From 6bb23bc22a7081f84362e0715f59a5eebc1fc088 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 14:16:08 +0100
Subject: [PATCH 01/22] fix: add service health reporting fix to changelog for
 clarity

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e82e3d9..421a288 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ## [Unreleased]
 
+### Fixed
+
+- **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
+
 ## [0.12.0-alpha] - 2026-03-01
 
 ### Added
-- 
2.49.1


From bc5e20ab7bff75d5a3e6dde23bf36d242ab64d56 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 14:29:29 +0100
Subject: [PATCH 02/22] fix: add note on lower resource usage under load to
 changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 421a288..03aaa8b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 ### Fixed
 
 - **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
+- **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
 
 ## [0.12.0-alpha] - 2026-03-01
 
-- 
2.49.1


From 27158f7bfc1ca7367050bb0d0a5ca3e7efffcae0 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 14:33:28 +0100
Subject: [PATCH 03/22] fix: enhance billing operations and session management
 in API

---
 CHANGELOG.md       |  2 ++
 lib/api/billing.ts | 47 +++++++++-------------------------------------
 lib/api/user.ts    | 20 ++------------------
 3 files changed, 13 insertions(+), 56 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03aaa8b..4dec578 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 - **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
 - **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
+- **More reliable billing operations.** Billing actions like changing your plan, cancelling, and viewing invoices now benefit from the same automatic session refresh, request tracing, and error handling as the rest of the app. Previously, these used a separate internal path that could fail silently if your session expired mid-action.
+- **Session list now correctly highlights your current session.** The active sessions list in settings now properly identifies which session you're currently using. Previously, the "current session" marker never appeared due to an internal mismatch in how sessions were identified.
 
 ## [0.12.0-alpha] - 2026-03-01
 
diff --git a/lib/api/billing.ts b/lib/api/billing.ts
index fff2fdc..0bb3245 100644
--- a/lib/api/billing.ts
+++ b/lib/api/billing.ts
@@ -1,4 +1,4 @@
-import { API_URL } from './client'
+import apiRequest from './client'
 
 export interface TaxID {
   type: string
@@ -31,39 +31,12 @@ export interface SubscriptionDetails {
   next_invoice_period_end?: number
 }
 
-async function billingFetch<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
-  const url = `${API_URL}${endpoint}`
-  
-  const headers: HeadersInit = {
-    'Content-Type': 'application/json',
-    ...options.headers,
-  }
-
-  const response = await fetch(url, {
-    ...options,
-    headers,
-    credentials: 'include', // Send cookies
-  })
-
-  if (!response.ok) {
-    const errorBody = await response.json().catch(() => ({
-      error: 'Unknown error',
-      message: `HTTP ${response.status}: ${response.statusText}`,
-    }))
-    throw new Error(errorBody.message || errorBody.error || 'Request failed')
-  }
-
-  return response.json()
-}
-
 export async function getSubscription(): Promise<SubscriptionDetails> {
-  return await billingFetch<SubscriptionDetails>('/api/billing/subscription', {
-    method: 'GET',
-  })
+  return apiRequest<SubscriptionDetails>('/api/billing/subscription')
 }
 
 export async function createPortalSession(): Promise<{ url: string }> {
-  return await billingFetch<{ url: string }>('/api/billing/portal', {
+  return apiRequest<{ url: string }>('/api/billing/portal', {
     method: 'POST',
   })
 }
@@ -74,7 +47,7 @@ export interface CancelSubscriptionParams {
 }
 
 export async function cancelSubscription(params?: CancelSubscriptionParams): Promise<{ ok: boolean; at_period_end: boolean }> {
-  return await billingFetch<{ ok: boolean; at_period_end: boolean }>('/api/billing/cancel', {
+  return apiRequest<{ ok: boolean; at_period_end: boolean }>('/api/billing/cancel', {
     method: 'POST',
     body: JSON.stringify({ at_period_end: params?.at_period_end ?? true }),
   })
@@ -82,7 +55,7 @@ export async function cancelSubscription(params?: CancelSubscriptionParams): Pro
 
 /** Clears cancel_at_period_end so the subscription continues past the current period. */
 export async function resumeSubscription(): Promise<{ ok: boolean }> {
-  return await billingFetch<{ ok: boolean }>('/api/billing/resume', {
+  return apiRequest<{ ok: boolean }>('/api/billing/resume', {
     method: 'POST',
   })
 }
@@ -100,7 +73,7 @@ export interface PreviewInvoiceResult {
 }
 
 export async function previewInvoice(params: ChangePlanParams): Promise<PreviewInvoiceResult | null> {
-  const res = await billingFetch<PreviewInvoiceResult | Record<string, never>>('/api/billing/preview-invoice', {
+  const res = await apiRequest<PreviewInvoiceResult | Record<string, never>>('/api/billing/preview-invoice', {
     method: 'POST',
     body: JSON.stringify(params),
   })
@@ -111,7 +84,7 @@ export async function previewInvoice(params: ChangePlanParams): Promise<PreviewI
 }
 
 export async function changePlan(params: ChangePlanParams): Promise<{ ok: boolean }> {
-  return await billingFetch<{ ok: boolean }>('/api/billing/change-plan', {
+  return apiRequest<{ ok: boolean }>('/api/billing/change-plan', {
     method: 'POST',
     body: JSON.stringify(params),
   })
@@ -124,7 +97,7 @@ export interface CreateCheckoutParams {
 }
 
 export async function createCheckoutSession(params: CreateCheckoutParams): Promise<{ url: string }> {
-  return await billingFetch<{ url: string }>('/api/billing/checkout', {
+  return apiRequest<{ url: string }>('/api/billing/checkout', {
     method: 'POST',
     body: JSON.stringify(params),
   })
@@ -142,7 +115,5 @@ export interface Invoice {
 }
 
 export async function getInvoices(): Promise<Invoice[]> {
-  return await billingFetch<Invoice[]>('/api/billing/invoices', {
-    method: 'GET',
-  })
+  return apiRequest<Invoice[]>('/api/billing/invoices')
 }
diff --git a/lib/api/user.ts b/lib/api/user.ts
index 6268362..17a9872 100644
--- a/lib/api/user.ts
+++ b/lib/api/user.ts
@@ -18,24 +18,8 @@ export interface Session {
 }
 
 export async function getUserSessions(): Promise<{ sessions: Session[] }> {
-  // Hash the current refresh token to identify current session
-  const refreshToken = typeof window !== 'undefined' ? localStorage.getItem('refreshToken') : null
-  let currentTokenHash = ''
-  
-  if (refreshToken) {
-    // Hash the refresh token using SHA-256
-    const encoder = new TextEncoder()
-    const data = encoder.encode(refreshToken)
-    const hashBuffer = await crypto.subtle.digest('SHA-256', data)
-    const hashArray = Array.from(new Uint8Array(hashBuffer))
-    currentTokenHash = hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
-  }
-
-  return apiRequest<{ sessions: Session[] }>('/auth/user/sessions', {
-    headers: currentTokenHash ? {
-      'X-Current-Session-Hash': currentTokenHash,
-    } : undefined,
-  })
+  // Current session is identified server-side via the httpOnly refresh token cookie
+  return apiRequest<{ sessions: Session[] }>('/auth/user/sessions')
 }
 
 export async function revokeSession(sessionId: string): Promise<void> {
-- 
2.49.1


From 5b388808b67d74c16a737e757b05907e4252e1e5 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 14:43:25 +0100
Subject: [PATCH 04/22] fix: update changelog with recent fixes and remove
 unused icon files

---
 CHANGELOG.md                                 |   2 ++
 public/Icon Padding left & right 192x192.png | Bin 7962 -> 0 bytes
 public/Icon Padding left & right 512x512.png | Bin 22728 -> 0 bytes
 3 files changed, 2 insertions(+)
 delete mode 100644 public/Icon Padding left & right 192x192.png
 delete mode 100644 public/Icon Padding left & right 512x512.png

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4dec578..18bc44e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 - **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
 - **More reliable billing operations.** Billing actions like changing your plan, cancelling, and viewing invoices now benefit from the same automatic session refresh, request tracing, and error handling as the rest of the app. Previously, these used a separate internal path that could fail silently if your session expired mid-action.
 - **Session list now correctly highlights your current session.** The active sessions list in settings now properly identifies which session you're currently using. Previously, the "current session" marker never appeared due to an internal mismatch in how sessions were identified.
+- **Notifications no longer fail to load on sign-in.** The notification bell now loads correctly even when the app is still setting up your workspace context. Previously, it could briefly show an error right after signing in.
+- **Fixed a service worker error on first visit.** Removed leftover icon files with invalid filenames that caused a caching error in the background. This had no visible effect but produced console warnings.
 
 ## [0.12.0-alpha] - 2026-03-01
 
diff --git a/public/Icon Padding left & right 192x192.png b/public/Icon Padding left & right 192x192.png
deleted file mode 100644
index c3b532c41088c454ad16db1f561085474f86dca3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7962
zcma)hcU%))+V&(AsR{zpL_!b|kY0p9AW}uD(wo%KAxJ`#7AexCNfV?O1*Hf`7m1=E
z(iN!+B2}ppiV(nW&|RP1eRkj9_s2};ocp@_b<UK;=<90G({RuL06?#KS@jzDOE@~H
zD8ci!kM73+fTF;~&=hB?qm8h~c!=0KVC>K${vKYS8~_xQ{Jm`L-OxCg9ooso6A52y
zX@kRD9FTAmX&o^gFBP=2%jKKiXoH)&hW0nz?ByKbN{TcJ{s_>32O4J!^Y?J~#3KBW
z@LzTj;Puh8C>-_+f^$Q{O?C8PDj07xOj<-*L=3J-15@yJa70{FRsV-FI6}gmaX2r8
zsHmTxpNOBN2*%q<R9sF@PE<@nR6;@+L<nO8JaM-E!k$>(BNM-EsG_m<-Y#A^7mO$D
z$fm6w#s`Ol!$CRhpOJZZ{W0!|{YUm-9Yp<Yy+p-D#6<rU?B$HXVX)4a|Dp0n{5M4h
z`#(;+e7xO%#qVG*igrhPpgnO|5HJ33j?n%tf93pdVI4{SW*+C__&?xBlE1;h-stH3
z3FzO<|1)b3kAI5?i&OIj3-^yE{8tUEVSpD}^cotA@$t4ttNDU?@&2kE=nbLbjkd+1
zRlx%Zmk^VX5f+mW7Lzg*mq3V1A|z#n#KaL|Vt>#&7zY=}fd7h?K}d=JCmQ6FgDuYX
z{|Eo4Lx>~v@2Eg7|KB0~rKEy!$9RL$fmulYiuNy&rizNbH^$M$9h70OX(+=q)l_7}
z<z!@pB}Bx3VUIe8(0B1iyPK-IfNjTutVF`a<s|+?YWBaRzq}iO%Mo<(+vHJq5t<&h
zPG}Ps2b}X?*8UP`qdlGeCOPVoyU)?GF!FQ(`}#YCUrMHb$&hd<F)`79@nrUQ+0jyi
zDLB|8?2kH(@%}abz4#2!H-3+P58Yi9jj$fJo-k!w7bgYLqvZ%r{aT5?NB_hti2jE;
zg<pI{Tz0{N4g&r!55KIzV87Uku(dx*5DEA4#yI%cqaA*g8I1O~6pL}h`Pq7-FFAok
zMZzyRI=X<R2!Kh7h>83z#~-MlGa5AW9~}7?B8vX^EdCbt?==5qPXhIR&w+a#xM_<1
z*)_qzpM4kY2@=#B+*J#M-hKf9$SoI;X@6rF0Gv<uN$wX?y~^CFL{xc2RsH12J*jfX
zSEVuW5+_~XNvX5DJ5KIjBhGA1YTvD>$tir*QAH67u|QWaC*Q5R5JP{nPtriLD|@18
z0o%5d`@VG{Ogj5&O>;0qO;gyZtPOcqcwAoxYx$_li%S}YgCD-zh@q@VjqP?FoQY<S
z51T?O_;LqWo=8zA3Oq7q$USwu{FGrzLu5-TPD&(5aCvw(>}A7)GeX4Lt}=<x%<@PT
zCL0e{-v_R;#_d<kyJ@<+Z=faBO1!y=d<m+aA-Z-|{wEMT57uWKZfl-f7k^dSqp0A|
zp2Xs_aV(VR)TLDkuYJqGAyj<XfFSI8^%4Ksb832T-aK*K{)w^Pntjq>`Dr@pHh;VS
zQh0~(4-xi`g#z0k?prI2BHkbN_aS$l#a(~oS{dv-fv@d;bZX)jQD-qkzsP*kq$b89
zMbjU7YnTdmU4?k9$tf*3VU6dRh_w$zOW=U$!bEx~FxTqz_;SjL8SwT<?RD7<3joN7
zqXY7xyb1>Ztamk4FB$r0ujB+iaZn5HY-`JG^2-P&e4?i<F-}djiDnB+MxCs9hZ4N|
zGFI6^#}2wo57V-Z7FUC64%>wB!TTf88J#rf^iDoQlqTeX*f|l5*oLXy&}Ds;CC)d4
zwxxTu^&zqIW2XE<cF2BnzZ|wNb2s>rh&;BLG=l6|BQ06)1ke>gd&({MWbr$x$b@V8
zudKhZmAow_hEPVBT=J)g;D-J<L!}qKE=wgE_JlTK<i1H;vmYU^)Htc-%J*nMDij#F
zEFYQ&(1k%z(LfLW$uZR_=(IWDCpEG<ii}P)<W~jIC(j)87K+#LFGJQ(Qt5>~sSg-S
zAjKW}`=H46&&lwws{d3)N+4SLj+-sdPyp7)rpM=5{S@?jj+HCI@ikruiIUS7&+l=r
zbdD=RULqJCWU;RJS41aT7;&Ia*qkkRwN%Wz^yTE&6H6;ehmB1ufv83Zp}TfrWhZ8g
zxNWiegIpz?D&KV!{;X2LdLj-|er!5zaX-eOs4df!ZIj(Kf-3*Qoxai?R|z?Jlk?eQ
zMLX#nupsJ)g`&3mKk!RML+p%%{O?!Lh)@T?_x1c*neFP$%K-56R7GZ^lDTB{sKmE%
zIP^U2`^xw-k&)Y#J<<uI6GM9i6feb{KSwUE@f)kLY8%?koE23C!e7m&c5&T*Wm~nl
z7Q6g>j_Vw1l<ITGVl5MiQ(a#kELO7jOT+WNv>k$!9f2l+!EO9x{^$2PV^rvc-6E-M
z^qmdP^paFl3<HZiHtO@9>NGQJx0x!j5gLkU`9s=ms%4@9!ApW`^J}XSxHO-Y0Rao(
z^ZmhvbH>N+6iP$`l#tG3ou;<$s5UO0)&B0KK%cQerR&4wwpN?FF>!_cBiI`kplnhC
zPMdEI%xG=Z*`2IjSXtm?SyeOCtWAyO8KZ&N+e_}jTVdXz3Bf8{5<Y}8@{kBDU}?wZ
zf@Xx!(In!|mIm8wo=dX0uwNZ2*z7+>k<O8(Lau*SL}O&-Bj6dejKS1ZRll&}l<lnC
zrOT<29^~s*bab&2PzBWNHGObC@gWN-SE{3iGq5+{N>hhQY8fJdtf6P;c%bKLoSIQ(
zh@q*zuc@c%?u`eQ)A~ySnad3*f3arwu}i0f(m+m0nMd(rx$e_v1dp)UMV%g0GMjhd
zCR}6ij1#do{u;Lk`XTs?I&3;MNUMf=;{4+8^HJ$U;#!JOruJW}aiF-+=d9LdLy6Ei
zQud*W`-0O?OP{$K`_t)HRLGMqethjvc+X=b+pm@)WqhZhZejfP^E-&2WBHZl#+ufT
zXY+4EO*Sver6)>~iY0lr<LhHEZS60B%39M4^o*!nuZ@kQ)bJEP?6L~eL5hrJy~n~C
zsb13f;jQMIV>G@q5FY3o&LYWgMWJu=8k3cZ6EGG`mM>nJk-uzp{Zy0wdV|0SnN_=f
z+|Aw1Ia?cfVLPX(&Bd~HWPdDt6Rm+?^lCq^b%{KQKew;4;!DcN(m2~*f)&vKAM9vG
z76I~d&OZGr9Wx{9%;<9*FlplMP4v97-(6iHgq?O#+9GdhEC`3}BZ@|D!Juzw^A=rV
z56zY>vJt++8TJ+##+jatdgIe$Kaa(w-GW2k#1gd{R57}n4O`vXbzy~}pO?QxAAZVM
zGZ_(4di#z<D2)XS$H?A9Je1@(&|Pw$^~m#>_+ZR>K&;V|eLY~8Z>R=Tr6chlql2gK
zEUp=(*Q}L>Ki}+Z5Pl!BEGD|=H+5Lh9I^{nIYCw=2>o$=jEo9SD7f~aobg_!-vr$M
zR5f2GgToXXdHSt&jr81O%0}etHlV*qhs_4LoZj2->t81b?6vI8kJjHwbl>i^SLzz*
zJ__nN6ebwRaNR4L@2Y4T%RQof;H>o6_nQ7{54Lcv3zaZ2>ow=P8%-7J(}v1GMcLOC
z;PBz{4TqQfdx7dBPlNrqW~7x)PgLG4Kz~J$AhIt8Twx#(8&tFmc`~i42X0A^%!~M&
zR-zDYmpA=3J#xlA+RJ~Eh<#ah7Z`@z6AomUEPn2#GFvC7=A8NB`Hh9n59uy>Be`GZ
z94B3bh3~zk%9oZtpu@LxpNV4Pj`CIu^$2vFrPnMORmSz8ii5jYuRL>)9B+IkrBr?g
zm~SjyhM3+^SL$EP^LCcVnCK{uJ3L+8SX4W9`-7tV9vMLqxDxml_kny}3{j@<Gp#<7
zw8(8UW!nGnf`Ib;kI}qd<Z7bD%?qhls6oFKfF)qlyj)%ErQUXDaLTxYnSxY~!Fwz%
z=*i5ECK7FpE1;#R002T;SqN+Sv9xxcf_9HQbu`$LNBFrU(#$5rJCmg5c+Vk)hC1d-
z_RqS_kpo9%jDiGF8nIm3pxrtM;FV2yxZJYj+`s3&GVyKntq;ZFAot=ATY(V@Bk=We
zAS>%R10myTq>!3bGRs$Q`-q_jCucpTWEFiM*|CLp`-VzidFmJ6O9x3}N41~Db9SFm
zrL)>RaRX5wEW6?qdssjA8oPLbG@njuDvf>c4tmdmIS=yr<vU7StaC!jEaQPn$HSP9
z>LfGFICT?R(u%0lXHKE-0s&BNt~V(O96)I7qhgiTk(lgG{<+Vo;-?Xdv3eF}i_5RI
zeB7VOH=-#8MFGHBM@IupEFMUJt{>d;agWQs%^b;c5Qt8A<Ho7-PSJ0<?1q_w44;g8
zn*hm?NF5SmC8^=cgBJmnIw8-<a(rG?D$7f%S$j|zaK-DGJo+-2UbnU;DHItUA2?Qj
z-_OC7>v9D-fE%U&HH?4+@^vn{Jw>S1qx|^Q+cnp@G&UE;8{*%)<So}mxjD|<$?Fff
zUWYC8g)Y9!$_hC}Xc-9T=&4smh$9N;@AGNNyom41X3yVA|I&%gwKBEu5#1x>%Q>j3
z_|;D21gJwtfGqY<`SB!1*62laOYSW==Gn`O?M+Z69s=uAlfvHl*G>r1qdgxkQUlzX
zW=)$OKmuf)5$J@losj7{kf48_TEloUCs|~t@4%`)+);$a2gfwk+k5xeE`3`V__Tqb
z{M-s8s5@m$3j^E7o-pGNcT>AW6<Cr5jM8tOj&>qFZ{veqXh`kfa;lpaS?WV|Yy@zQ
z_YVtuZLM@--Z_wX){NQNT_Hm;9{rO6Z(eG6KKI?vBq@IOc78WE$pd$I%5M^AV4=i}
zZ+P!Ol3Pn>XOCqrU3H)G?rbr#52`hP8q`vKt&Pa}HoGjTOWec9vX5(Z^WZ#yaj0Rq
zT*3OHov`h+W?7L%QlPX+h9^ni^_!N>861-?i>nmQ)K03k0%!=U`RVM*?D=PX6`EWw
za7^voRO?MKqmPX}?7A5o^(^9^2W2#{+~dH*z=)!D51mgSE1D0}$?vExQ+CApK9Cxp
z$@)0uXl=qKvD7#gd-ocQk$@jNT+WGl+%dWWeAhkLdB+&;cO&u(iKu?Po_^~`P};eP
z63fN&P&S5%+~zbx>~x@!{qh-nI-8K|0r&_VRm`hMJ8dY4?mDQgEn|30=fJ1{)FXp6
zRHRR3hjsi26;#toh2lbyje}|TM*=@SZQoc6D*EY}<&Nod;31PBWA54JuXIz5AJ)kq
z=I(6Gj@r)3^N(EaTeMV_96mnn-utQW7#t7X9c#dtDNdLNv7*+(zg>Uodc27yc40t~
z)@;Pg{*%6CLaz1ZF@(ux`faLwSjgVciiT=Dg#o~IvQ0r$oVN5Z<M!j(n&^VI-0pf`
zUjeC|WB4VS+8z{nlB81bzItrO4pR5(k}-aJ%S|Uf#7R=|ivo_vT|i4M)FP1W?ZFu2
zv$c0Mb2Jr9qyBJ2xS~{ChFWSwsN~JX1(Sm<;$_L2{byGjTDSebOnIFt>GCb>4><{$
zeWmx@$HL$$maJ5oJwz)^LL=1Ruu^{Yil00BG->yHf0H>a7yy|C_gJH>@)9R%=CZ0_
zONtj)pSilDe9X*zWR!i-*gZ-w14kitMu@}goW{jgY<=CjC&PiV=p1!6(A=8??vuk-
zjo-xP4z&wr70BERyL<&Qls0*xZwQIpO<S)@#kcv+FHaEnw2v2#QGR%l!&NhTSRi>K
z?_H4+3`+Io^)XKl73>SMM}y6D`a^L)BDDR^3Y`z!97&EHP0!)AGFYule60)Icd0q>
z5=obUL)T{`d#$gRbJ%BuWjXb%jnAgCo_DY)-5$Z#EsW}&=}&Cy{a{Y13Y>X{`zcKe
zesPc-kS)CbB<0)TG2-!$0$szIn8{u<&P`TMkCbh60@R<Ha1mRZ&d3O)a37F5!W}zK
zc~CA2ACO30ccSj_c{1B77;G-=H|7X`xG}yEe4Lhsu=dWOMM5c71ZuP1UNwbN9y;A7
zUO%c+B9y}l8EM&aKVMS1liM;7S#bQ~o<U7=N#3#o+2^s3<#Tu{!pjqDtq)k@MddEK
zJ{4L15&T8l!@XOn{jlvyYqUL6gvcKD)YEgM2Qp)7PndERl~Ts8B}4;s3ZYZ<q`vwN
zQHZo2FWdGG^&;hpg8o76l{a?MW*UB@EC)UU`idX5Q&w2PT$tbh{nBC3+~NC{?a5Z>
zuP=)<%L3Z+;`Wd?X+H-wT(<K%_2R+e8t*v+_6u`CA^5%%Iflm>QDK~Ya<)HnoP!p&
ztXe`m^Z4Qx_H*9JwSANQWI3NWsl=Ym=c|M|IiYN1GJ^Z~l-OR!)nSJIL|jrPAL!gu
zlK(n7GT2N@uq!c~Dxq#()7?6_$gf;UIj0_a<=$7W2DW|;D(m8|?cmG`<_Ic)@Srvk
z<6gwKuvXCFB)*g8xB5N@>uv0?<~g@c(#bMx4nIh1l2>{DRrki=&l|XqAJ1y;JOhUF
z4hCO)xLTD(pCct|TpeNp_^_cBQ9st8C3Wxokc>ip{0#;>tvYFumGu70<m=*D?rrH^
zS6<wC3JmA?yt}`XA0UZZ(@THt2*9cV<JO%U++FkHG!CJ5b@V9)7CFdjVhXn;5OV+A
zgwmT2u8=$Bzw|7eO1~#TTg|xpKkU;Dv;n&AM%$;luoX4=sWYwvre+dl7uypKcZ)C8
z0(}BAR~LBh6a&LmhX>XHWW5@;r0;Yk`SZE6`Pq~C^AX86C<neq-6!&Mjbx4(Ea#nW
ziaj^6<lSJ-z`J8p{@A!`zx$%|GPP`o+=CX{;=<LXCZ*C*(vSBQg?-%0KN~0V6Bhfs
z4&v+S4~UH%1Z(mJkz2``5SiTF>F*<)v=@8AbmxZFWSgh6DxPnl6eyH`UJ^Y&HsDmi
zahJ5vHiPBE>zRC2zIdFM2k+Lmzj&)kI_sj)fcQt5Pwe>_ABy{cc3%P~MW^p$z0DEy
zMVYAnGY6uSULhYUiPK`6(8ilvno+9-^R2+-{Ci!s9CjGXG?VU?YN*4zTN{&<=+q^e
z4NX6MU)YW$plI?zvQ^}^F))%F0ADGYuj<n$LIB#J2|t6I3@C@m8NJ{owZ>aQdv4cw
zz=x-mz<5`Fe45nQp-Gi7i@h_&lZ>o~z4}-(sC~BbPy_9dysVQ>3UMJxi?iX9N1U;!
zcif>UnQTq0iQk?C4%)c2dE%W=Ma+^@wDGN77NNB0d-tYxW4N+0gMn$p*ZI9e$+=W?
zIrj=fzsVLM6D@#jos<=s7PUxrL5RETOhimYe6>70(muPvaqIbd!p`GY@P?Lyu>j0y
zu3=7`@`BOKw{BhXqz~*(6KT5-5LVlOELYCbo?FAHw73-1G_WHkYPERYB;PCA51t$Q
zMXCWXCZe0&Zr$u$p|z<w&R<PfRa%anJlMKB9JCSA0)qp7WU?tB&FY8CdFogRx8EzO
zwz%vE2M+FY;3M4^){Nt<MwF~eQ^UR?=aWvt?<r9e<aXV-uiAa1_A#{x_;JE=UldPt
zt_f~2dCYOu4N{I=*~w}d*#B{X<DyT!hXTjWLlnxjfYX9(@mjuTYomBuCDZ1fmU`&@
z_WR3@afelfwRHi>FJ2DlyFr%Kh>y$$_-zpOZbfT__4iKAD>r{@Ic=_|Okeg;b+lz$
zZgNSN^OJOFwYOa&ZO&uapELw%sj<n|u2-?H0{E@R2^Q<-_S48(nzppy8Dv14$%0ie
zb72$n`Ly}XRf=H(o9<gyCR%Ub&5^mo@#9h}Usm$SycF?O^xdn+GsdYuZy0rQZwi|4
zJfdp5*R{(epzq4_v9(m^zFFq8yHQ_fGjDWIYdY;w6k}SLa*hp6QhvUa<-X>V81$nw
z4G>YBQ|WwuYu<{+G+S<iKdUoHm9cOY`J#*q7A{OOK9Ps_&^KP4lG_djP5?gy@h!Jq
z<Rw$hsXlKg$yGKz97F`9b8vc)NZ0kyO9)LraZVG!(3&Q-e8R`Kt)%L~8u|Ae<N3b$
z=i0ZPkVWL>6EE}y0@{P@D+^@m@<T()K$UcdXjq{ht8Y$xhi5TI^t@+=*xLB02b=g%
z&LuZd{7C%F9a`ny12x#wOFu;L4*><Jjbz1SeXqSLua+?RdT0g9W6I&NY;2|J58|Wh
zS)CqO|5R9=k(=JLt&RpvE6LytX`2xrt=LqNZenMA%bW`Kmbe?PovO@FLF3U=F}{O<
zs>QcWD&CD7tSOBImPy}VGpI2drYg2ENZmczA-WDu26d^3T^ZAhh+()LZcde7%1&^+
z7|RUrr6bfV8EL9sJ;y5ynB*mIJL$D|!Yi*MRRKyk%a{{BTQ#|j<;5{Zd|Cfx7uFZm
zi1P3+!$#`lHeV%i^aHiFK}ASdDtKQ*%|1Ilo_Bb^Q;JWS8Z3(C25xj$gGV{rH@Ykm
z*zk3~j_ic9MO$flTwoULeM60(uudle#M{~!wbMqIKywCaF{DW8wHlwhc>+9ijQEoN
z%YIeW_U92@R3FsHZSbwMvqowWSEW^fd0lz__Oo;BuC6=)r&<i}w+E=}^L&s;oOKK+
zWBwB^Rqzg((t2BeG-Kaqc4|n(=KI}Xpl=4Iy(Y`GC&RD-1`oTI9Ku?f_oT&cLz2${
zoLDlTSe_z3VRTlX5)K&TCDSwtD7Fiye)(AfgNkj-{bbT?wI8O;4D4}5QRSb44qSbD
z{-)k-BIc{LR#2N1_+q2))DOSgS9=M$M#ZF2$)zHUFAx6KLNEJ}VOX0DfCE~2<I<>A
z6-IPw3>9JM;f_es0$bX4iI|Nl(4qLg1+`5%o}v7j5n{SGG{un8<?5Lp5d^laneG}@
zHGlh<+f6p`O(Ka2Op!$-5}4h^v`14B-Yw)i0k-SWz=hx%))&*9DCMqbKs#7H_J$I^
zBsjsIF;?ZMQ9Imk7|g&sJibhC6UiZ-?~`t4>jm}*oew9`eMSqh3Mn%l4f}xU6=IdZ
zY$9m+p<Y|2TkP>GN3D7Pp=zpBs_ykyEe&v#@*d+wf8+294Ekg<GZB!gd$lX1B22DN
z`P>aC$OY{f<w7EE@`7b63mB?cv|VI?+zZ@lJZ;`2NW}tn@~h+s_ktuB<6vs+k)LwN
z?L3f>%-$OZh9~*59x>N3;Cle&tI+^7W`)5B;}2yzB7-1}-W%4V45*iQZ&9JxT)>*c
z#bdRkE}jHkhKImEetdjuOCU80tnLCKkohf&9Ck+v4%j~oU%SSp00(S~%i@9PXse4E
zif9@(YLGjyDKnHKa{;&n#iFOkb-6D*)hd7=)h`yR4rRoPy_0%-1`h-K1$t8jUS8&f
zGN^ML%|`<f$?Ct&+ZHoIsCeU#Am8BlPvD1Hlqz@{Dvbkjg#rPxFKIQ$#9W8efSn8^
z9`fB`jEqeh1WrJD(vi_&yX^R%=K~pv)P>2Ppu5u_LM$z}WohO&wMMRsTW!PC<ISmT
z5~P7#@S6=q^>IQD`h*=bm_@z&SPd(osz8#7uG_PV6VRnt?*dhL{0>rqwX3u&Gf&!&
z%hM6Q1Bz6i#em*tB-t++Crpl2%H~J^RBC}JP=3A+>{vE$$8xg_L=k3xLO#|#fJw*`
Sz8(Fgt*NG~TB&Rk_WuBsts`~-

diff --git a/public/Icon Padding left & right 512x512.png b/public/Icon Padding left & right 512x512.png
deleted file mode 100644
index a9bf4b0c063fd675f5935ebf151227caffcb7bbf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22728
zcma&Nby!qi*D!pB4iOX)X#^#uM7l#U0Hvh6BnRo9K@3Dn0YOqh=@jXhQ5vKqhL94G
zX6T-oZ{zQI?kDc|eXsA2xn|DnwfA1V*IsL#mk+cxXsDQ}APAzlb6Z^(f{4IRB8Y+v
zeC_xT9YGN32Pb_aZzC;DSzEZ9u(ciB#$MRp%>#@>ki3$=hqbMXy*H<gy`z)60vEO(
z#l`7lr@&<>p(U#2p=STc>2{!}y<VWUzHOk3t&AO)k|LG7zbsh5&EDIZ)8Eb2-AmSA
zf$Q(Ovf%gW-y&R`e?h!m6u6AE9&oC`J?%Lqge8PUxfH25<vr~jWOdbV{l{eRq`>va
z+uK7{M8wa}PuNdf81CsPA|@jvBO-cT<ob0X03qZR;O=ehFXZmUeY(UyYpC0M*?Ky8
zcss$}IZxNLwt@S2D{ygvanAq5%+2Fpi@SUM2laptBL3DMB4Wa#BL5xO;}P5&?)3=%
zf0^>H;eVTGXZx>BJbXM||Ke|FD`M|z?`H4r?FHb){>Mi4{!afz^Z!8WbmZTb_jYpl
zzkr{P{2Mrsjh5EG5c(g>|0mUMZvO)xFYlYafN}pJg#Y6VFZ}=ydl6lGFSw7Vt^G}3
zKo|F4-htg@)jaL3z3tV(M}h0Q=ygdU(d$B@H}u7>%Zf?Kib@HJiph$K{tH?QZs+6>
z@PCAsmKDA6zoCIX*;#vA|NnvimxN?bq5r`O=<@#?rT?0w26u&f0_*@4;(xLIuc13?
zY7ac&4o<FM%u828mGjO`HAyiUNlBsW!eW16PbDY&z{%g<)kxh5h}{clr2?0P*!BN4
zYW#m2{kyv!Fh{V(KTDoUSN4vZwWGbElb!dY|61+81~l#69sh0QR7$Qsr)FW`?gZre
z4+?)L8U5Fo0@n>uQIY?)lkvZgothe_yq&GA?Wu&}o`0YJF+M%}$NxP2^XTfNXyD~$
z?arxc?c^vga%zs?ufLY~&(nXx%ZvQ4<>deBtL$wjFR($t|7(Z8t8sGv)mB+++fxD+
zxI8@Jc0RWDc7NFnu>EJ$3+~|UXYFaP;s_K~flI}~!3nS;fKyypRQMlu{0r3Ykv&-E
zf9c47Q$&&fGZp`a^*?0(H=hLN{qrC2b--zg{L5>ChkyB9dv~Cqp1`ZVBizY?AXu0a
z(6oQkFbLv%?en@%P+jLjyVAB=3q^TZS@Mk{hnBpT(bvyA|G06B$<<-%M0a~`cS`e3
z@#plcmbOw-1kBXF_`>TqmDgU<1on#SiFc+=)Gm0T_A>?>7oJF@>3psWq5E9><YLN}
z93$7O-ZsXfQKzpe8u|mnn^vOA=EpV7Hf=1i#)bG=MDf*(eulCel(GB;59u;4o-Mkl
zA7A~fKEeBjaInDY$nPiLs&m){w<|jHuOr?SJyWB%a%1$(ah87AeAlF#s=NEKz4*;f
zo*dg(W7OS4wQWlMX=N|xY|Pm`zr(X3){^&KQQn^^j=^V(9I@@#d9Q@4qKlbX@Z)Vg
zw2-q-0q+%_oA*09${h9xaLe7_Wz}YrvoD_WHv6xHw+S5xGqo*zuny)3TRSK0Iec;g
zi)wgfQQ%w>@@N8C(OqzHB5Yf0G4w&U$&TUYm!|P|{1w7RD7-DywsmVA6GLLKmm7pF
zeMswr`b8Ed-Xfs+M#sY2@w9W`c%<~WZR`a>3Qtczu;HRoZwTUq?x?Hi`=_l<2Bdv7
z2ob^e<rl0QTUj|6>5I0}Ra<tnnsrJHur$8BvQCwE8RHT)PL*|uUgFkV36e!xR8xOM
zN8L=;eKYr^js8!+Gs}Dyj9h$jt>15m-t)uMB8I&0`wUm4g#={u9q$rll*snU<Yu@p
zA1mBbxT@SMl=fv^6sm4nC)eShUGzV6v^I+!MKn-YNg>VYYN*lLklf{dat}EYcT$hR
zCPc{#^j^rkpW5oNNLgVJzL%6vr+AZ)*a_o-626RES#0``mDBCoQ)kd$jTL0al6kZ@
zk<3a$)haU=At|DovqUH&4<RH=9d=xXmdhlJ5=pKJ@i~>;B4iItgzl7vx`))lkfapX
zpk(qgHlk_L4F<@N=s;yZUG8dxNz6as#(z{QPo#SnQFYNj+DV~RXhQ*-euDOc%xGtB
zQT+U=04GnP&67xm{Lv)HH;LVgh#g16?hDE~pRYq6^dzCtvz}k8IXCPfLq92TruPoE
zL^CjY=<b{2eBT5fh-#Nbi(ra+o-!7Ri=CvHQKK8BnsJ0K)-9|Xk?4er!ZwhU(AE4q
z*@$f0XP+W}&AD)TTt$|`4q!-^x`owI>a6c#|G>2K#62v{Wf|tM+p)ZO(z7xiK5G$X
zNp!#najdwHe<k$sn`%PxRz%93cdU1m0#lOaBMNMv4WRCt3vx_Q&dfnosx!RM(PTxf
zrt+cHKS)N#F6|C!5a|1u?h^`GvCq-NP!q)r6-97k&`68|=UrBMh&CB|pqobaBZS~t
zxmP;Do9!j^1a((wkK^7Mtl5D$lnMnm0N_c^yBGcezTTi&DtHCDx+~?eW0`S=!i;z(
z7$U&JEPbcj?2tdck)Vlzbk8h=^~^3#PXrPc%T+fxaAUzcmIee7v6Bm5$)Vu<W63E?
z<d6QBlQ6EW7L7nl26fxY59dz|`brBizjvuwNv+7x3sA88W+FL9u|Lmi!!*DoaVX(w
zf(9X5Dfjx3p^R_E3o8-iebt%kkmYKVeLHIe*FRK8_U@0P97Ol4_AHHsyT(zyn`}@C
znFl+G;$(<8Tv*-uABNvtkk1Qb#s$e$QQ+<S@)M*A5$Dj3BrW$YdzdeLU;BCOwu%QW
zq%)XT<W!geuh=WrLv@ym)U7S;Ieo^LApMC*N{Gq=HkNm3F-5OCC>$aAnKRJM`C#=m
zj~%S5OxCiI^-ig7QuU{oownr!W?Jay*|1n*fAfW?HL36pdLD>f6!t#Pj2F7NKVYa0
znUOl9-H(*MZQkDC5ZM-|XaEe5%Y~!Z)MNew-#LNNqf5Any}sc^OQ|srPqtTm=LCfx
zTE7c`453k?naJLyiK`K;v+Ph-P9D|mx`p~{rrt4bS--*y_quu|3K3LjdeM{7nZs~Q
zu~L7Qqq?9djMG_m?!AfFQE5I3U>)h6>D_0LuW_@dmMWVtFy{p2LI+(lyDOQp{<x#z
ziwfLCz(yjV%1R&1t|41ey6LX}SUSO*xY2!U=J;nK9zwT5Q{n)YTp(RV|49(w2|Glk
z?Wa(;XY_atHB<X?0JWY{Kk&G79OZ6avPZ+mYUqmBbHmC~e1{G^7icCHR6f2Ght#zk
zQhpU?I99m3iyu|HHMa+%Zs8KYS~fNwLkBmI736R;gi<SW#9J{KXP3FEN^fUE*4~Z4
z&c$g1Pn+$UJ2H*a3j$Cs>|k*wx*?2i$(l%c=t5Ptug=bUd!>`omn&YC=N{}=3Mu_Q
zct+_BV<nyu43{cF9L{L1(E3h55)AZERvHu8<!moE4T6QkWq}dA*2G3)ob&|tfeC_~
z2u|Yh6~JQQBX^vEB-Pz?8F#vUf20m!ZDps%u4y0@pCyka7rD?N<2g4Hzb>s1zFFTJ
zQr3hbJm+mM<m)1|bmor=#~&<bHV>d);rS9$lkxi%te2sm#OV3(K}@Esv@H%sC80-s
zN?>|LzEf-DPHs+5pTz6_oQ}j?ryI)-lnbI1u0&<_9&Jb5!z{T~z%wLpr&b~oWz9=)
zE1nX1vyX;KhTe9{Sf9_9fHH_@w!Sj0(3Y1(Ge4t*bXbPSk|SIQx5D%*P)(Rs^BBC(
z!~;3JC0&iD$DgA)GRG3^nBVgh;JkF)(_;CaJ?_6)Fn_PNG`L}Bbaotd=@>p-u7wkx
z5XBB+iT!Djxl9=4=x>^FdBwrx?3OMkb!&$d4T=uuG<z{{EO4J0UsEyniIdkFoR8gG
zGjxa_lOg$d6?4Yjh@vSAna(_GGk4qY@{ZZ+MOab}+BFu!%!tA;XQsZTl2tMRVVKpN
z(H3waREE*K{n}86Hz_&KSU4ZC9N18TD@@>5swSVAho%($SB~hm#S=JzL}WY}ZbuWR
z+J3;aguG~=d-)oN4Pi#}L&6*lJ~#y-=WI>DS?BY`kS(1`R?HTIB%zk7;cN_V(`Mh(
zLKm};M*Mm7pRcAEj+|ksE_Q$c>ta(U<}IUd*tqY|n(f-O0V0_4abwS0`9Mhf30>x;
z2DfJCo(!F~WQcCQ&0)t;&q7o2qwbVUs!n;~ioN*qL$^K$%W&U%B8dI$Om=v+TTSWB
z;)HVm)%@*qR%)d<Q_{6JysAZsg+qFhI7_{pt<k5clI%2LLgCf$nSJsv5I};bpIJuM
z>=+{iXZd0t9cf;?&-ieSbFS<iWq&A6P<s*P&xPzeGu0Hvan4m5EX}`t?zXws<HC_o
zK_%UlggSgHt53aVlz!LBRWbxo7&W=0TTPO~tAuk?lyQ81CMtPcR6`^JAI9H`l-ydA
zgpFaoKX+$w$Kbn{mCm7sp}wj|(dXNkpe+5dsJ$+#rxfEQL{0*71c^Ga%>mQ}dTt**
zC__Rzs5v0KLaIo-AnZ*W36hVzDL2VwS&A7KtF-PqR4^8+yo)Kpy-54|U|Fq`GM+Y*
zYUa}^yw0Pr>)!zUO-fRkVjlAnzlk)L@r>>xwQETSw;^7ROrnju6lr-=VqM_;%`&Ss
zImQ&DilVya3fvY$mtqSmeVUJwGzd-cEQZ;L5THTQ{_W3sX{X9RxERo14F{Sm95sFN
zY%LXKt`vNKy70?FJ-)y;$t@vqK+*6*Qof=hgbsk%b#w*op95g$2Gn682TL(-LYGpT
zFW~3?P($}Tg`o>!JcO^d$vKpT$dOjkZS>Iq%Uu$HPtG<&UibJ$c|cFAOwMkhCgH{H
zsE3jTeydfzwlFi<(Jx_^><KcbGI^|M!upCxG8-`&SWuIm@(|v=nKyCRi(ml$aIvcL
z2R-LT&R3ZeJLO)WOP{{A^Zk%6%U68VUnSBsvEA5U71R`4N!U6fMWV<&-l+ER=>WH)
zyWqToZ3tESv};1b`{{^bnX;Vq+%IO#@LUd_7?!3e?boc9K6LBrsXKY5^?vi}NRDJ;
zT~QKuL2Njn@Vk5wpWfC}^C!EekfJ02eof`5Yje6i+FiCP2Wf+|cOj^pfB9wr^`kb$
zKIP4&;Y7W6<~oX~&%e(>y{u{76Qm2LOmkJd)hZ11g-YFA_yHfbAars7v50{WK2HVs
z=BmyhOn07wV_G>uAT{5ZV|U_<!Ei=lCE;^b!qIzU)Jr-{Js-?F|3re7Vy5Bi9~#<?
zq3Z$Q$l>Fe$e;dJ34c~;5r3pdSy1jk`j+Fov(NLUsZYBuJVt*I@rAGkxCi?_@$V-9
zjmW6!G{F(P%kqBRUa8!Xp)5uxz(5iv^V>6QZ5&~a8*ZnCZ4d=aJ?HNp;e&uswCLc=
zhNTUic}BSn-8$7EY7kL$APP>CbGi$O5P3v76kj-1IwRK{TOSSJhKlP7bRUMbG>;P^
zPnj()Fd}DIslaBP#C`TT`l@I5^B{q$yRX6d8u|5js5B5~^Xq*PGJwUIt)Fkfmc&#q
z7dX23DubgBY;pIf0!~6=()O$%c$}%^&Ufc5x>Lrt?B@+*m{E6GB)@jv<2bYY*=d4t
z+AX<{B#mN5npS~J0|2$!u{?EtfhF6OGma_4>N=TUPNFs|!PVEb)lt4JoSrzCV-VCn
zW<490)Qy-zOULu!Z6Z{?6o)OuB-TEL(n#tJ3i#BS-7hWFs7&kG^=<ug6q8wc?C;~%
z4)f0seZfZpI8*z>{QgMD`1~WCY8vuVty+8v=Doy`U!~cMKmf%J7d`27m4t&chrKlI
zDZ`qIK)<Lu4bWb6(h1WmE;*r<?1t}BMi^`yxE+E7a2q<Y^{8qC$bx6O6H9fQ25|I&
znYIWcgNMxWp2Dz2tKWm+yKe+8)`ghE3#aegxg2}v)vwG&de}+1G4*e10DdV=v;Co_
zRy{MWP?t)S>g%2A#{TSJ!+Ez_6D}PYOwaXivQTL}cD$@D%kcLlFd^Z9Js^n5M<Ah8
z*0Op^x%;Y)FWz)`E+F93vQy>sLbF)IJ<hAADnn61gnbl77gkp!Jh{aqH(0ssXW6I|
zBuvkpj`<iEGAB&%h8i@RT$*vwy*vwm`G<d8E;x-&wG8&g$1^LAe05tEk@mA$LluP%
zD<&rT?aGD>m5w)91igU#V}kdeI~}vf2?2gy9&4bKqj=j(-c_EH<8%Bzu<34NoxS&j
z&)D<WqqP!0S|S7uMd*EHqSGzxj(IHon^Z1rC@fboTpu0jjjLg07p!t)c*=18T6_07
z0YUxwXRUCU|4SQ@4sNje2k8K>i)}D7zG2JhhN*J<@SC~0HLT|XYwZrjUSOouiE2<K
z@$-i)g!<-`&eIb`|C8jdsc(r}km5)S4W>Ok3g3N@@s&c%MLY$;Y(6(n9ReXSUE5My
z6GYrLM9RNkZF4$`9&v<pbbG2B1kmbq_zFzq(4;<XsZwCM>>&F6=ty+qkFpNXgRN7|
zw^#b5g&V(mNpaaS)Wq+DX*SLDoty9HBfbrwJXz@PgQJjt>m=H|JLC0bfPGVKAiZST
zk<a<|%J4Mca^EYYfBxVo6Rfiwe^W#C8ezzC?kq_LEG#-jf%C8aXGu7V`&aBMERXOT
z`jy1yJ4FXZVesaSWNR3`H&*#+g+JT6=DrCe5Z>OE^N>aw3hu?Q+5#%#<E03n{Vc<)
z^!qTyn09c=F`1U+Y=!J_x6V@xhYnTaR0F=YWnVMBLJXX%*|wO#h>+f%cSOGHWZx%l
zE2j7XRL_OlSeGKXqiXm2)?5W!%otx!DkAYM)pb&eXiDhyJ;}kkI-j~I)83rV3M9D~
zlDJjB%nEFl-T79)?l*yICz95!xb?XOxHgh@?x5UV@^=g#L$|29&lP~cX;l&@=9KNa
zd#6@mz83_imkXYC(g6OH98i3GUccm$>zX+J@X`JK$HS7r-`Nwi2=$sB!BOLe379nN
z#}Y?|_KMVEq*iU8eSUxqI;7@w3V+o<UeqbS>meWrr;jsZ6H&7B*HP{Lcwk|XU*K{>
z>U!N&O8SKZ>VSc^>|JdxmQ$iDXsB#fQ9Nq}Z@n1e%&&*w>Ojc9lHoGJo`is`B#?*%
zMz@_|dgf*lG%cl-qAxEW=Yk%}mccpNb){Q+!Fd7UgiC3!3cf=25W!8Bjp#P!C>|iF
z*Hc9^Vs_OjHn_vW!0lL#s74%2rNio>mUl6dSmztdg3`n3*hfPO<$GAc{0)Wp^DehO
zEVCxobxlZ9pywD&uin#yPK-#(PUl^pvno6&S#e%AG>A~n@^arWKC96#;I_zfTR4fk
zt3WSQ;Uelx7&}rao)IqJ(Qsb3l>{9NLr&QGJt5jqAkqs6K5<&;KF83`v%I`(h5}wW
z@kr}YUsZzqtox8#`>^JZP{f%TihAwWR6J1VHK;}gY^qWTj}%ZVj|_Yg8+k8>V7}Y8
zc}-)s7m><DHvQ5fq8=aJ_<Y<!ptM?*cg1qQk<-I0<fh##N+bt06iQ!D|NGq`MQ(%H
zd#QjqTT3(2`-xlm*BBEL{R~ir^Azb`Khx#7MP`e`LO`OST^?y^UBeVN-sb=D^p=)B
zG9n1qwD(@-_GmGQ@d$9`PQ;X&y}KEtMoZ>V<lJrd9OOJ2$7Ehw6P3yNT6V-go%$V}
zT1_=XrZ<=aYtzAX$q_;ZEOh%<6T&gJ^0-pnTiBn%NXHSM7pp)R3nq|PxtvNEQ!E|B
zbopdM?RfQvppv^vu1{XwE4kImg9!p&L`1m5Gwdd!8-a;^V=Be&Y#}ymO*GRdf+l%?
zXcNun_N4n@?y^O=n{JjKs%z1*S{s~mT?f(_jOH6G>Ro5xI&6man)63ykjz->=>;hh
zLfbldfEE31sy>6X6k%yYzF{n~Yv@ZXXYRL0Ed>EhSQl6EUHD{1YpnspDDN2-NM7B2
z9`Fb3ipjO{L$U(%JS(<*w%qJ}x5FKkIkQq1LQ^ird^lhBh*m~U$MQZox>@uj2HHYW
zA}u+ZH*%DR)U~HL1*hH_+#;B`4L=B^$@=}cRnmFIP<pS`0KNV7V<<=Wxvpqwx!qZi
zQvl~wY+!|#6zsreH8hU<G{ng*4aszwc#eJg;e8Zv23VJ(H&$aqr2`EQgPI&=o}X<O
zrQ`&em4ki7jZmm(?sre0)sDz5JbiGjvh@yjug4O*Iplaba#^6hsbslSM%Y#7aR2?7
z<+jV=na1b0!S$2Sbav)wG@bLlYSg&-Fo##cB#&5sNU--#Y4<#K(9gzBuW31WvOT2l
z57gdW%#tf)^5Hx%i~4hDL!jH&#u{dm7$noQhnaD5L0%6p;Z~|v3fSW%(+G+Z-C9GX
z{#k`B=%c`-3p??4C8SBP20*4U+;?3V%7m3k0nLfq&$p!At#@s{BAuwP?!04}dd1+1
zQB{K_yl*$waMro416$O}&ER}ROB4DAuH>dReot6EuJ4*|x*O^t=8r$F?NpZPl&>g`
zQprfb17pq_f{PQ#hx|O*RZ8fF*2Q2H@1^80<QpTSI8NfG+;MX<x5O<Tx5C?x^j*K~
zm5yg<9sURvyjFSuj`|B5<x%emf$KCg6rbLFjG|PQW`rF$t!l@S^1^$+aVkfhw9k8n
z=}uhbeae1Q@GT?Aif9F0e&RN8D1gCy3~j|&v4YgnK>j`4{4{;@6(p+-5#4RLue%7c
zXT}1#7a_4*sN42YN%HGBkJv^d>xV8sE^G0+J&E`mkKI+CeCl5PsRsMmo@F3_CgChX
zke3Ph^4@;Et@Baz?8U@v!e+ZU>9QI2h|%*%mL$~<y(CeUO!FD#U=Gn%l{|ZBMMU=i
za25qMDETV!olnYMH`8b>Sr*~5ZP=dvV`37$b$XVg`o0MS_YDpCDvu$mWm9=XVH8*!
zXgYS1vS8LZ(lFtI2k`5kaDno%_-^)UnsI@7HBHN7?UrB>jpU4MuM)hE%q{oHj^ued
z5eKWrvD$PfgWAe*wJDCbWNO1)Yx9We*5%xBmzZcje0?BI$@!w|XG1ehvI#G3+XrbK
zhS|=}_^ryR-b;pBHi^$T5*=uT@q4oCKYL8~cz3FBxGL65A*L=Jd$NCdD{o?~`&E!R
zslOU$ZZf3apPFvkvSAyBX<4V1`Qx};(G;4rHm*rHz9h3U0`E4k5)7dM$)sd)i6#w#
zFZ*l}4`BYleOQB}FYlwMLgWHxgr>aP`I9f<Wq*dgxO3>5#XQI#{OD$G@s|0*vf)}n
z;ofQ}_Cy<c5qv*bC;D0ZNILb*4XAN6<Z=z7f(<qBs;!njTqIt~d~I7|dP4)T$B?&N
zqG#~qSN8onx0<@9=k2N=Gy{T2ag_nMn@THVG&31CIjH7>i$rK9<b?(%bRuwh8`6<K
zN~iBQu-ha&H0<4bHe`_-Nft~{G+5p>M+`qUR;XI56@cdu&+x67P(bv^Mc@yrA%8aH
zTKTc+@o1B=v!R^{$|hhQqo><%!098id`oLXYL<JZSi0IKCu`5FXY05(A6HQ%@9Pm_
z&SR>^2BFqI0#?L5nOglR1vOkio2@o|dArWibl3d3N=X${s+7S#ykp+&pk#W!+&M^g
zUM;pRWYfpIM-=7}L8&Y&OzOddR4A8IrE<;<RfxuiG!BgaOza)*F!mcCU0T7&kCa$$
zA2C;!Zy6=XTTDzXg522Wr5Ffxp@WGBdb!xsO9M5~qcv>yKlucsI-Q2#CmBu*PlZl{
zQd_xYi<o;^8;^@6y~m3M7P$GnDjRHmWZWf{#8q%ZtisjqX`T;lUx~qP12bCJhDxE0
zF(445D1C<MHQlr(VL429p3w*P_H3KEs^YgMtTA|oz5!<3aq_c``ZHzc&?coqUr6YY
zEjtbip~N#xkRnIDNb$^^*1(1q=5SHzPu}SBu0<tpE5XGV)sm_xc0=4oVvCjutyT24
zi76oe$tnMd{l$>j)^+OW{E+5~;A-mfKLv8KLJEczQQ^p6b_=M&chILT_P2%t6BTT@
zpoXS()-zU>Nhzk!DV4Lpd?hjuDkQdT{hsY%va{5gi<LbG$xXgYY0JH_GKuhs4D1$v
z%on|P&-i>rrHN+%woi8*7D|XbxTNXho{vkZw)&|Xay!xsEF52&2db`TQF(tVN&A9>
zVK7cHdYrH0mR3nMVg)Lq8n;mcoH7HP!axpCu#m4Mb89=xLv5EYJREvMGOfRNSF{Pa
zp^fIlmJf4g9xsUB5m;D$TkZ!XL(*SKIEjHdb3pz)$XKGd*Y$()+P5MYu)Y!t+SeMH
zn+{pF6-d|KhZa{NI4bDJ7X)?;cVz|M3ZCfchtga`sDlvh?J$3Gn+Fr}ni#A@9Ux%>
z^$~AaL*X5hou(ZUJ>%${$4%>VA2eE<R;nq-K{91a%yUEm^DyEn)Bf3)Bc7m$(Q)c6
z<&ca-qa?`b=kxLFi_^oYkK%Ni_yWwfYrcePEC?&vy^&d}{9u+_IDjfH$IRL9z?m1D
zuaL4l`SQa<6S_W_nqE(gE`&~mkfvOIyh@T`YM-LIrIa}ImW9LPdxlC2uXNhmeEd<>
zRV%Q2pnb`pc0BJ=C=WQYK?r_*C^bD5+tX`KHd6|jQCo?5CT;z;`)IP+Yp92Mu%;%U
zhq7Nd%CoF4F4$AGu$?>>&`g7S#Juv-b5`rA%PW=w(u+Ek9*GAlviqyZxq=1TK!qKa
ztYQ6n8}df-JG-{o=>+YhdpBaitxYFA9vH0l0f-erq3Yd4waf-7WI<#F|GoaZ*<so6
z6LNjg@>zHOUYy?G^IaC~iAd1T<7+Q+7Y!fdsCcsyN~;|Zua+aFxIw5X3&J88P&U7P
zhlMGcnb%O$8DUDz&umV^>9%srS|KEV>ZAMhrpGIIQ`|n5vFfxs@LXLVBD~?Y@q161
z4Ba@jFVjn*ulrq~pUky#hXaA&eg{vZ&qi3n@%GtzhH(7lC&nFPl;)BcOdd_o+~>do
zsvNc*jmKoC$kPC}ANznciZAt&nK9HW-PuswEi^{mQ7R(Jup#%EIthucONzg8?hkY9
z=Q~km!=;`j&I~1Qq!W*tc_~gVoHC!eKuXS!2B`t_Cq=r=d`8E`=TAra)sLec`pJhS
z&C*!}JI1PJU3{}7VLw>43`ahBH0?@^$n(3u=Zysv7y;EGM^-@c49%(JYcUhq6v6i^
zU4}}B?IM<TKkw-uS)ay<s8zGXcCCX;499t>g1p%IC;f;Q7cL-tgg$%xs3RwmrbQE4
zHmD_1`u2KUf7M3jJ53It+z1IV&s5*Nnftup-Ti1t<e}NM=sIspwXyPnmFk){vQiBr
z3)@kPxq_qS!=~gVr7L&4X}&QbFM_ZWcLA*j$x}CrTuga2k$u}W$H6v67I;|KTdyQ{
z>x0u3Z+#Q&@~6NX6qT0W+Sni9xJyNke0v(N4g-erAr~N!X(cG@p{)B4y%!E1XyW{B
zb~vtd@RRVa$x6f;j9#&;YOm8TDHVd3s%(Gkr_5y!?dlA(SUvlI6_~Tk87$KVBQ<Za
z+}UOpN;c{l4^gpeZ@cnL=YP_zjSX4$KeYA52c=c=7jfCyBxrM?Q!`}HQh};KklRoO
z*^CG*jdCWXM!^$(n3~l*fG}1t_>x-+e0Tb;N+W)}9{<cpn9rrp4;R^PkBEFWznf7c
zye=T-xf1i&7C?IzaJ;@iC7Y;bXdqCwc?mVevL=zM#&AjedblR@A>52<x`M9cJZ-#}
zS#+d94ngfik?o3Q*FsL^6>#w)PeI;;z5sOGk+Y1{AvUugeL!~h!I}857chTLq*~lJ
z0-onQ^QNrMxKhsm%H32lwy<heP)yYRjsNHu9m&}Xfjs=?ey!`u^q>f)3phdwSz1av
zO-hOVWZ9^P@Rv?YReZDFE$g*<`?nq)Ulr-Sm7Wq?xHTC&e)asU<fYoWwvxAoU3nH7
zD=R{G*)eezpV3SZIVffphg1+rtsO78KvU&FccL$?v-rzCzeiRms!35-eng3G_J)r=
zC@MM`9jt<<jl=O&dV`W7x9#5oe-x`z-?{6PsLx~$e-{6PdR?G~932)MI+;)e;tsYL
z>+>FGkmS$-8?+DexS~4k(P2PT<}I&ygpsbk4lC2rHq#=s%TDcktt~1&P)gvCV#1m3
z8SsGu1&F{gc%=uA-R18yisNWo*VWghiIqqGMiDhcXa=APsbppDzcZ)FJZ>P#t&>@Q
zGNKh`Y;(~53D~C4Qfz$56Trs1A!S8|)ie{-=KIfIazX#u3vgsM0^eZ%@&rYhK9l)&
z;?#Bg!0qbVf@-}x725jJx}Xv53@7Ab6(1MK6lM^m?FK67O1#oXNrNsq1F3kma+mh)
z%eT%;aAYGAy>#C(<fY&-hat{8ouHz2a1yyNmqNZlAvQ>OxEk|2MjW~T&N6p)G|e&o
z!_(E1-nUC%Vf*+O`7TZVEz6~-`>N~57an!!I2y3j*=sJwgt|Ex1V^u$lMuWoU(WI-
zcATe&xQL+DhUKhqvO?N=b>Ey=fJjrZ_ZyIU1-T@Z{LmicGIDYe^~b1?xbqz`J;V#L
zVds2LHkxUTR!ag{WE**j7mFhN*`Jur8{+GjbyCyx{F*?iAPR2~nfE2>;q@|Nw-aYC
za0R2Q{JF=`gKvFbzqdx0PHwwYY~h{zV804}>AN%hxNzcmPwicC@~h9}$-H>83E!v~
zShR!gSdk;m%jE`0Kpw=zdBK1&^6SoXdON?KR=V_P!Hf$M)s*`Z%Q3aWYruIAZq{{k
zEs-8wpZH3GrUY3Up)YgG-6OPt<cjxwb1Y~Ej4e(2hx39CFO%!E?WffAETW1u6U*zU
zGzeX8ASzi}B(9P3<^5Y~>vko~zBtR~jY)f^jb%b63kdPetQWpdBei?B#S^()P)C`d
ztuPmR9H^k!1iP+q9^GS;qr_3qtp#%Ac~^Zyk6Fcxf_^L5I|d5M>ctMr%6RwtR-Wr0
z)(=|bWR?}{;$@2an}X2#3gAh7&3ttH9tX}nUewMc9Z+by$1S0v9<YFj&}oX5WWA;_
z<ooFhGCMkQsgLdqbRqz7JWZ5RcjSj>K3y-M=9GQml)1|3p%02VQ|gPLCZ;lT&Fpyp
zTw3(r#Vg^INHxGdX4hj{r7!I1OY!!O!={|-2XJTaO7EFhJ#|g)xDOy*?XIucPK0!^
z^~>T1!jc$@!CD5#t(GX7`sUzituCFgktDr@pHNTIt{pK*4vsMwV*J5Pnth`@;dRD}
zXag-Ib4q)dZz$nckWh*23H9O*`-Lyoljka9w+t4Bh7BZl;XiUYS5{N*F{BJ%S!A)v
z!7f+u7aN9D&~kP4?s0_t)_GNk-Gq;PopzuK@ZQ0GR!H3v*c}~#_tWya5UO6jc30R8
zz6yNaQ&5<udAy$}LLWqn%U<YQPr;~0OnW}u^nW0#Nfs5OMPe>omN#uLDiS2$aZUY!
zVcWWL{ArCHxn^it<qOB6le*RmFwF}D40BlXia9~Q>ro#UU)qePjLnWlwsC|qMv6`9
z)jLHgNcJ={=rvK=w0c{{r+=k?NrAo`pXn<RvgT4Sxxb~l$hI$;eX>Iw@~+U<@4XY?
zoc(GHNAQM9_&N;xY!OF$+b<~at)DSdOr47cK~iP7TOY(~KeO-!+t0oM1!Nc7Qf~VC
zvjqWA90VwK^~YeF>cx$GItX!-!;GpsCqKvFX;__VxBBuCyw9=K#PdS0?Gy$h5=SU)
zE*FZpUV$sP_fVvyseRkdZ>_z74AE?r^G{vCmN;Wsze(l2Fe^?FMb<<1YFSHZCbpiY
zIS7hVO9OjFrO6)HFKVL5=n5|@gj_MHoEpMpB@)&B`J*&><g=ph);zr1%gt0ni7o|d
z@t3$?fVcz2&*C`ev3Ih@Le4V3Ja<4<2|IwIB3G#|qq59K+&577P(ZT$=Zu+{LZuzf
zG4slskyDSMmJZ2ARh6kZwWzJe(lJ3-{C0Yr{-#1#A1~8EN%9i*<>bp8&?JyhCf9^;
zB1a=wc1BKE)b}Zdw;QGfhv&(v<GM)&m#<Ocn~X#ljf!v!*n8!2{pvqSZYSj7hdGkj
zy)lZ8qK&gu=`+}b^&LcnMCf#9c)L#Z$PTLKd$`u&jw|^_`e^ziu3m`l>ZA28L+|~_
z{6Txa;ceLCvg)4Dt7+AL1md2LdOMmlEvF^R5oii;cc5Or!=L&gbzn&62MK+&KV9IC
zM{J+#mzOpJFTa4<^3&&0nj~f;CgzDIw@OCvZp+p4LA0uhok)_64`4R|;EpJ3aRvLh
zsrU81^y>RH=x{v46<NHR`rruOz!yIegV#Dvy^rSbqesG9*46bu;{I-n8zJB@o2-#o
ziO73|d(X6L(Py6{R#7p)wQ-NbhW>*VPBKJvwm!PyO&A<DvxDLV=yBE0nJ#Dv6*Vmo
z-liMCiDg-A_8o8A%rhe|8?NAbkE}#fs?JnB%SNPAc}M=P?JWJy^*kF9deV2=K5=dm
zpH5AikvVl>;+>PhXj@_V&RWXupptO?vPSD=qJkdRTU2)pE=|CK?|<JRFPHnFf4XDs
zS`b#wzr1?Sd{I-0t+r8OqMzorWGaQ4h(=W6<Ep*V?w#G-`G=4pIBnxk3sbJ`iKQ2U
zXhS#D>>QUhBl0!Wx=5yTR+LCZ#g5wTn1q_>i4Ell2FD+}_e=03gf8ck7s*T0=j!RT
zPRrQu@lw4EL53W7qcP)<v+4_B<;U4Ak_U%V4Td8bf2)cT?Ug<H79u^M2cvy^J7bjX
zkt`rC?B`MXeu>GVw!+!TVN+Q7Wi(CDq#hG4=n?#vQFW9SuF7pJYG$H#n*%DjC?29s
z2s+&jX^IM3y8OBR=;~)VoTsv8`+BU`2dVsbWH*vjOsg9_GuhTo`a~9E>-c=h$3d6I
zYsU%HMu9<)Twz~Q`Vz02jqIz}gde%*sGdY@^%4XmRSe|v`S^c}MO<{p>p9g|skVA;
zYm>N>Y#ahL0S#N~89%prUdb&MAL10!m+sl+?!N%^WsBb2RA?;GjeX^r<GOd94@LH>
zk?Ihfb<-psYOC5`KuwhEzMbE0HgN97bd%X$mv-*+9b7=hgWG5~>8ExoIRYED1~Y!L
zV0)y99U#afMWEzYldmPMKoRC^&ves{O!(CJD`=otB%OUe_-ad@(TlDjlw0GcwXqSV
z(0neHdMMcB`;M39yNYH|%J`6qdfchv>Aa?NR(4P%?1CURSLx{O+d&rJh;#yI3zXbV
zN;CvH{Usxpy+dBo%nRbU)00IA_(vJfZbOk8jMXxF`_rNVGhLxz`#^pyT;Ki9s;!-@
zh2ltE(_N0VrqCEXY?ajG79fri5J&EQ)E0z*10@Sl#u`EKe*J=V*%r52{M+69@W+=J
z>P?QN>>Bp4A3eK|1~-gBhy>D-e`iwT`Wg!A9dQG(EZ(`jPZ!y_+g|M5vn)tTe-aC;
zqf%{>JXd%AQN;}2ldAKsaicNbjiHVOZ4azn5-9hX$*oU9dO<l-X*~6X7PJw&amZ^X
zD@mm7O*LmIj*sNTj--kU*Ei#Ux;{z}F*_D1d?iPCbwYx!w(-ky1LQK*EOj%oHHbFu
z!3W-jN+6ea@o}s^wpq-E^*F7!)ZSeM>nDDdtk!I<5*R##cFzz4R1!P+vI;oCk4tT(
zO$(vn>&xOF7Zn)j8W{#p#54#7XTqPw4<G{O1Kab5l`Njcw%oSYv%_Z-%%Q5SY{V?E
zupb_CNxe#*{ifS05$okpi>H33(F#WpZ%iYj@_upUD)%eJCk1Ofs)oVWH29<*4fx`P
z>BMoF?d$3+V79KuAmg-xLbB{kjf&sVq^>ujzO3IrE|zUa=uG{()%Z7XS=Yr;xe#KK
zxSb0(6cRHLx*qh%>b7-tQ!u^YadVRJdFsjG-1l-gW`5cIOX(wwpE&m8ZI!s+xe+-#
zE0WFxJ+v~@G3Rk1$bwqdL}aD0sL**dIqc`fdTzH?5Jr3}MV(9;oR>EDeTZvTPcR<e
zMPdD0E0|*Ous-u@=J_B#OJ8@b+Hb(ZLnB_3o0%`l6Gq&LHgv=WEu$u1SAhzt{x2y*
z3(tgA&2+IvO@)wyh-*z>?+=rqU%m^=dV4-(pMAO|B4uvVOKZGBX8KELlFRyKDIuOC
z$L!fxP!mf%y&JIpJTy%vY6cd*K2CdgK*2#Kj!|nNmQ|!3vGxwRGeUNy%vn13@>+Oi
zEczlSIA^W>t)`M@BT_M$xulR|<U2fYK2GAms<}gP&t3&BdJ}@n>yL1Y-e>vG^a`jn
z@)$p0TuHYm5e}B#p|~+pge=_3Sy)U<wY<&=YtZ|?gJ1;=X(vHG$~0BP7ffaJ?oiwN
zEi=%itKAKkM!qzLB_v2t;svMr=f0mcn&$`Udr(OcSP-cG@Zj0jiXUC^Hub?=DCJB#
zNUZ{Gh9IevW4W`V6?<h~c8*8JP)?$%)x0KplwLNKNYCh8-tiXK#FEe8KvlPn-*+Eh
z!ytjJdt_vg18hSOK@Z|P6D%gPenXL3&t>Y`O>F6d9YV{2gJLYa?hY#RIJv3H$<S{H
ze$Q`h+IPoNUw%o6?kWoA@h*8uq-C8#4EFwQJ>H8E-}!3@=9oPgzz4zj@8z7dc3rVr
zs{LU~=-OHk_$Ycn4!wM{A{y%YZNFo}VbD54VqgF0Tssd065Av+V3CJMJp{ztOGQ%~
zj;{b7v;(z<OC6zyk87_}^2IG2mtW<8J^UmzsW>WdJS<pkxbd+NlNpPRc!#eAOgIJ$
zjMU<%r)%A<oqNRX{Dzm57y9RUBPI8=qLy2K&)rmtRXjUXnxA{^Pl~@&z^f(i)Sf3*
zL3F{cPro;_K~r?~^k2Ze$vJUFaeF=dVvtK;+~iazQTnXLWJ1nPQjEQmOs%)Pz-u|8
zWj_^bF|HOq)T8ap?n*@KOp(M<wfV7#Gq?KrKNv??FeqU@y2=9$QAwS2v$UMlai3+|
z$(a_a*SpWA=v?#5f_bR*_chhA$5!J#4|^Q+*$l<l80w3ZT0B+WorKrqPeQ#H#c^`B
zeor3)b&vMLp_<gbm&zW@hEMGngW$U=c%i9a#*Cpw$JgR(o6O`)=4~s!hQbe2)2SHM
z)f0{&P;A>A56z3guPkf*hJWja&@Qc-gdmX0jtAHGIhvdieEw>2-G%htMniS$QVuLj
zp=KpsUy%%|NiX-P+$+{aVYOcHEYyIWf==`T%r$0`QUF*D^U5z2qAQFR@jDaW^J}Nh
z>vBtiD9x6^OI0qHld0Mi3ru=%HD#W_E+!2we}q}qY|RfKxJ^>cToW72jGa99ca0@(
z1R>d=`n_M<UcGPM&uvakm99>H#QV^?(Au<Q`P?n}ieu=h4u^qVM6dJxe3x6z{h-=N
zpMCNsjF#xYc~$!X=<ynoPQu~hC8we!GR@WZM_XIN;tW`}Zy|&O!`W(Sk$JVW%9{cF
zKhCT-Ne%HwZ*iC43_*^-SM;bf=$adb*gp|Oq>%t2%xQmglJH4=u7WrDNT}zzNu`#p
ziJWVPj!`Xko3AskUisL9N0e>VY{*9qk4fHQSzyIrJ!_SddR%%%7DZ|q(1U=pC8KN~
zoYP?MZyo%aR@6Lc@M_WX%ie!T`FQBZT=(N@&I4iEA#W`4gRQh{vhXi;X;c049V=$%
zxkfMY*Lw)(ZlyPoJ$uqaeRS^+%#31Y0?26>$Z1bFWHUau^ju+vRP59kG*T2?<vh9;
z^eRZj#Vw8W(n65_s+A0A%AJ1sx-^6ekGq6+a6jn=SNX2-5ynja4)f%|LoQj77WEB{
z$LPswMG>)|h1E7*nFGuy8~yu%mT2i#5n@j!G!>>v=+>aYd;_U<y9*(pmJ+=UXc`%1
zyDS0T1u$hq9kc{ZM=w#6Wo<vw#|d@6h7_veQ9BOG2KR`wV-tm0B9^Z{Yw6q!Ei7Y7
zuczubo3oW3ix0uXKc9pwE;}4e14iotSNC~)X%Me(HZ8Lg8q_~2tGsZ(psVYX7Q~Z%
zGJjW~S1d%>uqk{n@`%{1p&X+(n&s(nw#@Ld)_L>`Sg^dW#%)?aS=YQspei=7eD5jg
zKtMN?ew?4io#ea7a1|!I4@33_d~PuN@m%CVePPM1J;h~=+r3;fb0xDLs*h{DP%k(M
zYXMaXfGR=1NQu5QjeS<i$7Od955vr4(rJn)+H6)Awv>flaQ`T{PZ`C~w@4G*GWx3e
zopWiHmz(R#evO&cgZ`}OD{Ih(y4WB}5+KC^kora{61Z$lJP<IzzJsSkCoBi(o)tYe
z^ftW0LyoVsuJ(a(Rvf)yw#}!llvDz%nc;#9p@##9CE3s=BLoAt_1oNY{N?`m)xd=_
z{Q&~r1c&{}JPoIC%i$b_u+E;RpRLF~EH2cw`;bzejm#tx)zMD^UMGC!+J&wQ?2JlQ
zBTCK7T!A9UF;L9*0<;-p17<f>sUH8HOvbNr$)XnUAv)a5Nt#O-_}l#rcXm6GFe948
z-ds_Es*I*;t3iuUZv55rXen5O+4r6Ow)HdbKm*U6@uMemazQOaa|<`IY{U`dMutX}
zlx2%GC1(@c!)A-ZoN<(|mHq5K*(q`0Ko;(pqN+sl+QZ?*PAux1?goN69DxTq{N~S1
zY(nE=qmC-8yTR*(W7L@YwNXQN=vvAMIgiFPcdSUr38FOwy4Cl%l7#NbU8QvQtXB^R
zP1}_tcwTnK;SlGkaY8g?(S${vwss~Yyt4H8_H{dJziTpU|E^==Tatr$IoL&c!}<x7
zbF@<PIn?<HPFLndGf+$AIUj?;4@!~GwA$nlDuLjo07BQRG6GK&)-Mh^3Ptu>))m)s
zn#BG*YqaE@9_^I<?q*Cj0{Xnzjnp?HwbnVQxr?*6cfN4ZCsF=}%MOAZX$TH}4d9o5
zf*|hBXyEcDVcI->n1e(4C&yV-PGGARvg_97T|ENTJ}j@{bzDzjnUx$VwqjbCI78)|
zmHaNYhJ(on@?d{nkIz>D*yv{ltaG<i4(|I8nP*i5K%2@OZVA(r4`$Q-TW>Vk+_>S^
zP2LPCK29lI+Wi3;Uq8ao<TXhyX(jL*9b*zTbVX^wyBYAg9Mm6x&_M9w@Al#&dn|H6
zBw}6ZZUlG8m&?`x9LP_1+cM~7gUGJzDaEa`;F8~bzwFSz)yQf+aSpzAvjUpoI)nP{
zXt>%N7X;KNa$k{fXAsw0VAw}1b<96KcHeZKqQ=4Bto%c%E3K7TM&OLCkg5IJv@PAR
z$+027?e@{&t`k)HA4k>+xOjXuKX{V+b6?n-;H2Z7Nu2o=k<jVTP@og4^RCV-a@m8K
z!c2HnuAqB=5z`Ku+*s;FzHR2TDqng2m2g9BaGJed{5LRms^xEbnOoC)5&1&I5d?-T
z1<F+vE&2!X*|+dl%c&Ia1UQH_cjI9`)sU~R+4UoidH;vXE<0F(uujK2%0vg3kb1z4
zRgI=!MgdOKVT17W_4Tbg;d|bJKwu~CHE-wbL|G0gtY$-?HUzuUtyZu6RlJl=Mayg*
z4e$JNFT?zO<I0JK-B7Co7s7cY%60=z&IA3P9MOxl^vX>RY<sfUq^0V5X8d50tl^0S
z?uW8t5IqO~XDWz@&myD$9c6M}SxMBNaRgJ6O8w`CxgK&ST*w(w)<cvgi2vy8#V?T2
zLtE~#$$_n4B~4Y<OW7eZlB$f^chDVk-EC6%vEK6+(o>Va&A+<Zq_I{7Gy4?fGed*Y
z5ql3qB48U_F((t?MT3CNCcTU+zJ58eMs(@o`;qGvzjoDa<QqEc213Tx2?aX178$YZ
z#*iKUwMMNtLDOT<26b!OWUY2wJ=x(@gY+&<{Yv_ZvQLKM7=vzNVL|Hq4PlF{jFsG;
z({66m8Y@|WJE$zz-SRwH#}gT>*%giypCQsa6Bsv{<%?AIcP9pgN>lY)Dp=6<P+IRK
zehp;S(&~Q?(Z@8_i|>xXWM8zbzpCmQ3w!gPPmqV)b^m<JA6xyR&)b%tgeJTa;v?Hi
zaB#AXKp=VgdhQG4^pK~+-tTsAIJP*b&AhoM^bQH3_3N(<<#|P@AR964rN44pS4Bfh
zqg6P(N-My$u7Ylf<mhoVG)gkV1{x3O0B3>vc>Ze6mG>QXn<Sq8!dcfx-86`Lk`SK?
zCB?KJXpm@09jpbJ#VA>LTWEJ3!M9D!)=o-YZRa1)?x0R<uTw7$K-v5%q{!uPH1;w3
zH^Az%?`A$PYhY^f`0094lZ<SF4hzLfdxl=24)99dN>q~u>aye#zeLGc)y>3=+mIBo
ze@gNaLfk}zk6#n&=xWW)I0&kj)q^v=-+nq8!k_EUf&4K^xY~ZR=Mh%28(BC|+C6}>
zsT~L9ru3@R{U1lWBGAFL=b4+}&fEJy76_=E`hG}P_WHV}Ip^hd#(EL^E5A4NAT*wT
zEz9X-zFpmIMx-HVro{poB1f$Apo-rHv@HlRF23z_ypMhel`@FqOtW^8Z-9ipn1^=F
z<u25@a8zq}PhY(p6ET^2_g*zDZ{nny%OlA^GMGF`g7O<ab36Lr^CH(GS=HwOlyI}w
z(>51^Np!(J?-Ns4gYoyBzUUvaS7Rw5r?I0G`m<95OE?_RW_49o)_SE~yT_u$?+GPl
zO$nU0GAv5!oO6`#5N&rTN;Zr|y*1Y!OnSMo+rsWjyg>ySf{VnbSCkNc{o+urCieVf
z1*7`@SjQT?{kLtPflBbIzs;fLLiW?j^paU_h+&e<_(dtWB<|fk{$Lz?C-WCC@p&{a
zB+r6o^*ho_Y?x}{kEBgMxm4a5G!woT**iv^b$q~={$MIt>QLYQ6OZM1b{)Uy1zPx~
zZp84X`#IoMHV?Cj#2=waX-l>_-x>jNENC8}l1xPgT^H%0g34?!H20sI`)M#)+ReJx
zZZ_O(dkA)|1Vjd6EA6#x_d0QzxARyEV)8=hSFg|O4QXvQ0);&JMYyE&i-AWLQ8<hb
zZvG0glo+(Ml!7};aNI+F;BNDVZsxLr*D5>AZI&&sw#YL2bbY2xUeWAH;?Dz>)y>XZ
zoBlh4P-Qy5qKI6b-hzO=F00PO4)+w+mmRGErSUi%`Khmv+P|cP80t0>=ttHV8X1Kn
zdReZNnc#XwpEr<pM4rRz*56YqWQ|SZ*4n2}rn+PoRln@K10Tv*TeP%3vV1X}Bmy&|
znPG*npmY|78OeK{4D~-9TfiSKoAysOAbaoV+W5rPx(w%UcX`@m{q#7o>_-egwXIF-
z*VO%KUNO&;uAhHE6e&p<iwX^i!kfpS&E53R#DAoL%t&U|ApEPZnc!`p_x6k#Cs)Mi
z(x+=F8~3k8u5;V&Yuq#T5U!&|E-xZl`#djQ@zyxF>E`5_8k#@sFqv~#xmbQW$L&?1
z<`JX2g99|f43(Y}$HkJnBr*eC5i(U@m<2J)7;(f4vgz`NUfb#OOOsvs0Wya_e}q6(
z#MS+2ZhQp@ONpDEH+4eB;#x6AyGGCE#-5F5Dekd7ouKy+NABDB8=^90O4CgM4`-D!
zb~S!E4(^{6n%f)&Lrzma9Z%?k3^-c#@Ez}G+rpm=zU3%5j<C|sBr(cTXe|xUVvDL<
z8^KF3q+_KH5NzmIFteUg?A4@X=*!PfeIefqGQH1A`>1$NK{GRXumTU~(D^*mm?Rb@
z$B)<c(iJz~?4|Rz-M`U*L2h|zOUWK(Xy+Y#d9KYE993t2zMF8@Izh?#T=Np18kQ#F
za1_*7b*s3A<bA8K{}es#gmBK(=ZId*J1>c|&)#>*opy=2*Bd`4MZ|aalK!}vY_6*o
z;)aaQn2VJVI`_JMB5(%Lb?q_K8U%seC`D1c|Ihi9RH%U(MA#>3sV5zbJdltN-Ye5P
zcG6~fi_|;j)g+@(9ryCU1Qa#3qp><YQN2^4^G(e8rt!J?3PMQ=%OuZi!)3z?imHX0
zlxH4Ei?<;H)yy-S97MK(mO2&S!FS#a9B=wc-HVd};Q^T-&erDmvE+x9F{RS27Byq{
zWm)Clk$8(_6OR5g<e44|2mQ3~uX4-&@`P?Jas2EI^`+1+STEqy7r*#sf$mF_-wJ&J
z-urdyDe->>LJFVO&_e#GudxC^G3z`p1!zK^Wzr2SR>QX~>=RI59u_rdihcI`P!!8A
zSm(ee&Hm~0;eC4r^EqaQi^JfR$MTc_D3hp+6m0-@P^%~7q6RzsI(f%i)THN~(ZrZ8
zbY7aXc5Tsql8I6^OEMz1c;W6UYPW37yP@~+Tn^qmUI0g1b*HqZ@mnRqBXvh}B?($5
z+OUO6Nj9#QZ0cPD%gtmuX84y*W*x_FXL&Jm=Gg4FCnPY0YrdRiCj8(Fk*DNi9i#4f
z2Q%LMX*Au2C5{VLeK4Q`-sy?Z`Le#7_DBu1mg%7;Ga}Y5#T+P6%~SwX?=4;9x)1t3
ze%kjbx=$7_S~NuTW?vq-=l)x%z+)LP&r-=sTSUK5d}i-iHOzvC7ok7uB08}2*~;=u
z?B%g;OAn!fB8s<HzfQl+bn?T+uUZbKL&BtGOlWwECc%A$`6a6rQU8MlrG@fI1)Jq$
z(}6>D)}lP0FCsyDl)`AoYs{VSa#??$xk%cPa9(Y;9pWYlp7%E}E_**WlI>2ut8Z}5
zQwY`cT^J&e&P>A^?tyUU!vjH`2cXl%nKnl|S!2Hk+$cWEEwk!f^0xPZgcWGJ!?(Yg
z9z=GwC`a+K&MicZ#J={d9N@b)Z|QeaMJ7~1;~D$>|JTfw|5Md{|8uS>o-3|f84K6k
zU`Qe*w>rpJo+dI6Q8Gow#7)vsnWALOb5T+cb(_d^30-80G?7~m5|SwKxcIJ9-`DH&
z%jXaH_{}|M@4eQ0uf6s@Yroe@zVg^%{;|};#n@-6F*SVbmB@Bs?s24)s=MI0C{}pY
zjnqkZ$Xl3|{IWAFE&ZBBczZ-qNmtmLCsi#GGS`FbY?keJk84p|QSxst-xVYBU#}KJ
z-dr00F~i@7a-+xr++b?J8_O-AyTTH0{Ml-j*>~p%{U<R(3h&yy-A-Ob5Q;ic7a-au
ztgB3Fc-<r0C*Ku%I*!+yp%>!9%~$St?f*R>qP>N63gwa5$=X#B9XA`TVk%9ou`V6-
zC?2+bOvkKmL!>0Rb1qmo(`B+uc7s;++@YjJle)Q}Ac=gRtbv!omc~6BT$D>9rw6w`
zDTr};)ZBy_W6l4_DEpsb*SeKwFPS0H8eacS59cahI4?{eZa>xg4^YNxZ|nZh0#KVK
zlJzCl)rtlVc$`!Ek?K+LfV|g0Kx@;@FSm^a?WC-#toiwKoYeb-_ChZBn9g+{{ix3(
zYSxbw(Q!0TpAq0Od!Xw2s*WMeXdgjUM0$SEWy$u_C-FVb;{CdU5@OH&uWcy}jH?dX
zuXV9SQ(n?{=4{h}d!oH1r_h|h>B`>Gq&Ar+Ckpg#Rt$tGpndp<#K=;?$<+wlW>kl-
z33$D$t)5?DpTqSz?|sH&cOsf&M;6lfd*_cTjX1?xnhgjPguS$_l(IRJahe?Hj=3E6
zXF306r#Wj%Z{r?*oBPc{x-ut8>r@r<(*1`^?h+(pp~)@C^}5O9;q%C&i)j%q(LS0W
zwc*!*HPxkBH=Ju26RkxJqpufE)OYW%$mpu=GuF|Gbe3>flv9ynjSiK+opWh?`5wLZ
z@r(&MpyfXGsnh&B#8H@gF=h5#_;$0|9!;Re1yAV8&oi7x@^n&isVbhj(J>*}V`Q@>
zOL@L@m7l2Hy<2;4zAu_?N^13%5s41vn0-|2`f_l>FR<&bd;Q*bRuN~mqC63{7Rr+&
z)gpnb<Ml`8w7&5cb4&vgWNu2Mg(~gy+0Xg{BqQbR;tV#2y5zi&J1r^b)^F(a;MQBo
z{+Ug4oOKq)0()nUkT-XKdz8KG{J%&v`HZ}Kd1%Z^#&Mm#27NKt9XTx>!_-6|ye1qn
znm;C1xvRZ4205{RyrzN0%X8V{<5F=faLvA;d%D#d9WQmbX8SvKXAUP-Y<KOPiM0#X
zS15g4x-US(l|tep^Ucushjn;W3(jP|h?oIm{jc+%1QC7u$H-;Ak~jNP=QQn@cdsFy
z%z-VF`;jjqi_1d?%dQ*xe(TgTvs%oR?e&v$i&aHb<<HoCp3obMnPp6ziFxefX0}lL
zrr)bd06BYl$%);<t##mS;M<l8=_VU>w4U_8KF#Th^0v@C>E0)4UOJoH(Z964#CgQ3
zKcsPC^U~lfbr09tAD6ixj2y8niL$Y^_<G&@xrd#P@j5z27#7u{E=iTsl`UjKjx}GL
znbkMx@qr`Ohj?A2IsVD+9R_d4c3^ed=uz=@2`iaWB;6%LxlAf18CwB_V=L`)*^R3g
z)PkzJM+7K(6bJ=B_|QN1{OQq+s6lF69G(RUuE(1FRo%ZIWNY3IaW43)FIpZ;Cj)_z
zqdBSCFm}cA`_Ic>Ww^Qu4BDm48xYDb@5enqi(yzRe1Zn$w1<WtCIu=UEmM`ToX!%r
zH2}R+eZ(!D`VU-`jGLQRW|qTy1%H=QUA+oizgFM&Rrqpz7d8VwK7F|!?P;obz~}b1
zT8Wts{zO|-)>TT;$oc$a!O2CN1P-JxWx8tX>t0$qQI?z0yXEvA>?+Z)IW=Z$S?>)x
zYwF7u%4hgGZ*ot*bAS^E?x3msaf{k;h!M^aBb3;H7ZuLF7>Y4!s~O}R|AG;@(><i<
zSZO|O%Frb!ve6bgyelbY_1%LZZNl}>x8g_T0JcD3b|>c<ve2+N%yZ6~w!n7_0Cbz|
z!<6#lw09^nQ@~EtGZ<G%8ri3-`=YAp!DV8UD;{8`szUd2bP%d-DTsOB{8qRccUZ{n
z{ef$^DV!CBt+V{3q6O(mMw@Lp#a=XK4neL>iw)YF`4!dv8d+18iPwWRiNiE<mVld}
zE6qX{Vg{Nc__l^Hl+z;LwvI-d0wS|&P+n7#WeAmf*H=lS=1zP~ByDXS#IpSwjgVZS
zdcpJ01#36aWQa)ngKZv{KfFTuIz`w+Cc07m*a|Y0@%)H%ABpwE(8h~AJFm#x1Y+>>
zRadyaYQHO;#7$5KH`#MEXlgq>?a2DPHjA^)B9u1}Kzqo_JDn0V(2r2L#j-g%3N%T;
zfi|Wfmx>L)YCrMnxc>z!Y(qT=(!P-sfv1w|v2>CuvLd&G64|we(Im(ftX@HzN(Kd3
zpg{A}3{>Zg0#lVxSv9p&m2LRGmZgw3M#pvldl*O~WOMtw{GIv7-{fcPBr0&^H%-e-
zo)zRaX>J#{1)f!L*WgrbPOsh6zK^WY^_00L{`{iD_Y3!)RLU>ba#|%vp`3dLOXzRm
z*X@a4QBF9&nCELZngwLa_-y_hE=H%_7aHvlr>q3s-WO^gS5!<JdB(!1%NG8`(zk;7
z>|To>DV$`PRHl!LPCvHBY6ua6v$m<M%-q6MqY;tG;}7eqxu*2x4q<j{8J>naF%4Hz
zim)bnEp>h|x8bEFlWKW+luR*U11e?P!d{5QnxAVcG~9(%KzJ*0_(v<_vM_sQwfS(7
zxUIGovW$K<LrR%sqF-rBi!MSa4_AOWZrV&gb#Mz`%AiU}_bp`?8Hx(TNc6J1$aJrL
zqnBndPX-`rz~^e(0=G`rb_J!r7^2Yvzye#f5h?}!<u2ACSromC$oS(ldq)zDMR=BD
z)*jwiONlJH|N7`1vC_37inrS(QUze{!{>%<<oc<pF+@|VdM75RlZ`_HOlP2<i=k90
zQg~9d{)b6LQM#rWMc^sXm%zO~on=%C0A!l>=eJ6PCB}YJi_k=1joF*Wc-8avAtHKP
zHFskxmV-ux@<+RshiYcCe+;!gna0x9VbG}MX*UzHWL9R&{&2^OA&z8`*EaqPc%5>g
zO}9@PX4&k)iPL;0SAwp7%+cHaUp`7I<Qx`%dtsF)@i}e%Hf822u%xzwGCZnq7@3W&
z5T-I#nFlM6XUNTkSu0+-oO!JGwj%8@;p7wR-U(}TSA?qc?=B3(dNvZav|qnlZ{0He
zv6teh@`M+AuD)4cBT8D_Y!M@>L-Yh*R*Io9NyMwlmw6Mlo>^Wk^d4t;m2z5U>mk-+
zD`TpbHCIcbi9ql`@9;Hg2G4Xc>9zus46wvc=a67JY;V9R7s(K6(YS+@`)FWFJF<pd
zsJ2@PgFjn!3%Q7_DftwTjYok^wt0(NPyfN5`*98b2y59QDEEw1(vr~+Bd$vG^eEM~
zg;;*C5V_ntHI$Sfy_p02DP~#;>Y@ZFRc#1)U2^<~Jlq$^vdXhrA5zx*M20Dh=@FIR
ztHP0_Jru$#>xoXwR$>w{d#|)*Axez;8{HYu3&)7?0dBQq4#s$2bQ;CgC4d;-FceF%
zctxv~6{xtnLo$J*LpbQY`by}K3gcv%HgyFph)_N6bd(38%7h4Rif}t3H8tx;|I9Oe
z@mZKM1RD+@W6j7>RABNzvQ>94<%^22MI$vZ&jc{za(-9St5K44!$aLC_PmI2!_uK7
zMNjxkovvLCp5m%ZGPLo!7_LTtmGx~cuD%k`uTw#EUyOyJf&b>=Q*a@Fn6AWnq`mC%
zqzaV+i=g{h)N*ZKg~4%@(g;tl>Yd2^D@vG=y@VI{6Q+<*w*?pUBlWy&KV*%SK!bmd
z=s)b>SYs#*mA|vYb9Y)cstYss2Qfz(2>IOHM#fPY-V2-qm*qX-%~6sH1$q>fIMA$p
z#JBl^3Id*+c?2YDR6$KdT}V(2sVd$@n+A1o6lBS>H+=mCp08fOdK`b5Qs>)wps61C
zf2>4KzTxSo4K7?tQ1>7n_xYo)p!P6Wwy0VKKONgoEOtOiy{>imhGqOi<!~cheK`nX
z2qq7lui_7bvyvo`mx6*P64gYdd^!^uvF(nV2D2!(L@kL6QjCORb5OLve0O^uxIg$j
z*!i~zz9I6K<~J5aPaYQNgSAJ~u7B0yUKgh%5<@@RgTjm8vf7I_IVj40*Fb1AhzEGm
zit;TmYz~aolWw$noknw15>A8v?ElQAWR_F8Eouq);fuc|#!n$QE)oLCmpG2s|3gM>
z>r2$MJcp7o>;QBXYl(P;uLI=V9Z66yYg~=C7GiohUVN^cKSkKaBl}~B5^XK)F6z3h
zk7~nPu|haB>18E{8`!JW`r`N$;fKJemFGY>CJk727}m3sz|dd@`f5^P#D9G7Q^HvY
z9uii=u)#3R6T-hn09thu>)I7g{zVMafoaB8)m_DL7FZUI#$5H0jHt9W-Vsu>!SM^k
zUYP-ka8xt_63RnyZ={&g;=S7-cqg_$?w6+Y|8z{CeByl^UM!XI%TQ^wAfi$chHYq&
zCU$mTL2u|(<iB;AYTyAqCJNJ=qy}L)Vk6LgO{Jt-_VLjZn;s-UpWetu#iBTInnk63
zYxNR_<$>tCXX>uu_~rkIZt^ME>uj(phBXo(cf)Ig5`+TyVH|2>i5A$4+vLF9!XX>B
zEpg}{;E(tCh!NT#6pHO1Cxi)H6=1>vrr((UYW@2ukZ5Q$A0iQ-Q0n)D0hNeA2B=Vg
z9(b<*okj}sf85&&^0YyUlsqJKGY%gSujIo9C8>-ko?)m^@qr0J1;~ZPd9WUn<)2L;
z4=rFbz-3?_w$}&|8SBM*r9v6#?_c~;BCWG{Whh!6+I_VRc&a|y;1XXy^2_F*y!Cn^
z|6uuQwiaZ$;yl1NqXT&j#K4~LTGC`U+-%a|7H4p1$-P{X!MVA|_bn^Jd)!7m)dj4R
z<@fH90~#gKmt(TnN8%a*8w6VfE9nqIdD~#bR6*qZgJZ43ph6tZgOg__H0URBGr8-L
zil5eqJkT3xB4>r^@sIr8&G;do7(WFR!iEvw`bjE+^}r@J6{5)~Yn<TMYqCeSH+C#i
zAD+ki(T!o>yUgSTxUEPM5|eRmBBtkSyL`yNK<0)1<hTt;xhH6OvuR=(<y@mQ;}VSd
zB?DO_#FgddAsg?nWCL$57Ow|!YUR=JRq?tgRx*rMNwAGUxw&4rw_;8j`1OgK$)End
z7V$=AWs&n|Y8?<qlDal~GFxTfE~u0Y*R_<!r_zjgfbrcLq>MCq63O5z*Y!_U*O7QS
zZ&pQNcOy~j{ljqe%}ElnBO?XLd89yN^3CuinGH7I4fqhGeEHMlS*PXswZ~e$CL|SU
zs)+S3#USMz-9~1gMfzmfJCNRn@k8oAjYo^m6-=DkuN7)cvPU3b;D9>*!4*Pk__>wY
ik9^<D-uJ-L^Ol6Di35RmgM20s_%k=L!Af_!#{M5L(_S9{

-- 
2.49.1


From 67f66902581ef69c7219a836e13c38ce269d919c Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 15:02:22 +0100
Subject: [PATCH 05/22] fix: enhance security with stricter Content Security
 Policy and input validation

---
 CHANGELOG.md   |  6 ++++++
 next.config.ts | 17 +++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 18bc44e..732b2cd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 - **Session list now correctly highlights your current session.** The active sessions list in settings now properly identifies which session you're currently using. Previously, the "current session" marker never appeared due to an internal mismatch in how sessions were identified.
 - **Notifications no longer fail to load on sign-in.** The notification bell now loads correctly even when the app is still setting up your workspace context. Previously, it could briefly show an error right after signing in.
 - **Fixed a service worker error on first visit.** Removed leftover icon files with invalid filenames that caused a caching error in the background. This had no visible effect but produced console warnings.
+- **Stronger browser protection with Content Security Policy.** The app now tells your browser exactly which resources it's allowed to load — scripts, styles, images, and API connections are restricted to trusted sources only. This adds an extra layer of defence against cross-site scripting (XSS) attacks.
+- **Tighter cross-origin request handling.** The backend now only accepts requests from known Pulse and Ciphera origins instead of any website. This prevents other sites from making authenticated requests on your behalf.
+- **Stricter environment security checks.** Staging and other non-development deployments now refuse to start if critical secrets haven't been configured, catching configuration mistakes before they reach users.
+- **Billing configuration validated at startup.** Stripe payment keys are now checked when the server starts instead of when a billing request comes in. Misconfigured payment settings surface immediately during deployment rather than silently failing when you try to manage your subscription.
+- **Faster real-time visitor cleanup.** The background process that keeps active visitor counts accurate no longer briefly blocks other operations while scanning for stale sessions. Cleanup now runs incrementally so your dashboard stays responsive at all times.
+- **Stricter input validation on admin pages.** The internal admin panel now validates organisation identifiers before processing requests, preventing malformed data from reaching the database.
 
 ## [0.12.0-alpha] - 2026-03-01
 
diff --git a/next.config.ts b/next.config.ts
index 648d8ee..c111fc8 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -6,6 +6,22 @@ const withPWA = require("@ducanh2912/next-pwa").default({
   disable: process.env.NODE_ENV === "development",
 });
 
+// * CSP directives — restrict resource loading to known origins
+const cspDirectives = [
+  "default-src 'self'",
+  // Next.js requires 'unsafe-inline' for its bootstrap scripts; 'unsafe-eval' only in dev (HMR)
+  `script-src 'self' 'unsafe-inline'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''}`,
+  "style-src 'self' 'unsafe-inline'",
+  "img-src 'self' data: blob: https://www.google.com",
+  "font-src 'self'",
+  `connect-src 'self' https://*.ciphera.net https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
+  "worker-src 'self'",
+  "frame-src 'none'",
+  "object-src 'none'",
+  "base-uri 'self'",
+  "form-action 'self' https://*.ciphera.net",
+].join('; ')
+
 const nextConfig: NextConfig = {
   reactStrictMode: true,
   // * Enable standalone output for production deployment
@@ -41,6 +57,7 @@ const nextConfig: NextConfig = {
             key: 'Strict-Transport-Security',
             value: 'max-age=63072000; includeSubDomains; preload',
           },
+          { key: 'Content-Security-Policy', value: cspDirectives },
         ],
       },
     ]
-- 
2.49.1


From 95920e4724e5c8a9e424b1e8c486f80fcf305636 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 15:18:56 +0100
Subject: [PATCH 06/22] fix: update changelog with Phase 2 audit fixes

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 732b2cd..3d6d634 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 - **Billing configuration validated at startup.** Stripe payment keys are now checked when the server starts instead of when a billing request comes in. Misconfigured payment settings surface immediately during deployment rather than silently failing when you try to manage your subscription.
 - **Faster real-time visitor cleanup.** The background process that keeps active visitor counts accurate no longer briefly blocks other operations while scanning for stale sessions. Cleanup now runs incrementally so your dashboard stays responsive at all times.
 - **Stricter input validation on admin pages.** The internal admin panel now validates organisation identifiers before processing requests, preventing malformed data from reaching the database.
+- **Error messages no longer reveal internal details.** When you submit an invalid form, the error message now says "Invalid request body" instead of exposing internal field names and validation rules. This makes error messages cleaner while keeping your data safer.
+- **Better request cancellation for billing operations.** All billing-related database operations can now be properly cancelled if you navigate away or your connection drops. Previously, some operations would continue running in the background even after you left the page.
+- **More reliable database migrations.** The migration system no longer silently skips partially failed database updates. If an update fails, it stops immediately so the issue can be identified and fixed — rather than marking it as complete and moving on with missing changes.
+- **More resilient event processing.** The background system that processes your analytics events now automatically recovers from unexpected errors instead of silently stopping. If something goes wrong, it restarts itself and continues processing — so you never lose incoming analytics data.
 
 ## [0.12.0-alpha] - 2026-03-01
 
-- 
2.49.1


From c9123832a5cca05f7796ba8f5c0c701bf546ad65 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 15:33:37 +0100
Subject: [PATCH 07/22] fix: fix broken images from CSP, remove dead code,
 upgrade React types

- Add ciphera.net and *.gstatic.com to CSP img-src (fixes app switcher
  icons and site favicons blocked by Content Security Policy)
- Delete 6 unused component/utility files and orphaned test
- Upgrade @types/react and @types/react-dom to v19 (matches React 19 runtime)
- Fix logger test to use vi.stubEnv for React 19 type compatibility
---
 CHANGELOG.md                             |   9 ++
 components/PasswordInput.tsx             | 109 ------------------
 components/WebsiteFooter.tsx             |   0
 components/WorkspaceSwitcher.tsx         | 116 -------------------
 components/dashboard/Countries.tsx       | 140 -----------------------
 components/dashboard/TopPages.tsx        |  51 ---------
 lib/utils/__tests__/errorHandler.test.ts |  95 ---------------
 lib/utils/__tests__/logger.test.ts       |   6 +-
 lib/utils/errorHandler.ts                |  79 -------------
 next.config.ts                           |   6 +-
 package-lock.json                        |  26 ++---
 package.json                             |   4 +-
 12 files changed, 29 insertions(+), 612 deletions(-)
 delete mode 100644 components/PasswordInput.tsx
 delete mode 100644 components/WebsiteFooter.tsx
 delete mode 100644 components/WorkspaceSwitcher.tsx
 delete mode 100644 components/dashboard/Countries.tsx
 delete mode 100644 components/dashboard/TopPages.tsx
 delete mode 100644 lib/utils/__tests__/errorHandler.test.ts
 delete mode 100644 lib/utils/errorHandler.ts

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d6d634..fb52c0a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Fixed
 
+- **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
+- **Safer campaign date handling.** Campaign analytics now use the same date validation as the rest of the app, including checks for invalid ranges and a maximum span of one year. Previously, campaigns used separate date parsing that skipped these checks.
+- **Better crash protection in goals and real-time views.** Fixed an issue where the backend could crash under rare conditions when checking permissions for goals or real-time visitor data. The app now handles unexpected values gracefully instead of crashing.
+- **Full React 19 type coverage.** Upgraded TypeScript type definitions to match the React 19 runtime. Previously, the type definitions lagged behind at React 18, which could hide bugs and miss new React 19 APIs during development.
+
+### Removed
+
+- **Cleaned up unused files.** Removed six leftover component and utility files that were no longer used anywhere in the app, along with dead backend code. This reduces clutter and keeps the codebase easier to navigate.
+
 - **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
 - **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
 - **More reliable billing operations.** Billing actions like changing your plan, cancelling, and viewing invoices now benefit from the same automatic session refresh, request tracing, and error handling as the rest of the app. Previously, these used a separate internal path that could fail silently if your session expired mid-action.
diff --git a/components/PasswordInput.tsx b/components/PasswordInput.tsx
deleted file mode 100644
index a92ef38..0000000
--- a/components/PasswordInput.tsx
+++ /dev/null
@@ -1,109 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-
-interface PasswordInputProps {
-  value: string
-  onChange: (value: string) => void
-  label?: string
-  placeholder?: string
-  error?: string | null
-  disabled?: boolean
-  required?: boolean
-  className?: string
-  id?: string
-  autoComplete?: string
-  minLength?: number
-  onFocus?: () => void
-  onBlur?: () => void
-}
-
-export default function PasswordInput({
-  value,
-  onChange,
-  label = 'Password',
-  placeholder = 'Enter password',
-  error,
-  disabled = false,
-  required = false,
-  className = '',
-  id,
-  autoComplete,
-  minLength,
-  onFocus,
-  onBlur
-}: PasswordInputProps) {
-  const [showPassword, setShowPassword] = useState(false)
-  const inputId = id || 'password-input'
-  const errorId = `${inputId}-error`
-
-  return (
-    <div className={`space-y-1.5 ${className}`}>
-      {label && (
-        <label 
-          htmlFor={inputId}
-          className="block text-sm font-medium text-neutral-700 dark:text-neutral-300"
-        >
-          {label}
-          {required && <span className="text-brand-orange text-xs ml-1">(Required)</span>}
-        </label>
-      )}
-      <div className="relative group">
-        <input
-          id={inputId}
-          type={showPassword ? 'text' : 'password'}
-          value={value}
-          onChange={(e) => onChange(e.target.value)}
-          placeholder={placeholder}
-          disabled={disabled}
-          autoComplete={autoComplete}
-          minLength={minLength}
-          onFocus={onFocus}
-          onBlur={onBlur}
-          aria-invalid={!!error}
-          aria-describedby={error ? errorId : undefined}
-          className={`w-full pl-11 pr-12 py-3 border rounded-lg bg-neutral-50/50 dark:bg-neutral-900/50 focus:bg-white dark:focus:bg-neutral-900 
-            transition-all duration-200 outline-none disabled:opacity-50 disabled:cursor-not-allowed dark:text-white
-            ${error 
-              ? 'border-red-300 dark:border-red-800 focus:border-red-500 focus:ring-4 focus:ring-red-500/10' 
-              : 'border-neutral-200 dark:border-neutral-800 hover:border-brand-orange/50 focus:border-brand-orange focus:ring-4 focus:ring-brand-orange/10'
-            }`}
-        />
-        
-        {/* Lock Icon (Left) */}
-        <div className={`absolute left-3.5 top-1/2 -translate-y-1/2 pointer-events-none transition-colors duration-200
-          ${error ? 'text-red-400' : 'text-neutral-400 dark:text-neutral-500 group-focus-within:text-brand-orange'}`}>
-          <svg aria-hidden="true" className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
-          </svg>
-        </div>
-
-        {/* Toggle Visibility Button (Right) */}
-        <button
-          type="button"
-          onClick={() => setShowPassword(!showPassword)}
-          disabled={disabled}
-          aria-label={showPassword ? "Hide password" : "Show password"}
-          className="absolute right-3 top-1/2 -translate-y-1/2 p-1.5 rounded-lg text-neutral-400 dark:text-neutral-500
-            hover:text-neutral-600 dark:hover:text-neutral-300 hover:bg-neutral-100 dark:hover:bg-neutral-800 transition-all duration-200 focus:outline-none"
-        >
-          {showPassword ? (
-            <svg aria-hidden="true" className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M13.875 18.825A10.05 10.05 0 0112 19c-4.478 0-8.268-2.943-9.543-7a9.97 9.97 0 011.563-3.029m5.858.908a3 3 0 114.243 4.243M9.878 9.878l4.242 4.242M9.88 9.88l-3.29-3.29m7.532 7.532l3.29 3.29M3 3l3.59 3.59m0 0A9.953 9.953 0 0112 5c4.478 0 8.268 2.943 9.543 7a10.025 10.025 0 01-4.132 5.411m0 0L21 21" />
-            </svg>
-          ) : (
-            <svg aria-hidden="true" className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" />
-              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={1.5} d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z" />
-            </svg>
-          )}
-        </button>
-      </div>
-      {error && (
-        <p id={errorId} role="alert" className="text-xs text-red-500 font-medium ml-1">
-          {error}
-        </p>
-      )}
-    </div>
-  )
-}
diff --git a/components/WebsiteFooter.tsx b/components/WebsiteFooter.tsx
deleted file mode 100644
index e69de29..0000000
diff --git a/components/WorkspaceSwitcher.tsx b/components/WorkspaceSwitcher.tsx
deleted file mode 100644
index 6d8ff26..0000000
--- a/components/WorkspaceSwitcher.tsx
+++ /dev/null
@@ -1,116 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { useRouter } from 'next/navigation'
-import { PlusIcon, PersonIcon, CubeIcon, CheckIcon } from '@radix-ui/react-icons'
-import { switchContext, OrganizationMember } from '@/lib/api/organization'
-import { setSessionAction } from '@/app/actions/auth'
-import { logger } from '@/lib/utils/logger'
-import Link from 'next/link'
-
-export default function OrganizationSwitcher({ orgs, activeOrgId }: { orgs: OrganizationMember[], activeOrgId: string | null }) {
-  const router = useRouter()
-  const [switching, setSwitching] = useState<string | null>(null)
-
-  const handleSwitch = async (orgId: string | null) => {
-    setSwitching(orgId || 'personal')
-    try {
-      // * If orgId is null, we can't switch context via API in the same way if strict mode is on
-      // * Pulse doesn't support personal organization context.
-      // * So we should probably NOT show the "Personal" option in Pulse if strict mode is enforced.
-      // * However, to match Drop exactly, we might want to show it but have it fail or redirect?
-      // * Let's assume for now we want to match Drop's UI structure.
-      
-      if (!orgId) {
-          // * Pulse doesn't support personal context. 
-          // * We could redirect to onboarding or show an error.
-          // * For now, let's just return to avoid breaking.
-          return
-      }
-
-      const { access_token } = await switchContext(orgId)
-      
-      // * Update session cookie via server action
-      // * Note: switchContext only returns access_token, we keep existing refresh token
-      await setSessionAction(access_token)
-      
-      sessionStorage.setItem('pulse_switching_org', 'true')
-      window.location.reload()
-      
-    } catch (err) {
-      logger.error('Failed to switch organization', err)
-      setSwitching(null)
-    }
-  }
-
-  return (
-    <div className="border-b border-neutral-100 dark:border-neutral-800 pb-2 mb-2" role="group" aria-label="Organizations">
-      <div className="px-3 py-2 text-xs font-medium text-neutral-500 uppercase tracking-wider" aria-hidden="true">
-        Organizations
-      </div>
-
-      {/* Personal organization - HIDDEN IN PULSE (Strict Mode) */}
-      {/* 
-      <button
-        onClick={() => handleSwitch(null)}
-        className={`w-full flex items-center justify-between px-3 py-2 text-sm rounded-lg transition-colors group ${
-            !activeOrgId ? 'bg-neutral-100 dark:bg-neutral-800' : 'hover:bg-neutral-50 dark:hover:bg-neutral-800/50'
-        }`}
-      >
-        <div className="flex items-center gap-2">
-          <div className="h-5 w-5 rounded bg-neutral-200 dark:bg-neutral-700 flex items-center justify-center">
-            <PersonIcon className="h-3 w-3 text-neutral-500 dark:text-neutral-400" />
-          </div>
-          <span className="text-neutral-700 dark:text-neutral-300">Personal</span>
-        </div>
-        <div className="flex items-center gap-2">
-            {switching === 'personal' && <span className="text-xs text-neutral-400">Loading...</span>}
-            {!activeOrgId && !switching && <CheckIcon className="h-4 w-4 text-neutral-600 dark:text-neutral-400" />}
-        </div>
-      </button>
-      */}
-      
-      {/* Organization list */}
-      {orgs.map((org) => (
-        <button
-          key={org.organization_id}
-          onClick={() => handleSwitch(org.organization_id)}
-          aria-current={activeOrgId === org.organization_id ? 'true' : undefined}
-          aria-busy={switching === org.organization_id ? 'true' : undefined}
-          className={`w-full flex items-center justify-between px-3 py-2 text-sm rounded-lg transition-colors mt-1 ${
-            activeOrgId === org.organization_id ? 'bg-neutral-100 dark:bg-neutral-800' : 'hover:bg-neutral-50 dark:hover:bg-neutral-800/50'
-          }`}
-        >
-          <div className="flex items-center gap-2">
-            <div className="h-5 w-5 rounded bg-blue-100 dark:bg-blue-900/30 flex items-center justify-center">
-              <CubeIcon className="h-3 w-3 text-blue-600 dark:text-blue-400" aria-hidden="true" />
-            </div>
-            <span className="text-neutral-700 dark:text-neutral-300 truncate max-w-[140px]">
-              {org.organization_name}
-            </span>
-          </div>
-          <div className="flex items-center gap-2">
-            {switching === org.organization_id && <span className="text-xs text-neutral-400" aria-live="polite">Switching…</span>}
-            {activeOrgId === org.organization_id && !switching && (
-              <>
-                <CheckIcon className="h-4 w-4 text-neutral-600 dark:text-neutral-400" aria-hidden="true" />
-                <span className="sr-only">(current)</span>
-              </>
-            )}
-          </div>
-        </button>
-      ))}
-
-      {/* Create New */}
-      <Link
-        href="/onboarding"
-        className="w-full flex items-center gap-2 px-3 py-2 text-sm text-neutral-500 hover:text-blue-600 dark:text-neutral-400 dark:hover:text-blue-400 hover:bg-blue-50 dark:hover:bg-blue-900/10 rounded-lg transition-colors mt-1"
-      >
-        <div className="h-5 w-5 rounded border border-dashed border-neutral-300 dark:border-neutral-600 flex items-center justify-center" aria-hidden="true">
-          <PlusIcon className="h-3 w-3" />
-        </div>
-        <span>Create Organization</span>
-      </Link>
-    </div>
-  )
-}
diff --git a/components/dashboard/Countries.tsx b/components/dashboard/Countries.tsx
deleted file mode 100644
index 21688b9..0000000
--- a/components/dashboard/Countries.tsx
+++ /dev/null
@@ -1,140 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { formatNumber } from '@ciphera-net/ui'
-import * as Flags from 'country-flag-icons/react/3x2'
-import WorldMap from './WorldMap'
-import { GlobeIcon } from '@ciphera-net/ui'
-
-interface LocationProps {
-  countries: Array<{ country: string; pageviews: number }>
-  cities: Array<{ city: string; country: string; pageviews: number }>
-}
-
-type Tab = 'countries' | 'cities'
-
-export default function Locations({ countries, cities }: LocationProps) {
-  const [activeTab, setActiveTab] = useState<Tab>('countries')
-
-  const getFlagComponent = (countryCode: string) => {
-    if (!countryCode || countryCode === 'Unknown') return null
-    // * The API returns 2-letter country codes (e.g. US, DE)
-    // * We cast it to the flag component name
-    const FlagComponent = (Flags as Record<string, React.ComponentType<{ className?: string }>>)[countryCode]
-    return FlagComponent ? <FlagComponent className="w-5 h-5 rounded-sm shadow-sm" /> : null
-  }
-
-  const getCountryName = (code: string) => {
-    if (!code || code === 'Unknown') return 'Unknown'
-    try {
-      const regionNames = new Intl.DisplayNames(['en'], { type: 'region' })
-      return regionNames.of(code) || code
-    } catch (e) {
-      return code
-    }
-  }
-
-  const renderContent = () => {
-    if (activeTab === 'countries') {
-      if (!countries || countries.length === 0) {
-        return (
-          <div className="h-full flex flex-col items-center justify-center text-center px-6 py-8 gap-3">
-            <div className="rounded-full bg-neutral-100 dark:bg-neutral-800 p-4">
-              <GlobeIcon className="w-8 h-8 text-neutral-500 dark:text-neutral-400" />
-            </div>
-            <h4 className="font-semibold text-neutral-900 dark:text-white">
-              No location data yet
-            </h4>
-            <p className="text-sm text-neutral-500 dark:text-neutral-400 max-w-xs">
-              Visitor locations will appear here based on anonymous geographic data.
-            </p>
-          </div>
-        )
-      }
-      return (
-        <div className="space-y-4">
-          <WorldMap data={countries} />
-          <div className="space-y-3">
-            {countries.map((country, index) => (
-              <div key={index} className="flex items-center justify-between">
-              <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
-                <span className="shrink-0">{getFlagComponent(country.country)}</span>
-                <span className="truncate">{getCountryName(country.country)}</span>
-              </div>
-              <div className="text-sm font-semibold text-neutral-600 dark:text-neutral-400 ml-4">
-                {formatNumber(country.pageviews)}
-              </div>
-            </div>
-          ))}
-          </div>
-        </div>
-      )
-    }
-
-    if (activeTab === 'cities') {
-      if (!cities || cities.length === 0) {
-        return (
-          <div className="h-full flex flex-col items-center justify-center text-center px-6 py-8 gap-3">
-            <div className="rounded-full bg-neutral-100 dark:bg-neutral-800 p-4">
-              <GlobeIcon className="w-8 h-8 text-neutral-500 dark:text-neutral-400" />
-            </div>
-            <h4 className="font-semibold text-neutral-900 dark:text-white">
-              No city data yet
-            </h4>
-            <p className="text-sm text-neutral-500 dark:text-neutral-400 max-w-xs">
-              City-level visitor data will appear as traffic grows.
-            </p>
-          </div>
-        )
-      }
-      return (
-        <div className="space-y-3">
-          {cities.map((city, index) => (
-            <div key={index} className="flex items-center justify-between">
-              <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
-                <span className="shrink-0">{getFlagComponent(city.country)}</span>
-                <span className="truncate">{city.city === 'Unknown' ? 'Unknown' : city.city}</span>
-              </div>
-              <div className="text-sm font-semibold text-neutral-600 dark:text-neutral-400 ml-4">
-                {formatNumber(city.pageviews)}
-              </div>
-            </div>
-          ))}
-        </div>
-      )
-    }
-  }
-
-  return (
-    <div className="bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 rounded-2xl p-6 h-full">
-      <div className="flex items-center justify-between mb-6">
-        <h3 className="text-lg font-semibold text-neutral-900 dark:text-white">
-          Locations
-        </h3>
-        <div className="flex p-1 bg-neutral-100 dark:bg-neutral-800 rounded-lg">
-          <button
-            onClick={() => setActiveTab('countries')}
-            className={`px-3 py-1 text-xs font-medium rounded-lg transition-colors ${
-              activeTab === 'countries'
-                ? 'bg-white dark:bg-neutral-700 text-neutral-900 dark:text-white shadow-sm'
-                : 'text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white'
-            }`}
-          >
-            Countries
-          </button>
-          <button
-            onClick={() => setActiveTab('cities')}
-            className={`px-3 py-1 text-xs font-medium rounded-lg transition-colors ${
-              activeTab === 'cities'
-                ? 'bg-white dark:bg-neutral-700 text-neutral-900 dark:text-white shadow-sm'
-                : 'text-neutral-600 dark:text-neutral-400 hover:text-neutral-900 dark:hover:text-white'
-            }`}
-          >
-            Cities
-          </button>
-        </div>
-      </div>
-      {renderContent()}
-    </div>
-  )
-}
diff --git a/components/dashboard/TopPages.tsx b/components/dashboard/TopPages.tsx
deleted file mode 100644
index 6976105..0000000
--- a/components/dashboard/TopPages.tsx
+++ /dev/null
@@ -1,51 +0,0 @@
-'use client'
-
-import { formatNumber } from '@ciphera-net/ui'
-import { LayoutDashboardIcon } from '@ciphera-net/ui'
-
-interface TopPagesProps {
-  pages: Array<{ path: string; pageviews: number }>
-}
-
-export default function TopPages({ pages }: TopPagesProps) {
-  if (!pages || pages.length === 0) {
-    return (
-      <div className="bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 rounded-2xl p-6 flex flex-col">
-        <h3 className="text-lg font-semibold mb-4 text-neutral-900 dark:text-white">
-          Top Pages
-        </h3>
-        <div className="flex-1 flex flex-col items-center justify-center text-center px-6 py-8 gap-3">
-          <div className="rounded-full bg-neutral-100 dark:bg-neutral-800 p-4">
-            <LayoutDashboardIcon className="w-8 h-8 text-neutral-500 dark:text-neutral-400" />
-          </div>
-          <h4 className="font-semibold text-neutral-900 dark:text-white">
-            No page data yet
-          </h4>
-          <p className="text-sm text-neutral-500 dark:text-neutral-400 max-w-xs">
-            Your most visited pages will appear here as traffic arrives.
-          </p>
-        </div>
-      </div>
-    )
-  }
-
-  return (
-    <div className="bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 rounded-2xl p-6">
-      <h3 className="text-lg font-semibold mb-4 text-neutral-900 dark:text-white">
-        Top Pages
-      </h3>
-      <div className="space-y-3">
-        {pages.map((page, index) => (
-          <div key={index} className="flex items-center justify-between">
-            <div className="flex-1 truncate text-neutral-900 dark:text-white">
-              {page.path}
-            </div>
-            <div className="text-sm font-semibold text-neutral-600 dark:text-neutral-400 ml-4">
-              {formatNumber(page.pageviews)}
-            </div>
-          </div>
-        ))}
-      </div>
-    </div>
-  )
-}
diff --git a/lib/utils/__tests__/errorHandler.test.ts b/lib/utils/__tests__/errorHandler.test.ts
deleted file mode 100644
index 0e5e4f6..0000000
--- a/lib/utils/__tests__/errorHandler.test.ts
+++ /dev/null
@@ -1,95 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest'
-import {
-  getRequestIdFromError,
-  formatErrorMessage,
-  logErrorWithRequestId,
-  getSupportMessage,
-} from '../errorHandler'
-import { setLastRequestId, clearLastRequestId } from '../requestId'
-
-beforeEach(() => {
-  clearLastRequestId()
-})
-
-describe('getRequestIdFromError', () => {
-  it('extracts request ID from error response body', () => {
-    const errorData = { error: { request_id: 'REQ123_abc' } }
-    expect(getRequestIdFromError(errorData)).toBe('REQ123_abc')
-  })
-
-  it('falls back to last stored request ID when not in response', () => {
-    setLastRequestId('REQfallback_xyz')
-    expect(getRequestIdFromError({ error: {} })).toBe('REQfallback_xyz')
-  })
-
-  it('falls back to last stored request ID when no error data', () => {
-    setLastRequestId('REQfallback_xyz')
-    expect(getRequestIdFromError()).toBe('REQfallback_xyz')
-  })
-
-  it('returns null when no ID available anywhere', () => {
-    expect(getRequestIdFromError()).toBeNull()
-  })
-})
-
-describe('formatErrorMessage', () => {
-  it('returns plain message when no request ID available', () => {
-    expect(formatErrorMessage('Something failed')).toBe('Something failed')
-  })
-
-  it('appends request ID in development mode', () => {
-    const original = process.env.NODE_ENV
-    process.env.NODE_ENV = 'development'
-    setLastRequestId('REQ123_abc')
-
-    const msg = formatErrorMessage('Something failed')
-    expect(msg).toContain('Something failed')
-    expect(msg).toContain('REQ123_abc')
-
-    process.env.NODE_ENV = original
-  })
-
-  it('appends request ID when showRequestId option is set', () => {
-    setLastRequestId('REQ123_abc')
-    const msg = formatErrorMessage('Something failed', undefined, { showRequestId: true })
-    expect(msg).toContain('REQ123_abc')
-  })
-})
-
-describe('logErrorWithRequestId', () => {
-  it('logs with request ID when available', () => {
-    const spy = vi.spyOn(console, 'error').mockImplementation(() => {})
-    setLastRequestId('REQ123_abc')
-
-    logErrorWithRequestId('TestContext', new Error('fail'))
-
-    expect(spy).toHaveBeenCalledWith(
-      expect.stringContaining('REQ123_abc'),
-      expect.any(Error)
-    )
-    spy.mockRestore()
-  })
-
-  it('logs without request ID when not available', () => {
-    const spy = vi.spyOn(console, 'error').mockImplementation(() => {})
-
-    logErrorWithRequestId('TestContext', new Error('fail'))
-
-    expect(spy).toHaveBeenCalledWith('[TestContext]', expect.any(Error))
-    spy.mockRestore()
-  })
-})
-
-describe('getSupportMessage', () => {
-  it('includes request ID when available', () => {
-    const errorData = { error: { request_id: 'REQ123_abc' } }
-    const msg = getSupportMessage(errorData)
-    expect(msg).toContain('REQ123_abc')
-    expect(msg).toContain('contact support')
-  })
-
-  it('returns generic message when no request ID', () => {
-    const msg = getSupportMessage()
-    expect(msg).toBe('If this persists, please contact support.')
-  })
-})
diff --git a/lib/utils/__tests__/logger.test.ts b/lib/utils/__tests__/logger.test.ts
index 4092a63..907b5b9 100644
--- a/lib/utils/__tests__/logger.test.ts
+++ b/lib/utils/__tests__/logger.test.ts
@@ -7,23 +7,25 @@ describe('logger', () => {
 
   it('calls console.error in development', async () => {
     const spy = vi.spyOn(console, 'error').mockImplementation(() => {})
-    process.env.NODE_ENV = 'development'
+    vi.stubEnv('NODE_ENV', 'development')
 
     const { logger } = await import('../logger')
     logger.error('test error')
 
     expect(spy).toHaveBeenCalledWith('test error')
     spy.mockRestore()
+    vi.unstubAllEnvs()
   })
 
   it('calls console.warn in development', async () => {
     const spy = vi.spyOn(console, 'warn').mockImplementation(() => {})
-    process.env.NODE_ENV = 'development'
+    vi.stubEnv('NODE_ENV', 'development')
 
     const { logger } = await import('../logger')
     logger.warn('test warning')
 
     expect(spy).toHaveBeenCalledWith('test warning')
     spy.mockRestore()
+    vi.unstubAllEnvs()
   })
 })
diff --git a/lib/utils/errorHandler.ts b/lib/utils/errorHandler.ts
deleted file mode 100644
index ee4a15b..0000000
--- a/lib/utils/errorHandler.ts
+++ /dev/null
@@ -1,79 +0,0 @@
-/**
- * Error handling utilities with Request ID extraction
- * Helps users report errors with traceable IDs for support
- */
-
-import { getLastRequestId } from './requestId'
-
-interface ApiErrorResponse {
-  error?: {
-    code?: string
-    message?: string
-    details?: unknown
-    request_id?: string
-  }
-}
-
-/**
- * Extract request ID from error response or use last known request ID
- */
-export function getRequestIdFromError(errorData?: ApiErrorResponse): string | null {
-  // * Try to get from error response body
-  if (errorData?.error?.request_id) {
-    return errorData.error.request_id
-  }
-
-  // * Fallback to last request ID stored during API call
-  return getLastRequestId()
-}
-
-/**
- * Format error message for display with optional request ID
- * Shows request ID in development or for specific error types
- */
-export function formatErrorMessage(
-  message: string,
-  errorData?: ApiErrorResponse,
-  options: { showRequestId?: boolean } = {}
-): string {
-  const requestId = getRequestIdFromError(errorData)
-
-  // * Always show request ID in development
-  const isDev = process.env.NODE_ENV === 'development'
-
-  if (requestId && (isDev || options.showRequestId)) {
-    return `${message}\n\nRequest ID: ${requestId}`
-  }
-
-  return message
-}
-
-/**
- * Log error with request ID for debugging
- */
-export function logErrorWithRequestId(
-  context: string,
-  error: unknown,
-  errorData?: ApiErrorResponse
-): void {
-  const requestId = getRequestIdFromError(errorData)
-
-  if (requestId) {
-    console.error(`[${context}] Request ID: ${requestId}`, error)
-  } else {
-    console.error(`[${context}]`, error)
-  }
-}
-
-/**
- * Get support message with request ID for user reports
- */
-export function getSupportMessage(errorData?: ApiErrorResponse): string {
-  const requestId = getRequestIdFromError(errorData)
-
-  if (requestId) {
-    return `If this persists, contact support with Request ID: ${requestId}`
-  }
-
-  return 'If this persists, please contact support.'
-}
diff --git a/next.config.ts b/next.config.ts
index c111fc8..694203d 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -12,7 +12,7 @@ const cspDirectives = [
   // Next.js requires 'unsafe-inline' for its bootstrap scripts; 'unsafe-eval' only in dev (HMR)
   `script-src 'self' 'unsafe-inline'${process.env.NODE_ENV === 'development' ? " 'unsafe-eval'" : ''}`,
   "style-src 'self' 'unsafe-inline'",
-  "img-src 'self' data: blob: https://www.google.com",
+  "img-src 'self' data: blob: https://www.google.com https://*.gstatic.com https://ciphera.net",
   "font-src 'self'",
   `connect-src 'self' https://*.ciphera.net https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
   "worker-src 'self'",
@@ -38,6 +38,10 @@ const nextConfig: NextConfig = {
         hostname: 'www.google.com',
         pathname: '/s2/favicons**',
       },
+      {
+        protocol: 'https',
+        hostname: 'ciphera.net',
+      },
     ],
   },
   async headers() {
diff --git a/package-lock.json b/package-lock.json
index 7e8f495..2803960 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -40,8 +40,8 @@
         "@testing-library/react": "^16.3.2",
         "@types/d3-scale": "^4.0.9",
         "@types/node": "^20.14.12",
-        "@types/react": "^18.3.3",
-        "@types/react-dom": "^18.3.0",
+        "@types/react": "^19.2.14",
+        "@types/react-dom": "^19.2.3",
         "@types/react-simple-maps": "^3.0.6",
         "@vitejs/plugin-react": "^5.1.4",
         "autoprefixer": "^10.4.19",
@@ -4225,12 +4225,6 @@
       "integrity": "sha512-VWDCbrLeVXJM9fihYodcLiIv0ku+AlOa/TQ1SvYOaBuyrSKgEcro95LJyIsJ4vSo6BXIxOKxiJAat04CmST9Fw==",
       "license": "MIT"
     },
-    "node_modules/@types/prop-types": {
-      "version": "15.7.15",
-      "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.15.tgz",
-      "integrity": "sha512-F6bEyamV9jKGAFBEmlQnesRPGOQqS2+Uwi0Em15xenOxHaf2hv6L8YCVn3rPdPJOiJfPiCnLIRyvwVaqMY3MIw==",
-      "license": "MIT"
-    },
     "node_modules/@types/raf": {
       "version": "3.4.3",
       "resolved": "https://registry.npmjs.org/@types/raf/-/raf-3.4.3.tgz",
@@ -4239,25 +4233,24 @@
       "optional": true
     },
     "node_modules/@types/react": {
-      "version": "18.3.28",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.28.tgz",
-      "integrity": "sha512-z9VXpC7MWrhfWipitjNdgCauoMLRdIILQsAEV+ZesIzBq/oUlxk0m3ApZuMFCXdnS4U7KrI+l3WRUEGQ8K1QKw==",
+      "version": "19.2.14",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz",
+      "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@types/prop-types": "*",
         "csstype": "^3.2.2"
       }
     },
     "node_modules/@types/react-dom": {
-      "version": "18.3.7",
-      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.3.7.tgz",
-      "integrity": "sha512-MEe3UeoENYVFXzoXEWsvcpg6ZvlrFNlOQ7EOsvhI3CfAXwzPfO8Qwuxd40nepsYKqyyVQnTdEfv68q91yLcKrQ==",
+      "version": "19.2.3",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.2.3.tgz",
+      "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "peerDependencies": {
-        "@types/react": "^18.0.0"
+        "@types/react": "^19.2.0"
       }
     },
     "node_modules/@types/react-simple-maps": {
@@ -9115,7 +9108,6 @@
       "integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@acemir/cssom": "^0.9.31",
         "@asamuzakjp/dom-selector": "^6.8.1",
diff --git a/package.json b/package.json
index 85611e6..992a20e 100644
--- a/package.json
+++ b/package.json
@@ -50,8 +50,8 @@
     "@testing-library/react": "^16.3.2",
     "@types/d3-scale": "^4.0.9",
     "@types/node": "^20.14.12",
-    "@types/react": "^18.3.3",
-    "@types/react-dom": "^18.3.0",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
     "@types/react-simple-maps": "^3.0.6",
     "@vitejs/plugin-react": "^5.1.4",
     "autoprefixer": "^10.4.19",
-- 
2.49.1


From fba1fd99c2ee47f356eb6b812f0d3c70aa5bfa04 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 15:44:10 +0100
Subject: [PATCH 08/22] fix: add favicon domains to connect-src for service
 worker compatibility

The PWA service worker (workbox) fetches images via the Fetch API, which
is governed by connect-src, not img-src. Add www.google.com, *.gstatic.com,
and ciphera.net to connect-src so favicon and app icon fetches succeed.
---
 next.config.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/next.config.ts b/next.config.ts
index 694203d..25cc58f 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -14,7 +14,7 @@ const cspDirectives = [
   "style-src 'self' 'unsafe-inline'",
   "img-src 'self' data: blob: https://www.google.com https://*.gstatic.com https://ciphera.net",
   "font-src 'self'",
-  `connect-src 'self' https://*.ciphera.net https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
+  `connect-src 'self' https://*.ciphera.net https://ciphera.net https://www.google.com https://*.gstatic.com https://cdn.jsdelivr.net${process.env.NODE_ENV === 'development' ? ' http://localhost:*' : ''}`,
   "worker-src 'self'",
   "frame-src 'none'",
   "object-src 'none'",
-- 
2.49.1


From baceb6e8a8927a26ccacee8d3ac797eabcf14bb4 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 17:51:01 +0100
Subject: [PATCH 09/22] docs: add funnel stats fix to changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fb52c0a..c2362d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Fixed
 
+- **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. The backend was incorrectly rejecting analytics data sent from tracked sites. Your dashboard now receives visits from all registered domains as expected.
+- **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
 - **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
 - **Safer campaign date handling.** Campaign analytics now use the same date validation as the rest of the app, including checks for invalid ranges and a maximum span of one year. Previously, campaigns used separate date parsing that skipped these checks.
 - **Better crash protection in goals and real-time views.** Fixed an issue where the backend could crash under rare conditions when checking permissions for goals or real-time visitor data. The app now handles unexpected values gracefully instead of crashing.
-- 
2.49.1


From 3ecd2abf63001b946477f53467c5bc626648b49c Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 17:55:25 +0100
Subject: [PATCH 10/22] docs: update changelog for event ingestion fix

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c2362d8..1ac6947 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Fixed
 
-- **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. The backend was incorrectly rejecting analytics data sent from tracked sites. Your dashboard now receives visits from all registered domains as expected.
+- **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
 - **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
 - **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
 - **Safer campaign date handling.** Campaign analytics now use the same date validation as the rest of the app, including checks for invalid ranges and a maximum span of one year. Previously, campaigns used separate date parsing that skipped these checks.
-- 
2.49.1


From 67c9bdd3e00927580b402c029860d6466b5cc1e9 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 18:07:22 +0100
Subject: [PATCH 11/22] docs: add realtime rate limit fix to changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ac6947..cde1b25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 ### Fixed
 
 - **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
+- **Real-time visitor count no longer stops updating.** The dashboard's live visitor counter would quickly hit a rate limit and stop refreshing, showing "Site not found" errors. The limit was too low for normal polling, especially with multiple tabs open. It now has enough headroom for typical usage.
 - **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
 - **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
 - **Safer campaign date handling.** Campaign analytics now use the same date validation as the rest of the app, including checks for invalid ranges and a maximum span of one year. Previously, campaigns used separate date parsing that skipped these checks.
-- 
2.49.1


From 8a7076ee1b53e76fde8df3c91d291ee273b2dfb6 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 18:42:14 +0100
Subject: [PATCH 12/22] refactor: migrate dashboard to SWR hooks, eliminate all
 any[] state

Replace 22 manual useState + useEffect + setInterval polling with 11
focused SWR hooks. Removes ~85 lines of polling/visibility logic that
SWR handles natively. All any[] types replaced with proper interfaces
(TopPage, CountryStat, BrowserStat, etc.). Organization state in layout
typed as OrganizationMember[].

Resolves F-7, F-8, F-15 from audit report.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 CHANGELOG.md            |   5 +
 app/layout-content.tsx  |   4 +-
 app/sites/[id]/page.tsx | 355 ++++++++++++++--------------------------
 lib/swr/dashboard.ts    |  25 ++-
 4 files changed, 152 insertions(+), 237 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cde1b25..cfd9f9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ## [Unreleased]
 
+### Improved
+
+- **Faster, smarter dashboard data loading.** Your dashboard now loads each section independently using an intelligent caching strategy. Data refreshes happen automatically in the background, and when you switch tabs the app pauses updates to save resources — resuming instantly when you return. This replaces the previous approach where everything loaded in one large batch, meaning your charts, visitor maps, and stats now appear faster and update more reliably.
+- **Better data accuracy across the dashboard.** All data displayed on the dashboard — pages, locations, devices, referrers, performance metrics, and goals — is now fully typed end-to-end. This eliminates an entire class of potential display bugs where data could be misinterpreted between the server and your screen.
+
 ### Fixed
 
 - **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
diff --git a/app/layout-content.tsx b/app/layout-content.tsx
index be8772c..8ef4acd 100644
--- a/app/layout-content.tsx
+++ b/app/layout-content.tsx
@@ -9,7 +9,7 @@ import { useOnlineStatus } from '@/lib/hooks/useOnlineStatus'
 import Link from 'next/link'
 import { useEffect, useState } from 'react'
 import { logger } from '@/lib/utils/logger'
-import { getUserOrganizations, switchContext } from '@/lib/api/organization'
+import { getUserOrganizations, switchContext, type OrganizationMember } from '@/lib/api/organization'
 import { setSessionAction } from '@/app/actions/auth'
 import { LoadingOverlay } from '@ciphera-net/ui'
 import { useRouter } from 'next/navigation'
@@ -48,7 +48,7 @@ export default function LayoutContent({ children }: { children: React.ReactNode
   const auth = useAuth()
   const router = useRouter()
   const isOnline = useOnlineStatus()
-  const [orgs, setOrgs] = useState<any[]>([])
+  const [orgs, setOrgs] = useState<OrganizationMember[]>([])
   const [isSwitchingOrg, setIsSwitchingOrg] = useState(() => {
     if (typeof window === 'undefined') return false
     return sessionStorage.getItem(ORG_SWITCH_KEY) === 'true'
diff --git a/app/sites/[id]/page.tsx b/app/sites/[id]/page.tsx
index 56f73fd..31ace64 100644
--- a/app/sites/[id]/page.tsx
+++ b/app/sites/[id]/page.tsx
@@ -2,15 +2,13 @@
 
 import { useAuth } from '@/lib/auth/context'
 import { logger } from '@/lib/utils/logger'
-import { useCallback, useEffect, useState, useRef } from 'react'
+import { useEffect, useState, useMemo } from 'react'
 import { useParams, useRouter } from 'next/navigation'
 import { motion } from 'framer-motion'
-import { getSite, type Site } from '@/lib/api/sites'
-import { getStats, getRealtime, getDailyStats, getTopPages, getTopReferrers, getCountries, getCities, getRegions, getBrowsers, getOS, getDevices, getScreenResolutions, getEntryPages, getExitPages, getDashboard, getCampaigns, getPerformanceByPage, type Stats, type DailyStat, type PerformanceByPageStat } from '@/lib/api/stats'
-import { formatNumber, formatDuration, getDateRange } from '@ciphera-net/ui'
+import { getPerformanceByPage, type Stats, type DailyStat } from '@/lib/api/stats'
+import { getDateRange } from '@ciphera-net/ui'
 import { toast } from '@ciphera-net/ui'
-import { getAuthErrorMessage } from '@ciphera-net/ui'
-import { LoadingOverlay, Button } from '@ciphera-net/ui'
+import { Button } from '@ciphera-net/ui'
 import { Select, DatePicker, DownloadIcon } from '@ciphera-net/ui'
 import { DashboardSkeleton, useMinimumLoading } from '@/components/skeletons'
 import ExportModal from '@/components/dashboard/ExportModal'
@@ -22,6 +20,45 @@ import Chart from '@/components/dashboard/Chart'
 import PerformanceStats from '@/components/dashboard/PerformanceStats'
 import GoalStats from '@/components/dashboard/GoalStats'
 import Campaigns from '@/components/dashboard/Campaigns'
+import {
+  useDashboardOverview,
+  useDashboardPages,
+  useDashboardLocations,
+  useDashboardDevices,
+  useDashboardReferrers,
+  useDashboardPerformance,
+  useDashboardGoals,
+  useRealtime,
+  useStats,
+  useDailyStats,
+  useCampaigns,
+} from '@/lib/swr/dashboard'
+
+function loadSavedSettings(): {
+  type?: string
+  dateRange?: { start: string; end: string }
+  todayInterval?: 'minute' | 'hour'
+  multiDayInterval?: 'hour' | 'day'
+} | null {
+  if (typeof window === 'undefined') return null
+  try {
+    const saved = localStorage.getItem('pulse_dashboard_settings')
+    return saved ? JSON.parse(saved) : null
+  } catch {
+    return null
+  }
+}
+
+function getInitialDateRange(): { start: string; end: string } {
+  const settings = loadSavedSettings()
+  if (settings?.type === 'today') {
+    const today = new Date().toISOString().split('T')[0]
+    return { start: today, end: today }
+  }
+  if (settings?.type === '7') return getDateRange(7)
+  if (settings?.type === 'custom' && settings.dateRange) return settings.dateRange
+  return getDateRange(30)
+}
 
 export default function SiteDashboardPage() {
   const { user } = useAuth()
@@ -31,69 +68,75 @@ export default function SiteDashboardPage() {
   const router = useRouter()
   const siteId = params.id as string
 
-  const [site, setSite] = useState<Site | null>(null)
-  const [loading, setLoading] = useState(true)
-  const [stats, setStats] = useState<Stats>({ pageviews: 0, visitors: 0, bounce_rate: 0, avg_duration: 0 })
-  const [prevStats, setPrevStats] = useState<Stats | undefined>(undefined)
-  const [realtime, setRealtime] = useState(0)
-  const [dailyStats, setDailyStats] = useState<DailyStat[]>([])
-  const [prevDailyStats, setPrevDailyStats] = useState<DailyStat[] | undefined>(undefined)
-  const [topPages, setTopPages] = useState<any[]>([])
-  const [entryPages, setEntryPages] = useState<any[]>([])
-  const [exitPages, setExitPages] = useState<any[]>([])
-  const [topReferrers, setTopReferrers] = useState<any[]>([])
-  const [countries, setCountries] = useState<any[]>([])
-  const [cities, setCities] = useState<any[]>([])
-  const [regions, setRegions] = useState<any[]>([])
-  const [browsers, setBrowsers] = useState<any[]>([])
-  const [os, setOS] = useState<any[]>([])
-  const [devices, setDevices] = useState<any[]>([])
-  const [screenResolutions, setScreenResolutions] = useState<any[]>([])
-  const [performance, setPerformance] = useState<{ lcp: number, cls: number, inp: number }>({ lcp: 0, cls: 0, inp: 0 })
-  const [performanceByPage, setPerformanceByPage] = useState<PerformanceByPageStat[] | null>(null)
-  const [goalCounts, setGoalCounts] = useState<Array<{ event_name: string; count: number }>>([])
-  const [campaigns, setCampaigns] = useState<any[]>([])
-  const [dateRange, setDateRange] = useState(getDateRange(30))
+  // UI state - initialized from localStorage synchronously to avoid double-fetch
+  const [dateRange, setDateRange] = useState(getInitialDateRange)
+  const [todayInterval, setTodayInterval] = useState<'minute' | 'hour'>(
+    () => loadSavedSettings()?.todayInterval || 'hour'
+  )
+  const [multiDayInterval, setMultiDayInterval] = useState<'hour' | 'day'>(
+    () => loadSavedSettings()?.multiDayInterval || 'day'
+  )
   const [isDatePickerOpen, setIsDatePickerOpen] = useState(false)
   const [isExportModalOpen, setIsExportModalOpen] = useState(false)
-  const [todayInterval, setTodayInterval] = useState<'minute' | 'hour'>('hour')
-  const [multiDayInterval, setMultiDayInterval] = useState<'hour' | 'day'>('day')
-  const [isSettingsLoaded, setIsSettingsLoaded] = useState(false)
   const [lastUpdatedAt, setLastUpdatedAt] = useState<number | null>(null)
   const [, setTick] = useState(0)
 
-  // Load settings from localStorage
-  useEffect(() => {
-    try {
-      const savedSettings = localStorage.getItem('pulse_dashboard_settings')
-      if (savedSettings) {
-        const settings = JSON.parse(savedSettings)
-        
-        // Restore date range
-        if (settings.type === 'today') {
-          const today = new Date().toISOString().split('T')[0]
-          setDateRange({ start: today, end: today })
-        } else if (settings.type === '7') {
-          setDateRange(getDateRange(7))
-        } else if (settings.type === '30') {
-          setDateRange(getDateRange(30))
-        } else if (settings.type === 'custom' && settings.dateRange) {
-          setDateRange(settings.dateRange)
-        }
+  const interval = dateRange.start === dateRange.end ? todayInterval : multiDayInterval
 
-        // Restore intervals
-        if (settings.todayInterval) setTodayInterval(settings.todayInterval)
-        if (settings.multiDayInterval) setMultiDayInterval(settings.multiDayInterval)
-      }
-    } catch (e) {
-      logger.error('Failed to load dashboard settings', e)
-    } finally {
-      setIsSettingsLoaded(true)
+  // Previous period date range for comparison
+  const prevRange = useMemo(() => {
+    const startDate = new Date(dateRange.start)
+    const endDate = new Date(dateRange.end)
+    const duration = endDate.getTime() - startDate.getTime()
+    if (duration === 0) {
+      const prevEnd = new Date(startDate.getTime() - 24 * 60 * 60 * 1000)
+      return { start: prevEnd.toISOString().split('T')[0], end: prevEnd.toISOString().split('T')[0] }
     }
+    const prevEnd = new Date(startDate.getTime() - 24 * 60 * 60 * 1000)
+    const prevStart = new Date(prevEnd.getTime() - duration)
+    return { start: prevStart.toISOString().split('T')[0], end: prevEnd.toISOString().split('T')[0] }
+  }, [dateRange])
+
+  // SWR hooks - replace manual useState + useEffect + setInterval polling
+  // Each hook handles its own refresh interval, deduplication, and error retry
+  const { data: overview, isLoading: overviewLoading, error: overviewError } = useDashboardOverview(siteId, dateRange.start, dateRange.end, interval)
+  const { data: pages } = useDashboardPages(siteId, dateRange.start, dateRange.end)
+  const { data: locations } = useDashboardLocations(siteId, dateRange.start, dateRange.end)
+  const { data: devicesData } = useDashboardDevices(siteId, dateRange.start, dateRange.end)
+  const { data: referrers } = useDashboardReferrers(siteId, dateRange.start, dateRange.end)
+  const { data: performanceData } = useDashboardPerformance(siteId, dateRange.start, dateRange.end)
+  const { data: goalsData } = useDashboardGoals(siteId, dateRange.start, dateRange.end)
+  const { data: realtimeData } = useRealtime(siteId)
+  const { data: prevStats } = useStats(siteId, prevRange.start, prevRange.end)
+  const { data: prevDailyStats } = useDailyStats(siteId, prevRange.start, prevRange.end, interval)
+  const { data: campaigns } = useCampaigns(siteId, dateRange.start, dateRange.end)
+
+  // Derive typed values from SWR data
+  const site = overview?.site ?? null
+  const stats: Stats = overview?.stats ?? { pageviews: 0, visitors: 0, bounce_rate: 0, avg_duration: 0 }
+  const realtime = realtimeData?.visitors ?? overview?.realtime_visitors ?? 0
+  const dailyStats: DailyStat[] = overview?.daily_stats ?? []
+
+  // Show error toast on fetch failure
+  useEffect(() => {
+    if (overviewError) {
+      toast.error('Failed to load dashboard analytics')
+    }
+  }, [overviewError])
+
+  // Track when data was last updated (for "Live · Xs ago" display)
+  useEffect(() => {
+    if (overview) setLastUpdatedAt(Date.now())
+  }, [overview])
+
+  // Tick every 1s so "Live · Xs ago" counts in real time
+  useEffect(() => {
+    const timer = setInterval(() => setTick((t) => t + 1), 1000)
+    return () => clearInterval(timer)
   }, [])
 
   // Save settings to localStorage
-  const saveSettings = (type: string, newDateRange?: { start: string, end: string }) => {
+  const saveSettings = (type: string, newDateRange?: { start: string; end: string }) => {
     try {
       const settings = {
         type,
@@ -110,9 +153,6 @@ export default function SiteDashboardPage() {
 
   // Save intervals when they change
   useEffect(() => {
-    if (!isSettingsLoaded) return
-    
-    // Determine current type
     let type = 'custom'
     const today = new Date().toISOString().split('T')[0]
     if (dateRange.start === today && dateRange.end === today) type = 'today'
@@ -127,160 +167,13 @@ export default function SiteDashboardPage() {
       lastUpdated: Date.now()
     }
     localStorage.setItem('pulse_dashboard_settings', JSON.stringify(settings))
-  }, [todayInterval, multiDayInterval, isSettingsLoaded]) // dateRange is handled in saveSettings/onChange
-
-  // * Tick every 1s so "Live · Xs ago" counts in real time
-  useEffect(() => {
-    const interval = setInterval(() => setTick((t) => t + 1), 1000)
-    return () => clearInterval(interval)
-  }, [])
-
-  const getPreviousDateRange = useCallback((start: string, end: string) => {
-    const startDate = new Date(start)
-    const endDate = new Date(end)
-    const duration = endDate.getTime() - startDate.getTime()
-    if (duration === 0) {
-      const prevEnd = new Date(startDate.getTime() - 24 * 60 * 60 * 1000)
-      return { start: prevEnd.toISOString().split('T')[0], end: prevEnd.toISOString().split('T')[0] }
-    }
-    const prevEnd = new Date(startDate.getTime() - 24 * 60 * 60 * 1000)
-    const prevStart = new Date(prevEnd.getTime() - duration)
-    return { start: prevStart.toISOString().split('T')[0], end: prevEnd.toISOString().split('T')[0] }
-  }, [])
-
-  // * Visibility-aware polling intervals
-  // * Historical data: 60s when visible, paused when hidden
-  // * Real-time data: 5s when visible, 30s when hidden
-  const [isVisible, setIsVisible] = useState(true)
-  const dashboardIntervalRef = useRef<NodeJS.Timeout | null>(null)
-  const realtimeIntervalRef = useRef<NodeJS.Timeout | null>(null)
-
-  // * Track visibility state
-  useEffect(() => {
-    const handleVisibilityChange = () => {
-      const visible = document.visibilityState === 'visible'
-      setIsVisible(visible)
-    }
-    document.addEventListener('visibilitychange', handleVisibilityChange)
-    return () => document.removeEventListener('visibilitychange', handleVisibilityChange)
-  }, [])
-
-  const loadData = useCallback(async (silent = false) => {
-    try {
-      if (!silent) setLoading(true)
-      const interval = dateRange.start === dateRange.end ? todayInterval : multiDayInterval
-      
-      const [data, prevStatsData, prevDailyStatsData, campaignsData] = await Promise.all([
-        getDashboard(siteId, dateRange.start, dateRange.end, 10, interval),
-        (async () => {
-          const prevRange = getPreviousDateRange(dateRange.start, dateRange.end)
-          return getStats(siteId, prevRange.start, prevRange.end)
-        })(),
-        (async () => {
-          const prevRange = getPreviousDateRange(dateRange.start, dateRange.end)
-          return getDailyStats(siteId, prevRange.start, prevRange.end, interval)
-        })(),
-        getCampaigns(siteId, dateRange.start, dateRange.end, 100),
-      ])
-
-      setSite(data.site)
-      setStats(data.stats || { pageviews: 0, visitors: 0, bounce_rate: 0, avg_duration: 0 })
-      setRealtime(data.realtime_visitors || 0)
-      setDailyStats(Array.isArray(data.daily_stats) ? data.daily_stats : [])
-      
-      setPrevStats(prevStatsData)
-      setPrevDailyStats(prevDailyStatsData)
-
-      setTopPages(Array.isArray(data.top_pages) ? data.top_pages : [])
-      setEntryPages(Array.isArray(data.entry_pages) ? data.entry_pages : [])
-      setExitPages(Array.isArray(data.exit_pages) ? data.exit_pages : [])
-      setTopReferrers(Array.isArray(data.top_referrers) ? data.top_referrers : [])
-      setCountries(Array.isArray(data.countries) ? data.countries : [])
-      setCities(Array.isArray(data.cities) ? data.cities : [])
-      setRegions(Array.isArray(data.regions) ? data.regions : [])
-      setBrowsers(Array.isArray(data.browsers) ? data.browsers : [])
-      setOS(Array.isArray(data.os) ? data.os : [])
-      setDevices(Array.isArray(data.devices) ? data.devices : [])
-      setScreenResolutions(Array.isArray(data.screen_resolutions) ? data.screen_resolutions : [])
-      setPerformance(data.performance || { lcp: 0, cls: 0, inp: 0 })
-      setPerformanceByPage(data.performance_by_page ?? null)
-      setGoalCounts(Array.isArray(data.goal_counts) ? data.goal_counts : [])
-      setCampaigns(Array.isArray(campaignsData) ? campaignsData : [])
-      setLastUpdatedAt(Date.now())
-    } catch (error: unknown) {
-      if (!silent) {
-        toast.error(getAuthErrorMessage(error) || 'Failed to load dashboard analytics')
-      }
-    } finally {
-      if (!silent) setLoading(false)
-    }
-  }, [siteId, dateRange, todayInterval, multiDayInterval])
-
-  const loadRealtime = useCallback(async () => {
-    try {
-      const data = await getRealtime(siteId)
-      setRealtime(data.visitors)
-    } catch (error) {
-      // * Silently fail for realtime updates
-    }
-  }, [siteId])
-
-  // * Visibility-aware polling for dashboard data (historical)
-  // * Refreshes every 60 seconds when tab is visible, pauses when hidden
-  useEffect(() => {
-    if (!isSettingsLoaded) return
-
-    // * Initial load
-    loadData()
-
-    // * Clear existing interval
-    if (dashboardIntervalRef.current) {
-      clearInterval(dashboardIntervalRef.current)
-    }
-
-    // * Only poll when visible (saves server resources when tab is backgrounded)
-    if (isVisible) {
-      dashboardIntervalRef.current = setInterval(() => {
-        loadData(true)
-      }, 60000) // * 60 seconds for historical data
-    }
-
-    return () => {
-      if (dashboardIntervalRef.current) {
-        clearInterval(dashboardIntervalRef.current)
-      }
-    }
-  }, [siteId, dateRange, todayInterval, multiDayInterval, isSettingsLoaded, loadData, isVisible])
-
-  // * Visibility-aware polling for realtime data
-  // * Refreshes every 5 seconds when visible, every 30 seconds when hidden
-  useEffect(() => {
-    if (!isSettingsLoaded) return
-
-    // * Clear existing interval
-    if (realtimeIntervalRef.current) {
-      clearInterval(realtimeIntervalRef.current)
-    }
-
-    // * Different intervals based on visibility
-    const interval = isVisible ? 5000 : 30000 // * 5s visible, 30s hidden
-    
-    realtimeIntervalRef.current = setInterval(() => {
-      loadRealtime()
-    }, interval)
-
-    return () => {
-      if (realtimeIntervalRef.current) {
-        clearInterval(realtimeIntervalRef.current)
-      }
-    }
-  }, [siteId, isSettingsLoaded, loadRealtime, isVisible])
+  }, [todayInterval, multiDayInterval]) // eslint-disable-line react-hooks/exhaustive-deps -- dateRange saved via saveSettings
 
   useEffect(() => {
     if (site?.domain) document.title = `${site.domain} | Pulse`
   }, [site?.domain])
 
-  const showSkeleton = useMinimumLoading(loading)
+  const showSkeleton = useMinimumLoading(overviewLoading)
 
   if (showSkeleton) {
     return <DashboardSkeleton />
@@ -312,7 +205,7 @@ export default function SiteDashboardPage() {
                 {site.domain}
               </p>
             </div>
-            
+
             {/* Realtime Indicator */}
             <button
               onClick={() => router.push(`/sites/${siteId}/realtime`)}
@@ -414,10 +307,10 @@ export default function SiteDashboardPage() {
 
       {/* Advanced Chart with Integrated Stats */}
       <div className="mb-8">
-        <Chart 
-          data={dailyStats} 
+        <Chart
+          data={dailyStats}
           prevData={prevDailyStats}
-          stats={stats} 
+          stats={stats}
           prevStats={prevStats}
           interval={dateRange.start === dateRange.end ? todayInterval : multiDayInterval}
           dateRange={dateRange}
@@ -433,8 +326,8 @@ export default function SiteDashboardPage() {
       {site.enable_performance_insights && (
         <div className="mb-8">
           <PerformanceStats
-            stats={performance}
-            performanceByPage={performanceByPage}
+            stats={performanceData?.performance ?? { lcp: 0, cls: 0, inp: 0 }}
+            performanceByPage={performanceData?.performance_by_page ?? null}
             siteId={siteId}
             startDate={dateRange.start}
             endDate={dateRange.end}
@@ -445,16 +338,16 @@ export default function SiteDashboardPage() {
 
       <div className="grid gap-6 lg:grid-cols-2 mb-8">
         <ContentStats
-          topPages={topPages}
-          entryPages={entryPages}
-          exitPages={exitPages}
+          topPages={pages?.top_pages ?? []}
+          entryPages={pages?.entry_pages ?? []}
+          exitPages={pages?.exit_pages ?? []}
           domain={site.domain}
           collectPagePaths={site.collect_page_paths ?? true}
           siteId={siteId}
           dateRange={dateRange}
         />
         <TopReferrers
-          referrers={topReferrers}
+          referrers={referrers?.top_referrers ?? []}
           collectReferrers={site.collect_referrers ?? true}
           siteId={siteId}
           dateRange={dateRange}
@@ -463,18 +356,18 @@ export default function SiteDashboardPage() {
 
       <div className="grid gap-6 lg:grid-cols-2 mb-8">
         <Locations
-          countries={countries}
-          cities={cities}
-          regions={regions}
+          countries={locations?.countries ?? []}
+          cities={locations?.cities ?? []}
+          regions={locations?.regions ?? []}
           geoDataLevel={site.collect_geo_data || 'full'}
           siteId={siteId}
           dateRange={dateRange}
         />
         <TechSpecs
-          browsers={browsers}
-          os={os}
-          devices={devices}
-          screenResolutions={screenResolutions}
+          browsers={devicesData?.browsers ?? []}
+          os={devicesData?.os ?? []}
+          devices={devicesData?.devices ?? []}
+          screenResolutions={devicesData?.screen_resolutions ?? []}
           collectDeviceInfo={site.collect_device_info ?? true}
           collectScreenResolution={site.collect_screen_resolution ?? true}
           siteId={siteId}
@@ -488,7 +381,7 @@ export default function SiteDashboardPage() {
       </div>
 
       <div className="mb-8">
-        <GoalStats goalCounts={goalCounts} />
+        <GoalStats goalCounts={goalsData?.goal_counts ?? []} />
       </div>
 
       <DatePicker
@@ -507,8 +400,8 @@ export default function SiteDashboardPage() {
         onClose={() => setIsExportModalOpen(false)}
         data={dailyStats}
         stats={stats}
-        topPages={topPages}
-        topReferrers={topReferrers}
+        topPages={pages?.top_pages}
+        topReferrers={referrers?.top_referrers}
         campaigns={campaigns}
       />
     </motion.div>
diff --git a/lib/swr/dashboard.ts b/lib/swr/dashboard.ts
index a81657c..6c55300 100644
--- a/lib/swr/dashboard.ts
+++ b/lib/swr/dashboard.ts
@@ -11,6 +11,7 @@ import {
   getDashboardReferrers,
   getDashboardPerformance,
   getDashboardGoals,
+  getCampaigns,
   getRealtime,
   getStats,
   getDailyStats,
@@ -20,6 +21,7 @@ import type { Site } from '@/lib/api/sites'
 import type {
   Stats,
   DailyStat,
+  CampaignStat,
   DashboardOverviewData,
   DashboardPagesData,
   DashboardLocationsData,
@@ -33,7 +35,7 @@ import type {
 const fetchers = {
   site: (siteId: string) => getSite(siteId),
   dashboard: (siteId: string, start: string, end: string) => getDashboard(siteId, start, end),
-  dashboardOverview: (siteId: string, start: string, end: string) => getDashboardOverview(siteId, start, end),
+  dashboardOverview: (siteId: string, start: string, end: string, interval?: string) => getDashboardOverview(siteId, start, end, interval),
   dashboardPages: (siteId: string, start: string, end: string) => getDashboardPages(siteId, start, end),
   dashboardLocations: (siteId: string, start: string, end: string) => getDashboardLocations(siteId, start, end),
   dashboardDevices: (siteId: string, start: string, end: string) => getDashboardDevices(siteId, start, end),
@@ -44,6 +46,8 @@ const fetchers = {
   dailyStats: (siteId: string, start: string, end: string, interval: 'hour' | 'day' | 'minute') =>
     getDailyStats(siteId, start, end, interval),
   realtime: (siteId: string) => getRealtime(siteId),
+  campaigns: (siteId: string, start: string, end: string, limit: number) =>
+    getCampaigns(siteId, start, end, limit),
 }
 
 // * Standard SWR config for dashboard data
@@ -140,10 +144,10 @@ export function useRealtime(siteId: string, refreshInterval: number = 5000) {
 }
 
 // * Hook for focused dashboard overview data (Fix 4.2: Efficient Data Transfer)
-export function useDashboardOverview(siteId: string, start: string, end: string) {
+export function useDashboardOverview(siteId: string, start: string, end: string, interval?: string) {
   return useSWR<DashboardOverviewData>(
-    siteId && start && end ? ['dashboardOverview', siteId, start, end] : null,
-    () => fetchers.dashboardOverview(siteId, start, end),
+    siteId && start && end ? ['dashboardOverview', siteId, start, end, interval] : null,
+    () => fetchers.dashboardOverview(siteId, start, end, interval),
     {
       ...dashboardSWRConfig,
       refreshInterval: 60 * 1000,
@@ -230,5 +234,18 @@ export function useDashboardGoals(siteId: string, start: string, end: string) {
   )
 }
 
+// * Hook for campaigns data (used by export modal)
+export function useCampaigns(siteId: string, start: string, end: string, limit = 100) {
+  return useSWR<CampaignStat[]>(
+    siteId && start && end ? ['campaigns', siteId, start, end, limit] : null,
+    () => fetchers.campaigns(siteId, start, end, limit),
+    {
+      ...dashboardSWRConfig,
+      refreshInterval: 60 * 1000,
+      dedupingInterval: 10 * 1000,
+    }
+  )
+}
+
 // * Re-export for convenience
 export { fetchers }
-- 
2.49.1


From d7eb10e815e2b29873bd41b6b34577d51e7cdf42 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 19:25:59 +0100
Subject: [PATCH 13/22] docs: update changelog with backend reliability
 improvements

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfd9f9a..0de7297 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 - **Faster, smarter dashboard data loading.** Your dashboard now loads each section independently using an intelligent caching strategy. Data refreshes happen automatically in the background, and when you switch tabs the app pauses updates to save resources — resuming instantly when you return. This replaces the previous approach where everything loaded in one large batch, meaning your charts, visitor maps, and stats now appear faster and update more reliably.
 - **Better data accuracy across the dashboard.** All data displayed on the dashboard — pages, locations, devices, referrers, performance metrics, and goals — is now fully typed end-to-end. This eliminates an entire class of potential display bugs where data could be misinterpreted between the server and your screen.
+- **Improved error visibility and debugging.** When something goes wrong behind the scenes, the backend now logs detailed, structured information about what happened — including exactly which site, page, or operation was affected. This means issues are diagnosed and fixed faster, reducing any downtime or data gaps you might experience.
+- **Clearer error trails across the system.** Every database operation now includes context about what was happening when an error occurred. Instead of vague failures, support can trace problems back to their exact source — so if an issue affects your analytics, it gets identified and resolved much more quickly.
 
 ### Fixed
 
-- 
2.49.1


From 4de4e05ccb544a33def5982987ead213b741509f Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 19:36:38 +0100
Subject: [PATCH 14/22] fix: standardize funnel date format to YYYY-MM-DD and
 update changelog

Funnel stats API now uses start_date/end_date params consistent with
all other endpoints. Removed RFC3339 conversion helper. Added changelog
entries for audit fixes (B-7, B-11, B-23, B-38, B-42).
---
 CHANGELOG.md       |  5 +++++
 lib/api/funnels.ts | 23 +++--------------------
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0de7297..e7f315e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,11 +10,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 - **Faster, smarter dashboard data loading.** Your dashboard now loads each section independently using an intelligent caching strategy. Data refreshes happen automatically in the background, and when you switch tabs the app pauses updates to save resources — resuming instantly when you return. This replaces the previous approach where everything loaded in one large batch, meaning your charts, visitor maps, and stats now appear faster and update more reliably.
 - **Better data accuracy across the dashboard.** All data displayed on the dashboard — pages, locations, devices, referrers, performance metrics, and goals — is now fully typed end-to-end. This eliminates an entire class of potential display bugs where data could be misinterpreted between the server and your screen.
+- **Dashboard stays fast under heavy traffic.** When many users view their dashboards at the same time, the backend now limits how many data queries run in parallel so it doesn't overwhelm the database. If you navigate away while the dashboard is loading, queries are cancelled immediately instead of continuing to run in the background.
 - **Improved error visibility and debugging.** When something goes wrong behind the scenes, the backend now logs detailed, structured information about what happened — including exactly which site, page, or operation was affected. This means issues are diagnosed and fixed faster, reducing any downtime or data gaps you might experience.
 - **Clearer error trails across the system.** Every database operation now includes context about what was happening when an error occurred. Instead of vague failures, support can trace problems back to their exact source — so if an issue affects your analytics, it gets identified and resolved much more quickly.
+- **Clearer rate limiting for analytics tracking.** When your tracking script sends too many events from the same session, Pulse now tells the script explicitly that the request was rejected. Previously, these events were silently accepted but never recorded, which could make your visitor counts look lower than expected without any visible explanation.
+- **Earlier detection of configuration problems.** The server now checks your email and internal integration settings at startup and warns you immediately if anything looks incomplete. Previously, you might not discover a misconfigured email setting until a billing alert or uptime notification failed to send.
 
 ### Fixed
 
+- **Consistent date handling across all analytics.** Funnel analytics now use the same date format (`YYYY-MM-DD`) as every other part of Pulse. Previously, funnels required a different, more technical date format, which meant date range pickers and bookmarked links didn't always work correctly between funnels and the rest of the dashboard.
+
 - **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
 - **Real-time visitor count no longer stops updating.** The dashboard's live visitor counter would quickly hit a rate limit and stop refreshing, showing "Site not found" errors. The limit was too low for normal polling, especially with multiple tabs open. It now has enough headroom for typical usage.
 - **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
diff --git a/lib/api/funnels.ts b/lib/api/funnels.ts
index d28eb6b..f5e2d51 100644
--- a/lib/api/funnels.ts
+++ b/lib/api/funnels.ts
@@ -64,27 +64,10 @@ export async function deleteFunnel(siteId: string, funnelId: string): Promise<vo
   })
 }
 
-const DATE_ONLY_REGEX = /^\d{4}-\d{2}-\d{2}$/
-
-/** Normalize date-only (YYYY-MM-DD) to RFC3339 for backend funnel stats API. Uses UTC for boundaries (API/server timestamps are UTC). */
-function toRFC3339Range(from: string, to: string): { from: string; to: string } {
-  return {
-    from: DATE_ONLY_REGEX.test(from) ? `${from}T00:00:00.000Z` : from,
-    to: DATE_ONLY_REGEX.test(to) ? `${to}T23:59:59.999Z` : to,
-  }
-}
-
-export async function getFunnelStats(siteId: string, funnelId: string, from?: string, to?: string): Promise<FunnelStats> {
+export async function getFunnelStats(siteId: string, funnelId: string, startDate?: string, endDate?: string): Promise<FunnelStats> {
   const params = new URLSearchParams()
-  if (from && to) {
-    const { from: fromRfc, to: toRfc } = toRFC3339Range(from, to)
-    params.append('from', fromRfc)
-    params.append('to', toRfc)
-  } else if (from) {
-    params.append('from', DATE_ONLY_REGEX.test(from) ? `${from}T00:00:00.000Z` : from)
-  } else if (to) {
-    params.append('to', DATE_ONLY_REGEX.test(to) ? `${to}T23:59:59.999Z` : to)
-  }
+  if (startDate) params.append('start_date', startDate)
+  if (endDate) params.append('end_date', endDate)
   const queryString = params.toString() ? `?${params.toString()}` : ''
   return apiRequest<FunnelStats>(`/sites/${siteId}/funnels/${funnelId}/stats${queryString}`)
 }
-- 
2.49.1


From dfa887147a06867508df84c27977a098534e740b Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 19:56:14 +0100
Subject: [PATCH 15/22] fix: stabilize auth context effect deps and batch
 uptime cleanup

Extract stable primitives (isAuthenticated, userOrgId) from user object
for the checkOrg effect dependency array to prevent unnecessary re-runs
on every render. Batch uptime cleanup deletion (1000 rows/batch) to
avoid lock contention and WAL bloat.
---
 CHANGELOG.md         |  7 +++++++
 lib/auth/context.tsx | 11 ++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e7f315e..ac10641 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Improved
 
+- **Smoother navigation across the app.** Switching pages, changing organizations, or signing in no longer triggers unnecessary background checks. Previously, an internal effect re-ran on every navigation because it watched the entire user object for changes — now it only reacts when your authentication state or organization actually changes. This makes page transitions faster and reduces redundant network requests.
+- **Faster uptime data cleanup under heavy usage.** Old uptime check records are now removed in small batches instead of all at once. Previously, a single large deletion could briefly slow down database performance when months of monitoring data had accumulated. Cleanup now runs incrementally so your dashboard stays responsive throughout.
+- **More reliable automated testing.** Backend tests that verify authentication and billing no longer rely on a fragile internal shortcut that could mask real bugs. If a code change accidentally reaches the database during a test, it now fails gracefully with a clear error instead of crashing silently.
+- **Database queries are now verified automatically before every release.** A new step in our release process runs all database operations against a real PostgreSQL database — including applying all schema migrations — so we catch query errors, missing columns, and data-access bugs before they reach production.
+- **Safer database schema changes.** The large migration that restructured how your analytics data is stored now has a documented rollback procedure. If anything goes wrong during a database upgrade, we can revert cleanly instead of requiring manual intervention.
+- **Easier setup for new developers.** Building and testing Pulse no longer requires a specific directory layout on your machine. All builds use a pre-packaged snapshot of dependencies, so you can clone the project and start working immediately without extra setup steps.
+
 - **Faster, smarter dashboard data loading.** Your dashboard now loads each section independently using an intelligent caching strategy. Data refreshes happen automatically in the background, and when you switch tabs the app pauses updates to save resources — resuming instantly when you return. This replaces the previous approach where everything loaded in one large batch, meaning your charts, visitor maps, and stats now appear faster and update more reliably.
 - **Better data accuracy across the dashboard.** All data displayed on the dashboard — pages, locations, devices, referrers, performance metrics, and goals — is now fully typed end-to-end. This eliminates an entire class of potential display bugs where data could be misinterpreted between the server and your screen.
 - **Dashboard stays fast under heavy traffic.** When many users view their dashboards at the same time, the backend now limits how many data queries run in parallel so it doesn't overwhelm the database. If you navigate away while the dashboard is loading, queries are cancelled immediately instead of continuing to run in the background.
diff --git a/lib/auth/context.tsx b/lib/auth/context.tsx
index 1ebc65d..95f8b39 100644
--- a/lib/auth/context.tsx
+++ b/lib/auth/context.tsx
@@ -187,10 +187,15 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
     },
   })
 
+  // * Stable primitives for the effect dependency array — avoids re-running
+  // * on every render when the `user` object reference changes.
+  const isAuthenticated = !!user
+  const userOrgId = user?.org_id
+
   // * Organization Wall & Auto-Switch
   useEffect(() => {
     const checkOrg = async () => {
-      if (!loading && user) {
+      if (!loading && isAuthenticated) {
         if (pathname?.startsWith('/onboarding')) return
         if (pathname?.startsWith('/auth/callback')) return
 
@@ -204,7 +209,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
           }
 
           // * If user has organizations but no context (org_id), switch to the first one
-          if (!user.org_id && organizations.length > 0) {
+          if (!userOrgId && organizations.length > 0) {
              const firstOrg = organizations[0]
              
              try {
@@ -235,7 +240,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
     }
     
     checkOrg()
-  }, [loading, user, pathname, router])
+  }, [loading, isAuthenticated, userOrgId, pathname, router])
 
   return (
     <AuthContext.Provider value={{ user, loading, login, logout, refresh, refreshSession }}>
-- 
2.49.1


From b7426d6128d304539b030ce5d4ddc271d75ff7d7 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 21:02:28 +0100
Subject: [PATCH 16/22] fix: login loading overlay, deduplicate getCookieDomain
 (F-18, F-11)

- Login page shows LoadingOverlay during redirect instead of blank screen
- Extract getCookieDomain() to shared lib/utils/cookies.ts
---
 CHANGELOG.md                  |  6 ++++++
 app/actions/auth.ts           | 11 +----------
 app/api/auth/refresh/route.ts |  9 +--------
 app/login/page.tsx            |  8 +++++++-
 lib/utils/cookies.ts          |  9 +++++++++
 5 files changed, 24 insertions(+), 19 deletions(-)
 create mode 100644 lib/utils/cookies.ts

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac10641..c144112 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Improved
 
+- **Login page now shows a loading screen while redirecting.** Previously, the login page briefly showed a blank white screen before redirecting you to the sign-in page. You'll now see the Pulse logo and a "Redirecting to log in..." message, matching the signup page experience.
+- **Team members can now view real-time visitor data.** Previously, only the person who originally created a site could see live visitors and session details. Now any team member in the same organization can access real-time data for all their shared sites — the same way the rest of the dashboard already works.
+- **More reliable duplicate detection for goals.** When creating or updating a goal with a name that already exists, Pulse now uses the database's built-in error codes instead of checking error message text. This means duplicate goal detection works reliably regardless of database version or language settings.
+- **More consistent builds across environments.** The backend Docker image now uses a pinned operating system version instead of "latest," so builds produce identical results whether run today or months from now.
+- **Cleaner internal code for cookie handling.** Cookie domain logic that was duplicated in two places is now shared, reducing the chance of the two copies drifting out of sync during future changes.
+
 - **Smoother navigation across the app.** Switching pages, changing organizations, or signing in no longer triggers unnecessary background checks. Previously, an internal effect re-ran on every navigation because it watched the entire user object for changes — now it only reacts when your authentication state or organization actually changes. This makes page transitions faster and reduces redundant network requests.
 - **Faster uptime data cleanup under heavy usage.** Old uptime check records are now removed in small batches instead of all at once. Previously, a single large deletion could briefly slow down database performance when months of monitoring data had accumulated. Cleanup now runs incrementally so your dashboard stays responsive throughout.
 - **More reliable automated testing.** Backend tests that verify authentication and billing no longer rely on a fragile internal shortcut that could mask real bugs. If a code change accidentally reaches the database during a test, it now fails gracefully with a clear error instead of crashing silently.
diff --git a/app/actions/auth.ts b/app/actions/auth.ts
index c412103..94d4f65 100644
--- a/app/actions/auth.ts
+++ b/app/actions/auth.ts
@@ -2,19 +2,10 @@
 
 import { cookies } from 'next/headers'
 import { logger } from '@/lib/utils/logger'
+import { getCookieDomain } from '@/lib/utils/cookies'
 
 const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081'
 
-// * Determine cookie domain dynamically
-// * In production (on ciphera.net), we want to share cookies with subdomains (e.g. pulse-api.ciphera.net)
-// * In local dev (localhost), we don't set a domain
-const getCookieDomain = () => {
-  if (process.env.NODE_ENV === 'production') {
-    return '.ciphera.net'
-  }
-  return undefined
-}
-
 interface AuthResponse {
   access_token: string
   refresh_token: string
diff --git a/app/api/auth/refresh/route.ts b/app/api/auth/refresh/route.ts
index 1731599..edcf5ee 100644
--- a/app/api/auth/refresh/route.ts
+++ b/app/api/auth/refresh/route.ts
@@ -1,16 +1,9 @@
 import { cookies } from 'next/headers'
 import { NextResponse } from 'next/server'
+import { getCookieDomain } from '@/lib/utils/cookies'
 
 const AUTH_API_URL = process.env.NEXT_PUBLIC_AUTH_API_URL || process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:8081'
 
-// * Determine cookie domain dynamically
-const getCookieDomain = () => {
-  if (process.env.NODE_ENV === 'production') {
-    return '.ciphera.net'
-  }
-  return undefined
-}
-
 export async function POST() {
   const cookieStore = await cookies()
   const refreshToken = cookieStore.get('refresh_token')?.value
diff --git a/app/login/page.tsx b/app/login/page.tsx
index 9ce43fe..57685df 100644
--- a/app/login/page.tsx
+++ b/app/login/page.tsx
@@ -2,6 +2,7 @@
 
 import { useEffect } from 'react'
 import { initiateOAuthFlow } from '@/lib/api/oauth'
+import { LoadingOverlay } from '@ciphera-net/ui'
 
 export default function LoginPage() {
   useEffect(() => {
@@ -9,5 +10,10 @@ export default function LoginPage() {
     initiateOAuthFlow()
   }, [])
 
-  return null
+  return (
+    <LoadingOverlay
+      logoSrc="/pulse_icon_no_margins.png"
+      title="Redirecting to log in..."
+    />
+  )
 }
diff --git a/lib/utils/cookies.ts b/lib/utils/cookies.ts
new file mode 100644
index 0000000..c06ea4c
--- /dev/null
+++ b/lib/utils/cookies.ts
@@ -0,0 +1,9 @@
+// * Determine cookie domain dynamically.
+// * In production (on ciphera.net), we share cookies across subdomains.
+// * In local dev (localhost), we don't set a domain.
+export const getCookieDomain = (): string | undefined => {
+  if (process.env.NODE_ENV === 'production') {
+    return '.ciphera.net'
+  }
+  return undefined
+}
-- 
2.49.1


From 501932849b1bbc977395e3fcaaee7d4d1687b1c1 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 21:09:10 +0100
Subject: [PATCH 17/22] fix: ESM import for next-pwa, changelog updates (F-5)

- Convert require() to ESM import in next.config.ts
- Remove skipWaiting (defaults to true in Workbox)
---
 CHANGELOG.md   | 3 +++
 next.config.ts | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c144112..b5e4273 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Improved
 
+- **Modern config loading for the app.** The app's configuration file now uses proper ES module imports instead of an older CommonJS pattern. This aligns with modern JavaScript standards and enables better tooling support.
+- **Complete API documentation in the backend README.** The developer documentation now lists all 80+ endpoints organized by category — ingestion, public dashboard, sites, analytics, real-time, goals, funnels, uptime, billing, notifications, admin, and audit. Previously only 12 endpoints were documented, which understated the full scope of the system.
 - **Login page now shows a loading screen while redirecting.** Previously, the login page briefly showed a blank white screen before redirecting you to the sign-in page. You'll now see the Pulse logo and a "Redirecting to log in..." message, matching the signup page experience.
 - **Team members can now view real-time visitor data.** Previously, only the person who originally created a site could see live visitors and session details. Now any team member in the same organization can access real-time data for all their shared sites — the same way the rest of the dashboard already works.
 - **More reliable duplicate detection for goals.** When creating or updating a goal with a name that already exists, Pulse now uses the database's built-in error codes instead of checking error message text. This means duplicate goal detection works reliably regardless of database version or language settings.
@@ -44,6 +46,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 ### Removed
 
 - **Cleaned up unused files.** Removed six leftover component and utility files that were no longer used anywhere in the app, along with dead backend code. This reduces clutter and keeps the codebase easier to navigate.
+- **Removed unused backend code.** Deleted an old CORS middleware that was never wired up, and an 80-line legacy funnel query that had been superseded by a faster implementation. Less code means fewer things to maintain and audit.
 
 - **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
 - **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
diff --git a/next.config.ts b/next.config.ts
index 25cc58f..a8ec28d 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,10 +1,11 @@
 import type { NextConfig } from 'next'
-const withPWA = require("@ducanh2912/next-pwa").default({
+import withPWAInit from "@ducanh2912/next-pwa"
+
+const withPWA = withPWAInit({
   dest: "public",
   register: true,
-  skipWaiting: true,
   disable: process.env.NODE_ENV === "development",
-});
+})
 
 // * CSP directives — restrict resource loading to known origins
 const cspDirectives = [
-- 
2.49.1


From fd1386b80d90a78131e50ee1e93423a34e143852 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 21:15:09 +0100
Subject: [PATCH 18/22] fix: replace index-based React keys with stable data
 keys (F-9)

Use page paths, referrer URLs, item names, and composite location
keys instead of array indices. Prevents stale-row glitches when
lists are filtered or reordered.
---
 CHANGELOG.md                               | 3 +++
 app/faq/page.tsx                           | 2 +-
 app/page.tsx                               | 6 +++---
 app/sites/[id]/funnels/[funnelId]/page.tsx | 2 +-
 app/sites/[id]/funnels/new/page.tsx        | 2 +-
 app/sites/[id]/funnels/page.tsx            | 2 +-
 components/dashboard/ContentStats.tsx      | 8 ++++----
 components/dashboard/Locations.tsx         | 8 ++++----
 components/dashboard/TechSpecs.tsx         | 8 ++++----
 components/dashboard/TopReferrers.tsx      | 8 ++++----
 10 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b5e4273..6f0f103 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Improved
 
+- **More reliable list rendering across the dashboard.** Pages, referrers, locations, devices, funnels, and other data lists now use stable identifiers (like page paths and referrer URLs) instead of array positions as their React keys. This prevents potential display glitches — such as stale data appearing in the wrong row — when lists are filtered, sorted, or updated in real time.
+- **Deleting a site now fully cleans up all its data.** Previously, deleting a site removed the site record but could leave behind orphaned analytics events in the database, slowly accumulating unused data. Now all events are cleaned up automatically in small batches before the site is removed, keeping your database tidy.
+
 - **Modern config loading for the app.** The app's configuration file now uses proper ES module imports instead of an older CommonJS pattern. This aligns with modern JavaScript standards and enables better tooling support.
 - **Complete API documentation in the backend README.** The developer documentation now lists all 80+ endpoints organized by category — ingestion, public dashboard, sites, analytics, real-time, goals, funnels, uptime, billing, notifications, admin, and audit. Previously only 12 endpoints were documented, which understated the full scope of the system.
 - **Login page now shows a loading screen while redirecting.** Previously, the login page briefly showed a blank white screen before redirecting you to the sign-in page. You'll now see the Pulse logo and a "Redirecting to log in..." message, matching the signup page experience.
diff --git a/app/faq/page.tsx b/app/faq/page.tsx
index f7f574b..51393f8 100644
--- a/app/faq/page.tsx
+++ b/app/faq/page.tsx
@@ -114,7 +114,7 @@ export default function FAQPage() {
 
         <div className="max-w-3xl mx-auto">
           {faqs.map((faq, index) => (
-            <FAQItem key={index} faq={faq} index={index} />
+            <FAQItem key={faq.question} faq={faq} index={index} />
           ))}
         </div>
 
diff --git a/app/page.tsx b/app/page.tsx
index 8ea1c77..7ec8850 100644
--- a/app/page.tsx
+++ b/app/page.tsx
@@ -78,8 +78,8 @@ function ComparisonSection() {
               { feature: "GDPR Compliant", pulse: true, ga: "Complex" },
               { feature: "Script Size", pulse: "< 1 KB", ga: "45 KB+" },
               { feature: "Data Ownership", pulse: "Yours", ga: "Google's" },
-            ].map((row, i) => (
-              <tr key={i} className="hover:bg-neutral-50/50 dark:hover:bg-neutral-800/50 transition-colors">
+            ].map((row) => (
+              <tr key={row.feature} className="hover:bg-neutral-50/50 dark:hover:bg-neutral-800/50 transition-colors">
                 <td className="p-6 text-neutral-900 dark:text-white font-medium">{row.feature}</td>
                 <td className="p-6">
                   {row.pulse === true ? (
@@ -303,7 +303,7 @@ export default function HomePage() {
               { icon: ZapIcon, title: "Lightweight", desc: "Our script is less than 1kb. It won't slow down your site or affect your SEO." }
             ].map((feature, i) => (
               <motion.div
-                key={i}
+                key={feature.title}
                 initial={{ opacity: 0, y: 20 }}
                 whileInView={{ opacity: 1, y: 0 }}
                 viewport={{ once: true }}
diff --git a/app/sites/[id]/funnels/[funnelId]/page.tsx b/app/sites/[id]/funnels/[funnelId]/page.tsx
index 4b7c0bc..2dfd50d 100644
--- a/app/sites/[id]/funnels/[funnelId]/page.tsx
+++ b/app/sites/[id]/funnels/[funnelId]/page.tsx
@@ -278,7 +278,7 @@ export default function FunnelReportPage() {
               </thead>
               <tbody className="divide-y divide-neutral-200 dark:divide-neutral-800">
                 {stats.steps.map((step, i) => (
-                  <tr key={i} className="hover:bg-neutral-50 dark:hover:bg-neutral-800/30 transition-colors">
+                  <tr key={step.step.name} className="hover:bg-neutral-50 dark:hover:bg-neutral-800/30 transition-colors">
                     <td className="px-6 py-4">
                       <div className="flex items-center gap-3">
                         <span className="w-6 h-6 rounded-full bg-neutral-100 dark:bg-neutral-800 flex items-center justify-center text-xs font-medium text-neutral-600 dark:text-neutral-400">
diff --git a/app/sites/[id]/funnels/new/page.tsx b/app/sites/[id]/funnels/new/page.tsx
index 74f2fa0..ecf7b1f 100644
--- a/app/sites/[id]/funnels/new/page.tsx
+++ b/app/sites/[id]/funnels/new/page.tsx
@@ -149,7 +149,7 @@ export default function CreateFunnelPage() {
           </div>
 
           {steps.map((step, index) => (
-            <div key={index} className="bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 rounded-2xl p-4">
+            <div key={`step-${index}`} className="bg-white dark:bg-neutral-900 border border-neutral-200 dark:border-neutral-800 rounded-2xl p-4">
               <div className="flex items-start gap-4">
                 <div className="mt-3 text-neutral-400">
                   <div className="w-6 h-6 rounded-full bg-neutral-100 dark:bg-neutral-800 flex items-center justify-center text-sm font-medium text-neutral-600 dark:text-neutral-400">
diff --git a/app/sites/[id]/funnels/page.tsx b/app/sites/[id]/funnels/page.tsx
index a7b5726..2b565c4 100644
--- a/app/sites/[id]/funnels/page.tsx
+++ b/app/sites/[id]/funnels/page.tsx
@@ -117,7 +117,7 @@ export default function FunnelsPage() {
                       )}
                       <div className="flex items-center gap-2 mt-4">
                         {funnel.steps.map((step, i) => (
-                          <div key={i} className="flex items-center text-sm text-neutral-500">
+                          <div key={step.name} className="flex items-center text-sm text-neutral-500">
                             <span className="px-2 py-1 bg-neutral-100 dark:bg-neutral-800 rounded-lg text-neutral-700 dark:text-neutral-300">
                               {step.name}
                             </span>
diff --git a/components/dashboard/ContentStats.tsx b/components/dashboard/ContentStats.tsx
index 7f2e956..d2eeea7 100644
--- a/components/dashboard/ContentStats.tsx
+++ b/components/dashboard/ContentStats.tsx
@@ -132,8 +132,8 @@ export default function ContentStats({ topPages, entryPages, exitPages, domain,
             </div>
           ) : hasData ? (
             <>
-              {displayedData.map((page, index) => (
-                <div key={index} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+              {displayedData.map((page) => (
+                <div key={page.path} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                   <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center">
                     <a
                       href={`https://${domain.replace(/^https?:\/\//, '')}${page.path}`}
@@ -181,8 +181,8 @@ export default function ContentStats({ topPages, entryPages, exitPages, domain,
               <ListSkeleton rows={10} />
             </div>
           ) : (
-            (fullData.length > 0 ? fullData : data).map((page, index) => (
-              <div key={index} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+            (fullData.length > 0 ? fullData : data).map((page) => (
+              <div key={page.path} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                 <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center">
                   <a
                     href={`https://${domain.replace(/^https?:\/\//, '')}${page.path}`}
diff --git a/components/dashboard/Locations.tsx b/components/dashboard/Locations.tsx
index cb71101..5699188 100644
--- a/components/dashboard/Locations.tsx
+++ b/components/dashboard/Locations.tsx
@@ -247,8 +247,8 @@ export default function Locations({ countries, cities, regions, geoDataLevel = '
           ) : (
             hasData ? (
               <>
-                {displayedData.map((item, index) => (
-                  <div key={index} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+                {displayedData.map((item) => (
+                  <div key={`${item.country ?? ''}-${item.region ?? ''}-${item.city ?? ''}`} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                     <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                       {activeTab === 'countries' && <span className="shrink-0">{getFlagComponent(item.country ?? '')}</span>}
                       {activeTab !== 'countries' && <span className="shrink-0">{getFlagComponent(item.country ?? '')}</span>}
@@ -296,8 +296,8 @@ export default function Locations({ countries, cities, regions, geoDataLevel = '
               <ListSkeleton rows={10} />
             </div>
           ) : (
-            (fullData.length > 0 ? fullData : data).map((item, index) => (
-              <div key={index} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+            (fullData.length > 0 ? fullData : data).map((item) => (
+              <div key={`${item.country ?? ''}-${item.region ?? ''}-${item.city ?? ''}`} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                 <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                   <span className="shrink-0">{getFlagComponent(item.country ?? '')}</span>
                   <span className="truncate">
diff --git a/components/dashboard/TechSpecs.tsx b/components/dashboard/TechSpecs.tsx
index 8f3a82f..f4bd4cd 100644
--- a/components/dashboard/TechSpecs.tsx
+++ b/components/dashboard/TechSpecs.tsx
@@ -156,8 +156,8 @@ export default function TechSpecs({ browsers, os, devices, screenResolutions, co
             </div>
           ) : hasData ? (
             <>
-              {displayedData.map((item, index) => (
-                <div key={index} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+              {displayedData.map((item) => (
+                <div key={item.name} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                   <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                     {item.icon && <span className="text-lg">{item.icon}</span>}
                     <span className="truncate">{item.name}</span>
@@ -198,8 +198,8 @@ export default function TechSpecs({ browsers, os, devices, screenResolutions, co
               <ListSkeleton rows={10} />
             </div>
           ) : (
-            (fullData.length > 0 ? fullData : data).map((item, index) => (
-              <div key={index} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+            (fullData.length > 0 ? fullData : data).map((item) => (
+              <div key={item.name} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                 <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                   {item.icon && <span className="text-lg">{item.icon}</span>}
                   <span className="truncate">{item.name === 'Unknown' ? 'Unknown' : item.name}</span>
diff --git a/components/dashboard/TopReferrers.tsx b/components/dashboard/TopReferrers.tsx
index 9e9fb1c..05cb903 100644
--- a/components/dashboard/TopReferrers.tsx
+++ b/components/dashboard/TopReferrers.tsx
@@ -102,8 +102,8 @@ export default function TopReferrers({ referrers, collectReferrers = true, siteI
             </div>
           ) : hasData ? (
             <>
-              {displayedReferrers.map((ref, index) => (
-                <div key={index} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+              {displayedReferrers.map((ref) => (
+                <div key={ref.referrer} className="flex items-center justify-between h-9 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                   <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                     {renderReferrerIcon(ref.referrer)}
                     <span className="truncate" title={ref.referrer}>{getReferrerDisplayName(ref.referrer)}</span>
@@ -144,8 +144,8 @@ export default function TopReferrers({ referrers, collectReferrers = true, siteI
               <ListSkeleton rows={10} />
             </div>
           ) : (
-            mergeReferrersByDisplayName(fullData.length > 0 ? fullData : filteredReferrers).map((ref, index) => (
-              <div key={index} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
+            mergeReferrersByDisplayName(fullData.length > 0 ? fullData : filteredReferrers).map((ref) => (
+              <div key={ref.referrer} className="flex items-center justify-between py-2 group hover:bg-neutral-50 dark:hover:bg-neutral-800 rounded-lg px-2 -mx-2 transition-colors">
                 <div className="flex-1 truncate text-neutral-900 dark:text-white flex items-center gap-3">
                   {renderReferrerIcon(ref.referrer)}
                   <span className="truncate" title={ref.referrer}>{getReferrerDisplayName(ref.referrer)}</span>
-- 
2.49.1


From 7d3f1cb10a5e2036a0af7e106e04f3f679a099e5 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 21:25:05 +0100
Subject: [PATCH 19/22] refactor: reduce stats.ts duplication with factory
 pattern (F-10, F-21)

Introduce buildQuery helper and createListFetcher factory to eliminate
near-identical param building and list endpoint boilerplate. File reduced
from ~600 to ~310 lines (~48% reduction) with identical runtime behavior.
---
 CHANGELOG.md     |   2 +
 lib/api/stats.ts | 541 ++++++++++++++---------------------------------
 2 files changed, 163 insertions(+), 380 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f0f103..6859061 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ### Improved
 
+- **Cleaner internal API code.** The analytics data-fetching layer has been streamlined — 13 near-identical endpoint functions were consolidated using a shared pattern, cutting roughly half the code while keeping every feature working exactly as before. This makes it easier to add new analytics endpoints in the future and reduces the chance of inconsistencies between them.
+
 - **More reliable list rendering across the dashboard.** Pages, referrers, locations, devices, funnels, and other data lists now use stable identifiers (like page paths and referrer URLs) instead of array positions as their React keys. This prevents potential display glitches — such as stale data appearing in the wrong row — when lists are filtered, sorted, or updated in real time.
 - **Deleting a site now fully cleans up all its data.** Previously, deleting a site removed the site record but could leave behind orphaned analytics events in the database, slowly accumulating unused data. Now all events are cleaned up automatically in small batches before the site is removed, keeping your database tidy.
 
diff --git a/lib/api/stats.ts b/lib/api/stats.ts
index 2f4c871..250af50 100644
--- a/lib/api/stats.ts
+++ b/lib/api/stats.ts
@@ -1,6 +1,8 @@
 import apiRequest from './client'
 import { Site } from './sites'
 
+// ─── Types ──────────────────────────────────────────────────────────
+
 export interface Stats {
   pageviews: number
   visitors: number
@@ -11,7 +13,7 @@ export interface Stats {
 export interface TopPage {
   path: string
   pageviews: number
-  visits?: number // For entry/exit pages
+  visits?: number
 }
 
 export interface ScreenResolutionStat {
@@ -101,6 +103,8 @@ export interface AuthParams {
   captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
 }
 
+// ─── Helpers ────────────────────────────────────────────────────────
+
 function appendAuthParams(params: URLSearchParams, auth?: AuthParams) {
   if (auth?.password) params.append('password', auth.password)
   if (auth?.captcha?.captcha_id) params.append('captcha_id', auth.captcha.captcha_id)
@@ -108,198 +112,115 @@ function appendAuthParams(params: URLSearchParams, auth?: AuthParams) {
   if (auth?.captcha?.captcha_token) params.append('captcha_token', auth.captcha.captcha_token)
 }
 
-export async function getStats(siteId: string, startDate?: string, endDate?: string): Promise<Stats> {
+function buildQuery(
+  opts: {
+    startDate?: string
+    endDate?: string
+    limit?: number
+    interval?: string
+    countryLimit?: number
+    sort?: string
+  },
+  auth?: AuthParams
+): string {
   const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
+  if (opts.startDate) params.append('start_date', opts.startDate)
+  if (opts.endDate) params.append('end_date', opts.endDate)
+  if (opts.limit != null) params.append('limit', opts.limit.toString())
+  if (opts.interval) params.append('interval', opts.interval)
+  if (opts.countryLimit != null) params.append('country_limit', opts.countryLimit.toString())
+  if (opts.sort) params.append('sort', opts.sort)
+  if (auth) appendAuthParams(params, auth)
   const query = params.toString()
-  return apiRequest<Stats>(`/sites/${siteId}/stats${query ? `?${query}` : ''}`)
+  return query ? `?${query}` : ''
 }
 
-export async function getPublicStats(siteId: string, startDate?: string, endDate?: string, auth?: AuthParams): Promise<Stats> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  appendAuthParams(params, auth)
-  const query = params.toString()
-  return apiRequest<Stats>(`/public/sites/${siteId}/stats${query ? `?${query}` : ''}`)
+/** Factory for endpoints that return an array nested under a response key. */
+function createListFetcher<T>(path: string, field: string, defaultLimit = 10) {
+  return (siteId: string, startDate?: string, endDate?: string, limit = defaultLimit): Promise<T[]> =>
+    apiRequest<Record<string, T[]>>(`/sites/${siteId}/${path}${buildQuery({ startDate, endDate, limit })}`)
+      .then(r => r?.[field] || [])
 }
 
-export async function getRealtime(siteId: string): Promise<RealtimeStats> {
+// ─── List Endpoints ─────────────────────────────────────────────────
+
+export const getTopPages = createListFetcher<TopPage>('pages', 'pages')
+export const getTopReferrers = createListFetcher<TopReferrer>('referrers', 'referrers')
+export const getCountries = createListFetcher<CountryStat>('countries', 'countries')
+export const getCities = createListFetcher<CityStat>('cities', 'cities')
+export const getRegions = createListFetcher<RegionStat>('regions', 'regions')
+export const getBrowsers = createListFetcher<BrowserStat>('browsers', 'browsers')
+export const getOS = createListFetcher<OSStat>('os', 'os')
+export const getDevices = createListFetcher<DeviceStat>('devices', 'devices')
+export const getEntryPages = createListFetcher<TopPage>('entry-pages', 'pages')
+export const getExitPages = createListFetcher<TopPage>('exit-pages', 'pages')
+export const getScreenResolutions = createListFetcher<ScreenResolutionStat>('screen-resolutions', 'screen_resolutions')
+export const getGoalStats = createListFetcher<GoalCountStat>('goals/stats', 'goal_counts', 20)
+export const getCampaigns = createListFetcher<CampaignStat>('campaigns', 'campaigns')
+
+// ─── Stats & Realtime ───────────────────────────────────────────────
+
+export function getStats(siteId: string, startDate?: string, endDate?: string): Promise<Stats> {
+  return apiRequest<Stats>(`/sites/${siteId}/stats${buildQuery({ startDate, endDate })}`)
+}
+
+export function getPublicStats(siteId: string, startDate?: string, endDate?: string, auth?: AuthParams): Promise<Stats> {
+  return apiRequest<Stats>(`/public/sites/${siteId}/stats${buildQuery({ startDate, endDate }, auth)}`)
+}
+
+export function getRealtime(siteId: string): Promise<RealtimeStats> {
   return apiRequest<RealtimeStats>(`/sites/${siteId}/realtime`)
 }
 
-export async function getPublicRealtime(siteId: string, auth?: AuthParams): Promise<RealtimeStats> {
-  const params = new URLSearchParams()
-  appendAuthParams(params, auth)
-  return apiRequest<RealtimeStats>(`/public/sites/${siteId}/realtime?${params.toString()}`)
+export function getPublicRealtime(siteId: string, auth?: AuthParams): Promise<RealtimeStats> {
+  return apiRequest<RealtimeStats>(`/public/sites/${siteId}/realtime${buildQuery({}, auth)}`)
 }
 
-export async function getTopPages(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<TopPage[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ pages: TopPage[] }>(`/sites/${siteId}/pages?${params.toString()}`).then(r => r?.pages || [])
+// ─── Daily Stats ────────────────────────────────────────────────────
+
+export function getDailyStats(siteId: string, startDate?: string, endDate?: string, interval?: string): Promise<DailyStat[]> {
+  return apiRequest<{ stats: DailyStat[] }>(`/sites/${siteId}/daily${buildQuery({ startDate, endDate, interval })}`)
+    .then(r => r?.stats || [])
 }
 
-export async function getTopReferrers(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<TopReferrer[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ referrers: TopReferrer[] }>(`/sites/${siteId}/referrers?${params.toString()}`).then(r => r?.referrers || [])
+export function getPublicDailyStats(siteId: string, startDate?: string, endDate?: string, interval?: string, auth?: AuthParams): Promise<DailyStat[]> {
+  return apiRequest<{ stats: DailyStat[] }>(`/public/sites/${siteId}/daily${buildQuery({ startDate, endDate, interval }, auth)}`)
+    .then(r => r?.stats || [])
 }
 
-export async function getCountries(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<CountryStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ countries: CountryStat[] }>(`/sites/${siteId}/countries?${params.toString()}`).then(r => r?.countries || [])
+// ─── Public Campaigns ───────────────────────────────────────────────
+
+export function getPublicCampaigns(siteId: string, startDate?: string, endDate?: string, limit = 10, auth?: AuthParams): Promise<CampaignStat[]> {
+  return apiRequest<{ campaigns: CampaignStat[] }>(`/public/sites/${siteId}/campaigns${buildQuery({ startDate, endDate, limit }, auth)}`)
+    .then(r => r?.campaigns || [])
 }
 
-export async function getCities(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<CityStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ cities: CityStat[] }>(`/sites/${siteId}/cities?${params.toString()}`).then(r => r?.cities || [])
-}
+// ─── Performance By Page ────────────────────────────────────────────
 
-export async function getRegions(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<RegionStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ regions: RegionStat[] }>(`/sites/${siteId}/regions?${params.toString()}`).then(r => r?.regions || [])
-}
-
-export async function getBrowsers(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<BrowserStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ browsers: BrowserStat[] }>(`/sites/${siteId}/browsers?${params.toString()}`).then(r => r?.browsers || [])
-}
-
-export async function getOS(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<OSStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ os: OSStat[] }>(`/sites/${siteId}/os?${params.toString()}`).then(r => r?.os || [])
-}
-
-export async function getDevices(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<DeviceStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ devices: DeviceStat[] }>(`/sites/${siteId}/devices?${params.toString()}`).then(r => r?.devices || [])
-}
-
-export async function getDailyStats(siteId: string, startDate?: string, endDate?: string, interval?: string): Promise<DailyStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-  return apiRequest<{ stats: DailyStat[] }>(`/sites/${siteId}/daily?${params.toString()}`).then(r => r?.stats || [])
-}
-
-export async function getPublicDailyStats(siteId: string, startDate?: string, endDate?: string, interval?: string, auth?: AuthParams): Promise<DailyStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-  appendAuthParams(params, auth)
-  return apiRequest<{ stats: DailyStat[] }>(`/public/sites/${siteId}/daily?${params.toString()}`).then(r => r?.stats || [])
-}
-
-export async function getEntryPages(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<TopPage[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ pages: TopPage[] }>(`/sites/${siteId}/entry-pages?${params.toString()}`).then(r => r?.pages || [])
-}
-
-export async function getExitPages(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<TopPage[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ pages: TopPage[] }>(`/sites/${siteId}/exit-pages?${params.toString()}`).then(r => r?.pages || [])
-}
-
-export async function getScreenResolutions(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<ScreenResolutionStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ screen_resolutions: ScreenResolutionStat[] }>(`/sites/${siteId}/screen-resolutions?${params.toString()}`).then(r => r?.screen_resolutions || [])
-}
-
-export async function getPerformanceByPage(
+export function getPerformanceByPage(
   siteId: string,
   startDate?: string,
   endDate?: string,
   opts?: { limit?: number; sort?: 'lcp' | 'cls' | 'inp' }
 ): Promise<PerformanceByPageStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (opts?.limit != null) params.append('limit', String(opts.limit))
-  if (opts?.sort) params.append('sort', opts.sort)
-  const res = await apiRequest<{ performance_by_page: PerformanceByPageStat[] }>(
-    `/sites/${siteId}/performance-by-page?${params.toString()}`
-  )
-  return res?.performance_by_page ?? []
+  return apiRequest<{ performance_by_page: PerformanceByPageStat[] }>(
+    `/sites/${siteId}/performance-by-page${buildQuery({ startDate, endDate, limit: opts?.limit, sort: opts?.sort })}`
+  ).then(r => r?.performance_by_page ?? [])
 }
 
-export async function getPublicPerformanceByPage(
+export function getPublicPerformanceByPage(
   siteId: string,
   startDate?: string,
   endDate?: string,
   opts?: { limit?: number; sort?: 'lcp' | 'cls' | 'inp' },
   auth?: AuthParams
 ): Promise<PerformanceByPageStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (opts?.limit != null) params.append('limit', String(opts.limit))
-  if (opts?.sort) params.append('sort', opts.sort)
-  appendAuthParams(params, auth)
-  const res = await apiRequest<{ performance_by_page: PerformanceByPageStat[] }>(
-    `/public/sites/${siteId}/performance-by-page?${params.toString()}`
-  )
-  return res?.performance_by_page ?? []
+  return apiRequest<{ performance_by_page: PerformanceByPageStat[] }>(
+    `/public/sites/${siteId}/performance-by-page${buildQuery({ startDate, endDate, limit: opts?.limit, sort: opts?.sort }, auth)}`
+  ).then(r => r?.performance_by_page ?? [])
 }
 
-export async function getGoalStats(siteId: string, startDate?: string, endDate?: string, limit = 20): Promise<GoalCountStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ goal_counts: GoalCountStat[] }>(`/sites/${siteId}/goals/stats?${params.toString()}`).then(r => r?.goal_counts || [])
-}
-
-export async function getCampaigns(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<CampaignStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<{ campaigns: CampaignStat[] }>(`/sites/${siteId}/campaigns?${params.toString()}`).then(r => r?.campaigns || [])
-}
-
-export async function getPublicCampaigns(siteId: string, startDate?: string, endDate?: string, limit = 10, auth?: AuthParams): Promise<CampaignStat[]> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  appendAuthParams(params, auth)
-  return apiRequest<{ campaigns: CampaignStat[] }>(`/public/sites/${siteId}/campaigns?${params.toString()}`).then(r => r?.campaigns || [])
-}
+// ─── Full Dashboard ─────────────────────────────────────────────────
 
 export interface DashboardData {
   site: Site
@@ -322,16 +243,11 @@ export interface DashboardData {
   goal_counts?: GoalCountStat[]
 }
 
-export async function getDashboard(siteId: string, startDate?: string, endDate?: string, limit = 10, interval?: string): Promise<DashboardData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardData>(`/sites/${siteId}/dashboard?${params.toString()}`)
+export function getDashboard(siteId: string, startDate?: string, endDate?: string, limit = 10, interval?: string): Promise<DashboardData> {
+  return apiRequest<DashboardData>(`/sites/${siteId}/dashboard${buildQuery({ startDate, endDate, limit, interval })}`)
 }
 
-export async function getPublicDashboard(
+export function getPublicDashboard(
   siteId: string,
   startDate?: string,
   endDate?: string,
@@ -340,21 +256,12 @@ export async function getPublicDashboard(
   password?: string,
   captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
 ): Promise<DashboardData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-
-  appendAuthParams(params, { password, captcha })
-
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardData>(`/public/sites/${siteId}/dashboard?${params.toString()}`)
+  return apiRequest<DashboardData>(
+    `/public/sites/${siteId}/dashboard${buildQuery({ startDate, endDate, limit, interval }, { password, captcha })}`
+  )
 }
 
-// * ============================================================================
-// * Focused Dashboard Endpoints (Fix 4.2: Efficient Data Transfer)
-// * These split the massive dashboard payload into smaller, focused chunks
-// * ============================================================================
+// ─── Focused Dashboard Endpoints ────────────────────────────────────
 
 export interface DashboardOverviewData {
   site: Site
@@ -363,109 +270,18 @@ export interface DashboardOverviewData {
   daily_stats: DailyStat[]
 }
 
-export async function getDashboardOverview(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  interval?: string
-): Promise<DashboardOverviewData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-  return apiRequest<DashboardOverviewData>(`/sites/${siteId}/dashboard/overview?${params.toString()}`)
-}
-
-export async function getPublicDashboardOverview(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  interval?: string,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardOverviewData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  if (interval) params.append('interval', interval)
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardOverviewData>(`/public/sites/${siteId}/dashboard/overview?${params.toString()}`)
-}
-
 export interface DashboardPagesData {
   top_pages: TopPage[]
   entry_pages: TopPage[]
   exit_pages: TopPage[]
 }
 
-export async function getDashboardPages(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10
-): Promise<DashboardPagesData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardPagesData>(`/sites/${siteId}/dashboard/pages?${params.toString()}`)
-}
-
-export async function getPublicDashboardPages(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardPagesData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardPagesData>(`/public/sites/${siteId}/dashboard/pages?${params.toString()}`)
-}
-
 export interface DashboardLocationsData {
   countries: CountryStat[]
   cities: CityStat[]
   regions: RegionStat[]
 }
 
-export async function getDashboardLocations(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  countryLimit = 250
-): Promise<DashboardLocationsData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  params.append('country_limit', countryLimit.toString())
-  return apiRequest<DashboardLocationsData>(`/sites/${siteId}/dashboard/locations?${params.toString()}`)
-}
-
-export async function getPublicDashboardLocations(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  countryLimit = 250,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardLocationsData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  params.append('country_limit', countryLimit.toString())
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardLocationsData>(`/public/sites/${siteId}/dashboard/locations?${params.toString()}`)
-}
-
 export interface DashboardDevicesData {
   browsers: BrowserStat[]
   os: OSStat[]
@@ -473,127 +289,92 @@ export interface DashboardDevicesData {
   screen_resolutions: ScreenResolutionStat[]
 }
 
-export async function getDashboardDevices(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10
-): Promise<DashboardDevicesData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardDevicesData>(`/sites/${siteId}/dashboard/devices?${params.toString()}`)
-}
-
-export async function getPublicDashboardDevices(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardDevicesData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardDevicesData>(`/public/sites/${siteId}/dashboard/devices?${params.toString()}`)
-}
-
 export interface DashboardReferrersData {
   top_referrers: TopReferrer[]
 }
 
-export async function getDashboardReferrers(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10
-): Promise<DashboardReferrersData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardReferrersData>(`/sites/${siteId}/dashboard/referrers?${params.toString()}`)
-}
-
-export async function getPublicDashboardReferrers(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardReferrersData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardReferrersData>(`/public/sites/${siteId}/dashboard/referrers?${params.toString()}`)
-}
-
 export interface DashboardPerformanceData {
   performance?: PerformanceStats
   performance_by_page?: PerformanceByPageStat[]
 }
 
-export async function getDashboardPerformance(
-  siteId: string,
-  startDate?: string,
-  endDate?: string
-): Promise<DashboardPerformanceData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  return apiRequest<DashboardPerformanceData>(`/sites/${siteId}/dashboard/performance?${params.toString()}`)
-}
-
-export async function getPublicDashboardPerformance(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardPerformanceData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardPerformanceData>(`/public/sites/${siteId}/dashboard/performance?${params.toString()}`)
-}
-
 export interface DashboardGoalsData {
   goal_counts: GoalCountStat[]
 }
 
-export async function getDashboardGoals(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10
-): Promise<DashboardGoalsData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  return apiRequest<DashboardGoalsData>(`/sites/${siteId}/dashboard/goals?${params.toString()}`)
+export function getDashboardOverview(siteId: string, startDate?: string, endDate?: string, interval?: string): Promise<DashboardOverviewData> {
+  return apiRequest<DashboardOverviewData>(`/sites/${siteId}/dashboard/overview${buildQuery({ startDate, endDate, interval })}`)
 }
 
-export async function getPublicDashboardGoals(
-  siteId: string,
-  startDate?: string,
-  endDate?: string,
-  limit = 10,
-  password?: string,
-  captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
-): Promise<DashboardGoalsData> {
-  const params = new URLSearchParams()
-  if (startDate) params.append('start_date', startDate)
-  if (endDate) params.append('end_date', endDate)
-  params.append('limit', limit.toString())
-  appendAuthParams(params, { password, captcha })
-  return apiRequest<DashboardGoalsData>(`/public/sites/${siteId}/dashboard/goals?${params.toString()}`)
+export function getPublicDashboardOverview(
+  siteId: string, startDate?: string, endDate?: string, interval?: string,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardOverviewData> {
+  return apiRequest<DashboardOverviewData>(`/public/sites/${siteId}/dashboard/overview${buildQuery({ startDate, endDate, interval }, { password, captcha })}`)
+}
+
+export function getDashboardPages(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<DashboardPagesData> {
+  return apiRequest<DashboardPagesData>(`/sites/${siteId}/dashboard/pages${buildQuery({ startDate, endDate, limit })}`)
+}
+
+export function getPublicDashboardPages(
+  siteId: string, startDate?: string, endDate?: string, limit = 10,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardPagesData> {
+  return apiRequest<DashboardPagesData>(`/public/sites/${siteId}/dashboard/pages${buildQuery({ startDate, endDate, limit }, { password, captcha })}`)
+}
+
+export function getDashboardLocations(siteId: string, startDate?: string, endDate?: string, limit = 10, countryLimit = 250): Promise<DashboardLocationsData> {
+  return apiRequest<DashboardLocationsData>(`/sites/${siteId}/dashboard/locations${buildQuery({ startDate, endDate, limit, countryLimit })}`)
+}
+
+export function getPublicDashboardLocations(
+  siteId: string, startDate?: string, endDate?: string, limit = 10, countryLimit = 250,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardLocationsData> {
+  return apiRequest<DashboardLocationsData>(`/public/sites/${siteId}/dashboard/locations${buildQuery({ startDate, endDate, limit, countryLimit }, { password, captcha })}`)
+}
+
+export function getDashboardDevices(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<DashboardDevicesData> {
+  return apiRequest<DashboardDevicesData>(`/sites/${siteId}/dashboard/devices${buildQuery({ startDate, endDate, limit })}`)
+}
+
+export function getPublicDashboardDevices(
+  siteId: string, startDate?: string, endDate?: string, limit = 10,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardDevicesData> {
+  return apiRequest<DashboardDevicesData>(`/public/sites/${siteId}/dashboard/devices${buildQuery({ startDate, endDate, limit }, { password, captcha })}`)
+}
+
+export function getDashboardReferrers(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<DashboardReferrersData> {
+  return apiRequest<DashboardReferrersData>(`/sites/${siteId}/dashboard/referrers${buildQuery({ startDate, endDate, limit })}`)
+}
+
+export function getPublicDashboardReferrers(
+  siteId: string, startDate?: string, endDate?: string, limit = 10,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardReferrersData> {
+  return apiRequest<DashboardReferrersData>(`/public/sites/${siteId}/dashboard/referrers${buildQuery({ startDate, endDate, limit }, { password, captcha })}`)
+}
+
+export function getDashboardPerformance(siteId: string, startDate?: string, endDate?: string): Promise<DashboardPerformanceData> {
+  return apiRequest<DashboardPerformanceData>(`/sites/${siteId}/dashboard/performance${buildQuery({ startDate, endDate })}`)
+}
+
+export function getPublicDashboardPerformance(
+  siteId: string, startDate?: string, endDate?: string,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardPerformanceData> {
+  return apiRequest<DashboardPerformanceData>(`/public/sites/${siteId}/dashboard/performance${buildQuery({ startDate, endDate }, { password, captcha })}`)
+}
+
+export function getDashboardGoals(siteId: string, startDate?: string, endDate?: string, limit = 10): Promise<DashboardGoalsData> {
+  return apiRequest<DashboardGoalsData>(`/sites/${siteId}/dashboard/goals${buildQuery({ startDate, endDate, limit })}`)
+}
+
+export function getPublicDashboardGoals(
+  siteId: string, startDate?: string, endDate?: string, limit = 10,
+  password?: string, captcha?: { captcha_id?: string, captcha_solution?: string, captcha_token?: string }
+): Promise<DashboardGoalsData> {
+  return apiRequest<DashboardGoalsData>(`/public/sites/${siteId}/dashboard/goals${buildQuery({ startDate, endDate, limit }, { password, captcha })}`)
 }
-- 
2.49.1


From 70f46ba63cd6fad42d7703cef3544d5dd88f29a0 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sun, 1 Mar 2026 21:37:27 +0100
Subject: [PATCH 20/22] docs: changelog entries for backend API cleanup (B-32,
 B-13, B-12)

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6859061..0fbc7e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 ### Improved
 
 - **Cleaner internal API code.** The analytics data-fetching layer has been streamlined — 13 near-identical endpoint functions were consolidated using a shared pattern, cutting roughly half the code while keeping every feature working exactly as before. This makes it easier to add new analytics endpoints in the future and reduces the chance of inconsistencies between them.
+- **Simpler endpoint management on the backend.** The backend previously required adding every new analytics endpoint in two separate places — one for public dashboards and one for authenticated users. A shared route table now handles both automatically, so new endpoints only need to be defined once. This reduces the chance of one side getting out of sync with the other.
+
+### Fixed
+
+- **Rate limiting now works correctly for all visitors.** A bug in the backend meant that IP-based rate limiting — which protects against abuse on public dashboards and the tracking script — was treating all visitors as the same person. A single heavy user could hit the limit for everyone. Rate limiting now correctly identifies individual visitors, so one bad actor can't affect others.
 
 - **More reliable list rendering across the dashboard.** Pages, referrers, locations, devices, funnels, and other data lists now use stable identifiers (like page paths and referrer URLs) instead of array positions as their React keys. This prevents potential display glitches — such as stale data appearing in the wrong row — when lists are filtered, sorted, or updated in real time.
 - **Deleting a site now fully cleans up all its data.** Previously, deleting a site removed the site record but could leave behind orphaned analytics events in the database, slowly accumulating unused data. Now all events are cleaned up automatically in small batches before the site is removed, keeping your database tidy.
-- 
2.49.1


From c9fd949ae1d2d7914f3c80fbd2c341ed1210ae1b Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Mon, 2 Mar 2026 21:58:34 +0100
Subject: [PATCH 21/22] chore: bump @ciphera-net/ui to ^0.0.79

---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2803960..2a7e9b6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
       "name": "pulse-frontend",
       "version": "0.12.0-alpha",
       "dependencies": {
-        "@ciphera-net/ui": "^0.0.78",
+        "@ciphera-net/ui": "^0.0.79",
         "@ducanh2912/next-pwa": "^10.2.9",
         "@radix-ui/react-icons": "^1.3.0",
         "@simplewebauthn/browser": "^13.2.2",
@@ -1665,9 +1665,9 @@
       }
     },
     "node_modules/@ciphera-net/ui": {
-      "version": "0.0.78",
-      "resolved": "https://npm.pkg.github.com/download/@ciphera-net/ui/0.0.78/d012b211ddba7a83f7468ec269a842709a2409b9",
-      "integrity": "sha512-c9B/cZggjWnCSpICEvRBAAPgsRfjN2j3NFczQRZxRR6sZmzkwd3KzEbDfTEa2DUExBMWB4+bOgiCz+AnP2OR3g==",
+      "version": "0.0.79",
+      "resolved": "https://npm.pkg.github.com/download/@ciphera-net/ui/0.0.79/11371f19607016d14b0343a698d5f2ef22360c0c",
+      "integrity": "sha512-Th7jVpsf2Qjf5o8ZP1315xJ4q09fb3zo5rPwAiK7jQZGl9AIZU8qw33wJchDKJU7dwo9YetKFvP60lnqseadnA==",
       "dependencies": {
         "@radix-ui/react-icons": "^1.3.0",
         "clsx": "^2.1.0",
diff --git a/package.json b/package.json
index 992a20e..bee7832 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,7 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@ciphera-net/ui": "^0.0.78",
+    "@ciphera-net/ui": "^0.0.79",
     "@ducanh2912/next-pwa": "^10.2.9",
     "@radix-ui/react-icons": "^1.3.0",
     "@simplewebauthn/browser": "^13.2.2",
-- 
2.49.1


From 564c853f7fd86d2dd236a75a232b78cfe7adc9d5 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Mon, 2 Mar 2026 23:31:55 +0100
Subject: [PATCH 22/22] Bump version to 0.13.0-alpha and move unreleased
 changelog items

---
 CHANGELOG.md | 60 +++++++++++++++++++++++-----------------------------
 package.json |  2 +-
 2 files changed, 28 insertions(+), 34 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0fbc7e5..5f51b4d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,33 +6,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ## [Unreleased]
 
+## [0.13.0-alpha] - 2026-03-02
+
 ### Improved
 
 - **Cleaner internal API code.** The analytics data-fetching layer has been streamlined — 13 near-identical endpoint functions were consolidated using a shared pattern, cutting roughly half the code while keeping every feature working exactly as before. This makes it easier to add new analytics endpoints in the future and reduces the chance of inconsistencies between them.
 - **Simpler endpoint management on the backend.** The backend previously required adding every new analytics endpoint in two separate places — one for public dashboards and one for authenticated users. A shared route table now handles both automatically, so new endpoints only need to be defined once. This reduces the chance of one side getting out of sync with the other.
-
-### Fixed
-
-- **Rate limiting now works correctly for all visitors.** A bug in the backend meant that IP-based rate limiting — which protects against abuse on public dashboards and the tracking script — was treating all visitors as the same person. A single heavy user could hit the limit for everyone. Rate limiting now correctly identifies individual visitors, so one bad actor can't affect others.
-
-- **More reliable list rendering across the dashboard.** Pages, referrers, locations, devices, funnels, and other data lists now use stable identifiers (like page paths and referrer URLs) instead of array positions as their React keys. This prevents potential display glitches — such as stale data appearing in the wrong row — when lists are filtered, sorted, or updated in real time.
-- **Deleting a site now fully cleans up all its data.** Previously, deleting a site removed the site record but could leave behind orphaned analytics events in the database, slowly accumulating unused data. Now all events are cleaned up automatically in small batches before the site is removed, keeping your database tidy.
-
 - **Modern config loading for the app.** The app's configuration file now uses proper ES module imports instead of an older CommonJS pattern. This aligns with modern JavaScript standards and enables better tooling support.
 - **Complete API documentation in the backend README.** The developer documentation now lists all 80+ endpoints organized by category — ingestion, public dashboard, sites, analytics, real-time, goals, funnels, uptime, billing, notifications, admin, and audit. Previously only 12 endpoints were documented, which understated the full scope of the system.
 - **Login page now shows a loading screen while redirecting.** Previously, the login page briefly showed a blank white screen before redirecting you to the sign-in page. You'll now see the Pulse logo and a "Redirecting to log in..." message, matching the signup page experience.
-- **Team members can now view real-time visitor data.** Previously, only the person who originally created a site could see live visitors and session details. Now any team member in the same organization can access real-time data for all their shared sites — the same way the rest of the dashboard already works.
 - **More reliable duplicate detection for goals.** When creating or updating a goal with a name that already exists, Pulse now uses the database's built-in error codes instead of checking error message text. This means duplicate goal detection works reliably regardless of database version or language settings.
 - **More consistent builds across environments.** The backend Docker image now uses a pinned operating system version instead of "latest," so builds produce identical results whether run today or months from now.
 - **Cleaner internal code for cookie handling.** Cookie domain logic that was duplicated in two places is now shared, reducing the chance of the two copies drifting out of sync during future changes.
-
 - **Smoother navigation across the app.** Switching pages, changing organizations, or signing in no longer triggers unnecessary background checks. Previously, an internal effect re-ran on every navigation because it watched the entire user object for changes — now it only reacts when your authentication state or organization actually changes. This makes page transitions faster and reduces redundant network requests.
 - **Faster uptime data cleanup under heavy usage.** Old uptime check records are now removed in small batches instead of all at once. Previously, a single large deletion could briefly slow down database performance when months of monitoring data had accumulated. Cleanup now runs incrementally so your dashboard stays responsive throughout.
 - **More reliable automated testing.** Backend tests that verify authentication and billing no longer rely on a fragile internal shortcut that could mask real bugs. If a code change accidentally reaches the database during a test, it now fails gracefully with a clear error instead of crashing silently.
 - **Database queries are now verified automatically before every release.** A new step in our release process runs all database operations against a real PostgreSQL database — including applying all schema migrations — so we catch query errors, missing columns, and data-access bugs before they reach production.
 - **Safer database schema changes.** The large migration that restructured how your analytics data is stored now has a documented rollback procedure. If anything goes wrong during a database upgrade, we can revert cleanly instead of requiring manual intervention.
 - **Easier setup for new developers.** Building and testing Pulse no longer requires a specific directory layout on your machine. All builds use a pre-packaged snapshot of dependencies, so you can clone the project and start working immediately without extra setup steps.
-
 - **Faster, smarter dashboard data loading.** Your dashboard now loads each section independently using an intelligent caching strategy. Data refreshes happen automatically in the background, and when you switch tabs the app pauses updates to save resources — resuming instantly when you return. This replaces the previous approach where everything loaded in one large batch, meaning your charts, visitor maps, and stats now appear faster and update more reliably.
 - **Better data accuracy across the dashboard.** All data displayed on the dashboard — pages, locations, devices, referrers, performance metrics, and goals — is now fully typed end-to-end. This eliminates an entire class of potential display bugs where data could be misinterpreted between the server and your screen.
 - **Dashboard stays fast under heavy traffic.** When many users view their dashboards at the same time, the backend now limits how many data queries run in parallel so it doesn't overwhelm the database. If you navigate away while the dashboard is loading, queries are cancelled immediately instead of continuing to run in the background.
@@ -40,30 +31,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 - **Clearer error trails across the system.** Every database operation now includes context about what was happening when an error occurred. Instead of vague failures, support can trace problems back to their exact source — so if an issue affects your analytics, it gets identified and resolved much more quickly.
 - **Clearer rate limiting for analytics tracking.** When your tracking script sends too many events from the same session, Pulse now tells the script explicitly that the request was rejected. Previously, these events were silently accepted but never recorded, which could make your visitor counts look lower than expected without any visible explanation.
 - **Earlier detection of configuration problems.** The server now checks your email and internal integration settings at startup and warns you immediately if anything looks incomplete. Previously, you might not discover a misconfigured email setting until a billing alert or uptime notification failed to send.
-
-### Fixed
-
-- **Consistent date handling across all analytics.** Funnel analytics now use the same date format (`YYYY-MM-DD`) as every other part of Pulse. Previously, funnels required a different, more technical date format, which meant date range pickers and bookmarked links didn't always work correctly between funnels and the rest of the dashboard.
-
-- **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
-- **Real-time visitor count no longer stops updating.** The dashboard's live visitor counter would quickly hit a rate limit and stop refreshing, showing "Site not found" errors. The limit was too low for normal polling, especially with multiple tabs open. It now has enough headroom for typical usage.
-- **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
-- **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
 - **Safer campaign date handling.** Campaign analytics now use the same date validation as the rest of the app, including checks for invalid ranges and a maximum span of one year. Previously, campaigns used separate date parsing that skipped these checks.
-- **Better crash protection in goals and real-time views.** Fixed an issue where the backend could crash under rare conditions when checking permissions for goals or real-time visitor data. The app now handles unexpected values gracefully instead of crashing.
 - **Full React 19 type coverage.** Upgraded TypeScript type definitions to match the React 19 runtime. Previously, the type definitions lagged behind at React 18, which could hide bugs and miss new React 19 APIs during development.
-
-### Removed
-
-- **Cleaned up unused files.** Removed six leftover component and utility files that were no longer used anywhere in the app, along with dead backend code. This reduces clutter and keeps the codebase easier to navigate.
-- **Removed unused backend code.** Deleted an old CORS middleware that was never wired up, and an 80-line legacy funnel query that had been superseded by a faster implementation. Less code means fewer things to maintain and audit.
-
-- **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
 - **Lower resource usage under load.** The backend now uses a single shared connection to Redis instead of opening dozens of separate ones. Previously, each rate limiter and internal component created its own connection pool, which could waste resources and risk hitting connection limits during heavy traffic.
 - **More reliable billing operations.** Billing actions like changing your plan, cancelling, and viewing invoices now benefit from the same automatic session refresh, request tracing, and error handling as the rest of the app. Previously, these used a separate internal path that could fail silently if your session expired mid-action.
-- **Session list now correctly highlights your current session.** The active sessions list in settings now properly identifies which session you're currently using. Previously, the "current session" marker never appeared due to an internal mismatch in how sessions were identified.
-- **Notifications no longer fail to load on sign-in.** The notification bell now loads correctly even when the app is still setting up your workspace context. Previously, it could briefly show an error right after signing in.
-- **Fixed a service worker error on first visit.** Removed leftover icon files with invalid filenames that caused a caching error in the background. This had no visible effect but produced console warnings.
 - **Stronger browser protection with Content Security Policy.** The app now tells your browser exactly which resources it's allowed to load — scripts, styles, images, and API connections are restricted to trusted sources only. This adds an extra layer of defence against cross-site scripting (XSS) attacks.
 - **Tighter cross-origin request handling.** The backend now only accepts requests from known Pulse and Ciphera origins instead of any website. This prevents other sites from making authenticated requests on your behalf.
 - **Stricter environment security checks.** Staging and other non-development deployments now refuse to start if critical secrets haven't been configured, catching configuration mistakes before they reach users.
@@ -72,9 +43,31 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 - **Stricter input validation on admin pages.** The internal admin panel now validates organisation identifiers before processing requests, preventing malformed data from reaching the database.
 - **Error messages no longer reveal internal details.** When you submit an invalid form, the error message now says "Invalid request body" instead of exposing internal field names and validation rules. This makes error messages cleaner while keeping your data safer.
 - **Better request cancellation for billing operations.** All billing-related database operations can now be properly cancelled if you navigate away or your connection drops. Previously, some operations would continue running in the background even after you left the page.
-- **More reliable database migrations.** The migration system no longer silently skips partially failed database updates. If an update fails, it stops immediately so the issue can be identified and fixed — rather than marking it as complete and moving on with missing changes.
 - **More resilient event processing.** The background system that processes your analytics events now automatically recovers from unexpected errors instead of silently stopping. If something goes wrong, it restarts itself and continues processing — so you never lose incoming analytics data.
 
+### Fixed
+
+- **Rate limiting now works correctly for all visitors.** A bug in the backend meant that IP-based rate limiting — which protects against abuse on public dashboards and the tracking script — was treating all visitors as the same person. A single heavy user could hit the limit for everyone. Rate limiting now correctly identifies individual visitors, so one bad actor can't affect others.
+- **More reliable list rendering across the dashboard.** Pages, referrers, locations, devices, funnels, and other data lists now use stable identifiers (like page paths and referrer URLs) instead of array positions as their React keys. This prevents potential display glitches — such as stale data appearing in the wrong row — when lists are filtered, sorted, or updated in real time.
+- **Deleting a site now fully cleans up all its data.** Previously, deleting a site removed the site record but could leave behind orphaned analytics events in the database, slowly accumulating unused data. Now all events are cleaned up automatically in small batches before the site is removed, keeping your database tidy.
+- **Team members can now view real-time visitor data.** Previously, only the person who originally created a site could see live visitors and session details. Now any team member in the same organization can access real-time data for all their shared sites — the same way the rest of the dashboard already works.
+- **Consistent date handling across all analytics.** Funnel analytics now use the same date format (`YYYY-MM-DD`) as every other part of Pulse. Previously, funnels required a different, more technical date format, which meant date range pickers and bookmarked links didn't always work correctly between funnels and the rest of the dashboard.
+- **Tracking script now works on all tracked websites.** Page views were silently failing to record when the tracking script ran on your website. Two issues were at play: the backend was rejecting analytics data sent from tracked sites, and even after that was resolved, events were silently dropped during processing because they were missing a required identifier. Both are now fixed — your dashboard receives visits from all registered domains as expected.
+- **Real-time visitor count no longer stops updating.** The dashboard's live visitor counter would quickly hit a rate limit and stop refreshing, showing "Site not found" errors. The limit was too low for normal polling, especially with multiple tabs open. It now has enough headroom for typical usage.
+- **Funnel details now load correctly.** Opening a funnel showed "Unable to load funnel" with a server error. An internal query was referencing data that no longer existed at that stage of processing, causing it to fail every time. Funnels now load and display step-by-step conversion data as expected.
+- **App switcher and site icons now load correctly.** The Pulse, Drop, and Auth logos in the app switcher — and site favicons on the dashboard — were blocked by the browser's Content Security Policy. The policy now allows images from Ciphera's own domain and Google's favicon service, so all icons display as expected.
+- **Better crash protection in goals and real-time views.** Fixed an issue where the backend could crash under rare conditions when checking permissions for goals or real-time visitor data. The app now handles unexpected values gracefully instead of crashing.
+- **More reliable service health reporting.** The backend health check no longer falsely reports the service as unhealthy after sustained traffic. Previously, an internal counter grew over time and would eventually cross a fixed threshold — even under normal load — causing orchestrators to unnecessarily restart the service.
+- **Session list now correctly highlights your current session.** The active sessions list in settings now properly identifies which session you're currently using. Previously, the "current session" marker never appeared due to an internal mismatch in how sessions were identified.
+- **Notifications no longer fail to load on sign-in.** The notification bell now loads correctly even when the app is still setting up your workspace context. Previously, it could briefly show an error right after signing in.
+- **Fixed a service worker error on first visit.** Removed leftover icon files with invalid filenames that caused a caching error in the background. This had no visible effect but produced console warnings.
+- **More reliable database migrations.** The migration system no longer silently skips partially failed database updates. If an update fails, it stops immediately so the issue can be identified and fixed — rather than marking it as complete and moving on with missing changes.
+
+### Removed
+
+- **Cleaned up unused files.** Removed six leftover component and utility files that were no longer used anywhere in the app, along with dead backend code. This reduces clutter and keeps the codebase easier to navigate.
+- **Removed unused backend code.** Deleted an old CORS middleware that was never wired up, and an 80-line legacy funnel query that had been superseded by a faster implementation. Less code means fewer things to maintain and audit.
+
 ## [0.12.0-alpha] - 2026-03-01
 
 ### Added
@@ -292,7 +285,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 
 ---
 
-[Unreleased]: https://github.com/ciphera-net/pulse/compare/v0.12.0-alpha...HEAD
+[Unreleased]: https://github.com/ciphera-net/pulse/compare/v0.13.0-alpha...HEAD
+[0.13.0-alpha]: https://github.com/ciphera-net/pulse/compare/v0.12.0-alpha...v0.13.0-alpha
 [0.12.0-alpha]: https://github.com/ciphera-net/pulse/compare/v0.11.1-alpha...v0.12.0-alpha
 [0.11.1-alpha]: https://github.com/ciphera-net/pulse/compare/v0.11.0-alpha...v0.11.1-alpha
 [0.11.0-alpha]: https://github.com/ciphera-net/pulse/compare/v0.10.0-alpha...v0.11.0-alpha
diff --git a/package.json b/package.json
index bee7832..a0770a2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pulse-frontend",
-  "version": "0.12.0-alpha",
+  "version": "0.13.0-alpha",
   "private": true,
   "scripts": {
     "dev": "next dev",
-- 
2.49.1