omitempty"`
+	Country       string                 `protobuf:"bytes,2,opt,name=country,proto3" json:"country,omitempty"`
+	Ip            string                 `protobuf:"bytes,3,opt,name=ip,proto3" json:"ip,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Session) Reset() {
+	*x = Session{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Session) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Session) ProtoMessage() {}
+
+func (x *Session) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Session.ProtoReflect.Descriptor instead.
+func (*Session) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Session) GetDeviceInfo() *DeviceInfo {
+	if x != nil {
+		return x.DeviceInfo
+	}
+	return nil
+}
+
+func (x *Session) GetCountry() string {
+	if x != nil {
+		return x.Country
+	}
+	return ""
+}
+
+func (x *Session) GetIp() string {
+	if x != nil {
+		return x.Ip
+	}
+	return ""
+}
+
+func (x *Session) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+// Authorization
+type AuthorizationRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Email         string                 `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	DeviceInfo    *DeviceInfo            `protobuf:"bytes,4,opt,name=device_info,json=deviceInfo,proto3" json:"device_info,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthorizationRequest) Reset() {
+	*x = AuthorizationRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthorizationRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthorizationRequest) ProtoMessage() {}
+
+func (x *AuthorizationRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthorizationRequest.ProtoReflect.Descriptor instead.
+func (*AuthorizationRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *AuthorizationRequest) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *AuthorizationRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+func (x *AuthorizationRequest) GetDeviceInfo() *DeviceInfo {
+	if x != nil {
+		return x.DeviceInfo
+	}
+	return nil
+}
+
+type AuthPayload struct {
+	state                 protoimpl.MessageState `protogen:"open.v1"`
+	AccessToken           string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	RefreshToken          string                 `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
+	AccessTokenExpiredAt  *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=access_token_expired_at,json=accessTokenExpiredAt,proto3" json:"access_token_expired_at,omitempty"`
+	RefreshTokenExpiredAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=refresh_token_expired_at,json=refreshTokenExpiredAt,proto3" json:"refresh_token_expired_at,omitempty"`
+	DeviceId              string                 `protobuf:"bytes,5,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
+	OrganizationId        *string                `protobuf:"bytes,6,opt,name=organization_id,json=organizationId,proto3,oneof" json:"organization_id,omitempty"`
+	unknownFields         protoimpl.UnknownFields
+	sizeCache             protoimpl.SizeCache
+}
+
+func (x *AuthPayload) Reset() {
+	*x = AuthPayload{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthPayload) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthPayload) ProtoMessage() {}
+
+func (x *AuthPayload) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthPayload.ProtoReflect.Descriptor instead.
+func (*AuthPayload) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *AuthPayload) GetAccessToken() string {
+	if x != nil {
+		return x.AccessToken
+	}
+	return ""
+}
+
+func (x *AuthPayload) GetRefreshToken() string {
+	if x != nil {
+		return x.RefreshToken
+	}
+	return ""
+}
+
+func (x *AuthPayload) GetAccessTokenExpiredAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.AccessTokenExpiredAt
+	}
+	return nil
+}
+
+func (x *AuthPayload) GetRefreshTokenExpiredAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.RefreshTokenExpiredAt
+	}
+	return nil
+}
+
+func (x *AuthPayload) GetDeviceId() string {
+	if x != nil {
+		return x.DeviceId
+	}
+	return ""
+}
+
+func (x *AuthPayload) GetOrganizationId() string {
+	if x != nil && x.OrganizationId != nil {
+		return *x.OrganizationId
+	}
+	return ""
+}
+
+type AuthorizationResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	AuthPayload   *AuthPayload           `protobuf:"bytes,1,opt,name=auth_payload,json=authPayload,proto3" json:"auth_payload,omitempty"`
+	User          *v1.User               `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthorizationResponse) Reset() {
+	*x = AuthorizationResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthorizationResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthorizationResponse) ProtoMessage() {}
+
+func (x *AuthorizationResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthorizationResponse.ProtoReflect.Descriptor instead.
+func (*AuthorizationResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *AuthorizationResponse) GetAuthPayload() *AuthPayload {
+	if x != nil {
+		return x.AuthPayload
+	}
+	return nil
+}
+
+func (x *AuthorizationResponse) GetUser() *v1.User {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+// Authenticate
+type AuthenticateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	AccessToken   string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthenticateRequest) Reset() {
+	*x = AuthenticateRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateRequest) ProtoMessage() {}
+
+func (x *AuthenticateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateRequest.ProtoReflect.Descriptor instead.
+func (*AuthenticateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *AuthenticateRequest) GetAccessToken() string {
+	if x != nil {
+		return x.AccessToken
+	}
+	return ""
+}
+
+type AuthenticateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	User          *v1.User               `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthenticateResponse) Reset() {
+	*x = AuthenticateResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateResponse) ProtoMessage() {}
+
+func (x *AuthenticateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateResponse.ProtoReflect.Descriptor instead.
+func (*AuthenticateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *AuthenticateResponse) GetUser() *v1.User {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+// Refresh token
+type RefreshTokenRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	RefreshToken  string                 `protobuf:"bytes,1,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *RefreshTokenRequest) Reset() {
+	*x = RefreshTokenRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *RefreshTokenRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RefreshTokenRequest) ProtoMessage() {}
+
+func (x *RefreshTokenRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RefreshTokenRequest.ProtoReflect.Descriptor instead.
+func (*RefreshTokenRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *RefreshTokenRequest) GetRefreshToken() string {
+	if x != nil {
+		return x.RefreshToken
+	}
+	return ""
+}
+
+type RefreshTokenResponse struct {
+	state                 protoimpl.MessageState `protogen:"open.v1"`
+	AccessToken           string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	RefreshToken          string                 `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
+	AccessTokenExpiredAt  *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=access_token_expired_at,json=accessTokenExpiredAt,proto3" json:"access_token_expired_at,omitempty"`
+	RefreshTokenExpiredAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=refresh_token_expired_at,json=refreshTokenExpiredAt,proto3" json:"refresh_token_expired_at,omitempty"`
+	unknownFields         protoimpl.UnknownFields
+	sizeCache             protoimpl.SizeCache
+}
+
+func (x *RefreshTokenResponse) Reset() {
+	*x = RefreshTokenResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *RefreshTokenResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RefreshTokenResponse) ProtoMessage() {}
+
+func (x *RefreshTokenResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RefreshTokenResponse.ProtoReflect.Descriptor instead.
+func (*RefreshTokenResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *RefreshTokenResponse) GetAccessToken() string {
+	if x != nil {
+		return x.AccessToken
+	}
+	return ""
+}
+
+func (x *RefreshTokenResponse) GetRefreshToken() string {
+	if x != nil {
+		return x.RefreshToken
+	}
+	return ""
+}
+
+func (x *RefreshTokenResponse) GetAccessTokenExpiredAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.AccessTokenExpiredAt
+	}
+	return nil
+}
+
+func (x *RefreshTokenResponse) GetRefreshTokenExpiredAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.RefreshTokenExpiredAt
+	}
+	return nil
+}
+
+// Active sessions
+type ActiveSessionsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ActiveSessionsRequest) Reset() {
+	*x = ActiveSessionsRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ActiveSessionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ActiveSessionsRequest) ProtoMessage() {}
+
+func (x *ActiveSessionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ActiveSessionsRequest.ProtoReflect.Descriptor instead.
+func (*ActiveSessionsRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{9}
+}
+
+type ActiveSessionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Sessions      []*Session             `protobuf:"bytes,1,rep,name=sessions,proto3" json:"sessions,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ActiveSessionsResponse) Reset() {
+	*x = ActiveSessionsResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ActiveSessionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ActiveSessionsResponse) ProtoMessage() {}
+
+func (x *ActiveSessionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ActiveSessionsResponse.ProtoReflect.Descriptor instead.
+func (*ActiveSessionsResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ActiveSessionsResponse) GetSessions() []*Session {
+	if x != nil {
+		return x.Sessions
+	}
+	return nil
+}
+
+// Delete session
+type DeleteSessionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	DeviceId      string                 `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeleteSessionRequest) Reset() {
+	*x = DeleteSessionRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteSessionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteSessionRequest) ProtoMessage() {}
+
+func (x *DeleteSessionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteSessionRequest.ProtoReflect.Descriptor instead.
+func (*DeleteSessionRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *DeleteSessionRequest) GetDeviceId() string {
+	if x != nil {
+		return x.DeviceId
+	}
+	return ""
+}
+
+type DeleteSessionResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeleteSessionResponse) Reset() {
+	*x = DeleteSessionResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteSessionResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteSessionResponse) ProtoMessage() {}
+
+func (x *DeleteSessionResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteSessionResponse.ProtoReflect.Descriptor instead.
+func (*DeleteSessionResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{12}
+}
+
+// Terminate all sessions
+type TerminateAllSessionsRequest struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Current device id. This session will not be terminated.
+	// If not set, all sessions will be terminated.
+	DeviceId      *string `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3,oneof" json:"device_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *TerminateAllSessionsRequest) Reset() {
+	*x = TerminateAllSessionsRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *TerminateAllSessionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TerminateAllSessionsRequest) ProtoMessage() {}
+
+func (x *TerminateAllSessionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TerminateAllSessionsRequest.ProtoReflect.Descriptor instead.
+func (*TerminateAllSessionsRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *TerminateAllSessionsRequest) GetDeviceId() string {
+	if x != nil && x.DeviceId != nil {
+		return *x.DeviceId
+	}
+	return ""
+}
+
+type TerminateAllSessionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *TerminateAllSessionsResponse) Reset() {
+	*x = TerminateAllSessionsResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *TerminateAllSessionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TerminateAllSessionsResponse) ProtoMessage() {}
+
+func (x *TerminateAllSessionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[14]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TerminateAllSessionsResponse.ProtoReflect.Descriptor instead.
+func (*TerminateAllSessionsResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{14}
+}
+
+// Logout
+type LogoutRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *LogoutRequest) Reset() {
+	*x = LogoutRequest{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *LogoutRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LogoutRequest) ProtoMessage() {}
+
+func (x *LogoutRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[15]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LogoutRequest.ProtoReflect.Descriptor instead.
+func (*LogoutRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{15}
+}
+
+type LogoutResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *LogoutResponse) Reset() {
+	*x = LogoutResponse{}
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *LogoutResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LogoutResponse) ProtoMessage() {}
+
+func (x *LogoutResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_auth_v1_auth_proto_msgTypes[16]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LogoutResponse.ProtoReflect.Descriptor instead.
+func (*LogoutResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_auth_v1_auth_proto_rawDescGZIP(), []int{16}
+}
+
+var File_sentinel_auth_v1_auth_proto protoreflect.FileDescriptor
+
+const file_sentinel_auth_v1_auth_proto_rawDesc = "" +
+	"\n" +
+	"\x1bsentinel/auth/v1/auth.proto\x12\x10sentinel.auth.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1dsentinel/users/v1/users.proto\"\xeb\x01\n" +
+	"\n" +
+	"DeviceInfo\x12\x1b\n" +
+	"\tdevice_id\x18\x01 \x01(\tR\bdeviceId\x12=\n" +
+	"\vdevice_type\x18\x02 \x01(\x0e2\x1c.sentinel.auth.v1.DeviceTypeR\n" +
+	"deviceType\x12\x1f\n" +
+	"\vdevice_name\x18\x03 \x01(\tR\n" +
+	"deviceName\x12 \n" +
+	"\vfingerprint\x18\x04 \x01(\tR\vfingerprint\x12\x1d\n" +
+	"\n" +
+	"os_version\x18\x05 \x01(\tR\tosVersion\x12\x1f\n" +
+	"\vapp_version\x18\x06 \x01(\tR\n" +
+	"appVersion\"\xad\x01\n" +
+	"\aSession\x12=\n" +
+	"\vdevice_info\x18\x01 \x01(\v2\x1c.sentinel.auth.v1.DeviceInfoR\n" +
+	"deviceInfo\x12\x18\n" +
+	"\acountry\x18\x02 \x01(\tR\acountry\x12\x0e\n" +
+	"\x02ip\x18\x03 \x01(\tR\x02ip\x129\n" +
+	"\n" +
+	"created_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\"\x87\x01\n" +
+	"\x14AuthorizationRequest\x12\x14\n" +
+	"\x05email\x18\x01 \x01(\tR\x05email\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\x12=\n" +
+	"\vdevice_info\x18\x04 \x01(\v2\x1c.sentinel.auth.v1.DeviceInfoR\n" +
+	"deviceInfo\"\xdc\x02\n" +
+	"\vAuthPayload\x12!\n" +
+	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12#\n" +
+	"\rrefresh_token\x18\x02 \x01(\tR\frefreshToken\x12Q\n" +
+	"\x17access_token_expired_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\x14accessTokenExpiredAt\x12S\n" +
+	"\x18refresh_token_expired_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\x15refreshTokenExpiredAt\x12\x1b\n" +
+	"\tdevice_id\x18\x05 \x01(\tR\bdeviceId\x12,\n" +
+	"\x0forganization_id\x18\x06 \x01(\tH\x00R\x0eorganizationId\x88\x01\x01B\x12\n" +
+	"\x10_organization_id\"\x86\x01\n" +
+	"\x15AuthorizationResponse\x12@\n" +
+	"\fauth_payload\x18\x01 \x01(\v2\x1d.sentinel.auth.v1.AuthPayloadR\vauthPayload\x12+\n" +
+	"\x04user\x18\x02 \x01(\v2\x17.sentinel.users.v1.UserR\x04user\"8\n" +
+	"\x13AuthenticateRequest\x12!\n" +
+	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\"C\n" +
+	"\x14AuthenticateResponse\x12+\n" +
+	"\x04user\x18\x02 \x01(\v2\x17.sentinel.users.v1.UserR\x04user\":\n" +
+	"\x13RefreshTokenRequest\x12#\n" +
+	"\rrefresh_token\x18\x01 \x01(\tR\frefreshToken\"\x86\x02\n" +
+	"\x14RefreshTokenResponse\x12!\n" +
+	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12#\n" +
+	"\rrefresh_token\x18\x02 \x01(\tR\frefreshToken\x12Q\n" +
+	"\x17access_token_expired_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\x14accessTokenExpiredAt\x12S\n" +
+	"\x18refresh_token_expired_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\x15refreshTokenExpiredAt\"\x17\n" +
+	"\x15ActiveSessionsRequest\"O\n" +
+	"\x16ActiveSessionsResponse\x125\n" +
+	"\bsessions\x18\x01 \x03(\v2\x19.sentinel.auth.v1.SessionR\bsessions\"3\n" +
+	"\x14DeleteSessionRequest\x12\x1b\n" +
+	"\tdevice_id\x18\x01 \x01(\tR\bdeviceId\"\x17\n" +
+	"\x15DeleteSessionResponse\"M\n" +
+	"\x1bTerminateAllSessionsRequest\x12 \n" +
+	"\tdevice_id\x18\x01 \x01(\tH\x00R\bdeviceId\x88\x01\x01B\f\n" +
+	"\n" +
+	"_device_id\"\x1e\n" +
+	"\x1cTerminateAllSessionsResponse\"\x0f\n" +
+	"\rLogoutRequest\"\x10\n" +
+	"\x0eLogoutResponse*>\n" +
+	"\n" +
+	"DeviceType\x12\x1b\n" +
+	"\x17DEVICE_TYPE_UNSPECIFIED\x10\x00\x12\x13\n" +
+	"\x0fDEVICE_TYPE_WEB\x10\x012\xc6\x05\n" +
+	"\vAuthService\x12b\n" +
+	"\rAuthorization\x12&.sentinel.auth.v1.AuthorizationRequest\x1a'.sentinel.auth.v1.AuthorizationResponse\"\x00\x12_\n" +
+	"\fAuthenticate\x12%.sentinel.auth.v1.AuthenticateRequest\x1a&.sentinel.auth.v1.AuthenticateResponse\"\x00\x12_\n" +
+	"\fRefreshToken\x12%.sentinel.auth.v1.RefreshTokenRequest\x1a&.sentinel.auth.v1.RefreshTokenResponse\"\x00\x12M\n" +
+	"\x06Logout\x12\x1f.sentinel.auth.v1.LogoutRequest\x1a .sentinel.auth.v1.LogoutResponse\"\x00\x12e\n" +
+	"\x0eActiveSessions\x12'.sentinel.auth.v1.ActiveSessionsRequest\x1a(.sentinel.auth.v1.ActiveSessionsResponse\"\x00\x12b\n" +
+	"\rDeleteSession\x12&.sentinel.auth.v1.DeleteSessionRequest\x1a'.sentinel.auth.v1.DeleteSessionResponse\"\x00\x12w\n" +
+	"\x14TerminateAllSessions\x12-.sentinel.auth.v1.TerminateAllSessionsRequest\x1a..sentinel.auth.v1.TerminateAllSessionsResponse\"\x00B\xd4\x01\n" +
+	"\x14com.sentinel.auth.v1B\tAuthProtoP\x01ZOgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1;authv1\xa2\x02\x03SAX\xaa\x02\x10Sentinel.Auth.V1\xca\x02\x10Sentinel\\Auth\\V1\xe2\x02\x1cSentinel\\Auth\\V1\\GPBMetadata\xea\x02\x12Sentinel::Auth::V1b\x06proto3"
+
+var (
+	file_sentinel_auth_v1_auth_proto_rawDescOnce sync.Once
+	file_sentinel_auth_v1_auth_proto_rawDescData []byte
+)
+
+func file_sentinel_auth_v1_auth_proto_rawDescGZIP() []byte {
+	file_sentinel_auth_v1_auth_proto_rawDescOnce.Do(func() {
+		file_sentinel_auth_v1_auth_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_auth_v1_auth_proto_rawDesc), len(file_sentinel_auth_v1_auth_proto_rawDesc)))
+	})
+	return file_sentinel_auth_v1_auth_proto_rawDescData
+}
+
+var file_sentinel_auth_v1_auth_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_sentinel_auth_v1_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_sentinel_auth_v1_auth_proto_goTypes = []any{
+	(DeviceType)(0),                      // 0: sentinel.auth.v1.DeviceType
+	(*DeviceInfo)(nil),                   // 1: sentinel.auth.v1.DeviceInfo
+	(*Session)(nil),                      // 2: sentinel.auth.v1.Session
+	(*AuthorizationRequest)(nil),         // 3: sentinel.auth.v1.AuthorizationRequest
+	(*AuthPayload)(nil),                  // 4: sentinel.auth.v1.AuthPayload
+	(*AuthorizationResponse)(nil),        // 5: sentinel.auth.v1.AuthorizationResponse
+	(*AuthenticateRequest)(nil),          // 6: sentinel.auth.v1.AuthenticateRequest
+	(*AuthenticateResponse)(nil),         // 7: sentinel.auth.v1.AuthenticateResponse
+	(*RefreshTokenRequest)(nil),          // 8: sentinel.auth.v1.RefreshTokenRequest
+	(*RefreshTokenResponse)(nil),         // 9: sentinel.auth.v1.RefreshTokenResponse
+	(*ActiveSessionsRequest)(nil),        // 10: sentinel.auth.v1.ActiveSessionsRequest
+	(*ActiveSessionsResponse)(nil),       // 11: sentinel.auth.v1.ActiveSessionsResponse
+	(*DeleteSessionRequest)(nil),         // 12: sentinel.auth.v1.DeleteSessionRequest
+	(*DeleteSessionResponse)(nil),        // 13: sentinel.auth.v1.DeleteSessionResponse
+	(*TerminateAllSessionsRequest)(nil),  // 14: sentinel.auth.v1.TerminateAllSessionsRequest
+	(*TerminateAllSessionsResponse)(nil), // 15: sentinel.auth.v1.TerminateAllSessionsResponse
+	(*LogoutRequest)(nil),                // 16: sentinel.auth.v1.LogoutRequest
+	(*LogoutResponse)(nil),               // 17: sentinel.auth.v1.LogoutResponse
+	(*timestamppb.Timestamp)(nil),        // 18: google.protobuf.Timestamp
+	(*v1.User)(nil),                      // 19: sentinel.users.v1.User
+}
+var file_sentinel_auth_v1_auth_proto_depIdxs = []int32{
+	0,  // 0: sentinel.auth.v1.DeviceInfo.device_type:type_name -> sentinel.auth.v1.DeviceType
+	1,  // 1: sentinel.auth.v1.Session.device_info:type_name -> sentinel.auth.v1.DeviceInfo
+	18, // 2: sentinel.auth.v1.Session.created_at:type_name -> google.protobuf.Timestamp
+	1,  // 3: sentinel.auth.v1.AuthorizationRequest.device_info:type_name -> sentinel.auth.v1.DeviceInfo
+	18, // 4: sentinel.auth.v1.AuthPayload.access_token_expired_at:type_name -> google.protobuf.Timestamp
+	18, // 5: sentinel.auth.v1.AuthPayload.refresh_token_expired_at:type_name -> google.protobuf.Timestamp
+	4,  // 6: sentinel.auth.v1.AuthorizationResponse.auth_payload:type_name -> sentinel.auth.v1.AuthPayload
+	19, // 7: sentinel.auth.v1.AuthorizationResponse.user:type_name -> sentinel.users.v1.User
+	19, // 8: sentinel.auth.v1.AuthenticateResponse.user:type_name -> sentinel.users.v1.User
+	18, // 9: sentinel.auth.v1.RefreshTokenResponse.access_token_expired_at:type_name -> google.protobuf.Timestamp
+	18, // 10: sentinel.auth.v1.RefreshTokenResponse.refresh_token_expired_at:type_name -> google.protobuf.Timestamp
+	2,  // 11: sentinel.auth.v1.ActiveSessionsResponse.sessions:type_name -> sentinel.auth.v1.Session
+	3,  // 12: sentinel.auth.v1.AuthService.Authorization:input_type -> sentinel.auth.v1.AuthorizationRequest
+	6,  // 13: sentinel.auth.v1.AuthService.Authenticate:input_type -> sentinel.auth.v1.AuthenticateRequest
+	8,  // 14: sentinel.auth.v1.AuthService.RefreshToken:input_type -> sentinel.auth.v1.RefreshTokenRequest
+	16, // 15: sentinel.auth.v1.AuthService.Logout:input_type -> sentinel.auth.v1.LogoutRequest
+	10, // 16: sentinel.auth.v1.AuthService.ActiveSessions:input_type -> sentinel.auth.v1.ActiveSessionsRequest
+	12, // 17: sentinel.auth.v1.AuthService.DeleteSession:input_type -> sentinel.auth.v1.DeleteSessionRequest
+	14, // 18: sentinel.auth.v1.AuthService.TerminateAllSessions:input_type -> sentinel.auth.v1.TerminateAllSessionsRequest
+	5,  // 19: sentinel.auth.v1.AuthService.Authorization:output_type -> sentinel.auth.v1.AuthorizationResponse
+	7,  // 20: sentinel.auth.v1.AuthService.Authenticate:output_type -> sentinel.auth.v1.AuthenticateResponse
+	9,  // 21: sentinel.auth.v1.AuthService.RefreshToken:output_type -> sentinel.auth.v1.RefreshTokenResponse
+	17, // 22: sentinel.auth.v1.AuthService.Logout:output_type -> sentinel.auth.v1.LogoutResponse
+	11, // 23: sentinel.auth.v1.AuthService.ActiveSessions:output_type -> sentinel.auth.v1.ActiveSessionsResponse
+	13, // 24: sentinel.auth.v1.AuthService.DeleteSession:output_type -> sentinel.auth.v1.DeleteSessionResponse
+	15, // 25: sentinel.auth.v1.AuthService.TerminateAllSessions:output_type -> sentinel.auth.v1.TerminateAllSessionsResponse
+	19, // [19:26] is the sub-list for method output_type
+	12, // [12:19] is the sub-list for method input_type
+	12, // [12:12] is the sub-list for extension type_name
+	12, // [12:12] is the sub-list for extension extendee
+	0,  // [0:12] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_auth_v1_auth_proto_init() }
+func file_sentinel_auth_v1_auth_proto_init() {
+	if File_sentinel_auth_v1_auth_proto != nil {
+		return
+	}
+	file_sentinel_auth_v1_auth_proto_msgTypes[3].OneofWrappers = []any{}
+	file_sentinel_auth_v1_auth_proto_msgTypes[13].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_auth_v1_auth_proto_rawDesc), len(file_sentinel_auth_v1_auth_proto_rawDesc)),
+			NumEnums:      1,
+			NumMessages:   17,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_auth_v1_auth_proto_goTypes,
+		DependencyIndexes: file_sentinel_auth_v1_auth_proto_depIdxs,
+		EnumInfos:         file_sentinel_auth_v1_auth_proto_enumTypes,
+		MessageInfos:      file_sentinel_auth_v1_auth_proto_msgTypes,
+	}.Build()
+	File_sentinel_auth_v1_auth_proto = out.File
+	file_sentinel_auth_v1_auth_proto_goTypes = nil
+	file_sentinel_auth_v1_auth_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect/auth.connect.go b/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect/auth.connect.go
new file mode 100644
index 0000000..9d435d0
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/auth/v1/authv1connect/auth.connect.go
@@ -0,0 +1,286 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/auth/v1/auth.proto
+
+package authv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/auth/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// AuthServiceName is the fully-qualified name of the AuthService service.
+	AuthServiceName = "sentinel.auth.v1.AuthService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// AuthServiceAuthorizationProcedure is the fully-qualified name of the AuthService's Authorization
+	// RPC.
+	AuthServiceAuthorizationProcedure = "/sentinel.auth.v1.AuthService/Authorization"
+	// AuthServiceAuthenticateProcedure is the fully-qualified name of the AuthService's Authenticate
+	// RPC.
+	AuthServiceAuthenticateProcedure = "/sentinel.auth.v1.AuthService/Authenticate"
+	// AuthServiceRefreshTokenProcedure is the fully-qualified name of the AuthService's RefreshToken
+	// RPC.
+	AuthServiceRefreshTokenProcedure = "/sentinel.auth.v1.AuthService/RefreshToken"
+	// AuthServiceLogoutProcedure is the fully-qualified name of the AuthService's Logout RPC.
+	AuthServiceLogoutProcedure = "/sentinel.auth.v1.AuthService/Logout"
+	// AuthServiceActiveSessionsProcedure is the fully-qualified name of the AuthService's
+	// ActiveSessions RPC.
+	AuthServiceActiveSessionsProcedure = "/sentinel.auth.v1.AuthService/ActiveSessions"
+	// AuthServiceDeleteSessionProcedure is the fully-qualified name of the AuthService's DeleteSession
+	// RPC.
+	AuthServiceDeleteSessionProcedure = "/sentinel.auth.v1.AuthService/DeleteSession"
+	// AuthServiceTerminateAllSessionsProcedure is the fully-qualified name of the AuthService's
+	// TerminateAllSessions RPC.
+	AuthServiceTerminateAllSessionsProcedure = "/sentinel.auth.v1.AuthService/TerminateAllSessions"
+)
+
+// AuthServiceClient is a client for the sentinel.auth.v1.AuthService service.
+type AuthServiceClient interface {
+	// Auth
+	Authorization(context.Context, *connect.Request[v1.AuthorizationRequest]) (*connect.Response[v1.AuthorizationResponse], error)
+	Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error)
+	RefreshToken(context.Context, *connect.Request[v1.RefreshTokenRequest]) (*connect.Response[v1.RefreshTokenResponse], error)
+	Logout(context.Context, *connect.Request[v1.LogoutRequest]) (*connect.Response[v1.LogoutResponse], error)
+	// Sessions
+	ActiveSessions(context.Context, *connect.Request[v1.ActiveSessionsRequest]) (*connect.Response[v1.ActiveSessionsResponse], error)
+	DeleteSession(context.Context, *connect.Request[v1.DeleteSessionRequest]) (*connect.Response[v1.DeleteSessionResponse], error)
+	TerminateAllSessions(context.Context, *connect.Request[v1.TerminateAllSessionsRequest]) (*connect.Response[v1.TerminateAllSessionsResponse], error)
+}
+
+// NewAuthServiceClient constructs a client for the sentinel.auth.v1.AuthService service. By
+// default, it uses the Connect protocol with the binary Protobuf Codec, asks for gzipped responses,
+// and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply the
+// connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewAuthServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) AuthServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	authServiceMethods := v1.File_sentinel_auth_v1_auth_proto.Services().ByName("AuthService").Methods()
+	return &authServiceClient{
+		authorization: connect.NewClient[v1.AuthorizationRequest, v1.AuthorizationResponse](
+			httpClient,
+			baseURL+AuthServiceAuthorizationProcedure,
+			connect.WithSchema(authServiceMethods.ByName("Authorization")),
+			connect.WithClientOptions(opts...),
+		),
+		authenticate: connect.NewClient[v1.AuthenticateRequest, v1.AuthenticateResponse](
+			httpClient,
+			baseURL+AuthServiceAuthenticateProcedure,
+			connect.WithSchema(authServiceMethods.ByName("Authenticate")),
+			connect.WithClientOptions(opts...),
+		),
+		refreshToken: connect.NewClient[v1.RefreshTokenRequest, v1.RefreshTokenResponse](
+			httpClient,
+			baseURL+AuthServiceRefreshTokenProcedure,
+			connect.WithSchema(authServiceMethods.ByName("RefreshToken")),
+			connect.WithClientOptions(opts...),
+		),
+		logout: connect.NewClient[v1.LogoutRequest, v1.LogoutResponse](
+			httpClient,
+			baseURL+AuthServiceLogoutProcedure,
+			connect.WithSchema(authServiceMethods.ByName("Logout")),
+			connect.WithClientOptions(opts...),
+		),
+		activeSessions: connect.NewClient[v1.ActiveSessionsRequest, v1.ActiveSessionsResponse](
+			httpClient,
+			baseURL+AuthServiceActiveSessionsProcedure,
+			connect.WithSchema(authServiceMethods.ByName("ActiveSessions")),
+			connect.WithClientOptions(opts...),
+		),
+		deleteSession: connect.NewClient[v1.DeleteSessionRequest, v1.DeleteSessionResponse](
+			httpClient,
+			baseURL+AuthServiceDeleteSessionProcedure,
+			connect.WithSchema(authServiceMethods.ByName("DeleteSession")),
+			connect.WithClientOptions(opts...),
+		),
+		terminateAllSessions: connect.NewClient[v1.TerminateAllSessionsRequest, v1.TerminateAllSessionsResponse](
+			httpClient,
+			baseURL+AuthServiceTerminateAllSessionsProcedure,
+			connect.WithSchema(authServiceMethods.ByName("TerminateAllSessions")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// authServiceClient implements AuthServiceClient.
+type authServiceClient struct {
+	authorization        *connect.Client[v1.AuthorizationRequest, v1.AuthorizationResponse]
+	authenticate         *connect.Client[v1.AuthenticateRequest, v1.AuthenticateResponse]
+	refreshToken         *connect.Client[v1.RefreshTokenRequest, v1.RefreshTokenResponse]
+	logout               *connect.Client[v1.LogoutRequest, v1.LogoutResponse]
+	activeSessions       *connect.Client[v1.ActiveSessionsRequest, v1.ActiveSessionsResponse]
+	deleteSession        *connect.Client[v1.DeleteSessionRequest, v1.DeleteSessionResponse]
+	terminateAllSessions *connect.Client[v1.TerminateAllSessionsRequest, v1.TerminateAllSessionsResponse]
+}
+
+// Authorization calls sentinel.auth.v1.AuthService.Authorization.
+func (c *authServiceClient) Authorization(ctx context.Context, req *connect.Request[v1.AuthorizationRequest]) (*connect.Response[v1.AuthorizationResponse], error) {
+	return c.authorization.CallUnary(ctx, req)
+}
+
+// Authenticate calls sentinel.auth.v1.AuthService.Authenticate.
+func (c *authServiceClient) Authenticate(ctx context.Context, req *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error) {
+	return c.authenticate.CallUnary(ctx, req)
+}
+
+// RefreshToken calls sentinel.auth.v1.AuthService.RefreshToken.
+func (c *authServiceClient) RefreshToken(ctx context.Context, req *connect.Request[v1.RefreshTokenRequest]) (*connect.Response[v1.RefreshTokenResponse], error) {
+	return c.refreshToken.CallUnary(ctx, req)
+}
+
+// Logout calls sentinel.auth.v1.AuthService.Logout.
+func (c *authServiceClient) Logout(ctx context.Context, req *connect.Request[v1.LogoutRequest]) (*connect.Response[v1.LogoutResponse], error) {
+	return c.logout.CallUnary(ctx, req)
+}
+
+// ActiveSessions calls sentinel.auth.v1.AuthService.ActiveSessions.
+func (c *authServiceClient) ActiveSessions(ctx context.Context, req *connect.Request[v1.ActiveSessionsRequest]) (*connect.Response[v1.ActiveSessionsResponse], error) {
+	return c.activeSessions.CallUnary(ctx, req)
+}
+
+// DeleteSession calls sentinel.auth.v1.AuthService.DeleteSession.
+func (c *authServiceClient) DeleteSession(ctx context.Context, req *connect.Request[v1.DeleteSessionRequest]) (*connect.Response[v1.DeleteSessionResponse], error) {
+	return c.deleteSession.CallUnary(ctx, req)
+}
+
+// TerminateAllSessions calls sentinel.auth.v1.AuthService.TerminateAllSessions.
+func (c *authServiceClient) TerminateAllSessions(ctx context.Context, req *connect.Request[v1.TerminateAllSessionsRequest]) (*connect.Response[v1.TerminateAllSessionsResponse], error) {
+	return c.terminateAllSessions.CallUnary(ctx, req)
+}
+
+// AuthServiceHandler is an implementation of the sentinel.auth.v1.AuthService service.
+type AuthServiceHandler interface {
+	// Auth
+	Authorization(context.Context, *connect.Request[v1.AuthorizationRequest]) (*connect.Response[v1.AuthorizationResponse], error)
+	Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error)
+	RefreshToken(context.Context, *connect.Request[v1.RefreshTokenRequest]) (*connect.Response[v1.RefreshTokenResponse], error)
+	Logout(context.Context, *connect.Request[v1.LogoutRequest]) (*connect.Response[v1.LogoutResponse], error)
+	// Sessions
+	ActiveSessions(context.Context, *connect.Request[v1.ActiveSessionsRequest]) (*connect.Response[v1.ActiveSessionsResponse], error)
+	DeleteSession(context.Context, *connect.Request[v1.DeleteSessionRequest]) (*connect.Response[v1.DeleteSessionResponse], error)
+	TerminateAllSessions(context.Context, *connect.Request[v1.TerminateAllSessionsRequest]) (*connect.Response[v1.TerminateAllSessionsResponse], error)
+}
+
+// NewAuthServiceHandler builds an HTTP handler from the service implementation. It returns the path
+// on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewAuthServiceHandler(svc AuthServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	authServiceMethods := v1.File_sentinel_auth_v1_auth_proto.Services().ByName("AuthService").Methods()
+	authServiceAuthorizationHandler := connect.NewUnaryHandler(
+		AuthServiceAuthorizationProcedure,
+		svc.Authorization,
+		connect.WithSchema(authServiceMethods.ByName("Authorization")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceAuthenticateHandler := connect.NewUnaryHandler(
+		AuthServiceAuthenticateProcedure,
+		svc.Authenticate,
+		connect.WithSchema(authServiceMethods.ByName("Authenticate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceRefreshTokenHandler := connect.NewUnaryHandler(
+		AuthServiceRefreshTokenProcedure,
+		svc.RefreshToken,
+		connect.WithSchema(authServiceMethods.ByName("RefreshToken")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceLogoutHandler := connect.NewUnaryHandler(
+		AuthServiceLogoutProcedure,
+		svc.Logout,
+		connect.WithSchema(authServiceMethods.ByName("Logout")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceActiveSessionsHandler := connect.NewUnaryHandler(
+		AuthServiceActiveSessionsProcedure,
+		svc.ActiveSessions,
+		connect.WithSchema(authServiceMethods.ByName("ActiveSessions")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceDeleteSessionHandler := connect.NewUnaryHandler(
+		AuthServiceDeleteSessionProcedure,
+		svc.DeleteSession,
+		connect.WithSchema(authServiceMethods.ByName("DeleteSession")),
+		connect.WithHandlerOptions(opts...),
+	)
+	authServiceTerminateAllSessionsHandler := connect.NewUnaryHandler(
+		AuthServiceTerminateAllSessionsProcedure,
+		svc.TerminateAllSessions,
+		connect.WithSchema(authServiceMethods.ByName("TerminateAllSessions")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.auth.v1.AuthService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case AuthServiceAuthorizationProcedure:
+			authServiceAuthorizationHandler.ServeHTTP(w, r)
+		case AuthServiceAuthenticateProcedure:
+			authServiceAuthenticateHandler.ServeHTTP(w, r)
+		case AuthServiceRefreshTokenProcedure:
+			authServiceRefreshTokenHandler.ServeHTTP(w, r)
+		case AuthServiceLogoutProcedure:
+			authServiceLogoutHandler.ServeHTTP(w, r)
+		case AuthServiceActiveSessionsProcedure:
+			authServiceActiveSessionsHandler.ServeHTTP(w, r)
+		case AuthServiceDeleteSessionProcedure:
+			authServiceDeleteSessionHandler.ServeHTTP(w, r)
+		case AuthServiceTerminateAllSessionsProcedure:
+			authServiceTerminateAllSessionsHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedAuthServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedAuthServiceHandler struct{}
+
+func (UnimplementedAuthServiceHandler) Authorization(context.Context, *connect.Request[v1.AuthorizationRequest]) (*connect.Response[v1.AuthorizationResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.Authorization is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.Authenticate is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) RefreshToken(context.Context, *connect.Request[v1.RefreshTokenRequest]) (*connect.Response[v1.RefreshTokenResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.RefreshToken is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) Logout(context.Context, *connect.Request[v1.LogoutRequest]) (*connect.Response[v1.LogoutResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.Logout is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) ActiveSessions(context.Context, *connect.Request[v1.ActiveSessionsRequest]) (*connect.Response[v1.ActiveSessionsResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.ActiveSessions is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) DeleteSession(context.Context, *connect.Request[v1.DeleteSessionRequest]) (*connect.Response[v1.DeleteSessionResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.DeleteSession is not implemented"))
+}
+
+func (UnimplementedAuthServiceHandler) TerminateAllSessions(context.Context, *connect.Request[v1.TerminateAllSessionsRequest]) (*connect.Response[v1.TerminateAllSessionsResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.auth.v1.AuthService.TerminateAllSessions is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/common/v1/common.pb.go b/internal/hub/hubserver/api/sentinel/common/v1/common.pb.go
new file mode 100644
index 0000000..1e34906
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/common/v1/common.pb.go
@@ -0,0 +1,156 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/common/v1/common.proto
+
+package commonv1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type FindRequestCommon struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Page          *uint32                `protobuf:"varint,1,opt,name=page,proto3,oneof" json:"page,omitempty"`
+	PageSize      *uint32                `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3,oneof" json:"page_size,omitempty"`
+	OrderBy       *string                `protobuf:"bytes,3,opt,name=order_by,json=orderBy,proto3,oneof" json:"order_by,omitempty"`
+	IsAscOrder    bool                   `protobuf:"varint,4,opt,name=is_asc_order,json=isAscOrder,proto3" json:"is_asc_order,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *FindRequestCommon) Reset() {
+	*x = FindRequestCommon{}
+	mi := &file_sentinel_common_v1_common_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *FindRequestCommon) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FindRequestCommon) ProtoMessage() {}
+
+func (x *FindRequestCommon) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_common_v1_common_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FindRequestCommon.ProtoReflect.Descriptor instead.
+func (*FindRequestCommon) Descriptor() ([]byte, []int) {
+	return file_sentinel_common_v1_common_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FindRequestCommon) GetPage() uint32 {
+	if x != nil && x.Page != nil {
+		return *x.Page
+	}
+	return 0
+}
+
+func (x *FindRequestCommon) GetPageSize() uint32 {
+	if x != nil && x.PageSize != nil {
+		return *x.PageSize
+	}
+	return 0
+}
+
+func (x *FindRequestCommon) GetOrderBy() string {
+	if x != nil && x.OrderBy != nil {
+		return *x.OrderBy
+	}
+	return ""
+}
+
+func (x *FindRequestCommon) GetIsAscOrder() bool {
+	if x != nil {
+		return x.IsAscOrder
+	}
+	return false
+}
+
+var File_sentinel_common_v1_common_proto protoreflect.FileDescriptor
+
+const file_sentinel_common_v1_common_proto_rawDesc = "" +
+	"\n" +
+	"\x1fsentinel/common/v1/common.proto\x12\x12sentinel.common.v1\"\xb4\x01\n" +
+	"\x11FindRequestCommon\x12\x17\n" +
+	"\x04page\x18\x01 \x01(\rH\x00R\x04page\x88\x01\x01\x12 \n" +
+	"\tpage_size\x18\x02 \x01(\rH\x01R\bpageSize\x88\x01\x01\x12\x1e\n" +
+	"\border_by\x18\x03 \x01(\tH\x02R\aorderBy\x88\x01\x01\x12 \n" +
+	"\fis_asc_order\x18\x04 \x01(\bR\n" +
+	"isAscOrderB\a\n" +
+	"\x05_pageB\f\n" +
+	"\n" +
+	"_page_sizeB\v\n" +
+	"\t_order_byB\xe4\x01\n" +
+	"\x16com.sentinel.common.v1B\vCommonProtoP\x01ZSgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/common/v1;commonv1\xa2\x02\x03SCX\xaa\x02\x12Sentinel.Common.V1\xca\x02\x12Sentinel\\Common\\V1\xe2\x02\x1eSentinel\\Common\\V1\\GPBMetadata\xea\x02\x14Sentinel::Common::V1b\x06proto3"
+
+var (
+	file_sentinel_common_v1_common_proto_rawDescOnce sync.Once
+	file_sentinel_common_v1_common_proto_rawDescData []byte
+)
+
+func file_sentinel_common_v1_common_proto_rawDescGZIP() []byte {
+	file_sentinel_common_v1_common_proto_rawDescOnce.Do(func() {
+		file_sentinel_common_v1_common_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_common_v1_common_proto_rawDesc), len(file_sentinel_common_v1_common_proto_rawDesc)))
+	})
+	return file_sentinel_common_v1_common_proto_rawDescData
+}
+
+var file_sentinel_common_v1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_sentinel_common_v1_common_proto_goTypes = []any{
+	(*FindRequestCommon)(nil), // 0: sentinel.common.v1.FindRequestCommon
+}
+var file_sentinel_common_v1_common_proto_depIdxs = []int32{
+	0, // [0:0] is the sub-list for method output_type
+	0, // [0:0] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_common_v1_common_proto_init() }
+func file_sentinel_common_v1_common_proto_init() {
+	if File_sentinel_common_v1_common_proto != nil {
+		return
+	}
+	file_sentinel_common_v1_common_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_common_v1_common_proto_rawDesc), len(file_sentinel_common_v1_common_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_sentinel_common_v1_common_proto_goTypes,
+		DependencyIndexes: file_sentinel_common_v1_common_proto_depIdxs,
+		MessageInfos:      file_sentinel_common_v1_common_proto_msgTypes,
+	}.Build()
+	File_sentinel_common_v1_common_proto = out.File
+	file_sentinel_common_v1_common_proto_goTypes = nil
+	file_sentinel_common_v1_common_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/hub/v1/hub.pb.go b/internal/hub/hubserver/api/sentinel/hub/v1/hub.pb.go
new file mode 100644
index 0000000..ee2d4b3
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/hub/v1/hub.pb.go
@@ -0,0 +1,829 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/hub/v1/hub.proto
+
+package hubv1
+
+import (
+	v11 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/service/v1"
+	v12 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ServiceUpsert struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Rev           string                 `protobuf:"bytes,1,opt,name=rev,proto3" json:"rev,omitempty"`
+	Service       *v1.Service            `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ServiceUpsert) Reset() {
+	*x = ServiceUpsert{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ServiceUpsert) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServiceUpsert) ProtoMessage() {}
+
+func (x *ServiceUpsert) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServiceUpsert.ProtoReflect.Descriptor instead.
+func (*ServiceUpsert) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ServiceUpsert) GetRev() string {
+	if x != nil {
+		return x.Rev
+	}
+	return ""
+}
+
+func (x *ServiceUpsert) GetService() *v1.Service {
+	if x != nil {
+		return x.Service
+	}
+	return nil
+}
+
+type ServiceDelete struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Rev           string                 `protobuf:"bytes,1,opt,name=rev,proto3" json:"rev,omitempty"`
+	ServiceId     string                 `protobuf:"bytes,2,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ServiceDelete) Reset() {
+	*x = ServiceDelete{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ServiceDelete) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServiceDelete) ProtoMessage() {}
+
+func (x *ServiceDelete) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServiceDelete.ProtoReflect.Descriptor instead.
+func (*ServiceDelete) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ServiceDelete) GetRev() string {
+	if x != nil {
+		return x.Rev
+	}
+	return ""
+}
+
+func (x *ServiceDelete) GetServiceId() string {
+	if x != nil {
+		return x.ServiceId
+	}
+	return ""
+}
+
+type AuthenticateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Fingerprint   string                 `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthenticateRequest) Reset() {
+	*x = AuthenticateRequest{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateRequest) ProtoMessage() {}
+
+func (x *AuthenticateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateRequest.ProtoReflect.Descriptor instead.
+func (*AuthenticateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *AuthenticateRequest) GetFingerprint() string {
+	if x != nil {
+		return x.Fingerprint
+	}
+	return ""
+}
+
+type AuthenticateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuthenticateResponse) Reset() {
+	*x = AuthenticateResponse{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateResponse) ProtoMessage() {}
+
+func (x *AuthenticateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateResponse.ProtoReflect.Descriptor instead.
+func (*AuthenticateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{3}
+}
+
+type ReportSystemInfoRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Status        v11.AgentStatus        `protobuf:"varint,1,opt,name=status,proto3,enum=sentinel.agents.v1.AgentStatus" json:"status,omitempty"`
+	SystemInfo    *v12.SystemInfo        `protobuf:"bytes,2,opt,name=system_info,json=systemInfo,proto3" json:"system_info,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ReportSystemInfoRequest) Reset() {
+	*x = ReportSystemInfoRequest{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ReportSystemInfoRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ReportSystemInfoRequest) ProtoMessage() {}
+
+func (x *ReportSystemInfoRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ReportSystemInfoRequest.ProtoReflect.Descriptor instead.
+func (*ReportSystemInfoRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ReportSystemInfoRequest) GetStatus() v11.AgentStatus {
+	if x != nil {
+		return x.Status
+	}
+	return v11.AgentStatus(0)
+}
+
+func (x *ReportSystemInfoRequest) GetSystemInfo() *v12.SystemInfo {
+	if x != nil {
+		return x.SystemInfo
+	}
+	return nil
+}
+
+type ReportSystemInfoResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ReportSystemInfoResponse) Reset() {
+	*x = ReportSystemInfoResponse{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ReportSystemInfoResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ReportSystemInfoResponse) ProtoMessage() {}
+
+func (x *ReportSystemInfoResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ReportSystemInfoResponse.ProtoReflect.Descriptor instead.
+func (*ReportSystemInfoResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{5}
+}
+
+type FetchServicesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *FetchServicesRequest) Reset() {
+	*x = FetchServicesRequest{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *FetchServicesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FetchServicesRequest) ProtoMessage() {}
+
+func (x *FetchServicesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FetchServicesRequest.ProtoReflect.Descriptor instead.
+func (*FetchServicesRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{6}
+}
+
+type FetchServicesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Services      []*v1.Service          `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *FetchServicesResponse) Reset() {
+	*x = FetchServicesResponse{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *FetchServicesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FetchServicesResponse) ProtoMessage() {}
+
+func (x *FetchServicesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FetchServicesResponse.ProtoReflect.Descriptor instead.
+func (*FetchServicesResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *FetchServicesResponse) GetServices() []*v1.Service {
+	if x != nil {
+		return x.Services
+	}
+	return nil
+}
+
+type SubscribeServicesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	LastRev       string                 `protobuf:"bytes,1,opt,name=last_rev,json=lastRev,proto3" json:"last_rev,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SubscribeServicesRequest) Reset() {
+	*x = SubscribeServicesRequest{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SubscribeServicesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SubscribeServicesRequest) ProtoMessage() {}
+
+func (x *SubscribeServicesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SubscribeServicesRequest.ProtoReflect.Descriptor instead.
+func (*SubscribeServicesRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *SubscribeServicesRequest) GetLastRev() string {
+	if x != nil {
+		return x.LastRev
+	}
+	return ""
+}
+
+type SubscribeServicesResponse struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Types that are valid to be assigned to Update:
+	//
+	//	*SubscribeServicesResponse_Upsert
+	//	*SubscribeServicesResponse_Delete
+	Update        isSubscribeServicesResponse_Update `protobuf_oneof:"update"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SubscribeServicesResponse) Reset() {
+	*x = SubscribeServicesResponse{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SubscribeServicesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SubscribeServicesResponse) ProtoMessage() {}
+
+func (x *SubscribeServicesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SubscribeServicesResponse.ProtoReflect.Descriptor instead.
+func (*SubscribeServicesResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *SubscribeServicesResponse) GetUpdate() isSubscribeServicesResponse_Update {
+	if x != nil {
+		return x.Update
+	}
+	return nil
+}
+
+func (x *SubscribeServicesResponse) GetUpsert() *ServiceUpsert {
+	if x != nil {
+		if x, ok := x.Update.(*SubscribeServicesResponse_Upsert); ok {
+			return x.Upsert
+		}
+	}
+	return nil
+}
+
+func (x *SubscribeServicesResponse) GetDelete() *ServiceDelete {
+	if x != nil {
+		if x, ok := x.Update.(*SubscribeServicesResponse_Delete); ok {
+			return x.Delete
+		}
+	}
+	return nil
+}
+
+type isSubscribeServicesResponse_Update interface {
+	isSubscribeServicesResponse_Update()
+}
+
+type SubscribeServicesResponse_Upsert struct {
+	Upsert *ServiceUpsert `protobuf:"bytes,1,opt,name=upsert,proto3,oneof"`
+}
+
+type SubscribeServicesResponse_Delete struct {
+	Delete *ServiceDelete `protobuf:"bytes,2,opt,name=delete,proto3,oneof"`
+}
+
+func (*SubscribeServicesResponse_Upsert) isSubscribeServicesResponse_Update() {}
+
+func (*SubscribeServicesResponse_Delete) isSubscribeServicesResponse_Update() {}
+
+type CheckResult struct {
+	state                protoimpl.MessageState `protogen:"open.v1"`
+	ServiceId            string                 `protobuf:"bytes,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"`
+	Status               v1.ServiceStatus       `protobuf:"varint,2,opt,name=status,proto3,enum=sentinel.service.v1.ServiceStatus" json:"status,omitempty"`
+	CheckedAt            *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=checked_at,json=checkedAt,proto3" json:"checked_at,omitempty"`
+	ResponseMessage      string                 `protobuf:"bytes,4,opt,name=response_message,json=responseMessage,proto3" json:"response_message,omitempty"`
+	ResponseErrorMessage string                 `protobuf:"bytes,5,opt,name=response_error_message,json=responseErrorMessage,proto3" json:"response_error_message,omitempty"`
+	ResponseTime         int64                  `protobuf:"varint,6,opt,name=response_time,json=responseTime,proto3" json:"response_time,omitempty"`
+	unknownFields        protoimpl.UnknownFields
+	sizeCache            protoimpl.SizeCache
+}
+
+func (x *CheckResult) Reset() {
+	*x = CheckResult{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CheckResult) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckResult) ProtoMessage() {}
+
+func (x *CheckResult) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckResult.ProtoReflect.Descriptor instead.
+func (*CheckResult) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *CheckResult) GetServiceId() string {
+	if x != nil {
+		return x.ServiceId
+	}
+	return ""
+}
+
+func (x *CheckResult) GetStatus() v1.ServiceStatus {
+	if x != nil {
+		return x.Status
+	}
+	return v1.ServiceStatus(0)
+}
+
+func (x *CheckResult) GetCheckedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CheckedAt
+	}
+	return nil
+}
+
+func (x *CheckResult) GetResponseMessage() string {
+	if x != nil {
+		return x.ResponseMessage
+	}
+	return ""
+}
+
+func (x *CheckResult) GetResponseErrorMessage() string {
+	if x != nil {
+		return x.ResponseErrorMessage
+	}
+	return ""
+}
+
+func (x *CheckResult) GetResponseTime() int64 {
+	if x != nil {
+		return x.ResponseTime
+	}
+	return 0
+}
+
+type StreamChecksRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Seq           uint64                 `protobuf:"varint,1,opt,name=seq,proto3" json:"seq,omitempty"`
+	Results       []*CheckResult         `protobuf:"bytes,2,rep,name=results,proto3" json:"results,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StreamChecksRequest) Reset() {
+	*x = StreamChecksRequest{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StreamChecksRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StreamChecksRequest) ProtoMessage() {}
+
+func (x *StreamChecksRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StreamChecksRequest.ProtoReflect.Descriptor instead.
+func (*StreamChecksRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *StreamChecksRequest) GetSeq() uint64 {
+	if x != nil {
+		return x.Seq
+	}
+	return 0
+}
+
+func (x *StreamChecksRequest) GetResults() []*CheckResult {
+	if x != nil {
+		return x.Results
+	}
+	return nil
+}
+
+type StreamChecksResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UptoSeq       uint64                 `protobuf:"varint,1,opt,name=upto_seq,json=uptoSeq,proto3" json:"upto_seq,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StreamChecksResponse) Reset() {
+	*x = StreamChecksResponse{}
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StreamChecksResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StreamChecksResponse) ProtoMessage() {}
+
+func (x *StreamChecksResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_hub_v1_hub_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StreamChecksResponse.ProtoReflect.Descriptor instead.
+func (*StreamChecksResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_hub_v1_hub_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *StreamChecksResponse) GetUptoSeq() uint64 {
+	if x != nil {
+		return x.UptoSeq
+	}
+	return 0
+}
+
+var File_sentinel_hub_v1_hub_proto protoreflect.FileDescriptor
+
+const file_sentinel_hub_v1_hub_proto_rawDesc = "" +
+	"\n" +
+	"\x19sentinel/hub/v1/hub.proto\x12\x0fsentinel.hub.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a sentinel/system/v1/service.proto\x1a!sentinel/service/v1/service.proto\x1a\x1fsentinel/agents/v1/agents.proto\"Y\n" +
+	"\rServiceUpsert\x12\x10\n" +
+	"\x03rev\x18\x01 \x01(\tR\x03rev\x126\n" +
+	"\aservice\x18\x02 \x01(\v2\x1c.sentinel.service.v1.ServiceR\aservice\"@\n" +
+	"\rServiceDelete\x12\x10\n" +
+	"\x03rev\x18\x01 \x01(\tR\x03rev\x12\x1d\n" +
+	"\n" +
+	"service_id\x18\x02 \x01(\tR\tserviceId\"7\n" +
+	"\x13AuthenticateRequest\x12 \n" +
+	"\vfingerprint\x18\x01 \x01(\tR\vfingerprint\"\x16\n" +
+	"\x14AuthenticateResponse\"\x93\x01\n" +
+	"\x17ReportSystemInfoRequest\x127\n" +
+	"\x06status\x18\x01 \x01(\x0e2\x1f.sentinel.agents.v1.AgentStatusR\x06status\x12?\n" +
+	"\vsystem_info\x18\x02 \x01(\v2\x1e.sentinel.system.v1.SystemInfoR\n" +
+	"systemInfo\"\x1a\n" +
+	"\x18ReportSystemInfoResponse\"\x16\n" +
+	"\x14FetchServicesRequest\"Q\n" +
+	"\x15FetchServicesResponse\x128\n" +
+	"\bservices\x18\x01 \x03(\v2\x1c.sentinel.service.v1.ServiceR\bservices\"5\n" +
+	"\x18SubscribeServicesRequest\x12\x19\n" +
+	"\blast_rev\x18\x01 \x01(\tR\alastRev\"\x99\x01\n" +
+	"\x19SubscribeServicesResponse\x128\n" +
+	"\x06upsert\x18\x01 \x01(\v2\x1e.sentinel.hub.v1.ServiceUpsertH\x00R\x06upsert\x128\n" +
+	"\x06delete\x18\x02 \x01(\v2\x1e.sentinel.hub.v1.ServiceDeleteH\x00R\x06deleteB\b\n" +
+	"\x06update\"\xa9\x02\n" +
+	"\vCheckResult\x12\x1d\n" +
+	"\n" +
+	"service_id\x18\x01 \x01(\tR\tserviceId\x12:\n" +
+	"\x06status\x18\x02 \x01(\x0e2\".sentinel.service.v1.ServiceStatusR\x06status\x129\n" +
+	"\n" +
+	"checked_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\tcheckedAt\x12)\n" +
+	"\x10response_message\x18\x04 \x01(\tR\x0fresponseMessage\x124\n" +
+	"\x16response_error_message\x18\x05 \x01(\tR\x14responseErrorMessage\x12#\n" +
+	"\rresponse_time\x18\x06 \x01(\x03R\fresponseTime\"_\n" +
+	"\x13StreamChecksRequest\x12\x10\n" +
+	"\x03seq\x18\x01 \x01(\x04R\x03seq\x126\n" +
+	"\aresults\x18\x02 \x03(\v2\x1c.sentinel.hub.v1.CheckResultR\aresults\"1\n" +
+	"\x14StreamChecksResponse\x12\x19\n" +
+	"\bupto_seq\x18\x01 \x01(\x04R\auptoSeq2\xbb\x04\n" +
+	"\n" +
+	"HubService\x126\n" +
+	"\x04Ping\x12\x16.google.protobuf.Empty\x1a\x16.google.protobuf.Empty\x12[\n" +
+	"\fAuthenticate\x12$.sentinel.hub.v1.AuthenticateRequest\x1a%.sentinel.hub.v1.AuthenticateResponse\x12i\n" +
+	"\x10ReportSystemInfo\x12(.sentinel.hub.v1.ReportSystemInfoRequest\x1a).sentinel.hub.v1.ReportSystemInfoResponse\"\x00\x12^\n" +
+	"\rFetchServices\x12%.sentinel.hub.v1.FetchServicesRequest\x1a&.sentinel.hub.v1.FetchServicesResponse\x12l\n" +
+	"\x11SubscribeServices\x12).sentinel.hub.v1.SubscribeServicesRequest\x1a*.sentinel.hub.v1.SubscribeServicesResponse0\x01\x12_\n" +
+	"\fStreamChecks\x12$.sentinel.hub.v1.StreamChecksRequest\x1a%.sentinel.hub.v1.StreamChecksResponse(\x010\x01B\xcc\x01\n" +
+	"\x13com.sentinel.hub.v1B\bHubProtoP\x01ZMgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1;hubv1\xa2\x02\x03SHX\xaa\x02\x0fSentinel.Hub.V1\xca\x02\x0fSentinel\\Hub\\V1\xe2\x02\x1bSentinel\\Hub\\V1\\GPBMetadata\xea\x02\x11Sentinel::Hub::V1b\x06proto3"
+
+var (
+	file_sentinel_hub_v1_hub_proto_rawDescOnce sync.Once
+	file_sentinel_hub_v1_hub_proto_rawDescData []byte
+)
+
+func file_sentinel_hub_v1_hub_proto_rawDescGZIP() []byte {
+	file_sentinel_hub_v1_hub_proto_rawDescOnce.Do(func() {
+		file_sentinel_hub_v1_hub_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_hub_v1_hub_proto_rawDesc), len(file_sentinel_hub_v1_hub_proto_rawDesc)))
+	})
+	return file_sentinel_hub_v1_hub_proto_rawDescData
+}
+
+var file_sentinel_hub_v1_hub_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_sentinel_hub_v1_hub_proto_goTypes = []any{
+	(*ServiceUpsert)(nil),             // 0: sentinel.hub.v1.ServiceUpsert
+	(*ServiceDelete)(nil),             // 1: sentinel.hub.v1.ServiceDelete
+	(*AuthenticateRequest)(nil),       // 2: sentinel.hub.v1.AuthenticateRequest
+	(*AuthenticateResponse)(nil),      // 3: sentinel.hub.v1.AuthenticateResponse
+	(*ReportSystemInfoRequest)(nil),   // 4: sentinel.hub.v1.ReportSystemInfoRequest
+	(*ReportSystemInfoResponse)(nil),  // 5: sentinel.hub.v1.ReportSystemInfoResponse
+	(*FetchServicesRequest)(nil),      // 6: sentinel.hub.v1.FetchServicesRequest
+	(*FetchServicesResponse)(nil),     // 7: sentinel.hub.v1.FetchServicesResponse
+	(*SubscribeServicesRequest)(nil),  // 8: sentinel.hub.v1.SubscribeServicesRequest
+	(*SubscribeServicesResponse)(nil), // 9: sentinel.hub.v1.SubscribeServicesResponse
+	(*CheckResult)(nil),               // 10: sentinel.hub.v1.CheckResult
+	(*StreamChecksRequest)(nil),       // 11: sentinel.hub.v1.StreamChecksRequest
+	(*StreamChecksResponse)(nil),      // 12: sentinel.hub.v1.StreamChecksResponse
+	(*v1.Service)(nil),                // 13: sentinel.service.v1.Service
+	(v11.AgentStatus)(0),              // 14: sentinel.agents.v1.AgentStatus
+	(*v12.SystemInfo)(nil),            // 15: sentinel.system.v1.SystemInfo
+	(v1.ServiceStatus)(0),             // 16: sentinel.service.v1.ServiceStatus
+	(*timestamppb.Timestamp)(nil),     // 17: google.protobuf.Timestamp
+	(*emptypb.Empty)(nil),             // 18: google.protobuf.Empty
+}
+var file_sentinel_hub_v1_hub_proto_depIdxs = []int32{
+	13, // 0: sentinel.hub.v1.ServiceUpsert.service:type_name -> sentinel.service.v1.Service
+	14, // 1: sentinel.hub.v1.ReportSystemInfoRequest.status:type_name -> sentinel.agents.v1.AgentStatus
+	15, // 2: sentinel.hub.v1.ReportSystemInfoRequest.system_info:type_name -> sentinel.system.v1.SystemInfo
+	13, // 3: sentinel.hub.v1.FetchServicesResponse.services:type_name -> sentinel.service.v1.Service
+	0,  // 4: sentinel.hub.v1.SubscribeServicesResponse.upsert:type_name -> sentinel.hub.v1.ServiceUpsert
+	1,  // 5: sentinel.hub.v1.SubscribeServicesResponse.delete:type_name -> sentinel.hub.v1.ServiceDelete
+	16, // 6: sentinel.hub.v1.CheckResult.status:type_name -> sentinel.service.v1.ServiceStatus
+	17, // 7: sentinel.hub.v1.CheckResult.checked_at:type_name -> google.protobuf.Timestamp
+	10, // 8: sentinel.hub.v1.StreamChecksRequest.results:type_name -> sentinel.hub.v1.CheckResult
+	18, // 9: sentinel.hub.v1.HubService.Ping:input_type -> google.protobuf.Empty
+	2,  // 10: sentinel.hub.v1.HubService.Authenticate:input_type -> sentinel.hub.v1.AuthenticateRequest
+	4,  // 11: sentinel.hub.v1.HubService.ReportSystemInfo:input_type -> sentinel.hub.v1.ReportSystemInfoRequest
+	6,  // 12: sentinel.hub.v1.HubService.FetchServices:input_type -> sentinel.hub.v1.FetchServicesRequest
+	8,  // 13: sentinel.hub.v1.HubService.SubscribeServices:input_type -> sentinel.hub.v1.SubscribeServicesRequest
+	11, // 14: sentinel.hub.v1.HubService.StreamChecks:input_type -> sentinel.hub.v1.StreamChecksRequest
+	18, // 15: sentinel.hub.v1.HubService.Ping:output_type -> google.protobuf.Empty
+	3,  // 16: sentinel.hub.v1.HubService.Authenticate:output_type -> sentinel.hub.v1.AuthenticateResponse
+	5,  // 17: sentinel.hub.v1.HubService.ReportSystemInfo:output_type -> sentinel.hub.v1.ReportSystemInfoResponse
+	7,  // 18: sentinel.hub.v1.HubService.FetchServices:output_type -> sentinel.hub.v1.FetchServicesResponse
+	9,  // 19: sentinel.hub.v1.HubService.SubscribeServices:output_type -> sentinel.hub.v1.SubscribeServicesResponse
+	12, // 20: sentinel.hub.v1.HubService.StreamChecks:output_type -> sentinel.hub.v1.StreamChecksResponse
+	15, // [15:21] is the sub-list for method output_type
+	9,  // [9:15] is the sub-list for method input_type
+	9,  // [9:9] is the sub-list for extension type_name
+	9,  // [9:9] is the sub-list for extension extendee
+	0,  // [0:9] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_hub_v1_hub_proto_init() }
+func file_sentinel_hub_v1_hub_proto_init() {
+	if File_sentinel_hub_v1_hub_proto != nil {
+		return
+	}
+	file_sentinel_hub_v1_hub_proto_msgTypes[9].OneofWrappers = []any{
+		(*SubscribeServicesResponse_Upsert)(nil),
+		(*SubscribeServicesResponse_Delete)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_hub_v1_hub_proto_rawDesc), len(file_sentinel_hub_v1_hub_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   13,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_hub_v1_hub_proto_goTypes,
+		DependencyIndexes: file_sentinel_hub_v1_hub_proto_depIdxs,
+		MessageInfos:      file_sentinel_hub_v1_hub_proto_msgTypes,
+	}.Build()
+	File_sentinel_hub_v1_hub_proto = out.File
+	file_sentinel_hub_v1_hub_proto_goTypes = nil
+	file_sentinel_hub_v1_hub_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/hub/v1/hubv1connect/hub.connect.go b/internal/hub/hubserver/api/sentinel/hub/v1/hubv1connect/hub.connect.go
new file mode 100644
index 0000000..942a226
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/hub/v1/hubv1connect/hub.connect.go
@@ -0,0 +1,264 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/hub/v1/hub.proto
+
+package hubv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// HubServiceName is the fully-qualified name of the HubService service.
+	HubServiceName = "sentinel.hub.v1.HubService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// HubServicePingProcedure is the fully-qualified name of the HubService's Ping RPC.
+	HubServicePingProcedure = "/sentinel.hub.v1.HubService/Ping"
+	// HubServiceAuthenticateProcedure is the fully-qualified name of the HubService's Authenticate RPC.
+	HubServiceAuthenticateProcedure = "/sentinel.hub.v1.HubService/Authenticate"
+	// HubServiceReportSystemInfoProcedure is the fully-qualified name of the HubService's
+	// ReportSystemInfo RPC.
+	HubServiceReportSystemInfoProcedure = "/sentinel.hub.v1.HubService/ReportSystemInfo"
+	// HubServiceFetchServicesProcedure is the fully-qualified name of the HubService's FetchServices
+	// RPC.
+	HubServiceFetchServicesProcedure = "/sentinel.hub.v1.HubService/FetchServices"
+	// HubServiceSubscribeServicesProcedure is the fully-qualified name of the HubService's
+	// SubscribeServices RPC.
+	HubServiceSubscribeServicesProcedure = "/sentinel.hub.v1.HubService/SubscribeServices"
+	// HubServiceStreamChecksProcedure is the fully-qualified name of the HubService's StreamChecks RPC.
+	HubServiceStreamChecksProcedure = "/sentinel.hub.v1.HubService/StreamChecks"
+)
+
+// HubServiceClient is a client for the sentinel.hub.v1.HubService service.
+type HubServiceClient interface {
+	// Ping is a health check endpoint.
+	Ping(context.Context, *connect.Request[emptypb.Empty]) (*connect.Response[emptypb.Empty], error)
+	// Authenticate authenticates the hub and returns an authentication token.
+	Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error)
+	// ReportSystemInfo reports the system information of the hub.
+	ReportSystemInfo(context.Context, *connect.Request[v1.ReportSystemInfoRequest]) (*connect.Response[v1.ReportSystemInfoResponse], error)
+	// FetchServices fetches the list of services to be monitored by the hub.
+	FetchServices(context.Context, *connect.Request[v1.FetchServicesRequest]) (*connect.Response[v1.FetchServicesResponse], error)
+	// SubscribeServices subscribes to the service updates.
+	SubscribeServices(context.Context, *connect.Request[v1.SubscribeServicesRequest]) (*connect.ServerStreamForClient[v1.SubscribeServicesResponse], error)
+	// StreamChecks streams the check results to the server.
+	StreamChecks(context.Context) *connect.BidiStreamForClient[v1.StreamChecksRequest, v1.StreamChecksResponse]
+}
+
+// NewHubServiceClient constructs a client for the sentinel.hub.v1.HubService service. By default,
+// it uses the Connect protocol with the binary Protobuf Codec, asks for gzipped responses, and
+// sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply the connect.WithGRPC()
+// or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewHubServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) HubServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	hubServiceMethods := v1.File_sentinel_hub_v1_hub_proto.Services().ByName("HubService").Methods()
+	return &hubServiceClient{
+		ping: connect.NewClient[emptypb.Empty, emptypb.Empty](
+			httpClient,
+			baseURL+HubServicePingProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("Ping")),
+			connect.WithClientOptions(opts...),
+		),
+		authenticate: connect.NewClient[v1.AuthenticateRequest, v1.AuthenticateResponse](
+			httpClient,
+			baseURL+HubServiceAuthenticateProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("Authenticate")),
+			connect.WithClientOptions(opts...),
+		),
+		reportSystemInfo: connect.NewClient[v1.ReportSystemInfoRequest, v1.ReportSystemInfoResponse](
+			httpClient,
+			baseURL+HubServiceReportSystemInfoProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("ReportSystemInfo")),
+			connect.WithClientOptions(opts...),
+		),
+		fetchServices: connect.NewClient[v1.FetchServicesRequest, v1.FetchServicesResponse](
+			httpClient,
+			baseURL+HubServiceFetchServicesProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("FetchServices")),
+			connect.WithClientOptions(opts...),
+		),
+		subscribeServices: connect.NewClient[v1.SubscribeServicesRequest, v1.SubscribeServicesResponse](
+			httpClient,
+			baseURL+HubServiceSubscribeServicesProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("SubscribeServices")),
+			connect.WithClientOptions(opts...),
+		),
+		streamChecks: connect.NewClient[v1.StreamChecksRequest, v1.StreamChecksResponse](
+			httpClient,
+			baseURL+HubServiceStreamChecksProcedure,
+			connect.WithSchema(hubServiceMethods.ByName("StreamChecks")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// hubServiceClient implements HubServiceClient.
+type hubServiceClient struct {
+	ping              *connect.Client[emptypb.Empty, emptypb.Empty]
+	authenticate      *connect.Client[v1.AuthenticateRequest, v1.AuthenticateResponse]
+	reportSystemInfo  *connect.Client[v1.ReportSystemInfoRequest, v1.ReportSystemInfoResponse]
+	fetchServices     *connect.Client[v1.FetchServicesRequest, v1.FetchServicesResponse]
+	subscribeServices *connect.Client[v1.SubscribeServicesRequest, v1.SubscribeServicesResponse]
+	streamChecks      *connect.Client[v1.StreamChecksRequest, v1.StreamChecksResponse]
+}
+
+// Ping calls sentinel.hub.v1.HubService.Ping.
+func (c *hubServiceClient) Ping(ctx context.Context, req *connect.Request[emptypb.Empty]) (*connect.Response[emptypb.Empty], error) {
+	return c.ping.CallUnary(ctx, req)
+}
+
+// Authenticate calls sentinel.hub.v1.HubService.Authenticate.
+func (c *hubServiceClient) Authenticate(ctx context.Context, req *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error) {
+	return c.authenticate.CallUnary(ctx, req)
+}
+
+// ReportSystemInfo calls sentinel.hub.v1.HubService.ReportSystemInfo.
+func (c *hubServiceClient) ReportSystemInfo(ctx context.Context, req *connect.Request[v1.ReportSystemInfoRequest]) (*connect.Response[v1.ReportSystemInfoResponse], error) {
+	return c.reportSystemInfo.CallUnary(ctx, req)
+}
+
+// FetchServices calls sentinel.hub.v1.HubService.FetchServices.
+func (c *hubServiceClient) FetchServices(ctx context.Context, req *connect.Request[v1.FetchServicesRequest]) (*connect.Response[v1.FetchServicesResponse], error) {
+	return c.fetchServices.CallUnary(ctx, req)
+}
+
+// SubscribeServices calls sentinel.hub.v1.HubService.SubscribeServices.
+func (c *hubServiceClient) SubscribeServices(ctx context.Context, req *connect.Request[v1.SubscribeServicesRequest]) (*connect.ServerStreamForClient[v1.SubscribeServicesResponse], error) {
+	return c.subscribeServices.CallServerStream(ctx, req)
+}
+
+// StreamChecks calls sentinel.hub.v1.HubService.StreamChecks.
+func (c *hubServiceClient) StreamChecks(ctx context.Context) *connect.BidiStreamForClient[v1.StreamChecksRequest, v1.StreamChecksResponse] {
+	return c.streamChecks.CallBidiStream(ctx)
+}
+
+// HubServiceHandler is an implementation of the sentinel.hub.v1.HubService service.
+type HubServiceHandler interface {
+	// Ping is a health check endpoint.
+	Ping(context.Context, *connect.Request[emptypb.Empty]) (*connect.Response[emptypb.Empty], error)
+	// Authenticate authenticates the hub and returns an authentication token.
+	Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error)
+	// ReportSystemInfo reports the system information of the hub.
+	ReportSystemInfo(context.Context, *connect.Request[v1.ReportSystemInfoRequest]) (*connect.Response[v1.ReportSystemInfoResponse], error)
+	// FetchServices fetches the list of services to be monitored by the hub.
+	FetchServices(context.Context, *connect.Request[v1.FetchServicesRequest]) (*connect.Response[v1.FetchServicesResponse], error)
+	// SubscribeServices subscribes to the service updates.
+	SubscribeServices(context.Context, *connect.Request[v1.SubscribeServicesRequest], *connect.ServerStream[v1.SubscribeServicesResponse]) error
+	// StreamChecks streams the check results to the server.
+	StreamChecks(context.Context, *connect.BidiStream[v1.StreamChecksRequest, v1.StreamChecksResponse]) error
+}
+
+// NewHubServiceHandler builds an HTTP handler from the service implementation. It returns the path
+// on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewHubServiceHandler(svc HubServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	hubServiceMethods := v1.File_sentinel_hub_v1_hub_proto.Services().ByName("HubService").Methods()
+	hubServicePingHandler := connect.NewUnaryHandler(
+		HubServicePingProcedure,
+		svc.Ping,
+		connect.WithSchema(hubServiceMethods.ByName("Ping")),
+		connect.WithHandlerOptions(opts...),
+	)
+	hubServiceAuthenticateHandler := connect.NewUnaryHandler(
+		HubServiceAuthenticateProcedure,
+		svc.Authenticate,
+		connect.WithSchema(hubServiceMethods.ByName("Authenticate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	hubServiceReportSystemInfoHandler := connect.NewUnaryHandler(
+		HubServiceReportSystemInfoProcedure,
+		svc.ReportSystemInfo,
+		connect.WithSchema(hubServiceMethods.ByName("ReportSystemInfo")),
+		connect.WithHandlerOptions(opts...),
+	)
+	hubServiceFetchServicesHandler := connect.NewUnaryHandler(
+		HubServiceFetchServicesProcedure,
+		svc.FetchServices,
+		connect.WithSchema(hubServiceMethods.ByName("FetchServices")),
+		connect.WithHandlerOptions(opts...),
+	)
+	hubServiceSubscribeServicesHandler := connect.NewServerStreamHandler(
+		HubServiceSubscribeServicesProcedure,
+		svc.SubscribeServices,
+		connect.WithSchema(hubServiceMethods.ByName("SubscribeServices")),
+		connect.WithHandlerOptions(opts...),
+	)
+	hubServiceStreamChecksHandler := connect.NewBidiStreamHandler(
+		HubServiceStreamChecksProcedure,
+		svc.StreamChecks,
+		connect.WithSchema(hubServiceMethods.ByName("StreamChecks")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.hub.v1.HubService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case HubServicePingProcedure:
+			hubServicePingHandler.ServeHTTP(w, r)
+		case HubServiceAuthenticateProcedure:
+			hubServiceAuthenticateHandler.ServeHTTP(w, r)
+		case HubServiceReportSystemInfoProcedure:
+			hubServiceReportSystemInfoHandler.ServeHTTP(w, r)
+		case HubServiceFetchServicesProcedure:
+			hubServiceFetchServicesHandler.ServeHTTP(w, r)
+		case HubServiceSubscribeServicesProcedure:
+			hubServiceSubscribeServicesHandler.ServeHTTP(w, r)
+		case HubServiceStreamChecksProcedure:
+			hubServiceStreamChecksHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedHubServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedHubServiceHandler struct{}
+
+func (UnimplementedHubServiceHandler) Ping(context.Context, *connect.Request[emptypb.Empty]) (*connect.Response[emptypb.Empty], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.Ping is not implemented"))
+}
+
+func (UnimplementedHubServiceHandler) Authenticate(context.Context, *connect.Request[v1.AuthenticateRequest]) (*connect.Response[v1.AuthenticateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.Authenticate is not implemented"))
+}
+
+func (UnimplementedHubServiceHandler) ReportSystemInfo(context.Context, *connect.Request[v1.ReportSystemInfoRequest]) (*connect.Response[v1.ReportSystemInfoResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.ReportSystemInfo is not implemented"))
+}
+
+func (UnimplementedHubServiceHandler) FetchServices(context.Context, *connect.Request[v1.FetchServicesRequest]) (*connect.Response[v1.FetchServicesResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.FetchServices is not implemented"))
+}
+
+func (UnimplementedHubServiceHandler) SubscribeServices(context.Context, *connect.Request[v1.SubscribeServicesRequest], *connect.ServerStream[v1.SubscribeServicesResponse]) error {
+	return connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.SubscribeServices is not implemented"))
+}
+
+func (UnimplementedHubServiceHandler) StreamChecks(context.Context, *connect.BidiStream[v1.StreamChecksRequest, v1.StreamChecksResponse]) error {
+	return connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.hub.v1.HubService.StreamChecks is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/notifications/v1/notifications.pb.go b/internal/hub/hubserver/api/sentinel/notifications/v1/notifications.pb.go
new file mode 100644
index 0000000..45d85c4
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/notifications/v1/notifications.pb.go
@@ -0,0 +1,1286 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/notifications/v1/notifications.proto
+
+package notificationsv1
+
+import (
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/common/v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ProviderType int32
+
+const (
+	ProviderType_PROVIDER_TYPE_UNSPECIFIED ProviderType = 0
+	ProviderType_PROVIDER_TYPE_SHOUTRRR    ProviderType = 1
+)
+
+// Enum value maps for ProviderType.
+var (
+	ProviderType_name = map[int32]string{
+		0: "PROVIDER_TYPE_UNSPECIFIED",
+		1: "PROVIDER_TYPE_SHOUTRRR",
+	}
+	ProviderType_value = map[string]int32{
+		"PROVIDER_TYPE_UNSPECIFIED": 0,
+		"PROVIDER_TYPE_SHOUTRRR":    1,
+	}
+)
+
+func (x ProviderType) Enum() *ProviderType {
+	p := new(ProviderType)
+	*p = x
+	return p
+}
+
+func (x ProviderType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ProviderType) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_notifications_v1_notifications_proto_enumTypes[0].Descriptor()
+}
+
+func (ProviderType) Type() protoreflect.EnumType {
+	return &file_sentinel_notifications_v1_notifications_proto_enumTypes[0]
+}
+
+func (x ProviderType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ProviderType.Descriptor instead.
+func (ProviderType) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{0}
+}
+
+type ShoutrrrConfig struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Url           string                 `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ShoutrrrConfig) Reset() {
+	*x = ShoutrrrConfig{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ShoutrrrConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ShoutrrrConfig) ProtoMessage() {}
+
+func (x *ShoutrrrConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ShoutrrrConfig.ProtoReflect.Descriptor instead.
+func (*ShoutrrrConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ShoutrrrConfig) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+type ProviderConfig struct {
+	state protoimpl.MessageState `protogen:"open.v1"`
+	// Types that are valid to be assigned to Config:
+	//
+	//	*ProviderConfig_Shoutrrr
+	Config        isProviderConfig_Config `protobuf_oneof:"config"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderConfig) Reset() {
+	*x = ProviderConfig{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderConfig) ProtoMessage() {}
+
+func (x *ProviderConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderConfig.ProtoReflect.Descriptor instead.
+func (*ProviderConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ProviderConfig) GetConfig() isProviderConfig_Config {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *ProviderConfig) GetShoutrrr() *ShoutrrrConfig {
+	if x != nil {
+		if x, ok := x.Config.(*ProviderConfig_Shoutrrr); ok {
+			return x.Shoutrrr
+		}
+	}
+	return nil
+}
+
+type isProviderConfig_Config interface {
+	isProviderConfig_Config()
+}
+
+type ProviderConfig_Shoutrrr struct {
+	Shoutrrr *ShoutrrrConfig `protobuf:"bytes,1,opt,name=shoutrrr,proto3,oneof"`
+}
+
+func (*ProviderConfig_Shoutrrr) isProviderConfig_Config() {}
+
+type Provider struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Type          ProviderType           `protobuf:"varint,2,opt,name=type,proto3,enum=sentinel.notifications.v1.ProviderType" json:"type,omitempty"`
+	Config        *ProviderConfig        `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,4,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Provider) Reset() {
+	*x = Provider{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Provider) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Provider) ProtoMessage() {}
+
+func (x *Provider) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Provider.ProtoReflect.Descriptor instead.
+func (*Provider) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Provider) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Provider) GetType() ProviderType {
+	if x != nil {
+		return x.Type
+	}
+	return ProviderType_PROVIDER_TYPE_UNSPECIFIED
+}
+
+func (x *Provider) GetConfig() *ProviderConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *Provider) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *Provider) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *Provider) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+type HistoryItem struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	Status        string                 `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"`
+	Response      *string                `protobuf:"bytes,4,opt,name=response,proto3,oneof" json:"response,omitempty"`
+	Attempts      int64                  `protobuf:"varint,5,opt,name=attempts,proto3" json:"attempts,omitempty"`
+	ErrorMessage  *string                `protobuf:"bytes,6,opt,name=error_message,json=errorMessage,proto3,oneof" json:"error_message,omitempty"`
+	LastAttemptAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=last_attempt_at,json=lastAttemptAt,proto3" json:"last_attempt_at,omitempty"`
+	SentAt        *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=sent_at,json=sentAt,proto3" json:"sent_at,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistoryItem) Reset() {
+	*x = HistoryItem{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistoryItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistoryItem) ProtoMessage() {}
+
+func (x *HistoryItem) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistoryItem.ProtoReflect.Descriptor instead.
+func (*HistoryItem) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *HistoryItem) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *HistoryItem) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+func (x *HistoryItem) GetStatus() string {
+	if x != nil {
+		return x.Status
+	}
+	return ""
+}
+
+func (x *HistoryItem) GetResponse() string {
+	if x != nil && x.Response != nil {
+		return *x.Response
+	}
+	return ""
+}
+
+func (x *HistoryItem) GetAttempts() int64 {
+	if x != nil {
+		return x.Attempts
+	}
+	return 0
+}
+
+func (x *HistoryItem) GetErrorMessage() string {
+	if x != nil && x.ErrorMessage != nil {
+		return *x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *HistoryItem) GetLastAttemptAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.LastAttemptAt
+	}
+	return nil
+}
+
+func (x *HistoryItem) GetSentAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.SentAt
+	}
+	return nil
+}
+
+func (x *HistoryItem) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *HistoryItem) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+// ProvidersList lists all notification providers.
+type ProvidersListRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProvidersListRequest) Reset() {
+	*x = ProvidersListRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProvidersListRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProvidersListRequest) ProtoMessage() {}
+
+func (x *ProvidersListRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProvidersListRequest.ProtoReflect.Descriptor instead.
+func (*ProvidersListRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{4}
+}
+
+type ProvidersListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Items         []*Provider            `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProvidersListResponse) Reset() {
+	*x = ProvidersListResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProvidersListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProvidersListResponse) ProtoMessage() {}
+
+func (x *ProvidersListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProvidersListResponse.ProtoReflect.Descriptor instead.
+func (*ProvidersListResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *ProvidersListResponse) GetItems() []*Provider {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+// ProviderCreate creates a new notification provider.
+type ProviderCreateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Type          ProviderType           `protobuf:"varint,1,opt,name=type,proto3,enum=sentinel.notifications.v1.ProviderType" json:"type,omitempty"`
+	Config        *ProviderConfig        `protobuf:"bytes,2,opt,name=config,proto3" json:"config,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,3,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderCreateRequest) Reset() {
+	*x = ProviderCreateRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderCreateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderCreateRequest) ProtoMessage() {}
+
+func (x *ProviderCreateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderCreateRequest.ProtoReflect.Descriptor instead.
+func (*ProviderCreateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *ProviderCreateRequest) GetType() ProviderType {
+	if x != nil {
+		return x.Type
+	}
+	return ProviderType_PROVIDER_TYPE_UNSPECIFIED
+}
+
+func (x *ProviderCreateRequest) GetConfig() *ProviderConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *ProviderCreateRequest) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+type ProviderCreateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Provider              `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderCreateResponse) Reset() {
+	*x = ProviderCreateResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderCreateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderCreateResponse) ProtoMessage() {}
+
+func (x *ProviderCreateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderCreateResponse.ProtoReflect.Descriptor instead.
+func (*ProviderCreateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ProviderCreateResponse) GetItem() *Provider {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ProviderUpdate updates an existing notification provider.
+type ProviderUpdateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Type          ProviderType           `protobuf:"varint,2,opt,name=type,proto3,enum=sentinel.notifications.v1.ProviderType" json:"type,omitempty"`
+	Config        *ProviderConfig        `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"`
+	IsEnabled     bool                   `protobuf:"varint,4,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderUpdateRequest) Reset() {
+	*x = ProviderUpdateRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderUpdateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderUpdateRequest) ProtoMessage() {}
+
+func (x *ProviderUpdateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderUpdateRequest.ProtoReflect.Descriptor instead.
+func (*ProviderUpdateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ProviderUpdateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *ProviderUpdateRequest) GetType() ProviderType {
+	if x != nil {
+		return x.Type
+	}
+	return ProviderType_PROVIDER_TYPE_UNSPECIFIED
+}
+
+func (x *ProviderUpdateRequest) GetConfig() *ProviderConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *ProviderUpdateRequest) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+type ProviderUpdateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Provider              `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderUpdateResponse) Reset() {
+	*x = ProviderUpdateResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderUpdateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderUpdateResponse) ProtoMessage() {}
+
+func (x *ProviderUpdateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderUpdateResponse.ProtoReflect.Descriptor instead.
+func (*ProviderUpdateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ProviderUpdateResponse) GetItem() *Provider {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ProviderDelete deletes a notification provider.
+type ProviderDeleteRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderDeleteRequest) Reset() {
+	*x = ProviderDeleteRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderDeleteRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderDeleteRequest) ProtoMessage() {}
+
+func (x *ProviderDeleteRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderDeleteRequest.ProtoReflect.Descriptor instead.
+func (*ProviderDeleteRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ProviderDeleteRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ProviderDeleteResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderDeleteResponse) Reset() {
+	*x = ProviderDeleteResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderDeleteResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderDeleteResponse) ProtoMessage() {}
+
+func (x *ProviderDeleteResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderDeleteResponse.ProtoReflect.Descriptor instead.
+func (*ProviderDeleteResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{11}
+}
+
+// ProviderTest sends a test notification using the specified provider.
+type ProviderTestRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderTestRequest) Reset() {
+	*x = ProviderTestRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderTestRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderTestRequest) ProtoMessage() {}
+
+func (x *ProviderTestRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderTestRequest.ProtoReflect.Descriptor instead.
+func (*ProviderTestRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *ProviderTestRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ProviderTestResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProviderTestResponse) Reset() {
+	*x = ProviderTestResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProviderTestResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProviderTestResponse) ProtoMessage() {}
+
+func (x *ProviderTestResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProviderTestResponse.ProtoReflect.Descriptor instead.
+func (*ProviderTestResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{13}
+}
+
+// History retrieves the notification history with optional filters.
+type HistoryListRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Common        *v1.FindRequestCommon  `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"`
+	Status        string                 `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistoryListRequest) Reset() {
+	*x = HistoryListRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistoryListRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistoryListRequest) ProtoMessage() {}
+
+func (x *HistoryListRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[14]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistoryListRequest.ProtoReflect.Descriptor instead.
+func (*HistoryListRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *HistoryListRequest) GetCommon() *v1.FindRequestCommon {
+	if x != nil {
+		return x.Common
+	}
+	return nil
+}
+
+func (x *HistoryListRequest) GetStatus() string {
+	if x != nil {
+		return x.Status
+	}
+	return ""
+}
+
+type HistoryListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Items         []*HistoryItem         `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"`
+	Count         uint32                 `protobuf:"varint,2,opt,name=count,proto3" json:"count,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistoryListResponse) Reset() {
+	*x = HistoryListResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistoryListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistoryListResponse) ProtoMessage() {}
+
+func (x *HistoryListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[15]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistoryListResponse.ProtoReflect.Descriptor instead.
+func (*HistoryListResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *HistoryListResponse) GetItems() []*HistoryItem {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *HistoryListResponse) GetCount() uint32 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
+// HistoryDeleteAll deletes all notification history items.
+type HistoryDeleteAllRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistoryDeleteAllRequest) Reset() {
+	*x = HistoryDeleteAllRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistoryDeleteAllRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistoryDeleteAllRequest) ProtoMessage() {}
+
+func (x *HistoryDeleteAllRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[16]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistoryDeleteAllRequest.ProtoReflect.Descriptor instead.
+func (*HistoryDeleteAllRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{16}
+}
+
+type HistoryDeleteAllResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistoryDeleteAllResponse) Reset() {
+	*x = HistoryDeleteAllResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[17]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistoryDeleteAllResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistoryDeleteAllResponse) ProtoMessage() {}
+
+func (x *HistoryDeleteAllResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[17]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistoryDeleteAllResponse.ProtoReflect.Descriptor instead.
+func (*HistoryDeleteAllResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{17}
+}
+
+// HistorySubscribe subscribes to real-time notification history updates.
+type HistorySubscribeRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistorySubscribeRequest) Reset() {
+	*x = HistorySubscribeRequest{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[18]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistorySubscribeRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistorySubscribeRequest) ProtoMessage() {}
+
+func (x *HistorySubscribeRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[18]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistorySubscribeRequest.ProtoReflect.Descriptor instead.
+func (*HistorySubscribeRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{18}
+}
+
+type HistorySubscribeResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HistorySubscribeResponse) Reset() {
+	*x = HistorySubscribeResponse{}
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[19]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HistorySubscribeResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HistorySubscribeResponse) ProtoMessage() {}
+
+func (x *HistorySubscribeResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_notifications_v1_notifications_proto_msgTypes[19]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HistorySubscribeResponse.ProtoReflect.Descriptor instead.
+func (*HistorySubscribeResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_notifications_v1_notifications_proto_rawDescGZIP(), []int{19}
+}
+
+var File_sentinel_notifications_v1_notifications_proto protoreflect.FileDescriptor
+
+const file_sentinel_notifications_v1_notifications_proto_rawDesc = "" +
+	"\n" +
+	"-sentinel/notifications/v1/notifications.proto\x12\x19sentinel.notifications.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1fsentinel/common/v1/common.proto\"\"\n" +
+	"\x0eShoutrrrConfig\x12\x10\n" +
+	"\x03url\x18\x01 \x01(\tR\x03url\"c\n" +
+	"\x0eProviderConfig\x12G\n" +
+	"\bshoutrrr\x18\x01 \x01(\v2).sentinel.notifications.v1.ShoutrrrConfigH\x00R\bshoutrrrB\b\n" +
+	"\x06config\"\xaf\x02\n" +
+	"\bProvider\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12;\n" +
+	"\x04type\x18\x02 \x01(\x0e2'.sentinel.notifications.v1.ProviderTypeR\x04type\x12A\n" +
+	"\x06config\x18\x03 \x01(\v2).sentinel.notifications.v1.ProviderConfigR\x06config\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\x04 \x01(\bR\tisEnabled\x129\n" +
+	"\n" +
+	"created_at\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\"\xc4\x03\n" +
+	"\vHistoryItem\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\x12\x16\n" +
+	"\x06status\x18\x03 \x01(\tR\x06status\x12\x1f\n" +
+	"\bresponse\x18\x04 \x01(\tH\x00R\bresponse\x88\x01\x01\x12\x1a\n" +
+	"\battempts\x18\x05 \x01(\x03R\battempts\x12(\n" +
+	"\rerror_message\x18\x06 \x01(\tH\x01R\ferrorMessage\x88\x01\x01\x12B\n" +
+	"\x0flast_attempt_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\rlastAttemptAt\x123\n" +
+	"\asent_at\x18\b \x01(\v2\x1a.google.protobuf.TimestampR\x06sentAt\x129\n" +
+	"\n" +
+	"created_at\x18\t \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\n" +
+	" \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAtB\v\n" +
+	"\t_responseB\x10\n" +
+	"\x0e_error_message\"\x16\n" +
+	"\x14ProvidersListRequest\"R\n" +
+	"\x15ProvidersListResponse\x129\n" +
+	"\x05items\x18\x01 \x03(\v2#.sentinel.notifications.v1.ProviderR\x05items\"\xb6\x01\n" +
+	"\x15ProviderCreateRequest\x12;\n" +
+	"\x04type\x18\x01 \x01(\x0e2'.sentinel.notifications.v1.ProviderTypeR\x04type\x12A\n" +
+	"\x06config\x18\x02 \x01(\v2).sentinel.notifications.v1.ProviderConfigR\x06config\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\x03 \x01(\bR\tisEnabled\"Q\n" +
+	"\x16ProviderCreateResponse\x127\n" +
+	"\x04item\x18\x01 \x01(\v2#.sentinel.notifications.v1.ProviderR\x04item\"\xc6\x01\n" +
+	"\x15ProviderUpdateRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12;\n" +
+	"\x04type\x18\x02 \x01(\x0e2'.sentinel.notifications.v1.ProviderTypeR\x04type\x12A\n" +
+	"\x06config\x18\x03 \x01(\v2).sentinel.notifications.v1.ProviderConfigR\x06config\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\x04 \x01(\bR\tisEnabled\"Q\n" +
+	"\x16ProviderUpdateResponse\x127\n" +
+	"\x04item\x18\x01 \x01(\v2#.sentinel.notifications.v1.ProviderR\x04item\"'\n" +
+	"\x15ProviderDeleteRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x18\n" +
+	"\x16ProviderDeleteResponse\"%\n" +
+	"\x13ProviderTestRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x16\n" +
+	"\x14ProviderTestResponse\"k\n" +
+	"\x12HistoryListRequest\x12=\n" +
+	"\x06common\x18\x01 \x01(\v2%.sentinel.common.v1.FindRequestCommonR\x06common\x12\x16\n" +
+	"\x06status\x18\x02 \x01(\tR\x06status\"i\n" +
+	"\x13HistoryListResponse\x12<\n" +
+	"\x05items\x18\x01 \x03(\v2&.sentinel.notifications.v1.HistoryItemR\x05items\x12\x14\n" +
+	"\x05count\x18\x02 \x01(\rR\x05count\"\x19\n" +
+	"\x17HistoryDeleteAllRequest\"\x1a\n" +
+	"\x18HistoryDeleteAllResponse\"\x19\n" +
+	"\x17HistorySubscribeRequest\"\x1a\n" +
+	"\x18HistorySubscribeResponse*I\n" +
+	"\fProviderType\x12\x1d\n" +
+	"\x19PROVIDER_TYPE_UNSPECIFIED\x10\x00\x12\x1a\n" +
+	"\x16PROVIDER_TYPE_SHOUTRRR\x10\x012\xc9\a\n" +
+	"\x13NotificationService\x12r\n" +
+	"\rProvidersList\x12/.sentinel.notifications.v1.ProvidersListRequest\x1a0.sentinel.notifications.v1.ProvidersListResponse\x12u\n" +
+	"\x0eProviderCreate\x120.sentinel.notifications.v1.ProviderCreateRequest\x1a1.sentinel.notifications.v1.ProviderCreateResponse\x12u\n" +
+	"\x0eProviderUpdate\x120.sentinel.notifications.v1.ProviderUpdateRequest\x1a1.sentinel.notifications.v1.ProviderUpdateResponse\x12u\n" +
+	"\x0eProviderDelete\x120.sentinel.notifications.v1.ProviderDeleteRequest\x1a1.sentinel.notifications.v1.ProviderDeleteResponse\x12o\n" +
+	"\fProviderTest\x12..sentinel.notifications.v1.ProviderTestRequest\x1a/.sentinel.notifications.v1.ProviderTestResponse\x12l\n" +
+	"\vHistoryList\x12-.sentinel.notifications.v1.HistoryListRequest\x1a..sentinel.notifications.v1.HistoryListResponse\x12{\n" +
+	"\x10HistoryDeleteAll\x122.sentinel.notifications.v1.HistoryDeleteAllRequest\x1a3.sentinel.notifications.v1.HistoryDeleteAllResponse\x12}\n" +
+	"\x10HistorySubscribe\x122.sentinel.notifications.v1.HistorySubscribeRequest\x1a3.sentinel.notifications.v1.HistorySubscribeResponse0\x01B\x9c\x02\n" +
+	"\x1dcom.sentinel.notifications.v1B\x12NotificationsProtoP\x01Zagithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1;notificationsv1\xa2\x02\x03SNX\xaa\x02\x19Sentinel.Notifications.V1\xca\x02\x19Sentinel\\Notifications\\V1\xe2\x02%Sentinel\\Notifications\\V1\\GPBMetadata\xea\x02\x1bSentinel::Notifications::V1b\x06proto3"
+
+var (
+	file_sentinel_notifications_v1_notifications_proto_rawDescOnce sync.Once
+	file_sentinel_notifications_v1_notifications_proto_rawDescData []byte
+)
+
+func file_sentinel_notifications_v1_notifications_proto_rawDescGZIP() []byte {
+	file_sentinel_notifications_v1_notifications_proto_rawDescOnce.Do(func() {
+		file_sentinel_notifications_v1_notifications_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_notifications_v1_notifications_proto_rawDesc), len(file_sentinel_notifications_v1_notifications_proto_rawDesc)))
+	})
+	return file_sentinel_notifications_v1_notifications_proto_rawDescData
+}
+
+var file_sentinel_notifications_v1_notifications_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_sentinel_notifications_v1_notifications_proto_msgTypes = make([]protoimpl.MessageInfo, 20)
+var file_sentinel_notifications_v1_notifications_proto_goTypes = []any{
+	(ProviderType)(0),                // 0: sentinel.notifications.v1.ProviderType
+	(*ShoutrrrConfig)(nil),           // 1: sentinel.notifications.v1.ShoutrrrConfig
+	(*ProviderConfig)(nil),           // 2: sentinel.notifications.v1.ProviderConfig
+	(*Provider)(nil),                 // 3: sentinel.notifications.v1.Provider
+	(*HistoryItem)(nil),              // 4: sentinel.notifications.v1.HistoryItem
+	(*ProvidersListRequest)(nil),     // 5: sentinel.notifications.v1.ProvidersListRequest
+	(*ProvidersListResponse)(nil),    // 6: sentinel.notifications.v1.ProvidersListResponse
+	(*ProviderCreateRequest)(nil),    // 7: sentinel.notifications.v1.ProviderCreateRequest
+	(*ProviderCreateResponse)(nil),   // 8: sentinel.notifications.v1.ProviderCreateResponse
+	(*ProviderUpdateRequest)(nil),    // 9: sentinel.notifications.v1.ProviderUpdateRequest
+	(*ProviderUpdateResponse)(nil),   // 10: sentinel.notifications.v1.ProviderUpdateResponse
+	(*ProviderDeleteRequest)(nil),    // 11: sentinel.notifications.v1.ProviderDeleteRequest
+	(*ProviderDeleteResponse)(nil),   // 12: sentinel.notifications.v1.ProviderDeleteResponse
+	(*ProviderTestRequest)(nil),      // 13: sentinel.notifications.v1.ProviderTestRequest
+	(*ProviderTestResponse)(nil),     // 14: sentinel.notifications.v1.ProviderTestResponse
+	(*HistoryListRequest)(nil),       // 15: sentinel.notifications.v1.HistoryListRequest
+	(*HistoryListResponse)(nil),      // 16: sentinel.notifications.v1.HistoryListResponse
+	(*HistoryDeleteAllRequest)(nil),  // 17: sentinel.notifications.v1.HistoryDeleteAllRequest
+	(*HistoryDeleteAllResponse)(nil), // 18: sentinel.notifications.v1.HistoryDeleteAllResponse
+	(*HistorySubscribeRequest)(nil),  // 19: sentinel.notifications.v1.HistorySubscribeRequest
+	(*HistorySubscribeResponse)(nil), // 20: sentinel.notifications.v1.HistorySubscribeResponse
+	(*timestamppb.Timestamp)(nil),    // 21: google.protobuf.Timestamp
+	(*v1.FindRequestCommon)(nil),     // 22: sentinel.common.v1.FindRequestCommon
+}
+var file_sentinel_notifications_v1_notifications_proto_depIdxs = []int32{
+	1,  // 0: sentinel.notifications.v1.ProviderConfig.shoutrrr:type_name -> sentinel.notifications.v1.ShoutrrrConfig
+	0,  // 1: sentinel.notifications.v1.Provider.type:type_name -> sentinel.notifications.v1.ProviderType
+	2,  // 2: sentinel.notifications.v1.Provider.config:type_name -> sentinel.notifications.v1.ProviderConfig
+	21, // 3: sentinel.notifications.v1.Provider.created_at:type_name -> google.protobuf.Timestamp
+	21, // 4: sentinel.notifications.v1.Provider.updated_at:type_name -> google.protobuf.Timestamp
+	21, // 5: sentinel.notifications.v1.HistoryItem.last_attempt_at:type_name -> google.protobuf.Timestamp
+	21, // 6: sentinel.notifications.v1.HistoryItem.sent_at:type_name -> google.protobuf.Timestamp
+	21, // 7: sentinel.notifications.v1.HistoryItem.created_at:type_name -> google.protobuf.Timestamp
+	21, // 8: sentinel.notifications.v1.HistoryItem.updated_at:type_name -> google.protobuf.Timestamp
+	3,  // 9: sentinel.notifications.v1.ProvidersListResponse.items:type_name -> sentinel.notifications.v1.Provider
+	0,  // 10: sentinel.notifications.v1.ProviderCreateRequest.type:type_name -> sentinel.notifications.v1.ProviderType
+	2,  // 11: sentinel.notifications.v1.ProviderCreateRequest.config:type_name -> sentinel.notifications.v1.ProviderConfig
+	3,  // 12: sentinel.notifications.v1.ProviderCreateResponse.item:type_name -> sentinel.notifications.v1.Provider
+	0,  // 13: sentinel.notifications.v1.ProviderUpdateRequest.type:type_name -> sentinel.notifications.v1.ProviderType
+	2,  // 14: sentinel.notifications.v1.ProviderUpdateRequest.config:type_name -> sentinel.notifications.v1.ProviderConfig
+	3,  // 15: sentinel.notifications.v1.ProviderUpdateResponse.item:type_name -> sentinel.notifications.v1.Provider
+	22, // 16: sentinel.notifications.v1.HistoryListRequest.common:type_name -> sentinel.common.v1.FindRequestCommon
+	4,  // 17: sentinel.notifications.v1.HistoryListResponse.items:type_name -> sentinel.notifications.v1.HistoryItem
+	5,  // 18: sentinel.notifications.v1.NotificationService.ProvidersList:input_type -> sentinel.notifications.v1.ProvidersListRequest
+	7,  // 19: sentinel.notifications.v1.NotificationService.ProviderCreate:input_type -> sentinel.notifications.v1.ProviderCreateRequest
+	9,  // 20: sentinel.notifications.v1.NotificationService.ProviderUpdate:input_type -> sentinel.notifications.v1.ProviderUpdateRequest
+	11, // 21: sentinel.notifications.v1.NotificationService.ProviderDelete:input_type -> sentinel.notifications.v1.ProviderDeleteRequest
+	13, // 22: sentinel.notifications.v1.NotificationService.ProviderTest:input_type -> sentinel.notifications.v1.ProviderTestRequest
+	15, // 23: sentinel.notifications.v1.NotificationService.HistoryList:input_type -> sentinel.notifications.v1.HistoryListRequest
+	17, // 24: sentinel.notifications.v1.NotificationService.HistoryDeleteAll:input_type -> sentinel.notifications.v1.HistoryDeleteAllRequest
+	19, // 25: sentinel.notifications.v1.NotificationService.HistorySubscribe:input_type -> sentinel.notifications.v1.HistorySubscribeRequest
+	6,  // 26: sentinel.notifications.v1.NotificationService.ProvidersList:output_type -> sentinel.notifications.v1.ProvidersListResponse
+	8,  // 27: sentinel.notifications.v1.NotificationService.ProviderCreate:output_type -> sentinel.notifications.v1.ProviderCreateResponse
+	10, // 28: sentinel.notifications.v1.NotificationService.ProviderUpdate:output_type -> sentinel.notifications.v1.ProviderUpdateResponse
+	12, // 29: sentinel.notifications.v1.NotificationService.ProviderDelete:output_type -> sentinel.notifications.v1.ProviderDeleteResponse
+	14, // 30: sentinel.notifications.v1.NotificationService.ProviderTest:output_type -> sentinel.notifications.v1.ProviderTestResponse
+	16, // 31: sentinel.notifications.v1.NotificationService.HistoryList:output_type -> sentinel.notifications.v1.HistoryListResponse
+	18, // 32: sentinel.notifications.v1.NotificationService.HistoryDeleteAll:output_type -> sentinel.notifications.v1.HistoryDeleteAllResponse
+	20, // 33: sentinel.notifications.v1.NotificationService.HistorySubscribe:output_type -> sentinel.notifications.v1.HistorySubscribeResponse
+	26, // [26:34] is the sub-list for method output_type
+	18, // [18:26] is the sub-list for method input_type
+	18, // [18:18] is the sub-list for extension type_name
+	18, // [18:18] is the sub-list for extension extendee
+	0,  // [0:18] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_notifications_v1_notifications_proto_init() }
+func file_sentinel_notifications_v1_notifications_proto_init() {
+	if File_sentinel_notifications_v1_notifications_proto != nil {
+		return
+	}
+	file_sentinel_notifications_v1_notifications_proto_msgTypes[1].OneofWrappers = []any{
+		(*ProviderConfig_Shoutrrr)(nil),
+	}
+	file_sentinel_notifications_v1_notifications_proto_msgTypes[3].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_notifications_v1_notifications_proto_rawDesc), len(file_sentinel_notifications_v1_notifications_proto_rawDesc)),
+			NumEnums:      1,
+			NumMessages:   20,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_notifications_v1_notifications_proto_goTypes,
+		DependencyIndexes: file_sentinel_notifications_v1_notifications_proto_depIdxs,
+		EnumInfos:         file_sentinel_notifications_v1_notifications_proto_enumTypes,
+		MessageInfos:      file_sentinel_notifications_v1_notifications_proto_msgTypes,
+	}.Build()
+	File_sentinel_notifications_v1_notifications_proto = out.File
+	file_sentinel_notifications_v1_notifications_proto_goTypes = nil
+	file_sentinel_notifications_v1_notifications_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect/notifications.connect.go b/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect/notifications.connect.go
new file mode 100644
index 0000000..0e4564e
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/notifications/v1/notificationsv1connect/notifications.connect.go
@@ -0,0 +1,315 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/notifications/v1/notifications.proto
+
+package notificationsv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// NotificationServiceName is the fully-qualified name of the NotificationService service.
+	NotificationServiceName = "sentinel.notifications.v1.NotificationService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// NotificationServiceProvidersListProcedure is the fully-qualified name of the
+	// NotificationService's ProvidersList RPC.
+	NotificationServiceProvidersListProcedure = "/sentinel.notifications.v1.NotificationService/ProvidersList"
+	// NotificationServiceProviderCreateProcedure is the fully-qualified name of the
+	// NotificationService's ProviderCreate RPC.
+	NotificationServiceProviderCreateProcedure = "/sentinel.notifications.v1.NotificationService/ProviderCreate"
+	// NotificationServiceProviderUpdateProcedure is the fully-qualified name of the
+	// NotificationService's ProviderUpdate RPC.
+	NotificationServiceProviderUpdateProcedure = "/sentinel.notifications.v1.NotificationService/ProviderUpdate"
+	// NotificationServiceProviderDeleteProcedure is the fully-qualified name of the
+	// NotificationService's ProviderDelete RPC.
+	NotificationServiceProviderDeleteProcedure = "/sentinel.notifications.v1.NotificationService/ProviderDelete"
+	// NotificationServiceProviderTestProcedure is the fully-qualified name of the NotificationService's
+	// ProviderTest RPC.
+	NotificationServiceProviderTestProcedure = "/sentinel.notifications.v1.NotificationService/ProviderTest"
+	// NotificationServiceHistoryListProcedure is the fully-qualified name of the NotificationService's
+	// HistoryList RPC.
+	NotificationServiceHistoryListProcedure = "/sentinel.notifications.v1.NotificationService/HistoryList"
+	// NotificationServiceHistoryDeleteAllProcedure is the fully-qualified name of the
+	// NotificationService's HistoryDeleteAll RPC.
+	NotificationServiceHistoryDeleteAllProcedure = "/sentinel.notifications.v1.NotificationService/HistoryDeleteAll"
+	// NotificationServiceHistorySubscribeProcedure is the fully-qualified name of the
+	// NotificationService's HistorySubscribe RPC.
+	NotificationServiceHistorySubscribeProcedure = "/sentinel.notifications.v1.NotificationService/HistorySubscribe"
+)
+
+// NotificationServiceClient is a client for the sentinel.notifications.v1.NotificationService
+// service.
+type NotificationServiceClient interface {
+	ProvidersList(context.Context, *connect.Request[v1.ProvidersListRequest]) (*connect.Response[v1.ProvidersListResponse], error)
+	ProviderCreate(context.Context, *connect.Request[v1.ProviderCreateRequest]) (*connect.Response[v1.ProviderCreateResponse], error)
+	ProviderUpdate(context.Context, *connect.Request[v1.ProviderUpdateRequest]) (*connect.Response[v1.ProviderUpdateResponse], error)
+	ProviderDelete(context.Context, *connect.Request[v1.ProviderDeleteRequest]) (*connect.Response[v1.ProviderDeleteResponse], error)
+	ProviderTest(context.Context, *connect.Request[v1.ProviderTestRequest]) (*connect.Response[v1.ProviderTestResponse], error)
+	HistoryList(context.Context, *connect.Request[v1.HistoryListRequest]) (*connect.Response[v1.HistoryListResponse], error)
+	HistoryDeleteAll(context.Context, *connect.Request[v1.HistoryDeleteAllRequest]) (*connect.Response[v1.HistoryDeleteAllResponse], error)
+	HistorySubscribe(context.Context, *connect.Request[v1.HistorySubscribeRequest]) (*connect.ServerStreamForClient[v1.HistorySubscribeResponse], error)
+}
+
+// NewNotificationServiceClient constructs a client for the
+// sentinel.notifications.v1.NotificationService service. By default, it uses the Connect protocol
+// with the binary Protobuf Codec, asks for gzipped responses, and sends uncompressed requests. To
+// use the gRPC or gRPC-Web protocols, supply the connect.WithGRPC() or connect.WithGRPCWeb()
+// options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewNotificationServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) NotificationServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	notificationServiceMethods := v1.File_sentinel_notifications_v1_notifications_proto.Services().ByName("NotificationService").Methods()
+	return &notificationServiceClient{
+		providersList: connect.NewClient[v1.ProvidersListRequest, v1.ProvidersListResponse](
+			httpClient,
+			baseURL+NotificationServiceProvidersListProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("ProvidersList")),
+			connect.WithClientOptions(opts...),
+		),
+		providerCreate: connect.NewClient[v1.ProviderCreateRequest, v1.ProviderCreateResponse](
+			httpClient,
+			baseURL+NotificationServiceProviderCreateProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("ProviderCreate")),
+			connect.WithClientOptions(opts...),
+		),
+		providerUpdate: connect.NewClient[v1.ProviderUpdateRequest, v1.ProviderUpdateResponse](
+			httpClient,
+			baseURL+NotificationServiceProviderUpdateProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("ProviderUpdate")),
+			connect.WithClientOptions(opts...),
+		),
+		providerDelete: connect.NewClient[v1.ProviderDeleteRequest, v1.ProviderDeleteResponse](
+			httpClient,
+			baseURL+NotificationServiceProviderDeleteProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("ProviderDelete")),
+			connect.WithClientOptions(opts...),
+		),
+		providerTest: connect.NewClient[v1.ProviderTestRequest, v1.ProviderTestResponse](
+			httpClient,
+			baseURL+NotificationServiceProviderTestProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("ProviderTest")),
+			connect.WithClientOptions(opts...),
+		),
+		historyList: connect.NewClient[v1.HistoryListRequest, v1.HistoryListResponse](
+			httpClient,
+			baseURL+NotificationServiceHistoryListProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("HistoryList")),
+			connect.WithClientOptions(opts...),
+		),
+		historyDeleteAll: connect.NewClient[v1.HistoryDeleteAllRequest, v1.HistoryDeleteAllResponse](
+			httpClient,
+			baseURL+NotificationServiceHistoryDeleteAllProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("HistoryDeleteAll")),
+			connect.WithClientOptions(opts...),
+		),
+		historySubscribe: connect.NewClient[v1.HistorySubscribeRequest, v1.HistorySubscribeResponse](
+			httpClient,
+			baseURL+NotificationServiceHistorySubscribeProcedure,
+			connect.WithSchema(notificationServiceMethods.ByName("HistorySubscribe")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// notificationServiceClient implements NotificationServiceClient.
+type notificationServiceClient struct {
+	providersList    *connect.Client[v1.ProvidersListRequest, v1.ProvidersListResponse]
+	providerCreate   *connect.Client[v1.ProviderCreateRequest, v1.ProviderCreateResponse]
+	providerUpdate   *connect.Client[v1.ProviderUpdateRequest, v1.ProviderUpdateResponse]
+	providerDelete   *connect.Client[v1.ProviderDeleteRequest, v1.ProviderDeleteResponse]
+	providerTest     *connect.Client[v1.ProviderTestRequest, v1.ProviderTestResponse]
+	historyList      *connect.Client[v1.HistoryListRequest, v1.HistoryListResponse]
+	historyDeleteAll *connect.Client[v1.HistoryDeleteAllRequest, v1.HistoryDeleteAllResponse]
+	historySubscribe *connect.Client[v1.HistorySubscribeRequest, v1.HistorySubscribeResponse]
+}
+
+// ProvidersList calls sentinel.notifications.v1.NotificationService.ProvidersList.
+func (c *notificationServiceClient) ProvidersList(ctx context.Context, req *connect.Request[v1.ProvidersListRequest]) (*connect.Response[v1.ProvidersListResponse], error) {
+	return c.providersList.CallUnary(ctx, req)
+}
+
+// ProviderCreate calls sentinel.notifications.v1.NotificationService.ProviderCreate.
+func (c *notificationServiceClient) ProviderCreate(ctx context.Context, req *connect.Request[v1.ProviderCreateRequest]) (*connect.Response[v1.ProviderCreateResponse], error) {
+	return c.providerCreate.CallUnary(ctx, req)
+}
+
+// ProviderUpdate calls sentinel.notifications.v1.NotificationService.ProviderUpdate.
+func (c *notificationServiceClient) ProviderUpdate(ctx context.Context, req *connect.Request[v1.ProviderUpdateRequest]) (*connect.Response[v1.ProviderUpdateResponse], error) {
+	return c.providerUpdate.CallUnary(ctx, req)
+}
+
+// ProviderDelete calls sentinel.notifications.v1.NotificationService.ProviderDelete.
+func (c *notificationServiceClient) ProviderDelete(ctx context.Context, req *connect.Request[v1.ProviderDeleteRequest]) (*connect.Response[v1.ProviderDeleteResponse], error) {
+	return c.providerDelete.CallUnary(ctx, req)
+}
+
+// ProviderTest calls sentinel.notifications.v1.NotificationService.ProviderTest.
+func (c *notificationServiceClient) ProviderTest(ctx context.Context, req *connect.Request[v1.ProviderTestRequest]) (*connect.Response[v1.ProviderTestResponse], error) {
+	return c.providerTest.CallUnary(ctx, req)
+}
+
+// HistoryList calls sentinel.notifications.v1.NotificationService.HistoryList.
+func (c *notificationServiceClient) HistoryList(ctx context.Context, req *connect.Request[v1.HistoryListRequest]) (*connect.Response[v1.HistoryListResponse], error) {
+	return c.historyList.CallUnary(ctx, req)
+}
+
+// HistoryDeleteAll calls sentinel.notifications.v1.NotificationService.HistoryDeleteAll.
+func (c *notificationServiceClient) HistoryDeleteAll(ctx context.Context, req *connect.Request[v1.HistoryDeleteAllRequest]) (*connect.Response[v1.HistoryDeleteAllResponse], error) {
+	return c.historyDeleteAll.CallUnary(ctx, req)
+}
+
+// HistorySubscribe calls sentinel.notifications.v1.NotificationService.HistorySubscribe.
+func (c *notificationServiceClient) HistorySubscribe(ctx context.Context, req *connect.Request[v1.HistorySubscribeRequest]) (*connect.ServerStreamForClient[v1.HistorySubscribeResponse], error) {
+	return c.historySubscribe.CallServerStream(ctx, req)
+}
+
+// NotificationServiceHandler is an implementation of the
+// sentinel.notifications.v1.NotificationService service.
+type NotificationServiceHandler interface {
+	ProvidersList(context.Context, *connect.Request[v1.ProvidersListRequest]) (*connect.Response[v1.ProvidersListResponse], error)
+	ProviderCreate(context.Context, *connect.Request[v1.ProviderCreateRequest]) (*connect.Response[v1.ProviderCreateResponse], error)
+	ProviderUpdate(context.Context, *connect.Request[v1.ProviderUpdateRequest]) (*connect.Response[v1.ProviderUpdateResponse], error)
+	ProviderDelete(context.Context, *connect.Request[v1.ProviderDeleteRequest]) (*connect.Response[v1.ProviderDeleteResponse], error)
+	ProviderTest(context.Context, *connect.Request[v1.ProviderTestRequest]) (*connect.Response[v1.ProviderTestResponse], error)
+	HistoryList(context.Context, *connect.Request[v1.HistoryListRequest]) (*connect.Response[v1.HistoryListResponse], error)
+	HistoryDeleteAll(context.Context, *connect.Request[v1.HistoryDeleteAllRequest]) (*connect.Response[v1.HistoryDeleteAllResponse], error)
+	HistorySubscribe(context.Context, *connect.Request[v1.HistorySubscribeRequest], *connect.ServerStream[v1.HistorySubscribeResponse]) error
+}
+
+// NewNotificationServiceHandler builds an HTTP handler from the service implementation. It returns
+// the path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewNotificationServiceHandler(svc NotificationServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	notificationServiceMethods := v1.File_sentinel_notifications_v1_notifications_proto.Services().ByName("NotificationService").Methods()
+	notificationServiceProvidersListHandler := connect.NewUnaryHandler(
+		NotificationServiceProvidersListProcedure,
+		svc.ProvidersList,
+		connect.WithSchema(notificationServiceMethods.ByName("ProvidersList")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceProviderCreateHandler := connect.NewUnaryHandler(
+		NotificationServiceProviderCreateProcedure,
+		svc.ProviderCreate,
+		connect.WithSchema(notificationServiceMethods.ByName("ProviderCreate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceProviderUpdateHandler := connect.NewUnaryHandler(
+		NotificationServiceProviderUpdateProcedure,
+		svc.ProviderUpdate,
+		connect.WithSchema(notificationServiceMethods.ByName("ProviderUpdate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceProviderDeleteHandler := connect.NewUnaryHandler(
+		NotificationServiceProviderDeleteProcedure,
+		svc.ProviderDelete,
+		connect.WithSchema(notificationServiceMethods.ByName("ProviderDelete")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceProviderTestHandler := connect.NewUnaryHandler(
+		NotificationServiceProviderTestProcedure,
+		svc.ProviderTest,
+		connect.WithSchema(notificationServiceMethods.ByName("ProviderTest")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceHistoryListHandler := connect.NewUnaryHandler(
+		NotificationServiceHistoryListProcedure,
+		svc.HistoryList,
+		connect.WithSchema(notificationServiceMethods.ByName("HistoryList")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceHistoryDeleteAllHandler := connect.NewUnaryHandler(
+		NotificationServiceHistoryDeleteAllProcedure,
+		svc.HistoryDeleteAll,
+		connect.WithSchema(notificationServiceMethods.ByName("HistoryDeleteAll")),
+		connect.WithHandlerOptions(opts...),
+	)
+	notificationServiceHistorySubscribeHandler := connect.NewServerStreamHandler(
+		NotificationServiceHistorySubscribeProcedure,
+		svc.HistorySubscribe,
+		connect.WithSchema(notificationServiceMethods.ByName("HistorySubscribe")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.notifications.v1.NotificationService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case NotificationServiceProvidersListProcedure:
+			notificationServiceProvidersListHandler.ServeHTTP(w, r)
+		case NotificationServiceProviderCreateProcedure:
+			notificationServiceProviderCreateHandler.ServeHTTP(w, r)
+		case NotificationServiceProviderUpdateProcedure:
+			notificationServiceProviderUpdateHandler.ServeHTTP(w, r)
+		case NotificationServiceProviderDeleteProcedure:
+			notificationServiceProviderDeleteHandler.ServeHTTP(w, r)
+		case NotificationServiceProviderTestProcedure:
+			notificationServiceProviderTestHandler.ServeHTTP(w, r)
+		case NotificationServiceHistoryListProcedure:
+			notificationServiceHistoryListHandler.ServeHTTP(w, r)
+		case NotificationServiceHistoryDeleteAllProcedure:
+			notificationServiceHistoryDeleteAllHandler.ServeHTTP(w, r)
+		case NotificationServiceHistorySubscribeProcedure:
+			notificationServiceHistorySubscribeHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedNotificationServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedNotificationServiceHandler struct{}
+
+func (UnimplementedNotificationServiceHandler) ProvidersList(context.Context, *connect.Request[v1.ProvidersListRequest]) (*connect.Response[v1.ProvidersListResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.ProvidersList is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) ProviderCreate(context.Context, *connect.Request[v1.ProviderCreateRequest]) (*connect.Response[v1.ProviderCreateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.ProviderCreate is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) ProviderUpdate(context.Context, *connect.Request[v1.ProviderUpdateRequest]) (*connect.Response[v1.ProviderUpdateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.ProviderUpdate is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) ProviderDelete(context.Context, *connect.Request[v1.ProviderDeleteRequest]) (*connect.Response[v1.ProviderDeleteResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.ProviderDelete is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) ProviderTest(context.Context, *connect.Request[v1.ProviderTestRequest]) (*connect.Response[v1.ProviderTestResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.ProviderTest is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) HistoryList(context.Context, *connect.Request[v1.HistoryListRequest]) (*connect.Response[v1.HistoryListResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.HistoryList is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) HistoryDeleteAll(context.Context, *connect.Request[v1.HistoryDeleteAllRequest]) (*connect.Response[v1.HistoryDeleteAllResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.HistoryDeleteAll is not implemented"))
+}
+
+func (UnimplementedNotificationServiceHandler) HistorySubscribe(context.Context, *connect.Request[v1.HistorySubscribeRequest], *connect.ServerStream[v1.HistorySubscribeResponse]) error {
+	return connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.notifications.v1.NotificationService.HistorySubscribe is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/projects/v1/projects.pb.go b/internal/hub/hubserver/api/sentinel/projects/v1/projects.pb.go
new file mode 100644
index 0000000..1c17976
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/projects/v1/projects.pb.go
@@ -0,0 +1,813 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/projects/v1/projects.proto
+
+package projectsv1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ProjectMonitorDefaults struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Interval      int64                  `protobuf:"varint,1,opt,name=interval,proto3" json:"interval,omitempty"` // in milliseconds
+	Timeout       int64                  `protobuf:"varint,2,opt,name=timeout,proto3" json:"timeout,omitempty"`   // in milliseconds
+	Retries       int64                  `protobuf:"varint,3,opt,name=retries,proto3" json:"retries,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectMonitorDefaults) Reset() {
+	*x = ProjectMonitorDefaults{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectMonitorDefaults) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectMonitorDefaults) ProtoMessage() {}
+
+func (x *ProjectMonitorDefaults) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectMonitorDefaults.ProtoReflect.Descriptor instead.
+func (*ProjectMonitorDefaults) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *ProjectMonitorDefaults) GetInterval() int64 {
+	if x != nil {
+		return x.Interval
+	}
+	return 0
+}
+
+func (x *ProjectMonitorDefaults) GetTimeout() int64 {
+	if x != nil {
+		return x.Timeout
+	}
+	return 0
+}
+
+func (x *ProjectMonitorDefaults) GetRetries() int64 {
+	if x != nil {
+		return x.Retries
+	}
+	return 0
+}
+
+type ProjectSettings struct {
+	state           protoimpl.MessageState  `protogen:"open.v1"`
+	MonitorDefaults *ProjectMonitorDefaults `protobuf:"bytes,1,opt,name=monitor_defaults,json=monitorDefaults,proto3" json:"monitor_defaults,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *ProjectSettings) Reset() {
+	*x = ProjectSettings{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectSettings) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectSettings) ProtoMessage() {}
+
+func (x *ProjectSettings) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectSettings.ProtoReflect.Descriptor instead.
+func (*ProjectSettings) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *ProjectSettings) GetMonitorDefaults() *ProjectMonitorDefaults {
+	if x != nil {
+		return x.MonitorDefaults
+	}
+	return nil
+}
+
+type Project struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Settings      *ProjectSettings       `protobuf:"bytes,6,opt,name=settings,proto3" json:"settings,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Project) Reset() {
+	*x = Project{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Project) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Project) ProtoMessage() {}
+
+func (x *Project) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Project.ProtoReflect.Descriptor instead.
+func (*Project) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Project) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Project) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Project) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Project) GetSettings() *ProjectSettings {
+	if x != nil {
+		return x.Settings
+	}
+	return nil
+}
+
+func (x *Project) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *Project) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+// ProjectsListRequest is the request message for listing projects.
+type ProjectsListRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectsListRequest) Reset() {
+	*x = ProjectsListRequest{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectsListRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectsListRequest) ProtoMessage() {}
+
+func (x *ProjectsListRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectsListRequest.ProtoReflect.Descriptor instead.
+func (*ProjectsListRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{3}
+}
+
+type ProjectsListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Items         []*Project             `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectsListResponse) Reset() {
+	*x = ProjectsListResponse{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectsListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectsListResponse) ProtoMessage() {}
+
+func (x *ProjectsListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectsListResponse.ProtoReflect.Descriptor instead.
+func (*ProjectsListResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ProjectsListResponse) GetItems() []*Project {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+// ProjectCreateRequest is the request message for creating a project.
+type ProjectCreateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Name          string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Settings      *ProjectSettings       `protobuf:"bytes,3,opt,name=settings,proto3" json:"settings,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectCreateRequest) Reset() {
+	*x = ProjectCreateRequest{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectCreateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectCreateRequest) ProtoMessage() {}
+
+func (x *ProjectCreateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectCreateRequest.ProtoReflect.Descriptor instead.
+func (*ProjectCreateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *ProjectCreateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ProjectCreateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ProjectCreateRequest) GetSettings() *ProjectSettings {
+	if x != nil {
+		return x.Settings
+	}
+	return nil
+}
+
+type ProjectCreateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Project               `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectCreateResponse) Reset() {
+	*x = ProjectCreateResponse{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectCreateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectCreateResponse) ProtoMessage() {}
+
+func (x *ProjectCreateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectCreateResponse.ProtoReflect.Descriptor instead.
+func (*ProjectCreateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *ProjectCreateResponse) GetItem() *Project {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ProjectGetRequest is the request message for getting a project.
+type ProjectGetRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectGetRequest) Reset() {
+	*x = ProjectGetRequest{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectGetRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectGetRequest) ProtoMessage() {}
+
+func (x *ProjectGetRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectGetRequest.ProtoReflect.Descriptor instead.
+func (*ProjectGetRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ProjectGetRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ProjectGetResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Project               `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectGetResponse) Reset() {
+	*x = ProjectGetResponse{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectGetResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectGetResponse) ProtoMessage() {}
+
+func (x *ProjectGetResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectGetResponse.ProtoReflect.Descriptor instead.
+func (*ProjectGetResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ProjectGetResponse) GetItem() *Project {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ProjectUpdateRequest is the request message for updating a project.
+type ProjectUpdateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Settings      *ProjectSettings       `protobuf:"bytes,4,opt,name=settings,proto3" json:"settings,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectUpdateRequest) Reset() {
+	*x = ProjectUpdateRequest{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectUpdateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectUpdateRequest) ProtoMessage() {}
+
+func (x *ProjectUpdateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectUpdateRequest.ProtoReflect.Descriptor instead.
+func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ProjectUpdateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *ProjectUpdateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ProjectUpdateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ProjectUpdateRequest) GetSettings() *ProjectSettings {
+	if x != nil {
+		return x.Settings
+	}
+	return nil
+}
+
+type ProjectUpdateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Project               `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectUpdateResponse) Reset() {
+	*x = ProjectUpdateResponse{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectUpdateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectUpdateResponse) ProtoMessage() {}
+
+func (x *ProjectUpdateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectUpdateResponse.ProtoReflect.Descriptor instead.
+func (*ProjectUpdateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ProjectUpdateResponse) GetItem() *Project {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ProjectDeleteRequest is the request message for deleting a project.
+type ProjectDeleteRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectDeleteRequest) Reset() {
+	*x = ProjectDeleteRequest{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectDeleteRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectDeleteRequest) ProtoMessage() {}
+
+func (x *ProjectDeleteRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectDeleteRequest.ProtoReflect.Descriptor instead.
+func (*ProjectDeleteRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *ProjectDeleteRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ProjectDeleteResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ProjectDeleteResponse) Reset() {
+	*x = ProjectDeleteResponse{}
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ProjectDeleteResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProjectDeleteResponse) ProtoMessage() {}
+
+func (x *ProjectDeleteResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_projects_v1_projects_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProjectDeleteResponse.ProtoReflect.Descriptor instead.
+func (*ProjectDeleteResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_projects_v1_projects_proto_rawDescGZIP(), []int{12}
+}
+
+var File_sentinel_projects_v1_projects_proto protoreflect.FileDescriptor
+
+const file_sentinel_projects_v1_projects_proto_rawDesc = "" +
+	"\n" +
+	"#sentinel/projects/v1/projects.proto\x12\x14sentinel.projects.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"h\n" +
+	"\x16ProjectMonitorDefaults\x12\x1a\n" +
+	"\binterval\x18\x01 \x01(\x03R\binterval\x12\x18\n" +
+	"\atimeout\x18\x02 \x01(\x03R\atimeout\x12\x18\n" +
+	"\aretries\x18\x03 \x01(\x03R\aretries\"j\n" +
+	"\x0fProjectSettings\x12W\n" +
+	"\x10monitor_defaults\x18\x01 \x01(\v2,.sentinel.projects.v1.ProjectMonitorDefaultsR\x0fmonitorDefaults\"\x88\x02\n" +
+	"\aProject\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12A\n" +
+	"\bsettings\x18\x06 \x01(\v2%.sentinel.projects.v1.ProjectSettingsR\bsettings\x129\n" +
+	"\n" +
+	"created_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\"\x15\n" +
+	"\x13ProjectsListRequest\"K\n" +
+	"\x14ProjectsListResponse\x123\n" +
+	"\x05items\x18\x01 \x03(\v2\x1d.sentinel.projects.v1.ProjectR\x05items\"\x8f\x01\n" +
+	"\x14ProjectCreateRequest\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12A\n" +
+	"\bsettings\x18\x03 \x01(\v2%.sentinel.projects.v1.ProjectSettingsR\bsettings\"J\n" +
+	"\x15ProjectCreateResponse\x121\n" +
+	"\x04item\x18\x01 \x01(\v2\x1d.sentinel.projects.v1.ProjectR\x04item\"#\n" +
+	"\x11ProjectGetRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"G\n" +
+	"\x12ProjectGetResponse\x121\n" +
+	"\x04item\x18\x01 \x01(\v2\x1d.sentinel.projects.v1.ProjectR\x04item\"\x9f\x01\n" +
+	"\x14ProjectUpdateRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12A\n" +
+	"\bsettings\x18\x04 \x01(\v2%.sentinel.projects.v1.ProjectSettingsR\bsettings\"J\n" +
+	"\x15ProjectUpdateResponse\x121\n" +
+	"\x04item\x18\x01 \x01(\v2\x1d.sentinel.projects.v1.ProjectR\x04item\"&\n" +
+	"\x14ProjectDeleteRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x17\n" +
+	"\x15ProjectDeleteResponse2\x97\x04\n" +
+	"\x0fProjectsService\x12e\n" +
+	"\fProjectsList\x12).sentinel.projects.v1.ProjectsListRequest\x1a*.sentinel.projects.v1.ProjectsListResponse\x12h\n" +
+	"\rProjectCreate\x12*.sentinel.projects.v1.ProjectCreateRequest\x1a+.sentinel.projects.v1.ProjectCreateResponse\x12_\n" +
+	"\n" +
+	"ProjectGet\x12'.sentinel.projects.v1.ProjectGetRequest\x1a(.sentinel.projects.v1.ProjectGetResponse\x12h\n" +
+	"\rProjectUpdate\x12*.sentinel.projects.v1.ProjectUpdateRequest\x1a+.sentinel.projects.v1.ProjectUpdateResponse\x12h\n" +
+	"\rProjectDelete\x12*.sentinel.projects.v1.ProjectDeleteRequest\x1a+.sentinel.projects.v1.ProjectDeleteResponseB\xf4\x01\n" +
+	"\x18com.sentinel.projects.v1B\rProjectsProtoP\x01ZWgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1;projectsv1\xa2\x02\x03SPX\xaa\x02\x14Sentinel.Projects.V1\xca\x02\x14Sentinel\\Projects\\V1\xe2\x02 Sentinel\\Projects\\V1\\GPBMetadata\xea\x02\x16Sentinel::Projects::V1b\x06proto3"
+
+var (
+	file_sentinel_projects_v1_projects_proto_rawDescOnce sync.Once
+	file_sentinel_projects_v1_projects_proto_rawDescData []byte
+)
+
+func file_sentinel_projects_v1_projects_proto_rawDescGZIP() []byte {
+	file_sentinel_projects_v1_projects_proto_rawDescOnce.Do(func() {
+		file_sentinel_projects_v1_projects_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_projects_v1_projects_proto_rawDesc), len(file_sentinel_projects_v1_projects_proto_rawDesc)))
+	})
+	return file_sentinel_projects_v1_projects_proto_rawDescData
+}
+
+var file_sentinel_projects_v1_projects_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_sentinel_projects_v1_projects_proto_goTypes = []any{
+	(*ProjectMonitorDefaults)(nil), // 0: sentinel.projects.v1.ProjectMonitorDefaults
+	(*ProjectSettings)(nil),        // 1: sentinel.projects.v1.ProjectSettings
+	(*Project)(nil),                // 2: sentinel.projects.v1.Project
+	(*ProjectsListRequest)(nil),    // 3: sentinel.projects.v1.ProjectsListRequest
+	(*ProjectsListResponse)(nil),   // 4: sentinel.projects.v1.ProjectsListResponse
+	(*ProjectCreateRequest)(nil),   // 5: sentinel.projects.v1.ProjectCreateRequest
+	(*ProjectCreateResponse)(nil),  // 6: sentinel.projects.v1.ProjectCreateResponse
+	(*ProjectGetRequest)(nil),      // 7: sentinel.projects.v1.ProjectGetRequest
+	(*ProjectGetResponse)(nil),     // 8: sentinel.projects.v1.ProjectGetResponse
+	(*ProjectUpdateRequest)(nil),   // 9: sentinel.projects.v1.ProjectUpdateRequest
+	(*ProjectUpdateResponse)(nil),  // 10: sentinel.projects.v1.ProjectUpdateResponse
+	(*ProjectDeleteRequest)(nil),   // 11: sentinel.projects.v1.ProjectDeleteRequest
+	(*ProjectDeleteResponse)(nil),  // 12: sentinel.projects.v1.ProjectDeleteResponse
+	(*timestamppb.Timestamp)(nil),  // 13: google.protobuf.Timestamp
+}
+var file_sentinel_projects_v1_projects_proto_depIdxs = []int32{
+	0,  // 0: sentinel.projects.v1.ProjectSettings.monitor_defaults:type_name -> sentinel.projects.v1.ProjectMonitorDefaults
+	1,  // 1: sentinel.projects.v1.Project.settings:type_name -> sentinel.projects.v1.ProjectSettings
+	13, // 2: sentinel.projects.v1.Project.created_at:type_name -> google.protobuf.Timestamp
+	13, // 3: sentinel.projects.v1.Project.updated_at:type_name -> google.protobuf.Timestamp
+	2,  // 4: sentinel.projects.v1.ProjectsListResponse.items:type_name -> sentinel.projects.v1.Project
+	1,  // 5: sentinel.projects.v1.ProjectCreateRequest.settings:type_name -> sentinel.projects.v1.ProjectSettings
+	2,  // 6: sentinel.projects.v1.ProjectCreateResponse.item:type_name -> sentinel.projects.v1.Project
+	2,  // 7: sentinel.projects.v1.ProjectGetResponse.item:type_name -> sentinel.projects.v1.Project
+	1,  // 8: sentinel.projects.v1.ProjectUpdateRequest.settings:type_name -> sentinel.projects.v1.ProjectSettings
+	2,  // 9: sentinel.projects.v1.ProjectUpdateResponse.item:type_name -> sentinel.projects.v1.Project
+	3,  // 10: sentinel.projects.v1.ProjectsService.ProjectsList:input_type -> sentinel.projects.v1.ProjectsListRequest
+	5,  // 11: sentinel.projects.v1.ProjectsService.ProjectCreate:input_type -> sentinel.projects.v1.ProjectCreateRequest
+	7,  // 12: sentinel.projects.v1.ProjectsService.ProjectGet:input_type -> sentinel.projects.v1.ProjectGetRequest
+	9,  // 13: sentinel.projects.v1.ProjectsService.ProjectUpdate:input_type -> sentinel.projects.v1.ProjectUpdateRequest
+	11, // 14: sentinel.projects.v1.ProjectsService.ProjectDelete:input_type -> sentinel.projects.v1.ProjectDeleteRequest
+	4,  // 15: sentinel.projects.v1.ProjectsService.ProjectsList:output_type -> sentinel.projects.v1.ProjectsListResponse
+	6,  // 16: sentinel.projects.v1.ProjectsService.ProjectCreate:output_type -> sentinel.projects.v1.ProjectCreateResponse
+	8,  // 17: sentinel.projects.v1.ProjectsService.ProjectGet:output_type -> sentinel.projects.v1.ProjectGetResponse
+	10, // 18: sentinel.projects.v1.ProjectsService.ProjectUpdate:output_type -> sentinel.projects.v1.ProjectUpdateResponse
+	12, // 19: sentinel.projects.v1.ProjectsService.ProjectDelete:output_type -> sentinel.projects.v1.ProjectDeleteResponse
+	15, // [15:20] is the sub-list for method output_type
+	10, // [10:15] is the sub-list for method input_type
+	10, // [10:10] is the sub-list for extension type_name
+	10, // [10:10] is the sub-list for extension extendee
+	0,  // [0:10] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_projects_v1_projects_proto_init() }
+func file_sentinel_projects_v1_projects_proto_init() {
+	if File_sentinel_projects_v1_projects_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_projects_v1_projects_proto_rawDesc), len(file_sentinel_projects_v1_projects_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   13,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_projects_v1_projects_proto_goTypes,
+		DependencyIndexes: file_sentinel_projects_v1_projects_proto_depIdxs,
+		MessageInfos:      file_sentinel_projects_v1_projects_proto_msgTypes,
+	}.Build()
+	File_sentinel_projects_v1_projects_proto = out.File
+	file_sentinel_projects_v1_projects_proto_goTypes = nil
+	file_sentinel_projects_v1_projects_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/projects/v1/projectsv1connect/projects.connect.go b/internal/hub/hubserver/api/sentinel/projects/v1/projectsv1connect/projects.connect.go
new file mode 100644
index 0000000..887591c
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/projects/v1/projectsv1connect/projects.connect.go
@@ -0,0 +1,225 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/projects/v1/projects.proto
+
+package projectsv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// ProjectsServiceName is the fully-qualified name of the ProjectsService service.
+	ProjectsServiceName = "sentinel.projects.v1.ProjectsService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// ProjectsServiceProjectsListProcedure is the fully-qualified name of the ProjectsService's
+	// ProjectsList RPC.
+	ProjectsServiceProjectsListProcedure = "/sentinel.projects.v1.ProjectsService/ProjectsList"
+	// ProjectsServiceProjectCreateProcedure is the fully-qualified name of the ProjectsService's
+	// ProjectCreate RPC.
+	ProjectsServiceProjectCreateProcedure = "/sentinel.projects.v1.ProjectsService/ProjectCreate"
+	// ProjectsServiceProjectGetProcedure is the fully-qualified name of the ProjectsService's
+	// ProjectGet RPC.
+	ProjectsServiceProjectGetProcedure = "/sentinel.projects.v1.ProjectsService/ProjectGet"
+	// ProjectsServiceProjectUpdateProcedure is the fully-qualified name of the ProjectsService's
+	// ProjectUpdate RPC.
+	ProjectsServiceProjectUpdateProcedure = "/sentinel.projects.v1.ProjectsService/ProjectUpdate"
+	// ProjectsServiceProjectDeleteProcedure is the fully-qualified name of the ProjectsService's
+	// ProjectDelete RPC.
+	ProjectsServiceProjectDeleteProcedure = "/sentinel.projects.v1.ProjectsService/ProjectDelete"
+)
+
+// ProjectsServiceClient is a client for the sentinel.projects.v1.ProjectsService service.
+type ProjectsServiceClient interface {
+	ProjectsList(context.Context, *connect.Request[v1.ProjectsListRequest]) (*connect.Response[v1.ProjectsListResponse], error)
+	ProjectCreate(context.Context, *connect.Request[v1.ProjectCreateRequest]) (*connect.Response[v1.ProjectCreateResponse], error)
+	ProjectGet(context.Context, *connect.Request[v1.ProjectGetRequest]) (*connect.Response[v1.ProjectGetResponse], error)
+	ProjectUpdate(context.Context, *connect.Request[v1.ProjectUpdateRequest]) (*connect.Response[v1.ProjectUpdateResponse], error)
+	ProjectDelete(context.Context, *connect.Request[v1.ProjectDeleteRequest]) (*connect.Response[v1.ProjectDeleteResponse], error)
+}
+
+// NewProjectsServiceClient constructs a client for the sentinel.projects.v1.ProjectsService
+// service. By default, it uses the Connect protocol with the binary Protobuf Codec, asks for
+// gzipped responses, and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply
+// the connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewProjectsServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) ProjectsServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	projectsServiceMethods := v1.File_sentinel_projects_v1_projects_proto.Services().ByName("ProjectsService").Methods()
+	return &projectsServiceClient{
+		projectsList: connect.NewClient[v1.ProjectsListRequest, v1.ProjectsListResponse](
+			httpClient,
+			baseURL+ProjectsServiceProjectsListProcedure,
+			connect.WithSchema(projectsServiceMethods.ByName("ProjectsList")),
+			connect.WithClientOptions(opts...),
+		),
+		projectCreate: connect.NewClient[v1.ProjectCreateRequest, v1.ProjectCreateResponse](
+			httpClient,
+			baseURL+ProjectsServiceProjectCreateProcedure,
+			connect.WithSchema(projectsServiceMethods.ByName("ProjectCreate")),
+			connect.WithClientOptions(opts...),
+		),
+		projectGet: connect.NewClient[v1.ProjectGetRequest, v1.ProjectGetResponse](
+			httpClient,
+			baseURL+ProjectsServiceProjectGetProcedure,
+			connect.WithSchema(projectsServiceMethods.ByName("ProjectGet")),
+			connect.WithClientOptions(opts...),
+		),
+		projectUpdate: connect.NewClient[v1.ProjectUpdateRequest, v1.ProjectUpdateResponse](
+			httpClient,
+			baseURL+ProjectsServiceProjectUpdateProcedure,
+			connect.WithSchema(projectsServiceMethods.ByName("ProjectUpdate")),
+			connect.WithClientOptions(opts...),
+		),
+		projectDelete: connect.NewClient[v1.ProjectDeleteRequest, v1.ProjectDeleteResponse](
+			httpClient,
+			baseURL+ProjectsServiceProjectDeleteProcedure,
+			connect.WithSchema(projectsServiceMethods.ByName("ProjectDelete")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// projectsServiceClient implements ProjectsServiceClient.
+type projectsServiceClient struct {
+	projectsList  *connect.Client[v1.ProjectsListRequest, v1.ProjectsListResponse]
+	projectCreate *connect.Client[v1.ProjectCreateRequest, v1.ProjectCreateResponse]
+	projectGet    *connect.Client[v1.ProjectGetRequest, v1.ProjectGetResponse]
+	projectUpdate *connect.Client[v1.ProjectUpdateRequest, v1.ProjectUpdateResponse]
+	projectDelete *connect.Client[v1.ProjectDeleteRequest, v1.ProjectDeleteResponse]
+}
+
+// ProjectsList calls sentinel.projects.v1.ProjectsService.ProjectsList.
+func (c *projectsServiceClient) ProjectsList(ctx context.Context, req *connect.Request[v1.ProjectsListRequest]) (*connect.Response[v1.ProjectsListResponse], error) {
+	return c.projectsList.CallUnary(ctx, req)
+}
+
+// ProjectCreate calls sentinel.projects.v1.ProjectsService.ProjectCreate.
+func (c *projectsServiceClient) ProjectCreate(ctx context.Context, req *connect.Request[v1.ProjectCreateRequest]) (*connect.Response[v1.ProjectCreateResponse], error) {
+	return c.projectCreate.CallUnary(ctx, req)
+}
+
+// ProjectGet calls sentinel.projects.v1.ProjectsService.ProjectGet.
+func (c *projectsServiceClient) ProjectGet(ctx context.Context, req *connect.Request[v1.ProjectGetRequest]) (*connect.Response[v1.ProjectGetResponse], error) {
+	return c.projectGet.CallUnary(ctx, req)
+}
+
+// ProjectUpdate calls sentinel.projects.v1.ProjectsService.ProjectUpdate.
+func (c *projectsServiceClient) ProjectUpdate(ctx context.Context, req *connect.Request[v1.ProjectUpdateRequest]) (*connect.Response[v1.ProjectUpdateResponse], error) {
+	return c.projectUpdate.CallUnary(ctx, req)
+}
+
+// ProjectDelete calls sentinel.projects.v1.ProjectsService.ProjectDelete.
+func (c *projectsServiceClient) ProjectDelete(ctx context.Context, req *connect.Request[v1.ProjectDeleteRequest]) (*connect.Response[v1.ProjectDeleteResponse], error) {
+	return c.projectDelete.CallUnary(ctx, req)
+}
+
+// ProjectsServiceHandler is an implementation of the sentinel.projects.v1.ProjectsService service.
+type ProjectsServiceHandler interface {
+	ProjectsList(context.Context, *connect.Request[v1.ProjectsListRequest]) (*connect.Response[v1.ProjectsListResponse], error)
+	ProjectCreate(context.Context, *connect.Request[v1.ProjectCreateRequest]) (*connect.Response[v1.ProjectCreateResponse], error)
+	ProjectGet(context.Context, *connect.Request[v1.ProjectGetRequest]) (*connect.Response[v1.ProjectGetResponse], error)
+	ProjectUpdate(context.Context, *connect.Request[v1.ProjectUpdateRequest]) (*connect.Response[v1.ProjectUpdateResponse], error)
+	ProjectDelete(context.Context, *connect.Request[v1.ProjectDeleteRequest]) (*connect.Response[v1.ProjectDeleteResponse], error)
+}
+
+// NewProjectsServiceHandler builds an HTTP handler from the service implementation. It returns the
+// path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewProjectsServiceHandler(svc ProjectsServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	projectsServiceMethods := v1.File_sentinel_projects_v1_projects_proto.Services().ByName("ProjectsService").Methods()
+	projectsServiceProjectsListHandler := connect.NewUnaryHandler(
+		ProjectsServiceProjectsListProcedure,
+		svc.ProjectsList,
+		connect.WithSchema(projectsServiceMethods.ByName("ProjectsList")),
+		connect.WithHandlerOptions(opts...),
+	)
+	projectsServiceProjectCreateHandler := connect.NewUnaryHandler(
+		ProjectsServiceProjectCreateProcedure,
+		svc.ProjectCreate,
+		connect.WithSchema(projectsServiceMethods.ByName("ProjectCreate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	projectsServiceProjectGetHandler := connect.NewUnaryHandler(
+		ProjectsServiceProjectGetProcedure,
+		svc.ProjectGet,
+		connect.WithSchema(projectsServiceMethods.ByName("ProjectGet")),
+		connect.WithHandlerOptions(opts...),
+	)
+	projectsServiceProjectUpdateHandler := connect.NewUnaryHandler(
+		ProjectsServiceProjectUpdateProcedure,
+		svc.ProjectUpdate,
+		connect.WithSchema(projectsServiceMethods.ByName("ProjectUpdate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	projectsServiceProjectDeleteHandler := connect.NewUnaryHandler(
+		ProjectsServiceProjectDeleteProcedure,
+		svc.ProjectDelete,
+		connect.WithSchema(projectsServiceMethods.ByName("ProjectDelete")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.projects.v1.ProjectsService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case ProjectsServiceProjectsListProcedure:
+			projectsServiceProjectsListHandler.ServeHTTP(w, r)
+		case ProjectsServiceProjectCreateProcedure:
+			projectsServiceProjectCreateHandler.ServeHTTP(w, r)
+		case ProjectsServiceProjectGetProcedure:
+			projectsServiceProjectGetHandler.ServeHTTP(w, r)
+		case ProjectsServiceProjectUpdateProcedure:
+			projectsServiceProjectUpdateHandler.ServeHTTP(w, r)
+		case ProjectsServiceProjectDeleteProcedure:
+			projectsServiceProjectDeleteHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedProjectsServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedProjectsServiceHandler struct{}
+
+func (UnimplementedProjectsServiceHandler) ProjectsList(context.Context, *connect.Request[v1.ProjectsListRequest]) (*connect.Response[v1.ProjectsListResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.projects.v1.ProjectsService.ProjectsList is not implemented"))
+}
+
+func (UnimplementedProjectsServiceHandler) ProjectCreate(context.Context, *connect.Request[v1.ProjectCreateRequest]) (*connect.Response[v1.ProjectCreateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.projects.v1.ProjectsService.ProjectCreate is not implemented"))
+}
+
+func (UnimplementedProjectsServiceHandler) ProjectGet(context.Context, *connect.Request[v1.ProjectGetRequest]) (*connect.Response[v1.ProjectGetResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.projects.v1.ProjectsService.ProjectGet is not implemented"))
+}
+
+func (UnimplementedProjectsServiceHandler) ProjectUpdate(context.Context, *connect.Request[v1.ProjectUpdateRequest]) (*connect.Response[v1.ProjectUpdateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.projects.v1.ProjectsService.ProjectUpdate is not implemented"))
+}
+
+func (UnimplementedProjectsServiceHandler) ProjectDelete(context.Context, *connect.Request[v1.ProjectDeleteRequest]) (*connect.Response[v1.ProjectDeleteResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.projects.v1.ProjectsService.ProjectDelete is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/resources/v1/resourcesv1connect/service.connect.go b/internal/hub/hubserver/api/sentinel/resources/v1/resourcesv1connect/service.connect.go
new file mode 100644
index 0000000..38b41c8
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/resources/v1/resourcesv1connect/service.connect.go
@@ -0,0 +1,226 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/resources/v1/service.proto
+
+package resourcesv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/resources/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// ResourcesServiceName is the fully-qualified name of the ResourcesService service.
+	ResourcesServiceName = "sentinel.resources.v1.ResourcesService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// ResourcesServiceResourcesListProcedure is the fully-qualified name of the ResourcesService's
+	// ResourcesList RPC.
+	ResourcesServiceResourcesListProcedure = "/sentinel.resources.v1.ResourcesService/ResourcesList"
+	// ResourcesServiceResourceGetProcedure is the fully-qualified name of the ResourcesService's
+	// ResourceGet RPC.
+	ResourcesServiceResourceGetProcedure = "/sentinel.resources.v1.ResourcesService/ResourceGet"
+	// ResourcesServiceResourceCreateProcedure is the fully-qualified name of the ResourcesService's
+	// ResourceCreate RPC.
+	ResourcesServiceResourceCreateProcedure = "/sentinel.resources.v1.ResourcesService/ResourceCreate"
+	// ResourcesServiceResourceUpdateProcedure is the fully-qualified name of the ResourcesService's
+	// ResourceUpdate RPC.
+	ResourcesServiceResourceUpdateProcedure = "/sentinel.resources.v1.ResourcesService/ResourceUpdate"
+	// ResourcesServiceResourceDeleteProcedure is the fully-qualified name of the ResourcesService's
+	// ResourceDelete RPC.
+	ResourcesServiceResourceDeleteProcedure = "/sentinel.resources.v1.ResourcesService/ResourceDelete"
+)
+
+// ResourcesServiceClient is a client for the sentinel.resources.v1.ResourcesService service.
+type ResourcesServiceClient interface {
+	ResourcesList(context.Context, *connect.Request[v1.ResourcesListRequest]) (*connect.Response[v1.ResourcesListResponse], error)
+	ResourceGet(context.Context, *connect.Request[v1.ResourceGetRequest]) (*connect.Response[v1.ResourceGetResponse], error)
+	ResourceCreate(context.Context, *connect.Request[v1.ResourceCreateRequest]) (*connect.Response[v1.ResourceCreateResponse], error)
+	ResourceUpdate(context.Context, *connect.Request[v1.ResourceUpdateRequest]) (*connect.Response[v1.ResourceUpdateResponse], error)
+	ResourceDelete(context.Context, *connect.Request[v1.ResourceDeleteRequest]) (*connect.Response[v1.ResourceDeleteResponse], error)
+}
+
+// NewResourcesServiceClient constructs a client for the sentinel.resources.v1.ResourcesService
+// service. By default, it uses the Connect protocol with the binary Protobuf Codec, asks for
+// gzipped responses, and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply
+// the connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewResourcesServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) ResourcesServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	resourcesServiceMethods := v1.File_sentinel_resources_v1_service_proto.Services().ByName("ResourcesService").Methods()
+	return &resourcesServiceClient{
+		resourcesList: connect.NewClient[v1.ResourcesListRequest, v1.ResourcesListResponse](
+			httpClient,
+			baseURL+ResourcesServiceResourcesListProcedure,
+			connect.WithSchema(resourcesServiceMethods.ByName("ResourcesList")),
+			connect.WithClientOptions(opts...),
+		),
+		resourceGet: connect.NewClient[v1.ResourceGetRequest, v1.ResourceGetResponse](
+			httpClient,
+			baseURL+ResourcesServiceResourceGetProcedure,
+			connect.WithSchema(resourcesServiceMethods.ByName("ResourceGet")),
+			connect.WithClientOptions(opts...),
+		),
+		resourceCreate: connect.NewClient[v1.ResourceCreateRequest, v1.ResourceCreateResponse](
+			httpClient,
+			baseURL+ResourcesServiceResourceCreateProcedure,
+			connect.WithSchema(resourcesServiceMethods.ByName("ResourceCreate")),
+			connect.WithClientOptions(opts...),
+		),
+		resourceUpdate: connect.NewClient[v1.ResourceUpdateRequest, v1.ResourceUpdateResponse](
+			httpClient,
+			baseURL+ResourcesServiceResourceUpdateProcedure,
+			connect.WithSchema(resourcesServiceMethods.ByName("ResourceUpdate")),
+			connect.WithClientOptions(opts...),
+		),
+		resourceDelete: connect.NewClient[v1.ResourceDeleteRequest, v1.ResourceDeleteResponse](
+			httpClient,
+			baseURL+ResourcesServiceResourceDeleteProcedure,
+			connect.WithSchema(resourcesServiceMethods.ByName("ResourceDelete")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// resourcesServiceClient implements ResourcesServiceClient.
+type resourcesServiceClient struct {
+	resourcesList  *connect.Client[v1.ResourcesListRequest, v1.ResourcesListResponse]
+	resourceGet    *connect.Client[v1.ResourceGetRequest, v1.ResourceGetResponse]
+	resourceCreate *connect.Client[v1.ResourceCreateRequest, v1.ResourceCreateResponse]
+	resourceUpdate *connect.Client[v1.ResourceUpdateRequest, v1.ResourceUpdateResponse]
+	resourceDelete *connect.Client[v1.ResourceDeleteRequest, v1.ResourceDeleteResponse]
+}
+
+// ResourcesList calls sentinel.resources.v1.ResourcesService.ResourcesList.
+func (c *resourcesServiceClient) ResourcesList(ctx context.Context, req *connect.Request[v1.ResourcesListRequest]) (*connect.Response[v1.ResourcesListResponse], error) {
+	return c.resourcesList.CallUnary(ctx, req)
+}
+
+// ResourceGet calls sentinel.resources.v1.ResourcesService.ResourceGet.
+func (c *resourcesServiceClient) ResourceGet(ctx context.Context, req *connect.Request[v1.ResourceGetRequest]) (*connect.Response[v1.ResourceGetResponse], error) {
+	return c.resourceGet.CallUnary(ctx, req)
+}
+
+// ResourceCreate calls sentinel.resources.v1.ResourcesService.ResourceCreate.
+func (c *resourcesServiceClient) ResourceCreate(ctx context.Context, req *connect.Request[v1.ResourceCreateRequest]) (*connect.Response[v1.ResourceCreateResponse], error) {
+	return c.resourceCreate.CallUnary(ctx, req)
+}
+
+// ResourceUpdate calls sentinel.resources.v1.ResourcesService.ResourceUpdate.
+func (c *resourcesServiceClient) ResourceUpdate(ctx context.Context, req *connect.Request[v1.ResourceUpdateRequest]) (*connect.Response[v1.ResourceUpdateResponse], error) {
+	return c.resourceUpdate.CallUnary(ctx, req)
+}
+
+// ResourceDelete calls sentinel.resources.v1.ResourcesService.ResourceDelete.
+func (c *resourcesServiceClient) ResourceDelete(ctx context.Context, req *connect.Request[v1.ResourceDeleteRequest]) (*connect.Response[v1.ResourceDeleteResponse], error) {
+	return c.resourceDelete.CallUnary(ctx, req)
+}
+
+// ResourcesServiceHandler is an implementation of the sentinel.resources.v1.ResourcesService
+// service.
+type ResourcesServiceHandler interface {
+	ResourcesList(context.Context, *connect.Request[v1.ResourcesListRequest]) (*connect.Response[v1.ResourcesListResponse], error)
+	ResourceGet(context.Context, *connect.Request[v1.ResourceGetRequest]) (*connect.Response[v1.ResourceGetResponse], error)
+	ResourceCreate(context.Context, *connect.Request[v1.ResourceCreateRequest]) (*connect.Response[v1.ResourceCreateResponse], error)
+	ResourceUpdate(context.Context, *connect.Request[v1.ResourceUpdateRequest]) (*connect.Response[v1.ResourceUpdateResponse], error)
+	ResourceDelete(context.Context, *connect.Request[v1.ResourceDeleteRequest]) (*connect.Response[v1.ResourceDeleteResponse], error)
+}
+
+// NewResourcesServiceHandler builds an HTTP handler from the service implementation. It returns the
+// path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewResourcesServiceHandler(svc ResourcesServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	resourcesServiceMethods := v1.File_sentinel_resources_v1_service_proto.Services().ByName("ResourcesService").Methods()
+	resourcesServiceResourcesListHandler := connect.NewUnaryHandler(
+		ResourcesServiceResourcesListProcedure,
+		svc.ResourcesList,
+		connect.WithSchema(resourcesServiceMethods.ByName("ResourcesList")),
+		connect.WithHandlerOptions(opts...),
+	)
+	resourcesServiceResourceGetHandler := connect.NewUnaryHandler(
+		ResourcesServiceResourceGetProcedure,
+		svc.ResourceGet,
+		connect.WithSchema(resourcesServiceMethods.ByName("ResourceGet")),
+		connect.WithHandlerOptions(opts...),
+	)
+	resourcesServiceResourceCreateHandler := connect.NewUnaryHandler(
+		ResourcesServiceResourceCreateProcedure,
+		svc.ResourceCreate,
+		connect.WithSchema(resourcesServiceMethods.ByName("ResourceCreate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	resourcesServiceResourceUpdateHandler := connect.NewUnaryHandler(
+		ResourcesServiceResourceUpdateProcedure,
+		svc.ResourceUpdate,
+		connect.WithSchema(resourcesServiceMethods.ByName("ResourceUpdate")),
+		connect.WithHandlerOptions(opts...),
+	)
+	resourcesServiceResourceDeleteHandler := connect.NewUnaryHandler(
+		ResourcesServiceResourceDeleteProcedure,
+		svc.ResourceDelete,
+		connect.WithSchema(resourcesServiceMethods.ByName("ResourceDelete")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.resources.v1.ResourcesService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case ResourcesServiceResourcesListProcedure:
+			resourcesServiceResourcesListHandler.ServeHTTP(w, r)
+		case ResourcesServiceResourceGetProcedure:
+			resourcesServiceResourceGetHandler.ServeHTTP(w, r)
+		case ResourcesServiceResourceCreateProcedure:
+			resourcesServiceResourceCreateHandler.ServeHTTP(w, r)
+		case ResourcesServiceResourceUpdateProcedure:
+			resourcesServiceResourceUpdateHandler.ServeHTTP(w, r)
+		case ResourcesServiceResourceDeleteProcedure:
+			resourcesServiceResourceDeleteHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedResourcesServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedResourcesServiceHandler struct{}
+
+func (UnimplementedResourcesServiceHandler) ResourcesList(context.Context, *connect.Request[v1.ResourcesListRequest]) (*connect.Response[v1.ResourcesListResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.resources.v1.ResourcesService.ResourcesList is not implemented"))
+}
+
+func (UnimplementedResourcesServiceHandler) ResourceGet(context.Context, *connect.Request[v1.ResourceGetRequest]) (*connect.Response[v1.ResourceGetResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.resources.v1.ResourcesService.ResourceGet is not implemented"))
+}
+
+func (UnimplementedResourcesServiceHandler) ResourceCreate(context.Context, *connect.Request[v1.ResourceCreateRequest]) (*connect.Response[v1.ResourceCreateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.resources.v1.ResourcesService.ResourceCreate is not implemented"))
+}
+
+func (UnimplementedResourcesServiceHandler) ResourceUpdate(context.Context, *connect.Request[v1.ResourceUpdateRequest]) (*connect.Response[v1.ResourceUpdateResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.resources.v1.ResourcesService.ResourceUpdate is not implemented"))
+}
+
+func (UnimplementedResourcesServiceHandler) ResourceDelete(context.Context, *connect.Request[v1.ResourceDeleteRequest]) (*connect.Response[v1.ResourceDeleteResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.resources.v1.ResourcesService.ResourceDelete is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/resources/v1/service.pb.go b/internal/hub/hubserver/api/sentinel/resources/v1/service.pb.go
new file mode 100644
index 0000000..7f1d3b7
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/resources/v1/service.pb.go
@@ -0,0 +1,899 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/resources/v1/service.proto
+
+package resourcesv1
+
+import (
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/common/v1"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ResourceKind int32
+
+const (
+	ResourceKind_RESOURCE_KIND_UNSPECIFIED ResourceKind = 0
+	ResourceKind_RESOURCE_KIND_SERVICE     ResourceKind = 1
+	ResourceKind_RESOURCE_KIND_SERVER      ResourceKind = 2
+)
+
+// Enum value maps for ResourceKind.
+var (
+	ResourceKind_name = map[int32]string{
+		0: "RESOURCE_KIND_UNSPECIFIED",
+		1: "RESOURCE_KIND_SERVICE",
+		2: "RESOURCE_KIND_SERVER",
+	}
+	ResourceKind_value = map[string]int32{
+		"RESOURCE_KIND_UNSPECIFIED": 0,
+		"RESOURCE_KIND_SERVICE":     1,
+		"RESOURCE_KIND_SERVER":      2,
+	}
+)
+
+func (x ResourceKind) Enum() *ResourceKind {
+	p := new(ResourceKind)
+	*p = x
+	return p
+}
+
+func (x ResourceKind) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ResourceKind) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_resources_v1_service_proto_enumTypes[0].Descriptor()
+}
+
+func (ResourceKind) Type() protoreflect.EnumType {
+	return &file_sentinel_resources_v1_service_proto_enumTypes[0]
+}
+
+func (x ResourceKind) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ResourceKind.Descriptor instead.
+func (ResourceKind) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{0}
+}
+
+type Payload struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Payload) Reset() {
+	*x = Payload{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Payload) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Payload) ProtoMessage() {}
+
+func (x *Payload) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Payload.ProtoReflect.Descriptor instead.
+func (*Payload) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{0}
+}
+
+type Resource struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	ProjectId     string                 `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
+	Name          string                 `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	Kind          ResourceKind           `protobuf:"varint,5,opt,name=kind,proto3,enum=sentinel.resources.v1.ResourceKind" json:"kind,omitempty"`
+	Tags          []string               `protobuf:"bytes,6,rep,name=tags,proto3" json:"tags,omitempty"`
+	Payload       *Payload               `protobuf:"bytes,7,opt,name=payload,proto3" json:"payload,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Resource) Reset() {
+	*x = Resource{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Resource) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Resource) ProtoMessage() {}
+
+func (x *Resource) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Resource.ProtoReflect.Descriptor instead.
+func (*Resource) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *Resource) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Resource) GetProjectId() string {
+	if x != nil {
+		return x.ProjectId
+	}
+	return ""
+}
+
+func (x *Resource) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Resource) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Resource) GetKind() ResourceKind {
+	if x != nil {
+		return x.Kind
+	}
+	return ResourceKind_RESOURCE_KIND_UNSPECIFIED
+}
+
+func (x *Resource) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *Resource) GetPayload() *Payload {
+	if x != nil {
+		return x.Payload
+	}
+	return nil
+}
+
+func (x *Resource) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *Resource) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+// ResourcesList requests a list of resources.
+type ResourcesListRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Common        *v1.FindRequestCommon  `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourcesListRequest) Reset() {
+	*x = ResourcesListRequest{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourcesListRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourcesListRequest) ProtoMessage() {}
+
+func (x *ResourcesListRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourcesListRequest.ProtoReflect.Descriptor instead.
+func (*ResourcesListRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ResourcesListRequest) GetCommon() *v1.FindRequestCommon {
+	if x != nil {
+		return x.Common
+	}
+	return nil
+}
+
+type ResourcesListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Items         []*Resource            `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"`
+	Count         uint32                 `protobuf:"varint,2,opt,name=count,proto3" json:"count,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourcesListResponse) Reset() {
+	*x = ResourcesListResponse{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourcesListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourcesListResponse) ProtoMessage() {}
+
+func (x *ResourcesListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourcesListResponse.ProtoReflect.Descriptor instead.
+func (*ResourcesListResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ResourcesListResponse) GetItems() []*Resource {
+	if x != nil {
+		return x.Items
+	}
+	return nil
+}
+
+func (x *ResourcesListResponse) GetCount() uint32 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
+// ResourceGet requests a resource by ID.
+type ResourceGetRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceGetRequest) Reset() {
+	*x = ResourceGetRequest{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceGetRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceGetRequest) ProtoMessage() {}
+
+func (x *ResourceGetRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceGetRequest.ProtoReflect.Descriptor instead.
+func (*ResourceGetRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResourceGetRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ResourceGetResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Resource              `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceGetResponse) Reset() {
+	*x = ResourceGetResponse{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceGetResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceGetResponse) ProtoMessage() {}
+
+func (x *ResourceGetResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceGetResponse.ProtoReflect.Descriptor instead.
+func (*ResourceGetResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *ResourceGetResponse) GetItem() *Resource {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ResourceCreate creates a new resource.
+type ResourceCreateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	ProjectId     string                 `protobuf:"bytes,1,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"`
+	AgentIds      []string               `protobuf:"bytes,2,rep,name=agent_ids,json=agentIds,proto3" json:"agent_ids,omitempty"`
+	Name          string                 `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	Kind          ResourceKind           `protobuf:"varint,5,opt,name=kind,proto3,enum=sentinel.resources.v1.ResourceKind" json:"kind,omitempty"`
+	Tags          []string               `protobuf:"bytes,6,rep,name=tags,proto3" json:"tags,omitempty"`
+	Payload       *Payload               `protobuf:"bytes,7,opt,name=payload,proto3" json:"payload,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceCreateRequest) Reset() {
+	*x = ResourceCreateRequest{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceCreateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceCreateRequest) ProtoMessage() {}
+
+func (x *ResourceCreateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceCreateRequest.ProtoReflect.Descriptor instead.
+func (*ResourceCreateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *ResourceCreateRequest) GetProjectId() string {
+	if x != nil {
+		return x.ProjectId
+	}
+	return ""
+}
+
+func (x *ResourceCreateRequest) GetAgentIds() []string {
+	if x != nil {
+		return x.AgentIds
+	}
+	return nil
+}
+
+func (x *ResourceCreateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ResourceCreateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ResourceCreateRequest) GetKind() ResourceKind {
+	if x != nil {
+		return x.Kind
+	}
+	return ResourceKind_RESOURCE_KIND_UNSPECIFIED
+}
+
+func (x *ResourceCreateRequest) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *ResourceCreateRequest) GetPayload() *Payload {
+	if x != nil {
+		return x.Payload
+	}
+	return nil
+}
+
+type ResourceCreateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Resource              `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceCreateResponse) Reset() {
+	*x = ResourceCreateResponse{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceCreateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceCreateResponse) ProtoMessage() {}
+
+func (x *ResourceCreateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceCreateResponse.ProtoReflect.Descriptor instead.
+func (*ResourceCreateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ResourceCreateResponse) GetItem() *Resource {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ResourceUpdate updates an existing resource.
+type ResourceUpdateRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Tags          []string               `protobuf:"bytes,4,rep,name=tags,proto3" json:"tags,omitempty"`
+	Payload       *Payload               `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"`
+	AgentIds      []string               `protobuf:"bytes,6,rep,name=agent_ids,json=agentIds,proto3" json:"agent_ids,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceUpdateRequest) Reset() {
+	*x = ResourceUpdateRequest{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceUpdateRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceUpdateRequest) ProtoMessage() {}
+
+func (x *ResourceUpdateRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceUpdateRequest.ProtoReflect.Descriptor instead.
+func (*ResourceUpdateRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ResourceUpdateRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *ResourceUpdateRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *ResourceUpdateRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *ResourceUpdateRequest) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *ResourceUpdateRequest) GetPayload() *Payload {
+	if x != nil {
+		return x.Payload
+	}
+	return nil
+}
+
+func (x *ResourceUpdateRequest) GetAgentIds() []string {
+	if x != nil {
+		return x.AgentIds
+	}
+	return nil
+}
+
+type ResourceUpdateResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Item          *Resource              `protobuf:"bytes,1,opt,name=item,proto3" json:"item,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceUpdateResponse) Reset() {
+	*x = ResourceUpdateResponse{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceUpdateResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceUpdateResponse) ProtoMessage() {}
+
+func (x *ResourceUpdateResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceUpdateResponse.ProtoReflect.Descriptor instead.
+func (*ResourceUpdateResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ResourceUpdateResponse) GetItem() *Resource {
+	if x != nil {
+		return x.Item
+	}
+	return nil
+}
+
+// ResourceDelete deletes a resource by ID.
+type ResourceDeleteRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceDeleteRequest) Reset() {
+	*x = ResourceDeleteRequest{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceDeleteRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceDeleteRequest) ProtoMessage() {}
+
+func (x *ResourceDeleteRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceDeleteRequest.ProtoReflect.Descriptor instead.
+func (*ResourceDeleteRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ResourceDeleteRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type ResourceDeleteResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ResourceDeleteResponse) Reset() {
+	*x = ResourceDeleteResponse{}
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ResourceDeleteResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResourceDeleteResponse) ProtoMessage() {}
+
+func (x *ResourceDeleteResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_resources_v1_service_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResourceDeleteResponse.ProtoReflect.Descriptor instead.
+func (*ResourceDeleteResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_resources_v1_service_proto_rawDescGZIP(), []int{11}
+}
+
+var File_sentinel_resources_v1_service_proto protoreflect.FileDescriptor
+
+const file_sentinel_resources_v1_service_proto_rawDesc = "" +
+	"\n" +
+	"#sentinel/resources/v1/service.proto\x12\x15sentinel.resources.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1fsentinel/common/v1/common.proto\"\t\n" +
+	"\aPayload\"\xec\x02\n" +
+	"\bResource\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1d\n" +
+	"\n" +
+	"project_id\x18\x02 \x01(\tR\tprojectId\x12\x12\n" +
+	"\x04name\x18\x03 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x04 \x01(\tR\vdescription\x127\n" +
+	"\x04kind\x18\x05 \x01(\x0e2#.sentinel.resources.v1.ResourceKindR\x04kind\x12\x12\n" +
+	"\x04tags\x18\x06 \x03(\tR\x04tags\x128\n" +
+	"\apayload\x18\a \x01(\v2\x1e.sentinel.resources.v1.PayloadR\apayload\x129\n" +
+	"\n" +
+	"created_at\x18\b \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\t \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\"U\n" +
+	"\x14ResourcesListRequest\x12=\n" +
+	"\x06common\x18\x01 \x01(\v2%.sentinel.common.v1.FindRequestCommonR\x06common\"d\n" +
+	"\x15ResourcesListResponse\x125\n" +
+	"\x05items\x18\x01 \x03(\v2\x1f.sentinel.resources.v1.ResourceR\x05items\x12\x14\n" +
+	"\x05count\x18\x02 \x01(\rR\x05count\"$\n" +
+	"\x12ResourceGetRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"J\n" +
+	"\x13ResourceGetResponse\x123\n" +
+	"\x04item\x18\x01 \x01(\v2\x1f.sentinel.resources.v1.ResourceR\x04item\"\x90\x02\n" +
+	"\x15ResourceCreateRequest\x12\x1d\n" +
+	"\n" +
+	"project_id\x18\x01 \x01(\tR\tprojectId\x12\x1b\n" +
+	"\tagent_ids\x18\x02 \x03(\tR\bagentIds\x12\x12\n" +
+	"\x04name\x18\x03 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x04 \x01(\tR\vdescription\x127\n" +
+	"\x04kind\x18\x05 \x01(\x0e2#.sentinel.resources.v1.ResourceKindR\x04kind\x12\x12\n" +
+	"\x04tags\x18\x06 \x03(\tR\x04tags\x128\n" +
+	"\apayload\x18\a \x01(\v2\x1e.sentinel.resources.v1.PayloadR\apayload\"M\n" +
+	"\x16ResourceCreateResponse\x123\n" +
+	"\x04item\x18\x01 \x01(\v2\x1f.sentinel.resources.v1.ResourceR\x04item\"\xc8\x01\n" +
+	"\x15ResourceUpdateRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x12\n" +
+	"\x04tags\x18\x04 \x03(\tR\x04tags\x128\n" +
+	"\apayload\x18\x05 \x01(\v2\x1e.sentinel.resources.v1.PayloadR\apayload\x12\x1b\n" +
+	"\tagent_ids\x18\x06 \x03(\tR\bagentIds\"M\n" +
+	"\x16ResourceUpdateResponse\x123\n" +
+	"\x04item\x18\x01 \x01(\v2\x1f.sentinel.resources.v1.ResourceR\x04item\"'\n" +
+	"\x15ResourceDeleteRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x18\n" +
+	"\x16ResourceDeleteResponse*b\n" +
+	"\fResourceKind\x12\x1d\n" +
+	"\x19RESOURCE_KIND_UNSPECIFIED\x10\x00\x12\x19\n" +
+	"\x15RESOURCE_KIND_SERVICE\x10\x01\x12\x18\n" +
+	"\x14RESOURCE_KIND_SERVER\x10\x022\xb1\x04\n" +
+	"\x10ResourcesService\x12j\n" +
+	"\rResourcesList\x12+.sentinel.resources.v1.ResourcesListRequest\x1a,.sentinel.resources.v1.ResourcesListResponse\x12d\n" +
+	"\vResourceGet\x12).sentinel.resources.v1.ResourceGetRequest\x1a*.sentinel.resources.v1.ResourceGetResponse\x12m\n" +
+	"\x0eResourceCreate\x12,.sentinel.resources.v1.ResourceCreateRequest\x1a-.sentinel.resources.v1.ResourceCreateResponse\x12m\n" +
+	"\x0eResourceUpdate\x12,.sentinel.resources.v1.ResourceUpdateRequest\x1a-.sentinel.resources.v1.ResourceUpdateResponse\x12m\n" +
+	"\x0eResourceDelete\x12,.sentinel.resources.v1.ResourceDeleteRequest\x1a-.sentinel.resources.v1.ResourceDeleteResponseB\xfa\x01\n" +
+	"\x19com.sentinel.resources.v1B\fServiceProtoP\x01ZYgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/resources/v1;resourcesv1\xa2\x02\x03SRX\xaa\x02\x15Sentinel.Resources.V1\xca\x02\x15Sentinel\\Resources\\V1\xe2\x02!Sentinel\\Resources\\V1\\GPBMetadata\xea\x02\x17Sentinel::Resources::V1b\x06proto3"
+
+var (
+	file_sentinel_resources_v1_service_proto_rawDescOnce sync.Once
+	file_sentinel_resources_v1_service_proto_rawDescData []byte
+)
+
+func file_sentinel_resources_v1_service_proto_rawDescGZIP() []byte {
+	file_sentinel_resources_v1_service_proto_rawDescOnce.Do(func() {
+		file_sentinel_resources_v1_service_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_resources_v1_service_proto_rawDesc), len(file_sentinel_resources_v1_service_proto_rawDesc)))
+	})
+	return file_sentinel_resources_v1_service_proto_rawDescData
+}
+
+var file_sentinel_resources_v1_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_sentinel_resources_v1_service_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
+var file_sentinel_resources_v1_service_proto_goTypes = []any{
+	(ResourceKind)(0),              // 0: sentinel.resources.v1.ResourceKind
+	(*Payload)(nil),                // 1: sentinel.resources.v1.Payload
+	(*Resource)(nil),               // 2: sentinel.resources.v1.Resource
+	(*ResourcesListRequest)(nil),   // 3: sentinel.resources.v1.ResourcesListRequest
+	(*ResourcesListResponse)(nil),  // 4: sentinel.resources.v1.ResourcesListResponse
+	(*ResourceGetRequest)(nil),     // 5: sentinel.resources.v1.ResourceGetRequest
+	(*ResourceGetResponse)(nil),    // 6: sentinel.resources.v1.ResourceGetResponse
+	(*ResourceCreateRequest)(nil),  // 7: sentinel.resources.v1.ResourceCreateRequest
+	(*ResourceCreateResponse)(nil), // 8: sentinel.resources.v1.ResourceCreateResponse
+	(*ResourceUpdateRequest)(nil),  // 9: sentinel.resources.v1.ResourceUpdateRequest
+	(*ResourceUpdateResponse)(nil), // 10: sentinel.resources.v1.ResourceUpdateResponse
+	(*ResourceDeleteRequest)(nil),  // 11: sentinel.resources.v1.ResourceDeleteRequest
+	(*ResourceDeleteResponse)(nil), // 12: sentinel.resources.v1.ResourceDeleteResponse
+	(*timestamppb.Timestamp)(nil),  // 13: google.protobuf.Timestamp
+	(*v1.FindRequestCommon)(nil),   // 14: sentinel.common.v1.FindRequestCommon
+}
+var file_sentinel_resources_v1_service_proto_depIdxs = []int32{
+	0,  // 0: sentinel.resources.v1.Resource.kind:type_name -> sentinel.resources.v1.ResourceKind
+	1,  // 1: sentinel.resources.v1.Resource.payload:type_name -> sentinel.resources.v1.Payload
+	13, // 2: sentinel.resources.v1.Resource.created_at:type_name -> google.protobuf.Timestamp
+	13, // 3: sentinel.resources.v1.Resource.updated_at:type_name -> google.protobuf.Timestamp
+	14, // 4: sentinel.resources.v1.ResourcesListRequest.common:type_name -> sentinel.common.v1.FindRequestCommon
+	2,  // 5: sentinel.resources.v1.ResourcesListResponse.items:type_name -> sentinel.resources.v1.Resource
+	2,  // 6: sentinel.resources.v1.ResourceGetResponse.item:type_name -> sentinel.resources.v1.Resource
+	0,  // 7: sentinel.resources.v1.ResourceCreateRequest.kind:type_name -> sentinel.resources.v1.ResourceKind
+	1,  // 8: sentinel.resources.v1.ResourceCreateRequest.payload:type_name -> sentinel.resources.v1.Payload
+	2,  // 9: sentinel.resources.v1.ResourceCreateResponse.item:type_name -> sentinel.resources.v1.Resource
+	1,  // 10: sentinel.resources.v1.ResourceUpdateRequest.payload:type_name -> sentinel.resources.v1.Payload
+	2,  // 11: sentinel.resources.v1.ResourceUpdateResponse.item:type_name -> sentinel.resources.v1.Resource
+	3,  // 12: sentinel.resources.v1.ResourcesService.ResourcesList:input_type -> sentinel.resources.v1.ResourcesListRequest
+	5,  // 13: sentinel.resources.v1.ResourcesService.ResourceGet:input_type -> sentinel.resources.v1.ResourceGetRequest
+	7,  // 14: sentinel.resources.v1.ResourcesService.ResourceCreate:input_type -> sentinel.resources.v1.ResourceCreateRequest
+	9,  // 15: sentinel.resources.v1.ResourcesService.ResourceUpdate:input_type -> sentinel.resources.v1.ResourceUpdateRequest
+	11, // 16: sentinel.resources.v1.ResourcesService.ResourceDelete:input_type -> sentinel.resources.v1.ResourceDeleteRequest
+	4,  // 17: sentinel.resources.v1.ResourcesService.ResourcesList:output_type -> sentinel.resources.v1.ResourcesListResponse
+	6,  // 18: sentinel.resources.v1.ResourcesService.ResourceGet:output_type -> sentinel.resources.v1.ResourceGetResponse
+	8,  // 19: sentinel.resources.v1.ResourcesService.ResourceCreate:output_type -> sentinel.resources.v1.ResourceCreateResponse
+	10, // 20: sentinel.resources.v1.ResourcesService.ResourceUpdate:output_type -> sentinel.resources.v1.ResourceUpdateResponse
+	12, // 21: sentinel.resources.v1.ResourcesService.ResourceDelete:output_type -> sentinel.resources.v1.ResourceDeleteResponse
+	17, // [17:22] is the sub-list for method output_type
+	12, // [12:17] is the sub-list for method input_type
+	12, // [12:12] is the sub-list for extension type_name
+	12, // [12:12] is the sub-list for extension extendee
+	0,  // [0:12] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_resources_v1_service_proto_init() }
+func file_sentinel_resources_v1_service_proto_init() {
+	if File_sentinel_resources_v1_service_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_resources_v1_service_proto_rawDesc), len(file_sentinel_resources_v1_service_proto_rawDesc)),
+			NumEnums:      1,
+			NumMessages:   12,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_resources_v1_service_proto_goTypes,
+		DependencyIndexes: file_sentinel_resources_v1_service_proto_depIdxs,
+		EnumInfos:         file_sentinel_resources_v1_service_proto_enumTypes,
+		MessageInfos:      file_sentinel_resources_v1_service_proto_msgTypes,
+	}.Build()
+	File_sentinel_resources_v1_service_proto = out.File
+	file_sentinel_resources_v1_service_proto_goTypes = nil
+	file_sentinel_resources_v1_service_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/service/v1/service.pb.go b/internal/hub/hubserver/api/sentinel/service/v1/service.pb.go
new file mode 100644
index 0000000..eda4a2f
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/service/v1/service.pb.go
@@ -0,0 +1,758 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/service/v1/service.proto
+
+package servicev1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type ServiceProtocol int32
+
+const (
+	ServiceProtocol_SERVICE_PROTOCOL_UNSPECIFIED ServiceProtocol = 0
+	ServiceProtocol_SERVICE_PROTOCOL_HTTP        ServiceProtocol = 1
+	ServiceProtocol_SERVICE_PROTOCOL_TCP         ServiceProtocol = 2
+	ServiceProtocol_SERVICE_PROTOCOL_GRPC        ServiceProtocol = 3
+)
+
+// Enum value maps for ServiceProtocol.
+var (
+	ServiceProtocol_name = map[int32]string{
+		0: "SERVICE_PROTOCOL_UNSPECIFIED",
+		1: "SERVICE_PROTOCOL_HTTP",
+		2: "SERVICE_PROTOCOL_TCP",
+		3: "SERVICE_PROTOCOL_GRPC",
+	}
+	ServiceProtocol_value = map[string]int32{
+		"SERVICE_PROTOCOL_UNSPECIFIED": 0,
+		"SERVICE_PROTOCOL_HTTP":        1,
+		"SERVICE_PROTOCOL_TCP":         2,
+		"SERVICE_PROTOCOL_GRPC":        3,
+	}
+)
+
+func (x ServiceProtocol) Enum() *ServiceProtocol {
+	p := new(ServiceProtocol)
+	*p = x
+	return p
+}
+
+func (x ServiceProtocol) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ServiceProtocol) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_service_v1_service_proto_enumTypes[0].Descriptor()
+}
+
+func (ServiceProtocol) Type() protoreflect.EnumType {
+	return &file_sentinel_service_v1_service_proto_enumTypes[0]
+}
+
+func (x ServiceProtocol) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ServiceProtocol.Descriptor instead.
+func (ServiceProtocol) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{0}
+}
+
+type ServiceStatus int32
+
+const (
+	ServiceStatus_SERVICE_STATUS_UNSPECIFIED ServiceStatus = 0
+	ServiceStatus_SERVICE_STATUS_UNKNOWN     ServiceStatus = 1
+	ServiceStatus_SERVICE_STATUS_UP          ServiceStatus = 2
+	ServiceStatus_SERVICE_STATUS_DOWN        ServiceStatus = 3
+)
+
+// Enum value maps for ServiceStatus.
+var (
+	ServiceStatus_name = map[int32]string{
+		0: "SERVICE_STATUS_UNSPECIFIED",
+		1: "SERVICE_STATUS_UNKNOWN",
+		2: "SERVICE_STATUS_UP",
+		3: "SERVICE_STATUS_DOWN",
+	}
+	ServiceStatus_value = map[string]int32{
+		"SERVICE_STATUS_UNSPECIFIED": 0,
+		"SERVICE_STATUS_UNKNOWN":     1,
+		"SERVICE_STATUS_UP":          2,
+		"SERVICE_STATUS_DOWN":        3,
+	}
+)
+
+func (x ServiceStatus) Enum() *ServiceStatus {
+	p := new(ServiceStatus)
+	*p = x
+	return p
+}
+
+func (x ServiceStatus) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (ServiceStatus) Descriptor() protoreflect.EnumDescriptor {
+	return file_sentinel_service_v1_service_proto_enumTypes[1].Descriptor()
+}
+
+func (ServiceStatus) Type() protoreflect.EnumType {
+	return &file_sentinel_service_v1_service_proto_enumTypes[1]
+}
+
+func (x ServiceStatus) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use ServiceStatus.Descriptor instead.
+func (ServiceStatus) EnumDescriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{1}
+}
+
+type HTTPConfig struct {
+	state         protoimpl.MessageState       `protogen:"open.v1"`
+	Endpoints     []*HTTPConfig_EndpointConfig `protobuf:"bytes,1,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
+	Condition     string                       `protobuf:"bytes,2,opt,name=condition,proto3" json:"condition,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *HTTPConfig) Reset() {
+	*x = HTTPConfig{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HTTPConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPConfig) ProtoMessage() {}
+
+func (x *HTTPConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPConfig.ProtoReflect.Descriptor instead.
+func (*HTTPConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *HTTPConfig) GetEndpoints() []*HTTPConfig_EndpointConfig {
+	if x != nil {
+		return x.Endpoints
+	}
+	return nil
+}
+
+func (x *HTTPConfig) GetCondition() string {
+	if x != nil {
+		return x.Condition
+	}
+	return ""
+}
+
+type TCPConfig struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Endpoint      string                 `protobuf:"bytes,1,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
+	SendData      string                 `protobuf:"bytes,2,opt,name=send_data,json=sendData,proto3" json:"send_data,omitempty"`
+	ExpectData    string                 `protobuf:"bytes,3,opt,name=expect_data,json=expectData,proto3" json:"expect_data,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *TCPConfig) Reset() {
+	*x = TCPConfig{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *TCPConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TCPConfig) ProtoMessage() {}
+
+func (x *TCPConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TCPConfig.ProtoReflect.Descriptor instead.
+func (*TCPConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *TCPConfig) GetEndpoint() string {
+	if x != nil {
+		return x.Endpoint
+	}
+	return ""
+}
+
+func (x *TCPConfig) GetSendData() string {
+	if x != nil {
+		return x.SendData
+	}
+	return ""
+}
+
+func (x *TCPConfig) GetExpectData() string {
+	if x != nil {
+		return x.ExpectData
+	}
+	return ""
+}
+
+type GRPCConfig struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Endpoint      string                 `protobuf:"bytes,1,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
+	CheckType     string                 `protobuf:"bytes,2,opt,name=check_type,json=checkType,proto3" json:"check_type,omitempty"`
+	ServiceName   string                 `protobuf:"bytes,3,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
+	Tls           bool                   `protobuf:"varint,4,opt,name=tls,proto3" json:"tls,omitempty"`
+	InsecureTls   bool                   `protobuf:"varint,5,opt,name=insecure_tls,json=insecureTls,proto3" json:"insecure_tls,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GRPCConfig) Reset() {
+	*x = GRPCConfig{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GRPCConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GRPCConfig) ProtoMessage() {}
+
+func (x *GRPCConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GRPCConfig.ProtoReflect.Descriptor instead.
+func (*GRPCConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GRPCConfig) GetEndpoint() string {
+	if x != nil {
+		return x.Endpoint
+	}
+	return ""
+}
+
+func (x *GRPCConfig) GetCheckType() string {
+	if x != nil {
+		return x.CheckType
+	}
+	return ""
+}
+
+func (x *GRPCConfig) GetServiceName() string {
+	if x != nil {
+		return x.ServiceName
+	}
+	return ""
+}
+
+func (x *GRPCConfig) GetTls() bool {
+	if x != nil {
+		return x.Tls
+	}
+	return false
+}
+
+func (x *GRPCConfig) GetInsecureTls() bool {
+	if x != nil {
+		return x.InsecureTls
+	}
+	return false
+}
+
+type ServiceConfig struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	HttpConfig    *HTTPConfig            `protobuf:"bytes,1,opt,name=http_config,json=httpConfig,proto3,oneof" json:"http_config,omitempty"`
+	TcpConfig     *TCPConfig             `protobuf:"bytes,2,opt,name=tcp_config,json=tcpConfig,proto3,oneof" json:"tcp_config,omitempty"`
+	GrpcConfig    *GRPCConfig            `protobuf:"bytes,3,opt,name=grpc_config,json=grpcConfig,proto3,oneof" json:"grpc_config,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ServiceConfig) Reset() {
+	*x = ServiceConfig{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ServiceConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServiceConfig) ProtoMessage() {}
+
+func (x *ServiceConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServiceConfig.ProtoReflect.Descriptor instead.
+func (*ServiceConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ServiceConfig) GetHttpConfig() *HTTPConfig {
+	if x != nil {
+		return x.HttpConfig
+	}
+	return nil
+}
+
+func (x *ServiceConfig) GetTcpConfig() *TCPConfig {
+	if x != nil {
+		return x.TcpConfig
+	}
+	return nil
+}
+
+func (x *ServiceConfig) GetGrpcConfig() *GRPCConfig {
+	if x != nil {
+		return x.GrpcConfig
+	}
+	return nil
+}
+
+type Service struct {
+	state                  protoimpl.MessageState `protogen:"open.v1"`
+	Id                     string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name                   string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Protocol               ServiceProtocol        `protobuf:"varint,3,opt,name=protocol,proto3,enum=sentinel.service.v1.ServiceProtocol" json:"protocol,omitempty"`
+	Interval               int64                  `protobuf:"varint,4,opt,name=interval,proto3" json:"interval,omitempty"`
+	Timeout                int64                  `protobuf:"varint,5,opt,name=timeout,proto3" json:"timeout,omitempty"`
+	Retries                int64                  `protobuf:"varint,6,opt,name=retries,proto3" json:"retries,omitempty"`
+	Tags                   []string               `protobuf:"bytes,7,rep,name=tags,proto3" json:"tags,omitempty"`
+	Config                 *ServiceConfig         `protobuf:"bytes,8,opt,name=config,proto3" json:"config,omitempty"`
+	IsNotificationsEnabled bool                   `protobuf:"varint,9,opt,name=is_notifications_enabled,json=isNotificationsEnabled,proto3" json:"is_notifications_enabled,omitempty"`
+	IsEnabled              bool                   `protobuf:"varint,10,opt,name=is_enabled,json=isEnabled,proto3" json:"is_enabled,omitempty"`
+	CreatedAt              *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt              *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields          protoimpl.UnknownFields
+	sizeCache              protoimpl.SizeCache
+}
+
+func (x *Service) Reset() {
+	*x = Service{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Service) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Service) ProtoMessage() {}
+
+func (x *Service) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Service.ProtoReflect.Descriptor instead.
+func (*Service) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *Service) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Service) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Service) GetProtocol() ServiceProtocol {
+	if x != nil {
+		return x.Protocol
+	}
+	return ServiceProtocol_SERVICE_PROTOCOL_UNSPECIFIED
+}
+
+func (x *Service) GetInterval() int64 {
+	if x != nil {
+		return x.Interval
+	}
+	return 0
+}
+
+func (x *Service) GetTimeout() int64 {
+	if x != nil {
+		return x.Timeout
+	}
+	return 0
+}
+
+func (x *Service) GetRetries() int64 {
+	if x != nil {
+		return x.Retries
+	}
+	return 0
+}
+
+func (x *Service) GetTags() []string {
+	if x != nil {
+		return x.Tags
+	}
+	return nil
+}
+
+func (x *Service) GetConfig() *ServiceConfig {
+	if x != nil {
+		return x.Config
+	}
+	return nil
+}
+
+func (x *Service) GetIsNotificationsEnabled() bool {
+	if x != nil {
+		return x.IsNotificationsEnabled
+	}
+	return false
+}
+
+func (x *Service) GetIsEnabled() bool {
+	if x != nil {
+		return x.IsEnabled
+	}
+	return false
+}
+
+func (x *Service) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *Service) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+type HTTPConfig_EndpointConfig struct {
+	state          protoimpl.MessageState `protogen:"open.v1"`
+	Name           string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Url            string                 `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
+	Method         string                 `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
+	Headers        map[string]string      `protobuf:"bytes,4,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
+	Body           string                 `protobuf:"bytes,5,opt,name=body,proto3" json:"body,omitempty"`
+	ExpectedStatus int32                  `protobuf:"varint,6,opt,name=expected_status,json=expectedStatus,proto3" json:"expected_status,omitempty"`
+	JsonPath       string                 `protobuf:"bytes,7,opt,name=json_path,json=jsonPath,proto3" json:"json_path,omitempty"`
+	Username       string                 `protobuf:"bytes,8,opt,name=username,proto3" json:"username,omitempty"`
+	Password       string                 `protobuf:"bytes,9,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
+}
+
+func (x *HTTPConfig_EndpointConfig) Reset() {
+	*x = HTTPConfig_EndpointConfig{}
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *HTTPConfig_EndpointConfig) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HTTPConfig_EndpointConfig) ProtoMessage() {}
+
+func (x *HTTPConfig_EndpointConfig) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_service_v1_service_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use HTTPConfig_EndpointConfig.ProtoReflect.Descriptor instead.
+func (*HTTPConfig_EndpointConfig) Descriptor() ([]byte, []int) {
+	return file_sentinel_service_v1_service_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *HTTPConfig_EndpointConfig) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetMethod() string {
+	if x != nil {
+		return x.Method
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetHeaders() map[string]string {
+	if x != nil {
+		return x.Headers
+	}
+	return nil
+}
+
+func (x *HTTPConfig_EndpointConfig) GetBody() string {
+	if x != nil {
+		return x.Body
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetExpectedStatus() int32 {
+	if x != nil {
+		return x.ExpectedStatus
+	}
+	return 0
+}
+
+func (x *HTTPConfig_EndpointConfig) GetJsonPath() string {
+	if x != nil {
+		return x.JsonPath
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *HTTPConfig_EndpointConfig) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+var File_sentinel_service_v1_service_proto protoreflect.FileDescriptor
+
+const file_sentinel_service_v1_service_proto_rawDesc = "" +
+	"\n" +
+	"!sentinel/service/v1/service.proto\x12\x13sentinel.service.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"\xee\x03\n" +
+	"\n" +
+	"HTTPConfig\x12L\n" +
+	"\tendpoints\x18\x01 \x03(\v2..sentinel.service.v1.HTTPConfig.EndpointConfigR\tendpoints\x12\x1c\n" +
+	"\tcondition\x18\x02 \x01(\tR\tcondition\x1a\xf3\x02\n" +
+	"\x0eEndpointConfig\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x10\n" +
+	"\x03url\x18\x02 \x01(\tR\x03url\x12\x16\n" +
+	"\x06method\x18\x03 \x01(\tR\x06method\x12U\n" +
+	"\aheaders\x18\x04 \x03(\v2;.sentinel.service.v1.HTTPConfig.EndpointConfig.HeadersEntryR\aheaders\x12\x12\n" +
+	"\x04body\x18\x05 \x01(\tR\x04body\x12'\n" +
+	"\x0fexpected_status\x18\x06 \x01(\x05R\x0eexpectedStatus\x12\x1b\n" +
+	"\tjson_path\x18\a \x01(\tR\bjsonPath\x12\x1a\n" +
+	"\busername\x18\b \x01(\tR\busername\x12\x1a\n" +
+	"\bpassword\x18\t \x01(\tR\bpassword\x1a:\n" +
+	"\fHeadersEntry\x12\x10\n" +
+	"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
+	"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"e\n" +
+	"\tTCPConfig\x12\x1a\n" +
+	"\bendpoint\x18\x01 \x01(\tR\bendpoint\x12\x1b\n" +
+	"\tsend_data\x18\x02 \x01(\tR\bsendData\x12\x1f\n" +
+	"\vexpect_data\x18\x03 \x01(\tR\n" +
+	"expectData\"\x9f\x01\n" +
+	"\n" +
+	"GRPCConfig\x12\x1a\n" +
+	"\bendpoint\x18\x01 \x01(\tR\bendpoint\x12\x1d\n" +
+	"\n" +
+	"check_type\x18\x02 \x01(\tR\tcheckType\x12!\n" +
+	"\fservice_name\x18\x03 \x01(\tR\vserviceName\x12\x10\n" +
+	"\x03tls\x18\x04 \x01(\bR\x03tls\x12!\n" +
+	"\finsecure_tls\x18\x05 \x01(\bR\vinsecureTls\"\x90\x02\n" +
+	"\rServiceConfig\x12E\n" +
+	"\vhttp_config\x18\x01 \x01(\v2\x1f.sentinel.service.v1.HTTPConfigH\x00R\n" +
+	"httpConfig\x88\x01\x01\x12B\n" +
+	"\n" +
+	"tcp_config\x18\x02 \x01(\v2\x1e.sentinel.service.v1.TCPConfigH\x01R\ttcpConfig\x88\x01\x01\x12E\n" +
+	"\vgrpc_config\x18\x03 \x01(\v2\x1f.sentinel.service.v1.GRPCConfigH\x02R\n" +
+	"grpcConfig\x88\x01\x01B\x0e\n" +
+	"\f_http_configB\r\n" +
+	"\v_tcp_configB\x0e\n" +
+	"\f_grpc_config\"\xde\x03\n" +
+	"\aService\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12@\n" +
+	"\bprotocol\x18\x03 \x01(\x0e2$.sentinel.service.v1.ServiceProtocolR\bprotocol\x12\x1a\n" +
+	"\binterval\x18\x04 \x01(\x03R\binterval\x12\x18\n" +
+	"\atimeout\x18\x05 \x01(\x03R\atimeout\x12\x18\n" +
+	"\aretries\x18\x06 \x01(\x03R\aretries\x12\x12\n" +
+	"\x04tags\x18\a \x03(\tR\x04tags\x12:\n" +
+	"\x06config\x18\b \x01(\v2\".sentinel.service.v1.ServiceConfigR\x06config\x128\n" +
+	"\x18is_notifications_enabled\x18\t \x01(\bR\x16isNotificationsEnabled\x12\x1d\n" +
+	"\n" +
+	"is_enabled\x18\n" +
+	" \x01(\bR\tisEnabled\x129\n" +
+	"\n" +
+	"created_at\x18\v \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\f \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt*\x83\x01\n" +
+	"\x0fServiceProtocol\x12 \n" +
+	"\x1cSERVICE_PROTOCOL_UNSPECIFIED\x10\x00\x12\x19\n" +
+	"\x15SERVICE_PROTOCOL_HTTP\x10\x01\x12\x18\n" +
+	"\x14SERVICE_PROTOCOL_TCP\x10\x02\x12\x19\n" +
+	"\x15SERVICE_PROTOCOL_GRPC\x10\x03*{\n" +
+	"\rServiceStatus\x12\x1e\n" +
+	"\x1aSERVICE_STATUS_UNSPECIFIED\x10\x00\x12\x1a\n" +
+	"\x16SERVICE_STATUS_UNKNOWN\x10\x01\x12\x15\n" +
+	"\x11SERVICE_STATUS_UP\x10\x02\x12\x17\n" +
+	"\x13SERVICE_STATUS_DOWN\x10\x03B\xec\x01\n" +
+	"\x17com.sentinel.service.v1B\fServiceProtoP\x01ZUgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/service/v1;servicev1\xa2\x02\x03SSX\xaa\x02\x13Sentinel.Service.V1\xca\x02\x13Sentinel\\Service\\V1\xe2\x02\x1fSentinel\\Service\\V1\\GPBMetadata\xea\x02\x15Sentinel::Service::V1b\x06proto3"
+
+var (
+	file_sentinel_service_v1_service_proto_rawDescOnce sync.Once
+	file_sentinel_service_v1_service_proto_rawDescData []byte
+)
+
+func file_sentinel_service_v1_service_proto_rawDescGZIP() []byte {
+	file_sentinel_service_v1_service_proto_rawDescOnce.Do(func() {
+		file_sentinel_service_v1_service_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_service_v1_service_proto_rawDesc), len(file_sentinel_service_v1_service_proto_rawDesc)))
+	})
+	return file_sentinel_service_v1_service_proto_rawDescData
+}
+
+var file_sentinel_service_v1_service_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_sentinel_service_v1_service_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
+var file_sentinel_service_v1_service_proto_goTypes = []any{
+	(ServiceProtocol)(0),              // 0: sentinel.service.v1.ServiceProtocol
+	(ServiceStatus)(0),                // 1: sentinel.service.v1.ServiceStatus
+	(*HTTPConfig)(nil),                // 2: sentinel.service.v1.HTTPConfig
+	(*TCPConfig)(nil),                 // 3: sentinel.service.v1.TCPConfig
+	(*GRPCConfig)(nil),                // 4: sentinel.service.v1.GRPCConfig
+	(*ServiceConfig)(nil),             // 5: sentinel.service.v1.ServiceConfig
+	(*Service)(nil),                   // 6: sentinel.service.v1.Service
+	(*HTTPConfig_EndpointConfig)(nil), // 7: sentinel.service.v1.HTTPConfig.EndpointConfig
+	nil,                               // 8: sentinel.service.v1.HTTPConfig.EndpointConfig.HeadersEntry
+	(*timestamppb.Timestamp)(nil),     // 9: google.protobuf.Timestamp
+}
+var file_sentinel_service_v1_service_proto_depIdxs = []int32{
+	7, // 0: sentinel.service.v1.HTTPConfig.endpoints:type_name -> sentinel.service.v1.HTTPConfig.EndpointConfig
+	2, // 1: sentinel.service.v1.ServiceConfig.http_config:type_name -> sentinel.service.v1.HTTPConfig
+	3, // 2: sentinel.service.v1.ServiceConfig.tcp_config:type_name -> sentinel.service.v1.TCPConfig
+	4, // 3: sentinel.service.v1.ServiceConfig.grpc_config:type_name -> sentinel.service.v1.GRPCConfig
+	0, // 4: sentinel.service.v1.Service.protocol:type_name -> sentinel.service.v1.ServiceProtocol
+	5, // 5: sentinel.service.v1.Service.config:type_name -> sentinel.service.v1.ServiceConfig
+	9, // 6: sentinel.service.v1.Service.created_at:type_name -> google.protobuf.Timestamp
+	9, // 7: sentinel.service.v1.Service.updated_at:type_name -> google.protobuf.Timestamp
+	8, // 8: sentinel.service.v1.HTTPConfig.EndpointConfig.headers:type_name -> sentinel.service.v1.HTTPConfig.EndpointConfig.HeadersEntry
+	9, // [9:9] is the sub-list for method output_type
+	9, // [9:9] is the sub-list for method input_type
+	9, // [9:9] is the sub-list for extension type_name
+	9, // [9:9] is the sub-list for extension extendee
+	0, // [0:9] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_service_v1_service_proto_init() }
+func file_sentinel_service_v1_service_proto_init() {
+	if File_sentinel_service_v1_service_proto != nil {
+		return
+	}
+	file_sentinel_service_v1_service_proto_msgTypes[3].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_service_v1_service_proto_rawDesc), len(file_sentinel_service_v1_service_proto_rawDesc)),
+			NumEnums:      2,
+			NumMessages:   7,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_sentinel_service_v1_service_proto_goTypes,
+		DependencyIndexes: file_sentinel_service_v1_service_proto_depIdxs,
+		EnumInfos:         file_sentinel_service_v1_service_proto_enumTypes,
+		MessageInfos:      file_sentinel_service_v1_service_proto_msgTypes,
+	}.Build()
+	File_sentinel_service_v1_service_proto = out.File
+	file_sentinel_service_v1_service_proto_goTypes = nil
+	file_sentinel_service_v1_service_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/system/v1/service.pb.go b/internal/hub/hubserver/api/sentinel/system/v1/service.pb.go
new file mode 100644
index 0000000..1449c38
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/system/v1/service.pb.go
@@ -0,0 +1,743 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/system/v1/service.proto
+
+package systemv1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// AvailableUpdate represents information about an available update
+type AvailableUpdate struct {
+	state          protoimpl.MessageState   `protogen:"open.v1"`
+	CurrentVersion string                   `protobuf:"bytes,1,opt,name=current_version,json=currentVersion,proto3" json:"current_version,omitempty"`
+	IsAvailable    bool                     `protobuf:"varint,2,opt,name=is_available,json=isAvailable,proto3" json:"is_available,omitempty"`
+	Details        *AvailableUpdate_Details `protobuf:"bytes,3,opt,name=details,proto3" json:"details,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
+}
+
+func (x *AvailableUpdate) Reset() {
+	*x = AvailableUpdate{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AvailableUpdate) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AvailableUpdate) ProtoMessage() {}
+
+func (x *AvailableUpdate) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AvailableUpdate.ProtoReflect.Descriptor instead.
+func (*AvailableUpdate) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AvailableUpdate) GetCurrentVersion() string {
+	if x != nil {
+		return x.CurrentVersion
+	}
+	return ""
+}
+
+func (x *AvailableUpdate) GetIsAvailable() bool {
+	if x != nil {
+		return x.IsAvailable
+	}
+	return false
+}
+
+func (x *AvailableUpdate) GetDetails() *AvailableUpdate_Details {
+	if x != nil {
+		return x.Details
+	}
+	return nil
+}
+
+// SystemInfo represents information about the server
+type SystemInfo struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Version       string                 `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
+	CommitHash    string                 `protobuf:"bytes,2,opt,name=commit_hash,json=commitHash,proto3" json:"commit_hash,omitempty"`
+	BuildDate     string                 `protobuf:"bytes,3,opt,name=build_date,json=buildDate,proto3" json:"build_date,omitempty"`
+	GoVersion     string                 `protobuf:"bytes,4,opt,name=go_version,json=goVersion,proto3" json:"go_version,omitempty"`
+	SqliteVersion string                 `protobuf:"bytes,5,opt,name=sqlite_version,json=sqliteVersion,proto3" json:"sqlite_version,omitempty"`
+	Os            string                 `protobuf:"bytes,6,opt,name=os,proto3" json:"os,omitempty"`
+	Arch          string                 `protobuf:"bytes,7,opt,name=arch,proto3" json:"arch,omitempty"`
+	Hostname      string                 `protobuf:"bytes,8,opt,name=hostname,proto3" json:"hostname,omitempty"`
+	KernelVersion string                 `protobuf:"bytes,9,opt,name=kernel_version,json=kernelVersion,proto3" json:"kernel_version,omitempty"`
+	CpuModel      string                 `protobuf:"bytes,10,opt,name=cpu_model,json=cpuModel,proto3" json:"cpu_model,omitempty"`
+	IpAddress     string                 `protobuf:"bytes,11,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
+	StartedAt     *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=started_at,json=startedAt,proto3" json:"started_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SystemInfo) Reset() {
+	*x = SystemInfo{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SystemInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SystemInfo) ProtoMessage() {}
+
+func (x *SystemInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SystemInfo.ProtoReflect.Descriptor instead.
+func (*SystemInfo) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *SystemInfo) GetVersion() string {
+	if x != nil {
+		return x.Version
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetCommitHash() string {
+	if x != nil {
+		return x.CommitHash
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetBuildDate() string {
+	if x != nil {
+		return x.BuildDate
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetGoVersion() string {
+	if x != nil {
+		return x.GoVersion
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetSqliteVersion() string {
+	if x != nil {
+		return x.SqliteVersion
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetOs() string {
+	if x != nil {
+		return x.Os
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetArch() string {
+	if x != nil {
+		return x.Arch
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetHostname() string {
+	if x != nil {
+		return x.Hostname
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetKernelVersion() string {
+	if x != nil {
+		return x.KernelVersion
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetCpuModel() string {
+	if x != nil {
+		return x.CpuModel
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetIpAddress() string {
+	if x != nil {
+		return x.IpAddress
+	}
+	return ""
+}
+
+func (x *SystemInfo) GetStartedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.StartedAt
+	}
+	return nil
+}
+
+// CheckIsInitializedRequest
+type CheckIsInitializedRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CheckIsInitializedRequest) Reset() {
+	*x = CheckIsInitializedRequest{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CheckIsInitializedRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckIsInitializedRequest) ProtoMessage() {}
+
+func (x *CheckIsInitializedRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckIsInitializedRequest.ProtoReflect.Descriptor instead.
+func (*CheckIsInitializedRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{2}
+}
+
+type CheckIsInitializedResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	IsInitialized bool                   `protobuf:"varint,1,opt,name=is_initialized,json=isInitialized,proto3" json:"is_initialized,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CheckIsInitializedResponse) Reset() {
+	*x = CheckIsInitializedResponse{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CheckIsInitializedResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckIsInitializedResponse) ProtoMessage() {}
+
+func (x *CheckIsInitializedResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckIsInitializedResponse.ProtoReflect.Descriptor instead.
+func (*CheckIsInitializedResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *CheckIsInitializedResponse) GetIsInitialized() bool {
+	if x != nil {
+		return x.IsInitialized
+	}
+	return false
+}
+
+// InitializeRequest
+type InitializeRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Email         string                 `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *InitializeRequest) Reset() {
+	*x = InitializeRequest{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *InitializeRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InitializeRequest) ProtoMessage() {}
+
+func (x *InitializeRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InitializeRequest.ProtoReflect.Descriptor instead.
+func (*InitializeRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *InitializeRequest) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *InitializeRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+type InitializeResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *InitializeResponse) Reset() {
+	*x = InitializeResponse{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *InitializeResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*InitializeResponse) ProtoMessage() {}
+
+func (x *InitializeResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use InitializeResponse.ProtoReflect.Descriptor instead.
+func (*InitializeResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{5}
+}
+
+// GetSystemInfoRequest
+type GetSystemInfoRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetSystemInfoRequest) Reset() {
+	*x = GetSystemInfoRequest{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetSystemInfoRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetSystemInfoRequest) ProtoMessage() {}
+
+func (x *GetSystemInfoRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetSystemInfoRequest.ProtoReflect.Descriptor instead.
+func (*GetSystemInfoRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{6}
+}
+
+type GetSystemInfoResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Info          *SystemInfo            `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetSystemInfoResponse) Reset() {
+	*x = GetSystemInfoResponse{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetSystemInfoResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetSystemInfoResponse) ProtoMessage() {}
+
+func (x *GetSystemInfoResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetSystemInfoResponse.ProtoReflect.Descriptor instead.
+func (*GetSystemInfoResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *GetSystemInfoResponse) GetInfo() *SystemInfo {
+	if x != nil {
+		return x.Info
+	}
+	return nil
+}
+
+// CheckForUpdatesRequest
+type CheckForUpdatesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CheckForUpdatesRequest) Reset() {
+	*x = CheckForUpdatesRequest{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CheckForUpdatesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckForUpdatesRequest) ProtoMessage() {}
+
+func (x *CheckForUpdatesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckForUpdatesRequest.ProtoReflect.Descriptor instead.
+func (*CheckForUpdatesRequest) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{8}
+}
+
+type CheckForUpdatesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Info          *AvailableUpdate       `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CheckForUpdatesResponse) Reset() {
+	*x = CheckForUpdatesResponse{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CheckForUpdatesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckForUpdatesResponse) ProtoMessage() {}
+
+func (x *CheckForUpdatesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckForUpdatesResponse.ProtoReflect.Descriptor instead.
+func (*CheckForUpdatesResponse) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *CheckForUpdatesResponse) GetInfo() *AvailableUpdate {
+	if x != nil {
+		return x.Info
+	}
+	return nil
+}
+
+type AvailableUpdate_Details struct {
+	state             protoimpl.MessageState `protogen:"open.v1"`
+	IsAvailableManual bool                   `protobuf:"varint,1,opt,name=is_available_manual,json=isAvailableManual,proto3" json:"is_available_manual,omitempty"`
+	TagName           string                 `protobuf:"bytes,2,opt,name=tag_name,json=tagName,proto3" json:"tag_name,omitempty"`
+	Url               string                 `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"`
+	Description       string                 `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	unknownFields     protoimpl.UnknownFields
+	sizeCache         protoimpl.SizeCache
+}
+
+func (x *AvailableUpdate_Details) Reset() {
+	*x = AvailableUpdate_Details{}
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AvailableUpdate_Details) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AvailableUpdate_Details) ProtoMessage() {}
+
+func (x *AvailableUpdate_Details) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_system_v1_service_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AvailableUpdate_Details.ProtoReflect.Descriptor instead.
+func (*AvailableUpdate_Details) Descriptor() ([]byte, []int) {
+	return file_sentinel_system_v1_service_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *AvailableUpdate_Details) GetIsAvailableManual() bool {
+	if x != nil {
+		return x.IsAvailableManual
+	}
+	return false
+}
+
+func (x *AvailableUpdate_Details) GetTagName() string {
+	if x != nil {
+		return x.TagName
+	}
+	return ""
+}
+
+func (x *AvailableUpdate_Details) GetUrl() string {
+	if x != nil {
+		return x.Url
+	}
+	return ""
+}
+
+func (x *AvailableUpdate_Details) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+var File_sentinel_system_v1_service_proto protoreflect.FileDescriptor
+
+const file_sentinel_system_v1_service_proto_rawDesc = "" +
+	"\n" +
+	" sentinel/system/v1/service.proto\x12\x12sentinel.system.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"\xaf\x02\n" +
+	"\x0fAvailableUpdate\x12'\n" +
+	"\x0fcurrent_version\x18\x01 \x01(\tR\x0ecurrentVersion\x12!\n" +
+	"\fis_available\x18\x02 \x01(\bR\visAvailable\x12E\n" +
+	"\adetails\x18\x03 \x01(\v2+.sentinel.system.v1.AvailableUpdate.DetailsR\adetails\x1a\x88\x01\n" +
+	"\aDetails\x12.\n" +
+	"\x13is_available_manual\x18\x01 \x01(\bR\x11isAvailableManual\x12\x19\n" +
+	"\btag_name\x18\x02 \x01(\tR\atagName\x12\x10\n" +
+	"\x03url\x18\x03 \x01(\tR\x03url\x12 \n" +
+	"\vdescription\x18\x04 \x01(\tR\vdescription\"\x8a\x03\n" +
+	"\n" +
+	"SystemInfo\x12\x18\n" +
+	"\aversion\x18\x01 \x01(\tR\aversion\x12\x1f\n" +
+	"\vcommit_hash\x18\x02 \x01(\tR\n" +
+	"commitHash\x12\x1d\n" +
+	"\n" +
+	"build_date\x18\x03 \x01(\tR\tbuildDate\x12\x1d\n" +
+	"\n" +
+	"go_version\x18\x04 \x01(\tR\tgoVersion\x12%\n" +
+	"\x0esqlite_version\x18\x05 \x01(\tR\rsqliteVersion\x12\x0e\n" +
+	"\x02os\x18\x06 \x01(\tR\x02os\x12\x12\n" +
+	"\x04arch\x18\a \x01(\tR\x04arch\x12\x1a\n" +
+	"\bhostname\x18\b \x01(\tR\bhostname\x12%\n" +
+	"\x0ekernel_version\x18\t \x01(\tR\rkernelVersion\x12\x1b\n" +
+	"\tcpu_model\x18\n" +
+	" \x01(\tR\bcpuModel\x12\x1d\n" +
+	"\n" +
+	"ip_address\x18\v \x01(\tR\tipAddress\x129\n" +
+	"\n" +
+	"started_at\x18\f \x01(\v2\x1a.google.protobuf.TimestampR\tstartedAt\"\x1b\n" +
+	"\x19CheckIsInitializedRequest\"C\n" +
+	"\x1aCheckIsInitializedResponse\x12%\n" +
+	"\x0eis_initialized\x18\x01 \x01(\bR\risInitialized\"E\n" +
+	"\x11InitializeRequest\x12\x14\n" +
+	"\x05email\x18\x01 \x01(\tR\x05email\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\"\x14\n" +
+	"\x12InitializeResponse\"\x16\n" +
+	"\x14GetSystemInfoRequest\"K\n" +
+	"\x15GetSystemInfoResponse\x122\n" +
+	"\x04info\x18\x01 \x01(\v2\x1e.sentinel.system.v1.SystemInfoR\x04info\"\x18\n" +
+	"\x16CheckForUpdatesRequest\"R\n" +
+	"\x17CheckForUpdatesResponse\x127\n" +
+	"\x04info\x18\x01 \x01(\v2#.sentinel.system.v1.AvailableUpdateR\x04info2\xb3\x03\n" +
+	"\rSystemService\x12s\n" +
+	"\x12CheckIsInitialized\x12-.sentinel.system.v1.CheckIsInitializedRequest\x1a..sentinel.system.v1.CheckIsInitializedResponse\x12[\n" +
+	"\n" +
+	"Initialize\x12%.sentinel.system.v1.InitializeRequest\x1a&.sentinel.system.v1.InitializeResponse\x12d\n" +
+	"\rGetSystemInfo\x12(.sentinel.system.v1.GetSystemInfoRequest\x1a).sentinel.system.v1.GetSystemInfoResponse\x12j\n" +
+	"\x0fCheckForUpdates\x12*.sentinel.system.v1.CheckForUpdatesRequest\x1a+.sentinel.system.v1.CheckForUpdatesResponseB\xe5\x01\n" +
+	"\x16com.sentinel.system.v1B\fServiceProtoP\x01ZSgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1;systemv1\xa2\x02\x03SSX\xaa\x02\x12Sentinel.System.V1\xca\x02\x12Sentinel\\System\\V1\xe2\x02\x1eSentinel\\System\\V1\\GPBMetadata\xea\x02\x14Sentinel::System::V1b\x06proto3"
+
+var (
+	file_sentinel_system_v1_service_proto_rawDescOnce sync.Once
+	file_sentinel_system_v1_service_proto_rawDescData []byte
+)
+
+func file_sentinel_system_v1_service_proto_rawDescGZIP() []byte {
+	file_sentinel_system_v1_service_proto_rawDescOnce.Do(func() {
+		file_sentinel_system_v1_service_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_system_v1_service_proto_rawDesc), len(file_sentinel_system_v1_service_proto_rawDesc)))
+	})
+	return file_sentinel_system_v1_service_proto_rawDescData
+}
+
+var file_sentinel_system_v1_service_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_sentinel_system_v1_service_proto_goTypes = []any{
+	(*AvailableUpdate)(nil),            // 0: sentinel.system.v1.AvailableUpdate
+	(*SystemInfo)(nil),                 // 1: sentinel.system.v1.SystemInfo
+	(*CheckIsInitializedRequest)(nil),  // 2: sentinel.system.v1.CheckIsInitializedRequest
+	(*CheckIsInitializedResponse)(nil), // 3: sentinel.system.v1.CheckIsInitializedResponse
+	(*InitializeRequest)(nil),          // 4: sentinel.system.v1.InitializeRequest
+	(*InitializeResponse)(nil),         // 5: sentinel.system.v1.InitializeResponse
+	(*GetSystemInfoRequest)(nil),       // 6: sentinel.system.v1.GetSystemInfoRequest
+	(*GetSystemInfoResponse)(nil),      // 7: sentinel.system.v1.GetSystemInfoResponse
+	(*CheckForUpdatesRequest)(nil),     // 8: sentinel.system.v1.CheckForUpdatesRequest
+	(*CheckForUpdatesResponse)(nil),    // 9: sentinel.system.v1.CheckForUpdatesResponse
+	(*AvailableUpdate_Details)(nil),    // 10: sentinel.system.v1.AvailableUpdate.Details
+	(*timestamppb.Timestamp)(nil),      // 11: google.protobuf.Timestamp
+}
+var file_sentinel_system_v1_service_proto_depIdxs = []int32{
+	10, // 0: sentinel.system.v1.AvailableUpdate.details:type_name -> sentinel.system.v1.AvailableUpdate.Details
+	11, // 1: sentinel.system.v1.SystemInfo.started_at:type_name -> google.protobuf.Timestamp
+	1,  // 2: sentinel.system.v1.GetSystemInfoResponse.info:type_name -> sentinel.system.v1.SystemInfo
+	0,  // 3: sentinel.system.v1.CheckForUpdatesResponse.info:type_name -> sentinel.system.v1.AvailableUpdate
+	2,  // 4: sentinel.system.v1.SystemService.CheckIsInitialized:input_type -> sentinel.system.v1.CheckIsInitializedRequest
+	4,  // 5: sentinel.system.v1.SystemService.Initialize:input_type -> sentinel.system.v1.InitializeRequest
+	6,  // 6: sentinel.system.v1.SystemService.GetSystemInfo:input_type -> sentinel.system.v1.GetSystemInfoRequest
+	8,  // 7: sentinel.system.v1.SystemService.CheckForUpdates:input_type -> sentinel.system.v1.CheckForUpdatesRequest
+	3,  // 8: sentinel.system.v1.SystemService.CheckIsInitialized:output_type -> sentinel.system.v1.CheckIsInitializedResponse
+	5,  // 9: sentinel.system.v1.SystemService.Initialize:output_type -> sentinel.system.v1.InitializeResponse
+	7,  // 10: sentinel.system.v1.SystemService.GetSystemInfo:output_type -> sentinel.system.v1.GetSystemInfoResponse
+	9,  // 11: sentinel.system.v1.SystemService.CheckForUpdates:output_type -> sentinel.system.v1.CheckForUpdatesResponse
+	8,  // [8:12] is the sub-list for method output_type
+	4,  // [4:8] is the sub-list for method input_type
+	4,  // [4:4] is the sub-list for extension type_name
+	4,  // [4:4] is the sub-list for extension extendee
+	0,  // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_system_v1_service_proto_init() }
+func file_sentinel_system_v1_service_proto_init() {
+	if File_sentinel_system_v1_service_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_system_v1_service_proto_rawDesc), len(file_sentinel_system_v1_service_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sentinel_system_v1_service_proto_goTypes,
+		DependencyIndexes: file_sentinel_system_v1_service_proto_depIdxs,
+		MessageInfos:      file_sentinel_system_v1_service_proto_msgTypes,
+	}.Build()
+	File_sentinel_system_v1_service_proto = out.File
+	file_sentinel_system_v1_service_proto_goTypes = nil
+	file_sentinel_system_v1_service_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect/service.connect.go b/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect/service.connect.go
new file mode 100644
index 0000000..e98edf0
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/system/v1/systemv1connect/service.connect.go
@@ -0,0 +1,196 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: sentinel/system/v1/service.proto
+
+package systemv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// SystemServiceName is the fully-qualified name of the SystemService service.
+	SystemServiceName = "sentinel.system.v1.SystemService"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// SystemServiceCheckIsInitializedProcedure is the fully-qualified name of the SystemService's
+	// CheckIsInitialized RPC.
+	SystemServiceCheckIsInitializedProcedure = "/sentinel.system.v1.SystemService/CheckIsInitialized"
+	// SystemServiceInitializeProcedure is the fully-qualified name of the SystemService's Initialize
+	// RPC.
+	SystemServiceInitializeProcedure = "/sentinel.system.v1.SystemService/Initialize"
+	// SystemServiceGetSystemInfoProcedure is the fully-qualified name of the SystemService's
+	// GetSystemInfo RPC.
+	SystemServiceGetSystemInfoProcedure = "/sentinel.system.v1.SystemService/GetSystemInfo"
+	// SystemServiceCheckForUpdatesProcedure is the fully-qualified name of the SystemService's
+	// CheckForUpdates RPC.
+	SystemServiceCheckForUpdatesProcedure = "/sentinel.system.v1.SystemService/CheckForUpdates"
+)
+
+// SystemServiceClient is a client for the sentinel.system.v1.SystemService service.
+type SystemServiceClient interface {
+	CheckIsInitialized(context.Context, *connect.Request[v1.CheckIsInitializedRequest]) (*connect.Response[v1.CheckIsInitializedResponse], error)
+	Initialize(context.Context, *connect.Request[v1.InitializeRequest]) (*connect.Response[v1.InitializeResponse], error)
+	GetSystemInfo(context.Context, *connect.Request[v1.GetSystemInfoRequest]) (*connect.Response[v1.GetSystemInfoResponse], error)
+	CheckForUpdates(context.Context, *connect.Request[v1.CheckForUpdatesRequest]) (*connect.Response[v1.CheckForUpdatesResponse], error)
+}
+
+// NewSystemServiceClient constructs a client for the sentinel.system.v1.SystemService service. By
+// default, it uses the Connect protocol with the binary Protobuf Codec, asks for gzipped responses,
+// and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply the
+// connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewSystemServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) SystemServiceClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	systemServiceMethods := v1.File_sentinel_system_v1_service_proto.Services().ByName("SystemService").Methods()
+	return &systemServiceClient{
+		checkIsInitialized: connect.NewClient[v1.CheckIsInitializedRequest, v1.CheckIsInitializedResponse](
+			httpClient,
+			baseURL+SystemServiceCheckIsInitializedProcedure,
+			connect.WithSchema(systemServiceMethods.ByName("CheckIsInitialized")),
+			connect.WithClientOptions(opts...),
+		),
+		initialize: connect.NewClient[v1.InitializeRequest, v1.InitializeResponse](
+			httpClient,
+			baseURL+SystemServiceInitializeProcedure,
+			connect.WithSchema(systemServiceMethods.ByName("Initialize")),
+			connect.WithClientOptions(opts...),
+		),
+		getSystemInfo: connect.NewClient[v1.GetSystemInfoRequest, v1.GetSystemInfoResponse](
+			httpClient,
+			baseURL+SystemServiceGetSystemInfoProcedure,
+			connect.WithSchema(systemServiceMethods.ByName("GetSystemInfo")),
+			connect.WithClientOptions(opts...),
+		),
+		checkForUpdates: connect.NewClient[v1.CheckForUpdatesRequest, v1.CheckForUpdatesResponse](
+			httpClient,
+			baseURL+SystemServiceCheckForUpdatesProcedure,
+			connect.WithSchema(systemServiceMethods.ByName("CheckForUpdates")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// systemServiceClient implements SystemServiceClient.
+type systemServiceClient struct {
+	checkIsInitialized *connect.Client[v1.CheckIsInitializedRequest, v1.CheckIsInitializedResponse]
+	initialize         *connect.Client[v1.InitializeRequest, v1.InitializeResponse]
+	getSystemInfo      *connect.Client[v1.GetSystemInfoRequest, v1.GetSystemInfoResponse]
+	checkForUpdates    *connect.Client[v1.CheckForUpdatesRequest, v1.CheckForUpdatesResponse]
+}
+
+// CheckIsInitialized calls sentinel.system.v1.SystemService.CheckIsInitialized.
+func (c *systemServiceClient) CheckIsInitialized(ctx context.Context, req *connect.Request[v1.CheckIsInitializedRequest]) (*connect.Response[v1.CheckIsInitializedResponse], error) {
+	return c.checkIsInitialized.CallUnary(ctx, req)
+}
+
+// Initialize calls sentinel.system.v1.SystemService.Initialize.
+func (c *systemServiceClient) Initialize(ctx context.Context, req *connect.Request[v1.InitializeRequest]) (*connect.Response[v1.InitializeResponse], error) {
+	return c.initialize.CallUnary(ctx, req)
+}
+
+// GetSystemInfo calls sentinel.system.v1.SystemService.GetSystemInfo.
+func (c *systemServiceClient) GetSystemInfo(ctx context.Context, req *connect.Request[v1.GetSystemInfoRequest]) (*connect.Response[v1.GetSystemInfoResponse], error) {
+	return c.getSystemInfo.CallUnary(ctx, req)
+}
+
+// CheckForUpdates calls sentinel.system.v1.SystemService.CheckForUpdates.
+func (c *systemServiceClient) CheckForUpdates(ctx context.Context, req *connect.Request[v1.CheckForUpdatesRequest]) (*connect.Response[v1.CheckForUpdatesResponse], error) {
+	return c.checkForUpdates.CallUnary(ctx, req)
+}
+
+// SystemServiceHandler is an implementation of the sentinel.system.v1.SystemService service.
+type SystemServiceHandler interface {
+	CheckIsInitialized(context.Context, *connect.Request[v1.CheckIsInitializedRequest]) (*connect.Response[v1.CheckIsInitializedResponse], error)
+	Initialize(context.Context, *connect.Request[v1.InitializeRequest]) (*connect.Response[v1.InitializeResponse], error)
+	GetSystemInfo(context.Context, *connect.Request[v1.GetSystemInfoRequest]) (*connect.Response[v1.GetSystemInfoResponse], error)
+	CheckForUpdates(context.Context, *connect.Request[v1.CheckForUpdatesRequest]) (*connect.Response[v1.CheckForUpdatesResponse], error)
+}
+
+// NewSystemServiceHandler builds an HTTP handler from the service implementation. It returns the
+// path on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewSystemServiceHandler(svc SystemServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	systemServiceMethods := v1.File_sentinel_system_v1_service_proto.Services().ByName("SystemService").Methods()
+	systemServiceCheckIsInitializedHandler := connect.NewUnaryHandler(
+		SystemServiceCheckIsInitializedProcedure,
+		svc.CheckIsInitialized,
+		connect.WithSchema(systemServiceMethods.ByName("CheckIsInitialized")),
+		connect.WithHandlerOptions(opts...),
+	)
+	systemServiceInitializeHandler := connect.NewUnaryHandler(
+		SystemServiceInitializeProcedure,
+		svc.Initialize,
+		connect.WithSchema(systemServiceMethods.ByName("Initialize")),
+		connect.WithHandlerOptions(opts...),
+	)
+	systemServiceGetSystemInfoHandler := connect.NewUnaryHandler(
+		SystemServiceGetSystemInfoProcedure,
+		svc.GetSystemInfo,
+		connect.WithSchema(systemServiceMethods.ByName("GetSystemInfo")),
+		connect.WithHandlerOptions(opts...),
+	)
+	systemServiceCheckForUpdatesHandler := connect.NewUnaryHandler(
+		SystemServiceCheckForUpdatesProcedure,
+		svc.CheckForUpdates,
+		connect.WithSchema(systemServiceMethods.ByName("CheckForUpdates")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/sentinel.system.v1.SystemService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case SystemServiceCheckIsInitializedProcedure:
+			systemServiceCheckIsInitializedHandler.ServeHTTP(w, r)
+		case SystemServiceInitializeProcedure:
+			systemServiceInitializeHandler.ServeHTTP(w, r)
+		case SystemServiceGetSystemInfoProcedure:
+			systemServiceGetSystemInfoHandler.ServeHTTP(w, r)
+		case SystemServiceCheckForUpdatesProcedure:
+			systemServiceCheckForUpdatesHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedSystemServiceHandler returns CodeUnimplemented from all methods.
+type UnimplementedSystemServiceHandler struct{}
+
+func (UnimplementedSystemServiceHandler) CheckIsInitialized(context.Context, *connect.Request[v1.CheckIsInitializedRequest]) (*connect.Response[v1.CheckIsInitializedResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.system.v1.SystemService.CheckIsInitialized is not implemented"))
+}
+
+func (UnimplementedSystemServiceHandler) Initialize(context.Context, *connect.Request[v1.InitializeRequest]) (*connect.Response[v1.InitializeResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.system.v1.SystemService.Initialize is not implemented"))
+}
+
+func (UnimplementedSystemServiceHandler) GetSystemInfo(context.Context, *connect.Request[v1.GetSystemInfoRequest]) (*connect.Response[v1.GetSystemInfoResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.system.v1.SystemService.GetSystemInfo is not implemented"))
+}
+
+func (UnimplementedSystemServiceHandler) CheckForUpdates(context.Context, *connect.Request[v1.CheckForUpdatesRequest]) (*connect.Response[v1.CheckForUpdatesResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("sentinel.system.v1.SystemService.CheckForUpdates is not implemented"))
+}
diff --git a/internal/hub/hubserver/api/sentinel/users/v1/users.pb.go b/internal/hub/hubserver/api/sentinel/users/v1/users.pb.go
new file mode 100644
index 0000000..69ddd1f
--- /dev/null
+++ b/internal/hub/hubserver/api/sentinel/users/v1/users.pb.go
@@ -0,0 +1,185 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.9
+// 	protoc        (unknown)
+// source: sentinel/users/v1/users.proto
+
+package usersv1
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type User struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Email         string                 `protobuf:"bytes,2,opt,name=email,proto3" json:"email,omitempty"`
+	FullName      string                 `protobuf:"bytes,3,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	Role          string                 `protobuf:"bytes,4,opt,name=role,proto3" json:"role,omitempty"`
+	AvatarUrl     string                 `protobuf:"bytes,5,opt,name=avatar_url,json=avatarUrl,proto3" json:"avatar_url,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	UpdatedAt     *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *User) Reset() {
+	*x = User{}
+	mi := &file_sentinel_users_v1_users_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *User) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*User) ProtoMessage() {}
+
+func (x *User) ProtoReflect() protoreflect.Message {
+	mi := &file_sentinel_users_v1_users_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use User.ProtoReflect.Descriptor instead.
+func (*User) Descriptor() ([]byte, []int) {
+	return file_sentinel_users_v1_users_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *User) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *User) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *User) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *User) GetRole() string {
+	if x != nil {
+		return x.Role
+	}
+	return ""
+}
+
+func (x *User) GetAvatarUrl() string {
+	if x != nil {
+		return x.AvatarUrl
+	}
+	return ""
+}
+
+func (x *User) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+func (x *User) GetUpdatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return nil
+}
+
+var File_sentinel_users_v1_users_proto protoreflect.FileDescriptor
+
+const file_sentinel_users_v1_users_proto_rawDesc = "" +
+	"\n" +
+	"\x1dsentinel/users/v1/users.proto\x12\x11sentinel.users.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"\xf2\x01\n" +
+	"\x04User\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n" +
+	"\x05email\x18\x02 \x01(\tR\x05email\x12\x1b\n" +
+	"\tfull_name\x18\x03 \x01(\tR\bfullName\x12\x12\n" +
+	"\x04role\x18\x04 \x01(\tR\x04role\x12\x1d\n" +
+	"\n" +
+	"avatar_url\x18\x05 \x01(\tR\tavatarUrl\x129\n" +
+	"\n" +
+	"created_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
+	"\n" +
+	"updated_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAtB\xdc\x01\n" +
+	"\x15com.sentinel.users.v1B\n" +
+	"UsersProtoP\x01ZQgithub.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/users/v1;usersv1\xa2\x02\x03SUX\xaa\x02\x11Sentinel.Users.V1\xca\x02\x11Sentinel\\Users\\V1\xe2\x02\x1dSentinel\\Users\\V1\\GPBMetadata\xea\x02\x13Sentinel::Users::V1b\x06proto3"
+
+var (
+	file_sentinel_users_v1_users_proto_rawDescOnce sync.Once
+	file_sentinel_users_v1_users_proto_rawDescData []byte
+)
+
+func file_sentinel_users_v1_users_proto_rawDescGZIP() []byte {
+	file_sentinel_users_v1_users_proto_rawDescOnce.Do(func() {
+		file_sentinel_users_v1_users_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sentinel_users_v1_users_proto_rawDesc), len(file_sentinel_users_v1_users_proto_rawDesc)))
+	})
+	return file_sentinel_users_v1_users_proto_rawDescData
+}
+
+var file_sentinel_users_v1_users_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_sentinel_users_v1_users_proto_goTypes = []any{
+	(*User)(nil),                  // 0: sentinel.users.v1.User
+	(*timestamppb.Timestamp)(nil), // 1: google.protobuf.Timestamp
+}
+var file_sentinel_users_v1_users_proto_depIdxs = []int32{
+	1, // 0: sentinel.users.v1.User.created_at:type_name -> google.protobuf.Timestamp
+	1, // 1: sentinel.users.v1.User.updated_at:type_name -> google.protobuf.Timestamp
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_sentinel_users_v1_users_proto_init() }
+func file_sentinel_users_v1_users_proto_init() {
+	if File_sentinel_users_v1_users_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sentinel_users_v1_users_proto_rawDesc), len(file_sentinel_users_v1_users_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_sentinel_users_v1_users_proto_goTypes,
+		DependencyIndexes: file_sentinel_users_v1_users_proto_depIdxs,
+		MessageInfos:      file_sentinel_users_v1_users_proto_msgTypes,
+	}.Build()
+	File_sentinel_users_v1_users_proto = out.File
+	file_sentinel_users_v1_users_proto_goTypes = nil
+	file_sentinel_users_v1_users_proto_depIdxs = nil
+}
diff --git a/internal/hub/hubserver/errors.go b/internal/hub/hubserver/errors.go
new file mode 100644
index 0000000..cdc18c9
--- /dev/null
+++ b/internal/hub/hubserver/errors.go
@@ -0,0 +1,5 @@
+package hubserver
+
+import "errors"
+
+var ErrUnavailableAgent = errors.New("agent is unavailable")
diff --git a/internal/hub/hubserver/interceptor.go b/internal/hub/hubserver/interceptor.go
new file mode 100644
index 0000000..dbfd563
--- /dev/null
+++ b/internal/hub/hubserver/interceptor.go
@@ -0,0 +1,107 @@
+package hubserver
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"connectrpc.com/authn"
+	"connectrpc.com/connect"
+	"connectrpc.com/grpchealth"
+	"connectrpc.com/grpcreflect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/tkcrm/mx/logger"
+)
+
+type AgentDataContext struct {
+	Agent models.Agent
+}
+
+type Interceptor struct {
+	logger logger.Logger
+
+	baseServices *baseservices.BaseServices
+}
+
+func NewInterceptor(
+	l logger.Logger,
+	baseServices *baseservices.BaseServices,
+) *Interceptor {
+	return &Interceptor{
+		logger:       l,
+		baseServices: baseServices,
+	}
+}
+
+type (
+	AgentKey int
+)
+
+var AgentCtxKey AgentKey
+
+func (s *Interceptor) ConnectRPCAuthMiddleware() *authn.Middleware {
+	authFn := func(ctx context.Context, req *http.Request) (any, error) {
+		ud, err := s.authorize(ctx, req)
+		if err != nil {
+			return nil, err
+		}
+
+		return ud, nil
+	}
+
+	return authn.NewMiddleware(authFn)
+}
+
+func (s *Interceptor) authorize(ctx context.Context, req *http.Request) (*AgentDataContext, error) {
+	method, ok := authn.InferProcedure(req.URL)
+	if !ok {
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to infer procedure"))
+	}
+
+	// available reflect and health methods
+	if strings.Contains(method, grpcreflect.ReflectV1AlphaServiceName) ||
+		strings.Contains(method, grpcreflect.ReflectV1ServiceName) ||
+		strings.Contains(method, grpchealth.HealthV1ServiceName) {
+		return nil, nil //nolint:nilnil
+	}
+
+	agentID, secret, err := agents.ParseAuthHeader(req.Header.Get("Authorization"))
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("failed to parse auth header: %w", err))
+	}
+
+	agent, err := s.baseServices.Agents().GetByID(ctx, agentID)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("failed to get agent by ID: %w", err))
+	}
+
+	ok, err = agents.VerifySecret(secret, agent.SecretHash)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to verify agent secret: %w", err))
+	}
+	if !ok {
+		return nil, connect.NewError(connect.CodeUnauthenticated, fmt.Errorf("agent secret is invalid"))
+	}
+
+	if !agent.IsEnabled {
+		return nil, connect.NewError(connect.CodePermissionDenied, fmt.Errorf("agent is disabled"))
+	}
+
+	ad := &AgentDataContext{
+		Agent: *agent,
+	}
+
+	return ad, nil
+}
+
+func agentDataFromContext(ctx context.Context) (*AgentDataContext, error) {
+	u, ok := authn.GetInfo(ctx).(*AgentDataContext)
+	if !ok || u == nil {
+		return nil, ErrUnavailableAgent
+	}
+
+	return u, nil
+}
diff --git a/internal/hub/hubserver/server.go b/internal/hub/hubserver/server.go
new file mode 100644
index 0000000..ed7dff9
--- /dev/null
+++ b/internal/hub/hubserver/server.go
@@ -0,0 +1,265 @@
+package hubserver
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"connectrpc.com/connect"
+	"github.com/puzpuzpuz/xsync/v3"
+	"github.com/sxwebdev/sentinel/internal/alertresolver"
+	hubv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/hub/v1/hubv1connect"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/servers/ptconverts"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_agents"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"github.com/tkcrm/modules/pkg/db/dbutils"
+	"github.com/tkcrm/mx/logger"
+	"github.com/tkcrm/mx/transport/connectrpc_transport"
+	"google.golang.org/protobuf/types/known/emptypb"
+)
+
+type Server struct {
+	logger logger.Logger
+
+	// global context
+	gCtx context.Context
+
+	baseservices *baseservices.BaseServices
+	ar           *alertresolver.AlertResolver
+
+	// Map of authorized agents: key is agent ID, value is name
+	authorizedAgents *xsync.MapOf[string, string]
+
+	hubv1connect.UnimplementedHubServiceHandler
+	connectrpc_transport.ConnectRPCService
+}
+
+func New(
+	gCtx context.Context,
+	l logger.Logger,
+	baseservices *baseservices.BaseServices,
+	ar *alertresolver.AlertResolver,
+) *Server {
+	return &Server{
+		logger:           l,
+		gCtx:             gCtx,
+		baseservices:     baseservices,
+		ar:               ar,
+		authorizedAgents: xsync.NewMapOf[string, string](),
+	}
+}
+
+func (s *Server) Name() string { return hubv1connect.HubServiceName }
+
+func (s *Server) RegisterHandler(opts ...connect.HandlerOption) (string, http.Handler) {
+	return hubv1connect.NewHubServiceHandler(s, opts...)
+}
+
+// Ping is a health check endpoint.
+func (s *Server) Ping(_ context.Context, _ *connect.Request[emptypb.Empty]) (*connect.Response[emptypb.Empty], error) {
+	return connect.NewResponse(&emptypb.Empty{}), nil
+}
+
+// Authenticate is a no-op for now
+func (s *Server) Authenticate(ctx context.Context, req *connect.Request[hubv1.AuthenticateRequest]) (*connect.Response[hubv1.AuthenticateResponse], error) {
+	agentData, err := agentDataFromContext(ctx)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	if err := s.baseservices.Agents().CheckAndUpsertFingerprint(ctx, agentData.Agent.ID, agentData.Agent.ProjectID, req.Msg.Fingerprint); err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	return connect.NewResponse(&hubv1.AuthenticateResponse{}), nil
+}
+
+// ReportSystemInfo returns information about the agent
+func (s *Server) ReportSystemInfo(ctx context.Context, req *connect.Request[hubv1.ReportSystemInfoRequest]) (*connect.Response[hubv1.ReportSystemInfoResponse], error) {
+	agentData, err := agentDataFromContext(ctx)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	if _, err := s.baseservices.Agents().Update(ctx,
+		agentData.Agent.ID,
+		agentData.Agent.ProjectID,
+		agents.UpdateParams{
+			Status:     ptconverts.ConvertAgentStatusFromProto(req.Msg.Status),
+			SystemInfo: ptconverts.ConvertSystemInfoFromProto(req.Msg.SystemInfo),
+			LastSeenAt: utils.Pointer(time.Now()),
+			FieldMask: dbutils.FieldMask[repo_agents.ColumnName]{
+				repo_agents.ColumnNameAgentsStatus,
+				repo_agents.ColumnNameAgentsSystemInfo,
+				repo_agents.ColumnNameAgentsLastSeenAt,
+			},
+		}); err != nil {
+		return nil, err
+	}
+
+	return connect.NewResponse(new(hubv1.ReportSystemInfoResponse)), nil
+}
+
+// FetchServices fetches the list of services to be monitored by the agent.
+// func (s *Server) FetchServices(ctx context.Context, _ *connect.Request[hubv1.FetchServicesRequest]) (*connect.Response[hubv1.FetchServicesResponse], error) {
+// 	agentData, err := agentDataFromContext(ctx)
+// 	if err != nil {
+// 		return nil, connect.NewError(connect.CodeUnauthenticated, err)
+// 	}
+
+// 	services, err := s.baseservices.Services().GetAllEnabledByAgentID(ctx, agentData.Agent.ID)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	var respServices []*servicev1.Service
+// 	for _, svc := range services {
+// 		svcProto, err := ptconverts.ConvertServiceToProto(svc)
+// 		if err != nil {
+// 			return nil, err
+// 		}
+// 		respServices = append(respServices, svcProto)
+// 	}
+
+// 	return connect.NewResponse(&hubv1.FetchServicesResponse{
+// 		Services: respServices,
+// 	}), nil
+// }
+
+// SubscribeServices is a server-side streaming RPC that streams service updates to the agent.
+func (s *Server) SubscribeServices(
+	ctx context.Context,
+	req *connect.Request[hubv1.SubscribeServicesRequest],
+	stream *connect.ServerStream[hubv1.SubscribeServicesResponse],
+) error {
+	agentData, err := agentDataFromContext(ctx)
+	if err != nil {
+		return connect.NewError(connect.CodeUnauthenticated, err)
+	}
+
+	s.authorizedAgents.Store(agentData.Agent.ID, agentData.Agent.Name)
+	if _, err := s.baseservices.Agents().Update(ctx,
+		agentData.Agent.ID,
+		agentData.Agent.ProjectID,
+		agents.UpdateParams{
+			Status: models.AgentStatusTypeActive,
+			FieldMask: dbutils.FieldMask[repo_agents.ColumnName]{
+				repo_agents.ColumnNameAgentsStatus,
+			},
+		}); err != nil {
+		return connect.NewError(connect.CodeInternal, err)
+	}
+
+	s.logger.Infoln("agent connected:", agentData.Agent.ID, agentData.Agent.Name)
+	defer func() {
+		if _, err := s.baseservices.Agents().Update(context.Background(),
+			agentData.Agent.ID,
+			agentData.Agent.ProjectID,
+			agents.UpdateParams{
+				Status: models.AgentStatusTypeInactive,
+				FieldMask: dbutils.FieldMask[repo_agents.ColumnName]{
+					repo_agents.ColumnNameAgentsStatus,
+				},
+			}); err != nil {
+			s.logger.Errorf("failed to set agent status to inactive: %s", err)
+		}
+
+		s.authorizedAgents.Delete(agentData.Agent.ID)
+
+		s.logger.Infoln("agent disconnected:", agentData.Agent.ID, agentData.Agent.Name)
+	}()
+
+	ticker := time.NewTicker(5 * time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			// // send test upsert
+			// if err := stream.Send(&hubv1.SubscribeServicesResponse{
+			// 	Update: &hubv1.SubscribeServicesResponse_Upsert{
+			// 		Upsert: &hubv1.ServiceUpsert{
+			// 			Service: &servicev1.Service{
+			// 				Id: "service-id-upsert",
+			// 			},
+			// 		},
+			// 	},
+			// }); err != nil {
+			// 	return err
+			// }
+
+			// // send test delete
+			// if err := stream.Send(&hubv1.SubscribeServicesResponse{
+			// 	Update: &hubv1.SubscribeServicesResponse_Delete{
+			// 		Delete: &hubv1.ServiceDelete{
+			// 			ServiceId: "service-id-delete",
+			// 		},
+			// 	},
+			// }); err != nil {
+			// 	return err
+			// }
+		case <-ctx.Done():
+			return nil
+		case <-s.gCtx.Done():
+			return nil
+		}
+	}
+}
+
+// StreamChecks streams check results from the agent to the server.
+func (s *Server) StreamChecks(ctx context.Context, stream *connect.BidiStream[hubv1.StreamChecksRequest, hubv1.StreamChecksResponse]) error {
+	s.logger.Infoln("agent started streaming check results")
+	for ctx.Err() == nil {
+		req, err := stream.Receive()
+		if err != nil {
+			return err
+		}
+
+		if len(req.GetResults()) == 0 {
+			continue
+		}
+
+		s.logger.Infof("received %d check results, seq: %d", len(req.GetResults()), req.GetSeq())
+
+		for _, result := range req.GetResults() {
+			var isSuccess bool
+			if result.GetResponseErrorMessage() == "" {
+				isSuccess = true
+			}
+
+			if isSuccess {
+				if err := s.ar.RecordSuccess(
+					ctx,
+					result.GetServiceId(),
+					time.Duration(result.GetResponseTime())*time.Millisecond,
+				); err != nil {
+					return fmt.Errorf("failed to record success: %w", err)
+				}
+			} else {
+				if err := s.ar.RecordFailure(
+					ctx,
+					result.GetServiceId(),
+					errors.New(result.GetResponseErrorMessage()),
+					time.Duration(result.GetResponseTime())*time.Millisecond,
+				); err != nil {
+					return fmt.Errorf("failed to record failure: %w", err)
+				}
+			}
+
+			// Acknowledge receipt of the result
+			if err := stream.Send(&hubv1.StreamChecksResponse{
+				UptoSeq: req.GetSeq(),
+			}); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/internal/models/agents.go b/internal/models/agents.go
new file mode 100644
index 0000000..78c8032
--- /dev/null
+++ b/internal/models/agents.go
@@ -0,0 +1,61 @@
+package models
+
+import (
+	"database/sql/driver"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type AgentStatusType string
+
+const (
+	AgentStatusTypeUnknown  AgentStatusType = "unknown"
+	AgentStatusTypeActive   AgentStatusType = "active"
+	AgentStatusTypeInactive AgentStatusType = "inactive"
+)
+
+func (s AgentStatusType) String() string {
+	return string(s)
+}
+
+type AgentKindType string
+
+const (
+	AgentKindTypeHub      AgentKindType = "hub"
+	AgentKindTypeExternal AgentKindType = "external"
+)
+
+func (s AgentKindType) String() string {
+	return string(s)
+}
+
+// Validate agent kind
+func (s AgentKindType) Validate() error {
+	switch s {
+	case AgentKindTypeHub, AgentKindTypeExternal:
+		return nil
+	default:
+		return fmt.Errorf("invalid agent kind: %s", s)
+	}
+}
+
+type AgentConfig struct{}
+
+// Scan implements the interface for scanning DB values into struct fields.
+func (s *AgentConfig) Scan(value any) error {
+	var jsonField storecmn.JSONField
+	if err := jsonField.Scan(value); err != nil {
+		return err
+	}
+	return jsonField.ConvertToAny(s)
+}
+
+// Value implements the interface for converting struct fields into DB values.
+func (s AgentConfig) Value() (driver.Value, error) {
+	var jsonField storecmn.JSONField
+	if err := jsonField.UnmarshalFromAny(s); err != nil {
+		return nil, err
+	}
+	return jsonField.Value()
+}
diff --git a/internal/models/models_gen.go b/internal/models/models_gen.go
new file mode 100644
index 0000000..270e5a4
--- /dev/null
+++ b/internal/models/models_gen.go
@@ -0,0 +1,237 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package models
+
+import (
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type Agent struct {
+	ID          string          `db:"id" json:"id"`
+	Name        string          `db:"name" json:"name"`
+	Description string          `db:"description" json:"description"`
+	SecretHash  string          `db:"secret_hash" json:"secret_hash"`
+	TokenHint   string          `db:"token_hint" json:"token_hint"`
+	Fingerprint *string         `db:"fingerprint" json:"fingerprint"`
+	Kind        AgentKindType   `db:"kind" json:"kind"`
+	Status      AgentStatusType `db:"status" json:"status"`
+	IsEnabled   bool            `db:"is_enabled" json:"is_enabled"`
+	Location    *string         `db:"location" json:"location"`
+	Tags        Tags            `db:"tags" json:"tags"`
+	Config      AgentConfig     `db:"config" json:"config"`
+	SystemInfo  SystemInfo      `db:"system_info" json:"system_info"`
+	ProjectID   string          `db:"project_id" json:"project_id"`
+	LastSeenAt  *time.Time      `db:"last_seen_at" json:"last_seen_at"`
+	CreatedAt   time.Time       `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time       `db:"updated_at" json:"updated_at"`
+}
+
+type Alert struct {
+	ID         string    `db:"id" json:"id"`
+	IncidentID string    `db:"incident_id" json:"incident_id"`
+	PolicyID   string    `db:"policy_id" json:"policy_id"`
+	Status     string    `db:"status" json:"status"`
+	CreatedAt  time.Time `db:"created_at" json:"created_at"`
+}
+
+type AlertPolicy struct {
+	ID        string             `db:"id" json:"id"`
+	Name      string             `db:"name" json:"name"`
+	Rules     storecmn.JSONField `db:"rules" json:"rules"`
+	IsEnabled bool               `db:"is_enabled" json:"is_enabled"`
+	ProjectID string             `db:"project_id" json:"project_id"`
+	CreatedAt time.Time          `db:"created_at" json:"created_at"`
+	UpdatedAt time.Time          `db:"updated_at" json:"updated_at"`
+}
+
+type AlertPolicyMonitor struct {
+	PolicyID  string `db:"policy_id" json:"policy_id"`
+	MonitorID string `db:"monitor_id" json:"monitor_id"`
+}
+
+type AlertPolicyResource struct {
+	PolicyID   string `db:"policy_id" json:"policy_id"`
+	ResourceID string `db:"resource_id" json:"resource_id"`
+}
+
+type Incident struct {
+	ID          string     `db:"id" json:"id"`
+	ProjectID   string     `db:"project_id" json:"project_id"`
+	Origin      string     `db:"origin" json:"origin"`
+	MonitorID   *string    `db:"monitor_id" json:"monitor_id"`
+	ResourceID  *string    `db:"resource_id" json:"resource_id"`
+	AgentID     *string    `db:"agent_id" json:"agent_id"`
+	Kind        string     `db:"kind" json:"kind"`
+	Status      string     `db:"status" json:"status"`
+	Severity    int64      `db:"severity" json:"severity"`
+	Summary     string     `db:"summary" json:"summary"`
+	FirstSeenAt time.Time  `db:"first_seen_at" json:"first_seen_at"`
+	LastSeenAt  time.Time  `db:"last_seen_at" json:"last_seen_at"`
+	ResolvedAt  *time.Time `db:"resolved_at" json:"resolved_at"`
+	CreatedAt   time.Time  `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time  `db:"updated_at" json:"updated_at"`
+}
+
+type IncidentEvent struct {
+	ID         int64              `db:"id" json:"id"`
+	IncidentID string             `db:"incident_id" json:"incident_id"`
+	CreatedAt  time.Time          `db:"created_at" json:"created_at"`
+	Type       string             `db:"type" json:"type"`
+	Payload    storecmn.JSONField `db:"payload" json:"payload"`
+}
+
+type MaintenanceWindow struct {
+	ID        string    `db:"id" json:"id"`
+	Name      string    `db:"name" json:"name"`
+	StartAt   time.Time `db:"start_at" json:"start_at"`
+	EndAt     time.Time `db:"end_at" json:"end_at"`
+	Reason    *string   `db:"reason" json:"reason"`
+	CreatedAt time.Time `db:"created_at" json:"created_at"`
+	UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
+}
+
+type Monitor struct {
+	ID         string             `db:"id" json:"id"`
+	ProjectID  string             `db:"project_id" json:"project_id"`
+	ResourceID string             `db:"resource_id" json:"resource_id"`
+	Name       string             `db:"name" json:"name"`
+	Kind       string             `db:"kind" json:"kind"`
+	IsEnabled  bool               `db:"is_enabled" json:"is_enabled"`
+	Tags       storecmn.JSONField `db:"tags" json:"tags"`
+	CreatedAt  time.Time          `db:"created_at" json:"created_at"`
+	UpdatedAt  time.Time          `db:"updated_at" json:"updated_at"`
+}
+
+type MonitorAgent struct {
+	ID        string    `db:"id" json:"id"`
+	ProjectID string    `db:"project_id" json:"project_id"`
+	MonitorID string    `db:"monitor_id" json:"monitor_id"`
+	AgentID   string    `db:"agent_id" json:"agent_id"`
+	CreatedAt time.Time `db:"created_at" json:"created_at"`
+}
+
+type MonitorCheck struct {
+	ID           string             `db:"id" json:"id"`
+	ProjectID    string             `db:"project_id" json:"project_id"`
+	MonitorID    string             `db:"monitor_id" json:"monitor_id"`
+	RevisionID   int64              `db:"revision_id" json:"revision_id"`
+	ResourceID   string             `db:"resource_id" json:"resource_id"`
+	AgentID      string             `db:"agent_id" json:"agent_id"`
+	StartedAt    time.Time          `db:"started_at" json:"started_at"`
+	CompletedAt  time.Time          `db:"completed_at" json:"completed_at"`
+	Severity     int64              `db:"severity" json:"severity"`
+	ResponseTime int64              `db:"response_time" json:"response_time"`
+	Evaluation   storecmn.JSONField `db:"evaluation" json:"evaluation"`
+	Meta         storecmn.JSONField `db:"meta" json:"meta"`
+	CreatedAt    time.Time          `db:"created_at" json:"created_at"`
+}
+
+type MonitorRevision struct {
+	ID                int64              `db:"id" json:"id"`
+	MonitorID         string             `db:"monitor_id" json:"monitor_id"`
+	Config            storecmn.JSONField `db:"config" json:"config"`
+	ContentHashUint64 int64              `db:"content_hash_uint64" json:"content_hash_uint64"`
+	IsActive          bool               `db:"is_active" json:"is_active"`
+	CreatedAt         time.Time          `db:"created_at" json:"created_at"`
+}
+
+type MonitorState struct {
+	ID                 string     `db:"id" json:"id"`
+	ProjectID          string     `db:"project_id" json:"project_id"`
+	MonitorID          string     `db:"monitor_id" json:"monitor_id"`
+	ResourceID         string     `db:"resource_id" json:"resource_id"`
+	AgentID            *string    `db:"agent_id" json:"agent_id"`
+	Severity           int64      `db:"severity" json:"severity"`
+	Status             string     `db:"status" json:"status"`
+	LastCheck          *time.Time `db:"last_check" json:"last_check"`
+	LastError          *string    `db:"last_error" json:"last_error"`
+	ConsecutiveFails   int64      `db:"consecutive_fails" json:"consecutive_fails"`
+	ConsecutiveSuccess int64      `db:"consecutive_success" json:"consecutive_success"`
+	TotalChecks        int64      `db:"total_checks" json:"total_checks"`
+	AvgResponseTime    int64      `db:"avg_response_time" json:"avg_response_time"`
+	UpdatedAt          time.Time  `db:"updated_at" json:"updated_at"`
+}
+
+type MwMonitor struct {
+	MwID      string `db:"mw_id" json:"mw_id"`
+	MonitorID string `db:"monitor_id" json:"monitor_id"`
+}
+
+type MwProject struct {
+	MwID      string `db:"mw_id" json:"mw_id"`
+	ProjectID string `db:"project_id" json:"project_id"`
+}
+
+type MwResource struct {
+	MwID       string `db:"mw_id" json:"mw_id"`
+	ResourceID string `db:"resource_id" json:"resource_id"`
+}
+
+type NotificationHistory struct {
+	ID            string     `db:"id" json:"id"`
+	AlertID       *string    `db:"alert_id" json:"alert_id"`
+	ProviderID    string     `db:"provider_id" json:"provider_id"`
+	Message       string     `db:"message" json:"message"`
+	Status        string     `db:"status" json:"status"`
+	Response      *string    `db:"response" json:"response"`
+	Attempts      int64      `db:"attempts" json:"attempts"`
+	ErrorMessage  *string    `db:"error_message" json:"error_message"`
+	LastAttemptAt *time.Time `db:"last_attempt_at" json:"last_attempt_at"`
+	SentAt        *time.Time `db:"sent_at" json:"sent_at"`
+	CreatedAt     time.Time  `db:"created_at" json:"created_at"`
+	UpdatedAt     time.Time  `db:"updated_at" json:"updated_at"`
+}
+
+type NotificationProvider struct {
+	ID           string                   `db:"id" json:"id"`
+	ProviderType NotificationProviderType `db:"provider_type" json:"provider_type"`
+	Config       storecmn.JSONField       `db:"config" json:"config"`
+	IsEnabled    bool                     `db:"is_enabled" json:"is_enabled"`
+	ProjectID    string                   `db:"project_id" json:"project_id"`
+	CreatedAt    time.Time                `db:"created_at" json:"created_at"`
+	UpdatedAt    time.Time                `db:"updated_at" json:"updated_at"`
+}
+
+type Project struct {
+	ID          string          `db:"id" json:"id" validate:"required"`
+	Name        string          `db:"name" json:"name" validate:"required"`
+	Description string          `db:"description" json:"description"`
+	Settings    ProjectSettings `db:"settings" json:"settings"`
+	CreatedAt   time.Time       `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time       `db:"updated_at" json:"updated_at"`
+}
+
+type Resource struct {
+	ID          string           `db:"id" json:"id"`
+	ProjectID   string           `db:"project_id" json:"project_id"`
+	Name        string           `db:"name" json:"name"`
+	Description string           `db:"description" json:"description"`
+	Kind        ResourceKindType `db:"kind" json:"kind"`
+	Tags        Tags             `db:"tags" json:"tags"`
+	Payload     ResourcePayload  `db:"payload" json:"payload"`
+	CreatedAt   time.Time        `db:"created_at" json:"created_at"`
+	UpdatedAt   time.Time        `db:"updated_at" json:"updated_at"`
+}
+
+type ResourceAgent struct {
+	ID         string    `db:"id" json:"id"`
+	ResourceID string    `db:"resource_id" json:"resource_id"`
+	AgentID    string    `db:"agent_id" json:"agent_id"`
+	ProjectID  string    `db:"project_id" json:"project_id"`
+	CreatedAt  time.Time `db:"created_at" json:"created_at"`
+}
+
+type User struct {
+	ID        string    `db:"id" json:"id" validate:"required"`
+	Email     string    `db:"email" json:"email" validate:"required,email"`
+	Password  string    `db:"password" json:"password" validate:"required"`
+	FullName  string    `db:"full_name" json:"full_name"`
+	Role      UserRole  `db:"role" json:"role" validate:"required,oneof=root admin user"`
+	Avatar    string    `db:"avatar" json:"avatar"`
+	CreatedAt time.Time `db:"created_at" json:"created_at"`
+	UpdatedAt time.Time `db:"updated_at" json:"updated_at"`
+}
diff --git a/internal/models/notification.go b/internal/models/notification.go
new file mode 100644
index 0000000..12e7ec0
--- /dev/null
+++ b/internal/models/notification.go
@@ -0,0 +1,51 @@
+package models
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/nicholas-fedor/shoutrrr"
+)
+
+type NotificationProviderType string
+
+const (
+	NotificationProviderTypeShoutrrr NotificationProviderType = "shoutrrr"
+)
+
+// Validate checks the validity of the NotificationProvider fields.
+func (n NotificationProviderType) Validate() error {
+	if n == "" {
+		return fmt.Errorf("empty notification provider type")
+	}
+
+	switch n {
+	case NotificationProviderTypeShoutrrr:
+		return nil
+	default:
+		return fmt.Errorf("invalid notification provider type: %s", n)
+	}
+}
+
+type NotificationProviderShoutrrrConfig struct {
+	URL string `json:"url"`
+}
+
+// Validate checks the validity of the NotificationProviderShoutrrrConfig fields.
+func (n NotificationProviderShoutrrrConfig) Validate() error {
+	if n.URL == "" {
+		return fmt.Errorf("empty shoutrrr url")
+	}
+
+	_, err := shoutrrr.CreateSender(n.URL)
+	if err != nil {
+		return errors.New("invalid shoutrrr url")
+	}
+
+	return nil
+}
+
+type NotificationHistoryView struct {
+	NotificationHistory
+	MonitorName *string `json:"monitor_name"`
+}
diff --git a/internal/models/projects.go b/internal/models/projects.go
new file mode 100644
index 0000000..87d4350
--- /dev/null
+++ b/internal/models/projects.go
@@ -0,0 +1,35 @@
+package models
+
+import (
+	"database/sql/driver"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ProjectSettings struct {
+	MonitorDefaults ProjectMonitorDefaults `json:"monitor_defaults"`
+}
+
+type ProjectMonitorDefaults struct {
+	Interval int64 `json:"interval" default:"60000"` // in milliseconds
+	Timeout  int64 `json:"timeout" default:"10000"`  // in milliseconds
+	Retries  int64 `json:"retries" default:"10"`
+}
+
+// Scan implements the interface for scanning DB values into struct fields.
+func (s *ProjectSettings) Scan(value any) error {
+	var jsonField storecmn.JSONField
+	if err := jsonField.Scan(value); err != nil {
+		return err
+	}
+	return jsonField.ConvertToAny(s)
+}
+
+// Value implements the interface for converting struct fields into DB values.
+func (s ProjectSettings) Value() (driver.Value, error) {
+	var jsonField storecmn.JSONField
+	if err := jsonField.UnmarshalFromAny(s); err != nil {
+		return nil, err
+	}
+	return jsonField.Value()
+}
diff --git a/internal/models/resources.go b/internal/models/resources.go
new file mode 100644
index 0000000..f1e3bb1
--- /dev/null
+++ b/internal/models/resources.go
@@ -0,0 +1,50 @@
+package models
+
+import (
+	"database/sql/driver"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ResourceKindType string
+
+const (
+	ResourceKindTypeUnknown ResourceKindType = "unknown"
+	ResourceKindTypeServer  ResourceKindType = "server"
+	ResourceKindTypeService ResourceKindType = "service"
+)
+
+func (s ResourceKindType) String() string {
+	return string(s)
+}
+
+// Validate checks if the ResourceKindType is valid
+func (s ResourceKindType) Validate() error {
+	switch s {
+	case ResourceKindTypeServer, ResourceKindTypeService:
+		return nil
+	default:
+		return fmt.Errorf("invalid resource kind: %s", s)
+	}
+}
+
+type ResourcePayload struct{}
+
+// Scan implements the interface for scanning DB values into struct fields.
+func (s *ResourcePayload) Scan(value any) error {
+	var jsonField storecmn.JSONField
+	if err := jsonField.Scan(value); err != nil {
+		return err
+	}
+	return jsonField.ConvertToAny(s)
+}
+
+// Value implements the interface for converting struct fields into DB values.
+func (s ResourcePayload) Value() (driver.Value, error) {
+	var jsonField storecmn.JSONField
+	if err := jsonField.UnmarshalFromAny(s); err != nil {
+		return nil, err
+	}
+	return jsonField.Value()
+}
diff --git a/internal/models/service.go b/internal/models/service.go
new file mode 100644
index 0000000..0a57b3f
--- /dev/null
+++ b/internal/models/service.go
@@ -0,0 +1,86 @@
+package models
+
+import (
+	"fmt"
+	"time"
+)
+
+type ServiceProtocolType string
+
+const (
+	ServiceProtocolTypeUnknown ServiceProtocolType = "unknown"
+	ServiceProtocolTypeHTTP    ServiceProtocolType = "http"
+	ServiceProtocolTypeTCP     ServiceProtocolType = "tcp"
+	ServiceProtocolTypeGRPC    ServiceProtocolType = "grpc"
+)
+
+// Validate checks if the ServiceProtocolType is valid
+func (s ServiceProtocolType) Validate() error {
+	switch s {
+	case ServiceProtocolTypeHTTP, ServiceProtocolTypeTCP, ServiceProtocolTypeGRPC:
+		return nil
+	default:
+		return fmt.Errorf("invalid service protocol type: %s", s)
+	}
+}
+
+// String returns the string representation of the ServiceProtocolType
+func (s ServiceProtocolType) String() string {
+	return string(s)
+}
+
+// ServiceStatus represents the current status of a service
+type ServiceStatus string
+
+const (
+	ServiceStatusUnknown ServiceStatus = "unknown"
+	ServiceStatusUp      ServiceStatus = "up"
+	ServiceStatusDown    ServiceStatus = "down"
+)
+
+// Validate checks if the ServiceStatus is valid
+func (s ServiceStatus) Validate() error {
+	switch s {
+	case ServiceStatusUnknown, ServiceStatusUp, ServiceStatusDown:
+		return nil
+	default:
+		return fmt.Errorf("invalid service status: %s", s)
+	}
+}
+
+func (s ServiceStatus) String() string {
+	return string(s)
+}
+
+type ServiceFullView struct {
+	ID                     string              `json:"id"`
+	Name                   string              `json:"name"`
+	Protocol               ServiceProtocolType `json:"protocol"`
+	Interval               int64               `json:"interval"`
+	Timeout                int64               `json:"timeout"`
+	Retries                int64               `json:"retries"`
+	Tags                   []string            `json:"tags"`
+	Config                 map[string]any      `json:"config"`
+	IsNotificationsEnabled bool                `json:"is_notifications_enabled"`
+	IsEnabled              bool                `json:"is_enabled"`
+	CreatedAt              time.Time           `json:"created_at"`
+	UpdatedAt              time.Time           `json:"updated_at"`
+	ActiveIncidents        int                 `json:"active_incidents,omitempty"`
+	TotalIncidents         int                 `json:"total_incidents,omitempty"`
+	Status                 ServiceStatus       `json:"status"`
+	LastCheck              *time.Time          `json:"last_check,omitempty"`
+	LastError              *string             `json:"last_error,omitempty"`
+	ConsecutiveFails       int                 `json:"consecutive_fails"`
+	ConsecutiveSuccess     int                 `json:"consecutive_success"`
+	TotalChecks            int                 `json:"total_checks"`
+	AvgResponseTime        *int64              `json:"avg_response_time"`
+}
+
+// GetConfig returns config value by key or default if not set
+// func (s *Service) GetConfig() (map[string]any, error) {
+// 	var config map[string]any
+// 	if err := json.Unmarshal([]byte(s.Config), &config); err != nil {
+// 		return nil, err
+// 	}
+// 	return config, nil
+// }
diff --git a/internal/models/system_info.go b/internal/models/system_info.go
new file mode 100644
index 0000000..f9c2040
--- /dev/null
+++ b/internal/models/system_info.go
@@ -0,0 +1,86 @@
+package models
+
+import (
+	"database/sql/driver"
+	"os"
+	"runtime"
+	"time"
+
+	"github.com/shirou/gopsutil/v4/cpu"
+	"github.com/shirou/gopsutil/v4/host"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+)
+
+type SystemInfo struct {
+	Version       string     `json:"version"`
+	CommitHash    string     `json:"commit_hash"`
+	BuildDate     string     `json:"build_date"`
+	GoVersion     string     `json:"go_version"`
+	SqliteVersion string     `json:"sqlite_version"`
+	OS            string     `json:"os"`
+	Arch          string     `json:"arch"`
+	Hostname      string     `json:"hostname"`
+	KernelVersion string     `json:"kernel_version"`
+	CpuModel      string     `json:"cpu_model"`
+	IpAddress     string     `json:"ip_address"`
+	StartedAt     *time.Time `json:"started_at"`
+}
+
+type AvailableUpdateDetails struct {
+	IsAvailableManual bool   `json:"is_available_manual"`
+	TagName           string `json:"tag_name"`
+	URL               string `json:"url"`
+	Description       string `json:"description,omitempty"`
+}
+
+type AvailableUpdate struct {
+	CurrentVersion string                 `json:"current_version"`
+	IsAvailable    bool                   `json:"is_available"`
+	Details        AvailableUpdateDetails `json:"details,omitempty"`
+}
+
+// Scan implements the interface for scanning DB values into struct fields.
+func (s *SystemInfo) Scan(value any) error {
+	var jsonField storecmn.JSONField
+	if err := jsonField.Scan(value); err != nil {
+		return err
+	}
+	return jsonField.ConvertToAny(s)
+}
+
+// Value implements the interface for converting struct fields into DB values.
+func (s SystemInfo) Value() (driver.Value, error) {
+	var jsonField storecmn.JSONField
+	if err := jsonField.UnmarshalFromAny(s); err != nil {
+		return nil, err
+	}
+	return jsonField.Value()
+}
+
+var startedAt = time.Now()
+
+func GetSystemInfo(version, commitHash, buildDate string) *SystemInfo {
+	info := &SystemInfo{
+		Version:    version,
+		CommitHash: commitHash,
+		BuildDate:  buildDate,
+		GoVersion:  runtime.Version(),
+		OS:         runtime.GOOS,
+		Arch:       runtime.GOARCH,
+		StartedAt:  &startedAt,
+	}
+
+	info.Hostname, _ = os.Hostname()
+
+	// get public ip address (fallbacks to local if unavailable)
+	info.IpAddress = utils.GetPublicIP()
+
+	if cpuInfo, err := cpu.Info(); err == nil && len(cpuInfo) > 0 {
+		info.CpuModel = cpuInfo[0].ModelName
+	}
+
+	info.KernelVersion, _ = host.KernelVersion()
+
+	return info
+}
diff --git a/internal/models/tags.go b/internal/models/tags.go
new file mode 100644
index 0000000..16f19d5
--- /dev/null
+++ b/internal/models/tags.go
@@ -0,0 +1,48 @@
+package models
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"fmt"
+)
+
+type Tags []string
+
+// Scan implements the sql.Scanner interface for
+func (t *Tags) Scan(value any) error {
+	if value == nil {
+		*t = nil
+		return nil
+	}
+
+	switch v := value.(type) {
+	case string:
+		if v == "" {
+			*t = Tags{}
+			return nil
+		}
+		*t = Tags{}
+		return json.Unmarshal([]byte(v), t)
+	case []byte:
+		if len(v) == 0 {
+			*t = Tags{}
+			return nil
+		}
+		*t = Tags{}
+		return json.Unmarshal(v, t)
+	default:
+		return fmt.Errorf("cannot scan %T into Tags", value)
+	}
+}
+
+// Value implements the driver.Valuer interface for Tags
+func (t Tags) Value() (driver.Value, error) {
+	if len(t) == 0 {
+		return "[]", nil
+	}
+	bytes, err := json.Marshal(t)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal Tags: %w", err)
+	}
+	return string(bytes), nil
+}
diff --git a/internal/models/users.go b/internal/models/users.go
new file mode 100644
index 0000000..2ad7b52
--- /dev/null
+++ b/internal/models/users.go
@@ -0,0 +1,53 @@
+package models
+
+import (
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/pkg/rbacconnect"
+)
+
+// GetID returns the ID of the user
+func (u User) GetID() string {
+	return u.ID
+}
+
+// GetEmail returns the email of the user
+func (u User) GetEmail() string {
+	return u.Email
+}
+
+// GetPassword returns the password of the user
+func (u User) GetPassword() string {
+	return u.Password
+}
+
+// GetRole returns the role of the user
+func (u User) GetRole() string {
+	return u.Role
+}
+
+// HasRole checks if the user has the specified role
+func (u User) HasRole(role UserRole) bool {
+	return u.Role == role
+}
+
+type UserRole = rbacconnect.Role
+
+const (
+	// UserRoleRoot represents a root user
+	UserRoleRoot UserRole = "root"
+	// UserRoleAdmin represents an admin user
+	UserRoleAdmin UserRole = "admin"
+	// UserRoleUser represents a regular user
+	UserRoleUser UserRole = "user"
+)
+
+// ValidateUserRole checks if the UserRole is valid
+func ValidateUserRole(r UserRole) error {
+	switch r {
+	case UserRoleRoot, UserRoleAdmin, UserRoleUser:
+		return nil
+	default:
+		return fmt.Errorf("invalid user role: %s", r)
+	}
+}
diff --git a/internal/monitor/monitor.go b/internal/monitor/monitor.go
deleted file mode 100644
index deb6455..0000000
--- a/internal/monitor/monitor.go
+++ /dev/null
@@ -1,335 +0,0 @@
-package monitor
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"slices"
-	"time"
-
-	"github.com/sxwebdev/sentinel/internal/config"
-	"github.com/sxwebdev/sentinel/internal/notifier"
-	"github.com/sxwebdev/sentinel/internal/receiver"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/utils"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-)
-
-// MonitorService handles service monitoring
-type MonitorService struct {
-	storage  storage.Storage
-	config   *config.Config
-	notifier *notifier.Notifier
-	receiver *receiver.Receiver
-}
-
-// NewMonitorService creates a new monitor service
-func NewMonitorService(storage storage.Storage, config *config.Config, notifier *notifier.Notifier, receiver *receiver.Receiver) *MonitorService {
-	return &MonitorService{
-		storage:  storage,
-		config:   config,
-		notifier: notifier,
-		receiver: receiver,
-	}
-}
-
-// FindServices loads all enabled services from storage and initializes monitoring
-func (m *MonitorService) FindServices(ctx context.Context, params storage.FindServicesParams) (dbutils.FindResponseWithCount[*storage.Service], error) {
-	return m.storage.FindServices(ctx, params)
-}
-
-// CreateService adds a new service and starts monitoring it
-func (m *MonitorService) CreateService(ctx context.Context, params storage.CreateUpdateServiceRequest) (*storage.Service, error) {
-	if len(params.Tags) > 0 {
-		slices.Sort(params.Tags)
-	}
-
-	// Save to storage
-	svc, err := m.storage.CreateService(ctx, params)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create service: %w", err)
-	}
-
-	m.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-		receiver.TriggerServiceEventTypeCreated,
-		svc,
-	))
-
-	return svc, nil
-}
-
-// UpdateService updates an existing service
-func (m *MonitorService) UpdateService(ctx context.Context, id string, params storage.CreateUpdateServiceRequest) (*storage.Service, error) {
-	if len(params.Tags) > 0 {
-		slices.Sort(params.Tags)
-	}
-
-	// Update in storage
-	svc, err := m.storage.UpdateService(ctx, id, params)
-	if err != nil {
-		return nil, fmt.Errorf("failed to update service: %w", err)
-	}
-
-	m.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-		receiver.TriggerServiceEventTypeUpdated,
-		svc,
-	))
-
-	return svc, nil
-}
-
-// DeleteService removes a service and stops monitoring it
-func (m *MonitorService) DeleteService(ctx context.Context, id string) error {
-	// Get service to find name for scheduler cleanup
-	svc, err := m.storage.GetServiceByID(ctx, id)
-	if err != nil {
-		return fmt.Errorf("failed to get service: %w", err)
-	}
-
-	m.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-		receiver.TriggerServiceEventTypeDeleted,
-		svc,
-	))
-
-	// Delete from storage
-	if err := m.storage.DeleteService(ctx, id); err != nil {
-		return fmt.Errorf("failed to delete service: %w", err)
-	}
-
-	return nil
-}
-
-// GetServiceByID gets a service by ID
-func (m *MonitorService) GetServiceByID(ctx context.Context, id string) (*storage.Service, error) {
-	return m.storage.GetServiceByID(ctx, id)
-}
-
-// RecordSuccess records a successful check for a service
-func (m *MonitorService) RecordSuccess(ctx context.Context, serviceID string, responseTime time.Duration) error {
-	// Get current service from database
-	service, err := m.storage.GetServiceByID(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("service %s not found in database: %w", serviceID, err)
-	}
-
-	// Get current service state
-	serviceState, err := m.storage.GetServiceState(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to get service state: %w", err)
-	}
-
-	// Update state
-	now := time.Now()
-	serviceState.Status = storage.StatusUp
-	serviceState.LastCheck = &now
-	serviceState.ResponseTimeNS = utils.Pointer(responseTime.Nanoseconds())
-	serviceState.ConsecutiveFails = 0
-	serviceState.ConsecutiveSuccess++
-	serviceState.TotalChecks++
-	serviceState.LastError = nil
-
-	// Save to database
-	if err := m.storage.UpdateServiceState(ctx, serviceState); err != nil {
-		return fmt.Errorf("failed to update service state for %s: %w", service.Name, err)
-	}
-
-	// Resolve any active incidents
-	if err := m.resolveActiveIncidents(ctx, serviceID); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RecordFailure records a failed check for a service
-func (m *MonitorService) RecordFailure(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error {
-	// Get current service from database
-	service, err := m.storage.GetServiceByID(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("service %s not found in database: %w", serviceID, err)
-	}
-
-	// Get current service state
-	serviceState, err := m.storage.GetServiceState(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to get service state: %w", err)
-	}
-
-	// Update state
-	now := time.Now()
-	wasUp := serviceState.Status == storage.StatusUp || serviceState.Status == storage.StatusUnknown
-
-	serviceState.Status = storage.StatusDown
-	serviceState.LastCheck = &now
-	serviceState.ResponseTimeNS = &[]int64{responseTime.Nanoseconds()}[0]
-	serviceState.ConsecutiveFails++
-	serviceState.ConsecutiveSuccess = 0
-	serviceState.TotalChecks++
-	serviceState.LastError = utils.Pointer(checkErr.Error())
-
-	// Save to database
-	if err := m.storage.UpdateServiceState(ctx, serviceState); err != nil {
-		return fmt.Errorf("failed to update service state for %s: %w", service.Name, err)
-	}
-
-	// Create incident if service was up before
-	if wasUp {
-		if err := m.createIncident(ctx, service, checkErr); err != nil {
-			return fmt.Errorf("failed to create incident: %w", err)
-		}
-	}
-
-	return nil
-}
-
-// createIncident creates a new incident when a service goes down
-func (m *MonitorService) createIncident(ctx context.Context, svc *storage.Service, err error) error {
-	incident := &storage.Incident{
-		ID:        storage.GenerateULID(),
-		ServiceID: svc.ID,
-		StartTime: time.Now(),
-		Error:     err.Error(),
-		Resolved:  false,
-	}
-
-	// Save incident to storage
-	if err := m.storage.SaveIncident(ctx, incident); err != nil {
-		return fmt.Errorf("failed to save incident for %s: %w", svc.Name, err)
-	}
-
-	// Send alert notification
-	if m.notifier != nil {
-		if err := m.notifier.SendAlert(svc, incident); err != nil {
-			err := fmt.Errorf("failed to send alert notification for %s: %w", svc.Name, err)
-			log.Println(err)
-			return nil
-		}
-	}
-
-	return nil
-}
-
-// resolveActiveIncidents resolves the active incident when a service recovers
-func (m *MonitorService) resolveActiveIncidents(ctx context.Context, serviceID string) error {
-	// Get service
-	svc, err := m.storage.GetServiceByID(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to get service: %w", err)
-	}
-
-	// Resolve all active incidents for this service
-	incidents, err := m.storage.ResolveAllIncidents(ctx, serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to resolve incidents: %w", err)
-	}
-
-	for _, incident := range incidents {
-		// Send recovery notification
-		if m.notifier != nil {
-			if err := m.notifier.SendRecovery(svc, incident); err != nil {
-				err := fmt.Errorf("failed to send recovery notification for %s: %w", svc.Name, err)
-				log.Println(err)
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// DeleteIncident deletes a specific incident
-func (m *MonitorService) DeleteIncident(ctx context.Context, serviceID, incidentID string) error {
-	// Delete the incident
-	if err := m.storage.DeleteIncident(ctx, incidentID); err != nil {
-		return fmt.Errorf("failed to delete incident: %w", err)
-	}
-
-	return nil
-}
-
-// GetServiceStats gets statistics for a service
-func (m *MonitorService) GetServiceStats(ctx context.Context, serviceID string, since time.Time) (*storage.ServiceStats, error) {
-	params := storage.FindIncidentsParams{
-		ServiceID: serviceID,
-		StartTime: utils.Pointer(since),
-	}
-
-	return m.storage.GetServiceStats(ctx, params)
-}
-
-// TriggerCheck triggers a manual check for a service
-func (m *MonitorService) TriggerCheck(ctx context.Context, serviceID string) error {
-	// Get service to check if it exists
-	svc, err := m.GetServiceByID(ctx, serviceID)
-	if err != nil {
-		return err
-	}
-
-	m.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-		receiver.TriggerServiceEventTypeCheck,
-		svc,
-	))
-
-	return nil
-}
-
-// resolveAllActiveIncidents resolves all active incidents for a service
-func (m *MonitorService) resolveAllActiveIncidents(ctx context.Context, serviceID string) error {
-	return m.resolveActiveIncidents(ctx, serviceID)
-}
-
-// ForceResolveIncidents manually resolves all active incidents for a service
-func (m *MonitorService) ForceResolveIncidents(ctx context.Context, serviceID string) error {
-	return m.resolveAllActiveIncidents(ctx, serviceID)
-}
-
-// CheckService performs a health check on a service
-func (m *MonitorService) CheckService(ctx context.Context, service *storage.Service) error {
-	// Get current service state
-	serviceState, err := m.storage.GetServiceState(ctx, service.ID)
-	if err != nil {
-		return fmt.Errorf("failed to get service state: %w", err)
-	}
-
-	// Initialize state if not exists
-	if serviceState == nil {
-		serviceState = &storage.ServiceStateRecord{
-			ID:                 storage.GenerateULID(),
-			ServiceID:          service.ID,
-			Status:             storage.StatusUnknown,
-			ConsecutiveFails:   0,
-			ConsecutiveSuccess: 0,
-			TotalChecks:        0,
-		}
-	}
-
-	// Perform the check (simplified - just record success/failure)
-	startTime := time.Now()
-	responseTime := time.Since(startTime)
-	now := time.Now()
-
-	// For now, just record success (this should be replaced with actual check logic)
-	wasDown := serviceState.Status == storage.StatusDown
-
-	serviceState.Status = storage.StatusUp
-	serviceState.LastCheck = &now
-	serviceState.ResponseTimeNS = &[]int64{responseTime.Nanoseconds()}[0]
-	serviceState.ConsecutiveFails = 0
-	serviceState.ConsecutiveSuccess++
-	serviceState.TotalChecks++
-	serviceState.LastError = nil
-
-	// Resolve incident if service was down before
-	if wasDown {
-		if err := m.resolveActiveIncidents(ctx, service.ID); err != nil {
-			return fmt.Errorf("failed to resolve incident: %w", err)
-		}
-	}
-
-	// Update service state
-	if err := m.storage.UpdateServiceState(ctx, serviceState); err != nil {
-		return fmt.Errorf("failed to update service state: %w", err)
-	}
-
-	return nil
-}
diff --git a/internal/monitors/config.go b/internal/monitors/config.go
index c292e0b..2308015 100644
--- a/internal/monitors/config.go
+++ b/internal/monitors/config.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	"github.com/go-playground/validator/v10"
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 )
 
 type Config struct {
@@ -15,12 +15,12 @@ type Config struct {
 }
 
 // convertFlatConfigToMonitorConfig converts JSON config object to proper MonitorConfig structure
-func (s *Config) Validate(protocol storage.ServiceProtocolType) error {
+func (s *Config) Validate(protocol models.ServiceProtocolType) error {
 	v := validator.New(validator.WithRequiredStructEnabled())
 
 	// Validate and convert based on protocol
 	switch protocol {
-	case storage.ServiceProtocolTypeHTTP:
+	case models.ServiceProtocolTypeHTTP:
 		if s.HTTP == nil {
 			return fmt.Errorf("HTTP config is required for HTTP protocol")
 		}
@@ -31,7 +31,7 @@ func (s *Config) Validate(protocol storage.ServiceProtocolType) error {
 		}
 
 		return nil
-	case storage.ServiceProtocolTypeTCP:
+	case models.ServiceProtocolTypeTCP:
 		if s.TCP == nil {
 			return fmt.Errorf("TCP config is required for TCP protocol")
 		}
@@ -42,7 +42,7 @@ func (s *Config) Validate(protocol storage.ServiceProtocolType) error {
 		}
 
 		return nil
-	case storage.ServiceProtocolTypeGRPC:
+	case models.ServiceProtocolTypeGRPC:
 		if s.GRPC == nil {
 			return fmt.Errorf("gRPC config is required for gRPC protocol")
 		}
@@ -58,7 +58,7 @@ func (s *Config) Validate(protocol storage.ServiceProtocolType) error {
 	}
 }
 
-func GetConfig[T any](cfg map[string]any, protocol storage.ServiceProtocolType) (T, error) {
+func GetConfig[T any](cfg map[string]any, protocol models.ServiceProtocolType) (T, error) {
 	var c T
 
 	if cfg == nil {
@@ -83,12 +83,20 @@ func GetConfig[T any](cfg map[string]any, protocol storage.ServiceProtocolType)
 // ConvertToMap converts the config to a map[string]any
 func (c *Config) ConvertToMap() map[string]any {
 	return map[string]any{
-		string(storage.ServiceProtocolTypeHTTP): c.HTTP,
-		string(storage.ServiceProtocolTypeTCP):  c.TCP,
-		string(storage.ServiceProtocolTypeGRPC): c.GRPC,
+		string(models.ServiceProtocolTypeHTTP): c.HTTP,
+		string(models.ServiceProtocolTypeTCP):  c.TCP,
+		string(models.ServiceProtocolTypeGRPC): c.GRPC,
 	}
 }
 
+func (c *Config) ConvertToJSONRawMessage() (json.RawMessage, error) {
+	data, err := json.Marshal(c.ConvertToMap())
+	if err != nil {
+		return nil, err
+	}
+	return json.RawMessage(data), nil
+}
+
 // ConvertFromMap converts a map[string]any to Config
 func ConvertFromMap(cfg map[string]any) (Config, error) {
 	conf := Config{}
diff --git a/internal/monitors/grpc.go b/internal/monitors/grpc.go
index d3af8d9..4aef585 100644
--- a/internal/monitors/grpc.go
+++ b/internal/monitors/grpc.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
@@ -25,18 +25,18 @@ type GRPCConfig struct {
 
 // GRPCMonitor monitors gRPC services
 type GRPCMonitor struct {
-	BaseMonitor
+	baseMonitor
 	conf GRPCConfig
 	conn *grpc.ClientConn
 }
 
-// NewGRPCMonitor creates a new gRPC monitor
-func NewGRPCMonitor(cfg storage.Service) (*GRPCMonitor, error) {
+// newGRPCMonitor creates a new gRPC monitor
+func newGRPCMonitor(params MonitorParams) (*GRPCMonitor, error) {
 	monitor := &GRPCMonitor{
-		BaseMonitor: NewBaseMonitor(cfg),
+		baseMonitor: newBaseMonitor(params.ServiceName, params.Protocol, params.Timeout),
 	}
 
-	conf, err := GetConfig[GRPCConfig](cfg.Config, storage.ServiceProtocolTypeGRPC)
+	conf, err := GetConfig[GRPCConfig](params.Config, models.ServiceProtocolTypeGRPC)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get gRPC config: %w", err)
 	}
diff --git a/internal/monitors/http.go b/internal/monitors/http.go
index 0ae3a64..3d3a858 100644
--- a/internal/monitors/http.go
+++ b/internal/monitors/http.go
@@ -11,12 +11,11 @@ import (
 	"time"
 
 	"github.com/dop251/goja"
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 )
 
 // HTTPConfig represents configuration for HTTP monitoring
 type HTTPConfig struct {
-	Timeout   uint64           `json:"timeout" swaggertype:"primitive,integer" example:"30000"`
 	Endpoints []EndpointConfig `json:"endpoints" validate:"required,min=1,dive"`
 	Condition string           `json:"condition"`
 }
@@ -34,8 +33,8 @@ type EndpointConfig struct {
 	Password       string            `json:"password"`  // Basic Auth password
 }
 
-// EndpointResult represents result from a single endpoint
-type EndpointResult struct {
+// endpointResult represents result from a single endpoint
+type endpointResult struct {
 	Name     string        `json:"name"`
 	URL      string        `json:"url"`
 	Success  bool          `json:"success"`
@@ -47,22 +46,20 @@ type EndpointResult struct {
 
 // HTTPMonitor monitors HTTP/HTTPS endpoints
 type HTTPMonitor struct {
-	BaseMonitor
-	conf    HTTPConfig
-	retries int
+	baseMonitor
+	conf HTTPConfig
 }
 
-// NewHTTPMonitor creates a new HTTP monitor
-func NewHTTPMonitor(cfg storage.Service) (*HTTPMonitor, error) {
-	conf, err := GetConfig[HTTPConfig](cfg.Config, storage.ServiceProtocolTypeHTTP)
+// newHTTPMonitor creates a new HTTP monitor
+func newHTTPMonitor(params MonitorParams) (*HTTPMonitor, error) {
+	conf, err := GetConfig[HTTPConfig](params.Config, models.ServiceProtocolTypeHTTP)
 	if err != nil {
 		return nil, fmt.Errorf("HTTP config not found")
 	}
 
 	monitor := &HTTPMonitor{
-		BaseMonitor: NewBaseMonitor(cfg),
+		baseMonitor: newBaseMonitor(params.ServiceName, params.Protocol, params.Timeout),
 		conf:        conf,
-		retries:     cfg.Retries,
 	}
 
 	return monitor, nil
@@ -81,22 +78,22 @@ func (h *HTTPMonitor) Close() error {
 // checkEndpoints performs health checks on multiple endpoints and evaluates conditions
 func (h *HTTPMonitor) checkEndpoints(ctx context.Context) error {
 	config := h.conf.Endpoints
-	results := make([]EndpointResult, 0, len(config))
+	results := make([]endpointResult, 0, len(config))
 
 	// Check all endpoints concurrently
-	type endpointResult struct {
-		result EndpointResult
+	type checkResult struct {
+		result endpointResult
 		index  int
 	}
 
-	resultChan := make(chan endpointResult, len(config))
+	resultChan := make(chan checkResult, len(config))
 
 	// Start all endpoint checks
 	for i, endpoint := range config {
 		go func(ep EndpointConfig, idx int) {
 			result := h.checkEndpoint(ctx, ep)
 			select {
-			case resultChan <- endpointResult{result: result, index: idx}:
+			case resultChan <- checkResult{result: result, index: idx}:
 			case <-ctx.Done():
 				// Context cancelled, don't block on channel send
 			}
@@ -142,15 +139,15 @@ func (h *HTTPMonitor) checkEndpoints(ctx context.Context) error {
 }
 
 // checkEndpoint performs a health check on a single endpoint
-func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig) EndpointResult {
+func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig) endpointResult {
 	start := time.Now()
 
 	client := &http.Client{}
-	client.Timeout = h.config.Timeout
+	client.Timeout = h.timeout
 
 	req, err := http.NewRequestWithContext(ctx, endpoint.Method, endpoint.URL, strings.NewReader(endpoint.Body))
 	if err != nil {
-		return EndpointResult{
+		return endpointResult{
 			Name:     endpoint.Name,
 			URL:      endpoint.URL,
 			Success:  false,
@@ -178,7 +175,7 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 	duration := time.Since(start)
 
 	if err != nil {
-		return EndpointResult{
+		return endpointResult{
 			Name:     endpoint.Name,
 			URL:      endpoint.URL,
 			Success:  false,
@@ -191,7 +188,7 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 	// Read response body
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return EndpointResult{
+		return endpointResult{
 			Name:     endpoint.Name,
 			URL:      endpoint.URL,
 			Success:  false,
@@ -201,7 +198,7 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 	}
 
 	if endpoint.ExpectedStatus != 0 && resp.StatusCode != endpoint.ExpectedStatus {
-		return EndpointResult{
+		return endpointResult{
 			Name:     endpoint.Name,
 			URL:      endpoint.URL,
 			Success:  false,
@@ -216,7 +213,7 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 	if endpoint.JSONPath != "" {
 		value, err = extractValueFromJSON(body, endpoint.JSONPath)
 		if err != nil {
-			return EndpointResult{
+			return endpointResult{
 				Name:     endpoint.Name,
 				URL:      endpoint.URL,
 				Success:  false,
@@ -227,7 +224,7 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 		}
 	}
 
-	return EndpointResult{
+	return endpointResult{
 		Name:     endpoint.Name,
 		URL:      endpoint.URL,
 		Success:  true,
@@ -238,8 +235,8 @@ func (h *HTTPMonitor) checkEndpoint(ctx context.Context, endpoint EndpointConfig
 }
 
 // extractValueFromJSON extracts value from JSON response using JSONPath-like syntax
-func extractValueFromJSON(data []byte, path string) (interface{}, error) {
-	var jsonData interface{}
+func extractValueFromJSON(data []byte, path string) (any, error) {
+	var jsonData any
 	if err := json.Unmarshal(data, &jsonData); err != nil {
 		return nil, fmt.Errorf("failed to parse JSON: %w", err)
 	}
@@ -254,13 +251,13 @@ func extractValueFromJSON(data []byte, path string) (interface{}, error) {
 
 	for _, part := range parts {
 		switch v := current.(type) {
-		case map[string]interface{}:
+		case map[string]any:
 			if val, exists := v[part]; exists {
 				current = val
 			} else {
 				return nil, fmt.Errorf("path not found: %s", path)
 			}
-		case []interface{}:
+		case []any:
 			// Handle array indexing like "items.0.name"
 			if idx, err := parseInt(part); err == nil && idx >= 0 && idx < len(v) {
 				current = v[idx]
@@ -283,9 +280,7 @@ func parseInt(s string) (int, error) {
 }
 
 // evaluateCondition evaluates JavaScript condition with endpoint results
-func evaluateCondition(condition string, results []EndpointResult) (bool, error) {
-	vm := goja.New()
-
+func evaluateCondition(condition string, results []endpointResult) (bool, error) {
 	// Create results object for JavaScript
 	resultsObj := make(map[string]any)
 	for _, result := range results {
@@ -298,6 +293,8 @@ func evaluateCondition(condition string, results []EndpointResult) (bool, error)
 		}
 	}
 
+	vm := goja.New()
+
 	// Set global variables
 	vm.Set("results", resultsObj)
 	vm.Set("console", map[string]any{
diff --git a/internal/monitors/monitor.go b/internal/monitors/monitor.go
index f19bb5b..3a39a5e 100644
--- a/internal/monitors/monitor.go
+++ b/internal/monitors/monitor.go
@@ -4,57 +4,49 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"time"
 
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 )
 
 // ServiceMonitor defines the interface for all service monitors
 type ServiceMonitor interface {
 	io.Closer
-
-	Name() string
-	Protocol() storage.ServiceProtocolType
 	Check(ctx context.Context) error
-	Config() storage.Service
+}
+
+type MonitorParams struct {
+	ServiceName string
+	Protocol    models.ServiceProtocolType
+	Timeout     time.Duration
+	Config      map[string]any
 }
 
 // NewMonitor creates a new monitor based on the service configuration
-func NewMonitor(cfg storage.Service) (ServiceMonitor, error) {
-	switch cfg.Protocol {
-	case storage.ServiceProtocolTypeHTTP:
-		return NewHTTPMonitor(cfg)
-	case storage.ServiceProtocolTypeTCP:
-		return NewTCPMonitor(cfg)
-	case storage.ServiceProtocolTypeGRPC:
-		return NewGRPCMonitor(cfg)
+func NewMonitor(params MonitorParams) (ServiceMonitor, error) {
+	switch params.Protocol {
+	case models.ServiceProtocolTypeHTTP:
+		return newHTTPMonitor(params)
+	case models.ServiceProtocolTypeTCP:
+		return newTCPMonitor(params)
+	case models.ServiceProtocolTypeGRPC:
+		return newGRPCMonitor(params)
 	default:
-		return nil, fmt.Errorf("unsupported protocol: %s", cfg.Protocol)
+		return nil, fmt.Errorf("unsupported protocol: %s", params.Protocol)
 	}
 }
 
-// BaseMonitor provides common functionality for all monitors
-type BaseMonitor struct {
+// baseMonitor provides common functionality for all monitors
+type baseMonitor struct {
 	name     string
-	protocol storage.ServiceProtocolType
-	config   storage.Service
+	protocol models.ServiceProtocolType
+	timeout  time.Duration
 }
 
-func NewBaseMonitor(cfg storage.Service) BaseMonitor {
-	return BaseMonitor{
-		name:     cfg.Name,
-		protocol: cfg.Protocol,
-		config:   cfg,
+func newBaseMonitor(name string, protocol models.ServiceProtocolType, timeout time.Duration) baseMonitor {
+	return baseMonitor{
+		name:     name,
+		protocol: protocol,
+		timeout:  timeout,
 	}
 }
-
-func (b *BaseMonitor) Name() string {
-	return b.name
-}
-
-func (b *BaseMonitor) Protocol() storage.ServiceProtocolType {
-	return b.protocol
-}
-
-func (b *BaseMonitor) Config() storage.Service {
-	return b.config
-}
diff --git a/internal/monitors/tcp.go b/internal/monitors/tcp.go
index b405450..2d8713a 100644
--- a/internal/monitors/tcp.go
+++ b/internal/monitors/tcp.go
@@ -8,7 +8,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 	"github.com/sxwebdev/sentinel/internal/utils"
 )
 
@@ -21,20 +21,19 @@ type TCPConfig struct {
 
 // TCPMonitor monitors TCP endpoints
 type TCPMonitor struct {
-	BaseMonitor
+	baseMonitor
 	conf TCPConfig
 }
 
-// NewTCPMonitor creates a new TCP monitor
-func NewTCPMonitor(svc storage.Service) (*TCPMonitor, error) {
-	// Extract TCP config
-	conf, err := GetConfig[TCPConfig](svc.Config, storage.ServiceProtocolTypeTCP)
+// newTCPMonitor creates a new TCP monitor
+func newTCPMonitor(params MonitorParams) (*TCPMonitor, error) {
+	conf, err := GetConfig[TCPConfig](params.Config, models.ServiceProtocolTypeTCP)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get TCP config: %w", err)
 	}
 
 	monitor := &TCPMonitor{
-		BaseMonitor: NewBaseMonitor(svc),
+		baseMonitor: newBaseMonitor(params.ServiceName, params.Protocol, params.Timeout),
 		conf:        conf,
 	}
 
@@ -49,7 +48,7 @@ func (t *TCPMonitor) Check(ctx context.Context) error {
 	}
 	endpoint := t.conf.Endpoint
 
-	timeout := t.config.Timeout
+	timeout := t.timeout
 	if timeout <= 0 {
 		timeout = 5 * time.Second
 	}
diff --git a/internal/notifier/shoutrrr.go b/internal/notifier/shoutrrr.go
deleted file mode 100644
index 3e457d1..0000000
--- a/internal/notifier/shoutrrr.go
+++ /dev/null
@@ -1,347 +0,0 @@
-package notifier
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/containrrr/shoutrrr"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/tkcrm/mx/logger"
-)
-
-// notificationRequest represents a single notification request
-type notificationRequest struct {
-	Message   string
-	CreatedAt time.Time
-}
-
-type Notifier struct {
-	logger    logger.Logger
-	urls      []string
-	queue     chan *notificationRequest
-	done      chan struct{}
-	wg        sync.WaitGroup
-	mu        sync.RWMutex
-	isStarted bool
-	name      string
-}
-
-// New creates a new Notifier instance as a service
-func New(l logger.Logger, urls []string) (*Notifier, error) {
-	if len(urls) == 0 {
-		return nil, fmt.Errorf("no notification URLs provided")
-	}
-
-	notifier := &Notifier{
-		logger: l,
-		urls:   urls,
-		queue:  make(chan *notificationRequest, 500), // buffer for 500 notifications
-		done:   make(chan struct{}),
-		name:   "NotificationService",
-	}
-
-	return notifier, nil
-}
-
-// Name returns the service name
-func (s *Notifier) Name() string { return s.name }
-
-// Start starts the notification service
-func (s *Notifier) Start(ctx context.Context) error {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	if s.isStarted {
-		return fmt.Errorf("notification service already started")
-	}
-
-	s.isStarted = true
-	s.wg.Add(1)
-
-	go func() {
-		defer s.wg.Done()
-		s.processQueue()
-	}()
-
-	return nil
-}
-
-// Stop stops the notification service
-func (s *Notifier) Stop(ctx context.Context) error {
-	s.mu.Lock()
-	if !s.isStarted {
-		s.mu.Unlock()
-		return nil
-	}
-	s.mu.Unlock()
-
-	// Close the done channel to signal stop
-	close(s.done)
-
-	// Wait for completion with timeout from context
-	done := make(chan struct{})
-	go func() {
-		s.wg.Wait()
-		close(done)
-	}()
-
-	select {
-	case <-done:
-		// All goroutines completed
-	case <-ctx.Done():
-		// Timeout - force termination
-		return fmt.Errorf("notification service stop timeout: %w", ctx.Err())
-	}
-
-	s.mu.Lock()
-	s.isStarted = false
-	s.mu.Unlock()
-
-	return nil
-}
-
-// processQueue processes the notification queue with 500ms delay
-func (s *Notifier) processQueue() {
-	ticker := time.NewTicker(500 * time.Millisecond)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-s.done:
-			// Process remaining notifications in queue before exit
-			for {
-				select {
-				case req := <-s.queue:
-					s.processNotification(req)
-				default:
-					return
-				}
-			}
-
-		case <-ticker.C:
-			// Check queue every 500ms
-			select {
-			case req := <-s.queue:
-				s.processNotification(req)
-			default:
-				// Queue is empty, continue
-			}
-		}
-	}
-}
-
-// processNotification processes a single notification with simple retry
-func (s *Notifier) processNotification(req *notificationRequest) {
-	err := s.sendMessageSync(req.Message)
-
-	if err != nil {
-		s.logger.Errorf("failed to send notification: %v", err)
-
-		// Put back in queue for retry
-		s.queue <- req
-	} else {
-		s.logger.Info("notification sent successfully")
-	}
-}
-
-// SendAlert sends an alert notification when a service goes down
-func (s *Notifier) SendAlert(service *storage.Service, incident *storage.Incident) error {
-	s.mu.RLock()
-	if !s.isStarted {
-		s.mu.RUnlock()
-		return fmt.Errorf("notification service is not started")
-	}
-	s.mu.RUnlock()
-
-	message := s.formatAlertMessage(service, incident)
-	return s.enqueueMessage(message)
-}
-
-// SendRecovery sends a recovery notification when a service comes back up
-func (s *Notifier) SendRecovery(service *storage.Service, incident *storage.Incident) error {
-	s.mu.RLock()
-	if !s.isStarted {
-		s.mu.RUnlock()
-		return fmt.Errorf("notification service is not started")
-	}
-	s.mu.RUnlock()
-
-	message := s.formatRecoveryMessage(service, incident)
-	return s.enqueueMessage(message)
-}
-
-// enqueueMessage adds a message to the queue for sending
-func (s *Notifier) enqueueMessage(message string) error {
-	req := &notificationRequest{
-		Message:   message,
-		CreatedAt: time.Now(),
-	}
-
-	select {
-	case s.queue <- req:
-		return nil
-	default:
-		return fmt.Errorf("notification queue is full")
-	}
-}
-
-// sendMessageSync sends a message to all configured providers synchronously
-// If one provider fails, it continues with others and returns partial errors
-func (s *Notifier) sendMessageSync(message string) error {
-	// Send to all providers concurrently
-	var wg sync.WaitGroup
-	errors := make(chan error, len(s.urls))
-
-	for i, url := range s.urls {
-		wg.Add(1)
-		go func(index int, providerURL string) {
-			defer wg.Done()
-
-			// Create individual sender for this provider
-			sender, err := shoutrrr.CreateSender(providerURL)
-			if err != nil {
-				errors <- fmt.Errorf("provider %d: failed to create sender: %w", index, err)
-				return
-			}
-
-			providerName, _, err := sender.ExtractServiceName(providerURL)
-			if err != nil {
-				errors <- fmt.Errorf("provider %d: failed to extract service name: %w", index, err)
-				return
-			}
-
-			// Send message with timeout
-			timeoutCtx, timeoutCancel := context.WithTimeout(context.Background(), 30*time.Second)
-			defer timeoutCancel()
-
-			done := make(chan []error, 1)
-			go func() {
-				defer func() {
-					if r := recover(); r != nil {
-						errors <- fmt.Errorf("provider %s: panic during send: %v", providerName, r)
-					}
-				}()
-				done <- sender.Send(message, nil)
-			}()
-
-			select {
-			case errs := <-done:
-				// Check if there are any actual errors (not nil)
-				hasErrors := false
-				for _, err := range errs {
-					if err != nil {
-						hasErrors = true
-						break
-					}
-				}
-
-				if hasErrors {
-					errors <- fmt.Errorf("provider %s: failed to send: %v", providerName, errs)
-				}
-			case <-timeoutCtx.Done():
-				errors <- fmt.Errorf("provider %s: timeout", providerName)
-				// Note: The goroutine with sender.Send() might still be running,
-				// but we can't force-kill it. This is a limitation of the shoutrrr library.
-			}
-		}(i, url)
-	}
-
-	wg.Wait()
-	close(errors)
-
-	// Collect all errors
-	var allErrors []error
-	for err := range errors {
-		allErrors = append(allErrors, err)
-	}
-
-	// If all providers failed, return an error
-	if len(allErrors) == len(s.urls) {
-		return fmt.Errorf("all notification providers failed: %v", allErrors)
-	}
-
-	// If some providers failed, return partial error
-	if len(allErrors) > 0 {
-		return fmt.Errorf("some notification providers failed (%d/%d): %v", len(allErrors), len(s.urls), allErrors)
-	}
-
-	return nil
-}
-
-// formatAlertMessage formats an alert message
-func (s *Notifier) formatAlertMessage(service *storage.Service, incident *storage.Incident) string {
-	tags := "-"
-	if len(service.Tags) > 0 {
-		tags = strings.Join(service.Tags, ", ")
-	}
-
-	return fmt.Sprintf(
-		"🔴 [ALERT] %s is DOWN\n\n"+
-			"• Service: %s\n"+
-			"• Tags: %s\n"+
-			"• Error: %s\n"+
-			"• Started: %s\n"+
-			"• Incident ID: %s",
-		service.Name,
-		service.Name,
-		tags,
-		incident.Error,
-		incident.StartTime.Format("2006-01-02 15:04:05"),
-		incident.ID,
-	)
-}
-
-// formatRecoveryMessage formats a recovery message
-func (s *Notifier) formatRecoveryMessage(service *storage.Service, incident *storage.Incident) string {
-	var duration string
-	if incident.Duration != nil {
-		duration = formatDuration(*incident.Duration)
-	} else {
-		duration = formatDuration(time.Since(incident.StartTime))
-	}
-
-	var endTime string
-	if incident.EndTime != nil {
-		endTime = incident.EndTime.Format("2006-01-02 15:04:05")
-	} else {
-		endTime = time.Now().Format("2006-01-02 15:04:05")
-	}
-
-	tags := "-"
-	if len(service.Tags) > 0 {
-		tags = strings.Join(service.Tags, ", ")
-	}
-
-	return fmt.Sprintf(
-		"🟢 [RECOVERY] %s is UP\n\n"+
-			"• Service: %s\n"+
-			"• Tags: %s\n"+
-			"• Downtime: %s\n"+
-			"• Recovered: %s\n"+
-			"• Incident ID: %s",
-		service.Name,
-		service.Name,
-		tags,
-		duration,
-		endTime,
-		incident.ID,
-	)
-}
-
-// formatDuration formats a duration in a human-readable way
-func formatDuration(d time.Duration) string {
-	if d < time.Minute {
-		return fmt.Sprintf("%ds", int(d.Seconds()))
-	}
-	if d < time.Hour {
-		minutes := int(d.Minutes())
-		seconds := int(d.Seconds()) % 60
-		return fmt.Sprintf("%dm %ds", minutes, seconds)
-	}
-	hours := int(d.Hours())
-	minutes := int(d.Minutes()) % 60
-	return fmt.Sprintf("%dh %dm", hours, minutes)
-}
diff --git a/internal/receiver/receiver.go b/internal/receiver/receiver.go
index 16fd89e..596b864 100644
--- a/internal/receiver/receiver.go
+++ b/internal/receiver/receiver.go
@@ -3,7 +3,7 @@ package receiver
 import (
 	"context"
 
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/models"
 	"github.com/sxwebdev/sentinel/pkg/broker"
 )
 
@@ -38,12 +38,12 @@ func (e TriggerServiceEventType) String() string {
 
 type TriggerServiceData struct {
 	EventType TriggerServiceEventType
-	Svc       *storage.Service
+	Svc       *models.ServiceFullView
 }
 
 func NewTriggerServiceData(
 	eventType TriggerServiceEventType,
-	svc *storage.Service,
+	svc *models.ServiceFullView,
 ) *TriggerServiceData {
 	return &TriggerServiceData{
 		EventType: eventType,
diff --git a/internal/scheduler/scheduler.go b/internal/scheduler/scheduler.go
index 3e3d090..73b559a 100644
--- a/internal/scheduler/scheduler.go
+++ b/internal/scheduler/scheduler.go
@@ -2,61 +2,50 @@ package scheduler
 
 import (
 	"context"
-	"errors"
-	"fmt"
-	"sync"
-	"sync/atomic"
 	"time"
 
-	"github.com/puzpuzpuz/xsync/v3"
-	"github.com/sxwebdev/sentinel/internal/monitor"
-	"github.com/sxwebdev/sentinel/internal/monitors"
+	"github.com/sxwebdev/sentinel/internal/alertresolver"
+	"github.com/sxwebdev/sentinel/internal/checker"
 	"github.com/sxwebdev/sentinel/internal/receiver"
-	"github.com/sxwebdev/sentinel/internal/storage"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
 	"github.com/tkcrm/mx/logger"
 )
 
-// ErrServiceNotFound is returned when a service is not found
-var ErrServiceNotFound = fmt.Errorf("service not found")
-
 // Scheduler manages the monitoring of multiple services
 type Scheduler struct {
 	logger logger.Logger
 
-	receiver   *receiver.Receiver
-	monitorSvc *monitor.MonitorService
-
-	jobs *xsync.MapOf[string, *job]
-	wg   sync.WaitGroup
-}
+	checker *checker.Checker
 
-// job represents a scheduled monitoring job for a service
-type job struct {
-	serviceID   string
-	serviceName string
-	interval    time.Duration
-	timeout     time.Duration
-	retries     int
-	ticker      *time.Ticker
-	stopChan    chan struct{}
-	inProgress  atomic.Bool
-	// Context and cancel function for canceling ongoing checks
-	checkCtx    context.Context
-	checkCancel context.CancelFunc
+	receiver     *receiver.Receiver
+	baseservices *baseservices.BaseServices
+	ar           *alertresolver.AlertResolver
 }
 
 // New creates a new scheduler
 func New(
 	l logger.Logger,
-	monitorService *monitor.MonitorService,
 	receiver *receiver.Receiver,
+	baseServices *baseservices.BaseServices,
+	ar *alertresolver.AlertResolver,
 ) *Scheduler {
-	return &Scheduler{
-		logger:     l,
-		monitorSvc: monitorService,
-		receiver:   receiver,
-		jobs:       xsync.NewMapOf[string, *job](),
+	s := &Scheduler{
+		logger:       l,
+		receiver:     receiver,
+		baseservices: baseServices,
+		ar:           ar,
 	}
+
+	s.checker = checker.New(
+		l,
+		receiver,
+		s.onSuccess,
+		s.onFailure,
+	)
+
+	s.checker.SetIsHub(true)
+
+	return s
 }
 
 // Name returns the name of the scheduler
@@ -65,341 +54,75 @@ func (s *Scheduler) Name() string { return "scheduler" }
 // Start begins monitoring all configured services
 func (s *Scheduler) Start(ctx context.Context) error {
 	// Load enabled services from storage
-	isEnabled := true
-	services, err := s.monitorSvc.FindServices(ctx, storage.FindServicesParams{
-		IsEnabled: &isEnabled,
-	})
-	if err != nil {
-		return fmt.Errorf("failed to load services: %w", err)
-	}
-
-	// Get all services under read lock
-	for _, svc := range services.Items {
-		s.addService(ctx, svc)
-	}
-
-	errChan := make(chan error, 1)
-	go func() {
-		errChan <- s.subscribeEvents(ctx)
-	}()
-
-	select {
-	case err := <-errChan:
-		return err
-	case <-ctx.Done():
-	}
+	// services, err := s.baseservices.Services().GetAllEnabledWithoutAgents(ctx)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to load services: %w", err)
+	// }
+
+	// s.logger.Infof("starting scheduler with %d enabled services", len(services))
+
+	// // Get all services under read lock
+	// for _, svc := range services {
+	// 	s.checker.AddService(ctx, checker.AddServiceParams{
+	// 		ID:        svc.ID,
+	// 		Name:      svc.Name,
+	// 		Protocol:  svc.Protocol,
+	// 		IsEnabled: svc.IsEnabled,
+	// 		Interval:  time.Duration(svc.Interval) * time.Millisecond,
+	// 		Timeout:   time.Duration(svc.Timeout) * time.Millisecond,
+	// 		Retries:   svc.Retries,
+	// 		Config:    svc.Config.ConvertToMap(),
+	// 		FromHub:   true,
+	// 	})
+	// }
+
+	// return s.checker.Start(ctx)
 
 	return nil
 }
 
 func (s *Scheduler) Stop(ctx context.Context) error {
-	s.stopAll()
-	s.wg.Wait()
-	return nil
-}
-
-// stopAll stops monitoring for all services
-func (s *Scheduler) stopAll() {
-	s.jobs.Range(func(key string, value *job) bool {
-		// Cancel any ongoing checks
-		if value.checkCancel != nil {
-			value.checkCancel()
-		}
-
-		select {
-		case <-value.stopChan:
-			// Channel already closed
-		default:
-			close(value.stopChan)
-		}
-		if value.ticker != nil {
-			value.ticker.Stop()
-		}
-		return true
-	})
-}
-
-// addService adds a service to be monitored
-func (s *Scheduler) addService(ctx context.Context, svc *storage.Service) {
-	// Only add enabled services to monitoring
-	if !svc.IsEnabled {
-		s.logger.Warnf("Skipping disabled service: %s (ID: %s)", svc.Name, svc.ID)
-		return
-	}
-
-	// Create new service job with minimal info
-	checkCtx, checkCancel := context.WithCancel(ctx)
-	job := &job{
-		serviceID:   svc.ID,
-		serviceName: svc.Name,
-		interval:    svc.Interval,
-		timeout:     svc.Timeout,
-		retries:     svc.Retries,
-		stopChan:    make(chan struct{}),
-		checkCtx:    checkCtx,
-		checkCancel: checkCancel,
-	}
-
-	s.addJob(ctx, job)
-}
-
-// addJob adds a new job to the scheduler
-func (s *Scheduler) addJob(ctx context.Context, job *job) {
-	// Check if job already exists
-	if existingJob, exists := s.jobs.Load(job.serviceID); exists {
-		// Cancel any ongoing checks for the existing job
-		if existingJob.checkCancel != nil {
-			existingJob.checkCancel()
-		}
-
-		// Stop existing job gracefully
-		select {
-		case <-existingJob.stopChan:
-			// Channel already closed
-		default:
-			close(existingJob.stopChan)
-		}
-		if existingJob.ticker != nil {
-			existingJob.ticker.Stop()
-		}
-	}
-
-	// Store the new job
-	s.jobs.Store(job.serviceID, job)
-
-	// Start monitoring in a new goroutine
-	s.wg.Add(1)
-	go s.monitorService(ctx, job)
-}
-
-// monitorService runs the monitoring loop for a single service
-func (s *Scheduler) monitorService(ctx context.Context, job *job) {
-	defer s.wg.Done()
-
-	// Create ticker for regular checks
-	job.ticker = time.NewTicker(job.interval)
-	defer job.ticker.Stop()
-
-	// Perform initial check
-	if err := s.performCheck(job); err != nil {
-		s.logger.Errorf("Error performing initial check for service %s: %v", job.serviceName, err)
-		return
-	}
-
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case <-job.stopChan:
-			return
-		case <-job.ticker.C:
-			if err := s.performCheck(job); err != nil && !errors.Is(err, context.Canceled) {
-				s.logger.Errorf("error performing check for service %s: %v", job.serviceName, err)
-				continue
-			}
-		}
-	}
-}
-
-// performCheck executes a health check for a service
-func (s *Scheduler) performCheck(job *job) error {
-	if !job.inProgress.CompareAndSwap(false, true) {
-		// Another check is already in progress
-		return nil
-	}
-	defer job.inProgress.Store(false)
-
-	// Check if job context is cancelled (handles job updates/deletions)
-	if job.checkCtx.Err() != nil {
-		return job.checkCtx.Err()
-	}
-
-	serviceName := job.serviceName
-
-	// Get current service configuration from database
-	service, err := s.monitorSvc.GetServiceByID(job.checkCtx, job.serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to get service config for %s: %w", serviceName, err)
-	}
-
-	// Create monitor for this check
-	monitor, err := monitors.NewMonitor(*service)
-	if err != nil {
-		return fmt.Errorf("failed to create monitor for %s: %w", serviceName, err)
-	}
-
-	// Ensure monitor resources are cleaned up
-	defer func() {
-		if closer, ok := monitor.(interface{ Close() error }); ok {
-			if err := closer.Close(); err != nil {
-				s.logger.Errorf("Error closing monitor for %s: %v", serviceName, err)
-			}
-		}
-	}()
-
-	// Perform the check with retries
-	var lastErr error
-	var lastAttemptResponseTime time.Duration
-
-	for attempt := 1; attempt <= job.retries; attempt++ {
-		// Create context with timeout for this specific check
-		attemptCtx, cancel := context.WithTimeout(job.checkCtx, job.timeout)
-
-		// Measure time for this specific attempt
-		attemptStartTime := time.Now()
-		err := monitor.Check(attemptCtx)
-		attemptResponseTime := time.Since(attemptStartTime)
-		lastAttemptResponseTime = attemptResponseTime
-
-		// Cancel context immediately after use to avoid memory leak
-		cancel()
-
-		if err == nil {
-			// Success - record the time of this successful attempt
-			if err := s.monitorSvc.RecordSuccess(job.checkCtx, job.serviceID, attemptResponseTime); err != nil {
-				return fmt.Errorf("failed to record success for %s: %w", serviceName, err)
-			}
-
-			if attempt == 1 {
-				s.logger.Debugf("service %s check successful in %v", serviceName, attemptResponseTime)
-			} else {
-				s.logger.Debugf("service %s check successful (attempt %d/%d) in %v", serviceName, attempt, job.retries, attemptResponseTime)
-			}
-
-			service, err := s.monitorSvc.GetServiceByID(job.checkCtx, job.serviceID)
-			if err != nil {
-				return fmt.Errorf("failed to get service config for %s: %w", serviceName, err)
-			}
-
-			// Publish update to receiver
-			s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-				receiver.TriggerServiceEventTypeUpdatedState,
-				service,
-			))
-
-			return nil
-		}
-
-		lastErr = err
-
-		// If not the last attempt, wait a bit before retrying
-		if attempt < job.retries {
-			// Check if job context is cancelled before retrying
-			select {
-			case <-job.checkCtx.Done():
-				// Job context cancelled, stop retrying
-				return job.checkCtx.Err()
-			case <-time.After(time.Millisecond * 500 * time.Duration(attempt)):
-				// Exponential backoff - continue to next attempt
-			}
-		}
-
-		s.logger.Debugf("service %s check failed (attempt %d/%d): %s", serviceName, attempt, job.retries, err)
-	}
-
-	// All attempts failed - record the time of the last attempt
-	if err := s.monitorSvc.RecordFailure(job.checkCtx, job.serviceID, lastErr, lastAttemptResponseTime); err != nil {
-		return fmt.Errorf("failed to record failure for %s: %w", serviceName, err)
-	}
-
-	service, err = s.monitorSvc.GetServiceByID(job.checkCtx, job.serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to get service config for %s: %w", serviceName, err)
-	}
-
-	// Publish update to receiver
-	s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
-		receiver.TriggerServiceEventTypeUpdatedState,
-		service,
-	))
-
-	return nil
+	return s.checker.Stop(ctx)
 }
 
-// checkService manually triggers a check for a specific service
-func (s *Scheduler) checkService(serviceID string) error {
-	job, exists := s.jobs.Load(serviceID)
-	if !exists {
-		return ErrServiceNotFound
-	}
+// onSuccess is called when a service check succeeds
+func (s *Scheduler) onSuccess(ctx context.Context, serviceID string, responseTime time.Duration) error {
+	// Success - record the time of this successful attempt
+	// if err := s.ar.RecordSuccess(ctx, serviceID, responseTime); err != nil {
+	// 	return fmt.Errorf("failed to record success: %w", err)
+	// }
 
-	return s.performCheck(job)
-}
+	// svc, err := s.baseservices.Services().GetViewByID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to get service view: %w", err)
+	// }
 
-// removeJob removes a service dynamically (for runtime removals)
-func (s *Scheduler) removeJob(serviceID string) error {
-	job, exists := s.jobs.Load(serviceID)
-	if !exists {
-		return ErrServiceNotFound
-	}
-
-	// Cancel any ongoing checks for this job
-	if job.checkCancel != nil {
-		job.checkCancel()
-	}
-
-	// Stop the monitoring gracefully
-	select {
-	case <-job.stopChan:
-		// Channel already closed
-	default:
-		close(job.stopChan)
-	}
-	if job.ticker != nil {
-		job.ticker.Stop()
-	}
-
-	// Remove from services map
-	s.jobs.Delete(serviceID)
-
-	return nil
-}
-
-// updateJob updates a service configuration dynamically
-func (s *Scheduler) updateJob(ctx context.Context, svc *storage.Service) error {
-	s.addService(ctx, svc)
+	// // Publish update to receiver
+	// s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+	// 	receiver.TriggerServiceEventTypeUpdatedState,
+	// 	svc,
+	// ))
 
 	return nil
 }
 
-func (s *Scheduler) subscribeEvents(ctx context.Context) error {
-	broker := s.receiver.TriggerService()
-	sub := broker.Subscribe()
-	defer broker.Unsubscribe(sub)
-
-	for ctx.Err() == nil {
-		select {
-		case item := <-sub:
-			switch item.EventType {
-			case receiver.TriggerServiceEventTypeCheck:
-				if err := s.checkService(item.Svc.ID); err != nil {
-					s.logger.Errorf("check service error: %v", err)
-				}
-			case receiver.TriggerServiceEventTypeCreated:
-				s.addService(ctx, item.Svc)
-			case receiver.TriggerServiceEventTypeUpdated:
-				// Check if service was disabled
-				if !item.Svc.IsEnabled {
-					// Remove from monitoring if service is now disabled
-					if err := s.removeJob(item.Svc.ID); err != nil {
-						s.logger.Errorf("remove disabled service error: %v", err)
-					}
-				} else {
-					// Update or add to monitoring if service is enabled
-					if err := s.updateJob(ctx, item.Svc); err != nil {
-						s.logger.Errorf("update service error: %v", err)
-					}
-				}
-			case receiver.TriggerServiceEventTypeDeleted:
-				if err := s.removeJob(item.Svc.ID); err != nil {
-					s.logger.Errorf("remove service error: %v", err)
-				}
-			}
-
-		case <-ctx.Done():
-			return nil
-		}
-	}
+// onFailure is called when a service check fails
+func (s *Scheduler) onFailure(ctx context.Context, serviceID string, checkErr error, responseTime time.Duration) error {
+	// All attempts failed - record the time of the last attempt
+	// if err := s.ar.RecordFailure(ctx, serviceID, checkErr, responseTime); err != nil {
+	// 	return fmt.Errorf("failed to record failure: %w", err)
+	// }
+
+	// svc, err := s.baseservices.Services().GetViewByID(ctx, serviceID)
+	// if err != nil {
+	// 	return fmt.Errorf("failed to get service view: %w", err)
+	// }
+
+	// // Publish update to receiver
+	// s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+	// 	receiver.TriggerServiceEventTypeUpdatedState,
+	// 	svc,
+	// ))
 
 	return nil
 }
diff --git a/internal/servers/cors.go b/internal/servers/cors.go
new file mode 100644
index 0000000..03c5adb
--- /dev/null
+++ b/internal/servers/cors.go
@@ -0,0 +1,26 @@
+package servers
+
+import (
+	"net/http"
+
+	connectcors "connectrpc.com/cors"
+	"github.com/rs/cors"
+)
+
+func withCORS(connectHandler http.Handler) http.Handler {
+	exposedHeaders := connectcors.ExposedHeaders()
+	exposedHeaders = append(exposedHeaders, "Rpc-Error-Code")
+
+	allowedHeaders := connectcors.AllowedHeaders()
+	allowedHeaders = append(allowedHeaders, "Authorization", "Origin", "Access-Control-Allow-Origin", "Accept", "Options", "X-Project-ID")
+
+	c := cors.New(cors.Options{
+		AllowedOrigins: []string{"*"}, // Allow all origins
+		AllowedMethods: connectcors.AllowedMethods(),
+		AllowedHeaders: allowedHeaders,
+		ExposedHeaders: exposedHeaders,
+		MaxAge:         7200, // 2 hours in seconds,
+	})
+
+	return c.Handler(connectHandler)
+}
diff --git a/internal/servers/hutils/email.go b/internal/servers/hutils/email.go
new file mode 100644
index 0000000..0d2d131
--- /dev/null
+++ b/internal/servers/hutils/email.go
@@ -0,0 +1,14 @@
+package hutils
+
+import "strings"
+
+// NormalizeEmail normalizes an email address by trimming whitespace and converting it to lowercase.
+func NormalizeEmail(email string) string {
+	if email == "" {
+		return ""
+	}
+	// Trim whitespace and convert to lowercase
+	email = strings.TrimSpace(email)
+	email = strings.ToLower(email)
+	return email
+}
diff --git a/internal/servers/path_rewriter.go b/internal/servers/path_rewriter.go
new file mode 100644
index 0000000..de8c7f7
--- /dev/null
+++ b/internal/servers/path_rewriter.go
@@ -0,0 +1,43 @@
+package servers
+
+import (
+	"net/http"
+	"strings"
+)
+
+type pathRewriter struct {
+	next       http.Handler
+	rpcBases   []string // "/pkg.Service/"
+	reflection []string // reflection base paths
+}
+
+func (w *pathRewriter) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	p := r.URL.Path
+
+	if strings.HasPrefix(p, "/api") {
+		w.next.ServeHTTP(rw, r)
+		return
+	}
+
+	for _, base := range w.reflection {
+		if p == base || strings.HasPrefix(p, base) {
+			r2 := r.Clone(r.Context())
+			r2.URL = r.URL
+			r2.URL.Path = "/api" + p
+			w.next.ServeHTTP(rw, r2)
+			return
+		}
+	}
+
+	for _, base := range w.rpcBases {
+		if p == base || strings.HasPrefix(p, base) {
+			r2 := r.Clone(r.Context())
+			r2.URL = r.URL
+			r2.URL.Path = "/api" + p
+			w.next.ServeHTTP(rw, r2)
+			return
+		}
+	}
+
+	w.next.ServeHTTP(rw, r)
+}
diff --git a/internal/servers/ptconverts/agents.go b/internal/servers/ptconverts/agents.go
new file mode 100644
index 0000000..2aadf5d
--- /dev/null
+++ b/internal/servers/ptconverts/agents.go
@@ -0,0 +1,136 @@
+package ptconverts
+
+import (
+	"encoding/json"
+
+	agentsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/agents/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertAgentToProto converts a models.Agent to its protobuf representation
+func ConvertAgentToProto(a *models.Agent) (*agentsv1.Agent, error) {
+	config := &agentsv1.AgentConfig{}
+	if err := ConvertAnyToProto(a.Config, config); err != nil {
+		return nil, err
+	}
+
+	res := &agentsv1.Agent{
+		Id:          a.ID,
+		Name:        a.Name,
+		Description: a.Description,
+		TokenHint:   a.TokenHint,
+		Fingerprint: a.Fingerprint,
+		Status:      ConvertAgentStatusToProto(a.Status),
+		Kind:        ConvertAgentKindToProto(a.Kind),
+		IsEnabled:   a.IsEnabled,
+		Location:    a.Location,
+		Tags:        a.Tags,
+		Config:      config,
+		SystemInfo:  ConvertSystemInfoToProto(a.SystemInfo),
+		CreatedAt:   timestamppb.New(a.CreatedAt),
+		UpdatedAt:   timestamppb.New(a.UpdatedAt),
+	}
+
+	if a.LastSeenAt != nil {
+		res.LastSeenAt = timestamppb.New(*a.LastSeenAt)
+	}
+
+	return res, nil
+}
+
+// ConvertAgentFromProto converts a protobuf representation of an agent to its models.Agent representation
+func ConvertAgentFromProto(a *agentsv1.Agent) (*models.Agent, error) {
+	config, err := ConvertAnyFromProto[models.AgentConfig](a.Config)
+	if err != nil {
+		return nil, err
+	}
+
+	res := &models.Agent{
+		ID:          a.Id,
+		Name:        a.Name,
+		Description: a.Description,
+		TokenHint:   a.TokenHint,
+		Fingerprint: a.Fingerprint,
+		Status:      ConvertAgentStatusFromProto(a.Status),
+		Kind:        ConvertAgentKindFromProto(a.Kind),
+		Location:    a.Location,
+		IsEnabled:   a.IsEnabled,
+		Tags:        a.Tags,
+		Config:      config,
+		CreatedAt:   a.CreatedAt.AsTime(),
+		UpdatedAt:   a.UpdatedAt.AsTime(),
+	}
+
+	if a.LastSeenAt != nil {
+		res.LastSeenAt = utils.Pointer(a.LastSeenAt.AsTime())
+	}
+
+	return res, nil
+}
+
+// ConvertAgentStatusToProto converts models.AgentStatusType to its protobuf representation
+func ConvertAgentStatusToProto(status models.AgentStatusType) agentsv1.AgentStatus {
+	switch status {
+	case models.AgentStatusTypeActive:
+		return agentsv1.AgentStatus_AGENT_STATUS_ACTIVE
+	case models.AgentStatusTypeInactive:
+		return agentsv1.AgentStatus_AGENT_STATUS_INACTIVE
+	default:
+		return agentsv1.AgentStatus_AGENT_STATUS_UNSPECIFIED
+	}
+}
+
+// ConvertAgentStatusFromProto converts models.AgentStatusType to its protobuf representation
+func ConvertAgentStatusFromProto(status agentsv1.AgentStatus) models.AgentStatusType {
+	switch status {
+	case agentsv1.AgentStatus_AGENT_STATUS_ACTIVE:
+		return models.AgentStatusTypeActive
+	case agentsv1.AgentStatus_AGENT_STATUS_INACTIVE:
+		return models.AgentStatusTypeInactive
+	default:
+		return models.AgentStatusTypeUnknown
+	}
+}
+
+// ConvertAgentKindToProto converts models.AgentKindType to its protobuf representation
+func ConvertAgentKindToProto(kind models.AgentKindType) agentsv1.AgentKind {
+	switch kind {
+	case models.AgentKindTypeHub:
+		return agentsv1.AgentKind_AGENT_KIND_HUB
+	case models.AgentKindTypeExternal:
+		return agentsv1.AgentKind_AGENT_KIND_EXTERNAL
+	default:
+		return agentsv1.AgentKind_AGENT_KIND_UNSPECIFIED
+	}
+}
+
+// ConvertAgentKindFromProto converts protobuf representation of an agent kind to its models.AgentKindType representation
+func ConvertAgentKindFromProto(kind agentsv1.AgentKind) models.AgentKindType {
+	switch kind {
+	case agentsv1.AgentKind_AGENT_KIND_HUB:
+		return models.AgentKindTypeHub
+	case agentsv1.AgentKind_AGENT_KIND_EXTERNAL:
+		return models.AgentKindTypeExternal
+	default:
+		return ""
+	}
+}
+
+// ConvertAgentConfigToProto converts models.AgentConfig to its protobuf representation
+func ConvertAgentConfigToProto(cfg models.AgentConfig) (*agentsv1.AgentConfig, error) {
+	cfgBytes, err := json.Marshal(cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	var config agentsv1.AgentConfig
+	err = protojson.Unmarshal(cfgBytes, &config)
+	if err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
diff --git a/internal/servers/ptconverts/notifications.go b/internal/servers/ptconverts/notifications.go
new file mode 100644
index 0000000..4a82f15
--- /dev/null
+++ b/internal/servers/ptconverts/notifications.go
@@ -0,0 +1,33 @@
+package ptconverts
+
+import (
+	notificationsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/notifications/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertHistoryViewToProto converts models.NotificationHistoryView to its protobuf representation
+func ConvertHistoryViewToProto(h *models.NotificationHistoryView) *notificationsv1.HistoryItem {
+	item := &notificationsv1.HistoryItem{
+		Id:        h.NotificationHistory.ID,
+		Message:   h.NotificationHistory.Message,
+		Status:    h.NotificationHistory.Status,
+		Attempts:  h.NotificationHistory.Attempts,
+		CreatedAt: timestamppb.New(h.NotificationHistory.CreatedAt),
+		UpdatedAt: timestamppb.New(h.NotificationHistory.UpdatedAt),
+	}
+
+	if h.NotificationHistory.Response != nil {
+		item.Response = h.NotificationHistory.Response
+	}
+	if h.NotificationHistory.ErrorMessage != nil {
+		item.ErrorMessage = h.NotificationHistory.ErrorMessage
+	}
+	if h.NotificationHistory.LastAttemptAt != nil {
+		item.LastAttemptAt = timestamppb.New(*h.NotificationHistory.LastAttemptAt)
+	}
+	if h.NotificationHistory.SentAt != nil {
+		item.SentAt = timestamppb.New(*h.NotificationHistory.SentAt)
+	}
+	return item
+}
diff --git a/internal/servers/ptconverts/projects.go b/internal/servers/ptconverts/projects.go
new file mode 100644
index 0000000..90ea381
--- /dev/null
+++ b/internal/servers/ptconverts/projects.go
@@ -0,0 +1,54 @@
+package ptconverts
+
+import (
+	projectsv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/projects/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertProjectToProto converts a models.Project to its protobuf representation
+func ConvertProjectToProto(p *models.Project) *projectsv1.Project {
+	if p == nil {
+		return new(projectsv1.Project)
+	}
+
+	return &projectsv1.Project{
+		Id:          p.ID,
+		Name:        p.Name,
+		Description: p.Description,
+		Settings:    ConvertProjectSettingsToProto(p.Settings),
+		CreatedAt:   timestamppb.New(p.CreatedAt),
+		UpdatedAt:   timestamppb.New(p.UpdatedAt),
+	}
+}
+
+// ConvertProjectSettingsToProto converts a models.ProjectSettings to its protobuf representation
+func ConvertProjectSettingsToProto(ps models.ProjectSettings) *projectsv1.ProjectSettings {
+	return &projectsv1.ProjectSettings{
+		MonitorDefaults: &projectsv1.ProjectMonitorDefaults{
+			Interval: ps.MonitorDefaults.Interval,
+			Timeout:  ps.MonitorDefaults.Timeout,
+			Retries:  ps.MonitorDefaults.Retries,
+		},
+	}
+}
+
+// ConvertProjectSettingsFromProto converts a protobuf ProjectSettings to its models representation
+func ConvertProjectSettingsFromProto(ps *projectsv1.ProjectSettings) models.ProjectSettings {
+	if ps == nil {
+		return models.ProjectSettings{}
+	}
+
+	monitorDefaults := models.ProjectMonitorDefaults{}
+	if ps.MonitorDefaults != nil {
+		monitorDefaults = models.ProjectMonitorDefaults{
+			Interval: ps.MonitorDefaults.Interval,
+			Timeout:  ps.MonitorDefaults.Timeout,
+			Retries:  ps.MonitorDefaults.Retries,
+		}
+	}
+
+	return models.ProjectSettings{
+		MonitorDefaults: monitorDefaults,
+	}
+}
diff --git a/internal/servers/ptconverts/resources.go b/internal/servers/ptconverts/resources.go
new file mode 100644
index 0000000..6339c34
--- /dev/null
+++ b/internal/servers/ptconverts/resources.go
@@ -0,0 +1,79 @@
+package ptconverts
+
+import (
+	resourcesv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/resources/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertResourceToProto converts a models.Resource to its protobuf representation
+func ConvertResourceToProto(r *models.Resource) (*resourcesv1.Resource, error) {
+	if r == nil {
+		return new(resourcesv1.Resource), nil
+	}
+
+	return &resourcesv1.Resource{
+		Id:          r.ID,
+		ProjectId:   r.ProjectID,
+		Name:        r.Name,
+		Description: r.Description,
+		Kind:        ConvertResourceKindToProto(r.Kind),
+		Tags:        r.Tags,
+		Payload:     ConvertResourcePayloadToProto(r.Payload),
+		CreatedAt:   timestamppb.New(r.CreatedAt),
+		UpdatedAt:   timestamppb.New(r.UpdatedAt),
+	}, nil
+}
+
+// ConvertResourceFromProto converts a protobuf representation of a resource to its models.Resource representation
+func ConvertResourceFromProto(r *resourcesv1.Resource) (*models.Resource, error) {
+	return &models.Resource{
+		ID:          r.Id,
+		ProjectID:   r.ProjectId,
+		Name:        r.Name,
+		Description: r.Description,
+		Kind:        ConvertResourceKindFromProto(r.Kind),
+		Tags:        r.Tags,
+		Payload:     ConvertResourcePayloadFromProto(r.Payload),
+		CreatedAt:   r.CreatedAt.AsTime(),
+		UpdatedAt:   r.UpdatedAt.AsTime(),
+	}, nil
+}
+
+// ConvertResourceKindToProto converts a models.ResourceKind to its protobuf representation
+func ConvertResourceKindToProto(k models.ResourceKindType) resourcesv1.ResourceKind {
+	switch k {
+	case models.ResourceKindTypeUnknown:
+		return resourcesv1.ResourceKind_RESOURCE_KIND_UNSPECIFIED
+	case models.ResourceKindTypeServer:
+		return resourcesv1.ResourceKind_RESOURCE_KIND_SERVER
+	case models.ResourceKindTypeService:
+		return resourcesv1.ResourceKind_RESOURCE_KIND_SERVICE
+	default:
+		return resourcesv1.ResourceKind_RESOURCE_KIND_UNSPECIFIED
+	}
+}
+
+// ConvertResourceKindFromProto converts a protobuf ResourceKind to its models.ResourceKind representation
+func ConvertResourceKindFromProto(k resourcesv1.ResourceKind) models.ResourceKindType {
+	switch k {
+	case resourcesv1.ResourceKind_RESOURCE_KIND_UNSPECIFIED:
+		return models.ResourceKindTypeUnknown
+	case resourcesv1.ResourceKind_RESOURCE_KIND_SERVER:
+		return models.ResourceKindTypeServer
+	case resourcesv1.ResourceKind_RESOURCE_KIND_SERVICE:
+		return models.ResourceKindTypeService
+	default:
+		return models.ResourceKindTypeUnknown
+	}
+}
+
+// ConvertResourcePayloadToProto converts a models.ResourcePayload to its protobuf representation
+func ConvertResourcePayloadToProto(p models.ResourcePayload) *resourcesv1.Payload {
+	return &resourcesv1.Payload{}
+}
+
+// ConvertResourcePayloadFromProto converts a protobuf Payload to its models.ResourcePayload representation
+func ConvertResourcePayloadFromProto(p *resourcesv1.Payload) models.ResourcePayload {
+	return models.ResourcePayload{}
+}
diff --git a/internal/servers/ptconverts/service.go b/internal/servers/ptconverts/service.go
new file mode 100644
index 0000000..7abd448
--- /dev/null
+++ b/internal/servers/ptconverts/service.go
@@ -0,0 +1,199 @@
+package ptconverts
+
+import (
+	servicev1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/service/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+// ConvertServiceToProto converts a models.Service to its protobuf representation
+// func ConvertServiceToProto(svc *models.Service) (*servicev1.Service, error) {
+// 	tags := []string{}
+// 	_ = svc.Tags.ConvertToAny(&tags)
+
+// 	var cfg monitors.Config
+// 	if err := json.Unmarshal(svc.Config, &cfg); err != nil {
+// 		return nil, err
+// 	}
+
+// 	config := &servicev1.ServiceConfig{}
+// 	if cfg.HTTP != nil {
+// 		endpoints := make([]*servicev1.HTTPConfig_EndpointConfig, 0, len(cfg.HTTP.Endpoints))
+// 		for _, ep := range cfg.HTTP.Endpoints {
+// 			endpoints = append(endpoints, &servicev1.HTTPConfig_EndpointConfig{
+// 				Name:           ep.Name,
+// 				Url:            ep.URL,
+// 				Method:         ep.Method,
+// 				Headers:        ep.Headers,
+// 				Body:           ep.Body,
+// 				ExpectedStatus: int32(ep.ExpectedStatus),
+// 				JsonPath:       ep.JSONPath,
+// 				Username:       ep.Username,
+// 				Password:       ep.Password,
+// 			})
+// 		}
+
+// 		config.HttpConfig = &servicev1.HTTPConfig{
+// 			Endpoints: endpoints,
+// 			Condition: cfg.HTTP.Condition,
+// 		}
+// 	}
+
+// 	if cfg.TCP != nil {
+// 		config.TcpConfig = &servicev1.TCPConfig{
+// 			Endpoint:   cfg.TCP.Endpoint,
+// 			SendData:   cfg.TCP.SendData,
+// 			ExpectData: cfg.TCP.ExpectData,
+// 		}
+// 	}
+
+// 	if cfg.GRPC != nil {
+// 		config.GrpcConfig = &servicev1.GRPCConfig{
+// 			Endpoint:    cfg.GRPC.Endpoint,
+// 			CheckType:   cfg.GRPC.CheckType,
+// 			ServiceName: cfg.GRPC.ServiceName,
+// 			Tls:         cfg.GRPC.TLS,
+// 			InsecureTls: cfg.GRPC.InsecureTLS,
+// 		}
+// 	}
+
+// 	return &servicev1.Service{
+// 		Id:                     svc.ID,
+// 		Name:                   svc.Name,
+// 		Protocol:               ConvertServiceProtocolToProto(svc.Protocol),
+// 		Interval:               svc.Interval,
+// 		Timeout:                svc.Timeout,
+// 		Retries:                svc.Retries,
+// 		Tags:                   tags,
+// 		Config:                 config,
+// 		IsNotificationsEnabled: svc.IsNotificationsEnabled,
+// 		IsEnabled:              svc.IsEnabled,
+// 		CreatedAt:              timestamppb.New(svc.CreatedAt),
+// 		UpdatedAt:              timestamppb.New(svc.UpdatedAt),
+// 	}, nil
+// }
+
+// ConvertServiceFromProto converts a protobuf Service to its models representation
+// func ConvertServiceFromProto(svc *servicev1.Service) (*models.Service, error) {
+// 	var tags storecmn.JSONField
+// 	tags, _ = json.Marshal(svc.Tags)
+
+// 	cfg := monitors.Config{}
+
+// 	if c := svc.GetConfig(); c != nil {
+// 		if httpCfg := c.GetHttpConfig(); httpCfg != nil {
+// 			endpoints := make([]monitors.EndpointConfig, 0, len(httpCfg.Endpoints))
+// 			for _, ep := range httpCfg.Endpoints {
+// 				endpoints = append(endpoints, monitors.EndpointConfig{
+// 					Name:           ep.Name,
+// 					URL:            ep.Url,
+// 					Method:         ep.Method,
+// 					Headers:        ep.Headers,
+// 					Body:           ep.Body,
+// 					ExpectedStatus: int(ep.ExpectedStatus),
+// 					JSONPath:       ep.JsonPath,
+// 					Username:       ep.Username,
+// 					Password:       ep.Password,
+// 				})
+// 			}
+
+// 			cfg.HTTP = &monitors.HTTPConfig{
+// 				Endpoints: endpoints,
+// 				Condition: httpCfg.Condition,
+// 			}
+// 		}
+
+// 		if tcpCfg := c.GetTcpConfig(); tcpCfg != nil {
+// 			cfg.TCP = &monitors.TCPConfig{
+// 				Endpoint:   tcpCfg.Endpoint,
+// 				SendData:   tcpCfg.SendData,
+// 				ExpectData: tcpCfg.ExpectData,
+// 			}
+// 		}
+
+// 		if grpcCfg := c.GetGrpcConfig(); grpcCfg != nil {
+// 			cfg.GRPC = &monitors.GRPCConfig{
+// 				Endpoint:    grpcCfg.Endpoint,
+// 				CheckType:   grpcCfg.CheckType,
+// 				ServiceName: grpcCfg.ServiceName,
+// 				TLS:         grpcCfg.Tls,
+// 				InsecureTLS: grpcCfg.InsecureTls,
+// 			}
+// 		}
+// 	}
+
+// 	config, err := json.Marshal(cfg)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	return &models.Service{
+// 		ID:                     svc.Id,
+// 		Name:                   svc.Name,
+// 		Protocol:               ConvertServiceProtocolFromProto(svc.Protocol),
+// 		Interval:               svc.Interval,
+// 		Timeout:                svc.Timeout,
+// 		Retries:                svc.Retries,
+// 		Tags:                   tags,
+// 		Config:                 config,
+// 		IsNotificationsEnabled: svc.IsNotificationsEnabled,
+// 		IsEnabled:              svc.IsEnabled,
+// 		CreatedAt:              svc.CreatedAt.AsTime(),
+// 		UpdatedAt:              svc.UpdatedAt.AsTime(),
+// 	}, nil
+// }
+
+// ConvertServiceProtocolToProto converts models.ServiceProtocolType to its protobuf representation
+func ConvertServiceProtocolToProto(protocol models.ServiceProtocolType) servicev1.ServiceProtocol {
+	switch protocol {
+	case models.ServiceProtocolTypeHTTP:
+		return servicev1.ServiceProtocol_SERVICE_PROTOCOL_HTTP
+	case models.ServiceProtocolTypeTCP:
+		return servicev1.ServiceProtocol_SERVICE_PROTOCOL_TCP
+	case models.ServiceProtocolTypeGRPC:
+		return servicev1.ServiceProtocol_SERVICE_PROTOCOL_GRPC
+	default:
+		return servicev1.ServiceProtocol_SERVICE_PROTOCOL_UNSPECIFIED
+	}
+}
+
+// ConvertServiceProtocolFromProto converts servicev1.ServiceProtocol to models.ServiceProtocolType
+func ConvertServiceProtocolFromProto(protocol servicev1.ServiceProtocol) models.ServiceProtocolType {
+	switch protocol {
+	case servicev1.ServiceProtocol_SERVICE_PROTOCOL_HTTP:
+		return models.ServiceProtocolTypeHTTP
+	case servicev1.ServiceProtocol_SERVICE_PROTOCOL_TCP:
+		return models.ServiceProtocolTypeTCP
+	case servicev1.ServiceProtocol_SERVICE_PROTOCOL_GRPC:
+		return models.ServiceProtocolTypeGRPC
+	default:
+		return models.ServiceProtocolTypeUnknown
+	}
+}
+
+// ConvertServiceStatusToProto converts models.ServiceStatus to its protobuf representation
+func ConvertServiceStatusToProto(status models.ServiceStatus) servicev1.ServiceStatus {
+	switch status {
+	case models.ServiceStatusUnknown:
+		return servicev1.ServiceStatus_SERVICE_STATUS_UNKNOWN
+	case models.ServiceStatusUp:
+		return servicev1.ServiceStatus_SERVICE_STATUS_UP
+	case models.ServiceStatusDown:
+		return servicev1.ServiceStatus_SERVICE_STATUS_DOWN
+	default:
+		return servicev1.ServiceStatus_SERVICE_STATUS_UNSPECIFIED
+	}
+}
+
+// ConvertServiceStatusFromProto converts servicev1.ServiceStatus to models.ServiceStatus
+func ConvertServiceStatusFromProto(status servicev1.ServiceStatus) models.ServiceStatus {
+	switch status {
+	case servicev1.ServiceStatus_SERVICE_STATUS_UNKNOWN:
+		return models.ServiceStatusUnknown
+	case servicev1.ServiceStatus_SERVICE_STATUS_UP:
+		return models.ServiceStatusUp
+	case servicev1.ServiceStatus_SERVICE_STATUS_DOWN:
+		return models.ServiceStatusDown
+	default:
+		return models.ServiceStatusUnknown
+	}
+}
diff --git a/internal/servers/ptconverts/system_info.go b/internal/servers/ptconverts/system_info.go
new file mode 100644
index 0000000..45745c0
--- /dev/null
+++ b/internal/servers/ptconverts/system_info.go
@@ -0,0 +1,54 @@
+package ptconverts
+
+import (
+	systemv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/system/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertSystemInfoToProto converts models.SystemInfo to its protobuf representation
+func ConvertSystemInfoToProto(info models.SystemInfo) *systemv1.SystemInfo {
+	res := &systemv1.SystemInfo{
+		Version:       info.Version,
+		CommitHash:    info.CommitHash,
+		BuildDate:     info.BuildDate,
+		GoVersion:     info.GoVersion,
+		SqliteVersion: info.SqliteVersion,
+		Os:            info.OS,
+		Arch:          info.Arch,
+		Hostname:      info.Hostname,
+		KernelVersion: info.KernelVersion,
+		IpAddress:     info.IpAddress,
+		CpuModel:      info.CpuModel,
+	}
+
+	if info.StartedAt != nil && !info.StartedAt.IsZero() {
+		res.StartedAt = timestamppb.New(*info.StartedAt)
+	}
+
+	return res
+}
+
+// ConvertSystemInfoFromProto converts systemv1.SystemInfo to its models representation
+func ConvertSystemInfoFromProto(info *systemv1.SystemInfo) models.SystemInfo {
+	res := models.SystemInfo{
+		Version:       info.Version,
+		CommitHash:    info.CommitHash,
+		BuildDate:     info.BuildDate,
+		GoVersion:     info.GoVersion,
+		SqliteVersion: info.SqliteVersion,
+		OS:            info.Os,
+		Arch:          info.Arch,
+		Hostname:      info.Hostname,
+		KernelVersion: info.KernelVersion,
+		IpAddress:     info.IpAddress,
+		CpuModel:      info.CpuModel,
+	}
+
+	if info.StartedAt != nil && info.StartedAt.IsValid() && !info.StartedAt.AsTime().IsZero() {
+		t := info.StartedAt.AsTime()
+		res.StartedAt = &t
+	}
+
+	return res
+}
diff --git a/internal/servers/ptconverts/users.go b/internal/servers/ptconverts/users.go
new file mode 100644
index 0000000..1dd5f9b
--- /dev/null
+++ b/internal/servers/ptconverts/users.go
@@ -0,0 +1,41 @@
+package ptconverts
+
+import (
+	usersv1 "github.com/sxwebdev/sentinel/internal/hub/hubserver/api/sentinel/users/v1"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+// ConvertUserToProto converts a models.User to its protobuf representation
+func ConvertUserToProto(u *models.User) *usersv1.User {
+	if u == nil {
+		return new(usersv1.User)
+	}
+
+	return &usersv1.User{
+		Id:        u.ID,
+		Email:     u.Email,
+		FullName:  u.FullName,
+		Role:      u.Role,
+		AvatarUrl: u.Avatar,
+		CreatedAt: timestamppb.New(u.CreatedAt),
+		UpdatedAt: timestamppb.New(u.UpdatedAt),
+	}
+}
+
+// ConvertUserFromProto converts a protobuf User to its models representation
+func ConvertUserFromProto(u *usersv1.User) *models.User {
+	if u == nil {
+		return nil
+	}
+
+	return &models.User{
+		ID:        u.Id,
+		Email:     u.Email,
+		FullName:  u.FullName,
+		Role:      models.UserRole(u.Role),
+		Avatar:    u.AvatarUrl,
+		CreatedAt: u.CreatedAt.AsTime(),
+		UpdatedAt: u.UpdatedAt.AsTime(),
+	}
+}
diff --git a/internal/servers/ptconverts/utils.go b/internal/servers/ptconverts/utils.go
new file mode 100644
index 0000000..078bfb1
--- /dev/null
+++ b/internal/servers/ptconverts/utils.go
@@ -0,0 +1,48 @@
+package ptconverts
+
+import (
+	"encoding/json"
+	"errors"
+
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
+// ConvertAnyFromProto converts a proto message to a specific type.
+func ConvertAnyFromProto[T any](m proto.Message) (T, error) {
+	var zero T
+	if m == nil {
+		return zero, errors.New("empty proto message")
+	}
+
+	b, err := protojson.Marshal(m)
+	if err != nil {
+		return zero, err
+	}
+
+	err = json.Unmarshal(b, &zero)
+	if err != nil {
+		return zero, err
+	}
+
+	return zero, nil
+}
+
+// ConvertAnyToProto converts a specific type to a proto message.
+func ConvertAnyToProto[T any](v T, m proto.Message) error {
+	if m == nil {
+		return errors.New("empty proto message")
+	}
+
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	err = protojson.Unmarshal(b, m)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/servers/servers.go b/internal/servers/servers.go
new file mode 100644
index 0000000..d36526e
--- /dev/null
+++ b/internal/servers/servers.go
@@ -0,0 +1,156 @@
+package servers
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"connectrpc.com/authn"
+	"connectrpc.com/connect"
+	"connectrpc.com/grpcreflect"
+	"github.com/sxwebdev/sentinel/internal/alertresolver"
+	"github.com/sxwebdev/sentinel/internal/apiserver"
+	"github.com/sxwebdev/sentinel/internal/hub/hubserver"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/baseservices"
+	"github.com/sxwebdev/sentinel/pkg/locker"
+	"github.com/sxwebdev/sentinel/pkg/rbacconnect"
+	"github.com/tkcrm/mx/logger"
+	"go.akshayshah.org/connectproto"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+type Servers struct {
+	httpServer *http.Server
+}
+
+func New(
+	gCtx context.Context,
+	l logger.Logger,
+	addr string,
+	bs *baseservices.BaseServices,
+	ar *alertresolver.AlertResolver,
+	systemInfo *models.SystemInfo,
+	availableUpdateData *locker.Locker[models.AvailableUpdate],
+) *Servers {
+	as := apiserver.New(gCtx, l, bs, systemInfo, availableUpdateData)
+
+	hs := hubserver.New(gCtx, l, bs, ar)
+
+	mux := http.NewServeMux()
+
+	opts := []connect.HandlerOption{
+		connectproto.WithJSON(
+			protojson.MarshalOptions{EmitUnpopulated: true},
+			protojson.UnmarshalOptions{DiscardUnknown: true},
+		),
+	}
+
+	var rpcBases []string
+
+	// register hubserver handler
+	hubServerPath, hubServerhandler := hs.RegisterHandler(opts...)
+	rpcBases = append(rpcBases, hubServerPath)
+	mux.Handle(
+		"/api"+hubServerPath,
+		withCORS(
+			http.StripPrefix("/api", hubserver.
+				NewInterceptor(l, bs).
+				ConnectRPCAuthMiddleware().
+				Wrap(hubServerhandler),
+			),
+		),
+	)
+
+	rbacProvider := rbacconnect.NewProvider(apiserver.UserPolicy())
+	rbacRoleExtractor := rbacconnect.RoleExtractorFunc(func(ctx context.Context) ([]rbacconnect.Role, error) {
+		ud, ok := authn.GetInfo(ctx).(*apiserver.UserDataContext)
+		if !ok || ud == nil || ud.User == nil {
+			return []rbacconnect.Role{apiserver.UserRoleAnonymous}, nil
+		}
+
+		roles := []rbacconnect.Role{ud.User.Role}
+
+		if ud.Project == nil {
+			roles = append(roles, apiserver.UserRoleSetup)
+		}
+
+		return roles, nil
+	})
+
+	rbacInterceptor := rbacconnect.NewInterceptor(rbacProvider, rbacconnect.Options{
+		RoleExtractor: rbacRoleExtractor,
+	})
+
+	asMiddlewares := apiserver.NewMiddlewares(bs, rbacProvider)
+
+	// register all apiserver handlers
+	for _, srv := range as.AllServers() {
+		path, h := srv.RegisterHandler(
+			append(opts, connect.WithInterceptors(rbacInterceptor))...,
+		)
+		rpcBases = append(rpcBases, path)
+		mux.Handle(
+			"/api"+path,
+			withCORS(http.StripPrefix("/api", asMiddlewares.Auth().Wrap(h))),
+		)
+	}
+
+	// init gRPC reflection
+	allServerNames := append(as.AllServerNames(), hs.Name())
+	ref := grpcreflect.NewStaticReflector(allServerNames...)
+
+	// gRPC reflection handlers
+	v1Path, v1Handler := grpcreflect.NewHandlerV1(ref)
+	v1aPath, v1aHandler := grpcreflect.NewHandlerV1Alpha(ref)
+	mux.Handle("/api"+v1Path, http.StripPrefix("/api", v1Handler))
+	mux.Handle("/api"+v1aPath, http.StripPrefix("/api", v1aHandler))
+
+	// register spa server
+	mux.Handle("/", spaFileServer("index.html"))
+
+	final := &pathRewriter{
+		next:       mux,
+		rpcBases:   rpcBases,
+		reflection: []string{v1Path, v1aPath},
+	}
+
+	return &Servers{
+		httpServer: &http.Server{
+			Addr:              addr,
+			Handler:           h2c.NewHandler(final, &http2.Server{}),
+			ReadHeaderTimeout: time.Second * 10,
+		},
+	}
+}
+
+// Name returns the name of the servers
+func (s *Servers) Name() string { return "servers" }
+
+// Start starts the servers
+func (s *Servers) Start(ctx context.Context) error {
+	errChan := make(chan error, 1)
+	go func() {
+		if err := s.httpServer.ListenAndServe(); err != nil {
+			errChan <- err
+		}
+	}()
+
+	select {
+	case err := <-errChan:
+		return err
+	case <-ctx.Done():
+	}
+
+	return nil
+}
+
+// Stop stops the servers
+func (s *Servers) Stop(ctx context.Context) error {
+	if s.httpServer == nil {
+		return nil
+	}
+	return s.httpServer.Shutdown(ctx)
+}
diff --git a/internal/servers/spa.go b/internal/servers/spa.go
new file mode 100644
index 0000000..8b54f72
--- /dev/null
+++ b/internal/servers/spa.go
@@ -0,0 +1,41 @@
+package servers
+
+import (
+	"io/fs"
+	"net/http"
+	"path"
+	"strings"
+
+	"github.com/sxwebdev/sentinel/frontend"
+)
+
+func spaFileServer(index string) http.Handler {
+	sub, err := fs.Sub(frontend.StaticFS, "dist")
+	if err != nil {
+		return http.NotFoundHandler()
+	}
+	static := http.FileServer(http.FS(sub))
+
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// не перехватываем API-префикс
+		if r.URL.Path == "/api" || strings.HasPrefix(r.URL.Path, "/api/") {
+			http.NotFound(w, r)
+			return
+		}
+		upath := path.Clean(r.URL.Path)
+		if upath == "/" {
+			upath = "/" + index
+		}
+		// отдать файл, если есть
+		if f, err := sub.Open(strings.TrimPrefix(upath, "/")); err == nil {
+			_ = f.Close()
+			static.ServeHTTP(w, r)
+			return
+		}
+		// иначе — SPA fallback на index.html
+		r2 := *r
+		r2.URL = r.URL
+		r2.URL.Path = "/" + index
+		static.ServeHTTP(w, &r2)
+	})
+}
diff --git a/internal/services/agents/methods.go b/internal/services/agents/methods.go
new file mode 100644
index 0000000..94f5154
--- /dev/null
+++ b/internal/services/agents/methods.go
@@ -0,0 +1,306 @@
+package agents
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"slices"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/repos"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_agents"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"github.com/tkcrm/modules/pkg/db/dbutils"
+)
+
+// GetByID retrieves an agent by its ID
+func (s *Service) GetByID(ctx context.Context, id string) (*models.Agent, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	agent, err := s.store.Agents().GetByID(ctx, id)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return agent, nil
+}
+
+// GetByIDAndProjectID retrieves an agent by its ID
+func (s *Service) GetByIDAndProjectID(ctx context.Context, id string, projectID string) (*models.Agent, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	agent, err := s.store.Agents().GetByIDAndProjectID(ctx, id, projectID)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return agent, nil
+}
+
+type CreateParams struct {
+	Name        string
+	Kind        models.AgentKindType
+	Description string
+	Tags        []string
+	Config      models.AgentConfig
+	IsEnabled   bool
+	ProjectID   string
+}
+
+// Validate
+func (p CreateParams) Validate() error {
+	if p.Name == "" {
+		return fmt.Errorf("name is required")
+	}
+
+	if err := p.Kind.Validate(); err != nil {
+		return fmt.Errorf("kind is invalid: %w", err)
+	}
+
+	if p.ProjectID == "" {
+		return fmt.Errorf("project_id is required")
+	}
+
+	return nil
+}
+
+type CreateResponse struct {
+	ID          string                 `json:"id"`
+	Name        string                 `json:"name"`
+	Description string                 `json:"description"`
+	Token       string                 `json:"token"`
+	TokenHint   string                 `json:"token_hint"`
+	Status      models.AgentStatusType `json:"status"`
+	IsEnabled   bool                   `json:"is_enabled"`
+	Tags        []string               `json:"tags"`
+	Config      models.AgentConfig     `json:"config"`
+	CreatedAt   time.Time              `json:"created_at"`
+}
+
+// Create a new agent
+func (s *Service) Create(ctx context.Context, params CreateParams, opts ...repos.Option) (*CreateResponse, error) {
+	if len(params.Tags) > 0 {
+		slices.Sort(params.Tags)
+	}
+
+	if err := params.Validate(); err != nil {
+		return nil, fmt.Errorf("validation error: %w", err)
+	}
+
+	id := utils.GenerateULID()
+	token, secret, tokenHint, err := NewAgentToken(id)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate agent token: %w", err)
+	}
+
+	// Hash the secret using Argon2id
+	secretHash, err := HashSecretArgon2id(secret, DefaultArgon2)
+	if err != nil {
+		return nil, fmt.Errorf("failed to hash agent secret: %w", err)
+	}
+
+	createParams := repo_agents.CreateParams{
+		ID:          id,
+		Name:        params.Name,
+		Description: params.Description,
+		SecretHash:  secretHash,
+		TokenHint:   tokenHint,
+		Kind:        params.Kind,
+		Tags:        params.Tags,
+		IsEnabled:   params.IsEnabled,
+		Config:      params.Config,
+		ProjectID:   params.ProjectID,
+	}
+
+	item, err := s.store.Agents(opts...).Create(ctx, createParams)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create agent: %w", err)
+	}
+
+	result := CreateResponse{
+		ID:          item.ID,
+		Name:        item.Name,
+		Description: item.Description,
+		Token:       token,
+		TokenHint:   tokenHint,
+		Status:      item.Status,
+		IsEnabled:   item.IsEnabled,
+		Tags:        params.Tags,
+		Config:      params.Config,
+		CreatedAt:   item.CreatedAt,
+	}
+
+	s.dispatcher.Agents().Publish(dispatcher.NewBaseMessage(dispatcher.EventTypeCreate, params.ProjectID))
+
+	return &result, nil
+}
+
+// Delete an existing agent
+func (s *Service) Delete(ctx context.Context, id, projectID string) error {
+	if id == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	// get agent
+	agent, err := s.store.Agents().GetByIDAndProjectID(ctx, id, projectID)
+	if err != nil {
+		return err
+	}
+
+	// prevent deleting hub agents
+	if agent.Kind == models.AgentKindTypeHub {
+		return fmt.Errorf("hub agents cannot be deleted")
+	}
+
+	if err := s.store.Agents().Delete(ctx, id, projectID); err != nil {
+		return err
+	}
+
+	s.dispatcher.Agents().Publish(dispatcher.NewBaseMessage(dispatcher.EventTypeDelete, projectID))
+
+	return nil
+}
+
+type FindParams = repo_agents.FindParams
+
+// Find all agents with given filters and pagination
+func (s *Service) Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Agent], error) {
+	agents, err := s.store.Agents().Find(ctx, params)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, agent := range agents.Items {
+		if agent.Kind == models.AgentKindTypeHub {
+			agent.TokenHint = "-"
+			agent.Status = models.AgentStatusTypeActive
+			agent.LastSeenAt = utils.Pointer(time.Now())
+			agent.SystemInfo = *s.systemInfo
+		}
+	}
+
+	return agents, nil
+}
+
+type UpdateParams struct {
+	Name        string
+	Description string
+	Fingerprint *string
+	Status      models.AgentStatusType
+	IsEnabled   bool
+	Tags        []string
+	Config      models.AgentConfig
+	SystemInfo  models.SystemInfo
+	LastSeenAt  *time.Time
+	FieldMask   dbutils.FieldMask[repo_agents.ColumnName]
+}
+
+// Validate
+func (p UpdateParams) Validate() error {
+	if p.FieldMask.Contains(repo_agents.ColumnNameAgentsName) && p.Name == "" {
+		return fmt.Errorf("name is required")
+	}
+
+	if p.FieldMask.Contains(repo_agents.ColumnNameAgentsFingerprint) && (p.Fingerprint == nil || *p.Fingerprint == "") {
+		return fmt.Errorf("fingerprint is required")
+	}
+
+	return nil
+}
+
+// Update an existing agent
+func (s *Service) Update(ctx context.Context, id, projectID string, params UpdateParams) (*models.Agent, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	if err := params.Validate(); err != nil {
+		return nil, fmt.Errorf("validation error: %w", err)
+	}
+
+	if len(params.Tags) > 0 {
+		slices.Sort(params.Tags)
+	}
+
+	updateParams := repo_agents.UpdateRequest{
+		Agent: models.Agent{
+			Name:        params.Name,
+			Description: params.Description,
+			Fingerprint: params.Fingerprint,
+			Status:      params.Status,
+			IsEnabled:   params.IsEnabled,
+			Tags:        params.Tags,
+			Config:      params.Config,
+			SystemInfo:  params.SystemInfo,
+			LastSeenAt:  params.LastSeenAt,
+		},
+		FieldMask: params.FieldMask,
+	}
+
+	item, err := s.store.Agents().Update(ctx, id, updateParams)
+	if err != nil {
+		return nil, err
+	}
+
+	s.dispatcher.Agents().Publish(dispatcher.NewBaseMessage(dispatcher.EventTypeUpdate, projectID))
+
+	return item, nil
+}
+
+// CheckAndUpsertFingerprint checks if the fingerprint is unique and updates it if so
+func (s *Service) CheckAndUpsertFingerprint(ctx context.Context, id, projectID, fingerprint string) error {
+	if id == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	if fingerprint == "" {
+		return fmt.Errorf("fingerprint is required")
+	}
+
+	// Check if the fingerprint is already used by another agent
+	existingAgent, err := s.GetByIDAndProjectID(ctx, id, projectID)
+	if err != nil {
+		return err
+	}
+
+	if existingAgent.Fingerprint != nil && *existingAgent.Fingerprint != fingerprint {
+		return fmt.Errorf("agent already has a different fingerprint")
+	}
+
+	// Update the agent with the new fingerprint
+	updateParams := repo_agents.UpdateRequest{
+		Agent: models.Agent{
+			Fingerprint: &fingerprint,
+			LastSeenAt:  utils.Pointer(time.Now()),
+		},
+		FieldMask: dbutils.FieldMask[repo_agents.ColumnName]{
+			repo_agents.ColumnNameAgentsFingerprint,
+			repo_agents.ColumnNameAgentsLastSeenAt,
+		},
+	}
+
+	_, err = s.store.Agents().Update(ctx, id, updateParams)
+	if err != nil {
+		return err
+	}
+
+	s.dispatcher.Agents().Publish(
+		dispatcher.NewBaseMessage(dispatcher.EventTypeUpdate, existingAgent.ProjectID),
+	)
+
+	return nil
+}
diff --git a/internal/services/agents/service.go b/internal/services/agents/service.go
new file mode 100644
index 0000000..f0ce7b4
--- /dev/null
+++ b/internal/services/agents/service.go
@@ -0,0 +1,22 @@
+package agents
+
+import (
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store      *store.Store
+	dispatcher *dispatcher.Dispatcher
+
+	systemInfo *models.SystemInfo
+}
+
+func New(store *store.Store, dispatcher *dispatcher.Dispatcher, systemInfo *models.SystemInfo) *Service {
+	return &Service{
+		store:      store,
+		dispatcher: dispatcher,
+		systemInfo: systemInfo,
+	}
+}
diff --git a/internal/services/agents/token.go b/internal/services/agents/token.go
new file mode 100644
index 0000000..4755236
--- /dev/null
+++ b/internal/services/agents/token.go
@@ -0,0 +1,156 @@
+package agents
+
+import (
+	cryptorand "crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+
+	"golang.org/x/crypto/argon2"
+)
+
+func ParseAuthHeader(h string) (agentID, secret string, err error) {
+	const pfx = "Sentinel "
+	if !strings.HasPrefix(h, pfx) {
+		return "", "", errors.New("no Sentinel auth header")
+	}
+	tok := strings.TrimSpace(strings.TrimPrefix(h, pfx))
+	if !strings.HasPrefix(tok, "snt_") {
+		return "", "", errors.New("bad token prefix")
+	}
+	body := strings.TrimPrefix(tok, "snt_")
+	dot := strings.IndexByte(body, '.')
+	if dot <= 0 || dot == len(body)-1 {
+		return "", "", errors.New("bad token format")
+	}
+	return body[:dot], body[dot+1:], nil
+}
+
+func NewAgentToken(agentID string) (token string, secret string, tokenHint string, err error) {
+	if agentID == "" {
+		return "", "", "", errors.New("agentID is empty")
+	}
+	sec := make([]byte, 32)
+	if _, err = io.ReadFull(cryptorand.Reader, sec); err != nil {
+		return "", "", "", fmt.Errorf("rand: %w", err)
+	}
+	secret = base64.RawURLEncoding.EncodeToString(sec)
+	token = "snt_" + agentID + "." + secret
+
+	if len(secret) >= 6 {
+		tokenHint = "snt_" + agentID[:3] + "..." + secret[len(secret)-6:]
+	} else {
+		tokenHint = "snt_" + agentID[:3] + "..." + secret
+	}
+	return token, secret, tokenHint, nil
+}
+
+type Argon2Params struct {
+	Time        uint32 // iterations
+	MemoryKiB   uint32 // memory in KiB (64*1024 = 64 MiB)
+	Parallelism uint8
+	SaltLen     uint32
+	KeyLen      uint32
+}
+
+// Default parameters: ~64 MiB, 3 iterations, 1 thread.
+var DefaultArgon2 = Argon2Params{
+	Time:        3,
+	MemoryKiB:   64 * 1024,
+	Parallelism: 1,
+	SaltLen:     16,
+	KeyLen:      32,
+}
+
+func HashSecretArgon2id(secret string, p Argon2Params) (string, error) {
+	if secret == "" {
+		return "", errors.New("empty secret")
+	}
+	salt := make([]byte, p.SaltLen)
+	if _, err := io.ReadFull(cryptorand.Reader, salt); err != nil {
+		return "", fmt.Errorf("salt rand: %w", err)
+	}
+	sum := argon2.IDKey([]byte(secret), salt, p.Time, p.MemoryKiB, p.Parallelism, p.KeyLen)
+	return fmt.Sprintf("$argon2id$v=19$m=%d,t=%d,p=%d$%s$%s",
+		p.MemoryKiB, p.Time, p.Parallelism,
+		base64.RawStdEncoding.EncodeToString(salt),
+		base64.RawStdEncoding.EncodeToString(sum),
+	), nil
+}
+
+// VerifySecret compares the secret with the stored hash
+func VerifySecret(secret, stored string) (bool, error) {
+	// expects: $argon2id$v=19$m=...,t=...,p=...$<salt>$<sum>
+	if !strings.HasPrefix(stored, "$argon2id$") {
+		return false, errors.New("bad argon2id header")
+	}
+	parts := strings.Split(stored, "$")
+	// ["", "argon2id", "v=19", "m=..,t=..,p=..", "<salt>", "<sum>"]
+	if len(parts) != 6 {
+		return false, errors.New("bad argon2id format")
+	}
+	if parts[2] != "v=19" {
+		return false, errors.New("unsupported argon2 version")
+	}
+	// m=..,t=..,p=..
+	var mem uint32
+	var tim uint32
+	var par uint8
+
+	for kv := range strings.SplitSeq(parts[3], ",") {
+		kvp := strings.SplitN(kv, "=", 2)
+		if len(kvp) != 2 {
+			return false, errors.New("bad argon2 params")
+		}
+		switch kvp[0] {
+		case "m":
+			var v uint64
+			_, err := fmt.Sscan(kvp[1], &v)
+			if err != nil {
+				return false, err
+			}
+			mem = uint32(v)
+		case "t":
+			var v uint64
+			_, err := fmt.Sscan(kvp[1], &v)
+			if err != nil {
+				return false, err
+			}
+			tim = uint32(v)
+		case "p":
+			var v uint64
+			_, err := fmt.Sscan(kvp[1], &v)
+			if err != nil {
+				return false, err
+			}
+			par = uint8(v)
+		default:
+			return false, errors.New("unknown argon2 param")
+		}
+	}
+
+	saltB, err := base64.RawStdEncoding.DecodeString(parts[4])
+	if err != nil {
+		return false, fmt.Errorf("salt decode: %w", err)
+	}
+
+	sumB, err := base64.RawStdEncoding.DecodeString(parts[5])
+	if err != nil {
+		return false, fmt.Errorf("sum decode: %w", err)
+	}
+
+	got := argon2.IDKey([]byte(secret), saltB, tim, mem, par, uint32(len(sumB)))
+	if len(got) != len(sumB) {
+		return false, nil
+	}
+
+	// Checksum comparison without leaking timing info
+	var v byte
+	for i := range got {
+		v |= got[i] ^ sumB[i]
+	}
+
+	return v == 0, nil
+}
diff --git a/internal/services/agents/token_test.go b/internal/services/agents/token_test.go
new file mode 100644
index 0000000..0dbf650
--- /dev/null
+++ b/internal/services/agents/token_test.go
@@ -0,0 +1,33 @@
+package agents_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+)
+
+func TestNewAgentToken(t *testing.T) {
+	agentID := "01K5XS2JAQR651FDX9FSYGYSDE"
+	token, secret, tokenHint, err := agents.NewAgentToken(agentID)
+	require.NoError(t, err)
+
+	require.NotEmpty(t, token)
+	require.NotEmpty(t, secret)
+	require.NotEmpty(t, tokenHint)
+
+	fmt.Println("Token:", token)
+	fmt.Println("Secret:", secret)
+	fmt.Println("Token Hint:", tokenHint)
+
+	hashedSecret, err := agents.HashSecretArgon2id(secret, agents.DefaultArgon2)
+	require.NoError(t, err)
+	require.NotEmpty(t, hashedSecret)
+
+	fmt.Println("Hashed Secret:", hashedSecret)
+
+	valid, err := agents.VerifySecret(secret, hashedSecret)
+	require.NoError(t, err)
+	require.True(t, valid)
+}
diff --git a/internal/services/auth/authenticate.go b/internal/services/auth/authenticate.go
new file mode 100644
index 0000000..44faf57
--- /dev/null
+++ b/internal/services/auth/authenticate.go
@@ -0,0 +1,41 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type AuthenticateResponse[TUser IUser] struct {
+	User TUser
+	Role string
+}
+
+func (s *Service[TUser]) Authenticate(ctx context.Context, accessToken string) (*AuthenticateResponse[TUser], error) {
+	if accessToken == "" {
+		return nil, ErrEmptyAccessToken
+	}
+
+	tokenData, err := s.manager.Authenticate(ctx, accessToken)
+	if err != nil {
+		return nil, fmt.Errorf("failed to authenticate: %w", err)
+	}
+
+	// get user
+	user, err := s.userStore.GetByID(ctx, tokenData.UserID)
+	if err != nil {
+		if errors.Is(err, storecmn.ErrNotFound) {
+			return nil, storecmn.ErrUserNotFound
+		}
+		return nil, fmt.Errorf("get user by email error: %w", err)
+	}
+
+	res := &AuthenticateResponse[TUser]{ //nolint:nolintlint,forcetypeassert
+		User: any(user).(TUser),
+		Role: user.GetRole(),
+	}
+
+	return res, nil
+}
diff --git a/internal/services/auth/authorization.go b/internal/services/auth/authorization.go
new file mode 100644
index 0000000..fce3d3f
--- /dev/null
+++ b/internal/services/auth/authorization.go
@@ -0,0 +1,80 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type AuthResponse[TUser IUser] struct { //nolint:revive
+	AuthorizationResponse
+
+	User TUser
+	Role string
+}
+
+func (s *Service[TUser]) Authorization(ctx context.Context, email, password string, additionalData SessionData) (
+	*AuthResponse[TUser], error,
+) {
+	if email == "" {
+		return nil, ErrEmptyEmail
+	}
+
+	if password == "" {
+		return nil, ErrEmptyPassword
+	}
+
+	// get user
+	user, err := s.userStore.GetByEmail(ctx, email)
+	if err != nil {
+		if errors.Is(err, storecmn.ErrNotFound) {
+			return nil, storecmn.ErrUserNotFound
+		}
+		return nil, fmt.Errorf("get user by email error: %w", err)
+	}
+
+	if !IsCorrectPassword(user.GetPassword(), password) {
+		return nil, ErrIncorrectEmailOrPassword
+	}
+
+	return s.authorization(ctx, user, additionalData)
+}
+
+func (s *Service[TUser]) AuthorizationByEmail(ctx context.Context, email string, additionalData SessionData) (
+	*AuthResponse[TUser], error,
+) {
+	if email == "" {
+		return nil, ErrEmptyEmail
+	}
+
+	// get user
+	user, err := s.userStore.GetByEmail(ctx, email)
+	if err != nil {
+		if errors.Is(err, storecmn.ErrNotFound) {
+			return nil, storecmn.ErrUserNotFound
+		}
+		return nil, fmt.Errorf("get user by email error: %w", err)
+	}
+
+	return s.authorization(ctx, user, additionalData)
+}
+
+func (s *Service[TUser]) authorization(ctx context.Context, user TUser, additionalData SessionData) (
+	*AuthResponse[TUser], error,
+) {
+	res := &AuthResponse[TUser]{ //nolint:forcetypeassert
+		User: any(user).(TUser), //nolint:nolintlint,forcetypeassert
+		Role: user.GetRole(),
+	}
+
+	data, err := s.manager.Authorization(ctx, user.GetID(), additionalData)
+	if err != nil {
+		return nil, fmt.Errorf("failed to authorize: %w", err)
+	}
+
+	res.AuthorizationResponse = *data
+
+	return res, nil
+}
diff --git a/internal/services/auth/errors.go b/internal/services/auth/errors.go
new file mode 100644
index 0000000..31e3009
--- /dev/null
+++ b/internal/services/auth/errors.go
@@ -0,0 +1,15 @@
+package auth
+
+import "errors"
+
+var (
+	ErrEmptyAccessToken         = errors.New("empty access token")
+	ErrEmptyRefreshToken        = errors.New("empty refresh token")
+	ErrEmptyUserID              = errors.New("empty user id")
+	ErrEmptyOrganizationID      = errors.New("empty organization id")
+	ErrEmptyEmail               = errors.New("empty email")
+	ErrEmptyPassword            = errors.New("empty password")
+	ErrIncorrectEmailOrPassword = errors.New("incorrect email or password")
+	ErrEmptyHash                = errors.New("empty hash")
+	ErrEmptyCode                = errors.New("empty code")
+)
diff --git a/internal/services/auth/manager.go b/internal/services/auth/manager.go
new file mode 100644
index 0000000..b5d8c28
--- /dev/null
+++ b/internal/services/auth/manager.go
@@ -0,0 +1,415 @@
+package auth
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/sxwebdev/tokenmanager"
+)
+
+type DeviceType string
+
+const (
+	DeviceTypeUnknown DeviceType = "unknown"
+	DeviceTypeWeb     DeviceType = "web"
+)
+
+type DeviceInfo struct {
+	DeviceID    string     `json:"device_id"`
+	DeviceType  DeviceType `json:"device_type"`
+	DeviceName  string     `json:"device_name"`
+	Fingerprint string     `json:"fingerprint"`
+	OSVersion   string     `json:"os_version"`
+	AppVersion  string     `json:"app_version"`
+}
+
+// SessionData holds additional session data.
+type SessionData struct {
+	DeviceInfo DeviceInfo `json:"device_info"`
+	IP         string     `json:"ip"`
+	Country    string     `json:"country"`
+	CreatedAt  time.Time  `json:"created_at"`
+}
+
+// SessionPair holds both access and refresh tokens for a session.
+type SessionPair struct {
+	AccessToken    string      `json:"access_token"`
+	RefreshToken   string      `json:"refresh_token"`
+	AdditionalData SessionData `json:"additional_data"`
+}
+
+// AuthorizationResponse is returned after a successful login.
+type AuthorizationResponse struct {
+	SessionPair      SessionPair                    `json:"session_pair"`
+	AccessTokenData  tokenmanager.Data[SessionData] `json:"access_token_data"`
+	RefreshTokenData tokenmanager.Data[SessionData] `json:"refresh_token_data"`
+}
+
+// RefreshTokenResponse is returned after a successful token refresh.
+type RefreshTokenResponse struct {
+	SessionPair      SessionPair                    `json:"session_pair"`
+	AccessTokenData  tokenmanager.Data[SessionData] `json:"access_token_data"`
+	RefreshTokenData tokenmanager.Data[SessionData] `json:"refresh_token_data"`
+}
+
+// Manager provides authentication services using two token managers and a session store.
+type Manager struct {
+	accessManager   *tokenmanager.Manager[SessionData]
+	refreshManager  *tokenmanager.Manager[SessionData]
+	refreshDuration time.Duration
+	sessionStore    tokenmanager.ITokenStore
+}
+
+// NewManager creates a new Auth service.
+func NewManager(
+	accessSecret, refreshSecret string,
+	accessDur, refreshDur time.Duration,
+	sessionStore tokenmanager.ITokenStore,
+) *Manager {
+	return &Manager{
+		accessManager:   tokenmanager.New[SessionData](sessionStore, accessSecret, accessDur),
+		refreshManager:  tokenmanager.New[SessionData](sessionStore, refreshSecret, refreshDur),
+		refreshDuration: refreshDur,
+		sessionStore:    sessionStore,
+	}
+}
+
+const sessionPrefix = "session:"
+
+// getSessionKey returns the composite session key as "session:<userID>:<deviceID>".
+func getSessionKey(userID, deviceID string) []byte {
+	return fmt.Appendf(nil, "%s%s:%s", sessionPrefix, userID, deviceID)
+}
+
+// removeSessionKeyPrefix removes the session prefix from a key.
+func removeSessionKeyPrefix(key string) string {
+	if after, ok := strings.CutPrefix(key, sessionPrefix); ok {
+		return after
+	}
+
+	return key
+}
+
+// GetNewDeviceID generates a unique device ID for the given user.
+func (s *Manager) GetNewDeviceID(ctx context.Context, userID string) (string, error) {
+	for {
+		idBytes := make([]byte, 16)
+		if _, err := rand.Read(idBytes); err != nil {
+			return "", err
+		}
+
+		deviceID := hex.EncodeToString(idBytes)
+		key := getSessionKey(userID, deviceID)
+
+		exists, err := s.sessionStore.Exists(ctx, key)
+		if err != nil {
+			return "", err
+		}
+
+		if !exists {
+			return deviceID, nil
+		}
+	}
+}
+
+func (s *Manager) Authorization(ctx context.Context, userID string, sessionData SessionData) (*AuthorizationResponse, error) {
+	if sessionData.CreatedAt.IsZero() {
+		sessionData.CreatedAt = time.Now()
+	}
+
+	var err error
+	if sessionData.DeviceInfo.DeviceID == "" {
+		sessionData.DeviceInfo.DeviceID, err = s.GetNewDeviceID(ctx, userID)
+		if err != nil {
+			return nil, fmt.Errorf("failed to generate device ID: %w", err)
+		}
+	}
+
+	if err := s.revokeSessionTokens(ctx, userID, sessionData.DeviceInfo.DeviceID); err != nil {
+		return nil, fmt.Errorf("failed to revoke existing session: %w", err)
+	}
+
+	accessToken, accessTokenData, err := s.accessManager.CreateToken(ctx, userID, sessionData, tokenmanager.AccessTokenType)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create access token: %w", err)
+	}
+
+	refreshToken, refreshTokenData, err := s.refreshManager.CreateToken(ctx, userID, sessionData, tokenmanager.RefreshTokenType)
+	if err != nil {
+		err := s.accessManager.RevokeToken(ctx, accessToken)
+		if err != nil {
+			return nil, fmt.Errorf("failed to revoke access token: %w", err)
+		}
+
+		return nil, fmt.Errorf("failed to create refresh token: %w", err)
+	}
+
+	pair := SessionPair{
+		AccessToken:    accessToken,
+		RefreshToken:   refreshToken,
+		AdditionalData: sessionData,
+	}
+
+	if err := s.setSessionPair(ctx, userID, sessionData.DeviceInfo.DeviceID, pair); err != nil {
+		return nil, fmt.Errorf("failed to store session: %w", err)
+	}
+
+	return &AuthorizationResponse{
+		SessionPair:      pair,
+		AccessTokenData:  accessTokenData,
+		RefreshTokenData: refreshTokenData,
+	}, nil
+}
+
+// RefreshToken validates a refresh token, revokes the session, and issues new tokens.
+// If the session is not found, a new device ID is generated.
+func (s *Manager) RefreshToken(ctx context.Context, refreshToken string) (*RefreshTokenResponse, error) {
+	if refreshToken == "" {
+		return nil, ErrEmptyRefreshToken
+	}
+
+	td, valid := s.refreshManager.ValidateToken(ctx, refreshToken, tokenmanager.RefreshTokenType)
+	if !valid {
+		return nil, errors.New("invalid or expired refresh token")
+	}
+
+	userID := td.UserID
+	deviceID := td.AdditionalData.DeviceInfo.DeviceID
+
+	existsSession, err := s.sessionStore.Exists(ctx, getSessionKey(userID, deviceID))
+	if err != nil {
+		return nil, fmt.Errorf("failed to check session existence: %w", err)
+	}
+
+	if !existsSession {
+		return nil, errors.New("session not found")
+	}
+
+	if err := s.revokeSessionTokens(ctx, userID, deviceID); err != nil {
+		return nil, fmt.Errorf("failed to revoke session tokens: %w", err)
+	}
+
+	accessToken, accessTokenData, err := s.accessManager.CreateToken(ctx, userID, td.AdditionalData, tokenmanager.AccessTokenType)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create new access token: %w", err)
+	}
+
+	newRefreshToken, refreshTokenData, err := s.refreshManager.CreateToken(ctx, userID, td.AdditionalData, tokenmanager.RefreshTokenType)
+	if err != nil {
+		err := s.accessManager.RevokeToken(ctx, accessToken)
+		if err != nil {
+			return nil, fmt.Errorf("failed to revoke new access token: %w", err)
+		}
+
+		return nil, fmt.Errorf("failed to create new refresh token: %w", err)
+	}
+
+	pair := SessionPair{
+		AccessToken:    accessToken,
+		RefreshToken:   newRefreshToken,
+		AdditionalData: td.AdditionalData,
+	}
+
+	if err := s.setSessionPair(ctx, userID, deviceID, pair); err != nil {
+		return nil, fmt.Errorf("failed to update session: %w", err)
+	}
+
+	return &RefreshTokenResponse{
+		SessionPair:      pair,
+		AccessTokenData:  accessTokenData,
+		RefreshTokenData: refreshTokenData,
+	}, nil
+}
+
+// Authenticate validates an access token and returns its TokenData.
+func (s *Manager) Authenticate(ctx context.Context, accessToken string) (*tokenmanager.Data[SessionData], error) {
+	if accessToken == "" {
+		return nil, ErrEmptyAccessToken
+	}
+
+	td, valid := s.accessManager.ValidateToken(ctx, accessToken, tokenmanager.AccessTokenType)
+	if !valid {
+		return nil, errors.New("invalid or expired access token")
+	}
+
+	return td, nil
+}
+
+// Logout revokes the session associated with the provided access token.
+func (s *Manager) Logout(ctx context.Context, accessToken string) error {
+	if accessToken == "" {
+		return ErrEmptyAccessToken
+	}
+
+	td, valid := s.accessManager.ValidateToken(ctx, accessToken, tokenmanager.AccessTokenType)
+	if !valid {
+		return errors.New("invalid or expired access token")
+	}
+
+	userID := td.UserID
+	deviceID := td.AdditionalData.DeviceInfo.DeviceID
+
+	return s.revokeSessionTokens(ctx, userID, deviceID)
+}
+
+// DeleteSession revokes the session for the given deviceID if it belongs to the user.
+func (s *Manager) DeleteSession(ctx context.Context, userID, deviceID string) error {
+	return s.revokeSessionTokens(ctx, userID, deviceID)
+}
+
+// GetAllSessions returns all active sessions for the given user.
+// It uses the store's Keys method to list all keys starting with "session:<userID>:".
+func (s *Manager) GetAllSessions(ctx context.Context, userID string) (map[string]SessionPair, error) {
+	prefix := []byte(sessionPrefix + userID + ":")
+
+	keys, err := s.sessionStore.Keys(ctx, prefix)
+	if err != nil {
+		return nil, err
+	}
+
+	sessions := make(map[string]SessionPair)
+	for _, key := range keys {
+		var pair SessionPair
+
+		err := s.sessionStore.GetFromJSON(ctx, []byte(key), &pair)
+		if err != nil {
+			continue
+		}
+
+		extractedKey := removeSessionKeyPrefix(key)
+
+		parts := strings.Split(extractedKey, ":")
+		if len(parts) == 2 {
+			sessions[parts[1]] = pair
+		}
+	}
+
+	return sessions, nil
+}
+
+// TerminateAllSessions revokes all sessions for the given user except the current one.
+func (s *Manager) TerminateAllSessions(ctx context.Context, userID, deviceID string) error {
+	sessionKeys, err := s.sessionStore.Keys(ctx, []byte(sessionPrefix+userID+":"))
+	if err != nil {
+		return err
+	}
+
+	sessionKey := string(getSessionKey(userID, deviceID))
+
+	for _, key := range sessionKeys {
+		if key == sessionKey {
+			continue
+		}
+
+		err := s.revokeSessionTokensByKey(ctx, []byte(key))
+		if err != nil {
+			return fmt.Errorf("failed to delete session: %w", err)
+		}
+	}
+
+	return nil
+}
+
+// UpdateAdditionalData updates the additional data in the session for the given access token.
+func (s *Manager) UpdateAdditionalData(ctx context.Context, accessToken string, newAdditionalData SessionData) error {
+	if accessToken == "" {
+		return ErrEmptyAccessToken
+	}
+
+	tokenData, ok := s.accessManager.ValidateToken(ctx, accessToken, tokenmanager.AccessTokenType)
+	if !ok {
+		return errors.New("failed to validate access token")
+	}
+
+	if newAdditionalData.DeviceInfo.DeviceID != tokenData.AdditionalData.DeviceInfo.DeviceID {
+		return fmt.Errorf("device ID mismatch: %s != %s", newAdditionalData.DeviceInfo.DeviceID, tokenData.AdditionalData.DeviceInfo.DeviceID)
+	}
+
+	// Get the existing session pair from the session store.
+	sessionPair, err := s.getSessionPair(ctx, tokenData.UserID, tokenData.AdditionalData.DeviceInfo.DeviceID)
+	if err != nil {
+		return fmt.Errorf("failed to get session pair: %w", err)
+	}
+
+	tokenData.AdditionalData = newAdditionalData
+	sessionPair.AdditionalData = newAdditionalData
+
+	// Update the session store with the new additional data.
+	if err := s.setSessionPair(ctx, tokenData.UserID, tokenData.AdditionalData.DeviceInfo.DeviceID, sessionPair); err != nil {
+		return fmt.Errorf("failed to update additional data: %w", err)
+	}
+
+	// Update the additional data in both access and refresh token managers.
+	if err := s.accessManager.UpdateAdditionalData(ctx, sessionPair.AccessToken, newAdditionalData); err != nil {
+		return fmt.Errorf("failed to update access token additional data: %w", err)
+	}
+
+	// Update the additional data in the refresh token manager.
+	if err := s.refreshManager.UpdateAdditionalData(ctx, sessionPair.RefreshToken, newAdditionalData); err != nil {
+		return fmt.Errorf("failed to update refresh token additional data: %w", err)
+	}
+
+	return nil
+}
+
+// setSessionPair stores the session pair in the session store.
+func (s *Manager) setSessionPair(ctx context.Context, userID, deviceID string, pair SessionPair) error {
+	key := getSessionKey(userID, deviceID)
+	return s.sessionStore.SetJSON(ctx, key, pair, s.refreshDuration)
+}
+
+// getSessionPair retrieves the session pair for the given user and device ID.
+func (s *Manager) getSessionPair(ctx context.Context, userID, deviceID string) (SessionPair, error) {
+	key := getSessionKey(userID, deviceID)
+
+	var sessionPair SessionPair
+
+	err := s.sessionStore.GetFromJSON(ctx, key, &sessionPair)
+	if err != nil {
+		return SessionPair{}, fmt.Errorf("failed to get session pair: %w", err)
+	}
+
+	return sessionPair, nil
+}
+
+// revokeSessionTokens revokes (deletes) the session for the given user and device.
+func (s *Manager) revokeSessionTokens(ctx context.Context, userID, deviceID string) error {
+	return s.revokeSessionTokensByKey(ctx, getSessionKey(userID, deviceID))
+}
+
+func (s *Manager) revokeSessionTokensByKey(ctx context.Context, key []byte) error {
+	ok, err := s.sessionStore.Exists(ctx, key)
+	if err != nil {
+		return fmt.Errorf("failed to check session existence: %w", err)
+	}
+
+	if !ok {
+		return nil
+	}
+
+	var session SessionPair
+	if err := s.sessionStore.GetFromJSON(ctx, key, &session); err != nil {
+		return fmt.Errorf("failed to get session: %w", err)
+	}
+
+	if session.AccessToken != "" {
+		err := s.accessManager.RevokeToken(ctx, session.AccessToken)
+		if err != nil {
+			return fmt.Errorf("failed to revoke access token: %w", err)
+		}
+	}
+
+	if session.RefreshToken != "" {
+		err := s.refreshManager.RevokeToken(ctx, session.RefreshToken)
+		if err != nil {
+			return fmt.Errorf("failed to revoke refresh token: %w", err)
+		}
+	}
+
+	return s.sessionStore.Delete(ctx, key)
+}
diff --git a/internal/services/auth/refresh_token.go b/internal/services/auth/refresh_token.go
new file mode 100644
index 0000000..15dc60c
--- /dev/null
+++ b/internal/services/auth/refresh_token.go
@@ -0,0 +1,13 @@
+package auth
+
+import (
+	"context"
+)
+
+func (s *Service[TUser]) RefreshToken(ctx context.Context, refreshToken string) (*RefreshTokenResponse, error) {
+	if refreshToken == "" {
+		return nil, ErrEmptyRefreshToken
+	}
+
+	return s.manager.RefreshToken(ctx, refreshToken)
+}
diff --git a/internal/services/auth/service.go b/internal/services/auth/service.go
new file mode 100644
index 0000000..c6fee8b
--- /dev/null
+++ b/internal/services/auth/service.go
@@ -0,0 +1,37 @@
+package auth
+
+import (
+	"time"
+
+	"github.com/sxwebdev/tokenmanager"
+)
+
+type Service[U IUser] struct {
+	logger logger
+
+	cache tokenmanager.ITokenStore
+
+	userStore IUserStore[U]
+
+	manager *Manager
+}
+
+func New[U IUser](
+	l logger,
+	cache tokenmanager.ITokenStore,
+	userStore IUserStore[U],
+	accessTokenSecretKey string,
+	accessTokenDuration time.Duration,
+	refreshTokenSecretKey string,
+	refreshTokenDuration time.Duration,
+) *Service[U] {
+	return &Service[U]{
+		logger:    l,
+		cache:     cache,
+		userStore: userStore,
+		manager:   NewManager(accessTokenSecretKey, refreshTokenSecretKey, accessTokenDuration, refreshTokenDuration, cache),
+	}
+}
+
+// Manager.
+func (s *Service[U]) Manager() *Manager { return s.manager }
diff --git a/internal/services/auth/store.go b/internal/services/auth/store.go
new file mode 100644
index 0000000..8ca7160
--- /dev/null
+++ b/internal/services/auth/store.go
@@ -0,0 +1,10 @@
+package auth
+
+import (
+	"context"
+)
+
+type IUserStore[T IUser] interface {
+	GetByEmail(ctx context.Context, email string) (T, error)
+	GetByID(ctx context.Context, id string) (T, error)
+}
diff --git a/internal/services/auth/types.go b/internal/services/auth/types.go
new file mode 100644
index 0000000..f28f487
--- /dev/null
+++ b/internal/services/auth/types.go
@@ -0,0 +1,28 @@
+//nolint:inamedparam
+package auth
+
+type logger interface {
+	Debug(...any)
+	Debugf(template string, args ...any)
+
+	Info(...any)
+	Infof(template string, args ...any)
+
+	Warn(...any)
+	Warnf(template string, args ...any)
+
+	Error(...any)
+	Errorf(template string, args ...any)
+}
+
+// UserClaims is a custom JWT claims that contains some user's information.
+type UserClaims struct {
+	ID string `json:"id"`
+}
+
+type IUser interface {
+	GetID() string
+	GetPassword() string
+	GetEmail() string
+	GetRole() string
+}
diff --git a/internal/services/auth/utils.go b/internal/services/auth/utils.go
new file mode 100644
index 0000000..5577557
--- /dev/null
+++ b/internal/services/auth/utils.go
@@ -0,0 +1,12 @@
+//nolint:revive,predeclared
+package auth
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// IsCorrectPassword checks if the provided password matches the hashed password.
+func IsCorrectPassword(hashedPassword, password string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
+	return err == nil
+}
diff --git a/internal/services/baseservices/base.go b/internal/services/baseservices/base.go
new file mode 100644
index 0000000..1a8f181
--- /dev/null
+++ b/internal/services/baseservices/base.go
@@ -0,0 +1,128 @@
+package baseservices
+
+import (
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/receiver"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/services/auth"
+	"github.com/sxwebdev/sentinel/internal/services/incidents"
+	"github.com/sxwebdev/sentinel/internal/services/notifications"
+	"github.com/sxwebdev/sentinel/internal/services/projects"
+	"github.com/sxwebdev/sentinel/internal/services/service"
+	"github.com/sxwebdev/sentinel/internal/services/servicestate"
+	"github.com/sxwebdev/sentinel/internal/services/system"
+	"github.com/sxwebdev/sentinel/internal/services/users"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/tkcrm/mx/logger"
+)
+
+type BaseServices struct {
+	dispatcher *dispatcher.Dispatcher
+
+	usersService         *users.Service
+	systemService        *system.Service
+	authService          *auth.Service[*models.User]
+	projectsService      *projects.Service
+	agentsService        *agents.Service
+	servicesService      *service.Service
+	serviceStateService  *servicestate.Service
+	incidentsService     *incidents.Service
+	notificationsService *notifications.Service
+}
+
+func New(
+	l logger.Logger,
+	st *store.Store,
+	authConfig config.AuthConfig,
+	receiver *receiver.Receiver,
+	dispatcher *dispatcher.Dispatcher,
+	systemInfo *models.SystemInfo,
+) *BaseServices {
+	usersService := users.New(st)
+
+	systemService := system.New(st, usersService)
+
+	authService := auth.New(
+		l,
+		st.Cache(),
+		usersService,
+		authConfig.AccessTokenSecretKey,
+		time.Minute*20, // 20 minutes
+		authConfig.RefreshTokenSecretKey,
+		time.Hour*24*30, // 30 days
+	)
+
+	agentsService := agents.New(st, dispatcher, systemInfo)
+	projectsService := projects.New(st, agentsService)
+	servicesService := service.New(st, receiver)
+	serviceStateService := servicestate.New(st)
+	incidentsService := incidents.New(st)
+	notificationsService := notifications.New(l, st, dispatcher)
+
+	return &BaseServices{
+		dispatcher:           dispatcher,
+		usersService:         usersService,
+		systemService:        systemService,
+		authService:          authService,
+		projectsService:      projectsService,
+		agentsService:        agentsService,
+		servicesService:      servicesService,
+		serviceStateService:  serviceStateService,
+		incidentsService:     incidentsService,
+		notificationsService: notificationsService,
+	}
+}
+
+// Dispatcher returns dispatcher
+func (b *BaseServices) Dispatcher() *dispatcher.Dispatcher {
+	return b.dispatcher
+}
+
+// Users returns users service
+func (b *BaseServices) Users() *users.Service {
+	return b.usersService
+}
+
+// System returns system service
+func (b *BaseServices) System() *system.Service {
+	return b.systemService
+}
+
+// Auth returns auth service
+func (b *BaseServices) Auth() *auth.Service[*models.User] {
+	return b.authService
+}
+
+// Projects returns projects service
+func (b *BaseServices) Projects() *projects.Service {
+	return b.projectsService
+}
+
+// Agents returns agents service
+func (b *BaseServices) Agents() *agents.Service {
+	return b.agentsService
+}
+
+// Services returns services service
+func (b *BaseServices) Services() *service.Service {
+	return b.servicesService
+}
+
+// ServiceStates returns service states service
+func (b *BaseServices) ServiceStates() *servicestate.Service {
+	return b.serviceStateService
+}
+
+// Incidents returns incidents service
+func (b *BaseServices) Incidents() *incidents.Service {
+	return b.incidentsService
+}
+
+// Notifications returns notifications service
+func (b *BaseServices) Notifications() *notifications.Service {
+	return b.notificationsService
+}
diff --git a/internal/services/incidents/methods.go b/internal/services/incidents/methods.go
new file mode 100644
index 0000000..0d14858
--- /dev/null
+++ b/internal/services/incidents/methods.go
@@ -0,0 +1,112 @@
+package incidents
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/repos"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_incidents"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+)
+
+// GetByID retrieves an incident by its ID.
+func (s *Service) GetByID(ctx context.Context, id string) (*models.Incident, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	item, err := s.store.Incidents().GetByID(ctx, id)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return item, nil
+}
+
+// Delete removes an incident by its ID.
+func (s *Service) Delete(ctx context.Context, id string) error {
+	if id == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	return s.store.Incidents().Delete(ctx, id)
+}
+
+// GetAllUnresolvedByServiceID retrieves all unresolved incidents associated with a specific service ID.
+// func (s *Service) GetAllUnresolvedByServiceID(ctx context.Context, serviceID string) ([]*models.Incident, error) {
+// 	if serviceID == "" {
+// 		return nil, storecmn.ErrEmptyID
+// 	}
+
+// 	return s.store.Incidents().GetAllUnresolvedByMonitorID(ctx, serviceID)
+// }
+
+// ResolveByID resolves a specific incident by its ID.
+func (s *Service) ResolveByID(ctx context.Context, id string, opts ...repos.Option) (*models.Incident, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	if err := s.store.Incidents(opts...).ResolveByID(ctx, id); err != nil {
+		return nil, err
+	}
+
+	item, err := s.store.Incidents().GetByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+
+	return item, nil
+}
+
+type CreateParams struct {
+	MonitorID string `validate:"required"`
+	Error     string `validate:"required"`
+}
+
+// Create creates a new incident.
+func (s *Service) Create(ctx context.Context, params CreateParams) (*models.Incident, error) {
+	if err := validator.New().Struct(params); err != nil {
+		return nil, err
+	}
+
+	return s.store.Incidents().Create(ctx, repo_incidents.CreateParams{
+		ID:        utils.GenerateULID(),
+		MonitorID: &params.MonitorID,
+		Summary:   params.Error,
+	})
+}
+
+type FindParams = repo_incidents.FindParams
+
+// Find retrieves a list of incidents based on the provided filtering parameters.
+func (s *Service) Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Incident], error) {
+	return s.store.Incidents().Find(ctx, params)
+}
+
+// Stats retrieves aggregated statistics about incidents.
+func (s *Service) Stats(ctx context.Context) (*repo_incidents.StatsRow, error) {
+	return s.store.Incidents().Stats(ctx)
+}
+
+// StatsByServiceID retrieves statistics about incidents for a specific service within a given time frame.
+func (s *Service) StatsByServiceID(ctx context.Context, monitorID string, startTime time.Time) (*repo_incidents.StatsByMonitorIDRow, error) {
+	if monitorID == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	if startTime.IsZero() {
+		return nil, fmt.Errorf("start time is required")
+	}
+
+	return s.store.Incidents().StatsByMonitorID(ctx, &monitorID, startTime)
+}
diff --git a/internal/services/incidents/service.go b/internal/services/incidents/service.go
new file mode 100644
index 0000000..0960d34
--- /dev/null
+++ b/internal/services/incidents/service.go
@@ -0,0 +1,15 @@
+package incidents
+
+import (
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store *store.Store
+}
+
+func New(store *store.Store) *Service {
+	return &Service{
+		store: store,
+	}
+}
diff --git a/internal/services/incidents/stats.go b/internal/services/incidents/stats.go
new file mode 100644
index 0000000..fa57809
--- /dev/null
+++ b/internal/services/incidents/stats.go
@@ -0,0 +1,13 @@
+package incidents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_incidents"
+)
+
+// StatsByDateRange retrieves the stats of incidents within a specific date range
+func (s *Service) StatsByDateRange(ctx context.Context, startTime, endTime time.Time) (repo_incidents.StatsByDateRangeData, error) {
+	return s.store.Incidents().StatsByDateRange(ctx, startTime, endTime)
+}
diff --git a/internal/services/notifications/helpers.go b/internal/services/notifications/helpers.go
new file mode 100644
index 0000000..419eba8
--- /dev/null
+++ b/internal/services/notifications/helpers.go
@@ -0,0 +1,22 @@
+package notifications
+
+import (
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+// validateProviderConfig validates the configuration of a notification provider based on its type.
+func validateProviderConfig(providerType models.NotificationProviderType, config storecmn.JSONField) error {
+	switch providerType {
+	case models.NotificationProviderTypeShoutrrr:
+		var c models.NotificationProviderShoutrrrConfig
+		if err := config.ConvertToAny(&c); err != nil {
+			return err
+		}
+		return c.Validate()
+	default:
+		return fmt.Errorf("unsupported notification provider type: %s", providerType)
+	}
+}
diff --git a/internal/services/notifications/history.go b/internal/services/notifications/history.go
new file mode 100644
index 0000000..41754b8
--- /dev/null
+++ b/internal/services/notifications/history.go
@@ -0,0 +1,136 @@
+package notifications
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_notification_history"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"github.com/tkcrm/mx/logger"
+)
+
+type History struct {
+	logger logger.Logger
+	store  *store.Store
+	sender *Sender
+
+	dispatcher *dispatcher.Dispatcher
+}
+
+func newHistory(l logger.Logger, store *store.Store, sender *Sender, dispatcher *dispatcher.Dispatcher) *History {
+	return &History{
+		logger:     l,
+		store:      store,
+		sender:     sender,
+		dispatcher: dispatcher,
+	}
+}
+
+// SendAlert sends an alert notification to all enabled providers
+func (s *History) SendAlert(ctx context.Context, projectID, alertID, message string) error {
+	// Get all enabled providers
+	providers, err := s.store.NotificationProviders().GetAllEnabled(ctx, projectID)
+	if err != nil {
+		return fmt.Errorf("failed to get enabled providers: %w", err)
+	}
+
+	// Send alert to each provider
+	for _, provider := range providers {
+		params := CreateHistoryParams{
+			ProviderID: provider.ID,
+			Message:    message,
+		}
+
+		if alertID != "" {
+			params.AlertID = &alertID
+		}
+
+		if _, err := s.Create(ctx, params); err != nil {
+			return fmt.Errorf("failed to send alert to provider %s: %v", provider.ID, err)
+		}
+	}
+
+	return nil
+}
+
+type CreateHistoryParams struct {
+	ProviderID string
+	AlertID    *string
+	Message    string
+}
+
+// Validate validates the CreateHistoryParams fields
+func (s CreateHistoryParams) Validate() error {
+	if s.ProviderID == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	if s.Message == "" {
+		return fmt.Errorf("empty message")
+	}
+
+	return nil
+}
+
+// Create creates a new notification history record
+func (s *History) Create(ctx context.Context, params CreateHistoryParams) (*models.NotificationHistory, error) {
+	if err := params.Validate(); err != nil {
+		return nil, err
+	}
+
+	// Get provider to ensure it exists
+	provider, err := s.store.NotificationProviders().GetByID(ctx, params.ProviderID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get provider by ID: %w", err)
+	}
+
+	createParams := repo_notification_history.CreateParams{
+		ID:         utils.GenerateULID(),
+		ProviderID: params.ProviderID,
+		AlertID:    params.AlertID,
+		Message:    params.Message,
+	}
+
+	item, err := s.store.NotificationHistory().Create(ctx, createParams)
+	if err != nil {
+		return nil, err
+	}
+
+	s.sender.looper.Trigger(ctx)
+
+	s.dispatcher.NotificationHistory().Publish(dispatcher.NewBaseMessage(dispatcher.EventTypeCreate, provider.ProjectID))
+
+	return item, nil
+}
+
+// DeleteAllByProjectID deletes all notification history records by project ID
+func (s *History) DeleteAllByProjectID(ctx context.Context, projectID string) error {
+	if projectID == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	return s.store.NotificationHistory().DeleteAllByProjectID(ctx, projectID)
+}
+
+type FindHistoryParams struct {
+	Status   string  `query:"status"`
+	OrderBy  string  `query:"order_by"`
+	Page     *uint32 `query:"page"`
+	PageSize *uint32 `query:"page_size"`
+}
+
+// Find returns list of notification histories by given filters with pagination
+func (s *History) Find(ctx context.Context, params FindHistoryParams) (*storecmn.FindResponseWithCount[*models.NotificationHistoryView], error) {
+	p := repo_notification_history.FindParams{
+		Status:   params.Status,
+		OrderBy:  params.OrderBy,
+		Page:     params.Page,
+		PageSize: params.PageSize,
+	}
+
+	return s.store.NotificationHistory().Find(ctx, p)
+}
diff --git a/internal/services/notifications/providers.go b/internal/services/notifications/providers.go
new file mode 100644
index 0000000..88215d4
--- /dev/null
+++ b/internal/services/notifications/providers.go
@@ -0,0 +1,175 @@
+package notifications
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_notification_providers"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+)
+
+type Providers struct {
+	store *store.Store
+
+	history *History
+}
+
+func newProviders(store *store.Store, history *History) *Providers {
+	return &Providers{
+		store:   store,
+		history: history,
+	}
+}
+
+// GetByID retrieves a notification provider by its ID
+func (s *Providers) GetByID(ctx context.Context, id string) (*models.NotificationProvider, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	item, err := s.store.NotificationProviders().GetByID(ctx, id)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return item, nil
+}
+
+// GetAll retrieves all service states
+func (s *Providers) GetAll(ctx context.Context, projectID string) ([]*models.NotificationProvider, error) {
+	return s.store.NotificationProviders().GetAll(ctx, projectID)
+}
+
+type CreateProviderParams struct {
+	ProviderType models.NotificationProviderType `json:"provider_type" example:"shoutrrr"`
+	Config       map[string]any                  `json:"config" example:"{\"urls\": [\"slack://hooks.slack.com/services/...\"]}"`
+	IsEnabled    bool                            `json:"is_enabled" example:"true"`
+	ProjectID    string                          `json:"project_id" example:"project-123"`
+}
+
+// Validate
+func (s CreateProviderParams) Validate() error {
+	if err := s.ProviderType.Validate(); err != nil {
+		return err
+	}
+
+	// Convert config to JSONField
+	config := storecmn.JSONField("{}")
+	if err := config.UnmarshalFromAny(s.Config); err != nil {
+		return fmt.Errorf("failed to convert config to json raw message: %w", err)
+	}
+
+	if err := validateProviderConfig(s.ProviderType, config); err != nil {
+		return err
+	}
+
+	if s.ProjectID == "" {
+		return storecmn.ErrEmptyProjectID
+	}
+
+	return nil
+}
+
+// Create creates a new notification provider
+func (s *Providers) Create(ctx context.Context, params CreateProviderParams) (*models.NotificationProvider, error) {
+	if err := params.Validate(); err != nil {
+		return nil, err
+	}
+
+	// Convert config to JSONField
+	config := storecmn.JSONField("{}")
+	if err := config.UnmarshalFromAny(params.Config); err != nil {
+		return nil, fmt.Errorf("failed to convert config to json raw message: %w", err)
+	}
+
+	createParams := repo_notification_providers.CreateParams{
+		ID:           utils.GenerateULID(),
+		ProviderType: params.ProviderType,
+		Config:       config,
+		IsEnabled:    params.IsEnabled,
+		ProjectID:    params.ProjectID,
+	}
+
+	return s.store.NotificationProviders().Create(ctx, createParams)
+}
+
+type UpdateProviderParams struct {
+	ProviderType models.NotificationProviderType `db:"provider_type" json:"provider_type"`
+	Config       storecmn.JSONField              `db:"config" json:"config"`
+	IsEnabled    bool                            `db:"is_enabled" json:"is_enabled"`
+}
+
+// Validate
+func (s UpdateProviderParams) Validate() error {
+	if err := s.ProviderType.Validate(); err != nil {
+		return err
+	}
+
+	if err := validateProviderConfig(s.ProviderType, s.Config); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Update updates a notification provider by ID
+func (s *Providers) Update(ctx context.Context, id string, params UpdateProviderParams) (*models.NotificationProvider, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	if err := params.Validate(); err != nil {
+		return nil, err
+	}
+
+	updateParams := repo_notification_providers.UpdateParams{
+		ID:           id,
+		ProviderType: params.ProviderType,
+		Config:       params.Config,
+		IsEnabled:    params.IsEnabled,
+	}
+
+	if err := s.store.NotificationProviders().Update(ctx, updateParams); err != nil {
+		return nil, err
+	}
+
+	return s.GetByID(ctx, id)
+}
+
+// Delete deletes a notification provider by ID
+func (s *Providers) Delete(ctx context.Context, id string) error {
+	if id == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	return s.store.NotificationProviders().Delete(ctx, id)
+}
+
+// Test tests a notification provider by ID
+func (s *Providers) Test(ctx context.Context, id string) error {
+	if id == "" {
+		return storecmn.ErrEmptyID
+	}
+
+	// Get provider
+	provider, err := s.store.NotificationProviders().GetByID(ctx, id)
+	if err != nil {
+		return err
+	}
+
+	// Create test notification history record
+	_, err = s.history.Create(ctx, CreateHistoryParams{
+		ProviderID: provider.ID,
+		Message:    "Test notification sent",
+	})
+
+	return err
+}
diff --git a/internal/services/notifications/sender.go b/internal/services/notifications/sender.go
new file mode 100644
index 0000000..8fa519c
--- /dev/null
+++ b/internal/services/notifications/sender.go
@@ -0,0 +1,154 @@
+package notifications
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/nicholas-fedor/shoutrrr"
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_notification_history"
+	"github.com/sxwebdev/sentinel/internal/utils"
+	"github.com/sxwebdev/sentinel/pkg/loop"
+	"github.com/tkcrm/mx/logger"
+)
+
+type Sender struct {
+	logger logger.Logger
+	store  *store.Store
+	looper *loop.Loop
+
+	dispatcher *dispatcher.Dispatcher
+}
+
+func newSender(l logger.Logger, store *store.Store, dispatcher *dispatcher.Dispatcher) *Sender {
+	s := &Sender{
+		logger:     l,
+		store:      store,
+		dispatcher: dispatcher,
+	}
+
+	s.looper = loop.New(
+		s.initSender,
+		loop.WithLeading(),
+		loop.WithPeriod(time.Second*5),
+		loop.WithContextTimeout(time.Second*30),
+	)
+
+	return s
+}
+
+// Name
+func (s *Sender) Name() string {
+	return "notifications_sender"
+}
+
+// Start
+func (s *Sender) Start(ctx context.Context) error {
+	s.looper.Start(ctx)
+	return nil
+}
+
+// Stop
+func (s *Sender) Stop(_ context.Context) error {
+	s.looper.Stop()
+	s.looper.Wait()
+	return nil
+}
+
+// initSender
+func (s *Sender) initSender(ctx context.Context) {
+	if err := s.do(ctx); err != nil {
+		s.logger.Errorf("failed to process notification history: %v", err)
+	}
+}
+
+func (s *Sender) do(ctx context.Context) error {
+	items, err := s.store.NotificationHistory().GetAllUnsent(ctx)
+	if err != nil {
+		return err
+	}
+
+	if len(items) == 0 {
+		return nil
+	}
+
+	s.logger.Infof("found %d unsent notifications", len(items))
+
+	unsentAlerts := make(map[string]struct{})
+
+	for _, item := range items {
+		if item.AlertID != nil && *item.AlertID != "" {
+			if _, exists := unsentAlerts[*item.AlertID]; exists {
+				s.logger.Infof("skipping notification %s for alert %s as previous attempt failed", item.ID, *item.AlertID)
+				continue
+			}
+		}
+
+		var err error
+		switch item.ProviderType {
+		case models.NotificationProviderTypeShoutrrr:
+			err = s.processShoutrrr(ctx, item)
+		default:
+			s.logger.Warnf("unsupported notification provider type: %s", item.ProviderType)
+			continue
+		}
+
+		if err != nil {
+			incrementErr := s.store.NotificationHistory().IncrementAttempt(ctx, repo_notification_history.IncrementAttemptParams{
+				ID:           item.ID,
+				ErrorMessage: utils.Pointer(err.Error()),
+			})
+			if incrementErr != nil {
+				return incrementErr
+			}
+
+			if item.AlertID != nil && *item.AlertID != "" {
+				unsentAlerts[*item.AlertID] = struct{}{}
+			}
+
+			s.logger.Errorf("failed to send notification %s: %v", item.ID, err)
+		} else {
+			err := s.store.NotificationHistory().MarkAsSent(ctx, nil, item.ID)
+			if err != nil {
+				return err
+			}
+
+			s.logger.Infof("notification %s sent successfully", item.ID)
+		}
+
+		if item.ProjectID != nil && *item.ProjectID != "" {
+			s.dispatcher.NotificationHistory().Publish(dispatcher.NewBaseMessage(dispatcher.EventTypeUpdate, *item.ProjectID))
+		}
+
+		time.Sleep(500 * time.Millisecond)
+	}
+
+	return nil
+}
+
+// processShoutrrr
+func (s *Sender) processShoutrrr(ctx context.Context, item *repo_notification_history.GetAllUnsentRow) error {
+	var config models.NotificationProviderShoutrrrConfig
+	if err := item.Config.ConvertToAny(&config); err != nil {
+		return err
+	}
+
+	if config.URL == "" {
+		return fmt.Errorf("empty shoutrrr URL in config for provider ID %s", item.ProviderID)
+	}
+
+	errCh := make(chan error, 1)
+	go func() {
+		errCh <- shoutrrr.Send(config.URL, item.Message)
+	}()
+
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	case err := <-errCh:
+		return err
+	}
+}
diff --git a/internal/services/notifications/service.go b/internal/services/notifications/service.go
new file mode 100644
index 0000000..5251ed3
--- /dev/null
+++ b/internal/services/notifications/service.go
@@ -0,0 +1,39 @@
+package notifications
+
+import (
+	"github.com/sxwebdev/sentinel/internal/dispatcher"
+	"github.com/sxwebdev/sentinel/internal/store"
+	"github.com/tkcrm/mx/logger"
+)
+
+type Service struct {
+	providers *Providers
+	history   *History
+	sender    *Sender
+}
+
+func New(l logger.Logger, store *store.Store, dispatcher *dispatcher.Dispatcher) *Service {
+	senderSvc := newSender(l, store, dispatcher)
+	historySvc := newHistory(l, store, senderSvc, dispatcher)
+
+	return &Service{
+		providers: newProviders(store, historySvc),
+		history:   historySvc,
+		sender:    senderSvc,
+	}
+}
+
+// Providers returns notification providers service
+func (s *Service) Providers() *Providers {
+	return s.providers
+}
+
+// History returns notifications history service
+func (s *Service) History() *History {
+	return s.history
+}
+
+// Sender returns notifications sender service
+func (s *Service) Sender() *Sender {
+	return s.sender
+}
diff --git a/internal/services/projects/methods.go b/internal/services/projects/methods.go
new file mode 100644
index 0000000..50f5c0f
--- /dev/null
+++ b/internal/services/projects/methods.go
@@ -0,0 +1,101 @@
+package projects
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/store/repos"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_projects"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/sxwebdev/sentinel/internal/utils"
+)
+
+// GetAll retrieves all projects from the store.
+func (s *Service) GetAll(ctx context.Context) ([]*models.Project, error) {
+	return s.store.Projects().GetAll(ctx)
+}
+
+// GetByID retrieves a project by its ID.
+func (s *Service) GetByID(ctx context.Context, id string) (*models.Project, error) {
+	return s.store.Projects().GetByID(ctx, id)
+}
+
+type CreateParams = repo_projects.CreateParams
+
+// Create adds a new project to the store.
+func (s *Service) Create(ctx context.Context, params CreateParams) (*models.Project, error) {
+	params.ID = utils.GenerateULID()
+
+	if err := s.validator.Struct(params); err != nil {
+		return nil, err
+	}
+
+	if params.Settings.MonitorDefaults.Interval == 0 {
+		params.Settings.MonitorDefaults.Interval = 60000
+	}
+
+	if params.Settings.MonitorDefaults.Timeout == 0 {
+		params.Settings.MonitorDefaults.Timeout = 10000
+	}
+
+	if params.Settings.MonitorDefaults.Retries == 0 {
+		params.Settings.MonitorDefaults.Retries = 10
+	}
+
+	var project *models.Project
+	if err := storecmn.WrapTx(ctx, s.store.SQLite(), func(tx *sql.Tx) error {
+		// Create project
+		var err error
+		project, err = s.store.Projects(repos.WithTx(tx)).Create(ctx, params)
+		if err != nil {
+			return err
+		}
+
+		// Create hub agent
+		_, err = s.agentsService.Create(ctx, agents.CreateParams{
+			Name:        "Internal Hub Agent",
+			Kind:        models.AgentKindTypeHub,
+			Description: "Hub agent",
+			ProjectID:   project.ID,
+		}, repos.WithTx(tx))
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return project, nil
+}
+
+type UpdateParams = repo_projects.UpdateParams
+
+// Update modifies an existing project in the store.
+func (s *Service) Update(ctx context.Context, params UpdateParams) (*models.Project, error) {
+	if err := s.validator.Struct(params); err != nil {
+		return nil, err
+	}
+
+	if params.Settings.MonitorDefaults.Interval == 0 {
+		params.Settings.MonitorDefaults.Interval = 60000
+	}
+
+	if params.Settings.MonitorDefaults.Timeout == 0 {
+		params.Settings.MonitorDefaults.Timeout = 10000
+	}
+
+	if params.Settings.MonitorDefaults.Retries == 0 {
+		params.Settings.MonitorDefaults.Retries = 10
+	}
+
+	return s.store.Projects().Update(ctx, params)
+}
+
+// Delete removes a project from the store by its ID.
+func (s *Service) Delete(ctx context.Context, id string) error {
+	return s.store.Projects().Delete(ctx, id)
+}
diff --git a/internal/services/projects/services.go b/internal/services/projects/services.go
new file mode 100644
index 0000000..412821c
--- /dev/null
+++ b/internal/services/projects/services.go
@@ -0,0 +1,22 @@
+package projects
+
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/sxwebdev/sentinel/internal/services/agents"
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store     *store.Store
+	validator *validator.Validate
+
+	agentsService *agents.Service
+}
+
+func New(store *store.Store, agentsService *agents.Service) *Service {
+	return &Service{
+		store:         store,
+		validator:     validator.New(),
+		agentsService: agentsService,
+	}
+}
diff --git a/internal/services/service/check.go b/internal/services/service/check.go
new file mode 100644
index 0000000..9683f61
--- /dev/null
+++ b/internal/services/service/check.go
@@ -0,0 +1,23 @@
+package service
+
+// import (
+// 	"context"
+// 	"fmt"
+
+// 	"github.com/sxwebdev/sentinel/internal/receiver"
+// )
+
+// // TriggerCheck triggers a manual check for a service
+// func (s *Service) TriggerCheck(ctx context.Context, id string) error {
+// 	svc, err := s.GetViewByID(ctx, id)
+// 	if err != nil {
+// 		return fmt.Errorf("failed to get service: %w", err)
+// 	}
+
+// 	s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+// 		receiver.TriggerServiceEventTypeCheck,
+// 		svc,
+// 	))
+
+// 	return nil
+// }
diff --git a/internal/services/service/methods.go b/internal/services/service/methods.go
new file mode 100644
index 0000000..1507f48
--- /dev/null
+++ b/internal/services/service/methods.go
@@ -0,0 +1,336 @@
+package service
+
+// import (
+// 	"context"
+// 	"database/sql"
+// 	"errors"
+// 	"fmt"
+// 	"slices"
+
+// 	"github.com/go-playground/validator/v10"
+// 	"github.com/sxwebdev/sentinel/internal/models"
+// 	"github.com/sxwebdev/sentinel/internal/receiver"
+// 	"github.com/sxwebdev/sentinel/internal/store/repos"
+// 	"github.com/sxwebdev/sentinel/internal/store/repos/repo_service_agents"
+// 	"github.com/sxwebdev/sentinel/internal/store/repos/repo_service_states"
+// 	"github.com/sxwebdev/sentinel/internal/store/repos/repo_services"
+// 	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+// 	"github.com/sxwebdev/sentinel/internal/utils"
+// )
+
+// type CreateUpdateParams struct {
+// 	Name      string                     `validate:"required"`
+// 	Protocol  models.ServiceProtocolType `validate:"required"`
+// 	Interval  int64                      `validate:"required"`
+// 	Timeout   int64                      `validate:"required"`
+// 	Retries   int64                      `validate:"required,gte=0"`
+// 	Tags      []string
+// 	Config    map[string]any
+// 	IsEnabled bool
+// 	AgentIDs  []string
+// }
+
+// // Create new service
+// func (s *Service) Create(ctx context.Context, params CreateUpdateParams) (*models.ServiceFullView, error) {
+// 	if err := validator.New().Struct(params); err != nil {
+// 		return nil, fmt.Errorf("validation error: %w", err)
+// 	}
+
+// 	if err := params.Protocol.Validate(); err != nil {
+// 		return nil, fmt.Errorf("invalid protocol: %w", err)
+// 	}
+
+// 	if len(params.Tags) > 0 {
+// 		slices.Sort(params.Tags)
+// 	}
+
+// 	// Convert tags to JSONField
+// 	tags := storecmn.JSONField("[]")
+// 	if err := tags.UnmarshalFromAny(params.Tags); err != nil {
+// 		return nil, fmt.Errorf("failed to convert tags to json raw message: %w", err)
+// 	}
+
+// 	// Convert config to JSONField
+// 	config := storecmn.JSONField("{}")
+// 	if err := config.UnmarshalFromAny(params.Config); err != nil {
+// 		return nil, fmt.Errorf("failed to convert config to json raw message: %w", err)
+// 	}
+
+// 	createParams := repo_services.CreateParams{
+// 		ID:        utils.GenerateULID(),
+// 		Name:      params.Name,
+// 		Protocol:  params.Protocol,
+// 		Interval:  params.Interval,
+// 		Timeout:   params.Timeout,
+// 		Retries:   params.Retries,
+// 		Tags:      tags,
+// 		Config:    config,
+// 		IsEnabled: params.IsEnabled,
+// 	}
+
+// 	err := storecmn.WrapTx(ctx, s.store.SQLite(), func(tx *sql.Tx) error {
+// 		// Create service
+// 		_, err := s.store.Services(repos.WithTx(tx)).Create(ctx, createParams)
+// 		if err != nil {
+// 			return fmt.Errorf("failed to create service: %w", err)
+// 		}
+
+// 		// Create initial service state
+// 		serviceState := &repo_service_states.CreateParams{
+// 			ID:        utils.GenerateULID(),
+// 			ServiceID: createParams.ID,
+// 			Status:    models.ServiceStatusUnknown,
+// 		}
+
+// 		_, err = s.store.ServiceStates(repos.WithTx(tx)).Create(ctx, *serviceState)
+// 		if err != nil {
+// 			return fmt.Errorf("failed to create initial service state: %w", err)
+// 		}
+
+// 		// Associate service with agent if AgentIDDs are provided
+// 		if len(params.AgentIDs) > 0 {
+// 			for _, agentID := range params.AgentIDs {
+// 				// Check if agent exists
+// 				exists, err := s.store.Agents(repos.WithTx(tx)).Exist(ctx, agentID)
+// 				if err != nil {
+// 					return fmt.Errorf("failed to check if agent exists: %w", err)
+// 				}
+
+// 				if exists == 0 {
+// 					return fmt.Errorf("agent with ID %s %w", agentID, storecmn.ErrNotFound)
+// 				}
+
+// 				_, err = s.store.ServiceAgents(repos.WithTx(tx)).Create(ctx, repo_service_agents.CreateParams{
+// 					ID:        utils.GenerateULID(),
+// 					ServiceID: createParams.ID,
+// 					AgentID:   agentID,
+// 				})
+// 				if err != nil {
+// 					return fmt.Errorf("failed to assign service to agent: %w", err)
+// 				}
+// 			}
+// 		}
+
+// 		return nil
+// 	})
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to create service in transaction: %w", err)
+// 	}
+
+// 	svcView, err := s.GetViewByID(ctx, createParams.ID)
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to get created service: %w", err)
+// 	}
+
+// 	s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+// 		receiver.TriggerServiceEventTypeCreated,
+// 		svcView,
+// 	))
+
+// 	return svcView, nil
+// }
+
+// // Update service
+// func (s *Service) Update(ctx context.Context, id string, params CreateUpdateParams) (*models.ServiceFullView, error) {
+// 	if err := validator.New().Struct(params); err != nil {
+// 		return nil, fmt.Errorf("validation error: %w", err)
+// 	}
+
+// 	if err := params.Protocol.Validate(); err != nil {
+// 		return nil, fmt.Errorf("invalid protocol: %w", err)
+// 	}
+
+// 	if len(params.Tags) > 0 {
+// 		slices.Sort(params.Tags)
+// 	}
+
+// 	// Convert tags to JSONField
+// 	tags := storecmn.JSONField("[]")
+// 	if err := tags.UnmarshalFromAny(params.Tags); err != nil {
+// 		return nil, fmt.Errorf("failed to convert tags to json raw message: %w", err)
+// 	}
+
+// 	// Convert config to JSONField
+// 	config := storecmn.JSONField("{}")
+// 	if err := config.UnmarshalFromAny(params.Config); err != nil {
+// 		return nil, fmt.Errorf("failed to convert config to json raw message: %w", err)
+// 	}
+
+// 	updateParams := repo_services.UpdateServiceRequest{
+// 		Name:      params.Name,
+// 		Protocol:  params.Protocol,
+// 		Interval:  params.Interval,
+// 		Timeout:   params.Timeout,
+// 		Retries:   params.Retries,
+// 		Tags:      tags,
+// 		Config:    config,
+// 		IsEnabled: params.IsEnabled,
+// 	}
+
+// 	existsServiceAgents, err := s.store.ServiceAgents().GetAllByServiceID(ctx, id)
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to get exists service agents: %w", err)
+// 	}
+
+// 	var item *models.ServiceFullView
+// 	err = storecmn.WrapTx(ctx, s.store.SQLite(), func(tx *sql.Tx) error {
+// 		i, err := s.store.Services(repos.WithTx(tx)).Update(ctx, id, updateParams)
+// 		if err != nil {
+// 			return err
+// 		}
+
+// 		item = i
+
+// 		if len(params.AgentIDs) == 0 && len(existsServiceAgents) > 0 {
+// 			// If no AgentIDs provided, remove all existing associations
+// 			err = s.store.ServiceAgents(repos.WithTx(tx)).DeleteByServiceID(ctx, id)
+// 			if err != nil {
+// 				return fmt.Errorf("failed to remove service-agent associations: %w", err)
+// 			}
+// 		}
+
+// 		// Update service-agent association if AgentID is provided
+// 		if len(params.AgentIDs) > 0 {
+// 			var checkedAgentIDs []string
+// 			for _, agentID := range params.AgentIDs {
+// 				checkedAgentIDs = append(checkedAgentIDs, agentID)
+// 				if slices.ContainsFunc(existsServiceAgents, func(sa *models.ServiceAgent) bool { return sa.AgentID == agentID }) {
+// 					// Association already exists, skip
+// 					continue
+// 				}
+
+// 				// Check if agent exists
+// 				exists, err := s.store.Agents(repos.WithTx(tx)).Exist(ctx, agentID)
+// 				if err != nil {
+// 					return fmt.Errorf("failed to check if agent exists: %w", err)
+// 				}
+
+// 				if exists == 0 {
+// 					return fmt.Errorf("agent with ID %s %w", agentID, storecmn.ErrNotFound)
+// 				}
+
+// 				// Create new association
+// 				_, err = s.store.ServiceAgents(repos.WithTx(tx)).Create(ctx, repo_service_agents.CreateParams{
+// 					ID:        utils.GenerateULID(),
+// 					ServiceID: id,
+// 					AgentID:   agentID,
+// 					Revision:  "1",
+// 				})
+// 				if err != nil {
+// 					return fmt.Errorf("failed to assign service to agent: %w", err)
+// 				}
+// 			}
+
+// 			// Remove associations that are not in the new list
+// 			for _, existing := range existsServiceAgents {
+// 				if !slices.Contains(checkedAgentIDs, existing.AgentID) {
+// 					err = s.store.ServiceAgents(repos.WithTx(tx)).DeleteByServiceIDAndAgentID(ctx, id, existing.AgentID)
+// 					if err != nil {
+// 						return fmt.Errorf("failed to remove service-agent association: %w", err)
+// 					}
+// 				}
+// 			}
+// 		}
+
+// 		return nil
+// 	})
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to update service: %w", err)
+// 	}
+
+// 	s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+// 		receiver.TriggerServiceEventTypeUpdated,
+// 		item,
+// 	))
+
+// 	return item, nil
+// }
+
+// // GetByID returns service by ID
+// func (s *Service) GetByID(ctx context.Context, id string) (*models.Service, error) {
+// 	if id == "" {
+// 		return nil, storecmn.ErrEmptyID
+// 	}
+
+// 	svc, err := s.store.Services().GetByID(ctx, id)
+// 	if err != nil {
+// 		if errors.Is(err, sql.ErrNoRows) {
+// 			return nil, storecmn.ErrNotFound
+// 		}
+// 		return nil, err
+// 	}
+
+// 	return svc, nil
+// }
+
+// // GetAllEnabled returns all enabled services
+// func (s *Service) GetAllEnabled(ctx context.Context) ([]*models.Service, error) {
+// 	return s.store.Services().GetAllEnabled(ctx)
+// }
+
+// // GetAllEnabledByAgentID returns all enabled services assigned to the given agent ID
+// func (s *Service) GetAllEnabledByAgentID(ctx context.Context, agentID string) ([]*models.Service, error) {
+// 	return s.store.Services().GetAllEnabledByAgentID(ctx, agentID)
+// }
+
+// // GetAllEnabledWithoutAgents returns all enabled services that are not assigned to any agents
+// func (s *Service) GetAllEnabledWithoutAgents(ctx context.Context) ([]*models.Service, error) {
+// 	return s.store.Services().GetAllEnabledWithoutAgents(ctx)
+// }
+
+// // GetViewByID returns service view by ID
+// func (s *Service) GetViewByID(ctx context.Context, id string) (*models.ServiceFullView, error) {
+// 	return s.store.Services().GetViewByID(ctx, id)
+// }
+
+// type FindParams = repo_services.FindParams
+
+// // FindView services by params
+// func (s *Service) FindView(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.ServiceFullView], error) {
+// 	return s.store.Services().FindView(ctx, params)
+// }
+
+// // Delete service by ID
+// func (s *Service) Delete(ctx context.Context, id string) error {
+// 	// Get service to find name for scheduler cleanup
+// 	svc, err := s.store.Services().GetViewByID(ctx, id)
+// 	if err != nil {
+// 		return fmt.Errorf("failed to get service: %w", err)
+// 	}
+
+// 	// Delete service and related data in a transaction
+// 	err = storecmn.WrapTx(ctx, s.store.SQLite(), func(tx *sql.Tx) error {
+// 		if err := s.store.ServiceStates(repos.WithTx(tx)).DeleteByServiceID(ctx, id); err != nil {
+// 			return fmt.Errorf("failed to delete service states: %w", err)
+// 		}
+
+// 		if err := s.store.Incidents(repos.WithTx(tx)).DeleteByServiceID(ctx, id); err != nil {
+// 			return fmt.Errorf("failed to delete incidents: %w", err)
+// 		}
+
+// 		if err := s.store.Services(repos.WithTx(tx)).Delete(ctx, id); err != nil {
+// 			return fmt.Errorf("failed to delete service: %w", err)
+// 		}
+
+// 		return nil
+// 	})
+// 	if err != nil {
+// 		return fmt.Errorf("failed to delete service in transaction: %w", err)
+// 	}
+
+// 	s.receiver.TriggerService().Publish(*receiver.NewTriggerServiceData(
+// 		receiver.TriggerServiceEventTypeDeleted,
+// 		svc,
+// 	))
+
+// 	return nil
+// }
+
+// // Exists checks if there are any services
+// func (s *Service) Exists(ctx context.Context, id string) (bool, error) {
+// 	res, err := s.store.Services().Exist(ctx, id)
+// 	if err != nil {
+// 		return false, fmt.Errorf("failed to check if services exist: %w", err)
+// 	}
+// 	return res > 0, nil
+// }
diff --git a/internal/services/service/service.go b/internal/services/service/service.go
new file mode 100644
index 0000000..5fa8a8a
--- /dev/null
+++ b/internal/services/service/service.go
@@ -0,0 +1,18 @@
+package service
+
+import (
+	"github.com/sxwebdev/sentinel/internal/receiver"
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store    *store.Store
+	receiver *receiver.Receiver
+}
+
+func New(store *store.Store, receiver *receiver.Receiver) *Service {
+	return &Service{
+		store:    store,
+		receiver: receiver,
+	}
+}
diff --git a/internal/services/service/stats.go b/internal/services/service/stats.go
new file mode 100644
index 0000000..f166f9f
--- /dev/null
+++ b/internal/services/service/stats.go
@@ -0,0 +1,53 @@
+package service
+
+// import (
+// 	"context"
+// 	"fmt"
+// 	"time"
+// )
+
+// type Stats struct {
+// 	ServiceID           string        `json:"service_id"`
+// 	Period              time.Duration `json:"period" swaggertype:"primitive,integer"`
+// 	TotalIncidents      int64         `json:"total_incidents"`
+// 	TotalDowntime       int64         `json:"total_downtime" swaggertype:"primitive,integer"`
+// 	UptimePercentage    float64       `json:"uptime_percentage"`
+// 	AvgResponseTime     int64         `json:"avg_response_time" swaggertype:"primitive,integer"`
+// 	ResolvedIncidents   int64         `json:"resolved_incidents"`
+// 	UnresolvedIncidents int64         `json:"unresolved_incidents"`
+// }
+
+// func (s *Service) Stats(ctx context.Context, serviceID string, since time.Time) (*Stats, error) {
+// 	if serviceID == "" || since.IsZero() {
+// 		return nil, fmt.Errorf("service ID and start time are required for stats")
+// 	}
+
+// 	incidentsStats, err := s.store.Incidents().StatsByServiceID(ctx, serviceID, since)
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to get incidents stats: %w", err)
+// 	}
+
+// 	incidentsStatsDomain := incidentsStats.ToDomain()
+
+// 	// Get average response time from service state
+// 	var avgResponseTime int64
+// 	serviceState, err := s.store.ServiceStates().GetByServiceID(ctx, serviceID)
+// 	if err != nil {
+// 		return nil, fmt.Errorf("failed to get service state: %w", err)
+// 	}
+
+// 	if serviceState.AvgResponseTime != nil {
+// 		avgResponseTime = *serviceState.AvgResponseTime
+// 	}
+
+// 	return &Stats{
+// 		ServiceID:           serviceID,
+// 		Period:              time.Since(since),
+// 		TotalIncidents:      incidentsStatsDomain.TotalIncidents,
+// 		TotalDowntime:       incidentsStatsDomain.TotalDowntime,
+// 		UptimePercentage:    incidentsStats.UptimePercentage30d,
+// 		AvgResponseTime:     avgResponseTime,
+// 		ResolvedIncidents:   incidentsStatsDomain.ResolvedIncidents,
+// 		UnresolvedIncidents: incidentsStatsDomain.UnresolvedIncidents,
+// 	}, nil
+// }
diff --git a/internal/services/service/tags.go b/internal/services/service/tags.go
new file mode 100644
index 0000000..aa78a85
--- /dev/null
+++ b/internal/services/service/tags.go
@@ -0,0 +1,13 @@
+package service
+
+// import "context"
+
+// // GetAllTags retrieves all unique tags associated with services.
+// func (s *Service) GetAllTags(ctx context.Context) ([]string, error) {
+// 	return s.store.Services().GetAllTags(ctx)
+// }
+
+// // GetAllTagsWithCount retrieves all unique tags along with their occurrence counts.
+// func (s *Service) GetAllTagsWithCount(ctx context.Context) (map[string]int, error) {
+// 	return s.store.Services().GetAllTagsWithCount(ctx)
+// }
diff --git a/internal/services/servicestate/methods.go b/internal/services/servicestate/methods.go
new file mode 100644
index 0000000..4127276
--- /dev/null
+++ b/internal/services/servicestate/methods.go
@@ -0,0 +1,33 @@
+package servicestate
+
+// import (
+// 	"context"
+
+// 	"github.com/sxwebdev/sentinel/internal/models"
+// 	"github.com/sxwebdev/sentinel/internal/store/repos/repo_service_states"
+// )
+
+// // GetAll retrieves all service states
+// func (s *Service) GetAll(ctx context.Context) ([]*models.ServiceState, error) {
+// 	return s.store.ServiceStates().GetAll(ctx)
+// }
+
+// // GetByServiceID retrieves a service state by service ID
+// func (s *Service) GetByServiceID(ctx context.Context, serviceID string) (*models.ServiceState, error) {
+// 	return s.store.ServiceStates().GetByServiceID(ctx, serviceID)
+// }
+
+// type UpdateParams = repo_service_states.UpdateRequest
+
+// // Update updates a service state by ID
+// func (s *Service) Update(ctx context.Context, id string, params UpdateParams) (*models.ServiceState, error) {
+// 	if err := params.Status.Validate(); err != nil {
+// 		return nil, err
+// 	}
+// 	return s.store.ServiceStates().Update(ctx, id, params)
+// }
+
+// // Stats represents aggregated statistics about service states
+// func (s *Service) Stats(ctx context.Context) (*repo_service_states.StatsRow, error) {
+// 	return s.store.ServiceStates().Stats(ctx)
+// }
diff --git a/internal/services/servicestate/service.go b/internal/services/servicestate/service.go
new file mode 100644
index 0000000..4638592
--- /dev/null
+++ b/internal/services/servicestate/service.go
@@ -0,0 +1,15 @@
+package servicestate
+
+import (
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store *store.Store
+}
+
+func New(store *store.Store) *Service {
+	return &Service{
+		store: store,
+	}
+}
diff --git a/internal/services/system/methods.go b/internal/services/system/methods.go
new file mode 100644
index 0000000..0b01d6f
--- /dev/null
+++ b/internal/services/system/methods.go
@@ -0,0 +1,39 @@
+package system
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_users"
+	"github.com/sxwebdev/sentinel/internal/utils"
+)
+
+// CheckIsInitialized checks if the system is initialized
+func (s *Service) CheckIsInitialized(ctx context.Context) (bool, error) {
+	return s.usersService.CheckRootUserExists(ctx)
+}
+
+// Initialize initializes the system by creating the root user
+func (s *Service) Initialize(ctx context.Context, rootEmail, rootPassword string) error {
+	exists, err := s.CheckIsInitialized(ctx)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return fmt.Errorf("system already initialized")
+	}
+
+	// Create user
+	_, err = s.usersService.Create(ctx, repo_users.CreateParams{
+		ID:       utils.GenerateULID(),
+		Email:    rootEmail,
+		Password: rootPassword,
+		Role:     models.UserRoleRoot,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/services/system/service.go b/internal/services/system/service.go
new file mode 100644
index 0000000..25db74c
--- /dev/null
+++ b/internal/services/system/service.go
@@ -0,0 +1,20 @@
+package system
+
+import (
+	"github.com/sxwebdev/sentinel/internal/services/users"
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store *store.Store
+
+	usersService *users.Service
+}
+
+// New creates new system service
+func New(st *store.Store, usersService *users.Service) *Service {
+	return &Service{
+		store:        st,
+		usersService: usersService,
+	}
+}
diff --git a/internal/services/users/helpers.go b/internal/services/users/helpers.go
new file mode 100644
index 0000000..c09970a
--- /dev/null
+++ b/internal/services/users/helpers.go
@@ -0,0 +1,119 @@
+package users
+
+import (
+	"crypto/subtle"
+	"errors"
+	"fmt"
+	"unicode/utf8"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// isSequential checks for simple increasing or decreasing sequences
+func isSequential(s string) bool {
+	if len(s) < 5 {
+		return false
+	}
+	runes := []rune(s)
+	inc := true
+	dec := true
+	for i := 1; i < len(runes); i++ {
+		if runes[i] != runes[i-1]+1 {
+			inc = false
+		}
+		if runes[i] != runes[i-1]-1 {
+			dec = false
+		}
+	}
+	return inc || dec
+}
+
+func IsWeakPassword(password string) error {
+	// check is password weak
+	weakPasswords := map[string]struct{}{
+		"123456":     {},
+		"password":   {},
+		"qwerty":     {},
+		"111111":     {},
+		"12345678":   {},
+		"abc123":     {},
+		"123456789":  {},
+		"123123":     {},
+		"qwertyuiop": {},
+		"letmein":    {},
+		"admin":      {},
+		"welcome":    {},
+		"monkey":     {},
+		"passw0rd":   {},
+		"starwars":   {},
+	}
+
+	if _, found := weakPasswords[password]; found {
+		return errors.New("password is too weak (common password)")
+	}
+
+	// only digits
+	onlyDigits := true
+	for _, r := range password {
+		if r < '0' || r > '9' {
+			onlyDigits = false
+			break
+		}
+	}
+	if onlyDigits {
+		return errors.New("password is too weak (only digits)")
+	}
+
+	// only letters
+	onlyLetters := true
+	for _, r := range password {
+		if r < 'A' || (r > 'Z' && r < 'a') || r > 'z' {
+			onlyLetters = false
+			break
+		}
+	}
+	if onlyLetters {
+		return errors.New("password is too weak (only letters)")
+	}
+
+	// simple sequential patterns (e.g. abcdef, 123456)
+	if isSequential(password) {
+		return errors.New("password is too weak (sequential pattern)")
+	}
+
+	return nil
+}
+
+func checkPassword(password, passwordConfirm string) error {
+	if subtle.ConstantTimeCompare([]byte(password), []byte(passwordConfirm)) != 1 {
+		return fmt.Errorf("passwords do not match")
+	}
+
+	passLength := utf8.RuneCountInString(password)
+	if passLength < 6 {
+		return errors.New("password length must be greater or equal 6 symbols")
+	}
+
+	if passLength > 50 {
+		return errors.New("password length must be less or equal 50 symbols")
+	}
+
+	// if err := IsWeakPassword(password); err != nil {
+	// 	return err
+	// }
+
+	return nil
+}
+
+func generateHashFromPassword(password string) (string, error) {
+	if password == "" {
+		return "", fmt.Errorf("password is empty")
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return "", fmt.Errorf("cannot hash password: %w", err)
+	}
+
+	return string(hashedPassword), nil
+}
diff --git a/internal/services/users/methods.go b/internal/services/users/methods.go
new file mode 100644
index 0000000..14d8a47
--- /dev/null
+++ b/internal/services/users/methods.go
@@ -0,0 +1,86 @@
+package users
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_users"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+// GetByID gets user by ID
+func (s *Service) GetByID(ctx context.Context, id string) (*models.User, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	item, err := s.store.Users().GetByID(ctx, id)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return item, nil
+}
+
+// GetByEmail gets user by email
+func (s *Service) GetByEmail(ctx context.Context, email string) (*models.User, error) {
+	if email == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	item, err := s.store.Users().GetByEmail(ctx, email)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, err
+	}
+
+	return item, nil
+}
+
+type CreateParams = repo_users.CreateParams
+
+// Create creates new user
+func (s *Service) Create(ctx context.Context, params CreateParams) (*models.User, error) {
+	if err := s.validator.Struct(params); err != nil {
+		return nil, err
+	}
+
+	if err := checkPassword(params.Password, params.Password); err != nil {
+		return nil, err
+	}
+
+	hashedPassword, err := generateHashFromPassword(params.Password)
+	if err != nil {
+		return nil, err
+	}
+
+	params.Password = hashedPassword
+
+	return s.store.Users().Create(ctx, params)
+}
+
+type UpdateParams = repo_users.UpdateParams
+
+// Update updates user
+func (s *Service) Update(ctx context.Context, params UpdateParams) (*models.User, error) {
+	if err := s.validator.Struct(params); err != nil {
+		return nil, err
+	}
+	return s.store.Users().Update(ctx, params)
+}
+
+// CheckRootUserExists checks if a root user exists
+func (s *Service) CheckRootUserExists(ctx context.Context) (bool, error) {
+	val, err := s.store.Users().CheckRootUserExists(ctx)
+	if err != nil {
+		return false, err
+	}
+	return val > 0, nil
+}
diff --git a/internal/services/users/service.go b/internal/services/users/service.go
new file mode 100644
index 0000000..6ab12fe
--- /dev/null
+++ b/internal/services/users/service.go
@@ -0,0 +1,20 @@
+package users
+
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/sxwebdev/sentinel/internal/store"
+)
+
+type Service struct {
+	store *store.Store
+
+	validator *validator.Validate
+}
+
+// New creates new users service
+func New(st *store.Store) *Service {
+	return &Service{
+		store:     st,
+		validator: validator.New(),
+	}
+}
diff --git a/internal/storage/errors.go b/internal/storage/errors.go
deleted file mode 100644
index 2b1feea..0000000
--- a/internal/storage/errors.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package storage
-
-import "errors"
-
-var (
-	ErrNotFound      = errors.New("not found")
-	ErrAlreadyExists = errors.New("already exists")
-)
diff --git a/internal/storage/factory.go b/internal/storage/factory.go
deleted file mode 100644
index aec89ff..0000000
--- a/internal/storage/factory.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package storage
-
-import (
-	"fmt"
-	"strings"
-)
-
-// StorageType represents the type of storage backend
-type StorageType string
-
-const (
-	StorageTypeSQLite StorageType = "sqlite"
-)
-
-// NewStorage creates a new storage instance based on the provided type and path
-func NewStorage(storageType StorageType, dbPath string) (Storage, error) {
-	switch strings.ToLower(string(storageType)) {
-	case string(StorageTypeSQLite):
-		return NewSQLiteStorage(dbPath)
-	default:
-		return nil, fmt.Errorf("unsupported storage type: %s", storageType)
-	}
-}
diff --git a/internal/storage/incidents.go b/internal/storage/incidents.go
deleted file mode 100644
index 47eb1c1..0000000
--- a/internal/storage/incidents.go
+++ /dev/null
@@ -1,394 +0,0 @@
-package storage
-
-import (
-	"context"
-	"database/sql"
-	"errors"
-	"fmt"
-	"time"
-
-	"github.com/huandu/go-sqlbuilder"
-	"github.com/sxwebdev/sentinel/internal/utils"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-)
-
-// IncidentRow represents a database row for incidents
-type IncidentRow struct {
-	ID         string     `db:"id"`
-	ServiceID  string     `db:"service_id"`
-	StartTime  time.Time  `db:"start_time"`
-	EndTime    *time.Time `db:"end_time"`
-	Error      string     `db:"error"`
-	DurationNS *int64     `db:"duration_ns"`
-	Resolved   bool       `db:"resolved"`
-	CreatedAt  time.Time  `db:"created_at"`
-	UpdatedAt  time.Time  `db:"updated_at"`
-}
-
-// GetIncidentByID retrieves an incident by ID
-func (o *ORMStorage) GetIncidentByID(ctx context.Context, id string) (*Incident, error) {
-	if id == "" {
-		return nil, fmt.Errorf("id is required")
-	}
-
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select(
-		"i.id",
-		"i.service_id",
-		"i.start_time",
-		"i.end_time",
-		"i.error",
-		"i.duration_ns",
-		"i.resolved",
-		"i.created_at",
-		"i.updated_at",
-	)
-	sb.From("incidents i")
-	sb.Where(sb.Equal("i.id", id))
-
-	query, args := sb.Build()
-	row := o.db.QueryRowContext(ctx, query, args...)
-
-	var incidentRow IncidentRow
-	err := row.Scan(
-		&incidentRow.ID,
-		&incidentRow.ServiceID,
-		&incidentRow.StartTime,
-		&incidentRow.EndTime,
-		&incidentRow.Error,
-		&incidentRow.DurationNS,
-		&incidentRow.Resolved,
-		&incidentRow.CreatedAt,
-		&incidentRow.UpdatedAt,
-	)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, ErrNotFound
-		}
-		return nil, fmt.Errorf("failed to scan incident: %w", err)
-	}
-
-	return o.rowToIncident(&incidentRow), nil
-}
-
-type FindIncidentsParams struct {
-	// Search by service id or incident id
-	Search    string
-	ID        string
-	ServiceID string
-	Resolved  *bool
-	StartTime *time.Time
-	EndTime   *time.Time
-	Page      *uint32
-	PageSize  *uint32
-}
-
-func findIncidentsBuilder(params FindIncidentsParams, col ...string) *sqlbuilder.SelectBuilder {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select(col...)
-	sb.From("incidents i")
-
-	if params.ID != "" {
-		sb.Where(sb.Equal("i.id", params.ID))
-	}
-
-	if params.ServiceID != "" {
-		sb.Where(sb.Equal("i.service_id", params.ServiceID))
-	}
-
-	if params.Search != "" {
-		likeCondition := fmt.Sprintf("%%%s%%", params.Search)
-		sb.Where(sb.Or(
-			sb.Like("i.id", likeCondition),
-			sb.Like("i.service_id", likeCondition),
-		))
-	}
-
-	if params.Resolved != nil {
-		sb.Where(sb.Equal("i.resolved", *params.Resolved))
-	}
-
-	if params.StartTime != nil {
-		sb.Where(sb.GreaterEqualThan("i.start_time", *params.StartTime))
-	}
-
-	if params.EndTime != nil {
-		sb.Where(sb.LessEqualThan("i.end_time", *params.EndTime))
-	}
-
-	return sb
-}
-
-// FindIncidents finds incidents
-func (o *ORMStorage) FindIncidents(ctx context.Context, params FindIncidentsParams) (dbutils.FindResponseWithCount[*Incident], error) {
-	sb := findIncidentsBuilder(params,
-		"i.id",
-		"i.service_id",
-		"i.start_time",
-		"i.end_time",
-		"i.error",
-		"i.duration_ns",
-		"i.resolved",
-		"i.created_at",
-		"i.updated_at",
-	)
-	sb.OrderBy("i.start_time").Desc()
-
-	res := dbutils.FindResponseWithCount[*Incident]{}
-
-	limit, offset, err := dbutils.Pagination(params.Page, params.PageSize)
-	if err != nil {
-		return res, fmt.Errorf("failed to apply pagination: %w", err)
-	}
-
-	sb.Limit(int(limit)).Offset(int(offset))
-
-	sql, args := sb.Build()
-	rows, err := o.db.QueryContext(ctx, sql, args...)
-	if err != nil {
-		return res, fmt.Errorf("failed to query incidents: %w", err)
-	}
-	defer rows.Close()
-
-	incidents := []*Incident{}
-	for rows.Next() {
-		var incidentRow IncidentRow
-		err := rows.Scan(
-			&incidentRow.ID,
-			&incidentRow.ServiceID,
-			&incidentRow.StartTime,
-			&incidentRow.EndTime,
-			&incidentRow.Error,
-			&incidentRow.DurationNS,
-			&incidentRow.Resolved,
-			&incidentRow.CreatedAt,
-			&incidentRow.UpdatedAt,
-		)
-		if err != nil {
-			return res, fmt.Errorf("failed to scan incident: %w", err)
-		}
-
-		incidents = append(incidents, o.rowToIncident(&incidentRow))
-	}
-
-	if err := rows.Err(); err != nil {
-		return res, fmt.Errorf("error iterating rows: %w", err)
-	}
-
-	// Get total count of incidents
-	var totalCount uint32
-	countBuilder := findIncidentsBuilder(params, "COUNT(*)")
-
-	countQuery, countArgs := countBuilder.Build()
-	err = o.db.QueryRowContext(ctx, countQuery, countArgs...).Scan(&totalCount)
-	if err != nil {
-		return res, fmt.Errorf("failed to count incidents: %w", err)
-	}
-
-	res.Count = totalCount
-	res.Items = incidents
-
-	return res, nil
-}
-
-// FindIncidents finds incidents
-func (o *ORMStorage) IncidentsCount(ctx context.Context, params FindIncidentsParams) (uint32, error) {
-	// Get total count of incidents
-	var totalCount uint32
-	countBuilder := findIncidentsBuilder(params, "COUNT(*)")
-
-	countQuery, countArgs := countBuilder.Build()
-	err := o.db.QueryRowContext(ctx, countQuery, countArgs...).Scan(&totalCount)
-	if err != nil {
-		return 0, fmt.Errorf("failed to count incidents: %w", err)
-	}
-
-	return totalCount, nil
-}
-
-// ResolveAllIncidents resolves all incidents for a service
-func (o *ORMStorage) ResolveAllIncidents(ctx context.Context, serviceID string) ([]*Incident, error) {
-	if serviceID == "" {
-		return nil, fmt.Errorf("serviceID is required")
-	}
-
-	items, err := o.FindIncidents(ctx, FindIncidentsParams{
-		ServiceID: serviceID,
-		Resolved:  utils.Pointer(false),
-	})
-	if err != nil {
-		return nil, fmt.Errorf("failed to find incidents: %w", err)
-	}
-
-	tx, err := o.db.BeginTx(ctx, nil)
-	if err != nil {
-		return nil, fmt.Errorf("failed to begin transaction: %w", err)
-	}
-	defer tx.Rollback()
-
-	for _, item := range items.Items {
-		now := time.Now()
-
-		// Update all incidents for the service to resolved
-		ub := sqlbuilder.NewUpdateBuilder()
-
-		ub.Update("incidents").
-			Set(
-				ub.Assign("resolved", true),
-				ub.Assign("end_time", now),
-				ub.Assign("duration_ns", now.Sub(item.StartTime)),
-				ub.Assign("updated_at", now),
-			).
-			Where(
-				ub.Equal("id", item.ID),
-			)
-
-		sql, args := ub.Build()
-		if _, err := tx.ExecContext(ctx, sql, args...); err != nil {
-			return nil, fmt.Errorf("failed to resolve incidents: %w", err)
-		}
-	}
-
-	// Commit transaction
-	if err := tx.Commit(); err != nil {
-		return nil, fmt.Errorf("failed to commit transaction: %w", err)
-	}
-
-	resolvedIncidents := []*Incident{}
-	for _, item := range items.Items {
-		incident, err := o.GetIncidentByID(ctx, item.ID)
-		if err != nil {
-			return nil, fmt.Errorf("failed to get incident by ID: %w", err)
-		}
-
-		resolvedIncidents = append(resolvedIncidents, incident)
-	}
-
-	return resolvedIncidents, nil
-}
-
-// CreateIncident creates a new incident using ORM with retry logic
-func (o *ORMStorage) CreateIncident(ctx context.Context, incident *Incident) error {
-	ib := sqlbuilder.NewInsertBuilder()
-	ib.InsertInto("incidents")
-	ib.Cols("id", "service_id", "start_time", "end_time", "error", "duration_ns", "resolved")
-
-	ib.Values(
-		incident.ID,
-		incident.ServiceID,
-		incident.StartTime,
-		incident.EndTime,
-		incident.Error,
-		durationToNS(incident.Duration),
-		incident.Resolved,
-	)
-
-	sql, args := ib.Build()
-	_, err := o.db.ExecContext(ctx, sql, args...)
-	if err != nil {
-		return fmt.Errorf("failed to create incident: %w", err)
-	}
-
-	return nil
-}
-
-// UpdateIncident updates an existing incident using ORM with retry logic
-func (o *ORMStorage) UpdateIncident(ctx context.Context, incident *Incident) error {
-	ub := sqlbuilder.NewUpdateBuilder()
-	ub.Update("incidents")
-	ub.Set(
-		ub.Assign("service_id", incident.ServiceID),
-		ub.Assign("start_time", incident.StartTime),
-		ub.Assign("end_time", incident.EndTime),
-		ub.Assign("error", incident.Error),
-		ub.Assign("duration_ns", durationToNS(incident.Duration)),
-		ub.Assign("resolved", incident.Resolved),
-		ub.Assign("updated_at", time.Now()),
-	)
-	ub.Where(ub.Equal("id", incident.ID))
-
-	sql, args := ub.Build()
-	_, err := o.db.ExecContext(ctx, sql, args...)
-	if err != nil {
-		return fmt.Errorf("failed to update incident: %w", err)
-	}
-
-	return nil
-}
-
-// DeleteIncident deletes an incident by ID using ORM with retry logic
-func (o *ORMStorage) DeleteIncident(ctx context.Context, incidentID string) error {
-	db := sqlbuilder.NewDeleteBuilder()
-	db.DeleteFrom("incidents")
-	db.Where(db.Equal("id", incidentID))
-
-	sql, args := db.Build()
-	_, err := o.db.ExecContext(ctx, sql, args...)
-	if err != nil {
-		return fmt.Errorf("failed to delete incident: %w", err)
-	}
-
-	return nil
-}
-
-type GetIncidentsStatsByDateRangeItem struct {
-	Date          time.Time     `json:"date"`
-	Count         int64         `json:"count"`
-	AvgDuration   time.Duration `json:"avg_duration"`
-	TotalDuration time.Duration `json:"total_duration"`
-}
-
-type GetIncidentsStatsByDateRangeData []GetIncidentsStatsByDateRangeItem
-
-// GetIncidentsStatsByDateRange retrieves the stats of incidents within a specific date range
-func (o *ORMStorage) GetIncidentsStatsByDateRange(ctx context.Context, startTime, endTime time.Time) (GetIncidentsStatsByDateRangeData, error) {
-	// Generate date series for the range
-	var result GetIncidentsStatsByDateRangeData
-
-	// Iterate through each day in the range
-	for d := startTime; !d.After(endTime); d = d.AddDate(0, 0, 1) {
-		// Get start and end of the day
-		dayStart := time.Date(d.Year(), d.Month(), d.Day(), 0, 0, 0, 0, d.Location())
-		dayEnd := time.Date(d.Year(), d.Month(), d.Day(), 23, 59, 59, 999999999, d.Location())
-
-		// Query incidents for this specific date range
-		sb := sqlbuilder.NewSelectBuilder()
-		sb.Select(
-			"COUNT(*) as count",
-			"AVG(CASE WHEN resolved = true THEN duration_ns ELSE (strftime('%s', 'now') - strftime('%s', start_time)) * 1000000000 END) as avg_duration",
-			"SUM(CASE WHEN resolved = true THEN duration_ns ELSE (strftime('%s', 'now') - strftime('%s', start_time)) * 1000000000 END) as total_duration",
-		)
-		sb.From("incidents")
-		sb.Where(sb.GreaterEqualThan("start_time", dayStart))
-		sb.Where(sb.LessEqualThan("start_time", dayEnd))
-
-		sql, args := sb.Build()
-		row := o.db.QueryRowContext(ctx, sql, args...)
-
-		var count int64
-		var avgDurationNS *float64
-		var totalDurationNS *float64
-
-		if err := row.Scan(&count, &avgDurationNS, &totalDurationNS); err != nil {
-			return nil, fmt.Errorf("failed to scan incident stats for date %s: %w", d.Format("2006-01-02"), err)
-		}
-
-		item := GetIncidentsStatsByDateRangeItem{
-			Date:  d,
-			Count: count,
-		}
-
-		// Convert nanoseconds to duration
-		if avgDurationNS != nil {
-			item.AvgDuration = time.Duration(int64(*avgDurationNS))
-		}
-
-		if totalDurationNS != nil {
-			item.TotalDuration = time.Duration(int64(*totalDurationNS))
-		}
-
-		result = append(result, item)
-	}
-
-	return result, nil
-}
diff --git a/internal/storage/migrations.go b/internal/storage/migrations.go
deleted file mode 100644
index 3ed32d2..0000000
--- a/internal/storage/migrations.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package storage
-
-import (
-	"database/sql"
-	"fmt"
-)
-
-// Migration represents a database migration
-type Migration struct {
-	Version int
-	SQL     string
-}
-
-// migrations contains all database migrations in order
-var migrations = []Migration{
-	{
-		Version: 1,
-		SQL: `
-		-- Create services table
-		CREATE TABLE IF NOT EXISTS services (
-			id TEXT PRIMARY KEY,
-			name TEXT NOT NULL,
-			protocol TEXT NOT NULL,
-			interval TEXT NOT NULL,
-			timeout TEXT NOT NULL,
-			retries INTEGER NOT NULL DEFAULT 3,
-			tags jsonb NOT NULL DEFAULT '[]',
-			config jsonb NOT NULL DEFAULT '{}',
-			is_enabled BOOLEAN NOT NULL DEFAULT TRUE,
-			created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-			updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
-		);
-
-		-- Create incidents table
-		CREATE TABLE IF NOT EXISTS incidents (
-			id TEXT PRIMARY KEY,
-			service_id TEXT NOT NULL REFERENCES services(id),
-			start_time DATETIME NOT NULL,
-			end_time DATETIME,
-			error TEXT NOT NULL,
-			duration_ns INTEGER,
-			resolved BOOLEAN NOT NULL DEFAULT FALSE,
-			created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-			updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
-		);
-
-		-- Create service_states table for current service states
-		CREATE TABLE IF NOT EXISTS service_states (
-			id TEXT PRIMARY KEY,
-			service_id TEXT NOT NULL REFERENCES services(id),
-			status TEXT NOT NULL DEFAULT 'unknown',
-			last_check DATETIME,
-			next_check DATETIME,
-			last_error TEXT,
-			consecutive_fails INTEGER NOT NULL DEFAULT 0,
-			consecutive_success INTEGER NOT NULL DEFAULT 0,
-			total_checks INTEGER NOT NULL DEFAULT 0,
-			response_time_ns INTEGER,
-			created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-			updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
-			UNIQUE(service_id)
-		);
-
-		-- Create indexes for performance
-		CREATE INDEX IF NOT EXISTS idx_services_name ON services(name);
-		CREATE INDEX IF NOT EXISTS idx_services_enabled ON services(is_enabled);
-		CREATE INDEX IF NOT EXISTS idx_services_created_at ON services(created_at DESC);
-		
-		CREATE INDEX IF NOT EXISTS idx_incidents_service_id ON incidents(service_id);
-		CREATE INDEX IF NOT EXISTS idx_incidents_start_time_desc ON incidents(start_time DESC);
-		CREATE INDEX IF NOT EXISTS idx_incidents_resolved ON incidents(resolved);
-		
-		CREATE INDEX IF NOT EXISTS idx_service_states_service_id ON service_states(service_id);
-		CREATE INDEX IF NOT EXISTS idx_service_states_status ON service_states(status);
-		CREATE INDEX IF NOT EXISTS idx_service_states_last_check ON service_states(last_check DESC);
-		CREATE INDEX IF NOT EXISTS idx_service_states_next_check ON service_states(next_check);
-		`,
-	},
-}
-
-// schemaVersionTable creates the schema version tracking table
-const schemaVersionTable = `
-CREATE TABLE IF NOT EXISTS schema_version (
-	version INTEGER PRIMARY KEY,
-	applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-`
-
-// runMigrations runs all pending database migrations
-func runMigrations(db *sql.DB) error {
-	// Create schema version table if it doesn't exist
-	if _, err := db.Exec(schemaVersionTable); err != nil {
-		return fmt.Errorf("failed to create schema version table: %w", err)
-	}
-
-	// Get current schema version
-	currentVersion, err := getCurrentSchemaVersion(db)
-	if err != nil {
-		return fmt.Errorf("failed to get current schema version: %w", err)
-	}
-
-	// Run pending migrations
-	for _, migration := range migrations {
-		if migration.Version > currentVersion {
-			if err := runMigration(db, migration); err != nil {
-				return fmt.Errorf("failed to run migration %d: %w", migration.Version, err)
-			}
-		}
-	}
-
-	return nil
-}
-
-// getCurrentSchemaVersion gets the current schema version from the database
-func getCurrentSchemaVersion(db *sql.DB) (int, error) {
-	var version int
-	err := db.QueryRow("SELECT COALESCE(MAX(version), 0) FROM schema_version").Scan(&version)
-	if err != nil {
-		return 0, err
-	}
-	return version, nil
-}
-
-// runMigration runs a single migration
-func runMigration(db *sql.DB, migration Migration) error {
-	// Start transaction
-	tx, err := db.Begin()
-	if err != nil {
-		return fmt.Errorf("failed to begin transaction: %w", err)
-	}
-	defer tx.Rollback()
-
-	// Execute migration SQL
-	if _, err := tx.Exec(migration.SQL); err != nil {
-		return fmt.Errorf("failed to execute migration SQL: %w", err)
-	}
-
-	// Record migration version
-	if _, err := tx.Exec("INSERT INTO schema_version (version) VALUES (?)", migration.Version); err != nil {
-		return fmt.Errorf("failed to record migration version: %w", err)
-	}
-
-	// Commit transaction
-	if err := tx.Commit(); err != nil {
-		return fmt.Errorf("failed to commit migration: %w", err)
-	}
-
-	return nil
-}
diff --git a/internal/storage/models.go b/internal/storage/models.go
deleted file mode 100644
index c5853ec..0000000
--- a/internal/storage/models.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package storage
-
-import (
-	"time"
-
-	"github.com/oklog/ulid/v2"
-)
-
-type ServiceProtocolType string
-
-const (
-	ServiceProtocolTypeHTTP ServiceProtocolType = "http"
-	ServiceProtocolTypeTCP  ServiceProtocolType = "tcp"
-	ServiceProtocolTypeGRPC ServiceProtocolType = "grpc"
-)
-
-// serviceRow represents a database row for services
-type serviceRow struct {
-	ID                 string
-	Name               string
-	Protocol           string
-	Interval           string
-	Timeout            string
-	Retries            int
-	Tags               string
-	Config             string
-	IsEnabled          bool
-	CreatedAt          time.Time
-	UpdatedAt          time.Time
-	ActiveIncidents    int
-	TotalIncidents     int
-	Status             ServiceStatus
-	LastCheck          *time.Time
-	NextCheck          *time.Time
-	LastError          *string
-	ConsecutiveFails   int
-	ConsecutiveSuccess int
-	TotalChecks        int
-	ResponseTimeNS     *int64
-}
-
-// Service represents a monitored service
-type Service struct {
-	ID                 string              `json:"id"`
-	Name               string              `json:"name"`
-	Protocol           ServiceProtocolType `json:"protocol"`
-	Interval           time.Duration       `json:"interval" swaggertype:"primitive,integer"`
-	Timeout            time.Duration       `json:"timeout" swaggertype:"primitive,integer"`
-	Retries            int                 `json:"retries"`
-	Tags               []string            `json:"tags"`
-	Config             map[string]any      `json:"config"`
-	IsEnabled          bool                `json:"is_enabled"`
-	CreatedAt          time.Time           `json:"created_at"`
-	UpdatedAt          time.Time           `json:"updated_at"`
-	ActiveIncidents    int                 `json:"active_incidents,omitempty"`
-	TotalIncidents     int                 `json:"total_incidents,omitempty"`
-	Status             ServiceStatus       `json:"status"`
-	LastCheck          *time.Time          `json:"last_check,omitempty"`
-	NextCheck          *time.Time          `json:"next_check,omitempty"`
-	LastError          *string             `json:"last_error,omitempty"`
-	ConsecutiveFails   int                 `json:"consecutive_fails"`
-	ConsecutiveSuccess int                 `json:"consecutive_success"`
-	TotalChecks        int                 `json:"total_checks"`
-	ResponseTime       *time.Duration      `json:"response_time" swaggertype:"primitive,integer"`
-}
-
-// ServiceStatus represents the current status of a service
-type ServiceStatus string
-
-const (
-	StatusUnknown     ServiceStatus = "unknown"
-	StatusUp          ServiceStatus = "up"
-	StatusDown        ServiceStatus = "down"
-	StatusMaintenance ServiceStatus = "maintenance"
-)
-
-func (s ServiceStatus) String() string {
-	return string(s)
-}
-
-// Incident represents a service incident
-type Incident struct {
-	ID        string         `json:"id"`
-	ServiceID string         `json:"service_id"`
-	StartTime time.Time      `json:"start_time"`
-	EndTime   *time.Time     `json:"end_time,omitempty"`
-	Error     string         `json:"error"`
-	Duration  *time.Duration `json:"duration,omitempty" swaggertype:"primitive,integer"`
-	Resolved  bool           `json:"resolved"`
-}
-
-// ServiceStats holds statistics for a service
-type ServiceStats struct {
-	ServiceID        string        `json:"service_id"`
-	TotalIncidents   int           `json:"total_incidents"`
-	TotalDowntime    time.Duration `json:"total_downtime" swaggertype:"primitive,integer"`
-	UptimePercentage float64       `json:"uptime_percentage"`
-	Period           time.Duration `json:"period" swaggertype:"primitive,integer"`
-	AvgResponseTime  time.Duration `json:"avg_response_time" swaggertype:"primitive,integer"`
-}
-
-// ServiceIncidentStats holds incident statistics for a service
-type ServiceIncidentStats struct {
-	ServiceID       string `json:"service_id"`
-	ActiveIncidents int    `json:"active_incidents"`
-	TotalIncidents  int    `json:"total_incidents"`
-}
-
-// ServiceStateRecord represents a service state record in the database
-type ServiceStateRecord struct {
-	ID                 string        `json:"id"`
-	ServiceID          string        `json:"service_id"`
-	Status             ServiceStatus `json:"status"` // "up", "down", "unknown"
-	LastCheck          *time.Time    `json:"last_check,omitempty"`
-	NextCheck          *time.Time    `json:"next_check,omitempty"`
-	LastError          *string       `json:"last_error,omitempty"`
-	ConsecutiveFails   int           `json:"consecutive_fails"`
-	ConsecutiveSuccess int           `json:"consecutive_success"`
-	TotalChecks        int           `json:"total_checks"`
-	ResponseTimeNS     *int64        `json:"response_time_ns,omitempty"`
-	CreatedAt          time.Time     `json:"created_at"`
-	UpdatedAt          time.Time     `json:"updated_at"`
-}
-
-// GenerateULID generates a new ULID
-func GenerateULID() string {
-	return ulid.Make().String()
-}
diff --git a/internal/storage/orm.go b/internal/storage/orm.go
deleted file mode 100644
index 5865dd4..0000000
--- a/internal/storage/orm.go
+++ /dev/null
@@ -1,811 +0,0 @@
-package storage
-
-import (
-	"context"
-	"database/sql"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/huandu/go-sqlbuilder"
-	"github.com/sxwebdev/sentinel/internal/utils"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-)
-
-// ORMStorage provides ORM-like functionality using go-sqlbuilder
-type ORMStorage struct {
-	db *sql.DB
-}
-
-// NewORMStorage creates a new ORM storage instance
-func NewORMStorage(db *sql.DB) *ORMStorage {
-	return &ORMStorage{db: db}
-}
-
-// GetServiceStatsWithORM calculates statistics for a service using ORM
-func (o *ORMStorage) GetServiceStatsWithORM(ctx context.Context, params FindIncidentsParams) (*ServiceStats, error) {
-	if params.ServiceID == "" || params.StartTime == nil {
-		return nil, fmt.Errorf("service ID and start time are required for stats")
-	}
-
-	// Get all incidents for the service since the specified time
-	sb := findIncidentsBuilder(params,
-		"i.id",
-		"i.service_id",
-		"i.start_time",
-		"i.end_time",
-		"i.error",
-		"i.duration_ns",
-		"i.resolved",
-	)
-
-	sql, args := sb.Build()
-	rows, err := o.db.QueryContext(ctx, sql, args...)
-	if err != nil {
-		return nil, fmt.Errorf("failed to query incidents: %w", err)
-	}
-	defer rows.Close()
-
-	incidents := []*Incident{}
-	for rows.Next() {
-		var incidentRow IncidentRow
-		err := rows.Scan(
-			&incidentRow.ID,
-			&incidentRow.ServiceID,
-			&incidentRow.StartTime,
-			&incidentRow.EndTime,
-			&incidentRow.Error,
-			&incidentRow.DurationNS,
-			&incidentRow.Resolved,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("failed to scan incident: %w", err)
-		}
-
-		incidents = append(incidents, o.rowToIncident(&incidentRow))
-	}
-
-	if err := rows.Err(); err != nil {
-		return nil, fmt.Errorf("error iterating rows: %w", err)
-	}
-
-	// Calculate statistics
-	totalIncidents := len(incidents)
-	totalDowntime := time.Duration(0)
-	resolvedIncidents := 0
-
-	for _, incident := range incidents {
-		if incident.Resolved && incident.Duration != nil {
-			totalDowntime += *incident.Duration
-			resolvedIncidents++
-		}
-	}
-
-	// Calculate uptime percentage
-	period := time.Since(*params.StartTime)
-	uptimePercentage := 100.0
-	if period > 0 {
-		uptimePercentage = 100.0 - (float64(totalDowntime) / float64(period) * 100.0)
-		if uptimePercentage < 0 {
-			uptimePercentage = 0
-		}
-	}
-
-	// Get average response time from service state
-	avgResponseTime := time.Duration(0)
-	serviceState, err := o.GetServiceState(ctx, params.ServiceID)
-	if err != nil {
-		// If service state not found, return stats without response time
-		return &ServiceStats{
-			ServiceID:        params.ServiceID,
-			TotalIncidents:   totalIncidents,
-			TotalDowntime:    totalDowntime,
-			UptimePercentage: uptimePercentage,
-			Period:           period,
-			AvgResponseTime:  0,
-		}, nil
-	}
-	if serviceState != nil && serviceState.ResponseTimeNS != nil {
-		avgResponseTime = time.Duration(*serviceState.ResponseTimeNS)
-	}
-
-	return &ServiceStats{
-		ServiceID:        params.ServiceID,
-		TotalIncidents:   totalIncidents,
-		TotalDowntime:    totalDowntime,
-		UptimePercentage: uptimePercentage,
-		Period:           period,
-		AvgResponseTime:  avgResponseTime,
-	}, nil
-}
-
-// rowToIncident converts an IncidentRow to Incident
-func (o *ORMStorage) rowToIncident(row *IncidentRow) *Incident {
-	incident := &Incident{
-		ID:        row.ID,
-		ServiceID: row.ServiceID,
-		StartTime: row.StartTime,
-		EndTime:   row.EndTime,
-		Error:     row.Error,
-		Resolved:  row.Resolved,
-	}
-
-	if row.DurationNS != nil {
-		duration := time.Duration(*row.DurationNS)
-		incident.Duration = &duration
-	}
-
-	return incident
-}
-
-// GetServiceByID finds a service by ID using ORM
-func (o *ORMStorage) GetServiceByID(ctx context.Context, id string) (*Service, error) {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select(
-		"s.id",
-		"s.name",
-		"s.protocol",
-		"s.interval",
-		"s.timeout",
-		"s.retries",
-		"s.tags",
-		"s.config",
-		"s.is_enabled",
-		"s.created_at",
-		"s.updated_at",
-		"count(incidents.id) as total_incidents",
-		"sum(case when incidents.resolved = 0 then 1 else 0 end) as active_incidents",
-		"ss.status",
-		"ss.last_check",
-		"ss.next_check",
-		"ss.last_error",
-		"ss.consecutive_fails",
-		"ss.consecutive_success",
-		"ss.total_checks",
-		"ss.response_time_ns",
-	)
-	sb.From("services s")
-	sb.JoinWithOption(sqlbuilder.LeftJoin, "incidents", "s.id = incidents.service_id")
-	sb.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
-	sb.Where(sb.Equal("s.id", id))
-	sb.GroupBy("s.id")
-
-	query, args := sb.Build()
-	row := o.db.QueryRowContext(ctx, query, args...)
-
-	var item serviceRow
-	err := row.Scan(
-		&item.ID,
-		&item.Name,
-		&item.Protocol,
-		&item.Interval,
-		&item.Timeout,
-		&item.Retries,
-		&item.Tags,
-		&item.Config,
-		&item.IsEnabled,
-		&item.CreatedAt,
-		&item.UpdatedAt,
-		&item.TotalIncidents,
-		&item.ActiveIncidents,
-		&item.Status,
-		&item.LastCheck,
-		&item.NextCheck,
-		&item.LastError,
-		&item.ConsecutiveFails,
-		&item.ConsecutiveSuccess,
-		&item.TotalChecks,
-		&item.ResponseTimeNS,
-	)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, ErrNotFound
-		}
-		return nil, fmt.Errorf("failed to scan service: %w", err)
-	}
-
-	svc, err := rowToService(&item)
-	if err != nil {
-		return nil, err
-	}
-
-	return svc, nil
-}
-
-func findServicesBuilder(params FindServicesParams, col ...string) *sqlbuilder.SelectBuilder {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select(col...)
-	sb.From("services s")
-
-	if params.Name != "" {
-		sb.Where(sb.Like("s.name", "%"+params.Name+"%"))
-	}
-
-	if params.Protocol != "" {
-		sb.Where(sb.Equal("s.protocol", params.Protocol))
-	}
-
-	if params.IsEnabled != nil {
-		sb.Where(sb.Equal("s.is_enabled", *params.IsEnabled))
-	}
-
-	if params.Status != "" {
-		switch params.Status {
-		case "up":
-			sb.Where(sb.Equal("ss.status", StatusUp))
-		case "down":
-			sb.Where(sb.Equal("ss.status", StatusDown))
-		}
-	}
-
-	if len(params.Tags) > 0 {
-		var tagConditions []string
-		for _, tag := range params.Tags {
-			tagConditions = append(tagConditions,
-				fmt.Sprintf("EXISTS (SELECT 1 FROM json_each(s.tags) WHERE json_each.value = %s)",
-					sb.Args.Add(tag)))
-		}
-
-		if len(tagConditions) > 0 {
-			sb.Where(fmt.Sprintf("(%s)", strings.Join(tagConditions, " AND ")))
-		}
-	}
-
-	return sb
-}
-
-type FindServicesParams struct {
-	Name      string
-	IsEnabled *bool
-	Protocol  string
-	Tags      []string
-	Status    string // e.g. "up", "down"
-	OrderBy   string
-	Page      *uint32
-	PageSize  *uint32
-}
-
-// GetAllServices finds all services using ORM
-func (o *ORMStorage) FindServices(ctx context.Context, params FindServicesParams) (dbutils.FindResponseWithCount[*Service], error) {
-	sb := findServicesBuilder(
-		params,
-		"s.id",
-		"s.name",
-		"s.protocol",
-		"s.interval",
-		"s.timeout",
-		"s.retries",
-		"s.tags",
-		"s.config",
-		"s.is_enabled",
-		"s.created_at",
-		"s.updated_at",
-		"count(incidents.id) as total_incidents",
-		"sum(case when incidents.resolved = 0 then 1 else 0 end) as active_incidents",
-		"ss.status",
-		"ss.last_check",
-		"ss.next_check",
-		"ss.last_error",
-		"ss.consecutive_fails",
-		"ss.consecutive_success",
-		"ss.total_checks",
-		"ss.response_time_ns",
-	)
-	sb.JoinWithOption(sqlbuilder.LeftJoin, "incidents", "s.id = incidents.service_id")
-	sb.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
-	sb.GroupBy("s.id")
-
-	if params.OrderBy != "" {
-		// Add table prefix for common column names to avoid ambiguity
-		orderBy := params.OrderBy
-		switch orderBy {
-		case "created_at":
-			orderBy = "s.created_at"
-		case "updated_at":
-			orderBy = "s.updated_at"
-		case "name":
-			orderBy = "s.name"
-		case "protocol":
-			orderBy = "s.protocol"
-		case "status":
-			orderBy = "ss.status"
-		case "last_check":
-			orderBy = "ss.last_check"
-		}
-		sb.OrderBy(orderBy)
-	} else {
-		sb.OrderBy("s.name")
-	}
-
-	res := dbutils.FindResponseWithCount[*Service]{}
-
-	limit, offset, err := dbutils.Pagination(params.Page, params.PageSize)
-	if err != nil {
-		return res, err
-	}
-	sb.Limit(int(limit)).Offset(int(offset))
-
-	sql, args := sb.Build()
-	rows, err := o.db.QueryContext(ctx, sql, args...)
-	if err != nil {
-		return res, fmt.Errorf("failed to query services: %w", err)
-	}
-	defer rows.Close()
-
-	services := []*Service{}
-	for rows.Next() {
-		var item serviceRow
-		err := rows.Scan(
-			&item.ID,
-			&item.Name,
-			&item.Protocol,
-			&item.Interval,
-			&item.Timeout,
-			&item.Retries,
-			&item.Tags,
-			&item.Config,
-			&item.IsEnabled,
-			&item.CreatedAt,
-			&item.UpdatedAt,
-			&item.TotalIncidents,
-			&item.ActiveIncidents,
-			&item.Status,
-			&item.LastCheck,
-			&item.NextCheck,
-			&item.LastError,
-			&item.ConsecutiveFails,
-			&item.ConsecutiveSuccess,
-			&item.TotalChecks,
-			&item.ResponseTimeNS,
-		)
-		if err != nil {
-			return res, fmt.Errorf("failed to scan service: %w", err)
-		}
-
-		svc, err := rowToService(&item)
-		if err != nil {
-			return res, fmt.Errorf("failed to convert service row: %w", err)
-		}
-
-		services = append(services, svc)
-	}
-
-	if err := rows.Err(); err != nil {
-		return res, fmt.Errorf("error iterating rows: %w", err)
-	}
-
-	// Get total count of services
-	countQuery := findServicesBuilder(params, "count(*)")
-	countQuery.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
-
-	countSQL, countArgs := countQuery.Build()
-
-	var totalCount int
-	if err := o.db.QueryRowContext(ctx, countSQL, countArgs...).Scan(&totalCount); err != nil {
-		return res, fmt.Errorf("failed to count services: %w", err)
-	}
-
-	res.Count = uint32(totalCount)
-	res.Items = services
-
-	return res, nil
-}
-
-// CreateService creates a new service using ORM with retry logic
-func (o *ORMStorage) CreateService(ctx context.Context, service CreateUpdateServiceRequest) (*Service, error) {
-	ib := sqlbuilder.NewInsertBuilder()
-	ib.InsertInto("services")
-	ib.Cols("id", "name", "protocol", "interval", "timeout", "retries", "tags", "config", "is_enabled")
-
-	tagsJSON, err := json.Marshal(service.Tags)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal tags: %w", err)
-	}
-
-	configJSON, err := json.Marshal(service.Config)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal config: %w", err)
-	}
-
-	serviceID := GenerateULID()
-
-	ib.Values(
-		serviceID,
-		service.Name,
-		service.Protocol,
-		service.Interval.String(),
-		service.Timeout.String(),
-		service.Retries,
-		string(tagsJSON),
-		string(configJSON),
-		service.IsEnabled,
-	)
-
-	tx, err := o.db.BeginTx(ctx, nil)
-	if err != nil {
-		return nil, fmt.Errorf("failed to begin transaction: %w", err)
-	}
-	defer tx.Rollback()
-
-	sql, args := ib.Build()
-	_, err = tx.ExecContext(ctx, sql, args...)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create service: %w", err)
-	}
-
-	nextCheck := time.Now().Add(service.Interval)
-	serviceState := &ServiceStateRecord{
-		ID:        GenerateULID(),
-		ServiceID: serviceID,
-		Status:    StatusUnknown,
-		NextCheck: &nextCheck,
-	}
-
-	if err := o.CreateServiceState(ctx, tx, serviceState); err != nil {
-		return nil, fmt.Errorf("failed to create service state: %w", err)
-	}
-
-	// Commit transaction
-	if err := tx.Commit(); err != nil {
-		return nil, fmt.Errorf("failed to commit transaction: %w", err)
-	}
-
-	return o.GetServiceByID(ctx, serviceID)
-}
-
-// UpdateService updates an existing service using ORM with retry logic
-func (o *ORMStorage) UpdateService(ctx context.Context, id string, service CreateUpdateServiceRequest) (*Service, error) {
-	ub := sqlbuilder.NewUpdateBuilder()
-	ub.Update("services")
-
-	tagsJSON, err := json.Marshal(service.Tags)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal tags: %w", err)
-	}
-
-	configJSON, err := json.Marshal(service.Config)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal config: %w", err)
-	}
-
-	// Prepare all fields for update
-	assignments := []string{
-		ub.Assign("name", service.Name),
-		ub.Assign("protocol", service.Protocol),
-		ub.Assign("interval", service.Interval.String()),
-		ub.Assign("timeout", service.Timeout.String()),
-		ub.Assign("retries", service.Retries),
-		ub.Assign("tags", string(tagsJSON)),
-		ub.Assign("config", string(configJSON)),
-		ub.Assign("is_enabled", service.IsEnabled),
-		ub.Assign("updated_at", time.Now()),
-	}
-
-	// Set all assignments at once
-	ub.Set(assignments...)
-	ub.Where(ub.Equal("id", id))
-
-	sql, args := ub.Build()
-	result, err := o.db.ExecContext(ctx, sql, args...)
-	if err != nil {
-		return nil, fmt.Errorf("failed to update service: %w", err)
-	}
-
-	rowsAffected, err := result.RowsAffected()
-	if err != nil {
-		return nil, fmt.Errorf("failed to get rows affected: %w", err)
-	}
-
-	if rowsAffected == 0 {
-		return nil, fmt.Errorf("service not found")
-	}
-
-	return o.GetServiceByID(ctx, id)
-}
-
-// DeleteService deletes a service by ID
-func (o *ORMStorage) DeleteService(ctx context.Context, id string) error {
-	// Start transaction
-	tx, err := o.db.BeginTx(ctx, nil)
-	if err != nil {
-		return fmt.Errorf("failed to begin transaction: %w", err)
-	}
-	defer tx.Rollback()
-
-	// Delete related incidents first
-	incidentsQuery := `DELETE FROM incidents WHERE service_id = ?`
-	_, err = tx.ExecContext(ctx, incidentsQuery, id)
-	if err != nil {
-		return fmt.Errorf("failed to delete incidents: %w", err)
-	}
-
-	// Delete service state
-	stateQuery := `DELETE FROM service_states WHERE service_id = ?`
-	_, err = tx.ExecContext(ctx, stateQuery, id)
-	if err != nil {
-		return fmt.Errorf("failed to delete service state: %w", err)
-	}
-
-	// Delete the service
-	serviceQuery := `DELETE FROM services WHERE id = ?`
-	result, err := tx.ExecContext(ctx, serviceQuery, id)
-	if err != nil {
-		return fmt.Errorf("failed to delete service: %w", err)
-	}
-
-	rowsAffected, err := result.RowsAffected()
-	if err != nil {
-		return fmt.Errorf("failed to get rows affected: %w", err)
-	}
-
-	if rowsAffected == 0 {
-		return fmt.Errorf("service not found")
-	}
-
-	// Commit transaction
-	if err := tx.Commit(); err != nil {
-		return fmt.Errorf("failed to commit transaction: %w", err)
-	}
-
-	return nil
-}
-
-// Service state management methods
-
-// GetServiceState gets service state by service ID
-func (o *ORMStorage) GetServiceState(ctx context.Context, serviceID string) (*ServiceStateRecord, error) {
-	query := `
-		SELECT id, service_id, status, last_check, next_check, last_error, 
-		       consecutive_fails, consecutive_success, total_checks, response_time_ns,
-		       created_at, updated_at
-		FROM service_states 
-		WHERE service_id = ?
-	`
-
-	var state ServiceStateRecord
-	err := o.db.QueryRowContext(ctx, query, serviceID).Scan(
-		&state.ID,
-		&state.ServiceID,
-		&state.Status,
-		&state.LastCheck,
-		&state.NextCheck,
-		&state.LastError,
-		&state.ConsecutiveFails,
-		&state.ConsecutiveSuccess,
-		&state.TotalChecks,
-		&state.ResponseTimeNS,
-		&state.CreatedAt,
-		&state.UpdatedAt,
-	)
-	if err != nil {
-		if err == sql.ErrNoRows {
-			return nil, nil
-		}
-		return nil, fmt.Errorf("failed to get service state: %w", err)
-	}
-
-	return &state, nil
-}
-
-// CreateServiceState creates a new service state
-func (o *ORMStorage) CreateServiceState(ctx context.Context, tx *sql.Tx, state *ServiceStateRecord) error {
-	query := `
-		INSERT INTO service_states (
-			id, service_id, status, last_check, next_check, last_error,
-			consecutive_fails, consecutive_success, total_checks, response_time_ns
-		) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-	`
-
-	_, err := tx.ExecContext(ctx, query,
-		state.ID,
-		state.ServiceID,
-		state.Status,
-		state.LastCheck,
-		state.NextCheck,
-		state.LastError,
-		state.ConsecutiveFails,
-		state.ConsecutiveSuccess,
-		state.TotalChecks,
-		state.ResponseTimeNS,
-	)
-	if err != nil {
-		return fmt.Errorf("failed to create service state: %w", err)
-	}
-	return nil
-}
-
-// UpdateServiceState updates or creates service state
-func (o *ORMStorage) UpdateServiceState(ctx context.Context, params *ServiceStateRecord) error {
-	ub := sqlbuilder.NewUpdateBuilder()
-	ub.Update("service_states")
-	ub.Set(
-		ub.Assign("status", params.Status),
-		ub.Assign("last_check", params.LastCheck),
-		ub.Assign("next_check", params.NextCheck),
-		ub.Assign("last_error", params.LastError),
-		ub.Assign("consecutive_fails", params.ConsecutiveFails),
-		ub.Assign("consecutive_success", params.ConsecutiveSuccess),
-		ub.Assign("total_checks", params.TotalChecks),
-		ub.Assign("response_time_ns", params.ResponseTimeNS),
-		ub.Assign("updated_at", time.Now()),
-	)
-
-	ub.Where(ub.Equal("id", params.ID))
-
-	query, args := ub.Build()
-	if _, err := o.db.ExecContext(ctx, query, args...); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// GetAllServiceStates gets all service states
-func (o *ORMStorage) GetAllServiceStates(ctx context.Context) ([]*ServiceStateRecord, error) {
-	query := `
-		SELECT id, service_id, status, last_check, next_check, last_error,
-		       consecutive_fails, consecutive_success, total_checks, response_time_ns,
-		       created_at, updated_at
-		FROM service_states
-		ORDER BY updated_at DESC
-	`
-
-	rows, err := o.db.QueryContext(ctx, query)
-	if err != nil {
-		return nil, fmt.Errorf("failed to query service states: %w", err)
-	}
-	defer rows.Close()
-
-	states := []*ServiceStateRecord{}
-	for rows.Next() {
-		var state ServiceStateRecord
-		err := rows.Scan(
-			&state.ID, &state.ServiceID, &state.Status, &state.LastCheck, &state.NextCheck,
-			&state.LastError, &state.ConsecutiveFails, &state.ConsecutiveSuccess,
-			&state.TotalChecks, &state.ResponseTimeNS, &state.CreatedAt, &state.UpdatedAt,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("failed to scan service state: %w", err)
-		}
-		states = append(states, &state)
-	}
-
-	if err = rows.Err(); err != nil {
-		return nil, fmt.Errorf("error iterating service states: %w", err)
-	}
-
-	return states, nil
-}
-
-// DeleteServiceState deletes service state by service ID
-func (o *ORMStorage) DeleteServiceState(ctx context.Context, serviceID string) error {
-	query := `DELETE FROM service_states WHERE service_id = ?`
-	_, err := o.db.ExecContext(ctx, query, serviceID)
-	if err != nil {
-		return fmt.Errorf("failed to delete service state: %w", err)
-	}
-	return nil
-}
-
-func (o *ORMStorage) GetAllTags(ctx context.Context) ([]string, error) {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select("DISTINCT json_each.value")
-	sb.From("services, json_each(tags)")
-	sb.OrderBy("json_each.value")
-
-	sql, args := sb.Build()
-	rows, err := o.db.QueryContext(ctx, sql, args...)
-	if err != nil {
-		return nil, fmt.Errorf("failed to query tags: %w", err)
-	}
-	defer rows.Close()
-
-	var tags []string
-	for rows.Next() {
-		var tag string
-		if err := rows.Scan(&tag); err != nil {
-			return nil, fmt.Errorf("failed to scan tag: %w", err)
-		}
-		tags = append(tags, tag)
-	}
-
-	if err := rows.Err(); err != nil {
-		return nil, fmt.Errorf("error iterating rows: %w", err)
-	}
-
-	return tags, nil
-}
-
-func (o *ORMStorage) GetAllTagsWithCount(ctx context.Context) (map[string]int, error) {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select("json_each.value, COUNT(*)")
-	sb.From("services, json_each(tags)")
-	sb.GroupBy("json_each.value")
-	sb.OrderBy("json_each.value")
-
-	sql, args := sb.Build()
-	rows, err := o.db.QueryContext(ctx, sql, args...)
-	if err != nil {
-		return nil, fmt.Errorf("failed to query tags with count: %w", err)
-	}
-	defer rows.Close()
-
-	tagCounts := make(map[string]int)
-	for rows.Next() {
-		var tag string
-		var count int
-		if err := rows.Scan(&tag, &count); err != nil {
-			return nil, fmt.Errorf("failed to scan tag with count: %w", err)
-		}
-		tagCounts[tag] = count
-	}
-
-	if err := rows.Err(); err != nil {
-		return nil, fmt.Errorf("error iterating rows: %w", err)
-	}
-
-	return tagCounts, nil
-}
-
-// rowToService converts a ServiceRow to Service
-func rowToService(row *serviceRow) (*Service, error) {
-	interval, err := time.ParseDuration(row.Interval)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse interval: %w", err)
-	}
-
-	timeout, err := time.ParseDuration(row.Timeout)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse timeout: %w", err)
-	}
-
-	var tags []string
-	if err := json.Unmarshal([]byte(row.Tags), &tags); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal tags: %w", err)
-	}
-
-	var config map[string]any
-	if err := json.Unmarshal([]byte(row.Config), &config); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal config: %w", err)
-	}
-
-	svc := &Service{
-		ID:                 row.ID,
-		Name:               row.Name,
-		Protocol:           ServiceProtocolType(row.Protocol),
-		Interval:           interval,
-		Timeout:            timeout,
-		Retries:            row.Retries,
-		Tags:               tags,
-		Config:             config,
-		IsEnabled:          row.IsEnabled,
-		CreatedAt:          row.CreatedAt,
-		UpdatedAt:          row.UpdatedAt,
-		TotalIncidents:     row.TotalIncidents,
-		ActiveIncidents:    row.ActiveIncidents,
-		Status:             row.Status,
-		LastCheck:          row.LastCheck,
-		NextCheck:          row.NextCheck,
-		LastError:          row.LastError,
-		ConsecutiveFails:   row.ConsecutiveFails,
-		ConsecutiveSuccess: row.ConsecutiveSuccess,
-		TotalChecks:        row.TotalChecks,
-	}
-
-	if row.ResponseTimeNS != nil {
-		svc.ResponseTime = utils.Pointer(time.Duration(*row.ResponseTimeNS))
-	}
-
-	return svc, nil
-}
-
-// durationToNS converts a duration pointer to nanoseconds
-func durationToNS(d *time.Duration) *int64 {
-	if d == nil {
-		return nil
-	}
-	ns := d.Nanoseconds()
-	return &ns
-}
diff --git a/internal/storage/sqlite.go b/internal/storage/sqlite.go
deleted file mode 100644
index a3a6211..0000000
--- a/internal/storage/sqlite.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package storage
-
-import (
-	"context"
-	"database/sql"
-	"fmt"
-	"os"
-	"path/filepath"
-	"time"
-
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-	_ "modernc.org/sqlite"
-)
-
-// SQLiteStorage implements Storage interface using SQLite
-type SQLiteStorage struct {
-	db  *sql.DB
-	orm *ORMStorage
-}
-
-var _ Storage = (*SQLiteStorage)(nil)
-
-// NewSQLiteStorage creates a new SQLite storage instance
-func NewSQLiteStorage(dbPath string) (*SQLiteStorage, error) {
-	// Ensure directory exists
-	dir := filepath.Dir(dbPath)
-	if err := os.MkdirAll(dir, 0o755); err != nil {
-		return nil, fmt.Errorf("failed to create database directory: %w", err)
-	}
-
-	// Open SQLite database with proper settings for concurrent access
-	db, err := sql.Open("sqlite", dbPath+"?_busy_timeout=30000&_journal_mode=WAL&_synchronous=NORMAL&_cache_size=10000&_foreign_keys=on")
-	if err != nil {
-		return nil, fmt.Errorf("failed to open database: %w", err)
-	}
-
-	// Set connection pool settings
-	db.SetMaxOpenConns(1)
-	db.SetMaxIdleConns(1)
-	db.SetConnMaxLifetime(time.Hour)
-
-	// Test connection
-	if err := db.PingContext(context.Background()); err != nil {
-		return nil, fmt.Errorf("failed to ping database: %w", err)
-	}
-
-	storage := &SQLiteStorage{
-		db:  db,
-		orm: NewORMStorage(db),
-	}
-
-	if err := runMigrations(db); err != nil {
-		db.Close()
-		return nil, fmt.Errorf("failed to migrate database: %w", err)
-	}
-
-	return storage, nil
-}
-
-// Name returns the storage type
-func (s *SQLiteStorage) Name() string {
-	return "SQLite"
-}
-
-// Start initializes the storage
-func (s *SQLiteStorage) Start(_ context.Context) error {
-	if s.db == nil {
-		return fmt.Errorf("storage not initialized")
-	}
-	return nil
-}
-
-// Stop closes the database connection
-func (s *SQLiteStorage) Stop(_ context.Context) error {
-	if s.db != nil {
-		if err := s.db.Close(); err != nil {
-			return fmt.Errorf("failed to close database: %w", err)
-		}
-		s.db = nil
-	}
-	return nil
-}
-
-// Incident methods
-
-// SaveIncident saves a new incident to the database
-func (s *SQLiteStorage) SaveIncident(ctx context.Context, incident *Incident) error {
-	incident.ID = GenerateULID()
-
-	return s.orm.CreateIncident(ctx, incident)
-}
-
-// GetIncidentByID retrieves an incident by ID
-func (s *SQLiteStorage) GetIncidentByID(ctx context.Context, id string) (*Incident, error) {
-	return s.orm.GetIncidentByID(ctx, id)
-}
-
-// UpdateIncident updates an existing incident
-func (s *SQLiteStorage) UpdateIncident(ctx context.Context, incident *Incident) error {
-	return s.orm.UpdateIncident(ctx, incident)
-}
-
-// DeleteIncident deletes an incident by ID
-func (s *SQLiteStorage) DeleteIncident(ctx context.Context, incidentID string) error {
-	return s.orm.DeleteIncident(ctx, incidentID)
-}
-
-// FindIncidents retrieves all incidents
-func (s *SQLiteStorage) FindIncidents(ctx context.Context, params FindIncidentsParams) (dbutils.FindResponseWithCount[*Incident], error) {
-	return s.orm.FindIncidents(ctx, params)
-}
-
-// IncidentsCount retrieves the total count of incidents
-func (s *SQLiteStorage) IncidentsCount(ctx context.Context, params FindIncidentsParams) (uint32, error) {
-	return s.orm.IncidentsCount(ctx, params)
-}
-
-// GetServiceStats calculates statistics for a service
-func (s *SQLiteStorage) GetServiceStats(ctx context.Context, params FindIncidentsParams) (*ServiceStats, error) {
-	return s.orm.GetServiceStatsWithORM(ctx, params)
-}
-
-// ResolveAllIncidents resolves all incidents for a service
-func (s *SQLiteStorage) ResolveAllIncidents(ctx context.Context, serviceID string) ([]*Incident, error) {
-	return s.orm.ResolveAllIncidents(ctx, serviceID)
-}
-
-// GetIncidentsStatsByDateRange retrieves incident stats by date range
-func (s *SQLiteStorage) GetIncidentsStatsByDateRange(ctx context.Context, startTime, endTime time.Time) (GetIncidentsStatsByDateRangeData, error) {
-	return s.orm.GetIncidentsStatsByDateRange(ctx, startTime, endTime)
-}
-
-// Service methods
-
-// CreateService saves a new service to the database
-func (s *SQLiteStorage) CreateService(ctx context.Context, service CreateUpdateServiceRequest) (*Service, error) {
-	return s.orm.CreateService(ctx, service)
-}
-
-// GetService retrieves a service by ID
-func (s *SQLiteStorage) GetServiceByID(ctx context.Context, id string) (*Service, error) {
-	return s.orm.GetServiceByID(ctx, id)
-}
-
-// FindServices retrieves all services
-func (s *SQLiteStorage) FindServices(ctx context.Context, params FindServicesParams) (dbutils.FindResponseWithCount[*Service], error) {
-	return s.orm.FindServices(ctx, params)
-}
-
-// UpdateService updates an existing service
-func (s *SQLiteStorage) UpdateService(ctx context.Context, id string, service CreateUpdateServiceRequest) (*Service, error) {
-	return s.orm.UpdateService(ctx, id, service)
-}
-
-// DeleteService deletes a service by ID
-func (s *SQLiteStorage) DeleteService(ctx context.Context, id string) error {
-	return s.orm.DeleteService(ctx, id)
-}
-
-// Service state management methods
-
-// GetServiceState gets service state
-func (s *SQLiteStorage) GetServiceState(ctx context.Context, serviceID string) (*ServiceStateRecord, error) {
-	return s.orm.GetServiceState(ctx, serviceID)
-}
-
-// UpdateServiceState updates service state
-func (s *SQLiteStorage) UpdateServiceState(ctx context.Context, state *ServiceStateRecord) error {
-	return s.orm.UpdateServiceState(ctx, state)
-}
-
-// GetAllServiceStates gets all service states
-func (s *SQLiteStorage) GetAllServiceStates(ctx context.Context) ([]*ServiceStateRecord, error) {
-	return s.orm.GetAllServiceStates(ctx)
-}
-
-// GetAllTags retrieves all unique tags across services
-func (s *SQLiteStorage) GetAllTags(ctx context.Context) ([]string, error) {
-	return s.orm.GetAllTags(ctx)
-}
-
-// GetAllTagsWithCount retrieves all unique tags with their usage count
-func (s *SQLiteStorage) GetAllTagsWithCount(ctx context.Context) (map[string]int, error) {
-	return s.orm.GetAllTagsWithCount(ctx)
-}
-
-// GetSQLiteVersion returns the SQLite version
-func (s *SQLiteStorage) GetSQLiteVersion(ctx context.Context) (string, error) {
-	var version string
-	err := s.db.QueryRowContext(ctx, "SELECT sqlite_version()").Scan(&version)
-	if err != nil {
-		return "", fmt.Errorf("failed to get SQLite version: %w", err)
-	}
-	return version, nil
-}
diff --git a/internal/storage/storage.go b/internal/storage/storage.go
deleted file mode 100644
index dd41cf5..0000000
--- a/internal/storage/storage.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package storage
-
-import (
-	"context"
-	"time"
-
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-	"github.com/tkcrm/mx/service"
-)
-
-// Storage defines the interface for incident storage
-type Storage interface {
-	service.IService
-
-	// Incident management
-	GetIncidentByID(ctx context.Context, id string) (*Incident, error)
-	SaveIncident(ctx context.Context, incident *Incident) error
-	UpdateIncident(ctx context.Context, incident *Incident) error
-	DeleteIncident(ctx context.Context, incidentID string) error
-	FindIncidents(ctx context.Context, params FindIncidentsParams) (dbutils.FindResponseWithCount[*Incident], error)
-	IncidentsCount(ctx context.Context, params FindIncidentsParams) (uint32, error)
-	ResolveAllIncidents(ctx context.Context, serviceID string) ([]*Incident, error)
-	GetIncidentsStatsByDateRange(ctx context.Context, startTime, endTime time.Time) (GetIncidentsStatsByDateRangeData, error)
-
-	// Service management
-	CreateService(ctx context.Context, request CreateUpdateServiceRequest) (*Service, error)
-	GetServiceByID(ctx context.Context, id string) (*Service, error)
-	FindServices(ctx context.Context, params FindServicesParams) (dbutils.FindResponseWithCount[*Service], error)
-	UpdateService(ctx context.Context, id string, request CreateUpdateServiceRequest) (*Service, error)
-	DeleteService(ctx context.Context, id string) error
-
-	// Service state management
-	GetServiceState(ctx context.Context, serviceID string) (*ServiceStateRecord, error)
-	UpdateServiceState(ctx context.Context, state *ServiceStateRecord) error
-	GetAllServiceStates(ctx context.Context) ([]*ServiceStateRecord, error)
-
-	// Tags
-	GetAllTags(ctx context.Context) ([]string, error)
-	GetAllTagsWithCount(ctx context.Context) (map[string]int, error)
-
-	// Statistics
-	GetServiceStats(ctx context.Context, params FindIncidentsParams) (*ServiceStats, error)
-
-	// SQLite specific methods
-	GetSQLiteVersion(ctx context.Context) (string, error)
-}
diff --git a/internal/storage/types.go b/internal/storage/types.go
deleted file mode 100644
index d899327..0000000
--- a/internal/storage/types.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package storage
-
-import "time"
-
-type CreateUpdateServiceRequest struct {
-	Name      string              `json:"name" yaml:"name"`
-	Protocol  ServiceProtocolType `json:"protocol" yaml:"protocol"`
-	Interval  time.Duration       `json:"interval" yaml:"interval" swaggertype:"primitive,integer"`
-	Timeout   time.Duration       `json:"timeout" yaml:"timeout" swaggertype:"primitive,integer"`
-	Retries   int                 `json:"retries" yaml:"retries"`
-	Tags      []string            `json:"tags" yaml:"tags"`
-	Config    map[string]any      `json:"config" yaml:"config"`
-	IsEnabled bool                `json:"is_enabled" yaml:"is_enabled"`
-}
diff --git a/internal/store/badgerdb/db.go b/internal/store/badgerdb/db.go
new file mode 100644
index 0000000..1c71887
--- /dev/null
+++ b/internal/store/badgerdb/db.go
@@ -0,0 +1,38 @@
+package badgerdb
+
+import (
+	"context"
+
+	"github.com/dgraph-io/badger/v4"
+	"github.com/tkcrm/mx/logger"
+)
+
+type DB struct {
+	db *badger.DB
+}
+
+func New(l logger.Logger, path string) (*DB, error) {
+	defaultOptions := badger.DefaultOptions(path)
+	defaultOptions.Logger = &bLogger{l: logger.With(l, "service", "badgerdb")}
+
+	db, err := badger.Open(defaultOptions)
+	if err != nil {
+		return nil, err
+	}
+	return &DB{db: db}, nil
+}
+
+// Named returns the name of the database engine.
+func (d *DB) Name() string {
+	return "badgerdb"
+}
+
+// Start starts the database engine.
+func (d *DB) Start(_ context.Context) error {
+	return nil
+}
+
+// Stop stops the database engine.
+func (d *DB) Stop(_ context.Context) error {
+	return d.db.Close()
+}
diff --git a/internal/store/badgerdb/logger.go b/internal/store/badgerdb/logger.go
new file mode 100644
index 0000000..49ac499
--- /dev/null
+++ b/internal/store/badgerdb/logger.go
@@ -0,0 +1,31 @@
+package badgerdb
+
+import (
+	"strings"
+
+	"github.com/tkcrm/mx/logger"
+)
+
+type bLogger struct {
+	l logger.Logger
+}
+
+// Errorf logs an error message with formatting
+func (bl *bLogger) Errorf(format string, args ...any) {
+	bl.l.Errorf(strings.TrimSpace(format), args...)
+}
+
+// Warningf logs a warning message with formatting
+func (bl *bLogger) Warningf(format string, args ...any) {
+	bl.l.Warnf(strings.TrimSpace(format), args...)
+}
+
+// Infof logs an info message with formatting
+func (bl *bLogger) Infof(format string, args ...any) {
+	bl.l.Infof(strings.TrimSpace(format), args...)
+}
+
+// Debugf logs a debug message with formatting
+func (bl *bLogger) Debugf(format string, args ...any) {
+	// bl.l.Debugf(strings.TrimSpace(format), args...)
+}
diff --git a/internal/store/badgerdb/methods.go b/internal/store/badgerdb/methods.go
new file mode 100644
index 0000000..dd77d06
--- /dev/null
+++ b/internal/store/badgerdb/methods.go
@@ -0,0 +1,123 @@
+package badgerdb
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/dgraph-io/badger/v4"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+// Get retrieves a value by key from BadgerDB
+func (d *DB) Get(ctx context.Context, key []byte) ([]byte, error) {
+	var value []byte
+	err := d.db.View(func(txn *badger.Txn) error {
+		item, err := txn.Get(key)
+		if err != nil {
+			return err
+		}
+		value, err = item.ValueCopy(nil)
+		return err
+	})
+	if err == badger.ErrKeyNotFound {
+		return nil, storecmn.ErrNotFound
+	}
+	return value, err
+}
+
+// Set stores a key-value pair with optional expiration
+func (d *DB) Set(ctx context.Context, key []byte, value []byte, expiration time.Duration) error {
+	return d.db.Update(func(txn *badger.Txn) error {
+		entry := badger.NewEntry(key, value)
+		if expiration > 0 {
+			entry = entry.WithTTL(expiration)
+		}
+		return txn.SetEntry(entry)
+	})
+}
+
+// Delete removes a key from BadgerDB
+func (d *DB) Delete(ctx context.Context, key []byte) error {
+	return d.db.Update(func(txn *badger.Txn) error {
+		return txn.Delete(key)
+	})
+}
+
+// Keys returns all keys with the given prefix
+func (d *DB) Keys(ctx context.Context, prefix []byte) ([]string, error) {
+	var keys []string
+	err := d.db.View(func(txn *badger.Txn) error {
+		opts := badger.DefaultIteratorOptions
+		opts.PrefetchValues = false
+		it := txn.NewIterator(opts)
+		defer it.Close()
+
+		for it.Seek(prefix); it.ValidForPrefix(prefix); it.Next() {
+			item := it.Item()
+			keys = append(keys, string(item.KeyCopy(nil)))
+		}
+		return nil
+	})
+	return keys, err
+}
+
+// KeysAndValues returns all keys and values with the given prefix
+func (d *DB) KeysAndValues(ctx context.Context, prefix []byte) (map[string][]byte, error) {
+	result := make(map[string][]byte)
+	err := d.db.View(func(txn *badger.Txn) error {
+		opts := badger.DefaultIteratorOptions
+		opts.PrefetchValues = true
+		it := txn.NewIterator(opts)
+		defer it.Close()
+
+		for it.Seek(prefix); it.ValidForPrefix(prefix); it.Next() {
+			item := it.Item()
+			key := string(item.KeyCopy(nil))
+			value, err := item.ValueCopy(nil)
+			if err != nil {
+				return err
+			}
+			result[key] = value
+		}
+		return nil
+	})
+	return result, err
+}
+
+// GetFromJSON retrieves a value and unmarshals it into dst
+func (d *DB) GetFromJSON(ctx context.Context, key []byte, dst any) error {
+	value, err := d.Get(ctx, key)
+	if err != nil {
+		return err
+	}
+	if value == nil {
+		return storecmn.ErrNotFound
+	}
+	return json.Unmarshal(value, dst)
+}
+
+// SetJSON marshals value to JSON and stores it
+func (d *DB) SetJSON(ctx context.Context, key []byte, value any, expiration time.Duration) error {
+	data, err := json.Marshal(value)
+	if err != nil {
+		return fmt.Errorf("failed to marshal value: %w", err)
+	}
+	return d.Set(ctx, key, data, expiration)
+}
+
+// Exists checks if a key exists in BadgerDB
+func (d *DB) Exists(ctx context.Context, key []byte) (bool, error) {
+	err := d.db.View(func(txn *badger.Txn) error {
+		_, err := txn.Get(key)
+		return err
+	})
+	if err == badger.ErrKeyNotFound {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	return true, nil
+}
diff --git a/internal/store/repos/options.go b/internal/store/repos/options.go
new file mode 100644
index 0000000..647c25a
--- /dev/null
+++ b/internal/store/repos/options.go
@@ -0,0 +1,24 @@
+package repos
+
+import "database/sql"
+
+type Option func(*Options)
+
+type Options struct {
+	Tx *sql.Tx
+}
+
+func parseOptions(opts ...Option) Options {
+	options := Options{}
+	for _, opt := range opts {
+		opt(&options)
+	}
+
+	return options
+}
+
+func WithTx(tx *sql.Tx) Option {
+	return func(o *Options) {
+		o.Tx = tx
+	}
+}
diff --git a/internal/store/repos/repo_agents/agents.sql.go b/internal/store/repos/repo_agents/agents.sql.go
new file mode 100644
index 0000000..28109b9
--- /dev/null
+++ b/internal/store/repos/repo_agents/agents.sql.go
@@ -0,0 +1,52 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: agents.sql
+
+package repo_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const exist = `-- name: Exist :one
+SELECT EXISTS (SELECT 1 FROM agents WHERE id=? LIMIT 1)
+`
+
+func (q *Queries) Exist(ctx context.Context, id string) (int64, error) {
+	row := q.db.QueryRowContext(ctx, exist, id)
+	var column_1 int64
+	err := row.Scan(&column_1)
+	return column_1, err
+}
+
+const getByIDAndProjectID = `-- name: GetByIDAndProjectID :one
+SELECT id, name, description, secret_hash, token_hint, fingerprint, kind, status, is_enabled, location, tags, config, system_info, project_id, last_seen_at, created_at, updated_at FROM agents WHERE id=? AND project_id=? LIMIT 1
+`
+
+func (q *Queries) GetByIDAndProjectID(ctx context.Context, iD string, projectID string) (*models.Agent, error) {
+	row := q.db.QueryRowContext(ctx, getByIDAndProjectID, iD, projectID)
+	var i models.Agent
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.SecretHash,
+		&i.TokenHint,
+		&i.Fingerprint,
+		&i.Kind,
+		&i.Status,
+		&i.IsEnabled,
+		&i.Location,
+		&i.Tags,
+		&i.Config,
+		&i.SystemInfo,
+		&i.ProjectID,
+		&i.LastSeenAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_agents/agents_gen.sql.go b/internal/store/repos/repo_agents/agents_gen.sql.go
new file mode 100644
index 0000000..0262c7e
--- /dev/null
+++ b/internal/store/repos/repo_agents/agents_gen.sql.go
@@ -0,0 +1,107 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: agents_gen.sql
+
+package repo_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO agents (id, name, description, secret_hash, token_hint, kind, is_enabled, location, tags, config, project_id)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, name, description, secret_hash, token_hint, fingerprint, kind, status, is_enabled, location, tags, config, system_info, project_id, last_seen_at, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID          string               `db:"id" json:"id"`
+	Name        string               `db:"name" json:"name"`
+	Description string               `db:"description" json:"description"`
+	SecretHash  string               `db:"secret_hash" json:"secret_hash"`
+	TokenHint   string               `db:"token_hint" json:"token_hint"`
+	Kind        models.AgentKindType `db:"kind" json:"kind"`
+	IsEnabled   bool                 `db:"is_enabled" json:"is_enabled"`
+	Location    *string              `db:"location" json:"location"`
+	Tags        models.Tags          `db:"tags" json:"tags"`
+	Config      models.AgentConfig   `db:"config" json:"config"`
+	ProjectID   string               `db:"project_id" json:"project_id"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Agent, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.Name,
+		arg.Description,
+		arg.SecretHash,
+		arg.TokenHint,
+		arg.Kind,
+		arg.IsEnabled,
+		arg.Location,
+		arg.Tags,
+		arg.Config,
+		arg.ProjectID,
+	)
+	var i models.Agent
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.SecretHash,
+		&i.TokenHint,
+		&i.Fingerprint,
+		&i.Kind,
+		&i.Status,
+		&i.IsEnabled,
+		&i.Location,
+		&i.Tags,
+		&i.Config,
+		&i.SystemInfo,
+		&i.ProjectID,
+		&i.LastSeenAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM agents WHERE id=? AND project_id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, iD string, projectID string) error {
+	_, err := q.db.ExecContext(ctx, delete, iD, projectID)
+	return err
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, name, description, secret_hash, token_hint, fingerprint, kind, status, is_enabled, location, tags, config, system_info, project_id, last_seen_at, created_at, updated_at FROM agents WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Agent, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Agent
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.SecretHash,
+		&i.TokenHint,
+		&i.Fingerprint,
+		&i.Kind,
+		&i.Status,
+		&i.IsEnabled,
+		&i.Location,
+		&i.Tags,
+		&i.Config,
+		&i.SystemInfo,
+		&i.ProjectID,
+		&i.LastSeenAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_agents/constants_gen.go b/internal/store/repos/repo_agents/constants_gen.go
new file mode 100755
index 0000000..a1c8ab7
--- /dev/null
+++ b/internal/store/repos/repo_agents/constants_gen.go
@@ -0,0 +1,81 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_agents
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameAgents TableName = "agents"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameAgentsId          ColumnName = "id"
+	ColumnNameAgentsName        ColumnName = "name"
+	ColumnNameAgentsDescription ColumnName = "description"
+	ColumnNameAgentsSecretHash  ColumnName = "secret_hash"
+	ColumnNameAgentsTokenHint   ColumnName = "token_hint"
+	ColumnNameAgentsFingerprint ColumnName = "fingerprint"
+	ColumnNameAgentsKind        ColumnName = "kind"
+	ColumnNameAgentsStatus      ColumnName = "status"
+	ColumnNameAgentsIsEnabled   ColumnName = "is_enabled"
+	ColumnNameAgentsLocation    ColumnName = "location"
+	ColumnNameAgentsTags        ColumnName = "tags"
+	ColumnNameAgentsConfig      ColumnName = "config"
+	ColumnNameAgentsSystemInfo  ColumnName = "system_info"
+	ColumnNameAgentsProjectId   ColumnName = "project_id"
+	ColumnNameAgentsLastSeenAt  ColumnName = "last_seen_at"
+	ColumnNameAgentsCreatedAt   ColumnName = "created_at"
+	ColumnNameAgentsUpdatedAt   ColumnName = "updated_at"
+)
+
+func AgentsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameAgentsId,
+		ColumnNameAgentsName,
+		ColumnNameAgentsDescription,
+		ColumnNameAgentsSecretHash,
+		ColumnNameAgentsTokenHint,
+		ColumnNameAgentsFingerprint,
+		ColumnNameAgentsKind,
+		ColumnNameAgentsStatus,
+		ColumnNameAgentsIsEnabled,
+		ColumnNameAgentsLocation,
+		ColumnNameAgentsTags,
+		ColumnNameAgentsConfig,
+		ColumnNameAgentsSystemInfo,
+		ColumnNameAgentsProjectId,
+		ColumnNameAgentsLastSeenAt,
+		ColumnNameAgentsCreatedAt,
+		ColumnNameAgentsUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_agents/custom.go b/internal/store/repos/repo_agents/custom.go
new file mode 100644
index 0000000..063fb4c
--- /dev/null
+++ b/internal/store/repos/repo_agents/custom.go
@@ -0,0 +1,36 @@
+package repo_agents
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ICustomQuerier interface {
+	Querier
+	Update(ctx context.Context, id string, params UpdateRequest) (*models.Agent, error)
+	Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Agent], error)
+}
+
+type CustomQueries struct {
+	*Queries
+	db DBTX
+}
+
+func NewCustom(db DBTX) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(db),
+		db:      db,
+	}
+}
+
+func (s *CustomQueries) WithTx(tx *sql.Tx) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(tx),
+		db:      tx,
+	}
+}
+
+var _ ICustomQuerier = (*CustomQueries)(nil)
diff --git a/internal/store/repos/repo_agents/db.go b/internal/store/repos/repo_agents/db.go
new file mode 100644
index 0000000..cb62d9d
--- /dev/null
+++ b/internal/store/repos/repo_agents/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_agents
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_agents/find.go b/internal/store/repos/repo_agents/find.go
new file mode 100644
index 0000000..53b5bd0
--- /dev/null
+++ b/internal/store/repos/repo_agents/find.go
@@ -0,0 +1,92 @@
+package repo_agents
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/georgysavva/scany/v2/sqlscan"
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type FindParams struct {
+	Name      string
+	IsEnabled *bool
+	Tags      []string
+	Status    string
+	ProjectID string
+	OrderBy   string
+	Page      *uint32
+	PageSize  *uint32
+}
+
+func findBuilder(params FindParams, col ...string) *sqlbuilder.SelectBuilder {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select(col...)
+	sb.From(TableNameAgents.String()).
+		Where(sb.Equal(ColumnNameAgentsProjectId.String(), params.ProjectID))
+
+	if params.Name != "" {
+		sb.Where(sb.Like("name", "%"+params.Name+"%"))
+	}
+
+	if params.IsEnabled != nil {
+		sb.Where(sb.Equal("is_enabled", *params.IsEnabled))
+	}
+
+	if params.Status != "" {
+		sb.Where(sb.Equal("status", params.Status))
+	}
+
+	if len(params.Tags) > 0 {
+		var tagConditions []string
+		for _, tag := range params.Tags {
+			tagConditions = append(tagConditions,
+				fmt.Sprintf("EXISTS (SELECT 1 FROM json_each(s.tags) WHERE json_each.value = %s)",
+					sb.Args.Add(tag)))
+		}
+
+		if len(tagConditions) > 0 {
+			sb.Where(fmt.Sprintf("(%s)", strings.Join(tagConditions, " AND ")))
+		}
+	}
+
+	return sb
+}
+
+// Find returns list of agents by given filters with pagination
+func (s *CustomQueries) Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Agent], error) {
+	sb := findBuilder(params, AgentsColumnNames().Strings()...)
+
+	if params.OrderBy == "" {
+		params.OrderBy = "created_at"
+	}
+
+	sb.OrderByDesc(params.OrderBy)
+
+	limit, offset, err := storecmn.Pagination(params.Page, params.PageSize)
+	if err != nil {
+		return nil, err
+	}
+	sb.Limit(int(limit)).Offset(int(offset))
+
+	items := []*models.Agent{}
+	sql, args := sb.Build()
+	if err := sqlscan.Select(ctx, s.db, &items, sql, args...); err != nil {
+		return nil, err
+	}
+
+	// Get total count of services
+	var totalCount uint32
+	countSQL, countArgs := findBuilder(params, "count(*)").Build()
+	if err := sqlscan.Get(ctx, s.db, &totalCount, countSQL, countArgs...); err != nil {
+		return nil, err
+	}
+
+	return &storecmn.FindResponseWithCount[*models.Agent]{
+		Count: totalCount,
+		Items: items,
+	}, nil
+}
diff --git a/internal/store/repos/repo_agents/querier.go b/internal/store/repos/repo_agents/querier.go
new file mode 100644
index 0000000..ac0ed31
--- /dev/null
+++ b/internal/store/repos/repo_agents/querier.go
@@ -0,0 +1,21 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Agent, error)
+	Delete(ctx context.Context, iD string, projectID string) error
+	Exist(ctx context.Context, id string) (int64, error)
+	GetByID(ctx context.Context, id string) (*models.Agent, error)
+	GetByIDAndProjectID(ctx context.Context, iD string, projectID string) (*models.Agent, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_agents/update.go b/internal/store/repos/repo_agents/update.go
new file mode 100644
index 0000000..a33ac01
--- /dev/null
+++ b/internal/store/repos/repo_agents/update.go
@@ -0,0 +1,74 @@
+package repo_agents
+
+import (
+	"context"
+	"fmt"
+	"slices"
+
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/samber/lo"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+	"github.com/tkcrm/modules/pkg/db/dbutils"
+	"github.com/tkcrm/modules/pkg/utils"
+)
+
+var availableUpdateColumns = lo.Filter(AgentsColumnNames(), func(item ColumnName, _ int) bool {
+	return !slices.Contains([]ColumnName{
+		ColumnNameAgentsId,
+		ColumnNameAgentsCreatedAt,
+		ColumnNameAgentsUpdatedAt,
+	}, item)
+})
+
+type UpdateRequest struct {
+	models.Agent
+	FieldMask dbutils.FieldMask[ColumnName]
+}
+
+func (s *CustomQueries) Update(ctx context.Context, id string, params UpdateRequest) (*models.Agent, error) {
+	if id == "" {
+		return nil, storecmn.ErrEmptyID
+	}
+
+	for _, path := range params.FieldMask.Items() {
+		if !slices.Contains(availableUpdateColumns, path) {
+			return nil, fmt.Errorf("unavailable field %s for this method", path)
+		}
+	}
+
+	ub := sqlbuilder.NewUpdateBuilder()
+	ub.Update(TableNameAgents.String()).
+		Where(ub.Equal("id", id)).
+		Set("updated_at = CURRENT_TIMESTAMP")
+
+	values, err := utils.StructToMap(params.Agent, "json")
+	if err != nil {
+		return nil, err
+	}
+
+	for _, path := range params.FieldMask {
+		idx := slices.IndexFunc(AgentsColumnNames(), func(i ColumnName) bool {
+			return path == i
+		})
+
+		if idx == -1 {
+			return nil, fmt.Errorf("unavailable path: %s", path)
+		}
+
+		value, ok := values[path.String()]
+		if !ok {
+			return nil, fmt.Errorf("value not found for path: %s", path)
+		}
+
+		ub.SetMore(ub.Assign(path.String(), value))
+	}
+
+	// execute query
+	sql, args := ub.Build()
+	if _, err := s.db.ExecContext(ctx, sql, args...); err != nil {
+		return nil, err
+	}
+
+	return s.GetByID(ctx, id)
+}
diff --git a/internal/store/repos/repo_alert_policies/alert_policies_gen.sql.go b/internal/store/repos/repo_alert_policies/alert_policies_gen.sql.go
new file mode 100644
index 0000000..fe2e4a0
--- /dev/null
+++ b/internal/store/repos/repo_alert_policies/alert_policies_gen.sql.go
@@ -0,0 +1,111 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: alert_policies_gen.sql
+
+package repo_alert_policies
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO alert_policies (id, name, rules, is_enabled, project_id)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, name, rules, is_enabled, project_id, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID        string             `db:"id" json:"id"`
+	Name      string             `db:"name" json:"name"`
+	Rules     storecmn.JSONField `db:"rules" json:"rules"`
+	IsEnabled bool               `db:"is_enabled" json:"is_enabled"`
+	ProjectID string             `db:"project_id" json:"project_id"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.AlertPolicy, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.Name,
+		arg.Rules,
+		arg.IsEnabled,
+		arg.ProjectID,
+	)
+	var i models.AlertPolicy
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Rules,
+		&i.IsEnabled,
+		&i.ProjectID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM alert_policies WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, name, rules, is_enabled, project_id, created_at, updated_at FROM alert_policies
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.AlertPolicy, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.AlertPolicy{}
+	for rows.Next() {
+		var i models.AlertPolicy
+		if err := rows.Scan(
+			&i.ID,
+			&i.Name,
+			&i.Rules,
+			&i.IsEnabled,
+			&i.ProjectID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, name, rules, is_enabled, project_id, created_at, updated_at FROM alert_policies WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.AlertPolicy, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.AlertPolicy
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Rules,
+		&i.IsEnabled,
+		&i.ProjectID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_alert_policies/constants_gen.go b/internal/store/repos/repo_alert_policies/constants_gen.go
new file mode 100755
index 0000000..fdb206b
--- /dev/null
+++ b/internal/store/repos/repo_alert_policies/constants_gen.go
@@ -0,0 +1,61 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_alert_policies
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameAlertPolicies TableName = "alert_policies"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameAlertPoliciesId        ColumnName = "id"
+	ColumnNameAlertPoliciesName      ColumnName = "name"
+	ColumnNameAlertPoliciesRules     ColumnName = "rules"
+	ColumnNameAlertPoliciesIsEnabled ColumnName = "is_enabled"
+	ColumnNameAlertPoliciesProjectId ColumnName = "project_id"
+	ColumnNameAlertPoliciesCreatedAt ColumnName = "created_at"
+	ColumnNameAlertPoliciesUpdatedAt ColumnName = "updated_at"
+)
+
+func AlertPoliciesColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameAlertPoliciesId,
+		ColumnNameAlertPoliciesName,
+		ColumnNameAlertPoliciesRules,
+		ColumnNameAlertPoliciesIsEnabled,
+		ColumnNameAlertPoliciesProjectId,
+		ColumnNameAlertPoliciesCreatedAt,
+		ColumnNameAlertPoliciesUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_alert_policies/db.go b/internal/store/repos/repo_alert_policies/db.go
new file mode 100644
index 0000000..ede9e79
--- /dev/null
+++ b/internal/store/repos/repo_alert_policies/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_alert_policies
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_alert_policies/querier.go b/internal/store/repos/repo_alert_policies/querier.go
new file mode 100644
index 0000000..47de7b6
--- /dev/null
+++ b/internal/store/repos/repo_alert_policies/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_alert_policies
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.AlertPolicy, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.AlertPolicy, error)
+	GetByID(ctx context.Context, id string) (*models.AlertPolicy, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_alerts/alerts_gen.sql.go b/internal/store/repos/repo_alerts/alerts_gen.sql.go
new file mode 100644
index 0000000..744423a
--- /dev/null
+++ b/internal/store/repos/repo_alerts/alerts_gen.sql.go
@@ -0,0 +1,102 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: alerts_gen.sql
+
+package repo_alerts
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO alerts (id, incident_id, policy_id, status)
+	VALUES (?, ?, ?, ?)
+	RETURNING id, incident_id, policy_id, status, created_at
+`
+
+type CreateParams struct {
+	ID         string `db:"id" json:"id"`
+	IncidentID string `db:"incident_id" json:"incident_id"`
+	PolicyID   string `db:"policy_id" json:"policy_id"`
+	Status     string `db:"status" json:"status"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Alert, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.IncidentID,
+		arg.PolicyID,
+		arg.Status,
+	)
+	var i models.Alert
+	err := row.Scan(
+		&i.ID,
+		&i.IncidentID,
+		&i.PolicyID,
+		&i.Status,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM alerts WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, incident_id, policy_id, status, created_at FROM alerts
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.Alert, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.Alert{}
+	for rows.Next() {
+		var i models.Alert
+		if err := rows.Scan(
+			&i.ID,
+			&i.IncidentID,
+			&i.PolicyID,
+			&i.Status,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, incident_id, policy_id, status, created_at FROM alerts WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Alert, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Alert
+	err := row.Scan(
+		&i.ID,
+		&i.IncidentID,
+		&i.PolicyID,
+		&i.Status,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_alerts/constants_gen.go b/internal/store/repos/repo_alerts/constants_gen.go
new file mode 100755
index 0000000..a3e2e50
--- /dev/null
+++ b/internal/store/repos/repo_alerts/constants_gen.go
@@ -0,0 +1,57 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_alerts
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameAlerts TableName = "alerts"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameAlertsId         ColumnName = "id"
+	ColumnNameAlertsIncidentId ColumnName = "incident_id"
+	ColumnNameAlertsPolicyId   ColumnName = "policy_id"
+	ColumnNameAlertsStatus     ColumnName = "status"
+	ColumnNameAlertsCreatedAt  ColumnName = "created_at"
+)
+
+func AlertsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameAlertsId,
+		ColumnNameAlertsIncidentId,
+		ColumnNameAlertsPolicyId,
+		ColumnNameAlertsStatus,
+		ColumnNameAlertsCreatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_alerts/db.go b/internal/store/repos/repo_alerts/db.go
new file mode 100644
index 0000000..71a3fa5
--- /dev/null
+++ b/internal/store/repos/repo_alerts/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_alerts
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_alerts/querier.go b/internal/store/repos/repo_alerts/querier.go
new file mode 100644
index 0000000..f9ccabe
--- /dev/null
+++ b/internal/store/repos/repo_alerts/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_alerts
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Alert, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.Alert, error)
+	GetByID(ctx context.Context, id string) (*models.Alert, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_incident_events/constants_gen.go b/internal/store/repos/repo_incident_events/constants_gen.go
new file mode 100755
index 0000000..9d64b51
--- /dev/null
+++ b/internal/store/repos/repo_incident_events/constants_gen.go
@@ -0,0 +1,57 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_incident_events
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameIncidentEvents TableName = "incident_events"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameIncidentEventsId         ColumnName = "id"
+	ColumnNameIncidentEventsIncidentId ColumnName = "incident_id"
+	ColumnNameIncidentEventsCreatedAt  ColumnName = "created_at"
+	ColumnNameIncidentEventsType       ColumnName = "type"
+	ColumnNameIncidentEventsPayload    ColumnName = "payload"
+)
+
+func IncidentEventsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameIncidentEventsId,
+		ColumnNameIncidentEventsIncidentId,
+		ColumnNameIncidentEventsCreatedAt,
+		ColumnNameIncidentEventsType,
+		ColumnNameIncidentEventsPayload,
+	}
+}
diff --git a/internal/store/repos/repo_incident_events/db.go b/internal/store/repos/repo_incident_events/db.go
new file mode 100644
index 0000000..75cd2d8
--- /dev/null
+++ b/internal/store/repos/repo_incident_events/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_incident_events
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_incident_events/incident_events_gen.sql.go b/internal/store/repos/repo_incident_events/incident_events_gen.sql.go
new file mode 100644
index 0000000..21bb18d
--- /dev/null
+++ b/internal/store/repos/repo_incident_events/incident_events_gen.sql.go
@@ -0,0 +1,103 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: incident_events_gen.sql
+
+package repo_incident_events
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO incident_events (id, incident_id, type, payload)
+	VALUES (?, ?, ?, ?)
+	RETURNING id, incident_id, created_at, type, payload
+`
+
+type CreateParams struct {
+	ID         int64              `db:"id" json:"id"`
+	IncidentID string             `db:"incident_id" json:"incident_id"`
+	Type       string             `db:"type" json:"type"`
+	Payload    storecmn.JSONField `db:"payload" json:"payload"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.IncidentEvent, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.IncidentID,
+		arg.Type,
+		arg.Payload,
+	)
+	var i models.IncidentEvent
+	err := row.Scan(
+		&i.ID,
+		&i.IncidentID,
+		&i.CreatedAt,
+		&i.Type,
+		&i.Payload,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM incident_events WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id int64) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, incident_id, created_at, type, payload FROM incident_events
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.IncidentEvent, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.IncidentEvent{}
+	for rows.Next() {
+		var i models.IncidentEvent
+		if err := rows.Scan(
+			&i.ID,
+			&i.IncidentID,
+			&i.CreatedAt,
+			&i.Type,
+			&i.Payload,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, incident_id, created_at, type, payload FROM incident_events WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id int64) (*models.IncidentEvent, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.IncidentEvent
+	err := row.Scan(
+		&i.ID,
+		&i.IncidentID,
+		&i.CreatedAt,
+		&i.Type,
+		&i.Payload,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_incident_events/querier.go b/internal/store/repos/repo_incident_events/querier.go
new file mode 100644
index 0000000..439365a
--- /dev/null
+++ b/internal/store/repos/repo_incident_events/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_incident_events
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.IncidentEvent, error)
+	Delete(ctx context.Context, id int64) error
+	GetAll(ctx context.Context) ([]*models.IncidentEvent, error)
+	GetByID(ctx context.Context, id int64) (*models.IncidentEvent, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_incidents/constants_gen.go b/internal/store/repos/repo_incidents/constants_gen.go
new file mode 100755
index 0000000..e3033f4
--- /dev/null
+++ b/internal/store/repos/repo_incidents/constants_gen.go
@@ -0,0 +1,77 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_incidents
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameIncidents TableName = "incidents"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameIncidentsId          ColumnName = "id"
+	ColumnNameIncidentsProjectId   ColumnName = "project_id"
+	ColumnNameIncidentsOrigin      ColumnName = "origin"
+	ColumnNameIncidentsMonitorId   ColumnName = "monitor_id"
+	ColumnNameIncidentsResourceId  ColumnName = "resource_id"
+	ColumnNameIncidentsAgentId     ColumnName = "agent_id"
+	ColumnNameIncidentsKind        ColumnName = "kind"
+	ColumnNameIncidentsStatus      ColumnName = "status"
+	ColumnNameIncidentsSeverity    ColumnName = "severity"
+	ColumnNameIncidentsSummary     ColumnName = "summary"
+	ColumnNameIncidentsFirstSeenAt ColumnName = "first_seen_at"
+	ColumnNameIncidentsLastSeenAt  ColumnName = "last_seen_at"
+	ColumnNameIncidentsResolvedAt  ColumnName = "resolved_at"
+	ColumnNameIncidentsCreatedAt   ColumnName = "created_at"
+	ColumnNameIncidentsUpdatedAt   ColumnName = "updated_at"
+)
+
+func IncidentsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameIncidentsId,
+		ColumnNameIncidentsProjectId,
+		ColumnNameIncidentsOrigin,
+		ColumnNameIncidentsMonitorId,
+		ColumnNameIncidentsResourceId,
+		ColumnNameIncidentsAgentId,
+		ColumnNameIncidentsKind,
+		ColumnNameIncidentsStatus,
+		ColumnNameIncidentsSeverity,
+		ColumnNameIncidentsSummary,
+		ColumnNameIncidentsFirstSeenAt,
+		ColumnNameIncidentsLastSeenAt,
+		ColumnNameIncidentsResolvedAt,
+		ColumnNameIncidentsCreatedAt,
+		ColumnNameIncidentsUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_incidents/custom.go b/internal/store/repos/repo_incidents/custom.go
new file mode 100644
index 0000000..3a44b3d
--- /dev/null
+++ b/internal/store/repos/repo_incidents/custom.go
@@ -0,0 +1,37 @@
+package repo_incidents
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ICustomQuerier interface {
+	Querier
+	Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Incident], error)
+	StatsByDateRange(ctx context.Context, startTime, endTime time.Time) (StatsByDateRangeData, error)
+}
+
+type CustomQueries struct {
+	*Queries
+	db DBTX
+}
+
+func NewCustom(db DBTX) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(db),
+		db:      db,
+	}
+}
+
+func (s *CustomQueries) WithTx(tx *sql.Tx) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(tx),
+		db:      tx,
+	}
+}
+
+var _ ICustomQuerier = (*CustomQueries)(nil)
diff --git a/internal/store/repos/repo_incidents/db.go b/internal/store/repos/repo_incidents/db.go
new file mode 100644
index 0000000..c1d2e25
--- /dev/null
+++ b/internal/store/repos/repo_incidents/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_incidents
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_incidents/find.go b/internal/store/repos/repo_incidents/find.go
new file mode 100644
index 0000000..87986c8
--- /dev/null
+++ b/internal/store/repos/repo_incidents/find.go
@@ -0,0 +1,90 @@
+package repo_incidents
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/georgysavva/scany/v2/sqlscan"
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type FindParams struct {
+	Search     string
+	ID         string
+	ServiceID  string
+	Resolved   *bool
+	StartedAt  *time.Time
+	ResolvedAt *time.Time
+	Page       *uint32
+	PageSize   *uint32
+}
+
+func findBuilder(params FindParams, col ...string) *sqlbuilder.SelectBuilder {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select(col...)
+	sb.From(TableNameIncidents.String())
+
+	if params.ID != "" {
+		sb.Where(sb.Equal("id", params.ID))
+	}
+
+	if params.ServiceID != "" {
+		sb.Where(sb.Equal("service_id", params.ServiceID))
+	}
+
+	if params.Search != "" {
+		likeCondition := fmt.Sprintf("%%%s%%", params.Search)
+		sb.Where(sb.Or(
+			sb.Like("id", likeCondition),
+			sb.Like("service_id", likeCondition),
+		))
+	}
+
+	if params.Resolved != nil {
+		sb.Where(sb.IsNotNull("resolved_at"))
+	}
+
+	if params.StartedAt != nil {
+		sb.Where(sb.GreaterEqualThan("started_at", *params.StartedAt))
+	}
+
+	if params.ResolvedAt != nil {
+		sb.Where(sb.LessEqualThan("resolved_at", *params.ResolvedAt))
+	}
+
+	return sb
+}
+
+// Find returns list of incidents by given filters with pagination
+func (s *CustomQueries) Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.Incident], error) {
+	sb := findBuilder(params, IncidentsColumnNames().Strings()...)
+
+	sb.OrderBy("created_at").Desc()
+
+	limit, offset, err := storecmn.Pagination(params.Page, params.PageSize)
+	if err != nil {
+		return nil, err
+	}
+	sb.Limit(int(limit)).Offset(int(offset))
+
+	items := []*models.Incident{}
+	sql, args := sb.Build()
+	if err := sqlscan.Select(ctx, s.db, &items, sql, args...); err != nil {
+		return nil, err
+	}
+
+	// Get total count of services
+	var totalCount uint32
+	countSQL, countArgs := findBuilder(params, "count(*)").Build()
+	if err := sqlscan.Get(ctx, s.db, &totalCount, countSQL, countArgs...); err != nil {
+		return nil, err
+	}
+
+	return &storecmn.FindResponseWithCount[*models.Incident]{
+		Count: totalCount,
+		Items: items,
+	}, nil
+}
diff --git a/internal/store/repos/repo_incidents/incidents.sql.go b/internal/store/repos/repo_incidents/incidents.sql.go
new file mode 100644
index 0000000..0b91c58
--- /dev/null
+++ b/internal/store/repos/repo_incidents/incidents.sql.go
@@ -0,0 +1,147 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: incidents.sql
+
+package repo_incidents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const deleteByMonitorID = `-- name: DeleteByMonitorID :exec
+DELETE FROM incidents WHERE monitor_id=?
+`
+
+func (q *Queries) DeleteByMonitorID(ctx context.Context, monitorID *string) error {
+	_, err := q.db.ExecContext(ctx, deleteByMonitorID, monitorID)
+	return err
+}
+
+const getAllUnresolvedByMonitorID = `-- name: GetAllUnresolvedByMonitorID :many
+SELECT id, project_id, origin, monitor_id, resource_id, agent_id, kind, status, severity, summary, first_seen_at, last_seen_at, resolved_at, created_at, updated_at FROM incidents
+WHERE monitor_id=? AND resolved_at IS NULL
+ORDER BY created_at DESC
+`
+
+func (q *Queries) GetAllUnresolvedByMonitorID(ctx context.Context, monitorID *string) ([]*models.Incident, error) {
+	rows, err := q.db.QueryContext(ctx, getAllUnresolvedByMonitorID, monitorID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.Incident{}
+	for rows.Next() {
+		var i models.Incident
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.Origin,
+			&i.MonitorID,
+			&i.ResourceID,
+			&i.AgentID,
+			&i.Kind,
+			&i.Status,
+			&i.Severity,
+			&i.Summary,
+			&i.FirstSeenAt,
+			&i.LastSeenAt,
+			&i.ResolvedAt,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const resolveByID = `-- name: ResolveByID :exec
+UPDATE incidents
+SET
+  resolved_at = CURRENT_TIMESTAMP,
+  duration = CAST((julianday('now') - julianday(started_at)) * 86400000 AS INTEGER),
+  updated_at = CURRENT_TIMESTAMP
+WHERE id=? AND resolved_at IS NULL
+`
+
+func (q *Queries) ResolveByID(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, resolveByID, id)
+	return err
+}
+
+const stats = `-- name: Stats :one
+SELECT
+ 	COUNT(*) AS total_incidents,
+ 	SUM(duration) AS total_downtime,
+  AVG(duration) AS avg_downtime,
+  SUM(CASE WHEN resolved_at IS NOT NULL THEN 1 ELSE 0 END) AS resolved_incidents,
+  SUM(CASE WHEN resolved_at IS NULL THEN 1 ELSE 0 END) AS unresolved_incidents
+FROM incidents
+`
+
+type StatsRow struct {
+	TotalIncidents      int64    `db:"total_incidents" json:"total_incidents"`
+	TotalDowntime       *float64 `db:"total_downtime" json:"total_downtime"`
+	AvgDowntime         *float64 `db:"avg_downtime" json:"avg_downtime"`
+	ResolvedIncidents   *float64 `db:"resolved_incidents" json:"resolved_incidents"`
+	UnresolvedIncidents *float64 `db:"unresolved_incidents" json:"unresolved_incidents"`
+}
+
+func (q *Queries) Stats(ctx context.Context) (*StatsRow, error) {
+	row := q.db.QueryRowContext(ctx, stats)
+	var i StatsRow
+	err := row.Scan(
+		&i.TotalIncidents,
+		&i.TotalDowntime,
+		&i.AvgDowntime,
+		&i.ResolvedIncidents,
+		&i.UnresolvedIncidents,
+	)
+	return &i, err
+}
+
+const statsByMonitorID = `-- name: StatsByMonitorID :one
+SELECT
+ 	COUNT(*) AS total_incidents,
+ 	SUM(duration) AS total_downtime,
+  AVG(duration) AS avg_downtime,
+  SUM(CASE WHEN resolved_at IS NOT NULL THEN 1 ELSE 0 END) AS resolved_incidents,
+  SUM(CASE WHEN resolved_at IS NULL THEN 1 ELSE 0 END) AS unresolved_incidents,
+  ROUND(100.0 - (COALESCE(SUM(duration), 0) * 100.0 / (30 * 24 * 60 * 60 * 1000)), 3) AS uptime_percentage_30d
+FROM incidents
+WHERE monitor_id=? AND created_at >= ?
+`
+
+type StatsByMonitorIDRow struct {
+	TotalIncidents      int64    `db:"total_incidents" json:"total_incidents"`
+	TotalDowntime       *float64 `db:"total_downtime" json:"total_downtime"`
+	AvgDowntime         *float64 `db:"avg_downtime" json:"avg_downtime"`
+	ResolvedIncidents   *float64 `db:"resolved_incidents" json:"resolved_incidents"`
+	UnresolvedIncidents *float64 `db:"unresolved_incidents" json:"unresolved_incidents"`
+	UptimePercentage30d float64  `db:"uptime_percentage_30d" json:"uptime_percentage_30d"`
+}
+
+func (q *Queries) StatsByMonitorID(ctx context.Context, monitorID *string, createdAt time.Time) (*StatsByMonitorIDRow, error) {
+	row := q.db.QueryRowContext(ctx, statsByMonitorID, monitorID, createdAt)
+	var i StatsByMonitorIDRow
+	err := row.Scan(
+		&i.TotalIncidents,
+		&i.TotalDowntime,
+		&i.AvgDowntime,
+		&i.ResolvedIncidents,
+		&i.UnresolvedIncidents,
+		&i.UptimePercentage30d,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_incidents/incidents_gen.sql.go b/internal/store/repos/repo_incidents/incidents_gen.sql.go
new file mode 100644
index 0000000..6f58b51
--- /dev/null
+++ b/internal/store/repos/repo_incidents/incidents_gen.sql.go
@@ -0,0 +1,106 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: incidents_gen.sql
+
+package repo_incidents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO incidents (id, project_id, origin, monitor_id, resource_id, agent_id, kind, status, severity, summary, first_seen_at, last_seen_at)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, project_id, origin, monitor_id, resource_id, agent_id, kind, status, severity, summary, first_seen_at, last_seen_at, resolved_at, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID          string    `db:"id" json:"id"`
+	ProjectID   string    `db:"project_id" json:"project_id"`
+	Origin      string    `db:"origin" json:"origin"`
+	MonitorID   *string   `db:"monitor_id" json:"monitor_id"`
+	ResourceID  *string   `db:"resource_id" json:"resource_id"`
+	AgentID     *string   `db:"agent_id" json:"agent_id"`
+	Kind        string    `db:"kind" json:"kind"`
+	Status      string    `db:"status" json:"status"`
+	Severity    int64     `db:"severity" json:"severity"`
+	Summary     string    `db:"summary" json:"summary"`
+	FirstSeenAt time.Time `db:"first_seen_at" json:"first_seen_at"`
+	LastSeenAt  time.Time `db:"last_seen_at" json:"last_seen_at"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Incident, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.Origin,
+		arg.MonitorID,
+		arg.ResourceID,
+		arg.AgentID,
+		arg.Kind,
+		arg.Status,
+		arg.Severity,
+		arg.Summary,
+		arg.FirstSeenAt,
+		arg.LastSeenAt,
+	)
+	var i models.Incident
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.Origin,
+		&i.MonitorID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.Kind,
+		&i.Status,
+		&i.Severity,
+		&i.Summary,
+		&i.FirstSeenAt,
+		&i.LastSeenAt,
+		&i.ResolvedAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM incidents WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, origin, monitor_id, resource_id, agent_id, kind, status, severity, summary, first_seen_at, last_seen_at, resolved_at, created_at, updated_at FROM incidents WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Incident, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Incident
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.Origin,
+		&i.MonitorID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.Kind,
+		&i.Status,
+		&i.Severity,
+		&i.Summary,
+		&i.FirstSeenAt,
+		&i.LastSeenAt,
+		&i.ResolvedAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_incidents/querier.go b/internal/store/repos/repo_incidents/querier.go
new file mode 100644
index 0000000..201c4de
--- /dev/null
+++ b/internal/store/repos/repo_incidents/querier.go
@@ -0,0 +1,25 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_incidents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Incident, error)
+	Delete(ctx context.Context, id string) error
+	DeleteByMonitorID(ctx context.Context, monitorID *string) error
+	GetAllUnresolvedByMonitorID(ctx context.Context, monitorID *string) ([]*models.Incident, error)
+	GetByID(ctx context.Context, id string) (*models.Incident, error)
+	ResolveByID(ctx context.Context, id string) error
+	Stats(ctx context.Context) (*StatsRow, error)
+	StatsByMonitorID(ctx context.Context, monitorID *string, createdAt time.Time) (*StatsByMonitorIDRow, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_incidents/stats.go b/internal/store/repos/repo_incidents/stats.go
new file mode 100644
index 0000000..1296407
--- /dev/null
+++ b/internal/store/repos/repo_incidents/stats.go
@@ -0,0 +1,71 @@
+package repo_incidents
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/huandu/go-sqlbuilder"
+)
+
+type StatsByDateRangeItem struct {
+	Date          time.Time `json:"date"`
+	Count         int64     `json:"count"`
+	AvgDuration   int64     `json:"avg_duration"`
+	TotalDuration int64     `json:"total_duration"`
+}
+
+type StatsByDateRangeData []StatsByDateRangeItem
+
+// StatsByDateRange retrieves the stats of incidents within a specific date range
+func (o *CustomQueries) StatsByDateRange(ctx context.Context, startTime, endTime time.Time) (StatsByDateRangeData, error) {
+	// Generate date series for the range
+	var result StatsByDateRangeData
+
+	// Iterate through each day in the range
+	for d := startTime; !d.After(endTime); d = d.AddDate(0, 0, 1) {
+		// Get start and end of the day
+		dayStart := time.Date(d.Year(), d.Month(), d.Day(), 0, 0, 0, 0, d.Location())
+		dayEnd := time.Date(d.Year(), d.Month(), d.Day(), 23, 59, 59, 999999999, d.Location())
+
+		// Query incidents for this specific date range
+		sb := sqlbuilder.NewSelectBuilder()
+		sb.Select(
+			"COUNT(*) as count",
+			"AVG(CASE WHEN resolved_at IS NOT NULL THEN duration ELSE (strftime('%s', 'now') - strftime('%s', started_at)) * 1000 END) as avg_duration",
+			"SUM(CASE WHEN resolved_at IS NOT NULL THEN duration ELSE (strftime('%s', 'now') - strftime('%s', started_at)) * 1000 END) as total_duration",
+		)
+		sb.From("incidents")
+		sb.Where(sb.GreaterEqualThan("started_at", dayStart.Format("2006-01-02 15:04:05")))
+		sb.Where(sb.LessEqualThan("started_at", dayEnd.Format("2006-01-02 15:04:05")))
+
+		sql, args := sb.Build()
+		row := o.db.QueryRowContext(ctx, sql, args...)
+
+		var count int64
+		var avgDuration *float64
+		var totalDuration *float64
+
+		if err := row.Scan(&count, &avgDuration, &totalDuration); err != nil {
+			return nil, fmt.Errorf("failed to scan incident stats for date %s: %w", d.Format("2006-01-02"), err)
+		}
+
+		item := StatsByDateRangeItem{
+			Date:  d,
+			Count: count,
+		}
+
+		// Convert nanoseconds to duration
+		if avgDuration != nil {
+			item.AvgDuration = int64(*avgDuration)
+		}
+
+		if totalDuration != nil {
+			item.TotalDuration = int64(*totalDuration)
+		}
+
+		result = append(result, item)
+	}
+
+	return result, nil
+}
diff --git a/internal/store/repos/repo_incidents/types.go b/internal/store/repos/repo_incidents/types.go
new file mode 100644
index 0000000..6d128d1
--- /dev/null
+++ b/internal/store/repos/repo_incidents/types.go
@@ -0,0 +1,79 @@
+package repo_incidents
+
+type StatsByServiceID struct {
+	TotalIncidents      int64
+	TotalDowntime       int64
+	AvgDowntime         int64
+	ResolvedIncidents   int64
+	UnresolvedIncidents int64
+	UptimePercentage30d float64
+}
+
+func (s StatsByMonitorIDRow) ToDomain() *StatsByServiceID {
+	var totalDowntime int64
+	if s.TotalDowntime != nil {
+		totalDowntime = int64(*s.TotalDowntime)
+	}
+
+	var avgDowntime int64
+	if s.AvgDowntime != nil {
+		avgDowntime = int64(*s.AvgDowntime)
+	}
+
+	var resolvedIncidents int64
+	if s.ResolvedIncidents != nil {
+		resolvedIncidents = int64(*s.ResolvedIncidents)
+	}
+
+	var unresolvedIncidents int64
+	if s.UnresolvedIncidents != nil {
+		unresolvedIncidents = int64(*s.UnresolvedIncidents)
+	}
+
+	return &StatsByServiceID{
+		TotalIncidents:      s.TotalIncidents,
+		TotalDowntime:       totalDowntime,
+		AvgDowntime:         avgDowntime,
+		ResolvedIncidents:   resolvedIncidents,
+		UnresolvedIncidents: unresolvedIncidents,
+		UptimePercentage30d: s.UptimePercentage30d,
+	}
+}
+
+type Stats struct {
+	TotalIncidents      int64
+	TotalDowntime       int64
+	AvgDowntime         int64
+	ResolvedIncidents   int64
+	UnresolvedIncidents int64
+}
+
+func (s StatsRow) ToDomain() *Stats {
+	var totalDowntime int64
+	if s.TotalDowntime != nil {
+		totalDowntime = int64(*s.TotalDowntime)
+	}
+
+	var avgDowntime int64
+	if s.AvgDowntime != nil {
+		avgDowntime = int64(*s.AvgDowntime)
+	}
+
+	var resolvedIncidents int64
+	if s.ResolvedIncidents != nil {
+		resolvedIncidents = int64(*s.ResolvedIncidents)
+	}
+
+	var unresolvedIncidents int64
+	if s.UnresolvedIncidents != nil {
+		unresolvedIncidents = int64(*s.UnresolvedIncidents)
+	}
+
+	return &Stats{
+		TotalIncidents:      s.TotalIncidents,
+		TotalDowntime:       totalDowntime,
+		AvgDowntime:         avgDowntime,
+		ResolvedIncidents:   resolvedIncidents,
+		UnresolvedIncidents: unresolvedIncidents,
+	}
+}
diff --git a/internal/store/repos/repo_maintenance_windows/constants_gen.go b/internal/store/repos/repo_maintenance_windows/constants_gen.go
new file mode 100755
index 0000000..ce90f9e
--- /dev/null
+++ b/internal/store/repos/repo_maintenance_windows/constants_gen.go
@@ -0,0 +1,61 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_maintenance_windows
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMaintenanceWindows TableName = "maintenance_windows"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMaintenanceWindowsId        ColumnName = "id"
+	ColumnNameMaintenanceWindowsName      ColumnName = "name"
+	ColumnNameMaintenanceWindowsStartAt   ColumnName = "start_at"
+	ColumnNameMaintenanceWindowsEndAt     ColumnName = "end_at"
+	ColumnNameMaintenanceWindowsReason    ColumnName = "reason"
+	ColumnNameMaintenanceWindowsCreatedAt ColumnName = "created_at"
+	ColumnNameMaintenanceWindowsUpdatedAt ColumnName = "updated_at"
+)
+
+func MaintenanceWindowsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMaintenanceWindowsId,
+		ColumnNameMaintenanceWindowsName,
+		ColumnNameMaintenanceWindowsStartAt,
+		ColumnNameMaintenanceWindowsEndAt,
+		ColumnNameMaintenanceWindowsReason,
+		ColumnNameMaintenanceWindowsCreatedAt,
+		ColumnNameMaintenanceWindowsUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_maintenance_windows/db.go b/internal/store/repos/repo_maintenance_windows/db.go
new file mode 100644
index 0000000..4d9a1de
--- /dev/null
+++ b/internal/store/repos/repo_maintenance_windows/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_maintenance_windows
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_maintenance_windows/maintenance_windows_gen.sql.go b/internal/store/repos/repo_maintenance_windows/maintenance_windows_gen.sql.go
new file mode 100644
index 0000000..840f9ae
--- /dev/null
+++ b/internal/store/repos/repo_maintenance_windows/maintenance_windows_gen.sql.go
@@ -0,0 +1,111 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: maintenance_windows_gen.sql
+
+package repo_maintenance_windows
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO maintenance_windows (id, name, start_at, end_at, reason)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, name, start_at, end_at, reason, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID      string    `db:"id" json:"id"`
+	Name    string    `db:"name" json:"name"`
+	StartAt time.Time `db:"start_at" json:"start_at"`
+	EndAt   time.Time `db:"end_at" json:"end_at"`
+	Reason  *string   `db:"reason" json:"reason"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.MaintenanceWindow, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.Name,
+		arg.StartAt,
+		arg.EndAt,
+		arg.Reason,
+	)
+	var i models.MaintenanceWindow
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.StartAt,
+		&i.EndAt,
+		&i.Reason,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM maintenance_windows WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, name, start_at, end_at, reason, created_at, updated_at FROM maintenance_windows
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.MaintenanceWindow, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.MaintenanceWindow{}
+	for rows.Next() {
+		var i models.MaintenanceWindow
+		if err := rows.Scan(
+			&i.ID,
+			&i.Name,
+			&i.StartAt,
+			&i.EndAt,
+			&i.Reason,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, name, start_at, end_at, reason, created_at, updated_at FROM maintenance_windows WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.MaintenanceWindow, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.MaintenanceWindow
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.StartAt,
+		&i.EndAt,
+		&i.Reason,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_maintenance_windows/querier.go b/internal/store/repos/repo_maintenance_windows/querier.go
new file mode 100644
index 0000000..8f8cf6b
--- /dev/null
+++ b/internal/store/repos/repo_maintenance_windows/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_maintenance_windows
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.MaintenanceWindow, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.MaintenanceWindow, error)
+	GetByID(ctx context.Context, id string) (*models.MaintenanceWindow, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_monitor_agents/constants_gen.go b/internal/store/repos/repo_monitor_agents/constants_gen.go
new file mode 100755
index 0000000..9208b5b
--- /dev/null
+++ b/internal/store/repos/repo_monitor_agents/constants_gen.go
@@ -0,0 +1,57 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_monitor_agents
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMonitorAgents TableName = "monitor_agents"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMonitorAgentsId        ColumnName = "id"
+	ColumnNameMonitorAgentsProjectId ColumnName = "project_id"
+	ColumnNameMonitorAgentsMonitorId ColumnName = "monitor_id"
+	ColumnNameMonitorAgentsAgentId   ColumnName = "agent_id"
+	ColumnNameMonitorAgentsCreatedAt ColumnName = "created_at"
+)
+
+func MonitorAgentsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMonitorAgentsId,
+		ColumnNameMonitorAgentsProjectId,
+		ColumnNameMonitorAgentsMonitorId,
+		ColumnNameMonitorAgentsAgentId,
+		ColumnNameMonitorAgentsCreatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_agents/db.go b/internal/store/repos/repo_monitor_agents/db.go
new file mode 100644
index 0000000..9068893
--- /dev/null
+++ b/internal/store/repos/repo_monitor_agents/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_agents
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_agents/monitor_agents_gen.sql.go b/internal/store/repos/repo_monitor_agents/monitor_agents_gen.sql.go
new file mode 100644
index 0000000..b2d5f9a
--- /dev/null
+++ b/internal/store/repos/repo_monitor_agents/monitor_agents_gen.sql.go
@@ -0,0 +1,105 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitor_agents_gen.sql
+
+package repo_monitor_agents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO monitor_agents (id, project_id, monitor_id, agent_id, created_at)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, project_id, monitor_id, agent_id, created_at
+`
+
+type CreateParams struct {
+	ID        string    `db:"id" json:"id"`
+	ProjectID string    `db:"project_id" json:"project_id"`
+	MonitorID string    `db:"monitor_id" json:"monitor_id"`
+	AgentID   string    `db:"agent_id" json:"agent_id"`
+	CreatedAt time.Time `db:"created_at" json:"created_at"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.MonitorAgent, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.MonitorID,
+		arg.AgentID,
+		arg.CreatedAt,
+	)
+	var i models.MonitorAgent
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.AgentID,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM monitor_agents WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, project_id, monitor_id, agent_id, created_at FROM monitor_agents
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.MonitorAgent, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.MonitorAgent{}
+	for rows.Next() {
+		var i models.MonitorAgent
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.MonitorID,
+			&i.AgentID,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, monitor_id, agent_id, created_at FROM monitor_agents WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.MonitorAgent, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.MonitorAgent
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.AgentID,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitor_agents/querier.go b/internal/store/repos/repo_monitor_agents/querier.go
new file mode 100644
index 0000000..050a723
--- /dev/null
+++ b/internal/store/repos/repo_monitor_agents/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.MonitorAgent, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.MonitorAgent, error)
+	GetByID(ctx context.Context, id string) (*models.MonitorAgent, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_monitor_checks/constants_gen.go b/internal/store/repos/repo_monitor_checks/constants_gen.go
new file mode 100755
index 0000000..2fc7f26
--- /dev/null
+++ b/internal/store/repos/repo_monitor_checks/constants_gen.go
@@ -0,0 +1,73 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_monitor_checks
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMonitorChecks TableName = "monitor_checks"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMonitorChecksId           ColumnName = "id"
+	ColumnNameMonitorChecksProjectId    ColumnName = "project_id"
+	ColumnNameMonitorChecksMonitorId    ColumnName = "monitor_id"
+	ColumnNameMonitorChecksRevisionId   ColumnName = "revision_id"
+	ColumnNameMonitorChecksResourceId   ColumnName = "resource_id"
+	ColumnNameMonitorChecksAgentId      ColumnName = "agent_id"
+	ColumnNameMonitorChecksStartedAt    ColumnName = "started_at"
+	ColumnNameMonitorChecksCompletedAt  ColumnName = "completed_at"
+	ColumnNameMonitorChecksSeverity     ColumnName = "severity"
+	ColumnNameMonitorChecksResponseTime ColumnName = "response_time"
+	ColumnNameMonitorChecksEvaluation   ColumnName = "evaluation"
+	ColumnNameMonitorChecksMeta         ColumnName = "meta"
+	ColumnNameMonitorChecksCreatedAt    ColumnName = "created_at"
+)
+
+func MonitorChecksColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMonitorChecksId,
+		ColumnNameMonitorChecksProjectId,
+		ColumnNameMonitorChecksMonitorId,
+		ColumnNameMonitorChecksRevisionId,
+		ColumnNameMonitorChecksResourceId,
+		ColumnNameMonitorChecksAgentId,
+		ColumnNameMonitorChecksStartedAt,
+		ColumnNameMonitorChecksCompletedAt,
+		ColumnNameMonitorChecksSeverity,
+		ColumnNameMonitorChecksResponseTime,
+		ColumnNameMonitorChecksEvaluation,
+		ColumnNameMonitorChecksMeta,
+		ColumnNameMonitorChecksCreatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_checks/db.go b/internal/store/repos/repo_monitor_checks/db.go
new file mode 100644
index 0000000..da8c8d6
--- /dev/null
+++ b/internal/store/repos/repo_monitor_checks/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_checks
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_checks/monitor_checks_gen.sql.go b/internal/store/repos/repo_monitor_checks/monitor_checks_gen.sql.go
new file mode 100644
index 0000000..5d331c6
--- /dev/null
+++ b/internal/store/repos/repo_monitor_checks/monitor_checks_gen.sql.go
@@ -0,0 +1,144 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitor_checks_gen.sql
+
+package repo_monitor_checks
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO monitor_checks (id, project_id, monitor_id, revision_id, resource_id, agent_id, started_at, completed_at, severity, response_time, evaluation, meta)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, project_id, monitor_id, revision_id, resource_id, agent_id, started_at, completed_at, severity, response_time, evaluation, meta, created_at
+`
+
+type CreateParams struct {
+	ID           string             `db:"id" json:"id"`
+	ProjectID    string             `db:"project_id" json:"project_id"`
+	MonitorID    string             `db:"monitor_id" json:"monitor_id"`
+	RevisionID   int64              `db:"revision_id" json:"revision_id"`
+	ResourceID   string             `db:"resource_id" json:"resource_id"`
+	AgentID      string             `db:"agent_id" json:"agent_id"`
+	StartedAt    time.Time          `db:"started_at" json:"started_at"`
+	CompletedAt  time.Time          `db:"completed_at" json:"completed_at"`
+	Severity     int64              `db:"severity" json:"severity"`
+	ResponseTime int64              `db:"response_time" json:"response_time"`
+	Evaluation   storecmn.JSONField `db:"evaluation" json:"evaluation"`
+	Meta         storecmn.JSONField `db:"meta" json:"meta"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.MonitorCheck, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.MonitorID,
+		arg.RevisionID,
+		arg.ResourceID,
+		arg.AgentID,
+		arg.StartedAt,
+		arg.CompletedAt,
+		arg.Severity,
+		arg.ResponseTime,
+		arg.Evaluation,
+		arg.Meta,
+	)
+	var i models.MonitorCheck
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.RevisionID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.StartedAt,
+		&i.CompletedAt,
+		&i.Severity,
+		&i.ResponseTime,
+		&i.Evaluation,
+		&i.Meta,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM monitor_checks WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, project_id, monitor_id, revision_id, resource_id, agent_id, started_at, completed_at, severity, response_time, evaluation, meta, created_at FROM monitor_checks
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.MonitorCheck, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.MonitorCheck{}
+	for rows.Next() {
+		var i models.MonitorCheck
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.MonitorID,
+			&i.RevisionID,
+			&i.ResourceID,
+			&i.AgentID,
+			&i.StartedAt,
+			&i.CompletedAt,
+			&i.Severity,
+			&i.ResponseTime,
+			&i.Evaluation,
+			&i.Meta,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, monitor_id, revision_id, resource_id, agent_id, started_at, completed_at, severity, response_time, evaluation, meta, created_at FROM monitor_checks WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.MonitorCheck, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.MonitorCheck
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.RevisionID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.StartedAt,
+		&i.CompletedAt,
+		&i.Severity,
+		&i.ResponseTime,
+		&i.Evaluation,
+		&i.Meta,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitor_checks/querier.go b/internal/store/repos/repo_monitor_checks/querier.go
new file mode 100644
index 0000000..1878a97
--- /dev/null
+++ b/internal/store/repos/repo_monitor_checks/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_checks
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.MonitorCheck, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.MonitorCheck, error)
+	GetByID(ctx context.Context, id string) (*models.MonitorCheck, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_monitor_revisions/constants_gen.go b/internal/store/repos/repo_monitor_revisions/constants_gen.go
new file mode 100755
index 0000000..9c68097
--- /dev/null
+++ b/internal/store/repos/repo_monitor_revisions/constants_gen.go
@@ -0,0 +1,59 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_monitor_revisions
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMonitorRevisions TableName = "monitor_revisions"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMonitorRevisionsId              ColumnName = "id"
+	ColumnNameMonitorRevisionsMonitorId       ColumnName = "monitor_id"
+	ColumnNameMonitorRevisionsConfig          ColumnName = "config"
+	ColumnNameMonitorRevisionsContentHashUint ColumnName = "content_hash_uint64"
+	ColumnNameMonitorRevisionsIsActive        ColumnName = "is_active"
+	ColumnNameMonitorRevisionsCreatedAt       ColumnName = "created_at"
+)
+
+func MonitorRevisionsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMonitorRevisionsId,
+		ColumnNameMonitorRevisionsMonitorId,
+		ColumnNameMonitorRevisionsConfig,
+		ColumnNameMonitorRevisionsContentHashUint,
+		ColumnNameMonitorRevisionsIsActive,
+		ColumnNameMonitorRevisionsCreatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_revisions/db.go b/internal/store/repos/repo_monitor_revisions/db.go
new file mode 100644
index 0000000..56e2768
--- /dev/null
+++ b/internal/store/repos/repo_monitor_revisions/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_revisions
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_revisions/monitor_revisions_gen.sql.go b/internal/store/repos/repo_monitor_revisions/monitor_revisions_gen.sql.go
new file mode 100644
index 0000000..76eccbf
--- /dev/null
+++ b/internal/store/repos/repo_monitor_revisions/monitor_revisions_gen.sql.go
@@ -0,0 +1,108 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitor_revisions_gen.sql
+
+package repo_monitor_revisions
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO monitor_revisions (id, monitor_id, config, content_hash_uint64, is_active)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, monitor_id, config, content_hash_uint64, is_active, created_at
+`
+
+type CreateParams struct {
+	ID                int64              `db:"id" json:"id"`
+	MonitorID         string             `db:"monitor_id" json:"monitor_id"`
+	Config            storecmn.JSONField `db:"config" json:"config"`
+	ContentHashUint64 int64              `db:"content_hash_uint64" json:"content_hash_uint64"`
+	IsActive          bool               `db:"is_active" json:"is_active"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.MonitorRevision, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.MonitorID,
+		arg.Config,
+		arg.ContentHashUint64,
+		arg.IsActive,
+	)
+	var i models.MonitorRevision
+	err := row.Scan(
+		&i.ID,
+		&i.MonitorID,
+		&i.Config,
+		&i.ContentHashUint64,
+		&i.IsActive,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM monitor_revisions WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id int64) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, monitor_id, config, content_hash_uint64, is_active, created_at FROM monitor_revisions
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.MonitorRevision, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.MonitorRevision{}
+	for rows.Next() {
+		var i models.MonitorRevision
+		if err := rows.Scan(
+			&i.ID,
+			&i.MonitorID,
+			&i.Config,
+			&i.ContentHashUint64,
+			&i.IsActive,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, monitor_id, config, content_hash_uint64, is_active, created_at FROM monitor_revisions WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id int64) (*models.MonitorRevision, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.MonitorRevision
+	err := row.Scan(
+		&i.ID,
+		&i.MonitorID,
+		&i.Config,
+		&i.ContentHashUint64,
+		&i.IsActive,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitor_revisions/querier.go b/internal/store/repos/repo_monitor_revisions/querier.go
new file mode 100644
index 0000000..60f093e
--- /dev/null
+++ b/internal/store/repos/repo_monitor_revisions/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_revisions
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.MonitorRevision, error)
+	Delete(ctx context.Context, id int64) error
+	GetAll(ctx context.Context) ([]*models.MonitorRevision, error)
+	GetByID(ctx context.Context, id int64) (*models.MonitorRevision, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_monitor_states/constants_gen.go b/internal/store/repos/repo_monitor_states/constants_gen.go
new file mode 100755
index 0000000..551234b
--- /dev/null
+++ b/internal/store/repos/repo_monitor_states/constants_gen.go
@@ -0,0 +1,75 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_monitor_states
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMonitorStates TableName = "monitor_states"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMonitorStatesId                 ColumnName = "id"
+	ColumnNameMonitorStatesProjectId          ColumnName = "project_id"
+	ColumnNameMonitorStatesMonitorId          ColumnName = "monitor_id"
+	ColumnNameMonitorStatesResourceId         ColumnName = "resource_id"
+	ColumnNameMonitorStatesAgentId            ColumnName = "agent_id"
+	ColumnNameMonitorStatesSeverity           ColumnName = "severity"
+	ColumnNameMonitorStatesStatus             ColumnName = "status"
+	ColumnNameMonitorStatesLastCheck          ColumnName = "last_check"
+	ColumnNameMonitorStatesLastError          ColumnName = "last_error"
+	ColumnNameMonitorStatesConsecutiveFails   ColumnName = "consecutive_fails"
+	ColumnNameMonitorStatesConsecutiveSuccess ColumnName = "consecutive_success"
+	ColumnNameMonitorStatesTotalChecks        ColumnName = "total_checks"
+	ColumnNameMonitorStatesAvgResponseTime    ColumnName = "avg_response_time"
+	ColumnNameMonitorStatesUpdatedAt          ColumnName = "updated_at"
+)
+
+func MonitorStatesColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMonitorStatesId,
+		ColumnNameMonitorStatesProjectId,
+		ColumnNameMonitorStatesMonitorId,
+		ColumnNameMonitorStatesResourceId,
+		ColumnNameMonitorStatesAgentId,
+		ColumnNameMonitorStatesSeverity,
+		ColumnNameMonitorStatesStatus,
+		ColumnNameMonitorStatesLastCheck,
+		ColumnNameMonitorStatesLastError,
+		ColumnNameMonitorStatesConsecutiveFails,
+		ColumnNameMonitorStatesConsecutiveSuccess,
+		ColumnNameMonitorStatesTotalChecks,
+		ColumnNameMonitorStatesAvgResponseTime,
+		ColumnNameMonitorStatesUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_states/db.go b/internal/store/repos/repo_monitor_states/db.go
new file mode 100644
index 0000000..61f978f
--- /dev/null
+++ b/internal/store/repos/repo_monitor_states/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_states
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_monitor_states/monitor_states.sql.go b/internal/store/repos/repo_monitor_states/monitor_states.sql.go
new file mode 100644
index 0000000..4c46c7f
--- /dev/null
+++ b/internal/store/repos/repo_monitor_states/monitor_states.sql.go
@@ -0,0 +1,81 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitor_states.sql
+
+package repo_monitor_states
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const deleteByMonitorID = `-- name: DeleteByMonitorID :exec
+DELETE FROM monitor_states WHERE monitor_id=?
+`
+
+func (q *Queries) DeleteByMonitorID(ctx context.Context, monitorID string) error {
+	_, err := q.db.ExecContext(ctx, deleteByMonitorID, monitorID)
+	return err
+}
+
+const getByMonitorID = `-- name: GetByMonitorID :one
+SELECT id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time, updated_at FROM monitor_states WHERE monitor_id=? LIMIT 1
+`
+
+func (q *Queries) GetByMonitorID(ctx context.Context, monitorID string) (*models.MonitorState, error) {
+	row := q.db.QueryRowContext(ctx, getByMonitorID, monitorID)
+	var i models.MonitorState
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.Severity,
+		&i.Status,
+		&i.LastCheck,
+		&i.LastError,
+		&i.ConsecutiveFails,
+		&i.ConsecutiveSuccess,
+		&i.TotalChecks,
+		&i.AvgResponseTime,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const stats = `-- name: Stats :one
+SELECT
+ 	COUNT(*) AS total_services,
+ 	SUM(CASE WHEN status='up' THEN 1 ELSE 0 END) AS services_up,
+ 	SUM(CASE WHEN status='down' THEN 1 ELSE 0 END) AS services_down,
+ 	SUM(CASE WHEN status='unknown' THEN 1 ELSE 0 END) AS services_unknown,
+ 	AVG(avg_response_time) AS avg_response_time,
+ 	SUM(total_checks) AS total_checks           
+FROM monitor_states
+`
+
+type StatsRow struct {
+	TotalServices   int64    `db:"total_services" json:"total_services"`
+	ServicesUp      *float64 `db:"services_up" json:"services_up"`
+	ServicesDown    *float64 `db:"services_down" json:"services_down"`
+	ServicesUnknown *float64 `db:"services_unknown" json:"services_unknown"`
+	AvgResponseTime *float64 `db:"avg_response_time" json:"avg_response_time"`
+	TotalChecks     *float64 `db:"total_checks" json:"total_checks"`
+}
+
+func (q *Queries) Stats(ctx context.Context) (*StatsRow, error) {
+	row := q.db.QueryRowContext(ctx, stats)
+	var i StatsRow
+	err := row.Scan(
+		&i.TotalServices,
+		&i.ServicesUp,
+		&i.ServicesDown,
+		&i.ServicesUnknown,
+		&i.AvgResponseTime,
+		&i.TotalChecks,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitor_states/monitor_states_gen.sql.go b/internal/store/repos/repo_monitor_states/monitor_states_gen.sql.go
new file mode 100644
index 0000000..6ff6172
--- /dev/null
+++ b/internal/store/repos/repo_monitor_states/monitor_states_gen.sql.go
@@ -0,0 +1,148 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitor_states_gen.sql
+
+package repo_monitor_states
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO monitor_states (id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time, updated_at
+`
+
+type CreateParams struct {
+	ID                 string     `db:"id" json:"id"`
+	ProjectID          string     `db:"project_id" json:"project_id"`
+	MonitorID          string     `db:"monitor_id" json:"monitor_id"`
+	ResourceID         string     `db:"resource_id" json:"resource_id"`
+	AgentID            *string    `db:"agent_id" json:"agent_id"`
+	Severity           int64      `db:"severity" json:"severity"`
+	Status             string     `db:"status" json:"status"`
+	LastCheck          *time.Time `db:"last_check" json:"last_check"`
+	LastError          *string    `db:"last_error" json:"last_error"`
+	ConsecutiveFails   int64      `db:"consecutive_fails" json:"consecutive_fails"`
+	ConsecutiveSuccess int64      `db:"consecutive_success" json:"consecutive_success"`
+	TotalChecks        int64      `db:"total_checks" json:"total_checks"`
+	AvgResponseTime    int64      `db:"avg_response_time" json:"avg_response_time"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.MonitorState, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.MonitorID,
+		arg.ResourceID,
+		arg.AgentID,
+		arg.Severity,
+		arg.Status,
+		arg.LastCheck,
+		arg.LastError,
+		arg.ConsecutiveFails,
+		arg.ConsecutiveSuccess,
+		arg.TotalChecks,
+		arg.AvgResponseTime,
+	)
+	var i models.MonitorState
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.Severity,
+		&i.Status,
+		&i.LastCheck,
+		&i.LastError,
+		&i.ConsecutiveFails,
+		&i.ConsecutiveSuccess,
+		&i.TotalChecks,
+		&i.AvgResponseTime,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM monitor_states WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time, updated_at FROM monitor_states
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.MonitorState, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.MonitorState{}
+	for rows.Next() {
+		var i models.MonitorState
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.MonitorID,
+			&i.ResourceID,
+			&i.AgentID,
+			&i.Severity,
+			&i.Status,
+			&i.LastCheck,
+			&i.LastError,
+			&i.ConsecutiveFails,
+			&i.ConsecutiveSuccess,
+			&i.TotalChecks,
+			&i.AvgResponseTime,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time, updated_at FROM monitor_states WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.MonitorState, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.MonitorState
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.MonitorID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.Severity,
+		&i.Status,
+		&i.LastCheck,
+		&i.LastError,
+		&i.ConsecutiveFails,
+		&i.ConsecutiveSuccess,
+		&i.TotalChecks,
+		&i.AvgResponseTime,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitor_states/querier.go b/internal/store/repos/repo_monitor_states/querier.go
new file mode 100644
index 0000000..a52a797
--- /dev/null
+++ b/internal/store/repos/repo_monitor_states/querier.go
@@ -0,0 +1,23 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitor_states
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.MonitorState, error)
+	Delete(ctx context.Context, id string) error
+	DeleteByMonitorID(ctx context.Context, monitorID string) error
+	GetAll(ctx context.Context) ([]*models.MonitorState, error)
+	GetByID(ctx context.Context, id string) (*models.MonitorState, error)
+	GetByMonitorID(ctx context.Context, monitorID string) (*models.MonitorState, error)
+	Stats(ctx context.Context) (*StatsRow, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_monitors/constants_gen.go b/internal/store/repos/repo_monitors/constants_gen.go
new file mode 100755
index 0000000..43fc105
--- /dev/null
+++ b/internal/store/repos/repo_monitors/constants_gen.go
@@ -0,0 +1,65 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_monitors
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameMonitors TableName = "monitors"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameMonitorsId         ColumnName = "id"
+	ColumnNameMonitorsProjectId  ColumnName = "project_id"
+	ColumnNameMonitorsResourceId ColumnName = "resource_id"
+	ColumnNameMonitorsName       ColumnName = "name"
+	ColumnNameMonitorsKind       ColumnName = "kind"
+	ColumnNameMonitorsIsEnabled  ColumnName = "is_enabled"
+	ColumnNameMonitorsTags       ColumnName = "tags"
+	ColumnNameMonitorsCreatedAt  ColumnName = "created_at"
+	ColumnNameMonitorsUpdatedAt  ColumnName = "updated_at"
+)
+
+func MonitorsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameMonitorsId,
+		ColumnNameMonitorsProjectId,
+		ColumnNameMonitorsResourceId,
+		ColumnNameMonitorsName,
+		ColumnNameMonitorsKind,
+		ColumnNameMonitorsIsEnabled,
+		ColumnNameMonitorsTags,
+		ColumnNameMonitorsCreatedAt,
+		ColumnNameMonitorsUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_monitors/db.go b/internal/store/repos/repo_monitors/db.go
new file mode 100644
index 0000000..8f958c3
--- /dev/null
+++ b/internal/store/repos/repo_monitors/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitors
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_monitors/monitors.sql.go b/internal/store/repos/repo_monitors/monitors.sql.go
new file mode 100644
index 0000000..b66381f
--- /dev/null
+++ b/internal/store/repos/repo_monitors/monitors.sql.go
@@ -0,0 +1,128 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitors.sql
+
+package repo_monitors
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const exist = `-- name: Exist :one
+SELECT EXISTS (SELECT 1 FROM monitors WHERE id = ? LIMIT 1)
+`
+
+func (q *Queries) Exist(ctx context.Context, id string) (int64, error) {
+	row := q.db.QueryRowContext(ctx, exist, id)
+	var column_1 int64
+	err := row.Scan(&column_1)
+	return column_1, err
+}
+
+const getAllMonitorsByAgentID = `-- name: GetAllMonitorsByAgentID :many
+WITH
+  target_agent AS (
+    SELECT a.id, a.name, a.description, a.secret_hash, a.token_hint, a.fingerprint, a.kind, a.status, a.is_enabled, a.location, a.tags, a.config, a.system_info, a.project_id, a.last_seen_at, a.created_at, a.updated_at
+    FROM agents a
+    WHERE a.id = ?
+      AND a.is_enabled = 1
+  ),
+
+  override_monitors AS (
+    SELECT ma.monitor_id
+    FROM monitor_agents ma
+    JOIN target_agent ta ON ta.id = ma.agent_id
+  ),
+
+  monitors_with_override AS (
+    SELECT DISTINCT ma.monitor_id
+    FROM monitor_agents ma
+  ),
+
+  inherited_monitors AS (
+    SELECT m.id AS monitor_id
+    FROM monitors m
+    JOIN resources r        ON r.id = m.resource_id
+    JOIN target_agent ta    ON 1=1
+    JOIN resource_agents ra ON ra.resource_id = r.id
+                           AND ra.agent_id    = ta.id
+    WHERE m.is_enabled = 1
+      AND ta.is_enabled = 1
+      AND r.project_id  = ta.project_id
+      AND NOT EXISTS (SELECT 1
+                      FROM monitors_with_override o
+                      WHERE o.monitor_id = m.id)
+  ),
+
+  effective_monitors AS (
+    SELECT monitor_id FROM override_monitors
+    UNION
+    SELECT monitor_id FROM inherited_monitors
+  )
+
+SELECT
+  m.id, m.project_id, m.resource_id, m.name, m.kind, m.is_enabled, m.tags, m.created_at, m.updated_at,
+  mr.id      AS active_revision_id,
+  mr.config  AS active_revision_config
+FROM effective_monitors em
+JOIN monitors m             ON m.id = em.monitor_id
+JOIN resources r            ON r.id = m.resource_id
+JOIN target_agent ta        ON r.project_id = ta.project_id
+LEFT JOIN monitor_revisions mr
+       ON mr.monitor_id = m.id AND mr.is_active = 1
+ORDER BY m.resource_id, m.name
+`
+
+type GetAllMonitorsByAgentIDRow struct {
+	ID                   string             `db:"id" json:"id"`
+	ProjectID            string             `db:"project_id" json:"project_id"`
+	ResourceID           string             `db:"resource_id" json:"resource_id"`
+	Name                 string             `db:"name" json:"name"`
+	Kind                 string             `db:"kind" json:"kind"`
+	IsEnabled            bool               `db:"is_enabled" json:"is_enabled"`
+	Tags                 storecmn.JSONField `db:"tags" json:"tags"`
+	CreatedAt            time.Time          `db:"created_at" json:"created_at"`
+	UpdatedAt            time.Time          `db:"updated_at" json:"updated_at"`
+	ActiveRevisionID     *int64             `db:"active_revision_id" json:"active_revision_id"`
+	ActiveRevisionConfig json.RawMessage    `db:"active_revision_config" json:"active_revision_config"`
+}
+
+func (q *Queries) GetAllMonitorsByAgentID(ctx context.Context, id string) ([]*GetAllMonitorsByAgentIDRow, error) {
+	rows, err := q.db.QueryContext(ctx, getAllMonitorsByAgentID, id)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*GetAllMonitorsByAgentIDRow{}
+	for rows.Next() {
+		var i GetAllMonitorsByAgentIDRow
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.ResourceID,
+			&i.Name,
+			&i.Kind,
+			&i.IsEnabled,
+			&i.Tags,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.ActiveRevisionID,
+			&i.ActiveRevisionConfig,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
diff --git a/internal/store/repos/repo_monitors/monitors_gen.sql.go b/internal/store/repos/repo_monitors/monitors_gen.sql.go
new file mode 100644
index 0000000..75bdfae
--- /dev/null
+++ b/internal/store/repos/repo_monitors/monitors_gen.sql.go
@@ -0,0 +1,121 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: monitors_gen.sql
+
+package repo_monitors
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO monitors (id, project_id, resource_id, name, kind, is_enabled, tags)
+	VALUES (?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, project_id, resource_id, name, kind, is_enabled, tags, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID         string             `db:"id" json:"id"`
+	ProjectID  string             `db:"project_id" json:"project_id"`
+	ResourceID string             `db:"resource_id" json:"resource_id"`
+	Name       string             `db:"name" json:"name"`
+	Kind       string             `db:"kind" json:"kind"`
+	IsEnabled  bool               `db:"is_enabled" json:"is_enabled"`
+	Tags       storecmn.JSONField `db:"tags" json:"tags"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Monitor, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.ResourceID,
+		arg.Name,
+		arg.Kind,
+		arg.IsEnabled,
+		arg.Tags,
+	)
+	var i models.Monitor
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.ResourceID,
+		&i.Name,
+		&i.Kind,
+		&i.IsEnabled,
+		&i.Tags,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM monitors WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, project_id, resource_id, name, kind, is_enabled, tags, created_at, updated_at FROM monitors
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.Monitor, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.Monitor{}
+	for rows.Next() {
+		var i models.Monitor
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.ResourceID,
+			&i.Name,
+			&i.Kind,
+			&i.IsEnabled,
+			&i.Tags,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, resource_id, name, kind, is_enabled, tags, created_at, updated_at FROM monitors WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Monitor, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Monitor
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.ResourceID,
+		&i.Name,
+		&i.Kind,
+		&i.IsEnabled,
+		&i.Tags,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_monitors/querier.go b/internal/store/repos/repo_monitors/querier.go
new file mode 100644
index 0000000..c3cf273
--- /dev/null
+++ b/internal/store/repos/repo_monitors/querier.go
@@ -0,0 +1,22 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_monitors
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Monitor, error)
+	Delete(ctx context.Context, id string) error
+	Exist(ctx context.Context, id string) (int64, error)
+	GetAll(ctx context.Context) ([]*models.Monitor, error)
+	GetAllMonitorsByAgentID(ctx context.Context, id string) ([]*GetAllMonitorsByAgentIDRow, error)
+	GetByID(ctx context.Context, id string) (*models.Monitor, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_notification_history/constants_gen.go b/internal/store/repos/repo_notification_history/constants_gen.go
new file mode 100755
index 0000000..a8ce37e
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/constants_gen.go
@@ -0,0 +1,71 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_notification_history
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameNotificationHistory TableName = "notification_history"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameNotificationHistoryId            ColumnName = "id"
+	ColumnNameNotificationHistoryAlertId       ColumnName = "alert_id"
+	ColumnNameNotificationHistoryProviderId    ColumnName = "provider_id"
+	ColumnNameNotificationHistoryMessage       ColumnName = "message"
+	ColumnNameNotificationHistoryStatus        ColumnName = "status"
+	ColumnNameNotificationHistoryResponse      ColumnName = "response"
+	ColumnNameNotificationHistoryAttempts      ColumnName = "attempts"
+	ColumnNameNotificationHistoryErrorMessage  ColumnName = "error_message"
+	ColumnNameNotificationHistoryLastAttemptAt ColumnName = "last_attempt_at"
+	ColumnNameNotificationHistorySentAt        ColumnName = "sent_at"
+	ColumnNameNotificationHistoryCreatedAt     ColumnName = "created_at"
+	ColumnNameNotificationHistoryUpdatedAt     ColumnName = "updated_at"
+)
+
+func NotificationHistoryColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameNotificationHistoryId,
+		ColumnNameNotificationHistoryAlertId,
+		ColumnNameNotificationHistoryProviderId,
+		ColumnNameNotificationHistoryMessage,
+		ColumnNameNotificationHistoryStatus,
+		ColumnNameNotificationHistoryResponse,
+		ColumnNameNotificationHistoryAttempts,
+		ColumnNameNotificationHistoryErrorMessage,
+		ColumnNameNotificationHistoryLastAttemptAt,
+		ColumnNameNotificationHistorySentAt,
+		ColumnNameNotificationHistoryCreatedAt,
+		ColumnNameNotificationHistoryUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_notification_history/custom.go b/internal/store/repos/repo_notification_history/custom.go
new file mode 100644
index 0000000..c1d2c4c
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/custom.go
@@ -0,0 +1,35 @@
+package repo_notification_history
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ICustomQuerier interface {
+	Querier
+	Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.NotificationHistoryView], error)
+}
+
+type CustomQueries struct {
+	*Queries
+	db DBTX
+}
+
+func NewCustom(db DBTX) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(db),
+		db:      db,
+	}
+}
+
+func (s *CustomQueries) WithTx(tx *sql.Tx) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(tx),
+		db:      tx,
+	}
+}
+
+var _ ICustomQuerier = (*CustomQueries)(nil)
diff --git a/internal/store/repos/repo_notification_history/db.go b/internal/store/repos/repo_notification_history/db.go
new file mode 100644
index 0000000..e31203b
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_notification_history
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_notification_history/find.go b/internal/store/repos/repo_notification_history/find.go
new file mode 100644
index 0000000..c5b85b0
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/find.go
@@ -0,0 +1,71 @@
+package repo_notification_history
+
+import (
+	"context"
+
+	"github.com/georgysavva/scany/v2/sqlscan"
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type FindParams struct {
+	Status   string
+	OrderBy  string
+	Page     *uint32
+	PageSize *uint32
+}
+
+func findBuilder(params FindParams, col ...string) *sqlbuilder.SelectBuilder {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select(col...)
+	sb.From(TableNameNotificationHistory.String() + " h")
+
+	if params.Status != "" {
+		sb.Where(sb.Equal("status", params.Status))
+	}
+
+	return sb
+}
+
+// Find returns list of notification histories by given filters with pagination
+func (s *CustomQueries) Find(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.NotificationHistoryView], error) {
+	columns := NotificationHistoryColumnNames().Strings()
+	for i := range columns {
+		columns[i] = "h." + columns[i]
+	}
+	// columns = append(columns, "s.name AS service_name")
+
+	sb := findBuilder(params, columns...)
+	// sb.JoinWithOption(sqlbuilder.LeftJoin, "monitors m", "h.monitor_id is not null and h.monitor_id = m.id")
+
+	if params.OrderBy == "" {
+		params.OrderBy = "created_at"
+	}
+
+	sb.OrderByDesc("h." + params.OrderBy)
+
+	limit, offset, err := storecmn.Pagination(params.Page, params.PageSize)
+	if err != nil {
+		return nil, err
+	}
+	sb.Limit(int(limit)).Offset(int(offset))
+
+	items := []*models.NotificationHistoryView{}
+	sql, args := sb.Build()
+	if err := sqlscan.Select(ctx, s.db, &items, sql, args...); err != nil {
+		return nil, err
+	}
+
+	// Get total count of services
+	var totalCount uint32
+	countSQL, countArgs := findBuilder(params, "count(*)").Build()
+	if err := sqlscan.Get(ctx, s.db, &totalCount, countSQL, countArgs...); err != nil {
+		return nil, err
+	}
+
+	return &storecmn.FindResponseWithCount[*models.NotificationHistoryView]{
+		Count: totalCount,
+		Items: items,
+	}, nil
+}
diff --git a/internal/store/repos/repo_notification_history/notification_history.sql.go b/internal/store/repos/repo_notification_history/notification_history.sql.go
new file mode 100644
index 0000000..fad94d7
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/notification_history.sql.go
@@ -0,0 +1,138 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: notification_history.sql
+
+package repo_notification_history
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const deleteAllByProjectID = `-- name: DeleteAllByProjectID :exec
+DELETE FROM notification_history
+  WHERE provider_id in (
+    SELECT id FROM notification_providers WHERE project_id = ?
+  )
+`
+
+func (q *Queries) DeleteAllByProjectID(ctx context.Context, projectID string) error {
+	_, err := q.db.ExecContext(ctx, deleteAllByProjectID, projectID)
+	return err
+}
+
+const getAllUnsent = `-- name: GetAllUnsent :many
+SELECT
+    h.id, h.alert_id, h.provider_id, h.message, h.status, h.response, h.attempts, h.error_message, h.last_attempt_at, h.sent_at, h.created_at, h.updated_at,
+    p.provider_type,
+    p.config,
+    p.project_id
+  FROM notification_history h
+  LEFT JOIN notification_providers p ON p.id = h.provider_id
+  WHERE
+    h.status != 'sent' AND
+    p.is_enabled = true
+  ORDER BY h.created_at ASC
+  LIMIT 100
+`
+
+type GetAllUnsentRow struct {
+	ID            string                          `db:"id" json:"id"`
+	AlertID       *string                         `db:"alert_id" json:"alert_id"`
+	ProviderID    string                          `db:"provider_id" json:"provider_id"`
+	Message       string                          `db:"message" json:"message"`
+	Status        string                          `db:"status" json:"status"`
+	Response      *string                         `db:"response" json:"response"`
+	Attempts      int64                           `db:"attempts" json:"attempts"`
+	ErrorMessage  *string                         `db:"error_message" json:"error_message"`
+	LastAttemptAt *time.Time                      `db:"last_attempt_at" json:"last_attempt_at"`
+	SentAt        *time.Time                      `db:"sent_at" json:"sent_at"`
+	CreatedAt     time.Time                       `db:"created_at" json:"created_at"`
+	UpdatedAt     time.Time                       `db:"updated_at" json:"updated_at"`
+	ProviderType  models.NotificationProviderType `db:"provider_type" json:"provider_type"`
+	Config        storecmn.JSONField              `db:"config" json:"config"`
+	ProjectID     *string                         `db:"project_id" json:"project_id"`
+}
+
+func (q *Queries) GetAllUnsent(ctx context.Context) ([]*GetAllUnsentRow, error) {
+	rows, err := q.db.QueryContext(ctx, getAllUnsent)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*GetAllUnsentRow{}
+	for rows.Next() {
+		var i GetAllUnsentRow
+		if err := rows.Scan(
+			&i.ID,
+			&i.AlertID,
+			&i.ProviderID,
+			&i.Message,
+			&i.Status,
+			&i.Response,
+			&i.Attempts,
+			&i.ErrorMessage,
+			&i.LastAttemptAt,
+			&i.SentAt,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+			&i.ProviderType,
+			&i.Config,
+			&i.ProjectID,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const incrementAttempt = `-- name: IncrementAttempt :exec
+UPDATE notification_history
+  SET
+    response = ?,
+    attempts = attempts + 1,
+    error_message = ?,
+    last_attempt_at = CURRENT_TIMESTAMP,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?
+`
+
+type IncrementAttemptParams struct {
+	Response     *string `db:"response" json:"response"`
+	ErrorMessage *string `db:"error_message" json:"error_message"`
+	ID           string  `db:"id" json:"id"`
+}
+
+func (q *Queries) IncrementAttempt(ctx context.Context, arg IncrementAttemptParams) error {
+	_, err := q.db.ExecContext(ctx, incrementAttempt, arg.Response, arg.ErrorMessage, arg.ID)
+	return err
+}
+
+const markAsSent = `-- name: MarkAsSent :exec
+UPDATE notification_history
+  SET
+    status = 'sent',
+    response = ?,
+    attempts = attempts + 1,
+    error_message = NULL,
+    last_attempt_at = CURRENT_TIMESTAMP,
+    sent_at = CURRENT_TIMESTAMP,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?
+`
+
+func (q *Queries) MarkAsSent(ctx context.Context, response *string, iD string) error {
+	_, err := q.db.ExecContext(ctx, markAsSent, response, iD)
+	return err
+}
diff --git a/internal/store/repos/repo_notification_history/notification_history_gen.sql.go b/internal/store/repos/repo_notification_history/notification_history_gen.sql.go
new file mode 100644
index 0000000..369d99c
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/notification_history_gen.sql.go
@@ -0,0 +1,50 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: notification_history_gen.sql
+
+package repo_notification_history
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO notification_history (id, alert_id, provider_id, message)
+	VALUES (?, ?, ?, ?)
+	RETURNING id, alert_id, provider_id, message, status, response, attempts, error_message, last_attempt_at, sent_at, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID         string  `db:"id" json:"id"`
+	AlertID    *string `db:"alert_id" json:"alert_id"`
+	ProviderID string  `db:"provider_id" json:"provider_id"`
+	Message    string  `db:"message" json:"message"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.NotificationHistory, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.AlertID,
+		arg.ProviderID,
+		arg.Message,
+	)
+	var i models.NotificationHistory
+	err := row.Scan(
+		&i.ID,
+		&i.AlertID,
+		&i.ProviderID,
+		&i.Message,
+		&i.Status,
+		&i.Response,
+		&i.Attempts,
+		&i.ErrorMessage,
+		&i.LastAttemptAt,
+		&i.SentAt,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_notification_history/querier.go b/internal/store/repos/repo_notification_history/querier.go
new file mode 100644
index 0000000..93322f3
--- /dev/null
+++ b/internal/store/repos/repo_notification_history/querier.go
@@ -0,0 +1,21 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_notification_history
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.NotificationHistory, error)
+	DeleteAllByProjectID(ctx context.Context, projectID string) error
+	GetAllUnsent(ctx context.Context) ([]*GetAllUnsentRow, error)
+	IncrementAttempt(ctx context.Context, arg IncrementAttemptParams) error
+	MarkAsSent(ctx context.Context, response *string, iD string) error
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_notification_providers/constants_gen.go b/internal/store/repos/repo_notification_providers/constants_gen.go
new file mode 100755
index 0000000..3142069
--- /dev/null
+++ b/internal/store/repos/repo_notification_providers/constants_gen.go
@@ -0,0 +1,61 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_notification_providers
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameNotificationProviders TableName = "notification_providers"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameNotificationProvidersId           ColumnName = "id"
+	ColumnNameNotificationProvidersProviderType ColumnName = "provider_type"
+	ColumnNameNotificationProvidersConfig       ColumnName = "config"
+	ColumnNameNotificationProvidersIsEnabled    ColumnName = "is_enabled"
+	ColumnNameNotificationProvidersProjectId    ColumnName = "project_id"
+	ColumnNameNotificationProvidersCreatedAt    ColumnName = "created_at"
+	ColumnNameNotificationProvidersUpdatedAt    ColumnName = "updated_at"
+)
+
+func NotificationProvidersColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameNotificationProvidersId,
+		ColumnNameNotificationProvidersProviderType,
+		ColumnNameNotificationProvidersConfig,
+		ColumnNameNotificationProvidersIsEnabled,
+		ColumnNameNotificationProvidersProjectId,
+		ColumnNameNotificationProvidersCreatedAt,
+		ColumnNameNotificationProvidersUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_notification_providers/db.go b/internal/store/repos/repo_notification_providers/db.go
new file mode 100644
index 0000000..7acdc90
--- /dev/null
+++ b/internal/store/repos/repo_notification_providers/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_notification_providers
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_notification_providers/notification_providers.sql.go b/internal/store/repos/repo_notification_providers/notification_providers.sql.go
new file mode 100644
index 0000000..dba32bb
--- /dev/null
+++ b/internal/store/repos/repo_notification_providers/notification_providers.sql.go
@@ -0,0 +1,75 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: notification_providers.sql
+
+package repo_notification_providers
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const getAllEnabled = `-- name: GetAllEnabled :many
+SELECT id, provider_type, config, is_enabled, project_id, created_at, updated_at FROM notification_providers WHERE is_enabled=true AND project_id = ?
+`
+
+func (q *Queries) GetAllEnabled(ctx context.Context, projectID string) ([]*models.NotificationProvider, error) {
+	rows, err := q.db.QueryContext(ctx, getAllEnabled, projectID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.NotificationProvider{}
+	for rows.Next() {
+		var i models.NotificationProvider
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProviderType,
+			&i.Config,
+			&i.IsEnabled,
+			&i.ProjectID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const update = `-- name: Update :exec
+UPDATE notification_providers
+  SET
+    provider_type = ?,
+    config = ?,
+    is_enabled = ?,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?
+`
+
+type UpdateParams struct {
+	ProviderType models.NotificationProviderType `db:"provider_type" json:"provider_type"`
+	Config       storecmn.JSONField              `db:"config" json:"config"`
+	IsEnabled    bool                            `db:"is_enabled" json:"is_enabled"`
+	ID           string                          `db:"id" json:"id"`
+}
+
+func (q *Queries) Update(ctx context.Context, arg UpdateParams) error {
+	_, err := q.db.ExecContext(ctx, update,
+		arg.ProviderType,
+		arg.Config,
+		arg.IsEnabled,
+		arg.ID,
+	)
+	return err
+}
diff --git a/internal/store/repos/repo_notification_providers/notification_providers_gen.sql.go b/internal/store/repos/repo_notification_providers/notification_providers_gen.sql.go
new file mode 100644
index 0000000..d5a537b
--- /dev/null
+++ b/internal/store/repos/repo_notification_providers/notification_providers_gen.sql.go
@@ -0,0 +1,111 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: notification_providers_gen.sql
+
+package repo_notification_providers
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+const create = `-- name: Create :one
+INSERT INTO notification_providers (id, provider_type, config, is_enabled, project_id)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, provider_type, config, is_enabled, project_id, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID           string                          `db:"id" json:"id"`
+	ProviderType models.NotificationProviderType `db:"provider_type" json:"provider_type"`
+	Config       storecmn.JSONField              `db:"config" json:"config"`
+	IsEnabled    bool                            `db:"is_enabled" json:"is_enabled"`
+	ProjectID    string                          `db:"project_id" json:"project_id"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.NotificationProvider, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProviderType,
+		arg.Config,
+		arg.IsEnabled,
+		arg.ProjectID,
+	)
+	var i models.NotificationProvider
+	err := row.Scan(
+		&i.ID,
+		&i.ProviderType,
+		&i.Config,
+		&i.IsEnabled,
+		&i.ProjectID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM notification_providers WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, provider_type, config, is_enabled, project_id, created_at, updated_at FROM notification_providers WHERE project_id=?
+`
+
+func (q *Queries) GetAll(ctx context.Context, projectID string) ([]*models.NotificationProvider, error) {
+	rows, err := q.db.QueryContext(ctx, getAll, projectID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.NotificationProvider{}
+	for rows.Next() {
+		var i models.NotificationProvider
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProviderType,
+			&i.Config,
+			&i.IsEnabled,
+			&i.ProjectID,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, provider_type, config, is_enabled, project_id, created_at, updated_at FROM notification_providers WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.NotificationProvider, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.NotificationProvider
+	err := row.Scan(
+		&i.ID,
+		&i.ProviderType,
+		&i.Config,
+		&i.IsEnabled,
+		&i.ProjectID,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_notification_providers/querier.go b/internal/store/repos/repo_notification_providers/querier.go
new file mode 100644
index 0000000..65b7cec
--- /dev/null
+++ b/internal/store/repos/repo_notification_providers/querier.go
@@ -0,0 +1,22 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_notification_providers
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.NotificationProvider, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context, projectID string) ([]*models.NotificationProvider, error)
+	GetAllEnabled(ctx context.Context, projectID string) ([]*models.NotificationProvider, error)
+	GetByID(ctx context.Context, id string) (*models.NotificationProvider, error)
+	Update(ctx context.Context, arg UpdateParams) error
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_projects/constants_gen.go b/internal/store/repos/repo_projects/constants_gen.go
new file mode 100755
index 0000000..a0cc725
--- /dev/null
+++ b/internal/store/repos/repo_projects/constants_gen.go
@@ -0,0 +1,59 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_projects
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameProjects TableName = "projects"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameProjectsId          ColumnName = "id"
+	ColumnNameProjectsName        ColumnName = "name"
+	ColumnNameProjectsDescription ColumnName = "description"
+	ColumnNameProjectsSettings    ColumnName = "settings"
+	ColumnNameProjectsCreatedAt   ColumnName = "created_at"
+	ColumnNameProjectsUpdatedAt   ColumnName = "updated_at"
+)
+
+func ProjectsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameProjectsId,
+		ColumnNameProjectsName,
+		ColumnNameProjectsDescription,
+		ColumnNameProjectsSettings,
+		ColumnNameProjectsCreatedAt,
+		ColumnNameProjectsUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_projects/db.go b/internal/store/repos/repo_projects/db.go
new file mode 100644
index 0000000..ea2d692
--- /dev/null
+++ b/internal/store/repos/repo_projects/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_projects
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_projects/projects_gen.sql.go b/internal/store/repos/repo_projects/projects_gen.sql.go
new file mode 100644
index 0000000..3123cbb
--- /dev/null
+++ b/internal/store/repos/repo_projects/projects_gen.sql.go
@@ -0,0 +1,138 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: projects_gen.sql
+
+package repo_projects
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO projects (id, name, description, settings)
+	VALUES (?, ?, ?, ?)
+	RETURNING id, name, description, settings, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID          string                 `db:"id" json:"id" validate:"required"`
+	Name        string                 `db:"name" json:"name" validate:"required"`
+	Description string                 `db:"description" json:"description"`
+	Settings    models.ProjectSettings `db:"settings" json:"settings"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Project, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.Name,
+		arg.Description,
+		arg.Settings,
+	)
+	var i models.Project
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.Settings,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM projects WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, name, description, settings, created_at, updated_at FROM projects
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.Project, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.Project{}
+	for rows.Next() {
+		var i models.Project
+		if err := rows.Scan(
+			&i.ID,
+			&i.Name,
+			&i.Description,
+			&i.Settings,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, name, description, settings, created_at, updated_at FROM projects WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Project, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Project
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.Settings,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const update = `-- name: Update :one
+UPDATE projects
+	SET name=?, description=?, settings=?, updated_at=CURRENT_TIMESTAMP
+	WHERE id=?
+	RETURNING id, name, description, settings, created_at, updated_at
+`
+
+type UpdateParams struct {
+	Name        string                 `db:"name" json:"name" validate:"required"`
+	Description string                 `db:"description" json:"description"`
+	Settings    models.ProjectSettings `db:"settings" json:"settings"`
+	ID          string                 `db:"id" json:"id" validate:"required"`
+}
+
+func (q *Queries) Update(ctx context.Context, arg UpdateParams) (*models.Project, error) {
+	row := q.db.QueryRowContext(ctx, update,
+		arg.Name,
+		arg.Description,
+		arg.Settings,
+		arg.ID,
+	)
+	var i models.Project
+	err := row.Scan(
+		&i.ID,
+		&i.Name,
+		&i.Description,
+		&i.Settings,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_projects/querier.go b/internal/store/repos/repo_projects/querier.go
new file mode 100644
index 0000000..40f019e
--- /dev/null
+++ b/internal/store/repos/repo_projects/querier.go
@@ -0,0 +1,21 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_projects
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Project, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context) ([]*models.Project, error)
+	GetByID(ctx context.Context, id string) (*models.Project, error)
+	Update(ctx context.Context, arg UpdateParams) (*models.Project, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_resource_agents/constants_gen.go b/internal/store/repos/repo_resource_agents/constants_gen.go
new file mode 100755
index 0000000..3296741
--- /dev/null
+++ b/internal/store/repos/repo_resource_agents/constants_gen.go
@@ -0,0 +1,57 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_resource_agents
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameResourceAgents TableName = "resource_agents"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameResourceAgentsId         ColumnName = "id"
+	ColumnNameResourceAgentsResourceId ColumnName = "resource_id"
+	ColumnNameResourceAgentsAgentId    ColumnName = "agent_id"
+	ColumnNameResourceAgentsProjectId  ColumnName = "project_id"
+	ColumnNameResourceAgentsCreatedAt  ColumnName = "created_at"
+)
+
+func ResourceAgentsColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameResourceAgentsId,
+		ColumnNameResourceAgentsResourceId,
+		ColumnNameResourceAgentsAgentId,
+		ColumnNameResourceAgentsProjectId,
+		ColumnNameResourceAgentsCreatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_resource_agents/db.go b/internal/store/repos/repo_resource_agents/db.go
new file mode 100644
index 0000000..85bbea4
--- /dev/null
+++ b/internal/store/repos/repo_resource_agents/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_resource_agents
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_resource_agents/querier.go b/internal/store/repos/repo_resource_agents/querier.go
new file mode 100644
index 0000000..9010f0e
--- /dev/null
+++ b/internal/store/repos/repo_resource_agents/querier.go
@@ -0,0 +1,25 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_resource_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	CountByResourceID(ctx context.Context, resourceID string) (int64, error)
+	Create(ctx context.Context, arg CreateParams) (*models.ResourceAgent, error)
+	Delete(ctx context.Context, id string) error
+	DeleteByResourceID(ctx context.Context, resourceID string) error
+	DeleteByResourceIDAndAgentID(ctx context.Context, resourceID string, agentID string) error
+	ExistsByResourceIDAndAgentID(ctx context.Context, resourceID string, agentID string) (int64, error)
+	GetAll(ctx context.Context) ([]*models.ResourceAgent, error)
+	GetAllByResourceID(ctx context.Context, resourceID string) ([]*models.ResourceAgent, error)
+	GetByID(ctx context.Context, id string) (*models.ResourceAgent, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_resource_agents/resource_agents.sql.go b/internal/store/repos/repo_resource_agents/resource_agents.sql.go
new file mode 100644
index 0000000..6d55fe7
--- /dev/null
+++ b/internal/store/repos/repo_resource_agents/resource_agents.sql.go
@@ -0,0 +1,85 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: resource_agents.sql
+
+package repo_resource_agents
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const countByResourceID = `-- name: CountByResourceID :one
+SELECT COUNT(*) FROM resource_agents WHERE resource_id=?
+`
+
+func (q *Queries) CountByResourceID(ctx context.Context, resourceID string) (int64, error) {
+	row := q.db.QueryRowContext(ctx, countByResourceID, resourceID)
+	var count int64
+	err := row.Scan(&count)
+	return count, err
+}
+
+const deleteByResourceID = `-- name: DeleteByResourceID :exec
+DELETE FROM resource_agents WHERE resource_id=?
+`
+
+func (q *Queries) DeleteByResourceID(ctx context.Context, resourceID string) error {
+	_, err := q.db.ExecContext(ctx, deleteByResourceID, resourceID)
+	return err
+}
+
+const deleteByResourceIDAndAgentID = `-- name: DeleteByResourceIDAndAgentID :exec
+DELETE FROM resource_agents WHERE resource_id=? AND agent_id=?
+`
+
+func (q *Queries) DeleteByResourceIDAndAgentID(ctx context.Context, resourceID string, agentID string) error {
+	_, err := q.db.ExecContext(ctx, deleteByResourceIDAndAgentID, resourceID, agentID)
+	return err
+}
+
+const existsByResourceIDAndAgentID = `-- name: ExistsByResourceIDAndAgentID :one
+SELECT EXISTS (SELECT 1 FROM resource_agents WHERE resource_id=? AND agent_id=? LIMIT 1)
+`
+
+func (q *Queries) ExistsByResourceIDAndAgentID(ctx context.Context, resourceID string, agentID string) (int64, error) {
+	row := q.db.QueryRowContext(ctx, existsByResourceIDAndAgentID, resourceID, agentID)
+	var column_1 int64
+	err := row.Scan(&column_1)
+	return column_1, err
+}
+
+const getAllByResourceID = `-- name: GetAllByResourceID :many
+SELECT id, resource_id, agent_id, project_id, created_at FROM resource_agents WHERE resource_id=?
+`
+
+func (q *Queries) GetAllByResourceID(ctx context.Context, resourceID string) ([]*models.ResourceAgent, error) {
+	rows, err := q.db.QueryContext(ctx, getAllByResourceID, resourceID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.ResourceAgent{}
+	for rows.Next() {
+		var i models.ResourceAgent
+		if err := rows.Scan(
+			&i.ID,
+			&i.ResourceID,
+			&i.AgentID,
+			&i.ProjectID,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
diff --git a/internal/store/repos/repo_resource_agents/resource_agents_gen.sql.go b/internal/store/repos/repo_resource_agents/resource_agents_gen.sql.go
new file mode 100644
index 0000000..efaab4e
--- /dev/null
+++ b/internal/store/repos/repo_resource_agents/resource_agents_gen.sql.go
@@ -0,0 +1,105 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: resource_agents_gen.sql
+
+package repo_resource_agents
+
+import (
+	"context"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO resource_agents (id, resource_id, agent_id, project_id, created_at)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING id, resource_id, agent_id, project_id, created_at
+`
+
+type CreateParams struct {
+	ID         string    `db:"id" json:"id"`
+	ResourceID string    `db:"resource_id" json:"resource_id"`
+	AgentID    string    `db:"agent_id" json:"agent_id"`
+	ProjectID  string    `db:"project_id" json:"project_id"`
+	CreatedAt  time.Time `db:"created_at" json:"created_at"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.ResourceAgent, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ResourceID,
+		arg.AgentID,
+		arg.ProjectID,
+		arg.CreatedAt,
+	)
+	var i models.ResourceAgent
+	err := row.Scan(
+		&i.ID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.ProjectID,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM resource_agents WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, resource_id, agent_id, project_id, created_at FROM resource_agents
+`
+
+func (q *Queries) GetAll(ctx context.Context) ([]*models.ResourceAgent, error) {
+	rows, err := q.db.QueryContext(ctx, getAll)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.ResourceAgent{}
+	for rows.Next() {
+		var i models.ResourceAgent
+		if err := rows.Scan(
+			&i.ID,
+			&i.ResourceID,
+			&i.AgentID,
+			&i.ProjectID,
+			&i.CreatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, resource_id, agent_id, project_id, created_at FROM resource_agents WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.ResourceAgent, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.ResourceAgent
+	err := row.Scan(
+		&i.ID,
+		&i.ResourceID,
+		&i.AgentID,
+		&i.ProjectID,
+		&i.CreatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_resources/constants_gen.go b/internal/store/repos/repo_resources/constants_gen.go
new file mode 100755
index 0000000..1d2c99f
--- /dev/null
+++ b/internal/store/repos/repo_resources/constants_gen.go
@@ -0,0 +1,65 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.13
+package repo_resources
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameResources TableName = "resources"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameResourcesId          ColumnName = "id"
+	ColumnNameResourcesProjectId   ColumnName = "project_id"
+	ColumnNameResourcesName        ColumnName = "name"
+	ColumnNameResourcesDescription ColumnName = "description"
+	ColumnNameResourcesKind        ColumnName = "kind"
+	ColumnNameResourcesTags        ColumnName = "tags"
+	ColumnNameResourcesPayload     ColumnName = "payload"
+	ColumnNameResourcesCreatedAt   ColumnName = "created_at"
+	ColumnNameResourcesUpdatedAt   ColumnName = "updated_at"
+)
+
+func ResourcesColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameResourcesId,
+		ColumnNameResourcesProjectId,
+		ColumnNameResourcesName,
+		ColumnNameResourcesDescription,
+		ColumnNameResourcesKind,
+		ColumnNameResourcesTags,
+		ColumnNameResourcesPayload,
+		ColumnNameResourcesCreatedAt,
+		ColumnNameResourcesUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_resources/db.go b/internal/store/repos/repo_resources/db.go
new file mode 100644
index 0000000..093b66f
--- /dev/null
+++ b/internal/store/repos/repo_resources/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_resources
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_resources/querier.go b/internal/store/repos/repo_resources/querier.go
new file mode 100644
index 0000000..1f0992d
--- /dev/null
+++ b/internal/store/repos/repo_resources/querier.go
@@ -0,0 +1,20 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_resources
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	Create(ctx context.Context, arg CreateParams) (*models.Resource, error)
+	Delete(ctx context.Context, id string) error
+	GetAll(ctx context.Context, projectID string) ([]*models.Resource, error)
+	GetByID(ctx context.Context, id string) (*models.Resource, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_resources/resources_gen.sql.go b/internal/store/repos/repo_resources/resources_gen.sql.go
new file mode 100644
index 0000000..1a55db9
--- /dev/null
+++ b/internal/store/repos/repo_resources/resources_gen.sql.go
@@ -0,0 +1,120 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: resources_gen.sql
+
+package repo_resources
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO resources (id, project_id, name, description, kind, tags, payload)
+	VALUES (?, ?, ?, ?, ?, ?, ?)
+	RETURNING id, project_id, name, description, kind, tags, payload, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID          string                  `db:"id" json:"id"`
+	ProjectID   string                  `db:"project_id" json:"project_id"`
+	Name        string                  `db:"name" json:"name"`
+	Description string                  `db:"description" json:"description"`
+	Kind        models.ResourceKindType `db:"kind" json:"kind"`
+	Tags        models.Tags             `db:"tags" json:"tags"`
+	Payload     models.ResourcePayload  `db:"payload" json:"payload"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.Resource, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.ProjectID,
+		arg.Name,
+		arg.Description,
+		arg.Kind,
+		arg.Tags,
+		arg.Payload,
+	)
+	var i models.Resource
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.Name,
+		&i.Description,
+		&i.Kind,
+		&i.Tags,
+		&i.Payload,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM resources WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getAll = `-- name: GetAll :many
+SELECT id, project_id, name, description, kind, tags, payload, created_at, updated_at FROM resources WHERE project_id=?
+`
+
+func (q *Queries) GetAll(ctx context.Context, projectID string) ([]*models.Resource, error) {
+	rows, err := q.db.QueryContext(ctx, getAll, projectID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	items := []*models.Resource{}
+	for rows.Next() {
+		var i models.Resource
+		if err := rows.Scan(
+			&i.ID,
+			&i.ProjectID,
+			&i.Name,
+			&i.Description,
+			&i.Kind,
+			&i.Tags,
+			&i.Payload,
+			&i.CreatedAt,
+			&i.UpdatedAt,
+		); err != nil {
+			return nil, err
+		}
+		items = append(items, &i)
+	}
+	if err := rows.Close(); err != nil {
+		return nil, err
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, project_id, name, description, kind, tags, payload, created_at, updated_at FROM resources WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.Resource, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.Resource
+	err := row.Scan(
+		&i.ID,
+		&i.ProjectID,
+		&i.Name,
+		&i.Description,
+		&i.Kind,
+		&i.Tags,
+		&i.Payload,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_service_states/types.go b/internal/store/repos/repo_service_states/types.go
new file mode 100644
index 0000000..ee26a52
--- /dev/null
+++ b/internal/store/repos/repo_service_states/types.go
@@ -0,0 +1,48 @@
+package repo_service_states
+
+type ServicesStats struct {
+	TotalServices   int64
+	ServicesUp      int64
+	ServicesDown    int64
+	ServicesUnknown int64
+	AvgResponseTime int64
+	TotalChecks     int64
+}
+
+// func (s StatsRow) ToDomain() *ServicesStats {
+// 	var servicesUp int64
+// 	if s.ServicesUp != nil {
+// 		servicesUp = int64(*s.ServicesUp)
+// 	}
+
+// 	var servicesDown int64
+// 	if s.ServicesDown != nil {
+// 		servicesDown = int64(*s.ServicesDown)
+// 	}
+
+// 	var servicesUnknown int64
+// 	if s.ServicesUnknown != nil {
+// 		servicesUnknown = int64(*s.ServicesUnknown)
+// 	}
+
+// 	var avgResponseTime int64
+// 	if s.AvgResponseTime != nil {
+// 		avgResponseTime = int64(*s.AvgResponseTime)
+// 	}
+
+// 	var totalChecks int64
+// 	if s.TotalChecks != nil {
+// 		totalChecks = int64(*s.TotalChecks)
+// 	}
+
+// 	dto := &ServicesStats{
+// 		TotalServices:   s.TotalServices,
+// 		ServicesUp:      servicesUp,
+// 		ServicesDown:    servicesDown,
+// 		ServicesUnknown: servicesUnknown,
+// 		AvgResponseTime: avgResponseTime,
+// 		TotalChecks:     totalChecks,
+// 	}
+
+// 	return dto
+// }
diff --git a/internal/store/repos/repo_service_states/update.go b/internal/store/repos/repo_service_states/update.go
new file mode 100644
index 0000000..85fa85f
--- /dev/null
+++ b/internal/store/repos/repo_service_states/update.go
@@ -0,0 +1,74 @@
+package repo_service_states
+
+// import (
+// 	"context"
+// 	"fmt"
+// 	"slices"
+
+// 	"github.com/huandu/go-sqlbuilder"
+// 	"github.com/samber/lo"
+// 	"github.com/sxwebdev/sentinel/internal/models"
+// 	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+// 	"github.com/tkcrm/modules/pkg/db/dbutils"
+// 	"github.com/tkcrm/modules/pkg/utils"
+// )
+
+// var availableUpdateColumns = lo.Filter(ServiceStatesColumnNames(), func(item ColumnName, _ int) bool {
+// 	return !slices.Contains([]ColumnName{
+// 		ColumnNameServiceStatesId,
+// 		ColumnNameServiceStatesCreatedAt,
+// 		ColumnNameServiceStatesUpdatedAt,
+// 	}, item)
+// })
+
+// type UpdateRequest struct {
+// 	models.ServiceState
+// 	FieldMask dbutils.FieldMask[ColumnName]
+// }
+
+// func (s *CustomQueries) Update(ctx context.Context, id string, params UpdateRequest) (*models.ServiceState, error) {
+// 	if id == "" {
+// 		return nil, storecmn.ErrEmptyID
+// 	}
+
+// 	for _, path := range params.FieldMask.Items() {
+// 		if !slices.Contains(availableUpdateColumns, path) {
+// 			return nil, fmt.Errorf("unavailable field %s for this method", path)
+// 		}
+// 	}
+
+// 	ub := sqlbuilder.NewUpdateBuilder()
+// 	ub.Update(TableNameServiceStates.String()).
+// 		Where(ub.Equal("id", id)).
+// 		Set("updated_at = CURRENT_TIMESTAMP")
+
+// 	values, err := utils.StructToMap(params.ServiceState, "json")
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	for _, path := range params.FieldMask {
+// 		idx := slices.IndexFunc(ServiceStatesColumnNames(), func(i ColumnName) bool {
+// 			return path == i
+// 		})
+
+// 		if idx == -1 {
+// 			return nil, fmt.Errorf("unavailable path: %s", path)
+// 		}
+
+// 		value, ok := values[path.String()]
+// 		if !ok {
+// 			return nil, fmt.Errorf("value not found for path: %s", path)
+// 		}
+
+// 		ub.SetMore(ub.Assign(path.String(), value))
+// 	}
+
+// 	// execute query
+// 	sql, args := ub.Build()
+// 	if _, err := s.db.ExecContext(ctx, sql, args...); err != nil {
+// 		return nil, err
+// 	}
+
+// 	return s.GetByID(ctx, id)
+// }
diff --git a/internal/store/repos/repo_services/constants_gen.go b/internal/store/repos/repo_services/constants_gen.go
new file mode 100755
index 0000000..64db586
--- /dev/null
+++ b/internal/store/repos/repo_services/constants_gen.go
@@ -0,0 +1,71 @@
+// Code generated by pgxgen. DO NOT EDIT.
+// versions:
+//
+//	pgxgen v0.3.12
+package repo_services
+
+import (
+	"strings"
+
+	"github.com/gobeam/stringy"
+)
+
+type TableName string
+
+func (s TableName) String() string { return string(s) }
+
+const (
+	TableNameServices TableName = "services"
+)
+
+type ColumnName string
+
+func (s ColumnName) String() string { return string(s) }
+
+func (s ColumnName) StructName() string {
+	v := stringy.New(string(s)).CamelCase().Get()
+	v = stringy.New(v).UcFirst()
+	return strings.ReplaceAll(v, "Id", "ID")
+}
+
+type ColumnNames []ColumnName
+
+func (s ColumnNames) Strings() []string {
+	res := make([]string, len(s))
+	for idx, colName := range s {
+		res[idx] = colName.String()
+	}
+	return res
+}
+
+const (
+	ColumnNameServicesId                     ColumnName = "id"
+	ColumnNameServicesName                   ColumnName = "name"
+	ColumnNameServicesProtocol               ColumnName = "protocol"
+	ColumnNameServicesInterval               ColumnName = "interval"
+	ColumnNameServicesTimeout                ColumnName = "timeout"
+	ColumnNameServicesRetries                ColumnName = "retries"
+	ColumnNameServicesTags                   ColumnName = "tags"
+	ColumnNameServicesConfig                 ColumnName = "config"
+	ColumnNameServicesIsEnabled              ColumnName = "is_enabled"
+	ColumnNameServicesIsNotificationsEnabled ColumnName = "is_notifications_enabled"
+	ColumnNameServicesCreatedAt              ColumnName = "created_at"
+	ColumnNameServicesUpdatedAt              ColumnName = "updated_at"
+)
+
+func ServicesColumnNames() ColumnNames {
+	return ColumnNames{
+		ColumnNameServicesId,
+		ColumnNameServicesName,
+		ColumnNameServicesProtocol,
+		ColumnNameServicesInterval,
+		ColumnNameServicesTimeout,
+		ColumnNameServicesRetries,
+		ColumnNameServicesTags,
+		ColumnNameServicesConfig,
+		ColumnNameServicesIsEnabled,
+		ColumnNameServicesIsNotificationsEnabled,
+		ColumnNameServicesCreatedAt,
+		ColumnNameServicesUpdatedAt,
+	}
+}
diff --git a/internal/store/repos/repo_services/custom.go b/internal/store/repos/repo_services/custom.go
new file mode 100644
index 0000000..5fcf758
--- /dev/null
+++ b/internal/store/repos/repo_services/custom.go
@@ -0,0 +1,38 @@
+package repo_services
+
+import (
+	"context"
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type ICustomQuerier interface {
+	GetViewByID(ctx context.Context, id string) (*models.ServiceFullView, error)
+	Update(ctx context.Context, id string, service UpdateServiceRequest) (*models.ServiceFullView, error)
+	FindView(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.ServiceFullView], error)
+	GetAllTags(ctx context.Context) ([]string, error)
+	GetAllTagsWithCount(ctx context.Context) (map[string]int, error)
+}
+
+type CustomQueries struct {
+	*Queries
+	db DBTX
+}
+
+func NewCustom(db DBTX) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(db),
+		db:      db,
+	}
+}
+
+func (s *CustomQueries) WithTx(tx *sql.Tx) *CustomQueries {
+	return &CustomQueries{
+		Queries: New(tx),
+		db:      tx,
+	}
+}
+
+var _ ICustomQuerier = (*CustomQueries)(nil)
diff --git a/internal/store/repos/repo_services/db.go b/internal/store/repos/repo_services/db.go
new file mode 100644
index 0000000..8ece73c
--- /dev/null
+++ b/internal/store/repos/repo_services/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_services
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_services/find.go b/internal/store/repos/repo_services/find.go
new file mode 100644
index 0000000..1ab4c35
--- /dev/null
+++ b/internal/store/repos/repo_services/find.go
@@ -0,0 +1,153 @@
+package repo_services
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/georgysavva/scany/v2/sqlscan"
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+func findServicesBuilder(params FindParams, col ...string) *sqlbuilder.SelectBuilder {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select(col...)
+	sb.From("services s")
+
+	if params.Name != "" {
+		sb.Where(sb.Like("s.name", "%"+params.Name+"%"))
+	}
+
+	if params.Protocol != "" {
+		sb.Where(sb.Equal("s.protocol", params.Protocol))
+	}
+
+	if params.IsEnabled != nil {
+		sb.Where(sb.Equal("s.is_enabled", *params.IsEnabled))
+	}
+
+	if params.Status != "" {
+		switch params.Status {
+		case "up":
+			sb.Where(sb.Equal("ss.status", models.ServiceStatusUp))
+		case "down":
+			sb.Where(sb.Equal("ss.status", models.ServiceStatusDown))
+		}
+	}
+
+	if len(params.Tags) > 0 {
+		var tagConditions []string
+		for _, tag := range params.Tags {
+			tagConditions = append(tagConditions,
+				fmt.Sprintf("EXISTS (SELECT 1 FROM json_each(s.tags) WHERE json_each.value = %s)",
+					sb.Args.Add(tag)))
+		}
+
+		if len(tagConditions) > 0 {
+			sb.Where(fmt.Sprintf("(%s)", strings.Join(tagConditions, " AND ")))
+		}
+	}
+
+	return sb
+}
+
+type FindParams struct {
+	Name      string
+	IsEnabled *bool
+	Protocol  string
+	Tags      []string
+	Status    string // e.g. "up", "down"
+	OrderBy   string
+	Page      *uint32
+	PageSize  *uint32
+}
+
+// FindView returns list of services with their states and incidents by given filters with pagination
+func (s *CustomQueries) FindView(ctx context.Context, params FindParams) (*storecmn.FindResponseWithCount[*models.ServiceFullView], error) {
+	sb := findServicesBuilder(
+		params,
+		"s.id",
+		"s.name",
+		"s.protocol",
+		"s.interval",
+		"s.timeout",
+		"s.retries",
+		"s.tags",
+		"s.config",
+		"s.is_enabled",
+		"s.created_at",
+		"s.updated_at",
+		"count(incidents.id) as total_incidents",
+		"sum(case when incidents.id IS NOT NULL AND incidents.resolved_at IS NULL then 1 else 0 end) as active_incidents",
+		"ss.status",
+		"ss.last_check",
+		"ss.last_error",
+		"ss.consecutive_fails",
+		"ss.consecutive_success",
+		"ss.total_checks",
+		"ss.avg_response_time",
+	)
+	sb.JoinWithOption(sqlbuilder.LeftJoin, "incidents", "s.id = incidents.service_id")
+	sb.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
+	sb.GroupBy("s.id")
+
+	if params.OrderBy != "" {
+		// Add table prefix for common column names to avoid ambiguity
+		orderBy := params.OrderBy
+		switch orderBy {
+		case "created_at":
+			orderBy = "s.created_at"
+		case "updated_at":
+			orderBy = "s.updated_at"
+		case "name":
+			orderBy = "s.name"
+		case "protocol":
+			orderBy = "s.protocol"
+		case "status":
+			orderBy = "ss.status"
+		case "last_check":
+			orderBy = "ss.last_check"
+		}
+		sb.OrderBy(orderBy)
+	} else {
+		sb.OrderBy("s.name")
+	}
+
+	limit, offset, err := storecmn.Pagination(params.Page, params.PageSize)
+	if err != nil {
+		return nil, err
+	}
+	sb.Limit(int(limit)).Offset(int(offset))
+
+	itemsRows := []itemViewRow{}
+	sql, args := sb.Build()
+	if err := sqlscan.Select(ctx, s.db, &itemsRows, sql, args...); err != nil {
+		return nil, err
+	}
+
+	// Get total count of services
+	countQuery := findServicesBuilder(params, "count(*)")
+	countQuery.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
+
+	var totalCount uint32
+	countSQL, countArgs := countQuery.Build()
+	if err := sqlscan.Get(ctx, s.db, &totalCount, countSQL, countArgs...); err != nil {
+		return nil, err
+	}
+
+	items := make([]*models.ServiceFullView, 0, len(itemsRows))
+	for i := range itemsRows {
+		item, err := rowToModel(&itemsRows[i])
+		if err != nil {
+			return nil, fmt.Errorf("failed to convert row to service: %w", err)
+		}
+		items = append(items, item)
+	}
+
+	return &storecmn.FindResponseWithCount[*models.ServiceFullView]{
+		Count: totalCount,
+		Items: items,
+	}, nil
+}
diff --git a/internal/store/repos/repo_services/get.go b/internal/store/repos/repo_services/get.go
new file mode 100644
index 0000000..8df711d
--- /dev/null
+++ b/internal/store/repos/repo_services/get.go
@@ -0,0 +1,61 @@
+package repo_services
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"github.com/georgysavva/scany/v2/sqlscan"
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+// GetViewByID finds service by ID
+func (s *CustomQueries) GetViewByID(ctx context.Context, id string) (*models.ServiceFullView, error) {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select(
+		"s.id",
+		"s.name",
+		"s.protocol",
+		"s.interval",
+		"s.timeout",
+		"s.retries",
+		"s.tags",
+		"s.config",
+		"s.is_enabled",
+		"s.created_at",
+		"s.updated_at",
+		"count(incidents.id) as total_incidents",
+		"sum(case when incidents.id IS NOT NULL AND incidents.resolved_at IS NULL then 1 else 0 end) as active_incidents",
+		"ss.status",
+		"ss.last_check",
+		"ss.last_error",
+		"ss.consecutive_fails",
+		"ss.consecutive_success",
+		"ss.total_checks",
+		"ss.avg_response_time",
+	)
+	sb.From("services s")
+	sb.JoinWithOption(sqlbuilder.LeftJoin, "incidents", "s.id = incidents.service_id")
+	sb.JoinWithOption(sqlbuilder.LeftJoin, "service_states ss", "s.id = ss.service_id")
+	sb.Where(sb.Equal("s.id", id))
+	sb.GroupBy("s.id")
+
+	var itemRow itemViewRow
+	query, args := sb.Build()
+	if err := sqlscan.Get(ctx, s.db, &itemRow, query, args...); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, storecmn.ErrNotFound
+		}
+		return nil, fmt.Errorf("failed to scan service: %w", err)
+	}
+
+	item, err := rowToModel(&itemRow)
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert row to service: %w", err)
+	}
+
+	return item, nil
+}
diff --git a/internal/store/repos/repo_services/tags.go b/internal/store/repos/repo_services/tags.go
new file mode 100644
index 0000000..4347eaa
--- /dev/null
+++ b/internal/store/repos/repo_services/tags.go
@@ -0,0 +1,68 @@
+package repo_services
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/huandu/go-sqlbuilder"
+)
+
+func (o *CustomQueries) GetAllTags(ctx context.Context) ([]string, error) {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select("DISTINCT json_each.value")
+	sb.From("services, json_each(tags)")
+	sb.OrderBy("json_each.value")
+
+	sql, args := sb.Build()
+	rows, err := o.db.QueryContext(ctx, sql, args...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query tags: %w", err)
+	}
+	defer rows.Close()
+
+	var tags []string
+	for rows.Next() {
+		var tag string
+		if err := rows.Scan(&tag); err != nil {
+			return nil, fmt.Errorf("failed to scan tag: %w", err)
+		}
+		tags = append(tags, tag)
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating rows: %w", err)
+	}
+
+	return tags, nil
+}
+
+func (o *CustomQueries) GetAllTagsWithCount(ctx context.Context) (map[string]int, error) {
+	sb := sqlbuilder.NewSelectBuilder()
+	sb.Select("json_each.value, COUNT(*)")
+	sb.From("services, json_each(tags)")
+	sb.GroupBy("json_each.value")
+	sb.OrderBy("json_each.value")
+
+	sql, args := sb.Build()
+	rows, err := o.db.QueryContext(ctx, sql, args...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query tags with count: %w", err)
+	}
+	defer rows.Close()
+
+	tagCounts := make(map[string]int)
+	for rows.Next() {
+		var tag string
+		var count int
+		if err := rows.Scan(&tag, &count); err != nil {
+			return nil, fmt.Errorf("failed to scan tag with count: %w", err)
+		}
+		tagCounts[tag] = count
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, fmt.Errorf("error iterating rows: %w", err)
+	}
+
+	return tagCounts, nil
+}
diff --git a/internal/store/repos/repo_services/types.go b/internal/store/repos/repo_services/types.go
new file mode 100644
index 0000000..4b241df
--- /dev/null
+++ b/internal/store/repos/repo_services/types.go
@@ -0,0 +1,81 @@
+package repo_services
+
+import (
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type itemViewRow struct {
+	ID                     string               `db:"id"`
+	Name                   string               `db:"name"`
+	Protocol               string               `db:"protocol"`
+	Interval               int64                `db:"interval"`
+	Timeout                int64                `db:"timeout"`
+	Retries                int64                `db:"retries"`
+	Tags                   string               `db:"tags"`
+	Config                 string               `db:"config"`
+	IsEnabled              bool                 `db:"is_enabled"`
+	IsNotificationsEnabled bool                 `db:"is_notifications_enabled"`
+	CreatedAt              time.Time            `db:"created_at"`
+	UpdatedAt              time.Time            `db:"updated_at"`
+	ActiveIncidents        int                  `db:"active_incidents"`
+	TotalIncidents         int                  `db:"total_incidents"`
+	Status                 models.ServiceStatus `db:"status"`
+	LastCheck              *time.Time           `db:"last_check"`
+	LastError              *string              `db:"last_error"`
+	AvgResponseTime        *int64               `db:"avg_response_time"`
+	ConsecutiveFails       int                  `db:"consecutive_fails"`
+	ConsecutiveSuccess     int                  `db:"consecutive_success"`
+	TotalChecks            int                  `db:"total_checks"`
+}
+
+// rowToModel converts a ServiceRow to Service
+func rowToModel(row *itemViewRow) (*models.ServiceFullView, error) {
+	var tags []string
+	if err := json.Unmarshal([]byte(row.Tags), &tags); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal tags: %w", err)
+	}
+
+	var config map[string]any
+	if err := json.Unmarshal([]byte(row.Config), &config); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal config: %w", err)
+	}
+
+	svc := &models.ServiceFullView{
+		ID:                     row.ID,
+		Name:                   row.Name,
+		Protocol:               models.ServiceProtocolType(row.Protocol),
+		Interval:               row.Interval,
+		Timeout:                row.Timeout,
+		Retries:                row.Retries,
+		Tags:                   tags,
+		Config:                 config,
+		IsNotificationsEnabled: row.IsNotificationsEnabled,
+		IsEnabled:              row.IsEnabled,
+		CreatedAt:              row.CreatedAt,
+		UpdatedAt:              row.UpdatedAt,
+		TotalIncidents:         row.TotalIncidents,
+		ActiveIncidents:        row.ActiveIncidents,
+		Status:                 row.Status,
+		LastCheck:              row.LastCheck,
+		LastError:              row.LastError,
+		ConsecutiveFails:       row.ConsecutiveFails,
+		ConsecutiveSuccess:     row.ConsecutiveSuccess,
+		TotalChecks:            row.TotalChecks,
+		AvgResponseTime:        row.AvgResponseTime,
+	}
+
+	return svc, nil
+}
+
+// durationToNS converts a duration pointer to nanoseconds
+// func durationToNS(d *time.Duration) *int64 {
+// 	if d == nil {
+// 		return nil
+// 	}
+// 	ns := d.Nanoseconds()
+// 	return &ns
+// }
diff --git a/internal/store/repos/repo_services/update.go b/internal/store/repos/repo_services/update.go
new file mode 100644
index 0000000..6250722
--- /dev/null
+++ b/internal/store/repos/repo_services/update.go
@@ -0,0 +1,63 @@
+package repo_services
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/huandu/go-sqlbuilder"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/internal/store/storecmn"
+)
+
+type UpdateServiceRequest struct {
+	Name                   string                     `json:"name"`
+	Protocol               models.ServiceProtocolType `json:"protocol"`
+	Interval               int64                      `json:"interval"`
+	Timeout                int64                      `json:"timeout"`
+	Retries                int64                      `json:"retries"`
+	Tags                   storecmn.JSONField         `json:"tags"`
+	Config                 storecmn.JSONField         `json:"config"`
+	IsEnabled              bool                       `json:"is_enabled"`
+	IsNotificationsEnabled bool                       `json:"is_notifications_enabled"`
+}
+
+func (s *CustomQueries) Update(ctx context.Context, id string, service UpdateServiceRequest) (*models.ServiceFullView, error) {
+	ub := sqlbuilder.NewUpdateBuilder()
+	ub.Update(TableNameServices.String())
+
+	tagsJSON, err := json.Marshal(service.Tags)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal tags: %w", err)
+	}
+
+	configJSON, err := json.Marshal(service.Config)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal config: %w", err)
+	}
+
+	// Prepare all fields for update
+	assignments := []string{
+		ub.Assign(ColumnNameServicesName.String(), service.Name),
+		ub.Assign(ColumnNameServicesProtocol.String(), service.Protocol),
+		ub.Assign(ColumnNameServicesInterval.String(), service.Interval),
+		ub.Assign(ColumnNameServicesTimeout.String(), service.Timeout),
+		ub.Assign(ColumnNameServicesRetries.String(), service.Retries),
+		ub.Assign(ColumnNameServicesTags.String(), string(tagsJSON)),
+		ub.Assign(ColumnNameServicesConfig.String(), string(configJSON)),
+		ub.Assign(ColumnNameServicesIsEnabled.String(), service.IsEnabled),
+		ub.Assign(ColumnNameServicesIsNotificationsEnabled.String(), service.IsNotificationsEnabled),
+		"updated_at = CURRENT_TIMESTAMP",
+	}
+
+	// Set all assignments at once
+	ub.Set(assignments...)
+	ub.Where(ub.Equal("id", id))
+
+	sql, args := ub.Build()
+	if _, err := s.db.ExecContext(ctx, sql, args...); err != nil {
+		return nil, fmt.Errorf("failed to update service: %w", err)
+	}
+
+	return s.GetViewByID(ctx, id)
+}
diff --git a/internal/store/repos/repo_users/db.go b/internal/store/repos/repo_users/db.go
new file mode 100644
index 0000000..11684d1
--- /dev/null
+++ b/internal/store/repos/repo_users/db.go
@@ -0,0 +1,31 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_users
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DBTX interface {
+	ExecContext(context.Context, string, ...interface{}) (sql.Result, error)
+	PrepareContext(context.Context, string) (*sql.Stmt, error)
+	QueryContext(context.Context, string, ...interface{}) (*sql.Rows, error)
+	QueryRowContext(context.Context, string, ...interface{}) *sql.Row
+}
+
+func New(db DBTX) *Queries {
+	return &Queries{db: db}
+}
+
+type Queries struct {
+	db DBTX
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{
+		db: tx,
+	}
+}
diff --git a/internal/store/repos/repo_users/querier.go b/internal/store/repos/repo_users/querier.go
new file mode 100644
index 0000000..67bad25
--- /dev/null
+++ b/internal/store/repos/repo_users/querier.go
@@ -0,0 +1,22 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+
+package repo_users
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+type Querier interface {
+	CheckRootUserExists(ctx context.Context) (int64, error)
+	Create(ctx context.Context, arg CreateParams) (*models.User, error)
+	Delete(ctx context.Context, id string) error
+	GetByEmail(ctx context.Context, email string) (*models.User, error)
+	GetByID(ctx context.Context, id string) (*models.User, error)
+	Update(ctx context.Context, arg UpdateParams) (*models.User, error)
+}
+
+var _ Querier = (*Queries)(nil)
diff --git a/internal/store/repos/repo_users/users.sql.go b/internal/store/repos/repo_users/users.sql.go
new file mode 100644
index 0000000..2ab3adc
--- /dev/null
+++ b/internal/store/repos/repo_users/users.sql.go
@@ -0,0 +1,43 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: users.sql
+
+package repo_users
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const checkRootUserExists = `-- name: CheckRootUserExists :one
+SELECT EXISTS (SELECT 1 FROM users WHERE role='root' LIMIT 1)
+`
+
+func (q *Queries) CheckRootUserExists(ctx context.Context) (int64, error) {
+	row := q.db.QueryRowContext(ctx, checkRootUserExists)
+	var column_1 int64
+	err := row.Scan(&column_1)
+	return column_1, err
+}
+
+const getByEmail = `-- name: GetByEmail :one
+SELECT id, email, password, full_name, role, avatar, created_at, updated_at FROM users WHERE email=? LIMIT 1
+`
+
+func (q *Queries) GetByEmail(ctx context.Context, email string) (*models.User, error) {
+	row := q.db.QueryRowContext(ctx, getByEmail, email)
+	var i models.User
+	err := row.Scan(
+		&i.ID,
+		&i.Email,
+		&i.Password,
+		&i.FullName,
+		&i.Role,
+		&i.Avatar,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repo_users/users_gen.sql.go b/internal/store/repos/repo_users/users_gen.sql.go
new file mode 100644
index 0000000..cfecec7
--- /dev/null
+++ b/internal/store/repos/repo_users/users_gen.sql.go
@@ -0,0 +1,114 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.30.0
+// source: users_gen.sql
+
+package repo_users
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+const create = `-- name: Create :one
+INSERT INTO users (id, email, password, full_name, role, avatar)
+	VALUES (?, ?, ?, ?, ?, ?)
+	RETURNING id, email, password, full_name, role, avatar, created_at, updated_at
+`
+
+type CreateParams struct {
+	ID       string          `db:"id" json:"id" validate:"required"`
+	Email    string          `db:"email" json:"email" validate:"required,email"`
+	Password string          `db:"password" json:"password" validate:"required"`
+	FullName string          `db:"full_name" json:"full_name"`
+	Role     models.UserRole `db:"role" json:"role" validate:"required,oneof=root admin user"`
+	Avatar   string          `db:"avatar" json:"avatar"`
+}
+
+func (q *Queries) Create(ctx context.Context, arg CreateParams) (*models.User, error) {
+	row := q.db.QueryRowContext(ctx, create,
+		arg.ID,
+		arg.Email,
+		arg.Password,
+		arg.FullName,
+		arg.Role,
+		arg.Avatar,
+	)
+	var i models.User
+	err := row.Scan(
+		&i.ID,
+		&i.Email,
+		&i.Password,
+		&i.FullName,
+		&i.Role,
+		&i.Avatar,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const delete = `-- name: Delete :exec
+DELETE FROM users WHERE id=?
+`
+
+func (q *Queries) Delete(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, delete, id)
+	return err
+}
+
+const getByID = `-- name: GetByID :one
+SELECT id, email, password, full_name, role, avatar, created_at, updated_at FROM users WHERE id=? LIMIT 1
+`
+
+func (q *Queries) GetByID(ctx context.Context, id string) (*models.User, error) {
+	row := q.db.QueryRowContext(ctx, getByID, id)
+	var i models.User
+	err := row.Scan(
+		&i.ID,
+		&i.Email,
+		&i.Password,
+		&i.FullName,
+		&i.Role,
+		&i.Avatar,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
+
+const update = `-- name: Update :one
+UPDATE users
+	SET email=?, full_name=?, avatar=?, updated_at=CURRENT_TIMESTAMP
+	WHERE id=?
+	RETURNING id, email, password, full_name, role, avatar, created_at, updated_at
+`
+
+type UpdateParams struct {
+	Email    string `db:"email" json:"email" validate:"required,email"`
+	FullName string `db:"full_name" json:"full_name"`
+	Avatar   string `db:"avatar" json:"avatar"`
+	ID       string `db:"id" json:"id" validate:"required"`
+}
+
+func (q *Queries) Update(ctx context.Context, arg UpdateParams) (*models.User, error) {
+	row := q.db.QueryRowContext(ctx, update,
+		arg.Email,
+		arg.FullName,
+		arg.Avatar,
+		arg.ID,
+	)
+	var i models.User
+	err := row.Scan(
+		&i.ID,
+		&i.Email,
+		&i.Password,
+		&i.FullName,
+		&i.Role,
+		&i.Avatar,
+		&i.CreatedAt,
+		&i.UpdatedAt,
+	)
+	return &i, err
+}
diff --git a/internal/store/repos/repos.go b/internal/store/repos/repos.go
new file mode 100644
index 0000000..b4491cf
--- /dev/null
+++ b/internal/store/repos/repos.go
@@ -0,0 +1,260 @@
+package repos
+
+import (
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_agents"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_alert_policies"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_alerts"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_incident_events"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_incidents"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_maintenance_windows"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_monitor_agents"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_monitor_checks"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_monitor_revisions"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_monitor_states"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_monitors"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_notification_history"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_notification_providers"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_projects"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_resource_agents"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_resources"
+	"github.com/sxwebdev/sentinel/internal/store/repos/repo_users"
+)
+
+type Repos struct {
+	users *repo_users.Queries
+
+	projects *repo_projects.Queries
+
+	agents *repo_agents.CustomQueries
+
+	resources       *repo_resources.Queries
+	resourcesAgents *repo_resource_agents.Queries
+
+	monitors         *repo_monitors.Queries
+	monitorRevisions *repo_monitor_revisions.Queries
+	monitorStates    *repo_monitor_states.Queries
+	monitorChecks    *repo_monitor_checks.Queries
+	monitorAgents    *repo_monitor_agents.Queries
+
+	incidents      *repo_incidents.CustomQueries
+	incidentEvents *repo_incident_events.Queries
+
+	notificationProviders *repo_notification_providers.Queries
+	notificationHistory   *repo_notification_history.CustomQueries
+
+	alertPolicies *repo_alert_policies.Queries
+	alerts        *repo_alerts.Queries
+
+	maintenanceWindows *repo_maintenance_windows.Queries
+}
+
+func New(sqlite *sql.DB) *Repos {
+	return &Repos{
+		users:                 repo_users.New(sqlite),
+		projects:              repo_projects.New(sqlite),
+		agents:                repo_agents.NewCustom(sqlite),
+		resources:             repo_resources.New(sqlite),
+		resourcesAgents:       repo_resource_agents.New(sqlite),
+		monitors:              repo_monitors.New(sqlite),
+		monitorRevisions:      repo_monitor_revisions.New(sqlite),
+		monitorStates:         repo_monitor_states.New(sqlite),
+		monitorChecks:         repo_monitor_checks.New(sqlite),
+		monitorAgents:         repo_monitor_agents.New(sqlite),
+		incidents:             repo_incidents.NewCustom(sqlite),
+		incidentEvents:        repo_incident_events.New(sqlite),
+		notificationProviders: repo_notification_providers.New(sqlite),
+		notificationHistory:   repo_notification_history.NewCustom(sqlite),
+		alertPolicies:         repo_alert_policies.New(sqlite),
+		alerts:                repo_alerts.New(sqlite),
+		maintenanceWindows:    repo_maintenance_windows.New(sqlite),
+	}
+}
+
+// Users returns repo for users
+func (s *Repos) Users(opts ...Option) repo_users.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.users.WithTx(options.Tx)
+	}
+
+	return s.users
+}
+
+// Projects returns repo for projects
+func (s *Repos) Projects(opts ...Option) repo_projects.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.projects.WithTx(options.Tx)
+	}
+
+	return s.projects
+}
+
+// Agents returns repo for agents
+func (s *Repos) Agents(opts ...Option) repo_agents.ICustomQuerier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.agents.WithTx(options.Tx)
+	}
+
+	return s.agents
+}
+
+// Resources returns repo for resources
+func (s *Repos) Resources(opts ...Option) repo_resources.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.resources.WithTx(options.Tx)
+	}
+
+	return s.resources
+}
+
+// ResourcesAgents returns repo for resources agents
+func (s *Repos) ResourcesAgents(opts ...Option) repo_resource_agents.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.resourcesAgents.WithTx(options.Tx)
+	}
+
+	return s.resourcesAgents
+}
+
+// Monitors returns repo for monitors
+func (s *Repos) Monitors(opts ...Option) repo_monitors.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.monitors.WithTx(options.Tx)
+	}
+
+	return s.monitors
+}
+
+// MonitorRevisions returns repo for monitor revisions
+func (s *Repos) MonitorRevisions(opts ...Option) repo_monitor_revisions.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.monitorRevisions.WithTx(options.Tx)
+	}
+
+	return s.monitorRevisions
+}
+
+// MonitorStates returns repo for monitor states
+func (s *Repos) MonitorStates(opts ...Option) repo_monitor_states.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.monitorStates.WithTx(options.Tx)
+	}
+
+	return s.monitorStates
+}
+
+// MonitorChecks returns repo for monitor checks
+func (s *Repos) MonitorChecks(opts ...Option) repo_monitor_checks.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.monitorChecks.WithTx(options.Tx)
+	}
+
+	return s.monitorChecks
+}
+
+// MonitorAgents returns repo for monitor agents
+func (s *Repos) MonitorAgents(opts ...Option) repo_monitor_agents.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.monitorAgents.WithTx(options.Tx)
+	}
+
+	return s.monitorAgents
+}
+
+// Incidents returns repo for incidents
+func (s *Repos) Incidents(opts ...Option) repo_incidents.ICustomQuerier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.incidents.WithTx(options.Tx)
+	}
+
+	return s.incidents
+}
+
+// IncidentEvents returns repo for incident events
+func (s *Repos) IncidentEvents(opts ...Option) repo_incident_events.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.incidentEvents.WithTx(options.Tx)
+	}
+
+	return s.incidentEvents
+}
+
+// NotificationProviders returns repo for notification providers
+func (s *Repos) NotificationProviders(opts ...Option) repo_notification_providers.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.notificationProviders.WithTx(options.Tx)
+	}
+
+	return s.notificationProviders
+}
+
+// NotificationHistory returns repo for notification history
+func (s *Repos) NotificationHistory(opts ...Option) repo_notification_history.ICustomQuerier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.notificationHistory.WithTx(options.Tx)
+	}
+
+	return s.notificationHistory
+}
+
+// AlertPolicies returns repo for alert policies
+func (s *Repos) AlertPolicies(opts ...Option) repo_alert_policies.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.alertPolicies.WithTx(options.Tx)
+	}
+
+	return s.alertPolicies
+}
+
+// Alerts returns repo for alerts
+func (s *Repos) Alerts(opts ...Option) repo_alerts.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.alerts.WithTx(options.Tx)
+	}
+
+	return s.alerts
+}
+
+// MaintenanceWindows returns repo for maintenance windows
+func (s *Repos) MaintenanceWindows(opts ...Option) repo_maintenance_windows.Querier {
+	options := parseOptions(opts...)
+
+	if options.Tx != nil {
+		return s.maintenanceWindows.WithTx(options.Tx)
+	}
+
+	return s.maintenanceWindows
+}
diff --git a/internal/store/store.go b/internal/store/store.go
new file mode 100644
index 0000000..a179589
--- /dev/null
+++ b/internal/store/store.go
@@ -0,0 +1,28 @@
+package store
+
+import (
+	"database/sql"
+
+	"github.com/sxwebdev/sentinel/internal/store/repos"
+	"github.com/sxwebdev/tokenmanager"
+)
+
+type Store struct {
+	*repos.Repos
+
+	cache tokenmanager.ITokenStore
+
+	sqlite *sql.DB
+}
+
+func New(sqlite *sql.DB, kvStore tokenmanager.ITokenStore) (*Store, error) {
+	return &Store{
+		Repos:  repos.New(sqlite),
+		cache:  kvStore,
+		sqlite: sqlite,
+	}, nil
+}
+
+func (s *Store) SQLite() *sql.DB { return s.sqlite }
+
+func (s *Store) Cache() tokenmanager.ITokenStore { return s.cache }
diff --git a/internal/store/storecmn/duration.go b/internal/store/storecmn/duration.go
new file mode 100644
index 0000000..eb79bce
--- /dev/null
+++ b/internal/store/storecmn/duration.go
@@ -0,0 +1,58 @@
+package storecmn
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"fmt"
+	"time"
+)
+
+type Duration time.Duration
+
+// UnmarshalJSON implements the json.Unmarshaler interface.
+func (d *Duration) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return err
+	}
+	duration, err := time.ParseDuration(s)
+	if err != nil {
+		return err
+	}
+	*d = Duration(duration)
+	return nil
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (d Duration) MarshalJSON() ([]byte, error) {
+	s := time.Duration(d).String()
+	return json.Marshal(s)
+}
+
+// Value implements the driver.Valuer interface.
+func (d Duration) Value() (driver.Value, error) {
+	return time.Duration(d).String(), nil
+}
+
+// Scan implements the sql.Scanner interface.
+func (d *Duration) Scan(value any) error {
+	if v, ok := value.(string); ok {
+		duration, err := time.ParseDuration(v)
+		if err != nil {
+			return err
+		}
+		*d = Duration(duration)
+		return nil
+	}
+	return fmt.Errorf("unsupported scan type: %T", value)
+}
+
+// String returns the string representation of the duration
+func (d Duration) String() string {
+	return time.Duration(d).String()
+}
+
+// ToDuration converts Duration to time.Duration
+func (d Duration) ToDuration() time.Duration {
+	return time.Duration(d)
+}
diff --git a/internal/store/storecmn/errors.go b/internal/store/storecmn/errors.go
new file mode 100644
index 0000000..7c558be
--- /dev/null
+++ b/internal/store/storecmn/errors.go
@@ -0,0 +1,12 @@
+package storecmn
+
+import "errors"
+
+var (
+	ErrEmptyID         = errors.New("empty id")
+	ErrNotFound        = errors.New("not found")
+	ErrAlreadyExists   = errors.New("already exists")
+	ErrUserNotFound    = errors.New("user not found")
+	ErrProjectNotFound = errors.New("project not found")
+	ErrEmptyProjectID  = errors.New("empty project id")
+)
diff --git a/internal/store/storecmn/json.go b/internal/store/storecmn/json.go
new file mode 100644
index 0000000..13f7671
--- /dev/null
+++ b/internal/store/storecmn/json.go
@@ -0,0 +1,124 @@
+package storecmn
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"fmt"
+)
+
+type JSONField json.RawMessage
+
+// Mashals JSONField to a JSON string
+func (j JSONField) MarshalJSON() ([]byte, error) {
+	if len(j) == 0 {
+		return []byte("null"), nil
+	}
+	return j, nil
+}
+
+// Unmarshals a JSON string to JSONField
+func (j *JSONField) UnmarshalJSON(data []byte) error {
+	if j == nil {
+		return fmt.Errorf("JSONField: UnmarshalJSON on nil pointer")
+	}
+	*j = append((*j)[0:0], data...)
+	return nil
+}
+
+// Unmarshal any to JSONField
+func (j *JSONField) UnmarshalFromAny(value any) error {
+	if value == nil {
+		*j = nil
+		return nil
+	}
+
+	switch v := value.(type) {
+	case string:
+		*j = JSONField(v)
+		return nil
+	case []byte:
+		*j = JSONField(v)
+		return nil
+	default:
+		bytes, err := json.Marshal(v)
+		if err != nil {
+			return fmt.Errorf("failed to marshal value: %w", err)
+		}
+		*j = JSONField(bytes)
+	}
+	return nil
+}
+
+// Scan implements the sql.Scanner interface for JSONField
+func (j *JSONField) Scan(value any) error {
+	if value == nil {
+		*j = nil
+		return nil
+	}
+
+	var data []byte
+	switch v := value.(type) {
+	case string:
+		data = []byte(v)
+	case []byte:
+		data = v
+	default:
+		return fmt.Errorf("cannot scan %T into JSONField", value)
+	}
+
+	// Skip empty strings or whitespace-only values
+	trimmed := []byte{}
+	for _, b := range data {
+		if b > 32 { // Skip control characters and spaces
+			trimmed = append(trimmed, b)
+		}
+	}
+
+	if len(trimmed) == 0 {
+		*j = nil
+		return nil
+	}
+
+	// Validate JSON before assigning
+	if !json.Valid(trimmed) {
+		// If invalid, try to recover or log and return error
+		return fmt.Errorf("invalid JSON data in database: %s", string(data))
+	}
+
+	*j = JSONField(trimmed)
+	return nil
+}
+
+// Value implements the driver.Valuer interface for JSONField
+func (j JSONField) Value() (driver.Value, error) {
+	if len(j) == 0 {
+		return nil, nil
+	}
+
+	// Validate that the JSON is valid before storing
+	if !json.Valid(j) {
+		return nil, fmt.Errorf("invalid JSON data")
+	}
+
+	return string(j), nil
+}
+
+// ConvertToMap converts JSONField to map[string]any
+func (j JSONField) ConvertToMap() map[string]any {
+	if len(j) == 0 {
+		return map[string]any{}
+	}
+	var result map[string]any
+	if err := json.Unmarshal(j, &result); err != nil {
+		return map[string]any{}
+	}
+	return result
+}
+
+// ConvertToAny converts JSONField to any
+func (j JSONField) ConvertToAny(dst any) error {
+	if len(j) == 0 {
+		return nil
+	}
+	return json.Unmarshal(j, dst)
+}
diff --git a/pkg/dbutils/pagination.go b/internal/store/storecmn/pagination.go
similarity index 98%
rename from pkg/dbutils/pagination.go
rename to internal/store/storecmn/pagination.go
index d44f82c..af6bcc6 100644
--- a/pkg/dbutils/pagination.go
+++ b/internal/store/storecmn/pagination.go
@@ -1,4 +1,4 @@
-package dbutils
+package storecmn
 
 import "fmt"
 
diff --git a/pkg/dbutils/response.go b/internal/store/storecmn/response.go
similarity index 94%
rename from pkg/dbutils/response.go
rename to internal/store/storecmn/response.go
index d0fc979..1e46524 100644
--- a/pkg/dbutils/response.go
+++ b/internal/store/storecmn/response.go
@@ -1,4 +1,4 @@
-package dbutils
+package storecmn
 
 type FindResponseWithCount[T any] struct {
 	Items []T    `json:"items"`
diff --git a/internal/store/storecmn/tx.go b/internal/store/storecmn/tx.go
new file mode 100644
index 0000000..a7ffba6
--- /dev/null
+++ b/internal/store/storecmn/tx.go
@@ -0,0 +1,21 @@
+package storecmn
+
+import (
+	"context"
+	"database/sql"
+)
+
+// WrapTx wraps a function to be executed within a transaction.
+func WrapTx(ctx context.Context, db *sql.DB, txFunc func(tx *sql.Tx) error) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+
+	if err := txFunc(tx); err != nil {
+		return err
+	}
+
+	return tx.Commit()
+}
diff --git a/internal/upgrader/upgrader.go b/internal/updated/manual.go
similarity index 73%
rename from internal/upgrader/upgrader.go
rename to internal/updated/manual.go
index 54728f0..68acf89 100644
--- a/internal/upgrader/upgrader.go
+++ b/internal/updated/manual.go
@@ -1,32 +1,17 @@
-package upgrader
+package updater
 
 import (
 	"errors"
 	"os/exec"
 	"strings"
-
-	"github.com/sxwebdev/sentinel/internal/config"
-	"github.com/tkcrm/mx/logger"
 )
 
-type Upgrader struct {
-	logger logger.Logger
-	config config.Upgrader
-}
-
-func New(l logger.Logger, cfg config.Upgrader) (*Upgrader, error) {
-	if cfg.IsEnabled && cfg.Command == "" {
-		return nil, errors.New("upgrade command is not configured")
+// Do performs the upgrade operation based on the configured command
+func (u *Updater) Do() error {
+	if u.config.IsEnabled && u.config.Command == "" {
+		return errors.New("upgrade command is not configured")
 	}
 
-	return &Upgrader{
-		logger: l,
-		config: cfg,
-	}, nil
-}
-
-// Do performs the upgrade operation based on the configured command
-func (u *Upgrader) Do() error {
 	if u.config.IsEnabled == false {
 		u.logger.Info("Upgrade is disabled, skipping.")
 		return nil
@@ -56,7 +41,7 @@ func (u *Upgrader) Do() error {
 	return nil // Return an error if the command execution fails
 }
 
-func (u *Upgrader) executeCommand(command string) error {
+func (u *Updater) executeCommand(command string) error {
 	// Parse command and arguments
 	parts := strings.Fields(command)
 	if len(parts) == 0 {
diff --git a/internal/updated/release_checker.go b/internal/updated/release_checker.go
new file mode 100644
index 0000000..e8b75bb
--- /dev/null
+++ b/internal/updated/release_checker.go
@@ -0,0 +1,164 @@
+package updater
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/Masterminds/semver/v3"
+	"github.com/sxwebdev/sentinel/internal/models"
+)
+
+// checkNewVersion checks if a new version is available from github releases
+func (s *Updater) checkNewVersionWrapper(ctx context.Context) {
+	ticker := time.NewTicker(time.Hour * 1)
+	defer ticker.Stop()
+
+	go func() {
+		if err := s.checkNewVersion(); err != nil {
+			s.logger.Errorf("failed to check for new version: %v", err)
+		}
+	}()
+
+	for {
+		select {
+		case <-ticker.C:
+			// Check for new version
+			if err := s.checkNewVersion(); err != nil {
+				s.logger.Errorf("failed to check for new version: %v", err)
+			}
+		case <-ctx.Done():
+			return
+		}
+	}
+}
+
+// checkNewVersion checks if new versions are available from GitHub releases
+func (s *Updater) checkNewVersion() error {
+	s.logger.Info("Checking for new versions...")
+
+	// Get all releases from GitHub
+	httpClient := http.DefaultClient
+	httpClient.Timeout = time.Second * 10
+
+	// Get multiple pages of releases to ensure we don't miss any
+	resp, err := httpClient.Get("https://api.github.com/repos/sxwebdev/sentinel/releases?per_page=100")
+	if err != nil {
+		return fmt.Errorf("failed to fetch releases: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
+	}
+
+	var releases []struct {
+		TagName     string `json:"tag_name"`
+		Body        string `json:"body"`
+		PublishedAt string `json:"published_at"`
+		Draft       bool   `json:"draft"`
+		Prerelease  bool   `json:"prerelease"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&releases); err != nil {
+		return fmt.Errorf("failed to decode releases: %w", err)
+	}
+
+	// Parse current version
+	var currentVersion *semver.Version
+
+	// Handle special cases like "local", "dev", etc.
+	if s.version == "local" || s.version == "dev" || s.version == "" {
+		// For development versions, consider them as version 0.0.0
+		s.logger.Debugf("Development version detected (%s), treating as 0.0.0 for comparison", s.version)
+		currentVersion, err = semver.NewVersion("0.0.0")
+	} else {
+		currentVersion, err = semver.NewVersion(s.version)
+	}
+
+	if err != nil {
+		s.logger.Warnf("Failed to parse current version %s: %v", s.version, err)
+		return nil
+	}
+
+	// Find newer releases (excluding drafts and prereleases)
+	var newerReleases []struct {
+		TagName     string
+		Body        string
+		PublishedAt string
+		Version     *semver.Version
+	}
+
+	for _, release := range releases {
+		// Skip drafts and prereleases
+		if release.Draft || release.Prerelease {
+			continue
+		}
+
+		// Parse release version
+		releaseVersion, err := semver.NewVersion(release.TagName)
+		if err != nil {
+			continue // Skip invalid version tags
+		}
+
+		// Check if release is newer than current version
+		if releaseVersion.GreaterThan(currentVersion) {
+			newerReleases = append(newerReleases, struct {
+				TagName     string
+				Body        string
+				PublishedAt string
+				Version     *semver.Version
+			}{
+				TagName:     release.TagName,
+				Body:        release.Body,
+				PublishedAt: release.PublishedAt,
+				Version:     releaseVersion,
+			})
+		}
+	}
+
+	// If no newer releases found, clear the update info
+	if len(newerReleases) == 0 {
+		s.availableUpdateData.Set(models.AvailableUpdate{
+			CurrentVersion: s.version,
+			IsAvailable:    false,
+		})
+		return nil
+	}
+
+	// Get the latest version info
+	latestRelease := newerReleases[0]
+
+	// Combine descriptions from all newer releases
+	var combinedBody strings.Builder
+	combinedBody.WriteString(fmt.Sprintf("# Found %d newer version(s):\n\n", len(newerReleases)))
+
+	for idx, release := range newerReleases {
+		combinedBody.WriteString(fmt.Sprintf("## Version %s\n", release.TagName))
+		if release.Body != "" {
+			combinedBody.WriteString(release.Body)
+		} else {
+			combinedBody.WriteString("No release notes available.")
+		}
+
+		if idx < len(newerReleases)-1 {
+			combinedBody.WriteString("\n\n---\n\n")
+		}
+	}
+
+	s.logger.Infof("Found %d newer version(s), latest: %s", len(newerReleases), latestRelease.TagName)
+
+	s.availableUpdateData.Set(models.AvailableUpdate{
+		CurrentVersion: s.version,
+		IsAvailable:    true,
+		Details: models.AvailableUpdateDetails{
+			TagName:     latestRelease.TagName,
+			URL:         "https://github.com/sxwebdev/sentinel/releases/tag/" + latestRelease.TagName,
+			Description: combinedBody.String(),
+		},
+	})
+
+	return nil
+}
diff --git a/internal/updated/updater.go b/internal/updated/updater.go
new file mode 100644
index 0000000..2087fea
--- /dev/null
+++ b/internal/updated/updater.go
@@ -0,0 +1,52 @@
+package updater
+
+import (
+	"context"
+
+	"github.com/sxwebdev/sentinel/internal/config"
+	"github.com/sxwebdev/sentinel/internal/models"
+	"github.com/sxwebdev/sentinel/pkg/locker"
+	"github.com/tkcrm/mx/logger"
+)
+
+type Updater struct {
+	logger logger.Logger
+	config config.Updater
+
+	version             string
+	availableUpdateData *locker.Locker[models.AvailableUpdate]
+}
+
+func New(
+	l logger.Logger,
+	cfg config.Updater,
+	version string,
+	availableUpdateData *locker.Locker[models.AvailableUpdate],
+) (*Updater, error) {
+	return &Updater{
+		logger:              l,
+		config:              cfg,
+		version:             version,
+		availableUpdateData: availableUpdateData,
+	}, nil
+}
+
+// Name returns the name of the updater
+func (u *Updater) Name() string { return "updater" }
+
+// Start starts the updater
+func (u *Updater) Start(ctx context.Context) error {
+	if !u.config.IsEnabled {
+		u.logger.Info("updater is disabled")
+		return nil
+	}
+
+	go u.checkNewVersionWrapper(ctx)
+
+	return nil
+}
+
+// Stop stops the updater
+func (u *Updater) Stop(_ context.Context) error {
+	return nil
+}
diff --git a/internal/utils/duration.go b/internal/utils/duration.go
new file mode 100644
index 0000000..9f38019
--- /dev/null
+++ b/internal/utils/duration.go
@@ -0,0 +1,51 @@
+package utils
+
+import (
+	"fmt"
+	"time"
+)
+
+// FormatDuration formats a duration in a human-readable way
+func FormatDuration(d time.Duration) string {
+	if d < time.Second {
+		return fmt.Sprintf("%dms", d.Milliseconds())
+	}
+
+	if d < time.Minute {
+		return fmt.Sprintf("%ds", int(d.Seconds()))
+	}
+
+	if d < time.Hour {
+		minutes := int(d.Minutes())
+		seconds := int(d.Seconds()) % 60
+		if seconds > 0 {
+			return fmt.Sprintf("%dm %ds", minutes, seconds)
+		}
+		return fmt.Sprintf("%dm", minutes)
+	}
+
+	if d < 24*time.Hour {
+		hours := int(d.Hours())
+		minutes := int(d.Minutes()) % 60
+		if minutes > 0 {
+			return fmt.Sprintf("%dh %dm", hours, minutes)
+		}
+		return fmt.Sprintf("%dh", hours)
+	}
+
+	// For durations >= 24 hours
+	totalHours := int(d.Hours())
+	days := totalHours / 24
+	hours := totalHours % 24
+	minutes := int(d.Minutes()) % 60
+
+	if minutes > 0 {
+		return fmt.Sprintf("%dd %dh %dm", days, hours, minutes)
+	}
+
+	if hours > 0 {
+		return fmt.Sprintf("%dd %dh", days, hours)
+	}
+
+	return fmt.Sprintf("%dd", days)
+}
diff --git a/internal/utils/net.go b/internal/utils/net.go
index 84f107b..99b80e4 100644
--- a/internal/utils/net.go
+++ b/internal/utils/net.go
@@ -1,9 +1,13 @@
 package utils
 
 import (
+	"context"
 	"errors"
 	"io"
 	"net"
+	"net/http"
+	"strings"
+	"time"
 )
 
 func IsErrTimeout(err error) bool {
@@ -18,3 +22,94 @@ func IsErrTimeout(err error) bool {
 
 	return false
 }
+
+// GetPublicIP tries to determine the public IP of the machine.
+// Strategy:
+// 1) Query a few public IP echo services with a short timeout.
+// 2) Validate and return the first parsed IP (IPv4 preferred, but IPv6 accepted).
+// 3) Fallback to a best-effort local IPv4 address if public IP cannot be determined.
+func GetPublicIP() string {
+	endpoints := []string{
+		"https://api.ipify.org",
+		"https://checkip.amazonaws.com",
+		"https://ifconfig.me/ip",
+	}
+
+	// Use both client timeout and context timeout for extra safety.
+	client := &http.Client{Timeout: 1200 * time.Millisecond}
+	ctx, cancel := context.WithTimeout(context.Background(), 1500*time.Millisecond)
+	defer cancel()
+
+	for _, url := range endpoints {
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+		if err != nil {
+			continue
+		}
+		resp, err := client.Do(req)
+		if err != nil {
+			continue
+		}
+		b, _ := io.ReadAll(io.LimitReader(resp.Body, 64))
+		resp.Body.Close()
+		ipStr := strings.TrimSpace(string(b))
+		if ipStr == "" {
+			continue
+		}
+		ip := net.ParseIP(ipStr)
+		if ip == nil {
+			continue
+		}
+		if ip4 := ip.To4(); ip4 != nil {
+			return ip4.String()
+		}
+		// return IPv6 if no IPv4
+		return ip.String()
+	}
+
+	// Fallback to local IPv4 if public IP can't be fetched
+	return getLocalIPv4()
+}
+
+// getLocalIPv4 attempts to determine a stable, non-loopback local IPv4 address.
+func getLocalIPv4() string {
+	// Try UDP dial trick first
+	conn, err := net.Dial("udp", "8.8.8.8:80")
+	if err == nil {
+		defer conn.Close()
+		if localAddr, ok := conn.LocalAddr().(*net.UDPAddr); ok {
+			if ip4 := localAddr.IP.To4(); ip4 != nil && !ip4.IsLoopback() {
+				return ip4.String()
+			}
+		}
+	}
+
+	// Scan interfaces
+	ifaces, err := net.Interfaces()
+	if err == nil {
+		for _, iface := range ifaces {
+			if (iface.Flags&net.FlagUp) == 0 || (iface.Flags&net.FlagLoopback) != 0 {
+				continue
+			}
+			addrs, err := iface.Addrs()
+			if err != nil {
+				continue
+			}
+			for _, addr := range addrs {
+				var ip net.IP
+				switch v := addr.(type) {
+				case *net.IPNet:
+					ip = v.IP
+				case *net.IPAddr:
+					ip = v.IP
+				}
+				if ip == nil {
+					continue
+				}
+				if ip4 := ip.To4(); ip4 != nil && !ip4.IsLoopback() {
+					return ip4.String()
+				}
+			}
+		}
+	}
+	return "127.0.0.1"
+}
diff --git a/internal/utils/rand.go b/internal/utils/rand.go
new file mode 100644
index 0000000..a7cd2ac
--- /dev/null
+++ b/internal/utils/rand.go
@@ -0,0 +1,78 @@
+package utils
+
+import (
+	"crypto/rand"
+	"errors"
+	"math/big"
+)
+
+const defaultAlphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-@#$%"
+
+// GenerateRandomString generates a random string of the specified length using the provided alphabet.
+func GenerateRandomString(n int, alphabet string) (string, error) {
+	if n <= 0 {
+		return "", nil
+	}
+	if alphabet == "" {
+		alphabet = defaultAlphabet
+	}
+	// rejection sampling: берём байты до ближайшего кратного len(alphabet)
+	alLen := byte(len(alphabet))
+	maxrb := byte(255 - (256 % int(alLen)))
+
+	out := make([]byte, n)
+	i := 0
+	buf := make([]byte, 64) // читаем пачками для эффективности
+
+	for i < n {
+		if _, err := rand.Read(buf); err != nil {
+			return "", err
+		}
+		for _, rb := range buf {
+			if rb > maxrb {
+				continue // отбросить, чтобы не было смещения
+			}
+			out[i] = alphabet[int(rb)%int(alLen)]
+			i++
+			if i == n {
+				break
+			}
+		}
+	}
+
+	return string(out), nil
+}
+
+// GenerateRandomNumber generates a random number of the specified length.
+func GenerateRandomNumber(length uint) (int64, error) {
+	if length == 0 {
+		return 0, errors.New("length must be >= 1")
+	}
+	// int64 maximum 19 digits (9223372036854775807).
+	if length > 19 {
+		return 0, errors.New("length too large for int64; use string variant")
+	}
+
+	// min = 10^(length-1), max = 10^length - 1
+	pow10 := func(n uint) int64 {
+		var x int64 = 1
+		for i := uint(0); i < n; i++ {
+			x *= 10
+		}
+		return x
+	}
+
+	var min int64 = 1
+	if length > 1 {
+		min = pow10(length - 1)
+	}
+	max := pow10(length) - 1
+
+	// range [min, max] inclusive
+	rng := big.NewInt(max - min + 1)
+	n, err := rand.Int(rand.Reader, rng)
+	if err != nil {
+		return 0, err
+	}
+	return n.Int64() + min, nil
+}
diff --git a/internal/utils/rand_test.go b/internal/utils/rand_test.go
new file mode 100644
index 0000000..1dc590d
--- /dev/null
+++ b/internal/utils/rand_test.go
@@ -0,0 +1,84 @@
+package utils
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestGenerateRandomString(t *testing.T) {
+	tests := []struct {
+		name     string
+		n        int
+		alphabet string
+	}{
+		{"length 0", 0, ""},
+		{"length 1 default alphabet", 1, ""},
+		{"length 10 default alphabet", 10, ""},
+		{"length 100 default alphabet", 100, ""},
+		{"length 1000 default alphabet", 1000, ""},
+		{"length 100 custom alphabet", 100, "abc"},
+		{"length 100 custom alphabet", 100, "0123456789"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s, err := GenerateRandomString(tt.n, tt.alphabet)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			fmt.Println(s)
+			if len(s) != tt.n {
+				t.Errorf("expected length %d, got %d", tt.n, len(s))
+			}
+			if tt.alphabet != "" {
+				for _, c := range s {
+					if !strings.ContainsRune(tt.alphabet, c) {
+						t.Errorf("character %q not in alphabet %q", c, tt.alphabet)
+					}
+				}
+			}
+		})
+	}
+}
+
+func TestGenerateRandomNumber(t *testing.T) {
+	tests := []struct {
+		name   string
+		length uint
+	}{
+		{"length 1", 1},
+		{"length 5", 5},
+		{"length 10", 10},
+		{"length 19", 19},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			n, err := GenerateRandomNumber(tt.length)
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			fmt.Println(n)
+			s := fmt.Sprintf("%d", n)
+			if len(s) != int(tt.length) {
+				t.Errorf("expected length %d, got %d", tt.length, len(s))
+			}
+			if s[0] == '0' {
+				t.Errorf("number starts with zero: %s", s)
+			}
+		})
+	}
+
+	// Test error cases
+	t.Run("length 0", func(t *testing.T) {
+		_, err := GenerateRandomNumber(0)
+		if err == nil {
+			t.Error("expected error for length 0, got nil")
+		}
+	})
+	t.Run("length too large", func(t *testing.T) {
+		_, err := GenerateRandomNumber(20)
+		if err == nil {
+			t.Error("expected error for length > 19, got nil")
+		}
+	})
+}
diff --git a/internal/utils/ulid.go b/internal/utils/ulid.go
new file mode 100644
index 0000000..e730c5a
--- /dev/null
+++ b/internal/utils/ulid.go
@@ -0,0 +1,8 @@
+package utils
+
+import "github.com/oklog/ulid/v2"
+
+// GenerateULID generates a new ULID
+func GenerateULID() string {
+	return ulid.Make().String()
+}
diff --git a/internal/web/auth_test.go b/internal/web/auth_test.go
deleted file mode 100644
index 4e2061b..0000000
--- a/internal/web/auth_test.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package web
-
-import (
-	"encoding/base64"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/gofiber/fiber/v2"
-	"github.com/stretchr/testify/assert"
-	"github.com/sxwebdev/sentinel/internal/config"
-)
-
-func TestBasicAuth(t *testing.T) {
-	// Create test config with auth enabled
-	cfg := &config.Config{
-		Server: config.ServerConfig{
-			Auth: config.AuthConfig{
-				Enabled: true,
-				Users: []config.UserAuth{
-					{Username: "admin", Password: "secret"},
-					{Username: "viewer", Password: "readonly"},
-				},
-			},
-		},
-	}
-
-	app := fiber.New()
-
-	// Create server instance
-	server := &Server{
-		config: cfg,
-		app:    app,
-	}
-
-	// Apply auth middleware
-	app.Use(server.createBasicAuthMiddleware())
-
-	// Add test route
-	app.Get("/test", func(c *fiber.Ctx) error {
-		return c.JSON(fiber.Map{"message": "success"})
-	})
-
-	tests := []struct {
-		name           string
-		username       string
-		password       string
-		expectedStatus int
-	}{
-		{
-			name:           "Valid admin credentials",
-			username:       "admin",
-			password:       "secret",
-			expectedStatus: 200,
-		},
-		{
-			name:           "Valid viewer credentials",
-			username:       "viewer",
-			password:       "readonly",
-			expectedStatus: 200,
-		},
-		{
-			name:           "Invalid username",
-			username:       "invalid",
-			password:       "secret",
-			expectedStatus: 401,
-		},
-		{
-			name:           "Invalid password",
-			username:       "admin",
-			password:       "wrong",
-			expectedStatus: 401,
-		},
-		{
-			name:           "No credentials",
-			username:       "",
-			password:       "",
-			expectedStatus: 401,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			req := httptest.NewRequest("GET", "/test", nil)
-
-			if tt.username != "" && tt.password != "" {
-				credentials := base64.StdEncoding.EncodeToString([]byte(tt.username + ":" + tt.password))
-				req.Header.Set("Authorization", "Basic "+credentials)
-			}
-
-			resp, err := app.Test(req)
-			assert.NoError(t, err)
-			assert.Equal(t, tt.expectedStatus, resp.StatusCode)
-		})
-	}
-}
-
-func TestWebSocketBypass(t *testing.T) {
-	// Create test config with auth enabled
-	cfg := &config.Config{
-		Server: config.ServerConfig{
-			Auth: config.AuthConfig{
-				Enabled: true,
-				Users: []config.UserAuth{
-					{Username: "admin", Password: "secret"},
-				},
-			},
-		},
-	}
-
-	app := fiber.New()
-
-	// Create server instance
-	server := &Server{
-		config: cfg,
-		app:    app,
-	}
-
-	// Apply auth middleware
-	app.Use(server.createBasicAuthMiddleware())
-
-	// Add test WebSocket route
-	app.Get("/ws", func(c *fiber.Ctx) error {
-		return c.JSON(fiber.Map{"message": "websocket endpoint"})
-	})
-
-	// Test WebSocket upgrade request (should bypass auth)
-	req := httptest.NewRequest("GET", "/ws", nil)
-	req.Header.Set("Upgrade", "websocket")
-	req.Header.Set("Connection", "Upgrade")
-	req.Header.Set("Sec-WebSocket-Key", "dGhlIHNhbXBsZSBub25jZQ==")
-	req.Header.Set("Sec-WebSocket-Version", "13")
-
-	resp, err := app.Test(req)
-	assert.NoError(t, err)
-	assert.Equal(t, 200, resp.StatusCode)
-}
diff --git a/internal/web/dto.go b/internal/web/dto.go
index d2cd85d..4054789 100644
--- a/internal/web/dto.go
+++ b/internal/web/dto.go
@@ -3,25 +3,24 @@ package web
 import (
 	"time"
 
+	"github.com/sxwebdev/sentinel/internal/models"
 	"github.com/sxwebdev/sentinel/internal/monitors"
-	"github.com/sxwebdev/sentinel/internal/storage"
 )
 
 // DashboardStats represents dashboard statistics
 //
 //	@Description	Dashboard statistics
 type DashboardStats struct {
-	TotalServices    int                                 `json:"total_services" example:"10"`
-	ServicesUp       int                                 `json:"services_up" example:"8"`
-	ServicesDown     int                                 `json:"services_down" example:"1"`
-	ServicesUnknown  int                                 `json:"services_unknown" example:"1"`
-	Protocols        map[storage.ServiceProtocolType]int `json:"protocols"`
-	ActiveIncidents  int                                 `json:"active_incidents" example:"2"`
-	AvgResponseTime  int64                               `json:"avg_response_time" example:"150"`
-	TotalChecks      int                                 `json:"total_checks" example:"1000"`
-	UptimePercentage float64                             `json:"uptime_percentage" example:"95.5"`
-	LastCheckTime    *time.Time                          `json:"last_check_time"`
-	ChecksPerMinute  int                                 `json:"checks_per_minute" example:"60"`
+	TotalServices    int64                              `json:"total_services" example:"10"`
+	ServicesUp       int64                              `json:"services_up" example:"8"`
+	ServicesDown     int64                              `json:"services_down" example:"1"`
+	ServicesUnknown  int64                              `json:"services_unknown" example:"1"`
+	ActiveIncidents  int64                              `json:"active_incidents" example:"2"`
+	AvgResponseTime  int64                              `json:"avg_response_time" example:"150"`
+	TotalChecks      int64                              `json:"total_checks" example:"1000"`
+	UptimePercentage float64                            `json:"uptime_percentage" example:"95.5"`
+	ChecksPerMinute  int64                              `json:"checks_per_minute" example:"60"`
+	Protocols        map[models.ServiceProtocolType]int `json:"protocols"`
 }
 
 // Incident represents an incident
@@ -53,46 +52,62 @@ type ServiceStats struct {
 
 // CreateUpdateServiceRequest represents a request to create or update a service
 type CreateUpdateServiceRequest struct {
-	Name      string                      `json:"name" example:"Web Server"`
-	Protocol  storage.ServiceProtocolType `json:"protocol" example:"http"`
-	Interval  uint32                      `json:"interval" swaggertype:"primitive,integer" example:"60000"`
-	Timeout   uint32                      `json:"timeout" swaggertype:"primitive,integer" example:"10000"`
-	Retries   int                         `json:"retries" example:"5"`
-	Tags      []string                    `json:"tags" example:"web,production"`
-	Config    monitors.Config             `json:"config"`
-	IsEnabled bool                        `json:"is_enabled" example:"true"`
+	Name      string                     `json:"name" example:"Web Server"`
+	Protocol  models.ServiceProtocolType `json:"protocol" example:"http"`
+	Interval  int64                      `json:"interval" swaggertype:"primitive,integer" example:"60000"`
+	Timeout   int64                      `json:"timeout" swaggertype:"primitive,integer" example:"10000"`
+	Retries   int64                      `json:"retries" example:"5"`
+	Tags      []string                   `json:"tags" example:"web,production"`
+	Config    monitors.Config            `json:"config"`
+	IsEnabled bool                       `json:"is_enabled" example:"true"`
+	AgentIDs  []string                   `json:"agent_ids,omitempty" example:"agent-1,agent-2"`
 }
 
 // ServiceDTO represents a service for API responses
 type ServiceDTO struct {
-	ID                 string                      `json:"id" example:"service-1"`
-	Name               string                      `json:"name" example:"Web Server"`
-	Protocol           storage.ServiceProtocolType `json:"protocol" example:"http"`
-	Interval           uint32                      `json:"interval" swaggertype:"primitive,integer" example:"60000"`
-	Timeout            uint32                      `json:"timeout" swaggertype:"primitive,integer" example:"10000"`
-	Retries            int                         `json:"retries" example:"5"`
-	Tags               []string                    `json:"tags" example:"web,production"`
-	Config             monitors.Config             `json:"config"`
-	IsEnabled          bool                        `json:"is_enabled" example:"true"`
-	ActiveIncidents    int                         `json:"active_incidents" example:"2"`
-	TotalIncidents     int                         `json:"total_incidents" example:"10"`
-	Status             storage.ServiceStatus       `json:"status" example:"up / down / unknown"`
-	LastCheck          *time.Time                  `json:"last_check,omitempty" example:"2023-10-01T12:00:00Z"`
-	NextCheck          *time.Time                  `json:"next_check,omitempty" example:"2023-10-01T12:05:00Z"`
-	LastError          *string                     `json:"last_error,omitempty" example:"Connection timeout"`
-	ConsecutiveFails   int                         `json:"consecutive_fails" example:"1"`
-	ConsecutiveSuccess int                         `json:"consecutive_success" example:"5"`
-	TotalChecks        int                         `json:"total_checks" example:"100"`
-	ResponseTime       uint32                      `json:"response_time" swaggertype:"primitive,integer" example:"150000000"`
+	ID                 string                     `json:"id" example:"service-1"`
+	Name               string                     `json:"name" example:"Web Server"`
+	Protocol           models.ServiceProtocolType `json:"protocol" example:"http"`
+	Interval           int64                      `json:"interval"`
+	Timeout            int64                      `json:"timeout"`
+	Retries            int64                      `json:"retries" example:"5"`
+	Tags               []string                   `json:"tags" example:"web,production"`
+	Config             monitors.Config            `json:"config"`
+	IsEnabled          bool                       `json:"is_enabled" example:"true"`
+	ActiveIncidents    int                        `json:"active_incidents" example:"2"`
+	TotalIncidents     int                        `json:"total_incidents" example:"10"`
+	Status             models.ServiceStatus       `json:"status" example:"up / down / unknown"`
+	LastCheck          *time.Time                 `json:"last_check,omitempty" example:"2023-10-01T12:00:00Z"`
+	LastError          *string                    `json:"last_error,omitempty" example:"Connection timeout"`
+	ConsecutiveFails   int                        `json:"consecutive_fails" example:"1"`
+	ConsecutiveSuccess int                        `json:"consecutive_success" example:"5"`
+	TotalChecks        int                        `json:"total_checks" example:"100"`
+	AvgResponseTime    *int64                     `json:"avg_response_time"`
 }
 
 type ServerInfoResponse struct {
-	Version         string           `json:"version" example:"1.0.0"`
-	CommitHash      string           `json:"commit_hash" example:"abc123def456"`
-	BuildDate       string           `json:"build_date" example:"2023-10-01T12:00:00Z"`
-	GoVersion       string           `json:"go_version" example:"go1.24.4"`
-	SqliteVersion   string           `json:"sqlite_version" example:"3.50.1"`
-	OS              string           `json:"os" example:"linux"`
-	Arch            string           `json:"arch" example:"amd64"`
-	AvailableUpdate *AvailableUpdate `json:"available_update,omitempty"`
+	Version         string                  `json:"version" example:"1.0.0"`
+	CommitHash      string                  `json:"commit_hash" example:"abc123def456"`
+	BuildDate       string                  `json:"build_date" example:"2023-10-01T12:00:00Z"`
+	GoVersion       string                  `json:"go_version" example:"go1.24.4"`
+	SqliteVersion   string                  `json:"sqlite_version" example:"3.50.1"`
+	OS              string                  `json:"os" example:"linux"`
+	Arch            string                  `json:"arch" example:"amd64"`
+	AvailableUpdate *models.AvailableUpdate `json:"available_update,omitempty"`
+}
+
+type AgentDTO struct {
+	ID              string                 `json:"id"`
+	Name            string                 `json:"name"`
+	Description     *string                `json:"description"`
+	TokenHint       string                 `json:"token_hint"`
+	Fingerprint     *string                `json:"fingerprint"`
+	Status          models.AgentStatusType `json:"status"`
+	IsEnabled       bool                   `json:"is_enabled"`
+	Tags            []string               `json:"tags" example:"tag1,tag2"`
+	Config          map[string]any         `json:"config"`
+	SystemInfo      models.SystemInfo      `json:"system_info"`
+	LastConnectedAt *time.Time             `json:"last_connected_at" example:"2023-10-01T12:00:00Z"`
+	CreatedAt       time.Time              `json:"created_at"`
+	UpdatedAt       time.Time              `json:"updated_at"`
 }
diff --git a/internal/web/errors.go b/internal/web/errors.go
deleted file mode 100644
index b51ccef..0000000
--- a/internal/web/errors.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package web
-
-import "errors"
-
-var (
-	ErrServiceIDRequired   = errors.New("service ID is required")
-	ErrServiceNameRequired = errors.New("service name is required")
-	ErrProtocolRequired    = errors.New("protocol is required")
-	ErrIncidentIDRequired  = errors.New("incident ID is required")
-)
diff --git a/internal/web/handlers.go b/internal/web/handlers.go
deleted file mode 100644
index 6871e63..0000000
--- a/internal/web/handlers.go
+++ /dev/null
@@ -1,909 +0,0 @@
-// Package web provides HTTP handlers for the Sentinel monitoring system
-//
-//	@title						Sentinel Monitoring API
-//	@version					1.0
-//	@description				API for service monitoring and incident management
-//	@termsOfService				http://swagger.io/terms/
-//	@contact.name				API Support
-//	@contact.url				http://www.swagger.io/support
-//	@contact.email				support@swagger.io
-//	@license.name				Apache 2.0
-//	@license.url				http://www.apache.org/licenses/LICENSE-2.0.html
-//	@BasePath					/api/v1
-//	@securityDefinitions.basic	BasicAuth
-package web
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	goHTML "html"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/dromara/carbon/v2"
-	"github.com/go-playground/validator/v10"
-	"github.com/gofiber/contrib/websocket"
-	"github.com/gofiber/fiber/v2"
-	"github.com/gofiber/fiber/v2/middleware/cors"
-	swagger "github.com/swaggo/fiber-swagger"
-	"github.com/sxwebdev/sentinel/docs/docsv1"
-	"github.com/sxwebdev/sentinel/frontend"
-	"github.com/sxwebdev/sentinel/internal/config"
-	"github.com/sxwebdev/sentinel/internal/monitor"
-	"github.com/sxwebdev/sentinel/internal/receiver"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/upgrader"
-	"github.com/sxwebdev/sentinel/internal/utils"
-	"github.com/sxwebdev/sentinel/pkg/dbutils"
-	"github.com/tkcrm/mx/logger"
-)
-
-// Server represents the web server
-type Server struct {
-	logger logger.Logger
-
-	serverInfo ServerInfo
-
-	config        *config.Config
-	app           *fiber.App
-	wsConnections map[*websocket.Conn]bool
-	wsMutex       sync.Mutex
-	validator     *validator.Validate
-
-	storage        storage.Storage
-	monitorService *monitor.MonitorService
-	receiver       *receiver.Receiver
-	upgrader       *upgrader.Upgrader
-}
-
-// NewServer creates a new web server
-func NewServer(
-	logger logger.Logger,
-	cfg *config.Config,
-	serverInfo ServerInfo,
-	monitorService *monitor.MonitorService,
-	storage storage.Storage,
-	receiver *receiver.Receiver,
-	upgrader *upgrader.Upgrader,
-) (*Server, error) {
-	// Create Fiber app
-	app := fiber.New(fiber.Config{
-		AppName:               "Sentinel",
-		DisableStartupMessage: true,
-	})
-
-	app.Use(cors.New())
-
-	server := &Server{
-		logger:         logger,
-		serverInfo:     serverInfo,
-		monitorService: monitorService,
-		storage:        storage,
-		receiver:       receiver,
-		config:         cfg,
-		app:            app,
-		wsConnections:  make(map[*websocket.Conn]bool),
-		validator:      validator.New(),
-		upgrader:       upgrader,
-	}
-
-	// Setup basic auth if enabled
-	if cfg.Server.Auth.Enabled {
-		app.Use(server.createBasicAuthMiddleware())
-	}
-
-	// Set Swagger host from config
-	docsv1.SwaggerInfo.Host = cfg.Server.BaseHost
-	docsv1.SwaggerInfo.BasePath = "/api/v1"
-	docsv1.SwaggerInfo.Schemes = []string{"http", "https"}
-
-	// Setup routes
-	server.setupRoutes()
-
-	return server, nil
-}
-
-// Name returns the name of the server
-func (s *Server) Name() string { return "webserver" }
-
-// Start starts the web server
-func (s *Server) Start(ctx context.Context) error {
-	errChan := make(chan error, 1)
-
-	go func() {
-		addr := fmt.Sprintf("%s:%d", s.config.Server.Host, s.config.Server.Port)
-		if err := s.App().Listen(addr); err != nil {
-			errChan <- fmt.Errorf("failed to start Fiber server: %w", err)
-		}
-	}()
-
-	go func() {
-		s.checkNewVersionWrapper(ctx)
-	}()
-
-	go func() {
-		errChan <- s.subscribeEvents(ctx)
-	}()
-
-	select {
-	case err := <-errChan:
-		return err
-	case <-ctx.Done():
-	}
-
-	return nil
-}
-
-func (s *Server) Stop(ctx context.Context) error {
-	s.wsMutex.Lock()
-	for conn := range s.wsConnections {
-		conn.Close()
-	}
-
-	s.wsConnections = make(map[*websocket.Conn]bool)
-	s.wsMutex.Unlock()
-
-	if err := s.App().ShutdownWithContext(ctx); err != nil {
-		return fmt.Errorf("failed to shutdown Fiber server: %w", err)
-	}
-
-	return nil
-}
-
-// setupRoutes configures all routes
-func (s *Server) setupRoutes() {
-	// API routes first (higher priority)
-	api := s.app.Group("/api/v1")
-	// Swagger UI
-	api.Get("/swagger/*", swagger.WrapHandler)
-
-	// Dashboard API
-	api.Get("/dashboard/stats", s.handleAPIDashboardStats)
-
-	// Service management API
-	api.Get("/services", s.handleFindServices)
-	api.Post("/services", s.handleAPICreateService)
-	api.Put("/services/:id", s.handleAPIUpdateService)
-	api.Delete("/services/:id", s.handleAPIDeleteService)
-	api.Post("/services/:id/check", s.handleAPIServiceCheck)
-	api.Post("/services/:id/resolve", s.handleAPIServiceResolve)
-
-	// Service detail API
-	api.Get("/services/:id", s.handleAPIServiceDetail)
-	api.Get("/services/:id/stats", s.handleAPIServiceStats)
-
-	// Incident management API
-	api.Get("/incidents", s.handleFindIncidents)
-	api.Get("/incidents/stats", s.handleAPIGetIncidentsStats)
-	api.Get("/services/:id/incidents", s.handleAPIServiceIncidents)
-	api.Delete("/services/:id/incidents/:incidentId", s.handleAPIDeleteIncident)
-
-	// Tags API
-	api.Get("/tags", s.handleGetAllTags)
-	api.Get("/tags/count", s.handleGetAllTagsWithCount)
-
-	// Server API
-	serverGroup := api.Group("/server")
-	serverGroup.Get("/info", s.handleAPIInfo)
-	serverGroup.Get("/upgrade", s.handleManualUpgrade)
-	serverGroup.Get("/health", s.handleHealthCheck)
-
-	// WebSocket endpoint
-	s.app.Use("/ws", func(c *fiber.Ctx) error {
-		if websocket.IsWebSocketUpgrade(c) {
-			c.Locals("allowed", true)
-			return c.Next()
-		}
-		return fiber.ErrUpgradeRequired
-	})
-	s.app.Get("/ws", websocket.New(s.handleWebSocket))
-
-	// Serve static assets from React build
-	s.app.Get("/assets/*", s.handleStaticFiles)
-	s.app.Get("/vite.svg", s.handleStaticFiles)
-
-	// SPA fallback - serve index.html for all other routes
-	s.app.Get("/*", s.handleSPA)
-}
-
-// App returns the Fiber app instance
-func (s *Server) App() *fiber.App {
-	return s.app
-}
-
-// handleStaticFiles serves static assets from React build
-func (s *Server) handleStaticFiles(c *fiber.Ctx) error {
-	// Get the requested file path
-	filePath := c.Params("*")
-	if filePath == "" {
-		// For routes like /vite.svg, get the full path
-		filePath = strings.TrimPrefix(c.Path(), "/")
-	} else {
-		// For routes like /assets/*, we need to reconstruct the full path
-		// because the route captures only the part after /assets/
-		if strings.HasPrefix(c.Path(), "/assets/") {
-			filePath = "assets/" + filePath
-		}
-	}
-
-	// Read file from embedded filesystem
-	content, err := frontend.StaticFS.ReadFile("dist/" + filePath)
-	if err != nil {
-		return c.Status(fiber.StatusNotFound).SendString("File not found")
-	}
-
-	// Set appropriate content type based on file extension
-	if strings.HasSuffix(filePath, ".js") {
-		c.Set("Content-Type", "application/javascript")
-	} else if strings.HasSuffix(filePath, ".css") {
-		c.Set("Content-Type", "text/css")
-	} else if strings.HasSuffix(filePath, ".svg") {
-		c.Set("Content-Type", "image/svg+xml")
-	} else if strings.HasSuffix(filePath, ".png") {
-		c.Set("Content-Type", "image/png")
-	} else if strings.HasSuffix(filePath, ".jpg") || strings.HasSuffix(filePath, ".jpeg") {
-		c.Set("Content-Type", "image/jpeg")
-	} else if strings.HasSuffix(filePath, ".ico") {
-		c.Set("Content-Type", "image/x-icon")
-	} else if strings.HasSuffix(filePath, ".woff") || strings.HasSuffix(filePath, ".woff2") {
-		c.Set("Content-Type", "font/woff2")
-	}
-
-	return c.Send(content)
-}
-
-// handleSPA serves the React app's index.html for all non-API routes
-func (s *Server) handleSPA(c *fiber.Ctx) error {
-	// Serve index.html for SPA routing
-	content, err := frontend.StaticFS.ReadFile("dist/index.html")
-	if err != nil {
-		return c.Status(fiber.StatusInternalServerError).SendString("Could not load application")
-	}
-
-	// Inject configuration into HTML
-	configScript := fmt.Sprintf(`<script>
-		window.__SENTINEL_CONFIG__ = {
-			baseUrl: "%s",
-			socketUrl: "%s"
-		};
-	</script>`, s.config.Server.Frontend.BaseURL, s.config.Server.Frontend.SocketURL)
-
-	// Insert config script before closing head tag
-	htmlContent := string(content)
-	htmlContent = strings.Replace(htmlContent, "</head>", configScript+"\n</head>", 1)
-
-	c.Set("Content-Type", "text/html")
-	return c.SendString(htmlContent)
-}
-
-// handleFindServices handles GET /api/v1/services
-//
-//	@Summary		Get all services
-//	@Description	Returns a list of all services with their current states
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			name		query		string										false	"Filter by service name"
-//	@Param			tags		query		[]string									false	"Filter by service tags"
-//	@Param			status		query		string										false	"Filter by service status"	ENUM("up", "down")
-//	@Param			is_enabled	query		bool										false	"Filter by enabled status"
-//	@Param			protocol	query		string										false	"Filter by protocol"	ENUM("http", "tcp", "grpc")
-//	@Param			order_by	query		string										false	"Order by field"		ENUM("name", "created_at")
-//	@Param			page		query		uint32										false	"Page number (for pagination)"
-//	@Param			page_size	query		uint32										false	"Number of items per page (default 20)"
-//	@Success		200			{object}	dbutils.FindResponseWithCount[ServiceDTO]	"List of services with states"
-//	@Failure		500			{object}	ErrorResponse								"Internal server error"
-//	@Router			/services [get]
-func (s *Server) handleFindServices(c *fiber.Ctx) error {
-	ctx := c.Context()
-
-	// Parse query parameters
-	params := struct {
-		Name      string   `query:"name"`
-		Tags      []string `query:"tags"`
-		Status    string   `query:"status" validate:"omitempty,oneof=up down"`
-		IsEnabled *bool    `query:"is_enabled"`
-		Protocol  string   `query:"protocol" validate:"omitempty,oneof=http tcp grpc"`
-		OrderBy   string   `query:"order_by" validate:"omitempty,oneof=name created_at"`
-		Page      *uint32  `query:"page" validate:"omitempty,gte=1"`
-		PageSize  *uint32  `query:"page_size" validate:"omitempty,gte=1,lte=100"`
-	}{}
-	if err := c.QueryParser(&params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// Validate query parameters
-	if err := s.validator.Struct(params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	services, err := s.monitorService.FindServices(ctx, storage.FindServicesParams{
-		Name:      params.Name,
-		Tags:      params.Tags,
-		Status:    params.Status,
-		IsEnabled: params.IsEnabled,
-		Protocol:  params.Protocol,
-		OrderBy:   params.OrderBy,
-		Page:      params.Page,
-		PageSize:  params.PageSize,
-	})
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	result := dbutils.FindResponseWithCount[ServiceDTO]{
-		Items: make([]ServiceDTO, 0, len(services.Items)),
-		Count: services.Count,
-	}
-
-	// Get services with their states
-	for _, service := range services.Items {
-		svc, err := convertServiceToDTO(service)
-		if err != nil {
-			return err
-		}
-
-		result.Items = append(result.Items, svc)
-	}
-
-	return c.JSON(result)
-}
-
-// handleAPIServiceDetail returns service details
-//
-//	@Summary		Get service details
-//	@Description	Returns detailed information about a specific service
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			id	path		string			true	"Service ID"
-//	@Success		200	{object}	ServiceDTO		"Service details with state"
-//	@Failure		400	{object}	ErrorResponse	"Bad request"
-//	@Failure		404	{object}	ErrorResponse	"Service not found"
-//	@Router			/services/{id} [get]
-func (s *Server) handleAPIServiceDetail(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	targetService, err := s.monitorService.GetServiceByID(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	// Get service with state
-	svcDTO, err := convertServiceToDTO(targetService)
-	if err != nil {
-		return err
-	}
-
-	if svcDTO.LastError != nil && *svcDTO.LastError != "" {
-		svcDTO.LastError = utils.Pointer(goHTML.EscapeString(*svcDTO.LastError))
-	}
-
-	return c.JSON(svcDTO)
-}
-
-// handleAPIServiceIncidents returns service incidents
-//
-//	@Summary		Get service incidents
-//	@Description	Returns a list of incidents for a specific service
-//	@Tags			incidents
-//	@Accept			json
-//	@Produce		json
-//	@Param			id			path		string											true	"Service ID"
-//	@Param			incident_id	query		string											false	"Filter by incident ID"
-//	@Param			resolved	query		bool											false	"Filter by resolved status"
-//	@Param			start_time	query		time.Time										false	"Filter by start time (RFC3339 format)"
-//	@Param			end_time	query		time.Time										false	"Filter by end time (RFC3339 format)"
-//	@Param			page		query		uint32											false	"Page number (for pagination)"
-//	@Param			page_size	query		uint32											false	"Number of items per page (default 20)"
-//	@Success		200			{object}	dbutils.FindResponseWithCount[storage.Incident]	"List of incidents"
-//	@Failure		400			{object}	ErrorResponse									"Bad request"
-//	@Failure		500			{object}	ErrorResponse									"Internal server error"
-//	@Router			/services/{id}/incidents [get]
-func (s *Server) handleAPIServiceIncidents(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	params := struct {
-		IncidentID string     `query:"incident_id"`
-		Resolved   *bool      `query:"resolved"`
-		StartTime  *time.Time `query:"start_time"`
-		EndTime    *time.Time `query:"end_time"`
-		Page       *uint32    `query:"page" validate:"omitempty,gte=1"`
-		PageSize   *uint32    `query:"page_size" validate:"omitempty,gte=1,lte=100"`
-	}{}
-
-	if err := c.QueryParser(&params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// Validate query parameters
-	if err := s.validator.Struct(params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// First check if service exists
-	_, err := s.monitorService.GetServiceByID(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusNotFound, err)
-	}
-
-	incidents, err := s.storage.FindIncidents(c.Context(), storage.FindIncidentsParams{
-		ID:        params.IncidentID,
-		ServiceID: serviceID,
-		Resolved:  params.Resolved,
-		StartTime: params.StartTime,
-		EndTime:   params.EndTime,
-		Page:      params.Page,
-		PageSize:  params.PageSize,
-	})
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	for _, incident := range incidents.Items {
-		incident.Error = goHTML.EscapeString(incident.Error)
-	}
-
-	return c.JSON(incidents)
-}
-
-// handleAPIServiceStats returns service statistics
-//
-//	@Summary		Get service statistics
-//	@Description	Returns service statistics for the specified period
-//	@Tags			statistics
-//	@Accept			json
-//	@Produce		json
-//	@Param			id		path		string					true	"Service ID"
-//	@Param			days	query		int						false	"Number of days (default 30)"
-//	@Success		200		{object}	storage.ServiceStats	"Service statistics"
-//	@Failure		400		{object}	ErrorResponse			"Bad request"
-//	@Failure		500		{object}	ErrorResponse			"Internal server error"
-//	@Router			/services/{id}/stats [get]
-func (s *Server) handleAPIServiceStats(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	daysStr := c.Query("days", "30")
-	days, err := strconv.Atoi(daysStr)
-	if err != nil {
-		days = 30
-	}
-
-	// First check if service exists
-	_, err = s.monitorService.GetServiceByID(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	since := time.Now().AddDate(0, 0, -days)
-	stats, err := s.monitorService.GetServiceStats(c.Context(), serviceID, since)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.JSON(stats)
-}
-
-// handleAPIServiceCheck triggers a manual check
-//
-//	@Summary		Trigger service check
-//	@Description	Triggers a manual check of service status
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			id	path		string			true	"Service ID"
-//	@Success		200	{object}	SuccessResponse	"Check triggered successfully"
-//	@Failure		400	{object}	ErrorResponse	"Bad request"
-//	@Failure		404	{object}	ErrorResponse	"Service not found"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/services/{id}/check [post]
-func (s *Server) handleAPIServiceCheck(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	// First check if service exists
-	_, err := s.monitorService.GetServiceByID(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusNotFound, err)
-	}
-
-	err = s.monitorService.TriggerCheck(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return newSuccessResponse(c, "check triggered successfully")
-}
-
-// handleAPIServiceResolve resolves a service incident
-//
-//	@Summary		Resolve service incidents
-//	@Description	Forcefully resolves all active incidents for a service
-//	@Tags			incidents
-//	@Accept			json
-//	@Produce		json
-//	@Param			id	path		string			true	"Service ID"
-//	@Success		200	{object}	SuccessResponse	"Incidents resolved successfully"
-//	@Failure		400	{object}	ErrorResponse	"Bad request"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/services/{id}/resolve [post]
-func (s *Server) handleAPIServiceResolve(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	err := s.monitorService.ForceResolveIncidents(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return newSuccessResponse(c, "incidents resolved successfully")
-}
-
-// handleFindIncidents returns recent incidents
-//
-//	@Summary		Get recent incidents
-//	@Description	Returns a list of recent incidents across all services
-//	@Tags			incidents
-//	@Accept			json
-//	@Produce		json
-//	@Param			search		query		string											false	"Filter by service ID or incident ID"
-//	@Param			resolved	query		bool											false	"Filter by resolved status"
-//	@Param			start_time	query		time.Time										false	"Start time for filtering (RFC3339 format)"
-//	@Param			end_time	query		time.Time										false	"End time for filtering (RFC3339 format)"
-//	@Param			page		query		uint32											false	"Page number (default 1)"
-//	@Param			page_size	query		uint32											false	"Number of items per page (default 100)"
-//	@Success		200			{object}	dbutils.FindResponseWithCount[storage.Incident]	"List of incidents"
-//	@Failure		500			{object}	ErrorResponse									"Internal server error"
-//	@Router			/incidents [get]
-func (s *Server) handleFindIncidents(c *fiber.Ctx) error {
-	params := struct {
-		Search    string     `query:"search"`
-		Resolved  *bool      `query:"resolved"`
-		StartTime *time.Time `query:"start_time"`
-		EndTime   *time.Time `query:"end_time"`
-		Page      *uint32    `query:"page" validate:"omitempty,gte=1"`
-		PageSize  *uint32    `query:"page_size" validate:"omitempty,gte=1,lte=100"`
-	}{}
-
-	if err := c.QueryParser(&params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// Validate query parameters
-	if err := s.validator.Struct(params); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	incidents, err := s.storage.FindIncidents(c.Context(), storage.FindIncidentsParams{
-		Search:    params.Search,
-		Resolved:  params.Resolved,
-		StartTime: params.StartTime,
-		EndTime:   params.EndTime,
-		Page:      params.Page,
-		PageSize:  params.PageSize,
-	})
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	for _, incident := range incidents.Items {
-		incident.Error = goHTML.EscapeString(incident.Error)
-	}
-
-	return c.JSON(incidents)
-}
-
-// handleAPIDeleteIncident deletes a specific incident
-//
-//	@Summary		Delete incident
-//	@Description	Deletes a specific incident for a service
-//	@Tags			incidents
-//	@Accept			json
-//	@Produce		json
-//	@Param			id			path	string	true	"Service ID"
-//	@Param			incidentId	path	string	true	"Incident ID"
-//	@Success		204			"Incident deleted"
-//	@Failure		400			{object}	ErrorResponse	"Bad request"
-//	@Failure		404			{object}	ErrorResponse	"Incident not found"
-//	@Failure		500			{object}	ErrorResponse	"Internal server error"
-//	@Router			/services/{id}/incidents/{incidentId} [delete]
-func (s *Server) handleAPIDeleteIncident(c *fiber.Ctx) error {
-	serviceID := c.Params("id")
-	incidentID := c.Params("incidentId")
-
-	if serviceID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	if incidentID == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrIncidentIDRequired)
-	}
-
-	// Check if service exists
-	_, err := s.monitorService.GetServiceByID(c.Context(), serviceID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusNotFound, err)
-	}
-
-	// Delete incident
-	err = s.monitorService.DeleteIncident(c.Context(), serviceID, incidentID)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.SendStatus(fiber.StatusNoContent)
-}
-
-type getIncidentsStatsItem struct {
-	Date               time.Time `json:"date"`
-	Count              int64     `json:"count"`
-	AvgDuration        uint32    `json:"avg_duration"`
-	AvgDurationHuman   string    `json:"avg_duration_human"`
-	TotalDuration      uint32    `json:"total_duration"`
-	TotalDurationHuman string    `json:"total_duration_human"`
-}
-
-type getIncidentsStatsData []getIncidentsStatsItem
-
-// handleAPIGetIncidentsStats
-//
-//	@Summary		Get incidents stats by date range
-//	@Description	Returns the stats of incidents by date range
-//	@Tags			incidents
-//	@Accept			json
-//	@Produce		json
-//	@Param			start_time	query		string					true	"Start time (RFC3339 format)"
-//	@Param			end_time	query		string					true	"End time (RFC3339 format)"
-//	@Success		200			{object}	getIncidentsStatsData	"Incidents stats by date range"
-//	@Failure		400			{object}	ErrorResponse			"Bad request"
-//	@Failure		500			{object}	ErrorResponse			"Internal server error"
-//	@Router			/incidents/stats [get]
-func (s *Server) handleAPIGetIncidentsStats(c *fiber.Ctx) error {
-	startTimeStr := carbon.Parse(c.Query("start_time"))
-	endTimeStr := carbon.Parse(c.Query("end_time"))
-
-	if startTimeStr.HasError() || endTimeStr.HasError() {
-		return newErrorResponse(c, fiber.StatusBadRequest, errors.New("start_time and end_time query parameters are required"))
-	}
-
-	startTime := startTimeStr.StdTime()
-	endTime := endTimeStr.StdTime()
-
-	if endTime.Before(startTime) {
-		return newErrorResponse(c, fiber.StatusBadRequest, errors.New("end_time must be after start_time"))
-	}
-
-	stats, err := s.storage.GetIncidentsStatsByDateRange(c.Context(), startTime, endTime)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, errors.New("failed to get incidents stats: "+err.Error()))
-	}
-
-	// Convert to response format
-	response := make(getIncidentsStatsData, 0, len(stats))
-	for _, item := range stats {
-		response = append(response, getIncidentsStatsItem{
-			Date:               item.Date,
-			Count:              item.Count,
-			AvgDuration:        uint32(item.AvgDuration.Seconds()),
-			AvgDurationHuman:   item.AvgDuration.Round(time.Second).String(),
-			TotalDuration:      uint32(item.TotalDuration.Seconds()),
-			TotalDurationHuman: item.TotalDuration.Round(time.Second).String(),
-		})
-	}
-
-	return c.JSON(response)
-}
-
-// handleAPICreateService creates a new service
-//
-//	@Summary		Create new service
-//	@Description	Creates a new service for monitoring
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			service	body		CreateUpdateServiceRequest	true	"Service configuration"
-//	@Success		201		{object}	ServiceDTO					"Service created"
-//	@Failure		400		{object}	ErrorResponse				"Bad request"
-//	@Failure		500		{object}	ErrorResponse				"Internal server error"
-//	@Router			/services [post]
-func (s *Server) handleAPICreateService(c *fiber.Ctx) error {
-	var serviceDTO CreateUpdateServiceRequest
-	if err := c.BodyParser(&serviceDTO); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// Validate required fields
-	if serviceDTO.Name == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceNameRequired)
-	}
-	if serviceDTO.Protocol == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrProtocolRequired)
-	}
-
-	// Convert to storage.Service
-	createParams := storage.CreateUpdateServiceRequest{
-		Name:      serviceDTO.Name,
-		Protocol:  serviceDTO.Protocol,
-		Interval:  time.Millisecond * time.Duration(serviceDTO.Interval),
-		Timeout:   time.Millisecond * time.Duration(serviceDTO.Timeout),
-		Retries:   serviceDTO.Retries,
-		Tags:      serviceDTO.Tags,
-		IsEnabled: serviceDTO.IsEnabled,
-	}
-
-	// Set default values
-	if createParams.Interval == 0 {
-		createParams.Interval = s.config.Monitoring.Global.DefaultInterval
-	}
-	if createParams.Timeout == 0 {
-		createParams.Timeout = s.config.Monitoring.Global.DefaultTimeout
-	}
-	if createParams.Retries == 0 {
-		createParams.Retries = s.config.Monitoring.Global.DefaultRetries
-	}
-
-	// Convert flat config to proper MonitorConfig structure
-	if err := serviceDTO.Config.Validate(serviceDTO.Protocol); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	createParams.Config = serviceDTO.Config.ConvertToMap()
-
-	// Add service
-	svc, err := s.monitorService.CreateService(c.Context(), createParams)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	res, err := convertServiceToDTO(svc)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.Status(fiber.StatusCreated).JSON(res)
-}
-
-// handleAPIUpdateService updates an existing service
-//
-//	@Summary		Update service
-//	@Description	Updates an existing service
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			id		path		string						true	"Service ID"
-//	@Param			service	body		CreateUpdateServiceRequest	true	"New service configuration"
-//	@Success		200		{object}	ServiceDTO					"Service updated"
-//	@Failure		400		{object}	ErrorResponse				"Bad request"
-//	@Failure		404		{object}	ErrorResponse				"Service not found"
-//	@Failure		500		{object}	ErrorResponse				"Internal server error"
-//	@Router			/services/{id} [put]
-func (s *Server) handleAPIUpdateService(c *fiber.Ctx) error {
-	id := c.Params("id")
-	if id == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	var serviceDTO CreateUpdateServiceRequest
-	if err := c.BodyParser(&serviceDTO); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	// Debug: log the received data
-	s.logger.Debugf("update service request: %+v", serviceDTO)
-
-	// Convert to storage.Service
-	updateParams := storage.CreateUpdateServiceRequest{
-		Name:      serviceDTO.Name,
-		Protocol:  serviceDTO.Protocol,
-		Interval:  time.Millisecond * time.Duration(serviceDTO.Interval),
-		Timeout:   time.Millisecond * time.Duration(serviceDTO.Timeout),
-		Retries:   serviceDTO.Retries,
-		Tags:      serviceDTO.Tags,
-		IsEnabled: serviceDTO.IsEnabled,
-	}
-
-	// Convert flat config to proper MonitorConfig structure
-	if err := serviceDTO.Config.Validate(serviceDTO.Protocol); err != nil {
-		return newErrorResponse(c, fiber.StatusBadRequest, err)
-	}
-
-	updateParams.Config = serviceDTO.Config.ConvertToMap()
-
-	// Validate required fields
-	if updateParams.Name == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceNameRequired)
-	}
-	if updateParams.Protocol == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrProtocolRequired)
-	}
-
-	// Set default values if not provided
-	if updateParams.Interval == 0 {
-		updateParams.Interval = s.config.Monitoring.Global.DefaultInterval
-	}
-	if updateParams.Timeout == 0 {
-		updateParams.Timeout = s.config.Monitoring.Global.DefaultTimeout
-	}
-	if updateParams.Retries == 0 {
-		updateParams.Retries = s.config.Monitoring.Global.DefaultRetries
-	}
-
-	// Update service
-	svc, err := s.monitorService.UpdateService(c.Context(), id, updateParams)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	res, err := convertServiceToDTO(svc)
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.JSON(res)
-}
-
-// handleAPIDeleteService deletes a service
-//
-//	@Summary		Delete service
-//	@Description	Deletes a service from the monitoring system
-//	@Tags			services
-//	@Accept			json
-//	@Produce		json
-//	@Param			id	path	string	true	"Service ID"
-//	@Success		204	"Service deleted"
-//	@Failure		400	{object}	ErrorResponse	"Bad request"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/services/{id} [delete]
-func (s *Server) handleAPIDeleteService(c *fiber.Ctx) error {
-	id := c.Params("id")
-	if id == "" {
-		return newErrorResponse(c, fiber.StatusBadRequest, ErrServiceIDRequired)
-	}
-
-	if err := s.monitorService.DeleteService(c.Context(), id); err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.SendStatus(fiber.StatusNoContent)
-}
-
-// info returns basic server information
-//
-//	@Summary		Get server info
-//	@Description	Returns basic information about the server
-//	@Tags			server
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	ServerInfoResponse	"Server information"
-//	@Failure		500	{object}	ErrorResponse		"Internal server error"
-//	@Router			/server/info [get]
-func (s *Server) handleAPIInfo(c *fiber.Ctx) error {
-	info := ServerInfoResponse{
-		Version:         s.serverInfo.Version,
-		CommitHash:      s.serverInfo.CommitHash,
-		BuildDate:       s.serverInfo.BuildDate,
-		GoVersion:       s.serverInfo.GoVersion,
-		SqliteVersion:   s.serverInfo.SqliteVersion,
-		OS:              s.serverInfo.OS,
-		Arch:            s.serverInfo.Arch,
-		AvailableUpdate: s.serverInfo.AvailableUpdate,
-	}
-
-	return c.JSON(info)
-}
diff --git a/internal/web/helpers.go b/internal/web/helpers.go
index b545ddb..5c86928 100644
--- a/internal/web/helpers.go
+++ b/internal/web/helpers.go
@@ -1,17 +1,14 @@
 package web
 
 import (
-	"context"
 	"fmt"
-	"time"
 
+	"github.com/sxwebdev/sentinel/internal/models"
 	"github.com/sxwebdev/sentinel/internal/monitors"
-	"github.com/sxwebdev/sentinel/internal/storage"
-	"github.com/sxwebdev/sentinel/internal/utils"
 )
 
-// convertServiceToDTO converts a storage.Service to ServiceDTO
-func convertServiceToDTO(service *storage.Service) (ServiceDTO, error) {
+// convertServiceToDTO converts a models.Service to ServiceDTO
+func convertServiceToDTO(service *models.ServiceFullView) (ServiceDTO, error) {
 	config := monitors.Config{}
 	if service.Config != nil {
 		var err error
@@ -25,8 +22,8 @@ func convertServiceToDTO(service *storage.Service) (ServiceDTO, error) {
 		ID:                 service.ID,
 		Name:               service.Name,
 		Protocol:           service.Protocol,
-		Interval:           uint32(service.Interval.Milliseconds()),
-		Timeout:            uint32(service.Timeout.Milliseconds()),
+		Interval:           service.Interval,
+		Timeout:            service.Timeout,
 		Retries:            service.Retries,
 		Tags:               service.Tags,
 		Config:             config,
@@ -35,140 +32,102 @@ func convertServiceToDTO(service *storage.Service) (ServiceDTO, error) {
 		TotalIncidents:     service.TotalIncidents,
 		Status:             service.Status,
 		LastCheck:          service.LastCheck,
-		NextCheck:          service.NextCheck,
 		LastError:          service.LastError,
 		ConsecutiveFails:   service.ConsecutiveFails,
 		ConsecutiveSuccess: service.ConsecutiveSuccess,
 		TotalChecks:        service.TotalChecks,
-	}
-
-	if service.ResponseTime != nil {
-		dto.ResponseTime = uint32(service.ResponseTime.Milliseconds())
+		AvgResponseTime:    service.AvgResponseTime,
 	}
 
 	return dto, nil
 }
 
 // getDashboardStats calculates dashboard statistics
-func (s *Server) getDashboardStats(ctx context.Context) (*DashboardStats, error) {
-	// Get all services with their states
-	services, err := s.monitorService.FindServices(ctx, storage.FindServicesParams{})
-	if err != nil {
-		return nil, err
-	}
-
-	// Get recent incidents
-	activeIncidentsCount, err := s.storage.IncidentsCount(ctx, storage.FindIncidentsParams{
-		Resolved: utils.Pointer(false),
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	// Get all service states
-	serviceStates, err := s.storage.GetAllServiceStates(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	// Create a map for quick lookup of service states by service ID
-	stateMap := make(map[string]*storage.ServiceStateRecord)
-	for _, state := range serviceStates {
-		stateMap[state.ServiceID] = state
-	}
-
-	// Initialize stats
-	stats := DashboardStats{
-		TotalServices:    int(services.Count),
-		ServicesUp:       0,
-		ServicesDown:     0,
-		ServicesUnknown:  0,
-		UptimePercentage: 0.0,
-		AvgResponseTime:  0,
-		TotalChecks:      0,
-		ActiveIncidents:  0,
-		LastCheckTime:    nil,
-		ChecksPerMinute:  0,
-		Protocols:        make(map[storage.ServiceProtocolType]int),
-	}
-
-	// Calculate statistics
-	totalChecks := 0
-	upServices := 0
-	var lastCheckTime *time.Time
-	var totalResponseTimeMs int64
-	var responseTimeCount int64
-
-	for _, service := range services.Items {
-		if !service.IsEnabled {
-			continue
-		}
-
-		// Get service state
-		serviceState := stateMap[service.ID]
-
-		// Count by status
-		if serviceState != nil {
-			switch serviceState.Status {
-			case storage.StatusUp:
-				stats.ServicesUp++
-				upServices++
-			case storage.StatusDown:
-				stats.ServicesDown++
-			case storage.StatusUnknown:
-				stats.ServicesUnknown++
-			}
-
-			// Add response time to total (only from services that have response time data)
-			if serviceState.ResponseTimeNS != nil && *serviceState.ResponseTimeNS > 0 {
-				totalResponseTimeMs += *serviceState.ResponseTimeNS / 1000000 // Convert to milliseconds
-				responseTimeCount++
-			}
-			totalChecks += serviceState.TotalChecks
-
-			// Track last check time
-			if serviceState.LastCheck != nil {
-				if lastCheckTime == nil || serviceState.LastCheck.After(*lastCheckTime) {
-					lastCheckTime = serviceState.LastCheck
-				}
-			}
-		}
-
-		// Count by protocol
-		protocol := service.Protocol
-		if protocol == "" {
-			protocol = "unknown"
-		}
-		stats.Protocols[protocol]++
-	}
-
-	// Calculate averages
-	if upServices > 0 {
-		stats.UptimePercentage = float64(upServices) / float64(len(services.Items)) * 100
-	}
-	if responseTimeCount > 0 {
-		stats.AvgResponseTime = totalResponseTimeMs / responseTimeCount
-	}
-	stats.TotalChecks = totalChecks
-
-	// Count active incidents
-	stats.ActiveIncidents = int(activeIncidentsCount)
-
-	// Set last check time
-	stats.LastCheckTime = lastCheckTime
-
-	// Calculate checks per minute (estimate based on intervals)
-	checksPerMinute := 0
-	for _, service := range services.Items {
-		if !service.IsEnabled {
-			continue
-		}
-
-		if service.Interval > 0 {
-			checksPerMinute += int(time.Minute / service.Interval)
-		}
-	}
-	stats.ChecksPerMinute = checksPerMinute
-
-	return &stats, nil
-}
+// func (s *Server) getDashboardStats(ctx context.Context) (*DashboardStats, error) {
+// 	// Get all services with their states
+// 	services, err := s.baseServices.Services().GetAllEnabled(ctx)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	incidentsStatsData, err := s.baseServices.Incidents().Stats(ctx)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	servicesStatsData, err := s.baseServices.ServiceStates().Stats(ctx)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+
+// 	incidentsStats := incidentsStatsData.ToDomain()
+// 	servicesStats := servicesStatsData.ToDomain()
+
+// 	var totalUptimeAtomic atomic.Value
+// 	totalUptimeAtomic.Store(float64(0))
+
+// 	since := time.Now().AddDate(0, -1, 0)
+
+// 	eg, gCtx := errgroup.WithContext(ctx)
+// 	for _, svc := range services {
+// 		eg.Go(func() error {
+// 			svcIncidentsStatsData, err := s.baseServices.Incidents().StatsByServiceID(gCtx, svc.ID, since)
+// 			if err != nil {
+// 				return err
+// 			}
+
+// 			svcIncidentsStats := svcIncidentsStatsData.ToDomain()
+
+// 			totalUptimeAtomic.Store(totalUptimeAtomic.Load().(float64) + svcIncidentsStats.UptimePercentage30d)
+
+// 			return nil
+// 		})
+// 	}
+
+// 	if err := eg.Wait(); err != nil {
+// 		return nil, err
+// 	}
+
+// 	var avgUptime float64
+// 	totalUptime := totalUptimeAtomic.Load().(float64)
+// 	if totalUptime > 0 {
+// 		avgUptime = totalUptime / float64(len(services))
+// 	}
+
+// 	// Initialize stats
+// 	stats := DashboardStats{
+// 		TotalServices:    servicesStats.TotalServices,
+// 		ServicesUp:       servicesStats.ServicesUp,
+// 		ServicesDown:     servicesStats.ServicesDown,
+// 		ServicesUnknown:  servicesStats.ServicesUnknown,
+// 		UptimePercentage: avgUptime,
+// 		AvgResponseTime:  servicesStats.AvgResponseTime,
+// 		TotalChecks:      servicesStats.TotalChecks,
+// 		ActiveIncidents:  incidentsStats.UnresolvedIncidents,
+// 		ChecksPerMinute:  0,
+// 		Protocols:        make(map[models.ServiceProtocolType]int),
+// 	}
+
+// 	// Calculate statistics
+
+// 	for _, service := range services {
+// 		// Count by protocol
+// 		protocol := service.Protocol
+// 		if protocol == "" {
+// 			protocol = "unknown"
+// 		}
+
+// 		stats.Protocols[protocol]++
+// 	}
+
+// 	// Calculate checks per minute (estimate based on intervals)
+// 	var checksPerMinute int64
+// 	for _, service := range services {
+// 		if service.Interval > 0 {
+// 			checksPerMinute += int64(60000 / service.Interval)
+// 		}
+// 	}
+// 	stats.ChecksPerMinute = checksPerMinute
+
+// 	return &stats, nil
+// }
diff --git a/internal/web/info.go b/internal/web/info.go
deleted file mode 100644
index a6a1d37..0000000
--- a/internal/web/info.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package web
-
-type ServerInfo struct {
-	Version         string
-	CommitHash      string
-	BuildDate       string
-	GoVersion       string
-	SqliteVersion   string
-	OS              string
-	Arch            string
-	AvailableUpdate *AvailableUpdate
-}
-
-type AvailableUpdate struct {
-	IsAvailableManual bool   `json:"is_available_manual"`
-	TagName           string `json:"tag_name"`
-	URL               string `json:"url"`
-	Description       string `json:"description,omitempty"`
-}
diff --git a/internal/web/middlewares.go b/internal/web/middlewares.go
deleted file mode 100644
index 0558d3b..0000000
--- a/internal/web/middlewares.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package web
-
-import (
-	"strings"
-
-	"github.com/gofiber/contrib/websocket"
-	"github.com/gofiber/fiber/v2"
-	"github.com/gofiber/fiber/v2/middleware/basicauth"
-)
-
-// createBasicAuthMiddleware creates and configures basic authentication middleware
-func (s *Server) createBasicAuthMiddleware() fiber.Handler {
-	// Create users map from config
-	users := make(map[string]string)
-	for _, user := range s.config.Server.Auth.Users {
-		users[user.Username] = user.Password
-	}
-
-	return func(c *fiber.Ctx) error {
-		// Skip auth for WebSocket upgrade requests
-		if websocket.IsWebSocketUpgrade(c) {
-			return c.Next()
-		}
-
-		// Skip auth for health endpoints (optional)
-		if strings.HasPrefix(c.Path(), "/health") {
-			return c.Next()
-		}
-
-		// Apply basic auth
-		return basicauth.New(basicauth.Config{
-			Users: users,
-			Realm: "Sentinel Monitoring",
-			Authorizer: func(user, pass string) bool {
-				// Check if user exists and password matches
-				if storedPass, exists := users[user]; exists {
-					return storedPass == pass
-				}
-				return false
-			},
-		})(c)
-	}
-}
diff --git a/internal/web/release_checker.go b/internal/web/release_checker.go
index a1e6995..31f7ccb 100644
--- a/internal/web/release_checker.go
+++ b/internal/web/release_checker.go
@@ -1,157 +1,146 @@
 package web
 
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/Masterminds/semver/v3"
-)
-
 // checkNewVersion checks if a new version is available from github releases
-func (s *Server) checkNewVersionWrapper(ctx context.Context) {
-	ticker := time.NewTicker(time.Minute * 30)
-	defer ticker.Stop()
-
-	go func() {
-		if err := s.checkNewVersion(); err != nil {
-			s.logger.Errorf("failed to check for new version: %v", err)
-		}
-	}()
-
-	for {
-		select {
-		case <-ticker.C:
-			// Check for new version
-			if err := s.checkNewVersion(); err != nil {
-				s.logger.Errorf("failed to check for new version: %v", err)
-			}
-		case <-ctx.Done():
-			return
-		}
-	}
-}
+// func (s *Server) checkNewVersionWrapper(ctx context.Context) {
+// 	ticker := time.NewTicker(time.Hour * 1)
+// 	defer ticker.Stop()
+
+// 	go func() {
+// 		if err := s.checkNewVersion(); err != nil {
+// 			s.logger.Errorf("failed to check for new version: %v", err)
+// 		}
+// 	}()
+
+// 	for {
+// 		select {
+// 		case <-ticker.C:
+// 			// Check for new version
+// 			if err := s.checkNewVersion(); err != nil {
+// 				s.logger.Errorf("failed to check for new version: %v", err)
+// 			}
+// 		case <-ctx.Done():
+// 			return
+// 		}
+// 	}
+// }
 
 // checkNewVersion checks if new versions are available from GitHub releases
-func (s *Server) checkNewVersion() error {
-	s.logger.Info("Checking for new versions...")
-
-	// Get all releases from GitHub
-	httpClient := http.DefaultClient
-	httpClient.Timeout = time.Second * 10
-
-	// Get multiple pages of releases to ensure we don't miss any
-	resp, err := httpClient.Get("https://api.github.com/repos/sxwebdev/sentinel/releases?per_page=100")
-	if err != nil {
-		return nil
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return nil
-	}
-
-	var releases []struct {
-		TagName     string `json:"tag_name"`
-		Body        string `json:"body"`
-		PublishedAt string `json:"published_at"`
-		Draft       bool   `json:"draft"`
-		Prerelease  bool   `json:"prerelease"`
-	}
-	if err := json.NewDecoder(resp.Body).Decode(&releases); err != nil {
-		return nil
-	}
-
-	// Parse current version
-	var currentVersion *semver.Version
-
-	// Handle special cases like "local", "dev", etc.
-	if s.serverInfo.Version == "local" || s.serverInfo.Version == "dev" || s.serverInfo.Version == "" {
-		// For development versions, consider them as version 0.0.0
-		s.logger.Debugf("Development version detected (%s), treating as 0.0.0 for comparison", s.serverInfo.Version)
-		currentVersion, err = semver.NewVersion("0.0.0")
-	} else {
-		currentVersion, err = semver.NewVersion(s.serverInfo.Version)
-	}
-
-	if err != nil {
-		s.logger.Warnf("Failed to parse current version %s: %v", s.serverInfo.Version, err)
-		return nil
-	}
-
-	// Find newer releases (excluding drafts and prereleases)
-	var newerReleases []struct {
-		TagName     string
-		Body        string
-		PublishedAt string
-		Version     *semver.Version
-	}
-
-	for _, release := range releases {
-		// Skip drafts and prereleases
-		if release.Draft || release.Prerelease {
-			continue
-		}
-
-		// Parse release version
-		releaseVersion, err := semver.NewVersion(release.TagName)
-		if err != nil {
-			continue // Skip invalid version tags
-		}
-
-		// Check if release is newer than current version
-		if releaseVersion.GreaterThan(currentVersion) {
-			newerReleases = append(newerReleases, struct {
-				TagName     string
-				Body        string
-				PublishedAt string
-				Version     *semver.Version
-			}{
-				TagName:     release.TagName,
-				Body:        release.Body,
-				PublishedAt: release.PublishedAt,
-				Version:     releaseVersion,
-			})
-		}
-	}
-
-	// If no newer releases found, clear the update info
-	if len(newerReleases) == 0 {
-		s.serverInfo.AvailableUpdate = nil
-		return nil
-	}
-
-	// Get the latest version info
-	latestRelease := newerReleases[0]
-
-	// Combine descriptions from all newer releases
-	var combinedBody strings.Builder
-	combinedBody.WriteString(fmt.Sprintf("# Found %d newer version(s):\n\n", len(newerReleases)))
-
-	for idx, release := range newerReleases {
-		combinedBody.WriteString(fmt.Sprintf("## Version %s\n", release.TagName))
-		if release.Body != "" {
-			combinedBody.WriteString(release.Body)
-		} else {
-			combinedBody.WriteString("No release notes available.")
-		}
-
-		if idx < len(newerReleases)-1 {
-			combinedBody.WriteString("\n\n---\n\n")
-		}
-	}
-
-	s.logger.Infof("Found %d newer version(s), latest: %s", len(newerReleases), latestRelease.TagName)
-
-	s.serverInfo.AvailableUpdate = &AvailableUpdate{
-		IsAvailableManual: s.config.Upgrader.IsEnabled,
-		TagName:           latestRelease.TagName,
-		URL:               "https://github.com/sxwebdev/sentinel/releases/tag/" + latestRelease.TagName,
-		Description:       combinedBody.String(),
-	}
-
-	return nil
-}
+// func (s *Server) checkNewVersion() error {
+// 	s.logger.Info("Checking for new versions...")
+
+// 	// Get all releases from GitHub
+// 	httpClient := http.DefaultClient
+// 	httpClient.Timeout = time.Second * 10
+
+// 	// Get multiple pages of releases to ensure we don't miss any
+// 	resp, err := httpClient.Get("https://api.github.com/repos/sxwebdev/sentinel/releases?per_page=100")
+// 	if err != nil {
+// 		return nil
+// 	}
+// 	defer resp.Body.Close()
+
+// 	if resp.StatusCode != http.StatusOK {
+// 		return nil
+// 	}
+
+// 	var releases []struct {
+// 		TagName     string `json:"tag_name"`
+// 		Body        string `json:"body"`
+// 		PublishedAt string `json:"published_at"`
+// 		Draft       bool   `json:"draft"`
+// 		Prerelease  bool   `json:"prerelease"`
+// 	}
+// 	if err := json.NewDecoder(resp.Body).Decode(&releases); err != nil {
+// 		return nil
+// 	}
+
+// 	// Parse current version
+// 	var currentVersion *semver.Version
+
+// 	// Handle special cases like "local", "dev", etc.
+// 	if s.serverInfo.Version == "local" || s.serverInfo.Version == "dev" || s.serverInfo.Version == "" {
+// 		// For development versions, consider them as version 0.0.0
+// 		s.logger.Debugf("Development version detected (%s), treating as 0.0.0 for comparison", s.serverInfo.Version)
+// 		currentVersion, err = semver.NewVersion("0.0.0")
+// 	} else {
+// 		currentVersion, err = semver.NewVersion(s.serverInfo.Version)
+// 	}
+
+// 	if err != nil {
+// 		s.logger.Warnf("Failed to parse current version %s: %v", s.serverInfo.Version, err)
+// 		return nil
+// 	}
+
+// 	// Find newer releases (excluding drafts and prereleases)
+// 	var newerReleases []struct {
+// 		TagName     string
+// 		Body        string
+// 		PublishedAt string
+// 		Version     *semver.Version
+// 	}
+
+// 	for _, release := range releases {
+// 		// Skip drafts and prereleases
+// 		if release.Draft || release.Prerelease {
+// 			continue
+// 		}
+
+// 		// Parse release version
+// 		releaseVersion, err := semver.NewVersion(release.TagName)
+// 		if err != nil {
+// 			continue // Skip invalid version tags
+// 		}
+
+// 		// Check if release is newer than current version
+// 		if releaseVersion.GreaterThan(currentVersion) {
+// 			newerReleases = append(newerReleases, struct {
+// 				TagName     string
+// 				Body        string
+// 				PublishedAt string
+// 				Version     *semver.Version
+// 			}{
+// 				TagName:     release.TagName,
+// 				Body:        release.Body,
+// 				PublishedAt: release.PublishedAt,
+// 				Version:     releaseVersion,
+// 			})
+// 		}
+// 	}
+
+// 	// If no newer releases found, clear the update info
+// 	if len(newerReleases) == 0 {
+// 		s.serverInfo.AvailableUpdate = nil
+// 		return nil
+// 	}
+
+// 	// Get the latest version info
+// 	latestRelease := newerReleases[0]
+
+// 	// Combine descriptions from all newer releases
+// 	var combinedBody strings.Builder
+// 	combinedBody.WriteString(fmt.Sprintf("# Found %d newer version(s):\n\n", len(newerReleases)))
+
+// 	for idx, release := range newerReleases {
+// 		combinedBody.WriteString(fmt.Sprintf("## Version %s\n", release.TagName))
+// 		if release.Body != "" {
+// 			combinedBody.WriteString(release.Body)
+// 		} else {
+// 			combinedBody.WriteString("No release notes available.")
+// 		}
+
+// 		if idx < len(newerReleases)-1 {
+// 			combinedBody.WriteString("\n\n---\n\n")
+// 		}
+// 	}
+
+// 	s.logger.Infof("Found %d newer version(s), latest: %s", len(newerReleases), latestRelease.TagName)
+
+// 	s.serverInfo.AvailableUpdate = &models.AvailableUpdate{
+// 		IsAvailableManual: s.config.Upgrader.IsEnabled,
+// 		TagName:           latestRelease.TagName,
+// 		URL:               "https://github.com/sxwebdev/sentinel/releases/tag/" + latestRelease.TagName,
+// 		Description:       combinedBody.String(),
+// 	}
+
+// 	return nil
+// }
diff --git a/internal/web/responses.go b/internal/web/responses.go
deleted file mode 100644
index 3c8c74e..0000000
--- a/internal/web/responses.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package web
-
-import (
-	"errors"
-
-	"github.com/gofiber/fiber/v2"
-	"github.com/sxwebdev/sentinel/internal/storage"
-)
-
-// ErrorResponse represents an error response
-//
-//	@Description	Error response
-type ErrorResponse struct {
-	Error string `json:"error" example:"Error description"`
-}
-
-// newErrorResponse creates a new ErrorResponse and sends it as a JSON response
-func newErrorResponse(c *fiber.Ctx, status int, err error) error {
-	if errors.Is(err, storage.ErrNotFound) {
-		return c.Status(fiber.StatusNotFound).JSON(ErrorResponse{
-			Error: err.Error(),
-		})
-	}
-
-	if errors.Is(err, storage.ErrAlreadyExists) {
-		return c.Status(fiber.StatusConflict).JSON(ErrorResponse{
-			Error: err.Error(),
-		})
-	}
-
-	return c.Status(status).JSON(ErrorResponse{
-		Error: err.Error(),
-	})
-}
-
-// SuccessResponse represents a successful response
-//
-//	@Description	Successful response
-type SuccessResponse struct {
-	Message string `json:"message" example:"Operation completed successfully"`
-}
-
-// newSuccessResponse creates a new SuccessResponse and sends it as a JSON response
-func newSuccessResponse(c *fiber.Ctx, message string) error {
-	return c.Status(fiber.StatusOK).JSON(SuccessResponse{
-		Message: message,
-	})
-}
diff --git a/internal/web/stats.go b/internal/web/stats.go
deleted file mode 100644
index 0b64a8c..0000000
--- a/internal/web/stats.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package web
-
-import (
-	"github.com/gofiber/fiber/v2"
-)
-
-// handleAPIDashboardStats returns dashboard statistics
-//
-//	@Summary		Get dashboard statistics
-//	@Description	Returns statistics for the dashboard
-//	@Tags			dashboard
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	DashboardStats	"Dashboard statistics"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/dashboard/stats [get]
-func (s *Server) handleAPIDashboardStats(c *fiber.Ctx) error {
-	stats, err := s.getDashboardStats(c.Context())
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return c.JSON(stats)
-}
diff --git a/internal/web/tags.go b/internal/web/tags.go
deleted file mode 100644
index ecac484..0000000
--- a/internal/web/tags.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package web
-
-import (
-	"github.com/gofiber/fiber/v2"
-)
-
-// handleGetAllTags handles GET /api/v1/tags
-//
-//	@Summary		Get all tags
-//	@Description	Retrieves all unique tags used across services
-//	@Tags			tags
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{array}		string			"List of unique tags"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/tags [get]
-func (h *Server) handleGetAllTags(c *fiber.Ctx) error {
-	tags, err := h.storage.GetAllTags(c.Context())
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-	return c.JSON(tags)
-}
-
-// handleGetAllTagsWithCount handles GET /api/v1/tags/count
-//
-//	@Summary		Get all tags with usage count
-//	@Description	Retrieves all unique tags along with their usage count across services
-//	@Tags			tags
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	map[string]int	"Map of tags with their usage count"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/tags/count [get]
-func (h *Server) handleGetAllTagsWithCount(c *fiber.Ctx) error {
-	tagsWithCount, err := h.storage.GetAllTagsWithCount(c.Context())
-	if err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-	return c.JSON(tagsWithCount)
-}
diff --git a/internal/web/upgrade.go b/internal/web/upgrade.go
deleted file mode 100644
index 77a692c..0000000
--- a/internal/web/upgrade.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package web
-
-import (
-	"errors"
-
-	"github.com/gofiber/fiber/v2"
-)
-
-// manualUpgradeHandler handles manual upgrade requests
-//
-//	@Summary		Manual upgrade
-//	@Description	Triggers a manual upgrade of the server
-//	@Tags			server
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	SuccessResponse	"Upgrade initiated successfully"
-//	@Failure		500	{object}	ErrorResponse	"Internal server error"
-//	@Router			/server/upgrade [get]
-func (s *Server) handleManualUpgrade(c *fiber.Ctx) error {
-	if s.upgrader == nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, errors.New("upgrader service is not configured"))
-	}
-
-	if err := s.upgrader.Do(); err != nil {
-		return newErrorResponse(c, fiber.StatusInternalServerError, err)
-	}
-
-	return newSuccessResponse(c, "Upgrade initiated successfully. Please check the logs for details.")
-}
-
-type healthCheckResponse struct {
-	Status string `json:"status" example:"healthy"`
-}
-
-// healthCheckHandler handles health check requests
-//
-//	@Summary		Health check
-//	@Description	Checks the health of the server
-//	@Tags			server
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	healthCheckResponse	"Health check successful"
-//	@Failure		500	{object}	ErrorResponse		"Internal server error"
-//	@Router			/server/health [get]
-func (s *Server) handleHealthCheck(c *fiber.Ctx) error {
-	return c.Status(fiber.StatusOK).JSON(healthCheckResponse{
-		Status: "healthy",
-	})
-}
diff --git a/internal/web/websockets.go b/internal/web/websockets.go
deleted file mode 100644
index a4977ed..0000000
--- a/internal/web/websockets.go
+++ /dev/null
@@ -1,232 +0,0 @@
-package web
-
-import (
-	"context"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/gofiber/contrib/websocket"
-	"github.com/sxwebdev/sentinel/internal/receiver"
-)
-
-type websocketEvent struct {
-	Type      string `json:"type"`
-	Timestamp int64  `json:"timestamp"`
-	Data      any    `json:"data"`
-}
-
-// handleWebSocket handles WebSocket connections
-func (s *Server) handleWebSocket(c *websocket.Conn) {
-	s.logger.Debugf("WebSocket: new connection from %s", c.RemoteAddr())
-
-	// Add connection to the map
-	s.wsMutex.Lock()
-	s.wsConnections[c] = true
-	connectionCount := len(s.wsConnections)
-	s.wsMutex.Unlock()
-
-	s.logger.Debugf("WebSocket: total connections: %d", connectionCount)
-
-	// Remove connection when it closes
-	defer func() {
-		// Recover from potential panic to ensure cleanup
-		if r := recover(); r != nil {
-			s.logger.Errorf("WebSocket: panic recovered: %v", r)
-		}
-
-		s.wsMutex.Lock()
-		delete(s.wsConnections, c)
-		remainingConnections := len(s.wsConnections)
-		s.wsMutex.Unlock()
-		c.Close()
-
-		s.logger.Debugf("WebSocket: connection closed, remaining connections: %d", remainingConnections)
-	}()
-
-	// Set read timeout to prevent goroutine from hanging forever
-	c.SetReadDeadline(time.Now().Add(60 * time.Second))
-
-	// Set pong handler to handle ping/pong for keepalive
-	c.SetPongHandler(func(appData string) error {
-		c.SetReadDeadline(time.Now().Add(60 * time.Second))
-		return nil
-	})
-
-	// Keep connection alive and handle messages
-	for {
-		// Set read deadline for each message to prevent hanging
-		c.SetReadDeadline(time.Now().Add(60 * time.Second))
-
-		_, _, err := c.ReadMessage()
-		if err != nil {
-			if !strings.Contains(err.Error(), "close 1001") &&
-				!strings.Contains(err.Error(), "timeout") &&
-				!websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseAbnormalClosure) {
-				s.logger.Errorf("WebSocket: read error: %v", err)
-			}
-			break
-		}
-
-		// Reset read deadline after successful read
-		c.SetReadDeadline(time.Now().Add(60 * time.Second))
-	}
-}
-
-// BroadcastServiceUpdate sends service updates to all connected WebSocket clients
-func (s *Server) broadcastServiceTriggered(data receiver.TriggerServiceData) error {
-	if s.storage == nil {
-		return nil
-	}
-
-	svc := ServiceDTO{
-		ID: data.Svc.ID,
-	}
-
-	var err error
-	if data.EventType != receiver.TriggerServiceEventTypeDeleted {
-		svc, err = convertServiceToDTO(data.Svc)
-		if err != nil {
-			return fmt.Errorf("failed to convert service to DTO: %w", err)
-		}
-	}
-
-	update := websocketEvent{
-		Type:      "service_" + data.EventType.String(),
-		Data:      svc,
-		Timestamp: time.Now().Unix(),
-	}
-
-	s.wsMutex.Lock()
-	defer s.wsMutex.Unlock()
-
-	// Send to all connections and handle errors
-	activeConnections := 0
-	var connectionsToRemove []*websocket.Conn
-
-	for conn := range s.wsConnections {
-		// Set write deadline to prevent hanging
-		conn.SetWriteDeadline(time.Now().Add(5 * time.Second))
-
-		if err := conn.WriteJSON(update); err != nil {
-			s.logger.Errorf("WebSocket broadcast error: failed to send to connection: %v", err)
-			connectionsToRemove = append(connectionsToRemove, conn)
-		} else {
-			activeConnections++
-		}
-	}
-
-	// Remove failed connections outside the range loop to avoid map modification during iteration
-	for _, conn := range connectionsToRemove {
-		delete(s.wsConnections, conn)
-		conn.Close()
-	}
-
-	// if activeConnections > 0 {
-	// 	fmt.Printf("WebSocket broadcast: sent update to %d connections\n", activeConnections)
-	// }
-
-	return nil
-}
-
-// broadcastStatsUpdate sends dashboard statistics updates to all connected WebSocket clients
-func (s *Server) broadcastStatsUpdate(ctx context.Context) error {
-	if s.storage == nil {
-		return nil
-	}
-
-	stats, err := s.getDashboardStats(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to get dashboard stats: %w", err)
-	}
-
-	update := websocketEvent{
-		Type:      "stats_update",
-		Data:      stats,
-		Timestamp: time.Now().Unix(),
-	}
-
-	s.wsMutex.Lock()
-	defer s.wsMutex.Unlock()
-
-	// Send to all connections and handle errors
-	activeConnections := 0
-	var connectionsToRemove []*websocket.Conn
-
-	for conn := range s.wsConnections {
-		// Set write deadline to prevent hanging
-		conn.SetWriteDeadline(time.Now().Add(5 * time.Second))
-
-		if err := conn.WriteJSON(update); err != nil {
-			s.logger.Errorf("WebSocket broadcast error: failed to send stats update: %v", err)
-			connectionsToRemove = append(connectionsToRemove, conn)
-		} else {
-			activeConnections++
-		}
-	}
-
-	// Remove failed connections outside the range loop to avoid map modification during iteration
-	for _, conn := range connectionsToRemove {
-		delete(s.wsConnections, conn)
-		conn.Close()
-	}
-
-	return nil
-}
-
-func (s *Server) subscribeEvents(ctx context.Context) error {
-	broker := s.receiver.TriggerService()
-	sub := broker.Subscribe()
-
-	if sub == nil {
-		return fmt.Errorf("failed to subscribe to service updates broker")
-	}
-
-	// Ensure unsubscription happens even if panic occurs
-	defer func() {
-		if r := recover(); r != nil {
-			s.logger.Errorf("WebSocket subscribeEvents panic recovered: %v", r)
-		}
-		broker.Unsubscribe(sub)
-	}()
-
-	// Use a ticker for periodic cleanup and health checks
-	ticker := time.NewTicker(30 * time.Second)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case data, ok := <-sub:
-			if !ok {
-				// Channel closed, exit gracefully
-				return nil
-			}
-
-			// reset ticker
-			ticker.Reset(30 * time.Second)
-
-			if s.storage == nil ||
-				data.EventType == receiver.TriggerServiceEventTypeCheck ||
-				data.EventType == receiver.TriggerServiceEventTypeUnknown {
-				continue
-			}
-
-			// Broadcast service triggered event
-			if err := s.broadcastServiceTriggered(data); err != nil {
-				s.logger.Errorf("WebSocket broadcast error: %v", err)
-			}
-
-			// Broadcast stats update
-			if err := s.broadcastStatsUpdate(ctx); err != nil {
-				s.logger.Errorf("WebSocket broadcast error: %v", err)
-			}
-
-		case <-ticker.C:
-			// Periodic cleanup of dead connections (commented out for now)
-			// Can be implemented if needed for additional cleanup logic
-
-		case <-ctx.Done():
-			return nil
-		}
-	}
-}
diff --git a/pgxgen.yaml b/pgxgen.yaml
new file mode 100644
index 0000000..7bf09d3
--- /dev/null
+++ b/pgxgen.yaml
@@ -0,0 +1,375 @@
+version: 1
+sqlc:
+  - schema_dir: sql/migrations
+    models:
+      replace_sqlc_nullable_types: true
+      move:
+        output_dir: internal/models
+        output_file_name: models_gen.go
+        package_name: models
+        package_path: github.com/sxwebdev/sentinel/internal/models
+        imports:
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: NotificationProviderType
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: AgentStatusType
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: ProjectSettings
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: AgentKindType
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: Tags
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: AgentConfig
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: ResourcePayload
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: ResourceKindType
+          - path: github.com/sxwebdev/sentinel/internal/models
+            go_type: UserRole
+    crud:
+      auto_remove_generated_files: true
+      exclude_table_name_from_methods: true
+      tables:
+        # users
+        users:
+          output_dir: sql/queries/users
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            update:
+              skip_columns:
+                - id
+                - password
+                - role
+                - created_at
+              returning: "*"
+              column_values:
+                updated_at: CURRENT_TIMESTAMP
+            delete:
+            get:
+              name: GetByID
+
+        # projects
+        projects:
+          output_dir: sql/queries/projects
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            update:
+              skip_columns:
+                - id
+                - created_at
+              returning: "*"
+              column_values:
+                updated_at: CURRENT_TIMESTAMP
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # agents
+        agents:
+          output_dir: sql/queries/agents
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - fingerprint
+                - status
+                - system_info
+                - last_seen_at
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+              where:
+                project_id:
+            get:
+              name: GetByID
+
+        # resources
+        resources:
+          output_dir: sql/queries/resources
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+              where:
+                project_id:
+
+        # resource_agents
+        resource_agents:
+          output_dir: sql/queries/resource_agents
+          primary_column: id
+          methods:
+            create:
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # monitor_agents
+        monitor_agents:
+          output_dir: sql/queries/monitor_agents
+          primary_column: id
+          methods:
+            create:
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # monitors
+        monitors:
+          output_dir: sql/queries/monitors
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # monitor_revisions
+        monitor_revisions:
+          output_dir: sql/queries/monitor_revisions
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # monitor_checks
+        monitor_checks:
+          output_dir: sql/queries/monitor_checks
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # monitor_states
+        monitor_states:
+          output_dir: sql/queries/monitor_states
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # incidents
+        incidents:
+          output_dir: sql/queries/incidents
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - duration
+                - started_at
+                - resolved_at
+                - updated_at
+                - created_at
+              returning: "*"
+              column_values:
+                error: sqlc.arg(incident_error)
+            delete:
+            get:
+              name: GetByID
+
+        # incident_events
+        incident_events:
+          output_dir: sql/queries/incident_events
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # notification_providers
+        notification_providers:
+          output_dir: sql/queries/notification_providers
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+              where:
+                project_id:
+
+        # notification_history
+        notification_history:
+          output_dir: sql/queries/notification_history
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - status
+                - response
+                - attempts
+                - error_message
+                - last_attempt_at
+                - sent_at
+                - created_at
+                - updated_at
+              returning: "*"
+
+        # alert_policies
+        alert_policies:
+          output_dir: sql/queries/alert_policies
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # alerts
+        alerts:
+          output_dir: sql/queries/alerts
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+        # maintenance_windows
+        maintenance_windows:
+          output_dir: sql/queries/maintenance_windows
+          primary_column: id
+          methods:
+            create:
+              skip_columns:
+                - created_at
+                - updated_at
+              returning: "*"
+            delete:
+            get:
+              name: GetByID
+            find:
+              name: GetAll
+
+    constants:
+      tables:
+        projects:
+          output_dir: internal/store/repos/repo_projects
+          include_column_names: true
+        agents:
+          output_dir: internal/store/repos/repo_agents
+          include_column_names: true
+        resources:
+          output_dir: internal/store/repos/repo_resources
+          include_column_names: true
+        resource_agents:
+          output_dir: internal/store/repos/repo_resource_agents
+          include_column_names: true
+        monitor_agents:
+          output_dir: internal/store/repos/repo_monitor_agents
+          include_column_names: true
+        monitors:
+          output_dir: internal/store/repos/repo_monitors
+          include_column_names: true
+        monitor_revisions:
+          output_dir: internal/store/repos/repo_monitor_revisions
+          include_column_names: true
+        monitor_states:
+          output_dir: internal/store/repos/repo_monitor_states
+          include_column_names: true
+        monitor_checks:
+          output_dir: internal/store/repos/repo_monitor_checks
+          include_column_names: true
+        incidents:
+          output_dir: internal/store/repos/repo_incidents
+          include_column_names: true
+        incident_events:
+          output_dir: internal/store/repos/repo_incident_events
+          include_column_names: true
+        notification_providers:
+          output_dir: internal/store/repos/repo_notification_providers
+          include_column_names: true
+        notification_history:
+          output_dir: internal/store/repos/repo_notification_history
+          include_column_names: true
+        alert_policies:
+          output_dir: internal/store/repos/repo_alert_policies
+          include_column_names: true
+        alerts:
+          output_dir: internal/store/repos/repo_alerts
+          include_column_names: true
+        maintenance_windows:
+          output_dir: internal/store/repos/repo_maintenance_windows
+          include_column_names: true
diff --git a/pkg/locker/locker.go b/pkg/locker/locker.go
new file mode 100644
index 0000000..6edb5f1
--- /dev/null
+++ b/pkg/locker/locker.go
@@ -0,0 +1,31 @@
+package locker
+
+import "sync"
+
+type Locker[T any] struct {
+	mu   *sync.RWMutex
+	item T
+}
+
+func New[T any](item T) *Locker[T] {
+	return &Locker[T]{
+		mu:   &sync.RWMutex{},
+		item: item,
+	}
+}
+
+// Get returns the locked item
+func (l *Locker[T]) Get() T {
+	l.mu.RLock()
+	defer l.mu.RUnlock()
+
+	return l.item
+}
+
+// Set sets the locked item
+func (l *Locker[T]) Set(item T) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	l.item = item
+}
diff --git a/pkg/loop/loop.go b/pkg/loop/loop.go
new file mode 100644
index 0000000..e09e752
--- /dev/null
+++ b/pkg/loop/loop.go
@@ -0,0 +1,120 @@
+package loop
+
+import (
+	"context"
+	"runtime/debug"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+type Loop struct {
+	options Options
+
+	running atomic.Bool
+	stopped atomic.Bool
+	wg      sync.WaitGroup
+	cancel  context.CancelFunc
+
+	fn func(context.Context)
+}
+
+func New(fn func(context.Context), opts ...Option) *Loop {
+	if fn == nil {
+		panic("function cannot be nil")
+	}
+
+	options := Options{
+		period:         time.Second * 60,
+		contextTimeout: time.Second * 30,
+		logger:         &emptyLogger{},
+	}
+
+	for _, o := range opts {
+		o(&options)
+	}
+
+	return &Loop{
+		options: options,
+		fn:      fn,
+	}
+}
+
+func (l *Loop) Start(parent context.Context) {
+	ctx, cancel := context.WithCancel(parent)
+	l.cancel = cancel
+
+	// Run immediately if leading is true
+	if l.options.leading {
+		l.tryRun(ctx, l.fn)
+	}
+
+	l.wg.Go(func() {
+		t := time.NewTicker(l.options.period)
+		defer t.Stop()
+
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-t.C:
+				if l.stopped.Load() {
+					return
+				}
+				l.tryRun(ctx, l.fn)
+			}
+		}
+	})
+}
+
+// Trigger triggers the loop to run the provided function immediately if not already running
+func (l *Loop) Trigger(ctx context.Context) bool {
+	return l.tryRun(ctx, l.fn)
+}
+
+// Stop stops the loop
+func (l *Loop) Stop() {
+	if l.stopped.Swap(true) {
+		return
+	}
+	if l.cancel != nil {
+		l.cancel()
+	}
+}
+
+// Wait waits for all running operations to complete (graceful shutdown)
+func (l *Loop) Wait() {
+	l.wg.Wait()
+}
+
+// tryRun tries to run a function within the loop's context
+func (l *Loop) tryRun(parent context.Context, fn func(context.Context)) bool {
+	if l.stopped.Load() {
+		return false
+	}
+	if !l.running.CompareAndSwap(false, true) {
+		return false
+	}
+
+	l.wg.Go(func() {
+		now := time.Now()
+		defer func() {
+			if r := recover(); r != nil {
+				l.options.logger.Errorf("panic recovered in loop: %v\n%s", r, debug.Stack())
+			}
+			l.running.Store(false)
+			l.options.logger.Debugf("loop iteration took %s", time.Since(now))
+		}()
+
+		ctx := parent
+		var cancel context.CancelFunc
+		if l.options.contextTimeout > 0 {
+			ctx, cancel = context.WithTimeout(parent, l.options.contextTimeout)
+			defer cancel()
+		}
+
+		fn(ctx)
+	})
+
+	return true
+}
diff --git a/pkg/loop/options.go b/pkg/loop/options.go
new file mode 100644
index 0000000..02861e7
--- /dev/null
+++ b/pkg/loop/options.go
@@ -0,0 +1,46 @@
+package loop
+
+import "time"
+
+type Options struct {
+	logger         logger
+	leading        bool
+	period         time.Duration
+	contextTimeout time.Duration
+}
+
+type Option func(*Options)
+
+// WithLogger sets the logger for the loop.
+func WithLogger(logger logger) Option {
+	return func(o *Options) {
+		if logger == nil {
+			return
+		}
+		o.logger = logger
+	}
+}
+
+// WithLeading sets the loop to execute the task immediately upon starting.
+func WithLeading() Option {
+	return func(o *Options) {
+		o.leading = true
+	}
+}
+
+// WithPeriod sets the period for the loop execution.
+func WithPeriod(d time.Duration) Option {
+	return func(o *Options) {
+		if d <= 0 {
+			return
+		}
+		o.period = d
+	}
+}
+
+// WithContextTimeout sets a timeout for the context passed to the task function.
+func WithContextTimeout(d time.Duration) Option {
+	return func(o *Options) {
+		o.contextTimeout = d
+	}
+}
diff --git a/pkg/loop/type.go b/pkg/loop/type.go
new file mode 100644
index 0000000..d357aba
--- /dev/null
+++ b/pkg/loop/type.go
@@ -0,0 +1,13 @@
+package loop
+
+type logger interface {
+	Debugf(format string, args ...any)
+	Errorf(format string, args ...any)
+}
+
+type emptyLogger struct{}
+
+func (l *emptyLogger) Debugf(format string, args ...any) {}
+func (l *emptyLogger) Errorf(format string, args ...any) {}
+
+var _ logger = (*emptyLogger)(nil)
diff --git a/pkg/migrator/apply.go b/pkg/migrator/apply.go
new file mode 100644
index 0000000..11fee25
--- /dev/null
+++ b/pkg/migrator/apply.go
@@ -0,0 +1,91 @@
+package migrator
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+)
+
+type applyMigrationType int
+
+const (
+	applyMigrationTypeUp applyMigrationType = iota
+	applyMigrationTypeDown
+)
+
+// string returns the string representation of the applyMigrationType
+func (at applyMigrationType) String() string {
+	switch at {
+	case applyMigrationTypeUp:
+		return "up"
+	case applyMigrationTypeDown:
+		return "down"
+	default:
+		return "unknown"
+	}
+}
+
+// applyMigration runs a single migration
+func (m *Service) applyMigration(ctx context.Context, db *sql.DB, at applyMigrationType, migration migration) error {
+	sql := migration.upSQL
+	if at == applyMigrationTypeDown {
+		sql = migration.downSQL
+	}
+
+	m.info("applying migration %s version %d", at.String(), migration.version)
+
+	// Start transaction
+	tx, err := db.Begin()
+	if err != nil {
+		return fmt.Errorf("failed to begin transaction: %w", err)
+	}
+	defer tx.Rollback()
+
+	// Run Before hook
+	if at == applyMigrationTypeUp && migration.beforeUpFn != nil {
+		if err := migration.beforeUpFn(ctx, tx); err != nil {
+			return fmt.Errorf("before up hook failed: %w", err)
+		}
+	} else if at == applyMigrationTypeDown && migration.beforeDownFn != nil {
+		if err := migration.beforeDownFn(ctx, tx); err != nil {
+			return fmt.Errorf("before down hook failed: %w", err)
+		}
+	}
+
+	// Execute migration SQL
+	if _, err := tx.Exec(sql); err != nil {
+		return fmt.Errorf("failed to execute migration SQL: %w", err)
+	}
+
+	// Run After hook
+	if at == applyMigrationTypeUp && migration.afterUpFn != nil {
+		if err := migration.afterUpFn(ctx, tx); err != nil {
+			return fmt.Errorf("after up hook failed: %w", err)
+		}
+	} else if at == applyMigrationTypeDown && migration.afterDownFn != nil {
+		if err := migration.afterDownFn(ctx, tx); err != nil {
+			return fmt.Errorf("after down hook failed: %w", err)
+		}
+	}
+
+	// Record migration version
+	switch at {
+	case applyMigrationTypeUp:
+		if _, err := tx.Exec("INSERT INTO schema_version (version) VALUES (?)", migration.version); err != nil {
+			return fmt.Errorf("failed to record migration version: %w", err)
+		}
+	case applyMigrationTypeDown:
+		if _, err := tx.Exec("DELETE FROM schema_version WHERE version = ?", migration.version); err != nil {
+			return fmt.Errorf("failed to remove migration version record: %w", err)
+		}
+	default:
+		return fmt.Errorf("unknown apply type: %d", at)
+	}
+
+	// Commit transaction
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("failed to commit migration: %w", err)
+	}
+
+	return nil
+}
diff --git a/pkg/migrator/cli.go b/pkg/migrator/cli.go
new file mode 100644
index 0000000..8ac34fb
--- /dev/null
+++ b/pkg/migrator/cli.go
@@ -0,0 +1,108 @@
+package migrator
+
+import (
+	"context"
+	"embed"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/urfave/cli/v3"
+)
+
+// CliCmd returns a cli.Command for managing database migrations.
+func CliCmd(l logger, fs embed.FS, migrationsPath string, opsmigrations DataMigrations) *cli.Command {
+	return &cli.Command{
+		Name:  "migrations",
+		Usage: "manage database migrations",
+		Commands: []*cli.Command{
+			{
+				Name:  "create",
+				Usage: "create a new database migration",
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "name",
+						Aliases:  []string{"n"},
+						Usage:    "name of the migration",
+						Required: true,
+					},
+					&cli.StringFlag{
+						Name:     "migrations-path",
+						Aliases:  []string{"p"},
+						Usage:    "path to the migrations folder",
+						Required: true,
+					},
+				},
+				Action: func(ctx context.Context, cl *cli.Command) error {
+					name := cl.String("name")
+					path := cl.String("migrations-path")
+
+					// check if path exists, if not create it
+					if _, err := os.Stat(path); os.IsNotExist(err) {
+						if err := os.MkdirAll(path, 0o700); err != nil {
+							return fmt.Errorf("failed to create migrations dir: %w", err)
+						}
+					}
+
+					// get max version from existing migrations
+					maxVersion, err := GetMaxVersion(path)
+					if err != nil {
+						return fmt.Errorf("failed to get max version: %w", err)
+					}
+
+					nextVersion := maxVersion + 1
+
+					upFile := filepath.Join(path, fmt.Sprintf("%d_%s.up.sql", nextVersion, name))
+					downFile := filepath.Join(path, fmt.Sprintf("%d_%s.down.sql", nextVersion, name))
+
+					upContent := "-- SQL in section 'Up' is executed when this migration is applied.\n\n"
+					downContent := "-- SQL in section 'Down' is executed when this migration is rolled back.\n\n"
+
+					if err := os.WriteFile(upFile, []byte(upContent), 0o644); err != nil {
+						return fmt.Errorf("failed to create up migration file: %w", err)
+					}
+
+					if err := os.WriteFile(downFile, []byte(downContent), 0o644); err != nil {
+						return fmt.Errorf("failed to create down migration file: %w", err)
+					}
+
+					fmt.Printf("Created migration files:\n%s\n%s\n", upFile, downFile)
+
+					return nil
+				},
+			},
+			{
+				Name:  "up",
+				Usage: "apply the next database migrations",
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "db-path",
+						Aliases:  []string{"dp"},
+						Usage:    "path to database file",
+						Required: true,
+					},
+				},
+				Action: func(ctx context.Context, cl *cli.Command) error {
+					m := New(l, fs, migrationsPath, opsmigrations)
+					return m.MigrateUpAll(ctx, cl.String("db-path"))
+				},
+			},
+			{
+				Name:  "down",
+				Usage: "roll back the last database migration",
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "db-path",
+						Aliases:  []string{"dp"},
+						Usage:    "path to database file",
+						Required: true,
+					},
+				},
+				Action: func(ctx context.Context, cl *cli.Command) error {
+					m := New(l, fs, migrationsPath, opsmigrations)
+					return m.MigrateDown(ctx, cl.String("db-path"))
+				},
+			},
+		},
+	}
+}
diff --git a/pkg/migrator/db.go b/pkg/migrator/db.go
new file mode 100644
index 0000000..2aa6075
--- /dev/null
+++ b/pkg/migrator/db.go
@@ -0,0 +1,25 @@
+package migrator
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+
+	"github.com/sxwebdev/sentinel/pkg/sqlite"
+	_ "modernc.org/sqlite"
+)
+
+func initDatabase(dbPath string) (*sql.DB, error) {
+	// check if db file exists
+	if _, err := os.Stat(dbPath); os.IsNotExist(err) {
+		return nil, fmt.Errorf("database file does not exist: %w", err)
+	}
+
+	dsn := sqlite.GetDSN(dbPath)
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open database: %w", err)
+	}
+
+	return db, nil
+}
diff --git a/pkg/migrator/down.go b/pkg/migrator/down.go
new file mode 100644
index 0000000..7e9e279
--- /dev/null
+++ b/pkg/migrator/down.go
@@ -0,0 +1,46 @@
+package migrator
+
+import (
+	"context"
+	"fmt"
+)
+
+// MigrateDown rolls back the last applied migration
+func (m *Service) MigrateDown(ctx context.Context, dbPath string) error {
+	migrations, err := m.load()
+	if err != nil {
+		return fmt.Errorf("failed to load migrations: %w", err)
+	}
+
+	db, err := initDatabase(dbPath)
+	if err != nil {
+		return fmt.Errorf("failed to initialize database: %w", err)
+	}
+	defer db.Close()
+
+	// Get current schema version
+	currentVersion, err := GetCurrentSchemaVersion(db)
+	if err != nil {
+		return fmt.Errorf("failed to get current schema version: %w", err)
+	}
+
+	// Find the migration to roll back
+	var migrationToRollback *migration
+	for i := len(migrations) - 1; i >= 0; i-- {
+		if migrations[i].version == currentVersion {
+			migrationToRollback = &migrations[i]
+			break
+		}
+	}
+
+	if migrationToRollback == nil {
+		return fmt.Errorf("no migration found to roll back for version %d", currentVersion)
+	}
+
+	// Run the rollback
+	if err := m.applyMigration(ctx, db, applyMigrationTypeDown, *migrationToRollback); err != nil {
+		return fmt.Errorf("failed to roll back migration %d: %w", migrationToRollback.version, err)
+	}
+
+	return nil
+}
diff --git a/pkg/migrator/migrations.go b/pkg/migrator/migrations.go
new file mode 100644
index 0000000..740d946
--- /dev/null
+++ b/pkg/migrator/migrations.go
@@ -0,0 +1,123 @@
+package migrator
+
+import (
+	"embed"
+	"fmt"
+	"path/filepath"
+	"regexp"
+	"sort"
+)
+
+type Service struct {
+	logger         logger
+	fs             embed.FS
+	migrationsPath string
+	opsmigrations  DataMigrations
+}
+
+func New(logger logger, fs embed.FS, migrationsPath string, opsmigrations DataMigrations) *Service {
+	return &Service{
+		logger:         logger,
+		fs:             fs,
+		migrationsPath: migrationsPath,
+		opsmigrations:  opsmigrations,
+	}
+}
+
+func (m *Service) info(format string, args ...any) {
+	if m.logger != nil {
+		m.logger.Infof(format, args...)
+	}
+}
+
+func (m *Service) load() ([]migration, error) {
+	// read all migration files from the embedded filesystem
+	entries, err := m.fs.ReadDir(m.migrationsPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read embedded migrations: %v", err)
+	}
+
+	// clear existing migrationsMap to replace with embedded ones
+	migrationsMap := map[int]migration{}
+
+	// regex to parse filenames like: 1_init_repo.up.sql or 2_added_users.down.sql
+	migRe := regexp.MustCompile(`^(\d+)_([^.]+)\.(up|down)\.sql$`)
+
+	for _, file := range entries {
+		if file.IsDir() {
+			continue
+		}
+
+		// parse file name to get version, name and direction
+		matches := migRe.FindStringSubmatch(file.Name())
+		if matches == nil || len(matches) != 4 {
+			return nil, fmt.Errorf("failed to parse migration file name %s: unexpected format", file.Name())
+		}
+
+		// extract parts
+		var version int
+		if _, err := fmt.Sscanf(matches[1], "%d", &version); err != nil {
+			return nil, fmt.Errorf("failed to parse migration version from %s: %v", file.Name(), err)
+		}
+		name := matches[2]
+		direction := matches[3]
+
+		// read migration SQL from file
+		fullPath := filepath.Join(m.migrationsPath, file.Name())
+		data, err := m.fs.ReadFile(fullPath)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read migration file %s: %v", file.Name(), err)
+		}
+
+		// create migration entry if not exists
+		item, exists := migrationsMap[version]
+		if !exists {
+			migrationsMap[version] = migration{
+				name: name,
+			}
+		}
+
+		switch direction {
+		case "up":
+			item.upSQL = string(data)
+		case "down":
+			item.downSQL = string(data)
+		default:
+			return nil, fmt.Errorf("invalid migration direction in file %s", file.Name())
+		}
+
+		migrationsMap[version] = item
+	}
+
+	// convert map to slice and sort by version
+	migrationsSlice := make([]migration, 0, len(migrationsMap))
+	for version, item := range migrationsMap {
+		migrationsSlice = append(migrationsSlice, migration{
+			version: version,
+			name:    item.name,
+			upSQL:   item.upSQL,
+			downSQL: item.downSQL,
+		})
+	}
+
+	// sort migrations by version
+	sort.Slice(migrationsSlice, func(i, j int) bool {
+		return migrationsSlice[i].version < migrationsSlice[j].version
+	})
+
+	// merge operational migrations by version
+	for _, opMig := range m.opsmigrations {
+		for i, mig := range migrationsSlice {
+			if mig.version == opMig.Version {
+				// merge hooks
+				migrationsSlice[i].beforeUpFn = opMig.BeforeUpFn
+				migrationsSlice[i].afterUpFn = opMig.AfterUpFn
+				migrationsSlice[i].beforeDownFn = opMig.BeforeDownFn
+				migrationsSlice[i].afterDownFn = opMig.AfterDownFn
+				break
+			}
+		}
+	}
+
+	return migrationsSlice, nil
+}
diff --git a/pkg/migrator/schema.go b/pkg/migrator/schema.go
new file mode 100644
index 0000000..d17c5f7
--- /dev/null
+++ b/pkg/migrator/schema.go
@@ -0,0 +1,21 @@
+package migrator
+
+import "database/sql"
+
+// schemaVersionTable creates the schema version tracking table
+const schemaVersionTable = `
+CREATE TABLE IF NOT EXISTS schema_version (
+	version INTEGER PRIMARY KEY,
+	applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+`
+
+// GetCurrentSchemaVersion gets the current schema version from the database
+func GetCurrentSchemaVersion(db *sql.DB) (int, error) {
+	var version int
+	err := db.QueryRow("SELECT COALESCE(MAX(version), 0) FROM schema_version").Scan(&version)
+	if err != nil {
+		return 0, err
+	}
+	return version, nil
+}
diff --git a/pkg/migrator/types.go b/pkg/migrator/types.go
new file mode 100644
index 0000000..c691aad
--- /dev/null
+++ b/pkg/migrator/types.go
@@ -0,0 +1,34 @@
+package migrator
+
+import (
+	"context"
+	"database/sql"
+)
+
+type logger interface {
+	Infof(format string, args ...any)
+	Errorf(format string, args ...any)
+}
+
+type migration struct {
+	version int
+	name    string
+	upSQL   string
+	downSQL string
+
+	beforeUpFn   func(context.Context, *sql.Tx) error
+	afterUpFn    func(context.Context, *sql.Tx) error
+	beforeDownFn func(context.Context, *sql.Tx) error
+	afterDownFn  func(context.Context, *sql.Tx) error
+}
+
+type DataMigration struct {
+	Version int
+	// Hooks
+	BeforeUpFn   func(context.Context, *sql.Tx) error
+	AfterUpFn    func(context.Context, *sql.Tx) error
+	BeforeDownFn func(context.Context, *sql.Tx) error
+	AfterDownFn  func(context.Context, *sql.Tx) error
+}
+
+type DataMigrations []DataMigration
diff --git a/pkg/migrator/up.go b/pkg/migrator/up.go
new file mode 100644
index 0000000..cc79735
--- /dev/null
+++ b/pkg/migrator/up.go
@@ -0,0 +1,55 @@
+package migrator
+
+import (
+	"context"
+	"fmt"
+)
+
+// MigrateUpAll runs all pending database migrations
+func (m *Service) MigrateUpAll(ctx context.Context, dbPath string) error {
+	m.info("applying all migrations")
+
+	migrations, err := m.load()
+	if err != nil {
+		return fmt.Errorf("failed to load migrations: %w", err)
+	}
+
+	db, err := initDatabase(dbPath)
+	if err != nil {
+		return fmt.Errorf("failed to initialize database: %w", err)
+	}
+	defer db.Close()
+
+	// Create schema version table if it doesn't exist
+	if _, err := db.Exec(schemaVersionTable); err != nil {
+		return fmt.Errorf("failed to create schema version table: %w", err)
+	}
+
+	// Get current schema version
+	currentVersion, err := GetCurrentSchemaVersion(db)
+	if err != nil {
+		return fmt.Errorf("failed to get current schema version: %w", err)
+	}
+
+	m.info("current schema version: %d", currentVersion)
+
+	var appliedMigrationsCount int
+
+	// Run pending migrations
+	for _, migration := range migrations {
+		if migration.version > currentVersion {
+			if err := m.applyMigration(ctx, db, applyMigrationTypeUp, migration); err != nil {
+				return fmt.Errorf("failed to run migration %d: %w", migration.version, err)
+			}
+			appliedMigrationsCount++
+		}
+	}
+
+	if appliedMigrationsCount == 0 {
+		m.info("no new migrations to apply")
+	} else {
+		m.info("applied %d new migrations", appliedMigrationsCount)
+	}
+
+	return nil
+}
diff --git a/pkg/migrator/utils.go b/pkg/migrator/utils.go
new file mode 100644
index 0000000..d1792eb
--- /dev/null
+++ b/pkg/migrator/utils.go
@@ -0,0 +1,38 @@
+package migrator
+
+import (
+	"fmt"
+	"os"
+	"strings"
+)
+
+func GetMaxVersion(path string) (int, error) {
+	entries, err := os.ReadDir(path)
+	if err != nil {
+		return 0, fmt.Errorf("failed to read migrations dir: %w", err)
+	}
+
+	var maxVersion int
+	for _, entry := range entries {
+		if entry.IsDir() {
+			continue
+		}
+
+		// Skip non-SQL files
+		if !strings.HasSuffix(entry.Name(), ".sql") {
+			continue
+		}
+
+		var version int
+		_, err := fmt.Sscanf(entry.Name(), "%d_", &version)
+		if err != nil {
+			return 0, fmt.Errorf("failed to parse migration file name %s: %w", entry.Name(), err)
+		}
+
+		if version > maxVersion {
+			maxVersion = version
+		}
+	}
+
+	return maxVersion, nil
+}
diff --git a/pkg/rbacconnect/LICENSE b/pkg/rbacconnect/LICENSE
new file mode 100644
index 0000000..0cd8474
--- /dev/null
+++ b/pkg/rbacconnect/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 sxwebdev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/pkg/rbacconnect/README.md b/pkg/rbacconnect/README.md
new file mode 100644
index 0000000..c6e8890
--- /dev/null
+++ b/pkg/rbacconnect/README.md
@@ -0,0 +1,326 @@
+# rbacconnect
+
+A flexible, declarative Role-Based Access Control (RBAC) system for [connect-go](https://github.com/connectrpc/connect-go) RPC services.
+
+## Features
+
+- 🎯 **Declarative Policy Builder** - Define authorization rules with a fluent, chainable API
+- 🔍 **Multi-Level Selectors** - Control access at procedure, service, package, or default levels
+- 👑 **Super-Roles** - Define roles that bypass all authorization rules
+- ✅ **Allow/Deny Rules** - Fine-grained control with deny precedence over allow
+- 🔄 **Atomic Policy Updates** - Thread-safe hot-reloading of policies without service restart
+- 🔌 **Connect-go Integration** - Drop-in interceptor for connect-go services
+- 🎨 **Customizable** - Pluggable role extraction, spec parsing, and error handling
+
+## Installation
+
+```bash
+go get github.com/sxwebdev/sentinel/pkg/rbacconnect
+```
+
+## Quick Start
+
+### 1. Define Your Policy
+
+```go
+package main
+
+import (
+    "github.com/sxwebdev/sentinel/pkg/rbacconnect"
+)
+
+func createPolicy() *rbacconnect.Policy {
+    return rbacconnect.NewPolicyBuilder().
+        // Super-roles bypass all rules
+        WithSuperRoles("root").
+
+        // Default deny (fail-closed security)
+        WithDefaultAllow(false).
+
+        // Allow specific procedure
+        When(rbacconnect.Proc("/api.UserService/GetUser")).
+            Allow("admin", "user").
+
+        // Allow entire service
+        When(rbacconnect.Svc("api.AdminService")).
+            Allow("admin").
+
+        // Allow entire package
+        When(rbacconnect.Pkg("api.public")).
+            Allow("user", "guest").
+
+        // Explicit deny (takes precedence)
+        When(rbacconnect.Proc("/api.UserService/DeleteUser")).
+            Deny("user").
+
+        // Default rule for everything else
+        When(rbacconnect.Any()).
+            Allow("admin").
+
+        Build()
+}
+```
+
+### 2. Create Provider and Interceptor
+
+```go
+package main
+
+import (
+    "github.com/sxwebdev/sentinel/pkg/rbacconnect"
+    "connectrpc.com/connect"
+)
+
+func main() {
+    // Create policy
+    policy := createPolicy()
+
+    // Create provider (for atomic updates)
+    provider := rbacconnect.NewProvider(policy)
+
+    // Create interceptor
+    interceptor := rbacconnect.NewInterceptor(provider, rbacconnect.Options{
+        // Optional: custom role extractor
+        RoleExtractor: rbacconnect.RoleExtractorFunc(func(ctx context.Context) ([]rbacconnect.Role, error) {
+            // Extract roles from your auth context
+            // Example: from JWT claims, session, etc.
+            user := getUserFromContext(ctx)
+            return user.Roles, nil
+        }),
+    })
+
+    // Add interceptor to your connect-go server
+    mux := http.NewServeMux()
+    mux.Handle(greetv1connect.NewGreetServiceHandler(
+        &greetServer{},
+        connect.WithInterceptors(interceptor),
+    ))
+}
+```
+
+### 3. Add Roles to Context
+
+```go
+// In your authentication middleware
+func authMiddleware(next http.Handler) http.Handler {
+    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        // Extract user and their roles
+        user := authenticateUser(r)
+
+        // Add roles to context
+        ctx := rbacconnect.WithRoles(r.Context(), user.Roles...)
+
+        next.ServeHTTP(w, r.WithContext(ctx))
+    })
+}
+```
+
+## Rule Evaluation Order
+
+Rules are evaluated in order of specificity, from most specific to least:
+
+1. **Super-Roles** - Always granted access
+2. **Procedure** - Exact procedure match (e.g., `/api.UserService/GetUser`)
+3. **Service** - Service-level match (e.g., `api.UserService`)
+4. **Package** - Package-level match (e.g., `api`)
+5. **Default** - Explicit default rule via `When(rbacconnect.Any())`
+6. **Fallback** - `WithDefaultAllow(true/false)`
+
+Within each level, **Deny takes precedence over Allow**.
+
+## Examples
+
+### Example 1: Simple Service Authorization
+
+```go
+policy := rbacconnect.NewPolicyBuilder().
+    WithSuperRoles("admin").
+    WithDefaultAllow(false).
+    When(rbacconnect.Svc("api.UserService")).
+        Allow("user", "moderator").
+    Build()
+```
+
+### Example 2: Public and Private APIs
+
+```go
+policy := rbacconnect.NewPolicyBuilder().
+    WithDefaultAllow(false).
+
+    // Public APIs - anyone can access
+    When(rbacconnect.Pkg("api.public")).
+        Allow("guest", "user", "admin").
+
+    // Private APIs - authenticated users only
+    When(rbacconnect.Pkg("api.private")).
+        Allow("user", "admin").
+
+    // Admin APIs - admins only
+    When(rbacconnect.Pkg("api.admin")).
+        Allow("admin").
+
+    Build()
+```
+
+### Example 3: Mixed Allow/Deny Rules
+
+```go
+policy := rbacconnect.NewPolicyBuilder().
+    WithDefaultAllow(false).
+
+    // Users can access most of UserService
+    When(rbacconnect.Svc("api.UserService")).
+        Allow("user").
+
+    // But users cannot delete
+    When(rbacconnect.Proc("/api.UserService/DeleteUser")).
+        Deny("user").
+        Allow("admin").
+
+    Build()
+```
+
+### Example 4: Hot-Reloading Policies
+
+```go
+// Initial policy
+policy := createPolicy()
+provider := rbacconnect.NewProvider(policy)
+
+// Later, update the policy without restarting
+newPolicy := rbacconnect.NewPolicyBuilder().
+    WithSuperRoles("root", "superadmin").
+    WithDefaultAllow(false).
+    When(rbacconnect.Any()).
+        Allow("admin").
+    Build()
+
+// Atomic update - all new requests use the new policy
+provider.Update(newPolicy)
+```
+
+### Example 5: Custom Role Extractor from JWT
+
+```go
+import "github.com/golang-jwt/jwt/v5"
+
+type Claims struct {
+    Roles []string `json:"roles"`
+    jwt.RegisteredClaims
+}
+
+interceptor := rbacconnect.NewInterceptor(provider, rbacconnect.Options{
+    RoleExtractor: rbacconnect.RoleExtractorFunc(func(ctx context.Context) ([]rbacconnect.Role, error) {
+        // Extract JWT from context
+        token := getTokenFromContext(ctx)
+        if token == "" {
+            return nil, errors.New("no token")
+        }
+
+        // Parse and validate JWT
+        claims := &Claims{}
+        _, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
+            return []byte("your-secret-key"), nil
+        })
+        if err != nil {
+            return nil, err
+        }
+
+        return claims.Roles, nil
+    }),
+})
+```
+
+## API Reference
+
+### Types
+
+- **`Role`** - String type representing a user role
+- **`RoleSet`** - Set of roles for efficient lookup
+- **`Selector`** - Defines the scope of a rule (Procedure/Service/Package/Default)
+- **`Rule`** - Allow/Deny permissions for roles
+- **`Policy`** - Complete set of RBAC rules
+- **`Decision`** - Result of authorization check
+
+### Builder Methods
+
+- **`NewPolicyBuilder()`** - Create a new policy builder
+- **`WithSuperRoles(roles ...Role)`** - Add super-roles
+- **`WithDefaultAllow(bool)`** - Set default behavior
+- **`When(Selector)`** - Start a rule clause
+- **`Allow(roles ...Role)`** - Grant access to roles
+- **`Deny(roles ...Role)`** - Block access for roles
+- **`Build()`** - Finalize and return the policy
+
+### Selectors
+
+- **`Proc(procedure string)`** - Match specific procedure
+- **`Svc(service string)`** - Match all procedures in a service
+- **`Pkg(package string)`** - Match all procedures in a package
+- **`Any()`** - Match everything (default rule)
+
+### Provider
+
+- **`NewProvider(policy *Policy)`** - Create atomic policy provider
+- **`Get()`** - Get current policy
+- **`Update(newPolicy *Policy)`** - Atomically update policy
+
+### Interceptor
+
+- **`NewInterceptor(provider *Provider, opts Options)`** - Create RBAC interceptor
+
+### Context Helpers
+
+- **`WithRoles(ctx, roles ...Role)`** - Add roles to context
+- **`RolesFromContext(ctx)`** - Extract roles from context
+
+## Testing
+
+```go
+func TestPolicy(t *testing.T) {
+    policy := rbacconnect.NewPolicyBuilder().
+        WithSuperRoles("root").
+        WithDefaultAllow(false).
+        When(rbacconnect.Proc("/api.UserService/GetUser")).
+            Allow("user").
+        Build()
+
+    // Test super-role
+    dec := policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"root"})
+    assert.True(t, dec.Allowed)
+
+    // Test allowed role
+    dec = policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"user"})
+    assert.True(t, dec.Allowed)
+
+    // Test denied role
+    dec = policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"guest"})
+    assert.False(t, dec.Allowed)
+}
+```
+
+## Best Practices
+
+1. **Fail Closed** - Use `WithDefaultAllow(false)` for security
+2. **Least Privilege** - Grant minimum necessary permissions
+3. **Explicit Deny** - Use deny rules for critical restrictions
+4. **Test Policies** - Write unit tests for your authorization logic
+5. **Audit Decisions** - Log authorization decisions for security auditing
+6. **Version Policies** - Track policy changes in version control
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+## License
+
+This package is part of the Sentinel project.
+
+## Related Projects
+
+- [connect-go](https://github.com/connectrpc/connect-go) - Simple, reliable RPC
+- [connect-grpchealth-go](https://github.com/connectrpc/grpchealth-go) - gRPC health checks for connect
+
+## Support
+
+For issues and questions, please open an issue on GitHub.
diff --git a/pkg/rbacconnect/builder.go b/pkg/rbacconnect/builder.go
new file mode 100644
index 0000000..e1eece6
--- /dev/null
+++ b/pkg/rbacconnect/builder.go
@@ -0,0 +1,127 @@
+package rbacconnect
+
+// PolicyBuilder is a convenient builder for declarative policies.
+type PolicyBuilder struct {
+	p Policy
+}
+
+// NewPolicyBuilder creates a new policy builder with empty rules.
+func NewPolicyBuilder() *PolicyBuilder {
+	return &PolicyBuilder{
+		p: Policy{
+			proc: make(map[string]Rule),
+			svc:  make(map[string]Rule),
+			pkg:  make(map[string]Rule),
+			// def=nil => no default rule
+		},
+	}
+}
+
+// WithSuperRoles adds super-roles that bypass all authorization rules.
+// Super-roles are always granted access regardless of any rules.
+func (b *PolicyBuilder) WithSuperRoles(roles ...Role) *PolicyBuilder {
+	if b.p.super == nil {
+		b.p.super = NewRoleSet()
+	}
+	for _, r := range roles {
+		b.p.super[r] = struct{}{}
+	}
+	return b
+}
+
+// WithDefaultAllow sets the default behavior when no rules match.
+// If true, access is allowed by default. If false, access is denied by default.
+func (b *PolicyBuilder) WithDefaultAllow(v bool) *PolicyBuilder {
+	b.p.defaultAllow = v
+	return b
+}
+
+// When starts a new rule clause for the given selector.
+// Returns a clause that can be chained with Allow() and Deny() calls.
+func (b *PolicyBuilder) When(s Selector) *clause {
+	return &clause{b: b, s: s}
+}
+
+// Build finalizes the policy construction and returns the immutable Policy.
+func (b *PolicyBuilder) Build() *Policy {
+	// We don't make copies of maps (internal package), but could if needed.
+	return &b.p
+}
+
+// clause is a helper type for chaining When(Selector).Allow(...).Deny(...) calls.
+type clause struct {
+	b *PolicyBuilder
+	s Selector
+}
+
+// Allow grants access to the specified roles for the current selector.
+// Returns the clause to allow further chaining.
+func (c *clause) Allow(roles ...Role) *clause {
+	r := c.curry()
+	if r.Allow == nil {
+		r.Allow = NewRoleSet()
+	}
+	for _, ro := range roles {
+		r.Allow[ro] = struct{}{}
+	}
+	c.apply(r)
+	return c
+}
+
+// Deny blocks access for the specified roles for the current selector.
+// Deny takes precedence over Allow.
+// Returns the clause to allow further chaining.
+func (c *clause) Deny(roles ...Role) *clause {
+	r := c.curry()
+	if r.Deny == nil {
+		r.Deny = NewRoleSet()
+	}
+	for _, ro := range roles {
+		r.Deny[ro] = struct{}{}
+	}
+	c.apply(r)
+	return c
+}
+
+// When allows continuing the chain with a new selector.
+func (c *clause) When(s Selector) *clause {
+	return c.b.When(s)
+}
+
+// Build finalizes the policy construction and returns the immutable Policy.
+func (c *clause) Build() *Policy {
+	return c.b.Build()
+}
+
+// curry retrieves the current rule for the selector.
+func (c *clause) curry() Rule {
+	switch {
+	case c.s.Procedure != "":
+		return c.b.p.proc[c.s.Procedure]
+	case c.s.Service != "":
+		return c.b.p.svc[c.s.Service]
+	case c.s.Package != "":
+		return c.b.p.pkg[c.s.Package]
+	case c.s.Default:
+		if c.b.p.def != nil {
+			return *c.b.p.def
+		}
+		return Rule{}
+	default:
+		return Rule{}
+	}
+}
+
+// apply stores the rule for the selector.
+func (c *clause) apply(r Rule) {
+	switch {
+	case c.s.Procedure != "":
+		c.b.p.proc[c.s.Procedure] = r
+	case c.s.Service != "":
+		c.b.p.svc[c.s.Service] = r
+	case c.s.Package != "":
+		c.b.p.pkg[c.s.Package] = r
+	case c.s.Default:
+		c.b.p.def = &r
+	}
+}
diff --git a/pkg/rbacconnect/context.go b/pkg/rbacconnect/context.go
new file mode 100644
index 0000000..568be72
--- /dev/null
+++ b/pkg/rbacconnect/context.go
@@ -0,0 +1,39 @@
+package rbacconnect
+
+import "context"
+
+// RoleExtractor defines how to extract roles from a context.
+// Users can provide their own implementation.
+type RoleExtractor interface {
+	ExtractRoles(ctx context.Context) ([]Role, error)
+}
+
+// RoleExtractorFunc is a function adapter for RoleExtractor interface.
+type RoleExtractorFunc func(ctx context.Context) ([]Role, error)
+
+// ExtractRoles implements the RoleExtractor interface.
+func (f RoleExtractorFunc) ExtractRoles(ctx context.Context) ([]Role, error) {
+	return f(ctx)
+}
+
+// Standard context-based extractor (optional).
+type ctxKey struct{}
+
+var rolesKey ctxKey
+
+// WithRoles adds roles to the context.
+func WithRoles(ctx context.Context, roles ...Role) context.Context {
+	return context.WithValue(ctx, rolesKey, roles)
+}
+
+// RolesFromContext retrieves roles from the context.
+func RolesFromContext(ctx context.Context) ([]Role, bool) {
+	v := ctx.Value(rolesKey)
+	if v == nil {
+		return nil, false
+	}
+	if rr, ok := v.([]Role); ok {
+		return rr, true
+	}
+	return nil, false
+}
diff --git a/pkg/rbacconnect/doc.go b/pkg/rbacconnect/doc.go
new file mode 100644
index 0000000..63671ce
--- /dev/null
+++ b/pkg/rbacconnect/doc.go
@@ -0,0 +1,113 @@
+// Package rbacconnect provides a flexible, declarative Role-Based Access Control (RBAC)
+// system for connect-go RPC services.
+//
+// # Overview
+//
+// rbacconnect enables fine-grained authorization for connect-go services through a
+// declarative policy builder. It supports multiple levels of selectors (procedure,
+// service, package, default), super-roles, allow/deny rules, and atomic policy updates.
+//
+// # Quick Start
+//
+// Define a policy:
+//
+//	policy := rbacconnect.NewPolicyBuilder().
+//	    WithSuperRoles("root").
+//	    WithDefaultAllow(false).
+//	    When(rbacconnect.Proc("/api.UserService/GetUser")).
+//	        Allow("admin", "user").
+//	    When(rbacconnect.Svc("api.AdminService")).
+//	        Allow("admin").
+//	    Build()
+//
+// Create an interceptor:
+//
+//	provider := rbacconnect.NewProvider(policy)
+//	interceptor := rbacconnect.NewInterceptor(provider, rbacconnect.Options{})
+//
+// Add to your connect-go server:
+//
+//	mux.Handle(yourservice.NewHandler(
+//	    &yourServer{},
+//	    connect.WithInterceptors(interceptor),
+//	))
+//
+// # Policy Structure
+//
+// Policies are built using a fluent API with the following components:
+//
+//   - Super-Roles: Roles that bypass all rules (e.g., "root", "superadmin")
+//   - Selectors: Define the scope of rules (Procedure, Service, Package, or Default)
+//   - Rules: Allow or Deny specific roles (Deny takes precedence)
+//   - Default Behavior: What happens when no rules match
+//
+// # Rule Evaluation Order
+//
+// Rules are evaluated in order of specificity:
+//
+//  1. Super-Roles (always allowed)
+//  2. Procedure-level rules (most specific)
+//  3. Service-level rules
+//  4. Package-level rules
+//  5. Default rule
+//  6. Fallback to WithDefaultAllow setting
+//
+// Within each level, Deny takes precedence over Allow.
+//
+// # Selectors
+//
+// Four types of selectors are available:
+//
+//   - Proc(procedure): Match exact procedure like "/api.UserService/GetUser"
+//   - Svc(service): Match all procedures in a service like "api.UserService"
+//   - Pkg(package): Match all procedures in a package like "api"
+//   - Any(): Match everything (default rule)
+//
+// # Hot Reloading
+//
+// Policies can be updated atomically without service restart:
+//
+//	newPolicy := rbacconnect.NewPolicyBuilder().
+//	    WithSuperRoles("root", "admin").
+//	    Build()
+//	provider.Update(newPolicy)
+//
+// # Custom Role Extraction
+//
+// Implement RoleExtractor to customize how roles are extracted from context:
+//
+//	interceptor := rbacconnect.NewInterceptor(provider, rbacconnect.Options{
+//	    RoleExtractor: rbacconnect.RoleExtractorFunc(func(ctx context.Context) ([]rbacconnect.Role, error) {
+//	        // Extract roles from JWT, session, etc.
+//	        return extractRolesFromJWT(ctx)
+//	    }),
+//	})
+//
+// # Thread Safety
+//
+// All components are thread-safe. The Provider uses atomic operations for policy updates,
+// ensuring no race conditions during hot-reloads.
+//
+// # Best Practices
+//
+//   - Use WithDefaultAllow(false) for fail-closed security
+//   - Grant minimum necessary permissions (principle of least privilege)
+//   - Use explicit Deny for critical restrictions
+//   - Test policies thoroughly with unit tests
+//   - Log authorization decisions for security auditing
+//   - Version control your policies
+//
+// # File Organization
+//
+// The package is organized into logical files:
+//
+//   - rbacconnect.go: Core types (Role, Selector, Rule, Policy)
+//   - builder.go: PolicyBuilder and fluent API
+//   - interceptor.go: Connect-go integration
+//   - context.go: Context helpers and role extraction
+//   - provider.go: Atomic policy provider
+//   - helpers.go: Utility functions for common patterns
+//   - utils.go: Internal utilities
+//
+// For more examples and detailed documentation, see the README.md file.
+package rbacconnect
diff --git a/pkg/rbacconnect/examples_test.go b/pkg/rbacconnect/examples_test.go
new file mode 100644
index 0000000..b677bcf
--- /dev/null
+++ b/pkg/rbacconnect/examples_test.go
@@ -0,0 +1,295 @@
+package rbacconnect
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"connectrpc.com/connect"
+)
+
+// Example 1: Basic policy with super-roles
+func ExamplePolicyBuilder_basic() {
+	policy := NewPolicyBuilder().
+		WithSuperRoles("root").
+		WithDefaultAllow(false).
+		When(Proc("/api.UserService/GetUser")).
+		Allow("admin", "user").
+		Build()
+
+	// Evaluate for admin role
+	decision := policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"admin"})
+	println(decision.Allowed) // true
+}
+
+// Example 2: Service-level authorization
+func ExamplePolicyBuilder_service() {
+	policy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		When(Svc("api.UserService")).
+		Allow("user").
+		When(Svc("api.AdminService")).
+		Allow("admin").
+		Build()
+
+	// User can access UserService
+	decision := policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"user"})
+	println(decision.Allowed) // true
+
+	// User cannot access AdminService
+	decision = policy.Evaluate("/api.AdminService/DeleteUser", "api.AdminService", "api", []string{"user"})
+	println(decision.Allowed) // false
+}
+
+// Example 3: Package-level with deny rules
+func ExamplePolicyBuilder_denyRules() {
+	policy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		// Allow users to access the package
+		When(Pkg("api")).
+		Allow("user", "admin").
+		// But deny users from specific dangerous operations
+		When(Proc("/api.UserService/DeleteUser")).
+		Deny("user").
+		Build()
+
+	// User can read
+	decision := policy.Evaluate("/api.UserService/GetUser", "api.UserService", "api", []string{"user"})
+	println(decision.Allowed) // true
+
+	// User cannot delete (deny takes precedence)
+	decision = policy.Evaluate("/api.UserService/DeleteUser", "api.UserService", "api", []string{"user"})
+	println(decision.Allowed) // false
+}
+
+// Example 4: Hot-reloading policies
+func ExampleProvider_update() {
+	// Initial policy
+	initialPolicy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		When(Any()).
+		Allow("admin").
+		Build()
+
+	provider := NewProvider(initialPolicy)
+
+	// Check with initial policy
+	policy := provider.Get()
+	decision := policy.Evaluate("/any/Procedure", "any.Service", "any", []string{"user"})
+	println(decision.Allowed) // false
+
+	// Update policy
+	newPolicy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		When(Any()).
+		Allow("admin", "user"). // now users are allowed
+		Build()
+
+	provider.Update(newPolicy)
+
+	// Check with new policy
+	policy = provider.Get()
+	decision = policy.Evaluate("/any/Procedure", "any.Service", "any", []string{"user"})
+	println(decision.Allowed) // true
+}
+
+// Example 5: Custom role extractor
+func ExampleNewInterceptor_customRoleExtractor() {
+	policy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		When(Any()).
+		Allow("admin").
+		Build()
+
+	provider := NewProvider(policy)
+
+	// Custom role extractor from HTTP headers
+	extractorFromHeader := RoleExtractorFunc(func(ctx context.Context) ([]Role, error) {
+		// In real scenario, extract from actual context
+		header := ctx.Value("X-User-Roles")
+		if header == nil {
+			return nil, errors.New("no roles header")
+		}
+		// Parse roles from header
+		rolesStr, ok := header.(string)
+		if !ok {
+			return nil, errors.New("invalid roles")
+		}
+		return []string{rolesStr}, nil
+	})
+
+	_ = NewInterceptor(provider, Options{
+		RoleExtractor: extractorFromHeader,
+	})
+}
+
+// Example 6: Using context helpers
+func ExampleWithRoles() {
+	ctx := context.Background()
+
+	// Add roles to context
+	ctx = WithRoles(ctx, "admin", "user")
+
+	// Extract roles from context
+	roles, ok := RolesFromContext(ctx)
+	if ok {
+		println("Roles:", roles) // ["admin", "user"]
+	}
+}
+
+// Example 7: Testing authorization logic
+func TestPolicyEvaluation(t *testing.T) {
+	policy := NewPolicyBuilder().
+		WithSuperRoles("root").
+		WithDefaultAllow(false).
+		When(Proc("/api.UserService/GetUser")).
+		Allow("user").
+		When(Proc("/api.UserService/DeleteUser")).
+		Allow("admin").
+		Build()
+
+	tests := []struct {
+		name      string
+		procedure string
+		service   string
+		pkg       string
+		roles     []string
+		wantAllow bool
+	}{
+		{
+			name:      "root bypasses all rules",
+			procedure: "/api.UserService/DeleteUser",
+			service:   "api.UserService",
+			pkg:       "api",
+			roles:     []string{"root"},
+			wantAllow: true,
+		},
+		{
+			name:      "user can get",
+			procedure: "/api.UserService/GetUser",
+			service:   "api.UserService",
+			pkg:       "api",
+			roles:     []string{"user"},
+			wantAllow: true,
+		},
+		{
+			name:      "user cannot delete",
+			procedure: "/api.UserService/DeleteUser",
+			service:   "api.UserService",
+			pkg:       "api",
+			roles:     []string{"user"},
+			wantAllow: false,
+		},
+		{
+			name:      "admin can delete",
+			procedure: "/api.UserService/DeleteUser",
+			service:   "api.UserService",
+			pkg:       "api",
+			roles:     []string{"admin"},
+			wantAllow: true,
+		},
+		{
+			name:      "no roles - deny",
+			procedure: "/api.UserService/GetUser",
+			service:   "api.UserService",
+			pkg:       "api",
+			roles:     []string{},
+			wantAllow: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			decision := policy.Evaluate(tt.procedure, tt.service, tt.pkg, tt.roles)
+			if decision.Allowed != tt.wantAllow {
+				t.Errorf("Evaluate() allowed = %v, want %v (reason: %s)",
+					decision.Allowed, tt.wantAllow, decision.Reason)
+			}
+		})
+	}
+}
+
+// Example 8: Integration with connect-go service
+func ExampleInterceptor_withConnectService() {
+	// Create policy
+	policy := NewPolicyBuilder().
+		WithSuperRoles("root").
+		WithDefaultAllow(false).
+		When(Pkg("greet.v1")).
+		Allow("user").
+		Build()
+
+	provider := NewProvider(policy)
+	_ = NewInterceptor(provider, Options{})
+
+	// Create HTTP handler with interceptor
+	mux := http.NewServeMux()
+
+	// In real code, use your actual service handler:
+	// mux.Handle(greetv1connect.NewGreetServiceHandler(
+	//     &greetServer{},
+	//     connect.WithInterceptors(interceptor),
+	// ))
+
+	// Start server
+	_ = httptest.NewServer(mux)
+}
+
+// Example 9: Multi-level authorization
+func ExamplePolicyBuilder_multiLevel() {
+	policy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		// Package level - all users can access public APIs
+		When(Pkg("api.public")).
+		Allow("guest", "user", "admin").
+		// Service level - only registered users for private APIs
+		When(Svc("api.private.UserService")).
+		Allow("user", "admin").
+		// Procedure level - only admins for dangerous operations
+		When(Proc("/api.private.UserService/DeleteAll")).
+		Allow("admin").
+		// Default - admins get everything else
+		When(Any()).
+		Allow("admin").
+		Build()
+
+	// Guest can access public
+	d := policy.Evaluate("/api.public.InfoService/GetInfo", "api.public.InfoService", "api.public", []string{"guest"})
+	println("Guest public:", d.Allowed) // true
+
+	// Guest cannot access private
+	d = policy.Evaluate("/api.private.UserService/GetProfile", "api.private.UserService", "api.private", []string{"guest"})
+	println("Guest private:", d.Allowed) // false
+
+	// User can access private
+	d = policy.Evaluate("/api.private.UserService/GetProfile", "api.private.UserService", "api.private", []string{"user"})
+	println("User private:", d.Allowed) // true
+
+	// User cannot delete all
+	d = policy.Evaluate("/api.private.UserService/DeleteAll", "api.private.UserService", "api.private", []string{"user"})
+	println("User delete:", d.Allowed) // false
+
+	// Admin can delete all
+	d = policy.Evaluate("/api.private.UserService/DeleteAll", "api.private.UserService", "api.private", []string{"admin"})
+	println("Admin delete:", d.Allowed) // true
+}
+
+// Example 10: Custom error factory
+func ExampleNewInterceptor_customErrorFactory() {
+	policy := NewPolicyBuilder().
+		WithDefaultAllow(false).
+		Build()
+
+	provider := NewProvider(policy)
+
+	interceptor := NewInterceptor(provider, Options{
+		ErrorFactory: func(code connect.Code, msg string) error {
+			// Custom error with additional context
+			return connect.NewError(code, errors.New(msg+" - contact support"))
+		},
+	})
+
+	_ = interceptor
+}
diff --git a/pkg/rbacconnect/helpers.go b/pkg/rbacconnect/helpers.go
new file mode 100644
index 0000000..ed5031f
--- /dev/null
+++ b/pkg/rbacconnect/helpers.go
@@ -0,0 +1,43 @@
+package rbacconnect
+
+// AllowProcs adds allow rules for the specified procedures and role.
+func AllowProcs(b *PolicyBuilder, role Role, procs ...string) {
+	for _, p := range procs {
+		b.When(Proc(p)).Allow(role)
+	}
+}
+
+// DenyProcs adds deny rules for the specified procedures and role.
+func DenyProcs(b *PolicyBuilder, role Role, procs ...string) {
+	for _, p := range procs {
+		b.When(Proc(p)).Deny(role)
+	}
+}
+
+// AllowServices adds allow rules for all procedures of the specified services and role.
+func AllowServices(b *PolicyBuilder, role Role, services ...string) {
+	for _, s := range services {
+		b.When(Svc(s)).Allow(role)
+	}
+}
+
+// DenyServices adds deny rules for all procedures of the specified services and role.
+func DenyServices(b *PolicyBuilder, role Role, services ...string) {
+	for _, s := range services {
+		b.When(Svc(s)).Deny(role)
+	}
+}
+
+// AllowPackages adds allow rules for all procedures of the specified packages and role.
+func AllowPackages(b *PolicyBuilder, role Role, packages ...string) {
+	for _, p := range packages {
+		b.When(Pkg(p)).Allow(role)
+	}
+}
+
+// DenyPackages adds deny rules for all procedures of the specified packages and role.
+func DenyPackages(b *PolicyBuilder, role Role, packages ...string) {
+	for _, p := range packages {
+		b.When(Pkg(p)).Deny(role)
+	}
+}
diff --git a/pkg/rbacconnect/interceptor.go b/pkg/rbacconnect/interceptor.go
new file mode 100644
index 0000000..0bbfa4a
--- /dev/null
+++ b/pkg/rbacconnect/interceptor.go
@@ -0,0 +1,127 @@
+package rbacconnect
+
+import (
+	"context"
+
+	"connectrpc.com/connect"
+)
+
+// Options configures the Interceptor behavior.
+type Options struct {
+	// RoleExtractor extracts roles from the request context.
+	RoleExtractor RoleExtractor
+	// SpecSplitter parses connect.Spec into (proc, svc, pkg).
+	// Default implementation parses "/pkg.Service/Method" format.
+	SpecSplitter func(spec connect.Spec) (proc string, svc string, pkg string)
+	// ErrorFactory creates custom errors (PermissionDenied/Unauthenticated).
+	ErrorFactory func(code connect.Code, msg string) error
+}
+
+// Interceptor is a connect-go interceptor that enforces RBAC policies.
+type Interceptor struct {
+	provider *Provider
+	opts     Options
+}
+
+// NewInterceptor creates a new RBAC interceptor with the given provider and options.
+// If options are not provided, sensible defaults are used.
+func NewInterceptor(provider *Provider, opts Options) *Interceptor {
+	if opts.RoleExtractor == nil {
+		opts.RoleExtractor = RoleExtractorFunc(func(ctx context.Context) ([]Role, error) {
+			if r, ok := RolesFromContext(ctx); ok {
+				return r, nil
+			}
+			return nil, Err("roles missing")
+		})
+	}
+	if opts.SpecSplitter == nil {
+		opts.SpecSplitter = defaultSpecSplitter
+	}
+	if opts.ErrorFactory == nil {
+		opts.ErrorFactory = defaultErrorFactory
+	}
+	return &Interceptor{provider: provider, opts: opts}
+}
+
+// WrapUnary wraps unary RPC calls with RBAC authorization.
+func (i *Interceptor) WrapUnary(next connect.UnaryFunc) connect.UnaryFunc {
+	return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
+		roles, err := i.opts.RoleExtractor.ExtractRoles(ctx)
+		if err != nil || len(roles) == 0 {
+			return nil, i.opts.ErrorFactory(connect.CodeUnauthenticated, "rbac: no roles")
+		}
+		proc, svc, pkg := i.opts.SpecSplitter(req.Spec())
+		p := i.provider.Get()
+		dec := p.Evaluate(proc, svc, pkg, roles)
+		if !dec.Allowed {
+			return nil, i.opts.ErrorFactory(connect.CodePermissionDenied, "rbac: access denied")
+		}
+		return next(ctx, req)
+	}
+}
+
+// WrapStreamingClient wraps client-side streaming calls.
+// By default, client streams are not restricted.
+func (i *Interceptor) WrapStreamingClient(next connect.StreamingClientFunc) connect.StreamingClientFunc {
+	return next // typically we don't restrict client streams
+}
+
+// WrapStreamingHandler wraps server-side streaming calls with RBAC authorization.
+func (i *Interceptor) WrapStreamingHandler(next connect.StreamingHandlerFunc) connect.StreamingHandlerFunc {
+	return func(ctx context.Context, conn connect.StreamingHandlerConn) error {
+		roles, err := i.opts.RoleExtractor.ExtractRoles(ctx)
+		if err != nil || len(roles) == 0 {
+			return i.opts.ErrorFactory(connect.CodeUnauthenticated, "rbac: no roles")
+		}
+		proc, svc, pkg := i.opts.SpecSplitter(conn.Spec())
+		p := i.provider.Get()
+		dec := p.Evaluate(proc, svc, pkg, roles)
+		if !dec.Allowed {
+			return i.opts.ErrorFactory(connect.CodePermissionDenied, "rbac: access denied")
+		}
+		return next(ctx, conn)
+	}
+}
+
+// defaultSpecSplitter parses a connect.Spec into procedure, service, and package names.
+// Expected format: "/pkg.Service/Method"
+func defaultSpecSplitter(spec connect.Spec) (string, string, string) {
+	// spec.Procedure: "/pkg.Service/Method"
+	proc := spec.Procedure
+	// Extract svc "pkg.Service" and pkg "pkg"
+	var svc, pkg string
+	// Strip leading slash
+	s := proc
+	if len(s) > 0 && s[0] == '/' {
+		s = s[1:]
+	}
+	// s = "pkg.Service/Method"
+	// svc — everything before the slash
+	for i := 0; i < len(s); i++ {
+		if s[i] == '/' { // found
+			svc = s[:i]
+			break
+		}
+	}
+	// pkg — everything before the first dot
+	for i := 0; i < len(svc); i++ {
+		if svc[i] == '.' {
+			pkg = svc[:i]
+			break
+		}
+	}
+	return proc, svc, pkg
+}
+
+// defaultErrorFactory creates a connect error with the given code and message.
+func defaultErrorFactory(code connect.Code, msg string) error {
+	return connect.NewError(code, Err(msg))
+}
+
+// Err is a simple error type for string errors.
+type Err string
+
+// Error implements the error interface.
+func (e Err) Error() string {
+	return string(e)
+}
diff --git a/pkg/rbacconnect/provider.go b/pkg/rbacconnect/provider.go
new file mode 100644
index 0000000..78c3e61
--- /dev/null
+++ b/pkg/rbacconnect/provider.go
@@ -0,0 +1,26 @@
+package rbacconnect
+
+import "sync/atomic"
+
+// Provider is a thread-safe atomic policy provider for "hot" updates.
+// It allows updating the policy without restarting the service.
+type Provider struct {
+	cur atomic.Pointer[Policy]
+}
+
+// NewProvider creates a new Provider with the given initial policy.
+func NewProvider(p *Policy) *Provider {
+	pr := &Provider{}
+	pr.cur.Store(p)
+	return pr
+}
+
+// Get returns the current policy.
+func (p *Provider) Get() *Policy {
+	return p.cur.Load()
+}
+
+// Update atomically replaces the current policy with a new one.
+func (p *Provider) Update(newP *Policy) {
+	p.cur.Store(newP)
+}
diff --git a/pkg/rbacconnect/rbacconnect.go b/pkg/rbacconnect/rbacconnect.go
new file mode 100644
index 0000000..f0980ef
--- /dev/null
+++ b/pkg/rbacconnect/rbacconnect.go
@@ -0,0 +1,163 @@
+// Package rbacconnect provides a flexible, declarative Role-Based Access Control (RBAC)
+// system for connect-go RPC services. It allows you to define fine-grained authorization
+// rules based on procedures, services, packages, or default policies, with support for
+// super-roles and dynamic policy updates.
+//
+// Key Features:
+//   - Declarative policy builder with fluent API
+//   - Multiple selector levels: Procedure > Service > Package > Default
+//   - Super-roles that bypass all rules
+//   - Allow/Deny rules with deny precedence
+//   - Thread-safe atomic policy updates
+//   - Connect-go interceptor integration
+//
+// Example usage:
+//
+//	policy := rbacconnect.NewPolicyBuilder().
+//	    WithSuperRoles("root").
+//	    WithDefaultAllow(false).
+//	    When(rbacconnect.Proc("/api.UserService/GetUser")).
+//	        Allow("admin", "user").
+//	    When(rbacconnect.Svc("api.AdminService")).
+//	        Allow("admin").
+//	    When(rbacconnect.Pkg("api")).
+//	        Deny("guest").
+//	    Build()
+//
+//	provider := rbacconnect.NewProvider(policy)
+//	interceptor := rbacconnect.NewInterceptor(provider, rbacconnect.Options{})
+package rbacconnect
+
+import "slices"
+
+// Role represents a user role as a string.
+// Roles are used to determine access permissions in the RBAC system.
+type Role = string
+
+// RoleSet is a set of roles implemented as a map for efficient lookup.
+type RoleSet map[Role]struct{}
+
+// NewRoleSet creates a new RoleSet from the provided roles.
+func NewRoleSet(roles ...Role) RoleSet {
+	rs := make(RoleSet, len(roles))
+	for _, r := range roles {
+		rs[r] = struct{}{}
+	}
+	return rs
+}
+
+// Has checks if the role exists in the set.
+func (rs RoleSet) Has(r Role) bool {
+	_, ok := rs[r]
+	return ok
+}
+
+// Selector defines the scope of a rule application.
+// Specificity order: Procedure > Service > Package > Default.
+type Selector struct {
+	// Procedure is the full procedure name like "/pkg.Service/Method".
+	Procedure string
+	// Service is the service name like "pkg.Service".
+	Service string
+	// Package is the package name like "pkg".
+	Package string
+	// Default indicates a default rule (when nothing else matches).
+	Default bool
+}
+
+// Proc creates a selector for a specific procedure.
+// Example: Proc("/api.UserService/GetUser")
+func Proc(procedure string) Selector { return Selector{Procedure: procedure} }
+
+// Svc creates a selector for all procedures in a service.
+// Example: Svc("api.UserService")
+func Svc(service string) Selector { return Selector{Service: service} }
+
+// Pkg creates a selector for all procedures in a package.
+// Example: Pkg("api")
+func Pkg(pkg string) Selector { return Selector{Package: pkg} }
+
+// Any creates a default selector that matches everything.
+func Any() Selector { return Selector{Default: true} }
+
+// Rule represents allow/deny permissions for roles.
+// If a role is in Deny, it takes precedence over Allow.
+type Rule struct {
+	Allow RoleSet
+	Deny  RoleSet
+}
+
+// Policy is a set of RBAC rules. Can be updated atomically.
+type Policy struct {
+	// Maps are stored separately for fast lookup by level.
+	proc map[string]Rule
+	svc  map[string]Rule
+	pkg  map[string]Rule
+	def  *Rule // default rule, optional
+
+	// super contains super-roles that are always allowed regardless of rules
+	super RoleSet
+	// defaultAllow controls behavior when no rules match.
+	defaultAllow bool
+}
+
+// Decision represents the result of an authorization check.
+type Decision struct {
+	Allowed  bool
+	Selector string // which level matched: "procedure"|"service"|"package"|"default"|"none"
+	Matched  string // which name matched
+	Reason   string // description for logging
+}
+
+// Evaluate is a pure function that makes an authorization decision.
+// It checks the given procedure, service, and package against the policy rules
+// for the provided roles, returning a Decision.
+func (p *Policy) Evaluate(procFull string, svc string, pkg string, roles []Role) Decision {
+	// Check super-roles first
+	for _, r := range roles {
+		if p.super != nil && p.super.Has(r) {
+			return Decision{Allowed: true, Selector: "super", Matched: r, Reason: "super-role"}
+		}
+	}
+
+	// Check rules in order of specificity
+	if d := evalRule(p.proc[procFull], roles); d != nil {
+		return Decision{Allowed: *d, Selector: "procedure", Matched: procFull}
+	}
+	if d := evalRule(p.svc[svc], roles); d != nil {
+		return Decision{Allowed: *d, Selector: "service", Matched: svc}
+	}
+	if d := evalRule(p.pkg[pkg], roles); d != nil {
+		return Decision{Allowed: *d, Selector: "package", Matched: pkg}
+	}
+	if p.def != nil {
+		if d := evalRule(*p.def, roles); d != nil {
+			return Decision{Allowed: *d, Selector: "default", Matched: "*"}
+		}
+	}
+	// fallback
+	return Decision{Allowed: p.defaultAllow, Selector: "none", Matched: "", Reason: "fallback"}
+}
+
+// evalRule evaluates a single rule against the provided roles.
+// Returns nil if no rule exists, true if allowed, false if denied.
+func evalRule(r Rule, roles []Role) *bool {
+	if len(r.Allow) == 0 && len(r.Deny) == 0 {
+		return nil // "no rule"
+	}
+
+	// Explicit deny takes precedence
+	if slices.ContainsFunc(roles, r.Deny.Has) {
+		f := false
+		return &f
+	}
+
+	// Allow if there's an intersection
+	if slices.ContainsFunc(roles, r.Allow.Has) {
+		t := true
+		return &t
+	}
+
+	f := false
+	return &f
+}
diff --git a/pkg/rbacconnect/utils.go b/pkg/rbacconnect/utils.go
new file mode 100644
index 0000000..3f2098b
--- /dev/null
+++ b/pkg/rbacconnect/utils.go
@@ -0,0 +1,22 @@
+package rbacconnect
+
+func SplitProc(proc string) (svc string, pkg string) {
+	s := proc
+	if len(s) > 0 && s[0] == '/' {
+		s = s[1:]
+	}
+	// s: "pkg.Service/Method"
+	for i := 0; i < len(s); i++ {
+		if s[i] == '/' {
+			svc = s[:i] // "pkg.Service"
+			break
+		}
+	}
+	for i := 0; i < len(svc); i++ {
+		if svc[i] == '.' {
+			pkg = svc[:i] // "pkg"
+			break
+		}
+	}
+	return
+}
diff --git a/pkg/sqlite/helpers.go b/pkg/sqlite/helpers.go
new file mode 100644
index 0000000..634f358
--- /dev/null
+++ b/pkg/sqlite/helpers.go
@@ -0,0 +1,11 @@
+package sqlite
+
+func GetDSN(dbPath string) string {
+	dsn := "file:" + dbPath +
+		"?_busy_timeout=30000" +
+		"&_pragma=journal_mode(WAL)" +
+		"&_pragma=synchronous(NORMAL)" +
+		"&_pragma=foreign_keys(ON)" +
+		"&_pragma=cache_size(10000)"
+	return dsn
+}
diff --git a/pkg/sqlite/sqlite.go b/pkg/sqlite/sqlite.go
new file mode 100644
index 0000000..55b7c1e
--- /dev/null
+++ b/pkg/sqlite/sqlite.go
@@ -0,0 +1,50 @@
+package sqlite
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	_ "modernc.org/sqlite"
+)
+
+type SQLite struct {
+	DB *sql.DB
+}
+
+func New(ctx context.Context, dbPath string) (*SQLite, error) {
+	if dbPath == "" {
+		return nil, fmt.Errorf("database path is empty")
+	}
+
+	dir := filepath.Dir(dbPath)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return nil, fmt.Errorf("failed to create database directory: %w", err)
+	}
+
+	// Open SQLite database with proper settings for concurrent access
+	dsn := GetDSN(dbPath)
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open database: %w", err)
+	}
+
+	// Set connection pool settings
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(1)
+	db.SetConnMaxLifetime(time.Hour)
+
+	// Test connection
+	if err := db.PingContext(ctx); err != nil {
+		return nil, fmt.Errorf("failed to ping database: %w", err)
+	}
+
+	instance := &SQLite{
+		DB: db,
+	}
+
+	return instance, nil
+}
diff --git a/pkg/sqlite/svc.go b/pkg/sqlite/svc.go
new file mode 100644
index 0000000..f8d972c
--- /dev/null
+++ b/pkg/sqlite/svc.go
@@ -0,0 +1,20 @@
+package sqlite
+
+import "context"
+
+func (s *SQLite) Name() string { return "sqlite" }
+
+func (s *SQLite) Start(_ context.Context) error { return nil }
+
+func (s *SQLite) Stop(_ context.Context) error {
+	return s.DB.Close()
+}
+
+func (s *SQLite) Ping(ctx context.Context) error {
+	return s.DB.PingContext(ctx)
+}
+
+// Enabled returns true if the database is enabled
+func (s *SQLite) Enabled() bool {
+	return true
+}
diff --git a/pkg/sqlite/version.go b/pkg/sqlite/version.go
new file mode 100644
index 0000000..e4bce4a
--- /dev/null
+++ b/pkg/sqlite/version.go
@@ -0,0 +1,16 @@
+package sqlite
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetSQLiteVersion returns the SQLite version
+func (o *SQLite) GetSQLiteVersion(ctx context.Context) (string, error) {
+	var version string
+	err := o.DB.QueryRowContext(ctx, "SELECT sqlite_version()").Scan(&version)
+	if err != nil {
+		return "", fmt.Errorf("failed to get SQLite version: %w", err)
+	}
+	return version, nil
+}
diff --git a/schema/sentinel/agents/v1/agents.proto b/schema/sentinel/agents/v1/agents.proto
new file mode 100644
index 0000000..2bbcef7
--- /dev/null
+++ b/schema/sentinel/agents/v1/agents.proto
@@ -0,0 +1,102 @@
+syntax = "proto3";
+package sentinel.agents.v1;
+
+import "google/protobuf/timestamp.proto";
+import "sentinel/system/v1/service.proto";
+
+// AgentsService is the service for managing agents.
+service AgentsService {
+  rpc AgentsList(AgentsListRequest) returns (AgentsListResponse);
+  rpc AgentsGet(AgentsGetRequest) returns (AgentsGetResponse);
+  rpc AgentsCreate(AgentsCreateRequest) returns (AgentsCreateResponse);
+  rpc AgentsUpdate(AgentsUpdateRequest) returns (AgentsUpdateResponse);
+  rpc AgentsDelete(AgentsDeleteRequest) returns (AgentsDeleteResponse);
+  rpc AgentsSubscribe(AgentsSubscribeRequest)
+      returns (stream AgentsSubscribeResponse);
+}
+
+enum AgentStatus {
+  AGENT_STATUS_UNSPECIFIED = 0;
+  AGENT_STATUS_ACTIVE = 1;
+  AGENT_STATUS_INACTIVE = 2;
+}
+
+enum AgentKind {
+  AGENT_KIND_UNSPECIFIED = 0;
+  AGENT_KIND_HUB = 1;
+  AGENT_KIND_EXTERNAL = 2;
+}
+
+message AgentConfig {}
+
+message Agent {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  string token_hint = 4;
+  optional string fingerprint = 5;
+  AgentKind kind = 6;
+  AgentStatus status = 7;
+  bool is_enabled = 8;
+  optional string location = 9;
+  repeated string tags = 10;
+  AgentConfig config = 11;
+  system.v1.SystemInfo system_info = 12;
+  google.protobuf.Timestamp last_seen_at = 13;
+  google.protobuf.Timestamp created_at = 14;
+  google.protobuf.Timestamp updated_at = 15;
+}
+
+// AgentsList agents lists all agents.
+message AgentsListRequest {}
+message AgentsListResponse {
+  repeated Agent items = 1;
+  uint32 count = 2;
+}
+
+// AgentsGet agent gets an agent by ID.
+message AgentsGetRequest { string id = 1; }
+message AgentsGetResponse { Agent item = 1; }
+
+// AgentsCreate agent creates a new agent.
+message AgentsCreateRequest {
+  string name = 1;
+  string description = 2;
+  bool is_enabled = 3;
+  repeated string tags = 4;
+  AgentConfig config = 5;
+}
+message AgentsCreateResponse {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  string token = 4;
+  string token_hint = 5;
+  AgentStatus status = 6;
+  AgentKind kind = 7;
+  bool is_enabled = 8;
+  optional string location = 9;
+  repeated string tags = 10;
+  AgentConfig config = 11;
+  google.protobuf.Timestamp created_at = 12;
+}
+
+// AgentsUpdate agent updates an existing agent.
+message AgentsUpdateRequest {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  bool is_enabled = 4;
+  optional string location = 5;
+  repeated string tags = 6;
+  AgentConfig config = 7;
+}
+message AgentsUpdateResponse { Agent item = 1; }
+
+// Delete agent deletes an agent by ID.
+message AgentsDeleteRequest { string id = 1; }
+message AgentsDeleteResponse {}
+
+// AgentsSubscribe subscribes to agent events.
+message AgentsSubscribeRequest {}
+message AgentsSubscribeResponse {}
diff --git a/schema/sentinel/auth/v1/auth.proto b/schema/sentinel/auth/v1/auth.proto
new file mode 100644
index 0000000..7ac00e0
--- /dev/null
+++ b/schema/sentinel/auth/v1/auth.proto
@@ -0,0 +1,95 @@
+syntax = "proto3";
+package sentinel.auth.v1;
+
+import "google/protobuf/timestamp.proto";
+import "sentinel/users/v1/users.proto";
+
+// AuthService is the service for authentication and authorization.
+service AuthService {
+  /* Auth */
+  rpc Authorization(AuthorizationRequest) returns (AuthorizationResponse) {};
+  rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse) {};
+  rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse) {};
+  rpc Logout(LogoutRequest) returns (LogoutResponse) {};
+
+  /* Sessions */
+  rpc ActiveSessions(ActiveSessionsRequest) returns (ActiveSessionsResponse) {};
+  rpc DeleteSession(DeleteSessionRequest) returns (DeleteSessionResponse) {};
+  rpc TerminateAllSessions(TerminateAllSessionsRequest)
+      returns (TerminateAllSessionsResponse) {};
+}
+
+enum DeviceType {
+  DEVICE_TYPE_UNSPECIFIED = 0;
+  DEVICE_TYPE_WEB = 1;
+}
+
+message DeviceInfo {
+  string device_id = 1;
+  DeviceType device_type = 2;
+  string device_name = 3;
+  string fingerprint = 4;
+  string os_version = 5;
+  string app_version = 6;
+}
+
+message Session {
+  DeviceInfo device_info = 1;
+  string country = 2;
+  string ip = 3;
+  google.protobuf.Timestamp created_at = 4;
+}
+
+// Authorization
+message AuthorizationRequest {
+  string email = 1;
+  string password = 2;
+  DeviceInfo device_info = 4;
+}
+
+message AuthPayload {
+  string access_token = 1;
+  string refresh_token = 2;
+  google.protobuf.Timestamp access_token_expired_at = 3;
+  google.protobuf.Timestamp refresh_token_expired_at = 4;
+  string device_id = 5;
+  optional string organization_id = 6;
+}
+
+message AuthorizationResponse {
+  AuthPayload auth_payload = 1;
+  sentinel.users.v1.User user = 2;
+}
+
+// Authenticate
+message AuthenticateRequest { string access_token = 1; }
+message AuthenticateResponse { sentinel.users.v1.User user = 2; }
+
+// Refresh token
+message RefreshTokenRequest { string refresh_token = 1; }
+message RefreshTokenResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  google.protobuf.Timestamp access_token_expired_at = 3;
+  google.protobuf.Timestamp refresh_token_expired_at = 4;
+}
+
+// Active sessions
+message ActiveSessionsRequest {}
+message ActiveSessionsResponse { repeated Session sessions = 1; }
+
+// Delete session
+message DeleteSessionRequest { string device_id = 1; }
+message DeleteSessionResponse {}
+
+// Terminate all sessions
+message TerminateAllSessionsRequest {
+  // Current device id. This session will not be terminated.
+  // If not set, all sessions will be terminated.
+  optional string device_id = 1;
+}
+message TerminateAllSessionsResponse {}
+
+// Logout
+message LogoutRequest {}
+message LogoutResponse {}
diff --git a/schema/sentinel/common/v1/common.proto b/schema/sentinel/common/v1/common.proto
new file mode 100644
index 0000000..faf6674
--- /dev/null
+++ b/schema/sentinel/common/v1/common.proto
@@ -0,0 +1,9 @@
+syntax = "proto3";
+package sentinel.common.v1;
+
+message FindRequestCommon {
+  optional uint32 page = 1;
+  optional uint32 page_size = 2;
+  optional string order_by = 3;
+  bool is_asc_order = 4;
+}
diff --git a/schema/sentinel/hub/v1/hub.proto b/schema/sentinel/hub/v1/hub.proto
new file mode 100644
index 0000000..0a83ee8
--- /dev/null
+++ b/schema/sentinel/hub/v1/hub.proto
@@ -0,0 +1,72 @@
+syntax = "proto3";
+package sentinel.hub.v1;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/empty.proto";
+import "sentinel/system/v1/service.proto";
+import "sentinel/service/v1/service.proto";
+import "sentinel/agents/v1/agents.proto";
+
+// HubService is the service for hub management
+service HubService {
+  // Ping is a health check endpoint.
+  rpc Ping(google.protobuf.Empty) returns (google.protobuf.Empty);
+  // Authenticate authenticates the hub and returns an authentication token.
+  rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
+  // ReportSystemInfo reports the system information of the hub.
+  rpc ReportSystemInfo(ReportSystemInfoRequest)
+      returns (ReportSystemInfoResponse) {}
+  // FetchServices fetches the list of services to be monitored by the hub.
+  rpc FetchServices(FetchServicesRequest) returns (FetchServicesResponse);
+  // SubscribeServices subscribes to the service updates.
+  rpc SubscribeServices(SubscribeServicesRequest)
+      returns (stream SubscribeServicesResponse);
+  // StreamChecks streams the check results to the server.
+  rpc StreamChecks(stream StreamChecksRequest)
+      returns (stream StreamChecksResponse);
+}
+
+message ServiceUpsert {
+  string rev = 1;
+  service.v1.Service service = 2;
+}
+
+message ServiceDelete {
+  string rev = 1;
+  string service_id = 2;
+}
+
+message AuthenticateRequest { string fingerprint = 1; }
+message AuthenticateResponse {}
+
+message ReportSystemInfoRequest {
+  agents.v1.AgentStatus status = 1;
+  system.v1.SystemInfo system_info = 2;
+}
+message ReportSystemInfoResponse {}
+
+message FetchServicesRequest {}
+message FetchServicesResponse { repeated service.v1.Service services = 1; }
+
+message SubscribeServicesRequest { string last_rev = 1; }
+message SubscribeServicesResponse {
+  oneof update {
+    ServiceUpsert upsert = 1;
+    ServiceDelete delete = 2;
+  }
+}
+
+message CheckResult {
+  string service_id = 1;
+  service.v1.ServiceStatus status = 2;
+  google.protobuf.Timestamp checked_at = 3;
+  string response_message = 4;
+  string response_error_message = 5;
+  int64 response_time = 6;
+}
+
+message StreamChecksRequest {
+  uint64 seq = 1;
+  repeated CheckResult results = 2;
+}
+message StreamChecksResponse { uint64 upto_seq = 1; }
diff --git a/schema/sentinel/notifications/v1/notifications.proto b/schema/sentinel/notifications/v1/notifications.proto
new file mode 100644
index 0000000..61bee80
--- /dev/null
+++ b/schema/sentinel/notifications/v1/notifications.proto
@@ -0,0 +1,100 @@
+syntax = "proto3";
+package sentinel.notifications.v1;
+
+import "google/protobuf/timestamp.proto";
+import "sentinel/common/v1/common.proto";
+
+// NotificationService is the service for managing notification providers and
+// history.
+service NotificationService {
+  rpc ProvidersList(ProvidersListRequest) returns (ProvidersListResponse);
+  rpc ProviderCreate(ProviderCreateRequest) returns (ProviderCreateResponse);
+  rpc ProviderUpdate(ProviderUpdateRequest) returns (ProviderUpdateResponse);
+  rpc ProviderDelete(ProviderDeleteRequest) returns (ProviderDeleteResponse);
+  rpc ProviderTest(ProviderTestRequest) returns (ProviderTestResponse);
+  rpc HistoryList(HistoryListRequest) returns (HistoryListResponse);
+  rpc HistoryDeleteAll(HistoryDeleteAllRequest)
+      returns (HistoryDeleteAllResponse);
+  rpc HistorySubscribe(HistorySubscribeRequest)
+      returns (stream HistorySubscribeResponse);
+}
+
+enum ProviderType {
+  PROVIDER_TYPE_UNSPECIFIED = 0;
+  PROVIDER_TYPE_SHOUTRRR = 1;
+}
+
+message ShoutrrrConfig { string url = 1; }
+
+message ProviderConfig {
+  oneof config { ShoutrrrConfig shoutrrr = 1; }
+}
+
+message Provider {
+  string id = 1;
+  ProviderType type = 2;
+  ProviderConfig config = 3;
+  bool is_enabled = 4;
+  google.protobuf.Timestamp created_at = 5;
+  google.protobuf.Timestamp updated_at = 6;
+}
+
+message HistoryItem {
+  string id = 1;
+  string message = 2;
+  string status = 3;
+  optional string response = 4;
+  int64 attempts = 5;
+  optional string error_message = 6;
+  google.protobuf.Timestamp last_attempt_at = 7;
+  google.protobuf.Timestamp sent_at = 8;
+  google.protobuf.Timestamp created_at = 9;
+  google.protobuf.Timestamp updated_at = 10;
+}
+
+// ProvidersList lists all notification providers.
+message ProvidersListRequest {}
+message ProvidersListResponse { repeated Provider items = 1; }
+
+// ProviderCreate creates a new notification provider.
+message ProviderCreateRequest {
+  ProviderType type = 1;
+  ProviderConfig config = 2;
+  bool is_enabled = 3;
+}
+message ProviderCreateResponse { Provider item = 1; }
+
+// ProviderUpdate updates an existing notification provider.
+message ProviderUpdateRequest {
+  string id = 1;
+  ProviderType type = 2;
+  ProviderConfig config = 3;
+  bool is_enabled = 4;
+}
+message ProviderUpdateResponse { Provider item = 1; }
+
+// ProviderDelete deletes a notification provider.
+message ProviderDeleteRequest { string id = 1; }
+message ProviderDeleteResponse {}
+
+// ProviderTest sends a test notification using the specified provider.
+message ProviderTestRequest { string id = 1; }
+message ProviderTestResponse {}
+
+// History retrieves the notification history with optional filters.
+message HistoryListRequest {
+  common.v1.FindRequestCommon common = 1;
+  string status = 2;
+}
+message HistoryListResponse {
+  repeated HistoryItem items = 1;
+  uint32 count = 2;
+}
+
+// HistoryDeleteAll deletes all notification history items.
+message HistoryDeleteAllRequest {}
+message HistoryDeleteAllResponse {}
+
+// HistorySubscribe subscribes to real-time notification history updates.
+message HistorySubscribeRequest {}
+message HistorySubscribeResponse {}
diff --git a/schema/sentinel/projects/v1/projects.proto b/schema/sentinel/projects/v1/projects.proto
new file mode 100644
index 0000000..691b190
--- /dev/null
+++ b/schema/sentinel/projects/v1/projects.proto
@@ -0,0 +1,59 @@
+syntax = "proto3";
+package sentinel.projects.v1;
+
+import "google/protobuf/timestamp.proto";
+
+// ProjectsService is the service for managing projects.
+service ProjectsService {
+  rpc ProjectsList(ProjectsListRequest) returns (ProjectsListResponse);
+  rpc ProjectCreate(ProjectCreateRequest) returns (ProjectCreateResponse);
+  rpc ProjectGet(ProjectGetRequest) returns (ProjectGetResponse);
+  rpc ProjectUpdate(ProjectUpdateRequest) returns (ProjectUpdateResponse);
+  rpc ProjectDelete(ProjectDeleteRequest) returns (ProjectDeleteResponse);
+}
+
+message ProjectMonitorDefaults {
+  int64 interval = 1; // in milliseconds
+  int64 timeout = 2;  // in milliseconds
+  int64 retries = 3;
+}
+
+message ProjectSettings { ProjectMonitorDefaults monitor_defaults = 1; }
+
+message Project {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  ProjectSettings settings = 6;
+  google.protobuf.Timestamp created_at = 4;
+  google.protobuf.Timestamp updated_at = 5;
+}
+
+// ProjectsListRequest is the request message for listing projects.
+message ProjectsListRequest {}
+message ProjectsListResponse { repeated Project items = 1; }
+
+// ProjectCreateRequest is the request message for creating a project.
+message ProjectCreateRequest {
+  string name = 1;
+  string description = 2;
+  ProjectSettings settings = 3;
+}
+message ProjectCreateResponse { Project item = 1; }
+
+// ProjectGetRequest is the request message for getting a project.
+message ProjectGetRequest { string id = 1; }
+message ProjectGetResponse { Project item = 1; }
+
+// ProjectUpdateRequest is the request message for updating a project.
+message ProjectUpdateRequest {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  ProjectSettings settings = 4;
+}
+message ProjectUpdateResponse { Project item = 1; }
+
+// ProjectDeleteRequest is the request message for deleting a project.
+message ProjectDeleteRequest { string id = 1; }
+message ProjectDeleteResponse {}
diff --git a/schema/sentinel/resources/v1/service.proto b/schema/sentinel/resources/v1/service.proto
new file mode 100644
index 0000000..63b6749
--- /dev/null
+++ b/schema/sentinel/resources/v1/service.proto
@@ -0,0 +1,72 @@
+syntax = "proto3";
+package sentinel.resources.v1;
+
+import "google/protobuf/timestamp.proto";
+import "sentinel/common/v1/common.proto";
+
+// ResourcesService is the service for managing resources.
+service ResourcesService {
+  rpc ResourcesList(ResourcesListRequest) returns (ResourcesListResponse);
+  rpc ResourceGet(ResourceGetRequest) returns (ResourceGetResponse);
+  rpc ResourceCreate(ResourceCreateRequest) returns (ResourceCreateResponse);
+  rpc ResourceUpdate(ResourceUpdateRequest) returns (ResourceUpdateResponse);
+  rpc ResourceDelete(ResourceDeleteRequest) returns (ResourceDeleteResponse);
+}
+
+message Payload {}
+
+enum ResourceKind {
+  RESOURCE_KIND_UNSPECIFIED = 0;
+  RESOURCE_KIND_SERVICE = 1;
+  RESOURCE_KIND_SERVER = 2;
+}
+
+message Resource {
+  string id = 1;
+  string project_id = 2;
+  string name = 3;
+  string description = 4;
+  ResourceKind kind = 5;
+  repeated string tags = 6;
+  Payload payload = 7;
+  google.protobuf.Timestamp created_at = 8;
+  google.protobuf.Timestamp updated_at = 9;
+}
+
+// ResourcesList requests a list of resources.
+message ResourcesListRequest { common.v1.FindRequestCommon common = 1; }
+message ResourcesListResponse {
+  repeated Resource items = 1;
+  uint32 count = 2;
+}
+
+// ResourceGet requests a resource by ID.
+message ResourceGetRequest { string id = 1; }
+message ResourceGetResponse { Resource item = 1; }
+
+// ResourceCreate creates a new resource.
+message ResourceCreateRequest {
+  string project_id = 1;
+  repeated string agent_ids = 2;
+  string name = 3;
+  string description = 4;
+  ResourceKind kind = 5;
+  repeated string tags = 6;
+  Payload payload = 7;
+}
+message ResourceCreateResponse { Resource item = 1; }
+
+// ResourceUpdate updates an existing resource.
+message ResourceUpdateRequest {
+  string id = 1;
+  string name = 2;
+  string description = 3;
+  repeated string tags = 4;
+  Payload payload = 5;
+  repeated string agent_ids = 6;
+}
+message ResourceUpdateResponse { Resource item = 1; }
+
+// ResourceDelete deletes a resource by ID.
+message ResourceDeleteRequest { string id = 1; }
+message ResourceDeleteResponse {}
diff --git a/schema/sentinel/service/v1/service.proto b/schema/sentinel/service/v1/service.proto
new file mode 100644
index 0000000..c980ee9
--- /dev/null
+++ b/schema/sentinel/service/v1/service.proto
@@ -0,0 +1,69 @@
+syntax = "proto3";
+package sentinel.service.v1;
+
+import "google/protobuf/timestamp.proto";
+
+enum ServiceProtocol {
+  SERVICE_PROTOCOL_UNSPECIFIED = 0;
+  SERVICE_PROTOCOL_HTTP = 1;
+  SERVICE_PROTOCOL_TCP = 2;
+  SERVICE_PROTOCOL_GRPC = 3;
+}
+
+enum ServiceStatus {
+  SERVICE_STATUS_UNSPECIFIED = 0;
+  SERVICE_STATUS_UNKNOWN = 1;
+  SERVICE_STATUS_UP = 2;
+  SERVICE_STATUS_DOWN = 3;
+}
+
+message HTTPConfig {
+  message EndpointConfig {
+    string name = 1;
+    string url = 2;
+    string method = 3;
+    map<string, string> headers = 4;
+    string body = 5;
+    int32 expected_status = 6;
+    string json_path = 7;
+    string username = 8;
+    string password = 9;
+  }
+  repeated EndpointConfig endpoints = 1;
+  string condition = 2;
+}
+
+message TCPConfig {
+  string endpoint = 1;
+  string send_data = 2;
+  string expect_data = 3;
+}
+
+message GRPCConfig {
+  string endpoint = 1;
+  string check_type = 2;
+  string service_name = 3;
+  bool tls = 4;
+  bool insecure_tls = 5;
+}
+
+message ServiceConfig {
+  optional HTTPConfig http_config = 1;
+  optional TCPConfig tcp_config = 2;
+  optional GRPCConfig grpc_config = 3;
+}
+
+message Service {
+  string id = 1;
+  string name = 2;
+  ServiceProtocol protocol = 3;
+  int64 interval = 4;
+  int64 timeout = 5;
+  int64 retries = 6;
+  repeated string tags = 7;
+  ServiceConfig config = 8;
+  bool is_notifications_enabled = 9;
+  bool is_enabled = 10;
+  google.protobuf.Timestamp created_at = 11;
+  google.protobuf.Timestamp updated_at = 12;
+}
diff --git a/schema/sentinel/system/v1/service.proto b/schema/sentinel/system/v1/service.proto
new file mode 100644
index 0000000..b0237fd
--- /dev/null
+++ b/schema/sentinel/system/v1/service.proto
@@ -0,0 +1,61 @@
+syntax = "proto3";
+package sentinel.system.v1;
+
+import "google/protobuf/timestamp.proto";
+
+// SystemService is the service for system information
+service SystemService {
+  rpc CheckIsInitialized(CheckIsInitializedRequest)
+      returns (CheckIsInitializedResponse);
+  rpc Initialize(InitializeRequest) returns (InitializeResponse);
+  rpc GetSystemInfo(GetSystemInfoRequest) returns (GetSystemInfoResponse);
+  rpc CheckForUpdates(CheckForUpdatesRequest) returns (CheckForUpdatesResponse);
+}
+
+// AvailableUpdate represents information about an available update
+message AvailableUpdate {
+  string current_version = 1;
+  bool is_available = 2;
+  message Details {
+    bool is_available_manual = 1;
+    string tag_name = 2;
+    string url = 3;
+    string description = 4;
+  }
+  Details details = 3;
+}
+
+// SystemInfo represents information about the server
+message SystemInfo {
+  string version = 1;
+  string commit_hash = 2;
+  string build_date = 3;
+  string go_version = 4;
+  string sqlite_version = 5;
+  string os = 6;
+  string arch = 7;
+  string hostname = 8;
+  string kernel_version = 9;
+  string cpu_model = 10;
+  string ip_address = 11;
+  google.protobuf.Timestamp started_at = 12;
+}
+
+// CheckIsInitializedRequest
+message CheckIsInitializedRequest {}
+message CheckIsInitializedResponse { bool is_initialized = 1; }
+
+// InitializeRequest
+message InitializeRequest {
+  string email = 1;
+  string password = 2;
+}
+message InitializeResponse {}
+
+// GetSystemInfoRequest
+message GetSystemInfoRequest {}
+message GetSystemInfoResponse { SystemInfo info = 1; }
+
+// CheckForUpdatesRequest
+message CheckForUpdatesRequest {}
+message CheckForUpdatesResponse { AvailableUpdate info = 1; }
diff --git a/schema/sentinel/users/v1/users.proto b/schema/sentinel/users/v1/users.proto
new file mode 100644
index 0000000..ad7d464
--- /dev/null
+++ b/schema/sentinel/users/v1/users.proto
@@ -0,0 +1,14 @@
+syntax = "proto3";
+package sentinel.users.v1;
+
+import "google/protobuf/timestamp.proto";
+
+message User {
+  string id = 1;
+  string email = 2;
+  string full_name = 3;
+  string role = 4;
+  string avatar_url = 5;
+  google.protobuf.Timestamp created_at = 6;
+  google.protobuf.Timestamp updated_at = 7;
+}
diff --git a/scripts/install.sh b/scripts/install.sh
index 5cc0771..4ac2d41 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -332,15 +332,6 @@ monitoring:
     default_retries: 3
 
 timezone: UTC
-
-database:
-  path: "$DATA_DIR/db.sqlite"
-
-notifications:
-  enabled: false
-  urls:
-    # Telegram
-    # - "telegram://token@telegram?chats=@channel-1[,chat-id-1,...]&preview=false"
 EOF
 
     chown "$SERVICE_USER:$SERVICE_USER" "$CONFIG_FILE"
@@ -363,7 +354,7 @@ Wants=network.target
 Type=simple
 User=$SERVICE_USER
 Group=$SERVICE_USER
-ExecStart=$BINARY_PATH start --config $CONFIG_FILE
+ExecStart=$BINARY_PATH hub start --config $CONFIG_FILE
 WorkingDirectory=$CONFIG_DIR
 
 # Restart policy
diff --git a/sql/emded.go b/sql/emded.go
new file mode 100644
index 0000000..6f51c8a
--- /dev/null
+++ b/sql/emded.go
@@ -0,0 +1,10 @@
+package sql
+
+import (
+	"embed"
+)
+
+//go:embed migrations/*.sql
+var MigrationsFS embed.FS
+
+var MigrationsPath = "migrations"
diff --git a/sql/migrations/1_init_repo.down.sql b/sql/migrations/1_init_repo.down.sql
new file mode 100644
index 0000000..6b00a82
--- /dev/null
+++ b/sql/migrations/1_init_repo.down.sql
@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS incidents;
+DROP TABLE IF EXISTS service_states;
+DROP TABLE IF EXISTS services;
diff --git a/sql/migrations/1_init_repo.up.sql b/sql/migrations/1_init_repo.up.sql
new file mode 100644
index 0000000..bc8e6e1
--- /dev/null
+++ b/sql/migrations/1_init_repo.up.sql
@@ -0,0 +1,335 @@
+PRAGMA foreign_keys = ON;
+
+-- =========================
+-- Users
+-- =========================
+CREATE TABLE IF NOT EXISTS users (
+  id          TEXT PRIMARY KEY,
+  email       TEXT NOT NULL UNIQUE,
+  password    TEXT NOT NULL,
+  full_name   TEXT NOT NULL,
+  role        TEXT NOT NULL CHECK (role != ''), -- root/admin/user
+  avatar      TEXT NOT NULL,
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- =========================
+-- Projects
+-- =========================
+CREATE TABLE IF NOT EXISTS projects (
+  id          TEXT PRIMARY KEY,
+  name        TEXT NOT NULL,
+  description TEXT NOT NULL,
+  settings    JSONB NOT NULL DEFAULT (jsonb('{}')),
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- =========================
+-- Agents
+-- =========================
+CREATE TABLE IF NOT EXISTS agents (
+  id            TEXT PRIMARY KEY,
+  name          TEXT NOT NULL,
+  description   TEXT NOT NULL,
+  secret_hash   TEXT NOT NULL,
+  token_hint    TEXT NOT NULL,
+  fingerprint   TEXT,
+  kind          TEXT NOT NULL DEFAULT 'agent' CHECK (kind IN ('hub', 'external')),
+  status        TEXT NOT NULL DEFAULT 'unknown',
+  is_enabled    BOOLEAN NOT NULL DEFAULT 1,
+  "location"    TEXT,
+  tags          JSONB NOT NULL DEFAULT (jsonb('[]')),
+  config        JSONB NOT NULL DEFAULT (jsonb('{}')),
+  system_info   JSONB NOT NULL DEFAULT (jsonb('{}')),
+  project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  last_seen_at  DATETIME,
+  created_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_agents_kind        ON agents(kind);
+CREATE INDEX IF NOT EXISTS idx_agents_is_enabled  ON agents(is_enabled);
+CREATE INDEX IF NOT EXISTS idx_agents_location    ON agents("location");
+CREATE INDEX IF NOT EXISTS idx_agents_project     ON agents(project_id);
+
+-- =========================
+-- Resources per project
+-- =========================
+CREATE TABLE IF NOT EXISTS resources (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  name        TEXT NOT NULL,
+  description TEXT NOT NULL,
+  kind        TEXT NOT NULL CHECK (kind != ''),
+  tags        JSONB NOT NULL DEFAULT (jsonb('[]')),
+  payload     JSONB NOT NULL DEFAULT (jsonb('{}')),
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_resources_project ON resources(project_id);
+CREATE INDEX IF NOT EXISTS idx_resources_name    ON resources(name);
+
+-- =========================
+-- Resource <-> Agents links
+-- =========================
+CREATE TABLE IF NOT EXISTS resource_agents (
+  id          TEXT PRIMARY KEY,
+  resource_id TEXT NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+  agent_id    TEXT NOT NULL REFERENCES agents(id)    ON DELETE CASCADE,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE UNIQUE INDEX IF NOT EXISTS uq_resource_agent ON resource_agents(resource_id, agent_id);
+CREATE INDEX IF NOT EXISTS idx_resource_agents_resource ON resource_agents(resource_id);
+CREATE INDEX IF NOT EXISTS idx_resource_agents_agent    ON resource_agents(agent_id);
+CREATE INDEX IF NOT EXISTS idx_resource_agents_project  ON resource_agents(project_id);
+
+-- =========================
+-- Monitors <-> Agents links
+-- =========================
+CREATE TABLE monitor_agents (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  monitor_id  TEXT NOT NULL REFERENCES monitors(id) ON DELETE CASCADE,
+  agent_id    TEXT NOT NULL REFERENCES agents(id)   ON DELETE CASCADE,
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  UNIQUE(monitor_id, agent_id)
+);
+CREATE INDEX IF NOT EXISTS idx_monitor_agents_monitor ON monitor_agents(monitor_id);
+CREATE INDEX IF NOT EXISTS idx_monitor_agents_agent   ON monitor_agents(agent_id);
+CREATE INDEX IF NOT EXISTS idx_monitor_agents_project ON monitor_agents(project_id);
+
+-- =========================
+-- Monitors & their revisions
+-- =========================
+CREATE TABLE IF NOT EXISTS monitors (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  resource_id TEXT NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+  name        TEXT NOT NULL,
+  kind        TEXT NOT NULL CHECK (kind != ''), -- http/grpc/tcp/x509/kafka/pg/...
+  is_enabled     BOOLEAN NOT NULL DEFAULT 1,
+  tags        JSONB NOT NULL DEFAULT (jsonb('[]')),
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_monitors_project     ON monitors(project_id);
+CREATE INDEX IF NOT EXISTS idx_monitors_resource    ON monitors(resource_id);
+CREATE INDEX IF NOT EXISTS idx_monitors_is_enabled  ON monitors(is_enabled);
+CREATE INDEX IF NOT EXISTS idx_monitors_kind        ON monitors(kind);
+
+
+-- =========================
+-- Monitor Revisions (config history)
+-- =========================
+CREATE TABLE IF NOT EXISTS monitor_revisions (
+  id                   INTEGER PRIMARY KEY AUTOINCREMENT,
+  monitor_id           TEXT NOT NULL REFERENCES monitors(id) ON DELETE CASCADE,
+  config               JSONB NOT NULL DEFAULT (jsonb('{}')),  -- schedules/endpoints/rules/и т.д.
+  content_hash_uint64  INTEGER NOT NULL,                      -- xxhash64 normalized JSON
+  is_active            BOOLEAN NOT NULL DEFAULT 0,
+  created_at           DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_monrev_monitor ON monitor_revisions(monitor_id);
+CREATE UNIQUE INDEX IF NOT EXISTS uq_monrev_active ON monitor_revisions(monitor_id, is_active) WHERE is_active = 1;
+
+-- =========================
+-- Results: Monitor Checks
+-- =========================
+CREATE TABLE IF NOT EXISTS monitor_checks (
+  id                TEXT PRIMARY KEY,
+  project_id        TEXT NOT NULL REFERENCES projects(id)  ON DELETE CASCADE,
+  monitor_id        TEXT NOT NULL REFERENCES monitors(id)  ON DELETE CASCADE,
+  revision_id       INTEGER NOT NULL REFERENCES monitor_revisions(id) ON DELETE RESTRICT,
+  resource_id       TEXT NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+  agent_id          TEXT NOT NULL REFERENCES agents(id)    ON DELETE CASCADE,
+  started_at        DATETIME NOT NULL,
+  completed_at      DATETIME NOT NULL,
+  severity          INTEGER NOT NULL CHECK (severity BETWEEN 0 AND 5),
+  response_time     INTEGER NOT NULL DEFAULT 0,
+  evaluation        JSONB NOT NULL DEFAULT (jsonb('{}')),
+  meta              JSONB NOT NULL DEFAULT (jsonb('{}')),
+  created_at        DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_checks_monitor_time   ON monitor_checks(monitor_id, completed_at);
+CREATE INDEX IF NOT EXISTS idx_checks_resource_time  ON monitor_checks(resource_id, completed_at);
+CREATE INDEX IF NOT EXISTS idx_checks_agent_time     ON monitor_checks(agent_id, completed_at);
+CREATE INDEX IF NOT EXISTS idx_checks_severity_time  ON monitor_checks(severity, completed_at DESC);
+
+-- =========================
+-- Current state (global & per-agent)
+-- =========================
+CREATE TABLE IF NOT EXISTS monitor_states (
+  id                     TEXT PRIMARY KEY,
+  project_id             TEXT NOT NULL REFERENCES projects(id)  ON DELETE CASCADE,
+  monitor_id             TEXT NOT NULL REFERENCES monitors(id)  ON DELETE CASCADE,
+  resource_id            TEXT NOT NULL REFERENCES resources(id) ON DELETE CASCADE,
+  agent_id               TEXT REFERENCES agents(id)             ON DELETE SET NULL,
+  severity               INTEGER NOT NULL DEFAULT 0 CHECK (severity BETWEEN 0 AND 5),
+  status                 TEXT NOT NULL DEFAULT 'unknown',
+  last_check             DATETIME,
+  last_error             TEXT,
+  consecutive_fails      INTEGER NOT NULL DEFAULT 0,
+  consecutive_success    INTEGER NOT NULL DEFAULT 0,
+  total_checks           INTEGER NOT NULL DEFAULT 0,
+  avg_response_time      INTEGER NOT NULL DEFAULT 0,
+  updated_at             DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE UNIQUE INDEX IF NOT EXISTS uq_monstate_key ON monitor_states(monitor_id, resource_id, agent_id);
+CREATE INDEX IF NOT EXISTS idx_monstate_project    ON monitor_states(project_id);
+CREATE INDEX IF NOT EXISTS idx_monstate_severity   ON monitor_states(severity);
+CREATE INDEX IF NOT EXISTS idx_monstate_last_check ON monitor_states(last_check DESC);
+
+-- =========================
+-- Incidents & their events
+-- =========================
+CREATE TABLE IF NOT EXISTS incidents (
+  id            TEXT PRIMARY KEY,
+  project_id    TEXT NOT NULL REFERENCES projects(id)  ON DELETE CASCADE,
+  origin        TEXT NOT NULL CHECK (origin IN ('monitor','manual','external')),
+  monitor_id    TEXT REFERENCES monitors(id)  ON DELETE CASCADE,
+  resource_id   TEXT REFERENCES resources(id) ON DELETE CASCADE,
+  agent_id      TEXT REFERENCES agents(id)    ON DELETE SET NULL,
+  kind          TEXT NOT NULL CHECK (kind != ''),
+  status        TEXT NOT NULL CHECK (status IN ('open','ack','resolved')),
+  severity      INTEGER NOT NULL CHECK (severity BETWEEN 0 AND 5),
+  summary       TEXT NOT NULL,
+  first_seen_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  last_seen_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  resolved_at   DATETIME,
+  created_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS uq_incident_open
+ON incidents(monitor_id, resource_id, agent_id, kind)
+WHERE status IN ('open','ack');
+
+CREATE INDEX IF NOT EXISTS idx_incidents_project      ON incidents(project_id);
+CREATE INDEX IF NOT EXISTS idx_incidents_status       ON incidents(status);
+CREATE INDEX IF NOT EXISTS idx_incidents_first_seen   ON incidents(first_seen_at DESC);
+CREATE INDEX IF NOT EXISTS idx_incidents_resolved_at  ON incidents(resolved_at);
+
+-- =========================
+-- Incident events (history of state changes)
+-- =========================
+CREATE TABLE IF NOT EXISTS incident_events (
+  id           INTEGER PRIMARY KEY AUTOINCREMENT,
+  incident_id  TEXT NOT NULL REFERENCES incidents(id) ON DELETE CASCADE,
+  created_at   DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  type         TEXT NOT NULL CHECK (type IN ('open','escalate','ack','close','note','touch')),
+  payload      JSONB NOT NULL DEFAULT (jsonb('{}'))
+);
+CREATE INDEX IF NOT EXISTS idx_incident_events_incident ON incident_events(incident_id);
+CREATE INDEX IF NOT EXISTS idx_incident_events_time     ON incident_events(created_at DESC);
+
+-- =========================
+-- Notification providers
+-- =========================
+CREATE TABLE IF NOT EXISTS notification_providers (
+  id            TEXT PRIMARY KEY,
+  provider_type TEXT NOT NULL,
+  config        JSONB NOT NULL DEFAULT (jsonb('{}')),
+  is_enabled    BOOLEAN NOT NULL DEFAULT 1,
+  project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  created_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at    DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_notif_providers_enabled ON notification_providers(is_enabled);
+CREATE INDEX IF NOT EXISTS idx_notif_providers_project ON notification_providers(project_id);
+
+-- =========================
+-- Alert Policies
+-- =========================
+CREATE TABLE IF NOT EXISTS alert_policies (
+  id          TEXT PRIMARY KEY,
+  name        TEXT NOT NULL,
+  rules       JSONB NOT NULL,
+  is_enabled  BOOLEAN NOT NULL DEFAULT 1,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_alert_policies_project    ON alert_policies(project_id);
+CREATE INDEX IF NOT EXISTS idx_alert_policies_enabled    ON alert_policies(is_enabled);
+
+-- ==========================
+-- Alert Policies links to resources/monitors
+-- ==========================
+CREATE TABLE IF NOT EXISTS alert_policy_resources (
+  policy_id  TEXT NOT NULL REFERENCES alert_policies(id) ON DELETE CASCADE,
+  resource_id TEXT NOT NULL REFERENCES resources(id)     ON DELETE CASCADE,
+  PRIMARY KEY (policy_id, resource_id)
+);
+CREATE TABLE IF NOT EXISTS alert_policy_monitors (
+  policy_id  TEXT NOT NULL REFERENCES alert_policies(id) ON DELETE CASCADE,
+  monitor_id TEXT NOT NULL REFERENCES monitors(id)       ON DELETE CASCADE,
+  PRIMARY KEY (policy_id, monitor_id)
+);
+
+-- =========================
+-- Alerts (created alerts for incidents)
+-- =========================
+CREATE TABLE IF NOT EXISTS alerts (
+  id           TEXT PRIMARY KEY,
+  incident_id  TEXT NOT NULL REFERENCES incidents(id)       ON DELETE CASCADE,
+  policy_id    TEXT NOT NULL REFERENCES alert_policies(id) ON DELETE RESTRICT,
+  status       TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending','sent','silenced','failed')),
+  created_at   DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_alerts_incident ON alerts(incident_id);
+CREATE INDEX IF NOT EXISTS idx_alerts_status   ON alerts(status);
+
+-- =========================
+-- Notifications history
+-- =========================
+CREATE TABLE IF NOT EXISTS notification_history (
+  id             TEXT PRIMARY KEY,
+  alert_id       TEXT REFERENCES alerts(id) ON DELETE CASCADE,
+  provider_id    TEXT NOT NULL REFERENCES notification_providers(id) ON DELETE CASCADE,
+  message        TEXT NOT NULL CHECK (message != ''),
+  status         TEXT NOT NULL DEFAULT 'pending',
+  response       TEXT,
+  attempts       INTEGER NOT NULL DEFAULT 0,
+  error_message  TEXT,
+  last_attempt_at DATETIME,
+  sent_at        DATETIME,
+  created_at     DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at     DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_notification_history_provider ON notification_history(provider_id);
+CREATE INDEX IF NOT EXISTS idx_notification_history_status   ON notification_history(status);
+
+-- =========================
+-- Maintenance windows (one-off) + explicit links
+-- =========================
+CREATE TABLE IF NOT EXISTS maintenance_windows (
+  id          TEXT PRIMARY KEY,
+  name        TEXT NOT NULL,
+  start_at    DATETIME NOT NULL,   -- UTC
+  end_at      DATETIME NOT NULL,   -- UTC
+  reason      TEXT,
+  created_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CHECK (end_at > start_at)
+);
+
+-- =========================
+-- Maintenance windows links to projects/resources/monitors
+-- =========================
+CREATE TABLE IF NOT EXISTS mw_projects (
+  mw_id     TEXT NOT NULL REFERENCES maintenance_windows(id) ON DELETE CASCADE,
+  project_id TEXT NOT NULL REFERENCES projects(id)           ON DELETE CASCADE,
+  PRIMARY KEY (mw_id, project_id)
+);
+CREATE TABLE IF NOT EXISTS mw_resources (
+  mw_id     TEXT NOT NULL REFERENCES maintenance_windows(id) ON DELETE CASCADE,
+  resource_id TEXT NOT NULL REFERENCES resources(id)         ON DELETE CASCADE,
+  PRIMARY KEY (mw_id, resource_id)
+);
+CREATE TABLE IF NOT EXISTS mw_monitors (
+  mw_id     TEXT NOT NULL REFERENCES maintenance_windows(id) ON DELETE CASCADE,
+  monitor_id TEXT NOT NULL REFERENCES monitors(id)           ON DELETE CASCADE,
+  PRIMARY KEY (mw_id, monitor_id)
+);
diff --git a/sql/migrations_old/1_init_repo.down.sql b/sql/migrations_old/1_init_repo.down.sql
new file mode 100644
index 0000000..6b00a82
--- /dev/null
+++ b/sql/migrations_old/1_init_repo.down.sql
@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS incidents;
+DROP TABLE IF EXISTS service_states;
+DROP TABLE IF EXISTS services;
diff --git a/sql/migrations_old/1_init_repo.up.sql b/sql/migrations_old/1_init_repo.up.sql
new file mode 100644
index 0000000..b257c06
--- /dev/null
+++ b/sql/migrations_old/1_init_repo.up.sql
@@ -0,0 +1,57 @@
+-- Create services table
+CREATE TABLE IF NOT EXISTS services (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  protocol TEXT NOT NULL CHECK (protocol != ''),
+  interval INTEGER NOT NULL DEFAULT 0,
+  timeout INTEGER NOT NULL DEFAULT 0,
+  retries INTEGER NOT NULL DEFAULT 3,
+  tags jsonb NOT NULL DEFAULT '[]',
+  config jsonb NOT NULL DEFAULT '{}',
+  is_enabled BOOLEAN NOT NULL DEFAULT TRUE,
+  is_notifications_enabled BOOLEAN NOT NULL DEFAULT TRUE,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Create service_states table for current service states
+CREATE TABLE IF NOT EXISTS service_states (
+  id TEXT PRIMARY KEY,
+  service_id TEXT NOT NULL REFERENCES services(id) ON DELETE CASCADE,
+  status TEXT NOT NULL DEFAULT 'unknown',
+  last_check DATETIME,
+  last_error TEXT,
+  consecutive_fails INTEGER NOT NULL DEFAULT 0,
+  consecutive_success INTEGER NOT NULL DEFAULT 0,
+  total_checks INTEGER NOT NULL DEFAULT 0,
+  avg_response_time INTEGER,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  UNIQUE(service_id)
+);
+
+-- Create incidents table
+CREATE TABLE IF NOT EXISTS incidents (
+  id TEXT PRIMARY KEY,
+  service_id TEXT NOT NULL REFERENCES services(id) ON DELETE CASCADE,
+  error TEXT NOT NULL,
+  duration INTEGER,
+  started_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  resolved_at DATETIME,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+-- Create indexes for performance
+CREATE INDEX IF NOT EXISTS idx_services_name ON services(name);
+CREATE INDEX IF NOT EXISTS idx_services_enabled ON services(is_enabled);
+CREATE INDEX IF NOT EXISTS idx_services_created_at ON services(created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_incidents_service_id ON incidents(service_id);
+CREATE INDEX IF NOT EXISTS idx_incidents_started_at ON incidents(started_at DESC);
+CREATE INDEX IF NOT EXISTS idx_incidents_resolved_at ON incidents(resolved_at);
+CREATE INDEX IF NOT EXISTS idx_incidents_created_at ON incidents(created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_service_states_service_id ON service_states(service_id);
+CREATE INDEX IF NOT EXISTS idx_service_states_status ON service_states(status);
+CREATE INDEX IF NOT EXISTS idx_service_states_last_check ON service_states(last_check DESC);
diff --git a/sql/migrations_old/2_agents.down.sql b/sql/migrations_old/2_agents.down.sql
new file mode 100644
index 0000000..1349c3a
--- /dev/null
+++ b/sql/migrations_old/2_agents.down.sql
@@ -0,0 +1,14 @@
+-- Drop notification history table
+DROP TABLE IF EXISTS notification_history;
+
+-- Drop notification providers table
+DROP TABLE IF EXISTS notification_providers;
+
+-- Drop incident states table
+DROP TABLE IF EXISTS incident_states;
+
+-- Drop service_agents table
+DROP TABLE IF EXISTS service_agents;
+
+-- Drop agents table
+DROP TABLE IF EXISTS agents;
diff --git a/sql/migrations_old/2_agents.up.sql b/sql/migrations_old/2_agents.up.sql
new file mode 100644
index 0000000..f1e42f4
--- /dev/null
+++ b/sql/migrations_old/2_agents.up.sql
@@ -0,0 +1,70 @@
+-- Create agents table
+CREATE TABLE IF NOT EXISTS agents (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  description TEXT,
+  secret_hash TEXT NOT NULL,
+  token_hint TEXT NOT NULL,
+  fingerprint TEXT,
+  "status" TEXT NOT NULL DEFAULT 'unknown',
+  is_enabled BOOLEAN NOT NULL DEFAULT TRUE,
+  tags jsonb NOT NULL DEFAULT '[]',
+  config jsonb NOT NULL DEFAULT '{}',
+  system_info jsonb NOT NULL DEFAULT '{}',
+  last_seen_at DATETIME,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_agents_name ON agents(name); 
+CREATE INDEX IF NOT EXISTS idx_agents_enabled ON agents(is_enabled);
+
+-- Create service_agents table (many-to-many relationship between services and agents)
+CREATE TABLE IF NOT EXISTS service_agents (
+  id TEXT PRIMARY KEY,
+  service_id TEXT NOT NULL REFERENCES services(id) ON DELETE CASCADE,
+  agent_id TEXT NOT NULL REFERENCES agents(id) ON DELETE CASCADE,
+  revision TEXT NOT NULL CHECK (revision != '')
+);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_services_agents_unique ON service_agents(service_id, agent_id);
+
+-- Create incidents states table
+CREATE TABLE IF NOT EXISTS incident_states (
+  id TEXT PRIMARY KEY,
+  incident_id TEXT NOT NULL REFERENCES incidents(id) ON DELETE CASCADE,
+  "status" TEXT NOT NULL CHECK (status != ''),
+  level INTEGER NOT NULL DEFAULT 0,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_incident_states_incident_id ON incident_states(incident_id);
+CREATE INDEX IF NOT EXISTS idx_incident_states_status ON incident_states(status);
+
+-- Create notifications providers table
+CREATE TABLE IF NOT EXISTS notification_providers (
+  id TEXT PRIMARY KEY,
+  provider_type TEXT NOT NULL,
+  config jsonb NOT NULL DEFAULT '{}',
+  is_enabled BOOLEAN NOT NULL DEFAULT TRUE,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_notification_providers_enabled ON notification_providers(is_enabled);
+
+-- Create notifications history table
+CREATE TABLE IF NOT EXISTS notification_history (
+  id TEXT PRIMARY KEY,
+  provider_id TEXT NOT NULL REFERENCES notification_providers(id) ON DELETE CASCADE,
+  service_id TEXT REFERENCES services(id) ON DELETE SET NULL,
+  incident_id TEXT REFERENCES incidents(id) ON DELETE SET NULL,
+  message TEXT NOT NULL CHECK (message != ''),
+  "status" TEXT NOT NULL DEFAULT 'pending' CHECK (status != ''),
+  response TEXT,
+  attempts INTEGER NOT NULL DEFAULT 0,
+  error_message TEXT,
+  last_attempt_at DATETIME,
+  sent_at DATETIME,
+  created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_notification_history_provider ON notification_history(provider_id);
+CREATE INDEX IF NOT EXISTS idx_notification_history_status ON notification_history(status);
diff --git a/sql/queries/agents/agents.sql b/sql/queries/agents/agents.sql
new file mode 100644
index 0000000..3ced07b
--- /dev/null
+++ b/sql/queries/agents/agents.sql
@@ -0,0 +1,5 @@
+-- name: Exist :one
+SELECT EXISTS (SELECT 1 FROM agents WHERE id=? LIMIT 1);
+
+-- name: GetByIDAndProjectID :one
+SELECT * FROM agents WHERE id=? AND project_id=? LIMIT 1;
diff --git a/sql/queries/agents/agents_gen.sql b/sql/queries/agents/agents_gen.sql
new file mode 100755
index 0000000..b0460ff
--- /dev/null
+++ b/sql/queries/agents/agents_gen.sql
@@ -0,0 +1,11 @@
+-- name: Create :one
+INSERT INTO agents (id, name, description, secret_hash, token_hint, kind, is_enabled, location, tags, config, project_id)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM agents WHERE id=? AND project_id=?;
+
+-- name: GetByID :one
+SELECT * FROM agents WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/alert_policies/alert_policies_gen.sql b/sql/queries/alert_policies/alert_policies_gen.sql
new file mode 100755
index 0000000..85b5d16
--- /dev/null
+++ b/sql/queries/alert_policies/alert_policies_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO alert_policies (id, name, rules, is_enabled, project_id)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM alert_policies WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM alert_policies;
+
+-- name: GetByID :one
+SELECT * FROM alert_policies WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/alerts/alerts_gen.sql b/sql/queries/alerts/alerts_gen.sql
new file mode 100755
index 0000000..0cd81a2
--- /dev/null
+++ b/sql/queries/alerts/alerts_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO alerts (id, incident_id, policy_id, status)
+	VALUES (?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM alerts WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM alerts;
+
+-- name: GetByID :one
+SELECT * FROM alerts WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/incident_events/incident_events_gen.sql b/sql/queries/incident_events/incident_events_gen.sql
new file mode 100755
index 0000000..01ae127
--- /dev/null
+++ b/sql/queries/incident_events/incident_events_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO incident_events (id, incident_id, type, payload)
+	VALUES (?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM incident_events WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM incident_events;
+
+-- name: GetByID :one
+SELECT * FROM incident_events WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/incidents/incidents.sql b/sql/queries/incidents/incidents.sql
new file mode 100755
index 0000000..d2c73ea
--- /dev/null
+++ b/sql/queries/incidents/incidents.sql
@@ -0,0 +1,35 @@
+-- name: DeleteByMonitorID :exec
+DELETE FROM incidents WHERE monitor_id=?;
+
+-- name: Stats :one
+SELECT
+ 	COUNT(*) AS total_incidents,
+ 	SUM(duration) AS total_downtime,
+  AVG(duration) AS avg_downtime,
+  SUM(CASE WHEN resolved_at IS NOT NULL THEN 1 ELSE 0 END) AS resolved_incidents,
+  SUM(CASE WHEN resolved_at IS NULL THEN 1 ELSE 0 END) AS unresolved_incidents
+FROM incidents;
+
+-- name: StatsByMonitorID :one
+SELECT
+ 	COUNT(*) AS total_incidents,
+ 	SUM(duration) AS total_downtime,
+  AVG(duration) AS avg_downtime,
+  SUM(CASE WHEN resolved_at IS NOT NULL THEN 1 ELSE 0 END) AS resolved_incidents,
+  SUM(CASE WHEN resolved_at IS NULL THEN 1 ELSE 0 END) AS unresolved_incidents,
+  ROUND(100.0 - (COALESCE(SUM(duration), 0) * 100.0 / (30 * 24 * 60 * 60 * 1000)), 3) AS uptime_percentage_30d
+FROM incidents
+WHERE monitor_id=? AND created_at >= ?;
+
+-- name: GetAllUnresolvedByMonitorID :many
+SELECT * FROM incidents
+WHERE monitor_id=? AND resolved_at IS NULL
+ORDER BY created_at DESC;
+
+-- name: ResolveByID :exec
+UPDATE incidents
+SET
+  resolved_at = CURRENT_TIMESTAMP,
+  duration = CAST((julianday('now') - julianday(started_at)) * 86400000 AS INTEGER),
+  updated_at = CURRENT_TIMESTAMP
+WHERE id=? AND resolved_at IS NULL;
diff --git a/sql/queries/incidents/incidents_gen.sql b/sql/queries/incidents/incidents_gen.sql
new file mode 100755
index 0000000..83a672b
--- /dev/null
+++ b/sql/queries/incidents/incidents_gen.sql
@@ -0,0 +1,11 @@
+-- name: Create :one
+INSERT INTO incidents (id, project_id, origin, monitor_id, resource_id, agent_id, kind, status, severity, summary, first_seen_at, last_seen_at)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM incidents WHERE id=?;
+
+-- name: GetByID :one
+SELECT * FROM incidents WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/maintenance_windows/maintenance_windows_gen.sql b/sql/queries/maintenance_windows/maintenance_windows_gen.sql
new file mode 100755
index 0000000..585118c
--- /dev/null
+++ b/sql/queries/maintenance_windows/maintenance_windows_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO maintenance_windows (id, name, start_at, end_at, reason)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM maintenance_windows WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM maintenance_windows;
+
+-- name: GetByID :one
+SELECT * FROM maintenance_windows WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/monitor_agents/monitor_agents_gen.sql b/sql/queries/monitor_agents/monitor_agents_gen.sql
new file mode 100755
index 0000000..f4a144c
--- /dev/null
+++ b/sql/queries/monitor_agents/monitor_agents_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO monitor_agents (id, project_id, monitor_id, agent_id, created_at)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM monitor_agents WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM monitor_agents;
+
+-- name: GetByID :one
+SELECT * FROM monitor_agents WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/monitor_checks/monitor_checks_gen.sql b/sql/queries/monitor_checks/monitor_checks_gen.sql
new file mode 100755
index 0000000..b9c2d65
--- /dev/null
+++ b/sql/queries/monitor_checks/monitor_checks_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO monitor_checks (id, project_id, monitor_id, revision_id, resource_id, agent_id, started_at, completed_at, severity, response_time, evaluation, meta)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM monitor_checks WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM monitor_checks;
+
+-- name: GetByID :one
+SELECT * FROM monitor_checks WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/monitor_revisions/monitor_revisions_gen.sql b/sql/queries/monitor_revisions/monitor_revisions_gen.sql
new file mode 100755
index 0000000..8bf881e
--- /dev/null
+++ b/sql/queries/monitor_revisions/monitor_revisions_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO monitor_revisions (id, monitor_id, config, content_hash_uint64, is_active)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM monitor_revisions WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM monitor_revisions;
+
+-- name: GetByID :one
+SELECT * FROM monitor_revisions WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/monitor_states/monitor_states.sql b/sql/queries/monitor_states/monitor_states.sql
new file mode 100755
index 0000000..409a5cd
--- /dev/null
+++ b/sql/queries/monitor_states/monitor_states.sql
@@ -0,0 +1,15 @@
+-- name: GetByMonitorID :one
+SELECT * FROM monitor_states WHERE monitor_id=? LIMIT 1;
+
+-- name: DeleteByMonitorID :exec
+DELETE FROM monitor_states WHERE monitor_id=?;
+
+-- name: Stats :one
+SELECT
+ 	COUNT(*) AS total_services,
+ 	SUM(CASE WHEN status='up' THEN 1 ELSE 0 END) AS services_up,
+ 	SUM(CASE WHEN status='down' THEN 1 ELSE 0 END) AS services_down,
+ 	SUM(CASE WHEN status='unknown' THEN 1 ELSE 0 END) AS services_unknown,
+ 	AVG(avg_response_time) AS avg_response_time,
+ 	SUM(total_checks) AS total_checks           
+FROM monitor_states;
diff --git a/sql/queries/monitor_states/monitor_states_gen.sql b/sql/queries/monitor_states/monitor_states_gen.sql
new file mode 100755
index 0000000..c8141b8
--- /dev/null
+++ b/sql/queries/monitor_states/monitor_states_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO monitor_states (id, project_id, monitor_id, resource_id, agent_id, severity, status, last_check, last_error, consecutive_fails, consecutive_success, total_checks, avg_response_time)
+	VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM monitor_states WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM monitor_states;
+
+-- name: GetByID :one
+SELECT * FROM monitor_states WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/monitors/monitors.sql b/sql/queries/monitors/monitors.sql
new file mode 100755
index 0000000..4b6ee84
--- /dev/null
+++ b/sql/queries/monitors/monitors.sql
@@ -0,0 +1,102 @@
+-- name: Exist :one
+SELECT EXISTS (SELECT 1 FROM monitors WHERE id = ? LIMIT 1);
+
+-- name: GetAllMonitorsByAgentID :many
+WITH
+  target_agent AS (
+    SELECT a.*
+    FROM agents a
+    WHERE a.id = ?
+      AND a.is_enabled = 1
+  ),
+
+  override_monitors AS (
+    SELECT ma.monitor_id
+    FROM monitor_agents ma
+    JOIN target_agent ta ON ta.id = ma.agent_id
+  ),
+
+  monitors_with_override AS (
+    SELECT DISTINCT ma.monitor_id
+    FROM monitor_agents ma
+  ),
+
+  inherited_monitors AS (
+    SELECT m.id AS monitor_id
+    FROM monitors m
+    JOIN resources r        ON r.id = m.resource_id
+    JOIN target_agent ta    ON 1=1
+    JOIN resource_agents ra ON ra.resource_id = r.id
+                           AND ra.agent_id    = ta.id
+    WHERE m.is_enabled = 1
+      AND ta.is_enabled = 1
+      AND r.project_id  = ta.project_id
+      AND NOT EXISTS (SELECT 1
+                      FROM monitors_with_override o
+                      WHERE o.monitor_id = m.id)
+  ),
+
+  effective_monitors AS (
+    SELECT monitor_id FROM override_monitors
+    UNION
+    SELECT monitor_id FROM inherited_monitors
+  )
+
+SELECT
+  m.*,
+  mr.id      AS active_revision_id,
+  mr.config  AS active_revision_config
+FROM effective_monitors em
+JOIN monitors m             ON m.id = em.monitor_id
+JOIN resources r            ON r.id = m.resource_id
+JOIN target_agent ta        ON r.project_id = ta.project_id
+LEFT JOIN monitor_revisions mr
+       ON mr.monitor_id = m.id AND mr.is_active = 1
+ORDER BY m.resource_id, m.name;
+
+-- namg: GetMonitorsForAgents :many
+WITH
+  enabled_agents AS (
+    SELECT a.*
+    FROM agents a
+    WHERE a.is_enabled = 1
+  ),
+
+  override_pairs AS (
+    SELECT
+      ma.agent_id,
+      ma.monitor_id
+    FROM monitor_agents ma
+    JOIN enabled_agents a ON a.id = ma.agent_id
+  ),
+
+  monitors_with_override AS (
+    SELECT DISTINCT monitor_id
+    FROM monitor_agents
+  ),
+
+  inherited_pairs AS (
+    SELECT
+      ra.agent_id,
+      m.id AS monitor_id
+    FROM resource_agents ra
+    JOIN enabled_agents a ON a.id = ra.agent_id
+    JOIN resources r      ON r.id = ra.resource_id
+    JOIN monitors  m      ON m.resource_id = r.id
+    WHERE m.is_enabled = 1
+      AND r.project_id = a.project_id
+      AND NOT EXISTS (
+            SELECT 1 FROM monitors_with_override o
+            WHERE o.monitor_id = m.id
+          )
+  )
+
+SELECT DISTINCT
+  p.agent_id,
+  p.monitor_id
+FROM (
+  SELECT * FROM override_pairs
+  UNION ALL
+  SELECT * FROM inherited_pairs
+) AS p
+ORDER BY p.agent_id, p.monitor_id;
diff --git a/sql/queries/monitors/monitors_gen.sql b/sql/queries/monitors/monitors_gen.sql
new file mode 100755
index 0000000..74c4932
--- /dev/null
+++ b/sql/queries/monitors/monitors_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO monitors (id, project_id, resource_id, name, kind, is_enabled, tags)
+	VALUES (?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM monitors WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM monitors;
+
+-- name: GetByID :one
+SELECT * FROM monitors WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/notification_history/notification_history.sql b/sql/queries/notification_history/notification_history.sql
new file mode 100755
index 0000000..7d78eba
--- /dev/null
+++ b/sql/queries/notification_history/notification_history.sql
@@ -0,0 +1,41 @@
+-- name: GetAllUnsent :many
+SELECT
+    h.*,
+    p.provider_type,
+    p.config,
+    p.project_id
+  FROM notification_history h
+  LEFT JOIN notification_providers p ON p.id = h.provider_id
+  WHERE
+    h.status != 'sent' AND
+    p.is_enabled = true
+  ORDER BY h.created_at ASC
+  LIMIT 100;
+
+-- name: IncrementAttempt :exec
+UPDATE notification_history
+  SET
+    response = ?,
+    attempts = attempts + 1,
+    error_message = ?,
+    last_attempt_at = CURRENT_TIMESTAMP,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?;
+
+-- name: MarkAsSent :exec
+UPDATE notification_history
+  SET
+    status = 'sent',
+    response = ?,
+    attempts = attempts + 1,
+    error_message = NULL,
+    last_attempt_at = CURRENT_TIMESTAMP,
+    sent_at = CURRENT_TIMESTAMP,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?;
+
+-- name: DeleteAllByProjectID :exec
+DELETE FROM notification_history
+  WHERE provider_id in (
+    SELECT id FROM notification_providers WHERE project_id = ?
+  );
diff --git a/sql/queries/notification_history/notification_history_gen.sql b/sql/queries/notification_history/notification_history_gen.sql
new file mode 100755
index 0000000..67f035f
--- /dev/null
+++ b/sql/queries/notification_history/notification_history_gen.sql
@@ -0,0 +1,5 @@
+-- name: Create :one
+INSERT INTO notification_history (id, alert_id, provider_id, message)
+	VALUES (?, ?, ?, ?)
+	RETURNING *;
+
diff --git a/sql/queries/notification_providers/notification_providers.sql b/sql/queries/notification_providers/notification_providers.sql
new file mode 100755
index 0000000..878668f
--- /dev/null
+++ b/sql/queries/notification_providers/notification_providers.sql
@@ -0,0 +1,11 @@
+-- name: GetAllEnabled :many
+SELECT * FROM notification_providers WHERE is_enabled=true AND project_id = ?;
+
+-- name: Update :exec
+UPDATE notification_providers
+  SET
+    provider_type = ?,
+    config = ?,
+    is_enabled = ?,
+    updated_at = CURRENT_TIMESTAMP
+  WHERE id = ?;
diff --git a/sql/queries/notification_providers/notification_providers_gen.sql b/sql/queries/notification_providers/notification_providers_gen.sql
new file mode 100755
index 0000000..2aae9d0
--- /dev/null
+++ b/sql/queries/notification_providers/notification_providers_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO notification_providers (id, provider_type, config, is_enabled, project_id)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM notification_providers WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM notification_providers WHERE project_id=?;
+
+-- name: GetByID :one
+SELECT * FROM notification_providers WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/projects/projects_gen.sql b/sql/queries/projects/projects_gen.sql
new file mode 100755
index 0000000..41d0553
--- /dev/null
+++ b/sql/queries/projects/projects_gen.sql
@@ -0,0 +1,20 @@
+-- name: Create :one
+INSERT INTO projects (id, name, description, settings)
+	VALUES (?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM projects WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM projects;
+
+-- name: GetByID :one
+SELECT * FROM projects WHERE id=? LIMIT 1;
+
+-- name: Update :one
+UPDATE projects
+	SET name=?, description=?, settings=?, updated_at=CURRENT_TIMESTAMP
+	WHERE id=?
+	RETURNING *;
+
diff --git a/sql/queries/resource_agents/resource_agents.sql b/sql/queries/resource_agents/resource_agents.sql
new file mode 100755
index 0000000..cad6ab9
--- /dev/null
+++ b/sql/queries/resource_agents/resource_agents.sql
@@ -0,0 +1,14 @@
+-- name: GetAllByResourceID :many
+SELECT * FROM resource_agents WHERE resource_id=?;
+
+-- name: DeleteByResourceID :exec
+DELETE FROM resource_agents WHERE resource_id=?;
+
+-- name: DeleteByResourceIDAndAgentID :exec
+DELETE FROM resource_agents WHERE resource_id=? AND agent_id=?;
+
+-- name: ExistsByResourceIDAndAgentID :one
+SELECT EXISTS (SELECT 1 FROM resource_agents WHERE resource_id=? AND agent_id=? LIMIT 1);
+
+-- name: CountByResourceID :one
+SELECT COUNT(*) FROM resource_agents WHERE resource_id=?;
diff --git a/sql/queries/resource_agents/resource_agents_gen.sql b/sql/queries/resource_agents/resource_agents_gen.sql
new file mode 100755
index 0000000..296edc2
--- /dev/null
+++ b/sql/queries/resource_agents/resource_agents_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO resource_agents (id, resource_id, agent_id, project_id, created_at)
+	VALUES (?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM resource_agents WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM resource_agents;
+
+-- name: GetByID :one
+SELECT * FROM resource_agents WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/resources/resources_gen.sql b/sql/queries/resources/resources_gen.sql
new file mode 100755
index 0000000..e6260fe
--- /dev/null
+++ b/sql/queries/resources/resources_gen.sql
@@ -0,0 +1,14 @@
+-- name: Create :one
+INSERT INTO resources (id, project_id, name, description, kind, tags, payload)
+	VALUES (?, ?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM resources WHERE id=?;
+
+-- name: GetAll :many
+SELECT * FROM resources WHERE project_id=?;
+
+-- name: GetByID :one
+SELECT * FROM resources WHERE id=? LIMIT 1;
+
diff --git a/sql/queries/users/users.sql b/sql/queries/users/users.sql
new file mode 100755
index 0000000..90cfc86
--- /dev/null
+++ b/sql/queries/users/users.sql
@@ -0,0 +1,5 @@
+-- name: GetByEmail :one
+SELECT * FROM users WHERE email=? LIMIT 1;
+
+-- name: CheckRootUserExists :one
+SELECT EXISTS (SELECT 1 FROM users WHERE role='root' LIMIT 1);
diff --git a/sql/queries/users/users_gen.sql b/sql/queries/users/users_gen.sql
new file mode 100755
index 0000000..3479ae1
--- /dev/null
+++ b/sql/queries/users/users_gen.sql
@@ -0,0 +1,17 @@
+-- name: Create :one
+INSERT INTO users (id, email, password, full_name, role, avatar)
+	VALUES (?, ?, ?, ?, ?, ?)
+	RETURNING *;
+
+-- name: Delete :exec
+DELETE FROM users WHERE id=?;
+
+-- name: GetByID :one
+SELECT * FROM users WHERE id=? LIMIT 1;
+
+-- name: Update :one
+UPDATE users
+	SET email=?, full_name=?, avatar=?, updated_at=CURRENT_TIMESTAMP
+	WHERE id=?
+	RETURNING *;
+
diff --git a/sqlc.yaml b/sqlc.yaml
new file mode 100644
index 0000000..8376584
--- /dev/null
+++ b/sqlc.yaml
@@ -0,0 +1,417 @@
+version: "2"
+overrides:
+  go:
+    overrides:
+      - db_type: jsonb
+        go_type:
+          type: JSONField
+          import: github.com/sxwebdev/sentinel/internal/store/storecmn
+
+      - db_type: JSONB
+        go_type:
+          type: JSONField
+          import: github.com/sxwebdev/sentinel/internal/store/storecmn
+
+      # users
+      - column: users.id
+        go_struct_tag: validate:"required"
+      - column: users.email
+        go_struct_tag: validate:"required,email"
+      - column: users.password
+        go_struct_tag: validate:"required"
+      - column: users.role
+        go_type:
+          type: UserRole
+        go_struct_tag: validate:"required,oneof=root admin user"
+
+      # projects
+      - column: projects.id
+        go_struct_tag: validate:"required"
+      - column: projects.name
+        go_struct_tag: validate:"required"
+      - column: projects.settings
+        go_type:
+          type: ProjectSettings
+
+      # agents
+      - column: agents.status
+        go_type:
+          type: AgentStatusType
+      - column: agents.kind
+        go_type:
+          type: AgentKindType
+      - column: agents.system_info
+        go_type:
+          type: SystemInfo
+      - column: agents.tags
+        go_type:
+          type: Tags
+      - column: agents.config
+        go_type:
+          type: AgentConfig
+
+      # resources
+      - column: resources.kind
+        go_type:
+          type: ResourceKindType
+      - column: resources.tags
+        go_type:
+          type: Tags
+      - column: resources.payload
+        go_type:
+          type: ResourcePayload
+
+      # notification_providers
+      - column: notification_providers.provider_type
+        go_type:
+          type: NotificationProviderType
+      - column: notification_providers.config
+        go_type:
+          type: JSONField
+          import: github.com/sxwebdev/sentinel/internal/store/storecmn
+
+      # notification_history
+      - column: notification_history.incident_id
+        go_type:
+          type: "*string"
+
+sql:
+  # users
+  - schema: sql/migrations
+    queries: sql/queries/users
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_users
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # projects
+  - schema: sql/migrations
+    queries: sql/queries/projects
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_projects
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # agents
+  - schema: sql/migrations
+    queries: sql/queries/agents
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_agents
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # resources
+  - schema: sql/migrations
+    queries: sql/queries/resources
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_resources
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # resource_agents
+  - schema: sql/migrations
+    queries: sql/queries/resource_agents
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_resource_agents
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # monitor_agents
+  - schema: sql/migrations
+    queries: sql/queries/monitor_agents
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_monitor_agents
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # monitors
+  - schema: sql/migrations
+    queries: sql/queries/monitors
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_monitors
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # monitor_revisions
+  - schema: sql/migrations
+    queries: sql/queries/monitor_revisions
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_monitor_revisions
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # monitor_checks
+  - schema: sql/migrations
+    queries: sql/queries/monitor_checks
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_monitor_checks
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # monitor_states
+  - schema: sql/migrations
+    queries: sql/queries/monitor_states
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_monitor_states
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # incidents
+  - schema: sql/migrations
+    queries: sql/queries/incidents
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_incidents
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # incident_events
+  - schema: sql/migrations
+    queries: sql/queries/incident_events
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_incident_events
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # notification_providers
+  - schema: sql/migrations
+    queries: sql/queries/notification_providers
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_notification_providers
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # notification_history
+  - schema: sql/migrations
+    queries: sql/queries/notification_history
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_notification_history
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # alert_policies
+  - schema: sql/migrations
+    queries: sql/queries/alert_policies
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_alert_policies
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # alerts
+  - schema: sql/migrations
+    queries: sql/queries/alerts
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_alerts
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2
+
+  # maintenance_windows
+  - schema: sql/migrations
+    queries: sql/queries/maintenance_windows
+    engine: sqlite
+    gen:
+      go:
+        out: internal/store/repos/repo_maintenance_windows
+        emit_prepared_queries: false
+        emit_json_tags: true
+        emit_exported_queries: false
+        emit_db_tags: true
+        emit_interface: true
+        emit_exact_table_names: false
+        emit_empty_slices: true
+        emit_result_struct_pointers: true
+        emit_params_struct_pointers: false
+        emit_enum_valid_method: true
+        emit_all_enum_values: true
+        query_parameter_limit: 2