🗑️ Remove gateway got replaced by turbine one

🗑️ Remove debug include in timeline

.github/workflows/docker-build.yml

@@ -27,8 +27,8 @@ jobs:
         run: |
           files="${{ steps.changed-files.outputs.files }}"
           matrix="{\"include\":[]}"
-          services=("Sphere" "Pass" "Ring" "Drive" "Develop" "Gateway" "Insight")
+          services=("Sphere" "Pass" "Ring" "Drive" "Develop" "Gateway" "Insight" "Zone")
-          images=("sphere" "pass" "ring" "drive" "develop" "gateway" "insight")
+          images=("sphere" "pass" "ring" "drive" "develop" "gateway" "insight" "zone")
           changed_services=()
 
           for file in $files; do

DysonNetwork.Control/AppHost.cs

@@ -1,71 +0,0 @@
-using Microsoft.Extensions.Hosting;
-
-var builder = DistributedApplication.CreateBuilder(args);
-
-var isDev = builder.Environment.IsDevelopment();
-
-var cache = builder.AddRedis("cache");
-var queue = builder.AddNats("queue").WithJetStream();
-
-var ringService = builder.AddProject<Projects.DysonNetwork_Ring>("ring");
-var passService = builder.AddProject<Projects.DysonNetwork_Pass>("pass")
-    .WithReference(ringService);
-var driveService = builder.AddProject<Projects.DysonNetwork_Drive>("drive")
-    .WithReference(passService)
-    .WithReference(ringService);
-var sphereService = builder.AddProject<Projects.DysonNetwork_Sphere>("sphere")
-    .WithReference(passService)
-    .WithReference(ringService)
-    .WithReference(driveService);
-var developService = builder.AddProject<Projects.DysonNetwork_Develop>("develop")
-    .WithReference(passService)
-    .WithReference(ringService)
-    .WithReference(sphereService);
-var insightService = builder.AddProject<Projects.DysonNetwork_Insight>("insight")
-    .WithReference(passService)
-    .WithReference(ringService)
-    .WithReference(sphereService)
-    .WithReference(developService);
-
-passService.WithReference(developService).WithReference(driveService);
-
-List<IResourceBuilder<ProjectResource>> services =
-    [ringService, passService, driveService, sphereService, developService, insightService];
-
-for (var idx = 0; idx < services.Count; idx++)
-{
-    var service = services[idx];
-
-    service.WithReference(cache).WithReference(queue);
-
-    var grpcPort = 7002 + idx;
-
-    if (isDev)
-    {
-        service.WithEnvironment("GRPC_PORT", grpcPort.ToString());
-
-        var httpPort = 8001 + idx;
-        service.WithEnvironment("HTTP_PORTS", httpPort.ToString());
-        service.WithHttpEndpoint(httpPort, targetPort: null, isProxied: false, name: "http");
-    }
-    else
-    {
-        service.WithHttpEndpoint(8080, targetPort: null, isProxied: false, name: "http");
-    }
-
-    service.WithEndpoint(isDev ? grpcPort : 7001, isDev ? null : 7001, "https", name: "grpc", isProxied: false);
-}
-
-// Extra double-ended references
-ringService.WithReference(passService);
-
-var gateway = builder.AddProject<Projects.DysonNetwork_Gateway>("gateway")
-    .WithEnvironment("HTTP_PORTS", "5001")
-    .WithHttpEndpoint(port: 5001, targetPort: null, isProxied: false, name: "http");
-
-foreach (var service in services)
-    gateway.WithReference(service);
-
-builder.AddDockerComposeEnvironment("docker-compose");
-
-builder.Build().Run();

DysonNetwork.Control/DysonNetwork.Control.csproj

@@ -1,28 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <Sdk Name="Aspire.AppHost.Sdk" Version="9.5.2" />
-    
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <Nullable>enable</Nullable>
-    <UserSecretsId>a68b3195-a00d-40c2-b5ed-d675356b7cde</UserSecretsId>
-    <RootNamespace>DysonNetwork.Control</RootNamespace>
-  </PropertyGroup>
-    
-  <ItemGroup>
-    <PackageReference Include="Aspire.Hosting.AppHost" Version="9.5.2" />
-    <PackageReference Include="Aspire.Hosting.Docker" Version="9.4.2-preview.1.25428.12" />
-    <PackageReference Include="Aspire.Hosting.Nats" Version="9.5.2" />
-    <PackageReference Include="Aspire.Hosting.Redis" Version="9.5.2" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\DysonNetwork.Develop\DysonNetwork.Develop.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Drive\DysonNetwork.Drive.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Pass\DysonNetwork.Pass.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Ring\DysonNetwork.Ring.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Sphere\DysonNetwork.Sphere.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Gateway\DysonNetwork.Gateway.csproj" />
-    <ProjectReference Include="..\DysonNetwork.Insight\DysonNetwork.Insight.csproj" />
-  </ItemGroup>
-</Project>

DysonNetwork.Control/Properties/launchSettings.json

@@ -1,32 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/launchsettings.json",
-  "profiles": {
-    "https": {
-      "commandName": "Project",
-      "dotnetRunMessages": true,
-      "launchBrowser": true,
-      "applicationUrl": "https://localhost:17025;http://localhost:15057",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "DOTNET_ENVIRONMENT": "Development",
-        "ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "https://localhost:21175",
-        "ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "https://localhost:22189",
-        "DOTNET_DASHBOARD_OTLP_ENDPOINT_URL": "https://localhost:21260",
-        "DOTNET_RESOURCE_SERVICE_ENDPOINT_URL": "https://localhost:22052"
-      }
-    },
-    "http": {
-      "commandName": "Project",
-      "dotnetRunMessages": true,
-      "launchBrowser": true,
-      "applicationUrl": "http://localhost:15057",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development",
-        "DOTNET_ENVIRONMENT": "Development",
-        "ASPIRE_DASHBOARD_OTLP_ENDPOINT_URL": "http://localhost:19163",
-        "ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL": "http://localhost:20185",
-        "DOTNET_RESOURCE_SERVICE_ENDPOINT_URL": "http://localhost:22108"
-      }
-    }
-  }
-}

DysonNetwork.Control/appsettings.json

@@ -1,11 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Warning"
-    }
-  },
-  "ConnectionStrings": {
-    "cache": "localhost:6379"
-  }
-}

DysonNetwork.Develop/AppDatabase.cs

@@ -1,3 +1,4 @@
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Design;
@@ -33,36 +34,15 @@ public class AppDatabase(
     
     public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
     {
-        var now = SystemClock.Instance.GetCurrentInstant();
+        this.ApplyAuditableAndSoftDelete();
-
-        foreach (var entry in ChangeTracker.Entries<ModelBase>())
-        {
-            switch (entry.State)
-            {
-                case EntityState.Added:
-                    entry.Entity.CreatedAt = now;
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Modified:
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Deleted:
-                    entry.State = EntityState.Modified;
-                    entry.Entity.DeletedAt = now;
-                    break;
-                case EntityState.Detached:
-                case EntityState.Unchanged:
-                default:
-                    break;
-            }
-        }
-
         return await base.SaveChangesAsync(cancellationToken);
     }
 
     protected override void OnModelCreating(ModelBuilder modelBuilder)
     {
         base.OnModelCreating(modelBuilder);
+        
+        modelBuilder.ApplySoftDeleteFilters();
     }
 }
 

DysonNetwork.Develop/Dockerfile

@@ -1,10 +1,10 @@
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base
 USER $APP_UID
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["DysonNetwork.Develop/DysonNetwork.Develop.csproj", "DysonNetwork.Develop/"]

DysonNetwork.Develop/DysonNetwork.Develop.csproj

@@ -1,23 +1,19 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net9.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="EFCore.NamingConventions" Version="9.0.0" />
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
-        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" />
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11">
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.10">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="NodaTime.Serialization.Protobuf" Version="2.0.2" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4"/>
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.NodaTime" Version="9.0.4" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.6" />
         <PackageReference Include="NodaTime" Version="3.2.2"/>
         <PackageReference Include="NodaTime.Serialization.SystemTextJson" Version="1.3.0"/>
         <PackageReference Include="Grpc.AspNetCore.Server" Version="2.71.0"/>

DysonNetwork.Develop/Identity/DeveloperController.cs

@@ -69,7 +69,7 @@ public class DeveloperController(
 
     [HttpPost("{name}/enroll")]
     [Authorize]
-    [RequiredPermission("global", "developers.create")]
+    [AskPermission("developers.create")]
     public async Task<ActionResult<SnDeveloper>> EnrollDeveloperProgram(string name)
     {
         if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();

DysonNetwork.Develop/Program.cs

@@ -7,16 +7,15 @@ using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
 
-builder.AddServiceDefaults();
+builder.AddServiceDefaults("develop");
+
+builder.Services.Configure<ServiceRegistrationOptions>(opts => { opts.Name = "develop"; });
 
 builder.ConfigureAppKestrel(builder.Configuration);
 
 builder.Services.AddAppServices(builder.Configuration);
 builder.Services.AddAppAuthentication();
 builder.Services.AddDysonAuth();
-builder.Services.AddSphereService();
-builder.Services.AddAccountService();
-builder.Services.AddDriveService();
 
 builder.AddSwaggerManifest(
     "DysonNetwork.Develop",

DysonNetwork.Develop/Startup/ApplicationConfiguration.cs

@@ -16,7 +16,7 @@ public static class ApplicationConfiguration
 
         app.UseAuthentication();
         app.UseAuthorization();
-        app.UseMiddleware<PermissionMiddleware>();
+        app.UseMiddleware<RemotePermissionMiddleware>();
 
         app.MapControllers();
         

DysonNetwork.Develop/Startup/ServiceCollectionExtensions.cs

@@ -16,9 +16,7 @@ public static class ServiceCollectionExtensions
         services.AddLocalization();
 
         services.AddDbContext<AppDatabase>();
-        services.AddSingleton<IClock>(SystemClock.Instance);
         services.AddHttpContextAccessor();
-        services.AddSingleton<ICacheService, CacheServiceRedis>();
 
         services.AddHttpClient();
 

DysonNetwork.Develop/appsettings.json

@@ -10,12 +10,21 @@
     },
     "AllowedHosts": "*",
     "ConnectionStrings": {
-    "App": "Host=localhost;Port=5432;Database=dyson_develop;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60"
+        "App": "Host=localhost;Port=5432;Database=dyson_develop;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60",
+        "Registrar": "127.0.0.1:2379",
+        "Cache": "127.0.0.1:6379",
+        "Queue": "127.0.0.1:4222"
     },
-  "KnownProxies": ["127.0.0.1", "::1"],
+    "KnownProxies": [
+        "127.0.0.1",
+        "::1"
+    ],
     "Swagger": {
         "PublicBasePath": "/develop"
     },
+    "Cache": {
+        "Serializer": "MessagePack"
+    },
     "Etcd": {
         "Insecure": true
     }

DysonNetwork.Drive/AppDatabase.cs

@@ -1,12 +1,11 @@
 using System.Linq.Expressions;
-using System.Reflection;
 using DysonNetwork.Drive.Billing;
 using DysonNetwork.Drive.Storage;
 using DysonNetwork.Drive.Storage.Model;
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Design;
-using Microsoft.EntityFrameworkCore.Query;
 using NodaTime;
 using Quartz;
 using TaskStatus = DysonNetwork.Drive.Storage.Model.TaskStatus;
@@ -24,7 +23,8 @@ public class AppDatabase(
     public DbSet<QuotaRecord> QuotaRecords { get; set; } = null!;
     
     public DbSet<SnCloudFile> Files { get; set; } = null!;
-    public DbSet<CloudFileReference> FileReferences { get; set; } = null!;
+    public DbSet<SnCloudFileReference> FileReferences { get; set; } = null!;
+    public DbSet<SnCloudFileIndex> FileIndexes { get; set; }
 
     public DbSet<PersistentTask> Tasks { get; set; } = null!;
     public DbSet<PersistentUploadTask> UploadTasks { get; set; } = null!; // Backward compatibility
@@ -45,61 +45,12 @@ public class AppDatabase(
     protected override void OnModelCreating(ModelBuilder modelBuilder)
     {
         base.OnModelCreating(modelBuilder);
-
+        modelBuilder.ApplySoftDeleteFilters();
-        // Apply soft-delete filter only to root entities, not derived types
-        foreach (var entityType in modelBuilder.Model.GetEntityTypes())
-        {
-            if (!typeof(ModelBase).IsAssignableFrom(entityType.ClrType)) continue;
-
-            // Skip derived types to avoid filter conflicts
-            var clrType = entityType.ClrType;
-            if (clrType.BaseType != typeof(object) &&
-                typeof(ModelBase).IsAssignableFrom(clrType.BaseType))
-            {
-                continue; // Skip derived types
-            }
-
-            var method = typeof(AppDatabase)
-                .GetMethod(nameof(SetSoftDeleteFilter),
-                    BindingFlags.NonPublic | BindingFlags.Static)!
-                .MakeGenericMethod(clrType);
-
-            method.Invoke(null, [modelBuilder]);
-        }
-    }
-
-    private static void SetSoftDeleteFilter<TEntity>(ModelBuilder modelBuilder)
-        where TEntity : ModelBase
-    {
-        modelBuilder.Entity<TEntity>().HasQueryFilter(e => e.DeletedAt == null);
     }
 
     public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
     {
-        var now = SystemClock.Instance.GetCurrentInstant();
+        this.ApplyAuditableAndSoftDelete();
-
-        foreach (var entry in ChangeTracker.Entries<ModelBase>())
-        {
-            switch (entry.State)
-            {
-                case EntityState.Added:
-                    entry.Entity.CreatedAt = now;
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Modified:
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Deleted:
-                    entry.State = EntityState.Modified;
-                    entry.Entity.DeletedAt = now;
-                    break;
-                case EntityState.Detached:
-                case EntityState.Unchanged:
-                default:
-                    break;
-            }
-        }
-
         return await base.SaveChangesAsync(cancellationToken);
     }
 }
@@ -203,35 +154,3 @@ public class AppDatabaseFactory : IDesignTimeDbContextFactory<AppDatabase>
         return new AppDatabase(optionsBuilder.Options, configuration);
     }
 }
-
-public static class OptionalQueryExtensions
-{
-    public static IQueryable<T> If<T>(
-        this IQueryable<T> source,
-        bool condition,
-        Func<IQueryable<T>, IQueryable<T>> transform
-    )
-    {
-        return condition ? transform(source) : source;
-    }
-
-    public static IQueryable<T> If<T, TP>(
-        this IIncludableQueryable<T, TP> source,
-        bool condition,
-        Func<IIncludableQueryable<T, TP>, IQueryable<T>> transform
-    )
-        where T : class
-    {
-        return condition ? transform(source) : source;
-    }
-
-    public static IQueryable<T> If<T, TP>(
-        this IIncludableQueryable<T, IEnumerable<TP>> source,
-        bool condition,
-        Func<IIncludableQueryable<T, IEnumerable<TP>>, IQueryable<T>> transform
-    )
-        where T : class
-    {
-        return condition ? transform(source) : source;
-    }
-}

DysonNetwork.Drive/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
@@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 USER $APP_UID
 
 # Stage 2: Build .NET application
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["DysonNetwork.Drive/DysonNetwork.Drive.csproj", "DysonNetwork.Drive/"]

DysonNetwork.Drive/DysonNetwork.Drive.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net9.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
@@ -12,22 +12,18 @@
         <PackageReference Include="BlurHashSharp.SkiaSharp" Version="1.3.4" />
         <PackageReference Include="FFMpegCore" Version="5.4.0" />
         <PackageReference Include="Grpc.AspNetCore.Server" Version="2.71.0" />
-        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" />
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.10">
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11">
-          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
           <PrivateAssets>all</PrivateAssets>
+          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="MimeKit" Version="4.14.0" />
         <PackageReference Include="MimeTypes" Version="2.5.2">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="Minio" Version="6.0.5" />
+        <PackageReference Include="Minio" Version="7.0.0" />
         <PackageReference Include="Nanoid" Version="3.1.0" />
-        <PackageReference Include="Nerdbank.GitVersioning" Version="3.8.118">
-          <PrivateAssets>all</PrivateAssets>
-          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-        </PackageReference>
         <PackageReference Include="NetVips" Version="3.1.0" />
         <PackageReference Include="NetVips.Native.linux-x64" Version="8.17.3" />
         <PackageReference Include="NetVips.Native.osx-arm64" Version="8.17.3" />
@@ -35,26 +31,14 @@
         <PackageReference Include="NodaTime.Serialization.JsonNet" Version="3.2.0" />
         <PackageReference Include="NodaTime.Serialization.Protobuf" Version="2.0.2" />
         <PackageReference Include="NodaTime.Serialization.SystemTextJson" Version="1.3.0" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.Design" Version="1.1.0" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.NodaTime" Version="9.0.4" />
-        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.13.1" />
-        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.13.1" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.13.0" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.13.0" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.13.0" />
         <PackageReference Include="Quartz" Version="3.15.1" />
         <PackageReference Include="Quartz.AspNetCore" Version="3.15.1" />
         <PackageReference Include="Quartz.Extensions.Hosting" Version="3.15.1" />
-        <PackageReference Include="EFCore.BulkExtensions" Version="9.0.2" />
         <PackageReference Include="EFCore.BulkExtensions.PostgreSql" Version="9.0.2" />
-        <PackageReference Include="EFCore.NamingConventions" Version="9.0.0" />
         <!-- Pin the SkiaSharp version at the 2.88.9 due to the BlurHash need this specific version -->
         <PackageReference Include="SkiaSharp" Version="2.88.9" />
         <PackageReference Include="SkiaSharp.NativeAssets.Linux" Version="2.88.9" />
         <PackageReference Include="SkiaSharp.NativeAssets.Linux.NoDependencies" Version="2.88.9" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.6" />
-        <PackageReference Include="Swashbuckle.AspNetCore.SwaggerUI" Version="9.0.6" />
     </ItemGroup>
 
     <ItemGroup>

DysonNetwork.Drive/Index/FileIndexController.cs

@@ -0,0 +1,585 @@
+using System.ComponentModel.DataAnnotations;
+using DysonNetwork.Drive.Storage;
+using DysonNetwork.Shared.Auth;
+using DysonNetwork.Shared.Http;
+using DysonNetwork.Shared.Models;
+using DysonNetwork.Shared.Proto;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Drive.Index;
+
+[ApiController]
+[Route("/api/index")]
+[Authorize]
+public class FileIndexController(
+    FileIndexService fileIndexService,
+    AppDatabase db,
+    ILogger<FileIndexController> logger
+) : ControllerBase
+{
+    /// <summary>
+    /// Gets files in a specific path for the current user
+    /// </summary>
+    /// <param name="path">The path to browse (defaults to root "/")</param>
+    /// <param name="query">Optional query to filter files by name</param>
+    /// <param name="order">The field to order by (date, size, name - defaults to date)</param>
+    /// <param name="orderDesc">Whether to order in descending order (defaults to true)</param>
+    /// <returns>List of files in the specified path</returns>
+    [HttpGet("browse")]
+    public async Task<IActionResult> BrowseFiles(
+        [FromQuery] string path = "/",
+        [FromQuery] string? query = null,
+        [FromQuery] string order = "date",
+        [FromQuery] bool orderDesc = true
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            var fileIndexes = await fileIndexService.GetByPathAsync(accountId, path);
+
+            if (!string.IsNullOrWhiteSpace(query))
+            {
+                fileIndexes = fileIndexes
+                    .Where(fi => fi.File.Name.Contains(query, StringComparison.OrdinalIgnoreCase))
+                    .ToList();
+            }
+
+            // Apply sorting
+            fileIndexes = order.ToLower() switch
+            {
+                "name" => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.Name).ToList()
+                                   : fileIndexes.OrderBy(fi => fi.File.Name).ToList(),
+                "size" => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.Size).ToList()
+                                   : fileIndexes.OrderBy(fi => fi.File.Size).ToList(),
+                _ => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.CreatedAt).ToList()
+                              : fileIndexes.OrderBy(fi => fi.File.CreatedAt).ToList()
+            };
+
+            // Get all file indexes for this account to extract child folders
+            var allFileIndexes = await fileIndexService.GetByAccountIdAsync(accountId);
+
+            // Extract unique child folder paths
+            var childFolders = ExtractChildFolders(allFileIndexes, path);
+
+            return Ok(new
+            {
+                Path = path,
+                Files = fileIndexes,
+                Folders = childFolders,
+                TotalCount = fileIndexes.Count
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to browse files for account {AccountId} at path {Path}", accountId, path);
+            return new ObjectResult(new ApiError
+            {
+                Code = "BROWSE_FAILED",
+                Message = "Failed to browse files",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Extracts unique child folder paths from all file indexes for a given parent path
+    /// </summary>
+    /// <param name="allFileIndexes">All file indexes for the account</param>
+    /// <param name="parentPath">The parent path to find children for</param>
+    /// <returns>List of unique child folder names</returns>
+    private List<string> ExtractChildFolders(List<SnCloudFileIndex> allFileIndexes, string parentPath)
+    {
+        var normalizedParentPath = FileIndexService.NormalizePath(parentPath);
+        var childFolders = new HashSet<string>();
+
+        foreach (var index in allFileIndexes)
+        {
+            var normalizedIndexPath = FileIndexService.NormalizePath(index.Path);
+
+            // Check if this path is a direct child of the parent path
+            if (normalizedIndexPath.StartsWith(normalizedParentPath) &&
+                normalizedIndexPath != normalizedParentPath)
+            {
+                // Remove the parent path prefix to get the relative path
+                var relativePath = normalizedIndexPath.Substring(normalizedParentPath.Length);
+
+                // Extract the first folder name (direct child)
+                var firstSlashIndex = relativePath.IndexOf('/');
+                if (firstSlashIndex > 0)
+                {
+                    var folderName = relativePath.Substring(0, firstSlashIndex);
+                    childFolders.Add(folderName);
+                }
+            }
+        }
+
+        return childFolders.OrderBy(f => f).ToList();
+    }
+
+    /// <summary>
+    /// Gets all files for the current user (across all paths)
+    /// </summary>
+    /// <param name="query">Optional query to filter files by name</param>
+    /// <param name="order">The field to order by (date, size, name - defaults to date)</param>
+    /// <param name="orderDesc">Whether to order in descending order (defaults to true)</param>
+    /// <returns>List of all files for the user</returns>
+    [HttpGet("all")]
+    public async Task<IActionResult> GetAllFiles(
+        [FromQuery] string? query = null,
+        [FromQuery] string order = "date",
+        [FromQuery] bool orderDesc = true
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            var fileIndexes = await fileIndexService.GetByAccountIdAsync(accountId);
+
+            if (!string.IsNullOrWhiteSpace(query))
+            {
+                fileIndexes = fileIndexes
+                    .Where(fi => fi.File.Name.Contains(query, StringComparison.OrdinalIgnoreCase))
+                    .ToList();
+            }
+
+            // Apply sorting
+            fileIndexes = order.ToLower() switch
+            {
+                "name" => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.Name).ToList()
+                                   : fileIndexes.OrderBy(fi => fi.File.Name).ToList(),
+                "size" => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.Size).ToList()
+                                   : fileIndexes.OrderBy(fi => fi.File.Size).ToList(),
+                _ => orderDesc ? fileIndexes.OrderByDescending(fi => fi.File.CreatedAt).ToList()
+                              : fileIndexes.OrderBy(fi => fi.File.CreatedAt).ToList()
+            };
+
+            return Ok(new
+            {
+                Files = fileIndexes,
+                TotalCount = fileIndexes.Count()
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to get all files for account {AccountId}", accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "GET_ALL_FAILED",
+                Message = "Failed to get files",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Gets files that have not been indexed for the current user.
+    /// </summary>
+    /// <param name="recycled">Shows recycled files or not</param>
+    /// <param name="offset">The number of files to skip</param>
+    /// <param name="take">The number of files to return</param>
+    /// <param name="pool">The pool ID of those files</param>
+    /// <param name="query">Optional query to filter files by name</param>
+    /// <param name="order">The field to order by (date, size, name - defaults to date)</param>
+    /// <param name="orderDesc">Whether to order in descending order (defaults to true)</param>
+    /// <returns>List of unindexed files</returns>
+    [HttpGet("unindexed")]
+    public async Task<IActionResult> GetUnindexedFiles(
+        [FromQuery] Guid? pool,
+        [FromQuery] bool recycled = false,
+        [FromQuery] int offset = 0,
+        [FromQuery] int take = 20,
+        [FromQuery] string? query = null,
+        [FromQuery] string order = "date",
+        [FromQuery] bool orderDesc = true
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            var filesQuery = db.Files
+                .Where(f => f.AccountId == accountId
+                            && f.IsMarkedRecycle == recycled
+                            && !db.FileIndexes.Any(fi => fi.FileId == f.Id && fi.AccountId == accountId)
+                )
+                .AsQueryable();
+
+            // Apply sorting
+            filesQuery = order.ToLower() switch
+            {
+                "name" => orderDesc ? filesQuery.OrderByDescending(f => f.Name)
+                                   : filesQuery.OrderBy(f => f.Name),
+                "size" => orderDesc ? filesQuery.OrderByDescending(f => f.Size)
+                                   : filesQuery.OrderBy(f => f.Size),
+                _ => orderDesc ? filesQuery.OrderByDescending(f => f.CreatedAt)
+                              : filesQuery.OrderBy(f => f.CreatedAt)
+            };
+
+            if (pool.HasValue) filesQuery = filesQuery.Where(f => f.PoolId == pool);
+
+            if (!string.IsNullOrWhiteSpace(query))
+            {
+                filesQuery = filesQuery.Where(f => f.Name.Contains(query));
+            }
+
+            var totalCount = await filesQuery.CountAsync();
+
+            Response.Headers.Append("X-Total", totalCount.ToString());
+
+            var unindexedFiles = await filesQuery
+                .Skip(offset)
+                .Take(take)
+                .ToListAsync();
+
+            return Ok(unindexedFiles);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to get unindexed files for account {AccountId}", accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "GET_UNINDEXED_FAILED",
+                Message = "Failed to get unindexed files",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Moves a file to a new path
+    /// </summary>
+    /// <param name="indexId">The file index ID</param>
+    /// <param name="newPath">The new path</param>
+    /// <returns>The updated file index</returns>
+    [HttpPost("move/{indexId}")]
+    public async Task<IActionResult> MoveFile(Guid indexId, [FromBody] MoveFileRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            // Verify ownership
+            var existingIndex = await db.FileIndexes
+                .Include(fi => fi.File)
+                .FirstOrDefaultAsync(fi => fi.Id == indexId && fi.AccountId == accountId);
+
+            if (existingIndex == null)
+                return new ObjectResult(ApiError.NotFound("File index")) { StatusCode = 404 };
+
+            var updatedIndex = await fileIndexService.UpdateAsync(indexId, request.NewPath);
+
+            if (updatedIndex == null)
+                return new ObjectResult(ApiError.NotFound("File index")) { StatusCode = 404 };
+
+            return Ok(new
+            {
+                updatedIndex.FileId,
+                IndexId = updatedIndex.Id,
+                OldPath = existingIndex.Path,
+                NewPath = updatedIndex.Path,
+                Message = "File moved successfully"
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to move file index {IndexId} for account {AccountId}", indexId, accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "MOVE_FAILED",
+                Message = "Failed to move file",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Removes a file index (does not delete the actual file by default)
+    /// </summary>
+    /// <param name="indexId">The file index ID</param>
+    /// <param name="deleteFile">Whether to also delete the actual file data</param>
+    /// <returns>Success message</returns>
+    [HttpDelete("remove/{indexId}")]
+    public async Task<IActionResult> RemoveFileIndex(Guid indexId, [FromQuery] bool deleteFile = false)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            // Verify ownership
+            var existingIndex = await db.FileIndexes
+                .Include(fi => fi.File)
+                .FirstOrDefaultAsync(fi => fi.Id == indexId && fi.AccountId == accountId);
+
+            if (existingIndex == null)
+                return new ObjectResult(ApiError.NotFound("File index")) { StatusCode = 404 };
+
+            var fileId = existingIndex.FileId;
+            var fileName = existingIndex.File.Name;
+            var filePath = existingIndex.Path;
+
+            // Remove the index
+            var removed = await fileIndexService.RemoveAsync(indexId);
+
+            if (!removed)
+                return new ObjectResult(ApiError.NotFound("File index")) { StatusCode = 404 };
+
+            // Optionally delete the actual file
+            if (!deleteFile)
+                return Ok(new
+                {
+                    Message = deleteFile
+                        ? "File index and file data removed successfully"
+                        : "File index removed successfully",
+                    FileId = fileId,
+                    FileName = fileName,
+                    Path = filePath,
+                    FileDataDeleted = deleteFile
+                });
+            try
+            {
+                // Check if there are any other indexes for this file
+                var remainingIndexes = await fileIndexService.GetByFileIdAsync(fileId);
+                if (remainingIndexes.Count == 0)
+                {
+                    // No other indexes exist, safe to delete the file
+                    var file = await db.Files.FirstOrDefaultAsync(f => f.Id == fileId.ToString());
+                    if (file != null)
+                    {
+                        db.Files.Remove(file);
+                        await db.SaveChangesAsync();
+                        logger.LogInformation("Deleted file {FileId} ({FileName}) as requested", fileId, fileName);
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                logger.LogWarning(ex, "Failed to delete file {FileId} while removing index", fileId);
+                // Continue even if file deletion fails
+            }
+
+            return Ok(new
+            {
+                Message = deleteFile
+                    ? "File index and file data removed successfully"
+                    : "File index removed successfully",
+                FileId = fileId,
+                FileName = fileName,
+                Path = filePath,
+                FileDataDeleted = deleteFile
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to remove file index {IndexId} for account {AccountId}", indexId, accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "REMOVE_FAILED",
+                Message = "Failed to remove file",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Removes all file indexes in a specific path
+    /// </summary>
+    /// <param name="path">The path to clear</param>
+    /// <param name="deleteFiles">Whether to also delete the actual file data</param>
+    /// <returns>Success message with count of removed items</returns>
+    [HttpDelete("clear-path")]
+    public async Task<IActionResult> ClearPath([FromQuery] string path = "/", [FromQuery] bool deleteFiles = false)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            var removedCount = await fileIndexService.RemoveByPathAsync(accountId, path);
+
+            if (!deleteFiles || removedCount <= 0)
+                return Ok(new
+                {
+                    Message = deleteFiles
+                        ? $"Cleared {removedCount} file indexes from path and deleted orphaned files"
+                        : $"Cleared {removedCount} file indexes from path",
+                    Path = path,
+                    RemovedCount = removedCount,
+                    FilesDeleted = deleteFiles
+                });
+            // Get the files that were in this path and check if they have other indexes
+            var filesInPath = await fileIndexService.GetByPathAsync(accountId, path);
+            var fileIdsToCheck = filesInPath.Select(fi => fi.FileId).Distinct().ToList();
+
+            foreach (var fileId in fileIdsToCheck)
+            {
+                var remainingIndexes = await fileIndexService.GetByFileIdAsync(fileId);
+                if (remainingIndexes.Count != 0) continue;
+                // No other indexes exist, safe to delete the file
+                var file = await db.Files.FirstOrDefaultAsync(f => f.Id == fileId.ToString());
+                if (file == null) continue;
+                db.Files.Remove(file);
+                logger.LogInformation("Deleted orphaned file {FileId} after clearing path {Path}", fileId, path);
+            }
+
+            await db.SaveChangesAsync();
+
+            return Ok(new
+            {
+                Message = deleteFiles
+                    ? $"Cleared {removedCount} file indexes from path and deleted orphaned files"
+                    : $"Cleared {removedCount} file indexes from path",
+                Path = path,
+                RemovedCount = removedCount,
+                FilesDeleted = deleteFiles
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to clear path {Path} for account {AccountId}", path, accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "CLEAR_PATH_FAILED",
+                Message = "Failed to clear path",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Creates a new file index (useful for adding existing files to a path)
+    /// </summary>
+    /// <param name="request">The create index request</param>
+    /// <returns>The created file index</returns>
+    [HttpPost("create")]
+    public async Task<IActionResult> CreateFileIndex([FromBody] CreateFileIndexRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            // Verify the file exists and belongs to the user
+            var file = await db.Files.FirstOrDefaultAsync(f => f.Id == request.FileId);
+            if (file == null)
+                return new ObjectResult(ApiError.NotFound("File")) { StatusCode = 404 };
+
+            if (file.AccountId != accountId)
+                return new ObjectResult(ApiError.Unauthorized(forbidden: true)) { StatusCode = 403 };
+
+            // Check if index already exists for this file and path
+            var existingIndex = await db.FileIndexes
+                .FirstOrDefaultAsync(fi =>
+                    fi.FileId == request.FileId && fi.Path == request.Path && fi.AccountId == accountId);
+
+            if (existingIndex != null)
+                return new ObjectResult(ApiError.Validation(new Dictionary<string, string[]>
+                {
+                    { "fileId", ["File index already exists for this path"] }
+                })) { StatusCode = 400 };
+
+            var fileIndex = await fileIndexService.CreateAsync(request.Path, request.FileId, accountId);
+
+            return Ok(new
+            {
+                IndexId = fileIndex.Id,
+                fileIndex.FileId,
+                fileIndex.Path,
+                Message = "File index created successfully"
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to create file index for file {FileId} at path {Path} for account {AccountId}",
+                request.FileId, request.Path, accountId);
+            return new ObjectResult(new ApiError
+            {
+                Code = "CREATE_INDEX_FAILED",
+                Message = "Failed to create file index",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+
+    /// <summary>
+    /// Searches for files by name or metadata
+    /// </summary>
+    /// <param name="query">The search query</param>
+    /// <param name="path">Optional path to limit search to</param>
+    /// <returns>Matching files</returns>
+    [HttpGet("search")]
+    public async Task<IActionResult> SearchFiles([FromQuery] string query, [FromQuery] string? path = null)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
+
+        var accountId = Guid.Parse(currentUser.Id);
+
+        try
+        {
+            // Build the query with all conditions at once
+            var searchTerm = query.ToLower();
+            var fileIndexes = await db.FileIndexes
+                .Where(fi => fi.AccountId == accountId)
+                .Include(fi => fi.File)
+                .Where(fi =>
+                    (string.IsNullOrEmpty(path) || fi.Path == FileIndexService.NormalizePath(path)) &&
+                    (fi.File.Name.ToLower().Contains(searchTerm) ||
+                     (fi.File.Description != null && fi.File.Description.ToLower().Contains(searchTerm)) ||
+                     (fi.File.MimeType != null && fi.File.MimeType.ToLower().Contains(searchTerm))))
+                .ToListAsync();
+
+            return Ok(new
+            {
+                Query = query,
+                Path = path,
+                Results = fileIndexes,
+                TotalCount = fileIndexes.Count()
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to search files for account {AccountId} with query {Query}", accountId, query);
+            return new ObjectResult(new ApiError
+            {
+                Code = "SEARCH_FAILED",
+                Message = "Failed to search files",
+                Status = 500
+            }) { StatusCode = 500 };
+        }
+    }
+}
+
+public class MoveFileRequest
+{
+    public string NewPath { get; set; } = null!;
+}
+
+public class CreateFileIndexRequest
+{
+    [MaxLength(32)] public string FileId { get; set; } = null!;
+    public string Path { get; set; } = null!;
+}

DysonNetwork.Drive/Index/FileIndexService.cs

@@ -0,0 +1,197 @@
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Drive.Index;
+
+public class FileIndexService(AppDatabase db)
+{
+    /// <summary>
+    /// Creates a new file index entry
+    /// </summary>
+    /// <param name="path">The parent folder path with a trailing slash</param>
+    /// <param name="fileId">The file ID</param>
+    /// <param name="accountId">The account ID</param>
+    /// <returns>The created file index</returns>
+    public async Task<SnCloudFileIndex> CreateAsync(string path, string fileId, Guid accountId)
+    {
+        // Ensure a path has a trailing slash and is query-safe
+        var normalizedPath = NormalizePath(path);
+
+        // Check if a file with the same name already exists in the same path for this account
+        var existingFileIndex = await db.FileIndexes
+            .FirstOrDefaultAsync(fi => fi.AccountId == accountId && fi.Path == normalizedPath && fi.FileId == fileId);
+
+        if (existingFileIndex != null)
+        {
+            throw new InvalidOperationException(
+                $"A file with ID '{fileId}' already exists in path '{normalizedPath}' for account '{accountId}'");
+        }
+
+        var fileIndex = new SnCloudFileIndex
+        {
+            Path = normalizedPath,
+            FileId = fileId,
+            AccountId = accountId
+        };
+
+        db.FileIndexes.Add(fileIndex);
+        await db.SaveChangesAsync();
+
+        return fileIndex;
+    }
+
+    /// <summary>
+    /// Updates an existing file index entry by removing the old one and creating a new one
+    /// </summary>
+    /// <param name="id">The file index ID</param>
+    /// <param name="newPath">The new parent folder path with trailing slash</param>
+    /// <returns>The updated file index</returns>
+    public async Task<SnCloudFileIndex?> UpdateAsync(Guid id, string newPath)
+    {
+        var fileIndex = await db.FileIndexes.FindAsync(id);
+        if (fileIndex == null)
+            return null;
+
+        // Since properties are init-only, we need to remove the old index and create a new one
+        db.FileIndexes.Remove(fileIndex);
+
+        var newFileIndex = new SnCloudFileIndex
+        {
+            Path = NormalizePath(newPath),
+            FileId = fileIndex.FileId,
+            AccountId = fileIndex.AccountId
+        };
+
+        db.FileIndexes.Add(newFileIndex);
+        await db.SaveChangesAsync();
+
+        return newFileIndex;
+    }
+
+    /// <summary>
+    /// Removes a file index entry by ID
+    /// </summary>
+    /// <param name="id">The file index ID</param>
+    /// <returns>True if the index was found and removed, false otherwise</returns>
+    public async Task<bool> RemoveAsync(Guid id)
+    {
+        var fileIndex = await db.FileIndexes.FindAsync(id);
+        if (fileIndex == null)
+            return false;
+
+        db.FileIndexes.Remove(fileIndex);
+        await db.SaveChangesAsync();
+
+        return true;
+    }
+
+    /// <summary>
+    /// Removes file index entries by file ID
+    /// </summary>
+    /// <param name="fileId">The file ID</param>
+    /// <returns>The number of indexes removed</returns>
+    public async Task<int> RemoveByFileIdAsync(string fileId)
+    {
+        var indexes = await db.FileIndexes
+            .Where(fi => fi.FileId == fileId)
+            .ToListAsync();
+
+        if (indexes.Count == 0)
+            return 0;
+
+        db.FileIndexes.RemoveRange(indexes);
+        await db.SaveChangesAsync();
+
+        return indexes.Count;
+    }
+
+    /// <summary>
+    /// Removes file index entries by account ID and path
+    /// </summary>
+    /// <param name="accountId">The account ID</param>
+    /// <param name="path">The parent folder path</param>
+    /// <returns>The number of indexes removed</returns>
+    public async Task<int> RemoveByPathAsync(Guid accountId, string path)
+    {
+        var normalizedPath = NormalizePath(path);
+
+        var indexes = await db.FileIndexes
+            .Where(fi => fi.AccountId == accountId && fi.Path == normalizedPath)
+            .ToListAsync();
+
+        if (!indexes.Any())
+            return 0;
+
+        db.FileIndexes.RemoveRange(indexes);
+        await db.SaveChangesAsync();
+
+        return indexes.Count;
+    }
+
+    /// <summary>
+    /// Gets file indexes by account ID and path
+    /// </summary>
+    /// <param name="accountId">The account ID</param>
+    /// <param name="path">The parent folder path</param>
+    /// <returns>List of file indexes</returns>
+    public async Task<List<SnCloudFileIndex>> GetByPathAsync(Guid accountId, string path)
+    {
+        var normalizedPath = NormalizePath(path);
+
+        return await db.FileIndexes
+            .Where(fi => fi.AccountId == accountId && fi.Path == normalizedPath)
+            .Include(fi => fi.File)
+            .ToListAsync();
+    }
+
+    /// <summary>
+    /// Gets file indexes by file ID
+    /// </summary>
+    /// <param name="fileId">The file ID</param>
+    /// <returns>List of file indexes</returns>
+    public async Task<List<SnCloudFileIndex>> GetByFileIdAsync(string fileId)
+    {
+        return await db.FileIndexes
+            .Where(fi => fi.FileId == fileId)
+            .Include(fi => fi.File)
+            .ToListAsync();
+    }
+
+    /// <summary>
+    /// Gets all file indexes for an account
+    /// </summary>
+    /// <param name="accountId">The account ID</param>
+    /// <returns>List of file indexes</returns>
+    public async Task<List<SnCloudFileIndex>> GetByAccountIdAsync(Guid accountId)
+    {
+        return await db.FileIndexes
+            .Where(fi => fi.AccountId == accountId)
+            .Include(fi => fi.File)
+            .ToListAsync();
+    }
+
+    /// <summary>
+    /// Normalizes the path to ensure it has a trailing slash and is query-safe
+    /// </summary>
+    /// <param name="path">The original path</param>
+    /// <returns>The normalized path</returns>
+    public static string NormalizePath(string path)
+    {
+        if (string.IsNullOrEmpty(path))
+            return "/";
+
+        // Ensure the path starts with a slash
+        if (!path.StartsWith('/'))
+            path = "/" + path;
+
+        // Ensure the path ends with a slash (unless it's just the root)
+        if (path != "/" && !path.EndsWith('/'))
+            path += "/";
+
+        // Make path query-safe by removing problematic characters
+        // This is a basic implementation - you might want to add more robust validation
+        path = path.Replace("%", "").Replace("'", "").Replace("\"", "");
+
+        return path;
+    }
+}

DysonNetwork.Drive/Index/README.md

@@ -0,0 +1,341 @@
+# File Indexing System Documentation
+
+## Overview
+
+The File Indexing System provides a hierarchical file organization layer on top of the existing file storage system in DysonNetwork Drive. It allows users to organize their files in folders and paths while maintaining the underlying file storage capabilities.
+
+When using with the gateway, replace the `/api` with the `/drive` in the path.
+And all the arguments will be transformed into snake case via the gateway.
+
+## Architecture
+
+### Core Components
+
+1. **SnCloudFileIndex Model** - Represents the file-to-path mapping
+2. **FileIndexService** - Business logic for file index operations
+3. **FileIndexController** - REST API endpoints for file management
+4. **FileUploadController Integration** - Automatic index creation during upload
+
+### Database Schema
+
+```sql
+-- File Indexes table
+CREATE TABLE "FileIndexes" (
+    "Id" uuid NOT NULL DEFAULT gen_random_uuid(),
+    "Path" character varying(8192) NOT NULL,
+    "FileId" uuid NOT NULL,
+    "AccountId" uuid NOT NULL,
+    "CreatedAt" timestamp with time zone NOT NULL DEFAULT (now() at time zone 'utc'),
+    "UpdatedAt" timestamp with time zone NOT NULL DEFAULT (now() at time zone 'utc'),
+    CONSTRAINT "PK_FileIndexes" PRIMARY KEY ("Id"),
+    CONSTRAINT "FK_FileIndexes_Files_FileId" FOREIGN KEY ("FileId") REFERENCES "Files" ("Id") ON DELETE CASCADE,
+    INDEX "IX_FileIndexes_Path_AccountId" ("Path", "AccountId")
+);
+```
+
+## API Endpoints
+
+### Browse Files
+**GET** `/api/index/browse?path=/documents/`
+
+Browse files in a specific path.
+
+**Query Parameters:**
+- `path` (optional, default: "/") - The path to browse
+
+**Response:**
+```json
+{
+  "path": "/documents/",
+  "files": [
+    {
+      "id": "guid",
+      "path": "/documents/",
+      "fileId": "guid",
+      "accountId": "guid",
+      "createdAt": "2024-01-01T00:00:00Z",
+      "updatedAt": "2024-01-01T00:00:00Z",
+      "file": {
+        "id": "string",
+        "name": "document.pdf",
+        "size": 1024,
+        "mimeType": "application/pdf",
+        "hash": "sha256-hash",
+        "uploadedAt": "2024-01-01T00:00:00Z",
+        "expiredAt": null,
+        "hasCompression": false,
+        "hasThumbnail": true,
+        "isEncrypted": false,
+        "description": null
+      }
+    }
+  ],
+  "totalCount": 1
+}
+```
+
+### Get All Files
+**GET** `/api/index/all`
+
+Get all files for the current user across all paths.
+
+**Response:**
+```json
+{
+  "files": [
+    // Same structure as browse endpoint
+  ],
+  "totalCount": 10
+}
+```
+
+### Move File
+**POST** `/api/index/move/{indexId}`
+
+Move a file to a new path.
+
+**Path Parameters:**
+- `indexId` - The file index ID
+
+**Request Body:**
+```json
+{
+  "newPath": "/archived/"
+}
+```
+
+**Response:**
+```json
+{
+  "fileId": "guid",
+  "indexId": "guid",
+  "oldPath": "/documents/",
+  "newPath": "/archived/",
+  "message": "File moved successfully"
+}
+```
+
+### Remove File Index
+**DELETE** `/api/index/remove/{indexId}?deleteFile=false`
+
+Remove a file index. Optionally delete the actual file data.
+
+**Path Parameters:**
+- `indexId` - The file index ID
+
+**Query Parameters:**
+- `deleteFile` (optional, default: false) - Whether to also delete the file data
+
+**Response:**
+```json
+{
+  "message": "File index removed successfully",
+  "fileId": "guid",
+  "fileName": "document.pdf",
+  "path": "/documents/",
+  "fileDataDeleted": false
+}
+```
+
+### Clear Path
+**DELETE** `/api/index/clear-path?path=/temp/&deleteFiles=false`
+
+Remove all file indexes in a specific path.
+
+**Query Parameters:**
+- `path` (optional, default: "/") - The path to clear
+- `deleteFiles` (optional, default: false) - Whether to also delete orphaned files
+
+**Response:**
+```json
+{
+  "message": "Cleared 5 file indexes from path",
+  "path": "/temp/",
+  "removedCount": 5,
+  "filesDeleted": false
+}
+```
+
+### Create File Index
+**POST** `/api/index/create`
+
+Create a new file index for an existing file.
+
+**Request Body:**
+```json
+{
+  "fileId": "guid",
+  "path": "/documents/"
+}
+```
+
+**Response:**
+```json
+{
+  "indexId": "guid",
+  "fileId": "guid",
+  "path": "/documents/",
+  "message": "File index created successfully"
+}
+```
+
+### Search Files
+**GET** `/api/index/search?query=report&path=/documents/`
+
+Search for files by name or metadata.
+
+**Query Parameters:**
+- `query` (required) - The search query
+- `path` (optional) - Limit search to specific path
+
+**Response:**
+```json
+{
+  "query": "report",
+  "path": "/documents/",
+  "results": [
+    // Same structure as browse endpoint
+  ],
+  "totalCount": 3
+}
+```
+
+## Path Normalization
+
+The system automatically normalizes paths to ensure consistency:
+
+- **Trailing Slash**: All paths end with `/`
+- **Root Path**: User home folder is represented as `/`
+- **Query Safety**: Paths are validated to avoid SQL injection
+- **Examples**:
+  - `/documents/` ✅ (correct)
+  - `/documents` → `/documents/` ✅ (normalized)
+  - `/documents/reports/` ✅ (correct)
+  - `/documents/reports` → `/documents/reports/` ✅ (normalized)
+
+## File Upload Integration
+
+When uploading files with the `FileUploadController`, you can specify a path to automatically create file indexes:
+
+**Create Upload Task Request:**
+```json
+{
+  "fileName": "document.pdf",
+  "fileSize": 1024,
+  "contentType": "application/pdf",
+  "hash": "sha256-hash",
+  "path": "/documents/"  // New field for file indexing
+}
+```
+
+The system will automatically create a file index when the upload completes successfully.
+
+## Service Methods
+
+### FileIndexService
+
+```csharp
+public class FileIndexService
+{
+    // Create a new file index
+    Task<SnCloudFileIndex> CreateAsync(string path, Guid fileId, Guid accountId);
+    
+    // Get files by path
+    Task<List<SnCloudFileIndex>> GetByPathAsync(Guid accountId, string path);
+    
+    // Get all files for account
+    Task<List<SnCloudFileIndex>> GetByAccountIdAsync(Guid accountId);
+    
+    // Get indexes for specific file
+    Task<List<SnCloudFileIndex>> GetByFileIdAsync(Guid fileId);
+    
+    // Move file to new path
+    Task<SnCloudFileIndex?> UpdateAsync(Guid indexId, string newPath);
+    
+    // Remove file index
+    Task<bool> RemoveAsync(Guid indexId);
+    
+    // Remove all indexes in path
+    Task<int> RemoveByPathAsync(Guid accountId, string path);
+    
+    // Normalize path format
+    public static string NormalizePath(string path);
+}
+```
+
+## Error Handling
+
+The API returns appropriate HTTP status codes and error messages:
+
+- **400 Bad Request**: Invalid input parameters
+- **401 Unauthorized**: User not authenticated
+- **403 Forbidden**: User lacks permission
+- **404 Not Found**: Resource not found
+- **500 Internal Server Error**: Server-side error
+
+**Error Response Format:**
+```json
+{
+  "code": "BROWSE_FAILED",
+  "message": "Failed to browse files",
+  "status": 500
+}
+```
+
+## Security Considerations
+
+1. **Ownership Verification**: All operations verify that the user owns the file indexes
+2. **Path Validation**: Paths are normalized and validated
+3. **Cascade Deletion**: File indexes are automatically removed when files are deleted
+4. **Safe File Deletion**: Files are only deleted when no other indexes reference them
+
+## Usage Examples
+
+### Upload File to Specific Path
+```bash
+# Create upload task with path
+curl -X POST /api/files/upload/create \
+  -H "Authorization: Bearer {token}" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "fileName": "report.pdf",
+    "fileSize": 2048,
+    "contentType": "application/pdf",
+    "path": "/documents/reports/"
+  }'
+```
+
+### Browse Files
+```bash
+curl -X GET "/api/index/browse?path=/documents/reports/" \
+  -H "Authorization: Bearer {token}"
+```
+
+### Move File
+```bash
+curl -X POST "/api/index/move/{indexId}" \
+  -H "Authorization: Bearer {token}" \
+  -H "Content-Type: application/json" \
+  -d '{"newPath": "/archived/"}'
+```
+
+### Search Files
+```bash
+curl -X GET "/api/index/search?query=invoice&path=/documents/" \
+  -H "Authorization: Bearer {token}"
+```
+
+## Best Practices
+
+1. **Use Trailing Slashes**: Always include trailing slashes in paths
+2. **Organize Hierarchically**: Use meaningful folder structures
+3. **Search Efficiently**: Use the search endpoint instead of client-side filtering
+4. **Clean Up**: Use the clear-path endpoint for temporary directories
+5. **Monitor Usage**: Check total file counts for quota management
+
+## Integration Notes
+
+- The file indexing system works alongside the existing file storage
+- Files can exist in multiple paths (hard links)
+- File deletion is optional and only removes data when safe
+- The system maintains referential integrity between files and indexes

DysonNetwork.Drive/Migrations/20251112135535_AddFileIndex.Designer.cs

@@ -0,0 +1,632 @@
+// <auto-generated />
+using System;
+using System.Collections.Generic;
+using DysonNetwork.Drive;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace DysonNetwork.Drive.Migrations
+{
+    [DbContext(typeof(AppDatabase))]
+    [Migration("20251112135535_AddFileIndex")]
+    partial class AddFileIndex
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.10")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("DysonNetwork.Drive.Billing.QuotaRecord", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("Description")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("description");
+
+                    b.Property<Instant?>("ExpiredAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_at");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("name");
+
+                    b.Property<long>("Quota")
+                        .HasColumnType("bigint")
+                        .HasColumnName("quota");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_quota_records");
+
+                    b.ToTable("quota_records", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Drive.Storage.Model.PersistentTask", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant?>("CompletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("completed_at");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("Description")
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("description");
+
+                    b.Property<string>("Discriminator")
+                        .IsRequired()
+                        .HasMaxLength(21)
+                        .HasColumnType("character varying(21)")
+                        .HasColumnName("discriminator");
+
+                    b.Property<string>("ErrorMessage")
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("error_message");
+
+                    b.Property<long?>("EstimatedDurationSeconds")
+                        .HasColumnType("bigint")
+                        .HasColumnName("estimated_duration_seconds");
+
+                    b.Property<Instant?>("ExpiredAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_at");
+
+                    b.Property<Instant>("LastActivity")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("last_activity");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("name");
+
+                    b.Property<Dictionary<string, object>>("Parameters")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parameters");
+
+                    b.Property<int>("Priority")
+                        .HasColumnType("integer")
+                        .HasColumnName("priority");
+
+                    b.Property<double>("Progress")
+                        .HasColumnType("double precision")
+                        .HasColumnName("progress");
+
+                    b.Property<Dictionary<string, object>>("Results")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("results");
+
+                    b.Property<Instant?>("StartedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("started_at");
+
+                    b.Property<int>("Status")
+                        .HasColumnType("integer")
+                        .HasColumnName("status");
+
+                    b.Property<string>("TaskId")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("character varying(64)")
+                        .HasColumnName("task_id");
+
+                    b.Property<int>("Type")
+                        .HasColumnType("integer")
+                        .HasColumnName("type");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_tasks");
+
+                    b.ToTable("tasks", (string)null);
+
+                    b.HasDiscriminator().HasValue("PersistentTask");
+
+                    b.UseTphMappingStrategy();
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.CloudFileReference", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<Instant?>("ExpiredAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_at");
+
+                    b.Property<string>("FileId")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("character varying(32)")
+                        .HasColumnName("file_id");
+
+                    b.Property<string>("ResourceId")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("resource_id");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.Property<string>("Usage")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("usage");
+
+                    b.HasKey("Id")
+                        .HasName("pk_file_references");
+
+                    b.HasIndex("FileId")
+                        .HasDatabaseName("ix_file_references_file_id");
+
+                    b.ToTable("file_references", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.FilePool", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid?>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<BillingConfig>("BillingConfig")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("billing_config");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("Description")
+                        .IsRequired()
+                        .HasMaxLength(8192)
+                        .HasColumnType("character varying(8192)")
+                        .HasColumnName("description");
+
+                    b.Property<bool>("IsHidden")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_hidden");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("name");
+
+                    b.Property<PolicyConfig>("PolicyConfig")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("policy_config");
+
+                    b.Property<RemoteStorageConfig>("StorageConfig")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("storage_config");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_pools");
+
+                    b.ToTable("pools", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFile", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasMaxLength(32)
+                        .HasColumnType("character varying(32)")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Guid?>("BundleId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("bundle_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("Description")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("description");
+
+                    b.Property<Instant?>("ExpiredAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_at");
+
+                    b.Property<Dictionary<string, object>>("FileMeta")
+                        .HasColumnType("jsonb")
+                        .HasColumnName("file_meta");
+
+                    b.Property<bool>("HasCompression")
+                        .HasColumnType("boolean")
+                        .HasColumnName("has_compression");
+
+                    b.Property<bool>("HasThumbnail")
+                        .HasColumnType("boolean")
+                        .HasColumnName("has_thumbnail");
+
+                    b.Property<string>("Hash")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("hash");
+
+                    b.Property<bool>("IsEncrypted")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_encrypted");
+
+                    b.Property<bool>("IsMarkedRecycle")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_marked_recycle");
+
+                    b.Property<string>("MimeType")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("mime_type");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("name");
+
+                    b.Property<Guid?>("PoolId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("pool_id");
+
+                    b.Property<List<ContentSensitiveMark>>("SensitiveMarks")
+                        .HasColumnType("jsonb")
+                        .HasColumnName("sensitive_marks");
+
+                    b.Property<long>("Size")
+                        .HasColumnType("bigint")
+                        .HasColumnName("size");
+
+                    b.Property<string>("StorageId")
+                        .HasMaxLength(32)
+                        .HasColumnType("character varying(32)")
+                        .HasColumnName("storage_id");
+
+                    b.Property<string>("StorageUrl")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("storage_url");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.Property<Instant?>("UploadedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("uploaded_at");
+
+                    b.Property<Dictionary<string, object>>("UserMeta")
+                        .HasColumnType("jsonb")
+                        .HasColumnName("user_meta");
+
+                    b.HasKey("Id")
+                        .HasName("pk_files");
+
+                    b.HasIndex("BundleId")
+                        .HasDatabaseName("ix_files_bundle_id");
+
+                    b.HasIndex("PoolId")
+                        .HasDatabaseName("ix_files_pool_id");
+
+                    b.ToTable("files", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileIndex", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("FileId")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("character varying(32)")
+                        .HasColumnName("file_id");
+
+                    b.Property<string>("Path")
+                        .IsRequired()
+                        .HasMaxLength(8192)
+                        .HasColumnType("character varying(8192)")
+                        .HasColumnName("path");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_file_indexes");
+
+                    b.HasIndex("FileId")
+                        .HasDatabaseName("ix_file_indexes_file_id");
+
+                    b.HasIndex("Path", "AccountId")
+                        .HasDatabaseName("ix_file_indexes_path_account_id");
+
+                    b.ToTable("file_indexes", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnFileBundle", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("Description")
+                        .HasMaxLength(8192)
+                        .HasColumnType("character varying(8192)")
+                        .HasColumnName("description");
+
+                    b.Property<Instant?>("ExpiredAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_at");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("name");
+
+                    b.Property<string>("Passcode")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("passcode");
+
+                    b.Property<string>("Slug")
+                        .IsRequired()
+                        .HasMaxLength(1024)
+                        .HasColumnType("character varying(1024)")
+                        .HasColumnName("slug");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_bundles");
+
+                    b.HasIndex("Slug")
+                        .IsUnique()
+                        .HasDatabaseName("ix_bundles_slug");
+
+                    b.ToTable("bundles", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Drive.Storage.Model.PersistentUploadTask", b =>
+                {
+                    b.HasBaseType("DysonNetwork.Drive.Storage.Model.PersistentTask");
+
+                    b.Property<Guid?>("BundleId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("bundle_id");
+
+                    b.Property<long>("ChunkSize")
+                        .HasColumnType("bigint")
+                        .HasColumnName("chunk_size");
+
+                    b.Property<int>("ChunksCount")
+                        .HasColumnType("integer")
+                        .HasColumnName("chunks_count");
+
+                    b.Property<int>("ChunksUploaded")
+                        .HasColumnType("integer")
+                        .HasColumnName("chunks_uploaded");
+
+                    b.Property<string>("ContentType")
+                        .IsRequired()
+                        .HasMaxLength(128)
+                        .HasColumnType("character varying(128)")
+                        .HasColumnName("content_type");
+
+                    b.Property<string>("EncryptPassword")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("encrypt_password");
+
+                    b.Property<string>("FileName")
+                        .IsRequired()
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)")
+                        .HasColumnName("file_name");
+
+                    b.Property<long>("FileSize")
+                        .HasColumnType("bigint")
+                        .HasColumnName("file_size");
+
+                    b.Property<string>("Hash")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("hash");
+
+                    b.Property<string>("Path")
+                        .HasColumnType("text")
+                        .HasColumnName("path");
+
+                    b.Property<Guid>("PoolId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("pool_id");
+
+                    b.PrimitiveCollection<List<int>>("UploadedChunks")
+                        .IsRequired()
+                        .HasColumnType("integer[]")
+                        .HasColumnName("uploaded_chunks");
+
+                    b.HasDiscriminator().HasValue("PersistentUploadTask");
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.CloudFileReference", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnCloudFile", "File")
+                        .WithMany("References")
+                        .HasForeignKey("FileId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_file_references_files_file_id");
+
+                    b.Navigation("File");
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFile", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnFileBundle", "Bundle")
+                        .WithMany("Files")
+                        .HasForeignKey("BundleId")
+                        .HasConstraintName("fk_files_bundles_bundle_id");
+
+                    b.HasOne("DysonNetwork.Shared.Models.FilePool", "Pool")
+                        .WithMany()
+                        .HasForeignKey("PoolId")
+                        .HasConstraintName("fk_files_pools_pool_id");
+
+                    b.Navigation("Bundle");
+
+                    b.Navigation("Pool");
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileIndex", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnCloudFile", "File")
+                        .WithMany("FileIndexes")
+                        .HasForeignKey("FileId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_file_indexes_files_file_id");
+
+                    b.Navigation("File");
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFile", b =>
+                {
+                    b.Navigation("FileIndexes");
+
+                    b.Navigation("References");
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnFileBundle", b =>
+                {
+                    b.Navigation("Files");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

DysonNetwork.Drive/Migrations/20251112135535_AddFileIndex.cs

@@ -0,0 +1,66 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+using NodaTime;
+
+#nullable disable
+
+namespace DysonNetwork.Drive.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddFileIndex : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "path",
+                table: "tasks",
+                type: "text",
+                nullable: true);
+
+            migrationBuilder.CreateTable(
+                name: "file_indexes",
+                columns: table => new
+                {
+                    id = table.Column<Guid>(type: "uuid", nullable: false),
+                    path = table.Column<string>(type: "character varying(8192)", maxLength: 8192, nullable: false),
+                    file_id = table.Column<string>(type: "character varying(32)", maxLength: 32, nullable: false),
+                    account_id = table.Column<Guid>(type: "uuid", nullable: false),
+                    created_at = table.Column<Instant>(type: "timestamp with time zone", nullable: false),
+                    updated_at = table.Column<Instant>(type: "timestamp with time zone", nullable: false),
+                    deleted_at = table.Column<Instant>(type: "timestamp with time zone", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("pk_file_indexes", x => x.id);
+                    table.ForeignKey(
+                        name: "fk_file_indexes_files_file_id",
+                        column: x => x.file_id,
+                        principalTable: "files",
+                        principalColumn: "id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "ix_file_indexes_file_id",
+                table: "file_indexes",
+                column: "file_id");
+
+            migrationBuilder.CreateIndex(
+                name: "ix_file_indexes_path_account_id",
+                table: "file_indexes",
+                columns: new[] { "path", "account_id" });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "file_indexes");
+
+            migrationBuilder.DropColumn(
+                name: "path",
+                table: "tasks");
+        }
+    }
+}

DysonNetwork.Drive/Migrations/AppDatabaseModelSnapshot.cs

@@ -179,7 +179,7 @@ namespace DysonNetwork.Drive.Migrations
                     b.UseTphMappingStrategy();
                 });
 
-            modelBuilder.Entity("DysonNetwork.Shared.Models.CloudFileReference", b =>
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileReference", b =>
                 {
                     b.Property<Guid>("Id")
                         .ValueGeneratedOnAdd()
@@ -403,6 +403,53 @@ namespace DysonNetwork.Drive.Migrations
                     b.ToTable("files", (string)null);
                 });
 
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileIndex", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<string>("FileId")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("character varying(32)")
+                        .HasColumnName("file_id");
+
+                    b.Property<string>("Path")
+                        .IsRequired()
+                        .HasMaxLength(8192)
+                        .HasColumnType("character varying(8192)")
+                        .HasColumnName("path");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_file_indexes");
+
+                    b.HasIndex("FileId")
+                        .HasDatabaseName("ix_file_indexes_file_id");
+
+                    b.HasIndex("Path", "AccountId")
+                        .HasDatabaseName("ix_file_indexes_path_account_id");
+
+                    b.ToTable("file_indexes", (string)null);
+                });
+
             modelBuilder.Entity("DysonNetwork.Shared.Models.SnFileBundle", b =>
                 {
                     b.Property<Guid>("Id")
@@ -508,6 +555,10 @@ namespace DysonNetwork.Drive.Migrations
                         .HasColumnType("text")
                         .HasColumnName("hash");
 
+                    b.Property<string>("Path")
+                        .HasColumnType("text")
+                        .HasColumnName("path");
+
                     b.Property<Guid>("PoolId")
                         .HasColumnType("uuid")
                         .HasColumnName("pool_id");
@@ -520,7 +571,7 @@ namespace DysonNetwork.Drive.Migrations
                     b.HasDiscriminator().HasValue("PersistentUploadTask");
                 });
 
-            modelBuilder.Entity("DysonNetwork.Shared.Models.CloudFileReference", b =>
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileReference", b =>
                 {
                     b.HasOne("DysonNetwork.Shared.Models.SnCloudFile", "File")
                         .WithMany("References")
@@ -549,8 +600,22 @@ namespace DysonNetwork.Drive.Migrations
                     b.Navigation("Pool");
                 });
 
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFileIndex", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnCloudFile", "File")
+                        .WithMany("FileIndexes")
+                        .HasForeignKey("FileId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_file_indexes_files_file_id");
+
+                    b.Navigation("File");
+                });
+
             modelBuilder.Entity("DysonNetwork.Shared.Models.SnCloudFile", b =>
                 {
+                    b.Navigation("FileIndexes");
+
                     b.Navigation("References");
                 });
 

DysonNetwork.Drive/Program.cs

@@ -7,7 +7,9 @@ using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
 
-builder.AddServiceDefaults();
+builder.AddServiceDefaults("drive");
+
+builder.Services.Configure<ServiceRegistrationOptions>(opts => { opts.Name = "drive"; });
 
 // Configure Kestrel and server options
 builder.ConfigureAppKestrel(builder.Configuration, maxRequestBodySize: long.MaxValue);
@@ -17,8 +19,6 @@ builder.ConfigureAppKestrel(builder.Configuration, maxRequestBodySize: long.MaxV
 builder.Services.AddAppServices(builder.Configuration);
 builder.Services.AddAppAuthentication();
 builder.Services.AddDysonAuth();
-builder.Services.AddRingService();
-builder.Services.AddAccountService();
 
 builder.Services.AddAppFlushHandlers();
 builder.Services.AddAppBusinessServices();

DysonNetwork.Drive/Startup/BroadcastEventHandler.cs

@@ -1,5 +1,7 @@
 using System.Text.Json;
+using DysonNetwork.Drive.Storage;
 using DysonNetwork.Drive.Storage.Model;
+using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
 using DysonNetwork.Shared.Stream;
 using FFMpegCore;
@@ -29,7 +31,6 @@ public class BroadcastEventHandler(
         [".gif", ".apng", ".avif"];
 
 
-
     protected override async Task ExecuteAsync(CancellationToken stoppingToken)
     {
         var js = nats.CreateJetStreamContext();
@@ -53,7 +54,8 @@ public class BroadcastEventHandler(
     {
         await foreach (var msg in consumer.ConsumeAsync<byte[]>(cancellationToken: stoppingToken))
         {
-            var payload = JsonSerializer.Deserialize<FileUploadedEventPayload>(msg.Data, GrpcTypeHelper.SerializerOptions);
+            var payload =
+                JsonSerializer.Deserialize<FileUploadedEventPayload>(msg.Data, GrpcTypeHelper.SerializerOptions);
             if (payload == null)
             {
                 await msg.AckAsync(cancellationToken: stoppingToken);
@@ -142,6 +144,7 @@ public class BroadcastEventHandler(
         using var scope = serviceProvider.CreateScope();
         var fs = scope.ServiceProvider.GetRequiredService<FileService>();
         var scopedDb = scope.ServiceProvider.GetRequiredService<AppDatabase>();
+        var persistentTaskService = scope.ServiceProvider.GetRequiredService<PersistentTaskService>();
 
         var pool = await fs.GetPoolAsync(remoteId);
         if (pool is null) return;
@@ -155,6 +158,11 @@ public class BroadcastEventHandler(
 
         var fileToUpdate = await scopedDb.Files.AsNoTracking().FirstAsync(f => f.Id == fileId);
 
+        // Find the upload task associated with this file
+        var uploadTask = await scopedDb.Tasks
+            .OfType<PersistentUploadTask>()
+            .FirstOrDefaultAsync(t => t.FileName == fileToUpdate.Name && t.FileSize == fileToUpdate.Size);
+
         if (fileToUpdate.IsEncrypted)
         {
             uploads.Add((processingFilePath, string.Empty, contentType, false));
@@ -293,5 +301,51 @@ public class BroadcastEventHandler(
         }
 
         await fs._PurgeCacheAsync(fileId);
+
+        // Complete the upload task if found
+        if (uploadTask != null)
+        {
+            await persistentTaskService.MarkTaskCompletedAsync(uploadTask.TaskId, new Dictionary<string, object?>
+            {
+                { "FileId", fileId },
+                { "FileName", fileToUpdate.Name },
+                { "FileInfo", fileToUpdate },
+                { "FileSize", fileToUpdate.Size },
+                { "MimeType", newMimeType },
+                { "HasCompression", hasCompression },
+                { "HasThumbnail", hasThumbnail }
+            });
+
+            // Send push notification for large files (>5MB) that took longer to process
+            if (fileToUpdate.Size > 5 * 1024 * 1024) // 5MB threshold
+                await SendLargeFileProcessingCompleteNotificationAsync(uploadTask, fileToUpdate);
+        }
+    }
+
+    private async Task SendLargeFileProcessingCompleteNotificationAsync(PersistentUploadTask task, SnCloudFile file)
+    {
+        try
+        {
+            var ringService = serviceProvider.GetRequiredService<RingService.RingServiceClient>();
+
+            var pushNotification = new PushNotification
+            {
+                Topic = "drive.tasks.upload",
+                Title = "File Processing Complete",
+                Subtitle = file.Name,
+                Body = $"Your file '{file.Name}' has finished processing and is now available.",
+                IsSavable = true
+            };
+
+            await ringService.SendPushNotificationToUserAsync(new SendPushNotificationToUserRequest
+            {
+                UserId = task.AccountId.ToString(),
+                Notification = pushNotification
+            });
+        }
+        catch (Exception ex)
+        {
+            logger.LogWarning(ex, "Failed to send large file processing notification for task {TaskId}", task.TaskId);
+        }
     }
 }

DysonNetwork.Drive/Startup/ServiceCollectionExtensions.cs

@@ -1,5 +1,6 @@
 using System.Text.Json;
 using System.Text.Json.Serialization;
+using DysonNetwork.Drive.Index;
 using DysonNetwork.Shared.Cache;
 using NodaTime;
 using NodaTime.Serialization.SystemTextJson;
@@ -11,9 +12,7 @@ public static class ServiceCollectionExtensions
     public static IServiceCollection AddAppServices(this IServiceCollection services, IConfiguration configuration)
     {
         services.AddDbContext<AppDatabase>(); // Assuming you'll have an AppDatabase
-        services.AddSingleton<IClock>(SystemClock.Instance);
         services.AddHttpContextAccessor();
-        services.AddSingleton<ICacheService, CacheServiceRedis>(); // Uncomment if you have CacheServiceRedis
 
         services.AddHttpClient();
 
@@ -56,6 +55,7 @@ public static class ServiceCollectionExtensions
         services.AddScoped<Storage.FileService>();
         services.AddScoped<Storage.FileReferenceService>();
         services.AddScoped<Storage.PersistentTaskService>();
+        services.AddScoped<FileIndexService>();
         services.AddScoped<Billing.UsageService>();
         services.AddScoped<Billing.QuotaService>();
 

DysonNetwork.Drive/Storage/CloudFileUnusedRecyclingJob.cs

@@ -14,7 +14,7 @@ public class CloudFileUnusedRecyclingJob(
     public async Task Execute(IJobExecutionContext context)
     {
         logger.LogInformation("Cleaning tus cloud files...");
-        var storePath = configuration["Tus:StorePath"];
+        var storePath = configuration["Storage:Uploads"];
         if (Directory.Exists(storePath))
         {
             var oneHourAgo = SystemClock.Instance.GetCurrentInstant() - Duration.FromHours(1);
@@ -39,6 +39,7 @@ public class CloudFileUnusedRecyclingJob(
         var processedCount = 0;
         var markedCount = 0;
         var totalFiles = await db.Files
+            .Where(f => f.FileIndexes.Count == 0)
             .Where(f => f.PoolId.HasValue && recyclablePools.Contains(f.PoolId.Value))
             .Where(f => !f.IsMarkedRecycle)
             .CountAsync();

DysonNetwork.Drive/Storage/FileController.cs

@@ -1,4 +1,3 @@
-using DysonNetwork.Drive.Billing;
 using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
@@ -14,9 +13,9 @@ namespace DysonNetwork.Drive.Storage;
 public class FileController(
     AppDatabase db,
     FileService fs,
-    QuotaService qs,
     IConfiguration configuration,
-    IWebHostEnvironment env
+    IWebHostEnvironment env,
+    FileReferenceService fileReferenceService
 ) : ControllerBase
 {
     [HttpGet("{id}")]
@@ -63,30 +62,31 @@ public class FileController(
         return null;
     }
 
-    private async Task<ActionResult> ServeLocalFile(SnCloudFile file)
+    private Task<ActionResult> ServeLocalFile(SnCloudFile file)
     {
         // Try temp storage first
         var tempFilePath = Path.Combine(Path.GetTempPath(), file.Id);
         if (System.IO.File.Exists(tempFilePath))
         {
             if (file.IsEncrypted)
-                return StatusCode(StatusCodes.Status403Forbidden, "Encrypted files cannot be accessed before they are processed and stored.");
+                return Task.FromResult<ActionResult>(StatusCode(StatusCodes.Status403Forbidden,
+                    "Encrypted files cannot be accessed before they are processed and stored."));
 
-            return PhysicalFile(tempFilePath, file.MimeType ?? "application/octet-stream", file.Name, enableRangeProcessing: true);
+            return Task.FromResult<ActionResult>(PhysicalFile(tempFilePath, file.MimeType ?? "application/octet-stream",
+                file.Name, enableRangeProcessing: true));
         }
 
         // Fallback for tus uploads
-        var tusStorePath = configuration.GetValue<string>("Tus:StorePath");
+        var tusStorePath = configuration.GetValue<string>("Storage:Uploads");
-        if (!string.IsNullOrEmpty(tusStorePath))
+        if (string.IsNullOrEmpty(tusStorePath))
-        {
+            return Task.FromResult<ActionResult>(StatusCode(StatusCodes.Status400BadRequest,
+                "File is being processed. Please try again later."));
         var tusFilePath = Path.Combine(env.ContentRootPath, tusStorePath, file.Id);
-            if (System.IO.File.Exists(tusFilePath))
+        return System.IO.File.Exists(tusFilePath)
-            {
+            ? Task.FromResult<ActionResult>(PhysicalFile(tusFilePath, file.MimeType ?? "application/octet-stream",
-                return PhysicalFile(tusFilePath, file.MimeType ?? "application/octet-stream", file.Name, enableRangeProcessing: true);
+                file.Name, enableRangeProcessing: true))
-            }
+            : Task.FromResult<ActionResult>(StatusCode(StatusCodes.Status400BadRequest,
-        }
+                "File is being processed. Please try again later."));
-
-        return StatusCode(StatusCodes.Status400BadRequest, "File is being processed. Please try again later.");
     }
 
     private async Task<ActionResult> ServeRemoteFile(
@@ -99,7 +99,8 @@ public class FileController(
     )
     {
         if (!file.PoolId.HasValue)
-            return StatusCode(StatusCodes.Status500InternalServerError, "File is in an inconsistent state: uploaded but no pool ID.");
+            return StatusCode(StatusCodes.Status500InternalServerError,
+                "File is in an inconsistent state: uploaded but no pool ID.");
 
         var pool = await fs.GetPoolAsync(file.PoolId.Value);
         if (pool is null)
@@ -148,15 +149,10 @@ public class FileController(
             return Redirect(BuildProxyUrl(dest.ImageProxy, fileName));
         }
 
-        if (dest.AccessProxy is not null)
+        return dest.AccessProxy is not null ? Redirect(BuildProxyUrl(dest.AccessProxy, fileName)) : null;
-        {
-            return Redirect(BuildProxyUrl(dest.AccessProxy, fileName));
     }
 
-        return null;
+    private static string BuildProxyUrl(string proxyUrl, string fileName)
-    }
-
-    private string BuildProxyUrl(string proxyUrl, string fileName)
     {
         var baseUri = new Uri(proxyUrl.EndsWith('/') ? proxyUrl : $"{proxyUrl}/");
         var fullUri = new Uri(baseUri, fileName);
@@ -189,7 +185,7 @@ public class FileController(
         return Redirect(openUrl);
     }
 
-    private Dictionary<string, string> BuildSignedUrlHeaders(
+    private static Dictionary<string, string> BuildSignedUrlHeaders(
         SnCloudFile file,
         string? fileExtension,
         string? overrideMimeType,
@@ -234,6 +230,21 @@ public class FileController(
         return file;
     }
 
+    [HttpGet("{id}/references")]
+    public async Task<ActionResult<List<Shared.Models.SnCloudFileReference>>> GetFileReferences(string id)
+    {
+        var file = await fs.GetFileAsync(id);
+        if (file is null) return NotFound("File not found.");
+
+        // Check if user has access to the file
+        var accessResult = await ValidateFileAccess(file, null);
+        if (accessResult is not null) return accessResult;
+
+        // Get references using the injected FileReferenceService
+        var references = await fileReferenceService.GetReferencesAsync(id);
+        return Ok(references);
+    }
+
     [Authorize]
     [HttpPatch("{id}/name")]
     public async Task<ActionResult<SnCloudFile>> UpdateFileName(string id, [FromBody] string name)
@@ -281,25 +292,40 @@ public class FileController(
         [FromQuery] Guid? pool,
         [FromQuery] bool recycled = false,
         [FromQuery] int offset = 0,
-        [FromQuery] int take = 20
+        [FromQuery] int take = 20,
+        [FromQuery] string? query = null,
+        [FromQuery] string order = "date",
+        [FromQuery] bool orderDesc = true
     )
     {
         if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
         var accountId = Guid.Parse(currentUser.Id);
 
-        var query = db.Files
+        var filesQuery = db.Files
             .Where(e => e.IsMarkedRecycle == recycled)
             .Where(e => e.AccountId == accountId)
             .Include(e => e.Pool)
-            .OrderByDescending(e => e.CreatedAt)
             .AsQueryable();
 
-        if (pool.HasValue) query = query.Where(e => e.PoolId == pool);
+        if (pool.HasValue) filesQuery = filesQuery.Where(e => e.PoolId == pool);
 
-        var total = await query.CountAsync();
+        if (!string.IsNullOrWhiteSpace(query))
+        {
+            filesQuery = filesQuery.Where(e => e.Name.Contains(query));
+        }
+
+        filesQuery = order.ToLower() switch
+        {
+            "date" => orderDesc ? filesQuery.OrderByDescending(e => e.CreatedAt) : filesQuery.OrderBy(e => e.CreatedAt),
+            "size" => orderDesc ? filesQuery.OrderByDescending(e => e.Size) : filesQuery.OrderBy(e => e.Size),
+            "name" => orderDesc ? filesQuery.OrderByDescending(e => e.Name) : filesQuery.OrderBy(e => e.Name),
+            _ => filesQuery.OrderByDescending(e => e.CreatedAt)
+        };
+
+        var total = await filesQuery.CountAsync();
         Response.Headers.Append("X-Total", total.ToString());
 
-        var files = await query
+        var files = await filesQuery
             .Skip(offset)
             .Take(take)
             .ToListAsync();
@@ -307,9 +333,25 @@ public class FileController(
         return Ok(files);
     }
 
+    public class FileBatchDeletionRequest
+    {
+        public List<string> FileIds { get; set; } = [];
+    }
+
+    [Authorize]
+    [HttpPost("batches/delete")]
+    public async Task<ActionResult> DeleteFileBatch([FromBody] FileBatchDeletionRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
+        var userId = Guid.Parse(currentUser.Id);
+
+        var count = await fs.DeleteAccountFileBatchAsync(userId, request.FileIds);
+        return Ok(new { Count = count });
+    }
+
     [Authorize]
     [HttpDelete("{id}")]
-    public async Task<ActionResult> DeleteFile(string id)
+    public async Task<ActionResult<SnCloudFile>> DeleteFile(string id)
     {
         if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
         var userId = Guid.Parse(currentUser.Id);
@@ -321,9 +363,9 @@ public class FileController(
         if (file is null) return NotFound();
 
         await fs.DeleteFileDataAsync(file, force: true);
-        await fs.DeleteFileAsync(file);
+        await fs.DeleteFileAsync(file, skipData: true);
 
-        return NoContent();
+        return Ok(file);
     }
 
     [Authorize]
@@ -339,116 +381,10 @@ public class FileController(
 
     [Authorize]
     [HttpDelete("recycle")]
-    [RequiredPermission("maintenance", "files.delete.recycle")]
+    [AskPermission("files.delete.recycle")]
     public async Task<ActionResult> DeleteAllRecycledFiles()
     {
         var count = await fs.DeleteAllRecycledFilesAsync();
         return Ok(new { Count = count });
     }
-
-    public class CreateFastFileRequest
-    {
-        public string Name { get; set; } = null!;
-        public long Size { get; set; }
-        public string Hash { get; set; } = null!;
-        public string? MimeType { get; set; }
-        public string? Description { get; set; }
-        public Dictionary<string, object?>? UserMeta { get; set; }
-        public Dictionary<string, object?>? FileMeta { get; set; }
-        public List<Shared.Models.ContentSensitiveMark>? SensitiveMarks { get; set; }
-        public Guid PoolId { get; set; }
-    }
-
-    [Authorize]
-    [HttpPost("fast")]
-    [RequiredPermission("global", "files.create")]
-    public async Task<ActionResult<SnCloudFile>> CreateFastFile([FromBody] CreateFastFileRequest request)
-    {
-        if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
-        var accountId = Guid.Parse(currentUser.Id);
-
-        var pool = await db.Pools.FirstOrDefaultAsync(p => p.Id == request.PoolId);
-        if (pool is null) return BadRequest();
-        if (!currentUser.IsSuperuser && pool.AccountId != accountId)
-            return StatusCode(403, "You don't have permission to create files in this pool.");
-
-        if (!pool.PolicyConfig.EnableFastUpload)
-            return StatusCode(
-                403,
-                "This pool does not allow fast upload"
-            );
-
-        if (pool.PolicyConfig.RequirePrivilege > 0)
-        {
-            if (currentUser.PerkSubscription is null)
-            {
-                return StatusCode(
-                    403,
-                    $"You need to have join the Stellar Program to use this pool"
-                );
-            }
-
-            var privilege =
-                PerkSubscriptionPrivilege.GetPrivilegeFromIdentifier(currentUser.PerkSubscription.Identifier);
-            if (privilege < pool.PolicyConfig.RequirePrivilege)
-            {
-                return StatusCode(
-                    403,
-                    $"You need Stellar Program tier {pool.PolicyConfig.RequirePrivilege} to use this pool, you are tier {privilege}"
-                );
-            }
-        }
-
-        if (request.Size > pool.PolicyConfig.MaxFileSize)
-        {
-            return StatusCode(
-                403,
-                $"File size {request.Size} is larger than the pool's maximum file size {pool.PolicyConfig.MaxFileSize}"
-            );
-        }
-
-        var (ok, billableUnit, quota) = await qs.IsFileAcceptable(
-            accountId,
-            pool.BillingConfig.CostMultiplier ?? 1.0,
-            request.Size
-        );
-        if (!ok)
-        {
-            return StatusCode(
-                403,
-                $"File size {billableUnit} is larger than the user's quota {quota}"
-            );
-        }
-
-        await using var transaction = await db.Database.BeginTransactionAsync();
-        try
-        {
-            var file = new SnCloudFile
-            {
-                Name = request.Name,
-                Size = request.Size,
-                Hash = request.Hash,
-                MimeType = request.MimeType,
-                Description = request.Description,
-                AccountId = accountId,
-                UserMeta = request.UserMeta,
-                FileMeta = request.FileMeta,
-                SensitiveMarks = request.SensitiveMarks,
-                PoolId = request.PoolId
-            };
-            db.Files.Add(file);
-            await db.SaveChangesAsync();
-            await fs._PurgeCacheAsync(file.Id);
-            await transaction.CommitAsync();
-
-            file.FastUploadLink = await fs.CreateFastUploadLinkAsync(file);
-
-            return file;
-        }
-        catch (Exception)
-        {
-            await transaction.RollbackAsync();
-            throw;
-        }
-    }
 }

DysonNetwork.Drive/Storage/FileReferenceService.cs

@@ -1,4 +1,5 @@
 using DysonNetwork.Shared.Cache;
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using EFCore.BulkExtensions;
 using Microsoft.EntityFrameworkCore;
@@ -20,7 +21,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// <param name="expiredAt">Optional expiration time for the file</param>
     /// <param name="duration">Optional duration after which the file expires (alternative to expiredAt)</param>
     /// <returns>The created file reference</returns>
-    public async Task<CloudFileReference> CreateReferenceAsync(
+    public async Task<SnCloudFileReference> CreateReferenceAsync(
         string fileId,
         string usage,
         string resourceId,
@@ -33,7 +34,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         if (duration.HasValue)
             finalExpiration = SystemClock.Instance.GetCurrentInstant() + duration.Value;
 
-        var reference = new CloudFileReference
+        var reference = new SnCloudFileReference
         {
             FileId = fileId,
             Usage = usage,
@@ -49,7 +50,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         return reference;
     }
 
-    public async Task<List<CloudFileReference>> CreateReferencesAsync(
+    public async Task<List<SnCloudFileReference>> CreateReferencesAsync(
         List<string> fileId,
         string usage,
         string resourceId,
@@ -57,12 +58,15 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         Duration? duration = null
     )
     {
-        var data = fileId.Select(id => new CloudFileReference
+        var now = SystemClock.Instance.GetCurrentInstant();
+        var data = fileId.Select(id => new SnCloudFileReference
         {
             FileId = id,
             Usage = usage,
             ResourceId = resourceId,
-            ExpiredAt = expiredAt ?? SystemClock.Instance.GetCurrentInstant() + duration
+            ExpiredAt = expiredAt ?? now + duration,
+            CreatedAt = now,
+            UpdatedAt = now
         }).ToList();
         await db.BulkInsertAsync(data);
         return data;
@@ -73,11 +77,11 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// </summary>
     /// <param name="fileId">The ID of the file</param>
     /// <returns>A list of all references to the file</returns>
-    public async Task<List<CloudFileReference>> GetReferencesAsync(string fileId)
+    public async Task<List<SnCloudFileReference>> GetReferencesAsync(string fileId)
     {
         var cacheKey = $"{CacheKeyPrefix}list:{fileId}";
 
-        var cachedReferences = await cache.GetAsync<List<CloudFileReference>>(cacheKey);
+        var cachedReferences = await cache.GetAsync<List<SnCloudFileReference>>(cacheKey);
         if (cachedReferences is not null)
             return cachedReferences;
 
@@ -90,17 +94,17 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         return references;
     }
 
-    public async Task<Dictionary<string, List<CloudFileReference>>> GetReferencesAsync(IEnumerable<string> fileIds)
+    public async Task<Dictionary<string, List<SnCloudFileReference>>> GetReferencesAsync(IEnumerable<string> fileIds)
     {
         var fileIdList = fileIds.ToList();
-        var result = new Dictionary<string, List<CloudFileReference>>();
+        var result = new Dictionary<string, List<SnCloudFileReference>>();
 
         // Check cache for each file ID
         var uncachedFileIds = new List<string>();
         foreach (var fileId in fileIdList)
         {
             var cacheKey = $"{CacheKeyPrefix}list:{fileId}";
-            var cachedReferences = await cache.GetAsync<List<CloudFileReference>>(cacheKey);
+            var cachedReferences = await cache.GetAsync<List<SnCloudFileReference>>(cacheKey);
             if (cachedReferences is not null)
             {
                 result[fileId] = cachedReferences;
@@ -158,11 +162,11 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// </summary>
     /// <param name="resourceId">The ID of the resource</param>
     /// <returns>A list of file references associated with the resource</returns>
-    public async Task<List<CloudFileReference>> GetResourceReferencesAsync(string resourceId)
+    public async Task<List<SnCloudFileReference>> GetResourceReferencesAsync(string resourceId)
     {
         var cacheKey = $"{CacheKeyPrefix}resource:{resourceId}";
 
-        var cachedReferences = await cache.GetAsync<List<CloudFileReference>>(cacheKey);
+        var cachedReferences = await cache.GetAsync<List<SnCloudFileReference>>(cacheKey);
         if (cachedReferences is not null)
             return cachedReferences;
 
@@ -180,11 +184,11 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// </summary>
     /// <param name="usage">The usage context</param>
     /// <returns>A list of file references with the specified usage</returns>
-    public async Task<List<CloudFileReference>> GetUsageReferencesAsync(string usage)
+    public async Task<List<SnCloudFileReference>> GetUsageReferencesAsync(string usage)
     {
         var cacheKey = $"{CacheKeyPrefix}usage:{usage}";
 
-        var cachedReferences = await cache.GetAsync<List<CloudFileReference>>(cacheKey);
+        var cachedReferences = await cache.GetAsync<List<SnCloudFileReference>>(cacheKey);
         if (cachedReferences is not null)
             return cachedReferences;
 
@@ -306,7 +310,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// <param name="expiredAt">Optional expiration time for newly added files</param>
     /// <param name="duration">Optional duration after which newly added files expire</param>
     /// <returns>A list of the updated file references</returns>
-    public async Task<List<CloudFileReference>> UpdateResourceFilesAsync(
+    public async Task<List<SnCloudFileReference>> UpdateResourceFilesAsync(
         string resourceId,
         IEnumerable<string>? newFileIds,
         string usage,
@@ -314,7 +318,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         Duration? duration = null)
     {
         if (newFileIds == null)
-            return new List<CloudFileReference>();
+            return new List<SnCloudFileReference>();
 
         var existingReferences = await db.FileReferences
             .Where(r => r.ResourceId == resourceId && r.Usage == usage)
@@ -332,7 +336,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
         // Files to add
         var toAdd = newFileIdsList
             .Where(id => !existingFileIds.Contains(id))
-            .Select(id => new CloudFileReference
+            .Select(id => new SnCloudFileReference
             {
                 FileId = id,
                 Usage = usage,
@@ -484,7 +488,7 @@ public class FileReferenceService(AppDatabase db, FileService fileService, ICach
     /// <param name="resourceId">The resource ID</param>
     /// <param name="usageType">The usage type</param>
     /// <returns>List of file references</returns>
-    public async Task<List<CloudFileReference>> GetResourceReferencesAsync(string resourceId, string usageType)
+    public async Task<List<SnCloudFileReference>> GetResourceReferencesAsync(string resourceId, string usageType)
     {
         return await db.FileReferences
             .Where(r => r.ResourceId == resourceId && r.Usage == usageType)

DysonNetwork.Drive/Storage/FileService.cs

@@ -103,7 +103,8 @@ public class FileService(
         var bundle = await ValidateAndGetBundleAsync(fileBundleId, accountId);
         var finalExpiredAt = CalculateFinalExpiration(expiredAt, pool, bundle);
 
-        var (managedTempPath, fileSize, finalContentType) = await PrepareFileAsync(fileId, filePath, fileName, contentType);
+        var (managedTempPath, fileSize, finalContentType) =
+            await PrepareFileAsync(fileId, filePath, fileName, contentType);
 
         var file = CreateFileObject(fileId, fileName, finalContentType, fileSize, finalExpiredAt, bundle, accountId);
 
@@ -112,7 +113,8 @@ public class FileService(
             await ExtractMetadataAsync(file, managedTempPath);
         }
 
-        var (processingPath, isTempFile) = await ProcessEncryptionAsync(fileId, managedTempPath, encryptPassword, pool, file);
+        var (processingPath, isTempFile) =
+            await ProcessEncryptionAsync(fileId, managedTempPath, encryptPassword, pool, file);
 
         file.Hash = await HashFileAsync(processingPath);
 
@@ -231,7 +233,8 @@ public class FileService(
         file.StorageId ??= file.Id;
     }
 
-    private async Task PublishFileUploadedEventAsync(SnCloudFile file, FilePool pool, string processingPath, bool isTempFile)
+    private async Task PublishFileUploadedEventAsync(SnCloudFile file, FilePool pool, string processingPath,
+        bool isTempFile)
     {
         var js = nats.CreateJetStreamContext();
         await js.PublishAsync(
@@ -471,12 +474,13 @@ public class FileService(
         return await db.Files.AsNoTracking().FirstAsync(f => f.Id == file.Id);
     }
 
-    public async Task DeleteFileAsync(SnCloudFile file)
+    public async Task DeleteFileAsync(SnCloudFile file, bool skipData = false)
     {
         db.Remove(file);
         await db.SaveChangesAsync();
         await _PurgeCacheAsync(file.Id);
 
+        if (!skipData)
             await DeleteFileDataAsync(file);
     }
 
@@ -660,9 +664,12 @@ public class FileService(
             }
         }
 
-        return [.. references
+        return
+        [
+            .. references
                 .Select(r => cachedFiles.GetValueOrDefault(r.Id))
-            .Where(f => f != null)];
+                .Where(f => f != null)
+        ];
     }
 
     public async Task<int> GetReferenceCountAsync(string fileId)
@@ -711,6 +718,21 @@ public class FileService(
         return count;
     }
 
+    public async Task<int> DeleteAccountFileBatchAsync(Guid accountId, List<string> fileIds)
+    {
+        var files = await db.Files
+            .Where(f => f.AccountId == accountId && fileIds.Contains(f.Id))
+            .ToListAsync();
+        var count = files.Count;
+        var tasks = files.Select(f => DeleteFileDataAsync(f, true));
+        await Task.WhenAll(tasks);
+        var fileIdsList = files.Select(f => f.Id).ToList();
+        await _PurgeCacheRangeAsync(fileIdsList);
+        db.RemoveRange(files);
+        await db.SaveChangesAsync();
+        return count;
+    }
+
     public async Task<int> DeletePoolRecycledFilesAsync(Guid poolId)
     {
         var files = await db.Files

DysonNetwork.Drive/Storage/FileUploadController.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
-using System.Text.Json;
 using DysonNetwork.Drive.Billing;
+using DysonNetwork.Drive.Index;
 using DysonNetwork.Drive.Storage.Model;
 using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.Http;
@@ -25,21 +25,20 @@ public class FileUploadController(
     PermissionService.PermissionServiceClient permission,
     QuotaService quotaService,
     PersistentTaskService persistentTaskService,
+    FileIndexService fileIndexService,
     ILogger<FileUploadController> logger
 )
     : ControllerBase
 {
     private readonly string _tempPath =
         configuration.GetValue<string>("Storage:Uploads") ?? Path.Combine(Path.GetTempPath(), "multipart-uploads");
-    private readonly ILogger<FileUploadController> _logger = logger;
 
     private const long DefaultChunkSize = 1024 * 1024 * 5; // 5MB
 
     [HttpPost("create")]
     public async Task<IActionResult> CreateUploadTask([FromBody] CreateUploadTaskRequest request)
     {
-        var currentUser = HttpContext.Items["CurrentUser"] as Account;
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
-        if (currentUser is null)
             return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
 
         var permissionCheck = await ValidateUserPermissions(currentUser);
@@ -62,10 +61,32 @@ public class FileUploadController(
 
         EnsureTempDirectoryExists();
 
+        var accountId = Guid.Parse(currentUser.Id);
+
         // Check if a file with the same hash already exists
         var existingFile = await db.Files.FirstOrDefaultAsync(f => f.Hash == request.Hash);
         if (existingFile != null)
         {
+            // Create the file index if a path is provided, even for existing files
+            if (string.IsNullOrEmpty(request.Path))
+                return Ok(new CreateUploadTaskResponse
+                {
+                    FileExists = true,
+                    File = existingFile
+                });
+            try
+            {
+                await fileIndexService.CreateAsync(request.Path, existingFile.Id, accountId);
+                logger.LogInformation("Created file index for existing file {FileId} at path {Path}",
+                    existingFile.Id, request.Path);
+            }
+            catch (Exception ex)
+            {
+                logger.LogWarning(ex, "Failed to create file index for existing file {FileId} at path {Path}",
+                    existingFile.Id, request.Path);
+                // Don't fail the request if index creation fails, just log it
+            }
+
             return Ok(new CreateUploadTaskResponse
             {
                 FileExists = true,
@@ -73,7 +94,6 @@ public class FileUploadController(
             });
         }
 
-        var accountId = Guid.Parse(currentUser.Id);
         var taskId = await Nanoid.GenerateAsync();
 
         // Create persistent upload task
@@ -93,31 +113,33 @@ public class FileUploadController(
         if (currentUser.IsSuperuser) return null;
 
         var allowed = await permission.HasPermissionAsync(new HasPermissionRequest
-        { Actor = $"user:{currentUser.Id}", Area = "global", Key = "files.create" });
+            { Actor = currentUser.Id, Key = "files.create" });
 
-        return allowed.HasPermission ? null :
+        return allowed.HasPermission
-            new ObjectResult(ApiError.Unauthorized(forbidden: true)) { StatusCode = 403 };
+            ? null
+            : new ObjectResult(ApiError.Unauthorized(forbidden: true)) { StatusCode = 403 };
     }
 
-    private async Task<IActionResult?> ValidatePoolAccess(Account currentUser, FilePool pool, CreateUploadTaskRequest request)
+    private Task<IActionResult?> ValidatePoolAccess(Account currentUser, FilePool pool, CreateUploadTaskRequest request)
     {
-        if (pool.PolicyConfig.RequirePrivilege <= 0) return null;
+        if (pool.PolicyConfig.RequirePrivilege <= 0) return Task.FromResult<IActionResult?>(null);
 
-        var privilege = currentUser.PerkSubscription is null ? 0 :
+        var privilege = currentUser.PerkSubscription is null
-            PerkSubscriptionPrivilege.GetPrivilegeFromIdentifier(currentUser.PerkSubscription.Identifier);
+            ? 0
+            : PerkSubscriptionPrivilege.GetPrivilegeFromIdentifier(currentUser.PerkSubscription.Identifier);
 
         if (privilege < pool.PolicyConfig.RequirePrivilege)
         {
-            return new ObjectResult(ApiError.Unauthorized(
+            return Task.FromResult<IActionResult?>(new ObjectResult(ApiError.Unauthorized(
                     $"You need Stellar Program tier {pool.PolicyConfig.RequirePrivilege} to use pool {pool.Name}, you are tier {privilege}",
                     forbidden: true))
-            { StatusCode = 403 };
+                { StatusCode = 403 });
         }
 
-        return null;
+        return Task.FromResult<IActionResult?>(null);
     }
 
-    private IActionResult? ValidatePoolPolicy(PolicyConfig policy, CreateUploadTaskRequest request)
+    private static IActionResult? ValidatePoolPolicy(PolicyConfig policy, CreateUploadTaskRequest request)
     {
         if (!policy.AllowEncryption && !string.IsNullOrEmpty(request.EncryptPassword))
         {
@@ -138,19 +160,17 @@ public class FileUploadController(
 
             var foundMatch = policy.AcceptTypes.Any(acceptType =>
             {
-                if (acceptType.EndsWith("/*", StringComparison.OrdinalIgnoreCase))
+                if (!acceptType.EndsWith("/*", StringComparison.OrdinalIgnoreCase))
-                {
+                    return acceptType.Equals(request.ContentType, StringComparison.OrdinalIgnoreCase);
                 var type = acceptType[..^2];
                 return request.ContentType.StartsWith($"{type}/", StringComparison.OrdinalIgnoreCase);
-                }
-
-                return acceptType.Equals(request.ContentType, StringComparison.OrdinalIgnoreCase);
             });
 
             if (!foundMatch)
             {
                 return new ObjectResult(
-                    ApiError.Unauthorized($"Content type {request.ContentType} is not allowed by the pool's policy", true))
+                        ApiError.Unauthorized($"Content type {request.ContentType} is not allowed by the pool's policy",
+                            true))
                     { StatusCode = 403 };
             }
         }
@@ -158,7 +178,8 @@ public class FileUploadController(
         if (policy.MaxFileSize is not null && request.FileSize > policy.MaxFileSize)
         {
             return new ObjectResult(ApiError.Unauthorized(
-                $"File size {request.FileSize} is larger than the pool's maximum file size {policy.MaxFileSize}", true))
+                    $"File size {request.FileSize} is larger than the pool's maximum file size {policy.MaxFileSize}",
+                    true))
                 { StatusCode = 403 };
         }
 
@@ -176,7 +197,8 @@ public class FileUploadController(
         if (!ok)
         {
             return new ObjectResult(
-                ApiError.Unauthorized($"File size {billableUnit} MiB is exceeded the user's quota {quota} MiB", true))
+                    ApiError.Unauthorized($"File size {billableUnit} MiB is exceeded the user's quota {quota} MiB",
+                        true))
                 { StatusCode = 403 };
         }
 
@@ -191,41 +213,12 @@ public class FileUploadController(
         }
     }
 
-    private async Task<(string taskId, UploadTask task)> CreateUploadTaskInternal(CreateUploadTaskRequest request)
-    {
-        var taskId = await Nanoid.GenerateAsync();
-        var taskPath = Path.Combine(_tempPath, taskId);
-        Directory.CreateDirectory(taskPath);
-
-        var chunkSize = request.ChunkSize ?? DefaultChunkSize;
-        var chunksCount = (int)Math.Ceiling((double)request.FileSize / chunkSize);
-
-        var task = new UploadTask
-        {
-            TaskId = taskId,
-            FileName = request.FileName,
-            FileSize = request.FileSize,
-            ContentType = request.ContentType,
-            ChunkSize = chunkSize,
-            ChunksCount = chunksCount,
-            PoolId = request.PoolId.Value,
-            BundleId = request.BundleId,
-            EncryptPassword = request.EncryptPassword,
-            ExpiredAt = request.ExpiredAt,
-            Hash = request.Hash,
-        };
-
-        await System.IO.File.WriteAllTextAsync(Path.Combine(taskPath, "task.json"), JsonSerializer.Serialize(task));
-        return (taskId, task);
-    }
-
     public class UploadChunkRequest
     {
-        [Required]
+        [Required] public IFormFile Chunk { get; set; } = null!;
-        public IFormFile Chunk { get; set; } = null!;
     }
 
-    [HttpPost("chunk/{taskId}/{chunkIndex}")]
+    [HttpPost("chunk/{taskId}/{chunkIndex:int}")]
     [RequestSizeLimit(DefaultChunkSize + 1024 * 1024)] // 6MB to be safe
     [RequestFormLimits(MultipartBodyLengthLimit = DefaultChunkSize + 1024 * 1024)]
     public async Task<IActionResult> UploadChunk(string taskId, int chunkIndex, [FromForm] UploadChunkRequest request)
@@ -278,7 +271,7 @@ public class FileUploadController(
 
         try
         {
-            await MergeChunks(taskPath, mergedFilePath, persistentTask.ChunksCount);
+            await MergeChunks(taskId, taskPath, mergedFilePath, persistentTask.ChunksCount, persistentTaskService);
 
             var fileId = await Nanoid.GenerateAsync();
             var cloudFile = await fileService.ProcessNewFileAsync(
@@ -293,10 +286,28 @@ public class FileUploadController(
                 persistentTask.ExpiredAt
             );
 
-            // Mark task as completed
+            // Create the file index if a path is provided
-            await persistentTaskService.MarkTaskCompletedAsync(taskId);
+            if (!string.IsNullOrEmpty(persistentTask.Path))
+            {
+                try
+                {
+                    var accountId = Guid.Parse(currentUser.Id);
+                    await fileIndexService.CreateAsync(persistentTask.Path, fileId, accountId);
+                    logger.LogInformation("Created file index for file {FileId} at path {Path}", fileId,
+                        persistentTask.Path);
+                }
+                catch (Exception ex)
+                {
+                    logger.LogWarning(ex, "Failed to create file index for file {FileId} at path {Path}", fileId,
+                        persistentTask.Path);
+                    // Don't fail the upload if index creation fails, just log it
+                }
+            }
 
-            // Send completion notification
+            // Update the task status to "processing" - background processing is now happening
+            await persistentTaskService.UpdateTaskProgressAsync(taskId, 0.95, "Processing file in background...");
+
+            // Send upload completion notification (a file is uploaded, but processing continues)
             await persistentTaskService.SendUploadCompletedNotificationAsync(persistentTask, fileId);
 
             return Ok(cloudFile);
@@ -304,7 +315,8 @@ public class FileUploadController(
         catch (Exception ex)
         {
             // Log the actual exception for debugging
-            _logger.LogError(ex, "Failed to complete upload for task {TaskId}. Error: {ErrorMessage}", taskId, ex.Message);
+            logger.LogError(ex, "Failed to complete upload for task {TaskId}. Error: {ErrorMessage}", taskId,
+                ex.Message);
 
             // Mark task as failed
             await persistentTaskService.MarkTaskFailedAsync(taskId);
@@ -328,24 +340,39 @@ public class FileUploadController(
         }
     }
 
-    private async Task MergeChunks(string taskPath, string mergedFilePath, int chunksCount)
+    private static async Task MergeChunks(
+        string taskId,
+        string taskPath,
+        string mergedFilePath,
+        int chunksCount,
+        PersistentTaskService persistentTaskService)
     {
         await using var mergedStream = new FileStream(mergedFilePath, FileMode.Create);
 
+        const double baseProgress = 0.8; // Start from 80% (chunk upload is already at 95%)
+        const double remainingProgress = 0.15; // Remaining 15% progress distributed across chunks
+        var progressPerChunk = remainingProgress / chunksCount;
+
         for (var i = 0; i < chunksCount; i++)
         {
-            var chunkPath = Path.Combine(taskPath, $"{i}.chunk");
+            var chunkPath = Path.Combine(taskPath, i + ".chunk");
             if (!System.IO.File.Exists(chunkPath))
-            {
+                throw new InvalidOperationException("Chunk " + i + " is missing.");
-                throw new InvalidOperationException($"Chunk {i} is missing.");
-            }
 
             await using var chunkStream = new FileStream(chunkPath, FileMode.Open);
             await chunkStream.CopyToAsync(mergedStream);
+
+            // Update progress after each chunk is merged
+            var currentProgress = baseProgress + progressPerChunk * (i + 1);
+            await persistentTaskService.UpdateTaskProgressAsync(
+                taskId,
+                currentProgress,
+                "Merging chunks... (" + (i + 1) + "/" + chunksCount + ")"
+            );
         }
     }
 
-    private async Task CleanupTempFiles(string taskPath, string mergedFilePath)
+    private static Task CleanupTempFiles(string taskPath, string mergedFilePath)
     {
         try
         {
@@ -359,6 +386,8 @@ public class FileUploadController(
         {
             // Ignore cleanup errors to avoid masking the original exception
         }
+
+        return Task.CompletedTask;
     }
 
     // New endpoints for resumable uploads
@@ -377,7 +406,8 @@ public class FileUploadController(
             return new ObjectResult(ApiError.Unauthorized()) { StatusCode = 401 };
 
         var accountId = Guid.Parse(currentUser.Id);
-        var tasks = await persistentTaskService.GetUserUploadTasksAsync(accountId, status, sortBy, sortDescending, offset, limit);
+        var tasks = await persistentTaskService.GetUserUploadTasksAsync(accountId, status, sortBy, sortDescending,
+            offset, limit);
 
         Response.Headers.Append("X-Total", tasks.TotalCount.ToString());
 
@@ -395,7 +425,7 @@ public class FileUploadController(
             t.LastActivity,
             t.CreatedAt,
             t.UpdatedAt,
-            UploadedChunks = t.UploadedChunks,
+            t.UploadedChunks,
             Pool = new { t.PoolId, Name = "Pool Name" }, // Could be expanded to include pool details
             Bundle = t.BundleId.HasValue ? new { t.BundleId } : null
         }));
@@ -463,7 +493,7 @@ public class FileUploadController(
             task.ChunkSize,
             task.ChunksCount,
             task.ChunksUploaded,
-            UploadedChunks = task.UploadedChunks,
+            task.UploadedChunks,
             Progress = task.ChunksCount > 0 ? (double)task.ChunksUploaded / task.ChunksCount * 100 : 0
         });
     }
@@ -505,14 +535,14 @@ public class FileUploadController(
 
         return Ok(new
         {
-            TotalTasks = stats.TotalTasks,
+            stats.TotalTasks,
-            InProgressTasks = stats.InProgressTasks,
+            stats.InProgressTasks,
-            CompletedTasks = stats.CompletedTasks,
+            stats.CompletedTasks,
-            FailedTasks = stats.FailedTasks,
+            stats.FailedTasks,
-            ExpiredTasks = stats.ExpiredTasks,
+            stats.ExpiredTasks,
-            TotalUploadedBytes = stats.TotalUploadedBytes,
+            stats.TotalUploadedBytes,
-            AverageProgress = stats.AverageProgress,
+            stats.AverageProgress,
-            RecentActivity = stats.RecentActivity
+            stats.RecentActivity
         });
     }
 
@@ -591,28 +621,32 @@ public class FileUploadController(
                 task.UpdatedAt,
                 task.ExpiredAt,
                 task.Hash,
-                UploadedChunks = task.UploadedChunks
+                task.UploadedChunks
             },
-            Pool = pool != null ? new
+            Pool = pool != null
+                ? new
                 {
                     pool.Id,
                     pool.Name,
                     pool.Description
-            } : null,
+                }
-            Bundle = bundle != null ? new
+                : null,
+            Bundle = bundle != null
+                ? new
                 {
                     bundle.Id,
                     bundle.Name,
                     bundle.Description
-            } : null,
+                }
+                : null,
             EstimatedTimeRemaining = CalculateEstimatedTime(task),
             UploadSpeed = CalculateUploadSpeed(task)
         });
     }
 
-    private string? CalculateEstimatedTime(PersistentUploadTask task)
+    private static string? CalculateEstimatedTime(PersistentUploadTask task)
     {
-        if (task.Status != Model.TaskStatus.InProgress || task.ChunksUploaded == 0)
+        if (task.Status != TaskStatus.InProgress || task.ChunksUploaded == 0)
             return null;
 
         var elapsed = NodaTime.SystemClock.Instance.GetCurrentInstant() - task.CreatedAt;
@@ -625,27 +659,29 @@ public class FileUploadController(
 
         var remainingSeconds = remainingChunks / chunksPerSecond;
 
-        if (remainingSeconds < 60)
+        return remainingSeconds switch
-            return $"{remainingSeconds:F0} seconds";
+        {
-        if (remainingSeconds < 3600)
+            < 60 => $"{remainingSeconds:F0} seconds",
-            return $"{remainingSeconds / 60:F0} minutes";
+            < 3600 => $"{remainingSeconds / 60:F0} minutes",
-        return $"{remainingSeconds / 3600:F1} hours";
+            _ => $"{remainingSeconds / 3600:F1} hours"
+        };
     }
 
-    private string? CalculateUploadSpeed(PersistentUploadTask task)
+    private static string? CalculateUploadSpeed(PersistentUploadTask task)
     {
         if (task.ChunksUploaded == 0)
             return null;
 
-        var elapsed = NodaTime.SystemClock.Instance.GetCurrentInstant() - task.CreatedAt;
+        var elapsed = SystemClock.Instance.GetCurrentInstant() - task.CreatedAt;
         var elapsedSeconds = elapsed.TotalSeconds;
-        var bytesUploaded = (long)task.ChunksUploaded * task.ChunkSize;
+        var bytesUploaded = task.ChunksUploaded * task.ChunkSize;
         var bytesPerSecond = bytesUploaded / elapsedSeconds;
 
-        if (bytesPerSecond < 1024)
+        return bytesPerSecond switch
-            return $"{bytesPerSecond:F0} B/s";
+        {
-        if (bytesPerSecond < 1024 * 1024)
+            < 1024 => $"{bytesPerSecond:F0} B/s",
-            return $"{bytesPerSecond / 1024:F0} KB/s";
+            < 1024 * 1024 => $"{bytesPerSecond / 1024:F0} KB/s",
-        return $"{bytesPerSecond / (1024 * 1024):F1} MB/s";
+            _ => $"{bytesPerSecond / (1024 * 1024):F1} MB/s"
+        };
     }
 }

DysonNetwork.Drive/Storage/Model/FileUploadModels.cs

@@ -22,6 +22,7 @@ public class FileUploadParameters
     public string? EncryptPassword { get; set; }
     public string Hash { get; set; } = string.Empty;
     public List<int> UploadedChunks { get; set; } = [];
+    public string? Path { get; set; }
 }
 
 // File Move Task Parameters
@@ -93,6 +94,7 @@ public class CreateUploadTaskRequest
     public string? EncryptPassword { get; set; }
     public Instant? ExpiredAt { get; set; }
     public long? ChunkSize { get; set; }
+    public string? Path { get; set; }
 }
 
 public class CreateUploadTaskResponse
@@ -157,24 +159,6 @@ public class PersistentTask : ModelBase
 
     // Estimated duration in seconds
     public long? EstimatedDurationSeconds { get; set; }
-
-    // Helper methods for parameter management using GrpcTypeHelper
-    public MapField<string, Google.Protobuf.WellKnownTypes.Value> GetParametersAsGrpcMap()
-    {
-        var nonNullableParameters = Parameters.ToDictionary(kvp => kvp.Key, kvp => kvp.Value ?? string.Empty);
-        return GrpcTypeHelper.ConvertToValueMap(nonNullableParameters);
-    }
-
-    public void SetParametersFromGrpcMap(MapField<string, Google.Protobuf.WellKnownTypes.Value> map)
-    {
-        Parameters = GrpcTypeHelper.ConvertFromValueMap(map);
-    }
-
-    public MapField<string, Google.Protobuf.WellKnownTypes.Value> GetResultsAsGrpcMap()
-    {
-        var nonNullableResults = Results.ToDictionary(kvp => kvp.Key, kvp => kvp.Value ?? string.Empty);
-        return GrpcTypeHelper.ConvertToValueMap(nonNullableResults);
-    }
 }
 
 // Backward compatibility - UploadTask inherits from PersistentTask
@@ -319,6 +303,17 @@ public class PersistentUploadTask : PersistentTask
             TypedParameters = parameters;
         }
     }
+
+    public string? Path
+    {
+        get => TypedParameters.Path;
+        set
+        {
+            var parameters = TypedParameters;
+            parameters.Path = value;
+            TypedParameters = parameters;
+        }
+    }
 }
 
 public enum TaskType

DysonNetwork.Drive/Storage/PersistentTaskService.cs

@@ -26,7 +26,7 @@ public class PersistentTaskService(
     /// </summary>
     public async Task<T> CreateTaskAsync<T>(T task) where T : PersistentTask
     {
-        task.TaskId = NanoidDotNet.Nanoid.Generate();
+        task.TaskId = await Nanoid.GenerateAsync();
         var now = SystemClock.Instance.GetCurrentInstant();
         task.CreatedAt = now;
         task.UpdatedAt = now;
@@ -45,7 +45,7 @@ public class PersistentTaskService(
     /// <summary>
     /// Gets a task by ID
     /// </summary>
-    public async Task<T?> GetTaskAsync<T>(string taskId) where T : PersistentTask
+    private async Task<T?> GetTaskAsync<T>(string taskId) where T : PersistentTask
     {
         var cacheKey = $"{CacheKeyPrefix}{taskId}";
         var cachedTask = await cache.GetAsync<T>(cacheKey);
@@ -55,15 +55,11 @@ public class PersistentTaskService(
         var task = await db.Tasks
             .FirstOrDefaultAsync(t => t.TaskId == taskId);
 
-        if (task is T typedTask)
+        if (task is not T typedTask) return null;
-        {
         await SetCacheAsync(typedTask);
         return typedTask;
     }
 
-        return null;
-    }
-
     /// <summary>
     /// Updates task progress
     /// </summary>
@@ -73,20 +69,35 @@ public class PersistentTaskService(
         if (task is null) return;
 
         var previousProgress = task.Progress;
-        task.Progress = Math.Clamp(progress, 0, 100);
+        var delta = progress - previousProgress;
-        task.LastActivity = SystemClock.Instance.GetCurrentInstant();
+        var clampedProgress = Math.Clamp(progress, 0, 1.0);
-        task.UpdatedAt = task.LastActivity;
+        var now = SystemClock.Instance.GetCurrentInstant();
 
+        // Update the cached task
+        task.Progress = clampedProgress;
+        task.LastActivity = now;
+        task.UpdatedAt = now;
         if (statusMessage is not null)
-        {
             task.Description = statusMessage;
-        }
 
-        await db.SaveChangesAsync();
         await SetCacheAsync(task);
 
         // Send progress update notification
         await SendTaskProgressUpdateAsync(task, task.Progress, previousProgress);
+
+        // Only updates when update in period
+        // Use ExecuteUpdateAsync for better performance - update only the fields we need
+        if (Math.Abs(progress - 1) < 0.1 || delta * 100 > 5)
+        {
+            await db.Tasks
+                .Where(t => t.TaskId == taskId)
+                .ExecuteUpdateAsync(setters => setters
+                    .SetProperty(t => t.Progress, clampedProgress)
+                    .SetProperty(t => t.LastActivity, now)
+                    .SetProperty(t => t.UpdatedAt, now)
+                    .SetProperty(t => t.Description, t => statusMessage ?? t.Description)
+                );
+        }
     }
 
     /// <summary>
@@ -98,8 +109,23 @@ public class PersistentTaskService(
         if (task is null) return;
 
         var now = SystemClock.Instance.GetCurrentInstant();
+
+        // Use ExecuteUpdateAsync for better performance - update only the fields we need
+        var updatedRows = await db.Tasks
+            .Where(t => t.TaskId == taskId)
+            .ExecuteUpdateAsync(setters => setters
+                .SetProperty(t => t.Status, TaskStatus.Completed)
+                .SetProperty(t => t.Progress, 1.0)
+                .SetProperty(t => t.CompletedAt, now)
+                .SetProperty(t => t.LastActivity, now)
+                .SetProperty(t => t.UpdatedAt, now)
+            );
+
+        if (updatedRows > 0)
+        {
+            // Update the cached task with results if provided
             task.Status = TaskStatus.Completed;
-        task.Progress = 100;
+            task.Progress = 1.0;
             task.CompletedAt = now;
             task.LastActivity = now;
             task.UpdatedAt = now;
@@ -112,11 +138,10 @@ public class PersistentTaskService(
                 }
             }
 
-        await db.SaveChangesAsync();
             await RemoveCacheAsync(taskId);
-
             await SendTaskCompletedNotificationAsync(task);
         }
+    }
 
     /// <summary>
     /// Marks a task as failed
@@ -126,16 +151,31 @@ public class PersistentTaskService(
         var task = await GetTaskAsync<PersistentTask>(taskId);
         if (task is null) return;
 
+        var now = SystemClock.Instance.GetCurrentInstant();
+        var errorMsg = errorMessage ?? "Task failed due to an unknown error";
+
+        // Use ExecuteUpdateAsync for better performance - update only the fields we need
+        var updatedRows = await db.Tasks
+            .Where(t => t.TaskId == taskId)
+            .ExecuteUpdateAsync(setters => setters
+                .SetProperty(t => t.Status, TaskStatus.Failed)
+                .SetProperty(t => t.ErrorMessage, errorMsg)
+                .SetProperty(t => t.LastActivity, now)
+                .SetProperty(t => t.UpdatedAt, now)
+            );
+
+        if (updatedRows > 0)
+        {
+            // Update the cached task
             task.Status = TaskStatus.Failed;
-        task.ErrorMessage = errorMessage ?? "Task failed due to an unknown error";
+            task.ErrorMessage = errorMsg;
-        task.LastActivity = SystemClock.Instance.GetCurrentInstant();
+            task.LastActivity = now;
-        task.UpdatedAt = task.LastActivity;
+            task.UpdatedAt = now;
 
-        await db.SaveChangesAsync();
             await RemoveCacheAsync(taskId);
-
             await SendTaskFailedNotificationAsync(task);
         }
+    }
 
     /// <summary>
     /// Pauses a task
@@ -344,13 +384,14 @@ public class PersistentTaskService(
                 TaskId = task.TaskId,
                 Name = task.Name,
                 Type = task.Type.ToString(),
-                CreatedAt = task.CreatedAt.ToString("%O", null)
+                Parameters = task.Parameters,
+                CreatedAt = task.CreatedAt.ToString()
             };
 
             var packet = new WebSocketPacket
             {
                 Type = "task.created",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(data))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(data)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -369,10 +410,6 @@ public class PersistentTaskService(
     {
         try
         {
-            // Only send significant progress updates (every 5% or major milestones)
-            if (Math.Abs(newProgress - previousProgress) < 5 && newProgress < 100 && newProgress > 0)
-                return;
-
             var data = new TaskProgressData
             {
                 TaskId = task.TaskId,
@@ -380,13 +417,13 @@ public class PersistentTaskService(
                 Type = task.Type.ToString(),
                 Progress = newProgress,
                 Status = task.Status.ToString(),
-                LastActivity = task.LastActivity.ToString("%O", null)
+                LastActivity = task.LastActivity.ToString()
             };
 
             var packet = new WebSocketPacket
             {
                 Type = "task.progress",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(data))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(data)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -410,7 +447,7 @@ public class PersistentTaskService(
                 TaskId = task.TaskId,
                 Name = task.Name,
                 Type = task.Type.ToString(),
-                CompletedAt = task.CompletedAt?.ToString("%O", null) ?? task.UpdatedAt.ToString("%O", null),
+                CompletedAt = task.CompletedAt?.ToString() ?? task.UpdatedAt.ToString(),
                 Results = task.Results
             };
 
@@ -418,7 +455,7 @@ public class PersistentTaskService(
             var wsPacket = new WebSocketPacket
             {
                 Type = "task.completed",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(data))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(data)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -426,22 +463,6 @@ public class PersistentTaskService(
                 UserId = task.AccountId.ToString(),
                 Packet = wsPacket
             });
-
-            // Push notification
-            var pushNotification = new PushNotification
-            {
-                Topic = "task",
-                Title = "Task Completed",
-                Subtitle = task.Name,
-                Body = $"Your {task.Type.ToString().ToLower()} task has completed successfully.",
-                IsSavable = true
-            };
-
-            await ringService.SendPushNotificationToUserAsync(new SendPushNotificationToUserRequest
-            {
-                UserId = task.AccountId.ToString(),
-                Notification = pushNotification
-            });
         }
         catch (Exception ex)
         {
@@ -458,7 +479,7 @@ public class PersistentTaskService(
                 TaskId = task.TaskId,
                 Name = task.Name,
                 Type = task.Type.ToString(),
-                FailedAt = task.UpdatedAt.ToString("%O", null),
+                FailedAt = task.UpdatedAt.ToString(),
                 ErrorMessage = task.ErrorMessage ?? "Task failed due to an unknown error"
             };
 
@@ -466,7 +487,7 @@ public class PersistentTaskService(
             var wsPacket = new WebSocketPacket
             {
                 Type = "task.failed",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(data))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(data)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -478,8 +499,8 @@ public class PersistentTaskService(
             // Push notification
             var pushNotification = new PushNotification
             {
-                Topic = "task",
+                Topic = "drive.tasks",
-                Title = "Task Failed",
+                Title = "Drive Task Failed",
                 Subtitle = task.Name,
                 Body = $"Your {task.Type.ToString().ToLower()} task has failed.",
                 IsSavable = true
@@ -594,7 +615,14 @@ public class PersistentTaskService(
         var chunkSize = request.ChunkSize ?? 1024 * 1024 * 5; // 5MB default
         var chunksCount = (int)Math.Ceiling((double)request.FileSize / chunkSize);
 
-        // Use default pool if no pool is specified, or find first available pool
+        // If the second chunk is too small (less than 1MB), merge it with the first chunk
+        if (chunksCount == 2 && (request.FileSize - chunkSize) < 1024 * 1024)
+        {
+            chunksCount = 1;
+            chunkSize = request.FileSize;
+        }
+
+        // Use the default pool if no pool is specified, or find the first available pool
         var poolId = request.PoolId ?? await GetFirstAvailablePoolIdAsync();
 
         var uploadTask = new PersistentUploadTask
@@ -611,6 +639,7 @@ public class PersistentTaskService(
             EncryptPassword = request.EncryptPassword,
             ExpiredAt = request.ExpiredAt,
             Hash = request.Hash,
+            Path = request.Path,
             AccountId = accountId,
             Status = TaskStatus.InProgress,
             UploadedChunks = [],
@@ -657,11 +686,32 @@ public class PersistentTaskService(
         {
             var previousProgress = task.ChunksCount > 0 ? (double)task.ChunksUploaded / task.ChunksCount * 100 : 0;
 
+            // Get current parameters and update them directly
+            var parameters = task.TypedParameters;
+            if (!parameters.UploadedChunks.Contains(chunkIndex))
+            {
+                parameters.UploadedChunks.Add(chunkIndex);
+                parameters.ChunksUploaded = parameters.UploadedChunks.Count;
+
+                var now = SystemClock.Instance.GetCurrentInstant();
+
+                // Use ExecuteUpdateAsync to update the Parameters dictionary directly
+                var updatedRows = await db.Tasks
+                    .OfType<PersistentUploadTask>()
+                    .Where(t => t.TaskId == taskId)
+                    .ExecuteUpdateAsync(setters => setters
+                        .SetProperty(t => t.Parameters, ParameterHelper.Untyped(parameters))
+                        .SetProperty(t => t.LastActivity, now)
+                        .SetProperty(t => t.UpdatedAt, now)
+                    );
+
+                if (updatedRows > 0)
+                {
+                    // Update the cached task
                     task.UploadedChunks.Add(chunkIndex);
                     task.ChunksUploaded = task.UploadedChunks.Count;
-            task.LastActivity = SystemClock.Instance.GetCurrentInstant();
+                    task.LastActivity = now;
-
+                    task.UpdatedAt = now;
-            await db.SaveChangesAsync();
                     await SetCacheAsync(task);
 
                     // Send real-time progress update
@@ -669,6 +719,8 @@ public class PersistentTaskService(
                     await SendUploadProgressUpdateAsync(task, newProgress, previousProgress);
                 }
             }
+        }
+    }
 
     /// <summary>
     /// Checks if a chunk has already been uploaded
@@ -727,17 +779,17 @@ public class PersistentTaskService(
                     ? query.OrderByDescending(t => t.FileSize)
                     : query.OrderBy(t => t.FileSize);
                 break;
-            case "createdat":
+            case "created":
                 orderedQuery = sortDescending
                     ? query.OrderByDescending(t => t.CreatedAt)
                     : query.OrderBy(t => t.CreatedAt);
                 break;
-            case "updatedat":
+            case "updated":
                 orderedQuery = sortDescending
                     ? query.OrderByDescending(t => t.UpdatedAt)
                     : query.OrderBy(t => t.UpdatedAt);
                 break;
-            case "lastactivity":
+            case "activity":
             default:
                 orderedQuery = sortDescending
                     ? query.OrderByDescending(t => t.LastActivity)
@@ -767,13 +819,13 @@ public class PersistentTaskService(
         var stats = new UserUploadStats
         {
             TotalTasks = tasks.Count,
-            InProgressTasks = tasks.Count(t => t.Status == Model.TaskStatus.InProgress),
+            InProgressTasks = tasks.Count(t => t.Status == TaskStatus.InProgress),
-            CompletedTasks = tasks.Count(t => t.Status == Model.TaskStatus.Completed),
+            CompletedTasks = tasks.Count(t => t.Status == TaskStatus.Completed),
-            FailedTasks = tasks.Count(t => t.Status == Model.TaskStatus.Failed),
+            FailedTasks = tasks.Count(t => t.Status == TaskStatus.Failed),
-            ExpiredTasks = tasks.Count(t => t.Status == Model.TaskStatus.Expired),
+            ExpiredTasks = tasks.Count(t => t.Status == TaskStatus.Expired),
-            TotalUploadedBytes = tasks.Sum(t => (long)t.ChunksUploaded * t.ChunkSize),
+            TotalUploadedBytes = tasks.Sum(t => t.ChunksUploaded * t.ChunkSize),
-            AverageProgress = tasks.Any(t => t.Status == Model.TaskStatus.InProgress)
+            AverageProgress = tasks.Any(t => t.Status == TaskStatus.InProgress)
-                ? tasks.Where(t => t.Status == Model.TaskStatus.InProgress)
+                ? tasks.Where(t => t.Status == TaskStatus.InProgress)
                     .Average(t => t.ChunksCount > 0 ? (double)t.ChunksUploaded / t.ChunksCount * 100 : 0)
                 : 0,
             RecentActivity = tasks.OrderByDescending(t => t.LastActivity)
@@ -800,7 +852,7 @@ public class PersistentTaskService(
         var failedTasks = await db.Tasks
             .OfType<PersistentUploadTask>()
             .Where(t => t.AccountId == accountId &&
-                       (t.Status == Model.TaskStatus.Failed || t.Status == Model.TaskStatus.Expired))
+                        (t.Status == TaskStatus.Failed || t.Status == TaskStatus.Expired))
             .ToListAsync();
 
         foreach (var task in failedTasks)
@@ -809,8 +861,7 @@ public class PersistentTaskService(
 
             // Clean up temp files
             var taskPath = Path.Combine(Path.GetTempPath(), "multipart-uploads", task.TaskId);
-            if (Directory.Exists(taskPath))
+            if (!Directory.Exists(taskPath)) continue;
-            {
             try
             {
                 Directory.Delete(taskPath, true);
@@ -820,7 +871,6 @@ public class PersistentTaskService(
                 logger.LogWarning(ex, "Failed to cleanup temp files for task {TaskId}", task.TaskId);
             }
         }
-        }
 
         db.Tasks.RemoveRange(failedTasks);
         await db.SaveChangesAsync();
@@ -854,14 +904,14 @@ public class PersistentTaskService(
                 FileId = fileId,
                 FileName = task.FileName,
                 FileSize = task.FileSize,
-                CompletedAt = SystemClock.Instance.GetCurrentInstant().ToString("%O", null)
+                CompletedAt = SystemClock.Instance.GetCurrentInstant().ToString()
             };
 
             // Send WebSocket notification
             var wsPacket = new WebSocketPacket
             {
                 Type = "upload.completed",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(completionData))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(completionData)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -869,22 +919,6 @@ public class PersistentTaskService(
                 UserId = task.AccountId.ToString(),
                 Packet = wsPacket
             });
-
-            // Send push notification
-            var pushNotification = new PushNotification
-            {
-                Topic = "upload",
-                Title = "Upload Completed",
-                Subtitle = task.FileName,
-                Body = $"Your file '{task.FileName}' has been uploaded successfully.",
-                IsSavable = true
-            };
-
-            await ringService.SendPushNotificationToUserAsync(new SendPushNotificationToUserRequest
-            {
-                UserId = task.AccountId.ToString(),
-                Notification = pushNotification
-            });
         }
         catch (Exception ex)
         {
@@ -904,7 +938,7 @@ public class PersistentTaskService(
                 TaskId = task.TaskId,
                 FileName = task.FileName,
                 FileSize = task.FileSize,
-                FailedAt = SystemClock.Instance.GetCurrentInstant().ToString("%O", null),
+                FailedAt = SystemClock.Instance.GetCurrentInstant().ToString(),
                 ErrorMessage = errorMessage ?? "Upload failed due to an unknown error"
             };
 
@@ -912,7 +946,7 @@ public class PersistentTaskService(
             var wsPacket = new WebSocketPacket
             {
                 Type = "upload.failed",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(failureData))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(failureData)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -924,7 +958,7 @@ public class PersistentTaskService(
             // Send push notification
             var pushNotification = new PushNotification
             {
-                Topic = "upload",
+                Topic = "drive.tasks.upload",
                 Title = "Upload Failed",
                 Subtitle = task.FileName,
                 Body = $"Your file '{task.FileName}' upload has failed. You can try again.",
@@ -946,7 +980,8 @@ public class PersistentTaskService(
     /// <summary>
     /// Sends real-time upload progress update via WebSocket
     /// </summary>
-    private async Task SendUploadProgressUpdateAsync(PersistentUploadTask task, double newProgress, double previousProgress)
+    private async Task SendUploadProgressUpdateAsync(PersistentUploadTask task, double newProgress,
+        double previousProgress)
     {
         try
         {
@@ -963,13 +998,13 @@ public class PersistentTaskService(
                 ChunksTotal = task.ChunksCount,
                 Progress = newProgress,
                 Status = task.Status.ToString(),
-                LastActivity = task.LastActivity.ToString("%O", null)
+                LastActivity = task.LastActivity.ToString()
             };
 
             var packet = new WebSocketPacket
             {
                 Type = "upload.progress",
-                Data = Google.Protobuf.ByteString.CopyFromUtf8(System.Text.Json.JsonSerializer.Serialize(progressData))
+                Data = GrpcTypeHelper.ConvertObjectToByteString(progressData)
             };
 
             await ringService.PushWebSocketPacketAsync(new PushWebSocketPacketRequest
@@ -995,6 +1030,7 @@ public class TaskCreatedData
     public string Name { get; set; } = null!;
     public string Type { get; set; } = null!;
     public string CreatedAt { get; set; } = null!;
+    public Dictionary<string, object?>? Parameters { get; set; }
 }
 
 public class TaskProgressData

DysonNetwork.Drive/Storage/README.md

@@ -1,33 +1,35 @@
-# DysonNetwork Drive - Persistent/Resumable Upload System
+# DysonNetwork Drive - Persistent Task System
 
-A comprehensive, production-ready file upload system with resumable uploads, real-time progress tracking, and dynamic notifications powered by RingService.
+A comprehensive, production-ready generic task system with support for file uploads, background operations, real-time progress tracking, and dynamic notifications powered by RingService.
 
 When using with the Gateway, use the `/drive` to replace `/api`.
 The realtime messages are from the websocket gateway.
 
 ## 🚀 Features
 
-### Core Upload Features
+### Core Task Features
+- **Generic Task System**: Support for various background operations beyond file uploads
 - **Resumable Uploads**: Pause and resume uploads across app restarts
 - **Chunked Uploads**: Efficient large file handling with configurable chunk sizes
-- **Progress Persistence**: Upload state survives server restarts and network interruptions
+- **Progress Persistence**: Task state survives server restarts and network interruptions
 - **Duplicate Detection**: Automatic detection of already uploaded files via hash checking
 - **Quota Management**: Integration with user quota and billing systems
 - **Pool-based Storage**: Support for multiple storage pools with different policies
 
 ### Real-Time Features
-- **Live Progress Updates**: WebSocket-based real-time progress tracking
+- **Live Progress Updates**: WebSocket-based real-time progress tracking for all task types
-- **Completion Notifications**: Instant notifications when uploads complete
+- **Task Lifecycle Notifications**: Instant notifications for task creation, progress, completion, and failure
-- **Failure Alerts**: Immediate notification of upload failures with error details
+- **Failure Alerts**: Immediate notification of task failures with error details
 - **Push Notifications**: Cross-platform push notifications for mobile/desktop
 - **Smart Throttling**: Optimized update frequency to prevent network spam
 
 ### Management Features
-- **Task Listing**: Comprehensive API for listing and filtering upload tasks
+- **Task Listing**: Comprehensive API for listing and filtering all task types
-- **Task Statistics**: Detailed analytics and usage statistics
+- **Task Statistics**: Detailed analytics and usage statistics for all operations
 - **Cleanup Operations**: Automatic and manual cleanup of failed/stale tasks
 - **Ownership Verification**: Secure access control for all operations
-- **Detailed Task Info**: Rich metadata including speed calculations and ETAs
+- **Detailed Task Info**: Rich metadata including progress, parameters, and results
+- **Task Lifecycle Management**: Full control over task states (pause, resume, cancel)
 
 ## 📋 Table of Contents
 
@@ -93,18 +95,29 @@ Creates a new resumable upload task.
 **Request Body:**
 ```json
 {
-  "fileName": "string",           // Required: Name of the file
+  "fileName": "string",
-  "fileSize": "long",             // Required: Size in bytes
+  "fileSize": "long",
-  "contentType": "string",        // Required: MIME type
+  "contentType": "string",
-  "poolId": "uuid",               // Optional: Storage pool ID
+  "poolId": "uuid",
-  "bundleId": "uuid",             // Optional: File bundle ID
+  "bundleId": "uuid",
-  "chunkSize": "long",            // Optional: Chunk size (default: 5MB)
+  "chunkSize": "long",
-  "encryptPassword": "string",    // Optional: Encryption password
+  "encryptPassword": "string",
-  "expiredAt": "datetime",        // Optional: Expiration date
+  "expiredAt": "datetime",
-  "hash": "string"                // Required: File hash for deduplication
+  "hash": "string"
 }
 ```
 
+**Field Descriptions:**
+- `fileName`: Required - Name of the file
+- `fileSize`: Required - Size in bytes
+- `contentType`: Required - MIME type
+- `poolId`: Optional - Storage pool ID
+- `bundleId`: Optional - File bundle ID
+- `chunkSize`: Optional - Chunk size (default: 5MB)
+- `encryptPassword`: Optional - Encryption password
+- `expiredAt`: Optional - Expiration date
+- `hash`: Required - File hash for deduplication
+
 **Response:**
 ```json
 {
@@ -175,7 +188,7 @@ Gets upload statistics for the current user.
   "expiredTasks": 1,
   "totalUploadedBytes": 5368709120,
   "averageProgress": 67.5,
-  "recentActivity": [...]
+  "recentActivity": []
 }
 ```
 
@@ -187,56 +200,73 @@ Gets the most recent upload tasks.
 
 ## 🔌 WebSocket Events
 
-The system sends real-time updates via WebSocket using RingService. Connect to the WebSocket endpoint and listen for upload-related events.
+The system sends real-time updates via WebSocket using RingService. Connect to the WebSocket endpoint and listen for task-related events.
 
 ### Event Types
 
-#### `upload.progress`
+#### `task.created`
-Sent when upload progress changes significantly (every 5% or major milestones).
+Sent when a new task is created.
 
 ```json
 {
-  "type": "upload.progress",
+  "type": "task.created",
   "data": {
-    "taskId": "abc123def456",
+    "taskId": "task123",
-    "fileName": "document.pdf",
+    "name": "Upload File",
-    "fileSize": 10485760,
+    "type": "FileUpload",
-    "chunksUploaded": 5,
+    "createdAt": "2025-11-09T02:00:00Z"
-    "chunksTotal": 10,
+  }
-    "progress": 50.0,
+}
+```
+
+#### `task.progress`
+Sent when task progress changes significantly (every 5% or major milestones).
+
+```json
+{
+  "type": "task.progress",
+  "data": {
+    "taskId": "task123",
+    "name": "Upload File",
+    "type": "FileUpload",
+    "progress": 67.5,
     "status": "InProgress",
-    "lastActivity": "2025-11-09T01:56:00.0000000Z"
+    "lastActivity": "2025-11-09T02:05:00Z"
   }
 }
 ```
 
-#### `upload.completed`
+#### `task.completed`
-Sent when an upload completes successfully.
+Sent when a task completes successfully.
 
 ```json
 {
-  "type": "upload.completed",
+  "type": "task.completed",
   "data": {
-    "taskId": "abc123def456",
+    "taskId": "task123",
-    "fileId": "file789xyz",
+    "name": "Upload File",
+    "type": "FileUpload",
+    "completedAt": "2025-11-09T02:10:00Z",
+    "results": {
+      "fileId": "file456",
       "fileName": "document.pdf",
-    "fileSize": 10485760,
+      "fileSize": 10485760
-    "completedAt": "2025-11-09T01:57:00.0000000Z"
+    }
   }
 }
 ```
 
-#### `upload.failed`
+#### `task.failed`
-Sent when an upload fails.
+Sent when a task fails.
 
 ```json
 {
-  "type": "upload.failed",
+  "type": "task.failed",
   "data": {
-    "taskId": "abc123def456",
+    "taskId": "task123",
-    "fileName": "document.pdf",
+    "name": "Upload File",
-    "fileSize": 10485760,
+    "type": "FileUpload",
-    "failedAt": "2025-11-09T01:58:00.0000000Z",
+    "failedAt": "2025-11-09T02:15:00Z",
     "errorMessage": "File processing failed: invalid format"
   }
 }
@@ -256,18 +286,18 @@ ws.onopen = () => {
     }));
 };
 
-// Handle upload events
+// Handle task events
 ws.onmessage = (event) => {
     const packet = JSON.parse(event.data);
 
     switch (packet.type) {
-        case 'upload.progress':
+        case 'task.progress':
             updateProgressBar(packet.data);
             break;
-        case 'upload.completed':
+        case 'task.completed':
             showSuccessNotification(packet.data);
             break;
-        case 'upload.failed':
+        case 'task.failed':
             showErrorNotification(packet.data);
             break;
     }
@@ -282,6 +312,10 @@ function updateProgressBar(data) {
 }
 ```
 
+### Note on Upload-Specific Notifications
+
+The system also includes upload-specific notifications (`upload.progress`, `upload.completed`, `upload.failed`) for backward compatibility. However, for new implementations, it's recommended to use the generic task notifications as they provide the same functionality with less object allocation overhead. Since users are typically in the foreground during upload operations, the generic task notifications provide sufficient progress visibility.
+
 ## 🗄️ Database Schema
 
 ### `upload_tasks` Table
@@ -348,7 +382,7 @@ UPLOAD_CACHE_DURATION_MINUTES=30
 
 ```csharp
 // In Program.cs or Startup.cs
-builder.Services.AddScoped<PersistentUploadService>();
+builder.Services.AddScoped<PersistentTaskService>();
 builder.Services.AddSingleton<RingService.RingServiceClient>(sp => {
     // Configure gRPC client for RingService
     var channel = GrpcChannel.ForAddress("https://ring-service:50051");
@@ -754,7 +788,7 @@ public class PersistentTaskService(
 
 ### Real-Time Task Notifications
 
-All task operations send WebSocket notifications via RingService:
+All task operations send WebSocket notifications via RingService using the shared `GrpcTypeHelper` for consistent JSON serialization:
 
 #### Task Created
 ```json
@@ -867,6 +901,36 @@ Tasks support multiple statuses:
 - **Cancelled**: Manually cancelled
 - **Expired**: Timed out or expired
 
+### Available Service Methods
+
+Based on the `PersistentTaskService` implementation, the following methods are available:
+
+#### Core Task Operations
+- `CreateTaskAsync<T>(T task)`: Creates any type of persistent task
+- `GetTaskAsync<T>(string taskId)`: Retrieves a task by ID with caching
+- `UpdateTaskProgressAsync(string taskId, double progress, string? statusMessage)`: Updates task progress with automatic notifications
+- `MarkTaskCompletedAsync(string taskId, Dictionary<string, object?>? results)`: Marks task as completed with optional results
+- `MarkTaskFailedAsync(string taskId, string? errorMessage)`: Marks task as failed with error message
+- `PauseTaskAsync(string taskId)`: Pauses an in-progress task
+- `ResumeTaskAsync(string taskId)`: Resumes a paused task
+- `CancelTaskAsync(string taskId)`: Cancels a task
+
+#### Task Querying & Statistics
+- `GetUserTasksAsync()`: Gets tasks for a user with filtering and pagination
+- `GetUserTaskStatsAsync(Guid accountId)`: Gets comprehensive task statistics
+- `CleanupOldTasksAsync(Guid accountId, Duration maxAge)`: Cleans up old completed/failed tasks
+
+#### Upload-Specific Operations
+- `CreateUploadTaskAsync()`: Creates a new persistent upload task
+- `GetUploadTaskAsync(string taskId)`: Gets an existing upload task
+- `UpdateChunkProgressAsync(string taskId, int chunkIndex)`: Updates chunk upload progress
+- `IsChunkUploadedAsync(string taskId, int chunkIndex)`: Checks if a chunk has been uploaded
+- `GetUploadProgressAsync(string taskId)`: Gets upload progress as percentage
+- `GetUserUploadTasksAsync()`: Gets user upload tasks with filtering
+- `GetUserUploadStatsAsync(Guid accountId)`: Gets upload statistics for a user
+- `CleanupUserFailedTasksAsync(Guid accountId)`: Cleans up failed upload tasks
+- `GetRecentUserTasksAsync(Guid accountId, int limit)`: Gets recent upload tasks
+
 ### Priority System
 
 Tasks can be assigned priorities (0-100, higher = more important) to control execution order in background processing.

DysonNetwork.Drive/VersionController.cs

@@ -1,20 +0,0 @@
-using DysonNetwork.Shared.Data;
-using Microsoft.AspNetCore.Mvc;
-
-namespace DysonNetwork.Drive;
-
-[ApiController]
-[Route("/api/version")]
-public class VersionController : ControllerBase
-{
-    [HttpGet]
-    public IActionResult Get()
-    {
-        return Ok(new AppVersion
-        {
-            Version = ThisAssembly.AssemblyVersion,
-            Commit = ThisAssembly.GitCommitId,
-            UpdateDate = ThisAssembly.GitCommitDate
-        });
-    }
-}

DysonNetwork.Drive/appsettings.json

@@ -10,7 +10,10 @@
     },
     "AllowedHosts": "*",
     "ConnectionStrings": {
-    "App": "Host=localhost;Port=5432;Database=dyson_drive;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60"
+        "App": "Host=localhost;Port=5432;Database=dyson_drive;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60",
+        "Registrar": "127.0.0.1:2379",
+        "Cache": "127.0.0.1:6379",
+        "Queue": "127.0.0.1:4222"
     },
     "Authentication": {
         "Schemes": {
@@ -27,9 +30,6 @@
         "PublicKeyPath": "Keys/PublicKey.pem",
         "PrivateKeyPath": "Keys/PrivateKey.pem"
     },
-  "Tus": {
-    "StorePath": "Uploads"
-  },
     "Storage": {
         "Uploads": "Uploads",
         "PreferredRemote": "c53136a6-9152-4ecb-9f88-43c41438c23e",
@@ -114,6 +114,9 @@
             }
         }
     },
+    "Cache": {
+        "Serializer": "MessagePack"
+    },
     "KnownProxies": [
         "127.0.0.1",
         "::1"

DysonNetwork.Drive/version.json

@@ -1,7 +0,0 @@
-{
-  "version": "1.0",
-  "publicReleaseRefSpec": ["^refs/heads/main$"],
-  "cloudBuild": {
-    "setVersionVariables": true
-  }
-}

DysonNetwork.Gateway/Configuration/ConfigurationController.cs

@@ -1,12 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-
-[ApiController]
-[Route("config")]
-public class ConfigurationController(IConfiguration configuration) : ControllerBase
-{
-    [HttpGet]
-    public IActionResult Get() => Ok(configuration.GetSection("Client").Get<Dictionary<string, object>>());
-
-    [HttpGet("site")]
-    public IActionResult GetSiteUrl() => Ok(configuration["SiteUrl"]);
-}

DysonNetwork.Gateway/Dockerfile

@@ -1,23 +0,0 @@
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
-USER $APP_UID
-WORKDIR /app
-EXPOSE 8080
-EXPOSE 8081
-
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
-ARG BUILD_CONFIGURATION=Release
-WORKDIR /src
-COPY ["DysonNetwork.Gateway/DysonNetwork.Gateway.csproj", "DysonNetwork.Gateway/"]
-RUN dotnet restore "DysonNetwork.Gateway/DysonNetwork.Gateway.csproj"
-COPY . .
-WORKDIR "/src/DysonNetwork.Gateway"
-RUN dotnet build "./DysonNetwork.Gateway.csproj" -c $BUILD_CONFIGURATION -o /app/build
-
-FROM build AS publish
-ARG BUILD_CONFIGURATION=Release
-RUN dotnet publish "./DysonNetwork.Gateway.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
-
-FROM base AS final
-WORKDIR /app
-COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "DysonNetwork.Gateway.dll"]

DysonNetwork.Gateway/DysonNetwork.Gateway.csproj

@@ -1,18 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-
-  <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
-    <Nullable>enable</Nullable>
-    <ImplicitUsings>enable</ImplicitUsings>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.ServiceDiscovery.Yarp" Version="9.5.2" />
-    <PackageReference Include="Yarp.ReverseProxy" Version="2.3.0" />
-  </ItemGroup>
-
-  <ItemGroup>
-      <ProjectReference Include="..\DysonNetwork.Shared\DysonNetwork.Shared.csproj" />
-  </ItemGroup>
-
-</Project>

DysonNetwork.Gateway/Program.cs

@@ -1,168 +0,0 @@
-using System.Threading.RateLimiting;
-using DysonNetwork.Shared.Http;
-using Yarp.ReverseProxy.Configuration;
-using Microsoft.AspNetCore.HttpOverrides;
-
-var builder = WebApplication.CreateBuilder(args);
-
-builder.AddServiceDefaults();
-
-builder.ConfigureAppKestrel(builder.Configuration, maxRequestBodySize: long.MaxValue, enableGrpc: false);
-
-builder.Services.AddCors(options =>
-{
-    options.AddDefaultPolicy(
-        policy =>
-        {
-            policy.SetIsOriginAllowed(origin => true)
-                .AllowAnyMethod()
-                .AllowAnyHeader()
-                .AllowCredentials()
-                .WithExposedHeaders("X-Total");
-        });
-});
-
-builder.Services.AddRateLimiter(options =>
-{
-    options.AddPolicy("fixed", context =>
-    {
-        var ip = context.Connection.RemoteIpAddress?.ToString() ?? "unknown";
-
-        return RateLimitPartition.GetFixedWindowLimiter(
-            partitionKey: ip,
-            factory: _ => new FixedWindowRateLimiterOptions
-            {
-                PermitLimit = 120, // 120 requests...
-                Window = TimeSpan.FromMinutes(1), // ...per minute per IP
-                QueueProcessingOrder = QueueProcessingOrder.OldestFirst,
-                QueueLimit = 10 // allow short bursts instead of instant 503s
-            });
-    });
-
-    options.OnRejected = async (context, token) =>
-        {
-            // Log the rejected IP
-            var logger = context.HttpContext.RequestServices
-                .GetRequiredService<ILoggerFactory>()
-                .CreateLogger("RateLimiter");
-
-            var ip = context.HttpContext.Connection.RemoteIpAddress?.ToString() ?? "unknown";
-            logger.LogWarning("Rate limit exceeded for IP: {IP}", ip);
-
-            // Respond to the client
-            context.HttpContext.Response.StatusCode = StatusCodes.Status429TooManyRequests;
-            await context.HttpContext.Response.WriteAsync(
-                "Rate limit exceeded. Try again later.", token);
-        };
-});
-
-var serviceNames = new[] { "ring", "pass", "drive", "sphere", "develop", "insight" };
-
-var specialRoutes = new[]
-{
-    new RouteConfig
-    {
-        RouteId = "ring-ws",
-        ClusterId = "ring",
-        Match = new RouteMatch { Path = "/ws" }
-    },
-    new RouteConfig
-    {
-        RouteId = "pass-openid",
-        ClusterId = "pass",
-        Match = new RouteMatch { Path = "/.well-known/openid-configuration" }
-    },
-    new RouteConfig
-    {
-        RouteId = "pass-jwks",
-        ClusterId = "pass",
-        Match = new RouteMatch { Path = "/.well-known/jwks" }
-    },
-    new RouteConfig
-    {
-        RouteId = "drive-tus",
-        ClusterId = "drive",
-        Match = new RouteMatch { Path = "/api/tus" }
-    }
-};
-
-var apiRoutes = serviceNames.Select(serviceName =>
-{
-    var apiPath = serviceName switch
-    {
-        _ => $"/{serviceName}"
-    };
-    return new RouteConfig
-    {
-        RouteId = $"{serviceName}-api",
-        ClusterId = serviceName,
-        Match = new RouteMatch { Path = $"{apiPath}/{{**catch-all}}" },
-        Transforms =
-        [
-            new Dictionary<string, string> { { "PathRemovePrefix", apiPath } },
-            new Dictionary<string, string> { { "PathPrefix", "/api" } }
-        ]
-    };
-});
-
-var swaggerRoutes = serviceNames.Select(serviceName => new RouteConfig
-{
-    RouteId = $"{serviceName}-swagger",
-    ClusterId = serviceName,
-    Match = new RouteMatch { Path = $"/swagger/{serviceName}/{{**catch-all}}" },
-    Transforms =
-    [
-        new Dictionary<string, string> { { "PathRemovePrefix", $"/swagger/{serviceName}" } },
-        new Dictionary<string, string> { { "PathPrefix", "/swagger" } }
-    ]
-});
-
-var routes = specialRoutes.Concat(apiRoutes).Concat(swaggerRoutes).ToArray();
-
-var clusters = serviceNames.Select(serviceName => new ClusterConfig
-{
-    ClusterId = serviceName,
-    HealthCheck = new HealthCheckConfig
-    {
-        Active = new ActiveHealthCheckConfig
-        {
-            Enabled = true,
-            Interval = TimeSpan.FromSeconds(10),
-            Timeout = TimeSpan.FromSeconds(5),
-            Path = "/health"
-        },
-        Passive = new()
-        {
-            Enabled = true
-        }
-    },
-    Destinations = new Dictionary<string, DestinationConfig>
-    {
-        { "destination1", new DestinationConfig { Address = $"http://{serviceName}" } }
-    }
-}).ToArray();
-
-builder.Services
-    .AddReverseProxy()
-    .LoadFromMemory(routes, clusters)
-    .AddServiceDiscoveryDestinationResolver();
-
-builder.Services.AddControllers();
-
-var app = builder.Build();
-
-var forwardedHeadersOptions = new ForwardedHeadersOptions
-{
-    ForwardedHeaders = ForwardedHeaders.All
-};
-forwardedHeadersOptions.KnownNetworks.Clear();
-forwardedHeadersOptions.KnownProxies.Clear();
-app.UseForwardedHeaders(forwardedHeadersOptions);
-
-app.UseCors();
-
-app.MapReverseProxy().RequireRateLimiting("fixed");
-
-app.MapControllers();
-
-app.Run();

DysonNetwork.Gateway/appsettings.json

@@ -1,13 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Warning"
-    }
-  },
-  "AllowedHosts": "*",
-  "SiteUrl": "http://localhost:3000",
-  "Client": {
-    "SomeSetting": "SomeValue"
-  }
-}

DysonNetwork.Insight/AppDatabase.cs

@@ -1,3 +1,4 @@
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Design;
@@ -12,6 +13,7 @@ public class AppDatabase(
 {
     public DbSet<SnThinkingSequence> ThinkingSequences { get; set; }
     public DbSet<SnThinkingThought> ThinkingThoughts { get; set; }
+    public DbSet<SnUnpaidAccount> UnpaidAccounts { get; set; }
     
     protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
     {
@@ -28,36 +30,15 @@ public class AppDatabase(
     
     public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
     {
-        var now = SystemClock.Instance.GetCurrentInstant();
+        this.ApplyAuditableAndSoftDelete();
-
-        foreach (var entry in ChangeTracker.Entries<ModelBase>())
-        {
-            switch (entry.State)
-            {
-                case EntityState.Added:
-                    entry.Entity.CreatedAt = now;
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Modified:
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Deleted:
-                    entry.State = EntityState.Modified;
-                    entry.Entity.DeletedAt = now;
-                    break;
-                case EntityState.Detached:
-                case EntityState.Unchanged:
-                default:
-                    break;
-            }
-        }
-
         return await base.SaveChangesAsync(cancellationToken);
     }
 
     protected override void OnModelCreating(ModelBuilder modelBuilder)
     {
         base.OnModelCreating(modelBuilder);
+        
+        modelBuilder.ApplySoftDeleteFilters();
     }
 }
 

DysonNetwork.Insight/Controllers/BillingController.cs

@@ -1,21 +1,42 @@
 using DysonNetwork.Insight.Thought;
-using DysonNetwork.Shared.Auth;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
+using Microsoft.EntityFrameworkCore;
+using DysonNetwork.Shared.Proto;
 
 namespace DysonNetwork.Insight.Controllers;
 
 [ApiController]
-[Route("/api/billing")]
+[Route("api/billing")]
-public class BillingController(ThoughtService thoughtService, ILogger<BillingController> logger) : ControllerBase
+public class BillingController(AppDatabase db, ThoughtService thoughtService, ILogger<BillingController> logger)
+    : ControllerBase
 {
-    [HttpPost("settle")]
+    [HttpGet("status")]
-    [Authorize]
+    public async Task<IActionResult> GetBillingStatus()
-    [RequiredPermission("maintenance", "insight.billing.settle")]
-    public async Task<IActionResult> ProcessTokenBilling()
     {
-        await thoughtService.SettleThoughtBills(logger);
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
-        return Ok();
+            return Unauthorized();
+        var accountId = Guid.Parse(currentUser.Id);
+
+        var isMarked = await db.UnpaidAccounts.AnyAsync(u => u.AccountId == accountId);
+        return Ok(isMarked ? new { status = "unpaid" } : new { status = "ok" });
+    }
+
+    [HttpPost("retry")]
+    public async Task<IActionResult> RetryBilling()
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser)
+            return Unauthorized();
+        var accountId = Guid.Parse(currentUser.Id);
+
+        var (success, cost) = await thoughtService.RetryBillingForAccountAsync(accountId, logger);
+
+        if (success)
+        {
+            return Ok(cost > 0
+                ? new { message = $"Billing retry successful. Billed {cost} points." }
+                : new { message = "No outstanding payment found." });
+        }
+
+        return BadRequest(new { message = "Billing retry failed. Please check your balance and try again." });
     }
 }

DysonNetwork.Insight/Dockerfile

@@ -1,12 +1,12 @@
 #See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
 
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base
 USER app
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
 COPY ["DysonNetwork.Insight/DysonNetwork.Insight.csproj", "DysonNetwork.Insight/"]

DysonNetwork.Insight/DysonNetwork.Insight.csproj

@@ -1,22 +1,19 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="EFCore.NamingConventions" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11">
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.10">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.SemanticKernel" Version="1.66.0" />
+    <PackageReference Include="Microsoft.SemanticKernel" Version="1.67.1" />
     <PackageReference Include="Microsoft.SemanticKernel.Connectors.Ollama" Version="1.66.0-alpha" />
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4" />
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.NodaTime" Version="9.0.4" />
     <PackageReference Include="Microsoft.SemanticKernel.Plugins.Web" Version="1.66.0-alpha" />
     <PackageReference Include="Quartz" Version="3.15.1" />
     <PackageReference Include="Quartz.AspNetCore" Version="3.15.1" />

DysonNetwork.Insight/Migrations/20251026045505_AddThinkingChunk.Designer.cs

@@ -69,11 +69,6 @@ namespace DysonNetwork.Insight.Migrations
                         .HasColumnType("uuid")
                         .HasColumnName("id");
 
-                    b.Property<List<SnThinkingChunk>>("Chunks")
-                        .IsRequired()
-                        .HasColumnType("jsonb")
-                        .HasColumnName("chunks");
-
                     b.Property<string>("Content")
                         .HasColumnType("text")
                         .HasColumnName("content");

DysonNetwork.Insight/Migrations/20251026045505_AddThinkingChunk.cs

@@ -12,21 +12,13 @@ namespace DysonNetwork.Insight.Migrations
         /// <inheritdoc />
         protected override void Up(MigrationBuilder migrationBuilder)
         {
-            migrationBuilder.AddColumn<List<SnThinkingChunk>>(
+            // The chunk type has been removed, so this did nothing
-                name: "chunks",
-                table: "thinking_thoughts",
-                type: "jsonb",
-                nullable: false,
-                defaultValue: new List<SnThinkingChunk>()
-                );
         }
 
         /// <inheritdoc />
         protected override void Down(MigrationBuilder migrationBuilder)
         {
-            migrationBuilder.DropColumn(
+            // The chunk type has been removed, so this did nothing
-                name: "chunks",
-                table: "thinking_thoughts");
         }
     }
 }

DysonNetwork.Insight/Migrations/20251026134218_AddBilling.Designer.cs

@@ -77,11 +77,6 @@ namespace DysonNetwork.Insight.Migrations
                         .HasColumnType("uuid")
                         .HasColumnName("id");
 
-                    b.Property<List<SnThinkingChunk>>("Chunks")
-                        .IsRequired()
-                        .HasColumnType("jsonb")
-                        .HasColumnName("chunks");
-
                     b.Property<string>("Content")
                         .HasColumnType("text")
                         .HasColumnName("content");

DysonNetwork.Insight/Migrations/20251115084746_RefactorThoughtMessage.Designer.cs

@@ -0,0 +1,142 @@
+// <auto-generated />
+using System;
+using System.Collections.Generic;
+using DysonNetwork.Insight;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    [DbContext(typeof(AppDatabase))]
+    [Migration("20251115084746_RefactorThoughtMessage")]
+    partial class RefactorThoughtMessage
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingSequence", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<long>("PaidToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("paid_token");
+
+                    b.Property<string>("Topic")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("topic");
+
+                    b.Property<long>("TotalToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("total_token");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_sequences");
+
+                    b.ToTable("thinking_sequences", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<List<SnCloudFileReferenceObject>>("Files")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("files");
+
+                    b.Property<string>("ModelName")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("model_name");
+
+                    b.Property<List<SnThinkingMessagePart>>("Parts")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parts");
+
+                    b.Property<int>("Role")
+                        .HasColumnType("integer")
+                        .HasColumnName("role");
+
+                    b.Property<Guid>("SequenceId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("sequence_id");
+
+                    b.Property<long>("TokenCount")
+                        .HasColumnType("bigint")
+                        .HasColumnName("token_count");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_thoughts");
+
+                    b.HasIndex("SequenceId")
+                        .HasDatabaseName("ix_thinking_thoughts_sequence_id");
+
+                    b.ToTable("thinking_thoughts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnThinkingSequence", "Sequence")
+                        .WithMany()
+                        .HasForeignKey("SequenceId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_thinking_thoughts_thinking_sequences_sequence_id");
+
+                    b.Navigation("Sequence");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251115084746_RefactorThoughtMessage.cs

@@ -0,0 +1,30 @@
+using System.Collections.Generic;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    /// <inheritdoc />
+    public partial class RefactorThoughtMessage : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<List<SnThinkingMessagePart>>(
+                name: "parts",
+                table: "thinking_thoughts",
+                type: "jsonb",
+                nullable: false);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "parts",
+                table: "thinking_thoughts");
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251115162347_UpdatedFunctionCallModels.Designer.cs

@@ -0,0 +1,142 @@
+// <auto-generated />
+using System;
+using System.Collections.Generic;
+using DysonNetwork.Insight;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    [DbContext(typeof(AppDatabase))]
+    [Migration("20251115162347_UpdatedFunctionCallModels")]
+    partial class UpdatedFunctionCallModels
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingSequence", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<long>("PaidToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("paid_token");
+
+                    b.Property<string>("Topic")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("topic");
+
+                    b.Property<long>("TotalToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("total_token");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_sequences");
+
+                    b.ToTable("thinking_sequences", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<List<SnCloudFileReferenceObject>>("Files")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("files");
+
+                    b.Property<string>("ModelName")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("model_name");
+
+                    b.Property<List<SnThinkingMessagePart>>("Parts")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parts");
+
+                    b.Property<int>("Role")
+                        .HasColumnType("integer")
+                        .HasColumnName("role");
+
+                    b.Property<Guid>("SequenceId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("sequence_id");
+
+                    b.Property<long>("TokenCount")
+                        .HasColumnType("bigint")
+                        .HasColumnName("token_count");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_thoughts");
+
+                    b.HasIndex("SequenceId")
+                        .HasDatabaseName("ix_thinking_thoughts_sequence_id");
+
+                    b.ToTable("thinking_thoughts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnThinkingSequence", "Sequence")
+                        .WithMany()
+                        .HasForeignKey("SequenceId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_thinking_thoughts_thinking_sequences_sequence_id");
+
+                    b.Navigation("Sequence");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251115162347_UpdatedFunctionCallModels.cs

@@ -0,0 +1,22 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    /// <inheritdoc />
+    public partial class UpdatedFunctionCallModels : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251115165833_AddUnpaidAccounts.Designer.cs

@@ -0,0 +1,159 @@
+// <auto-generated />
+using System;
+using System.Collections.Generic;
+using DysonNetwork.Insight;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    [DbContext(typeof(AppDatabase))]
+    [Migration("20251115165833_AddUnpaidAccounts")]
+    partial class AddUnpaidAccounts
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingSequence", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<long>("PaidToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("paid_token");
+
+                    b.Property<string>("Topic")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("topic");
+
+                    b.Property<long>("TotalToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("total_token");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_sequences");
+
+                    b.ToTable("thinking_sequences", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<List<SnCloudFileReferenceObject>>("Files")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("files");
+
+                    b.Property<string>("ModelName")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("model_name");
+
+                    b.Property<List<SnThinkingMessagePart>>("Parts")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parts");
+
+                    b.Property<int>("Role")
+                        .HasColumnType("integer")
+                        .HasColumnName("role");
+
+                    b.Property<Guid>("SequenceId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("sequence_id");
+
+                    b.Property<long>("TokenCount")
+                        .HasColumnType("bigint")
+                        .HasColumnName("token_count");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_thoughts");
+
+                    b.HasIndex("SequenceId")
+                        .HasDatabaseName("ix_thinking_thoughts_sequence_id");
+
+                    b.ToTable("thinking_thoughts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnUnpaidAccount", b =>
+                {
+                    b.Property<Guid>("AccountId")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<DateTime>("MarkedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("marked_at");
+
+                    b.HasKey("AccountId")
+                        .HasName("pk_unpaid_accounts");
+
+                    b.ToTable("unpaid_accounts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnThinkingSequence", "Sequence")
+                        .WithMany()
+                        .HasForeignKey("SequenceId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_thinking_thoughts_thinking_sequences_sequence_id");
+
+                    b.Navigation("Sequence");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251115165833_AddUnpaidAccounts.cs

@@ -0,0 +1,34 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddUnpaidAccounts : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "unpaid_accounts",
+                columns: table => new
+                {
+                    account_id = table.Column<Guid>(type: "uuid", nullable: false),
+                    marked_at = table.Column<DateTime>(type: "timestamp with time zone", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("pk_unpaid_accounts", x => x.account_id);
+                });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "unpaid_accounts");
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251116123552_SharableThought.Designer.cs

@@ -0,0 +1,163 @@
+// <auto-generated />
+using System;
+using System.Collections.Generic;
+using DysonNetwork.Insight;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NodaTime;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    [DbContext(typeof(AppDatabase))]
+    [Migration("20251116123552_SharableThought")]
+    partial class SharableThought
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingSequence", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Guid>("AccountId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<bool>("IsPublic")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_public");
+
+                    b.Property<long>("PaidToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("paid_token");
+
+                    b.Property<string>("Topic")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("topic");
+
+                    b.Property<long>("TotalToken")
+                        .HasColumnType("bigint")
+                        .HasColumnName("total_token");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_sequences");
+
+                    b.ToTable("thinking_sequences", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("id");
+
+                    b.Property<Instant>("CreatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_at");
+
+                    b.Property<Instant?>("DeletedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("deleted_at");
+
+                    b.Property<List<SnCloudFileReferenceObject>>("Files")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("files");
+
+                    b.Property<string>("ModelName")
+                        .HasMaxLength(4096)
+                        .HasColumnType("character varying(4096)")
+                        .HasColumnName("model_name");
+
+                    b.Property<List<SnThinkingMessagePart>>("Parts")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parts");
+
+                    b.Property<int>("Role")
+                        .HasColumnType("integer")
+                        .HasColumnName("role");
+
+                    b.Property<Guid>("SequenceId")
+                        .HasColumnType("uuid")
+                        .HasColumnName("sequence_id");
+
+                    b.Property<long>("TokenCount")
+                        .HasColumnType("bigint")
+                        .HasColumnName("token_count");
+
+                    b.Property<Instant>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_at");
+
+                    b.HasKey("Id")
+                        .HasName("pk_thinking_thoughts");
+
+                    b.HasIndex("SequenceId")
+                        .HasDatabaseName("ix_thinking_thoughts_sequence_id");
+
+                    b.ToTable("thinking_thoughts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnUnpaidAccount", b =>
+                {
+                    b.Property<Guid>("AccountId")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<DateTime>("MarkedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("marked_at");
+
+                    b.HasKey("AccountId")
+                        .HasName("pk_unpaid_accounts");
+
+                    b.ToTable("unpaid_accounts", (string)null);
+                });
+
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
+                {
+                    b.HasOne("DysonNetwork.Shared.Models.SnThinkingSequence", "Sequence")
+                        .WithMany()
+                        .HasForeignKey("SequenceId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired()
+                        .HasConstraintName("fk_thinking_thoughts_thinking_sequences_sequence_id");
+
+                    b.Navigation("Sequence");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

DysonNetwork.Insight/Migrations/20251116123552_SharableThought.cs

@@ -0,0 +1,29 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace DysonNetwork.Insight.Migrations
+{
+    /// <inheritdoc />
+    public partial class SharableThought : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<bool>(
+                name: "is_public",
+                table: "thinking_sequences",
+                type: "boolean",
+                nullable: false,
+                defaultValue: false);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "is_public",
+                table: "thinking_sequences");
+        }
+    }
+}

DysonNetwork.Insight/Migrations/AppDatabaseModelSnapshot.cs

@@ -20,7 +20,7 @@ namespace DysonNetwork.Insight.Migrations
         {
 #pragma warning disable 612, 618
             modelBuilder
-                .HasAnnotation("ProductVersion", "9.0.10")
+                .HasAnnotation("ProductVersion", "9.0.11")
                 .HasAnnotation("Relational:MaxIdentifierLength", 63);
 
             NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
@@ -44,6 +44,10 @@ namespace DysonNetwork.Insight.Migrations
                         .HasColumnType("timestamp with time zone")
                         .HasColumnName("deleted_at");
 
+                    b.Property<bool>("IsPublic")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_public");
+
                     b.Property<long>("PaidToken")
                         .HasColumnType("bigint")
                         .HasColumnName("paid_token");
@@ -74,15 +78,6 @@ namespace DysonNetwork.Insight.Migrations
                         .HasColumnType("uuid")
                         .HasColumnName("id");
 
-                    b.Property<List<SnThinkingChunk>>("Chunks")
-                        .IsRequired()
-                        .HasColumnType("jsonb")
-                        .HasColumnName("chunks");
-
-                    b.Property<string>("Content")
-                        .HasColumnType("text")
-                        .HasColumnName("content");
-
                     b.Property<Instant>("CreatedAt")
                         .HasColumnType("timestamp with time zone")
                         .HasColumnName("created_at");
@@ -101,6 +96,11 @@ namespace DysonNetwork.Insight.Migrations
                         .HasColumnType("character varying(4096)")
                         .HasColumnName("model_name");
 
+                    b.Property<List<SnThinkingMessagePart>>("Parts")
+                        .IsRequired()
+                        .HasColumnType("jsonb")
+                        .HasColumnName("parts");
+
                     b.Property<int>("Role")
                         .HasColumnType("integer")
                         .HasColumnName("role");
@@ -126,6 +126,23 @@ namespace DysonNetwork.Insight.Migrations
                     b.ToTable("thinking_thoughts", (string)null);
                 });
 
+            modelBuilder.Entity("DysonNetwork.Shared.Models.SnUnpaidAccount", b =>
+                {
+                    b.Property<Guid>("AccountId")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid")
+                        .HasColumnName("account_id");
+
+                    b.Property<DateTime>("MarkedAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("marked_at");
+
+                    b.HasKey("AccountId")
+                        .HasName("pk_unpaid_accounts");
+
+                    b.ToTable("unpaid_accounts", (string)null);
+                });
+
             modelBuilder.Entity("DysonNetwork.Shared.Models.SnThinkingThought", b =>
                 {
                     b.HasOne("DysonNetwork.Shared.Models.SnThinkingSequence", "Sequence")

DysonNetwork.Insight/Program.cs

@@ -7,7 +7,9 @@ using Microsoft.EntityFrameworkCore;
 
 var builder = WebApplication.CreateBuilder(args);
 
-builder.AddServiceDefaults();
+builder.Services.Configure<ServiceRegistrationOptions>(opts => { opts.Name = "insight"; });
+
+builder.AddServiceDefaults("insight");
 
 builder.ConfigureAppKestrel(builder.Configuration);
 
@@ -19,8 +21,6 @@ builder.Services.AddAppBusinessServices();
 builder.Services.AddAppScheduledJobs();
 
 builder.Services.AddDysonAuth();
-builder.Services.AddAccountService();
-builder.Services.AddSphereService();
 builder.Services.AddThinkingServices(builder.Configuration);
 
 builder.AddSwaggerManifest(

DysonNetwork.Insight/Startup/ScheduledJobsConfiguration.cs

@@ -1,3 +1,4 @@
+using DysonNetwork.Insight.Thought;
 using Quartz;
 
 namespace DysonNetwork.Insight.Startup;

DysonNetwork.Insight/Startup/ServiceCollectionExtensions.cs

@@ -2,6 +2,7 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using DysonNetwork.Insight.Thought;
 using DysonNetwork.Shared.Cache;
+using DysonNetwork.Shared.Registry;
 using Microsoft.SemanticKernel;
 using NodaTime;
 using NodaTime.Serialization.SystemTextJson;
@@ -13,9 +14,7 @@ public static class ServiceCollectionExtensions
     public static IServiceCollection AddAppServices(this IServiceCollection services)
     {
         services.AddDbContext<AppDatabase>();
-        services.AddSingleton<IClock>(SystemClock.Instance);
         services.AddHttpContextAccessor();
-        services.AddSingleton<ICacheService, CacheServiceRedis>();
 
         services.AddHttpClient();
 
@@ -66,14 +65,6 @@ public static class ServiceCollectionExtensions
         services.AddSingleton<ThoughtProvider>();
         services.AddScoped<ThoughtService>();
 
-        // Add gRPC clients for ThoughtService
-        services.AddGrpcClient<Shared.Proto.PaymentService.PaymentServiceClient>(o => o.Address = new Uri("https://_grpc.pass"))
-            .ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler()
-                { ServerCertificateCustomValidationCallback = (_, _, _, _) => true });
-        services.AddGrpcClient<Shared.Proto.WalletService.WalletServiceClient>(o => o.Address = new Uri("https://_grpc.pass"))
-            .ConfigurePrimaryHttpMessageHandler(_ => new HttpClientHandler()
-                { ServerCertificateCustomValidationCallback = (_, _, _, _) => true });
-
         return services;
     }
 }

DysonNetwork.Insight/Thought/CLIENT_UPDATE_GUIDE.md

@@ -0,0 +1,155 @@
+# Client-Side Guide: Handling the New Message Structure
+
+This document outlines how to update your client application to support the new rich message structure for the thinking/chat feature. The backend now sends structured messages that can include plain text, function calls, and function results, allowing for a more interactive and transparent user experience.
+
+When using with gateway, all the response type are in snake case
+
+## 1. Data Models
+
+When you receive a complete message (a "thought"), it will be in the form of an `SnThinkingThought` object. The core of this object is the `Parts` array, which contains the different components of the message.
+
+Here are the primary data models you will be working with, represented here in a TypeScript-like format for clarity:
+
+```typescript
+// The main message object from the assistant or user
+interface SnThinkingThought {
+  id: string;
+  parts: SnThinkingMessagePart[];
+  role: 'Assistant' /*Value is (0)*/ | 'User' /*Value is (1)*/;
+  createdAt: string; // ISO 8601 date string
+  // ... other metadata
+}
+
+// A single part of a message
+interface SnThinkingMessagePart {
+  type: ThinkingMessagePartType;
+  text?: string;
+  functionCall?: SnFunctionCall;
+  functionResult?: SnFunctionResult;
+}
+
+// Enum for the different part types
+enum ThinkingMessagePartType {
+  Text = 0,
+  FunctionCall = 1,
+  FunctionResult = 2,
+}
+
+// Represents a function/tool call made by the assistant
+interface SnFunctionCall {
+  id: string;
+  name: string;
+  arguments: string; // A JSON string of the arguments
+}
+
+// Represents the result of a function call
+interface SnFunctionResult {
+  callId: string;      // The ID of the corresponding function call
+  result: any;         // The data returned by the function
+  isError: boolean;
+}
+```
+
+## 2. Handling the SSE Stream
+
+The response is streamed using Server-Sent Events (SSE). Your client should listen to this stream and process events as they arrive to build the UI in real-time.
+
+The stream sends different types of messages, identified by a `type` field in the JSON payload.
+
+| Event Type               | `data` Payload                               | Client-Side Action                                                                                                                            |
+| ------------------------ | -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
+| `text`                   | `{ "type": "text", "data": "some text" }`    | Append the text content to the current message being displayed. This is the most common event.                                                |
+| `function_call_update`   | `{ "type": "function_call_update", "data": { ... } }` | This provides real-time updates as the AI decides on a function call. You can use this to show an advanced "thinking" state, but it's optional. The key events to handle are `function_call` and `function_result`. |
+| `function_call`          | `{ "type": "function_call", "data": SnFunctionCall }` | The AI has committed to using a tool. Display a "Using tool..." indicator. You can show the `name` of the tool for more clarity. |
+| `function_result`        | `{ "type": "function_result", "data": SnFunctionResult }` | The tool has finished running. You can hide the "thinking" indicator for this tool and optionally display a summary of the result. |
+| `topic`                  | `{ "type": "topic", "data": "A new topic" }` | If this is the first message in a new conversation, this event provides the auto-generated topic title. Update your UI accordingly. |
+| `thought`                | `{ "type": "thought", "data": SnThinkingThought }` | This is the **final event** in the stream. It contains the complete, persisted message object with all its `Parts`. You should use this final object to replace the incrementally-built message in your state to ensure consistency. |
+
+## 3. Rendering a Message from `SnThinkingThought`
+
+Once you have the final `SnThinkingThought` object (either from the `thought` event in the stream or by fetching conversation history), you can render it by iterating through the `parts` array.
+
+### Pseudocode for Rendering
+
+```javascript
+function renderThought(thought: SnThinkingThought) {
+  const messageContainer = document.createElement('div');
+  messageContainer.className = `message message-role-${thought.role}`;
+
+  // User messages are simple and will only have one text part
+  if (thought.role === 'User') {
+    const textPart = thought.parts[0];
+    messageContainer.innerText = textPart.text;
+    return messageContainer;
+  }
+
+  // Assistant messages can have multiple parts
+  let textBuffer = '';
+
+  thought.parts.forEach(part => {
+    switch (part.type) {
+      case ThinkingMessagePartType.Text:
+        // Buffer text to combine consecutive text parts
+        textBuffer += part.text;
+        break;
+
+      case ThinkingMessagePartType.FunctionCall:
+        // First, render any buffered text
+        if (textBuffer) {
+          messageContainer.appendChild(renderText(textBuffer));
+          textBuffer = '';
+        }
+        // Then, render the function call UI component
+        messageContainer.appendChild(renderFunctionCall(part.functionCall));
+        break;
+
+      case ThinkingMessagePartType.FunctionResult:
+        // Render buffered text
+        if (textBuffer) {
+          messageContainer.appendChild(renderText(textBuffer));
+          textBuffer = '';
+        }
+        // Then, render the function result UI component
+        messageContainer.appendChild(renderFunctionResult(part.functionResult));
+        break;
+    }
+  });
+
+  // Render any remaining text at the end
+  if (textBuffer) {
+    messageContainer.appendChild(renderText(textBuffer));
+  }
+
+  return messageContainer;
+}
+
+// Helper functions to create UI components
+function renderText(text) {
+  const p = document.createElement('p');
+  p.innerText = text;
+  return p;
+}
+
+function renderFunctionCall(functionCall) {
+  const el = document.createElement('div');
+  el.className = 'function-call-indicator';
+  el.innerHTML = `<i>Using tool: <strong>${functionCall.name}</strong>...</i>`;
+  // You could add a button to show functionCall.arguments
+  return el;
+}
+
+function renderFunctionResult(functionResult) {
+  const el = document.createElement('div');
+  el.className = 'function-result-indicator';
+  if (functionResult.isError) {
+    el.classList.add('error');
+    el.innerText = 'An error occurred while using the tool.';
+  } else {
+    el.innerText = 'Tool finished.';
+  }
+  // You could expand this to show a summary of functionResult.result
+  return el;
+}
+```
+
+This approach ensures that text and tool-use indicators are rendered inline and in the correct order, providing a clear and accurate representation of the assistant's actions.

DysonNetwork.Insight/Thought/Plugins/SnAccountKernelPlugin.cs

@@ -0,0 +1,29 @@
+using DysonNetwork.Shared.Models;
+using DysonNetwork.Shared.Proto;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.SemanticKernel;
+
+namespace DysonNetwork.Insight.Thought.Plugins;
+
+public class SnAccountKernelPlugin(
+    AccountService.AccountServiceClient accountClient
+)
+{
+    [KernelFunction("get_account")]
+    public async Task<SnAccount?> GetAccount(string userId)
+    {
+        var request = new GetAccountRequest { Id = userId };
+        var response = await accountClient.GetAccountAsync(request);
+        if (response is null) return null;
+        return SnAccount.FromProtoValue(response);
+    }
+
+    [KernelFunction("get_account_by_name")]
+    public async Task<SnAccount?> GetAccountByName(string username)
+    {
+        var request = new LookupAccountBatchRequest();
+        request.Names.Add(username);
+        var response = await accountClient.LookupAccountBatchAsync(request);
+        return response.Accounts.IsNullOrEmpty() ? null : SnAccount.FromProtoValue(response.Accounts[0]);
+    }
+}

DysonNetwork.Insight/Thought/Plugins/SnPostKernelPlugin.cs

@@ -0,0 +1,98 @@
+using System.ComponentModel;
+using DysonNetwork.Shared.Models;
+using DysonNetwork.Shared.Proto;
+using Microsoft.SemanticKernel;
+using NodaTime;
+using NodaTime.Serialization.Protobuf;
+using NodaTime.Text;
+
+namespace DysonNetwork.Insight.Thought.Plugins;
+
+public class SnPostKernelPlugin(
+    PostService.PostServiceClient postClient
+)
+{
+    [KernelFunction("get_post")]
+    public async Task<SnPost?> GetPost(string postId)
+    {
+        var request = new GetPostRequest { Id = postId };
+        var response = await postClient.GetPostAsync(request);
+        return response is null ? null : SnPost.FromProtoValue(response);
+    }
+
+    [KernelFunction("search_posts")]
+    [Description("Perform a full-text search in all Solar Network posts.")]
+    public async Task<List<SnPost>> SearchPostsContent(string contentQuery, int pageSize = 10, int page = 1)
+    {
+        var request = new SearchPostsRequest
+        {
+            Query = contentQuery,
+            PageSize = pageSize,
+            PageToken = ((page - 1) * pageSize).ToString()
+        };
+        var response = await postClient.SearchPostsAsync(request);
+        return response.Posts.Select(SnPost.FromProtoValue).ToList();
+    }
+
+    public class KernelPostListResult
+    {
+        public List<SnPost> Posts { get; set; } = [];
+        public int TotalCount { get; set; }
+    }
+
+    [KernelFunction("list_posts")]
+    [Description("List all posts on the Solar Network without filters, orderBy can be date or popularity")]
+    public async Task<KernelPostListResult> ListPosts(
+        string orderBy = "date",
+        bool orderDesc = true,
+        int pageSize = 10,
+        int page = 1
+    )
+    {
+        var request = new ListPostsRequest
+        {
+            OrderBy = orderBy,
+            OrderDesc = orderDesc,
+            PageSize = pageSize,
+            PageToken = ((page - 1) * pageSize).ToString()
+        };
+        var response = await postClient.ListPostsAsync(request);
+        return new KernelPostListResult
+        {
+            Posts = response.Posts.Select(SnPost.FromProtoValue).ToList(),
+            TotalCount = response.TotalSize,
+        };
+    }
+
+    [KernelFunction("list_posts_within_time")]
+    [Description(
+        "List posts in a period of time, the time requires ISO-8601 format, one of the start and end must be provided.")]
+    public async Task<KernelPostListResult> ListPostsWithinTime(
+        string? beforeTime,
+        string? afterTime,
+        int pageSize = 10,
+        int page = 1
+    )
+    {
+        var pattern = InstantPattern.General;
+        Instant? before = !string.IsNullOrWhiteSpace(beforeTime)
+            ? pattern.Parse(beforeTime).TryGetValue(default, out var beforeValue) ? beforeValue : null
+            : null;
+        Instant? after = !string.IsNullOrWhiteSpace(afterTime)
+            ? pattern.Parse(afterTime).TryGetValue(default, out var afterValue) ? afterValue : null
+            : null;
+        var request = new ListPostsRequest
+        {
+            After = after?.ToTimestamp(),
+            Before = before?.ToTimestamp(),
+            PageSize = pageSize,
+            PageToken = ((page - 1) * pageSize).ToString()
+        };
+        var response = await postClient.ListPostsAsync(request);
+        return new KernelPostListResult
+        {
+            Posts = response.Posts.Select(SnPost.FromProtoValue).ToList(),
+            TotalCount = response.TotalSize,
+        };
+    }
+}

DysonNetwork.Insight/Thought/ThoughtController.cs

@@ -1,15 +1,13 @@
-using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Diagnostics.CodeAnalysis;
-using System.IO;
 using System.Text;
 using System.Text.Json;
+using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.SemanticKernel;
 using Microsoft.SemanticKernel.ChatCompletion;
-using Microsoft.SemanticKernel.Connectors.Ollama;
 
 namespace DysonNetwork.Insight.Thought;
 
@@ -22,12 +20,50 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
     public class StreamThinkingRequest
     {
         [Required] public string UserMessage { get; set; } = null!;
+        public string? ServiceId { get; set; }
         public Guid? SequenceId { get; set; }
-        public List<string>? AttachedPosts { get; set; }
+        public List<string>? AttachedPosts { get; set; } = [];
         public List<Dictionary<string, dynamic>>? AttachedMessages { get; set; }
         public List<string> AcceptProposals { get; set; } = [];
     }
 
+    public class UpdateSharingRequest
+    {
+        public bool IsPublic { get; set; }
+    }
+
+    public class ThoughtServiceInfo
+    {
+        public string ServiceId { get; set; } = null!;
+        public double BillingMultiplier { get; set; }
+        public int PerkLevel { get; set; }
+    }
+
+    public class ThoughtServicesResponse
+    {
+        public string DefaultService { get; set; } = null!;
+        public IEnumerable<ThoughtServiceInfo> Services { get; set; } = null!;
+    }
+
+    [HttpGet("services")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    public ActionResult<ThoughtServicesResponse> GetAvailableServices()
+    {
+        var services = provider.GetAvailableServicesInfo()
+            .Select(s => new ThoughtServiceInfo
+            {
+                ServiceId = s.ServiceId,
+                BillingMultiplier = s.BillingMultiplier,
+                PerkLevel = s.PerkLevel
+            });
+
+        return Ok(new ThoughtServicesResponse
+        {
+            DefaultService = provider.GetDefaultServiceId(),
+            Services = services
+        });
+    }
+
     [HttpPost]
     [Experimental("SKEXP0110")]
     public async Task<ActionResult> Think([FromBody] StreamThinkingRequest request)
@@ -38,6 +74,25 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
         if (request.AcceptProposals.Any(e => !AvailableProposals.Contains(e)))
             return BadRequest("Request contains unavailable proposal");
 
+        var serviceId = provider.GetServiceId(request.ServiceId);
+        var serviceInfo = provider.GetServiceInfo(serviceId);
+        if (serviceInfo is null)
+        {
+            return BadRequest("Service not found or configured.");
+        }
+
+        if (serviceInfo.PerkLevel > 0 && !currentUser.IsSuperuser)
+            if (currentUser.PerkSubscription is null ||
+                PerkSubscriptionPrivilege.GetPrivilegeFromIdentifier(currentUser.PerkSubscription.Identifier) <
+                serviceInfo.PerkLevel)
+                return StatusCode(403, "Not enough perk level");
+
+        var kernel = provider.GetKernel(request.ServiceId);
+        if (kernel is null)
+        {
+            return BadRequest("Service not found or configured.");
+        }
+
         // Generate a topic if creating a new sequence
         string? topic = null;
         if (!request.SequenceId.HasValue)
@@ -49,7 +104,13 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
             );
             summaryHistory.AddUserMessage(request.UserMessage);
 
-            var summaryResult = await provider.Kernel
+            var summaryKernel = provider.GetKernel(); // Get default kernel
+            if (summaryKernel is null)
+            {
+                return BadRequest("Default service not found or configured.");
+            }
+
+            var summaryResult = await summaryKernel
                 .GetRequiredService<IChatCompletionService>()
                 .GetChatMessageContentAsync(summaryHistory);
 
@@ -61,7 +122,13 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
         if (sequence == null) return Forbid(); // or NotFound
 
         // Save user thought
-        await service.SaveThoughtAsync(sequence, request.UserMessage, ThinkingThoughtRole.User);
+        await service.SaveThoughtAsync(sequence, [
+            new SnThinkingMessagePart
+            {
+                Type = ThinkingMessagePartType.Text,
+                Text = request.UserMessage
+            }
+        ], ThinkingThoughtRole.User);
 
         // Build chat history
         var chatHistory = new ChatHistory(
@@ -108,97 +175,192 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
         // Add previous thoughts (excluding the current user thought, which is the first one since descending)
         var previousThoughts = await service.GetPreviousThoughtsAsync(sequence);
         var count = previousThoughts.Count;
-        for (var i = 1; i < count; i++) // skip first (the newest, current user)
+        for (var i = count - 1; i >= 1; i--) // skip first (the newest, current user)
         {
             var thought = previousThoughts[i];
-            switch (thought.Role)
+            var textContent = new StringBuilder();
+            var functionCalls = new List<FunctionCallContent>();
+            var functionResults = new List<FunctionResultContent>();
+
+            foreach (var part in thought.Parts)
             {
-                case ThinkingThoughtRole.User:
+                switch (part.Type)
-                    chatHistory.AddUserMessage(thought.Content ?? "");
+                {
+                    case ThinkingMessagePartType.Text:
+                        textContent.Append(part.Text);
                         break;
-                case ThinkingThoughtRole.Assistant:
+                    case ThinkingMessagePartType.FunctionCall:
-                    chatHistory.AddAssistantMessage(thought.Content ?? "");
+                        var arguments = !string.IsNullOrEmpty(part.FunctionCall!.Arguments)
+                            ? JsonSerializer.Deserialize<Dictionary<string, object?>>(part.FunctionCall!.Arguments)
+                            : null;
+                        var kernelArgs = arguments is not null ? new KernelArguments(arguments) : null;
+
+                        functionCalls.Add(new FunctionCallContent(
+                            functionName: part.FunctionCall!.Name,
+                            pluginName: part.FunctionCall.PluginName,
+                            id: part.FunctionCall.Id,
+                            arguments: kernelArgs
+                        ));
+                        break;
+                    case ThinkingMessagePartType.FunctionResult:
+                        var resultObject = part.FunctionResult!.Result;
+                        var resultString = resultObject as string ?? JsonSerializer.Serialize(resultObject);
+                        functionResults.Add(new FunctionResultContent(
+                            callId: part.FunctionResult.CallId,
+                            functionName: part.FunctionResult.FunctionName,
+                            pluginName: part.FunctionResult.PluginName,
+                            result: resultString
+                        ));
                         break;
                     default:
                         throw new ArgumentOutOfRangeException();
                 }
             }
 
+            if (thought.Role == ThinkingThoughtRole.User)
+            {
+                chatHistory.AddUserMessage(textContent.ToString());
+            }
+            else
+            {
+                var assistantMessage = new ChatMessageContent(AuthorRole.Assistant, textContent.ToString());
+                if (functionCalls.Count > 0)
+                {
+                    assistantMessage.Items = [];
+                    foreach (var fc in functionCalls)
+                    {
+                        assistantMessage.Items.Add(fc);
+                    }
+                }
+
+                chatHistory.Add(assistantMessage);
+
+                if (functionResults.Count <= 0) continue;
+                foreach (var fr in functionResults)
+                {
+                    chatHistory.Add(fr.ToChatMessage());
+                }
+            }
+        }
+
         chatHistory.AddUserMessage(request.UserMessage);
 
         // Set response for streaming
         Response.Headers.Append("Content-Type", "text/event-stream");
         Response.StatusCode = 200;
 
-        var kernel = provider.Kernel;
         var chatCompletionService = kernel.GetRequiredService<IChatCompletionService>();
+        var executionSettings = provider.CreatePromptExecutionSettings(request.ServiceId);
 
-        // Kick off streaming generation
+        var assistantParts = new List<SnThinkingMessagePart>();
-        var accumulatedContent = new StringBuilder();
-        var thinkingChunks = new List<SnThinkingChunk>();
-        await foreach (var chunk in chatCompletionService.GetStreamingChatMessageContentsAsync(
-                           chatHistory,
-                           provider.CreatePromptExecutionSettings(),
-                           kernel: kernel
-                       ))
-        {
-            // Process each item in the chunk for detailed streaming
-            foreach (var item in chunk.Items)
-            {
-                var streamingChunk = item switch
-                {
-                    StreamingTextContent textContent => new SnThinkingChunk
-                        { Type = StreamingContentType.Text, Data = new() { ["text"] = textContent.Text ?? "" } },
-                    StreamingReasoningContent reasoningContent => new SnThinkingChunk
-                    {
-                        Type = StreamingContentType.Reasoning, Data = new() { ["text"] = reasoningContent.Text }
-                    },
-                    StreamingFunctionCallUpdateContent functionCall => string.IsNullOrEmpty(functionCall.CallId)
-                        ? null
-                        : new SnThinkingChunk
-                        {
-                            Type = StreamingContentType.FunctionCall,
-                            Data = JsonSerializer.Deserialize<Dictionary<string, object>>(
-                                JsonSerializer.Serialize(functionCall)) ?? new Dictionary<string, object>()
-                        },
-                    _ => new SnThinkingChunk
-                    {
-                        Type = StreamingContentType.Unknown, Data = new() { ["data"] = JsonSerializer.Serialize(item) }
-                    }
-                };
-                if (streamingChunk == null) continue;
 
-                thinkingChunks.Add(streamingChunk);
+        while (true)
-
-                var messageJson = item switch
         {
-                    StreamingTextContent textContent =>
+            var textContentBuilder = new StringBuilder();
-                        JsonSerializer.Serialize(new { type = "text", data = textContent.Text ?? "" }),
+            AuthorRole? authorRole = null;
-                    StreamingReasoningContent reasoningContent =>
+            var functionCallBuilder = new FunctionCallContentBuilder();
-                        JsonSerializer.Serialize(new { type = "reasoning", data = reasoningContent.Text }),
-                    StreamingFunctionCallUpdateContent functionCall =>
-                        JsonSerializer.Serialize(new { type = "function_call", data = functionCall }),
-                    _ =>
-                        JsonSerializer.Serialize(new { type = "unknown", data = item })
-                };
 
-                // Write a structured JSON message to the HTTP response as SSE
+            await foreach (
-                var messageBytes = Encoding.UTF8.GetBytes($"data: {messageJson}\n\n");
+                var streamingContent in chatCompletionService.GetStreamingChatMessageContentsAsync(
-                await Response.Body.WriteAsync(messageBytes);
+                    chatHistory, executionSettings, kernel)
+            )
+            {
+                authorRole ??= streamingContent.Role;
+
+                if (streamingContent.Content is not null)
+                {
+                    textContentBuilder.Append(streamingContent.Content);
+                    var messageJson = JsonSerializer.Serialize(new
+                        { type = "text", data = streamingContent.Content });
+                    await Response.Body.WriteAsync(Encoding.UTF8.GetBytes($"data: {messageJson}\n\n"));
                     await Response.Body.FlushAsync();
                 }
 
-            // Accumulate content for saving (only text content)
+                functionCallBuilder.Append(streamingContent);
-            accumulatedContent.Append(chunk.Content ?? "");
+            }
+
+            var finalMessageText = textContentBuilder.ToString();
+            if (!string.IsNullOrEmpty(finalMessageText))
+            {
+                assistantParts.Add(new SnThinkingMessagePart
+                    { Type = ThinkingMessagePartType.Text, Text = finalMessageText });
+            }
+
+            var functionCalls = functionCallBuilder.Build()
+                .Where(fc => !string.IsNullOrEmpty(fc.Id)).ToList();
+
+            if (functionCalls.Count == 0)
+                break;
+
+            var assistantMessage = new ChatMessageContent(
+                authorRole ?? AuthorRole.Assistant,
+                string.IsNullOrEmpty(finalMessageText) ? null : finalMessageText
+            );
+            foreach (var functionCall in functionCalls)
+            {
+                assistantMessage.Items.Add(functionCall);
+            }
+
+            chatHistory.Add(assistantMessage);
+
+            foreach (var functionCall in functionCalls)
+            {
+                var part = new SnThinkingMessagePart
+                {
+                    Type = ThinkingMessagePartType.FunctionCall,
+                    FunctionCall = new SnFunctionCall
+                    {
+                        Id = functionCall.Id!,
+                        PluginName = functionCall.PluginName,
+                        Name = functionCall.FunctionName,
+                        Arguments = JsonSerializer.Serialize(functionCall.Arguments)
+                    }
+                };
+                assistantParts.Add(part);
+
+                var messageJson = JsonSerializer.Serialize(new { type = "function_call", data = part.FunctionCall });
+                await Response.Body.WriteAsync(Encoding.UTF8.GetBytes($"data: {messageJson}\n\n"));
+                await Response.Body.FlushAsync();
+
+                FunctionResultContent resultContent;
+                try
+                {
+                    resultContent = await functionCall.InvokeAsync(kernel);
+                }
+                catch (Exception ex)
+                {
+                    resultContent = new FunctionResultContent(functionCall.Id!, ex.Message);
+                }
+
+                chatHistory.Add(resultContent.ToChatMessage());
+
+                var resultPart = new SnThinkingMessagePart
+                {
+                    Type = ThinkingMessagePartType.FunctionResult,
+                    FunctionResult = new SnFunctionResult
+                    {
+                        CallId = resultContent.CallId!,
+                        PluginName = resultContent.PluginName,
+                        FunctionName = resultContent.FunctionName,
+                        Result = resultContent.Result!,
+                        IsError = resultContent.Result is Exception
+                    }
+                };
+                assistantParts.Add(resultPart);
+
+                var resultMessageJson =
+                    JsonSerializer.Serialize(new { type = "function_result", data = resultPart.FunctionResult });
+                await Response.Body.WriteAsync(Encoding.UTF8.GetBytes($"data: {resultMessageJson}\n\n"));
+                await Response.Body.FlushAsync();
+            }
         }
 
         // Save assistant thought
         var savedThought = await service.SaveThoughtAsync(
             sequence,
-            accumulatedContent.ToString(),
+            assistantParts,
             ThinkingThoughtRole.Assistant,
-            thinkingChunks,
+            serviceId
-            provider.ModelDefault
         );
 
         // Write the topic if it was newly set, then the thought object as JSON to the stream
@@ -209,7 +371,6 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
             {
                 var topicJson = JsonSerializer.Serialize(new { type = "topic", data = sequence.Topic ?? "" });
                 await streamBuilder.WriteAsync(Encoding.UTF8.GetBytes($"topic: {topicJson}\n\n"));
-                savedThought.Sequence.Topic = topic;
             }
 
             var thoughtJson = JsonSerializer.Serialize(new { type = "thought", data = savedThought },
@@ -250,6 +411,25 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
         return Ok(sequences);
     }
 
+    [HttpPatch("sequences/{sequenceId:guid}/sharing")]
+    [ProducesResponseType(StatusCodes.Status204NoContent)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesResponseType(StatusCodes.Status403Forbidden)]
+    public async Task<ActionResult> UpdateSequenceSharing(Guid sequenceId, [FromBody] UpdateSharingRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
+        var accountId = Guid.Parse(currentUser.Id);
+
+        var sequence = await service.GetSequenceAsync(sequenceId);
+        if (sequence == null) return NotFound();
+        if (sequence.AccountId != accountId) return Forbid();
+
+        sequence.IsPublic = request.IsPublic;
+        await service.UpdateSequenceAsync(sequence);
+
+        return NoContent();
+    }
+
     /// <summary>
     /// Retrieves the thoughts in a specific thinking sequence.
     /// </summary>
@@ -261,12 +441,18 @@ public class ThoughtController(ThoughtProvider provider, ThoughtService service)
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<ActionResult<List<SnThinkingThought>>> GetSequenceThoughts(Guid sequenceId)
+    {
+        var sequence = await service.GetSequenceAsync(sequenceId);
+        if (sequence == null) return NotFound();
+
+        if (!sequence.IsPublic)
         {
             if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
             var accountId = Guid.Parse(currentUser.Id);
 
-        var sequence = await service.GetOrCreateSequenceAsync(accountId, sequenceId);
+            if (sequence.AccountId != accountId)
-        if (sequence == null) return NotFound();
+                return StatusCode(403);
+        }
 
         var thoughts = await service.GetPreviousThoughtsAsync(sequence);
 

DysonNetwork.Insight/Thought/ThoughtProvider.cs

@@ -1,158 +1,126 @@
 using System.ClientModel;
 using System.Diagnostics.CodeAnalysis;
-using System.Text.Json;
+using DysonNetwork.Insight.Thought.Plugins;
-using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
+using DysonNetwork.Shared.Registry;
 using Microsoft.SemanticKernel;
 using Microsoft.SemanticKernel.Connectors.Ollama;
 using Microsoft.SemanticKernel.Connectors.OpenAI;
 using OpenAI;
-using PostType = DysonNetwork.Shared.Proto.PostType;
 using Microsoft.SemanticKernel.Plugins.Web;
 using Microsoft.SemanticKernel.Plugins.Web.Bing;
 using Microsoft.SemanticKernel.Plugins.Web.Google;
-using NodaTime.Serialization.Protobuf;
-using NodaTime.Text;
 
 namespace DysonNetwork.Insight.Thought;
 
+public class ThoughtServiceModel
+{
+    public string ServiceId { get; set; } = null!;
+    public string? Provider { get; set; }
+    public string? Model { get; set; }
+    public double BillingMultiplier { get; set; }
+    public int PerkLevel { get; set; }
+}
+
 public class ThoughtProvider
 {
     private readonly PostService.PostServiceClient _postClient;
     private readonly AccountService.AccountServiceClient _accountClient;
     private readonly IConfiguration _configuration;
-    private readonly ILogger<ThoughtProvider> _logger;
 
-    public Kernel Kernel { get; }
+    private readonly Dictionary<string, Kernel> _kernels = new();
-
+    private readonly Dictionary<string, string> _serviceProviders = new();
-    private string? ModelProviderType { get; set; }
+    private readonly Dictionary<string, ThoughtServiceModel> _serviceModels = new();
-    public string? ModelDefault { get; set; }
+    private readonly string _defaultServiceId;
 
     [Experimental("SKEXP0050")]
     public ThoughtProvider(
         IConfiguration configuration,
         PostService.PostServiceClient postServiceClient,
-        AccountService.AccountServiceClient accountServiceClient,
+        AccountService.AccountServiceClient accountServiceClient
-        ILogger<ThoughtProvider> logger
     )
     {
-        _logger = logger;
         _postClient = postServiceClient;
         _accountClient = accountServiceClient;
         _configuration = configuration;
 
-        Kernel = InitializeThinkingProvider(configuration);
+        var cfg = configuration.GetSection("Thinking");
-        InitializeHelperFunctions();
+        _defaultServiceId = cfg.GetValue<string>("DefaultService")!;
+        var services = cfg.GetSection("Services").GetChildren();
+
+        foreach (var service in services)
+        {
+            var serviceId = service.Key;
+            var serviceModel = new ThoughtServiceModel
+            {
+                ServiceId = serviceId,
+                Provider = service.GetValue<string>("Provider"),
+                Model = service.GetValue<string>("Model"),
+                BillingMultiplier = service.GetValue<double>("BillingMultiplier", 1.0),
+                PerkLevel = service.GetValue<int>("PerkLevel", 0)
+            };
+            _serviceModels[serviceId] = serviceModel;
+            
+            var providerType = service.GetValue<string>("Provider")?.ToLower();
+            if (providerType is null) continue;
+
+            var kernel = InitializeThinkingService(service);
+            InitializeHelperFunctions(kernel);
+            _kernels[serviceId] = kernel;
+            _serviceProviders[serviceId] = providerType;
+        }
     }
 
-    private Kernel InitializeThinkingProvider(IConfiguration configuration)
+    private Kernel InitializeThinkingService(IConfigurationSection serviceConfig)
     {
-        var cfg = configuration.GetSection("Thinking");
+        var providerType = serviceConfig.GetValue<string>("Provider")?.ToLower();
-        ModelProviderType = cfg.GetValue<string>("Provider")?.ToLower();
+        var model = serviceConfig.GetValue<string>("Model");
-        ModelDefault = cfg.GetValue<string>("Model");
+        var endpoint = serviceConfig.GetValue<string>("Endpoint");
-        var endpoint = cfg.GetValue<string>("Endpoint");
+        var apiKey = serviceConfig.GetValue<string>("ApiKey");
-        var apiKey = cfg.GetValue<string>("ApiKey");
 
         var builder = Kernel.CreateBuilder();
 
-        switch (ModelProviderType)
+        switch (providerType)
         {
             case "ollama":
-                builder.AddOllamaChatCompletion(ModelDefault!, new Uri(endpoint ?? "http://localhost:11434/api"));
+                builder.AddOllamaChatCompletion(
+                    model!,
+                    new Uri(endpoint ?? "http://localhost:11434/api")
+                );
                 break;
             case "deepseek":
                 var client = new OpenAIClient(
                     new ApiKeyCredential(apiKey!),
                     new OpenAIClientOptions { Endpoint = new Uri(endpoint ?? "https://api.deepseek.com/v1") }
                 );
-                builder.AddOpenAIChatCompletion(ModelDefault!, client);
+                builder.AddOpenAIChatCompletion(model!, client);
                 break;
             default:
-                throw new IndexOutOfRangeException("Unknown thinking provider: " + ModelProviderType);
+                throw new IndexOutOfRangeException("Unknown thinking provider: " + providerType);
         }
 
+        // Add gRPC clients for Thought Plugins
+        builder.Services.AddServiceDiscoveryCore();
+        builder.Services.AddServiceDiscovery();
+        builder.Services.AddAccountService();
+        builder.Services.AddSphereService();
+
+        builder.Plugins.AddFromObject(new SnAccountKernelPlugin(_accountClient));
+        builder.Plugins.AddFromObject(new SnPostKernelPlugin(_postClient));
+
         return builder.Build();
     }
 
     [Experimental("SKEXP0050")]
-    private void InitializeHelperFunctions()
+    private void InitializeHelperFunctions(Kernel kernel)
     {
-        // Add Solar Network tools plugin
-        Kernel.ImportPluginFromFunctions("solar_network", [
-            KernelFunctionFactory.CreateFromMethod(async (string userId) =>
-            {
-                var request = new GetAccountRequest { Id = userId };
-                var response = await _accountClient.GetAccountAsync(request);
-                return JsonSerializer.Serialize(response, GrpcTypeHelper.SerializerOptions);
-            }, "get_user", "Get a user profile from the Solar Network."),
-            KernelFunctionFactory.CreateFromMethod(async (string postId) =>
-            {
-                var request = new GetPostRequest { Id = postId };
-                var response = await _postClient.GetPostAsync(request);
-                return JsonSerializer.Serialize(response, GrpcTypeHelper.SerializerOptions);
-            }, "get_post", "Get a single post by ID from the Solar Network."),
-            KernelFunctionFactory.CreateFromMethod(async (string query) =>
-                {
-                    var request = new SearchPostsRequest { Query = query, PageSize = 10 };
-                    var response = await _postClient.SearchPostsAsync(request);
-                    return JsonSerializer.Serialize(response.Posts, GrpcTypeHelper.SerializerOptions);
-                }, "search_posts",
-                "Search posts by query from the Solar Network. The input query is will be used to search with title, description and body content"),
-            KernelFunctionFactory.CreateFromMethod(async (
-                    string? orderBy = null,
-                    string? afterIso = null,
-                    string? beforeIso = null
-                ) =>
-                {
-                    _logger.LogInformation("Begin building request to list post from sphere...");
-
-                    var request = new ListPostsRequest
-                    {
-                        PageSize = 20,
-                        OrderBy = orderBy,
-                    };
-                    if (!string.IsNullOrEmpty(afterIso))
-                        try
-                        {
-                            request.After = InstantPattern.General.Parse(afterIso).Value.ToTimestamp();
-                        }
-                        catch (Exception)
-                        {
-                            _logger.LogWarning("Invalid afterIso format: {AfterIso}", afterIso);
-                        }
-                    if (!string.IsNullOrEmpty(beforeIso))
-                        try
-                        {
-                            request.Before = InstantPattern.General.Parse(beforeIso).Value.ToTimestamp();
-                        }
-                        catch (Exception)
-                        {
-                            _logger.LogWarning("Invalid beforeIso format: {BeforeIso}", beforeIso);
-                        }
-
-                    _logger.LogInformation("Request built, {Request}", request);
-
-                    var response = await _postClient.ListPostsAsync(request);
-
-                    var data = response.Posts.Select(SnPost.FromProtoValue);
-                    _logger.LogInformation("Sphere service returned posts: {Posts}", data);
-                    return JsonSerializer.Serialize(data, GrpcTypeHelper.SerializerOptions);
-                }, "list_posts",
-                "Get posts from the Solar Network.\n" +
-                "Parameters:\n" +
-                "orderBy (optional, string: order by published date, accept asc or desc)\n" +
-                "afterIso (optional, string: ISO date for posts after this date)\n" +
-                "beforeIso (optional, string: ISO date for posts before this date)"
-            )
-        ]);
-
         // Add web search plugins if configured
         var bingApiKey = _configuration.GetValue<string>("Thinking:BingApiKey");
         if (!string.IsNullOrEmpty(bingApiKey))
         {
             var bingConnector = new BingConnector(bingApiKey);
             var bing = new WebSearchEnginePlugin(bingConnector);
-            Kernel.ImportPluginFromObject(bing, "bing");
+            kernel.ImportPluginFromObject(bing, "bing");
         }
 
         var googleApiKey = _configuration.GetValue<string>("Thinking:GoogleApiKey");
@@ -163,36 +131,58 @@ public class ThoughtProvider
                 apiKey: googleApiKey,
                 searchEngineId: googleCx);
             var google = new WebSearchEnginePlugin(googleConnector);
-            Kernel.ImportPluginFromObject(google, "google");
+            kernel.ImportPluginFromObject(google, "google");
         }
     }
 
-    public PromptExecutionSettings CreatePromptExecutionSettings()
+    public Kernel? GetKernel(string? serviceId = null)
     {
-        switch (ModelProviderType)
+        serviceId ??= _defaultServiceId;
-        {
+        return _kernels.GetValueOrDefault(serviceId);
-            case "ollama":
-                return new OllamaPromptExecutionSettings
-                {
-                    FunctionChoiceBehavior = FunctionChoiceBehavior.Auto(
-                        options: new FunctionChoiceBehaviorOptions
-                        {
-                            AllowParallelCalls = true,
-                            AllowConcurrentInvocation = true
-                        })
-                };
-            case "deepseek":
-                return new OpenAIPromptExecutionSettings
-                {
-                    FunctionChoiceBehavior = FunctionChoiceBehavior.Auto(
-                        options: new FunctionChoiceBehaviorOptions
-                        {
-                            AllowParallelCalls = true,
-                            AllowConcurrentInvocation = true
-                        })
-                };
-            default:
-                throw new InvalidOperationException("Unknown provider: " + ModelProviderType);
     }
+
+    public string GetServiceId(string? serviceId = null)
+    {
+        return serviceId ?? _defaultServiceId;
+    }
+
+    public IEnumerable<string> GetAvailableServices()
+    {
+        return _kernels.Keys;
+    }
+    
+    public IEnumerable<ThoughtServiceModel> GetAvailableServicesInfo()
+    {
+        return _serviceModels.Values;
+    }
+
+    public ThoughtServiceModel? GetServiceInfo(string? serviceId)
+    {
+        serviceId ??= _defaultServiceId;
+        return _serviceModels.GetValueOrDefault(serviceId);
+    }
+
+    public string GetDefaultServiceId()
+    {
+        return _defaultServiceId;
+    }
+
+    public PromptExecutionSettings CreatePromptExecutionSettings(string? serviceId = null)
+    {
+        serviceId ??= _defaultServiceId;
+        var providerType = _serviceProviders.GetValueOrDefault(serviceId);
+
+        return providerType switch
+        {
+            "ollama" => new OllamaPromptExecutionSettings
+            {
+                FunctionChoiceBehavior = FunctionChoiceBehavior.Auto(autoInvoke: false)
+            },
+            "deepseek" => new OpenAIPromptExecutionSettings
+            {
+                FunctionChoiceBehavior = FunctionChoiceBehavior.Auto(autoInvoke: false), ModelId = serviceId
+            },
+            _ => throw new InvalidOperationException("Unknown provider for service: " + serviceId)
+        };
     }
 }

DysonNetwork.Insight/Thought/ThoughtService.cs

@@ -11,8 +11,7 @@ namespace DysonNetwork.Insight.Thought;
 public class ThoughtService(
     AppDatabase db,
     ICacheService cache,
-    PaymentService.PaymentServiceClient paymentService,
+    PaymentService.PaymentServiceClient paymentService
-    WalletService.WalletServiceClient walletService
 )
 {
     public async Task<SnThinkingSequence?> GetOrCreateSequenceAsync(
@@ -37,25 +36,38 @@ public class ThoughtService(
         }
     }
 
+    public async Task<SnThinkingSequence?> GetSequenceAsync(Guid sequenceId)
+    {
+        return await db.ThinkingSequences.FindAsync(sequenceId);
+    }
+
+    public async Task UpdateSequenceAsync(SnThinkingSequence sequence)
+    {
+        db.ThinkingSequences.Update(sequence);
+        await db.SaveChangesAsync();
+    }
+
     public async Task<SnThinkingThought> SaveThoughtAsync(
         SnThinkingSequence sequence,
-        string content,
+        List<SnThinkingMessagePart> parts,
         ThinkingThoughtRole role,
-        List<SnThinkingChunk>? chunks = null,
         string? model = null
     )
     {
         // Approximate token count (1 token ≈ 4 characters for GPT-like models)
-        var tokenCount = content?.Length / 4 ?? 0;
+        var totalChars = parts.Sum(part =>
+            (part.Type == ThinkingMessagePartType.Text ? part.Text?.Length : 0) ?? 0 +
+            (part.Type == ThinkingMessagePartType.FunctionCall ? part.FunctionCall?.Arguments.Length : 0) ?? 0
+        );
+        var tokenCount = totalChars / 4;
     
         var thought = new SnThinkingThought
         {
             SequenceId = sequence.Id,
-            Content = content,
+            Parts = parts,
             Role = role,
             TokenCount = tokenCount,
             ModelName = model,
-            Chunks = chunks ?? new List<SnThinkingChunk>(),
         };
         db.ThinkingThoughts.Add(thought);
     
@@ -70,7 +82,6 @@ public class ThoughtService(
     
         return thought;
     }
-
     public async Task<List<SnThinkingThought>> GetPreviousThoughtsAsync(SnThinkingSequence sequence)
     {
         var cacheKey = $"thoughts:{sequence.Id}";
@@ -133,6 +144,13 @@ public class ThoughtService(
         foreach (var accountGroup in groupedByAccount)
         {
             var accountId = accountGroup.Key;
+            
+            if (await db.UnpaidAccounts.AnyAsync(u => u.AccountId == accountId))
+            {
+                logger.LogWarning("Skipping billing for marked account {accountId}", accountId);
+                continue;
+            }
+            
             var totalUnpaidTokens = accountGroup.Sum(s => s.TotalToken - s.PaidToken);
             var cost = (long)Math.Ceiling(totalUnpaidTokens / 10.0);
 
@@ -166,9 +184,86 @@ public class ThoughtService(
             catch (Exception ex)
             {
                 logger.LogError(ex, "Error billing for account {accountId}", accountId);
+                if (!await db.UnpaidAccounts.AnyAsync(u => u.AccountId == accountId))
+                {
+                    db.UnpaidAccounts.Add(new SnUnpaidAccount { AccountId = accountId, MarkedAt = DateTime.UtcNow });
+                }
             }
         }
 
         await db.SaveChangesAsync();
     }
+
+    public async Task<(bool success, long cost)> RetryBillingForAccountAsync(Guid accountId, ILogger logger)
+    {
+        var isMarked = await db.UnpaidAccounts.FirstOrDefaultAsync(u => u.AccountId == accountId);
+        if (isMarked == null)
+        {
+            logger.LogInformation("Account {accountId} is not marked for unpaid bills.", accountId);
+            return (true, 0);
+        }
+
+        var sequences = await db
+            .ThinkingSequences.Where(s => s.AccountId == accountId && s.PaidToken < s.TotalToken)
+            .ToListAsync();
+
+        if (!sequences.Any())
+        {
+            logger.LogInformation("No unpaid sequences found for account {accountId}. Unmarking.", accountId);
+            db.UnpaidAccounts.Remove(isMarked);
+            await db.SaveChangesAsync();
+            return (true, 0);
+        }
+
+        var totalUnpaidTokens = sequences.Sum(s => s.TotalToken - s.PaidToken);
+        var cost = (long)Math.Ceiling(totalUnpaidTokens / 10.0);
+
+        if (cost == 0)
+        {
+            logger.LogInformation("Unpaid tokens for {accountId} resulted in zero cost. Marking as paid and unmarking.", accountId);
+            foreach (var sequence in sequences)
+            {
+                sequence.PaidToken = sequence.TotalToken;
+            }
+            db.UnpaidAccounts.Remove(isMarked);
+            await db.SaveChangesAsync();
+            return (true, 0);
+        }
+
+        try
+        {
+            var date = DateTime.Now.ToString("yyyy-MM-dd");
+            await paymentService.CreateTransactionWithAccountAsync(
+                new CreateTransactionWithAccountRequest
+                {
+                    PayerAccountId = accountId.ToString(),
+                    Currency = WalletCurrency.SourcePoint,
+                    Amount = cost.ToString(),
+                    Remarks = $"Wage for SN-chan on {date} (Retry)",
+                    Type = TransactionType.System,
+                }
+            );
+
+            foreach (var sequence in sequences)
+            {
+                sequence.PaidToken = sequence.TotalToken;
+            }
+
+            db.UnpaidAccounts.Remove(isMarked);
+            
+            logger.LogInformation(
+                "Successfully billed {cost} points for account {accountId} on retry.",
+                cost,
+                accountId
+            );
+            
+            await db.SaveChangesAsync();
+            return (true, cost);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Error retrying billing for account {accountId}", accountId);
+            return (false, cost);
+        }
+    }
 }

DysonNetwork.Insight/Thought/TokenBillingJob.cs

@@ -1,7 +1,6 @@
-using DysonNetwork.Insight.Thought;
 using Quartz;
 
-namespace DysonNetwork.Insight.Startup;
+namespace DysonNetwork.Insight.Thought;
 
 public class TokenBillingJob(ThoughtService thoughtService, ILogger<TokenBillingJob> logger) : IJob
 {

DysonNetwork.Insight/appsettings.json

@@ -10,7 +10,10 @@
     },
     "AllowedHosts": "*",
     "ConnectionStrings": {
-        "App": "Host=localhost;Port=5432;Database=dyson_insight;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60"
+        "App": "Host=localhost;Port=5432;Database=dyson_insight;Username=postgres;Password=postgres;Include Error Detail=True;Maximum Pool Size=20;Connection Idle Lifetime=60",
+        "Registrar": "127.0.0.1:2379",
+        "Cache": "127.0.0.1:6379",
+        "Queue": "127.0.0.1:4222"
     },
     "KnownProxies": [
         "127.0.0.1",
@@ -19,9 +22,26 @@
     "Etcd": {
         "Insecure": true
     },
+    "Cache": {
+        "Serializer": "MessagePack"
+    },
     "Thinking": {
+        "DefaultService": "deepseek-chat",
+        "Services": {
+            "deepseek-chat": {
                 "Provider": "deepseek",
                 "Model": "deepseek-chat",
-        "ApiKey": "sk-bd20f6a2e9fa40b98c46899baa0e9f09"
+                "ApiKey": "sk-",
+                "BillingMultiplier": 1.0,
+                "PerkLevel": 0
+            },
+            "deepseek-reasoner": {
+                "Provider": "deepseek",
+                "Model": "deepseek-reasoner",
+                "ApiKey": "sk-",
+                "BillingMultiplier": 1.5,
+                "PerkLevel": 1
+            }
+        }
     }
 }    

DysonNetwork.Pass/Account/AccountController.cs

@@ -1,9 +1,11 @@
 using System.ComponentModel.DataAnnotations;
+using DysonNetwork.Pass.Affiliation;
 using DysonNetwork.Pass.Auth;
 using DysonNetwork.Pass.Credit;
 using DysonNetwork.Pass.Permission;
 using DysonNetwork.Pass.Wallet;
-using DysonNetwork.Shared.GeoIp;
+using DysonNetwork.Shared.Auth;
+using DysonNetwork.Shared.Geometry;
 using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Models;
 using Microsoft.AspNetCore.Authorization;
@@ -22,7 +24,8 @@ public class AccountController(
     SubscriptionService subscriptions,
     AccountEventService events,
     SocialCreditService socialCreditService,
-    GeoIpService geo
+    AffiliationSpellService ars,
+    GeoService geo
 ) : ControllerBase
 {
     [HttpGet("{name}")]
@@ -34,7 +37,7 @@ public class AccountController(
             .Include(e => e.Badges)
             .Include(e => e.Profile)
             .Include(e => e.Contacts.Where(c => c.IsPublic))
-            .Where(a => a.Name == name)
+            .Where(a => EF.Functions.Like(a.Name, name))
             .FirstOrDefaultAsync();
         if (account is null) return NotFound(ApiError.NotFound(name, traceId: HttpContext.TraceIdentifier));
 
@@ -103,6 +106,52 @@ public class AccountController(
         [MaxLength(32)] public string Language { get; set; } = "en-us";
 
         [Required] public string CaptchaToken { get; set; } = string.Empty;
+        
+        public string? AffiliationSpell { get; set; }
+    }
+
+    public class AccountCreateValidateRequest
+    {
+        [MinLength(2)]
+        [MaxLength(256)]
+        [RegularExpression(@"^[A-Za-z0-9_-]+$",
+            ErrorMessage = "Name can only contain letters, numbers, underscores, and hyphens.")
+        ]
+        public string? Name { get; set; }
+
+        [EmailAddress]
+        [RegularExpression(@"^[^+]+@[^@]+\.[^@]+$", ErrorMessage = "Email address cannot contain '+' symbol.")]
+        [MaxLength(1024)]
+        public string? Email { get; set; }
+        
+        public string? AffiliationSpell { get; set; }
+    }
+
+    [HttpPost("validate")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status404NotFound)]
+    public async Task<ActionResult<string>> ValidateCreateAccountRequest(
+        [FromBody] AccountCreateValidateRequest request)
+    {
+        if (request.Name is not null)
+        {
+            if (await accounts.CheckAccountNameHasTaken(request.Name))
+                return BadRequest("Account name has already been taken.");
+        }
+
+        if (request.Email is not null)
+        {
+            if (await accounts.CheckEmailHasBeenUsed(request.Email))
+                return BadRequest("Email has already been used.");
+        }
+
+        if (request.AffiliationSpell is not null)
+        {
+            if (!await ars.CheckAffiliationSpellHasTaken(request.AffiliationSpell))
+                return BadRequest("No affiliation spell has been found.");
+        }
+
+        return Ok("Everything seems good.");
     }
 
     [HttpPost]
@@ -271,10 +320,21 @@ public class AccountController(
 
     [HttpPost("credits/validate")]
     [Authorize]
-    [RequiredPermission("maintenance", "credits.validate.perform")]
+    [AskPermission("credits.validate.perform")]
     public async Task<IActionResult> PerformSocialCreditValidation()
     {
         await socialCreditService.ValidateSocialCredits();
         return Ok();
     }
+
+    [HttpDelete("{name}")]
+    [Authorize]
+    [AskPermission("accounts.deletion")]
+    public async Task<IActionResult> AdminDeleteAccount(string name)
+    {
+        var account = await accounts.LookupAccount(name);
+        if (account is null) return NotFound();
+        await accounts.DeleteAccount(account);
+        return Ok();
+    }
 }

DysonNetwork.Pass/Account/AccountCurrentController.cs

@@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using DysonNetwork.Pass.Permission;
 using DysonNetwork.Pass.Wallet;
+using DysonNetwork.Shared.Auth;
 using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
@@ -82,7 +83,7 @@ public class AccountCurrentController(
         [MaxLength(4096)] public string? Bio { get; set; }
         public Shared.Models.UsernameColor? UsernameColor { get; set; }
         public Instant? Birthday { get; set; }
-        public List<ProfileLink>? Links { get; set; }
+        public List<SnProfileLink>? Links { get; set; }
 
         [MaxLength(32)] public string? PictureId { get; set; }
         [MaxLength(32)] public string? BackgroundId { get; set; }
@@ -194,7 +195,7 @@ public class AccountCurrentController(
     }
 
     [HttpPatch("statuses")]
-    [RequiredPermission("global", "accounts.statuses.update")]
+    [AskPermission("accounts.statuses.update")]
     public async Task<ActionResult<SnAccountStatus>> UpdateStatus([FromBody] AccountController.StatusRequest request)
     {
         if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
@@ -228,7 +229,7 @@ public class AccountCurrentController(
     }
 
     [HttpPost("statuses")]
-    [RequiredPermission("global", "accounts.statuses.create")]
+    [AskPermission("accounts.statuses.create")]
     public async Task<ActionResult<SnAccountStatus>> CreateStatus([FromBody] AccountController.StatusRequest request)
     {
         if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
@@ -559,7 +560,7 @@ public class AccountCurrentController(
 
     [HttpGet("devices")]
     [Authorize]
-    public async Task<ActionResult<List<SnAuthClientWithChallenge>>> GetDevices()
+    public async Task<ActionResult<List<SnAuthClientWithSessions>>> GetDevices()
     {
         if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser ||
             HttpContext.Items["CurrentSession"] is not SnAuthSession currentSession) return Unauthorized();
@@ -570,18 +571,41 @@ public class AccountCurrentController(
             .Where(device => device.AccountId == currentUser.Id)
             .ToListAsync();
 
-        var challengeDevices = devices.Select(SnAuthClientWithChallenge.FromClient).ToList();
+        var sessionDevices = devices.ConvertAll(SnAuthClientWithSessions.FromClient).ToList();
-        var deviceIds = challengeDevices.Select(x => x.Id).ToList();
+        var clientIds = sessionDevices.Select(x => x.Id).ToList();
 
-        var authChallenges = await db.AuthChallenges
+        var authSessions = await db.AuthSessions
-            .Where(c => c.ClientId != null && deviceIds.Contains(c.ClientId.Value))
+            .Where(c => c.ClientId != null && clientIds.Contains(c.ClientId.Value))
-            .GroupBy(c => c.ClientId)
+            .GroupBy(c => c.ClientId!.Value)
-            .ToDictionaryAsync(c => c.Key!.Value, c => c.ToList());
+            .ToDictionaryAsync(c => c.Key, c => c.ToList());
-        foreach (var challengeDevice in challengeDevices)
+        foreach (var dev in sessionDevices)
-            if (authChallenges.TryGetValue(challengeDevice.Id, out var challenge))
+            if (authSessions.TryGetValue(dev.Id, out var challenge))
-                challengeDevice.Challenges = challenge;
+                dev.Sessions = challenge;
 
-        return Ok(challengeDevices);
+        return Ok(sessionDevices);
+    }
+
+    [HttpGet("challenges")]
+    [Authorize]
+    public async Task<ActionResult<List<SnAuthChallenge>>> GetChallenges(
+        [FromQuery] int take = 20,
+        [FromQuery] int offset = 0
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var query = db.AuthChallenges
+            .Where(challenge => challenge.AccountId == currentUser.Id)
+            .OrderByDescending(c => c.CreatedAt);
+
+        var total = await query.CountAsync();
+        Response.Headers.Append("X-Total", total.ToString());
+
+        var challenges = await query
+            .Skip(offset)
+            .Take(take)
+            .ToListAsync();
+        return Ok(challenges);
     }
 
     [HttpGet("sessions")]
@@ -595,8 +619,8 @@ public class AccountCurrentController(
             HttpContext.Items["CurrentSession"] is not SnAuthSession currentSession) return Unauthorized();
 
         var query = db.AuthSessions
+            .OrderByDescending(x => x.LastGrantedAt)
             .Include(session => session.Account)
-            .Include(session => session.Challenge)
             .Where(session => session.Account.Id == currentUser.Id);
 
         var total = await query.CountAsync();
@@ -604,7 +628,6 @@ public class AccountCurrentController(
         Response.Headers.Append("X-Auth-Session", currentSession.Id.ToString());
 
         var sessions = await query
-            .OrderByDescending(x => x.LastGrantedAt)
             .Skip(offset)
             .Take(take)
             .ToListAsync();
@@ -688,7 +711,7 @@ public class AccountCurrentController(
         if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser ||
             HttpContext.Items["CurrentSession"] is not SnAuthSession currentSession) return Unauthorized();
 
-        var device = await db.AuthClients.FirstOrDefaultAsync(d => d.Id == currentSession.Challenge.ClientId);
+        var device = await db.AuthClients.FirstOrDefaultAsync(d => d.Id == currentSession.ClientId);
         if (device is null) return NotFound();
 
         try

DysonNetwork.Pass/Account/AccountEventService.cs

@@ -137,7 +137,7 @@ public class AccountEventService(
             }
         }
 
-        if (cacheMissUserIds.Count != 0)
+        if (cacheMissUserIds.Count == 0) return results;
         {
             var now = SystemClock.Instance.GetCurrentInstant();
             var statusesFromDb = await db.AccountStatuses
@@ -160,7 +160,7 @@ public class AccountEventService(
             }
 
             var usersWithoutStatus = cacheMissUserIds.Except(foundUserIds).ToList();
-            if (usersWithoutStatus.Any())
+            if (usersWithoutStatus.Count == 0) return results;
             {
                 foreach (var userId in usersWithoutStatus)
                 {
@@ -313,12 +313,52 @@ public class AccountEventService(
         CultureInfo.CurrentCulture = cultureInfo;
         CultureInfo.CurrentUICulture = cultureInfo;
 
+        var accountProfile = await db.AccountProfiles
+            .Where(x => x.AccountId == user.Id)
+            .Select(x => new { x.Birthday, x.TimeZone })
+            .FirstOrDefaultAsync();
+        
+        var accountBirthday = accountProfile?.Birthday;
+
+        var now = SystemClock.Instance.GetCurrentInstant();
+        
+        var userTimeZone = DateTimeZone.Utc;
+        if (!string.IsNullOrEmpty(accountProfile?.TimeZone))
+        {
+            userTimeZone = DateTimeZoneProviders.Tzdb.GetZoneOrNull(accountProfile.TimeZone) ?? DateTimeZone.Utc;
+        }
+
+        var todayInUserTz = now.InZone(userTimeZone).Date;
+        var birthdayDate = accountBirthday?.InZone(userTimeZone).Date;
+        
+        var isBirthday = birthdayDate.HasValue && 
+                         birthdayDate.Value.Month == todayInUserTz.Month && 
+                         birthdayDate.Value.Day == todayInUserTz.Day;
+
+        List<CheckInFortuneTip> tips;
+        CheckInResultLevel checkInLevel;
+
+        if (isBirthday)
+        {
+            // Skip random logic and tips generation for birthday
+            checkInLevel = CheckInResultLevel.Special;
+            tips = [
+                new CheckInFortuneTip()
+                {
+                    IsPositive = true,
+                    Title = localizer["FortuneTipSpecialTitle_Birthday"].Value,
+                    Content = localizer["FortuneTipSpecialContent_Birthday", user.Nick].Value,
+                }
+            ];
+        }
+        else
+        {
             // Generate 2 positive tips
             var positiveIndices = Enumerable.Range(1, FortuneTipCount)
                 .OrderBy(_ => Random.Next())
                 .Take(2)
                 .ToList();
-        var tips = positiveIndices.Select(index => new CheckInFortuneTip
+            tips = positiveIndices.Select(index => new CheckInFortuneTip
             {
                 IsPositive = true,
                 Title = localizer[$"FortuneTipPositiveTitle_{index}"].Value,
@@ -339,20 +379,18 @@ public class AccountEventService(
             }));
 
             // The 5 is specialized, keep it alone.
-        var sum = 0;
+            // Use weighted random distribution to make all levels reasonably achievable
-        var maxLevel = Enum.GetValues<CheckInResultLevel>().Length - 1;
+            // Weights: Worst: 10%, Worse: 20%, Normal: 40%, Better: 20%, Best: 10%
-        for (var i = 0; i < 5; i++)
+            var randomValue = Random.Next(100);
-            sum += Random.Next(maxLevel);
+            checkInLevel = randomValue switch
-        var checkInLevel = (CheckInResultLevel)(sum / 5);
+            {
-
+                < 10 => CheckInResultLevel.Worst,    // 0-9: 10% chance
-        var accountBirthday = await db.AccountProfiles
+                < 30 => CheckInResultLevel.Worse,    // 10-29: 20% chance
-            .Where(x => x.AccountId == user.Id)
+                < 70 => CheckInResultLevel.Normal,   // 30-69: 40% chance
-            .Select(x => x.Birthday)
+                < 90 => CheckInResultLevel.Better,   // 70-89: 20% chance
-            .FirstOrDefaultAsync();
+                _ => CheckInResultLevel.Best         // 90-99: 10% chance
-
+            };
-        var now = SystemClock.Instance.GetCurrentInstant().InUtc().Date;
+        }
-        if (accountBirthday.HasValue && accountBirthday.Value.InUtc().Date == now)
-            checkInLevel = CheckInResultLevel.Special;
 
         var result = new SnCheckInResult
         {
@@ -472,6 +510,54 @@ public class AccountEventService(
         return activities;
     }
 
+    public async Task<Dictionary<Guid, List<SnPresenceActivity>>> GetActiveActivitiesBatch(List<Guid> userIds)
+    {
+        var results = new Dictionary<Guid, List<SnPresenceActivity>>();
+        var cacheMissUserIds = new List<Guid>();
+
+        // Try to get activities from cache first
+        foreach (var userId in userIds)
+        {
+            var cacheKey = $"{ActivityCacheKey}{userId}";
+            var cachedActivities = await cache.GetAsync<List<SnPresenceActivity>>(cacheKey);
+            if (cachedActivities != null)
+            {
+                results[userId] = cachedActivities;
+            }
+            else
+            {
+                cacheMissUserIds.Add(userId);
+            }
+        }
+
+        // If all activities were found in cache, return early
+        if (cacheMissUserIds.Count == 0) return results;
+
+        // Fetch remaining activities from database in a single query
+        var now = SystemClock.Instance.GetCurrentInstant();
+        var activitiesFromDb = await db.PresenceActivities
+            .Where(e => cacheMissUserIds.Contains(e.AccountId) && e.LeaseExpiresAt > now && e.DeletedAt == null)
+            .ToListAsync();
+
+        // Group activities by user ID and update cache
+        var activitiesByUser = activitiesFromDb
+            .GroupBy(a => a.AccountId)
+            .ToDictionary(g => g.Key, g => g.ToList());
+
+        foreach (var userId in cacheMissUserIds)
+        {
+            var userActivities = activitiesByUser.GetValueOrDefault(userId, new List<SnPresenceActivity>());
+            results[userId] = userActivities;
+            
+            // Update cache for this user
+            var cacheKey = $"{ActivityCacheKey}{userId}";
+            await cache.SetWithGroupsAsync(cacheKey, userActivities, [$"{AccountService.AccountCachePrefix}{userId}"],
+                TimeSpan.FromMinutes(1));
+        }
+
+        return results;
+    }
+
     public async Task<(List<SnPresenceActivity>, int)> GetAllActivities(Guid userId, int offset = 0, int take = 20)
     {
         var query = db.PresenceActivities

DysonNetwork.Pass/Account/AccountService.cs

@@ -1,9 +1,11 @@
 using System.Globalization;
+using DysonNetwork.Pass.Affiliation;
 using DysonNetwork.Pass.Auth.OpenId;
 using DysonNetwork.Pass.Localization;
 using DysonNetwork.Pass.Mailer;
 using DysonNetwork.Pass.Resources.Emails;
 using DysonNetwork.Shared.Cache;
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
 using DysonNetwork.Shared.Stream;
@@ -23,6 +25,7 @@ public class AccountService(
     FileService.FileServiceClient files,
     FileReferenceService.FileReferenceServiceClient fileRefs,
     AccountUsernameService uname,
+    AffiliationSpellService ars,
     EmailService mailer,
     RingService.RingServiceClient pusher,
     IStringLocalizer<NotificationResource> localizer,
@@ -53,11 +56,13 @@ public class AccountService(
 
     public async Task<SnAccount?> LookupAccount(string probe)
     {
-        var account = await db.Accounts.Where(a => a.Name == probe).FirstOrDefaultAsync();
+        var account = await db.Accounts.Where(a => EF.Functions.ILike(a.Name, probe)).FirstOrDefaultAsync();
         if (account is not null) return account;
 
         var contact = await db.AccountContacts
-            .Where(c => c.Content == probe)
+            .Where(c => c.Type == Shared.Models.AccountContactType.Email ||
+                        c.Type == Shared.Models.AccountContactType.PhoneNumber)
+            .Where(c => EF.Functions.ILike(c.Content, probe))
             .Include(c => c.Account)
             .FirstOrDefaultAsync();
         return contact?.Account;
@@ -80,6 +85,17 @@ public class AccountService(
         return profile?.Level;
     }
 
+    public async Task<bool> CheckAccountNameHasTaken(string name)
+    {
+        return await db.Accounts.AnyAsync(a => EF.Functions.ILike(a.Name, name));
+    }
+
+    public async Task<bool> CheckEmailHasBeenUsed(string email)
+    {
+        return await db.AccountContacts.AnyAsync(c =>
+            c.Type == Shared.Models.AccountContactType.Email && EF.Functions.ILike(c.Content, email));
+    }
+
     public async Task<SnAccount> CreateAccount(
         string name,
         string nick,
@@ -87,12 +103,12 @@ public class AccountService(
         string? password,
         string language = "en-US",
         string region = "en",
+        string? affiliationSpell = null,
         bool isEmailVerified = false,
         bool isActivated = false
     )
     {
-        var dupeNameCount = await db.Accounts.Where(a => a.Name == name).CountAsync();
+        if (await CheckAccountNameHasTaken(name))
-        if (dupeNameCount > 0)
             throw new InvalidOperationException("Account name has already been taken.");
 
         var dupeEmailCount = await db.AccountContacts
@@ -109,7 +125,7 @@ public class AccountService(
             Region = region,
             Contacts =
             [
-                new()
+                new SnAccountContact
                 {
                     Type = Shared.Models.AccountContactType.Email,
                     Content = email,
@@ -131,6 +147,9 @@ public class AccountService(
             Profile = new SnAccountProfile()
         };
 
+        if (affiliationSpell is not null)
+            await ars.CreateAffiliationResult(affiliationSpell, $"account:{account.Id}");
+
         if (isActivated)
         {
             account.ActivatedAt = SystemClock.Instance.GetCurrentInstant();
@@ -139,7 +158,7 @@ public class AccountService(
             {
                 db.PermissionGroupMembers.Add(new SnPermissionGroupMember
                 {
-                    Actor = $"user:{account.Id}",
+                    Actor = account.Id.ToString(),
                     Group = defaultGroup
                 });
             }
@@ -180,10 +199,7 @@ public class AccountService(
             displayName,
             userInfo.Email,
             null,
-            "en-US",
+            isEmailVerified: userInfo.EmailVerified
-            "en",
-            userInfo.EmailVerified,
-            userInfo.EmailVerified
         );
     }
 
@@ -273,7 +289,8 @@ public class AccountService(
         return isExists;
     }
 
-    public async Task<SnAccountAuthFactor?> CreateAuthFactor(SnAccount account, Shared.Models.AccountAuthFactorType type, string? secret)
+    public async Task<SnAccountAuthFactor?> CreateAuthFactor(SnAccount account,
+        Shared.Models.AccountAuthFactorType type, string? secret)
     {
         SnAccountAuthFactor? factor = null;
         switch (type)
@@ -351,7 +368,8 @@ public class AccountService(
     public async Task<SnAccountAuthFactor> EnableAuthFactor(SnAccountAuthFactor factor, string? code)
     {
         if (factor.EnabledAt is not null) throw new ArgumentException("The factor has been enabled.");
-        if (factor.Type is Shared.Models.AccountAuthFactorType.Password or Shared.Models.AccountAuthFactorType.TimedCode)
+        if (factor.Type is Shared.Models.AccountAuthFactorType.Password
+            or Shared.Models.AccountAuthFactorType.TimedCode)
         {
             if (code is null || !factor.VerifyPassword(code))
                 throw new InvalidOperationException(
@@ -507,9 +525,7 @@ public class AccountService(
 
     private async Task<bool> IsDeviceActive(Guid id)
     {
-        return await db.AuthSessions
+        return await db.AuthSessions.AnyAsync(s => s.ClientId == id);
-            .Include(s => s.Challenge)
-            .AnyAsync(s => s.Challenge.ClientId == id);
     }
 
     public async Task<SnAuthClient> UpdateDeviceName(SnAccount account, string deviceId, string label)
@@ -528,8 +544,7 @@ public class AccountService(
     public async Task DeleteSession(SnAccount account, Guid sessionId)
     {
         var session = await db.AuthSessions
-            .Include(s => s.Challenge)
+            .Include(s => s.Client)
-            .ThenInclude(s => s.Client)
             .Where(s => s.Id == sessionId && s.AccountId == account.Id)
             .FirstOrDefaultAsync();
         if (session is null) throw new InvalidOperationException("Session was not found.");
@@ -538,11 +553,11 @@ public class AccountService(
         db.AuthSessions.Remove(session);
         await db.SaveChangesAsync();
 
-        if (session.Challenge.ClientId.HasValue)
+        if (session.ClientId.HasValue)
         {
-            if (!await IsDeviceActive(session.Challenge.ClientId.Value))
+            if (!await IsDeviceActive(session.ClientId.Value))
                 await pusher.UnsubscribePushNotificationsAsync(new UnsubscribePushNotificationsRequest()
-                    { DeviceId = session.Challenge.Client!.DeviceId }
+                    { DeviceId = session.Client!.DeviceId }
                 );
         }
 
@@ -563,15 +578,13 @@ public class AccountService(
         );
 
         var sessions = await db.AuthSessions
-            .Include(s => s.Challenge)
+            .Where(s => s.ClientId == device.Id && s.AccountId == account.Id)
-            .Where(s => s.Challenge.ClientId == device.Id && s.AccountId == account.Id)
             .ToListAsync();
 
         // The current session should be included in the sessions' list
         var now = SystemClock.Instance.GetCurrentInstant();
         await db.AuthSessions
-            .Include(s => s.Challenge)
+            .Where(s => s.ClientId == device.Id)
-            .Where(s => s.Challenge.ClientId == device.Id)
             .ExecuteUpdateAsync(p => p.SetProperty(s => s.DeletedAt, s => now));
 
         db.AuthClients.Remove(device);
@@ -581,7 +594,8 @@ public class AccountService(
             await cache.RemoveAsync($"{AuthService.AuthCachePrefix}{item.Id}");
     }
 
-    public async Task<SnAccountContact> CreateContactMethod(SnAccount account, Shared.Models.AccountContactType type, string content)
+    public async Task<SnAccountContact> CreateContactMethod(SnAccount account, Shared.Models.AccountContactType type,
+        string content)
     {
         var isExists = await db.AccountContacts
             .Where(x => x.AccountId == account.Id && x.Type == type && x.Content == content)
@@ -643,7 +657,8 @@ public class AccountService(
         }
     }
 
-    public async Task<SnAccountContact> SetContactMethodPublic(SnAccount account, SnAccountContact contact, bool isPublic)
+    public async Task<SnAccountContact> SetContactMethodPublic(SnAccount account, SnAccountContact contact,
+        bool isPublic)
     {
         contact.IsPublic = isPublic;
         db.AccountContacts.Update(contact);

DysonNetwork.Pass/Account/AccountServiceGrpc.cs

@@ -24,15 +24,16 @@ public class AccountServiceGrpc(
     public override async Task<Shared.Proto.Account> GetAccount(GetAccountRequest request, ServerCallContext context)
     {
         if (!Guid.TryParse(request.Id, out var accountId))
-            throw new RpcException(new Grpc.Core.Status(StatusCode.InvalidArgument, "Invalid account ID format"));
+            throw new RpcException(new Status(StatusCode.InvalidArgument, "Invalid account ID format"));
 
         var account = await _db.Accounts
             .AsNoTracking()
             .Include(a => a.Profile)
+            .Include(a => a.Contacts.Where(c => c.IsPublic))
             .FirstOrDefaultAsync(a => a.Id == accountId);
 
         if (account == null)
-            throw new RpcException(new Grpc.Core.Status(StatusCode.NotFound, $"Account {request.Id} not found"));
+            throw new RpcException(new Status(StatusCode.NotFound, $"Account {request.Id} not found"));
 
         var perk = await subscriptions.GetPerkSubscriptionAsync(account.Id);
         account.PerkSubscription = perk?.ToReference();

DysonNetwork.Pass/Account/ActionLogService.cs

@@ -1,10 +1,10 @@
 using DysonNetwork.Shared.Cache;
-using DysonNetwork.Shared.GeoIp;
+using DysonNetwork.Shared.Geometry;
 using DysonNetwork.Shared.Models;
 
 namespace DysonNetwork.Pass.Account;
 
-public class ActionLogService(GeoIpService geo, FlushBufferService fbs)
+public class ActionLogService(GeoService geo, FlushBufferService fbs)
 {
     public void CreateActionLog(Guid accountId, string action, Dictionary<string, object> meta)
     {

DysonNetwork.Pass/Account/FriendsController.cs

@@ -0,0 +1,55 @@
+using DysonNetwork.Shared.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Pass.Account;
+
+[ApiController]
+[Route("/api/friends")]
+public class FriendsController(AppDatabase db, RelationshipService rels, AccountEventService events) : ControllerBase
+{
+    public class FriendOverviewItem
+    {
+        public SnAccount Account { get; set; } = null!;
+        public SnAccountStatus Status { get; set; } = null!;
+        public List<SnPresenceActivity> Activities { get; set; } = [];
+    }
+
+    [HttpGet("overview")]
+    [Authorize]
+    public async Task<ActionResult<List<FriendOverviewItem>>> GetOverview([FromQuery] bool includeOffline = false)
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var friendIds = await rels.ListAccountFriends(currentUser);
+
+        // Fetch data in parallel using batch methods for better performance
+        var accountsTask = db.Accounts
+            .Where(a => friendIds.Contains(a.Id))
+            .Include(a => a.Profile)
+            .ToListAsync();
+
+        var statusesTask = events.GetStatuses(friendIds);
+        var activitiesTask = events.GetActiveActivitiesBatch(friendIds);
+
+        // Wait for all data to be fetched
+        await Task.WhenAll(accountsTask, statusesTask, activitiesTask);
+
+        var accounts = accountsTask.Result;
+        var statuses = statusesTask.Result;
+        var activities = activitiesTask.Result;
+
+        var result = (from account in accounts
+            let status = statuses.GetValueOrDefault(account.Id)
+            where includeOffline || status is { IsOnline: true }
+            let accountActivities = activities.GetValueOrDefault(account.Id, new List<SnPresenceActivity>())
+            select new FriendOverviewItem
+            {
+                Account = account, Status = status ?? new SnAccountStatus { AccountId = account.Id },
+                Activities = accountActivities
+            }).ToList();
+
+        return Ok(result);
+    }
+}

DysonNetwork.Pass/Account/MagicSpellController.cs

@@ -1,3 +1,5 @@
+using DysonNetwork.Shared.Models;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 
@@ -7,6 +9,20 @@ namespace DysonNetwork.Pass.Account;
 [Route("/api/spells")]
 public class MagicSpellController(AppDatabase db, MagicSpellService sp) : ControllerBase
 {
+    [HttpPost("activation/resend")]
+    [Authorize]
+    public async Task<ActionResult> ResendActivationMagicSpell()
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var spell = await db.MagicSpells.FirstOrDefaultAsync(s =>
+            s.Type == MagicSpellType.AccountActivation && s.AccountId == currentUser.Id);
+        if (spell is null) return BadRequest("Unable to find activation magic spell.");
+        
+        await sp.NotifyMagicSpell(spell, true);
+        return Ok();
+    }
+
     [HttpPost("{spellId:guid}/resend")]
     public async Task<ActionResult> ResendMagicSpell(Guid spellId)
     {
@@ -38,7 +54,8 @@ public class MagicSpellController(AppDatabase db, MagicSpellService sp) : Contro
     }
 
     [HttpPost("{spellWord}/apply")]
-    public async Task<ActionResult> ApplyMagicSpell([FromRoute] string spellWord, [FromBody] MagicSpellApplyRequest? request)
+    public async Task<ActionResult> ApplyMagicSpell([FromRoute] string spellWord,
+        [FromBody] MagicSpellApplyRequest? request)
     {
         var word = Uri.UnescapeDataString(spellWord);
         var spell = await db.MagicSpells
@@ -59,6 +76,7 @@ public class MagicSpellController(AppDatabase db, MagicSpellService sp) : Contro
         {
             return BadRequest(ex.Message);
         }
+
         return Ok();
     }
 }

DysonNetwork.Pass/Account/MagicSpellService.cs

@@ -26,6 +26,7 @@ public class MagicSpellService(
         Dictionary<string, object> meta,
         Instant? expiredAt = null,
         Instant? affectedAt = null,
+        string? code = null,
         bool preventRepeat = false
     )
     {
@@ -41,7 +42,7 @@ public class MagicSpellService(
                 return existingSpell;
         }
 
-        var spellWord = _GenerateRandomString(128);
+        var spellWord = code ?? _GenerateRandomString(128);
         var spell = new SnMagicSpell
         {
             Spell = spellWord,
@@ -193,7 +194,7 @@ public class MagicSpellService(
                 {
                     db.PermissionGroupMembers.Add(new SnPermissionGroupMember
                     {
-                        Actor = $"user:{account.Id}",
+                        Actor = account.Id.ToString(),
                         Group = defaultGroup
                     });
                 }

DysonNetwork.Pass/Account/RelationshipService.cs

@@ -17,12 +17,18 @@ public class RelationshipService(
 {
     private const string UserFriendsCacheKeyPrefix = "accounts:friends:";
     private const string UserBlockedCacheKeyPrefix = "accounts:blocked:";
+    private static readonly TimeSpan CacheExpiration = TimeSpan.FromHours(1);
 
     public async Task<bool> HasExistingRelationship(Guid accountId, Guid relatedId)
     {
+        if (accountId == Guid.Empty || relatedId == Guid.Empty)
+            throw new ArgumentException("Account IDs cannot be empty.");
+        if (accountId == relatedId)
+            return false; // Prevent self-relationships
+
         var count = await db.AccountRelationships
             .Where(r => (r.AccountId == accountId && r.RelatedId == relatedId) ||
-                        (r.AccountId == relatedId && r.AccountId == accountId))
+                        (r.AccountId == relatedId && r.RelatedId == accountId))
             .CountAsync();
         return count > 0;
     }
@@ -34,6 +40,9 @@ public class RelationshipService(
         bool ignoreExpired = false
     )
     {
+        if (accountId == Guid.Empty || relatedId == Guid.Empty)
+            throw new ArgumentException("Account IDs cannot be empty.");
+
         var now = Instant.FromDateTimeUtc(DateTime.UtcNow);
         var queries = db.AccountRelationships.AsQueryable()
             .Where(r => r.AccountId == accountId && r.RelatedId == relatedId);
@@ -61,7 +70,7 @@ public class RelationshipService(
         db.AccountRelationships.Add(relationship);
         await db.SaveChangesAsync();
 
-        await PurgeRelationshipCache(sender.Id, target.Id);
+        await PurgeRelationshipCache(sender.Id, target.Id, status);
 
         return relationship;
     }
@@ -80,7 +89,7 @@ public class RelationshipService(
         db.Remove(relationship);
         await db.SaveChangesAsync();
 
-        await PurgeRelationshipCache(sender.Id, target.Id);
+        await PurgeRelationshipCache(sender.Id, target.Id, RelationshipStatus.Blocked);
 
         return relationship;
     }
@@ -114,19 +123,24 @@ public class RelationshipService(
             }
         });
 
+        await PurgeRelationshipCache(sender.Id, target.Id, RelationshipStatus.Pending);
+
         return relationship;
     }
 
     public async Task DeleteFriendRequest(Guid accountId, Guid relatedId)
     {
-        var relationship = await GetRelationship(accountId, relatedId, RelationshipStatus.Pending);
+        if (accountId == Guid.Empty || relatedId == Guid.Empty)
-        if (relationship is null) throw new ArgumentException("Friend request was not found.");
+            throw new ArgumentException("Account IDs cannot be empty.");
 
-        await db.AccountRelationships
+        var affectedRows = await db.AccountRelationships
             .Where(r => r.AccountId == accountId && r.RelatedId == relatedId && r.Status == RelationshipStatus.Pending)
             .ExecuteDeleteAsync();
 
-        await PurgeRelationshipCache(relationship.AccountId, relationship.RelatedId);
+        if (affectedRows == 0)
+            throw new ArgumentException("Friend request was not found.");
+
+        await PurgeRelationshipCache(accountId, relatedId, RelationshipStatus.Pending);
     }
 
     public async Task<SnAccountRelationship> AcceptFriendRelationship(
@@ -155,7 +169,7 @@ public class RelationshipService(
 
         await db.SaveChangesAsync();
 
-        await PurgeRelationshipCache(relationship.AccountId, relationship.RelatedId);
+        await PurgeRelationshipCache(relationship.AccountId, relationship.RelatedId, RelationshipStatus.Friends, status);
 
         return relationshipBackward;
     }
@@ -165,11 +179,12 @@ public class RelationshipService(
         var relationship = await GetRelationship(accountId, relatedId);
         if (relationship is null) throw new ArgumentException("There is no relationship between you and the user.");
         if (relationship.Status == status) return relationship;
+        var oldStatus = relationship.Status;
         relationship.Status = status;
         db.Update(relationship);
         await db.SaveChangesAsync();
 
-        await PurgeRelationshipCache(accountId, relatedId);
+        await PurgeRelationshipCache(accountId, relatedId, oldStatus, status);
 
         return relationship;
     }
@@ -181,21 +196,7 @@ public class RelationshipService(
 
     public async Task<List<Guid>> ListAccountFriends(Guid accountId)
     {
-        var cacheKey = $"{UserFriendsCacheKeyPrefix}{accountId}";
+        return await GetCachedRelationships(accountId, RelationshipStatus.Friends, UserFriendsCacheKeyPrefix);
-        var friends = await cache.GetAsync<List<Guid>>(cacheKey);
-
-        if (friends == null)
-        {
-            friends = await db.AccountRelationships
-                .Where(r => r.RelatedId == accountId)
-                .Where(r => r.Status == RelationshipStatus.Friends)
-                .Select(r => r.AccountId)
-                .ToListAsync();
-
-            await cache.SetAsync(cacheKey, friends, TimeSpan.FromHours(1));
-        }
-
-        return friends ?? [];
     }
 
     public async Task<List<Guid>> ListAccountBlocked(SnAccount account)
@@ -205,21 +206,7 @@ public class RelationshipService(
 
     public async Task<List<Guid>> ListAccountBlocked(Guid accountId)
     {
-        var cacheKey = $"{UserBlockedCacheKeyPrefix}{accountId}";
+        return await GetCachedRelationships(accountId, RelationshipStatus.Blocked, UserBlockedCacheKeyPrefix);
-        var blocked = await cache.GetAsync<List<Guid>>(cacheKey);
-
-        if (blocked == null)
-        {
-            blocked = await db.AccountRelationships
-                .Where(r => r.RelatedId == accountId)
-                .Where(r => r.Status == RelationshipStatus.Blocked)
-                .Select(r => r.AccountId)
-                .ToListAsync();
-
-            await cache.SetAsync(cacheKey, blocked, TimeSpan.FromHours(1));
-        }
-
-        return blocked ?? [];
     }
 
     public async Task<bool> HasRelationshipWithStatus(Guid accountId, Guid relatedId,
@@ -229,11 +216,52 @@ public class RelationshipService(
         return relationship is not null;
     }
 
-    private async Task PurgeRelationshipCache(Guid accountId, Guid relatedId)
+    private async Task<List<Guid>> GetCachedRelationships(Guid accountId, RelationshipStatus status, string cachePrefix)
     {
-        await cache.RemoveAsync($"{UserFriendsCacheKeyPrefix}{accountId}");
+        if (accountId == Guid.Empty)
-        await cache.RemoveAsync($"{UserFriendsCacheKeyPrefix}{relatedId}");
+            throw new ArgumentException("Account ID cannot be empty.");
-        await cache.RemoveAsync($"{UserBlockedCacheKeyPrefix}{accountId}");
+
-        await cache.RemoveAsync($"{UserBlockedCacheKeyPrefix}{relatedId}");
+        var cacheKey = $"{cachePrefix}{accountId}";
+        var relationships = await cache.GetAsync<List<Guid>>(cacheKey);
+
+        if (relationships == null)
+        {
+            var now = Instant.FromDateTimeUtc(DateTime.UtcNow);
+            relationships = await db.AccountRelationships
+                .Where(r => r.RelatedId == accountId)
+                .Where(r => r.Status == status)
+                .Where(r => r.ExpiredAt == null || r.ExpiredAt > now)
+                .Select(r => r.AccountId)
+                .ToListAsync();
+
+            await cache.SetAsync(cacheKey, relationships, CacheExpiration);
+        }
+
+        return relationships ?? new List<Guid>();
+    }
+
+    private async Task PurgeRelationshipCache(Guid accountId, Guid relatedId, params RelationshipStatus[] statuses)
+    {
+        if (statuses.Length == 0)
+        {
+            statuses = Enum.GetValues<RelationshipStatus>();
+        }
+
+        var keysToRemove = new List<string>();
+
+        if (statuses.Contains(RelationshipStatus.Friends) || statuses.Contains(RelationshipStatus.Pending))
+        {
+            keysToRemove.Add($"{UserFriendsCacheKeyPrefix}{accountId}");
+            keysToRemove.Add($"{UserFriendsCacheKeyPrefix}{relatedId}");
+        }
+
+        if (statuses.Contains(RelationshipStatus.Blocked))
+        {
+            keysToRemove.Add($"{UserBlockedCacheKeyPrefix}{accountId}");
+            keysToRemove.Add($"{UserBlockedCacheKeyPrefix}{relatedId}");
+        }
+
+        var removeTasks = keysToRemove.Select(key => cache.RemoveAsync(key));
+        await Task.WhenAll(removeTasks);
     }
 }

DysonNetwork.Pass/Affiliation/AffiliationSpellController.cs

@@ -0,0 +1,134 @@
+using System.ComponentModel.DataAnnotations;
+using DysonNetwork.Shared.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Pass.Affiliation;
+
+[ApiController]
+[Route("/api/affiliations")]
+public class AffiliationSpellController(AppDatabase db, AffiliationSpellService ars) : ControllerBase
+{
+    public class CreateAffiliationSpellRequest
+    {
+        [MaxLength(1024)] public string? Spell { get; set; }
+    }
+
+    [HttpPost]
+    [Authorize]
+    public async Task<ActionResult<SnAffiliationSpell>> CreateSpell([FromBody] CreateAffiliationSpellRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        try
+        {
+            var spell = await ars.CreateAffiliationSpell(currentUser.Id, request.Spell);
+            return Ok(spell);
+        }
+        catch (InvalidOperationException e)
+        {
+            return BadRequest(e.Message);
+        }
+    }
+    
+    [HttpGet]
+    [Authorize]
+    public async Task<ActionResult<List<SnAffiliationSpell>>> ListCreatedSpells(
+        [FromQuery(Name = "order")] string orderBy = "date",
+        [FromQuery(Name = "desc")] bool orderDesc = false,
+        [FromQuery] int take = 10,
+        [FromQuery] int offset = 0
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var queryable = db.AffiliationSpells
+            .Where(s => s.AccountId == currentUser.Id)
+            .AsQueryable();
+
+        queryable = orderBy switch
+        {
+            "usage" => orderDesc
+                ? queryable.OrderByDescending(q => q.Results.Count)
+                : queryable.OrderBy(q => q.Results.Count),
+            _ => orderDesc
+                ? queryable.OrderByDescending(q => q.CreatedAt)
+                : queryable.OrderBy(q => q.CreatedAt)
+        };
+
+        var totalCount = queryable.Count();
+        Response.Headers["X-Total"] = totalCount.ToString();
+
+        var spells = await queryable
+            .Skip(offset)
+            .Take(take)
+            .ToListAsync();
+        return Ok(spells);
+    }
+
+    [HttpGet("{id:guid}")]
+    [Authorize]
+    public async Task<ActionResult<SnAffiliationSpell>> GetSpell([FromRoute] Guid id)
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var spell = await db.AffiliationSpells
+            .Where(s => s.AccountId == currentUser.Id)
+            .Where(s => s.Id == id)
+            .FirstOrDefaultAsync();
+        if (spell is null) return NotFound();
+
+        return Ok(spell);
+    }
+
+    [HttpGet("{id:guid}/results")]
+    [Authorize]
+    public async Task<ActionResult<List<SnAffiliationResult>>> ListResults(
+        [FromRoute] Guid id,
+        [FromQuery(Name = "desc")] bool orderDesc = false,
+        [FromQuery] int take = 10,
+        [FromQuery] int offset = 0
+    )
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var queryable = db.AffiliationResults
+            .Include(r => r.Spell)
+            .Where(r => r.Spell.AccountId == currentUser.Id)
+            .Where(r => r.SpellId == id)
+            .AsQueryable();
+
+        // Order by creation date
+        queryable = orderDesc
+            ? queryable.OrderByDescending(r => r.CreatedAt)
+            : queryable.OrderBy(r => r.CreatedAt);
+
+        var totalCount = queryable.Count();
+        Response.Headers["X-Total"] = totalCount.ToString();
+
+        var results = await queryable
+            .Skip(offset)
+            .Take(take)
+            .ToListAsync();
+        return Ok(results);
+    }
+
+    [HttpDelete("{id:guid}")]
+    [Authorize]
+    public async Task<ActionResult> DeleteSpell([FromRoute] Guid id)
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount currentUser) return Unauthorized();
+
+        var spell = await db.AffiliationSpells
+            .Where(s => s.AccountId == currentUser.Id)
+            .Where(s => s.Id == id)
+            .FirstOrDefaultAsync();
+        if (spell is null) return NotFound();
+
+        db.AffiliationSpells.Remove(spell);
+        await db.SaveChangesAsync();
+
+        return Ok();
+    }
+}

DysonNetwork.Pass/Affiliation/AffiliationSpellService.cs

@@ -0,0 +1,62 @@
+using System.Security.Cryptography;
+using DysonNetwork.Shared.Models;
+using Microsoft.EntityFrameworkCore;
+
+namespace DysonNetwork.Pass.Affiliation;
+
+public class AffiliationSpellService(AppDatabase db)
+{
+    public async Task<SnAffiliationSpell> CreateAffiliationSpell(Guid accountId, string? spellWord)
+    {
+        spellWord ??= _GenerateRandomString(8);
+        if (await CheckAffiliationSpellHasTaken(spellWord))
+            throw new InvalidOperationException("The spell has been taken.");
+
+        var spell = new SnAffiliationSpell
+        {
+            AccountId = accountId,
+            Spell = spellWord
+        };
+
+        db.AffiliationSpells.Add(spell);
+        await db.SaveChangesAsync();
+        return spell;
+    }
+
+    public async Task<SnAffiliationResult> CreateAffiliationResult(string spellWord, string resourceId)
+    {
+        var spell =
+            await db.AffiliationSpells.FirstOrDefaultAsync(a => a.Spell == spellWord);
+        if (spell is null) throw  new InvalidOperationException("The spell was not found.");
+
+        var result = new SnAffiliationResult
+        {
+            Spell = spell,
+            ResourceIdentifier = resourceId
+        };
+        db.AffiliationResults.Add(result);
+        await db.SaveChangesAsync();
+        
+        return result;
+    }
+
+    public async Task<bool> CheckAffiliationSpellHasTaken(string spellWord)
+    {
+        return await db.AffiliationSpells.AnyAsync(s => s.Spell == spellWord);
+    }
+
+    private static string _GenerateRandomString(int length)
+    {
+        const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+        var result = new char[length];
+        using var rng = RandomNumberGenerator.Create();
+        for (var i = 0; i < length; i++)
+        {
+            var bytes = new byte[1];
+            rng.GetBytes(bytes);
+            result[i] = chars[bytes[0] % chars.Length];
+        }
+
+        return new string(result);
+    }
+}

DysonNetwork.Pass/AppDatabase.cs

@@ -1,8 +1,8 @@
 using System.Linq.Expressions;
-using System.Reflection;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using DysonNetwork.Pass.Permission;
+using DysonNetwork.Shared.Data;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Design;
@@ -61,6 +61,9 @@ public class AppDatabase(
     public DbSet<SnLottery> Lotteries { get; set; } = null!;
     public DbSet<SnLotteryRecord> LotteryRecords { get; set; } = null!;
 
+    public DbSet<SnAffiliationSpell> AffiliationSpells { get; set; } = null!;
+    public DbSet<SnAffiliationResult> AffiliationResults { get; set; } = null!;
+
     protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
     {
         optionsBuilder.UseNpgsql(
@@ -100,7 +103,7 @@ public class AppDatabase(
                             "stickers.packs.create",
                             "stickers.create"
                         }.Select(permission =>
-                            PermissionService.NewPermissionNode("group:default", "global", permission, true))
+                            PermissionService.NewPermissionNode("group:default", permission, true))
                         .ToList()
                 });
                 await context.SaveChangesAsync(cancellationToken);
@@ -143,51 +146,12 @@ public class AppDatabase(
             .HasForeignKey(pm => pm.RealmId)
             .OnDelete(DeleteBehavior.Cascade);
 
-        // Automatically apply soft-delete filter to all entities inheriting BaseModel
+        modelBuilder.ApplySoftDeleteFilters();
-        foreach (var entityType in modelBuilder.Model.GetEntityTypes())
-        {
-            if (!typeof(ModelBase).IsAssignableFrom(entityType.ClrType)) continue;
-            var method = typeof(AppDatabase)
-                .GetMethod(nameof(SetSoftDeleteFilter),
-                    BindingFlags.NonPublic | BindingFlags.Static)!
-                .MakeGenericMethod(entityType.ClrType);
-
-            method.Invoke(null, [modelBuilder]);
-        }
-    }
-
-    private static void SetSoftDeleteFilter<TEntity>(ModelBuilder modelBuilder)
-        where TEntity : ModelBase
-    {
-        modelBuilder.Entity<TEntity>().HasQueryFilter(e => e.DeletedAt == null);
     }
 
     public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = default)
     {
-        var now = SystemClock.Instance.GetCurrentInstant();
+        this.ApplyAuditableAndSoftDelete();
-
-        foreach (var entry in ChangeTracker.Entries<ModelBase>())
-        {
-            switch (entry.State)
-            {
-                case EntityState.Added:
-                    entry.Entity.CreatedAt = now;
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Modified:
-                    entry.Entity.UpdatedAt = now;
-                    break;
-                case EntityState.Deleted:
-                    entry.State = EntityState.Modified;
-                    entry.Entity.DeletedAt = now;
-                    break;
-                case EntityState.Detached:
-                case EntityState.Unchanged:
-                default:
-                    break;
-            }
-        }
-
         return await base.SaveChangesAsync(cancellationToken);
     }
 }
@@ -266,34 +230,3 @@ public class AppDatabaseFactory : IDesignTimeDbContextFactory<AppDatabase>
     }
 }
 
-public static class OptionalQueryExtensions
-{
-    public static IQueryable<T> If<T>(
-        this IQueryable<T> source,
-        bool condition,
-        Func<IQueryable<T>, IQueryable<T>> transform
-    )
-    {
-        return condition ? transform(source) : source;
-    }
-
-    public static IQueryable<T> If<T, TP>(
-        this IIncludableQueryable<T, TP> source,
-        bool condition,
-        Func<IIncludableQueryable<T, TP>, IQueryable<T>> transform
-    )
-        where T : class
-    {
-        return condition ? transform(source) : source;
-    }
-
-    public static IQueryable<T> If<T, TP>(
-        this IIncludableQueryable<T, IEnumerable<TP>> source,
-        bool condition,
-        Func<IIncludableQueryable<T, IEnumerable<TP>>, IQueryable<T>> transform
-    )
-        where T : class
-    {
-        return condition ? transform(source) : source;
-    }
-}

DysonNetwork.Pass/Auth/Auth.cs

@@ -70,7 +70,7 @@ public class DysonTokenAuthHandler(
             };
 
             // Add scopes as claims
-            session.Challenge?.Scopes.ForEach(scope => claims.Add(new Claim("scope", scope)));
+            session.Scopes.ForEach(scope => claims.Add(new Claim("scope", scope)));
 
             // Add superuser claim if applicable
             if (session.Account.IsSuperuser)
@@ -117,16 +117,17 @@ public class DysonTokenAuthHandler(
         {
             if (authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
             {
-                var token = authHeader["Bearer ".Length..].Trim();
+                var tokenText = authHeader["Bearer ".Length..].Trim();
-                var parts = token.Split('.');
+                var parts = tokenText.Split('.');
 
                 return new TokenInfo
                 {
-                    Token = token,
+                    Token = tokenText,
                     Type = parts.Length == 3 ? TokenType.OidcKey : TokenType.AuthKey
                 };
             }
-            else if (authHeader.StartsWith("AtField ", StringComparison.OrdinalIgnoreCase))
+
+            if (authHeader.StartsWith("AtField ", StringComparison.OrdinalIgnoreCase))
             {
                 return new TokenInfo
                 {
@@ -134,7 +135,8 @@ public class DysonTokenAuthHandler(
                     Type = TokenType.AuthKey
                 };
             }
-            else if (authHeader.StartsWith("AkField ", StringComparison.OrdinalIgnoreCase))
+
+            if (authHeader.StartsWith("AkField ", StringComparison.OrdinalIgnoreCase))
             {
                 return new TokenInfo
                 {

DysonNetwork.Pass/Auth/AuthController.cs

@@ -3,7 +3,7 @@ using Microsoft.AspNetCore.Mvc;
 using NodaTime;
 using Microsoft.EntityFrameworkCore;
 using DysonNetwork.Pass.Localization;
-using DysonNetwork.Shared.GeoIp;
+using DysonNetwork.Shared.Geometry;
 using DysonNetwork.Shared.Proto;
 using Microsoft.Extensions.Localization;
 using AccountService = DysonNetwork.Pass.Account.AccountService;
@@ -18,7 +18,7 @@ public class AuthController(
     AppDatabase db,
     AccountService accounts,
     AuthService auth,
-    GeoIpService geo,
+    GeoService geo,
     ActionLogService als,
     RingService.RingServiceClient pusher,
     IConfiguration configuration,
@@ -30,12 +30,12 @@ public class AuthController(
 
     public class ChallengeRequest
     {
-        [Required] public ClientPlatform Platform { get; set; }
+        [Required] public Shared.Models.ClientPlatform Platform { get; set; }
         [Required] [MaxLength(256)] public string Account { get; set; } = null!;
         [Required] [MaxLength(512)] public string DeviceId { get; set; } = null!;
         [MaxLength(1024)] public string? DeviceName { get; set; }
-        public List<string> Audiences { get; set; } = new();
+        public List<string> Audiences { get; set; } = [];
-        public List<string> Scopes { get; set; } = new();
+        public List<string> Scopes { get; set; } = [];
     }
 
     [HttpPost("challenge")]
@@ -61,9 +61,6 @@ public class AuthController(
 
         request.DeviceName ??= userAgent;
 
-        var device =
-            await auth.GetOrCreateDeviceAsync(account.Id, request.DeviceId, request.DeviceName, request.Platform);
-
         // Trying to pick up challenges from the same IP address and user agent
         var existingChallenge = await db.AuthChallenges
             .Where(e => e.AccountId == account.Id)
@@ -71,15 +68,9 @@ public class AuthController(
             .Where(e => e.UserAgent == userAgent)
             .Where(e => e.StepRemain > 0)
             .Where(e => e.ExpiredAt != null && now < e.ExpiredAt)
-            .Where(e => e.Type == Shared.Models.ChallengeType.Login)
+            .Where(e => e.DeviceId == request.DeviceId)
-            .Where(e => e.ClientId == device.Id)
             .FirstOrDefaultAsync();
-        if (existingChallenge is not null)
+        if (existingChallenge is not null) return existingChallenge;
-        {
-            var existingSession = await db.AuthSessions.Where(e => e.ChallengeId == existingChallenge.Id)
-                .FirstOrDefaultAsync();
-            if (existingSession is null) return existingChallenge;
-        }
 
         var challenge = new SnAuthChallenge
         {
@@ -90,7 +81,9 @@ public class AuthController(
             IpAddress = ipAddress,
             UserAgent = userAgent,
             Location = geo.GetPointFromIp(ipAddress),
-            ClientId = device.Id,
+            DeviceId = request.DeviceId,
+            DeviceName = request.DeviceName,
+            Platform = request.Platform,
             AccountId = account.Id
         }.Normalize();
 
@@ -112,14 +105,11 @@ public class AuthController(
             .ThenInclude(e => e.Profile)
             .FirstOrDefaultAsync(e => e.Id == id);
 
-        if (challenge is null)
+        if (challenge is not null) return challenge;
-        {
         logger.LogWarning("GetChallenge: challenge not found (challengeId={ChallengeId}, ip={IpAddress})",
             id, HttpContext.Connection.RemoteIpAddress?.ToString());
         return NotFound("Auth challenge was not found.");
-        }
 
-        return challenge;
     }
 
     [HttpGet("challenge/{id:guid}/factors")]
@@ -176,7 +166,6 @@ public class AuthController(
     {
         var challenge = await db.AuthChallenges
             .Include(e => e.Account)
-            .Include(authChallenge => authChallenge.Client)
             .FirstOrDefaultAsync(e => e.Id == id);
         if (challenge is null) return NotFound("Auth challenge was not found.");
 
@@ -218,7 +207,7 @@ public class AuthController(
                 throw new ArgumentException("Invalid password.");
             }
         }
-        catch (Exception ex)
+        catch (Exception)
         {
             challenge.FailedAttempts++;
             db.Update(challenge);
@@ -231,8 +220,11 @@ public class AuthController(
             );
             await db.SaveChangesAsync();
 
-            logger.LogWarning("DoChallenge: authentication failure (challengeId={ChallengeId}, factorId={FactorId}, accountId={AccountId}, failedAttempts={FailedAttempts}, factorType={FactorType}, ip={IpAddress}, uaLength={UaLength})",
+            logger.LogWarning(
-                challenge.Id, factor.Id, challenge.AccountId, challenge.FailedAttempts, factor.Type, HttpContext.Connection.RemoteIpAddress?.ToString(), (HttpContext.Request.Headers.UserAgent.ToString() ?? "").Length);
+                "DoChallenge: authentication failure (challengeId={ChallengeId}, factorId={FactorId}, accountId={AccountId}, failedAttempts={FailedAttempts}, factorType={FactorType}, ip={IpAddress}, uaLength={UaLength})",
+                challenge.Id, factor.Id, challenge.AccountId, challenge.FailedAttempts, factor.Type,
+                HttpContext.Connection.RemoteIpAddress?.ToString(),
+                HttpContext.Request.Headers.UserAgent.ToString().Length);
 
             return BadRequest("Invalid password.");
         }
@@ -242,11 +234,11 @@ public class AuthController(
             AccountService.SetCultureInfo(challenge.Account);
             await pusher.SendPushNotificationToUserAsync(new SendPushNotificationToUserRequest
             {
-                Notification = new PushNotification()
+                Notification = new PushNotification
                 {
                     Topic = "auth.login",
                     Title = localizer["NewLoginTitle"],
-                    Body = localizer["NewLoginBody", challenge.Client?.DeviceName ?? "unknown",
+                    Body = localizer["NewLoginBody", challenge.DeviceName ?? "unknown",
                         challenge.IpAddress ?? "unknown"],
                     IsSavable = true
                 },
@@ -277,6 +269,14 @@ public class AuthController(
         public string Token { get; set; } = string.Empty;
     }
 
+    public class NewSessionRequest
+    {
+        [Required] [MaxLength(512)] public string DeviceId { get; set; } = null!;
+        [MaxLength(1024)] public string? DeviceName { get; set; }
+        [Required] public Shared.Models.ClientPlatform Platform { get; set; }
+        public Instant? ExpiredAt { get; set; }
+    }
+
     [HttpPost("token")]
     public async Task<ActionResult<TokenExchangeResponse>> ExchangeToken([FromBody] TokenExchangeRequest request)
     {
@@ -327,4 +327,35 @@ public class AuthController(
         });
         return Ok();
     }
+
+    [HttpPost("login/session")]
+    [Microsoft.AspNetCore.Authorization.Authorize] // Use full namespace to avoid ambiguity with DysonNetwork.Pass.Permission.Authorize
+    public async Task<ActionResult<TokenExchangeResponse>> LoginFromSession([FromBody] NewSessionRequest request)
+    {
+        if (HttpContext.Items["CurrentUser"] is not SnAccount ||
+            HttpContext.Items["CurrentSession"] is not SnAuthSession currentSession)
+            return Unauthorized();
+
+        var newSession = await auth.CreateSessionFromParentAsync(
+            currentSession,
+            request.DeviceId,
+            request.DeviceName,
+            request.Platform,
+            request.ExpiredAt
+        );
+
+        var tk = auth.CreateToken(newSession);
+
+        // Set cookie using HttpContext, similar to CreateSessionAndIssueToken
+        HttpContext.Response.Cookies.Append(AuthConstants.CookieTokenName, tk, new CookieOptions
+        {
+            HttpOnly = true,
+            Secure = true,
+            SameSite = SameSiteMode.Lax,
+            Domain = _cookieDomain,
+            Expires = request.ExpiredAt?.ToDateTimeOffset() ?? DateTime.UtcNow.AddYears(20)
+        });
+
+        return Ok(new TokenExchangeResponse { Token = tk });
+    }
 }

DysonNetwork.Pass/Auth/AuthService.cs

@@ -2,6 +2,8 @@ using System.Security.Cryptography;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using DysonNetwork.Shared.Cache;
+using DysonNetwork.Shared.Data;
+using DysonNetwork.Shared.Geometry;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using NodaTime;
@@ -13,7 +15,8 @@ public class AuthService(
     IConfiguration config,
     IHttpClientFactory httpClientFactory,
     IHttpContextAccessor httpContextAccessor,
-    ICacheService cache
+    ICacheService cache,
+    GeoService geo
 )
 {
     private HttpContext HttpContext => httpContextAccessor.HttpContext!;
@@ -30,7 +33,7 @@ public class AuthService(
     {
         // 1) Find out how many authentication factors the account has enabled.
         var enabledFactors = await db.AccountAuthFactors
-            .Where(f => f.AccountId == account.Id)
+            .Where(f => f.AccountId == account.Id && f.Type != AccountAuthFactorType.PinCode)
             .Where(f => f.EnabledAt != null)
             .ToListAsync();
         var maxSteps = enabledFactors.Count;
@@ -41,13 +44,18 @@ public class AuthService(
 
         // 2) Get login context from recent sessions
         var recentSessions = await db.AuthSessions
-            .Include(s => s.Challenge)
             .Where(s => s.AccountId == account.Id)
             .Where(s => s.LastGrantedAt != null)
             .OrderByDescending(s => s.LastGrantedAt)
             .Take(10)
             .ToListAsync();
 
+        var recentChallengeIds =
+            recentSessions
+                .Where(s => s.ChallengeId != null)
+                .Select(s => s.ChallengeId!.Value).ToList();
+        var recentChallenges = await db.AuthChallenges.Where(c => recentChallengeIds.Contains(c.Id)).ToListAsync();
+
         var ipAddress = request.HttpContext.Connection.RemoteIpAddress?.ToString();
         var userAgent = request.Headers.UserAgent.ToString();
 
@@ -59,14 +67,14 @@ public class AuthService(
         else
         {
             // Check if IP has been used before
-            var ipPreviouslyUsed = recentSessions.Any(s => s.Challenge?.IpAddress == ipAddress);
+            var ipPreviouslyUsed = recentChallenges.Any(c => c.IpAddress == ipAddress);
             if (!ipPreviouslyUsed)
             {
                 riskScore += 8;
             }
 
             // Check geographical distance for last known location
-            var lastKnownIp = recentSessions.FirstOrDefault(s => !string.IsNullOrWhiteSpace(s.Challenge?.IpAddress))?.Challenge?.IpAddress;
+            var lastKnownIp = recentChallenges.FirstOrDefault(c => !string.IsNullOrWhiteSpace(c.IpAddress))?.IpAddress;
             if (!string.IsNullOrWhiteSpace(lastKnownIp) && lastKnownIp != ipAddress)
             {
                 riskScore += 6;
@@ -80,9 +88,9 @@ public class AuthService(
         }
         else
         {
-            var uaPreviouslyUsed = recentSessions.Any(s =>
+            var uaPreviouslyUsed = recentChallenges.Any(c =>
-                !string.IsNullOrWhiteSpace(s.Challenge?.UserAgent) &&
+                !string.IsNullOrWhiteSpace(c.UserAgent) &&
-                string.Equals(s.Challenge.UserAgent, userAgent, StringComparison.OrdinalIgnoreCase));
+                string.Equals(c.UserAgent, userAgent, StringComparison.OrdinalIgnoreCase));
 
             if (!uaPreviouslyUsed)
             {
@@ -156,7 +164,7 @@ public class AuthService(
         // 8) Device Trust Assessment
         var trustedDeviceIds = recentSessions
             .Where(s => s.CreatedAt > now.Minus(Duration.FromDays(30))) // Trust devices from last 30 days
-            .Select(s => s.Challenge?.ClientId)
+            .Select(s => s.ClientId)
             .Where(id => id.HasValue)
             .Distinct()
             .ToList();
@@ -180,29 +188,28 @@ public class AuthService(
         return totalRequiredSteps;
     }
 
-    public async Task<SnAuthSession> CreateSessionForOidcAsync(SnAccount account, Instant time,
+    public async Task<SnAuthSession> CreateSessionForOidcAsync(
-        Guid? customAppId = null)
+        SnAccount account,
+        Instant time,
+        Guid? customAppId = null,
+        SnAuthSession? parentSession = null
+    )
     {
-        var challenge = new SnAuthChallenge
+        var ipAddr = HttpContext.Connection.RemoteIpAddress?.ToString();
-        {
+        var geoLocation = ipAddr is not null ? geo.GetPointFromIp(ipAddr) : null;
-            AccountId = account.Id,
-            IpAddress = HttpContext.Connection.RemoteIpAddress?.ToString(),
-            UserAgent = HttpContext.Request.Headers.UserAgent,
-            StepRemain = 1,
-            StepTotal = 1,
-            Type = customAppId is not null ? ChallengeType.OAuth : ChallengeType.Oidc
-        };
-
         var session = new SnAuthSession
         {
             AccountId = account.Id,
             CreatedAt = time,
             LastGrantedAt = time,
-            Challenge = challenge,
+            IpAddress = ipAddr,
-            AppId = customAppId
+            UserAgent = HttpContext.Request.Headers.UserAgent,
+            Location = geoLocation,
+            AppId = customAppId,
+            ParentSessionId = parentSession?.Id,
+            Type = customAppId is not null ? SessionType.OAuth : SessionType.Oidc,
         };
 
-        db.AuthChallenges.Add(challenge);
         db.AuthSessions.Add(session);
         await db.SaveChangesAsync();
 
@@ -216,7 +223,8 @@ public class AuthService(
         ClientPlatform platform = ClientPlatform.Unidentified
     )
     {
-        var device = await db.AuthClients.FirstOrDefaultAsync(d => d.DeviceId == deviceId && d.AccountId == accountId);
+        var device = await db.AuthClients
+            .FirstOrDefaultAsync(d => d.DeviceId == deviceId && d.AccountId == accountId);
         if (device is not null) return device;
         device = new SnAuthClient
         {
@@ -287,35 +295,71 @@ public class AuthService(
 
     /// <summary>
     /// Immediately revoke a session by setting expiry to now and clearing from cache
-    /// This provides immediate invalidation of tokens and sessions
+    /// This provides immediate invalidation of tokens and sessions, including all child sessions recursively.
     /// </summary>
     /// <param name="sessionId">Session ID to revoke</param>
     /// <returns>True if session was found and revoked, false otherwise</returns>
     public async Task<bool> RevokeSessionAsync(Guid sessionId)
     {
-        var session = await db.AuthSessions.FirstOrDefaultAsync(s => s.Id == sessionId);
+        var sessionsToRevokeIds = new HashSet<Guid>();
-        if (session == null)
+        await CollectSessionsToRevoke(sessionId, sessionsToRevokeIds);
+
+        if (sessionsToRevokeIds.Count == 0)
         {
             return false;
         }
 
-        // Set expiry to now (immediate invalidation)
         var now = SystemClock.Instance.GetCurrentInstant();
+        var accountIdsToClearCache = new HashSet<Guid>();
+
+        // Fetch all sessions to be revoked in one go
+        var sessions = await db.AuthSessions
+            .Where(s => sessionsToRevokeIds.Contains(s.Id))
+            .ToListAsync();
+
+        foreach (var session in sessions)
+        {
             session.ExpiredAt = now;
-        db.AuthSessions.Update(session);
+            accountIdsToClearCache.Add(session.AccountId);
 
-        // Clear from cache immediately
+            // Clear from cache immediately for each session
-        var cacheKey = $"{AuthCachePrefix}{session.Id}";
+            await cache.RemoveAsync($"{AuthCachePrefix}{session.Id}");
-        await cache.RemoveAsync(cacheKey);
+        }
-
-        // Clear account-level cache groups that include this session
-        await cache.RemoveAsync($"{AuthCachePrefix}{session.AccountId}");
 
+        db.AuthSessions.UpdateRange(sessions);
         await db.SaveChangesAsync();
 
+        // Clear account-level cache groups
+        foreach (var accountId in accountIdsToClearCache)
+        {
+            await cache.RemoveAsync($"{AuthCachePrefix}{accountId}");
+        }
+
         return true;
     }
 
+    /// <summary>
+    /// Recursively collects all session IDs that need to be revoked, starting from a given session.
+    /// </summary>
+    /// <param name="currentSessionId">The session ID to start collecting from.</param>
+    /// <param name="sessionsToRevoke">A HashSet to store the IDs of all sessions to be revoked.</param>
+    private async Task CollectSessionsToRevoke(Guid currentSessionId, HashSet<Guid> sessionsToRevoke)
+    {
+        if (!sessionsToRevoke.Add(currentSessionId))
+            return; // Already processed this session
+
+        // Find direct children
+        var childSessions = await db.AuthSessions
+            .Where(s => s.ParentSessionId == currentSessionId)
+            .Select(s => s.Id)
+            .ToListAsync();
+
+        foreach (var childId in childSessions)
+        {
+            await CollectSessionsToRevoke(childId, sessionsToRevoke);
+        }
+    }
+
     /// <summary>
     /// Revoke all sessions for an account (logout everywhere)
     /// </summary>
@@ -374,10 +418,12 @@ public class AuthService(
         if (challenge.StepRemain != 0)
             throw new ArgumentException("Challenge not yet completed.");
 
-        var hasSession = await db.AuthSessions
+        var device = await GetOrCreateDeviceAsync(
-            .AnyAsync(e => e.ChallengeId == challenge.Id);
+            challenge.AccountId,
-        if (hasSession)
+            challenge.DeviceId,
-            throw new ArgumentException("Session already exists for this challenge.");
+            challenge.DeviceName,
+            challenge.Platform
+        );
 
         var now = SystemClock.Instance.GetCurrentInstant();
         var session = new SnAuthSession
@@ -385,7 +431,13 @@ public class AuthService(
             LastGrantedAt = now,
             ExpiredAt = now.Plus(Duration.FromDays(7)),
             AccountId = challenge.AccountId,
-            ChallengeId = challenge.Id
+            IpAddress = challenge.IpAddress,
+            UserAgent = challenge.UserAgent,
+            Location = challenge.Location,
+            Scopes = challenge.Scopes,
+            Audiences = challenge.Audiences,
+            ChallengeId = challenge.Id,
+            ClientId = device.Id,
         };
 
         db.AuthSessions.Add(session);
@@ -408,7 +460,7 @@ public class AuthService(
         return tk;
     }
 
-    private string CreateCompactToken(Guid sessionId, RSA rsa)
+    private static string CreateCompactToken(Guid sessionId, RSA rsa)
     {
         // Create the payload: just the session ID
         var payloadBytes = sessionId.ToByteArray();
@@ -499,7 +551,8 @@ public class AuthService(
         return key;
     }
 
-    public async Task<SnApiKey> CreateApiKey(Guid accountId, string label, Instant? expiredAt = null)
+    public async Task<SnApiKey> CreateApiKey(Guid accountId, string label, Instant? expiredAt = null,
+        SnAuthSession? parentSession = null)
     {
         var key = new SnApiKey
         {
@@ -508,7 +561,8 @@ public class AuthService(
             Session = new SnAuthSession
             {
                 AccountId = accountId,
-                ExpiredAt = expiredAt
+                ExpiredAt = expiredAt,
+                ParentSessionId = parentSession?.Id
             },
         };
 
@@ -614,4 +668,47 @@ public class AuthService(
 
         return Convert.FromBase64String(padded);
     }
+
+    /// <summary>
+    /// Creates a new session derived from an existing parent session.
+    /// </summary>
+    /// <param name="parentSession">The existing session from which the new session is derived.</param>
+    /// <param name="deviceId">The ID of the device for the new session.</param>
+    /// <param name="deviceName">The name of the device for the new session.</param>
+    /// <param name="platform">The platform of the device for the new session.</param>
+    /// <param name="expiredAt">Optional: The expiration time for the new session.</param>
+    /// <returns>The newly created SnAuthSession.</returns>
+    public async Task<SnAuthSession> CreateSessionFromParentAsync(
+        SnAuthSession parentSession,
+        string deviceId,
+        string? deviceName,
+        ClientPlatform platform,
+        Instant? expiredAt = null
+    )
+    {
+        var device = await GetOrCreateDeviceAsync(parentSession.AccountId, deviceId, deviceName, platform);
+
+        var ipAddress = HttpContext.Connection.RemoteIpAddress?.ToString();
+        var userAgent = HttpContext.Request.Headers.UserAgent.ToString();
+        var geoLocation = ipAddress is not null ? geo.GetPointFromIp(ipAddress) : null;
+
+        var now = SystemClock.Instance.GetCurrentInstant();
+        var session = new SnAuthSession
+        {
+            IpAddress = ipAddress,
+            UserAgent = userAgent,
+            Location = geoLocation,
+            AccountId = parentSession.AccountId,
+            CreatedAt = now,
+            LastGrantedAt = now,
+            ExpiredAt = expiredAt,
+            ParentSessionId = parentSession.Id,
+            ClientId = device.Id,
+        };
+
+        db.AuthSessions.Add(session);
+        await db.SaveChangesAsync();
+
+        return session;
+    }
 }

DysonNetwork.Pass/Auth/OidcProvider/Controllers/OidcProviderController.cs

@@ -306,7 +306,7 @@ public class OidcProviderController(
             HttpContext.Items["CurrentSession"] is not SnAuthSession currentSession) return Unauthorized();
 
         // Get requested scopes from the token
-        var scopes = currentSession.Challenge?.Scopes ?? [];
+        var scopes = currentSession.Scopes;
 
         var userInfo = new Dictionary<string, object>
         {

DysonNetwork.Pass/Auth/OidcProvider/Models/AuthorizationCodeInfo.cs

@@ -5,7 +5,8 @@ namespace DysonNetwork.Pass.Auth.OidcProvider.Models;
 public class AuthorizationCodeInfo
 {
     public Guid ClientId { get; set; }
-    public Guid AccountId { get; set; }
+    public Guid? AccountId { get; set; }
+    public ExternalUserInfo? ExternalUserInfo { get; set; }
     public string RedirectUri { get; set; } = string.Empty;
     public List<string> Scopes { get; set; } = new();
     public string? CodeChallenge { get; set; }

DysonNetwork.Pass/Auth/OidcProvider/Models/ExternalUserInfo.cs

@@ -0,0 +1,9 @@
+namespace DysonNetwork.Pass.Auth.OidcProvider.Models;
+
+public class ExternalUserInfo
+{
+    public string Provider { get; set; } = null!;
+    public string UserId { get; set; } = null!;
+    public string? Email { get; set; }
+    public string? Name { get; set; }
+}

DysonNetwork.Pass/Auth/OidcProvider/Responses/TokenResponse.cs

@@ -5,7 +5,7 @@ namespace DysonNetwork.Pass.Auth.OidcProvider.Responses;
 public class TokenResponse
 {
     [JsonPropertyName("access_token")]
-    public string AccessToken { get; set; } = null!;
+    public string? AccessToken { get; set; } = null!;
 
     [JsonPropertyName("expires_in")]
     public int ExpiresIn { get; set; }
@@ -22,4 +22,7 @@ public class TokenResponse
 
     [JsonPropertyName("id_token")]
     public string? IdToken { get; set; }
+    
+    [JsonPropertyName("onboarding_token")]
+    public string? OnboardingToken { get; set; }
 }

DysonNetwork.Pass/Auth/OidcProvider/Services/OidcProviderService.cs

@@ -72,7 +72,6 @@ public class OidcProviderService(
         var now = SystemClock.Instance.GetCurrentInstant();
 
         var queryable = db.AuthSessions
-            .Include(s => s.Challenge)
             .AsQueryable();
         if (withAccount)
             queryable = queryable
@@ -85,8 +84,7 @@ public class OidcProviderService(
             .Where(s => s.AccountId == accountId &&
                         s.AppId == clientId &&
                         (s.ExpiredAt == null || s.ExpiredAt > now) &&
-                        s.Challenge != null &&
+                        s.Type == Shared.Models.SessionType.OAuth)
-                        s.Challenge.Type == Shared.Models.ChallengeType.OAuth)
             .OrderByDescending(s => s.CreatedAt)
             .FirstOrDefaultAsync();
     }
@@ -257,18 +255,15 @@ public class OidcProviderService(
     }
 
     private async Task<(SnAuthSession session, string? nonce, List<string>? scopes)> HandleAuthorizationCodeFlowAsync(
-        string authorizationCode,
+        AuthorizationCodeInfo authCode,
-        Guid clientId,
+        Guid clientId
-        string? redirectUri,
-        string? codeVerifier
     )
     {
-        var authCode = await ValidateAuthorizationCodeAsync(authorizationCode, clientId, redirectUri, codeVerifier);
+        if (authCode.AccountId == null)
-        if (authCode == null)
+            throw new InvalidOperationException("Invalid authorization code, account id is missing.");
-            throw new InvalidOperationException("Invalid authorization code");
 
         // Load the session for the user
-        var existingSession = await FindValidSessionAsync(authCode.AccountId, clientId, withAccount: true);
+        var existingSession = await FindValidSessionAsync(authCode.AccountId.Value, clientId, withAccount: true);
 
         SnAuthSession session;
         if (existingSession == null)
@@ -315,12 +310,17 @@ public class OidcProviderService(
 
         var client = await FindClientByIdAsync(clientId) ?? throw new InvalidOperationException("Client not found");
 
-        var (session, nonce, scopes) = authorizationCode != null
+        if (authorizationCode != null)
-            ? await HandleAuthorizationCodeFlowAsync(authorizationCode, clientId, redirectUri, codeVerifier)
+        {
-            : sessionId.HasValue
+            var authCode = await ValidateAuthorizationCodeAsync(authorizationCode, clientId, redirectUri, codeVerifier);
-                ? await HandleRefreshTokenFlowAsync(sessionId.Value)
+            if (authCode == null)
-                : throw new InvalidOperationException("Either authorization code or session ID must be provided");
+            {
+                throw new InvalidOperationException("Invalid authorization code");
+            }
 
+            if (authCode.AccountId.HasValue)
+            {
+                var (session, nonce, scopes) = await HandleAuthorizationCodeFlowAsync(authCode, clientId);
                 var clock = SystemClock.Instance;
                 var now = clock.GetCurrentInstant();
                 var expiresIn = (int)_options.AccessTokenLifetime.TotalSeconds;
@@ -342,6 +342,94 @@ public class OidcProviderService(
                 };
             }
 
+            if (authCode.ExternalUserInfo != null)
+            {
+                var onboardingToken = GenerateOnboardingToken(client, authCode.ExternalUserInfo, authCode.Nonce, authCode.Scopes);
+                return new TokenResponse
+                {
+                    OnboardingToken = onboardingToken,
+                    TokenType = "Onboarding"
+                };
+            }
+
+            throw new InvalidOperationException("Invalid authorization code state.");
+        }
+
+        if (sessionId.HasValue)
+        {
+            var (session, nonce, scopes) = await HandleRefreshTokenFlowAsync(sessionId.Value);
+            var clock = SystemClock.Instance;
+            var now = clock.GetCurrentInstant();
+            var expiresIn = (int)_options.AccessTokenLifetime.TotalSeconds;
+            var expiresAt = now.Plus(Duration.FromSeconds(expiresIn));
+            var accessToken = GenerateJwtToken(client, session, expiresAt, scopes);
+            var idToken = GenerateIdToken(client, session, nonce, scopes);
+            var refreshToken = GenerateRefreshToken(session);
+            return new TokenResponse
+            {
+                AccessToken = accessToken,
+                IdToken = idToken,
+                ExpiresIn = expiresIn,
+                TokenType = "Bearer",
+                RefreshToken = refreshToken,
+                Scope = scopes != null ? string.Join(" ", scopes) : null
+            };
+        }
+
+        throw new InvalidOperationException("Either authorization code or session ID must be provided");
+    }
+
+    private string GenerateOnboardingToken(CustomApp client, ExternalUserInfo externalUserInfo, string? nonce,
+        List<string> scopes)
+    {
+        var tokenHandler = new JwtSecurityTokenHandler();
+        var clock = SystemClock.Instance;
+        var now = clock.GetCurrentInstant();
+
+        var claims = new List<Claim>
+        {
+            new(JwtRegisteredClaimNames.Iss, _options.IssuerUri),
+            new(JwtRegisteredClaimNames.Aud, client.Slug),
+            new(JwtRegisteredClaimNames.Iat, now.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64),
+            new(JwtRegisteredClaimNames.Exp,
+                now.Plus(Duration.FromMinutes(15)).ToUnixTimeSeconds()
+                    .ToString(), ClaimValueTypes.Integer64),
+            new("provider", externalUserInfo.Provider),
+            new("provider_user_id", externalUserInfo.UserId)
+        };
+
+        if (!string.IsNullOrEmpty(externalUserInfo.Email))
+        {
+            claims.Add(new Claim(JwtRegisteredClaimNames.Email, externalUserInfo.Email));
+        }
+
+        if (!string.IsNullOrEmpty(externalUserInfo.Name))
+        {
+            claims.Add(new Claim("name", externalUserInfo.Name));
+        }
+
+        if (!string.IsNullOrEmpty(nonce))
+        {
+            claims.Add(new Claim("nonce", nonce));
+        }
+
+        var tokenDescriptor = new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(claims),
+            Issuer = _options.IssuerUri,
+            Audience = client.Slug,
+            Expires = now.Plus(Duration.FromMinutes(15)).ToDateTimeUtc(),
+            NotBefore = now.ToDateTimeUtc(),
+            SigningCredentials = new SigningCredentials(
+                new RsaSecurityKey(_options.GetRsaPrivateKey()),
+                SecurityAlgorithms.RsaSha256
+            )
+        };
+
+        var token = tokenHandler.CreateToken(tokenDescriptor);
+        return tokenHandler.WriteToken(token);
+    }
+
     private string GenerateJwtToken(
         CustomApp client,
         SnAuthSession session,
@@ -421,7 +509,6 @@ public class OidcProviderService(
     {
         return await db.AuthSessions
             .Include(s => s.Account)
-            .Include(s => s.Challenge)
             .FirstOrDefaultAsync(s => s.Id == sessionId);
     }
 
@@ -440,12 +527,6 @@ public class OidcProviderService(
         string? nonce = null
     )
     {
-        // Generate a random code
-        var clock = SystemClock.Instance;
-        var code = GenerateRandomString(32);
-        var now = clock.GetCurrentInstant();
-
-        // Create the authorization code info
         var authCodeInfo = new AuthorizationCodeInfo
         {
             ClientId = clientId,
@@ -455,17 +536,47 @@ public class OidcProviderService(
             CodeChallenge = codeChallenge,
             CodeChallengeMethod = codeChallengeMethod,
             Nonce = nonce,
-            CreatedAt = now
+            CreatedAt = SystemClock.Instance.GetCurrentInstant()
         };
 
-        // Store the code with its metadata in the cache
+        return await StoreAuthorizationCode(authCodeInfo);
+    }
+
+    public async Task<string> GenerateAuthorizationCodeAsync(
+        Guid clientId,
+        ExternalUserInfo externalUserInfo,
+        string redirectUri,
+        IEnumerable<string> scopes,
+        string? codeChallenge = null,
+        string? codeChallengeMethod = null,
+        string? nonce = null
+    )
+    {
+        var authCodeInfo = new AuthorizationCodeInfo
+        {
+            ClientId = clientId,
+            ExternalUserInfo = externalUserInfo,
+            RedirectUri = redirectUri,
+            Scopes = scopes.ToList(),
+            CodeChallenge = codeChallenge,
+            CodeChallengeMethod = codeChallengeMethod,
+            Nonce = nonce,
+            CreatedAt = SystemClock.Instance.GetCurrentInstant()
+        };
+
+        return await StoreAuthorizationCode(authCodeInfo);
+    }
+
+    private async Task<string> StoreAuthorizationCode(AuthorizationCodeInfo authCodeInfo)
+    {
+        var code = GenerateRandomString(32);
         var cacheKey = $"{CacheKeyPrefixAuthCode}{code}";
         await cache.SetAsync(cacheKey, authCodeInfo, _options.AuthorizationCodeLifetime);
-
+        logger.LogInformation("Generated authorization code for client {ClientId}", authCodeInfo.ClientId);
-        logger.LogInformation("Generated authorization code for client {ClientId} and user {UserId}", clientId, userId);
         return code;
     }
 
+
     private async Task<AuthorizationCodeInfo?> ValidateAuthorizationCodeAsync(
         string code,
         Guid clientId,

DysonNetwork.Pass/Auth/OpenId/ConnectionController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using DysonNetwork.Shared.Cache;
+using Microsoft.AspNetCore.WebUtilities;
 using NodaTime;
 using DysonNetwork.Shared.Models;
 
@@ -17,7 +18,8 @@ public class ConnectionController(
     AccountService accounts,
     AuthService auth,
     ICacheService cache,
-    IConfiguration configuration
+    IConfiguration configuration,
+    ILogger<ConnectionController> logger
 ) : ControllerBase
 {
     private const string StateCachePrefix = "oidc-state:";
@@ -152,8 +154,13 @@ public class ConnectionController(
         {
             var stateValue = await cache.GetAsync<string>(stateKey);
             if (string.IsNullOrEmpty(stateValue) || !OidcState.TryParse(stateValue, out oidcState) || oidcState == null)
+            {
+                logger.LogWarning("Invalid or expired OIDC state: {State}", callbackData.State);
                 return BadRequest("Invalid or expired state parameter");
             }
+        }
+        
+        logger.LogInformation("OIDC callback for provider {Provider} with state {State} and flow {FlowType}", provider, callbackData.State, oidcState.FlowType);
 
         // Remove the state from cache to prevent replay attacks
         await cache.RemoveAsync(stateKey);
@@ -166,19 +173,24 @@ public class ConnectionController(
             {
                 callbackData.State = oidcState.DeviceId;
             }
+            
             return await HandleManualConnection(provider, oidcService, callbackData, oidcState.AccountId.Value);
         }
-        else if (oidcState.FlowType == OidcFlowType.Login)
+
+        if (oidcState.FlowType == OidcFlowType.Login)
         {
             // Login/Registration flow
             if (!string.IsNullOrEmpty(oidcState.DeviceId))
-            {
                 callbackData.State = oidcState.DeviceId;
-            }
 
             // Store return URL if provided
             if (string.IsNullOrEmpty(oidcState.ReturnUrl) || oidcState.ReturnUrl == "/")
+            {
+                logger.LogInformation("No returnUrl provided in OIDC state, will use default.");
                 return await HandleLoginOrRegistration(provider, oidcService, callbackData);
+            }
+            
+            logger.LogInformation("Storing returnUrl {ReturnUrl} for state {State}", oidcState.ReturnUrl, callbackData.State);
             var returnUrlKey = $"{ReturnUrlCachePrefix}{callbackData.State}";
             await cache.SetAsync(returnUrlKey, oidcState.ReturnUrl, StateExpiration);
 
@@ -204,6 +216,7 @@ public class ConnectionController(
         }
         catch (Exception ex)
         {
+            logger.LogError(ex, "Error processing OIDC callback for provider {Provider} during connection flow", provider);
             return BadRequest($"Error processing {provider} authentication: {ex.Message}");
         }
 
@@ -268,8 +281,9 @@ public class ConnectionController(
         {
             await db.SaveChangesAsync();
         }
-        catch (DbUpdateException)
+        catch (DbUpdateException ex)
         {
+            logger.LogError(ex, "Failed to save OIDC connection for provider {Provider}", provider);
             return StatusCode(500, $"Failed to save {provider} connection. Please try again.");
         }
 
@@ -279,8 +293,10 @@ public class ConnectionController(
         await cache.RemoveAsync(returnUrlKey);
 
         var siteUrl = configuration["SiteUrl"];
+        var redirectUrl = string.IsNullOrEmpty(returnUrl) ? siteUrl + "/auth/callback" : returnUrl;
         
-        return Redirect(string.IsNullOrEmpty(returnUrl) ? siteUrl + "/auth/callback" : returnUrl);
+        logger.LogInformation("Redirecting after OIDC connection to {RedirectUrl}", redirectUrl);
+        return Redirect(redirectUrl);
     }
 
     private async Task<IActionResult> HandleLoginOrRegistration(
@@ -296,6 +312,7 @@ public class ConnectionController(
         }
         catch (Exception ex)
         {
+            logger.LogError(ex, "Error processing OIDC callback for provider {Provider} during login/registration flow", provider);
             return BadRequest($"Error processing callback: {ex.Message}");
         }
 
@@ -304,11 +321,20 @@ public class ConnectionController(
             return BadRequest($"Email or user ID is missing from {provider}'s response");
         }
         
+        // Retrieve and clean up the return URL
+        var returnUrlKey = $"{ReturnUrlCachePrefix}{callbackData.State}";
+        var returnUrl = await cache.GetAsync<string>(returnUrlKey);
+        await cache.RemoveAsync(returnUrlKey);
+
+        var siteUrl = configuration["SiteUrl"];
+        var redirectBaseUrl = string.IsNullOrEmpty(returnUrl) ? siteUrl + "/auth/callback" : returnUrl;
+
         var connection = await db.AccountConnections
             .Include(c => c.Account)
             .FirstOrDefaultAsync(c => c.Provider == provider && c.ProvidedIdentifier == userInfo.UserId);
 
         var clock = SystemClock.Instance;
+        
         if (connection != null)
         {
             // Login existing user
@@ -316,12 +342,21 @@ public class ConnectionController(
                 callbackData.State.Split('|').FirstOrDefault() :
                 string.Empty;
 
-            var challenge = await oidcService.CreateChallengeForUserAsync(
+            if (HttpContext.Items["CurrentSession"] is not SnAuthSession parentSession) parentSession = null;
+            
+            var session = await oidcService.CreateSessionForUserAsync(
                 userInfo,
                 connection.Account,
                 HttpContext,
-                deviceId ?? string.Empty);
+                deviceId ?? string.Empty,
-            return Redirect($"/auth/callback?challenge={challenge.Id}");
+                null,
+                ClientPlatform.Web,
+                parentSession);
+            
+            var token = auth.CreateToken(session);
+            var redirectUrl = QueryHelpers.AddQueryString(redirectBaseUrl, "token", token);
+            logger.LogInformation("OIDC login successful for user {UserId}. Redirecting to {RedirectUrl}", connection.AccountId, redirectUrl);
+            return Redirect(redirectUrl);
         }
 
         // Register new user
@@ -345,9 +380,9 @@ public class ConnectionController(
         var loginSession = await auth.CreateSessionForOidcAsync(account, clock.GetCurrentInstant());
         var loginToken = auth.CreateToken(loginSession);
 
-        var siteUrl = configuration["SiteUrl"];
+        var finalRedirectUrl = QueryHelpers.AddQueryString(redirectBaseUrl, "token", loginToken);
-
+        logger.LogInformation("OIDC registration successful for new user {UserId}. Redirecting to {RedirectUrl}", account.Id, finalRedirectUrl);
-        return Redirect(siteUrl + $"/auth/callback?token={loginToken}");
+        return Redirect(finalRedirectUrl);
     }
 
     private static async Task<OidcCallbackData> ExtractCallbackData(HttpRequest request)

DysonNetwork.Pass/Auth/OpenId/OidcController.cs

@@ -14,7 +14,9 @@ public class OidcController(
     IServiceProvider serviceProvider,
     AppDatabase db,
     AccountService accounts,
-    ICacheService cache
+    AuthService auth,
+    ICacheService cache,
+    ILogger<OidcController> logger
 )
     : ControllerBase
 {
@@ -25,15 +27,17 @@ public class OidcController(
     public async Task<ActionResult> OidcLogin(
         [FromRoute] string provider,
         [FromQuery] string? returnUrl = "/",
-        [FromHeader(Name = "X-Device-Id")] string? deviceId = null
+        [FromQuery] string? deviceId = null,
+        [FromQuery] string? flow = null
     )
     {
+        logger.LogInformation("OIDC login request for provider {Provider} with returnUrl {ReturnUrl}, deviceId {DeviceId} and flow {Flow}", provider, returnUrl, deviceId, flow);
         try
         {
             var oidcService = GetOidcService(provider);
 
             // If the user is already authenticated, treat as an account connection request
-            if (HttpContext.Items["CurrentUser"] is SnAccount currentUser)
+            if (flow != "login" && HttpContext.Items["CurrentUser"] is SnAccount currentUser)
             {
                 var state = Guid.NewGuid().ToString();
                 var nonce = Guid.NewGuid().ToString();
@@ -41,6 +45,7 @@ public class OidcController(
                 // Create and store connection state
                 var oidcState = OidcState.ForConnection(currentUser.Id, provider, nonce, deviceId);
                 await cache.SetAsync($"{StateCachePrefix}{state}", oidcState, StateExpiration);
+                logger.LogInformation("OIDC connection flow started for user {UserId} with state {State}", currentUser.Id, state);
 
                 // The state parameter sent to the provider is the GUID key for the cache.
                 var authUrl = await oidcService.GetAuthorizationUrlAsync(state, nonce);
@@ -54,12 +59,14 @@ public class OidcController(
                 // Create login state with return URL and device ID
                 var oidcState = OidcState.ForLogin(returnUrl ?? "/", deviceId);
                 await cache.SetAsync($"{StateCachePrefix}{state}", oidcState, StateExpiration);
+                logger.LogInformation("OIDC login flow started with state {State} and returnUrl {ReturnUrl}", state, oidcState.ReturnUrl);
                 var authUrl = await oidcService.GetAuthorizationUrlAsync(state, nonce);
                 return Redirect(authUrl);
             }
         }
         catch (Exception ex)
         {
+            logger.LogError(ex, "Error initiating OIDC flow for provider {Provider}", provider);
             return BadRequest($"Error initiating OpenID Connect flow: {ex.Message}");
         }
     }
@@ -69,7 +76,7 @@ public class OidcController(
     /// Handles Apple authentication directly from mobile apps
     /// </summary>
     [HttpPost("apple/mobile")]
-    public async Task<ActionResult<SnAuthChallenge>> AppleMobileLogin(
+    public async Task<ActionResult<AuthController.TokenExchangeResponse>> AppleMobileLogin(
         [FromBody] AppleMobileSignInRequest request
     )
     {
@@ -92,16 +99,21 @@ public class OidcController(
             // Find or create user account using existing logic
             var account = await FindOrCreateAccount(userInfo, "apple");
 
+            if (HttpContext.Items["CurrentSession"] is not SnAuthSession parentSession) parentSession = null;
+            
             // Create session using the OIDC service
-            var challenge = await appleService.CreateChallengeForUserAsync(
+            var session = await appleService.CreateSessionForUserAsync(
                 userInfo,
                 account,
                 HttpContext,
                 request.DeviceId,
-                request.DeviceName
+                request.DeviceName,
+                ClientPlatform.Ios,
+                parentSession
             );
             
-            return Ok(challenge);
+            var token = auth.CreateToken(session);
+            return Ok(new AuthController.TokenExchangeResponse { Token = token });
         }
         catch (SecurityTokenValidationException ex)
         {

DysonNetwork.Pass/Auth/OpenId/OidcService.cs

@@ -1,4 +1,3 @@
-using System;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Cryptography;
 using System.Text;
@@ -250,15 +249,17 @@ public abstract class OidcService(
     }
 
     /// <summary>
-    /// Creates a challenge and session for an authenticated user
+    /// Creates a session for an authenticated user
     /// Also creates or updates the account connection
     /// </summary>
-    public async Task<SnAuthChallenge> CreateChallengeForUserAsync(
+    public async Task<SnAuthSession> CreateSessionForUserAsync(
         OidcUserInfo userInfo,
         SnAccount account,
         HttpContext request,
         string deviceId,
-        string? deviceName = null
+        string? deviceName = null,
+        ClientPlatform platform = ClientPlatform.Web,
+        SnAuthSession? parentSession = null
     )
     {
         // Create or update the account connection
@@ -282,28 +283,24 @@ public abstract class OidcService(
             await Db.AccountConnections.AddAsync(connection);
         }
 
-        // Create a challenge that's already completed
+        // Create a session directly
         var now = SystemClock.Instance.GetCurrentInstant();
-        var device = await auth.GetOrCreateDeviceAsync(account.Id, deviceId, deviceName, ClientPlatform.Ios);
+        var device = await auth.GetOrCreateDeviceAsync(account.Id, deviceId, deviceName, platform);
-        var challenge = new SnAuthChallenge
-        {
-            ExpiredAt = now.Plus(Duration.FromHours(1)),
-            StepTotal = await auth.DetectChallengeRisk(request.Request, account),
-            Type = ChallengeType.Oidc,
-            Audiences = [ProviderName],
-            Scopes = ["*"],
-            AccountId = account.Id,
-            ClientId = device.Id,
-            IpAddress = request.Connection.RemoteIpAddress?.ToString() ?? null,
-            UserAgent = request.Request.Headers.UserAgent,
-        };
-        challenge.StepRemain--;
-        if (challenge.StepRemain < 0) challenge.StepRemain = 0;
 
-        await Db.AuthChallenges.AddAsync(challenge);
+        var session = new SnAuthSession
+        {
+            AccountId = account.Id,
+            CreatedAt = now,
+            LastGrantedAt = now,
+            ParentSessionId = parentSession?.Id,
+            ClientId = device.Id,
+            ExpiredAt = now.Plus(Duration.FromDays(30))
+        };
+
+        await Db.AuthSessions.AddAsync(session);
         await Db.SaveChangesAsync();
 
-        return challenge;
+        return session;
     }
 }
 

DysonNetwork.Pass/Auth/TokenAuthService.cs

@@ -77,7 +77,7 @@ public class TokenAuthService(
                     "AuthenticateTokenAsync: success via cache (sessionId={SessionId}, accountId={AccountId}, scopes={ScopeCount}, expiresAt={ExpiresAt})",
                     sessionId,
                     session.AccountId,
-                    session.Challenge?.Scopes.Count,
+                    session.Scopes.Count,
                     session.ExpiredAt
                 );
                 return (true, session, null);
@@ -87,8 +87,7 @@ public class TokenAuthService(
 
             session = await db.AuthSessions
                 .AsNoTracking()
-                .Include(e => e.Challenge)
+                .Include(e => e.Client)
-                .ThenInclude(e => e.Client)
                 .Include(e => e.Account)
                 .ThenInclude(e => e.Profile)
                 .FirstOrDefaultAsync(s => s.Id == sessionId);
@@ -110,11 +109,11 @@ public class TokenAuthService(
                 "AuthenticateTokenAsync: DB session loaded (sessionId={SessionId}, accountId={AccountId}, clientId={ClientId}, appId={AppId}, scopes={ScopeCount}, ip={Ip}, uaLen={UaLen})",
                 sessionId,
                 session.AccountId,
-                session.Challenge?.ClientId,
+                session.ClientId,
                 session.AppId,
-                session.Challenge?.Scopes.Count,
+                session.Scopes.Count,
-                session.Challenge?.IpAddress,
+                session.IpAddress,
-                (session.Challenge?.UserAgent ?? string.Empty).Length
+                (session.UserAgent ?? string.Empty).Length
             );
 
             logger.LogDebug("AuthenticateTokenAsync: enriching account with subscription (accountId={AccountId})", session.AccountId);
@@ -143,7 +142,7 @@ public class TokenAuthService(
                 "AuthenticateTokenAsync: success via DB (sessionId={SessionId}, accountId={AccountId}, clientId={ClientId})",
                 sessionId,
                 session.AccountId,
-                session.Challenge?.ClientId
+                session.ClientId
             );
             return (true, session, null);
         }

DysonNetwork.Pass/Dockerfile

@@ -1,12 +1,12 @@
 # Stage 1: Base runtime image
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS base
 USER $APP_UID
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081
 
 # Stage 2: Build .NET application
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 WORKDIR /src
 
 # Copy .csproj and restore as distinct layers

DysonNetwork.Pass/DysonNetwork.Pass.csproj

@@ -1,48 +1,32 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net9.0</TargetFramework>
+        <TargetFramework>net10.0</TargetFramework>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
     </PropertyGroup>
 
     <ItemGroup>
         <PackageReference Include="Grpc.AspNetCore.Server" Version="2.71.0" />
-        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" />
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.10">
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.11">
-            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
           <PrivateAssets>all</PrivateAssets>
+          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
         <PackageReference Include="Nager.Holiday" Version="1.0.1" />
-        <PackageReference Include="Nerdbank.GitVersioning" Version="3.8.118">
-            <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-            <PrivateAssets>all</PrivateAssets>
-        </PackageReference>
         <PackageReference Include="NodaTime" Version="3.2.2" />
         <PackageReference Include="NodaTime.Serialization.JsonNet" Version="3.2.0" />
         <PackageReference Include="NodaTime.Serialization.Protobuf" Version="2.0.2" />
         <PackageReference Include="NodaTime.Serialization.SystemTextJson" Version="1.3.0" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.Design" Version="1.1.0" />
-        <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL.NodaTime" Version="9.0.4" />
         <PackageReference Include="OpenGraph-Net" Version="4.0.1" />
-        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.13.1" />
-        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.13.1" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.13.0" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.13.0" />
-        <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.13.0" />
         <PackageReference Include="Otp.NET" Version="1.4.0" />
         <PackageReference Include="Quartz" Version="3.15.1" />
         <PackageReference Include="Quartz.AspNetCore" Version="3.15.1" />
         <PackageReference Include="Quartz.Extensions.Hosting" Version="3.15.1" />
         <PackageReference Include="BCrypt.Net-Next" Version="4.0.3" />
-        <PackageReference Include="EFCore.BulkExtensions" Version="9.0.2" />
         <PackageReference Include="EFCore.BulkExtensions.PostgreSql" Version="9.0.2" />
-        <PackageReference Include="EFCore.NamingConventions" Version="9.0.0" />
         <PackageReference Include="SpotifyAPI.Web" Version="7.2.1" />
-        <PackageReference Include="SteamWebAPI2" Version="4.4.1" />
+        <PackageReference Include="SteamWebAPI2" Version="5.0.0" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.6" />
-        <PackageReference Include="Swashbuckle.AspNetCore.SwaggerUI" Version="9.0.6" />
     </ItemGroup>
 
     <ItemGroup>

DysonNetwork.Pass/Handlers/ActionLogFlushHandler.cs

@@ -6,16 +6,17 @@ using Quartz;
 
 namespace DysonNetwork.Pass.Handlers;
 
-public class ActionLogFlushHandler(IServiceProvider serviceProvider) : IFlushHandler<SnActionLog>
+public class ActionLogFlushHandler(IServiceProvider sp) : IFlushHandler<SnActionLog>
 {
     public async Task FlushAsync(IReadOnlyList<SnActionLog> items)
     {
-        using var scope = serviceProvider.CreateScope();
+        using var scope = sp.CreateScope();
         var db = scope.ServiceProvider.GetRequiredService<AppDatabase>();
 
+        var now = SystemClock.Instance.GetCurrentInstant();
         await db.BulkInsertAsync(items.Select(x =>
         {
-            x.CreatedAt = SystemClock.Instance.GetCurrentInstant();
+            x.CreatedAt = now;
             x.UpdatedAt = x.CreatedAt;
             return x;
         }), config => config.ConflictOption = ConflictOption.Ignore);

DysonNetwork.Pass/Leveling/ExperienceService.cs

@@ -24,7 +24,7 @@ public class ExperienceService(AppDatabase db, SubscriptionService subscriptions
             {
                 SubscriptionType.Stellar => 1.5,
                 SubscriptionType.Nova => 2,
-                SubscriptionType.Supernova => 2,
+                SubscriptionType.Supernova => 2.5,
                 _ => 1
             };
             if (record.Delta >= 0)

DysonNetwork.Pass/Lotteries/LotteryController.cs

@@ -2,6 +2,7 @@ using System.ComponentModel.DataAnnotations;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Pass.Wallet;
 using DysonNetwork.Pass.Permission;
+using DysonNetwork.Shared.Auth;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -81,7 +82,7 @@ public class LotteryController(AppDatabase db, LotteryService lotteryService) :
 
     [HttpPost("draw")]
     [Authorize]
-    [RequiredPermission("maintenance", "lotteries.draw.perform")]
+    [AskPermission("lotteries.draw.perform")]
     public async Task<IActionResult> PerformLotteryDraw()
     {
         await lotteryService.DrawLotteries();

DysonNetwork.Pass/Migrations/20250907065433_RefactorGeoIpPoint.cs

@@ -1,4 +1,4 @@
-using DysonNetwork.Shared.GeoIp;
+using DysonNetwork.Shared.Geometry;
 using Microsoft.EntityFrameworkCore.Migrations;
 using NetTopologySuite.Geometries;
 

DysonNetwork.Pass/Migrations/20251003061315_AddSubscriptionGift.Designer.cs

@@ -3,7 +3,7 @@ using System;
 using System.Collections.Generic;
 using System.Text.Json;
 using DysonNetwork.Pass;
-using DysonNetwork.Shared.GeoIp;
+using DysonNetwork.Shared.Geometry;
 using DysonNetwork.Shared.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Infrastructure;
@@ -445,7 +445,7 @@ namespace DysonNetwork.Pass.Migrations
                         .HasColumnType("timestamp with time zone")
                         .HasColumnName("last_seen_at");
 
-                    b.Property<List<ProfileLink>>("Links")
+                    b.Property<List<SnProfileLink>>("Links")
                         .HasColumnType("jsonb")
                         .HasColumnName("links");