Added Github API rate limiting

- Implemented comprehensive GitHub API rate limit handling:
    - Integrated @octokit/plugin-throttling for automatic retry with exponential backoff
    - Added RateLimitManager service to track and enforce rate limits
    - Store rate limit status in database for persistence across restarts
    - Automatic pause and resume when limits are exceeded
    - Proper user identification for 5000 req/hr authenticated limit (vs 60 unauthenticated)

  - Improved rate limit UI/UX:
    - Removed intrusive rate limit card from dashboard
    - Toast notifications only at critical thresholds (80% and 100% usage)
    - All rate limit events logged for debugging

  - Optimized for GitHub's API constraints:
    - Reduced default batch size from 10 to 5 repositories
    - Added documentation about GitHub's 100 concurrent request limit
    - Better handling of repositories with many issues/PRs

.env.example

@@ -18,6 +18,7 @@ DATABASE_URL=sqlite://data/gitea-mirror.db
 # Generate with: openssl rand -base64 32
 BETTER_AUTH_SECRET=change-this-to-a-secure-random-string-in-production
 BETTER_AUTH_URL=http://localhost:4321
+# PUBLIC_BETTER_AUTH_URL=https://your-domain.com  # Optional: Set this if accessing from different origins (e.g., IP and domain)
 # ENCRYPTION_SECRET=optional-encryption-key-for-token-encryption # Generate with: openssl rand -base64 48
 
 # ===========================================
@@ -94,6 +95,7 @@ DOCKER_TAG=latest
 
 # Release and Metadata
 # MIRROR_RELEASES=false  # Mirror GitHub releases
+# RELEASE_LIMIT=10  # Maximum number of releases to mirror per repository
 # MIRROR_WIKI=false  # Mirror wiki content
 
 # Issue Tracking (requires MIRROR_METADATA=true)
@@ -109,8 +111,10 @@ DOCKER_TAG=latest
 # ===========================================
 
 # Basic Schedule Settings
-# SCHEDULE_ENABLED=false
+# SCHEDULE_ENABLED=false  # When true, auto-imports and mirrors all repos on startup (v3.5.3+)
 # SCHEDULE_INTERVAL=3600  # Interval in seconds or cron expression (e.g., "0 2 * * *")
+# GITEA_MIRROR_INTERVAL=8h  # Mirror sync interval (5m, 30m, 1h, 8h, 24h, 1d, 7d) - also triggers auto-start
+# AUTO_IMPORT_REPOS=true  # Automatically discover and import new GitHub repositories during syncs
 # DELAY=3600  # Legacy: same as SCHEDULE_INTERVAL, kept for backward compatibility
 
 # Execution Settings
@@ -148,11 +152,11 @@ DOCKER_TAG=latest
 # CLEANUP_ENABLED=false
 # CLEANUP_RETENTION_DAYS=7  # Days to keep events
 
-# Repository Cleanup
+# Repository Cleanup (v3.4.0+)
 # CLEANUP_DELETE_FROM_GITEA=false  # Delete repos from Gitea
-# CLEANUP_DELETE_IF_NOT_IN_GITHUB=true  # Delete if not in GitHub - automatically enables cleanup
+# CLEANUP_DELETE_IF_NOT_IN_GITHUB=false  # Auto-remove repos that no longer exist in GitHub
 # CLEANUP_ORPHANED_REPO_ACTION=archive  # Options: skip, archive, delete
-# CLEANUP_DRY_RUN=true  # Test mode without actual deletion
+# CLEANUP_DRY_RUN=true  # Test mode without actual deletion (set to false for production)
 
 # Protected Repositories (comma-separated)
 # CLEANUP_PROTECTED_REPOS=important-repo,critical-project

AGENTS.md

@@ -0,0 +1,46 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+- `src/` – app code
+  - `components/` (React, PascalCase files), `pages/` (Astro/API routes), `lib/` (domain + utilities, kebab-case), `hooks/`, `layouts/`, `styles/`, `tests/`, `types/`, `data/`, `content/`.
+- `scripts/` – operational TS scripts (DB init, recovery): e.g., `scripts/manage-db.ts`.
+- `drizzle/` – SQL migrations; `data/` – runtime SQLite (`gitea-mirror.db`).
+- `public/` – static assets; `dist/` – build output.
+- Key config: `astro.config.mjs`, `tsconfig.json` (alias `@/* → src/*`), `bunfig.toml` (test preload), `.env(.example)`.
+
+## Build, Test, and Development Commands
+- Prereq: Bun `>= 1.2.9` (see `package.json`).
+- Setup: `bun run setup` – install deps and init DB.
+- Dev: `bun run dev` – start Astro dev server.
+- Build: `bun run build` – produce `dist/`.
+- Preview/Start: `bun run preview` (static preview) or `bun run start` (SSR entry).
+- Database: `bun run db:generate|migrate|push|studio` and `bun run manage-db init|check|fix|reset-users`.
+- Tests: `bun test` | `bun run test:watch` | `bun run test:coverage`.
+- Docker: see `docker-compose.yml` and variants in repo root.
+
+## Coding Style & Naming Conventions
+- Language: TypeScript, Astro, React.
+- Indentation: 2 spaces; keep existing semicolon/quote style in touched files.
+- Components: PascalCase `.tsx` in `src/components/` (e.g., `MainLayout.tsx`).
+- Modules/utils: kebab-case in `src/lib/` (e.g., `gitea-enhanced.ts`).
+- Imports: prefer alias `@/…` (configured in `tsconfig.json`).
+- Do not introduce new lint/format configs; follow current patterns.
+
+## Testing Guidelines
+- Runner: Bun test (`bun:test`) with preload `src/tests/setup.bun.ts` (see `bunfig.toml`).
+- Location/Names: `**/*.test.ts(x)` under `src/**` (examples in `src/lib/**`).
+- Scope: add unit tests for new logic and API route tests for handlers.
+- Aim for meaningful coverage on DB, auth, and mirroring paths.
+
+## Commit & Pull Request Guidelines
+- Commits: short, imperative, scoped when helpful (e.g., `lib: fix token parsing`, `ui: align buttons`).
+- PRs must include:
+  - Summary, rationale, and testing steps/commands.
+  - Linked issues (e.g., `Closes #123`).
+  - Screenshots/gifs for UI changes.
+  - Notes on DB/migration or .env impacts; update `docs/`/CHANGELOG if applicable.
+
+## Security & Configuration Tips
+- Never commit secrets. Copy `.env.example` → `.env` and fill values; prefer `bun run startup-env-config` to validate.
+- SQLite files live in `data/`; avoid committing generated DBs.
+- Certificates (if used) reside in `certs/`; manage locally or via Docker secrets.

CLAUDE.md

@@ -208,6 +208,24 @@ Repositories can have the following statuses:
 - **deleting**: Repository being deleted
 - **deleted**: Repository deleted
 
+### Scheduling and Synchronization (Issue #72 Fixes)
+
+#### Fixed Issues
+1. **Mirror Interval Bug**: Added `mirror_interval` parameter to Gitea API calls when creating mirrors (previously defaulted to 24h)
+2. **Auto-Discovery**: Scheduler now automatically discovers and imports new GitHub repositories
+3. **Interval Updates**: Sync operations now update existing mirrors' intervals to match configuration
+4. **Repository Cleanup**: Integrated automatic cleanup of orphaned repositories (repos removed from GitHub)
+
+#### Environment Variables for Auto-Import
+- **AUTO_IMPORT_REPOS**: Set to `false` to disable automatic repository discovery (default: enabled)
+
+#### How Scheduling Works
+- **Scheduler Service**: Runs every minute to check for scheduled tasks
+- **Sync Interval**: Configured via `GITEA_MIRROR_INTERVAL` or UI (e.g., "8h", "30m", "1d")
+- **Auto-Import**: Checks GitHub for new repositories during each scheduled sync
+- **Auto-Cleanup**: Removes repositories that no longer exist in GitHub (if enabled)
+- **Mirror Interval Update**: Updates Gitea's internal mirror interval during sync operations
+
 ### Authentication Configuration
 
 #### SSO Provider Configuration

README.md

@@ -40,7 +40,10 @@ First user signup becomes admin. Configure GitHub and Gitea through the web inte
 - 🚫 **Repository ignore** - Mark specific repos to skip
 - 🔐 Secure authentication with Better Auth (email/password, SSO, OIDC)
 - 📊 Real-time dashboard with activity logs
-- ⏱️ Scheduled automatic mirroring with flexible intervals
+- ⏱️ Scheduled automatic mirroring with configurable intervals
+- 🔄 **Auto-discovery** - Automatically import new GitHub repositories (v3.4.0+)
+- 🧹 **Repository cleanup** - Auto-remove repos deleted from GitHub (v3.4.0+)
+- 🎯 **Proper mirror intervals** - Respects configured sync intervals (v3.4.0+)
 - 🗑️ Automatic database cleanup with configurable retention
 - 🐳 Dockerized with multi-arch support (AMD64/ARM64)
 
@@ -204,25 +207,62 @@ Enable in Settings → Mirror Options → Mirror metadata
 - **Automatic Cleanup** - Configure retention period for activity logs
 - **Scheduled Sync** - Set custom intervals for automatic mirroring
 
-### Automatic Mirroring
+### Automatic Syncing & Synchronization
 
-Gitea Mirror can automatically sync your repositories at regular intervals. There are two ways to configure this:
+Gitea Mirror provides powerful automatic synchronization features:
 
-#### Via Web Interface (Recommended)
-Navigate to the Configuration page and enable "Automatic Mirroring" with your preferred interval (e.g., every 6 hours, daily, etc.).
+#### Features (v3.4.0+)
+- **Auto-discovery**: Automatically discovers and imports new GitHub repositories
+- **Repository cleanup**: Removes repositories that no longer exist in GitHub
+- **Proper intervals**: Mirrors respect your configured sync intervals (not Gitea's default 24h)
+- **Smart scheduling**: Only syncs repositories that need updating
+- **Auto-start on boot** (v3.5.3+): Automatically imports and mirrors all repositories when `SCHEDULE_ENABLED=true` or `GITEA_MIRROR_INTERVAL` is set - no manual clicks required!
 
-#### Via Environment Variables
-Set `GITEA_MIRROR_INTERVAL` to automatically enable scheduled mirroring:
+#### Configuration via Web Interface (Recommended)
+Navigate to the Configuration page and enable "Automatic Syncing" with your preferred interval.
+
+#### Configuration via Environment Variables
+
+**🚀 Set it and forget it!** With these environment variables, Gitea Mirror will automatically:
+1. **Import** all your GitHub repositories on startup (no manual import needed!)
+2. **Mirror** them to Gitea immediately  
+3. **Keep them synchronized** based on your interval
+4. **Auto-discover** new repos you create/star on GitHub
+5. **Clean up** repos you delete from GitHub
 
 ```bash
-# Examples of supported formats:
+# Option 1: Enable automatic scheduling (triggers auto-start)
+SCHEDULE_ENABLED=true
+SCHEDULE_INTERVAL=3600        # Check every hour (or use cron: "0 * * * *")
+
+# Option 2: Set mirror interval (also triggers auto-start)
 GITEA_MIRROR_INTERVAL=8h     # Every 8 hours
-GITEA_MIRROR_INTERVAL=30m    # Every 30 minutes  
-GITEA_MIRROR_INTERVAL=1d     # Daily
-GITEA_MIRROR_INTERVAL=86400  # Every 86400 seconds (24 hours)
+# Other examples: 5m, 30m, 1h, 24h, 1d, 7d
+
+# Advanced: Use cron expressions for specific times
+SCHEDULE_INTERVAL="0 2 * * *"  # Daily at 2 AM (optimize bandwidth usage)
+
+# Auto-import new repositories (default: true)
+AUTO_IMPORT_REPOS=true
+
+# Auto-cleanup orphaned repositories
+CLEANUP_DELETE_IF_NOT_IN_GITHUB=true
+CLEANUP_ORPHANED_REPO_ACTION=archive  # 'archive' (recommended) or 'delete'
+CLEANUP_DRY_RUN=false                 # Set to true to test without changes
 ```
 
-When this variable is set, the scheduler automatically enables and runs at the specified interval. The timer starts from the last successful sync, not from container startup.
+**Important Notes**:
+- **Auto-Start**: When `SCHEDULE_ENABLED=true` or `GITEA_MIRROR_INTERVAL` is set, the service automatically imports all GitHub repositories and mirrors them on startup. No manual "Import" or "Mirror" button clicks required!
+- The scheduler checks every minute for tasks to run. The `GITEA_MIRROR_INTERVAL` determines how often each repository is actually synced. For example, with `8h`, each repo syncs every 8 hours from its last successful sync.
+
+**🛡️ Backup Protection Features**:
+- **No Accidental Deletions**: Repository cleanup is automatically skipped if GitHub is inaccessible (account deleted, banned, or API errors)
+- **Archive Never Deletes Data**: The `archive` action preserves all repository data:
+  - Regular repositories: Made read-only using Gitea's archive feature
+  - Mirror repositories: Renamed with `[ARCHIVED]` prefix (Gitea API limitation prevents archiving mirrors)
+  - Failed operations: Repository remains fully accessible even if marking as archived fails
+- **The Whole Point of Backups**: Your Gitea mirrors are preserved even when GitHub sources disappear - that's why you have backups!
+- **Strongly Recommended**: Always use `CLEANUP_ORPHANED_REPO_ACTION=archive` (default) instead of `delete`
 
 ## Troubleshooting
 

bun.lock

@@ -5,10 +5,11 @@
       "name": "gitea-mirror",
       "dependencies": {
         "@astrojs/check": "^0.9.4",
-        "@astrojs/mdx": "4.3.4",
+        "@astrojs/mdx": "4.3.5",
         "@astrojs/node": "9.4.3",
-        "@astrojs/react": "^4.3.0",
-        "@better-auth/sso": "^1.3.7",
+        "@astrojs/react": "^4.3.1",
+        "@better-auth/sso": "^1.3.8",
+        "@octokit/plugin-throttling": "^11.0.1",
         "@octokit/rest": "^22.0.0",
         "@radix-ui/react-accordion": "^1.2.12",
         "@radix-ui/react-avatar": "^1.1.10",
@@ -19,6 +20,7 @@
         "@radix-ui/react-hover-card": "^1.1.15",
         "@radix-ui/react-label": "^2.1.7",
         "@radix-ui/react-popover": "^1.1.15",
+        "@radix-ui/react-progress": "^1.1.7",
         "@radix-ui/react-radio-group": "^1.3.8",
         "@radix-ui/react-scroll-area": "^1.2.10",
         "@radix-ui/react-select": "^2.2.6",
@@ -27,19 +29,19 @@
         "@radix-ui/react-switch": "^1.2.6",
         "@radix-ui/react-tabs": "^1.1.13",
         "@radix-ui/react-tooltip": "^1.2.8",
-        "@tailwindcss/vite": "^4.1.12",
+        "@tailwindcss/vite": "^4.1.13",
         "@tanstack/react-virtual": "^3.13.12",
         "@types/canvas-confetti": "^1.9.0",
         "@types/react": "^19.1.12",
         "@types/react-dom": "^19.1.9",
-        "astro": "^5.13.4",
+        "astro": "^5.13.6",
         "bcryptjs": "^3.0.2",
-        "better-auth": "^1.3.7",
+        "better-auth": "^1.3.9",
         "canvas-confetti": "^1.9.3",
         "class-variance-authority": "^0.7.1",
         "clsx": "^2.1.1",
         "cmdk": "^1.1.1",
-        "dotenv": "^17.2.1",
+        "dotenv": "^17.2.2",
         "drizzle-orm": "^0.44.5",
         "fuse.js": "^7.1.0",
         "jsonwebtoken": "^9.0.2",
@@ -50,10 +52,10 @@
         "react-icons": "^5.5.0",
         "sonner": "^2.0.7",
         "tailwind-merge": "^3.3.1",
-        "tailwindcss": "^4.1.12",
-        "tw-animate-css": "^1.3.7",
+        "tailwindcss": "^4.1.13",
+        "tw-animate-css": "^1.3.8",
         "typescript": "^5.9.2",
-        "uuid": "^11.1.0",
+        "uuid": "^13.0.0",
         "vaul": "^1.1.2",
         "zod": "^4.1.5",
       },
@@ -93,13 +95,13 @@
 
     "@astrojs/markdown-remark": ["@astrojs/markdown-remark@6.3.6", "", { "dependencies": { "@astrojs/internal-helpers": "0.7.2", "@astrojs/prism": "3.3.0", "github-slugger": "^2.0.0", "hast-util-from-html": "^2.0.3", "hast-util-to-text": "^4.0.2", "import-meta-resolve": "^4.1.0", "js-yaml": "^4.1.0", "mdast-util-definitions": "^6.0.0", "rehype-raw": "^7.0.0", "rehype-stringify": "^10.0.1", "remark-gfm": "^4.0.1", "remark-parse": "^11.0.0", "remark-rehype": "^11.1.2", "remark-smartypants": "^3.0.2", "shiki": "^3.2.1", "smol-toml": "^1.3.4", "unified": "^11.0.5", "unist-util-remove-position": "^5.0.0", "unist-util-visit": "^5.0.0", "unist-util-visit-parents": "^6.0.1", "vfile": "^6.0.3" } }, "sha512-bwylYktCTsLMVoCOEHbn2GSUA3c5KT/qilekBKA3CBng0bo1TYjNZPr761vxumRk9kJGqTOtU+fgCAp5Vwokug=="],
 
-    "@astrojs/mdx": ["@astrojs/mdx@4.3.4", "", { "dependencies": { "@astrojs/markdown-remark": "6.3.6", "@mdx-js/mdx": "^3.1.0", "acorn": "^8.14.1", "es-module-lexer": "^1.6.0", "estree-util-visit": "^2.0.0", "hast-util-to-html": "^9.0.5", "kleur": "^4.1.5", "rehype-raw": "^7.0.0", "remark-gfm": "^4.0.1", "remark-smartypants": "^3.0.2", "source-map": "^0.7.4", "unist-util-visit": "^5.0.0", "vfile": "^6.0.3" }, "peerDependencies": { "astro": "^5.0.0" } }, "sha512-Ew3iP+6zuzzJWNEH5Qr1iknrue1heEfgmfuMpuwLaSwqlUiJQ0NDb2oxKosgWU1ROYmVf1H4KCmS6QdMWKyFjw=="],
+    "@astrojs/mdx": ["@astrojs/mdx@4.3.5", "", { "dependencies": { "@astrojs/markdown-remark": "6.3.6", "@mdx-js/mdx": "^3.1.1", "acorn": "^8.15.0", "es-module-lexer": "^1.7.0", "estree-util-visit": "^2.0.0", "hast-util-to-html": "^9.0.5", "kleur": "^4.1.5", "rehype-raw": "^7.0.0", "remark-gfm": "^4.0.1", "remark-smartypants": "^3.0.2", "source-map": "^0.7.6", "unist-util-visit": "^5.0.0", "vfile": "^6.0.3" }, "peerDependencies": { "astro": "^5.0.0" } }, "sha512-YB3Hhsvl1BxyY0ARe1OrnVzLNKDPXAz9epYvmL+MQ8A85duSsSLQaO3GHB6/qZJKNoLmP6PptOtCONCKkbhPeQ=="],
 
     "@astrojs/node": ["@astrojs/node@9.4.3", "", { "dependencies": { "@astrojs/internal-helpers": "0.7.2", "send": "^1.2.0", "server-destroy": "^1.0.1" }, "peerDependencies": { "astro": "^5.7.0" } }, "sha512-P9BQHY8wQU1y9obknXzxV5SS3EpdaRnuDuHKr3RFC7t+2AzcMXeVmMJprQGijnQ8VdijJ8aS7+12tx325TURMQ=="],
 
     "@astrojs/prism": ["@astrojs/prism@3.3.0", "", { "dependencies": { "prismjs": "^1.30.0" } }, "sha512-q8VwfU/fDZNoDOf+r7jUnMC2//H2l0TuQ6FkGJL8vD8nw/q5KiL3DS1KKBI3QhI9UQhpJ5dc7AtqfbXWuOgLCQ=="],
 
-    "@astrojs/react": ["@astrojs/react@4.3.0", "", { "dependencies": { "@vitejs/plugin-react": "^4.4.1", "ultrahtml": "^1.6.0", "vite": "^6.3.5" }, "peerDependencies": { "@types/react": "^17.0.50 || ^18.0.21 || ^19.0.0", "@types/react-dom": "^17.0.17 || ^18.0.6 || ^19.0.0", "react": "^17.0.2 || ^18.0.0 || ^19.0.0", "react-dom": "^17.0.2 || ^18.0.0 || ^19.0.0" } }, "sha512-N02aj52Iezn69qHyx5+XvPqgsPMEnel9mI5JMbGiRMTzzLMuNaxRVoQTaq2024Dpr7BLsxCjqMkNvelqMDhaHA=="],
+    "@astrojs/react": ["@astrojs/react@4.3.1", "", { "dependencies": { "@vitejs/plugin-react": "^4.7.0", "ultrahtml": "^1.6.0", "vite": "^6.3.6" }, "peerDependencies": { "@types/react": "^17.0.50 || ^18.0.21 || ^19.0.0", "@types/react-dom": "^17.0.17 || ^18.0.6 || ^19.0.0", "react": "^17.0.2 || ^18.0.0 || ^19.0.0", "react-dom": "^17.0.2 || ^18.0.0 || ^19.0.0" } }, "sha512-Jhv35TsDHuQLvwof2z10P3g1s9wIR4UN9jE7O4NZBJNXOt/+qk+L0rY9th4SX7VzccKmRltUGxAhI1cXH52gXw=="],
 
     "@astrojs/telemetry": ["@astrojs/telemetry@3.3.0", "", { "dependencies": { "ci-info": "^4.2.0", "debug": "^4.4.0", "dlv": "^1.1.3", "dset": "^3.1.4", "is-docker": "^3.0.0", "is-wsl": "^3.1.0", "which-pm-runs": "^1.1.0" } }, "sha512-UFBgfeldP06qu6khs/yY+q1cDAaArM2/7AEIqQ9Cuvf7B1hNLq0xDrZkct+QoIGyjq56y8IaE2I3CTvG99mlhQ=="],
 
@@ -147,7 +149,7 @@
 
     "@babel/types": ["@babel/types@7.28.2", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ=="],
 
-    "@better-auth/sso": ["@better-auth/sso@1.3.7", "", { "dependencies": { "@better-fetch/fetch": "^1.1.18", "better-auth": "^1.3.7", "fast-xml-parser": "^5.2.5", "jose": "^5.9.6", "oauth2-mock-server": "^7.2.0", "samlify": "^2.10.0" }, "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" } }, "sha512-MTwBiNash7HN0nLtQiL1tvYgWBn6GjYj6EYvtrQeb0/+UW0tjBDgsl39ojiFFSWGuT0gxPv+ij8tQNaFmQ1+2g=="],
+    "@better-auth/sso": ["@better-auth/sso@1.3.8", "", { "dependencies": { "@better-fetch/fetch": "^1.1.18", "fast-xml-parser": "^5.2.5", "jose": "^5.10.0", "oauth2-mock-server": "^7.2.1", "samlify": "^2.10.1", "zod": "^4.1.5" }, "peerDependencies": { "better-auth": "1.3.8" } }, "sha512-ohJl4uTRwVACu8840A5Ys/z2jus/vEsCrWvOj/RannsZ6CxQAjr8utYYXXs6lVn08ynOcuT4m0OsYRbrw7a42g=="],
 
     "@better-auth/utils": ["@better-auth/utils@0.2.6", "", { "dependencies": { "uncrypto": "^0.1.3" } }, "sha512-3y/vaL5Ox33dBwgJ6ub3OPkVqr6B5xL2kgxNHG8eHZuryLyG/4JSPGqjbdRSgjuy9kALUZYDFl+ORIAxlWMSuA=="],
 
@@ -301,11 +303,11 @@
 
     "@levischuck/tiny-cbor": ["@levischuck/tiny-cbor@0.2.11", "", {}, "sha512-llBRm4dT4Z89aRsm6u2oEZ8tfwL/2l6BwpZ7JcyieouniDECM5AqNgr/y08zalEIvW3RSK4upYyybDcmjXqAow=="],
 
-    "@mdx-js/mdx": ["@mdx-js/mdx@3.1.0", "", { "dependencies": { "@types/estree": "^1.0.0", "@types/estree-jsx": "^1.0.0", "@types/hast": "^3.0.0", "@types/mdx": "^2.0.0", "collapse-white-space": "^2.0.0", "devlop": "^1.0.0", "estree-util-is-identifier-name": "^3.0.0", "estree-util-scope": "^1.0.0", "estree-walker": "^3.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "markdown-extensions": "^2.0.0", "recma-build-jsx": "^1.0.0", "recma-jsx": "^1.0.0", "recma-stringify": "^1.0.0", "rehype-recma": "^1.0.0", "remark-mdx": "^3.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "source-map": "^0.7.0", "unified": "^11.0.0", "unist-util-position-from-estree": "^2.0.0", "unist-util-stringify-position": "^4.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" } }, "sha512-/QxEhPAvGwbQmy1Px8F899L5Uc2KZ6JtXwlCgJmjSTBedwOZkByYcBG4GceIGPXRDsmfxhHazuS+hlOShRLeDw=="],
+    "@mdx-js/mdx": ["@mdx-js/mdx@3.1.1", "", { "dependencies": { "@types/estree": "^1.0.0", "@types/estree-jsx": "^1.0.0", "@types/hast": "^3.0.0", "@types/mdx": "^2.0.0", "acorn": "^8.0.0", "collapse-white-space": "^2.0.0", "devlop": "^1.0.0", "estree-util-is-identifier-name": "^3.0.0", "estree-util-scope": "^1.0.0", "estree-walker": "^3.0.0", "hast-util-to-jsx-runtime": "^2.0.0", "markdown-extensions": "^2.0.0", "recma-build-jsx": "^1.0.0", "recma-jsx": "^1.0.0", "recma-stringify": "^1.0.0", "rehype-recma": "^1.0.0", "remark-mdx": "^3.0.0", "remark-parse": "^11.0.0", "remark-rehype": "^11.0.0", "source-map": "^0.7.0", "unified": "^11.0.0", "unist-util-position-from-estree": "^2.0.0", "unist-util-stringify-position": "^4.0.0", "unist-util-visit": "^5.0.0", "vfile": "^6.0.0" } }, "sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ=="],
 
-    "@noble/ciphers": ["@noble/ciphers@0.6.0", "", {}, "sha512-mIbq/R9QXk5/cTfESb1OKtyFnk7oc1Om/8onA1158K9/OZUQFDEVy55jVTato+xmp3XX6F6Qh0zz0Nc1AxAlRQ=="],
+    "@noble/ciphers": ["@noble/ciphers@2.0.0", "", {}, "sha512-j/l6jpnpaIBM87cAYPJzi/6TgqmBv9spkqPyCXvRYsu5uxqh6tPJZDnD85yo8VWqzTuTQPgfv7NgT63u7kbwAQ=="],
 
-    "@noble/hashes": ["@noble/hashes@1.8.0", "", {}, "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A=="],
+    "@noble/hashes": ["@noble/hashes@2.0.0", "", {}, "sha512-h8VUBlE8R42+XIDO229cgisD287im3kdY6nbNZJFjc6ZvKIXPYXe6Vc/t+kyjFdMFyt5JpapzTsEg8n63w5/lw=="],
 
     "@nodelib/fs.scandir": ["@nodelib/fs.scandir@2.1.5", "", { "dependencies": { "@nodelib/fs.stat": "2.0.5", "run-parallel": "^1.1.9" } }, "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g=="],
 
@@ -329,6 +331,8 @@
 
     "@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@16.0.0", "", { "dependencies": { "@octokit/types": "^14.1.0" }, "peerDependencies": { "@octokit/core": ">=6" } }, "sha512-kJVUQk6/dx/gRNLWUnAWKFs1kVPn5O5CYZyssyEoNYaFedqZxsfYs7DwI3d67hGz4qOwaJ1dpm07hOAD1BXx6g=="],
 
+    "@octokit/plugin-throttling": ["@octokit/plugin-throttling@11.0.1", "", { "dependencies": { "@octokit/types": "^14.0.0", "bottleneck": "^2.15.3" }, "peerDependencies": { "@octokit/core": "^7.0.0" } }, "sha512-S+EVhy52D/272L7up58dr3FNSMXWuNZolkL4zMJBNIfIxyZuUcczsQAU4b5w6dewJXnKYVgSHSV5wxitMSW1kw=="],
+
     "@octokit/request": ["@octokit/request@10.0.2", "", { "dependencies": { "@octokit/endpoint": "^11.0.0", "@octokit/request-error": "^7.0.0", "@octokit/types": "^14.0.0", "fast-content-type-parse": "^3.0.0", "universal-user-agent": "^7.0.2" } }, "sha512-iYj4SJG/2bbhh+iIpFmG5u49DtJ4lipQ+aPakjL9OKpsGY93wM8w06gvFbEQxcMsZcCvk5th5KkIm2m8o14aWA=="],
 
     "@octokit/request-error": ["@octokit/request-error@7.0.0", "", { "dependencies": { "@octokit/types": "^14.0.0" } }, "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg=="],
@@ -399,6 +403,8 @@
 
     "@radix-ui/react-primitive": ["@radix-ui/react-primitive@2.1.3", "", { "dependencies": { "@radix-ui/react-slot": "1.2.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-m9gTwRkhy2lvCPe6QJp4d3G1TYEUHn/FzJUtq9MjH46an1wJU+GdoGC5VLof8RX8Ft/DlpshApkhswDLZzHIcQ=="],
 
+    "@radix-ui/react-progress": ["@radix-ui/react-progress@1.1.7", "", { "dependencies": { "@radix-ui/react-context": "1.1.2", "@radix-ui/react-primitive": "2.1.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-vPdg/tF6YC/ynuBIJlk1mm7Le0VgW6ub6J2UWnTQ7/D23KXcPI1qy+0vBkgKgd38RCMJavBXpB83HPNFMTb0Fg=="],
+
     "@radix-ui/react-radio-group": ["@radix-ui/react-radio-group@1.3.8", "", { "dependencies": { "@radix-ui/primitive": "1.1.3", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-presence": "1.1.5", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-roving-focus": "1.1.11", "@radix-ui/react-use-controllable-state": "1.2.2", "@radix-ui/react-use-previous": "1.1.1", "@radix-ui/react-use-size": "1.1.1" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-VBKYIYImA5zsxACdisNQ3BjCBfmbGH3kQlnFVqlWU4tXwjy7cGX8ta80BcrO+WJXIn5iBylEH3K6ZTlee//lgQ=="],
 
     "@radix-ui/react-roving-focus": ["@radix-ui/react-roving-focus@1.1.11", "", { "dependencies": { "@radix-ui/primitive": "1.1.3", "@radix-ui/react-collection": "1.1.7", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-direction": "1.1.1", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-use-callback-ref": "1.1.1", "@radix-ui/react-use-controllable-state": "1.2.2" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-7A6S9jSgm/S+7MdtNDSb+IU859vQqJ/QAtcYQcfFC6W8RS4IxIZDldLR0xqCFZ6DCyrQLjLPsxtTNch5jVA4lA=="],
@@ -441,7 +447,7 @@
 
     "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.34", "", {}, "sha512-LyAREkZHP5pMom7c24meKmJCdhf2hEyvam2q0unr3or9ydwDL+DJ8chTF6Av/RFPb3rH8UFBdMzO5MxTZW97oA=="],
 
-    "@rollup/pluginutils": ["@rollup/pluginutils@5.1.4", "", { "dependencies": { "@types/estree": "^1.0.0", "estree-walker": "^2.0.2", "picomatch": "^4.0.2" }, "peerDependencies": { "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" }, "optionalPeers": ["rollup"] }, "sha512-USm05zrsFxYLPdWWq+K3STlWiT/3ELn3RcV5hJMghpeAIhxfsUIg6mt12CBJBInWMV4VneoV7SfGv8xIwo2qNQ=="],
+    "@rollup/pluginutils": ["@rollup/pluginutils@5.3.0", "", { "dependencies": { "@types/estree": "^1.0.0", "estree-walker": "^2.0.2", "picomatch": "^4.0.2" }, "peerDependencies": { "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" }, "optionalPeers": ["rollup"] }, "sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q=="],
 
     "@rollup/rollup-android-arm-eabi": ["@rollup/rollup-android-arm-eabi@4.41.1", "", { "os": "android", "cpu": "arm" }, "sha512-NELNvyEWZ6R9QMkiytB4/L4zSEaBC03KIXEghptLGLZWJ6VPrL63ooZQCOnlx36aQPGhzuOMwDerC1Eb2VmrLw=="],
 
@@ -483,17 +489,17 @@
 
     "@rollup/rollup-win32-x64-msvc": ["@rollup/rollup-win32-x64-msvc@4.41.1", "", { "os": "win32", "cpu": "x64" }, "sha512-Wq2zpapRYLfi4aKxf2Xff0tN+7slj2d4R87WEzqw7ZLsVvO5zwYCIuEGSZYiK41+GlwUo1HiR+GdkLEJnCKTCw=="],
 
-    "@shikijs/core": ["@shikijs/core@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4", "hast-util-to-html": "^9.0.5" } }, "sha512-AG8vnSi1W2pbgR2B911EfGqtLE9c4hQBYkv/x7Z+Kt0VxhgQKcW7UNDVYsu9YxwV6u+OJrvdJrMq6DNWoBjihQ=="],
+    "@shikijs/core": ["@shikijs/core@3.12.2", "", { "dependencies": { "@shikijs/types": "3.12.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4", "hast-util-to-html": "^9.0.5" } }, "sha512-L1Safnhra3tX/oJK5kYHaWmLEBJi1irASwewzY3taX5ibyXyMkkSDZlq01qigjryOBwrXSdFgTiZ3ryzSNeu7Q=="],
 
-    "@shikijs/engine-javascript": ["@shikijs/engine-javascript@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "oniguruma-to-es": "^4.3.3" } }, "sha512-1/adJbSMBOkpScCE/SB6XkjJU17ANln3Wky7lOmrnpl+zBdQ1qXUJg2GXTYVHRq+2j3hd1DesmElTXYDgtfSOQ=="],
+    "@shikijs/engine-javascript": ["@shikijs/engine-javascript@3.12.2", "", { "dependencies": { "@shikijs/types": "3.12.2", "@shikijs/vscode-textmate": "^10.0.2", "oniguruma-to-es": "^4.3.3" } }, "sha512-Nm3/azSsaVS7hk6EwtHEnTythjQfwvrO5tKqMlaH9TwG1P+PNaR8M0EAKZ+GaH2DFwvcr4iSfTveyxMIvXEHMw=="],
 
-    "@shikijs/engine-oniguruma": ["@shikijs/engine-oniguruma@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2" } }, "sha512-zcZKMnNndgRa3ORja6Iemsr3DrLtkX3cAF7lTJkdMB6v9alhlBsX9uNiCpqofNrXOvpA3h6lHcLJxgCIhVOU5Q=="],
+    "@shikijs/engine-oniguruma": ["@shikijs/engine-oniguruma@3.12.2", "", { "dependencies": { "@shikijs/types": "3.12.2", "@shikijs/vscode-textmate": "^10.0.2" } }, "sha512-hozwnFHsLvujK4/CPVHNo3Bcg2EsnG8krI/ZQ2FlBlCRpPZW4XAEQmEwqegJsypsTAN9ehu2tEYe30lYKSZW/w=="],
 
-    "@shikijs/langs": ["@shikijs/langs@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2" } }, "sha512-H6azIAM+OXD98yztIfs/KH5H4PU39t+SREhmM8LaNXyUrqj2mx+zVkr8MWYqjceSjDw9I1jawm1WdFqU806rMA=="],
+    "@shikijs/langs": ["@shikijs/langs@3.12.2", "", { "dependencies": { "@shikijs/types": "3.12.2" } }, "sha512-bVx5PfuZHDSHoBal+KzJZGheFuyH4qwwcwG/n+MsWno5cTlKmaNtTsGzJpHYQ8YPbB5BdEdKU1rga5/6JGY8ww=="],
 
-    "@shikijs/themes": ["@shikijs/themes@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2" } }, "sha512-qAEuAQh+brd8Jyej2UDDf+b4V2g1Rm8aBIdvt32XhDPrHvDkEnpb7Kzc9hSuHUxz0Iuflmq7elaDuQAP9bHIhg=="],
+    "@shikijs/themes": ["@shikijs/themes@3.12.2", "", { "dependencies": { "@shikijs/types": "3.12.2" } }, "sha512-fTR3QAgnwYpfGczpIbzPjlRnxyONJOerguQv1iwpyQZ9QXX4qy/XFQqXlf17XTsorxnHoJGbH/LXBvwtqDsF5A=="],
 
-    "@shikijs/types": ["@shikijs/types@3.4.2", "", { "dependencies": { "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-zHC1l7L+eQlDXLnxvM9R91Efh2V4+rN3oMVS2swCBssbj2U/FBwybD1eeLaq8yl/iwT+zih8iUbTBCgGZOYlVg=="],
+    "@shikijs/types": ["@shikijs/types@3.12.2", "", { "dependencies": { "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-K5UIBzxCyv0YoxN3LMrKB9zuhp1bV+LgewxuVwHdl4Gz5oePoUFrr9EfgJlGlDeXCU1b/yhdnXeuRvAnz8HN8Q=="],
 
     "@shikijs/vscode-textmate": ["@shikijs/vscode-textmate@10.0.2", "", {}, "sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg=="],
 
@@ -503,35 +509,35 @@
 
     "@swc/helpers": ["@swc/helpers@0.5.17", "", { "dependencies": { "tslib": "^2.8.0" } }, "sha512-5IKx/Y13RsYd+sauPb2x+U/xZikHjolzfuDgTAl/Tdf3Q8rslRvC19NKDLgAJQ6wsqADk10ntlv08nPFw/gO/A=="],
 
-    "@tailwindcss/node": ["@tailwindcss/node@4.1.12", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.17", "source-map-js": "^1.2.1", "tailwindcss": "4.1.12" } }, "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ=="],
+    "@tailwindcss/node": ["@tailwindcss/node@4.1.13", "", { "dependencies": { "@jridgewell/remapping": "^2.3.4", "enhanced-resolve": "^5.18.3", "jiti": "^2.5.1", "lightningcss": "1.30.1", "magic-string": "^0.30.18", "source-map-js": "^1.2.1", "tailwindcss": "4.1.13" } }, "sha512-eq3ouolC1oEFOAvOMOBAmfCIqZBJuvWvvYWh5h5iOYfe1HFC6+GZ6EIL0JdM3/niGRJmnrOc+8gl9/HGUaaptw=="],
 
-    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.12", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.12", "@tailwindcss/oxide-darwin-arm64": "4.1.12", "@tailwindcss/oxide-darwin-x64": "4.1.12", "@tailwindcss/oxide-freebsd-x64": "4.1.12", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12", "@tailwindcss/oxide-linux-arm64-musl": "4.1.12", "@tailwindcss/oxide-linux-x64-gnu": "4.1.12", "@tailwindcss/oxide-linux-x64-musl": "4.1.12", "@tailwindcss/oxide-wasm32-wasi": "4.1.12", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12", "@tailwindcss/oxide-win32-x64-msvc": "4.1.12" } }, "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw=="],
+    "@tailwindcss/oxide": ["@tailwindcss/oxide@4.1.13", "", { "dependencies": { "detect-libc": "^2.0.4", "tar": "^7.4.3" }, "optionalDependencies": { "@tailwindcss/oxide-android-arm64": "4.1.13", "@tailwindcss/oxide-darwin-arm64": "4.1.13", "@tailwindcss/oxide-darwin-x64": "4.1.13", "@tailwindcss/oxide-freebsd-x64": "4.1.13", "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.13", "@tailwindcss/oxide-linux-arm64-gnu": "4.1.13", "@tailwindcss/oxide-linux-arm64-musl": "4.1.13", "@tailwindcss/oxide-linux-x64-gnu": "4.1.13", "@tailwindcss/oxide-linux-x64-musl": "4.1.13", "@tailwindcss/oxide-wasm32-wasi": "4.1.13", "@tailwindcss/oxide-win32-arm64-msvc": "4.1.13", "@tailwindcss/oxide-win32-x64-msvc": "4.1.13" } }, "sha512-CPgsM1IpGRa880sMbYmG1s4xhAy3xEt1QULgTJGQmZUeNgXFR7s1YxYygmJyBGtou4SyEosGAGEeYqY7R53bIA=="],
 
-    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.12", "", { "os": "android", "cpu": "arm64" }, "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ=="],
+    "@tailwindcss/oxide-android-arm64": ["@tailwindcss/oxide-android-arm64@4.1.13", "", { "os": "android", "cpu": "arm64" }, "sha512-BrpTrVYyejbgGo57yc8ieE+D6VT9GOgnNdmh5Sac6+t0m+v+sKQevpFVpwX3pBrM2qKrQwJ0c5eDbtjouY/+ew=="],
 
-    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.12", "", { "os": "darwin", "cpu": "arm64" }, "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw=="],
+    "@tailwindcss/oxide-darwin-arm64": ["@tailwindcss/oxide-darwin-arm64@4.1.13", "", { "os": "darwin", "cpu": "arm64" }, "sha512-YP+Jksc4U0KHcu76UhRDHq9bx4qtBftp9ShK/7UGfq0wpaP96YVnnjFnj3ZFrUAjc5iECzODl/Ts0AN7ZPOANQ=="],
 
-    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.12", "", { "os": "darwin", "cpu": "x64" }, "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg=="],
+    "@tailwindcss/oxide-darwin-x64": ["@tailwindcss/oxide-darwin-x64@4.1.13", "", { "os": "darwin", "cpu": "x64" }, "sha512-aAJ3bbwrn/PQHDxCto9sxwQfT30PzyYJFG0u/BWZGeVXi5Hx6uuUOQEI2Fa43qvmUjTRQNZnGqe9t0Zntexeuw=="],
 
-    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.12", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww=="],
+    "@tailwindcss/oxide-freebsd-x64": ["@tailwindcss/oxide-freebsd-x64@4.1.13", "", { "os": "freebsd", "cpu": "x64" }, "sha512-Wt8KvASHwSXhKE/dJLCCWcTSVmBj3xhVhp/aF3RpAhGeZ3sVo7+NTfgiN8Vey/Fi8prRClDs6/f0KXPDTZE6nQ=="],
 
-    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.12", "", { "os": "linux", "cpu": "arm" }, "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ=="],
+    "@tailwindcss/oxide-linux-arm-gnueabihf": ["@tailwindcss/oxide-linux-arm-gnueabihf@4.1.13", "", { "os": "linux", "cpu": "arm" }, "sha512-mbVbcAsW3Gkm2MGwA93eLtWrwajz91aXZCNSkGTx/R5eb6KpKD5q8Ueckkh9YNboU8RH7jiv+ol/I7ZyQ9H7Bw=="],
 
-    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g=="],
+    "@tailwindcss/oxide-linux-arm64-gnu": ["@tailwindcss/oxide-linux-arm64-gnu@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-wdtfkmpXiwej/yoAkrCP2DNzRXCALq9NVLgLELgLim1QpSfhQM5+ZxQQF8fkOiEpuNoKLp4nKZ6RC4kmeFH0HQ=="],
 
-    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.12", "", { "os": "linux", "cpu": "arm64" }, "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA=="],
+    "@tailwindcss/oxide-linux-arm64-musl": ["@tailwindcss/oxide-linux-arm64-musl@4.1.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-hZQrmtLdhyqzXHB7mkXfq0IYbxegaqTmfa1p9MBj72WPoDD3oNOh1Lnxf6xZLY9C3OV6qiCYkO1i/LrzEdW2mg=="],
 
-    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q=="],
+    "@tailwindcss/oxide-linux-x64-gnu": ["@tailwindcss/oxide-linux-x64-gnu@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-uaZTYWxSXyMWDJZNY1Ul7XkJTCBRFZ5Fo6wtjrgBKzZLoJNrG+WderJwAjPzuNZOnmdrVg260DKwXCFtJ/hWRQ=="],
 
-    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.12", "", { "os": "linux", "cpu": "x64" }, "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A=="],
+    "@tailwindcss/oxide-linux-x64-musl": ["@tailwindcss/oxide-linux-x64-musl@4.1.13", "", { "os": "linux", "cpu": "x64" }, "sha512-oXiPj5mi4Hdn50v5RdnuuIms0PVPI/EG4fxAfFiIKQh5TgQgX7oSuDWntHW7WNIi/yVLAiS+CRGW4RkoGSSgVQ=="],
 
-    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.12", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg=="],
+    "@tailwindcss/oxide-wasm32-wasi": ["@tailwindcss/oxide-wasm32-wasi@4.1.13", "", { "dependencies": { "@emnapi/core": "^1.4.5", "@emnapi/runtime": "^1.4.5", "@emnapi/wasi-threads": "^1.0.4", "@napi-rs/wasm-runtime": "^0.2.12", "@tybys/wasm-util": "^0.10.0", "tslib": "^2.8.0" }, "cpu": "none" }, "sha512-+LC2nNtPovtrDwBc/nqnIKYh/W2+R69FA0hgoeOn64BdCX522u19ryLh3Vf3F8W49XBcMIxSe665kwy21FkhvA=="],
 
-    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.12", "", { "os": "win32", "cpu": "arm64" }, "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg=="],
+    "@tailwindcss/oxide-win32-arm64-msvc": ["@tailwindcss/oxide-win32-arm64-msvc@4.1.13", "", { "os": "win32", "cpu": "arm64" }, "sha512-dziTNeQXtoQ2KBXmrjCxsuPk3F3CQ/yb7ZNZNA+UkNTeiTGgfeh+gH5Pi7mRncVgcPD2xgHvkFCh/MhZWSgyQg=="],
 
-    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.12", "", { "os": "win32", "cpu": "x64" }, "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA=="],
+    "@tailwindcss/oxide-win32-x64-msvc": ["@tailwindcss/oxide-win32-x64-msvc@4.1.13", "", { "os": "win32", "cpu": "x64" }, "sha512-3+LKesjXydTkHk5zXX01b5KMzLV1xl2mcktBJkje7rhFUpUlYJy7IMOLqjIRQncLTa1WZZiFY/foAeB5nmaiTw=="],
 
-    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.12", "", { "dependencies": { "@tailwindcss/node": "4.1.12", "@tailwindcss/oxide": "4.1.12", "tailwindcss": "4.1.12" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-4pt0AMFDx7gzIrAOIYgYP0KCBuKWqyW8ayrdiLEjoJTT4pKTjrzG/e4uzWtTLDziC+66R9wbUqZBccJalSE5vQ=="],
+    "@tailwindcss/vite": ["@tailwindcss/vite@4.1.13", "", { "dependencies": { "@tailwindcss/node": "4.1.13", "@tailwindcss/oxide": "4.1.13", "tailwindcss": "4.1.13" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-0PmqLQ010N58SbMTJ7BVJ4I2xopiQn/5i6nlb4JmxzQf8zcS5+m2Cv6tqh+sfDwtIdjoEnOvwsGQ1hkUi8QEHQ=="],
 
     "@tanstack/react-virtual": ["@tanstack/react-virtual@3.13.12", "", { "dependencies": { "@tanstack/virtual-core": "3.13.12" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-Gd13QdxPSukP8ZrkbgS2RwoZseTTbQPLnQEn7HY/rqtM+8Zt95f7xKC7N0EsKs7aoz0WzZ+fditZux+F8EzYxA=="],
 
@@ -633,7 +639,7 @@
 
     "accepts": ["accepts@1.3.8", "", { "dependencies": { "mime-types": "~2.1.34", "negotiator": "0.6.3" } }, "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw=="],
 
-    "acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
+    "acorn": ["acorn@8.15.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg=="],
 
     "acorn-jsx": ["acorn-jsx@5.3.2", "", { "peerDependencies": { "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ=="],
 
@@ -667,7 +673,7 @@
 
     "astring": ["astring@1.9.0", "", { "bin": { "astring": "bin/astring" } }, "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg=="],
 
-    "astro": ["astro@5.13.4", "", { "dependencies": { "@astrojs/compiler": "^2.12.2", "@astrojs/internal-helpers": "0.7.2", "@astrojs/markdown-remark": "6.3.6", "@astrojs/telemetry": "3.3.0", "@capsizecss/unpack": "^2.4.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.1.4", "acorn": "^8.14.1", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "boxen": "8.0.1", "ci-info": "^4.2.0", "clsx": "^2.1.1", "common-ancestor-path": "^1.0.1", "cookie": "^1.0.2", "cssesc": "^3.0.0", "debug": "^4.4.0", "deterministic-object-hash": "^2.0.2", "devalue": "^5.1.1", "diff": "^5.2.0", "dlv": "^1.1.3", "dset": "^3.1.4", "es-module-lexer": "^1.6.0", "esbuild": "^0.25.0", "estree-walker": "^3.0.3", "flattie": "^1.1.1", "fontace": "~0.3.0", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.1.1", "import-meta-resolve": "^4.1.0", "js-yaml": "^4.1.0", "kleur": "^4.1.5", "magic-string": "^0.30.17", "magicast": "^0.3.5", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "p-limit": "^6.2.0", "p-queue": "^8.1.0", "package-manager-detector": "^1.1.0", "picomatch": "^4.0.2", "prompts": "^2.4.2", "rehype": "^13.0.2", "semver": "^7.7.1", "shiki": "^3.2.1", "smol-toml": "^1.3.4", "tinyexec": "^0.3.2", "tinyglobby": "^0.2.12", "tsconfck": "^3.1.5", "ultrahtml": "^1.6.0", "unifont": "~0.5.0", "unist-util-visit": "^5.0.0", "unstorage": "^1.15.0", "vfile": "^6.0.3", "vite": "^6.3.4", "vitefu": "^1.0.6", "xxhash-wasm": "^1.1.0", "yargs-parser": "^21.1.1", "yocto-spinner": "^0.2.1", "zod": "^3.24.4", "zod-to-json-schema": "^3.24.5", "zod-to-ts": "^1.2.0" }, "optionalDependencies": { "sharp": "^0.33.3" }, "bin": { "astro": "astro.js" } }, "sha512-Mgq5GYy3EHtastGXqdnh1UPuN++8NmJSluAspA5hu33O7YRs/em/L03cUfRXtc60l5yx5BfYJsjF2MFMlcWlzw=="],
+    "astro": ["astro@5.13.6", "", { "dependencies": { "@astrojs/compiler": "^2.12.2", "@astrojs/internal-helpers": "0.7.2", "@astrojs/markdown-remark": "6.3.6", "@astrojs/telemetry": "3.3.0", "@capsizecss/unpack": "^2.4.0", "@oslojs/encoding": "^1.1.0", "@rollup/pluginutils": "^5.2.0", "acorn": "^8.15.0", "aria-query": "^5.3.2", "axobject-query": "^4.1.0", "boxen": "8.0.1", "ci-info": "^4.3.0", "clsx": "^2.1.1", "common-ancestor-path": "^1.0.1", "cookie": "^1.0.2", "cssesc": "^3.0.0", "debug": "^4.4.1", "deterministic-object-hash": "^2.0.2", "devalue": "^5.1.1", "diff": "^5.2.0", "dlv": "^1.1.3", "dset": "^3.1.4", "es-module-lexer": "^1.7.0", "esbuild": "^0.25.0", "estree-walker": "^3.0.3", "flattie": "^1.1.1", "fontace": "~0.3.0", "github-slugger": "^2.0.0", "html-escaper": "3.0.3", "http-cache-semantics": "^4.2.0", "import-meta-resolve": "^4.2.0", "js-yaml": "^4.1.0", "kleur": "^4.1.5", "magic-string": "^0.30.18", "magicast": "^0.3.5", "mrmime": "^2.0.1", "neotraverse": "^0.6.18", "p-limit": "^6.2.0", "p-queue": "^8.1.0", "package-manager-detector": "^1.3.0", "picomatch": "^4.0.3", "prompts": "^2.4.2", "rehype": "^13.0.2", "semver": "^7.7.2", "shiki": "^3.12.0", "simple-swizzle": "0.2.2", "smol-toml": "^1.4.2", "tinyexec": "^0.3.2", "tinyglobby": "^0.2.14", "tsconfck": "^3.1.6", "ultrahtml": "^1.6.0", "unifont": "~0.5.2", "unist-util-visit": "^5.0.0", "unstorage": "^1.17.0", "vfile": "^6.0.3", "vite": "^6.3.6", "vitefu": "^1.1.1", "xxhash-wasm": "^1.1.0", "yargs-parser": "^21.1.1", "yocto-spinner": "^0.2.3", "zod": "^3.25.76", "zod-to-json-schema": "^3.24.6", "zod-to-ts": "^1.2.0" }, "optionalDependencies": { "sharp": "^0.33.3" }, "bin": { "astro": "astro.js" } }, "sha512-chy1J+AO3d4lui4MjUyqusiW1jilfkviCBDz+c2MoXxhIImF96GqoliX+79fGy6KMsnMh5lUn+qwy3yUBJqZqg=="],
 
     "axobject-query": ["axobject-query@4.1.0", "", {}, "sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ=="],
 
@@ -683,14 +689,16 @@
 
     "before-after-hook": ["before-after-hook@4.0.0", "", {}, "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ=="],
 
-    "better-auth": ["better-auth@1.3.7", "", { "dependencies": { "@better-auth/utils": "0.2.6", "@better-fetch/fetch": "^1.1.18", "@noble/ciphers": "^0.6.0", "@noble/hashes": "^1.8.0", "@simplewebauthn/browser": "^13.1.2", "@simplewebauthn/server": "^13.1.2", "better-call": "^1.0.13", "defu": "^6.1.4", "jose": "^5.10.0", "kysely": "^0.28.5", "nanostores": "^0.11.4" }, "peerDependencies": { "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0", "zod": "^3.25.0 || ^4.0.0" }, "optionalPeers": ["react", "react-dom"] }, "sha512-/1fEyx2SGgJQM5ujozDCh9eJksnVkNU/J7Fk/tG5Y390l8nKbrPvqiFlCjlMM+scR+UABJbQzA6An7HT50LHyQ=="],
+    "better-auth": ["better-auth@1.3.9", "", { "dependencies": { "@better-auth/utils": "0.2.6", "@better-fetch/fetch": "^1.1.18", "@noble/ciphers": "^2.0.0", "@noble/hashes": "^2.0.0", "@simplewebauthn/browser": "^13.1.2", "@simplewebauthn/server": "^13.1.2", "better-call": "1.0.18", "defu": "^6.1.4", "jose": "^6.1.0", "kysely": "^0.28.5", "nanostores": "^0.11.4", "zod": "^4.1.5" }, "peerDependencies": { "@lynx-js/react": "*", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@lynx-js/react", "react", "react-dom"] }, "sha512-Ty6BHzuShlqSs7I4RMlBRQ3duOWNB7WWriIu2FJVGjQAOtTVvamzFCR4/j5ROFLoNkpvNTRF7BJozsrMICL1gw=="],
 
-    "better-call": ["better-call@1.0.16", "", { "dependencies": { "@better-fetch/fetch": "^1.1.4", "rou3": "^0.5.1", "set-cookie-parser": "^2.7.1", "uncrypto": "^0.1.3" } }, "sha512-42dgJ1rOtc0anOoxjXPOWuel/Z/4aeO7EJ2SiXNwvlkySSgjXhNjAjTMWa8DL1nt6EXS3jl3VKC3mPsU/lUgVA=="],
+    "better-call": ["better-call@1.0.18", "", { "dependencies": { "@better-fetch/fetch": "^1.1.4", "rou3": "^0.5.1", "set-cookie-parser": "^2.7.1", "uncrypto": "^0.1.3" } }, "sha512-Ojyck3P3fs/egBmCW50tvfbCJorNV5KphfPOKrkCxPfOr8Brth1ruDtAJuhHVHEUiWrXv+vpEgWQk7m7FzhbbQ=="],
 
     "blob-to-buffer": ["blob-to-buffer@1.2.9", "", {}, "sha512-BF033y5fN6OCofD3vgHmNtwZWRcq9NLyyxyILx9hfMy1sXYy4ojFl765hJ2lP0YaN2fuxPaLO2Vzzoxy0FLFFA=="],
 
     "body-parser": ["body-parser@1.20.3", "", { "dependencies": { "bytes": "3.1.2", "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.13.0", "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" } }, "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g=="],
 
+    "bottleneck": ["bottleneck@2.19.5", "", {}, "sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw=="],
+
     "boxen": ["boxen@8.0.1", "", { "dependencies": { "ansi-align": "^3.0.1", "camelcase": "^8.0.0", "chalk": "^5.3.0", "cli-boxes": "^3.0.0", "string-width": "^7.2.0", "type-fest": "^4.21.0", "widest-line": "^5.0.0", "wrap-ansi": "^9.0.0" } }, "sha512-F3PH5k5juxom4xktynS7MoFY+NUWH5LC4CnH11YB8NPew+HLpmBLCybSAEyb2F+4pRXhuhWqFesoQd6DAyc2hw=="],
 
     "braces": ["braces@3.0.3", "", { "dependencies": { "fill-range": "^7.1.1" } }, "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA=="],
@@ -737,7 +745,7 @@
 
     "chownr": ["chownr@3.0.0", "", {}, "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g=="],
 
-    "ci-info": ["ci-info@4.2.0", "", {}, "sha512-cYY9mypksY8NRqgDB1XD1RiJL338v/551niynFTGkZOO2LHuB2OmOYxDIe/ttN9AHwrqdum1360G3ald0W9kCg=="],
+    "ci-info": ["ci-info@4.3.0", "", {}, "sha512-l+2bNRMiQgcfILUi33labAZYIWlH1kWDp+ecNo5iisRKrbm0xcRyCww71/YU0Fkw0mAFpz9bJayXPjey6vkmaQ=="],
 
     "class-variance-authority": ["class-variance-authority@0.7.1", "", { "dependencies": { "clsx": "^2.1.1" } }, "sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg=="],
 
@@ -831,7 +839,7 @@
 
     "dom-accessibility-api": ["dom-accessibility-api@0.6.3", "", {}, "sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w=="],
 
-    "dotenv": ["dotenv@17.2.1", "", {}, "sha512-kQhDYKZecqnM0fCnzI5eIv5L4cAe/iRI+HqMbO/hbRdTAeXDG+M9FjipUxNfbARuEg4iHIbhnhs78BCHNbSxEQ=="],
+    "dotenv": ["dotenv@17.2.2", "", {}, "sha512-Sf2LSQP+bOlhKWWyhFsn0UsfdK/kCWRv1iuA2gXAwt3dyNabr6QSj00I2V10pidqz69soatm9ZwZvpQMTIOd5Q=="],
 
     "drizzle-kit": ["drizzle-kit@0.31.4", "", { "dependencies": { "@drizzle-team/brocli": "^0.10.2", "@esbuild-kit/esm-loader": "^2.5.5", "esbuild": "^0.25.4", "esbuild-register": "^3.5.0" }, "bin": { "drizzle-kit": "bin.cjs" } }, "sha512-tCPWVZWZqWVx2XUsVpJRnH9Mx0ClVOf5YUHerZ5so1OKSlqww4zy1R5ksEdGRcO3tM3zj0PYN6V48TbQCL1RfA=="],
 
@@ -961,7 +969,7 @@
 
     "graceful-fs": ["graceful-fs@4.2.11", "", {}, "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="],
 
-    "h3": ["h3@1.15.3", "", { "dependencies": { "cookie-es": "^1.2.2", "crossws": "^0.3.4", "defu": "^6.1.4", "destr": "^2.0.5", "iron-webcrypto": "^1.2.1", "node-mock-http": "^1.0.0", "radix3": "^1.1.2", "ufo": "^1.6.1", "uncrypto": "^0.1.3" } }, "sha512-z6GknHqyX0h9aQaTx22VZDf6QyZn+0Nh+Ym8O/u0SGSkyF5cuTJYKlc8MkzW3Nzf9LE1ivcpmYC3FUGpywhuUQ=="],
+    "h3": ["h3@1.15.4", "", { "dependencies": { "cookie-es": "^1.2.2", "crossws": "^0.3.5", "defu": "^6.1.4", "destr": "^2.0.5", "iron-webcrypto": "^1.2.1", "node-mock-http": "^1.0.2", "radix3": "^1.1.2", "ufo": "^1.6.1", "uncrypto": "^0.1.3" } }, "sha512-z5cFQWDffyOe4vQ9xIqNfCZdV4p//vy6fBnr8Q1AWnVZ0teurKMG66rLj++TKwKPUP3u7iMUvrvKaEUiQw2QWQ=="],
 
     "has-flag": ["has-flag@4.0.0", "", {}, "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="],
 
@@ -1009,7 +1017,7 @@
 
     "iconv-lite": ["iconv-lite@0.6.3", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw=="],
 
-    "import-meta-resolve": ["import-meta-resolve@4.1.0", "", {}, "sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw=="],
+    "import-meta-resolve": ["import-meta-resolve@4.2.0", "", {}, "sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg=="],
 
     "indent-string": ["indent-string@4.0.0", "", {}, "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg=="],
 
@@ -1287,11 +1295,11 @@
 
     "node-fetch": ["node-fetch@2.7.0", "", { "dependencies": { "whatwg-url": "^5.0.0" }, "peerDependencies": { "encoding": "^0.1.0" }, "optionalPeers": ["encoding"] }, "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A=="],
 
-    "node-fetch-native": ["node-fetch-native@1.6.6", "", {}, "sha512-8Mc2HhqPdlIfedsuZoc3yioPuzp6b+L5jRCRY1QzuWZh2EGJVQrGppC6V6cF0bLdbW0+O2YpqCA25aF/1lvipQ=="],
+    "node-fetch-native": ["node-fetch-native@1.6.7", "", {}, "sha512-g9yhqoedzIUm0nTnTqAQvueMPVOuIY16bqgAJJC8XOOubYFNwz6IER9qs0Gq2Xd0+CecCKFjtdDTMA4u4xG06Q=="],
 
     "node-forge": ["node-forge@1.3.1", "", {}, "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA=="],
 
-    "node-mock-http": ["node-mock-http@1.0.0", "", {}, "sha512-0uGYQ1WQL1M5kKvGRXWQ3uZCHtLTO8hln3oBjIusM75WoesZ909uQJs/Hb946i2SS+Gsrhkaa6iAO17jRIv6DQ=="],
+    "node-mock-http": ["node-mock-http@1.0.3", "", {}, "sha512-jN8dK25fsfnMrVsEhluUTPkBFY+6ybu7jSB1n+ri/vOGjJxU8J9CZhpSGkHXSkFjtUhbmoncG/YG9ta5Ludqog=="],
 
     "node-releases": ["node-releases@2.0.19", "", {}, "sha512-xxOWJsBKtzAq7DY0J+DTzuz58K8e7sJbdgwkbMWQe8UYB6ekmsQ45q0M/tJDsGaZmbC+l7n57UV8Hl5tHxO9uw=="],
 
@@ -1485,7 +1493,7 @@
 
     "sharp": ["sharp@0.33.5", "", { "dependencies": { "color": "^4.2.3", "detect-libc": "^2.0.3", "semver": "^7.6.3" }, "optionalDependencies": { "@img/sharp-darwin-arm64": "0.33.5", "@img/sharp-darwin-x64": "0.33.5", "@img/sharp-libvips-darwin-arm64": "1.0.4", "@img/sharp-libvips-darwin-x64": "1.0.4", "@img/sharp-libvips-linux-arm": "1.0.5", "@img/sharp-libvips-linux-arm64": "1.0.4", "@img/sharp-libvips-linux-s390x": "1.0.4", "@img/sharp-libvips-linux-x64": "1.0.4", "@img/sharp-libvips-linuxmusl-arm64": "1.0.4", "@img/sharp-libvips-linuxmusl-x64": "1.0.4", "@img/sharp-linux-arm": "0.33.5", "@img/sharp-linux-arm64": "0.33.5", "@img/sharp-linux-s390x": "0.33.5", "@img/sharp-linux-x64": "0.33.5", "@img/sharp-linuxmusl-arm64": "0.33.5", "@img/sharp-linuxmusl-x64": "0.33.5", "@img/sharp-wasm32": "0.33.5", "@img/sharp-win32-ia32": "0.33.5", "@img/sharp-win32-x64": "0.33.5" } }, "sha512-haPVm1EkS9pgvHrQ/F3Xy+hgcuMV0Wm9vfIBSiwZ05k+xgb0PkBQpGsAA/oWdDobNaZTH5ppvHtzCFbnSEwHVw=="],
 
-    "shiki": ["shiki@3.4.2", "", { "dependencies": { "@shikijs/core": "3.4.2", "@shikijs/engine-javascript": "3.4.2", "@shikijs/engine-oniguruma": "3.4.2", "@shikijs/langs": "3.4.2", "@shikijs/themes": "3.4.2", "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-wuxzZzQG8kvZndD7nustrNFIKYJ1jJoWIPaBpVe2+KHSvtzMi4SBjOxrigs8qeqce/l3U0cwiC+VAkLKSunHQQ=="],
+    "shiki": ["shiki@3.12.2", "", { "dependencies": { "@shikijs/core": "3.12.2", "@shikijs/engine-javascript": "3.12.2", "@shikijs/engine-oniguruma": "3.12.2", "@shikijs/langs": "3.12.2", "@shikijs/themes": "3.12.2", "@shikijs/types": "3.12.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-uIrKI+f9IPz1zDT+GMz+0RjzKJiijVr6WDWm9Pe3NNY6QigKCfifCEv9v9R2mDASKKjzjQ2QpFLcxaR3iHSnMA=="],
 
     "side-channel": ["side-channel@1.1.0", "", { "dependencies": { "es-errors": "^1.3.0", "object-inspect": "^1.13.3", "side-channel-list": "^1.0.0", "side-channel-map": "^1.0.1", "side-channel-weakmap": "^1.0.2" } }, "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw=="],
 
@@ -1501,11 +1509,11 @@
 
     "sisteransi": ["sisteransi@1.0.5", "", {}, "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="],
 
-    "smol-toml": ["smol-toml@1.3.4", "", {}, "sha512-UOPtVuYkzYGee0Bd2Szz8d2G3RfMfJ2t3qVdZUAozZyAk+a0Sxa+QKix0YCwjL/A1RR0ar44nCxaoN9FxdJGwA=="],
+    "smol-toml": ["smol-toml@1.4.2", "", {}, "sha512-rInDH6lCNiEyn3+hH8KVGFdbjc099j47+OSgbMrfDYX1CmXLfdKd7qi6IfcWj2wFxvSVkuI46M+wPGYfEOEj6g=="],
 
     "sonner": ["sonner@2.0.7", "", { "peerDependencies": { "react": "^18.0.0 || ^19.0.0 || ^19.0.0-rc", "react-dom": "^18.0.0 || ^19.0.0 || ^19.0.0-rc" } }, "sha512-W6ZN4p58k8aDKA4XPcx2hpIQXBRAgyiWVkYhT7CvK6D3iAu7xjvVyhQHg2/iaKJZ1XVJ4r7XuwGL+WGEK37i9w=="],
 
-    "source-map": ["source-map@0.7.4", "", {}, "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA=="],
+    "source-map": ["source-map@0.7.6", "", {}, "sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ=="],
 
     "source-map-js": ["source-map-js@1.2.1", "", {}, "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA=="],
 
@@ -1539,7 +1547,7 @@
 
     "tailwind-merge": ["tailwind-merge@3.3.1", "", {}, "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g=="],
 
-    "tailwindcss": ["tailwindcss@4.1.12", "", {}, "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA=="],
+    "tailwindcss": ["tailwindcss@4.1.13", "", {}, "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w=="],
 
     "tapable": ["tapable@2.2.2", "", {}, "sha512-Re10+NauLTMCudc7T5WLFLAwDhQ0JWdrMK+9B2M8zR5hRExKmsRDCBA7/aV/pNJFltmBFO5BAMlQFi/vq3nKOg=="],
 
@@ -1581,7 +1589,7 @@
 
     "tsx": ["tsx@4.20.5", "", { "dependencies": { "esbuild": "~0.25.0", "get-tsconfig": "^4.7.5" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "bin": { "tsx": "dist/cli.mjs" } }, "sha512-+wKjMNU9w/EaQayHXb7WA7ZaHY6hN8WgfvHNQ3t1PnU91/7O8TcTnIhCDYTZwnt8JsO9IBqZ30Ln1r7pPF52Aw=="],
 
-    "tw-animate-css": ["tw-animate-css@1.3.7", "", {}, "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A=="],
+    "tw-animate-css": ["tw-animate-css@1.3.8", "", {}, "sha512-Qrk3PZ7l7wUcGYhwZloqfkWCmaXZAoqjkdbIDvzfGshwGtexa/DAs9koXxIkrpEasyevandomzCBAV1Yyop5rw=="],
 
     "type-fest": ["type-fest@4.41.0", "", {}, "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA=="],
 
@@ -1607,7 +1615,7 @@
 
     "unified": ["unified@11.0.5", "", { "dependencies": { "@types/unist": "^3.0.0", "bail": "^2.0.0", "devlop": "^1.0.0", "extend": "^3.0.0", "is-plain-obj": "^4.0.0", "trough": "^2.0.0", "vfile": "^6.0.0" } }, "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA=="],
 
-    "unifont": ["unifont@0.5.0", "", { "dependencies": { "css-tree": "^3.0.0", "ohash": "^2.0.0" } }, "sha512-4DueXMP5Hy4n607sh+vJ+rajoLu778aU3GzqeTCqsD/EaUcvqZT9wPC8kgK6Vjh22ZskrxyRCR71FwNOaYn6jA=="],
+    "unifont": ["unifont@0.5.2", "", { "dependencies": { "css-tree": "^3.0.0", "ofetch": "^1.4.1", "ohash": "^2.0.0" } }, "sha512-LzR4WUqzH9ILFvjLAUU7dK3Lnou/qd5kD+IakBtBK4S15/+x2y9VX+DcWQv6s551R6W+vzwgVS6tFg3XggGBgg=="],
 
     "unist-util-find-after": ["unist-util-find-after@5.0.0", "", { "dependencies": { "@types/unist": "^3.0.0", "unist-util-is": "^6.0.0" } }, "sha512-amQa0Ep2m6hE2g72AugUItjbuM8X8cGQnFoHk0pGfrFeT9GZhzN5SW8nRsiGKK7Aif4CrACPENkA6P/Lw6fHGQ=="],
 
@@ -1633,7 +1641,7 @@
 
     "unpipe": ["unpipe@1.0.0", "", {}, "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="],
 
-    "unstorage": ["unstorage@1.16.0", "", { "dependencies": { "anymatch": "^3.1.3", "chokidar": "^4.0.3", "destr": "^2.0.5", "h3": "^1.15.2", "lru-cache": "^10.4.3", "node-fetch-native": "^1.6.6", "ofetch": "^1.4.1", "ufo": "^1.6.1" }, "peerDependencies": { "@azure/app-configuration": "^1.8.0", "@azure/cosmos": "^4.2.0", "@azure/data-tables": "^13.3.0", "@azure/identity": "^4.6.0", "@azure/keyvault-secrets": "^4.9.0", "@azure/storage-blob": "^12.26.0", "@capacitor/preferences": "^6.0.3 || ^7.0.0", "@deno/kv": ">=0.9.0", "@netlify/blobs": "^6.5.0 || ^7.0.0 || ^8.1.0", "@planetscale/database": "^1.19.0", "@upstash/redis": "^1.34.3", "@vercel/blob": ">=0.27.1", "@vercel/kv": "^1.0.1", "aws4fetch": "^1.0.20", "db0": ">=0.2.1", "idb-keyval": "^6.2.1", "ioredis": "^5.4.2", "uploadthing": "^7.4.4" }, "optionalPeers": ["@azure/app-configuration", "@azure/cosmos", "@azure/data-tables", "@azure/identity", "@azure/keyvault-secrets", "@azure/storage-blob", "@capacitor/preferences", "@deno/kv", "@netlify/blobs", "@planetscale/database", "@upstash/redis", "@vercel/blob", "@vercel/kv", "aws4fetch", "db0", "idb-keyval", "ioredis", "uploadthing"] }, "sha512-WQ37/H5A7LcRPWfYOrDa1Ys02xAbpPJq6q5GkO88FBXVSQzHd7+BjEwfRqyaSWCv9MbsJy058GWjjPjcJ16GGA=="],
+    "unstorage": ["unstorage@1.17.1", "", { "dependencies": { "anymatch": "^3.1.3", "chokidar": "^4.0.3", "destr": "^2.0.5", "h3": "^1.15.4", "lru-cache": "^10.4.3", "node-fetch-native": "^1.6.7", "ofetch": "^1.4.1", "ufo": "^1.6.1" }, "peerDependencies": { "@azure/app-configuration": "^1.8.0", "@azure/cosmos": "^4.2.0", "@azure/data-tables": "^13.3.0", "@azure/identity": "^4.6.0", "@azure/keyvault-secrets": "^4.9.0", "@azure/storage-blob": "^12.26.0", "@capacitor/preferences": "^6.0.3 || ^7.0.0", "@deno/kv": ">=0.9.0", "@netlify/blobs": "^6.5.0 || ^7.0.0 || ^8.1.0 || ^9.0.0 || ^10.0.0", "@planetscale/database": "^1.19.0", "@upstash/redis": "^1.34.3", "@vercel/blob": ">=0.27.1", "@vercel/functions": "^2.2.12 || ^3.0.0", "@vercel/kv": "^1.0.1", "aws4fetch": "^1.0.20", "db0": ">=0.2.1", "idb-keyval": "^6.2.1", "ioredis": "^5.4.2", "uploadthing": "^7.4.4" }, "optionalPeers": ["@azure/app-configuration", "@azure/cosmos", "@azure/data-tables", "@azure/identity", "@azure/keyvault-secrets", "@azure/storage-blob", "@capacitor/preferences", "@deno/kv", "@netlify/blobs", "@planetscale/database", "@upstash/redis", "@vercel/blob", "@vercel/functions", "@vercel/kv", "aws4fetch", "db0", "idb-keyval", "ioredis", "uploadthing"] }, "sha512-KKGwRTT0iVBCErKemkJCLs7JdxNVfqTPc/85ae1XES0+bsHbc/sFBfVi5kJp156cc51BHinIH2l3k0EZ24vOBQ=="],
 
     "update-browserslist-db": ["update-browserslist-db@1.1.3", "", { "dependencies": { "escalade": "^3.2.0", "picocolors": "^1.1.1" }, "peerDependencies": { "browserslist": ">= 4.21.0" }, "bin": { "update-browserslist-db": "cli.js" } }, "sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw=="],
 
@@ -1645,7 +1653,7 @@
 
     "utils-merge": ["utils-merge@1.0.1", "", {}, "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA=="],
 
-    "uuid": ["uuid@11.1.0", "", { "bin": { "uuid": "dist/esm/bin/uuid" } }, "sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A=="],
+    "uuid": ["uuid@13.0.0", "", { "bin": { "uuid": "dist-node/bin/uuid" } }, "sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w=="],
 
     "vary": ["vary@1.1.2", "", {}, "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="],
 
@@ -1661,7 +1669,7 @@
 
     "vite-node": ["vite-node@3.2.4", "", { "dependencies": { "cac": "^6.7.14", "debug": "^4.4.1", "es-module-lexer": "^1.7.0", "pathe": "^2.0.3", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0" }, "bin": { "vite-node": "vite-node.mjs" } }, "sha512-EbKSKh+bh1E1IFxeO0pg1n4dvoOTt0UDiXMd/qn++r98+jPO1xtJilvXldeuQ8giIB5IkpjCgMleHMNEsGH6pg=="],
 
-    "vitefu": ["vitefu@1.0.6", "", { "peerDependencies": { "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0" }, "optionalPeers": ["vite"] }, "sha512-+Rex1GlappUyNN6UfwbVZne/9cYC4+R2XDk9xkNXBKMw6HQagdX9PgZ8V2v1WUSK1wfBLp7qbI1+XSNIlB1xmA=="],
+    "vitefu": ["vitefu@1.1.1", "", { "peerDependencies": { "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0-beta.0" }, "optionalPeers": ["vite"] }, "sha512-B/Fegf3i8zh0yFbpzZ21amWzHmuNlLlmJT6n7bu5e+pCHUKQIfXSYokrqOBGEMMe9UG2sostKQF9mml/vYaWJQ=="],
 
     "vitest": ["vitest@3.2.4", "", { "dependencies": { "@types/chai": "^5.2.2", "@vitest/expect": "3.2.4", "@vitest/mocker": "3.2.4", "@vitest/pretty-format": "^3.2.4", "@vitest/runner": "3.2.4", "@vitest/snapshot": "3.2.4", "@vitest/spy": "3.2.4", "@vitest/utils": "3.2.4", "chai": "^5.2.0", "debug": "^4.4.1", "expect-type": "^1.2.1", "magic-string": "^0.30.17", "pathe": "^2.0.3", "picomatch": "^4.0.2", "std-env": "^3.9.0", "tinybench": "^2.9.0", "tinyexec": "^0.3.2", "tinyglobby": "^0.2.14", "tinypool": "^1.1.1", "tinyrainbow": "^2.0.0", "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0", "vite-node": "3.2.4", "why-is-node-running": "^2.3.0" }, "peerDependencies": { "@edge-runtime/vm": "*", "@types/debug": "^4.1.12", "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "@vitest/browser": "3.2.4", "@vitest/ui": "3.2.4", "happy-dom": "*", "jsdom": "*" }, "optionalPeers": ["@edge-runtime/vm", "@types/debug", "@types/node", "@vitest/browser", "@vitest/ui", "happy-dom", "jsdom"], "bin": { "vitest": "vitest.mjs" } }, "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A=="],
 
@@ -1755,13 +1763,23 @@
 
     "zod": ["zod@4.1.5", "", {}, "sha512-rcUUZqlLJgBC33IT3PNMgsCq6TzLQEG/Ei/KTCU0PedSWRMAXoOUN+4t/0H+Q8bdnLPdqUYnvboJT0bn/229qg=="],
 
-    "zod-to-json-schema": ["zod-to-json-schema@3.24.5", "", { "peerDependencies": { "zod": "^3.24.1" } }, "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g=="],
+    "zod-to-json-schema": ["zod-to-json-schema@3.24.6", "", { "peerDependencies": { "zod": "^3.24.1" } }, "sha512-h/z3PKvcTcTetyjl1fkj79MHNEjm+HpD6NXheWjzOekY7kV+lwDYnHw+ivHkijnCSMz1yJaWBD9vu/Fcmk+vEg=="],
 
     "zod-to-ts": ["zod-to-ts@1.2.0", "", { "peerDependencies": { "typescript": "^4.9.4 || ^5.0.2", "zod": "^3" } }, "sha512-x30XE43V+InwGpvTySRNz9kB7qFU8DlyEy7BsSTCHPH1R0QasMmHWZDCzYm6bVXtj/9NNJAZF3jW8rzFvH5OFA=="],
 
     "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
 
-    "@astrojs/react/@vitejs/plugin-react": ["@vitejs/plugin-react@4.5.0", "", { "dependencies": { "@babel/core": "^7.26.10", "@babel/plugin-transform-react-jsx-self": "^7.25.9", "@babel/plugin-transform-react-jsx-source": "^7.25.9", "@rolldown/pluginutils": "1.0.0-beta.9", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0" } }, "sha512-JuLWaEqypaJmOJPLWwO335Ig6jSgC1FTONCWAxnqcQthLTK/Yc9aH6hr9z/87xciejbQcnP3GnA1FWUSWeXaeg=="],
+    "@astrojs/markdown-remark/import-meta-resolve": ["import-meta-resolve@4.1.0", "", {}, "sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw=="],
+
+    "@astrojs/markdown-remark/shiki": ["shiki@3.4.2", "", { "dependencies": { "@shikijs/core": "3.4.2", "@shikijs/engine-javascript": "3.4.2", "@shikijs/engine-oniguruma": "3.4.2", "@shikijs/langs": "3.4.2", "@shikijs/themes": "3.4.2", "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-wuxzZzQG8kvZndD7nustrNFIKYJ1jJoWIPaBpVe2+KHSvtzMi4SBjOxrigs8qeqce/l3U0cwiC+VAkLKSunHQQ=="],
+
+    "@astrojs/markdown-remark/smol-toml": ["smol-toml@1.3.4", "", {}, "sha512-UOPtVuYkzYGee0Bd2Szz8d2G3RfMfJ2t3qVdZUAozZyAk+a0Sxa+QKix0YCwjL/A1RR0ar44nCxaoN9FxdJGwA=="],
+
+    "@astrojs/react/@vitejs/plugin-react": ["@vitejs/plugin-react@4.7.0", "", { "dependencies": { "@babel/core": "^7.28.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-beta.27", "@types/babel__core": "^7.20.5", "react-refresh": "^0.17.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-gUu9hwfWvvEDBBmgtAowQCojwZmJ5mcLn3aufeCsitijs3+f2NsrPtlAWIR6OPiqljl96GVCUbLe0HyqIpVaoA=="],
+
+    "@astrojs/react/vite": ["vite@6.3.6", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-0msEVHJEScQbhkbVTb/4iHZdJ6SXp/AvxL2sjwYQFfBqleHtnCqv1J3sa9zbWz/6kW1m9Tfzn92vW+kZ1WV6QA=="],
+
+    "@astrojs/telemetry/ci-info": ["ci-info@4.2.0", "", {}, "sha512-cYY9mypksY8NRqgDB1XD1RiJL338v/551niynFTGkZOO2LHuB2OmOYxDIe/ttN9AHwrqdum1360G3ald0W9kCg=="],
 
     "@babel/core/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
@@ -1787,8 +1805,12 @@
 
     "@rollup/pluginutils/estree-walker": ["estree-walker@2.0.2", "", {}, "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w=="],
 
+    "@rollup/pluginutils/picomatch": ["picomatch@4.0.3", "", {}, "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q=="],
+
     "@tailwindcss/node/jiti": ["jiti@2.5.1", "", { "bin": { "jiti": "lib/jiti-cli.mjs" } }, "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w=="],
 
+    "@tailwindcss/node/magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],
+
     "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.4.5", "", { "dependencies": { "@emnapi/wasi-threads": "1.0.4", "tslib": "^2.4.0" }, "bundled": true }, "sha512-XsLw1dEOpkSX/WucdqUhPWP7hDxSvZiY+fsUC14h+FtQ2Ifni4znbBt8punRX+Uj2JG/uDb8nEHVKvrVlvdZ5Q=="],
 
     "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.4.5", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-++LApOtY0pEEz1zrd9vy1/zXVaVJJ/EbAF3u0fXIzPJEDtnITsBGbbK0EkM72amhl/R5b+5xx0Y/QhcVOpuulg=="],
@@ -1821,10 +1843,18 @@
 
     "anymatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
 
-    "astro/zod": ["zod@3.25.75", "", {}, "sha512-OhpzAmVzabPOL6C3A3gpAifqr9MqihV/Msx3gor2b2kviCgcb+HM9SEOpMWwwNp9MRunWnhtAKUoo0AHhjyPPg=="],
+    "astro/magic-string": ["magic-string@0.30.19", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.5.5" } }, "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw=="],
+
+    "astro/picomatch": ["picomatch@4.0.3", "", {}, "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q=="],
+
+    "astro/vite": ["vite@6.3.6", "", { "dependencies": { "esbuild": "^0.25.0", "fdir": "^6.4.4", "picomatch": "^4.0.2", "postcss": "^8.5.3", "rollup": "^4.34.9", "tinyglobby": "^0.2.13" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0", "jiti": ">=1.21.0", "less": "*", "lightningcss": "^1.21.0", "sass": "*", "sass-embedded": "*", "stylus": "*", "sugarss": "*", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "jiti", "less", "lightningcss", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-0msEVHJEScQbhkbVTb/4iHZdJ6SXp/AvxL2sjwYQFfBqleHtnCqv1J3sa9zbWz/6kW1m9Tfzn92vW+kZ1WV6QA=="],
+
+    "astro/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
 
     "basic-auth/safe-buffer": ["safe-buffer@5.1.2", "", {}, "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="],
 
+    "better-auth/jose": ["jose@6.1.0", "", {}, "sha512-TTQJyoEoKcC1lscpVDCSsVgYzUDg/0Bt3WE//WiTPK6uOCQC2KZS4MpugbMWt/zyjkopgZoXhZuCi00gLudfUA=="],
+
     "body-parser/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
 
     "body-parser/iconv-lite": ["iconv-lite@0.4.24", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3" } }, "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA=="],
@@ -1841,6 +1871,10 @@
 
     "cmdk/@radix-ui/react-dialog": ["@radix-ui/react-dialog@1.1.14", "", { "dependencies": { "@radix-ui/primitive": "1.1.2", "@radix-ui/react-compose-refs": "1.1.2", "@radix-ui/react-context": "1.1.2", "@radix-ui/react-dismissable-layer": "1.1.10", "@radix-ui/react-focus-guards": "1.1.2", "@radix-ui/react-focus-scope": "1.1.7", "@radix-ui/react-id": "1.1.1", "@radix-ui/react-portal": "1.1.9", "@radix-ui/react-presence": "1.1.4", "@radix-ui/react-primitive": "2.1.3", "@radix-ui/react-slot": "1.2.3", "@radix-ui/react-use-controllable-state": "1.2.2", "aria-hidden": "^1.2.4", "react-remove-scroll": "^2.6.3" }, "peerDependencies": { "@types/react": "*", "@types/react-dom": "*", "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc", "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc" }, "optionalPeers": ["@types/react", "@types/react-dom"] }, "sha512-+CpweKjqpzTmwRwcYECQcNYbI8V9VSQt0SNFKeEBLgfucbsLssU6Ppq7wUdNXEGb573bMjFhVjKVll8rmV6zMw=="],
 
+    "esast-util-from-js/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
+
+    "estree-util-to-js/source-map": ["source-map@0.7.4", "", {}, "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA=="],
+
     "express/cookie": ["cookie@0.7.1", "", {}, "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w=="],
 
     "express/debug": ["debug@2.6.9", "", { "dependencies": { "ms": "2.0.0" } }, "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA=="],
@@ -1857,10 +1891,14 @@
 
     "magicast/@babel/types": ["@babel/types@7.27.3", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-Y1GkI4ktrtvmawoSq+4FCVHNryea6uR+qUQy0AGxLSsjCX0nVmkYQMBLHDkXZuo5hGx7eYdnIaslsdBFm7zbUw=="],
 
+    "micromark-extension-mdxjs/acorn": ["acorn@8.14.1", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-OvQ/2pUDKmgfCg++xsTX1wGxfTaszcHVcTctW4UJB4hibJx2HXxxO5UmVgyjMa+ZDsiaf5wWLXYpRWMmBI0QHg=="],
+
     "micromatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
 
     "node-fetch/whatwg-url": ["whatwg-url@5.0.0", "", { "dependencies": { "tr46": "~0.0.3", "webidl-conversions": "^3.0.0" } }, "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw=="],
 
+    "ofetch/node-fetch-native": ["node-fetch-native@1.6.6", "", {}, "sha512-8Mc2HhqPdlIfedsuZoc3yioPuzp6b+L5jRCRY1QzuWZh2EGJVQrGppC6V6cF0bLdbW0+O2YpqCA25aF/1lvipQ=="],
+
     "parse-entities/@types/unist": ["@types/unist@2.0.11", "", {}, "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA=="],
 
     "pretty-format/ansi-styles": ["ansi-styles@5.2.0", "", {}, "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA=="],
@@ -1899,9 +1937,21 @@
 
     "yaml-language-server/yaml": ["yaml@2.2.2", "", {}, "sha512-CBKFWExMn46Foo4cldiChEzn7S7SRV+wqiluAb6xmueD/fGyRHIhX8m14vVGgeFWjN540nKCNVj6P21eQjgTuA=="],
 
-    "@astrojs/react/@vitejs/plugin-react/@babel/core": ["@babel/core@7.27.3", "", { "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.3", "@babel/helper-compilation-targets": "^7.27.2", "@babel/helper-module-transforms": "^7.27.3", "@babel/helpers": "^7.27.3", "@babel/parser": "^7.27.3", "@babel/template": "^7.27.2", "@babel/traverse": "^7.27.3", "@babel/types": "^7.27.3", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", "json5": "^2.2.3", "semver": "^6.3.1" } }, "sha512-hyrN8ivxfvJ4i0fIJuV4EOlV0WDMz5Ui4StRTgVaAvWeiRCilXgwVvxJKtFQ3TKtHgJscB2YiXKGNJuVwhQMtA=="],
+    "@astrojs/markdown-remark/shiki/@shikijs/core": ["@shikijs/core@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4", "hast-util-to-html": "^9.0.5" } }, "sha512-AG8vnSi1W2pbgR2B911EfGqtLE9c4hQBYkv/x7Z+Kt0VxhgQKcW7UNDVYsu9YxwV6u+OJrvdJrMq6DNWoBjihQ=="],
 
-    "@astrojs/react/@vitejs/plugin-react/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.9", "", {}, "sha512-e9MeMtVWo186sgvFFJOPGy7/d2j2mZhLJIdVW0C/xDluuOvymEATqz6zKsP0ZmXGzQtqlyjz5sC1sYQUoJG98w=="],
+    "@astrojs/markdown-remark/shiki/@shikijs/engine-javascript": ["@shikijs/engine-javascript@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2", "oniguruma-to-es": "^4.3.3" } }, "sha512-1/adJbSMBOkpScCE/SB6XkjJU17ANln3Wky7lOmrnpl+zBdQ1qXUJg2GXTYVHRq+2j3hd1DesmElTXYDgtfSOQ=="],
+
+    "@astrojs/markdown-remark/shiki/@shikijs/engine-oniguruma": ["@shikijs/engine-oniguruma@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2", "@shikijs/vscode-textmate": "^10.0.2" } }, "sha512-zcZKMnNndgRa3ORja6Iemsr3DrLtkX3cAF7lTJkdMB6v9alhlBsX9uNiCpqofNrXOvpA3h6lHcLJxgCIhVOU5Q=="],
+
+    "@astrojs/markdown-remark/shiki/@shikijs/langs": ["@shikijs/langs@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2" } }, "sha512-H6azIAM+OXD98yztIfs/KH5H4PU39t+SREhmM8LaNXyUrqj2mx+zVkr8MWYqjceSjDw9I1jawm1WdFqU806rMA=="],
+
+    "@astrojs/markdown-remark/shiki/@shikijs/themes": ["@shikijs/themes@3.4.2", "", { "dependencies": { "@shikijs/types": "3.4.2" } }, "sha512-qAEuAQh+brd8Jyej2UDDf+b4V2g1Rm8aBIdvt32XhDPrHvDkEnpb7Kzc9hSuHUxz0Iuflmq7elaDuQAP9bHIhg=="],
+
+    "@astrojs/markdown-remark/shiki/@shikijs/types": ["@shikijs/types@3.4.2", "", { "dependencies": { "@shikijs/vscode-textmate": "^10.0.2", "@types/hast": "^3.0.4" } }, "sha512-zHC1l7L+eQlDXLnxvM9R91Efh2V4+rN3oMVS2swCBssbj2U/FBwybD1eeLaq8yl/iwT+zih8iUbTBCgGZOYlVg=="],
+
+    "@astrojs/react/@vitejs/plugin-react/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-beta.27", "", {}, "sha512-+d0F4MKMCbeVUJwG96uQ4SgAznZNSq93I3V+9NHA4OpvqG8mRCpGdKmK8l/dl02h2CCDHwW2FqilnTyDcAnqjA=="],
+
+    "@astrojs/react/vite/picomatch": ["picomatch@4.0.3", "", {}, "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q=="],
 
     "@babel/helper-compilation-targets/lru-cache/yallist": ["yallist@3.1.1", "", {}, "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="],
 
@@ -1909,8 +1959,12 @@
 
     "@babel/helper-module-imports/@babel/traverse/@babel/parser": ["@babel/parser@7.27.3", "", { "dependencies": { "@babel/types": "^7.27.3" }, "bin": "./bin/babel-parser.js" }, "sha512-xyYxRj6+tLNDTWi0KCBcZ9V7yg3/lwL9DWh9Uwh/RIVlIfFidggcgxKX3GCXwCiswwcGRawBKbEg2LG/Y8eJhw=="],
 
+    "@tailwindcss/node/magic-string/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],
+
     "accepts/mime-types/mime-db": ["mime-db@1.52.0", "", {}, "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="],
 
+    "astro/magic-string/@jridgewell/sourcemap-codec": ["@jridgewell/sourcemap-codec@1.5.5", "", {}, "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og=="],
+
     "body-parser/debug/ms": ["ms@2.0.0", "", {}, "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="],
 
     "boxen/string-width/emoji-regex": ["emoji-regex@10.4.0", "", {}, "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw=="],
@@ -1961,20 +2015,6 @@
 
     "yaml-language-server/vscode-languageserver/vscode-languageserver-protocol": ["vscode-languageserver-protocol@3.16.0", "", { "dependencies": { "vscode-jsonrpc": "6.0.0", "vscode-languageserver-types": "3.16.0" } }, "sha512-sdeUoAawceQdgIfTI+sdcwkiK2KU+2cbEYA0agzM2uqaUy2UpnnGHtWTHVEtS0ES4zHU0eMFRGN+oQgDxlD66A=="],
 
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/generator": ["@babel/generator@7.27.3", "", { "dependencies": { "@babel/parser": "^7.27.3", "@babel/types": "^7.27.3", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" } }, "sha512-xnlJYj5zepml8NXtjkG0WquFUv8RskFqyFcVgTBp5k+NaA/8uw/K+OSVf8AMGw5e9HKP2ETd5xpK5MLZQD6b4Q=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/helper-module-transforms": ["@babel/helper-module-transforms@7.27.3", "", { "dependencies": { "@babel/helper-module-imports": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1", "@babel/traverse": "^7.27.3" }, "peerDependencies": { "@babel/core": "^7.0.0" } }, "sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/helpers": ["@babel/helpers@7.27.3", "", { "dependencies": { "@babel/template": "^7.27.2", "@babel/types": "^7.27.3" } }, "sha512-h/eKy9agOya1IGuLaZ9tEUgz+uIRXcbtOhRtUyyMf8JFmn1iT13vnl/IGVWSkdOCG/pC57U4S1jnAabAavTMwg=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/parser": ["@babel/parser@7.27.3", "", { "dependencies": { "@babel/types": "^7.27.3" }, "bin": "./bin/babel-parser.js" }, "sha512-xyYxRj6+tLNDTWi0KCBcZ9V7yg3/lwL9DWh9Uwh/RIVlIfFidggcgxKX3GCXwCiswwcGRawBKbEg2LG/Y8eJhw=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/traverse": ["@babel/traverse@7.27.3", "", { "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.27.3", "@babel/parser": "^7.27.3", "@babel/template": "^7.27.2", "@babel/types": "^7.27.3", "debug": "^4.3.1", "globals": "^11.1.0" } }, "sha512-lId/IfN/Ye1CIu8xG7oKBHXd2iNb2aW1ilPszzGcJug6M8RCKfVNcYhpI5+bMvFYjK7lXIM0R+a+6r8xhHp2FQ=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/@babel/types": ["@babel/types@7.27.3", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.27.1" } }, "sha512-Y1GkI4ktrtvmawoSq+4FCVHNryea6uR+qUQy0AGxLSsjCX0nVmkYQMBLHDkXZuo5hGx7eYdnIaslsdBFm7zbUw=="],
-
-    "@astrojs/react/@vitejs/plugin-react/@babel/core/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
-
     "boxen/string-width/strip-ansi/ansi-regex": ["ansi-regex@6.1.0", "", {}, "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA=="],
 
     "serve-static/send/debug/ms": ["ms@2.0.0", "", {}, "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="],

docker-compose.alt.yml

@@ -1,5 +1,7 @@
-# Gitea Mirror alternate deployment configuration
-# Standard deployment with host path and minimal environments
+# Minimal Gitea Mirror deployment
+# Only includes what CANNOT be configured via the Web UI
+# Everything else can be set up through the web interface after deployment
+
 services:
   gitea-mirror:
     image: ghcr.io/raylabshq/gitea-mirror:latest
@@ -11,17 +13,43 @@ services:
     volumes:
       - ./data:/app/data
     environment:
-      # For a complete list of all supported environment variables, see:
-      # docs/ENVIRONMENT_VARIABLES.md or .env.example
+      # === ABSOLUTELY REQUIRED ===
+      # This MUST be set and CANNOT be changed via UI
+      - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET}  # Min 32 chars, required for sessions
+      
+      # === CORE SETTINGS ===
+      # These are technically required but have working defaults
       - NODE_ENV=production
       - DATABASE_URL=file:data/gitea-mirror.db
       - HOST=0.0.0.0
       - PORT=4321
-      - BETTER_AUTH_URL=http://localhost:4321
-      - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET:-your-secret-key-change-this-in-production}
+      - BETTER_AUTH_URL=${BETTER_AUTH_URL:-http://localhost:4321}
+      
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=3", "--spider", "http://localhost:4321/api/health"]
       interval: 30s
       timeout: 10s
       retries: 5
       start_period: 15s
+
+# === QUICK START ===
+#
+# 1. Create a .env file with only ONE required variable:
+#    BETTER_AUTH_SECRET=your-32-character-minimum-secret-key-here
+#
+# 2. Run:
+#    docker-compose -f docker-compose.alt.yml up -d
+#
+# 3. Access at http://localhost:4321
+#
+# 4. Sign up for an account (first user becomes admin)
+#
+# 5. Configure everything else through the web UI:
+#    - GitHub credentials
+#    - Gitea credentials  
+#    - Mirror settings
+#    - Scheduling options
+#    - Auto-import settings
+#    - Cleanup preferences
+#
+# That's it! Everything else can be configured via the web interface.

docker-compose.authentik.yml

@@ -1,174 +0,0 @@
-version: "3.8"
-
-services:
-  # PostgreSQL database for Authentik
-  authentik-db:
-    image: postgres:15-alpine
-    container_name: authentik-db
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: authentik
-      POSTGRES_PASSWORD: authentik-db-password
-      POSTGRES_DB: authentik
-    volumes:
-      - authentik-db-data:/var/lib/postgresql/data
-    networks:
-      - authentik-net
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U authentik"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  # Redis cache for Authentik
-  authentik-redis:
-    image: redis:7-alpine
-    container_name: authentik-redis
-    restart: unless-stopped
-    command: redis-server --save 60 1 --loglevel warning
-    volumes:
-      - authentik-redis-data:/data
-    networks:
-      - authentik-net
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  # Authentik Server
-  authentik-server:
-    image: ghcr.io/goauthentik/server:2024.2
-    container_name: authentik-server
-    restart: unless-stopped
-    command: server
-    environment:
-      # Core Settings
-      AUTHENTIK_SECRET_KEY: "change-me-to-a-random-50-char-string-for-production"
-      AUTHENTIK_ERROR_REPORTING__ENABLED: false
-      
-      # Database
-      AUTHENTIK_POSTGRESQL__HOST: authentik-db
-      AUTHENTIK_POSTGRESQL__USER: authentik
-      AUTHENTIK_POSTGRESQL__NAME: authentik
-      AUTHENTIK_POSTGRESQL__PASSWORD: authentik-db-password
-      
-      # Redis
-      AUTHENTIK_REDIS__HOST: authentik-redis
-      
-      # Email (optional - for testing, uses console backend)
-      AUTHENTIK_EMAIL__HOST: localhost
-      AUTHENTIK_EMAIL__PORT: 25
-      AUTHENTIK_EMAIL__USE_TLS: false
-      AUTHENTIK_EMAIL__USE_SSL: false
-      AUTHENTIK_EMAIL__TIMEOUT: 10
-      AUTHENTIK_EMAIL__FROM: authentik@localhost
-      
-      # Log Level
-      AUTHENTIK_LOG_LEVEL: info
-      
-      # Disable analytics
-      AUTHENTIK_DISABLE_UPDATE_CHECK: true
-      AUTHENTIK_DISABLE_STARTUP_ANALYTICS: true
-      
-      # Default admin user (only created on first run)
-      AUTHENTIK_BOOTSTRAP_PASSWORD: admin-password
-      AUTHENTIK_BOOTSTRAP_TOKEN: initial-admin-token
-      AUTHENTIK_BOOTSTRAP_EMAIL: admin@example.com
-    volumes:
-      - authentik-media:/media
-      - authentik-templates:/templates
-    ports:
-      - "9000:9000"  # HTTP
-      - "9443:9443"  # HTTPS (if configured)
-    networks:
-      - authentik-net
-      - gitea-mirror-net
-    depends_on:
-      authentik-db:
-        condition: service_healthy
-      authentik-redis:
-        condition: service_healthy
-
-  # Authentik Worker (background tasks)
-  authentik-worker:
-    image: ghcr.io/goauthentik/server:2024.2
-    container_name: authentik-worker
-    restart: unless-stopped
-    command: worker
-    environment:
-      # Same environment as server
-      AUTHENTIK_SECRET_KEY: "change-me-to-a-random-50-char-string-for-production"
-      AUTHENTIK_ERROR_REPORTING__ENABLED: false
-      AUTHENTIK_POSTGRESQL__HOST: authentik-db
-      AUTHENTIK_POSTGRESQL__USER: authentik
-      AUTHENTIK_POSTGRESQL__NAME: authentik
-      AUTHENTIK_POSTGRESQL__PASSWORD: authentik-db-password
-      AUTHENTIK_REDIS__HOST: authentik-redis
-      AUTHENTIK_EMAIL__HOST: localhost
-      AUTHENTIK_EMAIL__PORT: 25
-      AUTHENTIK_EMAIL__USE_TLS: false
-      AUTHENTIK_EMAIL__USE_SSL: false
-      AUTHENTIK_EMAIL__TIMEOUT: 10
-      AUTHENTIK_EMAIL__FROM: authentik@localhost
-      AUTHENTIK_LOG_LEVEL: info
-      AUTHENTIK_DISABLE_UPDATE_CHECK: true
-      AUTHENTIK_DISABLE_STARTUP_ANALYTICS: true
-    volumes:
-      - authentik-media:/media
-      - authentik-templates:/templates
-    networks:
-      - authentik-net
-    depends_on:
-      authentik-db:
-        condition: service_healthy
-      authentik-redis:
-        condition: service_healthy
-
-  # Gitea Mirror Application (uncomment to run together)
-  # gitea-mirror:
-  #   build: .
-  #   # OR use pre-built image:
-  #   # image: ghcr.io/raylabshq/gitea-mirror:latest
-  #   container_name: gitea-mirror
-  #   restart: unless-stopped
-  #   environment:
-  #     # Core Settings
-  #     BETTER_AUTH_URL: http://localhost:4321
-  #     BETTER_AUTH_TRUSTED_ORIGINS: http://localhost:4321,http://localhost:9000
-  #     BETTER_AUTH_SECRET: "your-32-character-secret-key-here"
-  #     
-  #     # GitHub Settings (configure as needed)
-  #     GITHUB_USERNAME: ${GITHUB_USERNAME}
-  #     GITHUB_TOKEN: ${GITHUB_TOKEN}
-  #     
-  #     # Gitea Settings (configure as needed)  
-  #     GITEA_URL: ${GITEA_URL}
-  #     GITEA_USERNAME: ${GITEA_USERNAME}
-  #     GITEA_TOKEN: ${GITEA_TOKEN}
-  #   volumes:
-  #     - ./data:/app/data
-  #   ports:
-  #     - "4321:4321"
-  #   networks:
-  #     - gitea-mirror-net
-  #   depends_on:
-  #     - authentik-server
-
-volumes:
-  authentik-db-data:
-    name: authentik-db-data
-  authentik-redis-data:
-    name: authentik-redis-data
-  authentik-media:
-    name: authentik-media
-  authentik-templates:
-    name: authentik-templates
-
-networks:
-  authentik-net:
-    name: authentik-net
-    driver: bridge
-  gitea-mirror-net:
-    name: gitea-mirror-net
-    driver: bridge

docker-compose.keycloak.yml

@@ -1,130 +0,0 @@
-version: "3.8"
-
-services:
-  # PostgreSQL database for Keycloak
-  keycloak-db:
-    image: postgres:15-alpine
-    container_name: keycloak-db
-    restart: unless-stopped
-    environment:
-      POSTGRES_DB: keycloak
-      POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: keycloak-db-password
-    volumes:
-      - keycloak-db-data:/var/lib/postgresql/data
-    networks:
-      - keycloak-net
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U keycloak"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-
-  # Keycloak Identity Provider
-  keycloak:
-    image: quay.io/keycloak/keycloak:23.0
-    container_name: keycloak
-    restart: unless-stopped
-    command: start-dev  # Use 'start' for production with HTTPS
-    environment:
-      # Admin credentials
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: admin-password
-      
-      # Database configuration
-      KC_DB: postgres
-      KC_DB_URL_HOST: keycloak-db
-      KC_DB_URL_DATABASE: keycloak
-      KC_DB_USERNAME: keycloak
-      KC_DB_PASSWORD: keycloak-db-password
-      
-      # HTTP settings
-      KC_HTTP_ENABLED: true
-      KC_HTTP_PORT: 8080
-      KC_HOSTNAME_STRICT: false
-      KC_HOSTNAME_STRICT_HTTPS: false
-      KC_PROXY: edge  # If behind a proxy
-      
-      # Development settings (remove for production)
-      KC_HOSTNAME: localhost
-      KC_HOSTNAME_PORT: 8080
-      KC_HOSTNAME_ADMIN: localhost
-      
-      # Features
-      KC_FEATURES: token-exchange,admin-fine-grained-authz
-      
-      # Health and metrics
-      KC_HEALTH_ENABLED: true
-      KC_METRICS_ENABLED: true
-      
-      # Log level
-      KC_LOG_LEVEL: INFO
-      # Uncomment for debug logging
-      # KC_LOG_LEVEL: DEBUG
-      # QUARKUS_LOG_CATEGORY__ORG_KEYCLOAK_SERVICES: DEBUG
-    ports:
-      - "8080:8080"  # HTTP
-      - "8443:8443"  # HTTPS (if configured)
-      - "9000:9000"  # Management
-    networks:
-      - keycloak-net
-      - gitea-mirror-net
-    depends_on:
-      keycloak-db:
-        condition: service_healthy
-    volumes:
-      # For custom themes (optional)
-      - keycloak-themes:/opt/keycloak/themes
-      # For importing realm configurations
-      - ./keycloak-realm-export.json:/opt/keycloak/data/import/realm.json:ro
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
-      interval: 15s
-      timeout: 10s
-      retries: 10
-      start_period: 60s
-
-  # Gitea Mirror Application (uncomment to run together)
-  # gitea-mirror:
-  #   build: .
-  #   # OR use pre-built image:
-  #   # image: ghcr.io/raylabshq/gitea-mirror:latest
-  #   container_name: gitea-mirror
-  #   restart: unless-stopped
-  #   environment:
-  #     # Core Settings
-  #     BETTER_AUTH_URL: http://localhost:4321
-  #     BETTER_AUTH_TRUSTED_ORIGINS: http://localhost:4321,http://localhost:8080
-  #     BETTER_AUTH_SECRET: "your-32-character-secret-key-here"
-  #     
-  #     # GitHub Settings (configure as needed)
-  #     GITHUB_USERNAME: ${GITHUB_USERNAME}
-  #     GITHUB_TOKEN: ${GITHUB_TOKEN}
-  #     
-  #     # Gitea Settings (configure as needed)
-  #     GITEA_URL: ${GITEA_URL}
-  #     GITEA_USERNAME: ${GITEA_USERNAME}
-  #     GITEA_TOKEN: ${GITEA_TOKEN}
-  #   volumes:
-  #     - ./data:/app/data
-  #   ports:
-  #     - "4321:4321"
-  #   networks:
-  #     - gitea-mirror-net
-  #   depends_on:
-  #     keycloak:
-  #       condition: service_healthy
-
-volumes:
-  keycloak-db-data:
-    name: keycloak-db-data
-  keycloak-themes:
-    name: keycloak-themes
-
-networks:
-  keycloak-net:
-    name: keycloak-net
-    driver: bridge
-  gitea-mirror-net:
-    name: gitea-mirror-net
-    driver: bridge

docker-compose.yml

@@ -53,6 +53,14 @@ services:
       - GITEA_ORGANIZATION=${GITEA_ORGANIZATION:-github-mirrors}
       - GITEA_ORG_VISIBILITY=${GITEA_ORG_VISIBILITY:-public}
       - DELAY=${DELAY:-3600}
+      # Scheduling and Sync Configuration (Issue #72 fixes)
+      - SCHEDULE_ENABLED=${SCHEDULE_ENABLED:-false}
+      - GITEA_MIRROR_INTERVAL=${GITEA_MIRROR_INTERVAL:-8h}
+      - AUTO_IMPORT_REPOS=${AUTO_IMPORT_REPOS:-true}
+      # Repository Cleanup Configuration
+      - CLEANUP_DELETE_IF_NOT_IN_GITHUB=${CLEANUP_DELETE_IF_NOT_IN_GITHUB:-false}
+      - CLEANUP_ORPHANED_REPO_ACTION=${CLEANUP_ORPHANED_REPO_ACTION:-archive}
+      - CLEANUP_DRY_RUN=${CLEANUP_DRY_RUN:-true}
       # Optional: Skip TLS verification (insecure, use only for testing)
       # - GITEA_SKIP_TLS_VERIFY=${GITEA_SKIP_TLS_VERIFY:-false}
       # Header Authentication (for Reverse Proxy SSO)

docs/ENVIRONMENT_VARIABLES.md

@@ -36,6 +36,7 @@ Essential application settings required for running Gitea Mirror.
 | `DATABASE_URL` | Database connection URL | `sqlite://data/gitea-mirror.db` | No |
 | `BETTER_AUTH_SECRET` | Secret key for session signing (generate with: `openssl rand -base64 32`) | - | Yes |
 | `BETTER_AUTH_URL` | Primary base URL for authentication. This should be the main URL where your application is accessed. | `http://localhost:4321` | No |
+| `PUBLIC_BETTER_AUTH_URL` | Client-side auth URL for multi-origin access. Set this to your primary domain when you need to access the app from different origins (e.g., both IP and domain). The client will use this URL for all auth requests instead of the current browser origin. | - | No |
 | `BETTER_AUTH_TRUSTED_ORIGINS` | Trusted origins for authentication requests. Comma-separated list of URLs. Use this to specify additional access URLs (e.g., local IP + domain: `http://10.10.20.45:4321,https://gitea-mirror.mydomain.tld`), SSO providers, reverse proxies, etc. | - | No |
 | `ENCRYPTION_SECRET` | Optional encryption key for tokens (generate with: `openssl rand -base64 48`) | - | No |
 
@@ -133,6 +134,7 @@ Control what content gets mirrored from GitHub to Gitea.
 | Variable | Description | Default | Options |
 |----------|-------------|---------|---------|
 | `MIRROR_RELEASES` | Mirror GitHub releases | `false` | `true`, `false` |
+| `RELEASE_LIMIT` | Maximum number of releases to mirror per repository | `10` | Number (1-100) |
 | `MIRROR_WIKI` | Mirror wiki content | `false` | `true`, `false` |
 | `MIRROR_METADATA` | Master toggle for metadata mirroring | `false` | `true`, `false` |
 | `MIRROR_ISSUES` | Mirror issues (requires MIRROR_METADATA=true) | `false` | `true`, `false` |
@@ -148,10 +150,29 @@ Configure automatic scheduled mirroring.
 
 | Variable | Description | Default | Options |
 |----------|-------------|---------|---------|
-| `SCHEDULE_ENABLED` | Enable automatic mirroring | `false` | `true`, `false` |
-| `SCHEDULE_INTERVAL` | Interval in seconds or cron expression | `3600` | Number or cron string (e.g., `"0 2 * * *"`) |
+| `SCHEDULE_ENABLED` | Enable automatic mirroring. **When set to `true`, automatically imports and mirrors all repositories on startup** (v3.5.3+) | `false` | `true`, `false` |
+| `SCHEDULE_INTERVAL` | Interval in seconds or cron expression. **Supports cron syntax for scheduled runs** (e.g., `"0 2 * * *"` for 2 AM daily) | `3600` | Number (seconds) or cron string |
 | `DELAY` | Legacy: same as SCHEDULE_INTERVAL | `3600` | Number (seconds) |
 
+> **🚀 Auto-Start Feature (v3.5.3+)**  
+> Setting either `SCHEDULE_ENABLED=true` or `GITEA_MIRROR_INTERVAL` triggers auto-start functionality where the service will:
+> 1. **Import** all GitHub repositories on startup
+> 2. **Mirror** them to Gitea immediately
+> 3. **Continue syncing** at the configured interval
+> 4. **Auto-discover** new repositories
+> 5. **Clean up** deleted repositories (if configured)
+> 
+> This eliminates the need for manual button clicks - perfect for Docker/Kubernetes deployments!
+
+> **⏰ Scheduling with Cron Expressions**  
+> Use cron expressions in `SCHEDULE_INTERVAL` to run at specific times:
+> - `"0 2 * * *"` - Daily at 2 AM
+> - `"0 */6 * * *"` - Every 6 hours
+> - `"0 0 * * 0"` - Weekly on Sunday at midnight
+> - `"0 3 * * 1-5"` - Weekdays at 3 AM (Monday-Friday)
+> 
+> This is useful for optimizing bandwidth usage during low-activity periods.
+
 ### Execution Settings
 
 | Variable | Description | Default | Options |
@@ -173,6 +194,7 @@ Configure automatic scheduled mirroring.
 
 | Variable | Description | Default | Options |
 |----------|-------------|---------|---------|
+| `AUTO_IMPORT_REPOS` | Automatically discover and import new GitHub repositories during scheduled syncs | `true` | `true`, `false` |
 | `SCHEDULE_ONLY_MIRROR_UPDATED` | Only mirror repos with updates | `false` | `true`, `false` |
 | `SCHEDULE_UPDATE_INTERVAL` | Check for updates interval (milliseconds) | `86400000` | Number |
 | `SCHEDULE_SKIP_RECENTLY_MIRRORED` | Skip recently mirrored repos | `true` | `true`, `false` |
@@ -205,10 +227,25 @@ Configure automatic cleanup of old events and data.
 |----------|-------------|---------|---------|
 | `CLEANUP_DELETE_FROM_GITEA` | Delete repositories from Gitea | `false` | `true`, `false` |
 | `CLEANUP_DELETE_IF_NOT_IN_GITHUB` | Delete repos not found in GitHub (automatically enables cleanup) | `true` | `true`, `false` |
-| `CLEANUP_ORPHANED_REPO_ACTION` | Action for orphaned repositories | `archive` | `skip`, `archive`, `delete` |
+| `CLEANUP_ORPHANED_REPO_ACTION` | Action for orphaned repositories. **Note**: `archive` is recommended to preserve backups | `archive` | `skip`, `archive`, `delete` |
 | `CLEANUP_DRY_RUN` | Test mode without actual deletion | `true` | `true`, `false` |
 | `CLEANUP_PROTECTED_REPOS` | Comma-separated list of protected repository names | - | Comma-separated strings |
 
+**🛡️ Safety Features (Backup Protection)**:
+- **GitHub Failures Don't Delete Backups**: Cleanup is automatically skipped if GitHub API returns errors (404, 403, connection issues)
+- **Archive Never Deletes**: The `archive` action ALWAYS preserves repository data, it never deletes
+- **Graceful Degradation**: If marking as archived fails, the repository remains fully accessible in Gitea
+- **The Purpose of Backups**: Your mirrors are preserved even when GitHub sources disappear - that's the whole point!
+
+**Archive Behavior (Aligned with Gitea API)**:
+- **Regular repositories**: Uses Gitea's native archive feature (PATCH `/repos/{owner}/{repo}` with `archived: true`)
+  - Makes repository read-only while preserving all data
+- **Mirror repositories**: Uses rename strategy (Gitea API returns 422 for archiving mirrors)
+  - Renamed with `[ARCHIVED]` prefix for clear identification
+  - Description updated with preservation notice and timestamp
+  - Mirror interval set to 8760h (1 year) to minimize sync attempts
+  - Repository remains fully accessible and cloneable
+
 ### Execution Settings
 
 | Variable | Description | Default | Options |
@@ -300,21 +337,28 @@ services:
 
 ### Multiple Access URLs
 
-To allow access to Gitea Mirror through multiple URLs (e.g., local IP and public domain), use the `BETTER_AUTH_TRUSTED_ORIGINS` variable:
+To allow access to Gitea Mirror through multiple URLs (e.g., local IP and public domain), you need to configure both server and client settings:
 
 **Example Configuration:**
 ```bash
-# Primary URL (required) - typically your public domain
+# Primary URL (required) - where the auth server is hosted
 BETTER_AUTH_URL=https://gitea-mirror.mydomain.tld
 
-# Additional access URLs (optional) - local IPs, alternate domains
+# Client-side URL (optional) - tells the browser where to send auth requests
+# Set this to your primary domain when accessing from different origins
+PUBLIC_BETTER_AUTH_URL=https://gitea-mirror.mydomain.tld
+
+# Additional trusted origins (optional) - origins allowed to make auth requests
 BETTER_AUTH_TRUSTED_ORIGINS=http://10.10.20.45:4321,http://192.168.1.100:4321
 ```
 
 This setup allows you to:
 - Access via local network IP: `http://10.10.20.45:4321`
 - Access via public domain: `https://gitea-mirror.mydomain.tld`
-- Both URLs will work for authentication and session management
+- Auth requests from the IP will be sent to the domain (via `PUBLIC_BETTER_AUTH_URL`)
+- Each origin requires separate login due to browser cookie isolation
+
+**Important:** When accessing from different origins (IP vs domain), you'll need to log in separately on each origin as cookies cannot be shared across different origins for security reasons.
 
 ### Trusted Origins
 

docs/README.md

@@ -60,7 +60,7 @@ bun run dev
 
 ## Key Features
 
-- 🔄 **Automatic Mirroring** - Keep repositories synchronized
+- 🔄 **Automatic Syncing** - Keep repositories synchronized
 - 🗂️ **Organization Support** - Mirror entire organizations
 - ⭐ **Starred Repos** - Mirror your starred repositories
 - 🔐 **Self-Hosted** - Full control over your data

drizzle/0003_open_spacker_dave.sql

@@ -0,0 +1,3 @@
+ALTER TABLE `organizations` ADD `public_repository_count` integer;--> statement-breakpoint
+ALTER TABLE `organizations` ADD `private_repository_count` integer;--> statement-breakpoint
+ALTER TABLE `organizations` ADD `fork_repository_count` integer;

drizzle/0004_grey_butterfly.sql

@@ -0,0 +1,18 @@
+CREATE TABLE `rate_limits` (
+	`id` text PRIMARY KEY NOT NULL,
+	`user_id` text NOT NULL,
+	`provider` text DEFAULT 'github' NOT NULL,
+	`limit` integer NOT NULL,
+	`remaining` integer NOT NULL,
+	`used` integer NOT NULL,
+	`reset` integer NOT NULL,
+	`retry_after` integer,
+	`status` text DEFAULT 'ok' NOT NULL,
+	`last_checked` integer NOT NULL,
+	`created_at` integer DEFAULT (unixepoch()) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch()) NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE INDEX `idx_rate_limits_user_provider` ON `rate_limits` (`user_id`,`provider`);--> statement-breakpoint
+CREATE INDEX `idx_rate_limits_status` ON `rate_limits` (`status`);

drizzle/meta/_journal.json

@@ -22,6 +22,20 @@
       "when": 1753539600567,
       "tag": "0002_bored_captain_cross",
       "breakpoints": true
+    },
+    {
+      "idx": 3,
+      "version": "6",
+      "when": 1757390828679,
+      "tag": "0003_open_spacker_dave",
+      "breakpoints": true
+    },
+    {
+      "idx": 4,
+      "version": "6",
+      "when": 1757392620734,
+      "tag": "0004_grey_butterfly",
+      "breakpoints": true
     }
   ]
 }

package.json

@@ -1,7 +1,7 @@
 {
   "name": "gitea-mirror",
   "type": "module",
-  "version": "3.4.0",
+  "version": "3.6.0",
   "engines": {
     "bun": ">=1.2.9"
   },
@@ -43,10 +43,11 @@
   },
   "dependencies": {
     "@astrojs/check": "^0.9.4",
-    "@astrojs/mdx": "4.3.4",
+    "@astrojs/mdx": "4.3.5",
     "@astrojs/node": "9.4.3",
-    "@astrojs/react": "^4.3.0",
-    "@better-auth/sso": "^1.3.7",
+    "@astrojs/react": "^4.3.1",
+    "@better-auth/sso": "^1.3.8",
+    "@octokit/plugin-throttling": "^11.0.1",
     "@octokit/rest": "^22.0.0",
     "@radix-ui/react-accordion": "^1.2.12",
     "@radix-ui/react-avatar": "^1.1.10",
@@ -57,6 +58,7 @@
     "@radix-ui/react-hover-card": "^1.1.15",
     "@radix-ui/react-label": "^2.1.7",
     "@radix-ui/react-popover": "^1.1.15",
+    "@radix-ui/react-progress": "^1.1.7",
     "@radix-ui/react-radio-group": "^1.3.8",
     "@radix-ui/react-scroll-area": "^1.2.10",
     "@radix-ui/react-select": "^2.2.6",
@@ -65,19 +67,19 @@
     "@radix-ui/react-switch": "^1.2.6",
     "@radix-ui/react-tabs": "^1.1.13",
     "@radix-ui/react-tooltip": "^1.2.8",
-    "@tailwindcss/vite": "^4.1.12",
+    "@tailwindcss/vite": "^4.1.13",
     "@tanstack/react-virtual": "^3.13.12",
     "@types/canvas-confetti": "^1.9.0",
     "@types/react": "^19.1.12",
     "@types/react-dom": "^19.1.9",
-    "astro": "^5.13.4",
+    "astro": "^5.13.6",
     "bcryptjs": "^3.0.2",
-    "better-auth": "^1.3.7",
+    "better-auth": "^1.3.9",
     "canvas-confetti": "^1.9.3",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
-    "dotenv": "^17.2.1",
+    "dotenv": "^17.2.2",
     "drizzle-orm": "^0.44.5",
     "fuse.js": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
@@ -88,10 +90,10 @@
     "react-icons": "^5.5.0",
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.3.1",
-    "tailwindcss": "^4.1.12",
-    "tw-animate-css": "^1.3.7",
+    "tailwindcss": "^4.1.13",
+    "tw-animate-css": "^1.3.8",
     "typescript": "^5.9.2",
-    "uuid": "^11.1.0",
+    "uuid": "^13.0.0",
     "vaul": "^1.1.2",
     "zod": "^4.1.5"
   },

src/components/config/AutomationSettings.tsx

@@ -122,12 +122,12 @@ export function AutomationSettings({
       
       <CardContent className="space-y-6">
         <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
-          {/* Automatic Mirroring Section */}
+          {/* Automatic Syncing Section */}
           <div className="space-y-4 p-4 border border-border rounded-lg bg-card/50">
             <div className="flex items-center justify-between">
               <h3 className="text-sm font-medium flex items-center gap-2">
                 <RefreshCw className="h-4 w-4 text-primary" />
-                Automatic Mirroring
+                Automatic Syncing
               </h3>
               {isAutoSavingSchedule && (
                 <Activity className="h-4 w-4 animate-spin text-muted-foreground" />

src/components/config/ConfigTabs.tsx

@@ -50,12 +50,12 @@ export function ConfigTabs() {
       preserveOrgStructure: false,
     },
     scheduleConfig: {
-      enabled: true, // Default to enabled
-      interval: 86400, // Default to daily (24 hours)
+      enabled: false, // Don't set defaults here - will be loaded from API
+      interval: 0, // Will be replaced with actual value from API
     },
     cleanupConfig: {
-      enabled: true, // Default to enabled
-      retentionDays: 604800, // 7 days in seconds - Default retention period
+      enabled: false, // Don't set defaults here - will be loaded from API  
+      retentionDays: 0, // Will be replaced with actual value from API
     },
     mirrorOptions: {
       mirrorReleases: false,

src/components/config/SSOSettings.tsx

@@ -372,8 +372,8 @@ export function SSOSettings() {
                       Add Provider
                     </Button>
                   </DialogTrigger>
-                  <DialogContent className="max-w-2xl">
-                    <DialogHeader>
+                  <DialogContent className="max-w-2xl max-h-[90vh] md:max-h-[85vh] lg:max-h-[90vh] overflow-hidden flex flex-col">
+                    <DialogHeader className="flex-shrink-0">
                       <DialogTitle>{editingProvider ? 'Edit SSO Provider' : 'Add SSO Provider'}</DialogTitle>
                       <DialogDescription>
                         {editingProvider 
@@ -381,14 +381,15 @@ export function SSOSettings() {
                           : 'Configure an external identity provider for user authentication'}
                       </DialogDescription>
                     </DialogHeader>
-                    <Tabs value={providerType} onValueChange={(value) => setProviderType(value as 'oidc' | 'saml')}>
-                      <TabsList className="grid w-full grid-cols-2">
-                        <TabsTrigger value="oidc">OIDC / OAuth2</TabsTrigger>
-                        <TabsTrigger value="saml">SAML 2.0</TabsTrigger>
-                      </TabsList>
-                      
-                      {/* Common Fields */}
-                      <div className="space-y-4 mt-4">
+                    <div className="flex-1 overflow-y-auto px-1 -mx-1">
+                      <Tabs value={providerType} onValueChange={(value) => setProviderType(value as 'oidc' | 'saml')}>
+                        <TabsList className="grid w-full grid-cols-2 sticky top-0 z-10 bg-background">
+                          <TabsTrigger value="oidc">OIDC / OAuth2</TabsTrigger>
+                          <TabsTrigger value="saml">SAML 2.0</TabsTrigger>
+                        </TabsList>
+                        
+                        {/* Common Fields */}
+                        <div className="space-y-4 mt-4">
                         <div className="grid grid-cols-2 gap-4">
                           <div className="space-y-2">
                             <Label htmlFor="providerId">Provider ID</Label>
@@ -569,7 +570,8 @@ export function SSOSettings() {
                         </Alert>
                       </TabsContent>
                     </Tabs>
-                    <DialogFooter>
+                    </div>
+                    <DialogFooter className="flex-shrink-0 pt-4 border-t">
                       <Button 
                         variant="outline" 
                         onClick={() => {

src/components/config/ScheduleConfigForm.tsx

@@ -83,7 +83,7 @@ export function ScheduleConfigForm({
               htmlFor="enabled"
               className="select-none ml-2 block text-sm font-medium"
             >
-              Enable Automatic Mirroring
+              Enable Automatic Syncing
             </label>
           </div>
 
@@ -93,7 +93,7 @@ export function ScheduleConfigForm({
                 htmlFor="interval"
                 className="block text-sm font-medium mb-1.5"
               >
-                Mirroring Interval
+                Sync Interval
               </label>
 
               <Select
@@ -122,7 +122,7 @@ export function ScheduleConfigForm({
               </Select>
 
               <p className="text-xs text-muted-foreground mt-1">
-                How often the mirroring process should run.
+                How often the sync process should run.
               </p>
               <div className="mt-2 p-2 bg-muted/50 rounded-md">
                 <p className="text-xs text-muted-foreground">

src/components/dashboard/Dashboard.tsx

@@ -9,6 +9,7 @@ import { apiRequest, showErrorToast } from "@/lib/utils";
 import type { DashboardApiResponse } from "@/types/dashboard";
 import { useSSE } from "@/hooks/useSEE";
 import { toast } from "sonner";
+import { useEffect as useEffectForToasts } from "react";
 import { Skeleton } from "@/components/ui/skeleton";
 import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
 import { useLiveRefresh } from "@/hooks/useLiveRefresh";
@@ -16,6 +17,46 @@ import { usePageVisibility } from "@/hooks/usePageVisibility";
 import { useConfigStatus } from "@/hooks/useConfigStatus";
 import { useNavigation } from "@/components/layout/MainLayout";
 
+// Helper function to format last sync time
+function formatLastSyncTime(date: Date | null): string {
+  if (!date) return "Never";
+  
+  const now = new Date();
+  const syncDate = new Date(date);
+  const diffMs = now.getTime() - syncDate.getTime();
+  const diffMins = Math.floor(diffMs / 60000);
+  const diffHours = Math.floor(diffMs / 3600000);
+  const diffDays = Math.floor(diffMs / 86400000);
+  
+  // Show relative time for recent syncs
+  if (diffMins < 1) return "Just now";
+  if (diffMins < 60) return `${diffMins} min ago`;
+  if (diffHours < 24) return `${diffHours} hr${diffHours === 1 ? '' : 's'} ago`;
+  if (diffDays < 7) return `${diffDays} day${diffDays === 1 ? '' : 's'} ago`;
+  
+  // For older syncs, show week count
+  const diffWeeks = Math.floor(diffDays / 7);
+  if (diffWeeks < 4) return `${diffWeeks} week${diffWeeks === 1 ? '' : 's'} ago`;
+  
+  // For even older, show month count
+  const diffMonths = Math.floor(diffDays / 30);
+  return `${diffMonths} month${diffMonths === 1 ? '' : 's'} ago`;
+}
+
+// Helper function to format full timestamp
+function formatFullTimestamp(date: Date | null): string {
+  if (!date) return "";
+  
+  return new Date(date).toLocaleString("en-US", {
+    month: "2-digit",
+    day: "2-digit",
+    year: "2-digit",
+    hour: "2-digit",
+    minute: "2-digit",
+    hour12: true
+  }).replace(',', '');
+}
+
 export function Dashboard() {
   const { user } = useAuth();
   const { registerRefreshCallback } = useLiveRefresh();
@@ -65,6 +106,51 @@ export function Dashboard() {
     onMessage: handleNewMessage,
   });
 
+  // Setup rate limit event listener for toast notifications
+  useEffectForToasts(() => {
+    if (!user?.id) return;
+
+    const eventSource = new EventSource(`/api/events?userId=${user.id}`);
+    
+    eventSource.addEventListener("rate-limit", (event) => {
+      try {
+        const data = JSON.parse(event.data);
+        
+        switch (data.type) {
+          case "warning":
+            // 80% threshold warning
+            toast.warning("GitHub API Rate Limit Warning", {
+              description: data.message,
+              duration: 8000,
+            });
+            break;
+            
+          case "exceeded":
+            // 100% rate limit exceeded
+            toast.error("GitHub API Rate Limit Exceeded", {
+              description: data.message,
+              duration: 10000,
+            });
+            break;
+            
+          case "resumed":
+            // Rate limit reset notification
+            toast.success("Rate Limit Reset", {
+              description: "API operations have resumed.",
+              duration: 5000,
+            });
+            break;
+        }
+      } catch (error) {
+        console.error("Error parsing rate limit event:", error);
+      }
+    });
+
+    return () => {
+      eventSource.close();
+    };
+  }, [user?.id]);
+
   // Extract fetchDashboardData as a stable callback
   const fetchDashboardData = useCallback(async (showToast = false) => {
     try {
@@ -236,19 +322,9 @@ export function Dashboard() {
         />
         <StatusCard
           title="Last Sync"
-          value={
-            lastSync
-              ? new Date(lastSync).toLocaleString("en-US", {
-                  month: "2-digit",
-                  day: "2-digit",
-                  year: "2-digit",
-                  hour: "2-digit",
-                  minute: "2-digit",
-                })
-              : "N/A"
-          }
+          value={formatLastSyncTime(lastSync)}
           icon={<Clock className="h-4 w-4" />}
-          description="Last successful sync"
+          description={formatFullTimestamp(lastSync)}
         />
       </div>
 

src/components/layout/Header.tsx

@@ -7,7 +7,7 @@ import { toast } from "sonner";
 import { Skeleton } from "@/components/ui/skeleton";
 import { useLiveRefresh } from "@/hooks/useLiveRefresh";
 import { useConfigStatus } from "@/hooks/useConfigStatus";
-import { Menu, LogOut } from "lucide-react";
+import { Menu, LogOut, PanelRightOpen, PanelRightClose } from "lucide-react";
 import {
   DropdownMenu,
   DropdownMenuContent,
@@ -19,9 +19,12 @@ interface HeaderProps {
   currentPage?: "dashboard" | "repositories" | "organizations" | "configuration" | "activity-log";
   onNavigate?: (page: string) => void;
   onMenuClick: () => void;
+  onToggleCollapse?: () => void;
+  isSidebarCollapsed?: boolean;
+  isSidebarOpen?: boolean;
 }
 
-export function Header({ currentPage, onNavigate, onMenuClick }: HeaderProps) {
+export function Header({ currentPage, onNavigate, onMenuClick, onToggleCollapse, isSidebarCollapsed, isSidebarOpen }: HeaderProps) {
   const { user, logout, isLoading } = useAuth();
   const { isLiveEnabled, toggleLive } = useLiveRefresh();
   const { isFullyConfigured, isLoading: configLoading } = useConfigStatus();
@@ -63,18 +66,38 @@ export function Header({ currentPage, onNavigate, onMenuClick }: HeaderProps) {
   return (
     <header className="border-b bg-background">
       <div className="flex h-[4.5rem] items-center justify-between px-4 sm:px-6">
-        <div className="flex items-center gap-2">
-          {/* Hamburger Menu Button - Mobile Only */}
+        <div className="flex items-center lg:gap-12 md:gap-6 gap-4">
+          {/* Sidebar Toggle - Mobile uses slide-in, Medium uses collapse */}
           <Button
             variant="outline"
-            size="lg"
-            className="lg:hidden"
+            size="icon"
+            className="md:hidden h-10 w-10"
             onClick={onMenuClick}
           >
-            <Menu className="h-5 w-5" />
+            {isSidebarOpen ? (
+              <PanelRightOpen className="h-5 w-5" />
+            ) : (
+              <PanelRightClose className="h-5 w-5" />
+            )}
             <span className="sr-only">Toggle menu</span>
           </Button>
           
+          {/* Sidebar Collapse Toggle - Only on medium screens (768px - 1280px) */}
+          <Button
+            variant="ghost"
+            size="icon"
+            className="hidden md:flex xl:hidden h-10 w-10"
+            onClick={onToggleCollapse}
+            title={isSidebarCollapsed ? "Expand sidebar" : "Collapse sidebar"}
+          >
+            {isSidebarCollapsed ? (
+              <PanelRightClose className="h-5 w-5" />
+            ) : (
+              <PanelRightOpen className="h-5 w-5" />
+            )}
+            <span className="sr-only">Toggle sidebar</span>
+          </Button>
+          
           <button
             onClick={() => {
               if (currentPage !== 'dashboard') {

src/components/layout/MainLayout.tsx

@@ -45,6 +45,13 @@ function AppWithProviders({ page: initialPage }: AppProps) {
   const [currentPage, setCurrentPage] = useState<AppProps['page']>(initialPage);
   const [navigationKey, setNavigationKey] = useState(0);
   const [sidebarOpen, setSidebarOpen] = useState(false);
+  const [sidebarCollapsed, setSidebarCollapsed] = useState(() => {
+    // Check if we're on medium screens (768px - 1280px)
+    if (typeof window !== 'undefined') {
+      return window.innerWidth >= 768 && window.innerWidth < 1280;
+    }
+    return false;
+  });
 
   useRepoSync({
     userId: user?.id,
@@ -83,6 +90,23 @@ function AppWithProviders({ page: initialPage }: AppProps) {
     return () => window.removeEventListener('popstate', handlePopState);
   }, []);
 
+  // Handle window resize to auto-collapse sidebar on medium screens
+  useEffect(() => {
+    const handleResize = () => {
+      const width = window.innerWidth;
+      // Auto-collapse on medium screens (768px - 1280px)
+      if (width >= 768 && width < 1280) {
+        setSidebarCollapsed(true);
+      } else if (width >= 1280) {
+        // Expand on large screens
+        setSidebarCollapsed(false);
+      }
+    };
+
+    window.addEventListener('resize', handleResize);
+    return () => window.removeEventListener('resize', handleResize);
+  }, []);
+
   // Show loading state only during initial auth/config loading
   const isInitialLoading = authLoading || (configLoading && !user);
 
@@ -113,14 +137,21 @@ function AppWithProviders({ page: initialPage }: AppProps) {
           currentPage={currentPage} 
           onNavigate={handleNavigation} 
           onMenuClick={() => setSidebarOpen(!sidebarOpen)}
+          onToggleCollapse={() => setSidebarCollapsed(!sidebarCollapsed)}
+          isSidebarCollapsed={sidebarCollapsed}
+          isSidebarOpen={sidebarOpen}
         />
         <div className="flex flex-1 relative">
           <Sidebar 
             onNavigate={handleNavigation} 
             isOpen={sidebarOpen}
+            isCollapsed={sidebarCollapsed}
             onClose={() => setSidebarOpen(false)}
+            onToggleCollapse={() => setSidebarCollapsed(!sidebarCollapsed)}
           />
-          <section className="flex-1 p-4 sm:p-6 overflow-y-auto h-[calc(100dvh-4.55rem)] w-full lg:w-[calc(100%-16rem)]">
+          <section className={`flex-1 p-4 sm:p-6 overflow-y-auto h-[calc(100dvh-4.55rem)] w-full transition-all duration-200 ${
+            sidebarCollapsed ? 'md:w-[calc(100%-5rem)] xl:w-[calc(100%-16rem)]' : 'md:w-[calc(100%-16rem)]'
+          }`}>
             {currentPage === "dashboard" && <Dashboard />}
             {currentPage === "repositories" && <Repository />}
             {currentPage === "organizations" && <Organization />}

src/components/layout/Sidebar.tsx

@@ -3,15 +3,23 @@ import { cn } from "@/lib/utils";
 import { ExternalLink } from "lucide-react";
 import { links } from "@/data/Sidebar";
 import { VersionInfo } from "./VersionInfo";
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@/components/ui/tooltip";
 
 interface SidebarProps {
   className?: string;
   onNavigate?: (page: string) => void;
   isOpen: boolean;
+  isCollapsed?: boolean;
   onClose: () => void;
+  onToggleCollapse?: () => void;
 }
 
-export function Sidebar({ className, onNavigate, isOpen, onClose }: SidebarProps) {
+export function Sidebar({ className, onNavigate, isOpen, isCollapsed = false, onClose, onToggleCollapse }: SidebarProps) {
   const [currentPath, setCurrentPath] = useState<string>("");
 
   useEffect(() => {
@@ -53,7 +61,7 @@ export function Sidebar({ className, onNavigate, isOpen, onClose }: SidebarProps
     onNavigate?.(pageName);
     
     // Close sidebar on mobile after navigation
-    if (window.innerWidth < 1024) {
+    if (window.innerWidth < 768) {
       onClose();
     }
   };
@@ -63,7 +71,7 @@ export function Sidebar({ className, onNavigate, isOpen, onClose }: SidebarProps
       {/* Mobile Backdrop */}
       {isOpen && (
         <div
-          className="fixed inset-0 backdrop-blur-sm z-40 lg:hidden"
+          className="fixed inset-0 backdrop-blur-sm z-40 md:hidden"
           onClick={onClose}
         />
       )}
@@ -71,54 +79,126 @@ export function Sidebar({ className, onNavigate, isOpen, onClose }: SidebarProps
       {/* Sidebar */}
       <aside 
         className={cn(
-          "fixed lg:static inset-y-0 left-0 z-50 w-64 bg-background border-r flex flex-col h-full lg:h-[calc(100vh-4.5rem)] transition-transform duration-200 ease-in-out lg:translate-x-0",
+          "fixed md:static inset-y-0 left-0 z-50 bg-background border-r flex flex-col h-full md:h-[calc(100vh-4.5rem)] transition-all duration-200 ease-in-out md:translate-x-0",
           isOpen ? "translate-x-0" : "-translate-x-full",
+          isCollapsed ? "md:w-20 xl:w-64" : "w-64",
           className
         )}
       >
         <div className="flex flex-col h-full">
-          <nav className="flex flex-col gap-y-1 lg:gap-y-1 pl-2 pr-3 pt-4 flex-shrink-0">
+          <nav className={cn(
+            "flex flex-col pt-4 flex-shrink-0",
+            isCollapsed 
+              ? "md:gap-y-2 md:items-center md:px-2 xl:gap-y-1 xl:items-stretch xl:pl-2 xl:pr-3 gap-y-1 pl-2 pr-3" 
+              : "gap-y-1 pl-2 pr-3"
+          )}>
             {links.map((link, index) => {
               const isActive = currentPath === link.href;
               const Icon = link.icon;
-
-              return (
+              
+              const button = (
                 <button
                   key={index}
                   onClick={(e) => handleNavigation(link.href, e)}
                   className={cn(
-                    "flex items-center gap-3 rounded-md px-3 py-3 lg:py-2 text-sm lg:text-sm font-medium transition-colors w-full text-left",
+                    "flex items-center rounded-md text-sm font-medium transition-colors w-full",
+                    isCollapsed 
+                      ? "md:h-12 md:w-12 md:justify-center md:p-0 xl:h-auto xl:w-full xl:justify-start xl:px-3 xl:py-2 h-auto px-3 py-3" 
+                      : "px-3 py-3 md:py-2",
                     isActive
                       ? "bg-primary text-primary-foreground"
                       : "text-muted-foreground hover:bg-accent hover:text-accent-foreground"
                   )}
                 >
-                  <Icon className="h-5 w-5 lg:h-4 lg:w-4" />
-                  {link.label}
+                  <Icon className={cn(
+                    "flex-shrink-0",
+                    isCollapsed 
+                      ? "md:h-5 md:w-5 md:mr-0 xl:h-4 xl:w-4 xl:mr-3 h-5 w-5 mr-3" 
+                      : "h-5 w-5 md:h-4 md:w-4 mr-3"
+                  )} />
+                  <span className={cn(
+                    "transition-all duration-200",
+                    isCollapsed ? "md:hidden xl:inline" : "inline"
+                  )}>
+                    {link.label}
+                  </span>
                 </button>
               );
+
+              // Wrap in tooltip when collapsed on medium screens
+              if (isCollapsed) {
+                return (
+                  <TooltipProvider key={index}>
+                    <Tooltip delayDuration={0}>
+                      <TooltipTrigger asChild>
+                        {button}
+                      </TooltipTrigger>
+                      <TooltipContent side="right" className="hidden md:block xl:hidden">
+                        {link.label}
+                      </TooltipContent>
+                    </Tooltip>
+                  </TooltipProvider>
+                );
+              }
+
+              return button;
             })}
           </nav>
 
           <div className="flex-1 min-h-0" />
 
-          <div className="px-4 py-4 flex-shrink-0">
-            <div className="rounded-md bg-muted p-3 lg:p-3">
-              <h4 className="text-sm font-medium mb-2">Need Help?</h4>
-              <p className="text-xs text-muted-foreground mb-3 lg:mb-2">
-                Check out the documentation for help with setup and configuration.
-              </p>
-              <a
-                href="/docs"
-                target="_blank"
-                rel="noopener noreferrer"
-                className="inline-flex items-center gap-1.5 text-xs lg:text-xs text-primary hover:underline py-2 lg:py-0"
-              >
-                Documentation
-                <ExternalLink className="h-3.5 w-3.5 lg:h-3 lg:w-3" />
-              </a>
+          <div className={cn(
+            "py-4 flex-shrink-0",
+            isCollapsed ? "md:px-2 xl:px-4 px-4" : "px-4"
+          )}>
+            <div className={cn(
+              "rounded-md bg-muted transition-all duration-200",
+              isCollapsed ? "md:p-0 xl:p-3 p-3" : "p-3"
+            )}>
+              <div className={cn(
+                isCollapsed ? "md:hidden xl:block" : "block"
+              )}>
+                <h4 className="text-sm font-medium mb-2">Need Help?</h4>
+                <p className="text-xs text-muted-foreground mb-3 md:mb-2">
+                  Check out the documentation for help with setup and configuration.
+                </p>
+                <a
+                  href="/docs"
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="inline-flex items-center gap-1.5 text-xs md:text-xs text-primary hover:underline py-2 md:py-0"
+                >
+                  Documentation
+                  <ExternalLink className="h-3.5 w-3.5 md:h-3 md:w-3" />
+                </a>
+              </div>
+              {/* Icon-only help button for collapsed state on medium screens */}
+              <TooltipProvider>
+                <Tooltip delayDuration={0}>
+                  <TooltipTrigger asChild>
+                    <a
+                      href="/docs"
+                      target="_blank"
+                      rel="noopener noreferrer"
+                      className={cn(
+                        "flex items-center justify-center rounded-md hover:bg-accent transition-colors",
+                        isCollapsed ? "md:h-12 md:w-12 xl:hidden hidden" : "hidden"
+                      )}
+                    >
+                      <ExternalLink className="h-5 w-5" />
+                    </a>
+                  </TooltipTrigger>
+                  <TooltipContent side="right">
+                    Documentation
+                  </TooltipContent>
+                </Tooltip>
+              </TooltipProvider>
+            </div>
+            <div className={cn(
+              isCollapsed ? "md:hidden xl:block" : "block"
+            )}>
+              <VersionInfo />
             </div>
-            <VersionInfo />
           </div>
         </div>
       </aside>

src/components/organizations/OrganizationsList.tsx

@@ -228,17 +228,17 @@ export function OrganizationList({
                     {(() => {
                       const parts = [];
                       if (org.publicRepositoryCount && org.publicRepositoryCount > 0) {
-                        parts.push(`${org.publicRepositoryCount}pub`);
+                        parts.push(`${org.publicRepositoryCount} pub`);
                       }
                       if (org.privateRepositoryCount && org.privateRepositoryCount > 0) {
-                        parts.push(`${org.privateRepositoryCount}priv`);
+                        parts.push(`${org.privateRepositoryCount} priv`);
                       }
                       if (org.forkRepositoryCount && org.forkRepositoryCount > 0) {
-                        parts.push(`${org.forkRepositoryCount}fork`);
+                        parts.push(`${org.forkRepositoryCount} fork`);
                       }
                       
                       return parts.length > 0 ? (
-                        <span className="ml-1">({parts.join('/')})</span>
+                        <span className="ml-1">({parts.join(' | ')})</span>
                       ) : null;
                     })()}
                   </div>

src/components/repositories/RepositoryTable.tsx

@@ -5,7 +5,7 @@ import { FlipHorizontal, GitFork, RefreshCw, RotateCcw, Star, Lock, Ban, Check,
 import { SiGithub, SiGitea } from "react-icons/si";
 import type { Repository } from "@/lib/db/schema";
 import { Button } from "@/components/ui/button";
-import { formatDate, getStatusColor } from "@/lib/utils";
+import { formatDate, formatLastSyncTime, getStatusColor } from "@/lib/utils";
 import type { FilterParams } from "@/types/filter";
 import { Skeleton } from "@/components/ui/skeleton";
 import { useGiteaConfig } from "@/hooks/useGiteaConfig";
@@ -242,7 +242,7 @@ export default function RepositoryTable({
                   {repo.status}
                 </Badge>
                 <span className="text-xs text-muted-foreground">
-                  {repo.lastMirrored ? formatDate(repo.lastMirrored) : "Never mirrored"}
+                  {formatLastSyncTime(repo.lastMirrored)}
                 </span>
               </div>
             </div>
@@ -410,7 +410,7 @@ export default function RepositoryTable({
           <div className="h-full p-3 flex items-center justify-center flex-[0.3]">
             <Skeleton className="h-4 w-4" />
           </div>
-          <div className="h-full p-3 text-sm font-medium flex-[2.5]">
+          <div className="h-full py-3 text-sm font-medium flex-[2.3]">
             Repository
           </div>
           <div className="h-full p-3 text-sm font-medium flex-[1]">Owner</div>
@@ -437,7 +437,7 @@ export default function RepositoryTable({
             <div className="h-full p-3 flex items-center justify-center flex-[0.3]">
               <Skeleton className="h-4 w-4" />
             </div>
-            <div className="h-full p-3 flex-[2.5]">
+            <div className="h-full p-3 flex-[2.3]">
               <Skeleton className="h-5 w-48" />
               <Skeleton className="h-3 w-24 mt-1" />
             </div>
@@ -530,7 +530,7 @@ export default function RepositoryTable({
                   aria-label="Select all repositories"
                 />
               </div>
-              <div className="h-full p-3 text-sm font-medium flex-[2.5]">
+              <div className="h-full py-3 text-sm font-medium flex-[2.3]">
                 Repository
               </div>
               <div className="h-full p-3 text-sm font-medium flex-[1]">Owner</div>
@@ -588,7 +588,7 @@ export default function RepositoryTable({
                       </div>
 
                       {/* Repository */}
-                      <div className="h-full py-3 flex items-center gap-2 flex-[2.5]">
+                      <div className="h-full py-3 flex items-center gap-2 flex-[2.3]">
                         <div className="flex-1">
                           <div className="font-medium flex items-center gap-1">
                             {repo.name}
@@ -629,9 +629,7 @@ export default function RepositoryTable({
                       {/* Last Mirrored */}
                       <div className="h-full p-3 flex items-center flex-[1]">
                         <p className="text-sm">
-                          {repo.lastMirrored
-                            ? formatDate(new Date(repo.lastMirrored))
-                            : "Never"}
+                          {formatLastSyncTime(repo.lastMirrored)}
                         </p>
                       </div>
 

src/components/ui/progress.tsx

@@ -0,0 +1,30 @@
+import * as React from "react"
+import * as ProgressPrimitive from "@radix-ui/react-progress"
+
+import { cn } from "@/lib/utils"
+
+interface ProgressProps extends React.ComponentPropsWithoutRef<typeof ProgressPrimitive.Root> {
+  indicatorClassName?: string
+}
+
+const Progress = React.forwardRef<
+  React.ElementRef<typeof ProgressPrimitive.Root>,
+  ProgressProps
+>(({ className, value, indicatorClassName, ...props }, ref) => (
+  <ProgressPrimitive.Root
+    ref={ref}
+    className={cn(
+      "relative h-4 w-full overflow-hidden rounded-full bg-secondary",
+      className
+    )}
+    {...props}
+  >
+    <ProgressPrimitive.Indicator
+      className={cn("h-full w-full flex-1 bg-primary transition-all", indicatorClassName)}
+      style={{ transform: `translateX(-${100 - (value || 0)}%)` }}
+    />
+  </ProgressPrimitive.Root>
+))
+Progress.displayName = ProgressPrimitive.Root.displayName
+
+export { Progress }

src/lib/auth-client.ts

@@ -4,9 +4,35 @@ import { ssoClient } from "@better-auth/sso/client";
 import type { Session as BetterAuthSession, User as BetterAuthUser } from "better-auth";
 
 export const authClient = createAuthClient({
-  // The base URL is optional when running on the same domain
-  // Better Auth will use the current domain by default
-  baseURL: typeof window !== 'undefined' ? window.location.origin : 'http://localhost:4321',
+  // Use PUBLIC_BETTER_AUTH_URL if set (for multi-origin access), otherwise use current origin
+  // This allows the client to connect to the auth server even when accessed from different origins
+  baseURL: (() => {
+    let url: string | undefined;
+    
+    // Check for public environment variable first (for client-side access)
+    if (typeof import.meta !== 'undefined' && import.meta.env?.PUBLIC_BETTER_AUTH_URL) {
+      url = import.meta.env.PUBLIC_BETTER_AUTH_URL;
+    }
+    
+    // Validate and clean the URL if provided
+    if (url && typeof url === 'string' && url.trim() !== '') {
+      try {
+        // Validate URL format and remove trailing slash
+        const validatedUrl = new URL(url.trim());
+        return validatedUrl.origin; // Use origin to ensure clean URL without path
+      } catch (e) {
+        console.warn(`Invalid PUBLIC_BETTER_AUTH_URL: ${url}, falling back to default`);
+      }
+    }
+    
+    // Fall back to current origin if running in browser
+    if (typeof window !== 'undefined' && window.location?.origin) {
+      return window.location.origin;
+    }
+    
+    // Default for SSR - always return a valid URL
+    return 'http://localhost:4321';
+  })(),
   basePath: '/api/auth', // Explicitly set the base path
   plugins: [
     oidcClient(),

src/lib/auth.ts

@@ -19,42 +19,71 @@ export const auth = betterAuth({
 
   // Base URL configuration - use the primary URL (Better Auth only supports single baseURL)
   baseURL: (() => {
-    const url = process.env.BETTER_AUTH_URL || "http://localhost:4321";
+    const url = process.env.BETTER_AUTH_URL;
+    const defaultUrl = "http://localhost:4321";
+    
+    // Check if URL is provided and not empty
+    if (!url || typeof url !== 'string' || url.trim() === '') {
+      console.info('BETTER_AUTH_URL not set, using default:', defaultUrl);
+      return defaultUrl;
+    }
+    
     try {
-      // Validate URL format
-      new URL(url);
-      return url;
-    } catch {
-      console.warn(`Invalid BETTER_AUTH_URL: ${url}, falling back to localhost`);
-      return "http://localhost:4321";
+      // Validate URL format and ensure it's a proper origin
+      const validatedUrl = new URL(url.trim());
+      const cleanUrl = validatedUrl.origin; // Use origin to ensure no trailing paths
+      console.info('Using BETTER_AUTH_URL:', cleanUrl);
+      return cleanUrl;
+    } catch (e) {
+      console.error(`Invalid BETTER_AUTH_URL format: "${url}"`);
+      console.error('Error:', e);
+      console.info('Falling back to default:', defaultUrl);
+      return defaultUrl;
     }
   })(),
   basePath: "/api/auth", // Specify the base path for auth endpoints
   
   // Trusted origins - this is how we support multiple access URLs
   trustedOrigins: (() => {
-    const origins = [
+    const origins: string[] = [
       "http://localhost:4321",
       "http://localhost:8080", // Keycloak
     ];
     
     // Add the primary URL from BETTER_AUTH_URL
-    const primaryUrl = process.env.BETTER_AUTH_URL || "http://localhost:4321";
-    try {
-      new URL(primaryUrl);
-      origins.push(primaryUrl);
-    } catch {
-      // Skip if invalid
+    const primaryUrl = process.env.BETTER_AUTH_URL;
+    if (primaryUrl && typeof primaryUrl === 'string' && primaryUrl.trim() !== '') {
+      try {
+        const validatedUrl = new URL(primaryUrl.trim());
+        origins.push(validatedUrl.origin);
+      } catch {
+        // Skip if invalid
+      }
     }
     
     // Add additional trusted origins from environment
     // This is where users can specify multiple access URLs
     if (process.env.BETTER_AUTH_TRUSTED_ORIGINS) {
-      origins.push(...process.env.BETTER_AUTH_TRUSTED_ORIGINS.split(',').map(o => o.trim()));
+      const additionalOrigins = process.env.BETTER_AUTH_TRUSTED_ORIGINS
+        .split(',')
+        .map(o => o.trim())
+        .filter(o => o !== '');
+      
+      // Validate each additional origin
+      for (const origin of additionalOrigins) {
+        try {
+          const validatedUrl = new URL(origin);
+          origins.push(validatedUrl.origin);
+        } catch {
+          console.warn(`Invalid trusted origin: ${origin}, skipping`);
+        }
+      }
     }
     
-    // Remove duplicates and return
-    return [...new Set(origins.filter(Boolean))];
+    // Remove duplicates and empty strings, then return
+    const uniqueOrigins = [...new Set(origins.filter(Boolean))];
+    console.info('Trusted origins:', uniqueOrigins);
+    return uniqueOrigins;
   })(),
 
   // Authentication methods

src/lib/db/index.ts

@@ -82,5 +82,6 @@ export {
   oauthApplications,
   oauthAccessTokens,
   oauthConsent,
-  ssoProviders
+  ssoProviders,
+  rateLimits
 } from "./schema";

src/lib/db/schema.ts

@@ -445,6 +445,9 @@ export const organizations = sqliteTable("organizations", {
   errorMessage: text("error_message"),
 
   repositoryCount: integer("repository_count").notNull().default(0),
+  publicRepositoryCount: integer("public_repository_count"),
+  privateRepositoryCount: integer("private_repository_count"),
+  forkRepositoryCount: integer("fork_repository_count"),
 
   createdAt: integer("created_at", { mode: "timestamp" })
     .notNull()
@@ -623,10 +626,52 @@ export const ssoProviders = sqliteTable("sso_providers", {
   index("idx_sso_providers_issuer").on(table.issuer),
 ]);
 
+// ===== Rate Limit Tracking =====
+
+export const rateLimitSchema = z.object({
+  id: z.string(),
+  userId: z.string(),
+  provider: z.enum(["github", "gitea"]).default("github"),
+  limit: z.number(),
+  remaining: z.number(),
+  used: z.number(),
+  reset: z.coerce.date(),
+  retryAfter: z.number().optional(), // seconds to wait
+  status: z.enum(["ok", "warning", "limited", "exceeded"]).default("ok"),
+  lastChecked: z.coerce.date(),
+  createdAt: z.coerce.date(),
+  updatedAt: z.coerce.date(),
+});
+
+export const rateLimits = sqliteTable("rate_limits", {
+  id: text("id").primaryKey(),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id),
+  provider: text("provider").notNull().default("github"),
+  limit: integer("limit").notNull(),
+  remaining: integer("remaining").notNull(),
+  used: integer("used").notNull(),
+  reset: integer("reset", { mode: "timestamp" }).notNull(),
+  retryAfter: integer("retry_after"), // seconds to wait
+  status: text("status").notNull().default("ok"),
+  lastChecked: integer("last_checked", { mode: "timestamp" }).notNull(),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .default(sql`(unixepoch())`),
+  updatedAt: integer("updated_at", { mode: "timestamp" })
+    .notNull()
+    .default(sql`(unixepoch())`),
+}, (table) => [
+  index("idx_rate_limits_user_provider").on(table.userId, table.provider),
+  index("idx_rate_limits_status").on(table.status),
+]);
+
 // Export type definitions
 export type User = z.infer<typeof userSchema>;
 export type Config = z.infer<typeof configSchema>;
 export type Repository = z.infer<typeof repositorySchema>;
 export type MirrorJob = z.infer<typeof mirrorJobSchema>;
 export type Organization = z.infer<typeof organizationSchema>;
-export type Event = z.infer<typeof eventSchema>;
+export type Event = z.infer<typeof eventSchema>;
+export type RateLimit = z.infer<typeof rateLimitSchema>;

src/lib/env-config-loader.ts

@@ -133,6 +133,7 @@ function parseEnvConfig(): EnvConfig {
       mirrorLabels: process.env.MIRROR_LABELS === 'true',
       mirrorMilestones: process.env.MIRROR_MILESTONES === 'true',
       mirrorMetadata: process.env.MIRROR_METADATA === 'true',
+      releaseLimit: process.env.RELEASE_LIMIT ? parseInt(process.env.RELEASE_LIMIT, 10) : undefined,
     },
     schedule: {
       enabled: process.env.SCHEDULE_ENABLED === 'true' || 
@@ -271,6 +272,7 @@ export async function initializeConfigFromEnv(): Promise<void> {
       forkStrategy: envConfig.gitea.forkStrategy || existingConfig?.[0]?.giteaConfig?.forkStrategy || 'reference',
       // Mirror metadata options
       mirrorReleases: envConfig.mirror.mirrorReleases ?? existingConfig?.[0]?.giteaConfig?.mirrorReleases ?? false,
+      releaseLimit: envConfig.mirror.releaseLimit ?? existingConfig?.[0]?.giteaConfig?.releaseLimit ?? 10,
       mirrorMetadata: envConfig.mirror.mirrorMetadata ?? (envConfig.mirror.mirrorIssues || envConfig.mirror.mirrorPullRequests || envConfig.mirror.mirrorLabels || envConfig.mirror.mirrorMilestones) ?? existingConfig?.[0]?.giteaConfig?.mirrorMetadata ?? false,
       mirrorIssues: envConfig.mirror.mirrorIssues ?? existingConfig?.[0]?.giteaConfig?.mirrorIssues ?? false,
       mirrorPullRequests: envConfig.mirror.mirrorPullRequests ?? existingConfig?.[0]?.giteaConfig?.mirrorPullRequests ?? false,
@@ -299,6 +301,7 @@ export async function initializeConfigFromEnv(): Promise<void> {
       updateInterval: envConfig.schedule.updateInterval ?? existingConfig?.[0]?.scheduleConfig?.updateInterval ?? 86400000,
       skipRecentlyMirrored: envConfig.schedule.skipRecentlyMirrored ?? existingConfig?.[0]?.scheduleConfig?.skipRecentlyMirrored ?? true,
       recentThreshold: envConfig.schedule.recentThreshold ?? existingConfig?.[0]?.scheduleConfig?.recentThreshold ?? 3600000,
+      autoImport: process.env.AUTO_IMPORT_REPOS !== 'false', // New field for auto-importing new repositories
       lastRun: existingConfig?.[0]?.scheduleConfig?.lastRun || undefined,
       nextRun: existingConfig?.[0]?.scheduleConfig?.nextRun || undefined,
     };

src/lib/gitea-enhanced.ts

@@ -10,7 +10,7 @@ import type { Config } from "@/types/config";
 import type { Repository } from "./db/schema";
 import { createMirrorJob } from "./helpers";
 import { decryptConfigTokens } from "./utils/config-encryption";
-import { httpPost, httpGet, HttpError } from "./http-client";
+import { httpPost, httpGet, httpPatch, HttpError } from "./http-client";
 import { db, repositories } from "./db";
 import { eq } from "drizzle-orm";
 import { repoStatusEnum } from "@/types/Repository";
@@ -299,6 +299,23 @@ export async function syncGiteaRepoEnhanced({
       throw new Error(`Repository ${repository.name} is not a mirror. Cannot sync.`);
     }
 
+    // Update mirror interval if needed
+    if (config.giteaConfig?.mirrorInterval) {
+      try {
+        console.log(`[Sync] Updating mirror interval for ${repository.name} to ${config.giteaConfig.mirrorInterval}`);
+        const updateUrl = `${config.giteaConfig.url}/api/v1/repos/${repoOwner}/${repository.name}`;
+        await httpPatch(updateUrl, {
+          mirror_interval: config.giteaConfig.mirrorInterval,
+        }, {
+          Authorization: `token ${decryptedConfig.giteaConfig.token}`,
+        });
+        console.log(`[Sync] Successfully updated mirror interval for ${repository.name}`);
+      } catch (updateError) {
+        console.warn(`[Sync] Failed to update mirror interval for ${repository.name}:`, updateError);
+        // Continue with sync even if interval update fails
+      }
+    }
+
     // Perform the sync
     const apiUrl = `${config.giteaConfig.url}/api/v1/repos/${repoOwner}/${repository.name}/mirror-sync`;
 

src/lib/gitea.ts

@@ -7,7 +7,7 @@ import { membershipRoleEnum } from "@/types/organizations";
 import { Octokit } from "@octokit/rest";
 import type { Config } from "@/types/config";
 import type { Organization, Repository } from "./db/schema";
-import { httpPost, httpGet, httpDelete, httpPut } from "./http-client";
+import { httpPost, httpGet, httpDelete, httpPut, httpPatch } from "./http-client";
 import { createMirrorJob } from "./helpers";
 import { db, organizations, repositories } from "./db";
 import { eq, and } from "drizzle-orm";
@@ -417,6 +417,7 @@ export const mirrorGithubRepoToGitea = async ({
         clone_addr: cloneAddress,
         repo_name: repository.name,
         mirror: true,
+        mirror_interval: config.giteaConfig?.mirrorInterval || "8h", // Set mirror interval
         wiki: config.giteaConfig?.wiki || false, // will mirror wiki if it exists
         lfs: config.giteaConfig?.lfs || false, // Enable LFS mirroring if configured
         private: repository.isPrivate,
@@ -711,6 +712,7 @@ export async function mirrorGitHubRepoToGiteaOrg({
         uid: giteaOrgId,
         repo_name: repository.name,
         mirror: true,
+        mirror_interval: config.giteaConfig?.mirrorInterval || "8h", // Set mirror interval
         wiki: config.giteaConfig?.wiki || false, // will mirror wiki if it exists
         lfs: config.giteaConfig?.lfs || false, // Enable LFS mirroring if configured
         private: repository.isPrivate,
@@ -1433,20 +1435,54 @@ export async function mirrorGitHubReleasesToGitea({
         }
       ).catch(() => null);
 
+      const releaseNote = release.body || "";
+      
       if (existingReleasesResponse) {
-        console.log(`[Releases] Release ${release.tag_name} already exists, skipping`);
-        skippedCount++;
+        // Update existing release if the changelog/body differs
+        const existingRelease = existingReleasesResponse.data;
+        const existingNote = existingRelease.body || "";
+        
+        if (existingNote !== releaseNote || existingRelease.name !== (release.name || release.tag_name)) {
+          console.log(`[Releases] Updating existing release ${release.tag_name} with new changelog/title`);
+          
+          await httpPut(
+            `${config.giteaConfig.url}/api/v1/repos/${repoOwner}/${repository.name}/releases/${existingRelease.id}`,
+            {
+              tag_name: release.tag_name,
+              target: release.target_commitish,
+              title: release.name || release.tag_name,
+              body: releaseNote,
+              draft: release.draft,
+              prerelease: release.prerelease,
+            },
+            {
+              Authorization: `token ${decryptedConfig.giteaConfig.token}`,
+            }
+          );
+          
+          if (releaseNote) {
+            console.log(`[Releases] Updated changelog for ${release.tag_name} (${releaseNote.length} characters)`);
+          }
+          mirroredCount++;
+        } else {
+          console.log(`[Releases] Release ${release.tag_name} already up-to-date, skipping`);
+          skippedCount++;
+        }
         continue;
       }
 
-      // Create the release
+      // Create new release with changelog/body content
+      if (releaseNote) {
+        console.log(`[Releases] Including changelog for ${release.tag_name} (${releaseNote.length} characters)`);
+      }
+      
       const createReleaseResponse = await httpPost(
         `${config.giteaConfig.url}/api/v1/repos/${repoOwner}/${repository.name}/releases`,
         {
           tag_name: release.tag_name,
           target: release.target_commitish,
           title: release.name || release.tag_name,
-          note: release.body || "",
+          body: releaseNote,
           draft: release.draft,
           prerelease: release.prerelease,
         },
@@ -1505,13 +1541,14 @@ export async function mirrorGitHubReleasesToGitea({
       }
       
       mirroredCount++;
-      console.log(`[Releases] Successfully mirrored release: ${release.tag_name}`);
+      const noteInfo = releaseNote ? ` with ${releaseNote.length} character changelog` : " without changelog";
+      console.log(`[Releases] Successfully mirrored release: ${release.tag_name}${noteInfo}`);
     } catch (error) {
       console.error(`[Releases] Failed to mirror release ${release.tag_name}: ${error instanceof Error ? error.message : String(error)}`);
     }
   }
 
-  console.log(`✅ Mirrored ${mirroredCount} new releases to Gitea (${skippedCount} already existed)`);
+  console.log(`✅ Mirrored/Updated ${mirroredCount} releases to Gitea (${skippedCount} already up-to-date)`);
 }
 
 export async function mirrorGitRepoPullRequestsToGitea({
@@ -1979,6 +2016,12 @@ export async function deleteGiteaRepo(
 
 /**
  * Archive a repository in Gitea
+ * 
+ * IMPORTANT: This function NEVER deletes data. It only marks repositories as archived.
+ * - For regular repos: Uses Gitea's archive feature (makes read-only)
+ * - For mirror repos: Renames with [ARCHIVED] prefix (Gitea doesn't allow archiving mirrors)
+ * 
+ * This ensures backups are preserved even when the GitHub source disappears.
  */
 export async function archiveGiteaRepo(
   client: { url: string; token: string },
@@ -1986,24 +2029,115 @@ export async function archiveGiteaRepo(
   repo: string
 ): Promise<void> {
   try {
-    const response = await httpPut(
+    // First, check if this is a mirror repository
+    const repoResponse = await httpGet(
       `${client.url}/api/v1/repos/${owner}/${repo}`,
-      {
-        archived: true,
-      },
       {
         Authorization: `token ${client.token}`,
-        'Content-Type': 'application/json',
       }
     );
     
-    if (response.status >= 400) {
-      throw new Error(`Failed to archive repository ${owner}/${repo}: ${response.status} ${response.statusText}`);
+    if (!repoResponse.data) {
+      console.warn(`[Archive] Repository ${owner}/${repo} not found in Gitea. Skipping.`);
+      return;
     }
     
-    console.log(`Successfully archived repository ${owner}/${repo} in Gitea`);
+    if (repoResponse.data?.mirror) {
+      console.log(`[Archive] Repository ${owner}/${repo} is a mirror. Using safe rename strategy.`);
+      
+      // IMPORTANT: Gitea API doesn't allow archiving mirror repositories
+      // According to Gitea source code, attempting to archive a mirror returns:
+      // "repo is a mirror, cannot archive/un-archive" (422 Unprocessable Entity)
+      // 
+      // Our solution: Rename the repo to clearly mark it as orphaned
+      // This preserves all data while indicating the repo is no longer actively synced
+      
+      const currentName = repoResponse.data.name;
+      
+      // Skip if already marked as archived
+      if (currentName.startsWith('[ARCHIVED]')) {
+        console.log(`[Archive] Repository ${owner}/${repo} already marked as archived. Skipping.`);
+        return;
+      }
+      
+      const archivedName = `[ARCHIVED] ${currentName}`;
+      const currentDesc = repoResponse.data.description || '';
+      const archiveNotice = `\n\n⚠️ ARCHIVED: Original GitHub repository no longer exists. Preserved as backup on ${new Date().toISOString()}`;
+      
+      // Only add notice if not already present
+      const newDescription = currentDesc.includes('⚠️ ARCHIVED:') 
+        ? currentDesc 
+        : currentDesc + archiveNotice;
+      
+      const renameResponse = await httpPatch(
+        `${client.url}/api/v1/repos/${owner}/${repo}`,
+        {
+          name: archivedName,
+          description: newDescription,
+        },
+        {
+          Authorization: `token ${client.token}`,
+          'Content-Type': 'application/json',
+        }
+      );
+      
+      if (renameResponse.status >= 400) {
+        // If rename fails, log but don't throw - data is still preserved
+        console.error(`[Archive] Failed to rename mirror repository ${owner}/${repo}: ${renameResponse.status}`);
+        console.log(`[Archive] Repository ${owner}/${repo} remains accessible but not marked as archived`);
+        return;
+      }
+      
+      console.log(`[Archive] Successfully marked mirror repository ${owner}/${repo} as archived (renamed to ${archivedName})`);
+      
+      // Also try to reduce sync frequency to prevent unnecessary API calls
+      // This is optional - if it fails, the repo is still preserved
+      try {
+        await httpPatch(
+          `${client.url}/api/v1/repos/${owner}/${archivedName}`,
+          {
+            mirror_interval: "8760h", // 1 year - minimizes sync attempts
+          },
+          {
+            Authorization: `token ${client.token}`,
+            'Content-Type': 'application/json',
+          }
+        );
+        console.log(`[Archive] Reduced sync frequency for ${owner}/${archivedName} to yearly`);
+      } catch (intervalError) {
+        // Non-critical - repo is still preserved even if we can't change interval
+        console.debug(`[Archive] Could not update mirror interval (non-critical):`, intervalError);
+      }
+    } else {
+      // For non-mirror repositories, use Gitea's native archive feature
+      // This makes the repository read-only but preserves all data
+      console.log(`[Archive] Archiving regular repository ${owner}/${repo}`);
+      
+      const response = await httpPatch(
+        `${client.url}/api/v1/repos/${owner}/${repo}`,
+        {
+          archived: true,
+        },
+        {
+          Authorization: `token ${client.token}`,
+          'Content-Type': 'application/json',
+        }
+      );
+      
+      if (response.status >= 400) {
+        // If archive fails, log but data is still preserved in Gitea
+        console.error(`[Archive] Failed to archive repository ${owner}/${repo}: ${response.status}`);
+        console.log(`[Archive] Repository ${owner}/${repo} remains accessible but not marked as archived`);
+        return;
+      }
+      
+      console.log(`[Archive] Successfully archived repository ${owner}/${repo} (now read-only)`);
+    }
   } catch (error) {
-    console.error(`Error archiving repository ${owner}/${repo}:`, error);
-    throw error;
+    // Even on error, the repository data is preserved in Gitea
+    // We just couldn't mark it as archived
+    console.error(`[Archive] Could not mark repository ${owner}/${repo} as archived:`, error);
+    console.log(`[Archive] Repository ${owner}/${repo} data is preserved but not marked as archived`);
+    // Don't throw - we want cleanup to continue for other repos
   }
 }

src/lib/github.ts

@@ -1,15 +1,176 @@
 import type { GitOrg, MembershipRole } from "@/types/organizations";
 import type { GitRepo, RepoStatus } from "@/types/Repository";
 import { Octokit } from "@octokit/rest";
+import { throttling } from "@octokit/plugin-throttling";
 import type { Config } from "@/types/config";
+// Conditionally import rate limit manager (not available in test environment)
+let RateLimitManager: any = null;
+let publishEvent: any = null;
+
+if (process.env.NODE_ENV !== "test") {
+  try {
+    const rateLimitModule = await import("@/lib/rate-limit-manager");
+    RateLimitManager = rateLimitModule.RateLimitManager;
+    const eventsModule = await import("@/lib/events");
+    publishEvent = eventsModule.publishEvent;
+  } catch (error) {
+    console.warn("Rate limit manager not available:", error);
+  }
+}
+
+// Extend Octokit with throttling plugin
+const MyOctokit = Octokit.plugin(throttling);
 
 /**
- * Creates an authenticated Octokit instance
+ * Creates an authenticated Octokit instance with rate limit tracking and throttling
  */
-export function createGitHubClient(token: string): Octokit {
-  return new Octokit({
-    auth: token,
+export function createGitHubClient(token: string, userId?: string, username?: string): Octokit {
+  // Create a proper User-Agent to identify our application
+  // This helps GitHub understand our traffic patterns and can provide better rate limits
+  const userAgent = username 
+    ? `gitea-mirror/3.5.4 (user:${username})` 
+    : "gitea-mirror/3.5.4";
+  
+  const octokit = new MyOctokit({
+    auth: token, // Always use token for authentication (5000 req/hr vs 60 for unauthenticated)
+    userAgent, // Identify our application and user
+    baseUrl: "https://api.github.com", // Explicitly set the API endpoint
+    log: {
+      debug: () => {},
+      info: console.log,
+      warn: console.warn,
+      error: console.error,
+    },
+    request: {
+      // Add default headers for better identification
+      headers: {
+        accept: "application/vnd.github.v3+json",
+        "x-github-api-version": "2022-11-28", // Use a stable API version
+      },
+    },
+    throttle: {
+      onRateLimit: async (retryAfter: number, options: any, octokit: any, retryCount: number) => {
+        const isSearch = options.url.includes("/search/");
+        const maxRetries = isSearch ? 5 : 3; // Search endpoints get more retries
+        
+        console.warn(
+          `[GitHub] Rate limit hit for ${options.method} ${options.url}. Retry ${retryCount + 1}/${maxRetries}`
+        );
+        
+        // Update rate limit status and notify UI (if available)
+        if (userId && RateLimitManager) {
+          await RateLimitManager.updateFromResponse(userId, {
+            "retry-after": retryAfter.toString(),
+            "x-ratelimit-remaining": "0",
+            "x-ratelimit-reset": (Date.now() / 1000 + retryAfter).toString(),
+          });
+        }
+        
+        if (userId && publishEvent) {
+          await publishEvent({
+            userId,
+            channel: "rate-limit",
+            payload: {
+              type: "rate-limited",
+              provider: "github",
+              retryAfter,
+              retryCount,
+              endpoint: options.url,
+              message: `Rate limit hit. Waiting ${retryAfter}s before retry ${retryCount + 1}/${maxRetries}...`,
+            },
+          });
+        }
+        
+        // Retry with exponential backoff
+        if (retryCount < maxRetries) {
+          console.log(`[GitHub] Waiting ${retryAfter}s before retry...`);
+          return true;
+        }
+        
+        // Max retries reached
+        console.error(`[GitHub] Max retries (${maxRetries}) reached for ${options.url}`);
+        return false;
+      },
+      onSecondaryRateLimit: async (retryAfter: number, options: any, octokit: any, retryCount: number) => {
+        console.warn(
+          `[GitHub] Secondary rate limit hit for ${options.method} ${options.url}`
+        );
+        
+        // Update status and notify UI (if available)
+        if (userId && publishEvent) {
+          await publishEvent({
+            userId,
+            channel: "rate-limit",
+            payload: {
+              type: "secondary-limited",
+              provider: "github",
+              retryAfter,
+              retryCount,
+              endpoint: options.url,
+              message: `Secondary rate limit hit. Waiting ${retryAfter}s...`,
+            },
+          });
+        }
+        
+        // Retry up to 2 times for secondary rate limits
+        if (retryCount < 2) {
+          console.log(`[GitHub] Waiting ${retryAfter}s for secondary rate limit...`);
+          return true;
+        }
+        
+        return false;
+      },
+      // Throttle options to prevent hitting limits
+      fallbackSecondaryRateRetryAfter: 60, // Wait 60s on secondary rate limit
+      minimumSecondaryRateRetryAfter: 5, // Min 5s wait
+      retryAfterBaseValue: 1000, // Base retry in ms
+    },
   });
+  
+  // Add additional rate limit tracking if userId is provided and RateLimitManager is available
+  if (userId && RateLimitManager) {
+    octokit.hook.after("request", async (response: any, options: any) => {
+      // Update rate limit from response headers
+      if (response.headers) {
+        await RateLimitManager.updateFromResponse(userId, response.headers);
+      }
+    });
+    
+    octokit.hook.error("request", async (error: any, options: any) => {
+      // Handle rate limit errors
+      if (error.status === 403 || error.status === 429) {
+        const message = error.message || "";
+        
+        if (message.includes("rate limit") || message.includes("API rate limit")) {
+          console.error(`[GitHub] Rate limit error for user ${userId}: ${message}`);
+          
+          // Update rate limit status from error response (if available)
+          if (error.response?.headers && RateLimitManager) {
+            await RateLimitManager.updateFromResponse(userId, error.response.headers);
+          }
+          
+          // Create error event for UI (if available)
+          if (publishEvent) {
+            await publishEvent({
+              userId,
+            channel: "rate-limit",
+            payload: {
+              type: "error",
+              provider: "github",
+              error: message,
+              endpoint: options.url,
+              message: `Rate limit exceeded: ${message}`,
+            },
+          });
+          }
+        }
+      }
+      
+      throw error;
+    });
+  }
+  
+  return octokit;
 }
 
 /**
@@ -68,6 +229,8 @@ export async function getGithubRepositories({
       owner: repo.owner.login,
       organization:
         repo.owner.type === "Organization" ? repo.owner.login : undefined,
+      mirroredLocation: "",
+      destinationOrg: null,
 
       isPrivate: repo.private,
       isForked: repo.fork,
@@ -82,6 +245,8 @@ export async function getGithubRepositories({
       hasLFS: false,
       hasSubmodules: false,
 
+      language: repo.language,
+      description: repo.description,
       defaultBranch: repo.default_branch,
       visibility: (repo.visibility ?? "public") as GitRepo["visibility"],
 
@@ -125,6 +290,8 @@ export async function getGithubStarredRepositories({
       owner: repo.owner.login,
       organization:
         repo.owner.type === "Organization" ? repo.owner.login : undefined,
+      mirroredLocation: "",
+      destinationOrg: null,
 
       isPrivate: repo.private,
       isForked: repo.fork,
@@ -138,6 +305,8 @@ export async function getGithubStarredRepositories({
       hasLFS: false, // Placeholder
       hasSubmodules: false, // Placeholder
 
+      language: repo.language,
+      description: repo.description,
       defaultBranch: repo.default_branch,
       visibility: (repo.visibility ?? "public") as GitRepo["visibility"],
 
@@ -244,6 +413,8 @@ export async function getGithubOrganizationRepositories({
 
       owner: repo.owner.login,
       organization: repo.owner.login,
+      mirroredLocation: "",
+      destinationOrg: null,
 
       isPrivate: repo.private,
       isForked: repo.fork,
@@ -258,6 +429,8 @@ export async function getGithubOrganizationRepositories({
       hasLFS: false,
       hasSubmodules: false,
 
+      language: repo.language,
+      description: repo.description,
       defaultBranch: repo.default_branch ?? "main",
       visibility: (repo.visibility ?? "public") as GitRepo["visibility"],
 

src/lib/http-client.ts

@@ -178,6 +178,21 @@ export async function httpPut<T = any>(
   });
 }
 
+/**
+ * PATCH request
+ */
+export async function httpPatch<T = any>(
+  url: string,
+  body?: any,
+  headers?: Record<string, string>
+): Promise<HttpResponse<T>> {
+  return httpRequest<T>(url, {
+    method: 'PATCH',
+    headers,
+    body: body ? JSON.stringify(body) : undefined,
+  });
+}
+
 /**
  * DELETE request
  */
@@ -220,6 +235,10 @@ export class GiteaHttpClient {
     return httpPut<T>(`${this.baseUrl}${endpoint}`, body, this.getHeaders());
   }
 
+  async patch<T = any>(endpoint: string, body?: any): Promise<HttpResponse<T>> {
+    return httpPatch<T>(`${this.baseUrl}${endpoint}`, body, this.getHeaders());
+  }
+
   async delete<T = any>(endpoint: string): Promise<HttpResponse<T>> {
     return httpDelete<T>(`${this.baseUrl}${endpoint}`, this.getHeaders());
   }

src/lib/rate-limit-manager.ts

@@ -0,0 +1,422 @@
+import { db, rateLimits } from "@/lib/db";
+import { eq, and } from "drizzle-orm";
+import { v4 as uuidv4 } from "uuid";
+import type { Octokit } from "@octokit/rest";
+import { publishEvent } from "@/lib/events";
+
+type RateLimitStatus = "ok" | "warning" | "limited" | "exceeded";
+
+interface RateLimitInfo {
+  limit: number;
+  remaining: number;
+  used: number;
+  reset: Date;
+  retryAfter?: number;
+  status: RateLimitStatus;
+}
+
+interface RateLimitHeaders {
+  "x-ratelimit-limit"?: string;
+  "x-ratelimit-remaining"?: string;
+  "x-ratelimit-used"?: string;
+  "x-ratelimit-reset"?: string;
+  "retry-after"?: string;
+}
+
+/**
+ * Rate limit manager for GitHub API
+ * 
+ * GitHub API Limits for authenticated users:
+ * - Primary: 5,000 requests per hour
+ * - Secondary: 900 points per minute (GET = 1 point, mutations = more)
+ * - Concurrent: Maximum 100 concurrent requests (recommended: 5-20)
+ * 
+ * For repositories with many issues/PRs:
+ * - Each issue = 1 request to fetch
+ * - Each PR = 1 request to fetch
+ * - Comments = Additional requests per issue/PR
+ * - Better to limit by total requests rather than repositories
+ */
+export class RateLimitManager {
+  private static readonly WARNING_THRESHOLD = 0.2; // Warn when 20% remaining (80% used)
+  private static readonly PAUSE_THRESHOLD = 0.05; // Pause when 5% remaining
+  private static readonly MIN_REQUESTS_BUFFER = 100; // Keep at least 100 requests as buffer
+  private static lastNotifiedThreshold: Map<string, number> = new Map(); // Track last notification per user
+
+  /**
+   * Check current rate limit status from GitHub
+   */
+  static async checkGitHubRateLimit(octokit: Octokit, userId: string): Promise<RateLimitInfo> {
+    try {
+      const { data } = await octokit.rateLimit.get();
+      const core = data.rate;
+      
+      const info: RateLimitInfo = {
+        limit: core.limit,
+        remaining: core.remaining,
+        used: core.used,
+        reset: new Date(core.reset * 1000),
+        status: this.calculateStatus(core.remaining, core.limit),
+      };
+
+      // Update database
+      await this.updateRateLimit(userId, "github", info);
+      
+      return info;
+    } catch (error) {
+      console.error("Failed to check GitHub rate limit:", error);
+      // Return last known status from database if API check fails
+      return await this.getLastKnownStatus(userId, "github");
+    }
+  }
+
+  /**
+   * Extract rate limit info from response headers
+   */
+  static parseRateLimitHeaders(headers: RateLimitHeaders): Partial<RateLimitInfo> {
+    const info: Partial<RateLimitInfo> = {};
+    
+    if (headers["x-ratelimit-limit"]) {
+      info.limit = parseInt(headers["x-ratelimit-limit"], 10);
+    }
+    if (headers["x-ratelimit-remaining"]) {
+      info.remaining = parseInt(headers["x-ratelimit-remaining"], 10);
+    }
+    if (headers["x-ratelimit-used"]) {
+      info.used = parseInt(headers["x-ratelimit-used"], 10);
+    }
+    if (headers["x-ratelimit-reset"]) {
+      info.reset = new Date(parseInt(headers["x-ratelimit-reset"], 10) * 1000);
+    }
+    if (headers["retry-after"]) {
+      info.retryAfter = parseInt(headers["retry-after"], 10);
+    }
+    
+    if (info.remaining !== undefined && info.limit !== undefined) {
+      info.status = this.calculateStatus(info.remaining, info.limit);
+    }
+    
+    return info;
+  }
+
+  /**
+   * Update rate limit info from API response
+   */
+  static async updateFromResponse(userId: string, headers: RateLimitHeaders): Promise<void> {
+    const info = this.parseRateLimitHeaders(headers);
+    if (Object.keys(info).length > 0) {
+      await this.updateRateLimit(userId, "github", info as RateLimitInfo);
+    }
+  }
+
+  /**
+   * Calculate rate limit status based on remaining requests
+   */
+  static calculateStatus(remaining: number, limit: number): RateLimitStatus {
+    const ratio = remaining / limit;
+    
+    if (remaining === 0) return "exceeded";
+    if (remaining < this.MIN_REQUESTS_BUFFER || ratio < this.PAUSE_THRESHOLD) return "limited";
+    if (ratio < this.WARNING_THRESHOLD) return "warning";
+    return "ok";
+  }
+
+  /**
+   * Check if we should pause operations
+   */
+  static async shouldPause(userId: string, provider: "github" | "gitea" = "github"): Promise<boolean> {
+    const status = await this.getLastKnownStatus(userId, provider);
+    return status.status === "limited" || status.status === "exceeded";
+  }
+
+  /**
+   * Calculate wait time until rate limit resets
+   */
+  static calculateWaitTime(reset: Date, retryAfter?: number): number {
+    if (retryAfter) {
+      return retryAfter * 1000; // Convert to milliseconds
+    }
+    
+    const now = new Date();
+    const waitTime = reset.getTime() - now.getTime();
+    return Math.max(0, waitTime);
+  }
+
+  /**
+   * Wait until rate limit resets
+   */
+  static async waitForReset(userId: string, provider: "github" | "gitea" = "github"): Promise<void> {
+    const status = await this.getLastKnownStatus(userId, provider);
+    
+    if (status.status === "ok" || status.status === "warning") {
+      return; // No need to wait
+    }
+    
+    const waitTime = this.calculateWaitTime(status.reset, status.retryAfter);
+    
+    if (waitTime > 0) {
+      console.log(`[RateLimit] Waiting ${Math.ceil(waitTime / 1000)}s for rate limit reset...`);
+      
+      // Create event for UI notification
+      await publishEvent({
+        userId,
+        channel: "rate-limit",
+        payload: {
+          type: "waiting",
+          provider,
+          waitTime,
+          resetAt: status.reset,
+          message: `API rate limit reached. Waiting ${Math.ceil(waitTime / 1000)} seconds before resuming...`,
+        },
+      });
+      
+      // Wait
+      await new Promise(resolve => setTimeout(resolve, waitTime));
+      
+      // Update status after waiting
+      await this.updateRateLimit(userId, provider, {
+        ...status,
+        status: "ok",
+        remaining: status.limit,
+        used: 0,
+      });
+      
+      // Notify that we've resumed
+      await publishEvent({
+        userId,
+        channel: "rate-limit",
+        payload: {
+          type: "resumed",
+          provider,
+          message: "Rate limit reset. Resuming operations...",
+        },
+      });
+    }
+  }
+
+  /**
+   * Update rate limit info in database
+   */
+  private static async updateRateLimit(
+    userId: string,
+    provider: "github" | "gitea",
+    info: RateLimitInfo
+  ): Promise<void> {
+    const existing = await db
+      .select()
+      .from(rateLimits)
+      .where(and(eq(rateLimits.userId, userId), eq(rateLimits.provider, provider)))
+      .limit(1);
+    
+    const data = {
+      userId,
+      provider,
+      limit: info.limit,
+      remaining: info.remaining,
+      used: info.used,
+      reset: info.reset,
+      retryAfter: info.retryAfter,
+      status: info.status,
+      lastChecked: new Date(),
+      updatedAt: new Date(),
+    };
+    
+    if (existing.length > 0) {
+      await db
+        .update(rateLimits)
+        .set(data)
+        .where(eq(rateLimits.id, existing[0].id));
+    } else {
+      await db.insert(rateLimits).values({
+        id: uuidv4(),
+        ...data,
+        createdAt: new Date(),
+      });
+    }
+    
+    // Only send notifications at specific thresholds to avoid spam
+    const usedPercentage = ((info.limit - info.remaining) / info.limit) * 100;
+    const userKey = `${userId}-${provider}`;
+    const lastNotified = this.lastNotifiedThreshold.get(userKey) || 0;
+    
+    // Notify at 80% usage (20% remaining)
+    if (usedPercentage >= 80 && usedPercentage < 100 && lastNotified < 80) {
+      this.lastNotifiedThreshold.set(userKey, 80);
+      await publishEvent({
+        userId,
+        channel: "rate-limit",
+        payload: {
+          type: "warning",
+          provider,
+          status: info.status,
+          remaining: info.remaining,
+          limit: info.limit,
+          usedPercentage: Math.round(usedPercentage),
+          message: `GitHub API rate limit at ${Math.round(usedPercentage)}%. ${info.remaining} requests remaining.`,
+        },
+      });
+      console.log(`[RateLimit] 80% threshold reached for user ${userId}: ${info.remaining}/${info.limit} requests remaining`);
+    }
+    
+    // Notify at 100% usage (0 remaining)
+    if (info.remaining === 0 && lastNotified < 100) {
+      this.lastNotifiedThreshold.set(userKey, 100);
+      const resetTime = new Date(info.reset);
+      const minutesUntilReset = Math.ceil((resetTime.getTime() - Date.now()) / 60000);
+      await publishEvent({
+        userId,
+        channel: "rate-limit",
+        payload: {
+          type: "exceeded",
+          provider,
+          status: "exceeded",
+          remaining: 0,
+          limit: info.limit,
+          usedPercentage: 100,
+          reset: info.reset,
+          message: `GitHub API rate limit exceeded. Will automatically resume in ${minutesUntilReset} minutes.`,
+        },
+      });
+      console.log(`[RateLimit] 100% rate limit exceeded for user ${userId}. Resets at ${resetTime.toLocaleTimeString()}`);
+    }
+    
+    // Reset notification threshold when rate limit resets
+    if (info.remaining > info.limit * 0.5 && lastNotified > 0) {
+      this.lastNotifiedThreshold.delete(userKey);
+    }
+  }
+
+  /**
+   * Get last known rate limit status from database
+   */
+  private static async getLastKnownStatus(
+    userId: string,
+    provider: "github" | "gitea"
+  ): Promise<RateLimitInfo> {
+    const [result] = await db
+      .select()
+      .from(rateLimits)
+      .where(and(eq(rateLimits.userId, userId), eq(rateLimits.provider, provider)))
+      .limit(1);
+    
+    if (result) {
+      return {
+        limit: result.limit,
+        remaining: result.remaining,
+        used: result.used,
+        reset: result.reset,
+        retryAfter: result.retryAfter ?? undefined,
+        status: result.status as RateLimitStatus,
+      };
+    }
+    
+    // Return default if no data
+    return {
+      limit: 5000,
+      remaining: 5000,
+      used: 0,
+      reset: new Date(Date.now() + 3600000), // 1 hour from now
+      status: "ok",
+    };
+  }
+
+  /**
+   * Get human-readable status message
+   */
+  private static getStatusMessage(info: RateLimitInfo): string {
+    const percentage = Math.round((info.remaining / info.limit) * 100);
+    
+    switch (info.status) {
+      case "exceeded":
+        return `API rate limit exceeded. Resets at ${info.reset.toLocaleTimeString()}.`;
+      case "limited":
+        return `API rate limit critical: Only ${info.remaining} requests remaining (${percentage}%). Pausing operations...`;
+      case "warning":
+        return `API rate limit warning: ${info.remaining} requests remaining (${percentage}%).`;
+      default:
+        return `API rate limit healthy: ${info.remaining}/${info.limit} requests remaining.`;
+    }
+  }
+
+  /**
+   * Smart retry with exponential backoff for rate-limited requests
+   */
+  static async retryWithBackoff<T>(
+    fn: () => Promise<T>,
+    userId: string,
+    maxRetries: number = 3
+  ): Promise<T> {
+    let lastError: any;
+    
+    for (let attempt = 0; attempt < maxRetries; attempt++) {
+      try {
+        // Check if we should pause before attempting
+        if (await this.shouldPause(userId)) {
+          await this.waitForReset(userId);
+        }
+        
+        return await fn();
+      } catch (error: any) {
+        lastError = error;
+        
+        // Check if it's a rate limit error
+        if (error.status === 403 && error.message?.includes("rate limit")) {
+          console.log(`[RateLimit] Rate limit hit on attempt ${attempt + 1}/${maxRetries}`);
+          
+          // Parse rate limit headers from error response if available
+          if (error.response?.headers) {
+            await this.updateFromResponse(userId, error.response.headers);
+          }
+          
+          // Wait for reset
+          await this.waitForReset(userId);
+        } else if (error.status === 429) {
+          // Too Many Requests - use exponential backoff
+          const backoffTime = Math.min(1000 * Math.pow(2, attempt), 30000); // Max 30s
+          console.log(`[RateLimit] Too many requests, backing off ${backoffTime}ms`);
+          await new Promise(resolve => setTimeout(resolve, backoffTime));
+        } else {
+          // Not a rate limit error, throw immediately
+          throw error;
+        }
+      }
+    }
+    
+    throw lastError;
+  }
+}
+
+/**
+ * Middleware to check rate limits before making API calls
+ */
+export async function withRateLimitCheck<T>(
+  userId: string,
+  operation: () => Promise<T>,
+  operationName: string = "API call"
+): Promise<T> {
+  // Check if we should pause
+  if (await RateLimitManager.shouldPause(userId)) {
+    console.log(`[RateLimit] Pausing ${operationName} due to rate limit`);
+    await RateLimitManager.waitForReset(userId);
+  }
+  
+  // Execute with retry logic
+  return await RateLimitManager.retryWithBackoff(operation, userId);
+}
+
+/**
+ * Hook to update rate limits from Octokit responses
+ */
+export function createOctokitRateLimitPlugin(userId: string) {
+  return {
+    hook: (request: any, options: any) => {
+      return request(options).then((response: any) => {
+        // Update rate limit from response headers
+        if (response.headers) {
+          RateLimitManager.updateFromResponse(userId, response.headers).catch(console.error);
+        }
+        return response;
+      });
+    },
+  };
+}

src/lib/recovery.ts

@@ -260,11 +260,13 @@ async function recoverMirrorJob(job: any, remainingItemIds: string[]) {
       throw new Error('GitHub token not found in configuration');
     }
 
-    // Create GitHub client with error handling
+    // Create GitHub client with error handling and rate limit tracking
     let octokit;
     try {
       const decryptedToken = getDecryptedGitHubToken(config);
-      octokit = createGitHubClient(decryptedToken);
+      const githubUsername = config.githubConfig?.owner || undefined;
+      const userId = config.userId || undefined;
+      octokit = createGitHubClient(decryptedToken, userId, githubUsername);
     } catch (error) {
       throw new Error(`Failed to create GitHub client: ${error instanceof Error ? error.message : String(error)}`);
     }

src/lib/repository-cleanup-service.ts

@@ -23,19 +23,42 @@ async function identifyOrphanedRepositories(config: any): Promise<any[]> {
   const userId = config.userId;
   
   try {
-    // Get current GitHub repositories
+    // Get current GitHub repositories with rate limit tracking
     const decryptedToken = getDecryptedGitHubToken(config);
-    const octokit = createGitHubClient(decryptedToken);
+    const githubUsername = config.githubConfig?.owner || undefined;
+    const octokit = createGitHubClient(decryptedToken, userId, githubUsername);
     
-    // Fetch GitHub data
-    const [basicAndForkedRepos, starredRepos] = await Promise.all([
-      getGithubRepositories({ octokit, config }),
-      config.githubConfig?.includeStarred
-        ? getGithubStarredRepositories({ octokit, config })
-        : Promise.resolve([]),
-    ]);
+    let allGithubRepos = [];
+    let githubApiAccessible = true;
+    
+    try {
+      // Fetch GitHub data
+      const [basicAndForkedRepos, starredRepos] = await Promise.all([
+        getGithubRepositories({ octokit, config }),
+        config.githubConfig?.includeStarred
+          ? getGithubStarredRepositories({ octokit, config })
+          : Promise.resolve([]),
+      ]);
+      
+      allGithubRepos = [...basicAndForkedRepos, ...starredRepos];
+    } catch (githubError: any) {
+      // Handle GitHub API errors gracefully
+      console.warn(`[Repository Cleanup] GitHub API error for user ${userId}: ${githubError.message}`);
+      
+      // Check if it's a critical error (like account deleted/banned)
+      if (githubError.status === 404 || githubError.status === 403) {
+        console.error(`[Repository Cleanup] CRITICAL: GitHub account may be deleted/banned. Skipping cleanup to prevent data loss.`);
+        console.error(`[Repository Cleanup] Consider using CLEANUP_ORPHANED_REPO_ACTION=archive instead of delete for safety.`);
+        
+        // Return empty array to skip cleanup entirely when GitHub account is inaccessible
+        return [];
+      }
+      
+      // For other errors, also skip cleanup to be safe
+      console.error(`[Repository Cleanup] Skipping cleanup due to GitHub API error. This prevents accidental deletion of backups.`);
+      return [];
+    }
     
-    const allGithubRepos = [...basicAndForkedRepos, ...starredRepos];
     const githubRepoFullNames = new Set(allGithubRepos.map(repo => repo.fullName));
     
     // Get all repositories from our database
@@ -44,13 +67,19 @@ async function identifyOrphanedRepositories(config: any): Promise<any[]> {
       .from(repositories)
       .where(eq(repositories.userId, userId));
     
-    // Identify orphaned repositories
+    // Only identify repositories as orphaned if we successfully accessed GitHub
+    // This prevents false positives when GitHub is down or account is inaccessible
     const orphanedRepos = dbRepos.filter(repo => !githubRepoFullNames.has(repo.fullName));
     
+    if (orphanedRepos.length > 0) {
+      console.log(`[Repository Cleanup] Found ${orphanedRepos.length} orphaned repositories for user ${userId}`);
+    }
+    
     return orphanedRepos;
   } catch (error) {
     console.error(`[Repository Cleanup] Error identifying orphaned repositories for user ${userId}:`, error);
-    throw error;
+    // Return empty array on error to prevent accidental deletions
+    return [];
   }
 }
 
@@ -348,6 +377,9 @@ export function isRepositoryCleanupServiceRunning(): boolean {
   return cleanupInterval !== null;
 }
 
+// Export functions for use by scheduler
+export { identifyOrphanedRepositories, handleOrphanedRepository };
+
 /**
  * Manually trigger repository cleanup for a specific user
  */

src/lib/scheduler-service.ts

@@ -5,9 +5,8 @@
  */
 
 import { db, configs, repositories } from '@/lib/db';
-import { eq, and, or, lt, gte } from 'drizzle-orm';
-import { syncGiteaRepo } from '@/lib/gitea';
-import { createGitHubClient } from '@/lib/github';
+import { eq, and, or } from 'drizzle-orm';
+import { syncGiteaRepo, mirrorGithubRepoToGitea } from '@/lib/gitea';
 import { getDecryptedGitHubToken } from '@/lib/utils/config-encryption';
 import { parseInterval, formatDuration } from '@/lib/utils/duration-parser';
 import type { Repository } from '@/lib/db/schema';
@@ -15,6 +14,7 @@ import { repoStatusEnum, repositoryVisibilityEnum } from '@/types/Repository';
 
 let schedulerInterval: NodeJS.Timeout | null = null;
 let isSchedulerRunning = false;
+let hasPerformedAutoStart = false; // Track if we've already done auto-start
 
 /**
  * Parse schedule interval with enhanced support for duration strings, cron, and numbers
@@ -41,6 +41,12 @@ async function runScheduledSync(config: any): Promise<void> {
   console.log(`[Scheduler] Running scheduled sync for user ${userId}`);
   
   try {
+    // Check if tokens are configured before proceeding
+    if (!config.githubConfig?.token || !config.giteaConfig?.token) {
+      console.log(`[Scheduler] Skipping sync for user ${userId}: GitHub or Gitea tokens not configured`);
+      return;
+    }
+    
     // Update lastRun timestamp
     const currentTime = new Date();
     const scheduleConfig = config.scheduleConfig || {};
@@ -68,6 +74,114 @@ async function runScheduledSync(config: any): Promise<void> {
       updatedAt: currentTime,
     }).where(eq(configs.id, config.id));
     
+    // Auto-discovery: Check for new GitHub repositories
+    if (scheduleConfig.autoImport !== false) {
+      console.log(`[Scheduler] Checking for new GitHub repositories for user ${userId}...`);
+      try {
+        const { getGithubRepositories, getGithubStarredRepositories } = await import('@/lib/github');
+        const { v4: uuidv4 } = await import('uuid');
+        const { getDecryptedGitHubToken } = await import('@/lib/utils/config-encryption');
+        
+        // Create GitHub client
+        const decryptedToken = getDecryptedGitHubToken(config);
+        const { Octokit } = await import('@octokit/rest');
+        const octokit = new Octokit({ auth: decryptedToken });
+        
+        // Fetch GitHub data
+        const [basicAndForkedRepos, starredRepos] = await Promise.all([
+          getGithubRepositories({ octokit, config }),
+          config.githubConfig?.includeStarred
+            ? getGithubStarredRepositories({ octokit, config })
+            : Promise.resolve([]),
+        ]);
+        
+        const allGithubRepos = [...basicAndForkedRepos, ...starredRepos];
+        
+        // Check for new repositories
+        const existingRepos = await db
+          .select({ fullName: repositories.fullName })
+          .from(repositories)
+          .where(eq(repositories.userId, userId));
+        
+        const existingRepoNames = new Set(existingRepos.map(r => r.fullName));
+        const newRepos = allGithubRepos.filter(r => !existingRepoNames.has(r.fullName));
+        
+        if (newRepos.length > 0) {
+          console.log(`[Scheduler] Found ${newRepos.length} new repositories for user ${userId}`);
+          
+          // Insert new repositories
+          const reposToInsert = newRepos.map(repo => ({
+            id: uuidv4(),
+            userId,
+            configId: config.id,
+            name: repo.name,
+            fullName: repo.fullName,
+            url: repo.url,
+            cloneUrl: repo.cloneUrl,
+            owner: repo.owner,
+            organization: repo.organization,
+            mirroredLocation: repo.mirroredLocation || "",
+            destinationOrg: repo.destinationOrg || null,
+            isPrivate: repo.isPrivate,
+            isForked: repo.isForked,
+            forkedFrom: repo.forkedFrom,
+            hasIssues: repo.hasIssues,
+            isStarred: repo.isStarred,
+            isArchived: repo.isArchived,
+            size: repo.size,
+            hasLFS: repo.hasLFS,
+            hasSubmodules: repo.hasSubmodules,
+            language: repo.language || null,
+            description: repo.description || null,
+            defaultBranch: repo.defaultBranch,
+            visibility: repo.visibility,
+            status: 'imported',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          }));
+          
+          await db.insert(repositories).values(reposToInsert);
+          console.log(`[Scheduler] Successfully imported ${newRepos.length} new repositories for user ${userId}`);
+        } else {
+          console.log(`[Scheduler] No new repositories found for user ${userId}`);
+        }
+      } catch (error) {
+        console.error(`[Scheduler] Failed to auto-import repositories for user ${userId}:`, error);
+      }
+    }
+    
+    // Auto-cleanup: Remove orphaned repositories (repos that no longer exist in GitHub)
+    if (config.cleanupConfig?.deleteIfNotInGitHub) {
+      console.log(`[Scheduler] Checking for orphaned repositories to cleanup for user ${userId}...`);
+      try {
+        const { identifyOrphanedRepositories, handleOrphanedRepository } = await import('@/lib/repository-cleanup-service');
+        
+        const orphanedRepos = await identifyOrphanedRepositories(config);
+        
+        if (orphanedRepos.length > 0) {
+          console.log(`[Scheduler] Found ${orphanedRepos.length} orphaned repositories for cleanup`);
+          
+          for (const repo of orphanedRepos) {
+            try {
+              await handleOrphanedRepository(
+                config,
+                repo,
+                config.cleanupConfig.orphanedRepoAction || 'archive',
+                config.cleanupConfig.dryRun ?? false
+              );
+              console.log(`[Scheduler] Handled orphaned repository: ${repo.fullName}`);
+            } catch (error) {
+              console.error(`[Scheduler] Failed to handle orphaned repository ${repo.fullName}:`, error);
+            }
+          }
+        } else {
+          console.log(`[Scheduler] No orphaned repositories found for cleanup`);
+        }
+      } catch (error) {
+        console.error(`[Scheduler] Failed to cleanup orphaned repositories for user ${userId}:`, error);
+      }
+    }
+    
     // Get repositories to sync
     let reposToSync = await db
       .select()
@@ -176,6 +290,282 @@ async function syncSingleRepository(config: any, repo: any): Promise<void> {
   }
 }
 
+/**
+ * Check if we should auto-start based on environment configuration
+ */
+async function checkAutoStartConfiguration(): Promise<boolean> {
+  // Don't auto-start more than once
+  if (hasPerformedAutoStart) {
+    return false;
+  }
+  
+  try {
+    // Check if any configuration has scheduling enabled or mirror interval set
+    const activeConfigs = await db
+      .select()
+      .from(configs)
+      .where(eq(configs.isActive, true));
+    
+    for (const config of activeConfigs) {
+      // Check if scheduling is enabled via environment
+      const scheduleEnabled = config.scheduleConfig?.enabled === true;
+      const hasMirrorInterval = !!config.giteaConfig?.mirrorInterval;
+      
+      // If either SCHEDULE_ENABLED=true or GITEA_MIRROR_INTERVAL is set, we should auto-start
+      if (scheduleEnabled || hasMirrorInterval) {
+        console.log(`[Scheduler] Auto-start conditions met for user ${config.userId} (scheduleEnabled=${scheduleEnabled}, hasMirrorInterval=${hasMirrorInterval})`);
+        return true;
+      }
+    }
+    
+    return false;
+  } catch (error) {
+    console.error('[Scheduler] Error checking auto-start configuration:', error);
+    return false;
+  }
+}
+
+/**
+ * Perform initial auto-start: import repositories and trigger mirror
+ */
+async function performInitialAutoStart(): Promise<void> {
+  hasPerformedAutoStart = true;
+  
+  try {
+    console.log('[Scheduler] Performing initial auto-start...');
+    
+    // Get all active configurations
+    const activeConfigs = await db
+      .select()
+      .from(configs)
+      .where(eq(configs.isActive, true));
+    
+    for (const config of activeConfigs) {
+      // Skip if tokens are not configured
+      if (!config.githubConfig?.token || !config.giteaConfig?.token) {
+        console.log(`[Scheduler] Skipping auto-start for user ${config.userId}: tokens not configured`);
+        continue;
+      }
+      
+      const scheduleEnabled = config.scheduleConfig?.enabled === true;
+      const hasMirrorInterval = !!config.giteaConfig?.mirrorInterval;
+      
+      // Only process configs that have scheduling or mirror interval configured
+      if (!scheduleEnabled && !hasMirrorInterval) {
+        continue;
+      }
+      
+      console.log(`[Scheduler] Auto-starting for user ${config.userId}...`);
+      
+      try {
+        // Step 1: Import repositories from GitHub
+        console.log(`[Scheduler] Step 1: Importing repositories from GitHub for user ${config.userId}...`);
+        const { getGithubRepositories, getGithubStarredRepositories } = await import('@/lib/github');
+        const { v4: uuidv4 } = await import('uuid');
+        
+        // Create GitHub client
+        const decryptedToken = getDecryptedGitHubToken(config);
+        const { Octokit } = await import('@octokit/rest');
+        const octokit = new Octokit({ auth: decryptedToken });
+        
+        // Fetch GitHub data
+        const [basicAndForkedRepos, starredRepos] = await Promise.all([
+          getGithubRepositories({ octokit, config }),
+          config.githubConfig?.includeStarred
+            ? getGithubStarredRepositories({ octokit, config })
+            : Promise.resolve([]),
+        ]);
+        
+        const allGithubRepos = [...basicAndForkedRepos, ...starredRepos];
+        
+        // Check for new repositories
+        const existingRepos = await db
+          .select({ fullName: repositories.fullName })
+          .from(repositories)
+          .where(eq(repositories.userId, config.userId));
+        
+        const existingRepoNames = new Set(existingRepos.map(r => r.fullName));
+        const reposToImport = allGithubRepos.filter(r => !existingRepoNames.has(r.fullName));
+        
+        if (reposToImport.length > 0) {
+          console.log(`[Scheduler] Importing ${reposToImport.length} repositories for user ${config.userId}...`);
+          
+          // Insert new repositories
+          const reposToInsert = reposToImport.map(repo => ({
+            id: uuidv4(),
+            userId: config.userId,
+            configId: config.id,
+            name: repo.name,
+            fullName: repo.fullName,
+            url: repo.url,
+            cloneUrl: repo.cloneUrl,
+            owner: repo.owner,
+            organization: repo.organization,
+            mirroredLocation: repo.mirroredLocation || "",
+            destinationOrg: repo.destinationOrg || null,
+            isPrivate: repo.isPrivate,
+            isForked: repo.isForked,
+            forkedFrom: repo.forkedFrom,
+            hasIssues: repo.hasIssues,
+            isStarred: repo.isStarred,
+            isArchived: repo.isArchived,
+            size: repo.size,
+            hasLFS: repo.hasLFS,
+            hasSubmodules: repo.hasSubmodules,
+            language: repo.language || null,
+            description: repo.description || null,
+            defaultBranch: repo.defaultBranch,
+            visibility: repo.visibility,
+            status: 'imported',
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          }));
+          
+          await db.insert(repositories).values(reposToInsert);
+          console.log(`[Scheduler] Successfully imported ${reposToImport.length} repositories`);
+        } else {
+          console.log(`[Scheduler] No new repositories to import for user ${config.userId}`);
+        }
+        
+        // Check if we already have mirrored repositories (indicating this isn't first run)
+        const mirroredRepos = await db
+          .select()
+          .from(repositories)
+          .where(
+            and(
+              eq(repositories.userId, config.userId),
+              or(
+                eq(repositories.status, 'mirrored'),
+                eq(repositories.status, 'synced')
+              )
+            )
+          )
+          .limit(1);
+        
+        // If we already have mirrored repos, skip the initial mirror (let regular sync handle it)
+        if (mirroredRepos.length > 0) {
+          console.log(`[Scheduler] User ${config.userId} already has mirrored repositories, skipping initial mirror (let regular sync handle updates)`);
+          
+          // Still update the schedule config to indicate scheduling is active
+          const currentTime = new Date();
+          const intervalSource = config.scheduleConfig?.interval || 
+                                config.giteaConfig?.mirrorInterval || 
+                                '8h';
+          const interval = parseScheduleInterval(intervalSource);
+          const nextRun = new Date(currentTime.getTime() + interval);
+          
+          await db.update(configs).set({
+            scheduleConfig: {
+              ...config.scheduleConfig,
+              enabled: true,
+              lastRun: currentTime,
+              nextRun: nextRun,
+            },
+            updatedAt: currentTime,
+          }).where(eq(configs.id, config.id));
+          
+          console.log(`[Scheduler] Scheduling enabled for user ${config.userId}, next sync at ${nextRun.toISOString()}`);
+          continue;
+        }
+        
+        // Step 2: Trigger mirror for all repositories that need mirroring
+        console.log(`[Scheduler] Step 2: Triggering mirror for repositories that need mirroring...`);
+        const reposNeedingMirror = await db
+          .select()
+          .from(repositories)
+          .where(
+            and(
+              eq(repositories.userId, config.userId),
+              or(
+                eq(repositories.status, 'imported'),
+                eq(repositories.status, 'pending'),
+                eq(repositories.status, 'failed')
+              )
+            )
+          );
+        
+        if (reposNeedingMirror.length > 0) {
+          console.log(`[Scheduler] Found ${reposNeedingMirror.length} repositories that need mirroring`);
+          
+          // Reuse the octokit instance from above
+          // (octokit was already created in the import phase)
+          
+          // Process repositories in batches
+          const batchSize = config.scheduleConfig?.batchSize || 5;
+          for (let i = 0; i < reposNeedingMirror.length; i += batchSize) {
+            const batch = reposNeedingMirror.slice(i, Math.min(i + batchSize, reposNeedingMirror.length));
+            console.log(`[Scheduler] Processing batch ${Math.floor(i / batchSize) + 1} of ${Math.ceil(reposNeedingMirror.length / batchSize)} (${batch.length} repos)`);
+            
+            await Promise.all(
+              batch.map(async (repo) => {
+                try {
+                  const repository: Repository = {
+                    ...repo,
+                    status: repoStatusEnum.parse(repo.status),
+                    organization: repo.organization ?? undefined,
+                    lastMirrored: repo.lastMirrored ?? undefined,
+                    errorMessage: repo.errorMessage ?? undefined,
+                    mirroredLocation: repo.mirroredLocation || '',
+                    forkedFrom: repo.forkedFrom ?? undefined,
+                    visibility: repositoryVisibilityEnum.parse(repo.visibility),
+                  };
+                  
+                  await mirrorGithubRepoToGitea({ 
+                    octokit,
+                    repository,
+                    config
+                  });
+                  console.log(`[Scheduler] Successfully mirrored repository: ${repo.fullName}`);
+                } catch (error) {
+                  console.error(`[Scheduler] Failed to mirror repository ${repo.fullName}:`, error);
+                }
+              })
+            );
+            
+            // Pause between batches if configured
+            if (i + batchSize < reposNeedingMirror.length) {
+              const pauseTime = config.scheduleConfig?.pauseBetweenBatches || 2000;
+              console.log(`[Scheduler] Pausing for ${pauseTime}ms before next batch...`);
+              await new Promise(resolve => setTimeout(resolve, pauseTime));
+            }
+          }
+          
+          console.log(`[Scheduler] Completed initial mirror for ${reposNeedingMirror.length} repositories`);
+        } else {
+          console.log(`[Scheduler] No repositories need mirroring`);
+        }
+        
+        // Update the schedule config to indicate we've run
+        const currentTime = new Date();
+        const intervalSource = config.scheduleConfig?.interval || 
+                              config.giteaConfig?.mirrorInterval || 
+                              '8h';
+        const interval = parseScheduleInterval(intervalSource);
+        const nextRun = new Date(currentTime.getTime() + interval);
+        
+        await db.update(configs).set({
+          scheduleConfig: {
+            ...config.scheduleConfig,
+            enabled: true, // Ensure scheduling is enabled
+            lastRun: currentTime,
+            nextRun: nextRun,
+          },
+          updatedAt: currentTime,
+        }).where(eq(configs.id, config.id));
+        
+        console.log(`[Scheduler] Auto-start completed for user ${config.userId}, next sync at ${nextRun.toISOString()}`);
+        
+      } catch (error) {
+        console.error(`[Scheduler] Failed to auto-start for user ${config.userId}:`, error);
+      }
+    }
+    
+    console.log('[Scheduler] Initial auto-start completed');
+  } catch (error) {
+    console.error('[Scheduler] Failed to perform initial auto-start:', error);
+  }
+}
+
 /**
  * Main scheduler loop
  */
@@ -202,25 +592,41 @@ async function schedulerLoop(): Promise<void> {
       config.scheduleConfig?.enabled === true
     );
     
-    if (enabledConfigs.length === 0) {
-      console.log(`[Scheduler] No configurations with scheduling enabled (found ${activeConfigs.length} active configs)`);
+    // Further filter configs that have valid tokens
+    const validConfigs = enabledConfigs.filter(config => {
+      const hasGitHubToken = !!config.githubConfig?.token;
+      const hasGiteaToken = !!config.giteaConfig?.token;
       
-      // Show details about why configs are not enabled
-      activeConfigs.forEach(config => {
-        const scheduleEnabled = config.scheduleConfig?.enabled;
-        const mirrorInterval = config.giteaConfig?.mirrorInterval;
-        console.log(`[Scheduler] User ${config.userId}: scheduleEnabled=${scheduleEnabled}, mirrorInterval=${mirrorInterval}`);
-      });
+      if (!hasGitHubToken || !hasGiteaToken) {
+        console.log(`[Scheduler] User ${config.userId}: Scheduling enabled but tokens missing (GitHub: ${hasGitHubToken}, Gitea: ${hasGiteaToken})`);
+        return false;
+      }
+      return true;
+    });
+    
+    if (validConfigs.length === 0) {
+      if (enabledConfigs.length > 0) {
+        console.log(`[Scheduler] ${enabledConfigs.length} config(s) have scheduling enabled but lack required tokens`);
+      } else {
+        console.log(`[Scheduler] No configurations with scheduling enabled (found ${activeConfigs.length} active configs)`);
+        
+        // Show details about why configs are not enabled
+        activeConfigs.forEach(config => {
+          const scheduleEnabled = config.scheduleConfig?.enabled;
+          const mirrorInterval = config.giteaConfig?.mirrorInterval;
+          console.log(`[Scheduler] User ${config.userId}: scheduleEnabled=${scheduleEnabled}, mirrorInterval=${mirrorInterval}`);
+        });
+      }
       
       return;
     }
     
-    console.log(`[Scheduler] Processing ${enabledConfigs.length} configurations with scheduling enabled (out of ${activeConfigs.length} total active configs)`);
+    console.log(`[Scheduler] Processing ${validConfigs.length} valid configurations (out of ${enabledConfigs.length} with scheduling enabled)`);
     
     // Check each configuration to see if it's time to run
     const currentTime = new Date();
     
-    for (const config of enabledConfigs) {
+    for (const config of validConfigs) {
       const scheduleConfig = config.scheduleConfig || {};
       
       // Check if it's time to run based on nextRun
@@ -242,7 +648,7 @@ async function schedulerLoop(): Promise<void> {
 /**
  * Start the scheduler service
  */
-export function startSchedulerService(): void {
+export async function startSchedulerService(): Promise<void> {
   if (schedulerInterval) {
     console.log('[Scheduler] Scheduler service is already running');
     return;
@@ -250,6 +656,14 @@ export function startSchedulerService(): void {
   
   console.log('[Scheduler] Starting scheduler service');
   
+  // Check if we should auto-start mirroring based on environment variables
+  const shouldAutoStart = await checkAutoStartConfiguration();
+  
+  if (shouldAutoStart) {
+    console.log('[Scheduler] Auto-start detected from environment variables, triggering initial import and mirror...');
+    await performInitialAutoStart();
+  }
+  
   // Run immediately on start
   schedulerLoop().catch(error => {
     console.error('[Scheduler] Error during initial scheduler run:', error);

src/lib/utils.ts

@@ -29,6 +29,31 @@ export function formatDate(date?: Date | string | null): string {
   }).format(new Date(date));
 }
 
+export function formatLastSyncTime(date: Date | string | null): string {
+  if (!date) return "Never";
+  
+  const now = new Date();
+  const syncDate = new Date(date);
+  const diffMs = now.getTime() - syncDate.getTime();
+  const diffMins = Math.floor(diffMs / 60000);
+  const diffHours = Math.floor(diffMs / 3600000);
+  const diffDays = Math.floor(diffMs / 86400000);
+  
+  // Show relative time for recent syncs
+  if (diffMins < 1) return "Just now";
+  if (diffMins < 60) return `${diffMins} min ago`;
+  if (diffHours < 24) return `${diffHours} hr${diffHours === 1 ? '' : 's'} ago`;
+  if (diffDays < 7) return `${diffDays} day${diffDays === 1 ? '' : 's'} ago`;
+  
+  // For older syncs, show week count
+  const diffWeeks = Math.floor(diffDays / 7);
+  if (diffWeeks < 4) return `${diffWeeks} week${diffWeeks === 1 ? '' : 's'} ago`;
+  
+  // For even older, show month count
+  const diffMonths = Math.floor(diffDays / 30);
+  return `${diffMonths} month${diffMonths === 1 ? '' : 's'} ago`;
+}
+
 export function truncate(str: string, length: number): string {
   if (str.length <= length) return str;
   return str.slice(0, length) + "...";

src/lib/utils/concurrency.ts

@@ -10,7 +10,7 @@
 export async function processInParallel<T, R>(
   items: T[],
   processItem: (item: T) => Promise<R>,
-  concurrencyLimit: number = 5,
+  concurrencyLimit: number = 5, // Safe default for GitHub API (max 100 concurrent, but 5-10 recommended)
   onProgress?: (completed: number, total: number, result?: R) => void
 ): Promise<R[]> {
   const results: R[] = [];

src/lib/utils/config-defaults.ts

@@ -93,7 +93,7 @@ export async function createDefaultConfig({ userId, envOverrides = {} }: Default
       enabled: scheduleEnabled,
       interval: scheduleInterval,
       concurrent: false,
-      batchSize: 10,
+      batchSize: 5, // Reduced from 10 to be more conservative with GitHub API limits
       lastRun: null,
       nextRun: scheduleEnabled ? new Date(Date.now() + scheduleInterval * 1000) : null,
     },

src/middleware.ts

@@ -8,6 +8,7 @@ import { setupSignalHandlers } from './lib/signal-handlers';
 import { auth } from './lib/auth';
 import { isHeaderAuthEnabled, authenticateWithHeaders } from './lib/auth-header';
 import { initializeConfigFromEnv } from './lib/env-config-loader';
+import { db, users } from './lib/db';
 
 // Flag to track if recovery has been initialized
 let recoveryInitialized = false;
@@ -17,6 +18,7 @@ let schedulerServiceStarted = false;
 let repositoryCleanupServiceStarted = false;
 let shutdownManagerInitialized = false;
 let envConfigInitialized = false;
+let envConfigCheckCount = 0; // Track attempts to avoid excessive checking
 
 export const onRequest = defineMiddleware(async (context, next) => {
   // First, try Better Auth session (cookie-based)
@@ -79,14 +81,31 @@ export const onRequest = defineMiddleware(async (context, next) => {
     }
   }
 
-  // Initialize configuration from environment variables (only once)
-  if (!envConfigInitialized) {
-    envConfigInitialized = true;
-    try {
-      await initializeConfigFromEnv();
-    } catch (error) {
-      console.error('⚠️  Failed to initialize configuration from environment:', error);
-      // Continue anyway - environment config is optional
+  // Initialize configuration from environment variables
+  // Optimized to minimize performance impact:
+  // - Once initialized, no checks are performed (envConfigInitialized = true)
+  // - Limits checks to first 100 requests to avoid DB queries on every request if no users exist
+  // - After user creation, env vars load on next request and flag is set permanently
+  if (!envConfigInitialized && envConfigCheckCount < 100) {
+    envConfigCheckCount++;
+    
+    // Only check every 10th request after the first 10 to reduce DB load
+    const shouldCheck = envConfigCheckCount <= 10 || envConfigCheckCount % 10 === 0;
+    
+    if (shouldCheck) {
+      try {
+        const hasUsers = await db.select().from(users).limit(1).then(u => u.length > 0);
+        
+        if (hasUsers) {
+          // We have users now, try to initialize config
+          await initializeConfigFromEnv();
+          envConfigInitialized = true; // This ensures we never check again
+          console.log('✅ Environment configuration loaded after user creation');
+        }
+      } catch (error) {
+        console.error('⚠️  Failed to initialize configuration from environment:', error);
+        // Continue anyway - environment config is optional
+      }
     }
   }
 
@@ -160,7 +179,10 @@ export const onRequest = defineMiddleware(async (context, next) => {
   if (recoveryInitialized && !schedulerServiceStarted) {
     try {
       console.log('Starting automatic mirror scheduler service...');
-      startSchedulerService();
+      // Start the scheduler service (now async)
+      startSchedulerService().catch(error => {
+        console.error('Error in scheduler service startup:', error);
+      });
 
       // Register scheduler service shutdown callback
       registerShutdownCallback(async () => {

src/pages/api/auth/sso/register.ts

@@ -25,9 +25,34 @@ export async function POST(context: APIContext) {
       );
     }
 
+    // Validate issuer URL format
+    let validatedIssuer = issuer;
+    if (issuer && typeof issuer === 'string' && issuer.trim() !== '') {
+      try {
+        const issuerUrl = new URL(issuer.trim());
+        validatedIssuer = issuerUrl.toString().replace(/\/$/, ''); // Remove trailing slash
+      } catch (e) {
+        return new Response(
+          JSON.stringify({ error: `Invalid issuer URL format: ${issuer}` }),
+          {
+            status: 400,
+            headers: { "Content-Type": "application/json" },
+          }
+        );
+      }
+    } else {
+      return new Response(
+        JSON.stringify({ error: "Issuer URL cannot be empty" }),
+        {
+          status: 400,
+          headers: { "Content-Type": "application/json" },
+        }
+      );
+    }
+
     let registrationBody: any = {
       providerId,
-      issuer,
+      issuer: validatedIssuer,
       domain,
       organizationId,
     };
@@ -91,14 +116,27 @@ export async function POST(context: APIContext) {
       // Use provided scopes or default if not specified
       const finalScopes = scopes || ["openid", "email", "profile"];
 
+      // Validate endpoint URLs if provided
+      const validateUrl = (url: string | undefined, name: string): string | undefined => {
+        if (!url) return undefined;
+        if (typeof url !== 'string' || url.trim() === '') return undefined;
+        try {
+          const validatedUrl = new URL(url.trim());
+          return validatedUrl.toString();
+        } catch (e) {
+          console.warn(`Invalid ${name} URL: ${url}, skipping`);
+          return undefined;
+        }
+      };
+
       registrationBody.oidcConfig = {
-        clientId,
-        clientSecret,
-        authorizationEndpoint,
-        tokenEndpoint,
-        jwksEndpoint,
-        discoveryEndpoint,
-        userInfoEndpoint,
+        clientId: clientId || undefined,
+        clientSecret: clientSecret || undefined,
+        authorizationEndpoint: validateUrl(authorizationEndpoint, 'authorization endpoint'),
+        tokenEndpoint: validateUrl(tokenEndpoint, 'token endpoint'),
+        jwksEndpoint: validateUrl(jwksEndpoint, 'JWKS endpoint'),
+        discoveryEndpoint: validateUrl(discoveryEndpoint, 'discovery endpoint'),
+        userInfoEndpoint: validateUrl(userInfoEndpoint, 'userinfo endpoint'),
         scopes: finalScopes,
         pkce,
       };

src/pages/api/events/index.ts

@@ -0,0 +1,69 @@
+import type { APIRoute } from "astro";
+import { getNewEvents } from "@/lib/events";
+
+export const GET: APIRoute = async ({ request }) => {
+  const url = new URL(request.url);
+  const userId = url.searchParams.get("userId");
+
+  if (!userId) {
+    return new Response("Missing userId", { status: 400 });
+  }
+
+  // Create a new ReadableStream for SSE
+  const stream = new ReadableStream({
+    start(controller) {
+      const encoder = new TextEncoder();
+      let lastEventTime = new Date();
+
+      // Send initial connection message
+      controller.enqueue(encoder.encode(": connected\n\n"));
+
+      // Poll for new events every 2 seconds
+      const pollInterval = setInterval(async () => {
+        try {
+          // Get new rate limit events
+          const newEvents = await getNewEvents({
+            userId,
+            channel: "rate-limit",
+            lastEventTime,
+          });
+
+          // Send each new event
+          for (const event of newEvents) {
+            const message = `event: rate-limit\ndata: ${JSON.stringify(event.payload)}\n\n`;
+            controller.enqueue(encoder.encode(message));
+            lastEventTime = new Date(event.createdAt);
+          }
+        } catch (error) {
+          console.error("Error polling for events:", error);
+        }
+      }, 2000); // Poll every 2 seconds
+
+      // Send heartbeat every 30 seconds to keep connection alive
+      const heartbeatInterval = setInterval(() => {
+        try {
+          controller.enqueue(encoder.encode(": heartbeat\n\n"));
+        } catch (error) {
+          clearInterval(heartbeatInterval);
+          clearInterval(pollInterval);
+        }
+      }, 30000);
+
+      // Cleanup on close
+      request.signal.addEventListener("abort", () => {
+        clearInterval(pollInterval);
+        clearInterval(heartbeatInterval);
+        controller.close();
+      });
+    },
+  });
+
+  return new Response(stream, {
+    headers: {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      "Connection": "keep-alive",
+      "X-Accel-Buffering": "no", // Disable nginx buffering
+    },
+  });
+};

src/pages/api/job/mirror-org.ts

@@ -71,9 +71,10 @@ export const POST: APIRoute = async ({ request }) => {
         throw new Error("GitHub token is missing in config.");
       }
 
-      // Create a single Octokit instance to be reused
+      // Create a single Octokit instance to be reused with rate limit tracking
       const decryptedToken = getDecryptedGitHubToken(config);
-      const octokit = createGitHubClient(decryptedToken);
+      const githubUsername = config.githubConfig?.owner || undefined;
+      const octokit = createGitHubClient(decryptedToken, userId, githubUsername);
 
       // Define the concurrency limit - adjust based on API rate limits
       // Using a lower concurrency for organizations since each org might contain many repos

src/pages/api/job/mirror-repo.ts

@@ -73,9 +73,10 @@ export const POST: APIRoute = async ({ request }) => {
         throw new Error("GitHub token is missing.");
       }
 
-      // Create a single Octokit instance to be reused
+      // Create a single Octokit instance to be reused with rate limit tracking
       const decryptedToken = getDecryptedGitHubToken(config);
-      const octokit = createGitHubClient(decryptedToken);
+      const githubUsername = config.githubConfig?.owner || undefined;
+      const octokit = createGitHubClient(decryptedToken, userId, githubUsername);
 
       // Define the concurrency limit - adjust based on API rate limits
       const CONCURRENCY_LIMIT = 3;

src/pages/api/job/retry-repo.ts

@@ -71,12 +71,13 @@ export const POST: APIRoute = async ({ request }) => {
 
     // Start background retry with parallel processing
     setTimeout(async () => {
-      // Create a single Octokit instance to be reused if needed
+      // Create a single Octokit instance to be reused if needed with rate limit tracking
       const decryptedToken = config.githubConfig.token
         ? getDecryptedGitHubToken(config)
         : null;
+      const githubUsername = config.githubConfig?.owner || undefined;
       const octokit = decryptedToken
-        ? createGitHubClient(decryptedToken)
+        ? createGitHubClient(decryptedToken, userId, githubUsername)
         : null;
 
       // Define the concurrency limit - adjust based on API rate limits

src/pages/api/rate-limit/index.ts

@@ -0,0 +1,104 @@
+import type { APIRoute } from "astro";
+import { db, rateLimits } from "@/lib/db";
+import { eq, and, desc } from "drizzle-orm";
+import { jsonResponse, createSecureErrorResponse } from "@/lib/utils";
+import { RateLimitManager } from "@/lib/rate-limit-manager";
+import { createGitHubClient } from "@/lib/github";
+import { getDecryptedGitHubToken } from "@/lib/utils/config-encryption";
+import { configs } from "@/lib/db";
+
+export const GET: APIRoute = async ({ request }) => {
+  const url = new URL(request.url);
+  const userId = url.searchParams.get("userId");
+  const refresh = url.searchParams.get("refresh") === "true";
+
+  if (!userId) {
+    return jsonResponse({
+      data: { error: "Missing userId" },
+      status: 400,
+    });
+  }
+
+  try {
+    // If refresh is requested, fetch current rate limit from GitHub
+    if (refresh) {
+      const [config] = await db
+        .select()
+        .from(configs)
+        .where(eq(configs.userId, userId))
+        .limit(1);
+
+      if (config && config.githubConfig?.token) {
+        const decryptedToken = getDecryptedGitHubToken(config);
+        const githubUsername = config.githubConfig?.owner || undefined;
+        const octokit = createGitHubClient(decryptedToken, userId, githubUsername);
+        
+        // This will update the rate limit in the database
+        await RateLimitManager.checkGitHubRateLimit(octokit, userId);
+      }
+    }
+
+    // Get rate limit status from database
+    const [rateLimit] = await db
+      .select()
+      .from(rateLimits)
+      .where(and(eq(rateLimits.userId, userId), eq(rateLimits.provider, "github")))
+      .orderBy(desc(rateLimits.updatedAt))
+      .limit(1);
+
+    if (!rateLimit) {
+      return jsonResponse({
+        data: {
+          limit: 5000,
+          remaining: 5000,
+          used: 0,
+          reset: new Date(Date.now() + 3600000), // 1 hour from now
+          status: "ok",
+          lastChecked: new Date(),
+          message: "No rate limit data available yet",
+        },
+      });
+    }
+
+    // Calculate percentage
+    const percentage = Math.round((rateLimit.remaining / rateLimit.limit) * 100);
+    
+    // Calculate time until reset
+    const now = new Date();
+    const resetTime = new Date(rateLimit.reset);
+    const timeUntilReset = Math.max(0, resetTime.getTime() - now.getTime());
+    const minutesUntilReset = Math.ceil(timeUntilReset / 60000);
+
+    let message = "";
+    switch (rateLimit.status) {
+      case "exceeded":
+        message = `Rate limit exceeded. Resets in ${minutesUntilReset} minutes.`;
+        break;
+      case "limited":
+        message = `Rate limit critical: ${rateLimit.remaining}/${rateLimit.limit} (${percentage}%)`;
+        break;
+      case "warning":
+        message = `Rate limit warning: ${rateLimit.remaining}/${rateLimit.limit} (${percentage}%)`;
+        break;
+      default:
+        message = `Rate limit healthy: ${rateLimit.remaining}/${rateLimit.limit} (${percentage}%)`;
+    }
+
+    return jsonResponse({
+      data: {
+        limit: rateLimit.limit,
+        remaining: rateLimit.remaining,
+        used: rateLimit.used,
+        reset: rateLimit.reset,
+        retryAfter: rateLimit.retryAfter,
+        status: rateLimit.status,
+        lastChecked: rateLimit.lastChecked,
+        percentage,
+        minutesUntilReset,
+        message,
+      },
+    });
+  } catch (error) {
+    return createSecureErrorResponse(error, "rate limit check", 500);
+  }
+};

src/pages/api/sso/discover.ts

@@ -10,26 +10,71 @@ export async function POST(context: APIContext) {
 
     const { issuer } = await context.request.json();
 
-    if (!issuer) {
-      return new Response(JSON.stringify({ error: "Issuer URL is required" }), {
+    if (!issuer || typeof issuer !== 'string' || issuer.trim() === '') {
+      return new Response(JSON.stringify({ error: "Issuer URL is required and must be a valid string" }), {
         status: 400,
         headers: { "Content-Type": "application/json" },
       });
     }
 
-    // Ensure issuer URL ends without trailing slash for well-known discovery
-    const cleanIssuer = issuer.replace(/\/$/, "");
+    // Validate issuer URL format
+    let cleanIssuer: string;
+    try {
+      const issuerUrl = new URL(issuer.trim());
+      cleanIssuer = issuerUrl.toString().replace(/\/$/, ""); // Remove trailing slash
+    } catch (e) {
+      return new Response(
+        JSON.stringify({ 
+          error: "Invalid issuer URL format",
+          details: `The provided URL "${issuer}" is not a valid URL. For Authentik, use format: https://your-authentik-domain/application/o/<app-slug>/`
+        }),
+        {
+          status: 400,
+          headers: { "Content-Type": "application/json" },
+        }
+      );
+    }
+
     const discoveryUrl = `${cleanIssuer}/.well-known/openid-configuration`;
 
     try {
-      // Fetch OIDC discovery document
-      const response = await fetch(discoveryUrl);
+      // Fetch OIDC discovery document with timeout
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), 10000); // 10 second timeout
+      
+      let response: Response;
+      try {
+        response = await fetch(discoveryUrl, {
+          signal: controller.signal,
+          headers: {
+            'Accept': 'application/json',
+          }
+        });
+      } catch (fetchError) {
+        if (fetchError instanceof Error && fetchError.name === 'AbortError') {
+          throw new Error(`Request timeout: The OIDC provider at ${cleanIssuer} did not respond within 10 seconds`);
+        }
+        throw new Error(`Network error: Could not connect to ${cleanIssuer}. Please verify the URL is correct and accessible.`);
+      } finally {
+        clearTimeout(timeoutId);
+      }
       
       if (!response.ok) {
-        throw new Error(`Failed to fetch discovery document: ${response.status}`);
+        if (response.status === 404) {
+          throw new Error(`OIDC discovery document not found at ${discoveryUrl}. For Authentik, ensure you're using the correct application slug in the URL.`);
+        } else if (response.status >= 500) {
+          throw new Error(`OIDC provider error (${response.status}): The server at ${cleanIssuer} returned an error.`);
+        } else {
+          throw new Error(`Failed to fetch discovery document (${response.status}): ${response.statusText}`);
+        }
       }
 
-      const config = await response.json();
+      let config: any;
+      try {
+        config = await response.json();
+      } catch (parseError) {
+        throw new Error(`Invalid response: The discovery document from ${cleanIssuer} is not valid JSON.`);
+      }
 
       // Extract the essential endpoints
       const discoveredConfig = {

src/pages/api/sync/index.ts

@@ -43,7 +43,8 @@ export const POST: APIRoute = async ({ request }) => {
 
     // Decrypt the GitHub token before using it
     const decryptedToken = getDecryptedGitHubToken(config);
-    const octokit = createGitHubClient(decryptedToken);
+    const githubUsername = config.githubConfig?.owner || undefined;
+    const octokit = createGitHubClient(decryptedToken, userId, githubUsername);
 
     // Fetch GitHub data in parallel
     const [basicAndForkedRepos, starredRepos, gitOrgs] = await Promise.all([
@@ -67,6 +68,8 @@ export const POST: APIRoute = async ({ request }) => {
       cloneUrl: repo.cloneUrl,
       owner: repo.owner,
       organization: repo.organization,
+      mirroredLocation: repo.mirroredLocation || "",
+      destinationOrg: repo.destinationOrg || null,
       isPrivate: repo.isPrivate,
       isForked: repo.isForked,
       forkedFrom: repo.forkedFrom,
@@ -76,6 +79,8 @@ export const POST: APIRoute = async ({ request }) => {
       size: repo.size,
       hasLFS: repo.hasLFS,
       hasSubmodules: repo.hasSubmodules,
+      language: repo.language || null,
+      description: repo.description || null,
       defaultBranch: repo.defaultBranch,
       visibility: repo.visibility,
       status: repo.status,

src/pages/api/sync/organization.ts

@@ -69,8 +69,9 @@ export const POST: APIRoute = async ({ request }) => {
       });
     }
     
-    // Create authenticated Octokit instance
-    const octokit = createGitHubClient(decryptedConfig.githubConfig.token);
+    // Create authenticated Octokit instance with rate limit tracking
+    const githubUsername = decryptedConfig.githubConfig?.owner || undefined;
+    const octokit = createGitHubClient(decryptedConfig.githubConfig.token, userId, githubUsername);
 
     // Fetch org metadata
     const { data: orgData } = await octokit.orgs.get({ org });
@@ -117,6 +118,8 @@ export const POST: APIRoute = async ({ request }) => {
       owner: repo.owner.login,
       organization:
         repo.owner.type === "Organization" ? repo.owner.login : null,
+      mirroredLocation: "",
+      destinationOrg: null,
       isPrivate: repo.private,
       isForked: repo.fork,
       forkedFrom: undefined,
@@ -126,6 +129,8 @@ export const POST: APIRoute = async ({ request }) => {
       size: repo.size,
       hasLFS: false,
       hasSubmodules: false,
+      language: repo.language || null,
+      description: repo.description || null,
       defaultBranch: repo.default_branch ?? "main",
       visibility: (repo.visibility ?? "public") as RepositoryVisibility,
       status: "imported" as RepoStatus,

src/pages/api/sync/repository.ts

@@ -92,12 +92,15 @@ export const POST: APIRoute = async ({ request }) => {
       size: repoData.size,
       hasLFS: false,
       hasSubmodules: false,
+      language: repoData.language || null,
+      description: repoData.description || null,
       defaultBranch: repoData.default_branch,
       visibility: (repoData.visibility ?? "public") as RepositoryVisibility,
       status: "imported" as Repository["status"],
       lastMirrored: undefined,
       errorMessage: undefined,
       mirroredLocation: "",
+      destinationOrg: null,
       createdAt: repoData.created_at
         ? new Date(repoData.created_at)
         : new Date(),

src/types/Repository.ts

@@ -48,6 +48,8 @@ export interface GitRepo {
 
   owner: string;
   organization?: string;
+  mirroredLocation?: string;
+  destinationOrg?: string | null;
 
   isPrivate: boolean;
   isForked: boolean;
@@ -61,6 +63,8 @@ export interface GitRepo {
   hasLFS: boolean;
   hasSubmodules: boolean;
 
+  language?: string | null;
+  description?: string | null;
   defaultBranch: string;
   visibility: RepositoryVisibility;