diff --git a/.vscode/settings.json b/.vscode/settings.json
index 7522198819..af3d483835 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -9,7 +9,7 @@
 	"files.insertFinalNewline": true,
 	"editor.codeActionsOnSave": {
 		"source.fixAll.eslint": "explicit",
-		"source.organizeImports": "always"
+		"source.organizeImports": "never"
 	},
 	"editor.defaultFormatter": "esbenp.prettier-vscode",
 	"[vue]": {
diff --git a/Cargo.toml b/Cargo.toml
index 529fc9cb66..91008f355d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -241,6 +241,7 @@ bool_to_int_with_if = "warn"
 borrow_as_ptr = "warn"
 cfg_not_test = "warn"
 clear_with_drain = "warn"
+type_complexity = "allow"
 cloned_instead_of_copied = "warn"
 collection_is_never_read = "warn"
 dbg_macro = "warn"
diff --git a/apps/app-frontend/src/pages/hosting/manage/Access.vue b/apps/app-frontend/src/pages/hosting/manage/Access.vue
new file mode 100644
index 0000000000..59a3b82e36
--- /dev/null
+++ b/apps/app-frontend/src/pages/hosting/manage/Access.vue
@@ -0,0 +1,33 @@
+<script setup lang="ts">
+import {
+	injectModrinthClient,
+	injectModrinthServerContext,
+	ServersManageAccessPage,
+} from '@modrinth/ui'
+import { useQueryClient } from '@tanstack/vue-query'
+
+const client = injectModrinthClient()
+const { serverId } = injectModrinthServerContext()
+const queryClient = useQueryClient()
+
+try {
+	await Promise.all([
+		queryClient.ensureQueryData({
+			queryKey: ['servers', 'users', 'v1', serverId],
+			queryFn: () => client.archon.server_users_v1.list(serverId),
+			staleTime: 30_000,
+		}),
+		queryClient.ensureQueryData({
+			queryKey: ['servers', 'v1', 'detail', serverId],
+			queryFn: () => client.archon.servers_v1.get(serverId),
+			staleTime: 30_000,
+		}),
+	])
+} catch {
+	// Let mounted layouts' useQuery surface errors; do not fail route setup.
+}
+</script>
+
+<template>
+	<ServersManageAccessPage />
+</template>
diff --git a/apps/app-frontend/src/pages/hosting/manage/index.js b/apps/app-frontend/src/pages/hosting/manage/index.js
index 50052e3f9e..0c10b07133 100644
--- a/apps/app-frontend/src/pages/hosting/manage/index.js
+++ b/apps/app-frontend/src/pages/hosting/manage/index.js
@@ -1,7 +1,8 @@
+import Access from './Access.vue'
 import Backups from './Backups.vue'
 import Content from './Content.vue'
 import Files from './Files.vue'
 import Index from './Index.vue'
 import Overview from './Overview.vue'
 
-export { Backups, Content, Files, Index, Overview }
+export { Access, Backups, Content, Files, Index, Overview }
diff --git a/apps/app-frontend/src/routes.js b/apps/app-frontend/src/routes.js
index f01df0670c..da93b48e85 100644
--- a/apps/app-frontend/src/routes.js
+++ b/apps/app-frontend/src/routes.js
@@ -73,6 +73,14 @@ export default new createRouter({
 						breadcrumb: [{ name: '?Server' }],
 					},
 				},
+				{
+					path: 'access',
+					name: 'ServerManageAccess',
+					component: Hosting.Access,
+					meta: {
+						breadcrumb: [{ name: '?Server' }],
+					},
+				},
 			],
 		},
 		{
diff --git a/apps/frontend/CLAUDE.md b/apps/frontend/CLAUDE.md
index 9d0d05c4df..03515cbb31 100644
--- a/apps/frontend/CLAUDE.md
+++ b/apps/frontend/CLAUDE.md
@@ -40,4 +40,3 @@ These composables are deprecated and should not be used in new code:
 
 - **`useAsyncData`** - we use tanstack, not nuxt's built in async data utility.
 - **`useBaseFetch`** (`src/composables/fetch.js`) — legacy Labrinth fetch wrapper. Use `client.labrinth.*` modules instead.
-- **`useServersFetch`** (`src/composables/servers/servers-fetch.ts`) — legacy Archon fetch wrapper with manual retry/circuit-breaker. Use `client.archon.*` modules instead — refer to the `packages/api-client/CLAUDE.md` for more information.
diff --git a/apps/frontend/nuxt.config.ts b/apps/frontend/nuxt.config.ts
index 45f1526eb4..f7f8a5296b 100644
--- a/apps/frontend/nuxt.config.ts
+++ b/apps/frontend/nuxt.config.ts
@@ -224,6 +224,7 @@ export default defineNuxtConfig({
 				globalThis.INTERCOM_APP_ID ||
 				'ykeritl9',
 			production: isProduction(),
+			cookieSecure: isProduction(),
 			buildEnv: process.env.BUILD_ENV,
 			preview: process.env.PREVIEW === 'true',
 			featureFlagOverrides: getFeatureFlagOverrides(),
diff --git a/apps/frontend/package.json b/apps/frontend/package.json
index e835e9cfc9..fa2e751f4c 100644
--- a/apps/frontend/package.json
+++ b/apps/frontend/package.json
@@ -26,7 +26,7 @@
 		"@types/semver": "^7.7.1",
 		"autoprefixer": "^10.4.19",
 		"glob": "^10.2.7",
-		"nuxt": "^3.20.2",
+		"nuxt": "=3.20.2",
 		"postcss": "^8.4.39",
 		"prettier-plugin-tailwindcss": "^0.6.5",
 		"sass": "^1.58.0",
diff --git a/apps/frontend/src/components/ui/NotificationItem.vue b/apps/frontend/src/components/ui/NotificationItem.vue
index 420e852424..4b27e5be76 100644
--- a/apps/frontend/src/components/ui/NotificationItem.vue
+++ b/apps/frontend/src/components/ui/NotificationItem.vue
@@ -1,52 +1,123 @@
 <template>
 	<div
-		class="notification"
-		:class="{
-			'has-body': hasBody,
-			compact: compact,
-			read: notification.read,
-		}"
+		:class="
+			type === 'server_invite'
+				? { read: notification.read }
+				: {
+						notification: true,
+						'has-body': hasBody,
+						compact: compact,
+						read: notification.read,
+					}
+		"
 	>
-		<nuxt-link
-			v-if="!type"
-			:to="notification.link"
-			class="notification__icon backed-svg"
-			:class="{ raised: raised }"
-		>
-			<BellIcon />
-		</nuxt-link>
-		<DoubleIcon v-else class="notification__icon">
-			<template #primary>
-				<nuxt-link v-if="project" :to="getProjectLink(project)" tabindex="-1">
-					<Avatar size="xs" :src="project.icon_url" :raised="raised" no-shadow />
-				</nuxt-link>
-				<nuxt-link
-					v-else-if="organization"
-					:to="`/organization/${organization.slug}`"
-					tabindex="-1"
+		<template v-if="type === 'server_invite'">
+			<div class="flex flex-col gap-4">
+				<ModrinthServersIcon class="h-auto w-56 max-w-full text-[var(--color-heading)]" />
+				<div
+					class="flex flex-wrap items-center gap-x-1.5 gap-y-2 text-lg leading-tight text-[var(--color-heading)]"
 				>
-					<Avatar size="xs" :src="organization.icon_url" :raised="raised" no-shadow />
-				</nuxt-link>
-				<nuxt-link v-else-if="user" :to="getUserLink(user)" tabindex="-1">
-					<Avatar size="xs" :src="user.avatar_url" :raised="raised" no-shadow />
-				</nuxt-link>
-				<Avatar v-else size="xs" :raised="raised" no-shadow />
-			</template>
-			<template #secondary>
-				<ScaleIcon
-					v-if="type === 'moderator_message' || type === 'status_change'"
-					class="moderation-color"
-				/>
-				<UserPlusIcon v-else-if="type === 'team_invite' && project" class="creator-color" />
-				<UserPlusIcon
-					v-else-if="type === 'organization_invite' && organization"
-					class="creator-color"
-				/>
-				<VersionIcon v-else-if="type === 'project_update' && project && version" />
-				<BellIcon v-else />
-			</template>
-		</DoubleIcon>
-		<div class="notification__title">
+					<nuxt-link
+						v-if="invitedBy"
+						:to="`/user/${invitedBy.username}`"
+						class="inline-flex items-center font-bold text-[var(--color-heading)] hover:underline"
+					>
+						<Avatar
+							:src="invitedBy.avatar_url"
+							circle
+							size="xxs"
+							no-shadow
+							:raised="raised"
+							class="mr-1.5 inline-flex"
+						/>
+						<span>{{ invitedBy.username }}</span>
+					</nuxt-link>
+					<span v-if="invitedBy">has invited you to join</span>
+					<span v-else>You have been invited to join</span>
+					<span class="font-bold text-[var(--color-heading)]">
+						{{ notification.body.server_name }}
+					</span>
+					<span>.</span>
+				</div>
+				<div
+					v-if="!notification.read"
+					class="flex flex-wrap items-center gap-3"
+					:class="{ 'gap-2': compact }"
+				>
+					<ButtonStyled :circular="compact" color="brand" :type="compact ? 'transparent' : null">
+						<button
+							v-tooltip="compact ? 'Accept' : null"
+							@click="performActionByTitle(notification, 'Accept')"
+						>
+							<CheckIcon />
+							<span v-if="!compact">Accept</span>
+						</button>
+					</ButtonStyled>
+					<ButtonStyled :circular="compact" color="red" :type="compact ? 'transparent' : null">
+						<button
+							v-tooltip="compact ? 'Decline' : null"
+							@click="performActionByTitle(notification, 'Deny')"
+						>
+							<XIcon />
+							<span v-if="!compact">Decline</span>
+						</button>
+					</ButtonStyled>
+				</div>
+				<div
+					class="mt-1 flex flex-wrap items-center gap-x-3 gap-y-1 text-[var(--color-text-secondary)]"
+				>
+					<span v-if="notification.read" class="inline-flex items-center font-bold text-[var(--color-text)]">
+						<CheckCircleIcon /> Read
+					</span>
+					<span v-tooltip="formatDateTime(notification.created)" class="inline-flex items-center">
+						<CalendarIcon class="mr-1" /> Received
+						{{ formatRelativeTime(notification.created) }}
+					</span>
+					<CopyCode v-if="flags.developerMode" :text="notification.id" />
+				</div>
+			</div>
+		</template>
+		<template v-else>
+			<nuxt-link
+				v-if="!type"
+				:to="notification.link"
+				class="notification__icon backed-svg"
+				:class="{ raised: raised }"
+			>
+				<BellIcon />
+			</nuxt-link>
+			<DoubleIcon v-else class="notification__icon">
+				<template #primary>
+					<nuxt-link v-if="project" :to="getProjectLink(project)" tabindex="-1">
+						<Avatar size="xs" :src="project.icon_url" :raised="raised" no-shadow />
+					</nuxt-link>
+					<nuxt-link
+						v-else-if="organization"
+						:to="`/organization/${organization.slug}`"
+						tabindex="-1"
+					>
+						<Avatar size="xs" :src="organization.icon_url" :raised="raised" no-shadow />
+					</nuxt-link>
+					<nuxt-link v-else-if="user" :to="getUserLink(user)" tabindex="-1">
+						<Avatar size="xs" :src="user.avatar_url" :raised="raised" no-shadow />
+					</nuxt-link>
+					<Avatar v-else size="xs" :raised="raised" no-shadow />
+				</template>
+				<template #secondary>
+					<ScaleIcon
+						v-if="type === 'moderator_message' || type === 'status_change'"
+						class="moderation-color"
+					/>
+					<UserPlusIcon v-else-if="type === 'team_invite' && project" class="creator-color" />
+					<UserPlusIcon
+						v-else-if="type === 'organization_invite' && organization"
+						class="creator-color"
+					/>
+					<VersionIcon v-else-if="type === 'project_update' && project && version" />
+					<BellIcon v-else />
+				</template>
+			</DoubleIcon>
+			<div class="notification__title">
 			<template v-if="type === 'project_update' && project && version">
 				A project you follow,
 				<nuxt-link :to="getProjectLink(project)" class="title-link">{{ project.title }}</nuxt-link>
@@ -295,6 +366,7 @@
 				<CopyCode v-if="flags.developerMode" :text="notification.id" />
 			</div>
 		</div>
+		</template>
 	</div>
 </template>
 
@@ -328,6 +400,7 @@ import { markAsRead } from '~/helpers/platform-notifications'
 import { getProjectLink, getVersionLink } from '~/helpers/projects'
 import { acceptTeamInvite, removeSelfFromTeam } from '~/helpers/teams'
 
+import ModrinthServersIcon from '../brand/ModrinthServersIcon.vue'
 import ThreadSummary from './thread/ThreadSummary.vue'
 
 const client = injectModrinthClient()
@@ -415,9 +488,25 @@ async function performAction(notification, actionIndex) {
 		await read()
 
 		if (actionIndex !== null) {
-			await useBaseFetch(`${notification.actions[actionIndex].action_route[1]}`, {
-				method: notification.actions[actionIndex].action_route[0].toUpperCase(),
-			})
+			const [method, route] = notification.actions[actionIndex].action_route
+
+			// TODO: fix all this jank shit
+			if (route.startsWith('hosting/') || route.startsWith('/hosting/')) {
+				const archonRoute = route
+					.replace(/^\/?hosting/, '')
+					.replace('/invite/accept', '/invites/accept')
+					.replace('/invite/deny', '/invites/decline')
+
+				await client.request(archonRoute, {
+					api: 'archon',
+					version: 1,
+					method: method.toUpperCase(),
+				})
+			} else {
+				await useBaseFetch(route, {
+					method: method.toUpperCase(),
+				})
+			}
 		}
 	} catch (err) {
 		addNotification({
@@ -429,6 +518,20 @@ async function performAction(notification, actionIndex) {
 	stopLoading()
 }
 
+function performActionByTitle(notification, title) {
+	const actionIndex = notification.actions.findIndex((action) => action.title === title)
+	if (actionIndex === -1) {
+		addNotification({
+			title: 'An error occurred',
+			text: `Missing ${title.toLowerCase()} action for notification.`,
+			type: 'error',
+		})
+		return
+	}
+
+	return performAction(notification, actionIndex)
+}
+
 function getMessages() {
 	const messages = []
 	if (props.notification.body.message_id) {
diff --git a/apps/frontend/src/components/ui/admin/AssignNoticeModal.vue b/apps/frontend/src/components/ui/admin/AssignNoticeModal.vue
index 4a303112a0..a52bb5c01e 100644
--- a/apps/frontend/src/components/ui/admin/AssignNoticeModal.vue
+++ b/apps/frontend/src/components/ui/admin/AssignNoticeModal.vue
@@ -1,20 +1,22 @@
 <script setup lang="ts">
+import type { Archon } from '@modrinth/api-client'
 import { PlusIcon, XIcon } from '@modrinth/assets'
 import {
 	Accordion,
 	ButtonStyled,
+	injectModrinthClient,
 	injectNotificationManager,
 	NewModal,
 	ServerNotice,
 	StyledInput,
 	TagItem,
 } from '@modrinth/ui'
-import type { ServerNotice as ServerNoticeType } from '@modrinth/utils'
 import { ref } from 'vue'
 
-import { useServersFetch } from '~/composables/servers/servers-fetch.ts'
-
 const { addNotification } = injectNotificationManager()
+const client = injectModrinthClient()
+
+type ServerNoticeType = Archon.Notices.v0.ListedNotice
 
 const modal = ref<InstanceType<typeof NewModal>>()
 
@@ -32,28 +34,23 @@ const assignedNodes = computed(() => assigned.value.filter((n) => n.kind === 'no
 const inputField = ref('')
 
 async function refresh() {
-	await useServersFetch('notices').then((res) => {
-		const notices = res as ServerNoticeType[]
-		assigned.value = notices.find((n) => n.id === notice.value?.id)?.assigned ?? []
-	})
+	const notices = await client.archon.notices_v0.list()
+	assigned.value = notices.find((n) => n.id === notice.value?.id)?.assigned ?? []
 }
 
 async function assign(server: boolean = true) {
 	const input = inputField.value.trim()
 
 	if (input !== '' && notice.value) {
-		await useServersFetch(
-			`notices/${notice.value.id}/assign?${server ? 'server' : 'node'}=${input}`,
-			{
-				method: 'PUT',
-			},
-		).catch((err) => {
-			addNotification({
-				title: 'Error assigning notice',
-				text: err,
-				type: 'error',
+		await client.archon.notices_v0
+			.assign(notice.value.id, server ? { server: input } : { node: input })
+			.catch((err) => {
+				addNotification({
+					title: 'Error assigning notice',
+					text: err,
+					type: 'error',
+				})
 			})
-		})
 	} else {
 		addNotification({
 			title: 'Error assigning notice',
@@ -84,18 +81,15 @@ async function unassignDetect() {
 
 async function unassign(id: string, server: boolean = true) {
 	if (notice.value) {
-		await useServersFetch(
-			`notices/${notice.value.id}/unassign?${server ? 'server' : 'node'}=${id}`,
-			{
-				method: 'PUT',
-			},
-		).catch((err) => {
-			addNotification({
-				title: 'Error unassigning notice',
-				text: err,
-				type: 'error',
+		await client.archon.notices_v0
+			.unassign(notice.value.id, server ? { server: id } : { node: id })
+			.catch((err) => {
+				addNotification({
+					title: 'Error unassigning notice',
+					text: err,
+					type: 'error',
+				})
 			})
-		})
 	}
 	await refresh()
 }
@@ -125,7 +119,7 @@ defineExpose({ show, hide })
 				:level="notice.level"
 				:message="notice.message"
 				:dismissable="notice.dismissable"
-				:title="notice.title"
+				:title="notice.title ?? undefined"
 				preview
 			/>
 			<div class="flex flex-col gap-2">
diff --git a/apps/frontend/src/components/ui/admin/BatchCreditModal.vue b/apps/frontend/src/components/ui/admin/BatchCreditModal.vue
index 8d48651ebf..587402cf1d 100644
--- a/apps/frontend/src/components/ui/admin/BatchCreditModal.vue
+++ b/apps/frontend/src/components/ui/admin/BatchCreditModal.vue
@@ -133,6 +133,7 @@ import { CheckIcon, PlusIcon, XIcon } from '@modrinth/assets'
 import {
 	ButtonStyled,
 	Combobox,
+	injectModrinthClient,
 	injectNotificationManager,
 	NewModal,
 	StyledInput,
@@ -143,9 +144,9 @@ import { DEFAULT_CREDIT_EMAIL_MESSAGE } from '@modrinth/utils/utils.ts'
 import { computed, ref } from 'vue'
 
 import { useBaseFetch } from '#imports'
-import { useServersFetch } from '~/composables/servers/servers-fetch.ts'
 
 const { addNotification } = injectNotificationManager()
+const client = injectModrinthClient()
 
 const modal = ref<InstanceType<typeof NewModal>>()
 
@@ -205,12 +206,12 @@ const applyDisabled = computed(() => {
 async function ensureOverview() {
 	if (regions.value.length || nodeHostnames.value.length) return
 	try {
-		const data = await useServersFetch<any>('/nodes/overview', { version: 'internal' })
-		regions.value = (data.regions || []).map((r: any) => ({
+		const data = await client.archon.nodes_internal.overview()
+		regions.value = data.regions.map((r) => ({
 			value: r.key,
 			label: `${r.display_name} (${r.key})`,
 		}))
-		nodeHostnames.value = data.node_hostnames || []
+		nodeHostnames.value = data.node_hostnames
 		if (!selectedRegion.value && regions.value.length) selectedRegion.value = regions.value[0].value
 	} catch (err) {
 		addNotification({ title: 'Failed to load nodes overview', text: String(err), type: 'error' })
diff --git a/apps/frontend/src/components/ui/admin/TransferModal.vue b/apps/frontend/src/components/ui/admin/TransferModal.vue
index bf5e1e2307..bd0d5ce399 100644
--- a/apps/frontend/src/components/ui/admin/TransferModal.vue
+++ b/apps/frontend/src/components/ui/admin/TransferModal.vue
@@ -198,6 +198,7 @@ import {
 	ButtonStyled,
 	Chips,
 	Combobox,
+	injectModrinthClient,
 	injectNotificationManager,
 	NewModal,
 	StyledInput,
@@ -207,13 +208,12 @@ import {
 import dayjs from 'dayjs'
 import { computed, ref } from 'vue'
 
-import { useServersFetch } from '~/composables/servers/servers-fetch.ts'
-
 const emit = defineEmits<{
 	success: []
 }>()
 
 const { addNotification } = injectNotificationManager()
+const client = injectModrinthClient()
 
 const modal = ref<InstanceType<typeof NewModal>>()
 
@@ -341,12 +341,12 @@ const submitDisabled = computed(() => {
 async function ensureOverview() {
 	if (regions.value.length || nodeHostnames.value.length) return
 	try {
-		const data = await useServersFetch<any>('/nodes/overview', { version: 'internal' })
-		regions.value = (data.regions || []).map((r: any) => ({
+		const data = await client.archon.nodes_internal.overview()
+		regions.value = data.regions.map((r) => ({
 			value: r.key,
 			label: `${r.display_name} (${r.key})`,
 		}))
-		nodeHostnames.value = data.node_hostnames || []
+		nodeHostnames.value = data.node_hostnames
 		if (!selectedRegion.value && regions.value.length) {
 			selectedRegion.value = regions.value[0].value
 		}
@@ -364,30 +364,22 @@ async function submit() {
 			scheduleOption.value === 'now' ? undefined : dayjs(scheduledDate.value).toISOString()
 
 		if (mode.value === 'servers') {
-			await useServersFetch('/transfers/schedule/servers', {
-				version: 'internal',
-				method: 'POST',
-				body: {
-					server_ids: parsedServerIds.value,
-					scheduled_at: scheduledAt,
-					target_region: selectedRegion.value || undefined,
-					node_tags: selectedTags.value.length > 0 ? selectedTags.value : undefined,
-					reason: reason.value.trim(),
-				},
+			await client.archon.transfers_internal.scheduleServers({
+				server_ids: parsedServerIds.value,
+				scheduled_at: scheduledAt,
+				target_region: selectedRegion.value || undefined,
+				node_tags: selectedTags.value.length > 0 ? selectedTags.value : undefined,
+				reason: reason.value.trim(),
 			})
 		} else {
-			await useServersFetch('/transfers/schedule/nodes', {
-				version: 'internal',
-				method: 'POST',
-				body: {
-					node_hostnames: selectedNodes.value.slice(),
-					scheduled_at: scheduledAt,
-					target_region: selectedRegion.value || undefined,
-					node_tags: selectedTags.value.length > 0 ? selectedTags.value : undefined,
-					reason: reason.value.trim(),
-					cordon_nodes: cordonNodes.value,
-					tag_nodes: tagNodes.value.trim() || undefined,
-				},
+			await client.archon.transfers_internal.scheduleNodes({
+				node_hostnames: selectedNodes.value.slice(),
+				scheduled_at: scheduledAt,
+				target_region: selectedRegion.value || undefined,
+				node_tags: selectedTags.value.length > 0 ? selectedTags.value : undefined,
+				reason: reason.value.trim(),
+				cordon_nodes: cordonNodes.value,
+				tag_nodes: tagNodes.value.trim() || undefined,
 			})
 		}
 
diff --git a/apps/frontend/src/components/ui/dashboard/RevenueTransaction.vue b/apps/frontend/src/components/ui/dashboard/RevenueTransaction.vue
index b8258cfbed..5370e1afd4 100644
--- a/apps/frontend/src/components/ui/dashboard/RevenueTransaction.vue
+++ b/apps/frontend/src/components/ui/dashboard/RevenueTransaction.vue
@@ -48,7 +48,12 @@
 					>{{ isIncome ? '' : '-' }}{{ formatMoney(transaction.amount) }}</span
 				>
 				<template v-if="transaction.type === 'withdrawal' && transaction.status === 'in-transit'">
-					<Tooltip theme="dismissable-prompt" :triggers="['hover', 'focus']" no-auto-focus>
+					<Tooltip
+						theme="dismissable-prompt"
+						class="inline-flex shrink-0"
+						:triggers="['hover', 'focus']"
+						no-auto-focus
+					>
 						<span class="my-auto align-middle"
 							><ButtonStyled circular type="outlined" size="small">
 								<button class="align-middle" @click="cancelPayout">
diff --git a/apps/frontend/src/components/ui/moderation/ModerationProjectNags.vue b/apps/frontend/src/components/ui/moderation/ModerationProjectNags.vue
index 44a50f083d..33a7dbf92e 100644
--- a/apps/frontend/src/components/ui/moderation/ModerationProjectNags.vue
+++ b/apps/frontend/src/components/ui/moderation/ModerationProjectNags.vue
@@ -24,7 +24,7 @@
 			</div>
 			<div class="input-group">
 				<ButtonStyled circular>
-					<button :class="!collapsed && '[&>svg]:rotate-180'" @click="$emit('toggleCollapsed')">
+					<button :class="{ '[&>svg]:rotate-180': !collapsed }" @click="$emit('toggleCollapsed')">
 						<DropdownIcon class="duration-250 transition-transform ease-in-out" />
 					</button>
 				</ButtonStyled>
diff --git a/apps/frontend/src/components/ui/thread/ThreadView.vue b/apps/frontend/src/components/ui/thread/ThreadView.vue
index a753014aac..0e487bc68d 100644
--- a/apps/frontend/src/components/ui/thread/ThreadView.vue
+++ b/apps/frontend/src/components/ui/thread/ThreadView.vue
@@ -59,7 +59,7 @@
 					</ButtonStyled>
 					<ButtonStyled v-if="visibleQuickReplies.length > 0">
 						<OverflowMenu :options="visibleQuickReplies">
-							Quick Reply
+							Quick reply
 							<ChevronDownIcon />
 						</OverflowMenu>
 					</ButtonStyled>
diff --git a/apps/frontend/src/composables/affiliates.ts b/apps/frontend/src/composables/affiliates.ts
index 3e23c3b3e8..f386ef291a 100644
--- a/apps/frontend/src/composables/affiliates.ts
+++ b/apps/frontend/src/composables/affiliates.ts
@@ -1,8 +1,9 @@
 export const useAffiliates = () => {
+	const config = useRuntimeConfig()
 	const affiliateCookie = useCookie('mrs_afl', {
 		maxAge: 60 * 60 * 24 * 7, // 7 days
 		sameSite: 'lax',
-		secure: true,
+		secure: config.public.cookieSecure,
 		httpOnly: false,
 		path: '/',
 	})
diff --git a/apps/frontend/src/composables/auth.js b/apps/frontend/src/composables/auth.js
index 344806afa8..aea80a1faa 100644
--- a/apps/frontend/src/composables/auth.js
+++ b/apps/frontend/src/composables/auth.js
@@ -30,10 +30,11 @@ export const initAuth = async (oldToken = null) => {
 	}
 
 	const route = useRoute()
+	const config = useRuntimeConfig()
 	const authCookie = useCookie('auth-token', {
 		maxAge: 60 * 60 * 24 * 365 * 10,
 		sameSite: 'lax',
-		secure: true,
+		secure: config.public.cookieSecure,
 		httpOnly: false,
 		path: '/',
 	})
diff --git a/apps/frontend/src/composables/featureFlags.ts b/apps/frontend/src/composables/featureFlags.ts
index 1becc8b856..8e2f18e239 100644
--- a/apps/frontend/src/composables/featureFlags.ts
+++ b/apps/frontend/src/composables/featureFlags.ts
@@ -48,12 +48,13 @@ export const DEFAULT_FEATURE_FLAGS = validateValues({
 	useV1ContentTabAPI: true,
 	labrinthApiCanary: false,
 	dismissedExternalProjectsInfo: false,
-	modpackPermissionsPage: false,
 	showAllBanners: false,
 	alwaysIgnoreErrorBanner: false,
 	showViewProdRouteBanner: false,
 	showModeratorProjectMemberUi: false,
 	showModeratorPrivateMessageHighlight: true,
+	archonApiStaging: false,
+	showHostingAccessInstanceAuditLog: false,
 } as const)
 
 export type FeatureFlag = keyof typeof DEFAULT_FEATURE_FLAGS
@@ -64,19 +65,20 @@ export type AllFeatureFlags = {
 
 export type PartialFeatureFlags = Partial<AllFeatureFlags>
 
-const COOKIE_OPTIONS = {
-	maxAge: 60 * 60 * 24 * 365 * 10,
-	sameSite: 'lax',
-	secure: true,
-	httpOnly: false,
-	path: '/',
-} satisfies CookieOptions<PartialFeatureFlags>
+const getCookieOptions = () =>
+	({
+		maxAge: 60 * 60 * 24 * 365 * 10,
+		sameSite: 'lax',
+		secure: useRuntimeConfig().public.cookieSecure,
+		httpOnly: false,
+		path: '/',
+	}) satisfies CookieOptions<PartialFeatureFlags>
 
 export const useFeatureFlags = () =>
 	useState<AllFeatureFlags>('featureFlags', () => {
 		const config = useRuntimeConfig()
 
-		const savedFlags = useCookie<PartialFeatureFlags>('featureFlags', COOKIE_OPTIONS)
+		const savedFlags = useCookie<PartialFeatureFlags>('featureFlags', getCookieOptions())
 
 		if (!savedFlags.value) {
 			savedFlags.value = {}
@@ -106,6 +108,6 @@ export const useFeatureFlags = () =>
 
 export const saveFeatureFlags = () => {
 	const flags = useFeatureFlags()
-	const cookie = useCookie<PartialFeatureFlags>('featureFlags', COOKIE_OPTIONS)
+	const cookie = useCookie<PartialFeatureFlags>('featureFlags', getCookieOptions())
 	cookie.value = flags.value
 }
diff --git a/apps/frontend/src/composables/servers/servers-fetch.ts b/apps/frontend/src/composables/servers/servers-fetch.ts
deleted file mode 100644
index 44884b5e06..0000000000
--- a/apps/frontend/src/composables/servers/servers-fetch.ts
+++ /dev/null
@@ -1,264 +0,0 @@
-/**
- * @deprecated Use `@modrinth/api-client` via `injectModrinthClient()` instead.
- * The api-client's archon modules (`client.archon.servers_v0`, etc.) handle auth,
- * retry, and circuit breaking automatically. This composable is kept for legacy
- * code that hasn't been migrated yet.
- */
-
-import { PANEL_VERSION } from '@modrinth/api-client'
-import type { V1ErrorInfo } from '@modrinth/utils'
-import { ModrinthServerError, ModrinthServersFetchError } from '@modrinth/utils'
-import { $fetch, FetchError } from 'ofetch'
-
-export interface ServersFetchOptions {
-	method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'
-	contentType?: string
-	body?: Record<string, any>
-	version?: number | 'internal'
-	override?: {
-		url?: string
-		token?: string
-	}
-	retry?: number | boolean
-	bypassAuth?: boolean
-}
-
-export async function useServersFetch<T>(
-	path: string,
-	options: ServersFetchOptions = {},
-	module?: string,
-	errorContext?: string,
-): Promise<T> {
-	const config = useRuntimeConfig()
-	const auth = await useAuth()
-	const authToken = auth.value?.token
-
-	if (!authToken && !options.bypassAuth) {
-		const error = new ModrinthServersFetchError(
-			'[Modrinth Hosting] Cannot fetch without auth',
-			10000,
-		)
-		throw new ModrinthServerError('Missing auth token', 401, error, module, undefined, undefined)
-	}
-
-	const {
-		method = 'GET',
-		contentType = 'application/json',
-		body,
-		version = 0,
-		override,
-		retry = method === 'GET' ? 3 : 0,
-	} = options
-
-	const circuitBreakerKey = `${module || 'default'}_${path}`
-	const failureCount = useState<number>(`fetch_failures_${circuitBreakerKey}`, () => 0)
-	const lastFailureTime = useState<number>(`last_failure_${circuitBreakerKey}`, () => 0)
-
-	const now = Date.now()
-	if (failureCount.value >= 3 && now - lastFailureTime.value < 30000) {
-		const error = new ModrinthServersFetchError(
-			'[Modrinth Hosting] Circuit breaker open - too many recent failures',
-			503,
-		)
-		throw new ModrinthServerError(
-			'Service temporarily unavailable',
-			503,
-			error,
-			module,
-			undefined,
-			undefined,
-		)
-	}
-
-	if (now - lastFailureTime.value > 30000) {
-		failureCount.value = 0
-	}
-
-	const base = (import.meta.server ? config.pyroBaseUrl : config.public.pyroBaseUrl)?.replace(
-		/\/$/,
-		'',
-	)
-
-	if (!base) {
-		const error = new ModrinthServersFetchError(
-			'[Modrinth Hosting] Cannot fetch without base url. Make sure to set a PYRO_BASE_URL in environment variables',
-			10001,
-		)
-		throw new ModrinthServerError(
-			'Configuration error: Missing PYRO_BASE_URL',
-			500,
-			error,
-			module,
-			undefined,
-			undefined,
-		)
-	}
-
-	const versionString = `v${version}`
-	let newOverrideUrl = override?.url
-	if (newOverrideUrl && newOverrideUrl.includes('v0') && version !== 0) {
-		newOverrideUrl = newOverrideUrl.replace('v0', versionString)
-	}
-
-	const fullUrl = newOverrideUrl
-		? `https://${newOverrideUrl}/${path.replace(/^\//, '')}`
-		: version === 0
-			? `${base}/modrinth/v${version}/${path.replace(/^\//, '')}`
-			: version === 'internal'
-				? `${base}/_internal/${path.replace(/^\//, '')}`
-				: `${base}/v${version}/${path.replace(/^\//, '')}`
-
-	const headers: Record<string, string> = {
-		'User-Agent': 'Modrinth/1.0 (https://modrinth.com)',
-		'X-Archon-Request': 'true',
-		'X-Panel-Version': String(PANEL_VERSION),
-		Vary: 'Accept, Origin',
-	}
-
-	if (!options.bypassAuth) {
-		headers.Authorization = `Bearer ${override?.token ?? authToken}`
-		headers['Access-Control-Allow-Headers'] = 'Authorization'
-	}
-
-	if (contentType !== 'none') {
-		headers['Content-Type'] = contentType
-	}
-
-	if (import.meta.client && typeof window !== 'undefined') {
-		headers.Origin = window.location.origin
-	}
-
-	let attempts = 0
-	const maxAttempts = (typeof retry === 'boolean' ? (retry ? 3 : 1) : retry) + 1
-	let lastError: Error | null = null
-
-	while (attempts < maxAttempts) {
-		try {
-			const response = await $fetch<T>(fullUrl, {
-				method,
-				headers,
-				body:
-					body && contentType === 'application/json' ? JSON.stringify(body) : (body ?? undefined),
-				timeout: 10000,
-			})
-
-			failureCount.value = 0
-			return response
-		} catch (error) {
-			lastError = error as Error
-			attempts++
-
-			if (error instanceof FetchError) {
-				const statusCode = error.response?.status
-				const statusText = error.response?.statusText || 'Unknown error'
-
-				if (statusCode && statusCode >= 500) {
-					failureCount.value++
-					lastFailureTime.value = now
-				}
-
-				let v1Error: V1ErrorInfo | undefined
-				if (error.data?.error && error.data?.description) {
-					v1Error = {
-						context: errorContext,
-						...error.data,
-					}
-				}
-
-				const errorMessages: { [key: number]: string } = {
-					400: 'Bad Request',
-					401: 'Unauthorized',
-					403: 'Forbidden',
-					404: 'Not Found',
-					405: 'Method Not Allowed',
-					408: 'Request Timeout',
-					429: "You're making requests too quickly. Please wait a moment and try again.",
-					500: 'Internal Server Error',
-					502: 'Bad Gateway',
-					503: 'Service Unavailable',
-					504: 'Gateway Timeout',
-				}
-
-				const message =
-					statusCode && statusCode in errorMessages
-						? errorMessages[statusCode]
-						: `HTTP Error: ${statusCode || 'unknown'} ${statusText}`
-
-				const isRetryable = statusCode ? [408, 429].includes(statusCode) : false
-				const is5xxRetryable =
-					statusCode && statusCode >= 500 && statusCode < 600 && method === 'GET' && attempts === 1
-
-				if (!(isRetryable || is5xxRetryable) || attempts >= maxAttempts) {
-					console.error('Fetch error:', error)
-
-					const fetchError = new ModrinthServersFetchError(
-						`[Modrinth Hosting] ${error.message}`,
-						statusCode,
-						error,
-					)
-					throw new ModrinthServerError(
-						`[Modrinth Hosting] ${message}`,
-						statusCode,
-						fetchError,
-						module,
-						v1Error,
-						error.data,
-					)
-				}
-
-				const baseDelay = statusCode && statusCode >= 500 ? 5000 : 1000
-				const delay = Math.min(baseDelay * Math.pow(2, attempts - 1) + Math.random() * 1000, 15000)
-				console.warn(`Retrying request in ${delay}ms (attempt ${attempts}/${maxAttempts - 1})`)
-				await new Promise((resolve) => setTimeout(resolve, delay))
-				continue
-			}
-
-			console.error('Unexpected fetch error:', error)
-			const fetchError = new ModrinthServersFetchError(
-				'[Modrinth Hosting] An unexpected error occurred during the fetch operation.',
-				undefined,
-				error as Error,
-			)
-			throw new ModrinthServerError(
-				'Unexpected error during fetch operation',
-				undefined,
-				fetchError,
-				module,
-				undefined,
-				undefined,
-			)
-		}
-	}
-
-	console.error('All retry attempts failed:', lastError)
-	if (lastError instanceof FetchError) {
-		const statusCode = lastError.response?.status
-		const pyroError = new ModrinthServersFetchError(
-			'Maximum retry attempts reached',
-			statusCode,
-			lastError,
-		)
-		throw new ModrinthServerError(
-			'Maximum retry attempts reached',
-			statusCode,
-			pyroError,
-			module,
-			undefined,
-			lastError.data,
-		)
-	}
-
-	const fetchError = new ModrinthServersFetchError(
-		'Maximum retry attempts reached',
-		undefined,
-		lastError || undefined,
-	)
-	throw new ModrinthServerError(
-		'Maximum retry attempts reached',
-		undefined,
-		fetchError,
-		module,
-		undefined,
-		undefined,
-	)
-}
diff --git a/apps/frontend/src/composables/useCdnDownloadContext.ts b/apps/frontend/src/composables/useCdnDownloadContext.ts
index b9897a347d..6691843def 100644
--- a/apps/frontend/src/composables/useCdnDownloadContext.ts
+++ b/apps/frontend/src/composables/useCdnDownloadContext.ts
@@ -17,7 +17,6 @@ export type FilterSelection = {
 const cookieDefaults = {
 	maxAge: TEN_MINUTES,
 	sameSite: 'lax' as const,
-	secure: true,
 	path: '/',
 	httpOnly: false,
 }
@@ -52,13 +51,19 @@ function newFilterSelection(
 }
 
 export function useCdnDownloadContext() {
-	const filterGameVersionCookie = useCookie<string | null>('mr_download_filter_game_version', {
+	const config = useRuntimeConfig()
+	const cookieOptions = {
 		...cookieDefaults,
+		secure: config.public.cookieSecure,
+	}
+
+	const filterGameVersionCookie = useCookie<string | null>('mr_download_filter_game_version', {
+		...cookieOptions,
 		default: () => null,
 	})
 
 	const filterLoaderCookie = useCookie<string | null>('mr_download_filter_loader', {
-		...cookieDefaults,
+		...cookieOptions,
 		default: () => null,
 	})
 
diff --git a/apps/frontend/src/helpers/api.ts b/apps/frontend/src/helpers/api.ts
index 1434fe144f..5dd1ed0a8f 100644
--- a/apps/frontend/src/helpers/api.ts
+++ b/apps/frontend/src/helpers/api.ts
@@ -14,6 +14,7 @@ import {
 import type { Ref } from 'vue'
 
 import { useFeatureFlags } from '~/composables/featureFlags.ts'
+import { withStagingArchonBaseUrl } from '~/helpers/archon.ts'
 
 async function getRateLimitKeyFromSecretsStore(): Promise<string | undefined> {
 	try {
@@ -37,7 +38,8 @@ export function createModrinthClient(
 
 	const clientConfig: NuxtClientConfig = {
 		labrinthBaseUrl: config.apiBaseUrl,
-		archonBaseUrl: config.archonBaseUrl,
+		archonBaseUrl: () =>
+			withStagingArchonBaseUrl(config.archonBaseUrl, flags.value.archonApiStaging),
 		archonSentryCapture: () => flags.value.archonSentryCapture,
 		rateLimitKey: config.rateLimitKey || getRateLimitKeyFromSecretsStore,
 		features: [
diff --git a/apps/frontend/src/helpers/archon.ts b/apps/frontend/src/helpers/archon.ts
new file mode 100644
index 0000000000..4121f0dad9
--- /dev/null
+++ b/apps/frontend/src/helpers/archon.ts
@@ -0,0 +1,12 @@
+export const STAGING_ARCHON_BASE_URL = 'https://staging-archon.modrinth.com/'
+
+export function withStagingArchonBaseUrl(
+	baseUrl: string,
+	useStaging = useFeatureFlags().value.archonApiStaging,
+) {
+	if (!useStaging) {
+		return baseUrl
+	}
+
+	return STAGING_ARCHON_BASE_URL
+}
diff --git a/apps/frontend/src/locales/en-US/index.json b/apps/frontend/src/locales/en-US/index.json
index 120a9a1ae0..0ec84ff20b 100644
--- a/apps/frontend/src/locales/en-US/index.json
+++ b/apps/frontend/src/locales/en-US/index.json
@@ -3263,9 +3263,6 @@
   "project.moderation.thread.help-center-note.2": {
     "message": "If you need assistance or have additional inquiries, please visit the <help-center-link>Modrinth Help Center</help-center-link> and click the blue bubble to contact support."
   },
-  "project.moderation.thread.moderator-see-user-ui-toggle": {
-    "message": "Show member UI"
-  },
   "project.moderation.thread.private-description": {
     "message": "This is a private conversation thread with the Modrinth moderators. They may message you with issues concerning this project."
   },
@@ -3336,43 +3333,64 @@
     "message": "URL"
   },
   "project.settings.permissions.attention-needed.description.proj-approved": {
-    "message": "Please provide proof that you have permission to redistribute all of the following files and any withheld versions will be automatically published."
+    "message": "Please provide proof that you have permission to redistribute all of the following files. Once completed, withheld versions will be automatically published."
   },
   "project.settings.permissions.attention-needed.description.proj-draft": {
-    "message": "Please provide proof that you have permission to redistribute all of the following files before you can submit your project for review."
+    "message": "Please provide proof that you have permission to redistribute all of the following files before submitting your project for review."
   },
   "project.settings.permissions.attention-needed.title": {
-    "message": "Unknown embedded content"
+    "message": "Unknown external content"
+  },
+  "project.settings.permissions.collapse-all": {
+    "message": "Collapse all"
   },
   "project.settings.permissions.completed.description": {
-    "message": "All external content has attributions provided."
+    "message": "All external content has permission information and attributions have been provided."
   },
   "project.settings.permissions.completed.title": {
-    "message": "Attributions completed!"
+    "message": "Permissions completed!"
   },
   "project.settings.permissions.empty-state.description": {
-    "message": "None of your versions contain external content, so you don't need to worry about obtaining permissions."
+    "message": "None of your project's versions contain external content, so you don't need to worry about obtaining permissions."
   },
   "project.settings.permissions.empty-state.heading": {
     "message": "You're all set!"
   },
+  "project.settings.permissions.expand-all": {
+    "message": "Expand all"
+  },
   "project.settings.permissions.fail.description": {
-    "message": "You don't have permission to redistribute some of the external content you've added. In order to publish on Modrinth, remove the infringing content."
+    "message": "You may not have permission to redistribute some of the external content in your project. In order to publish on Modrinth, please remove this content or provide proof that you do have permission to use it."
   },
   "project.settings.permissions.fail.title": {
     "message": "Some content can't be included"
   },
   "project.settings.permissions.info-banner.description": {
-    "message": "If you include content that isn’t hosted on Modrinth, you need to let us know where it’s from and verify that you have permission to distribute the files. Check out <link>our guide</link> to learn about how to do this properly!"
+    "message": "If you include content that isn’t hosted on Modrinth, you need to let us know where it’s from and verify that you have permission to distribute the files. Check out <link>our guide</link> to learn more and get started!"
   },
   "project.settings.permissions.info-banner.title": {
-    "message": "Learn how attributions work"
+    "message": "Learn about distribution permissions"
   },
   "project.settings.permissions.learn-more": {
     "message": "Learn more"
   },
+  "project.settings.permissions.no-results": {
+    "message": "No external files match your search."
+  },
   "project.settings.permissions.search-placeholder": {
-    "message": "Search {count} {count, plural, one {external project} other {external projects}}..."
+    "message": "Search {count} {count, plural, one {project} other {projects}}..."
+  },
+  "project.settings.permissions.sort.most-files": {
+    "message": "Most files"
+  },
+  "project.settings.permissions.sort.recently-edited": {
+    "message": "Recently edited"
+  },
+  "project.settings.permissions.sort.rejected": {
+    "message": "Rejected"
+  },
+  "project.settings.permissions.sort.status": {
+    "message": "Status"
   },
   "project.settings.title": {
     "message": "Settings"
diff --git a/apps/frontend/src/pages/[type]/[project]/moderation.vue b/apps/frontend/src/pages/[type]/[project]/moderation.vue
index 21d8d4d1d2..23fae21ffb 100644
--- a/apps/frontend/src/pages/[type]/[project]/moderation.vue
+++ b/apps/frontend/src/pages/[type]/[project]/moderation.vue
@@ -72,11 +72,9 @@
 					<h2 id="messages" class="m-0 text-xl font-semibold text-contrast">
 						{{ formatMessage(messages.threadSectionTitle) }}
 					</h2>
-					<div v-if="currentMember?.staffOnly" class="flex items-center gap-2">
+					<div v-if="isStaff(currentMember?.user)" class="flex items-center gap-2">
 						<Toggle id="moderator-see-user-ui-toggle" v-model="moderatorSeeUserUi" small />
-						<label for="moderator-see-user-ui-toggle">
-							{{ formatMessage(messages.moderatorSeeUserUiToggle) }}
-						</label>
+						<label for="moderator-see-user-ui-toggle"> Show member UI </label>
 					</div>
 				</div>
 				<template v-if="userFacingUiVisible">
@@ -151,8 +149,9 @@ import {
 	Toggle,
 	useVIntl,
 } from '@modrinth/ui'
+import { isStaff } from '@modrinth/utils'
 import { useQuery, useQueryClient } from '@tanstack/vue-query'
-import { computed, type Ref, watch } from 'vue'
+import { computed, watch } from 'vue'
 
 import ConversationThread from '~/components/ui/thread/ConversationThread.vue'
 import { getProjectLink, isApproved, isRejected, isUnderReview } from '~/helpers/projects.js'
@@ -160,7 +159,6 @@ import { getProjectLink, isApproved, isRejected, isUnderReview } from '~/helpers
 const { formatMessage } = useVIntl()
 const flags = useFeatureFlags()
 
-type ProjectPageMember = Labrinth.Projects.v3.TeamMember & { staffOnly?: boolean }
 type ModerationAdmonitionSection =
 	| {
 			type: 'paragraph'
@@ -181,10 +179,6 @@ const messages = defineMessages({
 		id: 'project.moderation.thread.title',
 		defaultMessage: 'Moderation messages',
 	},
-	moderatorSeeUserUiToggle: {
-		id: 'project.moderation.thread.moderator-see-user-ui-toggle',
-		defaultMessage: 'Show member UI',
-	},
 	threadPrivateDescription: {
 		id: 'project.moderation.thread.private-description',
 		defaultMessage:
@@ -213,18 +207,10 @@ const messages = defineMessages({
 })
 
 const { addNotification } = injectNotificationManager()
-const {
-	projectV2: project,
-	currentMember: currentMemberRaw,
-	invalidate,
-	allMembers,
-} = injectProjectPageContext()
-const currentMember = currentMemberRaw as Ref<ProjectPageMember | null>
+const { projectV2: project, currentMember, invalidate, allMembers } = injectProjectPageContext()
 
 const canAccess = computed(() => !!currentMember.value)
-const userFacingUiVisible = computed(
-	() => !!currentMember.value && (!currentMember.value.staffOnly || moderatorSeeUserUi.value),
-)
+const userFacingUiVisible = computed(() => !!currentMember.value && moderatorSeeUserUi.value)
 
 const approvedAdmonitionMessage = computed<MessageDescriptor | null>(() => {
 	switch (project.value?.status) {
diff --git a/apps/frontend/src/pages/[type]/[project]/settings.vue b/apps/frontend/src/pages/[type]/[project]/settings.vue
index 45ea37ca34..96b7886fd9 100644
--- a/apps/frontend/src/pages/[type]/[project]/settings.vue
+++ b/apps/frontend/src/pages/[type]/[project]/settings.vue
@@ -17,6 +17,7 @@ import {
 	commonMessages,
 	commonProjectSettingsMessages,
 	injectProjectPageContext,
+	Toggle,
 	useVIntl,
 } from '@modrinth/ui'
 import { isStaff } from '@modrinth/utils'
@@ -47,10 +48,8 @@ const navItems = computed(() => {
 		projectV3.value?.project_types?.some((type) => ['mod', 'modpack'].includes(type)) &&
 		isStaff(currentMember.value?.user)
 
-	const hasPermissionsPage = computed(
-		() =>
-			flags.value.modpackPermissionsPage &&
-			projectV3.value?.project_types?.some((type) => ['modpack'].includes(type)),
+	const hasPermissionsPage = computed(() =>
+		projectV3.value?.project_types?.some((type) => ['modpack'].includes(type)),
 	)
 
 	const items = [
@@ -82,16 +81,16 @@ const navItems = computed(() => {
 			label: formatMessage(commonProjectSettingsMessages.description),
 			icon: AlignLeftIcon,
 		},
-		hasPermissionsPage.value && {
-			link: `/${base}/settings/permissions`,
-			label: formatMessage(commonProjectSettingsMessages.permissions),
-			icon: SignatureIcon,
-		},
 		!isServerProject.value && {
 			link: `/${base}/settings/versions`,
 			label: formatMessage(commonProjectSettingsMessages.versions),
 			icon: VersionIcon,
 		},
+		hasPermissionsPage.value && {
+			link: `/${base}/settings/permissions`,
+			label: formatMessage(commonProjectSettingsMessages.permissions),
+			icon: SignatureIcon,
+		},
 		!isServerProject.value && {
 			link: `/${base}/settings/license`,
 			label: formatMessage(commonProjectSettingsMessages.license),
@@ -144,6 +143,16 @@ watch(route, () => {
 	const scrollY = scroll.y.value
 	setTimeout(() => window.scrollTo(0, scrollY), 10)
 })
+
+const moderatorSeeUserUi = computed<boolean>({
+	get() {
+		return flags.value.showModeratorProjectMemberUi
+	},
+	set(value: boolean) {
+		flags.value.showModeratorProjectMemberUi = value
+		saveFeatureFlags()
+	},
+})
 </script>
 
 <template>
@@ -167,6 +176,10 @@ watch(route, () => {
 		<div class="grid gap-4 lg:grid-cols-[1fr_3fr]">
 			<div>
 				<NavStack :items="navItems" />
+				<div v-if="isStaff(currentMember?.user)" class="mt-4 flex items-center gap-2">
+					<Toggle id="moderator-see-user-ui-toggle" v-model="moderatorSeeUserUi" small />
+					<label for="moderator-see-user-ui-toggle"> Show member UI </label>
+				</div>
 			</div>
 			<div class="min-w-0">
 				<NuxtPage />
diff --git a/apps/frontend/src/pages/[type]/[project]/settings/permissions.vue b/apps/frontend/src/pages/[type]/[project]/settings/permissions.vue
index 2d50a45c5d..60dc51852e 100644
--- a/apps/frontend/src/pages/[type]/[project]/settings/permissions.vue
+++ b/apps/frontend/src/pages/[type]/[project]/settings/permissions.vue
@@ -1,51 +1,255 @@
 <script setup lang="ts">
-import { RightArrowIcon, SearchIcon, SortAscIcon, SortDescIcon } from '@modrinth/assets'
+import type { Labrinth } from '@modrinth/api-client'
+import {
+	ArrowDown10Icon,
+	ArrowDownWideNarrowIcon,
+	ClockArrowDownIcon,
+	FoldVerticalIcon,
+	RightArrowIcon,
+	SearchIcon,
+	UnfoldVerticalIcon,
+} from '@modrinth/assets'
 import {
 	Admonition,
 	ButtonStyled,
 	Combobox,
 	type ComboboxOption,
 	commonMessages,
+	createAttributionGroupTitle,
+	defineMessage,
 	defineMessages,
 	EmptyState,
+	ExternalProjectPermissionsCard,
+	injectModrinthClient,
+	injectProjectPageContext,
 	IntlFormatted,
 	StyledInput,
 	useVIntl,
 } from '@modrinth/ui'
-import ExternalProjectPermissionsCard from '@modrinth/ui/src/components/external_files/ExternalProjectPermissionsCard.vue'
-import { ref } from 'vue'
+import { isStaff } from '@modrinth/utils'
+import { useQuery } from '@tanstack/vue-query'
+import { computed, ref, watch } from 'vue'
 
-const { formatMessage } = useVIntl()
+const auth = await useAuth()
 const flags = useFeatureFlags()
 
-if (!flags.value.modpackPermissionsPage) {
-	throw createError({
-		fatal: true,
-		statusCode: 404,
-	})
-}
+const isModerator = computed(() => {
+	return isStaff(auth.value?.user) && !flags.value.showModeratorProjectMemberUi
+})
+
+const { formatMessage } = useVIntl()
+const { projectV2: project } = injectProjectPageContext()
+const { labrinth } = injectModrinthClient()
+
+type SortType = 'status' | 'most_files' | 'recently_edited' | 'rejected'
 
-const externalFiles = ref([{}])
 const searchQuery = ref('')
-const currentSortType = ref('Oldest')
+const currentSortType = ref<SortType>('status')
+const cardCollapsedById = ref<Record<string, boolean>>({})
+
+const {
+	data: attributionData,
+	error: attributionError,
+	isPending: pending,
+} = useQuery<Labrinth.Attribution.Internal.AttributionGroup[]>({
+	queryKey: ['project-attribution', project.value.id],
+	queryFn: () => labrinth.attribution_internal.listProjectAttribution(project.value.id),
+})
+
+const sortRejectedLabel = defineMessage({
+	id: 'project.settings.permissions.sort.rejected',
+	defaultMessage: 'Rejected',
+})
+
+const sortTypes = computed<ComboboxOption<SortType>[]>(() => {
+	const options: ComboboxOption<SortType>[] = [
+		{
+			value: 'status',
+			label: formatMessage(
+				defineMessage({
+					id: 'project.settings.permissions.sort.status',
+					defaultMessage: 'Status',
+				}),
+			),
+		},
+		{
+			value: 'most_files',
+			label: formatMessage(
+				defineMessage({
+					id: 'project.settings.permissions.sort.most-files',
+					defaultMessage: 'Most files',
+				}),
+			),
+		},
+		{
+			value: 'recently_edited',
+			label: formatMessage(
+				defineMessage({
+					id: 'project.settings.permissions.sort.recently-edited',
+					defaultMessage: 'Recently edited',
+				}),
+			),
+		},
+	]
+	if (hasMixedModerationStatus.value) {
+		options.push({
+			value: 'rejected',
+			label: formatMessage(sortRejectedLabel),
+		})
+	}
+	return options
+})
+
+const currentSortLabel = computed(() => {
+	return sortTypes.value.find((option) => option.value === currentSortType.value)?.label ?? ''
+})
+
+function isAttributed(group: Labrinth.Attribution.Internal.AttributionGroup): boolean {
+	return !!group.attribution && !isNoPermission(group)
+}
+
+function isNoPermission(group: Labrinth.Attribution.Internal.AttributionGroup): boolean {
+	return group.attribution?.kind === 'no_permission'
+}
+
+function isModerationRejected(group: Labrinth.Attribution.Internal.AttributionGroup): boolean {
+	const kind = group.attribution?.moderation_status?.kind
+	return kind === 'bad_proof' || kind === 'not_allowed'
+}
+
+function rejectedSortRank(group: Labrinth.Attribution.Internal.AttributionGroup): number {
+	if (isModerationRejected(group)) {
+		return 0
+	}
+	if (group.attribution?.moderation_status?.kind === 'approved') {
+		return 1
+	}
+	return 2
+}
+
+const hasMixedModerationStatus = computed(() => {
+	const groups = attributionData.value ?? []
+	let hasRejected = false
+	let hasNonRejected = false
+	for (const group of groups) {
+		if (isModerationRejected(group)) {
+			hasRejected = true
+		} else {
+			hasNonRejected = true
+		}
+		if (hasRejected && hasNonRejected) {
+			return true
+		}
+	}
+	return false
+})
+
+watch(hasMixedModerationStatus, (mixed) => {
+	if (!mixed && currentSortType.value === 'rejected') {
+		currentSortType.value = 'status'
+	}
+})
+
+function statusSortRank(group: Labrinth.Attribution.Internal.AttributionGroup): number {
+	if (isNoPermission(group)) {
+		return 0
+	} else if (!group.attribution) {
+		return 1
+	} else if (group.attribution?.kind === 'globally_allowed') {
+		return 3
+	} else {
+		return 2
+	}
+}
+
+function alphabetSortKey(group: Labrinth.Attribution.Internal.AttributionGroup): string {
+	return createAttributionGroupTitle(group, formatMessage)
+}
+
+function compareAlphabetical(
+	a: Labrinth.Attribution.Internal.AttributionGroup,
+	b: Labrinth.Attribution.Internal.AttributionGroup,
+): number {
+	return alphabetSortKey(a).localeCompare(alphabetSortKey(b), undefined, { sensitivity: 'base' })
+}
+
+function attributedTimestamp(group: Labrinth.Attribution.Internal.AttributionGroup): number {
+	if (!group.attributed_at) return Number.NEGATIVE_INFINITY
+	const t = Date.parse(group.attributed_at)
+	return Number.isNaN(t) ? Number.NEGATIVE_INFINITY : t
+}
+
+function groupMatchesPermissionsSearch(
+	group: Labrinth.Attribution.Internal.AttributionGroup,
+	queryTrimmed: string,
+): boolean {
+	const query = queryTrimmed.toLowerCase()
+	if (group.flame_project?.title?.toLowerCase().includes(query)) {
+		return true
+	}
+	return (group.files ?? []).some((file) => file.name.toLowerCase().includes(query))
+}
+
+const filteredGroups = computed(() => {
+	const groups = attributionData.value ?? []
+	const queryTrimmed = searchQuery.value.trim()
+	const filtered = queryTrimmed
+		? groups.filter((group) => groupMatchesPermissionsSearch(group, queryTrimmed))
+		: [...groups]
+	const sortMode = currentSortType.value
+	filtered.sort(compareAlphabetical)
+	filtered.sort((a, b) => {
+		if (sortMode === 'status') {
+			return statusSortRank(a) - statusSortRank(b)
+		}
+		if (sortMode === 'most_files') {
+			const ac = a.files?.length ?? 0
+			const bc = b.files?.length ?? 0
+			return bc - ac
+		}
+		if (sortMode === 'rejected') {
+			return rejectedSortRank(a) - rejectedSortRank(b)
+		}
+		const at = attributedTimestamp(a)
+		const bt = attributedTimestamp(b)
+		return bt - at
+	})
+	return filtered
+})
+
+const totalGroups = computed(() => attributionData.value?.length ?? 0)
+
+const stats = computed(() => {
+	const groups = attributionData.value ?? []
+	let attributed = 0
+	let pending = 0
+	let noPermission = 0
+	for (const group of groups) {
+		if (isNoPermission(group)) {
+			noPermission++
+		} else if (isAttributed(group)) {
+			attributed++
+		} else {
+			pending++
+		}
+	}
+	return { total: groups.length, attributed, pending, noPermission }
+})
+
+const projectIsApproved = computed(() => project.value.status === 'approved')
 
-const sortTypes: ComboboxOption<string>[] = [
-	{ value: 'Oldest', label: 'Oldest' },
-	{ value: 'Newest', label: 'Newest' },
-]
 const messages = defineMessages({
 	searchPlaceholder: {
 		id: 'project.settings.permissions.search-placeholder',
-		defaultMessage:
-			'Search {count} {count, plural, one {external project} other {external projects}}...',
+		defaultMessage: 'Search {count} {count, plural, one {project} other {projects}}...',
 	},
 	infoBannerTitle: {
 		id: 'project.settings.permissions.info-banner.title',
-		defaultMessage: 'Learn how attributions work',
+		defaultMessage: 'Learn about distribution permissions',
 	},
 	infoBannerDescription: {
 		id: 'project.settings.permissions.info-banner.description',
-		defaultMessage: `If you include content that isn’t hosted on Modrinth, you need to let us know where it’s from and verify that you have permission to distribute the files. Check out <link>our guide</link> to learn about how to do this properly!`,
+		defaultMessage: `If you include content that isn’t hosted on Modrinth, you need to let us know where it’s from and verify that you have permission to distribute the files. Check out <link>our guide</link> to learn more and get started!`,
 	},
 	learnMore: {
 		id: 'project.settings.permissions.learn-more',
@@ -57,15 +261,16 @@ const messages = defineMessages({
 	},
 	emptyStateDescription: {
 		id: 'project.settings.permissions.empty-state.description',
-		defaultMessage: `None of your versions contain external content, so you don't need to worry about obtaining permissions.`,
+		defaultMessage: `None of your project's versions contain external content, so you don't need to worry about obtaining permissions.`,
 	},
 	completedTitle: {
 		id: 'project.settings.permissions.completed.title',
-		defaultMessage: `Attributions completed!`,
+		defaultMessage: `Permissions completed!`,
 	},
 	completedDescription: {
 		id: 'project.settings.permissions.completed.description',
-		defaultMessage: 'All external content has attributions provided.',
+		defaultMessage:
+			'All external content has permission information and attributions have been provided.',
 	},
 	failTitle: {
 		id: 'project.settings.permissions.fail.title',
@@ -73,78 +278,144 @@ const messages = defineMessages({
 	},
 	failDescription: {
 		id: 'project.settings.permissions.fail.description',
-		defaultMessage: `You don't have permission to redistribute some of the external content you've added. In order to publish on Modrinth, remove the infringing content.`,
+		defaultMessage: `You may not have permission to redistribute some of the external content in your project. In order to publish on Modrinth, please remove this content or provide proof that you do have permission to use it.`,
 	},
 	attentionNeededTitle: {
 		id: 'project.settings.permissions.attention-needed.title',
-		defaultMessage: `Unknown embedded content`,
+		defaultMessage: `Unknown external content`,
 	},
 	attentionNeededDescriptionApproved: {
 		id: 'project.settings.permissions.attention-needed.description.proj-approved',
-		defaultMessage: `Please provide proof that you have permission to redistribute all of the following files and any withheld versions will be automatically published.`,
+		defaultMessage: `Please provide proof that you have permission to redistribute all of the following files. Once completed, withheld versions will be automatically published.`,
 	},
 	attentionNeededDescriptionDraft: {
 		id: 'project.settings.permissions.attention-needed.description.proj-draft',
-		defaultMessage: `Please provide proof that you have permission to redistribute all of the following files before you can submit your project for review.`,
+		defaultMessage: `Please provide proof that you have permission to redistribute all of the following files before submitting your project for review.`,
+	},
+	noResults: {
+		id: 'project.settings.permissions.no-results',
+		defaultMessage: 'No external files match your search.',
+	},
+	collapseAll: {
+		id: 'project.settings.permissions.collapse-all',
+		defaultMessage: 'Collapse all',
+	},
+	expandAll: {
+		id: 'project.settings.permissions.expand-all',
+		defaultMessage: 'Expand all',
 	},
 })
 
+function defaultCardCollapsed(group: Labrinth.Attribution.Internal.AttributionGroup): boolean {
+	return (
+		(!isModerator.value && !!group.attribution) || group?.attribution?.kind === 'globally_allowed'
+	)
+}
+
+function getCardCollapsed(group: Labrinth.Attribution.Internal.AttributionGroup): boolean {
+	return cardCollapsedById.value[group.id] ?? defaultCardCollapsed(group)
+}
+
+function setCardCollapsed(groupId: string, collapsed: boolean) {
+	cardCollapsedById.value = { ...cardCollapsedById.value, [groupId]: collapsed }
+}
+
+const allCardsCollapsed = computed(() => {
+	const groups = filteredGroups.value
+	if (groups.length === 0) {
+		return true
+	}
+	return groups.every((group) => getCardCollapsed(group))
+})
+
+const expandCollapseAllLabel = computed(() =>
+	formatMessage(allCardsCollapsed.value ? messages.expandAll : messages.collapseAll),
+)
+
+function toggleAllCardsCollapsed() {
+	const collapsed = !allCardsCollapsed.value
+	const next = { ...cardCollapsedById.value }
+	for (const group of filteredGroups.value) {
+		next[group.id] = collapsed
+	}
+	cardCollapsedById.value = next
+}
+
 function dismissInfoBanner() {
 	flags.value.dismissedExternalProjectsInfo = true
 	saveFeatureFlags()
 }
 </script>
 <template>
-	<template v-if="externalFiles.length > 0">
-		<Admonition
-			v-if="!flags.dismissedExternalProjectsInfo"
-			type="info"
-			class="mb-4"
-			:header="formatMessage(messages.infoBannerTitle)"
-			dismissible
-			@dismiss="dismissInfoBanner"
-		>
-			<IntlFormatted :message-id="messages.infoBannerDescription">
-				<template #link="{ children }">
-					<a class="text-link" target="_blank"> <component :is="() => children" /> </a>
-				</template>
-			</IntlFormatted>
-			<template #actions>
-				<div class="flex">
-					<ButtonStyled color="blue">
-						<a> {{ formatMessage(messages.learnMore) }} <RightArrowIcon /> </a>
-					</ButtonStyled>
-				</div>
+	<Admonition
+		v-if="!flags.dismissedExternalProjectsInfo && !isModerator"
+		type="info"
+		class="mb-4"
+		:header="formatMessage(messages.infoBannerTitle)"
+		dismissible
+		@dismiss="dismissInfoBanner"
+	>
+		<IntlFormatted :message-id="messages.infoBannerDescription">
+			<template #link="{ children }">
+				<a class="text-link" target="_blank"> <component :is="() => children" /> </a>
 			</template>
-		</Admonition>
-		<Admonition
-			v-if="true"
-			type="success"
-			class="mb-4"
-			:header="formatMessage(messages.completedTitle)"
-			:body="formatMessage(messages.completedDescription)"
-		/>
-		<Admonition
-			v-if="true"
-			type="warning"
-			class="mb-4"
-			:header="formatMessage(messages.attentionNeededTitle)"
-			:body="formatMessage(messages.attentionNeededDescriptionDraft)"
-		/>
-		<Admonition
-			v-if="true"
-			type="critical"
-			class="mb-4"
-			:header="formatMessage(messages.failTitle)"
-			:body="formatMessage(messages.failDescription)"
-		/>
-		<div class="grid grid-cols-[1fr_auto] gap-2">
+		</IntlFormatted>
+		<template #actions>
+			<div class="flex">
+				<ButtonStyled color="blue">
+					<a> {{ formatMessage(messages.learnMore) }} <RightArrowIcon /> </a>
+				</ButtonStyled>
+			</div>
+		</template>
+	</Admonition>
+	<template v-if="pending">
+		<div class="flex flex-col gap-3">
+			<div
+				v-for="i in 3"
+				:key="i"
+				class="h-[56px] w-full animate-pulse rounded-2xl bg-surface-3"
+			></div>
+		</div>
+	</template>
+	<template v-else-if="totalGroups > 0">
+		<template v-if="!isModerator">
+			<Admonition
+				v-if="stats.pending === 0 && stats.noPermission === 0"
+				type="success"
+				class="mb-4"
+				:header="formatMessage(messages.completedTitle)"
+				:body="formatMessage(messages.completedDescription)"
+			/>
+			<Admonition
+				v-else-if="stats.noPermission > 0"
+				type="critical"
+				class="mb-4"
+				:header="formatMessage(messages.failTitle)"
+				:body="formatMessage(messages.failDescription)"
+			/>
+			<Admonition
+				v-else-if="stats.pending > 0"
+				type="warning"
+				class="mb-4"
+				:header="formatMessage(messages.attentionNeededTitle)"
+				:body="
+					formatMessage(
+						projectIsApproved
+							? messages.attentionNeededDescriptionApproved
+							: messages.attentionNeededDescriptionDraft,
+					)
+				"
+			/>
+		</template>
+		<div class="grid grid-cols-[1fr_auto_auto] gap-2">
 			<StyledInput
 				v-model="searchQuery"
-				type="search"
+				type="text"
+				autocomplete="off"
+				clearable
 				:placeholder="
 					formatMessage(messages.searchPlaceholder, {
-						count: externalFiles.length,
+						count: totalGroups,
 					})
 				"
 				:icon="SearchIcon"
@@ -153,27 +424,68 @@ function dismissInfoBanner() {
 			<div>
 				<Combobox
 					v-model="currentSortType"
-					class="!w-full flex-grow sm:!w-[150px] sm:flex-grow-0 lg:!w-[150px]"
+					class="!w-full flex-grow sm:!w-[220px] sm:flex-grow-0"
 					:options="sortTypes"
 					:placeholder="formatMessage(commonMessages.sortByLabel)"
 				>
 					<template #selected>
 						<span class="flex flex-row gap-2 align-middle font-semibold">
-							<SortAscIcon
-								v-if="currentSortType === 'Oldest'"
+							<ArrowDownWideNarrowIcon
+								v-if="currentSortType === 'status'"
+								class="size-5 flex-shrink-0 text-secondary"
+							/>
+							<ArrowDown10Icon
+								v-else-if="currentSortType === 'most_files'"
+								class="size-5 flex-shrink-0 text-secondary"
+							/>
+							<ClockArrowDownIcon
+								v-else-if="currentSortType === 'recently_edited'"
+								class="size-5 flex-shrink-0 text-secondary"
+							/>
+							<ArrowDownWideNarrowIcon
+								v-else-if="currentSortType === 'rejected'"
 								class="size-5 flex-shrink-0 text-secondary"
 							/>
-							<SortDescIcon v-else class="size-5 flex-shrink-0 text-secondary" />
-							<span class="truncate text-contrast">{{ currentSortType }}</span>
+							<span class="truncate text-contrast">{{ currentSortLabel }}</span>
 						</span>
 					</template>
 				</Combobox>
 			</div>
+			<ButtonStyled>
+				<button type="button" class="!h-[40px]" @click="toggleAllCardsCollapsed">
+					<UnfoldVerticalIcon
+						v-if="allCardsCollapsed"
+						class="size-5 flex-shrink-0 text-secondary"
+					/>
+					<FoldVerticalIcon v-else class="size-5 flex-shrink-0 text-secondary" />
+					{{ expandCollapseAllLabel }}
+				</button>
+			</ButtonStyled>
 		</div>
 		<div class="mt-4 flex flex-col gap-3">
-			<ExternalProjectPermissionsCard title="FTB Library" />
+			<TransitionGroup name="list">
+				<ExternalProjectPermissionsCard
+					v-for="group in filteredGroups"
+					:key="group.id"
+					:collapsed="getCardCollapsed(group)"
+					:project-id="project.id"
+					:group="group"
+					:is-moderator="isModerator"
+					@update:collapsed="setCardCollapsed(group.id, $event)"
+				/>
+				<EmptyState
+					v-if="filteredGroups.length === 0"
+					:heading="formatMessage(messages.noResults)"
+					type="no-search-result"
+				/>
+			</TransitionGroup>
 		</div>
 	</template>
+	<div v-else-if="attributionError">
+		<p v-if="attributionError" class="my-12 text-center text-red">
+			{{ attributionError }}
+		</p>
+	</div>
 	<template v-else>
 		<EmptyState
 			:heading="formatMessage(messages.emptyStateHeading)"
@@ -182,3 +494,18 @@ function dismissInfoBanner() {
 		/>
 	</template>
 </template>
+<style scoped>
+.list-enter-from {
+	opacity: 0;
+	transform: translateY(-10px);
+}
+
+.list-leave-to {
+	opacity: 0;
+	transform: translateY(10px);
+}
+
+.list-move {
+	transition: transform 200ms ease-in-out;
+}
+</style>
diff --git a/apps/frontend/src/pages/[type]/[project]/settings/versions.vue b/apps/frontend/src/pages/[type]/[project]/settings/versions.vue
index 4d1e11ebca..4fe35f27ed 100644
--- a/apps/frontend/src/pages/[type]/[project]/settings/versions.vue
+++ b/apps/frontend/src/pages/[type]/[project]/settings/versions.vue
@@ -14,21 +14,22 @@
 			proceed-label="Delete"
 			@proceed="deleteVersion()"
 		/>
-
 		<Admonition
-			v-if="flags.modpackPermissionsPage && withheldVersions.length > 0"
+			v-if="withheldVersions.length > 0"
 			type="warning"
 			class="mb-4"
 			:header="
 				formatMessage(messages.withheldVersionsWarningTitle, {
 					count: withheldVersions.length,
-					version_name: withheldVersions.length === 1 ? withheldVersions[0] : undefined,
+					version_name:
+						withheldVersions.length === 1 ? withheldVersions[0].version_number : undefined,
 				})
 			"
 			:body="
 				formatMessage(messages.withheldVersionsWarningDescription, {
 					count: withheldVersions.length,
-					version_name: withheldVersions.length === 1 ? withheldVersions[0] : undefined,
+					version_name:
+						withheldVersions.length === 1 ? withheldVersions[0].version_number : undefined,
 				})
 			"
 		>
@@ -454,7 +455,9 @@ async function deleteVersion() {
 	stopLoading()
 }
 
-const withheldVersions = computed(() => ['4.0.0'])
+const withheldVersions = computed(() =>
+	versions.value.filter((x) => x.files_missing_attribution?.length > 0),
+)
 
 const messages = defineMessages({
 	withheldVersionsWarningTitle: {
diff --git a/apps/frontend/src/pages/[type]/[project]/version/[version].vue b/apps/frontend/src/pages/[type]/[project]/version/[version].vue
index 20a4737f86..d80071a87a 100644
--- a/apps/frontend/src/pages/[type]/[project]/version/[version].vue
+++ b/apps/frontend/src/pages/[type]/[project]/version/[version].vue
@@ -136,7 +136,7 @@
 				</ButtonStyled>
 			</div>
 			<div v-else class="input-group mt-2">
-				<ButtonStyled v-if="primaryFile?.url && !currentMember" color="brand">
+				<ButtonStyled v-if="primaryFile?.url" color="brand">
 					<a
 						v-tooltip="primaryFile.filename + ' (' + formatBytes(primaryFile.size) + ')'"
 						:href="decoratedPrimaryFileUrl"
@@ -159,36 +159,44 @@
 						Report
 					</button>
 				</ButtonStyled>
-				<ButtonStyled v-if="currentMember">
-					<button @click="handleOpenEditVersionModal(version.id, project.id, 'metadata')">
-						<BoxIcon aria-hidden="true" />
-						Edit metadata
-					</button>
-				</ButtonStyled>
-				<ButtonStyled v-if="currentMember">
-					<button @click="handleOpenEditVersionModal(version.id, project.id, 'add-details')">
-						<InfoIcon aria-hidden="true" />
-						Edit details
-					</button>
-				</ButtonStyled>
-				<ButtonStyled v-if="currentMember">
-					<button @click="handleOpenEditVersionModal(version.id, project.id, 'add-files')">
-						<FileIcon aria-hidden="true" />
-						Edit files
-					</button>
-				</ButtonStyled>
-				<ButtonStyled>
-					<button
-						v-if="
-							currentMember &&
-							version.loaders.some((x: string) => tags.loaderData.dataPackLoaders.includes(x))
-						"
-						@click="modal_package_mod?.show()"
-					>
-						<BoxIcon aria-hidden="true" />
-						Package as mod
-					</button>
-				</ButtonStyled>
+
+				<template v-if="currentMember">
+					<ButtonStyled v-if="version.files_missing_attribution?.length > 0" color="orange">
+						<nuxt-link :to="`/project/${project.id}/settings/permissions`">
+							Resolve missing permissions
+							<RightArrowIcon aria-hidden="true" />
+						</nuxt-link>
+					</ButtonStyled>
+					<ButtonStyled>
+						<button @click="handleOpenEditVersionModal(version.id, project.id, 'metadata')">
+							<BoxIcon aria-hidden="true" />
+							Edit metadata
+						</button>
+					</ButtonStyled>
+					<ButtonStyled>
+						<button @click="handleOpenEditVersionModal(version.id, project.id, 'add-details')">
+							<InfoIcon aria-hidden="true" />
+							Edit details
+						</button>
+					</ButtonStyled>
+					<ButtonStyled>
+						<button @click="handleOpenEditVersionModal(version.id, project.id, 'add-files')">
+							<FileIcon aria-hidden="true" />
+							Edit files
+						</button>
+					</ButtonStyled>
+					<ButtonStyled>
+						<button
+							v-if="
+								version.loaders.some((x: string) => tags.loaderData.dataPackLoaders.includes(x))
+							"
+							@click="modal_package_mod?.show()"
+						>
+							<BoxIcon aria-hidden="true" />
+							Package as mod
+						</button>
+					</ButtonStyled>
+				</template>
 			</div>
 		</div>
 		<div class="version-page__changelog universal-card">
diff --git a/apps/frontend/src/pages/admin/emails.vue b/apps/frontend/src/pages/admin/emails.vue
index 24a788f67d..3a6e71e826 100644
--- a/apps/frontend/src/pages/admin/emails.vue
+++ b/apps/frontend/src/pages/admin/emails.vue
@@ -23,6 +23,10 @@ function copy(id: string) {
 	navigator.clipboard?.writeText(`/_internal/templates/email/${id}`).catch(() => {})
 }
 
+function uncachedPreviewUrl(id: string) {
+	return `/_internal/templates/email/${id}?preview=${Date.now()}`
+}
+
 const previewModal = ref<{ hide: () => void; show: () => void } | null>(null)
 const previewTemplate = ref<string | null>(null)
 const previewLoading = ref(false)
@@ -73,7 +77,7 @@ async function openPreview(id: string, event?: MouseEvent) {
 	variableValues.value = {}
 
 	try {
-		const response = await fetch(`/_internal/templates/email/${id}`)
+		const response = await fetch(uncachedPreviewUrl(id), { cache: 'no-store' })
 		previewHtml.value = await response.text()
 
 		if (!response.ok) {
@@ -103,7 +107,7 @@ function openPopupPreview(id: string, offset = 0) {
 	const left = window.screenX + (window.outerWidth - width) / 2 + ((offset * 28) % 320)
 	const top = window.screenY + (window.outerHeight - height) / 2 + ((offset * 28) % 320)
 	window.open(
-		`/_internal/templates/email/${id}`,
+		uncachedPreviewUrl(id),
 		`email-${id}`,
 		`popup=yes,width=${width},height=${height},left=${left},top=${top},resizable=yes,scrollbars=yes,menubar=no,toolbar=no,location=no,status=no`,
 	)
diff --git a/apps/frontend/src/pages/admin/servers/notices.vue b/apps/frontend/src/pages/admin/servers/notices.vue
index 8cc36c9c6b..a3e8465714 100644
--- a/apps/frontend/src/pages/admin/servers/notices.vue
+++ b/apps/frontend/src/pages/admin/servers/notices.vue
@@ -218,7 +218,7 @@
 							:level="notice.level"
 							:message="notice.message"
 							:dismissable="notice.dismissable"
-							:title="notice.title"
+							:title="notice.title ?? undefined"
 							preview
 						/>
 						<div class="mt-4 flex items-center gap-2">
@@ -260,6 +260,7 @@
 	</div>
 </template>
 <script setup lang="ts">
+import type { Archon } from '@modrinth/api-client'
 import { EditIcon, PlusIcon, SaveIcon, SettingsIcon, TrashIcon, XIcon } from '@modrinth/assets'
 import {
 	ButtonStyled,
@@ -267,6 +268,7 @@ import {
 	commonMessages,
 	CopyCode,
 	defineMessages,
+	injectModrinthClient,
 	injectNotificationManager,
 	NewModal,
 	ServerNotice,
@@ -278,14 +280,13 @@ import {
 	useVIntl,
 } from '@modrinth/ui'
 import { NOTICE_LEVELS } from '@modrinth/ui/src/utils/notices.ts'
-import type { ServerNotice as ServerNoticeType } from '@modrinth/utils'
 import dayjs from 'dayjs'
 import { computed } from 'vue'
 
 import AssignNoticeModal from '~/components/ui/admin/AssignNoticeModal.vue'
-import { useServersFetch } from '~/composables/servers/servers-fetch.ts'
 
 const { addNotification } = injectNotificationManager()
+const client = injectModrinthClient()
 const { formatMessage } = useVIntl()
 const formatRelativeTime = useRelativeTime()
 const formatDateTime = useFormatDateTime({
@@ -297,6 +298,8 @@ const formatDateTimeShortMonth = useFormatDateTime({
 	dateStyle: 'medium',
 })
 
+type ServerNoticeType = Archon.Notices.v0.ListedNotice
+
 const notices = ref<ServerNoticeType[]>([])
 const createNoticeModal = ref<InstanceType<typeof NewModal>>()
 const assignNoticeModal = ref<InstanceType<typeof AssignNoticeModal>>()
@@ -304,16 +307,14 @@ const assignNoticeModal = ref<InstanceType<typeof AssignNoticeModal>>()
 await refreshNotices()
 
 async function refreshNotices() {
-	await useServersFetch('notices').then((res) => {
-		notices.value = res as ServerNoticeType[]
-		notices.value.sort((a, b) => {
-			const dateDiff = dayjs(b.announce_at).diff(dayjs(a.announce_at))
-			if (dateDiff === 0) {
-				return b.id - a.id
-			}
+	notices.value = await client.archon.notices_v0.list()
+	notices.value.sort((a, b) => {
+		const dateDiff = dayjs(b.announce_at).diff(dayjs(a.announce_at))
+		if (dateDiff === 0) {
+			return b.id - a.id
+		}
 
-			return dateDiff
-		})
+		return dateDiff
 	})
 }
 
@@ -347,7 +348,7 @@ function startEditing(notice: ServerNoticeType, assignments: boolean = false) {
 	newNoticeLevel.value = levelOptions.find((x) => x.id === notice.level) ?? levelOptions[0]
 	newNoticeDismissable.value = notice.dismissable
 	newNoticeMessage.value = notice.message
-	newNoticeTitle.value = notice.title
+	newNoticeTitle.value = notice.title ?? undefined
 	newNoticeScheduledDate.value = dayjs(notice.announce_at).format(DATE_TIME_FORMAT)
 	newNoticeExpiresDate.value = notice.expires
 		? dayjs(notice.expires).format(DATE_TIME_FORMAT)
@@ -361,9 +362,8 @@ function startEditing(notice: ServerNoticeType, assignments: boolean = false) {
 }
 
 async function deleteNotice(notice: ServerNoticeType) {
-	await useServersFetch(`notices/${notice.id}`, {
-		method: 'DELETE',
-	})
+	await client.archon.notices_v0
+		.delete(notice.id)
 		.then(() => {
 			addNotification({
 				title: `Successfully deleted notice #${notice.id}`,
@@ -412,9 +412,10 @@ async function saveChanges() {
 		return
 	}
 
-	await useServersFetch(`notices/${editingNotice.value?.id}`, {
-		method: 'PATCH',
-		body: {
+	if (!editingNotice.value) return
+
+	await client.archon.notices_v0
+		.update(editingNotice.value.id, {
 			message: newNoticeMessage.value,
 			title: newNoticeSurvey.value ? undefined : trimmedTitle.value,
 			level: newNoticeLevel.value.id,
@@ -425,14 +426,14 @@ async function saveChanges() {
 			expires: newNoticeExpiresDate.value
 				? dayjs(newNoticeExpiresDate.value).toISOString()
 				: undefined,
-		},
-	}).catch((err) => {
-		addNotification({
-			title: 'Error saving changes to notice',
-			text: err,
-			type: 'error',
 		})
-	})
+		.catch((err) => {
+			addNotification({
+				title: 'Error saving changes to notice',
+				text: err,
+				type: 'error',
+			})
+		})
 	await refreshNotices()
 	createNoticeModal.value?.hide()
 }
@@ -442,9 +443,8 @@ async function createNotice() {
 		return
 	}
 
-	await useServersFetch('notices', {
-		method: 'POST',
-		body: {
+	await client.archon.notices_v0
+		.create({
 			message: newNoticeMessage.value,
 			title: newNoticeSurvey.value ? undefined : trimmedTitle.value,
 			level: newNoticeLevel.value.id,
@@ -455,14 +455,14 @@ async function createNotice() {
 			expires: newNoticeExpiresDate.value
 				? dayjs(newNoticeExpiresDate.value).toISOString()
 				: undefined,
-		},
-	}).catch((err) => {
-		addNotification({
-			title: 'Error creating notice',
-			text: err,
-			type: 'error',
 		})
-	})
+		.catch((err) => {
+			addNotification({
+				title: 'Error creating notice',
+				text: err,
+				type: 'error',
+			})
+		})
 	await refreshNotices()
 	createNoticeModal.value?.hide()
 }
diff --git a/apps/frontend/src/pages/admin/servers/transfers.vue b/apps/frontend/src/pages/admin/servers/transfers.vue
index 04627f4885..ed50e5be86 100644
--- a/apps/frontend/src/pages/admin/servers/transfers.vue
+++ b/apps/frontend/src/pages/admin/servers/transfers.vue
@@ -108,11 +108,13 @@
 </template>
 
 <script setup lang="ts">
+import type { Archon } from '@modrinth/api-client'
 import { PlusIcon, XCircleIcon } from '@modrinth/assets'
 import {
 	Avatar,
 	ButtonStyled,
 	ConfirmModal,
+	injectModrinthClient,
 	injectNotificationManager,
 	Pagination,
 	TagItem,
@@ -124,38 +126,16 @@ import dayjs from 'dayjs'
 import { computed, ref } from 'vue'
 
 import TransferModal from '~/components/ui/admin/TransferModal.vue'
-import { useServersFetch } from '~/composables/servers/servers-fetch.ts'
 
 const { addNotification } = injectNotificationManager()
+const client = injectModrinthClient()
 const formatRelativeTime = useRelativeTime()
 const formatDateTime = useFormatDateTime({
 	timeStyle: 'short',
 	dateStyle: 'long',
 })
 
-// Types
-interface ProvisionOptions {
-	region?: string | null
-	node_tags?: string[]
-}
-
-interface TransferBatch {
-	id: number
-	created_by: string
-	created_at: string
-	reason: string | null
-	scheduled_at: string
-	cancelled: boolean
-	log_count: number
-	provision_options: ProvisionOptions
-}
-
-interface HistoryResponse {
-	batches: TransferBatch[]
-	total: number
-	page: number
-	page_size: number
-}
+type TransferBatch = Archon.Transfers.Internal.TransferLogBatchEntry
 
 const transferModal = ref<InstanceType<typeof TransferModal>>()
 const cancelModal = ref<InstanceType<typeof ConfirmModal>>()
@@ -178,10 +158,10 @@ async function refreshHistory() {
 	loading.value = true
 	error.value = null
 	try {
-		const data = await useServersFetch<HistoryResponse>(
-			`/transfers/history?page=${currentPage.value}&page_size=${pageSize}`,
-			{ version: 'internal' },
-		)
+		const data = await client.archon.transfers_internal.history({
+			page: currentPage.value,
+			page_size: pageSize,
+		})
 		batches.value = data.batches || []
 		total.value = data.total || 0
 
@@ -283,12 +263,8 @@ function showCancelModal(batchId: number) {
 async function confirmCancel() {
 	if (!cancellingBatchId.value) return
 	try {
-		await useServersFetch('/transfers/cancel', {
-			version: 'internal',
-			method: 'POST',
-			body: {
-				batch_ids: [cancellingBatchId.value],
-			},
+		await client.archon.transfers_internal.cancel({
+			batch_ids: [cancellingBatchId.value],
 		})
 		addNotification({
 			title: 'Transfer cancelled',
diff --git a/apps/frontend/src/pages/dashboard/revenue/index.vue b/apps/frontend/src/pages/dashboard/revenue/index.vue
index a1bbb18090..60b503a931 100644
--- a/apps/frontend/src/pages/dashboard/revenue/index.vue
+++ b/apps/frontend/src/pages/dashboard/revenue/index.vue
@@ -72,6 +72,7 @@
 						}}
 						<Tooltip
 							theme="dismissable-prompt"
+							class="inline-flex shrink-0"
 							:triggers="['hover', 'focus']"
 							no-auto-focus
 							:aria-id="`${baseId}-date-segment-tooltip-${i}`"
@@ -106,6 +107,7 @@
 						{{ formatMessage(messages.processing) }}
 						<Tooltip
 							theme="dismissable-prompt"
+							class="inline-flex shrink-0"
 							:triggers="['hover', 'focus']"
 							no-auto-focus
 							:aria-id="`${baseId}-processing-tooltip`"
diff --git a/apps/frontend/src/pages/hosting/manage/[id].vue b/apps/frontend/src/pages/hosting/manage/[id].vue
index 7c4a3d8ecd..5f6d5245f4 100644
--- a/apps/frontend/src/pages/hosting/manage/[id].vue
+++ b/apps/frontend/src/pages/hosting/manage/[id].vue
@@ -11,6 +11,7 @@
 		:auth-user="authUser"
 		:navigate-to-billing="() => router.push('/settings/billing')"
 		:navigate-to-servers="() => router.push('/hosting/manage')"
+		constrain-width
 		:browse-modpacks="
 			({ serverId: sid, worldId: wid, from }) => {
 				navigateTo({
diff --git a/apps/frontend/src/pages/hosting/manage/[id]/access.vue b/apps/frontend/src/pages/hosting/manage/[id]/access.vue
new file mode 100644
index 0000000000..818ac1acbc
--- /dev/null
+++ b/apps/frontend/src/pages/hosting/manage/[id]/access.vue
@@ -0,0 +1,82 @@
+<script setup lang="ts">
+import {
+	injectModrinthClient,
+	injectModrinthServerContext,
+	ServersManageAccessPage,
+} from '@modrinth/ui'
+import { useQueryClient } from '@tanstack/vue-query'
+
+const client = injectModrinthClient()
+const { server, serverId } = injectModrinthServerContext()
+const queryClient = useQueryClient()
+const flags = useFeatureFlags()
+const ACTION_LOG_PAGE_SIZE = 200
+const ACTION_LOG_SORT_DIRECTION = 'desc'
+const actionLogDateFilter = defaultActionLogDateFilter()
+
+await Promise.allSettled([
+	queryClient.ensureQueryData({
+		queryKey: ['servers', 'users', 'v1', serverId],
+		queryFn: () => client.archon.server_users_v1.list(serverId),
+		staleTime: 30_000,
+	}),
+	queryClient.ensureQueryData({
+		queryKey: ['servers', 'v1', 'detail', serverId],
+		queryFn: () => client.archon.servers_v1.get(serverId),
+		staleTime: 30_000,
+	}),
+	queryClient.prefetchInfiniteQuery({
+		queryKey: [
+			'servers',
+			'action-log',
+			'v1',
+			'infinite',
+			serverId,
+			null,
+			actionLogDateFilter.min_datetime,
+			actionLogDateFilter.max_datetime,
+			ACTION_LOG_SORT_DIRECTION,
+		],
+		queryFn: ({ pageParam = 0 }) => {
+			const offset = typeof pageParam === 'number' ? pageParam : 0
+			return client.archon.actions_v1.list(serverId, {
+				limit: ACTION_LOG_PAGE_SIZE,
+				offset,
+				order: ACTION_LOG_SORT_DIRECTION,
+				...actionLogDateFilter,
+			})
+		},
+		getNextPageParam: (lastPage) =>
+			typeof lastPage.next_offset === 'number' ? lastPage.next_offset : undefined,
+		initialPageParam: 0,
+		staleTime: 30_000,
+	}),
+])
+
+useHead({
+	title: computed(() => `Access - ${server.value?.name ?? 'Server'} - Modrinth`),
+})
+
+function defaultActionLogDateFilter() {
+	const endDate = new Date()
+	const startDate = new Date(endDate)
+	startDate.setDate(startDate.getDate() - 6)
+
+	return {
+		min_datetime: startOfDay(startDate).toISOString(),
+		max_datetime: endOfDay(endDate).toISOString(),
+	}
+}
+
+function startOfDay(date: Date) {
+	return new Date(date.getFullYear(), date.getMonth(), date.getDate())
+}
+
+function endOfDay(date: Date) {
+	return new Date(date.getFullYear(), date.getMonth(), date.getDate(), 23, 59, 59, 999)
+}
+</script>
+
+<template>
+	<ServersManageAccessPage :show-audit-log-instances="flags.showHostingAccessInstanceAuditLog" />
+</template>
diff --git a/apps/frontend/src/pages/moderation/external-projects.vue b/apps/frontend/src/pages/moderation/external-projects.vue
index 605bfc9bfc..fde7ff7ef2 100644
--- a/apps/frontend/src/pages/moderation/external-projects.vue
+++ b/apps/frontend/src/pages/moderation/external-projects.vue
@@ -185,7 +185,7 @@ function mapExternalProject(
 		exceptions: project.exceptions,
 		proof: project.proof,
 		flame_project_id: project.flame_project_id,
-		files: project.linked_files,
+		files: project.linked_files ?? [],
 	}
 }
 
diff --git a/apps/frontend/src/pages/report.vue b/apps/frontend/src/pages/report.vue
index 59af8701e6..461ac3fed5 100644
--- a/apps/frontend/src/pages/report.vue
+++ b/apps/frontend/src/pages/report.vue
@@ -284,11 +284,11 @@ import {
 	VersionIcon,
 	XCircleIcon,
 } from '@modrinth/assets'
-import { defineMessage } from '@modrinth/ui'
 import {
 	AutoLink,
 	Avatar,
 	ButtonStyled,
+	defineMessage,
 	defineMessages,
 	formatReportItemType,
 	injectNotificationManager,
diff --git a/apps/frontend/src/plugins/cosmetics.ts b/apps/frontend/src/plugins/cosmetics.ts
index e77aeb288e..7d821eae7f 100644
--- a/apps/frontend/src/plugins/cosmetics.ts
+++ b/apps/frontend/src/plugins/cosmetics.ts
@@ -27,10 +27,11 @@ export interface Cosmetics {
 export default defineNuxtPlugin({
 	name: 'cosmetics',
 	setup() {
+		const config = useRuntimeConfig()
 		const cosmetics = useCookie<Cosmetics>('cosmetics', {
 			maxAge: 60 * 60 * 24 * 365 * 10,
 			sameSite: 'lax',
-			secure: true,
+			secure: config.public.cookieSecure,
 			httpOnly: false,
 			path: '/',
 			default: () => ({
diff --git a/apps/frontend/src/plugins/theme/theme-settings.ts b/apps/frontend/src/plugins/theme/theme-settings.ts
index 37333be09c..b8a632288a 100644
--- a/apps/frontend/src/plugins/theme/theme-settings.ts
+++ b/apps/frontend/src/plugins/theme/theme-settings.ts
@@ -8,10 +8,11 @@ interface ThemeSettings {
 export function useThemeSettings(getDefaultTheme?: () => Theme) {
 	getDefaultTheme ??= () => 'dark'
 
+	const config = useRuntimeConfig()
 	const $settings = useCookie<ThemeSettings>('color-mode', {
 		maxAge: 60 * 60 * 24 * 365 * 10,
 		sameSite: 'lax',
-		secure: true,
+		secure: config.public.cookieSecure,
 		httpOnly: false,
 		path: '/',
 	})
diff --git a/apps/frontend/src/templates/emails/index.ts b/apps/frontend/src/templates/emails/index.ts
index 719611b64b..015c1fdeb9 100644
--- a/apps/frontend/src/templates/emails/index.ts
+++ b/apps/frontend/src/templates/emails/index.ts
@@ -32,6 +32,10 @@ export default {
 	'project-invited': () => import('./project/ProjectInvited.vue'),
 	'project-transferred': () => import('./project/ProjectTransferred.vue'),
 
+	// Server
+	'server-invited': () => import('./server/ServerInvited.vue'),
+	'server-invited-no-account': () => import('./server/ServerInvitedNoAccount.vue'),
+
 	// Organizations
 	'organization-invited': () => import('./organization/OrganizationInvited.vue'),
 } as Record<string, () => Promise<{ default: Component }>>
diff --git a/apps/frontend/src/templates/emails/server/ServerInvited.vue b/apps/frontend/src/templates/emails/server/ServerInvited.vue
new file mode 100644
index 0000000000..b3876aa3e3
--- /dev/null
+++ b/apps/frontend/src/templates/emails/server/ServerInvited.vue
@@ -0,0 +1,82 @@
+<script setup lang="ts">
+import { Button, Column, Heading, Link as VLink, Row, Section, Text } from '@vue-email/components'
+
+import StyledEmail from '../shared/StyledEmail.vue'
+</script>
+
+<template>
+	<StyledEmail
+		title="You've been invited to a server"
+		:manual-links="[
+			{ link: 'https://modrinth.com/dashboard/notifications', label: 'Notification dashboard' },
+			{ link: 'https://support.modrinth.com', label: 'Support Portal' },
+		]"
+	>
+		<Heading as="h1" class="mb-2 text-2xl font-bold">You've been invited to a server</Heading>
+
+		<Text class="text-base">Hi <span class="no-auto-link">{user.name}</span>,</Text>
+
+		<Text class="text-base">
+			Modrinth user
+			<b
+				><VLink href="https://modrinth.com/user/{inviter.name}" class="text-green underline">
+					{inviter.name}
+				</VLink></b
+			>
+			has invited you to help manage
+			<b>{server.name}</b>
+			on Modrinth Hosting.
+		</Text>
+
+		<Section class="bg-bg-super mb-4 mt-4 rounded-lg border border-divider pb-4 pl-4 pr-4 pt-4">
+			<Text class="m-0 text-base">
+				You have been invited with the <b>{server.role}</b> role permission.
+			</Text>
+		</Section>
+
+		<Button
+			href="https://modrinth.com/dashboard/notifications"
+			target="_blank"
+			class="text-accentContrast inline-block rounded-[12px] bg-brand pb-3 pl-4 pr-4 pt-3 text-[14px] font-bold"
+		>
+			Review invitation
+		</Button>
+
+		<VLink href="https://modrinth.com/dashboard/notifications">
+			<Text class="text-muted mt-2 break-words text-xs font-bold"
+				>https://modrinth.com/dashboard/notifications</Text
+			>
+		</VLink>
+
+		<Text class="text-base">
+			To accept or reject this invitation, open your Modrinth notifications and review the invite.
+			If you were not expecting this invitation, contact the server owner or reach out to Modrinth
+			Support
+			<VLink href="https://support.modrinth.com" class="text-green underline">
+				through the Support Portal</VLink
+			>.
+		</Text>
+
+		<Section class="border-0 border-t border-solid border-divider pt-4">
+			<Text class="mb-3 mt-0 text-base font-bold">What does my role mean?</Text>
+			<Row>
+				<Column class="pr-2 align-top">
+					<Section class="bg-bg-super rounded-lg border border-divider pb-3 pl-3 pr-3 pt-3">
+						<Text class="m-0 text-xs font-bold uppercase">Editor</Text>
+						<Text class="mb-0 mt-2 text-base">
+							Manage instance content, files, backups, and other settings.
+						</Text>
+					</Section>
+				</Column>
+				<Column class="pl-2 align-top">
+					<Section class="bg-bg-super rounded-lg border border-divider pb-3 pl-3 pr-3 pt-3">
+						<Text class="m-0 text-xs font-bold uppercase">Viewer</Text>
+						<Text class="mb-0 mt-2 text-base">
+							Start, stop, and view the server without making changes.
+						</Text>
+					</Section>
+				</Column>
+			</Row>
+		</Section>
+	</StyledEmail>
+</template>
diff --git a/apps/frontend/src/templates/emails/server/ServerInvitedNoAccount.vue b/apps/frontend/src/templates/emails/server/ServerInvitedNoAccount.vue
new file mode 100644
index 0000000000..07b6f7cbee
--- /dev/null
+++ b/apps/frontend/src/templates/emails/server/ServerInvitedNoAccount.vue
@@ -0,0 +1,80 @@
+<script setup lang="ts">
+import { Button, Column, Heading, Link as VLink, Row, Section, Text } from '@vue-email/components'
+
+import StyledEmail from '../shared/StyledEmail.vue'
+</script>
+
+<template>
+	<StyledEmail
+		title="You've been invited to a server"
+		:manual-links="[
+			{ link: '{serverinvite.url}', label: 'Create account and review invitation' },
+			{ link: 'https://support.modrinth.com', label: 'Support Portal' },
+		]"
+	>
+		<Heading as="h1" class="mb-2 text-2xl font-bold">You've been invited to a server</Heading>
+
+		<Text class="text-base">Hi,</Text>
+
+		<Text class="text-base">
+			Modrinth user
+			<b
+				><VLink href="https://modrinth.com/user/{inviter.name}" class="text-green underline">
+					{inviter.name}
+				</VLink></b
+			>
+			has invited you to help manage
+			<b>{server.name}</b>
+			on Modrinth Hosting.
+		</Text>
+
+		<Section class="bg-bg-super mb-4 mt-4 rounded-lg border border-divider pb-4 pl-4 pr-4 pt-4">
+			<Text class="m-0 text-base">
+				You have been invited with the <b>{server.role}</b> role permission.
+			</Text>
+		</Section>
+
+		<Button
+			href="{serverinvite.url}"
+			target="_blank"
+			class="text-accentContrast inline-block rounded-[12px] bg-brand pb-3 pl-4 pr-4 pt-3 text-[14px] font-bold"
+		>
+			Create account
+		</Button>
+
+		<VLink href="{serverinvite.url}">
+			<Text class="text-muted mt-2 break-words text-xs font-bold">{serverinvite.url}</Text>
+		</VLink>
+
+		<Text class="text-base">
+			To accept or reject this invitation, create a Modrinth account and review the invite from your
+			notifications dashboard. If you were not expecting this invitation, contact the server owner
+			or reach out to Modrinth Support
+			<VLink href="https://support.modrinth.com" class="text-green underline">
+				through the Support Portal</VLink
+			>.
+		</Text>
+
+		<Section class="border-0 border-t border-solid border-divider pt-4">
+			<Text class="mb-3 mt-0 text-base font-bold">What does my role let me do?</Text>
+			<Row>
+				<Column class="pr-2 align-top">
+					<Section class="bg-bg-super rounded-lg border border-divider pb-3 pl-3 pr-3 pt-3">
+						<Text class="m-0 text-xs font-bold uppercase">Editor</Text>
+						<Text class="mb-0 mt-2 text-base">
+							Manage instance content, files, backups, and other settings.
+						</Text>
+					</Section>
+				</Column>
+				<Column class="pl-2 align-top">
+					<Section class="bg-bg-super rounded-lg border border-divider pb-3 pl-3 pr-3 pt-3">
+						<Text class="m-0 text-xs font-bold uppercase">Viewer</Text>
+						<Text class="mb-0 mt-2 text-base">
+							Start, stop, and view the server without making changes.
+						</Text>
+					</Section>
+				</Column>
+			</Row>
+		</Section>
+	</StyledEmail>
+</template>
diff --git a/apps/labrinth/.sqlx/query-6542c79dffa73e462c527f1bd4ba67e658814d7a788259dc4b3874c54cb5ae57.json b/apps/labrinth/.sqlx/query-03d85f360d4c603688d0662d24caee7b59985adba006fb531beb09f195582277.json
similarity index 86%
rename from apps/labrinth/.sqlx/query-6542c79dffa73e462c527f1bd4ba67e658814d7a788259dc4b3874c54cb5ae57.json
rename to apps/labrinth/.sqlx/query-03d85f360d4c603688d0662d24caee7b59985adba006fb531beb09f195582277.json
index 8668834ed4..d134483d44 100644
--- a/apps/labrinth/.sqlx/query-6542c79dffa73e462c527f1bd4ba67e658814d7a788259dc4b3874c54cb5ae57.json
+++ b/apps/labrinth/.sqlx/query-03d85f360d4c603688d0662d24caee7b59985adba006fb531beb09f195582277.json
@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n        SELECT\n            mel.id,\n            mel.title,\n            mel.status,\n            mel.link,\n            mel.exceptions,\n            mel.proof,\n            mel.flame_project_id,\n            mel.inserted_at,\n            mel.inserted_by,\n            mel.updated_at,\n            mel.updated_by\n        FROM moderation_external_licenses mel\n        WHERE ($1::text IS NULL OR mel.title ILIKE '%' || $1 || '%')\n          AND ($2::integer IS NULL OR mel.flame_project_id = $2)\n        ORDER BY mel.id\n        ",
+  "query": "\n        SELECT\n            mel.id,\n            mel.title,\n            mel.status,\n            mel.link,\n            mel.exceptions,\n            mel.proof,\n            mel.flame_project_id,\n            mel.inserted_at,\n            mel.inserted_by,\n            mel.updated_at,\n            mel.updated_by\n        FROM moderation_external_licenses mel\n        WHERE mel.flame_project_id = ANY($1)\n        ORDER BY mel.id\n        ",
   "describe": {
     "columns": [
       {
@@ -61,8 +61,7 @@
     ],
     "parameters": {
       "Left": [
-        "Text",
-        "Int4"
+        "Int4Array"
       ]
     },
     "nullable": [
@@ -79,5 +78,5 @@
       true
     ]
   },
-  "hash": "6542c79dffa73e462c527f1bd4ba67e658814d7a788259dc4b3874c54cb5ae57"
+  "hash": "03d85f360d4c603688d0662d24caee7b59985adba006fb531beb09f195582277"
 }
diff --git a/apps/labrinth/.sqlx/query-0b06b60b7169a3f9ee66c7ec26f94982619e95a78ecb2d3ffa55774b098e0531.json b/apps/labrinth/.sqlx/query-0b06b60b7169a3f9ee66c7ec26f94982619e95a78ecb2d3ffa55774b098e0531.json
new file mode 100644
index 0000000000..ab2e4da34a
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-0b06b60b7169a3f9ee66c7ec26f94982619e95a78ecb2d3ffa55774b098e0531.json
@@ -0,0 +1,32 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        select\n            fa.file_id as \"file_id: DBFileId\",\n            f.url,\n            v.mod_id as \"project_id: DBProjectId\"\n        from file_scans fa\n        inner join files f on f.id = fa.file_id\n        inner join versions v on v.id = f.version_id\n        where fa.attributions_scanned_at is null\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "file_id: DBFileId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "url",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "project_id: DBProjectId",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "0b06b60b7169a3f9ee66c7ec26f94982619e95a78ecb2d3ffa55774b098e0531"
+}
diff --git a/apps/labrinth/.sqlx/query-99749414f92886a904158484661cae8928f78206c1cdf8adb66fde999bbe94d4.json b/apps/labrinth/.sqlx/query-0e9e528a008a9dd24acfabbffcfe8ee4fd48fbae7c6197bfbbf1923e6256658b.json
similarity index 77%
rename from apps/labrinth/.sqlx/query-99749414f92886a904158484661cae8928f78206c1cdf8adb66fde999bbe94d4.json
rename to apps/labrinth/.sqlx/query-0e9e528a008a9dd24acfabbffcfe8ee4fd48fbae7c6197bfbbf1923e6256658b.json
index 890112c0a6..1fb57916d6 100644
--- a/apps/labrinth/.sqlx/query-99749414f92886a904158484661cae8928f78206c1cdf8adb66fde999bbe94d4.json
+++ b/apps/labrinth/.sqlx/query-0e9e528a008a9dd24acfabbffcfe8ee4fd48fbae7c6197bfbbf1923e6256658b.json
@@ -1,6 +1,6 @@
 {
   "db_name": "PostgreSQL",
-  "query": "\n        SELECT\n            mel.id,\n            mel.title,\n            mel.status,\n            mel.link,\n            mel.exceptions,\n            mel.proof,\n            mel.flame_project_id,\n            mel.inserted_at,\n            mel.inserted_by,\n            mel.updated_at,\n            mel.updated_by\n        FROM moderation_external_files mef\n        INNER JOIN moderation_external_licenses mel ON mel.id = mef.external_license_id\n        WHERE mef.sha1 = $1\n        ",
+  "query": "\n        SELECT\n            mel.id,\n            mel.title,\n            mel.status,\n            mel.link,\n            mel.exceptions,\n            mel.proof,\n            mel.flame_project_id,\n            mel.inserted_at,\n            mel.inserted_by,\n            mel.updated_at,\n            mel.updated_by\n        FROM moderation_external_licenses mel\n        WHERE ($1::text IS NULL OR mel.title ILIKE '%' || $1 || '%')\n          AND (\n            ($2::integer IS NULL AND $3::integer[] IS NULL)\n            OR mel.flame_project_id = $2\n            OR mel.flame_project_id = ANY($3)\n          )\n        ORDER BY mel.id\n        ",
   "describe": {
     "columns": [
       {
@@ -61,7 +61,9 @@
     ],
     "parameters": {
       "Left": [
-        "Bytea"
+        "Text",
+        "Int4",
+        "Int4Array"
       ]
     },
     "nullable": [
@@ -78,5 +80,5 @@
       true
     ]
   },
-  "hash": "99749414f92886a904158484661cae8928f78206c1cdf8adb66fde999bbe94d4"
+  "hash": "0e9e528a008a9dd24acfabbffcfe8ee4fd48fbae7c6197bfbbf1923e6256658b"
 }
diff --git a/apps/labrinth/.sqlx/query-147f31c59219c5485531914897618427375b203777a68fd6ece1a50feaf41df9.json b/apps/labrinth/.sqlx/query-147f31c59219c5485531914897618427375b203777a68fd6ece1a50feaf41df9.json
new file mode 100644
index 0000000000..b7e45e18a1
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-147f31c59219c5485531914897618427375b203777a68fd6ece1a50feaf41df9.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            SELECT id\n            FROM notifications\n            WHERE body @> $1::jsonb\n              AND user_id = ANY($2::bigint[])\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Jsonb",
+        "Int8Array"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "147f31c59219c5485531914897618427375b203777a68fd6ece1a50feaf41df9"
+}
diff --git a/apps/labrinth/.sqlx/query-1d27a83fb85c4640c3fc88fc6caa8209973ced0f88d8dbecdac349bbe70930a5.json b/apps/labrinth/.sqlx/query-1d27a83fb85c4640c3fc88fc6caa8209973ced0f88d8dbecdac349bbe70930a5.json
new file mode 100644
index 0000000000..928f02a117
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-1d27a83fb85c4640c3fc88fc6caa8209973ced0f88d8dbecdac349bbe70930a5.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                insert into project_attribution_files (group_id, name, sha1, moderation_external_license_id)\n                values ($1, $2, $3, $4)\n                ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text",
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "1d27a83fb85c4640c3fc88fc6caa8209973ced0f88d8dbecdac349bbe70930a5"
+}
diff --git a/apps/labrinth/.sqlx/query-1d96df0ac64801641f9af796d482d2964c1acf2d03e15b8f1397340d0c994af6.json b/apps/labrinth/.sqlx/query-1d96df0ac64801641f9af796d482d2964c1acf2d03e15b8f1397340d0c994af6.json
new file mode 100644
index 0000000000..25146596a0
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-1d96df0ac64801641f9af796d482d2964c1acf2d03e15b8f1397340d0c994af6.json
@@ -0,0 +1,46 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tselect\n\t\t\tg.id as \"id: DBAttributionGroupId\",\n\t\t\tg.flame_project,\n\t\t\tg.attribution,\n\t\t\tg.attributed_at,\n\t\t\tg.attributed_by as \"attributed_by: i64\"\n\t\tfrom project_attribution_groups g\n\t\twhere g.project_id = $1\n\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id: DBAttributionGroupId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "flame_project",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 2,
+        "name": "attribution",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 3,
+        "name": "attributed_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 4,
+        "name": "attributed_by: i64",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      true,
+      true,
+      true
+    ]
+  },
+  "hash": "1d96df0ac64801641f9af796d482d2964c1acf2d03e15b8f1397340d0c994af6"
+}
diff --git a/apps/labrinth/.sqlx/query-25d6977fa2db63f979fbe391f3475445fa92c9bbb5b034531f5e033a18c2a6a3.json b/apps/labrinth/.sqlx/query-25d6977fa2db63f979fbe391f3475445fa92c9bbb5b034531f5e033a18c2a6a3.json
new file mode 100644
index 0000000000..1fbd6879da
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-25d6977fa2db63f979fbe391f3475445fa92c9bbb5b034531f5e033a18c2a6a3.json
@@ -0,0 +1,88 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT\n            mef.sha1 hash,\n            mel.id,\n            mel.title,\n            mel.status,\n            mel.link,\n            mel.exceptions,\n            mel.proof,\n            mel.flame_project_id,\n            mel.inserted_at,\n            mel.inserted_by,\n            mel.updated_at,\n            mel.updated_by\n        FROM moderation_external_files mef\n        INNER JOIN moderation_external_licenses mel ON mel.id = mef.external_license_id\n        WHERE mef.sha1 = ANY($1)\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "hash",
+        "type_info": "Bytea"
+      },
+      {
+        "ordinal": 1,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 2,
+        "name": "title",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 3,
+        "name": "status",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 4,
+        "name": "link",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 5,
+        "name": "exceptions",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 6,
+        "name": "proof",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 7,
+        "name": "flame_project_id",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 8,
+        "name": "inserted_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 9,
+        "name": "inserted_by",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 10,
+        "name": "updated_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 11,
+        "name": "updated_by",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "ByteaArray"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true
+    ]
+  },
+  "hash": "25d6977fa2db63f979fbe391f3475445fa92c9bbb5b034531f5e033a18c2a6a3"
+}
diff --git a/apps/labrinth/.sqlx/query-2e6bb84f45c0f8ba7bb9b09bf3def4322f727c7af8bd4be49dc4d7c487b925ed.json b/apps/labrinth/.sqlx/query-2e6bb84f45c0f8ba7bb9b09bf3def4322f727c7af8bd4be49dc4d7c487b925ed.json
new file mode 100644
index 0000000000..2c5ee6ec20
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-2e6bb84f45c0f8ba7bb9b09bf3def4322f727c7af8bd4be49dc4d7c487b925ed.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into project_attribution_files (group_id, name, sha1)\n            select $1, unnest($2::text[]), unnest($3::bytea[])\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "TextArray",
+        "ByteaArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "2e6bb84f45c0f8ba7bb9b09bf3def4322f727c7af8bd4be49dc4d7c487b925ed"
+}
diff --git a/apps/labrinth/.sqlx/query-2f56a06b78a810936a77547ab5890943d6aa3e9143a8e2617d025be960880223.json b/apps/labrinth/.sqlx/query-2f56a06b78a810936a77547ab5890943d6aa3e9143a8e2617d025be960880223.json
new file mode 100644
index 0000000000..202c1c4e6d
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-2f56a06b78a810936a77547ab5890943d6aa3e9143a8e2617d025be960880223.json
@@ -0,0 +1,40 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            SELECT mel.id, mel.flame_project_id, mel.status status, mel.link\n            FROM moderation_external_licenses mel\n            WHERE mel.flame_project_id = ANY($1)\n            ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "flame_project_id",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 2,
+        "name": "status",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 3,
+        "name": "link",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int4Array"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      true
+    ]
+  },
+  "hash": "2f56a06b78a810936a77547ab5890943d6aa3e9143a8e2617d025be960880223"
+}
diff --git a/apps/labrinth/.sqlx/query-301959b1ec20a4925f86188bc5e1c0cdd11f0d15004ce9f91fbeefcc3a27f8f4.json b/apps/labrinth/.sqlx/query-301959b1ec20a4925f86188bc5e1c0cdd11f0d15004ce9f91fbeefcc3a27f8f4.json
new file mode 100644
index 0000000000..80c3a445f6
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-301959b1ec20a4925f86188bc5e1c0cdd11f0d15004ce9f91fbeefcc3a27f8f4.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        DELETE FROM project_attribution_groups g\n        WHERE NOT EXISTS (\n            SELECT 1\n            FROM project_attribution_files paf\n            INNER JOIN override_file_sources ofs ON ofs.sha1 = paf.sha1\n            WHERE paf.group_id = g.id\n        )\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": []
+  },
+  "hash": "301959b1ec20a4925f86188bc5e1c0cdd11f0d15004ce9f91fbeefcc3a27f8f4"
+}
diff --git a/apps/labrinth/.sqlx/query-424b975139004d2854d9365ef950984dd1a65e333bb80924b5883df5e7d3cad2.json b/apps/labrinth/.sqlx/query-424b975139004d2854d9365ef950984dd1a65e333bb80924b5883df5e7d3cad2.json
new file mode 100644
index 0000000000..c427ada77e
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-424b975139004d2854d9365ef950984dd1a65e333bb80924b5883df5e7d3cad2.json
@@ -0,0 +1,28 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        select id as \"id: DBAttributionGroupId\", flame_project\n        from project_attribution_groups\n        where project_id = $1 and flame_project is not null\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id: DBAttributionGroupId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "flame_project",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false,
+      true
+    ]
+  },
+  "hash": "424b975139004d2854d9365ef950984dd1a65e333bb80924b5883df5e7d3cad2"
+}
diff --git a/apps/labrinth/.sqlx/query-46e1f1512ff148b532fb382b51b6a5a4a81d3e8bc17886c75bc574cd5662c49f.json b/apps/labrinth/.sqlx/query-46e1f1512ff148b532fb382b51b6a5a4a81d3e8bc17886c75bc574cd5662c49f.json
new file mode 100644
index 0000000000..721cea8be6
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-46e1f1512ff148b532fb382b51b6a5a4a81d3e8bc17886c75bc574cd5662c49f.json
@@ -0,0 +1,46 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        select\n            d.dependent_id as \"version_id: DBVersionId\",\n            d.dependency_file_name as \"file_name!\",\n            pag.attribution,\n            pag.flame_project,\n            pag.project_id as \"project_id: DBProjectId\"\n        from dependencies d\n        inner join files f on f.version_id = d.dependent_id\n        inner join attribution_enforced_versions aev on aev.id = f.version_id\n        inner join override_file_sources ofs on ofs.file_id = f.id\n        inner join project_attribution_files paf on paf.sha1 = ofs.sha1\n        inner join project_attribution_groups pag on pag.id = paf.group_id\n        where d.dependent_id = ANY($1)\n          and d.dependency_file_name is not null\n          and pag.attribution is not null\n          and pag.attribution->>'kind' not in ('no_permission')\n          and (\n            pag.attribution->'moderation_status' is null\n            or pag.attribution->'moderation_status'->>'kind' = 'approved'\n          )\n          and split_part(paf.name, '/', -1) = d.dependency_file_name\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "version_id: DBVersionId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "file_name!",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "attribution",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 3,
+        "name": "flame_project",
+        "type_info": "Jsonb"
+      },
+      {
+        "ordinal": 4,
+        "name": "project_id: DBProjectId",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8Array"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      true,
+      true,
+      false
+    ]
+  },
+  "hash": "46e1f1512ff148b532fb382b51b6a5a4a81d3e8bc17886c75bc574cd5662c49f"
+}
diff --git a/apps/labrinth/.sqlx/query-4fb69c674dca723b6b2cb7bea07d51feb43b2714c1cd6a2987a6fe1f10e2579a.json b/apps/labrinth/.sqlx/query-4fb69c674dca723b6b2cb7bea07d51feb43b2714c1cd6a2987a6fe1f10e2579a.json
new file mode 100644
index 0000000000..76174d70dd
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-4fb69c674dca723b6b2cb7bea07d51feb43b2714c1cd6a2987a6fe1f10e2579a.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tupdate project_attribution_files\n\t\tset group_id = $1\n\t\twhere sha1 = $2\n\t\tand group_id in (\n\t\t\tselect id from project_attribution_groups where project_id = $3\n\t\t)\n\t\t",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "4fb69c674dca723b6b2cb7bea07d51feb43b2714c1cd6a2987a6fe1f10e2579a"
+}
diff --git a/apps/labrinth/.sqlx/query-5f7b9d628d3ff0addc12cfaab68d7cbcca08a89aedeb15ce5926ed87ed8a12c6.json b/apps/labrinth/.sqlx/query-5f7b9d628d3ff0addc12cfaab68d7cbcca08a89aedeb15ce5926ed87ed8a12c6.json
new file mode 100644
index 0000000000..e71a423986
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-5f7b9d628d3ff0addc12cfaab68d7cbcca08a89aedeb15ce5926ed87ed8a12c6.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tupdate project_attribution_files\n\t\tset group_id = $1\n\t\twhere sha1 = $2 and group_id = $3\n\t\t",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "5f7b9d628d3ff0addc12cfaab68d7cbcca08a89aedeb15ce5926ed87ed8a12c6"
+}
diff --git a/apps/labrinth/.sqlx/query-5f847946ce63d3773b9a5822971ee7acaafeed018ce0540b2826bd878f213b87.json b/apps/labrinth/.sqlx/query-5f847946ce63d3773b9a5822971ee7acaafeed018ce0540b2826bd878f213b87.json
new file mode 100644
index 0000000000..a219d084e8
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-5f847946ce63d3773b9a5822971ee7acaafeed018ce0540b2826bd878f213b87.json
@@ -0,0 +1,82 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT\n            id,\n            title,\n            status,\n            link,\n            exceptions,\n            proof,\n            flame_project_id,\n            inserted_at,\n            inserted_by,\n            updated_at,\n            updated_by\n        FROM moderation_external_licenses\n        WHERE id = $1\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "title",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "status",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 3,
+        "name": "link",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 4,
+        "name": "exceptions",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 5,
+        "name": "proof",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 6,
+        "name": "flame_project_id",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 7,
+        "name": "inserted_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 8,
+        "name": "inserted_by",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 9,
+        "name": "updated_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 10,
+        "name": "updated_by",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true
+    ]
+  },
+  "hash": "5f847946ce63d3773b9a5822971ee7acaafeed018ce0540b2826bd878f213b87"
+}
diff --git a/apps/labrinth/.sqlx/query-6320df0491556027ee64fd031797b252c2145ecf179e9ea9a8cedbdc8b7ed622.json b/apps/labrinth/.sqlx/query-6320df0491556027ee64fd031797b252c2145ecf179e9ea9a8cedbdc8b7ed622.json
new file mode 100644
index 0000000000..297814d5ad
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-6320df0491556027ee64fd031797b252c2145ecf179e9ea9a8cedbdc8b7ed622.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tinsert into project_attribution_groups (id, project_id)\n\t\tvalues ($1, $2)\n\t\t",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "6320df0491556027ee64fd031797b252c2145ecf179e9ea9a8cedbdc8b7ed622"
+}
diff --git a/apps/labrinth/.sqlx/query-64c6abc464f2df37372875817ceb67b0e33786fe3dd27c052311356d43b1d601.json b/apps/labrinth/.sqlx/query-64c6abc464f2df37372875817ceb67b0e33786fe3dd27c052311356d43b1d601.json
new file mode 100644
index 0000000000..ee0f3478d5
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-64c6abc464f2df37372875817ceb67b0e33786fe3dd27c052311356d43b1d601.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            INSERT INTO file_scans (file_id)\n            VALUES ($1)\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "64c6abc464f2df37372875817ceb67b0e33786fe3dd27c052311356d43b1d601"
+}
diff --git a/apps/labrinth/.sqlx/query-73f7542b4b6738c4baf1e2a3513645c3bf07a960b7b9fac529f23099675ec0cc.json b/apps/labrinth/.sqlx/query-73f7542b4b6738c4baf1e2a3513645c3bf07a960b7b9fac529f23099675ec0cc.json
new file mode 100644
index 0000000000..1aa6170dcc
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-73f7542b4b6738c4baf1e2a3513645c3bf07a960b7b9fac529f23099675ec0cc.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tselect exists(\n\t\t\tselect 1 from project_attribution_groups where id = $1 and project_id = $2\n\t\t) as \"exists!\"\n\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists!",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Int8"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "73f7542b4b6738c4baf1e2a3513645c3bf07a960b7b9fac529f23099675ec0cc"
+}
diff --git a/apps/labrinth/.sqlx/query-80751dbca09a9dcb469a30fe5b8225e520baf50750a78875f582349610439a55.json b/apps/labrinth/.sqlx/query-80751dbca09a9dcb469a30fe5b8225e520baf50750a78875f582349610439a55.json
new file mode 100644
index 0000000000..b8fc60acc8
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-80751dbca09a9dcb469a30fe5b8225e520baf50750a78875f582349610439a55.json
@@ -0,0 +1,14 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        insert into file_scans (file_id, attributions_scanned_at)\n        values ($1, now())\n        on conflict (file_id) do update set attributions_scanned_at = now()\n        ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "80751dbca09a9dcb469a30fe5b8225e520baf50750a78875f582349610439a55"
+}
diff --git a/apps/labrinth/.sqlx/query-8820a5985291c159c98371c9650092e3eba21c81e3b3386be779978aff30451a.json b/apps/labrinth/.sqlx/query-8820a5985291c159c98371c9650092e3eba21c81e3b3386be779978aff30451a.json
deleted file mode 100644
index 18d5cf1b83..0000000000
--- a/apps/labrinth/.sqlx/query-8820a5985291c159c98371c9650092e3eba21c81e3b3386be779978aff30451a.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "db_name": "PostgreSQL",
-  "query": "\n        SELECT DISTINCT ON (dr.id)\n            to_jsonb(dr)\n            || jsonb_build_object(\n                'report_id', dr.id,\n                'file_id', to_base62(f.id),\n                'version_id', to_base62(v.id),\n                'project_id', to_base62(v.mod_id),\n                'file_name', f.filename,\n                'file_size', f.size,\n                'flag_reason', 'delphi',\n                'download_url', f.url,\n                -- TODO: replace with `json_array` in Postgres 16\n                'issues', (\n                    SELECT json_agg(\n                        to_jsonb(dri)\n                        || jsonb_build_object(\n                            -- TODO: replace with `json_array` in Postgres 16\n                            'details', (\n                                SELECT coalesce(jsonb_agg(\n                                    jsonb_build_object(\n                                        'id', didws.id,\n                                        'issue_id', didws.issue_id,\n                                        'key', didws.key,\n                                        'file_path', didws.file_path,\n                                        'decompiled_source', didws.decompiled_source,\n                                        'data', didws.data,\n                                        'severity', didws.severity,\n                                        'status', didws.status\n                                    )\n                                ), '[]'::jsonb)\n                                FROM delphi_issue_details_with_statuses didws\n                                WHERE didws.issue_id = dri.id\n                            )\n                        )\n                    )\n                    FROM delphi_report_issues dri\n                    WHERE\n                        dri.report_id = dr.id\n                        -- see delphi.rs todo comment\n                        AND dri.issue_type != '__dummy'\n                )\n            ) AS \"data!: sqlx::types::Json<FileReport>\"\n        FROM delphi_reports dr\n        INNER JOIN files f ON f.id = dr.file_id\n        INNER JOIN versions v ON v.id = f.version_id\n        WHERE dr.id = $1\n        ",
-  "describe": {
-    "columns": [
-      {
-        "ordinal": 0,
-        "name": "data!: sqlx::types::Json<FileReport>",
-        "type_info": "Jsonb"
-      }
-    ],
-    "parameters": {
-      "Left": [
-        "Int8"
-      ]
-    },
-    "nullable": [
-      null
-    ]
-  },
-  "hash": "8820a5985291c159c98371c9650092e3eba21c81e3b3386be779978aff30451a"
-}
diff --git a/apps/labrinth/.sqlx/query-8ffcb0c2bd82eaf64b143745adab359db6fcc448d6306292a7b345277a075883.json b/apps/labrinth/.sqlx/query-8ffcb0c2bd82eaf64b143745adab359db6fcc448d6306292a7b345277a075883.json
new file mode 100644
index 0000000000..3da4278f04
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-8ffcb0c2bd82eaf64b143745adab359db6fcc448d6306292a7b345277a075883.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "SELECT EXISTS(SELECT 1 FROM project_attribution_groups WHERE id=$1)",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "exists",
+        "type_info": "Bool"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "8ffcb0c2bd82eaf64b143745adab359db6fcc448d6306292a7b345277a075883"
+}
diff --git a/apps/labrinth/.sqlx/query-944286604bdef4ee40f79af358d1b68cc93bfd2067619d9cc1d03013f73e5424.json b/apps/labrinth/.sqlx/query-944286604bdef4ee40f79af358d1b68cc93bfd2067619d9cc1d03013f73e5424.json
new file mode 100644
index 0000000000..06e8fd3198
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-944286604bdef4ee40f79af358d1b68cc93bfd2067619d9cc1d03013f73e5424.json
@@ -0,0 +1,82 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\t\t\tselect\n\t\t\t\t\tid,\n\t\t\t\t\ttitle,\n\t\t\t\t\tstatus,\n\t\t\t\t\tlink,\n\t\t\t\t\texceptions,\n\t\t\t\t\tproof,\n\t\t\t\t\tflame_project_id,\n\t\t\t\t\tinserted_at,\n\t\t\t\t\tinserted_by,\n\t\t\t\t\tupdated_at,\n\t\t\t\t\tupdated_by\n\t\t\t\tfrom moderation_external_licenses\n\t\t\t\twhere id = ANY($1)\n\t\t\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "title",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 2,
+        "name": "status",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 3,
+        "name": "link",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 4,
+        "name": "exceptions",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 5,
+        "name": "proof",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 6,
+        "name": "flame_project_id",
+        "type_info": "Int4"
+      },
+      {
+        "ordinal": 7,
+        "name": "inserted_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 8,
+        "name": "inserted_by",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 9,
+        "name": "updated_at",
+        "type_info": "Timestamptz"
+      },
+      {
+        "ordinal": 10,
+        "name": "updated_by",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8Array"
+      ]
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true,
+      true
+    ]
+  },
+  "hash": "944286604bdef4ee40f79af358d1b68cc93bfd2067619d9cc1d03013f73e5424"
+}
diff --git a/apps/labrinth/.sqlx/query-94920d66b27503c84744d41cb2b44dd213bb461596046488eaab0b62b0fe83c5.json b/apps/labrinth/.sqlx/query-94920d66b27503c84744d41cb2b44dd213bb461596046488eaab0b62b0fe83c5.json
new file mode 100644
index 0000000000..7b1815f835
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-94920d66b27503c84744d41cb2b44dd213bb461596046488eaab0b62b0fe83c5.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tupdate project_attribution_groups\n\t\tset attribution = $1, attributed_at = now(), attributed_by = $3\n\t\twhere id = $2\n\t\t",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Jsonb",
+        "Int8",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "94920d66b27503c84744d41cb2b44dd213bb461596046488eaab0b62b0fe83c5"
+}
diff --git a/apps/labrinth/.sqlx/query-95750cd616b72347fb997c3b02a3d69f13be5993c1fd2e302761089c499fb015.json b/apps/labrinth/.sqlx/query-95750cd616b72347fb997c3b02a3d69f13be5993c1fd2e302761089c499fb015.json
new file mode 100644
index 0000000000..07c051f897
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-95750cd616b72347fb997c3b02a3d69f13be5993c1fd2e302761089c499fb015.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into project_attribution_files (group_id, name, sha1, moderation_external_license_id)\n            values ($1, $2, $3, $4)\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text",
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "95750cd616b72347fb997c3b02a3d69f13be5993c1fd2e302761089c499fb015"
+}
diff --git a/apps/labrinth/.sqlx/query-968904f577c2c696c6222e19cc145bce0e845f2ab9f8629b0789a4861bddb4dc.json b/apps/labrinth/.sqlx/query-968904f577c2c696c6222e19cc145bce0e845f2ab9f8629b0789a4861bddb4dc.json
new file mode 100644
index 0000000000..1a588c429d
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-968904f577c2c696c6222e19cc145bce0e845f2ab9f8629b0789a4861bddb4dc.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            update file_scans\n            set attributions_scanned_at = now\n            from unnest($1::bigint[], $2::timestamptz[]) as u(id, now)\n            where file_scans.file_id = u.id\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8Array",
+        "TimestamptzArray"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "968904f577c2c696c6222e19cc145bce0e845f2ab9f8629b0789a4861bddb4dc"
+}
diff --git a/apps/labrinth/.sqlx/query-a29d71466a0842f634d0a068a45951273c087bc112a9848e9bdda37c7fe61747.json b/apps/labrinth/.sqlx/query-a29d71466a0842f634d0a068a45951273c087bc112a9848e9bdda37c7fe61747.json
new file mode 100644
index 0000000000..174fafcae6
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-a29d71466a0842f634d0a068a45951273c087bc112a9848e9bdda37c7fe61747.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT DISTINCT user_id\n        FROM notifications\n        WHERE user_id = ANY($1::bigint[]) AND body = $2::jsonb\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "user_id",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8Array",
+        "Jsonb"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "a29d71466a0842f634d0a068a45951273c087bc112a9848e9bdda37c7fe61747"
+}
diff --git a/apps/labrinth/.sqlx/query-b471add519874a6364b7a9cdbfa3a8e6f5a8a1ac9a7bacbce378f7995eb48664.json b/apps/labrinth/.sqlx/query-b471add519874a6364b7a9cdbfa3a8e6f5a8a1ac9a7bacbce378f7995eb48664.json
new file mode 100644
index 0000000000..e4cde72b9a
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-b471add519874a6364b7a9cdbfa3a8e6f5a8a1ac9a7bacbce378f7995eb48664.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into project_attribution_groups (id, project_id)\n            values ($1, $2)\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "b471add519874a6364b7a9cdbfa3a8e6f5a8a1ac9a7bacbce378f7995eb48664"
+}
diff --git a/apps/labrinth/.sqlx/query-b782ed64e0df1e83623c8a8e55c00716f5338c85b6dfbb15c3465ff0cec339a7.json b/apps/labrinth/.sqlx/query-b782ed64e0df1e83623c8a8e55c00716f5338c85b6dfbb15c3465ff0cec339a7.json
new file mode 100644
index 0000000000..af1927f767
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-b782ed64e0df1e83623c8a8e55c00716f5338c85b6dfbb15c3465ff0cec339a7.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tselect paf.group_id\n\t\tfrom project_attribution_files paf\n\t\tinner join project_attribution_groups pag on pag.id = paf.group_id\n\t\twhere paf.sha1 = $1 and pag.project_id = $2\n\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "group_id",
+        "type_info": "Int8"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "b782ed64e0df1e83623c8a8e55c00716f5338c85b6dfbb15c3465ff0cec339a7"
+}
diff --git a/apps/labrinth/.sqlx/query-bb7c239e2b424557f260c56c01e15ab8b0ec04d76a55a50888d28e6c5d3948bc.json b/apps/labrinth/.sqlx/query-bb7c239e2b424557f260c56c01e15ab8b0ec04d76a55a50888d28e6c5d3948bc.json
new file mode 100644
index 0000000000..316779bfde
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-bb7c239e2b424557f260c56c01e15ab8b0ec04d76a55a50888d28e6c5d3948bc.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tselect attribution\n\t\tfrom project_attribution_groups\n\t\twhere id = $1\n\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "attribution",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "bb7c239e2b424557f260c56c01e15ab8b0ec04d76a55a50888d28e6c5d3948bc"
+}
diff --git a/apps/labrinth/.sqlx/query-c39e1f0d820101ac1b19a3849254b03259f38f3de9ddca32e6189a7e015dd853.json b/apps/labrinth/.sqlx/query-c39e1f0d820101ac1b19a3849254b03259f38f3de9ddca32e6189a7e015dd853.json
new file mode 100644
index 0000000000..19a77c556c
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-c39e1f0d820101ac1b19a3849254b03259f38f3de9ddca32e6189a7e015dd853.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into project_attribution_files (group_id, name, sha1)\n            values ($1, $2, $3)\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Text",
+        "Bytea"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "c39e1f0d820101ac1b19a3849254b03259f38f3de9ddca32e6189a7e015dd853"
+}
diff --git a/apps/labrinth/.sqlx/query-ce9b408d416b4782ad501e14cb1ff006964818e81855bb299b269ffaa4c3f7fa.json b/apps/labrinth/.sqlx/query-ce9b408d416b4782ad501e14cb1ff006964818e81855bb299b269ffaa4c3f7fa.json
new file mode 100644
index 0000000000..9d4ffdf994
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-ce9b408d416b4782ad501e14cb1ff006964818e81855bb299b269ffaa4c3f7fa.json
@@ -0,0 +1,29 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tselect paf.group_id, paf.name from project_attribution_files paf\n\t\tinner join project_attribution_groups pag on pag.id = paf.group_id\n\t\twhere paf.sha1 = $1 and pag.project_id = $2\n\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "group_id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "name",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Bytea",
+        "Int8"
+      ]
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "ce9b408d416b4782ad501e14cb1ff006964818e81855bb299b269ffaa4c3f7fa"
+}
diff --git a/apps/labrinth/.sqlx/query-d9cd479a00fa1bdef23ad3ed781e0ab992b0305f07d5194a9166e5babb1dd44a.json b/apps/labrinth/.sqlx/query-d9cd479a00fa1bdef23ad3ed781e0ab992b0305f07d5194a9166e5babb1dd44a.json
new file mode 100644
index 0000000000..fe31b3371b
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-d9cd479a00fa1bdef23ad3ed781e0ab992b0305f07d5194a9166e5babb1dd44a.json
@@ -0,0 +1,34 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        select distinct f.version_id as \"version_id: DBVersionId\", f.id as \"file_id: DBFileId\",\n            pag.flame_project\n        from files f\n        inner join attribution_enforced_versions aev on aev.id = f.version_id\n        inner join override_file_sources ofs on ofs.file_id = f.id\n        inner join project_attribution_files paf on paf.sha1 = ofs.sha1\n        inner join project_attribution_groups pag on pag.id = paf.group_id\n        where f.version_id = ANY($1)\n          and (\n            pag.attribution is null\n            or pag.attribution->>'kind' = 'no_permission'\n            or (\n              pag.attribution->'moderation_status' is not null\n              and pag.attribution->'moderation_status'->>'kind' != 'approved'\n            )\n          )\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "version_id: DBVersionId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "file_id: DBFileId",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 2,
+        "name": "flame_project",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8Array"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "d9cd479a00fa1bdef23ad3ed781e0ab992b0305f07d5194a9166e5babb1dd44a"
+}
diff --git a/apps/labrinth/.sqlx/query-dac21bfc23fe361a6133e69892224351aefa03f14efec1be31a21441419e19b9.json b/apps/labrinth/.sqlx/query-dac21bfc23fe361a6133e69892224351aefa03f14efec1be31a21441419e19b9.json
new file mode 100644
index 0000000000..8565cb6fbd
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-dac21bfc23fe361a6133e69892224351aefa03f14efec1be31a21441419e19b9.json
@@ -0,0 +1,40 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\t\tselect id, name, version_number, date_published\n\t\t\tfrom versions\n\t\t\twhere id = ANY($1)\n\t\t\torder by date_published desc\n\t\t\t",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 1,
+        "name": "name",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 2,
+        "name": "version_number",
+        "type_info": "Varchar"
+      },
+      {
+        "ordinal": 3,
+        "name": "date_published",
+        "type_info": "Timestamptz"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8Array"
+      ]
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "dac21bfc23fe361a6133e69892224351aefa03f14efec1be31a21441419e19b9"
+}
diff --git a/apps/labrinth/.sqlx/query-df7652db8624e291447975b1d9b2151b1627316fbaaea4914607d66869670375.json b/apps/labrinth/.sqlx/query-df7652db8624e291447975b1d9b2151b1627316fbaaea4914607d66869670375.json
new file mode 100644
index 0000000000..2456b3554f
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-df7652db8624e291447975b1d9b2151b1627316fbaaea4914607d66869670375.json
@@ -0,0 +1,17 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into project_attribution_groups (id, project_id, attribution, flame_project)\n            values ($1, $2, $3, $4)\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Int8",
+        "Jsonb",
+        "Jsonb"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "df7652db8624e291447975b1d9b2151b1627316fbaaea4914607d66869670375"
+}
diff --git a/apps/labrinth/.sqlx/query-e4b58fe6e5d19ded48ab9e457b4e96fb51c8f74a7532bb9ab2e7a945b95bbe78.json b/apps/labrinth/.sqlx/query-e4b58fe6e5d19ded48ab9e457b4e96fb51c8f74a7532bb9ab2e7a945b95bbe78.json
new file mode 100644
index 0000000000..91a7a9c5c8
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-e4b58fe6e5d19ded48ab9e457b4e96fb51c8f74a7532bb9ab2e7a945b95bbe78.json
@@ -0,0 +1,23 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        select paf.sha1 from project_attribution_files paf\n        inner join project_attribution_groups pag on pag.id = paf.group_id\n        where pag.project_id = $1 and paf.sha1 = ANY($2)\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "sha1",
+        "type_info": "Bytea"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "ByteaArray"
+      ]
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "e4b58fe6e5d19ded48ab9e457b4e96fb51c8f74a7532bb9ab2e7a945b95bbe78"
+}
diff --git a/apps/labrinth/.sqlx/query-e7a0481729efa9cba6140effcdddff1a076eb7269d5b22860db3e3d1a651f6eb.json b/apps/labrinth/.sqlx/query-e7a0481729efa9cba6140effcdddff1a076eb7269d5b22860db3e3d1a651f6eb.json
new file mode 100644
index 0000000000..0b7cf69e9c
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-e7a0481729efa9cba6140effcdddff1a076eb7269d5b22860db3e3d1a651f6eb.json
@@ -0,0 +1,15 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n            insert into override_file_sources (sha1, file_id)\n            select unnest($1::bytea[]), $2\n            on conflict do nothing\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "ByteaArray",
+        "Int8"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "e7a0481729efa9cba6140effcdddff1a076eb7269d5b22860db3e3d1a651f6eb"
+}
diff --git a/apps/labrinth/.sqlx/query-ed027c5571c34ff4fd1ac50e96f257b0055c9497d2699927b34829490e7a2529.json b/apps/labrinth/.sqlx/query-ed027c5571c34ff4fd1ac50e96f257b0055c9497d2699927b34829490e7a2529.json
new file mode 100644
index 0000000000..1b14566eb0
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-ed027c5571c34ff4fd1ac50e96f257b0055c9497d2699927b34829490e7a2529.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n\t\tdelete from project_attribution_groups g\n\t\twhere not exists (\n\t\t\tselect 1 from project_attribution_files f where f.group_id = g.id\n\t\t)\n\t\t",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": []
+    },
+    "nullable": []
+  },
+  "hash": "ed027c5571c34ff4fd1ac50e96f257b0055c9497d2699927b34829490e7a2529"
+}
diff --git a/apps/labrinth/.sqlx/query-f9131eb55490b96851ac3760e3199d2fd2dbb3d212cb2b8687dda8ba0fad2a80.json b/apps/labrinth/.sqlx/query-f9131eb55490b96851ac3760e3199d2fd2dbb3d212cb2b8687dda8ba0fad2a80.json
new file mode 100644
index 0000000000..0ccd35ecd7
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-f9131eb55490b96851ac3760e3199d2fd2dbb3d212cb2b8687dda8ba0fad2a80.json
@@ -0,0 +1,16 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n                insert into project_attribution_groups (id, project_id, flame_project)\n                values ($1, $2, $3)\n                ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Left": [
+        "Int8",
+        "Int8",
+        "Jsonb"
+      ]
+    },
+    "nullable": []
+  },
+  "hash": "f9131eb55490b96851ac3760e3199d2fd2dbb3d212cb2b8687dda8ba0fad2a80"
+}
diff --git a/apps/labrinth/.sqlx/query-f9b96c70c83f1bf0112243602843abae6ddc8851fc623ccf0a23f87567763485.json b/apps/labrinth/.sqlx/query-f9b96c70c83f1bf0112243602843abae6ddc8851fc623ccf0a23f87567763485.json
new file mode 100644
index 0000000000..17bdd2c3af
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-f9b96c70c83f1bf0112243602843abae6ddc8851fc623ccf0a23f87567763485.json
@@ -0,0 +1,40 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT encode(mef.sha1, 'escape') sha1, mel.id, mel.status status, mel.link\n        FROM moderation_external_files mef\n        INNER JOIN moderation_external_licenses mel ON mef.external_license_id = mel.id\n        WHERE mef.sha1 = ANY($1)\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "sha1",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 1,
+        "name": "id",
+        "type_info": "Int8"
+      },
+      {
+        "ordinal": 2,
+        "name": "status",
+        "type_info": "Text"
+      },
+      {
+        "ordinal": 3,
+        "name": "link",
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "ByteaArray"
+      ]
+    },
+    "nullable": [
+      null,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "f9b96c70c83f1bf0112243602843abae6ddc8851fc623ccf0a23f87567763485"
+}
diff --git a/apps/labrinth/.sqlx/query-fe4ff6ab40fe3dc3d474c0c23c9dba514c66ac30e573fc5f4e44ed7ff360d3d6.json b/apps/labrinth/.sqlx/query-fe4ff6ab40fe3dc3d474c0c23c9dba514c66ac30e573fc5f4e44ed7ff360d3d6.json
new file mode 100644
index 0000000000..99a5a8243f
--- /dev/null
+++ b/apps/labrinth/.sqlx/query-fe4ff6ab40fe3dc3d474c0c23c9dba514c66ac30e573fc5f4e44ed7ff360d3d6.json
@@ -0,0 +1,22 @@
+{
+  "db_name": "PostgreSQL",
+  "query": "\n        SELECT DISTINCT ON (dr.id)\n            to_jsonb(dr)\n            || jsonb_build_object(\n                'report_id', dr.id,\n                'file_id', to_base62(f.id),\n                'version_id', to_base62(v.id),\n                'project_id', to_base62(v.mod_id),\n                'file_name', f.filename,\n                'file_size', f.size,\n                'flag_reason', 'delphi',\n                'download_url', f.url,\n                -- TODO: replace with `json_array` in Postgres 16\n\t\t\t\t'issues', (\n\t\t\t\t\tSELECT coalesce(json_agg(\n\t\t\t\t\t\tto_jsonb(dri)\n\t\t\t\t\t\t|| jsonb_build_object(\n\t\t\t\t\t\t\t-- TODO: replace with `json_array` in Postgres 16\n\t\t\t\t\t\t\t'details', (\n\t\t\t\t\t\t\t\tSELECT coalesce(jsonb_agg(\n                                    jsonb_build_object(\n                                        'id', didws.id,\n                                        'issue_id', didws.issue_id,\n                                        'key', didws.key,\n                                        'file_path', didws.file_path,\n                                        'decompiled_source', didws.decompiled_source,\n                                        'data', didws.data,\n                                        'severity', didws.severity,\n                                        'status', didws.status\n                                    )\n                                ), '[]'::jsonb)\n                                FROM delphi_issue_details_with_statuses didws\n                                WHERE didws.issue_id = dri.id\n                            )\n\t\t\t\t\t\t)\n\t\t\t\t\t), '[]'::json)\n\t\t\t\t\tFROM delphi_report_issues dri\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tdri.report_id = dr.id\n                        -- see delphi.rs todo comment\n                        AND dri.issue_type != '__dummy'\n                )\n            ) AS \"data!: sqlx::types::Json<FileReport>\"\n        FROM delphi_reports dr\n        INNER JOIN files f ON f.id = dr.file_id\n        INNER JOIN versions v ON v.id = f.version_id\n        WHERE dr.id = $1\n        ",
+  "describe": {
+    "columns": [
+      {
+        "ordinal": 0,
+        "name": "data!: sqlx::types::Json<FileReport>",
+        "type_info": "Jsonb"
+      }
+    ],
+    "parameters": {
+      "Left": [
+        "Int8"
+      ]
+    },
+    "nullable": [
+      null
+    ]
+  },
+  "hash": "fe4ff6ab40fe3dc3d474c0c23c9dba514c66ac30e573fc5f4e44ed7ff360d3d6"
+}
diff --git a/apps/labrinth/AGENTS.md~HEAD b/apps/labrinth/AGENTS.md~HEAD
new file mode 100644
index 0000000000..0b73458d53
--- /dev/null
+++ b/apps/labrinth/AGENTS.md~HEAD
@@ -0,0 +1,34 @@
+# Labrinth
+
+Labrinth is the backend API service for Modrinth, written in Rust.
+
+## Code style
+
+- When writing `sqlx` queries, NEVER use `query` directly. Always prefer using the `query!`, `query_as!`, `query_scalar!` macros.
+
+## Pre-PR Checks
+
+When the user refers to "perform[ing] pre-PR checks", do the following:
+
+- Run `cargo clippy -p labrinth --all-targets` — there must be ZERO warnings, otherwise CI will fail
+- DO NOT run tests unless explicitly requested (they take a long time)
+- Prepare the sqlx cache: cd into `apps/labrinth` and run `cargo sqlx prepare -- --tests`
+	- NEVER run `cargo sqlx prepare --workspace`
+
+## Testing
+
+- Run `cargo test -p labrinth --all-targets` to test your changes — all tests must pass
+
+## Local Services
+
+- Read the root `docker-compose.yml` to see what running services are available while developing
+- Use `docker exec` to access these services
+
+### Clickhouse
+
+- Access: `docker exec labrinth-clickhouse clickhouse-client`
+- Database: `staging_ariadne`
+
+### Postgres
+
+- Access: `docker exec labrinth-postgres psql -U labrinth -d labrinth -c "<query>"`
diff --git a/apps/labrinth/migrations/20260423114534_project_attribution.sql b/apps/labrinth/migrations/20260423114534_project_attribution.sql
new file mode 100644
index 0000000000..805d85d870
--- /dev/null
+++ b/apps/labrinth/migrations/20260423114534_project_attribution.sql
@@ -0,0 +1,33 @@
+create table file_scans (
+	file_id bigint primary key references files(id),
+	-- if a file..
+	-- - does not have a row
+	--   -> was created before attributions system
+	-- - has a row, but `attributions_scanned_at = null`
+	--   -> still needs to be scanned
+	-- - has a row, and `attributions_scanned_at` is not null
+	--   -> attributions have been scanned
+	attributions_scanned_at timestamptz
+);
+
+create table project_attribution_groups (
+	id bigint primary key,
+	project_id bigint not null references mods(id),
+	flame_project jsonb,
+	attribution jsonb,
+	attributed_at timestamptz,
+	attributed_by bigint references users(id)
+);
+create index on project_attribution_groups (project_id);
+
+create table project_attribution_files (
+	group_id bigint not null references project_attribution_groups(id),
+	name text not null,
+	sha1 bytea not null
+);
+
+create table override_file_sources (
+	sha1 bytea not null,
+	file_id bigint not null references files(id),
+	primary key (sha1, file_id)
+);
diff --git a/apps/labrinth/migrations/20260519143157_fix_file_attribution_deletion.sql b/apps/labrinth/migrations/20260519143157_fix_file_attribution_deletion.sql
new file mode 100644
index 0000000000..473dbda6e9
--- /dev/null
+++ b/apps/labrinth/migrations/20260519143157_fix_file_attribution_deletion.sql
@@ -0,0 +1,19 @@
+alter table file_scans
+	drop constraint file_scans_file_id_fkey,
+	add constraint file_scans_file_id_fkey
+		foreign key (file_id) references files(id) on delete cascade;
+
+alter table project_attribution_groups
+	drop constraint project_attribution_groups_project_id_fkey,
+	add constraint project_attribution_groups_project_id_fkey
+		foreign key (project_id) references mods(id) on delete cascade;
+
+alter table project_attribution_files
+	drop constraint project_attribution_files_group_id_fkey,
+	add constraint project_attribution_files_group_id_fkey
+		foreign key (group_id) references project_attribution_groups(id) on delete cascade;
+
+alter table override_file_sources
+	drop constraint override_file_sources_file_id_fkey,
+	add constraint override_file_sources_file_id_fkey
+		foreign key (file_id) references files(id) on delete cascade;
diff --git a/apps/labrinth/migrations/20260521120000_project_attribution_external_license.sql b/apps/labrinth/migrations/20260521120000_project_attribution_external_license.sql
new file mode 100644
index 0000000000..5820106844
--- /dev/null
+++ b/apps/labrinth/migrations/20260521120000_project_attribution_external_license.sql
@@ -0,0 +1,20 @@
+alter table project_attribution_files
+	add column moderation_external_license_id bigint references moderation_external_licenses(id);
+
+create table version_attribution_exemptions (
+	version_id bigint primary key references versions(id) on delete cascade
+);
+
+create view attribution_enforced_versions as
+select v.id
+from versions v
+left join version_attribution_exemptions vae on vae.version_id = v.id
+where vae.version_id is null;
+
+-- grandfathering migration:
+-- insert into version_attribution_exemptions (version_id)
+-- select v.id
+-- from versions v
+-- inner join mods m on m.id = v.mod_id
+-- where m.status in ('approved', 'unlisted', 'archived', 'private', 'scheduled', 'withheld')
+-- on conflict do nothing;
diff --git a/apps/labrinth/migrations/20260525120000_server-invite-notification.sql b/apps/labrinth/migrations/20260525120000_server-invite-notification.sql
new file mode 100644
index 0000000000..db1fb6758c
--- /dev/null
+++ b/apps/labrinth/migrations/20260525120000_server-invite-notification.sql
@@ -0,0 +1,28 @@
+INSERT INTO notifications_types
+	(name, delivery_priority, expose_in_user_preferences, expose_in_site_notifications)
+VALUES ('server_invite', 1, FALSE, TRUE);
+
+INSERT INTO users_notifications_preferences (user_id, channel, notification_type, enabled)
+VALUES (NULL, 'email', 'server_invite', FALSE);
+
+INSERT INTO notifications_templates
+	(channel, notification_type, subject_line, body_fetch_url, plaintext_fallback)
+VALUES
+	(
+		'email',
+		'server_invite',
+		'You''ve been invited to a server',
+		'https://modrinth.com/_internal/templates/email/server-invited',
+		CONCAT(
+			'Hi {user.name},',
+			CHR(10),
+			CHR(10),
+			'Modrinth user {inviter.name} has invited you to help manage {server.name} on Modrinth Hosting with the {server.role} role.',
+			CHR(10),
+			CHR(10),
+			'To accept or reject this invitation, open your Modrinth notifications: https://modrinth.com/dashboard/notifications',
+			CHR(10),
+			CHR(10),
+			'If you were not expecting this invitation, contact the server owner or reach out to Modrinth Support at https://support.modrinth.com'
+		)
+	);
diff --git a/apps/labrinth/src/auth/checks.rs b/apps/labrinth/src/auth/checks.rs
index 329e071042..f8a2bc24a8 100644
--- a/apps/labrinth/src/auth/checks.rs
+++ b/apps/labrinth/src/auth/checks.rs
@@ -5,11 +5,49 @@ use crate::database::models::version_item::VersionQueryResult;
 use crate::database::models::{DBCollection, DBOrganization, DBTeamMember};
 use crate::database::redis::RedisPool;
 use crate::database::{DBProject, DBVersion, models};
+use crate::models::ids::FileId;
+use crate::models::projects::{
+    DependencyAttribution, MissingAttributionFile, OverrideSource, Version,
+};
 use crate::models::users::User;
+use crate::queue::file_scan::{
+    DependencyAttributionData, get_dependency_attributions,
+    get_files_missing_attribution,
+};
 use crate::routes::ApiError;
 use futures::TryStreamExt;
 use itertools::Itertools;
 
+pub fn enrich_dependency_attributions(
+    version: &mut Version,
+    dep_attr: &std::collections::HashMap<
+        (database::models::ids::DBVersionId, String),
+        DependencyAttributionData,
+    >,
+) {
+    let version_id = database::models::ids::DBVersionId(version.id.0 as i64);
+    for dep in &mut version.dependencies {
+        if let Some(file_name) = &dep.file_name
+            && let Some(attr) = dep_attr.get(&(version_id, file_name.clone()))
+        {
+            let attribution = DependencyAttribution {
+                link: attr.link.clone().and_then(|u| u.parse().ok()),
+                icon_url: attr.icon_url.clone().and_then(|u| u.parse().ok()),
+                license: attr
+                    .license
+                    .clone()
+                    .and_then(|v| serde_json::from_value(v).ok()),
+            };
+            if attribution.link.is_some()
+                || attribution.icon_url.is_some()
+                || attribution.license.is_some()
+            {
+                dep.attribution = Some(attribution);
+            }
+        }
+    }
+}
+
 pub trait ValidateAuthorized {
     fn validate_authorized(
         &self,
@@ -204,7 +242,45 @@ pub async fn filter_visible_versions(
     )
     .await?;
     versions.retain(|x| filtered_version_ids.contains(&x.inner.id));
-    Ok(versions.into_iter().map(|x| x.into()).collect())
+
+    let version_ids: Vec<_> = versions.iter().map(|v| v.inner.id).collect();
+    let missing = get_files_missing_attribution(pool, &version_ids)
+        .await
+        .unwrap_or_default();
+
+    let dep_attr = get_dependency_attributions(pool, &version_ids)
+        .await
+        .unwrap_or_default();
+
+    Ok(versions
+        .into_iter()
+        .map(|v| {
+            let files_missing = missing
+                .get(&v.inner.id)
+                .map(|entries| {
+                    entries
+                        .iter()
+                        .map(|(id, fp)| MissingAttributionFile {
+                            id: FileId(id.0 as u64),
+                            override_source: fp
+                                .as_ref()
+                                .map(|p| OverrideSource::Flame {
+                                    id: p.id,
+                                    title: p.title.clone(),
+                                    url: p.url.clone(),
+                                    icon_url: p.icon_url.clone(),
+                                })
+                                .or(Some(OverrideSource::Unknown)),
+                        })
+                        .collect::<Vec<_>>()
+                })
+                .unwrap_or_default();
+            let mut version = Version::from(v);
+            version.files_missing_attribution = files_missing;
+            enrich_dependency_attributions(&mut version, &dep_attr);
+            version
+        })
+        .collect())
 }
 
 impl ValidateAuthorized for models::DBOAuthClient {
@@ -258,13 +334,20 @@ pub async fn filter_visible_version_ids(
         filter_enlisted_version_ids(versions.clone(), user_option, pool, redis)
             .await?;
 
+    let version_ids: Vec<_> = versions.iter().map(|v| v.id).collect();
+    let withheld_versions = get_files_missing_attribution(pool, &version_ids)
+        .await
+        .unwrap_or_default();
+
     // Return versions that are not hidden, we are a mod of, or we are enlisted on the team of
     for version in versions {
+        let is_withheld = withheld_versions.contains_key(&version.id);
         // We can see the version if:
-        // - it's not hidden and we can see the project
+        // - it's not hidden and we can see the project and it's not withheld for attribution
         // - we are a mod
         // - we are enlisted on the team of the mod
         if (!version.status.is_hidden()
+            && !is_withheld
             && visible_project_ids.contains(&version.project_id))
             || user_option.as_ref().is_some_and(|x| x.role.is_mod())
             || enlisted_version_ids.contains(&version.id)
diff --git a/apps/labrinth/src/background_task.rs b/apps/labrinth/src/background_task.rs
index b44bdfe6cd..1c8c0ecefc 100644
--- a/apps/labrinth/src/background_task.rs
+++ b/apps/labrinth/src/background_task.rs
@@ -1,9 +1,11 @@
 use crate::database;
 use crate::database::PgPool;
 use crate::database::redis::RedisPool;
+use crate::file_hosting::FileHost;
 use crate::queue::analytics::cache::cache_analytics;
 use crate::queue::billing::{index_billing, index_subscriptions};
 use crate::queue::email::EmailQueue;
+use crate::queue::file_scan::scan_all_files;
 use crate::queue::payouts::{
     PayoutsQueue, index_payouts_notifications,
     insert_bank_balances_and_webhook, process_affiliate_payouts,
@@ -34,6 +36,10 @@ pub enum BackgroundTask {
     /// Attempts to ping Minecraft Java servers as if we were a client, to
     /// collect info on if they're online, game version, description, etc.
     PingMinecraftJavaServers,
+    /// Finds files of versions which have not been scanned for attributions
+    /// yet, extracts them to find file overrides, and finds any overrides which
+    /// require attribution from the creator.
+    ScanFiles,
 }
 
 impl BackgroundTask {
@@ -44,6 +50,7 @@ impl BackgroundTask {
         ro_pool: PgPool,
         redis_pool: RedisPool,
         search_backend: web::Data<dyn SearchBackend>,
+        file_host: web::Data<dyn FileHost>,
         clickhouse: clickhouse::Client,
         stripe_client: stripe::Client,
         anrok_client: anrok::Client,
@@ -90,6 +97,7 @@ impl BackgroundTask {
             PingMinecraftJavaServers => {
                 ping_minecraft_java_servers(pool, redis_pool, clickhouse).await
             }
+            ScanFiles => scan_all_files(&pool, &redis_pool, &**file_host).await,
         }
     }
 }
diff --git a/apps/labrinth/src/database/models/ids.rs b/apps/labrinth/src/database/models/ids.rs
index 1ebb09b27d..b6334fad88 100644
--- a/apps/labrinth/src/database/models/ids.rs
+++ b/apps/labrinth/src/database/models/ids.rs
@@ -1,7 +1,8 @@
 use super::DatabaseError;
 use crate::database::PgTransaction;
 use crate::models::ids::{
-    AffiliateCodeId, AnalyticsEventId, CampaignDonationId, ChargeId,
+    AffiliateCodeId, AnalyticsEventId, AttributionGroupId, CampaignDonationId,
+    ChargeId,
     CollectionId, FileId, ImageId, NotificationId, OAuthAccessTokenId,
     OAuthClientAuthorizationId, OAuthClientId, OAuthRedirectUriId,
     OrganizationId, PatId, PayoutId, ProductId, ProductPriceId, ProjectId,
@@ -172,6 +173,10 @@ db_id_interface!(
     CollectionId,
     generator: generate_collection_id @ "collections",
 );
+db_id_interface!(
+    AttributionGroupId,
+    generator: generate_attribution_group_id @ "project_attribution_groups",
+);
 db_id_interface!(
     FileId,
     generator: generate_file_id @ "files",
diff --git a/apps/labrinth/src/database/models/notification_item.rs b/apps/labrinth/src/database/models/notification_item.rs
index c25858ef29..5ad8c897b4 100644
--- a/apps/labrinth/src/database/models/notification_item.rs
+++ b/apps/labrinth/src/database/models/notification_item.rs
@@ -129,12 +129,11 @@ impl NotificationBuilder {
         Ok(())
     }
 
-    pub async fn insert_many(
+    async fn insert_many_records(
         &self,
-        users: Vec<DBUserId>,
+        users: &[DBUserId],
         transaction: &mut PgTransaction<'_>,
-        redis: &RedisPool,
-    ) -> Result<(), DatabaseError> {
+    ) -> Result<Vec<i64>, DatabaseError> {
         let notification_ids =
             generate_many_notification_ids(users.len(), &mut *transaction)
                 .await?;
@@ -163,6 +162,20 @@ impl NotificationBuilder {
         .execute(&mut *transaction)
         .await?;
 
+        Ok(notification_ids)
+    }
+
+    pub async fn insert_many(
+        &self,
+        users: Vec<DBUserId>,
+        transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+    ) -> Result<(), DatabaseError> {
+        let notification_ids =
+            self.insert_many_records(&users, transaction).await?;
+
+        let users_raw_ids = users.iter().map(|x| x.0).collect::<Vec<_>>();
+
         let notification_types = notification_ids
             .iter()
             .map(|_| self.body.notification_type().as_str())
@@ -181,6 +194,19 @@ impl NotificationBuilder {
         Ok(())
     }
 
+    /// Like [`insert_many`], but skips queuing deliveries so the caller can
+    /// manually send the notifications.
+    pub async fn insert_many_without_delivery(
+        &self,
+        users: Vec<DBUserId>,
+        transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+    ) -> Result<(), DatabaseError> {
+        self.insert_many_records(&users, transaction).await?;
+        DBNotification::clear_user_notifications_cache(&users, redis).await?;
+        Ok(())
+    }
+
     pub async fn insert_many_deliveries(
         transaction: &mut PgTransaction<'_>,
         redis: &RedisPool,
@@ -571,6 +597,38 @@ impl DBNotification {
         Ok(Some(()))
     }
 
+    pub async fn remove_many_matching_body(
+        body_filter: &serde_json::Value,
+        users: &[DBUserId],
+        transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+    ) -> Result<usize, DatabaseError> {
+        let user_ids = users.iter().map(|x| x.0).collect::<Vec<i64>>();
+
+        let ids = sqlx::query!(
+            "
+            SELECT id
+            FROM notifications
+            WHERE body @> $1::jsonb
+              AND user_id = ANY($2::bigint[])
+            ",
+            body_filter,
+            &user_ids
+        )
+        .fetch(&mut *transaction)
+        .map_ok(|x| DBNotificationId(x.id))
+        .try_collect::<Vec<_>>()
+        .await?;
+
+        if ids.is_empty() {
+            return Ok(0);
+        }
+
+        Self::remove_many(&ids, transaction, redis).await?;
+
+        Ok(ids.len())
+    }
+
     pub async fn clear_user_notifications_cache(
         user_ids: impl IntoIterator<Item = &DBUserId>,
         redis: &RedisPool,
diff --git a/apps/labrinth/src/database/models/project_item.rs b/apps/labrinth/src/database/models/project_item.rs
index 904f799e62..9fa9091a9b 100644
--- a/apps/labrinth/src/database/models/project_item.rs
+++ b/apps/labrinth/src/database/models/project_item.rs
@@ -6,6 +6,7 @@ use super::{DBUser, ids::*};
 use crate::database::models::DatabaseError;
 use crate::database::redis::RedisPool;
 use crate::database::{PgTransaction, models};
+use crate::file_hosting::FileHost;
 use crate::models::exp;
 use crate::models::ids::ProjectId;
 use crate::models::projects::{
@@ -187,6 +188,8 @@ impl ProjectBuilder {
     pub async fn insert(
         self,
         transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+        file_host: &dyn FileHost,
         http: &reqwest::Client,
     ) -> Result<DBProjectId, DatabaseError> {
         let project_struct = DBProject {
@@ -235,7 +238,7 @@ impl ProjectBuilder {
 
         for mut version in self.initial_versions {
             version.project_id = self.project_id;
-            version.insert(&mut *transaction, http).await?;
+            version.insert(transaction, redis, file_host, http).await?;
         }
 
         LinkUrl::insert_many_projects(
diff --git a/apps/labrinth/src/database/models/version_item.rs b/apps/labrinth/src/database/models/version_item.rs
index 6ffaf90c7f..7f8458d211 100644
--- a/apps/labrinth/src/database/models/version_item.rs
+++ b/apps/labrinth/src/database/models/version_item.rs
@@ -6,8 +6,11 @@ use crate::database::models::loader_fields::{
     QueryLoaderField, QueryLoaderFieldEnumValue, QueryVersionField,
 };
 use crate::database::redis::RedisPool;
+use crate::file_hosting::FileHost;
 use crate::models::exp;
+
 use crate::models::projects::{FileType, VersionStatus};
+use crate::queue::file_scan::scan_file;
 use crate::routes::internal::delphi::DelphiRunParameters;
 use chrono::{DateTime, Utc};
 use dashmap::{DashMap, DashSet};
@@ -17,10 +20,31 @@ use serde::{Deserialize, Serialize};
 use std::cmp::Ordering;
 use std::collections::HashMap;
 use std::iter;
+use tracing::error;
 
 pub const VERSIONS_NAMESPACE: &str = "versions";
 const VERSION_FILES_NAMESPACE: &str = "versions_files";
 
+pub async fn cleanup_empty_attribution_groups(
+    transaction: &mut PgTransaction<'_>,
+) -> Result<(), DatabaseError> {
+    sqlx::query!(
+        "
+        DELETE FROM project_attribution_groups g
+        WHERE NOT EXISTS (
+            SELECT 1
+            FROM project_attribution_files paf
+            INNER JOIN override_file_sources ofs ON ofs.sha1 = paf.sha1
+            WHERE paf.group_id = g.id
+        )
+        ",
+    )
+    .execute(&mut *transaction)
+    .await?;
+
+    Ok(())
+}
+
 #[derive(Clone)]
 pub struct VersionBuilder {
     pub version_id: DBVersionId,
@@ -134,7 +158,10 @@ impl VersionFileBuilder {
     pub async fn insert(
         self,
         version_id: DBVersionId,
+        project_id: DBProjectId,
         transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+        file_host: &dyn FileHost,
         http: &reqwest::Client,
     ) -> Result<DBFileId, DatabaseError> {
         let file_id = generate_file_id(&mut *transaction).await?;
@@ -169,6 +196,16 @@ impl VersionFileBuilder {
             .await?;
         }
 
+        sqlx::query!(
+            "
+            INSERT INTO file_scans (file_id)
+            VALUES ($1)
+            ",
+            file_id as DBFileId,
+        )
+        .execute(&mut *transaction)
+        .await?;
+
         if let Err(err) = crate::routes::internal::delphi::run(
             &mut *transaction,
             DelphiRunParameters {
@@ -178,7 +215,20 @@ impl VersionFileBuilder {
         )
         .await
         {
-            tracing::error!("Error submitting new file to Delphi: {err}");
+            error!("Error submitting new file to Delphi: {err:?}");
+        }
+
+        if let Err(err) = scan_file(
+            &mut *transaction,
+            redis,
+            file_host,
+            project_id,
+            file_id,
+            &self.url,
+        )
+        .await
+        {
+            error!("Error scanning new file {file_id:?}: {err:?}");
         }
 
         Ok(file_id)
@@ -195,6 +245,8 @@ impl VersionBuilder {
     pub async fn insert(
         self,
         transaction: &mut PgTransaction<'_>,
+        redis: &RedisPool,
+        file_host: &dyn FileHost,
         http: &reqwest::Client,
     ) -> Result<DBVersionId, DatabaseError> {
         let version = DBVersion {
@@ -236,7 +288,15 @@ impl VersionBuilder {
         } = self;
 
         for file in files {
-            file.insert(version_id, transaction, http).await?;
+            file.insert(
+                version_id,
+                self.project_id,
+                transaction,
+                redis,
+                file_host,
+                http,
+            )
+            .await?;
         }
 
         DependencyBuilder::insert_many(
@@ -426,6 +486,8 @@ impl DBVersion {
         .execute(&mut *transaction)
         .await?;
 
+        cleanup_empty_attribution_groups(transaction).await?;
+
         // Sync dependencies
 
         let project_id = sqlx::query!(
@@ -862,14 +924,14 @@ impl DBVersion {
             })
     }
 
-    pub async fn get_files_from_hash<'a, 'b, E>(
+    pub async fn get_files_from_hash<'a, E>(
         algorithm: String,
         hashes: &[String],
         executor: E,
         redis: &RedisPool,
     ) -> Result<Vec<DBFile>, DatabaseError>
     where
-        E: crate::database::Executor<'a, Database = sqlx::Postgres> + Copy,
+        E: crate::database::Executor<'a, Database = sqlx::Postgres>,
     {
         let val = redis.get_cached_keys(
             VERSION_FILES_NAMESPACE,
diff --git a/apps/labrinth/src/file_hosting/mock.rs b/apps/labrinth/src/file_hosting/mock.rs
index 3e414bd393..8f18da5334 100644
--- a/apps/labrinth/src/file_hosting/mock.rs
+++ b/apps/labrinth/src/file_hosting/mock.rs
@@ -29,9 +29,7 @@ impl FileHost for MockHost {
         file_publicity: FileHostPublicity,
         file_bytes: Bytes,
     ) -> Result<UploadFileData, FileHostingError> {
-        let file_name = urlencoding::decode(file_name)
-            .map_err(|_| FileHostingError::InvalidFilename)?;
-        let path = get_file_path(&file_name, file_publicity);
+        let path = get_file_path(file_name, file_publicity);
         std::fs::create_dir_all(
             path.parent().ok_or(FileHostingError::InvalidFilename)?,
         )?;
@@ -72,6 +70,16 @@ impl FileHost for MockHost {
             file_name: file_name.to_string(),
         })
     }
+
+    async fn read_file(
+        &self,
+        file_name: &str,
+        file_publicity: FileHostPublicity,
+    ) -> Result<Bytes, FileHostingError> {
+        let path = get_file_path(file_name, file_publicity);
+        let data = std::fs::read(&path)?;
+        Ok(Bytes::from(data))
+    }
 }
 
 fn get_file_path(
diff --git a/apps/labrinth/src/file_hosting/mod.rs b/apps/labrinth/src/file_hosting/mod.rs
index 667f4cb21e..29fd25d8cf 100644
--- a/apps/labrinth/src/file_hosting/mod.rs
+++ b/apps/labrinth/src/file_hosting/mod.rs
@@ -45,7 +45,11 @@ pub enum FileHostPublicity {
 }
 
 #[async_trait]
-pub trait FileHost {
+pub trait FileHost: Send + Sync {
+    /// Uploads a file at the exact storage key provided.
+    ///
+    /// Callers must URL-decode keys derived from public URLs before passing
+    /// them here, and URL-encode this key before exposing it in a public URL.
     async fn upload_file(
         &self,
         content_type: &str,
@@ -54,17 +58,35 @@ pub trait FileHost {
         file_bytes: Bytes,
     ) -> Result<UploadFileData, FileHostingError>;
 
+    /// Returns a private URL for the exact storage key provided.
+    ///
+    /// Callers must URL-decode keys derived from public URLs before passing
+    /// them here.
     async fn get_url_for_private_file(
         &self,
         file_name: &str,
         expiry_secs: u32,
     ) -> Result<String, FileHostingError>;
 
+    /// Deletes the file at the exact storage key provided.
+    ///
+    /// Callers must URL-decode keys derived from public URLs before passing
+    /// them here.
     async fn delete_file(
         &self,
         file_name: &str,
         file_publicity: FileHostPublicity,
     ) -> Result<DeleteFileData, FileHostingError>;
+
+    /// Reads the file at the exact storage key provided.
+    ///
+    /// Callers must URL-decode keys derived from public URLs before passing
+    /// them here.
+    async fn read_file(
+        &self,
+        file_name: &str,
+        file_publicity: FileHostPublicity,
+    ) -> Result<Bytes, FileHostingError>;
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
diff --git a/apps/labrinth/src/file_hosting/s3_host.rs b/apps/labrinth/src/file_hosting/s3_host.rs
index 56bd0ef45c..558e4d5086 100644
--- a/apps/labrinth/src/file_hosting/s3_host.rs
+++ b/apps/labrinth/src/file_hosting/s3_host.rs
@@ -169,4 +169,28 @@ impl FileHost for S3Host {
             file_name: file_name.to_string(),
         })
     }
+
+    async fn read_file(
+        &self,
+        file_name: &str,
+        file_publicity: FileHostPublicity,
+    ) -> Result<Bytes, FileHostingError> {
+        let bucket = self.get_bucket(file_publicity);
+
+        let response = bucket
+            .client
+            .get_object()
+            .bucket(bucket.name.as_str())
+            .key(file_name)
+            .send()
+            .await
+            .map_err(|e| s3_error("reading file", e))?;
+
+        Ok(response
+            .body
+            .collect()
+            .await
+            .map_err(|e| s3_error("reading file body", e))?
+            .into_bytes())
+    }
 }
diff --git a/apps/labrinth/src/lib.rs b/apps/labrinth/src/lib.rs
index a97ec86bdc..d9ed7c370f 100644
--- a/apps/labrinth/src/lib.rs
+++ b/apps/labrinth/src/lib.rs
@@ -58,7 +58,7 @@ pub struct LabrinthConfig {
     pub ro_pool: ReadOnlyPgPool,
     pub redis_pool: RedisPool,
     pub clickhouse: Client,
-    pub file_host: Arc<dyn file_hosting::FileHost + Send + Sync>,
+    pub file_host: web::Data<dyn file_hosting::FileHost>,
     pub scheduler: Arc<scheduler::Scheduler>,
     pub ip_salt: Pepper,
     pub search_backend: web::Data<dyn search::SearchBackend>,
@@ -84,7 +84,7 @@ pub fn app_setup(
     redis_pool: RedisPool,
     search_backend: actix_web::web::Data<dyn search::SearchBackend>,
     clickhouse: &mut Client,
-    file_host: Arc<dyn file_hosting::FileHost + Send + Sync>,
+    file_host: web::Data<dyn file_hosting::FileHost>,
     stripe_client: stripe::Client,
     anrok_client: anrok::Client,
     email_queue: EmailQueue,
@@ -344,7 +344,7 @@ pub fn app_config(
     .app_data(web::Data::new(labrinth_config.redis_pool.clone()))
     .app_data(web::Data::new(labrinth_config.pool.clone()))
     .app_data(web::Data::new(labrinth_config.ro_pool.clone()))
-    .app_data(web::Data::new(labrinth_config.file_host.clone()))
+    .app_data(labrinth_config.file_host.clone())
     .app_data(labrinth_config.search_backend.clone())
     .app_data(web::Data::new(labrinth_config.gotenberg_client.clone()))
     .app_data(labrinth_config.http_client.clone())
diff --git a/apps/labrinth/src/main.rs b/apps/labrinth/src/main.rs
index f24a2fb79d..feba395e1a 100644
--- a/apps/labrinth/src/main.rs
+++ b/apps/labrinth/src/main.rs
@@ -2,14 +2,14 @@
 
 use actix_web::dev::Service;
 use actix_web::middleware::from_fn;
-use actix_web::{App, HttpServer};
+use actix_web::{App, HttpServer, web};
 use actix_web_prom::PrometheusMetricsBuilder;
 use clap::Parser;
 
 use labrinth::background_task::BackgroundTask;
 use labrinth::database::redis::RedisPool;
 use labrinth::env::ENV;
-use labrinth::file_hosting::{FileHostKind, S3BucketConfig, S3Host};
+use labrinth::file_hosting::{FileHost, FileHostKind, S3BucketConfig, S3Host};
 use labrinth::queue::email::EmailQueue;
 use labrinth::search;
 use labrinth::util::anrok;
@@ -111,44 +111,38 @@ async fn app() -> std::io::Result<()> {
     let redis_pool = RedisPool::new("");
 
     let storage_backend = ENV.STORAGE_BACKEND;
-    let file_host: Arc<dyn file_hosting::FileHost + Send + Sync> =
-        match storage_backend {
-            FileHostKind::S3 => {
-                let not_empty = |v: &str| -> String {
-                    assert!(!v.is_empty(), "S3 env var is empty");
-                    v.to_string()
-                };
-
-                Arc::new(
-                    S3Host::new(
-                        S3BucketConfig {
-                            name: not_empty(&ENV.S3_PUBLIC_BUCKET_NAME),
-                            uses_path_style: ENV
-                                .S3_PUBLIC_USES_PATH_STYLE_BUCKET,
-                            region: not_empty(&ENV.S3_PUBLIC_REGION),
-                            url: not_empty(&ENV.S3_PUBLIC_URL),
-                            access_token: not_empty(
-                                &ENV.S3_PUBLIC_ACCESS_TOKEN,
-                            ),
-                            secret: not_empty(&ENV.S3_PUBLIC_SECRET),
-                        },
-                        S3BucketConfig {
-                            name: not_empty(&ENV.S3_PRIVATE_BUCKET_NAME),
-                            uses_path_style: ENV
-                                .S3_PRIVATE_USES_PATH_STYLE_BUCKET,
-                            region: not_empty(&ENV.S3_PRIVATE_REGION),
-                            url: not_empty(&ENV.S3_PRIVATE_URL),
-                            access_token: not_empty(
-                                &ENV.S3_PRIVATE_ACCESS_TOKEN,
-                            ),
-                            secret: not_empty(&ENV.S3_PRIVATE_SECRET),
-                        },
-                    )
-                    .unwrap(),
+    let file_host: Arc<dyn FileHost> = match storage_backend {
+        FileHostKind::S3 => {
+            let not_empty = |v: &str| -> String {
+                assert!(!v.is_empty(), "S3 env var is empty");
+                v.to_string()
+            };
+
+            Arc::new(
+                S3Host::new(
+                    S3BucketConfig {
+                        name: not_empty(&ENV.S3_PUBLIC_BUCKET_NAME),
+                        uses_path_style: ENV.S3_PUBLIC_USES_PATH_STYLE_BUCKET,
+                        region: not_empty(&ENV.S3_PUBLIC_REGION),
+                        url: not_empty(&ENV.S3_PUBLIC_URL),
+                        access_token: not_empty(&ENV.S3_PUBLIC_ACCESS_TOKEN),
+                        secret: not_empty(&ENV.S3_PUBLIC_SECRET),
+                    },
+                    S3BucketConfig {
+                        name: not_empty(&ENV.S3_PRIVATE_BUCKET_NAME),
+                        uses_path_style: ENV.S3_PRIVATE_USES_PATH_STYLE_BUCKET,
+                        region: not_empty(&ENV.S3_PRIVATE_REGION),
+                        url: not_empty(&ENV.S3_PRIVATE_URL),
+                        access_token: not_empty(&ENV.S3_PRIVATE_ACCESS_TOKEN),
+                        secret: not_empty(&ENV.S3_PRIVATE_SECRET),
+                    },
                 )
-            }
-            FileHostKind::Local => Arc::new(file_hosting::MockHost::new()),
-        };
+                .unwrap(),
+            )
+        }
+        FileHostKind::Local => Arc::new(file_hosting::MockHost::new()),
+    };
+    let file_host = web::Data::<dyn FileHost>::from(file_host);
 
     info!("Initializing clickhouse connection");
     let mut clickhouse = clickhouse::init_client().await.unwrap();
@@ -174,6 +168,7 @@ async fn app() -> std::io::Result<()> {
             ro_pool.into_inner(),
             redis_pool,
             search_backend,
+            file_host,
             clickhouse,
             stripe_client,
             anrok_client.clone(),
diff --git a/apps/labrinth/src/models/v2/notifications.rs b/apps/labrinth/src/models/v2/notifications.rs
index 66252e5dbb..0f88942394 100644
--- a/apps/labrinth/src/models/v2/notifications.rs
+++ b/apps/labrinth/src/models/v2/notifications.rs
@@ -11,6 +11,7 @@ use crate::models::{
 use ariadne::ids::UserId;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
+use uuid::Uuid;
 
 #[derive(Serialize, Deserialize)]
 pub struct LegacyNotification {
@@ -66,6 +67,12 @@ pub enum LegacyNotificationBody {
         team_id: TeamId,
         role: String,
     },
+    ServerInvite {
+        server_id: Uuid,
+        server_name: String,
+        invited_by: UserId,
+        role: String,
+    },
     StatusChange {
         project_id: ProjectId,
         old_status: ProjectStatus,
@@ -166,6 +173,9 @@ impl LegacyNotification {
             NotificationBody::OrganizationInvite { .. } => {
                 Some("organization_invite".to_string())
             }
+            NotificationBody::ServerInvite { .. } => {
+                Some("server_invite".to_string())
+            }
             NotificationBody::StatusChange { .. } => {
                 Some("status_change".to_string())
             }
@@ -269,6 +279,17 @@ impl LegacyNotification {
                 team_id,
                 role,
             },
+            NotificationBody::ServerInvite {
+                server_id,
+                server_name,
+                invited_by,
+                role,
+            } => LegacyNotificationBody::ServerInvite {
+                server_id,
+                server_name,
+                invited_by,
+                role,
+            },
             NotificationBody::StatusChange {
                 project_id,
                 old_status,
diff --git a/apps/labrinth/src/models/v3/ids.rs b/apps/labrinth/src/models/v3/ids.rs
index d7919fe681..5d23815f4f 100644
--- a/apps/labrinth/src/models/v3/ids.rs
+++ b/apps/labrinth/src/models/v3/ids.rs
@@ -1,5 +1,6 @@
 use ariadne::ids::base62_id;
 
+base62_id!(AttributionGroupId);
 base62_id!(ChargeId);
 base62_id!(CampaignDonationId);
 base62_id!(CollectionId);
diff --git a/apps/labrinth/src/models/v3/notifications.rs b/apps/labrinth/src/models/v3/notifications.rs
index dc9ea448a6..30a32ffc44 100644
--- a/apps/labrinth/src/models/v3/notifications.rs
+++ b/apps/labrinth/src/models/v3/notifications.rs
@@ -12,6 +12,7 @@ use crate::routes::ApiError;
 use ariadne::ids::UserId;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
+use uuid::Uuid;
 
 #[derive(Serialize, Deserialize)]
 pub struct Notification {
@@ -34,6 +35,7 @@ pub enum NotificationType {
     ProjectUpdate,
     TeamInvite,
     OrganizationInvite,
+    ServerInvite,
     StatusChange,
     ModeratorMessage,
     LegacyMarkdown,
@@ -67,6 +69,7 @@ impl NotificationType {
             NotificationType::ProjectUpdate => "project_update",
             NotificationType::TeamInvite => "team_invite",
             NotificationType::OrganizationInvite => "organization_invite",
+            NotificationType::ServerInvite => "server_invite",
             NotificationType::StatusChange => "status_change",
             NotificationType::ModeratorMessage => "moderator_message",
             NotificationType::LegacyMarkdown => "legacy_markdown",
@@ -104,6 +107,7 @@ impl NotificationType {
             "project_update" => NotificationType::ProjectUpdate,
             "team_invite" => NotificationType::TeamInvite,
             "organization_invite" => NotificationType::OrganizationInvite,
+            "server_invite" => NotificationType::ServerInvite,
             "status_change" => NotificationType::StatusChange,
             "moderator_message" => NotificationType::ModeratorMessage,
             "legacy_markdown" => NotificationType::LegacyMarkdown,
@@ -156,6 +160,12 @@ pub enum NotificationBody {
         team_id: TeamId,
         role: String,
     },
+    ServerInvite {
+        server_id: Uuid,
+        server_name: String,
+        invited_by: UserId,
+        role: String,
+    },
     StatusChange {
         project_id: ProjectId,
         old_status: ProjectStatus,
@@ -267,6 +277,9 @@ impl NotificationBody {
             NotificationBody::OrganizationInvite { .. } => {
                 NotificationType::OrganizationInvite
             }
+            NotificationBody::ServerInvite { .. } => {
+                NotificationType::ServerInvite
+            }
             NotificationBody::StatusChange { .. } => {
                 NotificationType::StatusChange
             }
@@ -418,6 +431,34 @@ impl From<DBNotification> for Notification {
                         },
                     ],
                 ),
+                NotificationBody::ServerInvite {
+                    server_id: _,
+                    server_name,
+                    role,
+                    ..
+                } => (
+                    "You have been invited to join a server!".to_string(),
+                    format!(
+                        "An invite has been sent for you to be {role} of {server_name}"
+                    ),
+                    "#".to_string(),
+                    vec![
+                        NotificationAction {
+                            name: "Accept".to_string(),
+                            action_route: (
+                                "POST".to_string(),
+                                format!(""),
+                            ),
+                        },
+                        NotificationAction {
+                            name: "Deny".to_string(),
+                            action_route: (
+                                "POST".to_string(),
+                                format!(""),
+                            ),
+                        },
+                    ],
+                ),
                 NotificationBody::StatusChange {
                     old_status,
                     new_status,
diff --git a/apps/labrinth/src/models/v3/projects.rs b/apps/labrinth/src/models/v3/projects.rs
index 92abe3fddb..37df786b9c 100644
--- a/apps/labrinth/src/models/v3/projects.rs
+++ b/apps/labrinth/src/models/v3/projects.rs
@@ -12,6 +12,7 @@ use ariadne::ids::UserId;
 use chrono::{DateTime, Utc};
 use itertools::Itertools;
 use serde::{Deserialize, Serialize};
+use url::Url;
 use validator::Validate;
 
 /// A project returned from the API
@@ -645,6 +646,80 @@ impl SideTypesMigrationReviewStatus {
     }
 }
 
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+pub struct MissingAttributionFile {
+    pub id: FileId,
+    pub override_source: Option<OverrideSource>,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+#[serde(tag = "type", rename_all = "snake_case")]
+pub enum OverrideSource {
+    Flame {
+        id: u32,
+        title: String,
+        url: String,
+        icon_url: String,
+    },
+    Unknown,
+}
+
+#[derive(
+    Debug, Serialize, Deserialize, Clone, PartialEq, Eq, utoipa::ToSchema,
+)]
+#[serde(untagged)]
+pub enum AttributionLicense {
+    Spdx(String),
+    Custom { name: String },
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+#[serde(tag = "kind", rename_all = "snake_case")]
+pub enum AttributionResolutionKind {
+    License {
+        license: AttributionLicense,
+        link_to_work: Url,
+    },
+    GloballyAllowed {
+        link_to_work: Url,
+    },
+    MyProject {
+        license: AttributionLicense,
+    },
+    SpecialPermissions {
+        link_to_work: Url,
+    },
+    NoPermission {
+        link_to_work: Option<Url>,
+    },
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+#[serde(tag = "kind", rename_all = "snake_case")]
+pub enum AttributionModerationStatusKind {
+    NotAllowed,
+    Approved,
+    BadProof,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+pub struct AttributionModerationStatus {
+    #[serde(flatten)]
+    pub kind: AttributionModerationStatusKind,
+    #[serde(default)]
+    pub reason: String,
+}
+
+#[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
+pub struct AttributionResolution {
+    #[serde(flatten)]
+    pub kind: AttributionResolutionKind,
+    #[serde(default)]
+    pub moderation_status: Option<AttributionModerationStatus>,
+    pub notes: String,
+    pub image_urls: Vec<Url>,
+}
+
 /// A specific version of a project
 #[derive(Debug, Serialize, Deserialize, Clone, utoipa::ToSchema)]
 pub struct Version {
@@ -681,6 +756,9 @@ pub struct Version {
 
     /// A list of files available for download for this version.
     pub files: Vec<VersionFile>,
+    /// Files in this version that contain override files not yet attributed.
+    #[serde(skip_serializing_if = "Vec::is_empty")]
+    pub files_missing_attribution: Vec<MissingAttributionFile>,
     /// A list of projects that this version depends on.
     pub dependencies: Vec<Dependency>,
 
@@ -757,6 +835,7 @@ impl From<VersionQueryResult> for Version {
                     dependency_type: DependencyType::from_string(
                         d.dependency_type.as_str(),
                     ),
+                    attribution: None,
                 })
                 .collect(),
             loaders: data.loaders.into_iter().map(Loader).collect(),
@@ -768,6 +847,7 @@ impl From<VersionQueryResult> for Version {
                 .map(|vf| (vf.field_name, vf.value.serialize_internal()))
                 .collect(),
             components: data.components,
+            files_missing_attribution: Vec::new(),
         }
     }
 }
@@ -899,6 +979,20 @@ pub struct Dependency {
     pub file_name: Option<String>,
     /// The type of the dependency
     pub dependency_type: DependencyType,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub attribution: Option<DependencyAttribution>,
+}
+
+#[derive(
+    Serialize, Deserialize, Clone, Debug, PartialEq, Eq, utoipa::ToSchema,
+)]
+pub struct DependencyAttribution {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub link: Option<Url>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub icon_url: Option<Url>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub license: Option<AttributionLicense>,
 }
 
 #[derive(
diff --git a/apps/labrinth/src/queue/email/templates.rs b/apps/labrinth/src/queue/email/templates.rs
index e1d3b97d0c..5638947da5 100644
--- a/apps/labrinth/src/queue/email/templates.rs
+++ b/apps/labrinth/src/queue/email/templates.rs
@@ -61,6 +61,10 @@ const ORGINVITE_INVITER_NAME: &str = "organizationinvite.inviter.name";
 const ORGINVITE_ORG_NAME: &str = "organizationinvite.organization.name";
 const ORGINVITE_ROLE_NAME: &str = "organizationinvite.role.name";
 
+const SERVERINVITE_INVITER_NAME: &str = "inviter.name";
+const SERVERINVITE_SERVER_NAME: &str = "server.name";
+const SERVERINVITE_ROLE_NAME: &str = "server.role";
+
 const STATUSCHANGE_PROJECT_NAME: &str = "statuschange.project.name";
 const STATUSCHANGE_OLD_STATUS: &str = "statuschange.old.status";
 const STATUSCHANGE_NEW_STATUS: &str = "statuschange.new.status";
@@ -735,6 +739,27 @@ async fn collect_template_variables(
             title: title.to_string(),
         }),
 
+        NotificationBody::ServerInvite {
+            server_name,
+            invited_by,
+            role,
+            ..
+        } => {
+            let inviter = DBUser::get_id(
+                DBUserId(invited_by.0 as i64),
+                &mut *exec,
+                redis,
+            )
+            .await?
+            .ok_or_else(|| DatabaseError::Database(sqlx::Error::RowNotFound))?;
+
+            map.insert(SERVERINVITE_INVITER_NAME, inviter.username);
+            map.insert(SERVERINVITE_SERVER_NAME, server_name.clone());
+            map.insert(SERVERINVITE_ROLE_NAME, role.clone());
+
+            Ok(EmailTemplate::Static(map))
+        }
+
         NotificationBody::ProjectUpdate { .. }
         | NotificationBody::ModeratorMessage { .. }
         | NotificationBody::LegacyMarkdown { .. }
diff --git a/apps/labrinth/src/queue/file_scan.rs b/apps/labrinth/src/queue/file_scan.rs
new file mode 100644
index 0000000000..2e2611c529
--- /dev/null
+++ b/apps/labrinth/src/queue/file_scan.rs
@@ -0,0 +1,1025 @@
+use std::collections::HashMap;
+use std::io::{Cursor, Read};
+
+use chrono::Utc;
+use eyre::{Result, eyre};
+use hex::ToHex;
+use sha1::Digest;
+use tokio::task::spawn_blocking;
+use tracing::{Instrument, info, info_span, warn};
+use zip::ZipArchive;
+
+use crate::database::models::ids::{
+    DBAttributionGroupId, DBProjectId, DBVersionId,
+    generate_attribution_group_id,
+};
+use crate::database::models::moderation_external_item::ExternalLicense;
+use crate::database::models::{DBFileId, DBUserId, DBVersion};
+use crate::database::{PgPool, PgTransaction, redis::RedisPool};
+use crate::env::ENV;
+use crate::file_hosting::{FileHost, FileHostPublicity};
+use crate::models::ids::FileId;
+use crate::models::projects::{
+    AttributionResolution, AttributionResolutionKind,
+};
+use crate::queue::moderation::{
+    ApprovalType, FingerprintResponse, FlameProject, FlameResponse,
+};
+use crate::routes::internal::attribution::FlameProject as AttributionFlameProject;
+use crate::util::error::Context;
+use crate::util::http::HTTP_CLIENT;
+
+/// Attribution enforcement is version-scoped, not file-hash-scoped.
+///
+/// Versions listed in `version_attribution_exemptions` are legacy public
+/// versions that predate this attribution system. They are not scanned for
+/// attribution requirements and must not cause missing-attribution withholding.
+/// A later non-exempt version can still contain the same override SHA1 and
+/// create attribution groups/files for that SHA1. Because of that, reverse
+/// lookups from override SHA1s to versions must go through the
+/// `attribution_enforced_versions` view so grandfathered versions are ignored
+/// without making the SHA1 itself exempt.
+pub async fn scan_all_files(
+    db: &PgPool,
+    redis: &RedisPool,
+    file_host: &dyn FileHost,
+) -> Result<()> {
+    let mut txn = db.begin().await.wrap_err("beginning transaction")?;
+
+    let files_to_scan = sqlx::query!(
+        r#"
+        select
+            fa.file_id as "file_id: DBFileId",
+            f.url,
+            v.mod_id as "project_id: DBProjectId"
+        from file_scans fa
+        inner join files f on f.id = fa.file_id
+        inner join versions v on v.id = f.version_id
+        where fa.attributions_scanned_at is null
+        "#
+    )
+    .fetch_all(&mut txn)
+    .await
+    .wrap_err("fetching files to scan")?;
+
+    info!("Found {} files to scan", files_to_scan.len());
+
+    let mut scanned_ids = Vec::new();
+
+    for row in files_to_scan {
+        let human_file_id = FileId::from(row.file_id);
+        let span = info_span!("scan", file_id = %human_file_id);
+        async {
+            info!("Scanning file");
+
+            let file_id = row.file_id;
+
+            let overrides = extract_override_files_from_storage(
+                file_host, file_id, &row.url,
+            )
+            .await
+            .wrap_err_with(|| {
+                eyre!("extracting overrides for file {file_id:?}")
+            })?;
+
+            if overrides.is_empty() {
+                info!("Found no overrides");
+            } else {
+                info!("Found {} overrides", overrides.len());
+
+                let resolved = resolve_overrides(&overrides, redis, &mut txn)
+                    .await
+                    .wrap_err_with(|| {
+                        eyre!("resolving overrides for file {file_id:?}")
+                    })?;
+                info!("Resolved: {resolved:#?}");
+
+                persist_attribution_results(
+                    row.project_id,
+                    file_id,
+                    &overrides,
+                    &resolved,
+                    &mut txn,
+                )
+                .await
+                .wrap_err_with(|| {
+                    eyre!("persisting attribution results for file {file_id:?}")
+                })?;
+            }
+
+            scanned_ids.push(file_id.0);
+            eyre::Ok(())
+        }
+        .instrument(span)
+        .await?;
+    }
+
+    if !scanned_ids.is_empty() {
+        let now = Utc::now();
+        sqlx::query!(
+            "
+            update file_scans
+            set attributions_scanned_at = now
+            from unnest($1::bigint[], $2::timestamptz[]) as u(id, now)
+            where file_scans.file_id = u.id
+            ",
+            &scanned_ids,
+            &vec![now; scanned_ids.len()],
+        )
+        .execute(&mut txn)
+        .await
+        .wrap_err("marking files as scanned")?;
+    }
+
+    info!("Marked {} files as scanned", scanned_ids.len());
+
+    txn.commit().await.wrap_err("committing transaction")?;
+
+    Ok(())
+}
+
+pub async fn scan_file(
+    txn: &mut PgTransaction<'_>,
+    redis: &RedisPool,
+    file_host: &dyn FileHost,
+    project_id: DBProjectId,
+    file_id: DBFileId,
+    file_url: &str,
+) -> Result<()> {
+    let overrides =
+        extract_override_files_from_storage(file_host, file_id, file_url)
+            .await
+            .wrap_err_with(|| {
+                eyre!("extracting overrides for file {file_id:?}")
+            })?;
+
+    if !overrides.is_empty() {
+        let resolved = resolve_overrides(&overrides, redis, txn)
+            .await
+            .wrap_err_with(|| {
+                eyre!("resolving overrides for file {file_id:?}")
+            })?;
+
+        persist_attribution_results(
+            project_id, file_id, &overrides, &resolved, txn,
+        )
+        .await
+        .wrap_err_with(|| {
+            eyre!("persisting attribution results for file {file_id:?}")
+        })?;
+    }
+
+    sqlx::query!(
+        "
+        insert into file_scans (file_id, attributions_scanned_at)
+        values ($1, now())
+        on conflict (file_id) do update set attributions_scanned_at = now()
+        ",
+        file_id.0,
+    )
+    .execute(&mut *txn)
+    .await
+    .wrap_err("marking file as scanned")?;
+
+    Ok(())
+}
+
+pub async fn scan_override_files(
+    file_host: &dyn FileHost,
+    file_id: DBFileId,
+    file_url: &str,
+) -> Result<Vec<OverrideFile>> {
+    extract_override_files_from_storage(file_host, file_id, file_url)
+        .await
+        .wrap_err_with(|| eyre!("extracting overrides for file {file_id:?}"))
+}
+
+async fn extract_override_files_from_storage(
+    file_host: &dyn FileHost,
+    file_id: DBFileId,
+    file_url: &str,
+) -> Result<Vec<OverrideFile>> {
+    let key = file_url
+        .strip_prefix(&ENV.CDN_URL)
+        .unwrap_or(file_url)
+        .trim_start_matches('/');
+    let key = urlencoding::decode(key).wrap_err("decoding file URL path")?;
+
+    let file_data = file_host
+        .read_file(&key, FileHostPublicity::Public)
+        .await
+        .wrap_err_with(|| {
+            eyre!("reading file {file_id:?} from storage at {key}")
+        })?;
+
+    spawn_blocking(move || extract_override_files(&file_data))
+        .await
+        .wrap_err("extracting override files")?
+        .wrap_err("extracting override files")
+}
+
+#[derive(Debug)]
+pub struct OverrideFile {
+    pub path: String,
+    pub sha1: String,
+    pub murmur2: u32,
+}
+
+#[derive(Debug)]
+pub enum OverrideResolution {
+    OnModrinth,
+    ExternalLicense {
+        id: i64,
+        status: ApprovalType,
+        link: Option<String>,
+        flame_project: Option<AttributionFlameProject>,
+    },
+    Flame(AttributionFlameProject),
+    Unknown,
+}
+
+const OVERRIDE_PREFIXES: &[&str] = &[
+    "overrides/mods",
+    "client-overrides/mods",
+    "server-overrides/mods",
+    "overrides/shaderpacks",
+    "client-overrides/shaderpacks",
+    "overrides/resourcepacks",
+    "client-overrides/resourcepacks",
+];
+
+fn extract_override_files(data: &[u8]) -> Result<Vec<OverrideFile>> {
+    let reader = Cursor::new(data);
+    let mut zip =
+        ZipArchive::new(reader).wrap_err("creating zip archive reader")?;
+
+    let mut files = Vec::new();
+
+    for i in 0..zip.len() {
+        let mut file = zip
+            .by_index(i)
+            .wrap_err_with(|| eyre!("reading file {i}"))?;
+        let name = file.name().to_string();
+
+        if file.is_dir() {
+            continue;
+        }
+
+        if !OVERRIDE_PREFIXES
+            .iter()
+            .any(|prefix| name.starts_with(prefix))
+        {
+            continue;
+        }
+
+        if name.matches('/').count() > 2
+            || name.ends_with(".txt")
+            || name.ends_with(".rpo")
+        {
+            continue;
+        }
+
+        let mut contents = Vec::new();
+        file.read_to_end(&mut contents)?;
+
+        let sha1 = sha1::Sha1::digest(&contents).encode_hex::<String>();
+        let murmur = hash_flame_murmur32(contents);
+
+        files.push(OverrideFile {
+            sha1,
+            murmur2: murmur,
+            path: name,
+        });
+    }
+
+    Ok(files)
+}
+
+async fn persist_attribution_results(
+    project_id: DBProjectId,
+    file_id: DBFileId,
+    overrides: &[OverrideFile],
+    resolved: &HashMap<String, OverrideResolution>,
+    txn: &mut PgTransaction<'_>,
+) -> Result<()> {
+    let all_sha1s: Vec<Vec<u8>> = overrides
+        .iter()
+        .map(|f| f.sha1.as_bytes().to_vec())
+        .collect();
+
+    let already_persisted: Vec<Vec<u8>> = sqlx::query_scalar!(
+        "
+        select paf.sha1 from project_attribution_files paf
+        inner join project_attribution_groups pag on pag.id = paf.group_id
+        where pag.project_id = $1 and paf.sha1 = ANY($2)
+        ",
+        project_id as DBProjectId,
+        &all_sha1s,
+    )
+    .fetch_all(&mut *txn)
+    .await
+    .wrap_err("checking existing attribution files")?;
+
+    let mut flame_groups: HashMap<
+        u32,
+        (Vec<&OverrideFile>, Option<&OverrideResolution>),
+    > = HashMap::new();
+    let mut external_license_files: Vec<(
+        &OverrideFile,
+        i64,
+        ApprovalType,
+        Option<String>,
+        Option<AttributionFlameProject>,
+    )> = Vec::new();
+    let mut unknown_files: Vec<&OverrideFile> = Vec::new();
+
+    for file in overrides {
+        if already_persisted
+            .iter()
+            .any(|s| s.as_slice() == file.sha1.as_bytes())
+        {
+            continue;
+        }
+
+        match resolved.get(&file.sha1) {
+            Some(OverrideResolution::OnModrinth) => continue,
+            Some(OverrideResolution::ExternalLicense {
+                id,
+                status,
+                link,
+                flame_project,
+            }) => {
+                external_license_files.push((
+                    file,
+                    *id,
+                    *status,
+                    link.clone(),
+                    flame_project.clone(),
+                ));
+            }
+            Some(res @ OverrideResolution::Flame(flame_project)) => {
+                let entry = flame_groups.entry(flame_project.id).or_default();
+                entry.0.push(file);
+                if entry.1.is_none() {
+                    entry.1 = Some(res);
+                }
+            }
+            Some(OverrideResolution::Unknown) | None => {
+                unknown_files.push(file);
+            }
+        }
+    }
+
+    let existing_flame_groups = sqlx::query!(
+        r#"
+        select id as "id: DBAttributionGroupId", flame_project
+        from project_attribution_groups
+        where project_id = $1 and flame_project is not null
+        "#,
+        project_id as DBProjectId,
+    )
+    .fetch_all(&mut *txn)
+    .await
+    .wrap_err("fetching existing flame attribution groups")?;
+
+    let mut existing_flame_group_ids = HashMap::new();
+    for group in existing_flame_groups {
+        if let Some(flame_project) = group.flame_project.and_then(|fp| {
+            serde_json::from_value::<AttributionFlameProject>(fp).ok()
+        }) {
+            existing_flame_group_ids.insert(flame_project.id, group.id);
+        }
+    }
+
+    for (file, external_license_id, status, link, flame_project) in
+        external_license_files
+    {
+        if let Some(group_id) = flame_project
+            .as_ref()
+            .and_then(|fp| existing_flame_group_ids.get(&fp.id))
+        {
+            sqlx::query!(
+                "
+                insert into project_attribution_files (group_id, name, sha1, moderation_external_license_id)
+                values ($1, $2, $3, $4)
+                ",
+                *group_id as DBAttributionGroupId,
+                &file.path,
+                &file.sha1.as_bytes().to_vec() as &[u8],
+                external_license_id,
+            )
+            .execute(&mut *txn)
+            .await
+            .wrap_err("inserting external license attribution file into existing flame group")?;
+
+            continue;
+        }
+
+        let attribution = default_external_license_attribution(status, link);
+        let flame_project =
+            flame_project.and_then(|fp| serde_json::to_value(fp).ok());
+        let group_id = generate_attribution_group_id(&mut *txn).await?;
+        sqlx::query!(
+			"
+            insert into project_attribution_groups (id, project_id, attribution, flame_project)
+            values ($1, $2, $3, $4)
+            ",
+			group_id as DBAttributionGroupId,
+			project_id as DBProjectId,
+			attribution,
+			flame_project,
+		)
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting external license attribution group")?;
+
+        sqlx::query!(
+            "
+            insert into project_attribution_files (group_id, name, sha1, moderation_external_license_id)
+            values ($1, $2, $3, $4)
+            ",
+            group_id as DBAttributionGroupId,
+            &file.path,
+            &file.sha1.as_bytes().to_vec() as &[u8],
+            external_license_id,
+        )
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting external license attribution file")?;
+    }
+
+    for (flame_project_id, (files, resolution)) in &flame_groups {
+        let group_id = if let Some(group_id) =
+            existing_flame_group_ids.get(flame_project_id)
+        {
+            *group_id
+        } else {
+            let fp = resolution
+                .and_then(|r| {
+                    if let OverrideResolution::Flame(flame_project) = r {
+                        Some(serde_json::to_value(flame_project).ok())
+                    } else {
+                        None
+                    }
+                })
+                .flatten();
+
+            let id = generate_attribution_group_id(&mut *txn).await?;
+            sqlx::query!(
+                "
+                insert into project_attribution_groups (id, project_id, flame_project)
+                values ($1, $2, $3)
+                ",
+                id as DBAttributionGroupId,
+                project_id as DBProjectId,
+                fp,
+            )
+            .execute(&mut *txn)
+            .await
+            .wrap_err("inserting attribution group")?;
+            existing_flame_group_ids.insert(*flame_project_id, id);
+            id
+        };
+
+        let names: Vec<String> = files.iter().map(|f| f.path.clone()).collect();
+        let sha1s: Vec<Vec<u8>> =
+            files.iter().map(|f| f.sha1.as_bytes().to_vec()).collect();
+
+        sqlx::query!(
+            "
+            insert into project_attribution_files (group_id, name, sha1)
+            select $1, unnest($2::text[]), unnest($3::bytea[])
+            ",
+            group_id as DBAttributionGroupId,
+            &names,
+            &sha1s,
+        )
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting attribution files")?;
+    }
+
+    for file in &unknown_files {
+        let group_id = generate_attribution_group_id(&mut *txn).await?;
+        sqlx::query!(
+            "
+            insert into project_attribution_groups (id, project_id)
+            values ($1, $2)
+            ",
+            group_id as DBAttributionGroupId,
+            project_id as DBProjectId,
+        )
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting unknown attribution group")?;
+
+        sqlx::query!(
+            "
+            insert into project_attribution_files (group_id, name, sha1)
+            values ($1, $2, $3)
+            ",
+            group_id as DBAttributionGroupId,
+            &file.path,
+            &file.sha1.as_bytes().to_vec() as &[u8],
+        )
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting unknown attribution file")?;
+    }
+
+    if !all_sha1s.is_empty() {
+        sqlx::query!(
+            "
+            insert into override_file_sources (sha1, file_id)
+            select unnest($1::bytea[]), $2
+            on conflict do nothing
+            ",
+            &all_sha1s,
+            file_id as DBFileId,
+        )
+        .execute(&mut *txn)
+        .await
+        .wrap_err("inserting override file sources")?;
+    }
+
+    Ok(())
+}
+
+fn default_external_license_attribution(
+    status: ApprovalType,
+    link: Option<String>,
+) -> Option<serde_json::Value> {
+    match status {
+        ApprovalType::Yes
+        | ApprovalType::WithAttributionAndSource
+        | ApprovalType::WithAttribution => link
+            .and_then(|link| url::Url::parse(&link).ok())
+            .and_then(|link_to_work| {
+                serde_json::to_value(AttributionResolution {
+                    kind: AttributionResolutionKind::GloballyAllowed {
+                        link_to_work,
+                    },
+                    moderation_status: None,
+                    notes: String::new(),
+                    image_urls: Vec::new(),
+                })
+                .ok()
+            }),
+        ApprovalType::No => {
+            let link_to_work =
+                link.and_then(|link| url::Url::parse(&link).ok());
+
+            serde_json::to_value(AttributionResolution {
+                kind: AttributionResolutionKind::NoPermission { link_to_work },
+                moderation_status: None,
+                notes: String::new(),
+                image_urls: Vec::new(),
+            })
+            .ok()
+        }
+        ApprovalType::PermanentNo | ApprovalType::Unidentified => None,
+    }
+}
+
+async fn resolve_overrides(
+    overrides: &[OverrideFile],
+    redis: &RedisPool,
+    txn: &mut PgTransaction<'_>,
+) -> Result<HashMap<String, OverrideResolution>> {
+    let mut results: HashMap<String, OverrideResolution> = HashMap::new();
+    let mut remaining: Vec<usize> = (0..overrides.len()).collect();
+
+    if overrides.is_empty() {
+        return Ok(results);
+    }
+
+    let hashes: Vec<String> =
+        overrides.iter().map(|x| x.sha1.clone()).collect();
+    let files = DBVersion::get_files_from_hash(
+        "sha1".to_string(),
+        &hashes,
+        &mut *txn,
+        redis,
+    )
+    .await
+    .wrap_err("fetching files on platform by hash")?;
+
+    let version_ids: Vec<_> = files.iter().map(|x| x.version_id).collect();
+    let versions_data = DBVersion::get_many(&version_ids, &mut *txn, redis)
+        .await
+        .wrap_err("fetching versions")?;
+
+    for file in &files {
+        if !versions_data.iter().any(|v| v.inner.id == file.version_id) {
+            continue;
+        }
+
+        if let Some(hash) = file.hashes.get("sha1")
+            && let Some(pos) =
+                remaining.iter().position(|i| overrides[*i].sha1 == *hash)
+        {
+            let idx = remaining.remove(pos);
+            results.insert(
+                overrides[idx].sha1.clone(),
+                OverrideResolution::OnModrinth,
+            );
+        }
+    }
+
+    if remaining.is_empty() {
+        return Ok(results);
+    }
+
+    let rows = sqlx::query!(
+		"
+        SELECT encode(mef.sha1, 'escape') sha1, mel.id, mel.status status, mel.link
+        FROM moderation_external_files mef
+        INNER JOIN moderation_external_licenses mel ON mef.external_license_id = mel.id
+        WHERE mef.sha1 = ANY($1)
+        ",
+        &remaining
+            .iter()
+            .map(|i| overrides[*i].sha1.as_bytes().to_vec())
+            .collect::<Vec<_>>()
+    )
+    .fetch_all(&mut *txn)
+	.await
+	.wrap_err("fetching external file licenses")?;
+
+    let mut direct_external_licenses = HashMap::new();
+    for row in rows {
+        if let Some(sha1) = row.sha1 {
+            direct_external_licenses.insert(
+                sha1,
+                (
+                    row.id,
+                    ApprovalType::from_string(&row.status)
+                        .unwrap_or(ApprovalType::Unidentified),
+                    row.link,
+                ),
+            );
+        }
+    }
+
+    let fingerprints: Vec<u32> =
+        remaining.iter().map(|i| overrides[*i].murmur2).collect();
+    let res = HTTP_CLIENT
+        .post(format!("{}/v1/fingerprints", ENV.FLAME_ANVIL_URL))
+        .json(&serde_json::json!({
+            "fingerprints": fingerprints
+        }))
+        .send()
+        .await;
+
+    if let Err(e) = &res {
+        warn!("Flame fingerprint request failed: {e}");
+    }
+
+    if let Ok(res) = res {
+        let body = res
+            .text()
+            .await
+            .wrap_err("reading Flame fingerprint response")?;
+
+        let flame_files: Vec<_> =
+            serde_json::from_str::<FlameResponse<FingerprintResponse>>(&body)
+                .ok()
+                .map(|x| {
+                    x.data
+                        .exact_matches
+                        .into_iter()
+                        .map(|m| m.file)
+                        .collect::<Vec<_>>()
+                })
+                .unwrap_or_default();
+
+        let mut flame_matches: Vec<(String, u32)> = Vec::new();
+        for flame_file in &flame_files {
+            if let Some(hash) = flame_file
+                .hashes
+                .iter()
+                .find(|x| x.algo == 1)
+                .map(|x| x.value.clone())
+            {
+                flame_matches.push((hash, flame_file.mod_id));
+            }
+        }
+
+        let project_license_rows = sqlx::query!(
+            "
+            SELECT mel.id, mel.flame_project_id, mel.status status, mel.link
+            FROM moderation_external_licenses mel
+            WHERE mel.flame_project_id = ANY($1)
+            ",
+            &flame_matches.iter().map(|x| x.1 as i32).collect::<Vec<_>>()
+        )
+        .fetch_all(&mut *txn)
+        .await
+        .wrap_err("fetching Flame project licenses")?;
+
+        let mut project_external_licenses = HashMap::new();
+        for row in project_license_rows {
+            if let Some(flame_project_id) = row.flame_project_id {
+                project_external_licenses.insert(
+                    flame_project_id as u32,
+                    (
+                        row.id,
+                        ApprovalType::from_string(&row.status)
+                            .unwrap_or(ApprovalType::Unidentified),
+                        row.link,
+                    ),
+                );
+            }
+        }
+
+        let flame_projects_res = HTTP_CLIENT
+            .post(format!("{}/v1/mods", ENV.FLAME_ANVIL_URL))
+            .json(&serde_json::json!({
+                "modIds": flame_matches.iter().map(|x| x.1).collect::<Vec<_>>()
+            }))
+            .send()
+            .await;
+
+        let flame_projects = match flame_projects_res {
+            Ok(res) => res
+                .text()
+                .await
+                .ok()
+                .and_then(|t| {
+                    serde_json::from_str::<FlameResponse<Vec<FlameProject>>>(&t)
+                        .ok()
+                })
+                .map(|x| x.data)
+                .unwrap_or_default(),
+            Err(e) => {
+                warn!("Flame projects request failed: {e}");
+                Vec::new()
+            }
+        };
+
+        let mut insert_hashes = Vec::new();
+        let mut insert_filenames = Vec::new();
+        let mut insert_ids = Vec::new();
+
+        for (sha1, flame_project_id) in &flame_matches {
+            if let Some(remaining_pos) =
+                remaining.iter().position(|i| overrides[*i].sha1 == *sha1)
+            {
+                let idx = remaining.remove(remaining_pos);
+                let project =
+                    flame_projects.iter().find(|p| p.id == *flame_project_id);
+                let flame_project = AttributionFlameProject {
+                    id: *flame_project_id,
+                    title: project.map(|p| p.name.clone()).unwrap_or_else(
+                        || format!("Flame project {flame_project_id}"),
+                    ),
+                    url: project
+                        .map(|p| p.links.website_url.clone())
+                        .unwrap_or_default(),
+                    icon_url: project
+                        .map(|p| p.logo.thumbnail_url.clone())
+                        .unwrap_or_default(),
+                };
+
+                if let Some((id, status, link)) =
+                    direct_external_licenses.remove(&overrides[idx].sha1)
+                {
+                    results.insert(
+                        overrides[idx].sha1.clone(),
+                        OverrideResolution::ExternalLicense {
+                            id,
+                            status,
+                            link,
+                            flame_project: Some(flame_project),
+                        },
+                    );
+                } else if let Some((id, status, link)) =
+                    project_external_licenses.get(flame_project_id)
+                {
+                    results.insert(
+                        overrides[idx].sha1.clone(),
+                        OverrideResolution::ExternalLicense {
+                            id: *id,
+                            status: *status,
+                            link: link.clone(),
+                            flame_project: Some(flame_project),
+                        },
+                    );
+
+                    insert_hashes.push(overrides[idx].sha1.as_bytes().to_vec());
+                    insert_filenames.push(Some(overrides[idx].path.clone()));
+                    insert_ids.push(*id);
+                } else {
+                    results.insert(
+                        overrides[idx].sha1.clone(),
+                        OverrideResolution::Flame(flame_project),
+                    );
+                }
+            }
+        }
+
+        if !insert_hashes.is_empty() {
+            ExternalLicense::insert_files(
+                &mut *txn,
+                &insert_hashes,
+                &insert_filenames,
+                &insert_ids,
+                DBUserId(0),
+            )
+            .await
+            .wrap_err("inserting external license files")?;
+        }
+    }
+
+    remaining.retain(|idx| {
+        if let Some((id, status, link)) =
+            direct_external_licenses.remove(&overrides[*idx].sha1)
+        {
+            results.insert(
+                overrides[*idx].sha1.clone(),
+                OverrideResolution::ExternalLicense {
+                    id,
+                    status,
+                    link,
+                    flame_project: None,
+                },
+            );
+            false
+        } else {
+            true
+        }
+    });
+
+    for idx in remaining {
+        results
+            .insert(overrides[idx].sha1.clone(), OverrideResolution::Unknown);
+    }
+
+    Ok(results)
+}
+
+fn hash_flame_murmur32(input: Vec<u8>) -> u32 {
+    murmur2::murmur2(
+        &input
+            .into_iter()
+            .filter(|x| *x != 9 && *x != 10 && *x != 13 && *x != 32)
+            .collect::<Vec<u8>>(),
+        1,
+    )
+}
+
+pub async fn get_files_missing_attribution<'a, E>(
+    exec: E,
+    version_ids: &[DBVersionId],
+) -> Result<
+    std::collections::HashMap<
+        DBVersionId,
+        Vec<(DBFileId, Option<AttributionFlameProject>)>,
+    >,
+>
+where
+    E: sqlx::Executor<'a, Database = sqlx::Postgres>,
+{
+    if version_ids.is_empty() {
+        return Ok(std::collections::HashMap::new());
+    }
+
+    let rows = sqlx::query!(
+        r#"
+        select distinct f.version_id as "version_id: DBVersionId", f.id as "file_id: DBFileId",
+            pag.flame_project
+        from files f
+        inner join attribution_enforced_versions aev on aev.id = f.version_id
+        inner join override_file_sources ofs on ofs.file_id = f.id
+        inner join project_attribution_files paf on paf.sha1 = ofs.sha1
+        inner join project_attribution_groups pag on pag.id = paf.group_id
+        where f.version_id = ANY($1)
+          and (
+            pag.attribution is null
+            or pag.attribution->>'kind' = 'no_permission'
+            or (
+              pag.attribution->'moderation_status' is not null
+              and pag.attribution->'moderation_status'->>'kind' != 'approved'
+            )
+          )
+        "#,
+        &version_ids.iter().map(|v| v.0).collect::<Vec<_>>(),
+    )
+    .fetch_all(exec)
+    .await
+    .wrap_err("fetching files missing attribution")?;
+
+    let mut result = std::collections::HashMap::new();
+    for row in rows {
+        let flame_project = row
+            .flame_project
+            .and_then(|v| serde_json::from_value(v).ok());
+        result
+            .entry(row.version_id)
+            .or_insert_with(Vec::new)
+            .push((row.file_id, flame_project));
+    }
+
+    Ok(result)
+}
+
+pub struct DependencyAttributionData {
+    pub link: Option<String>,
+    pub icon_url: Option<String>,
+    pub license: Option<serde_json::Value>,
+}
+
+pub async fn get_dependency_attributions<'a, E>(
+    exec: E,
+    version_ids: &[DBVersionId],
+) -> Result<HashMap<(DBVersionId, String), DependencyAttributionData>>
+where
+    E: sqlx::Executor<'a, Database = sqlx::Postgres>,
+{
+    if version_ids.is_empty() {
+        return Ok(HashMap::new());
+    }
+
+    let version_ids_vec: Vec<_> = version_ids.iter().map(|v| v.0).collect();
+
+    let rows = sqlx::query!(
+        r#"
+        select
+            d.dependent_id as "version_id: DBVersionId",
+            d.dependency_file_name as "file_name!",
+            pag.attribution,
+            pag.flame_project,
+            pag.project_id as "project_id: DBProjectId"
+        from dependencies d
+        inner join files f on f.version_id = d.dependent_id
+        inner join attribution_enforced_versions aev on aev.id = f.version_id
+        inner join override_file_sources ofs on ofs.file_id = f.id
+        inner join project_attribution_files paf on paf.sha1 = ofs.sha1
+        inner join project_attribution_groups pag on pag.id = paf.group_id
+        where d.dependent_id = ANY($1)
+          and d.dependency_file_name is not null
+          and pag.attribution is not null
+          and pag.attribution->>'kind' not in ('no_permission')
+          and (
+            pag.attribution->'moderation_status' is null
+            or pag.attribution->'moderation_status'->>'kind' = 'approved'
+          )
+          and split_part(paf.name, '/', -1) = d.dependency_file_name
+        "#,
+        &version_ids_vec,
+    )
+    .fetch_all(exec)
+    .await
+    .wrap_err("fetching dependency attributions")?;
+
+    let mut result = HashMap::new();
+    for row in rows {
+        let file_name = row.file_name;
+
+        let attribution: Option<AttributionResolution> =
+            row.attribution.and_then(|v| serde_json::from_value(v).ok());
+
+        let flame_project: Option<AttributionFlameProject> = row
+            .flame_project
+            .and_then(|v| serde_json::from_value(v).ok());
+
+        let link = attribution
+            .as_ref()
+            .and_then(|a| match &a.kind {
+                AttributionResolutionKind::License { link_to_work, .. } => {
+                    Some(link_to_work.to_string())
+                }
+                AttributionResolutionKind::GloballyAllowed { link_to_work } => {
+                    Some(link_to_work.to_string())
+                }
+                AttributionResolutionKind::SpecialPermissions {
+                    link_to_work,
+                } => Some(link_to_work.to_string()),
+                _ => None,
+            })
+            .or(flame_project.as_ref().map(|fp| fp.url.clone()));
+
+        let icon_url = flame_project.as_ref().map(|fp| fp.icon_url.clone());
+
+        let license = attribution
+            .as_ref()
+            .and_then(|a| match &a.kind {
+                AttributionResolutionKind::License { license, .. } => {
+                    Some(serde_json::to_value(license).ok())
+                }
+                _ => None,
+            })
+            .flatten();
+
+        result.insert(
+            (row.version_id, file_name),
+            DependencyAttributionData {
+                link,
+                icon_url,
+                license,
+            },
+        );
+    }
+
+    Ok(result)
+}
diff --git a/apps/labrinth/src/queue/mod.rs b/apps/labrinth/src/queue/mod.rs
index 666670dc0b..0d7dcb273b 100644
--- a/apps/labrinth/src/queue/mod.rs
+++ b/apps/labrinth/src/queue/mod.rs
@@ -1,6 +1,7 @@
 pub mod analytics;
 pub mod billing;
 pub mod email;
+pub mod file_scan;
 pub mod moderation;
 pub mod payouts;
 pub mod server_ping;
diff --git a/apps/labrinth/src/queue/moderation.rs b/apps/labrinth/src/queue/moderation.rs
index 7d852f4eb3..1914f80359 100644
--- a/apps/labrinth/src/queue/moderation.rs
+++ b/apps/labrinth/src/queue/moderation.rs
@@ -570,7 +570,7 @@ impl AutomatedModerationQueue {
                                             Vec::new()
                                         } else {
                                             let res = client
-                                                .post(format!("{}v1/mods", ENV.FLAME_ANVIL_URL))
+                                                .post(format!("{}/v1/mods", ENV.FLAME_ANVIL_URL))
                                             .json(&serde_json::json!({
                                                 "modIds": flame_files.iter().map(|x| x.1).collect::<Vec<_>>()
                                             }))
@@ -823,7 +823,7 @@ pub enum ApprovalType {
 }
 
 impl ApprovalType {
-    fn approved(&self) -> bool {
+    pub fn approved(&self) -> bool {
         match self {
             ApprovalType::Yes => true,
             ApprovalType::WithAttributionAndSource => true,
@@ -901,6 +901,13 @@ pub struct FlameProject {
     pub name: String,
     pub slug: String,
     pub links: FlameLinks,
+    pub logo: FlameLogo,
+}
+
+#[derive(Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct FlameLogo {
+    pub thumbnail_url: String,
 }
 
 #[derive(Deserialize, Serialize)]
diff --git a/apps/labrinth/src/routes/internal/attribution.rs b/apps/labrinth/src/routes/internal/attribution.rs
new file mode 100644
index 0000000000..c433142ce8
--- /dev/null
+++ b/apps/labrinth/src/routes/internal/attribution.rs
@@ -0,0 +1,614 @@
+use actix_web::{HttpRequest, get, patch, post, web};
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use sqlx::Row;
+
+use crate::auth::get_user_from_headers;
+use crate::database::PgPool;
+use crate::database::models::ids::{
+    DBAttributionGroupId, DBProjectId, generate_attribution_group_id,
+};
+use crate::database::redis::RedisPool;
+use crate::models::ids::{ProjectId, VersionId};
+use crate::models::pats::Scopes;
+use crate::models::projects::{
+    AttributionModerationStatusKind, AttributionResolution,
+    AttributionResolutionKind,
+};
+use crate::models::users::User;
+use crate::queue::moderation::ApprovalType;
+use crate::queue::session::AuthQueue;
+use crate::routes::ApiError;
+
+pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
+    cfg.service(list)
+        .service(update_group)
+        .service(assign)
+        .service(split);
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct FlameProject {
+    pub id: u32,
+    pub title: String,
+    pub url: String,
+    pub icon_url: String,
+}
+
+#[derive(Serialize)]
+struct AttributionGroupResponse {
+    id: crate::models::ids::AttributionGroupId,
+    flame_project: Option<FlameProject>,
+    attribution: Option<crate::models::projects::AttributionResolution>,
+    attributed_at: Option<chrono::DateTime<chrono::Utc>>,
+    attributed_by: Option<ariadne::ids::UserId>,
+    files: Vec<AttributionFileResponse>,
+    versions: Vec<VersionInfo>,
+}
+
+#[derive(Clone, Serialize)]
+struct VersionInfo {
+    id: VersionId,
+    name: String,
+    version_number: String,
+    date_created: chrono::DateTime<chrono::Utc>,
+}
+
+#[derive(Serialize)]
+struct AttributionFileResponse {
+    name: String,
+    sha1: String,
+    versions: Vec<VersionId>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    moderation_external_license_id: Option<i64>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    moderation_external_license: Option<ModerationExternalLicenseResponse>,
+}
+
+#[derive(Clone, Serialize)]
+struct ModerationExternalLicenseResponse {
+    id: i64,
+    title: Option<String>,
+    status: ApprovalType,
+    link: Option<String>,
+    exceptions: Option<String>,
+    proof: Option<String>,
+    flame_project_id: Option<i32>,
+    inserted_at: Option<DateTime<Utc>>,
+    inserted_by: Option<i64>,
+    updated_at: Option<DateTime<Utc>>,
+    updated_by: Option<i64>,
+}
+
+#[utoipa::path]
+#[get("/{project_id}")]
+async fn list(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    path: web::Path<ProjectId>,
+) -> Result<web::Json<Vec<AttributionGroupResponse>>, ApiError> {
+    let project_id: DBProjectId = path.into_inner().into();
+    let show_moderation_external_license_ids = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::PROJECT_READ,
+    )
+    .await
+    .ok()
+    .is_some_and(|(_, user)| user.role.is_mod());
+
+    let groups = sqlx::query!(
+        r#"
+		select
+			g.id as "id: DBAttributionGroupId",
+			g.flame_project,
+			g.attribution,
+			g.attributed_at,
+			g.attributed_by as "attributed_by: i64"
+		from project_attribution_groups g
+		where g.project_id = $1
+		"#,
+        project_id as DBProjectId,
+    )
+    .fetch_all(pool.as_ref())
+    .await?;
+
+    let group_ids: Vec<i64> = groups.iter().map(|g| g.id.0).collect();
+
+    let files = if group_ids.is_empty() {
+        Vec::new()
+    } else {
+        sqlx::query(
+            "
+			select paf.group_id, paf.name, convert_from(paf.sha1, 'UTF8') as sha1, paf.moderation_external_license_id,
+				coalesce(array_agg(distinct aev.id) filter (where aev.id is not null), '{}') as version_ids
+			from project_attribution_files paf
+			left join override_file_sources ofs on ofs.sha1 = paf.sha1
+			left join files f on f.id = ofs.file_id
+			left join attribution_enforced_versions aev on aev.id = f.version_id
+			where paf.group_id = ANY($1)
+			group by paf.group_id, paf.name, paf.sha1, paf.moderation_external_license_id
+			",
+        )
+        .bind(&group_ids)
+        .fetch_all(pool.as_ref())
+        .await?
+    };
+
+    let moderation_external_licenses = if show_moderation_external_license_ids {
+        let mut ids: Vec<i64> = files
+            .iter()
+            .filter_map(|f| f.get("moderation_external_license_id"))
+            .collect();
+        ids.sort_unstable();
+        ids.dedup();
+
+        if ids.is_empty() {
+            std::collections::HashMap::new()
+        } else {
+            sqlx::query!(
+                r#"
+				select
+					id,
+					title,
+					status,
+					link,
+					exceptions,
+					proof,
+					flame_project_id,
+					inserted_at,
+					inserted_by,
+					updated_at,
+					updated_by
+				from moderation_external_licenses
+				where id = ANY($1)
+				"#,
+                &ids,
+            )
+            .fetch_all(pool.as_ref())
+            .await?
+            .into_iter()
+            .map(|row| {
+                (
+                    row.id,
+                    ModerationExternalLicenseResponse {
+                        id: row.id,
+                        title: row.title,
+                        status: ApprovalType::from_string(&row.status)
+                            .unwrap_or(ApprovalType::Unidentified),
+                        link: row.link,
+                        exceptions: row.exceptions,
+                        proof: row.proof,
+                        flame_project_id: row.flame_project_id,
+                        inserted_at: row.inserted_at,
+                        inserted_by: row.inserted_by,
+                        updated_at: row.updated_at,
+                        updated_by: row.updated_by,
+                    },
+                )
+            })
+            .collect()
+        }
+    } else {
+        std::collections::HashMap::new()
+    };
+
+    let mut all_version_ids: Vec<i64> = files
+        .iter()
+        .flat_map(|f| f.get::<Vec<i64>, _>("version_ids"))
+        .collect();
+    all_version_ids.sort_unstable();
+    all_version_ids.dedup();
+
+    let version_infos = if all_version_ids.is_empty() {
+        Vec::new()
+    } else {
+        let rows = sqlx::query!(
+            "
+			select id, name, version_number, date_published
+			from versions
+			where id = ANY($1)
+			order by date_published desc
+			",
+            &all_version_ids,
+        )
+        .fetch_all(pool.as_ref())
+        .await?;
+        rows.into_iter()
+            .map(|v| VersionInfo {
+                id: VersionId(v.id as u64),
+                name: v.name,
+                version_number: v.version_number,
+                date_created: v.date_published,
+            })
+            .collect()
+    };
+    let version_order = version_infos
+        .iter()
+        .enumerate()
+        .map(|(index, version)| (version.id, index))
+        .collect::<std::collections::HashMap<_, _>>();
+
+    let mut result = Vec::new();
+    for group in groups {
+        let group_files: Vec<AttributionFileResponse> = files
+            .iter()
+            .filter(|f| f.get::<i64, _>("group_id") == group.id.0)
+            .map(|f| AttributionFileResponse {
+                name: f.get("name"),
+                sha1: f.get("sha1"),
+                moderation_external_license_id:
+                    if show_moderation_external_license_ids {
+                        f.get("moderation_external_license_id")
+                    } else {
+                        None
+                    },
+                moderation_external_license:
+                    if show_moderation_external_license_ids {
+                        f.get::<Option<i64>, _>(
+                            "moderation_external_license_id",
+                        )
+                        .and_then(|id| {
+                            moderation_external_licenses.get(&id).cloned()
+                        })
+                    } else {
+                        None
+                    },
+                versions: {
+                    let mut versions: Vec<_> = f
+                        .get::<Vec<i64>, _>("version_ids")
+                        .into_iter()
+                        .map(|id| VersionId(id as u64))
+                        .collect();
+                    versions.sort_by_key(|id| {
+                        version_order.get(id).copied().unwrap_or(usize::MAX)
+                    });
+                    versions
+                },
+            })
+            .collect();
+
+        result.push(AttributionGroupResponse {
+            id: group.id.into(),
+            flame_project: group
+                .flame_project
+                .and_then(|v| serde_json::from_value(v).ok()),
+            attribution: group
+                .attribution
+                .and_then(|v| serde_json::from_value(v).ok()),
+            attributed_at: group.attributed_at,
+            attributed_by: group
+                .attributed_by
+                .map(|id| ariadne::ids::UserId(id as u64)),
+            files: group_files,
+            versions: version_infos.clone(),
+        });
+    }
+
+    Ok(web::Json(result))
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+struct UpdateGroupBody {
+    attribution: AttributionResolution,
+}
+
+#[utoipa::path]
+#[patch("/group/{group_id}")]
+async fn update_group(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    path: web::Path<i64>,
+    web::Json(body): web::Json<UpdateGroupBody>,
+) -> Result<(), ApiError> {
+    let group_id = path.into_inner();
+    let user = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::VERSION_WRITE,
+    )
+    .await?
+    .1;
+
+    if !can_edit_attribution_group(pool.as_ref(), group_id, &user).await? {
+        return Err(ApiError::CustomAuthentication(
+            "This attribution group cannot be edited".to_string(),
+        ));
+    }
+
+    if matches!(
+        body.attribution.kind,
+        AttributionResolutionKind::GloballyAllowed { .. }
+    ) && !user.role.is_mod()
+    {
+        return Err(ApiError::CustomAuthentication(
+            "Only moderators can set globally allowed attributions".to_string(),
+        ));
+    }
+
+    if body.attribution.moderation_status.is_some() && !user.role.is_mod() {
+        return Err(ApiError::CustomAuthentication(
+            "Only moderators can set attribution moderation status".to_string(),
+        ));
+    }
+
+    let result = sqlx::query!(
+        "
+		update project_attribution_groups
+		set attribution = $1, attributed_at = now(), attributed_by = $3
+		where id = $2
+		",
+        &serde_json::to_value(&body.attribution).unwrap_or_default(),
+        group_id,
+        user.id.0 as i64,
+    )
+    .execute(pool.as_ref())
+    .await?;
+
+    if result.rows_affected() == 0 {
+        return Err(ApiError::NotFound);
+    }
+
+    Ok(())
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+struct AssignBody {
+    sha1: String,
+    target_group_id: i64,
+    project_id: ProjectId,
+}
+
+#[utoipa::path]
+#[post("/assign")]
+async fn assign(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    web::Json(body): web::Json<AssignBody>,
+) -> Result<(), ApiError> {
+    let user = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::VERSION_WRITE,
+    )
+    .await?
+    .1;
+
+    let sha1 = body.sha1.trim().to_lowercase();
+    if hex_to_bytes(&sha1).is_none() {
+        return Err(ApiError::InvalidInput(
+            "invalid sha1 hex string".to_string(),
+        ));
+    }
+    let sha1_bytes = sha1.as_bytes().to_vec();
+    let project_id: DBProjectId = body.project_id.into();
+
+    let source_group_id = sqlx::query_scalar!(
+        "
+		select paf.group_id
+		from project_attribution_files paf
+		inner join project_attribution_groups pag on pag.id = paf.group_id
+		where paf.sha1 = $1 and pag.project_id = $2
+		",
+        &sha1_bytes,
+        project_id as DBProjectId,
+    )
+    .fetch_optional(pool.as_ref())
+    .await?
+    .ok_or(ApiError::NotFound)?;
+
+    let target_group_exists = sqlx::query_scalar!(
+        "
+		select exists(
+			select 1 from project_attribution_groups where id = $1 and project_id = $2
+		) as \"exists!\"
+		",
+        body.target_group_id,
+        project_id as DBProjectId,
+    )
+    .fetch_one(pool.as_ref())
+    .await?;
+
+    if !target_group_exists {
+        return Err(ApiError::NotFound);
+    }
+
+    if !can_edit_attribution_group(pool.as_ref(), source_group_id, &user)
+        .await?
+        || !can_edit_attribution_group(
+            pool.as_ref(),
+            body.target_group_id,
+            &user,
+        )
+        .await?
+    {
+        return Err(ApiError::CustomAuthentication(
+            "This attribution group cannot be edited".to_string(),
+        ));
+    }
+
+    let result = sqlx::query!(
+        "
+		update project_attribution_files
+		set group_id = $1
+		where sha1 = $2
+		and group_id in (
+			select id from project_attribution_groups where project_id = $3
+		)
+		",
+        body.target_group_id,
+        &sha1_bytes,
+        project_id as DBProjectId,
+    )
+    .execute(pool.as_ref())
+    .await?;
+
+    if result.rows_affected() == 0 {
+        return Err(ApiError::NotFound);
+    }
+
+    cleanup_empty_groups(pool.as_ref()).await?;
+
+    Ok(())
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+struct SplitBody {
+    sha1: String,
+    project_id: ProjectId,
+}
+
+#[utoipa::path]
+#[post("/split")]
+async fn split(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    web::Json(body): web::Json<SplitBody>,
+) -> Result<(), ApiError> {
+    let user = get_user_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::VERSION_WRITE,
+    )
+    .await?
+    .1;
+
+    let sha1 = body.sha1.trim().to_lowercase();
+    if hex_to_bytes(&sha1).is_none() {
+        return Err(ApiError::InvalidInput(
+            "invalid sha1 hex string".to_string(),
+        ));
+    }
+    let sha1_bytes = sha1.as_bytes().to_vec();
+    let project_id: DBProjectId = body.project_id.into();
+
+    let existing = sqlx::query!(
+        "
+		select paf.group_id, paf.name from project_attribution_files paf
+		inner join project_attribution_groups pag on pag.id = paf.group_id
+		where paf.sha1 = $1 and pag.project_id = $2
+		",
+        &sha1_bytes,
+        project_id as DBProjectId,
+    )
+    .fetch_optional(pool.as_ref())
+    .await?;
+
+    let Some(existing) = existing else {
+        return Err(ApiError::NotFound);
+    };
+
+    if !can_edit_attribution_group(pool.as_ref(), existing.group_id, &user)
+        .await?
+    {
+        return Err(ApiError::CustomAuthentication(
+            "This attribution group cannot be edited".to_string(),
+        ));
+    }
+
+    let mut txn = pool.begin().await?;
+
+    let new_group_id = generate_attribution_group_id(&mut txn).await?;
+
+    sqlx::query!(
+        "
+		insert into project_attribution_groups (id, project_id)
+		values ($1, $2)
+		",
+        new_group_id as DBAttributionGroupId,
+        project_id as DBProjectId,
+    )
+    .execute(&mut txn)
+    .await?;
+
+    sqlx::query!(
+        "
+		update project_attribution_files
+		set group_id = $1
+		where sha1 = $2 and group_id = $3
+		",
+        new_group_id as DBAttributionGroupId,
+        &sha1_bytes,
+        existing.group_id,
+    )
+    .execute(&mut txn)
+    .await?;
+
+    txn.commit().await?;
+
+    cleanup_empty_groups(pool.as_ref()).await?;
+
+    Ok(())
+}
+
+async fn can_edit_attribution_group(
+    pool: &PgPool,
+    group_id: i64,
+    user: &User,
+) -> Result<bool, ApiError> {
+    if user.role.is_mod() {
+        return Ok(true);
+    }
+
+    let attribution = sqlx::query_scalar!(
+        "
+		select attribution
+		from project_attribution_groups
+		where id = $1
+		",
+        group_id,
+    )
+    .fetch_optional(pool)
+    .await?
+    .ok_or(ApiError::NotFound)?;
+
+    let attribution: Option<AttributionResolution> =
+        attribution.and_then(|value| serde_json::from_value(value).ok());
+
+    Ok(!matches!(
+        attribution
+            .and_then(|attribution| attribution.moderation_status)
+            .map(|status| status.kind),
+        Some(AttributionModerationStatusKind::NotAllowed)
+    ))
+}
+
+async fn cleanup_empty_groups(pool: &PgPool) -> Result<(), ApiError> {
+    sqlx::query!(
+        "
+		delete from project_attribution_groups g
+		where not exists (
+			select 1 from project_attribution_files f where f.group_id = g.id
+		)
+		",
+    )
+    .execute(pool)
+    .await?;
+    Ok(())
+}
+
+fn hex_to_bytes(hex: &str) -> Option<Vec<u8>> {
+    if !hex.len().is_multiple_of(2) {
+        return None;
+    }
+    (0..hex.len())
+        .step_by(2)
+        .map(|i| u8::from_str_radix(&hex[i..i + 2], 16).ok())
+        .collect()
+}
diff --git a/apps/labrinth/src/routes/internal/external_notifications.rs b/apps/labrinth/src/routes/internal/external_notifications.rs
index def435071a..e6a3e17a96 100644
--- a/apps/labrinth/src/routes/internal/external_notifications.rs
+++ b/apps/labrinth/src/routes/internal/external_notifications.rs
@@ -1,23 +1,34 @@
 use crate::auth::get_user_from_headers;
 use crate::database::PgPool;
 use crate::database::models::ids::DBUserId;
+use crate::database::models::notification_item::DBNotification;
 use crate::database::models::notification_item::NotificationBuilder;
 use crate::database::models::user_item::DBUser;
 use crate::database::redis::RedisPool;
 use crate::models::users::Role;
-use crate::models::v3::notifications::NotificationBody;
+use crate::models::v3::notifications::{
+    NotificationBody, NotificationDeliveryStatus,
+};
 use crate::models::v3::pats::Scopes;
+use crate::queue::email::EmailQueue;
 use crate::queue::session::AuthQueue;
 use crate::routes::ApiError;
 use crate::util::guards::external_notification_key_guard;
-use actix_web::HttpRequest;
+use actix_web::http::StatusCode;
 use actix_web::web;
-use actix_web::{HttpResponse, post};
+use actix_web::{
+    CustomizeResponder, HttpRequest, HttpResponse, Responder, delete, post,
+};
 use ariadne::ids::UserId;
+use eyre::eyre;
+use lettre::message::Mailbox;
 use serde::Deserialize;
 
 pub fn config(cfg: &mut web::ServiceConfig) {
-    cfg.service(create).service(send_custom_email);
+    cfg.service(create)
+        .service(create_email_sync)
+        .service(remove)
+        .service(send_custom_email);
 }
 
 #[derive(Deserialize)]
@@ -56,6 +67,152 @@ pub async fn create(
     Ok(HttpResponse::Accepted().finish())
 }
 
+/// Inserts notifications for all users and tries to send emails immediately.
+///
+/// Responds with the user IDs that could not be emailed:
+/// - `200` if every recipient was emailed (empty list)
+/// - `207` if some recipients could not be emailed (list of failed IDs)
+#[post(
+    "external_notifications/email-sync",
+    guard = "external_notification_key_guard"
+)]
+pub async fn create_email_sync(
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    email_queue: web::Data<EmailQueue>,
+    create_notification: web::Json<CreateNotification>,
+) -> Result<CustomizeResponder<web::Json<Vec<UserId>>>, ApiError> {
+    let CreateNotification { body, user_ids } =
+        create_notification.into_inner();
+    let raw_user_ids = user_ids.iter().map(|x| x.0 as i64).collect::<Vec<_>>();
+
+    let user_ids = raw_user_ids
+        .iter()
+        .map(|x| DBUserId(*x))
+        .collect::<Vec<_>>();
+
+    let mut txn = pool.begin().await?;
+
+    if !DBUser::exists_many(&user_ids, &mut txn).await? {
+        return Err(ApiError::InvalidInput(
+            "One of the specified users do not exist.".to_owned(),
+        ));
+    }
+
+    // Skip users who already have an identical notification
+    let body_value = serde_json::value::to_value(&body)?;
+    let already_notified = sqlx::query!(
+        "
+        SELECT DISTINCT user_id
+        FROM notifications
+        WHERE user_id = ANY($1::bigint[]) AND body = $2::jsonb
+        ",
+        &raw_user_ids[..],
+        body_value,
+    )
+    .fetch_all(&mut txn)
+    .await?
+    .into_iter()
+    .map(|row| DBUserId(row.user_id))
+    .collect::<std::collections::HashSet<_>>();
+
+    let notification_user_ids = user_ids
+        .clone()
+        .into_iter()
+        .filter(|id| !already_notified.contains(id))
+        .collect::<Vec<_>>();
+
+    NotificationBuilder { body: body.clone() }
+        .insert_many_without_delivery(notification_user_ids, &mut txn, &redis)
+        .await?;
+
+    txn.commit().await?;
+
+    let mut email_txn = pool.begin().await?;
+
+    let mut failed = Vec::new();
+    for user_id in &user_ids {
+        let Some(user) =
+            DBUser::get_id(*user_id, &mut email_txn, &redis).await?
+        else {
+            failed.push(UserId(user_id.0 as u64));
+            continue;
+        };
+
+        let delivered = match user
+            .email
+            .and_then(|email| email.parse::<Mailbox>().ok())
+        {
+            Some(mailbox) => {
+                email_queue
+                    .send_one(&mut email_txn, body.clone(), *user_id, mailbox)
+                    .await?
+                    == NotificationDeliveryStatus::Delivered
+            }
+            None => false,
+        };
+
+        if !delivered {
+            failed.push(UserId(user_id.0 as u64));
+        }
+    }
+
+    let status = if failed.is_empty() {
+        StatusCode::OK
+    } else {
+        StatusCode::MULTI_STATUS
+    };
+
+    Ok(web::Json(failed).customize().with_status(status))
+}
+
+#[derive(Deserialize)]
+struct NotificationFilter {
+    pub user_ids: Vec<UserId>,
+    #[serde(flatten)]
+    pub body: serde_json::Map<String, serde_json::Value>,
+}
+
+#[delete("external_notifications", guard = "external_notification_key_guard")]
+pub async fn remove(
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    notification_filter: web::Json<NotificationFilter>,
+) -> Result<HttpResponse, ApiError> {
+    let NotificationFilter { user_ids, body } =
+        notification_filter.into_inner();
+
+    if user_ids.is_empty() {
+        return Err(ApiError::Request(eyre!(
+            "at least one user must be provided to remove notifications from"
+        )));
+    }
+
+    if body.is_empty() {
+        return Err(ApiError::Request(eyre!(
+            "at least one `body` field must be provided to match notifications"
+        )));
+    }
+
+    let filters = serde_json::Value::Object(body);
+
+    let user_ids = user_ids
+        .into_iter()
+        .map(|x| DBUserId(x.0 as i64))
+        .collect::<Vec<_>>();
+
+    let mut txn = pool.begin().await?;
+
+    DBNotification::remove_many_matching_body(
+        &filters, &user_ids, &mut txn, &redis,
+    )
+    .await?;
+
+    txn.commit().await?;
+
+    Ok(HttpResponse::NoContent().finish())
+}
+
 #[derive(Deserialize)]
 struct SendEmail {
     pub users: Vec<UserId>,
diff --git a/apps/labrinth/src/routes/internal/flows.rs b/apps/labrinth/src/routes/internal/flows.rs
index 871c6a5fd0..16d9329196 100644
--- a/apps/labrinth/src/routes/internal/flows.rs
+++ b/apps/labrinth/src/routes/internal/flows.rs
@@ -38,7 +38,6 @@ use reqwest::header::AUTHORIZATION;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::str::FromStr;
-use std::sync::Arc;
 use tracing::info;
 use validator::Validate;
 use zxcvbn::Score;
@@ -83,7 +82,7 @@ impl TempUser {
         provider: AuthProvider,
         transaction: &mut PgTransaction<'_>,
         client: &PgPool,
-        file_host: &Arc<dyn FileHost + Send + Sync>,
+        file_host: &dyn FileHost,
         redis: &RedisPool,
     ) -> Result<crate::database::models::DBUserId, AuthenticationError> {
         if let Some(email) = &self.email
@@ -150,7 +149,7 @@ impl TempUser {
                     ext,
                     Some(96),
                     Some(1.0),
-                    &**file_host,
+                    file_host,
                 )
                 .await;
 
@@ -1173,7 +1172,7 @@ pub async fn auth_callback(
     req: HttpRequest,
     Query(query): Query<HashMap<String, String>>,
     client: Data<PgPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     redis: Data<RedisPool>,
 ) -> Result<HttpResponse, crate::auth::templates::ErrorPage> {
     let state_string = query
@@ -1331,7 +1330,7 @@ pub async fn auth_callback(
                         provider,
                         &mut transaction,
                         &client,
-                        &file_host,
+                        &**file_host,
                         &redis,
                     )
                     .await?
diff --git a/apps/labrinth/src/routes/internal/mod.rs b/apps/labrinth/src/routes/internal/mod.rs
index 2af8ae81f3..94a4b4343d 100644
--- a/apps/labrinth/src/routes/internal/mod.rs
+++ b/apps/labrinth/src/routes/internal/mod.rs
@@ -1,5 +1,6 @@
 pub mod admin;
 pub mod affiliate;
+pub mod attribution;
 pub mod billing;
 pub mod campaign;
 pub mod delphi;
@@ -105,5 +106,10 @@ pub fn utoipa_config(
         utoipa_actix_web::scope("/_internal/server-ping")
             .wrap(default_cors())
             .configure(server_ping::config),
+    )
+    .service(
+        utoipa_actix_web::scope("/_internal/attribution")
+            .wrap(default_cors())
+            .configure(attribution::config),
     );
 }
diff --git a/apps/labrinth/src/routes/internal/moderation/external_license.rs b/apps/labrinth/src/routes/internal/moderation/external_license.rs
index cbcf03b245..6ef567ee34 100644
--- a/apps/labrinth/src/routes/internal/moderation/external_license.rs
+++ b/apps/labrinth/src/routes/internal/moderation/external_license.rs
@@ -5,6 +5,8 @@ use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 
 use crate::database::PgPool;
+use crate::database::models::ids::DBUserId;
+use crate::database::models::moderation_external_item::ExternalLicense;
 use crate::database::redis::RedisPool;
 use crate::models::pats::Scopes;
 use crate::queue::moderation::ApprovalType;
@@ -14,7 +16,11 @@ use crate::{auth::check_is_moderator_from_headers, queue::session::AuthQueue};
 pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
     cfg.service(search)
         .service(get_by_sha1)
-        .service(update_license);
+        .service(get_by_sha1_bulk)
+        .service(lookup)
+        .service(update_license)
+        .service(add_file)
+        .service(reassign_file);
 }
 
 #[derive(Serialize, Deserialize, utoipa::ToSchema)]
@@ -43,6 +49,26 @@ pub struct LinkedFile {
 pub struct SearchRequest {
     pub title: Option<String>,
     pub flame_id: Option<i32>,
+    pub flame_ids: Option<Vec<i32>>,
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+pub struct HashLookupRequest {
+    pub hashes: Vec<String>,
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+pub struct ExternalLicenseLookupRequest {
+    #[serde(default)]
+    pub flame_ids: Vec<i32>,
+    #[serde(default)]
+    pub hashes: Vec<String>,
+}
+
+#[derive(Serialize, utoipa::ToSchema)]
+pub struct ExternalLicenseLookupResponse {
+    pub flame_ids: HashMap<i32, Vec<ExternalProject>>,
+    pub hashes: HashMap<String, ExternalProject>,
 }
 
 #[derive(Deserialize, utoipa::ToSchema)]
@@ -55,6 +81,32 @@ pub struct UpdateLicenseRequest {
     pub flame_project_id: Option<i32>,
 }
 
+#[derive(Deserialize, utoipa::ToSchema)]
+pub struct FileLicenseRequest {
+    pub hashes: Vec<String>,
+    pub license_id: LicenseId,
+}
+
+#[derive(Deserialize, utoipa::ToSchema)]
+#[serde(untagged)]
+pub enum LicenseId {
+    Number(i64),
+    String(String),
+}
+
+impl LicenseId {
+    fn parse(self) -> Result<i64, ApiError> {
+        match self {
+            LicenseId::Number(id) => Ok(id),
+            LicenseId::String(id) => id.parse().map_err(|_| {
+                ApiError::InvalidInput(
+                    "license_id must be a valid integer".to_string(),
+                )
+            }),
+        }
+    }
+}
+
 struct LicenseRow {
     id: i64,
     title: Option<String>,
@@ -69,6 +121,38 @@ struct LicenseRow {
     updated_by: Option<i64>,
 }
 
+struct LicenseHashRow {
+    hash: Vec<u8>,
+    id: i64,
+    title: Option<String>,
+    status: String,
+    link: Option<String>,
+    exceptions: Option<String>,
+    proof: Option<String>,
+    flame_project_id: Option<i32>,
+    inserted_at: Option<DateTime<Utc>>,
+    inserted_by: Option<i64>,
+    updated_at: Option<DateTime<Utc>>,
+    updated_by: Option<i64>,
+}
+
+fn normalize_sha1_hashes(hashes: &[String]) -> Result<Vec<String>, ApiError> {
+    hashes
+        .iter()
+        .map(|hash| {
+            let hash = hash.trim().to_lowercase();
+            if hash.len() != 40 || !hash.chars().all(|c| c.is_ascii_hexdigit())
+            {
+                return Err(ApiError::InvalidInput(
+                    "hash must be a valid SHA1 hex string".to_string(),
+                ));
+            }
+
+            Ok(hash)
+        })
+        .collect()
+}
+
 impl LicenseRow {
     fn into_external_project(
         self,
@@ -120,12 +204,131 @@ async fn fetch_linked_files(
             .or_default()
             .push(LinkedFile {
                 name: row.filename,
-                sha1: hex::encode(&row.sha1),
+                sha1: String::from_utf8(row.sha1)
+                    .unwrap_or_else(|err| hex::encode(err.into_bytes())),
             });
     }
     Ok(map)
 }
 
+async fn fetch_by_hashes(
+    pool: &PgPool,
+    hashes: &[String],
+) -> Result<HashMap<String, ExternalProject>, ApiError> {
+    if hashes.is_empty() {
+        return Ok(HashMap::new());
+    }
+
+    let hash_bytes = hashes
+        .iter()
+        .map(|hash| hash.as_bytes().to_vec())
+        .collect::<Vec<_>>();
+
+    let rows = sqlx::query_as!(
+        LicenseHashRow,
+        r#"
+        SELECT
+            mef.sha1 hash,
+            mel.id,
+            mel.title,
+            mel.status,
+            mel.link,
+            mel.exceptions,
+            mel.proof,
+            mel.flame_project_id,
+            mel.inserted_at,
+            mel.inserted_by,
+            mel.updated_at,
+            mel.updated_by
+        FROM moderation_external_files mef
+        INNER JOIN moderation_external_licenses mel ON mel.id = mef.external_license_id
+        WHERE mef.sha1 = ANY($1)
+        "#,
+        &hash_bytes,
+    )
+    .fetch_all(pool)
+    .await?;
+
+    let license_ids = rows.iter().map(|row| row.id).collect::<Vec<_>>();
+    let files_map = fetch_linked_files(pool, &license_ids).await?;
+
+    let mut results = HashMap::new();
+    for row in rows {
+        let hash = String::from_utf8(row.hash)
+            .unwrap_or_else(|err| hex::encode(err.into_bytes()));
+        let linked_files = files_map.get(&row.id).cloned().unwrap_or_default();
+        results.insert(
+            hash,
+            LicenseRow {
+                id: row.id,
+                title: row.title,
+                status: row.status,
+                link: row.link,
+                exceptions: row.exceptions,
+                proof: row.proof,
+                flame_project_id: row.flame_project_id,
+                inserted_at: row.inserted_at,
+                inserted_by: row.inserted_by,
+                updated_at: row.updated_at,
+                updated_by: row.updated_by,
+            }
+            .into_external_project(linked_files),
+        );
+    }
+
+    Ok(results)
+}
+
+async fn fetch_by_flame_ids(
+    pool: &PgPool,
+    flame_ids: &[i32],
+) -> Result<HashMap<i32, Vec<ExternalProject>>, ApiError> {
+    if flame_ids.is_empty() {
+        return Ok(HashMap::new());
+    }
+
+    let rows = sqlx::query_as!(
+        LicenseRow,
+        r#"
+        SELECT
+            mel.id,
+            mel.title,
+            mel.status,
+            mel.link,
+            mel.exceptions,
+            mel.proof,
+            mel.flame_project_id,
+            mel.inserted_at,
+            mel.inserted_by,
+            mel.updated_at,
+            mel.updated_by
+        FROM moderation_external_licenses mel
+        WHERE mel.flame_project_id = ANY($1)
+        ORDER BY mel.id
+        "#,
+        flame_ids,
+    )
+    .fetch_all(pool)
+    .await?;
+
+    let license_ids = rows.iter().map(|row| row.id).collect::<Vec<_>>();
+    let files_map = fetch_linked_files(pool, &license_ids).await?;
+
+    let mut results: HashMap<i32, Vec<ExternalProject>> = HashMap::new();
+    for row in rows {
+        if let Some(flame_project_id) = row.flame_project_id {
+            let linked_files =
+                files_map.get(&row.id).cloned().unwrap_or_default();
+            results
+                .entry(flame_project_id)
+                .or_default()
+                .push(row.into_external_project(linked_files));
+        }
+    }
+
+    Ok(results)
+}
+
 #[utoipa::path]
 #[post("/search")]
 async fn search(
@@ -144,7 +347,8 @@ async fn search(
     )
     .await?;
 
-    let rows = sqlx::query!(
+    let rows = sqlx::query_as!(
+        LicenseRow,
         r#"
         SELECT
             mel.id,
@@ -160,11 +364,16 @@ async fn search(
             mel.updated_by
         FROM moderation_external_licenses mel
         WHERE ($1::text IS NULL OR mel.title ILIKE '%' || $1 || '%')
-          AND ($2::integer IS NULL OR mel.flame_project_id = $2)
+          AND (
+            ($2::integer IS NULL AND $3::integer[] IS NULL)
+            OR mel.flame_project_id = $2
+            OR mel.flame_project_id = ANY($3)
+          )
         ORDER BY mel.id
         "#,
         body.title,
         body.flame_id,
+        body.flame_ids.as_deref(),
     )
     .fetch_all(&**pool)
     .await?;
@@ -177,26 +386,42 @@ async fn search(
         .map(|row| {
             let linked_files =
                 files_map.get(&row.id).cloned().unwrap_or_default();
-            LicenseRow {
-                id: row.id,
-                title: row.title,
-                status: row.status,
-                link: row.link,
-                exceptions: row.exceptions,
-                proof: row.proof,
-                flame_project_id: row.flame_project_id,
-                inserted_at: row.inserted_at,
-                inserted_by: row.inserted_by,
-                updated_at: row.updated_at,
-                updated_by: row.updated_by,
-            }
-            .into_external_project(linked_files)
+            row.into_external_project(linked_files)
         })
         .collect();
 
     Ok(web::Json(results))
 }
 
+#[utoipa::path]
+#[post("/lookup")]
+async fn lookup(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    body: web::Json<ExternalLicenseLookupRequest>,
+) -> Result<web::Json<ExternalLicenseLookupResponse>, ApiError> {
+    check_is_moderator_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::PROJECT_READ,
+    )
+    .await?;
+
+    let body = body.into_inner();
+    let hashes = normalize_sha1_hashes(&body.hashes)?;
+    let flame_ids = fetch_by_flame_ids(&pool, &body.flame_ids).await?;
+    let hashes = fetch_by_hashes(&pool, &hashes).await?;
+
+    Ok(web::Json(ExternalLicenseLookupResponse {
+        flame_ids,
+        hashes,
+    }))
+}
+
 #[utoipa::path]
 #[get("/by-sha1/{sha1}")]
 async fn get_by_sha1(
@@ -215,48 +440,145 @@ async fn get_by_sha1(
     )
     .await?;
 
-    let sha1 = path.into_inner().0;
+    let hashes = normalize_sha1_hashes(&[path.into_inner().0])?;
+    let hash = hashes.first().ok_or(ApiError::NotFound)?;
+    let mut results = fetch_by_hashes(&pool, &hashes).await?;
+    let result = results.remove(hash).ok_or(ApiError::NotFound)?;
+
+    Ok(web::Json(result))
+}
+
+#[utoipa::path]
+#[post("/by-sha1")]
+async fn get_by_sha1_bulk(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    body: web::Json<HashLookupRequest>,
+) -> Result<web::Json<HashMap<String, ExternalProject>>, ApiError> {
+    check_is_moderator_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::PROJECT_READ,
+    )
+    .await?;
+
+    let hashes = normalize_sha1_hashes(&body.hashes)?;
+    let results = fetch_by_hashes(&pool, &hashes).await?;
+
+    Ok(web::Json(results))
+}
+
+#[utoipa::path]
+#[post("/file")]
+async fn add_file(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    body: web::Json<FileLicenseRequest>,
+) -> Result<web::Json<ExternalProject>, ApiError> {
+    upsert_file_license(req, pool, redis, session_queue, body).await
+}
+
+#[utoipa::path]
+#[post("/file/reassign")]
+async fn reassign_file(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    body: web::Json<FileLicenseRequest>,
+) -> Result<web::Json<ExternalProject>, ApiError> {
+    upsert_file_license(req, pool, redis, session_queue, body).await
+}
+
+async fn upsert_file_license(
+    req: HttpRequest,
+    pool: web::Data<PgPool>,
+    redis: web::Data<RedisPool>,
+    session_queue: web::Data<AuthQueue>,
+    body: web::Json<FileLicenseRequest>,
+) -> Result<web::Json<ExternalProject>, ApiError> {
+    let user = check_is_moderator_from_headers(
+        &req,
+        &**pool,
+        &redis,
+        &session_queue,
+        Scopes::PROJECT_READ,
+    )
+    .await?;
+
+    let body = body.into_inner();
+    let license_id = body.license_id.parse()?;
+    if body.hashes.is_empty() {
+        return Err(ApiError::InvalidInput(
+            "hashes must contain at least one SHA1 hex string".to_string(),
+        ));
+    }
+    let hashes = normalize_sha1_hashes(&body.hashes)?;
+    let hash_bytes = hashes
+        .iter()
+        .map(|hash| hash.as_bytes().to_vec())
+        .collect::<Vec<_>>();
+    let filenames = vec![None; hashes.len()];
+    let license_ids = vec![license_id; hashes.len()];
+
+    let mut transaction = pool.begin().await?;
 
-    let row = sqlx::query!(
+    let license = sqlx::query!(
         r#"
         SELECT
-            mel.id,
-            mel.title,
-            mel.status,
-            mel.link,
-            mel.exceptions,
-            mel.proof,
-            mel.flame_project_id,
-            mel.inserted_at,
-            mel.inserted_by,
-            mel.updated_at,
-            mel.updated_by
-        FROM moderation_external_files mef
-        INNER JOIN moderation_external_licenses mel ON mel.id = mef.external_license_id
-        WHERE mef.sha1 = $1
+            id,
+            title,
+            status,
+            link,
+            exceptions,
+            proof,
+            flame_project_id,
+            inserted_at,
+            inserted_by,
+            updated_at,
+            updated_by
+        FROM moderation_external_licenses
+        WHERE id = $1
         "#,
-        sha1.as_bytes().to_vec(),
+        license_id,
     )
-    .fetch_optional(&**pool)
+    .fetch_optional(&mut transaction)
     .await?
     .ok_or(ApiError::NotFound)?;
 
-    let files_map = fetch_linked_files(&pool, &[row.id]).await?;
-    let linked_files = files_map.get(&row.id).cloned().unwrap_or_default();
+    ExternalLicense::insert_files(
+        &mut transaction,
+        &hash_bytes,
+        &filenames,
+        &license_ids,
+        DBUserId(user.id.0 as i64),
+    )
+    .await?;
+
+    transaction.commit().await?;
+
+    let files_map = fetch_linked_files(&pool, &[license_id]).await?;
+    let linked_files = files_map.get(&license_id).cloned().unwrap_or_default();
 
     Ok(web::Json(
         LicenseRow {
-            id: row.id,
-            title: row.title,
-            status: row.status,
-            link: row.link,
-            exceptions: row.exceptions,
-            proof: row.proof,
-            flame_project_id: row.flame_project_id,
-            inserted_at: row.inserted_at,
-            inserted_by: row.inserted_by,
-            updated_at: row.updated_at,
-            updated_by: row.updated_by,
+            id: license.id,
+            title: license.title,
+            status: license.status,
+            link: license.link,
+            exceptions: license.exceptions,
+            proof: license.proof,
+            flame_project_id: license.flame_project_id,
+            inserted_at: license.inserted_at,
+            inserted_by: license.inserted_by,
+            updated_at: license.updated_at,
+            updated_by: license.updated_by,
         }
         .into_external_project(linked_files),
     ))
diff --git a/apps/labrinth/src/routes/internal/moderation/tech_review.rs b/apps/labrinth/src/routes/internal/moderation/tech_review.rs
index d201f081e1..491836e446 100644
--- a/apps/labrinth/src/routes/internal/moderation/tech_review.rs
+++ b/apps/labrinth/src/routes/internal/moderation/tech_review.rs
@@ -289,13 +289,13 @@ async fn get_report(
                 'flag_reason', 'delphi',
                 'download_url', f.url,
                 -- TODO: replace with `json_array` in Postgres 16
-                'issues', (
-                    SELECT json_agg(
-                        to_jsonb(dri)
-                        || jsonb_build_object(
-                            -- TODO: replace with `json_array` in Postgres 16
-                            'details', (
-                                SELECT coalesce(jsonb_agg(
+				'issues', (
+					SELECT coalesce(json_agg(
+						to_jsonb(dri)
+						|| jsonb_build_object(
+							-- TODO: replace with `json_array` in Postgres 16
+							'details', (
+								SELECT coalesce(jsonb_agg(
                                     jsonb_build_object(
                                         'id', didws.id,
                                         'issue_id', didws.issue_id,
@@ -310,11 +310,11 @@ async fn get_report(
                                 FROM delphi_issue_details_with_statuses didws
                                 WHERE didws.issue_id = dri.id
                             )
-                        )
-                    )
-                    FROM delphi_report_issues dri
-                    WHERE
-                        dri.report_id = dr.id
+						)
+					), '[]'::json)
+					FROM delphi_report_issues dri
+					WHERE
+						dri.report_id = dr.id
                         -- see delphi.rs todo comment
                         AND dri.issue_type != '__dummy'
                 )
diff --git a/apps/labrinth/src/routes/v2/project_creation.rs b/apps/labrinth/src/routes/v2/project_creation.rs
index dd14c32bdd..aa8e491229 100644
--- a/apps/labrinth/src/routes/v2/project_creation.rs
+++ b/apps/labrinth/src/routes/v2/project_creation.rs
@@ -20,7 +20,6 @@ use serde::{Deserialize, Serialize};
 use serde_json::json;
 
 use std::collections::HashMap;
-use std::sync::Arc;
 use validator::Validate;
 
 use super::version_creation::InitialVersionData;
@@ -158,7 +157,7 @@ pub async fn project_create(
     payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     http: Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
diff --git a/apps/labrinth/src/routes/v2/projects.rs b/apps/labrinth/src/routes/v2/projects.rs
index ab24386b8e..46aa924162 100644
--- a/apps/labrinth/src/routes/v2/projects.rs
+++ b/apps/labrinth/src/routes/v2/projects.rs
@@ -18,7 +18,6 @@ use crate::search::{SearchBackend, SearchRequest};
 use actix_web::{HttpRequest, HttpResponse, delete, get, patch, post, web};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
-use std::sync::Arc;
 use validator::Validate;
 
 pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
@@ -924,7 +923,7 @@ pub async fn project_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -964,7 +963,7 @@ pub async fn delete_project_icon(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     // Returns NoContent, so no need to convert
@@ -1055,7 +1054,7 @@ pub async fn add_gallery_item(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -1198,7 +1197,7 @@ pub async fn delete_gallery_item(
     web::Query(item): web::Query<GalleryDeleteQuery>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     // Returns NoContent, so no need to convert
diff --git a/apps/labrinth/src/routes/v2/threads.rs b/apps/labrinth/src/routes/v2/threads.rs
index 51145e709e..e04a369cc5 100644
--- a/apps/labrinth/src/routes/v2/threads.rs
+++ b/apps/labrinth/src/routes/v2/threads.rs
@@ -1,5 +1,3 @@
-use std::sync::Arc;
-
 use crate::database::PgPool;
 use crate::database::redis::RedisPool;
 use crate::file_hosting::FileHost;
@@ -169,7 +167,7 @@ pub async fn message_delete(
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
     session_queue: web::Data<AuthQueue>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
 ) -> Result<HttpResponse, ApiError> {
     // Returns NoContent, so we don't need to convert the response
     v3::threads::message_delete(
diff --git a/apps/labrinth/src/routes/v2/users.rs b/apps/labrinth/src/routes/v2/users.rs
index 79f5bc9e6e..961e91dad1 100644
--- a/apps/labrinth/src/routes/v2/users.rs
+++ b/apps/labrinth/src/routes/v2/users.rs
@@ -11,7 +11,6 @@ use crate::queue::session::AuthQueue;
 use crate::routes::{ApiError, v2_reroute, v3};
 use actix_web::{HttpRequest, HttpResponse, delete, get, patch, web};
 use serde::{Deserialize, Serialize};
-use std::sync::Arc;
 use validator::Validate;
 
 pub fn config(cfg: &mut utoipa_actix_web::service_config::ServiceConfig) {
@@ -299,7 +298,7 @@ pub async fn user_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -339,7 +338,7 @@ pub async fn user_icon_delete(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     // Returns NoContent, so we don't need to convert to V2
diff --git a/apps/labrinth/src/routes/v2/version_creation.rs b/apps/labrinth/src/routes/v2/version_creation.rs
index 3a21183ba4..bd37a55a96 100644
--- a/apps/labrinth/src/routes/v2/version_creation.rs
+++ b/apps/labrinth/src/routes/v2/version_creation.rs
@@ -21,7 +21,6 @@ use actix_web::{HttpRequest, HttpResponse, post, web};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::collections::HashMap;
-use std::sync::Arc;
 use validator::Validate;
 
 pub fn default_requested_status() -> VersionStatus {
@@ -99,7 +98,7 @@ pub async fn version_create(
     payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     moderation_queue: Data<AutomatedModerationQueue>,
     http: Data<HttpClient>,
@@ -327,7 +326,7 @@ pub async fn upload_file_to_version(
     payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
     http: web::Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
diff --git a/apps/labrinth/src/routes/v3/collections.rs b/apps/labrinth/src/routes/v3/collections.rs
index cbf75477a0..605f857065 100644
--- a/apps/labrinth/src/routes/v3/collections.rs
+++ b/apps/labrinth/src/routes/v3/collections.rs
@@ -25,7 +25,6 @@ use chrono::Utc;
 use eyre::eyre;
 use itertools::Itertools;
 use serde::{Deserialize, Serialize};
-use std::sync::Arc;
 use validator::Validate;
 
 pub fn config(cfg: &mut web::ServiceConfig) {
@@ -390,7 +389,7 @@ pub async fn collection_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -423,7 +422,7 @@ pub async fn collection_icon_edit(
         collection_item.icon_url,
         collection_item.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -442,7 +441,7 @@ pub async fn collection_icon_edit(
         &ext.ext,
         Some(96),
         Some(1.0),
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -474,7 +473,7 @@ pub async fn delete_collection_icon(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -505,7 +504,7 @@ pub async fn delete_collection_icon(
         collection_item.icon_url,
         collection_item.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
     let mut transaction = pool.begin().await?;
diff --git a/apps/labrinth/src/routes/v3/images.rs b/apps/labrinth/src/routes/v3/images.rs
index efeb59a838..d00e03946c 100644
--- a/apps/labrinth/src/routes/v3/images.rs
+++ b/apps/labrinth/src/routes/v3/images.rs
@@ -1,5 +1,3 @@
-use std::sync::Arc;
-
 use super::threads::is_authorized_thread;
 use crate::auth::checks::{is_team_member_project, is_team_member_version};
 use crate::auth::get_user_from_headers;
@@ -41,7 +39,7 @@ pub struct ImageUpload {
 pub async fn images_add(
     req: HttpRequest,
     web::Query(data): web::Query<ImageUpload>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
@@ -191,7 +189,7 @@ pub async fn images_add(
         &data.ext,
         None,
         None,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
diff --git a/apps/labrinth/src/routes/v3/oauth_clients.rs b/apps/labrinth/src/routes/v3/oauth_clients.rs
index adcb4e477e..7c16ea141d 100644
--- a/apps/labrinth/src/routes/v3/oauth_clients.rs
+++ b/apps/labrinth/src/routes/v3/oauth_clients.rs
@@ -1,4 +1,4 @@
-use std::{collections::HashSet, fmt::Display, sync::Arc};
+use std::{collections::HashSet, fmt::Display};
 
 use super::ApiError;
 use crate::database::{PgPool, PgTransaction};
@@ -354,7 +354,7 @@ pub async fn oauth_client_icon_edit(
     client_id: web::Path<OAuthClientId>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -382,7 +382,7 @@ pub async fn oauth_client_icon_edit(
         client.icon_url.clone(),
         client.raw_icon_url.clone(),
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -399,7 +399,7 @@ pub async fn oauth_client_icon_edit(
         &ext.ext,
         Some(96),
         Some(1.0),
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -424,7 +424,7 @@ pub async fn oauth_client_icon_delete(
     client_id: web::Path<OAuthClientId>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -450,7 +450,7 @@ pub async fn oauth_client_icon_delete(
         client.icon_url.clone(),
         client.raw_icon_url.clone(),
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
diff --git a/apps/labrinth/src/routes/v3/organizations.rs b/apps/labrinth/src/routes/v3/organizations.rs
index 838f47c9a4..a45805eab9 100644
--- a/apps/labrinth/src/routes/v3/organizations.rs
+++ b/apps/labrinth/src/routes/v3/organizations.rs
@@ -1,5 +1,4 @@
 use std::collections::HashMap;
-use std::sync::Arc;
 
 use super::ApiError;
 use crate::auth::checks::is_visible_organization;
@@ -1158,7 +1157,7 @@ pub async fn organization_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -1209,7 +1208,7 @@ pub async fn organization_icon_edit(
         organization_item.icon_url,
         organization_item.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -1228,7 +1227,7 @@ pub async fn organization_icon_edit(
         &ext.ext,
         Some(96),
         Some(1.0),
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -1264,7 +1263,7 @@ pub async fn delete_organization_icon(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -1314,7 +1313,7 @@ pub async fn delete_organization_icon(
         organization_item.icon_url,
         organization_item.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
diff --git a/apps/labrinth/src/routes/v3/project_creation.rs b/apps/labrinth/src/routes/v3/project_creation.rs
index 42f1e4624a..32b487b48d 100644
--- a/apps/labrinth/src/routes/v3/project_creation.rs
+++ b/apps/labrinth/src/routes/v3/project_creation.rs
@@ -40,7 +40,6 @@ use itertools::Itertools;
 use rust_decimal::Decimal;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
-use std::sync::Arc;
 use thiserror::Error;
 use validator::Validate;
 
@@ -290,7 +289,7 @@ pub async fn project_create(
     payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     http: Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
@@ -311,7 +310,7 @@ pub async fn project_create_internal(
     mut payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     http: Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
@@ -325,7 +324,7 @@ pub async fn project_create_internal(
         req,
         &mut payload,
         &mut transaction,
-        &***file_host,
+        &**file_host,
         &mut uploaded_files,
         &client,
         &redis,
@@ -336,7 +335,7 @@ pub async fn project_create_internal(
     .await;
 
     if result.is_err() {
-        let undo_result = undo_uploads(&***file_host, &uploaded_files).await;
+        let undo_result = undo_uploads(&**file_host, &uploaded_files).await;
         let rollback_result = transaction.rollback().await;
 
         undo_result?;
@@ -360,7 +359,7 @@ pub async fn project_create_with_id(
     mut payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     http: Data<HttpClient>,
     path: web::Path<(ProjectId,)>,
@@ -374,7 +373,7 @@ pub async fn project_create_with_id(
         req,
         &mut payload,
         &mut transaction,
-        &***file_host,
+        &**file_host,
         &mut uploaded_files,
         &client,
         &redis,
@@ -385,7 +384,7 @@ pub async fn project_create_with_id(
     .await;
 
     if result.is_err() {
-        let undo_result = undo_uploads(&***file_host, &uploaded_files).await;
+        let undo_result = undo_uploads(&**file_host, &uploaded_files).await;
         let rollback_result = transaction.rollback().await;
 
         undo_result?;
@@ -907,7 +906,7 @@ async fn project_create_inner(
         let now = Utc::now();
 
         let id = project_builder_actual
-            .insert(&mut *transaction, http)
+            .insert(&mut *transaction, redis, file_host, http)
             .await?;
         DBUser::clear_project_cache(&[current_user.id.into()], redis).await?;
 
diff --git a/apps/labrinth/src/routes/v3/project_creation/new.rs b/apps/labrinth/src/routes/v3/project_creation/new.rs
index cbfd33971f..976c6d612a 100644
--- a/apps/labrinth/src/routes/v3/project_creation/new.rs
+++ b/apps/labrinth/src/routes/v3/project_creation/new.rs
@@ -16,6 +16,7 @@ use crate::{
         },
         redis::RedisPool,
     },
+    file_hosting::FileHost,
     models::{
         exp::{self, ProjectComponentKind, component::ComponentRelationError},
         ids::ProjectId,
@@ -117,6 +118,7 @@ pub async fn create(
     req: HttpRequest,
     db: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
     http: web::Data<HttpClient>,
     web::Json(create): web::Json<ProjectCreate>,
@@ -305,13 +307,13 @@ pub async fn create(
     };
 
     project_builder
-        .insert(&mut txn, &http)
+        .insert(&mut txn, &redis, &**file_host, &http)
         .await
         .wrap_internal_err("failed to insert project")?;
 
     if let Some(version_builder) = version_builder {
         version_builder
-            .insert(&mut txn, &http)
+            .insert(&mut txn, &redis, &**file_host, &http)
             .await
             .wrap_internal_err("failed to insert initial version")?;
     }
diff --git a/apps/labrinth/src/routes/v3/projects.rs b/apps/labrinth/src/routes/v3/projects.rs
index a40f933057..831fdb423a 100644
--- a/apps/labrinth/src/routes/v3/projects.rs
+++ b/apps/labrinth/src/routes/v3/projects.rs
@@ -1,6 +1,5 @@
 use std::any::type_name;
 use std::collections::HashMap;
-use std::sync::Arc;
 
 use crate::auth::checks::{filter_visible_versions, is_visible_project};
 use crate::auth::{filter_visible_projects, get_user_from_headers};
@@ -1694,7 +1693,7 @@ async fn project_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -1717,7 +1716,7 @@ pub async fn project_icon_edit_internal(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -1775,7 +1774,7 @@ pub async fn project_icon_edit_internal(
         project_item.inner.icon_url,
         project_item.inner.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -1794,7 +1793,7 @@ pub async fn project_icon_edit_internal(
         &ext.ext,
         Some(96),
         Some(1.0),
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -1833,7 +1832,7 @@ async fn delete_project_icon(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     delete_project_icon_internal(
@@ -1852,7 +1851,7 @@ pub async fn delete_project_icon_internal(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -1908,7 +1907,7 @@ pub async fn delete_project_icon_internal(
         project_item.inner.icon_url,
         project_item.inner.raw_icon_url,
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -1957,7 +1956,7 @@ pub async fn add_gallery_item(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -1982,7 +1981,7 @@ pub async fn add_gallery_item_internal(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -2062,7 +2061,7 @@ pub async fn add_gallery_item_internal(
         &ext.ext,
         Some(350),
         Some(1.0),
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
@@ -2334,7 +2333,7 @@ async fn delete_gallery_item(
     web::Query(item): web::Query<GalleryDeleteQuery>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     delete_gallery_item_internal(
@@ -2353,7 +2352,7 @@ pub async fn delete_gallery_item_internal(
     web::Query(item): web::Query<GalleryDeleteQuery>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -2429,7 +2428,7 @@ pub async fn delete_gallery_item_internal(
         Some(item.image_url),
         Some(item.raw_image_url),
         FileHostPublicity::Public,
-        &***file_host,
+        &**file_host,
     )
     .await?;
 
diff --git a/apps/labrinth/src/routes/v3/shared_instance_version_creation.rs b/apps/labrinth/src/routes/v3/shared_instance_version_creation.rs
index 657853c258..9fdc289025 100644
--- a/apps/labrinth/src/routes/v3/shared_instance_version_creation.rs
+++ b/apps/labrinth/src/routes/v3/shared_instance_version_creation.rs
@@ -25,7 +25,6 @@ use bytes::BytesMut;
 use chrono::Utc;
 use futures_util::StreamExt;
 use hex::FromHex;
-use std::sync::Arc;
 
 const MAX_FILE_SIZE: usize = 500 * 1024 * 1024;
 const MAX_FILE_SIZE_TEXT: &str = "500 MB";
@@ -44,7 +43,7 @@ pub async fn shared_instance_version_create(
     payload: web::Payload,
     web::Header(ContentLength(content_length)): web::Header<ContentLength>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     info: web::Path<(SharedInstanceId,)>,
     session_queue: Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -63,7 +62,7 @@ pub async fn shared_instance_version_create(
         payload,
         content_length,
         &redis,
-        &***file_host,
+        &**file_host,
         info.into_inner().0.into(),
         &session_queue,
         &mut transaction,
@@ -73,7 +72,7 @@ pub async fn shared_instance_version_create(
 
     if result.is_err() {
         let undo_result = super::project_creation::undo_uploads(
-            &***file_host,
+            &**file_host,
             &uploaded_files,
         )
         .await;
diff --git a/apps/labrinth/src/routes/v3/shared_instances.rs b/apps/labrinth/src/routes/v3/shared_instances.rs
index 260a0ef5e1..3768777029 100644
--- a/apps/labrinth/src/routes/v3/shared_instances.rs
+++ b/apps/labrinth/src/routes/v3/shared_instances.rs
@@ -22,7 +22,6 @@ use actix_web::web::{Data, Redirect};
 use actix_web::{HttpRequest, HttpResponse, web};
 use futures_util::future::try_join_all;
 use serde::Deserialize;
-use std::sync::Arc;
 use validator::Validate;
 
 pub fn config(cfg: &mut web::ServiceConfig) {
@@ -565,7 +564,7 @@ pub async fn shared_instance_version_download(
     req: HttpRequest,
     pool: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     info: web::Path<(SharedInstanceVersionId,)>,
     session_queue: Data<AuthQueue>,
 ) -> Result<Redirect, ApiError> {
diff --git a/apps/labrinth/src/routes/v3/threads.rs b/apps/labrinth/src/routes/v3/threads.rs
index 136313cdfe..23ce400feb 100644
--- a/apps/labrinth/src/routes/v3/threads.rs
+++ b/apps/labrinth/src/routes/v3/threads.rs
@@ -1,5 +1,3 @@
-use std::sync::Arc;
-
 use crate::auth::get_user_from_headers;
 use crate::database;
 use crate::database::PgPool;
@@ -599,7 +597,7 @@ pub async fn message_delete(
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
     session_queue: web::Data<AuthQueue>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
         &req,
diff --git a/apps/labrinth/src/routes/v3/users.rs b/apps/labrinth/src/routes/v3/users.rs
index c76e71845a..d90f03ffc1 100644
--- a/apps/labrinth/src/routes/v3/users.rs
+++ b/apps/labrinth/src/routes/v3/users.rs
@@ -1,7 +1,4 @@
-use std::{
-    collections::{HashMap, HashSet},
-    sync::Arc,
-};
+use std::collections::{HashMap, HashSet};
 
 use super::{ApiError, oauth_clients::get_user_clients};
 use crate::database::PgPool;
@@ -812,7 +809,7 @@ pub async fn user_icon_edit(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     mut payload: web::Payload,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
@@ -839,7 +836,7 @@ pub async fn user_icon_edit(
             actual_user.avatar_url,
             actual_user.raw_avatar_url,
             FileHostPublicity::Public,
-            &***file_host,
+            &**file_host,
         )
         .await?;
 
@@ -858,7 +855,7 @@ pub async fn user_icon_edit(
             &ext.ext,
             Some(96),
             Some(1.0),
-            &***file_host,
+            &**file_host,
         )
         .await?;
 
@@ -887,7 +884,7 @@ pub async fn user_icon_delete(
     info: web::Path<(String,)>,
     pool: web::Data<PgPool>,
     redis: web::Data<RedisPool>,
-    file_host: web::Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: web::Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
 ) -> Result<HttpResponse, ApiError> {
     let user = get_user_from_headers(
@@ -913,7 +910,7 @@ pub async fn user_icon_delete(
             actual_user.avatar_url,
             actual_user.raw_avatar_url,
             FileHostPublicity::Public,
-            &***file_host,
+            &**file_host,
         )
         .await?;
 
diff --git a/apps/labrinth/src/routes/v3/version_creation.rs b/apps/labrinth/src/routes/v3/version_creation.rs
index 58d007ff6d..7e0e8b7afc 100644
--- a/apps/labrinth/src/routes/v3/version_creation.rs
+++ b/apps/labrinth/src/routes/v3/version_creation.rs
@@ -41,7 +41,6 @@ use itertools::Itertools;
 use serde::{Deserialize, Serialize};
 use sha1::Digest;
 use std::collections::{HashMap, HashSet};
-use std::sync::Arc;
 use validator::Validate;
 
 fn default_requested_status() -> VersionStatus {
@@ -110,7 +109,7 @@ pub async fn version_create(
     mut payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: Data<AuthQueue>,
     moderation_queue: web::Data<AutomatedModerationQueue>,
     http: web::Data<HttpClient>,
@@ -123,7 +122,7 @@ pub async fn version_create(
         &mut payload,
         &mut transaction,
         &redis,
-        &***file_host,
+        &**file_host,
         &mut uploaded_files,
         &client,
         &session_queue,
@@ -134,7 +133,7 @@ pub async fn version_create(
 
     if result.is_err() {
         let undo_result = super::project_creation::undo_uploads(
-            &***file_host,
+            &**file_host,
             &uploaded_files,
         )
         .await;
@@ -481,10 +480,11 @@ async fn version_create_inner(
         loaders: version_data.loaders,
         fields: version_data.fields,
         components: exp::VersionQuery::default(),
+        files_missing_attribution: Vec::new(),
     };
 
     let project_id = builder.project_id;
-    builder.insert(transaction, http).await?;
+    builder.insert(transaction, redis, file_host, http).await?;
 
     for image_id in version_data.uploaded_images {
         if let Some(db_image) =
@@ -544,7 +544,7 @@ pub async fn upload_file_to_version(
     mut payload: Multipart,
     client: Data<PgPool>,
     redis: Data<RedisPool>,
-    file_host: Data<Arc<dyn FileHost + Send + Sync>>,
+    file_host: Data<dyn FileHost>,
     session_queue: web::Data<AuthQueue>,
     http: web::Data<HttpClient>,
 ) -> Result<HttpResponse, CreateError> {
@@ -559,7 +559,7 @@ pub async fn upload_file_to_version(
         client,
         &mut transaction,
         redis,
-        &***file_host,
+        &**file_host,
         &mut uploaded_files,
         version_id,
         &session_queue,
@@ -569,7 +569,7 @@ pub async fn upload_file_to_version(
 
     if result.is_err() {
         let undo_result = super::project_creation::undo_uploads(
-            &***file_host,
+            &**file_host,
             &uploaded_files,
         )
         .await;
@@ -780,8 +780,18 @@ async fn upload_file_to_version_inner(
             "At least one file must be specified".to_string(),
         ));
     } else {
+        let project_id = version.inner.project_id;
+
         for file in file_builders {
-            file.insert(version_id, &mut *transaction, http).await?;
+            file.insert(
+                version_id,
+                project_id,
+                &mut *transaction,
+                &redis,
+                file_host,
+                http,
+            )
+            .await?;
         }
     }
 
@@ -862,8 +872,10 @@ pub async fn upload_file(
         ));
     }
 
+    let data = data.freeze();
+
     let validation_result = validate_file(
-        data.clone().into(),
+        data.clone(),
         file_extension.to_string(),
         loaders.clone(),
         file_type,
@@ -940,7 +952,6 @@ pub async fn upload_file(
         }
     }
 
-    let data = data.freeze();
     let primary = (validation_result.is_passed()
         && version_files.iter().all(|x| !x.primary)
         && !ignore_primary)
diff --git a/apps/labrinth/src/routes/v3/version_file.rs b/apps/labrinth/src/routes/v3/version_file.rs
index 7723ffdeb8..f182edaed3 100644
--- a/apps/labrinth/src/routes/v3/version_file.rs
+++ b/apps/labrinth/src/routes/v3/version_file.rs
@@ -721,6 +721,11 @@ pub async fn delete_file(
         .execute(&mut transaction)
         .await?;
 
+        database::models::version_item::cleanup_empty_attribution_groups(
+            &mut transaction,
+        )
+        .await?;
+
         delphi::send_tech_review_exit_file_deleted_message_if_exited(
             row.project_id,
             was_in_tech_review,
diff --git a/apps/labrinth/src/routes/v3/versions.rs b/apps/labrinth/src/routes/v3/versions.rs
index 4039be60fd..6b6cada022 100644
--- a/apps/labrinth/src/routes/v3/versions.rs
+++ b/apps/labrinth/src/routes/v3/versions.rs
@@ -2,7 +2,8 @@ use std::collections::HashMap;
 
 use super::ApiError;
 use crate::auth::checks::{
-    filter_visible_versions, is_visible_project, is_visible_version,
+    enrich_dependency_attributions, filter_visible_versions,
+    is_visible_project, is_visible_version,
 };
 use crate::auth::get_user_from_headers;
 use crate::database;
@@ -24,6 +25,9 @@ use crate::models::projects::{
 };
 use crate::models::projects::{Loader, skip_nulls};
 use crate::models::teams::ProjectPermissions;
+use crate::queue::file_scan::{
+    get_dependency_attributions, get_files_missing_attribution,
+};
 use crate::queue::session::AuthQueue;
 use crate::routes::internal::delphi;
 use crate::search::SearchBackend;
@@ -113,8 +117,38 @@ pub async fn version_project_get_helper(
             && is_visible_version(&version.inner, &user_option, &pool, &redis)
                 .await?
         {
-            return Ok(HttpResponse::Ok()
-                .json(models::projects::Version::from(version)));
+            let version_id = version.inner.id;
+            let mut v = models::projects::Version::from(version);
+            let missing = get_files_missing_attribution(&**pool, &[version_id])
+                .await
+                .unwrap_or_default();
+            v.files_missing_attribution = missing
+                 .get(&version_id)
+                 .map(|entries| {
+                     entries
+                         .iter()
+                         .map(|(id, fp)| models::projects::MissingAttributionFile {
+                             id: models::ids::FileId(id.0 as u64),
+                             override_source: fp
+                                 .as_ref()
+                                 .map(|p| models::projects::OverrideSource::Flame {
+                                     id: p.id,
+                                     title: p.title.clone(),
+                                     url: p.url.clone(),
+                                     icon_url: p.icon_url.clone(),
+                                 })
+                                 .or(Some(models::projects::OverrideSource::Unknown)),
+                         })
+                         .collect()
+                 })
+                 .unwrap_or_default();
+
+            let dep_attr = get_dependency_attributions(&**pool, &[version_id])
+                .await
+                .unwrap_or_default();
+            enrich_dependency_attributions(&mut v, &dep_attr);
+
+            return Ok(HttpResponse::Ok().json(v));
         }
     }
 
@@ -207,7 +241,40 @@ pub async fn version_get_helper(
     if let Some(data) = version_data
         && is_visible_version(&data.inner, &user_option, &pool, &redis).await?
     {
-        return Ok(web::Json(models::projects::Version::from(data)));
+        let version_id = data.inner.id;
+        let mut version = models::projects::Version::from(data);
+        let missing = get_files_missing_attribution(&**pool, &[version_id])
+            .await
+            .unwrap_or_default();
+        version.files_missing_attribution = missing
+            .get(&version_id)
+            .map(|entries| {
+                entries
+                    .iter()
+                    .map(|(id, fp)| models::projects::MissingAttributionFile {
+                        id: models::ids::FileId(id.0 as u64),
+                        override_source: fp
+                            .as_ref()
+                            .map(|p| models::projects::OverrideSource::Flame {
+                                id: p.id,
+                                title: p.title.clone(),
+                                url: p.url.clone(),
+                                icon_url: p.icon_url.clone(),
+                            })
+                            .or(Some(
+                                models::projects::OverrideSource::Unknown,
+                            )),
+                    })
+                    .collect()
+            })
+            .unwrap_or_default();
+
+        let dep_attr = get_dependency_attributions(&**pool, &[version_id])
+            .await
+            .unwrap_or_default();
+        enrich_dependency_attributions(&mut version, &dep_attr);
+
+        return Ok(web::Json(version));
     }
 
     Err(ApiError::NotFound)
diff --git a/apps/labrinth/src/test/mod.rs b/apps/labrinth/src/test/mod.rs
index 0e08524049..3dedaa6b68 100644
--- a/apps/labrinth/src/test/mod.rs
+++ b/apps/labrinth/src/test/mod.rs
@@ -1,10 +1,14 @@
+use std::sync::Arc;
+
+use actix_web::web;
+
 use crate::env::ENV;
+use crate::file_hosting::FileHost;
 use crate::queue::email::EmailQueue;
 use crate::util::anrok;
 use crate::util::gotenberg::GotenbergClient;
 use crate::{LabrinthConfig, file_hosting};
 use crate::{clickhouse, env};
-use std::sync::Arc;
 
 pub mod api_common;
 pub mod api_v2;
@@ -31,8 +35,8 @@ pub async fn setup(db: &database::TemporaryDatabase) -> LabrinthConfig {
     let ro_pool = db.ro_pool.clone();
     let redis_pool = db.redis_pool.clone();
     let search_backend = db.search_backend.clone();
-    let file_host: Arc<dyn file_hosting::FileHost + Send + Sync> =
-        Arc::new(file_hosting::MockHost::new());
+    let file_host: Arc<dyn FileHost> = Arc::new(file_hosting::MockHost::new());
+    let file_host = web::Data::<dyn FileHost>::from(file_host);
     let mut clickhouse = clickhouse::init_client().await.unwrap();
 
     let stripe_client = stripe::Client::new(ENV.STRIPE_API_KEY.clone());
diff --git a/apps/labrinth/src/util/http.rs b/apps/labrinth/src/util/http.rs
index cfa942ef73..621205fe17 100644
--- a/apps/labrinth/src/util/http.rs
+++ b/apps/labrinth/src/util/http.rs
@@ -1,24 +1,23 @@
-use std::time::Duration;
+use std::sync::LazyLock;
 
 use derive_more::Deref;
-use reqwest::header::{HeaderMap, HeaderValue, USER_AGENT};
 
-/// Generic HTTP client used for anywhere you need to send an HTTP request, and
-/// do not care what headers or other parameters are used.
+pub static HTTP_CLIENT: LazyLock<HttpClient> = LazyLock::new(HttpClient::new);
+
 #[derive(Debug, Clone, Deref)]
-pub struct HttpClient(pub reqwest::Client);
+pub struct HttpClient(reqwest::Client);
 
 impl HttpClient {
     pub fn new() -> Self {
         let client = reqwest::Client::builder()
-            .default_headers(HeaderMap::from_iter([(
-                USER_AGENT,
-                HeaderValue::from_static(concat!(
+            .default_headers(reqwest::header::HeaderMap::from_iter([(
+                reqwest::header::USER_AGENT,
+                reqwest::header::HeaderValue::from_static(concat!(
                     "Labrinth/",
                     env!("COMPILATION_DATE")
                 )),
             )]))
-            .timeout(Duration::from_secs(30))
+            .timeout(std::time::Duration::from_secs(30))
             .build()
             .unwrap();
         Self(client)
diff --git a/apps/labrinth/tests/version.rs b/apps/labrinth/tests/version.rs
index 46cf863d9d..5e5a6ecf97 100644
--- a/apps/labrinth/tests/version.rs
+++ b/apps/labrinth/tests/version.rs
@@ -494,7 +494,8 @@ pub async fn test_patch_version() {
                 project_id: Some(*beta_project_id_parsed),
                 version_id: None,
                 file_name: Some("dummy_file_name".to_string()),
-                dependency_type: DependencyType::Required
+                dependency_type: DependencyType::Required,
+                attribution: None,
             }]
         );
         assert_eq!(version.loaders, vec!["forge".to_string()]);
diff --git a/packages/api-client/src/core/abstract-client.ts b/packages/api-client/src/core/abstract-client.ts
index 97ce38dd1b..70c2f1584f 100644
--- a/packages/api-client/src/core/abstract-client.ts
+++ b/packages/api-client/src/core/abstract-client.ts
@@ -1,10 +1,11 @@
 import type { InferredClientModules } from '../modules'
 import { buildModuleStructure } from '../modules'
-import type { ClientConfig } from '../types/client'
+import type { BaseUrlConfig, ClientConfig } from '../types/client'
 import type { RequestContext, RequestOptions } from '../types/request'
 import type { UploadMetadata, UploadProgress, UploadRequestOptions } from '../types/upload'
 import type { AbstractFeature } from './abstract-feature'
 import type { AbstractModule } from './abstract-module'
+import type { AbstractSyncClient } from './abstract-sync'
 import { AbstractUploadClient } from './abstract-upload-client'
 import type { AbstractWebSocketClient } from './abstract-websocket'
 import { ModrinthApiError, ModrinthServerError } from './errors'
@@ -32,7 +33,10 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 	private _moduleNamespaces: Map<string, Record<string, AbstractModule>> = new Map()
 
 	public readonly labrinth!: InferredClientModules['labrinth']
-	public readonly archon!: ArchonClientModules & { sockets: AbstractWebSocketClient }
+	public readonly archon!: ArchonClientModules & {
+		sockets: AbstractWebSocketClient
+		sync: AbstractSyncClient
+	}
 	public readonly kyros!: InferredClientModules['kyros']
 	public readonly iso3166!: InferredClientModules['iso3166']
 	public readonly mclogs!: InferredClientModules['mclogs']
@@ -116,9 +120,9 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 	async request<T>(path: string, options: RequestOptions): Promise<T> {
 		let baseUrl: string
 		if (options.api === 'labrinth') {
-			baseUrl = this.config.labrinthBaseUrl!
+			baseUrl = this.resolveBaseUrl(this.config.labrinthBaseUrl!)
 		} else if (options.api === 'archon') {
-			baseUrl = this.config.archonBaseUrl!
+			baseUrl = this.resolveBaseUrl(this.config.archonBaseUrl!)
 		} else {
 			baseUrl = options.api
 		}
@@ -160,13 +164,55 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 		}
 	}
 
+	async stream(path: string, options: RequestOptions): Promise<ReadableStream<Uint8Array>> {
+		let baseUrl: string
+		if (options.api === 'labrinth') {
+			baseUrl = this.resolveBaseUrl(this.config.labrinthBaseUrl!)
+		} else if (options.api === 'archon') {
+			baseUrl = this.resolveBaseUrl(this.config.archonBaseUrl!)
+		} else {
+			baseUrl = options.api
+		}
+
+		const url = this.buildUrl(path, baseUrl, options.version)
+		const defaultHeaders = await this.buildDefaultHeaders()
+		const mergedOptions: RequestOptions = {
+			method: 'GET',
+			retry: false,
+			circuitBreaker: false,
+			...options,
+			headers: {
+				...defaultHeaders,
+				Accept: 'text/event-stream',
+				...options.headers,
+			},
+		}
+		this.attachArchonSentryCaptureHeader(mergedOptions)
+
+		const context = this.buildContext(url, path, mergedOptions)
+
+		try {
+			return await this.executeFeatureChain<ReadableStream<Uint8Array>>(context, () =>
+				this.executeStreamRequest(context.url, context.options),
+			)
+		} catch (error) {
+			const apiError = this.normalizeError(error, context)
+			await this.config.hooks?.onError?.(apiError, context)
+
+			throw apiError
+		}
+	}
+
 	/**
 	 * Execute the feature chain and the actual request
 	 *
 	 * Features are executed in order, with each feature calling next() to continue.
 	 * The last "feature" in the chain is the actual request execution.
 	 */
-	protected async executeFeatureChain<T>(context: RequestContext): Promise<T> {
+	protected async executeFeatureChain<T>(
+		context: RequestContext,
+		executeTerminal: () => Promise<T> = () => this.executeRequest<T>(context.url, context.options),
+	): Promise<T> {
 		// Filter to only features that should apply
 		const applicableFeatures = this.features.filter((feature) => feature.shouldApply(context))
 
@@ -184,7 +230,7 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 			} else {
 				// We've reached the end of the chain, execute the actual request
 				await this.config.hooks?.onRequest?.(context)
-				return this.executeRequest<T>(context.url, context.options)
+				return executeTerminal()
 			}
 		}
 
@@ -243,6 +289,10 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 		return `${base}${versionPath}${cleanPath}`
 	}
 
+	protected resolveBaseUrl(baseUrl: BaseUrlConfig): string {
+		return typeof baseUrl === 'function' ? baseUrl() : baseUrl
+	}
+
 	/**
 	 * Build the request context
 	 */
@@ -354,6 +404,11 @@ export abstract class AbstractModrinthClient extends AbstractUploadClient {
 	 */
 	protected abstract executeRequest<T>(url: string, options: RequestOptions): Promise<T>
 
+	protected abstract executeStreamRequest(
+		url: string,
+		options: RequestOptions,
+	): Promise<ReadableStream<Uint8Array>>
+
 	/**
 	 * Execute the actual XHR upload
 	 *
diff --git a/packages/api-client/src/core/abstract-sync.ts b/packages/api-client/src/core/abstract-sync.ts
new file mode 100644
index 0000000000..a8e31c536e
--- /dev/null
+++ b/packages/api-client/src/core/abstract-sync.ts
@@ -0,0 +1,167 @@
+import type mitt from 'mitt'
+
+import type { Archon } from '../modules/archon/types'
+import type { RequestOptions } from '../types/request'
+
+export type SyncEventType = Archon.Sync.v1.SyncEvent['type']
+
+export type SyncEventOfType<E extends SyncEventType> = Extract<
+	Archon.Sync.v1.SyncEvent,
+	{ type: E }
+>
+
+export type SyncEventHandler<E extends Archon.Sync.v1.SyncEvent = Archon.Sync.v1.SyncEvent> = (
+	event: E,
+) => void
+
+export type SyncStatusState =
+	| 'idle'
+	| 'connecting'
+	| 'connected'
+	| 'reconnecting'
+	| 'disconnected'
+	| 'error'
+
+export type SyncStatus = {
+	state: SyncStatusState
+	connected: boolean
+	reconnecting: boolean
+	reconnectAttempts: number
+	retryDelay: number
+	lastEventId?: string
+	error?: unknown
+}
+
+export type SyncStatusHandler = (status: SyncStatus) => void
+
+export type SyncConnectOptions = {
+	intent?: Archon.Sync.v1.SyncIntent
+	force?: boolean
+}
+
+export type SyncConnection = {
+	serverId: string
+	intent: Archon.Sync.v1.SyncIntent
+	controller?: AbortController
+	reconnectAttempts: number
+	reconnectTimer?: ReturnType<typeof setTimeout>
+	reconnectResolve?: () => void
+	retryDelay: number
+	lastEventId?: string
+	stopped: boolean
+	status: SyncStatusState
+	error?: unknown
+}
+
+export type SyncEmitterEvents = Record<string, unknown>
+
+export abstract class AbstractSyncClient {
+	protected connections = new Map<string, SyncConnection>()
+	protected abstract emitter: ReturnType<typeof mitt<SyncEmitterEvents>>
+
+	constructor(
+		protected client: {
+			stream: (path: string, options: RequestOptions) => Promise<ReadableStream<Uint8Array>>
+		},
+	) {}
+
+	abstract safeConnectServer(serverId: string, options?: SyncConnectOptions): Promise<void>
+
+	abstract disconnect(serverId: string): void
+
+	abstract disconnectAll(): void
+
+	on<E extends SyncEventType>(
+		serverId: string,
+		eventType: E,
+		handler: SyncEventHandler<SyncEventOfType<E>>,
+	): () => void {
+		const eventKey = this.getEventKey(serverId, eventType)
+		const wrapped = handler as (event: unknown) => void
+
+		this.emitter.on(eventKey, wrapped)
+
+		return () => {
+			this.emitter.off(eventKey, wrapped)
+		}
+	}
+
+	onAny(serverId: string, handler: SyncEventHandler): () => void {
+		const eventKey = this.getAnyEventKey(serverId)
+		const wrapped = handler as (event: unknown) => void
+
+		this.emitter.on(eventKey, wrapped)
+
+		return () => {
+			this.emitter.off(eventKey, wrapped)
+		}
+	}
+
+	onStatus(serverId: string, handler: SyncStatusHandler): () => void {
+		const eventKey = this.getStatusEventKey(serverId)
+		const wrapped = handler as (event: unknown) => void
+
+		this.emitter.on(eventKey, wrapped)
+
+		return () => {
+			this.emitter.off(eventKey, wrapped)
+		}
+	}
+
+	getStatus(serverId: string): SyncStatus | null {
+		const connection = this.connections.get(serverId)
+		if (!connection) return null
+
+		return this.connectionToStatus(connection)
+	}
+
+	protected emitSyncEvent(serverId: string, event: Archon.Sync.v1.SyncEvent): void {
+		this.emitter.emit(this.getEventKey(serverId, event.type), event)
+		this.emitter.emit(this.getAnyEventKey(serverId), event)
+	}
+
+	protected updateStatus(
+		connection: SyncConnection,
+		status: SyncStatusState,
+		error?: unknown,
+	): void {
+		connection.status = status
+		connection.error = error
+		this.emitter.emit(
+			this.getStatusEventKey(connection.serverId),
+			this.connectionToStatus(connection),
+		)
+	}
+
+	protected clearListeners(serverId: string): void {
+		this.emitter.all.forEach((_handlers, type) => {
+			if (type.toString().startsWith(`${serverId}:`)) {
+				this.emitter.all.delete(type)
+			}
+		})
+	}
+
+	protected connectionToStatus(connection: SyncConnection): SyncStatus {
+		return {
+			state: connection.status,
+			connected: connection.status === 'connected',
+			reconnecting: connection.status === 'reconnecting',
+			reconnectAttempts: connection.reconnectAttempts,
+			retryDelay: connection.retryDelay,
+			lastEventId: connection.lastEventId,
+			error: connection.error,
+		}
+	}
+
+	private getEventKey(serverId: string, eventType: string): string {
+		return `${serverId}:${eventType}`
+	}
+
+	private getAnyEventKey(serverId: string): string {
+		return `${serverId}:*`
+	}
+
+	private getStatusEventKey(serverId: string): string {
+		return `${serverId}:__status`
+	}
+}
diff --git a/packages/api-client/src/index.ts b/packages/api-client/src/index.ts
index 2e1e1a3ec0..e675904fc1 100644
--- a/packages/api-client/src/index.ts
+++ b/packages/api-client/src/index.ts
@@ -1,5 +1,16 @@
 export { AbstractModrinthClient } from './core/abstract-client'
 export { AbstractFeature, type FeatureConfig } from './core/abstract-feature'
+export {
+	AbstractSyncClient,
+	type SyncConnection,
+	type SyncConnectOptions,
+	type SyncEventHandler,
+	type SyncEventOfType,
+	type SyncEventType,
+	type SyncStatus,
+	type SyncStatusHandler,
+	type SyncStatusState,
+} from './core/abstract-sync'
 export { AbstractUploadClient } from './core/abstract-upload-client'
 export {
 	AbstractWebSocketClient,
@@ -25,10 +36,18 @@ export * from './modules/types'
 export { GenericModrinthClient } from './platform/generic'
 export type { NuxtClientConfig } from './platform/nuxt'
 export { NuxtCircuitBreakerStorage, NuxtModrinthClient } from './platform/nuxt'
+export { GenericSyncClient } from './platform/sync-generic'
 export type { TauriClientConfig } from './platform/tauri'
 export { TauriModrinthClient } from './platform/tauri'
 export { XHRUploadClient } from './platform/xhr-upload-client'
 export { clearNodeAuthState, nodeAuthState, setNodeAuthState } from './state/node-auth'
 export * from './types'
 export { withJWTRetry } from './utils/jwt-retry'
+export {
+	type ParsedSseEvent,
+	type ParsedSseItem,
+	type ParsedSseRetry,
+	parseSyncEventData,
+	SseParser,
+} from './utils/sse'
 export type { Override, RawDecimal } from './utils/types'
diff --git a/packages/api-client/src/modules/archon/actions/v1.ts b/packages/api-client/src/modules/archon/actions/v1.ts
new file mode 100644
index 0000000000..88227bf0e8
--- /dev/null
+++ b/packages/api-client/src/modules/archon/actions/v1.ts
@@ -0,0 +1,35 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Archon } from '../types'
+
+export class ArchonActionsV1Module extends AbstractModule {
+	public getModuleID(): string {
+		return 'archon_actions_v1'
+	}
+
+	/**
+	 * Get server action log entries.
+	 * GET /v1/servers/:server_id/action-log
+	 */
+	public async list(
+		serverId: string,
+		options: Archon.Actions.v1.ListActionLogOptions = {},
+	): Promise<Archon.Actions.v1.ActionLogResponse> {
+		const params: Record<string, string | number> = {}
+		if (options.filter) params.filter = JSON.stringify(options.filter)
+		if (options.limit !== undefined) params.limit = options.limit
+		if (options.offset !== undefined) params.offset = options.offset
+		if (options.order !== undefined) params.order = options.order
+		if (options.min_datetime !== undefined) params.min_datetime = options.min_datetime
+		if (options.max_datetime !== undefined) params.max_datetime = options.max_datetime
+
+		return this.client.request<Archon.Actions.v1.ActionLogResponse>(
+			`/servers/${serverId}/action-log`,
+			{
+				api: 'archon',
+				version: 1,
+				method: 'GET',
+				params: Object.keys(params).length > 0 ? params : undefined,
+			},
+		)
+	}
+}
diff --git a/packages/api-client/src/modules/archon/index.ts b/packages/api-client/src/modules/archon/index.ts
index ed9719ad3c..194ea0333e 100644
--- a/packages/api-client/src/modules/archon/index.ts
+++ b/packages/api-client/src/modules/archon/index.ts
@@ -1,3 +1,4 @@
+export * from './actions/v1'
 export * from './backups/v1'
 export * from './backups-queue/v1'
 export * from './content/v1'
diff --git a/packages/api-client/src/modules/archon/nodes/internal.ts b/packages/api-client/src/modules/archon/nodes/internal.ts
new file mode 100644
index 0000000000..254f392c8c
--- /dev/null
+++ b/packages/api-client/src/modules/archon/nodes/internal.ts
@@ -0,0 +1,20 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Archon } from '../types'
+
+export class ArchonNodesInternalModule extends AbstractModule {
+	public getModuleID(): string {
+		return 'archon_nodes_internal'
+	}
+
+	/**
+	 * Get node hostnames and region summary for admin tooling.
+	 * GET /_internal/nodes/overview
+	 */
+	public async overview(): Promise<Archon.Nodes.Internal.Overview> {
+		return this.client.request<Archon.Nodes.Internal.Overview>('/nodes/overview', {
+			api: 'archon',
+			version: 'internal',
+			method: 'GET',
+		})
+	}
+}
diff --git a/packages/api-client/src/modules/archon/notices/v0.ts b/packages/api-client/src/modules/archon/notices/v0.ts
new file mode 100644
index 0000000000..a6e76b0277
--- /dev/null
+++ b/packages/api-client/src/modules/archon/notices/v0.ts
@@ -0,0 +1,98 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Archon } from '../types'
+
+export class ArchonNoticesV0Module extends AbstractModule {
+	public getModuleID(): string {
+		return 'archon_notices_v0'
+	}
+
+	/**
+	 * Get all server notices.
+	 * GET /modrinth/v0/notices
+	 */
+	public async list(): Promise<Archon.Notices.v0.ListedNotice[]> {
+		return this.client.request<Archon.Notices.v0.ListedNotice[]>('/notices', {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'GET',
+		})
+	}
+
+	/**
+	 * Create a server notice.
+	 * POST /modrinth/v0/notices
+	 */
+	public async create(
+		request: Archon.Notices.v0.Announce,
+	): Promise<Archon.Notices.v0.PostNoticeResponseBody> {
+		return this.client.request<Archon.Notices.v0.PostNoticeResponseBody>('/notices', {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'POST',
+			body: request,
+		})
+	}
+
+	/**
+	 * Update a server notice.
+	 * PATCH /modrinth/v0/notices/:id
+	 */
+	public async update(id: number, request: Archon.Notices.v0.AnnouncePatch): Promise<void> {
+		await this.client.request(`/notices/${id}`, {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'PATCH',
+			body: request,
+		})
+	}
+
+	/**
+	 * Delete a server notice.
+	 * DELETE /modrinth/v0/notices/:id
+	 */
+	public async delete(id: number): Promise<void> {
+		await this.client.request(`/notices/${id}`, {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'DELETE',
+		})
+	}
+
+	/**
+	 * Assign a notice to a server or node.
+	 * PUT /modrinth/v0/notices/:id/assign?server=:serverId
+	 * PUT /modrinth/v0/notices/:id/assign?node=:nodeId
+	 */
+	public async assign(id: number, target: Archon.Notices.v0.AssignmentTarget): Promise<void> {
+		await this.client.request(`/notices/${id}/assign`, {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'PUT',
+			params: this.assignmentTargetToParams(target),
+		})
+	}
+
+	/**
+	 * Unassign a notice from a server or node.
+	 * PUT /modrinth/v0/notices/:id/unassign?server=:serverId
+	 * PUT /modrinth/v0/notices/:id/unassign?node=:nodeId
+	 */
+	public async unassign(id: number, target: Archon.Notices.v0.AssignmentTarget): Promise<void> {
+		await this.client.request(`/notices/${id}/unassign`, {
+			api: 'archon',
+			version: 'modrinth/v0',
+			method: 'PUT',
+			params: this.assignmentTargetToParams(target),
+		})
+	}
+
+	private assignmentTargetToParams(
+		target: Archon.Notices.v0.AssignmentTarget,
+	): Record<string, string> {
+		if ('server' in target) {
+			return { server: target.server }
+		}
+
+		return { node: target.node }
+	}
+}
diff --git a/packages/api-client/src/modules/archon/server-users/v1.ts b/packages/api-client/src/modules/archon/server-users/v1.ts
new file mode 100644
index 0000000000..658c9fca17
--- /dev/null
+++ b/packages/api-client/src/modules/archon/server-users/v1.ts
@@ -0,0 +1,65 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Archon } from '../types'
+
+export class ArchonServerUsersV1Module extends AbstractModule {
+	public getModuleID(): string {
+		return 'archon_server_users_v1'
+	}
+
+	/**
+	 * Get list of users with access to a server
+	 * GET /v1/servers/:server_id/users
+	 */
+	public async list(serverId: string): Promise<Archon.ServerUsers.v1.ServerUser[]> {
+		return this.client.request<Archon.ServerUsers.v1.ServerUser[]>(`/servers/${serverId}/users`, {
+			api: 'archon',
+			version: 1,
+			method: 'GET',
+		})
+	}
+
+	/**
+	 * Add a user to a server
+	 * POST /v1/servers/:server_id/users
+	 */
+	public async add(
+		serverId: string,
+		user: Archon.ServerUsers.v1.AddServerUserRequest,
+	): Promise<void> {
+		await this.client.request(`/servers/${serverId}/users`, {
+			api: 'archon',
+			version: 1,
+			method: 'POST',
+			body: user,
+		})
+	}
+
+	/**
+	 * Remove a user from a server
+	 * DELETE /v1/servers/:server_id/users/:user_id
+	 */
+	public async delete(serverId: string, userId: string): Promise<void> {
+		await this.client.request(`/servers/${serverId}/users/${userId}`, {
+			api: 'archon',
+			version: 1,
+			method: 'DELETE',
+		})
+	}
+
+	/**
+	 * Update a user's server role
+	 * PATCH /v1/servers/:server_id/users/:user_id
+	 */
+	public async update(
+		serverId: string,
+		userId: string,
+		role: Archon.ServerUsers.v1.AssignableServerUserRole,
+	): Promise<void> {
+		await this.client.request(`/servers/${serverId}/users/${userId}`, {
+			api: 'archon',
+			version: 1,
+			method: 'PATCH',
+			body: JSON.stringify(role),
+		})
+	}
+}
diff --git a/packages/api-client/src/modules/archon/transfers/internal.ts b/packages/api-client/src/modules/archon/transfers/internal.ts
new file mode 100644
index 0000000000..ccbedaffd8
--- /dev/null
+++ b/packages/api-client/src/modules/archon/transfers/internal.ts
@@ -0,0 +1,84 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Archon } from '../types'
+
+export class ArchonTransfersInternalModule extends AbstractModule {
+	public getModuleID(): string {
+		return 'archon_transfers_internal'
+	}
+
+	/**
+	 * Schedule transfers for specific servers.
+	 * POST /_internal/transfers/schedule/servers
+	 */
+	public async scheduleServers(
+		request: Archon.Transfers.Internal.ScheduleServerTransfersRequest,
+	): Promise<Archon.Transfers.Internal.ScheduleTransfersResponse> {
+		return this.client.request<Archon.Transfers.Internal.ScheduleTransfersResponse>(
+			'/transfers/schedule/servers',
+			{
+				api: 'archon',
+				version: 'internal',
+				method: 'POST',
+				body: request,
+			},
+		)
+	}
+
+	/**
+	 * Schedule transfers for all servers on specific nodes.
+	 * POST /_internal/transfers/schedule/nodes
+	 */
+	public async scheduleNodes(
+		request: Archon.Transfers.Internal.ScheduleNodeTransfersRequest,
+	): Promise<Archon.Transfers.Internal.ScheduleTransfersResponse> {
+		return this.client.request<Archon.Transfers.Internal.ScheduleTransfersResponse>(
+			'/transfers/schedule/nodes',
+			{
+				api: 'archon',
+				version: 'internal',
+				method: 'POST',
+				body: request,
+			},
+		)
+	}
+
+	/**
+	 * Get transfer batch history.
+	 * GET /_internal/transfers/history
+	 */
+	public async history(
+		options?: Archon.Transfers.Internal.TransferHistoryQuery,
+	): Promise<Archon.Transfers.Internal.TransferHistoryResponse> {
+		const params: Record<string, number> = {}
+		if (options?.page !== undefined) params.page = options.page
+		if (options?.page_size !== undefined) params.page_size = options.page_size
+
+		return this.client.request<Archon.Transfers.Internal.TransferHistoryResponse>(
+			'/transfers/history',
+			{
+				api: 'archon',
+				version: 'internal',
+				method: 'GET',
+				params,
+			},
+		)
+	}
+
+	/**
+	 * Cancel pending transfer batches.
+	 * POST /_internal/transfers/cancel
+	 */
+	public async cancel(
+		request: Archon.Transfers.Internal.CancelTransfersRequest,
+	): Promise<Archon.Transfers.Internal.CancelTransfersResponse> {
+		return this.client.request<Archon.Transfers.Internal.CancelTransfersResponse>(
+			'/transfers/cancel',
+			{
+				api: 'archon',
+				version: 'internal',
+				method: 'POST',
+				body: request,
+			},
+		)
+	}
+}
diff --git a/packages/api-client/src/modules/archon/types.ts b/packages/api-client/src/modules/archon/types.ts
index b348cbe7c8..1f541495af 100644
--- a/packages/api-client/src/modules/archon/types.ts
+++ b/packages/api-client/src/modules/archon/types.ts
@@ -1,6 +1,287 @@
 import type { Labrinth } from '../labrinth/types'
 
 export namespace Archon {
+	export namespace Nodes {
+		export namespace Internal {
+			export type Node = {
+				id: string
+				hostname: string
+				region: string
+				created_at: string | null
+				locked: boolean
+			}
+
+			export type Server = {
+				id: string
+				available: boolean
+			}
+
+			export type NodeFull = Node & {
+				servers: Server[]
+			}
+
+			export type Overview = {
+				node_hostnames: string[]
+				regions: Region[]
+				total_servers_active: number
+			}
+
+			export type Region = {
+				display_name: string
+				country_code: string
+				key: string
+				server_count: number
+				node_count: number
+			}
+
+			export type RegionWithStatistics = {
+				region: Region
+				active_servers: string[]
+			}
+		}
+	}
+
+	export namespace Notices {
+		export namespace v0 {
+			export type Notice = {
+				id: number
+				dismissable: boolean
+				title: string | null
+				message: string
+				level: string
+				announced: string
+			}
+
+			export type ListedNotice = {
+				id: number
+				dismissable: boolean
+				message: string
+				title: string | null
+				level: string
+				announce_at: string
+				expires: string | null
+				assigned: Assignment[]
+				dismissed_by: Dismisser[]
+			}
+
+			export type Dismisser = {
+				server: string
+				dismissed_on: string
+			}
+
+			export type Assignment = {
+				kind: string
+				id: string
+				name: string
+			}
+
+			export type AssignmentTarget = { server: string } | { node: string }
+
+			export type Announce = {
+				message: string
+				title?: string | null
+				level: string
+				dismissable: boolean
+				announce_at: string
+				expires?: string | null
+			}
+
+			export type AnnouncePatch = {
+				message?: string
+				title?: string | null
+				level?: string
+				dismissable?: boolean
+				announce_at?: string
+				expires?: string | null
+			}
+
+			export type PostNoticeResponseBody = {
+				id: number
+			}
+		}
+	}
+
+	export namespace Actions {
+		export namespace v1 {
+			export type SortOrder = 'asc' | 'desc'
+
+			export type ActionName =
+				| 'server_created'
+				| 'changed_server_name'
+				| 'changed_server_subdomain'
+				| 'server_reallocated'
+				| 'server_plan_changed'
+				| 'user_invited'
+				| 'user_invite_revoked'
+				| 'user_permission_modified'
+				| 'user_removed'
+				| 'addon_added'
+				| 'addon_uploaded'
+				| 'addon_disabled'
+				| 'addon_enabled'
+				| 'addon_deleted'
+				| 'addon_updated'
+				| 'modpack_changed'
+				| 'modpack_unlinked'
+				| 'server_repaired'
+				| 'server_reset'
+				| 'server_started'
+				| 'server_stopped'
+				| 'server_restarted'
+				| 'server_killed'
+				| 'port_allocation_added'
+				| 'port_allocation_removed'
+				| 'loader_version_edited'
+				| 'game_version_edited'
+				| 'server_properties_modified'
+				| 'file_uploaded'
+				| 'file_deleted'
+				| 'file_renamed'
+				| 'file_edited'
+				| 'sftp_login'
+				| 'console_command_executed'
+				| 'console_cleared'
+				| 'backup_created'
+				| 'backup_renamed'
+				| 'backup_restored'
+				| 'backup_deleted'
+				| 'startup_command_modified'
+				| 'java_runtime_modified'
+				| 'java_version_modified'
+
+			export type Action = {
+				action: ActionName | string
+				metadata?: unknown
+			}
+
+			export type UserPermissionsActionMetadata = {
+				user_id: string
+				permissions?: ServerUsers.v1.UserScope | null
+			}
+
+			export type ActionUser =
+				| {
+						type: 'user'
+						user_id: string
+				  }
+				| {
+						type: 'support'
+						user_id?: string | null
+				  }
+
+			export type ActionEntry = {
+				actor: ActionUser
+				action: Action
+				server_id: string
+				world_id?: string | null
+				timestamp: string
+			}
+
+			export type UserResp = {
+				username: string
+				avatar_url?: string | null
+			}
+
+			export type AddonResp = {
+				title: string
+				slug?: string | null
+				icon_url?: string | null
+				version?: string | null
+			}
+
+			export type VersionResp = {
+				name: string
+				version_number?: string | null
+			}
+
+			export type ActionLogResponse = {
+				next_offset?: number | null
+				data: ActionEntry[]
+				users: Record<string, UserResp>
+				addons: Record<string, AddonResp>
+				versions: Record<string, VersionResp>
+			}
+
+			export type ActionLogFilter = {
+				users?: string[]
+				worlds?: Array<string | null>
+				actions?: ActionName[]
+			}
+
+			export type ListActionLogOptions = {
+				filter?: ActionLogFilter
+				limit?: number
+				offset?: number
+				order?: SortOrder
+				min_datetime?: string
+				max_datetime?: string
+			}
+		}
+	}
+
+	export namespace Transfers {
+		export namespace Internal {
+			export type ProvisionOptions = {
+				region?: string | null
+				node_tags: string[]
+			}
+
+			export type ScheduleServerTransfersRequest = {
+				server_ids: string[]
+				scheduled_at?: string | null
+				target_region?: string | null
+				node_tags?: string[]
+				reason?: string | null
+			}
+
+			export type ScheduleNodeTransfersRequest = {
+				node_hostnames: string[]
+				scheduled_at?: string | null
+				target_region?: string | null
+				node_tags?: string[]
+				reason?: string | null
+				cordon_nodes?: boolean
+				tag_nodes?: string | null
+			}
+
+			export type ScheduleTransfersResponse = {
+				batch_id: number
+				scheduled_count: number
+			}
+
+			export type CancelTransfersRequest = {
+				batch_ids: number[]
+			}
+
+			export type CancelTransfersResponse = {
+				cancelled_count: number
+			}
+
+			export type TransferLogBatchEntry = {
+				id: number
+				created_by: string
+				created_at: string
+				reason?: string | null
+				scheduled_at: string
+				cancelled: boolean
+				log_count: number
+				provision_options: ProvisionOptions
+			}
+
+			export type TransferHistoryQuery = {
+				page?: number
+				page_size?: number
+			}
+
+			export type TransferHistoryResponse = {
+				batches: TransferLogBatchEntry[]
+				total: number
+				page: number
+				page_size: number
+			}
+		}
+	}
+
 	export namespace Content {
 		export namespace v1 {
 			export type AddonKind = 'mod' | 'plugin' | 'datapack' | 'shader' | 'resourcepack'
@@ -222,11 +503,58 @@ export namespace Archon {
 		}
 	}
 
+	export namespace ServerUsers {
+		export namespace v1 {
+			export type ServerUserRole = 'Owner' | 'Editor' | 'Viewer' | 'Unknown'
+
+			export type AssignableServerUserRole = Exclude<ServerUserRole, 'Owner' | 'Unknown'>
+
+			export const UserScope = {
+				NONE: '',
+				SERVER_ADMIN: 'SERVER_ADMIN',
+				BASE_READ: 'BASE_READ',
+				POWER_ACTIONS: 'POWER_ACTIONS',
+				FILES_WRITE: 'FILES_WRITE',
+				SETUP: 'SETUP',
+				BACKUPS: 'BACKUPS',
+				ADVANCED: 'ADVANCED',
+				RESET_SERVER: 'RESET_SERVER',
+				MANAGE_USERS: 'MANAGE_USERS',
+				SUPPORT_AGENT: 'SUPPORT_AGENT',
+				INFRA_MANAGER: 'INFRA_MANAGER',
+				INFRA_MANAGER_READ: 'INFRA_MANAGER_READ',
+				INFRA_SERVERS_XFER: 'INFRA_SERVERS_XFER',
+			} as const
+
+			export type UserScope = string | number
+
+			export type UserResp = {
+				id: string
+				username: string
+				avatar_url?: string | null
+			}
+
+			export type ServerUser = {
+				user: UserResp
+				added_on?: string | null
+				permissions: UserScope
+			}
+
+			export type AddServerUserRequest = {
+				server_id?: string | null
+				user_id: string
+				added_on?: string | null
+				role: ServerUserRole
+			}
+		}
+	}
+
 	export namespace Servers {
 		export namespace v0 {
 			export type ServerGetResponse = {
 				servers: Server[]
 				pagination: Pagination
+				users: Record<string, ServerOwner>
 			}
 
 			export type Pagination = {
@@ -236,6 +564,12 @@ export namespace Archon {
 				total_items: number
 			}
 
+			export type ServerOwner = {
+				id: string
+				username: string
+				avatar_url?: string | null
+			}
+
 			export type Status = 'installing' | 'broken' | 'available' | 'suspended'
 
 			export type SuspensionReason =
@@ -281,12 +615,15 @@ export namespace Archon {
 				node: NodeInfo | null
 				flows: Flows
 				is_medal: boolean
+				current_user_permissions: UserScope
 
 				medal_expires?: string
 			}
 
+			export type UserScope = number
+
 			export type Net = {
-				ip: string
+				ip: string | null
 				port: number
 				domain: string
 			}
@@ -422,9 +759,9 @@ export namespace Archon {
 				modloader: string
 				modloader_version: string
 				game_version: string
-				java_version: number
-				invocation: string
-				original_invocation: string
+				java_version: number | null
+				invocation: string | null
+				original_invocation: string | null
 			}
 
 			export type Region = {
@@ -555,6 +892,106 @@ export namespace Archon {
 		}
 	}
 
+	export namespace Sync {
+		export namespace v1 {
+			export type SyncCategory = 'backup' | 'users' | 'server' | 'protocol' | 'world'
+			export type SyncIntent = 'all' | SyncCategory | SyncCategory[]
+			export type BackupOperationStatus = 'completed' | 'cancelled' | 'failed' | 'timed-out'
+			export type ServerNetworkPort = { port: number; name: string }
+
+			export type ProtocolResetEvent = { type: 'protocol.reset' }
+			export type ProtocolInvalidEvent = { type: 'protocol.invalid' }
+			export type ProtocolErrorEvent = { type: 'protocol.error'; error: string }
+
+			export type BackupNewEvent = { type: 'backup.new'; id: string }
+			export type BackupPatchEvent = {
+				type: 'backup.patch'
+				world_id: string
+				backup_id: string
+				name: string
+			}
+			export type BackupDeleteEvent = {
+				type: 'backup.delete'
+				world_id: string
+				backup_id: string
+			}
+			export type BackupOperationStartEvent = {
+				type:
+					| 'backup.operation.create.init'
+					| 'backup.operation.create.start'
+					| 'backup.operation.restore.init'
+					| 'backup.operation.restore.start'
+				world_id: string
+				backup_id: string
+				operation_id: number
+			}
+			export type BackupOperationDoneEvent = {
+				type: 'backup.operation.create.done' | 'backup.operation.restore.done'
+				world_id: string
+				backup_id: string
+				operation_id: number
+				status: BackupOperationStatus
+			}
+
+			export type ServerPatchEvent = {
+				type: 'server.patch'
+				name: string
+				subdomain: string
+			}
+			export type ServerNetworkPatchEvent = {
+				type: 'server.network.patch'
+				ports: ServerNetworkPort[]
+			}
+			export type ServerTransferEvent = {
+				type: 'server.transfer.start' | 'server.transfer.done'
+				target_node: string
+			}
+
+			export type UsersPatchEvent = { type: 'users.patch' }
+
+			export type WorldPatchEvent = {
+				type: 'world.patch'
+				world_id: string
+				name: string
+			}
+			export type WorldStartupPatchEvent = {
+				type: 'world.startup.patch'
+				world_id: string
+				java_version: number | null
+				invocation: string | null
+				original_invocation: string | null
+			}
+			export type WorldContentAddonPatchEvent = {
+				type: 'world.content.addon.patch'
+				world_id: string
+				specs: Archon.Content.v1.Addon[]
+			}
+			export type WorldContentBaseUpdateEvent = {
+				type: 'world.content.base.update'
+				world_id: string
+				spec: Archon.Content.v1.Addons
+			}
+
+			export type SyncEvent =
+				| ProtocolResetEvent
+				| ProtocolInvalidEvent
+				| ProtocolErrorEvent
+				| BackupNewEvent
+				| BackupPatchEvent
+				| BackupDeleteEvent
+				| BackupOperationStartEvent
+				| BackupOperationDoneEvent
+				| ServerPatchEvent
+				| ServerNetworkPatchEvent
+				| ServerTransferEvent
+				| UsersPatchEvent
+				| WorldPatchEvent
+				| WorldStartupPatchEvent
+				| WorldContentAddonPatchEvent
+				| WorldContentBaseUpdateEvent
+		}
+	}
+
 	export namespace Websocket {
 		export namespace v0 {
 			export type WSAuth = {
diff --git a/packages/api-client/src/modules/index.ts b/packages/api-client/src/modules/index.ts
index 8416796348..6a2e6a703e 100644
--- a/packages/api-client/src/modules/index.ts
+++ b/packages/api-client/src/modules/index.ts
@@ -1,12 +1,17 @@
 import type { AbstractModrinthClient } from '../core/abstract-client'
 import type { AbstractModule } from '../core/abstract-module'
+import { ArchonActionsV1Module } from './archon/actions/v1'
 import { ArchonBackupsV1Module } from './archon/backups/v1'
 import { ArchonBackupsQueueV1Module } from './archon/backups-queue/v1'
 import { ArchonContentV1Module } from './archon/content/v1'
+import { ArchonNodesInternalModule } from './archon/nodes/internal'
+import { ArchonNoticesV0Module } from './archon/notices/v0'
 import { ArchonOptionsV1Module } from './archon/options/v1'
 import { ArchonPropertiesV1Module } from './archon/properties/v1'
+import { ArchonServerUsersV1Module } from './archon/server-users/v1'
 import { ArchonServersV0Module } from './archon/servers/v0'
 import { ArchonServersV1Module } from './archon/servers/v1'
+import { ArchonTransfersInternalModule } from './archon/transfers/internal'
 import { ISO3166Module } from './iso3166'
 import { KyrosContentV1Module } from './kyros/content/v1'
 import { KyrosFilesV0Module } from './kyros/files/v0'
@@ -15,13 +20,16 @@ import { KyrosUploadSessionsV1Module } from './kyros/upload-sessions/v1'
 import { LabrinthVersionsV2Module, LabrinthVersionsV3Module } from './labrinth'
 import { LabrinthAffiliateInternalModule } from './labrinth/affiliate/internal'
 import { LabrinthAnalyticsV3Module } from './labrinth/analytics/v3'
+import { LabrinthAttributionInternalModule } from './labrinth/attribution/internal'
 import { LabrinthAuthInternalModule } from './labrinth/auth/internal'
 import { LabrinthAuthV2Module } from './labrinth/auth/v2'
 import { LabrinthBillingInternalModule } from './labrinth/billing/internal'
 import { LabrinthCampaignInternalModule } from './labrinth/campaign/internal'
 import { LabrinthCollectionsModule } from './labrinth/collections'
 import { LabrinthExternalProjectsInternalModule } from './labrinth/external-projects/internal'
+import { LabrinthFriendsV3Module } from './labrinth/friends/v3'
 import { LabrinthGlobalsInternalModule } from './labrinth/globals/internal'
+import { LabrinthImagesV3Module } from './labrinth/images/v3'
 import { LabrinthLimitsV3Module } from './labrinth/limits/v3'
 import { LabrinthModerationInternalModule } from './labrinth/moderation/internal'
 import { LabrinthNotificationsV2Module } from './labrinth/notifications/v2'
@@ -61,13 +69,18 @@ type ModuleConstructor = new (client: AbstractModrinthClient) => AbstractModule
  * TODO: Better way? Probably not
  */
 export const MODULE_REGISTRY = {
+	archon_actions_v1: ArchonActionsV1Module,
 	archon_backups_queue_v1: ArchonBackupsQueueV1Module,
 	archon_backups_v1: ArchonBackupsV1Module,
 	archon_content_v1: ArchonContentV1Module,
+	archon_nodes_internal: ArchonNodesInternalModule,
+	archon_notices_v0: ArchonNoticesV0Module,
 	archon_options_v1: ArchonOptionsV1Module,
 	archon_properties_v1: ArchonPropertiesV1Module,
+	archon_server_users_v1: ArchonServerUsersV1Module,
 	archon_servers_v0: ArchonServersV0Module,
 	archon_servers_v1: ArchonServersV1Module,
+	archon_transfers_internal: ArchonTransfersInternalModule,
 	iso3166_data: ISO3166Module,
 	mclogs_insights_v1: MclogsInsightsV1Module,
 	mclogs_logs_v1: MclogsLogsV1Module,
@@ -80,11 +93,14 @@ export const MODULE_REGISTRY = {
 	labrinth_analytics_v3: LabrinthAnalyticsV3Module,
 	labrinth_auth_internal: LabrinthAuthInternalModule,
 	labrinth_auth_v2: LabrinthAuthV2Module,
+	labrinth_attribution_internal: LabrinthAttributionInternalModule,
 	labrinth_billing_internal: LabrinthBillingInternalModule,
 	labrinth_campaign_internal: LabrinthCampaignInternalModule,
 	labrinth_collections: LabrinthCollectionsModule,
 	labrinth_external_projects_internal: LabrinthExternalProjectsInternalModule,
+	labrinth_friends_v3: LabrinthFriendsV3Module,
 	labrinth_globals_internal: LabrinthGlobalsInternalModule,
+	labrinth_images_v3: LabrinthImagesV3Module,
 	labrinth_moderation_internal: LabrinthModerationInternalModule,
 	labrinth_notifications_v2: LabrinthNotificationsV2Module,
 	labrinth_oauth_internal: LabrinthOAuthInternalModule,
diff --git a/packages/api-client/src/modules/labrinth/attribution/internal.ts b/packages/api-client/src/modules/labrinth/attribution/internal.ts
new file mode 100644
index 0000000000..36773c77e1
--- /dev/null
+++ b/packages/api-client/src/modules/labrinth/attribution/internal.ts
@@ -0,0 +1,103 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Labrinth } from '../types'
+
+const BASE62_CHARS = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+
+/**
+ * Decode a base62-encoded ID string into a number.
+ * The backend serializes attribution group IDs as base62 strings in responses,
+ * but the assign/update endpoints expect raw integer IDs in their request payloads.
+ */
+function decodeBase62Id(id: string): number {
+	let value = 0
+	for (const char of id) {
+		const digit = BASE62_CHARS.indexOf(char)
+		if (digit < 0) {
+			throw new Error(`Invalid base62 character "${char}" in id "${id}"`)
+		}
+		value = value * 62 + digit
+		if (!Number.isSafeInteger(value)) {
+			throw new Error(`Base62 id "${id}" exceeds safe integer range`)
+		}
+	}
+	return value
+}
+
+export class LabrinthAttributionInternalModule extends AbstractModule {
+	public getModuleID(): string {
+		return 'labrinth_attribution_internal'
+	}
+
+	/**
+	 * List attribution groups for a project
+	 * GET /_internal/attribution/{project_id}
+	 */
+	public async listProjectAttribution(
+		projectId: string,
+	): Promise<Labrinth.Attribution.Internal.AttributionGroup[]> {
+		return this.client.request<Labrinth.Attribution.Internal.AttributionGroup[]>(
+			`/attribution/${projectId}`,
+			{
+				api: 'labrinth',
+				version: 'internal',
+				method: 'GET',
+			},
+		)
+	}
+
+	/**
+	 * Update an attribution group's attribution payload.
+	 * PATCH /_internal/attribution/group/{group_id}
+	 *
+	 * @param groupId - The base62 attribution group id (as returned from listProjectAttribution).
+	 */
+	public async updateGroup(
+		groupId: string,
+		body: Labrinth.Attribution.Internal.UpdateGroupRequest,
+	): Promise<void> {
+		const numericId = decodeBase62Id(groupId)
+		return this.client.request<void>(`/attribution/group/${numericId}`, {
+			api: 'labrinth',
+			version: 'internal',
+			method: 'PATCH',
+			body,
+		})
+	}
+
+	/**
+	 * Reassign a file (by sha1) to another attribution group within the same project.
+	 * POST /_internal/attribution/assign
+	 *
+	 * @param body.target_group_id - The base62 id of the attribution group to assign the file to.
+	 */
+	public async assignFileToGroup(body: {
+		sha1: string
+		target_group_id: string
+		project_id: string
+	}): Promise<void> {
+		const wireBody: Labrinth.Attribution.Internal.AssignRequest = {
+			sha1: body.sha1,
+			target_group_id: decodeBase62Id(body.target_group_id),
+			project_id: body.project_id,
+		}
+		return this.client.request<void>('/attribution/assign', {
+			api: 'labrinth',
+			version: 'internal',
+			method: 'POST',
+			body: wireBody,
+		})
+	}
+
+	/**
+	 * Split a file (by sha1) out of its current attribution group into a new group.
+	 * POST /_internal/attribution/split
+	 */
+	public async splitFile(body: Labrinth.Attribution.Internal.SplitRequest): Promise<void> {
+		return this.client.request<void>('/attribution/split', {
+			api: 'labrinth',
+			version: 'internal',
+			method: 'POST',
+			body,
+		})
+	}
+}
diff --git a/packages/api-client/src/modules/labrinth/external-projects/internal.ts b/packages/api-client/src/modules/labrinth/external-projects/internal.ts
index 4d0e278a02..47b1641156 100644
--- a/packages/api-client/src/modules/labrinth/external-projects/internal.ts
+++ b/packages/api-client/src/modules/labrinth/external-projects/internal.ts
@@ -47,4 +47,33 @@ export class LabrinthExternalProjectsInternalModule extends AbstractModule {
 			},
 		)
 	}
+
+	// TODO: Backend routes don't exist yet
+	public async create(
+		data: Labrinth.ExternalProjects.Internal.CreateExternalLicenseRequest,
+	): Promise<Labrinth.ExternalProjects.Internal.ExternalProject> {
+		return this.client.request<Labrinth.ExternalProjects.Internal.ExternalProject>(
+			'/moderation/external-license',
+			{
+				api: 'labrinth',
+				version: 'internal',
+				method: 'POST',
+				body: data,
+			},
+		)
+	}
+
+	public async addFile(
+		data: Labrinth.ExternalProjects.Internal.AddFileRequest,
+	): Promise<Labrinth.ExternalProjects.Internal.ExternalProject> {
+		return this.client.request<Labrinth.ExternalProjects.Internal.ExternalProject>(
+			'/moderation/external-license/file',
+			{
+				api: 'labrinth',
+				version: 'internal',
+				method: 'POST',
+				body: data,
+			},
+		)
+	}
 }
diff --git a/packages/api-client/src/modules/labrinth/friends/v3.ts b/packages/api-client/src/modules/labrinth/friends/v3.ts
new file mode 100644
index 0000000000..d946880dc5
--- /dev/null
+++ b/packages/api-client/src/modules/labrinth/friends/v3.ts
@@ -0,0 +1,47 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { Labrinth } from '../types'
+
+export class LabrinthFriendsV3Module extends AbstractModule {
+	public getModuleID(): string {
+		return 'labrinth_friends_v3'
+	}
+
+	/**
+	 * Get friends and pending friend requests for the authenticated user
+	 *
+	 * @returns Promise resolving to friend relationships
+	 */
+	public async list(): Promise<Labrinth.Friends.v3.UserFriend[]> {
+		return this.client.request<Labrinth.Friends.v3.UserFriend[]>('/friends', {
+			api: 'labrinth',
+			version: 3,
+			method: 'GET',
+		})
+	}
+
+	/**
+	 * Send or accept a friend request
+	 *
+	 * @param idOrUsername - The target user's ID or username
+	 */
+	public async add(idOrUsername: string): Promise<void> {
+		return this.client.request(`/friend/${encodeURIComponent(idOrUsername)}`, {
+			api: 'labrinth',
+			version: 3,
+			method: 'POST',
+		})
+	}
+
+	/**
+	 * Remove a friend or pending friend request
+	 *
+	 * @param idOrUsername - The target user's ID or username
+	 */
+	public async remove(idOrUsername: string): Promise<void> {
+		return this.client.request(`/friend/${encodeURIComponent(idOrUsername)}`, {
+			api: 'labrinth',
+			version: 3,
+			method: 'DELETE',
+		})
+	}
+}
diff --git a/packages/api-client/src/modules/labrinth/images/v3.ts b/packages/api-client/src/modules/labrinth/images/v3.ts
new file mode 100644
index 0000000000..7613f0debd
--- /dev/null
+++ b/packages/api-client/src/modules/labrinth/images/v3.ts
@@ -0,0 +1,47 @@
+import { AbstractModule } from '../../../core/abstract-module'
+import type { UploadHandle } from '../../../types/upload'
+import type { Labrinth } from '../types'
+
+function buildImageQueryParams(
+	ext: Labrinth.Images.v3.ImageExtension,
+	target: Labrinth.Images.v3.UploadImageParams,
+): Record<string, string> {
+	const params: Record<string, string> = {
+		ext,
+		context: target.context,
+	}
+	switch (target.context) {
+		case 'project':
+			params.project_id = target.project_id
+			break
+		case 'version':
+			params.version_id = target.version_id
+			break
+		case 'thread_message':
+			params.thread_message_id = target.thread_message_id
+			break
+		case 'report':
+			params.report_id = target.report_id
+			break
+	}
+	return params
+}
+
+export class LabrinthImagesV3Module extends AbstractModule {
+	public getModuleID(): string {
+		return 'labrinth_images_v3'
+	}
+
+	public uploadImage(
+		file: File | Blob,
+		ext: Labrinth.Images.v3.ImageExtension,
+		target: Labrinth.Images.v3.UploadImageParams,
+	): UploadHandle<Labrinth.Images.v3.UploadedImage> {
+		return this.client.upload<Labrinth.Images.v3.UploadedImage>('/image', {
+			api: 'labrinth',
+			version: 3,
+			file,
+			params: buildImageQueryParams(ext, target),
+		})
+	}
+}
diff --git a/packages/api-client/src/modules/labrinth/index.ts b/packages/api-client/src/modules/labrinth/index.ts
index 487329fe0e..0c698b1cc3 100644
--- a/packages/api-client/src/modules/labrinth/index.ts
+++ b/packages/api-client/src/modules/labrinth/index.ts
@@ -1,10 +1,13 @@
 export * from './analytics/v3'
+export * from './attribution/internal'
 export * from './auth/internal'
 export * from './auth/v2'
 export * from './billing/internal'
 export * from './collections'
 export * from './external-projects/internal'
+export * from './friends/v3'
 export * from './globals/internal'
+export * from './images/v3'
 export * from './limits/v3'
 export * from './moderation/internal'
 export * from './notifications/v2'
diff --git a/packages/api-client/src/modules/labrinth/types.ts b/packages/api-client/src/modules/labrinth/types.ts
index ab79ac6f17..667f54ec47 100644
--- a/packages/api-client/src/modules/labrinth/types.ts
+++ b/packages/api-client/src/modules/labrinth/types.ts
@@ -249,6 +249,141 @@ export namespace Labrinth {
 		}
 	}
 
+	export namespace Attribution {
+		export namespace Internal {
+			export type AttributionPermissionKind =
+				| 'license'
+				| 'my_project'
+				| 'special_permissions'
+				| 'globally_allowed'
+				| 'no_permission'
+			export type AttributionResolutionKind = AttributionPermissionKind
+
+			export type AttributionLicense = string | { name: string }
+
+			export type AttributionModerationStatusKind = 'not_allowed' | 'approved' | 'bad_proof'
+
+			export type AttributionModerationStatus = {
+				kind: AttributionModerationStatusKind
+				reason: string
+			}
+
+			export type AttributionResolutionBase = {
+				notes: string
+				image_urls: string[]
+				moderation_status?: AttributionModerationStatus | null
+			}
+
+			export type AttributionResolution =
+				| (AttributionResolutionBase & {
+						kind: 'license'
+						license: AttributionLicense
+						link_to_work: string
+				  })
+				| (AttributionResolutionBase & {
+						kind: 'my_project'
+						license: AttributionLicense
+				  })
+				| (AttributionResolutionBase & {
+						kind: 'special_permissions'
+						link_to_work: string
+				  })
+				| (AttributionResolutionBase & {
+						kind: 'globally_allowed'
+						link_to_work: string
+				  })
+				| (AttributionResolutionBase & {
+						kind: 'no_permission'
+						link_to_work?: string
+				  })
+
+			export type FlameProject = {
+				id: number
+				title: string
+				url: string
+				icon_url: string
+			}
+
+			export type AttributionFile = {
+				name: string
+				sha1: string
+				versions: string[]
+				moderation_external_license_id?: number
+				moderation_external_license?: ExternalProjects.Internal.ExternalProject
+			}
+
+			export type AttributionVersionInfo = {
+				id: string
+				name: string
+				version_number: string
+				date_created: string
+			}
+
+			export type AttributionGroup = {
+				id: string
+				flame_project: FlameProject | null
+				attribution: AttributionResolution | null
+				attributed_at: string | null
+				attributed_by: string | null
+				files: AttributionFile[]
+				versions: AttributionVersionInfo[]
+			}
+
+			export type UpdateGroupRequest = {
+				attribution: AttributionResolution
+			}
+
+			export type AssignRequest = {
+				sha1: string
+				target_group_id: number
+				project_id: string
+			}
+
+			export type SplitRequest = {
+				sha1: string
+				project_id: string
+			}
+		}
+	}
+
+	export namespace Images {
+		export namespace v3 {
+			/** Extensions accepted by POST /v3/image (Labrinth image pipeline). */
+			export type ImageExtension = 'bmp' | 'gif' | 'jpeg' | 'jpg' | 'png' | 'webp'
+
+			/** `context` query values accepted by POST /v3/image. */
+			export type ImageUploadContext = 'project' | 'version' | 'thread_message' | 'report'
+
+			export type UploadedImage = {
+				id: string
+				url: string
+				size: number
+				created: string
+				owner_id: string
+			} & (
+				| { context: 'project'; project_id: string }
+				| { context: 'version'; version_id: string }
+				| { context: 'thread_message'; thread_message_id: string }
+				| { context: 'report'; report_id: string }
+			)
+
+			export type UploadedImageFor<C extends ImageUploadContext> = Extract<
+				UploadedImage,
+				{ context: C }
+			>
+
+			/**
+			 * Target for POST /v3/image (per-context id query params, plus `context`).
+			 * `ext` is passed as a separate argument on the client module.
+			 */
+			export type UploadImageParams =
+				| { context: 'project'; project_id: string }
+				| { context: 'version'; version_id: string }
+				| { context: 'thread_message'; thread_message_id: string }
+				| { context: 'report'; report_id: string }
+		}
+	}
+
 	export namespace Analytics {
 		export namespace v3 {
 			export type AnalyticsEventId = number
@@ -1199,6 +1334,7 @@ export namespace Labrinth {
 				date_published: string
 				downloads: number
 				files: VersionFile[]
+				files_missing_attribution?: string[]
 				environment?: Labrinth.Projects.v3.Environment
 				mrpack_loaders?: string[]
 
@@ -1357,6 +1493,17 @@ export namespace Labrinth {
 		}
 	}
 
+	export namespace Friends {
+		export namespace v3 {
+			export type UserFriend = {
+				id: string
+				friend_id: string
+				accepted: boolean
+				created: string
+			}
+		}
+	}
+
 	export namespace ServerPing {
 		export namespace Internal {
 			export type MinecraftJavaPingRequest = {
@@ -1788,7 +1935,7 @@ export namespace Labrinth {
 				inserted_by: number | null
 				updated_at: string | null
 				updated_by: number | null
-				linked_files: LinkedFile[]
+				linked_files?: LinkedFile[]
 			}
 
 			export type SearchRequest = {
@@ -1804,6 +1951,20 @@ export namespace Labrinth {
 				proof?: string
 				flame_project_id?: number
 			}
+
+			export type CreateExternalLicenseRequest = {
+				title?: string
+				status: ExternalLicenseStatus
+				link?: string
+				proof?: string
+				flame_project_id?: number
+				files: LinkedFile[]
+			}
+
+			export type AddFileRequest = {
+				hashes: string[]
+				license_id: number
+			}
 		}
 	}
 
diff --git a/packages/api-client/src/platform/generic.ts b/packages/api-client/src/platform/generic.ts
index 4a939b6f7a..7ec63b6824 100644
--- a/packages/api-client/src/platform/generic.ts
+++ b/packages/api-client/src/platform/generic.ts
@@ -1,8 +1,10 @@
 import { $fetch, FetchError } from 'ofetch'
 
-import type { ModrinthApiError } from '../core/errors'
+import { ModrinthApiError } from '../core/errors'
 import type { ClientConfig } from '../types/client'
 import type { RequestOptions } from '../types/request'
+import { appendRequestParams, parseResponseErrorData, toFetchBody } from '../utils/fetch'
+import { GenericSyncClient } from './sync-generic'
 import { GenericWebSocketClient } from './websocket-generic'
 import { XHRUploadClient } from './xhr-upload-client'
 
@@ -34,6 +36,12 @@ export class GenericModrinthClient extends XHRUploadClient {
 			enumerable: true,
 			configurable: false,
 		})
+		Object.defineProperty(this.archon, 'sync', {
+			value: new GenericSyncClient(this),
+			writable: false,
+			enumerable: true,
+			configurable: false,
+		})
 	}
 
 	protected async executeRequest<T>(url: string, options: RequestOptions): Promise<T> {
@@ -54,6 +62,38 @@ export class GenericModrinthClient extends XHRUploadClient {
 		}
 	}
 
+	protected async executeStreamRequest(
+		url: string,
+		options: RequestOptions,
+	): Promise<ReadableStream<Uint8Array>> {
+		try {
+			const response = await fetch(appendRequestParams(url, options.params), {
+				method: options.method ?? 'GET',
+				headers: options.headers,
+				body: toFetchBody(options.body),
+				signal: options.signal,
+			})
+
+			if (!response.ok) {
+				throw this.createNormalizedError(
+					new Error(`HTTP ${response.status}: ${response.statusText}`),
+					response.status,
+					await parseResponseErrorData(response),
+				)
+			}
+
+			if (!response.body) {
+				throw new ModrinthApiError('Streaming response has no readable body', {
+					statusCode: response.status,
+				})
+			}
+
+			return response.body
+		} catch (error) {
+			throw this.normalizeError(error)
+		}
+	}
+
 	protected normalizeError(error: unknown): ModrinthApiError {
 		if (error instanceof FetchError) {
 			return this.createNormalizedError(error, error.response?.status, error.data)
diff --git a/packages/api-client/src/platform/nuxt.ts b/packages/api-client/src/platform/nuxt.ts
index ce0c456345..a5308535ba 100644
--- a/packages/api-client/src/platform/nuxt.ts
+++ b/packages/api-client/src/platform/nuxt.ts
@@ -5,6 +5,8 @@ import type { CircuitBreakerState, CircuitBreakerStorage } from '../features/cir
 import type { ClientConfig } from '../types/client'
 import type { RequestOptions } from '../types/request'
 import type { UploadHandle, UploadRequestOptions } from '../types/upload'
+import { appendRequestParams, parseResponseErrorData, toFetchBody } from '../utils/fetch'
+import { GenericSyncClient } from './sync-generic'
 import { GenericWebSocketClient } from './websocket-generic'
 import { XHRUploadClient } from './xhr-upload-client'
 
@@ -97,6 +99,12 @@ export class NuxtModrinthClient extends XHRUploadClient {
 			enumerable: true,
 			configurable: false,
 		})
+		Object.defineProperty(this.archon, 'sync', {
+			value: new GenericSyncClient(this),
+			writable: false,
+			enumerable: true,
+			configurable: false,
+		})
 	}
 
 	/**
@@ -167,6 +175,40 @@ export class NuxtModrinthClient extends XHRUploadClient {
 		}
 	}
 
+	protected async executeStreamRequest(
+		url: string,
+		options: RequestOptions,
+	): Promise<ReadableStream<Uint8Array>> {
+		try {
+			const response = await fetch(appendRequestParams(url, options.params), {
+				method: options.method ?? 'GET',
+				headers: options.headers,
+				body: toFetchBody(options.body),
+				signal: options.signal,
+				// @ts-expect-error - import.meta is provided by Nuxt
+				cache: import.meta.server ? undefined : 'no-store',
+			})
+
+			if (!response.ok) {
+				throw this.createNormalizedError(
+					new Error(`HTTP ${response.status}: ${response.statusText}`),
+					response.status,
+					await parseResponseErrorData(response),
+				)
+			}
+
+			if (!response.body) {
+				throw new ModrinthApiError('Streaming response has no readable body', {
+					statusCode: response.status,
+				})
+			}
+
+			return response.body
+		} catch (error) {
+			throw this.normalizeError(error)
+		}
+	}
+
 	protected normalizeError(error: unknown): ModrinthApiError {
 		if (error instanceof FetchError) {
 			return this.createNormalizedError(error, error.response?.status, error.data)
diff --git a/packages/api-client/src/platform/sync-generic.ts b/packages/api-client/src/platform/sync-generic.ts
new file mode 100644
index 0000000000..e43fbaf2da
--- /dev/null
+++ b/packages/api-client/src/platform/sync-generic.ts
@@ -0,0 +1,229 @@
+import mitt from 'mitt'
+
+import {
+	AbstractSyncClient,
+	type SyncConnection,
+	type SyncConnectOptions,
+	type SyncEmitterEvents,
+} from '../core/abstract-sync'
+import type { Archon } from '../modules/archon/types'
+import { type ParsedSseItem, parseSyncEventData, SseParser } from '../utils/sse'
+
+type StreamReadResult = 'closed' | 'protocol-reconnect'
+
+const DEFAULT_RETRY_DELAY = 1000
+const MAX_RECONNECT_DELAY = 30000
+const JITTER_MS = 1000
+
+export class GenericSyncClient extends AbstractSyncClient {
+	protected emitter = mitt<SyncEmitterEvents>()
+
+	async safeConnectServer(serverId: string, options: SyncConnectOptions = {}): Promise<void> {
+		const existing = this.connections.get(serverId)
+		if (existing && !options.force && !existing.stopped && existing.status !== 'disconnected') {
+			return
+		}
+
+		if (existing) {
+			this.closeConnection(serverId)
+		}
+
+		const connection: SyncConnection = {
+			serverId,
+			intent: options.intent ?? 'all',
+			reconnectAttempts: 0,
+			retryDelay: DEFAULT_RETRY_DELAY,
+			stopped: false,
+			status: 'idle',
+		}
+
+		this.connections.set(serverId, connection)
+		void this.runConnection(connection)
+	}
+
+	disconnect(serverId: string): void {
+		this.closeConnection(serverId)
+		this.clearListeners(serverId)
+	}
+
+	disconnectAll(): void {
+		for (const serverId of this.connections.keys()) {
+			this.disconnect(serverId)
+		}
+	}
+
+	private async runConnection(connection: SyncConnection): Promise<void> {
+		while (!connection.stopped) {
+			const hadConnected = connection.status === 'connected'
+			this.updateStatus(connection, hadConnected ? 'reconnecting' : 'connecting')
+
+			const controller = new AbortController()
+			connection.controller = controller
+
+			try {
+				const stream = await this.client.stream('/sync', {
+					api: 'archon',
+					version: 1,
+					method: 'GET',
+					params: {
+						scope: `server:${connection.serverId}`,
+						intent: this.intentToParam(connection.intent),
+					},
+					headers: connection.lastEventId
+						? {
+								'Last-Event-Id': connection.lastEventId,
+							}
+						: undefined,
+					signal: controller.signal,
+					retry: false,
+					circuitBreaker: false,
+				})
+
+				if (connection.stopped) return
+
+				connection.reconnectAttempts = 0
+				this.updateStatus(connection, 'connected')
+
+				const result = await this.consumeStream(connection, stream)
+				connection.controller = undefined
+				if (connection.stopped) return
+
+				if (result === 'protocol-reconnect') {
+					connection.reconnectAttempts = 0
+					continue
+				}
+
+				await this.waitForReconnect(connection)
+			} catch (error) {
+				connection.controller = undefined
+				if (connection.stopped || this.isAbortError(error)) return
+
+				connection.reconnectAttempts++
+				this.updateStatus(connection, 'error', error)
+				console.warn(`[Sync] Connection failed for server ${connection.serverId}:`, error)
+				await this.waitForReconnect(connection)
+			}
+		}
+	}
+
+	private async consumeStream(
+		connection: SyncConnection,
+		stream: ReadableStream<Uint8Array>,
+	): Promise<StreamReadResult> {
+		const reader = stream.getReader()
+		const decoder = new TextDecoder()
+		const parser = new SseParser()
+
+		try {
+			while (!connection.stopped) {
+				const { done, value } = await reader.read()
+				if (done) break
+
+				const chunk = decoder.decode(value, { stream: true })
+				const result = this.processParsedItems(connection, parser.feed(chunk))
+				if (result === 'protocol-reconnect') {
+					await reader.cancel()
+					connection.controller?.abort()
+					return result
+				}
+			}
+
+			const finalChunk = decoder.decode()
+			const finalItems = finalChunk ? parser.feed(finalChunk) : []
+			const result = this.processParsedItems(connection, [...finalItems, ...parser.end()])
+			if (result === 'protocol-reconnect') {
+				await reader.cancel()
+				connection.controller?.abort()
+				return result
+			}
+		} finally {
+			reader.releaseLock()
+		}
+
+		return 'closed'
+	}
+
+	private processParsedItems(connection: SyncConnection, items: ParsedSseItem[]): StreamReadResult {
+		for (const item of items) {
+			if (item.kind === 'retry') {
+				connection.retryDelay = Math.min(item.retry, MAX_RECONNECT_DELAY)
+				continue
+			}
+
+			this.updateLastEventId(connection, item.id)
+
+			const event = parseSyncEventData(item.data)
+			if (!event) {
+				console.warn('[Sync] Dropping malformed SSE payload:', {
+					serverId: connection.serverId,
+					event: item.event,
+					data: item.data,
+				})
+				continue
+			}
+
+			this.emitSyncEvent(connection.serverId, event)
+
+			if (event.type === 'protocol.reset' || event.type === 'protocol.invalid') {
+				connection.lastEventId = undefined
+				return 'protocol-reconnect'
+			}
+		}
+
+		return 'closed'
+	}
+
+	private async waitForReconnect(connection: SyncConnection): Promise<void> {
+		if (connection.stopped) return
+
+		this.updateStatus(connection, 'reconnecting')
+		const delay = this.getReconnectDelay(connection)
+
+		await new Promise<void>((resolve) => {
+			connection.reconnectResolve = resolve
+			connection.reconnectTimer = setTimeout(() => {
+				connection.reconnectTimer = undefined
+				connection.reconnectResolve = undefined
+				resolve()
+			}, delay)
+		})
+	}
+
+	private closeConnection(serverId: string): void {
+		const connection = this.connections.get(serverId)
+		if (!connection) return
+
+		connection.stopped = true
+		connection.controller?.abort()
+
+		if (connection.reconnectTimer) {
+			clearTimeout(connection.reconnectTimer)
+			connection.reconnectTimer = undefined
+		}
+		connection.reconnectResolve?.()
+		connection.reconnectResolve = undefined
+
+		this.updateStatus(connection, 'disconnected')
+		this.connections.delete(serverId)
+	}
+
+	private getReconnectDelay(connection: SyncConnection): number {
+		const exponentialDelay =
+			connection.retryDelay * Math.pow(2, Math.max(connection.reconnectAttempts - 1, 0))
+		return Math.min(exponentialDelay, MAX_RECONNECT_DELAY) + Math.random() * JITTER_MS
+	}
+
+	private updateLastEventId(connection: SyncConnection, id: string | undefined): void {
+		if (id === undefined) return
+		connection.lastEventId = id || undefined
+	}
+
+	private intentToParam(intent: Archon.Sync.v1.SyncIntent): string {
+		return Array.isArray(intent) ? intent.join(',') : intent
+	}
+
+	private isAbortError(error: unknown): boolean {
+		if (!(error instanceof Error)) return false
+		return error.name === 'AbortError' || error.message.toLowerCase().includes('abort')
+	}
+}
diff --git a/packages/api-client/src/platform/tauri.ts b/packages/api-client/src/platform/tauri.ts
index 725bcc7795..ac82b53edb 100644
--- a/packages/api-client/src/platform/tauri.ts
+++ b/packages/api-client/src/platform/tauri.ts
@@ -1,6 +1,8 @@
 import type { ModrinthApiError } from '../core/errors'
 import type { ClientConfig } from '../types/client'
 import type { RequestOptions } from '../types/request'
+import { appendRequestParams, parseResponseErrorData, toFetchBody } from '../utils/fetch'
+import { GenericSyncClient } from './sync-generic'
 import { GenericWebSocketClient } from './websocket-generic'
 import { XHRUploadClient } from './xhr-upload-client'
 
@@ -49,6 +51,12 @@ export class TauriModrinthClient extends XHRUploadClient {
 			enumerable: true,
 			configurable: false,
 		})
+		Object.defineProperty(this.archon, 'sync', {
+			value: new GenericSyncClient(this),
+			writable: false,
+			enumerable: true,
+			configurable: false,
+		})
 	}
 
 	protected async executeRequest<T>(url: string, options: RequestOptions): Promise<T> {
@@ -57,36 +65,8 @@ export class TauriModrinthClient extends XHRUploadClient {
 			// This allows the package to be used in non-Tauri environments
 			const { fetch: tauriFetch } = await import('@tauri-apps/plugin-http')
 
-			let body: BodyInit | null | undefined = undefined
-			if (options.body) {
-				const raw = options.body
-				if (
-					typeof raw === 'object' &&
-					!(raw instanceof FormData) &&
-					!(raw instanceof URLSearchParams) &&
-					!(raw instanceof Blob) &&
-					!(raw instanceof ArrayBuffer) &&
-					!ArrayBuffer.isView(raw as ArrayBufferView)
-				) {
-					body = JSON.stringify(raw)
-				} else {
-					body = raw as BodyInit
-				}
-			}
-
-			let fullUrl = url
-			if (options.params) {
-				const filteredParams: Record<string, string> = {}
-				for (const [key, value] of Object.entries(options.params)) {
-					if (value !== undefined && value !== null) {
-						filteredParams[key] = String(value)
-					}
-				}
-				const queryString = new URLSearchParams(filteredParams).toString()
-				if (queryString) {
-					fullUrl = `${url}?${queryString}`
-				}
-			}
+			const body = toFetchBody(options.body)
+			const fullUrl = appendRequestParams(url, options.params)
 
 			const response = await tauriFetch(fullUrl, {
 				method: options.method ?? 'GET',
@@ -147,6 +127,41 @@ export class TauriModrinthClient extends XHRUploadClient {
 		}
 	}
 
+	protected async executeStreamRequest(
+		url: string,
+		options: RequestOptions,
+	): Promise<ReadableStream<Uint8Array>> {
+		try {
+			const { fetch: tauriFetch } = await import('@tauri-apps/plugin-http')
+			const response = await tauriFetch(appendRequestParams(url, options.params), {
+				method: options.method ?? 'GET',
+				headers: options.headers,
+				body: toFetchBody(options.body),
+				signal: options.signal,
+			})
+
+			if (!response.ok) {
+				throw this.createNormalizedError(
+					new Error(`HTTP ${response.status}: ${response.statusText}`),
+					response.status,
+					await parseResponseErrorData(response),
+				)
+			}
+
+			if (!response.body) {
+				throw this.createNormalizedError(
+					new Error('Streaming response has no readable body'),
+					response.status,
+					undefined,
+				)
+			}
+
+			return response.body
+		} catch (error) {
+			throw this.normalizeError(error)
+		}
+	}
+
 	protected normalizeError(error: unknown): ModrinthApiError {
 		if (error instanceof Error) {
 			const httpError = error as HttpError
diff --git a/packages/api-client/src/platform/xhr-upload-client.ts b/packages/api-client/src/platform/xhr-upload-client.ts
index d16e765899..40190f96d4 100644
--- a/packages/api-client/src/platform/xhr-upload-client.ts
+++ b/packages/api-client/src/platform/xhr-upload-client.ts
@@ -18,9 +18,9 @@ export abstract class XHRUploadClient extends AbstractModrinthClient {
 	upload<T = void>(path: string, options: UploadRequestOptions): UploadHandle<T> {
 		let baseUrl: string
 		if (options.api === 'labrinth') {
-			baseUrl = this.config.labrinthBaseUrl!
+			baseUrl = this.resolveBaseUrl(this.config.labrinthBaseUrl!)
 		} else if (options.api === 'archon') {
-			baseUrl = this.config.archonBaseUrl!
+			baseUrl = this.resolveBaseUrl(this.config.archonBaseUrl!)
 		} else {
 			baseUrl = options.api
 		}
diff --git a/packages/api-client/src/types/client.ts b/packages/api-client/src/types/client.ts
index 45828d5c20..57d33105ef 100644
--- a/packages/api-client/src/types/client.ts
+++ b/packages/api-client/src/types/client.ts
@@ -3,6 +3,7 @@ import type { RequestContext } from './request'
 
 export type MaybePromise<T> = T | Promise<T>
 export type UserAgentProvider = string | (() => MaybePromise<string | undefined>)
+export type BaseUrlConfig = string | (() => string)
 
 /**
  * Request lifecycle hooks
@@ -39,13 +40,15 @@ export interface ClientConfig {
 	 * Base URL for Labrinth API (main Modrinth API)
 	 * @default 'https://api.modrinth.com'
 	 */
-	labrinthBaseUrl?: string
+	labrinthBaseUrl?: BaseUrlConfig
 
 	/**
 	 * Base URL for Archon API (Modrinth Hosting API)
+	 * Can be a callback so apps can drive this from runtime feature flags.
+	 *
 	 * @default 'https://archon.modrinth.com'
 	 */
-	archonBaseUrl?: string
+	archonBaseUrl?: BaseUrlConfig
 
 	/**
 	 * Default request timeout in milliseconds
diff --git a/packages/api-client/src/types/index.ts b/packages/api-client/src/types/index.ts
index 30daf6520c..2fb40b14e4 100644
--- a/packages/api-client/src/types/index.ts
+++ b/packages/api-client/src/types/index.ts
@@ -7,7 +7,7 @@ export type {
 } from '../features/circuit-breaker'
 export type { BackoffStrategy, RetryConfig } from '../features/retry'
 export type { Archon } from '../modules/archon/types'
-export type { ClientConfig, RequestHooks } from './client'
+export type { BaseUrlConfig, ClientConfig, RequestHooks } from './client'
 export type { ApiErrorData, ModrinthErrorResponse } from './errors'
 export { isModrinthErrorResponse } from './errors'
 export type { HttpMethod, RequestContext, RequestOptions, ResponseData } from './request'
diff --git a/packages/api-client/src/utils/fetch.ts b/packages/api-client/src/utils/fetch.ts
new file mode 100644
index 0000000000..9ab9c7ab0a
--- /dev/null
+++ b/packages/api-client/src/utils/fetch.ts
@@ -0,0 +1,55 @@
+import type { RequestOptions } from '../types/request'
+
+export function appendRequestParams(url: string, params?: RequestOptions['params']): string {
+	if (!params) return url
+
+	const filteredParams: Record<string, string> = {}
+	for (const [key, value] of Object.entries(params)) {
+		if (value !== undefined && value !== null) {
+			filteredParams[key] = String(value)
+		}
+	}
+
+	const queryString = new URLSearchParams(filteredParams).toString()
+	if (!queryString) return url
+
+	return `${url}${url.includes('?') ? '&' : '?'}${queryString}`
+}
+
+export function toFetchBody(body: unknown): BodyInit | null | undefined {
+	if (!body) return undefined
+
+	if (
+		typeof body === 'object' &&
+		!(body instanceof FormData) &&
+		!(body instanceof URLSearchParams) &&
+		!(body instanceof Blob) &&
+		!(body instanceof ArrayBuffer) &&
+		!ArrayBuffer.isView(body as ArrayBufferView)
+	) {
+		return JSON.stringify(body)
+	}
+
+	return body as BodyInit
+}
+
+export async function parseResponseErrorData(response: Response): Promise<unknown> {
+	const contentType = response.headers.get('content-type')?.toLowerCase() ?? ''
+
+	try {
+		if (contentType.includes('application/json') || contentType.includes('+json')) {
+			return await response.json()
+		}
+
+		const text = await response.text()
+		if (!text) return undefined
+
+		try {
+			return JSON.parse(text)
+		} catch {
+			return text
+		}
+	} catch {
+		return undefined
+	}
+}
diff --git a/packages/api-client/src/utils/sse.ts b/packages/api-client/src/utils/sse.ts
new file mode 100644
index 0000000000..8497196875
--- /dev/null
+++ b/packages/api-client/src/utils/sse.ts
@@ -0,0 +1,139 @@
+import type { Archon } from '../modules/archon/types'
+
+export type ParsedSseEvent = {
+	kind: 'event'
+	id?: string
+	event?: string
+	data: string
+}
+
+export type ParsedSseRetry = {
+	kind: 'retry'
+	retry: number
+}
+
+export type ParsedSseItem = ParsedSseEvent | ParsedSseRetry
+
+export class SseParser {
+	private buffer = ''
+	private eventName = ''
+	private data = ''
+	private id: string | undefined
+
+	feed(chunk: string): ParsedSseItem[] {
+		this.buffer += chunk
+		const items: ParsedSseItem[] = []
+
+		while (true) {
+			const lineEnd = this.findLineEnd()
+			if (!lineEnd) break
+
+			const { line, length } = lineEnd
+			this.buffer = this.buffer.slice(length)
+			this.processLine(line, items)
+		}
+
+		return items
+	}
+
+	end(): ParsedSseItem[] {
+		const items: ParsedSseItem[] = []
+
+		if (this.buffer.length > 0) {
+			this.processLine(this.buffer.endsWith('\r') ? this.buffer.slice(0, -1) : this.buffer, items)
+			this.buffer = ''
+		}
+
+		this.dispatch(items)
+		return items
+	}
+
+	private findLineEnd(): { line: string; length: number } | null {
+		const lf = this.buffer.indexOf('\n')
+		const cr = this.buffer.indexOf('\r')
+
+		if (lf === -1 && cr === -1) return null
+
+		if (cr !== -1 && (lf === -1 || cr < lf)) {
+			if (cr === this.buffer.length - 1) return null
+			const length = this.buffer[cr + 1] === '\n' ? cr + 2 : cr + 1
+			return {
+				line: this.buffer.slice(0, cr),
+				length,
+			}
+		}
+
+		return {
+			line: this.buffer.slice(0, lf),
+			length: lf + 1,
+		}
+	}
+
+	private processLine(line: string, items: ParsedSseItem[]): void {
+		if (line === '') {
+			this.dispatch(items)
+			return
+		}
+
+		if (line.startsWith(':')) return
+
+		const colon = line.indexOf(':')
+		const field = colon === -1 ? line : line.slice(0, colon)
+		let value = colon === -1 ? '' : line.slice(colon + 1)
+		if (value.startsWith(' ')) value = value.slice(1)
+
+		switch (field) {
+			case 'event':
+				this.eventName = value
+				break
+			case 'data':
+				this.data += `${value}\n`
+				break
+			case 'id':
+				this.id = value
+				break
+			case 'retry': {
+				const retry = Number(value)
+				if (Number.isInteger(retry) && retry >= 0) {
+					items.push({ kind: 'retry', retry })
+				}
+				break
+			}
+		}
+	}
+
+	private dispatch(items: ParsedSseItem[]): void {
+		if (!this.data) {
+			this.eventName = ''
+			this.id = undefined
+			return
+		}
+
+		items.push({
+			kind: 'event',
+			id: this.id,
+			event: this.eventName || undefined,
+			data: this.data.endsWith('\n') ? this.data.slice(0, -1) : this.data,
+		})
+
+		this.eventName = ''
+		this.data = ''
+		this.id = undefined
+	}
+}
+
+export function parseSyncEventData(data: string): Archon.Sync.v1.SyncEvent | null {
+	let parsed: unknown
+
+	try {
+		parsed = JSON.parse(data)
+	} catch {
+		return null
+	}
+
+	if (!parsed || typeof parsed !== 'object') return null
+	const event = parsed as { type?: unknown }
+	if (typeof event.type !== 'string') return null
+
+	return parsed as Archon.Sync.v1.SyncEvent
+}
diff --git a/packages/assets/external/illustrations/intercom_bubble_icon.png b/packages/assets/external/illustrations/intercom_bubble_icon.png
new file mode 100644
index 0000000000..6585b9b09e
Binary files /dev/null and b/packages/assets/external/illustrations/intercom_bubble_icon.png differ
diff --git a/packages/assets/generated-icons.ts b/packages/assets/generated-icons.ts
index 6f8549ccb5..12973cb3ef 100644
--- a/packages/assets/generated-icons.ts
+++ b/packages/assets/generated-icons.ts
@@ -11,8 +11,10 @@ import _ArchiveIcon from './icons/archive.svg?component'
 import _ArrowBigRightDashIcon from './icons/arrow-big-right-dash.svg?component'
 import _ArrowBigUpDashIcon from './icons/arrow-big-up-dash.svg?component'
 import _ArrowDownIcon from './icons/arrow-down.svg?component'
+import _ArrowDown10Icon from './icons/arrow-down-1-0.svg?component'
 import _ArrowDownAZIcon from './icons/arrow-down-a-z.svg?component'
 import _ArrowDownLeftIcon from './icons/arrow-down-left.svg?component'
+import _ArrowDownWideNarrowIcon from './icons/arrow-down-wide-narrow.svg?component'
 import _ArrowDownZAIcon from './icons/arrow-down-z-a.svg?component'
 import _ArrowLeftIcon from './icons/arrow-left.svg?component'
 import _ArrowLeftRightIcon from './icons/arrow-left-right.svg?component'
@@ -78,6 +80,7 @@ import _ChevronRightIcon from './icons/chevron-right.svg?component'
 import _ChevronUpIcon from './icons/chevron-up.svg?component'
 import _CircleAlertIcon from './icons/circle-alert.svg?component'
 import _CircleArrowRightIcon from './icons/circle-arrow-right.svg?component'
+import _CircleDashedIcon from './icons/circle-dashed.svg?component'
 import _CircleUserIcon from './icons/circle-user.svg?component'
 import _ClearIcon from './icons/clear.svg?component'
 import _ClientIcon from './icons/client.svg?component'
@@ -120,6 +123,7 @@ import _FilePlusIcon from './icons/file-plus.svg?component'
 import _FileTextIcon from './icons/file-text.svg?component'
 import _FilterIcon from './icons/filter.svg?component'
 import _FilterXIcon from './icons/filter-x.svg?component'
+import _FoldVerticalIcon from './icons/fold-vertical.svg?component'
 import _FolderIcon from './icons/folder.svg?component'
 import _FolderArchiveIcon from './icons/folder-archive.svg?component'
 import _FolderCogIcon from './icons/folder-cog.svg?component'
@@ -244,6 +248,7 @@ import _SortAscIcon from './icons/sort-asc.svg?component'
 import _SortDescIcon from './icons/sort-desc.svg?component'
 import _SparklesIcon from './icons/sparkles.svg?component'
 import _SpinnerIcon from './icons/spinner.svg?component'
+import _SplitIcon from './icons/split.svg?component'
 import _StarIcon from './icons/star.svg?component'
 import _StopCircleIcon from './icons/stop-circle.svg?component'
 import _StoreIcon from './icons/store.svg?component'
@@ -401,6 +406,7 @@ import _TriangleAlertIcon from './icons/triangle-alert.svg?component'
 import _UnderlineIcon from './icons/underline.svg?component'
 import _UndoIcon from './icons/undo.svg?component'
 import _UnfoldHorizontalIcon from './icons/unfold-horizontal.svg?component'
+import _UnfoldVerticalIcon from './icons/unfold-vertical.svg?component'
 import _UnknownIcon from './icons/unknown.svg?component'
 import _UnknownDonationIcon from './icons/unknown-donation.svg?component'
 import _UnlinkIcon from './icons/unlink.svg?component'
@@ -431,8 +437,10 @@ export const ArchiveIcon = _ArchiveIcon
 export const ArrowBigRightDashIcon = _ArrowBigRightDashIcon
 export const ArrowBigUpDashIcon = _ArrowBigUpDashIcon
 export const ArrowDownIcon = _ArrowDownIcon
+export const ArrowDown10Icon = _ArrowDown10Icon
 export const ArrowDownAZIcon = _ArrowDownAZIcon
 export const ArrowDownLeftIcon = _ArrowDownLeftIcon
+export const ArrowDownWideNarrowIcon = _ArrowDownWideNarrowIcon
 export const ArrowDownZAIcon = _ArrowDownZAIcon
 export const ArrowLeftIcon = _ArrowLeftIcon
 export const ArrowLeftRightIcon = _ArrowLeftRightIcon
@@ -498,6 +506,7 @@ export const ChevronRightIcon = _ChevronRightIcon
 export const ChevronUpIcon = _ChevronUpIcon
 export const CircleAlertIcon = _CircleAlertIcon
 export const CircleArrowRightIcon = _CircleArrowRightIcon
+export const CircleDashedIcon = _CircleDashedIcon
 export const CircleUserIcon = _CircleUserIcon
 export const ClearIcon = _ClearIcon
 export const ClientIcon = _ClientIcon
@@ -540,6 +549,7 @@ export const FilePlusIcon = _FilePlusIcon
 export const FileTextIcon = _FileTextIcon
 export const FilterIcon = _FilterIcon
 export const FilterXIcon = _FilterXIcon
+export const FoldVerticalIcon = _FoldVerticalIcon
 export const FolderIcon = _FolderIcon
 export const FolderArchiveIcon = _FolderArchiveIcon
 export const FolderCogIcon = _FolderCogIcon
@@ -664,6 +674,7 @@ export const SortAscIcon = _SortAscIcon
 export const SortDescIcon = _SortDescIcon
 export const SparklesIcon = _SparklesIcon
 export const SpinnerIcon = _SpinnerIcon
+export const SplitIcon = _SplitIcon
 export const StarIcon = _StarIcon
 export const StopCircleIcon = _StopCircleIcon
 export const StoreIcon = _StoreIcon
@@ -821,6 +832,7 @@ export const TriangleAlertIcon = _TriangleAlertIcon
 export const UnderlineIcon = _UnderlineIcon
 export const UndoIcon = _UndoIcon
 export const UnfoldHorizontalIcon = _UnfoldHorizontalIcon
+export const UnfoldVerticalIcon = _UnfoldVerticalIcon
 export const UnknownIcon = _UnknownIcon
 export const UnknownDonationIcon = _UnknownDonationIcon
 export const UnlinkIcon = _UnlinkIcon
diff --git a/packages/assets/icons/arrow-down-1-0.svg b/packages/assets/icons/arrow-down-1-0.svg
new file mode 100644
index 0000000000..fe60477bd4
--- /dev/null
+++ b/packages/assets/icons/arrow-down-1-0.svg
@@ -0,0 +1,19 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-arrow-down-1-0"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="m3 16 4 4 4-4" />
+  <path d="M7 20V4" />
+  <path d="M17 10V4h-2" />
+  <path d="M15 10h4" />
+  <rect x="15" y="14" width="4" height="6" ry="2" />
+</svg>
diff --git a/packages/assets/icons/arrow-down-wide-narrow.svg b/packages/assets/icons/arrow-down-wide-narrow.svg
new file mode 100644
index 0000000000..b65dc828d5
--- /dev/null
+++ b/packages/assets/icons/arrow-down-wide-narrow.svg
@@ -0,0 +1,19 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-arrow-down-wide-narrow"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="m3 16 4 4 4-4" />
+  <path d="M7 20V4" />
+  <path d="M11 4h10" />
+  <path d="M11 8h7" />
+  <path d="M11 12h4" />
+</svg>
diff --git a/packages/assets/icons/circle-dashed.svg b/packages/assets/icons/circle-dashed.svg
new file mode 100644
index 0000000000..f06ebeda6a
--- /dev/null
+++ b/packages/assets/icons/circle-dashed.svg
@@ -0,0 +1,22 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-circle-dashed"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="M10.1 2.182a10 10 0 0 1 3.8 0" />
+  <path d="M13.9 21.818a10 10 0 0 1-3.8 0" />
+  <path d="M17.609 3.721a10 10 0 0 1 2.69 2.7" />
+  <path d="M2.182 13.9a10 10 0 0 1 0-3.8" />
+  <path d="M20.279 17.609a10 10 0 0 1-2.7 2.69" />
+  <path d="M21.818 10.1a10 10 0 0 1 0 3.8" />
+  <path d="M3.721 6.391a10 10 0 0 1 2.7-2.69" />
+  <path d="M6.391 20.279a10 10 0 0 1-2.69-2.7" />
+</svg>
diff --git a/packages/assets/icons/fold-vertical.svg b/packages/assets/icons/fold-vertical.svg
new file mode 100644
index 0000000000..9d8f1bc552
--- /dev/null
+++ b/packages/assets/icons/fold-vertical.svg
@@ -0,0 +1,22 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-fold-vertical"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="M12 22v-6" />
+  <path d="M12 8V2" />
+  <path d="M4 12H2" />
+  <path d="M10 12H8" />
+  <path d="M16 12h-2" />
+  <path d="M22 12h-2" />
+  <path d="m15 19-3-3-3 3" />
+  <path d="m15 5-3 3-3-3" />
+</svg>
diff --git a/packages/assets/icons/split.svg b/packages/assets/icons/split.svg
new file mode 100644
index 0000000000..432fc358df
--- /dev/null
+++ b/packages/assets/icons/split.svg
@@ -0,0 +1,18 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-split"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="M16 3h5v5" />
+  <path d="M8 3H3v5" />
+  <path d="M12 22v-8.3a4 4 0 0 0-1.172-2.872L3 3" />
+  <path d="m15 9 6-6" />
+</svg>
diff --git a/packages/assets/icons/unfold-vertical.svg b/packages/assets/icons/unfold-vertical.svg
new file mode 100644
index 0000000000..0c5e2feb97
--- /dev/null
+++ b/packages/assets/icons/unfold-vertical.svg
@@ -0,0 +1,22 @@
+<!-- @license lucide-static v0.562.0 - ISC -->
+<svg
+  class="lucide lucide-unfold-vertical"
+  xmlns="http://www.w3.org/2000/svg"
+  width="24"
+  height="24"
+  viewBox="0 0 24 24"
+  fill="none"
+  stroke="currentColor"
+  stroke-width="2"
+  stroke-linecap="round"
+  stroke-linejoin="round"
+>
+  <path d="M12 22v-6" />
+  <path d="M12 8V2" />
+  <path d="M4 12H2" />
+  <path d="M10 12H8" />
+  <path d="M16 12h-2" />
+  <path d="M22 12h-2" />
+  <path d="m15 19-3 3-3-3" />
+  <path d="m15 5-3-3-3 3" />
+</svg>
diff --git a/packages/assets/index.ts b/packages/assets/index.ts
index 4fb4028886..7a8ed170cd 100644
--- a/packages/assets/index.ts
+++ b/packages/assets/index.ts
@@ -41,6 +41,7 @@ import _DiscordIcon from './external/discord.svg?component'
 import _FacebookIcon from './external/facebook.svg?component'
 import _FlathubIcon from './external/flathub.svg?component'
 import _GithubIcon from './external/github.svg?component'
+import _IntercomBubbleIcon from './external/illustrations/intercom_bubble_icon.png?url'
 import _MinecraftServerIcon from './external/illustrations/minecraft_server_icon.png?url'
 import _InstagramIcon from './external/instagram.svg?component'
 import _KoFiIcon from './external/kofi.svg?component'
@@ -132,6 +133,7 @@ export const VenmoIcon = _VenmoIcon
 export const PolygonIcon = _PolygonIcon
 export const USDCColorIcon = _USDCColorIcon
 export const VisaIcon = _VisaIcon
+export const IntercomBubbleIcon = _IntercomBubbleIcon
 export const MinecraftServerIcon = _MinecraftServerIcon
 
 export * from './generated-icons'
diff --git a/packages/assets/styles/classes.scss b/packages/assets/styles/classes.scss
index ba9388eaa1..2df553e7d3 100644
--- a/packages/assets/styles/classes.scss
+++ b/packages/assets/styles/classes.scss
@@ -639,8 +639,8 @@ a:not(.no-click-animation),
 
 // TOOLTIPS
 
-.v-popper--theme-dropdown,
-.v-popper--theme-dropdown.v-popper--theme-ribbit-popout {
+.v-popper__popper.v-popper--theme-dropdown,
+.v-popper__popper.v-popper--theme-dropdown.v-popper--theme-ribbit-popout {
 	.v-popper__inner {
 		border: 1px solid var(--surface-5) !important;
 		padding: var(--gap-sm) !important;
@@ -698,7 +698,13 @@ a:not(.no-click-animation),
 	//transform: scale(.9);
 }
 
-.v-popper--theme-tooltip {
+.v-popper__popper.v-popper--theme-tooltip {
+	pointer-events: none;
+
+	&.v-popper--interactive {
+		pointer-events: auto;
+	}
+
 	.v-popper__inner {
 		background: var(--color-tooltip-bg) !important;
 		color: var(--color-tooltip-text) !important;
@@ -721,7 +727,7 @@ a:not(.no-click-animation),
 	}
 }
 
-.v-popper--theme-dismissable-prompt {
+.v-popper__popper.v-popper--theme-dismissable-prompt {
 	z-index: 10;
 
 	.v-popper__inner {
diff --git a/packages/moderation/src/data/attribution-quick-replies.ts b/packages/moderation/src/data/attribution-quick-replies.ts
new file mode 100644
index 0000000000..dc05c9c5a4
--- /dev/null
+++ b/packages/moderation/src/data/attribution-quick-replies.ts
@@ -0,0 +1,15 @@
+import type { QuickReply } from '../types/quick-reply'
+
+export default [
+	{
+		label: '⚠️ Illegitimate Evidence',
+		message: async () =>
+			(await import('./messages/attributions/illegitimate-evidence.md?raw')).default,
+		private: false,
+	},
+	{
+		label: '🚫 Cheats and Hacks',
+		message: async () => (await import('./messages/attributions/cheats-and-hacks.md?raw')).default,
+		private: false,
+	},
+] as ReadonlyArray<QuickReply>
diff --git a/packages/moderation/src/data/checklist.ts b/packages/moderation/src/data/checklist.ts
index 69cd061a54..8b8bb5d689 100644
--- a/packages/moderation/src/data/checklist.ts
+++ b/packages/moderation/src/data/checklist.ts
@@ -1,5 +1,4 @@
 import type { Stage } from '../types/stage'
-import modpackPermissionsStage from './modpack-permissions-stage'
 import categories from './stages/categories'
 import description from './stages/description'
 import environment from './stages/environment/environment'
@@ -7,6 +6,7 @@ import environmentMultiple from './stages/environment/environment-multiple'
 import gallery from './stages/gallery'
 import license from './stages/license'
 import links from './stages/links'
+import permissions from './stages/permissions'
 import postApproval from './stages/post-approval'
 import reupload from './stages/reupload'
 import ruleFollowing from './stages/rule-following'
@@ -28,8 +28,8 @@ export default [
 	gallery,
 	versions,
 	reupload,
+	permissions,
 	ruleFollowing,
-	modpackPermissionsStage,
 	statusAlerts,
 	undefinedProject,
 	postApproval,
diff --git a/packages/moderation/src/data/messages/attributions/cheats-and-hacks.md b/packages/moderation/src/data/messages/attributions/cheats-and-hacks.md
new file mode 100644
index 0000000000..1acda34063
--- /dev/null
+++ b/packages/moderation/src/data/messages/attributions/cheats-and-hacks.md
@@ -0,0 +1 @@
+Modrinth does not permit distributing content that violates rule 3 (no cheats or hacks) in modpacks regardless of permission
diff --git a/packages/moderation/src/data/messages/attributions/illegitimate-evidence.md b/packages/moderation/src/data/messages/attributions/illegitimate-evidence.md
new file mode 100644
index 0000000000..2d85cf783b
--- /dev/null
+++ b/packages/moderation/src/data/messages/attributions/illegitimate-evidence.md
@@ -0,0 +1 @@
+Please only submit legitimate evidence and do not attempt to spam notes with unnecessary information
diff --git a/packages/moderation/src/data/messages/externals-permissions/invalid.md b/packages/moderation/src/data/messages/externals-permissions/invalid.md
new file mode 100644
index 0000000000..15e87e7623
--- /dev/null
+++ b/packages/moderation/src/data/messages/externals-permissions/invalid.md
@@ -0,0 +1,4 @@
+## Proof of Permissions
+
+You may not have the necessary rights or permissions to distribute some of the external content included in your Modpack. </br>
+Per section 4 of %RULES%, we ask that you please complete all steps and address all notes left by moderators if any in your project's %PROJECT_PERMISSIONS_FLINK%.
diff --git a/packages/moderation/src/data/messages/externals-permissions/missing.md b/packages/moderation/src/data/messages/externals-permissions/missing.md
new file mode 100644
index 0000000000..9dc97b32b5
--- /dev/null
+++ b/packages/moderation/src/data/messages/externals-permissions/missing.md
@@ -0,0 +1,3 @@
+## Permissions Incomplete
+
+Per section 4 of %RULES%, we ask that you complete all steps requested in your project's %PROJECT_PERMISSIONS_FLINK%.
diff --git a/packages/moderation/src/data/messages/externals-permissions/prohibited.md b/packages/moderation/src/data/messages/externals-permissions/prohibited.md
new file mode 100644
index 0000000000..1d62230ff8
--- /dev/null
+++ b/packages/moderation/src/data/messages/externals-permissions/prohibited.md
@@ -0,0 +1,6 @@
+## Prohibited External Content
+
+Some external content in your mod was found to be prohibited.</br>
+This means you cannot include these files in your Modpack on Modrinth, likely because it violates one of %RULES%.
+
+Please view your project's %PROJECT_PERMISSIONS_FLINK% for a list of what content must be removed from your pack before distribution on Modrinth.
diff --git a/packages/moderation/src/data/nags/core.ts b/packages/moderation/src/data/nags/core.ts
index d3f67bb769..281eda266d 100644
--- a/packages/moderation/src/data/nags/core.ts
+++ b/packages/moderation/src/data/nags/core.ts
@@ -202,4 +202,33 @@ export const coreNags: Nag[] = [
 			shouldShow: (context: NagContext) => context.currentRoute !== 'type-project-settings-license',
 		},
 	},
+	{
+		id: 'review-permissions',
+		title: defineMessage({
+			id: 'nags.review-permissions.title',
+			defaultMessage: 'Review external permissions',
+		}),
+		description: (context: NagContext) => {
+			const { formatMessage } = useVIntl()
+			return formatMessage(
+				defineMessage({
+					id: 'nags.review-permissions.description',
+					defaultMessage:
+						'Make sure you have provided proof of your permission to distribute any external content in your Modpack.',
+				}),
+			)
+		},
+		status: 'required',
+		shouldShow: (context: NagContext) =>
+			context.versions.some((version) => (version.files_missing_attribution?.length ?? 0) >= 1),
+		link: {
+			path: 'settings/permissions',
+			title: defineMessage({
+				id: 'nags.settings.permissions.title',
+				defaultMessage: 'Visit permissions dashboard',
+			}),
+			shouldShow: (context: NagContext) =>
+				context.currentRoute !== 'type-project-settings-permissions',
+		},
+	},
 ]
diff --git a/packages/moderation/src/data/stages/permissions.ts b/packages/moderation/src/data/stages/permissions.ts
new file mode 100644
index 0000000000..a4a0d80d9a
--- /dev/null
+++ b/packages/moderation/src/data/stages/permissions.ts
@@ -0,0 +1,51 @@
+import { SignatureIcon } from '@modrinth/assets'
+
+import type { Stage } from '../../types/stage'
+
+const permissions: Stage = {
+	title: 'Does this projects external content have any issues?',
+	id: 'permissions',
+	icon: SignatureIcon,
+	guidance_url: 'https://www.notion.so/2e15ee711bf080e4a41df61bbab49892',
+	navigate: '/settings/permissions',
+	actions: [
+		{
+			id: 'invalid-permissions',
+			type: 'button',
+			label: 'Invalid permissions',
+			weight: 2000,
+			suggestedStatus: 'rejected',
+			severity: 'high',
+			shouldShow: (project, projectV3) =>
+				projectV3.project_types?.includes('modpack') && !projectV3?.minecraft_server,
+			message: async () =>
+				(await import('../messages/externals-permissions/invalid.md?raw')).default,
+		},
+		{
+			id: 'prohibited-extrernal-content',
+			type: 'button',
+			label: 'Prohibited externals',
+			weight: 2001,
+			suggestedStatus: 'rejected',
+			severity: 'high',
+			shouldShow: (project, projectV3) =>
+				projectV3.project_types?.includes('modpack') && !projectV3?.minecraft_server,
+			message: async () =>
+				(await import('../messages/externals-permissions/prohibited.md?raw')).default,
+		},
+		{
+			id: 'missing-permissions',
+			type: 'button',
+			label: 'Missing permissions',
+			weight: 2002,
+			suggestedStatus: 'rejected',
+			severity: 'high',
+			shouldShow: (project, projectV3) =>
+				projectV3.project_types?.includes('modpack') && !projectV3?.minecraft_server,
+			message: async () =>
+				(await import('../messages/externals-permissions/missing.md?raw')).default,
+		},
+	],
+}
+
+export default permissions
diff --git a/packages/moderation/src/index.ts b/packages/moderation/src/index.ts
index 2df2ecfe65..80e08ccf02 100644
--- a/packages/moderation/src/index.ts
+++ b/packages/moderation/src/index.ts
@@ -8,6 +8,7 @@ export {
 	type TechReviewContext,
 	default as techReviewQuickReplies,
 } from './data/tech-review-quick-replies'
+export { default as attributionQuickReplies } from './data/attribution-quick-replies'
 export * from './locales'
 export * from './types/actions'
 export * from './types/keybinds'
diff --git a/packages/moderation/src/locales/en-US/index.json b/packages/moderation/src/locales/en-US/index.json
index 26afc85cac..1a08e00384 100644
--- a/packages/moderation/src/locales/en-US/index.json
+++ b/packages/moderation/src/locales/en-US/index.json
@@ -140,6 +140,12 @@
   "nags.multiple-resolution-tags.title": {
     "defaultMessage": "Select correct resolution"
   },
+  "nags.review-permissions.description": {
+    "defaultMessage": "Make sure you have provided proof of your permission to distribute any external content in your Modpack."
+  },
+  "nags.review-permissions.title": {
+    "defaultMessage": "Review external permissions"
+  },
   "nags.select-compatibility.description": {
     "defaultMessage": "Select what versions your server supports, choose a Modpack, or upload your own."
   },
@@ -182,6 +188,9 @@
   "nags.settings.links.title": {
     "defaultMessage": "Visit links settings"
   },
+  "nags.settings.permissions.title": {
+    "defaultMessage": "Visit permissions dashboard"
+  },
   "nags.settings.tags.title": {
     "defaultMessage": "Visit tag settings"
   },
diff --git a/packages/moderation/src/types/nags.ts b/packages/moderation/src/types/nags.ts
index 3b5d49ee9b..c0a63cddd7 100644
--- a/packages/moderation/src/types/nags.ts
+++ b/packages/moderation/src/types/nags.ts
@@ -28,7 +28,7 @@ export interface NagContext {
 	/**
 	 * The versions associated with the project.
 	 */
-	versions: Labrinth.Versions.v2.Version[]
+	versions: Labrinth.Versions.v3.Version[]
 	/**
 	 * The current project member viewing the nag.
 	 */
diff --git a/packages/moderation/src/utils.ts b/packages/moderation/src/utils.ts
index 0a076dd54a..970d0e446c 100644
--- a/packages/moderation/src/utils.ts
+++ b/packages/moderation/src/utils.ts
@@ -382,6 +382,10 @@ export function flattenProjectVariables(
 	vars[`PROJECT_LANGUAGE_SETTINGS`] = `https://modrinth.com/project/${project.id}/settings/server`
 	vars[`PROJECT_LANGUAGE_SETTINGS_FLINK`] =
 		`[Language Settings](https://modrinth.com/project/${project.id}/settings/server)`
+	vars[`PROJECT_PERMISSIONS_LINK`] =
+		`https://modrinth.com/project/${project.id}/settings/permissions`
+	vars[`PROJECT_PERMISSIONS_FLINK`] =
+		`[Permissions dashboard](https://modrinth.com/project/${project.id}/settings/permissions)`
 
 	return vars
 }
diff --git a/packages/ui/.storybook/preview.scss b/packages/ui/.storybook/preview.scss
new file mode 100644
index 0000000000..b9e6de3ad7
--- /dev/null
+++ b/packages/ui/.storybook/preview.scss
@@ -0,0 +1,17 @@
+html {
+	min-height: 100%;
+	overflow: auto;
+}
+
+body {
+	position: static !important;
+	width: auto !important;
+	min-height: 100vh;
+	height: auto !important;
+	overflow: auto !important;
+}
+
+#storybook-root {
+	min-height: 100vh;
+	height: auto;
+}
diff --git a/packages/ui/.storybook/preview.ts b/packages/ui/.storybook/preview.ts
index 9b340008eb..e68f912e93 100644
--- a/packages/ui/.storybook/preview.ts
+++ b/packages/ui/.storybook/preview.ts
@@ -6,6 +6,7 @@ import '../../assets/styles/defaults.scss'
 // ---
 // app-frontend css imports
 import '../../../apps/app-frontend/src/assets/stylesheets/global.scss'
+import './preview.scss'
 
 import type { Labrinth } from '@modrinth/api-client'
 import { GenericModrinthClient } from '@modrinth/api-client'
diff --git a/packages/ui/src/components/base/BaseTerminal.vue b/packages/ui/src/components/base/BaseTerminal.vue
index d266fd07ee..bb6c1ddf9a 100644
--- a/packages/ui/src/components/base/BaseTerminal.vue
+++ b/packages/ui/src/components/base/BaseTerminal.vue
@@ -26,8 +26,9 @@
 		>
 			<StyledInput
 				v-model="commandInput"
+				v-tooltip="disableInput ? disableInputTooltip : undefined"
 				:icon="TerminalSquareIcon"
-				:placeholder="disableInput ? 'Server is not running' : 'Send a command'"
+				:placeholder="disableInput ? disabledInputPlaceholder : 'Send a command'"
 				:disabled="disableInput"
 				wrapper-class="w-full"
 				input-class="!h-10"
@@ -51,6 +52,8 @@ const props = withDefaults(
 		scrollback?: number
 		showInput?: boolean
 		disableInput?: boolean
+		disableInputTooltip?: string
+		disabledInputPlaceholder?: string
 		fullscreen?: boolean
 		emptyStateType?: 'server' | 'instance'
 		loading?: boolean
@@ -59,6 +62,8 @@ const props = withDefaults(
 		scrollback: Infinity,
 		showInput: false,
 		disableInput: false,
+		disableInputTooltip: undefined,
+		disabledInputPlaceholder: 'Server is not running',
 		fullscreen: false,
 		emptyStateType: undefined,
 		loading: false,
@@ -215,6 +220,7 @@ watch(
 )
 
 const submitCommand = () => {
+	if (props.disableInput) return
 	const cmd = commandInput.value.trim()
 	if (!cmd) return
 	emit('command', cmd)
diff --git a/packages/ui/src/components/base/Checkbox.vue b/packages/ui/src/components/base/Checkbox.vue
index 4e8fcbd7a4..e7a0c262a4 100644
--- a/packages/ui/src/components/base/Checkbox.vue
+++ b/packages/ui/src/components/base/Checkbox.vue
@@ -1,5 +1,6 @@
 <template>
 	<button
+		type="button"
 		class="group bg-transparent border-none p-0 m-0 flex items-center text-left gap-3 checkbox-outer outline-offset-4 text-contrast"
 		:disabled="disabled"
 		:class="
diff --git a/packages/ui/src/components/base/Combobox.vue b/packages/ui/src/components/base/Combobox.vue
index 43df4e2e39..b2e1eba2a0 100644
--- a/packages/ui/src/components/base/Combobox.vue
+++ b/packages/ui/src/components/base/Combobox.vue
@@ -73,7 +73,7 @@
 					<slot name="selected">{{ triggerText }}</slot>
 				</span>
 			</div>
-			<div class="flex items-center gap-1">
+			<div class="flex shrink-0 items-center gap-1">
 				<slot name="suffix"></slot>
 				<ChevronLeftIcon
 					v-if="showChevron"
@@ -97,6 +97,7 @@
 					:class="[
 						props.dropdownClass,
 						openDirection === 'up' ? 'shadow-[0_-25px_50px_-12px_rgb(0,0,0,0.25)]' : 'shadow-2xl',
+						props.dropdownClass,
 					]"
 					:style="dropdownStyle"
 					:role="listbox ? 'listbox' : 'menu'"
@@ -174,7 +175,7 @@
 						</div>
 					</div>
 
-					<div v-else-if="searchQuery" class="p-4 mb-2 text-center text-sm text-secondary">
+					<div v-else-if="searchQuery" class="p-4 text-center text-sm text-secondary">
 						{{ noOptionsMessage }}
 					</div>
 
@@ -276,6 +277,9 @@ const props = withDefaults(
 		forceDirection?: 'up' | 'down'
 		noOptionsMessage?: string
 		disableSearchFilter?: boolean
+		dropdownClass?: string
+		dropdownMinWidth?: string
+		minSearchLengthToOpen?: number
 		/** Keep the selected option's label in the input after selection, and show all options on focus */
 		syncWithSelection?: boolean
 		/** Select the searchable input text when the field receives focus */
@@ -293,6 +297,7 @@ const props = withDefaults(
 		showIconInSelected: false,
 		maxHeight: DEFAULT_MAX_HEIGHT,
 		noOptionsMessage: 'No results found',
+		minSearchLengthToOpen: 0,
 		syncWithSelection: true,
 		selectSearchTextOnFocus: false,
 		showSearchIcon: false,
@@ -377,6 +382,10 @@ const triggerText = computed(() => {
 	return props.placeholder
 })
 
+const hasMinimumSearchLength = computed(
+	() => !props.searchable || searchQuery.value.trim().length >= props.minSearchLengthToOpen,
+)
+
 const optionsWithKeys = computed(() => {
 	return props.options.map((opt, index) => ({
 		...opt,
@@ -413,7 +422,7 @@ function getOptionClasses(item: ComboboxOption<T> & { key: string }, _index: num
 		item.class,
 		{
 			'bg-surface-4 text-contrast hover:brightness-[115%] focus:brightness-[115%]': !isSelected,
-			'bg-highlight-green text-green !cursor-default hover:bg-highlight-green focus:bg-highlight-green':
+			'bg-highlight-green text-green hover:bg-highlight-green focus:bg-highlight-green':
 				isSelected,
 			'cursor-not-allowed opacity-50 pointer-events-none': item.disabled,
 		},
@@ -583,7 +592,8 @@ function destroyOptionsOverlayScrollbars() {
 }
 
 async function openDropdown() {
-	if (props.disabled || isOpen.value || !hasDropdownContent.value) return
+	if (props.disabled || isOpen.value || !hasMinimumSearchLength.value || !hasDropdownContent.value)
+		return
 
 	isOpen.value = true
 	emit('open')
@@ -628,7 +638,11 @@ function handleTriggerClick(event: MouseEvent) {
 function handleOptionClick(option: ComboboxOption<T>, index: number) {
 	if (option.disabled || option.type === 'divider') return
 	const isSelected = props.listbox && option.value === props.modelValue
-	if (isSelected) return
+	if (isSelected) {
+		focusedIndex.value = index
+		if (option.type !== 'link') closeDropdown()
+		return
+	}
 
 	focusedIndex.value = index
 
@@ -782,6 +796,10 @@ function handleSearchKeydown(event: KeyboardEvent) {
 function handleSearchInput() {
 	userHasTyped.value = true
 	emit('searchInput', searchQuery.value)
+	if (!hasMinimumSearchLength.value) {
+		closeDropdown()
+		return
+	}
 	if (!isOpen.value) {
 		openDropdown()
 	}
@@ -906,10 +924,16 @@ watch(hasDropdownContent, (value) => {
 	}
 })
 
+watch(hasMinimumSearchLength, (canOpen) => {
+	if (!canOpen) {
+		closeDropdown()
+	}
+})
+
 watch(
 	[() => props.modelValue, () => props.options],
 	([val]) => {
-		if (props.searchable && props.syncWithSelection && !isOpen.value) {
+		if (props.searchable && props.syncWithSelection && !isOpen.value && !userHasTyped.value) {
 			const opt = props.options.find((o) => isDropdownOption(o) && o.value === val)
 			searchQuery.value = opt && isDropdownOption(opt) ? opt.label : ''
 		}
diff --git a/packages/ui/src/components/base/DropdownFilterBar.vue b/packages/ui/src/components/base/DropdownFilterBar.vue
index 6dcf5986e2..a73c267b60 100644
--- a/packages/ui/src/components/base/DropdownFilterBar.vue
+++ b/packages/ui/src/components/base/DropdownFilterBar.vue
@@ -109,7 +109,7 @@
 			<button
 				ref="addMenuTrigger"
 				type="button"
-				:class="addButtonClass"
+				:class="addButtonClass ?? '!border'"
 				:aria-expanded="isAddMenuOpen"
 				aria-haspopup="menu"
 				@click="handleAddMenuTriggerClick"
@@ -464,6 +464,7 @@ const props = withDefaults(
 		showClear?: boolean
 		showLabel?: boolean
 		useFilterIcon?: boolean
+		applyImmediately?: boolean
 		showPreviewFilterIcon?: boolean
 		previewTriggerClass?: string
 		addButtonClass?: string
@@ -478,6 +479,7 @@ const props = withDefaults(
 		showClear: false,
 		showLabel: true,
 		useFilterIcon: false,
+		applyImmediately: false,
 		showPreviewFilterIcon: false,
 		emptyOptionsLabel: 'No options available.',
 		emptySearchLabel: 'No options found.',
@@ -797,6 +799,9 @@ function setSelectedValues(
 		if (isAddMenuOpen.value && activeCategoryKey.value === categoryKey) {
 			scheduleSubmenuPositionUpdate()
 		}
+		if (props.applyImmediately) {
+			emit('update:modelValue', nextFilters)
+		}
 	} else {
 		emit('update:modelValue', nextFilters)
 	}
@@ -1076,9 +1081,13 @@ function getPreviewSelectedValues(categoryKey: string): string[] {
 }
 
 function setPreviewSelectedValues(categoryKey: string, values: string[]) {
+	const normalizedValues = normalizeSelectedValues(values)
 	previewSelectedValueDrafts.value = {
 		...previewSelectedValueDrafts.value,
-		[categoryKey]: normalizeSelectedValues(values),
+		[categoryKey]: normalizedValues,
+	}
+	if (props.applyImmediately) {
+		setSelectedValues(categoryKey, normalizedValues)
 	}
 }
 
diff --git a/packages/ui/src/components/base/FileInput.vue b/packages/ui/src/components/base/FileInput.vue
index ff6e765121..9323b1e309 100644
--- a/packages/ui/src/components/base/FileInput.vue
+++ b/packages/ui/src/components/base/FileInput.vue
@@ -96,7 +96,7 @@ label {
 		grid-gap: 0.5rem;
 		background-color: var(--color-button-bg);
 		border-radius: var(--radius-sm);
-		border: dashed 2px var(--color-contrast);
+		border: dashed 2px var(--color-secondary);
 		cursor: pointer;
 		color: var(--color-contrast);
 	}
diff --git a/packages/ui/src/components/base/JoinedButtons.vue b/packages/ui/src/components/base/JoinedButtons.vue
index 2c56d50414..8aab2dc96d 100644
--- a/packages/ui/src/components/base/JoinedButtons.vue
+++ b/packages/ui/src/components/base/JoinedButtons.vue
@@ -2,6 +2,7 @@
 	<div class="joined-buttons">
 		<ButtonStyled :color="color" :size="size">
 			<button
+				v-tooltip="primaryTooltip"
 				:class="{ 'joined-buttons__primary--muted': primaryMuted }"
 				:disabled="primaryDisabledResolved"
 				@click="handlePrimaryAction"
@@ -15,6 +16,7 @@
 				class="btn-dropdown-animation !w-10"
 				:options="dropdownOptions"
 				:disabled="dropdownDisabledResolved"
+				:tooltip="dropdownTooltip"
 			>
 				<DropdownIcon />
 				<template v-for="action in dropdownActions" :key="action.id" #[action.id]>
@@ -53,6 +55,8 @@ interface Props {
 	primaryDisabled?: boolean
 	dropdownDisabled?: boolean
 	primaryMuted?: boolean
+	primaryTooltip?: string
+	dropdownTooltip?: string
 }
 
 const props = withDefaults(defineProps<Props>(), {
@@ -62,6 +66,8 @@ const props = withDefaults(defineProps<Props>(), {
 	primaryDisabled: undefined,
 	dropdownDisabled: undefined,
 	primaryMuted: false,
+	primaryTooltip: undefined,
+	dropdownTooltip: undefined,
 })
 
 const primaryDisabledResolved = computed(() => props.primaryDisabled ?? props.disabled)
diff --git a/packages/ui/src/components/base/MultiStageModal.vue b/packages/ui/src/components/base/MultiStageModal.vue
index 6fc7745050..e6c3a06718 100644
--- a/packages/ui/src/components/base/MultiStageModal.vue
+++ b/packages/ui/src/components/base/MultiStageModal.vue
@@ -74,6 +74,7 @@
 			>
 				<ButtonStyled v-if="leftButtonConfig" type="outlined">
 					<button
+						v-tooltip="leftButtonConfig.tooltip"
 						:class="leftButtonConfig.buttonClass"
 						:disabled="leftButtonConfig.disabled"
 						@click="leftButtonConfig.onClick"
@@ -84,6 +85,7 @@
 				</ButtonStyled>
 				<ButtonStyled v-if="rightButtonConfig" :color="rightButtonConfig.color">
 					<button
+						v-tooltip="rightButtonConfig.tooltip"
 						class="!shadow-none"
 						:class="rightButtonConfig.buttonClass"
 						:disabled="rightButtonConfig.disabled || rightButtonConfig.loading"
@@ -128,6 +130,7 @@ export interface StageButtonConfig {
 	color?: InstanceType<typeof ButtonStyled>['$props']['color']
 	disabled?: boolean
 	loading?: boolean
+	tooltip?: string
 	iconClass?: string | null
 	buttonClass?: string | null
 	onClick?: () => void
diff --git a/packages/ui/src/components/base/Table.vue b/packages/ui/src/components/base/Table.vue
index ceb99dcdd8..743f6da81f 100644
--- a/packages/ui/src/components/base/Table.vue
+++ b/packages/ui/src/components/base/Table.vue
@@ -62,7 +62,56 @@
 						</th>
 					</tr>
 				</thead>
-				<tbody :ref="setListContainer">
+				<TransitionGroup
+					v-if="rowTransitionName && !virtualized"
+					:name="rowTransitionName"
+					tag="tbody"
+				>
+					<tr v-if="data.length === 0" key="empty" class="bg-surface-2">
+						<td :colspan="columnSpan" class="border-solid border-0 border-t border-surface-5 p-0">
+							<slot name="empty-state">
+								<div class="text-secondary flex h-64 items-center justify-center">
+									No data available.
+								</div>
+							</slot>
+						</td>
+					</tr>
+					<template v-else>
+						<tr
+							v-for="(row, rowIndex) in renderedRows"
+							:key="getRowRenderKey(row, getAbsoluteRowIndex(rowIndex))"
+							:class="getRowClass(getAbsoluteRowIndex(rowIndex))"
+						>
+							<td
+								v-if="showSelection"
+								class="w-12 border-solid border-0 border-t border-surface-5 focus:outline-none"
+							>
+								<Checkbox
+									:model-value="isSelected(row)"
+									class="shrink-0 p-4 -outline-offset-[14px] outline rounded-2xl"
+									@update:model-value="(selectRow, event) => toggleSelection(row, selectRow, event)"
+								/>
+							</td>
+							<td
+								v-for="column in columns"
+								:key="column.key"
+								class="text-secondary h-14 overflow-hidden first:pl-4 last:pr-4 border-solid border-0 border-t border-surface-5"
+								:class="`text-${column.align ?? 'left'}`"
+							>
+								<slot
+									:name="`cell-${column.key}`"
+									:row="row"
+									:value="row[column.key]"
+									:column="column"
+									:index="getAbsoluteRowIndex(rowIndex)"
+								>
+									{{ row[column.key] ?? '' }}
+								</slot>
+							</td>
+						</tr>
+					</template>
+				</TransitionGroup>
+				<tbody v-else :ref="setListContainer">
 					<tr v-if="data.length === 0" class="bg-surface-2">
 						<td :colspan="columnSpan" class="border-solid border-0 border-t border-surface-5 p-0">
 							<slot name="empty-state">
@@ -83,7 +132,7 @@
 						<tr
 							v-for="(row, rowIndex) in renderedRows"
 							:key="getRowRenderKey(row, getAbsoluteRowIndex(rowIndex))"
-							:class="getAbsoluteRowIndex(rowIndex) % 2 === 0 ? 'bg-surface-2' : 'bg-surface-1.5'"
+							:class="getRowClass(getAbsoluteRowIndex(rowIndex))"
 						>
 							<td
 								v-if="showSelection"
@@ -169,6 +218,7 @@ const props = withDefaults(
 		virtualized?: boolean
 		virtualRowHeight?: number
 		virtualBufferSize?: number /* The number of extra rows rendered above and below the visible viewport */
+		rowTransitionName?: string
 		/**
 		 * Sets a minimum width for the table content, allowing horizontal overflow below that width.
 		 */
@@ -269,6 +319,10 @@ function getRowRenderKey(row: T, rowIndex: number): PropertyKey {
 	return rowIndex
 }
 
+function getRowClass(rowIndex: number): string {
+	return rowIndex % 2 === 0 ? 'bg-surface-2' : 'bg-surface-1.5'
+}
+
 function isSelected(row: T): boolean {
 	return selectedIdSet.value.has(getSelectionId(row))
 }
diff --git a/packages/ui/src/components/external_files/AddFilesToAttributionGroupModal.vue b/packages/ui/src/components/external_files/AddFilesToAttributionGroupModal.vue
new file mode 100644
index 0000000000..7ef1466574
--- /dev/null
+++ b/packages/ui/src/components/external_files/AddFilesToAttributionGroupModal.vue
@@ -0,0 +1,269 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { CheckIcon, PlusIcon, SearchIcon, SpinnerIcon, XIcon } from '@modrinth/assets'
+import { computed, nextTick, ref } from 'vue'
+
+import { ButtonStyled, NewModal, StyledInput } from '#ui/components'
+import { commonMessages } from '#ui/utils'
+
+import { defineMessages, useVIntl } from '../../composables/i18n'
+
+const props = defineProps<{
+	groupId: string
+	pending?: boolean
+}>()
+
+const emit = defineEmits<{
+	(e: 'confirm', sha1s: string[]): void
+}>()
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	defaultGroupTitle: {
+		id: 'external-files.permissions-card.fallback-group-title',
+		defaultMessage: 'Attribution group {id}',
+	},
+	addFilesModalTitle: {
+		id: 'external-files.permissions-card.add-files-modal.title',
+		defaultMessage: 'Add files to this group',
+	},
+	addFilesModalDescription: {
+		id: 'external-files.permissions-card.add-files-modal.description',
+		defaultMessage: 'Select any files that should be moved into this group.',
+	},
+	addFilesModalEmpty: {
+		id: 'external-files.permissions-card.add-files-modal.empty',
+		defaultMessage: 'There are no files in other groups that can be moved here.',
+	},
+	addFilesModalSearchPlaceholder: {
+		id: 'external-files.permissions-card.add-files-modal.search-placeholder',
+		defaultMessage: 'Search files…',
+	},
+	addFilesModalNoSearchResults: {
+		id: 'external-files.permissions-card.add-files-modal.no-search-results',
+		defaultMessage: 'No files match your search.',
+	},
+	addFilesModalConfirm: {
+		id: 'external-files.permissions-card.add-files-modal.confirm',
+		defaultMessage: '{count, plural, one {Add file} other {Add files}}',
+	},
+	addFilesModalSelectedCount: {
+		id: 'external-files.permissions-card.add-files-modal.selected-count',
+		defaultMessage: '{count, plural, one {# file selected} other {# files selected}}',
+	},
+})
+
+type AssignableFileEntry = {
+	sha1: string
+	displayName: string
+	sourceLabel: string
+}
+
+const modalRef = ref<InstanceType<typeof NewModal> | null>(null)
+const assignableEntries = ref<AssignableFileEntry[]>([])
+const searchQuery = ref('')
+const searchInputRef = ref<{ focus: () => void } | null>(null)
+const selectedSha1s = ref<Set<string>>(new Set())
+
+const filteredEntries = computed(() => {
+	const q = searchQuery.value.trim().toLowerCase()
+	if (!q) {
+		return assignableEntries.value
+	}
+	return assignableEntries.value.filter(
+		(e) =>
+			e.displayName.toLowerCase().includes(q) ||
+			e.sourceLabel.toLowerCase().includes(q) ||
+			e.sha1.toLowerCase().includes(q),
+	)
+})
+
+const selectedFileCount = computed(() => selectedSha1s.value.size)
+
+function isFileSelected(sha1: string) {
+	return selectedSha1s.value.has(sha1)
+}
+
+function toggleFileSelection(sha1: string) {
+	const next = new Set(selectedSha1s.value)
+	if (next.has(sha1)) {
+		next.delete(sha1)
+	} else {
+		next.add(sha1)
+	}
+	selectedSha1s.value = next
+}
+
+function clearSelectedFiles() {
+	selectedSha1s.value = new Set()
+}
+
+function focusSearchOnOpen() {
+	nextTick(() => {
+		setTimeout(() => {
+			searchInputRef.value?.focus()
+		}, 75)
+	})
+}
+
+function buildAssignableEntries(
+	groups: Labrinth.Attribution.Internal.AttributionGroup[],
+): AssignableFileEntry[] {
+	const entries: AssignableFileEntry[] = []
+	for (const g of groups) {
+		if (g.id === props.groupId) {
+			continue
+		}
+		const firstName = g.files?.[0]?.name
+		const sourceLabel =
+			g.flame_project?.title ??
+			(firstName ? (firstName.split('/').pop() ?? firstName) : null) ??
+			formatMessage(messages.defaultGroupTitle, { id: g.id })
+		for (const f of g.files ?? []) {
+			const displayName = f.name.split('/').pop() ?? f.name
+			entries.push({ sha1: f.sha1, displayName, sourceLabel })
+		}
+	}
+	entries.sort((a, b) => {
+		const byName = a.displayName.localeCompare(b.displayName)
+		if (byName !== 0) {
+			return byName
+		}
+		return a.sourceLabel.localeCompare(b.sourceLabel)
+	})
+	return entries
+}
+
+function handleConfirm() {
+	if (selectedFileCount.value === 0) {
+		return
+	}
+	emit('confirm', [...selectedSha1s.value])
+	hide()
+}
+
+function show(event: MouseEvent, groups: Labrinth.Attribution.Internal.AttributionGroup[]) {
+	assignableEntries.value = buildAssignableEntries(groups)
+	searchQuery.value = ''
+	clearSelectedFiles()
+	modalRef.value?.show(event)
+}
+
+function hide() {
+	modalRef.value?.hide()
+}
+
+defineExpose({ show, hide })
+</script>
+
+<template>
+	<NewModal
+		ref="modalRef"
+		:header="formatMessage(messages.addFilesModalTitle)"
+		max-width="560px"
+		:disable-close="pending"
+		:on-show="focusSearchOnOpen"
+		:on-hide="clearSelectedFiles"
+		no-padding
+	>
+		<div class="flex flex-col gap-4 p-4 relative">
+			<p class="text-secondary m-0">
+				{{ formatMessage(messages.addFilesModalDescription) }}
+			</p>
+			<StyledInput
+				ref="searchInputRef"
+				v-model="searchQuery"
+				type="text"
+				autocomplete="off"
+				:placeholder="formatMessage(messages.addFilesModalSearchPlaceholder)"
+				:icon="SearchIcon"
+				:disabled="pending"
+				input-class="h-[40px]"
+				class="sticky top-0"
+				clearable
+			/>
+		</div>
+		<div
+			class="flex flex-col gap-2 bg-surface-2 overflow-y-auto overflow-x-hidden border-0 border-y border-solid border-surface-5 max-h-[calc(max(50vh,600px))]"
+		>
+			<div v-if="assignableEntries.length === 0" class="text-secondary text-sm p-4 m-0">
+				{{ formatMessage(messages.addFilesModalEmpty) }}
+			</div>
+			<div v-else-if="filteredEntries.length === 0" class="text-secondary text-sm m-0 p-4">
+				{{ formatMessage(messages.addFilesModalNoSearchResults) }}
+			</div>
+			<ul v-else class="p-0 m-0 list-none">
+				<li
+					v-for="entry in filteredEntries"
+					:key="entry.sha1"
+					:class="
+						isFileSelected(entry.sha1)
+							? 'border-brand bg-surface-4 hover:bg-surface-5'
+							: 'hover:bg-surface-3 even:bg-surface-2.5'
+					"
+				>
+					<button
+						type="button"
+						class="w-full text-left p-3 flex flex-col gap-1 appearance-none bg-transparent 3 transition-colors disabled:opacity-50"
+						:disabled="pending"
+						:aria-pressed="isFileSelected(entry.sha1)"
+						@click="toggleFileSelection(entry.sha1)"
+					>
+						<span class="flex gap-2 font-medium">
+							<span
+								class="size-4 shrink-0 rounded flex items-center justify-center border-[1px] border-solid"
+								:class="
+									isFileSelected(entry.sha1)
+										? 'bg-brand border-button-border text-brand-inverted'
+										: 'bg-surface-2 border-surface-5'
+								"
+							>
+								<CheckIcon
+									v-if="isFileSelected(entry.sha1)"
+									class="size-3"
+									aria-hidden="true"
+									stroke-width="3"
+								/>
+							</span>
+							<span class="flex flex-col gap-1 truncate">
+								<span class="truncate">{{ entry.displayName }}</span>
+								<span
+									v-if="entry.sourceLabel !== entry.displayName"
+									class="text-secondary text-xs truncate"
+									>{{ entry.sourceLabel }}</span
+								>
+							</span>
+						</span>
+					</button>
+				</li>
+			</ul>
+		</div>
+		<template #actions>
+			<div class="flex justify-between items-center gap-3 w-full pt-4">
+				<p v-if="selectedFileCount > 0" class="text-secondary text-sm m-0">
+					{{ formatMessage(messages.addFilesModalSelectedCount, { count: selectedFileCount }) }}
+				</p>
+				<div class="flex gap-2 ml-auto">
+					<ButtonStyled type="outlined">
+						<button type="button" :disabled="pending" @click="hide">
+							<XIcon class="size-4 shrink-0" />
+							{{ formatMessage(commonMessages.cancelButton) }}
+						</button>
+					</ButtonStyled>
+					<ButtonStyled color="brand">
+						<button
+							type="button"
+							:disabled="selectedFileCount === 0 || pending"
+							@click="handleConfirm"
+						>
+							<SpinnerIcon v-if="pending" class="size-4 shrink-0 animate-spin" />
+							<PlusIcon v-else class="size-4 shrink-0" />
+							{{ formatMessage(messages.addFilesModalConfirm, { count: selectedFileCount }) }}
+						</button>
+					</ButtonStyled>
+				</div>
+			</div>
+		</template>
+	</NewModal>
+</template>
diff --git a/packages/ui/src/components/external_files/AddToExistingExternalProjectModal.vue b/packages/ui/src/components/external_files/AddToExistingExternalProjectModal.vue
new file mode 100644
index 0000000000..4abac17e83
--- /dev/null
+++ b/packages/ui/src/components/external_files/AddToExistingExternalProjectModal.vue
@@ -0,0 +1,322 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { PlusIcon, SearchIcon, SpinnerIcon, XIcon } from '@modrinth/assets'
+import { useMutation } from '@tanstack/vue-query'
+import { computed, nextTick, ref, useTemplateRef } from 'vue'
+
+import { Accordion, ButtonStyled, NewModal, StyledInput } from '#ui/components'
+
+import { injectModrinthClient, injectNotificationManager } from '../../providers'
+import AttributionGroupFilePicker from './AttributionGroupFilePicker.vue'
+import {
+	MODERATOR_ATTRIBUTION_KIND_LABELS,
+	moderatorAttributionGroupTitle,
+	parseInitialAttribution,
+} from './external-project-utils'
+import ExternalProjectLookupCard from './ExternalProjectLookupCard.vue'
+import type { ExternalLicenseStatus } from './types.ts'
+
+const props = defineProps<{
+	group: Labrinth.Attribution.Internal.AttributionGroup
+}>()
+
+const emit = defineEmits<{
+	(e: 'success'): void
+}>()
+
+type ExternalProject = {
+	id: number
+	title: string | null
+	status: ExternalLicenseStatus
+	link: string | null
+	exceptions: string | null
+	proof: string | null
+	flame_project_id: number | null
+	files: {
+		sha1: string
+		name: string | null
+	}[]
+}
+
+const client = injectModrinthClient()
+const { addNotification } = injectNotificationManager()
+
+const modalRef = useTemplateRef<InstanceType<typeof NewModal>>('modalRef')
+const searchAccordionRef = useTemplateRef<InstanceType<typeof Accordion>>('searchAccordionRef')
+const filesAccordionRef = useTemplateRef<InstanceType<typeof Accordion>>('filesAccordionRef')
+
+const query = ref('')
+const isLoading = ref(false)
+const hasSearched = ref(false)
+const activeQuery = ref('')
+const externalProjects = ref<ExternalProject[]>([])
+const selectedProjectId = ref<number | null>(null)
+const selectedSha1s = ref<Set<string>>(new Set())
+
+const hasMultipleFiles = computed(() => props.group.files.length > 1)
+
+const groupPreviewTitle = computed(() => moderatorAttributionGroupTitle(props.group))
+
+const attributionKindLabel = computed(() => {
+	const attribution = parseInitialAttribution(props.group.attribution)
+	if (!attribution) {
+		return null
+	}
+	return `Attribution: ${MODERATOR_ATTRIBUTION_KIND_LABELS[attribution.kind]}`
+})
+
+function mapExternalProject(
+	project: Labrinth.ExternalProjects.Internal.ExternalProject,
+): ExternalProject {
+	return {
+		id: project.id,
+		title: project.title,
+		status: project.status,
+		link: project.link,
+		exceptions: project.exceptions,
+		proof: project.proof,
+		flame_project_id: project.flame_project_id,
+		files: project.linked_files ?? [],
+	}
+}
+
+const searchNeedsInput = computed(() => hasSearched.value && activeQuery.value.trim().length < 3)
+
+const addFilesMutation = useMutation({
+	mutationFn: async () => {
+		if (selectedProjectId.value === null) {
+			throw new Error('No external project selected')
+		}
+
+		await client.labrinth.external_projects_internal.addFile({
+			hashes: [...selectedSha1s.value],
+			license_id: selectedProjectId.value,
+		})
+	},
+	onSuccess: async () => {
+		addNotification({
+			type: 'success',
+			title: 'Files added to existing entry',
+		})
+		await nextTick()
+		hide()
+		emit('success')
+	},
+	onError: (error: Error) => {
+		addNotification({
+			type: 'error',
+			title: 'Could not add files to existing entry',
+			text: error.message,
+		})
+	},
+})
+
+const canSubmit = computed(
+	() =>
+		selectedProjectId.value !== null &&
+		selectedSha1s.value.size > 0 &&
+		!addFilesMutation.isPending.value,
+)
+
+function resetForm() {
+	query.value = ''
+	hasSearched.value = false
+	activeQuery.value = ''
+	externalProjects.value = []
+	selectedProjectId.value = null
+	selectedSha1s.value = new Set(props.group.files.map((file) => file.sha1))
+}
+
+function handleSearchPanelOpen() {
+	filesAccordionRef.value?.close()
+}
+
+function handleFilesPanelOpen() {
+	searchAccordionRef.value?.close()
+}
+
+function selectProject(projectId: number) {
+	selectedProjectId.value = projectId
+}
+
+async function executeSearch() {
+	hasSearched.value = true
+	activeQuery.value = query.value
+	externalProjects.value = []
+	selectedProjectId.value = null
+
+	if (activeQuery.value.trim().length < 3) {
+		return
+	}
+
+	isLoading.value = true
+
+	try {
+		const response = await client.labrinth.external_projects_internal.search({
+			title: activeQuery.value.trim(),
+		})
+		externalProjects.value = response.map(mapExternalProject)
+	} catch {
+		externalProjects.value = []
+	} finally {
+		isLoading.value = false
+	}
+}
+
+function handleSubmit() {
+	addFilesMutation.mutate()
+}
+
+function show(event?: MouseEvent) {
+	resetForm()
+	modalRef.value?.show(event)
+}
+
+function hide() {
+	modalRef.value?.hide()
+}
+
+defineExpose({ show, hide })
+</script>
+
+<template>
+	<NewModal
+		ref="modalRef"
+		header="Add to existing entry"
+		max-width="720px"
+		:disable-close="addFilesMutation.isPending.value"
+	>
+		<div class="flex flex-col gap-4 w-[650px]">
+			<div
+				class="rounded-xl bg-surface-3 border border-solid border-surface-5 p-3 flex flex-col gap-1 shrink-0"
+			>
+				<span class="font-semibold text-contrast">{{ groupPreviewTitle }}</span>
+				<span v-if="attributionKindLabel" class="text-secondary text-sm">{{
+					attributionKindLabel
+				}}</span>
+			</div>
+			<Accordion
+				ref="searchAccordionRef"
+				class="w-full bg-surface-4 border border-solid border-surface-5 rounded-2xl overflow-clip"
+				button-class="p-4 w-full border-b border-solid border-b-surface-5 bg-surface-2 -mb-px hover:brightness-[--hover-brightness] group"
+				open-by-default
+				@on-open="handleSearchPanelOpen"
+			>
+				<template #title>
+					<span class="flex items-center gap-3 text-contrast group-active:scale-[0.98]">
+						Select an external project
+					</span>
+				</template>
+				<div class="flex flex-col bg-surface-4 min-h-0">
+					<form
+						class="flex flex-wrap gap-2 shrink-0 p-4 bg-surface-3 border-0 border-b border-solid border-surface-5"
+						@submit.prevent="executeSearch"
+					>
+						<StyledInput
+							v-model="query"
+							:icon="SearchIcon"
+							type="text"
+							autocomplete="off"
+							placeholder="Search external projects…"
+							clearable
+							wrapper-class="flex-1 min-w-[12rem]"
+							:disabled="addFilesMutation.isPending.value"
+						/>
+						<ButtonStyled color="brand">
+							<button type="submit" :disabled="addFilesMutation.isPending.value">
+								<SearchIcon aria-hidden="true" />
+								Search
+							</button>
+						</ButtonStyled>
+					</form>
+					<div
+						class="flex flex-col min-h-0 max-h-[min(50vh,24rem)] overflow-y-auto overflow-x-hidden"
+					>
+						<div
+							v-if="searchNeedsInput || isLoading || externalProjects.length === 0"
+							class="p-8 flex flex-col gap-2 items-center justify-center"
+						>
+							<span class="text-contrast font-semibold">
+								<template v-if="searchNeedsInput"> Enter a search term to get started </template>
+								<template v-else-if="isLoading"> Loading external projects… </template>
+								<template v-else> No projects matched that search </template>
+							</span>
+							<span class="text-secondary text-sm">
+								<template v-if="searchNeedsInput">
+									Type at least 3 characters of a project's title to begin browsing.
+								</template>
+								<template v-else-if="isLoading"> Loading external projects… </template>
+								<template v-else> No projects matched that search </template>
+							</span>
+						</div>
+						<div v-else-if="externalProjects.length > 0" class="flex flex-col gap-3">
+							<ExternalProjectLookupCard
+								v-for="project in externalProjects"
+								:key="project.id"
+								:title="project.title"
+								:state="project.status"
+								:link="project.link"
+								:notes="project.exceptions"
+								:proof="project.proof"
+								:files="project.files"
+								:cf_id="project.flame_project_id"
+								class="mx-4 mt-3"
+							>
+								<template #actions>
+									<ButtonStyled color="brand">
+										<button
+											type="button"
+											:disabled="
+												selectedProjectId === project.id || addFilesMutation.isPending.value
+											"
+											@click="selectProject(project.id)"
+										>
+											{{ selectedProjectId === project.id ? 'Selected' : 'Select' }}
+										</button>
+									</ButtonStyled>
+								</template>
+							</ExternalProjectLookupCard>
+						</div>
+					</div>
+				</div>
+			</Accordion>
+
+			<Accordion
+				v-if="hasMultipleFiles"
+				ref="filesAccordionRef"
+				class="w-full bg-surface-4 border border-solid border-surface-5 rounded-2xl overflow-clip"
+				button-class="p-4 w-full border-b border-solid border-b-surface-5 bg-surface-2 -mb-px hover:brightness-[--hover-brightness] group"
+				@on-open="handleFilesPanelOpen"
+			>
+				<template #title>
+					<span class="flex items-center gap-3 text-contrast group-active:scale-[0.98]">
+						Select files to add
+					</span>
+				</template>
+				<AttributionGroupFilePicker
+					v-model:selected-sha1s="selectedSha1s"
+					:files="group.files"
+					:disabled="addFilesMutation.isPending.value"
+				/>
+			</Accordion>
+			<div class="flex justify-end gap-2 w-full">
+				<ButtonStyled type="outlined">
+					<button type="button" :disabled="addFilesMutation.isPending.value" @click="hide">
+						<XIcon class="size-4 shrink-0" />
+						Cancel
+					</button>
+				</ButtonStyled>
+				<ButtonStyled color="brand">
+					<button type="button" :disabled="!canSubmit" @click="handleSubmit">
+						<SpinnerIcon
+							v-if="addFilesMutation.isPending.value"
+							class="size-4 shrink-0 animate-spin"
+						/>
+						<PlusIcon v-else class="size-4 shrink-0" />
+						Add files to entry
+					</button>
+				</ButtonStyled>
+			</div>
+		</div>
+	</NewModal>
+</template>
diff --git a/packages/ui/src/components/external_files/AddToGlobalPermissionsDatabaseModal.vue b/packages/ui/src/components/external_files/AddToGlobalPermissionsDatabaseModal.vue
new file mode 100644
index 0000000000..a7e21beca7
--- /dev/null
+++ b/packages/ui/src/components/external_files/AddToGlobalPermissionsDatabaseModal.vue
@@ -0,0 +1,233 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { PlusIcon, SpinnerIcon, XIcon } from '@modrinth/assets'
+import { useMutation } from '@tanstack/vue-query'
+import { computed, nextTick, ref, useTemplateRef } from 'vue'
+
+import {
+	Accordion,
+	ButtonStyled,
+	Combobox,
+	type ComboboxOption,
+	NewModal,
+	StyledInput,
+} from '#ui/components'
+
+import { injectModrinthClient, injectNotificationManager } from '../../providers'
+import AttributionGroupFilePicker from './AttributionGroupFilePicker.vue'
+import {
+	attributionKindToDefaultExternalStatus,
+	buildExternalLicenseProofFromAttribution,
+	groupLinkForExternalLicense,
+	moderatorAttributionGroupTitle,
+	parseInitialAttribution,
+} from './external-project-utils'
+import type { ExternalLicenseStatus } from './types.ts'
+
+const props = defineProps<{
+	group: Labrinth.Attribution.Internal.AttributionGroup
+}>()
+
+const emit = defineEmits<{
+	(e: 'success'): void
+}>()
+
+const client = injectModrinthClient()
+const { addNotification } = injectNotificationManager()
+
+const modalRef = useTemplateRef<InstanceType<typeof NewModal>>('modalRef')
+
+const statusOptions: ComboboxOption<ExternalLicenseStatus>[] = [
+	{ value: 'yes', label: 'Yes' },
+	{ value: 'with-attribution-and-source', label: 'With attribution and source' },
+	{ value: 'with-attribution', label: 'With attribution' },
+	{ value: 'no', label: 'No' },
+	{ value: 'permanent-no', label: 'Permanent no' },
+	{ value: 'unidentified', label: 'Unidentified' },
+]
+
+const title = ref('')
+const link = ref('')
+const flameProjectId = ref('')
+const proof = ref('')
+const status = ref<ExternalLicenseStatus | undefined>(undefined)
+const selectedSha1s = ref<Set<string>>(new Set())
+
+const hasMultipleFiles = computed(() => props.group.files.length > 1)
+
+const createMutation = useMutation({
+	mutationFn: async () => {
+		if (!status.value) {
+			throw new Error('Status is required')
+		}
+
+		const parsedFlameProjectId = Number.parseInt(flameProjectId.value.trim(), 10)
+		const files = props.group.files
+			.filter((file) => selectedSha1s.value.has(file.sha1))
+			.map((file) => ({
+				sha1: file.sha1,
+				name: file.name.split('/').pop() ?? file.name,
+			}))
+
+		return client.labrinth.external_projects_internal.create({
+			title: title.value.trim() || undefined,
+			status: status.value,
+			link: link.value.trim() || undefined,
+			proof: proof.value.trim() || undefined,
+			flame_project_id: Number.isFinite(parsedFlameProjectId) ? parsedFlameProjectId : undefined,
+			files,
+		})
+	},
+	onSuccess: async () => {
+		addNotification({
+			type: 'success',
+			title: 'Added to global database',
+		})
+		await nextTick()
+		hide()
+		emit('success')
+	},
+	onError: (error: Error) => {
+		addNotification({
+			type: 'error',
+			title: 'Could not add to global database',
+			text: error.message,
+		})
+	},
+})
+
+const canSubmit = computed(
+	() =>
+		selectedSha1s.value.size > 0 && status.value !== undefined && !createMutation.isPending.value,
+)
+
+function resetForm() {
+	const attribution = parseInitialAttribution(props.group.attribution)
+	title.value = moderatorAttributionGroupTitle(props.group)
+	link.value = groupLinkForExternalLicense(props.group, attribution)
+	flameProjectId.value = props.group.flame_project?.id?.toString() ?? ''
+	proof.value = attribution ? buildExternalLicenseProofFromAttribution(attribution) : ''
+	status.value = attribution ? attributionKindToDefaultExternalStatus(attribution.kind) : undefined
+	selectedSha1s.value = new Set(props.group.files.map((file) => file.sha1))
+}
+
+function handleSubmit() {
+	createMutation.mutate()
+}
+
+function show(event?: MouseEvent) {
+	resetForm()
+	modalRef.value?.show(event)
+}
+
+function hide() {
+	modalRef.value?.hide()
+}
+
+defineExpose({ show, hide })
+</script>
+
+<template>
+	<NewModal
+		ref="modalRef"
+		header="Adding to global permissions database"
+		max-width="640px"
+		:disable-close="createMutation.isPending.value"
+	>
+		<div class="flex flex-col gap-4">
+			<div class="flex flex-col gap-2">
+				<label class="font-semibold text-contrast" for="add-global-title">Title</label>
+				<StyledInput
+					id="add-global-title"
+					v-model="title"
+					type="text"
+					:disabled="createMutation.isPending.value"
+				/>
+			</div>
+			<div class="flex flex-col gap-2">
+				<label class="font-semibold text-contrast" for="add-global-link">Link</label>
+				<StyledInput
+					id="add-global-link"
+					v-model="link"
+					type="text"
+					:disabled="createMutation.isPending.value"
+				/>
+			</div>
+			<div class="grid grid-cols-2 gap-4">
+				<div class="flex flex-col gap-2">
+					<label class="font-semibold text-contrast" for="add-global-flame-id">
+						CurseForge project ID
+					</label>
+					<StyledInput
+						id="add-global-flame-id"
+						v-model="flameProjectId"
+						type="text"
+						placeholder="1234567"
+						input-class="h-[40px]"
+						:disabled="createMutation.isPending.value"
+					/>
+				</div>
+				<div class="flex flex-col gap-2">
+					<label class="font-semibold text-contrast" for="add-global-status">Allowed?</label>
+					<Combobox
+						id="add-global-status"
+						v-model="status"
+						:options="statusOptions"
+						placeholder="Select status"
+						class="!w-full min-w-[18rem]"
+						:disabled="createMutation.isPending.value"
+					/>
+				</div>
+			</div>
+			<div class="flex flex-col gap-2">
+				<label class="font-semibold text-contrast" for="add-global-proof">Proof or notes</label>
+				<StyledInput
+					id="add-global-proof"
+					v-model="proof"
+					type="text"
+					multiline
+					input-class="min-h-[6rem]"
+					resize="vertical"
+					:disabled="createMutation.isPending.value"
+				/>
+			</div>
+			<Accordion
+				v-if="hasMultipleFiles"
+				class="w-full bg-surface-4 border border-solid border-surface-5 rounded-2xl overflow-clip"
+				button-class="p-4 w-full border-b border-solid border-b-surface-5 bg-surface-2 -mb-px hover:brightness-[--hover-brightness] group"
+				open-by-default
+			>
+				<template #title>
+					<span class="flex items-center gap-3 text-contrast group-active:scale-[0.98]">
+						Select files to add
+					</span>
+				</template>
+				<div>
+					<AttributionGroupFilePicker
+						v-model:selected-sha1s="selectedSha1s"
+						:files="group.files"
+						:disabled="createMutation.isPending.value"
+					/>
+				</div>
+			</Accordion>
+			<div class="flex justify-end gap-2 w-full">
+				<ButtonStyled type="outlined">
+					<button type="button" :disabled="createMutation.isPending.value" @click="hide">
+						<XIcon class="size-4 shrink-0" />
+						Cancel
+					</button>
+				</ButtonStyled>
+				<ButtonStyled color="brand">
+					<button type="button" :disabled="!canSubmit" @click="handleSubmit">
+						<SpinnerIcon
+							v-if="createMutation.isPending.value"
+							class="size-4 shrink-0 animate-spin"
+						/>
+						<PlusIcon v-else class="size-4 shrink-0" />
+						Add to global database
+					</button>
+				</ButtonStyled>
+			</div>
+		</div>
+	</NewModal>
+</template>
diff --git a/packages/ui/src/components/external_files/AttributionDisplay.vue b/packages/ui/src/components/external_files/AttributionDisplay.vue
new file mode 100644
index 0000000000..a353f4bd06
--- /dev/null
+++ b/packages/ui/src/components/external_files/AttributionDisplay.vue
@@ -0,0 +1,214 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { CheckCircleIcon, UserRoundIcon } from '@modrinth/assets'
+import { builtinLicenses } from '@modrinth/utils'
+import { computed } from 'vue'
+
+import { IntlFormatted } from '#ui/components'
+import { AutoLink, Avatar } from '#ui/components/base'
+
+import { useFormatDateTime } from '../../composables/format-date-time'
+import { defineMessage, defineMessages, useVIntl } from '../../composables/i18n'
+import {
+	attributionLinkToWork,
+	isCustomAttributionLicense,
+	isHttpUrl,
+	PERMISSION_REASONS,
+} from './external-project-utils'
+
+const props = defineProps<{
+	attribution: Labrinth.Attribution.Internal.AttributionResolution
+	attributedAt?: string | null
+	attributorHref: string | null
+	attributorLabel: string
+	attributorAvatarUrl?: string | null
+}>()
+
+const { formatMessage } = useVIntl()
+const formatDate = useFormatDateTime({ dateStyle: 'long' })
+
+const messages = defineMessages({
+	linkLabel: {
+		id: 'external-files.permissions-card.link-label',
+		defaultMessage: 'Link to work',
+	},
+	notesLabel: {
+		id: 'external-files.permissions-card.notes-label',
+		defaultMessage: 'Notes',
+	},
+	licensedAs: {
+		id: 'external-files.permissions-card.licensed-as',
+		defaultMessage: 'Licensed:',
+	},
+	lastUpdated: {
+		id: 'external-files.permissions-card.last-updated',
+		defaultMessage: 'Last updated on {date} by {user}',
+	},
+	proofImagesLabel: {
+		id: 'external-files.permissions-card.proof-images-label',
+		defaultMessage: 'Proof images',
+	},
+	proofImageThumbnailAlt: {
+		id: 'external-files.permissions-card.proof-image-alt',
+		defaultMessage: 'Proof screenshot {n}',
+	},
+})
+
+const unknownLicenseMessage = defineMessage({
+	id: 'external-files.permissions-card.license.unknown',
+	defaultMessage: 'Unknown',
+})
+
+const notesNoneMessage = defineMessage({
+	id: 'external-files.permissions-card.notes-none',
+	defaultMessage: 'None',
+})
+
+const readViewFields = computed(() => PERMISSION_REASONS[props.attribution.kind]?.fields ?? [])
+
+const licenseReadDisplay = computed(() => {
+	const attr = props.attribution
+	if (attr.kind !== 'license' && attr.kind !== 'my_project') {
+		return null
+	}
+	if (isCustomAttributionLicense(attr.license)) {
+		return { kind: 'custom' as const, value: attr.license.name }
+	}
+	const licenseId = attr.license
+	if (licenseId) {
+		const friendly =
+			builtinLicenses.find((license) => license.short === licenseId)?.friendly ?? licenseId
+		return { kind: 'standard' as const, value: friendly }
+	}
+	return { kind: 'unknown' as const, value: formatMessage(unknownLicenseMessage) }
+})
+
+const linkToWork = computed(() => attributionLinkToWork(props.attribution))
+</script>
+
+<template>
+	<div>
+		<div
+			class="flex flex-col gap-4 rounded-t-2xl p-4 mt-2 bg-surface-3 border border-solid border-surface-4"
+			:class="{ 'rounded-b-2xl': !$slots.footer, 'border-b-0': $slots.footer }"
+		>
+			<div class="flex gap-4">
+				<div class="flex flex-col gap-3 w-full">
+					<div class="flex items-start justify-between gap-3">
+						<span class="text-contrast font-semibold flex items-center gap-2">
+							<CheckCircleIcon
+								v-if="attribution.kind === 'globally_allowed'"
+								class="text-green size-5"
+							/>
+							{{ formatMessage(PERMISSION_REASONS[attribution.kind].label) }}
+						</span>
+					</div>
+					<template v-if="attribution.kind === 'globally_allowed'">
+						<p class="m-0">
+							{{ formatMessage(PERMISSION_REASONS[attribution.kind].description) }}
+						</p>
+					</template>
+					<div class="flex flex-col gap-3">
+						<div class="grid grid-cols-[max-content_1fr] gap-x-4 gap-y-2 items-baseline">
+							<template v-if="attribution.kind === 'license' || attribution.kind === 'my_project'">
+								<span class="text-secondary font-medium">
+									{{ formatMessage(messages.licensedAs) }}
+								</span>
+								<a
+									v-if="
+										licenseReadDisplay?.kind === 'custom' && isHttpUrl(licenseReadDisplay.value)
+									"
+									:href="licenseReadDisplay.value"
+									target="_blank"
+									rel="noopener"
+									class="text-link truncate"
+								>
+									{{ licenseReadDisplay.value }}
+								</a>
+								<span v-else class="text-primary whitespace-pre-wrap break-words">
+									{{ licenseReadDisplay?.value }}
+								</span>
+							</template>
+							<template v-if="readViewFields.includes('link_to_work') && linkToWork">
+								<span class="text-secondary font-medium">
+									{{ formatMessage(messages.linkLabel) }}
+								</span>
+								<a :href="linkToWork" target="_blank" rel="noopener" class="text-link truncate">{{
+									linkToWork
+								}}</a>
+							</template>
+							<template v-if="readViewFields.includes('notes')">
+								<span class="text-secondary font-medium">
+									{{ formatMessage(messages.notesLabel) }}
+								</span>
+								<span class="text-primary whitespace-pre-wrap break-words">
+									{{
+										attribution.notes?.trim() ? attribution.notes : formatMessage(notesNoneMessage)
+									}}
+								</span>
+							</template>
+						</div>
+						<div v-if="attribution.image_urls?.length" class="flex flex-col gap-2">
+							<span class="text-secondary font-medium">
+								{{ formatMessage(messages.proofImagesLabel) }}
+							</span>
+							<div class="flex flex-wrap gap-2">
+								<a
+									v-for="(src, idx) in attribution.image_urls"
+									:key="`${src}-${idx}`"
+									:href="src"
+									target="_blank"
+									rel="noopener"
+									class="block rounded-xl border-[1px] border-solid border-surface-5 overflow-hidden shrink-0"
+								>
+									<img
+										:src="src"
+										:alt="formatMessage(messages.proofImageThumbnailAlt, { n: idx + 1 })"
+										class="max-h-40 max-w-full object-contain"
+									/>
+								</a>
+							</div>
+						</div>
+					</div>
+				</div>
+				<div v-if="$slots.actions">
+					<slot name="actions" />
+				</div>
+			</div>
+
+			<div
+				v-if="attributedAt"
+				class="inline-flex items-center flex-wrap gap-x-2 gap-y-1 pt-3 mt-1 border-0 border-t border-solid border-surface-5"
+			>
+				<IntlFormatted
+					:message-id="messages.lastUpdated"
+					:values="{ date: formatDate(attributedAt) }"
+				>
+					<template #user>
+						<AutoLink
+							:to="attributorHref"
+							class="inline-flex items-center gap-1.5 text-primary font-medium hover:underline max-w-full min-w-0"
+						>
+							<Avatar
+								v-if="attributorAvatarUrl"
+								:src="attributorAvatarUrl"
+								:alt="attributorLabel"
+								size="18px"
+								class="shrink-0"
+								circle
+							/>
+							<UserRoundIcon v-else class="size-4 shrink-0" />
+							<span class="truncate">{{ attributorLabel }}</span>
+						</AutoLink>
+					</template>
+				</IntlFormatted>
+			</div>
+		</div>
+		<div
+			v-if="$slots.footer"
+			class="p-4 border-surface-4 border bg-surface-2 border-solid rounded-b-2xl"
+		>
+			<slot name="footer" />
+		</div>
+	</div>
+</template>
diff --git a/packages/ui/src/components/external_files/AttributionEditor.vue b/packages/ui/src/components/external_files/AttributionEditor.vue
new file mode 100644
index 0000000000..0ce1543493
--- /dev/null
+++ b/packages/ui/src/components/external_files/AttributionEditor.vue
@@ -0,0 +1,637 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import {
+	CheckIcon,
+	InfoIcon,
+	IssuesIcon,
+	SaveIcon,
+	SpinnerIcon,
+	TrashIcon,
+	UploadIcon,
+	XIcon,
+} from '@modrinth/assets'
+import { builtinLicenses } from '@modrinth/utils'
+import { useMutation, useQueryClient } from '@tanstack/vue-query'
+import { computed, ref, watch } from 'vue'
+
+import { ButtonStyled, Chips, Combobox, type ComboboxOption, StyledInput } from '#ui/components'
+import { FileInput } from '#ui/components/base'
+import { commonMessages } from '#ui/utils'
+
+import { defineMessage, defineMessages, useVIntl } from '../../composables/i18n'
+import { injectModrinthClient } from '../../providers'
+import {
+	attributionLinkToWork,
+	attributionProofValidationError,
+	CUSTOM_LICENSE_VALUE,
+	isHttpUrl,
+	parseAttributionLicense,
+	parseInitialAttribution,
+	PERMISSION_REASONS,
+	permissionKinds,
+	type ProjectPermissionField,
+} from './external-project-utils'
+
+const props = defineProps<{
+	projectId: string
+	groupId: string
+	attribution?: Labrinth.Attribution.Internal.AttributionResolution | null | undefined
+	flameProjectUrl?: string | null
+	/** Increments when the parent resumes editing so local fields reset */
+	resumeKey: number
+}>()
+
+const emit = defineEmits<{
+	(e: 'saved' | 'updated' | 'cancel'): void
+}>()
+
+const { formatMessage } = useVIntl()
+const client = injectModrinthClient()
+const queryClient = useQueryClient()
+
+const initialAttribution = computed<Labrinth.Attribution.Internal.AttributionResolution | null>(
+	() => parseInitialAttribution(props.attribution),
+)
+
+const isAttributed = computed(() => initialAttribution.value !== null)
+
+const messages = defineMessages({
+	typeLabel: {
+		id: 'external-files.permissions-card.type-label',
+		defaultMessage: 'Permission reason',
+	},
+	licenseLabel: {
+		id: 'external-files.permissions-card.license-label',
+		defaultMessage: 'License',
+	},
+	selectLicenseLabel: {
+		id: 'external-files.permissions-card.select-license-label',
+		defaultMessage: 'Select a license...',
+	},
+	linkLabel: {
+		id: 'external-files.permissions-card.link-label',
+		defaultMessage: 'Link to work',
+	},
+	linkToWorkUrlPlaceholder: {
+		id: 'external-files.permissions-card.link-to-work-url-placeholder',
+		defaultMessage: 'link-to-work',
+	},
+	notesLabel: {
+		id: 'external-files.permissions-card.notes-label',
+		defaultMessage: 'Notes',
+	},
+	optional: {
+		id: 'external-files.permissions-card.input-optional',
+		defaultMessage: '(optional)',
+	},
+	notesPlaceholder: {
+		id: 'external-files.permissions-card.notes-placeholder',
+		defaultMessage: 'Write something here...',
+	},
+	proofWarningTitle: {
+		id: 'external-files.permissions-card.proof-warning.title',
+		defaultMessage: 'Modrinth staff may verify submitted proof',
+	},
+	proofWarningBody: {
+		id: 'external-files.permissions-card.proof-warning.body',
+		defaultMessage:
+			'If you are found to have lied or manipulated the images uploaded, your project and account may be terminated.',
+	},
+	saveAttribution: {
+		id: 'external-files.permissions-card.save',
+		defaultMessage: 'Save attribution',
+	},
+	addAttribution: {
+		id: 'external-files.permissions-card.add',
+		defaultMessage: 'Add attribution',
+	},
+	licenseRequired: {
+		id: 'external-files.permissions-card.error.license-required',
+		defaultMessage: 'Please select a license.',
+	},
+	customLicenseLabel: {
+		id: 'external-files.permissions-card.custom-license-label',
+		defaultMessage: 'Link to license',
+	},
+	linkToLicenseUrlPlaceholder: {
+		id: 'external-files.permissions-card.link-to-license-url-placeholder',
+		defaultMessage: 'link-to-license',
+	},
+	linkInvalidUrl: {
+		id: 'external-files.permissions-card.error.link-invalid-url',
+		defaultMessage: 'Link must be a valid URL.',
+	},
+	proofImagesLabel: {
+		id: 'external-files.permissions-card.proof-images-label',
+		defaultMessage: 'Proof images',
+	},
+	proofImagesUploadPrompt: {
+		id: 'external-files.permissions-card.proof-images-upload-prompt',
+		defaultMessage: 'Drag and drop to upload or click to select an image',
+	},
+	proofImageThumbnailAlt: {
+		id: 'external-files.permissions-card.proof-image-alt',
+		defaultMessage: 'Proof screenshot {n}',
+	},
+	proofImageRemove: {
+		id: 'external-files.permissions-card.proof-image-remove',
+		defaultMessage: 'Remove image',
+	},
+	modrinthLinkToWork: {
+		id: 'external-files.permissions-card.modrinth-link-to-work',
+		defaultMessage: `This appears to be a Modrinth link. If this content is available on Modrinth, your pack was likely exported incorrectly. If you downloaded it from another site, try downloading the Modrinth version instead; sometimes they are not identical files.`,
+	},
+	arrLabel: {
+		id: 'external-files.permissions-card.all-rights-reserved',
+		defaultMessage: `All Rights Reserved/No license`,
+	},
+})
+
+const MAX_PROOF_IMAGE_BYTES = 1_048_576
+
+const selectedKind = ref<Labrinth.Attribution.Internal.AttributionResolutionKind>(
+	initialAttribution.value?.kind ?? 'license',
+)
+
+const licenseIdInput = ref('')
+const customLicenseInput = ref('')
+const linkInput = ref('')
+const notesInput = ref('')
+const inputError = ref<string | null>(null)
+const proofImageUrls = ref<string[]>([])
+
+function extFromImageFile(file: File): Labrinth.Images.v3.ImageExtension | null {
+	const byMime: Partial<Record<string, Labrinth.Images.v3.ImageExtension>> = {
+		'image/png': 'png',
+		'image/gif': 'gif',
+		'image/webp': 'webp',
+		'image/bmp': 'bmp',
+		'image/jpeg': 'jpg',
+	}
+	const mime = byMime[file.type]
+	if (mime) {
+		return mime
+	}
+	const ext = file.name.toLowerCase().split('.').pop()
+	if (ext === 'jpg' || ext === 'jpeg') {
+		return 'jpg'
+	}
+	if (ext === 'png' || ext === 'gif' || ext === 'webp' || ext === 'bmp') {
+		return ext
+	}
+	return null
+}
+
+function resetInputs() {
+	const payload = initialAttribution.value
+	selectedKind.value = payload?.kind ?? 'license'
+	const license =
+		payload && (payload.kind === 'license' || payload.kind === 'my_project')
+			? parseAttributionLicense(payload.license)
+			: { spdx: '', custom: '' }
+	licenseIdInput.value = license.spdx
+	customLicenseInput.value = license.custom
+	const linkFallback = props.flameProjectUrl ?? ''
+	linkInput.value = attributionLinkToWork(payload) ?? linkFallback
+	notesInput.value = payload?.notes ?? ''
+	proofImageUrls.value = payload?.image_urls ?? []
+	inputError.value = null
+}
+
+resetInputs()
+
+watch(licenseIdInput, (value) => {
+	if (value !== CUSTOM_LICENSE_VALUE) {
+		customLicenseInput.value = ''
+	}
+})
+
+watch(
+	() => props.attribution,
+	() => {
+		resetInputs()
+	},
+	{ deep: true },
+)
+
+watch(
+	() => props.resumeKey,
+	() => {
+		resetInputs()
+	},
+)
+
+watch(selectedKind, () => {
+	inputError.value = null
+})
+
+const permissionReasonFields = computed<ProjectPermissionField[]>(() => {
+	return PERMISSION_REASONS[selectedKind.value]?.fields ?? []
+})
+
+const selectedPermissionReason = computed(() => PERMISSION_REASONS[selectedKind.value])
+
+const notesAfterProofImages = computed(() => selectedKind.value === 'special_permissions')
+
+const notesInputRows = computed(() => (notesAfterProofImages.value ? 2 : 3))
+
+const proofImagesShowOptional = computed(
+	() => selectedPermissionReason.value.proofRequirement === null,
+)
+
+const attributionFieldSections = computed(() => {
+	const fields = permissionReasonFields.value
+	const sections: Array<'notes' | 'image_urls'> = []
+	if (fields.includes('notes') && !notesAfterProofImages.value) {
+		sections.push('notes')
+	}
+	if (fields.includes('image_urls')) {
+		sections.push('image_urls')
+	}
+	if (fields.includes('notes') && notesAfterProofImages.value) {
+		sections.push('notes')
+	}
+	return sections
+})
+
+const isCustomLicense = computed(() => licenseIdInput.value === CUSTOM_LICENSE_VALUE)
+
+const licenseOptions = computed<ComboboxOption<string>[]>(() => [
+	...builtinLicenses
+		.filter((license) => license.short !== '')
+		.map((license) => ({
+			value: license.short,
+			label:
+				license.short === 'All-Rights-Reserved' ? formatMessage(messages.arrLabel) : license.short,
+		})),
+	{
+		value: CUSTOM_LICENSE_VALUE,
+		label: formatMessage(
+			defineMessage({
+				id: 'external-files.permissions-card.custom-license-option',
+				defaultMessage: 'Other',
+			}),
+		),
+	},
+])
+
+function buildAttributionLicense(): Labrinth.Attribution.Internal.AttributionLicense | null {
+	const custom = isCustomLicense.value
+	if (!licenseIdInput.value) {
+		inputError.value = formatMessage(messages.licenseRequired)
+		return null
+	}
+	const customLicense = customLicenseInput.value.trim()
+	if (custom && !customLicense) {
+		inputError.value = formatMessage(
+			defineMessage({
+				id: 'external-files.permissions-card.error.custom-license-required',
+				defaultMessage: `Please include a link to your license. If you have none, you should likely select 'All Rights Reserved/No license'`,
+			}),
+		)
+		return null
+	}
+	return custom ? { name: customLicense } : licenseIdInput.value
+}
+
+function buildEditedData(): Labrinth.Attribution.Internal.AttributionResolution | null {
+	inputError.value = null
+	const notes = notesInput.value.trim()
+	const image_urls = [...proofImageUrls.value]
+	const proofError = attributionProofValidationError(
+		selectedPermissionReason.value.proofRequirement,
+		notes,
+		image_urls,
+	)
+	if (proofError) {
+		inputError.value = formatMessage(proofError)
+		return null
+	}
+	switch (selectedKind.value) {
+		case 'license': {
+			const license = buildAttributionLicense()
+			if (!license) {
+				return null
+			}
+			const linkRaw = linkInput.value.trim()
+			if (!linkRaw) {
+				inputError.value = formatMessage(
+					defineMessage({
+						id: 'external-files.permissions-card.error.link-required',
+						defaultMessage: 'Please provide a link.',
+					}),
+				)
+				return null
+			}
+			if (!isHttpUrl(linkRaw)) {
+				inputError.value = formatMessage(messages.linkInvalidUrl)
+				return null
+			}
+			return {
+				kind: 'license',
+				license,
+				link_to_work: linkRaw,
+				notes,
+				image_urls,
+			}
+		}
+		case 'my_project': {
+			const license = buildAttributionLicense()
+			if (!license) {
+				return null
+			}
+			return {
+				kind: 'my_project',
+				license,
+				notes,
+				image_urls,
+			}
+		}
+		case 'special_permissions': {
+			const linkRaw = linkInput.value.trim()
+			if (!linkRaw) {
+				inputError.value = formatMessage(
+					defineMessage({
+						id: 'external-files.permissions-card.error.link-required',
+						defaultMessage: 'Please provide a link.',
+					}),
+				)
+				return null
+			}
+			if (!isHttpUrl(linkRaw)) {
+				inputError.value = formatMessage(messages.linkInvalidUrl)
+				return null
+			}
+			return {
+				kind: 'special_permissions',
+				link_to_work: linkRaw,
+				notes,
+				image_urls,
+			}
+		}
+		case 'no_permission':
+			return {
+				kind: 'no_permission',
+				notes,
+				image_urls,
+			}
+	}
+	return null
+}
+
+const uploadProofImageMutation = useMutation({
+	mutationFn: async (file: File) => {
+		const ext = extFromImageFile(file)
+		if (!ext) {
+			throw new Error(
+				formatMessage(
+					defineMessage({
+						id: 'external-files.permissions-card.error.proof-image-invalid-type',
+						defaultMessage: 'Please upload a PNG, JPEG, GIF, WebP, or BMP image.',
+					}),
+				),
+			)
+		}
+		const result = await client.labrinth.images_v3.uploadImage(file, ext, {
+			context: 'project',
+			project_id: props.projectId,
+		}).promise
+		return result.url
+	},
+	onSuccess(url) {
+		proofImageUrls.value = [...proofImageUrls.value, url]
+	},
+})
+
+function handleProofImagesSelected(files: File[]) {
+	const file = files[0]
+	if (!file) {
+		return
+	}
+	inputError.value = null
+	uploadProofImageMutation.mutate(file)
+}
+
+function removeProofImage(index: number) {
+	proofImageUrls.value = proofImageUrls.value.filter((_, i) => i !== index)
+}
+
+const saveMutation = useMutation({
+	mutationFn: (payload: Labrinth.Attribution.Internal.AttributionResolution) =>
+		client.labrinth.attribution_internal.updateGroup(props.groupId, {
+			attribution: payload,
+		}),
+	onSuccess: async () => {
+		await queryClient.invalidateQueries({ queryKey: ['project-attribution', props.projectId] })
+		emit('updated')
+		emit('saved')
+	},
+})
+
+function handleSave() {
+	const data = buildEditedData()
+	if (!data) {
+		return
+	}
+	saveMutation.mutate(data)
+}
+
+function cancelEditing() {
+	resetInputs()
+	if (isAttributed.value) {
+		emit('cancel')
+	}
+}
+</script>
+
+<template>
+	<div class="flex flex-col gap-3">
+		<span class="text-contrast font-semibold">
+			{{ formatMessage(messages.typeLabel) }}
+		</span>
+		<Chips
+			v-model="selectedKind"
+			:items="permissionKinds.filter((kind) => kind !== 'globally_allowed')"
+			:format-label="(kind) => formatMessage(PERMISSION_REASONS[kind].label)"
+			:capitalize="false"
+		/>
+		<span>{{ formatMessage(PERMISSION_REASONS[selectedKind].description) }}</span>
+		<div v-if="permissionReasonFields.includes('link_to_work')" class="flex flex-col gap-2">
+			<span class="text-contrast font-semibold mt-1">
+				{{ formatMessage(messages.linkLabel) }}
+			</span>
+			<StyledInput
+				v-model="linkInput"
+				type="text"
+				class="max-w-[40rem]"
+				:placeholder="`https://example.com/${formatMessage(messages.linkToWorkUrlPlaceholder)}`"
+			/>
+			<span
+				v-if="
+					linkInput.startsWith('https://modrinth.com/') ||
+					linkInput.startsWith('https://www.modrinth.com/')
+				"
+				class="flex text-orange gap-2 font-medium mt-2"
+			>
+				<IssuesIcon class="shrink-0 mt-0.5" /> {{ formatMessage(messages.modrinthLinkToWork) }}
+			</span>
+		</div>
+		<div v-if="permissionReasonFields.includes('license_id')" class="flex flex-col gap-2">
+			<span class="text-contrast font-semibold mt-1">
+				{{ formatMessage(messages.licenseLabel) }}
+			</span>
+			<Combobox
+				v-model="licenseIdInput"
+				class="max-w-80"
+				:options="licenseOptions"
+				searchable
+				:search-placeholder="formatMessage(messages.selectLicenseLabel)"
+			/>
+		</div>
+		<div
+			v-if="permissionReasonFields.includes('custom_license') && isCustomLicense"
+			class="flex flex-col gap-2"
+		>
+			<span class="text-contrast font-semibold mt-1">
+				{{ formatMessage(messages.customLicenseLabel) }}
+			</span>
+			<StyledInput
+				v-model="customLicenseInput"
+				type="text"
+				class="max-w-[40rem]"
+				:placeholder="`https://example.com/${formatMessage(messages.linkToLicenseUrlPlaceholder)}`"
+			/>
+		</div>
+		<div class="flex flex-col gap-3">
+			<template v-for="section in attributionFieldSections" :key="section">
+				<div v-if="section === 'notes'" class="flex flex-col gap-2">
+					<div class="flex flex-col gap-1 mt-1">
+						<span class="text-contrast font-semibold">
+							{{ formatMessage(selectedPermissionReason.notesLabel ?? messages.notesLabel) }}
+							<span
+								v-if="selectedPermissionReason.notesShowsOptional"
+								class="font-normal text-primary"
+								>{{ formatMessage(messages.optional) }}</span
+							>
+						</span>
+						<span v-if="selectedPermissionReason.notesDescription">{{
+							formatMessage(selectedPermissionReason.notesDescription)
+						}}</span>
+					</div>
+					<StyledInput
+						v-model="notesInput"
+						type="text"
+						resize="both"
+						multiline
+						:rows="notesInputRows"
+						class="max-w-[40rem]"
+						:placeholder="formatMessage(messages.notesPlaceholder)"
+					/>
+				</div>
+				<div v-else-if="section === 'image_urls'" class="flex flex-col gap-2">
+					<div class="flex flex-col gap-2 mt-1">
+						<div class="flex flex-col gap-1 mt-1">
+							<span class="text-contrast font-semibold">
+								{{ formatMessage(messages.proofImagesLabel) }}
+								<span v-if="proofImagesShowOptional" class="font-normal text-primary">{{
+									formatMessage(messages.optional)
+								}}</span>
+							</span>
+							<span v-if="selectedPermissionReason.proofImagesDescription">{{
+								formatMessage(selectedPermissionReason.proofImagesDescription)
+							}}</span>
+						</div>
+						<div v-if="proofImageUrls.length > 0" class="grid grid-cols-2 gap-4">
+							<div
+								v-for="(src, idx) in proofImageUrls"
+								:key="`${src}-${idx}`"
+								class="relative rounded-xl border-[1px] border-solid border-surface-5 overflow-hidden shrink-0"
+							>
+								<img
+									:src="src"
+									:alt="formatMessage(messages.proofImageThumbnailAlt, { n: idx + 1 })"
+									class="flex w-full object-contain bg-surface-3"
+								/>
+								<div class="absolute top-2 right-2">
+									<ButtonStyled circular>
+										<button
+											v-tooltip="formatMessage(messages.proofImageRemove)"
+											type="button"
+											@click="removeProofImage(idx)"
+										>
+											<TrashIcon />
+										</button>
+									</ButtonStyled>
+								</div>
+							</div>
+						</div>
+						<div class="grid grid-cols-2 gap-4">
+							<FileInput
+								accept="image/png,image/jpeg,image/gif,image/webp,image/bmp"
+								:prompt="formatMessage(messages.proofImagesUploadPrompt)"
+								long-style
+								should-always-reset
+								:max-size="MAX_PROOF_IMAGE_BYTES"
+								:disabled="uploadProofImageMutation.isPending.value || saveMutation.isPending.value"
+								class="!bg-surface-3"
+								@change="handleProofImagesSelected"
+							>
+								<UploadIcon class="size-5 shrink-0" />
+							</FileInput>
+						</div>
+						<p v-if="uploadProofImageMutation.isError.value" class="text-red text-sm m-0">
+							{{ String(uploadProofImageMutation.error.value) }}
+						</p>
+					</div>
+				</div>
+			</template>
+		</div>
+		<div
+			v-if="selectedKind === 'my_project' || selectedKind === 'special_permissions'"
+			class="grid grid-cols-[auto_1fr] gap-2"
+		>
+			<div class="flex flex-col items-center">
+				<InfoIcon class="size-5 text-blue" />
+				<div class="w-[2px] flex-grow bg-blue mt-[-1px]"></div>
+			</div>
+			<div class="flex flex-col gap-2">
+				<span class="font-medium leading-[1.25] text-blue">{{
+					formatMessage(messages.proofWarningTitle)
+				}}</span>
+				<span class="text-contrast">{{ formatMessage(messages.proofWarningBody) }}</span>
+			</div>
+		</div>
+
+		<p v-if="inputError" class="text-red m-0">{{ inputError }}</p>
+		<p v-else-if="saveMutation.isError.value" class="text-red m-0">
+			{{ String(saveMutation.error.value) }}
+		</p>
+
+		<hr class="mt-1 bg-surface-5 border-none h-[1px] w-full" />
+		<div class="flex items-center gap-2 justify-end">
+			<ButtonStyled v-if="isAttributed" type="outlined">
+				<button
+					:disabled="saveMutation.isPending.value || uploadProofImageMutation.isPending.value"
+					@click="cancelEditing"
+				>
+					<XIcon /> {{ formatMessage(commonMessages.cancelButton) }}
+				</button>
+			</ButtonStyled>
+			<ButtonStyled color="brand">
+				<button
+					:disabled="saveMutation.isPending.value || uploadProofImageMutation.isPending.value"
+					@click="handleSave"
+				>
+					<template v-if="saveMutation.isPending.value">
+						<SpinnerIcon class="animate-spin" />
+						{{ formatMessage(commonMessages.savingButton) }}
+					</template>
+					<template v-else-if="isAttributed">
+						<SaveIcon /> {{ formatMessage(messages.saveAttribution) }}
+					</template>
+					<template v-else> <CheckIcon /> {{ formatMessage(messages.addAttribution) }} </template>
+				</button>
+			</ButtonStyled>
+		</div>
+	</div>
+</template>
diff --git a/packages/ui/src/components/external_files/AttributionGroupFilePicker.vue b/packages/ui/src/components/external_files/AttributionGroupFilePicker.vue
new file mode 100644
index 0000000000..77a6de72e0
--- /dev/null
+++ b/packages/ui/src/components/external_files/AttributionGroupFilePicker.vue
@@ -0,0 +1,71 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { computed } from 'vue'
+
+import { Checkbox } from '#ui/components'
+
+const props = defineProps<{
+	files: Labrinth.Attribution.Internal.AttributionFile[]
+	disabled?: boolean
+}>()
+
+const selectedSha1s = defineModel<Set<string>>('selectedSha1s', { required: true })
+
+const allSelected = computed(
+	() => props.files.length > 0 && props.files.every((file) => selectedSha1s.value.has(file.sha1)),
+)
+
+const someSelected = computed(
+	() => props.files.some((file) => selectedSha1s.value.has(file.sha1)) && !allSelected.value,
+)
+
+function displayName(file: Labrinth.Attribution.Internal.AttributionFile) {
+	return file.name.split('/').pop() ?? file.name
+}
+
+function setAllSelected(selected: boolean) {
+	const next = new Set(selectedSha1s.value)
+	for (const file of props.files) {
+		if (selected) {
+			next.add(file.sha1)
+		} else {
+			next.delete(file.sha1)
+		}
+	}
+	selectedSha1s.value = next
+}
+
+function toggleFile(sha1: string, selected: boolean) {
+	const next = new Set(selectedSha1s.value)
+	if (selected) {
+		next.add(sha1)
+	} else {
+		next.delete(sha1)
+	}
+	selectedSha1s.value = next
+}
+</script>
+
+<template>
+	<div v-if="files.length > 1" class="flex flex-col gap-2">
+		<Checkbox
+			:model-value="allSelected"
+			:indeterminate="someSelected"
+			label="Select files to add"
+			:disabled="disabled"
+			@update:model-value="setAllSelected"
+		/>
+		<div class="flex flex-col [&>*:nth-child(even)]:bg-surface-3">
+			<Checkbox
+				v-for="file in files"
+				:key="file.sha1"
+				:model-value="selectedSha1s.has(file.sha1)"
+				:label="displayName(file)"
+				:disabled="disabled"
+				class="w-full px-4 py-2 hover:bg-surface-4 text-primary"
+				@update:model-value="(selected) => toggleFile(file.sha1, selected)"
+				@click.stop
+			/>
+		</div>
+	</div>
+</template>
diff --git a/packages/ui/src/components/external_files/AttributionModerationDbBadge.vue b/packages/ui/src/components/external_files/AttributionModerationDbBadge.vue
new file mode 100644
index 0000000000..ca413cce84
--- /dev/null
+++ b/packages/ui/src/components/external_files/AttributionModerationDbBadge.vue
@@ -0,0 +1,70 @@
+<script setup lang="ts">
+import type { Labrinth } from '@modrinth/api-client'
+import { ScaleIcon } from '@modrinth/assets'
+import { sortByIndex } from '@modrinth/utils'
+import { computed } from 'vue'
+
+import { TagItem } from '#ui/components'
+
+import { MODERATION_DB_BADGE } from './external-project-utils'
+
+const props = defineProps<{
+	files?: Labrinth.Attribution.Internal.AttributionGroup['files']
+}>()
+
+const MODERATION_STATUS_PRIORITY: Labrinth.ExternalProjects.Internal.ExternalLicenseStatus[] = [
+	'permanent-no',
+	'no',
+	'yes',
+	'with-attribution',
+	'with-attribution-and-source',
+	'unidentified',
+]
+
+function statusLabel(status: Labrinth.ExternalProjects.Internal.ExternalLicenseStatus): string {
+	return MODERATION_DB_BADGE[status]?.label ?? status
+}
+
+const moderationStatuses = computed<{
+	primary: Labrinth.ExternalProjects.Internal.ExternalLicenseStatus
+	others?: Labrinth.ExternalProjects.Internal.ExternalLicenseStatus[]
+}>(() => {
+	const statuses = (props.files ?? []).map((file) => {
+		const status = file.moderation_external_license?.status
+		if (!status) {
+			return 'unidentified'
+		} else {
+			return status
+		}
+	})
+	const sorted = sortByIndex(MODERATION_STATUS_PRIORITY, [...new Set(statuses)])
+	const primary = sorted[0] ?? 'unidentified'
+	return {
+		primary,
+		...(sorted.length > 1 ? { others: sorted.slice(1) } : {}),
+	}
+})
+
+const otherStatusesTooltip = computed(() => {
+	const others = moderationStatuses.value.others
+	if (!others?.length) {
+		return undefined
+	}
+	return others.map((status) => statusLabel(status)).join(', ')
+})
+</script>
+
+<template>
+	<TagItem
+		v-tooltip="`Other statuses: ${otherStatusesTooltip}`"
+		:style="{ color: MODERATION_DB_BADGE[moderationStatuses.primary]?.color }"
+	>
+		<ScaleIcon class="size-4 shrink-0" />
+		{{ statusLabel(moderationStatuses.primary) }}
+		<span class="text-primary">
+			{{
+				moderationStatuses.others?.length > 0 ? `+ ${moderationStatuses.others?.length} more` : ''
+			}}
+		</span>
+	</TagItem>
+</template>
diff --git a/packages/ui/src/components/external_files/AttributionStatusTag.vue b/packages/ui/src/components/external_files/AttributionStatusTag.vue
new file mode 100644
index 0000000000..e2faa7664c
--- /dev/null
+++ b/packages/ui/src/components/external_files/AttributionStatusTag.vue
@@ -0,0 +1,51 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { TagItem } from '#ui/components'
+
+import { defineMessage, useVIntl } from '../../composables/i18n'
+
+const props = defineProps<{
+	variant: 'pending' | 'attributed' | 'no_permission'
+}>()
+
+const { formatMessage } = useVIntl()
+
+const badge = computed(() => {
+	switch (props.variant) {
+		case 'no_permission':
+			return {
+				style: { '--_bg-color': 'var(--color-red-bg)', '--_color': 'var(--color-red)' },
+				message: defineMessage({
+					id: 'external-files.permissions-card.badge.no-permission',
+					defaultMessage: 'No permission',
+				}),
+			}
+		case 'attributed':
+			return {
+				style: { '--_bg-color': 'var(--color-green-bg)', '--_color': 'var(--color-green)' },
+				message: defineMessage({
+					id: 'external-files.permissions-card.badge.attributed',
+					defaultMessage: 'Attributed',
+				}),
+			}
+		default:
+			return {
+				style: {
+					'--_bg-color': 'var(--color-orange-bg)',
+					'--_color': 'var(--color-orange)',
+				},
+				message: defineMessage({
+					id: 'external-files.permissions-card.badge.pending',
+					defaultMessage: 'Pending',
+				}),
+			}
+	}
+})
+</script>
+
+<template>
+	<TagItem :style="badge.style">
+		{{ formatMessage(badge.message) }}
+	</TagItem>
+</template>
diff --git a/packages/ui/src/components/external_files/ExternalProjectPermissionsCard.vue b/packages/ui/src/components/external_files/ExternalProjectPermissionsCard.vue
index 965dcfdda5..456b1df4cb 100644
--- a/packages/ui/src/components/external_files/ExternalProjectPermissionsCard.vue
+++ b/packages/ui/src/components/external_files/ExternalProjectPermissionsCard.vue
@@ -1,176 +1,776 @@
 <script setup lang="ts">
-import { ChevronDownIcon, ListBulletedIcon, SaveIcon, VersionIcon, XIcon } from '@modrinth/assets'
-import { ref } from 'vue'
+import type { Labrinth } from '@modrinth/api-client'
+import {
+	CheckCircleIcon,
+	ChevronDownIcon,
+	EditIcon,
+	FileIcon,
+	PlusIcon,
+	ReportIcon,
+	ScaleIcon,
+	SpinnerIcon,
+	VersionIcon,
+	XCircleIcon,
+	XIcon,
+} from '@modrinth/assets'
+import { attributionQuickReplies, type QuickReply } from '@modrinth/moderation'
+import { renderString } from '@modrinth/utils'
+import { useMutation, useQueryClient } from '@tanstack/vue-query'
+import { computed, ref, useTemplateRef, watch } from 'vue'
 
-import { Admonition, ButtonStyled, Chips, Collapsible, Combobox, StyledInput } from '#ui/components'
+import { ButtonStyled, Collapsible, OverflowMenu } from '#ui/components'
+import type { OverflowMenuOption } from '#ui/components/base'
+import { commonMessages } from '#ui/utils'
 
-defineProps<{
-	title: string
+import { defineMessage, defineMessages, useVIntl } from '../../composables/i18n'
+import {
+	injectModrinthClient,
+	injectNotificationManager,
+	injectProjectPageContext,
+} from '../../providers'
+import StyledInput from '../base/StyledInput.vue'
+import AddFilesToAttributionGroupModal from './AddFilesToAttributionGroupModal.vue'
+import AddToExistingExternalProjectModal from './AddToExistingExternalProjectModal.vue'
+import AddToGlobalPermissionsDatabaseModal from './AddToGlobalPermissionsDatabaseModal.vue'
+import AttributionDisplay from './AttributionDisplay.vue'
+import AttributionEditor from './AttributionEditor.vue'
+import AttributionModerationDbBadge from './AttributionModerationDbBadge.vue'
+import AttributionStatusTag from './AttributionStatusTag.vue'
+import {
+	attributionLinkToWork,
+	createAttributionGroupTitle,
+	MODERATION_DB_BADGE,
+	parseInitialAttribution,
+} from './external-project-utils'
+import OriginalPageLink from './OriginalPageLink.vue'
+
+const props = withDefaults(
+	defineProps<{
+		projectId: string
+		group: Labrinth.Attribution.Internal.AttributionGroup
+		isModerator?: boolean
+	}>(),
+	{
+		isModerator: false,
+	},
+)
+
+const collapsedModel = defineModel<boolean>('collapsed')
+
+const collapsed = computed({
+	get: () => collapsedModel.value ?? (!props.isModerator && !!props.group.attribution),
+	set: (value) => {
+		collapsedModel.value = value
+	},
+})
+
+const emit = defineEmits<{
+	(e: 'updated'): void
 }>()
 
-const collapsed = ref(true)
+const addFilesModalRef = useTemplateRef<typeof AddFilesToAttributionGroupModal>('addFilesModalRef')
+const addToGlobalModalRef =
+	useTemplateRef<typeof AddToGlobalPermissionsDatabaseModal>('addToGlobalModalRef')
+const addToExistingModalRef =
+	useTemplateRef<typeof AddToExistingExternalProjectModal>('addToExistingModalRef')
+
+const { formatMessage } = useVIntl()
+const client = injectModrinthClient()
+const queryClient = useQueryClient()
+const { addNotification } = injectNotificationManager()
+const { allMembers } = injectProjectPageContext()
+
+const attributorMember = computed(() => {
+	const userId = props.group.attributed_by
+	if (!userId || !allMembers.value) {
+		return null
+	}
+	return allMembers.value.find((member) => member.user.id === userId) ?? null
+})
+
+const attributorLink = computed(() => {
+	const id = props.group.attributed_by
+	if (!id) {
+		return null
+	}
+	const slug = attributorMember.value?.user?.username ?? id
+	return `/user/${slug}`
+})
+
+const attributorLabel = computed(() => {
+	if (attributorMember.value) {
+		return attributorMember.value.user.username
+	}
+	return props.group.attributed_by ?? 'unknown'
+})
+
+const messages = defineMessages({
+	fileCount: {
+		id: 'external-files.permissions-card.file-count',
+		defaultMessage: '{count, plural, one {# file} other {# files}}',
+	},
+	includedInVersions: {
+		id: 'external-files.permissions-card.included-in-versions',
+		defaultMessage: 'Included in {count, plural, one {# version} other {# versions}}:',
+	},
+	includedFiles: {
+		id: 'external-files.permissions-card.included-files',
+		defaultMessage: 'Included files:',
+	},
+	notUsedInVersions: {
+		id: 'external-files.permissions-card.not-used-in-versions',
+		defaultMessage: 'These files are not currently used by any version.',
+	},
+	splitFile: {
+		id: 'external-files.permissions-card.split-file',
+		defaultMessage: 'Remove from group',
+	},
+	addFilesToGroup: {
+		id: 'external-files.permissions-card.add-files-to-group',
+		defaultMessage: 'Add files...',
+	},
+})
+
+type EditingMode = 'attribution' | 'moderation_review'
+
+const editingMode = ref<EditingMode | null>(null)
+const editorResumeKey = ref(0)
+
+const isEditingAttribution = computed(() => editingMode.value === 'attribution')
+const isEditingModerationReview = computed(() => editingMode.value === 'moderation_review')
+
+const initialAttribution = computed<Labrinth.Attribution.Internal.AttributionResolution | null>(
+	() => parseInitialAttribution(props.group.attribution),
+)
+
+const isAttributed = computed(() => initialAttribution.value !== null)
+const attributionStatusVariant = computed<'pending' | 'attributed' | 'no_permission'>(() => {
+	if (isAttributed.value && props.group.attribution?.kind === 'no_permission') {
+		return 'no_permission'
+	}
+	if (isAttributed.value) {
+		return 'attributed'
+	}
+	return 'pending'
+})
+
+const title = computed(() => createAttributionGroupTitle(props.group, formatMessage))
+const fileCount = computed(() => props.group.files?.length ?? 0)
+
+const containingVersions = computed(() => {
+	const versionIds = new Set<string>()
+	for (const file of props.group.files ?? []) {
+		for (const versionId of file.versions ?? []) {
+			versionIds.add(versionId)
+		}
+	}
+	return props.group.versions?.filter((v) => versionIds.has(v.id))
+})
+
+const pendingSplitSha1 = ref<string | null>(null)
+
+const assignFilesMutation = useMutation({
+	mutationFn: async (sha1s: string[]) => {
+		for (const sha1 of sha1s) {
+			await client.labrinth.attribution_internal.assignFileToGroup({
+				sha1,
+				target_group_id: props.group.id,
+				project_id: props.projectId,
+			})
+		}
+	},
+	onSuccess: async () => {
+		await queryClient.invalidateQueries({ queryKey: ['project-attribution', props.projectId] })
+		emit('updated')
+	},
+	onError: (error: Error) => {
+		addNotification({
+			type: 'error',
+			title: formatMessage(
+				defineMessage({
+					id: 'external-files.permissions-card.assign-files-error.title',
+					defaultMessage: 'Could not add files',
+				}),
+			),
+			text: error.message,
+		})
+	},
+})
+
+const splitFileMutation = useMutation({
+	mutationFn: (sha1: string) =>
+		client.labrinth.attribution_internal.splitFile({
+			sha1,
+			project_id: props.projectId,
+		}),
+	onMutate(sha1) {
+		pendingSplitSha1.value = sha1
+	},
+	onSettled() {
+		pendingSplitSha1.value = null
+	},
+	onSuccess: async () => {
+		await queryClient.invalidateQueries({ queryKey: ['project-attribution', props.projectId] })
+		emit('updated')
+	},
+	onError: (error: Error) => {
+		addNotification({
+			type: 'error',
+			title: formatMessage(
+				defineMessage({
+					id: 'external-files.permissions-card.split-file-error.title',
+					defaultMessage: 'Could not split file',
+				}),
+			),
+			text: error.message,
+		})
+	},
+})
+
+function startEditingAttribution() {
+	editingMode.value = 'attribution'
+	collapsed.value = false
+	editorResumeKey.value += 1
+}
+
+function startEditingModerationReview() {
+	syncReviewReasonInput()
+	editingMode.value = 'moderation_review'
+}
+
+function stopEditing() {
+	editingMode.value = null
+}
+
+function cancelModerationReviewEditing() {
+	syncReviewReasonInput()
+	stopEditing()
+}
+
+function handleEditorUpdated() {
+	emit('updated')
+}
+
+function handleSplitFile(sha1: string) {
+	splitFileMutation.mutate(sha1)
+}
+
+function handleConfirmAddFiles(sha1s: string[]) {
+	assignFilesMutation.mutate(sha1s)
+}
+
+async function handleAddFilesToGroup(event: MouseEvent) {
+	try {
+		const groups = await queryClient.ensureQueryData({
+			queryKey: ['project-attribution', props.projectId],
+			queryFn: () => client.labrinth.attribution_internal.listProjectAttribution(props.projectId),
+		})
+		addFilesModalRef.value?.show(event, groups)
+	} catch (error) {
+		addNotification({
+			type: 'error',
+			title: formatMessage(
+				defineMessage({
+					id: 'external-files.permissions-card.add-files-modal.load-error.title',
+					defaultMessage: 'Could not load files',
+				}),
+			),
+			text: error instanceof Error ? error.message : String(error),
+		})
+	}
+}
+
+async function handleModerationDbUpdated() {
+	await queryClient.invalidateQueries({ queryKey: ['project-attribution', props.projectId] })
+	emit('updated')
+}
+
+function handleAddToGlobalDatabase(event: MouseEvent) {
+	addToGlobalModalRef.value?.show(event)
+}
+
+function handleAddToExistingEntry(event: MouseEvent) {
+	addToExistingModalRef.value?.show(event)
+}
+
+const originalProjectUrl = computed(
+	() => attributionLinkToWork(initialAttribution.value) ?? props.group.flame_project?.url,
+)
+
+const moderationStatusKind = computed(
+	() => props.group.attribution?.moderation_status?.kind ?? null,
+)
+
+const moderationStatusIndicator = computed(() => {
+	if (!moderationStatusKind.value) {
+		return null
+	}
+	switch (moderationStatusKind.value) {
+		case 'approved':
+			return {
+				icon: CheckCircleIcon,
+				class: 'text-green',
+				name: defineMessage({
+					id: 'external-files.permissions-card.attribution.moderation-status.passed',
+					defaultMessage: 'Passed',
+				}),
+			}
+		case 'bad_proof':
+			return {
+				icon: XCircleIcon,
+				class: 'text-red',
+				name: defineMessage({
+					id: 'external-files.permissions-card.attribution.moderation-status.rejected-proof',
+					defaultMessage: 'Proof rejected',
+				}),
+			}
+		case 'not_allowed':
+			return {
+				icon: ReportIcon,
+				class: 'text-red',
+				name: defineMessage({
+					id: 'external-files.permissions-card.attribution.moderation-status.content-not-allowed',
+					defaultMessage: 'Content not allowed',
+				}),
+			}
+	}
+	return null
+})
+
+const reviewReasonInput = ref('')
+
+function syncReviewReasonInput() {
+	reviewReasonInput.value = props.group.attribution?.moderation_status?.reason ?? ''
+}
+
+syncReviewReasonInput()
+
+watch(
+	() => props.group.attribution?.moderation_status,
+	() => {
+		if (!isEditingModerationReview.value) {
+			syncReviewReasonInput()
+		}
+	},
+	{ deep: true },
+)
+
+const pendingModerationStatusKind =
+	ref<Labrinth.Attribution.Internal.AttributionModerationStatusKind | null>(null)
+
+const setModerationStatusMutation = useMutation({
+	mutationFn: (kind: Labrinth.Attribution.Internal.AttributionModerationStatusKind) => {
+		if (!initialAttribution.value) {
+			throw new Error('Attribution is required')
+		}
+		return client.labrinth.attribution_internal.updateGroup(props.group.id, {
+			attribution: {
+				...initialAttribution.value,
+				moderation_status: {
+					kind,
+					reason: reviewReasonInput.value.trim(),
+				},
+			},
+		})
+	},
+	onMutate(kind) {
+		pendingModerationStatusKind.value = kind
+	},
+	onSettled() {
+		pendingModerationStatusKind.value = null
+	},
+	onSuccess: async () => {
+		await queryClient.invalidateQueries({ queryKey: ['project-attribution', props.projectId] })
+		stopEditing()
+		emit('updated')
+	},
+	onError: (error: Error) => {
+		addNotification({
+			type: 'error',
+			title: formatMessage(
+				defineMessage({
+					id: 'external-files.permissions-card.moderation.error.title',
+					defaultMessage: 'Could not save moderation review',
+				}),
+			),
+			text: error.message,
+		})
+	},
+})
+
+function handleSetModerationStatus(
+	kind: Labrinth.Attribution.Internal.AttributionModerationStatusKind,
+) {
+	setModerationStatusMutation.mutate(kind)
+}
+
+async function handleQuickReply(reply: QuickReply) {
+	const message =
+		typeof reply.message === 'function' ? await reply.message(undefined) : reply.message
+	reviewReasonInput.value = message
+}
+
+const visibleQuickReplies = computed<OverflowMenuOption[]>(() => {
+	const replies = attributionQuickReplies
 
-const selectedPermissionsType = ref('My project')
+	if (!replies) return []
+
+	return replies
+		.filter((reply) => {
+			if (reply.shouldShow === undefined) return true
+			return reply.shouldShow(undefined)
+		})
+		.map(
+			(reply) =>
+				({
+					id: reply.label,
+					action: () => handleQuickReply(reply),
+				}) as OverflowMenuOption,
+		)
+})
 </script>
+
 <template>
 	<div
 		class="bg-surface-2 p-0 rounded-2xl flex flex-col border-[1px] border-solid border-surface-5 overflow-hidden"
 	>
-		<div class="flex items-center bg-surface-3">
+		<div class="flex items-center bg-surface-3 gap-3">
 			<button
-				class="flex grow m-0 appearance-none p-4 bg-transparent group transition-all"
+				class="flex grow items-center m-0 appearance-none p-4 bg-transparent group transition-all gap-3 text-left min-w-0 outline-offset-[-3px] rounded-2xl"
+				:class="{
+					'rounded-b-none': !collapsed,
+					'rounded-r-none': group.flame_project?.url || isModerator,
+				}"
 				@click="collapsed = !collapsed"
 			>
-				<span class="flex items-center gap-3 group-active:scale-[0.98]">
-					<ChevronDownIcon
-						class="size-6 text-primary transition-transform duration-300"
-						:class="{ 'rotate-180': !collapsed }"
-					/>
-					<span class="text-contrast font-semibold">{{ title }}</span>
+				<ChevronDownIcon
+					class="size-6 text-primary transition-transform duration-300 shrink-0 mb-auto"
+					:class="{ 'rotate-180': !collapsed }"
+				/>
+				<span class="flex flex-col items-start min-w-0 group-active:scale-[0.98]">
+					<span class="flex items-center gap-2 min-w-0 flex-wrap">
+						<span class="text-contrast truncate font-semibold">{{ title }}</span>
+						<component
+							:is="moderationStatusIndicator.icon"
+							v-if="moderationStatusIndicator"
+							v-tooltip="formatMessage(moderationStatusIndicator.name)"
+							:class="moderationStatusIndicator.class"
+							class="size-5 shrink-0"
+							aria-hidden="true"
+						/>
+						<AttributionStatusTag :variant="attributionStatusVariant" />
+						<OriginalPageLink v-if="originalProjectUrl && isModerator" :href="originalProjectUrl" />
+					</span>
+					<span v-if="fileCount > 1" class="text-secondary text-sm font-normal">
+						{{ formatMessage(messages.fileCount, { count: fileCount }) }}
+					</span>
 				</span>
 			</button>
-			<div class="flex items-center gap-2 m-4 ml-0">
-				<ButtonStyled type="outlined">
-					<button>
-						<ListBulletedIcon />
-						Versions
-					</button>
-				</ButtonStyled>
+			<div class="mr-4 flex items-center gap-2">
+				<AttributionModerationDbBadge v-if="isModerator" :files="group.files" />
+				<OriginalPageLink v-else-if="originalProjectUrl" :href="originalProjectUrl" />
 			</div>
 		</div>
+
 		<Collapsible
 			:collapsed="collapsed"
 			class="border-0 border-solid border-t border-surface-5 rounded-b-2xl"
 		>
-			<div class="flex flex-col gap-2 p-4">
-				<span class="text-contrast font-semibold">Included in versions:</span>
-				<div class="flex flex-wrap gap-2">
-					<template v-for="version in ['4.0.0', '3.5.15', '3.5.14']" :key="version">
-						<div
-							class="px-3 py-2 rounded-xl flex items-center gap-2 border-[1px] border-solid border-surface-5"
+			<div class="flex flex-col gap-3 p-4">
+				<span class="text-contrast font-semibold">
+					{{ formatMessage(messages.includedFiles) }}
+				</span>
+				<div class="grid grid-cols-2 gap-2">
+					<span
+						v-for="file in group.files"
+						:key="file.sha1"
+						class="pl-3 rounded-xl grid grid-cols-[auto_1fr_auto] gap-2 items-start border-[1px] border-solid border-surface-5 bg-surface-2"
+						:style="{
+							'border-color':
+								isModerator && file.moderation_external_license
+									? MODERATION_DB_BADGE[file.moderation_external_license?.status]?.color
+									: undefined,
+							color:
+								isModerator && file.moderation_external_license
+									? MODERATION_DB_BADGE[file.moderation_external_license?.status]?.color
+									: undefined,
+						}"
+					>
+						<FileIcon class="size-4 shrink-0 mt-2.5" />
+						<div class="max-w-[22rem] min-w-0 flex flex-col gap-1 py-2">
+							<span class="truncate">
+								{{ file.name.split('/').pop() }}
+							</span>
+						</div>
+						<div class="flex items-center gap-1 my-auto">
+							<ButtonStyled v-if="group.files.length > 1" circular size="small">
+								<button
+									v-tooltip="formatMessage(messages.splitFile)"
+									class="m-1"
+									:disabled="splitFileMutation.isPending.value"
+									@click="handleSplitFile(file.sha1)"
+								>
+									<SpinnerIcon
+										v-if="splitFileMutation.isPending.value && pendingSplitSha1 === file.sha1"
+										class="size-4 shrink-0 animate-spin"
+									/>
+									<XIcon v-else class="size-4 shrink-0" />
+								</button>
+							</ButtonStyled>
+						</div>
+					</span>
+					<div>
+						<ButtonStyled>
+							<button @click="handleAddFilesToGroup($event)">
+								<PlusIcon class="size-4 shrink-0" /> {{ formatMessage(messages.addFilesToGroup) }}
+							</button>
+						</ButtonStyled>
+					</div>
+				</div>
+				<template v-if="(containingVersions?.length ?? 0) > 0">
+					<span class="text-contrast font-semibold">
+						{{
+							formatMessage(messages.includedInVersions, { count: containingVersions?.length ?? 0 })
+						}}
+					</span>
+					<div class="flex flex-wrap gap-2">
+						<nuxt-link
+							v-for="version in containingVersions"
+							:key="version.id"
+							:to="`/project/${projectId}/version/${version.id}`"
+							target="_blank"
+							class="px-3 py-2 rounded-xl flex items-center gap-2 border-[1px] border-solid border-surface-5 bg-surface-3 hover:bg-surface-4"
 						>
-							<VersionIcon />
-							{{ version }}
+							<VersionIcon class="size-4 shrink-0" />
+							<span class="max-w-[22rem] truncate">
+								{{ version.version_number }}
+							</span>
+						</nuxt-link>
+					</div>
+				</template>
+				<template v-else>
+					<span class="text-secondary text-sm">
+						{{ formatMessage(messages.notUsedInVersions) }}
+					</span>
+				</template>
+
+				<AttributionDisplay
+					v-if="!isEditingAttribution && initialAttribution"
+					:attribution="initialAttribution"
+					:attributed-at="group.attributed_at"
+					:attributor-href="attributorLink"
+					:attributor-label="attributorLabel"
+					:attributor-avatar-url="attributorMember?.user.avatar_url"
+				>
+					<template v-if="group.attribution?.kind !== 'globally_allowed'" #actions>
+						<ButtonStyled>
+							<button @click="startEditingAttribution">
+								<EditIcon /> {{ formatMessage(commonMessages.editButton) }}
+							</button>
+						</ButtonStyled>
+					</template>
+					<template
+						v-if="
+							(isModerator || group.attribution.moderation_status) &&
+							group.attribution.kind !== 'globally_allowed'
+						"
+						#footer
+					>
+						<div class="flex gap-4 flex-wrap">
+							<div>
+								<p
+									class="font-semibold m-0 flex items-center gap-2 mb-3"
+									:class="isModerator ? 'text-orange' : moderationStatusIndicator?.class"
+								>
+									<template v-if="isModerator">
+										<ScaleIcon class="size-5 shrink-0" />
+										Review attribution
+									</template>
+									<template v-else-if="moderationStatusIndicator">
+										<component
+											:is="moderationStatusIndicator.icon"
+											class="size-5 shrink-0"
+											aria-hidden="true"
+										/>
+										{{ formatMessage(moderationStatusIndicator.name) }}
+									</template>
+								</p>
+								<template v-if="isModerator">
+									<template
+										v-if="group.attribution.moderation_status && !isEditingModerationReview"
+									>
+										<div class="grid grid-cols-[auto_1fr] gap-y-3 gap-x-4">
+											<div>Status:</div>
+											<div
+												class="flex items-center gap-1"
+												:class="moderationStatusIndicator ? moderationStatusIndicator.class : ''"
+											>
+												<template v-if="moderationStatusIndicator">
+													<component
+														:is="moderationStatusIndicator.icon"
+														class="size-4 shrink-0"
+														aria-hidden="true"
+													/>
+													{{ formatMessage(moderationStatusIndicator.name) }}
+												</template>
+											</div>
+											<div class="leading-[1.5]">Reason:</div>
+											<div>
+												<div
+													class="markdown-body"
+													v-html="renderString(group.attribution.moderation_status.reason || 'N/A')"
+												/>
+											</div>
+										</div>
+									</template>
+									<template v-else>
+										<StyledInput
+											v-model="reviewReasonInput"
+											multiline
+											placeholder="Explanation of review (optional)"
+										/>
+										<div class="flex items-center gap-2 flex-wrap mt-3">
+											<ButtonStyled v-if="visibleQuickReplies.length > 0">
+												<OverflowMenu :options="visibleQuickReplies">
+													Reply presets
+													<ChevronDownIcon />
+												</OverflowMenu>
+											</ButtonStyled>
+											<ButtonStyled color="green" color-fill="text">
+												<button
+													:disabled="setModerationStatusMutation.isPending.value"
+													@click="handleSetModerationStatus('approved')"
+												>
+													<SpinnerIcon
+														v-if="
+															setModerationStatusMutation.isPending.value &&
+															pendingModerationStatusKind === 'approved'
+														"
+														class="size-4 shrink-0 animate-spin"
+													/>
+													<CheckCircleIcon v-else />
+													Approve
+												</button>
+											</ButtonStyled>
+											<ButtonStyled color="red" color-fill="text">
+												<button
+													:disabled="setModerationStatusMutation.isPending.value"
+													@click="handleSetModerationStatus('bad_proof')"
+												>
+													<SpinnerIcon
+														v-if="
+															setModerationStatusMutation.isPending.value &&
+															pendingModerationStatusKind === 'bad_proof'
+														"
+														class="size-4 shrink-0 animate-spin"
+													/>
+													<XCircleIcon v-else />
+													Reject: Insufficient proof
+												</button>
+											</ButtonStyled>
+											<ButtonStyled color="red" color-fill="text">
+												<button
+													:disabled="setModerationStatusMutation.isPending.value"
+													@click="handleSetModerationStatus('not_allowed')"
+												>
+													<SpinnerIcon
+														v-if="
+															setModerationStatusMutation.isPending.value &&
+															pendingModerationStatusKind === 'not_allowed'
+														"
+														class="size-4 shrink-0 animate-spin"
+													/>
+													<ReportIcon v-else />
+													Reject: Not allowed
+												</button>
+											</ButtonStyled>
+											<ButtonStyled v-if="isEditingModerationReview" type="outlined">
+												<button
+													:disabled="setModerationStatusMutation.isPending.value"
+													@click="cancelModerationReviewEditing"
+												>
+													<XIcon />
+													{{ formatMessage(commonMessages.cancelButton) }}
+												</button>
+											</ButtonStyled>
+										</div>
+										<div class="flex items-center gap-2 flex-wrap mt-3">
+											<ButtonStyled>
+												<button @click="handleAddToGlobalDatabase">
+													<ScaleIcon /> Add files to database...
+												</button>
+											</ButtonStyled>
+											<ButtonStyled>
+												<button @click="handleAddToExistingEntry">
+													<ScaleIcon /> Add to existing entry...
+												</button>
+											</ButtonStyled>
+										</div>
+									</template>
+								</template>
+								<div v-else class="grid grid-cols-[auto_1fr] gap-y-3 gap-x-4">
+									<div class="leading-[1.5]">
+										{{ formatMessage(messages.moderationReasonLabel) }}
+									</div>
+									<div
+										class="markdown-body"
+										v-html="
+											renderString(
+												group.attribution.moderation_status.reason || 'No reason provided',
+											)
+										"
+									/>
+								</div>
+							</div>
+							<div
+								v-if="
+									isModerator && !isEditingModerationReview && group.attribution.moderation_status
+								"
+								class="ml-auto"
+							>
+								<ButtonStyled color="orange">
+									<button @click="startEditingModerationReview">
+										<ScaleIcon />
+										{{ formatMessage(commonMessages.editButton) }}
+									</button>
+								</ButtonStyled>
+							</div>
 						</div>
 					</template>
-				</div>
+				</AttributionDisplay>
+
 				<div
+					v-else
 					class="rounded-2xl p-4 mt-2 border-[1px] border-solid border-surface-5 flex flex-col gap-3"
 				>
-					<span class="text-contrast font-semibold">Type</span>
-					<Chips
-						v-model="selectedPermissionsType"
-						:items="['License', 'My project', 'Special permission', 'No permission']"
+					<AttributionEditor
+						:project-id="projectId"
+						:group-id="group.id"
+						:attribution="group.attribution"
+						:flame-project-url="group.flame_project?.url"
+						:resume-key="editorResumeKey"
+						@updated="handleEditorUpdated"
+						@saved="stopEditing"
+						@cancel="stopEditing"
 					/>
-					<template v-if="selectedPermissionsType === 'License'">
-						<span>The license of this work permits you to redistribute it in your modpack.</span>
-						<span class="text-contrast font-semibold mt-1">License</span>
-						<Combobox
-							class="max-w-80"
-							:options="[{ label: 'MIT', value: 'MIT' }]"
-							:model-value="'MIT'"
-						/>
-						<span class="text-contrast font-semibold mt-1"> Link to work </span>
-						<StyledInput
-							type="text"
-							class="max-w-[30rem]"
-							placeholder="https://example.com/link-to-work"
-						/>
-						<span class="text-contrast font-semibold mt-1">
-							Notes
-							<span class="font-normal text-primary">(optional)</span>
-						</span>
-						<StyledInput
-							type="text"
-							resize="both"
-							multiline
-							class="max-w-[40rem]"
-							placeholder="Write something here..."
-						/>
-					</template>
-					<template v-else-if="selectedPermissionsType === 'My project'">
-						<span>Original work created by you.</span>
-						<span class="text-contrast font-semibold mt-1">License</span>
-						<Combobox
-							class="max-w-80"
-							:options="[{ label: 'MIT', value: 'MIT' }]"
-							:model-value="'MIT'"
-						/>
-						<span class="text-contrast font-semibold mt-1">
-							Notes
-							<span class="font-normal text-primary">(optional)</span>
-						</span>
-						<StyledInput
-							type="text"
-							resize="both"
-							multiline
-							class="max-w-[40rem]"
-							placeholder="Write something here..."
-						/>
-					</template>
-					<template v-else-if="selectedPermissionsType === 'Special permission'">
-						<span>
-							You have obtained special permission to redistribute this work in your modpack.
-						</span>
-						<span class="text-contrast font-semibold mt-1"> Link to work </span>
-						<StyledInput
-							type="text"
-							class="max-w-[30rem]"
-							placeholder="https://example.com/link-to-work"
-						/>
-						<div class="flex flex-col gap-1 mt-1">
-							<span class="text-contrast font-semibold"> Proof and explanation </span>
-							<span>
-								Include screenshots of messages, emails, or replies from the copyright owner showing
-								that they granted you permission to redistribute their work in your modpack.
-							</span>
-						</div>
-						<StyledInput
-							type="text"
-							resize="both"
-							multiline
-							class="max-w-[40rem]"
-							placeholder="Write something here..."
-						/>
-						<Admonition
-							type="warning"
-							header="Modrinth staff may attempt to verify submitted proof"
-						>
-							If you are found to have lied or manipulated the images uploaded, your project and
-							account may be terminated.
-						</Admonition>
-					</template>
-					<template v-else-if="selectedPermissionsType === 'No permission'">
-						<span>You don't have permission to use this work.</span>
-						<span class="text-contrast font-semibold mt-1">
-							Notes
-							<span class="font-normal text-primary">(optional)</span>
-						</span>
-						<StyledInput
-							type="text"
-							resize="both"
-							multiline
-							class="max-w-[40rem]"
-							placeholder="Write something here..."
-						/>
-					</template>
-					<hr class="mt-1 bg-surface-5 border-none h-[1px] w-full" />
-					<div class="flex items-center gap-2 justify-end">
-						<ButtonStyled type="outlined">
-							<button>
-								<XIcon />
-								Cancel
-							</button>
-						</ButtonStyled>
-						<ButtonStyled color="brand">
-							<button>
-								<SaveIcon />
-								Save
-							</button>
-						</ButtonStyled>
-					</div>
 				</div>
 			</div>
 		</Collapsible>
+		<AddFilesToAttributionGroupModal
+			ref="addFilesModalRef"
+			:group-id="group.id"
+			:pending="assignFilesMutation.isPending.value"
+			@confirm="handleConfirmAddFiles"
+		/>
+		<AddToGlobalPermissionsDatabaseModal
+			ref="addToGlobalModalRef"
+			:group="group"
+			@success="handleModerationDbUpdated"
+		/>
+		<AddToExistingExternalProjectModal
+			ref="addToExistingModalRef"
+			:group="group"
+			@success="handleModerationDbUpdated"
+		/>
 	</div>
 </template>
diff --git a/packages/ui/src/components/external_files/OriginalPageLink.vue b/packages/ui/src/components/external_files/OriginalPageLink.vue
new file mode 100644
index 0000000000..dfcc126788
--- /dev/null
+++ b/packages/ui/src/components/external_files/OriginalPageLink.vue
@@ -0,0 +1,27 @@
+<script setup lang="ts">
+import { ExternalIcon } from '@modrinth/assets'
+
+import { defineMessage, useVIntl } from '../../composables/i18n'
+
+defineProps<{
+	href: string
+}>()
+
+const { formatMessage } = useVIntl()
+
+const label = defineMessage({
+	id: 'external-files.permissions-card.original-project-page',
+	defaultMessage: 'Original project',
+})
+</script>
+<template>
+	<a
+		class="text-link flex items-center outline-offset-[4px] rounded-sm truncate"
+		target="_blank"
+		rel="noopener"
+		:href="href"
+	>
+		<span class="truncate">{{ formatMessage(label) }}</span>
+		<ExternalIcon class="size-3 shrink-0 mb-2 ml-1" />
+	</a>
+</template>
diff --git a/packages/ui/src/components/external_files/external-project-utils.ts b/packages/ui/src/components/external_files/external-project-utils.ts
new file mode 100644
index 0000000000..0d2af506ec
--- /dev/null
+++ b/packages/ui/src/components/external_files/external-project-utils.ts
@@ -0,0 +1,361 @@
+import type { Labrinth } from '@modrinth/api-client'
+
+import { defineMessage, type MessageDescriptor } from '../../composables/i18n'
+
+export const permissionKinds: Labrinth.Attribution.Internal.AttributionResolutionKind[] = [
+	'license',
+	'my_project',
+	'special_permissions',
+	'no_permission',
+	'globally_allowed',
+]
+
+/** Combobox value when the user picks a non-SPDX custom license (stored as `{ name }`). */
+export const CUSTOM_LICENSE_VALUE = '__custom__'
+
+export type ProjectPermissionField =
+	| 'license_id'
+	| 'custom_license'
+	| 'link_to_work'
+	| 'notes'
+	| 'image_urls'
+
+export type AttributionProofRequirement = 'explanation_or_images' | 'images' | null
+
+export const PERMISSION_REASONS = {
+	license: {
+		label: defineMessage({
+			id: 'external-files.permissions-card.reason.license',
+			defaultMessage: 'License',
+		}),
+		description: defineMessage({
+			id: 'external-files.permissions-card.reason.license.description',
+			defaultMessage: 'The license of this work permits you to redistribute it in your modpack.',
+		}),
+		notesLabel: defineMessage({
+			id: 'external-files.permissions-card.explanation-label',
+			defaultMessage: 'Explanation',
+		}),
+		notesDescription: null,
+		notesShowsOptional: true,
+		proofImagesDescription: defineMessage({
+			id: 'external-files.permissions-card.reason.license.proof-images-description',
+			defaultMessage: 'Upload supporting documentation related to this license.',
+		}),
+		proofRequirement: null,
+		fields: ['license_id', 'custom_license', 'link_to_work', 'notes', 'image_urls'] as const,
+	},
+	my_project: {
+		label: defineMessage({
+			id: 'external-files.permissions-card.reason.my-project',
+			defaultMessage: 'My project',
+		}),
+		description: defineMessage({
+			id: 'external-files.permissions-card.reason.my-project.description',
+			defaultMessage: 'Original work created by you.',
+		}),
+		notesLabel: defineMessage({
+			id: 'external-files.permissions-card.explanation-label',
+			defaultMessage: 'Explanation',
+		}),
+		notesDescription: defineMessage({
+			id: 'external-files.permissions-card.explanation-description',
+			defaultMessage: 'A short explanation or proof images are required.',
+		}),
+		notesShowsOptional: false,
+		proofImagesDescription: defineMessage({
+			id: 'external-files.permissions-card.reason.my-project.proof-images-description',
+			defaultMessage: 'Upload files that help verify you created this work.',
+		}),
+		proofRequirement: 'explanation_or_images',
+		fields: ['license_id', 'custom_license', 'notes', 'image_urls'] as const,
+	},
+	special_permissions: {
+		label: defineMessage({
+			id: 'external-files.permissions-card.reason.special-permission',
+			defaultMessage: 'Special permission',
+		}),
+		description: defineMessage({
+			id: 'external-files.permissions-card.reason.special-permission.description',
+			defaultMessage:
+				'You have obtained special permission to redistribute this work in your modpack.',
+		}),
+		notesLabel: null,
+		notesDescription: null,
+		notesShowsOptional: true,
+		proofImagesDescription: null,
+		proofRequirement: 'images',
+		fields: ['link_to_work', 'notes', 'image_urls'] as const,
+	},
+	no_permission: {
+		label: defineMessage({
+			id: 'external-files.permissions-card.reason.no-permission',
+			defaultMessage: 'No permission',
+		}),
+		description: defineMessage({
+			id: 'external-files.permissions-card.reason.no-permission.description',
+			defaultMessage: "You don't have permission to use this work.",
+		}),
+		notesLabel: null,
+		notesDescription: null,
+		notesShowsOptional: true,
+		proofImagesDescription: null,
+		proofRequirement: null,
+		fields: ['notes'] as const,
+	},
+	globally_allowed: {
+		label: defineMessage({
+			id: 'external-files.permissions-card.reason.globally-allowed',
+			defaultMessage: 'Automatically attributed',
+		}),
+		description: defineMessage({
+			id: 'external-files.permissions-card.reason.globally-allowed.description',
+			defaultMessage:
+				"We've seen this file before and have prepared an attribution for you. If something seems wrong, please contact Modrinth Support via the Help Center",
+		}),
+		notesLabel: null,
+		notesDescription: null,
+		notesShowsOptional: false,
+		proofImagesDescription: null,
+		proofRequirement: null,
+		fields: ['link_to_work'] as const,
+	},
+} satisfies Record<
+	Labrinth.Attribution.Internal.AttributionResolutionKind,
+	{
+		label: MessageDescriptor
+		description: MessageDescriptor
+		notesLabel: MessageDescriptor | null
+		notesDescription: MessageDescriptor | null
+		notesShowsOptional: boolean
+		proofImagesDescription: MessageDescriptor | null
+		proofRequirement: AttributionProofRequirement
+		fields: ProjectPermissionField[]
+	}
+>
+
+export function isAttributionProofValid(
+	requirement: AttributionProofRequirement,
+	notes: string,
+	imageUrls: readonly string[],
+): boolean {
+	switch (requirement) {
+		case 'explanation_or_images':
+			return notes.trim().length > 0 || imageUrls.length > 0
+		case 'images':
+			return imageUrls.length > 0
+		default:
+			return true
+	}
+}
+
+export function attributionProofValidationError(
+	requirement: AttributionProofRequirement,
+	notes: string,
+	imageUrls: readonly string[],
+): MessageDescriptor | null {
+	if (isAttributionProofValid(requirement, notes, imageUrls)) {
+		return null
+	}
+	switch (requirement) {
+		case 'explanation_or_images':
+			return defineMessage({
+				id: 'external-files.permissions-card.error.explanation-or-images-required',
+				defaultMessage: 'Please provide an explanation or upload at least one proof image.',
+			})
+		case 'images':
+			return defineMessage({
+				id: 'external-files.permissions-card.error.proof-images-required',
+				defaultMessage: 'Please upload at least one proof image.',
+			})
+		default:
+			return null
+	}
+}
+
+export function isHttpUrl(raw: string): boolean {
+	const s = raw.trim()
+	if (!s) return false
+	let parsed: URL
+	try {
+		parsed = new URL(s)
+	} catch {
+		return false
+	}
+	return parsed.protocol === 'http:' || parsed.protocol === 'https:'
+}
+
+export function isCustomAttributionLicense(
+	license: Labrinth.Attribution.Internal.AttributionLicense,
+): license is { name: string } {
+	return typeof license === 'object' && license !== null && 'name' in license
+}
+
+export function parseAttributionLicense(
+	license: Labrinth.Attribution.Internal.AttributionLicense | undefined,
+): {
+	spdx: string
+	custom: string
+} {
+	if (!license) {
+		return { spdx: '', custom: '' }
+	}
+	if (isCustomAttributionLicense(license)) {
+		return { spdx: CUSTOM_LICENSE_VALUE, custom: license.name }
+	}
+	return { spdx: license, custom: '' }
+}
+
+export function attributionLinkToWork(
+	attribution: Labrinth.Attribution.Internal.AttributionResolution | null | undefined,
+): string | undefined {
+	if (!attribution) {
+		return undefined
+	}
+	if (PERMISSION_REASONS[attribution.kind].fields.includes('link_to_work')) {
+		return attribution.link_to_work
+	}
+	return undefined
+}
+
+export function parseInitialAttribution(
+	raw: unknown,
+): Labrinth.Attribution.Internal.AttributionResolution | null {
+	if (!raw || typeof raw !== 'object') {
+		return null
+	}
+	const obj = raw as Record<string, unknown>
+	const kind = obj.kind
+	if (typeof kind !== 'string' || !(permissionKinds as string[]).includes(kind)) {
+		return null
+	}
+	return obj as Labrinth.Attribution.Internal.AttributionResolution
+}
+
+const unnamedMultiAttributionGroupTitle = defineMessage({
+	id: 'external-files.permissions-card.unnamed-multi-group-title',
+	defaultMessage: '{filename} + {count} more',
+})
+
+const fallbackAttributionGroupTitle = defineMessage({
+	id: 'external-files.permissions-card.fallback-group-title',
+	defaultMessage: 'Attribution group {id}',
+})
+
+export function createAttributionGroupTitle(
+	group: Labrinth.Attribution.Internal.AttributionGroup,
+	formatMessage: (descriptor: MessageDescriptor, values?: Record<string, unknown>) => string,
+): string {
+	const fileCount = group.files?.length ?? 0
+	if (group.flame_project?.title) {
+		return group.flame_project.title
+	}
+	const firstFileName = group.files?.[0]?.name ?? group.files?.[0]?.sha1 ?? ''
+	if (firstFileName) {
+		const base = firstFileName.split('/').pop() ?? firstFileName
+		if (fileCount === 1) {
+			return base
+		}
+		return formatMessage(unnamedMultiAttributionGroupTitle, {
+			filename: base,
+			count: fileCount - 1,
+		})
+	}
+	return formatMessage(fallbackAttributionGroupTitle, { id: group.id })
+}
+
+export function moderatorAttributionGroupTitle(
+	group: Labrinth.Attribution.Internal.AttributionGroup,
+): string {
+	const fileCount = group.files?.length ?? 0
+	if (group.flame_project?.title) {
+		return group.flame_project.title
+	}
+	const firstFileName = group.files?.[0]?.name ?? group.files?.[0]?.sha1 ?? ''
+	if (firstFileName) {
+		const base = firstFileName.split('/').pop() ?? firstFileName
+		if (fileCount === 1) {
+			return base
+		}
+		return `${base} + ${fileCount - 1} more`
+	}
+	return `Attribution group ${group.id}`
+}
+
+export const MODERATOR_ATTRIBUTION_KIND_LABELS: Record<
+	Labrinth.Attribution.Internal.AttributionResolutionKind,
+	string
+> = {
+	license: 'License',
+	my_project: 'My project',
+	special_permissions: 'Special permission',
+	no_permission: 'No permission',
+	globally_allowed: 'Automatically attributed',
+}
+
+export type ExternalLicenseStatus = Labrinth.ExternalProjects.Internal.ExternalLicenseStatus
+
+export function attributionKindToDefaultExternalStatus(
+	kind: Labrinth.Attribution.Internal.AttributionResolutionKind,
+): ExternalLicenseStatus | undefined {
+	if (kind === 'no_permission') {
+		return 'no'
+	}
+	if (kind === 'license') {
+		return 'yes'
+	}
+	return undefined
+}
+
+export function buildExternalLicenseProofFromAttribution(
+	attribution: Labrinth.Attribution.Internal.AttributionResolution,
+): string {
+	const parts: string[] = []
+	const notes = attribution.notes?.trim()
+	if (notes) {
+		parts.push(notes)
+	}
+	for (const url of attribution.image_urls ?? []) {
+		parts.push(`![proof image](${url})`)
+	}
+	return parts.join('\n\n')
+}
+
+export function groupLinkForExternalLicense(
+	group: Labrinth.Attribution.Internal.AttributionGroup,
+	attribution: Labrinth.Attribution.Internal.AttributionResolution | null,
+): string {
+	return attributionLinkToWork(attribution) ?? group.flame_project?.url ?? ''
+}
+
+export const MODERATION_DB_BADGE: Record<
+	Labrinth.ExternalProjects.Internal.ExternalLicenseStatus,
+	{
+		color?: string
+		label: string
+	}
+> = {
+	no: {
+		color: 'var(--color-red)',
+		label: 'Restrictive license',
+	},
+	'permanent-no': {
+		color: 'var(--color-purple)',
+		label: 'Prohibited content',
+	},
+	yes: {
+		color: 'var(--color-green)',
+		label: 'Permissive license',
+	},
+	'with-attribution': {
+		color: 'var(--color-green)',
+		label: 'Permissive license',
+	},
+	'with-attribution-and-source': {
+		color: 'var(--color-green)',
+		label: 'Permissive license',
+	},
+	unidentified: {
+		label: 'Unidentified',
+	},
+}
diff --git a/packages/ui/src/components/external_files/index.ts b/packages/ui/src/components/external_files/index.ts
index e0ec715662..fa12eed576 100644
--- a/packages/ui/src/components/external_files/index.ts
+++ b/packages/ui/src/components/external_files/index.ts
@@ -1,3 +1,10 @@
-export { default as ExternalProjectLicenseStateTag } from './ExternalProjectLicenseStateTag.vue'
+export { default as AddFilesToAttributionGroupModal } from './AddFilesToAttributionGroupModal.vue'
+export { default as AddToExistingExternalProjectModal } from './AddToExistingExternalProjectModal.vue'
+export { default as AddToGlobalPermissionsDatabaseModal } from './AddToGlobalPermissionsDatabaseModal.vue'
+export { default as AttributionDisplay } from './AttributionDisplay.vue'
+export { default as AttributionEditor } from './AttributionEditor.vue'
+export { default as AttributionModerationDbBadge } from './AttributionModerationDbBadge.vue'
+export { default as AttributionStatusTag } from './AttributionStatusTag.vue'
 export { default as ExternalProjectLookupCard } from './ExternalProjectLookupCard.vue'
+export { default as ExternalProjectPermissionsCard } from './ExternalProjectPermissionsCard.vue'
 export type { ExternalLicenseStatus } from './types.ts'
diff --git a/packages/ui/src/components/external_files/types.ts b/packages/ui/src/components/external_files/types.ts
index 331d41bf95..f93cf8bc20 100644
--- a/packages/ui/src/components/external_files/types.ts
+++ b/packages/ui/src/components/external_files/types.ts
@@ -1,7 +1,3 @@
-export type ExternalLicenseStatus =
-	| 'yes'
-	| 'with-attribution-and-source'
-	| 'with-attribution'
-	| 'no'
-	| 'permanent-no'
-	| 'unidentified'
+import type { Labrinth } from '@modrinth/api-client'
+
+export type ExternalLicenseStatus = Labrinth.ExternalProjects.Internal.ExternalLicenseStatus
diff --git a/packages/ui/src/components/flows/creation-flow-modal/components/ModpackStage.vue b/packages/ui/src/components/flows/creation-flow-modal/components/ModpackStage.vue
index 8b64a06586..e0860dd303 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/components/ModpackStage.vue
+++ b/packages/ui/src/components/flows/creation-flow-modal/components/ModpackStage.vue
@@ -5,8 +5,10 @@
 		}}</span>
 		<Combobox
 			v-model="ctx.modpackSearchProjectId.value"
+			v-tooltip="ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined"
 			:options="ctx.modpackSearchOptions.value"
 			searchable
+			:disabled="ctx.finishDisabled.value"
 			:search-placeholder="formatMessage(messages.searchModpackPlaceholder)"
 			:no-options-message="
 				searchLoading
@@ -29,13 +31,23 @@
 		</div>
 		<div class="flex gap-3">
 			<ButtonStyled type="outlined">
-				<button class="flex-1" @click="triggerFileInput">
+				<button
+					v-tooltip="ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined"
+					class="flex-1"
+					:disabled="ctx.finishDisabled.value"
+					@click="triggerFileInput"
+				>
 					<ImportIcon />
 					{{ formatMessage(messages.importModpack) }}
 				</button>
 			</ButtonStyled>
 			<ButtonStyled color="brand">
-				<button class="flex-1" @click="ctx.browseModpacks()">
+				<button
+					v-tooltip="ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined"
+					class="flex-1"
+					:disabled="ctx.finishDisabled.value"
+					@click="ctx.browseModpacks()"
+				>
 					<CompassIcon />
 					{{ formatMessage(messages.browseModpacks) }}
 				</button>
@@ -87,6 +99,8 @@ const messages = defineMessages({
 })
 
 function proceedWithModpack() {
+	if (ctx.finishDisabled.value) return
+
 	debug('proceedWithModpack:', {
 		flowType: ctx.flowType,
 		modpackSelection: ctx.modpackSelection.value,
@@ -196,6 +210,8 @@ watch(
 )
 
 async function triggerFileInput() {
+	if (ctx.finishDisabled.value) return
+
 	const picked = await filePicker.pickModpackFile({
 		readFile: ctx.flowType !== 'instance',
 	})
diff --git a/packages/ui/src/components/flows/creation-flow-modal/creation-flow-context.ts b/packages/ui/src/components/flows/creation-flow-modal/creation-flow-context.ts
index f48b090af8..9582c4df8a 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/creation-flow-context.ts
+++ b/packages/ui/src/components/flows/creation-flow-modal/creation-flow-context.ts
@@ -186,6 +186,8 @@ export interface CreationFlowContextValue {
 
 	// Loading state (set when finish() is called, cleared on reset)
 	loading: Ref<boolean>
+	finishDisabled: ComputedRef<boolean>
+	finishDisabledTooltip: ComputedRef<string | undefined>
 
 	// Backup state (set by InlineBackupCreator in reset-server flow)
 	isBackingUp: Ref<boolean>
@@ -232,6 +234,8 @@ export interface CreationFlowOptions {
 	searchModpacks?: (query: string, limit?: number) => Promise<ModpackSearchResult>
 	getProjectVersions?: (projectId: string) => Promise<{ id: string }[]>
 	getLoaderManifest?: LoaderManifestResolver
+	finishDisabled?: ComputedRef<boolean>
+	finishDisabledTooltip?: ComputedRef<string | undefined>
 }
 
 export function createCreationFlowContext(
@@ -257,6 +261,8 @@ export function createCreationFlowContext(
 	const searchModpacks = options.searchModpacks!
 	const getProjectVersions = options.getProjectVersions!
 	const getLoaderManifest = options.getLoaderManifest ?? null
+	const finishDisabled = options.finishDisabled ?? computed(() => false)
+	const finishDisabledTooltip = options.finishDisabledTooltip ?? computed(() => undefined)
 
 	const setupType = ref<SetupType | null>(null)
 	const isImportMode = ref(false)
@@ -502,6 +508,8 @@ export function createCreationFlowContext(
 	}
 
 	function finish() {
+		if (finishDisabled.value) return
+
 		debug('finish() called, state:', {
 			setupType: setupType.value,
 			selectedLoader: selectedLoader.value,
@@ -585,6 +593,8 @@ export function createCreationFlowContext(
 		importSearchQuery,
 		hardReset,
 		loading,
+		finishDisabled,
+		finishDisabledTooltip,
 		isBackingUp,
 		cancelBackup,
 		modal,
diff --git a/packages/ui/src/components/flows/creation-flow-modal/index.vue b/packages/ui/src/components/flows/creation-flow-modal/index.vue
index 6d2ab01b53..fed5929a08 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/index.vue
+++ b/packages/ui/src/components/flows/creation-flow-modal/index.vue
@@ -10,7 +10,7 @@
 </template>
 
 <script setup lang="ts">
-import { useTemplateRef } from 'vue'
+import { computed, useTemplateRef } from 'vue'
 import type { ComponentExposed } from 'vue-component-type-helpers'
 
 import MultiStageModal from '../../base/MultiStageModal.vue'
@@ -38,6 +38,8 @@ const props = withDefaults(
 		searchModpacks?: (query: string, limit?: number) => Promise<ModpackSearchResult>
 		getProjectVersions?: (projectId: string) => Promise<{ id: string }[]>
 		getLoaderManifest?: LoaderManifestResolver
+		finishDisabled?: boolean
+		finishDisabledTooltip?: string
 	}>(),
 	{
 		type: 'world',
@@ -78,6 +80,8 @@ const ctx = createCreationFlowContext(
 		searchModpacks: props.searchModpacks,
 		getProjectVersions: props.getProjectVersions,
 		getLoaderManifest: props.getLoaderManifest,
+		finishDisabled: computed(() => props.finishDisabled ?? false),
+		finishDisabledTooltip: computed(() => props.finishDisabledTooltip),
 	},
 )
 provideCreationFlowContext(ctx)
diff --git a/packages/ui/src/components/flows/creation-flow-modal/stages/custom-setup-stage.ts b/packages/ui/src/components/flows/creation-flow-modal/stages/custom-setup-stage.ts
index 226d809009..3f2bb9cfa4 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/stages/custom-setup-stage.ts
+++ b/packages/ui/src/components/flows/creation-flow-modal/stages/custom-setup-stage.ts
@@ -46,12 +46,14 @@ export const stageConfig: StageConfigInput<CreationFlowContextValue> = {
 				icon: PlusIcon,
 				iconPosition: 'before' as const,
 				color: 'brand' as const,
-				disabled,
+				disabled: disabled || ctx.finishDisabled.value,
 				loading: ctx.loading.value,
+				tooltip: ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined,
 				onClick: () => ctx.finish(),
 			}
 		}
 
+		const finishDisabled = !goesToNextStage && ctx.finishDisabled.value
 		return {
 			label: ctx.formatMessage(
 				goesToNextStage ? commonMessages.continueButton : creationFlowMessages.finishButton,
@@ -59,7 +61,8 @@ export const stageConfig: StageConfigInput<CreationFlowContextValue> = {
 			icon: goesToNextStage ? RightArrowIcon : null,
 			iconPosition: 'after' as const,
 			color: goesToNextStage ? undefined : ('brand' as const),
-			disabled,
+			disabled: disabled || finishDisabled,
+			tooltip: finishDisabled ? ctx.finishDisabledTooltip.value : undefined,
 			onClick: () => {
 				if (goesToNextStage) {
 					ctx.modal.value?.nextStage()
diff --git a/packages/ui/src/components/flows/creation-flow-modal/stages/final-config-stage.ts b/packages/ui/src/components/flows/creation-flow-modal/stages/final-config-stage.ts
index 1254141345..15884f6b1f 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/stages/final-config-stage.ts
+++ b/packages/ui/src/components/flows/creation-flow-modal/stages/final-config-stage.ts
@@ -51,8 +51,10 @@ export const stageConfig: StageConfigInput<CreationFlowContextValue> = {
 			icon: isFinish ? PlusIcon : RightArrowIcon,
 			iconPosition: isFinish ? ('before' as const) : ('after' as const),
 			color: isReset ? ('red' as const) : isFinish ? ('brand' as const) : undefined,
-			disabled: isForwardBlocked(ctx) || ctx.isBackingUp.value,
+			disabled:
+				isForwardBlocked(ctx) || ctx.isBackingUp.value || (isFinish && ctx.finishDisabled.value),
 			loading: isFinish && ctx.loading.value,
+			tooltip: isFinish && ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined,
 			onClick: () => {
 				if (isFinish) {
 					ctx.finish()
diff --git a/packages/ui/src/components/flows/creation-flow-modal/stages/import-instance-stage.ts b/packages/ui/src/components/flows/creation-flow-modal/stages/import-instance-stage.ts
index 6429895747..5e1afce2e3 100644
--- a/packages/ui/src/components/flows/creation-flow-modal/stages/import-instance-stage.ts
+++ b/packages/ui/src/components/flows/creation-flow-modal/stages/import-instance-stage.ts
@@ -38,7 +38,8 @@ export const stageConfig: StageConfigInput<CreationFlowContextValue> = {
 			icon: DownloadIcon,
 			iconPosition: 'before' as const,
 			color: 'brand' as const,
-			disabled: count === 0,
+			disabled: count === 0 || ctx.finishDisabled.value,
+			tooltip: ctx.finishDisabled.value ? ctx.finishDisabledTooltip.value : undefined,
 			onClick: () => ctx.finish(),
 		}
 	},
diff --git a/packages/ui/src/components/modal/NewModal.vue b/packages/ui/src/components/modal/NewModal.vue
index b1ff2a89fd..02ca75577b 100644
--- a/packages/ui/src/components/modal/NewModal.vue
+++ b/packages/ui/src/components/modal/NewModal.vue
@@ -123,7 +123,11 @@
 						<slot> You just lost the game.</slot>
 					</div>
 
-					<div v-if="$slots.actions" class="p-4 pt-0">
+					<div
+						v-if="$slots.actions"
+						:class="{ 'pt-4 border-0 border-t border-solid border-surface-5': actionsDivider }"
+						class="p-4 pt-0"
+					>
 						<slot name="actions" />
 					</div>
 				</div>
@@ -178,6 +182,7 @@ const props = withDefaults(
 		width?: string
 		/** Disables all close actions (close button, ESC key, click outside). */
 		disableClose?: boolean
+		actionsDivider?: boolean
 	}>(),
 	{
 		type: true,
@@ -200,6 +205,7 @@ const props = withDefaults(
 		maxWidth: undefined,
 		width: undefined,
 		disableClose: false,
+		actionsDivider: false,
 	},
 )
 
diff --git a/packages/ui/src/components/project/ProjectPageVersions.vue b/packages/ui/src/components/project/ProjectPageVersions.vue
index 5b5131d390..d14405e2bc 100644
--- a/packages/ui/src/components/project/ProjectPageVersions.vue
+++ b/packages/ui/src/components/project/ProjectPageVersions.vue
@@ -116,8 +116,21 @@
 							}"
 							title="`${version.version_number} - ${version.name}`"
 						>
-							<div class="font-bold text-contrast text-ellipsis overflow-hidden">
-								{{ version.version_number }}
+							<div class="flex items-center gap-2">
+								<div class="font-bold text-contrast text-ellipsis overflow-hidden">
+									{{ version.version_number }}
+								</div>
+								<div
+									v-if="version.files_missing_attribution"
+									v-tooltip="`Version withheld due to missing permissions`"
+									class="z-[1]"
+									:style="{
+										'--_bg-color': 'var(--color-orange-bg)',
+										'--_color': 'var(--color-orange)',
+									}"
+								>
+									<TagItem> <CircleAlertIcon /> Withheld</TagItem>
+								</div>
 							</div>
 							<div class="text-xs font-medium text-ellipsis overflow-hidden">
 								{{ version.name }}
@@ -260,7 +273,14 @@
 </template>
 <script setup lang="ts">
 import type { Labrinth } from '@modrinth/api-client'
-import { CalendarIcon, DownloadIcon, getLoaderIcon, PlusIcon, StarIcon } from '@modrinth/assets'
+import {
+	CalendarIcon,
+	CircleAlertIcon,
+	DownloadIcon,
+	getLoaderIcon,
+	PlusIcon,
+	StarIcon,
+} from '@modrinth/assets'
 import {
 	AutoLink,
 	ButtonStyled,
diff --git a/packages/ui/src/components/servers/InstallingBanner.vue b/packages/ui/src/components/servers/InstallingBanner.vue
index 21a90df21d..cf8a901019 100644
--- a/packages/ui/src/components/servers/InstallingBanner.vue
+++ b/packages/ui/src/components/servers/InstallingBanner.vue
@@ -28,7 +28,13 @@
 		</div>
 		<template v-if="contentError" #top-right-actions>
 			<ButtonStyled color="red" type="outlined">
-				<button class="!border" type="button" @click="emit('retry')">
+				<button
+					v-tooltip="retryDisabled ? retryDisabledTooltip : undefined"
+					class="!border"
+					type="button"
+					:disabled="retryDisabled"
+					@click="emit('retry')"
+				>
 					<RotateCounterClockwiseIcon class="size-5" />
 					{{ formatMessage(commonMessages.retryButton) }}
 				</button>
@@ -62,6 +68,8 @@ const props = defineProps<{
 	fallbackPhase?: SyncProgress['phase'] | null
 	contentError?: ContentError | null
 	dismissible?: boolean
+	retryDisabled?: boolean
+	retryDisabledTooltip?: string
 }>()
 
 const emit = defineEmits<{
diff --git a/packages/ui/src/components/servers/ServerListing.vue b/packages/ui/src/components/servers/ServerListing.vue
index e6c07190c8..fbfe10d460 100644
--- a/packages/ui/src/components/servers/ServerListing.vue
+++ b/packages/ui/src/components/servers/ServerListing.vue
@@ -35,10 +35,26 @@
 			</div>
 			<ServerIcon v-else :image="image ?? undefined" :disabled="isDisabled" />
 			<div class="ml-4 flex flex-col gap-1.5">
-				<div class="flex flex-row items-center gap-2">
+				<div class="flex flex-row items-center gap-2.5">
 					<h2 class="m-0 text-xl font-bold text-contrast" :class="{ 'opacity-50': isDisabled }">
 						{{ name }}
 					</h2>
+					<div
+						v-if="owner"
+						v-tooltip="formatMessage(messages.ownerTooltip, { username: owner.username })"
+						class="flex min-w-0 items-center gap-1 rounded-full bg-surface-4 px-2 pr-2.5 py-1 text-sm font-medium text-primary !border !border-surface-5 border-solid"
+						:class="{ 'opacity-50': isDisabled }"
+					>
+						<Avatar
+							:src="owner.avatarUrl"
+							:alt="formatMessage(messages.ownerAvatarAlt, { username: owner.username })"
+							:tint-by="owner.username"
+							size="1.25rem"
+							circle
+							no-shadow
+						/>
+						<span class="max-w-32 truncate">{{ owner.username }}</span>
+					</div>
 					<div
 						v-if="isConfiguring && noticeType !== 'cancelled' && noticeType !== 'setToCancel'"
 						class="flex min-w-0 items-center gap-2 truncate text-sm font-medium text-brand rounded-full bg-brand-highlight border border-solid border-brand px-2.5 h-[28px]"
@@ -262,6 +278,7 @@ import { injectModrinthClient } from '../../providers/api-client'
 import Avatar from '../base/Avatar.vue'
 import IntlFormatted from '../base/IntlFormatted.vue'
 import ServersSpecs from '../billing/ServersSpecs.vue'
+import type { ServerListingOwner } from './access/types'
 import ServerIcon from './icons/ServerIcon.vue'
 import ServerInfoLabels from './labels/ServerInfoLabels.vue'
 
@@ -281,6 +298,14 @@ const messages = defineMessages({
 		id: 'servers.listing.using-project-label',
 		defaultMessage: 'Using {projectTitle}',
 	},
+	ownerTooltip: {
+		id: 'servers.listing.owner-tooltip',
+		defaultMessage: 'Owned by {username}',
+	},
+	ownerAvatarAlt: {
+		id: 'servers.listing.owner-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
 	provisioningNotice: {
 		id: 'servers.listing.notice.provisioning',
 		defaultMessage: 'Please wait while we set up your server. This can take up to 10 minutes.',
@@ -402,6 +427,7 @@ type ServerListingProps = {
 	cancellationDate?: string | Date | null
 	onResubscribe?: (() => void) | null
 	onDownloadBackup?: (() => void) | null
+	owner?: ServerListingOwner
 }
 
 const props = defineProps<ServerListingProps>()
diff --git a/packages/ui/src/components/servers/ServerManageStats.vue b/packages/ui/src/components/servers/ServerManageStats.vue
index b817cab303..ef3f54d31e 100644
--- a/packages/ui/src/components/servers/ServerManageStats.vue
+++ b/packages/ui/src/components/servers/ServerManageStats.vue
@@ -60,13 +60,13 @@
 
 <script setup lang="ts">
 import { CpuIcon, DatabaseIcon, FolderOpenIcon } from '@modrinth/assets'
-import type { Stats } from '@modrinth/utils'
 import { useStorage } from '@vueuse/core'
 import { computed, defineAsyncComponent, onMounted, ref, shallowRef, watch } from 'vue'
 import { RouterLink } from 'vue-router'
 
 import { useFormatBytes } from '#ui/composables'
 import { injectModrinthServerContext, injectPageContext } from '#ui/providers'
+import type { ServerStats } from '#ui/providers/server-context'
 
 const VueApexCharts = defineAsyncComponent(() => import('vue3-apexcharts'))
 
@@ -82,7 +82,7 @@ const { featureFlags } = injectPageContext()
 
 const props = withDefaults(
 	defineProps<{
-		data?: Stats
+		data?: ServerStats
 		loading?: boolean
 		showMemoryAsBytes?: boolean
 	}>(),
diff --git a/packages/ui/src/components/servers/ServerSetupModal.vue b/packages/ui/src/components/servers/ServerSetupModal.vue
index 3492954f93..bdaba6afa2 100644
--- a/packages/ui/src/components/servers/ServerSetupModal.vue
+++ b/packages/ui/src/components/servers/ServerSetupModal.vue
@@ -11,6 +11,8 @@
 		:fade="props.initialSetup ? undefined : 'danger'"
 		:search-modpacks="searchModpacks"
 		:get-project-versions="getProjectVersions"
+		:finish-disabled="!canCompleteSetup"
+		:finish-disabled-tooltip="!canCompleteSetup ? permissionDeniedMessage : undefined"
 		@create="onFlowComplete"
 		@hide="$emit('hide')"
 		@browse-modpacks="$emit('browse-modpacks')"
@@ -24,6 +26,7 @@ import type { Archon, ModrinthApiError } from '@modrinth/api-client'
 import { computed, useTemplateRef } from 'vue'
 
 import { useDebugLogger } from '#ui/composables/debug-logger'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 
 import { defineMessages, useVIntl } from '../../composables/i18n'
 import { injectModrinthClient } from '../../providers/api-client'
@@ -60,6 +63,7 @@ const serverContext = injectModrinthServerContext()
 const { addNotification } = injectNotificationManager()
 
 const serverLoaders = ['vanilla', 'fabric', 'neoforge', 'forge', 'quilt', 'paper', 'purpur']
+const { canSetup, canResetServer, permissionDeniedMessage } = useServerPermissions()
 
 async function searchModpacks(query: string, limit: number = 10) {
 	return client.labrinth.projects_v2.search({
@@ -97,12 +101,20 @@ const initialLoader = computed(() => {
 })
 
 const initialGameVersion = computed(() => serverContext.server.value.mc_version ?? undefined)
+const canCompleteSetup = computed(() =>
+	props.initialSetup ? canSetup.value : canResetServer.value,
+)
 
 const creationFlowRef = useTemplateRef<InstanceType<typeof CreationFlowModal>>('creationFlowRef')
 const uploadProgressModal =
 	useTemplateRef<InstanceType<typeof UploadProgressModal>>('uploadProgressModal')
 
 async function onFlowComplete(ctx: CreationFlowContextValue) {
+	if (!canCompleteSetup.value) {
+		ctx.loading.value = false
+		return
+	}
+
 	debug('onFlowComplete:', {
 		setupType: ctx.setupType.value,
 		hasModpackFile: !!ctx.modpackFile.value,
@@ -207,6 +219,8 @@ function emitReinstall(args?: { loader: string; lVersion: string; mVersion: stri
 }
 
 function show() {
+	if (!canCompleteSetup.value) return
+
 	void creationFlowRef.value?.ctx?.fetchLoaderMetadata('paper')
 	void creationFlowRef.value?.ctx?.fetchLoaderMetadata('purpur')
 	creationFlowRef.value?.show()
diff --git a/packages/ui/src/components/servers/access/AccessTable.vue b/packages/ui/src/components/servers/access/AccessTable.vue
new file mode 100644
index 0000000000..fd333cafbd
--- /dev/null
+++ b/packages/ui/src/components/servers/access/AccessTable.vue
@@ -0,0 +1,624 @@
+<template>
+	<Table
+		v-if="members.length > 0"
+		v-model:sort-column="sortColumn"
+		v-model:sort-direction="sortDirection"
+		class="hidden sm:block"
+		:columns="columns"
+		:data="tableMembers"
+		row-key="id"
+	>
+		<template #cell-user="{ row: member }">
+			<AutoLink
+				:to="userProfilePath(member.user.username)"
+				class="inline-flex max-w-full min-w-0 items-center gap-2"
+				:class="userProfilePath(member.user.username) ? 'text-primary hover:underline' : ''"
+			>
+				<Avatar
+					:src="member.user.avatarUrl"
+					:alt="formatMessage(messages.userAvatarAlt, { username: member.user.username })"
+					:tint-by="member.user.username"
+					size="22px"
+					circle
+					no-shadow
+				/>
+				<span class="min-w-0 truncate font-medium">
+					{{ member.user.username }}
+				</span>
+			</AutoLink>
+		</template>
+
+		<template #cell-role="{ row: member }">
+			<span
+				v-if="member.isOwner"
+				class="inline-flex h-7 items-center rounded-full border border-solid px-2.5 py-1 text-sm font-semibold leading-none"
+				:class="roleClasses(member.role)"
+			>
+				{{ formatRole(member.role) }}
+			</span>
+			<div v-else v-tooltip="accessManagementTooltip" class="w-fit">
+				<Combobox
+					:model-value="member.role"
+					:options="roleComboboxOptions"
+					:display-value="formatRole(member.role)"
+					:disabled="!canManageUsers"
+					:trigger-class="
+						roleTriggerClass(member.role) +
+						` !inline-flex !w-auto !h-7 !min-h-0 !rounded-full !border !border-solid !px-2.5 !py-1 gap-1 !text-sm !font-semibold !leading-5`
+					"
+					dropdown-class="!rounded-[24px] !bg-surface-3"
+					dropdown-min-width="18rem"
+					force-direction="down"
+					@update:model-value="(role) => handleUpdateRole(member, role)"
+				>
+					<template #selected>
+						<span class="font-semibold leading-5" :class="roleTextClass(member.role)">
+							{{ formatRole(member.role) }}
+						</span>
+					</template>
+				</Combobox>
+			</div>
+		</template>
+
+		<template #cell-joined="{ row: member }">
+			<span
+				v-if="member.pending"
+				class="inline-flex h-7 items-center rounded-full border border-surface-5 border-solid bg-surface-4 px-2.5 py-1 text-sm font-semibold text-secondary"
+			>
+				{{ formatMessage(messages.pendingLabel) }}
+			</span>
+			<span v-else-if="member.joinedAt" v-tooltip="formatDate(member.joinedAt)">
+				{{ formatRelativeTime(member.joinedAt) }}
+			</span>
+			<span v-else>{{ formatMessage(messages.unknownJoinedDate) }}</span>
+		</template>
+
+		<template #cell-actions="{ row: member }">
+			<div v-if="!member.isOwner" class="flex items-center justify-end gap-1">
+				<ButtonStyled v-if="member.pending" circular type="transparent">
+					<button
+						v-tooltip="resendInviteTooltip(member)"
+						:aria-label="resendInviteLabel(member)"
+						:disabled="resendInviteDisabled(member)"
+						class="text-secondary hover:text-contrast disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:text-secondary"
+						@click="handleResendInvite(member)"
+					>
+						<SendIcon aria-hidden="true" />
+					</button>
+				</ButtonStyled>
+				<ButtonStyled circular type="transparent">
+					<button
+						v-tooltip="memberAccessActionTooltip(member)"
+						:aria-label="memberAccessActionLabel(member)"
+						:disabled="!canManageUsers"
+						class="text-secondary hover:text-red disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:text-secondary"
+						@click="member.pending ? handleCancelInvite(member) : handleRemoveMember(member)"
+					>
+						<XIcon v-if="member.pending" aria-hidden="true" />
+						<UserXIcon v-else aria-hidden="true" />
+					</button>
+				</ButtonStyled>
+			</div>
+		</template>
+	</Table>
+
+	<div
+		v-if="members.length > 0"
+		class="overflow-hidden rounded-2xl border border-solid border-surface-5 sm:hidden"
+	>
+		<div
+			class="grid min-h-14 grid-cols-[minmax(0,1.35fr)_7.75rem_minmax(6rem,0.8fr)_2.75rem] bg-surface-3"
+		>
+			<div class="flex items-center pl-4 font-semibold text-secondary">
+				<button
+					type="button"
+					class="flex min-w-0 cursor-pointer items-center gap-1 border-none bg-transparent p-0 font-semibold transition-colors hover:text-contrast"
+					:class="sortColumn === 'user' ? 'text-contrast' : 'text-secondary'"
+					@click="toggleSort('user')"
+				>
+					<span class="min-w-0 truncate">{{ formatMessage(messages.userColumn) }}</span>
+					<component :is="sortIcon('user')" v-if="sortIcon('user')" class="size-4" />
+				</button>
+			</div>
+			<div class="flex items-center font-semibold text-secondary">
+				<button
+					type="button"
+					class="flex cursor-pointer items-center gap-1 border-none bg-transparent p-0 font-semibold transition-colors hover:text-contrast"
+					:class="sortColumn === 'role' ? 'text-contrast' : 'text-secondary'"
+					@click="toggleSort('role')"
+				>
+					{{ formatMessage(messages.roleColumn) }}
+					<component :is="sortIcon('role')" v-if="sortIcon('role')" class="size-4" />
+				</button>
+			</div>
+			<div class="flex items-center justify-end font-semibold text-secondary">
+				<button
+					type="button"
+					class="flex cursor-pointer items-center gap-1 border-none bg-transparent p-0 font-semibold transition-colors hover:text-contrast"
+					:class="sortColumn === 'joined' ? 'text-contrast' : 'text-secondary'"
+					@click="toggleSort('joined')"
+				>
+					{{ formatMessage(messages.joinedColumn) }}
+					<component :is="sortIcon('joined')" v-if="sortIcon('joined')" class="size-4" />
+				</button>
+			</div>
+			<div class="flex items-center justify-end pr-4 font-semibold text-secondary">
+				<span class="sr-only">{{ formatMessage(messages.actionsColumn) }}</span>
+			</div>
+		</div>
+		<div
+			v-for="(member, index) in sortedMembers"
+			:key="member.id"
+			class="grid min-h-16 grid-cols-[minmax(0,1.35fr)_7.75rem_minmax(6rem,0.8fr)_2.75rem] items-center border-0 border-t border-solid border-surface-5"
+			:class="index % 2 === 0 ? 'bg-surface-2' : 'bg-surface-1.5'"
+		>
+			<div class="flex min-w-0 items-center pl-4">
+				<AutoLink
+					v-tooltip="member.user.username"
+					:to="userProfilePath(member.user.username)"
+					class="inline-flex min-w-0 items-center gap-2"
+					:class="userProfilePath(member.user.username) ? 'text-primary hover:underline' : ''"
+				>
+					<Avatar
+						:src="member.user.avatarUrl"
+						:alt="formatMessage(messages.userAvatarAlt, { username: member.user.username })"
+						:tint-by="member.user.username"
+						size="24px"
+						circle
+						no-shadow
+					/>
+					<span class="min-w-0 truncate font-medium">
+						{{ member.user.username }}
+					</span>
+				</AutoLink>
+			</div>
+			<div class="min-w-0 py-3 pr-2">
+				<span
+					v-if="member.isOwner"
+					class="inline-flex h-7 max-w-full items-center truncate rounded-full border border-solid px-2.5 py-1 text-sm font-semibold leading-none"
+					:class="roleClasses(member.role)"
+				>
+					{{ formatRole(member.role) }}
+				</span>
+				<div v-else v-tooltip="accessManagementTooltip" class="min-w-0">
+					<Combobox
+						:model-value="member.role"
+						:options="roleComboboxOptions"
+						:display-value="formatRole(member.role)"
+						:disabled="!canManageUsers"
+						:trigger-class="
+							roleTriggerClass(member.role) +
+							` !inline-flex !w-auto !max-w-full !h-7 !min-h-0 !rounded-full !border !border-solid !px-2.5 !py-1 gap-1 !text-sm !font-semibold !leading-5`
+						"
+						dropdown-class="!rounded-[24px] !bg-surface-3"
+						dropdown-min-width="18rem"
+						force-direction="down"
+						@update:model-value="(role) => handleUpdateRole(member, role)"
+					>
+						<template #selected>
+							<span
+								class="min-w-0 truncate font-semibold leading-5"
+								:class="roleTextClass(member.role)"
+							>
+								{{ formatRole(member.role) }}
+							</span>
+						</template>
+					</Combobox>
+				</div>
+			</div>
+			<div class="min-w-0 py-3 pr-2 text-right text-secondary">
+				<span
+					v-if="member.pending"
+					class="inline-flex h-7 max-w-full items-center rounded-full border border-surface-5 border-solid bg-surface-4 px-2.5 py-1 text-sm font-semibold text-secondary"
+				>
+					{{ formatMessage(messages.pendingLabel) }}
+				</span>
+				<span
+					v-else-if="member.joinedAt"
+					v-tooltip="formatDate(member.joinedAt)"
+					class="inline-block max-w-full truncate"
+				>
+					{{ formatRelativeTime(member.joinedAt) }}
+				</span>
+				<span v-else>{{ formatMessage(messages.unknownJoinedDate) }}</span>
+			</div>
+			<div class="flex min-w-0 items-center justify-end pr-2">
+				<ButtonStyled v-if="!member.isOwner" circular type="transparent">
+					<TeleportOverflowMenu :options="memberActionOptions(member)">
+						<MoreVerticalIcon aria-hidden="true" class="size-5" />
+						<span class="sr-only">
+							{{ formatMessage(messages.memberActionsLabel, { username: member.user.username }) }}
+						</span>
+						<template #resend-invite>
+							<SendIcon aria-hidden="true" />
+							{{ resendInviteLabel(member) }}
+						</template>
+						<template #cancel-invite>
+							<XIcon aria-hidden="true" />
+							{{ formatMessage(messages.cancelInvite) }}
+						</template>
+						<template #remove-user>
+							<UserXIcon aria-hidden="true" />
+							{{ formatMessage(messages.removeUser) }}
+						</template>
+					</TeleportOverflowMenu>
+				</ButtonStyled>
+			</div>
+		</div>
+	</div>
+
+	<div v-else class="overflow-hidden rounded-2xl border border-solid border-surface-5">
+		<div
+			class="grid min-h-14 grid-cols-[3.75rem_7.25rem_minmax(0,1fr)_2.75rem] bg-surface-3 sm:h-14 sm:grid-cols-[32%_28%_28%_12%]"
+		>
+			<div class="flex items-center pl-4 font-semibold text-secondary">
+				{{ formatMessage(messages.userColumn) }}
+			</div>
+			<div class="flex items-center font-semibold text-secondary">
+				{{ formatMessage(messages.roleColumn) }}
+			</div>
+			<div class="flex items-center font-semibold text-secondary">
+				{{ formatMessage(messages.joinedColumn) }}
+			</div>
+			<div class="flex items-center justify-end pr-4 font-semibold text-secondary">
+				{{ formatMessage(messages.actionsColumn) }}
+			</div>
+		</div>
+		<div
+			class="border-0 border-t border-solid border-surface-5 bg-surface-2 px-4 py-8 text-center text-secondary"
+		>
+			{{ formatMessage(messages.emptyState) }}
+		</div>
+	</div>
+</template>
+
+<script setup lang="ts">
+import {
+	ChevronDownIcon,
+	ChevronUpIcon,
+	MoreVerticalIcon,
+	SendIcon,
+	UserXIcon,
+	XIcon,
+} from '@modrinth/assets'
+import { type Component, computed, onMounted, onUnmounted, ref } from 'vue'
+
+import { useFormatDateTime, useRelativeTime } from '../../../composables'
+import { defineMessages, useVIntl } from '../../../composables/i18n'
+import { commonMessages } from '../../../utils/common-messages'
+import AutoLink from '../../base/AutoLink.vue'
+import Avatar from '../../base/Avatar.vue'
+import ButtonStyled from '../../base/ButtonStyled.vue'
+import Combobox, { type ComboboxOption } from '../../base/Combobox.vue'
+import Table, { type SortDirection, type TableColumn } from '../../base/Table.vue'
+import TeleportOverflowMenu from '../../base/TeleportOverflowMenu.vue'
+import type { ServerAccessMember, ServerAccessRole, ServerAccessRoleOption } from './types'
+
+const props = withDefaults(
+	defineProps<{
+		members: ServerAccessMember[]
+		roles: ServerAccessRoleOption[]
+		canManageUsers?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		canManageUsers: true,
+	},
+)
+
+const emit = defineEmits<{
+	updateRole: [member: ServerAccessMember, role: ServerAccessRole]
+	resendInvite: [member: ServerAccessMember]
+	cancelInvite: [member: ServerAccessMember]
+	removeMember: [member: ServerAccessMember]
+}>()
+
+const { formatMessage } = useVIntl()
+const formatRelativeTime = useRelativeTime()
+const formatDate = useFormatDateTime({ dateStyle: 'medium', timeStyle: 'short' })
+
+const messages = defineMessages({
+	userColumn: {
+		id: 'servers.access-table.column.user',
+		defaultMessage: 'User',
+	},
+	roleColumn: {
+		id: 'servers.access-table.column.role',
+		defaultMessage: 'Role',
+	},
+	joinedColumn: {
+		id: 'servers.access-table.column.joined',
+		defaultMessage: 'Joined',
+	},
+	actionsColumn: {
+		id: 'servers.access-table.column.actions',
+		defaultMessage: 'Actions',
+	},
+	memberActionsLabel: {
+		id: 'servers.access-table.member-actions-label',
+		defaultMessage: 'Actions for {username}',
+	},
+	pendingLabel: {
+		id: 'servers.access-table.pending',
+		defaultMessage: 'Pending',
+	},
+	unknownJoinedDate: {
+		id: 'servers.access-table.unknown-joined-date',
+		defaultMessage: '—',
+	},
+	resendInvite: {
+		id: 'servers.access-table.action.resend-invite',
+		defaultMessage: 'Resend invite',
+	},
+	cancelInvite: {
+		id: 'servers.access-table.action.cancel-invite',
+		defaultMessage: 'Cancel invite',
+	},
+	removeUser: {
+		id: 'servers.access-table.action.remove-user',
+		defaultMessage: 'Remove user',
+	},
+	emptyState: {
+		id: 'servers.access-table.empty',
+		defaultMessage: 'No users match your filters.',
+	},
+	userAvatarAlt: {
+		id: 'servers.access-table.user-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
+	ownerRole: {
+		id: 'servers.access-role.owner',
+		defaultMessage: 'Owner',
+	},
+	editorRole: {
+		id: 'servers.access-role.editor',
+		defaultMessage: 'Editor',
+	},
+	viewerRole: {
+		id: 'servers.access-role.viewer',
+		defaultMessage: 'Limited',
+	},
+	resendInviteCooldown: {
+		id: 'servers.access-table.action.resend-invite-cooldown',
+		defaultMessage: 'Resend in {seconds}s',
+	},
+})
+
+type AccessTableColumn = 'user' | 'role' | 'joined' | 'actions'
+type AccessTableSortableColumn = Exclude<AccessTableColumn, 'actions'>
+type AccessTableRow = ServerAccessMember & Record<string, unknown>
+type OverflowMenuOption = {
+	id: string
+	icon?: Component
+	action: () => void
+	shown?: boolean
+	color?: 'standard' | 'brand' | 'red' | 'orange' | 'green' | 'blue' | 'purple'
+	disabled?: boolean
+	tooltip?: string
+}
+
+const columns = computed<TableColumn<AccessTableColumn>[]>(() => [
+	{ key: 'user', label: formatMessage(messages.userColumn), width: '32%', enableSorting: true },
+	{ key: 'role', label: formatMessage(messages.roleColumn), width: '28%', enableSorting: true },
+	{ key: 'joined', label: formatMessage(messages.joinedColumn), width: '28%', enableSorting: true },
+	{ key: 'actions', label: formatMessage(messages.actionsColumn), align: 'right', width: '12%' },
+])
+
+const sortColumn = ref<string | undefined>('role')
+const sortDirection = ref<SortDirection>('asc')
+const now = ref(Date.now())
+let nowInterval: ReturnType<typeof setInterval> | null = null
+const canManageUsers = computed(() => props.canManageUsers)
+const permissionDeniedMessage = computed(
+	() => props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction),
+)
+const accessManagementTooltip = computed(() =>
+	canManageUsers.value ? undefined : permissionDeniedMessage.value,
+)
+
+const roleSortOrder: Record<ServerAccessRole, number> = {
+	owner: 0,
+	editor: 1,
+	viewer: 2,
+}
+
+const sortedMembers = computed(() => {
+	const direction = sortDirection.value === 'asc' ? 1 : -1
+	const column = normalizeSortColumn(sortColumn.value)
+
+	return [...props.members].sort((a, b) => {
+		const compared = compareMembers(a, b, column)
+		if (compared !== 0) return compared * direction
+
+		return a.user.username.localeCompare(b.user.username)
+	})
+})
+
+const tableMembers = computed<AccessTableRow[]>(() => sortedMembers.value as AccessTableRow[])
+
+onMounted(() => {
+	nowInterval = setInterval(() => {
+		now.value = Date.now()
+	}, 1000)
+})
+
+onUnmounted(() => {
+	if (nowInterval) clearInterval(nowInterval)
+})
+
+function formatRole(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return formatMessage(messages.ownerRole)
+		case 'editor':
+			return formatMessage(messages.editorRole)
+		case 'viewer':
+			return formatMessage(messages.viewerRole)
+	}
+}
+
+const roleComboboxOptions = computed<ComboboxOption<ServerAccessRole>[]>(() =>
+	props.roles
+		.filter((role) => role.value !== 'owner')
+		.map((role) => ({
+			value: role.value,
+			label: role.label,
+			subLabel: role.description,
+		})),
+)
+
+function compareMembers(
+	a: ServerAccessMember,
+	b: ServerAccessMember,
+	column: AccessTableSortableColumn,
+): number {
+	switch (column) {
+		case 'user':
+			return a.user.username.localeCompare(b.user.username)
+		case 'role':
+			return roleSortOrder[a.role] - roleSortOrder[b.role]
+		case 'joined':
+			return joinedTimestamp(a) - joinedTimestamp(b)
+	}
+}
+
+function normalizeSortColumn(column: string | undefined): AccessTableSortableColumn {
+	return column === 'user' || column === 'role' || column === 'joined' ? column : 'joined'
+}
+
+function joinedTimestamp(member: ServerAccessMember): number {
+	if (member.pending) return Number.NEGATIVE_INFINITY
+	return member.joinedAt ? new Date(member.joinedAt).getTime() : 0
+}
+
+function toggleSort(column: AccessTableSortableColumn) {
+	if (sortColumn.value === column) {
+		sortDirection.value = sortDirection.value === 'asc' ? 'desc' : 'asc'
+		return
+	}
+
+	sortColumn.value = column
+	sortDirection.value = 'asc'
+}
+
+function sortIcon(column: AccessTableSortableColumn): Component | null {
+	if (sortColumn.value !== column) return null
+	return sortDirection.value === 'asc' ? ChevronUpIcon : ChevronDownIcon
+}
+
+function roleClasses(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return 'border-orange !bg-highlight-orange !text-orange'
+		case 'editor':
+			return 'border-green !bg-highlight-green !text-brand'
+		case 'viewer':
+			return 'border-blue !bg-highlight-blue !text-blue'
+	}
+}
+
+function roleTextClass(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return '!text-orange'
+		case 'editor':
+			return '!text-green'
+		case 'viewer':
+			return '!text-blue'
+	}
+}
+
+function roleTriggerClass(role: ServerAccessRole): string {
+	return roleClasses(role)
+}
+
+function userProfilePath(username: string): string | undefined {
+	if (!username || username.includes('@')) return undefined
+	return `/user/${encodeURIComponent(username)}`
+}
+
+function resendInviteCooldownSeconds(member: ServerAccessMember): number {
+	const availableAt = member.inviteResendAvailableAt
+		? new Date(member.inviteResendAvailableAt).getTime()
+		: 0
+	return Math.max(0, Math.ceil((availableAt - now.value) / 1000))
+}
+
+function resendInviteCooldownDisabled(member: ServerAccessMember): boolean {
+	return resendInviteCooldownSeconds(member) > 0
+}
+
+function resendInviteDisabled(member: ServerAccessMember): boolean {
+	return !canManageUsers.value || resendInviteCooldownDisabled(member)
+}
+
+function resendInviteLabel(member: ServerAccessMember): string {
+	const seconds = resendInviteCooldownSeconds(member)
+	return seconds > 0
+		? formatMessage(messages.resendInviteCooldown, { seconds })
+		: formatMessage(messages.resendInvite)
+}
+
+function resendInviteTooltip(member: ServerAccessMember): string {
+	return canManageUsers.value ? resendInviteLabel(member) : permissionDeniedMessage.value
+}
+
+function handleResendInvite(member: ServerAccessMember) {
+	if (resendInviteDisabled(member)) return
+	emit('resendInvite', member)
+}
+
+function memberAccessActionLabel(member: ServerAccessMember): string {
+	return member.pending ? formatMessage(messages.cancelInvite) : formatMessage(messages.removeUser)
+}
+
+function memberAccessActionTooltip(member: ServerAccessMember): string {
+	return canManageUsers.value ? memberAccessActionLabel(member) : permissionDeniedMessage.value
+}
+
+function handleUpdateRole(member: ServerAccessMember, role: ServerAccessRole) {
+	if (!canManageUsers.value) return
+	emit('updateRole', member, role)
+}
+
+function handleCancelInvite(member: ServerAccessMember) {
+	if (!canManageUsers.value) return
+	emit('cancelInvite', member)
+}
+
+function handleRemoveMember(member: ServerAccessMember) {
+	if (!canManageUsers.value) return
+	emit('removeMember', member)
+}
+
+function memberActionOptions(member: ServerAccessMember): OverflowMenuOption[] {
+	return [
+		{
+			id: 'resend-invite',
+			icon: SendIcon,
+			action: () => handleResendInvite(member),
+			shown: member.pending,
+			disabled: resendInviteDisabled(member),
+			tooltip: resendInviteTooltip(member),
+		},
+		{
+			id: 'cancel-invite',
+			icon: XIcon,
+			action: () => handleCancelInvite(member),
+			color: 'red',
+			shown: member.pending,
+			disabled: !canManageUsers.value,
+			tooltip: memberAccessActionTooltip(member),
+		},
+		{
+			id: 'remove-user',
+			icon: UserXIcon,
+			action: () => handleRemoveMember(member),
+			color: 'red',
+			shown: !member.pending,
+			disabled: !canManageUsers.value,
+			tooltip: memberAccessActionTooltip(member),
+		},
+	]
+}
+</script>
diff --git a/packages/ui/src/components/servers/access/AuditLogEventCell.vue b/packages/ui/src/components/servers/access/AuditLogEventCell.vue
new file mode 100644
index 0000000000..e04aef1e28
--- /dev/null
+++ b/packages/ui/src/components/servers/access/AuditLogEventCell.vue
@@ -0,0 +1,13 @@
+<template>
+	<div class="audit-log-table-event min-w-0 truncate">
+		<component :is="event.component" v-bind="event.props" class="audit-log-table-event-component" />
+	</div>
+</template>
+
+<script setup lang="ts">
+import type { ParsedAuditEvent } from './events/types'
+
+defineProps<{
+	event: ParsedAuditEvent
+}>()
+</script>
diff --git a/packages/ui/src/components/servers/access/AuditLogTable.vue b/packages/ui/src/components/servers/access/AuditLogTable.vue
new file mode 100644
index 0000000000..61f380a575
--- /dev/null
+++ b/packages/ui/src/components/servers/access/AuditLogTable.vue
@@ -0,0 +1,703 @@
+<template>
+	<div class="@container flex flex-col gap-4">
+		<div class="flex min-w-0 flex-col items-start gap-3 @[640px]:flex-row @[640px]:items-center">
+			<TimeFramePicker
+				v-model:mode="timeframeMode"
+				v-model:preset="timeframePreset"
+				v-model:last-amount="timeframeLastAmount"
+				v-model:last-unit="timeframeLastUnit"
+				v-model:custom-start-date="timeframeCustomStartDate"
+				v-model:custom-end-date="timeframeCustomEndDate"
+				:class="timeframePickerClass"
+				:trigger-class="timeframePickerTriggerClass"
+			/>
+			<template v-if="slots.filters">
+				<div class="hidden h-8 w-[1px] shrink-0 bg-surface-5 @[640px]:ml-1 @[640px]:block"></div>
+				<div class="flex min-w-0 flex-wrap items-center gap-2">
+					<slot name="filters"></slot>
+				</div>
+			</template>
+		</div>
+
+		<div class="audit-log-content-frame relative overflow-hidden" :style="contentFrameStyle">
+			<div ref="contentBody" class="min-w-0">
+				<Table
+					v-if="filteredEntries.length > 0"
+					v-model:sort-column="sortColumn"
+					v-model:sort-direction="sortDirection"
+					class="audit-log-table hidden @[800px]:block @[800px]:text-sm @[1040px]:text-base"
+					:columns="columns"
+					:data="tableEntries"
+					row-key="id"
+					:row-transition-name="rowTransitionName"
+				>
+					<template #header-world="{ column }">
+						<span class="inline-flex min-w-0 max-w-full items-center gap-1 font-semibold">
+							<span class="min-w-0 truncate">{{ column.label }}</span>
+							<Tooltip
+								theme="dismissable-prompt"
+								class="inline-flex shrink-0"
+								:triggers="['hover', 'focus']"
+								:popper-triggers="['hover', 'focus']"
+								popper-class="v-popper--interactive"
+								placement="top"
+								:delay="{ show: 200, hide: 100 }"
+								no-auto-focus
+							>
+								<button
+									type="button"
+									:aria-label="formatMessage(messages.instanceTooltipTitle)"
+									class="inline-flex cursor-help items-center justify-center border-0 bg-transparent p-0 text-secondary transition-colors hover:text-contrast"
+								>
+									<UnknownIcon class="size-4" aria-hidden="true" />
+								</button>
+								<template #popper>
+									<div class="grid !w-64 gap-1">
+										<h3 class="m-0 whitespace-nowrap text-base w-full font-bold text-contrast">
+											{{ formatMessage(messages.instanceTooltipTitle) }}
+										</h3>
+										<p
+											class="m-0 text-wrap text-sm w-full font-medium leading-tight text-secondary"
+										>
+											{{ formatMessage(messages.instanceTooltipDescription) }}
+										</p>
+									</div>
+								</template>
+							</Tooltip>
+						</span>
+					</template>
+
+					<template #cell-user="{ row: entry }">
+						<AutoLink
+							v-tooltip="actorName(entry)"
+							:to="actorProfilePath(entry)"
+							class="flex min-w-0 items-center gap-2 whitespace-nowrap"
+							:class="actorProfilePath(entry) ? 'text-primary hover:underline' : ''"
+						>
+							<Avatar
+								:src="
+									entry.actor.id === 'support'
+										? IntercomBubbleIcon
+										: (entry.actor.avatarUrl ?? undefined)
+								"
+								:alt="formatMessage(messages.userAvatarAlt, { username: actorName(entry) })"
+								:tint-by="entry.actor.username"
+								size="22px"
+								circle
+								no-shadow
+							/>
+							<span
+								class="min-w-0 truncate font-medium"
+								:class="entry.actor.id === 'support' ? 'text-blue' : ''"
+							>
+								{{ actorName(entry) }}
+							</span>
+						</AutoLink>
+					</template>
+
+					<template #cell-event="{ row: entry }">
+						<AuditLogEventCell :event="entry.event" />
+					</template>
+
+					<template #cell-world="{ row: entry }">
+						<span
+							v-tooltip="entry.world?.name"
+							class="block min-w-0 truncate whitespace-nowrap"
+							:class="entry.world ? 'text-primary' : 'text-secondary'"
+						>
+							{{ entry.world?.name ?? '—' }}
+						</span>
+					</template>
+
+					<template #cell-time="{ row: entry }">
+						<span
+							v-tooltip="formatDate(entry.timestamp)"
+							class="inline-block max-w-full truncate whitespace-nowrap align-middle leading-5 @[1040px]:leading-6"
+						>
+							{{ formatCompactRelativeTime(entry.timestamp) }}
+						</span>
+					</template>
+				</Table>
+
+				<TransitionGroup
+					v-if="filteredEntries.length > 0"
+					name="audit-log-card"
+					tag="div"
+					class="flex flex-col gap-3 @[800px]:hidden"
+				>
+					<div
+						v-for="entry in filteredEntries"
+						:key="entry.id"
+						class="flex min-w-0 flex-col gap-3 rounded-2xl border border-solid border-surface-5 bg-surface-2 p-4"
+					>
+						<AutoLink
+							v-tooltip="actorName(entry)"
+							:to="actorProfilePath(entry)"
+							class="inline-flex min-w-0 items-center gap-2 self-start"
+							:class="actorProfilePath(entry) ? 'text-primary hover:underline' : 'text-primary'"
+						>
+							<Avatar
+								:src="actorAvatarSrc(entry)"
+								:alt="formatMessage(messages.userAvatarAlt, { username: actorName(entry) })"
+								:tint-by="entry.actor.username"
+								size="24px"
+								circle
+								no-shadow
+							/>
+							<span
+								class="min-w-0 truncate font-medium"
+								:class="entry.actor.id === 'support' ? 'text-blue' : ''"
+							>
+								{{ actorName(entry) }}
+							</span>
+						</AutoLink>
+						<div class="min-w-0">
+							<component :is="entry.event.component" v-bind="entry.event.props" />
+						</div>
+						<div class="flex min-w-0 items-center gap-1 text-sm text-secondary">
+							<span v-if="showWorldColumn" v-tooltip="entry.world?.name" class="min-w-0 truncate">
+								{{ entry.world?.name ?? formatMessage(messages.serverScope) }}
+							</span>
+							<BulletDivider v-if="showWorldColumn" class="shrink-0" />
+							<span v-tooltip="formatDate(entry.timestamp)" class="shrink-0">
+								{{ formatRelativeTime(entry.timestamp) }}
+							</span>
+						</div>
+					</div>
+				</TransitionGroup>
+
+				<div v-else class="overflow-hidden rounded-2xl border border-solid border-surface-5">
+					<div
+						class="hidden min-h-14 bg-surface-3 @[800px]:grid @[800px]:h-14 @[800px]:text-sm @[1040px]:text-base"
+						:class="
+							showWorldColumn
+								? '@[800px]:grid-cols-[18%_52%_20%_10%]'
+								: '@[800px]:grid-cols-[18%_72%_10%]'
+						"
+					>
+						<div class="hidden items-center pl-4 pr-2 font-semibold text-secondary @[800px]:flex">
+							{{ formatMessage(messages.userColumn) }}
+						</div>
+						<div class="hidden items-center px-2 font-semibold text-secondary @[800px]:flex">
+							{{ formatMessage(messages.eventColumn) }}
+						</div>
+						<div
+							v-if="showWorldColumn"
+							class="hidden items-center px-2 font-semibold text-secondary @[800px]:flex"
+						>
+							<span class="inline-flex min-w-0 max-w-full items-center gap-1 font-semibold">
+								<span class="min-w-0 truncate">{{ formatMessage(messages.worldColumn) }}</span>
+								<Tooltip
+									theme="dismissable-prompt"
+									class="inline-flex shrink-0"
+									:triggers="['hover', 'focus']"
+									:popper-triggers="['hover', 'focus']"
+									popper-class="v-popper--interactive"
+									placement="top"
+									:delay="{ show: 200, hide: 100 }"
+									no-auto-focus
+								>
+									<button
+										type="button"
+										:aria-label="formatMessage(messages.instanceTooltipTitle)"
+										class="inline-flex cursor-help items-center justify-center border-0 bg-transparent p-0 text-secondary transition-colors hover:text-contrast"
+									>
+										<UnknownIcon class="size-4" aria-hidden="true" />
+									</button>
+									<template #popper>
+										<div class="grid !w-64 gap-1">
+											<h3 class="m-0 whitespace-nowrap text-base font-bold text-contrast">
+												{{ formatMessage(messages.instanceTooltipTitle) }}
+											</h3>
+											<p class="m-0 text-wrap text-sm font-medium leading-tight text-secondary">
+												{{ formatMessage(messages.instanceTooltipDescription) }}
+											</p>
+										</div>
+									</template>
+								</Tooltip>
+							</span>
+						</div>
+						<div
+							class="hidden items-center justify-end pl-2 pr-4 font-semibold text-secondary @[800px]:flex"
+						>
+							{{ formatMessage(messages.timeColumn) }}
+						</div>
+					</div>
+					<div
+						class="border-0 border-solid border-surface-5 bg-surface-2 px-4 py-8 text-center text-secondary @[800px]:border-t"
+					>
+						{{ formatMessage(emptyStateMessage) }}
+					</div>
+				</div>
+			</div>
+
+			<Transition name="audit-log-loading-fade">
+				<div
+					v-if="loading"
+					class="pointer-events-none absolute bottom-px left-px right-px top-0 z-20 animate-audit-log-bpulse rounded-[15px] bg-surface-3 @[800px]:top-[57px] @[800px]:rounded-t-none @[800px]:border-0 @[800px]:border-t @[800px]:border-solid @[800px]:border-surface-5"
+					aria-hidden="true"
+				/>
+			</Transition>
+		</div>
+
+		<div
+			v-if="loadingMore"
+			class="h-8 animate-audit-log-bpulse rounded-xl bg-surface-3"
+			aria-hidden="true"
+		></div>
+		<div v-if="hasMore" ref="loadMoreSentinel" class="h-px"></div>
+	</div>
+</template>
+
+<script setup lang="ts">
+import { IntercomBubbleIcon, UnknownIcon } from '@modrinth/assets'
+import { Tooltip } from 'floating-vue'
+import { computed, nextTick, onBeforeUnmount, onMounted, ref, useSlots, watch } from 'vue'
+
+import { useFormatDateTime, useRelativeTime } from '../../../composables'
+import { defineMessages, useVIntl } from '../../../composables/i18n'
+import AutoLink from '../../base/AutoLink.vue'
+import Avatar from '../../base/Avatar.vue'
+import BulletDivider from '../../base/BulletDivider.vue'
+import Table, { type SortDirection, type TableColumn } from '../../base/Table.vue'
+import TimeFramePicker, {
+	type TimeFrameLastUnit,
+	type TimeFrameMode,
+	type TimeFramePreset,
+} from '../../base/TimeFramePicker.vue'
+import AuditLogEventCell from './AuditLogEventCell.vue'
+import type { ServerAuditLogEntry, ServerAuditLogFilters } from './types'
+
+const props = defineProps<{
+	entries: ServerAuditLogEntry[]
+	hasActiveExternalFilters?: boolean
+	hasMore?: boolean
+	loading?: boolean
+	loadingMore?: boolean
+	showWorldColumn?: boolean
+	suppressRowTransitions?: boolean
+}>()
+
+const emit = defineEmits<{
+	'load-more': []
+}>()
+
+const query = defineModel<string>('query', { default: '' })
+const timeframeMode = defineModel<TimeFrameMode>('timeframeMode', { default: 'preset' })
+const timeframePreset = defineModel<TimeFramePreset>('timeframePreset', { default: 'all_time' })
+const timeframeLastAmount = defineModel<number>('timeframeLastAmount', { default: 30 })
+const timeframeLastUnit = defineModel<TimeFrameLastUnit>('timeframeLastUnit', { default: 'days' })
+const timeframeCustomStartDate = defineModel<string>('timeframeCustomStartDate', { default: '' })
+const timeframeCustomEndDate = defineModel<string>('timeframeCustomEndDate', { default: '' })
+const sortDirection = defineModel<SortDirection>('sortDirection', { default: 'desc' })
+const filters = defineModel<ServerAuditLogFilters>('filters', {
+	default: () => ({
+		userId: null,
+		worldId: null,
+	}),
+})
+
+const { formatMessage } = useVIntl()
+const formatRelativeTime = useRelativeTime()
+const formatCompactRelativeTime = useRelativeTime({ numeric: 'always', style: 'narrow' })
+const formatDate = useFormatDateTime({ dateStyle: 'medium', timeStyle: 'short' })
+const slots = useSlots()
+const sortColumn = ref<string | undefined>('time')
+const suppressSortRowTransitions = ref(false)
+const loadMoreSentinel = ref<HTMLElement | null>(null)
+const contentBody = ref<HTMLElement | null>(null)
+const contentHeight = ref<number | null>(null)
+const showWorldColumn = computed(() => props.showWorldColumn !== false)
+let loadMoreObserver: IntersectionObserver | null = null
+let contentResizeObserver: ResizeObserver | null = null
+let sortTransitionResetTimeout: ReturnType<typeof setTimeout> | null = null
+
+const messages = defineMessages({
+	supportActor: {
+		id: 'servers.audit-log.actor.support',
+		defaultMessage: 'Support',
+	},
+	userColumn: {
+		id: 'servers.audit-log.column.user',
+		defaultMessage: 'User',
+	},
+	worldColumn: {
+		id: 'servers.audit-log.column.world',
+		defaultMessage: 'Instance',
+	},
+	instanceTooltipTitle: {
+		id: 'servers.audit-log.column.world.tooltip-title',
+		defaultMessage: 'Coming soon!',
+	},
+	instanceTooltipDescription: {
+		id: 'servers.audit-log.column.world.tooltip-description',
+		defaultMessage:
+			'Server instances are contained environments with their own installed content and world files.',
+	},
+	eventColumn: {
+		id: 'servers.audit-log.column.event',
+		defaultMessage: 'Event',
+	},
+	timeColumn: {
+		id: 'servers.audit-log.column.time',
+		defaultMessage: 'Time',
+	},
+	emptyState: {
+		id: 'servers.audit-log.empty',
+		defaultMessage: 'No activity matches your filters.',
+	},
+	noActivityEmptyState: {
+		id: 'servers.audit-log.empty.no-activity',
+		defaultMessage: 'Perform an action on your server and you will see it here!',
+	},
+	userAvatarAlt: {
+		id: 'servers.audit-log.user-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
+	serverScope: {
+		id: 'servers.audit-log.scope.server',
+		defaultMessage: 'Server',
+	},
+})
+
+const timeframePickerClass = computed(() =>
+	slots.filters ? '!w-full @[640px]:!w-[225px] shrink-0' : '!w-full @[640px]:!w-[225px]',
+)
+const timeframePickerTriggerClass =
+	'!h-10 !min-h-10 !w-full !rounded-[14px] !bg-surface-4 !py-2.5 !pl-4 !pr-3 !text-base shadow-[0px_1px_1px_rgba(0,0,0,0.3),0px_1px_1.5px_rgba(0,0,0,0.15)]'
+
+onMounted(() => {
+	updateLoadMoreObserver()
+	updateContentHeightObserver()
+})
+
+onBeforeUnmount(() => {
+	loadMoreObserver?.disconnect()
+	contentResizeObserver?.disconnect()
+	if (sortTransitionResetTimeout) {
+		clearTimeout(sortTransitionResetTimeout)
+	}
+})
+
+watch(
+	() => [props.hasMore, props.loadingMore, loadMoreSentinel.value] as const,
+	() => updateLoadMoreObserver(),
+	{ flush: 'post' },
+)
+
+watch(
+	sortDirection,
+	(_direction, previousDirection) => {
+		if (previousDirection === undefined) return
+		suppressSortRowTransitions.value = true
+		scheduleSortTransitionReset(1500)
+	},
+	{ flush: 'sync' },
+)
+
+watch(
+	() => props.entries,
+	() => {
+		if (suppressSortRowTransitions.value) {
+			scheduleSortTransitionReset(120)
+		}
+	},
+	{ flush: 'post' },
+)
+
+type AuditLogTableColumn = 'user' | 'event' | 'world' | 'time'
+type AuditLogTableRow = ServerAuditLogEntry & Record<string, unknown>
+
+const columns = computed<TableColumn<AuditLogTableColumn>[]>(() => {
+	const tableColumns: TableColumn<AuditLogTableColumn>[] = [
+		{ key: 'user', label: formatMessage(messages.userColumn), width: '18%' },
+		{
+			key: 'event',
+			label: formatMessage(messages.eventColumn),
+			width: showWorldColumn.value ? '52%' : '72%',
+		},
+	]
+
+	if (showWorldColumn.value) {
+		tableColumns.push({
+			key: 'world',
+			label: formatMessage(messages.worldColumn),
+			width: '20%',
+		})
+	}
+
+	tableColumns.push({
+		key: 'time',
+		label: formatMessage(messages.timeColumn),
+		align: 'right',
+		enableSorting: true,
+		width: '10%',
+	})
+
+	return tableColumns
+})
+const rowTransitionName = computed(() =>
+	props.suppressRowTransitions || suppressSortRowTransitions.value ? undefined : 'audit-log-row',
+)
+
+const filteredEntries = computed(() => {
+	const normalizedQuery = query.value.trim().toLowerCase()
+
+	return props.entries
+		.filter((entry) => {
+			if (filters.value.userId && entry.actor.id !== filters.value.userId) return false
+			if (
+				showWorldColumn.value &&
+				filters.value.worldId &&
+				entry.world?.id !== filters.value.worldId
+			) {
+				return false
+			}
+
+			if (!normalizedQuery) return true
+
+			return [
+				entry.actor.username,
+				showWorldColumn.value ? entry.world?.name : undefined,
+				entry.event.searchText,
+				entry.event.key,
+			]
+				.filter((value): value is string => typeof value === 'string' && value.length > 0)
+				.some((value) => value.toLowerCase().includes(normalizedQuery))
+		})
+		.slice()
+		.sort((a, b) => {
+			const leftTimestamp = new Date(a.timestamp).getTime()
+			const rightTimestamp = new Date(b.timestamp).getTime()
+			return sortDirection.value === 'asc'
+				? leftTimestamp - rightTimestamp
+				: rightTimestamp - leftTimestamp
+		})
+})
+
+const tableEntries = computed<AuditLogTableRow[]>(() => filteredEntries.value as AuditLogTableRow[])
+const contentFrameStyle = computed(() =>
+	contentHeight.value === null ? undefined : { height: `${contentHeight.value}px` },
+)
+
+watch(
+	() => [filteredEntries.value.length, props.loading] as const,
+	() => updateContentHeight(),
+	{ flush: 'post' },
+)
+
+const hasActiveTimeframeFilter = computed(() => {
+	if (timeframeMode.value === 'preset') {
+		return timeframePreset.value !== 'all_time'
+	}
+
+	if (timeframeMode.value === 'last') {
+		return true
+	}
+
+	return Boolean(timeframeCustomStartDate.value || timeframeCustomEndDate.value)
+})
+
+const hasActiveFilters = computed(
+	() =>
+		props.hasActiveExternalFilters ||
+		query.value.trim().length > 0 ||
+		hasActiveTimeframeFilter.value ||
+		!!filters.value.userId ||
+		(showWorldColumn.value && !!filters.value.worldId),
+)
+
+const emptyStateMessage = computed(() =>
+	props.entries.length === 0 && !hasActiveFilters.value
+		? messages.noActivityEmptyState
+		: messages.emptyState,
+)
+
+function actorName(entry: ServerAuditLogEntry): string {
+	if (entry.actor.id !== 'support') return entry.actor.username
+	return entry.actor.username === 'support'
+		? formatMessage(messages.supportActor)
+		: entry.actor.username
+}
+
+function actorAvatarSrc(entry: ServerAuditLogEntry): string | undefined {
+	return entry.actor.id === 'support' ? IntercomBubbleIcon : (entry.actor.avatarUrl ?? undefined)
+}
+
+function actorProfilePath(entry: ServerAuditLogEntry): string | undefined {
+	return entry.actor.profilePath
+}
+
+function updateLoadMoreObserver() {
+	loadMoreObserver?.disconnect()
+	loadMoreObserver = null
+
+	if (!props.hasMore || typeof IntersectionObserver === 'undefined') {
+		return
+	}
+
+	nextTick(() => {
+		if (!loadMoreSentinel.value || !props.hasMore) {
+			return
+		}
+
+		loadMoreObserver?.disconnect()
+		loadMoreObserver = new IntersectionObserver(
+			(entries) => {
+				if (entries.some((entry) => entry.isIntersecting) && !props.loadingMore) {
+					emit('load-more')
+				}
+			},
+			{ rootMargin: '400px 0px' },
+		)
+		loadMoreObserver.observe(loadMoreSentinel.value)
+	})
+}
+
+function updateContentHeightObserver() {
+	contentResizeObserver?.disconnect()
+	contentResizeObserver = null
+
+	nextTick(() => {
+		updateContentHeight()
+
+		if (!contentBody.value || typeof ResizeObserver === 'undefined') {
+			return
+		}
+
+		contentResizeObserver = new ResizeObserver((entries) => {
+			const height =
+				entries[0]?.contentRect.height ?? contentBody.value?.getBoundingClientRect().height ?? 0
+			setContentHeight(height)
+		})
+		contentResizeObserver.observe(contentBody.value)
+	})
+}
+
+function updateContentHeight() {
+	nextTick(() => {
+		if (!contentBody.value) return
+		setContentHeight(contentBody.value.getBoundingClientRect().height)
+	})
+}
+
+function setContentHeight(height: number) {
+	contentHeight.value = Math.ceil(height)
+}
+
+function scheduleSortTransitionReset(delay: number) {
+	if (sortTransitionResetTimeout) {
+		clearTimeout(sortTransitionResetTimeout)
+	}
+
+	sortTransitionResetTimeout = setTimeout(() => {
+		suppressSortRowTransitions.value = false
+		sortTransitionResetTimeout = null
+	}, delay)
+}
+</script>
+
+<style>
+@media (prefers-reduced-motion: no-preference) {
+	.audit-log-content-frame {
+		transition: height 220ms ease-in-out;
+	}
+}
+
+@keyframes audit-log-bpulse {
+	50% {
+		filter: brightness(75%);
+	}
+}
+
+.animate-audit-log-bpulse {
+	animation: audit-log-bpulse 2s cubic-bezier(0.4, 0, 0.6, 1) infinite;
+}
+
+.audit-log-table :is(th, td) {
+	height: 54px;
+	padding-left: 0.5rem;
+	padding-right: 0.5rem;
+	vertical-align: middle;
+}
+
+.audit-log-table :is(th, td):first-child {
+	padding-left: 1rem;
+}
+
+.audit-log-table :is(th, td):last-child {
+	padding-right: 1rem;
+}
+
+.audit-log-table tbody tr {
+	height: 54px;
+	max-height: 54px;
+}
+
+.audit-log-table tbody td {
+	height: 54px;
+	max-height: 54px;
+	padding-bottom: 0;
+	padding-top: 0;
+}
+
+.audit-log-table-event {
+	line-height: 1.375rem;
+}
+
+.audit-log-table-event-component > span {
+	line-height: inherit;
+}
+
+@container (min-width: 1040px) {
+	.audit-log-table :is(th, td) {
+		padding-left: 0.75rem;
+		padding-right: 0.75rem;
+	}
+
+	.audit-log-table :is(th, td):first-child {
+		padding-left: 1rem;
+	}
+
+	.audit-log-table :is(th, td):last-child {
+		padding-right: 1rem;
+	}
+
+	.audit-log-table-event {
+		line-height: 1.375rem;
+	}
+}
+
+.audit-log-loading-fade-enter-active,
+.audit-log-loading-fade-leave-active {
+	transition: opacity 250ms ease-in-out;
+}
+
+.audit-log-loading-fade-enter-from,
+.audit-log-loading-fade-leave-to {
+	opacity: 0;
+}
+
+.audit-log-row-enter-active,
+.audit-log-row-leave-active,
+.audit-log-row-move,
+.audit-log-card-enter-active,
+.audit-log-card-leave-active,
+.audit-log-card-move {
+	transition:
+		opacity 180ms ease-in-out,
+		transform 180ms ease-in-out;
+}
+
+.audit-log-row-enter-from,
+.audit-log-card-enter-from {
+	opacity: 0;
+	transform: translateY(-8px);
+}
+
+.audit-log-row-leave-to,
+.audit-log-card-leave-to {
+	opacity: 0;
+	transform: translateY(8px);
+}
+</style>
diff --git a/packages/ui/src/components/servers/access/GrantAccessModal.vue b/packages/ui/src/components/servers/access/GrantAccessModal.vue
new file mode 100644
index 0000000000..5738a19143
--- /dev/null
+++ b/packages/ui/src/components/servers/access/GrantAccessModal.vue
@@ -0,0 +1,405 @@
+<template>
+	<NewModal
+		ref="modal"
+		:header="formatMessage(messages.header)"
+		width="min(34rem, calc(100vw - 2rem))"
+		max-width="34rem"
+	>
+		<div class="flex flex-col gap-6">
+			<div class="flex flex-col gap-2">
+				<label class="font-semibold text-contrast" for="grant-access-target">
+					{{ formatMessage(messages.targetLabel) }}
+				</label>
+				<Combobox
+					id="grant-access-target"
+					:model-value="target"
+					:options="suggestionOptions"
+					:search-placeholder="formatMessage(messages.targetPlaceholder)"
+					:placeholder="formatMessage(messages.targetPlaceholder)"
+					:no-options-message="targetLookupMessage"
+					:min-search-length-to-open="suggestionMinimumLength"
+					:disable-search-filter="usesRemoteLookup"
+					searchable
+					show-search-icon
+					:show-chevron="false"
+					@search-input="handleTargetSearch"
+					@select="handleTargetSelect"
+				>
+					<template #option="{ item, isSelected }">
+						<div class="flex min-w-0 items-center gap-2">
+							<Avatar
+								:src="findSuggestion(item.value)?.avatarUrl"
+								:alt="formatMessage(messages.suggestionAvatarAlt, { username: item.label })"
+								:tint-by="item.label"
+								size="1.5rem"
+								circle
+								no-shadow
+							/>
+							<span
+								class="min-w-0 truncate font-semibold"
+								:class="isSelected ? 'text-contrast' : 'text-primary'"
+							>
+								{{ item.label }}
+							</span>
+						</div>
+					</template>
+				</Combobox>
+				<span class="m-0 text-base text-primary">
+					{{ formatMessage(messages.targetHelp) }}
+				</span>
+			</div>
+
+			<div class="flex flex-col gap-2">
+				<span class="font-semibold text-contrast">
+					{{ formatMessage(messages.roleLabel) }}
+				</span>
+				<div class="flex flex-col gap-3">
+					<button
+						v-for="role in grantableRoles"
+						:key="role.value"
+						type="button"
+						class="group flex w-full items-center gap-3 rounded-[20px] border border-solid p-3 text-left transition-all hover:brightness-110 active:scale-[0.98]"
+						:class="
+							selectedRole === role.value
+								? 'border-brand bg-brand-highlight'
+								: 'border-transparent bg-surface-4'
+						"
+						@click="selectedRole = role.value"
+					>
+						<span
+							class="flex size-12 shrink-0 items-center justify-center rounded-2xl border border-solid"
+							:class="
+								selectedRole === role.value
+									? 'border-brand bg-brand-highlight text-brand'
+									: 'border-surface-5 text-secondary'
+							"
+						>
+							<component :is="role.icon" class="size-8" stroke-width="1.5" aria-hidden="true" />
+						</span>
+						<span class="flex min-w-0 flex-1 flex-col gap-1">
+							<span class="text-base font-semibold text-contrast">{{ role.label }}</span>
+							<span class="text-sm font-medium text-primary">{{ role.description }}</span>
+						</span>
+					</button>
+				</div>
+				<p class="m-0 text-base text-primary">
+					<IntlFormatted :message-id="messages.permissionsHelp">
+						<template #link="{ children }">
+							<a class="font-medium text-blue hover:underline" href="/frog" target="_blank">
+								<component :is="() => children" />
+							</a>
+						</template>
+					</IntlFormatted>
+				</p>
+				<Checkbox
+					v-model="addAsFriend"
+					:label="formatMessage(messages.addAsFriend)"
+					label-class="text-base text-contrast"
+					class="mt-2"
+				/>
+			</div>
+		</div>
+
+		<template #actions>
+			<div class="flex justify-end gap-2">
+				<ButtonStyled type="outlined">
+					<button @click="hide">
+						<XIcon aria-hidden="true" />
+						{{ formatMessage(messages.cancelButton) }}
+					</button>
+				</ButtonStyled>
+				<ButtonStyled color="brand">
+					<button v-tooltip="grantPermissionTooltip" :disabled="!canSubmit" @click="submit">
+						<UserPlusIcon aria-hidden="true" />
+						{{ formatMessage(messages.inviteButton) }}
+					</button>
+				</ButtonStyled>
+			</div>
+		</template>
+	</NewModal>
+</template>
+
+<script setup lang="ts">
+import { EyeIcon, PencilIcon, UserPlusIcon, XIcon } from '@modrinth/assets'
+import { useDebounceFn } from '@vueuse/core'
+import { computed, ref } from 'vue'
+
+import { defineMessages, useVIntl } from '../../../composables/i18n'
+import { commonMessages } from '../../../utils/common-messages'
+import Avatar from '../../base/Avatar.vue'
+import ButtonStyled from '../../base/ButtonStyled.vue'
+import Checkbox from '../../base/Checkbox.vue'
+import Combobox, { type ComboboxOption } from '../../base/Combobox.vue'
+import IntlFormatted from '../../base/IntlFormatted.vue'
+import NewModal from '../../modal/NewModal.vue'
+import type {
+	GrantServerAccessPayload,
+	ServerAccessInviteSuggestion,
+	ServerAccessMember,
+	ServerAccessRole,
+} from './types'
+
+const props = withDefaults(
+	defineProps<{
+		members?: ServerAccessMember[]
+		suggestions?: ServerAccessInviteSuggestion[]
+		resolveUser?: (target: string) => Promise<ServerAccessInviteSuggestion | null>
+		canGrant?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		members: () => [],
+		suggestions: () => [],
+		canGrant: true,
+	},
+)
+
+const emit = defineEmits<{
+	grant: [payload: GrantServerAccessPayload]
+}>()
+
+const { formatMessage } = useVIntl()
+const modal = ref<InstanceType<typeof NewModal> | null>(null)
+const target = ref('')
+const selectedRole = ref<Exclude<ServerAccessRole, 'owner'>>('editor')
+const addAsFriend = ref(true)
+const suggestionMinimumLength = 2
+const resolvedSuggestion = ref<ServerAccessInviteSuggestion | null>(null)
+const targetLookupStatus = ref<'idle' | 'loading' | 'loaded'>('idle')
+const targetLookupRequestId = ref(0)
+
+const messages = defineMessages({
+	header: {
+		id: 'servers.grant-access-modal.header',
+		defaultMessage: 'Add user',
+	},
+	targetLabel: {
+		id: 'servers.grant-access-modal.target.label',
+		defaultMessage: 'Modrinth username',
+	},
+	targetPlaceholder: {
+		id: 'servers.grant-access-modal.target.placeholder',
+		defaultMessage: 'Enter Modrinth username',
+	},
+	noSuggestions: {
+		id: 'servers.grant-access-modal.target.no-suggestions',
+		defaultMessage: 'No matching users found.',
+	},
+	searching: {
+		id: 'servers.grant-access-modal.target.searching',
+		defaultMessage: 'Searching...',
+	},
+	targetHelp: {
+		id: 'servers.grant-access-modal.target.help',
+		defaultMessage: 'Do not use their Minecraft username.',
+	},
+	roleLabel: {
+		id: 'servers.grant-access-modal.role.label',
+		defaultMessage: 'Select role',
+	},
+	editorRole: {
+		id: 'servers.grant-access-modal.role.editor',
+		defaultMessage: 'Editor',
+	},
+	editorDescription: {
+		id: 'servers.grant-access-modal.role.editor-description',
+		defaultMessage: 'Manage instance content, files, backups, and other settings.',
+	},
+	viewerRole: {
+		id: 'servers.grant-access-modal.role.viewer',
+		defaultMessage: 'Limited',
+	},
+	viewerDescription: {
+		id: 'servers.grant-access-modal.role.viewer-description',
+		defaultMessage: 'Start, stop, and view the server without making changes.',
+	},
+	permissionsHelp: {
+		id: 'servers.grant-access-modal.permissions-help',
+		defaultMessage: 'View the full list of permissions for each role <link>here</link>.',
+	},
+	addAsFriend: {
+		id: 'servers.grant-access-modal.add-as-friend',
+		defaultMessage: 'Also send a friend request',
+	},
+	cancelButton: {
+		id: 'servers.grant-access-modal.cancel',
+		defaultMessage: 'Cancel',
+	},
+	inviteButton: {
+		id: 'servers.grant-access-modal.invite',
+		defaultMessage: 'Invite',
+	},
+	suggestionAvatarAlt: {
+		id: 'servers.grant-access-modal.suggestion-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
+	alreadyMemberTooltip: {
+		id: 'servers.grant-access-modal.already-member-tooltip',
+		defaultMessage: 'This user has already been invited',
+	},
+})
+
+const grantableRoles = computed(() => [
+	{
+		value: 'editor' as const,
+		label: formatMessage(messages.editorRole),
+		description: formatMessage(messages.editorDescription),
+		icon: PencilIcon,
+	},
+	{
+		value: 'viewer' as const,
+		label: formatMessage(messages.viewerRole),
+		description: formatMessage(messages.viewerDescription),
+		icon: EyeIcon,
+	},
+])
+
+const normalizedTarget = computed(() => target.value.trim())
+const usesRemoteLookup = computed(() => !!props.resolveUser)
+const matchedSuggestion = computed(() => findSuggestion(normalizedTarget.value))
+const existingMember = computed(() => findExistingMember())
+const canInvite = computed(
+	() =>
+		normalizedTarget.value.length > 0 &&
+		!!selectedRole.value &&
+		!existingMember.value &&
+		(!usesRemoteLookup.value ||
+			(targetLookupStatus.value === 'loaded' && !!matchedSuggestion.value)),
+)
+const canSubmit = computed(() => props.canGrant && canInvite.value)
+const permissionDeniedMessage = computed(
+	() => props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction),
+)
+const grantPermissionTooltip = computed(() => {
+	if (!props.canGrant) return permissionDeniedMessage.value
+	if (existingMember.value) return formatMessage(messages.alreadyMemberTooltip)
+	return undefined
+})
+const targetLookupMessage = computed(() =>
+	usesRemoteLookup.value && targetLookupStatus.value !== 'loaded'
+		? formatMessage(messages.searching)
+		: formatMessage(messages.noSuggestions),
+)
+const inviteSuggestions = computed(() => {
+	if (!resolvedSuggestion.value) return props.suggestions
+
+	const hasResolvedSuggestion = props.suggestions.some(
+		(suggestion) =>
+			suggestion.id === resolvedSuggestion.value?.id ||
+			suggestion.username.toLowerCase() === resolvedSuggestion.value?.username.toLowerCase(),
+	)
+
+	return hasResolvedSuggestion
+		? props.suggestions
+		: [resolvedSuggestion.value, ...props.suggestions]
+})
+const suggestionOptions = computed<ComboboxOption<string>[]>(() =>
+	inviteSuggestions.value.map((suggestion) => ({
+		value: suggestion.username,
+		label: suggestion.username,
+		searchTerms: [suggestion.username, suggestion.id, suggestion.email].filter(Boolean) as string[],
+	})),
+)
+
+function findSuggestion(value: string) {
+	const normalizedValue = value.trim().toLowerCase()
+	return inviteSuggestions.value.find(
+		(suggestion) =>
+			suggestion.username.toLowerCase() === normalizedValue ||
+			suggestion.id.toLowerCase() === normalizedValue ||
+			suggestion.email?.toLowerCase() === normalizedValue,
+	)
+}
+
+function findExistingMember() {
+	const normalizedValue = normalizedTarget.value.toLowerCase()
+	if (!normalizedValue) return undefined
+
+	const suggestion = matchedSuggestion.value
+	const normalizedSuggestionId = suggestion?.id.toLowerCase()
+	const normalizedSuggestionUsername = suggestion?.username.toLowerCase()
+
+	return props.members.find((member) => {
+		const normalizedMemberId = member.user.id.toLowerCase()
+		const normalizedMemberUsername = member.user.username.toLowerCase()
+
+		return (
+			normalizedMemberId === normalizedValue ||
+			normalizedMemberUsername === normalizedValue ||
+			(!!normalizedSuggestionId && normalizedMemberId === normalizedSuggestionId) ||
+			(!!normalizedSuggestionUsername && normalizedMemberUsername === normalizedSuggestionUsername)
+		)
+	})
+}
+
+const resolveTarget = useDebounceFn(async (query: string, requestId: number) => {
+	const resolveUser = props.resolveUser
+	if (!resolveUser) return
+
+	try {
+		const user = await resolveUser(query)
+		if (requestId !== targetLookupRequestId.value || query !== normalizedTarget.value) return
+
+		resolvedSuggestion.value = user
+	} catch {
+		if (requestId !== targetLookupRequestId.value || query !== normalizedTarget.value) return
+
+		resolvedSuggestion.value = null
+	} finally {
+		if (requestId === targetLookupRequestId.value && query === normalizedTarget.value) {
+			targetLookupStatus.value = 'loaded'
+		}
+	}
+}, 250)
+
+function handleTargetSearch(value: string) {
+	target.value = value
+	resolvedSuggestion.value = null
+	targetLookupRequestId.value += 1
+
+	if (!usesRemoteLookup.value) return
+
+	if (normalizedTarget.value.length < suggestionMinimumLength) {
+		targetLookupStatus.value = 'idle'
+		return
+	}
+
+	targetLookupStatus.value = 'loading'
+	void resolveTarget(normalizedTarget.value, targetLookupRequestId.value)
+}
+
+function handleTargetSelect(option: ComboboxOption<string>) {
+	target.value = option.value
+}
+
+function reset() {
+	target.value = ''
+	selectedRole.value = 'editor'
+	addAsFriend.value = true
+	resolvedSuggestion.value = null
+	targetLookupStatus.value = 'idle'
+	targetLookupRequestId.value += 1
+}
+
+function show(event?: MouseEvent) {
+	reset()
+	modal.value?.show(event)
+}
+
+function hide() {
+	modal.value?.hide()
+}
+
+function submit() {
+	if (!canSubmit.value) return
+
+	emit('grant', {
+		target: normalizedTarget.value,
+		role: selectedRole.value,
+		addAsFriend: addAsFriend.value,
+	})
+	hide()
+}
+
+defineExpose({ show, hide })
+</script>
diff --git a/packages/ui/src/components/servers/access/RemoveAccessModal.vue b/packages/ui/src/components/servers/access/RemoveAccessModal.vue
new file mode 100644
index 0000000000..bc206e3902
--- /dev/null
+++ b/packages/ui/src/components/servers/access/RemoveAccessModal.vue
@@ -0,0 +1,271 @@
+<template>
+	<NewModal
+		ref="modal"
+		:header="formatMessage(shouldCancel ? messages.cancelHeader : messages.header, { username })"
+		max-width="470px"
+	>
+		<div class="flex flex-col gap-4">
+			<Admonition type="warning">
+				{{
+					formatMessage(shouldCancel ? messages.cancelWarningBody : messages.warningBody, {
+						username,
+					})
+				}}
+			</Admonition>
+
+			<div class="flex min-w-0 items-center gap-2 rounded-[20px] bg-surface-2 p-3">
+				<Avatar
+					:src="avatarUrl"
+					:alt="formatMessage(messages.userAvatarAlt, { username })"
+					:tint-by="username"
+					size="40px"
+					circle
+					no-shadow
+				/>
+				<div class="flex min-w-0 flex-1 flex-col gap-0.5">
+					<div class="flex min-w-0 items-center gap-1.5">
+						<span class="min-w-0 truncate font-medium text-contrast">{{ username }}</span>
+						<span
+							v-if="memberStatusLabel"
+							class="inline-flex h-6 shrink-0 items-center rounded-full border border-solid px-2 py-1 text-sm font-medium leading-none"
+							:class="memberStatusClasses"
+						>
+							{{ memberStatusLabel }}
+						</span>
+					</div>
+					<span class="truncate text-sm text-secondary">{{ memberSubtitle }}</span>
+				</div>
+			</div>
+
+			<div class="flex flex-col gap-2">
+				<span class="font-semibold text-contrast">{{
+					formatMessage(messages.whatHappensLabel)
+				}}</span>
+				<ul class="m-0 list-disc pl-6 text-primary">
+					<li
+						v-for="effect in effectMessages"
+						:key="effect.id"
+						class="leading-6 marker:text-secondary"
+					>
+						{{ formatMessage(effect) }}
+					</li>
+				</ul>
+			</div>
+
+			<div class="flex justify-end gap-2 pt-1">
+				<ButtonStyled type="outlined">
+					<button class="!border !border-surface-5" @click="hide">
+						<XIcon aria-hidden="true" />
+						{{ formatMessage(commonMessages.cancelButton) }}
+					</button>
+				</ButtonStyled>
+				<ButtonStyled color="orange">
+					<button v-tooltip="removePermissionTooltip" :disabled="!canRemove" @click="confirm">
+						<XIcon v-if="shouldCancel" aria-hidden="true" />
+						<UserXIcon v-else aria-hidden="true" />
+						{{ formatMessage(shouldCancel ? messages.cancelButton : messages.removeButton) }}
+					</button>
+				</ButtonStyled>
+			</div>
+		</div>
+	</NewModal>
+</template>
+
+<script setup lang="ts">
+import { UserXIcon, XIcon } from '@modrinth/assets'
+import { computed, ref } from 'vue'
+
+import { useRelativeTime } from '../../../composables'
+import { defineMessages, useVIntl } from '../../../composables/i18n'
+import { commonMessages } from '../../../utils/common-messages'
+import Admonition from '../../base/Admonition.vue'
+import Avatar from '../../base/Avatar.vue'
+import ButtonStyled from '../../base/ButtonStyled.vue'
+import NewModal from '../../modal/NewModal.vue'
+import type { ServerAccessRole } from './types'
+
+const props = withDefaults(
+	defineProps<{
+		username: string
+		avatarUrl?: string
+		role?: ServerAccessRole
+		joinedAt?: string | null
+		pending?: boolean
+		shouldCancel?: boolean
+		canRemove?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		avatarUrl: undefined,
+		role: undefined,
+		joinedAt: null,
+		pending: false,
+		shouldCancel: false,
+		canRemove: true,
+	},
+)
+
+const emit = defineEmits<{
+	remove: []
+}>()
+
+const { formatMessage } = useVIntl()
+const formatRelativeTime = useRelativeTime()
+const modal = ref<InstanceType<typeof NewModal>>()
+
+const messages = defineMessages({
+	header: {
+		id: 'servers.remove-access-modal.header',
+		defaultMessage: 'Remove user',
+	},
+	cancelHeader: {
+		id: 'servers.remove-access-modal.cancel-header',
+		defaultMessage: 'Cancel invite',
+	},
+	warningBody: {
+		id: 'servers.remove-access-modal.warning-body',
+		defaultMessage:
+			"If you remove a user from your server, you'll need to re-invite them to restore access.",
+	},
+	cancelWarningBody: {
+		id: 'servers.remove-access-modal.cancel-warning-body',
+		defaultMessage:
+			'If you cancel this invite, {username} will need a new invitation before they can join this server.',
+	},
+	removeButton: {
+		id: 'servers.remove-access-modal.remove-button',
+		defaultMessage: 'Remove user',
+	},
+	cancelButton: {
+		id: 'servers.remove-access-modal.cancel-button',
+		defaultMessage: 'Cancel invite',
+	},
+	userAvatarAlt: {
+		id: 'servers.remove-access-modal.user-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
+	whatHappensLabel: {
+		id: 'servers.remove-access-modal.what-happens-label',
+		defaultMessage: 'What happens?',
+	},
+	removeEffectAccess: {
+		id: 'servers.remove-access-modal.remove-effect-access',
+		defaultMessage:
+			'They will immediately lose access to the server panel and will no longer be able to edit content',
+	},
+	removeEffectJoin: {
+		id: 'servers.remove-access-modal.remove-effect-join',
+		defaultMessage:
+			'They will still be able to join and play on the server unless you make separate changes',
+	},
+	cancelEffectAccess: {
+		id: 'servers.remove-access-modal.cancel-effect-access',
+		defaultMessage: 'They will not be added to this server',
+	},
+	cancelEffectInvite: {
+		id: 'servers.remove-access-modal.cancel-effect-invite',
+		defaultMessage: 'You can send them another invite later',
+	},
+	addedLabel: {
+		id: 'servers.remove-access-modal.added-label',
+		defaultMessage: 'Added {time}',
+	},
+	invitedLabel: {
+		id: 'servers.remove-access-modal.invited-label',
+		defaultMessage: 'Invited {time}',
+	},
+	pendingInviteLabel: {
+		id: 'servers.remove-access-modal.pending-invite-label',
+		defaultMessage: 'Pending invite',
+	},
+	unknownAddedLabel: {
+		id: 'servers.remove-access-modal.unknown-added-label',
+		defaultMessage: 'Added date unknown',
+	},
+	ownerRole: {
+		id: 'servers.access-role.owner',
+		defaultMessage: 'Owner',
+	},
+	editorRole: {
+		id: 'servers.access-role.editor',
+		defaultMessage: 'Editor',
+	},
+	viewerRole: {
+		id: 'servers.access-role.viewer',
+		defaultMessage: 'Limited',
+	},
+})
+
+const memberStatusLabel = computed(() => {
+	if (!props.role) return null
+	return formatRole(props.role)
+})
+
+const memberStatusClasses = computed(() => {
+	if (!props.role) return ''
+	return roleClasses(props.role)
+})
+
+const memberSubtitle = computed(() => {
+	if (props.shouldCancel || props.pending) {
+		return props.joinedAt
+			? formatMessage(messages.invitedLabel, { time: formatRelativeTime(props.joinedAt) })
+			: formatMessage(messages.pendingInviteLabel)
+	}
+
+	return props.joinedAt
+		? formatMessage(messages.addedLabel, { time: formatRelativeTime(props.joinedAt) })
+		: formatMessage(messages.unknownAddedLabel)
+})
+
+const effectMessages = computed(() =>
+	props.shouldCancel
+		? [messages.cancelEffectAccess, messages.cancelEffectInvite]
+		: [messages.removeEffectAccess, messages.removeEffectJoin],
+)
+const canRemove = computed(() => props.canRemove)
+const permissionDeniedMessage = computed(
+	() => props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction),
+)
+const removePermissionTooltip = computed(() =>
+	canRemove.value ? undefined : permissionDeniedMessage.value,
+)
+
+function formatRole(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return formatMessage(messages.ownerRole)
+		case 'editor':
+			return formatMessage(messages.editorRole)
+		case 'viewer':
+			return formatMessage(messages.viewerRole)
+	}
+}
+
+function roleClasses(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return 'border-orange bg-highlight-orange text-orange'
+		case 'editor':
+			return 'border-green bg-highlight-green text-brand'
+		case 'viewer':
+			return 'border-blue bg-highlight-blue text-blue'
+	}
+}
+
+function show() {
+	modal.value?.show()
+}
+
+function hide() {
+	modal.value?.hide()
+}
+
+function confirm() {
+	if (!canRemove.value) return
+	hide()
+	emit('remove')
+}
+
+defineExpose({ show, hide })
+</script>
diff --git a/packages/ui/src/components/servers/access/events/AddonEvent.vue b/packages/ui/src/components/servers/access/events/AddonEvent.vue
new file mode 100644
index 0000000000..c058daae2e
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/AddonEvent.vue
@@ -0,0 +1,89 @@
+<template>
+	<BaseEvent>
+		<span
+			v-if="isDeleted"
+			class="inline-flex min-w-0 max-w-full flex-wrap items-center gap-1 whitespace-normal align-middle @[800px]:flex-nowrap @[800px]:whitespace-nowrap"
+		>
+			<span class="shrink-0">{{ formatMessage(messages.deletedLabel) }}</span>
+			<EventEntityList class="min-w-0" :entities="addonEntities" :limit="1" single-line />
+		</span>
+		<IntlFormatted v-else :message-id="message">
+			<template #content>
+				<EventEntityList :entities="addonEntities" :single-line="true" :limit="contentLimit" />
+			</template>
+			<template #files>
+				<EventEntityList :entities="fileNames ?? []" :single-line="true" :limit="1" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor, useVIntl } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityList from './EventEntityList.vue'
+import type { AuditAddonEventItem, EventEntity } from './types'
+
+const props = defineProps<{
+	kind: string
+	addons?: AuditAddonEventItem[]
+	fileNames?: EventEntity[]
+}>()
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	added: {
+		id: 'servers.audit-log.event.addon-added',
+		defaultMessage: 'Added content <content></content>',
+	},
+	uploaded: {
+		id: 'servers.audit-log.event.addon-uploaded',
+		defaultMessage: 'Uploaded <files></files>',
+	},
+	disabled: {
+		id: 'servers.audit-log.event.addon-disabled',
+		defaultMessage: 'Disabled content <content></content>',
+	},
+	enabled: {
+		id: 'servers.audit-log.event.addon-enabled',
+		defaultMessage: 'Enabled content <content></content>',
+	},
+	deleted: {
+		id: 'servers.audit-log.event.addon-deleted',
+		defaultMessage: 'Deleted content <content></content>',
+	},
+	deletedLabel: {
+		id: 'servers.audit-log.event.addon-deleted-label',
+		defaultMessage: 'Deleted content',
+	},
+	updated: {
+		id: 'servers.audit-log.event.addon-updated',
+		defaultMessage: 'Updated content <content></content>',
+	},
+	changed: {
+		id: 'servers.audit-log.event.addon-changed',
+		defaultMessage: 'Changed content <content></content>',
+	},
+})
+
+const kindMessages: Record<string, MessageDescriptor> = {
+	added: messages.added,
+	uploaded: messages.uploaded,
+	disabled: messages.disabled,
+	enabled: messages.enabled,
+	deleted: messages.deleted,
+	updated: messages.updated,
+}
+
+const message = computed(() => kindMessages[props.kind] ?? messages.changed)
+const addonEntities = computed(() => props.addons?.map((addon) => addon.project) ?? [])
+const isDeleted = computed(() => props.kind === 'deleted')
+const shouldShowSingleItem = computed(() =>
+	['added', 'disabled', 'enabled', 'updated'].includes(props.kind),
+)
+const contentLimit = computed(() => (shouldShowSingleItem.value ? 1 : undefined))
+</script>
diff --git a/packages/ui/src/components/servers/access/events/BackupEvent.vue b/packages/ui/src/components/servers/access/events/BackupEvent.vue
new file mode 100644
index 0000000000..0f90585fef
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/BackupEvent.vue
@@ -0,0 +1,105 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message">
+			<template #backup>
+				<EventEntityLink v-if="backup" :entity="backup" />
+			</template>
+			<template #renamed-backup>
+				<EventEntityLink v-if="renamedBackup" :entity="renamedBackup" />
+			</template>
+			<template #from>
+				<EventInlineText :text="from ?? ''" class="align-middle font-medium text-contrast" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityLink from './EventEntityLink.vue'
+import EventInlineText from './EventInlineText.vue'
+import type { AuditBackupEventItem } from './types'
+
+const props = defineProps<{
+	kind: string
+	backup?: AuditBackupEventItem
+	backupId?: string
+	from?: string
+	to?: string
+}>()
+
+const messages = defineMessages({
+	created: {
+		id: 'servers.audit-log.event.backup-created',
+		defaultMessage: 'Created backup <backup></backup>',
+	},
+	restored: {
+		id: 'servers.audit-log.event.backup-restored',
+		defaultMessage: 'Restored backup <backup></backup>',
+	},
+	renamed: {
+		id: 'servers.audit-log.event.backup-renamed',
+		defaultMessage: 'Renamed backup <from></from> to <renamed-backup></renamed-backup>',
+	},
+	deleted: {
+		id: 'servers.audit-log.event.backup-deleted',
+		defaultMessage: 'Deleted backup <backup></backup>',
+	},
+	changed: {
+		id: 'servers.audit-log.event.backup-changed',
+		defaultMessage: 'Changed backup <backup></backup>',
+	},
+	createdFallback: {
+		id: 'servers.audit-log.event.backup-created-fallback',
+		defaultMessage: 'Created backup',
+	},
+	restoredFallback: {
+		id: 'servers.audit-log.event.backup-restored-fallback',
+		defaultMessage: 'Restored backup',
+	},
+	renamedFallback: {
+		id: 'servers.audit-log.event.backup-renamed-fallback',
+		defaultMessage: 'Renamed backup',
+	},
+	deletedFallback: {
+		id: 'servers.audit-log.event.backup-deleted-fallback',
+		defaultMessage: 'Deleted backup',
+	},
+	changedFallback: {
+		id: 'servers.audit-log.event.backup-changed-fallback',
+		defaultMessage: 'Changed backup',
+	},
+})
+
+const kindMessages: Record<string, MessageDescriptor> = {
+	created: messages.created,
+	restored: messages.restored,
+	renamed: messages.renamed,
+	deleted: messages.deleted,
+}
+
+const fallbackMessages: Record<string, MessageDescriptor> = {
+	created: messages.createdFallback,
+	restored: messages.restoredFallback,
+	renamed: messages.renamedFallback,
+	deleted: messages.deletedFallback,
+}
+
+const message = computed(() =>
+	props.backup
+		? (kindMessages[props.kind] ?? messages.changed)
+		: (fallbackMessages[props.kind] ?? messages.changedFallback),
+)
+const renamedBackup = computed(() =>
+	props.backup
+		? {
+				...props.backup,
+				label: props.to ?? props.backup.label,
+			}
+		: undefined,
+)
+</script>
diff --git a/packages/ui/src/components/servers/access/events/BaseEvent.vue b/packages/ui/src/components/servers/access/events/BaseEvent.vue
new file mode 100644
index 0000000000..97fcbc4143
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/BaseEvent.vue
@@ -0,0 +1,9 @@
+<template>
+	<div class="min-w-0 text-primary">
+		<span
+			class="inline-flex max-w-full min-w-0 flex-wrap items-center gap-x-1 whitespace-normal align-middle leading-7 @[800px]:flex-nowrap @[800px]:whitespace-nowrap"
+		>
+			<slot />
+		</span>
+	</div>
+</template>
diff --git a/packages/ui/src/components/servers/access/events/BasicStringEvent.vue b/packages/ui/src/components/servers/access/events/BasicStringEvent.vue
new file mode 100644
index 0000000000..3915755955
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/BasicStringEvent.vue
@@ -0,0 +1,80 @@
+<template>
+	<BaseEvent>
+		{{ formatMessage(message) }}
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor, useVIntl } from '../../../../composables/i18n'
+import BaseEvent from './BaseEvent.vue'
+
+const props = defineProps<{
+	action: string
+}>()
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	serverCreated: {
+		id: 'servers.audit-log.event.server-created',
+		defaultMessage: 'Created server',
+	},
+	serverReallocated: {
+		id: 'servers.audit-log.event.server-reallocated',
+		defaultMessage: 'Reallocated server',
+	},
+	serverRepaired: {
+		id: 'servers.audit-log.event.server-repaired',
+		defaultMessage: 'Repaired server',
+	},
+	serverReset: {
+		id: 'servers.audit-log.event.server-reset',
+		defaultMessage: 'Reset server',
+	},
+	serverStarted: {
+		id: 'servers.audit-log.event.server-started',
+		defaultMessage: 'Started server',
+	},
+	serverStopped: {
+		id: 'servers.audit-log.event.server-stopped',
+		defaultMessage: 'Stopped server',
+	},
+	serverRestarted: {
+		id: 'servers.audit-log.event.server-restarted',
+		defaultMessage: 'Restarted server',
+	},
+	serverKilled: {
+		id: 'servers.audit-log.event.server-killed',
+		defaultMessage: 'Killed server',
+	},
+	sftpLogin: {
+		id: 'servers.audit-log.event.sftp-login',
+		defaultMessage: 'Logged in via SFTP',
+	},
+	consoleCleared: {
+		id: 'servers.audit-log.event.console-cleared',
+		defaultMessage: 'Cleared console',
+	},
+	unknown: {
+		id: 'servers.audit-log.event.unknown-basic',
+		defaultMessage: 'Recorded server activity',
+	},
+})
+
+const actionMessages: Record<string, MessageDescriptor> = {
+	server_created: messages.serverCreated,
+	server_reallocated: messages.serverReallocated,
+	server_repaired: messages.serverRepaired,
+	server_reset: messages.serverReset,
+	server_started: messages.serverStarted,
+	server_stopped: messages.serverStopped,
+	server_restarted: messages.serverRestarted,
+	server_killed: messages.serverKilled,
+	sftp_login: messages.sftpLogin,
+	console_cleared: messages.consoleCleared,
+}
+
+const message = computed(() => actionMessages[props.action] ?? messages.unknown)
+</script>
diff --git a/packages/ui/src/components/servers/access/events/ConfigEvent.vue b/packages/ui/src/components/servers/access/events/ConfigEvent.vue
new file mode 100644
index 0000000000..b5361df243
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/ConfigEvent.vue
@@ -0,0 +1,142 @@
+<template>
+	<BaseEvent>
+		<span
+			v-if="props.kind === 'properties'"
+			class="inline-flex max-w-full min-w-0 flex-wrap items-center gap-1 whitespace-normal align-middle @[800px]:flex-nowrap @[800px]:whitespace-nowrap"
+		>
+			<span class="shrink-0">{{ formatMessage(messages.propertiesModifiedLabel) }}</span>
+			<EventInlineText
+				:text="propertiesLabel"
+				class="align-middle font-mono text-[0.925em] font-medium text-contrast"
+			/>
+		</span>
+		<IntlFormatted v-else :message-id="message">
+			<template #version>
+				<EventInlineText :text="newVersion ?? ''" class="align-middle font-medium text-contrast" />
+			</template>
+			<template #loader>
+				<EventInlineText :text="newLoaderLabel" class="align-middle font-medium text-contrast" />
+			</template>
+			<template #command>
+				<EventInlineText
+					:text="command ?? ''"
+					class="align-middle font-mono font-medium text-contrast"
+				/>
+			</template>
+			<template #vendor>
+				<EventInlineText :text="vendor ?? ''" class="align-middle font-medium text-contrast" />
+			</template>
+			<template #java-version>
+				<EventInlineText :text="version ?? ''" class="align-middle font-medium text-contrast" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor, useVIntl } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventInlineText from './EventInlineText.vue'
+import type { EventEntity } from './types'
+
+const props = defineProps<{
+	kind:
+		| 'loader_version'
+		| 'game_version'
+		| 'properties'
+		| 'startup_command'
+		| 'java_runtime'
+		| 'java_version'
+	newVersion?: string | null
+	newLoader?: string | null
+	properties?: EventEntity[]
+	command?: string
+	vendor?: string
+	version?: number
+}>()
+
+const messages = defineMessages({
+	loaderVersionChanged: {
+		id: 'servers.audit-log.event.loader-version-changed',
+		defaultMessage: 'Changed loader version to <version></version>',
+	},
+	loaderChanged: {
+		id: 'servers.audit-log.event.loader-changed',
+		defaultMessage: 'Changed loader to <loader></loader>',
+	},
+	loaderAndVersionChanged: {
+		id: 'servers.audit-log.event.loader-and-version-changed',
+		defaultMessage: 'Changed loader to <loader></loader> <version></version>',
+	},
+	loaderVersionCleared: {
+		id: 'servers.audit-log.event.loader-version-cleared',
+		defaultMessage: 'Cleared loader version',
+	},
+	gameVersionChanged: {
+		id: 'servers.audit-log.event.game-version-changed',
+		defaultMessage: 'Changed Minecraft version to <version></version>',
+	},
+	propertiesModified: {
+		id: 'servers.audit-log.event.server-properties-modified',
+		defaultMessage: 'Modified server properties <properties></properties>',
+	},
+	propertiesModifiedLabel: {
+		id: 'servers.audit-log.event.server-properties-modified-label',
+		defaultMessage: 'Modified server properties',
+	},
+	startupCommandModified: {
+		id: 'servers.audit-log.event.startup-command-modified',
+		defaultMessage: 'Changed startup command to <command></command>',
+	},
+	javaRuntimeModified: {
+		id: 'servers.audit-log.event.java-runtime-modified',
+		defaultMessage: 'Changed Java runtime to <vendor></vendor>',
+	},
+	javaVersionModified: {
+		id: 'servers.audit-log.event.java-version-modified',
+		defaultMessage: 'Changed Java version to <java-version></java-version>',
+	},
+	configChanged: {
+		id: 'servers.audit-log.event.config-changed',
+		defaultMessage: 'Changed server configuration',
+	},
+})
+
+const { formatMessage } = useVIntl()
+const propertiesLabel = computed(
+	() => props.properties?.map((property) => property.label).join(', ') ?? '',
+)
+const newLoader = computed(() =>
+	props.kind === 'loader_version' && props.newLoader == null ? 'vanilla' : props.newLoader,
+)
+const newLoaderLabel = computed(() => formatLoader(newLoader.value))
+
+const kindMessages: Record<string, MessageDescriptor> = {
+	game_version: messages.gameVersionChanged,
+	properties: messages.propertiesModified,
+	startup_command: messages.startupCommandModified,
+	java_runtime: messages.javaRuntimeModified,
+	java_version: messages.javaVersionModified,
+}
+
+const message = computed(() => {
+	if (props.kind === 'loader_version') {
+		if (newLoader.value && props.newVersion) return messages.loaderAndVersionChanged
+		if (newLoader.value) return messages.loaderChanged
+		return props.newVersion == null ? messages.loaderVersionCleared : messages.loaderVersionChanged
+	}
+	return kindMessages[props.kind] ?? messages.configChanged
+})
+
+function formatLoader(loader: string | null | undefined): string {
+	if (!loader) return ''
+	return loader
+		.split(/[-_]/)
+		.filter(Boolean)
+		.map((part) => part.charAt(0).toUpperCase() + part.slice(1))
+		.join(' ')
+}
+</script>
diff --git a/packages/ui/src/components/servers/access/events/ConsoleEvent.vue b/packages/ui/src/components/servers/access/events/ConsoleEvent.vue
new file mode 100644
index 0000000000..c55124461f
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/ConsoleEvent.vue
@@ -0,0 +1,27 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="messages.commandExecuted">
+			<template #command>
+				<EventInlineText :text="command" class="align-middle font-mono font-medium text-contrast" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { defineMessages } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventInlineText from './EventInlineText.vue'
+
+defineProps<{
+	command: string
+}>()
+
+const messages = defineMessages({
+	commandExecuted: {
+		id: 'servers.audit-log.event.console-command-executed',
+		defaultMessage: 'Ran console command <command></command>',
+	},
+})
+</script>
diff --git a/packages/ui/src/components/servers/access/events/EventEntityLink.vue b/packages/ui/src/components/servers/access/events/EventEntityLink.vue
new file mode 100644
index 0000000000..d92dfe9026
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/EventEntityLink.vue
@@ -0,0 +1,65 @@
+<template>
+	<AutoLink
+		:to="entity.to"
+		class="inline-flex min-w-0 max-w-full flex-wrap items-center gap-1 @[800px]:flex-nowrap"
+		:class="[
+			entity.to
+				? 'font-medium text-contrast hover:underline'
+				: entity.muted
+					? 'text-secondary'
+					: 'font-medium text-contrast',
+			entity.mono ? 'font-mono text-[0.925em]' : '',
+			'align-middle',
+		]"
+	>
+		<Avatar
+			v-if="entity.iconUrl"
+			:src="entity.iconUrl"
+			:alt="entity.label"
+			size="1.75rem"
+			no-shadow
+			raised
+			:circle="entity.iconShape === 'circle'"
+			class="ml-1 inline-flex shrink-0 border border-solid border-surface-5"
+			:class="entity.iconShape === 'circle' ? '!rounded-full' : '!rounded-lg'"
+		/>
+		<span
+			v-else-if="entity.icon"
+			class="ml-1 inline-flex size-7 shrink-0 items-center justify-center rounded-lg border border-solid border-surface-5 bg-surface-4 text-secondary"
+		>
+			<component :is="entity.icon" class="size-4" />
+		</span>
+		<span
+			ref="labelRef"
+			v-tooltip="truncatedTooltip(labelRef, entity.title ?? entity.label)"
+			class="min-w-0 whitespace-normal break-words leading-7 @[800px]:truncate @[800px]:whitespace-nowrap"
+		>
+			{{ entity.label }}
+		</span>
+		<span
+			v-if="entity.secondaryLabel"
+			ref="secondaryLabelRef"
+			v-tooltip="truncatedTooltip(secondaryLabelRef, entity.secondaryLabel)"
+			class="min-w-0 whitespace-normal break-words text-secondary @[800px]:truncate @[800px]:whitespace-nowrap"
+		>
+			{{ entity.secondaryLabel }}
+		</span>
+	</AutoLink>
+</template>
+
+<script setup lang="ts">
+import { ref } from 'vue'
+
+import AutoLink from '#ui/components/base/AutoLink.vue'
+import Avatar from '#ui/components/base/Avatar.vue'
+import { truncatedTooltip } from '#ui/utils/truncate'
+
+import type { EventEntity } from './types'
+
+defineProps<{
+	entity: EventEntity
+}>()
+
+const labelRef = ref<HTMLElement | null>(null)
+const secondaryLabelRef = ref<HTMLElement | null>(null)
+</script>
diff --git a/packages/ui/src/components/servers/access/events/EventEntityList.vue b/packages/ui/src/components/servers/access/events/EventEntityList.vue
new file mode 100644
index 0000000000..be005e7faf
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/EventEntityList.vue
@@ -0,0 +1,139 @@
+<template>
+	<span
+		class="inline-flex max-w-full min-w-0 items-center gap-x-1 align-middle"
+		:class="
+			singleLine
+				? 'flex-wrap gap-y-0.5 whitespace-normal @[800px]:flex-nowrap @[800px]:overflow-hidden @[800px]:whitespace-nowrap'
+				: 'flex-wrap gap-y-0.5'
+		"
+	>
+		<template v-for="(entity, index) in visibleEntities" :key="entity.id">
+			<EventEntityLink :entity="entity" :class="singleLine ? 'min-w-0 shrink' : ''" />
+			<span v-if="index < visibleEntities.length - 1" class="shrink-0 text-secondary">,</span>
+		</template>
+		<Tooltip
+			v-if="hiddenCount > 0"
+			theme="dismissable-prompt"
+			class="inline-flex shrink-0 items-center"
+			:triggers="['hover', 'focus']"
+			:popper-triggers="['hover', 'focus']"
+			popper-class="v-popper--interactive audit-log-entity-list-popper"
+			placement="top"
+			:delay="{ show: 200, hide: 100 }"
+			no-auto-focus
+		>
+			<button
+				type="button"
+				class="inline-flex min-w-0 cursor-help items-center rounded-full border border-solid border-surface-5 bg-surface-4 px-1.5 py-1 leading-none text-xs text-secondary"
+				:aria-label="hiddenTooltip"
+			>
+				{{ formatMessage(messages.hiddenCount, { count: hiddenCount }) }}
+			</button>
+			<template #popper>
+				<div class="relative max-w-[22rem]">
+					<Transition
+						enter-active-class="transition-all duration-200 ease-out"
+						enter-from-class="opacity-0 max-h-0"
+						enter-to-class="opacity-100 max-h-3"
+						leave-active-class="transition-all duration-200 ease-in"
+						leave-from-class="opacity-100 max-h-3"
+						leave-to-class="opacity-0 max-h-0"
+					>
+						<div
+							v-if="showTopFade"
+							class="pointer-events-none absolute left-0 right-0 top-0 z-10 h-3 bg-gradient-to-b from-bg-raised to-transparent"
+						/>
+					</Transition>
+					<div
+						ref="hiddenEntitiesScrollContainer"
+						class="flex flex-col gap-2 overflow-y-auto overscroll-contain py-0.5"
+						:style="{ maxHeight: hiddenEntitiesMaxHeight }"
+						@scroll="checkScrollState"
+					>
+						<EventEntityLink
+							v-for="entity in hiddenEntities"
+							:key="entity.id"
+							:entity="entity"
+							class="min-w-0 pr-4"
+						/>
+					</div>
+					<Transition
+						enter-active-class="transition-all duration-200 ease-out"
+						enter-from-class="opacity-0 max-h-0"
+						enter-to-class="opacity-100 max-h-3"
+						leave-active-class="transition-all duration-200 ease-in"
+						leave-from-class="opacity-100 max-h-3"
+						leave-to-class="opacity-0 max-h-0"
+					>
+						<div
+							v-if="showBottomFade"
+							class="pointer-events-none absolute bottom-0 left-0 right-0 z-10 h-3 bg-gradient-to-t from-bg-raised to-transparent"
+						/>
+					</Transition>
+				</div>
+			</template>
+		</Tooltip>
+	</span>
+</template>
+
+<script setup lang="ts">
+import { Tooltip } from 'floating-vue'
+import { computed, ref } from 'vue'
+
+import { defineMessages, useVIntl } from '../../../../composables/i18n'
+import { useScrollIndicator } from '../../../../composables/scroll-indicator'
+import EventEntityLink from './EventEntityLink.vue'
+import type { EventEntity } from './types'
+
+const props = withDefaults(
+	defineProps<{
+		entities: EventEntity[]
+		limit?: number
+		singleLine?: boolean
+	}>(),
+	{
+		limit: 3,
+		singleLine: true,
+	},
+)
+
+const { formatMessage, locale } = useVIntl()
+const hiddenEntitiesScrollContainer = ref<HTMLElement | null>(null)
+const { showTopFade, showBottomFade, checkScrollState } = useScrollIndicator(
+	hiddenEntitiesScrollContainer,
+)
+
+const TOOLTIP_VISIBLE_ROWS = 8
+const TOOLTIP_ENTITY_HEIGHT_REM = 1.75
+const TOOLTIP_ENTITY_GAP_REM = 0.5
+const hiddenEntitiesMaxHeight = `${
+	TOOLTIP_VISIBLE_ROWS * TOOLTIP_ENTITY_HEIGHT_REM +
+	(TOOLTIP_VISIBLE_ROWS - 1) * TOOLTIP_ENTITY_GAP_REM
+}rem`
+
+const messages = defineMessages({
+	hiddenCount: {
+		id: 'servers.audit-log.event.entity-list.hidden-count',
+		defaultMessage: '+{count, number}',
+	},
+})
+
+const visibleEntities = computed(() => props.entities.slice(0, props.limit))
+const hiddenEntities = computed(() => props.entities.slice(props.limit))
+const hiddenCount = computed(() => hiddenEntities.value.length)
+const hiddenTooltip = computed(() => {
+	void locale.value
+	return new Intl.ListFormat(locale.value, {
+		style: 'long',
+		type: 'conjunction',
+	}).format(hiddenEntities.value.map((entity) => entity.label))
+})
+</script>
+
+<style lang="scss">
+.v-popper__popper.v-popper--theme-dismissable-prompt.audit-log-entity-list-popper {
+	.v-popper__inner {
+		padding-right: 0 !important;
+	}
+}
+</style>
diff --git a/packages/ui/src/components/servers/access/events/EventInlineText.vue b/packages/ui/src/components/servers/access/events/EventInlineText.vue
new file mode 100644
index 0000000000..5337534be3
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/EventInlineText.vue
@@ -0,0 +1,23 @@
+<template>
+	<span
+		ref="textRef"
+		v-tooltip="truncatedTooltip(textRef, tooltipText)"
+		class="max-w-full min-w-0 whitespace-normal break-words @[800px]:truncate @[800px]:whitespace-nowrap"
+	>
+		<slot>{{ text }}</slot>
+	</span>
+</template>
+
+<script setup lang="ts">
+import { computed, ref } from 'vue'
+
+import { truncatedTooltip } from '#ui/utils/truncate'
+
+const props = defineProps<{
+	text: string | number
+	tooltip?: string
+}>()
+
+const textRef = ref<HTMLElement | null>(null)
+const tooltipText = computed(() => props.tooltip ?? String(props.text))
+</script>
diff --git a/packages/ui/src/components/servers/access/events/FileEvent.vue b/packages/ui/src/components/servers/access/events/FileEvent.vue
new file mode 100644
index 0000000000..5f8ac13e62
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/FileEvent.vue
@@ -0,0 +1,64 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message">
+			<template #file>
+				<EventEntityLink v-if="file" :entity="file" />
+			</template>
+			<template #from>
+				<EventEntityLink v-if="from" :entity="from" />
+			</template>
+			<template #to>
+				<EventEntityLink v-if="to" :entity="to" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityLink from './EventEntityLink.vue'
+import type { EventEntity } from './types'
+
+const props = defineProps<{
+	kind: string
+	file?: EventEntity
+	from?: EventEntity
+	to?: EventEntity
+}>()
+
+const messages = defineMessages({
+	uploaded: {
+		id: 'servers.audit-log.event.file-uploaded',
+		defaultMessage: 'Uploaded file <file></file>',
+	},
+	deleted: {
+		id: 'servers.audit-log.event.file-deleted',
+		defaultMessage: 'Deleted file <file></file>',
+	},
+	edited: {
+		id: 'servers.audit-log.event.file-edited',
+		defaultMessage: 'Edited file <file></file>',
+	},
+	renamed: {
+		id: 'servers.audit-log.event.file-renamed',
+		defaultMessage: 'Renamed <from></from> to <to></to>',
+	},
+	changed: {
+		id: 'servers.audit-log.event.file-changed',
+		defaultMessage: 'Changed file <file></file>',
+	},
+})
+
+const kindMessages: Record<string, MessageDescriptor> = {
+	uploaded: messages.uploaded,
+	deleted: messages.deleted,
+	edited: messages.edited,
+	renamed: messages.renamed,
+}
+
+const message = computed(() => kindMessages[props.kind] ?? messages.changed)
+</script>
diff --git a/packages/ui/src/components/servers/access/events/ModpackEvent.vue b/packages/ui/src/components/servers/access/events/ModpackEvent.vue
new file mode 100644
index 0000000000..0cc5db87d7
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/ModpackEvent.vue
@@ -0,0 +1,68 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message">
+			<template #modpack>
+				<EventEntityLink v-if="modpack" :entity="modpack" />
+			</template>
+			<template #version>
+				<EventInlineText :text="versionLabel" class="align-middle font-mono text-secondary" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityLink from './EventEntityLink.vue'
+import EventInlineText from './EventInlineText.vue'
+import type { EventEntity } from './types'
+
+const props = defineProps<{
+	kind: 'changed' | 'unlinked'
+	modpack?: EventEntity | null
+	versionLabel?: string | null
+}>()
+
+const messages = defineMessages({
+	changed: {
+		id: 'servers.audit-log.event.modpack-changed',
+		defaultMessage: 'Changed modpack',
+	},
+	changedToModpack: {
+		id: 'servers.audit-log.event.modpack-changed-to-modpack',
+		defaultMessage: 'Changed modpack to <modpack></modpack>',
+	},
+	changedToVersion: {
+		id: 'servers.audit-log.event.modpack-changed-to-version',
+		defaultMessage: 'Changed modpack to version <version></version>',
+	},
+	unlinked: {
+		id: 'servers.audit-log.event.modpack-unlinked',
+		defaultMessage: 'Unlinked modpack',
+	},
+	unlinkedModpack: {
+		id: 'servers.audit-log.event.modpack-unlinked-modpack',
+		defaultMessage: 'Unlinked modpack <modpack></modpack>',
+	},
+	unlinkedVersion: {
+		id: 'servers.audit-log.event.modpack-unlinked-version',
+		defaultMessage: 'Unlinked modpack version <version></version>',
+	},
+})
+
+const message = computed(() => {
+	if (props.kind === 'unlinked') {
+		if (props.modpack) return messages.unlinkedModpack
+		return props.versionLabel ? messages.unlinkedVersion : messages.unlinked
+	}
+
+	if (props.modpack) return messages.changedToModpack
+	return props.versionLabel ? messages.changedToVersion : messages.changed
+})
+
+const versionLabel = computed(() => props.versionLabel ?? '')
+</script>
diff --git a/packages/ui/src/components/servers/access/events/NetworkEvent.vue b/packages/ui/src/components/servers/access/events/NetworkEvent.vue
new file mode 100644
index 0000000000..2e82c38542
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/NetworkEvent.vue
@@ -0,0 +1,35 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message">
+			<template #port>
+				<span class="font-mono font-medium text-contrast">{{ port }}</span>
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+
+const props = defineProps<{
+	kind: 'added' | 'removed'
+	port: number
+}>()
+
+const messages = defineMessages({
+	added: {
+		id: 'servers.audit-log.event.port-allocation-added',
+		defaultMessage: 'Added port allocation <port></port>',
+	},
+	removed: {
+		id: 'servers.audit-log.event.port-allocation-removed',
+		defaultMessage: 'Removed port allocation <port></port>',
+	},
+})
+
+const message = computed(() => (props.kind === 'added' ? messages.added : messages.removed))
+</script>
diff --git a/packages/ui/src/components/servers/access/events/ServerMetaEvent.vue b/packages/ui/src/components/servers/access/events/ServerMetaEvent.vue
new file mode 100644
index 0000000000..3782d3c623
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/ServerMetaEvent.vue
@@ -0,0 +1,124 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message">
+			<template #name>
+				<EventEntityLink :entity="nameEntity" />
+			</template>
+			<template #subdomain>
+				<EventEntityLink :entity="subdomainEntity" />
+			</template>
+			<template #specs>
+				<EventInlineText :text="specsLabel" class="align-middle font-medium text-contrast" />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor, useVIntl } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityLink from './EventEntityLink.vue'
+import EventInlineText from './EventInlineText.vue'
+import type { EventEntity } from './types'
+
+const props = defineProps<{
+	kind: 'name' | 'subdomain' | 'plan'
+	name?: string
+	subdomain?: string
+	newSpecs?: Record<string, unknown>
+}>()
+
+const { formatMessage, locale } = useVIntl()
+
+const messages = defineMessages({
+	nameChanged: {
+		id: 'servers.audit-log.event.server-name-changed',
+		defaultMessage: 'Changed server name to <name></name>',
+	},
+	subdomainChanged: {
+		id: 'servers.audit-log.event.server-subdomain-changed',
+		defaultMessage: 'Changed server subdomain to <subdomain></subdomain>',
+	},
+	planChanged: {
+		id: 'servers.audit-log.event.server-plan-changed',
+		defaultMessage: 'Changed plan to <specs></specs>',
+	},
+	changed: {
+		id: 'servers.audit-log.event.server-metadata-changed',
+		defaultMessage: 'Changed server metadata',
+	},
+	cpuSpec: {
+		id: 'servers.audit-log.event.server-plan.cpu',
+		defaultMessage: '{count, plural, one {# CPU} other {# CPUs}}',
+	},
+	ramGb: {
+		id: 'servers.audit-log.event.server-plan.ram-gb',
+		defaultMessage: '{amount, number} GB RAM',
+	},
+	ramMb: {
+		id: 'servers.audit-log.event.server-plan.ram-mb',
+		defaultMessage: '{amount, number} MB RAM',
+	},
+	storageGb: {
+		id: 'servers.audit-log.event.server-plan.storage-gb',
+		defaultMessage: '{amount, number} GB storage',
+	},
+	storageMb: {
+		id: 'servers.audit-log.event.server-plan.storage-mb',
+		defaultMessage: '{amount, number} MB storage',
+	},
+	newPlan: {
+		id: 'servers.audit-log.event.server-plan.new-plan',
+		defaultMessage: 'new plan',
+	},
+})
+
+const kindMessages: Record<string, MessageDescriptor> = {
+	name: messages.nameChanged,
+	subdomain: messages.subdomainChanged,
+	plan: messages.planChanged,
+}
+
+const message = computed(() => kindMessages[props.kind] ?? messages.changed)
+const nameEntity = computed<EventEntity>(() => ({
+	id: props.name ?? '',
+	label: props.name ?? '',
+}))
+const subdomainEntity = computed<EventEntity>(() => ({
+	id: props.subdomain ?? '',
+	label: props.subdomain ?? '',
+	mono: true,
+}))
+
+const specsLabel = computed(() => {
+	void locale.value
+
+	const cpu = numberValue(props.newSpecs?.cpu)
+	const memory = numberValue(props.newSpecs?.memory_mb)
+	const storage = numberValue(props.newSpecs?.storage_mb)
+	const parts = []
+	if (cpu != null) parts.push(formatMessage(messages.cpuSpec, { count: cpu }))
+	if (memory != null) parts.push(formatMemoryMb(memory))
+	if (storage != null) parts.push(formatStorageMb(storage))
+	return parts.length > 0 ? parts.join(' / ') : formatMessage(messages.newPlan)
+})
+
+function numberValue(value: unknown): number | null {
+	return typeof value === 'number' && Number.isFinite(value) ? value : null
+}
+
+function formatMemoryMb(value: number): string {
+	if (value >= 1024) return formatMessage(messages.ramGb, { amount: Math.round(value / 1024) })
+	return formatMessage(messages.ramMb, { amount: value })
+}
+
+function formatStorageMb(value: number): string {
+	if (value >= 1024) {
+		return formatMessage(messages.storageGb, { amount: Math.round(value / 1024) })
+	}
+	return formatMessage(messages.storageMb, { amount: value })
+}
+</script>
diff --git a/packages/ui/src/components/servers/access/events/UnknownEvent.vue b/packages/ui/src/components/servers/access/events/UnknownEvent.vue
new file mode 100644
index 0000000000..59effd1e19
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/UnknownEvent.vue
@@ -0,0 +1,25 @@
+<template>
+	<BaseEvent>
+		<span class="mr-1 text-secondary">{{ formatMessage(messages.unknownEvent) }}</span>
+		<EventInlineText :text="rawAction" class="font-mono text-secondary" />
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import { defineMessages, useVIntl } from '../../../../composables/i18n'
+import BaseEvent from './BaseEvent.vue'
+import EventInlineText from './EventInlineText.vue'
+
+defineProps<{
+	rawAction: string
+}>()
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	unknownEvent: {
+		id: 'servers.audit-log.event.unknown',
+		defaultMessage: 'Unknown event',
+	},
+})
+</script>
diff --git a/packages/ui/src/components/servers/access/events/UserAccessEvent.vue b/packages/ui/src/components/servers/access/events/UserAccessEvent.vue
new file mode 100644
index 0000000000..755c1353ed
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/UserAccessEvent.vue
@@ -0,0 +1,123 @@
+<template>
+	<BaseEvent>
+		<IntlFormatted :message-id="message" :values="{ permissions: permissionLabel }">
+			<template #target-user>
+				<EventEntityLink :entity="targetUser" />
+			</template>
+			<template #permission-label="{ children }">
+				<span
+					v-if="permissionRole"
+					class="inline-flex h-7 items-center rounded-full border border-solid px-2.5 py-1 text-sm font-semibold leading-none align-middle"
+					:class="roleClasses(permissionRole)"
+				>
+					<component :is="() => children" />
+				</span>
+				<component :is="() => children" v-else />
+			</template>
+		</IntlFormatted>
+	</BaseEvent>
+</template>
+
+<script setup lang="ts">
+import type { Archon } from '@modrinth/api-client'
+import { computed } from 'vue'
+
+import { defineMessages, type MessageDescriptor, useVIntl } from '../../../../composables/i18n'
+import IntlFormatted from '../../../base/IntlFormatted.vue'
+import { apiPermissionsToAccessRole } from '../permissions'
+import type { ServerAccessRole } from '../types'
+import BaseEvent from './BaseEvent.vue'
+import EventEntityLink from './EventEntityLink.vue'
+import type { EventEntity } from './types'
+
+const props = defineProps<{
+	kind: 'invited' | 'invite_revoked' | 'permission_modified' | 'removed'
+	targetUser: EventEntity
+	permissions?: Archon.ServerUsers.v1.UserScope | null
+}>()
+
+const { formatMessage } = useVIntl()
+
+const messages = defineMessages({
+	invited: {
+		id: 'servers.audit-log.event.user-invited',
+		defaultMessage: 'Invited <target-user></target-user>',
+	},
+	invitedWithPermissions: {
+		id: 'servers.audit-log.event.user-invited-with-permissions',
+		defaultMessage:
+			'Invited <target-user></target-user> with <permission-label>{permissions}</permission-label>',
+	},
+	inviteRevoked: {
+		id: 'servers.audit-log.event.user-invite-revoked',
+		defaultMessage: 'Revoked invite for <target-user></target-user>',
+	},
+	permissionModified: {
+		id: 'servers.audit-log.event.user-permission-modified',
+		defaultMessage: 'Changed permissions for <target-user></target-user>',
+	},
+	permissionModifiedWithPermissions: {
+		id: 'servers.audit-log.event.user-permission-modified-with-permissions',
+		defaultMessage:
+			'Changed permissions for <target-user></target-user> to <permission-label>{permissions}</permission-label>',
+	},
+	removed: {
+		id: 'servers.audit-log.event.user-removed',
+		defaultMessage: 'Removed <target-user></target-user>',
+	},
+	ownerRole: {
+		id: 'servers.access-role.owner',
+		defaultMessage: 'Owner',
+	},
+	editorRole: {
+		id: 'servers.access-role.editor',
+		defaultMessage: 'Editor',
+	},
+	viewerRole: {
+		id: 'servers.access-role.viewer',
+		defaultMessage: 'Limited',
+	},
+})
+
+const roleMessages: Record<ServerAccessRole, MessageDescriptor> = {
+	owner: messages.ownerRole,
+	editor: messages.editorRole,
+	viewer: messages.viewerRole,
+}
+
+const message = computed(() => {
+	if (props.kind === 'invited') {
+		return permissionLabel.value ? messages.invitedWithPermissions : messages.invited
+	}
+	if (props.kind === 'invite_revoked') return messages.inviteRevoked
+	if (props.kind === 'permission_modified') {
+		return permissionLabel.value
+			? messages.permissionModifiedWithPermissions
+			: messages.permissionModified
+	}
+	return messages.removed
+})
+
+const permissionLabel = computed(() => {
+	const role = permissionRole.value
+	if (role) return formatMessage(roleMessages[role])
+	return ''
+})
+
+const permissionRole = computed(() =>
+	props.permissions == null || props.permissions === ''
+		? null
+		: apiPermissionsToAccessRole(props.permissions),
+)
+
+function roleClasses(role: ServerAccessRole): string {
+	switch (role) {
+		case 'owner':
+			return 'border-orange bg-highlight-orange text-orange'
+		case 'editor':
+			return 'border-green bg-highlight-green text-brand'
+		case 'viewer':
+			return 'border-blue bg-highlight-blue text-blue'
+	}
+}
+</script>
diff --git a/packages/ui/src/components/servers/access/events/index.ts b/packages/ui/src/components/servers/access/events/index.ts
new file mode 100644
index 0000000000..5c1e132022
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/index.ts
@@ -0,0 +1,16 @@
+export { default as AddonEvent } from './AddonEvent.vue'
+export { default as BackupEvent } from './BackupEvent.vue'
+export { default as BaseEvent } from './BaseEvent.vue'
+export { default as BasicStringEvent } from './BasicStringEvent.vue'
+export { default as ConfigEvent } from './ConfigEvent.vue'
+export { default as ConsoleEvent } from './ConsoleEvent.vue'
+export { default as EventEntityLink } from './EventEntityLink.vue'
+export { default as EventEntityList } from './EventEntityList.vue'
+export { default as FileEvent } from './FileEvent.vue'
+export { default as ModpackEvent } from './ModpackEvent.vue'
+export { default as NetworkEvent } from './NetworkEvent.vue'
+export * from './parser'
+export { default as ServerMetaEvent } from './ServerMetaEvent.vue'
+export * from './types'
+export { default as UnknownEvent } from './UnknownEvent.vue'
+export { default as UserAccessEvent } from './UserAccessEvent.vue'
diff --git a/packages/ui/src/components/servers/access/events/parser.ts b/packages/ui/src/components/servers/access/events/parser.ts
new file mode 100644
index 0000000000..242f8b2713
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/parser.ts
@@ -0,0 +1,609 @@
+import type { Archon } from '@modrinth/api-client'
+import { PackageIcon } from '@modrinth/assets'
+import type { Component } from 'vue'
+
+import AddonEvent from './AddonEvent.vue'
+import BackupEvent from './BackupEvent.vue'
+import BasicStringEvent from './BasicStringEvent.vue'
+import ConfigEvent from './ConfigEvent.vue'
+import ConsoleEvent from './ConsoleEvent.vue'
+import FileEvent from './FileEvent.vue'
+import ModpackEvent from './ModpackEvent.vue'
+import NetworkEvent from './NetworkEvent.vue'
+import ServerMetaEvent from './ServerMetaEvent.vue'
+import type {
+	AuditActor,
+	AuditAddonEventItem,
+	AuditBackupEventItem,
+	AuditEventLookups,
+	AuditWorld,
+	BaseEventProps,
+	EventEntity,
+	ParsedAuditEvent,
+} from './types'
+import UnknownEvent from './UnknownEvent.vue'
+import UserAccessEvent from './UserAccessEvent.vue'
+
+const basicEvents = new Set([
+	'server_created',
+	'server_reallocated',
+	'server_repaired',
+	'server_reset',
+	'server_started',
+	'server_stopped',
+	'server_restarted',
+	'server_killed',
+	'sftp_login',
+	'console_cleared',
+])
+
+export function parseAuditEvent(
+	entry: Archon.Actions.v1.ActionEntry,
+	lookups: AuditEventLookups,
+): ParsedAuditEvent {
+	const action = entry.action?.action || 'unknown'
+	const metadata = entry.action?.metadata
+	const base = baseProps(entry, lookups, action)
+
+	try {
+		if (basicEvents.has(action)) {
+			return parsed(BasicStringEvent, base, {}, actionSearchParts(action))
+		}
+
+		switch (action) {
+			case 'changed_server_name': {
+				const record = metadataRecord(metadata)
+				const name = stringField(record, 'name')
+				if (!name) return unknown(base, action)
+				return parsed(
+					ServerMetaEvent,
+					base,
+					{ kind: 'name', name },
+					actionSearchParts(action, name),
+				)
+			}
+			case 'changed_server_subdomain': {
+				const record = metadataRecord(metadata)
+				const subdomain = stringField(record, 'subdomain')
+				if (!subdomain) return unknown(base, action)
+				return parsed(ServerMetaEvent, base, { kind: 'subdomain', subdomain }, [
+					...actionSearchParts(action),
+					subdomain,
+				])
+			}
+			case 'server_plan_changed': {
+				const record = metadataRecord(metadata)
+				const newSpecs = objectField(record, 'new_specs')
+				if (!newSpecs) return unknown(base, action)
+				return parsed(ServerMetaEvent, base, { kind: 'plan', newSpecs }, [
+					...actionSearchParts(action),
+					...Object.values(newSpecs).map(String),
+				])
+			}
+			case 'user_invited':
+			case 'user_permission_modified': {
+				const actionMetadata = userPermissionsActionMetadata(metadataRecord(metadata))
+				if (!actionMetadata) return unknown(base, action)
+				const kind = action === 'user_invited' ? 'invited' : 'permission_modified'
+				const targetUser = userEntity(actionMetadata.user_id, lookups.users)
+				return parsed(
+					UserAccessEvent,
+					base,
+					{ kind, targetUser, permissions: actionMetadata.permissions },
+					[...actionSearchParts(action), targetUser.label, actionMetadata.permissions],
+				)
+			}
+			case 'user_invite_revoked':
+			case 'user_removed': {
+				const record = metadataRecord(metadata)
+				const userId = stringField(record, 'user_id')
+				if (!userId) return unknown(base, action)
+				const kind = action === 'user_invite_revoked' ? 'invite_revoked' : 'removed'
+				const targetUser = userEntity(userId, lookups.users)
+				return parsed(UserAccessEvent, base, { kind, targetUser }, [
+					...actionSearchParts(action),
+					targetUser.label,
+				])
+			}
+			case 'addon_added':
+			case 'addon_disabled':
+			case 'addon_enabled':
+			case 'addon_deleted':
+			case 'addon_updated': {
+				const addons = addonList(metadataRecord(metadata), lookups)
+				if (!addons) return unknown(base, action)
+				const kind = action.replace('addon_', '')
+				return parsed(AddonEvent, base, { kind, addons }, [
+					...actionSearchParts(action),
+					...addons.flatMap((addon) => [
+						addon.project.label,
+						addon.addonId,
+						addon.versionId,
+						addon.versionLabel,
+					]),
+				])
+			}
+			case 'addon_uploaded': {
+				const fileNames = stringArrayField(metadataRecord(metadata), 'file_names')
+				if (!fileNames) return unknown(base, action)
+				const files = fileNames.map((name) => fileEntity(name, lookups.serverId, false))
+				return parsed(AddonEvent, base, { kind: 'uploaded', fileNames: files }, [
+					...actionSearchParts(action),
+					...fileNames,
+				])
+			}
+			case 'modpack_changed': {
+				const record = metadataRecord(metadata)
+				const modpack = modpackEntityFromMetadata(record, lookups)
+				const versionLabel = modpack ? null : modpackVersionLabelFromMetadata(record, lookups)
+				return parsed(ModpackEvent, base, { kind: 'changed', modpack, versionLabel }, [
+					...actionSearchParts(action),
+					modpack?.id,
+					modpack?.label,
+					modpack?.secondaryLabel,
+					versionLabel,
+				])
+			}
+			case 'modpack_unlinked': {
+				const record = metadataRecord(metadata)
+				const modpack = modpackEntityFromMetadata(record, lookups)
+				const versionLabel = modpack ? null : modpackVersionLabelFromMetadata(record, lookups)
+				return parsed(ModpackEvent, base, { kind: 'unlinked', modpack, versionLabel }, [
+					...actionSearchParts(action),
+					modpack?.id,
+					modpack?.label,
+					modpack?.secondaryLabel,
+					versionLabel,
+				])
+			}
+			case 'port_allocation_added':
+			case 'port_allocation_removed': {
+				const port = numberField(metadataRecord(metadata), 'port')
+				if (port == null) return unknown(base, action)
+				return parsed(
+					NetworkEvent,
+					base,
+					{ kind: action === 'port_allocation_added' ? 'added' : 'removed', port },
+					[...actionSearchParts(action), String(port)],
+				)
+			}
+			case 'loader_version_edited': {
+				const record = metadataRecord(metadata)
+				if (!record || !('new_version' in record)) return unknown(base, action)
+				const newLoader = record.new_loader == null ? null : valueToString(record.new_loader)
+				const newVersion = record.new_version == null ? null : valueToString(record.new_version)
+				return parsed(ConfigEvent, base, { kind: 'loader_version', newLoader, newVersion }, [
+					...actionSearchParts(action),
+					newLoader,
+					newVersion,
+				])
+			}
+			case 'game_version_edited': {
+				const newVersion = stringField(metadataRecord(metadata), 'new_version')
+				if (!newVersion) return unknown(base, action)
+				return parsed(ConfigEvent, base, { kind: 'game_version', newVersion }, [
+					...actionSearchParts(action),
+					newVersion,
+				])
+			}
+			case 'server_properties_modified': {
+				const properties = objectField(metadataRecord(metadata), 'properties')
+				if (!properties) return unknown(base, action)
+				const items = Object.entries(properties).map(
+					([key, value]): EventEntity => ({
+						id: key,
+						label: `${key}: ${valueToString(value) ?? ''}`,
+						mono: true,
+					}),
+				)
+				return parsed(ConfigEvent, base, { kind: 'properties', properties: items }, [
+					...actionSearchParts(action),
+					...items.map((item) => item.label),
+				])
+			}
+			case 'startup_command_modified': {
+				const command = stringField(metadataRecord(metadata), 'command')
+				if (!command) return unknown(base, action)
+				return parsed(ConfigEvent, base, { kind: 'startup_command', command }, [
+					...actionSearchParts(action),
+					command,
+				])
+			}
+			case 'java_runtime_modified': {
+				const vendor = stringField(metadataRecord(metadata), 'vendor')
+				if (!vendor) return unknown(base, action)
+				return parsed(ConfigEvent, base, { kind: 'java_runtime', vendor }, [
+					...actionSearchParts(action),
+					vendor,
+				])
+			}
+			case 'java_version_modified': {
+				const version = numberField(metadataRecord(metadata), 'version')
+				if (version == null) return unknown(base, action)
+				return parsed(ConfigEvent, base, { kind: 'java_version', version }, [
+					...actionSearchParts(action),
+					String(version),
+				])
+			}
+			case 'file_uploaded':
+			case 'file_deleted':
+			case 'file_edited': {
+				const path = stringField(metadataRecord(metadata), 'path')
+				if (!path) return unknown(base, action)
+				const kind = action.replace('file_', '')
+				return parsed(FileEvent, base, { kind, file: fileEntity(path, lookups.serverId) }, [
+					...actionSearchParts(action),
+					path,
+				])
+			}
+			case 'file_renamed': {
+				const record = metadataRecord(metadata)
+				const from = stringField(record, 'from')
+				const to = stringField(record, 'to')
+				if (!from || !to) return unknown(base, action)
+				return parsed(
+					FileEvent,
+					base,
+					{
+						kind: 'renamed',
+						from: fileEntity(from, lookups.serverId),
+						to: fileEntity(to, lookups.serverId),
+					},
+					[...actionSearchParts(action), from, to],
+				)
+			}
+			case 'console_command_executed': {
+				const command = stringField(metadataRecord(metadata), 'command')
+				if (!command) return unknown(base, action)
+				return parsed(ConsoleEvent, base, { command }, [...actionSearchParts(action), command])
+			}
+			case 'backup_created':
+			case 'backup_restored':
+			case 'backup_deleted': {
+				const id = stringField(metadataRecord(metadata), 'id')
+				if (!id) return unknown(base, action)
+				const kind = action.replace('backup_', '')
+				const backup = backupEntity(id, lookups)
+				return parsed(BackupEvent, base, { kind, backup: backup ?? undefined, backupId: id }, [
+					...actionSearchParts(action),
+					backup?.label,
+					id,
+				])
+			}
+			case 'backup_renamed': {
+				const record = metadataRecord(metadata)
+				const id = stringField(record, 'id')
+				const from = stringField(record, 'from')
+				const to = stringField(record, 'to')
+				if (!id || !from || !to) return unknown(base, action)
+				const backup = backupEntity(id, lookups)
+				return parsed(
+					BackupEvent,
+					base,
+					{ kind: 'renamed', backup: backup ?? undefined, backupId: id, from, to },
+					[...actionSearchParts(action), backup?.label, from, to, id],
+				)
+			}
+			default:
+				return unknown(base, action)
+		}
+	} catch {
+		return unknown(base, action)
+	}
+}
+
+function baseProps(
+	entry: Archon.Actions.v1.ActionEntry,
+	lookups: AuditEventLookups,
+	action: string,
+): BaseEventProps {
+	return {
+		action,
+		timestamp: entry.timestamp,
+		actor: actorFromEntry(entry.actor, lookups.users),
+		world: worldFromId(entry.world_id ?? null, lookups.worldById),
+	}
+}
+
+function parsed(
+	component: Component,
+	base: BaseEventProps,
+	props: Record<string, unknown>,
+	searchParts: unknown[],
+): ParsedAuditEvent {
+	return {
+		key: base.action,
+		component,
+		props: { ...base, ...props },
+		searchText: searchParts
+			.filter((part): part is string => typeof part === 'string' && part.length > 0)
+			.join(' ')
+			.toLowerCase(),
+	}
+}
+
+function unknown(base: BaseEventProps, rawAction: string): ParsedAuditEvent {
+	return parsed(UnknownEvent, base, { rawAction }, [rawAction])
+}
+
+function actionSearchParts(action: string, ...extra: unknown[]): unknown[] {
+	return [action, action.replaceAll('_', ' '), ...extra]
+}
+
+function actorFromEntry(
+	actor: Archon.Actions.v1.ActionUser,
+	users: Record<string, Archon.Actions.v1.UserResp>,
+): AuditActor {
+	if (actor.type === 'support') {
+		const user = actor.user_id ? users[actor.user_id] : undefined
+		return {
+			id: 'support',
+			username: user?.username ? `Support (${user.username})` : 'support',
+		}
+	}
+
+	const user = users[actor.user_id]
+	return {
+		id: actor.user_id,
+		username: user?.username ?? actor.user_id,
+		avatarUrl: user?.avatar_url || undefined,
+		profilePath: user?.username ? `/user/${encodeURIComponent(user.username)}` : undefined,
+	}
+}
+
+function userPermissionsActionMetadata(
+	record: Record<string, unknown> | null,
+): Archon.Actions.v1.UserPermissionsActionMetadata | null {
+	const userId = stringField(record, 'user_id')
+	if (!userId) return null
+
+	return {
+		user_id: userId,
+		permissions: permissionField(record?.permissions),
+	}
+}
+
+function permissionField(value: unknown): Archon.ServerUsers.v1.UserScope | null {
+	if (typeof value === 'number' && Number.isFinite(value)) return value
+	if (typeof value === 'string') return value.trim() || null
+	if (Array.isArray(value)) {
+		const permissions = value
+			.filter((permission): permission is string => typeof permission === 'string')
+			.map((permission) => permission.trim())
+			.filter(Boolean)
+		return permissions.length > 0 ? permissions.join(' | ') : null
+	}
+	return null
+}
+
+function worldFromId(
+	worldId: string | null,
+	worldById: Map<string, AuditWorld>,
+): AuditWorld | null {
+	if (!worldId) return null
+	return worldById.get(worldId) ?? { id: worldId, name: worldId }
+}
+
+function userEntity(
+	userId: string,
+	users: Record<string, Archon.Actions.v1.UserResp>,
+): EventEntity {
+	const user = users[userId]
+	const label = user?.username ?? userId
+	return {
+		id: userId,
+		label,
+		iconUrl: user?.avatar_url || undefined,
+		iconShape: 'circle',
+		to: user?.username ? `/user/${encodeURIComponent(user.username)}` : undefined,
+	}
+}
+
+function addonList(
+	record: Record<string, unknown> | null,
+	lookups: AuditEventLookups,
+): AuditAddonEventItem[] | null {
+	const list = arrayField(record, 'addons')
+	if (!list) return null
+
+	const addons: AuditAddonEventItem[] = []
+	for (const item of list) {
+		const addonRecord = metadataRecord(item)
+		const addonId = stringField(addonRecord, 'addon_id')
+		const versionId = stringField(addonRecord, 'version_id')
+		if (!addonId || !versionId) return null
+		addons.push(addonEntity(addonId, versionId, lookups.addons, lookups.versions))
+	}
+	return addons
+}
+
+function addonEntity(
+	addonId: string,
+	versionId: string,
+	addons: Record<string, Archon.Actions.v1.AddonResp>,
+	versions: Record<string, Archon.Actions.v1.VersionResp>,
+): AuditAddonEventItem {
+	const addon = addons[addonId]
+	const versionLabel = resolveVersionLabel(versionId, versions)
+	const projectIdOrSlug = addon?.slug || addonId
+	return {
+		addonId,
+		versionId,
+		versionLabel,
+		project: {
+			id: addonId,
+			label: addon?.title || shortId(addonId),
+			secondaryLabel: versionLabel,
+			icon: PackageIcon,
+			iconUrl: addon?.icon_url || undefined,
+			iconShape: 'square',
+			to: `/project/${encodeURIComponent(projectIdOrSlug)}/version/${encodeURIComponent(versionId)}`,
+		},
+	}
+}
+
+function resolveVersionLabel(
+	versionId: string,
+	versions: Record<string, Archon.Actions.v1.VersionResp>,
+): string {
+	const version = versions[versionId]
+	return version?.version_number || version?.name || shortId(versionId)
+}
+
+function backupEntity(id: string, lookups: AuditEventLookups): AuditBackupEventItem | null {
+	const backup = lookups.backupById.get(id)
+	if (!backup) return null
+
+	return {
+		id,
+		backupId: id,
+		found: true,
+		label: backup.name,
+		to: {
+			path: `/hosting/manage/${lookups.serverId}/backups`,
+			query: { backup: id },
+		},
+	}
+}
+
+function fileEntity(path: string, serverId: string, link = true): EventEntity {
+	return {
+		id: path,
+		label: path,
+		mono: true,
+		to: link
+			? {
+					path: `/hosting/manage/${serverId}/files`,
+					query: {
+						path: parentPath(path),
+						editing: path,
+					},
+				}
+			: undefined,
+	}
+}
+
+function parentPath(path: string): string {
+	const normalized = path.startsWith('/') ? path : `/${path}`
+	const lastSlash = normalized.lastIndexOf('/')
+	if (lastSlash <= 0) return '/'
+	return normalized.slice(0, lastSlash)
+}
+
+function metadataRecord(value: unknown): Record<string, unknown> | null {
+	if (!value || typeof value !== 'object' || Array.isArray(value)) return null
+	return value as Record<string, unknown>
+}
+
+function objectField(
+	record: Record<string, unknown> | null,
+	key: string,
+): Record<string, unknown> | null {
+	return metadataRecord(record?.[key])
+}
+
+function arrayField(record: Record<string, unknown> | null, key: string): unknown[] | null {
+	const value = record?.[key]
+	return Array.isArray(value) ? value : null
+}
+
+function stringArrayField(record: Record<string, unknown> | null, key: string): string[] | null {
+	const array = arrayField(record, key)
+	if (!array || !array.every((item) => typeof item === 'string')) return null
+	return array
+}
+
+function modpackEntityFromMetadata(
+	record: Record<string, unknown> | null,
+	lookups: AuditEventLookups,
+): EventEntity | null {
+	const spec = metadataRecord(record?.spec)
+	if (!spec) return null
+
+	const platform = stringField(spec, 'platform')
+	if (platform === 'modrinth') {
+		const projectId = stringField(spec, 'project_id')
+		const versionId = stringField(spec, 'version_id')
+		if (!projectId && !versionId) return null
+
+		const project = projectId ? lookups.addons[projectId] : undefined
+		const versionLabel = versionId ? resolveVersionLabel(versionId, lookups.versions) : undefined
+		const projectIdOrSlug = project?.slug || projectId
+		const label = project?.title || (projectId ? shortId(projectId) : versionLabel)
+
+		return {
+			id: projectId || versionId || 'modrinth',
+			label: label || 'Modrinth modpack',
+			secondaryLabel: versionLabel,
+			icon: PackageIcon,
+			iconUrl: project?.icon_url || undefined,
+			iconShape: 'square',
+			to: projectIdOrSlug
+				? versionId
+					? `/project/${encodeURIComponent(projectIdOrSlug)}/version/${encodeURIComponent(versionId)}`
+					: `/project/${encodeURIComponent(projectIdOrSlug)}`
+				: undefined,
+			title: project?.title ? undefined : projectId || versionId || undefined,
+		}
+	}
+
+	if (platform === 'local_file') {
+		const filename = stringField(spec, 'filename')
+		const name = stringField(spec, 'name')
+		const versionId = stringField(spec, 'version_id')
+		if (!filename && !name && !versionId) return null
+
+		return {
+			id: filename || name || versionId || 'local-file',
+			label: name || filename || versionId || 'Local modpack',
+			secondaryLabel: name && filename ? filename : versionId || undefined,
+			icon: PackageIcon,
+			iconShape: 'square',
+			mono: !name,
+			title: filename || name || undefined,
+		}
+	}
+
+	return null
+}
+
+function modpackVersionLabelFromMetadata(
+	record: Record<string, unknown> | null,
+	lookups: AuditEventLookups,
+): string | null {
+	const direct = valueToString(record?.new_version)
+	if (direct != null) return direct
+
+	const spec = metadataRecord(record?.spec)
+	if (!spec) return null
+
+	const versionId = valueToString(spec.version_id)
+	if (versionId != null) return resolveVersionLabel(versionId, lookups.versions)
+
+	if (spec.platform === 'local_file') {
+		return stringField(spec, 'name') ?? stringField(spec, 'filename')
+	}
+
+	return null
+}
+
+function stringField(record: Record<string, unknown> | null, key: string): string | null {
+	const value = record?.[key]
+	return typeof value === 'string' && value.length > 0 ? value : null
+}
+
+function numberField(record: Record<string, unknown> | null, key: string): number | null {
+	const value = record?.[key]
+	return typeof value === 'number' && Number.isFinite(value) ? value : null
+}
+
+function valueToString(value: unknown): string | null {
+	if (typeof value === 'string') return value
+	if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+	return null
+}
+
+function shortId(id: string): string {
+	if (id.length <= 12) return id
+	return id.slice(0, 8)
+}
diff --git a/packages/ui/src/components/servers/access/events/types.ts b/packages/ui/src/components/servers/access/events/types.ts
new file mode 100644
index 0000000000..791d97eb3f
--- /dev/null
+++ b/packages/ui/src/components/servers/access/events/types.ts
@@ -0,0 +1,69 @@
+import type { Archon } from '@modrinth/api-client'
+import type { Component } from 'vue'
+
+export interface AuditActor {
+	id: string
+	username: string
+	avatarUrl?: string
+	profilePath?: string
+}
+
+export interface AuditWorld {
+	id: string
+	name: string
+}
+
+export interface BaseEventProps {
+	action: string
+	timestamp: string
+	actor: AuditActor
+	world: AuditWorld | null
+}
+
+export type EventRoute =
+	| string
+	| {
+			path: string
+			query?: Record<string, string | undefined>
+	  }
+
+export interface EventEntity {
+	id: string
+	label: string
+	secondaryLabel?: string
+	to?: EventRoute
+	icon?: Component
+	iconUrl?: string | null
+	iconShape?: 'circle' | 'square'
+	mono?: boolean
+	muted?: boolean
+	title?: string
+}
+
+export interface AuditAddonEventItem {
+	addonId: string
+	versionId: string
+	project: EventEntity
+	versionLabel: string
+}
+
+export interface AuditBackupEventItem extends EventEntity {
+	backupId: string
+	found: boolean
+}
+
+export interface ParsedAuditEvent {
+	key: string
+	component: Component
+	props: BaseEventProps & Record<string, unknown>
+	searchText: string
+}
+
+export interface AuditEventLookups {
+	serverId: string
+	users: Record<string, Archon.Actions.v1.UserResp>
+	addons: Record<string, Archon.Actions.v1.AddonResp>
+	versions: Record<string, Archon.Actions.v1.VersionResp>
+	worldById: Map<string, AuditWorld>
+	backupById: Map<string, Archon.Backups.v1.Backup>
+}
diff --git a/packages/ui/src/components/servers/access/index.ts b/packages/ui/src/components/servers/access/index.ts
new file mode 100644
index 0000000000..d1d76e19f6
--- /dev/null
+++ b/packages/ui/src/components/servers/access/index.ts
@@ -0,0 +1,7 @@
+export { default as AccessTable } from './AccessTable.vue'
+export { default as AuditLogTable } from './AuditLogTable.vue'
+export * from './events'
+export { default as GrantAccessModal } from './GrantAccessModal.vue'
+export * from './permissions'
+export { default as RemoveAccessModal } from './RemoveAccessModal.vue'
+export * from './types'
diff --git a/packages/ui/src/components/servers/access/permissions.ts b/packages/ui/src/components/servers/access/permissions.ts
new file mode 100644
index 0000000000..3cf7123858
--- /dev/null
+++ b/packages/ui/src/components/servers/access/permissions.ts
@@ -0,0 +1,25 @@
+import type { Archon } from '@modrinth/api-client'
+
+import { hasServerPermission } from '../../../composables/server-permissions'
+import type { ServerAccessRole } from './types'
+
+export function apiPermissionsToAccessRole(
+	permissions: Archon.ServerUsers.v1.UserScope,
+): ServerAccessRole {
+	if (
+		hasServerPermission(permissions, 'SERVER_ADMIN') ||
+		hasServerPermission(permissions, 'MANAGE_USERS')
+	) {
+		return 'owner'
+	}
+	if (
+		hasServerPermission(permissions, 'FILES_WRITE') ||
+		hasServerPermission(permissions, 'SETUP') ||
+		hasServerPermission(permissions, 'BACKUPS') ||
+		hasServerPermission(permissions, 'ADVANCED') ||
+		hasServerPermission(permissions, 'RESET_SERVER')
+	) {
+		return 'editor'
+	}
+	return 'viewer'
+}
diff --git a/packages/ui/src/components/servers/access/types.ts b/packages/ui/src/components/servers/access/types.ts
new file mode 100644
index 0000000000..b3daa0d9d8
--- /dev/null
+++ b/packages/ui/src/components/servers/access/types.ts
@@ -0,0 +1,56 @@
+import type { AuditActor, AuditWorld, ParsedAuditEvent } from './events/types'
+
+export type ServerAccessRole = 'owner' | 'editor' | 'viewer'
+
+export interface ServerAccessUser extends AuditActor {
+	id: string
+	username: string
+	avatarUrl?: string
+}
+
+export interface ServerAccessMember {
+	id: string
+	user: ServerAccessUser
+	role: ServerAccessRole
+	joinedAt: string | null
+	inviteResendAvailableAt?: string | null
+	pending?: boolean
+	isOwner?: boolean
+}
+
+export interface ServerAuditLogEntry {
+	id: string
+	actor: AuditActor
+	world: AuditWorld | null
+	event: ParsedAuditEvent
+	timestamp: string
+}
+
+export interface ServerAuditLogFilters {
+	userId: string | null
+	worldId: string | null
+}
+
+export interface ServerAccessRoleOption {
+	value: ServerAccessRole
+	label: string
+	description?: string
+}
+
+export interface ServerAccessInviteSuggestion {
+	id: string
+	username: string
+	avatarUrl?: string
+	email?: string
+}
+
+export interface GrantServerAccessPayload {
+	target: string
+	role: Exclude<ServerAccessRole, 'owner'>
+	addAsFriend: boolean
+}
+
+export interface ServerListingOwner {
+	username: string
+	avatarUrl?: string
+}
diff --git a/packages/ui/src/components/servers/admonitions/BackupAdmonition.vue b/packages/ui/src/components/servers/admonitions/BackupAdmonition.vue
index e37f95715f..beac824d1f 100644
--- a/packages/ui/src/components/servers/admonitions/BackupAdmonition.vue
+++ b/packages/ui/src/components/servers/admonitions/BackupAdmonition.vue
@@ -32,6 +32,8 @@ defineProps<{
 	item: BackupAdmonitionEntry
 	dismissible: boolean
 	cancelling: boolean
+	canManageBackups?: boolean
+	permissionDeniedMessage?: string
 }>()
 
 defineEmits<{
@@ -278,12 +280,24 @@ function getDescription(item: BackupAdmonitionEntry): string {
 		</div>
 		<template #top-right-actions>
 			<ButtonStyled v-if="canCancel(item)" type="outlined" color="blue">
-				<button class="!border" type="button" :disabled="cancelling" @click="$emit('cancel')">
+				<button
+					v-tooltip="canManageBackups === false ? permissionDeniedMessage : undefined"
+					class="!border"
+					type="button"
+					:disabled="cancelling || canManageBackups === false"
+					@click="$emit('cancel')"
+				>
 					{{ formatMessage(commonMessages.cancelButton) }}
 				</button>
 			</ButtonStyled>
 			<ButtonStyled v-if="canRetry(item)" color="red" type="outlined">
-				<button class="!border" type="button" @click="$emit('retry')">
+				<button
+					v-tooltip="canManageBackups === false ? permissionDeniedMessage : undefined"
+					class="!border"
+					type="button"
+					:disabled="canManageBackups === false"
+					@click="$emit('retry')"
+				>
 					<RotateCounterClockwiseIcon class="size-5" />
 					{{ formatMessage(commonMessages.retryButton) }}
 				</button>
diff --git a/packages/ui/src/components/servers/admonitions/FileOperationAdmonition.vue b/packages/ui/src/components/servers/admonitions/FileOperationAdmonition.vue
index 4a57be09f1..8ce40296d5 100644
--- a/packages/ui/src/components/servers/admonitions/FileOperationAdmonition.vue
+++ b/packages/ui/src/components/servers/admonitions/FileOperationAdmonition.vue
@@ -25,7 +25,13 @@
 		</span>
 		<template v-if="op.id" #top-right-actions>
 			<ButtonStyled v-if="!isTerminal" type="outlined" color="blue">
-				<button class="!border" type="button" @click="ctx.dismissOperation(op.id!, 'cancel')">
+				<button
+					v-tooltip="!canWriteFiles ? permissionDeniedMessage : undefined"
+					class="!border"
+					type="button"
+					:disabled="!canWriteFiles"
+					@click="cancelOperation"
+				>
 					{{ formatMessage(commonMessages.cancelButton) }}
 				</button>
 			</ButtonStyled>
@@ -41,6 +47,7 @@ import Admonition from '#ui/components/base/Admonition.vue'
 import ButtonStyled from '#ui/components/base/ButtonStyled.vue'
 import { useFormatBytes } from '#ui/composables'
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import type { FileOperation } from '#ui/layouts/shared/files-tab/types'
 import { injectModrinthServerContext } from '#ui/providers'
 import { commonMessages } from '#ui/utils/common-messages'
@@ -55,6 +62,7 @@ const props = defineProps<{
 const { formatMessage } = useVIntl()
 const formatBytes = useFormatBytes()
 const ctx = injectModrinthServerContext()
+const { canWriteFiles, permissionDeniedMessage } = useServerPermissions()
 
 const messages = defineMessages({
 	extracting: {
@@ -97,4 +105,9 @@ const title = computed(() => {
 	}
 	return formatMessage(messages.extracting, { source: sourceName.value })
 })
+
+function cancelOperation() {
+	if (!canWriteFiles.value || !props.op.id) return
+	ctx.dismissOperation(props.op.id, 'cancel')
+}
 </script>
diff --git a/packages/ui/src/components/servers/admonitions/ServerPanelAdmonitions.vue b/packages/ui/src/components/servers/admonitions/ServerPanelAdmonitions.vue
index c932904f96..87e9a12746 100644
--- a/packages/ui/src/components/servers/admonitions/ServerPanelAdmonitions.vue
+++ b/packages/ui/src/components/servers/admonitions/ServerPanelAdmonitions.vue
@@ -12,6 +12,7 @@ import InstallingBanner, {
 } from '#ui/components/servers/InstallingBanner.vue'
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
 import { useServerBackupsQueue } from '#ui/composables/server-backups-queue'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import type { FileOperation } from '#ui/layouts/shared/files-tab/types'
 import { injectModrinthClient, injectModrinthServerContext } from '#ui/providers'
 
@@ -32,6 +33,7 @@ const { formatMessage } = useVIntl()
 const client = injectModrinthClient()
 const ctx = injectModrinthServerContext()
 const route = useRoute()
+const { canSetup, canManageBackups, permissionDeniedMessage } = useServerPermissions()
 
 const { activeOperations, backups, progressFor, invalidate } = useServerBackupsQueue(
 	computed(() => ctx.serverId),
@@ -311,6 +313,7 @@ async function onBackupDismiss(item: BackupAdmonitionEntry) {
 }
 
 async function onBackupCancel(item: BackupAdmonitionEntry) {
+	if (!canManageBackups.value) return
 	if (cancellingIds.has(item.key)) return
 	cancellingIds.add(item.key)
 	try {
@@ -337,6 +340,7 @@ async function onBackupCancel(item: BackupAdmonitionEntry) {
 }
 
 async function onBackupRetry(item: BackupAdmonitionEntry) {
+	if (!canManageBackups.value) return
 	await client.archon.backups_queue_v1.retry(ctx.serverId, ctx.worldId.value!, item.backupId)
 	dismissedIds.add(item.key)
 	await invalidate()
@@ -402,6 +406,8 @@ function onContentErrorDismiss() {
 				:fallback-phase="isOnContentTab && !syncProgress ? 'Addons' : null"
 				:content-error="contentError"
 				:dismissible="dismissible && !!contentError"
+				:retry-disabled="!canSetup"
+				:retry-disabled-tooltip="permissionDeniedMessage"
 				@dismiss="onContentErrorDismiss"
 				@retry="emit('content-retry')"
 			/>
@@ -422,6 +428,8 @@ function onContentErrorDismiss() {
 				:item="item.entry"
 				:dismissible="dismissible"
 				:cancelling="cancellingIds.has(item.entry.key)"
+				:can-manage-backups="canManageBackups"
+				:permission-denied-message="permissionDeniedMessage"
 				@dismiss="onBackupDismiss(item.entry)"
 				@cancel="onBackupCancel(item.entry)"
 				@retry="onBackupRetry(item.entry)"
diff --git a/packages/ui/src/components/servers/backups/BackupCreateModal.vue b/packages/ui/src/components/servers/backups/BackupCreateModal.vue
index bd9e53c4a1..363f428cc7 100644
--- a/packages/ui/src/components/servers/backups/BackupCreateModal.vue
+++ b/packages/ui/src/components/servers/backups/BackupCreateModal.vue
@@ -53,7 +53,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="brand">
-					<button :disabled="createMutation.isPending.value || nameExists" @click="createBackup">
+					<button
+						v-tooltip="createDisabledTooltip"
+						:disabled="createDisabled"
+						@click="createBackup"
+					>
 						<PlusIcon />
 						Create backup
 					</button>
@@ -69,23 +73,35 @@ import { IssuesIcon, PlusIcon, XIcon } from '@modrinth/assets'
 import { useMutation, useQueryClient } from '@tanstack/vue-query'
 import { computed, nextTick, ref } from 'vue'
 
+import { useVIntl } from '../../../composables/i18n'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
 	injectNotificationManager,
 } from '../../../providers'
+import { commonMessages } from '../../../utils'
 import ButtonStyled from '../../base/ButtonStyled.vue'
 import StyledInput from '../../base/StyledInput.vue'
 import NewModal from '../../modal/NewModal.vue'
 
 const { addNotification } = injectNotificationManager()
+const { formatMessage } = useVIntl()
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
 const ctx = injectModrinthServerContext()
 
-const props = defineProps<{
-	backups?: Archon.BackupsQueue.v1.BackupQueueBackup[]
-}>()
+const props = withDefaults(
+	defineProps<{
+		backups?: Archon.BackupsQueue.v1.BackupQueueBackup[]
+		canCreate?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		backups: undefined,
+		canCreate: true,
+		permissionDeniedMessage: undefined,
+	},
+)
 
 const backupsQueryKey = ['backups', 'queue', ctx.serverId]
 
@@ -109,6 +125,14 @@ const nameExists = computed(() => {
 		(backup) => backup.name.trim().toLowerCase() === trimmedName.value.toLowerCase(),
 	)
 })
+const createDisabled = computed(
+	() => createMutation.isPending.value || nameExists.value || !props.canCreate,
+)
+const createDisabledTooltip = computed(() =>
+	props.canCreate
+		? undefined
+		: (props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction)),
+)
 
 const focusInput = () => {
 	nextTick(() => {
@@ -129,6 +153,7 @@ const hideModal = () => {
 }
 
 const createBackup = () => {
+	if (!props.canCreate) return
 	const name = trimmedName.value || `Backup #${newBackupAmount.value}`
 	isRateLimited.value = false
 
diff --git a/packages/ui/src/components/servers/backups/BackupDeleteModal.vue b/packages/ui/src/components/servers/backups/BackupDeleteModal.vue
index fcbe9bc446..d00e857aad 100644
--- a/packages/ui/src/components/servers/backups/BackupDeleteModal.vue
+++ b/packages/ui/src/components/servers/backups/BackupDeleteModal.vue
@@ -67,7 +67,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="red">
-					<button @click="confirmDelete">
+					<button
+						v-tooltip="deleteDisabledTooltip"
+						:disabled="!props.canDelete"
+						@click="confirmDelete"
+					>
 						<TrashIcon />
 						{{ formatMessage(messages.confirm, { count }) }}
 					</button>
@@ -92,6 +96,17 @@ import BackupItem from './BackupItem.vue'
 
 const { formatMessage } = useVIntl()
 
+const props = withDefaults(
+	defineProps<{
+		canDelete?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		canDelete: true,
+		permissionDeniedMessage: undefined,
+	},
+)
+
 const emit = defineEmits<{
 	(e: 'delete', backup: Archon.BackupsQueue.v1.BackupQueueBackup | undefined): void
 	(e: 'bulk-delete', backups: Archon.BackupsQueue.v1.BackupQueueBackup[]): void
@@ -133,6 +148,11 @@ const count = computed(() => (isBulk.value ? bulkBackups.value.length : 1))
 const displayBackups = computed(() =>
 	isBulk.value ? bulkBackups.value : singleBackup.value ? [singleBackup.value] : [],
 )
+const deleteDisabledTooltip = computed(() =>
+	props.canDelete
+		? undefined
+		: (props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction)),
+)
 
 function show(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
 	singleBackup.value = backup
@@ -149,6 +169,7 @@ function showBulk(backups: Archon.BackupsQueue.v1.BackupQueueBackup[]) {
 }
 
 function confirmDelete() {
+	if (!props.canDelete) return
 	modal.value?.hide()
 	if (isBulk.value) {
 		emit('bulk-delete', bulkBackups.value)
diff --git a/packages/ui/src/components/servers/backups/BackupItem.vue b/packages/ui/src/components/servers/backups/BackupItem.vue
index 15b29d0b67..2666be78a4 100644
--- a/packages/ui/src/components/servers/backups/BackupItem.vue
+++ b/packages/ui/src/components/servers/backups/BackupItem.vue
@@ -38,7 +38,10 @@ const props = withDefaults(
 		showCopyIdAction?: boolean
 		showDebugInfo?: boolean
 		restoreDisabled?: string
+		writeDisabled?: boolean
+		writeDisabledTooltip?: string
 		selected?: boolean
+		highlighted?: boolean
 	}>(),
 	{
 		preview: false,
@@ -47,7 +50,10 @@ const props = withDefaults(
 		showCopyIdAction: false,
 		showDebugInfo: false,
 		restoreDisabled: undefined,
+		writeDisabled: false,
+		writeDisabledTooltip: undefined,
 		selected: false,
+		highlighted: false,
 	},
 )
 
@@ -60,6 +66,12 @@ const backupIcon = computed(() => {
 	return UserRoundIcon
 })
 
+const itemBorderClass = computed(() => {
+	if (props.selected) return 'border-brand-green'
+	if (props.highlighted) return 'border-purple backup-item-highlighted'
+	return 'border-transparent'
+})
+
 const overflowMenuOptions = computed<OverflowOption[]>(() => {
 	const options: OverflowOption[] = []
 
@@ -81,13 +93,20 @@ const overflowMenuOptions = computed<OverflowOption[]>(() => {
 		disabled: !props.kyrosUrl || !props.jwt,
 	})
 
-	options.push({ id: 'rename', action: () => emit('rename') })
+	options.push({
+		id: 'rename',
+		action: () => emit('rename'),
+		disabled: props.writeDisabled,
+		tooltip: props.writeDisabled ? props.writeDisabledTooltip : undefined,
+	})
 
 	options.push({ divider: true })
 	options.push({
 		id: 'delete',
 		color: 'red',
 		action: () => emit('delete'),
+		disabled: props.writeDisabled,
+		tooltip: props.writeDisabled ? props.writeDisabledTooltip : undefined,
 	})
 
 	return options
@@ -123,7 +142,7 @@ const messages = defineMessages({
 <template>
 	<div
 		class="flex items-center gap-4 rounded-[20px] border border-solid bg-surface-3 p-4 shadow-[0px_1px_2px_0px_rgba(0,0,0,0.3),0px_1px_3px_0px_rgba(0,0,0,0.15)]"
-		:class="props.selected ? 'border-brand-green' : 'border-transparent'"
+		:class="itemBorderClass"
 	>
 		<div class="flex min-w-0 flex-1 items-center gap-4">
 			<!-- Icon tile -->
@@ -215,3 +234,25 @@ const messages = defineMessages({
 		}}</pre>
 	</div>
 </template>
+
+<style scoped>
+@keyframes backup-item-highlight-pulse {
+	0%,
+	100% {
+		box-shadow:
+			0 0 0 0 var(--color-purple-highlight),
+			0px 1px 2px 0px rgba(0, 0, 0, 0.3),
+			0px 1px 3px 0px rgba(0, 0, 0, 0.15);
+	}
+	50% {
+		box-shadow:
+			0 0 0 3px var(--color-purple-highlight),
+			0px 1px 2px 0px rgba(0, 0, 0, 0.3),
+			0px 1px 3px 0px rgba(0, 0, 0, 0.15);
+	}
+}
+
+.backup-item-highlighted {
+	animation: backup-item-highlight-pulse 1.25s ease-in-out infinite;
+}
+</style>
diff --git a/packages/ui/src/components/servers/backups/BackupRenameModal.vue b/packages/ui/src/components/servers/backups/BackupRenameModal.vue
index eaed166ea1..54d090990a 100644
--- a/packages/ui/src/components/servers/backups/BackupRenameModal.vue
+++ b/packages/ui/src/components/servers/backups/BackupRenameModal.vue
@@ -29,7 +29,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="brand">
-					<button :disabled="renameMutation.isPending.value || nameExists" @click="renameBackup">
+					<button
+						v-tooltip="renameDisabledTooltip"
+						:disabled="renameDisabled"
+						@click="renameBackup"
+					>
 						<template v-if="renameMutation.isPending.value">
 							<SpinnerIcon class="animate-spin" />
 							Renaming...
@@ -51,23 +55,35 @@ import { IssuesIcon, SaveIcon, SpinnerIcon, XIcon } from '@modrinth/assets'
 import { useMutation, useQueryClient } from '@tanstack/vue-query'
 import { computed, nextTick, ref } from 'vue'
 
+import { useVIntl } from '../../../composables/i18n'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
 	injectNotificationManager,
 } from '../../../providers'
+import { commonMessages } from '../../../utils'
 import ButtonStyled from '../../base/ButtonStyled.vue'
 import StyledInput from '../../base/StyledInput.vue'
 import NewModal from '../../modal/NewModal.vue'
 
 const { addNotification } = injectNotificationManager()
+const { formatMessage } = useVIntl()
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
 const ctx = injectModrinthServerContext()
 
-const props = defineProps<{
-	backups?: Archon.BackupsQueue.v1.BackupQueueBackup[]
-}>()
+const props = withDefaults(
+	defineProps<{
+		backups?: Archon.BackupsQueue.v1.BackupQueueBackup[]
+		canRename?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		backups: undefined,
+		canRename: true,
+		permissionDeniedMessage: undefined,
+	},
+)
 
 const backupsQueryKey = ['backups', 'queue', ctx.serverId]
 
@@ -99,6 +115,14 @@ const nameExists = computed(() => {
 		(backup) => backup.name.trim().toLowerCase() === trimmedName.value.toLowerCase(),
 	)
 })
+const renameDisabled = computed(
+	() => renameMutation.isPending.value || nameExists.value || !props.canRename,
+)
+const renameDisabledTooltip = computed(() =>
+	props.canRename
+		? undefined
+		: (props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction)),
+)
 
 const backupNumber = computed(
 	() => (props.backups?.findIndex((b) => b.id === currentBackup.value?.id) ?? 0) + 1,
@@ -124,6 +148,7 @@ function hide() {
 }
 
 const renameBackup = () => {
+	if (!props.canRename) return
 	if (!currentBackup.value) {
 		addNotification({
 			type: 'error',
diff --git a/packages/ui/src/components/servers/backups/BackupRestoreModal.vue b/packages/ui/src/components/servers/backups/BackupRestoreModal.vue
index 975c27f654..64dc1de2c6 100644
--- a/packages/ui/src/components/servers/backups/BackupRestoreModal.vue
+++ b/packages/ui/src/components/servers/backups/BackupRestoreModal.vue
@@ -24,7 +24,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="red">
-					<button :disabled="isRestoring || ctx.isServerRunning.value" @click="restoreBackup">
+					<button
+						v-tooltip="restoreDisabledTooltip"
+						:disabled="restoreDisabled"
+						@click="restoreBackup"
+					>
 						<SpinnerIcon v-if="isRestoring" class="animate-spin" />
 						<RotateCounterClockwiseIcon v-else />
 						{{ isRestoring ? 'Restoring...' : 'Restore backup' }}
@@ -39,23 +43,37 @@
 import type { Archon } from '@modrinth/api-client'
 import { RotateCounterClockwiseIcon, SpinnerIcon, XIcon } from '@modrinth/assets'
 import { useMutation, useQueryClient } from '@tanstack/vue-query'
-import { ref } from 'vue'
+import { computed, ref } from 'vue'
 
+import { useVIntl } from '../../../composables/i18n'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
 	injectNotificationManager,
 } from '../../../providers'
+import { commonMessages } from '../../../utils'
 import Admonition from '../../base/Admonition.vue'
 import ButtonStyled from '../../base/ButtonStyled.vue'
 import NewModal from '../../modal/NewModal.vue'
 import BackupItem from './BackupItem.vue'
 
 const { addNotification } = injectNotificationManager()
+const { formatMessage } = useVIntl()
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
 const ctx = injectModrinthServerContext()
 
+const props = withDefaults(
+	defineProps<{
+		canRestore?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		canRestore: true,
+		permissionDeniedMessage: undefined,
+	},
+)
+
 const backupsQueryKey = ['backups', 'queue', ctx.serverId]
 
 function safetyBackupName(backupName: string) {
@@ -72,6 +90,14 @@ const restoreMutation = useMutation({
 const modal = ref<InstanceType<typeof NewModal>>()
 const currentBackup = ref<Archon.BackupsQueue.v1.BackupQueueBackup | null>(null)
 const isRestoring = ref(false)
+const restoreDisabled = computed(
+	() => isRestoring.value || ctx.isServerRunning.value || !props.canRestore,
+)
+const restoreDisabledTooltip = computed(() =>
+	props.canRestore
+		? undefined
+		: (props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction)),
+)
 
 function show(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
 	currentBackup.value = backup
@@ -79,7 +105,7 @@ function show(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
 }
 
 const restoreBackup = () => {
-	if (!currentBackup.value || isRestoring.value) {
+	if (!props.canRestore || !currentBackup.value || isRestoring.value) {
 		if (!currentBackup.value) {
 			addNotification({
 				type: 'error',
diff --git a/packages/ui/src/components/servers/edit-server-icon/EditServerIcon.vue b/packages/ui/src/components/servers/edit-server-icon/EditServerIcon.vue
index e3f2ab7fe1..936e415cca 100644
--- a/packages/ui/src/components/servers/edit-server-icon/EditServerIcon.vue
+++ b/packages/ui/src/components/servers/edit-server-icon/EditServerIcon.vue
@@ -3,17 +3,21 @@
 		<span class="text-lg font-semibold text-contrast">Icon</span>
 		<div class="group relative w-fit">
 			<OverflowMenu
-				v-tooltip="'Edit icon'"
+				v-tooltip="editIconTooltip"
 				class="m-0 cursor-pointer appearance-none border-none bg-transparent p-0 transition-transform group-active:scale-95"
-				:disabled="isIconActionLoading"
+				:disabled="isIconActionDisabled"
 				:options="[
 					{
 						id: 'upload',
 						action: () => triggerFileInput(),
+						disabled: !props.canEdit,
+						tooltip: !props.canEdit ? editIconTooltip : undefined,
 					},
 					{
 						id: 'sync',
 						action: () => resetIcon(),
+						disabled: !props.canEdit,
+						tooltip: !props.canEdit ? editIconTooltip : undefined,
 					},
 				]"
 			>
@@ -47,19 +51,39 @@ import { computed, ref } from 'vue'
 
 import { OverflowMenu, ServerIcon } from '#ui/components'
 import { useServerImage } from '#ui/composables'
+import { useVIntl } from '#ui/composables/i18n'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
 	injectNotificationManager,
 } from '#ui/providers'
+import { commonMessages } from '#ui/utils/common-messages'
+
+const props = withDefaults(
+	defineProps<{
+		canEdit?: boolean
+		permissionDeniedMessage?: string
+	}>(),
+	{
+		canEdit: true,
+		permissionDeniedMessage: undefined,
+	},
+)
 
 const { addNotification } = injectNotificationManager()
+const { formatMessage } = useVIntl()
 const client = injectModrinthClient()
 const { serverId, server } = injectModrinthServerContext()
 const queryClient = useQueryClient()
 const isUploadingIcon = ref(false)
 const isSyncingIcon = ref(false)
 const isIconActionLoading = computed(() => isUploadingIcon.value || isSyncingIcon.value)
+const isIconActionDisabled = computed(() => isIconActionLoading.value || !props.canEdit)
+const editIconTooltip = computed(() =>
+	props.canEdit
+		? 'Edit icon'
+		: (props.permissionDeniedMessage ?? formatMessage(commonMessages.noPermissionAction)),
+)
 
 const {
 	image: displayIcon,
@@ -84,7 +108,7 @@ function isNotFound(error: unknown): boolean {
 }
 
 const uploadFile = async (e: Event) => {
-	if (isIconActionLoading.value) return
+	if (isIconActionDisabled.value) return
 
 	const file = (e.target as HTMLInputElement).files?.[0]
 	if (!file) {
@@ -194,7 +218,7 @@ const uploadFile = async (e: Event) => {
 }
 
 const resetIcon = async () => {
-	if (isIconActionLoading.value) return
+	if (isIconActionDisabled.value) return
 	isSyncingIcon.value = true
 
 	try {
@@ -234,7 +258,7 @@ const resetIcon = async () => {
 }
 
 const triggerFileInput = () => {
-	if (isIconActionLoading.value) return
+	if (isIconActionDisabled.value) return
 
 	const input = document.createElement('input')
 	input.type = 'file'
diff --git a/packages/ui/src/components/servers/icons/LoaderIcon.vue b/packages/ui/src/components/servers/icons/LoaderIcon.vue
index 02d0ae05d2..843789c608 100644
--- a/packages/ui/src/components/servers/icons/LoaderIcon.vue
+++ b/packages/ui/src/components/servers/icons/LoaderIcon.vue
@@ -224,9 +224,10 @@
 
 <script setup lang="ts">
 import { LoaderIcon } from '@modrinth/assets'
-import type { Loaders } from '@modrinth/utils'
+
+import type { ServerLoader } from '#ui/utils/loaders'
 
 defineProps<{
-	loader: Loaders
+	loader: ServerLoader
 }>()
 </script>
diff --git a/packages/ui/src/components/servers/index.ts b/packages/ui/src/components/servers/index.ts
index e14e47cd23..d32b0e9092 100644
--- a/packages/ui/src/components/servers/index.ts
+++ b/packages/ui/src/components/servers/index.ts
@@ -1,3 +1,4 @@
+export * from './access'
 export * from './admonitions'
 export * from './backups'
 export * from './flows'
diff --git a/packages/ui/src/components/servers/labels/ServerLoaderLabel.vue b/packages/ui/src/components/servers/labels/ServerLoaderLabel.vue
index d3e5ee06e6..9478a89a9e 100644
--- a/packages/ui/src/components/servers/labels/ServerLoaderLabel.vue
+++ b/packages/ui/src/components/servers/labels/ServerLoaderLabel.vue
@@ -38,6 +38,7 @@
 import { computed } from 'vue'
 
 import { injectServerSettingsModal } from '#ui/providers/server-settings-modal'
+import type { ServerLoader } from '#ui/utils/loaders'
 
 import AutoLink from '../../base/AutoLink.vue'
 import LoaderIcon from '../icons/LoaderIcon.vue'
@@ -45,7 +46,7 @@ import Separator from './Separator.vue'
 
 defineProps<{
 	noSeparator?: boolean
-	loader?: 'Fabric' | 'Quilt' | 'Forge' | 'NeoForge' | 'Paper' | 'Spigot' | 'Bukkit' | 'Vanilla'
+	loader?: ServerLoader
 	loaderVersion?: string
 	isLink?: boolean
 }>()
diff --git a/packages/ui/src/components/servers/marketing/MedalServerListing.vue b/packages/ui/src/components/servers/marketing/MedalServerListing.vue
index 8ac6731bc1..b357dfc933 100644
--- a/packages/ui/src/components/servers/marketing/MedalServerListing.vue
+++ b/packages/ui/src/components/servers/marketing/MedalServerListing.vue
@@ -36,13 +36,29 @@
 			</div>
 			<Avatar v-else src="https://cdn-raw.modrinth.com/medal_icon.webp" size="64px" class="z-10" />
 			<div class="z-10 ml-4 flex min-w-0 flex-col gap-1.5">
-				<div class="flex flex-row items-center gap-2">
+				<div class="flex flex-row items-center gap-2.5">
 					<h2
 						class="m-0 truncate text-xl font-bold text-contrast"
 						:class="{ 'opacity-50': isDisabled }"
 					>
 						{{ name }}
 					</h2>
+					<div
+						v-if="owner"
+						v-tooltip="formatMessage(messages.ownerTooltip, { username: owner.username })"
+						class="flex min-w-0 items-center gap-1.5 rounded-full bg-surface-4/80 px-2 py-1 text-sm font-medium text-primary !border !border-surface-5 border-solid"
+						:class="{ 'opacity-50': isDisabled }"
+					>
+						<Avatar
+							:src="owner.avatarUrl"
+							:alt="formatMessage(messages.ownerAvatarAlt, { username: owner.username })"
+							:tint-by="owner.username"
+							size="1.25rem"
+							circle
+							no-shadow
+						/>
+						<span class="max-w-32 truncate">{{ owner.username }}</span>
+					</div>
 
 					<span class="truncate" :class="{ 'opacity-50': isDisabled }">
 						<IntlFormatted
@@ -158,6 +174,7 @@ import Avatar from '../../base/Avatar.vue'
 import ButtonStyled from '../../base/ButtonStyled.vue'
 import CopyCode from '../../base/CopyCode.vue'
 import IntlFormatted from '../../base/IntlFormatted.vue'
+import type { ServerListingOwner } from '../access/types'
 import ServerInfoLabels from '../labels/ServerInfoLabels.vue'
 import MedalBackgroundImage from './MedalBackgroundImage.vue'
 
@@ -176,6 +193,7 @@ type MedalServerListingProps = {
 	upstream?: Archon.Servers.v0.Upstream | null
 	flows?: Archon.Servers.v0.Flows
 	medal_expires?: string
+	owner?: ServerListingOwner
 }
 
 const props = defineProps<MedalServerListingProps>()
@@ -222,6 +240,14 @@ const messages = defineMessages({
 		id: 'servers.medal-listing.using-project-label',
 		defaultMessage: 'Using {projectTitle}',
 	},
+	ownerTooltip: {
+		id: 'servers.medal-listing.owner-tooltip',
+		defaultMessage: 'Owned by {username}',
+	},
+	ownerAvatarAlt: {
+		id: 'servers.medal-listing.owner-avatar-alt',
+		defaultMessage: "{username}'s avatar",
+	},
 	newServerLabel: {
 		id: 'servers.medal-listing.new-server-label',
 		defaultMessage: 'New server',
diff --git a/packages/ui/src/components/servers/server-header/PanelServerActionButton.vue b/packages/ui/src/components/servers/server-header/PanelServerActionButton.vue
index fd6cd6930d..52d47effe2 100644
--- a/packages/ui/src/components/servers/server-header/PanelServerActionButton.vue
+++ b/packages/ui/src/components/servers/server-header/PanelServerActionButton.vue
@@ -21,6 +21,8 @@
 					:actions="stopSplitActions"
 					:primary-disabled="!canTakeAction"
 					:dropdown-disabled="!canKill"
+					:primary-tooltip="busyTooltip"
+					:dropdown-tooltip="busyTooltip"
 				>
 					<template #kill_server>
 						<SlashIcon class="h-5 w-5" />
@@ -37,6 +39,7 @@
 					:primary-disabled="true"
 					:dropdown-disabled="!canKill"
 					:primary-muted="true"
+					:dropdown-tooltip="busyTooltip"
 				>
 					<template #kill_server>
 						<SlashIcon class="h-5 w-5" />
diff --git a/packages/ui/src/components/servers/server-header/use-server-power-action.ts b/packages/ui/src/components/servers/server-header/use-server-power-action.ts
index b8c5af4313..2c0743ce0f 100644
--- a/packages/ui/src/components/servers/server-header/use-server-power-action.ts
+++ b/packages/ui/src/components/servers/server-header/use-server-power-action.ts
@@ -1,6 +1,7 @@
 import { computed, type Ref } from 'vue'
 
 import { useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -15,6 +16,7 @@ export function useServerPowerAction(options?: { disabled?: Ref<boolean> }) {
 	const { serverId, server, powerState, isSyncingContent, busyReasons } =
 		injectModrinthServerContext()
 	const { addNotification } = injectNotificationManager()
+	const { canUsePowerActions, permissionDeniedMessage } = useServerPermissions()
 
 	const isInstalling = computed(
 		() =>
@@ -34,20 +36,27 @@ export function useServerPowerAction(options?: { disabled?: Ref<boolean> }) {
 	const showStopSplit = computed(() => isRunning.value || isStarting.value || isStopping.value)
 	const showRestartButton = computed(() => isRunning.value || isStarting.value)
 
-	const isBlockedByPropsOrBusy = computed(
-		() => Boolean(options?.disabled?.value) || busyReasons.value.length > 0,
+	const isBlockedByPropsBusyOrPermission = computed(
+		() =>
+			!canUsePowerActions.value ||
+			Boolean(options?.disabled?.value) ||
+			busyReasons.value.length > 0,
 	)
 
 	const busyTooltip = computed(() => {
+		if (!canUsePowerActions.value) return permissionDeniedMessage.value
 		if (isStarting.value) return 'Your server is starting'
 		return busyReasons.value.length > 0 ? formatMessage(busyReasons.value[0].reason) : undefined
 	})
 
-	const canTakeAction = computed(() => !isTransitioning.value && !isBlockedByPropsOrBusy.value)
+	const canTakeAction = computed(
+		() => !isTransitioning.value && !isBlockedByPropsBusyOrPermission.value,
+	)
 
 	const canKill = computed(
 		() =>
-			!isBlockedByPropsOrBusy.value && (isStopping.value || isRunning.value || isStarting.value),
+			!isBlockedByPropsBusyOrPermission.value &&
+			(isStopping.value || isRunning.value || isStarting.value),
 	)
 
 	const primaryActionText = computed(() => {
diff --git a/packages/ui/src/composables/how-ago.ts b/packages/ui/src/composables/how-ago.ts
index bd7d26cb4d..64f98875fd 100644
--- a/packages/ui/src/composables/how-ago.ts
+++ b/packages/ui/src/composables/how-ago.ts
@@ -3,9 +3,9 @@ import { LRUCache } from 'lru-cache'
 import { injectI18n } from '../providers/i18n'
 import { LOCALES } from './i18n.ts'
 
-const formatterCache = new LRUCache<string, Intl.RelativeTimeFormat>({ max: 5 })
+const formatterCache = new LRUCache<string, Intl.RelativeTimeFormat>({ max: 15 })
 
-export function useRelativeTime() {
+export function useRelativeTime(options?: Intl.RelativeTimeFormatOptions) {
 	const { locale } = injectI18n()
 
 	return (value: Date | number | string | null | undefined) => {
@@ -29,7 +29,7 @@ export function useRelativeTime() {
 		const months = Math.round(diff / 2629746000)
 		const years = Math.round(diff / 31556952000)
 
-		const rtf = getFormatter(locale.value)
+		const rtf = getFormatter(locale.value, options)
 
 		if (Math.abs(seconds) < 60) {
 			return rtf.format(seconds, 'second')
@@ -49,15 +49,22 @@ export function useRelativeTime() {
 	}
 }
 
-function getFormatter(locale: string): Intl.RelativeTimeFormat {
-	let formatter = formatterCache.get(locale)
+function getFormatter(
+	locale: string,
+	options?: Intl.RelativeTimeFormatOptions,
+): Intl.RelativeTimeFormat {
+	const localeDefinition = LOCALES.find((loc) => loc.code === locale)
+	const numeric = options?.numeric ?? localeDefinition?.numeric ?? 'auto'
+	const style = options?.style ?? 'long'
+	const cacheKey = `${locale}:${numeric}:${style}`
+	let formatter = formatterCache.get(cacheKey)
 	if (!formatter) {
-		const localeDefinition = LOCALES.find((loc) => loc.code === locale)
 		formatter = new Intl.RelativeTimeFormat(locale, {
-			numeric: localeDefinition?.numeric || 'auto',
-			style: 'long',
+			...options,
+			numeric,
+			style,
 		})
-		formatterCache.set(locale, formatter)
+		formatterCache.set(cacheKey, formatter)
 	}
 	return formatter
 }
diff --git a/packages/ui/src/composables/index.ts b/packages/ui/src/composables/index.ts
index 1fea76d0db..c476e133e1 100644
--- a/packages/ui/src/composables/index.ts
+++ b/packages/ui/src/composables/index.ts
@@ -14,6 +14,7 @@ export * from './server-backup'
 export * from './server-backups-queue'
 export * from './server-console'
 export * from './server-manage-core-runtime'
+export * from './server-permissions'
 export * from './sticky-observer'
 export * from './terminal'
 export * from './use-loading-bar-token'
diff --git a/packages/ui/src/composables/server-backups-queue.ts b/packages/ui/src/composables/server-backups-queue.ts
index e05efdfe34..e05a716626 100644
--- a/packages/ui/src/composables/server-backups-queue.ts
+++ b/packages/ui/src/composables/server-backups-queue.ts
@@ -23,7 +23,7 @@ export function useServerBackupsQueue(serverId: Ref<string>, worldId: Ref<string
 		enabled: computed(() => !!worldId.value),
 		refetchInterval: (q) => {
 			const data = q.state.data as Archon.BackupsQueue.v1.BackupsQueueResponse | undefined
-			return data?.active_operations?.length ? 3000 : false
+			return data?.active_operations?.length ? 30_000 : false
 		},
 	})
 
diff --git a/packages/ui/src/composables/server-manage-core-runtime.ts b/packages/ui/src/composables/server-manage-core-runtime.ts
index 1df2f630c2..e74799361a 100644
--- a/packages/ui/src/composables/server-manage-core-runtime.ts
+++ b/packages/ui/src/composables/server-manage-core-runtime.ts
@@ -4,13 +4,12 @@ import {
 	setNodeAuthState,
 	type UploadState,
 } from '@modrinth/api-client'
-import type { Stats } from '@modrinth/utils'
 import type { ComputedRef, Ref } from 'vue'
 import { computed, ref } from 'vue'
 
 import type { FileOperation } from '../layouts/shared/files-tab/types'
 import { injectModrinthClient, provideModrinthServerContext } from '../providers'
-import type { BusyReason, CancelUploadHandler } from '../providers/server-context'
+import type { BusyReason, CancelUploadHandler, ServerStats } from '../providers/server-context'
 import { defineMessage } from './i18n'
 import { useModrinthServersConsole } from './server-console'
 
@@ -26,6 +25,7 @@ type UseServerManageCoreRuntimeOptions = {
 	serverId: ReadableRef<string>
 	worldId: ReadableRef<string | null>
 	server: ReadableRef<Archon.Servers.v0.Server | null | undefined>
+	serverFull?: ReadableRef<Archon.Servers.v1.ServerFull | null | undefined>
 	isSyncingContent: ReadableRef<boolean>
 	extraBusyReasons?: ComputedRef<BusyReason[]>
 	setDisconnectedOnAuthIncorrect?: boolean
@@ -35,7 +35,7 @@ type UseServerManageCoreRuntimeOptions = {
 	onStateEvent?: (data: Archon.Websocket.v0.WSStateEvent) => void
 }
 
-const createInitialStats = (): Stats => ({
+const createInitialStats = (): ServerStats => ({
 	current: {
 		cpu_percent: 0,
 		ram_usage_bytes: 0,
@@ -91,7 +91,7 @@ export function useServerManageCoreRuntime(options: UseServerManageCoreRuntimeOp
 	const serverPowerState = ref<Archon.Websocket.v0.PowerState>('stopped')
 	const powerStateDetails = ref<{ oom_killed?: boolean; exit_code?: number }>()
 	const isServerRunning = computed(() => serverPowerState.value === 'running')
-	const stats = ref<Stats>(createInitialStats())
+	const stats = ref<ServerStats>(createInitialStats())
 	const uptimeSeconds = ref(0)
 	const fsAuth = ref<{ url: string; token: string } | null>(null)
 	const fsOps = ref<Archon.Websocket.v0.FilesystemOperation[]>([])
@@ -141,7 +141,7 @@ export function useServerManageCoreRuntime(options: UseServerManageCoreRuntimeOp
 		}, 1000)
 	}
 
-	const updateStats = (currentStats: Stats['current']) => {
+	const updateStats = (currentStats: ServerStats['current']) => {
 		if (!shouldProcessEvent()) return
 		if (!isConnected.value) isConnected.value = true
 		cpuData.value = appendGraphData(cpuData.value, currentStats.cpu_percent)
@@ -384,6 +384,8 @@ export function useServerManageCoreRuntime(options: UseServerManageCoreRuntimeOp
 		}
 		fsAuth.value = await client.archon.servers_v0.getFilesystemAuth(options.serverId.value)
 	}
+	const currentUserPermissions = computed(() => options.server.value?.current_user_permissions ?? 0)
+	const serverFull = computed(() => options.serverFull?.value ?? null)
 
 	provideModrinthServerContext({
 		get serverId() {
@@ -391,6 +393,8 @@ export function useServerManageCoreRuntime(options: UseServerManageCoreRuntimeOp
 		},
 		worldId: options.worldId as Ref<string | null>,
 		server: options.server as Ref<Archon.Servers.v0.Server>,
+		serverFull,
+		currentUserPermissions,
 		isConnected,
 		isWsAuthIncorrect,
 		powerState: serverPowerState,
diff --git a/packages/ui/src/composables/server-panel-sync.ts b/packages/ui/src/composables/server-panel-sync.ts
new file mode 100644
index 0000000000..fa9d7f9ef3
--- /dev/null
+++ b/packages/ui/src/composables/server-panel-sync.ts
@@ -0,0 +1,345 @@
+import type { Archon } from '@modrinth/api-client'
+import { useQueryClient } from '@tanstack/vue-query'
+import type { ComputedRef, Ref } from 'vue'
+import { onMounted, onUnmounted, watch } from 'vue'
+
+import { injectModrinthClient } from '#ui/providers'
+
+type ReadableRef<T> = Ref<T> | ComputedRef<T>
+type SyncUnsubscriber = () => void
+
+type UseServerPanelSyncOptions = {
+	serverId: ReadableRef<string>
+	worldId: ReadableRef<string | null>
+}
+
+const ACTION_LOG_INVALIDATE_DELAY_MS = 500
+
+export function useServerPanelSync(options: UseServerPanelSyncOptions) {
+	const client = injectModrinthClient()
+	const queryClient = useQueryClient()
+
+	let activeServerId: string | null = null
+	let unsubscribers: SyncUnsubscriber[] = []
+	let mounted = false
+	let actionLogInvalidateTimer: ReturnType<typeof setTimeout> | null = null
+
+	const legacyServerDetailKey = (serverId: string) => ['servers', 'detail', serverId] as const
+	const serverV1DetailKey = (serverId: string) => ['servers', 'v1', 'detail', serverId] as const
+	const contentListKey = (serverId: string) => ['content', 'list', 'v1', serverId] as const
+	const actionLogBaseKey = (serverId: string) =>
+		['servers', 'action-log', 'v1', 'infinite', serverId] as const
+
+	function connect(targetServerId: string) {
+		if (!targetServerId || activeServerId === targetServerId) return
+
+		disconnect()
+		activeServerId = targetServerId
+
+		if (!client.archon.sync.getStatus(targetServerId)?.lastEventId) {
+			void invalidateCorePanelQueries(targetServerId)
+		}
+
+		unsubscribers = [
+			client.archon.sync.onAny(targetServerId, (event) => handleSyncEvent(targetServerId, event)),
+		]
+
+		void client.archon.sync.safeConnectServer(targetServerId, { intent: 'all' }).catch((error) => {
+			console.warn(
+				`[server-panel-sync] Failed to connect sync stream for ${targetServerId}:`,
+				error,
+			)
+		})
+	}
+
+	function disconnect() {
+		if (actionLogInvalidateTimer) {
+			clearTimeout(actionLogInvalidateTimer)
+			actionLogInvalidateTimer = null
+		}
+
+		for (const unsubscribe of unsubscribers) unsubscribe()
+		unsubscribers = []
+
+		if (activeServerId) {
+			client.archon.sync.disconnect(activeServerId)
+			activeServerId = null
+		}
+	}
+
+	function handleSyncEvent(serverId: string, event: Archon.Sync.v1.SyncEvent) {
+		if (event.type === 'protocol.reset' || event.type === 'protocol.invalid') {
+			void invalidateCorePanelQueries(serverId)
+			return
+		}
+
+		if (event.type === 'protocol.error') {
+			console.warn(`[server-panel-sync] Protocol error for ${serverId}: ${event.error}`)
+			return
+		}
+
+		scheduleActionLogInvalidation(serverId)
+
+		if (event.type.startsWith('backup.')) {
+			handleBackupEvent(serverId)
+			return
+		}
+
+		switch (event.type) {
+			case 'server.patch':
+				handleServerPatch(serverId, event)
+				break
+			case 'server.network.patch':
+				handleServerNetworkPatch(serverId, event)
+				break
+			case 'server.transfer.start':
+			case 'server.transfer.done':
+				void invalidateServerDetails(serverId)
+				break
+			case 'users.patch':
+				handleUsersPatch(serverId)
+				break
+			case 'world.patch':
+				handleWorldPatch(serverId, event)
+				break
+			case 'world.startup.patch':
+				handleWorldStartupPatch(serverId, event)
+				break
+			case 'world.content.addon.patch':
+				handleWorldContentAddonPatch(serverId, event)
+				break
+			case 'world.content.base.update':
+				handleWorldContentBaseUpdate(serverId, event)
+				break
+		}
+	}
+
+	function handleServerPatch(serverId: string, event: Archon.Sync.v1.ServerPatchEvent) {
+		queryClient.setQueryData<Archon.Servers.v0.Server>(
+			legacyServerDetailKey(serverId),
+			(current) =>
+				current
+					? {
+							...current,
+							name: event.name,
+							net: {
+								...current.net,
+								domain: event.subdomain,
+							},
+						}
+					: current,
+		)
+		queryClient.setQueryData<Archon.Servers.v1.ServerFull>(
+			serverV1DetailKey(serverId),
+			(current) =>
+				current
+					? {
+							...current,
+							name: event.name,
+							subdomain: event.subdomain,
+						}
+					: current,
+		)
+	}
+
+	function handleServerNetworkPatch(
+		serverId: string,
+		event: Archon.Sync.v1.ServerNetworkPatchEvent,
+	) {
+		queryClient.setQueryData<Archon.Servers.v0.Allocation[]>(
+			['servers', 'allocations', serverId],
+			event.ports,
+		)
+		void invalidateServerDetails(serverId)
+	}
+
+	function handleUsersPatch(serverId: string) {
+		void queryClient.invalidateQueries({ queryKey: ['servers', 'users', 'v1', serverId] })
+		void invalidateServerDetails(serverId)
+	}
+
+	function handleWorldPatch(serverId: string, event: Archon.Sync.v1.WorldPatchEvent) {
+		patchServerFullWorld(serverId, event.world_id, (world) => ({
+			...world,
+			name: event.name,
+		}))
+	}
+
+	function handleWorldStartupPatch(serverId: string, event: Archon.Sync.v1.WorldStartupPatchEvent) {
+		patchServerFullWorld(serverId, event.world_id, (world) =>
+			world.content
+				? {
+						...world,
+						content: {
+							...world.content,
+							java_version: event.java_version,
+							invocation: event.invocation,
+							original_invocation: event.original_invocation,
+						},
+					}
+				: world,
+		)
+		void queryClient.invalidateQueries({ queryKey: ['servers', 'startup', 'v1', serverId] })
+	}
+
+	function handleWorldContentAddonPatch(
+		serverId: string,
+		event: Archon.Sync.v1.WorldContentAddonPatchEvent,
+	) {
+		if (event.world_id !== options.worldId.value) {
+			void invalidateContentAndServerDetails(serverId)
+			return
+		}
+
+		queryClient.setQueryData<Archon.Content.v1.Addons>(contentListKey(serverId), (current) =>
+			current
+				? {
+						...current,
+						addons: mergeAddonSpecs(current.addons ?? [], event.specs),
+					}
+				: current,
+		)
+		void queryClient.invalidateQueries({ queryKey: contentListKey(serverId) })
+	}
+
+	function handleWorldContentBaseUpdate(
+		serverId: string,
+		event: Archon.Sync.v1.WorldContentBaseUpdateEvent,
+	) {
+		if (event.world_id === options.worldId.value) {
+			queryClient.setQueryData<Archon.Content.v1.Addons>(contentListKey(serverId), (current) =>
+				current ? { ...current, ...event.spec } : event.spec,
+			)
+		} else {
+			void queryClient.invalidateQueries({ queryKey: contentListKey(serverId) })
+		}
+
+		void queryClient.invalidateQueries({ queryKey: serverV1DetailKey(serverId) })
+	}
+
+	function handleBackupEvent(serverId: string) {
+		void queryClient.invalidateQueries({ queryKey: ['backups', 'queue', serverId] })
+		void invalidateServerDetails(serverId)
+	}
+
+	function patchServerFullWorld(
+		serverId: string,
+		worldId: string,
+		patch: (world: Archon.Servers.v1.WorldFull) => Archon.Servers.v1.WorldFull,
+	) {
+		queryClient.setQueryData<Archon.Servers.v1.ServerFull>(
+			serverV1DetailKey(serverId),
+			(current) =>
+				current
+					? {
+							...current,
+							worlds: current.worlds.map((world) => (world.id === worldId ? patch(world) : world)),
+						}
+					: current,
+		)
+	}
+
+	function scheduleActionLogInvalidation(serverId: string) {
+		if (actionLogInvalidateTimer) clearTimeout(actionLogInvalidateTimer)
+
+		actionLogInvalidateTimer = setTimeout(() => {
+			actionLogInvalidateTimer = null
+			void queryClient.invalidateQueries({ queryKey: actionLogBaseKey(serverId) })
+		}, ACTION_LOG_INVALIDATE_DELAY_MS)
+	}
+
+	async function invalidateServerDetails(serverId: string) {
+		await Promise.all([
+			queryClient.invalidateQueries({ queryKey: legacyServerDetailKey(serverId) }),
+			queryClient.invalidateQueries({ queryKey: serverV1DetailKey(serverId) }),
+		])
+	}
+
+	async function invalidateContentAndServerDetails(serverId: string) {
+		await Promise.all([
+			queryClient.invalidateQueries({ queryKey: contentListKey(serverId) }),
+			invalidateServerDetails(serverId),
+		])
+	}
+
+	async function invalidateCorePanelQueries(serverId: string) {
+		await Promise.all([
+			queryClient.invalidateQueries({ queryKey: legacyServerDetailKey(serverId) }),
+			queryClient.invalidateQueries({ queryKey: serverV1DetailKey(serverId) }),
+			queryClient.invalidateQueries({ queryKey: contentListKey(serverId) }),
+			queryClient.invalidateQueries({ queryKey: ['backups', 'queue', serverId] }),
+			queryClient.invalidateQueries({ queryKey: ['servers', 'users', 'v1', serverId] }),
+			queryClient.invalidateQueries({ queryKey: actionLogBaseKey(serverId) }),
+			queryClient.invalidateQueries({ queryKey: ['servers', 'startup', 'v1', serverId] }),
+			queryClient.invalidateQueries({ queryKey: ['servers', 'allocations', serverId] }),
+		])
+	}
+
+	function mergeAddonSpecs(
+		currentAddons: Archon.Content.v1.Addon[],
+		incomingAddons: Archon.Content.v1.Addon[],
+	): Archon.Content.v1.Addon[] {
+		const currentByFilename = new Map(
+			currentAddons.map((addon) => [normalizeAddonFilename(addon.filename), addon] as const),
+		)
+
+		return incomingAddons.map((incoming) =>
+			mergeAddonSpec(currentByFilename.get(normalizeAddonFilename(incoming.filename)), incoming),
+		)
+	}
+
+	function mergeAddonSpec(
+		current: Archon.Content.v1.Addon | undefined,
+		incoming: Archon.Content.v1.Addon,
+	): Archon.Content.v1.Addon {
+		if (!current) return incoming
+
+		return {
+			...current,
+			...incoming,
+			filesize: incoming.filesize || current.filesize,
+			name: incoming.name ?? current.name,
+			owner: incoming.owner ?? current.owner,
+			icon_url: incoming.icon_url ?? current.icon_url,
+			has_update: incoming.has_update ?? current.has_update,
+			project_id: incoming.project_id ?? current.project_id,
+			version: incoming.version
+				? {
+						...incoming.version,
+						name: incoming.version.name ?? current.version?.name ?? null,
+						environment: incoming.version.environment ?? current.version?.environment ?? null,
+					}
+				: current.version,
+		}
+	}
+
+	function normalizeAddonFilename(filename: string): string {
+		return filename.endsWith('.disabled') ? filename.slice(0, -'.disabled'.length) : filename
+	}
+
+	onMounted(() => {
+		mounted = true
+		connect(options.serverId.value)
+	})
+
+	watch(
+		() => options.serverId.value,
+		(serverId) => {
+			if (!mounted) return
+			if (serverId) {
+				connect(serverId)
+			} else {
+				disconnect()
+			}
+		},
+	)
+
+	onUnmounted(() => {
+		mounted = false
+		disconnect()
+	})
+
+	return {
+		disconnect,
+	}
+}
diff --git a/packages/ui/src/composables/server-permissions.ts b/packages/ui/src/composables/server-permissions.ts
new file mode 100644
index 0000000000..2cffaebf54
--- /dev/null
+++ b/packages/ui/src/composables/server-permissions.ts
@@ -0,0 +1,114 @@
+import type { Archon } from '@modrinth/api-client'
+import { computed } from 'vue'
+
+import { useVIntl } from '#ui/composables/i18n'
+import { injectModrinthServerContext } from '#ui/providers'
+import { commonMessages } from '#ui/utils/common-messages'
+
+export type ServerPermissionName = keyof typeof Archon.ServerUsers.v1.UserScope
+
+type ServerPermissionValue = Archon.Servers.v0.UserScope | Archon.ServerUsers.v1.UserScope
+
+const U64_SIZE = 64n
+const U64_MODULUS = 1n << U64_SIZE
+
+export const serverPermissionBits = {
+	NONE: 0n,
+	BASE_READ: 1n << 63n,
+	POWER_ACTIONS: 1n << 62n,
+	FILES_WRITE: 1n << 61n,
+	SETUP: 1n << 60n,
+	BACKUPS: 1n << 59n,
+	ADVANCED: 1n << 58n,
+	RESET_SERVER: 1n << 57n,
+	MANAGE_USERS: 1n << 56n,
+	SUPPORT_AGENT: 1n,
+	INFRA_MANAGER: 1n << 1n,
+	INFRA_MANAGER_READ: 1n << 2n,
+	INFRA_SERVERS_XFER: 1n << 3n,
+	SERVER_ADMIN: ((1n << 64n) - 1n) ^ ((1n << 15n) - 1n),
+} as const satisfies Record<ServerPermissionName, bigint>
+
+function parsePermissionNumber(value: number) {
+	const bigintValue = BigInt(value)
+	return bigintValue < 0n ? bigintValue + U64_MODULUS : bigintValue
+}
+
+function parsePermissionString(value: string) {
+	const numericValue = Number(value)
+	if (value.trim() !== '' && Number.isFinite(numericValue)) {
+		return parsePermissionNumber(numericValue)
+	}
+
+	const permissions = value
+		.split('|')
+		.map((permission) => permission.trim())
+		.filter((permission): permission is ServerPermissionName => permission in serverPermissionBits)
+
+	if (permissions.length === 0) return 0n
+
+	return permissions.reduce((mask, permission) => mask | serverPermissionBits[permission], 0n)
+}
+
+function parsePermissions(permissions: ServerPermissionValue) {
+	return typeof permissions === 'number'
+		? parsePermissionNumber(permissions)
+		: parsePermissionString(permissions)
+}
+
+function hasPermissionBit(permissions: ServerPermissionValue, scope: ServerPermissionName) {
+	const permission = serverPermissionBits[scope]
+	if (permission === 0n) return true
+
+	const permissionsMask = parsePermissions(permissions)
+	return (permissionsMask & permission) === permission
+}
+
+export function hasServerPermission(
+	permissions: ServerPermissionValue,
+	scope: ServerPermissionName,
+) {
+	if (
+		scope !== 'NONE' &&
+		scope !== 'SERVER_ADMIN' &&
+		hasPermissionBit(permissions, 'SERVER_ADMIN')
+	) {
+		return true
+	}
+	return hasPermissionBit(permissions, scope)
+}
+
+export function useServerPermissions() {
+	const { formatMessage } = useVIntl()
+	const { currentUserPermissions } = injectModrinthServerContext()
+
+	const hasCurrentUserPermission = (scope: ServerPermissionName) =>
+		hasServerPermission(currentUserPermissions.value, scope)
+
+	const permissionDeniedMessage = computed(() => formatMessage(commonMessages.noPermissionAction))
+
+	const canUsePowerActions = computed(() => hasCurrentUserPermission('POWER_ACTIONS'))
+	const canWriteFiles = computed(() => hasCurrentUserPermission('FILES_WRITE'))
+	const canSetup = computed(() => hasCurrentUserPermission('SETUP'))
+	const canManageBackups = computed(() => hasCurrentUserPermission('BACKUPS'))
+	const canUseAdvancedSettings = computed(() => hasCurrentUserPermission('ADVANCED'))
+	const canResetServer = computed(() => hasCurrentUserPermission('RESET_SERVER'))
+	const canManageUsers = computed(() => hasCurrentUserPermission('MANAGE_USERS'))
+
+	const permissionTooltip = (allowed: boolean) =>
+		allowed ? undefined : permissionDeniedMessage.value
+
+	return {
+		currentUserPermissions,
+		permissionDeniedMessage,
+		hasCurrentUserPermission,
+		canUsePowerActions,
+		canWriteFiles,
+		canSetup,
+		canManageBackups,
+		canUseAdvancedSettings,
+		canResetServer,
+		canManageUsers,
+		permissionTooltip,
+	}
+}
diff --git a/packages/ui/src/layouts/shared/console/components/ConsoleActionButtons.vue b/packages/ui/src/layouts/shared/console/components/ConsoleActionButtons.vue
index 8c4daf10d3..a720d5fb54 100644
--- a/packages/ui/src/layouts/shared/console/components/ConsoleActionButtons.vue
+++ b/packages/ui/src/layouts/shared/console/components/ConsoleActionButtons.vue
@@ -1,7 +1,11 @@
 <template>
 	<div class="flex items-center gap-1">
 		<ButtonStyled v-if="showClear && hasLogs" type="transparent">
-			<button @click="emit('clear')">
+			<button
+				v-tooltip="clearDisabled ? clearDisabledTooltip : undefined"
+				:disabled="clearDisabled"
+				@click="emit('clear')"
+			>
 				<XIcon />
 				Clear
 			</button>
@@ -56,6 +60,8 @@ defineProps<{
 	shareDisabledTooltip?: string
 	sharing?: boolean
 	fullscreen?: boolean
+	clearDisabled?: boolean
+	clearDisabledTooltip?: string
 	showDelete?: boolean
 	deleteDisabled?: boolean
 	deleteDisabledTooltip?: string
diff --git a/packages/ui/src/layouts/shared/console/layout.vue b/packages/ui/src/layouts/shared/console/layout.vue
index ec28059e57..73b98550a8 100644
--- a/packages/ui/src/layouts/shared/console/layout.vue
+++ b/packages/ui/src/layouts/shared/console/layout.vue
@@ -44,6 +44,8 @@
 				:share-disabled="resolvedShareDisabled"
 				:sharing="isSharing"
 				:fullscreen="isFullscreen"
+				:clear-disabled="resolvedClearDisabled"
+				:clear-disabled-tooltip="resolvedClearDisabledTooltip"
 				:show-delete="showDelete"
 				:delete-disabled="resolvedDeleteDisabled"
 				:delete-disabled-tooltip="ctx.deleteDisabledTooltip"
@@ -59,6 +61,8 @@
 			class="min-h-0 flex-1"
 			:show-input="resolvedShowInput"
 			:disable-input="resolvedInputDisabled"
+			:disable-input-tooltip="resolvedInputDisabledTooltip"
+			:disabled-input-placeholder="resolvedInputDisabledPlaceholder"
 			:fullscreen="isFullscreen"
 			:empty-state-type="ctx.emptyStateType"
 			:loading="resolvedLoading"
@@ -217,6 +221,11 @@ const resolvedDisableInput = computed(() => {
 	return isRef(v) ? v.value : v
 })
 
+function unwrapMaybeRef<T>(value: T | { value: T } | undefined): T | undefined {
+	if (value === undefined) return undefined
+	return isRef(value) ? value.value : value
+}
+
 // needs historical log start/end flags on ws to be properly useful
 const resolvedLoading = computed(() => {
 	const v = ctx.loading
@@ -226,6 +235,14 @@ const resolvedLoading = computed(() => {
 
 const resolvedInputDisabled = computed(() => resolvedDisableInput.value || resolvedLoading.value)
 
+const resolvedInputDisabledTooltip = computed(() =>
+	resolvedDisableInput.value ? unwrapMaybeRef(ctx.disableCommandInputTooltip) : undefined,
+)
+
+const resolvedInputDisabledPlaceholder = computed(() =>
+	resolvedInputDisabledTooltip.value ? 'Command input disabled' : 'Server is not running',
+)
+
 const resolvedShareDisabled = computed(() => {
 	const v = ctx.shareDisabled
 	if (!v) return false
@@ -240,6 +257,16 @@ const resolvedDeleteDisabled = computed(() => {
 	return isRef(v) ? v.value : v
 })
 
+const resolvedClearDisabled = computed(() => {
+	const v = ctx.clearDisabled
+	if (!v) return false
+	return isRef(v) ? v.value : v
+})
+
+const resolvedClearDisabledTooltip = computed(() =>
+	resolvedClearDisabled.value ? unwrapMaybeRef(ctx.clearDisabledTooltip) : undefined,
+)
+
 function handleTerminalReady(_terminal: Terminal) {
 	rewriteFiltered()
 }
@@ -360,10 +387,12 @@ watch(resolvedLoading, (loading) => {
 })
 
 function handleCommand(cmd: string) {
+	if (resolvedInputDisabled.value) return
 	ctx.sendCommand?.(cmd)
 }
 
 function handleClear() {
+	if (resolvedClearDisabled.value) return
 	const term = terminalRef.value?.terminal
 	if (term) clearSearchHighlights(term)
 	terminalRef.value?.reset()
diff --git a/packages/ui/src/layouts/shared/console/providers/console-manager.ts b/packages/ui/src/layouts/shared/console/providers/console-manager.ts
index 5946c1dc4f..1d8da4b17c 100644
--- a/packages/ui/src/layouts/shared/console/providers/console-manager.ts
+++ b/packages/ui/src/layouts/shared/console/providers/console-manager.ts
@@ -14,10 +14,13 @@ export interface ConsoleManagerContext {
 	sendCommand?: (cmd: string) => void
 	showCommandInput?: boolean | Ref<boolean> | ComputedRef<boolean>
 	disableCommandInput?: boolean | Ref<boolean> | ComputedRef<boolean>
+	disableCommandInputTooltip?: string | Ref<string | undefined> | ComputedRef<string | undefined>
 
 	loading?: Ref<boolean> | ComputedRef<boolean>
 
 	onClear?: () => void
+	clearDisabled?: Ref<boolean> | ComputedRef<boolean>
+	clearDisabledTooltip?: string | Ref<string | undefined> | ComputedRef<string | undefined>
 	onDelete?: () => Promise<void>
 	deleteDisabled?: Ref<boolean> | ComputedRef<boolean>
 	deleteDisabledTooltip?: string
diff --git a/packages/ui/src/layouts/shared/content-tab/components/ContentCardItem.vue b/packages/ui/src/layouts/shared/content-tab/components/ContentCardItem.vue
index d908bfb034..3a600cc760 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/ContentCardItem.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/ContentCardItem.vue
@@ -55,6 +55,9 @@ interface Props {
 	hideSwitchVersion?: boolean
 	overflowOptions?: OverflowMenuOption[]
 	disabled?: boolean
+	disabledTooltip?: string | null
+	toggleDisabled?: boolean
+	toggleDisabledTooltip?: string | null
 	showCheckbox?: boolean
 	hideDelete?: boolean
 	hideActions?: boolean
@@ -73,6 +76,9 @@ const props = withDefaults(defineProps<Props>(), {
 	hideSwitchVersion: false,
 	overflowOptions: undefined,
 	disabled: false,
+	disabledTooltip: undefined,
+	toggleDisabled: false,
+	toggleDisabledTooltip: undefined,
 	showCheckbox: false,
 	hideDelete: false,
 	hideActions: false,
@@ -98,6 +104,7 @@ const versionNumberRef = ref<HTMLElement | null>(null)
 const fileNameRef = ref<HTMLElement | null>(null)
 
 const isDisabled = computed(() => props.disabled || props.installing)
+const isToggleDisabled = computed(() => isDisabled.value || props.toggleDisabled)
 
 const clientWarningMessage = computed(() => {
 	switch (props.clientWarning) {
@@ -173,8 +180,19 @@ const deleteHovered = ref(false)
 						>
 							{{ project.title }}
 						</AutoLink>
-						<Tooltip v-if="isClientOnly">
-							<TriangleAlertIcon class="size-4 shrink-0 text-orange" />
+						<Tooltip
+							v-if="isClientOnly"
+							theme="dismissable-prompt"
+							class="inline-flex shrink-0"
+							:triggers="['hover', 'focus']"
+							no-auto-focus
+						>
+							<span
+								class="inline-flex size-5 shrink-0 cursor-help items-center justify-center"
+								tabindex="0"
+							>
+								<TriangleAlertIcon class="pointer-events-none size-4 text-orange" />
+							</span>
 							<template #popper>
 								<div class="max-w-[18rem] text-sm">
 									{{ formatMessage(clientWarningMessage) }}
@@ -283,7 +301,11 @@ const deleteHovered = ref(false)
 					hover-color-fill="background"
 				>
 					<button
-						v-tooltip="formatMessage(commonMessages.updateAvailableLabel)"
+						v-tooltip="
+							isDisabled && disabledTooltip
+								? disabledTooltip
+								: formatMessage(commonMessages.updateAvailableLabel)
+						"
 						:disabled="isDisabled"
 						@click="emit('update')"
 					>
@@ -296,7 +318,11 @@ const deleteHovered = ref(false)
 					type="transparent"
 				>
 					<button
-						v-tooltip="formatMessage(commonMessages.switchVersionButton)"
+						v-tooltip="
+							isDisabled && disabledTooltip
+								? disabledTooltip
+								: formatMessage(commonMessages.switchVersionButton)
+						"
 						:disabled="isDisabled"
 						@click="emit('switchVersion')"
 					>
@@ -307,8 +333,13 @@ const deleteHovered = ref(false)
 
 			<Toggle
 				v-if="enabled !== undefined"
+				v-tooltip="
+					isToggleDisabled && (toggleDisabledTooltip || disabledTooltip)
+						? (toggleDisabledTooltip ?? disabledTooltip)
+						: undefined
+				"
 				:model-value="enabled"
-				:disabled="isDisabled"
+				:disabled="isToggleDisabled"
 				:aria-label="project.title"
 				class="my-auto"
 				@update:model-value="(val) => emit('update:enabled', val as boolean)"
@@ -317,11 +348,13 @@ const deleteHovered = ref(false)
 			<ButtonStyled v-if="hasDeleteListener && !props.hideDelete" circular type="transparent">
 				<button
 					v-tooltip="
-						formatMessage(
-							shiftHeld && deleteHovered
-								? commonMessages.deleteImmediatelyLabel
-								: commonMessages.deleteLabel,
-						)
+						isDisabled && disabledTooltip
+							? disabledTooltip
+							: formatMessage(
+									shiftHeld && deleteHovered
+										? commonMessages.deleteImmediatelyLabel
+										: commonMessages.deleteLabel,
+								)
 					"
 					:disabled="isDisabled"
 					@click="emit('delete', $event)"
diff --git a/packages/ui/src/layouts/shared/content-tab/components/ContentCardTable.vue b/packages/ui/src/layouts/shared/content-tab/components/ContentCardTable.vue
index ee5a8c98bf..63cfccf670 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/ContentCardTable.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/ContentCardTable.vue
@@ -281,6 +281,9 @@ function handleSort(column: ContentCardTableSortColumn) {
 					:hide-switch-version="item.hideSwitchVersion"
 					:overflow-options="item.overflowOptions"
 					:disabled="item.disabled"
+					:disabled-tooltip="item.disabledTooltip"
+					:toggle-disabled="item.toggleDisabled"
+					:toggle-disabled-tooltip="item.toggleDisabledTooltip"
 					:show-checkbox="showSelection"
 					:hide-delete="hideDelete"
 					:hide-actions="!hasAnyActions"
@@ -336,6 +339,9 @@ function handleSort(column: ContentCardTableSortColumn) {
 				:client-warning="item.clientWarning"
 				:overflow-options="item.overflowOptions"
 				:disabled="item.disabled"
+				:disabled-tooltip="item.disabledTooltip"
+				:toggle-disabled="item.toggleDisabled"
+				:toggle-disabled-tooltip="item.toggleDisabledTooltip"
 				:show-checkbox="showSelection"
 				:hide-delete="hideDelete"
 				:hide-actions="!hasAnyActions"
diff --git a/packages/ui/src/layouts/shared/content-tab/components/ContentModpackCard.vue b/packages/ui/src/layouts/shared/content-tab/components/ContentModpackCard.vue
index fd3d71aad9..154cb27bd8 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/ContentModpackCard.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/ContentModpackCard.vue
@@ -224,6 +224,7 @@ onUnmounted(() => {
 						<Tooltip
 							v-if="hasContentListener"
 							theme="dismissable-prompt"
+							class="inline-flex"
 							:triggers="[]"
 							:shown="showContentHint && isExpanded"
 							:auto-hide="false"
@@ -293,6 +294,7 @@ onUnmounted(() => {
 					<Tooltip
 						v-if="collapsedOptions.length"
 						theme="dismissable-prompt"
+						class="inline-flex"
 						:triggers="[]"
 						:shown="showContentHint && !isExpanded"
 						:auto-hide="false"
diff --git a/packages/ui/src/layouts/shared/content-tab/components/ContentSelectionBar.vue b/packages/ui/src/layouts/shared/content-tab/components/ContentSelectionBar.vue
index a3510c454f..ce5cbe70fb 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/ContentSelectionBar.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/ContentSelectionBar.vue
@@ -68,6 +68,7 @@ interface Props {
 	selectedItems: ContentItem[]
 	contentTypeLabel?: string
 	isBusy?: boolean
+	busyTooltip?: string | null
 	isBulkOperating?: boolean
 	bulkOperation?: BulkOperationType | null
 	bulkProgress?: number
@@ -80,6 +81,7 @@ interface Props {
 const props = withDefaults(defineProps<Props>(), {
 	contentTypeLabel: undefined,
 	isBusy: false,
+	busyTooltip: undefined,
 	isBulkOperating: false,
 	bulkOperation: null,
 	bulkProgress: 0,
@@ -196,9 +198,11 @@ const bulkProgressMessage = computed(() => {
 			<ButtonStyled type="transparent">
 				<button
 					v-tooltip="
-						allEnabled
-							? formatMessage(messages.allAlreadyEnabled)
-							: formatMessage(commonMessages.enableButton)
+						isBusy && busyTooltip
+							? busyTooltip
+							: allEnabled
+								? formatMessage(messages.allAlreadyEnabled)
+								: formatMessage(commonMessages.enableButton)
 					"
 					:disabled="isBusy || allEnabled"
 					@click="emit('enable')"
@@ -210,9 +214,11 @@ const bulkProgressMessage = computed(() => {
 			<ButtonStyled type="transparent">
 				<button
 					v-tooltip="
-						allDisabled
-							? formatMessage(messages.allAlreadyDisabled)
-							: formatMessage(commonMessages.disableButton)
+						isBusy && busyTooltip
+							? busyTooltip
+							: allDisabled
+								? formatMessage(messages.allAlreadyDisabled)
+								: formatMessage(commonMessages.disableButton)
 					"
 					:disabled="isBusy || allDisabled"
 					@click="emit('disable')"
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmBulkUpdateModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmBulkUpdateModal.vue
index 33bb748cc2..da958bdbe1 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmBulkUpdateModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmBulkUpdateModal.vue
@@ -8,11 +8,13 @@
 	>
 		<div class="flex flex-col gap-6">
 			<Admonition type="warning" :header="formatMessage(messages.admonitionHeader)">
-				{{ formatMessage(messages.admonitionBody, { count }) }}
+				{{ formatMessage(messages.admonitionBody, { count: props.count }) }}
 			</Admonition>
 			<InlineBackupCreator
 				ref="backupCreator"
-				:backup-name="backupTip ? `Before bulk update (${backupTip})` : 'Before bulk update'"
+				:backup-name="
+					props.backupTip ? `Before bulk update (${props.backupTip})` : 'Before bulk update'
+				"
 				:shift-click-hint-override="formatMessage(messages.shiftClickHint)"
 				@update:buttons-disabled="buttonsDisabled = $event"
 			/>
@@ -27,9 +29,13 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="orange">
-					<button :disabled="buttonsDisabled" @click="confirm">
+					<button
+						v-tooltip="props.actionDisabled ? props.actionDisabledTooltip : undefined"
+						:disabled="buttonsDisabled || props.actionDisabled"
+						@click="confirm"
+					>
 						<DownloadIcon />
-						{{ formatMessage(messages.updateButton, { count }) }}
+						{{ formatMessage(messages.updateButton, { count: props.count }) }}
 					</button>
 				</ButtonStyled>
 			</div>
@@ -76,10 +82,12 @@ const messages = defineMessages({
 	},
 })
 
-defineProps<{
+const props = defineProps<{
 	count: number
 	server?: boolean
 	backupTip?: string
+	actionDisabled?: boolean
+	actionDisabledTooltip?: string
 }>()
 
 const emit = defineEmits<{
@@ -95,6 +103,7 @@ function show() {
 }
 
 function confirm() {
+	if (props.actionDisabled) return
 	modal.value?.hide()
 	emit('update')
 }
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmDeletionModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmDeletionModal.vue
index 64f0b1ad06..540bfe7a97 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmDeletionModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmDeletionModal.vue
@@ -3,23 +3,23 @@
 		ref="modal"
 		:header="
 			formatMessage(messages.header, {
-				itemType: formatContentTypeSentence(formatMessage, itemType, count),
+				itemType: formatContentTypeSentence(formatMessage, props.itemType, props.count),
 			})
 		"
-		:fade="variant === 'server' ? 'warning' : 'danger'"
+		:fade="props.variant === 'server' ? 'warning' : 'danger'"
 		max-width="500px"
 		:on-hide="() => backupCreator?.cancelBackup()"
 	>
 		<div class="flex flex-col gap-6">
 			<Admonition
-				:type="variant === 'server' ? 'warning' : 'critical'"
+				:type="props.variant === 'server' ? 'warning' : 'critical'"
 				:header="formatMessage(messages.admonitionHeader)"
 			>
 				{{ formatMessage(messages.admonitionBody) }}
 			</Admonition>
 			<InlineBackupCreator
 				ref="backupCreator"
-				:backup-name="backupTip ? `Before deletion (${backupTip})` : 'Before deletion'"
+				:backup-name="props.backupTip ? `Before deletion (${props.backupTip})` : 'Before deletion'"
 				@update:buttons-disabled="buttonsDisabled = $event"
 			/>
 		</div>
@@ -32,13 +32,17 @@
 						{{ formatMessage(commonMessages.cancelButton) }}
 					</button>
 				</ButtonStyled>
-				<ButtonStyled :color="variant === 'server' ? 'orange' : 'red'">
-					<button :disabled="buttonsDisabled" @click="confirm">
+				<ButtonStyled :color="props.variant === 'server' ? 'orange' : 'red'">
+					<button
+						v-tooltip="props.actionDisabled ? props.actionDisabledTooltip : undefined"
+						:disabled="buttonsDisabled || props.actionDisabled"
+						@click="confirm"
+					>
 						<TrashIcon />
 						{{
 							formatMessage(messages.deleteButton, {
-								count,
-								itemType: formatContentTypeSentence(formatMessage, itemType, count),
+								count: props.count,
+								itemType: formatContentTypeSentence(formatMessage, props.itemType, props.count),
 							})
 						}}
 					</button>
@@ -82,16 +86,20 @@ const messages = defineMessages({
 	},
 })
 
-withDefaults(
+const props = withDefaults(
 	defineProps<{
 		count: number
 		itemType: string
 		variant?: 'instance' | 'server'
 		backupTip?: string
+		actionDisabled?: boolean
+		actionDisabledTooltip?: string
 	}>(),
 	{
 		variant: 'instance',
 		backupTip: undefined,
+		actionDisabled: false,
+		actionDisabledTooltip: undefined,
 	},
 )
 
@@ -108,6 +116,7 @@ function show() {
 }
 
 function confirm() {
+	if (props.actionDisabled) return
 	modal.value?.hide()
 	emit('delete')
 }
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmModpackUpdateModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmModpackUpdateModal.vue
index 26be19f847..ffe36eda55 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmModpackUpdateModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmModpackUpdateModal.vue
@@ -35,7 +35,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="orange">
-					<button :disabled="buttonsDisabled" @click="handleConfirm">
+					<button
+						v-tooltip="props.actionDisabled ? props.actionDisabledTooltip : undefined"
+						:disabled="buttonsDisabled || props.actionDisabled"
+						@click="handleConfirm"
+					>
 						<DownloadIcon />
 						{{
 							formatMessage(messages.confirmButton, { action: downgrade ? 'downgrade' : 'update' })
@@ -62,6 +66,8 @@ import InlineBackupCreator from './InlineBackupCreator.vue'
 const props = defineProps<{
 	downgrade?: boolean
 	backupTip?: string
+	actionDisabled?: boolean
+	actionDisabledTooltip?: string
 }>()
 
 const { formatMessage } = useVIntl()
@@ -106,6 +112,7 @@ function show() {
 }
 
 function handleConfirm() {
+	if (props.actionDisabled) return
 	modal.value?.hide()
 	emit('confirm')
 }
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmUnlinkModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmUnlinkModal.vue
index e4f6af3aaf..2abba19b81 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmUnlinkModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ConfirmUnlinkModal.vue
@@ -12,7 +12,7 @@
 			</Admonition>
 			<InlineBackupCreator
 				ref="backupCreator"
-				:backup-name="backupTip ? `Before unlink (${backupTip})` : 'Before unlink'"
+				:backup-name="props.backupTip ? `Before unlink (${props.backupTip})` : 'Before unlink'"
 				@update:buttons-disabled="buttonsDisabled = $event"
 			/>
 		</div>
@@ -26,9 +26,13 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="orange">
-					<button :disabled="buttonsDisabled" @click="confirm">
+					<button
+						v-tooltip="props.actionDisabled ? props.actionDisabledTooltip : undefined"
+						:disabled="buttonsDisabled || props.actionDisabled"
+						@click="confirm"
+					>
 						<UnlinkIcon />
-						{{ formatMessage(messages.unlinkButton) }}
+						{{ formatMessage(props.server ? messages.header : messages.unlinkButton) }}
 					</button>
 				</ButtonStyled>
 			</div>
@@ -48,9 +52,11 @@ import { commonMessages } from '#ui/utils/common-messages'
 
 import InlineBackupCreator from './InlineBackupCreator.vue'
 
-defineProps<{
+const props = defineProps<{
 	server?: boolean
 	backupTip?: string
+	actionDisabled?: boolean
+	actionDisabledTooltip?: string
 }>()
 
 const { formatMessage } = useVIntl()
@@ -88,6 +94,7 @@ function show() {
 }
 
 function confirm() {
+	if (props.actionDisabled) return
 	modal.value?.hide()
 	emit('unlink')
 }
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ContentInstallModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ContentInstallModal.vue
index 8a351a180f..291d49171b 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ContentInstallModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ContentInstallModal.vue
@@ -114,14 +114,14 @@
 							inst.name
 						}}</span>
 					</button>
-					<ButtonStyled v-if="inst.installed" :disabled="true">
-						<button>
+					<ButtonStyled v-if="inst.installed">
+						<button disabled>
 							<CheckIcon />
 							{{ formatMessage(messages.installedBadge) }}
 						</button>
 					</ButtonStyled>
-					<ButtonStyled v-else-if="inst.compatible" :disabled="inst.installing">
-						<button @click="emit('install', inst)">
+					<ButtonStyled v-else-if="inst.compatible">
+						<button :disabled="inst.installing" @click="emit('install', inst)">
 							{{
 								inst.installing
 									? formatMessage(commonMessages.installingLabel)
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ContentUpdaterModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ContentUpdaterModal.vue
index ab2c933d53..bdc7398003 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ContentUpdaterModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ContentUpdaterModal.vue
@@ -216,7 +216,10 @@
 				</ButtonStyled>
 				<ButtonStyled color="brand">
 					<button
-						:disabled="!selectedVersion || selectedVersion.id === currentVersionId"
+						v-tooltip="props.actionDisabled ? props.actionDisabledTooltip : undefined"
+						:disabled="
+							props.actionDisabled || !selectedVersion || selectedVersion.id === currentVersionId
+						"
 						@click="handleUpdate"
 					>
 						<DownloadIcon />
@@ -393,6 +396,8 @@ const props = withDefaults(
 		loading?: boolean
 		/** Whether changelog is being loaded for the selected version */
 		loadingChangelog?: boolean
+		actionDisabled?: boolean
+		actionDisabledTooltip?: string
 	}>(),
 	{
 		projectType: undefined,
@@ -401,6 +406,8 @@ const props = withDefaults(
 		header: undefined,
 		loading: false,
 		loadingChangelog: false,
+		actionDisabled: false,
+		actionDisabledTooltip: undefined,
 	},
 )
 
@@ -616,6 +623,7 @@ function handleVersionSelect(version: Labrinth.Versions.v2.Version) {
 }
 
 function handleUpdate(event: MouseEvent) {
+	if (props.actionDisabled) return
 	if (selectedVersion.value) {
 		const changesGameVersion = versionChangesGameVersion(
 			selectedVersion.value,
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/InlineBackupCreator.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/InlineBackupCreator.vue
index 6688506bc5..2dc4780a25 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/InlineBackupCreator.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/InlineBackupCreator.vue
@@ -13,13 +13,17 @@
 			<ButtonStyled v-if="!backup.backupComplete.value && !backup.backupFailed.value">
 				<button
 					v-tooltip="
-						backup.externalBackupInProgress.value
-							? formatMessage(messages.backupInProgress)
-							: undefined
+						!canManageBackups
+							? permissionDeniedMessage
+							: backup.externalBackupInProgress.value
+								? formatMessage(messages.backupInProgress)
+								: undefined
 					"
 					class="!shadow-none"
-					:disabled="backup.isBackingUp.value || backup.externalBackupInProgress.value"
-					@click="backup.startBackup()"
+					:disabled="
+						!canManageBackups || backup.isBackingUp.value || backup.externalBackupInProgress.value
+					"
+					@click="startBackup"
 				>
 					<SpinnerIcon v-if="backup.isBackingUp.value" class="size-5 animate-spin" />
 					<PlusIcon v-else class="size-5" />
@@ -59,6 +63,7 @@ import { watch } from 'vue'
 
 import ButtonStyled from '#ui/components/base/ButtonStyled.vue'
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 
 import { useInlineBackup } from '../../composables/use-inline-backup'
 
@@ -73,9 +78,21 @@ const emit = defineEmits<{
 }>()
 
 const { formatMessage } = useVIntl()
+const { canManageBackups, permissionDeniedMessage } = useServerPermissions()
 
 const backup = useInlineBackup(() => props.backupName)
 
+function startBackup() {
+	if (
+		!canManageBackups.value ||
+		backup.externalBackupInProgress.value ||
+		backup.isBackingUp.value
+	) {
+		return
+	}
+	backup.startBackup()
+}
+
 watch(
 	() => backup.isBackingUp.value,
 	(backing) => {
diff --git a/packages/ui/src/layouts/shared/content-tab/components/modals/ModpackContentModal.vue b/packages/ui/src/layouts/shared/content-tab/components/modals/ModpackContentModal.vue
index 79a2406b41..edf1c8bb67 100644
--- a/packages/ui/src/layouts/shared/content-tab/components/modals/ModpackContentModal.vue
+++ b/packages/ui/src/layouts/shared/content-tab/components/modals/ModpackContentModal.vue
@@ -36,7 +36,8 @@ interface Props {
 	modpackName?: string
 	modpackIconUrl?: string
 	enableToggle?: boolean
-	busy?: boolean
+	actionDisabled?: boolean
+	actionDisabledTooltip?: string | null
 	getOverflowOptions?: (item: ContentItem) => OverflowMenuOption[]
 	switchVersion?: (item: ContentItem) => void
 }
@@ -45,7 +46,8 @@ const props = withDefaults(defineProps<Props>(), {
 	modpackName: undefined,
 	modpackIconUrl: undefined,
 	enableToggle: false,
-	busy: false,
+	actionDisabled: false,
+	actionDisabledTooltip: undefined,
 	getOverflowOptions: undefined,
 	switchVersion: undefined,
 })
@@ -54,6 +56,7 @@ const emit = defineEmits<{
 	'update:enabled': [item: ContentItem, value: boolean]
 	'bulk:enable': [items: ContentItem[]]
 	'bulk:disable': [items: ContentItem[]]
+	hide: []
 }>()
 
 const messages = defineMessages({
@@ -250,12 +253,16 @@ const tableItems = computed<ContentCardTableItem[]>(() =>
 			: undefined,
 		...(props.enableToggle ? { enabled: item.enabled } : {}),
 		installing: item.installing === true,
+		toggleDisabled: props.actionDisabled,
+		toggleDisabledTooltip: props.actionDisabled ? props.actionDisabledTooltip : undefined,
 		isClientOnly:
 			isClientOnlyEnvironment(item.environment) ||
 			!!item.pack_client_retained ||
 			!!item.pack_client_depends,
 		clientWarning: getClientWarningType(item),
-		disabled: props.busy || disabledIds.value.has(item.file_name) || item.installing === true,
+		disabled:
+			props.actionDisabled || disabledIds.value.has(item.file_name) || item.installing === true,
+		disabledTooltip: props.actionDisabled ? props.actionDisabledTooltip : undefined,
 		overflowOptions: [
 			...(props.switchVersion
 				? [
@@ -286,20 +293,20 @@ function getTypeIcon(type: string) {
 }
 
 function handleEnabledChange(fileName: string, value: boolean) {
-	if (props.busy) return
+	if (props.actionDisabled) return
 	const item = items.value.find((i) => i.file_name === fileName)
 	if (!item) return
 	emit('update:enabled', item, value)
 }
 
 function bulkEnable() {
-	if (props.busy) return
+	if (props.actionDisabled) return
 	emit('bulk:enable', [...selectedItems.value])
 	selectedIds.value = []
 }
 
 function bulkDisable() {
-	if (props.busy) return
+	if (props.actionDisabled) return
 	emit('bulk:disable', [...selectedItems.value])
 	selectedIds.value = []
 }
@@ -326,6 +333,10 @@ function hide() {
 	modal.value?.hide()
 }
 
+function handleHide() {
+	emit('hide')
+}
+
 function getState(): ModpackContentModalState | null {
 	if (!items.value.length) return null
 	return {
@@ -383,6 +394,7 @@ defineExpose({ show, showLoading, hide, getState, restore, updateItem, setItems
 		ref="modal"
 		:max-width="'min(928px, calc(95vw - 10rem))'"
 		:width="'min(928px, calc(95vw - 10rem))'"
+		:on-hide="handleHide"
 		no-padding
 	>
 		<template #title>
@@ -558,7 +570,8 @@ defineExpose({ show, showLoading, hide, getState, restore, updateItem, setItems
 		<ContentSelectionBar
 			v-if="props.enableToggle"
 			:selected-items="selectedItems"
-			:is-bulk-operating="props.busy"
+			:is-busy="props.actionDisabled"
+			:busy-tooltip="props.actionDisabledTooltip"
 			style="--left-bar-width: 0px; --right-bar-width: 0px"
 			@clear="selectedIds = []"
 			@enable="bulkEnable"
diff --git a/packages/ui/src/layouts/shared/content-tab/layout.vue b/packages/ui/src/layouts/shared/content-tab/layout.vue
index 451abe9e16..021af85340 100644
--- a/packages/ui/src/layouts/shared/content-tab/layout.vue
+++ b/packages/ui/src/layouts/shared/content-tab/layout.vue
@@ -272,6 +272,9 @@ const tableItems = computed<ContentCardTableItem[]>(() => {
 			id,
 			disabled:
 				isChanging(id) || ctx.isBusy.value || isBulkOperating.value || item.installing === true,
+			disabledTooltip: ctx.isBusy.value ? (ctx.busyMessage?.value ?? null) : null,
+			toggleDisabled: ctx.isBusy.value,
+			toggleDisabledTooltip: ctx.isBusy.value ? (ctx.busyMessage?.value ?? null) : null,
 			installing: item.installing === true,
 			hasUpdate: item.has_update,
 			isClientOnly:
@@ -321,7 +324,7 @@ function handleDeleteById(id: string, event?: MouseEvent) {
 	const item = ctx.items.value.find((i) => getItemId(i) === id)
 	if (item) {
 		pendingDeletionItems.value = [item]
-		if (event?.shiftKey) {
+		if (event?.shiftKey && !ctx.isBusy.value) {
 			confirmDelete()
 		} else {
 			confirmDeletionModal.value?.show()
@@ -331,7 +334,7 @@ function handleDeleteById(id: string, event?: MouseEvent) {
 
 function showBulkDeleteModal(event?: MouseEvent) {
 	pendingDeletionItems.value = [...selectedItems.value]
-	if (event?.shiftKey) {
+	if (event?.shiftKey && !ctx.isBusy.value) {
 		confirmDelete()
 	} else {
 		confirmDeletionModal.value?.show()
@@ -339,6 +342,7 @@ function showBulkDeleteModal(event?: MouseEvent) {
 }
 
 async function confirmDelete() {
+	if (ctx.isBusy.value) return
 	const itemsToDelete = [...pendingDeletionItems.value]
 	pendingDeletionItems.value = []
 	if (itemsToDelete.length === 0) return
@@ -383,6 +387,7 @@ async function confirmDelete() {
 }
 
 async function handleToggleEnabledById(id: string, _value: boolean) {
+	if (ctx.isBusy.value) return
 	const item = ctx.items.value.find((i) => getItemId(i) === id)
 	if (!item) return
 	markChanging(id)
@@ -394,6 +399,7 @@ async function handleToggleEnabledById(id: string, _value: boolean) {
 }
 
 async function bulkEnable() {
+	if (ctx.isBusy.value) return
 	const items = selectedItems.value.filter((item) => !item.enabled)
 	if (items.length === 0) return
 	if (ctx.bulkEnableItems) {
@@ -414,6 +420,7 @@ async function bulkEnable() {
 }
 
 async function bulkDisable() {
+	if (ctx.isBusy.value) return
 	const items = selectedItems.value.filter((item) => item.enabled)
 	if (items.length === 0) return
 	if (ctx.bulkDisableItems) {
@@ -455,7 +462,7 @@ function promptUpdateAll(event?: MouseEvent) {
 	const items = ctx.items.value.filter((item) => item.has_update)
 	if (items.length === 0) return
 	pendingBulkUpdateItems.value = items
-	if (event?.shiftKey) {
+	if (event?.shiftKey && !ctx.isBusy.value) {
 		confirmBulkUpdate()
 	} else {
 		confirmBulkUpdateModal.value?.show()
@@ -467,7 +474,7 @@ function promptUpdateSelected(event?: MouseEvent) {
 	const items = selectedItems.value.filter((item) => item.has_update)
 	if (items.length === 0) return
 	pendingBulkUpdateItems.value = items
-	if (event?.shiftKey) {
+	if (event?.shiftKey && !ctx.isBusy.value) {
 		confirmBulkUpdate()
 	} else {
 		confirmBulkUpdateModal.value?.show()
@@ -475,6 +482,7 @@ function promptUpdateSelected(event?: MouseEvent) {
 }
 
 async function confirmBulkUpdate() {
+	if (ctx.isBusy.value) return
 	const items = pendingBulkUpdateItems.value
 	if (items.length === 0 || !hasBulkUpdateSupport.value) return
 
@@ -525,12 +533,8 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 					:owner="ctx.modpack.value.owner"
 					:categories="ctx.modpack.value.categories"
 					:has-update="ctx.modpack.value.hasUpdate"
-					:disabled="ctx.modpack.value.disabled || ctx.isBusy.value"
-					:disabled-text="
-						ctx.modpack.value.disabledText ??
-						ctx.busyMessage?.value ??
-						(ctx.isBusy.value ? formatMessage(messages.pleaseWait) : undefined)
-					"
+					:disabled="ctx.modpack.value.disabled"
+					:disabled-text="ctx.modpack.value.disabledText"
 					:show-content-hint="
 						!!(ctx.showContentHint?.value && ctx.modpack.value && ctx.items.value.length === 0)
 					"
@@ -677,14 +681,18 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 									color-fill="text"
 									hover-color-fill="background"
 								>
-									<button :disabled="isBulkOperating || ctx.isBusy.value" @click="promptUpdateAll">
+									<button
+										v-tooltip="formatMessage(messages.updateAll)"
+										:disabled="isBulkOperating"
+										@click="promptUpdateAll"
+									>
 										<DownloadIcon />
 										{{ formatMessage(messages.updateAll) }}
 									</button>
 								</ButtonStyled>
 
 								<ButtonStyled type="transparent">
-									<button :disabled="refreshing || ctx.isBusy.value" @click="handleRefresh">
+									<button :disabled="refreshing" @click="handleRefresh">
 										<RefreshCwIcon :class="refreshing ? 'animate-spin' : ''" />
 										{{ formatMessage(commonMessages.refreshButton) }}
 									</button>
@@ -768,6 +776,7 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 			:selected-items="selectedItems"
 			:content-type-label="ctx.contentTypeLabel.value"
 			:is-busy="ctx.isBusy.value"
+			:busy-tooltip="ctx.busyMessage?.value"
 			:is-bulk-operating="isBulkOperating"
 			:bulk-operation="bulkOperation"
 			:bulk-progress="bulkProgress"
@@ -789,7 +798,6 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 				>
 					<button
 						v-tooltip="formatMessage(commonMessages.updateButton)"
-						:disabled="ctx.isBusy.value"
 						@click="promptUpdateSelected"
 					>
 						<DownloadIcon />
@@ -852,7 +860,6 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 				>
 					<button
 						v-tooltip="formatMessage(commonMessages.deleteLabel)"
-						:disabled="ctx.isBusy.value"
 						@click="showBulkDeleteModal"
 					>
 						<TrashIcon />
@@ -868,6 +875,8 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 			:item-type="ctx.contentTypeLabel.value"
 			:variant="ctx.deletionContext ?? 'instance'"
 			:backup-tip="pendingDeletionItems.map((i) => i.project?.title ?? i.file_name).join(', ')"
+			:action-disabled="ctx.isBusy.value"
+			:action-disabled-tooltip="ctx.busyMessage?.value ?? undefined"
 			@delete="confirmDelete"
 		/>
 		<ConfirmBulkUpdateModal
@@ -875,6 +884,8 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 			ref="confirmBulkUpdateModal"
 			:count="pendingBulkUpdateItems.length"
 			:server="ctx.deletionContext === 'server'"
+			:action-disabled="ctx.isBusy.value"
+			:action-disabled-tooltip="ctx.busyMessage?.value ?? undefined"
 			@update="confirmBulkUpdate"
 		/>
 		<ConfirmUnlinkModal
@@ -882,6 +893,8 @@ const confirmUnlinkModal = ref<InstanceType<typeof ConfirmUnlinkModal>>()
 			ref="confirmUnlinkModal"
 			:server="ctx.deletionContext === 'server'"
 			:backup-tip="ctx.modpack.value?.project.title"
+			:action-disabled="ctx.isBusy.value"
+			:action-disabled-tooltip="ctx.busyMessage?.value ?? undefined"
 			@unlink="ctx.unlinkModpack!()"
 		/>
 
diff --git a/packages/ui/src/layouts/shared/content-tab/types.ts b/packages/ui/src/layouts/shared/content-tab/types.ts
index c909d081ad..778d6fdc4b 100644
--- a/packages/ui/src/layouts/shared/content-tab/types.ts
+++ b/packages/ui/src/layouts/shared/content-tab/types.ts
@@ -32,6 +32,9 @@ export interface ContentCardTableItem {
 	owner?: ContentOwner
 	enabled?: boolean
 	disabled?: boolean
+	disabledTooltip?: string | null
+	toggleDisabled?: boolean
+	toggleDisabledTooltip?: string | null
 	installing?: boolean
 	hasUpdate?: boolean
 	isClientOnly?: boolean
diff --git a/packages/ui/src/layouts/shared/files-tab/components/editor/EditorFindReplace.vue b/packages/ui/src/layouts/shared/files-tab/components/editor/EditorFindReplace.vue
index c460e8869a..1e28ffbbb7 100644
--- a/packages/ui/src/layouts/shared/files-tab/components/editor/EditorFindReplace.vue
+++ b/packages/ui/src/layouts/shared/files-tab/components/editor/EditorFindReplace.vue
@@ -10,6 +10,7 @@
 				<ButtonStyled type="transparent" circular>
 					<button
 						v-tooltip="formatMessage(messages.toggleReplace)"
+						:disabled="props.readonly"
 						:aria-label="formatMessage(messages.toggleReplace)"
 						@click="toggleReplace"
 					>
@@ -88,6 +89,7 @@
 						type="search"
 						size="small"
 						autocomplete="off"
+						:disabled="props.readonly"
 						:placeholder="formatMessage(messages.replaceInFile)"
 						wrapper-class="w-44"
 					/>
@@ -95,7 +97,7 @@
 				<ButtonStyled type="outlined">
 					<button
 						class="!h-8 whitespace-nowrap px-2 text-sm disabled:opacity-50"
-						:disabled="findMatchCount === 0"
+						:disabled="props.readonly || findMatchCount === 0"
 						@click="emit('replace', replaceQuery)"
 					>
 						{{ formatMessage(messages.replace) }}
@@ -104,7 +106,7 @@
 				<ButtonStyled type="outlined">
 					<button
 						class="!h-8 whitespace-nowrap px-2 text-sm disabled:opacity-50"
-						:disabled="findMatchCount === 0"
+						:disabled="props.readonly || findMatchCount === 0"
 						@click="emit('replaceAll', replaceQuery)"
 					>
 						{{ formatMessage(messages.replaceAll) }}
@@ -129,6 +131,7 @@ const props = defineProps<{
 	findMatchCount: number
 	currentFindMatch: number
 	isEditingImage: boolean
+	readonly?: boolean
 }>()
 
 const emit = defineEmits<{
@@ -193,6 +196,7 @@ const findInputRef = ref<{ focus: () => void } | null>(null)
 const replaceInputRef = ref<{ focus: () => void } | null>(null)
 
 function toggleReplace() {
+	if (props.readonly) return
 	isReplaceOpen.value = !isReplaceOpen.value
 	if (isReplaceOpen.value) {
 		nextTick(() => replaceInputRef.value?.focus())
@@ -204,6 +208,7 @@ function focusFindInput() {
 }
 
 function openReplace() {
+	if (props.readonly) return
 	isReplaceOpen.value = true
 	nextTick(() => replaceInputRef.value?.focus())
 }
diff --git a/packages/ui/src/layouts/shared/files-tab/components/editor/FileEditor.vue b/packages/ui/src/layouts/shared/files-tab/components/editor/FileEditor.vue
index 7f8a9ebb82..cea2200a4e 100644
--- a/packages/ui/src/layouts/shared/files-tab/components/editor/FileEditor.vue
+++ b/packages/ui/src/layouts/shared/files-tab/components/editor/FileEditor.vue
@@ -8,6 +8,7 @@
 			v-model:is-find-open="isFindOpen"
 			v-model:find-query="inFileFindQuery"
 			:is-editing-image="isEditingImage"
+			:readonly="isEditorReadOnly"
 			:find-match-count="findMatchCount"
 			:current-find-match="currentFindMatch"
 			@find-next="findNext"
@@ -22,6 +23,7 @@
 			v-model:value="fileContent"
 			:lang="editorLanguage"
 			theme="modrinth"
+			:readonly="isEditorReadOnly"
 			:print-margin="false"
 			:style="{ height: editorHeight, fontSize: '0.875rem' }"
 			class="ace-modrinth rounded-[20px]"
@@ -144,6 +146,11 @@ const editorLanguage = computed(() => {
 	const ext = getFileExtension(props.file?.name ?? '')
 	return getEditorLanguage(ext)
 })
+const isEditorReadOnly = computed(() => ctx.isBusy?.value ?? false)
+
+watch(isEditorReadOnly, (readOnly) => {
+	editorInstance.value?.setReadOnly(readOnly)
+})
 
 watch(
 	() => props.file,
@@ -206,6 +213,7 @@ function resetState() {
 
 function onEditorInit(editor: Ace.Editor) {
 	editorInstance.value = editor
+	editor.setReadOnly(isEditorReadOnly.value)
 
 	editor.commands.addCommand({
 		name: 'save',
@@ -223,6 +231,7 @@ function onEditorInit(editor: Ace.Editor) {
 		name: 'replace',
 		bindKey: { win: 'Ctrl-H', mac: 'Command-Option-F' },
 		exec: () => {
+			if (isEditorReadOnly.value) return
 			isFindOpen.value = true
 			nextTick(() => findReplaceRef.value?.openReplace())
 		},
@@ -231,6 +240,7 @@ function onEditorInit(editor: Ace.Editor) {
 
 async function saveFileContent(exit: boolean = false) {
 	if (!props.file) return
+	if (ctx.isBusy?.value) return
 
 	try {
 		const normalizedPath = props.file.path.startsWith('/') ? props.file.path : `/${props.file.path}`
@@ -312,7 +322,7 @@ function closeFind() {
 
 function replaceOne(query: string) {
 	const editor = editorInstance.value
-	if (!editor || findMatchCount.value === 0) return
+	if (!editor || isEditorReadOnly.value || findMatchCount.value === 0) return
 	editor.replace(query)
 	nextTick(() => {
 		const count = countOccurrences(fileContent.value, inFileFindQuery.value)
@@ -323,7 +333,7 @@ function replaceOne(query: string) {
 
 function replaceAllOccurrences(query: string) {
 	const editor = editorInstance.value
-	if (!editor || findMatchCount.value === 0) return
+	if (!editor || isEditorReadOnly.value || findMatchCount.value === 0) return
 	editor.replaceAll(query)
 	nextTick(() => {
 		const count = countOccurrences(fileContent.value, inFileFindQuery.value)
diff --git a/packages/ui/src/layouts/shared/files-tab/components/modals/FileUploadZipUrlModal.vue b/packages/ui/src/layouts/shared/files-tab/components/modals/FileUploadZipUrlModal.vue
index 9e5b4f31fd..423635d6e8 100644
--- a/packages/ui/src/layouts/shared/files-tab/components/modals/FileUploadZipUrlModal.vue
+++ b/packages/ui/src/layouts/shared/files-tab/components/modals/FileUploadZipUrlModal.vue
@@ -37,6 +37,7 @@
 				</div>
 				<StyledInput
 					v-model="url"
+					v-tooltip="props.disabled ? props.disabledTooltip : undefined"
 					:icon="LinkIcon"
 					type="url"
 					:placeholder="
@@ -44,7 +45,7 @@
 							? 'https://www.curseforge.com/minecraft/modpacks/.../files/6412259'
 							: 'https://www.example.com/.../modpack-name-1.0.2.zip'
 					"
-					:disabled="submitted"
+					:disabled="submitted || props.disabled"
 					:error="touched && !!error"
 					autocomplete="off"
 					@focus="touched = true"
@@ -74,8 +75,8 @@
 				</ButtonStyled>
 				<ButtonStyled color="brand">
 					<button
-						v-tooltip="error"
-						:disabled="submitted || !!error || backupInProgress"
+						v-tooltip="submitTooltip"
+						:disabled="submitDisabled"
 						type="submit"
 						@click="handleSubmit"
 					>
@@ -118,6 +119,17 @@ const { addNotification } = injectNotificationManager()
 const client = injectModrinthClient()
 const { formatMessage } = useVIntl()
 
+const props = withDefaults(
+	defineProps<{
+		disabled?: boolean
+		disabledTooltip?: string
+	}>(),
+	{
+		disabled: false,
+		disabledTooltip: undefined,
+	},
+)
+
 const messages = defineMessages({
 	cfHeader: {
 		id: 'files.zip-url-modal.cf-header',
@@ -239,9 +251,17 @@ const error = computed(() => {
 	return ''
 })
 
+const submitDisabled = computed(
+	() => submitted.value || props.disabled || !!error.value || backupInProgress.value,
+)
+const submitTooltip = computed(() => {
+	if (props.disabled) return props.disabledTooltip
+	return error.value || undefined
+})
+
 const handleSubmit = async () => {
 	touched.value = true
-	if (error.value) return
+	if (submitDisabled.value) return
 
 	submitted.value = true
 	try {
@@ -270,6 +290,8 @@ const handleSubmit = async () => {
 }
 
 const show = (isCf: boolean) => {
+	if (props.disabled) return
+
 	cf.value = isCf
 	url.value = ''
 	submitted.value = false
diff --git a/packages/ui/src/layouts/shared/files-tab/layout.vue b/packages/ui/src/layouts/shared/files-tab/layout.vue
index 010b9ad4d8..a01de783af 100644
--- a/packages/ui/src/layouts/shared/files-tab/layout.vue
+++ b/packages/ui/src/layouts/shared/files-tab/layout.vue
@@ -3,7 +3,12 @@
 	<FileUnsavedChangesModal ref="unsavedChangesModal" />
 	<FileCreateItemModal ref="createItemModal" :type="newItemType" @create="handleCreateNewItem" />
 	<FileUploadConflictModal ref="uploadConflictModal" @proceed="handleExtractConfirm" />
-	<FileUploadZipUrlModal v-if="ctx.showInstallFromUrl" ref="uploadZipUrlModal" />
+	<FileUploadZipUrlModal
+		v-if="ctx.showInstallFromUrl"
+		ref="uploadZipUrlModal"
+		:disabled="isBusy"
+		:disabled-tooltip="busyTooltip"
+	/>
 	<FileRenameItemModal ref="renameItemModal" :item="selectedItem" @rename="handleRenameItem" />
 	<FileMoveItemModal
 		ref="moveItemModal"
@@ -156,7 +161,11 @@
 					</button>
 				</ButtonStyled>
 				<ButtonStyled color="brand">
-					<button @click="fileEditorRef?.saveFileContent(false)">
+					<button
+						v-tooltip="isBusy ? busyTooltip : undefined"
+						:disabled="isBusy"
+						@click="fileEditorRef?.saveFileContent(false)"
+					>
 						<SaveIcon /> {{ formatMessage(commonMessages.saveButton) }}
 					</button>
 				</ButtonStyled>
@@ -370,6 +379,7 @@ async function confirmDiscardChanges(): Promise<boolean> {
 	if (!hasUnsavedChanges.value) return true
 	const result = await unsavedChangesModal.value?.prompt()
 	if (result === 'save') {
+		if (isBusy.value) return false
 		await fileEditorRef.value?.saveFileContent(false)
 		return true
 	}
@@ -412,10 +422,12 @@ async function handleEditorClose() {
 
 // CRUD handlers
 async function handleCreateNewItem(name: string) {
+	if (isBusy.value) return
 	await ctx.createItem(name, newItemType.value)
 }
 
 async function handleRenameItem(newName: string) {
+	if (isBusy.value) return
 	const item = selectedItem.value
 	if (!item) return
 
@@ -432,6 +444,7 @@ async function handleRenameItem(newName: string) {
 }
 
 async function handleMoveItem(destination: string) {
+	if (isBusy.value) return
 	const item = selectedItem.value
 	if (!item) return
 
@@ -450,6 +463,7 @@ async function handleMoveItem(destination: string) {
 }
 
 function handleDeleteItem() {
+	if (isBusy.value) return
 	const item = selectedItem.value
 	if (!item) return
 
@@ -513,6 +527,7 @@ async function handleExtractItem(item: { name: string; type: string; path: strin
 }
 
 async function handleExtractConfirm(path: string) {
+	if (isBusy.value) return
 	if (!ctx.extractFile) return
 	try {
 		await ctx.extractFile(path, true, false)
diff --git a/packages/ui/src/layouts/shared/installation-settings/composables/use-installation-form.ts b/packages/ui/src/layouts/shared/installation-settings/composables/use-installation-form.ts
index f8eaf328cf..ae0dcc78e1 100644
--- a/packages/ui/src/layouts/shared/installation-settings/composables/use-installation-form.ts
+++ b/packages/ui/src/layouts/shared/installation-settings/composables/use-installation-form.ts
@@ -84,6 +84,7 @@ export function useInstallationForm(
 	})
 
 	async function save() {
+		if (ctx.isBusy.value) return
 		isSaving.value = true
 		try {
 			const platformChanged = selectedPlatform.value !== ctx.currentPlatform.value
@@ -156,6 +157,7 @@ export function useInstallationForm(
 	}
 
 	async function confirmLoaderChange() {
+		if (ctx.isBusy.value) return
 		try {
 			if (ctx.disableAllContent) {
 				await ctx.disableAllContent()
@@ -169,6 +171,7 @@ export function useInstallationForm(
 	}
 
 	async function confirmAutoFix() {
+		if (ctx.isBusy.value) return
 		try {
 			if (ctx.previewSave) {
 				isVerifying.value = true
@@ -210,6 +213,7 @@ export function useInstallationForm(
 	}
 
 	async function confirmDisableConflicts() {
+		if (ctx.isBusy.value) return
 		try {
 			if (ctx.disableIncompatibleContent) {
 				await ctx.disableIncompatibleContent(selectedGameVersion.value)
@@ -239,6 +243,7 @@ export function useInstallationForm(
 	}
 
 	async function confirmSave() {
+		if (ctx.isBusy.value) return
 		pendingPreview.value = null
 		try {
 			await performSave()
@@ -280,6 +285,7 @@ export function useInstallationForm(
 	const loadingChangelog = ref(false)
 
 	async function handleChangeModpackVersion() {
+		if (ctx.isBusy.value) return
 		updatingModpack.value = true
 		loadingChangelog.value = false
 
@@ -350,6 +356,7 @@ export function useInstallationForm(
 	}
 
 	async function handleUpdaterConfirm(version: Labrinth.Versions.v2.Version) {
+		if (ctx.isBusy.value) return
 		try {
 			await ctx.onModpackVersionConfirm(version)
 		} finally {
diff --git a/packages/ui/src/layouts/shared/installation-settings/layout.vue b/packages/ui/src/layouts/shared/installation-settings/layout.vue
index fc90cef291..11b948e0bc 100644
--- a/packages/ui/src/layouts/shared/installation-settings/layout.vue
+++ b/packages/ui/src/layouts/shared/installation-settings/layout.vue
@@ -106,6 +106,14 @@ const disabledPlatforms = computed(() => {
 	if (!ctx.lockPlatform || ctx.currentPlatform.value === 'vanilla') return []
 	return ctx.availablePlatforms.filter((p) => p !== ctx.currentPlatform.value)
 })
+const platformDisabledItems = computed(() =>
+	ctx.isBusy.value ? ctx.availablePlatforms : disabledPlatforms.value,
+)
+const platformDisabledTooltip = computed(() =>
+	ctx.isBusy.value
+		? (ctx.busyMessage?.value ?? undefined)
+		: formatMessage(messages.platformLockTooltip),
+)
 
 const showModpackVersionActions = computed(() => {
 	const val = ctx.showModpackVersionActions
@@ -120,6 +128,7 @@ const isLocalFile = computed(() => {
 })
 
 function handleModpackUpdateRequest(version: Labrinth.Versions.v2.Version, event?: MouseEvent) {
+	if (ctx.isBusy.value) return
 	pendingUpdateVersion.value = version
 
 	const currentVersionId = ctx.updaterModalProps.value.currentVersionId
@@ -140,6 +149,7 @@ function handleModpackUpdateRequest(version: Labrinth.Versions.v2.Version, event
 }
 
 function handleModpackUpdateConfirm() {
+	if (ctx.isBusy.value) return
 	const version = pendingUpdateVersion.value
 	if (version) {
 		contentUpdaterModal.value?.hide()
@@ -155,16 +165,19 @@ function handleModpackUpdateCancel() {
 }
 
 function handleRepair() {
+	if (ctx.isBusy.value) return
 	form.cancelEditing()
 	ctx.repair()
 }
 
 function handleReinstall() {
+	if (ctx.isBusy.value) return
 	form.cancelEditing()
 	ctx.reinstallModpack()
 }
 
 function handleUnlink() {
+	if (ctx.isBusy.value) return
 	form.cancelEditing()
 	ctx.unlinkModpack()
 }
@@ -174,6 +187,7 @@ const emit = defineEmits<{
 }>()
 
 function handleIncompatibleResetServer() {
+	if (ctx.isBusy.value) return
 	form.cancelPreview()
 	form.cancelEditing()
 	emit('reset-server')
@@ -413,6 +427,7 @@ const messages = defineMessages({
 					<div class="flex flex-wrap gap-2">
 						<ButtonStyled v-if="showModpackVersionActions">
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="form.handleChangeModpackVersion()"
@@ -438,6 +453,7 @@ const messages = defineMessages({
 					<div>
 						<ButtonStyled color="orange">
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="(e: MouseEvent) => (e.shiftKey ? handleUnlink() : unlinkModal?.show())"
@@ -473,6 +489,7 @@ const messages = defineMessages({
 					<div>
 						<ButtonStyled color="red">
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="
@@ -512,6 +529,7 @@ const messages = defineMessages({
 					<div>
 						<ButtonStyled>
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="repairModal?.show()"
@@ -555,8 +573,8 @@ const messages = defineMessages({
 								:items="ctx.availablePlatforms"
 								:format-label="formatLoaderLabel"
 								:capitalize="false"
-								:disabled-items="disabledPlatforms"
-								:disabled-tooltip="formatMessage(messages.platformLockTooltip)"
+								:disabled-items="platformDisabledItems"
+								:disabled-tooltip="platformDisabledTooltip"
 								:aria-label="formatMessage(messages.selectPlatformAriaLabel)"
 							/>
 						</div>
@@ -567,6 +585,7 @@ const messages = defineMessages({
 							</span>
 							<Combobox
 								v-model="form.selectedGameVersion.value"
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								:options="form.gameVersionOptions.value"
 								searchable
 								sync-with-selection
@@ -577,11 +596,14 @@ const messages = defineMessages({
 									formatMessage(commonMessages.selectVersionPlaceholder)
 								"
 								:aria-label="formatMessage(messages.selectGameVersionAriaLabel)"
+								:disabled="ctx.isBusy.value"
 								@option-hover="ctx.onGameVersionHover?.($event)"
 							>
 								<template v-if="form.hasSnapshots.value" #dropdown-footer>
 									<button
+										v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 										class="flex w-full cursor-pointer items-center justify-center gap-1.5 border-0 border-t border-solid border-surface-5 bg-transparent py-3 text-center text-sm font-semibold text-secondary transition-colors hover:text-contrast"
+										:disabled="ctx.isBusy.value"
 										@mousedown.prevent
 										@click="form.showSnapshots.value = !form.showSnapshots.value"
 									>
@@ -610,6 +632,7 @@ const messages = defineMessages({
 							</span>
 							<Combobox
 								v-model="form.selectedLoaderVersion.value"
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								searchable
 								sync-with-selection
 								:placeholder="
@@ -627,6 +650,7 @@ const messages = defineMessages({
 										loader: form.formattedLoaderName.value,
 									})
 								"
+								:disabled="ctx.isBusy.value"
 							>
 								<template
 									v-if="form.selectedPlatform.value === 'paper'"
@@ -659,8 +683,14 @@ const messages = defineMessages({
 						<div class="flex flex-wrap gap-2">
 							<ButtonStyled color="brand">
 								<button
+									v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 									class="!shadow-none"
-									:disabled="!form.isValid.value || !form.hasChanges.value || form.isSaving.value"
+									:disabled="
+										!form.isValid.value ||
+										!form.hasChanges.value ||
+										form.isSaving.value ||
+										ctx.isBusy.value
+									"
 									@click="form.save()"
 								>
 									<SpinnerIcon v-if="form.isSaving.value" class="animate-spin" />
@@ -702,6 +732,7 @@ const messages = defineMessages({
 					<div class="flex flex-wrap gap-2">
 						<ButtonStyled color="orange">
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="form.isEditing.value = true"
@@ -736,6 +767,7 @@ const messages = defineMessages({
 					<div>
 						<ButtonStyled>
 							<button
+								v-tooltip="ctx.isBusy.value ? ctx.busyMessage?.value : undefined"
 								class="!shadow-none"
 								:disabled="ctx.isBusy.value"
 								@click="repairModal?.show()"
diff --git a/packages/ui/src/layouts/shared/installation-settings/providers/installation-settings.ts b/packages/ui/src/layouts/shared/installation-settings/providers/installation-settings.ts
index 0b543d6f66..6d63f69bea 100644
--- a/packages/ui/src/layouts/shared/installation-settings/providers/installation-settings.ts
+++ b/packages/ui/src/layouts/shared/installation-settings/providers/installation-settings.ts
@@ -16,6 +16,7 @@ export interface InstallationSettingsContext {
 	installationInfo: ComputedRef<InstallationInfoRow[]>
 	isLinked: ComputedRef<boolean>
 	isBusy: Ref<boolean> | ComputedRef<boolean>
+	busyMessage?: Ref<string | null> | ComputedRef<string | null>
 
 	modpack: Ref<InstallationModpackData | null> | ComputedRef<InstallationModpackData | null>
 
diff --git a/packages/ui/src/layouts/shared/server-settings/pages/advanced.vue b/packages/ui/src/layouts/shared/server-settings/pages/advanced.vue
index d28cd9650a..133342ce11 100644
--- a/packages/ui/src/layouts/shared/server-settings/pages/advanced.vue
+++ b/packages/ui/src/layouts/shared/server-settings/pages/advanced.vue
@@ -8,10 +8,13 @@
 						<span class="text-lg font-semibold text-contrast">SFTP</span>
 						<ButtonStyled>
 							<a
-								v-tooltip="'This button only works with compatible SFTP clients (e.g. WinSCP)'"
+								v-tooltip="sftpActionTooltip"
 								class="!w-full sm:!w-auto"
-								:href="sftpUrl"
+								:class="{ 'opacity-60': !canWriteFiles }"
+								:href="canWriteFiles ? sftpUrl : undefined"
+								:aria-disabled="!canWriteFiles"
 								target="_blank"
+								@click="handleSftpLaunchClick"
 							>
 								<ExternalIcon class="h-5 w-5" />
 								Launch SFTP
@@ -22,8 +25,9 @@
 					<div class="flex flex-col gap-2.5 rounded-2xl bg-surface-2 p-4">
 						<span class="text-lg font-semibold text-contrast">Server Address</span>
 						<div
-							v-tooltip="'Copy SFTP server address'"
+							v-tooltip="sftpCopyTooltip('Copy SFTP server address')"
 							class="copy-field hover:bg-button-bg-hover"
+							:class="{ 'opacity-60': !canWriteFiles }"
 							@click="copyToClipboard('Server address', server?.sftp_host)"
 						>
 							<span class="cursor-pointer font-semibold text-primary">
@@ -37,8 +41,9 @@
 							<div class="flex w-full flex-col justify-center gap-2">
 								<span class="text-lg font-semibold text-contrast">Username</span>
 								<div
-									v-tooltip="'Copy SFTP username'"
+									v-tooltip="sftpCopyTooltip('Copy SFTP username')"
 									class="copy-field hover:bg-button-bg-hover"
+									:class="{ 'opacity-60': !canWriteFiles }"
 									@click="copyToClipboard('Username', server?.sftp_username)"
 								>
 									<div class="truncate font-semibold">
@@ -53,11 +58,12 @@
 								<span class="text-lg font-semibold text-contrast">Password</span>
 								<div
 									class="copy-field-has-button [&:hover:not(:has(button:hover))]:bg-button-bg-hover"
+									:class="{ 'opacity-60': !canWriteFiles }"
 									@click="copyToClipboard('Password', server?.sftp_password)"
 								>
 									<div class="flex items-center gap-1.5 h-full w-full">
 										<div
-											v-tooltip="'Copy SFTP Password'"
+											v-tooltip="sftpCopyTooltip('Copy SFTP Password')"
 											class="h-full flex justify-between grow items-center"
 										>
 											<div class="truncate font-semibold">
@@ -72,9 +78,16 @@
 
 										<ButtonStyled type="transparent" circular>
 											<button
-												v-tooltip="showPassword ? 'Hide password' : 'Show password'"
+												v-tooltip="
+													canWriteFiles
+														? showPassword
+															? 'Hide password'
+															: 'Show password'
+														: permissionDeniedMessage
+												"
 												class="hover:bg-button-bg-hover grid h-10 w-10 place-content-center rounded-lg"
-												@click.stop="showPassword = !showPassword"
+												:disabled="!canWriteFiles"
+												@click.stop="togglePasswordVisibility"
 											>
 												<!-- look into doing stop propagation here -->
 												<EyeIcon v-if="showPassword" class="h-5 w-5" />
@@ -96,7 +109,12 @@
 						</label>
 						<ButtonStyled v-if="startupCommand !== defaultStartupCommand" type="transparent">
 							<button
-								:disabled="isStartupLoading || startupCommand === defaultStartupCommand"
+								v-tooltip="advancedActionTooltip"
+								:disabled="
+									isStartupLoading ||
+									startupCommand === defaultStartupCommand ||
+									!canUseAdvancedSettings
+								"
 								class="relative !w-full sm:!w-auto"
 								@click="resetToDefault"
 							>
@@ -109,10 +127,11 @@
 						<StyledInput
 							id="startup-command-field"
 							v-model="startupCommand"
+							v-tooltip="advancedActionTooltip"
 							multiline
 							resize="vertical"
 							input-class="font-mono field-sizing-content"
-							:disabled="isStartupLoading"
+							:disabled="isStartupLoading || !canUseAdvancedSettings"
 						/>
 						<div
 							v-if="isStartupLoading"
@@ -133,10 +152,11 @@
 						<Combobox
 							:id="'java-version-field'"
 							v-model="javaVersion"
+							v-tooltip="advancedActionTooltip"
 							name="java-version"
 							:options="displayedJavaVersions"
 							:display-value="javaVersionLabel ?? 'Java Version'"
-							:disabled="isStartupLoading"
+							:disabled="isStartupLoading || !canUseAdvancedSettings"
 						>
 							<template #dropdown-footer>
 								<button
@@ -169,10 +189,11 @@
 						<Combobox
 							:id="'runtime-field'"
 							v-model="jreVendor"
+							v-tooltip="advancedActionTooltip"
 							name="runtime"
 							:options="JRE_VENDORS"
 							:display-value="jreVendorLabel ?? 'Runtime'"
-							:disabled="isStartupLoading"
+							:disabled="isStartupLoading || !canUseAdvancedSettings"
 						/>
 						<div
 							v-if="isStartupLoading"
@@ -189,7 +210,7 @@
 			:is-visible="!!hasUnsavedChanges || isPending"
 			:server-id="serverId"
 			:is-updating="isPending"
-			:save="() => saveStartup()"
+			:save="saveStartup"
 			:reset="resetStartup"
 		/>
 	</div>
@@ -210,6 +231,7 @@ import { computed, ref, watch } from 'vue'
 
 import { ButtonStyled, Combobox, StyledInput } from '#ui/components'
 import SaveBanner from '#ui/components/servers/SaveBanner.vue'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -220,12 +242,29 @@ const { addNotification } = injectNotificationManager()
 const { server, serverId, worldId } = injectModrinthServerContext()
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
+const { canUseAdvancedSettings, canWriteFiles, permissionDeniedMessage } = useServerPermissions()
 
 // SFTP state
 const showPassword = ref(false)
 const sftpUrl = computed(() => `sftp://${server.value?.sftp_username}@${server.value?.sftp_host}`)
+const advancedActionTooltip = computed(() =>
+	canUseAdvancedSettings.value ? undefined : permissionDeniedMessage.value,
+)
+const sftpActionTooltip = computed(() =>
+	canWriteFiles.value
+		? 'This button only works with compatible SFTP clients (e.g. WinSCP)'
+		: permissionDeniedMessage.value,
+)
+const sftpCopyTooltip = (label: string) =>
+	canWriteFiles.value ? label : permissionDeniedMessage.value
+
+function handleSftpLaunchClick(event: MouseEvent) {
+	if (canWriteFiles.value) return
+	event.preventDefault()
+}
 
 const copyToClipboard = (name: string, textToCopy?: string) => {
+	if (!canWriteFiles.value) return
 	navigator.clipboard.writeText(textToCopy || '')
 	addNotification({
 		type: 'success',
@@ -242,6 +281,11 @@ const { data: startupData, isLoading: isStartupLoading } = useQuery({
 	enabled: computed(() => worldId.value !== null),
 })
 
+function togglePasswordVisibility() {
+	if (!canWriteFiles.value) return
+	showPassword.value = !showPassword.value
+}
+
 const JAVA_VERSIONS = [
 	{ value: 8, label: 'Java 8' },
 	{ value: 11, label: 'Java 11' },
@@ -343,7 +387,7 @@ const hasUnsavedChanges = computed(
 		jreVendor.value !== savedJreVendor.value,
 )
 
-const { mutate: saveStartup, isPending } = useMutation({
+const { mutate: saveStartupMutation, isPending } = useMutation({
 	mutationFn: () =>
 		client.archon.options_v1.patchStartup(serverId, worldId.value!, {
 			startup_command: startupCommand.value || null,
@@ -369,11 +413,17 @@ const { mutate: saveStartup, isPending } = useMutation({
 	},
 })
 
+function saveStartup() {
+	if (!canUseAdvancedSettings.value) return
+	saveStartupMutation()
+}
+
 function resetStartup() {
 	syncFormFromData()
 }
 
 function resetToDefault() {
+	if (!canUseAdvancedSettings.value) return
 	startupCommand.value = defaultStartupCommand.value
 }
 </script>
diff --git a/packages/ui/src/layouts/shared/server-settings/pages/general.vue b/packages/ui/src/layouts/shared/server-settings/pages/general.vue
index 9dbf021341..675eb1b203 100644
--- a/packages/ui/src/layouts/shared/server-settings/pages/general.vue
+++ b/packages/ui/src/layouts/shared/server-settings/pages/general.vue
@@ -13,8 +13,10 @@
 								<StyledInput
 									id="server-name-field"
 									v-model="serverName"
+									v-tooltip="advancedActionTooltip"
 									wrapper-class="w-full"
 									:maxlength="48"
+									:disabled="!canUseAdvancedSettings"
 									@keyup.enter="!serverName && saveGeneral"
 								/>
 								<span>This name is only visible on Modrinth.</span>
@@ -39,9 +41,11 @@
 										>
 										<input
 											id="server-subdomain"
+											v-tooltip="advancedActionTooltip"
 											:value="serverSubdomain"
 											placeholder="Enter subdomain..."
 											:maxlength="32"
+											:disabled="!canUseAdvancedSettings"
 											class="absolute left-px inset-0 bg-transparent !p-0 text-base font-medium text-primary !shadow-none transition-colors placeholder:text-secondary focus:text-contrast"
 											autocomplete="off"
 											@input="serverSubdomain = ($event.target as HTMLInputElement).value"
@@ -68,7 +72,11 @@
 						</div>
 					</div>
 
-					<EditServerIcon v-if="!data.is_medal" />
+					<EditServerIcon
+						v-if="!data.is_medal"
+						:can-edit="canWriteFiles"
+						:permission-denied-message="permissionDeniedMessage"
+					/>
 				</div>
 
 				<!-- preferences -->
@@ -145,6 +153,7 @@ import { computed, ref, watch } from 'vue'
 import { CopyCode, StyledInput, Toggle } from '#ui/components'
 import EditServerIcon from '#ui/components/servers/edit-server-icon/EditServerIcon.vue'
 import SaveBanner from '#ui/components/servers/SaveBanner.vue'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -157,6 +166,10 @@ const client = injectModrinthClient()
 const { server: data, serverId, busyReasons } = injectModrinthServerContext()
 const { featureFlags } = injectPageContext()
 const queryClient = useQueryClient()
+const { canUseAdvancedSettings, canWriteFiles, permissionDeniedMessage } = useServerPermissions()
+const advancedActionTooltip = computed(() =>
+	canUseAdvancedSettings.value ? undefined : permissionDeniedMessage.value,
+)
 
 const serverName = ref(data.value?.name)
 const serverSubdomain = ref(data.value?.net?.domain ?? '')
@@ -176,12 +189,6 @@ const isValidSubdomain = computed(() => isValidLengthSubdomain.value && isValidC
 const isUpdating = ref(false)
 const isValidServerName = computed(() => (serverName.value?.length ?? 0) > 0)
 
-watch(serverName, (newValue, oldValue) => {
-	if (!(newValue?.length ?? 0)) {
-		serverName.value = oldValue
-	}
-})
-
 // Preferences
 const preferences = {
 	hideSubdomainLabel: {
@@ -334,15 +341,21 @@ const infoProperties = computed<InfoProperty[]>(() => [
 ])
 
 // Unsaved changes tracking (API fields + preferences)
-const hasUnsavedChanges = computed(
+const hasServerSettingsChanges = computed(
 	() =>
 		(serverName.value && serverName.value !== data.value?.name) ||
-		serverSubdomain.value !== data.value?.net?.domain ||
-		JSON.stringify(newUserPreferences.value) !== JSON.stringify(userPreferences.value),
+		serverSubdomain.value !== data.value?.net?.domain,
+)
+const hasPreferenceChanges = computed(
+	() => JSON.stringify(newUserPreferences.value) !== JSON.stringify(userPreferences.value),
+)
+const hasUnsavedChanges = computed(
+	() => hasServerSettingsChanges.value || hasPreferenceChanges.value,
 )
 
 const saveGeneral = async () => {
 	if (!isValidServerName.value || !isValidSubdomain.value) return
+	if (hasServerSettingsChanges.value && !canUseAdvancedSettings.value) return
 
 	try {
 		isUpdating.value = true
diff --git a/packages/ui/src/layouts/shared/server-settings/pages/installation.vue b/packages/ui/src/layouts/shared/server-settings/pages/installation.vue
index 0485246432..15035cd77a 100644
--- a/packages/ui/src/layouts/shared/server-settings/pages/installation.vue
+++ b/packages/ui/src/layouts/shared/server-settings/pages/installation.vue
@@ -12,7 +12,10 @@
 			</div>
 		</Teleport>
 
-		<InstallationSettingsLayout ref="installationSettingsLayout" @reset-server="setupModal?.show()">
+		<InstallationSettingsLayout
+			ref="installationSettingsLayout"
+			@reset-server="showResetServerModal"
+		>
 			<template #extra>
 				<div class="flex flex-col gap-2.5">
 					<span class="text-lg font-semibold text-contrast">{{
@@ -20,7 +23,12 @@
 					}}</span>
 					<div>
 						<ButtonStyled color="red">
-							<button class="!shadow-none" :disabled="isInstalling" @click="setupModal?.show()">
+							<button
+								v-tooltip="resetServerDisabledTooltip"
+								class="!shadow-none"
+								:disabled="resetServerDisabled"
+								@click="showResetServerModal"
+							>
 								<RotateCounterClockwiseIcon class="size-5" />
 								{{ formatMessage(commonMessages.resetServerButton) }}
 							</button>
@@ -53,9 +61,10 @@
 			<div>
 				<ButtonStyled color="red">
 					<button
+						v-tooltip="supportResetToOnboardingTooltip"
 						class="!shadow-none"
-						:disabled="!worldId || isResettingToOnboarding"
-						@click="resetToOnboardingModal?.show()"
+						:disabled="supportResetToOnboardingDisabled"
+						@click="showResetToOnboardingModal"
 					>
 						<RotateCounterClockwiseIcon class="size-5" />
 						{{ formatMessage(messages.resetToOnboardingButton) }}
@@ -88,6 +97,7 @@ import {
 	UploadProgressModal,
 	useDebugLogger,
 	useModrinthServersConsole,
+	useServerPermissions,
 	useVIntl,
 } from '@modrinth/ui'
 import { useQuery, useQueryClient } from '@tanstack/vue-query'
@@ -105,6 +115,7 @@ const { formatMessage } = useVIntl()
 const serverSettings = injectServerSettings()
 const filePicker = injectFilePicker()
 const modrinthServersConsole = useModrinthServersConsole()
+const { canSetup, canResetServer, permissionDeniedMessage } = useServerPermissions()
 
 const uploadProgressModal =
 	useTemplateRef<InstanceType<typeof UploadProgressModal>>('uploadProgressModal')
@@ -204,9 +215,24 @@ const isInstalling = computed(() => {
 	)
 	return val
 })
+const setupActionDisabled = computed(() => !canSetup.value || isInstalling.value)
+const setupActionDisabledMessage = computed(() => {
+	if (!canSetup.value) return permissionDeniedMessage.value
+	return busyReasons.value.length > 0 ? formatMessage(busyReasons.value[0].reason) : null
+})
+const resetServerDisabled = computed(() => !canResetServer.value || isInstalling.value)
+const resetServerDisabledTooltip = computed(() => {
+	if (!canResetServer.value) return permissionDeniedMessage.value
+	return busyReasons.value.length > 0 ? formatMessage(busyReasons.value[0].reason) : undefined
+})
 const installationSettingsLayout = ref<InstanceType<typeof InstallationSettingsLayout>>()
 const setupModal = ref<InstanceType<typeof ServerSetupModal>>()
 
+function showResetServerModal() {
+	if (resetServerDisabled.value) return
+	setupModal.value?.show()
+}
+
 async function invalidateServerState() {
 	debug('invalidateServerState: starting')
 	await Promise.all([
@@ -245,6 +271,17 @@ const editingPlatform = ref(server.value?.loader?.toLowerCase() ?? 'vanilla')
 const editingGameVersion = ref(server.value?.mc_version ?? '')
 const resetToOnboardingModal = ref<InstanceType<typeof ConfirmModal>>()
 const isResettingToOnboarding = ref(false)
+const supportResetToOnboardingDisabled = computed(
+	() => !worldId.value || isResettingToOnboarding.value || !canResetServer.value,
+)
+const supportResetToOnboardingTooltip = computed(() =>
+	!canResetServer.value ? permissionDeniedMessage.value : undefined,
+)
+
+function showResetToOnboardingModal() {
+	if (supportResetToOnboardingDisabled.value) return
+	resetToOnboardingModal.value?.show()
+}
 
 const modLoaders = ['fabric', 'forge', 'quilt', 'neoforge']
 
@@ -396,7 +433,8 @@ provideInstallationSettings({
 		debug('isLinked:', val, 'modpack:', modpackProjectId.value)
 		return val
 	}),
-	isBusy: isInstalling,
+	isBusy: setupActionDisabled,
+	busyMessage: setupActionDisabledMessage,
 	modpack: computed(() => {
 		if (!modpack.value) return null
 		const isLocal = modpack.value.spec.platform === 'local_file'
@@ -499,6 +537,7 @@ provideInstallationSettings({
 	},
 
 	async save(platform, gameVersion, loaderVersionId) {
+		if (setupActionDisabled.value) return
 		debug('save: called with', { platform, gameVersion, loaderVersionId })
 		const currentPlatform = server.value?.loader?.toLowerCase() ?? 'vanilla'
 		const platformChanged = platform !== currentPlatform
@@ -548,6 +587,7 @@ provideInstallationSettings({
 	},
 
 	async repair() {
+		if (setupActionDisabled.value) return
 		debug('repair: called')
 		try {
 			await client.archon.content_v1.repair(serverId, worldId.value!)
@@ -568,6 +608,7 @@ provideInstallationSettings({
 	},
 
 	async reinstallModpack() {
+		if (setupActionDisabled.value) return
 		if (!modpack.value) return
 		if (modpack.value.spec.platform === 'local_file') {
 			debug('reinstallModpack: local file, opening file picker')
@@ -624,6 +665,7 @@ provideInstallationSettings({
 	},
 
 	async unlinkModpack() {
+		if (setupActionDisabled.value) return
 		debug('unlinkModpack: called')
 		const previousData = addonsQuery.data.value
 		if (previousData) {
@@ -695,6 +737,7 @@ provideInstallationSettings({
 	},
 
 	async onModpackVersionConfirm(version) {
+		if (setupActionDisabled.value) return
 		if (!modpackProjectId.value) return
 		debug('onModpackVersionConfirm: called, version:', version.id)
 		debug('onModpackVersionConfirm: emitting reinstall before API call')
@@ -741,6 +784,7 @@ provideInstallationSettings({
 	hideLoaderVersion: false,
 
 	async disableAllContent() {
+		if (setupActionDisabled.value) return
 		debug('disableAllContent: fetching all addons')
 		const addons = await client.archon.content_v1.getAddons(serverId, worldId.value!)
 		const items = (addons.addons ?? [])
@@ -754,6 +798,7 @@ provideInstallationSettings({
 	},
 
 	async disableIncompatibleContent(targetGameVersion) {
+		if (setupActionDisabled.value) return
 		debug('disableIncompatibleContent: fetching addons')
 		const addons = await client.archon.content_v1.getAddons(serverId, worldId.value!)
 		const activeAddons = (addons.addons ?? []).filter((a) => !a.disabled)
@@ -785,6 +830,7 @@ provideInstallationSettings({
 	},
 
 	async saveWithoutAutoFix(platform, gameVersion, loaderVersionId) {
+		if (setupActionDisabled.value) return
 		debug('saveWithoutAutoFix: called with', { platform, gameVersion, loaderVersionId })
 		let resolvedLoaderVersion = loaderVersionId
 		if (!resolvedLoaderVersion && platform !== 'vanilla') {
@@ -816,6 +862,7 @@ provideInstallationSettings({
 	},
 
 	async previewSave(_platform, gameVersion, _loaderVersionId, signal) {
+		if (setupActionDisabled.value) return null
 		const result = await client.archon.content_v1.getUpdateGameVersionPreview(
 			serverId,
 			worldId.value!,
@@ -855,6 +902,7 @@ watch(
 )
 
 function onReinstall(event?: unknown) {
+	if (resetServerDisabled.value) return
 	installationSettingsLayout.value?.cancelEditing()
 	modrinthServersConsole.clear()
 	queryClient.removeQueries({ queryKey: ['servers', 'ws-state', serverId] })
@@ -863,6 +911,7 @@ function onReinstall(event?: unknown) {
 }
 
 function onBrowseModpacks() {
+	if (resetServerDisabled.value) return
 	debug('onBrowseModpacks: navigating to modpack discovery')
 	serverSettings.browseModpacks({
 		serverId,
@@ -872,7 +921,7 @@ function onBrowseModpacks() {
 }
 
 async function confirmResetToOnboarding() {
-	if (!worldId.value) return
+	if (supportResetToOnboardingDisabled.value || !worldId.value) return
 
 	try {
 		isResettingToOnboarding.value = true
diff --git a/packages/ui/src/layouts/shared/server-settings/pages/network.vue b/packages/ui/src/layouts/shared/server-settings/pages/network.vue
index 64906262f5..dd8091b289 100644
--- a/packages/ui/src/layouts/shared/server-settings/pages/network.vue
+++ b/packages/ui/src/layouts/shared/server-settings/pages/network.vue
@@ -9,8 +9,10 @@
 							id="edit-allocation-name"
 							ref="editAllocationInput"
 							v-model="editAllocationName"
+							v-tooltip="advancedActionTooltip"
 							wrapper-class="w-full"
 							:maxlength="32"
+							:disabled="!canUseAdvancedSettings"
 							placeholder="e.g. Secondary allocation"
 						/>
 						<div class="mb-1 mt-4 flex justify-end gap-2.5">
@@ -18,7 +20,11 @@
 								<button @click="editAllocationModal?.hide()">Cancel</button>
 							</ButtonStyled>
 							<ButtonStyled color="brand">
-								<button :disabled="!editAllocationName || creatingAllocation" type="submit">
+								<button
+									v-tooltip="advancedActionTooltip"
+									:disabled="!editAllocationName || creatingAllocation || !canUseAdvancedSettings"
+									type="submit"
+								>
 									<SaveIcon /> Update allocation
 								</button>
 							</ButtonStyled>
@@ -70,15 +76,17 @@
 						<div class="flex w-full flex-col items-center justify-start gap-2 sm:flex-row">
 							<StyledInput
 								v-model="createAllocationName"
+								v-tooltip="advancedActionTooltip"
 								wrapper-class="grow max-w-[400px]"
 								:maxlength="32"
+								:disabled="!canUseAdvancedSettings"
 								placeholder="e.g. Secondary allocation"
 							/>
 
 							<ButtonStyled color="brand">
 								<button
-									v-tooltip="!createAllocationName ? 'Enter a name to create an allocation' : ''"
-									:disabled="!createAllocationName || creatingAllocation"
+									v-tooltip="createAllocationTooltip"
+									:disabled="!createAllocationName || creatingAllocation || !canUseAdvancedSettings"
 									@click="addNewAllocation"
 								>
 									<PlusIcon />
@@ -104,12 +112,20 @@
 									</ButtonStyled>
 									<template v-if="!row.primary">
 										<ButtonStyled type="transparent" circular>
-											<button @click="showEditAllocationModal(row.port)">
+											<button
+												v-tooltip="advancedActionTooltip"
+												:disabled="!canUseAdvancedSettings"
+												@click="showEditAllocationModal(row.port)"
+											>
 												<PencilIcon />
 											</button>
 										</ButtonStyled>
 										<ButtonStyled type="outlined" circular color="red">
-											<button @click="showConfirmDeleteModal(row.port)">
+											<button
+												v-tooltip="advancedActionTooltip"
+												:disabled="!canUseAdvancedSettings"
+												@click="showConfirmDeleteModal(row.port)"
+											>
 												<TrashIcon />
 											</button>
 										</ButtonStyled>
@@ -209,6 +225,7 @@ import { computed, nextTick, ref } from 'vue'
 
 import { ButtonStyled, ConfirmModal, NewModal, StyledInput, Table, TagItem } from '#ui/components'
 import type { TableColumn } from '#ui/components/base'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -219,6 +236,7 @@ const { addNotification } = injectNotificationManager()
 const { server, serverId } = injectModrinthServerContext()
 const client = injectModrinthClient()
 const queryClient = useQueryClient()
+const { canUseAdvancedSettings, permissionDeniedMessage } = useServerPermissions()
 
 const data = server
 
@@ -271,8 +289,17 @@ const editAllocationName = ref('')
 const newAllocationPort = ref(0)
 const allocationToDelete = ref<number | null>(null)
 const creatingAllocation = ref(false)
+const advancedActionTooltip = computed(() =>
+	canUseAdvancedSettings.value ? undefined : permissionDeniedMessage.value,
+)
+const createAllocationTooltip = computed(() => {
+	if (!canUseAdvancedSettings.value) return permissionDeniedMessage.value
+	if (!createAllocationName.value) return 'Enter a name to create an allocation'
+	return undefined
+})
 
 const addNewAllocation = async () => {
+	if (!canUseAdvancedSettings.value) return
 	if (!createAllocationName.value) return
 	creatingAllocation.value = true
 
@@ -295,6 +322,7 @@ const addNewAllocation = async () => {
 }
 
 const showEditAllocationModal = (port: number) => {
+	if (!canUseAdvancedSettings.value) return
 	newAllocationPort.value = port
 	editAllocationName.value = allocations.value?.find((a) => a.port === port)?.name ?? ''
 	editAllocationModal.value?.show()
@@ -306,11 +334,13 @@ const showEditAllocationModal = (port: number) => {
 }
 
 const showConfirmDeleteModal = (port: number) => {
+	if (!canUseAdvancedSettings.value) return
 	allocationToDelete.value = port
 	confirmDeleteModal.value?.show()
 }
 
 const confirmDeleteAllocation = async () => {
+	if (!canUseAdvancedSettings.value) return
 	if (allocationToDelete.value === null) return
 
 	await client.archon.servers_v0.deleteAllocation(serverId, allocationToDelete.value)
@@ -326,6 +356,7 @@ const confirmDeleteAllocation = async () => {
 }
 
 const editAllocation = async () => {
+	if (!canUseAdvancedSettings.value) return
 	if (!editAllocationName.value) return
 	creatingAllocation.value = true
 
diff --git a/packages/ui/src/layouts/shared/server-settings/pages/properties.vue b/packages/ui/src/layouts/shared/server-settings/pages/properties.vue
index 721d97fa22..e40efe2538 100644
--- a/packages/ui/src/layouts/shared/server-settings/pages/properties.vue
+++ b/packages/ui/src/layouts/shared/server-settings/pages/properties.vue
@@ -56,6 +56,8 @@
 										v-model="combinedGamemode"
 										:items="gamemodeItems"
 										:format-label="capitalize"
+										:disabled-items="canUseAdvancedSettings ? [] : gamemodeItems"
+										:disabled-tooltip="permissionDeniedMessage"
 									/>
 								</div>
 
@@ -68,6 +70,8 @@
 										v-model="selectedDifficulty"
 										:items="difficultyItems"
 										:format-label="capitalize"
+										:disabled-items="canUseAdvancedSettings ? [] : difficultyItems"
+										:disabled-tooltip="permissionDeniedMessage"
 									/>
 								</div>
 
@@ -75,10 +79,12 @@
 									<span class="font-semibold text-contrast">Max players</span>
 									<StyledInput
 										id="server-property-max-players"
+										v-tooltip="advancedActionTooltip"
 										:model-value="liveProperties.max_players"
 										type="number"
 										placeholder="20"
 										wrapper-class="w-full max-w-[450px]"
+										:disabled="!canUseAdvancedSettings"
 										@update:model-value="liveProperties.max_players = String($event)"
 									/>
 								</div>
@@ -88,8 +94,10 @@
 									<StyledInput
 										id="server-property-motd"
 										v-model="liveProperties.motd"
+										v-tooltip="advancedActionTooltip"
 										placeholder="A Minecraft Server"
 										wrapper-class="w-full max-w-[450px]"
+										:disabled="!canUseAdvancedSettings"
 									/>
 								</div>
 
@@ -100,7 +108,9 @@
 									<span class="font-semibold text-contrast">Allow flight</span>
 									<Toggle
 										id="server-property-allow-flight"
+										v-tooltip="advancedActionTooltip"
 										:model-value="liveProperties.allow_flight === 'true'"
+										:disabled="!canUseAdvancedSettings"
 										@update:model-value="liveProperties.allow_flight = $event ? 'true' : 'false'"
 									/>
 								</div>
@@ -112,7 +122,9 @@
 									<span class="font-semibold text-contrast">Allow cheats</span>
 									<Toggle
 										id="server-property-allow-cheats"
+										v-tooltip="advancedActionTooltip"
 										:model-value="liveProperties.allow_cheats === 'true'"
+										:disabled="!canUseAdvancedSettings"
 										@update:model-value="liveProperties.allow_cheats = $event ? 'true' : 'false'"
 									/>
 								</div>
@@ -122,7 +134,12 @@
 									class="flex flex-row items-center justify-between gap-4 h-10"
 								>
 									<span class="font-semibold text-contrast">Enable whitelist</span>
-									<Toggle id="server-property-whitelist" v-model="whitelistEnabled" />
+									<Toggle
+										id="server-property-whitelist"
+										v-model="whitelistEnabled"
+										v-tooltip="advancedActionTooltip"
+										:disabled="!canUseAdvancedSettings"
+									/>
 								</div>
 
 								<div
@@ -133,6 +150,8 @@
 									<Toggle
 										id="server-property-spawn-protection-toggle"
 										v-model="spawnProtectionEnabled"
+										v-tooltip="advancedActionTooltip"
+										:disabled="!canUseAdvancedSettings"
 									/>
 								</div>
 
@@ -143,10 +162,12 @@
 									<span class="font-semibold text-contrast">Protection radius</span>
 									<StyledInput
 										id="server-property-spawn-protection-radius"
+										v-tooltip="advancedActionTooltip"
 										:model-value="liveProperties.spawn_protection"
 										type="number"
 										wrapper-class="w-full sm:w-[100px]"
 										input-class="text-right"
+										:disabled="!canUseAdvancedSettings"
 										@update:model-value="liveProperties.spawn_protection = String($event)"
 									/>
 								</div>
@@ -188,8 +209,10 @@
 												>
 													<Toggle
 														:id="`server-property-${key}`"
+														v-tooltip="advancedActionTooltip"
 														:model-value="liveProperties[key] === 'true'"
 														:aria-labelledby="`property-label-${key}`"
+														:disabled="!canUseAdvancedSettings"
 														@update:model-value="liveProperties[key] = $event ? 'true' : 'false'"
 													/>
 												</div>
@@ -199,11 +222,13 @@
 												>
 													<StyledInput
 														:id="`server-property-${key}`"
+														v-tooltip="advancedActionTooltip"
 														:model-value="liveProperties[key]"
 														type="number"
 														placeholder="Type here..."
 														wrapper-class="w-full"
 														:aria-labelledby="`property-label-${key}`"
+														:disabled="!canUseAdvancedSettings"
 														@update:model-value="liveProperties[key] = String($event)"
 													/>
 												</div>
@@ -211,9 +236,11 @@
 													<StyledInput
 														:id="`server-property-${key}`"
 														v-model="liveProperties[key]"
+														v-tooltip="advancedActionTooltip"
 														placeholder="Type here..."
 														wrapper-class="w-full"
 														:aria-labelledby="`property-label-${key}`"
+														:disabled="!canUseAdvancedSettings"
 													/>
 												</div>
 											</div>
@@ -253,7 +280,7 @@
 			:is-visible="hasUnsavedChanges || isUpdating"
 			:server-id="serverId"
 			:is-updating="isUpdating || busyReasons.length > 0"
-			restart
+			:restart="canUsePowerActions"
 			:save="
 				async () => {
 					await saveProperties()
@@ -273,6 +300,7 @@ import { computed, ref, watch } from 'vue'
 
 import { Accordion, Admonition, AutoLink, Chips, StyledInput, Toggle } from '#ui/components'
 import SaveBanner from '#ui/components/servers/SaveBanner.vue'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import { injectServerSettings } from '#ui/layouts/shared/server-settings'
 import {
 	injectModrinthClient,
@@ -284,6 +312,11 @@ const { addNotification } = injectNotificationManager()
 const client = injectModrinthClient()
 const { serverId, worldId, powerState, busyReasons } = injectModrinthServerContext()
 const queryClient = useQueryClient()
+const { canUseAdvancedSettings, canUsePowerActions, permissionDeniedMessage } =
+	useServerPermissions()
+const advancedActionTooltip = computed(() =>
+	canUseAdvancedSettings.value ? undefined : permissionDeniedMessage.value,
+)
 const filesTabLink = computed(
 	() => `/hosting/manage/${encodeURIComponent(serverId)}/files?path=/&editing=server.properties`,
 )
@@ -486,7 +519,7 @@ function buildPatch(): Archon.Content.v1.PatchPropertiesFields {
 	return patch
 }
 
-const { mutateAsync: saveProperties, isPending: isUpdating } = useMutation({
+const { mutateAsync: savePropertiesMutation, isPending: isUpdating } = useMutation({
 	mutationFn: () =>
 		client.archon.properties_v1.patchProperties(serverId, worldId.value!, buildPatch()),
 	onSuccess: async () => {
@@ -507,6 +540,11 @@ const { mutateAsync: saveProperties, isPending: isUpdating } = useMutation({
 	},
 })
 
+async function saveProperties() {
+	if (!canUseAdvancedSettings.value) return
+	await savePropertiesMutation()
+}
+
 function resetProperties() {
 	syncFormFromData()
 }
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/[id]/onboarding.vue b/packages/ui/src/layouts/wrapped/hosting/manage/[id]/onboarding.vue
index c1ad2947f1..bcdebf6392 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/[id]/onboarding.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/[id]/onboarding.vue
@@ -49,7 +49,12 @@
 				</button>
 			</ButtonStyled>
 			<ButtonStyled v-else color="brand" size="large">
-				<button class="ml-auto" @click="openModal">
+				<button
+					v-tooltip="!canSetup ? permissionDeniedMessage : undefined"
+					class="ml-auto"
+					:disabled="!canSetup"
+					@click="openModal"
+				>
 					{{ formatMessage(messages.setupServerButton) }} <RightArrowIcon />
 				</button>
 			</ButtonStyled>
@@ -62,6 +67,8 @@
 			:show-snapshot-toggle="true"
 			:search-modpacks="searchModpacks"
 			:get-project-versions="getProjectVersions"
+			:finish-disabled="!canSetup"
+			:finish-disabled-tooltip="!canSetup ? permissionDeniedMessage : undefined"
 			@hide="() => {}"
 			@browse-modpacks="onBrowseModpacks"
 			@create="onCreate"
@@ -77,6 +84,7 @@ import {
 	defineMessages,
 	injectModrinthClient,
 	injectNotificationManager,
+	useServerPermissions,
 	useVIntl,
 } from '@modrinth/ui'
 import { useQueryClient } from '@tanstack/vue-query'
@@ -90,6 +98,7 @@ import { injectModrinthServerContext } from '#ui/providers'
 const client = injectModrinthClient()
 const { addNotification } = injectNotificationManager()
 const { formatMessage } = useVIntl()
+const { canSetup, permissionDeniedMessage } = useServerPermissions()
 
 const messages = defineMessages({
 	welcomeTitle: {
@@ -196,11 +205,16 @@ const uploadPercent = computed(() =>
 	totalBytes.value > 0 ? Math.round((uploadedBytes.value / totalBytes.value) * 100) : 0,
 )
 
-const openModal = () => modalRef.value?.show()
+const openModal = () => {
+	if (!canSetup.value) return
+	modalRef.value?.show()
+}
 
 onBeforeUnmount(() => modalRef.value?.hide())
 
 function onBrowseModpacks() {
+	if (!canSetup.value) return
+
 	if (props.browseModpacks) {
 		props.browseModpacks({
 			serverId,
@@ -217,6 +231,11 @@ function onBrowseModpacks() {
 }
 
 onMounted(async () => {
+	if (!canSetup.value && route.query.resumeModal) {
+		router.replace({ query: {} })
+		return
+	}
+
 	if (route.query.resumeModal === 'setup-type') {
 		router.replace({ query: {} })
 		openModal()
@@ -263,6 +282,11 @@ function toApiLoader(loader: string): Archon.Content.v1.Modloader {
 }
 
 const onCreate = async (config: CreationFlowContextValue) => {
+	if (!canSetup.value) {
+		config.loading.value = false
+		return
+	}
+
 	// Handle mrpack file upload
 	if (config.setupType.value === 'modpack' && config.modpackFile.value) {
 		modalRef.value?.hide()
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/access.vue b/packages/ui/src/layouts/wrapped/hosting/manage/access.vue
new file mode 100644
index 0000000000..3e56d393bf
--- /dev/null
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/access.vue
@@ -0,0 +1,1509 @@
+<template>
+	<div class="flex flex-col gap-4">
+		<div class="flex flex-col gap-2 md:flex-row">
+			<StyledInput
+				v-model="memberSearch"
+				:icon="SearchIcon"
+				:placeholder="formatMessage(messages.searchUsersPlaceholder, { count: members.length })"
+				wrapper-class="min-w-0 flex-1"
+				input-class="!h-10"
+				clearable
+			/>
+			<div class="flex shrink-0 gap-2 flex-wrap md:flex-nowrap">
+				<Combobox
+					v-model="roleFilter"
+					:options="roleFilterOptions"
+					:display-value="selectedRoleFilterLabel"
+					trigger-class="min-w-[225px]"
+				>
+					<template #prefix>
+						<FilterIcon class="size-5 text-secondary" aria-hidden="true" />
+					</template>
+				</Combobox>
+				<ButtonStyled color="brand">
+					<button
+						v-tooltip="manageUsersActionTooltip"
+						class="!h-10 w-full md:w-fit"
+						:disabled="!canManageUsers"
+						@click="grantAccessModal?.show($event)"
+					>
+						<UserPlusIcon aria-hidden="true" />
+						{{ formatMessage(messages.inviteFriends) }}
+					</button>
+				</ButtonStyled>
+			</div>
+		</div>
+
+		<AccessTable
+			:members="filteredMembers"
+			:roles="roleOptions"
+			:can-manage-users="canManageUsers"
+			:permission-denied-message="permissionDeniedMessage"
+			@update-role="updateMemberRole"
+			@resend-invite="resendInvite"
+			@cancel-invite="requestCancelInvite"
+			@remove-member="requestRemoveMember"
+		/>
+
+		<div class="flex flex-col gap-4">
+			<span class="m-0 text-2xl font-semibold text-contrast">
+				{{ formatMessage(messages.activityLogTitle) }}
+			</span>
+			<AuditLogTable
+				v-model:sort-direction="auditLogSortDirection"
+				v-model:timeframe-mode="auditLogTimeframeMode"
+				v-model:timeframe-preset="auditLogTimeframePreset"
+				v-model:timeframe-last-amount="auditLogTimeframeLastAmount"
+				v-model:timeframe-last-unit="auditLogTimeframeLastUnit"
+				v-model:timeframe-custom-start-date="auditLogTimeframeCustomStartDate"
+				v-model:timeframe-custom-end-date="auditLogTimeframeCustomEndDate"
+				:entries="auditEntries"
+				:has-active-external-filters="hasActiveAuditLogFilters"
+				:has-more="hasMoreActionLogEntries"
+				:loading="isActionLogFiltering"
+				:loading-more="isLoadingMoreActionLogEntries"
+				:show-world-column="showAuditLogInstances"
+				:suppress-row-transitions="isActionLogSortTransitioning"
+				@load-more="loadMoreActionLogEntries"
+			>
+				<template #filters>
+					<DropdownFilterBar
+						v-model="auditLogFilters"
+						:categories="auditLogFilterCategories"
+						:add-label="formatMessage(messages.addFilter)"
+						:clear-label="formatMessage(messages.clearFilters)"
+						:empty-options-label="formatMessage(messages.emptyFilterOptions)"
+						:empty-search-label="formatMessage(messages.emptyFilterSearch)"
+						apply-immediately
+						use-filter-icon
+					/>
+				</template>
+			</AuditLogTable>
+		</div>
+
+		<GrantAccessModal
+			ref="grantAccessModal"
+			:members="members"
+			:resolve-user="resolveInviteUser"
+			:can-grant="canManageUsers"
+			:permission-denied-message="permissionDeniedMessage"
+			@grant="grantAccess"
+		/>
+		<RemoveAccessModal
+			ref="removeMemberConfirmModal"
+			:username="pendingRemovalMember?.user.username ?? ''"
+			:avatar-url="pendingRemovalMember?.user.avatarUrl"
+			:role="pendingRemovalMember?.role"
+			:joined-at="pendingRemovalMember?.joinedAt"
+			:pending="pendingRemovalMember?.pending"
+			:should-cancel="shouldCancelInvite"
+			:can-remove="canManageUsers"
+			:permission-denied-message="permissionDeniedMessage"
+			@remove="confirmAccessRemoval"
+		/>
+	</div>
+</template>
+
+<script setup lang="ts">
+import type { Archon, Labrinth } from '@modrinth/api-client'
+import { FilterIcon, SearchIcon, UserPlusIcon } from '@modrinth/assets'
+import { useInfiniteQuery, useQuery, useQueryClient } from '@tanstack/vue-query'
+import { computed, onBeforeUnmount, ref, watch } from 'vue'
+
+import ButtonStyled from '#ui/components/base/ButtonStyled.vue'
+import Combobox, { type ComboboxOption } from '#ui/components/base/Combobox.vue'
+import DropdownFilterBar, {
+	type DropdownFilterBarCategory,
+	type DropdownFilterBarOption,
+} from '#ui/components/base/DropdownFilterBar.vue'
+import StyledInput from '#ui/components/base/StyledInput.vue'
+import type {
+	TimeFrameLastUnit,
+	TimeFrameMode,
+	TimeFramePreset,
+} from '#ui/components/base/TimeFramePicker.vue'
+import {
+	AccessTable,
+	apiPermissionsToAccessRole,
+	AuditLogTable,
+	GrantAccessModal,
+	type GrantServerAccessPayload,
+	RemoveAccessModal,
+	type ServerAccessInviteSuggestion,
+	type ServerAccessMember,
+	type ServerAccessRole,
+	type ServerAccessRoleOption,
+	type ServerAuditLogEntry,
+} from '#ui/components/servers/access'
+import { parseAuditEvent } from '#ui/components/servers/access/events'
+import { defineMessages, useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
+import {
+	injectModrinthClient,
+	injectModrinthServerContext,
+	injectNotificationManager,
+} from '#ui/providers'
+
+type RoleFilter = ServerAccessRole | 'all'
+type AuditLogFilterKey = 'users' | 'worlds' | 'actions'
+
+const props = withDefaults(
+	defineProps<{
+		showAuditLogInstances?: boolean
+	}>(),
+	{
+		showAuditLogInstances: true,
+	},
+)
+const showAuditLogInstances = computed(() => props.showAuditLogInstances)
+
+const ACTION_LOG_PAGE_SIZE = 200
+const ACTION_LOG_FILTER_OVERLAY_MS = 750
+const SUPPORT_ACTION_LOG_USER_FILTER = 'support'
+const SERVER_SCOPED_ACTION_LOG_WORLD_FILTER = '__server_scoped__'
+
+const { formatMessage } = useVIntl()
+const client = injectModrinthClient()
+const { serverId, serverFull } = injectModrinthServerContext()
+const { addNotification } = injectNotificationManager()
+const queryClient = useQueryClient()
+const grantAccessModal = ref<InstanceType<typeof GrantAccessModal> | null>(null)
+const removeMemberConfirmModal = ref<InstanceType<typeof RemoveAccessModal> | null>(null)
+const pendingRemovalMember = ref<ServerAccessMember | null>(null)
+const shouldCancelInvite = ref(false)
+const editorScopes = [
+	'BASE_READ',
+	'POWER_ACTIONS',
+	'FILES_WRITE',
+	'SETUP',
+	'BACKUPS',
+	'ADVANCED',
+] as const
+const viewerScopes = ['BASE_READ', 'POWER_ACTIONS'] as const
+
+const { canManageUsers, permissionDeniedMessage } = useServerPermissions()
+const manageUsersActionTooltip = computed(() =>
+	canManageUsers.value ? undefined : permissionDeniedMessage.value,
+)
+
+const messages = defineMessages({
+	searchUsersPlaceholder: {
+		id: 'servers.access-page.search-users-placeholder',
+		defaultMessage: 'Search {count} {count, plural, one {user} other {users}}...',
+	},
+	inviteFriends: {
+		id: 'servers.access-page.invite-friends',
+		defaultMessage: 'Add user',
+	},
+	activityLogTitle: {
+		id: 'servers.access-page.activity-log-title',
+		defaultMessage: 'Activity log',
+	},
+	addFilter: {
+		id: 'servers.access-page.activity-log-filter.add',
+		defaultMessage: 'Add filter',
+	},
+	clearFilters: {
+		id: 'servers.access-page.activity-log-filter.clear',
+		defaultMessage: 'Clear filters',
+	},
+	emptyFilterOptions: {
+		id: 'servers.access-page.activity-log-filter.empty-options',
+		defaultMessage: 'No options available.',
+	},
+	emptyFilterSearch: {
+		id: 'servers.access-page.activity-log-filter.empty-search',
+		defaultMessage: 'No options found.',
+	},
+	userFilter: {
+		id: 'servers.access-page.activity-log-filter.users',
+		defaultMessage: 'User',
+	},
+	supportActor: {
+		id: 'servers.access-page.activity-log-filter.support-actor',
+		defaultMessage: 'Support',
+	},
+	instanceFilter: {
+		id: 'servers.access-page.activity-log-filter.instances',
+		defaultMessage: 'Instances',
+	},
+	serverScopedInstance: {
+		id: 'servers.access-page.activity-log-filter.server-scoped-instance',
+		defaultMessage: 'Server',
+	},
+	actionTypeFilter: {
+		id: 'servers.access-page.activity-log-filter.action-types',
+		defaultMessage: 'Action types',
+	},
+	actionTypeFilterSearch: {
+		id: 'servers.access-page.activity-log-filter.action-types-search',
+		defaultMessage: 'Search action types...',
+	},
+	server_created: {
+		id: 'servers.access-page.activity-log-filter.action.server-created',
+		defaultMessage: 'Created server',
+	},
+	changed_server_name: {
+		id: 'servers.access-page.activity-log-filter.action.changed-server-name',
+		defaultMessage: 'Changed server name',
+	},
+	changed_server_subdomain: {
+		id: 'servers.access-page.activity-log-filter.action.changed-server-subdomain',
+		defaultMessage: 'Changed server subdomain',
+	},
+	server_reallocated: {
+		id: 'servers.access-page.activity-log-filter.action.server-reallocated',
+		defaultMessage: 'Reallocated server',
+	},
+	server_plan_changed: {
+		id: 'servers.access-page.activity-log-filter.action.server-plan-changed',
+		defaultMessage: 'Changed plan',
+	},
+	user_invited: {
+		id: 'servers.access-page.activity-log-filter.action.user-invited',
+		defaultMessage: 'Invited user',
+	},
+	user_invite_revoked: {
+		id: 'servers.access-page.activity-log-filter.action.user-invite-revoked',
+		defaultMessage: 'Revoked user invite',
+	},
+	user_permission_modified: {
+		id: 'servers.access-page.activity-log-filter.action.user-permission-modified',
+		defaultMessage: 'Changed user permissions',
+	},
+	user_removed: {
+		id: 'servers.access-page.activity-log-filter.action.user-removed',
+		defaultMessage: 'Removed user',
+	},
+	addon_added: {
+		id: 'servers.access-page.activity-log-filter.action.addon-added',
+		defaultMessage: 'Added content',
+	},
+	addon_uploaded: {
+		id: 'servers.access-page.activity-log-filter.action.addon-uploaded',
+		defaultMessage: 'Uploaded content',
+	},
+	addon_disabled: {
+		id: 'servers.access-page.activity-log-filter.action.addon-disabled',
+		defaultMessage: 'Disabled content',
+	},
+	addon_enabled: {
+		id: 'servers.access-page.activity-log-filter.action.addon-enabled',
+		defaultMessage: 'Enabled content',
+	},
+	addon_deleted: {
+		id: 'servers.access-page.activity-log-filter.action.addon-deleted',
+		defaultMessage: 'Deleted content',
+	},
+	addon_updated: {
+		id: 'servers.access-page.activity-log-filter.action.addon-updated',
+		defaultMessage: 'Updated content',
+	},
+	modpack_changed: {
+		id: 'servers.access-page.activity-log-filter.action.modpack-changed',
+		defaultMessage: 'Changed modpack',
+	},
+	modpack_unlinked: {
+		id: 'servers.access-page.activity-log-filter.action.modpack-unlinked',
+		defaultMessage: 'Unlinked modpack',
+	},
+	server_repaired: {
+		id: 'servers.access-page.activity-log-filter.action.server-repaired',
+		defaultMessage: 'Repaired server',
+	},
+	server_reset: {
+		id: 'servers.access-page.activity-log-filter.action.server-reset',
+		defaultMessage: 'Reset server',
+	},
+	server_started: {
+		id: 'servers.access-page.activity-log-filter.action.server-started',
+		defaultMessage: 'Started server',
+	},
+	server_stopped: {
+		id: 'servers.access-page.activity-log-filter.action.server-stopped',
+		defaultMessage: 'Stopped server',
+	},
+	server_restarted: {
+		id: 'servers.access-page.activity-log-filter.action.server-restarted',
+		defaultMessage: 'Restarted server',
+	},
+	server_killed: {
+		id: 'servers.access-page.activity-log-filter.action.server-killed',
+		defaultMessage: 'Killed server',
+	},
+	port_allocation_added: {
+		id: 'servers.access-page.activity-log-filter.action.port-allocation-added',
+		defaultMessage: 'Added port allocation',
+	},
+	port_allocation_removed: {
+		id: 'servers.access-page.activity-log-filter.action.port-allocation-removed',
+		defaultMessage: 'Removed port allocation',
+	},
+	loader_version_edited: {
+		id: 'servers.access-page.activity-log-filter.action.loader-version-edited',
+		defaultMessage: 'Changed loader version',
+	},
+	game_version_edited: {
+		id: 'servers.access-page.activity-log-filter.action.game-version-edited',
+		defaultMessage: 'Changed Minecraft version',
+	},
+	server_properties_modified: {
+		id: 'servers.access-page.activity-log-filter.action.server-properties-modified',
+		defaultMessage: 'Modified server properties',
+	},
+	file_uploaded: {
+		id: 'servers.access-page.activity-log-filter.action.file-uploaded',
+		defaultMessage: 'Uploaded file',
+	},
+	file_deleted: {
+		id: 'servers.access-page.activity-log-filter.action.file-deleted',
+		defaultMessage: 'Deleted file',
+	},
+	file_renamed: {
+		id: 'servers.access-page.activity-log-filter.action.file-renamed',
+		defaultMessage: 'Renamed file',
+	},
+	file_edited: {
+		id: 'servers.access-page.activity-log-filter.action.file-edited',
+		defaultMessage: 'Edited file',
+	},
+	sftp_login: {
+		id: 'servers.access-page.activity-log-filter.action.sftp-login',
+		defaultMessage: 'Logged in via SFTP',
+	},
+	console_command_executed: {
+		id: 'servers.access-page.activity-log-filter.action.console-command-executed',
+		defaultMessage: 'Ran console command',
+	},
+	console_cleared: {
+		id: 'servers.access-page.activity-log-filter.action.console-cleared',
+		defaultMessage: 'Cleared console',
+	},
+	backup_created: {
+		id: 'servers.access-page.activity-log-filter.action.backup-created',
+		defaultMessage: 'Created backup',
+	},
+	backup_renamed: {
+		id: 'servers.access-page.activity-log-filter.action.backup-renamed',
+		defaultMessage: 'Renamed backup',
+	},
+	backup_restored: {
+		id: 'servers.access-page.activity-log-filter.action.backup-restored',
+		defaultMessage: 'Restored backup',
+	},
+	backup_deleted: {
+		id: 'servers.access-page.activity-log-filter.action.backup-deleted',
+		defaultMessage: 'Deleted backup',
+	},
+	startup_command_modified: {
+		id: 'servers.access-page.activity-log-filter.action.startup-command-modified',
+		defaultMessage: 'Changed startup command',
+	},
+	java_runtime_modified: {
+		id: 'servers.access-page.activity-log-filter.action.java-runtime-modified',
+		defaultMessage: 'Changed Java runtime',
+	},
+	java_version_modified: {
+		id: 'servers.access-page.activity-log-filter.action.java-version-modified',
+		defaultMessage: 'Changed Java version',
+	},
+	allRoles: {
+		id: 'servers.access-page.role-filter.all',
+		defaultMessage: 'All',
+	},
+	selectedRoleFilter: {
+		id: 'servers.access-page.role-filter.selected',
+		defaultMessage: 'Role: {role}',
+	},
+	ownerRole: {
+		id: 'servers.access-page.role.owner',
+		defaultMessage: 'Owner',
+	},
+	ownerDescription: {
+		id: 'servers.access-page.role.owner-description',
+		defaultMessage: 'Full access including billing, members, and destructive actions.',
+	},
+	editorRole: {
+		id: 'servers.access-page.role.editor',
+		defaultMessage: 'Editor',
+	},
+	editorDescription: {
+		id: 'servers.access-page.role.editor-description',
+		defaultMessage: 'Manage instance content, files, backups, and other settings.',
+	},
+	viewerRole: {
+		id: 'servers.access-page.role.viewer',
+		defaultMessage: 'Limited',
+	},
+	viewerDescription: {
+		id: 'servers.access-page.role.viewer-description',
+		defaultMessage: 'Start, stop, and view the server without making changes.',
+	},
+	inviteSentTitle: {
+		id: 'servers.access-page.notification.invite-sent.title',
+		defaultMessage: 'Invite sent',
+	},
+	inviteSentText: {
+		id: 'servers.access-page.notification.invite-sent.text',
+		defaultMessage: 'Invited {target} as {role}.',
+	},
+	inviteResentTitle: {
+		id: 'servers.access-page.notification.invite-resent.title',
+		defaultMessage: 'Invite resent',
+	},
+	inviteResentText: {
+		id: 'servers.access-page.notification.invite-resent.text',
+		defaultMessage: 'Sent another invite to {target}.',
+	},
+	inviteCancelledTitle: {
+		id: 'servers.access-page.notification.invite-cancelled.title',
+		defaultMessage: 'Invite cancelled',
+	},
+	inviteCancelledText: {
+		id: 'servers.access-page.notification.invite-cancelled.text',
+		defaultMessage: 'Cancelled the invite for {target}.',
+	},
+	memberRemovedTitle: {
+		id: 'servers.access-page.notification.member-removed.title',
+		defaultMessage: 'Access removed',
+	},
+	memberRemovedText: {
+		id: 'servers.access-page.notification.member-removed.text',
+		defaultMessage: 'Removed {target} from this server.',
+	},
+	loadFailedTitle: {
+		id: 'servers.access-page.notification.load-failed.title',
+		defaultMessage: 'Access could not be loaded',
+	},
+	loadFailedText: {
+		id: 'servers.access-page.notification.load-failed.text',
+		defaultMessage: 'Refresh the page to try again.',
+	},
+	userLookupFailedTitle: {
+		id: 'servers.access-page.notification.user-lookup-failed.title',
+		defaultMessage: 'User could not be found',
+	},
+	userLookupFailedText: {
+		id: 'servers.access-page.notification.user-lookup-failed.text',
+		defaultMessage: 'Could not find {target}. Check the username and try again.',
+	},
+	inviteFailedTitle: {
+		id: 'servers.access-page.notification.invite-failed.title',
+		defaultMessage: 'Invite could not be sent',
+	},
+	friendRequestFailedTitle: {
+		id: 'servers.access-page.notification.friend-request-failed.title',
+		defaultMessage: 'Friend request could not be sent',
+	},
+	removeFailedTitle: {
+		id: 'servers.access-page.notification.remove-failed.title',
+		defaultMessage: 'Access could not be removed',
+	},
+	roleUpdateFailedTitle: {
+		id: 'servers.access-page.notification.role-update-failed.title',
+		defaultMessage: 'Role could not be updated',
+	},
+})
+
+const actionLogActionNames = [
+	'server_created',
+	'changed_server_name',
+	'changed_server_subdomain',
+	'server_reallocated',
+	'server_plan_changed',
+	'user_invited',
+	'user_invite_revoked',
+	'user_permission_modified',
+	'user_removed',
+	'addon_added',
+	'addon_uploaded',
+	'addon_disabled',
+	'addon_enabled',
+	'addon_deleted',
+	'addon_updated',
+	'modpack_changed',
+	'modpack_unlinked',
+	'server_repaired',
+	'server_reset',
+	'server_started',
+	'server_stopped',
+	'server_restarted',
+	'server_killed',
+	'port_allocation_added',
+	'port_allocation_removed',
+	'loader_version_edited',
+	'game_version_edited',
+	'server_properties_modified',
+	'file_uploaded',
+	'file_deleted',
+	'file_renamed',
+	'file_edited',
+	'sftp_login',
+	'console_command_executed',
+	'console_cleared',
+	'backup_created',
+	'backup_renamed',
+	'backup_restored',
+	'backup_deleted',
+	'startup_command_modified',
+	'java_runtime_modified',
+	'java_version_modified',
+] as const satisfies readonly Archon.Actions.v1.ActionName[]
+type ActionLogFilterActionName = (typeof actionLogActionNames)[number]
+const actionLogActionNameSet = new Set<string>(actionLogActionNames)
+
+const roleOptions = computed<ServerAccessRoleOption[]>(() => [
+	{
+		value: 'owner',
+		label: formatMessage(messages.ownerRole),
+		description: formatMessage(messages.ownerDescription),
+	},
+	{
+		value: 'editor',
+		label: formatMessage(messages.editorRole),
+		description: formatMessage(messages.editorDescription),
+	},
+	{
+		value: 'viewer',
+		label: formatMessage(messages.viewerRole),
+		description: formatMessage(messages.viewerDescription),
+	},
+])
+
+const roleFilterOptions = computed<ComboboxOption<RoleFilter>[]>(() => [
+	{ value: 'all', label: formatMessage(messages.allRoles) },
+	...roleOptions.value.map((role) => ({
+		value: role.value,
+		label: role.label,
+	})),
+])
+
+const selectedRoleFilterLabel = computed(() =>
+	formatMessage(messages.selectedRoleFilter, {
+		role:
+			roleFilterOptions.value.find((option) => option.value === roleFilter.value)?.label ??
+			formatMessage(messages.allRoles),
+	}),
+)
+
+const serverUsersQueryKey = ['servers', 'users', 'v1', serverId]
+const serverUsersQuery = useQuery({
+	queryKey: serverUsersQueryKey,
+	queryFn: () => client.archon.server_users_v1.list(serverId),
+})
+
+const friendsQueryKey = ['user', 'friends', 'v3']
+useQuery({
+	queryKey: friendsQueryKey,
+	queryFn: () => client.labrinth.friends_v3.list(),
+	staleTime: 30_000,
+})
+
+const members = computed<ServerAccessMember[]>(() =>
+	(serverUsersQuery.data.value ?? [])
+		.map((serverUser) => {
+			const userId = serverUser.user.id
+			const username = serverUser.user.username || userId
+			const role = apiPermissionsToAccessRole(serverUser.permissions)
+
+			return {
+				id: `${serverId}-${userId}`,
+				user: {
+					id: userId,
+					username,
+					avatarUrl: serverUser.user.avatar_url || undefined,
+				},
+				role,
+				joinedAt: serverUser.added_on ?? null,
+				pending: !serverUser.added_on,
+				isOwner: role === 'owner',
+			}
+		})
+		.sort((a, b) => {
+			const ownerSort = Number(b.isOwner) - Number(a.isOwner)
+			return ownerSort === 0 ? a.user.username.localeCompare(b.user.username) : ownerSort
+		}),
+)
+
+const worldOptions = computed(
+	() => serverFull.value?.worlds.map((world) => ({ id: world.id, name: world.name })) ?? [],
+)
+const isAuditLogWorldFilterVisible = computed(
+	() => showAuditLogInstances.value && worldOptions.value.length > 0,
+)
+
+const worldById = computed(
+	() => new Map(worldOptions.value.map((world) => [world.id, world] as const)),
+)
+
+const backupById = computed(() => {
+	const backups = new Map<string, Archon.Backups.v1.Backup>()
+	for (const world of serverFull.value?.worlds ?? []) {
+		for (const backup of world.backups ?? []) {
+			backups.set(backup.id, backup)
+		}
+	}
+	return backups
+})
+
+const memberSearch = ref('')
+const roleFilter = ref<RoleFilter>('all')
+const auditLogFilters = ref<Record<string, string[]>>({
+	users: [],
+	worlds: [],
+	actions: [],
+})
+const auditLogTimeframeMode = ref<TimeFrameMode>('preset')
+const auditLogTimeframePreset = ref<TimeFramePreset>('last_7_days')
+const auditLogTimeframeLastAmount = ref(30)
+const auditLogTimeframeLastUnit = ref<TimeFrameLastUnit>('days')
+const auditLogTimeframeCustomStartDate = ref('')
+const auditLogTimeframeCustomEndDate = ref('')
+const auditLogSortDirection = ref<Archon.Actions.v1.SortOrder>('desc')
+
+const actionLogDateFilter = computed(() => {
+	const range = getAuditLogTimeframeRange()
+
+	return {
+		min_datetime: range?.start.toISOString(),
+		max_datetime: range?.end.toISOString(),
+	}
+})
+
+const actionLogEndpointFilter = computed<Archon.Actions.v1.ActionLogFilter | undefined>(() => {
+	const users = selectedAuditLogFilterValues('users')
+	const worlds = isAuditLogWorldFilterVisible.value ? selectedAuditLogWorldFilterValues() : []
+	const actions = selectedAuditLogFilterValues('actions').filter(isActionLogActionName)
+	const filter: Archon.Actions.v1.ActionLogFilter = {}
+
+	if (users.length > 0) filter.users = users
+	if (worlds.length > 0) filter.worlds = worlds
+	if (actions.length > 0) filter.actions = actions
+
+	return Object.keys(filter).length > 0 ? filter : undefined
+})
+const actionLogBaseQueryKey = ['servers', 'action-log', 'v1', 'infinite', serverId] as const
+const actionLogQueryKey = computed(() => {
+	const filter = actionLogEndpointFilter.value
+	const dateFilter = actionLogDateFilter.value
+
+	return [
+		...actionLogBaseQueryKey,
+		filter ?? null,
+		dateFilter.min_datetime ?? null,
+		dateFilter.max_datetime ?? null,
+		auditLogSortDirection.value,
+	]
+})
+const actionLogQuery = useInfiniteQuery({
+	queryKey: actionLogQueryKey,
+	queryFn: ({ pageParam = 0 }) => {
+		const offset = typeof pageParam === 'number' ? pageParam : 0
+		return client.archon.actions_v1.list(serverId, {
+			limit: ACTION_LOG_PAGE_SIZE,
+			offset,
+			order: auditLogSortDirection.value,
+			filter: actionLogEndpointFilter.value,
+			...actionLogDateFilter.value,
+		})
+	},
+	getNextPageParam: (lastPage) =>
+		typeof lastPage.next_offset === 'number' ? lastPage.next_offset : undefined,
+	initialPageParam: 0,
+	placeholderData: (previousData) => previousData,
+	staleTime: 30_000,
+})
+const actionLogFilterSignature = computed(() =>
+	JSON.stringify([
+		actionLogEndpointFilter.value ?? null,
+		actionLogDateFilter.value.min_datetime ?? null,
+		actionLogDateFilter.value.max_datetime ?? null,
+	]),
+)
+const isActionLogFilterTransitioning = ref(false)
+const isActionLogSortTransitioning = ref(false)
+let actionLogFilterTransitionTimeout: ReturnType<typeof setTimeout> | null = null
+let actionLogSortTransitionTimeout: ReturnType<typeof setTimeout> | null = null
+
+watch(actionLogFilterSignature, (_signature, previousSignature) => {
+	if (previousSignature === undefined) return
+	startActionLogFilterTransition()
+})
+
+watch(
+	auditLogSortDirection,
+	(_direction, previousDirection) => {
+		if (previousDirection === undefined) return
+		startActionLogSortTransition()
+	},
+	{ flush: 'sync' },
+)
+
+watch(
+	() => actionLogQuery.isFetching.value,
+	(isFetching) => {
+		if (!isFetching && isActionLogSortTransitioning.value) {
+			finishActionLogSortTransition()
+		}
+	},
+	{ flush: 'post' },
+)
+
+onBeforeUnmount(() => {
+	if (actionLogFilterTransitionTimeout) {
+		clearTimeout(actionLogFilterTransitionTimeout)
+	}
+	if (actionLogSortTransitionTimeout) {
+		clearTimeout(actionLogSortTransitionTimeout)
+	}
+})
+
+const auditEntries = computed<ServerAuditLogEntry[]>(() => {
+	const pages = actionLogQuery.data.value?.pages ?? []
+	const entryIdCounts = new Map<string, number>()
+
+	return pages.flatMap((actionLog) =>
+		actionLog.data.map((entry) => {
+			const entryId = getActionLogEntryId(entry)
+			const entryIdCount = entryIdCounts.get(entryId) ?? 0
+			entryIdCounts.set(entryId, entryIdCount + 1)
+
+			return apiActionLogEntryToAuditEntry(
+				entry,
+				actionLog,
+				entryIdCount === 0 ? entryId : `${entryId}-${entryIdCount}`,
+			)
+		}),
+	)
+})
+const hasShownLoadError = ref(false)
+const hasShownActionLogLoadError = ref(false)
+const hasMoreActionLogEntries = computed(
+	() => !actionLogQuery.isPlaceholderData.value && actionLogQuery.hasNextPage.value,
+)
+const isLoadingMoreActionLogEntries = computed(() => actionLogQuery.isFetchingNextPage.value)
+const isActionLogFiltering = computed(() => isActionLogFilterTransitioning.value)
+
+const auditLogUserFilterOptions = computed<DropdownFilterBarOption[]>(() => {
+	const options = new Map<string, DropdownFilterBarOption>()
+
+	for (const page of actionLogQuery.data.value?.pages ?? []) {
+		for (const entry of page.data) {
+			if (entry.actor.type === 'support') {
+				const userId = entry.actor.user_id ?? null
+				const user = userId ? page.users[userId] : undefined
+				if (!options.has(SUPPORT_ACTION_LOG_USER_FILTER)) {
+					options.set(SUPPORT_ACTION_LOG_USER_FILTER, {
+						value: SUPPORT_ACTION_LOG_USER_FILTER,
+						label: user?.username
+							? `${formatMessage(messages.supportActor)} (${user.username})`
+							: formatMessage(messages.supportActor),
+						searchTerms: [
+							SUPPORT_ACTION_LOG_USER_FILTER,
+							formatMessage(messages.supportActor),
+							userId,
+							user?.username,
+						].filter(Boolean) as string[],
+					})
+				}
+				continue
+			}
+
+			const id = entry.actor.user_id
+			const user = page.users[id]
+			if (!options.has(id)) {
+				options.set(id, {
+					value: id,
+					label: user?.username ?? id,
+					searchTerms: [id, user?.username].filter(Boolean) as string[],
+				})
+			}
+		}
+	}
+
+	return [...options.values()].sort(compareFilterOptions)
+})
+
+const auditLogWorldFilterOptions = computed<DropdownFilterBarOption[]>(() => [
+	{
+		value: SERVER_SCOPED_ACTION_LOG_WORLD_FILTER,
+		label: formatMessage(messages.serverScopedInstance),
+		searchTerms: [
+			SERVER_SCOPED_ACTION_LOG_WORLD_FILTER,
+			formatMessage(messages.serverScopedInstance),
+		],
+	},
+	...worldOptions.value.map((world) => ({
+		value: world.id,
+		label: world.name,
+		searchTerms: [world.id, world.name],
+	})),
+])
+
+const auditLogActionFilterOptions = computed<DropdownFilterBarOption[]>(() =>
+	actionLogActionNames
+		.map((action) => ({
+			value: action,
+			label: formatActionLogAction(action),
+			searchTerms: [action, action.replaceAll('_', ' ')],
+		}))
+		.sort(compareFilterOptions),
+)
+
+const auditLogFilterCategories = computed<DropdownFilterBarCategory[]>(() => {
+	const categories: DropdownFilterBarCategory[] = [
+		{
+			key: 'users',
+			label: formatMessage(messages.userFilter),
+			options: auditLogUserFilterOptions.value,
+		},
+	]
+
+	if (isAuditLogWorldFilterVisible.value) {
+		categories.push({
+			key: 'worlds',
+			label: formatMessage(messages.instanceFilter),
+			options: auditLogWorldFilterOptions.value,
+		})
+	}
+
+	categories.push({
+		key: 'actions',
+		label: formatMessage(messages.actionTypeFilter),
+		options: auditLogActionFilterOptions.value,
+		searchable: true,
+		searchPlaceholder: formatMessage(messages.actionTypeFilterSearch),
+		submenuClass: 'w-[22rem]',
+		previewDropdownMinWidth: '20rem',
+	})
+
+	return categories
+})
+
+const hasActiveAuditLogDateFilter = computed(
+	() => !!actionLogDateFilter.value.min_datetime || !!actionLogDateFilter.value.max_datetime,
+)
+
+const hasActiveAuditLogFilters = computed(
+	() =>
+		hasActiveAuditLogDateFilter.value ||
+		(isAuditLogWorldFilterVisible.value
+			? (['users', 'worlds', 'actions'] satisfies AuditLogFilterKey[])
+			: (['users', 'actions'] satisfies AuditLogFilterKey[])
+		).some((key) => selectedAuditLogFilterValues(key).length > 0),
+)
+
+const filteredMembers = computed(() => {
+	const normalizedSearch = memberSearch.value.trim().toLowerCase()
+	return members.value.filter((member) => {
+		if (roleFilter.value !== 'all' && member.role !== roleFilter.value) return false
+		if (!normalizedSearch) return true
+
+		const roleLabel = formatRole(member.role)
+		const pendingLabel = member.pending ? 'pending' : ''
+		return [member.user.username, roleLabel, pendingLabel].some((value) =>
+			value.toLowerCase().includes(normalizedSearch),
+		)
+	})
+})
+
+function formatRole(role: ServerAccessRole) {
+	return roleOptions.value.find((option) => option.value === role)?.label ?? role
+}
+
+function selectedAuditLogFilterValues(key: AuditLogFilterKey): string[] {
+	const values = auditLogFilters.value[key]
+	return values ? [...values] : []
+}
+
+function selectedAuditLogWorldFilterValues(): Array<string | null> {
+	return selectedAuditLogFilterValues('worlds').map((world) =>
+		world === SERVER_SCOPED_ACTION_LOG_WORLD_FILTER ? null : world,
+	)
+}
+
+function parseDateInputValue(value: string) {
+	const [yearValue, monthValue, dayValue] = value.split('-').map(Number)
+	if (!yearValue || !monthValue || !dayValue) return null
+
+	const date = new Date(yearValue, monthValue - 1, dayValue)
+	if (
+		date.getFullYear() !== yearValue ||
+		date.getMonth() !== monthValue - 1 ||
+		date.getDate() !== dayValue
+	) {
+		return null
+	}
+
+	return date
+}
+
+function parseDateTimeInputValue(value: string) {
+	const date = new Date(value)
+	return Number.isNaN(date.getTime()) ? null : date
+}
+
+function addDays(date: Date, days: number) {
+	const nextDate = new Date(date)
+	nextDate.setDate(nextDate.getDate() + days)
+	return nextDate
+}
+
+function subtractCalendarMonths(date: Date, months: number) {
+	const nextDate = new Date(date)
+	const day = nextDate.getDate()
+	nextDate.setDate(1)
+	nextDate.setMonth(nextDate.getMonth() - months)
+	const daysInMonth = new Date(nextDate.getFullYear(), nextDate.getMonth() + 1, 0).getDate()
+	nextDate.setDate(Math.min(day, daysInMonth))
+	return nextDate
+}
+
+function getRoundedNow() {
+	const now = Date.now()
+	return new Date(Math.floor(now / 60000) * 60000)
+}
+
+function getAuditLogTimeframeRange(): { start: Date; end: Date } | null {
+	const now = getRoundedNow()
+
+	if (auditLogTimeframeMode.value === 'last') {
+		return getLastAuditLogTimeframeRange(now)
+	}
+
+	if (auditLogTimeframeMode.value === 'custom_range') {
+		const startDate = parseDateInputValue(auditLogTimeframeCustomStartDate.value)
+		const endDate = parseDateInputValue(auditLogTimeframeCustomEndDate.value)
+		if (!startDate || !endDate) return null
+
+		const [minDate, maxDate] =
+			startDate.getTime() > endDate.getTime() ? [endDate, startDate] : [startDate, endDate]
+
+		return {
+			start: startOfDay(minDate),
+			end: endOfDay(maxDate),
+		}
+	}
+
+	if (auditLogTimeframeMode.value === 'custom_datetime_range') {
+		const startDate = parseDateTimeInputValue(auditLogTimeframeCustomStartDate.value)
+		const endDate = parseDateTimeInputValue(auditLogTimeframeCustomEndDate.value)
+		if (!startDate || !endDate) return null
+
+		return startDate.getTime() > endDate.getTime()
+			? { start: endDate, end: startDate }
+			: { start: startDate, end: endDate }
+	}
+
+	return getPresetAuditLogTimeframeRange(now)
+}
+
+function getPresetAuditLogTimeframeRange(now: Date): { start: Date; end: Date } | null {
+	switch (auditLogTimeframePreset.value) {
+		case 'today':
+			return { start: startOfDay(now), end: endOfDay(now) }
+		case 'yesterday': {
+			const yesterday = addDays(now, -1)
+			return { start: startOfDay(yesterday), end: endOfDay(yesterday) }
+		}
+		case 'last_7_days':
+			return { start: startOfDay(addDays(now, -6)), end: endOfDay(now) }
+		case 'last_14_days':
+			return { start: startOfDay(addDays(now, -13)), end: endOfDay(now) }
+		case 'last_30_days':
+			return { start: startOfDay(addDays(now, -29)), end: endOfDay(now) }
+		case 'last_90_days':
+			return { start: startOfDay(addDays(now, -89)), end: endOfDay(now) }
+		case 'last_180_days':
+			return { start: startOfDay(addDays(now, -179)), end: endOfDay(now) }
+		case 'year_to_date':
+			return { start: new Date(now.getFullYear(), 0, 1), end: endOfDay(now) }
+		case 'all_time':
+			return null
+	}
+}
+
+function getLastAuditLogTimeframeRange(now: Date): { start: Date; end: Date } {
+	const amount = Math.max(1, Math.floor(auditLogTimeframeLastAmount.value))
+
+	switch (auditLogTimeframeLastUnit.value) {
+		case 'hours':
+			return { start: new Date(now.getTime() - amount * 60 * 60 * 1000), end: now }
+		case 'days':
+			return { start: new Date(now.getTime() - amount * 24 * 60 * 60 * 1000), end: now }
+		case 'weeks':
+			return { start: new Date(now.getTime() - amount * 7 * 24 * 60 * 60 * 1000), end: now }
+		case 'months':
+			return { start: subtractCalendarMonths(now, amount), end: now }
+	}
+}
+
+function startOfDay(date: Date) {
+	return new Date(date.getFullYear(), date.getMonth(), date.getDate())
+}
+
+function endOfDay(date: Date) {
+	return new Date(date.getFullYear(), date.getMonth(), date.getDate(), 23, 59, 59, 999)
+}
+
+function isActionLogActionName(action: string): action is ActionLogFilterActionName {
+	return actionLogActionNameSet.has(action)
+}
+
+function compareFilterOptions(left: DropdownFilterBarOption, right: DropdownFilterBarOption) {
+	return left.label.localeCompare(right.label)
+}
+
+function formatActionLogAction(action: ActionLogFilterActionName): string {
+	return formatMessage(messages[action])
+}
+
+function loadMoreActionLogEntries() {
+	if (
+		isActionLogFilterTransitioning.value ||
+		actionLogQuery.isPlaceholderData.value ||
+		!actionLogQuery.hasNextPage.value ||
+		actionLogQuery.isFetchingNextPage.value
+	) {
+		return
+	}
+	void actionLogQuery.fetchNextPage()
+}
+
+function startActionLogFilterTransition() {
+	isActionLogFilterTransitioning.value = true
+
+	if (actionLogFilterTransitionTimeout) {
+		clearTimeout(actionLogFilterTransitionTimeout)
+	}
+
+	actionLogFilterTransitionTimeout = setTimeout(() => {
+		isActionLogFilterTransitioning.value = false
+		actionLogFilterTransitionTimeout = null
+	}, ACTION_LOG_FILTER_OVERLAY_MS)
+}
+
+function startActionLogSortTransition() {
+	isActionLogSortTransitioning.value = true
+
+	if (actionLogSortTransitionTimeout) {
+		clearTimeout(actionLogSortTransitionTimeout)
+	}
+
+	actionLogSortTransitionTimeout = setTimeout(() => {
+		isActionLogSortTransitioning.value = false
+		actionLogSortTransitionTimeout = null
+	}, 2500)
+}
+
+function finishActionLogSortTransition() {
+	if (actionLogSortTransitionTimeout) {
+		clearTimeout(actionLogSortTransitionTimeout)
+	}
+
+	actionLogSortTransitionTimeout = setTimeout(() => {
+		isActionLogSortTransitioning.value = false
+		actionLogSortTransitionTimeout = null
+	}, 120)
+}
+
+watch(
+	() => serverUsersQuery.error.value,
+	(serverUsersError) => {
+		if (hasShownLoadError.value || !serverUsersError) return
+
+		hasShownLoadError.value = true
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.loadFailedTitle),
+			text: formatErrorMessage(serverUsersError) ?? formatMessage(messages.loadFailedText),
+		})
+	},
+)
+
+watch(
+	() => actionLogQuery.error.value,
+	(actionLogError) => {
+		if (hasShownActionLogLoadError.value || !actionLogError) return
+
+		hasShownActionLogLoadError.value = true
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.loadFailedTitle),
+			text: formatErrorMessage(actionLogError) ?? formatMessage(messages.loadFailedText),
+		})
+	},
+)
+
+function accessRoleToApiRole(
+	role: Exclude<ServerAccessRole, 'owner'>,
+): Archon.ServerUsers.v1.AssignableServerUserRole {
+	switch (role) {
+		case 'editor':
+			return 'Editor'
+		case 'viewer':
+			return 'Viewer'
+	}
+}
+
+function accessRoleToApiPermissions(role: Exclude<ServerAccessRole, 'owner'>) {
+	switch (role) {
+		case 'editor':
+			return serializeUserScope(editorScopes)
+		case 'viewer':
+			return serializeUserScope(viewerScopes)
+	}
+}
+
+function serializeUserScope(scopes: readonly string[]): Archon.ServerUsers.v1.UserScope {
+	return scopes.join(' | ')
+}
+
+function formatErrorMessage(error: unknown): string | undefined {
+	return error instanceof Error ? error.message : undefined
+}
+
+function isSuppressedFriendRequestError(error: unknown) {
+	return getErrorMessageParts(error).some((message) => {
+		const normalizedMessage = message.toLowerCase()
+		return (
+			normalizedMessage.includes('you are already friends with this user') ||
+			normalizedMessage.includes('you cannot add yourself as a friend') ||
+			normalizedMessage.includes('you cannot accept your own friend request')
+		)
+	})
+}
+
+function getErrorMessageParts(error: unknown): string[] {
+	const errorMessages: string[] = []
+
+	if (error instanceof Error) {
+		errorMessages.push(error.message)
+	}
+
+	if (!error || typeof error !== 'object') return errorMessages
+
+	const record = error as Record<string, unknown>
+	pushErrorDescription(errorMessages, record.responseData)
+	pushErrorDescription(errorMessages, record.v1Error)
+
+	return errorMessages
+}
+
+function pushErrorDescription(errorMessages: string[], value: unknown) {
+	if (!value || typeof value !== 'object') return
+
+	const record = value as Record<string, unknown>
+	if (typeof record.description === 'string') {
+		errorMessages.push(record.description)
+	}
+}
+
+function apiActionLogEntryToAuditEntry(
+	entry: Archon.Actions.v1.ActionEntry,
+	actionLog: Archon.Actions.v1.ActionLogResponse,
+	id: string,
+): ServerAuditLogEntry {
+	const event = parseAuditEvent(entry, {
+		serverId,
+		users: actionLog.users,
+		addons: actionLog.addons,
+		worldById: worldById.value,
+		backupById: backupById.value,
+		versions: actionLog.versions ?? {},
+	})
+
+	return {
+		id,
+		actor: event.props.actor,
+		world: event.props.world,
+		event,
+		timestamp: entry.timestamp,
+	}
+}
+
+function getActionLogEntryId(entry: Archon.Actions.v1.ActionEntry) {
+	return JSON.stringify([
+		entry.timestamp,
+		entry.actor.type,
+		entry.actor.type === 'user' ? entry.actor.user_id : (entry.actor.user_id ?? 'support'),
+		entry.server_id,
+		entry.world_id ?? null,
+		entry.action.action,
+		stableStringify(entry.action.metadata),
+	])
+}
+
+function stableStringify(value: unknown): string {
+	if (value === undefined) {
+		return 'undefined'
+	}
+
+	if (value === null || typeof value !== 'object') {
+		return JSON.stringify(value) ?? String(value)
+	}
+
+	if (Array.isArray(value)) {
+		return `[${value.map((item) => stableStringify(item)).join(',')}]`
+	}
+
+	return `{${Object.entries(value as Record<string, unknown>)
+		.sort(([leftKey], [rightKey]) => leftKey.localeCompare(rightKey))
+		.map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`)
+		.join(',')}}`
+}
+
+async function invalidateServerUsers() {
+	await queryClient.invalidateQueries({ queryKey: serverUsersQueryKey })
+}
+
+async function invalidateActionLog() {
+	await queryClient.invalidateQueries({ queryKey: actionLogBaseQueryKey })
+}
+
+function setCachedMemberRole(member: ServerAccessMember, role: Exclude<ServerAccessRole, 'owner'>) {
+	const normalizedUserId = member.user.id.toLowerCase()
+	const normalizedUsername = member.user.username.toLowerCase()
+
+	queryClient.setQueryData<Archon.ServerUsers.v1.ServerUser[]>(serverUsersQueryKey, (serverUsers) =>
+		serverUsers?.map((serverUser) => {
+			const isTargetUser =
+				serverUser.user.id.toLowerCase() === normalizedUserId ||
+				serverUser.user.username.toLowerCase() === normalizedUsername
+
+			return isTargetUser
+				? { ...serverUser, permissions: accessRoleToApiPermissions(role) }
+				: serverUser
+		}),
+	)
+}
+
+function findMemberByTarget(target: string) {
+	const normalizedTarget = target.trim().toLowerCase()
+	return members.value.find(
+		(member) =>
+			member.user.username.toLowerCase() === normalizedTarget ||
+			member.user.id.toLowerCase() === normalizedTarget,
+	)
+}
+
+async function resolveInviteUser(target: string): Promise<ServerAccessInviteSuggestion | null> {
+	const user = await client.labrinth.users_v2.get(target)
+	return {
+		id: user.id,
+		username: user.username,
+		avatarUrl: user.avatar_url || undefined,
+	}
+}
+
+function resolveMemberUserId(member: ServerAccessMember): string {
+	return member.user.id
+}
+
+async function updateMemberRole(member: ServerAccessMember, role: ServerAccessRole) {
+	if (!canManageUsers.value || member.isOwner || member.role === role || role === 'owner') return
+	const previousRole = member.role
+	if (previousRole === 'owner') return
+
+	await queryClient.cancelQueries({ queryKey: serverUsersQueryKey })
+	setCachedMemberRole(member, role)
+
+	try {
+		const userId = await resolveMemberUserId(member)
+		await client.archon.server_users_v1.update(serverId, userId, accessRoleToApiRole(role))
+	} catch (error) {
+		setCachedMemberRole(member, previousRole)
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.roleUpdateFailedTitle),
+			text: formatErrorMessage(error),
+		})
+		return
+	}
+
+	await invalidateServerUsers()
+	await invalidateActionLog()
+}
+
+async function resendInvite(member: ServerAccessMember) {
+	if (!canManageUsers.value || !member.pending || member.role === 'owner') return
+
+	try {
+		await client.archon.server_users_v1.add(serverId, {
+			user_id: member.user.id,
+			role: accessRoleToApiRole(member.role),
+		})
+		await invalidateServerUsers()
+		await invalidateActionLog()
+		addNotification({
+			type: 'success',
+			title: formatMessage(messages.inviteResentTitle),
+			text: formatMessage(messages.inviteResentText, {
+				target: member.user.username,
+			}),
+		})
+	} catch (error) {
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.inviteFailedTitle),
+			text: formatErrorMessage(error),
+		})
+	}
+}
+
+async function cancelInvite(member: ServerAccessMember) {
+	await removeMemberAccess(member, true)
+}
+
+function requestRemoveMember(member: ServerAccessMember) {
+	if (!canManageUsers.value) return
+	pendingRemovalMember.value = member
+	shouldCancelInvite.value = false
+	removeMemberConfirmModal.value?.show()
+}
+
+function requestCancelInvite(member: ServerAccessMember) {
+	if (!canManageUsers.value) return
+	pendingRemovalMember.value = member
+	shouldCancelInvite.value = true
+	removeMemberConfirmModal.value?.show()
+}
+
+async function confirmAccessRemoval() {
+	const member = pendingRemovalMember.value
+	const shouldCancel = shouldCancelInvite.value
+	pendingRemovalMember.value = null
+	shouldCancelInvite.value = false
+	if (!member) return
+	if (!canManageUsers.value) return
+
+	if (shouldCancel) {
+		await cancelInvite(member)
+		return
+	}
+
+	await removeMember(member)
+}
+
+async function removeMember(member: ServerAccessMember) {
+	await removeMemberAccess(member, false)
+}
+
+async function removeMemberAccess(member: ServerAccessMember, shouldCancel: boolean) {
+	if (!canManageUsers.value) return
+
+	try {
+		const userId = await resolveMemberUserId(member)
+		await client.archon.server_users_v1.delete(serverId, userId)
+		await invalidateServerUsers()
+		await invalidateActionLog()
+		addNotification({
+			type: 'success',
+			title: formatMessage(
+				shouldCancel ? messages.inviteCancelledTitle : messages.memberRemovedTitle,
+			),
+			text: formatMessage(
+				shouldCancel ? messages.inviteCancelledText : messages.memberRemovedText,
+				{
+					target: member.user.username,
+				},
+			),
+		})
+	} catch (error) {
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.removeFailedTitle),
+			text: formatErrorMessage(error),
+		})
+	}
+}
+
+async function grantAccess(payload: GrantServerAccessPayload) {
+	if (!canManageUsers.value) return
+
+	const target = payload.target.trim()
+	if (!target) return
+
+	const existingMember = findMemberByTarget(target)
+	if (existingMember) {
+		await updateMemberRole(existingMember, payload.role)
+		if (payload.addAsFriend) {
+			const userId = await resolveMemberUserId(existingMember)
+			await sendFriendRequest(userId)
+		}
+		return
+	}
+
+	let user: Labrinth.Users.v2.User
+	try {
+		user = await client.labrinth.users_v2.get(target)
+	} catch (error) {
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.userLookupFailedTitle),
+			text: formatErrorMessage(error) ?? formatMessage(messages.userLookupFailedText, { target }),
+		})
+		return
+	}
+
+	const resolvedMember = findMemberByTarget(user.id) ?? findMemberByTarget(user.username)
+	if (resolvedMember) {
+		await updateMemberRole(resolvedMember, payload.role)
+		if (payload.addAsFriend) await sendFriendRequest(user.id)
+		return
+	}
+
+	try {
+		await client.archon.server_users_v1.add(serverId, {
+			user_id: user.id,
+			role: accessRoleToApiRole(payload.role),
+		})
+		await invalidateServerUsers()
+		await invalidateActionLog()
+		addNotification({
+			type: 'success',
+			title: formatMessage(messages.inviteSentTitle),
+			text: formatMessage(messages.inviteSentText, {
+				target: user.username,
+				role: formatRole(payload.role),
+			}),
+		})
+		if (payload.addAsFriend) await sendFriendRequest(user.id)
+	} catch (error) {
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.inviteFailedTitle),
+			text: formatErrorMessage(error),
+		})
+	}
+}
+
+async function sendFriendRequest(userIdOrUsername: string) {
+	const friends = await queryClient.ensureQueryData({
+		queryKey: friendsQueryKey,
+		queryFn: () => client.labrinth.friends_v3.list(),
+	})
+
+	if (hasFriendRelationship(friends, userIdOrUsername)) return
+
+	try {
+		await client.labrinth.friends_v3.add(userIdOrUsername)
+		await queryClient.invalidateQueries({ queryKey: friendsQueryKey })
+	} catch (error) {
+		if (isSuppressedFriendRequestError(error)) return
+
+		addNotification({
+			type: 'error',
+			title: formatMessage(messages.friendRequestFailedTitle),
+			text: formatErrorMessage(error),
+		})
+	}
+}
+
+function hasFriendRelationship(
+	friends: Labrinth.Friends.v3.UserFriend[],
+	userId: string,
+) {
+	return friends.some((friend) => friend.id === userId || friend.friend_id === userId)
+}
+</script>
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/backups.vue b/packages/ui/src/layouts/wrapped/hosting/manage/backups.vue
index d59b25e5f9..fc97dcbde0 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/backups.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/backups.vue
@@ -28,11 +28,27 @@
 
 		<div v-else key="content" class="contents">
 			<ReadyTransition :pending="backupsReadyPending">
-				<BackupCreateModal ref="createBackupModal" :backups="completedBackups" />
-				<BackupRenameModal ref="renameBackupModal" :backups="completedBackups" />
-				<BackupRestoreModal ref="restoreBackupModal" />
+				<BackupCreateModal
+					ref="createBackupModal"
+					:backups="completedBackups"
+					:can-create="canManageBackups"
+					:permission-denied-message="permissionDeniedMessage"
+				/>
+				<BackupRenameModal
+					ref="renameBackupModal"
+					:backups="completedBackups"
+					:can-rename="canManageBackups"
+					:permission-denied-message="permissionDeniedMessage"
+				/>
+				<BackupRestoreModal
+					ref="restoreBackupModal"
+					:can-restore="canManageBackups"
+					:permission-denied-message="permissionDeniedMessage"
+				/>
 				<BackupDeleteModal
 					ref="deleteBackupModal"
+					:can-delete="canManageBackups"
+					:permission-denied-message="permissionDeniedMessage"
 					@delete="deleteBackup"
 					@bulk-delete="bulkDelete"
 				/>
@@ -122,6 +138,7 @@
 									v-for="(backup, backupIndex) in group.backups"
 									:key="`backup-${backup.id}`"
 									class="flex gap-2"
+									:data-backup-id="backup.id"
 								>
 									<div class="flex w-5 flex-col items-center">
 										<div
@@ -140,17 +157,20 @@
 										class="my-1.5 min-w-0 flex-1"
 										:backup="backup"
 										:selected="selectedIds.has(backup.id)"
+										:highlighted="highlightedBackupId === backup.id"
 										:restore-disabled="backupRestoreDisabled"
+										:write-disabled="!canManageBackups"
+										:write-disabled-tooltip="permissionDeniedMessage"
 										:kyros-url="server.node?.instance"
 										:jwt="server.node?.token"
 										:show-copy-id-action="showCopyIdAction"
 										:show-debug-info="showDebugInfo"
 										@download="() => triggerDownloadAnimation()"
-										@rename="() => renameBackupModal?.show(backup)"
-										@restore="() => restoreBackupModal?.show(backup)"
+										@rename="() => showRenameBackupModal(backup)"
+										@restore="() => showRestoreBackupModal(backup)"
 										@delete="
 											(skipConfirmation?: boolean) =>
-												skipConfirmation ? deleteBackup(backup) : deleteBackupModal?.show(backup)
+												skipConfirmation ? deleteBackup(backup) : showDeleteBackupModal(backup)
 										"
 									/>
 								</div>
@@ -191,7 +211,12 @@
 
 					<div v-if="!isBulkOperating" class="ml-auto flex items-center gap-0.5">
 						<ButtonStyled type="transparent" color="red" hover-color-fill="background">
-							<button type="button" @click="confirmBulkDelete">
+							<button
+								v-tooltip="!canManageBackups ? permissionDeniedMessage : undefined"
+								type="button"
+								:disabled="!canManageBackups"
+								@click="confirmBulkDelete"
+							>
 								<TrashIcon />
 								<span class="bar-label">{{ formatMessage(commonMessages.deleteLabel) }}</span>
 							</button>
@@ -244,7 +269,7 @@ import { CalendarIcon, DownloadIcon, IssuesIcon, PlusIcon, TrashIcon } from '@mo
 import { useMutation, useQueryClient } from '@tanstack/vue-query'
 import dayjs from 'dayjs'
 import type { Component } from 'vue'
-import { computed, ref } from 'vue'
+import { computed, nextTick, onBeforeUnmount, ref, watch } from 'vue'
 import { useRoute } from 'vue-router'
 
 import ButtonStyled from '#ui/components/base/ButtonStyled.vue'
@@ -261,6 +286,7 @@ import BackupRestoreModal from '#ui/components/servers/backups/BackupRestoreModa
 import { useBackupsSelection } from '#ui/composables/hosting/backups-selection'
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
 import { useServerBackupsQueue } from '#ui/composables/server-backups-queue'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import { useBulkOperation } from '#ui/layouts/shared/content-tab/composables/bulk-operations'
 import {
 	injectModrinthClient,
@@ -327,6 +353,7 @@ const messages = defineMessages({
 
 const { addNotification } = injectNotificationManager()
 const { formatMessage } = useVIntl()
+const { canManageBackups, permissionDeniedMessage } = useServerPermissions()
 
 const filterPillOptions = computed<FilterPillOption[]>(() => [
 	{ id: 'manual', label: formatMessage(messages.filterManual) },
@@ -344,6 +371,7 @@ const props = defineProps<{
 
 const route = useRoute()
 const serverId = route.params.id as string
+const BACKUP_HIGHLIGHT_DURATION_MS = 5_000
 
 defineEmits(['onDownload'])
 
@@ -476,6 +504,72 @@ const groupedBackups = computed((): BackupGroup[] => {
 })
 
 const displayOrderedBackups = computed(() => groupedBackups.value.flatMap((g) => g.backups))
+const focusedBackupId = computed(() =>
+	typeof route.query.backup === 'string' ? route.query.backup : null,
+)
+const highlightedBackupId = ref<string | null>(null)
+let highlightedBackupTimeout: ReturnType<typeof setTimeout> | null = null
+let lastHighlightedFocusedBackupId: string | null = null
+let lastScrolledFocusedBackupId: string | null = null
+
+watch(
+	[focusedBackupId, displayOrderedBackups],
+	async ([backupId]) => {
+		if (!backupId) {
+			lastHighlightedFocusedBackupId = null
+			lastScrolledFocusedBackupId = null
+			clearHighlightedBackup()
+			return
+		}
+		if (!displayOrderedBackups.value.some((backup) => backup.id === backupId)) return
+
+		if (lastHighlightedFocusedBackupId !== backupId) {
+			lastHighlightedFocusedBackupId = backupId
+			highlightBackup(backupId)
+		}
+		if (lastScrolledFocusedBackupId === backupId) return
+		if (typeof document === 'undefined') return
+
+		lastScrolledFocusedBackupId = backupId
+		await nextTick()
+		const escapedBackupId =
+			typeof CSS !== 'undefined' && CSS.escape
+				? CSS.escape(backupId)
+				: backupId.replaceAll('"', '\\"')
+		document
+			.querySelector(`[data-backup-id="${escapedBackupId}"]`)
+			?.scrollIntoView({ block: 'center', behavior: 'smooth' })
+	},
+	{ immediate: true },
+)
+
+onBeforeUnmount(() => {
+	if (highlightedBackupTimeout) {
+		clearTimeout(highlightedBackupTimeout)
+	}
+})
+
+function highlightBackup(backupId: string) {
+	highlightedBackupId.value = backupId
+
+	if (highlightedBackupTimeout) {
+		clearTimeout(highlightedBackupTimeout)
+	}
+
+	highlightedBackupTimeout = setTimeout(() => {
+		highlightedBackupId.value = null
+		highlightedBackupTimeout = null
+	}, BACKUP_HIGHLIGHT_DURATION_MS)
+}
+
+function clearHighlightedBackup() {
+	highlightedBackupId.value = null
+
+	if (highlightedBackupTimeout) {
+		clearTimeout(highlightedBackupTimeout)
+		highlightedBackupTimeout = null
+	}
+}
 
 const {
 	selectedIds,
@@ -496,6 +590,9 @@ const restoreBackupModal = ref<InstanceType<typeof BackupRestoreModal>>()
 const deleteBackupModal = ref<InstanceType<typeof BackupDeleteModal>>()
 
 const backupRestoreDisabled = computed(() => {
+	if (!canManageBackups.value) {
+		return permissionDeniedMessage.value
+	}
 	if (props.isServerRunning) {
 		return 'Cannot restore backup while server is running'
 	}
@@ -509,6 +606,9 @@ const backupRestoreDisabled = computed(() => {
 })
 
 const backupCreationDisabled = computed(() => {
+	if (!canManageBackups.value) {
+		return permissionDeniedMessage.value
+	}
 	const quota = server.value.backup_quota
 	if (quota !== undefined) {
 		const usedCount = backups.value.length ?? server.value.used_backup_quota ?? 0
@@ -526,19 +626,37 @@ const backupCreationDisabled = computed(() => {
 })
 
 const showCreateModel = () => {
+	if (backupCreationDisabled.value) return
 	createBackupModal.value?.show()
 }
 
+function showRenameBackupModal(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
+	if (!canManageBackups.value) return
+	renameBackupModal.value?.show(backup)
+}
+
+function showRestoreBackupModal(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
+	if (backupRestoreDisabled.value) return
+	restoreBackupModal.value?.show(backup)
+}
+
+function showDeleteBackupModal(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
+	if (!canManageBackups.value) return
+	deleteBackupModal.value?.show(backup)
+}
+
 function clearBackupFilters() {
 	selectedFilters.value = []
 }
 
 function confirmBulkDelete() {
+	if (!canManageBackups.value) return
 	if (!selectedBackups.value.length) return
 	deleteBackupModal.value?.showBulk(selectedBackups.value)
 }
 
 async function bulkDelete(toRemove: Archon.BackupsQueue.v1.BackupQueueBackup[]) {
+	if (!canManageBackups.value) return
 	if (!toRemove.length) return
 
 	isBulkOperating.value = true
@@ -569,6 +687,7 @@ function useQueueDeleteFor(backup: Archon.BackupsQueue.v1.BackupQueueBackup) {
 }
 
 function deleteBackup(backup?: Archon.BackupsQueue.v1.BackupQueueBackup) {
+	if (!canManageBackups.value) return
 	if (!backup) {
 		addNotification({
 			type: 'error',
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/content.vue b/packages/ui/src/layouts/wrapped/hosting/manage/content.vue
index 46f44fc4e7..09814deaff 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/content.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/content.vue
@@ -9,6 +9,7 @@ import { useRoute, useRouter } from 'vue-router'
 import ReadyTransition from '#ui/components/base/ReadyTransition.vue'
 import { useUploadSessionUpload } from '#ui/composables/hosting/kyros-session-upload'
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -123,6 +124,7 @@ const contentUploadSession = useUploadSessionUpload({
 })
 const { addNotification } = injectNotificationManager()
 const { openServerSettings, browseServerContent } = injectServerSettingsModal()
+const { canSetup, permissionDeniedMessage } = useServerPermissions()
 const route = useRoute()
 const router = useRouter()
 const queryClient = useQueryClient()
@@ -136,6 +138,7 @@ const type = computed(() => {
 })
 
 const queryKey = computed(() => ['content', 'list', 'v1', serverId])
+const modpackContentQueryKey = computed(() => ['content', 'list', 'v1', serverId, 'modpack'])
 
 function getContentOwnerAvatarUrl(owner: ContentOwnerAvatarSource) {
 	const ownerId = owner.type === 'user' ? owner.name || owner.id : owner.id
@@ -150,6 +153,44 @@ const contentQuery = useQuery({
 	staleTime: 0,
 })
 
+const isModpackContentModalOpen = ref(false)
+const modpackContentQuery = useQuery({
+	queryKey: modpackContentQueryKey,
+	queryFn: () =>
+		client.archon.content_v1.getAddons(serverId, worldId.value!, {
+			from_modpack: true,
+		}),
+	enabled: computed(() => isModpackContentModalOpen.value && worldId.value !== null),
+	staleTime: 0,
+})
+
+const setupActionDisabled = computed(() => !canSetup.value || busyReasons.value.length > 0)
+const setupActionBusyMessage = computed(() => {
+	if (!canSetup.value) return permissionDeniedMessage.value
+
+	const bannerCoversInstalling =
+		server.value?.status === 'installing' ||
+		isSyncingContent.value ||
+		busyReasons.value.some(
+			(r) =>
+				r.reason.id === 'servers.busy.installing' || r.reason.id === 'servers.busy.syncing-content',
+		)
+	const filteredReasons = busyReasons.value.filter((r) => {
+		if (
+			bannerCoversInstalling &&
+			(r.reason.id === 'servers.busy.installing' || r.reason.id === 'servers.busy.syncing-content')
+		)
+			return false
+		if (
+			r.reason.id === 'servers.busy.backup-creating' ||
+			r.reason.id === 'servers.busy.backup-restoring'
+		)
+			return false
+		return true
+	})
+	return filteredReasons.length > 0 ? formatMessage(filteredReasons[0].reason) : null
+})
+
 const modpackProjectId = computed(() => {
 	const spec = contentQuery.data.value?.modpack?.spec
 	return spec?.platform === 'modrinth' ? spec.project_id : null
@@ -688,12 +729,14 @@ const toggleMutation = useMutation({
 })
 
 async function handleToggleEnabled(item: ContentItem) {
+	if (setupActionDisabled.value) return
 	const addon = addonLookup.value.get(item.file_name)
 	if (!addon) return
 	await toggleMutation.mutateAsync({ addon })
 }
 
 async function handleDeleteItem(item: ContentItem) {
+	if (setupActionDisabled.value) return
 	const addon = addonLookup.value.get(item.file_name)
 	if (!addon) return
 	await deleteMutation.mutateAsync({ addon })
@@ -708,6 +751,7 @@ function itemsToAddonRequests(items: ContentItem[]): Archon.Content.v1.RemoveAdd
 }
 
 async function handleBulkDelete(items: ContentItem[]) {
+	if (setupActionDisabled.value) return
 	const requests = itemsToAddonRequests(items)
 	if (requests.length === 0) return
 	try {
@@ -723,6 +767,7 @@ async function handleBulkDelete(items: ContentItem[]) {
 }
 
 async function handleBulkEnable(items: ContentItem[]) {
+	if (setupActionDisabled.value) return
 	const requests = itemsToAddonRequests(items)
 	if (requests.length === 0) return
 	try {
@@ -738,6 +783,7 @@ async function handleBulkEnable(items: ContentItem[]) {
 }
 
 async function handleBulkDisable(items: ContentItem[]) {
+	if (setupActionDisabled.value) return
 	const requests = itemsToAddonRequests(items)
 	if (requests.length === 0) return
 	try {
@@ -760,6 +806,15 @@ const updatingProject = ref<ContentItem | null>(null)
 const updatingModpack = ref(false)
 const loadingChangelog = ref(false)
 
+watch(
+	() => modpackContentQuery.data.value?.addons,
+	(addons) => {
+		if (!isModpackContentModalOpen.value || !addons) return
+		modpackAddons.value = addons
+		modpackContentModal.value?.setItems(addons.map(addonToContentItem))
+	},
+)
+
 const updatingProjectId = computed(() => updatingProject.value?.project?.id ?? null)
 
 const projectVersionsQuery = useQuery({
@@ -797,6 +852,7 @@ const currentLoader = computed(
 )
 
 function handleBrowseContent() {
+	if (setupActionDisabled.value) return
 	const contentType = type.value
 	if (browseServerContent && ['mod', 'plugin', 'datapack'].includes(contentType)) {
 		browseServerContent({
@@ -814,6 +870,7 @@ function handleBrowseContent() {
 }
 
 function handleUploadFiles() {
+	if (setupActionDisabled.value) return
 	const input = document.createElement('input')
 	input.type = 'file'
 	input.multiple = true
@@ -876,15 +933,16 @@ function addonToContentItem(addon: AddonWithUiState): ContentItem {
 }
 
 async function handleViewModpackContent() {
+	isModpackContentModalOpen.value = true
 	modpackContentModal.value?.showLoading()
 	try {
-		const data = await client.archon.content_v1.getAddons(serverId, worldId.value!, {
-			from_modpack: true,
-		})
+		const { data } = await modpackContentQuery.refetch()
+		if (!data) throw new Error('Failed to load modpack content')
 		modpackAddons.value = data.addons ?? []
 		const items = (data.addons ?? []).map(addonToContentItem)
 		modpackContentModal.value?.show(items)
 	} catch (err) {
+		isModpackContentModalOpen.value = false
 		modpackContentModal.value?.hide()
 		addNotification({
 			type: 'error',
@@ -895,6 +953,7 @@ async function handleViewModpackContent() {
 }
 
 async function handleModpackContentToggle(item: ContentItem) {
+	if (setupActionDisabled.value) return
 	const addon = addonLookup.value.get(item.file_name)
 	if (!addon) return
 	modpackContentModal.value?.updateItem(item.file_name, { disabled: true })
@@ -903,6 +962,18 @@ async function handleModpackContentToggle(item: ContentItem) {
 		modpackAddons.value = modpackAddons.value.map((a) =>
 			a.filename === addon.filename ? { ...a, disabled: !addon.disabled } : a,
 		)
+		queryClient.setQueryData(
+			modpackContentQueryKey.value,
+			(oldData: Archon.Content.v1.Addons | undefined) =>
+				oldData
+					? {
+							...oldData,
+							addons: (oldData.addons ?? []).map((a) =>
+								a.filename === addon.filename ? { ...a, disabled: !addon.disabled } : a,
+							),
+						}
+					: oldData,
+		)
 		modpackContentModal.value?.updateItem(item.file_name, {
 			enabled: !item.enabled,
 			disabled: false,
@@ -913,6 +984,7 @@ async function handleModpackContentToggle(item: ContentItem) {
 }
 
 async function handleModpackBulkToggle(items: ContentItem[], enable: boolean) {
+	if (setupActionDisabled.value) return
 	const requests = itemsToAddonRequests(items)
 	if (requests.length === 0) return
 
@@ -930,6 +1002,20 @@ async function handleModpackBulkToggle(items: ContentItem[], enable: boolean) {
 		} else {
 			await client.archon.content_v1.disableAddons(serverId, worldId.value!, requests)
 		}
+		queryClient.setQueryData(
+			modpackContentQueryKey.value,
+			(oldData: Archon.Content.v1.Addons | undefined) =>
+				oldData
+					? {
+							...oldData,
+							addons: (oldData.addons ?? []).map((addon) =>
+								items.some((item) => item.file_name === addon.filename)
+									? { ...addon, disabled: !enable }
+									: addon,
+							),
+						}
+					: oldData,
+		)
 		await queryClient.invalidateQueries({ queryKey: queryKey.value })
 	} catch (err) {
 		for (const item of items) {
@@ -951,6 +1037,7 @@ function handleModpackUnlink() {
 }
 
 async function handleModpackUnlinkConfirm() {
+	if (setupActionDisabled.value) return
 	try {
 		await client.archon.content_v1.unlinkModpack(serverId, worldId.value!)
 		await contentQuery.refetch()
@@ -964,6 +1051,7 @@ async function handleModpackUnlinkConfirm() {
 }
 
 async function handleBulkUpdate(items: ContentItem[]) {
+	if (setupActionDisabled.value) return
 	const addons = items
 		.filter((item) => item.has_update)
 		.map((item) => ({
@@ -1063,6 +1151,7 @@ function resetUpdateState() {
 }
 
 function handleModalUpdate(selectedVersion: Labrinth.Versions.v2.Version, event?: MouseEvent) {
+	if (setupActionDisabled.value) return
 	if (updatingModpack.value) {
 		pendingModpackUpdateVersion.value = selectedVersion
 
@@ -1100,6 +1189,7 @@ function setAddonInstalling(filename: string, installing: boolean) {
 }
 
 async function performUpdate(selectedVersion: Labrinth.Versions.v2.Version) {
+	if (setupActionDisabled.value) return
 	const item = updatingProject.value
 	if (item) {
 		setAddonInstalling(item.file_name, true)
@@ -1142,6 +1232,7 @@ async function performUpdate(selectedVersion: Labrinth.Versions.v2.Version) {
 }
 
 function handleModpackUpdateConfirm() {
+	if (setupActionDisabled.value) return
 	if (pendingModpackUpdateVersion.value) {
 		contentUpdaterModal.value?.hide()
 		performUpdate(pendingModpackUpdateVersion.value)
@@ -1177,32 +1268,10 @@ provideContentManager({
 	error: computed(() => contentQuery.error.value ?? null),
 	modpack,
 	isPackLocked: ref(false),
-	isBusy: computed(() => busyReasons.value.length > 0),
-	busyMessage: computed(() => {
-		const bannerCoversInstalling =
-			server.value?.status === 'installing' ||
-			isSyncingContent.value ||
-			busyReasons.value.some(
-				(r) =>
-					r.reason.id === 'servers.busy.installing' ||
-					r.reason.id === 'servers.busy.syncing-content',
-			)
-		const filteredReasons = busyReasons.value.filter((r) => {
-			if (
-				bannerCoversInstalling &&
-				(r.reason.id === 'servers.busy.installing' ||
-					r.reason.id === 'servers.busy.syncing-content')
-			)
-				return false
-			if (
-				r.reason.id === 'servers.busy.backup-creating' ||
-				r.reason.id === 'servers.busy.backup-restoring'
-			)
-				return false
-			return true
-		})
-		return filteredReasons.length > 0 ? formatMessage(filteredReasons[0].reason) : null
-	}),
+	isBusy: setupActionDisabled,
+	busyMessage: setupActionBusyMessage,
+	disableAddContent: computed(() => !canSetup.value),
+	disableAddContentTooltip: permissionDeniedMessage.value,
 	contentTypeLabel: type,
 	toggleEnabled: handleToggleEnabled,
 	deleteItem: handleDeleteItem,
@@ -1253,15 +1322,24 @@ provideContentManager({
 	<ReadyTransition :pending="contentReadyPending">
 		<ContentPageLayout :bottom-padding="false">
 			<template #modals>
-				<ConfirmUnlinkModal ref="modpackUnlinkModal" server @unlink="handleModpackUnlinkConfirm" />
+				<ConfirmUnlinkModal
+					ref="modpackUnlinkModal"
+					server
+					:action-disabled="setupActionDisabled"
+					:action-disabled-tooltip="setupActionBusyMessage ?? undefined"
+					@unlink="handleModpackUnlinkConfirm"
+				/>
 				<ModpackContentModal
 					ref="modpackContentModal"
 					:modpack-name="modpack?.project.title"
 					:modpack-icon-url="modpack?.project.icon_url"
 					enable-toggle
+					:action-disabled="setupActionDisabled"
+					:action-disabled-tooltip="setupActionBusyMessage ?? undefined"
 					@update:enabled="handleModpackContentToggle"
 					@bulk:enable="handleModpackBulkToggle($event, true)"
 					@bulk:disable="handleModpackBulkToggle($event, false)"
+					@hide="isModpackContentModalOpen = false"
 				/>
 				<ContentUpdaterModal
 					v-if="updatingProject || updatingModpack"
@@ -1288,6 +1366,8 @@ provideContentManager({
 					"
 					:loading="loadingVersions"
 					:loading-changelog="loadingChangelog"
+					:action-disabled="setupActionDisabled"
+					:action-disabled-tooltip="setupActionBusyMessage ?? undefined"
 					@update="handleModalUpdate"
 					@cancel="resetUpdateState"
 					@version-select="handleVersionSelect"
@@ -1305,6 +1385,8 @@ provideContentManager({
 				.join(' ')
 		"
 		server
+		:action-disabled="setupActionDisabled"
+		:action-disabled-tooltip="setupActionBusyMessage ?? undefined"
 		@confirm="handleModpackUpdateConfirm"
 		@cancel="handleModpackUpdateCancel"
 	/>
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/files.vue b/packages/ui/src/layouts/wrapped/hosting/manage/files.vue
index 66b5e099fa..b62fe58237 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/files.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/files.vue
@@ -8,6 +8,7 @@ import ReadyTransition from '#ui/components/base/ReadyTransition.vue'
 import { useReadyState } from '#ui/composables'
 import { useUploadSessionUpload } from '#ui/composables/hosting/kyros-session-upload'
 import { useVIntl } from '#ui/composables/i18n'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import {
 	injectModrinthClient,
 	injectModrinthServerContext,
@@ -43,6 +44,7 @@ const fileUploadSession = useUploadSessionUpload({
 })
 const { addNotification } = injectNotificationManager()
 const { formatMessage } = useVIntl()
+const { canWriteFiles, canUsePowerActions, permissionDeniedMessage } = useServerPermissions()
 
 const route = useRoute()
 const router = useRouter()
@@ -52,6 +54,10 @@ const serverBusy = computed(() => busyReasons.value.length > 0)
 const busyTooltip = computed(() =>
 	busyReasons.value.length > 0 ? formatMessage(busyReasons.value[0].reason) : undefined,
 )
+const fileWriteDisabled = computed(() => !canWriteFiles.value || serverBusy.value)
+const fileWriteDisabledTooltip = computed(() =>
+	canWriteFiles.value ? busyTooltip.value : permissionDeniedMessage.value,
+)
 const nonBackupBusyReasons = computed(() =>
 	busyReasons.value.filter(
 		(r) =>
@@ -325,6 +331,7 @@ const createMutation = useMutation({
 
 // Extraction
 async function extractFile(path: string, override: boolean, dry: boolean) {
+	if (fileWriteDisabled.value) return
 	if (dry) {
 		return await client.kyros.files_v0.extractFile(path, override, true)
 	}
@@ -346,6 +353,7 @@ async function readFileAsBlob(path: string): Promise<Blob> {
 }
 
 async function writeFile(path: string, content: string): Promise<void> {
+	if (fileWriteDisabled.value) return
 	await client.kyros.files_v0.updateFile(path, content)
 	queryClient.invalidateQueries({ queryKey: ['servers', 'detail', serverId] })
 }
@@ -383,6 +391,7 @@ onMounted(async () => {
 
 // Restart
 async function restartServer() {
+	if (!canUsePowerActions.value) return
 	await client.archon.servers_v0.power(serverId, 'Restart')
 }
 
@@ -392,7 +401,7 @@ function getSessionUploadFilename(fileName: string) {
 }
 
 async function uploadFiles(files: File[]) {
-	if (files.length === 0) return
+	if (fileWriteDisabled.value || files.length === 0) return
 
 	try {
 		const result = await fileUploadSession.uploadFiles(
@@ -426,16 +435,20 @@ provideFileManager({
 	startEditing,
 	stopEditing,
 	createItem: async (name, type) => {
+		if (fileWriteDisabled.value) return
 		const path = `${currentPath.value}/${name}`.replace('//', '/')
 		await createMutation.mutateAsync({ path, type })
 	},
 	renameItem: async (path, newName) => {
+		if (fileWriteDisabled.value) return
 		await renameMutation.mutateAsync({ path, newName })
 	},
 	moveItem: async (source, destination) => {
+		if (fileWriteDisabled.value) return
 		await moveMutation.mutateAsync({ source, destination })
 	},
 	deleteItem: async (path, recursive) => {
+		if (fileWriteDisabled.value) return
 		await deleteMutation.mutateAsync({ path, recursive })
 	},
 	readFile,
@@ -446,14 +459,14 @@ provideFileManager({
 	cancelUpload,
 	uploadState,
 	refresh: refreshList,
-	isBusy: serverBusy,
-	busyTooltip,
+	isBusy: fileWriteDisabled,
+	busyTooltip: fileWriteDisabledTooltip,
 	busyWarning,
 	extractFile,
 	prefetchDirectory,
 	prefetchFile,
 	showInstallFromUrl: true,
-	canRestart: true,
+	canRestart: canUsePowerActions.value,
 	restartServer,
 	canShareToMclogs: true,
 })
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/index.vue b/packages/ui/src/layouts/wrapped/hosting/manage/index.vue
index c599dc2c8a..0b41bcf13b 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/index.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/index.vue
@@ -68,7 +68,7 @@
 						<li v-if="fetchError" class="text-red">
 							<p>{{ formatMessage(messages.errorDetails) }}</p>
 							<CopyCode
-								:text="(fetchError as ModrinthServersFetchError).message || 'Unknown error'"
+								:text="formatFetchError(fetchError)"
 								:copyable="false"
 								:selectable="false"
 								:language="'json'"
@@ -143,7 +143,7 @@
 					/>
 				</div>
 
-				<div v-else key="list">
+				<div v-else key="list" class="flex flex-col gap-6">
 					<Transition
 						enter-active-class="transition-all duration-300 ease-out"
 						enter-from-class="opacity-0 max-h-0"
@@ -161,29 +161,67 @@
 						</div>
 					</Transition>
 
-					<TransitionGroup
-						v-if="filteredData.length > 0 || isPollingForNewServers"
-						name="list"
-						tag="ul"
-						class="m-0 flex flex-col gap-3 p-0"
-					>
-						<MedalServerListing
-							v-for="server in filteredData.filter((s) => s.is_medal)"
-							:key="server.server_id"
-							v-bind="server"
-							@upgrade="openMedalUpgradeModal"
-						/>
-						<ServerListing
-							v-for="server in filteredData.filter((s) => !s.is_medal)"
-							:key="server.server_id"
-							v-bind="server"
-							:cancellation-date="serverBillingMap.get(server.server_id)?.cancellationDate"
-							:is-provisioning="serverBillingMap.get(server.server_id)?.isProvisioning"
-							:on-resubscribe="serverBillingMap.get(server.server_id)?.onResubscribe"
-							:on-download-backup="serverBillingMap.get(server.server_id)?.onDownloadBackup"
-						/>
-					</TransitionGroup>
-					<div v-else>{{ formatMessage(messages.noServersFound) }}</div>
+					<section v-if="ownedServerList.length > 0" class="flex flex-col gap-3">
+						<h2 class="m-0 text-xl font-semibold text-primary">
+							{{ formatMessage(messages.yourServersTitle) }}
+						</h2>
+						<TransitionGroup
+							v-if="ownedFilteredData.length > 0"
+							name="list"
+							tag="ul"
+							class="m-0 flex flex-col gap-3 p-0"
+						>
+							<MedalServerListing
+								v-for="server in ownedFilteredData.filter((s) => s.is_medal)"
+								:key="`owned-medal-${server.server_id}`"
+								v-bind="server"
+								@upgrade="openMedalUpgradeModal"
+							/>
+							<ServerListing
+								v-for="server in ownedFilteredData.filter((s) => !s.is_medal)"
+								:key="`owned-${server.server_id}`"
+								v-bind="server"
+								:cancellation-date="serverBillingMap.get(server.server_id)?.cancellationDate"
+								:is-provisioning="serverBillingMap.get(server.server_id)?.isProvisioning"
+								:on-resubscribe="serverBillingMap.get(server.server_id)?.onResubscribe"
+								:on-download-backup="serverBillingMap.get(server.server_id)?.onDownloadBackup"
+							/>
+						</TransitionGroup>
+						<div v-else class="text-secondary">
+							{{ formatMessage(messages.noOwnedServersFound) }}
+						</div>
+					</section>
+
+					<section v-if="sharedServerList.length > 0" class="flex flex-col gap-3">
+						<h2 class="m-0 text-xl font-semibold text-primary">
+							{{ formatMessage(messages.sharedServersTitle) }}
+						</h2>
+						<TransitionGroup
+							v-if="sharedFilteredData.length > 0"
+							name="list"
+							tag="ul"
+							class="m-0 flex flex-col gap-3 p-0"
+						>
+							<MedalServerListing
+								v-for="server in sharedFilteredData.filter((s) => s.is_medal)"
+								:key="`shared-medal-${server.server_id}`"
+								v-bind="server"
+								@upgrade="openMedalUpgradeModal"
+							/>
+							<ServerListing
+								v-for="server in sharedFilteredData.filter((s) => !s.is_medal)"
+								:key="`shared-${server.server_id}`"
+								v-bind="server"
+							/>
+						</TransitionGroup>
+						<div v-else class="text-secondary">
+							{{ formatMessage(messages.noSharedServersFound) }}
+						</div>
+					</section>
+
+					<div v-if="filteredData.length === 0 && !isPollingForNewServers">
+						{{ formatMessage(messages.noServersFound) }}
+					</div>
 				</div>
 			</Transition>
 		</template>
@@ -210,7 +248,6 @@ import {
 	useServerBackupDownload,
 	useVIntl,
 } from '@modrinth/ui'
-import type { ModrinthServersFetchError } from '@modrinth/utils'
 import { useQuery, useQueryClient } from '@tanstack/vue-query'
 import { useIntervalFn } from '@vueuse/core'
 import dayjs from 'dayjs'
@@ -220,6 +257,7 @@ import { type ComponentPublicInstance, computed, ref, watch } from 'vue'
 import { useRoute, useRouter } from 'vue-router'
 
 import ServersUpgradeModalWrapper from '#ui/components/billing/ServersUpgradeModalWrapper.vue'
+import type { ServerListingOwner } from '#ui/components/servers/access'
 import MedalServerListing from '#ui/components/servers/marketing/MedalServerListing.vue'
 import ServerListing from '#ui/components/servers/ServerListing.vue'
 import { createHostingPurchaseIntentContext, provideHostingPurchaseIntent } from '#ui/providers'
@@ -270,11 +308,27 @@ const messages = defineMessages({
 		defaultMessage: 'Search {count} {count, plural, one {server} other {servers}}...',
 	},
 	newServerButton: { id: 'servers.manage.new-server-button', defaultMessage: 'New server' },
+	yourServersTitle: {
+		id: 'servers.manage.your-servers-title',
+		defaultMessage: 'Your servers',
+	},
+	sharedServersTitle: {
+		id: 'servers.manage.shared-servers-title',
+		defaultMessage: 'Shared servers',
+	},
 	checkingForNewServers: {
 		id: 'servers.manage.checking-for-new-servers',
 		defaultMessage: 'Checking for new servers...',
 	},
 	noServersFound: { id: 'servers.manage.no-servers-found', defaultMessage: 'No servers found.' },
+	noOwnedServersFound: {
+		id: 'servers.manage.no-owned-servers-found',
+		defaultMessage: 'No servers you own match your search.',
+	},
+	noSharedServersFound: {
+		id: 'servers.manage.no-shared-servers-found',
+		defaultMessage: 'No shared servers match your search.',
+	},
 	handleErrorTitle: {
 		id: 'servers.manage.handle-error.title',
 		defaultMessage: 'An error occurred',
@@ -568,19 +622,15 @@ const serverList = computed<Archon.Servers.v0.Server[]>(() => {
 
 const showEmptyState = computed(
 	() =>
-		!showServersListLoading.value && serverList.value.length === 0 && !isPollingForNewServers.value,
+		!showServersListLoading.value &&
+		ownedServerList.value.length === 0 &&
+		sharedServerList.value.length === 0 &&
+		!isPollingForNewServers.value,
 )
 
 const searchInput = ref('')
 
-const fuse = computed(() => {
-	if (serverList.value.length === 0) return null
-	return new Fuse(serverList.value, {
-		keys: ['name', 'loader', 'mc_version', 'game', 'state'],
-		includeScore: true,
-		threshold: 0.4,
-	})
-})
+type ServerWithOwner = Archon.Servers.v0.Server & { owner?: ServerListingOwner }
 
 function isSetToCancel(server: Archon.Servers.v0.Server): boolean {
 	return (
@@ -617,14 +667,56 @@ function filesExpired(server: Archon.Servers.v0.Server): boolean {
 	return new Date() > thirtyDaysLater
 }
 
-const filteredData = computed<Archon.Servers.v0.Server[]>(() => {
-	const base = !searchInput.value.trim()
-		? sortServers(serverList.value)
-		: fuse.value
-			? sortServers(fuse.value.search(searchInput.value).map((result) => result.item))
-			: []
-	return base.filter((server) => !filesExpired(server))
-})
+function isServerOwnedByCurrentUser(server: Archon.Servers.v0.Server): boolean {
+	return server.owner_id === auth.user.value?.id
+}
+
+function getServerOwner(server: Archon.Servers.v0.Server): ServerListingOwner | undefined {
+	const owner = serverResponse.value?.users?.[server.owner_id]
+	if (!owner) return undefined
+
+	return {
+		username: owner.username,
+		avatarUrl: owner.avatar_url ?? undefined,
+	}
+}
+
+const ownedServerList = computed<ServerWithOwner[]>(() =>
+	serverList.value.filter((server) => !filesExpired(server) && isServerOwnedByCurrentUser(server)),
+)
+const sharedServerList = computed<ServerWithOwner[]>(() =>
+	serverList.value
+		.filter((server) => !filesExpired(server) && !isServerOwnedByCurrentUser(server))
+		.map((server) => ({
+			...server,
+			owner: getServerOwner(server),
+		})),
+)
+
+function filterServersBySearch(servers: ServerWithOwner[]): ServerWithOwner[] {
+	const normalizedSearch = searchInput.value.trim()
+	if (!normalizedSearch) return sortServers(servers) as ServerWithOwner[]
+
+	const fuse = new Fuse(servers, {
+		keys: ['name', 'loader', 'mc_version', 'game', 'state', 'owner.username'],
+		includeScore: true,
+		threshold: 0.4,
+	})
+	return sortServers(
+		fuse.search(normalizedSearch).map((result) => result.item),
+	) as ServerWithOwner[]
+}
+
+const ownedFilteredData = computed<ServerWithOwner[]>(() =>
+	filterServersBySearch(ownedServerList.value),
+)
+const sharedFilteredData = computed<ServerWithOwner[]>(() =>
+	filterServersBySearch(sharedServerList.value),
+)
+const filteredData = computed<ServerWithOwner[]>(() => [
+	...ownedFilteredData.value,
+	...sharedFilteredData.value,
+])
 
 // Start polling only after initial data is available so the baseline is correct
 watch(serverResponse, (response) => {
@@ -688,6 +780,10 @@ function handleError(err: unknown) {
 	})
 }
 
+function formatFetchError(error: unknown) {
+	return error instanceof Error && error.message ? error.message : 'Unknown error'
+}
+
 function handleSignIn() {
 	void auth.requestSignIn('/hosting/manage')
 }
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/overview.vue b/packages/ui/src/layouts/wrapped/hosting/manage/overview.vue
index e8e6c8463f..a644f2c4e9 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/overview.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/overview.vue
@@ -41,6 +41,7 @@ import { computed, ref, watch } from 'vue'
 
 import ServerManageStats from '#ui/components/servers/ServerManageStats.vue'
 import { useModrinthServersConsole } from '#ui/composables'
+import { useServerPermissions } from '#ui/composables/server-permissions'
 import { ConsolePageLayout, provideConsoleManager } from '#ui/layouts/shared/console'
 import { injectModrinthClient, injectModrinthServerContext } from '#ui/providers'
 
@@ -64,6 +65,7 @@ const {
 	powerStateDetails: _powerStateDetails,
 } = injectModrinthServerContext()
 const modrinthServersConsole = useModrinthServersConsole()
+const { canUsePowerActions, permissionDeniedMessage } = useServerPermissions()
 
 watch(
 	() => props.showAdvancedDebugInfo,
@@ -107,6 +109,7 @@ const dismissCrash = () => {
 provideConsoleManager({
 	logLines: modrinthServersConsole.output,
 	sendCommand: (cmd: string) => {
+		if (!canUsePowerActions.value) return
 		try {
 			client.archon.sockets.send(serverId, { event: 'command', cmd })
 		} catch (error) {
@@ -114,7 +117,12 @@ provideConsoleManager({
 		}
 	},
 	showCommandInput: true,
-	disableCommandInput: computed(() => serverPowerState.value !== 'running'),
+	disableCommandInput: computed(
+		() => !canUsePowerActions.value || serverPowerState.value !== 'running',
+	),
+	disableCommandInputTooltip: computed(() =>
+		canUsePowerActions.value ? undefined : permissionDeniedMessage.value,
+	),
 	loading: computed(
 		() =>
 			!isConnected.value ||
@@ -122,6 +130,7 @@ provideConsoleManager({
 			isWsAuthIncorrect.value,
 	),
 	onClear: async () => {
+		if (!canUsePowerActions.value) return
 		modrinthServersConsole.clear()
 		try {
 			await client.kyros.logs_v1.clear()
@@ -129,6 +138,10 @@ provideConsoleManager({
 			console.error('Failed to clear server logs:', error)
 		}
 	},
+	clearDisabled: computed(() => !canUsePowerActions.value),
+	clearDisabledTooltip: computed(() =>
+		canUsePowerActions.value ? undefined : permissionDeniedMessage.value,
+	),
 	shareDisabled: computed(() => !isConnected.value),
 	emptyStateType: 'server',
 	crashAnalysis,
diff --git a/packages/ui/src/layouts/wrapped/hosting/manage/root.vue b/packages/ui/src/layouts/wrapped/hosting/manage/root.vue
index 36bf2a3e63..281d2f90e9 100644
--- a/packages/ui/src/layouts/wrapped/hosting/manage/root.vue
+++ b/packages/ui/src/layouts/wrapped/hosting/manage/root.vue
@@ -3,7 +3,7 @@
 		v-if="filteredNotices.length > 0"
 		class="relative mx-auto mb-4 flex w-full min-w-0 flex-col gap-3 px-6"
 		:class="{
-			'max-w-[1280px]': isNuxt,
+			'max-w-[1280px]': constrainWidth,
 		}"
 	>
 		<ServerNotice
@@ -107,7 +107,7 @@
 		}"
 		:class="[
 			'server-panel-' + revealState,
-			isNuxt ? 'min-h-[100svh] max-w-[1280px] pb-16' : 'min-h-[calc(100svh-100px)] pb-6',
+			constrainWidth ? 'min-h-[100svh] max-w-[1280px] pb-16' : 'min-h-[calc(100svh-100px)] pb-6',
 		]"
 	>
 		<template v-if="revealState !== 'pending' || isOnboarding">
@@ -344,7 +344,7 @@
 
 <script setup lang="ts">
 import type { Archon, Labrinth } from '@modrinth/api-client'
-import { ModrinthApiError, NuxtModrinthClient } from '@modrinth/api-client'
+import { ModrinthApiError } from '@modrinth/api-client'
 import {
 	BoxesIcon,
 	CheckIcon,
@@ -360,9 +360,9 @@ import {
 	SettingsIcon,
 	TransferIcon,
 	TriangleAlertIcon,
+	UsersIcon,
 	XIcon,
 } from '@modrinth/assets'
-import type { Stats } from '@modrinth/utils'
 import { useQuery, useQueryClient } from '@tanstack/vue-query'
 import { useStorage, useTimeoutFn } from '@vueuse/core'
 import DOMPurify from 'dompurify'
@@ -384,6 +384,7 @@ import {
 } from '#ui/components/servers/server-header'
 import ServerSettingsModal from '#ui/components/servers/ServerSettingsModal.vue'
 import {
+	hasServerPermission,
 	useDebugLogger,
 	useLoadingBarToken,
 	useModrinthServersConsole,
@@ -394,6 +395,7 @@ import {
 import { defineMessages, useVIntl } from '#ui/composables/i18n'
 import { useServerBackupsQueue } from '#ui/composables/server-backups-queue'
 import { useServerManageCoreRuntime } from '#ui/composables/server-manage-core-runtime'
+import { useServerPanelSync } from '#ui/composables/server-panel-sync'
 import type { LogLine } from '#ui/layouts/shared/console'
 import type { ServerSettingsTabId } from '#ui/layouts/shared/server-settings'
 import {
@@ -401,6 +403,8 @@ import {
 	injectNotificationManager,
 	provideServerSettingsModal,
 } from '#ui/providers'
+import type { ServerStats } from '#ui/providers/server-context'
+import { commonMessages } from '#ui/utils/common-messages'
 import { formatLoaderLabel } from '#ui/utils/loaders'
 import {
 	pendingServerContentInstallsEvent,
@@ -442,6 +446,7 @@ const props = withDefaults(
 			worldId: string | null
 			type: 'mod' | 'plugin' | 'datapack'
 		}) => void | Promise<void>
+		constrainWidth?: boolean
 	}>(),
 	{
 		showCopyIdAction: false,
@@ -456,6 +461,7 @@ const props = withDefaults(
 		navigateToServers: undefined,
 		browseModpacks: undefined,
 		browseContent: undefined,
+		constrainWidth: false,
 	},
 )
 
@@ -492,7 +498,7 @@ const DISABLE_LOADING_ANIM = true
 
 const { addNotification } = injectNotificationManager()
 const client = injectModrinthClient()
-const isNuxt = computed(() => client instanceof NuxtModrinthClient)
+const constrainWidth = computed(() => props.constrainWidth)
 const queryClient = useQueryClient()
 const route = useRoute()
 const router = useRouter()
@@ -561,6 +567,11 @@ const { handleWsBackupProgress, busyReasons: backupsBusy } = useServerBackupsQue
 	worldId,
 )
 
+const { disconnect: disconnectPanelSync } = useServerPanelSync({
+	serverId: computed(() => props.serverId),
+	worldId,
+})
+
 const { image: serverImage } = useServerImage(
 	props.serverId,
 	computed(() => serverData.value?.upstream ?? null),
@@ -672,6 +683,7 @@ const {
 	serverId: computed(() => props.serverId),
 	worldId,
 	server: serverData,
+	serverFull,
 	isSyncingContent,
 	extraBusyReasons: backupsBusy,
 	setDisconnectedOnAuthIncorrect: false,
@@ -682,6 +694,10 @@ const {
 })
 
 const isUploading = computed(() => uploadState.value.isUploading)
+const canSetup = computed(() =>
+	hasServerPermission(serverData.value?.current_user_permissions ?? 0, 'SETUP'),
+)
+const permissionDeniedMessage = computed(() => formatMessage(commonMessages.noPermissionAction))
 
 function handleBeforeUnload(e: BeforeUnloadEvent) {
 	if (isUploading.value) {
@@ -714,7 +730,7 @@ if (typeof window !== 'undefined') {
 }
 
 type CachedWsState = {
-	stats: Stats
+	stats: ServerStats
 	cpuData: number[]
 	ramData: number[]
 	powerState: Archon.Websocket.v0.PowerState
@@ -822,6 +838,12 @@ const navLinks = computed<Tab[]>(() => [
 		icon: DatabaseBackupIcon,
 		subpages: [],
 	},
+	{
+		label: 'Access',
+		href: `/hosting/manage/${props.serverId}/access`,
+		icon: UsersIcon,
+		subpages: [],
+	},
 	...props.additionalTabs,
 ])
 
@@ -932,6 +954,13 @@ function loadTallyScript() {
 
 async function handleContentRetry() {
 	if (!worldId.value) return
+	if (!canSetup.value) {
+		addNotification({
+			type: 'error',
+			text: permissionDeniedMessage.value,
+		})
+		return
+	}
 	try {
 		await client.archon.content_v1.repair(props.serverId, worldId.value)
 	} catch (err) {
@@ -1361,6 +1390,7 @@ const cleanup = () => {
 	saveWsStateToCache()
 
 	cleanupCoreRuntime(props.serverId)
+	disconnectPanelSync()
 
 	isReconnecting.value = false
 	isLoading.value = true
diff --git a/packages/ui/src/layouts/wrapped/index.ts b/packages/ui/src/layouts/wrapped/index.ts
index d91f53ee78..6ca4cc12b0 100644
--- a/packages/ui/src/layouts/wrapped/index.ts
+++ b/packages/ui/src/layouts/wrapped/index.ts
@@ -1,4 +1,5 @@
 export { default as ServerOnboardingPanelPage } from './hosting/manage/[id]/onboarding.vue'
+export { default as ServersManageAccessPage } from './hosting/manage/access.vue'
 export { default as ServersManageBackupsPage } from './hosting/manage/backups.vue'
 export { default as ServersManageContentPage } from './hosting/manage/content.vue'
 export { default as ServersManageFilesPage } from './hosting/manage/files.vue'
diff --git a/packages/ui/src/locales/en-US/index.json b/packages/ui/src/locales/en-US/index.json
index 16f4663e2e..f6ce0d4882 100644
--- a/packages/ui/src/locales/en-US/index.json
+++ b/packages/ui/src/locales/en-US/index.json
@@ -1,4 +1,7 @@
 {
+  "action.no-permission": {
+    "defaultMessage": "You do not have permission."
+  },
   "affiliate.create.button": {
     "defaultMessage": "Create affiliate link"
   },
@@ -821,6 +824,222 @@
   "creation-flow.title.set-up-server": {
     "defaultMessage": "Set up server"
   },
+  "external-files.permissions-card.add": {
+    "defaultMessage": "Add attribution"
+  },
+  "external-files.permissions-card.add-files-modal.confirm": {
+    "defaultMessage": "{count, plural, one {Add file} other {Add files}}"
+  },
+  "external-files.permissions-card.add-files-modal.description": {
+    "defaultMessage": "Select any files that should be moved into this group."
+  },
+  "external-files.permissions-card.add-files-modal.empty": {
+    "defaultMessage": "There are no files in other groups that can be moved here."
+  },
+  "external-files.permissions-card.add-files-modal.load-error.title": {
+    "defaultMessage": "Could not load files"
+  },
+  "external-files.permissions-card.add-files-modal.no-search-results": {
+    "defaultMessage": "No files match your search."
+  },
+  "external-files.permissions-card.add-files-modal.search-placeholder": {
+    "defaultMessage": "Search files…"
+  },
+  "external-files.permissions-card.add-files-modal.selected-count": {
+    "defaultMessage": "{count, plural, one {# file selected} other {# files selected}}"
+  },
+  "external-files.permissions-card.add-files-modal.title": {
+    "defaultMessage": "Add files to this group"
+  },
+  "external-files.permissions-card.add-files-to-group": {
+    "defaultMessage": "Add files..."
+  },
+  "external-files.permissions-card.all-rights-reserved": {
+    "defaultMessage": "All Rights Reserved/No license"
+  },
+  "external-files.permissions-card.assign-files-error.title": {
+    "defaultMessage": "Could not add files"
+  },
+  "external-files.permissions-card.attribution.moderation-status.content-not-allowed": {
+    "defaultMessage": "Content not allowed"
+  },
+  "external-files.permissions-card.attribution.moderation-status.passed": {
+    "defaultMessage": "Passed"
+  },
+  "external-files.permissions-card.attribution.moderation-status.rejected-proof": {
+    "defaultMessage": "Proof rejected"
+  },
+  "external-files.permissions-card.badge.attributed": {
+    "defaultMessage": "Attributed"
+  },
+  "external-files.permissions-card.badge.no-permission": {
+    "defaultMessage": "No permission"
+  },
+  "external-files.permissions-card.badge.pending": {
+    "defaultMessage": "Pending"
+  },
+  "external-files.permissions-card.custom-license-label": {
+    "defaultMessage": "Link to license"
+  },
+  "external-files.permissions-card.custom-license-option": {
+    "defaultMessage": "Other"
+  },
+  "external-files.permissions-card.error.custom-license-required": {
+    "defaultMessage": "Please include a link to your license. If you have none, you should likely select 'All Rights Reserved/No license'"
+  },
+  "external-files.permissions-card.error.explanation-or-images-required": {
+    "defaultMessage": "Please provide an explanation or upload at least one proof image."
+  },
+  "external-files.permissions-card.error.license-required": {
+    "defaultMessage": "Please select a license."
+  },
+  "external-files.permissions-card.error.link-invalid-url": {
+    "defaultMessage": "Link must be a valid URL."
+  },
+  "external-files.permissions-card.error.link-required": {
+    "defaultMessage": "Please provide a link."
+  },
+  "external-files.permissions-card.error.proof-image-invalid-type": {
+    "defaultMessage": "Please upload a PNG, JPEG, GIF, WebP, or BMP image."
+  },
+  "external-files.permissions-card.error.proof-images-required": {
+    "defaultMessage": "Please upload at least one proof image."
+  },
+  "external-files.permissions-card.explanation-description": {
+    "defaultMessage": "A short explanation or proof images are required."
+  },
+  "external-files.permissions-card.explanation-label": {
+    "defaultMessage": "Explanation"
+  },
+  "external-files.permissions-card.fallback-group-title": {
+    "defaultMessage": "Attribution group {id}"
+  },
+  "external-files.permissions-card.file-count": {
+    "defaultMessage": "{count, plural, one {# file} other {# files}}"
+  },
+  "external-files.permissions-card.included-files": {
+    "defaultMessage": "Included files:"
+  },
+  "external-files.permissions-card.included-in-versions": {
+    "defaultMessage": "Included in {count, plural, one {# version} other {# versions}}:"
+  },
+  "external-files.permissions-card.input-optional": {
+    "defaultMessage": "(optional)"
+  },
+  "external-files.permissions-card.last-updated": {
+    "defaultMessage": "Last updated on {date} by {user}"
+  },
+  "external-files.permissions-card.license-label": {
+    "defaultMessage": "License"
+  },
+  "external-files.permissions-card.license.unknown": {
+    "defaultMessage": "Unknown"
+  },
+  "external-files.permissions-card.licensed-as": {
+    "defaultMessage": "Licensed:"
+  },
+  "external-files.permissions-card.link-label": {
+    "defaultMessage": "Link to work"
+  },
+  "external-files.permissions-card.link-to-license-url-placeholder": {
+    "defaultMessage": "link-to-license"
+  },
+  "external-files.permissions-card.link-to-work-url-placeholder": {
+    "defaultMessage": "link-to-work"
+  },
+  "external-files.permissions-card.moderation.error.title": {
+    "defaultMessage": "Could not save moderation review"
+  },
+  "external-files.permissions-card.modrinth-link-to-work": {
+    "defaultMessage": "This appears to be a Modrinth link. If this content is available on Modrinth, your pack was likely exported incorrectly. If you downloaded it from another site, try downloading the Modrinth version instead; sometimes they are not identical files."
+  },
+  "external-files.permissions-card.not-used-in-versions": {
+    "defaultMessage": "These files are not currently used by any version."
+  },
+  "external-files.permissions-card.notes-label": {
+    "defaultMessage": "Notes"
+  },
+  "external-files.permissions-card.notes-none": {
+    "defaultMessage": "None"
+  },
+  "external-files.permissions-card.notes-placeholder": {
+    "defaultMessage": "Write something here..."
+  },
+  "external-files.permissions-card.original-project-page": {
+    "defaultMessage": "Original project"
+  },
+  "external-files.permissions-card.proof-image-alt": {
+    "defaultMessage": "Proof screenshot {n}"
+  },
+  "external-files.permissions-card.proof-image-remove": {
+    "defaultMessage": "Remove image"
+  },
+  "external-files.permissions-card.proof-images-label": {
+    "defaultMessage": "Proof images"
+  },
+  "external-files.permissions-card.proof-images-upload-prompt": {
+    "defaultMessage": "Drag and drop to upload or click to select an image"
+  },
+  "external-files.permissions-card.proof-warning.body": {
+    "defaultMessage": "If you are found to have lied or manipulated the images uploaded, your project and account may be terminated."
+  },
+  "external-files.permissions-card.proof-warning.title": {
+    "defaultMessage": "Modrinth staff may verify submitted proof"
+  },
+  "external-files.permissions-card.reason.globally-allowed": {
+    "defaultMessage": "Automatically attributed"
+  },
+  "external-files.permissions-card.reason.globally-allowed.description": {
+    "defaultMessage": "We've seen this file before and have prepared an attribution for you. If something seems wrong, please contact Modrinth Support via the Help Center"
+  },
+  "external-files.permissions-card.reason.license": {
+    "defaultMessage": "License"
+  },
+  "external-files.permissions-card.reason.license.description": {
+    "defaultMessage": "The license of this work permits you to redistribute it in your modpack."
+  },
+  "external-files.permissions-card.reason.license.proof-images-description": {
+    "defaultMessage": "Upload supporting documentation related to this license."
+  },
+  "external-files.permissions-card.reason.my-project": {
+    "defaultMessage": "My project"
+  },
+  "external-files.permissions-card.reason.my-project.description": {
+    "defaultMessage": "Original work created by you."
+  },
+  "external-files.permissions-card.reason.my-project.proof-images-description": {
+    "defaultMessage": "Upload files that help verify you created this work."
+  },
+  "external-files.permissions-card.reason.no-permission": {
+    "defaultMessage": "No permission"
+  },
+  "external-files.permissions-card.reason.no-permission.description": {
+    "defaultMessage": "You don't have permission to use this work."
+  },
+  "external-files.permissions-card.reason.special-permission": {
+    "defaultMessage": "Special permission"
+  },
+  "external-files.permissions-card.reason.special-permission.description": {
+    "defaultMessage": "You have obtained special permission to redistribute this work in your modpack."
+  },
+  "external-files.permissions-card.save": {
+    "defaultMessage": "Save attribution"
+  },
+  "external-files.permissions-card.select-license-label": {
+    "defaultMessage": "Select a license..."
+  },
+  "external-files.permissions-card.split-file": {
+    "defaultMessage": "Remove from group"
+  },
+  "external-files.permissions-card.split-file-error.title": {
+    "defaultMessage": "Could not split file"
+  },
+  "external-files.permissions-card.type-label": {
+    "defaultMessage": "Permission reason"
+  },
+  "external-files.permissions-card.unnamed-multi-group-title": {
+    "defaultMessage": "{filename} + {count} more"
+  },
   "external-project-license-status.no": {
     "defaultMessage": "No"
   },
@@ -3260,9 +3479,549 @@
   "search.server_content_type.vanilla": {
     "defaultMessage": "Vanilla"
   },
+  "servers.access-page.activity-log-filter.action-types": {
+    "defaultMessage": "Action types"
+  },
+  "servers.access-page.activity-log-filter.action-types-search": {
+    "defaultMessage": "Search action types..."
+  },
+  "servers.access-page.activity-log-filter.action.addon-added": {
+    "defaultMessage": "Added content"
+  },
+  "servers.access-page.activity-log-filter.action.addon-deleted": {
+    "defaultMessage": "Deleted content"
+  },
+  "servers.access-page.activity-log-filter.action.addon-disabled": {
+    "defaultMessage": "Disabled content"
+  },
+  "servers.access-page.activity-log-filter.action.addon-enabled": {
+    "defaultMessage": "Enabled content"
+  },
+  "servers.access-page.activity-log-filter.action.addon-updated": {
+    "defaultMessage": "Updated content"
+  },
+  "servers.access-page.activity-log-filter.action.addon-uploaded": {
+    "defaultMessage": "Uploaded content"
+  },
+  "servers.access-page.activity-log-filter.action.backup-created": {
+    "defaultMessage": "Created backup"
+  },
+  "servers.access-page.activity-log-filter.action.backup-deleted": {
+    "defaultMessage": "Deleted backup"
+  },
+  "servers.access-page.activity-log-filter.action.backup-renamed": {
+    "defaultMessage": "Renamed backup"
+  },
+  "servers.access-page.activity-log-filter.action.backup-restored": {
+    "defaultMessage": "Restored backup"
+  },
+  "servers.access-page.activity-log-filter.action.changed-server-name": {
+    "defaultMessage": "Changed server name"
+  },
+  "servers.access-page.activity-log-filter.action.changed-server-subdomain": {
+    "defaultMessage": "Changed server subdomain"
+  },
+  "servers.access-page.activity-log-filter.action.console-cleared": {
+    "defaultMessage": "Cleared console"
+  },
+  "servers.access-page.activity-log-filter.action.console-command-executed": {
+    "defaultMessage": "Ran console command"
+  },
+  "servers.access-page.activity-log-filter.action.file-deleted": {
+    "defaultMessage": "Deleted file"
+  },
+  "servers.access-page.activity-log-filter.action.file-edited": {
+    "defaultMessage": "Edited file"
+  },
+  "servers.access-page.activity-log-filter.action.file-renamed": {
+    "defaultMessage": "Renamed file"
+  },
+  "servers.access-page.activity-log-filter.action.file-uploaded": {
+    "defaultMessage": "Uploaded file"
+  },
+  "servers.access-page.activity-log-filter.action.game-version-edited": {
+    "defaultMessage": "Changed Minecraft version"
+  },
+  "servers.access-page.activity-log-filter.action.java-runtime-modified": {
+    "defaultMessage": "Changed Java runtime"
+  },
+  "servers.access-page.activity-log-filter.action.java-version-modified": {
+    "defaultMessage": "Changed Java version"
+  },
+  "servers.access-page.activity-log-filter.action.loader-version-edited": {
+    "defaultMessage": "Changed loader version"
+  },
+  "servers.access-page.activity-log-filter.action.modpack-changed": {
+    "defaultMessage": "Changed modpack"
+  },
+  "servers.access-page.activity-log-filter.action.modpack-unlinked": {
+    "defaultMessage": "Unlinked modpack"
+  },
+  "servers.access-page.activity-log-filter.action.port-allocation-added": {
+    "defaultMessage": "Added port allocation"
+  },
+  "servers.access-page.activity-log-filter.action.port-allocation-removed": {
+    "defaultMessage": "Removed port allocation"
+  },
+  "servers.access-page.activity-log-filter.action.server-created": {
+    "defaultMessage": "Created server"
+  },
+  "servers.access-page.activity-log-filter.action.server-killed": {
+    "defaultMessage": "Killed server"
+  },
+  "servers.access-page.activity-log-filter.action.server-plan-changed": {
+    "defaultMessage": "Changed plan"
+  },
+  "servers.access-page.activity-log-filter.action.server-properties-modified": {
+    "defaultMessage": "Modified server properties"
+  },
+  "servers.access-page.activity-log-filter.action.server-reallocated": {
+    "defaultMessage": "Reallocated server"
+  },
+  "servers.access-page.activity-log-filter.action.server-repaired": {
+    "defaultMessage": "Repaired server"
+  },
+  "servers.access-page.activity-log-filter.action.server-reset": {
+    "defaultMessage": "Reset server"
+  },
+  "servers.access-page.activity-log-filter.action.server-restarted": {
+    "defaultMessage": "Restarted server"
+  },
+  "servers.access-page.activity-log-filter.action.server-started": {
+    "defaultMessage": "Started server"
+  },
+  "servers.access-page.activity-log-filter.action.server-stopped": {
+    "defaultMessage": "Stopped server"
+  },
+  "servers.access-page.activity-log-filter.action.sftp-login": {
+    "defaultMessage": "Logged in via SFTP"
+  },
+  "servers.access-page.activity-log-filter.action.startup-command-modified": {
+    "defaultMessage": "Changed startup command"
+  },
+  "servers.access-page.activity-log-filter.action.user-invite-revoked": {
+    "defaultMessage": "Revoked user invite"
+  },
+  "servers.access-page.activity-log-filter.action.user-invited": {
+    "defaultMessage": "Invited user"
+  },
+  "servers.access-page.activity-log-filter.action.user-permission-modified": {
+    "defaultMessage": "Changed user permissions"
+  },
+  "servers.access-page.activity-log-filter.action.user-removed": {
+    "defaultMessage": "Removed user"
+  },
+  "servers.access-page.activity-log-filter.add": {
+    "defaultMessage": "Add filter"
+  },
+  "servers.access-page.activity-log-filter.clear": {
+    "defaultMessage": "Clear filters"
+  },
+  "servers.access-page.activity-log-filter.empty-options": {
+    "defaultMessage": "No options available."
+  },
+  "servers.access-page.activity-log-filter.empty-search": {
+    "defaultMessage": "No options found."
+  },
+  "servers.access-page.activity-log-filter.instances": {
+    "defaultMessage": "Instances"
+  },
+  "servers.access-page.activity-log-filter.server-scoped-instance": {
+    "defaultMessage": "Server"
+  },
+  "servers.access-page.activity-log-filter.support-actor": {
+    "defaultMessage": "Support"
+  },
+  "servers.access-page.activity-log-filter.users": {
+    "defaultMessage": "User"
+  },
+  "servers.access-page.activity-log-title": {
+    "defaultMessage": "Activity log"
+  },
+  "servers.access-page.invite-friends": {
+    "defaultMessage": "Add user"
+  },
+  "servers.access-page.notification.friend-request-failed.title": {
+    "defaultMessage": "Friend request could not be sent"
+  },
+  "servers.access-page.notification.invite-cancelled.text": {
+    "defaultMessage": "Cancelled the invite for {target}."
+  },
+  "servers.access-page.notification.invite-cancelled.title": {
+    "defaultMessage": "Invite cancelled"
+  },
+  "servers.access-page.notification.invite-failed.title": {
+    "defaultMessage": "Invite could not be sent"
+  },
+  "servers.access-page.notification.invite-resend-unavailable.text": {
+    "defaultMessage": "Invites are accepted automatically for this server."
+  },
+  "servers.access-page.notification.invite-resend-unavailable.title": {
+    "defaultMessage": "Invite cannot be resent"
+  },
+  "servers.access-page.notification.invite-resent.text": {
+    "defaultMessage": "Sent another invite to {target}."
+  },
+  "servers.access-page.notification.invite-resent.title": {
+    "defaultMessage": "Invite resent"
+  },
+  "servers.access-page.notification.invite-sent.text": {
+    "defaultMessage": "Invited {target} as {role}."
+  },
+  "servers.access-page.notification.invite-sent.title": {
+    "defaultMessage": "Invite sent"
+  },
+  "servers.access-page.notification.load-failed.text": {
+    "defaultMessage": "Refresh the page to try again."
+  },
+  "servers.access-page.notification.load-failed.title": {
+    "defaultMessage": "Access could not be loaded"
+  },
+  "servers.access-page.notification.member-removed.text": {
+    "defaultMessage": "Removed {target} from this server."
+  },
+  "servers.access-page.notification.member-removed.title": {
+    "defaultMessage": "Access removed"
+  },
+  "servers.access-page.notification.remove-failed.title": {
+    "defaultMessage": "Access could not be removed"
+  },
+  "servers.access-page.notification.role-update-failed.title": {
+    "defaultMessage": "Role could not be updated"
+  },
+  "servers.access-page.notification.user-lookup-failed.text": {
+    "defaultMessage": "Could not find {target}. Check the username and try again."
+  },
+  "servers.access-page.notification.user-lookup-failed.title": {
+    "defaultMessage": "User could not be found"
+  },
+  "servers.access-page.role-filter.all": {
+    "defaultMessage": "All"
+  },
+  "servers.access-page.role-filter.selected": {
+    "defaultMessage": "Role: {role}"
+  },
+  "servers.access-page.role.editor": {
+    "defaultMessage": "Editor"
+  },
+  "servers.access-page.role.editor-description": {
+    "defaultMessage": "Manage instance content, files, backups, and other settings."
+  },
+  "servers.access-page.role.owner": {
+    "defaultMessage": "Owner"
+  },
+  "servers.access-page.role.owner-description": {
+    "defaultMessage": "Full access including billing, members, and destructive actions."
+  },
+  "servers.access-page.role.viewer": {
+    "defaultMessage": "Limited"
+  },
+  "servers.access-page.role.viewer-description": {
+    "defaultMessage": "Start, stop, and view the server without making changes."
+  },
+  "servers.access-page.search-users-placeholder": {
+    "defaultMessage": "Search {count} {count, plural, one {user} other {users}}..."
+  },
+  "servers.access-role.editor": {
+    "defaultMessage": "Editor"
+  },
+  "servers.access-role.owner": {
+    "defaultMessage": "Owner"
+  },
+  "servers.access-role.viewer": {
+    "defaultMessage": "Limited"
+  },
+  "servers.access-table.action.cancel-invite": {
+    "defaultMessage": "Cancel invite"
+  },
+  "servers.access-table.action.remove-user": {
+    "defaultMessage": "Remove user"
+  },
+  "servers.access-table.action.resend-invite": {
+    "defaultMessage": "Resend invite"
+  },
+  "servers.access-table.action.resend-invite-cooldown": {
+    "defaultMessage": "Resend in {seconds}s"
+  },
+  "servers.access-table.column.actions": {
+    "defaultMessage": "Actions"
+  },
+  "servers.access-table.column.joined": {
+    "defaultMessage": "Joined"
+  },
+  "servers.access-table.column.role": {
+    "defaultMessage": "Role"
+  },
+  "servers.access-table.column.user": {
+    "defaultMessage": "User"
+  },
+  "servers.access-table.empty": {
+    "defaultMessage": "No users match your filters."
+  },
+  "servers.access-table.member-actions-label": {
+    "defaultMessage": "Actions for {username}"
+  },
+  "servers.access-table.pending": {
+    "defaultMessage": "Pending"
+  },
+  "servers.access-table.unknown-joined-date": {
+    "defaultMessage": "—"
+  },
+  "servers.access-table.user-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
   "servers.admonitions.background-task-running": {
     "defaultMessage": "Background task running"
   },
+  "servers.audit-log.actor.support": {
+    "defaultMessage": "Support"
+  },
+  "servers.audit-log.column.event": {
+    "defaultMessage": "Event"
+  },
+  "servers.audit-log.column.time": {
+    "defaultMessage": "Time"
+  },
+  "servers.audit-log.column.user": {
+    "defaultMessage": "User"
+  },
+  "servers.audit-log.column.world": {
+    "defaultMessage": "Instance"
+  },
+  "servers.audit-log.column.world.tooltip-description": {
+    "defaultMessage": "Server instances are contained environments with their own installed content and world files."
+  },
+  "servers.audit-log.column.world.tooltip-title": {
+    "defaultMessage": "Coming soon!"
+  },
+  "servers.audit-log.empty": {
+    "defaultMessage": "No activity matches your filters."
+  },
+  "servers.audit-log.empty.no-activity": {
+    "defaultMessage": "Perform an action on your server and you will see it here!"
+  },
+  "servers.audit-log.event.addon-added": {
+    "defaultMessage": "Added content <content></content>"
+  },
+  "servers.audit-log.event.addon-changed": {
+    "defaultMessage": "Changed content <content></content>"
+  },
+  "servers.audit-log.event.addon-deleted": {
+    "defaultMessage": "Deleted content <content></content>"
+  },
+  "servers.audit-log.event.addon-deleted-label": {
+    "defaultMessage": "Deleted content"
+  },
+  "servers.audit-log.event.addon-disabled": {
+    "defaultMessage": "Disabled content <content></content>"
+  },
+  "servers.audit-log.event.addon-enabled": {
+    "defaultMessage": "Enabled content <content></content>"
+  },
+  "servers.audit-log.event.addon-updated": {
+    "defaultMessage": "Updated content <content></content>"
+  },
+  "servers.audit-log.event.addon-uploaded": {
+    "defaultMessage": "Uploaded <files></files>"
+  },
+  "servers.audit-log.event.backup-changed": {
+    "defaultMessage": "Changed backup <backup></backup>"
+  },
+  "servers.audit-log.event.backup-changed-fallback": {
+    "defaultMessage": "Changed backup"
+  },
+  "servers.audit-log.event.backup-created": {
+    "defaultMessage": "Created backup <backup></backup>"
+  },
+  "servers.audit-log.event.backup-created-fallback": {
+    "defaultMessage": "Created backup"
+  },
+  "servers.audit-log.event.backup-deleted": {
+    "defaultMessage": "Deleted backup <backup></backup>"
+  },
+  "servers.audit-log.event.backup-deleted-fallback": {
+    "defaultMessage": "Deleted backup"
+  },
+  "servers.audit-log.event.backup-renamed": {
+    "defaultMessage": "Renamed backup <from></from> to <renamed-backup></renamed-backup>"
+  },
+  "servers.audit-log.event.backup-renamed-fallback": {
+    "defaultMessage": "Renamed backup"
+  },
+  "servers.audit-log.event.backup-restored": {
+    "defaultMessage": "Restored backup <backup></backup>"
+  },
+  "servers.audit-log.event.backup-restored-fallback": {
+    "defaultMessage": "Restored backup"
+  },
+  "servers.audit-log.event.config-changed": {
+    "defaultMessage": "Changed server configuration"
+  },
+  "servers.audit-log.event.console-cleared": {
+    "defaultMessage": "Cleared console"
+  },
+  "servers.audit-log.event.console-command-executed": {
+    "defaultMessage": "Ran console command <command></command>"
+  },
+  "servers.audit-log.event.entity-list.hidden-count": {
+    "defaultMessage": "+{count, number}"
+  },
+  "servers.audit-log.event.file-changed": {
+    "defaultMessage": "Changed file <file></file>"
+  },
+  "servers.audit-log.event.file-deleted": {
+    "defaultMessage": "Deleted file <file></file>"
+  },
+  "servers.audit-log.event.file-edited": {
+    "defaultMessage": "Edited file <file></file>"
+  },
+  "servers.audit-log.event.file-renamed": {
+    "defaultMessage": "Renamed <from></from> to <to></to>"
+  },
+  "servers.audit-log.event.file-uploaded": {
+    "defaultMessage": "Uploaded file <file></file>"
+  },
+  "servers.audit-log.event.game-version-changed": {
+    "defaultMessage": "Changed Minecraft version to <version></version>"
+  },
+  "servers.audit-log.event.java-runtime-modified": {
+    "defaultMessage": "Changed Java runtime to <vendor></vendor>"
+  },
+  "servers.audit-log.event.java-version-modified": {
+    "defaultMessage": "Changed Java version to <java-version></java-version>"
+  },
+  "servers.audit-log.event.loader-and-version-changed": {
+    "defaultMessage": "Changed loader to <loader></loader> <version></version>"
+  },
+  "servers.audit-log.event.loader-changed": {
+    "defaultMessage": "Changed loader to <loader></loader>"
+  },
+  "servers.audit-log.event.loader-version-changed": {
+    "defaultMessage": "Changed loader version to <version></version>"
+  },
+  "servers.audit-log.event.loader-version-cleared": {
+    "defaultMessage": "Cleared loader version"
+  },
+  "servers.audit-log.event.modpack-changed": {
+    "defaultMessage": "Changed modpack"
+  },
+  "servers.audit-log.event.modpack-changed-to-modpack": {
+    "defaultMessage": "Changed modpack to <modpack></modpack>"
+  },
+  "servers.audit-log.event.modpack-changed-to-version": {
+    "defaultMessage": "Changed modpack to version <version></version>"
+  },
+  "servers.audit-log.event.modpack-unlinked": {
+    "defaultMessage": "Unlinked modpack"
+  },
+  "servers.audit-log.event.modpack-unlinked-modpack": {
+    "defaultMessage": "Unlinked modpack <modpack></modpack>"
+  },
+  "servers.audit-log.event.modpack-unlinked-version": {
+    "defaultMessage": "Unlinked modpack version <version></version>"
+  },
+  "servers.audit-log.event.port-allocation-added": {
+    "defaultMessage": "Added port allocation <port></port>"
+  },
+  "servers.audit-log.event.port-allocation-removed": {
+    "defaultMessage": "Removed port allocation <port></port>"
+  },
+  "servers.audit-log.event.server-created": {
+    "defaultMessage": "Created server"
+  },
+  "servers.audit-log.event.server-killed": {
+    "defaultMessage": "Killed server"
+  },
+  "servers.audit-log.event.server-metadata-changed": {
+    "defaultMessage": "Changed server metadata"
+  },
+  "servers.audit-log.event.server-name-changed": {
+    "defaultMessage": "Changed server name to <name></name>"
+  },
+  "servers.audit-log.event.server-plan-changed": {
+    "defaultMessage": "Changed plan to <specs></specs>"
+  },
+  "servers.audit-log.event.server-plan.cpu": {
+    "defaultMessage": "{count, plural, one {# CPU} other {# CPUs}}"
+  },
+  "servers.audit-log.event.server-plan.new-plan": {
+    "defaultMessage": "new plan"
+  },
+  "servers.audit-log.event.server-plan.ram-gb": {
+    "defaultMessage": "{amount, number} GB RAM"
+  },
+  "servers.audit-log.event.server-plan.ram-mb": {
+    "defaultMessage": "{amount, number} MB RAM"
+  },
+  "servers.audit-log.event.server-plan.storage-gb": {
+    "defaultMessage": "{amount, number} GB storage"
+  },
+  "servers.audit-log.event.server-plan.storage-mb": {
+    "defaultMessage": "{amount, number} MB storage"
+  },
+  "servers.audit-log.event.server-properties-modified": {
+    "defaultMessage": "Modified server properties <properties></properties>"
+  },
+  "servers.audit-log.event.server-properties-modified-label": {
+    "defaultMessage": "Modified server properties"
+  },
+  "servers.audit-log.event.server-reallocated": {
+    "defaultMessage": "Reallocated server"
+  },
+  "servers.audit-log.event.server-repaired": {
+    "defaultMessage": "Repaired server"
+  },
+  "servers.audit-log.event.server-reset": {
+    "defaultMessage": "Reset server"
+  },
+  "servers.audit-log.event.server-restarted": {
+    "defaultMessage": "Restarted server"
+  },
+  "servers.audit-log.event.server-started": {
+    "defaultMessage": "Started server"
+  },
+  "servers.audit-log.event.server-stopped": {
+    "defaultMessage": "Stopped server"
+  },
+  "servers.audit-log.event.server-subdomain-changed": {
+    "defaultMessage": "Changed server subdomain to <subdomain></subdomain>"
+  },
+  "servers.audit-log.event.sftp-login": {
+    "defaultMessage": "Logged in via SFTP"
+  },
+  "servers.audit-log.event.startup-command-modified": {
+    "defaultMessage": "Changed startup command to <command></command>"
+  },
+  "servers.audit-log.event.unknown": {
+    "defaultMessage": "Unknown event"
+  },
+  "servers.audit-log.event.unknown-basic": {
+    "defaultMessage": "Recorded server activity"
+  },
+  "servers.audit-log.event.user-invite-revoked": {
+    "defaultMessage": "Revoked invite for <target-user></target-user>"
+  },
+  "servers.audit-log.event.user-invited": {
+    "defaultMessage": "Invited <target-user></target-user>"
+  },
+  "servers.audit-log.event.user-invited-with-permissions": {
+    "defaultMessage": "Invited <target-user></target-user> with <permission-label>{permissions}</permission-label>"
+  },
+  "servers.audit-log.event.user-permission-modified": {
+    "defaultMessage": "Changed permissions for <target-user></target-user>"
+  },
+  "servers.audit-log.event.user-permission-modified-with-permissions": {
+    "defaultMessage": "Changed permissions for <target-user></target-user> to <permission-label>{permissions}</permission-label>"
+  },
+  "servers.audit-log.event.user-removed": {
+    "defaultMessage": "Removed <target-user></target-user>"
+  },
+  "servers.audit-log.scope.server": {
+    "defaultMessage": "Server"
+  },
+  "servers.audit-log.user-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
   "servers.backups.admonition.backup-cancelled.description": {
     "defaultMessage": "Backup {backupName} was cancelled."
   },
@@ -3419,6 +4178,57 @@
   "servers.busy.syncing-content": {
     "defaultMessage": "Content sync in progress"
   },
+  "servers.grant-access-modal.add-as-friend": {
+    "defaultMessage": "Also send a friend request"
+  },
+  "servers.grant-access-modal.already-member-tooltip": {
+    "defaultMessage": "This user has already been invited"
+  },
+  "servers.grant-access-modal.cancel": {
+    "defaultMessage": "Cancel"
+  },
+  "servers.grant-access-modal.header": {
+    "defaultMessage": "Add user"
+  },
+  "servers.grant-access-modal.invite": {
+    "defaultMessage": "Invite"
+  },
+  "servers.grant-access-modal.permissions-help": {
+    "defaultMessage": "View the full list of permissions for each role <link>here</link>."
+  },
+  "servers.grant-access-modal.role.editor": {
+    "defaultMessage": "Editor"
+  },
+  "servers.grant-access-modal.role.editor-description": {
+    "defaultMessage": "Manage instance content, files, backups, and other settings."
+  },
+  "servers.grant-access-modal.role.label": {
+    "defaultMessage": "Select role"
+  },
+  "servers.grant-access-modal.role.viewer": {
+    "defaultMessage": "Limited"
+  },
+  "servers.grant-access-modal.role.viewer-description": {
+    "defaultMessage": "Start, stop, and view the server without making changes."
+  },
+  "servers.grant-access-modal.suggestion-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
+  "servers.grant-access-modal.target.help": {
+    "defaultMessage": "Do not use their Minecraft username."
+  },
+  "servers.grant-access-modal.target.label": {
+    "defaultMessage": "Modrinth username"
+  },
+  "servers.grant-access-modal.target.no-suggestions": {
+    "defaultMessage": "No matching users found."
+  },
+  "servers.grant-access-modal.target.placeholder": {
+    "defaultMessage": "Enter Modrinth username"
+  },
+  "servers.grant-access-modal.target.searching": {
+    "defaultMessage": "Searching..."
+  },
   "servers.installing-banner.error.header": {
     "defaultMessage": "Installation failed"
   },
@@ -3563,6 +4373,12 @@
   "servers.listing.notice.upgrading": {
     "defaultMessage": "Your server's hardware is currently being upgraded and will be back online shortly."
   },
+  "servers.listing.owner-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
+  "servers.listing.owner-tooltip": {
+    "defaultMessage": "Owned by {username}"
+  },
   "servers.listing.resubscribe-label": {
     "defaultMessage": "Resubscribe"
   },
@@ -3611,9 +4427,15 @@
   "servers.manage.new-server-button": {
     "defaultMessage": "New server"
   },
+  "servers.manage.no-owned-servers-found": {
+    "defaultMessage": "No servers you own match your search."
+  },
   "servers.manage.no-servers-found": {
     "defaultMessage": "No servers found."
   },
+  "servers.manage.no-shared-servers-found": {
+    "defaultMessage": "No shared servers match your search."
+  },
   "servers.manage.purchase-unavailable.text": {
     "defaultMessage": "Payment information is still loading. Opening checkout as soon as it is ready."
   },
@@ -3656,6 +4478,12 @@
   "servers.manage.settings-hint.title": {
     "defaultMessage": "Your server settings have moved"
   },
+  "servers.manage.shared-servers-title": {
+    "defaultMessage": "Shared servers"
+  },
+  "servers.manage.your-servers-title": {
+    "defaultMessage": "Your servers"
+  },
   "servers.medal-listing.countdown.remaining": {
     "defaultMessage": "<days-count>{days}</days-count> {days, plural, one {day} other {days}} <hours-count>{hours}</hours-count> {hours, plural, one {hour} other {hours}} <minutes-count>{minutes}</minutes-count> {minutes, plural, one {minute} other {minutes}} <seconds-count>{seconds}</seconds-count> {seconds, plural, one {second} other {seconds}} remaining..."
   },
@@ -3674,6 +4502,12 @@
   "servers.medal-listing.notice.upgrading": {
     "defaultMessage": "Your server's hardware is currently being upgraded and will be back online shortly."
   },
+  "servers.medal-listing.owner-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
+  "servers.medal-listing.owner-tooltip": {
+    "defaultMessage": "Owned by {username}"
+  },
   "servers.medal-listing.server-icon-alt": {
     "defaultMessage": "Server icon"
   },
@@ -3809,6 +4643,54 @@
   "servers.region.western-europe": {
     "defaultMessage": "Western Europe"
   },
+  "servers.remove-access-modal.added-label": {
+    "defaultMessage": "Added {time}"
+  },
+  "servers.remove-access-modal.cancel-button": {
+    "defaultMessage": "Cancel invite"
+  },
+  "servers.remove-access-modal.cancel-effect-access": {
+    "defaultMessage": "They will not be added to this server"
+  },
+  "servers.remove-access-modal.cancel-effect-invite": {
+    "defaultMessage": "You can send them another invite later"
+  },
+  "servers.remove-access-modal.cancel-header": {
+    "defaultMessage": "Cancel invite"
+  },
+  "servers.remove-access-modal.cancel-warning-body": {
+    "defaultMessage": "If you cancel this invite, {username} will need a new invitation before they can join this server."
+  },
+  "servers.remove-access-modal.header": {
+    "defaultMessage": "Remove user"
+  },
+  "servers.remove-access-modal.invited-label": {
+    "defaultMessage": "Invited {time}"
+  },
+  "servers.remove-access-modal.pending-invite-label": {
+    "defaultMessage": "Pending invite"
+  },
+  "servers.remove-access-modal.remove-button": {
+    "defaultMessage": "Remove user"
+  },
+  "servers.remove-access-modal.remove-effect-access": {
+    "defaultMessage": "They will immediately lose access to the server panel and will no longer be able to edit content"
+  },
+  "servers.remove-access-modal.remove-effect-join": {
+    "defaultMessage": "They will still be able to join and play on the server unless you make separate changes"
+  },
+  "servers.remove-access-modal.unknown-added-label": {
+    "defaultMessage": "Added date unknown"
+  },
+  "servers.remove-access-modal.user-avatar-alt": {
+    "defaultMessage": "{username}'s avatar"
+  },
+  "servers.remove-access-modal.warning-body": {
+    "defaultMessage": "If you remove a user from your server, you'll need to re-invite them to restore access."
+  },
+  "servers.remove-access-modal.what-happens-label": {
+    "defaultMessage": "What happens?"
+  },
   "servers.setup.onboarding.installation-failed.text": {
     "defaultMessage": "An unexpected error occurred while installing. Please try again later."
   },
diff --git a/packages/ui/src/providers/server-context.ts b/packages/ui/src/providers/server-context.ts
index 040135d26c..7431839807 100644
--- a/packages/ui/src/providers/server-context.ts
+++ b/packages/ui/src/providers/server-context.ts
@@ -1,5 +1,4 @@
 import type { Archon, UploadState } from '@modrinth/api-client'
-import type { Stats } from '@modrinth/utils'
 import type { ComputedRef, Ref } from 'vue'
 
 import type { MessageDescriptor } from '#ui/composables/i18n'
@@ -18,10 +17,29 @@ export interface FilesystemAuth {
 
 export type CancelUploadHandler = () => void | Promise<void>
 
+export interface ServerStatsSample {
+	cpu_percent: number
+	ram_usage_bytes: number
+	ram_total_bytes: number
+	storage_usage_bytes: number
+	storage_total_bytes: number
+}
+
+export interface ServerStats {
+	current: ServerStatsSample
+	past: ServerStatsSample
+	graph: {
+		cpu: number[]
+		ram: number[]
+	}
+}
+
 export interface ModrinthServerContext {
 	readonly serverId: string
 	readonly worldId: Ref<string | null>
 	readonly server: Ref<Archon.Servers.v0.Server>
+	readonly serverFull: ComputedRef<Archon.Servers.v1.ServerFull | null>
+	readonly currentUserPermissions: ComputedRef<Archon.Servers.v0.UserScope>
 
 	// Websocket state
 	readonly isConnected: Ref<boolean>
@@ -29,7 +47,7 @@ export interface ModrinthServerContext {
 	readonly powerState: Ref<Archon.Websocket.v0.PowerState>
 	readonly powerStateDetails: Ref<{ oom_killed?: boolean; exit_code?: number } | undefined>
 	readonly isServerRunning: ComputedRef<boolean>
-	readonly stats: Ref<Stats>
+	readonly stats: Ref<ServerStats>
 	readonly uptimeSeconds: Ref<number>
 
 	// Content sync state
diff --git a/packages/ui/src/stories/base/Combobox.stories.ts b/packages/ui/src/stories/base/Combobox.stories.ts
index 07bf9a7f15..39f62b1bbc 100644
--- a/packages/ui/src/stories/base/Combobox.stories.ts
+++ b/packages/ui/src/stories/base/Combobox.stories.ts
@@ -176,6 +176,17 @@ export const WithSubLabel: Story = {
 	},
 }
 
+export const LongSelectedLabel: Story = {
+	args: {
+		modelValue: 'long',
+		options: [
+			{ value: 'short', label: 'Short label' },
+			{ value: 'long', label: 'A much longer selected value that should truncate cleanly' },
+		],
+		triggerClass: 'w-64',
+	},
+}
+
 export const MixedSubLabels: Story = {
 	args: {
 		options: [
@@ -203,6 +214,35 @@ export const SearchableNoFilter: Story = {
 	},
 }
 
+export const SearchableMinimumLength: Story = {
+	args: {
+		options: [
+			{ value: 'fetch', label: 'Fetch' },
+			{ value: 'emma', label: 'Emma' },
+			{ value: 'boris', label: 'Boris' },
+			{ value: 'coolbot', label: 'Coolbot' },
+		],
+		searchable: true,
+		searchPlaceholder: 'Enter a username or email',
+		minSearchLengthToOpen: 2,
+		noOptionsMessage: 'No matching users found.',
+	},
+}
+
+export const SearchableModpacks: Story = {
+	args: {
+		options: [
+			{ value: 'download', label: 'Download', icon: DownloadIcon },
+			{ value: 'share', label: 'Share', icon: ShareIcon },
+			{ value: 'favorite', label: 'Add to favorites', icon: HeartIcon },
+			{ value: 'settings', label: 'Settings', icon: SettingsIcon },
+		],
+		searchable: true,
+		searchPlaceholder: 'Search modpacks...',
+		noOptionsMessage: 'No modpacks found',
+	},
+}
+
 export const WithDropdownFooter: StoryObj = {
 	render: () => ({
 		components: { Combobox, EyeIcon, EyeOffIcon },
diff --git a/packages/ui/src/stories/base/DatePicker.stories.ts b/packages/ui/src/stories/base/DatePicker.stories.ts
index 98945a7bf3..eb6240219a 100644
--- a/packages/ui/src/stories/base/DatePicker.stories.ts
+++ b/packages/ui/src/stories/base/DatePicker.stories.ts
@@ -114,6 +114,37 @@ export const Range: Story = {
 	}),
 }
 
+export const RangeWithTime: Story = {
+	render: () => ({
+		components: { DatePicker },
+		setup() {
+			const value = ref(['2026-04-13 09:00', '2026-04-29 17:30'])
+			const datePicker = ref<InstanceType<typeof DatePicker> | null>(null)
+
+			onMounted(async () => {
+				await nextTick()
+				datePicker.value?.open()
+			})
+
+			return { datePicker, value }
+		},
+		template: /* html */ `
+			<div class="flex h-[500px] max-w-sm flex-col gap-2">
+				<DatePicker
+					ref="datePicker"
+					v-model="value"
+					wrapperClass="w-[350px]"
+					mode="range"
+					enable-time
+					default-view-date="2026-04-01"
+					placeholder="Select a date and time range..."
+				/>
+				<p class="text-sm text-secondary">Selected value: {{ value?.join(' to ') || 'None' }}</p>
+			</div>
+		`,
+	}),
+}
+
 export const SameDayRange: Story = {
 	render: () => ({
 		components: { DatePicker },
diff --git a/packages/ui/src/stories/base/DropdownFilterBar.stories.ts b/packages/ui/src/stories/base/DropdownFilterBar.stories.ts
index 4b4fd9c5a7..f10065247e 100644
--- a/packages/ui/src/stories/base/DropdownFilterBar.stories.ts
+++ b/packages/ui/src/stories/base/DropdownFilterBar.stories.ts
@@ -183,6 +183,29 @@ export const WithAppliedFilters: Story = {
 	},
 }
 
+export const ImmediateApply: Story = {
+	render: () => ({
+		components: { DropdownFilterBar },
+		setup() {
+			const selected = ref<Record<string, string[]>>({})
+			return { categories: defaultCategories, selected }
+		},
+		template: /* html */ `
+			<div class="flex flex-col items-start gap-3">
+				<div class="flex flex-wrap items-center gap-2">
+					<DropdownFilterBar v-model="selected" :categories="categories" apply-immediately />
+				</div>
+				<pre class="m-0 rounded-lg bg-surface-2 px-3 py-2 text-sm text-secondary">{{ selected }}</pre>
+			</div>
+		`,
+	}),
+	args: {
+		modelValue: {},
+		categories: defaultCategories,
+		applyImmediately: true,
+	},
+}
+
 export const WithRightCheckmarks: Story = {
 	render: () => ({
 		components: { DropdownFilterBar },
diff --git a/packages/ui/src/stories/base/Table.stories.ts b/packages/ui/src/stories/base/Table.stories.ts
index 73025f3f49..1406de8d38 100644
--- a/packages/ui/src/stories/base/Table.stories.ts
+++ b/packages/ui/src/stories/base/Table.stories.ts
@@ -199,6 +199,13 @@ export const WithSelectionIds: StoryObj = {
 
 export const WithSorting: StoryObj = {
 	args: {},
+	parameters: {
+		docs: {
+			description: {
+				story: 'Sortable header hover and click targets are scoped to the label and sort icon.',
+			},
+		},
+	},
 	render: () => ({
 		components: { Table },
 		setup() {
diff --git a/packages/ui/src/stories/servers/AccessTable.stories.ts b/packages/ui/src/stories/servers/AccessTable.stories.ts
new file mode 100644
index 0000000000..e91412693f
--- /dev/null
+++ b/packages/ui/src/stories/servers/AccessTable.stories.ts
@@ -0,0 +1,147 @@
+import type { Meta, StoryObj } from '@storybook/vue3-vite'
+import { ref } from 'vue'
+
+import AccessTable from '../../components/servers/access/AccessTable.vue'
+import type {
+	ServerAccessMember,
+	ServerAccessRole,
+	ServerAccessRoleOption,
+} from '../../components/servers/access/types'
+
+const roleOptions: ServerAccessRoleOption[] = [
+	{
+		value: 'owner',
+		label: 'Owner',
+		description: 'Full access including billing, members, and destructive actions.',
+	},
+	{
+		value: 'editor',
+		label: 'Editor',
+		description: 'Manage instance content, files, backups, and other settings.',
+	},
+	{
+		value: 'viewer',
+		label: 'Limited',
+		description: 'Start, stop, and view the server without making changes.',
+	},
+]
+
+const members: ServerAccessMember[] = [
+	{
+		id: 'owner',
+		user: { id: 'prospector', username: 'Prospector' },
+		role: 'owner',
+		joinedAt: new Date(Date.now() - 30 * 24 * 60 * 60 * 1000).toISOString(),
+		isOwner: true,
+	},
+	{
+		id: 'editor',
+		user: { id: 'geometrically', username: 'Geometrically' },
+		role: 'editor',
+		joinedAt: new Date(Date.now() - 21 * 24 * 60 * 60 * 1000).toISOString(),
+	},
+	{
+		id: 'pending',
+		user: { id: 'imb', username: 'IMB' },
+		role: 'viewer',
+		joinedAt: null,
+		pending: true,
+	},
+]
+
+const meta = {
+	title: 'Servers/AccessTable',
+	component: AccessTable,
+	parameters: {
+		layout: 'padded',
+	},
+	decorators: [
+		(story) => ({
+			components: { story },
+			template: '<div style="max-width: 960px;"><story /></div>',
+		}),
+	],
+} satisfies Meta<typeof AccessTable>
+
+export default meta
+type Story = StoryObj<typeof meta>
+
+export const Default: Story = {
+	render: () => ({
+		components: { AccessTable },
+		setup() {
+			const rows = ref([...members])
+			function updateRole(member: ServerAccessMember, role: ServerAccessRole) {
+				rows.value = rows.value.map((row) => (row.id === member.id ? { ...row, role } : row))
+			}
+			function removeMember(member: ServerAccessMember) {
+				rows.value = rows.value.filter((row) => row.id !== member.id)
+			}
+			return { rows, roleOptions, updateRole, removeMember }
+		},
+		template: /* html */ `
+			<AccessTable
+				:members="rows"
+				:roles="roleOptions"
+				@update-role="updateRole"
+				@resend-invite="() => {}"
+				@cancel-invite="removeMember"
+				@remove-member="removeMember"
+			/>
+		`,
+	}),
+}
+
+export const PendingInvite: Story = {
+	args: {
+		members: [members[2]],
+		roles: roleOptions,
+	},
+}
+
+export const PendingInviteCooldown: Story = {
+	args: {
+		members: [
+			{
+				...members[2],
+				inviteResendAvailableAt: new Date(Date.now() + 45 * 1000).toISOString(),
+			},
+		],
+		roles: roleOptions,
+	},
+}
+
+export const OwnerFixed: Story = {
+	args: {
+		members: [members[0]],
+		roles: roleOptions,
+	},
+}
+
+export const MobileCompact: Story = {
+	render: () => ({
+		components: { AccessTable },
+		setup() {
+			const rows = ref([...members])
+			function updateRole(member: ServerAccessMember, role: ServerAccessRole) {
+				rows.value = rows.value.map((row) => (row.id === member.id ? { ...row, role } : row))
+			}
+			function removeMember(member: ServerAccessMember) {
+				rows.value = rows.value.filter((row) => row.id !== member.id)
+			}
+			return { rows, roleOptions, updateRole, removeMember }
+		},
+		template: /* html */ `
+			<div style="max-width: 390px;">
+				<AccessTable
+					:members="rows"
+					:roles="roleOptions"
+					@update-role="updateRole"
+					@resend-invite="() => {}"
+					@cancel-invite="removeMember"
+					@remove-member="removeMember"
+				/>
+			</div>
+		`,
+	}),
+}
diff --git a/packages/ui/src/stories/servers/AuditLogTable.stories.ts b/packages/ui/src/stories/servers/AuditLogTable.stories.ts
new file mode 100644
index 0000000000..04e6d4a8b8
--- /dev/null
+++ b/packages/ui/src/stories/servers/AuditLogTable.stories.ts
@@ -0,0 +1,929 @@
+import type { Archon } from '@modrinth/api-client'
+import type { Meta, StoryObj } from '@storybook/vue3-vite'
+import { ref } from 'vue'
+
+import DropdownFilterBar from '../../components/base/DropdownFilterBar.vue'
+import type {
+	TimeFrameLastUnit,
+	TimeFrameMode,
+	TimeFramePreset,
+} from '../../components/base/TimeFramePicker.vue'
+import AuditLogTable from '../../components/servers/access/AuditLogTable.vue'
+import { type AuditEventLookups, parseAuditEvent } from '../../components/servers/access/events'
+import type {
+	ServerAuditLogEntry,
+	ServerAuditLogFilters,
+} from '../../components/servers/access/types'
+import auditLogEntryExamplesJson from './audit-log-entry-examples.json?raw'
+
+const serverId = 'story-server'
+const createWorldId = 'create-smp'
+const activeWorldId = 'smp-season-4'
+const backupId = '00000000-0000-4000-8000-000000000001'
+
+type AuditLogEntryExamplesFixture = Archon.Actions.v1.ActionLogResponse & {
+	server_id: string
+	server: {
+		id: string
+		name: string
+		subdomain: string
+	}
+	worlds: Array<{
+		id: string
+		name: string
+	}>
+	backups: Archon.Backups.v1.Backup[]
+}
+
+const auditLogEntryExamples = JSON.parse(auditLogEntryExamplesJson) as AuditLogEntryExamplesFixture
+
+const userIds = {
+	geometrically: 'MpxzqsyW',
+	modmuss: 'JZA4dW8o',
+	prospector: 'Dc7EYhxG',
+}
+
+const filterBarCategories = [
+	{
+		key: 'users',
+		label: 'Users',
+		searchable: true,
+		searchPlaceholder: 'Search users...',
+		options: [
+			{ value: userIds.geometrically, label: 'Geometrically' },
+			{ value: userIds.modmuss, label: 'modmuss50' },
+			{ value: userIds.prospector, label: 'Prospector' },
+		],
+	},
+	{
+		key: 'worlds',
+		label: 'Instances',
+		options: [
+			{ value: createWorldId, label: 'Create SMP' },
+			{ value: activeWorldId, label: 'SMP Season 4' },
+		],
+	},
+	{
+		key: 'actions',
+		label: 'Action types',
+		options: [
+			{ value: 'server_started', label: 'Started server' },
+			{ value: 'console_command_executed', label: 'Ran console command' },
+			{ value: 'backup_restored', label: 'Restored backup' },
+		],
+	},
+]
+
+const serverFullResponse: Archon.Servers.v1.ServerFull = {
+	id: serverId,
+	name: 'Stoneblock Lab',
+	subdomain: 'stoneblock-lab',
+	specs: {
+		cpu: 4,
+		memory_mb: 8192,
+		storage_mb: 65536,
+		swap_mb: 1024,
+	},
+	sftp_username: 'story-server',
+	sftp_password: 'temporary-password',
+	tags: ['medal'],
+	location: {
+		status: 'assigned',
+		location_metadata: {
+			region: 'us-east',
+			region_should_be_user_displayed: true,
+			hostname: 'ashburn-01',
+			is_decommissioned_node: false,
+		},
+	},
+	worlds: [
+		{
+			id: createWorldId,
+			name: 'Create SMP',
+			created_at: new Date(Date.now() - 90 * 24 * 60 * 60 * 1000).toISOString(),
+			is_active: false,
+			backups: [],
+			content: {
+				modloader: 'fabric',
+				modloader_version: '0.16.10',
+				game_version: '1.21.1',
+				java_version: 21,
+				invocation: 'java -Xmx8G -jar server.jar nogui',
+				original_invocation: 'java -jar server.jar nogui',
+			},
+			readiness: {
+				data_synchronized_fetched: true,
+			},
+		},
+		{
+			id: activeWorldId,
+			name: 'SMP Season 4',
+			created_at: new Date(Date.now() - 30 * 24 * 60 * 60 * 1000).toISOString(),
+			is_active: true,
+			backups: [
+				{
+					id: backupId,
+					physical_id: backupId,
+					name: 'Before modpack update',
+					created_at: new Date(Date.now() - 8 * 60 * 60 * 1000).toISOString(),
+					automated: false,
+					status: 'done',
+					interrupted: false,
+					ongoing: false,
+					locked: false,
+				},
+			],
+			content: {
+				modloader: 'fabric',
+				modloader_version: '0.16.10',
+				game_version: '1.21.1',
+				java_version: 21,
+				invocation: 'java -Xmx8G -jar server.jar nogui',
+				original_invocation: 'java -jar server.jar nogui',
+			},
+			readiness: {
+				data_synchronized_fetched: true,
+			},
+		},
+	],
+}
+
+const auditLogEntryExamplesServerFullResponse: Archon.Servers.v1.ServerFull = {
+	...serverFullResponse,
+	id: auditLogEntryExamples.server_id,
+	name: auditLogEntryExamples.server.name,
+	subdomain: auditLogEntryExamples.server.subdomain,
+	worlds: auditLogEntryExamples.worlds.map((world, index) => ({
+		...serverFullResponse.worlds[Math.min(index, serverFullResponse.worlds.length - 1)],
+		id: world.id,
+		name: world.name,
+		backups: index === 0 ? auditLogEntryExamples.backups : [],
+	})),
+}
+
+const actionLogResponse: Archon.Actions.v1.ActionLogResponse = {
+	next_offset: null,
+	users: {
+		[userIds.geometrically]: {
+			username: 'Geometrically',
+			avatar_url:
+				'https://cdn.modrinth.com/data/MpxzqsyW/eb0038489a55e7e7a188a5b50462f0b10dfc1613_96.webp',
+		},
+		[userIds.modmuss]: {
+			username: 'modmuss50',
+			avatar_url: 'https://avatars2.githubusercontent.com/u/4324090?v=4',
+		},
+		[userIds.prospector]: {
+			username: 'Prospector',
+			avatar_url:
+				'https://cdn.modrinth.com/user/Dc7EYhxG/32e8b1f7d18288262d1ed92cbdf43272d21b4fcd.png',
+		},
+	},
+	addons: {
+		oWaK0Q19: {
+			title: 'Create Aeronautics',
+			slug: 'create-aeronautics',
+			icon_url:
+				'https://cdn.modrinth.com/data/oWaK0Q19/f66b5589924884ffd81acb27f3ccb775867a962e_96.webp',
+			version: null,
+		},
+		AANobbMI: {
+			title: 'Sodium',
+			slug: 'sodium',
+			icon_url:
+				'https://cdn.modrinth.com/data/AANobbMI/295862f4724dc3f78df3447ad6072b2dcd3ef0c9_96.webp',
+			version: null,
+		},
+		P7dR8mSH: {
+			title: 'Fabric API',
+			slug: 'fabric-api',
+			icon_url: 'https://cdn.modrinth.com/data/P7dR8mSH/icon.png',
+			version: null,
+		},
+		'project-modpack-001': {
+			title: 'Vault Hunters',
+			slug: 'vault-hunters',
+			icon_url: null,
+			version: null,
+		},
+	},
+	versions: {
+		HY8u0JqC: { name: 'Create Aeronautics 1.0.0', version_number: '1.0.0' },
+		yaoBL9D9: { name: 'Sodium 0.6.0', version_number: '0.6.0' },
+		KZS9tylY: { name: 'Fabric API 0.116.0', version_number: '0.116.0' },
+		'version-modpack-001': { name: 'Vault Hunters 3.15.1', version_number: '3.15.1' },
+	},
+	data: [
+		rawEntry({ action: 'server_created', worldId: null, minutesAgo: 5 }),
+		rawEntry({
+			action: 'changed_server_name',
+			metadata: { name: 'Stoneblock Lab' },
+			worldId: null,
+			minutesAgo: 10,
+		}),
+		rawEntry({
+			action: 'changed_server_subdomain',
+			metadata: { subdomain: 'stoneblock-lab' },
+			worldId: null,
+			minutesAgo: 15,
+		}),
+		rawEntry({ action: 'server_reallocated', worldId: null, minutesAgo: 20 }),
+		rawEntry({
+			action: 'server_plan_changed',
+			metadata: { new_specs: { cpu: 4, memory_mb: 8192, storage_mb: 65536, swap_mb: 1024 } },
+			worldId: null,
+			minutesAgo: 25,
+		}),
+		rawEntry({
+			action: 'user_invited',
+			metadata: { user_id: userIds.modmuss, permissions: -4611686018427387904 },
+			worldId: null,
+			minutesAgo: 30,
+		}),
+		rawEntry({
+			action: 'user_invite_revoked',
+			metadata: { user_id: userIds.modmuss },
+			worldId: null,
+			minutesAgo: 35,
+		}),
+		rawEntry({
+			action: 'user_permission_modified',
+			metadata: {
+				user_id: userIds.modmuss,
+				permissions: -288230376151711744,
+			},
+			worldId: null,
+			minutesAgo: 40,
+		}),
+		rawEntry({
+			action: 'user_removed',
+			metadata: { user_id: userIds.modmuss },
+			worldId: null,
+			minutesAgo: 45,
+		}),
+		rawEntry({
+			action: 'addon_added',
+			metadata: { addons: [{ addon_id: 'oWaK0Q19', version_id: 'HY8u0JqC' }] },
+			minutesAgo: 50,
+		}),
+		rawEntry({
+			action: 'addon_uploaded',
+			metadata: { file_names: ['custom-tweaks.jar', 'server-rules.datapack.zip'] },
+			minutesAgo: 55,
+		}),
+		rawEntry({
+			action: 'addon_disabled',
+			metadata: { addons: [{ addon_id: 'AANobbMI', version_id: 'yaoBL9D9' }] },
+			minutesAgo: 60,
+		}),
+		rawEntry({
+			action: 'addon_enabled',
+			metadata: { addons: [{ addon_id: 'AANobbMI', version_id: 'yaoBL9D9' }] },
+			minutesAgo: 65,
+		}),
+		rawEntry({
+			action: 'addon_deleted',
+			metadata: { addons: [{ addon_id: 'P7dR8mSH', version_id: 'KZS9tylY' }] },
+			minutesAgo: 70,
+		}),
+		rawEntry({
+			action: 'addon_updated',
+			metadata: {
+				addons: [
+					{ addon_id: 'AANobbMI', version_id: 'YAGZ1cCS' },
+					{ addon_id: 'P7dR8mSH', version_id: 'EW33COvi' },
+				],
+			},
+			minutesAgo: 75,
+		}),
+		rawEntry({
+			action: 'modpack_changed',
+			metadata: {
+				spec: {
+					platform: 'modrinth',
+					project_id: 'project-modpack-001',
+					version_id: 'version-modpack-001',
+				},
+			},
+			minutesAgo: 80,
+		}),
+		rawEntry({
+			action: 'modpack_unlinked',
+			metadata: {
+				spec: {
+					platform: 'modrinth',
+					project_id: 'project-modpack-001',
+					version_id: 'version-modpack-001',
+				},
+			},
+			minutesAgo: 85,
+		}),
+		rawEntry({ action: 'server_repaired', minutesAgo: 90 }),
+		rawEntry({ action: 'server_reset', minutesAgo: 95 }),
+		rawEntry({ action: 'server_started', minutesAgo: 100 }),
+		rawEntry({ action: 'server_stopped', minutesAgo: 105 }),
+		rawEntry({ action: 'server_restarted', minutesAgo: 110 }),
+		rawEntry({ action: 'server_killed', minutesAgo: 115 }),
+		rawEntry({
+			action: 'port_allocation_added',
+			metadata: { port: 25565 },
+			worldId: null,
+			minutesAgo: 120,
+		}),
+		rawEntry({
+			action: 'port_allocation_removed',
+			metadata: { port: 24454 },
+			worldId: null,
+			minutesAgo: 125,
+		}),
+		rawEntry({
+			action: 'loader_version_edited',
+			metadata: { new_loader: 'fabric', new_version: '0.16.10' },
+			minutesAgo: 130,
+		}),
+		rawEntry({
+			action: 'game_version_edited',
+			metadata: { new_version: '1.21.1' },
+			minutesAgo: 135,
+		}),
+		rawEntry({
+			action: 'server_properties_modified',
+			metadata: { properties: { difficulty: 'hard', 'max-players': '20' } },
+			minutesAgo: 140,
+		}),
+		rawEntry({ action: 'file_uploaded', metadata: { path: '/mods/custom.jar' }, minutesAgo: 145 }),
+		rawEntry({ action: 'file_deleted', metadata: { path: '/config/old.toml' }, minutesAgo: 150 }),
+		rawEntry({
+			action: 'file_renamed',
+			metadata: { from: '/world/old.dat', to: '/world/new.dat' },
+			minutesAgo: 155,
+		}),
+		rawEntry({ action: 'file_edited', metadata: { path: '/server.properties' }, minutesAgo: 160 }),
+		rawEntry({ action: 'sftp_login', minutesAgo: 165 }),
+		rawEntry({
+			action: 'console_command_executed',
+			metadata: { command: 'whitelist add Prospector' },
+			minutesAgo: 170,
+		}),
+		rawEntry({ action: 'console_cleared', minutesAgo: 175 }),
+		rawEntry({
+			action: 'backup_created',
+			metadata: { id: backupId },
+			minutesAgo: 180,
+		}),
+		rawEntry({
+			action: 'backup_renamed',
+			metadata: {
+				id: backupId,
+				from: 'Manual backup 1',
+				to: 'Before modpack update',
+			},
+			minutesAgo: 185,
+		}),
+		rawEntry({
+			action: 'backup_restored',
+			metadata: { id: backupId },
+			minutesAgo: 190,
+		}),
+		rawEntry({
+			action: 'backup_deleted',
+			metadata: { id: '00000000-0000-4000-8000-000000000099' },
+			minutesAgo: 195,
+		}),
+		rawEntry({
+			action: 'startup_command_modified',
+			metadata: { command: 'java -Xmx8G -jar server.jar nogui' },
+			minutesAgo: 200,
+		}),
+		rawEntry({
+			action: 'java_runtime_modified',
+			metadata: { vendor: 'temurin' },
+			minutesAgo: 205,
+		}),
+		rawEntry({
+			action: 'java_version_modified',
+			metadata: { version: 21 },
+			minutesAgo: 210,
+		}),
+	],
+}
+
+const missingLookupActionLogResponse: Archon.Actions.v1.ActionLogResponse = {
+	next_offset: null,
+	users: {},
+	addons: {},
+	versions: {},
+	data: [
+		rawEntry({
+			action: 'user_permission_modified',
+			metadata: { user_id: 'unknown-user', permissions: -9223372036854775808 },
+			worldId: 'unknown-world',
+			minutesAgo: 5,
+		}),
+		rawEntry({
+			action: 'addon_updated',
+			metadata: { addons: [{ addon_id: 'unknown-addon', version_id: 'unknown-version' }] },
+			minutesAgo: 10,
+		}),
+		rawEntry({
+			action: 'modpack_changed',
+			metadata: {
+				spec: {
+					platform: 'local_file',
+					filename: 'example-modpack-v1.20.mrpack',
+				},
+			},
+			minutesAgo: 15,
+		}),
+		rawEntry({
+			action: 'backup_deleted',
+			metadata: { id: '00000000-0000-4000-8000-000000000099' },
+			minutesAgo: 20,
+		}),
+		rawEntry({
+			action: 'changed_server_name',
+			metadata: { bad: true },
+			minutesAgo: 25,
+		}),
+		rawEntry({
+			action: 'backend_added_this_later',
+			metadata: { value: true },
+			actor: { type: 'support', user_id: userIds.prospector },
+			worldId: null,
+			minutesAgo: 30,
+		}),
+	],
+}
+
+const overflowAddonNames = [
+	"Alpha's Rise",
+	'Bookshelf',
+	'Diagonal Fences',
+	'Dragon Compass',
+	'Dragon Feed',
+	'Dragons of the Cosmos',
+	"Farmer's Delight",
+	'Fastload',
+	'Friendly Fire',
+	'Isle of Berk Addons',
+	'Jade',
+	'Kiwi',
+	"Nature's Compass",
+	'Off the Grid Dragons',
+	'Patchouli',
+	'Puzzles Lib',
+	'Resourceful Config',
+	'Waystones',
+]
+
+const overflowActionLogResponse: Archon.Actions.v1.ActionLogResponse = {
+	next_offset: null,
+	users: actionLogResponse.users,
+	addons: {
+		...Object.fromEntries(
+			overflowAddonNames.map((title, index) => [
+				`overflow-addon-${index}`,
+				{
+					title,
+					slug: `overflow-addon-${index}`,
+					icon_url: null,
+					version: null,
+				},
+			]),
+		),
+		'overflow-sodium': {
+			title: 'Sodium',
+			slug: 'sodium',
+			icon_url: null,
+			version: null,
+		},
+		'overflow-iris': {
+			title: 'Iris Shaders',
+			slug: 'iris',
+			icon_url: null,
+			version: null,
+		},
+	} as Record<string, Archon.Actions.v1.AddonResp>,
+	versions: {
+		...Object.fromEntries(
+			overflowAddonNames.map((title, index) => [
+				`overflow-version-${index}`,
+				{
+					name: `${title} 1.${index}.0`,
+					version_number: `1.${index}.0`,
+				},
+			]),
+		),
+		'overflow-sodium-version': {
+			name: 'Sodium mc1.21.1-0.6.13-fabric',
+			version_number: 'mc1.21.1-0.6.13-fabric',
+		},
+		'overflow-iris-version': {
+			name: 'Iris Shaders 1.8.8+1.21.1-fabric',
+			version_number: '1.8.8+1.21.1-fabric',
+		},
+	} as Record<string, Archon.Actions.v1.VersionResp>,
+	data: [
+		rawEntry({
+			action: 'addon_uploaded',
+			metadata: {
+				file_names: ['fabric-api-0.116.12+1.21.1.jar', 'lithium-fabric-0.15.3+mc1.21.1.jar'],
+			},
+			minutesAgo: 1,
+		}),
+		rawEntry({
+			action: 'addon_added',
+			metadata: {
+				addons: [
+					{ addon_id: 'overflow-sodium', version_id: 'overflow-sodium-version' },
+					{ addon_id: 'overflow-iris', version_id: 'overflow-iris-version' },
+				],
+			},
+			minutesAgo: 2,
+		}),
+		rawEntry({
+			action: 'addon_enabled',
+			metadata: {
+				addons: [
+					{ addon_id: 'overflow-sodium', version_id: 'overflow-sodium-version' },
+					{ addon_id: 'overflow-iris', version_id: 'overflow-iris-version' },
+				],
+			},
+			minutesAgo: 3,
+		}),
+		rawEntry({
+			action: 'addon_disabled',
+			metadata: {
+				addons: [
+					{ addon_id: 'overflow-sodium', version_id: 'overflow-sodium-version' },
+					{ addon_id: 'overflow-iris', version_id: 'overflow-iris-version' },
+				],
+			},
+			minutesAgo: 4,
+		}),
+		rawEntry({
+			action: 'addon_deleted',
+			metadata: {
+				addons: overflowAddonNames.map((_, index) => ({
+					addon_id: `overflow-addon-${index}`,
+					version_id: `overflow-version-${index}`,
+				})),
+			},
+			minutesAgo: 5,
+		}),
+		rawEntry({
+			action: 'startup_command_modified',
+			metadata: {
+				command:
+					'java -Xmx8192M -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -jar fabric-server-launch.jar nogui',
+			},
+			minutesAgo: 6,
+		}),
+		rawEntry({
+			action: 'server_properties_modified',
+			metadata: {
+				properties: {
+					difficulty: 'hard',
+					'enforce-whitelist': 'true',
+					'max-players': '20',
+					'resource-pack': 'https://cdn.example.invalid/very-long-resource-pack-name.zip',
+				},
+			},
+			minutesAgo: 7,
+		}),
+	],
+}
+
+type RawEntryInput = {
+	action: Archon.Actions.v1.ActionName | string
+	metadata?: unknown
+	actor?: Archon.Actions.v1.ActionUser
+	worldId?: string | null
+	minutesAgo: number
+}
+
+function rawEntry(input: RawEntryInput): Archon.Actions.v1.ActionEntry {
+	return {
+		actor: input.actor ?? { type: 'user', user_id: userIds.geometrically },
+		action:
+			input.metadata === undefined
+				? { action: input.action }
+				: { action: input.action, metadata: input.metadata },
+		server_id: serverId,
+		world_id: input.worldId ?? activeWorldId,
+		timestamp: new Date(Date.now() - input.minutesAgo * 60 * 1000).toISOString(),
+	}
+}
+
+function lookupsFromResponse(
+	response: Archon.Actions.v1.ActionLogResponse,
+	serverFull: Archon.Servers.v1.ServerFull,
+): AuditEventLookups {
+	const backups = new Map<string, Archon.Backups.v1.Backup>()
+	for (const world of serverFull.worlds) {
+		for (const backup of world.backups) {
+			backups.set(backup.id, backup)
+		}
+	}
+
+	return {
+		serverId: serverFull.id,
+		users: response.users,
+		addons: response.addons,
+		worldById: new Map(
+			serverFull.worlds.map((world) => [world.id, { id: world.id, name: world.name }]),
+		),
+		backupById: backups,
+		versions: response.versions,
+	}
+}
+
+function toAuditEntries(
+	response: Archon.Actions.v1.ActionLogResponse,
+	serverFull = serverFullResponse,
+): ServerAuditLogEntry[] {
+	const lookups = lookupsFromResponse(response, serverFull)
+	return response.data.map((entry, index) => {
+		const event = parseAuditEvent(entry, lookups)
+		return {
+			id: `${entry.timestamp}-${entry.actor.type}-${entry.world_id ?? 'server'}-${index}`,
+			actor: event.props.actor,
+			world: event.props.world,
+			event,
+			timestamp: entry.timestamp,
+		}
+	})
+}
+
+const everyActionEntries = toAuditEntries(
+	auditLogEntryExamples,
+	auditLogEntryExamplesServerFullResponse,
+)
+const sampleEntries = toAuditEntries(actionLogResponse)
+const permissionBadgeEntries = sampleEntries.filter((entry) =>
+	['user_invited', 'user_permission_modified'].includes(entry.event.key),
+)
+const loaderVersionEntries = toAuditEntries({
+	...actionLogResponse,
+	data: [
+		rawEntry({
+			action: 'loader_version_edited',
+			metadata: { new_loader: 'fabric', new_version: '0.19.2' },
+			minutesAgo: 1,
+		}),
+		rawEntry({
+			action: 'loader_version_edited',
+			metadata: { new_loader: null, new_version: '0.30.0-beta.7' },
+			minutesAgo: 2,
+		}),
+		rawEntry({
+			action: 'loader_version_edited',
+			metadata: { new_loader: null, new_version: null },
+			minutesAgo: 3,
+		}),
+	],
+})
+const fallbackEntries = toAuditEntries(missingLookupActionLogResponse, {
+	...serverFullResponse,
+	worlds: [],
+})
+const overflowEntries = toAuditEntries(overflowActionLogResponse)
+
+const meta = {
+	title: 'Servers/AuditLogTable',
+	component: AuditLogTable,
+	parameters: {
+		layout: 'padded',
+		docs: {
+			description: {
+				component: 'Audit entries render backend action-log events through typed event components.',
+			},
+		},
+	},
+	decorators: [
+		(story) => ({
+			components: { story },
+			template: '<div style="max-width: 1120px;"><story /></div>',
+		}),
+	],
+} satisfies Meta<typeof AuditLogTable>
+
+export default meta
+type Story = StoryObj<typeof meta>
+
+function createTimeframeState(
+	initial: Partial<{
+		mode: TimeFrameMode
+		preset: TimeFramePreset
+		lastAmount: number
+		lastUnit: TimeFrameLastUnit
+		customStartDate: string
+		customEndDate: string
+	}> = {},
+) {
+	return {
+		timeframeCustomEndDate: ref(initial.customEndDate ?? ''),
+		timeframeCustomStartDate: ref(initial.customStartDate ?? ''),
+		timeframeLastAmount: ref(initial.lastAmount ?? 30),
+		timeframeLastUnit: ref<TimeFrameLastUnit>(initial.lastUnit ?? 'days'),
+		timeframeMode: ref<TimeFrameMode>(initial.mode ?? 'preset'),
+		timeframePreset: ref<TimeFramePreset>(initial.preset ?? 'all_time'),
+	}
+}
+
+function renderStory(entries: ServerAuditLogEntry[], initialQuery = '') {
+	return () => ({
+		components: { AuditLogTable },
+		setup() {
+			const query = ref(initialQuery)
+			const filters = ref<ServerAuditLogFilters>({
+				userId: null,
+				worldId: null,
+			})
+			return { entries, filters, query, ...createTimeframeState() }
+		},
+		template: /* html */ `
+			<AuditLogTable
+				v-model:query="query"
+				v-model:timeframe-mode="timeframeMode"
+				v-model:timeframe-preset="timeframePreset"
+				v-model:timeframe-last-amount="timeframeLastAmount"
+				v-model:timeframe-last-unit="timeframeLastUnit"
+				v-model:timeframe-custom-start-date="timeframeCustomStartDate"
+				v-model:timeframe-custom-end-date="timeframeCustomEndDate"
+				v-model:filters="filters"
+				:entries="entries"
+			/>
+		`,
+	})
+}
+
+export const AllEvents: Story = {
+	render: renderStory(everyActionEntries),
+}
+
+export const PermissionBadges: Story = {
+	render: renderStory(permissionBadgeEntries),
+}
+
+export const LoaderVersionEvents: Story = {
+	render: renderStory(loaderVersionEntries),
+}
+
+export const LongOverflowTooltip: Story = {
+	render: renderStory(overflowEntries),
+}
+
+export const MissingLookupsAndFallbacks: Story = {
+	render: renderStory(fallbackEntries),
+}
+
+export const Filtered: Story = {
+	render: renderStory(sampleEntries, 'Create Aeronautics'),
+}
+
+export const WithExternalFilterControls: Story = {
+	render: () => ({
+		components: { AuditLogTable, DropdownFilterBar },
+		setup() {
+			const query = ref('')
+			const filters = ref<ServerAuditLogFilters>({
+				userId: null,
+				worldId: null,
+			})
+			const externalFilters = ref<Record<string, string[]>>({
+				users: [userIds.geometrically],
+				worlds: [],
+				actions: [],
+			})
+			return {
+				categories: filterBarCategories,
+				entries: sampleEntries,
+				externalFilters,
+				filters,
+				query,
+				...createTimeframeState(),
+			}
+		},
+		template: /* html */ `
+			<AuditLogTable
+				v-model:query="query"
+				v-model:timeframe-mode="timeframeMode"
+				v-model:timeframe-preset="timeframePreset"
+				v-model:timeframe-last-amount="timeframeLastAmount"
+				v-model:timeframe-last-unit="timeframeLastUnit"
+				v-model:timeframe-custom-start-date="timeframeCustomStartDate"
+				v-model:timeframe-custom-end-date="timeframeCustomEndDate"
+				v-model:filters="filters"
+				:entries="entries"
+				has-active-external-filters
+			>
+				<template #filters>
+					<DropdownFilterBar
+						v-model="externalFilters"
+						:categories="categories"
+						add-label="Add filter"
+						clear-label="Clear"
+						use-filter-icon
+					/>
+				</template>
+			</AuditLogTable>
+		`,
+	}),
+}
+
+export const EmptyExternalFilters: Story = {
+	render: () => ({
+		components: { AuditLogTable },
+		setup() {
+			const query = ref('')
+			const filters = ref<ServerAuditLogFilters>({
+				userId: null,
+				worldId: null,
+			})
+			return { entries: [], filters, query, ...createTimeframeState() }
+		},
+		template: /* html */ `
+			<AuditLogTable
+				v-model:query="query"
+				v-model:timeframe-mode="timeframeMode"
+				v-model:timeframe-preset="timeframePreset"
+				v-model:timeframe-last-amount="timeframeLastAmount"
+				v-model:timeframe-last-unit="timeframeLastUnit"
+				v-model:timeframe-custom-start-date="timeframeCustomStartDate"
+				v-model:timeframe-custom-end-date="timeframeCustomEndDate"
+				v-model:filters="filters"
+				:entries="entries"
+				has-active-external-filters
+			/>
+		`,
+	}),
+}
+
+export const MediumAppWindow: Story = {
+	render: () => ({
+		components: { AuditLogTable },
+		setup() {
+			const query = ref('')
+			const filters = ref<ServerAuditLogFilters>({
+				userId: null,
+				worldId: null,
+			})
+			return {
+				entries: everyActionEntries.slice(0, 8),
+				filters,
+				query,
+				...createTimeframeState(),
+			}
+		},
+		template: /* html */ `
+			<div style="max-width: 860px;">
+				<AuditLogTable
+					v-model:query="query"
+					v-model:timeframe-mode="timeframeMode"
+					v-model:timeframe-preset="timeframePreset"
+					v-model:timeframe-last-amount="timeframeLastAmount"
+					v-model:timeframe-last-unit="timeframeLastUnit"
+					v-model:timeframe-custom-start-date="timeframeCustomStartDate"
+					v-model:timeframe-custom-end-date="timeframeCustomEndDate"
+					v-model:filters="filters"
+					:entries="entries"
+				/>
+			</div>
+		`,
+	}),
+}
+
+export const MobileCompact: Story = {
+	render: () => ({
+		components: { AuditLogTable },
+		setup() {
+			const query = ref('')
+			const filters = ref<ServerAuditLogFilters>({
+				userId: null,
+				worldId: null,
+			})
+			return {
+				entries: everyActionEntries.slice(0, 8),
+				filters,
+				query,
+				...createTimeframeState(),
+			}
+		},
+		template: /* html */ `
+			<div style="max-width: 390px;">
+				<AuditLogTable
+					v-model:query="query"
+					v-model:timeframe-mode="timeframeMode"
+					v-model:timeframe-preset="timeframePreset"
+					v-model:timeframe-last-amount="timeframeLastAmount"
+					v-model:timeframe-last-unit="timeframeLastUnit"
+					v-model:timeframe-custom-start-date="timeframeCustomStartDate"
+					v-model:timeframe-custom-end-date="timeframeCustomEndDate"
+					v-model:filters="filters"
+					:entries="entries"
+				/>
+			</div>
+		`,
+	}),
+}
diff --git a/packages/ui/src/stories/servers/EditServerIcon.stories.ts b/packages/ui/src/stories/servers/EditServerIcon.stories.ts
index 698cc2a33b..04d05a15f9 100644
--- a/packages/ui/src/stories/servers/EditServerIcon.stories.ts
+++ b/packages/ui/src/stories/servers/EditServerIcon.stories.ts
@@ -1,11 +1,14 @@
 import type { Archon, UploadState } from '@modrinth/api-client'
-import type { Stats } from '@modrinth/utils'
 import type { Meta, StoryObj } from '@storybook/vue3-vite'
 import { computed, ref } from 'vue'
 
 import EditServerIcon from '../../components/servers/edit-server-icon/EditServerIcon.vue'
 import { provideModrinthServerContext } from '../../providers'
-import type { CancelUploadHandler, ModrinthServerContext } from '../../providers/server-context'
+import type {
+	CancelUploadHandler,
+	ModrinthServerContext,
+	ServerStats,
+} from '../../providers/server-context'
 
 const meta = {
 	title: 'Servers/EditServerIcon',
@@ -22,7 +25,7 @@ const meta = {
 					upstream: null,
 				} as Archon.Servers.v0.Server)
 
-				const stats = ref<Stats>({
+				const stats = ref<ServerStats>({
 					current: {
 						cpu_percent: 0,
 						ram_usage_bytes: 0,
@@ -59,6 +62,8 @@ const meta = {
 					},
 					worldId: ref(null),
 					server,
+					serverFull: computed(() => null),
+					currentUserPermissions: computed(() => 0),
 					isConnected: ref(true),
 					isWsAuthIncorrect: ref(false),
 					powerState: ref('running'),
diff --git a/packages/ui/src/stories/servers/GrantAccessModal.stories.ts b/packages/ui/src/stories/servers/GrantAccessModal.stories.ts
new file mode 100644
index 0000000000..57802e5328
--- /dev/null
+++ b/packages/ui/src/stories/servers/GrantAccessModal.stories.ts
@@ -0,0 +1,98 @@
+import type { Meta, StoryObj } from '@storybook/vue3-vite'
+import { ref } from 'vue'
+
+import ButtonStyled from '../../components/base/ButtonStyled.vue'
+import GrantAccessModal from '../../components/servers/access/GrantAccessModal.vue'
+import type {
+	GrantServerAccessPayload,
+	ServerAccessMember,
+} from '../../components/servers/access/types'
+
+const meta = {
+	title: 'Servers/GrantAccessModal',
+	component: GrantAccessModal,
+	parameters: {
+		layout: 'centered',
+		docs: {
+			description: {
+				component:
+					'Role descriptions use the same instance-focused copy as the access page. The username field resolves users asynchronously before showing the empty state.',
+			},
+		},
+	},
+} satisfies Meta<typeof GrantAccessModal>
+
+export default meta
+type Story = StoryObj<typeof meta>
+
+export const Default: Story = {
+	render: () => ({
+		components: { ButtonStyled, GrantAccessModal },
+		setup() {
+			const modalRef = ref<InstanceType<typeof GrantAccessModal> | null>(null)
+			const lastAddedUser = ref('')
+			const users = [
+				{ id: 'fetch', username: 'Fetch' },
+				{ id: 'emma', username: 'Emma' },
+			]
+			async function resolveUser(target: string) {
+				await new Promise((resolve) => setTimeout(resolve, 250))
+				const normalizedTarget = target.trim().toLowerCase()
+				return users.find((user) => user.username.toLowerCase() === normalizedTarget) ?? null
+			}
+			function handleGrant(payload: GrantServerAccessPayload) {
+				lastAddedUser.value = `${payload.target} as ${payload.role}${
+					payload.addAsFriend ? ' with friend request' : ''
+				}`
+			}
+			return { modalRef, resolveUser, lastAddedUser, handleGrant }
+		},
+		template: /* html */ `
+			<div class="flex flex-col items-center gap-4">
+				<ButtonStyled color="brand">
+					<button @click="modalRef?.show($event)">Add user</button>
+				</ButtonStyled>
+				<p v-if="lastAddedUser" class="m-0 text-sm text-secondary">Last added: {{ lastAddedUser }}</p>
+				<GrantAccessModal ref="modalRef" :resolve-user="resolveUser" @grant="handleGrant" />
+			</div>
+		`,
+	}),
+}
+
+export const ExistingMember: Story = {
+	render: () => ({
+		components: { ButtonStyled, GrantAccessModal },
+		setup() {
+			const modalRef = ref<InstanceType<typeof GrantAccessModal> | null>(null)
+			const users = [
+				{ id: 'josh11', username: 'josh11' },
+				{ id: 'emma', username: 'Emma' },
+			]
+			const members: ServerAccessMember[] = [
+				{
+					id: 'story-josh11',
+					user: {
+						id: 'josh11',
+						username: 'josh11',
+					},
+					role: 'editor',
+					joinedAt: new Date().toISOString(),
+				},
+			]
+			async function resolveUser(target: string) {
+				await new Promise((resolve) => setTimeout(resolve, 250))
+				const normalizedTarget = target.trim().toLowerCase()
+				return users.find((user) => user.username.toLowerCase() === normalizedTarget) ?? null
+			}
+			return { modalRef, members, resolveUser }
+		},
+		template: /* html */ `
+			<div class="flex flex-col items-center gap-4">
+				<ButtonStyled color="brand">
+					<button @click="modalRef?.show($event)">Add existing user</button>
+				</ButtonStyled>
+				<GrantAccessModal ref="modalRef" :members="members" :resolve-user="resolveUser" />
+			</div>
+		`,
+	}),
+}
diff --git a/packages/ui/src/stories/servers/MedalServerListing.stories.ts b/packages/ui/src/stories/servers/MedalServerListing.stories.ts
index 9073f55465..b404f9ef13 100644
--- a/packages/ui/src/stories/servers/MedalServerListing.stories.ts
+++ b/packages/ui/src/stories/servers/MedalServerListing.stories.ts
@@ -41,6 +41,16 @@ export const Default: Story = {
 	},
 }
 
+export const SharedWithOwner: Story = {
+	args: {
+		...baseMedalServer,
+		name: 'Medal Co-op Server',
+		owner: {
+			username: 'Prospector',
+		},
+	},
+}
+
 export const ConfiguringNewServer: Story = {
 	args: {
 		...baseMedalServer,
diff --git a/packages/ui/src/stories/servers/RemoveAccessModal.stories.ts b/packages/ui/src/stories/servers/RemoveAccessModal.stories.ts
new file mode 100644
index 0000000000..6b81a8495d
--- /dev/null
+++ b/packages/ui/src/stories/servers/RemoveAccessModal.stories.ts
@@ -0,0 +1,76 @@
+import type { Meta, StoryObj } from '@storybook/vue3-vite'
+import { ref } from 'vue'
+
+import ButtonStyled from '../../components/base/ButtonStyled.vue'
+import RemoveAccessModal from '../../components/servers/access/RemoveAccessModal.vue'
+
+const meta = {
+	title: 'Servers/RemoveAccessModal',
+	component: RemoveAccessModal,
+	parameters: {
+		layout: 'centered',
+	},
+} satisfies Meta<typeof RemoveAccessModal>
+
+export default meta
+type Story = StoryObj<typeof meta>
+
+export const Default: Story = {
+	render: () => ({
+		components: { ButtonStyled, RemoveAccessModal },
+		setup() {
+			const modalRef = ref<InstanceType<typeof RemoveAccessModal> | null>(null)
+			const removed = ref(false)
+			function handleRemove() {
+				removed.value = true
+			}
+			return { modalRef, removed, handleRemove }
+		},
+		template: /* html */ `
+			<div class="flex flex-col items-center gap-4">
+				<ButtonStyled color="red">
+					<button @click="modalRef?.show()">Remove user</button>
+				</ButtonStyled>
+				<p v-if="removed" class="m-0 text-sm text-secondary">User removed</p>
+				<RemoveAccessModal
+					ref="modalRef"
+					username="Geometrically"
+					role="editor"
+					:joined-at="new Date(Date.now() - 21 * 24 * 60 * 60 * 1000).toISOString()"
+					@remove="handleRemove"
+				/>
+			</div>
+		`,
+	}),
+}
+
+export const CancelInvite: Story = {
+	render: () => ({
+		components: { ButtonStyled, RemoveAccessModal },
+		setup() {
+			const modalRef = ref<InstanceType<typeof RemoveAccessModal> | null>(null)
+			const cancelled = ref(false)
+			function handleCancel() {
+				cancelled.value = true
+			}
+			return { modalRef, cancelled, handleCancel }
+		},
+		template: /* html */ `
+			<div class="flex flex-col items-center gap-4">
+				<ButtonStyled color="red">
+					<button @click="modalRef?.show()">Cancel invite</button>
+				</ButtonStyled>
+				<p v-if="cancelled" class="m-0 text-sm text-secondary">Invite cancelled</p>
+				<RemoveAccessModal
+					ref="modalRef"
+					username="Geometrically"
+					role="viewer"
+					:joined-at="null"
+					pending
+					should-cancel
+					@remove="handleCancel"
+				/>
+			</div>
+		`,
+	}),
+}
diff --git a/packages/ui/src/stories/servers/ServerListing.stories.ts b/packages/ui/src/stories/servers/ServerListing.stories.ts
index d1fff61904..c890a6fba3 100644
--- a/packages/ui/src/stories/servers/ServerListing.stories.ts
+++ b/packages/ui/src/stories/servers/ServerListing.stories.ts
@@ -50,6 +50,16 @@ export const Default: Story = {
 	},
 }
 
+export const SharedWithOwner: Story = {
+	args: {
+		...baseServer,
+		name: 'Cobbletown',
+		owner: {
+			username: 'Prospector',
+		},
+	},
+}
+
 export const ConfiguringNewServer: Story = {
 	args: {
 		...baseServer,
diff --git a/packages/ui/src/stories/servers/ServerPanelAdmonitions.stories.ts b/packages/ui/src/stories/servers/ServerPanelAdmonitions.stories.ts
index b96d21ba89..aeccb82689 100644
--- a/packages/ui/src/stories/servers/ServerPanelAdmonitions.stories.ts
+++ b/packages/ui/src/stories/servers/ServerPanelAdmonitions.stories.ts
@@ -1,5 +1,4 @@
 import type { Archon, UploadState } from '@modrinth/api-client'
-import type { Stats } from '@modrinth/utils'
 import type { Meta, StoryObj } from '@storybook/vue3-vite'
 import { computed, onMounted, ref } from 'vue'
 import { useRouter } from 'vue-router'
@@ -8,7 +7,11 @@ import ServerPanelAdmonitions from '../../components/servers/admonitions/ServerP
 import { defineMessage } from '../../composables/i18n'
 import type { FileOperation } from '../../layouts/shared/files-tab/types'
 import { provideModrinthServerContext } from '../../providers'
-import type { CancelUploadHandler, ModrinthServerContext } from '../../providers/server-context'
+import type {
+	CancelUploadHandler,
+	ModrinthServerContext,
+	ServerStats,
+} from '../../providers/server-context'
 
 const meta = {
 	title: 'Servers/ServerPanelAdmonitions',
@@ -31,7 +34,7 @@ const meta = {
 					upstream: null,
 				} as Archon.Servers.v0.Server)
 
-				const stats = ref<Stats>({
+				const stats = ref<ServerStats>({
 					current: {
 						cpu_percent: 0,
 						ram_usage_bytes: 0,
@@ -76,6 +79,8 @@ const meta = {
 					},
 					worldId: ref(null),
 					server,
+					serverFull: computed(() => null),
+					currentUserPermissions: computed(() => 0),
 					isConnected: ref(true),
 					isWsAuthIncorrect: ref(false),
 					powerState: ref('running'),
diff --git a/packages/ui/src/stories/servers/audit-log-entry-examples.json b/packages/ui/src/stories/servers/audit-log-entry-examples.json
new file mode 100644
index 0000000000..78ac23eab0
--- /dev/null
+++ b/packages/ui/src/stories/servers/audit-log-entry-examples.json
@@ -0,0 +1,930 @@
+{
+	"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+	"server": {
+		"id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+		"name": "CaffeineMC Fabric SMP",
+		"subdomain": "caffeine-smp"
+	},
+	"worlds": [
+		{
+			"id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"name": "Overworld"
+		},
+		{
+			"id": "ba1a5666-96fc-4de5-9b91-977dd7b58d09",
+			"name": "Creative testing"
+		}
+	],
+	"backups": [
+		{
+			"id": "142f5ee6-a239-4824-bc69-5db0e9564c24",
+			"physical_id": "restic:4f3d5df7/142f5ee6-a239-4824-bc69-5db0e9564c24",
+			"name": "Pre-1.21.1 upgrade",
+			"created_at": "2026-05-20T11:40:00Z",
+			"automated": false,
+			"status": "done",
+			"interrupted": false,
+			"ongoing": false,
+			"locked": false
+		},
+		{
+			"id": "2f9c9471-baba-45ff-a2c1-23c9962095ec",
+			"physical_id": "restic:4f3d5df7/2f9c9471-baba-45ff-a2c1-23c9962095ec",
+			"name": "Before Nether reset",
+			"created_at": "2026-05-20T13:55:00Z",
+			"automated": false,
+			"status": "done",
+			"interrupted": false,
+			"ongoing": false,
+			"locked": false
+		},
+		{
+			"id": "6f2ef8ef-3329-4c77-bb06-8a1b6b1db0f0",
+			"physical_id": "restic:4f3d5df7/6f2ef8ef-3329-4c77-bb06-8a1b6b1db0f0",
+			"name": "Rollback after datapack test",
+			"created_at": "2026-05-20T14:15:00Z",
+			"automated": false,
+			"status": "done",
+			"interrupted": false,
+			"ongoing": false,
+			"locked": true
+		}
+	],
+	"next_offset": null,
+	"data": [
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_created"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:00:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "changed_server_name",
+				"metadata": {
+					"name": "CaffeineMC Fabric SMP"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:05:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "changed_server_subdomain",
+				"metadata": {
+					"subdomain": "caffeine-smp"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:10:00Z"
+		},
+		{
+			"actor": {
+				"type": "support",
+				"user_id": "JZA4dW8o"
+			},
+			"action": {
+				"action": "server_reallocated"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:15:00Z"
+		},
+		{
+			"actor": {
+				"type": "support",
+				"user_id": "JZA4dW8o"
+			},
+			"action": {
+				"action": "server_plan_changed",
+				"metadata": {
+					"new_specs": {
+						"cpu": 4,
+						"memory_mb": 8192,
+						"storage_mb": 40960,
+						"swap_mb": 1024
+					}
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:20:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "user_invited",
+				"metadata": {
+					"user_id": "JZA4dW8o",
+					"permissions": "BASE_READ | POWER_ACTIONS"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:25:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "user_invite_revoked",
+				"metadata": {
+					"user_id": "DzLrfrbK"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:30:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "user_permission_modified",
+				"metadata": {
+					"user_id": "JZA4dW8o",
+					"permissions": "BASE_READ | FILES_WRITE | SETUP | BACKUPS"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:35:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "user_removed",
+				"metadata": {
+					"user_id": "DzLrfrbK"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T09:40:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_added",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "AANobbMI",
+							"version_id": "u1OEbNKx"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T09:45:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_added",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "P7dR8mSH",
+							"version_id": "Lwt6YYHL"
+						},
+						{
+							"addon_id": "gvQqBUqZ",
+							"version_id": "XQJtuOTA"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T09:50:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_uploaded",
+				"metadata": {
+					"file_names": ["sodium-fabric-0.6.13+mc1.21.1.jar"]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T09:55:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_uploaded",
+				"metadata": {
+					"file_names": ["fabric-api-0.116.12+1.21.1.jar", "lithium-fabric-0.15.3+mc1.21.1.jar"]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:00:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_disabled",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "YL57xq9U",
+							"version_id": "zsoi0dso"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:05:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_disabled",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "AANobbMI",
+							"version_id": "u1OEbNKx"
+						},
+						{
+							"addon_id": "YL57xq9U",
+							"version_id": "zsoi0dso"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:10:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_enabled",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "YL57xq9U",
+							"version_id": "zsoi0dso"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:15:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_enabled",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "AANobbMI",
+							"version_id": "u1OEbNKx"
+						},
+						{
+							"addon_id": "YL57xq9U",
+							"version_id": "zsoi0dso"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:20:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_deleted",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "YL57xq9U",
+							"version_id": "zsoi0dso"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:25:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_deleted",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "AANobbMI",
+							"version_id": "u1OEbNKx"
+						},
+						{
+							"addon_id": "P7dR8mSH",
+							"version_id": "Lwt6YYHL"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:30:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_updated",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "AANobbMI",
+							"version_id": "u1OEbNKx"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:35:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "addon_updated",
+				"metadata": {
+					"addons": [
+						{
+							"addon_id": "P7dR8mSH",
+							"version_id": "Lwt6YYHL"
+						},
+						{
+							"addon_id": "gvQqBUqZ",
+							"version_id": "XQJtuOTA"
+						}
+					]
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:40:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "uk2lIMmm"
+			},
+			"action": {
+				"action": "modpack_changed",
+				"metadata": {
+					"spec": {
+						"platform": "modrinth",
+						"project_id": "BYN9yKrV",
+						"version_id": "w0KHzZ43",
+						"mrpack_sha1": "6b277e2f6e3a9a1acef3342bd154ade25031ad70"
+					}
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:45:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "uk2lIMmm"
+			},
+			"action": {
+				"action": "modpack_unlinked",
+				"metadata": {
+					"spec": {
+						"platform": "modrinth",
+						"project_id": "BYN9yKrV",
+						"version_id": "w0KHzZ43",
+						"mrpack_sha1": "6b277e2f6e3a9a1acef3342bd154ade25031ad70"
+					}
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:50:00Z"
+		},
+		{
+			"actor": {
+				"type": "support",
+				"user_id": "JZA4dW8o"
+			},
+			"action": {
+				"action": "server_repaired"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T10:55:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_reset"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "ba1a5666-96fc-4de5-9b91-977dd7b58d09",
+			"timestamp": "2026-05-20T11:00:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_started"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T11:05:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_stopped"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T11:10:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_restarted"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T11:15:00Z"
+		},
+		{
+			"actor": {
+				"type": "support",
+				"user_id": "JZA4dW8o"
+			},
+			"action": {
+				"action": "server_killed"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T11:20:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "port_allocation_added",
+				"metadata": {
+					"port": 25565
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:25:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "port_allocation_removed",
+				"metadata": {
+					"port": 24454
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:30:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "loader_version_edited",
+				"metadata": {
+					"new_loader": "fabric",
+					"new_version": "0.16.14"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:35:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "game_version_edited",
+				"metadata": {
+					"new_version": "1.21.1"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:40:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_properties_modified",
+				"metadata": {
+					"properties": {
+						"difficulty": "hard"
+					}
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:45:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "server_properties_modified",
+				"metadata": {
+					"properties": {
+						"max-players": "20",
+						"simulation-distance": "8",
+						"view-distance": "10"
+					}
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:50:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "file_uploaded",
+				"metadata": {
+					"path": "/mods/lithium-fabric-0.15.3+mc1.21.1.jar"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T11:55:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "file_deleted",
+				"metadata": {
+					"path": "/mods/old-performance-patch.jar"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:00:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "file_renamed",
+				"metadata": {
+					"from": "/world/datapacks/trial-test.zip",
+					"to": "/world/datapacks/trial-test.zip.disabled"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:05:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "file_edited",
+				"metadata": {
+					"path": "/server.properties"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:10:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "sftp_login"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": null,
+			"timestamp": "2026-05-20T12:15:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "console_command_executed",
+				"metadata": {
+					"command": "say Maintenance in 5 minutes"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:20:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "console_cleared"
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:25:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "backup_created",
+				"metadata": {
+					"id": "142f5ee6-a239-4824-bc69-5db0e9564c24"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:30:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "backup_renamed",
+				"metadata": {
+					"id": "2f9c9471-baba-45ff-a2c1-23c9962095ec",
+					"from": "Before Nether test",
+					"to": "Before Nether reset"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:35:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "backup_restored",
+				"metadata": {
+					"id": "6f2ef8ef-3329-4c77-bb06-8a1b6b1db0f0"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:40:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "backup_deleted",
+				"metadata": {
+					"id": "0dd0eb1e-f0e0-46d1-b32f-5245e18bf563"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "ba1a5666-96fc-4de5-9b91-977dd7b58d09",
+			"timestamp": "2026-05-20T12:45:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "startup_command_modified",
+				"metadata": {
+					"command": "java -Xms4G -Xmx8G -jar fabric-server-launch.jar nogui"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:50:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "java_runtime_modified",
+				"metadata": {
+					"vendor": "temurin"
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T12:55:00Z"
+		},
+		{
+			"actor": {
+				"type": "user",
+				"user_id": "TEZXhE2U"
+			},
+			"action": {
+				"action": "java_version_modified",
+				"metadata": {
+					"version": 21
+				}
+			},
+			"server_id": "4f3d5df7-4e75-4f08-a1f5-fc472fb7b7bd",
+			"world_id": "7dd2f1a9-2a94-41fb-a0c7-92653ec980ab",
+			"timestamp": "2026-05-20T13:00:00Z"
+		}
+	],
+	"users": {
+		"TEZXhE2U": {
+			"username": "jellysquid3",
+			"avatar_url": "https://cdn.modrinth.com/user/TEZXhE2U/f4705a5f2388c65029ae2e59f1434b3e6e4de23a.png"
+		},
+		"JZA4dW8o": {
+			"username": "modmuss50",
+			"avatar_url": "https://avatars2.githubusercontent.com/u/4324090?v=4"
+		},
+		"DzLrfrbK": {
+			"username": "IMS",
+			"avatar_url": "https://avatars3.githubusercontent.com/u/31803019?v=4"
+		},
+		"uk2lIMmm": {
+			"username": "devin",
+			"avatar_url": "https://cdn.modrinth.com/user/uk2lIMmm/9ceb45272fef68343dcbc01696eb1c6856acb701.png"
+		}
+	},
+	"addons": {
+		"AANobbMI": {
+			"title": "Sodium",
+			"slug": "sodium",
+			"icon_url": "https://cdn.modrinth.com/data/AANobbMI/295862f4724dc3f78df3447ad6072b2dcd3ef0c9_96.webp",
+			"version": null
+		},
+		"P7dR8mSH": {
+			"title": "Fabric API",
+			"slug": "fabric-api",
+			"icon_url": "https://cdn.modrinth.com/data/P7dR8mSH/icon.png",
+			"version": null
+		},
+		"YL57xq9U": {
+			"title": "Iris Shaders",
+			"slug": "iris",
+			"icon_url": "https://cdn.modrinth.com/data/YL57xq9U/18d0e7f076d3d6ed5bedd472b853909aac5da202_96.webp",
+			"version": null
+		},
+		"gvQqBUqZ": {
+			"title": "Lithium",
+			"slug": "lithium",
+			"icon_url": "https://cdn.modrinth.com/data/gvQqBUqZ/bcc8686c13af0143adf4285d741256af824f70b7_96.webp",
+			"version": null
+		},
+		"BYN9yKrV": {
+			"title": "Adrenaline",
+			"slug": "adrenaline",
+			"icon_url": "https://cdn.modrinth.com/data/BYN9yKrV/98f14519960b17418d5ba5ebfdc46c85154ad87b_96.webp",
+			"version": null
+		}
+	},
+	"versions": {
+		"u1OEbNKx": {
+			"name": "Sodium 0.6.13 for Fabric 1.21.1",
+			"version_number": "mc1.21.1-0.6.13-fabric"
+		},
+		"Lwt6YYHL": {
+			"name": "[1.21.1] Fabric API 0.116.12+1.21.1",
+			"version_number": "0.116.12+1.21.1"
+		},
+		"zsoi0dso": {
+			"name": "Iris 1.8.8 for Fabric 1.21.1",
+			"version_number": "1.8.8+1.21.1-fabric"
+		},
+		"XQJtuOTA": {
+			"name": "Lithium 0.15.3 for Fabric",
+			"version_number": "mc1.21.1-0.15.3-fabric"
+		},
+		"w0KHzZ43": {
+			"name": "26.1.4+mc1.21.1.fabric",
+			"version_number": "26.1.4+mc1.21.1.fabric"
+		}
+	}
+}
diff --git a/packages/ui/src/utils/billing.ts b/packages/ui/src/utils/billing.ts
index f2dac64d06..c3934a8341 100644
--- a/packages/ui/src/utils/billing.ts
+++ b/packages/ui/src/utils/billing.ts
@@ -1,6 +1,7 @@
-import type { Loaders } from '@modrinth/utils'
 import type Stripe from 'stripe'
 
+import type { ServerLoader } from './loaders'
+
 export type ServerBillingInterval = 'monthly' | 'yearly' | 'quarterly'
 
 export const monthsInInterval: Record<ServerBillingInterval, number> = {
@@ -82,7 +83,7 @@ export type CreatePaymentIntentRequest = PaymentRequestType & {
 		affiliate_code?: string
 		source:
 			| {
-					loader: Loaders
+					loader: ServerLoader
 					game_version?: string
 					loader_version?: string
 			  }
diff --git a/packages/ui/src/utils/common-messages.ts b/packages/ui/src/utils/common-messages.ts
index 762f4209ea..e3350f2e1c 100644
--- a/packages/ui/src/utils/common-messages.ts
+++ b/packages/ui/src/utils/common-messages.ts
@@ -189,6 +189,10 @@ export const commonMessages = defineMessages({
 		id: 'label.no',
 		defaultMessage: 'No',
 	},
+	noPermissionAction: {
+		id: 'action.no-permission',
+		defaultMessage: 'You do not have permission.',
+	},
 	notificationsLabel: {
 		id: 'label.notifications',
 		defaultMessage: 'Notifications',
diff --git a/packages/ui/src/utils/index.ts b/packages/ui/src/utils/index.ts
index 7688e567ee..541b999cf9 100644
--- a/packages/ui/src/utils/index.ts
+++ b/packages/ui/src/utils/index.ts
@@ -1,3 +1,4 @@
+export { createAttributionGroupTitle } from '../components/external_files/external-project-utils'
 export * from './auto-icons'
 export * from './common-messages'
 export * from './events'
diff --git a/packages/ui/src/utils/loaders.ts b/packages/ui/src/utils/loaders.ts
index e590abc3e2..fc7ada93b3 100644
--- a/packages/ui/src/utils/loaders.ts
+++ b/packages/ui/src/utils/loaders.ts
@@ -1,3 +1,7 @@
+import type { Archon } from '@modrinth/api-client'
+
+export type ServerLoader = Archon.Servers.v0.Loader | 'Bukkit'
+
 export const loaderDisplayNames: Record<string, string> = {
 	fabric: 'Fabric',
 	neoforge: 'NeoForge',
@@ -6,6 +10,7 @@ export const loaderDisplayNames: Record<string, string> = {
 	quilt: 'Quilt',
 	paper: 'Paper',
 	purpur: 'Purpur',
+	bukkit: 'Bukkit',
 	vanilla: 'Vanilla',
 }
 
diff --git a/packages/ui/src/utils/truncate.ts b/packages/ui/src/utils/truncate.ts
index a38dc03f46..9d44261414 100644
--- a/packages/ui/src/utils/truncate.ts
+++ b/packages/ui/src/utils/truncate.ts
@@ -22,6 +22,9 @@ export function truncatedTooltip(
 ): string | undefined {
 	const el = unref(element)
 	if (!el) return undefined
+	if (!tooltipText) return undefined
 
-	return el.scrollWidth > el.clientWidth ? tooltipText : undefined
+	return el.scrollWidth > el.clientWidth || el.scrollHeight > el.clientHeight
+		? tooltipText
+		: undefined
 }
diff --git a/packages/utils/index.ts b/packages/utils/index.ts
index cf9bd68e76..5f466af486 100644
--- a/packages/utils/index.ts
+++ b/packages/utils/index.ts
@@ -3,7 +3,6 @@ export * from './highlightjs'
 export * from './licenses'
 export * from './parse'
 export * from './projects'
-export * from './servers'
 export * from './types'
 export * from './users'
 export * from './utils'
diff --git a/packages/utils/projects.ts b/packages/utils/projects.ts
index 639e7dfd81..c7f8f2e95d 100644
--- a/packages/utils/projects.ts
+++ b/packages/utils/projects.ts
@@ -1,4 +1,5 @@
 import type { Labrinth } from '@modrinth/api-client'
+import { compareByIndex } from './utils'
 // noinspection JSUnusedGlobalSymbols
 
 export const isApproved = (project) => {
@@ -255,7 +256,7 @@ export function getPrimaryProjectType(project: Labrinth.Projects.v3.Project): Di
 	} else {
 		const sorted = project.project_types
 			.slice()
-			.sort((a, b) => PROJECT_TYPE_PRECEDENCE.indexOf(a) - PROJECT_TYPE_PRECEDENCE.indexOf(b))
+			.sort((a, b) => compareByIndex(PROJECT_TYPE_PRECEDENCE, a, b))
 		if (sorted.length > 0) {
 			return sorted[0]
 		} else {
diff --git a/packages/utils/servers/errors/index.ts b/packages/utils/servers/errors/index.ts
deleted file mode 100644
index 251b762eed..0000000000
--- a/packages/utils/servers/errors/index.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export * from './modrinth-server-error'
-export * from './modrinth-servers-fetch-error'
-export * from './modrinth-servers-multi-error'
diff --git a/packages/utils/servers/errors/modrinth-server-error.ts b/packages/utils/servers/errors/modrinth-server-error.ts
deleted file mode 100644
index b5ced9ff22..0000000000
--- a/packages/utils/servers/errors/modrinth-server-error.ts
+++ /dev/null
@@ -1,61 +0,0 @@
-import { FetchError } from 'ofetch'
-
-import type { V1ErrorInfo } from '../types'
-
-export class ModrinthServerError extends Error {
-	constructor(
-		message: string,
-		public readonly statusCode?: number,
-		public readonly originalError?: Error,
-		public readonly module?: string,
-		public readonly v1Error?: V1ErrorInfo,
-		public readonly responseData?: unknown,
-	) {
-		let errorMessage = message
-		let method = 'GET'
-		let path = ''
-
-		if (originalError instanceof FetchError) {
-			const matches = message.match(/\[([A-Z]+)\]\s+"([^"]+)":/)
-			if (matches) {
-				method = matches[1]
-				path = matches[2].replace(/https?:\/\/[^/]+\/[^/]+\/v\d+\//, '')
-			}
-
-			const statusMessage = (() => {
-				if (!statusCode) return 'Unknown Error'
-				switch (statusCode) {
-					case 400:
-						return 'Bad Request'
-					case 401:
-						return 'Unauthorized'
-					case 403:
-						return 'Forbidden'
-					case 404:
-						return 'Not Found'
-					case 408:
-						return 'Request Timeout'
-					case 429:
-						return 'Too Many Requests'
-					case 500:
-						return 'Internal Server Error'
-					case 502:
-						return 'Bad Gateway'
-					case 503:
-						return 'Service Unavailable'
-					case 504:
-						return 'Gateway Timeout'
-					default:
-						return `HTTP ${statusCode}`
-				}
-			})()
-
-			errorMessage = `[${method}] ${statusMessage} (${statusCode}) while fetching ${path}${module ? ` in ${module}` : ''}`
-		} else {
-			errorMessage = `${message}${statusCode ? ` (${statusCode})` : ''}${module ? ` in ${module}` : ''}`
-		}
-
-		super(errorMessage)
-		this.name = 'ModrinthServersFetchError'
-	}
-}
diff --git a/packages/utils/servers/errors/modrinth-servers-fetch-error.ts b/packages/utils/servers/errors/modrinth-servers-fetch-error.ts
deleted file mode 100644
index 098e702f9b..0000000000
--- a/packages/utils/servers/errors/modrinth-servers-fetch-error.ts
+++ /dev/null
@@ -1,10 +0,0 @@
-export class ModrinthServersFetchError extends Error {
-	constructor(
-		message: string,
-		public statusCode?: number,
-		public originalError?: Error,
-	) {
-		super(message)
-		this.name = 'ModrinthFetchError'
-	}
-}
diff --git a/packages/utils/servers/errors/modrinth-servers-multi-error.ts b/packages/utils/servers/errors/modrinth-servers-multi-error.ts
deleted file mode 100644
index 1fd7356fb9..0000000000
--- a/packages/utils/servers/errors/modrinth-servers-multi-error.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-export class ModrinthServersMultiError extends Error {
-	public readonly errors: Map<string, Error> = new Map()
-	public readonly timestamp: number = Date.now()
-
-	constructor(message?: string) {
-		super(message || 'Multiple errors occurred')
-		this.name = 'MultipleErrors'
-	}
-
-	addError(module: string, error: Error) {
-		this.errors.set(module, error)
-		this.message = this.buildErrorMessage()
-	}
-
-	hasErrors() {
-		return this.errors.size > 0
-	}
-
-	private buildErrorMessage(): string {
-		return Array.from(this.errors.entries())
-
-			.map(([_module, error]) => error.message)
-			.join('\n')
-	}
-}
diff --git a/packages/utils/servers/index.ts b/packages/utils/servers/index.ts
deleted file mode 100644
index 9794930298..0000000000
--- a/packages/utils/servers/index.ts
+++ /dev/null
@@ -1,2 +0,0 @@
-export * from './errors'
-export * from './types'
diff --git a/packages/utils/servers/types/api.ts b/packages/utils/servers/types/api.ts
deleted file mode 100644
index d589d6034d..0000000000
--- a/packages/utils/servers/types/api.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import type { ModrinthServerError } from '../errors'
-
-export interface V1ErrorInfo {
-	context?: string
-	error: string
-	description: string
-}
-
-export interface JWTAuth {
-	url: string
-	token: string
-}
-
-export interface ModuleError {
-	error: ModrinthServerError
-	timestamp: number
-}
-
-export type ModuleName = 'general' | 'network' | 'startup'
diff --git a/packages/utils/servers/types/common.ts b/packages/utils/servers/types/common.ts
deleted file mode 100644
index 5c033a084b..0000000000
--- a/packages/utils/servers/types/common.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-export type ServerNotice = {
-	id: number
-	message: string
-	title?: string
-	level: 'info' | 'warn' | 'critical' | 'survey'
-	dismissable: boolean
-	announce_at: string
-	expires: string
-	assigned: {
-		kind: 'server' | 'node'
-		id: string
-		name: string
-	}[]
-	dismissed_by: {
-		server: string
-		dismissed_on: string
-	}[]
-}
diff --git a/packages/utils/servers/types/content.ts b/packages/utils/servers/types/content.ts
deleted file mode 100644
index 0802e76488..0000000000
--- a/packages/utils/servers/types/content.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-export interface Mod {
-	filename: string
-	project_id: string | undefined
-	version_id: string | undefined
-	name: string | undefined
-	version_number: string | undefined
-	icon_url: string | undefined
-	owner: string | undefined
-	disabled: boolean
-	installing: boolean
-}
-
-export type ContentType = 'mod' | 'plugin'
diff --git a/packages/utils/servers/types/filesystem.ts b/packages/utils/servers/types/filesystem.ts
deleted file mode 100644
index c8c7ad198a..0000000000
--- a/packages/utils/servers/types/filesystem.ts
+++ /dev/null
@@ -1,33 +0,0 @@
-import type { JWTAuth } from './api'
-import type { FilesystemOp, FSQueuedOp } from './websocket'
-
-export interface DirectoryItem {
-	name: string
-	type: 'directory' | 'file'
-	count?: number
-	modified: number
-	created: number
-	path: string
-}
-
-export interface FileUploadQuery {
-	// eslint-disable-next-line @typescript-eslint/no-explicit-any
-	promise: Promise<any>
-	onProgress: (
-		callback: (progress: { loaded: number; total: number; progress: number }) => void,
-	) => void
-	cancel: () => void
-}
-
-export interface DirectoryResponse {
-	items: DirectoryItem[]
-	total: number
-	current?: number
-}
-
-export interface FSModule {
-	auth: JWTAuth
-	ops: FilesystemOp[]
-	queuedOps: FSQueuedOp[]
-	opsQueuedForModification: string[]
-}
diff --git a/packages/utils/servers/types/index.ts b/packages/utils/servers/types/index.ts
deleted file mode 100644
index ef322a5991..0000000000
--- a/packages/utils/servers/types/index.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-export * from './api'
-export * from './common'
-export * from './content'
-export * from './filesystem'
-export * from './server'
-export * from './stats'
-export * from './websocket'
diff --git a/packages/utils/servers/types/server.ts b/packages/utils/servers/types/server.ts
deleted file mode 100644
index e0b8a22438..0000000000
--- a/packages/utils/servers/types/server.ts
+++ /dev/null
@@ -1,77 +0,0 @@
-import type { Project } from '../../types'
-import type { ServerNotice } from './common'
-
-export interface ServerGeneral {
-	server_id: string
-	name: string
-	net: {
-		ip: string
-		port: number
-		domain: string
-	}
-	game: string
-	backup_quota: number
-	used_backup_quota: number
-	status: string
-	suspension_reason: 'moderated' | 'paymentfailed' | 'cancelled' | 'upgrading' | 'other' | string
-	loader: string
-	loader_version: string
-	mc_version: string
-	upstream: {
-		kind: 'modpack' | 'mod' | 'resourcepack'
-		version_id: string
-		project_id: string
-	} | null
-	motd?: string
-	image?: string
-	project?: Project
-	sftp_username: string
-	sftp_password: string
-	sftp_host: string
-	datacenter?: string
-	notices?: ServerNotice[]
-	node: {
-		token: string
-		instance: string
-	}
-	flows?: {
-		intro?: boolean
-	}
-	is_medal?: boolean
-}
-
-export interface Allocation {
-	port: number
-	name: string
-}
-
-export interface Startup {
-	invocation: string
-	original_invocation: string
-	jdk_version: 'lts8' | 'lts11' | 'lts17' | 'lts21'
-	jdk_build: 'corretto' | 'temurin' | 'graal'
-}
-
-export type PowerAction = 'Start' | 'Stop' | 'Restart' | 'Kill'
-export type JDKVersion = 'lts8' | 'lts11' | 'lts17' | 'lts21'
-export type JDKBuild = 'corretto' | 'temurin' | 'graal'
-
-export type Loaders =
-	| 'Fabric'
-	| 'Quilt'
-	| 'Forge'
-	| 'NeoForge'
-	| 'Paper'
-	| 'Spigot'
-	| 'Bukkit'
-	| 'Vanilla'
-	| 'Purpur'
-
-export type ServerState =
-	| 'starting'
-	| 'running'
-	| 'restarting'
-	| 'stopping'
-	| 'stopped'
-	| 'crashed'
-	| 'unknown'
diff --git a/packages/utils/servers/types/stats.ts b/packages/utils/servers/types/stats.ts
deleted file mode 100644
index 8f53161f28..0000000000
--- a/packages/utils/servers/types/stats.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-export interface Stats {
-	current: {
-		cpu_percent: number
-		ram_usage_bytes: number
-		ram_total_bytes: number
-		storage_usage_bytes: number
-		storage_total_bytes: number
-	}
-	past: {
-		cpu_percent: number
-		ram_usage_bytes: number
-		ram_total_bytes: number
-		storage_usage_bytes: number
-		storage_total_bytes: number
-	}
-	graph: {
-		cpu: number[]
-		ram: number[]
-	}
-}
diff --git a/packages/utils/servers/types/websocket.ts b/packages/utils/servers/types/websocket.ts
deleted file mode 100644
index 3ecdf8b1ba..0000000000
--- a/packages/utils/servers/types/websocket.ts
+++ /dev/null
@@ -1,99 +0,0 @@
-import type { ServerState } from './server'
-import type { Stats } from './stats'
-
-export interface WSAuth {
-	url: string
-	token: string
-}
-
-export interface WSLogEvent {
-	event: 'log'
-	message: string
-}
-
-type CurrentStats = Stats['current']
-
-export interface WSStatsEvent extends CurrentStats {
-	event: 'stats'
-}
-
-export interface WSAuthExpiringEvent {
-	event: 'auth-expiring'
-}
-
-export interface WSPowerStateEvent {
-	event: 'power-state'
-	state: ServerState
-	// if state "crashed"
-	oom_killed?: boolean
-	exit_code?: number
-}
-
-export interface WSAuthIncorrectEvent {
-	event: 'auth-incorrect'
-}
-
-export interface WSInstallationResultOkEvent {
-	event: 'installation-result'
-	result: 'ok'
-}
-
-export interface WSInstallationResultErrEvent {
-	event: 'installation-result'
-	result: 'err'
-	reason: string
-}
-
-export type WSInstallationResultEvent = WSInstallationResultOkEvent | WSInstallationResultErrEvent
-
-export interface WSAuthOkEvent {
-	event: 'auth-ok'
-}
-
-export interface WSUptimeEvent {
-	event: 'uptime'
-	uptime: number // seconds
-}
-
-export interface WSNewModEvent {
-	event: 'new-mod'
-}
-
-export type FSQueuedOpUnarchive = {
-	op: 'unarchive'
-	src: string
-}
-
-export type FSQueuedOp = FSQueuedOpUnarchive
-
-export type FSOpUnarchive = {
-	op: 'unarchive'
-	progress: number // Note: 1 does not mean it's done
-	id: string // UUID
-
-	mime: string
-	src: string
-	state:
-		| 'queued'
-		| 'ongoing'
-		| 'cancelled'
-		| 'done'
-		| 'failed-corrupted'
-		| 'failed-invalid-path'
-		| 'failed-cf-no-serverpack'
-		| 'failed-cf-not-available'
-		| 'failed-not-reachable'
-
-	current_file: string | null
-	failed_path?: string
-	bytes_processed: number
-	files_processed: number
-	started: string
-}
-
-export type FilesystemOp = FSOpUnarchive
-
-export interface WSFilesystemOpsEvent {
-	event: 'filesystem-ops'
-	all: FilesystemOp[]
-}
diff --git a/packages/utils/utils.ts b/packages/utils/utils.ts
index 286c823460..ccc9c4266b 100644
--- a/packages/utils/utils.ts
+++ b/packages/utils/utils.ts
@@ -289,3 +289,33 @@ export function arrayBufferToBase64(buffer: Uint8Array | ArrayBuffer): string {
 }
 export const DEFAULT_CREDIT_EMAIL_MESSAGE =
 	"We're really sorry about the recent issues with your server."
+
+/**
+ * Comparator for sorting values by first occurrence index in {@link order}.
+ * Values absent from {@link order} behave as tied after listed values (`order.length`).
+ */
+export function compareByIndex<T>(order: readonly T[], a: T, b: T): number {
+	const ia = order.indexOf(a)
+	const ib = order.indexOf(b)
+	const ra = ia === -1 ? order.length : ia
+	const rb = ib === -1 ? order.length : ib
+	return ra - rb
+}
+
+/**
+ * Sort {@link items} in place according to {@link order}, returning the same array reference.
+ *
+ * If the array should not be mutated, use {@link sortedByIndex}.
+ */
+export function sortByIndex<T>(order: readonly T[], items: T[]): T[] {
+	items.sort((a, b) => compareByIndex(order, a, b))
+	return items
+}
+
+/**
+ * Creates a sorted copy of {@link items} according to {@link order}.
+ *
+ */
+export function sortedByIndex<T>(order: readonly T[], items: T[]): T[] {
+	return items.slice().sort((a, b) => compareByIndex(order, a, b))
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 442dd9c93c..65d8a252d1 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -173,7 +173,7 @@ importers:
     devDependencies:
       '@eslint/compat':
         specifier: ^1.1.1
-        version: 1.4.1(eslint@9.39.2(jiti@2.6.1))
+        version: 1.4.1(eslint@9.39.2(jiti@1.21.7))
       '@formatjs/cli':
         specifier: ^6.2.12
         version: 6.12.2(@vue/compiler-core@3.5.27)(vue@3.5.27(typescript@5.9.3))
@@ -182,22 +182,22 @@ importers:
         version: link:../../packages/tooling-config
       '@nuxt/eslint-config':
         specifier: ^0.5.6
-        version: 0.5.7(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
+        version: 0.5.7(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
       '@taijased/vue-render-tracker':
         specifier: ^1.0.7
         version: 1.0.7(vue@3.5.27(typescript@5.9.3))
       '@vitejs/plugin-vue':
         specifier: ^6.0.3
-        version: 6.0.4(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))
+        version: 6.0.4(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@1.21.7)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))
       autoprefixer:
         specifier: ^10.4.19
         version: 10.4.24(postcss@8.5.6)
       eslint:
         specifier: ^9.9.1
-        version: 9.39.2(jiti@2.6.1)
+        version: 9.39.2(jiti@1.21.7)
       eslint-plugin-turbo:
         specifier: ^2.5.4
-        version: 2.8.2(eslint@9.39.2(jiti@2.6.1))(turbo@2.8.2)
+        version: 2.8.2(eslint@9.39.2(jiti@1.21.7))(turbo@2.8.2)
       postcss:
         specifier: ^8.4.39
         version: 8.5.6
@@ -215,7 +215,7 @@ importers:
         version: 5.9.3
       vite:
         specifier: ^8.0.0
-        version: 8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
+        version: 8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@1.21.7)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
       vue-component-type-helpers:
         specifier: ^3.1.8
         version: 3.2.4
@@ -283,7 +283,7 @@ importers:
         version: link:../../packages/utils
       '@sentry/nuxt':
         specifier: ^10.33.0
-        version: 10.38.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0))(@opentelemetry/resources@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(pinia@3.0.4(typescript@5.9.3)(vue@3.5.27(typescript@5.9.3)))(rollup@4.57.1)(vue@3.5.27(typescript@5.9.3))
+        version: 10.38.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0))(@opentelemetry/resources@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(pinia@3.0.4(typescript@5.9.3)(vue@3.5.27(typescript@5.9.3)))(rollup@4.57.1)(vue@3.5.27(typescript@5.9.3))
       '@tanstack/vue-query':
         specifier: 5.90.7
         version: 5.90.7(vue@3.5.27(typescript@5.9.3))
@@ -409,8 +409,8 @@ importers:
         specifier: ^10.2.7
         version: 10.5.0
       nuxt:
-        specifier: ^3.20.2
-        version: 3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
+        specifier: '=3.20.2'
+        version: 3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
       postcss:
         specifier: ^8.4.39
         version: 8.5.6
@@ -781,7 +781,7 @@ importers:
         version: 5.2.4(vite@5.4.21(@types/node@24.12.2)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0))(vue@3.5.27(typescript@5.9.3))
       eslint-plugin-storybook:
         specifier: ^10.1.10
-        version: 10.2.4(eslint@9.39.2(jiti@1.21.7))(storybook@10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(typescript@5.9.3)
+        version: 10.2.4(eslint@9.39.2(jiti@2.6.1))(storybook@10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(typescript@5.9.3)
       storybook:
         specifier: ^10.1.10
         version: 10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
@@ -1214,8 +1214,8 @@ packages:
     resolution: {integrity: sha512-kzyuwOAQnXJNLS9PSyrk0CWk35nWJW/zl/6KvnTBMFK65gm7U1/Z5BqjxeapjZCIhQcM/DsrEmcbRwDyXyXK4A==}
     engines: {node: '>=14'}
 
-  '@dxup/nuxt@0.3.2':
-    resolution: {integrity: sha512-2f2usP4oLNsIGjPprvABe3f3GWuIhIDp0169pGLFxTDRI5A4d4sBbGpR+tD9bGZCT+1Btb6Q2GKlyv3LkDCW5g==}
+  '@dxup/nuxt@0.2.2':
+    resolution: {integrity: sha512-RNpJjDZs9+JcT9N87AnOuHsNM75DEd58itADNd/s1LIF6BZbTLZV0xxilJZb55lntn4TYvscTaXLCBX2fq9CXg==}
 
   '@dxup/unimport@0.1.2':
     resolution: {integrity: sha512-/B8YJGPzaYq1NbsQmwgP8EZqg40NpTw4ZB3suuI0TplbxKHeK94jeaawLmVhCv+YwUnOpiWEz9U6SeThku/8JQ==}
@@ -2607,6 +2607,10 @@ packages:
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0
 
+  '@nuxt/kit@3.20.2':
+    resolution: {integrity: sha512-laqfmMcWWNV1FsVmm1+RQUoGY8NIJvCRl0z0K8ikqPukoEry0LXMqlQ+xaf8xJRvoH2/78OhZmsEEsUBTXipcw==}
+    engines: {node: '>=18.12.0'}
+
   '@nuxt/kit@3.21.0':
     resolution: {integrity: sha512-KMTLK/dsGaQioZzkYUvgfN9le4grNW54aNcA1jqzgVZLcFVy4jJfrJr5WZio9NT2EMfajdoZ+V28aD7BRr4Zfw==}
     engines: {node: '>=18.12.0'}
@@ -2615,14 +2619,14 @@ packages:
     resolution: {integrity: sha512-cD/0UU9RQmlnTbmyJTDyzN8f6CzpziDLv3tFQCnwl0Aoxt3KmFu4k/XA4Sogxqj7jJ/3cdX1kL+Lnsh34sxcQQ==}
     engines: {node: '>=18.12.0'}
 
-  '@nuxt/nitro-server@3.21.0':
-    resolution: {integrity: sha512-lM+PPyJf6NpWC7EqcttnNgkh1aGFlb2q1YnyHX/C9OSvF2XUXbSkNKhVclZtYSyZ6aUQSek9P1MRKcaEh7bgpw==}
+  '@nuxt/nitro-server@3.20.2':
+    resolution: {integrity: sha512-IX43Fy0/7jjYve1D7hdkR/rfvww6u8aEbsdTVfh7wH14GGKJtsAn3DJlRb3CCKwtbo0dp25e3qLM4hOO5hZTCg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     peerDependencies:
-      nuxt: ^3.21.0
+      nuxt: ^3.20.2
 
-  '@nuxt/schema@3.21.0':
-    resolution: {integrity: sha512-s4cDCQrlG3RbUXowTDlQVR/tsWW2Wd2PQ0Pw/QV5x2Mzp26VH0XyGZ3zYkaDPt23BsjrbF/XA4Bhut5YREfxbg==}
+  '@nuxt/schema@3.20.2':
+    resolution: {integrity: sha512-fp584AiXON7vI6NDDpNTjxiJ485iM/ztJSPX9CqptKUNjULhBy9qlacF9+NiwQqxlEs3zvbxHpo/1qLPNSb4MQ==}
     engines: {node: ^14.18.0 || >=16.10.0}
 
   '@nuxt/telemetry@2.6.6':
@@ -2630,11 +2634,11 @@ packages:
     engines: {node: '>=18.12.0'}
     hasBin: true
 
-  '@nuxt/vite-builder@3.21.0':
-    resolution: {integrity: sha512-XxwadSMlpvtjDstTtUHdXhLAGldZlWNmPhfAGo5PhsrXhidrjHcODXTGnh9iC1mbVu8xML78/m2rhB9MFHSCyw==}
+  '@nuxt/vite-builder@3.20.2':
+    resolution: {integrity: sha512-xsWMn13mxTlwLKyZc67lNwOIS0Ih8L+wQnsLaAt/4jkkypRiQ09+oIljF6n7vVmnqIvuGXFL0e97ZIbyrkEBQw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     peerDependencies:
-      nuxt: 3.21.0
+      nuxt: 3.20.2
       rolldown: ^1.0.0-beta.38
       vue: ^3.3.4
     peerDependenciesMeta:
@@ -2893,389 +2897,293 @@ packages:
   '@oslojs/encoding@1.1.0':
     resolution: {integrity: sha512-70wQhgYmndg4GCPxPPxPGevRKqTIJ2Nh4OkiMWmDAVYsTQ+Ta7Sq+rPevXyXGdzr30/qZBnyOalCszoMxlyldQ==}
 
-  '@oxc-minify/binding-android-arm-eabi@0.110.0':
-    resolution: {integrity: sha512-43fMTO8/5bMlqfOiNSZNKUzIqeLIYuB9Hr1Ohyf58B1wU11S2dPGibTXOGNaWsfgHy99eeZ1bSgeIHy/fEYqbw==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [android]
-
-  '@oxc-minify/binding-android-arm64@0.110.0':
-    resolution: {integrity: sha512-5oQrnn9eK/ccOp80PTrNj0Vq893NPNNRryjGpOIVsYNgWFuoGCfpnKg68oEFcN8bArizYAqw4nvgHljEnar69w==}
+  '@oxc-minify/binding-android-arm64@0.102.0':
+    resolution: {integrity: sha512-pknM+ttJTwRr7ezn1v5K+o2P4RRjLAzKI10bjVDPybwWQ544AZW6jxm7/YDgF2yUbWEV9o7cAQPkIUOmCiW8vg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [android]
 
-  '@oxc-minify/binding-darwin-arm64@0.110.0':
-    resolution: {integrity: sha512-dqBDgTG9tF2z2lrZp9E8wU+Godz1i8gCGSei2eFKS2hRploBOD5dmOLp1j4IMornkPvSQmbwB3uSjPq7fjx4EA==}
+  '@oxc-minify/binding-darwin-arm64@0.102.0':
+    resolution: {integrity: sha512-BDLiH41ZctNND38+GCEL3ZxFn9j7qMZJLrr6SLWMt8xlG4Sl64xTkZ0zeUy4RdVEatKKZdrRIhFZ2e5wPDQT6Q==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [darwin]
 
-  '@oxc-minify/binding-darwin-x64@0.110.0':
-    resolution: {integrity: sha512-U0AqabqaooDOpYmeeOye8wClv8PSScELXgOfYqyqgrwH9J9KrpCE1jL8Rlqgz68QbL4mPw3V6sKiiHssI4CLeQ==}
+  '@oxc-minify/binding-darwin-x64@0.102.0':
+    resolution: {integrity: sha512-AcB8ZZ711w4hTDhMfMHNjT2d+hekTQ2XmNSUBqJdXB+a2bJbE50UCRq/nxXl44zkjaQTit3lcQbFvhk2wwKcpw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [darwin]
 
-  '@oxc-minify/binding-freebsd-x64@0.110.0':
-    resolution: {integrity: sha512-H0w8o/Wo1072WSdLfhwwrpFpwZnPpjQODlHuRYkTfsSSSJbTxQtjJd4uxk7YJsRv5RQp69y0I7zvdH6f8Xueyw==}
+  '@oxc-minify/binding-freebsd-x64@0.102.0':
+    resolution: {integrity: sha512-UlLEN9mR5QaviYVMWZQsN9DgAH3qyV67XUXDEzSrbVMLsqHsVHhFU8ZIeO0fxWTQW/cgpvldvKp9/+RdrggqWw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [freebsd]
 
-  '@oxc-minify/binding-linux-arm-gnueabihf@0.110.0':
-    resolution: {integrity: sha512-qd6sW0AvEVYZhbVVMGtmKZw3b1zDYGIW+54Uh42moWRAj6i4Jhk/LGr6r9YNZpOINeuvZfkFuEeDD/jbu7xPUA==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [linux]
-
-  '@oxc-minify/binding-linux-arm-musleabihf@0.110.0':
-    resolution: {integrity: sha512-7WXP0aXMrWSn0ScppUBi3jf68ebfBG0eri8kxLmBOVSBj6jw1repzkHMITJMBeLr5d0tT/51qFEptiAk2EP2iA==}
+  '@oxc-minify/binding-linux-arm-gnueabihf@0.102.0':
+    resolution: {integrity: sha512-CWyCwedZrUt47n56/RwHSwKXxVI3p98hB0ntLaBNeH5qjjBujs9uOh4bQ0aAlzUWunT77b3/Y+xcQnmV42HN4A==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm]
     os: [linux]
 
-  '@oxc-minify/binding-linux-arm64-gnu@0.110.0':
-    resolution: {integrity: sha512-LYfADrq5x1W5gs+u9OIbMbDQNYkAECTXX0ufnAuf3oGmO51rF98kGFR5qJqC/6/csokDyT3wwTpxhE0TkcF/Og==}
+  '@oxc-minify/binding-linux-arm64-gnu@0.102.0':
+    resolution: {integrity: sha512-W/DCw+Ys8rXj4j38ylJ2l6Kvp6SV+eO5SUWA11imz7yCWntNL001KJyGQ9PJNUFHg0jbxe3yqm4M50v6miWzeA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-minify/binding-linux-arm64-musl@0.110.0':
-    resolution: {integrity: sha512-53GjCVY8kvymk9P6qNDh6zyblcehF5QHstq9QgCjv13ONGRnSHjeds0PxIwiihD7h295bxsWs84DN39syLPH4Q==}
+  '@oxc-minify/binding-linux-arm64-musl@0.102.0':
+    resolution: {integrity: sha512-DyH/t/zSZHuX4Nn239oBteeMC4OP7B13EyXWX18Qg8aJoZ+lZo90WPGOvhP04zII33jJ7di+vrtAUhsX64lp+A==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-minify/binding-linux-ppc64-gnu@0.110.0':
-    resolution: {integrity: sha512-li8XcN81dxbJDMBESnTgGhoiAQ+CNIdM0QGscZ4duVPjCry1RpX+5FJySFbGqG3pk4s9ZzlL/vtQtbRzZIZOzg==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ppc64]
-    os: [linux]
-    libc: [glibc]
-
-  '@oxc-minify/binding-linux-riscv64-gnu@0.110.0':
-    resolution: {integrity: sha512-SweKfsnLKShu6UFV8mwuj1d1wmlNoL/FlAxPUzwjEBgwiT2HQkY24KnjBH+TIA+//1O83kzmWKvvs4OuEhdIEQ==}
+  '@oxc-minify/binding-linux-riscv64-gnu@0.102.0':
+    resolution: {integrity: sha512-CMvzrmOg+Gs44E7TRK/IgrHYp+wwVJxVV8niUrDR2b3SsrCO3NQz5LI+7bM1qDbWnuu5Cl1aiitoMfjRY61dSg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-minify/binding-linux-riscv64-musl@0.110.0':
-    resolution: {integrity: sha512-oH8G4aFMP8XyTsEpdANC5PQyHgSeGlopHZuW1rpyYcaErg5YaK0vXjQ4EM5HVvPm+feBV24JjxgakTnZoF3aOQ==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [riscv64]
-    os: [linux]
-    libc: [musl]
-
-  '@oxc-minify/binding-linux-s390x-gnu@0.110.0':
-    resolution: {integrity: sha512-W9na+Vza7XVUlpf8wMt4QBfH35KeTENEmnpPUq3NSlbQHz8lSlSvhAafvo43NcKvHAXV3ckD/mUf2VkqSdbklg==}
+  '@oxc-minify/binding-linux-s390x-gnu@0.102.0':
+    resolution: {integrity: sha512-tZWr6j2s0ddm9MTfWTI3myaAArg9GDy4UgvpF00kMQAjLcGUNhEEQbB9Bd9KtCvDQzaan8HQs0GVWUp+DWrymw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-minify/binding-linux-x64-gnu@0.110.0':
-    resolution: {integrity: sha512-XJdA4mmmXOjJxSRgNJXsDP7Xe8h3gQhmb56hUcCrvq5d+h5UcEi2pR8rxsdIrS8QmkLuBA3eHkGK8E27D7DTgQ==}
+  '@oxc-minify/binding-linux-x64-gnu@0.102.0':
+    resolution: {integrity: sha512-0YEKmAIun1bS+Iy5Shx6WOTSj3GuilVuctJjc5/vP8/EMTZ/RI8j0eq0Mu3UFPoT/bMULL3MBXuHuEIXmq7Ddg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-minify/binding-linux-x64-musl@0.110.0':
-    resolution: {integrity: sha512-QqzvALuOTtSckI8x467R4GNArzYDb/yEh6aNzLoeaY1O7vfT7SPDwlOEcchaTznutpeS9Dy8gUS/AfqtUHaufw==}
+  '@oxc-minify/binding-linux-x64-musl@0.102.0':
+    resolution: {integrity: sha512-Ew4QDpEsXoV+pG5+bJpheEy3GH436GBe6ASPB0X27Hh9cQ2gb1NVZ7cY7xJj68+fizwS/PtT8GHoG3uxyH17Pg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-minify/binding-openharmony-arm64@0.110.0':
-    resolution: {integrity: sha512-gAMssLs2Q3+uhLZxanh1DF+27Kaug3cf4PXb9AB7XK81DR+LVcKySXaoGYoOs20Co0fFSphd6rRzKge2qDK3dA==}
+  '@oxc-minify/binding-openharmony-arm64@0.102.0':
+    resolution: {integrity: sha512-wYPXS8IOu/sXiP3CGHJNPzZo4hfPAwJKevcFH2syvU2zyqUxym7hx6smfcK/mgJBiX7VchwArdGRwrEQKcBSaQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [openharmony]
 
-  '@oxc-minify/binding-wasm32-wasi@0.110.0':
-    resolution: {integrity: sha512-7Wqi5Zjl022bs2zXq+ICdalDPeDuCH/Nhbi8q2isLihAonMVIT0YH2hqqnNEylRNGYck+FJ6gRZwMpGCgrNxPg==}
+  '@oxc-minify/binding-wasm32-wasi@0.102.0':
+    resolution: {integrity: sha512-52SepCb9e+8cVisGa9S/F14K8PxW0AnbV1j4KEYi8uwfkUIxeDNKRHVHzPoBXNrr0yxW0EHLn/3i8J7a2YCpWw==}
     engines: {node: '>=14.0.0'}
     cpu: [wasm32]
 
-  '@oxc-minify/binding-win32-arm64-msvc@0.110.0':
-    resolution: {integrity: sha512-ZPx+0Tj4dqn41ecyoGotlvekQKy6JxJCixn9Rw7h/dafZ3eDuBcEVh3c2ZoldXXsyMIt5ywI8IWzFZsjNedd5Q==}
+  '@oxc-minify/binding-win32-arm64-msvc@0.102.0':
+    resolution: {integrity: sha512-kLs6H1y6sDBKcIimkNwu5th28SLkyvFpHNxdLtCChda0KIGeIXNSiupy5BqEutY+VlWJivKT1OV3Ev3KC5Euzg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [win32]
 
-  '@oxc-minify/binding-win32-ia32-msvc@0.110.0':
-    resolution: {integrity: sha512-H0Oyd3RWBfpEyvJIrFK94RYiY7KKSQl11Ym7LMDwLEagelIAfRCkt1amHZhFa/S3ZRoaOJFXzEw4YKeSsjVFsg==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ia32]
-    os: [win32]
-
-  '@oxc-minify/binding-win32-x64-msvc@0.110.0':
-    resolution: {integrity: sha512-Hr3nK90+qXKJ2kepXwFIcNfQQIOBecB4FFCyaMMypthoEEhVP08heRynj4eSXZ8NL9hLjs3fQzH8PJXfpznRnQ==}
+  '@oxc-minify/binding-win32-x64-msvc@0.102.0':
+    resolution: {integrity: sha512-XdyJZdSMN8rbBXH10CrFuU+Q9jIP2+MnxHmNzjK4+bldbTI1UxqwjUMS9bKVC5VCaIEZhh8IE8x4Vf8gmCgrKQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [win32]
 
-  '@oxc-parser/binding-android-arm-eabi@0.110.0':
-    resolution: {integrity: sha512-g6+kHTI/BRDJszaZkSgyu0pGuMIVYJ7/v0I4C9BkTeGn1LxF9GWI6jE22dBEELXMWbG7FTyNlD9RCuWlStAx6w==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [android]
-
-  '@oxc-parser/binding-android-arm64@0.110.0':
-    resolution: {integrity: sha512-tbr+uWFVUN6p9LYlR0cPyFA24HWlnRYU+oldWlEGis/tdMtya3BubQcKdylhFhhDLaW6ChCJfxogQranElGVsw==}
+  '@oxc-parser/binding-android-arm64@0.102.0':
+    resolution: {integrity: sha512-pD2if3w3cxPvYbsBSTbhxAYGDaG6WVwnqYG0mYRQ142D6SJ6BpNs7YVQrqpRA2AJQCmzaPP5TRp/koFLebagfQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [android]
 
-  '@oxc-parser/binding-darwin-arm64@0.110.0':
-    resolution: {integrity: sha512-jPBsXPc8hwmsUQyLMg7a5Ll/j/8rWCDFoB8WzLP6C0qQKX0zWQxbfSdLFg9GGNPuRo8J8ma9WfBQN5RmbFxNJA==}
+  '@oxc-parser/binding-darwin-arm64@0.102.0':
+    resolution: {integrity: sha512-RzMN6f6MrjjpQC2Dandyod3iOscofYBpHaTecmoRRbC5sJMwsurkqUMHzoJX9F6IM87kn8m/JcClnoOfx5Sesw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [darwin]
 
-  '@oxc-parser/binding-darwin-x64@0.110.0':
-    resolution: {integrity: sha512-jt5G1eZj4sdMGc7Q0c6kfPRmqY1Mn3yzo6xuRr8EXozkh93O8KGFflABY7t56WIrmP+cloaCQkLcjlm6vdhzcQ==}
+  '@oxc-parser/binding-darwin-x64@0.102.0':
+    resolution: {integrity: sha512-Sr2/3K6GEcejY+HgWp5HaxRPzW5XHe9IfGKVn9OhLt8fzVLnXbK5/GjXj7JjMCNKI3G3ZPZDG2Dgm6CX3MaHCA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [darwin]
 
-  '@oxc-parser/binding-freebsd-x64@0.110.0':
-    resolution: {integrity: sha512-VJ7Hwf4dg7uf8b/DrLEhE6lgnNTfBZbTqXQBG3n0oCBoreE1c5aWf1la+o7fJjjTpACRts/vAZ2ngFNNqEFpJw==}
+  '@oxc-parser/binding-freebsd-x64@0.102.0':
+    resolution: {integrity: sha512-s9F2N0KJCGEpuBW6ChpFfR06m2Id9ReaHSl8DCca4HvFNt8SJFPp8fq42n2PZy68rtkremQasM0JDrK2BoBeBQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [freebsd]
 
-  '@oxc-parser/binding-linux-arm-gnueabihf@0.110.0':
-    resolution: {integrity: sha512-w3OZ0pLKktM7k4qEbVj3dHnCvSMFnWugYxHfhpwncYUOxwDNL3mw++EOIrw997QYiEuJ+H6Od8K6mbj1p6Ae8w==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [linux]
-
-  '@oxc-parser/binding-linux-arm-musleabihf@0.110.0':
-    resolution: {integrity: sha512-BIaoW4W6QKb8Q6p3DErDtsAuDRAnr0W+gtwo7fQQkbAJpoPII0ZJXZn+tcQGCyNGKWSsilRNWHyd/XZfXXXpzw==}
+  '@oxc-parser/binding-linux-arm-gnueabihf@0.102.0':
+    resolution: {integrity: sha512-zRCIOWzLbqhfY4g8KIZDyYfO2Fl5ltxdQI1v2GlePj66vFWRl8cf4qcBGzxKfsH3wCZHAhmWd1Ht59mnrfH/UQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm]
     os: [linux]
 
-  '@oxc-parser/binding-linux-arm64-gnu@0.110.0':
-    resolution: {integrity: sha512-3EQDJze28t0HdxXjMKBU6utNscXJePg2YV0Kd/ZnHx24VcIyfkNH6NKzBh0NeaWHovDTkpzYHPtF2tOevtbbfw==}
+  '@oxc-parser/binding-linux-arm64-gnu@0.102.0':
+    resolution: {integrity: sha512-5n5RbHgfjulRhKB0pW5p0X/NkQeOpI4uI9WHgIZbORUDATGFC8yeyPA6xYGEs+S3MyEAFxl4v544UEIWwqAgsA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-parser/binding-linux-arm64-musl@0.110.0':
-    resolution: {integrity: sha512-5xwm1hPrGGvjCVtTWNGJ39MmQGnyipoIDShneGBgSrnDh0XX+COAO7AZKajgNipqgNq5rGEItpzFkMtSDyx0bQ==}
+  '@oxc-parser/binding-linux-arm64-musl@0.102.0':
+    resolution: {integrity: sha512-/XWcmglH/VJ4yKAGTLRgPKSSikh3xciNxkwGiURt8dS30b+3pwc4ZZmudMu0tQ3mjSu0o7V9APZLMpbHK8Bp5w==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-parser/binding-linux-ppc64-gnu@0.110.0':
-    resolution: {integrity: sha512-I8Xop7z+enuvW1xe0AcRQ9XqFNkUYgeXusyGjCyW6TstRb62P90h+nL1AoGaUMy0E0518DJam5vRYVRgXaAzYg==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ppc64]
-    os: [linux]
-    libc: [glibc]
-
-  '@oxc-parser/binding-linux-riscv64-gnu@0.110.0':
-    resolution: {integrity: sha512-XPM0jpght/AuHnweNaIo0twpId6rWFs8NrTkMijxcsRQMzNBeSQQgYm9ErrutmKQS6gb8XNAEIkYXHgPmhdDPg==}
+  '@oxc-parser/binding-linux-riscv64-gnu@0.102.0':
+    resolution: {integrity: sha512-2jtIq4nswvy6xdqv1ndWyvVlaRpS0yqomLCvvHdCFx3pFXo5Aoq4RZ39kgvFWrbAtpeYSYeAGFnwgnqjx9ftdw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-parser/binding-linux-riscv64-musl@0.110.0':
-    resolution: {integrity: sha512-ylJIuJyMzAqR191QeCwZLEkyo4Sx817TNILjNhT0W1EDQusGicOYKSsGXM/2DHCNYGcidV+MQ8pUVzNeVmuM6g==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [riscv64]
-    os: [linux]
-    libc: [musl]
-
-  '@oxc-parser/binding-linux-s390x-gnu@0.110.0':
-    resolution: {integrity: sha512-DL6oR0PfYor9tBX9xlAxMUVwfm6+sKTL4H+KiQ6JKP3xkJTwBIdDCgeN2AjMht1D3N40uUwVq3v8/2fqnZRgLQ==}
+  '@oxc-parser/binding-linux-s390x-gnu@0.102.0':
+    resolution: {integrity: sha512-Yp6HX/574mvYryiqj0jNvNTJqo4pdAsNP2LPBTxlDQ1cU3lPd7DUA4MQZadaeLI8+AGB2Pn50mPuPyEwFIxeFg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-parser/binding-linux-x64-gnu@0.110.0':
-    resolution: {integrity: sha512-+e6ws5JLpFehdK+wh6q8icx1iM3Ao+9dtItVWFcRiXxSvGcIlS9viWcMvXKrmcsyVDUf81dnvuMSBigNslxhIQ==}
+  '@oxc-parser/binding-linux-x64-gnu@0.102.0':
+    resolution: {integrity: sha512-R4b0xZpDRhoNB2XZy0kLTSYm0ZmWeKjTii9fcv1Mk3/SIGPrrglwt4U6zEtwK54Dfi4Bve5JnQYduigR/gyDzw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-parser/binding-linux-x64-musl@0.110.0':
-    resolution: {integrity: sha512-6DiYhVdXKOzB01+j/tyrB6/d2o6b4XYFQvcbBRNbVHIimS6nl992y3V3mGG3NaA+uCZAzhT3M3btTdKAxE4A3A==}
+  '@oxc-parser/binding-linux-x64-musl@0.102.0':
+    resolution: {integrity: sha512-xM5A+03Ti3jvWYZoqaBRS3lusvnvIQjA46Fc9aBE/MHgvKgHSkrGEluLWg/33QEwBwxupkH25Pxc1yu97oZCtg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-parser/binding-openharmony-arm64@0.110.0':
-    resolution: {integrity: sha512-U9KEK7tXdHrXl2eZpoHYGWj31ZSvdGiaXwjkJzeRN0elt89PXi+VcryRh6BAFbEz1EQpTteyMDwDXMgJVWM85A==}
+  '@oxc-parser/binding-openharmony-arm64@0.102.0':
+    resolution: {integrity: sha512-AieLlsliblyaTFq7Iw9Nc618tgwV02JT4fQ6VIUd/3ZzbluHIHfPjIXa6Sds+04krw5TvCS8lsegtDYAyzcyhg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [openharmony]
 
-  '@oxc-parser/binding-wasm32-wasi@0.110.0':
-    resolution: {integrity: sha512-cK2j/GbXGxP7k4qDM0OGjkbPrIOj8n9+U/27joH/M19z+jrQ5u1lvlvbAK/Aw2LnqE0waADnnuAc0MFab+Ea8w==}
+  '@oxc-parser/binding-wasm32-wasi@0.102.0':
+    resolution: {integrity: sha512-w6HRyArs1PBb9rDsQSHlooe31buUlUI2iY8sBzp62jZ1tmvaJo9EIVTQlRNDkwJmk9DF9uEyIJ82EkZcCZTs9A==}
     engines: {node: '>=14.0.0'}
     cpu: [wasm32]
 
-  '@oxc-parser/binding-win32-arm64-msvc@0.110.0':
-    resolution: {integrity: sha512-ZW393ysGT5oZeGJRyw2JAz4tIfyTjVCSxuZoh8e+7J7e0QPDH/SAmyxJXb/aMxarIVa3OcYZ5p/Q6eooHZ0i1Q==}
+  '@oxc-parser/binding-win32-arm64-msvc@0.102.0':
+    resolution: {integrity: sha512-pqP5UuLiiFONQxqGiUFMdsfybaK1EOK4AXiPlvOvacLaatSEPObZGpyCkAcj9aZcvvNwYdeY9cxGM9IT3togaA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [win32]
 
-  '@oxc-parser/binding-win32-ia32-msvc@0.110.0':
-    resolution: {integrity: sha512-NM50LT1PEnlMlw+z/TFVkWaDOF/s5DRHbU3XhEESNhDDT9qYA8N9B1V/FYxVr1ngu28JGK2HtkjpWKlKoF4E2Q==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ia32]
-    os: [win32]
-
-  '@oxc-parser/binding-win32-x64-msvc@0.110.0':
-    resolution: {integrity: sha512-w1SzoXNaY59tbTz8/YhImByuj7kXP5EfPtv4+PPwPrvLrOWt8BOpK0wN8ysXqyWCdHv9vS1UBRrNd/aSp4Dy8A==}
+  '@oxc-parser/binding-win32-x64-msvc@0.102.0':
+    resolution: {integrity: sha512-ntMcL35wuLR1A145rLSmm7m7j8JBZGkROoB9Du0KFIFcfi/w1qk75BdCeiTl3HAKrreAnuhW3QOGs6mJhntowA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [win32]
 
-  '@oxc-project/types@0.110.0':
-    resolution: {integrity: sha512-6Ct21OIlrEnFEJk5LT4e63pk3btsI6/TusD/GStLi7wYlGJNOl1GI9qvXAnRAxQU9zqA2Oz+UwhfTOU2rPZVow==}
+  '@oxc-project/types@0.102.0':
+    resolution: {integrity: sha512-8Skrw405g+/UJPKWJ1twIk3BIH2nXdiVlVNtYT23AXVwpsd79es4K+KYt06Fbnkc5BaTvk/COT2JuCLYdwnCdA==}
 
   '@oxc-project/types@0.122.0':
     resolution: {integrity: sha512-oLAl5kBpV4w69UtFZ9xqcmTi+GENWOcPF7FCrczTiBbmC0ibXxCwyvZGbO39rCVEuLGAZM84DH0pUIyyv/YJzA==}
 
-  '@oxc-transform/binding-android-arm-eabi@0.110.0':
-    resolution: {integrity: sha512-sE9dxvqqAax1YYJ3t7j+h5ZSI9jl6dYuDfngl6ieZUrIy5P89/8JKVgAzgp8o3wQSo7ndpJvYsi1K4ZqrmbP7w==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [android]
-
-  '@oxc-transform/binding-android-arm64@0.110.0':
-    resolution: {integrity: sha512-nqtbP4aMCtsCZ6qpHlHaQoWVHSBtlKzwaAgwEOvR+9DWqHjk31BHvpGiDXlMeed6CVNpl3lCbWgygb3RcSjcfw==}
+  '@oxc-transform/binding-android-arm64@0.102.0':
+    resolution: {integrity: sha512-JLBT7EiExsGmB6LuBBnm6qTfg0rLSxBU+F7xjqy6UXYpL7zhqelGJL7IAq6Pu5UYFT55zVlXXmgzLOXQfpQjXA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [android]
 
-  '@oxc-transform/binding-darwin-arm64@0.110.0':
-    resolution: {integrity: sha512-oeSeHnL4Z4cMXtc8V0/rwoVn0dgwlS9q0j6LcHn9dIhtFEdp3W0iSBF8YmMQA+E7sILeLDjsHmHE4Kp0sOScXw==}
+  '@oxc-transform/binding-darwin-arm64@0.102.0':
+    resolution: {integrity: sha512-xmsBCk/NwE0khy8h6wLEexiS5abCp1ZqJUNHsAovJdGgIW21oGwhiC3VYg1vNLbq+zEXwOHuphVuNEYfBwyNTw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [darwin]
 
-  '@oxc-transform/binding-darwin-x64@0.110.0':
-    resolution: {integrity: sha512-nL9K5x7OuZydobAGPylsEW9d4APs2qEkIBLMgQPA+kY8dtVD3IR87QsTbs4l4DBQYyun/+ay6qVCDlxqxdX2Jg==}
+  '@oxc-transform/binding-darwin-x64@0.102.0':
+    resolution: {integrity: sha512-EhBsiq8hSd5BRjlWACB9MxTUiZT2He1s1b3tRP8k3lB8ZTt6sXnDXIWhxRmmM0h//xe6IJ2HuMlbvjXPo/tATg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [darwin]
 
-  '@oxc-transform/binding-freebsd-x64@0.110.0':
-    resolution: {integrity: sha512-GS29zXXirDQhZEUq8xKJ1azAWMuUy3Ih3W5Bc5ddk12LRthO5wRLFcKIyeHpAXCoXymQ+LmxbMtbPf84GPxouw==}
+  '@oxc-transform/binding-freebsd-x64@0.102.0':
+    resolution: {integrity: sha512-eujvuYf0x7BFgKyFecbXUa2JBEXT4Ss6vmyrrhVdN07jaeJRiobaKAmeNXBkanoWL2KQLELJbSBgs1ykWYTkzg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [freebsd]
 
-  '@oxc-transform/binding-linux-arm-gnueabihf@0.110.0':
-    resolution: {integrity: sha512-glzDHak8ISyZJemCUi7RCvzNSl+MQ1ly9RceT2qRufhUsvNZ4C/2QLJ1HJwd2N6E88bO4laYn+RofdRzNnGGEA==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [arm]
-    os: [linux]
-
-  '@oxc-transform/binding-linux-arm-musleabihf@0.110.0':
-    resolution: {integrity: sha512-8JThvgJ2FRoTVfbp7e4wqeZqCZbtudM06SfZmNzND9kPNu/LVYygIR+72RWs+xm4bWkuYHg/islo/boNPtMT5Q==}
+  '@oxc-transform/binding-linux-arm-gnueabihf@0.102.0':
+    resolution: {integrity: sha512-2x7Ro356PHBVp1SS/dOsHBSnrfs5MlPYwhdKg35t6qixt2bv1kzEH0tDmn4TNEbdjOirmvOXoCTEWUvh8A4f4Q==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm]
     os: [linux]
 
-  '@oxc-transform/binding-linux-arm64-gnu@0.110.0':
-    resolution: {integrity: sha512-IRh21Ub/g4bkHoErZ0AUWMlWfoZaS0A6EaOVtbcY70RSYIMlrsbjiFwJCzM+b/1DD1rXbH5tsGcH7GweTbfRqg==}
+  '@oxc-transform/binding-linux-arm64-gnu@0.102.0':
+    resolution: {integrity: sha512-Rz/RbPvT4QwcHKIQ/cOt6Lwl4c7AhK2b6whZfyL6oJ7Uz8UiVl1BCwk8thedrB5h+FEykmaPHoriW1hmBev60g==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-transform/binding-linux-arm64-musl@0.110.0':
-    resolution: {integrity: sha512-e5JN94/oy+wevk76q+LMr+2klTTcO60uXa+Wkq558Ms7mdF2TvkKFI++d/JeiuIwJLTi/BxQ4qdT5FWcsHM/ug==}
+  '@oxc-transform/binding-linux-arm64-musl@0.102.0':
+    resolution: {integrity: sha512-I08iWABrN7zakn3wuNIBWY3hALQGsDLPQbZT1mXws7tyiQqJNGe49uS0/O50QhX3KXj+mbRGsmjVXLXGJE1CVQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-transform/binding-linux-ppc64-gnu@0.110.0':
-    resolution: {integrity: sha512-Y3/Tnnz1GvDpmv8FXBIKtdZPsdZklOEPdrL6NHrN5i2u54BOkybFaDSptgWF53wOrJlTrcmAVSE6fRKK9XCM2Q==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ppc64]
-    os: [linux]
-    libc: [glibc]
-
-  '@oxc-transform/binding-linux-riscv64-gnu@0.110.0':
-    resolution: {integrity: sha512-Y0E35iA9/v9jlkNcP6tMJ+ZFOS0rLsWDqG6rU9z+X2R3fBFJBO9UARIK6ngx8upxk81y1TFR2CmBFhupfYdH6Q==}
+  '@oxc-transform/binding-linux-riscv64-gnu@0.102.0':
+    resolution: {integrity: sha512-9+SYW1ARAF6Oj/82ayoqKRe8SI7O1qvzs3Y0kijvhIqAaaZWcFRjI5DToyWRAbnzTtHlMcSllZLXNYdmxBjFxA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-transform/binding-linux-riscv64-musl@0.110.0':
-    resolution: {integrity: sha512-JOUSYFfHjBUs7xp2FHmZHb8eTYD/oEu0NklS6JgUauqnoXZHiTLPLVW2o2uVCqldnabYHcomuwI2iqVFYJNhTw==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [riscv64]
-    os: [linux]
-    libc: [musl]
-
-  '@oxc-transform/binding-linux-s390x-gnu@0.110.0':
-    resolution: {integrity: sha512-7blgoXF9D3Ngzb7eun23pNrHJpoV/TtE6LObwlZ3Nmb4oZ6Z+yMvBVaoW68NarbmvNGfZ95zrOjgm6cVETLYBA==}
+  '@oxc-transform/binding-linux-s390x-gnu@0.102.0':
+    resolution: {integrity: sha512-HV9nTyQw0TTKYPu+gBhaJBioomiM9O4LcGXi+s5IylCGG6imP0/U13q/9xJnP267QFmiWWqnnSFcv0QAWCyh8A==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-transform/binding-linux-x64-gnu@0.110.0':
-    resolution: {integrity: sha512-YQ2joGWCVDZVEU2cD/r/w49hVjDm/Qu1BvC/7zs8LvprzdLS/HyMXGF2oA0puw0b+AqgYaz3bhwKB2xexHyITQ==}
+  '@oxc-transform/binding-linux-x64-gnu@0.102.0':
+    resolution: {integrity: sha512-4wcZ08mmdFk8OjsnglyeYGu5PW3TDh87AmcMOi7tZJ3cpJjfzwDfY27KTEUx6G880OpjAiF36OFSPwdKTKgp2g==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [glibc]
 
-  '@oxc-transform/binding-linux-x64-musl@0.110.0':
-    resolution: {integrity: sha512-fkjr5qE632ULmNgvFXWDR/8668WxERz3tU7TQFp6JebPBneColitjSkdx6VKNVXEoMmQnOvBIGeP5tUNT384oA==}
+  '@oxc-transform/binding-linux-x64-musl@0.102.0':
+    resolution: {integrity: sha512-rUHZSZBw0FUnUgOhL/Rs7xJz9KjH2eFur/0df6Lwq/isgJc/ggtBtFoZ+y4Fb8ON87a3Y2gS2LT7SEctX0XdPQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
     libc: [musl]
 
-  '@oxc-transform/binding-openharmony-arm64@0.110.0':
-    resolution: {integrity: sha512-HWH9Zj+lMrdSTqFRCZsvDWMz7OnMjbdGsm3xURXWfRZpuaz0bVvyuZNDQXc4FyyhRDsemICaJbU1bgeIpUJDGw==}
+  '@oxc-transform/binding-openharmony-arm64@0.102.0':
+    resolution: {integrity: sha512-98y4tccTQ/pA+r2KA/MEJIZ7J8TNTJ4aCT4rX8kWK4pGOko2YsfY3Ru9DVHlLDwmVj7wP8Z4JNxdBrAXRvK+0g==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [openharmony]
 
-  '@oxc-transform/binding-wasm32-wasi@0.110.0':
-    resolution: {integrity: sha512-ejdxHmYfIcHDPhZUe3WklViLt9mDEJE5BzcW7+R1vc5i/5JFA8D0l7NUSsHBJ7FB8Bu9gF+5iMDm6cXGAgaghw==}
+  '@oxc-transform/binding-wasm32-wasi@0.102.0':
+    resolution: {integrity: sha512-M6myOXxHty3L2TJEB1NlJPtQm0c0LmivAxcGv/+DSDadOoB/UnOUbjM8W2Utlh5IYS9ARSOjqHtBiPYLWJ15XA==}
     engines: {node: '>=14.0.0'}
     cpu: [wasm32]
 
-  '@oxc-transform/binding-win32-arm64-msvc@0.110.0':
-    resolution: {integrity: sha512-9VTwpXCZs7xkV+mKhQ62dVk7KLnLXtEUxNS2T4nLz3iMl1IJbA4h5oltK0JoobtiUAnbkV53QmMVGW8+Nh3bDQ==}
+  '@oxc-transform/binding-win32-arm64-msvc@0.102.0':
+    resolution: {integrity: sha512-jzaA1lLiMXiJs4r7E0BHRxTPiwAkpoCfSNRr8npK/SqL4UQE4cSz3WDTX5wJWRrN2U+xqsDGefeYzH4reI8sgw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [win32]
 
-  '@oxc-transform/binding-win32-ia32-msvc@0.110.0':
-    resolution: {integrity: sha512-5y0fzuNON7/F2hh2P94vANFaRPJ/3DI1hVl5rseCT8VUVqOGIjWaza0YS/D1g6t1WwycW2LWDMi2raOKoWU5GQ==}
-    engines: {node: ^20.19.0 || >=22.12.0}
-    cpu: [ia32]
-    os: [win32]
-
-  '@oxc-transform/binding-win32-x64-msvc@0.110.0':
-    resolution: {integrity: sha512-QROrowwlrApI1fEScMknGWKM6GTM/Z2xwMnDqvSaEmzNazBsDUlE08Jasw610hFEsYAVU2K5sp/YaCa9ORdP4A==}
+  '@oxc-transform/binding-win32-x64-msvc@0.102.0':
+    resolution: {integrity: sha512-eYOm6mch+1cP9qlNkMdorfBFY8aEOxY/isqrreLmEWqF/hyXA0SbLKDigTbvh3JFKny/gXlHoCKckqfua4cwtg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [win32]
@@ -7721,8 +7629,8 @@ packages:
   nth-check@2.1.1:
     resolution: {integrity: sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==}
 
-  nuxt@3.21.0:
-    resolution: {integrity: sha512-K3vX68M0lXbqzvehWb+y6/YqAF+m7MEQQ3mtbcm34ynzB6OpFOJoZV9scBzFd5LehLoYl55CSNpY5vsupyJw7Q==}
+  nuxt@3.20.2:
+    resolution: {integrity: sha512-DoayekzYjYmGj7A5iI7crBiLRTq1K8U1DLgAR/vGADh1IQfOLagn5Klg1Jn1xxIyN8x0iiFDf3dGd2JWyiKBLA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     hasBin: true
     peerDependencies:
@@ -7802,20 +7710,20 @@ packages:
   overlayscrollbars@2.15.1:
     resolution: {integrity: sha512-glX26JwjL+Tkzv0JNOWdW4VozP5dGXO+Wx8+TPrdTEJTSYT/8eJS8yXM+fewjU0nFq/JeCa+X+BqABNjC4YZSA==}
 
-  oxc-minify@0.110.0:
-    resolution: {integrity: sha512-KWGTzPo83QmGrXC4ml83PM9HDwUPtZFfasiclUvTV4i3/0j7xRRqINVkrL77CbQnoWura3CMxkRofjQKVDuhBw==}
+  oxc-minify@0.102.0:
+    resolution: {integrity: sha512-FphAHDyTCNepQbiQTSyWFMbNc9zdUmj1WBsoLwvZhWm7rEe/IeIKYKRhy75lWOjwFsi5/i4Qucq43hgs3n2Exw==}
     engines: {node: ^20.19.0 || >=22.12.0}
 
-  oxc-parser@0.110.0:
-    resolution: {integrity: sha512-GijUR3K1Ln/QwMyYXRsBtOyzqGaCs9ce5pOug1UtrMg8dSiE7VuuRuIcyYD4nyJbasat3K0YljiKt/PSFPdSBA==}
+  oxc-parser@0.102.0:
+    resolution: {integrity: sha512-xMiyHgr2FZsphQ12ZCsXRvSYzmKXCm1ejmyG4GDZIiKOmhyt5iKtWq0klOfFsEQ6jcgbwrUdwcCVYzr1F+h5og==}
     engines: {node: ^20.19.0 || >=22.12.0}
 
-  oxc-transform@0.110.0:
-    resolution: {integrity: sha512-/fymQNzzUoKZweH0nC5yvbI2eR0yWYusT9TEKDYVgOgYrf9Qmdez9lUFyvxKR9ycx+PTHi/reIOzqf3wkShQsw==}
+  oxc-transform@0.102.0:
+    resolution: {integrity: sha512-MR5ohiBS6/kvxRpmUZ3LIDTTJBEC4xLAEZXfYr7vrA0eP7WHewQaNQPFDgT4Bee89TdmVQ5ZKrifGwxLjSyHHw==}
     engines: {node: ^20.19.0 || >=22.12.0}
 
-  oxc-walker@0.7.0:
-    resolution: {integrity: sha512-54B4KUhrzbzc4sKvKwVYm7E2PgeROpGba0/2nlNZMqfDyca+yOor5IMb4WLGBatGDT0nkzYdYuzylg7n3YfB7A==}
+  oxc-walker@0.6.0:
+    resolution: {integrity: sha512-BA3hlxq5+Sgzp7TCQF52XDXCK5mwoIZuIuxv/+JuuTzOs2RXkLqWZgZ69d8pJDDjnL7wiREZTWHBzFp/UWH88Q==}
     peerDependencies:
       oxc-parser: '>=0.98.0'
 
@@ -8718,9 +8626,6 @@ packages:
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
     hasBin: true
 
-  rou3@0.7.12:
-    resolution: {integrity: sha512-iFE4hLDuloSWcD7mjdCDhx2bKcIsYbtOTpfH5MHHLSKMOUyjqQXTeZVa289uuwEGEKFoE/BAPbhaU4B774nceg==}
-
   rss@1.2.2:
     resolution: {integrity: sha512-xUhRTgslHeCBeHAqaWSbOYTydN2f0tAzNXvzh3stjz7QDhQMzdgHf3pfgNIngeytQflrFPfy6axHilTETr6gDg==}
 
@@ -9893,8 +9798,8 @@ packages:
   vue-component-type-helpers@3.2.4:
     resolution: {integrity: sha512-05lR16HeZDcDpB23ku5b5f1fBOoHqFnMiKRr2CiEvbG5Ux4Yi0McmQBOET0dR0nxDXosxyVqv67q6CzS3AK8rw==}
 
-  vue-component-type-helpers@3.3.1:
-    resolution: {integrity: sha512-pu58kqxmVyEH6VfNYW1UyEfR3XAnJ27ZXT3yzXxxpjLxVzAbyC35Zk/nm/RMs7ijWnJNSd9fWkeex2OhUsx3MA==}
+  vue-component-type-helpers@3.3.2:
+    resolution: {integrity: sha512-l4Z2Y34m7nFMlx8vrslJaVtXxUpzgDMSESC7TakG/c5kwjYT/do+E0NcT2/vWDzaoIhsShg/2OKwX7Q4nbzC0g==}
 
   vue-confetti-explosion@1.0.2:
     resolution: {integrity: sha512-80OboM3/6BItIoZ6DpNcZFqGpF607kjIVc5af56oKgtFmt5yWehvJeoYhkzYlqxrqdBe0Ko4Ie3bWrmLau+dJw==}
@@ -10732,11 +10637,11 @@ snapshots:
 
   '@ctrl/tinycolor@4.2.0': {}
 
-  '@dxup/nuxt@0.3.2(magicast@0.5.1)':
+  '@dxup/nuxt@0.2.2(magicast@0.5.1)':
     dependencies:
       '@dxup/unimport': 0.1.2
       '@nuxt/kit': 4.3.0(magicast@0.5.1)
-      chokidar: 5.0.0
+      chokidar: 4.0.3
       pathe: 2.0.3
       tinyglobby: 0.2.15
     transitivePeerDependencies:
@@ -11184,6 +11089,12 @@ snapshots:
 
   '@eslint-community/regexpp@4.12.2': {}
 
+  '@eslint/compat@1.4.1(eslint@9.39.2(jiti@1.21.7))':
+    dependencies:
+      '@eslint/core': 0.17.0
+    optionalDependencies:
+      eslint: 9.39.2(jiti@1.21.7)
+
   '@eslint/compat@1.4.1(eslint@9.39.2(jiti@2.6.1))':
     dependencies:
       '@eslint/core': 0.17.0
@@ -11236,8 +11147,8 @@ snapshots:
       hast-util-to-html: 9.0.5
       hast-util-to-text: 4.0.2
       hastscript: 9.0.1
-      postcss: 8.5.6
-      postcss-nested: 6.2.0(postcss@8.5.6)
+      postcss: 8.5.8
+      postcss-nested: 6.2.0(postcss@8.5.8)
       unist-util-visit: 5.1.0
       unist-util-visit-parents: 6.0.2
 
@@ -11650,7 +11561,7 @@ snapshots:
       https-proxy-agent: 7.0.6
       node-fetch: 2.7.0
       nopt: 8.1.0
-      semver: 7.7.3
+      semver: 7.7.4
       tar: 7.5.7
     transitivePeerDependencies:
       - encoding
@@ -11737,7 +11648,7 @@ snapshots:
       perfect-debounce: 2.1.0
       pkg-types: 2.3.0
       scule: 1.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       srvx: 0.10.1
       std-env: 3.10.0
       tinyexec: 1.0.2
@@ -11768,7 +11679,7 @@ snapshots:
       pathe: 2.0.3
       pkg-types: 2.3.0
       prompts: 2.4.2
-      semver: 7.7.3
+      semver: 7.7.4
 
   '@nuxt/devtools@3.1.1(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))':
     dependencies:
@@ -11795,7 +11706,7 @@ snapshots:
       pathe: 2.0.3
       perfect-debounce: 2.1.0
       pkg-types: 2.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       simple-git: 3.30.0
       sirv: 3.0.2
       structured-clone-es: 1.0.0
@@ -11811,6 +11722,31 @@ snapshots:
       - utf-8-validate
       - vue
 
+  '@nuxt/eslint-config@0.5.7(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@eslint/js': 9.39.2
+      '@nuxt/eslint-plugin': 0.5.7(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@stylistic/eslint-plugin': 2.13.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@typescript-eslint/eslint-plugin': 8.54.0(@typescript-eslint/parser@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@typescript-eslint/parser': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      eslint: 9.39.2(jiti@1.21.7)
+      eslint-config-flat-gitignore: 0.3.0(eslint@9.39.2(jiti@1.21.7))
+      eslint-flat-config-utils: 0.4.0
+      eslint-plugin-import-x: 4.16.1(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7))
+      eslint-plugin-jsdoc: 50.8.0(eslint@9.39.2(jiti@1.21.7))
+      eslint-plugin-regexp: 2.10.0(eslint@9.39.2(jiti@1.21.7))
+      eslint-plugin-unicorn: 55.0.0(eslint@9.39.2(jiti@1.21.7))
+      eslint-plugin-vue: 9.33.0(eslint@9.39.2(jiti@1.21.7))
+      globals: 15.15.0
+      local-pkg: 0.5.1
+      pathe: 1.1.2
+      vue-eslint-parser: 9.4.3(eslint@9.39.2(jiti@1.21.7))
+    transitivePeerDependencies:
+      - '@typescript-eslint/utils'
+      - eslint-import-resolver-node
+      - supports-color
+      - typescript
+
   '@nuxt/eslint-config@0.5.7(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@eslint/js': 9.39.2
@@ -11836,6 +11772,15 @@ snapshots:
       - supports-color
       - typescript
 
+  '@nuxt/eslint-plugin@0.5.7(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/types': 8.54.0
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      eslint: 9.39.2(jiti@1.21.7)
+    transitivePeerDependencies:
+      - supports-color
+      - typescript
+
   '@nuxt/eslint-plugin@0.5.7(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@typescript-eslint/types': 8.54.0
@@ -11845,6 +11790,32 @@ snapshots:
       - supports-color
       - typescript
 
+  '@nuxt/kit@3.20.2(magicast@0.5.1)':
+    dependencies:
+      c12: 3.3.3(magicast@0.5.1)
+      consola: 3.4.2
+      defu: 6.1.4
+      destr: 2.0.5
+      errx: 0.1.0
+      exsolve: 1.0.8
+      ignore: 7.0.5
+      jiti: 2.6.1
+      klona: 2.0.6
+      knitwork: 1.3.0
+      mlly: 1.8.0
+      ohash: 2.0.11
+      pathe: 2.0.3
+      pkg-types: 2.3.0
+      rc9: 2.1.2
+      scule: 1.3.0
+      semver: 7.7.4
+      tinyglobby: 0.2.15
+      ufo: 1.6.3
+      unctx: 2.5.0
+      untyped: 2.0.0
+    transitivePeerDependencies:
+      - magicast
+
   '@nuxt/kit@3.21.0(magicast@0.5.1)':
     dependencies:
       c12: 3.3.3(magicast@0.5.1)
@@ -11863,7 +11834,7 @@ snapshots:
       pkg-types: 2.3.0
       rc9: 2.1.2
       scule: 1.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       tinyglobby: 0.2.15
       ufo: 1.6.3
       unctx: 2.5.0
@@ -11888,7 +11859,7 @@ snapshots:
       pkg-types: 2.3.0
       rc9: 2.1.2
       scule: 1.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       tinyglobby: 0.2.15
       ufo: 1.6.3
       unctx: 2.5.0
@@ -11896,10 +11867,10 @@ snapshots:
     transitivePeerDependencies:
       - magicast
 
-  '@nuxt/nitro-server@3.21.0(db0@0.3.4)(ioredis@5.9.2)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(rolldown@1.0.0-rc.12)(typescript@5.9.3)(xml2js@0.6.2)':
+  '@nuxt/nitro-server@3.20.2(db0@0.3.4)(ioredis@5.9.2)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(rolldown@1.0.0-rc.12)(typescript@5.9.3)(xml2js@0.6.2)':
     dependencies:
       '@nuxt/devalue': 2.0.2
-      '@nuxt/kit': 3.21.0(magicast@0.5.1)
+      '@nuxt/kit': 3.20.2(magicast@0.5.1)
       '@unhead/vue': 2.1.2(vue@3.5.27(typescript@5.9.3))
       '@vue/shared': 3.5.27
       consola: 3.4.2
@@ -11914,11 +11885,10 @@ snapshots:
       klona: 2.0.6
       mocked-exports: 0.1.1
       nitropack: 2.13.1(rolldown@1.0.0-rc.12)(xml2js@0.6.2)
-      nuxt: 3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
-      ohash: 2.0.11
+      nuxt: 3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
       pathe: 2.0.3
       pkg-types: 2.3.0
-      rou3: 0.7.12
+      radix3: 1.1.2
       std-env: 3.10.0
       ufo: 1.6.3
       unctx: 2.5.0
@@ -11961,7 +11931,7 @@ snapshots:
       - uploadthing
       - xml2js
 
-  '@nuxt/schema@3.21.0':
+  '@nuxt/schema@3.20.2':
     dependencies:
       '@vue/shared': 3.5.27
       defu: 6.1.4
@@ -11986,32 +11956,33 @@ snapshots:
     transitivePeerDependencies:
       - magicast
 
-  '@nuxt/vite-builder@3.21.0(@types/node@24.12.2)(eslint@9.39.2(jiti@2.6.1))(lightningcss@1.32.0)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vue-tsc@2.2.12(typescript@5.9.3))(vue@3.5.27(typescript@5.9.3))(yaml@2.8.2)':
+  '@nuxt/vite-builder@3.20.2(@types/node@24.12.2)(eslint@9.39.2(jiti@2.6.1))(lightningcss@1.32.0)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vue-tsc@2.2.12(typescript@5.9.3))(vue@3.5.27(typescript@5.9.3))(yaml@2.8.2)':
     dependencies:
-      '@nuxt/kit': 3.21.0(magicast@0.5.1)
+      '@nuxt/kit': 3.20.2(magicast@0.5.1)
       '@rollup/plugin-replace': 6.0.3(rollup@4.57.1)
       '@vitejs/plugin-vue': 6.0.4(vite@7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))
       '@vitejs/plugin-vue-jsx': 5.1.4(vite@7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))
-      autoprefixer: 10.4.24(postcss@8.5.6)
+      autoprefixer: 10.4.24(postcss@8.5.8)
       consola: 3.4.2
-      cssnano: 7.1.2(postcss@8.5.6)
+      cssnano: 7.1.2(postcss@8.5.8)
       defu: 6.1.4
       esbuild: 0.27.2
       escape-string-regexp: 5.0.0
       exsolve: 1.0.8
       externality: 1.0.2
       get-port-please: 3.2.0
+      h3: 1.15.5
       jiti: 2.6.1
       knitwork: 1.3.0
       magic-string: 0.30.21
       mlly: 1.8.0
       mocked-exports: 0.1.1
-      nuxt: 3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
+      nuxt: 3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
       ohash: 2.0.11
       pathe: 2.0.3
       perfect-debounce: 2.1.0
       pkg-types: 2.3.0
-      postcss: 8.5.6
+      postcss: 8.5.8
       rollup-plugin-visualizer: 6.0.5(rolldown@1.0.0-rc.12)(rollup@4.57.1)
       seroval: 1.5.0
       std-env: 3.10.0
@@ -12364,194 +12335,149 @@ snapshots:
 
   '@oslojs/encoding@1.1.0': {}
 
-  '@oxc-minify/binding-android-arm-eabi@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-android-arm64@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-darwin-arm64@0.110.0':
+  '@oxc-minify/binding-android-arm64@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-darwin-x64@0.110.0':
+  '@oxc-minify/binding-darwin-arm64@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-freebsd-x64@0.110.0':
+  '@oxc-minify/binding-darwin-x64@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-arm-gnueabihf@0.110.0':
+  '@oxc-minify/binding-freebsd-x64@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-arm-musleabihf@0.110.0':
+  '@oxc-minify/binding-linux-arm-gnueabihf@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-arm64-gnu@0.110.0':
+  '@oxc-minify/binding-linux-arm64-gnu@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-arm64-musl@0.110.0':
+  '@oxc-minify/binding-linux-arm64-musl@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-ppc64-gnu@0.110.0':
+  '@oxc-minify/binding-linux-riscv64-gnu@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-riscv64-gnu@0.110.0':
+  '@oxc-minify/binding-linux-s390x-gnu@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-riscv64-musl@0.110.0':
+  '@oxc-minify/binding-linux-x64-gnu@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-s390x-gnu@0.110.0':
+  '@oxc-minify/binding-linux-x64-musl@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-x64-gnu@0.110.0':
+  '@oxc-minify/binding-openharmony-arm64@0.102.0':
     optional: true
 
-  '@oxc-minify/binding-linux-x64-musl@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-openharmony-arm64@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-wasm32-wasi@0.110.0':
+  '@oxc-minify/binding-wasm32-wasi@0.102.0':
     dependencies:
       '@napi-rs/wasm-runtime': 1.1.1
     optional: true
 
-  '@oxc-minify/binding-win32-arm64-msvc@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-win32-ia32-msvc@0.110.0':
-    optional: true
-
-  '@oxc-minify/binding-win32-x64-msvc@0.110.0':
+  '@oxc-minify/binding-win32-arm64-msvc@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-android-arm-eabi@0.110.0':
+  '@oxc-minify/binding-win32-x64-msvc@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-android-arm64@0.110.0':
+  '@oxc-parser/binding-android-arm64@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-darwin-arm64@0.110.0':
+  '@oxc-parser/binding-darwin-arm64@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-darwin-x64@0.110.0':
+  '@oxc-parser/binding-darwin-x64@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-freebsd-x64@0.110.0':
+  '@oxc-parser/binding-freebsd-x64@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-arm-gnueabihf@0.110.0':
+  '@oxc-parser/binding-linux-arm-gnueabihf@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-arm-musleabihf@0.110.0':
+  '@oxc-parser/binding-linux-arm64-gnu@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-arm64-gnu@0.110.0':
+  '@oxc-parser/binding-linux-arm64-musl@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-arm64-musl@0.110.0':
+  '@oxc-parser/binding-linux-riscv64-gnu@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-ppc64-gnu@0.110.0':
+  '@oxc-parser/binding-linux-s390x-gnu@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-riscv64-gnu@0.110.0':
+  '@oxc-parser/binding-linux-x64-gnu@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-riscv64-musl@0.110.0':
+  '@oxc-parser/binding-linux-x64-musl@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-s390x-gnu@0.110.0':
+  '@oxc-parser/binding-openharmony-arm64@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-linux-x64-gnu@0.110.0':
-    optional: true
-
-  '@oxc-parser/binding-linux-x64-musl@0.110.0':
-    optional: true
-
-  '@oxc-parser/binding-openharmony-arm64@0.110.0':
-    optional: true
-
-  '@oxc-parser/binding-wasm32-wasi@0.110.0':
+  '@oxc-parser/binding-wasm32-wasi@0.102.0':
     dependencies:
       '@napi-rs/wasm-runtime': 1.1.1
     optional: true
 
-  '@oxc-parser/binding-win32-arm64-msvc@0.110.0':
-    optional: true
-
-  '@oxc-parser/binding-win32-ia32-msvc@0.110.0':
+  '@oxc-parser/binding-win32-arm64-msvc@0.102.0':
     optional: true
 
-  '@oxc-parser/binding-win32-x64-msvc@0.110.0':
+  '@oxc-parser/binding-win32-x64-msvc@0.102.0':
     optional: true
 
-  '@oxc-project/types@0.110.0': {}
+  '@oxc-project/types@0.102.0': {}
 
   '@oxc-project/types@0.122.0': {}
 
-  '@oxc-transform/binding-android-arm-eabi@0.110.0':
-    optional: true
-
-  '@oxc-transform/binding-android-arm64@0.110.0':
-    optional: true
-
-  '@oxc-transform/binding-darwin-arm64@0.110.0':
-    optional: true
-
-  '@oxc-transform/binding-darwin-x64@0.110.0':
+  '@oxc-transform/binding-android-arm64@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-freebsd-x64@0.110.0':
+  '@oxc-transform/binding-darwin-arm64@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-arm-gnueabihf@0.110.0':
+  '@oxc-transform/binding-darwin-x64@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-arm-musleabihf@0.110.0':
+  '@oxc-transform/binding-freebsd-x64@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-arm64-gnu@0.110.0':
+  '@oxc-transform/binding-linux-arm-gnueabihf@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-arm64-musl@0.110.0':
+  '@oxc-transform/binding-linux-arm64-gnu@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-ppc64-gnu@0.110.0':
+  '@oxc-transform/binding-linux-arm64-musl@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-riscv64-gnu@0.110.0':
+  '@oxc-transform/binding-linux-riscv64-gnu@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-riscv64-musl@0.110.0':
+  '@oxc-transform/binding-linux-s390x-gnu@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-s390x-gnu@0.110.0':
+  '@oxc-transform/binding-linux-x64-gnu@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-x64-gnu@0.110.0':
+  '@oxc-transform/binding-linux-x64-musl@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-linux-x64-musl@0.110.0':
+  '@oxc-transform/binding-openharmony-arm64@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-openharmony-arm64@0.110.0':
-    optional: true
-
-  '@oxc-transform/binding-wasm32-wasi@0.110.0':
+  '@oxc-transform/binding-wasm32-wasi@0.102.0':
     dependencies:
       '@napi-rs/wasm-runtime': 1.1.1
     optional: true
 
-  '@oxc-transform/binding-win32-arm64-msvc@0.110.0':
-    optional: true
-
-  '@oxc-transform/binding-win32-ia32-msvc@0.110.0':
+  '@oxc-transform/binding-win32-arm64-msvc@0.102.0':
     optional: true
 
-  '@oxc-transform/binding-win32-x64-msvc@0.110.0':
+  '@oxc-transform/binding-win32-x64-msvc@0.102.0':
     optional: true
 
   '@pagefind/darwin-arm64@1.4.0':
@@ -12607,7 +12533,7 @@ snapshots:
   '@parcel/watcher-wasm@2.5.6':
     dependencies:
       is-glob: 4.0.3
-      picomatch: 4.0.3
+      picomatch: 4.0.4
 
   '@parcel/watcher-win32-arm64@2.5.6':
     optional: true
@@ -12790,10 +12716,10 @@ snapshots:
       '@rollup/pluginutils': 5.3.0(rollup@4.57.1)
       commondir: 1.0.1
       estree-walker: 2.0.2
-      fdir: 6.5.0(picomatch@4.0.3)
+      fdir: 6.5.0(picomatch@4.0.4)
       is-reference: 1.2.1
       magic-string: 0.30.21
-      picomatch: 4.0.3
+      picomatch: 4.0.4
     optionalDependencies:
       rollup: 4.57.1
 
@@ -13101,7 +13027,7 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@sentry/nuxt@10.38.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0))(@opentelemetry/resources@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(pinia@3.0.4(typescript@5.9.3)(vue@3.5.27(typescript@5.9.3)))(rollup@4.57.1)(vue@3.5.27(typescript@5.9.3))':
+  '@sentry/nuxt@10.38.0(@opentelemetry/api@1.9.0)(@opentelemetry/context-async-hooks@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/core@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0))(@opentelemetry/resources@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@2.5.0(@opentelemetry/api@1.9.0))(@opentelemetry/semantic-conventions@1.39.0)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(pinia@3.0.4(typescript@5.9.3)(vue@3.5.27(typescript@5.9.3)))(rollup@4.57.1)(vue@3.5.27(typescript@5.9.3))':
     dependencies:
       '@nuxt/kit': 3.21.0(magicast@0.5.1)
       '@sentry/browser': 10.38.0
@@ -13112,7 +13038,7 @@ snapshots:
       '@sentry/rollup-plugin': 4.9.0(rollup@4.57.1)
       '@sentry/vite-plugin': 4.9.0
       '@sentry/vue': 10.38.0(pinia@3.0.4(typescript@5.9.3)(vue@3.5.27(typescript@5.9.3)))(vue@3.5.27(typescript@5.9.3))
-      nuxt: 3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
+      nuxt: 3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2)
     transitivePeerDependencies:
       - '@cloudflare/workers-types'
       - '@opentelemetry/api'
@@ -13306,10 +13232,22 @@ snapshots:
       storybook: 10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
       type-fest: 2.19.0
       vue: 3.5.27(typescript@5.9.3)
-      vue-component-type-helpers: 3.3.1
+      vue-component-type-helpers: 3.3.2
 
   '@stripe/stripe-js@7.9.0': {}
 
+  '@stylistic/eslint-plugin@2.13.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      eslint: 9.39.2(jiti@1.21.7)
+      eslint-visitor-keys: 4.2.1
+      espree: 10.4.0
+      estraverse: 5.3.0
+      picomatch: 4.0.4
+    transitivePeerDependencies:
+      - supports-color
+      - typescript
+
   '@stylistic/eslint-plugin@2.13.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
@@ -13722,6 +13660,22 @@ snapshots:
     dependencies:
       '@types/node': 24.12.2
 
+  '@typescript-eslint/eslint-plugin@8.54.0(@typescript-eslint/parser@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@eslint-community/regexpp': 4.12.2
+      '@typescript-eslint/parser': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@typescript-eslint/scope-manager': 8.54.0
+      '@typescript-eslint/type-utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      '@typescript-eslint/visitor-keys': 8.54.0
+      eslint: 9.39.2(jiti@1.21.7)
+      ignore: 7.0.5
+      natural-compare: 1.4.0
+      ts-api-utils: 2.4.0(typescript@5.9.3)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
   '@typescript-eslint/eslint-plugin@8.54.0(@typescript-eslint/parser@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@eslint-community/regexpp': 4.12.2
@@ -13738,6 +13692,18 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@typescript-eslint/parser@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/scope-manager': 8.54.0
+      '@typescript-eslint/types': 8.54.0
+      '@typescript-eslint/typescript-estree': 8.54.0(typescript@5.9.3)
+      '@typescript-eslint/visitor-keys': 8.54.0
+      debug: 4.4.3
+      eslint: 9.39.2(jiti@1.21.7)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
   '@typescript-eslint/parser@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@typescript-eslint/scope-manager': 8.54.0
@@ -13768,6 +13734,18 @@ snapshots:
     dependencies:
       typescript: 5.9.3
 
+  '@typescript-eslint/type-utils@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/types': 8.54.0
+      '@typescript-eslint/typescript-estree': 8.54.0(typescript@5.9.3)
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+      debug: 4.4.3
+      eslint: 9.39.2(jiti@1.21.7)
+      ts-api-utils: 2.4.0(typescript@5.9.3)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
   '@typescript-eslint/type-utils@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)':
     dependencies:
       '@typescript-eslint/types': 8.54.0
@@ -13790,7 +13768,7 @@ snapshots:
       '@typescript-eslint/visitor-keys': 8.54.0
       debug: 4.4.3
       minimatch: 9.0.5
-      semver: 7.7.3
+      semver: 7.7.4
       tinyglobby: 0.2.15
       ts-api-utils: 2.4.0(typescript@5.9.3)
       typescript: 5.9.3
@@ -13903,7 +13881,7 @@ snapshots:
       glob: 13.0.1
       graceful-fs: 4.2.11
       node-gyp-build: 4.8.4
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       resolve-from: 5.0.0
     transitivePeerDependencies:
       - encoding
@@ -13920,7 +13898,7 @@ snapshots:
       '@babel/core': 7.29.0
       '@babel/plugin-syntax-typescript': 7.28.6(@babel/core@7.29.0)
       '@babel/plugin-transform-typescript': 7.28.6(@babel/core@7.29.0)
-      '@rolldown/pluginutils': 1.0.0-rc.2
+      '@rolldown/pluginutils': 1.0.0-rc.12
       '@vue/babel-plugin-jsx': 2.0.1(@babel/core@7.29.0)
       vite: 7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
       vue: 3.5.27(typescript@5.9.3)
@@ -13938,6 +13916,12 @@ snapshots:
       vite: 7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
       vue: 3.5.27(typescript@5.9.3)
 
+  '@vitejs/plugin-vue@6.0.4(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@1.21.7)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))':
+    dependencies:
+      '@rolldown/pluginutils': 1.0.0-rc.2
+      vite: 8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@1.21.7)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
+      vue: 3.5.27(typescript@5.9.3)
+
   '@vitejs/plugin-vue@6.0.4(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))':
     dependencies:
       '@rolldown/pluginutils': 1.0.0-rc.2
@@ -14292,7 +14276,7 @@ snapshots:
       alien-signals: 3.1.2
       muggle-string: 0.4.1
       path-browserify: 1.0.1
-      picomatch: 4.0.3
+      picomatch: 4.0.4
 
   '@vue/reactivity@3.5.27':
     dependencies:
@@ -14667,6 +14651,15 @@ snapshots:
       postcss: 8.5.6
       postcss-value-parser: 4.2.0
 
+  autoprefixer@10.4.24(postcss@8.5.8):
+    dependencies:
+      browserslist: 4.28.1
+      caniuse-lite: 1.0.30001767
+      fraction.js: 5.3.4
+      picocolors: 1.1.1
+      postcss: 8.5.8
+      postcss-value-parser: 4.2.0
+
   axe-core@4.11.1: {}
 
   axios@1.16.1:
@@ -15045,9 +15038,9 @@ snapshots:
     dependencies:
       uncrypto: 0.1.3
 
-  css-declaration-sorter@7.3.1(postcss@8.5.6):
+  css-declaration-sorter@7.3.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
 
   css-select@5.2.2:
     dependencies:
@@ -15082,49 +15075,49 @@ snapshots:
 
   cssfilter@0.0.10: {}
 
-  cssnano-preset-default@7.0.10(postcss@8.5.6):
+  cssnano-preset-default@7.0.10(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
-      css-declaration-sorter: 7.3.1(postcss@8.5.6)
-      cssnano-utils: 5.0.1(postcss@8.5.6)
-      postcss: 8.5.6
-      postcss-calc: 10.1.1(postcss@8.5.6)
-      postcss-colormin: 7.0.5(postcss@8.5.6)
-      postcss-convert-values: 7.0.8(postcss@8.5.6)
-      postcss-discard-comments: 7.0.5(postcss@8.5.6)
-      postcss-discard-duplicates: 7.0.2(postcss@8.5.6)
-      postcss-discard-empty: 7.0.1(postcss@8.5.6)
-      postcss-discard-overridden: 7.0.1(postcss@8.5.6)
-      postcss-merge-longhand: 7.0.5(postcss@8.5.6)
-      postcss-merge-rules: 7.0.7(postcss@8.5.6)
-      postcss-minify-font-values: 7.0.1(postcss@8.5.6)
-      postcss-minify-gradients: 7.0.1(postcss@8.5.6)
-      postcss-minify-params: 7.0.5(postcss@8.5.6)
-      postcss-minify-selectors: 7.0.5(postcss@8.5.6)
-      postcss-normalize-charset: 7.0.1(postcss@8.5.6)
-      postcss-normalize-display-values: 7.0.1(postcss@8.5.6)
-      postcss-normalize-positions: 7.0.1(postcss@8.5.6)
-      postcss-normalize-repeat-style: 7.0.1(postcss@8.5.6)
-      postcss-normalize-string: 7.0.1(postcss@8.5.6)
-      postcss-normalize-timing-functions: 7.0.1(postcss@8.5.6)
-      postcss-normalize-unicode: 7.0.5(postcss@8.5.6)
-      postcss-normalize-url: 7.0.1(postcss@8.5.6)
-      postcss-normalize-whitespace: 7.0.1(postcss@8.5.6)
-      postcss-ordered-values: 7.0.2(postcss@8.5.6)
-      postcss-reduce-initial: 7.0.5(postcss@8.5.6)
-      postcss-reduce-transforms: 7.0.1(postcss@8.5.6)
-      postcss-svgo: 7.1.0(postcss@8.5.6)
-      postcss-unique-selectors: 7.0.4(postcss@8.5.6)
-
-  cssnano-utils@5.0.1(postcss@8.5.6):
+      css-declaration-sorter: 7.3.1(postcss@8.5.8)
+      cssnano-utils: 5.0.1(postcss@8.5.8)
+      postcss: 8.5.8
+      postcss-calc: 10.1.1(postcss@8.5.8)
+      postcss-colormin: 7.0.5(postcss@8.5.8)
+      postcss-convert-values: 7.0.8(postcss@8.5.8)
+      postcss-discard-comments: 7.0.5(postcss@8.5.8)
+      postcss-discard-duplicates: 7.0.2(postcss@8.5.8)
+      postcss-discard-empty: 7.0.1(postcss@8.5.8)
+      postcss-discard-overridden: 7.0.1(postcss@8.5.8)
+      postcss-merge-longhand: 7.0.5(postcss@8.5.8)
+      postcss-merge-rules: 7.0.7(postcss@8.5.8)
+      postcss-minify-font-values: 7.0.1(postcss@8.5.8)
+      postcss-minify-gradients: 7.0.1(postcss@8.5.8)
+      postcss-minify-params: 7.0.5(postcss@8.5.8)
+      postcss-minify-selectors: 7.0.5(postcss@8.5.8)
+      postcss-normalize-charset: 7.0.1(postcss@8.5.8)
+      postcss-normalize-display-values: 7.0.1(postcss@8.5.8)
+      postcss-normalize-positions: 7.0.1(postcss@8.5.8)
+      postcss-normalize-repeat-style: 7.0.1(postcss@8.5.8)
+      postcss-normalize-string: 7.0.1(postcss@8.5.8)
+      postcss-normalize-timing-functions: 7.0.1(postcss@8.5.8)
+      postcss-normalize-unicode: 7.0.5(postcss@8.5.8)
+      postcss-normalize-url: 7.0.1(postcss@8.5.8)
+      postcss-normalize-whitespace: 7.0.1(postcss@8.5.8)
+      postcss-ordered-values: 7.0.2(postcss@8.5.8)
+      postcss-reduce-initial: 7.0.5(postcss@8.5.8)
+      postcss-reduce-transforms: 7.0.1(postcss@8.5.8)
+      postcss-svgo: 7.1.0(postcss@8.5.8)
+      postcss-unique-selectors: 7.0.4(postcss@8.5.8)
+
+  cssnano-utils@5.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
 
-  cssnano@7.1.2(postcss@8.5.6):
+  cssnano@7.1.2(postcss@8.5.8):
     dependencies:
-      cssnano-preset-default: 7.0.10(postcss@8.5.6)
+      cssnano-preset-default: 7.0.10(postcss@8.5.8)
       lilconfig: 3.1.3
-      postcss: 8.5.6
+      postcss: 8.5.8
 
   csso@5.0.5:
     dependencies:
@@ -15261,7 +15254,7 @@ snapshots:
       '@one-ini/wasm': 0.1.1
       commander: 10.0.1
       minimatch: 9.0.1
-      semver: 7.7.3
+      semver: 7.7.4
 
   ee-first@1.1.1: {}
 
@@ -15496,6 +15489,12 @@ snapshots:
 
   escape-string-regexp@5.0.0: {}
 
+  eslint-config-flat-gitignore@0.3.0(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@eslint/compat': 1.4.1(eslint@9.39.2(jiti@1.21.7))
+      eslint: 9.39.2(jiti@1.21.7)
+      find-up-simple: 1.0.1
+
   eslint-config-flat-gitignore@0.3.0(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@eslint/compat': 1.4.1(eslint@9.39.2(jiti@2.6.1))
@@ -15517,6 +15516,23 @@ snapshots:
     optionalDependencies:
       unrs-resolver: 1.11.1
 
+  eslint-plugin-import-x@4.16.1(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3))(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@typescript-eslint/types': 8.54.0
+      comment-parser: 1.4.5
+      debug: 4.4.3
+      eslint: 9.39.2(jiti@1.21.7)
+      eslint-import-context: 0.1.9(unrs-resolver@1.11.1)
+      is-glob: 4.0.3
+      minimatch: 10.1.2
+      semver: 7.7.4
+      stable-hash-x: 0.2.0
+      unrs-resolver: 1.11.1
+    optionalDependencies:
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
+    transitivePeerDependencies:
+      - supports-color
+
   eslint-plugin-import-x@4.16.1(@typescript-eslint/utils@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3))(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@typescript-eslint/types': 8.54.0
@@ -15534,6 +15550,22 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  eslint-plugin-jsdoc@50.8.0(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@es-joy/jsdoccomment': 0.50.2
+      are-docs-informative: 0.0.2
+      comment-parser: 1.4.1
+      debug: 4.4.3
+      escape-string-regexp: 4.0.0
+      eslint: 9.39.2(jiti@1.21.7)
+      espree: 10.4.0
+      esquery: 1.7.0
+      parse-imports-exports: 0.2.4
+      semver: 7.7.4
+      spdx-expression-parse: 4.0.0
+    transitivePeerDependencies:
+      - supports-color
+
   eslint-plugin-jsdoc@50.8.0(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@es-joy/jsdoccomment': 0.50.2
@@ -15559,6 +15591,17 @@ snapshots:
     optionalDependencies:
       eslint-config-prettier: 10.1.8(eslint@9.39.2(jiti@2.6.1))
 
+  eslint-plugin-regexp@2.10.0(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2(jiti@1.21.7))
+      '@eslint-community/regexpp': 4.12.2
+      comment-parser: 1.4.5
+      eslint: 9.39.2(jiti@1.21.7)
+      jsdoc-type-pratt-parser: 4.8.0
+      refa: 0.12.1
+      regexp-ast-analysis: 0.7.1
+      scslre: 0.3.0
+
   eslint-plugin-regexp@2.10.0(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2(jiti@2.6.1))
@@ -15574,21 +15617,47 @@ snapshots:
     dependencies:
       eslint: 9.39.2(jiti@2.6.1)
 
-  eslint-plugin-storybook@10.2.4(eslint@9.39.2(jiti@1.21.7))(storybook@10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(typescript@5.9.3):
+  eslint-plugin-storybook@10.2.4(eslint@9.39.2(jiti@2.6.1))(storybook@10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(typescript@5.9.3):
     dependencies:
-      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@1.21.7))(typescript@5.9.3)
-      eslint: 9.39.2(jiti@1.21.7)
+      '@typescript-eslint/utils': 8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
+      eslint: 9.39.2(jiti@2.6.1)
       storybook: 10.2.4(@testing-library/dom@10.4.1)(prettier@3.8.1)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
     transitivePeerDependencies:
       - supports-color
       - typescript
 
+  eslint-plugin-turbo@2.8.2(eslint@9.39.2(jiti@1.21.7))(turbo@2.8.2):
+    dependencies:
+      dotenv: 16.0.3
+      eslint: 9.39.2(jiti@1.21.7)
+      turbo: 2.8.2
+
   eslint-plugin-turbo@2.8.2(eslint@9.39.2(jiti@2.6.1))(turbo@2.8.2):
     dependencies:
       dotenv: 16.0.3
       eslint: 9.39.2(jiti@2.6.1)
       turbo: 2.8.2
 
+  eslint-plugin-unicorn@55.0.0(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@babel/helper-validator-identifier': 7.28.5
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2(jiti@1.21.7))
+      ci-info: 4.4.0
+      clean-regexp: 1.0.0
+      core-js-compat: 3.48.0
+      eslint: 9.39.2(jiti@1.21.7)
+      esquery: 1.7.0
+      globals: 15.15.0
+      indent-string: 4.0.0
+      is-builtin-module: 3.2.1
+      jsesc: 3.1.0
+      pluralize: 8.0.0
+      read-pkg-up: 7.0.1
+      regexp-tree: 0.1.27
+      regjsparser: 0.10.0
+      semver: 7.7.4
+      strip-indent: 3.0.0
+
   eslint-plugin-unicorn@55.0.0(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@babel/helper-validator-identifier': 7.28.5
@@ -15623,6 +15692,20 @@ snapshots:
       '@stylistic/eslint-plugin': 2.13.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
       '@typescript-eslint/parser': 8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3)
 
+  eslint-plugin-vue@9.33.0(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2(jiti@1.21.7))
+      eslint: 9.39.2(jiti@1.21.7)
+      globals: 13.24.0
+      natural-compare: 1.4.0
+      nth-check: 2.1.1
+      postcss-selector-parser: 6.1.2
+      semver: 7.7.4
+      vue-eslint-parser: 9.4.3(eslint@9.39.2(jiti@1.21.7))
+      xml-name-validator: 4.0.0
+    transitivePeerDependencies:
+      - supports-color
+
   eslint-plugin-vue@9.33.0(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.2(jiti@2.6.1))
@@ -17620,7 +17703,7 @@ snapshots:
       rollup: 4.57.1
       rollup-plugin-visualizer: 6.0.5(rolldown@1.0.0-rc.12)(rollup@4.57.1)
       scule: 1.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       serve-placeholder: 2.0.2
       serve-static: 2.2.1
       source-map: 0.7.6
@@ -17728,16 +17811,16 @@ snapshots:
     dependencies:
       boolbase: 1.0.0
 
-  nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2):
+  nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2):
     dependencies:
-      '@dxup/nuxt': 0.3.2(magicast@0.5.1)
+      '@dxup/nuxt': 0.2.2(magicast@0.5.1)
       '@nuxt/cli': 3.32.0(cac@6.7.14)(magicast@0.5.1)
       '@nuxt/devtools': 3.1.1(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue@3.5.27(typescript@5.9.3))
-      '@nuxt/kit': 3.21.0(magicast@0.5.1)
-      '@nuxt/nitro-server': 3.21.0(db0@0.3.4)(ioredis@5.9.2)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(rolldown@1.0.0-rc.12)(typescript@5.9.3)(xml2js@0.6.2)
-      '@nuxt/schema': 3.21.0
+      '@nuxt/kit': 3.20.2(magicast@0.5.1)
+      '@nuxt/nitro-server': 3.20.2(db0@0.3.4)(ioredis@5.9.2)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(rolldown@1.0.0-rc.12)(typescript@5.9.3)(xml2js@0.6.2)
+      '@nuxt/schema': 3.20.2
       '@nuxt/telemetry': 2.6.6(magicast@0.5.1)
-      '@nuxt/vite-builder': 3.21.0(@types/node@24.12.2)(eslint@9.39.2(jiti@2.6.1))(lightningcss@1.32.0)(magicast@0.5.1)(nuxt@3.21.0(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vue-tsc@2.2.12(typescript@5.9.3))(vue@3.5.27(typescript@5.9.3))(yaml@2.8.2)
+      '@nuxt/vite-builder': 3.20.2(@types/node@24.12.2)(eslint@9.39.2(jiti@2.6.1))(lightningcss@1.32.0)(magicast@0.5.1)(nuxt@3.20.2(@parcel/watcher@2.5.6)(@types/node@24.12.2)(@vue/compiler-sfc@3.5.27)(cac@6.7.14)(db0@0.3.4)(eslint@9.39.2(jiti@2.6.1))(ioredis@5.9.2)(lightningcss@1.32.0)(magicast@0.5.1)(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2))(vue-tsc@2.2.12(typescript@5.9.3))(xml2js@0.6.2)(yaml@2.8.2))(optionator@0.9.4)(rolldown@1.0.0-rc.12)(rollup@4.57.1)(sass@1.97.3)(terser@5.46.0)(typescript@5.9.3)(vue-tsc@2.2.12(typescript@5.9.3))(vue@3.5.27(typescript@5.9.3))(yaml@2.8.2)
       '@unhead/vue': 2.1.2(vue@3.5.27(typescript@5.9.3))
       '@vue/shared': 3.5.27
       c12: 3.3.3(magicast@0.5.1)
@@ -17765,16 +17848,16 @@ snapshots:
       ofetch: 1.5.1
       ohash: 2.0.11
       on-change: 6.0.2
-      oxc-minify: 0.110.0
-      oxc-parser: 0.110.0
-      oxc-transform: 0.110.0
-      oxc-walker: 0.7.0(oxc-parser@0.110.0)
+      oxc-minify: 0.102.0
+      oxc-parser: 0.102.0
+      oxc-transform: 0.102.0
+      oxc-walker: 0.6.0(oxc-parser@0.102.0)
       pathe: 2.0.3
       perfect-debounce: 2.1.0
       pkg-types: 2.3.0
-      rou3: 0.7.12
+      radix3: 1.1.2
       scule: 1.3.0
-      semver: 7.7.3
+      semver: 7.7.4
       std-env: 3.10.0
       tinyglobby: 0.2.15
       ufo: 1.6.3
@@ -17927,81 +18010,66 @@ snapshots:
 
   overlayscrollbars@2.15.1: {}
 
-  oxc-minify@0.110.0:
+  oxc-minify@0.102.0:
     optionalDependencies:
-      '@oxc-minify/binding-android-arm-eabi': 0.110.0
-      '@oxc-minify/binding-android-arm64': 0.110.0
-      '@oxc-minify/binding-darwin-arm64': 0.110.0
-      '@oxc-minify/binding-darwin-x64': 0.110.0
-      '@oxc-minify/binding-freebsd-x64': 0.110.0
-      '@oxc-minify/binding-linux-arm-gnueabihf': 0.110.0
-      '@oxc-minify/binding-linux-arm-musleabihf': 0.110.0
-      '@oxc-minify/binding-linux-arm64-gnu': 0.110.0
-      '@oxc-minify/binding-linux-arm64-musl': 0.110.0
-      '@oxc-minify/binding-linux-ppc64-gnu': 0.110.0
-      '@oxc-minify/binding-linux-riscv64-gnu': 0.110.0
-      '@oxc-minify/binding-linux-riscv64-musl': 0.110.0
-      '@oxc-minify/binding-linux-s390x-gnu': 0.110.0
-      '@oxc-minify/binding-linux-x64-gnu': 0.110.0
-      '@oxc-minify/binding-linux-x64-musl': 0.110.0
-      '@oxc-minify/binding-openharmony-arm64': 0.110.0
-      '@oxc-minify/binding-wasm32-wasi': 0.110.0
-      '@oxc-minify/binding-win32-arm64-msvc': 0.110.0
-      '@oxc-minify/binding-win32-ia32-msvc': 0.110.0
-      '@oxc-minify/binding-win32-x64-msvc': 0.110.0
-
-  oxc-parser@0.110.0:
-    dependencies:
-      '@oxc-project/types': 0.110.0
+      '@oxc-minify/binding-android-arm64': 0.102.0
+      '@oxc-minify/binding-darwin-arm64': 0.102.0
+      '@oxc-minify/binding-darwin-x64': 0.102.0
+      '@oxc-minify/binding-freebsd-x64': 0.102.0
+      '@oxc-minify/binding-linux-arm-gnueabihf': 0.102.0
+      '@oxc-minify/binding-linux-arm64-gnu': 0.102.0
+      '@oxc-minify/binding-linux-arm64-musl': 0.102.0
+      '@oxc-minify/binding-linux-riscv64-gnu': 0.102.0
+      '@oxc-minify/binding-linux-s390x-gnu': 0.102.0
+      '@oxc-minify/binding-linux-x64-gnu': 0.102.0
+      '@oxc-minify/binding-linux-x64-musl': 0.102.0
+      '@oxc-minify/binding-openharmony-arm64': 0.102.0
+      '@oxc-minify/binding-wasm32-wasi': 0.102.0
+      '@oxc-minify/binding-win32-arm64-msvc': 0.102.0
+      '@oxc-minify/binding-win32-x64-msvc': 0.102.0
+
+  oxc-parser@0.102.0:
+    dependencies:
+      '@oxc-project/types': 0.102.0
     optionalDependencies:
-      '@oxc-parser/binding-android-arm-eabi': 0.110.0
-      '@oxc-parser/binding-android-arm64': 0.110.0
-      '@oxc-parser/binding-darwin-arm64': 0.110.0
-      '@oxc-parser/binding-darwin-x64': 0.110.0
-      '@oxc-parser/binding-freebsd-x64': 0.110.0
-      '@oxc-parser/binding-linux-arm-gnueabihf': 0.110.0
-      '@oxc-parser/binding-linux-arm-musleabihf': 0.110.0
-      '@oxc-parser/binding-linux-arm64-gnu': 0.110.0
-      '@oxc-parser/binding-linux-arm64-musl': 0.110.0
-      '@oxc-parser/binding-linux-ppc64-gnu': 0.110.0
-      '@oxc-parser/binding-linux-riscv64-gnu': 0.110.0
-      '@oxc-parser/binding-linux-riscv64-musl': 0.110.0
-      '@oxc-parser/binding-linux-s390x-gnu': 0.110.0
-      '@oxc-parser/binding-linux-x64-gnu': 0.110.0
-      '@oxc-parser/binding-linux-x64-musl': 0.110.0
-      '@oxc-parser/binding-openharmony-arm64': 0.110.0
-      '@oxc-parser/binding-wasm32-wasi': 0.110.0
-      '@oxc-parser/binding-win32-arm64-msvc': 0.110.0
-      '@oxc-parser/binding-win32-ia32-msvc': 0.110.0
-      '@oxc-parser/binding-win32-x64-msvc': 0.110.0
-
-  oxc-transform@0.110.0:
+      '@oxc-parser/binding-android-arm64': 0.102.0
+      '@oxc-parser/binding-darwin-arm64': 0.102.0
+      '@oxc-parser/binding-darwin-x64': 0.102.0
+      '@oxc-parser/binding-freebsd-x64': 0.102.0
+      '@oxc-parser/binding-linux-arm-gnueabihf': 0.102.0
+      '@oxc-parser/binding-linux-arm64-gnu': 0.102.0
+      '@oxc-parser/binding-linux-arm64-musl': 0.102.0
+      '@oxc-parser/binding-linux-riscv64-gnu': 0.102.0
+      '@oxc-parser/binding-linux-s390x-gnu': 0.102.0
+      '@oxc-parser/binding-linux-x64-gnu': 0.102.0
+      '@oxc-parser/binding-linux-x64-musl': 0.102.0
+      '@oxc-parser/binding-openharmony-arm64': 0.102.0
+      '@oxc-parser/binding-wasm32-wasi': 0.102.0
+      '@oxc-parser/binding-win32-arm64-msvc': 0.102.0
+      '@oxc-parser/binding-win32-x64-msvc': 0.102.0
+
+  oxc-transform@0.102.0:
     optionalDependencies:
-      '@oxc-transform/binding-android-arm-eabi': 0.110.0
-      '@oxc-transform/binding-android-arm64': 0.110.0
-      '@oxc-transform/binding-darwin-arm64': 0.110.0
-      '@oxc-transform/binding-darwin-x64': 0.110.0
-      '@oxc-transform/binding-freebsd-x64': 0.110.0
-      '@oxc-transform/binding-linux-arm-gnueabihf': 0.110.0
-      '@oxc-transform/binding-linux-arm-musleabihf': 0.110.0
-      '@oxc-transform/binding-linux-arm64-gnu': 0.110.0
-      '@oxc-transform/binding-linux-arm64-musl': 0.110.0
-      '@oxc-transform/binding-linux-ppc64-gnu': 0.110.0
-      '@oxc-transform/binding-linux-riscv64-gnu': 0.110.0
-      '@oxc-transform/binding-linux-riscv64-musl': 0.110.0
-      '@oxc-transform/binding-linux-s390x-gnu': 0.110.0
-      '@oxc-transform/binding-linux-x64-gnu': 0.110.0
-      '@oxc-transform/binding-linux-x64-musl': 0.110.0
-      '@oxc-transform/binding-openharmony-arm64': 0.110.0
-      '@oxc-transform/binding-wasm32-wasi': 0.110.0
-      '@oxc-transform/binding-win32-arm64-msvc': 0.110.0
-      '@oxc-transform/binding-win32-ia32-msvc': 0.110.0
-      '@oxc-transform/binding-win32-x64-msvc': 0.110.0
-
-  oxc-walker@0.7.0(oxc-parser@0.110.0):
+      '@oxc-transform/binding-android-arm64': 0.102.0
+      '@oxc-transform/binding-darwin-arm64': 0.102.0
+      '@oxc-transform/binding-darwin-x64': 0.102.0
+      '@oxc-transform/binding-freebsd-x64': 0.102.0
+      '@oxc-transform/binding-linux-arm-gnueabihf': 0.102.0
+      '@oxc-transform/binding-linux-arm64-gnu': 0.102.0
+      '@oxc-transform/binding-linux-arm64-musl': 0.102.0
+      '@oxc-transform/binding-linux-riscv64-gnu': 0.102.0
+      '@oxc-transform/binding-linux-s390x-gnu': 0.102.0
+      '@oxc-transform/binding-linux-x64-gnu': 0.102.0
+      '@oxc-transform/binding-linux-x64-musl': 0.102.0
+      '@oxc-transform/binding-openharmony-arm64': 0.102.0
+      '@oxc-transform/binding-wasm32-wasi': 0.102.0
+      '@oxc-transform/binding-win32-arm64-msvc': 0.102.0
+      '@oxc-transform/binding-win32-x64-msvc': 0.102.0
+
+  oxc-walker@0.6.0(oxc-parser@0.102.0):
     dependencies:
       magic-regexp: 0.10.0
-      oxc-parser: 0.110.0
+      oxc-parser: 0.102.0
 
   p-finally@1.0.0: {}
 
@@ -18198,42 +18266,42 @@ snapshots:
 
   pluralize@8.0.0: {}
 
-  postcss-calc@10.1.1(postcss@8.5.6):
+  postcss-calc@10.1.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
       postcss-value-parser: 4.2.0
 
-  postcss-colormin@7.0.5(postcss@8.5.6):
+  postcss-colormin@7.0.5(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
       caniuse-api: 3.0.0
       colord: 2.9.3
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-convert-values@7.0.8(postcss@8.5.6):
+  postcss-convert-values@7.0.8(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-discard-comments@7.0.5(postcss@8.5.6):
+  postcss-discard-comments@7.0.5(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
 
-  postcss-discard-duplicates@7.0.2(postcss@8.5.6):
+  postcss-discard-duplicates@7.0.2(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
 
-  postcss-discard-empty@7.0.1(postcss@8.5.6):
+  postcss-discard-empty@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
 
-  postcss-discard-overridden@7.0.1(postcss@8.5.6):
+  postcss-discard-overridden@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
 
   postcss-import@15.1.0(postcss@8.5.6):
     dependencies:
@@ -18255,43 +18323,43 @@ snapshots:
       postcss: 8.5.6
       yaml: 2.8.2
 
-  postcss-merge-longhand@7.0.5(postcss@8.5.6):
+  postcss-merge-longhand@7.0.5(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
-      stylehacks: 7.0.7(postcss@8.5.6)
+      stylehacks: 7.0.7(postcss@8.5.8)
 
-  postcss-merge-rules@7.0.7(postcss@8.5.6):
+  postcss-merge-rules@7.0.7(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
       caniuse-api: 3.0.0
-      cssnano-utils: 5.0.1(postcss@8.5.6)
-      postcss: 8.5.6
+      cssnano-utils: 5.0.1(postcss@8.5.8)
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
 
-  postcss-minify-font-values@7.0.1(postcss@8.5.6):
+  postcss-minify-font-values@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-minify-gradients@7.0.1(postcss@8.5.6):
+  postcss-minify-gradients@7.0.1(postcss@8.5.8):
     dependencies:
       colord: 2.9.3
-      cssnano-utils: 5.0.1(postcss@8.5.6)
-      postcss: 8.5.6
+      cssnano-utils: 5.0.1(postcss@8.5.8)
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-minify-params@7.0.5(postcss@8.5.6):
+  postcss-minify-params@7.0.5(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
-      cssnano-utils: 5.0.1(postcss@8.5.6)
-      postcss: 8.5.6
+      cssnano-utils: 5.0.1(postcss@8.5.8)
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-minify-selectors@7.0.5(postcss@8.5.6):
+  postcss-minify-selectors@7.0.5(postcss@8.5.8):
     dependencies:
       cssesc: 3.0.0
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
 
   postcss-nested@6.2.0(postcss@8.5.6):
@@ -18299,66 +18367,71 @@ snapshots:
       postcss: 8.5.6
       postcss-selector-parser: 6.1.2
 
-  postcss-normalize-charset@7.0.1(postcss@8.5.6):
+  postcss-nested@6.2.0(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
+      postcss-selector-parser: 6.1.2
 
-  postcss-normalize-display-values@7.0.1(postcss@8.5.6):
+  postcss-normalize-charset@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
+
+  postcss-normalize-display-values@7.0.1(postcss@8.5.8):
+    dependencies:
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-positions@7.0.1(postcss@8.5.6):
+  postcss-normalize-positions@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-repeat-style@7.0.1(postcss@8.5.6):
+  postcss-normalize-repeat-style@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-string@7.0.1(postcss@8.5.6):
+  postcss-normalize-string@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-timing-functions@7.0.1(postcss@8.5.6):
+  postcss-normalize-timing-functions@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-unicode@7.0.5(postcss@8.5.6):
+  postcss-normalize-unicode@7.0.5(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-url@7.0.1(postcss@8.5.6):
+  postcss-normalize-url@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-normalize-whitespace@7.0.1(postcss@8.5.6):
+  postcss-normalize-whitespace@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-ordered-values@7.0.2(postcss@8.5.6):
+  postcss-ordered-values@7.0.2(postcss@8.5.8):
     dependencies:
-      cssnano-utils: 5.0.1(postcss@8.5.6)
-      postcss: 8.5.6
+      cssnano-utils: 5.0.1(postcss@8.5.8)
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
-  postcss-reduce-initial@7.0.5(postcss@8.5.6):
+  postcss-reduce-initial@7.0.5(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
       caniuse-api: 3.0.0
-      postcss: 8.5.6
+      postcss: 8.5.8
 
-  postcss-reduce-transforms@7.0.1(postcss@8.5.6):
+  postcss-reduce-transforms@7.0.1(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
 
   postcss-selector-parser@6.1.2:
@@ -18371,15 +18444,15 @@ snapshots:
       cssesc: 3.0.0
       util-deprecate: 1.0.2
 
-  postcss-svgo@7.1.0(postcss@8.5.6):
+  postcss-svgo@7.1.0(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-value-parser: 4.2.0
       svgo: 4.0.0
 
-  postcss-unique-selectors@7.0.4(postcss@8.5.6):
+  postcss-unique-selectors@7.0.4(postcss@8.5.8):
     dependencies:
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
 
   postcss-value-parser@4.2.0: {}
@@ -18937,7 +19010,7 @@ snapshots:
   rollup-plugin-visualizer@6.0.5(rolldown@1.0.0-rc.12)(rollup@4.57.1):
     dependencies:
       open: 8.4.2
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       source-map: 0.7.6
       yargs: 17.7.2
     optionalDependencies:
@@ -18975,8 +19048,6 @@ snapshots:
       '@rollup/rollup-win32-x64-msvc': 4.57.1
       fsevents: 2.3.3
 
-  rou3@0.7.12: {}
-
   rss@1.2.2:
     dependencies:
       mime-types: 2.1.13
@@ -19100,7 +19171,7 @@ snapshots:
     dependencies:
       '@img/colour': 1.0.0
       detect-libc: 2.1.2
-      semver: 7.7.3
+      semver: 7.7.4
     optionalDependencies:
       '@img/sharp-darwin-arm64': 0.34.5
       '@img/sharp-darwin-x64': 0.34.5
@@ -19403,10 +19474,10 @@ snapshots:
     dependencies:
       inline-style-parser: 0.2.7
 
-  stylehacks@7.0.7(postcss@8.5.6):
+  stylehacks@7.0.7(postcss@8.5.8):
     dependencies:
       browserslist: 4.28.1
-      postcss: 8.5.6
+      postcss: 8.5.8
       postcss-selector-parser: 7.1.1
 
   sucrase@3.35.1:
@@ -19654,7 +19725,7 @@ snapshots:
 
   typescript-auto-import-cache@0.3.6:
     dependencies:
-      semver: 7.7.3
+      semver: 7.7.4
 
   typescript-eslint@8.54.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.9.3):
     dependencies:
@@ -19727,7 +19798,7 @@ snapshots:
       magic-string: 0.30.21
       mlly: 1.8.0
       pathe: 2.0.3
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       pkg-types: 2.3.0
       scule: 1.3.0
       strip-literal: 3.1.0
@@ -19784,12 +19855,12 @@ snapshots:
   unplugin-utils@0.2.5:
     dependencies:
       pathe: 2.0.3
-      picomatch: 4.0.3
+      picomatch: 4.0.4
 
   unplugin-utils@0.3.1:
     dependencies:
       pathe: 2.0.3
-      picomatch: 4.0.3
+      picomatch: 4.0.4
 
   unplugin-vue-router@0.19.2(@vue/compiler-sfc@3.5.27)(vue-router@4.6.4(vue@3.5.27(typescript@5.9.3)))(vue@3.5.27(typescript@5.9.3)):
     dependencies:
@@ -19805,7 +19876,7 @@ snapshots:
       mlly: 1.8.0
       muggle-string: 0.4.1
       pathe: 2.0.3
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       scule: 1.3.0
       tinyglobby: 0.2.15
       unplugin: 2.3.11
@@ -19827,7 +19898,7 @@ snapshots:
     dependencies:
       '@jridgewell/remapping': 2.3.5
       acorn: 8.15.0
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       webpack-virtual-modules: 0.6.2
 
   unrs-resolver@1.11.1:
@@ -19967,7 +20038,7 @@ snapshots:
       chokidar: 4.0.3
       npm-run-path: 6.0.0
       picocolors: 1.1.1
-      picomatch: 4.0.3
+      picomatch: 4.0.4
       tiny-invariant: 1.3.3
       tinyglobby: 0.2.15
       vite: 7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2)
@@ -20042,9 +20113,9 @@ snapshots:
   vite@7.3.1(@types/node@24.12.2)(jiti@2.6.1)(lightningcss@1.32.0)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2):
     dependencies:
       esbuild: 0.27.2
-      fdir: 6.5.0(picomatch@4.0.3)
-      picomatch: 4.0.3
-      postcss: 8.5.6
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
+      postcss: 8.5.8
       rollup: 4.57.1
       tinyglobby: 0.2.15
     optionalDependencies:
@@ -20056,6 +20127,22 @@ snapshots:
       terser: 5.46.0
       yaml: 2.8.2
 
+  vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@1.21.7)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2):
+    dependencies:
+      lightningcss: 1.32.0
+      picomatch: 4.0.4
+      postcss: 8.5.8
+      rolldown: 1.0.0-rc.12
+      tinyglobby: 0.2.15
+    optionalDependencies:
+      '@types/node': 24.12.2
+      esbuild: 0.27.3
+      fsevents: 2.3.3
+      jiti: 1.21.7
+      sass: 1.97.3
+      terser: 5.46.0
+      yaml: 2.8.2
+
   vite@8.0.3(@types/node@24.12.2)(esbuild@0.27.3)(jiti@2.6.1)(sass@1.97.3)(terser@5.46.0)(yaml@2.8.2):
     dependencies:
       lightningcss: 1.32.0
@@ -20119,7 +20206,7 @@ snapshots:
   volar-service-typescript@0.0.68(@volar/language-service@2.4.28):
     dependencies:
       path-browserify: 1.0.1
-      semver: 7.7.3
+      semver: 7.7.4
       typescript-auto-import-cache: 0.3.6
       vscode-languageserver-textdocument: 1.0.12
       vscode-nls: 5.2.0
@@ -20192,7 +20279,7 @@ snapshots:
 
   vue-component-type-helpers@3.2.4: {}
 
-  vue-component-type-helpers@3.3.1: {}
+  vue-component-type-helpers@3.3.2: {}
 
   vue-confetti-explosion@1.0.2(vue@3.5.27(typescript@5.9.3)):
     dependencies:
@@ -20232,6 +20319,19 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  vue-eslint-parser@9.4.3(eslint@9.39.2(jiti@1.21.7)):
+    dependencies:
+      debug: 4.4.3
+      eslint: 9.39.2(jiti@1.21.7)
+      eslint-scope: 7.2.2
+      eslint-visitor-keys: 3.4.3
+      espree: 9.6.1
+      esquery: 1.7.0
+      lodash: 4.17.23
+      semver: 7.7.4
+    transitivePeerDependencies:
+      - supports-color
+
   vue-eslint-parser@9.4.3(eslint@9.39.2(jiti@2.6.1)):
     dependencies:
       debug: 4.4.3