feat: add google maps mcp source

oxfmt was reformatting generated drizzle migration snapshots and
crashing on .ona/review/comments.json. Also runs the formatter
across the full codebase.

Co-authored-by: Ona <no-reply@ona.com>

.github/workflows/build-waitlist-website.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   REGISTRY: cr.nym.sh
-  IMAGE_NAME: aelis-waitlist-website
+  IMAGE_NAME: freya-waitlist-website
 
 jobs:
   build:

.ona/automations.yaml

@@ -1,39 +0,0 @@
-services:
-  expo:
-    name: Expo Dev Server
-    description: Expo development server for aelis-client
-    triggeredBy:
-      - postDevcontainerStart
-    commands:
-      start: cd apps/aelis-client && ./scripts/run-dev-server.sh
-
-  drizzle-studio:
-    name: Drizzle Studio
-    description: Drizzle Studio database browser for aelis-backend
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        FORWARD_URL=$(gitpod environment port open 4983 --name drizzle-studio-server | sed 's|https://||')
-        echo "Drizzle Studio: https://local.drizzle.studio/?host=${FORWARD_URL}&port=443"
-        cd apps/aelis-backend && bunx drizzle-kit studio --host 0.0.0.0 --port 4983
-
-  aelis-backend:
-    name: Aelis Backend
-    description: Hono API server for aelis-backend (port 3000)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 3000 --name "Aelis Backend" --protocol http
-        cd apps/aelis-backend && bun run dev
-
-  admin-dashboard:
-    name: Admin Dashboard
-    description: Vite dev server for admin-dashboard (port 5174)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 5174 --name "Admin Dashboard" --protocol http
-        cd apps/admin-dashboard && bun run dev --host

.oxfmtrc.json

@@ -8,5 +8,5 @@
 		"ignoreCase": true,
 		"newlinesBetween": true
 	},
-	"ignorePatterns": [".claude", "fixtures"]
+	"ignorePatterns": [".claude", ".ona", "drizzle", "fixtures"]
 }

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+	"js/ts.experimental.useTsgo": true
+}

AGENTS.md

@@ -2,7 +2,7 @@
 
 ## Project
 
-AELIS is an AI-powered personal assistant that aggregates data from various sources into a contextual feed. Monorepo with `packages/` (shared libraries) and `apps/` (applications).
+FREYA is an AI-powered personal assistant that aggregates data from various sources into a contextual feed. Monorepo with `packages/` (shared libraries) and `apps/` (applications).
 
 ## Commands
 

README.md

@@ -1,4 +1,4 @@
-# aelis
+# freya
 
 To install dependencies:
 
@@ -8,14 +8,14 @@ bun install
 
 ## Packages
 
-### @aelis/source-tfl
+### @freya/source-tfl
 
 TfL (Transport for London) feed source for tube, overground, and Elizabeth line alerts.
 
 #### Testing
 
 ```bash
-cd packages/aelis-source-tfl
+cd packages/freya-source-tfl
 bun run test
 ```
 

apps/admin-dashboard/.prettierignore

@@ -1,7 +0,0 @@
-node_modules/
-coverage/
-.pnpm-store/
-pnpm-lock.yaml
-package-lock.json
-pnpm-lock.yaml
-yarn.lock

apps/admin-dashboard/.prettierrc

@@ -1,11 +0,0 @@
-{
-  "endOfLine": "lf",
-  "semi": false,
-  "singleQuote": false,
-  "tabWidth": 2,
-  "trailingComma": "es5",
-  "printWidth": 80,
-  "plugins": ["prettier-plugin-tailwindcss"],
-  "tailwindStylesheet": "src/index.css",
-  "tailwindFunctions": ["cn", "cva"]
-}

apps/admin-dashboard/eslint.config.js

@@ -1,23 +0,0 @@
-import js from '@eslint/js'
-import globals from 'globals'
-import reactHooks from 'eslint-plugin-react-hooks'
-import reactRefresh from 'eslint-plugin-react-refresh'
-import tseslint from 'typescript-eslint'
-import { defineConfig, globalIgnores } from 'eslint/config'
-
-export default defineConfig([
-  globalIgnores(['dist']),
-  {
-    files: ['**/*.{ts,tsx}'],
-    extends: [
-      js.configs.recommended,
-      tseslint.configs.recommended,
-      reactHooks.configs.flat.recommended,
-      reactRefresh.configs.vite,
-    ],
-    languageOptions: {
-      ecmaVersion: 2020,
-      globals: globals.browser,
-    },
-  },
-])

apps/admin-dashboard/package.json

@@ -1,13 +1,13 @@
 {
 	"name": "admin-dashboard",
-  "private": true,
 	"version": "0.0.1",
+	"private": true,
 	"type": "module",
 	"scripts": {
 		"dev": "vite",
 		"build": "tsc -b && vite build",
-    "lint": "eslint .",
+		"lint": "oxlint .",
-    "format": "prettier --write \"**/*.{ts,tsx}\"",
+		"format": "oxfmt --write .",
 		"typecheck": "tsc --noEmit",
 		"preview": "vite preview"
 	},
@@ -30,19 +30,11 @@
 		"tw-animate-css": "^1.4.0"
 	},
 	"devDependencies": {
-    "@eslint/js": "^9.39.1",
 		"@types/node": "^24.10.1",
 		"@types/react": "^19.2.5",
 		"@types/react-dom": "^19.2.3",
 		"@vitejs/plugin-react": "^5.1.1",
-    "eslint": "^9.39.1",
+		"typescript": "^6",
-    "eslint-plugin-react-hooks": "^7.0.1",
-    "eslint-plugin-react-refresh": "^0.4.24",
-    "globals": "^16.5.0",
-    "prettier": "^3.8.1",
-    "prettier-plugin-tailwindcss": "^0.7.2",
-    "typescript": "~5.9.3",
-    "typescript-eslint": "^8.46.4",
 		"vite": "^7.2.4"
 	}
 }

apps/admin-dashboard/src/App.tsx

@@ -1,5 +1,5 @@
-import { createRouter, RouterProvider } from "@tanstack/react-router"
 import { useQueryClient, type QueryClient } from "@tanstack/react-query"
+import { createRouter, RouterProvider } from "@tanstack/react-router"
 
 import { routeTree } from "./route-tree.gen"
 

apps/admin-dashboard/src/components/feed-panel.tsx

@@ -1,13 +1,13 @@
 import { useQuery } from "@tanstack/react-query"
-import { useState } from "react"
 import { Loader2, RefreshCw, TriangleAlert } from "lucide-react"
+import { useState } from "react"
 
 import type { FeedItem } from "@/lib/api"
-import { fetchFeed } from "@/lib/api"
 
 import { Badge } from "@/components/ui/badge"
 import { Button } from "@/components/ui/button"
 import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card"
+import { fetchFeed } from "@/lib/api"
 
 export function FeedPanel() {
 	const {
@@ -28,9 +28,7 @@ export function FeedPanel() {
 			<div className="flex items-center justify-between gap-4">
 				<div className="space-y-1">
 					<h2 className="text-lg font-semibold tracking-tight">Feed</h2>
-          <p className="text-sm text-muted-foreground">
+					<p className="text-sm text-muted-foreground">Query the feed as the current user.</p>
-            Query the feed as the current user.
-          </p>
 				</div>
 				<Button onClick={() => refetch()} disabled={isFetching} size="sm">
 					{isFetching ? (

apps/admin-dashboard/src/components/general-settings-panel.tsx

@@ -1,9 +1,8 @@
 import { useQuery } from "@tanstack/react-query"
 import { CircleCheck, CircleX, Loader2 } from "lucide-react"
 
-import { getServerUrl } from "@/lib/server-url"
-
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card"
+import { getServerUrl } from "@/lib/server-url"
 
 async function checkHealth(serverUrl: string): Promise<boolean> {
 	const res = await fetch(`${serverUrl}/health`)
@@ -28,17 +27,13 @@ export function GeneralSettingsPanel() {
 		<div className="mx-auto max-w-xl space-y-6">
 			<div className="space-y-1">
 				<h2 className="text-lg font-semibold tracking-tight">General</h2>
-        <p className="text-sm text-muted-foreground">
+				<p className="text-sm text-muted-foreground">Backend server information.</p>
-          Backend server information.
-        </p>
 			</div>
 
 			<Card className="-mx-4">
 				<CardHeader className="pb-4">
 					<CardTitle className="text-sm">Server</CardTitle>
-          <CardDescription>
+					<CardDescription>Connected backend instance.</CardDescription>
-            Connected backend instance.
-          </CardDescription>
 				</CardHeader>
 				<CardContent>
 					<div className="space-y-3 text-sm">

apps/admin-dashboard/src/components/login-page.tsx

@@ -1,16 +1,16 @@
 import { useMutation } from "@tanstack/react-query"
-import { useState } from "react"
 import { Loader2, Settings2 } from "lucide-react"
+import { useState } from "react"
 import { toast } from "sonner"
 
 import type { AuthSession } from "@/lib/auth"
-import { signIn } from "@/lib/auth"
-import { getServerUrl, setServerUrl } from "@/lib/server-url"
 
 import { Button } from "@/components/ui/button"
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card"
 import { Input } from "@/components/ui/input"
 import { Label } from "@/components/ui/label"
+import { signIn } from "@/lib/auth"
+import { getServerUrl, setServerUrl } from "@/lib/server-url"
 
 interface LoginPageProps {
 	onLogin: (session: AuthSession) => void
@@ -71,7 +71,7 @@ export function LoginPage({ onLogin }: LoginPageProps) {
 								type="email"
 								value={email}
 								onChange={(e) => setEmail(e.target.value)}
-                placeholder="admin@aelis.local"
+								placeholder="admin@freya.local"
 								required
 							/>
 						</div>
@@ -86,12 +86,10 @@ export function LoginPage({ onLogin }: LoginPageProps) {
 							/>
 						</div>
 
-
 						<Button type="submit" className="w-full" disabled={loading}>
 							{loading && <Loader2 className="size-4 animate-spin" />}
 							{loading ? "Signing in…" : "Sign in"}
 						</Button>
-
 					</form>
 				</CardContent>
 			</Card>

apps/admin-dashboard/src/components/source-config-panel.tsx

@@ -1,10 +1,9 @@
 import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"
-import { useState } from "react"
 import { Info, Loader2, MapPin, Trash2 } from "lucide-react"
+import { useState } from "react"
 import { toast } from "sonner"
 
 import type { ConfigFieldDef, SourceDefinition } from "@/lib/api"
-import { fetchSourceConfig, pushLocation, replaceSource, updateProviderConfig } from "@/lib/api"
 
 import { Badge } from "@/components/ui/badge"
 import { Button } from "@/components/ui/button"
@@ -21,6 +20,7 @@ import {
 import { Separator } from "@/components/ui/separator"
 import { Switch } from "@/components/ui/switch"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
+import { fetchSourceConfig, pushLocation, replaceSource, updateProviderConfig } from "@/lib/api"
 
 interface SourceConfigPanelProps {
 	source: SourceDefinition
@@ -66,6 +66,20 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 		return creds
 	}
 
+	function hasUserConfigFields(): boolean {
+		return Object.values(source.fields).some((field) => !isCredentialField(field))
+	}
+
+	function buildReplaceBody(enabledValue: boolean): Parameters<typeof replaceSource>[1] {
+		const body: Parameters<typeof replaceSource>[1] = { enabled: enabledValue }
+
+		if (hasUserConfigFields()) {
+			body.config = getUserConfig()
+		}
+
+		return body
+	}
+
 	function invalidate() {
 		queryClient.invalidateQueries({ queryKey: ["sourceConfig", source.id] })
 		queryClient.invalidateQueries({ queryKey: ["configs"] })
@@ -74,21 +88,21 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 
 	const saveMutation = useMutation({
 		mutationFn: async () => {
-      const promises: Promise<void>[] = [
-        replaceSource(source.id, { enabled, config: getUserConfig() }),
-      ]
-
 			const credentialFields = getCredentialFields()
 			const hasCredentials = Object.values(credentialFields).some(
 				(v) => typeof v === "string" && v.length > 0,
 			)
-      if (hasCredentials) {
-        promises.push(
-          updateProviderConfig(source.id, { credentials: credentialFields }),
-        )
-      }
 
-      await Promise.all(promises)
+			const body = buildReplaceBody(enabled)
+			if (hasCredentials && source.perUserCredentials) {
+				body.credentials = credentialFields
+			}
+			await replaceSource(source.id, body)
+
+			// For non-per-user credentials (provider-level), still use the admin endpoint.
+			if (hasCredentials && !source.perUserCredentials) {
+				await updateProviderConfig(source.id, { credentials: credentialFields })
+			}
 		},
 		onSuccess() {
 			setDirty({})
@@ -101,8 +115,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 	})
 
 	const toggleMutation = useMutation({
-    mutationFn: (checked: boolean) =>
+		mutationFn: (checked: boolean) => replaceSource(source.id, buildReplaceBody(checked)),
-      replaceSource(source.id, { enabled: checked, config: getUserConfig() }),
 		onSuccess(_data, checked) {
 			invalidate()
 			toast.success(`Source ${checked ? "enabled" : "disabled"}`)
@@ -113,7 +126,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 	})
 
 	const deleteMutation = useMutation({
-    mutationFn: () => replaceSource(source.id, { enabled: false, config: {} }),
+		mutationFn: () => replaceSource(source.id, buildReplaceBody(false)),
 		onSuccess() {
 			setDirty({})
 			invalidate()
@@ -157,7 +170,6 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 						) : (
 							<Badge variant="outline">Disabled</Badge>
 						)}
-
 					</div>
 					<p className="text-sm text-muted-foreground">{source.description}</p>
 				</div>
@@ -245,7 +257,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 			)}
 
 			{/* Always-on sources */}
-      {source.alwaysEnabled && source.id !== "aelis.location" && (
+			{source.alwaysEnabled && source.id !== "freya.location" && (
 				<>
 					<Separator />
 					<p className="text-sm text-muted-foreground">
@@ -254,7 +266,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 				</>
 			)}
 
-      {source.id === "aelis.location" && <LocationCard />}
+			{source.id === "freya.location" && <LocationCard />}
 		</div>
 	)
 }
@@ -307,7 +319,9 @@ function LocationCard() {
 			<CardContent className="space-y-4">
 				<div className="grid grid-cols-2 gap-4">
 					<div className="space-y-2">
-            <Label htmlFor="loc-lat" className="text-xs font-medium">Latitude</Label>
+						<Label htmlFor="loc-lat" className="text-xs font-medium">
+							Latitude
+						</Label>
 						<Input
 							id="loc-lat"
 							type="number"
@@ -319,7 +333,9 @@ function LocationCard() {
 						/>
 					</div>
 					<div className="space-y-2">
-            <Label htmlFor="loc-lng" className="text-xs font-medium">Longitude</Label>
+						<Label htmlFor="loc-lng" className="text-xs font-medium">
+							Longitude
+						</Label>
 						<Input
 							id="loc-lng"
 							type="number"
@@ -408,6 +424,38 @@ function FieldInput({
 		)
 	}
 
+	if (field.type === "multiselect" && field.options) {
+		const selected = Array.isArray(value) ? (value as string[]) : []
+
+		function toggle(optValue: string) {
+			const next = selected.includes(optValue)
+				? selected.filter((v) => v !== optValue)
+				: [...selected, optValue]
+			onChange(next)
+		}
+
+		return (
+			<div className="space-y-2">
+				<Label className="text-xs font-medium">{labelContent}</Label>
+				<div className="flex flex-wrap gap-1.5">
+					{field.options!.map((opt) => {
+						const isSelected = selected.includes(opt.value)
+						return (
+							<Badge
+								key={opt.value}
+								variant={isSelected ? "default" : "outline"}
+								className={`cursor-pointer select-none ${isSelected ? "" : "opacity-60 hover:opacity-100"}`}
+								onClick={() => !disabled && toggle(opt.value)}
+							>
+								{opt.label}
+							</Badge>
+						)
+					})}
+				</div>
+			</div>
+		)
+	}
+
 	if (field.type === "number") {
 		return (
 			<div className="space-y-2">
@@ -456,6 +504,8 @@ function buildInitialValues(
 			values[name] = saved[name]
 		} else if (field.defaultValue !== undefined) {
 			values[name] = field.defaultValue
+		} else if (field.type === "multiselect") {
+			values[name] = []
 		} else {
 			values[name] = field.type === "number" ? undefined : ""
 		}

apps/admin-dashboard/src/components/theme-provider.tsx

@@ -19,9 +19,7 @@ type ThemeProviderState = {
 const COLOR_SCHEME_QUERY = "(prefers-color-scheme: dark)"
 const THEME_VALUES: Theme[] = ["dark", "light", "system"]
 
-const ThemeProviderContext = React.createContext<
+const ThemeProviderContext = React.createContext<ThemeProviderState | undefined>(undefined)
-  ThemeProviderState | undefined
->(undefined)
 
 function isTheme(value: string | null): value is Theme {
 	if (value === null) {
@@ -43,8 +41,8 @@ function disableTransitionsTemporarily() {
 	const style = document.createElement("style")
 	style.appendChild(
 		document.createTextNode(
-      "*,*::before,*::after{-webkit-transition:none!important;transition:none!important}"
+			"*,*::before,*::after{-webkit-transition:none!important;transition:none!important}",
-    )
+		),
 	)
 	document.head.appendChild(style)
 
@@ -67,9 +65,7 @@ function isEditableTarget(target: EventTarget | null) {
 		return true
 	}
 
-  const editableParent = target.closest(
+	const editableParent = target.closest("input, textarea, select, [contenteditable='true']")
-    "input, textarea, select, [contenteditable='true']"
-  )
 	if (editableParent) {
 		return true
 	}
@@ -98,17 +94,14 @@ export function ThemeProvider({
 			localStorage.setItem(storageKey, nextTheme)
 			setThemeState(nextTheme)
 		},
-    [storageKey]
+		[storageKey],
 	)
 
 	const applyTheme = React.useCallback(
 		(nextTheme: Theme) => {
 			const root = document.documentElement
-      const resolvedTheme =
+			const resolvedTheme = nextTheme === "system" ? getSystemTheme() : nextTheme
-        nextTheme === "system" ? getSystemTheme() : nextTheme
+			const restoreTransitions = disableTransitionOnChange ? disableTransitionsTemporarily() : null
-      const restoreTransitions = disableTransitionOnChange
-        ? disableTransitionsTemporarily()
-        : null
 
 			root.classList.remove("light", "dark")
 			root.classList.add(resolvedTheme)
@@ -117,7 +110,7 @@ export function ThemeProvider({
 				restoreTransitions()
 			}
 		},
-    [disableTransitionOnChange]
+		[disableTransitionOnChange],
 	)
 
 	React.useEffect(() => {
@@ -209,7 +202,7 @@ export function ThemeProvider({
 			theme,
 			setTheme,
 		}),
-    [theme, setTheme]
+		[theme, setTheme],
 	)
 
 	return (

apps/admin-dashboard/src/components/ui/accordion.tsx

@@ -1,22 +1,16 @@
 "use client"
 
-import * as React from "react"
+import { ChevronDownIcon, ChevronUpIcon } from "lucide-react"
 import { Accordion as AccordionPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
-import { ChevronDownIcon, ChevronUpIcon } from "lucide-react"
 
-function Accordion({
+function Accordion({ className, ...props }: React.ComponentProps<typeof AccordionPrimitive.Root>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof AccordionPrimitive.Root>) {
 	return (
 		<AccordionPrimitive.Root
 			data-slot="accordion"
-      className={cn(
+			className={cn("flex w-full flex-col overflow-hidden rounded-md border", className)}
-        "flex w-full flex-col overflow-hidden rounded-md border",
-        className
-      )}
 			{...props}
 		/>
 	)
@@ -46,13 +40,19 @@ function AccordionTrigger({
 				data-slot="accordion-trigger"
 				className={cn(
 					"group/accordion-trigger relative flex flex-1 items-start justify-between gap-6 border border-transparent p-2 text-left text-xs/relaxed font-medium transition-all outline-none hover:underline disabled:pointer-events-none disabled:opacity-50 **:data-[slot=accordion-trigger-icon]:ml-auto **:data-[slot=accordion-trigger-icon]:size-4 **:data-[slot=accordion-trigger-icon]:text-muted-foreground",
-          className
+					className,
 				)}
 				{...props}
 			>
 				{children}
-        <ChevronDownIcon data-slot="accordion-trigger-icon" className="pointer-events-none shrink-0 group-aria-expanded/accordion-trigger:hidden" />
+				<ChevronDownIcon
-        <ChevronUpIcon data-slot="accordion-trigger-icon" className="pointer-events-none hidden shrink-0 group-aria-expanded/accordion-trigger:inline" />
+					data-slot="accordion-trigger-icon"
+					className="pointer-events-none shrink-0 group-aria-expanded/accordion-trigger:hidden"
+				/>
+				<ChevronUpIcon
+					data-slot="accordion-trigger-icon"
+					className="pointer-events-none hidden shrink-0 group-aria-expanded/accordion-trigger:inline"
+				/>
 			</AccordionPrimitive.Trigger>
 		</AccordionPrimitive.Header>
 	)
@@ -72,7 +72,7 @@ function AccordionContent({
 			<div
 				className={cn(
 					"h-(--radix-accordion-content-height) pt-0 pb-4 [&_a]:underline [&_a]:underline-offset-3 [&_a]:hover:text-foreground [&_p:not(:last-child)]:mb-4",
-          className
+					className,
 				)}
 			>
 				{children}

apps/admin-dashboard/src/components/ui/alert.tsx

@@ -1,5 +1,5 @@
-import * as React from "react"
 import { cva, type VariantProps } from "class-variance-authority"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -16,7 +16,7 @@ const alertVariants = cva(
 		defaultVariants: {
 			variant: "default",
 		},
-  }
+	},
 )
 
 function Alert({
@@ -40,23 +40,20 @@ function AlertTitle({ className, ...props }: React.ComponentProps<"div">) {
 			data-slot="alert-title"
 			className={cn(
 				"font-medium group-has-[>svg]/alert:col-start-2 [&_a]:underline [&_a]:underline-offset-3 [&_a]:hover:text-foreground",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-function AlertDescription({
+function AlertDescription({ className, ...props }: React.ComponentProps<"div">) {
-  className,
-  ...props
-}: React.ComponentProps<"div">) {
 	return (
 		<div
 			data-slot="alert-description"
 			className={cn(
 				"text-xs/relaxed text-balance text-muted-foreground md:text-pretty [&_a]:underline [&_a]:underline-offset-3 [&_a]:hover:text-foreground [&_p:not(:last-child)]:mb-4",
-        className
+				className,
 			)}
 			{...props}
 		/>

apps/admin-dashboard/src/components/ui/badge.tsx

@@ -1,6 +1,6 @@
-import * as React from "react"
 import { cva, type VariantProps } from "class-variance-authority"
 import { Slot } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -10,21 +10,19 @@ const badgeVariants = cva(
 		variants: {
 			variant: {
 				default: "bg-primary text-primary-foreground [a]:hover:bg-primary/80",
-        secondary:
+				secondary: "bg-secondary text-secondary-foreground [a]:hover:bg-secondary/80",
-          "bg-secondary text-secondary-foreground [a]:hover:bg-secondary/80",
 				destructive:
 					"bg-destructive/10 text-destructive focus-visible:ring-destructive/20 dark:bg-destructive/20 dark:focus-visible:ring-destructive/40 [a]:hover:bg-destructive/20",
 				outline:
 					"border-border bg-input/20 text-foreground dark:bg-input/30 [a]:hover:bg-muted [a]:hover:text-muted-foreground",
-        ghost:
+				ghost: "hover:bg-muted hover:text-muted-foreground dark:hover:bg-muted/50",
-          "hover:bg-muted hover:text-muted-foreground dark:hover:bg-muted/50",
 				link: "text-primary underline-offset-4 hover:underline",
 			},
 		},
 		defaultVariants: {
 			variant: "default",
 		},
-  }
+	},
 )
 
 function Badge({
@@ -32,8 +30,7 @@ function Badge({
 	variant = "default",
 	asChild = false,
 	...props
-}: React.ComponentProps<"span"> &
+}: React.ComponentProps<"span"> & VariantProps<typeof badgeVariants> & { asChild?: boolean }) {
-  VariantProps<typeof badgeVariants> & { asChild?: boolean }) {
 	const Comp = asChild ? Slot.Root : "span"
 
 	return (

apps/admin-dashboard/src/components/ui/button.tsx

@@ -1,6 +1,6 @@
-import * as React from "react"
 import { cva, type VariantProps } from "class-variance-authority"
 import { Slot } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -36,7 +36,7 @@ const buttonVariants = cva(
 			variant: "default",
 			size: "default",
 		},
-  }
+	},
 )
 
 function Button({

apps/admin-dashboard/src/components/ui/card.tsx

@@ -13,7 +13,7 @@ function Card({
 			data-size={size}
 			className={cn(
 				"group/card flex flex-col gap-4 overflow-hidden rounded-lg bg-card py-4 text-xs/relaxed text-card-foreground ring-1 ring-foreground/10 has-[>img:first-child]:pt-0 data-[size=sm]:gap-3 data-[size=sm]:py-3 *:[img:first-child]:rounded-t-lg *:[img:last-child]:rounded-b-lg",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -26,7 +26,7 @@ function CardHeader({ className, ...props }: React.ComponentProps<"div">) {
 			data-slot="card-header"
 			className={cn(
 				"group/card-header @container/card-header grid auto-rows-min items-start gap-1 rounded-t-lg px-4 group-data-[size=sm]/card:px-3 has-data-[slot=card-action]:grid-cols-[1fr_auto] has-data-[slot=card-description]:grid-rows-[auto_auto] [.border-b]:pb-4 group-data-[size=sm]/card:[.border-b]:pb-3",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -34,13 +34,7 @@ function CardHeader({ className, ...props }: React.ComponentProps<"div">) {
 }
 
 function CardTitle({ className, ...props }: React.ComponentProps<"div">) {
-  return (
+	return <div data-slot="card-title" className={cn("text-sm font-medium", className)} {...props} />
-    <div
-      data-slot="card-title"
-      className={cn("text-sm font-medium", className)}
-      {...props}
-    />
-  )
 }
 
 function CardDescription({ className, ...props }: React.ComponentProps<"div">) {
@@ -57,10 +51,7 @@ function CardAction({ className, ...props }: React.ComponentProps<"div">) {
 	return (
 		<div
 			data-slot="card-action"
-      className={cn(
+			className={cn("col-start-2 row-span-2 row-start-1 self-start justify-self-end", className)}
-        "col-start-2 row-span-2 row-start-1 self-start justify-self-end",
-        className
-      )}
 			{...props}
 		/>
 	)
@@ -82,19 +73,11 @@ function CardFooter({ className, ...props }: React.ComponentProps<"div">) {
 			data-slot="card-footer"
 			className={cn(
 				"flex items-center rounded-b-lg px-4 group-data-[size=sm]/card:px-3 [.border-t]:pt-4 group-data-[size=sm]/card:[.border-t]:pt-3",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-export {
+export { Card, CardHeader, CardFooter, CardTitle, CardAction, CardDescription, CardContent }
-  Card,
-  CardHeader,
-  CardFooter,
-  CardTitle,
-  CardAction,
-  CardDescription,
-  CardContent,
-}

apps/admin-dashboard/src/components/ui/collapsible.tsx

@@ -2,32 +2,20 @@
 
 import { Collapsible as CollapsiblePrimitive } from "radix-ui"
 
-function Collapsible({
+function Collapsible({ ...props }: React.ComponentProps<typeof CollapsiblePrimitive.Root>) {
-  ...props
-}: React.ComponentProps<typeof CollapsiblePrimitive.Root>) {
 	return <CollapsiblePrimitive.Root data-slot="collapsible" {...props} />
 }
 
 function CollapsibleTrigger({
 	...props
 }: React.ComponentProps<typeof CollapsiblePrimitive.CollapsibleTrigger>) {
-  return (
+	return <CollapsiblePrimitive.CollapsibleTrigger data-slot="collapsible-trigger" {...props} />
-    <CollapsiblePrimitive.CollapsibleTrigger
-      data-slot="collapsible-trigger"
-      {...props}
-    />
-  )
 }
 
 function CollapsibleContent({
 	...props
 }: React.ComponentProps<typeof CollapsiblePrimitive.CollapsibleContent>) {
-  return (
+	return <CollapsiblePrimitive.CollapsibleContent data-slot="collapsible-content" {...props} />
-    <CollapsiblePrimitive.CollapsibleContent
-      data-slot="collapsible-content"
-      {...props}
-    />
-  )
 }
 
 export { Collapsible, CollapsibleTrigger, CollapsibleContent }

apps/admin-dashboard/src/components/ui/input.tsx

@@ -9,7 +9,7 @@ function Input({ className, type, ...props }: React.ComponentProps<"input">) {
 			data-slot="input"
 			className={cn(
 				"h-7 w-full min-w-0 rounded-md border border-input bg-input/20 px-2 py-0.5 text-sm transition-colors outline-none file:inline-flex file:h-6 file:border-0 file:bg-transparent file:text-xs/relaxed file:font-medium file:text-foreground placeholder:text-muted-foreground focus-visible:border-ring focus-visible:ring-2 focus-visible:ring-ring/30 disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 aria-invalid:border-destructive aria-invalid:ring-2 aria-invalid:ring-destructive/20 md:text-xs/relaxed dark:bg-input/30 dark:aria-invalid:border-destructive/50 dark:aria-invalid:ring-destructive/40",
-        className
+				className,
 			)}
 			{...props}
 		/>

apps/admin-dashboard/src/components/ui/label.tsx

@@ -1,18 +1,15 @@
-import * as React from "react"
 import { Label as LabelPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
-function Label({
+function Label({ className, ...props }: React.ComponentProps<typeof LabelPrimitive.Root>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof LabelPrimitive.Root>) {
 	return (
 		<LabelPrimitive.Root
 			data-slot="label"
 			className={cn(
 				"flex items-center gap-2 text-xs/relaxed leading-none font-medium select-none group-data-[disabled=true]:pointer-events-none group-data-[disabled=true]:opacity-50 peer-disabled:cursor-not-allowed peer-disabled:opacity-50",
-        className
+				className,
 			)}
 			{...props}
 		/>

apps/admin-dashboard/src/components/ui/select.tsx

@@ -1,19 +1,14 @@
-import * as React from "react"
+import { ChevronDownIcon, CheckIcon, ChevronUpIcon } from "lucide-react"
 import { Select as SelectPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
-import { ChevronDownIcon, CheckIcon, ChevronUpIcon } from "lucide-react"
 
-function Select({
+function Select({ ...props }: React.ComponentProps<typeof SelectPrimitive.Root>) {
-  ...props
-}: React.ComponentProps<typeof SelectPrimitive.Root>) {
 	return <SelectPrimitive.Root data-slot="select" {...props} />
 }
 
-function SelectGroup({
+function SelectGroup({ className, ...props }: React.ComponentProps<typeof SelectPrimitive.Group>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof SelectPrimitive.Group>) {
 	return (
 		<SelectPrimitive.Group
 			data-slot="select-group"
@@ -23,9 +18,7 @@ function SelectGroup({
 	)
 }
 
-function SelectValue({
+function SelectValue({ ...props }: React.ComponentProps<typeof SelectPrimitive.Value>) {
-  ...props
-}: React.ComponentProps<typeof SelectPrimitive.Value>) {
 	return <SelectPrimitive.Value data-slot="select-value" {...props} />
 }
 
@@ -43,7 +36,7 @@ function SelectTrigger({
 			data-size={size}
 			className={cn(
 				"flex w-fit items-center justify-between gap-1.5 rounded-md border border-input bg-input/20 px-2 py-1.5 text-xs/relaxed whitespace-nowrap transition-colors outline-none focus-visible:border-ring focus-visible:ring-2 focus-visible:ring-ring/30 disabled:cursor-not-allowed disabled:opacity-50 aria-invalid:border-destructive aria-invalid:ring-2 aria-invalid:ring-destructive/20 data-placeholder:text-muted-foreground data-[size=default]:h-7 data-[size=sm]:h-6 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-1.5 dark:bg-input/30 dark:hover:bg-input/50 dark:aria-invalid:border-destructive/50 dark:aria-invalid:ring-destructive/40 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-3.5",
-        className
+				className,
 			)}
 			{...props}
 		>
@@ -67,7 +60,12 @@ function SelectContent({
 			<SelectPrimitive.Content
 				data-slot="select-content"
 				data-align-trigger={position === "item-aligned"}
-        className={cn("relative z-50 max-h-(--radix-select-content-available-height) min-w-32 origin-(--radix-select-content-transform-origin) overflow-x-hidden overflow-y-auto rounded-lg bg-popover text-popover-foreground shadow-md ring-1 ring-foreground/10 duration-100 data-[align-trigger=true]:animate-none data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 data-open:animate-in data-open:fade-in-0 data-open:zoom-in-95 data-closed:animate-out data-closed:fade-out-0 data-closed:zoom-out-95", position ==="popper"&&"data-[side=bottom]:translate-y-1 data-[side=left]:-translate-x-1 data-[side=right]:translate-x-1 data-[side=top]:-translate-y-1", className )}
+				className={cn(
+					"relative z-50 max-h-(--radix-select-content-available-height) min-w-32 origin-(--radix-select-content-transform-origin) overflow-x-hidden overflow-y-auto rounded-lg bg-popover text-popover-foreground shadow-md ring-1 ring-foreground/10 duration-100 data-[align-trigger=true]:animate-none data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 data-open:animate-in data-open:fade-in-0 data-open:zoom-in-95 data-closed:animate-out data-closed:fade-out-0 data-closed:zoom-out-95",
+					position === "popper" &&
+						"data-[side=bottom]:translate-y-1 data-[side=left]:-translate-x-1 data-[side=right]:translate-x-1 data-[side=top]:-translate-y-1",
+					className,
+				)}
 				position={position}
 				align={align}
 				{...props}
@@ -77,7 +75,7 @@ function SelectContent({
 					data-position={position}
 					className={cn(
 						"data-[position=popper]:h-(--radix-select-trigger-height) data-[position=popper]:w-full data-[position=popper]:min-w-(--radix-select-trigger-width)",
-            position === "popper" && ""
+						position === "popper" && "",
 					)}
 				>
 					{children}
@@ -88,10 +86,7 @@ function SelectContent({
 	)
 }
 
-function SelectLabel({
+function SelectLabel({ className, ...props }: React.ComponentProps<typeof SelectPrimitive.Label>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof SelectPrimitive.Label>) {
 	return (
 		<SelectPrimitive.Label
 			data-slot="select-label"
@@ -111,7 +106,7 @@ function SelectItem({
 			data-slot="select-item"
 			className={cn(
 				"relative flex min-h-7 w-full cursor-default items-center gap-2 rounded-md px-2 py-1 text-xs/relaxed outline-hidden select-none focus:bg-accent focus:text-accent-foreground not-data-[variant=destructive]:focus:**:text-accent-foreground data-disabled:pointer-events-none data-disabled:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-3.5 *:[span]:last:flex *:[span]:last:items-center *:[span]:last:gap-2",
-        className
+				className,
 			)}
 			{...props}
 		>
@@ -132,10 +127,7 @@ function SelectSeparator({
 	return (
 		<SelectPrimitive.Separator
 			data-slot="select-separator"
-      className={cn(
+			className={cn("pointer-events-none -mx-1 my-1 h-px bg-border/50", className)}
-        "pointer-events-none -mx-1 my-1 h-px bg-border/50",
-        className
-      )}
 			{...props}
 		/>
 	)
@@ -150,12 +142,11 @@ function SelectScrollUpButton({
 			data-slot="select-scroll-up-button"
 			className={cn(
 				"z-10 flex cursor-default items-center justify-center bg-popover py-1 [&_svg:not([class*='size-'])]:size-3.5",
-        className
+				className,
 			)}
 			{...props}
 		>
-      <ChevronUpIcon
+			<ChevronUpIcon />
-      />
 		</SelectPrimitive.ScrollUpButton>
 	)
 }
@@ -169,12 +160,11 @@ function SelectScrollDownButton({
 			data-slot="select-scroll-down-button"
 			className={cn(
 				"z-10 flex cursor-default items-center justify-center bg-popover py-1 [&_svg:not([class*='size-'])]:size-3.5",
-        className
+				className,
 			)}
 			{...props}
 		>
-      <ChevronDownIcon
+			<ChevronDownIcon />
-      />
 		</SelectPrimitive.ScrollDownButton>
 	)
 }

apps/admin-dashboard/src/components/ui/separator.tsx

@@ -1,5 +1,5 @@
-import * as React from "react"
 import { Separator as SeparatorPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -16,7 +16,7 @@ function Separator({
 			orientation={orientation}
 			className={cn(
 				"shrink-0 bg-border data-horizontal:h-px data-horizontal:w-full data-vertical:w-px data-vertical:self-stretch",
-        className
+				className,
 			)}
 			{...props}
 		/>

apps/admin-dashboard/src/components/ui/sheet.tsx

@@ -1,29 +1,23 @@
-import * as React from "react"
-import { Dialog as SheetPrimitive } from "radix-ui"
-
-import { cn } from "@/lib/utils"
-import { Button } from "@/components/ui/button"
 import { XIcon } from "lucide-react"
+import { Dialog as SheetPrimitive } from "radix-ui"
+import * as React from "react"
+
+import { Button } from "@/components/ui/button"
+import { cn } from "@/lib/utils"
 
 function Sheet({ ...props }: React.ComponentProps<typeof SheetPrimitive.Root>) {
 	return <SheetPrimitive.Root data-slot="sheet" {...props} />
 }
 
-function SheetTrigger({
+function SheetTrigger({ ...props }: React.ComponentProps<typeof SheetPrimitive.Trigger>) {
-  ...props
-}: React.ComponentProps<typeof SheetPrimitive.Trigger>) {
 	return <SheetPrimitive.Trigger data-slot="sheet-trigger" {...props} />
 }
 
-function SheetClose({
+function SheetClose({ ...props }: React.ComponentProps<typeof SheetPrimitive.Close>) {
-  ...props
-}: React.ComponentProps<typeof SheetPrimitive.Close>) {
 	return <SheetPrimitive.Close data-slot="sheet-close" {...props} />
 }
 
-function SheetPortal({
+function SheetPortal({ ...props }: React.ComponentProps<typeof SheetPrimitive.Portal>) {
-  ...props
-}: React.ComponentProps<typeof SheetPrimitive.Portal>) {
 	return <SheetPrimitive.Portal data-slot="sheet-portal" {...props} />
 }
 
@@ -36,7 +30,7 @@ function SheetOverlay({
 			data-slot="sheet-overlay"
 			className={cn(
 				"fixed inset-0 z-50 bg-black/80 duration-100 supports-backdrop-filter:backdrop-blur-xs data-open:animate-in data-open:fade-in-0 data-closed:animate-out data-closed:fade-out-0",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -61,20 +55,15 @@ function SheetContent({
 				data-side={side}
 				className={cn(
 					"fixed z-50 flex flex-col bg-background bg-clip-padding text-xs/relaxed shadow-lg transition duration-200 ease-in-out data-[side=bottom]:inset-x-0 data-[side=bottom]:bottom-0 data-[side=bottom]:h-auto data-[side=bottom]:border-t data-[side=left]:inset-y-0 data-[side=left]:left-0 data-[side=left]:h-full data-[side=left]:w-3/4 data-[side=left]:border-r data-[side=right]:inset-y-0 data-[side=right]:right-0 data-[side=right]:h-full data-[side=right]:w-3/4 data-[side=right]:border-l data-[side=top]:inset-x-0 data-[side=top]:top-0 data-[side=top]:h-auto data-[side=top]:border-b data-[side=left]:sm:max-w-sm data-[side=right]:sm:max-w-sm data-open:animate-in data-open:fade-in-0 data-[side=bottom]:data-open:slide-in-from-bottom-10 data-[side=left]:data-open:slide-in-from-left-10 data-[side=right]:data-open:slide-in-from-right-10 data-[side=top]:data-open:slide-in-from-top-10 data-closed:animate-out data-closed:fade-out-0 data-[side=bottom]:data-closed:slide-out-to-bottom-10 data-[side=left]:data-closed:slide-out-to-left-10 data-[side=right]:data-closed:slide-out-to-right-10 data-[side=top]:data-closed:slide-out-to-top-10",
-          className
+					className,
 				)}
 				{...props}
 			>
 				{children}
 				{showCloseButton && (
 					<SheetPrimitive.Close data-slot="sheet-close" asChild>
-            <Button
+						<Button variant="ghost" className="absolute top-4 right-4" size="icon-sm">
-              variant="ghost"
+							<XIcon />
-              className="absolute top-4 right-4"
-              size="icon-sm"
-            >
-              <XIcon
-              />
 							<span className="sr-only">Close</span>
 						</Button>
 					</SheetPrimitive.Close>
@@ -104,10 +93,7 @@ function SheetFooter({ className, ...props }: React.ComponentProps<"div">) {
 	)
 }
 
-function SheetTitle({
+function SheetTitle({ className, ...props }: React.ComponentProps<typeof SheetPrimitive.Title>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof SheetPrimitive.Title>) {
 	return (
 		<SheetPrimitive.Title
 			data-slot="sheet-title"

apps/admin-dashboard/src/components/ui/sidebar.tsx

@@ -1,11 +1,10 @@
 "use client"
 
-import * as React from "react"
 import { cva, type VariantProps } from "class-variance-authority"
+import { PanelLeftIcon } from "lucide-react"
 import { Slot } from "radix-ui"
+import * as React from "react"
 
-import { useIsMobile } from "@/hooks/use-mobile"
-import { cn } from "@/lib/utils"
 import { Button } from "@/components/ui/button"
 import { Input } from "@/components/ui/input"
 import { Separator } from "@/components/ui/separator"
@@ -17,12 +16,9 @@ import {
 	SheetTitle,
 } from "@/components/ui/sheet"
 import { Skeleton } from "@/components/ui/skeleton"
-import {
+import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
-  Tooltip,
+import { useIsMobile } from "@/hooks/use-mobile"
-  TooltipContent,
+import { cn } from "@/lib/utils"
-  TooltipTrigger,
-} from "@/components/ui/tooltip"
-import { PanelLeftIcon } from "lucide-react"
 
 const SIDEBAR_COOKIE_NAME = "sidebar_state"
 const SIDEBAR_COOKIE_MAX_AGE = 60 * 60 * 24 * 7
@@ -84,7 +80,7 @@ function SidebarProvider({
 			// This sets the cookie to keep the sidebar state.
 			document.cookie = `${SIDEBAR_COOKIE_NAME}=${openState}; path=/; max-age=${SIDEBAR_COOKIE_MAX_AGE}`
 		},
-    [setOpenProp, open]
+		[setOpenProp, open],
 	)
 
 	// Helper to toggle the sidebar.
@@ -95,10 +91,7 @@ function SidebarProvider({
 	// Adds a keyboard shortcut to toggle the sidebar.
 	React.useEffect(() => {
 		const handleKeyDown = (event: KeyboardEvent) => {
-      if (
+			if (event.key === SIDEBAR_KEYBOARD_SHORTCUT && (event.metaKey || event.ctrlKey)) {
-        event.key === SIDEBAR_KEYBOARD_SHORTCUT &&
-        (event.metaKey || event.ctrlKey)
-      ) {
 				event.preventDefault()
 				toggleSidebar()
 			}
@@ -122,7 +115,7 @@ function SidebarProvider({
 			setOpenMobile,
 			toggleSidebar,
 		}),
-    [state, open, setOpen, isMobile, openMobile, setOpenMobile, toggleSidebar]
+		[state, open, setOpen, isMobile, openMobile, setOpenMobile, toggleSidebar],
 	)
 
 	return (
@@ -138,7 +131,7 @@ function SidebarProvider({
 				}
 				className={cn(
 					"group/sidebar-wrapper flex min-h-svh w-full has-data-[variant=inset]:bg-sidebar",
-          className
+					className,
 				)}
 				{...props}
 			>
@@ -169,7 +162,7 @@ function Sidebar({
 				data-slot="sidebar"
 				className={cn(
 					"flex h-full w-(--sidebar-width) flex-col bg-sidebar text-sidebar-foreground",
-          className
+					className,
 				)}
 				{...props}
 			>
@@ -222,7 +215,7 @@ function Sidebar({
 					"group-data-[side=right]:rotate-180",
 					variant === "floating" || variant === "inset"
 						? "group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)+(--spacing(4)))]"
-            : "group-data-[collapsible=icon]:w-(--sidebar-width-icon)"
+						: "group-data-[collapsible=icon]:w-(--sidebar-width-icon)",
 				)}
 			/>
 			<div
@@ -234,7 +227,7 @@ function Sidebar({
 					variant === "floating" || variant === "inset"
 						? "p-2 group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)+(--spacing(4))+2px)]"
 						: "group-data-[collapsible=icon]:w-(--sidebar-width-icon) group-data-[side=left]:border-r group-data-[side=right]:border-l",
-          className
+					className,
 				)}
 				{...props}
 			>
@@ -250,11 +243,7 @@ function Sidebar({
 	)
 }
 
-function SidebarTrigger({
+function SidebarTrigger({ className, onClick, ...props }: React.ComponentProps<typeof Button>) {
-  className,
-  onClick,
-  ...props
-}: React.ComponentProps<typeof Button>) {
 	const { toggleSidebar } = useSidebar()
 
 	return (
@@ -294,7 +283,7 @@ function SidebarRail({ className, ...props }: React.ComponentProps<"button">) {
 				"group-data-[collapsible=offcanvas]:translate-x-0 group-data-[collapsible=offcanvas]:after:left-full hover:group-data-[collapsible=offcanvas]:bg-sidebar",
 				"[[data-side=left][data-collapsible=offcanvas]_&]:-right-2",
 				"[[data-side=right][data-collapsible=offcanvas]_&]:-left-2",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -307,25 +296,19 @@ function SidebarInset({ className, ...props }: React.ComponentProps<"main">) {
 			data-slot="sidebar-inset"
 			className={cn(
 				"relative flex w-full flex-1 flex-col bg-background md:peer-data-[variant=inset]:m-2 md:peer-data-[variant=inset]:ml-0 md:peer-data-[variant=inset]:rounded-xl md:peer-data-[variant=inset]:shadow-sm md:peer-data-[variant=inset]:peer-data-[state=collapsed]:ml-2",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-function SidebarInput({
+function SidebarInput({ className, ...props }: React.ComponentProps<typeof Input>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof Input>) {
 	return (
 		<Input
 			data-slot="sidebar-input"
 			data-sidebar="input"
-      className={cn(
+			className={cn("h-8 w-full border-input bg-muted/20 dark:bg-muted/30", className)}
-        "h-8 w-full border-input bg-muted/20 dark:bg-muted/30",
-        className
-      )}
 			{...props}
 		/>
 	)
@@ -353,10 +336,7 @@ function SidebarFooter({ className, ...props }: React.ComponentProps<"div">) {
 	)
 }
 
-function SidebarSeparator({
+function SidebarSeparator({ className, ...props }: React.ComponentProps<typeof Separator>) {
-  className,
-  ...props
-}: React.ComponentProps<typeof Separator>) {
 	return (
 		<Separator
 			data-slot="sidebar-separator"
@@ -374,7 +354,7 @@ function SidebarContent({ className, ...props }: React.ComponentProps<"div">) {
 			data-sidebar="content"
 			className={cn(
 				"no-scrollbar flex min-h-0 flex-1 flex-col gap-0 overflow-auto group-data-[collapsible=icon]:overflow-hidden",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -386,10 +366,7 @@ function SidebarGroup({ className, ...props }: React.ComponentProps<"div">) {
 		<div
 			data-slot="sidebar-group"
 			data-sidebar="group"
-      className={cn(
+			className={cn("relative flex w-full min-w-0 flex-col px-2 py-1", className)}
-        "relative flex w-full min-w-0 flex-col px-2 py-1",
-        className
-      )}
 			{...props}
 		/>
 	)
@@ -408,7 +385,7 @@ function SidebarGroupLabel({
 			data-sidebar="group-label"
 			className={cn(
 				"flex h-8 shrink-0 items-center rounded-md px-2 text-xs text-sidebar-foreground/70 ring-sidebar-ring outline-hidden transition-[margin,opacity] duration-200 ease-linear group-data-[collapsible=icon]:-mt-8 group-data-[collapsible=icon]:opacity-0 focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -428,17 +405,14 @@ function SidebarGroupAction({
 			data-sidebar="group-action"
 			className={cn(
 				"absolute top-3.5 right-3 flex aspect-square w-5 items-center justify-center rounded-md p-0 text-sidebar-foreground ring-sidebar-ring outline-hidden transition-transform group-data-[collapsible=icon]:hidden after:absolute after:-inset-2 hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 md:after:hidden [&>svg]:size-4 [&>svg]:shrink-0",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-function SidebarGroupContent({
+function SidebarGroupContent({ className, ...props }: React.ComponentProps<"div">) {
-  className,
-  ...props
-}: React.ComponentProps<"div">) {
 	return (
 		<div
 			data-slot="sidebar-group-content"
@@ -490,7 +464,7 @@ const sidebarMenuButtonVariants = cva(
 			variant: "default",
 			size: "default",
 		},
-  }
+	},
 )
 
 function SidebarMenuButton({
@@ -562,24 +536,21 @@ function SidebarMenuAction({
 				"absolute top-1.5 right-1 flex aspect-square w-5 items-center justify-center rounded-[calc(var(--radius-sm)-2px)] p-0 text-sidebar-foreground ring-sidebar-ring outline-hidden transition-transform group-data-[collapsible=icon]:hidden peer-hover/menu-button:text-sidebar-accent-foreground peer-data-[size=default]/menu-button:top-1.5 peer-data-[size=lg]/menu-button:top-2.5 peer-data-[size=sm]/menu-button:top-1 after:absolute after:-inset-2 hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 md:after:hidden [&>svg]:size-4 [&>svg]:shrink-0",
 				showOnHover &&
 					"group-focus-within/menu-item:opacity-100 group-hover/menu-item:opacity-100 peer-data-active/menu-button:text-sidebar-accent-foreground aria-expanded:opacity-100 md:opacity-0",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-function SidebarMenuBadge({
+function SidebarMenuBadge({ className, ...props }: React.ComponentProps<"div">) {
-  className,
-  ...props
-}: React.ComponentProps<"div">) {
 	return (
 		<div
 			data-slot="sidebar-menu-badge"
 			data-sidebar="menu-badge"
 			className={cn(
 				"pointer-events-none absolute right-1 flex h-5 min-w-5 items-center justify-center rounded-[calc(var(--radius-sm)-2px)] px-1 text-xs font-medium text-sidebar-foreground tabular-nums select-none group-data-[collapsible=icon]:hidden peer-hover/menu-button:text-sidebar-accent-foreground peer-data-[size=default]/menu-button:top-1.5 peer-data-[size=lg]/menu-button:top-2.5 peer-data-[size=sm]/menu-button:top-1 peer-data-active/menu-button:text-sidebar-accent-foreground",
-        className
+				className,
 			)}
 			{...props}
 		/>
@@ -605,12 +576,7 @@ function SidebarMenuSkeleton({
 			className={cn("flex h-8 items-center gap-2 rounded-md px-2", className)}
 			{...props}
 		>
-      {showIcon && (
+			{showIcon && <Skeleton className="size-4 rounded-md" data-sidebar="menu-skeleton-icon" />}
-        <Skeleton
-          className="size-4 rounded-md"
-          data-sidebar="menu-skeleton-icon"
-        />
-      )}
 			<Skeleton
 				className="h-4 max-w-(--skeleton-width) flex-1"
 				data-sidebar="menu-skeleton-text"
@@ -631,17 +597,14 @@ function SidebarMenuSub({ className, ...props }: React.ComponentProps<"ul">) {
 			data-sidebar="menu-sub"
 			className={cn(
 				"mx-3.5 flex min-w-0 translate-x-px flex-col gap-1 border-l border-sidebar-border px-2.5 py-0.5 group-data-[collapsible=icon]:hidden",
-        className
+				className,
 			)}
 			{...props}
 		/>
 	)
 }
 
-function SidebarMenuSubItem({
+function SidebarMenuSubItem({ className, ...props }: React.ComponentProps<"li">) {
-  className,
-  ...props
-}: React.ComponentProps<"li">) {
 	return (
 		<li
 			data-slot="sidebar-menu-sub-item"
@@ -673,7 +636,7 @@ function SidebarMenuSubButton({
 			data-active={isActive}
 			className={cn(
 				"flex h-7 min-w-0 -translate-x-px items-center gap-2 overflow-hidden rounded-md px-2 text-sidebar-foreground ring-sidebar-ring outline-hidden group-data-[collapsible=icon]:hidden hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 aria-disabled:pointer-events-none aria-disabled:opacity-50 data-[size=md]:text-xs data-[size=sm]:text-xs data-active:bg-sidebar-accent data-active:text-sidebar-accent-foreground [&>span:last-child]:truncate [&>svg]:size-4 [&>svg]:shrink-0 [&>svg]:text-sidebar-accent-foreground",
-        className
+				className,
 			)}
 			{...props}
 		/>

apps/admin-dashboard/src/components/ui/sonner.tsx

@@ -1,8 +1,15 @@
 "use client"
 
-import { useTheme } from "@/components/theme-provider"
+import {
+	CircleCheckIcon,
+	InfoIcon,
+	TriangleAlertIcon,
+	OctagonXIcon,
+	Loader2Icon,
+} from "lucide-react"
 import { Toaster as Sonner, type ToasterProps } from "sonner"
-import { CircleCheckIcon, InfoIcon, TriangleAlertIcon, OctagonXIcon, Loader2Icon } from "lucide-react"
+
+import { useTheme } from "@/components/theme-provider"
 
 const Toaster = ({ ...props }: ToasterProps) => {
 	const { theme = "system" } = useTheme()
@@ -12,21 +19,11 @@ const Toaster = ({ ...props }: ToasterProps) => {
 			theme={theme as ToasterProps["theme"]}
 			className="toaster group"
 			icons={{
-        success: (
+				success: <CircleCheckIcon className="size-4" />,
-          <CircleCheckIcon className="size-4" />
+				info: <InfoIcon className="size-4" />,
-        ),
+				warning: <TriangleAlertIcon className="size-4" />,
-        info: (
+				error: <OctagonXIcon className="size-4" />,
-          <InfoIcon className="size-4" />
+				loading: <Loader2Icon className="size-4 animate-spin" />,
-        ),
-        warning: (
-          <TriangleAlertIcon className="size-4" />
-        ),
-        error: (
-          <OctagonXIcon className="size-4" />
-        ),
-        loading: (
-          <Loader2Icon className="size-4 animate-spin" />
-        ),
 			}}
 			style={
 				{

apps/admin-dashboard/src/components/ui/switch.tsx

@@ -1,7 +1,7 @@
 "use client"
 
-import * as React from "react"
 import { Switch as SwitchPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -18,7 +18,7 @@ function Switch({
 			data-size={size}
 			className={cn(
 				"peer group/switch relative inline-flex shrink-0 items-center rounded-full border border-transparent transition-all outline-none after:absolute after:-inset-x-3 after:-inset-y-2 focus-visible:border-ring focus-visible:ring-2 focus-visible:ring-ring/30 aria-invalid:border-destructive aria-invalid:ring-2 aria-invalid:ring-destructive/20 data-[size=default]:h-[16.6px] data-[size=default]:w-[28px] data-[size=sm]:h-[14px] data-[size=sm]:w-[24px] dark:aria-invalid:border-destructive/50 dark:aria-invalid:ring-destructive/40 data-checked:bg-primary data-unchecked:bg-input dark:data-unchecked:bg-input/80 data-disabled:cursor-not-allowed data-disabled:opacity-50",
-        className
+				className,
 			)}
 			{...props}
 		>

apps/admin-dashboard/src/components/ui/tooltip.tsx

@@ -1,7 +1,7 @@
 "use client"
 
-import * as React from "react"
 import { Tooltip as TooltipPrimitive } from "radix-ui"
+import * as React from "react"
 
 import { cn } from "@/lib/utils"
 
@@ -18,15 +18,11 @@ function TooltipProvider({
 	)
 }
 
-function Tooltip({
+function Tooltip({ ...props }: React.ComponentProps<typeof TooltipPrimitive.Root>) {
-  ...props
-}: React.ComponentProps<typeof TooltipPrimitive.Root>) {
 	return <TooltipPrimitive.Root data-slot="tooltip" {...props} />
 }
 
-function TooltipTrigger({
+function TooltipTrigger({ ...props }: React.ComponentProps<typeof TooltipPrimitive.Trigger>) {
-  ...props
-}: React.ComponentProps<typeof TooltipPrimitive.Trigger>) {
 	return <TooltipPrimitive.Trigger data-slot="tooltip-trigger" {...props} />
 }
 
@@ -43,7 +39,7 @@ function TooltipContent({
 				sideOffset={sideOffset}
 				className={cn(
 					"z-50 inline-flex w-fit max-w-xs origin-(--radix-tooltip-content-transform-origin) items-center gap-1.5 rounded-md bg-foreground px-3 py-1.5 text-xs text-background has-data-[slot=kbd]:pr-1.5 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 **:data-[slot=kbd]:relative **:data-[slot=kbd]:isolate **:data-[slot=kbd]:z-50 **:data-[slot=kbd]:rounded-sm data-[state=delayed-open]:animate-in data-[state=delayed-open]:fade-in-0 data-[state=delayed-open]:zoom-in-95 data-open:animate-in data-open:fade-in-0 data-open:zoom-in-95 data-closed:animate-out data-closed:fade-out-0 data-closed:zoom-out-95",
-          className
+					className,
 				)}
 				{...props}
 			>

apps/admin-dashboard/src/index.css

@@ -75,7 +75,7 @@
 }
 
 @theme inline {
-    --font-sans: 'Inter Variable', sans-serif;
+	--font-sans: "Inter Variable", sans-serif;
 	--color-sidebar-ring: var(--sidebar-ring);
 	--color-sidebar-border: var(--sidebar-border);
 	--color-sidebar-accent-foreground: var(--sidebar-accent-foreground);

apps/admin-dashboard/src/lib/api.ts

@@ -9,12 +9,12 @@ function serverBase() {
 }
 
 export interface ConfigFieldDef {
-  type: "string" | "number" | "select"
+	type: "string" | "number" | "select" | "multiselect"
 	label: string
 	required?: boolean
 	description?: string
 	secret?: boolean
-  defaultValue?: string | number
+	defaultValue?: string | number | string[]
 	options?: { label: string; value: string }[]
 }
 
@@ -23,6 +23,8 @@ export interface SourceDefinition {
 	name: string
 	description: string
 	alwaysEnabled?: boolean
+	/** When true, secret fields are stored as per-user credentials via /api/sources/:id/credentials. */
+	perUserCredentials?: boolean
 	fields: Record<string, ConfigFieldDef>
 }
 
@@ -34,25 +36,132 @@ export interface SourceConfig {
 
 const sourceDefinitions: SourceDefinition[] = [
 	{
-    id: "aelis.location",
+		id: "freya.location",
 		name: "Location",
 		description: "Device location provider. Always enabled as a dependency for other sources.",
 		alwaysEnabled: true,
 		fields: {},
 	},
 	{
-    id: "aelis.weather",
+		id: "freya.weather",
 		name: "WeatherKit",
 		description: "Apple WeatherKit weather data. Requires Apple Developer credentials.",
 		fields: {
-      privateKey: { type: "string", label: "Private Key", required: true, secret: true, description: "Apple WeatherKit private key (PEM format)" },
+			privateKey: {
+				type: "string",
+				label: "Private Key",
+				required: true,
+				secret: true,
+				description: "Apple WeatherKit private key (PEM format)",
+			},
 			keyId: { type: "string", label: "Key ID", required: true, secret: true },
 			teamId: { type: "string", label: "Team ID", required: true, secret: true },
 			serviceId: { type: "string", label: "Service ID", required: true, secret: true },
-      units: { type: "select", label: "Units", options: [{ label: "Metric", value: "metric" }, { label: "Imperial", value: "imperial" }], defaultValue: "metric" },
+			units: {
-      hourlyLimit: { type: "number", label: "Hourly Forecast Limit", defaultValue: 12, description: "Number of hourly forecasts to include" },
+				type: "select",
-      dailyLimit: { type: "number", label: "Daily Forecast Limit", defaultValue: 7, description: "Number of daily forecasts to include" },
+				label: "Units",
+				options: [
+					{ label: "Metric", value: "metric" },
+					{ label: "Imperial", value: "imperial" },
+				],
+				defaultValue: "metric",
 			},
+			hourlyLimit: {
+				type: "number",
+				label: "Hourly Forecast Limit",
+				defaultValue: 12,
+				description: "Number of hourly forecasts to include",
+			},
+			dailyLimit: {
+				type: "number",
+				label: "Daily Forecast Limit",
+				defaultValue: 7,
+				description: "Number of daily forecasts to include",
+			},
+		},
+	},
+	{
+		id: "freya.caldav",
+		name: "CalDAV",
+		description: "Calendar events from any CalDAV server (Nextcloud, Radicale, Baikal, etc.).",
+		perUserCredentials: true,
+		fields: {
+			serverUrl: {
+				type: "string",
+				label: "Server URL",
+				required: true,
+				secret: false,
+				description: "CalDAV server URL (e.g. https://nextcloud.example.com/remote.php/dav)",
+			},
+			username: {
+				type: "string",
+				label: "Username",
+				required: true,
+				secret: false,
+			},
+			password: {
+				type: "string",
+				label: "Password",
+				required: true,
+				secret: true,
+			},
+			lookAheadDays: {
+				type: "number",
+				label: "Look-ahead Days",
+				defaultValue: 0,
+				description: "Number of additional days beyond today to fetch events for",
+			},
+			timeZone: {
+				type: "string",
+				label: "Timezone",
+				description: 'IANA timezone for determining "today" (e.g. Europe/London). Defaults to UTC.',
+			},
+		},
+	},
+	{
+		id: "freya.tfl",
+		name: "TfL",
+		description: "Transport for London tube line status alerts.",
+		fields: {
+			lines: {
+				type: "multiselect",
+				label: "Lines",
+				description: "Lines to monitor. Leave empty for all lines.",
+				defaultValue: [],
+				options: [
+					{ label: "Bakerloo", value: "bakerloo" },
+					{ label: "Central", value: "central" },
+					{ label: "Circle", value: "circle" },
+					{ label: "District", value: "district" },
+					{ label: "Hammersmith & City", value: "hammersmith-city" },
+					{ label: "Jubilee", value: "jubilee" },
+					{ label: "Metropolitan", value: "metropolitan" },
+					{ label: "Northern", value: "northern" },
+					{ label: "Piccadilly", value: "piccadilly" },
+					{ label: "Victoria", value: "victoria" },
+					{ label: "Waterloo & City", value: "waterloo-city" },
+					{ label: "Lioness", value: "lioness" },
+					{ label: "Mildmay", value: "mildmay" },
+					{ label: "Windrush", value: "windrush" },
+					{ label: "Weaver", value: "weaver" },
+					{ label: "Suffragette", value: "suffragette" },
+					{ label: "Liberty", value: "liberty" },
+					{ label: "Elizabeth", value: "elizabeth" },
+				],
+			},
+		},
+	},
+	{
+		id: "freya.web-search",
+		name: "Web Search",
+		description: "Exa web search action. Requires EXA_API_KEY on the backend.",
+		fields: {},
+	},
+	{
+		id: "freya.google-maps",
+		name: "Google Maps",
+		description: "Google Maps Grounding Lite MCP tools for places, weather, routes, and Place IDs.",
+		fields: {},
 	},
 ]
 
@@ -60,9 +169,7 @@ export function fetchSources(): Promise<SourceDefinition[]> {
 	return Promise.resolve(sourceDefinitions)
 }
 
-export async function fetchSourceConfig(
+export async function fetchSourceConfig(sourceId: string): Promise<SourceConfig | null> {
-  sourceId: string,
-): Promise<SourceConfig | null> {
 	const res = await fetch(`${serverBase()}/sources/${sourceId}`, {
 		credentials: "include",
 	})
@@ -73,15 +180,13 @@ export async function fetchSourceConfig(
 }
 
 export async function fetchConfigs(): Promise<SourceConfig[]> {
-  const results = await Promise.all(
+	const results = await Promise.all(sourceDefinitions.map((s) => fetchSourceConfig(s.id)))
-    sourceDefinitions.map((s) => fetchSourceConfig(s.id)),
-  )
 	return results.filter((c): c is SourceConfig => c !== null)
 }
 
 export async function replaceSource(
 	sourceId: string,
-  body: { enabled: boolean; config: unknown },
+	body: { enabled: boolean; config?: unknown; credentials?: Record<string, unknown> },
 ): Promise<void> {
 	const res = await fetch(`${serverBase()}/sources/${sourceId}`, {
 		method: "PUT",
@@ -111,6 +216,22 @@ export async function updateProviderConfig(
 	}
 }
 
+export async function updateSourceCredentials(
+	sourceId: string,
+	credentials: Record<string, unknown>,
+): Promise<void> {
+	const res = await fetch(`${serverBase()}/sources/${sourceId}/credentials`, {
+		method: "PUT",
+		headers: { "Content-Type": "application/json" },
+		credentials: "include",
+		body: JSON.stringify(credentials),
+	})
+	if (!res.ok) {
+		const data = (await res.json()) as { error?: string }
+		throw new Error(data.error ?? `Failed to update credentials: ${res.status}`)
+	}
+}
+
 export interface LocationInput {
 	lat: number
 	lng: number

apps/admin-dashboard/src/lib/server-url.ts

@@ -1,4 +1,4 @@
-const STORAGE_KEY = "aelis-server-url"
+const STORAGE_KEY = "freya-server-url"
 const DEFAULT_URL = "https://3000--019cf276-6ed6-7529-a425-210182693908.eu-runner.flex.doptig.cloud"
 
 export function getServerUrl(): string {

apps/admin-dashboard/src/main.tsx

@@ -3,10 +3,11 @@ import { StrictMode } from "react"
 import { createRoot } from "react-dom/client"
 
 import "./index.css"
-import App from "./App.tsx"
 import { ThemeProvider } from "@/components/theme-provider.tsx"
 import { Toaster } from "@/components/ui/sonner.tsx"
 
+import App from "./App.tsx"
+
 const queryClient = new QueryClient({
 	defaultOptions: {
 		queries: {
@@ -24,5 +25,5 @@ createRoot(document.getElementById("root")!).render(
 				<Toaster />
 			</ThemeProvider>
 		</QueryClientProvider>
-  </StrictMode>
+	</StrictMode>,
 )

apps/admin-dashboard/src/route-tree.gen.ts

@@ -1,15 +1,11 @@
 import { Route as rootRoute } from "./routes/__root"
-import { Route as loginRoute } from "./routes/login"
 import { Route as dashboardRoute } from "./routes/_dashboard"
-import { Route as dashboardIndexRoute } from "./routes/_dashboard/index"
 import { Route as dashboardFeedRoute } from "./routes/_dashboard/feed"
+import { Route as dashboardIndexRoute } from "./routes/_dashboard/index"
 import { Route as dashboardSourceRoute } from "./routes/_dashboard/sources.$sourceId"
+import { Route as loginRoute } from "./routes/login"
 
 export const routeTree = rootRoute.addChildren([
 	loginRoute,
-  dashboardRoute.addChildren([
+	dashboardRoute.addChildren([dashboardIndexRoute, dashboardFeedRoute, dashboardSourceRoute]),
-    dashboardIndexRoute,
-    dashboardFeedRoute,
-    dashboardSourceRoute,
-  ]),
 ])

apps/admin-dashboard/src/routes/__root.tsx

@@ -1,5 +1,7 @@
-import { createRootRouteWithContext, Outlet } from "@tanstack/react-router"
 import type { QueryClient } from "@tanstack/react-query"
+
+import { createRootRouteWithContext, Outlet } from "@tanstack/react-router"
+
 import { TooltipProvider } from "@/components/ui/tooltip"
 
 export const Route = createRootRouteWithContext<{ queryClient: QueryClient }>()({

apps/admin-dashboard/src/routes/_dashboard.tsx

@@ -1,21 +1,27 @@
-import { createRoute, Outlet, redirect, useMatchRoute, useNavigate, Link } from "@tanstack/react-router"
 import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"
+import {
+	createRoute,
+	Outlet,
+	redirect,
+	useMatchRoute,
+	useNavigate,
+	Link,
+} from "@tanstack/react-router"
 import {
 	Calendar,
 	CalendarDays,
 	CircleDot,
 	CloudSun,
 	Loader2,
+	TrainFront,
 	LogOut,
+	Map as MapIcon,
 	MapPin,
 	Rss,
 	Server,
 	TriangleAlert,
 } from "lucide-react"
 
-import { fetchConfigs, fetchSources } from "@/lib/api"
-import { getSession, signOut } from "@/lib/auth"
-
 import { Alert, AlertDescription } from "@/components/ui/alert"
 import { Button } from "@/components/ui/button"
 import { Separator } from "@/components/ui/separator"
@@ -34,13 +40,18 @@ import {
 	SidebarProvider,
 	SidebarTrigger,
 } from "@/components/ui/sidebar"
+import { fetchConfigs, fetchSources } from "@/lib/api"
+import { getSession, signOut } from "@/lib/auth"
+
 import { Route as rootRoute } from "./__root"
 
 const SOURCE_ICONS: Record<string, React.ComponentType<{ className?: string }>> = {
-  "aelis.location": MapPin,
+	"freya.location": MapPin,
-  "aelis.weather": CloudSun,
+	"freya.weather": CloudSun,
-  "aelis.caldav": CalendarDays,
+	"freya.caldav": CalendarDays,
-  "aelis.google-calendar": Calendar,
+	"freya.google-calendar": Calendar,
+	"freya.google-maps": MapIcon,
+	"freya.tfl": TrainFront,
 }
 
 export const Route = createRoute({
@@ -110,7 +121,12 @@ function DashboardLayout() {
 							<p className="truncate text-sm font-medium">{user.name}</p>
 							<p className="truncate text-xs text-muted-foreground">{user.email}</p>
 						</div>
-            <Button variant="ghost" size="icon" className="size-7 shrink-0" onClick={() => logoutMutation.mutate()}>
+						<Button
+							variant="ghost"
+							size="icon"
+							className="size-7 shrink-0"
+							onClick={() => logoutMutation.mutate()}
+						>
 							<LogOut className="size-3.5" />
 						</Button>
 					</div>
@@ -121,10 +137,7 @@ function DashboardLayout() {
 						<SidebarGroupContent>
 							<SidebarMenu>
 								<SidebarMenuItem>
-                  <SidebarMenuButton
+									<SidebarMenuButton isActive={!!matchRoute({ to: "/" })} asChild>
-                    isActive={!!matchRoute({ to: "/" })}
-                    asChild
-                  >
 										<Link to="/">
 											<Server className="size-4" />
 											<span>Server</span>
@@ -132,10 +145,7 @@ function DashboardLayout() {
 									</SidebarMenuButton>
 								</SidebarMenuItem>
 								<SidebarMenuItem>
-                  <SidebarMenuButton
+									<SidebarMenuButton isActive={!!matchRoute({ to: "/feed" })} asChild>
-                    isActive={!!matchRoute({ to: "/feed" })}
-                    asChild
-                  >
 										<Link to="/feed">
 											<Rss className="size-4" />
 											<span>Feed</span>
@@ -157,7 +167,12 @@ function DashboardLayout() {
 									return (
 										<SidebarMenuItem key={source.id}>
 											<SidebarMenuButton
-                        isActive={!!matchRoute({ to: "/sources/$sourceId", params: { sourceId: source.id } })}
+												isActive={
+													!!matchRoute({
+														to: "/sources/$sourceId",
+														params: { sourceId: source.id },
+													})
+												}
 												asChild
 											>
 												<Link to="/sources/$sourceId" params={{ sourceId: source.id }}>

apps/admin-dashboard/src/routes/_dashboard/feed.tsx

@@ -1,6 +1,7 @@
 import { createRoute } from "@tanstack/react-router"
 
 import { FeedPanel } from "@/components/feed-panel"
+
 import { Route as dashboardRoute } from "../_dashboard"
 
 export const Route = createRoute({

apps/admin-dashboard/src/routes/_dashboard/index.tsx

@@ -1,6 +1,7 @@
 import { createRoute } from "@tanstack/react-router"
 
 import { GeneralSettingsPanel } from "@/components/general-settings-panel"
+
 import { Route as dashboardRoute } from "../_dashboard"
 
 export const Route = createRoute({

apps/admin-dashboard/src/routes/_dashboard/sources.$sourceId.tsx

@@ -1,8 +1,9 @@
-import { createRoute } from "@tanstack/react-router"
 import { useQuery, useQueryClient } from "@tanstack/react-query"
+import { createRoute } from "@tanstack/react-router"
 
-import { fetchSources } from "@/lib/api"
 import { SourceConfigPanel } from "@/components/source-config-panel"
+import { fetchSources } from "@/lib/api"
+
 import { Route as dashboardRoute } from "../_dashboard"
 
 export const Route = createRoute({

apps/admin-dashboard/src/routes/login.tsx

@@ -1,8 +1,10 @@
-import { createRoute, useNavigate } from "@tanstack/react-router"
 import { useQueryClient } from "@tanstack/react-query"
+import { createRoute, useNavigate } from "@tanstack/react-router"
 
 import type { AuthSession } from "@/lib/auth"
+
 import { LoginPage } from "@/components/login-page"
+
 import { Route as rootRoute } from "./__root"
 
 export const Route = createRoute({

apps/admin-dashboard/tsconfig.app.json

@@ -3,12 +3,11 @@
 		"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
 		"target": "ES2022",
 		"useDefineForClassFields": true,
-    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+		"lib": ["ES2022", "DOM"],
 		"module": "ESNext",
 		"types": ["vite/client"],
 		"skipLibCheck": true,
 
-    /* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
@@ -16,14 +15,12 @@
 		"noEmit": true,
 		"jsx": "react-jsx",
 
-    /* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,
 		"erasableSyntaxOnly": true,
 		"noFallthroughCasesInSwitch": true,
 		"noUncheckedSideEffectImports": true,
-    "baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.json

@@ -1,11 +1,7 @@
 {
 	"files": [],
-  "references": [
+	"references": [{ "path": "./tsconfig.app.json" }, { "path": "./tsconfig.node.json" }],
-    { "path": "./tsconfig.app.json" },
-    { "path": "./tsconfig.node.json" }
-  ],
 	"compilerOptions": {
-    "baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.node.json

@@ -7,14 +7,12 @@
 		"types": ["node"],
 		"skipLibCheck": true,
 
-    /* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
 		"moduleDetection": "force",
 		"noEmit": true,
 
-    /* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,

apps/admin-dashboard/vite.config.ts

@@ -1,6 +1,6 @@
-import path from "path"
 import tailwindcss from "@tailwindcss/vite"
 import react from "@vitejs/plugin-react"
+import path from "path"
 import { defineConfig } from "vite"
 
 // https://vite.dev/config/
@@ -12,6 +12,7 @@ export default defineConfig({
 		},
 	},
 	server: {
+		host: "0.0.0.0",
 		port: 5174,
 		allowedHosts: true,
 	},

apps/aelis-backend/src/location/provider.ts

@@ -1,11 +0,0 @@
-import { LocationSource } from "@aelis/source-location"
-
-import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
-
-export class LocationSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.location"
-
-	async feedSourceForUser(_userId: string, _config: unknown): Promise<LocationSource> {
-		return new LocationSource()
-	}
-}

apps/aelis-backend/src/sources/http.test.ts

@@ -1,710 +0,0 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
-
-import { describe, expect, mock, spyOn, test } from "bun:test"
-import { Hono } from "hono"
-
-import type { Database } from "../db/index.ts"
-import type { ConfigSchema, FeedSourceProvider } from "../session/feed-source-provider.ts"
-
-import { mockAuthSessionMiddleware } from "../auth/session-middleware.ts"
-import { UserSessionManager } from "../session/user-session-manager.ts"
-import { tflConfig } from "../tfl/provider.ts"
-import { weatherConfig } from "../weather/provider.ts"
-import { SourceNotFoundError } from "./errors.ts"
-import { registerSourcesHttpHandlers } from "./http.ts"
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function createStubSource(id: string): FeedSource {
-	return {
-		id,
-		async listActions(): Promise<Record<string, ActionDefinition>> {
-			return {}
-		},
-		async executeAction(): Promise<unknown> {
-			return undefined
-		},
-		async fetchContext(): Promise<readonly ContextEntry[] | null> {
-			return null
-		},
-		async fetchItems(): Promise<FeedItem[]> {
-			return []
-		},
-	}
-}
-
-function createStubProvider(sourceId: string, configSchema?: ConfigSchema): FeedSourceProvider {
-	return {
-		sourceId,
-		configSchema,
-		async feedSourceForUser() {
-			return createStubSource(sourceId)
-		},
-	}
-}
-
-const MOCK_USER_ID = "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn"
-
-type SourceRow = {
-	userId: string
-	sourceId: string
-	enabled: boolean
-	config: Record<string, unknown>
-}
-
-function createInMemoryStore() {
-	const rows = new Map<string, SourceRow>()
-
-	function key(userId: string, sourceId: string) {
-		return `${userId}:${sourceId}`
-	}
-
-	return {
-		rows,
-		seed(userId: string, sourceId: string, data: Partial<SourceRow> = {}) {
-			rows.set(key(userId, sourceId), {
-				userId,
-				sourceId,
-				enabled: data.enabled ?? true,
-				config: data.config ?? {},
-			})
-		},
-		forUser(userId: string) {
-			return {
-				async enabled() {
-					return [...rows.values()].filter((r) => r.userId === userId && r.enabled)
-				},
-				async find(sourceId: string) {
-					return rows.get(key(userId, sourceId))
-				},
-				async updateConfig(sourceId: string, update: { enabled?: boolean; config?: unknown }) {
-					const existing = rows.get(key(userId, sourceId))
-					if (!existing) {
-						throw new SourceNotFoundError(sourceId, userId)
-					}
-					if (update.enabled !== undefined) {
-						existing.enabled = update.enabled
-					}
-					if (update.config !== undefined) {
-						existing.config = update.config as Record<string, unknown>
-					}
-				},
-				async upsertConfig(sourceId: string, data: { enabled: boolean; config: unknown }) {
-					const existing = rows.get(key(userId, sourceId))
-					if (existing) {
-						existing.enabled = data.enabled
-						existing.config = data.config as Record<string, unknown>
-					} else {
-						rows.set(key(userId, sourceId), {
-							userId,
-							sourceId,
-							enabled: data.enabled,
-							config: (data.config ?? {}) as Record<string, unknown>,
-						})
-					}
-				},
-			}
-		},
-	}
-}
-
-let activeStore: ReturnType<typeof createInMemoryStore>
-
-mock.module("../sources/user-sources.ts", () => ({
-	sources(_db: unknown, userId: string) {
-		return activeStore.forUser(userId)
-	},
-}))
-
-const fakeDb = {} as Database
-
-function createApp(providers: FeedSourceProvider[], userId?: string) {
-	const sessionManager = new UserSessionManager({ providers, db: fakeDb })
-	const app = new Hono()
-	registerSourcesHttpHandlers(app, {
-		sessionManager,
-		authSessionMiddleware: mockAuthSessionMiddleware(userId),
-	})
-	return { app, sessionManager }
-}
-
-function patch(app: Hono, sourceId: string, body: unknown) {
-	return app.request(`/api/sources/${sourceId}`, {
-		method: "PATCH",
-		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify(body),
-	})
-}
-
-function get(app: Hono, sourceId: string) {
-	return app.request(`/api/sources/${sourceId}`, { method: "GET" })
-}
-
-function put(app: Hono, sourceId: string, body: unknown) {
-	return app.request(`/api/sources/${sourceId}`, {
-		method: "PUT",
-		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify(body),
-	})
-}
-
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-
-describe("GET /api/sources/:sourceId", () => {
-	test("returns 401 without auth", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
-
-		const res = await get(app, "aelis.weather")
-
-		expect(res.status).toBe(401)
-	})
-
-	test("returns 404 for unknown source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await get(app, "unknown.source")
-
-		expect(res.status).toBe(404)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("not found")
-	})
-
-	test("returns enabled and config for existing source", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await get(app, "aelis.weather")
-
-		expect(res.status).toBe(200)
-		const body = (await res.json()) as { enabled: boolean; config: unknown }
-		expect(body.enabled).toBe(true)
-		expect(body.config).toEqual({ units: "metric" })
-	})
-
-	test("returns defaults when user has no row for source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await get(app, "aelis.weather")
-
-		expect(res.status).toBe(200)
-		const body = (await res.json()) as { enabled: boolean; config: unknown }
-		expect(body.enabled).toBe(false)
-		expect(body.config).toEqual({})
-	})
-
-	test("returns disabled source", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: false,
-			config: { units: "imperial" },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await get(app, "aelis.weather")
-
-		expect(res.status).toBe(200)
-		const body = (await res.json()) as { enabled: boolean; config: unknown }
-		expect(body.enabled).toBe(false)
-		expect(body.config).toEqual({ units: "imperial" })
-	})
-})
-
-describe("PATCH /api/sources/:sourceId", () => {
-	test("returns 401 without auth", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
-
-		const res = await patch(app, "aelis.weather", { enabled: true })
-
-		expect(res.status).toBe(401)
-	})
-
-	test("returns 404 for unknown source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "unknown.source", { enabled: true })
-
-		expect(res.status).toBe(404)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("not found")
-	})
-
-	test("returns 404 when user has no existing row for source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", { enabled: true })
-
-		expect(res.status).toBe(404)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("not found")
-	})
-
-	test("returns 204 when body is empty object (no-op) on existing source", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {})
-
-		expect(res.status).toBe(204)
-	})
-
-	test("returns 404 when body is empty object on nonexistent user source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {})
-
-		expect(res.status).toBe(404)
-	})
-
-	test("returns 400 for invalid JSON body", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await app.request("/api/sources/aelis.weather", {
-			method: "PATCH",
-			headers: { "Content-Type": "application/json" },
-			body: "not json",
-		})
-
-		expect(res.status).toBe(400)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("Invalid JSON")
-	})
-
-	test("returns 400 when request body contains unknown fields", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {
-			enabled: true,
-			unknownField: "hello",
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when weather config contains unknown fields", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {
-			config: { units: "metric", unknownField: "hello" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when weather config fails validation", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {
-			config: { units: "invalid" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 204 and updates enabled", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", { enabled: false })
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
-		expect(row!.enabled).toBe(false)
-		expect(row!.config).toEqual({ units: "metric" })
-	})
-
-	test("returns 204 and updates config", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			config: { units: "metric" },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {
-			config: { units: "imperial" },
-		})
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
-		expect(row!.config).toEqual({ units: "imperial" })
-	})
-
-	test("preserves config when only updating enabled", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.tfl", {
-			enabled: true,
-			config: { lines: ["bakerloo"] },
-		})
-		const { app } = createApp([createStubProvider("aelis.tfl", tflConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.tfl", { enabled: false })
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.tfl`)
-		expect(row!.enabled).toBe(false)
-		expect(row!.config).toEqual({ lines: ["bakerloo"] })
-	})
-
-	test("deep-merges config on update", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			config: { units: "metric", hourlyLimit: 12 },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.weather", {
-			config: { dailyLimit: 5 },
-		})
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
-		expect(row!.config).toEqual({
-			units: "metric",
-			hourlyLimit: 12,
-			dailyLimit: 5,
-		})
-	})
-
-	test("refreshes source in active session after config update", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			config: { units: "metric" },
-		})
-		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
-			MOCK_USER_ID,
-		)
-
-		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		const replaceSpy = spyOn(session, "replaceSource")
-
-		const res = await patch(app, "aelis.weather", {
-			config: { units: "imperial" },
-		})
-
-		expect(res.status).toBe(204)
-		expect(replaceSpy).toHaveBeenCalled()
-		replaceSpy.mockRestore()
-	})
-
-	test("removes source from session when disabled", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
-			MOCK_USER_ID,
-		)
-
-		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		const removeSpy = spyOn(session, "removeSource")
-
-		const res = await patch(app, "aelis.weather", { enabled: false })
-
-		expect(res.status).toBe(204)
-		expect(removeSpy).toHaveBeenCalledWith("aelis.weather")
-		removeSpy.mockRestore()
-	})
-
-	test("returns 400 when config is provided for source without schema", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.location", {
-			config: { something: "value" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when empty config is provided for source without schema", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.location", {
-			config: {},
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("updates enabled on location source", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location", { enabled: true })
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await patch(app, "aelis.location", { enabled: false })
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.location`)
-		expect(row!.enabled).toBe(false)
-	})
-})
-
-// ---------------------------------------------------------------------------
-// PUT /api/sources/:sourceId
-// ---------------------------------------------------------------------------
-
-describe("PUT /api/sources/:sourceId", () => {
-	test("returns 401 without auth", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
-
-		const res = await put(app, "aelis.weather", { enabled: true, config: {} })
-
-		expect(res.status).toBe(401)
-	})
-
-	test("returns 404 for unknown source", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "unknown.source", { enabled: true, config: {} })
-
-		expect(res.status).toBe(404)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("not found")
-	})
-
-	test("returns 400 for invalid JSON", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await app.request("/api/sources/aelis.weather", {
-			method: "PUT",
-			headers: { "Content-Type": "application/json" },
-			body: "not json",
-		})
-
-		expect(res.status).toBe(400)
-		const body = (await res.json()) as { error: string }
-		expect(body.error).toContain("Invalid JSON")
-	})
-
-	test("returns 400 when enabled is missing", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", { config: {} })
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when config is missing", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", { enabled: true })
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when request body contains unknown fields", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-			unknownField: "hello",
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when weather config contains unknown fields", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric", unknownField: "hello" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when config fails schema validation", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "invalid" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 204 and inserts when row does not exist", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
-		expect(row).toBeDefined()
-		expect(row!.enabled).toBe(true)
-		expect(row!.config).toEqual({ units: "metric" })
-	})
-
-	test("returns 204 and fully replaces existing row", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric", hourlyLimit: 12 },
-		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.weather", {
-			enabled: false,
-			config: { units: "imperial" },
-		})
-
-		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
-		expect(row!.enabled).toBe(false)
-		// hourlyLimit should be gone — full replace, not merge
-		expect(row!.config).toEqual({ units: "imperial" })
-	})
-
-	test("refreshes source in active session after upsert", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			config: { units: "metric" },
-		})
-		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
-			MOCK_USER_ID,
-		)
-
-		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		const replaceSpy = spyOn(session, "replaceSource")
-
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "imperial" },
-		})
-
-		expect(res.status).toBe(204)
-		expect(replaceSpy).toHaveBeenCalled()
-		replaceSpy.mockRestore()
-	})
-
-	test("removes source from session when disabled via upsert", async () => {
-		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
-			MOCK_USER_ID,
-		)
-
-		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		const removeSpy = spyOn(session, "removeSource")
-
-		const res = await put(app, "aelis.weather", {
-			enabled: false,
-			config: { units: "metric" },
-		})
-
-		expect(res.status).toBe(204)
-		expect(removeSpy).toHaveBeenCalledWith("aelis.weather")
-		removeSpy.mockRestore()
-	})
-
-	test("adds source to active session when inserting a new source", async () => {
-		activeStore = createInMemoryStore()
-		// Seed a different source so the session can be created
-		activeStore.seed(MOCK_USER_ID, "aelis.location", { enabled: true })
-		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.location"), createStubProvider("aelis.weather", weatherConfig)],
-			MOCK_USER_ID,
-		)
-
-		// Create session — only has aelis.location
-		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		expect(session.hasSource("aelis.weather")).toBe(false)
-
-		// PUT a new source that didn't exist before
-		const res = await put(app, "aelis.weather", {
-			enabled: true,
-			config: { units: "metric" },
-		})
-
-		expect(res.status).toBe(204)
-		expect(session.hasSource("aelis.weather")).toBe(true)
-	})
-
-	test("returns 400 when config is provided for source without schema", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.location", {
-			enabled: true,
-			config: { something: "value" },
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 400 when empty config is provided for source without schema", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.location", {
-			enabled: true,
-			config: {},
-		})
-
-		expect(res.status).toBe(400)
-	})
-
-	test("returns 204 without config field for source without schema", async () => {
-		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
-
-		const res = await put(app, "aelis.location", {
-			enabled: true,
-		})
-
-		expect(res.status).toBe(204)
-	})
-})

apps/freya-backend/.env.example

@@ -5,7 +5,7 @@ DATABASE_URL=postgresql://user:password@localhost:5432/aris
 BETTER_AUTH_SECRET=
 
 # Encryption key for source credentials at rest (32 bytes, generate with: openssl rand -base64 32)
-CREDENTIALS_ENCRYPTION_KEY=
+CREDENTIAL_ENCRYPTION_KEY=
 
 # Base URL of the backend
 BETTER_AUTH_URL=http://localhost:3000

apps/freya-backend/package.json

@@ -1,10 +1,10 @@
 {
-	"name": "@aelis/backend",
+	"name": "@freya/backend",
 	"version": "0.0.0",
 	"type": "module",
 	"main": "src/server.ts",
 	"scripts": {
-		"dev": "bun run --watch src/server.ts",
+		"dev": "bun run --watch --inspect=0.0.0.0:6499 src/server.ts",
 		"start": "bun run src/server.ts",
 		"test": "bun test src/",
 		"db:generate": "bunx drizzle-kit generate",
@@ -15,12 +15,14 @@
 		"create-admin": "bun run src/scripts/create-admin.ts"
 	},
 	"dependencies": {
-		"@aelis/core": "workspace:*",
+		"@freya/core": "workspace:*",
-		"@aelis/source-caldav": "workspace:*",
+		"@freya/source-caldav": "workspace:*",
-		"@aelis/source-google-calendar": "workspace:*",
+		"@freya/source-google-calendar": "workspace:*",
-		"@aelis/source-location": "workspace:*",
+		"@freya/source-google-maps": "workspace:*",
-		"@aelis/source-tfl": "workspace:*",
+		"@freya/source-location": "workspace:*",
-		"@aelis/source-weatherkit": "workspace:*",
+		"@freya/source-tfl": "workspace:*",
+		"@freya/source-weatherkit": "workspace:*",
+		"@freya/source-web-search": "workspace:*",
 		"@openrouter/sdk": "^0.9.11",
 		"arktype": "^2.1.29",
 		"better-auth": "^1",

apps/freya-backend/src/admin/http.test.ts

@@ -1,4 +1,4 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
 import { describe, expect, mock, test } from "bun:test"
 import { Hono } from "hono"
@@ -118,9 +118,9 @@ const validWeatherConfig = {
 
 describe("PUT /api/admin/:sourceId/config", () => {
 	test("returns 404 for unknown provider", async () => {
-		const { app } = createApp([createStubProvider("aelis.location")])
+		const { app } = createApp([createStubProvider("freya.location")])
 
-		const res = await app.request("/api/admin/aelis.nonexistent/config", {
+		const res = await app.request("/api/admin/freya.nonexistent/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ key: "value" }),
@@ -132,9 +132,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 404 for provider without runtime config support", async () => {
-		const { app } = createApp([createStubProvider("aelis.location")])
+		const { app } = createApp([createStubProvider("freya.location")])
 
-		const res = await app.request("/api/admin/aelis.location/config", {
+		const res = await app.request("/api/admin/freya.location/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ key: "value" }),
@@ -146,9 +146,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 400 for invalid JSON body", async () => {
-		const { app } = createApp([createStubProvider("aelis.weather")])
+		const { app } = createApp([createStubProvider("freya.weather")])
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: "not json",
@@ -160,9 +160,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 400 when weather config fails validation", async () => {
-		const { app } = createApp([createStubProvider("aelis.weather")])
+		const { app } = createApp([createStubProvider("freya.weather")])
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ credentials: { privateKey: 123 } }),
@@ -174,11 +174,11 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 204 and applies valid weather config", async () => {
-		const { app, sessionManager } = createApp([createStubProvider("aelis.weather")])
+		const { app, sessionManager } = createApp([createStubProvider("freya.weather")])
 
-		const originalProvider = sessionManager.getProvider("aelis.weather")
+		const originalProvider = sessionManager.getProvider("freya.weather")
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify(validWeatherConfig),
@@ -187,9 +187,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 		expect(res.status).toBe(204)
 
 		// Provider was replaced with a new instance
-		const provider = sessionManager.getProvider("aelis.weather")
+		const provider = sessionManager.getProvider("freya.weather")
 		expect(provider).toBeDefined()
-		expect(provider!.sourceId).toBe("aelis.weather")
+		expect(provider!.sourceId).toBe("freya.weather")
 		expect(provider).not.toBe(originalProvider)
 	})
 })

apps/freya-backend/src/admin/http.ts

@@ -60,7 +60,7 @@ async function handleUpdateProviderConfig(c: Context<Env>) {
 	}
 
 	switch (sourceId) {
-		case "aelis.weather": {
+		case "freya.weather": {
 			const parsed = WeatherKitSourceProviderConfig(body)
 			if (parsed instanceof type.errors) {
 				return c.json({ error: parsed.summary }, 400)

apps/freya-backend/src/auth/admin-middleware.test.ts

@@ -1,5 +1,5 @@
-import { Hono } from "hono"
 import { describe, expect, test } from "bun:test"
+import { Hono } from "hono"
 
 import type { Auth } from "./index.ts"
 import type { AuthSession, AuthUser } from "./session.ts"

apps/freya-backend/src/auth/session-middleware.ts

@@ -79,7 +79,7 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar
 		const user: AuthUser = {
 			id: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn",
 			name: "Dev User",
-			email: "dev@aelis.local",
+			email: "dev@freya.local",
 			emailVerified: true,
 			image: null,
 			createdAt: now,
@@ -96,7 +96,7 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar
 			token: "Vb9CxNfRm2KwQs7TjPeA5dLhYg0UoZi4",
 			expiresAt,
 			ipAddress: "127.0.0.1",
-			userAgent: "aelis-dev",
+			userAgent: "freya-dev",
 			createdAt: now,
 			updatedAt: now,
 		}

apps/freya-backend/src/caldav/provider.test.ts

@@ -0,0 +1,85 @@
+import { describe, expect, test } from "bun:test"
+
+import { CalDavSourceProvider } from "./provider.ts"
+
+describe("CalDavSourceProvider", () => {
+	const provider = new CalDavSourceProvider()
+
+	test("sourceId is freya.caldav", () => {
+		expect(provider.sourceId).toBe("freya.caldav")
+	})
+
+	test("throws when credentials are null", async () => {
+		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
+		await expect(provider.feedSourceForUser("user-1", config, null)).rejects.toThrow(
+			"No CalDAV credentials configured",
+		)
+	})
+
+	test("throws when credentials are missing password", async () => {
+		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
+		await expect(provider.feedSourceForUser("user-1", config, {})).rejects.toThrow(
+			"password must be a string",
+		)
+	})
+
+	test("throws when config is missing serverUrl", async () => {
+		const credentials = { password: "app-specific-password" }
+		await expect(
+			provider.feedSourceForUser("user-1", { username: "user@icloud.com" }, credentials),
+		).rejects.toThrow("Invalid CalDAV config")
+	})
+
+	test("throws when config is missing username", async () => {
+		const credentials = { password: "app-specific-password" }
+		await expect(
+			provider.feedSourceForUser("user-1", { serverUrl: "https://caldav.icloud.com" }, credentials),
+		).rejects.toThrow("Invalid CalDAV config")
+	})
+
+	test("throws when config has extra keys", async () => {
+		const config = {
+			serverUrl: "https://caldav.icloud.com",
+			username: "user@icloud.com",
+			extra: true,
+		}
+		const credentials = { password: "app-specific-password" }
+		await expect(provider.feedSourceForUser("user-1", config, credentials)).rejects.toThrow(
+			"Invalid CalDAV config",
+		)
+	})
+
+	test("throws when credentials have extra keys", async () => {
+		const config = { serverUrl: "https://caldav.icloud.com", username: "user@icloud.com" }
+		const credentials = { password: "app-specific-password", extra: true }
+		await expect(provider.feedSourceForUser("user-1", config, credentials)).rejects.toThrow(
+			"extra must be removed",
+		)
+	})
+
+	test("returns CalDavSource with valid config and credentials", async () => {
+		const config = {
+			serverUrl: "https://caldav.icloud.com",
+			username: "user@icloud.com",
+			lookAheadDays: 3,
+			timeZone: "Europe/London",
+		}
+		const credentials = { password: "app-specific-password" }
+
+		const source = await provider.feedSourceForUser("user-1", config, credentials)
+		expect(source).toBeDefined()
+		expect(source.id).toBe("freya.caldav")
+	})
+
+	test("returns CalDavSource with minimal config", async () => {
+		const config = {
+			serverUrl: "https://caldav.icloud.com",
+			username: "user@icloud.com",
+		}
+		const credentials = { password: "app-specific-password" }
+
+		const source = await provider.feedSourceForUser("user-1", config, credentials)
+		expect(source).toBeDefined()
+		expect(source.id).toBe("freya.caldav")
+	})
+})

apps/freya-backend/src/caldav/provider.ts

@@ -0,0 +1,53 @@
+import { CalDavSource } from "@freya/source-caldav"
+import { type } from "arktype"
+
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+import { InvalidSourceCredentialsError } from "../sources/errors.ts"
+
+const caldavConfig = type({
+	"+": "reject",
+	serverUrl: "string",
+	username: "string",
+	"lookAheadDays?": "number",
+	"timeZone?": "string",
+})
+
+const caldavCredentials = type({
+	"+": "reject",
+	password: "string",
+})
+
+export class CalDavSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "freya.caldav"
+	readonly configSchema = caldavConfig
+
+	async feedSourceForUser(
+		_userId: string,
+		config: unknown,
+		credentials: unknown,
+	): Promise<CalDavSource> {
+		const parsed = caldavConfig(config)
+		if (parsed instanceof type.errors) {
+			throw new Error(`Invalid CalDAV config: ${parsed.summary}`)
+		}
+
+		if (!credentials) {
+			throw new InvalidSourceCredentialsError("freya.caldav", "No CalDAV credentials configured")
+		}
+
+		const creds = caldavCredentials(credentials)
+		if (creds instanceof type.errors) {
+			throw new InvalidSourceCredentialsError("freya.caldav", creds.summary)
+		}
+
+		return new CalDavSource({
+			serverUrl: parsed.serverUrl,
+			authMethod: "basic",
+			username: parsed.username,
+			password: creds.password,
+			lookAheadDays: parsed.lookAheadDays,
+			timeZone: parsed.timeZone,
+		})
+	}
+}

apps/freya-backend/src/db/index.ts

@@ -1,9 +1,12 @@
+import type { PgDatabase } from "drizzle-orm/pg-core"
+
 import { SQL } from "bun"
-import { drizzle, type BunSQLDatabase } from "drizzle-orm/bun-sql"
+import { drizzle, type BunSQLQueryResultHKT } from "drizzle-orm/bun-sql"
 
 import * as schema from "./schema.ts"
 
-export type Database = BunSQLDatabase<typeof schema>
+/** Covers both the top-level drizzle instance and transaction handles. */
+export type Database = PgDatabase<BunSQLQueryResultHKT, typeof schema>
 
 export interface DatabaseConnection {
 	db: Database

apps/freya-backend/src/db/schema.ts

@@ -29,7 +29,7 @@ export {
 import { user } from "./auth-schema.ts"
 
 // ---------------------------------------------------------------------------
-// AELIS — per-user source configuration
+// FREYA — per-user source configuration
 // ---------------------------------------------------------------------------
 
 const bytea = customType<{ data: Buffer }>({

apps/freya-backend/src/engine/http.test.ts

@@ -1,6 +1,6 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { contextKey } from "@aelis/core"
+import { contextKey } from "@freya/core"
 import { describe, expect, mock, spyOn, test } from "bun:test"
 import { Hono } from "hono"
 
@@ -244,7 +244,7 @@ describe("GET /api/feed", () => {
 })
 
 describe("GET /api/context", () => {
-	const weatherKey = contextKey("aelis.weather", "weather")
+	const weatherKey = contextKey("freya.weather", "weather")
 	const weatherData = { temperature: 20, condition: "Clear" }
 	const contextEntries: readonly ContextEntry[] = [[weatherKey, weatherData]]
 
@@ -274,7 +274,7 @@ describe("GET /api/context", () => {
 		const manager = new UserSessionManager({ db: fakeDb, providers: [] })
 		const app = buildTestApp(manager)
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]')
 
 		expect(res.status).toBe(401)
 	})
@@ -332,7 +332,7 @@ describe("GET /api/context", () => {
 	test("returns 400 when match param is invalid", async () => {
 		const { app } = await buildContextApp("user-1")
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=invalid')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=invalid')
 
 		expect(res.status).toBe(400)
 		const body = (await res.json()) as { error: string }
@@ -343,7 +343,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]&match=exact')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]&match=exact')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { match: string; value: unknown }
@@ -355,7 +355,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=exact')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=exact')
 
 		expect(res.status).toBe(404)
 	})
@@ -364,7 +364,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=prefix')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=prefix')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as {
@@ -373,7 +373,7 @@ describe("GET /api/context", () => {
 		}
 		expect(body.match).toBe("prefix")
 		expect(body.entries).toHaveLength(1)
-		expect(body.entries[0]!.key).toEqual(["aelis.weather", "weather"])
+		expect(body.entries[0]!.key).toEqual(["freya.weather", "weather"])
 		expect(body.entries[0]!.value).toEqual(weatherData)
 	})
 
@@ -381,7 +381,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { match: string; value: unknown }
@@ -393,7 +393,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]')
+		const res = await app.request('/api/context?key=["freya.weather"]')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as {

apps/freya-backend/src/engine/http.ts

@@ -1,6 +1,6 @@
 import type { Context, Hono } from "hono"
 
-import { contextKey } from "@aelis/core"
+import { contextKey } from "@freya/core"
 import { createMiddleware } from "hono/factory"
 
 import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"

apps/freya-backend/src/enhancement/enhance-feed.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import type { LlmClient } from "./llm-client.ts"
 
@@ -47,5 +47,3 @@ export function createFeedEnhancer(config: FeedEnhancerConfig): FeedEnhancer {
 		return mergeEnhancement(items, result, currentTime)
 	}
 }
-
-

apps/freya-backend/src/enhancement/llm-client.ts

@@ -4,7 +4,7 @@ import type { EnhancementResult } from "./schema.ts"
 
 import { enhancementResultJsonSchema, parseEnhancementResult } from "./schema.ts"
 
-const DEFAULT_MODEL = "openai/gpt-4.1-mini"
+const DEFAULT_MODEL = "z-ai/glm-4.7-flash"
 const DEFAULT_TIMEOUT_MS = 30_000
 
 export interface LlmClientConfig {

apps/freya-backend/src/enhancement/merge.test.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import { describe, expect, test } from "bun:test"
 

apps/freya-backend/src/enhancement/merge.ts

@@ -1,8 +1,8 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import type { EnhancementResult } from "./schema.ts"
 
-const ENHANCEMENT_SOURCE_ID = "aelis.enhancement"
+const ENHANCEMENT_SOURCE_ID = "freya.enhancement"
 
 /**
  * Merges an EnhancementResult into feed items.

apps/freya-backend/src/enhancement/prompt-builder.test.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import { describe, expect, test } from "bun:test"
 

apps/freya-backend/src/enhancement/prompt-builder.ts

@@ -1,7 +1,7 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
-import { CalDavFeedItemType } from "@aelis/source-caldav"
+import { CalDavFeedItemType } from "@freya/source-caldav"
-import { CalendarFeedItemType } from "@aelis/source-google-calendar"
+import { CalendarFeedItemType } from "@freya/source-google-calendar"
 
 import systemPromptBase from "./prompts/system.txt"
 
@@ -36,8 +36,7 @@ export function buildPrompt(
 
 	for (const item of items) {
 		const hasUnfilledSlots =
-			item.slots &&
+			item.slots && Object.values(item.slots).some((slot) => slot.content === null)
-			Object.values(item.slots).some((slot) => slot.content === null)
 
 		if (hasUnfilledSlots) {
 			enhanceItems.push({
@@ -79,9 +78,7 @@ export function buildPrompt(
  */
 export function hasUnfilledSlots(items: FeedItem[]): boolean {
 	return items.some(
-		(item) =>
+		(item) => item.slots && Object.values(item.slots).some((slot) => slot.content === null),
-			item.slots &&
-			Object.values(item.slots).some((slot) => slot.content === null),
 	)
 }
 
@@ -129,7 +126,20 @@ function extractCalendarEntry(item: FeedItem): CalendarEntry | null {
 }
 
 const DAYS = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"] as const
-const MONTHS = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"] as const
+const MONTHS = [
+	"Jan",
+	"Feb",
+	"Mar",
+	"Apr",
+	"May",
+	"Jun",
+	"Jul",
+	"Aug",
+	"Sep",
+	"Oct",
+	"Nov",
+	"Dec",
+] as const
 
 function pad2(n: number): string {
 	return n.toString().padStart(2, "0")
@@ -144,7 +154,11 @@ function formatDayShort(date: Date): string {
 }
 
 function formatDayLabel(date: Date, currentTime: Date): string {
-	const currentDay = Date.UTC(currentTime.getUTCFullYear(), currentTime.getUTCMonth(), currentTime.getUTCDate())
+	const currentDay = Date.UTC(
+		currentTime.getUTCFullYear(),
+		currentTime.getUTCMonth(),
+		currentTime.getUTCDate(),
+	)
 	const targetDay = Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate())
 	const diffDays = Math.round((targetDay - currentDay) / (1000 * 60 * 60 * 24))
 

apps/freya-backend/src/enhancement/prompts/system.txt

@@ -1,4 +1,4 @@
-You are AELIS, a personal assistant. You enhance a user's feed by filling slots and optionally generating synthetic items.
+You are FREYA, a personal assistant. You enhance a user's feed by filling slots and optionally generating synthetic items.
 
 The user message is a JSON object with:
 - "items": feed items with data and named slots to fill. Each slot has a description of what to write.

apps/freya-backend/src/enhancement/schema.test.ts

@@ -135,9 +135,7 @@ describe("schema sync", () => {
 
 			// JSON Schema structure matches
 			const jsonSchema = enhancementResultJsonSchema
-			expect(Object.keys(jsonSchema.properties).sort()).toEqual(
+			expect(Object.keys(jsonSchema.properties).sort()).toEqual(Object.keys(payload).sort())
-				Object.keys(payload).sort(),
-			)
 			expect([...jsonSchema.required].sort()).toEqual(Object.keys(payload).sort())
 
 			// syntheticItems item schema has the right required fields
@@ -167,11 +165,7 @@ describe("schema sync", () => {
 
 		// JSON Schema only allows string or null for slot values
 		const slotValueSchema =
-			enhancementResultJsonSchema.properties.slotFills.additionalProperties
+			enhancementResultJsonSchema.properties.slotFills.additionalProperties.additionalProperties
-				.additionalProperties
+		expect(slotValueSchema.anyOf).toEqual([{ type: "string" }, { type: "null" }])
-		expect(slotValueSchema.anyOf).toEqual([
-			{ type: "string" },
-			{ type: "null" },
-		])
 	})
 })

apps/freya-backend/src/google-maps/provider.test.ts

@@ -0,0 +1,55 @@
+import type { GoogleMapsSourceOptions } from "@freya/source-google-maps"
+
+import { describe, expect, test } from "bun:test"
+
+import { GoogleMapsSourceProvider } from "./provider.ts"
+
+type McpClient = NonNullable<GoogleMapsSourceOptions["client"]>
+
+class MockMcpClient implements McpClient {
+	async listTools(): ReturnType<McpClient["listTools"]> {
+		return { tools: [] }
+	}
+
+	async readResource(
+		_params: Parameters<McpClient["readResource"]>[0],
+	): ReturnType<McpClient["readResource"]> {
+		throw new Error("unexpected resource read")
+	}
+
+	async callTool(_params: Parameters<McpClient["callTool"]>[0]): ReturnType<McpClient["callTool"]> {
+		return { structuredContent: {} }
+	}
+}
+
+describe("GoogleMapsSourceProvider", () => {
+	test("sourceId is freya.google-maps", () => {
+		const provider = new GoogleMapsSourceProvider({ apiKey: "key" })
+		expect(provider.sourceId).toBe("freya.google-maps")
+	})
+
+	test("throws when service API key is empty", () => {
+		expect(() => new GoogleMapsSourceProvider({ apiKey: "" })).toThrow(
+			"Google Maps MCP API key must be configured",
+		)
+	})
+
+	test("returns source with service API key", async () => {
+		const provider = new GoogleMapsSourceProvider({ apiKey: "key" })
+
+		const source = await provider.feedSourceForUser("user-1", {}, null)
+
+		expect(source.id).toBe("freya.google-maps")
+	})
+
+	test("allows injected test client with service API key", async () => {
+		const provider = new GoogleMapsSourceProvider({
+			apiKey: "key",
+			client: new MockMcpClient(),
+		})
+
+		const source = await provider.feedSourceForUser("user-1", {}, null)
+
+		expect(source.id).toBe("freya.google-maps")
+	})
+})

apps/freya-backend/src/google-maps/provider.ts

@@ -0,0 +1,39 @@
+import { GoogleMapsSource, type GoogleMapsSourceOptions } from "@freya/source-google-maps"
+
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+export interface GoogleMapsSourceProviderOptions {
+	readonly apiKey: string
+	readonly client?: GoogleMapsSourceOptions["client"]
+}
+
+export class GoogleMapsSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "freya.google-maps"
+
+	private readonly apiKey: string
+	private readonly client: GoogleMapsSourceProviderOptions["client"]
+
+	constructor(options: GoogleMapsSourceProviderOptions) {
+		if (!nonEmptyString(options.apiKey)) {
+			throw new Error("Google Maps MCP API key must be configured")
+		}
+
+		this.apiKey = options.apiKey
+		this.client = options.client
+	}
+
+	async feedSourceForUser(
+		_userId: string,
+		_config: unknown,
+		_credentials: unknown,
+	): Promise<GoogleMapsSource> {
+		return new GoogleMapsSource({
+			apiKey: this.apiKey,
+			client: this.client,
+		})
+	}
+}
+
+function nonEmptyString(value: string): boolean {
+	return typeof value === "string" && value.trim().length > 0
+}

apps/freya-backend/src/lib/crypto.test.ts

@@ -1,5 +1,5 @@
-import { randomBytes } from "node:crypto"
 import { describe, expect, test } from "bun:test"
+import { randomBytes } from "node:crypto"
 
 import { CredentialEncryptor } from "./crypto.ts"
 

apps/freya-backend/src/location/http.ts

@@ -57,7 +57,7 @@ async function handleUpdateLocation(c: Context<Env>) {
 		return c.json({ error: "Service unavailable" }, 503)
 	}
 
-	await session.engine.executeAction("aelis.location", "update-location", {
+	await session.engine.executeAction("freya.location", "update-location", {
 		lat: result.lat,
 		lng: result.lng,
 		accuracy: result.accuracy,

apps/freya-backend/src/location/provider.ts

@@ -0,0 +1,15 @@
+import { LocationSource } from "@freya/source-location"
+
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+export class LocationSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "freya.location"
+
+	async feedSourceForUser(
+		_userId: string,
+		_config: unknown,
+		_credentials: unknown,
+	): Promise<LocationSource> {
+		return new LocationSource()
+	}
+}

apps/freya-backend/src/server.ts

@@ -6,15 +6,20 @@ import { createRequireAdmin } from "./auth/admin-middleware.ts"
 import { registerAuthHandlers } from "./auth/http.ts"
 import { createAuth } from "./auth/index.ts"
 import { createRequireSession } from "./auth/session-middleware.ts"
+import { CalDavSourceProvider } from "./caldav/provider.ts"
 import { createDatabase } from "./db/index.ts"
 import { registerFeedHttpHandlers } from "./engine/http.ts"
 import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
 import { createLlmClient } from "./enhancement/llm-client.ts"
+import { GoogleMapsSourceProvider } from "./google-maps/provider.ts"
+import { CredentialEncryptor } from "./lib/crypto.ts"
 import { registerLocationHttpHandlers } from "./location/http.ts"
 import { LocationSourceProvider } from "./location/provider.ts"
 import { UserSessionManager } from "./session/index.ts"
 import { registerSourcesHttpHandlers } from "./sources/http.ts"
+import { TflSourceProvider } from "./tfl/provider.ts"
 import { WeatherSourceProvider } from "./weather/provider.ts"
+import { WebSearchSourceProvider } from "./web-search/provider.ts"
 
 function main() {
 	const { db, close: closeDb } = createDatabase(process.env.DATABASE_URL!)
@@ -33,9 +38,25 @@ function main() {
 		console.warn("[enhancement] OPENROUTER_API_KEY not set — feed enhancement disabled")
 	}
 
+	const credentialEncryptionKey = process.env.CREDENTIAL_ENCRYPTION_KEY
+	const credentialEncryptor = credentialEncryptionKey
+		? new CredentialEncryptor(credentialEncryptionKey)
+		: null
+	if (!credentialEncryptor) {
+		console.warn(
+			"[credentials] CREDENTIAL_ENCRYPTION_KEY not set — per-user credential storage disabled",
+		)
+	}
+
+	const googleMapsApiKey = process.env.GOOGLE_MAPS_API_KEY ?? process.env.GOOGLE_MAPS_MCP_API_KEY
+	if (!googleMapsApiKey) {
+		throw new Error("GOOGLE_MAPS_API_KEY or GOOGLE_MAPS_MCP_API_KEY must be set")
+	}
+
 	const sessionManager = new UserSessionManager({
 		db,
 		providers: [
+			new CalDavSourceProvider(),
 			new LocationSourceProvider(),
 			new WeatherSourceProvider({
 				credentials: {
@@ -45,8 +66,14 @@ function main() {
 					serviceId: process.env.WEATHERKIT_SERVICE_ID!,
 				},
 			}),
+			new TflSourceProvider({ apiKey: process.env.TFL_API_KEY! }),
+			new WebSearchSourceProvider({ apiKey: process.env.EXA_API_KEY }),
+			new GoogleMapsSourceProvider({
+				apiKey: googleMapsApiKey,
+			}),
 		],
 		feedEnhancer,
+		credentialEncryptor,
 	})
 
 	const app = new Hono()
@@ -106,5 +133,6 @@ const app = main()
 
 export default {
 	port: 3000,
+	hostname: "0.0.0.0",
 	fetch: app.fetch,
 }

apps/freya-backend/src/session/feed-source-provider.ts

@@ -1,12 +1,12 @@
-import type { FeedSource } from "@aelis/core"
+import type { FeedSource } from "@freya/core"
 import type { type } from "arktype"
 
 export type ConfigSchema = ReturnType<typeof type>
 
 export interface FeedSourceProvider {
-	/** The source ID this provider is responsible for (e.g., "aelis.location"). */
+	/** The source ID this provider is responsible for (e.g., "freya.location"). */
 	readonly sourceId: string
 	/** Arktype schema for validating user-provided config. Omit if the source has no config. */
 	readonly configSchema?: ConfigSchema
-	feedSourceForUser(userId: string, config: unknown): Promise<FeedSource>
+	feedSourceForUser(userId: string, config: unknown, credentials: unknown): Promise<FeedSource>
 }

apps/freya-backend/src/session/user-session-manager.test.ts

@@ -1,12 +1,18 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { LocationSource } from "@aelis/source-location"
+import { LocationSource } from "@freya/source-location"
-import { WeatherSource } from "@aelis/source-weatherkit"
+import { WeatherSource } from "@freya/source-weatherkit"
 import { beforeEach, describe, expect, mock, spyOn, test } from "bun:test"
 
 import type { Database } from "../db/index.ts"
 import type { FeedSourceProvider } from "./feed-source-provider.ts"
 
+import { CredentialEncryptor } from "../lib/crypto.ts"
+import {
+	CredentialStorageUnavailableError,
+	InvalidSourceCredentialsError,
+} from "../sources/errors.ts"
+import { SourceNotFoundError } from "../sources/errors.ts"
 import { UserSessionManager } from "./user-session-manager.ts"
 
 /**
@@ -38,6 +44,13 @@ function getEnabledSourceIds(userId: string): string[] {
  */
 let mockFindResult: unknown | undefined
 
+/**
+ * Spy for `updateCredentials` calls. Tests can inspect calls via
+ * `mockUpdateCredentialsCalls` or override behavior.
+ */
+const mockUpdateCredentialsCalls: Array<{ sourceId: string; credentials: Buffer }> = []
+let mockUpdateCredentialsError: Error | null = null
+
 // Mock the sources module so UserSessionManager's DB query returns controlled data.
 mock.module("../sources/user-sources.ts", () => ({
 	sources: (_db: Database, userId: string) => ({
@@ -68,10 +81,39 @@ mock.module("../sources/user-sources.ts", () => ({
 				updatedAt: now,
 			}
 		},
+		async findForUpdate(sourceId: string) {
+			// Delegates to find — row locking is a no-op in tests.
+			if (mockFindResult !== undefined) return mockFindResult
+			const now = new Date()
+			return {
+				id: crypto.randomUUID(),
+				userId,
+				sourceId,
+				enabled: true,
+				config: {},
+				credentials: null,
+				createdAt: now,
+				updatedAt: now,
+			}
+		},
+		async updateConfig(_sourceId: string, _update: { enabled?: boolean; config?: unknown }) {
+			// no-op for tests
+		},
+		async upsertConfig(_sourceId: string, _data: { enabled: boolean; config: unknown }) {
+			// no-op for tests
+		},
+		async updateCredentials(sourceId: string, credentials: Buffer) {
+			if (mockUpdateCredentialsError) {
+				throw mockUpdateCredentialsError
+			}
+			mockUpdateCredentialsCalls.push({ sourceId, credentials })
+		},
 	}),
 }))
 
-const fakeDb = {} as Database
+const fakeDb = {
+	transaction: <T>(fn: (tx: unknown) => Promise<T>) => fn(fakeDb),
+} as unknown as Database
 
 function createStubSource(id: string, items: FeedItem[] = []): FeedSource {
 	return {
@@ -93,21 +135,24 @@ function createStubSource(id: string, items: FeedItem[] = []): FeedSource {
 
 function createStubProvider(
 	sourceId: string,
-	factory: (userId: string, config: Record<string, unknown>) => Promise<FeedSource> = async () =>
+	factory: (
-		createStubSource(sourceId),
+		userId: string,
+		config: Record<string, unknown>,
+		credentials: unknown,
+	) => Promise<FeedSource> = async () => createStubSource(sourceId),
 ): FeedSourceProvider {
 	return { sourceId, feedSourceForUser: factory }
 }
 
 const locationProvider: FeedSourceProvider = {
-	sourceId: "aelis.location",
+	sourceId: "freya.location",
 	async feedSourceForUser() {
 		return new LocationSource()
 	},
 }
 
 const weatherProvider: FeedSourceProvider = {
-	sourceId: "aelis.weather",
+	sourceId: "freya.weather",
 	async feedSourceForUser() {
 		return new WeatherSource({ client: { fetch: async () => ({}) as never } })
 	},
@@ -116,11 +161,13 @@ const weatherProvider: FeedSourceProvider = {
 beforeEach(() => {
 	enabledByUser.clear()
 	mockFindResult = undefined
+	mockUpdateCredentialsCalls.length = 0
+	mockUpdateCredentialsError = null
 })
 
 describe("UserSessionManager", () => {
 	test("getOrCreate creates session on first call", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
@@ -130,7 +177,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("getOrCreate returns same session for same user", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -140,7 +187,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("getOrCreate returns different sessions for different users", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -150,20 +197,20 @@ describe("UserSessionManager", () => {
 	})
 
 	test("each user gets independent source instances", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
 		const session2 = await manager.getOrCreate("user-2")
 
-		const source1 = session1.getSource<LocationSource>("aelis.location")
+		const source1 = session1.getSource<LocationSource>("freya.location")
-		const source2 = session2.getSource<LocationSource>("aelis.location")
+		const source2 = session2.getSource<LocationSource>("freya.location")
 
 		expect(source1).not.toBe(source2)
 	})
 
 	test("remove destroys session and allows re-creation", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -174,14 +221,14 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove is no-op for unknown user", () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		expect(() => manager.remove("unknown")).not.toThrow()
 	})
 
 	test("registers multiple providers", async () => {
-		setEnabledSources(["aelis.location", "aelis.weather"])
+		setEnabledSources(["freya.location", "freya.weather"])
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [locationProvider, weatherProvider],
@@ -189,12 +236,12 @@ describe("UserSessionManager", () => {
 
 		const session = await manager.getOrCreate("user-1")
 
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
-		expect(session.getSource("aelis.weather")).toBeDefined()
+		expect(session.getSource("freya.weather")).toBeDefined()
 	})
 
 	test("refresh returns feed result through session", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
@@ -207,30 +254,30 @@ describe("UserSessionManager", () => {
 	})
 
 	test("location update via executeAction works", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
 			timestamp: new Date(),
 		})
 
-		const source = session.getSource<LocationSource>("aelis.location")
+		const source = session.getSource<LocationSource>("freya.location")
 		expect(source?.lastLocation?.lat).toBe(51.5074)
 	})
 
 	test("subscribe receives updates after location push", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 		const callback = mock()
 
 		const session = await manager.getOrCreate("user-1")
 		session.engine.subscribe(callback)
 
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
@@ -244,7 +291,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove stops reactive updates", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 		const callback = mock()
 
@@ -255,7 +302,7 @@ describe("UserSessionManager", () => {
 
 		// Create new session and push location — old callback should not fire
 		const session2 = await manager.getOrCreate("user-1")
-		await session2.engine.executeAction("aelis.location", "update-location", {
+		await session2.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
@@ -268,9 +315,9 @@ describe("UserSessionManager", () => {
 	})
 
 	test("creates session with successful providers when some fail", async () => {
-		setEnabledSources(["aelis.location", "aelis.failing"])
+		setEnabledSources(["freya.location", "freya.failing"])
 		const failingProvider: FeedSourceProvider = {
-			sourceId: "aelis.failing",
+			sourceId: "freya.failing",
 			async feedSourceForUser() {
 				throw new Error("provider failed")
 			},
@@ -286,25 +333,25 @@ describe("UserSessionManager", () => {
 		const session = await manager.getOrCreate("user-1")
 
 		expect(session).toBeDefined()
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
 		expect(spy).toHaveBeenCalled()
 
 		spy.mockRestore()
 	})
 
 	test("throws AggregateError when all providers fail", async () => {
-		setEnabledSources(["aelis.fail-1", "aelis.fail-2"])
+		setEnabledSources(["freya.fail-1", "freya.fail-2"])
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.fail-1",
+					sourceId: "freya.fail-1",
 					async feedSourceForUser() {
 						throw new Error("first failed")
 					},
 				},
 				{
-					sourceId: "aelis.fail-2",
+					sourceId: "freya.fail-2",
 					async feedSourceForUser() {
 						throw new Error("second failed")
 					},
@@ -316,13 +363,13 @@ describe("UserSessionManager", () => {
 	})
 
 	test("concurrent getOrCreate for same user returns same session", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		let callCount = 0
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.location",
+					sourceId: "freya.location",
 					async feedSourceForUser() {
 						callCount++
 						await new Promise((resolve) => setTimeout(resolve, 10))
@@ -342,7 +389,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove during in-flight getOrCreate prevents session from being stored", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		let resolveProvider: () => void
 		const providerGate = new Promise<void>((r) => {
 			resolveProvider = r
@@ -352,7 +399,7 @@ describe("UserSessionManager", () => {
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.location",
+					sourceId: "freya.location",
 					async feedSourceForUser() {
 						await providerGate
 						return new LocationSource()
@@ -378,15 +425,15 @@ describe("UserSessionManager", () => {
 	})
 
 	test("only invokes providers for sources enabled for the user", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
-		const locationFactory = mock(async () => createStubSource("aelis.location"))
+		const locationFactory = mock(async () => createStubSource("freya.location"))
-		const weatherFactory = mock(async () => createStubSource("aelis.weather"))
+		const weatherFactory = mock(async () => createStubSource("freya.weather"))
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
-				{ sourceId: "aelis.location", feedSourceForUser: locationFactory },
+				{ sourceId: "freya.location", feedSourceForUser: locationFactory },
-				{ sourceId: "aelis.weather", feedSourceForUser: weatherFactory },
+				{ sourceId: "freya.weather", feedSourceForUser: weatherFactory },
 			],
 		})
 
@@ -394,43 +441,43 @@ describe("UserSessionManager", () => {
 
 		expect(locationFactory).toHaveBeenCalledTimes(1)
 		expect(weatherFactory).not.toHaveBeenCalled()
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
-		expect(session.getSource("aelis.weather")).toBeUndefined()
+		expect(session.getSource("freya.weather")).toBeUndefined()
 	})
 
 	test("creates empty session when no sources are enabled", async () => {
 		setEnabledSources([])
-		const factory = mock(async () => createStubSource("aelis.location"))
+		const factory = mock(async () => createStubSource("freya.location"))
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
-			providers: [{ sourceId: "aelis.location", feedSourceForUser: factory }],
+			providers: [{ sourceId: "freya.location", feedSourceForUser: factory }],
 		})
 
 		const session = await manager.getOrCreate("user-1")
 
 		expect(factory).not.toHaveBeenCalled()
 		expect(session).toBeDefined()
-		expect(session.getSource("aelis.location")).toBeUndefined()
+		expect(session.getSource("freya.location")).toBeUndefined()
 	})
 
 	test("per-user enabled sources are respected", async () => {
 		enabledByUser.clear()
-		setEnabledSourcesForUser("user-1", ["aelis.location"])
+		setEnabledSourcesForUser("user-1", ["freya.location"])
-		setEnabledSourcesForUser("user-2", ["aelis.weather"])
+		setEnabledSourcesForUser("user-2", ["freya.weather"])
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
-			providers: [createStubProvider("aelis.location"), createStubProvider("aelis.weather")],
+			providers: [createStubProvider("freya.location"), createStubProvider("freya.weather")],
 		})
 
 		const session1 = await manager.getOrCreate("user-1")
 		const session2 = await manager.getOrCreate("user-2")
 
-		expect(session1.getSource("aelis.location")).toBeDefined()
+		expect(session1.getSource("freya.location")).toBeDefined()
-		expect(session1.getSource("aelis.weather")).toBeUndefined()
+		expect(session1.getSource("freya.weather")).toBeUndefined()
-		expect(session2.getSource("aelis.location")).toBeUndefined()
+		expect(session2.getSource("freya.location")).toBeUndefined()
-		expect(session2.getSource("aelis.weather")).toBeDefined()
+		expect(session2.getSource("freya.weather")).toBeDefined()
 	})
 })
 
@@ -478,10 +525,10 @@ describe("UserSessionManager.replaceProvider", () => {
 	})
 
 	test("throws for unknown provider sourceId", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
-		const unknownProvider = createStubProvider("aelis.unknown")
+		const unknownProvider = createStubProvider("freya.unknown")
 
 		await expect(manager.replaceProvider(unknownProvider)).rejects.toThrow(
 			"no existing provider with that sourceId",
@@ -681,3 +728,240 @@ describe("UserSessionManager.replaceProvider", () => {
 		expect(feedAfter.items[0]!.data.version).toBe(1)
 	})
 })
+
+const TEST_ENCRYPTION_KEY = "/bv1nbzC4ozZkT/pcv5oQfl+JAMuMZDUSVDesG2dur8="
+const testEncryptor = new CredentialEncryptor(TEST_ENCRYPTION_KEY)
+
+describe("UserSessionManager.updateSourceCredentials", () => {
+	test("encrypts and persists credentials", async () => {
+		setEnabledSources(["test"])
+		const provider = createStubProvider("test")
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		await manager.updateSourceCredentials("user-1", "test", { token: "secret-123" })
+
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+		expect(mockUpdateCredentialsCalls[0]!.sourceId).toBe("test")
+
+		// Verify the persisted buffer decrypts to the original credentials
+		const decrypted = JSON.parse(testEncryptor.decrypt(mockUpdateCredentialsCalls[0]!.credentials))
+		expect(decrypted).toEqual({ token: "secret-123" })
+	})
+
+	test("throws CredentialStorageUnavailableError when encryptor is not configured", async () => {
+		setEnabledSources(["test"])
+		const provider = createStubProvider("test")
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			// no credentialEncryptor
+		})
+
+		await expect(
+			manager.updateSourceCredentials("user-1", "test", { token: "x" }),
+		).rejects.toBeInstanceOf(CredentialStorageUnavailableError)
+	})
+
+	test("throws SourceNotFoundError for unknown source", async () => {
+		setEnabledSources([])
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [],
+			credentialEncryptor: testEncryptor,
+		})
+
+		await expect(
+			manager.updateSourceCredentials("user-1", "unknown", { token: "x" }),
+		).rejects.toBeInstanceOf(SourceNotFoundError)
+	})
+
+	test("propagates InvalidSourceCredentialsError from provider", async () => {
+		setEnabledSources(["test"])
+		let callCount = 0
+		const provider: FeedSourceProvider = {
+			sourceId: "test",
+			async feedSourceForUser(_userId: string, _config: unknown, _credentials: unknown) {
+				callCount++
+				// Succeed on first call (session creation), throw on refresh
+				if (callCount > 1) {
+					throw new InvalidSourceCredentialsError("test", "bad credentials")
+				}
+				return createStubSource("test")
+			},
+		}
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// Create a session first so the refresh path is exercised
+		await manager.getOrCreate("user-1")
+
+		await expect(
+			manager.updateSourceCredentials("user-1", "test", { token: "bad" }),
+		).rejects.toBeInstanceOf(InvalidSourceCredentialsError)
+
+		// Credentials should still have been persisted before the provider threw
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+	})
+
+	test("refreshes source in active session after credential update", async () => {
+		setEnabledSources(["test"])
+		let receivedCredentials: unknown = null
+		const provider = createStubProvider("test", async (_userId, _config, credentials) => {
+			receivedCredentials = credentials
+			return createStubSource("test")
+		})
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		await manager.getOrCreate("user-1")
+		await manager.updateSourceCredentials("user-1", "test", { token: "refreshed" })
+
+		expect(receivedCredentials).toEqual({ token: "refreshed" })
+	})
+
+	test("persists credentials without session refresh when no active session", async () => {
+		setEnabledSources(["test"])
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// No session created — just update credentials
+		await manager.updateSourceCredentials("user-1", "test", { token: "stored" })
+
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+		// feedSourceForUser should not have been called (no session to refresh)
+		expect(factory).not.toHaveBeenCalled()
+	})
+})
+
+describe("UserSessionManager.saveSourceConfig", () => {
+	test("upserts config without credentials (existing behavior)", async () => {
+		setEnabledSources(["test"])
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// Create a session first so we can verify the source is refreshed
+		await manager.getOrCreate("user-1")
+
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: { key: "value" },
+		})
+
+		// feedSourceForUser called once for session creation, once for upsert refresh
+		expect(factory).toHaveBeenCalledTimes(2)
+		// No credentials should have been persisted
+		expect(mockUpdateCredentialsCalls).toHaveLength(0)
+	})
+
+	test("upserts config with credentials — persists both and passes credentials to source", async () => {
+		setEnabledSources(["test"])
+		let receivedCredentials: unknown = null
+		const factory = mock(async (_userId: string, _config: unknown, creds: unknown) => {
+			receivedCredentials = creds
+			return createStubSource("test")
+		})
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// Create a session so the source refresh path runs
+		await manager.getOrCreate("user-1")
+
+		const creds = { username: "alice", password: "s3cret" }
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: { serverUrl: "https://example.com" },
+			credentials: creds,
+		})
+
+		// Credentials were encrypted and persisted
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+		const decrypted = JSON.parse(testEncryptor.decrypt(mockUpdateCredentialsCalls[0]!.credentials))
+		expect(decrypted).toEqual(creds)
+
+		// feedSourceForUser received the provided credentials (not null)
+		expect(receivedCredentials).toEqual(creds)
+	})
+
+	test("upserts config with credentials adds source to session when not already present", async () => {
+		// Start with no enabled sources so the session is empty
+		setEnabledSources([])
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		const session = await manager.getOrCreate("user-1")
+		expect(session.hasSource("test")).toBe(false)
+
+		// Set mockFindResult to undefined so find() returns a row (simulating the row was just created by upsertConfig)
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: {},
+			credentials: { token: "abc" },
+		})
+
+		// Source should now be in the session
+		expect(session.hasSource("test")).toBe(true)
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+	})
+
+	test("throws CredentialStorageUnavailableError when credentials provided without encryptor", async () => {
+		setEnabledSources(["test"])
+		const provider = createStubProvider("test")
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			// No credentialEncryptor
+		})
+
+		await expect(
+			manager.saveSourceConfig("user-1", "test", {
+				enabled: true,
+				config: {},
+				credentials: { token: "abc" },
+			}),
+		).rejects.toBeInstanceOf(CredentialStorageUnavailableError)
+	})
+
+	test("throws SourceNotFoundError for unknown provider", async () => {
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [],
+			credentialEncryptor: testEncryptor,
+		})
+
+		await expect(
+			manager.saveSourceConfig("user-1", "unknown", {
+				enabled: true,
+				config: {},
+			}),
+		).rejects.toBeInstanceOf(SourceNotFoundError)
+	})
+})

apps/freya-backend/src/session/user-session-manager.ts

@@ -1,13 +1,18 @@
-import type { FeedSource } from "@aelis/core"
+import type { FeedSource } from "@freya/core"
 
 import { type } from "arktype"
 import merge from "lodash.merge"
 
 import type { Database } from "../db/index.ts"
 import type { FeedEnhancer } from "../enhancement/enhance-feed.ts"
+import type { CredentialEncryptor } from "../lib/crypto.ts"
 import type { FeedSourceProvider } from "./feed-source-provider.ts"
 
-import { InvalidSourceConfigError, SourceNotFoundError } from "../sources/errors.ts"
+import {
+	CredentialStorageUnavailableError,
+	InvalidSourceConfigError,
+	SourceNotFoundError,
+} from "../sources/errors.ts"
 import { sources } from "../sources/user-sources.ts"
 import { UserSession } from "./user-session.ts"
 
@@ -15,6 +20,7 @@ export interface UserSessionManagerConfig {
 	db: Database
 	providers: FeedSourceProvider[]
 	feedEnhancer?: FeedEnhancer | null
+	credentialEncryptor?: CredentialEncryptor | null
 }
 
 export class UserSessionManager {
@@ -23,7 +29,7 @@ export class UserSessionManager {
 	private readonly db: Database
 	private readonly providers = new Map<string, FeedSourceProvider>()
 	private readonly feedEnhancer: FeedEnhancer | null
-	private readonly db: Database
+	private readonly encryptor: CredentialEncryptor | null
 
 	constructor(config: UserSessionManagerConfig) {
 		this.db = config.db
@@ -31,7 +37,7 @@ export class UserSessionManager {
 			this.providers.set(provider.sourceId, provider)
 		}
 		this.feedEnhancer = config.feedEnhancer ?? null
-		this.db = config.db
+		this.encryptor = config.credentialEncryptor ?? null
 	}
 
 	getProvider(sourceId: string): FeedSourceProvider | undefined {
@@ -120,14 +126,14 @@ export class UserSessionManager {
 			return
 		}
 
-		// When config is provided, fetch existing to deep-merge before validating.
+		// Use a transaction with SELECT FOR UPDATE to prevent lost updates
-		// NOTE: find + updateConfig is not atomic. A concurrent update could
+		// when concurrent PATCH requests merge config against the same base.
-		// read stale config. Use SELECT FOR UPDATE or atomic jsonb merge if
+		const { existingRow, mergedConfig } = await this.db.transaction(async (tx) => {
-		// this becomes a problem.
+			const existingRow = await sources(tx, userId).findForUpdate(sourceId)
+
 			let mergedConfig: Record<string, unknown> | undefined
 			if (update.config !== undefined && provider.configSchema) {
-			const existing = await sources(this.db, userId).find(sourceId)
+				const existingConfig = (existingRow?.config ?? {}) as Record<string, unknown>
-			const existingConfig = (existing?.config ?? {}) as Record<string, unknown>
 				mergedConfig = merge({}, existingConfig, update.config)
 
 				const validated = provider.configSchema(mergedConfig)
@@ -137,11 +143,14 @@ export class UserSessionManager {
 			}
 
 			// Throws SourceNotFoundError if the row doesn't exist
-		await sources(this.db, userId).updateConfig(sourceId, {
+			await sources(tx, userId).updateConfig(sourceId, {
 				enabled: update.enabled,
 				config: mergedConfig,
 			})
 
+			return { existingRow, mergedConfig }
+		})
+
 		// Refresh the specific source in the active session instead of
 		// destroying the entire session.
 		const session = this.sessions.get(userId)
@@ -149,7 +158,10 @@ export class UserSessionManager {
 			if (update.enabled === false) {
 				session.removeSource(sourceId)
 			} else {
-				const source = await provider.feedSourceForUser(userId, mergedConfig ?? {})
+				const credentials = existingRow?.credentials
+					? this.decryptCredentials(existingRow.credentials)
+					: null
+				const source = await provider.feedSourceForUser(userId, mergedConfig ?? {}, credentials)
 				session.replaceSource(sourceId, source)
 			}
 		}
@@ -161,13 +173,18 @@ export class UserSessionManager {
 	 * inserts a new row if one doesn't exist and fully replaces config
 	 * (no merge).
 	 *
+	 * When `credentials` is provided, they are encrypted and persisted
+	 * alongside the config in the same flow, avoiding the race condition
+	 * of separate config + credential requests.
+	 *
 	 * @throws {SourceNotFoundError} if the sourceId has no registered provider
 	 * @throws {InvalidSourceConfigError} if config fails schema validation
+	 * @throws {CredentialStorageUnavailableError} if credentials are provided but no encryptor is configured
 	 */
-	async upsertSourceConfig(
+	async saveSourceConfig(
 		userId: string,
 		sourceId: string,
-		data: { enabled: boolean; config?: unknown },
+		data: { enabled: boolean; config?: unknown; credentials?: unknown },
 	): Promise<void> {
 		const provider = this.providers.get(sourceId)
 		if (!provider) {
@@ -181,18 +198,43 @@ export class UserSessionManager {
 			}
 		}
 
+		if (data.credentials !== undefined && !this.encryptor) {
+			throw new CredentialStorageUnavailableError()
+		}
+
 		const config = data.config ?? {}
-		await sources(this.db, userId).upsertConfig(sourceId, {
+
+		// Run the upsert + credential update atomically so a failure in
+		// either step doesn't leave the row in an inconsistent state.
+		const existingRow = await this.db.transaction(async (tx) => {
+			const existing = await sources(tx, userId).find(sourceId)
+
+			await sources(tx, userId).upsertConfig(sourceId, {
 				enabled: data.enabled,
 				config,
 			})
 
+			if (data.credentials !== undefined && this.encryptor) {
+				const encrypted = this.encryptor.encrypt(JSON.stringify(data.credentials))
+				await sources(tx, userId).updateCredentials(sourceId, encrypted)
+			}
+
+			return existing
+		})
+
 		const session = this.sessions.get(userId)
 		if (session) {
 			if (!data.enabled) {
 				session.removeSource(sourceId)
 			} else {
-				const source = await provider.feedSourceForUser(userId, config)
+				// Prefer the just-provided credentials over what was in the DB.
+				let credentials: unknown = null
+				if (data.credentials !== undefined) {
+					credentials = data.credentials
+				} else if (existingRow?.credentials) {
+					credentials = this.decryptCredentials(existingRow.credentials)
+				}
+				const source = await provider.feedSourceForUser(userId, config, credentials)
 				if (session.hasSource(sourceId)) {
 					session.replaceSource(sourceId, source)
 				} else {
@@ -202,6 +244,44 @@ export class UserSessionManager {
 		}
 	}
 
+	/**
+	 * Validates, encrypts, and persists per-user credentials for a source,
+	 * then refreshes the active session.
+	 *
+	 * @throws {SourceNotFoundError} if the source row doesn't exist or has no registered provider
+	 * @throws {CredentialStorageUnavailableError} if no CredentialEncryptor is configured
+	 */
+	async updateSourceCredentials(
+		userId: string,
+		sourceId: string,
+		credentials: unknown,
+	): Promise<void> {
+		const provider = this.providers.get(sourceId)
+		if (!provider) {
+			throw new SourceNotFoundError(sourceId, userId)
+		}
+
+		if (!this.encryptor) {
+			throw new CredentialStorageUnavailableError()
+		}
+
+		const encrypted = this.encryptor.encrypt(JSON.stringify(credentials))
+		await sources(this.db, userId).updateCredentials(sourceId, encrypted)
+
+		// Refresh the source in the active session.
+		// If feedSourceForUser throws (e.g. provider rejects the credentials),
+		// the DB already has the new credentials but the session keeps the old
+		// source. The next session creation will pick up the persisted credentials.
+		const session = this.sessions.get(userId)
+		if (session && session.hasSource(sourceId)) {
+			const row = await sources(this.db, userId).find(sourceId)
+			if (row?.enabled) {
+				const source = await provider.feedSourceForUser(userId, row.config ?? {}, credentials)
+				session.replaceSource(sourceId, source)
+			}
+		}
+	}
+
 	/**
 	 * Replaces a provider and updates all active sessions.
 	 * The new provider must have the same sourceId as an existing one.
@@ -254,7 +334,12 @@ export class UserSessionManager {
 			const row = await sources(this.db, session.userId).find(provider.sourceId)
 			if (!row?.enabled) return
 
-			const newSource = await provider.feedSourceForUser(session.userId, row.config ?? {})
+			const credentials = row.credentials ? this.decryptCredentials(row.credentials) : null
+			const newSource = await provider.feedSourceForUser(
+				session.userId,
+				row.config ?? {},
+				credentials,
+			)
 			session.replaceSource(provider.sourceId, newSource)
 		} catch (err) {
 			console.error(
@@ -271,7 +356,8 @@ export class UserSessionManager {
 		for (const row of enabledRows) {
 			const provider = this.providers.get(row.sourceId)
 			if (provider) {
-				promises.push(provider.feedSourceForUser(userId, row.config ?? {}))
+				const credentials = row.credentials ? this.decryptCredentials(row.credentials) : null
+				promises.push(provider.feedSourceForUser(userId, row.config ?? {}, credentials))
 			}
 		}
 
@@ -302,4 +388,19 @@ export class UserSessionManager {
 
 		return new UserSession(userId, feedSources, this.feedEnhancer)
 	}
+
+	/**
+	 * Decrypts a credentials buffer from the DB, returning parsed JSON or null.
+	 * Returns null (with a warning) if decryption or parsing fails — e.g. due to
+	 * key rotation, data corruption, or malformed JSON.
+	 */
+	private decryptCredentials(credentials: Buffer): unknown {
+		if (!this.encryptor) return null
+		try {
+			return JSON.parse(this.encryptor.decrypt(credentials))
+		} catch (err) {
+			console.warn("[UserSessionManager] Failed to decrypt credentials:", err)
+			return null
+		}
+	}
 }

apps/freya-backend/src/session/user-session.test.ts

@@ -1,6 +1,6 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { LocationSource } from "@aelis/source-location"
+import { LocationSource } from "@freya/source-location"
 import { describe, expect, spyOn, test } from "bun:test"
 
 import { UserSession } from "./user-session.ts"
@@ -39,7 +39,7 @@ describe("UserSession", () => {
 		const location = new LocationSource()
 		const session = new UserSession("test-user", [location])
 
-		const result = session.getSource<LocationSource>("aelis.location")
+		const result = session.getSource<LocationSource>("freya.location")
 
 		expect(result).toBe(location)
 	})
@@ -62,7 +62,7 @@ describe("UserSession", () => {
 		const location = new LocationSource()
 		const session = new UserSession("test-user", [location])
 
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5,
 			lng: -0.1,
 			accuracy: 10,

apps/freya-backend/src/session/user-session.ts

@@ -1,4 +1,4 @@
-import { FeedEngine, type FeedItem, type FeedResult, type FeedSource } from "@aelis/core"
+import { FeedEngine, type FeedItem, type FeedResult, type FeedSource } from "@freya/core"
 
 import type { FeedEnhancer } from "../enhancement/enhance-feed.ts"
 

apps/freya-backend/src/sources/errors.ts

@@ -24,3 +24,26 @@ export class InvalidSourceConfigError extends Error {
 		this.sourceId = sourceId
 	}
 }
+
+/**
+ * Thrown by providers when credentials fail validation.
+ */
+export class InvalidSourceCredentialsError extends Error {
+	readonly sourceId: string
+
+	constructor(sourceId: string, summary: string) {
+		super(summary)
+		this.name = "InvalidSourceCredentialsError"
+		this.sourceId = sourceId
+	}
+}
+
+/**
+ * Thrown when credential storage is not configured (missing encryption key).
+ */
+export class CredentialStorageUnavailableError extends Error {
+	constructor() {
+		super("Credential storage is not configured")
+		this.name = "CredentialStorageUnavailableError"
+	}
+}

apps/freya-backend/src/sources/http.ts

@@ -1,3 +1,4 @@
+import type { ActionDefinition } from "@freya/core"
 import type { Context, Hono } from "hono"
 
 import { type } from "arktype"
@@ -6,7 +7,12 @@ import { createMiddleware } from "hono/factory"
 import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"
 import type { UserSessionManager } from "../session/index.ts"
 
-import { InvalidSourceConfigError, SourceNotFoundError } from "./errors.ts"
+import {
+	CredentialStorageUnavailableError,
+	InvalidSourceConfigError,
+	InvalidSourceCredentialsError,
+	SourceNotFoundError,
+} from "./errors.ts"
 
 type Env = {
 	Variables: {
@@ -29,11 +35,13 @@ const ReplaceSourceConfigRequestBody = type({
 	"+": "reject",
 	enabled: "boolean",
 	config: "unknown",
+	"credentials?": "unknown",
 })
 
 const ReplaceSourceConfigNoConfigRequestBody = type({
 	"+": "reject",
 	enabled: "boolean",
+	"credentials?": "unknown",
 })
 
 export function registerSourcesHttpHandlers(
@@ -48,6 +56,19 @@ export function registerSourcesHttpHandlers(
 	app.get("/api/sources/:sourceId", inject, authSessionMiddleware, handleGetSource)
 	app.patch("/api/sources/:sourceId", inject, authSessionMiddleware, handleUpdateSource)
 	app.put("/api/sources/:sourceId", inject, authSessionMiddleware, handleReplaceSource)
+	app.get("/api/sources/:sourceId/actions", inject, authSessionMiddleware, handleListActions)
+	app.post(
+		"/api/sources/:sourceId/actions/:actionId",
+		inject,
+		authSessionMiddleware,
+		handleExecuteAction,
+	)
+	app.put(
+		"/api/sources/:sourceId/credentials",
+		inject,
+		authSessionMiddleware,
+		handleUpdateCredentials,
+	)
 }
 
 async function handleGetSource(c: Context<Env>) {
@@ -150,14 +171,15 @@ async function handleReplaceSource(c: Context<Env>) {
 		return c.json({ error: parsed.summary }, 400)
 	}
 
-	const { enabled } = parsed
+	const { enabled, credentials } = parsed
 	const config = "config" in parsed ? parsed.config : undefined
 	const user = c.get("user")!
 
 	try {
-		await sessionManager.upsertSourceConfig(user.id, sourceId, {
+		await sessionManager.saveSourceConfig(user.id, sourceId, {
 			enabled,
 			config,
+			credentials,
 		})
 	} catch (err) {
 		if (err instanceof SourceNotFoundError) {
@@ -166,8 +188,134 @@ async function handleReplaceSource(c: Context<Env>) {
 		if (err instanceof InvalidSourceConfigError) {
 			return c.json({ error: err.message }, 400)
 		}
+		if (err instanceof CredentialStorageUnavailableError) {
+			return c.json({ error: err.message }, 503)
+		}
 		throw err
 	}
 
 	return c.body(null, 204)
 }
+
+async function handleListActions(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	if (!sourceId) {
+		return c.body(null, 404)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleListActions] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	try {
+		const actions = await session.engine.listActions(sourceId)
+		return c.json({ actions: serializeActions(actions) })
+	} catch (err) {
+		if (isActionNotFoundError(err)) {
+			return c.json({ error: err.message }, 404)
+		}
+		console.error(`[handleListActions] Failed to list actions for "${sourceId}":`, err)
+		return c.json({ error: "Failed to list actions" }, 500)
+	}
+}
+
+async function handleExecuteAction(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	const actionId = c.req.param("actionId")
+	if (!sourceId || !actionId) {
+		return c.body(null, 404)
+	}
+
+	let params: unknown
+	try {
+		params = await c.req.json()
+	} catch {
+		return c.json({ error: "Invalid JSON" }, 400)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleExecuteAction] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	try {
+		const result = await session.engine.executeAction(sourceId, actionId, params)
+		return c.json({ result })
+	} catch (err) {
+		if (isActionNotFoundError(err)) {
+			return c.json({ error: err.message }, 404)
+		}
+		return c.json({ error: err instanceof Error ? err.message : String(err) }, 400)
+	}
+}
+
+async function handleUpdateCredentials(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	if (!sourceId) {
+		return c.body(null, 404)
+	}
+
+	const sessionManager = c.get("sessionManager")
+
+	const provider = sessionManager.getProvider(sourceId)
+	if (!provider) {
+		return c.json({ error: `Source "${sourceId}" not found` }, 404)
+	}
+
+	let body: unknown
+	try {
+		body = await c.req.json()
+	} catch {
+		return c.json({ error: "Invalid JSON" }, 400)
+	}
+
+	const user = c.get("user")!
+
+	try {
+		await sessionManager.updateSourceCredentials(user.id, sourceId, body)
+	} catch (err) {
+		if (err instanceof SourceNotFoundError) {
+			return c.json({ error: err.message }, 404)
+		}
+		if (err instanceof InvalidSourceCredentialsError) {
+			return c.json({ error: err.message }, 400)
+		}
+		if (err instanceof CredentialStorageUnavailableError) {
+			return c.json({ error: err.message }, 503)
+		}
+		throw err
+	}
+
+	return c.body(null, 204)
+}
+
+function serializeActions(actions: Record<string, ActionDefinition>) {
+	const serialized: Record<string, { id: string; description?: string }> = {}
+	for (const [key, action] of Object.entries(actions)) {
+		serialized[key] = {
+			id: action.id,
+			...(action.description ? { description: action.description } : {}),
+		}
+	}
+	return serialized
+}
+
+function isActionNotFoundError(err: unknown): err is Error {
+	if (!(err instanceof Error)) {
+		return false
+	}
+	return err.message.startsWith("Source not found:") || err.message.startsWith("Action ")
+}

apps/freya-backend/src/sources/user-sources.ts

@@ -26,6 +26,18 @@ export function sources(db: Database, userId: string) {
 			return rows[0]
 		},
 
+		/** Like find(), but acquires a row lock to prevent concurrent modifications. Must be called inside a transaction. */
+		async findForUpdate(sourceId: string) {
+			const rows = await db
+				.select()
+				.from(userSources)
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.limit(1)
+				.for("update")
+
+			return rows[0]
+		},
+
 		/** Enables a source for the user. Throws if the source row doesn't exist. */
 		async enableSource(sourceId: string) {
 			const rows = await db