Make progress on restyling

2025-04-07 08:38:28 +00:00 · 2024-03-15 12:31:59 -07:00
1154 changed files with 12097 additions and 47881 deletions
--- a/.env.example
+++ b/.env.example
@ -3,6 +3,9 @@
 # THIS IS A SAMPLE ENCRYPTION KEY AND SHOULD NEVER BE USED FOR PRODUCTION
 ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218

+# Required
+DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
+
 # JWT
 # Required secrets to sign JWT tokens
 # THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION
@ -13,9 +16,6 @@ POSTGRES_PASSWORD=infisical
 POSTGRES_USER=infisical
 POSTGRES_DB=infisical

-# Required
-DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
-
 # Redis
 REDIS_URL=redis://redis:6379

--- a/.github/resources/rename_migration_files.py
+++ b/.github/resources/rename_migration_files.py
@ -1,26 +0,0 @@
-import os
-from datetime import datetime, timedelta
-
-def rename_migrations():
-    migration_folder = "./backend/src/db/migrations"
-    with open("added_files.txt", "r") as file:
-        changed_files = file.readlines()
-    
-    # Find the latest file among the changed files
-    latest_timestamp = datetime.now() # utc time
-    for file_path in changed_files:
-        file_path = file_path.strip()
-        # each new file bump by 1s
-        latest_timestamp = latest_timestamp + timedelta(seconds=1)
-
-        new_filename = os.path.join(migration_folder, latest_timestamp.strftime("%Y%m%d%H%M%S") + f"_{file_path.split('_')[1]}")
-        old_filename = os.path.join(migration_folder, file_path)
-        os.rename(old_filename, new_filename)
-        print(f"Renamed {old_filename} to {new_filename}")
-
-    if len(changed_files) == 0:
-        print("No new files added to migration folder")
-
-if __name__ == "__main__":
-    rename_migrations()
-
--- a/.github/workflows/build-docker-image-to-prod.yml
+++ b/.github/workflows/build-docker-image-to-prod.yml
@ -41,7 +41,6 @@ jobs:
          load: true
          context: backend
          tags: infisical/infisical:test
-          platforms: linux/amd64,linux/arm64
      - name: ⏻ Spawn backend container and dependencies
        run: |
          docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
@ -93,7 +92,6 @@ jobs:
          project: 64mmf0n610
          context: frontend
          tags: infisical/frontend:test
-          platforms: linux/amd64,linux/arm64
          build-args: |
            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
            NEXT_INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
--- a/.github/workflows/build-patroni-docker-img.yml
+++ b/.github/workflows/build-patroni-docker-img.yml
@ -1,38 +0,0 @@
-name: Build patroni 
-on: [workflow_dispatch]
-
-jobs:
-  patroni-image:
-    name: Build patroni
-    runs-on: ubuntu-latest
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-        with:
-          repository: 'zalando/patroni'
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
-      - name: 🏗️ Build backend and push to docker hub
-        uses: depot/build-push-action@v1
-        with:
-          project: 64mmf0n610
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          push: true
-          context: .
-          file: Dockerfile
-          tags: |
-            infisical/patroni:${{ steps.commit.outputs.short }}
-            infisical/patroni:latest
-          platforms: linux/amd64,linux/arm64
-    
-  
--- a/.github/workflows/build-staging-and-deploy-aws.yml
+++ b/.github/workflows/build-staging-and-deploy-aws.yml
@ -1,140 +0,0 @@
-name: Deployment pipeline
-on: [workflow_dispatch]
-
-permissions:
-  id-token: write
-  contents: read
-
-jobs:
-  infisical-image:
-    name: Build backend image
-    runs-on: ubuntu-latest
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: 📦 Install dependencies to test all dependencies
-        run: npm ci --only-production
-        working-directory: backend
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
-      - name: 🏗️ Build backend and push to docker hub
-        uses: depot/build-push-action@v1
-        with:
-          project: 64mmf0n610
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          push: true
-          context: .
-          file: Dockerfile.standalone-infisical
-          tags: |
-            infisical/staging_infisical:${{ steps.commit.outputs.short }}
-            infisical/staging_infisical:latest
-          platforms: linux/amd64,linux/arm64
-          build-args: |
-            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
-            INFISICAL_PLATFORM_VERSION=${{ steps.commit.outputs.short }}
-    
-  gamma-deployment:
-    name: Deploy to gamma
-    runs-on: ubuntu-latest
-    needs: [infisical-image]
-    environment:
-      name: Gamma
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Setup Node.js environment
-        uses: actions/setup-node@v2
-        with:
-          node-version: "20"
-      - name: Change directory to backend and install dependencies
-        env:
-          DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
-        run: |
-          cd backend
-          npm install
-          npm run migration:latest
-      - name: Configure AWS Credentials 
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          audience: sts.amazonaws.com
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::905418227878:role/deploy-new-ecs-img
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: Download task definition
-        run: |
-          aws ecs describe-task-definition --task-definition infisical-prod-platform --query taskDefinition > task-definition.json
-      - name: Render Amazon ECS task definition
-        id: render-web-container
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
-        with:
-          task-definition: task-definition.json
-          container-name: infisical-prod-platform
-          image: infisical/staging_infisical:${{ steps.commit.outputs.short }}
-          environment-variables: "LOG_LEVEL=info"
-      - name: Deploy to Amazon ECS service
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-        with:
-          task-definition: ${{ steps.render-web-container.outputs.task-definition }}
-          service: infisical-prod-platform
-          cluster: infisical-prod-platform
-          wait-for-service-stability: true
-
-  production-postgres-deployment:
-    name: Deploy to production
-    runs-on: ubuntu-latest
-    needs: [gamma-deployment]
-    environment:
-      name: Production
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Setup Node.js environment
-        uses: actions/setup-node@v2
-        with:
-          node-version: "20"
-      - name: Change directory to backend and install dependencies
-        env:
-          DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
-        run: |
-          cd backend
-          npm install
-          npm run migration:latest
-      - name: Configure AWS Credentials 
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          audience: sts.amazonaws.com
-          aws-region: us-east-1
-          role-to-assume: arn:aws:iam::381492033652:role/gha-make-prod-deployment
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: Download task definition
-        run: |
-          aws ecs describe-task-definition --task-definition infisical-prod-platform --query taskDefinition > task-definition.json
-      - name: Render Amazon ECS task definition
-        id: render-web-container
-        uses: aws-actions/amazon-ecs-render-task-definition@v1
-        with:
-          task-definition: task-definition.json
-          container-name: infisical-prod-platform
-          image: infisical/staging_infisical:${{ steps.commit.outputs.short }}
-          environment-variables: "LOG_LEVEL=info"
-      - name: Deploy to Amazon ECS service
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-        with:
-          task-definition: ${{ steps.render-web-container.outputs.task-definition }}
-          service: infisical-prod-platform
-          cluster: infisical-prod-platform
-          wait-for-service-stability: true
--- a/.github/workflows/build-staging-and-deploy.yml
+++ b/.github/workflows/build-staging-and-deploy.yml
@ -0,0 +1,120 @@
+name: Build, Publish and Deploy to Gamma
+on: [workflow_dispatch]
+
+jobs:
+  infisical-image:
+    name: Build backend image
+    runs-on: ubuntu-latest
+    steps:
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: 📦 Install dependencies to test all dependencies
+        run: npm ci --only-production
+        working-directory: backend
+      # - name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: backend
+      - name: Save commit hashes for tag
+        id: commit
+        uses: pr-mpt/actions-commit-hash@v2
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+      - name: 📦 Build backend and export to Docker
+        uses: depot/build-push-action@v1
+        with:
+          project: 64mmf0n610
+          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          load: true
+          context: .
+          file: Dockerfile.standalone-infisical
+          tags: infisical/infisical:test
+      # - name: ⏻ Spawn backend container and dependencies
+      #   run: |
+      #     docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
+      # - name: 🧪 Test backend image
+      #   run: |
+      #     ./.github/resources/healthcheck.sh infisical-backend-test
+      # - name: ⏻ Shut down backend container and dependencies
+      #   run: |
+      #     docker compose -f .github/resources/docker-compose.be-test.yml down
+      - name: 🏗️ Build backend and push
+        uses: depot/build-push-action@v1
+        with:
+          project: 64mmf0n610
+          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          push: true
+          context: .
+          file: Dockerfile.standalone-infisical
+          tags: |
+            infisical/staging_infisical:${{ steps.commit.outputs.short }}
+            infisical/staging_infisical:latest
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+            INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
+  postgres-migration:
+    name: Run latest migration files
+    runs-on: ubuntu-latest
+    needs: [infisical-image]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v2
+        with:
+          node-version: "20"
+      - name: Change directory to backend and install dependencies
+        env:
+          DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
+        run: |
+          cd backend
+          npm install
+          npm run migration:latest
+      # - name: Run postgres DB migration files
+      #   env:
+      #     DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
+      #   run: npm run migration:latest
+  gamma-deployment:
+    name: Deploy to gamma
+    runs-on: ubuntu-latest
+    needs: [postgres-migration]
+    steps:
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+      - name: Install infisical helm chart
+        run: |
+          helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
+          helm repo update
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+      - name: Install doctl
+        uses: digitalocean/action-doctl@v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      - name: Save DigitalOcean kubeconfig with short-lived credentials
+        run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 infisical-gamma-postgres
+      - name: switch to gamma namespace
+        run: kubectl config set-context --current --namespace=gamma
+      - name: test kubectl
+        run: kubectl get ingress
+      - name: Download helm values to file and upgrade gamma deploy
+        run: |
+          wget https://raw.githubusercontent.com/Infisical/infisical/main/.github/values.yaml
+          helm upgrade infisical infisical-helm-charts/infisical-standalone  --values values.yaml --wait --install
+          if [[ $(helm status infisical) == *"FAILED"* ]]; then
+            echo "Helm upgrade failed"
+            exit 1
+          else
+            echo "Helm upgrade was successful"
+          fi
--- a/.github/workflows/check-api-for-breaking-changes.yml
+++ b/.github/workflows/check-api-for-breaking-changes.yml
@ -5,7 +5,6 @@ on:
    types: [opened, synchronize]
    paths:
      - "backend/src/server/routes/**"
-      - "backend/src/ee/routes/**"

 jobs:
  check-be-api-changes:
--- a/.github/workflows/release_build_infisical_cli.yml
+++ b/.github/workflows/release_build_infisical_cli.yml
@ -1,72 +1,60 @@
 name: Build and release CLI

 on:
-    workflow_dispatch:
-
-    push:
-        # run only against tags
-        tags:
-            - "infisical-cli/v*.*.*"
+  push:
+    # run only against tags
+    tags:
+      - "infisical-cli/v*.*.*"

 permissions:
-    contents: write
-    # packages: write
-    # issues: write
-jobs:
-    cli-integration-tests:
-        name: Run tests before deployment
-        uses: ./.github/workflows/run-cli-tests.yml
-        secrets:
-            CLI_TESTS_UA_CLIENT_ID: ${{ secrets.CLI_TESTS_UA_CLIENT_ID }}
-            CLI_TESTS_UA_CLIENT_SECRET: ${{ secrets.CLI_TESTS_UA_CLIENT_SECRET }}
-            CLI_TESTS_SERVICE_TOKEN: ${{ secrets.CLI_TESTS_SERVICE_TOKEN }}
-            CLI_TESTS_PROJECT_ID: ${{ secrets.CLI_TESTS_PROJECT_ID }}
-            CLI_TESTS_ENV_SLUG: ${{ secrets.CLI_TESTS_ENV_SLUG }}
+  contents: write
+  # packages: write
+  # issues: write

-    goreleaser:
-        runs-on: ubuntu-20.04
-        needs: [cli-integration-tests]
-        steps:
-            - uses: actions/checkout@v3
-              with:
-                  fetch-depth: 0
-            - name: 🐋 Login to Docker Hub
-              uses: docker/login-action@v2
-              with:
-                  username: ${{ secrets.DOCKERHUB_USERNAME }}
-                  password: ${{ secrets.DOCKERHUB_TOKEN }}
-            - name: 🔧 Set up Docker Buildx
-              uses: docker/setup-buildx-action@v2
-            - run: git fetch --force --tags
-            - run: echo "Ref name ${{github.ref_name}}"
-            - uses: actions/setup-go@v3
-              with:
-                  go-version: ">=1.19.3"
-                  cache: true
-                  cache-dependency-path: cli/go.sum
-            - name: libssl1.1 => libssl1.0-dev for OSXCross
-              run: |
-                  echo 'deb http://security.ubuntu.com/ubuntu bionic-security main' | sudo tee -a /etc/apt/sources.list
-                  sudo apt update && apt-cache policy libssl1.0-dev
-                  sudo apt-get install libssl1.0-dev
-            - name: OSXCross for CGO Support
-              run: |
-                  mkdir ../../osxcross
-                  git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
-            - uses: goreleaser/goreleaser-action@v4
-              with:
-                  distribution: goreleaser-pro
-                  version: latest
-                  args: release --clean
-              env:
-                  GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-                  POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
-                  FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
-                  AUR_KEY: ${{ secrets.AUR_KEY }}
-                  GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-            - uses: actions/setup-python@v4
-            - run: pip install --upgrade cloudsmith-cli
-            - name: Publish to CloudSmith
-              run: sh cli/upload_to_cloudsmith.sh
-              env:
-                  CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
+jobs:
+  goreleaser:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - run: git fetch --force --tags
+      - run: echo "Ref name ${{github.ref_name}}"
+      - uses: actions/setup-go@v3
+        with:
+          go-version: ">=1.19.3"
+          cache: true
+          cache-dependency-path: cli/go.sum
+      - name: libssl1.1 => libssl1.0-dev for OSXCross
+        run: |
+          echo 'deb http://security.ubuntu.com/ubuntu bionic-security main' | sudo tee -a /etc/apt/sources.list
+          sudo apt update && apt-cache policy libssl1.0-dev
+          sudo apt-get install libssl1.0-dev
+      - name: OSXCross for CGO Support
+        run: |
+          mkdir ../../osxcross
+          git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
+      - uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
+          POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
+          FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
+          AUR_KEY: ${{ secrets.AUR_KEY }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+      - uses: actions/setup-python@v4
+      - run: pip install --upgrade cloudsmith-cli
+      - name: Publish to CloudSmith
+        run: sh cli/upload_to_cloudsmith.sh
+        env:
+          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
--- a/.github/workflows/run-cli-tests.yml
+++ b/.github/workflows/run-cli-tests.yml
@ -1,47 +0,0 @@
-name: Go CLI Tests
-
-on:
-    pull_request:
-        types: [opened, synchronize]
-        paths:
-            - "cli/**"
-
-    workflow_dispatch:
-
-    workflow_call:
-        secrets:
-            CLI_TESTS_UA_CLIENT_ID:
-                required: true
-            CLI_TESTS_UA_CLIENT_SECRET:
-                required: true
-            CLI_TESTS_SERVICE_TOKEN:
-                required: true
-            CLI_TESTS_PROJECT_ID:
-                required: true
-            CLI_TESTS_ENV_SLUG:
-                required: true
-
-jobs:
-    test:
-        defaults:
-            run:
-                working-directory: ./cli
-        runs-on: ubuntu-latest
-
-        steps:
-            - uses: actions/checkout@v4
-            - name: Setup Go
-              uses: actions/setup-go@v4
-              with:
-                  go-version: "1.21.x"
-            - name: Install dependencies
-              run: go get .
-            - name: Test with the Go CLI
-              env:
-                  CLI_TESTS_UA_CLIENT_ID: ${{ secrets.CLI_TESTS_UA_CLIENT_ID }}
-                  CLI_TESTS_UA_CLIENT_SECRET: ${{ secrets.CLI_TESTS_UA_CLIENT_SECRET }}
-                  CLI_TESTS_SERVICE_TOKEN: ${{ secrets.CLI_TESTS_SERVICE_TOKEN }}
-                  CLI_TESTS_PROJECT_ID: ${{ secrets.CLI_TESTS_PROJECT_ID }}
-                  CLI_TESTS_ENV_SLUG: ${{ secrets.CLI_TESTS_ENV_SLUG }}
-
-              run: go test -v -count=1 ./test
--- a/.github/workflows/update-be-new-migration-latest-timestamp.yml
+++ b/.github/workflows/update-be-new-migration-latest-timestamp.yml
@ -1,48 +0,0 @@
-name: Rename Migrations
-
-on:
-  pull_request:
-    types: [closed]
-    paths:
-      - 'backend/src/db/migrations/**'
-
-jobs:
-  rename:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true
-
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Get list of newly added files in migration folder
-        run: |
-          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^A' | cut -f2 | xargs -n1 basename > added_files.txt
-          if [ ! -s added_files.txt ]; then
-            echo "No new files added. Skipping"
-            echo "SKIP_RENAME=true" >> $GITHUB_ENV
-          fi
-
-      - name: Script to rename migrations
-        if: env.SKIP_RENAME != 'true'
-        run: python .github/resources/rename_migration_files.py
-
-      - name: Commit and push changes
-        if: env.SKIP_RENAME != 'true'
-        run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
-          git add ./backend/src/db/migrations
-          rm added_files.txt
-          git commit -m "chore: renamed new migration files to latest timestamp (gh-action)"
-
-      - name: Create Pull Request
-        if: env.SKIP_RENAME != 'true'
-        uses: peter-evans/create-pull-request@v6
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          commit-message: 'chore: renamed new migration files to latest UTC (gh-action)'
-          title: 'GH Action: rename new migration file timestamp'
-          branch-suffix: timestamp
--- a/.gitignore
+++ b/.gitignore
@ -59,13 +59,9 @@ yarn-error.log*
 # Infisical init
 .infisical.json

-.infisicalignore
-
 # Editor specific
 .vscode/*

 frontend-build

 *.tgz
-cli/infisical-merge
-cli/test/infisical-merge
--- a/.infisicalignore
+++ b/.infisicalignore
@ -1,7 +1 @@
 .github/resources/docker-compose.be-test.yml:generic-api-key:16
-frontend/src/views/Project/MembersPage/components/IdentityTab/components/IdentityRoleForm/IdentityRbacSection.tsx:generic-api-key:206
-frontend/src/views/Project/MembersPage/components/IdentityTab/components/IdentityRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:304
-frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/MemberRbacSection.tsx:generic-api-key:206
-frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:292
-docs/self-hosting/configuration/envars.mdx:generic-api-key:106
-frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:451
--- a/Dockerfile.standalone-infisical
+++ b/Dockerfile.standalone-infisical
@ -1,7 +1,6 @@
 ARG POSTHOG_HOST=https://app.posthog.com
 ARG POSTHOG_API_KEY=posthog-api-key
 ARG INTERCOM_ID=intercom-id
-ARG SAML_ORG_SLUG=saml-org-slug-default

 FROM  node:20-alpine AS base

@ -36,8 +35,6 @@ ARG INTERCOM_ID
 ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
 ARG INFISICAL_PLATFORM_VERSION
 ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
-ARG SAML_ORG_SLUG
-ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG 

 # Build
 RUN npm run build
@ -103,9 +100,6 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
 ARG INTERCOM_ID=intercom-id
 ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
  BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
-ARG SAML_ORG_SLUG
-ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG \
-  BAKED_NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG

 WORKDIR / 

@ -124,6 +118,9 @@ WORKDIR /backend

 ENV TELEMETRY_ENABLED true

+HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
+  CMD node healthcheck.js
+
 EXPOSE 8080
 EXPOSE 443

--- a/README.md
+++ b/README.md
@ -10,8 +10,7 @@
  <a href="https://infisical.com/">Infisical Cloud</a> |
  <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
  <a href="https://infisical.com/docs/documentation/getting-started/introduction">Docs</a> |
-  <a href="https://www.infisical.com">Website</a> |
-  <a href="https://infisical.com/careers">Hiring (Remote/SF)</a>
+  <a href="https://www.infisical.com">Website</a>
 </h4>

 <p align="center">
@ -76,7 +75,7 @@ Check out the [Quickstart Guides](https://infisical.com/docs/getting-started/int

 | Use Infisical Cloud                                                                                                                                     | Deploy Infisical on premise                                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | ------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| The fastest and most reliable way to <br> get started with Infisical is signing up <br> for free to [Infisical Cloud](https://app.infisical.com/login). |  <br> View all [deployment options](https://infisical.com/docs/self-hosting/overview) |
+| The fastest and most reliable way to <br> get started with Infisical is signing up <br> for free to [Infisical Cloud](https://app.infisical.com/login). | <a href="https://infisical.com/docs/self-hosting/deployment-options/aws-ec2"><img src=".github/images/deploy-to-aws.png" width="150" width="300" /></a> <a href="https://infisical.com/docs/self-hosting/deployment-options/digital-ocean-marketplace" alt="Deploy to DigitalOcean"> <img width="217" alt="Deploy to DO" src="https://www.deploytodo.com/do-btn-blue.svg"/> </a> <br> View all [deployment options](https://infisical.com/docs/self-hosting/overview) |

 ### Run Infisical locally

--- a/backend/.eslintrc.js
+++ b/backend/.eslintrc.js
@ -23,17 +23,16 @@ module.exports = {
  root: true,
  overrides: [
    {
-      files: ["./e2e-test/**/*", "./src/db/migrations/**/*"],
+      files: ["./e2e-test/**/*"],
      rules: {
        "@typescript-eslint/no-unsafe-member-access": "off",
        "@typescript-eslint/no-unsafe-assignment": "off",
        "@typescript-eslint/no-unsafe-argument": "off",
        "@typescript-eslint/no-unsafe-return": "off",
-        "@typescript-eslint/no-unsafe-call": "off"
+        "@typescript-eslint/no-unsafe-call": "off",
      }
    }
  ],
-
  rules: {
    "@typescript-eslint/no-empty-function": "off",
    "@typescript-eslint/no-unsafe-enum-comparison": "off",
--- a/backend/e2e-test/routes/v1/secret-import.spec.ts
+++ b/backend/e2e-test/routes/v1/secret-import.spec.ts
@ -46,7 +46,7 @@ const deleteSecretImport = async (id: string) => {

 describe("Secret Import Router", async () => {
  test.each([
-    { importEnv: "prod", importPath: "/" }, // one in root
+    { importEnv: "dev", importPath: "/" }, // one in root
    { importEnv: "staging", importPath: "/" } // then create a deep one creating intermediate ones
  ])("Create secret import $importEnv with path $importPath", async ({ importPath, importEnv }) => {
    // check for default environments
@ -66,7 +66,7 @@ describe("Secret Import Router", async () => {
  });

  test("Get secret imports", async () => {
-    const createdImport1 = await createSecretImport("/", "prod");
+    const createdImport1 = await createSecretImport("/", "dev");
    const createdImport2 = await createSecretImport("/", "staging");
    const res = await testServer.inject({
      method: "GET",
@ -103,10 +103,10 @@ describe("Secret Import Router", async () => {
  });

  test("Update secret import position", async () => {
-    const prodImportDetails = { path: "/", envSlug: "prod" };
+    const devImportDetails = { path: "/", envSlug: "dev" };
    const stagingImportDetails = { path: "/", envSlug: "staging" };

-    const createdImport1 = await createSecretImport(prodImportDetails.path, prodImportDetails.envSlug);
+    const createdImport1 = await createSecretImport(devImportDetails.path, devImportDetails.envSlug);
    const createdImport2 = await createSecretImport(stagingImportDetails.path, stagingImportDetails.envSlug);

    const updateImportRes = await testServer.inject({
@ -136,7 +136,7 @@ describe("Secret Import Router", async () => {
        position: 2,
        importEnv: expect.objectContaining({
          name: expect.any(String),
-          slug: expect.stringMatching(prodImportDetails.envSlug),
+          slug: expect.stringMatching(devImportDetails.envSlug),
          id: expect.any(String)
        })
      })
@ -166,7 +166,7 @@ describe("Secret Import Router", async () => {
  });

  test("Delete secret import position", async () => {
-    const createdImport1 = await createSecretImport("/", "prod");
+    const createdImport1 = await createSecretImport("/", "dev");
    const createdImport2 = await createSecretImport("/", "staging");
    const deletedImport = await deleteSecretImport(createdImport1.id);
    // check for default environments
--- a/backend/e2e-test/routes/v3/secrets.spec.ts
+++ b/backend/e2e-test/routes/v3/secrets.spec.ts
@ -942,113 +942,6 @@ describe.each([{ auth: AuthMode.JWT }, { auth: AuthMode.IDENTITY_ACCESS_TOKEN }]
      const secrets = await getSecrets(seedData1.environment.slug, path);
      expect(secrets).toEqual([]);
    });
-
-    test.each(testRawSecrets)("Bulk create secret raw in path $path", async ({ path, secret }) => {
-      const createSecretReqBody = {
-        projectSlug: seedData1.project.slug,
-        environment: seedData1.environment.slug,
-        secretPath: path,
-        secrets: [
-          {
-            secretKey: secret.key,
-            secretValue: secret.value,
-            secretComment: secret.comment
-          }
-        ]
-      };
-      const createSecRes = await testServer.inject({
-        method: "POST",
-        url: `/api/v3/secrets/batch/raw`,
-        headers: {
-          authorization: `Bearer ${authToken}`
-        },
-        body: createSecretReqBody
-      });
-      expect(createSecRes.statusCode).toBe(200);
-      const createdSecretPayload = JSON.parse(createSecRes.payload);
-      expect(createdSecretPayload).toHaveProperty("secrets");
-
-      // fetch secrets
-      const secrets = await getSecrets(seedData1.environment.slug, path);
-      expect(secrets).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            key: secret.key,
-            value: secret.value,
-            type: SecretType.Shared
-          })
-        ])
-      );
-
-      await deleteRawSecret({ path, key: secret.key });
-    });
-
-    test.each(testRawSecrets)("Bulk update secret raw in path $path", async ({ secret, path }) => {
-      await createRawSecret({ path, ...secret });
-      const updateSecretReqBody = {
-        projectSlug: seedData1.project.slug,
-        environment: seedData1.environment.slug,
-        secretPath: path,
-        secrets: [
-          {
-            secretValue: "new-value",
-            secretKey: secret.key
-          }
-        ]
-      };
-      const updateSecRes = await testServer.inject({
-        method: "PATCH",
-        url: `/api/v3/secrets/batch/raw`,
-        headers: {
-          authorization: `Bearer ${authToken}`
-        },
-        body: updateSecretReqBody
-      });
-      expect(updateSecRes.statusCode).toBe(200);
-      const updatedSecretPayload = JSON.parse(updateSecRes.payload);
-      expect(updatedSecretPayload).toHaveProperty("secrets");
-
-      // fetch secrets
-      const secrets = await getSecrets(seedData1.environment.slug, path);
-      expect(secrets).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            key: secret.key,
-            value: "new-value",
-            version: 2,
-            type: SecretType.Shared
-          })
-        ])
-      );
-
-      await deleteRawSecret({ path, key: secret.key });
-    });
-
-    test.each(testRawSecrets)("Bulk delete secret raw in path $path", async ({ path, secret }) => {
-      await createRawSecret({ path, ...secret });
-
-      const deletedSecretReqBody = {
-        projectSlug: seedData1.project.slug,
-        environment: seedData1.environment.slug,
-        secretPath: path,
-        secrets: [{ secretKey: secret.key }]
-      };
-      const deletedSecRes = await testServer.inject({
-        method: "DELETE",
-        url: `/api/v3/secrets/batch/raw`,
-        headers: {
-          authorization: `Bearer ${authToken}`
-        },
-        body: deletedSecretReqBody
-      });
-      expect(deletedSecRes.statusCode).toBe(200);
-      const deletedSecretPayload = JSON.parse(deletedSecRes.payload);
-      expect(deletedSecretPayload).toHaveProperty("secrets");
-
-      // fetch secrets
-      const secrets = await getSecrets(seedData1.environment.slug, path);
-      expect(secrets).toEqual([]);
-    });
  }
 );

--- a/backend/e2e-test/vitest-environment-knex.ts
+++ b/backend/e2e-test/vitest-environment-knex.ts
@ -10,7 +10,7 @@ import { seedData1 } from "@app/db/seed-data";
 import { initEnvConfig } from "@app/lib/config/env";
 import { initLogger } from "@app/lib/logger";
 import { main } from "@app/server/app";
-import { AuthMethod, AuthTokenType } from "@app/services/auth/auth-type";
+import { AuthTokenType } from "@app/services/auth/auth-type";

 import { mockQueue } from "./mocks/queue";
 import { mockSmtpServer } from "./mocks/smtp";
@ -52,8 +52,6 @@ export default {
          authTokenType: AuthTokenType.ACCESS_TOKEN,
          userId: seedData1.id,
          tokenVersionId: seedData1.token.id,
-          authMethod: AuthMethod.EMAIL,
-          organizationId: seedData1.organization.id,
          accessVersion: 1
        },
        cfg.AUTH_SECRET,
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -35,7 +35,6 @@
        "axios-retry": "^4.0.0",
        "bcrypt": "^5.1.1",
        "bullmq": "^5.3.3",
-        "cassandra-driver": "^4.7.2",
        "dotenv": "^16.4.1",
        "fastify": "^4.26.0",
        "fastify-plugin": "^4.5.1",
@ -45,15 +44,13 @@
        "jsonwebtoken": "^9.0.2",
        "jsrp": "^0.2.4",
        "knex": "^3.0.1",
-        "ldapjs": "^3.0.7",
        "libsodium-wrappers": "^0.7.13",
        "lodash.isequal": "^4.5.0",
        "ms": "^2.1.3",
-        "mysql2": "^3.9.4",
+        "mysql2": "^3.9.1",
        "nanoid": "^5.0.4",
        "nodemailer": "^6.9.9",
        "ora": "^7.0.1",
-        "oracledb": "^6.4.0",
        "passport-github": "^1.1.0",
        "passport-gitlab2": "^5.0.0",
        "passport-google-oauth20": "^2.0.0",
@ -1711,22 +1708,6 @@
        "node": ">=12"
      }
    },
-    "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.20.2.tgz",
-      "integrity": "sha512-D+EBOJHXdNZcLJRBkhENNG8Wji2kgc9AZ9KiPr1JuZjsNtyHzrsfLRrY0tk2H2aoFu6RANO1y1iPPUCDYWkb5g==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "aix"
-      ],
-      "engines": {
-        "node": ">=12"
-      }
-    },
    "node_modules/@esbuild/android-arm": {
      "version": "0.18.20",
      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.18.20.tgz",
@ -2511,83 +2492,6 @@
        "@jridgewell/sourcemap-codec": "^1.4.10"
      }
    },
-    "node_modules/@ldapjs/asn1": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-2.0.0.tgz",
-      "integrity": "sha512-G9+DkEOirNgdPmD0I8nu57ygQJKOOgFEMKknEuQvIHbGLwP3ny1mY+OTUYLCbCaGJP4sox5eYgBJRuSUpnAddA=="
-    },
-    "node_modules/@ldapjs/attribute": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/attribute/-/attribute-1.0.0.tgz",
-      "integrity": "sha512-ptMl2d/5xJ0q+RgmnqOi3Zgwk/TMJYG7dYMC0Keko+yZU6n+oFM59MjQOUht5pxJeS4FWrImhu/LebX24vJNRQ==",
-      "dependencies": {
-        "@ldapjs/asn1": "2.0.0",
-        "@ldapjs/protocol": "^1.2.1",
-        "process-warning": "^2.1.0"
-      }
-    },
-    "node_modules/@ldapjs/change": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/change/-/change-1.0.0.tgz",
-      "integrity": "sha512-EOQNFH1RIku3M1s0OAJOzGfAohuFYXFY4s73wOhRm4KFGhmQQ7MChOh2YtYu9Kwgvuq1B0xKciXVzHCGkB5V+Q==",
-      "dependencies": {
-        "@ldapjs/asn1": "2.0.0",
-        "@ldapjs/attribute": "1.0.0"
-      }
-    },
-    "node_modules/@ldapjs/controls": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/controls/-/controls-2.1.0.tgz",
-      "integrity": "sha512-2pFdD1yRC9V9hXfAWvCCO2RRWK9OdIEcJIos/9cCVP9O4k72BY1bLDQQ4KpUoJnl4y/JoD4iFgM+YWT3IfITWw==",
-      "dependencies": {
-        "@ldapjs/asn1": "^1.2.0",
-        "@ldapjs/protocol": "^1.2.1"
-      }
-    },
-    "node_modules/@ldapjs/controls/node_modules/@ldapjs/asn1": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/asn1/-/asn1-1.2.0.tgz",
-      "integrity": "sha512-KX/qQJ2xxzvO2/WOvr1UdQ+8P5dVvuOLk/C9b1bIkXxZss8BaR28njXdPgFCpj5aHaf1t8PmuVnea+N9YG9YMw=="
-    },
-    "node_modules/@ldapjs/dn": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/dn/-/dn-1.1.0.tgz",
-      "integrity": "sha512-R72zH5ZeBj/Fujf/yBu78YzpJjJXG46YHFo5E4W1EqfNpo1UsVPqdLrRMXeKIsJT3x9dJVIfR6OpzgINlKpi0A==",
-      "dependencies": {
-        "@ldapjs/asn1": "2.0.0",
-        "process-warning": "^2.1.0"
-      }
-    },
-    "node_modules/@ldapjs/filter": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@ldapjs/filter/-/filter-2.1.1.tgz",
-      "integrity": "sha512-TwPK5eEgNdUO1ABPBUQabcZ+h9heDORE4V9WNZqCtYLKc06+6+UAJ3IAbr0L0bYTnkkWC/JEQD2F+zAFsuikNw==",
-      "dependencies": {
-        "@ldapjs/asn1": "2.0.0",
-        "@ldapjs/protocol": "^1.2.1",
-        "process-warning": "^2.1.0"
-      }
-    },
-    "node_modules/@ldapjs/messages": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/@ldapjs/messages/-/messages-1.3.0.tgz",
-      "integrity": "sha512-K7xZpXJ21bj92jS35wtRbdcNrwmxAtPwy4myeh9duy/eR3xQKvikVycbdWVzkYEAVE5Ce520VXNOwCHjomjCZw==",
-      "dependencies": {
-        "@ldapjs/asn1": "^2.0.0",
-        "@ldapjs/attribute": "^1.0.0",
-        "@ldapjs/change": "^1.0.0",
-        "@ldapjs/controls": "^2.1.0",
-        "@ldapjs/dn": "^1.1.0",
-        "@ldapjs/filter": "^2.1.1",
-        "@ldapjs/protocol": "^1.2.1",
-        "process-warning": "^2.2.0"
-      }
-    },
-    "node_modules/@ldapjs/protocol": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@ldapjs/protocol/-/protocol-1.2.1.tgz",
-      "integrity": "sha512-O89xFDLW2gBoZWNXuXpBSM32/KealKCTb3JGtJdtUQc7RjAk8XzrRgyz02cPAwGKwKPxy0ivuC7UP9bmN87egQ=="
-    },
    "node_modules/@lukeed/ms": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/@lukeed/ms/-/ms-2.0.1.tgz",
@ -3258,9 +3162,9 @@
      }
    },
    "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.14.3.tgz",
-      "integrity": "sha512-X9alQ3XM6I9IlSlmC8ddAvMSyG1WuHk5oUnXGw+yUBs3BFoTizmG1La/Gr8fVJvDWAq+zlYTZ9DBgrlKRVY06g==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.8.0.tgz",
+      "integrity": "sha512-zdTObFRoNENrdPpnTNnhOljYIcOX7aI7+7wyrSpPFFIOf/nRdedE6IYsjaBE7tjukphh1tMTojgJ7p3lKY8x6Q==",
      "cpu": [
        "arm"
      ],
@ -3271,9 +3175,9 @@
      ]
    },
    "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.14.3.tgz",
-      "integrity": "sha512-eQK5JIi+POhFpzk+LnjKIy4Ks+pwJ+NXmPxOCSvOKSNRPONzKuUvWE+P9JxGZVxrtzm6BAYMaL50FFuPe0oWMQ==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.8.0.tgz",
+      "integrity": "sha512-aiItwP48BiGpMFS9Znjo/xCNQVwTQVcRKkFKsO81m8exrGjHkCBDvm9PHay2kpa8RPnZzzKcD1iQ9KaLY4fPQQ==",
      "cpu": [
        "arm64"
      ],
@ -3284,9 +3188,9 @@
      ]
    },
    "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.14.3.tgz",
-      "integrity": "sha512-Od4vE6f6CTT53yM1jgcLqNfItTsLt5zE46fdPaEmeFHvPs5SjZYlLpHrSiHEKR1+HdRfxuzXHjDOIxQyC3ptBA==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.8.0.tgz",
+      "integrity": "sha512-zhNIS+L4ZYkYQUjIQUR6Zl0RXhbbA0huvNIWjmPc2SL0cB1h5Djkcy+RZ3/Bwszfb6vgwUvcVJYD6e6Zkpsi8g==",
      "cpu": [
        "arm64"
      ],
@ -3297,9 +3201,9 @@
      ]
    },
    "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.14.3.tgz",
-      "integrity": "sha512-0IMAO21axJeNIrvS9lSe/PGthc8ZUS+zC53O0VhF5gMxfmcKAP4ESkKOCwEi6u2asUrt4mQv2rjY8QseIEb1aw==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.8.0.tgz",
+      "integrity": "sha512-A/FAHFRNQYrELrb/JHncRWzTTXB2ticiRFztP4ggIUAfa9Up1qfW8aG2w/mN9jNiZ+HB0t0u0jpJgFXG6BfRTA==",
      "cpu": [
        "x64"
      ],
@ -3310,22 +3214,9 @@
      ]
    },
    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.14.3.tgz",
-      "integrity": "sha512-ge2DC7tHRHa3caVEoSbPRJpq7azhG+xYsd6u2MEnJ6XzPSzQsTKyXvh6iWjXRf7Rt9ykIUWHtl0Uz3T6yXPpKw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.14.3.tgz",
-      "integrity": "sha512-ljcuiDI4V3ySuc7eSk4lQ9wU8J8r8KrOUvB2U+TtK0TiW6OFDmJ+DdIjjwZHIw9CNxzbmXY39wwpzYuFDwNXuw==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.8.0.tgz",
+      "integrity": "sha512-JsidBnh3p2IJJA4/2xOF2puAYqbaczB3elZDT0qHxn362EIoIkq7hrR43Xa8RisgI6/WPfvb2umbGsuvf7E37A==",
      "cpu": [
        "arm"
      ],
@ -3336,9 +3227,9 @@
      ]
    },
    "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.14.3.tgz",
-      "integrity": "sha512-Eci2us9VTHm1eSyn5/eEpaC7eP/mp5n46gTRB3Aar3BgSvDQGJZuicyq6TsH4HngNBgVqC5sDYxOzTExSU+NjA==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.8.0.tgz",
+      "integrity": "sha512-hBNCnqw3EVCkaPB0Oqd24bv8SklETptQWcJz06kb9OtiShn9jK1VuTgi7o4zPSt6rNGWQOTDEAccbk0OqJmS+g==",
      "cpu": [
        "arm64"
      ],
@ -3349,9 +3240,9 @@
      ]
    },
    "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.14.3.tgz",
-      "integrity": "sha512-UrBoMLCq4E92/LCqlh+blpqMz5h1tJttPIniwUgOFJyjWI1qrtrDhhpHPuFxULlUmjFHfloWdixtDhSxJt5iKw==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.8.0.tgz",
+      "integrity": "sha512-Fw9ChYfJPdltvi9ALJ9wzdCdxGw4wtq4t1qY028b2O7GwB5qLNSGtqMsAel1lfWTZvf4b6/+4HKp0GlSYg0ahA==",
      "cpu": [
        "arm64"
      ],
@ -3361,23 +3252,10 @@
        "linux"
      ]
    },
-    "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.14.3.tgz",
-      "integrity": "sha512-5aRjvsS8q1nWN8AoRfrq5+9IflC3P1leMoy4r2WjXyFqf3qcqsxRCfxtZIV58tCxd+Yv7WELPcO9mY9aeQyAmw==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.14.3.tgz",
-      "integrity": "sha512-sk/Qh1j2/RJSX7FhEpJn8n0ndxy/uf0kI/9Zc4b1ELhqULVdTfN6HL31CDaTChiBAOgLcsJ1sgVZjWv8XNEsAQ==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.8.0.tgz",
+      "integrity": "sha512-BH5xIh7tOzS9yBi8dFrCTG8Z6iNIGWGltd3IpTSKp6+pNWWO6qy8eKoRxOtwFbMrid5NZaidLYN6rHh9aB8bEw==",
      "cpu": [
        "riscv64"
      ],
@ -3387,23 +3265,10 @@
        "linux"
      ]
    },
-    "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.14.3.tgz",
-      "integrity": "sha512-jOO/PEaDitOmY9TgkxF/TQIjXySQe5KVYB57H/8LRP/ux0ZoO8cSHCX17asMSv3ruwslXW/TLBcxyaUzGRHcqg==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
    "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.14.3.tgz",
-      "integrity": "sha512-8ybV4Xjy59xLMyWo3GCfEGqtKV5M5gCSrZlxkPGvEPCGDLNla7v48S662HSGwRd6/2cSneMQWiv+QzcttLrrOA==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.8.0.tgz",
+      "integrity": "sha512-PmvAj8k6EuWiyLbkNpd6BLv5XeYFpqWuRvRNRl80xVfpGXK/z6KYXmAgbI4ogz7uFiJxCnYcqyvZVD0dgFog7Q==",
      "cpu": [
        "x64"
      ],
@ -3414,9 +3279,9 @@
      ]
    },
    "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.14.3.tgz",
-      "integrity": "sha512-s+xf1I46trOY10OqAtZ5Rm6lzHre/UiLA1J2uOhCFXWkbZrJRkYBPO6FhvGfHmdtQ3Bx793MNa7LvoWFAm93bg==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.8.0.tgz",
+      "integrity": "sha512-mdxnlW2QUzXwY+95TuxZ+CurrhgrPAMveDWI97EQlA9bfhR8tw3Pt7SUlc/eSlCNxlWktpmT//EAA8UfCHOyXg==",
      "cpu": [
        "x64"
      ],
@ -3427,9 +3292,9 @@
      ]
    },
    "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.14.3.tgz",
-      "integrity": "sha512-+4h2WrGOYsOumDQ5S2sYNyhVfrue+9tc9XcLWLh+Kw3UOxAvrfOrSMFon60KspcDdytkNDh7K2Vs6eMaYImAZg==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.8.0.tgz",
+      "integrity": "sha512-ge7saUz38aesM4MA7Cad8CHo0Fyd1+qTaqoIo+Jtk+ipBi4ATSrHWov9/S4u5pbEQmLjgUjB7BJt+MiKG2kzmA==",
      "cpu": [
        "arm64"
      ],
@ -3440,9 +3305,9 @@
      ]
    },
    "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.14.3.tgz",
-      "integrity": "sha512-T1l7y/bCeL/kUwh9OD4PQT4aM7Bq43vX05htPJJ46RTI4r5KNt6qJRzAfNfM+OYMNEVBWQzR2Gyk+FXLZfogGw==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.8.0.tgz",
+      "integrity": "sha512-p9E3PZlzurhlsN5h9g7zIP1DnqKXJe8ZUkFwAazqSvHuWfihlIISPxG9hCHCoA+dOOspL/c7ty1eeEVFTE0UTw==",
      "cpu": [
        "ia32"
      ],
@ -3453,9 +3318,9 @@
      ]
    },
    "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.14.3.tgz",
-      "integrity": "sha512-/BypzV0H1y1HzgYpxqRaXGBRqfodgoBBCcsrujT6QRcakDQdfU+Lq9PENPh5jB4I44YWq+0C2eHsHya+nZY1sA==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.8.0.tgz",
+      "integrity": "sha512-kb4/auKXkYKqlUYTE8s40FcJIj5soOyRLHKd4ugR0dCq0G2EfcF54eYcfQiGkHzjidZ40daB4ulsFdtqNKZtBg==",
      "cpu": [
        "x64"
      ],
@ -4644,15 +4509,6 @@
        "@types/lodash": "*"
      }
    },
-    "node_modules/@types/long": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@types/long/-/long-5.0.0.tgz",
-      "integrity": "sha512-eQs9RsucA/LNjnMoJvWG/nXa7Pot/RbBzilF/QRIU/xRl+0ApxrSUFsV5lmf01SvSlqMzJ7Zwxe440wmz2SJGA==",
-      "deprecated": "This is a stub types definition. long provides its own type definitions, so you do not need this installed.",
-      "dependencies": {
-        "long": "*"
-      }
-    },
    "node_modules/@types/mime": {
      "version": "1.3.5",
      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz",
@ -5401,14 +5257,6 @@
        "node": ">=0.4.0"
      }
    },
-    "node_modules/adm-zip": {
-      "version": "0.5.12",
-      "resolved": "https://registry.npmjs.org/adm-zip/-/adm-zip-0.5.12.tgz",
-      "integrity": "sha512-6TVU49mK6KZb4qG6xWaaM4C7sA/sgUMLy/JYMOzkcp3BvVLpW0fXDFQiIzAuxFCt/2+xD7fNIiPFAoLZPhVNLQ==",
-      "engines": {
-        "node": ">=6.0"
-      }
-    },
    "node_modules/agent-base": {
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
@ -6068,12 +5916,12 @@
      }
    },
    "node_modules/body-parser": {
-      "version": "1.20.2",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
-      "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
+      "version": "1.20.1",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
      "dependencies": {
        "bytes": "3.1.2",
-        "content-type": "~1.0.5",
+        "content-type": "~1.0.4",
        "debug": "2.6.9",
        "depd": "2.0.0",
        "destroy": "1.2.0",
@ -6081,7 +5929,7 @@
        "iconv-lite": "0.4.24",
        "on-finished": "2.4.1",
        "qs": "6.11.0",
-        "raw-body": "2.5.2",
+        "raw-body": "2.5.1",
        "type-is": "~1.6.18",
        "unpipe": "1.0.0"
      },
@ -6286,20 +6134,6 @@
        "node": ">=6"
      }
    },
-    "node_modules/cassandra-driver": {
-      "version": "4.7.2",
-      "resolved": "https://registry.npmjs.org/cassandra-driver/-/cassandra-driver-4.7.2.tgz",
-      "integrity": "sha512-gwl1DeYvL8Wy3i1GDMzFtpUg5G473fU7EnHFZj7BUtdLB7loAfgZgB3zBhROc9fbaDSUDs6YwOPPojS5E1kbSA==",
-      "dependencies": {
-        "@types/long": "~5.0.0",
-        "@types/node": ">=8",
-        "adm-zip": "~0.5.10",
-        "long": "~5.2.3"
-      },
-      "engines": {
-        "node": ">=16"
-      }
-    },
    "node_modules/chai": {
      "version": "4.4.1",
      "resolved": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz",
@ -7545,16 +7379,16 @@
      }
    },
    "node_modules/express": {
-      "version": "4.19.2",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz",
-      "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==",
+      "version": "4.18.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
+      "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
      "dependencies": {
        "accepts": "~1.3.8",
        "array-flatten": "1.1.1",
-        "body-parser": "1.20.2",
+        "body-parser": "1.20.1",
        "content-disposition": "0.5.4",
        "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.5.0",
        "cookie-signature": "1.0.6",
        "debug": "2.6.9",
        "depd": "2.0.0",
@ -7585,14 +7419,6 @@
        "node": ">= 0.10.0"
      }
    },
-    "node_modules/express/node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
    "node_modules/express/node_modules/cookie-signature": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@ -7923,9 +7749,9 @@
      "dev": true
    },
    "node_modules/follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
+      "version": "1.15.4",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.4.tgz",
+      "integrity": "sha512-Cr4D/5wlrb0z9dgERpUL3LrmPKVDsETIJhaCMeDfuFYcqa5bldGV6wBsAN6X/vxlXQtFBMrXdXxdL8CbDTGniw==",
      "funding": [
        {
          "type": "individual",
@ -9382,7 +9208,15 @@
        "node": ">=0.8.0"
      }
    },
-    "node_modules/ldapauth-fork/node_modules/ldapjs": {
+    "node_modules/ldapauth-fork/node_modules/lru-cache": {
+      "version": "7.18.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
+      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/ldapjs": {
      "version": "2.3.3",
      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.3.tgz",
      "integrity": "sha512-75QiiLJV/PQqtpH+HGls44dXweviFwQ6SiIK27EqzKQ5jU/7UFrl2E5nLdQ3IYRBzJ/AVFJI66u0MZ0uofKYwg==",
@ -9400,35 +9234,6 @@
        "node": ">=10.13.0"
      }
    },
-    "node_modules/ldapauth-fork/node_modules/lru-cache": {
-      "version": "7.18.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
-      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
-      "engines": {
-        "node": ">=12"
-      }
-    },
-    "node_modules/ldapjs": {
-      "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-3.0.7.tgz",
-      "integrity": "sha512-1ky+WrN+4CFMuoekUOv7Y1037XWdjKpu0xAPwSP+9KdvmV9PG+qOKlssDV6a+U32apwxdD3is/BZcWOYzN30cg==",
-      "dependencies": {
-        "@ldapjs/asn1": "^2.0.0",
-        "@ldapjs/attribute": "^1.0.0",
-        "@ldapjs/change": "^1.0.0",
-        "@ldapjs/controls": "^2.1.0",
-        "@ldapjs/dn": "^1.1.0",
-        "@ldapjs/filter": "^2.1.1",
-        "@ldapjs/messages": "^1.3.0",
-        "@ldapjs/protocol": "^1.2.1",
-        "abstract-logging": "^2.0.1",
-        "assert-plus": "^1.0.0",
-        "backoff": "^2.5.0",
-        "once": "^1.4.0",
-        "vasync": "^2.2.1",
-        "verror": "^1.10.1"
-      }
-    },
    "node_modules/leven": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz",
@ -9954,9 +9759,9 @@
      }
    },
    "node_modules/mysql2": {
-      "version": "3.9.4",
-      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.4.tgz",
-      "integrity": "sha512-OEESQuwxMza803knC1YSt7NMuc1BrK9j7gZhCSs2WAyxr1vfiI7QLaLOKTh5c9SWGz98qVyQUbK8/WckevNQhg==",
+      "version": "3.9.1",
+      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.1.tgz",
+      "integrity": "sha512-3njoWAAhGBYy0tWBabqUQcLtczZUxrmmtc2vszQUekg3kTJyZ5/IeLC3Fo04u6y6Iy5Sba7pIIa2P/gs8D3ZeQ==",
      "dependencies": {
        "denque": "^2.1.0",
        "generate-function": "^2.3.1",
@ -10426,15 +10231,6 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
-    "node_modules/oracledb": {
-      "version": "6.4.0",
-      "resolved": "https://registry.npmjs.org/oracledb/-/oracledb-6.4.0.tgz",
-      "integrity": "sha512-TJI08qzQlf/l7T49VojP9BoQpjEr14NXZmpSzzcLrbNs7qSl0QA/Mc9gGiEdkg5WmwH0wqUjtMC7jlf1WamlYA==",
-      "hasInstallScript": true,
-      "engines": {
-        "node": ">=14.6"
-      }
-    },
    "node_modules/p-limit": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
@ -11022,9 +10818,9 @@
      }
    },
    "node_modules/postcss": {
-      "version": "8.4.38",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
-      "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==",
+      "version": "8.4.32",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.32.tgz",
+      "integrity": "sha512-D/kj5JNu6oo2EIy+XL/26JEDTlIbB8hw85G8StOE6L74RQAVVP5rej6wxCNqyMbR4RkPfqvezVbPw81Ngd6Kcw==",
      "dev": true,
      "funding": [
        {
@ -11043,7 +10839,7 @@
      "dependencies": {
        "nanoid": "^3.3.7",
        "picocolors": "^1.0.0",
-        "source-map-js": "^1.2.0"
+        "source-map-js": "^1.0.2"
      },
      "engines": {
        "node": "^10 || ^12 || >=14"
@ -11438,9 +11234,9 @@
      }
    },
    "node_modules/raw-body": {
-      "version": "2.5.2",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
-      "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
      "dependencies": {
        "bytes": "3.1.2",
        "http-errors": "2.0.0",
@ -11715,13 +11511,10 @@
      }
    },
    "node_modules/rollup": {
-      "version": "4.14.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.14.3.tgz",
-      "integrity": "sha512-ag5tTQKYsj1bhrFC9+OEWqb5O6VYgtQDO9hPDBMmIbePwhfSr+ExlcU741t8Dhw5DkPCQf6noz0jb36D6W9/hw==",
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.8.0.tgz",
+      "integrity": "sha512-NpsklK2fach5CdI+PScmlE5R4Ao/FSWtF7LkoIrHDxPACY/xshNasPsbpG0VVHxUTbf74tJbVT4PrP8JsJ6ZDA==",
      "dev": true,
-      "dependencies": {
-        "@types/estree": "1.0.5"
-      },
      "bin": {
        "rollup": "dist/bin/rollup"
      },
@ -11730,22 +11523,19 @@
        "npm": ">=8.0.0"
      },
      "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.14.3",
-        "@rollup/rollup-android-arm64": "4.14.3",
-        "@rollup/rollup-darwin-arm64": "4.14.3",
-        "@rollup/rollup-darwin-x64": "4.14.3",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.14.3",
-        "@rollup/rollup-linux-arm-musleabihf": "4.14.3",
-        "@rollup/rollup-linux-arm64-gnu": "4.14.3",
-        "@rollup/rollup-linux-arm64-musl": "4.14.3",
-        "@rollup/rollup-linux-powerpc64le-gnu": "4.14.3",
-        "@rollup/rollup-linux-riscv64-gnu": "4.14.3",
-        "@rollup/rollup-linux-s390x-gnu": "4.14.3",
-        "@rollup/rollup-linux-x64-gnu": "4.14.3",
-        "@rollup/rollup-linux-x64-musl": "4.14.3",
-        "@rollup/rollup-win32-arm64-msvc": "4.14.3",
-        "@rollup/rollup-win32-ia32-msvc": "4.14.3",
-        "@rollup/rollup-win32-x64-msvc": "4.14.3",
+        "@rollup/rollup-android-arm-eabi": "4.8.0",
+        "@rollup/rollup-android-arm64": "4.8.0",
+        "@rollup/rollup-darwin-arm64": "4.8.0",
+        "@rollup/rollup-darwin-x64": "4.8.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.8.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.8.0",
+        "@rollup/rollup-linux-arm64-musl": "4.8.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.8.0",
+        "@rollup/rollup-linux-x64-gnu": "4.8.0",
+        "@rollup/rollup-linux-x64-musl": "4.8.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.8.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.8.0",
+        "@rollup/rollup-win32-x64-msvc": "4.8.0",
        "fsevents": "~2.3.2"
      }
    },
@ -12097,9 +11887,9 @@
      }
    },
    "node_modules/source-map-js": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz",
-      "integrity": "sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz",
+      "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
@ -12459,9 +12249,9 @@
      }
    },
    "node_modules/tar": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
-      "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.0.tgz",
+      "integrity": "sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==",
      "dependencies": {
        "chownr": "^2.0.0",
        "fs-minipass": "^2.0.0",
@ -13657,14 +13447,14 @@
      }
    },
    "node_modules/vite": {
-      "version": "5.2.9",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-5.2.9.tgz",
-      "integrity": "sha512-uOQWfuZBlc6Y3W/DTuQ1Sr+oIXWvqljLvS881SVmAj00d5RdgShLcuXWxseWPd4HXwiYBFW/vXHfKFeqj9uQnw==",
+      "version": "5.0.12",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-5.0.12.tgz",
+      "integrity": "sha512-4hsnEkG3q0N4Tzf1+t6NdN9dg/L3BM+q8SWgbSPnJvrgH2kgdyzfVJwbR1ic69/4uMJJ/3dqDZZE5/WwqW8U1w==",
      "dev": true,
      "dependencies": {
-        "esbuild": "^0.20.1",
-        "postcss": "^8.4.38",
-        "rollup": "^4.13.0"
+        "esbuild": "^0.19.3",
+        "postcss": "^8.4.32",
+        "rollup": "^4.2.0"
      },
      "bin": {
        "vite": "bin/vite.js"
@ -13799,9 +13589,9 @@
      "dev": true
    },
    "node_modules/vite/node_modules/@esbuild/android-arm": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.20.2.tgz",
-      "integrity": "sha512-t98Ra6pw2VaDhqNWO2Oph2LXbz/EJcnLmKLGBJwEwXX/JAN83Fym1rU8l0JUWK6HkIbWONCSSatf4sf2NBRx/w==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.19.9.tgz",
+      "integrity": "sha512-jkYjjq7SdsWuNI6b5quymW0oC83NN5FdRPuCbs9HZ02mfVdAP8B8eeqLSYU3gb6OJEaY5CQabtTFbqBf26H3GA==",
      "cpu": [
        "arm"
      ],
@ -13815,9 +13605,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/android-arm64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.20.2.tgz",
-      "integrity": "sha512-mRzjLacRtl/tWU0SvD8lUEwb61yP9cqQo6noDZP/O8VkwafSYwZ4yWy24kan8jE/IMERpYncRt2dw438LP3Xmg==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.19.9.tgz",
+      "integrity": "sha512-q4cR+6ZD0938R19MyEW3jEsMzbb/1rulLXiNAJQADD/XYp7pT+rOS5JGxvpRW8dFDEfjW4wLgC/3FXIw4zYglQ==",
      "cpu": [
        "arm64"
      ],
@ -13831,9 +13621,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/android-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.20.2.tgz",
-      "integrity": "sha512-btzExgV+/lMGDDa194CcUQm53ncxzeBrWJcncOBxuC6ndBkKxnHdFJn86mCIgTELsooUmwUm9FkhSp5HYu00Rg==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.19.9.tgz",
+      "integrity": "sha512-KOqoPntWAH6ZxDwx1D6mRntIgZh9KodzgNOy5Ebt9ghzffOk9X2c1sPwtM9P+0eXbefnDhqYfkh5PLP5ULtWFA==",
      "cpu": [
        "x64"
      ],
@ -13847,9 +13637,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/darwin-arm64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.20.2.tgz",
-      "integrity": "sha512-4J6IRT+10J3aJH3l1yzEg9y3wkTDgDk7TSDFX+wKFiWjqWp/iCfLIYzGyasx9l0SAFPT1HwSCR+0w/h1ES/MjA==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.19.9.tgz",
+      "integrity": "sha512-KBJ9S0AFyLVx2E5D8W0vExqRW01WqRtczUZ8NRu+Pi+87opZn5tL4Y0xT0mA4FtHctd0ZgwNoN639fUUGlNIWw==",
      "cpu": [
        "arm64"
      ],
@ -13863,9 +13653,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/darwin-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.20.2.tgz",
-      "integrity": "sha512-tBcXp9KNphnNH0dfhv8KYkZhjc+H3XBkF5DKtswJblV7KlT9EI2+jeA8DgBjp908WEuYll6pF+UStUCfEpdysA==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.19.9.tgz",
+      "integrity": "sha512-vE0VotmNTQaTdX0Q9dOHmMTao6ObjyPm58CHZr1UK7qpNleQyxlFlNCaHsHx6Uqv86VgPmR4o2wdNq3dP1qyDQ==",
      "cpu": [
        "x64"
      ],
@ -13879,9 +13669,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.20.2.tgz",
-      "integrity": "sha512-d3qI41G4SuLiCGCFGUrKsSeTXyWG6yem1KcGZVS+3FYlYhtNoNgYrWcvkOoaqMhwXSMrZRl69ArHsGJ9mYdbbw==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.19.9.tgz",
+      "integrity": "sha512-uFQyd/o1IjiEk3rUHSwUKkqZwqdvuD8GevWF065eqgYfexcVkxh+IJgwTaGZVu59XczZGcN/YMh9uF1fWD8j1g==",
      "cpu": [
        "arm64"
      ],
@ -13895,9 +13685,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/freebsd-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.20.2.tgz",
-      "integrity": "sha512-d+DipyvHRuqEeM5zDivKV1KuXn9WeRX6vqSqIDgwIfPQtwMP4jaDsQsDncjTDDsExT4lR/91OLjRo8bmC1e+Cw==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.19.9.tgz",
+      "integrity": "sha512-WMLgWAtkdTbTu1AWacY7uoj/YtHthgqrqhf1OaEWnZb7PQgpt8eaA/F3LkV0E6K/Lc0cUr/uaVP/49iE4M4asA==",
      "cpu": [
        "x64"
      ],
@ -13911,9 +13701,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-arm": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.20.2.tgz",
-      "integrity": "sha512-VhLPeR8HTMPccbuWWcEUD1Az68TqaTYyj6nfE4QByZIQEQVWBB8vup8PpR7y1QHL3CpcF6xd5WVBU/+SBEvGTg==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.19.9.tgz",
+      "integrity": "sha512-C/ChPohUYoyUaqn1h17m/6yt6OB14hbXvT8EgM1ZWaiiTYz7nWZR0SYmMnB5BzQA4GXl3BgBO1l8MYqL/He3qw==",
      "cpu": [
        "arm"
      ],
@ -13927,9 +13717,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-arm64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.20.2.tgz",
-      "integrity": "sha512-9pb6rBjGvTFNira2FLIWqDk/uaf42sSyLE8j1rnUpuzsODBq7FvpwHYZxQ/It/8b+QOS1RYfqgGFNLRI+qlq2A==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.19.9.tgz",
+      "integrity": "sha512-PiPblfe1BjK7WDAKR1Cr9O7VVPqVNpwFcPWgfn4xu0eMemzRp442hXyzF/fSwgrufI66FpHOEJk0yYdPInsmyQ==",
      "cpu": [
        "arm64"
      ],
@ -13943,9 +13733,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-ia32": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.20.2.tgz",
-      "integrity": "sha512-o10utieEkNPFDZFQm9CoP7Tvb33UutoJqg3qKf1PWVeeJhJw0Q347PxMvBgVVFgouYLGIhFYG0UGdBumROyiig==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.19.9.tgz",
+      "integrity": "sha512-f37i/0zE0MjDxijkPSQw1CO/7C27Eojqb+r3BbHVxMLkj8GCa78TrBZzvPyA/FNLUMzP3eyHCVkAopkKVja+6Q==",
      "cpu": [
        "ia32"
      ],
@ -13959,9 +13749,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-loong64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.20.2.tgz",
-      "integrity": "sha512-PR7sp6R/UC4CFVomVINKJ80pMFlfDfMQMYynX7t1tNTeivQ6XdX5r2XovMmha/VjR1YN/HgHWsVcTRIMkymrgQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.19.9.tgz",
+      "integrity": "sha512-t6mN147pUIf3t6wUt3FeumoOTPfmv9Cc6DQlsVBpB7eCpLOqQDyWBP1ymXn1lDw4fNUSb/gBcKAmvTP49oIkaA==",
      "cpu": [
        "loong64"
      ],
@ -13975,9 +13765,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-mips64el": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.20.2.tgz",
-      "integrity": "sha512-4BlTqeutE/KnOiTG5Y6Sb/Hw6hsBOZapOVF6njAESHInhlQAghVVZL1ZpIctBOoTFbQyGW+LsVYZ8lSSB3wkjA==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.19.9.tgz",
+      "integrity": "sha512-jg9fujJTNTQBuDXdmAg1eeJUL4Jds7BklOTkkH80ZgQIoCTdQrDaHYgbFZyeTq8zbY+axgptncko3v9p5hLZtw==",
      "cpu": [
        "mips64el"
      ],
@ -13991,9 +13781,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-ppc64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.20.2.tgz",
-      "integrity": "sha512-rD3KsaDprDcfajSKdn25ooz5J5/fWBylaaXkuotBDGnMnDP1Uv5DLAN/45qfnf3JDYyJv/ytGHQaziHUdyzaAg==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.19.9.tgz",
+      "integrity": "sha512-tkV0xUX0pUUgY4ha7z5BbDS85uI7ABw3V1d0RNTii7E9lbmV8Z37Pup2tsLV46SQWzjOeyDi1Q7Wx2+QM8WaCQ==",
      "cpu": [
        "ppc64"
      ],
@ -14007,9 +13797,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-riscv64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.20.2.tgz",
-      "integrity": "sha512-snwmBKacKmwTMmhLlz/3aH1Q9T8v45bKYGE3j26TsaOVtjIag4wLfWSiZykXzXuE1kbCE+zJRmwp+ZbIHinnVg==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.19.9.tgz",
+      "integrity": "sha512-DfLp8dj91cufgPZDXr9p3FoR++m3ZJ6uIXsXrIvJdOjXVREtXuQCjfMfvmc3LScAVmLjcfloyVtpn43D56JFHg==",
      "cpu": [
        "riscv64"
      ],
@ -14023,9 +13813,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-s390x": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.20.2.tgz",
-      "integrity": "sha512-wcWISOobRWNm3cezm5HOZcYz1sKoHLd8VL1dl309DiixxVFoFe/o8HnwuIwn6sXre88Nwj+VwZUvJf4AFxkyrQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.19.9.tgz",
+      "integrity": "sha512-zHbglfEdC88KMgCWpOl/zc6dDYJvWGLiUtmPRsr1OgCViu3z5GncvNVdf+6/56O2Ca8jUU+t1BW261V6kp8qdw==",
      "cpu": [
        "s390x"
      ],
@ -14039,9 +13829,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/linux-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.20.2.tgz",
-      "integrity": "sha512-1MdwI6OOTsfQfek8sLwgyjOXAu+wKhLEoaOLTjbijk6E2WONYpH9ZU2mNtR+lZ2B4uwr+usqGuVfFT9tMtGvGw==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.19.9.tgz",
+      "integrity": "sha512-JUjpystGFFmNrEHQnIVG8hKwvA2DN5o7RqiO1CVX8EN/F/gkCjkUMgVn6hzScpwnJtl2mPR6I9XV1oW8k9O+0A==",
      "cpu": [
        "x64"
      ],
@ -14055,9 +13845,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/netbsd-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.20.2.tgz",
-      "integrity": "sha512-K8/DhBxcVQkzYc43yJXDSyjlFeHQJBiowJ0uVL6Tor3jGQfSGHNNJcWxNbOI8v5k82prYqzPuwkzHt3J1T1iZQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.19.9.tgz",
+      "integrity": "sha512-GThgZPAwOBOsheA2RUlW5UeroRfESwMq/guy8uEe3wJlAOjpOXuSevLRd70NZ37ZrpO6RHGHgEHvPg1h3S1Jug==",
      "cpu": [
        "x64"
      ],
@ -14071,9 +13861,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/openbsd-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.20.2.tgz",
-      "integrity": "sha512-eMpKlV0SThJmmJgiVyN9jTPJ2VBPquf6Kt/nAoo6DgHAoN57K15ZghiHaMvqjCye/uU4X5u3YSMgVBI1h3vKrQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.19.9.tgz",
+      "integrity": "sha512-Ki6PlzppaFVbLnD8PtlVQfsYw4S9n3eQl87cqgeIw+O3sRr9IghpfSKY62mggdt1yCSZ8QWvTZ9jo9fjDSg9uw==",
      "cpu": [
        "x64"
      ],
@ -14087,9 +13877,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/sunos-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.20.2.tgz",
-      "integrity": "sha512-2UyFtRC6cXLyejf/YEld4Hajo7UHILetzE1vsRcGL3earZEW77JxrFjH4Ez2qaTiEfMgAXxfAZCm1fvM/G/o8w==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.19.9.tgz",
+      "integrity": "sha512-MLHj7k9hWh4y1ddkBpvRj2b9NCBhfgBt3VpWbHQnXRedVun/hC7sIyTGDGTfsGuXo4ebik2+3ShjcPbhtFwWDw==",
      "cpu": [
        "x64"
      ],
@ -14103,9 +13893,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/win32-arm64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.20.2.tgz",
-      "integrity": "sha512-GRibxoawM9ZCnDxnP3usoUDO9vUkpAxIIZ6GQI+IlVmr5kP3zUq+l17xELTHMWTWzjxa2guPNyrpq1GWmPvcGQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.19.9.tgz",
+      "integrity": "sha512-GQoa6OrQ8G08guMFgeXPH7yE/8Dt0IfOGWJSfSH4uafwdC7rWwrfE6P9N8AtPGIjUzdo2+7bN8Xo3qC578olhg==",
      "cpu": [
        "arm64"
      ],
@ -14119,9 +13909,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/win32-ia32": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.20.2.tgz",
-      "integrity": "sha512-HfLOfn9YWmkSKRQqovpnITazdtquEW8/SoHW7pWpuEeguaZI4QnCRW6b+oZTztdBnZOS2hqJ6im/D5cPzBTTlQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.19.9.tgz",
+      "integrity": "sha512-UOozV7Ntykvr5tSOlGCrqU3NBr3d8JqPes0QWN2WOXfvkWVGRajC+Ym0/Wj88fUgecUCLDdJPDF0Nna2UK3Qtg==",
      "cpu": [
        "ia32"
      ],
@ -14135,9 +13925,9 @@
      }
    },
    "node_modules/vite/node_modules/@esbuild/win32-x64": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.20.2.tgz",
-      "integrity": "sha512-N49X4lJX27+l9jbLKSqZ6bKNjzQvHaT8IIFUy+YIqmXQdjYCToGWwOItDrfby14c78aDd5NHQl29xingXfCdLQ==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.19.9.tgz",
+      "integrity": "sha512-oxoQgglOP7RH6iasDrhY+R/3cHrfwIDvRlT4CGChflq6twk8iENeVvMJjmvBb94Ik1Z+93iGO27err7w6l54GQ==",
      "cpu": [
        "x64"
      ],
@ -14151,9 +13941,9 @@
      }
    },
    "node_modules/vite/node_modules/esbuild": {
-      "version": "0.20.2",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.20.2.tgz",
-      "integrity": "sha512-WdOOppmUNU+IbZ0PaDiTst80zjnrOkyJNHoKupIcVyU8Lvla3Ugx94VzkQ32Ijqd7UhHJy75gNWDMUekcrSJ6g==",
+      "version": "0.19.9",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.19.9.tgz",
+      "integrity": "sha512-U9CHtKSy+EpPsEBa+/A2gMs/h3ylBC0H0KSqIg7tpztHerLi6nrrcoUJAkNCEPumx8yJ+Byic4BVwHgRbN0TBg==",
      "dev": true,
      "hasInstallScript": true,
      "bin": {
@ -14163,29 +13953,28 @@
        "node": ">=12"
      },
      "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.20.2",
-        "@esbuild/android-arm": "0.20.2",
-        "@esbuild/android-arm64": "0.20.2",
-        "@esbuild/android-x64": "0.20.2",
-        "@esbuild/darwin-arm64": "0.20.2",
-        "@esbuild/darwin-x64": "0.20.2",
-        "@esbuild/freebsd-arm64": "0.20.2",
-        "@esbuild/freebsd-x64": "0.20.2",
-        "@esbuild/linux-arm": "0.20.2",
-        "@esbuild/linux-arm64": "0.20.2",
-        "@esbuild/linux-ia32": "0.20.2",
-        "@esbuild/linux-loong64": "0.20.2",
-        "@esbuild/linux-mips64el": "0.20.2",
-        "@esbuild/linux-ppc64": "0.20.2",
-        "@esbuild/linux-riscv64": "0.20.2",
-        "@esbuild/linux-s390x": "0.20.2",
-        "@esbuild/linux-x64": "0.20.2",
-        "@esbuild/netbsd-x64": "0.20.2",
-        "@esbuild/openbsd-x64": "0.20.2",
-        "@esbuild/sunos-x64": "0.20.2",
-        "@esbuild/win32-arm64": "0.20.2",
-        "@esbuild/win32-ia32": "0.20.2",
-        "@esbuild/win32-x64": "0.20.2"
+        "@esbuild/android-arm": "0.19.9",
+        "@esbuild/android-arm64": "0.19.9",
+        "@esbuild/android-x64": "0.19.9",
+        "@esbuild/darwin-arm64": "0.19.9",
+        "@esbuild/darwin-x64": "0.19.9",
+        "@esbuild/freebsd-arm64": "0.19.9",
+        "@esbuild/freebsd-x64": "0.19.9",
+        "@esbuild/linux-arm": "0.19.9",
+        "@esbuild/linux-arm64": "0.19.9",
+        "@esbuild/linux-ia32": "0.19.9",
+        "@esbuild/linux-loong64": "0.19.9",
+        "@esbuild/linux-mips64el": "0.19.9",
+        "@esbuild/linux-ppc64": "0.19.9",
+        "@esbuild/linux-riscv64": "0.19.9",
+        "@esbuild/linux-s390x": "0.19.9",
+        "@esbuild/linux-x64": "0.19.9",
+        "@esbuild/netbsd-x64": "0.19.9",
+        "@esbuild/openbsd-x64": "0.19.9",
+        "@esbuild/sunos-x64": "0.19.9",
+        "@esbuild/win32-arm64": "0.19.9",
+        "@esbuild/win32-ia32": "0.19.9",
+        "@esbuild/win32-x64": "0.19.9"
      }
    },
    "node_modules/vitest": {
--- a/backend/package.json
+++ b/backend/package.json
@ -96,7 +96,6 @@
    "axios-retry": "^4.0.0",
    "bcrypt": "^5.1.1",
    "bullmq": "^5.3.3",
-    "cassandra-driver": "^4.7.2",
    "dotenv": "^16.4.1",
    "fastify": "^4.26.0",
    "fastify-plugin": "^4.5.1",
@ -106,15 +105,13 @@
    "jsonwebtoken": "^9.0.2",
    "jsrp": "^0.2.4",
    "knex": "^3.0.1",
-    "ldapjs": "^3.0.7",
    "libsodium-wrappers": "^0.7.13",
    "lodash.isequal": "^4.5.0",
    "ms": "^2.1.3",
-    "mysql2": "^3.9.7",
+    "mysql2": "^3.9.1",
    "nanoid": "^5.0.4",
    "nodemailer": "^6.9.9",
    "ora": "^7.0.1",
-    "oracledb": "^6.4.0",
    "passport-github": "^1.1.0",
    "passport-gitlab2": "^5.0.0",
    "passport-google-oauth20": "^2.0.0",
--- a/backend/scripts/create-backend-file.ts
+++ b/backend/scripts/create-backend-file.ts
@ -103,15 +103,11 @@ export const ${dalName} = (db: TDbClient) => {
    `import { z } from "zod";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { readLimit } from "@app/server/config/rateLimiter";

 export const register${pascalCase}Router = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({}),
      response: {
--- a/backend/scripts/create-migration.ts
+++ b/backend/scripts/create-migration.ts
@ -7,10 +7,10 @@ const prompt = promptSync({ sigint: true });

 const migrationName = prompt("Enter name for migration: ");

-// Remove spaces from migration name and replace with hyphens
-const formattedMigrationName = migrationName.replace(/\s+/g, "-");
-
 execSync(
-  `npx knex migrate:make --knexfile ${path.join(__dirname, "../src/db/knexfile.ts")} -x ts ${formattedMigrationName}`,
+  `npx knex migrate:make --knexfile ${path.join(
+    __dirname,
+    "../src/db/knexfile.ts"
+  )} -x ts ${migrationName}`,
  { stdio: "inherit" }
 );
--- a/backend/src/@types/fastify.d.ts
+++ b/backend/src/@types/fastify.d.ts
@ -1,19 +1,11 @@
 import "fastify";

 import { TUsers } from "@app/db/schemas";
-import { TAccessApprovalPolicyServiceFactory } from "@app/ee/services/access-approval-policy/access-approval-policy-service";
-import { TAccessApprovalRequestServiceFactory } from "@app/ee/services/access-approval-request/access-approval-request-service";
 import { TAuditLogServiceFactory } from "@app/ee/services/audit-log/audit-log-service";
 import { TCreateAuditLogDTO } from "@app/ee/services/audit-log/audit-log-types";
-import { TAuditLogStreamServiceFactory } from "@app/ee/services/audit-log-stream/audit-log-stream-service";
-import { TDynamicSecretServiceFactory } from "@app/ee/services/dynamic-secret/dynamic-secret-service";
-import { TDynamicSecretLeaseServiceFactory } from "@app/ee/services/dynamic-secret-lease/dynamic-secret-lease-service";
-import { TGroupServiceFactory } from "@app/ee/services/group/group-service";
-import { TIdentityProjectAdditionalPrivilegeServiceFactory } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service";
 import { TLdapConfigServiceFactory } from "@app/ee/services/ldap-config/ldap-config-service";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { TProjectUserAdditionalPrivilegeServiceFactory } from "@app/ee/services/project-user-additional-privilege/project-user-additional-privilege-service";
 import { TSamlConfigServiceFactory } from "@app/ee/services/saml-config/saml-config-service";
 import { TScimServiceFactory } from "@app/ee/services/scim/scim-service";
 import { TSecretApprovalPolicyServiceFactory } from "@app/ee/services/secret-approval-policy/secret-approval-policy-service";
@ -27,9 +19,8 @@ import { TApiKeyServiceFactory } from "@app/services/api-key/api-key-service";
 import { TAuthLoginFactory } from "@app/services/auth/auth-login-service";
 import { TAuthPasswordFactory } from "@app/services/auth/auth-password-service";
 import { TAuthSignupFactory } from "@app/services/auth/auth-signup-service";
-import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";
+import { ActorType } from "@app/services/auth/auth-type";
 import { TAuthTokenServiceFactory } from "@app/services/auth-token/auth-token-service";
-import { TGroupProjectServiceFactory } from "@app/services/group-project/group-project-service";
 import { TIdentityServiceFactory } from "@app/services/identity/identity-service";
 import { TIdentityAccessTokenServiceFactory } from "@app/services/identity-access-token/identity-access-token-service";
 import { TIdentityProjectServiceFactory } from "@app/services/identity-project/identity-project-service";
@ -68,10 +59,9 @@ declare module "fastify" {
    // identity injection. depending on which kinda of token the information is filled in auth
    auth: TAuthMode;
    permission: {
-      authMethod: ActorAuthMethod;
      type: ActorType;
      id: string;
-      orgId: string;
+      orgId?: string;
    };
    // passport data
    passportUser: {
@ -94,8 +84,6 @@ declare module "fastify" {
      orgRole: TOrgRoleServiceFactory;
      superAdmin: TSuperAdminServiceFactory;
      user: TUserServiceFactory;
-      group: TGroupServiceFactory;
-      groupProject: TGroupProjectServiceFactory;
      apiKey: TApiKeyServiceFactory;
      project: TProjectServiceFactory;
      projectMembership: TProjectMembershipServiceFactory;
@ -115,8 +103,6 @@ declare module "fastify" {
      identityAccessToken: TIdentityAccessTokenServiceFactory;
      identityProject: TIdentityProjectServiceFactory;
      identityUa: TIdentityUaServiceFactory;
-      accessApprovalPolicy: TAccessApprovalPolicyServiceFactory;
-      accessApprovalRequest: TAccessApprovalRequestServiceFactory;
      secretApprovalPolicy: TSecretApprovalPolicyServiceFactory;
      secretApprovalRequest: TSecretApprovalRequestServiceFactory;
      secretRotation: TSecretRotationServiceFactory;
@ -125,16 +111,11 @@ declare module "fastify" {
      scim: TScimServiceFactory;
      ldap: TLdapConfigServiceFactory;
      auditLog: TAuditLogServiceFactory;
-      auditLogStream: TAuditLogStreamServiceFactory;
      secretScanning: TSecretScanningServiceFactory;
      license: TLicenseServiceFactory;
      trustedIp: TTrustedIpServiceFactory;
      secretBlindIndex: TSecretBlindIndexServiceFactory;
      telemetry: TTelemetryServiceFactory;
-      dynamicSecret: TDynamicSecretServiceFactory;
-      dynamicSecretLease: TDynamicSecretLeaseServiceFactory;
-      projectUserAdditionalPrivilege: TProjectUserAdditionalPrivilegeServiceFactory;
-      identityProjectAdditionalPrivilege: TIdentityProjectAdditionalPrivilegeServiceFactory;
    };
    // this is exclusive use for middlewares in which we need to inject data
    // everywhere else access using service layer
--- a/backend/src/@types/knex.d.ts
+++ b/backend/src/@types/knex.d.ts
@ -2,26 +2,11 @@ import { Knex } from "knex";

 import {
  TableName,
-  TAccessApprovalPolicies,
-  TAccessApprovalPoliciesApprovers,
-  TAccessApprovalPoliciesApproversInsert,
-  TAccessApprovalPoliciesApproversUpdate,
-  TAccessApprovalPoliciesInsert,
-  TAccessApprovalPoliciesUpdate,
-  TAccessApprovalRequests,
-  TAccessApprovalRequestsInsert,
-  TAccessApprovalRequestsReviewers,
-  TAccessApprovalRequestsReviewersInsert,
-  TAccessApprovalRequestsReviewersUpdate,
-  TAccessApprovalRequestsUpdate,
  TApiKeys,
  TApiKeysInsert,
  TApiKeysUpdate,
  TAuditLogs,
  TAuditLogsInsert,
-  TAuditLogStreams,
-  TAuditLogStreamsInsert,
-  TAuditLogStreamsUpdate,
  TAuditLogsUpdate,
  TAuthTokens,
  TAuthTokenSessions,
@ -32,27 +17,12 @@ import {
  TBackupPrivateKey,
  TBackupPrivateKeyInsert,
  TBackupPrivateKeyUpdate,
-  TDynamicSecretLeases,
-  TDynamicSecretLeasesInsert,
-  TDynamicSecretLeasesUpdate,
-  TDynamicSecrets,
-  TDynamicSecretsInsert,
-  TDynamicSecretsUpdate,
  TGitAppInstallSessions,
  TGitAppInstallSessionsInsert,
  TGitAppInstallSessionsUpdate,
  TGitAppOrg,
  TGitAppOrgInsert,
  TGitAppOrgUpdate,
-  TGroupProjectMembershipRoles,
-  TGroupProjectMembershipRolesInsert,
-  TGroupProjectMembershipRolesUpdate,
-  TGroupProjectMemberships,
-  TGroupProjectMembershipsInsert,
-  TGroupProjectMembershipsUpdate,
-  TGroups,
-  TGroupsInsert,
-  TGroupsUpdate,
  TIdentities,
  TIdentitiesInsert,
  TIdentitiesUpdate,
@ -62,9 +32,6 @@ import {
  TIdentityOrgMemberships,
  TIdentityOrgMembershipsInsert,
  TIdentityOrgMembershipsUpdate,
-  TIdentityProjectAdditionalPrivilege,
-  TIdentityProjectAdditionalPrivilegeInsert,
-  TIdentityProjectAdditionalPrivilegeUpdate,
  TIdentityProjectMembershipRole,
  TIdentityProjectMembershipRoleInsert,
  TIdentityProjectMembershipRoleUpdate,
@ -89,9 +56,6 @@ import {
  TLdapConfigs,
  TLdapConfigsInsert,
  TLdapConfigsUpdate,
-  TLdapGroupMaps,
-  TLdapGroupMapsInsert,
-  TLdapGroupMapsUpdate,
  TOrganizations,
  TOrganizationsInsert,
  TOrganizationsUpdate,
@ -122,9 +86,6 @@ import {
  TProjects,
  TProjectsInsert,
  TProjectsUpdate,
-  TProjectUserAdditionalPrivilege,
-  TProjectUserAdditionalPrivilegeInsert,
-  TProjectUserAdditionalPrivilegeUpdate,
  TProjectUserMembershipRoles,
  TProjectUserMembershipRolesInsert,
  TProjectUserMembershipRolesUpdate,
@ -215,9 +176,6 @@ import {
  TUserEncryptionKeys,
  TUserEncryptionKeysInsert,
  TUserEncryptionKeysUpdate,
-  TUserGroupMembership,
-  TUserGroupMembershipInsert,
-  TUserGroupMembershipUpdate,
  TUsers,
  TUsersInsert,
  TUsersUpdate,
@ -229,22 +187,6 @@ import {
 declare module "knex/types/tables" {
  interface Tables {
    [TableName.Users]: Knex.CompositeTableType<TUsers, TUsersInsert, TUsersUpdate>;
-    [TableName.Groups]: Knex.CompositeTableType<TGroups, TGroupsInsert, TGroupsUpdate>;
-    [TableName.UserGroupMembership]: Knex.CompositeTableType<
-      TUserGroupMembership,
-      TUserGroupMembershipInsert,
-      TUserGroupMembershipUpdate
-    >;
-    [TableName.GroupProjectMembership]: Knex.CompositeTableType<
-      TGroupProjectMemberships,
-      TGroupProjectMembershipsInsert,
-      TGroupProjectMembershipsUpdate
-    >;
-    [TableName.GroupProjectMembershipRole]: Knex.CompositeTableType<
-      TGroupProjectMembershipRoles,
-      TGroupProjectMembershipRolesInsert,
-      TGroupProjectMembershipRolesUpdate
-    >;
    [TableName.UserAliases]: Knex.CompositeTableType<TUserAliases, TUserAliasesInsert, TUserAliasesUpdate>;
    [TableName.UserEncryptionKey]: Knex.CompositeTableType<
      TUserEncryptionKeys,
@ -291,11 +233,6 @@ declare module "knex/types/tables" {
      TProjectUserMembershipRolesUpdate
    >;
    [TableName.ProjectRoles]: Knex.CompositeTableType<TProjectRoles, TProjectRolesInsert, TProjectRolesUpdate>;
-    [TableName.ProjectUserAdditionalPrivilege]: Knex.CompositeTableType<
-      TProjectUserAdditionalPrivilege,
-      TProjectUserAdditionalPrivilegeInsert,
-      TProjectUserAdditionalPrivilegeUpdate
-    >;
    [TableName.ProjectKeys]: Knex.CompositeTableType<TProjectKeys, TProjectKeysInsert, TProjectKeysUpdate>;
    [TableName.Secret]: Knex.CompositeTableType<TSecrets, TSecretsInsert, TSecretsUpdate>;
    [TableName.SecretBlindIndex]: Knex.CompositeTableType<
@ -351,36 +288,6 @@ declare module "knex/types/tables" {
      TIdentityProjectMembershipRoleInsert,
      TIdentityProjectMembershipRoleUpdate
    >;
-    [TableName.IdentityProjectAdditionalPrivilege]: Knex.CompositeTableType<
-      TIdentityProjectAdditionalPrivilege,
-      TIdentityProjectAdditionalPrivilegeInsert,
-      TIdentityProjectAdditionalPrivilegeUpdate
-    >;
-
-    [TableName.AccessApprovalPolicy]: Knex.CompositeTableType<
-      TAccessApprovalPolicies,
-      TAccessApprovalPoliciesInsert,
-      TAccessApprovalPoliciesUpdate
-    >;
-
-    [TableName.AccessApprovalPolicyApprover]: Knex.CompositeTableType<
-      TAccessApprovalPoliciesApprovers,
-      TAccessApprovalPoliciesApproversInsert,
-      TAccessApprovalPoliciesApproversUpdate
-    >;
-
-    [TableName.AccessApprovalRequest]: Knex.CompositeTableType<
-      TAccessApprovalRequests,
-      TAccessApprovalRequestsInsert,
-      TAccessApprovalRequestsUpdate
-    >;
-
-    [TableName.AccessApprovalRequestReviewer]: Knex.CompositeTableType<
-      TAccessApprovalRequestsReviewers,
-      TAccessApprovalRequestsReviewersInsert,
-      TAccessApprovalRequestsReviewersUpdate
-    >;
-
    [TableName.ScimToken]: Knex.CompositeTableType<TScimTokens, TScimTokensInsert, TScimTokensUpdate>;
    [TableName.SecretApprovalPolicy]: Knex.CompositeTableType<
      TSecretApprovalPolicies,
@ -433,22 +340,10 @@ declare module "knex/types/tables" {
      TSecretSnapshotFoldersInsert,
      TSecretSnapshotFoldersUpdate
    >;
-    [TableName.DynamicSecret]: Knex.CompositeTableType<TDynamicSecrets, TDynamicSecretsInsert, TDynamicSecretsUpdate>;
-    [TableName.DynamicSecretLease]: Knex.CompositeTableType<
-      TDynamicSecretLeases,
-      TDynamicSecretLeasesInsert,
-      TDynamicSecretLeasesUpdate
-    >;
    [TableName.SamlConfig]: Knex.CompositeTableType<TSamlConfigs, TSamlConfigsInsert, TSamlConfigsUpdate>;
    [TableName.LdapConfig]: Knex.CompositeTableType<TLdapConfigs, TLdapConfigsInsert, TLdapConfigsUpdate>;
-    [TableName.LdapGroupMap]: Knex.CompositeTableType<TLdapGroupMaps, TLdapGroupMapsInsert, TLdapGroupMapsUpdate>;
    [TableName.OrgBot]: Knex.CompositeTableType<TOrgBots, TOrgBotsInsert, TOrgBotsUpdate>;
    [TableName.AuditLog]: Knex.CompositeTableType<TAuditLogs, TAuditLogsInsert, TAuditLogsUpdate>;
-    [TableName.AuditLogStream]: Knex.CompositeTableType<
-      TAuditLogStreams,
-      TAuditLogStreamsInsert,
-      TAuditLogStreamsUpdate
-    >;
    [TableName.GitAppInstallSession]: Knex.CompositeTableType<
      TGitAppInstallSessions,
      TGitAppInstallSessionsInsert,
--- a/backend/src/db/migrations/20240318164718_dynamic-secret.ts
+++ b/backend/src/db/migrations/20240318164718_dynamic-secret.ts
@ -1,58 +0,0 @@
-import { Knex } from "knex";
-
-import { SecretEncryptionAlgo, SecretKeyEncoding, TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const doesTableExist = await knex.schema.hasTable(TableName.DynamicSecret);
-  if (!doesTableExist) {
-    await knex.schema.createTable(TableName.DynamicSecret, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.integer("version").notNullable();
-      t.string("type").notNullable();
-      t.string("defaultTTL").notNullable();
-      t.string("maxTTL");
-      t.string("inputIV").notNullable();
-      t.text("inputCiphertext").notNullable();
-      t.string("inputTag").notNullable();
-      t.string("algorithm").notNullable().defaultTo(SecretEncryptionAlgo.AES_256_GCM);
-      t.string("keyEncoding").notNullable().defaultTo(SecretKeyEncoding.UTF8);
-      t.uuid("folderId").notNullable();
-      // for background process communication
-      t.string("status");
-      t.string("statusDetails");
-      t.foreign("folderId").references("id").inTable(TableName.SecretFolder).onDelete("CASCADE");
-      t.unique(["name", "folderId"]);
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.DynamicSecret);
-
-  const doesTableDynamicSecretLease = await knex.schema.hasTable(TableName.DynamicSecretLease);
-  if (!doesTableDynamicSecretLease) {
-    await knex.schema.createTable(TableName.DynamicSecretLease, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("version").notNullable();
-      t.string("externalEntityId").notNullable();
-      t.datetime("expireAt").notNullable();
-      // for background process communication
-      t.string("status");
-      t.string("statusDetails");
-      t.uuid("dynamicSecretId").notNullable();
-      t.foreign("dynamicSecretId").references("id").inTable(TableName.DynamicSecret).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.DynamicSecretLease);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.DynamicSecretLease);
-  await knex.schema.dropTableIfExists(TableName.DynamicSecretLease);
-
-  await dropOnUpdateTrigger(knex, TableName.DynamicSecret);
-  await knex.schema.dropTableIfExists(TableName.DynamicSecret);
-}
--- a/backend/src/db/migrations/20240326172010_project-user-additional-privilege.ts
+++ b/backend/src/db/migrations/20240326172010_project-user-additional-privilege.ts
@ -1,29 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.ProjectUserAdditionalPrivilege))) {
-    await knex.schema.createTable(TableName.ProjectUserAdditionalPrivilege, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("slug", 60).notNullable();
-      t.uuid("projectMembershipId").notNullable();
-      t.foreign("projectMembershipId").references("id").inTable(TableName.ProjectMembership).onDelete("CASCADE");
-      t.boolean("isTemporary").notNullable().defaultTo(false);
-      t.string("temporaryMode");
-      t.string("temporaryRange"); // could be cron or relative time like 1H or 1minute etc
-      t.datetime("temporaryAccessStartTime");
-      t.datetime("temporaryAccessEndTime");
-      t.jsonb("permissions").notNullable();
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.ProjectUserAdditionalPrivilege);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.ProjectUserAdditionalPrivilege);
-  await knex.schema.dropTableIfExists(TableName.ProjectUserAdditionalPrivilege);
-}
--- a/backend/src/db/migrations/20240326172011_machine-identity-additional-privilege.ts
+++ b/backend/src/db/migrations/20240326172011_machine-identity-additional-privilege.ts
@ -1,32 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IdentityProjectAdditionalPrivilege))) {
-    await knex.schema.createTable(TableName.IdentityProjectAdditionalPrivilege, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("slug", 60).notNullable();
-      t.uuid("projectMembershipId").notNullable();
-      t.foreign("projectMembershipId")
-        .references("id")
-        .inTable(TableName.IdentityProjectMembership)
-        .onDelete("CASCADE");
-      t.boolean("isTemporary").notNullable().defaultTo(false);
-      t.string("temporaryMode");
-      t.string("temporaryRange"); // could be cron or relative time like 1H or 1minute etc
-      t.datetime("temporaryAccessStartTime");
-      t.datetime("temporaryAccessEndTime");
-      t.jsonb("permissions").notNullable();
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.IdentityProjectAdditionalPrivilege);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.IdentityProjectAdditionalPrivilege);
-  await knex.schema.dropTableIfExists(TableName.IdentityProjectAdditionalPrivilege);
-}
--- a/backend/src/db/migrations/20240330075120_org-memberships-unique-constraint.ts
+++ b/backend/src/db/migrations/20240330075120_org-memberships-unique-constraint.ts
@ -1,112 +0,0 @@
-import { Knex } from "knex";
-import { z } from "zod";
-
-import { TableName, TOrgMemberships } from "../schemas";
-
-const validateOrgMembership = (membershipToValidate: TOrgMemberships, firstMembership: TOrgMemberships) => {
-  const firstOrgId = firstMembership.orgId;
-  const firstUserId = firstMembership.userId;
-
-  if (membershipToValidate.id === firstMembership.id) {
-    return;
-  }
-
-  if (membershipToValidate.inviteEmail !== firstMembership.inviteEmail) {
-    throw new Error(`Invite emails are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-  if (membershipToValidate.orgId !== firstMembership.orgId) {
-    throw new Error(`OrgIds are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-  if (membershipToValidate.role !== firstMembership.role) {
-    throw new Error(`Roles are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-  if (membershipToValidate.roleId !== firstMembership.roleId) {
-    throw new Error(`RoleIds are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-  if (membershipToValidate.status !== firstMembership.status) {
-    throw new Error(`Statuses are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-  if (membershipToValidate.userId !== firstMembership.userId) {
-    throw new Error(`UserIds are different for the same userId and orgId: ${firstUserId}, ${firstOrgId}`);
-  }
-};
-
-export async function up(knex: Knex): Promise<void> {
-  const RowSchema = z.object({
-    userId: z.string(),
-    orgId: z.string(),
-    cnt: z.string()
-  });
-
-  // Transactional find and delete duplicate rows
-  await knex.transaction(async (tx) => {
-    const duplicateRows = await tx(TableName.OrgMembership)
-      .select("userId", "orgId") // Select the userId and orgId so we can group by them
-      .whereNotNull("userId") // Ensure that the userId is not null
-      .count("* as cnt") // Count the number of rows for each userId and orgId, so we can make sure there are more than 1 row (a duplicate)
-      .groupBy("userId", "orgId")
-      .havingRaw("count(*) > ?", [1]); // Using havingRaw for direct SQL expressions
-
-    // Parse the rows to ensure they are in the correct format, and for type safety
-    const parsedRows = RowSchema.array().parse(duplicateRows);
-
-    // For each of the duplicate rows, loop through and find the actual memberships to delete
-    for (const row of parsedRows) {
-      const count = Number(row.cnt);
-
-      // An extra check to ensure that the count is actually a number, and the number is greater than 2
-      if (typeof count !== "number" || count < 2) {
-        // eslint-disable-next-line no-continue
-        continue;
-      }
-
-      // Find all the organization memberships that have the same userId and orgId
-      // eslint-disable-next-line no-await-in-loop
-      const rowsToDelete = await tx(TableName.OrgMembership).where({
-        userId: row.userId,
-        orgId: row.orgId
-      });
-
-      // Ensure that all the rows have exactly the same value, except id, createdAt, updatedAt
-      for (const rowToDelete of rowsToDelete) {
-        validateOrgMembership(rowToDelete, rowsToDelete[0]);
-      }
-
-      // Find the row with the latest createdAt, which we will keep
-
-      let lowestCreatedAt: number | null = null;
-      let latestCreatedRow: TOrgMemberships | null = null;
-
-      for (const rowToDelete of rowsToDelete) {
-        if (lowestCreatedAt === null || rowToDelete.createdAt.getTime() < lowestCreatedAt) {
-          lowestCreatedAt = rowToDelete.createdAt.getTime();
-          latestCreatedRow = rowToDelete;
-        }
-      }
-      if (!latestCreatedRow) {
-        throw new Error("Failed to find last created membership");
-      }
-
-      // Filter out the latest row from the rows to delete
-      const membershipIdsToDelete = rowsToDelete.map((r) => r.id).filter((id) => id !== latestCreatedRow!.id);
-
-      // eslint-disable-next-line no-await-in-loop
-      const numberOfRowsDeleted = await tx(TableName.OrgMembership).whereIn("id", membershipIdsToDelete).delete();
-
-      // eslint-disable-next-line no-console
-      console.log(
-        `Deleted ${numberOfRowsDeleted} duplicate organization memberships for ${row.userId} and ${row.orgId}`
-      );
-    }
-  });
-
-  await knex.schema.alterTable(TableName.OrgMembership, (table) => {
-    table.unique(["userId", "orgId"]);
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.OrgMembership, (table) => {
-    table.dropUnique(["userId", "orgId"]);
-  });
-}
--- a/backend/src/db/migrations/20240412174842_group.ts
+++ b/backend/src/db/migrations/20240412174842_group.ts
@ -1,82 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.Groups))) {
-    await knex.schema.createTable(TableName.Groups, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.string("name").notNullable();
-      t.string("slug").notNullable();
-      t.unique(["orgId", "slug"]);
-      t.string("role").notNullable();
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.OrgRoles);
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.Groups);
-
-  if (!(await knex.schema.hasTable(TableName.UserGroupMembership))) {
-    await knex.schema.createTable(TableName.UserGroupMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid()); // link to user and link to groups cascade on groups
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.uuid("groupId").notNullable();
-      t.foreign("groupId").references("id").inTable(TableName.Groups).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.UserGroupMembership);
-
-  if (!(await knex.schema.hasTable(TableName.GroupProjectMembership))) {
-    await knex.schema.createTable(TableName.GroupProjectMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.uuid("groupId").notNullable();
-      t.foreign("groupId").references("id").inTable(TableName.Groups).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.GroupProjectMembership);
-
-  if (!(await knex.schema.hasTable(TableName.GroupProjectMembershipRole))) {
-    await knex.schema.createTable(TableName.GroupProjectMembershipRole, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("role").notNullable();
-      t.uuid("projectMembershipId").notNullable();
-      t.foreign("projectMembershipId").references("id").inTable(TableName.GroupProjectMembership).onDelete("CASCADE");
-      // until role is changed/removed the role should not deleted
-      t.uuid("customRoleId");
-      t.foreign("customRoleId").references("id").inTable(TableName.ProjectRoles);
-      t.boolean("isTemporary").notNullable().defaultTo(false);
-      t.string("temporaryMode");
-      t.string("temporaryRange"); // could be cron or relative time like 1H or 1minute etc
-      t.datetime("temporaryAccessStartTime");
-      t.datetime("temporaryAccessEndTime");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.GroupProjectMembershipRole);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.GroupProjectMembershipRole);
-  await dropOnUpdateTrigger(knex, TableName.GroupProjectMembershipRole);
-
-  await knex.schema.dropTableIfExists(TableName.UserGroupMembership);
-  await dropOnUpdateTrigger(knex, TableName.UserGroupMembership);
-
-  await knex.schema.dropTableIfExists(TableName.GroupProjectMembership);
-  await dropOnUpdateTrigger(knex, TableName.GroupProjectMembership);
-
-  await knex.schema.dropTableIfExists(TableName.Groups);
-  await dropOnUpdateTrigger(knex, TableName.Groups);
-}
--- a/backend/src/db/migrations/20240414192520_drop-role-roleid-project-membership.ts
+++ b/backend/src/db/migrations/20240414192520_drop-role-roleid-project-membership.ts
@ -1,47 +0,0 @@
-import { Knex } from "knex";
-
-import { ProjectMembershipRole, TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const doesProjectRoleFieldExist = await knex.schema.hasColumn(TableName.ProjectMembership, "role");
-  const doesProjectRoleIdFieldExist = await knex.schema.hasColumn(TableName.ProjectMembership, "roleId");
-  await knex.schema.alterTable(TableName.ProjectMembership, (t) => {
-    if (doesProjectRoleFieldExist) t.dropColumn("roleId");
-    if (doesProjectRoleIdFieldExist) t.dropColumn("role");
-  });
-
-  const doesIdentityProjectRoleFieldExist = await knex.schema.hasColumn(TableName.IdentityProjectMembership, "role");
-  const doesIdentityProjectRoleIdFieldExist = await knex.schema.hasColumn(
-    TableName.IdentityProjectMembership,
-    "roleId"
-  );
-  await knex.schema.alterTable(TableName.IdentityProjectMembership, (t) => {
-    if (doesIdentityProjectRoleFieldExist) t.dropColumn("roleId");
-    if (doesIdentityProjectRoleIdFieldExist) t.dropColumn("role");
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const doesProjectRoleFieldExist = await knex.schema.hasColumn(TableName.ProjectMembership, "role");
-  const doesProjectRoleIdFieldExist = await knex.schema.hasColumn(TableName.ProjectMembership, "roleId");
-  await knex.schema.alterTable(TableName.ProjectMembership, (t) => {
-    if (!doesProjectRoleFieldExist) t.string("role").defaultTo(ProjectMembershipRole.Member);
-    if (!doesProjectRoleIdFieldExist) {
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.ProjectRoles);
-    }
-  });
-
-  const doesIdentityProjectRoleFieldExist = await knex.schema.hasColumn(TableName.IdentityProjectMembership, "role");
-  const doesIdentityProjectRoleIdFieldExist = await knex.schema.hasColumn(
-    TableName.IdentityProjectMembership,
-    "roleId"
-  );
-  await knex.schema.alterTable(TableName.IdentityProjectMembership, (t) => {
-    if (!doesIdentityProjectRoleFieldExist) t.string("role").defaultTo(ProjectMembershipRole.Member);
-    if (!doesIdentityProjectRoleIdFieldExist) {
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.ProjectRoles);
-    }
-  });
-}
--- a/backend/src/db/migrations/20240417032913_pending-group-addition.ts
+++ b/backend/src/db/migrations/20240417032913_pending-group-addition.ts
@ -1,15 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.UserGroupMembership, (t) => {
-    t.boolean("isPending").notNullable().defaultTo(false);
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.UserGroupMembership, (t) => {
-    t.dropColumn("isPending");
-  });
-}
--- a/backend/src/db/migrations/20240423023203_ldap-config-groups.ts
+++ b/backend/src/db/migrations/20240423023203_ldap-config-groups.ts
@ -1,34 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.LdapGroupMap))) {
-    await knex.schema.createTable(TableName.LdapGroupMap, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("ldapConfigId").notNullable();
-      t.foreign("ldapConfigId").references("id").inTable(TableName.LdapConfig).onDelete("CASCADE");
-      t.string("ldapGroupCN").notNullable();
-      t.uuid("groupId").notNullable();
-      t.foreign("groupId").references("id").inTable(TableName.Groups).onDelete("CASCADE");
-      t.unique(["ldapGroupCN", "groupId", "ldapConfigId"]);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.LdapGroupMap);
-
-  await knex.schema.alterTable(TableName.LdapConfig, (t) => {
-    t.string("groupSearchBase").notNullable().defaultTo("");
-    t.string("groupSearchFilter").notNullable().defaultTo("");
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.LdapGroupMap);
-  await dropOnUpdateTrigger(knex, TableName.LdapGroupMap);
-  await knex.schema.alterTable(TableName.LdapConfig, (t) => {
-    t.dropColumn("groupSearchBase");
-    t.dropColumn("groupSearchFilter");
-  });
-}
--- a/backend/src/db/migrations/20240424235842_user-search-filter.ts
+++ b/backend/src/db/migrations/20240424235842_user-search-filter.ts
@ -1,15 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.LdapConfig, (t) => {
-    t.string("searchFilter").notNullable().defaultTo("");
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.LdapConfig, (t) => {
-    t.dropColumn("searchFilter");
-  });
-}
--- a/backend/src/db/migrations/20240429154610_audit-log-index.ts
+++ b/backend/src/db/migrations/20240429154610_audit-log-index.ts
@ -1,28 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const doesOrgIdExist = await knex.schema.hasColumn(TableName.AuditLog, "orgId");
-  const doesProjectIdExist = await knex.schema.hasColumn(TableName.AuditLog, "projectId");
-  const doesCreatedAtExist = await knex.schema.hasColumn(TableName.AuditLog, "createdAt");
-  if (await knex.schema.hasTable(TableName.AuditLog)) {
-    await knex.schema.alterTable(TableName.AuditLog, (t) => {
-      if (doesProjectIdExist && doesCreatedAtExist) t.index(["projectId", "createdAt"]);
-      if (doesOrgIdExist && doesCreatedAtExist) t.index(["orgId", "createdAt"]);
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const doesOrgIdExist = await knex.schema.hasColumn(TableName.AuditLog, "orgId");
-  const doesProjectIdExist = await knex.schema.hasColumn(TableName.AuditLog, "projectId");
-  const doesCreatedAtExist = await knex.schema.hasColumn(TableName.AuditLog, "createdAt");
-
-  if (await knex.schema.hasTable(TableName.AuditLog)) {
-    await knex.schema.alterTable(TableName.AuditLog, (t) => {
-      if (doesProjectIdExist && doesCreatedAtExist) t.dropIndex(["projectId", "createdAt"]);
-      if (doesOrgIdExist && doesCreatedAtExist) t.dropIndex(["orgId", "createdAt"]);
-    });
-  }
-}
--- a/backend/src/db/migrations/20240503101144_audit-log-stream.ts
+++ b/backend/src/db/migrations/20240503101144_audit-log-stream.ts
@ -1,28 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.AuditLogStream))) {
-    await knex.schema.createTable(TableName.AuditLogStream, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("url").notNullable();
-      t.text("encryptedHeadersCiphertext");
-      t.text("encryptedHeadersIV");
-      t.text("encryptedHeadersTag");
-      t.string("encryptedHeadersAlgorithm");
-      t.string("encryptedHeadersKeyEncoding");
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.AuditLogStream);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.AuditLogStream);
-  await knex.schema.dropTableIfExists(TableName.AuditLogStream);
-}
--- a/backend/src/db/migrations/20240507032811_trusted-saml-ldap-emails.ts
+++ b/backend/src/db/migrations/20240507032811_trusted-saml-ldap-emails.ts
@ -1,54 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const isUsersTablePresent = await knex.schema.hasTable(TableName.Users);
-  if (isUsersTablePresent) {
-    const hasIsEmailVerifiedColumn = await knex.schema.hasColumn(TableName.Users, "isEmailVerified");
-
-    if (!hasIsEmailVerifiedColumn) {
-      await knex.schema.alterTable(TableName.Users, (t) => {
-        t.boolean("isEmailVerified").defaultTo(false);
-      });
-    }
-
-    // Backfilling the isEmailVerified to true where isAccepted is true
-    await knex(TableName.Users).update({ isEmailVerified: true }).where("isAccepted", true);
-  }
-
-  const isUserAliasTablePresent = await knex.schema.hasTable(TableName.UserAliases);
-  if (isUserAliasTablePresent) {
-    await knex.schema.alterTable(TableName.UserAliases, (t) => {
-      t.string("username").nullable().alter();
-    });
-  }
-
-  const isSuperAdminTablePresent = await knex.schema.hasTable(TableName.SuperAdmin);
-  if (isSuperAdminTablePresent) {
-    await knex.schema.alterTable(TableName.SuperAdmin, (t) => {
-      t.boolean("trustSamlEmails").defaultTo(false);
-      t.boolean("trustLdapEmails").defaultTo(false);
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.Users, "isEmailVerified")) {
-    await knex.schema.alterTable(TableName.Users, (t) => {
-      t.dropColumn("isEmailVerified");
-    });
-  }
-
-  if (await knex.schema.hasColumn(TableName.SuperAdmin, "trustSamlEmails")) {
-    await knex.schema.alterTable(TableName.SuperAdmin, (t) => {
-      t.dropColumn("trustSamlEmails");
-    });
-  }
-
-  if (await knex.schema.hasColumn(TableName.SuperAdmin, "trustLdapEmails")) {
-    await knex.schema.alterTable(TableName.SuperAdmin, (t) => {
-      t.dropColumn("trustLdapEmails");
-    });
-  }
-}
--- a/backend/src/db/migrations/20240507162140_access-approval-policy.ts
+++ b/backend/src/db/migrations/20240507162140_access-approval-policy.ts
@ -1,41 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.AccessApprovalPolicy))) {
-    await knex.schema.createTable(TableName.AccessApprovalPolicy, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.integer("approvals").defaultTo(1).notNullable();
-      t.string("secretPath");
-
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-    await createOnUpdateTrigger(knex, TableName.AccessApprovalPolicy);
-  }
-
-  if (!(await knex.schema.hasTable(TableName.AccessApprovalPolicyApprover))) {
-    await knex.schema.createTable(TableName.AccessApprovalPolicyApprover, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("approverId").notNullable();
-      t.foreign("approverId").references("id").inTable(TableName.ProjectMembership).onDelete("CASCADE");
-
-      t.uuid("policyId").notNullable();
-      t.foreign("policyId").references("id").inTable(TableName.AccessApprovalPolicy).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-    await createOnUpdateTrigger(knex, TableName.AccessApprovalPolicyApprover);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.AccessApprovalPolicyApprover);
-  await knex.schema.dropTableIfExists(TableName.AccessApprovalPolicy);
-
-  await dropOnUpdateTrigger(knex, TableName.AccessApprovalPolicyApprover);
-  await dropOnUpdateTrigger(knex, TableName.AccessApprovalPolicy);
-}
--- a/backend/src/db/migrations/20240507162141_access
+++ b/backend/src/db/migrations/20240507162141_access
@ -1,51 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.AccessApprovalRequest))) {
-    await knex.schema.createTable(TableName.AccessApprovalRequest, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-
-      t.uuid("policyId").notNullable();
-      t.foreign("policyId").references("id").inTable(TableName.AccessApprovalPolicy).onDelete("CASCADE");
-
-      t.uuid("privilegeId").nullable();
-      t.foreign("privilegeId").references("id").inTable(TableName.ProjectUserAdditionalPrivilege).onDelete("CASCADE");
-
-      t.uuid("requestedBy").notNullable();
-      t.foreign("requestedBy").references("id").inTable(TableName.ProjectMembership).onDelete("CASCADE");
-
-      // We use these values to create the actual privilege at a later point in time.
-      t.boolean("isTemporary").notNullable();
-      t.string("temporaryRange").nullable();
-
-      t.jsonb("permissions").notNullable();
-
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.AccessApprovalRequest);
-
-  if (!(await knex.schema.hasTable(TableName.AccessApprovalRequestReviewer))) {
-    await knex.schema.createTable(TableName.AccessApprovalRequestReviewer, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("member").notNullable();
-      t.foreign("member").references("id").inTable(TableName.ProjectMembership).onDelete("CASCADE");
-      t.string("status").notNullable();
-      t.uuid("requestId").notNullable();
-      t.foreign("requestId").references("id").inTable(TableName.AccessApprovalRequest).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.AccessApprovalRequestReviewer);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.AccessApprovalRequestReviewer);
-  await knex.schema.dropTableIfExists(TableName.AccessApprovalRequest);
-
-  await dropOnUpdateTrigger(knex, TableName.AccessApprovalRequestReviewer);
-  await dropOnUpdateTrigger(knex, TableName.AccessApprovalRequest);
-}
--- a/backend/src/db/schemas/access-approval-policies-approvers.ts
+++ b/backend/src/db/schemas/access-approval-policies-approvers.ts
@ -1,25 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const AccessApprovalPoliciesApproversSchema = z.object({
-  id: z.string().uuid(),
-  approverId: z.string().uuid(),
-  policyId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TAccessApprovalPoliciesApprovers = z.infer<typeof AccessApprovalPoliciesApproversSchema>;
-export type TAccessApprovalPoliciesApproversInsert = Omit<
-  z.input<typeof AccessApprovalPoliciesApproversSchema>,
-  TImmutableDBKeys
->;
-export type TAccessApprovalPoliciesApproversUpdate = Partial<
-  Omit<z.input<typeof AccessApprovalPoliciesApproversSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/access-approval-policies.ts
+++ b/backend/src/db/schemas/access-approval-policies.ts
@ -1,24 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const AccessApprovalPoliciesSchema = z.object({
-  id: z.string().uuid(),
-  name: z.string(),
-  approvals: z.number().default(1),
-  envId: z.string().uuid(),
-  secretPath: z.string().nullable().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TAccessApprovalPolicies = z.infer<typeof AccessApprovalPoliciesSchema>;
-export type TAccessApprovalPoliciesInsert = Omit<z.input<typeof AccessApprovalPoliciesSchema>, TImmutableDBKeys>;
-export type TAccessApprovalPoliciesUpdate = Partial<
-  Omit<z.input<typeof AccessApprovalPoliciesSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/access-approval-requests-reviewers.ts
+++ b/backend/src/db/schemas/access-approval-requests-reviewers.ts
@ -1,26 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const AccessApprovalRequestsReviewersSchema = z.object({
-  id: z.string().uuid(),
-  member: z.string().uuid(),
-  status: z.string(),
-  requestId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TAccessApprovalRequestsReviewers = z.infer<typeof AccessApprovalRequestsReviewersSchema>;
-export type TAccessApprovalRequestsReviewersInsert = Omit<
-  z.input<typeof AccessApprovalRequestsReviewersSchema>,
-  TImmutableDBKeys
->;
-export type TAccessApprovalRequestsReviewersUpdate = Partial<
-  Omit<z.input<typeof AccessApprovalRequestsReviewersSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/access-approval-requests.ts
+++ b/backend/src/db/schemas/access-approval-requests.ts
@ -1,26 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const AccessApprovalRequestsSchema = z.object({
-  id: z.string().uuid(),
-  policyId: z.string().uuid(),
-  privilegeId: z.string().uuid().nullable().optional(),
-  requestedBy: z.string().uuid(),
-  isTemporary: z.boolean(),
-  temporaryRange: z.string().nullable().optional(),
-  permissions: z.unknown(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TAccessApprovalRequests = z.infer<typeof AccessApprovalRequestsSchema>;
-export type TAccessApprovalRequestsInsert = Omit<z.input<typeof AccessApprovalRequestsSchema>, TImmutableDBKeys>;
-export type TAccessApprovalRequestsUpdate = Partial<
-  Omit<z.input<typeof AccessApprovalRequestsSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/audit-log-streams.ts
+++ b/backend/src/db/schemas/audit-log-streams.ts
@ -1,25 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const AuditLogStreamsSchema = z.object({
-  id: z.string().uuid(),
-  url: z.string(),
-  encryptedHeadersCiphertext: z.string().nullable().optional(),
-  encryptedHeadersIV: z.string().nullable().optional(),
-  encryptedHeadersTag: z.string().nullable().optional(),
-  encryptedHeadersAlgorithm: z.string().nullable().optional(),
-  encryptedHeadersKeyEncoding: z.string().nullable().optional(),
-  orgId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TAuditLogStreams = z.infer<typeof AuditLogStreamsSchema>;
-export type TAuditLogStreamsInsert = Omit<z.input<typeof AuditLogStreamsSchema>, TImmutableDBKeys>;
-export type TAuditLogStreamsUpdate = Partial<Omit<z.input<typeof AuditLogStreamsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/dynamic-secret-leases.ts
+++ b/backend/src/db/schemas/dynamic-secret-leases.ts
@ -1,24 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const DynamicSecretLeasesSchema = z.object({
-  id: z.string().uuid(),
-  version: z.number(),
-  externalEntityId: z.string(),
-  expireAt: z.date(),
-  status: z.string().nullable().optional(),
-  statusDetails: z.string().nullable().optional(),
-  dynamicSecretId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TDynamicSecretLeases = z.infer<typeof DynamicSecretLeasesSchema>;
-export type TDynamicSecretLeasesInsert = Omit<z.input<typeof DynamicSecretLeasesSchema>, TImmutableDBKeys>;
-export type TDynamicSecretLeasesUpdate = Partial<Omit<z.input<typeof DynamicSecretLeasesSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/dynamic-secrets.ts
+++ b/backend/src/db/schemas/dynamic-secrets.ts
@ -1,31 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const DynamicSecretsSchema = z.object({
-  id: z.string().uuid(),
-  name: z.string(),
-  version: z.number(),
-  type: z.string(),
-  defaultTTL: z.string(),
-  maxTTL: z.string().nullable().optional(),
-  inputIV: z.string(),
-  inputCiphertext: z.string(),
-  inputTag: z.string(),
-  algorithm: z.string().default("aes-256-gcm"),
-  keyEncoding: z.string().default("utf8"),
-  folderId: z.string().uuid(),
-  status: z.string().nullable().optional(),
-  statusDetails: z.string().nullable().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TDynamicSecrets = z.infer<typeof DynamicSecretsSchema>;
-export type TDynamicSecretsInsert = Omit<z.input<typeof DynamicSecretsSchema>, TImmutableDBKeys>;
-export type TDynamicSecretsUpdate = Partial<Omit<z.input<typeof DynamicSecretsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/group-project-membership-roles.ts
+++ b/backend/src/db/schemas/group-project-membership-roles.ts
@ -1,31 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const GroupProjectMembershipRolesSchema = z.object({
-  id: z.string().uuid(),
-  role: z.string(),
-  projectMembershipId: z.string().uuid(),
-  customRoleId: z.string().uuid().nullable().optional(),
-  isTemporary: z.boolean().default(false),
-  temporaryMode: z.string().nullable().optional(),
-  temporaryRange: z.string().nullable().optional(),
-  temporaryAccessStartTime: z.date().nullable().optional(),
-  temporaryAccessEndTime: z.date().nullable().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TGroupProjectMembershipRoles = z.infer<typeof GroupProjectMembershipRolesSchema>;
-export type TGroupProjectMembershipRolesInsert = Omit<
-  z.input<typeof GroupProjectMembershipRolesSchema>,
-  TImmutableDBKeys
->;
-export type TGroupProjectMembershipRolesUpdate = Partial<
-  Omit<z.input<typeof GroupProjectMembershipRolesSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/group-project-memberships.ts
+++ b/backend/src/db/schemas/group-project-memberships.ts
@ -1,22 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const GroupProjectMembershipsSchema = z.object({
-  id: z.string().uuid(),
-  projectId: z.string(),
-  groupId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TGroupProjectMemberships = z.infer<typeof GroupProjectMembershipsSchema>;
-export type TGroupProjectMembershipsInsert = Omit<z.input<typeof GroupProjectMembershipsSchema>, TImmutableDBKeys>;
-export type TGroupProjectMembershipsUpdate = Partial<
-  Omit<z.input<typeof GroupProjectMembershipsSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/groups.ts
+++ b/backend/src/db/schemas/groups.ts
@ -1,23 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const GroupsSchema = z.object({
-  id: z.string().uuid(),
-  orgId: z.string().uuid(),
-  name: z.string(),
-  slug: z.string(),
-  role: z.string(),
-  roleId: z.string().uuid().nullable().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TGroups = z.infer<typeof GroupsSchema>;
-export type TGroupsInsert = Omit<z.input<typeof GroupsSchema>, TImmutableDBKeys>;
-export type TGroupsUpdate = Partial<Omit<z.input<typeof GroupsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/identity-project-additional-privilege.ts
+++ b/backend/src/db/schemas/identity-project-additional-privilege.ts
@ -1,31 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const IdentityProjectAdditionalPrivilegeSchema = z.object({
-  id: z.string().uuid(),
-  slug: z.string(),
-  projectMembershipId: z.string().uuid(),
-  isTemporary: z.boolean().default(false),
-  temporaryMode: z.string().nullable().optional(),
-  temporaryRange: z.string().nullable().optional(),
-  temporaryAccessStartTime: z.date().nullable().optional(),
-  temporaryAccessEndTime: z.date().nullable().optional(),
-  permissions: z.unknown(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TIdentityProjectAdditionalPrivilege = z.infer<typeof IdentityProjectAdditionalPrivilegeSchema>;
-export type TIdentityProjectAdditionalPrivilegeInsert = Omit<
-  z.input<typeof IdentityProjectAdditionalPrivilegeSchema>,
-  TImmutableDBKeys
->;
-export type TIdentityProjectAdditionalPrivilegeUpdate = Partial<
-  Omit<z.input<typeof IdentityProjectAdditionalPrivilegeSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/identity-project-memberships.ts
+++ b/backend/src/db/schemas/identity-project-memberships.ts
@ -9,6 +9,8 @@ import { TImmutableDBKeys } from "./models";

 export const IdentityProjectMembershipsSchema = z.object({
  id: z.string().uuid(),
+  role: z.string(),
+  roleId: z.string().uuid().nullable().optional(),
  projectId: z.string(),
  identityId: z.string().uuid(),
  createdAt: z.date(),
--- a/backend/src/db/schemas/index.ts
+++ b/backend/src/db/schemas/index.ts
@ -1,24 +1,13 @@
-export * from "./access-approval-policies";
-export * from "./access-approval-policies-approvers";
-export * from "./access-approval-requests";
-export * from "./access-approval-requests-reviewers";
 export * from "./api-keys";
-export * from "./audit-log-streams";
 export * from "./audit-logs";
 export * from "./auth-token-sessions";
 export * from "./auth-tokens";
 export * from "./backup-private-key";
-export * from "./dynamic-secret-leases";
-export * from "./dynamic-secrets";
 export * from "./git-app-install-sessions";
 export * from "./git-app-org";
-export * from "./group-project-membership-roles";
-export * from "./group-project-memberships";
-export * from "./groups";
 export * from "./identities";
 export * from "./identity-access-tokens";
 export * from "./identity-org-memberships";
-export * from "./identity-project-additional-privilege";
 export * from "./identity-project-membership-role";
 export * from "./identity-project-memberships";
 export * from "./identity-ua-client-secrets";
@ -27,7 +16,6 @@ export * from "./incident-contacts";
 export * from "./integration-auths";
 export * from "./integrations";
 export * from "./ldap-configs";
-export * from "./ldap-group-maps";
 export * from "./models";
 export * from "./org-bots";
 export * from "./org-memberships";
@ -38,7 +26,6 @@ export * from "./project-environments";
 export * from "./project-keys";
 export * from "./project-memberships";
 export * from "./project-roles";
-export * from "./project-user-additional-privilege";
 export * from "./project-user-membership-roles";
 export * from "./projects";
 export * from "./saml-configs";
@ -70,6 +57,5 @@ export * from "./trusted-ips";
 export * from "./user-actions";
 export * from "./user-aliases";
 export * from "./user-encryption-keys";
-export * from "./user-group-membership";
 export * from "./users";
 export * from "./webhooks";
--- a/backend/src/db/schemas/ldap-configs.ts
+++ b/backend/src/db/schemas/ldap-configs.ts
@ -23,10 +23,7 @@ export const LdapConfigsSchema = z.object({
  caCertIV: z.string(),
  caCertTag: z.string(),
  createdAt: z.date(),
-  updatedAt: z.date(),
-  groupSearchBase: z.string().default(""),
-  groupSearchFilter: z.string().default(""),
-  searchFilter: z.string().default("")
+  updatedAt: z.date()
 });

 export type TLdapConfigs = z.infer<typeof LdapConfigsSchema>;
--- a/backend/src/db/schemas/ldap-group-maps.ts
+++ b/backend/src/db/schemas/ldap-group-maps.ts
@ -1,19 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const LdapGroupMapsSchema = z.object({
-  id: z.string().uuid(),
-  ldapConfigId: z.string().uuid(),
-  ldapGroupCN: z.string(),
-  groupId: z.string().uuid()
-});
-
-export type TLdapGroupMaps = z.infer<typeof LdapGroupMapsSchema>;
-export type TLdapGroupMapsInsert = Omit<z.input<typeof LdapGroupMapsSchema>, TImmutableDBKeys>;
-export type TLdapGroupMapsUpdate = Partial<Omit<z.input<typeof LdapGroupMapsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/models.ts
+++ b/backend/src/db/schemas/models.ts
@ -2,10 +2,6 @@ import { z } from "zod";

 export enum TableName {
  Users = "users",
-  Groups = "groups",
-  GroupProjectMembership = "group_project_memberships",
-  GroupProjectMembershipRole = "group_project_membership_roles",
-  UserGroupMembership = "user_group_membership",
  UserAliases = "user_aliases",
  UserEncryptionKey = "user_encryption_keys",
  AuthTokens = "auth_tokens",
@ -24,7 +20,6 @@ export enum TableName {
  Environment = "project_environments",
  ProjectMembership = "project_memberships",
  ProjectRoles = "project_roles",
-  ProjectUserAdditionalPrivilege = "project_user_additional_privilege",
  ProjectUserMembershipRole = "project_user_membership_roles",
  ProjectKeys = "project_keys",
  Secret = "secrets",
@ -48,12 +43,7 @@ export enum TableName {
  IdentityOrgMembership = "identity_org_memberships",
  IdentityProjectMembership = "identity_project_memberships",
  IdentityProjectMembershipRole = "identity_project_membership_role",
-  IdentityProjectAdditionalPrivilege = "identity_project_additional_privilege",
  ScimToken = "scim_tokens",
-  AccessApprovalPolicy = "access_approval_policies",
-  AccessApprovalPolicyApprover = "access_approval_policies_approvers",
-  AccessApprovalRequest = "access_approval_requests",
-  AccessApprovalRequestReviewer = "access_approval_requests_reviewers",
  SecretApprovalPolicy = "secret_approval_policies",
  SecretApprovalPolicyApprover = "secret_approval_policies_approvers",
  SecretApprovalRequest = "secret_approval_requests",
@ -64,15 +54,11 @@ export enum TableName {
  SecretRotationOutput = "secret_rotation_outputs",
  SamlConfig = "saml_configs",
  LdapConfig = "ldap_configs",
-  LdapGroupMap = "ldap_group_maps",
  AuditLog = "audit_logs",
-  AuditLogStream = "audit_log_streams",
  GitAppInstallSession = "git_app_install_sessions",
  GitAppOrg = "git_app_org",
  SecretScanningGitRisk = "secret_scanning_git_risks",
  TrustedIps = "trusted_ips",
-  DynamicSecret = "dynamic_secrets",
-  DynamicSecretLease = "dynamic_secret_leases",
  // junction tables with tags
  JnSecretTag = "secret_tag_junction",
  SecretVersionTag = "secret_version_tag_junction"
--- a/backend/src/db/schemas/project-memberships.ts
+++ b/backend/src/db/schemas/project-memberships.ts
@ -9,10 +9,12 @@ import { TImmutableDBKeys } from "./models";

 export const ProjectMembershipsSchema = z.object({
  id: z.string().uuid(),
+  role: z.string(),
  createdAt: z.date(),
  updatedAt: z.date(),
  userId: z.string().uuid(),
-  projectId: z.string()
+  projectId: z.string(),
+  roleId: z.string().uuid().nullable().optional()
 });

 export type TProjectMemberships = z.infer<typeof ProjectMembershipsSchema>;
--- a/backend/src/db/schemas/project-user-additional-privilege.ts
+++ b/backend/src/db/schemas/project-user-additional-privilege.ts
@ -1,31 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const ProjectUserAdditionalPrivilegeSchema = z.object({
-  id: z.string().uuid(),
-  slug: z.string(),
-  projectMembershipId: z.string().uuid(),
-  isTemporary: z.boolean().default(false),
-  temporaryMode: z.string().nullable().optional(),
-  temporaryRange: z.string().nullable().optional(),
-  temporaryAccessStartTime: z.date().nullable().optional(),
-  temporaryAccessEndTime: z.date().nullable().optional(),
-  permissions: z.unknown(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TProjectUserAdditionalPrivilege = z.infer<typeof ProjectUserAdditionalPrivilegeSchema>;
-export type TProjectUserAdditionalPrivilegeInsert = Omit<
-  z.input<typeof ProjectUserAdditionalPrivilegeSchema>,
-  TImmutableDBKeys
->;
-export type TProjectUserAdditionalPrivilegeUpdate = Partial<
-  Omit<z.input<typeof ProjectUserAdditionalPrivilegeSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/super-admin.ts
+++ b/backend/src/db/schemas/super-admin.ts
@ -14,9 +14,7 @@ export const SuperAdminSchema = z.object({
  createdAt: z.date(),
  updatedAt: z.date(),
  allowedSignUpDomain: z.string().nullable().optional(),
-  instanceId: z.string().uuid().default("00000000-0000-0000-0000-000000000000"),
-  trustSamlEmails: z.boolean().default(false).nullable().optional(),
-  trustLdapEmails: z.boolean().default(false).nullable().optional()
+  instanceId: z.string().uuid().default("00000000-0000-0000-0000-000000000000")
 });

 export type TSuperAdmin = z.infer<typeof SuperAdminSchema>;
--- a/backend/src/db/schemas/user-aliases.ts
+++ b/backend/src/db/schemas/user-aliases.ts
@ -10,7 +10,7 @@ import { TImmutableDBKeys } from "./models";
 export const UserAliasesSchema = z.object({
  id: z.string().uuid(),
  userId: z.string().uuid(),
-  username: z.string().nullable().optional(),
+  username: z.string(),
  aliasType: z.string(),
  externalId: z.string(),
  emails: z.string().array().nullable().optional(),
--- a/backend/src/db/schemas/user-group-membership.ts
+++ b/backend/src/db/schemas/user-group-membership.ts
@ -1,21 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const UserGroupMembershipSchema = z.object({
-  id: z.string().uuid(),
-  userId: z.string().uuid(),
-  groupId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  isPending: z.boolean().default(false)
-});
-
-export type TUserGroupMembership = z.infer<typeof UserGroupMembershipSchema>;
-export type TUserGroupMembershipInsert = Omit<z.input<typeof UserGroupMembershipSchema>, TImmutableDBKeys>;
-export type TUserGroupMembershipUpdate = Partial<Omit<z.input<typeof UserGroupMembershipSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/users.ts
+++ b/backend/src/db/schemas/users.ts
@ -21,8 +21,7 @@ export const UsersSchema = z.object({
  createdAt: z.date(),
  updatedAt: z.date(),
  isGhost: z.boolean().default(false),
-  username: z.string(),
-  isEmailVerified: z.boolean().nullable().optional()
+  username: z.string()
 });

 export type TUsers = z.infer<typeof UsersSchema>;
--- a/backend/src/db/seeds/3-project.ts
+++ b/backend/src/db/seeds/3-project.ts
@ -33,7 +33,8 @@ export async function seed(knex: Knex): Promise<void> {
  const projectMembership = await knex(TableName.ProjectMembership)
    .insert({
      projectId: project.id,
-      userId: seedData1.id
+      userId: seedData1.id,
+      role: ProjectMembershipRole.Admin
    })
    .returning("*");
  await knex(TableName.ProjectUserMembershipRole).insert({
--- a/backend/src/db/seeds/4-machine-identity.ts
+++ b/backend/src/db/seeds/4-machine-identity.ts
@ -78,7 +78,8 @@ export async function seed(knex: Knex): Promise<void> {
  const identityProjectMembership = await knex(TableName.IdentityProjectMembership)
    .insert({
      identityId: seedData1.machineIdentity.id,
-      projectId: seedData1.project.id
+      projectId: seedData1.project.id,
+      role: ProjectMembershipRole.Admin
    })
    .returning("*");

--- a/backend/src/ee/routes/v1/access-approval-policy-router.ts
+++ b/backend/src/ee/routes/v1/access-approval-policy-router.ts
@ -1,168 +0,0 @@
-import { nanoid } from "nanoid";
-import { z } from "zod";
-
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { sapPubSchema } from "@app/server/routes/sanitizedSchemas";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerAccessApprovalPolicyRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    url: "/",
-    method: "POST",
-    schema: {
-      body: z
-        .object({
-          projectSlug: z.string().trim(),
-          name: z.string().optional(),
-          secretPath: z.string().trim().default("/"),
-          environment: z.string(),
-          approvers: z.string().array().min(1),
-          approvals: z.number().min(1).default(1)
-        })
-        .refine((data) => data.approvals <= data.approvers.length, {
-          path: ["approvals"],
-          message: "The number of approvals should be lower than the number of approvers."
-        }),
-      response: {
-        200: z.object({
-          approval: sapPubSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const approval = await server.services.accessApprovalPolicy.createAccessApprovalPolicy({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.body,
-        projectSlug: req.body.projectSlug,
-        name: req.body.name ?? `${req.body.environment}-${nanoid(3)}`
-      });
-      return { approval };
-    }
-  });
-
-  server.route({
-    url: "/",
-    method: "GET",
-    schema: {
-      querystring: z.object({
-        projectSlug: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          approvals: sapPubSchema.extend({ approvers: z.string().array(), secretPath: z.string().optional() }).array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const approvals = await server.services.accessApprovalPolicy.getAccessApprovalPolicyByProjectSlug({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        projectSlug: req.query.projectSlug
-      });
-      return { approvals };
-    }
-  });
-
-  server.route({
-    url: "/count",
-    method: "GET",
-    schema: {
-      querystring: z.object({
-        projectSlug: z.string(),
-        envSlug: z.string()
-      }),
-      response: {
-        200: z.object({
-          count: z.number()
-        })
-      }
-    },
-
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { count } = await server.services.accessApprovalPolicy.getAccessPolicyCountByEnvSlug({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        projectSlug: req.query.projectSlug,
-        actorOrgId: req.permission.orgId,
-        envSlug: req.query.envSlug
-      });
-      return { count };
-    }
-  });
-
-  server.route({
-    url: "/:policyId",
-    method: "PATCH",
-    schema: {
-      params: z.object({
-        policyId: z.string()
-      }),
-      body: z
-        .object({
-          name: z.string().optional(),
-          secretPath: z
-            .string()
-            .trim()
-            .optional()
-            .transform((val) => (val === "" ? "/" : val)),
-          approvers: z.string().array().min(1),
-          approvals: z.number().min(1).default(1)
-        })
-        .refine((data) => data.approvals <= data.approvers.length, {
-          path: ["approvals"],
-          message: "The number of approvals should be lower than the number of approvers."
-        }),
-      response: {
-        200: z.object({
-          approval: sapPubSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      await server.services.accessApprovalPolicy.updateAccessApprovalPolicy({
-        policyId: req.params.policyId,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body
-      });
-    }
-  });
-
-  server.route({
-    url: "/:policyId",
-    method: "DELETE",
-    schema: {
-      params: z.object({
-        policyId: z.string()
-      }),
-      response: {
-        200: z.object({
-          approval: sapPubSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const approval = await server.services.accessApprovalPolicy.deleteAccessApprovalPolicy({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        policyId: req.params.policyId
-      });
-      return { approval };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/access-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/access-approval-request-router.ts
@ -1,160 +0,0 @@
-import { z } from "zod";
-
-import { AccessApprovalRequestsReviewersSchema, AccessApprovalRequestsSchema } from "@app/db/schemas";
-import { ApprovalStatus } from "@app/ee/services/access-approval-request/access-approval-request-types";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerAccessApprovalRequestRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    url: "/",
-    method: "POST",
-    schema: {
-      body: z.object({
-        permissions: z.any().array(),
-        isTemporary: z.boolean(),
-        temporaryRange: z.string().optional()
-      }),
-      querystring: z.object({
-        projectSlug: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          approval: AccessApprovalRequestsSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { request } = await server.services.accessApprovalRequest.createAccessApprovalRequest({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        permissions: req.body.permissions,
-        actorOrgId: req.permission.orgId,
-        projectSlug: req.query.projectSlug,
-        temporaryRange: req.body.temporaryRange,
-        isTemporary: req.body.isTemporary
-      });
-      return { approval: request };
-    }
-  });
-
-  server.route({
-    url: "/count",
-    method: "GET",
-    schema: {
-      querystring: z.object({
-        projectSlug: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          pendingCount: z.number(),
-          finalizedCount: z.number()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { count } = await server.services.accessApprovalRequest.getCount({
-        projectSlug: req.query.projectSlug,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod
-      });
-
-      return { ...count };
-    }
-  });
-
-  server.route({
-    url: "/",
-    method: "GET",
-    schema: {
-      querystring: z.object({
-        projectSlug: z.string().trim(),
-        authorProjectMembershipId: z.string().trim().optional(),
-        envSlug: z.string().trim().optional()
-      }),
-      response: {
-        200: z.object({
-          requests: AccessApprovalRequestsSchema.extend({
-            environmentName: z.string(),
-            isApproved: z.boolean(),
-            privilege: z
-              .object({
-                membershipId: z.string(),
-                isTemporary: z.boolean(),
-                temporaryMode: z.string().nullish(),
-                temporaryRange: z.string().nullish(),
-                temporaryAccessStartTime: z.date().nullish(),
-                temporaryAccessEndTime: z.date().nullish(),
-                permissions: z.unknown()
-              })
-              .nullable(),
-            policy: z.object({
-              id: z.string(),
-              name: z.string(),
-              approvals: z.number(),
-              approvers: z.string().array(),
-              secretPath: z.string().nullish(),
-              envId: z.string()
-            }),
-            reviewers: z
-              .object({
-                member: z.string(),
-                status: z.string()
-              })
-              .array()
-          }).array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { requests } = await server.services.accessApprovalRequest.listApprovalRequests({
-        projectSlug: req.query.projectSlug,
-        authorProjectMembershipId: req.query.authorProjectMembershipId,
-        envSlug: req.query.envSlug,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod
-      });
-
-      return { requests };
-    }
-  });
-
-  server.route({
-    url: "/:requestId/review",
-    method: "POST",
-    schema: {
-      params: z.object({
-        requestId: z.string().trim()
-      }),
-      body: z.object({
-        status: z.enum([ApprovalStatus.APPROVED, ApprovalStatus.REJECTED])
-      }),
-      response: {
-        200: z.object({
-          review: AccessApprovalRequestsReviewersSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const review = await server.services.accessApprovalRequest.reviewAccessRequest({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        requestId: req.params.requestId,
-        status: req.body.status
-      });
-
-      return { review };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/audit-log-stream-router.ts
+++ b/backend/src/ee/routes/v1/audit-log-stream-router.ts
@ -1,215 +0,0 @@
-import { z } from "zod";
-
-import { AUDIT_LOG_STREAMS } from "@app/lib/api-docs";
-import { readLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { SanitizedAuditLogStreamSchema } from "@app/server/routes/sanitizedSchemas";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerAuditLogStreamRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    method: "POST",
-    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Create an Audit Log Stream.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      body: z.object({
-        url: z.string().min(1).describe(AUDIT_LOG_STREAMS.CREATE.url),
-        headers: z
-          .object({
-            key: z.string().min(1).trim().describe(AUDIT_LOG_STREAMS.CREATE.headers.key),
-            value: z.string().min(1).trim().describe(AUDIT_LOG_STREAMS.CREATE.headers.value)
-          })
-          .describe(AUDIT_LOG_STREAMS.CREATE.headers.desc)
-          .array()
-          .optional()
-      }),
-      response: {
-        200: z.object({
-          auditLogStream: SanitizedAuditLogStreamSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const auditLogStream = await server.services.auditLogStream.create({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        url: req.body.url,
-        headers: req.body.headers
-      });
-
-      return { auditLogStream };
-    }
-  });
-
-  server.route({
-    method: "PATCH",
-    url: "/:id",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Update an Audit Log Stream by ID.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        id: z.string().describe(AUDIT_LOG_STREAMS.UPDATE.id)
-      }),
-      body: z.object({
-        url: z.string().optional().describe(AUDIT_LOG_STREAMS.UPDATE.url),
-        headers: z
-          .object({
-            key: z.string().min(1).trim().describe(AUDIT_LOG_STREAMS.UPDATE.headers.key),
-            value: z.string().min(1).trim().describe(AUDIT_LOG_STREAMS.UPDATE.headers.value)
-          })
-          .describe(AUDIT_LOG_STREAMS.UPDATE.headers.desc)
-          .array()
-          .optional()
-      }),
-      response: {
-        200: z.object({
-          auditLogStream: SanitizedAuditLogStreamSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const auditLogStream = await server.services.auditLogStream.updateById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        id: req.params.id,
-        url: req.body.url,
-        headers: req.body.headers
-      });
-
-      return { auditLogStream };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:id",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Delete an Audit Log Stream by ID.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        id: z.string().describe(AUDIT_LOG_STREAMS.DELETE.id)
-      }),
-      response: {
-        200: z.object({
-          auditLogStream: SanitizedAuditLogStreamSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const auditLogStream = await server.services.auditLogStream.deleteById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        id: req.params.id
-      });
-
-      return { auditLogStream };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/:id",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Get an Audit Log Stream by ID.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        id: z.string().describe(AUDIT_LOG_STREAMS.GET_BY_ID.id)
-      }),
-      response: {
-        200: z.object({
-          auditLogStream: SanitizedAuditLogStreamSchema.extend({
-            headers: z
-              .object({
-                key: z.string(),
-                value: z.string()
-              })
-              .array()
-              .optional()
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const auditLogStream = await server.services.auditLogStream.getById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        id: req.params.id
-      });
-
-      return { auditLogStream };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "List Audit Log Streams.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      response: {
-        200: z.object({
-          auditLogStreams: SanitizedAuditLogStreamSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const auditLogStreams = await server.services.auditLogStream.list({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod
-      });
-
-      return { auditLogStreams };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/dynamic-secret-lease-router.ts
+++ b/backend/src/ee/routes/v1/dynamic-secret-lease-router.ts
@ -1,197 +0,0 @@
-import ms from "ms";
-import { z } from "zod";
-
-import { DynamicSecretLeasesSchema } from "@app/db/schemas";
-import { DYNAMIC_SECRET_LEASES } from "@app/lib/api-docs";
-import { daysToMillisecond } from "@app/lib/dates";
-import { removeTrailingSlash } from "@app/lib/fn";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { SanitizedDynamicSecretSchema } from "@app/server/routes/sanitizedSchemas";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerDynamicSecretLeaseRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    method: "POST",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.object({
-        dynamicSecretName: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.CREATE.dynamicSecretName).toLowerCase(),
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.CREATE.projectSlug),
-        ttl: z
-          .string()
-          .optional()
-          .describe(DYNAMIC_SECRET_LEASES.CREATE.ttl)
-          .superRefine((val, ctx) => {
-            if (!val) return;
-            const valMs = ms(val);
-            if (valMs < 60 * 1000)
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-            if (valMs > daysToMillisecond(1))
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-          }),
-        path: z.string().trim().default("/").transform(removeTrailingSlash).describe(DYNAMIC_SECRET_LEASES.CREATE.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.CREATE.path)
-      }),
-      response: {
-        200: z.object({
-          lease: DynamicSecretLeasesSchema,
-          dynamicSecret: SanitizedDynamicSecretSchema,
-          data: z.unknown()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const { data, lease, dynamicSecret } = await server.services.dynamicSecretLease.create({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        name: req.body.dynamicSecretName,
-        ...req.body
-      });
-      return { lease, data, dynamicSecret };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:leaseId",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        leaseId: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.DELETE.leaseId)
-      }),
-      body: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.DELETE.projectSlug),
-        path: z
-          .string()
-          .min(1)
-          .trim()
-          .default("/")
-          .transform(removeTrailingSlash)
-          .describe(DYNAMIC_SECRET_LEASES.DELETE.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.DELETE.environmentSlug),
-        isForced: z.boolean().default(false).describe(DYNAMIC_SECRET_LEASES.DELETE.isForced)
-      }),
-      response: {
-        200: z.object({
-          lease: DynamicSecretLeasesSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const lease = await server.services.dynamicSecretLease.revokeLease({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        leaseId: req.params.leaseId,
-        ...req.body
-      });
-      return { lease };
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/:leaseId/renew",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        leaseId: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.RENEW.leaseId)
-      }),
-      body: z.object({
-        ttl: z
-          .string()
-          .describe(DYNAMIC_SECRET_LEASES.RENEW.ttl)
-          .optional()
-          .superRefine((val, ctx) => {
-            if (!val) return;
-            const valMs = ms(val);
-            if (valMs < 60 * 1000)
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-            if (valMs > daysToMillisecond(1))
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-          }),
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.RENEW.projectSlug),
-        path: z
-          .string()
-          .min(1)
-          .trim()
-          .default("/")
-          .transform(removeTrailingSlash)
-          .describe(DYNAMIC_SECRET_LEASES.RENEW.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.RENEW.ttl)
-      }),
-      response: {
-        200: z.object({
-          lease: DynamicSecretLeasesSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const lease = await server.services.dynamicSecretLease.renewLease({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        leaseId: req.params.leaseId,
-        ...req.body
-      });
-      return { lease };
-    }
-  });
-
-  server.route({
-    url: "/:leaseId",
-    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        leaseId: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.GET_BY_LEASEID.leaseId)
-      }),
-      querystring: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.GET_BY_LEASEID.projectSlug),
-        path: z
-          .string()
-          .trim()
-          .default("/")
-          .transform(removeTrailingSlash)
-          .describe(DYNAMIC_SECRET_LEASES.GET_BY_LEASEID.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRET_LEASES.GET_BY_LEASEID.environmentSlug)
-      }),
-      response: {
-        200: z.object({
-          lease: DynamicSecretLeasesSchema.extend({
-            dynamicSecret: SanitizedDynamicSecretSchema
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const lease = await server.services.dynamicSecretLease.getLeaseDetails({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        leaseId: req.params.leaseId,
-        ...req.query
-      });
-      return { lease };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/dynamic-secret-router.ts
+++ b/backend/src/ee/routes/v1/dynamic-secret-router.ts
@ -1,290 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import ms from "ms";
-import { z } from "zod";
-
-import { DynamicSecretLeasesSchema } from "@app/db/schemas";
-import { DynamicSecretProviderSchema } from "@app/ee/services/dynamic-secret/providers/models";
-import { DYNAMIC_SECRETS } from "@app/lib/api-docs";
-import { daysToMillisecond } from "@app/lib/dates";
-import { removeTrailingSlash } from "@app/lib/fn";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { SanitizedDynamicSecretSchema } from "@app/server/routes/sanitizedSchemas";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerDynamicSecretRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    method: "POST",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.CREATE.projectSlug),
-        provider: DynamicSecretProviderSchema.describe(DYNAMIC_SECRETS.CREATE.provider),
-        defaultTTL: z
-          .string()
-          .describe(DYNAMIC_SECRETS.CREATE.defaultTTL)
-          .superRefine((val, ctx) => {
-            const valMs = ms(val);
-            if (valMs < 60 * 1000)
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-            if (valMs > daysToMillisecond(1))
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-          }),
-        maxTTL: z
-          .string()
-          .describe(DYNAMIC_SECRETS.CREATE.maxTTL)
-          .optional()
-          .superRefine((val, ctx) => {
-            if (!val) return;
-            const valMs = ms(val);
-            if (valMs < 60 * 1000)
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-            if (valMs > daysToMillisecond(1))
-              ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-          })
-          .nullable(),
-        path: z.string().describe(DYNAMIC_SECRETS.CREATE.path).trim().default("/").transform(removeTrailingSlash),
-        environmentSlug: z.string().describe(DYNAMIC_SECRETS.CREATE.environmentSlug).min(1),
-        name: z
-          .string()
-          .describe(DYNAMIC_SECRETS.CREATE.name)
-          .min(1)
-          .toLowerCase()
-          .max(64)
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid"
-          })
-      }),
-      response: {
-        200: z.object({
-          dynamicSecret: SanitizedDynamicSecretSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const dynamicSecretCfg = await server.services.dynamicSecret.create({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.body
-      });
-      return { dynamicSecret: dynamicSecretCfg };
-    }
-  });
-
-  server.route({
-    method: "PATCH",
-    url: "/:name",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        name: z.string().toLowerCase().describe(DYNAMIC_SECRETS.UPDATE.name)
-      }),
-      body: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.UPDATE.projectSlug),
-        path: z.string().trim().default("/").transform(removeTrailingSlash).describe(DYNAMIC_SECRETS.UPDATE.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRETS.UPDATE.environmentSlug),
-        data: z.object({
-          inputs: z.any().optional().describe(DYNAMIC_SECRETS.UPDATE.inputs),
-          defaultTTL: z
-            .string()
-            .describe(DYNAMIC_SECRETS.UPDATE.defaultTTL)
-            .optional()
-            .superRefine((val, ctx) => {
-              if (!val) return;
-              const valMs = ms(val);
-              if (valMs < 60 * 1000)
-                ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-              if (valMs > daysToMillisecond(1))
-                ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-            }),
-          maxTTL: z
-            .string()
-            .describe(DYNAMIC_SECRETS.UPDATE.maxTTL)
-            .optional()
-            .superRefine((val, ctx) => {
-              if (!val) return;
-              const valMs = ms(val);
-              if (valMs < 60 * 1000)
-                ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
-              if (valMs > daysToMillisecond(1))
-                ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
-            })
-            .nullable(),
-          newName: z.string().describe(DYNAMIC_SECRETS.UPDATE.newName).optional()
-        })
-      }),
-      response: {
-        200: z.object({
-          dynamicSecret: SanitizedDynamicSecretSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const dynamicSecretCfg = await server.services.dynamicSecret.updateByName({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        name: req.params.name,
-        path: req.body.path,
-        projectSlug: req.body.projectSlug,
-        environmentSlug: req.body.environmentSlug,
-        ...req.body.data
-      });
-      return { dynamicSecret: dynamicSecretCfg };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:name",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        name: z.string().toLowerCase().describe(DYNAMIC_SECRETS.DELETE.name)
-      }),
-      body: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.DELETE.projectSlug),
-        path: z.string().trim().default("/").transform(removeTrailingSlash).describe(DYNAMIC_SECRETS.DELETE.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRETS.DELETE.environmentSlug),
-        isForced: z.boolean().default(false).describe(DYNAMIC_SECRETS.DELETE.isForced)
-      }),
-      response: {
-        200: z.object({
-          dynamicSecret: SanitizedDynamicSecretSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const dynamicSecretCfg = await server.services.dynamicSecret.deleteByName({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        name: req.params.name,
-        ...req.body
-      });
-      return { dynamicSecret: dynamicSecretCfg };
-    }
-  });
-
-  server.route({
-    url: "/:name",
-    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        name: z.string().min(1).describe(DYNAMIC_SECRETS.GET_BY_NAME.name)
-      }),
-      querystring: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.GET_BY_NAME.projectSlug),
-        path: z.string().trim().default("/").transform(removeTrailingSlash).describe(DYNAMIC_SECRETS.GET_BY_NAME.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRETS.GET_BY_NAME.environmentSlug)
-      }),
-      response: {
-        200: z.object({
-          dynamicSecret: SanitizedDynamicSecretSchema.extend({
-            inputs: z.unknown()
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const dynamicSecretCfg = await server.services.dynamicSecret.getDetails({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        name: req.params.name,
-        ...req.query
-      });
-      return { dynamicSecret: dynamicSecretCfg };
-    }
-  });
-
-  server.route({
-    url: "/",
-    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      querystring: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.LIST.projectSlug),
-        path: z.string().trim().default("/").transform(removeTrailingSlash).describe(DYNAMIC_SECRETS.LIST.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRETS.LIST.environmentSlug)
-      }),
-      response: {
-        200: z.object({
-          dynamicSecrets: SanitizedDynamicSecretSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const dynamicSecretCfgs = await server.services.dynamicSecret.list({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.query
-      });
-      return { dynamicSecrets: dynamicSecretCfgs };
-    }
-  });
-
-  server.route({
-    url: "/:name/leases",
-    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        name: z.string().min(1).describe(DYNAMIC_SECRETS.LIST_LEAES_BY_NAME.name)
-      }),
-      querystring: z.object({
-        projectSlug: z.string().min(1).describe(DYNAMIC_SECRETS.LIST_LEAES_BY_NAME.projectSlug),
-        path: z
-          .string()
-          .trim()
-          .default("/")
-          .transform(removeTrailingSlash)
-          .describe(DYNAMIC_SECRETS.LIST_LEAES_BY_NAME.path),
-        environmentSlug: z.string().min(1).describe(DYNAMIC_SECRETS.LIST_LEAES_BY_NAME.environmentSlug)
-      }),
-      response: {
-        200: z.object({
-          leases: DynamicSecretLeasesSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const leases = await server.services.dynamicSecretLease.listLeases({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        name: req.params.name,
-        ...req.query
-      });
-      return { leases };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/group-router.ts
+++ b/backend/src/ee/routes/v1/group-router.ts
@ -1,220 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import { z } from "zod";
-
-import { GroupsSchema, OrgMembershipRole, UsersSchema } from "@app/db/schemas";
-import { GROUPS } from "@app/lib/api-docs";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerGroupRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    url: "/",
-    method: "POST",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      body: z.object({
-        name: z.string().trim().min(1).max(50).describe(GROUPS.CREATE.name),
-        slug: z
-          .string()
-          .min(5)
-          .max(36)
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid slug"
-          })
-          .optional()
-          .describe(GROUPS.CREATE.slug),
-        role: z.string().trim().min(1).default(OrgMembershipRole.NoAccess).describe(GROUPS.CREATE.role)
-      }),
-      response: {
-        200: GroupsSchema
-      }
-    },
-    handler: async (req) => {
-      const group = await server.services.group.createGroup({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.body
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/:currentSlug",
-    method: "PATCH",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        currentSlug: z.string().trim().describe(GROUPS.UPDATE.currentSlug)
-      }),
-      body: z
-        .object({
-          name: z.string().trim().min(1).describe(GROUPS.UPDATE.name),
-          slug: z
-            .string()
-            .min(5)
-            .max(36)
-            .refine((v) => slugify(v) === v, {
-              message: "Slug must be a valid slug"
-            })
-            .describe(GROUPS.UPDATE.slug),
-          role: z.string().trim().min(1).describe(GROUPS.UPDATE.role)
-        })
-        .partial(),
-      response: {
-        200: GroupsSchema
-      }
-    },
-    handler: async (req) => {
-      const group = await server.services.group.updateGroup({
-        currentSlug: req.params.currentSlug,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.body
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/:slug",
-    method: "DELETE",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        slug: z.string().trim().describe(GROUPS.DELETE.slug)
-      }),
-      response: {
-        200: GroupsSchema
-      }
-    },
-    handler: async (req) => {
-      const group = await server.services.group.deleteGroup({
-        groupSlug: req.params.slug,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/:slug/users",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        slug: z.string().trim().describe(GROUPS.LIST_USERS.slug)
-      }),
-      querystring: z.object({
-        offset: z.coerce.number().min(0).max(100).default(0).describe(GROUPS.LIST_USERS.offset),
-        limit: z.coerce.number().min(1).max(100).default(10).describe(GROUPS.LIST_USERS.limit),
-        username: z.string().optional().describe(GROUPS.LIST_USERS.username)
-      }),
-      response: {
-        200: z.object({
-          users: UsersSchema.pick({
-            email: true,
-            username: true,
-            firstName: true,
-            lastName: true,
-            id: true
-          })
-            .merge(
-              z.object({
-                isPartOfGroup: z.boolean()
-              })
-            )
-            .array(),
-          totalCount: z.number()
-        })
-      }
-    },
-    handler: async (req) => {
-      const { users, totalCount } = await server.services.group.listGroupUsers({
-        groupSlug: req.params.slug,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.query
-      });
-      return { users, totalCount };
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/:slug/users/:username",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        slug: z.string().trim().describe(GROUPS.ADD_USER.slug),
-        username: z.string().trim().describe(GROUPS.ADD_USER.username)
-      }),
-      response: {
-        200: UsersSchema.pick({
-          email: true,
-          username: true,
-          firstName: true,
-          lastName: true,
-          id: true
-        })
-      }
-    },
-    handler: async (req) => {
-      const user = await server.services.group.addUserToGroup({
-        groupSlug: req.params.slug,
-        username: req.params.username,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId
-      });
-
-      return user;
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:slug/users/:username",
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        slug: z.string().trim().describe(GROUPS.DELETE_USER.slug),
-        username: z.string().trim().describe(GROUPS.DELETE_USER.username)
-      }),
-      response: {
-        200: UsersSchema.pick({
-          email: true,
-          username: true,
-          firstName: true,
-          lastName: true,
-          id: true
-        })
-      }
-    },
-    handler: async (req) => {
-      const user = await server.services.group.removeUserFromGroup({
-        groupSlug: req.params.slug,
-        username: req.params.username,
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId
-      });
-
-      return user;
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/identity-project-additional-privilege-router.ts
+++ b/backend/src/ee/routes/v1/identity-project-additional-privilege-router.ts
@ -1,316 +0,0 @@
-import { packRules } from "@casl/ability/extra";
-import slugify from "@sindresorhus/slugify";
-import ms from "ms";
-import { z } from "zod";
-
-import { IdentityProjectAdditionalPrivilegeTemporaryMode } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-types";
-import { IDENTITY_ADDITIONAL_PRIVILEGE } from "@app/lib/api-docs";
-import { alphaNumericNanoId } from "@app/lib/nanoid";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { PermissionSchema, SanitizedIdentityPrivilegeSchema } from "@app/server/routes/sanitizedSchemas";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    method: "POST",
-    url: "/permanent",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Create a permanent or a non expiry specific privilege for identity.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      body: z.object({
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: z
-          .string()
-          .min(1)
-          .max(60)
-          .trim()
-          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid slug"
-          })
-          .optional()
-          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
-        permissions: PermissionSchema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions)
-      }),
-      response: {
-        200: z.object({
-          privilege: SanitizedIdentityPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const privilege = await server.services.identityProjectAdditionalPrivilege.create({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body,
-        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
-        isTemporary: false,
-        permissions: JSON.stringify(packRules(req.body.permissions))
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/temporary",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Create a temporary or a expiring specific privilege for identity.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      body: z.object({
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: z
-          .string()
-          .min(1)
-          .max(60)
-          .trim()
-          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid slug"
-          })
-          .optional()
-          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
-        permissions: PermissionSchema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions),
-        temporaryMode: z
-          .nativeEnum(IdentityProjectAdditionalPrivilegeTemporaryMode)
-          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.temporaryMode),
-        temporaryRange: z
-          .string()
-          .refine((val) => ms(val) > 0, "Temporary range must be a positive number")
-          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.temporaryRange),
-        temporaryAccessStartTime: z
-          .string()
-          .datetime()
-          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.temporaryAccessStartTime)
-      }),
-      response: {
-        200: z.object({
-          privilege: SanitizedIdentityPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const privilege = await server.services.identityProjectAdditionalPrivilege.create({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body,
-        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
-        isTemporary: true,
-        permissions: JSON.stringify(packRules(req.body.permissions))
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "PATCH",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Update a specific privilege of an identity.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      body: z.object({
-        // disallow empty string
-        privilegeSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.slug),
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.projectSlug),
-        privilegeDetails: z
-          .object({
-            slug: z
-              .string()
-              .min(1)
-              .max(60)
-              .trim()
-              .refine((val) => val.toLowerCase() === val, "Must be lowercase")
-              .refine((v) => slugify(v) === v, {
-                message: "Slug must be a valid slug"
-              })
-              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.newSlug),
-            permissions: PermissionSchema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.permissions),
-            isTemporary: z.boolean().describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.isTemporary),
-            temporaryMode: z
-              .nativeEnum(IdentityProjectAdditionalPrivilegeTemporaryMode)
-              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.temporaryMode),
-            temporaryRange: z
-              .string()
-              .refine((val) => ms(val) > 0, "Temporary range must be a positive number")
-              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.temporaryRange),
-            temporaryAccessStartTime: z
-              .string()
-              .datetime()
-              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.temporaryAccessStartTime)
-          })
-          .partial()
-      }),
-      response: {
-        200: z.object({
-          privilege: SanitizedIdentityPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const updatedInfo = req.body.privilegeDetails;
-      const privilege = await server.services.identityProjectAdditionalPrivilege.updateBySlug({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        slug: req.body.privilegeSlug,
-        identityId: req.body.identityId,
-        projectSlug: req.body.projectSlug,
-        data: {
-          ...updatedInfo,
-          permissions: updatedInfo?.permissions ? JSON.stringify(packRules(updatedInfo.permissions)) : undefined
-        }
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Delete a specific privilege of an identity.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      body: z.object({
-        privilegeSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.DELETE.slug),
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.DELETE.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.DELETE.projectSlug)
-      }),
-      response: {
-        200: z.object({
-          privilege: SanitizedIdentityPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const privilege = await server.services.identityProjectAdditionalPrivilege.deleteBySlug({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        slug: req.body.privilegeSlug,
-        identityId: req.body.identityId,
-        projectSlug: req.body.projectSlug
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/:privilegeSlug",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Retrieve details of a specific privilege by privilege slug.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      params: z.object({
-        privilegeSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.GET_BY_SLUG.slug)
-      }),
-      querystring: z.object({
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.GET_BY_SLUG.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.GET_BY_SLUG.projectSlug)
-      }),
-      response: {
-        200: z.object({
-          privilege: SanitizedIdentityPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const privilege = await server.services.identityProjectAdditionalPrivilege.getPrivilegeDetailsBySlug({
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        slug: req.params.privilegeSlug,
-        ...req.query
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "List of a specific privilege of an identity in a project.",
-      security: [
-        {
-          bearerAuth: []
-        }
-      ],
-      querystring: z.object({
-        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.LIST.identityId),
-        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.LIST.projectSlug)
-      }),
-      response: {
-        200: z.object({
-          privileges: SanitizedIdentityPrivilegeSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const privileges = await server.services.identityProjectAdditionalPrivilege.listIdentityProjectPrivileges({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ...req.query
-      });
-      return {
-        privileges
-      };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/index.ts
+++ b/backend/src/ee/routes/v1/index.ts
@ -1,10 +1,3 @@
-import { registerAccessApprovalPolicyRouter } from "./access-approval-policy-router";
-import { registerAccessApprovalRequestRouter } from "./access-approval-request-router";
-import { registerAuditLogStreamRouter } from "./audit-log-stream-router";
-import { registerDynamicSecretLeaseRouter } from "./dynamic-secret-lease-router";
-import { registerDynamicSecretRouter } from "./dynamic-secret-router";
-import { registerGroupRouter } from "./group-router";
-import { registerIdentityProjectAdditionalPrivilegeRouter } from "./identity-project-additional-privilege-router";
 import { registerLdapRouter } from "./ldap-router";
 import { registerLicenseRouter } from "./license-router";
 import { registerOrgRoleRouter } from "./org-role-router";
@ -20,7 +13,6 @@ import { registerSecretScanningRouter } from "./secret-scanning-router";
 import { registerSecretVersionRouter } from "./secret-version-router";
 import { registerSnapshotRouter } from "./snapshot-router";
 import { registerTrustedIpRouter } from "./trusted-ip-router";
-import { registerUserAdditionalPrivilegeRouter } from "./user-additional-privilege-router";

 export const registerV1EERoutes = async (server: FastifyZodProvider) => {
  // org role starts with organization
@ -42,31 +34,10 @@ export const registerV1EERoutes = async (server: FastifyZodProvider) => {
  await server.register(registerSecretRotationProviderRouter, {
    prefix: "/secret-rotation-providers"
  });
-
-  await server.register(registerAccessApprovalPolicyRouter, { prefix: "/access-approvals/policies" });
-  await server.register(registerAccessApprovalRequestRouter, { prefix: "/access-approvals/requests" });
-
-  await server.register(
-    async (dynamicSecretRouter) => {
-      await dynamicSecretRouter.register(registerDynamicSecretRouter);
-      await dynamicSecretRouter.register(registerDynamicSecretLeaseRouter, { prefix: "/leases" });
-    },
-    { prefix: "/dynamic-secrets" }
-  );
-
  await server.register(registerSamlRouter, { prefix: "/sso" });
  await server.register(registerScimRouter, { prefix: "/scim" });
  await server.register(registerLdapRouter, { prefix: "/ldap" });
  await server.register(registerSecretScanningRouter, { prefix: "/secret-scanning" });
  await server.register(registerSecretRotationRouter, { prefix: "/secret-rotations" });
  await server.register(registerSecretVersionRouter, { prefix: "/secret" });
-  await server.register(registerGroupRouter, { prefix: "/groups" });
-  await server.register(registerAuditLogStreamRouter, { prefix: "/audit-log-streams" });
-  await server.register(
-    async (privilegeRouter) => {
-      await privilegeRouter.register(registerUserAdditionalPrivilegeRouter, { prefix: "/users" });
-      await privilegeRouter.register(registerIdentityProjectAdditionalPrivilegeRouter, { prefix: "/identity" });
-    },
-    { prefix: "/additional-privilege" }
-  );
 };
--- a/backend/src/ee/routes/v1/ldap-router.ts
+++ b/backend/src/ee/routes/v1/ldap-router.ts
@ -14,13 +14,9 @@ import { FastifyRequest } from "fastify";
 import LdapStrategy from "passport-ldapauth";
 import { z } from "zod";

-import { LdapConfigsSchema, LdapGroupMapsSchema } from "@app/db/schemas";
-import { TLDAPConfig } from "@app/ee/services/ldap-config/ldap-config-types";
-import { isValidLdapFilter, searchGroups } from "@app/ee/services/ldap-config/ldap-fns";
+import { LdapConfigsSchema } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
-import { BadRequestError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -53,39 +49,20 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
      // eslint-disable-next-line
      async (req: IncomingMessage, user, cb) => {
        try {
-          if (!user.email) throw new BadRequestError({ message: "Invalid request. Missing email." });
-          const ldapConfig = (req as unknown as FastifyRequest).ldapConfig as TLDAPConfig;
-
-          let groups: { dn: string; cn: string }[] | undefined;
-          if (ldapConfig.groupSearchBase) {
-            const groupFilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))";
-            const groupSearchFilter = (ldapConfig.groupSearchFilter || groupFilter)
-              .replace(/{{\.Username}}/g, user.uid)
-              .replace(/{{\.UserDN}}/g, user.dn);
-
-            if (!isValidLdapFilter(groupSearchFilter)) {
-              throw new Error("Generated LDAP search filter is invalid.");
-            }
-
-            groups = await searchGroups(ldapConfig, groupSearchFilter, ldapConfig.groupSearchBase);
-          }
-
          const { isUserCompleted, providerAuthToken } = await server.services.ldap.ldapLogin({
-            ldapConfigId: ldapConfig.id,
            externalId: user.uidNumber,
            username: user.uid,
-            firstName: user.givenName ?? user.cn ?? "",
-            lastName: user.sn ?? "",
-            email: user.mail,
-            groups,
+            firstName: user.givenName,
+            lastName: user.sn,
+            emails: user.mail ? [user.mail] : [],
            relayState: ((req as unknown as FastifyRequest).body as { RelayState?: string }).RelayState,
            orgId: (req as unknown as FastifyRequest).ldapConfig.organization
          });

          return cb(null, { isUserCompleted, providerAuthToken });
-        } catch (error) {
-          logger.error(error);
-          return cb(error, false);
+        } catch (err) {
+          logger.error(err);
+          return cb(err, false);
        }
      }
    )
@ -120,11 +97,8 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/config",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      querystring: z.object({
@ -139,9 +113,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
          bindDN: z.string(),
          bindPass: z.string(),
          searchBase: z.string(),
-          searchFilter: z.string(),
-          groupSearchBase: z.string(),
-          groupSearchFilter: z.string(),
          caCert: z.string()
        })
      }
@ -151,7 +122,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorId: req.permission.id,
        orgId: req.query.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId
      });
      return ldap;
@ -159,11 +129,8 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/config",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      body: z.object({
@ -173,12 +140,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
        bindDN: z.string().trim(),
        bindPass: z.string().trim(),
        searchBase: z.string().trim(),
-        searchFilter: z.string().trim().default("(uid={{username}})"),
-        groupSearchBase: z.string().trim(),
-        groupSearchFilter: z
-          .string()
-          .trim()
-          .default("(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"),
        caCert: z.string().trim().default("")
      }),
      response: {
@ -190,7 +151,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorId: req.permission.id,
        orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        ...req.body
      });
@ -202,9 +162,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/config",
    method: "PATCH",
-    config: {
-      rateLimit: writeLimit
-    },
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      body: z
@ -214,9 +171,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
          bindDN: z.string().trim(),
          bindPass: z.string().trim(),
          searchBase: z.string().trim(),
-          searchFilter: z.string().trim(),
-          groupSearchBase: z.string().trim(),
-          groupSearchFilter: z.string().trim(),
          caCert: z.string().trim()
        })
        .partial()
@ -230,7 +184,6 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorId: req.permission.id,
        orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        ...req.body
      });
@ -238,134 +191,4 @@ export const registerLdapRouter = async (server: FastifyZodProvider) => {
      return ldap;
    }
  });
-
-  server.route({
-    method: "GET",
-    url: "/config/:configId/group-maps",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        configId: z.string().trim()
-      }),
-      response: {
-        200: z.array(
-          z.object({
-            id: z.string(),
-            ldapConfigId: z.string(),
-            ldapGroupCN: z.string(),
-            group: z.object({
-              id: z.string(),
-              name: z.string(),
-              slug: z.string()
-            })
-          })
-        )
-      }
-    },
-    handler: async (req) => {
-      const ldapGroupMaps = await server.services.ldap.getLdapGroupMaps({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        orgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ldapConfigId: req.params.configId
-      });
-      return ldapGroupMaps;
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/config/:configId/group-maps",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        configId: z.string().trim()
-      }),
-      body: z.object({
-        ldapGroupCN: z.string().trim(),
-        groupSlug: z.string().trim()
-      }),
-      response: {
-        200: LdapGroupMapsSchema
-      }
-    },
-    handler: async (req) => {
-      const ldapGroupMap = await server.services.ldap.createLdapGroupMap({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        orgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ldapConfigId: req.params.configId,
-        ...req.body
-      });
-      return ldapGroupMap;
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/config/:configId/group-maps/:groupMapId",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        configId: z.string().trim(),
-        groupMapId: z.string().trim()
-      }),
-      response: {
-        200: LdapGroupMapsSchema
-      }
-    },
-    handler: async (req) => {
-      const ldapGroupMap = await server.services.ldap.deleteLdapGroupMap({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        orgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ldapConfigId: req.params.configId,
-        ldapGroupMapId: req.params.groupMapId
-      });
-      return ldapGroupMap;
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/config/:configId/test-connection",
-    config: {
-      rateLimit: readLimit
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    schema: {
-      params: z.object({
-        configId: z.string().trim()
-      }),
-      response: {
-        200: z.boolean()
-      }
-    },
-    handler: async (req) => {
-      const result = await server.services.ldap.testLDAPConnection({
-        actor: req.permission.type,
-        actorId: req.permission.id,
-        orgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        actorOrgId: req.permission.orgId,
-        ldapConfigId: req.params.configId
-      });
-      return result;
-    }
-  });
 };
--- a/backend/src/ee/routes/v1/license-router.ts
+++ b/backend/src/ee/routes/v1/license-router.ts
@ -3,17 +3,13 @@
 // TODO(akhilmhdh): Fix this when licence service gets it type
 import { z } from "zod";

-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/:organizationId/plans/table",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      querystring: z.object({ billingCycle: z.enum(["monthly", "yearly"]) }),
      params: z.object({ organizationId: z.string().trim() }),
@ -28,7 +24,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        billingCycle: req.query.billingCycle
      });
      return data;
@ -36,11 +31,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/plan",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -53,7 +45,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return { plan };
@ -61,11 +52,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/plans",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      querystring: z.object({ workspaceId: z.string().trim().optional() }),
@ -78,8 +66,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
      const data = await server.services.license.getOrgPlan({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -87,11 +73,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/:organizationId/session/trial",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      body: z.object({ success_url: z.string().trim() }),
@ -106,7 +89,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        success_url: req.body.success_url
      });
      return data;
@ -116,9 +98,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/:organizationId/customer-portal-session",
    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -131,7 +110,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -139,11 +117,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/plan/billing",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -156,7 +131,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -164,11 +138,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/plan/table",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -181,7 +152,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -189,11 +159,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/billing-details",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -206,7 +173,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -214,11 +180,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "PATCH",
    url: "/:organizationId/billing-details",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "PATCH",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      body: z.object({
@ -235,7 +198,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId,
        name: req.body.name,
        email: req.body.email
@ -245,11 +207,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/billing-details/payment-methods",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -262,7 +221,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
@ -270,11 +228,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/:organizationId/billing-details/payment-methods",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      body: z.object({
@ -291,7 +246,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId,
        success_url: req.body.success_url,
        cancel_url: req.body.cancel_url
@ -301,11 +255,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "DELETE",
    url: "/:organizationId/billing-details/payment-methods/:pmtMethodId",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "DELETE",
    schema: {
      params: z.object({
        organizationId: z.string().trim(),
@ -320,7 +271,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
      const data = await server.services.license.delOrgPmtMethods({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
        pmtMethodId: req.params.pmtMethodId
@ -330,11 +280,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/billing-details/tax-ids",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -348,7 +295,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
      const data = await server.services.license.getOrgTaxIds({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId
      });
@ -357,11 +303,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/:organizationId/billing-details/tax-ids",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -379,7 +322,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
      const data = await server.services.license.addOrgTaxId({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
        type: req.body.type,
@ -390,11 +332,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "DELETE",
    url: "/:organizationId/billing-details/tax-ids/:taxId",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "DELETE",
    schema: {
      params: z.object({
        organizationId: z.string().trim(),
@ -409,7 +348,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
      const data = await server.services.license.delOrgTaxId({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
        taxId: req.params.taxId
@ -419,11 +357,8 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/invoices",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -438,19 +373,15 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        orgId: req.params.organizationId,
-        actorAuthMethod: req.permission.authMethod
+        orgId: req.params.organizationId
      });
      return data;
    }
  });

  server.route({
-    method: "GET",
    url: "/:organizationId/licenses",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -465,7 +396,6 @@ export const registerLicenseRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actor: req.permission.type,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.params.organizationId
      });
      return data;
--- a/backend/src/ee/routes/v1/org-role-router.ts
+++ b/backend/src/ee/routes/v1/org-role-router.ts
@ -2,7 +2,6 @@ import slugify from "@sindresorhus/slugify";
 import { z } from "zod";

 import { OrgMembershipRole, OrgMembershipsSchema, OrgRolesSchema } from "@app/db/schemas";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -10,9 +9,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "POST",
    url: "/:organizationId/roles",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -23,7 +19,7 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
          .min(1)
          .trim()
          .refine(
-            (val) => !Object.keys(OrgMembershipRole).includes(val),
+            (val) => Object.keys(OrgMembershipRole).includes(val),
            "Please choose a different slug, the slug you have entered is reserved"
          )
          .refine((v) => slugify(v) === v, {
@ -45,7 +41,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
        req.permission.id,
        req.params.organizationId,
        req.body,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -55,9 +50,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "PATCH",
    url: "/:organizationId/roles/:roleId",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        organizationId: z.string().trim(),
@ -92,7 +84,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
        req.params.organizationId,
        req.params.roleId,
        req.body,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -102,9 +93,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "DELETE",
    url: "/:organizationId/roles/:roleId",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        organizationId: z.string().trim(),
@ -122,7 +110,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
        req.permission.id,
        req.params.organizationId,
        req.params.roleId,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -132,9 +119,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:organizationId/roles",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -154,7 +138,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
      const roles = await server.services.orgRole.listRoles(
        req.permission.id,
        req.params.organizationId,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { data: { roles } };
@ -164,9 +147,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:organizationId/permissions",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        organizationId: z.string().trim()
@ -183,7 +163,6 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
      const { permissions, membership } = await server.services.orgRole.getUserPermission(
        req.permission.id,
        req.params.organizationId,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { permissions, membership };
--- a/backend/src/ee/routes/v1/project-role-router.ts
+++ b/backend/src/ee/routes/v1/project-role-router.ts
@ -1,7 +1,6 @@
 import { z } from "zod";

 import { ProjectMembershipsSchema, ProjectRolesSchema } from "@app/db/schemas";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -9,9 +8,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "POST",
    url: "/:projectId/roles",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        projectId: z.string().trim()
@ -35,7 +31,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        req.permission.id,
        req.params.projectId,
        req.body,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -45,9 +40,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "PATCH",
    url: "/:projectId/roles/:roleId",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        projectId: z.string().trim(),
@ -73,7 +65,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        req.params.projectId,
        req.params.roleId,
        req.body,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -83,9 +74,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "DELETE",
    url: "/:projectId/roles/:roleId",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        projectId: z.string().trim(),
@ -104,7 +92,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        req.permission.id,
        req.params.projectId,
        req.params.roleId,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { role };
@ -114,9 +101,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:projectId/roles",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        projectId: z.string().trim()
@ -137,7 +121,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        req.permission.type,
        req.permission.id,
        req.params.projectId,
-        req.permission.authMethod,
        req.permission.orgId
      );
      return { data: { roles } };
@ -147,9 +130,6 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:projectId/permissions",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        projectId: z.string().trim()
@ -157,13 +137,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
      response: {
        200: z.object({
          data: z.object({
-            membership: ProjectMembershipsSchema.extend({
-              roles: z
-                .object({
-                  role: z.string()
-                })
-                .array()
-            }),
+            membership: ProjectMembershipsSchema,
            permissions: z.any().array()
          })
        })
@ -174,10 +148,8 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
      const { permissions, membership } = await server.services.projectRole.getUserPermission(
        req.permission.id,
        req.params.projectId,
-        req.permission.authMethod,
        req.permission.orgId
      );
-
      return { data: { permissions, membership } };
    }
  });
--- a/backend/src/ee/routes/v1/project-router.ts
+++ b/backend/src/ee/routes/v1/project-router.ts
@ -3,8 +3,7 @@ import { z } from "zod";
 import { AuditLogsSchema, SecretSnapshotsSchema } from "@app/db/schemas";
 import { EventType, UserAgentType } from "@app/ee/services/audit-log/audit-log-types";
 import { AUDIT_LOGS, PROJECTS } from "@app/lib/api-docs";
-import { getLastMidnightDateISO, removeTrailingSlash } from "@app/lib/fn";
-import { readLimit } from "@app/server/config/rateLimiter";
+import { removeTrailingSlash } from "@app/lib/fn";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -12,13 +11,11 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:workspaceId/secret-snapshots",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      description: "Return project secret snapshots ids",
      security: [
        {
+          apiKeyAuth: [],
          bearerAuth: []
        }
      ],
@ -41,7 +38,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
    handler: async (req) => {
      const secretSnapshots = await server.services.snapshot.listSnapshots({
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        projectId: req.params.workspaceId,
@ -54,9 +50,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:workspaceId/secret-snapshots/count",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        workspaceId: z.string().trim()
@ -76,7 +69,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      const count = await server.services.snapshot.projectSecretSnapshotCount({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.params.workspaceId,
        environment: req.query.environment,
@ -89,14 +81,12 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:workspaceId/audit-logs",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      description: "Return audit logs",
      security: [
        {
-          bearerAuth: []
+          bearerAuth: [],
+          apiKeyAuth: []
        }
      ],
      params: z.object({
@ -140,10 +130,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      const auditLogs = await server.services.auditLog.listProjectAuditLogs({
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        projectId: req.params.workspaceId,
        ...req.query,
-        startDate: req.query.endDate || getLastMidnightDateISO(),
        auditLogActor: req.query.actor,
        actor: req.permission.type
      });
@ -154,9 +142,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:workspaceId/audit-logs/filters/actors",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        workspaceId: z.string().trim()
--- a/backend/src/ee/routes/v1/saml-router.ts
+++ b/backend/src/ee/routes/v1/saml-router.ts
@ -17,7 +17,6 @@ import { SamlProviders, TGetSamlCfgDTO } from "@app/ee/services/saml-config/saml
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -102,12 +101,12 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
          if (!profile) throw new BadRequestError({ message: "Missing profile" });
          const email = profile?.email ?? (profile?.emailAddress as string); // emailRippling is added because in Rippling the field `email` reserved

-          if (!email || !profile.firstName) {
+          if (!profile.email || !profile.firstName) {
            throw new BadRequestError({ message: "Invalid request. Missing email or first name" });
          }

          const { isUserCompleted, providerAuthToken } = await server.services.saml.samlLogin({
-            externalId: profile.nameID,
+            username: profile.nameID ?? email,
            email,
            firstName: profile.firstName as string,
            lastName: profile.lastName as string,
@ -204,11 +203,8 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "GET",
    url: "/config",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      querystring: z.object({
@ -235,7 +231,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
        actor: req.permission.type,
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
        orgId: req.query.organizationId,
        type: "org"
      });
@ -244,11 +239,8 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/config",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      body: z.object({
@ -267,7 +259,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
      const saml = await server.services.saml.createSamlCfg({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.body.organizationId,
        ...req.body
@ -277,11 +268,8 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "PATCH",
    url: "/config",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "PATCH",
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      body: z
@ -302,7 +290,6 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
      const saml = await server.services.saml.updateSamlCfg({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.body.organizationId,
        ...req.body
--- a/backend/src/ee/routes/v1/scim-router.ts
+++ b/backend/src/ee/routes/v1/scim-router.ts
@ -1,7 +1,6 @@
 import { z } from "zod";

 import { ScimTokensSchema } from "@app/db/schemas";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -21,9 +20,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/scim-tokens",
    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      body: z.object({
@ -43,7 +39,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        orgId: req.body.organizationId,
-        actorAuthMethod: req.permission.authMethod,
        description: req.body.description,
        ttlDays: req.body.ttlDays
      });
@ -55,9 +50,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/scim-tokens",
    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      querystring: z.object({
@ -73,7 +65,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      const scimTokens = await server.services.scim.listScimTokens({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.query.organizationId
      });
@ -85,9 +76,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/scim-tokens/:scimTokenId",
    method: "DELETE",
-    config: {
-      rateLimit: writeLimit
-    },
    onRequest: verifyAuth([AuthMode.JWT]),
    schema: {
      params: z.object({
@ -104,7 +92,6 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        scimTokenId: req.params.scimTokenId,
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId
      });

@ -153,21 +140,21 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
      const users = await req.server.services.scim.listScimUsers({
-        startIndex: req.query.startIndex,
+        offset: req.query.startIndex,
        limit: req.query.count,
        filter: req.query.filter,
-        orgId: req.permission.orgId
+        orgId: req.permission.orgId as string
      });
      return users;
    }
  });

  server.route({
-    url: "/Users/:orgMembershipId",
+    url: "/Users/:userId",
    method: "GET",
    schema: {
      params: z.object({
-        orgMembershipId: z.string().trim()
+        userId: z.string().trim()
      }),
      response: {
        201: z.object({
@ -193,8 +180,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
      const user = await req.server.services.scim.getScimUser({
-        orgMembershipId: req.params.orgMembershipId,
-        orgId: req.permission.orgId
+        userId: req.params.userId,
+        orgId: req.permission.orgId as string
      });
      return user;
    }
@ -206,7 +193,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    schema: {
      body: z.object({
        schemas: z.array(z.string()),
-        userName: z.string().trim(),
+        userName: z.string().trim().email(),
        name: z.object({
          familyName: z.string().trim(),
          givenName: z.string().trim()
@ -227,7 +214,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        200: z.object({
          schemas: z.array(z.string()),
          id: z.string().trim(),
-          userName: z.string().trim(),
+          userName: z.string().trim().email(),
          name: z.object({
            familyName: z.string().trim(),
            givenName: z.string().trim()
@ -249,11 +236,11 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      const primaryEmail = req.body.emails?.find((email) => email.primary)?.value;

      const user = await req.server.services.scim.createScimUser({
-        externalId: req.body.userName,
+        username: req.body.userName,
        email: primaryEmail,
        firstName: req.body.name.givenName,
        lastName: req.body.name.familyName,
-        orgId: req.permission.orgId
+        orgId: req.permission.orgId as string
      });

      return user;
@ -261,262 +248,26 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    url: "/Users/:orgMembershipId",
-    method: "DELETE",
-    schema: {
-      params: z.object({
-        orgMembershipId: z.string().trim()
-      }),
-      response: {
-        200: z.object({})
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const user = await req.server.services.scim.deleteScimUser({
-        orgMembershipId: req.params.orgMembershipId,
-        orgId: req.permission.orgId
-      });
-
-      return user;
-    }
-  });
-
-  server.route({
-    url: "/Groups",
-    method: "POST",
-    schema: {
-      body: z.object({
-        schemas: z.array(z.string()),
-        displayName: z.string().trim(),
-        members: z
-          .array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          )
-          .optional() // okta-specific
-      }),
-      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z
-            .array(
-              z.object({
-                value: z.string(),
-                display: z.string()
-              })
-            )
-            .optional(),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const group = await req.server.services.scim.createScimGroup({
-        orgId: req.permission.orgId,
-        ...req.body
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/Groups",
-    method: "GET",
-    schema: {
-      querystring: z.object({
-        startIndex: z.coerce.number().default(1),
-        count: z.coerce.number().default(20),
-        filter: z.string().trim().optional()
-      }),
-      response: {
-        200: z.object({
-          Resources: z.array(
-            z.object({
-              schemas: z.array(z.string()),
-              id: z.string().trim(),
-              displayName: z.string().trim(),
-              members: z.array(z.any()).length(0),
-              meta: z.object({
-                resourceType: z.string().trim()
-              })
-            })
-          ),
-          itemsPerPage: z.number(),
-          schemas: z.array(z.string()),
-          startIndex: z.number(),
-          totalResults: z.number()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const groups = await req.server.services.scim.listScimGroups({
-        orgId: req.permission.orgId,
-        startIndex: req.query.startIndex,
-        limit: req.query.count
-      });
-
-      return groups;
-    }
-  });
-
-  server.route({
-    url: "/Groups/:groupId",
-    method: "GET",
-    schema: {
-      params: z.object({
-        groupId: z.string().trim()
-      }),
-      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const group = await req.server.services.scim.getScimGroup({
-        groupId: req.params.groupId,
-        orgId: req.permission.orgId
-      });
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/Groups/:groupId",
-    method: "PUT",
-    schema: {
-      params: z.object({
-        groupId: z.string().trim()
-      }),
-      body: z.object({
-        schemas: z.array(z.string()),
-        id: z.string().trim(),
-        displayName: z.string().trim(),
-        members: z.array(
-          z.object({
-            value: z.string(), // infisical orgMembershipId
-            display: z.string()
-          })
-        )
-      }),
-      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const group = await req.server.services.scim.updateScimGroupNamePut({
-        groupId: req.params.groupId,
-        orgId: req.permission.orgId,
-        ...req.body
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/Groups/:groupId",
+    url: "/Users/:userId",
    method: "PATCH",
    schema: {
      params: z.object({
-        groupId: z.string().trim()
+        userId: z.string().trim()
      }),
      body: z.object({
        schemas: z.array(z.string()),
        Operations: z.array(
-          z.union([
-            z.object({
-              op: z.literal("replace"),
-              value: z.object({
-                id: z.string().trim(),
-                displayName: z.string().trim()
-              })
-            }),
-            z.object({
-              op: z.literal("remove"),
-              path: z.string().trim()
-            }),
-            z.object({
-              op: z.literal("add"),
-              value: z.object({
-                value: z.string().trim(),
-                display: z.string().trim().optional()
-              })
-            })
-          ])
-        )
-      }),
-      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
+          z.object({
+            op: z.string().trim(),
+            path: z.string().trim().optional(),
+            value: z.union([
+              z.object({
+                active: z.boolean()
+              }),
+              z.string().trim()
+            ])
          })
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const group = await req.server.services.scim.updateScimGroupNamePatch({
-        groupId: req.params.groupId,
-        orgId: req.permission.orgId,
-        operations: req.body.Operations
-      });
-
-      return group;
-    }
-  });
-
-  server.route({
-    url: "/Groups/:groupId",
-    method: "DELETE",
-    schema: {
-      params: z.object({
-        groupId: z.string().trim()
+        )
      }),
      response: {
        200: z.object({})
@ -524,21 +275,21 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
-      const group = await req.server.services.scim.deleteScimGroup({
-        groupId: req.params.groupId,
-        orgId: req.permission.orgId
+      const user = await req.server.services.scim.updateScimUser({
+        userId: req.params.userId,
+        orgId: req.permission.orgId as string,
+        operations: req.body.Operations
      });
-
-      return group;
+      return user;
    }
  });

  server.route({
-    url: "/Users/:orgMembershipId",
+    url: "/Users/:userId",
    method: "PUT",
    schema: {
      params: z.object({
-        orgMembershipId: z.string().trim()
+        userId: z.string().trim()
      }),
      body: z.object({
        schemas: z.array(z.string()),
@ -575,8 +326,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
      const user = await req.server.services.scim.replaceScimUser({
-        orgMembershipId: req.params.orgMembershipId,
-        orgId: req.permission.orgId,
+        userId: req.params.userId,
+        orgId: req.permission.orgId as string,
        active: req.body.active
      });
      return user;
--- a/backend/src/ee/routes/v1/secret-approval-policy-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-policy-router.ts
@ -1,7 +1,6 @@
 import { nanoid } from "nanoid";
 import { z } from "zod";

-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { sapPubSchema } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
@ -10,9 +9,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
  server.route({
    url: "/",
    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      body: z
        .object({
@ -38,7 +34,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      const approval = await server.services.secretApprovalPolicy.createSecretApprovalPolicy({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.body.workspaceId,
        ...req.body,
@ -51,9 +46,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
  server.route({
    url: "/:sapId",
    method: "PATCH",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        sapId: z.string()
@ -80,7 +72,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      const approval = await server.services.secretApprovalPolicy.updateSecretApprovalPolicy({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        ...req.body,
        secretPolicyId: req.params.sapId
@ -92,9 +83,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
  server.route({
    url: "/:sapId",
    method: "DELETE",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        sapId: z.string()
@ -110,7 +98,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      const approval = await server.services.secretApprovalPolicy.deleteSecretApprovalPolicy({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        secretPolicyId: req.params.sapId
      });
@ -121,9 +108,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
  server.route({
    url: "/",
    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      querystring: z.object({
        workspaceId: z.string().trim()
@ -139,7 +123,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      const approvals = await server.services.secretApprovalPolicy.getSecretApprovalPolicyByProjectId({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.query.workspaceId
      });
@ -150,9 +133,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
  server.route({
    url: "/board",
    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      querystring: z.object({
        workspaceId: z.string().trim(),
@ -170,7 +150,6 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      const policy = await server.services.secretApprovalPolicy.getSecretApprovalPolicyOfFolder({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.query.workspaceId,
        ...req.query
--- a/backend/src/ee/routes/v1/secret-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-request-router.ts
@ -10,17 +10,13 @@ import {
 } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { ApprovalStatus, RequestState } from "@app/ee/services/secret-approval-request/secret-approval-request-types";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerSecretApprovalRequestRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      querystring: z.object({
        workspaceId: z.string().trim(),
@ -56,7 +52,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const approvals = await server.services.secretApprovalRequest.getSecretApprovals({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        ...req.query,
        projectId: req.query.workspaceId
@ -66,11 +61,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
  });

  server.route({
-    method: "GET",
    url: "/count",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      querystring: z.object({
        workspaceId: z.string().trim()
@ -89,7 +81,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const approvals = await server.services.secretApprovalRequest.requestCount({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.query.workspaceId
      });
@ -100,9 +91,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
  server.route({
    url: "/:id/merge",
    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      params: z.object({
        id: z.string()
@ -118,7 +106,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const { approval } = await server.services.secretApprovalRequest.mergeSecretApprovalRequest({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        approvalId: req.params.id
      });
@ -127,11 +114,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
  });

  server.route({
-    method: "POST",
    url: "/:id/review",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({
        id: z.string()
@ -150,7 +134,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const review = await server.services.secretApprovalRequest.reviewApproval({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        approvalId: req.params.id,
        status: req.body.status
@ -160,11 +143,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
  });

  server.route({
-    method: "POST",
    url: "/:id/status",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({
        id: z.string()
@ -183,7 +163,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const approval = await server.services.secretApprovalRequest.updateApprovalStatus({
        actorId: req.permission.id,
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        approvalId: req.params.id,
        status: req.body.status
@ -219,11 +198,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
    .array()
    .optional();
  server.route({
-    method: "GET",
    url: "/:id",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        id: z.string()
@ -295,7 +271,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
      const approval = await server.services.secretApprovalRequest.getSecretApprovalDetails({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        id: req.params.id
      });
--- a/backend/src/ee/routes/v1/secret-rotation-provider-router.ts
+++ b/backend/src/ee/routes/v1/secret-rotation-provider-router.ts
@ -1,16 +1,12 @@
 import { z } from "zod";

-import { readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerSecretRotationProviderRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/:workspaceId",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        workspaceId: z.string().trim()
@ -34,7 +30,6 @@ export const registerSecretRotationProviderRouter = async (server: FastifyZodPro
      const providers = await server.services.secretRotation.getProviderTemplates({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.params.workspaceId
      });
--- a/backend/src/ee/routes/v1/secret-rotation-router.ts
+++ b/backend/src/ee/routes/v1/secret-rotation-router.ts
@ -2,17 +2,13 @@ import { z } from "zod";

 import { SecretRotationOutputsSchema, SecretRotationsSchema, SecretsSchema } from "@app/db/schemas";
 import { removeTrailingSlash } from "@app/lib/fn";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerSecretRotationRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "POST",
    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      body: z.object({
        workspaceId: z.string().trim(),
@ -43,7 +39,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
    handler: async (req) => {
      const secretRotation = await server.services.secretRotation.createRotation({
        actor: req.permission.type,
-        actorAuthMethod: req.permission.authMethod,
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        ...req.body,
@ -56,9 +51,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
  server.route({
    url: "/restart",
    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      body: z.object({
        id: z.string().trim()
@ -82,7 +74,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
      const secretRotation = await server.services.secretRotation.restartById({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        rotationId: req.body.id
      });
@ -93,9 +84,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
  server.route({
    url: "/",
    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      querystring: z.object({
        workspaceId: z.string().trim()
@ -137,7 +125,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
      const secretRotations = await server.services.secretRotation.getByProjectId({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        projectId: req.query.workspaceId
      });
@ -146,11 +133,8 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
  });

  server.route({
-    method: "DELETE",
    url: "/:id",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "DELETE",
    schema: {
      params: z.object({
        id: z.string().trim()
@ -174,7 +158,6 @@ export const registerSecretRotationRouter = async (server: FastifyZodProvider) =
      const secretRotation = await server.services.secretRotation.deleteById({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        rotationId: req.params.id
      });
--- a/backend/src/ee/routes/v1/secret-scanning-router.ts
+++ b/backend/src/ee/routes/v1/secret-scanning-router.ts
@ -2,17 +2,13 @@ import { z } from "zod";

 import { GitAppOrgSchema, SecretScanningGitRisksSchema } from "@app/db/schemas";
 import { SecretScanningRiskStatus } from "@app/ee/services/secret-scanning/secret-scanning-types";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerSecretScanningRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "POST",
    url: "/create-installation-session/organization",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      body: z.object({ organizationId: z.string().trim() }),
      response: {
@ -26,7 +22,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
      const session = await server.services.secretScanning.createInstallationSession({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.body.organizationId
      });
@ -35,11 +30,8 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
  });

  server.route({
-    method: "POST",
    url: "/link-installation",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      body: z.object({
        installationId: z.string(),
@ -54,7 +46,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
      const { installatedApp } = await server.services.secretScanning.linkInstallationToOrg({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        ...req.body
      });
@ -63,11 +54,8 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
  });

  server.route({
-    method: "GET",
    url: "/installation-status/organization/:organizationId",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -79,7 +67,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
      const appInstallationCompleted = await server.services.secretScanning.getOrgInstallationStatus({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId
      });
@ -90,9 +77,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
  server.route({
    url: "/organization/:organizationId/risks",
    method: "GET",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({ organizationId: z.string().trim() }),
      response: {
@ -104,7 +88,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
      const { risks } = await server.services.secretScanning.getRisksByOrg({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId
      });
@ -113,11 +96,8 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
  });

  server.route({
-    method: "POST",
    url: "/organization/:organizationId/risks/:riskId/status",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({ organizationId: z.string().trim(), riskId: z.string().trim() }),
      body: z.object({ status: z.nativeEnum(SecretScanningRiskStatus) }),
@ -130,7 +110,6 @@ export const registerSecretScanningRouter = async (server: FastifyZodProvider) =
      const { risk } = await server.services.secretScanning.updateRiskStatus({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        orgId: req.params.organizationId,
        riskId: req.params.riskId,
--- a/backend/src/ee/routes/v1/secret-version-router.ts
+++ b/backend/src/ee/routes/v1/secret-version-router.ts
@ -1,17 +1,13 @@
 import { z } from "zod";

 import { SecretVersionsSchema } from "@app/db/schemas";
-import { readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerSecretVersionRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/:secretId/secret-versions",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        secretId: z.string()
@ -31,7 +27,6 @@ export const registerSecretVersionRouter = async (server: FastifyZodProvider) =>
      const secretVersions = await server.services.secret.getSecretVersions({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        limit: req.query.limit,
        offset: req.query.offset,
--- a/backend/src/ee/routes/v1/snapshot-router.ts
+++ b/backend/src/ee/routes/v1/snapshot-router.ts
@ -2,7 +2,6 @@ import { z } from "zod";

 import { SecretSnapshotsSchema, SecretTagsSchema, SecretVersionsSchema } from "@app/db/schemas";
 import { PROJECTS } from "@app/lib/api-docs";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -10,9 +9,6 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "GET",
    url: "/:secretSnapshotId",
-    config: {
-      rateLimit: readLimit
-    },
    schema: {
      params: z.object({
        secretSnapshotId: z.string().trim()
@ -51,7 +47,6 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
      const secretSnapshot = await server.services.snapshot.getSnapshotData({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        id: req.params.secretSnapshotId
      });
@ -62,13 +57,11 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "POST",
    url: "/:secretSnapshotId/rollback",
-    config: {
-      rateLimit: writeLimit
-    },
    schema: {
      description: "Roll back project secrets to those captured in a secret snapshot version.",
      security: [
        {
+          apiKeyAuth: [],
          bearerAuth: []
        }
      ],
@ -86,7 +79,6 @@ export const registerSnapshotRouter = async (server: FastifyZodProvider) => {
      const secretSnapshot = await server.services.snapshot.rollbackSnapshot({
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        id: req.params.secretSnapshotId
      });
--- a/backend/src/ee/routes/v1/trusted-ip-router.ts
+++ b/backend/src/ee/routes/v1/trusted-ip-router.ts
@ -2,17 +2,13 @@ import { z } from "zod";

 import { TrustedIpsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

 export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
  server.route({
-    method: "GET",
    url: "/:workspaceId/trusted-ips",
-    config: {
-      rateLimit: readLimit
-    },
+    method: "GET",
    schema: {
      params: z.object({
        workspaceId: z.string().trim()
@ -26,7 +22,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      const trustedIps = await server.services.trustedIp.listIpsByProjectId({
-        actorAuthMethod: req.permission.authMethod,
        projectId: req.params.workspaceId,
        actor: req.permission.type,
        actorId: req.permission.id,
@ -37,11 +32,8 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "POST",
    url: "/:workspaceId/trusted-ips",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "POST",
    schema: {
      params: z.object({
        workspaceId: z.string().trim()
@ -60,7 +52,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      const { trustedIp, project } = await server.services.trustedIp.addProjectIp({
-        actorAuthMethod: req.permission.authMethod,
        projectId: req.params.workspaceId,
        actor: req.permission.type,
        actorId: req.permission.id,
@ -85,11 +76,8 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "PATCH",
    url: "/:workspaceId/trusted-ips/:trustedIpId",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "PATCH",
    schema: {
      params: z.object({
        workspaceId: z.string().trim(),
@ -111,7 +99,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
        projectId: req.params.workspaceId,
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        trustedIpId: req.params.trustedIpId,
        ...req.body
@ -134,11 +121,8 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
  });

  server.route({
-    method: "DELETE",
    url: "/:workspaceId/trusted-ips/:trustedIpId",
-    config: {
-      rateLimit: writeLimit
-    },
+    method: "DELETE",
    schema: {
      params: z.object({
        workspaceId: z.string().trim(),
@ -156,7 +140,6 @@ export const registerTrustedIpRouter = async (server: FastifyZodProvider) => {
        projectId: req.params.workspaceId,
        actor: req.permission.type,
        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
        trustedIpId: req.params.trustedIpId
      });
--- a/backend/src/ee/routes/v1/user-additional-privilege-router.ts
+++ b/backend/src/ee/routes/v1/user-additional-privilege-router.ts
@ -1,256 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import ms from "ms";
-import { z } from "zod";
-
-import { ProjectUserAdditionalPrivilegeSchema } from "@app/db/schemas";
-import { ProjectUserAdditionalPrivilegeTemporaryMode } from "@app/ee/services/project-user-additional-privilege/project-user-additional-privilege-types";
-import { PROJECT_USER_ADDITIONAL_PRIVILEGE } from "@app/lib/api-docs";
-import { alphaNumericNanoId } from "@app/lib/nanoid";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-export const registerUserAdditionalPrivilegeRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    url: "/permanent",
-    method: "POST",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.object({
-        projectMembershipId: z.string().min(1).describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.projectMembershipId),
-        slug: z
-          .string()
-          .min(1)
-          .max(60)
-          .trim()
-          .refine((v) => v.toLowerCase() === v, "Slug must be lowercase")
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid slug"
-          })
-          .optional()
-          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.slug),
-        permissions: z.any().array().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.permissions)
-      }),
-      response: {
-        200: z.object({
-          privilege: ProjectUserAdditionalPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privilege = await server.services.projectUserAdditionalPrivilege.create({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body,
-        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
-        isTemporary: false,
-        permissions: JSON.stringify(req.body.permissions)
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/temporary",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.object({
-        projectMembershipId: z.string().min(1).describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.projectMembershipId),
-        slug: z
-          .string()
-          .min(1)
-          .max(60)
-          .trim()
-          .refine((v) => v.toLowerCase() === v, "Slug must be lowercase")
-          .refine((v) => slugify(v) === v, {
-            message: "Slug must be a valid slug"
-          })
-          .optional()
-          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.slug),
-        permissions: z.any().array().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.permissions),
-        temporaryMode: z
-          .nativeEnum(ProjectUserAdditionalPrivilegeTemporaryMode)
-          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.temporaryMode),
-        temporaryRange: z
-          .string()
-          .refine((val) => ms(val) > 0, "Temporary range must be a positive number")
-          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.temporaryRange),
-        temporaryAccessStartTime: z
-          .string()
-          .datetime()
-          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.temporaryAccessStartTime)
-      }),
-      response: {
-        200: z.object({
-          privilege: ProjectUserAdditionalPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privilege = await server.services.projectUserAdditionalPrivilege.create({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body,
-        slug: req.body.slug ? slugify(req.body.slug) : `privilege-${slugify(alphaNumericNanoId(12))}`,
-        isTemporary: true,
-        permissions: JSON.stringify(req.body.permissions)
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "PATCH",
-    url: "/:privilegeId",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        privilegeId: z.string().min(1).describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.privilegeId)
-      }),
-      body: z
-        .object({
-          slug: z
-            .string()
-            .max(60)
-            .trim()
-            .refine((v) => v.toLowerCase() === v, "Slug must be lowercase")
-            .refine((v) => slugify(v) === v, {
-              message: "Slug must be a valid slug"
-            })
-            .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.slug),
-          permissions: z.any().array().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.permissions),
-          isTemporary: z.boolean().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.isTemporary),
-          temporaryMode: z
-            .nativeEnum(ProjectUserAdditionalPrivilegeTemporaryMode)
-            .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.temporaryMode),
-          temporaryRange: z
-            .string()
-            .refine((val) => ms(val) > 0, "Temporary range must be a positive number")
-            .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.temporaryRange),
-          temporaryAccessStartTime: z
-            .string()
-            .datetime()
-            .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.temporaryAccessStartTime)
-        })
-        .partial(),
-      response: {
-        200: z.object({
-          privilege: ProjectUserAdditionalPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privilege = await server.services.projectUserAdditionalPrivilege.updateById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        ...req.body,
-        permissions: req.body.permissions ? JSON.stringify(req.body.permissions) : undefined,
-        privilegeId: req.params.privilegeId
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:privilegeId",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      params: z.object({
-        privilegeId: z.string().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.DELETE.privilegeId)
-      }),
-      response: {
-        200: z.object({
-          privilege: ProjectUserAdditionalPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privilege = await server.services.projectUserAdditionalPrivilege.deleteById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        privilegeId: req.params.privilegeId
-      });
-      return { privilege };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      querystring: z.object({
-        projectMembershipId: z.string().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.LIST.projectMembershipId)
-      }),
-      response: {
-        200: z.object({
-          privileges: ProjectUserAdditionalPrivilegeSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privileges = await server.services.projectUserAdditionalPrivilege.listPrivileges({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        projectMembershipId: req.query.projectMembershipId
-      });
-      return { privileges };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/:privilegeId",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        privilegeId: z.string().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.GET_BY_PRIVILEGEID.privilegeId)
-      }),
-      response: {
-        200: z.object({
-          privilege: ProjectUserAdditionalPrivilegeSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const privilege = await server.services.projectUserAdditionalPrivilege.getPrivilegeDetailsById({
-        actorId: req.permission.id,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        actorAuthMethod: req.permission.authMethod,
-        privilegeId: req.params.privilegeId
-      });
-      return { privilege };
-    }
-  });
-};
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-approver-dal.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-approver-dal.ts
@ -1,10 +0,0 @@
-import { TDbClient } from "@app/db";
-import { TableName } from "@app/db/schemas";
-import { ormify } from "@app/lib/knex";
-
-export type TAccessApprovalPolicyApproverDALFactory = ReturnType<typeof accessApprovalPolicyApproverDALFactory>;
-
-export const accessApprovalPolicyApproverDALFactory = (db: TDbClient) => {
-  const accessApprovalPolicyApproverOrm = ormify(db, TableName.AccessApprovalPolicyApprover);
-  return { ...accessApprovalPolicyApproverOrm };
-};
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-dal.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-dal.ts
@ -1,76 +0,0 @@
-import { Knex } from "knex";
-
-import { TDbClient } from "@app/db";
-import { TableName, TAccessApprovalPolicies } from "@app/db/schemas";
-import { DatabaseError } from "@app/lib/errors";
-import { buildFindFilter, mergeOneToManyRelation, ormify, selectAllTableCols, TFindFilter } from "@app/lib/knex";
-
-export type TAccessApprovalPolicyDALFactory = ReturnType<typeof accessApprovalPolicyDALFactory>;
-
-export const accessApprovalPolicyDALFactory = (db: TDbClient) => {
-  const accessApprovalPolicyOrm = ormify(db, TableName.AccessApprovalPolicy);
-
-  const accessApprovalPolicyFindQuery = async (tx: Knex, filter: TFindFilter<TAccessApprovalPolicies>) => {
-    const result = await tx(TableName.AccessApprovalPolicy)
-      // eslint-disable-next-line
-      .where(buildFindFilter(filter))
-      .join(TableName.Environment, `${TableName.AccessApprovalPolicy}.envId`, `${TableName.Environment}.id`)
-      .join(
-        TableName.AccessApprovalPolicyApprover,
-        `${TableName.AccessApprovalPolicy}.id`,
-        `${TableName.AccessApprovalPolicyApprover}.policyId`
-      )
-      .select(tx.ref("approverId").withSchema(TableName.AccessApprovalPolicyApprover))
-      .select(tx.ref("name").withSchema(TableName.Environment).as("envName"))
-      .select(tx.ref("slug").withSchema(TableName.Environment).as("envSlug"))
-      .select(tx.ref("id").withSchema(TableName.Environment).as("envId"))
-      .select(tx.ref("projectId").withSchema(TableName.Environment))
-      .select(selectAllTableCols(TableName.AccessApprovalPolicy));
-
-    return result;
-  };
-
-  const findById = async (id: string, tx?: Knex) => {
-    try {
-      const doc = await accessApprovalPolicyFindQuery(tx || db, {
-        [`${TableName.AccessApprovalPolicy}.id` as "id"]: id
-      });
-      const formatedDoc = mergeOneToManyRelation(
-        doc,
-        "id",
-        ({ approverId, envId, envName: name, envSlug: slug, ...el }) => ({
-          ...el,
-          envId,
-          environment: { id: envId, name, slug }
-        }),
-        ({ approverId }) => approverId,
-        "approvers"
-      );
-      return formatedDoc?.[0];
-    } catch (error) {
-      throw new DatabaseError({ error, name: "FindById" });
-    }
-  };
-
-  const find = async (filter: TFindFilter<TAccessApprovalPolicies & { projectId: string }>, tx?: Knex) => {
-    try {
-      const docs = await accessApprovalPolicyFindQuery(tx || db, filter);
-      const formatedDoc = mergeOneToManyRelation(
-        docs,
-        "id",
-        ({ approverId, envId, envName: name, envSlug: slug, ...el }) => ({
-          ...el,
-          envId,
-          environment: { id: envId, name, slug }
-        }),
-        ({ approverId }) => approverId,
-        "approvers"
-      );
-      return formatedDoc.map((policy) => ({ ...policy, secretPath: policy.secretPath || undefined }));
-    } catch (error) {
-      throw new DatabaseError({ error, name: "Find" });
-    }
-  };
-
-  return { ...accessApprovalPolicyOrm, find, findById };
-};
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-fns.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-fns.ts
@ -1,36 +0,0 @@
-import { ForbiddenError, subject } from "@casl/ability";
-
-import { BadRequestError } from "@app/lib/errors";
-import { ActorType } from "@app/services/auth/auth-type";
-
-import { ProjectPermissionActions, ProjectPermissionSub } from "../permission/project-permission";
-import { TVerifyApprovers } from "./access-approval-policy-types";
-
-export const verifyApprovers = async ({
-  userIds,
-  projectId,
-  orgId,
-  envSlug,
-  actorAuthMethod,
-  secretPath,
-  permissionService
-}: TVerifyApprovers) => {
-  for await (const userId of userIds) {
-    try {
-      const { permission: approverPermission } = await permissionService.getProjectPermission(
-        ActorType.USER,
-        userId,
-        projectId,
-        actorAuthMethod,
-        orgId
-      );
-
-      ForbiddenError.from(approverPermission).throwUnlessCan(
-        ProjectPermissionActions.Create,
-        subject(ProjectPermissionSub.Secrets, { environment: envSlug, secretPath })
-      );
-    } catch (err) {
-      throw new BadRequestError({ message: "One or more approvers doesn't have access to be specified secret path" });
-    }
-  }
-};
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-service.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-service.ts
@ -1,273 +0,0 @@
-import { ForbiddenError } from "@casl/ability";
-
-import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
-import { BadRequestError } from "@app/lib/errors";
-import { TProjectDALFactory } from "@app/services/project/project-dal";
-import { TProjectEnvDALFactory } from "@app/services/project-env/project-env-dal";
-import { TProjectMembershipDALFactory } from "@app/services/project-membership/project-membership-dal";
-
-import { TAccessApprovalPolicyApproverDALFactory } from "./access-approval-policy-approver-dal";
-import { TAccessApprovalPolicyDALFactory } from "./access-approval-policy-dal";
-import { verifyApprovers } from "./access-approval-policy-fns";
-import {
-  TCreateAccessApprovalPolicy,
-  TDeleteAccessApprovalPolicy,
-  TGetAccessPolicyCountByEnvironmentDTO,
-  TListAccessApprovalPoliciesDTO,
-  TUpdateAccessApprovalPolicy
-} from "./access-approval-policy-types";
-
-type TSecretApprovalPolicyServiceFactoryDep = {
-  projectDAL: TProjectDALFactory;
-  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  accessApprovalPolicyDAL: TAccessApprovalPolicyDALFactory;
-  projectEnvDAL: Pick<TProjectEnvDALFactory, "find" | "findOne">;
-  accessApprovalPolicyApproverDAL: TAccessApprovalPolicyApproverDALFactory;
-  projectMembershipDAL: Pick<TProjectMembershipDALFactory, "find">;
-};
-
-export type TAccessApprovalPolicyServiceFactory = ReturnType<typeof accessApprovalPolicyServiceFactory>;
-
-export const accessApprovalPolicyServiceFactory = ({
-  accessApprovalPolicyDAL,
-  accessApprovalPolicyApproverDAL,
-  permissionService,
-  projectEnvDAL,
-  projectDAL,
-  projectMembershipDAL
-}: TSecretApprovalPolicyServiceFactoryDep) => {
-  const createAccessApprovalPolicy = async ({
-    name,
-    actor,
-    actorId,
-    actorOrgId,
-    secretPath,
-    actorAuthMethod,
-    approvals,
-    approvers,
-    projectSlug,
-    environment
-  }: TCreateAccessApprovalPolicy) => {
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-    if (!project) throw new BadRequestError({ message: "Project not found" });
-
-    if (approvals > approvers.length)
-      throw new BadRequestError({ message: "Approvals cannot be greater than approvers" });
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Create,
-      ProjectPermissionSub.SecretApproval
-    );
-    const env = await projectEnvDAL.findOne({ slug: environment, projectId: project.id });
-    if (!env) throw new BadRequestError({ message: "Environment not found" });
-
-    const secretApprovers = await projectMembershipDAL.find({
-      projectId: project.id,
-      $in: { id: approvers }
-    });
-
-    if (secretApprovers.length !== approvers.length) {
-      throw new BadRequestError({ message: "Approver not found in project" });
-    }
-
-    await verifyApprovers({
-      projectId: project.id,
-      orgId: actorOrgId,
-      envSlug: environment,
-      secretPath,
-      actorAuthMethod,
-      permissionService,
-      userIds: secretApprovers.map((approver) => approver.userId)
-    });
-
-    const accessApproval = await accessApprovalPolicyDAL.transaction(async (tx) => {
-      const doc = await accessApprovalPolicyDAL.create(
-        {
-          envId: env.id,
-          approvals,
-          secretPath,
-          name
-        },
-        tx
-      );
-      await accessApprovalPolicyApproverDAL.insertMany(
-        secretApprovers.map(({ id }) => ({
-          approverId: id,
-          policyId: doc.id
-        })),
-        tx
-      );
-      return doc;
-    });
-    return { ...accessApproval, environment: env, projectId: project.id };
-  };
-
-  const getAccessApprovalPolicyByProjectSlug = async ({
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectSlug
-  }: TListAccessApprovalPoliciesDTO) => {
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-    if (!project) throw new BadRequestError({ message: "Project not found" });
-
-    // Anyone in the project should be able to get the policies.
-    /* const { permission } = */ await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    // ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretApproval);
-
-    const accessApprovalPolicies = await accessApprovalPolicyDAL.find({ projectId: project.id });
-    return accessApprovalPolicies;
-  };
-
-  const updateAccessApprovalPolicy = async ({
-    policyId,
-    approvers,
-    secretPath,
-    name,
-    actorId,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    approvals
-  }: TUpdateAccessApprovalPolicy) => {
-    const accessApprovalPolicy = await accessApprovalPolicyDAL.findById(policyId);
-    if (!accessApprovalPolicy) throw new BadRequestError({ message: "Secret approval policy not found" });
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      accessApprovalPolicy.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
-
-    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SecretApproval);
-
-    const updatedPolicy = await accessApprovalPolicyDAL.transaction(async (tx) => {
-      const doc = await accessApprovalPolicyDAL.updateById(
-        accessApprovalPolicy.id,
-        {
-          approvals,
-          secretPath,
-          name
-        },
-        tx
-      );
-      if (approvers) {
-        // Find the workspace project memberships of the users passed in the approvers array
-        const secretApprovers = await projectMembershipDAL.find(
-          {
-            projectId: accessApprovalPolicy.projectId,
-            $in: { id: approvers }
-          },
-          { tx }
-        );
-
-        await verifyApprovers({
-          projectId: accessApprovalPolicy.projectId,
-          orgId: actorOrgId,
-          envSlug: accessApprovalPolicy.environment.slug,
-          secretPath: doc.secretPath!,
-          actorAuthMethod,
-          permissionService,
-          userIds: secretApprovers.map((approver) => approver.userId)
-        });
-
-        if (secretApprovers.length !== approvers.length)
-          throw new BadRequestError({ message: "Approvals cannot be greater than approvers" });
-        await accessApprovalPolicyApproverDAL.delete({ policyId: doc.id }, tx);
-        await accessApprovalPolicyApproverDAL.insertMany(
-          secretApprovers.map(({ id }) => ({
-            approverId: id,
-            policyId: doc.id
-          })),
-          tx
-        );
-      }
-      return doc;
-    });
-    return {
-      ...updatedPolicy,
-      environment: accessApprovalPolicy.environment,
-      projectId: accessApprovalPolicy.projectId
-    };
-  };
-
-  const deleteAccessApprovalPolicy = async ({
-    policyId,
-    actor,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TDeleteAccessApprovalPolicy) => {
-    const policy = await accessApprovalPolicyDAL.findById(policyId);
-    if (!policy) throw new BadRequestError({ message: "Secret approval policy not found" });
-
-    const { permission } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      policy.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(
-      ProjectPermissionActions.Delete,
-      ProjectPermissionSub.SecretApproval
-    );
-
-    await accessApprovalPolicyDAL.deleteById(policyId);
-    return policy;
-  };
-
-  const getAccessPolicyCountByEnvSlug = async ({
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectSlug,
-    actorId,
-    envSlug
-  }: TGetAccessPolicyCountByEnvironmentDTO) => {
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-
-    if (!project) throw new BadRequestError({ message: "Project not found" });
-
-    const { membership } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    if (!membership) throw new BadRequestError({ message: "User not found in project" });
-
-    const environment = await projectEnvDAL.findOne({ projectId: project.id, slug: envSlug });
-    if (!environment) throw new BadRequestError({ message: "Environment not found" });
-
-    const policies = await accessApprovalPolicyDAL.find({ envId: environment.id, projectId: project.id });
-    if (!policies) throw new BadRequestError({ message: "No policies found" });
-
-    return { count: policies.length };
-  };
-
-  return {
-    getAccessPolicyCountByEnvSlug,
-    createAccessApprovalPolicy,
-    deleteAccessApprovalPolicy,
-    updateAccessApprovalPolicy,
-    getAccessApprovalPolicyByProjectSlug
-  };
-};
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-types.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-types.ts
@ -1,44 +0,0 @@
-import { TProjectPermission } from "@app/lib/types";
-import { ActorAuthMethod } from "@app/services/auth/auth-type";
-
-import { TPermissionServiceFactory } from "../permission/permission-service";
-
-export type TVerifyApprovers = {
-  userIds: string[];
-  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  envSlug: string;
-  actorAuthMethod: ActorAuthMethod;
-  secretPath: string;
-  projectId: string;
-  orgId: string;
-};
-
-export type TCreateAccessApprovalPolicy = {
-  approvals: number;
-  secretPath: string;
-  environment: string;
-  approvers: string[];
-  projectSlug: string;
-  name: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TUpdateAccessApprovalPolicy = {
-  policyId: string;
-  approvals?: number;
-  approvers?: string[];
-  secretPath?: string;
-  name?: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TDeleteAccessApprovalPolicy = {
-  policyId: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TGetAccessPolicyCountByEnvironmentDTO = {
-  envSlug: string;
-  projectSlug: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TListAccessApprovalPoliciesDTO = {
-  projectSlug: string;
-} & Omit<TProjectPermission, "projectId">;
--- a/backend/src/ee/services/access-approval-request/access-approval-request-dal.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-dal.ts
@ -1,266 +0,0 @@
-import { Knex } from "knex";
-
-import { TDbClient } from "@app/db";
-import { AccessApprovalRequestsSchema, TableName, TAccessApprovalRequests } from "@app/db/schemas";
-import { DatabaseError } from "@app/lib/errors";
-import { ormify, selectAllTableCols, sqlNestRelationships, TFindFilter } from "@app/lib/knex";
-
-import { ApprovalStatus } from "./access-approval-request-types";
-
-export type TAccessApprovalRequestDALFactory = ReturnType<typeof accessApprovalRequestDALFactory>;
-
-export const accessApprovalRequestDALFactory = (db: TDbClient) => {
-  const accessApprovalRequestOrm = ormify(db, TableName.AccessApprovalRequest);
-
-  const findRequestsWithPrivilegeByPolicyIds = async (policyIds: string[]) => {
-    try {
-      const docs = await db(TableName.AccessApprovalRequest)
-        .whereIn(`${TableName.AccessApprovalRequest}.policyId`, policyIds)
-
-        .leftJoin(
-          TableName.ProjectUserAdditionalPrivilege,
-          `${TableName.AccessApprovalRequest}.privilegeId`,
-          `${TableName.ProjectUserAdditionalPrivilege}.id`
-        )
-        .leftJoin(
-          TableName.AccessApprovalPolicy,
-          `${TableName.AccessApprovalRequest}.policyId`,
-          `${TableName.AccessApprovalPolicy}.id`
-        )
-
-        .leftJoin(
-          TableName.AccessApprovalRequestReviewer,
-          `${TableName.AccessApprovalRequest}.id`,
-          `${TableName.AccessApprovalRequestReviewer}.requestId`
-        )
-        .leftJoin(
-          TableName.AccessApprovalPolicyApprover,
-          `${TableName.AccessApprovalPolicy}.id`,
-          `${TableName.AccessApprovalPolicyApprover}.policyId`
-        )
-
-        .leftJoin(TableName.Environment, `${TableName.AccessApprovalPolicy}.envId`, `${TableName.Environment}.id`)
-
-        .select(selectAllTableCols(TableName.AccessApprovalRequest))
-        .select(
-          db.ref("id").withSchema(TableName.AccessApprovalPolicy).as("policyId"),
-          db.ref("name").withSchema(TableName.AccessApprovalPolicy).as("policyName"),
-          db.ref("approvals").withSchema(TableName.AccessApprovalPolicy).as("policyApprovals"),
-          db.ref("secretPath").withSchema(TableName.AccessApprovalPolicy).as("policySecretPath"),
-          db.ref("envId").withSchema(TableName.AccessApprovalPolicy).as("policyEnvId")
-        )
-
-        .select(db.ref("approverId").withSchema(TableName.AccessApprovalPolicyApprover))
-
-        .select(
-          db.ref("projectId").withSchema(TableName.Environment),
-          db.ref("slug").withSchema(TableName.Environment).as("envSlug"),
-          db.ref("name").withSchema(TableName.Environment).as("envName")
-        )
-
-        .select(
-          db.ref("member").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerMemberId"),
-          db.ref("status").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerStatus")
-        )
-
-        .select(
-          db
-            .ref("projectMembershipId")
-            .withSchema(TableName.ProjectUserAdditionalPrivilege)
-            .as("privilegeMembershipId"),
-          db.ref("isTemporary").withSchema(TableName.ProjectUserAdditionalPrivilege).as("privilegeIsTemporary"),
-          db.ref("temporaryMode").withSchema(TableName.ProjectUserAdditionalPrivilege).as("privilegeTemporaryMode"),
-          db.ref("temporaryRange").withSchema(TableName.ProjectUserAdditionalPrivilege).as("privilegeTemporaryRange"),
-          db
-            .ref("temporaryAccessStartTime")
-            .withSchema(TableName.ProjectUserAdditionalPrivilege)
-            .as("privilegeTemporaryAccessStartTime"),
-          db
-            .ref("temporaryAccessEndTime")
-            .withSchema(TableName.ProjectUserAdditionalPrivilege)
-            .as("privilegeTemporaryAccessEndTime"),
-
-          db.ref("permissions").withSchema(TableName.ProjectUserAdditionalPrivilege).as("privilegePermissions")
-        )
-        .orderBy(`${TableName.AccessApprovalRequest}.createdAt`, "desc");
-
-      const formattedDocs = sqlNestRelationships({
-        data: docs,
-        key: "id",
-        parentMapper: (doc) => ({
-          ...AccessApprovalRequestsSchema.parse(doc),
-          projectId: doc.projectId,
-          environment: doc.envSlug,
-          environmentName: doc.envName,
-          policy: {
-            id: doc.policyId,
-            name: doc.policyName,
-            approvals: doc.policyApprovals,
-            secretPath: doc.policySecretPath,
-            envId: doc.policyEnvId
-          },
-          privilege: doc.privilegeId
-            ? {
-                membershipId: doc.privilegeMembershipId,
-                isTemporary: doc.privilegeIsTemporary,
-                temporaryMode: doc.privilegeTemporaryMode,
-                temporaryRange: doc.privilegeTemporaryRange,
-                temporaryAccessStartTime: doc.privilegeTemporaryAccessStartTime,
-                temporaryAccessEndTime: doc.privilegeTemporaryAccessEndTime,
-                permissions: doc.privilegePermissions
-              }
-            : null,
-
-          isApproved: !!doc.privilegeId
-        }),
-        childrenMapper: [
-          {
-            key: "reviewerMemberId",
-            label: "reviewers" as const,
-            mapper: ({ reviewerMemberId: member, reviewerStatus: status }) => (member ? { member, status } : undefined)
-          },
-          { key: "approverId", label: "approvers" as const, mapper: ({ approverId }) => approverId }
-        ]
-      });
-
-      if (!formattedDocs) return [];
-
-      return formattedDocs.map((doc) => ({
-        ...doc,
-        policy: { ...doc.policy, approvers: doc.approvers }
-      }));
-    } catch (error) {
-      throw new DatabaseError({ error, name: "FindRequestsWithPrivilege" });
-    }
-  };
-
-  const findQuery = (filter: TFindFilter<TAccessApprovalRequests>, tx: Knex) =>
-    tx(TableName.AccessApprovalRequest)
-      .where(filter)
-      .join(
-        TableName.AccessApprovalPolicy,
-        `${TableName.AccessApprovalRequest}.policyId`,
-        `${TableName.AccessApprovalPolicy}.id`
-      )
-
-      .join(
-        TableName.AccessApprovalPolicyApprover,
-        `${TableName.AccessApprovalPolicy}.id`,
-        `${TableName.AccessApprovalPolicyApprover}.policyId`
-      )
-      .leftJoin(
-        TableName.AccessApprovalRequestReviewer,
-        `${TableName.AccessApprovalRequest}.id`,
-        `${TableName.AccessApprovalRequestReviewer}.requestId`
-      )
-
-      .leftJoin(TableName.Environment, `${TableName.AccessApprovalPolicy}.envId`, `${TableName.Environment}.id`)
-      .select(selectAllTableCols(TableName.AccessApprovalRequest))
-      .select(
-        tx.ref("member").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerMemberId"),
-        tx.ref("status").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerStatus"),
-        tx.ref("id").withSchema(TableName.AccessApprovalPolicy).as("policyId"),
-        tx.ref("name").withSchema(TableName.AccessApprovalPolicy).as("policyName"),
-        tx.ref("projectId").withSchema(TableName.Environment),
-        tx.ref("slug").withSchema(TableName.Environment).as("environment"),
-        tx.ref("secretPath").withSchema(TableName.AccessApprovalPolicy).as("policySecretPath"),
-        tx.ref("approvals").withSchema(TableName.AccessApprovalPolicy).as("policyApprovals"),
-        tx.ref("approverId").withSchema(TableName.AccessApprovalPolicyApprover)
-      );
-
-  const findById = async (id: string, tx?: Knex) => {
-    try {
-      const sql = findQuery({ [`${TableName.AccessApprovalRequest}.id` as "id"]: id }, tx || db);
-      const docs = await sql;
-      const formatedDoc = sqlNestRelationships({
-        data: docs,
-        key: "id",
-        parentMapper: (el) => ({
-          ...AccessApprovalRequestsSchema.parse(el),
-          projectId: el.projectId,
-          environment: el.environment,
-          policy: {
-            id: el.policyId,
-            name: el.policyName,
-            approvals: el.policyApprovals,
-            secretPath: el.policySecretPath
-          }
-        }),
-        childrenMapper: [
-          {
-            key: "reviewerMemberId",
-            label: "reviewers" as const,
-            mapper: ({ reviewerMemberId: member, reviewerStatus: status }) => (member ? { member, status } : undefined)
-          },
-          { key: "approverId", label: "approvers" as const, mapper: ({ approverId }) => approverId }
-        ]
-      });
-      if (!formatedDoc?.[0]) return;
-      return {
-        ...formatedDoc[0],
-        policy: { ...formatedDoc[0].policy, approvers: formatedDoc[0].approvers }
-      };
-    } catch (error) {
-      throw new DatabaseError({ error, name: "FindByIdAccessApprovalRequest" });
-    }
-  };
-
-  const getCount = async ({ projectId }: { projectId: string }) => {
-    try {
-      const accessRequests = await db(TableName.AccessApprovalRequest)
-        .leftJoin(
-          TableName.AccessApprovalPolicy,
-          `${TableName.AccessApprovalRequest}.policyId`,
-          `${TableName.AccessApprovalPolicy}.id`
-        )
-        .leftJoin(TableName.Environment, `${TableName.AccessApprovalPolicy}.envId`, `${TableName.Environment}.id`)
-        .leftJoin(
-          TableName.ProjectUserAdditionalPrivilege,
-          `${TableName.AccessApprovalRequest}.privilegeId`,
-          `${TableName.ProjectUserAdditionalPrivilege}.id`
-        )
-
-        .leftJoin(
-          TableName.AccessApprovalRequestReviewer,
-          `${TableName.AccessApprovalRequest}.id`,
-          `${TableName.AccessApprovalRequestReviewer}.requestId`
-        )
-
-        .where(`${TableName.Environment}.projectId`, projectId)
-        .select(selectAllTableCols(TableName.AccessApprovalRequest))
-        .select(db.ref("status").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerStatus"))
-        .select(db.ref("member").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerMemberId"));
-
-      const formattedRequests = sqlNestRelationships({
-        data: accessRequests,
-        key: "id",
-        parentMapper: (doc) => ({
-          ...AccessApprovalRequestsSchema.parse(doc)
-        }),
-        childrenMapper: [
-          {
-            key: "reviewerMemberId",
-            label: "reviewers" as const,
-            mapper: ({ reviewerMemberId: member, reviewerStatus: status }) => (member ? { member, status } : undefined)
-          }
-        ]
-      });
-
-      // an approval is pending if there is no reviewer rejections and no privilege ID is set
-      const pendingApprovals = formattedRequests.filter(
-        (req) => !req.privilegeId && !req.reviewers.some((r) => r.status === ApprovalStatus.REJECTED)
-      );
-
-      // an approval is finalized if there are any rejections or a privilege ID is set
-      const finalizedApprovals = formattedRequests.filter(
-        (req) => req.privilegeId || req.reviewers.some((r) => r.status === ApprovalStatus.REJECTED)
-      );
-
-      return { pendingCount: pendingApprovals.length, finalizedCount: finalizedApprovals.length };
-    } catch (error) {
-      throw new DatabaseError({ error, name: "GetCountAccessApprovalRequest" });
-    }
-  };
-
-  return { ...accessApprovalRequestOrm, findById, findRequestsWithPrivilegeByPolicyIds, getCount };
-};
--- a/backend/src/ee/services/access-approval-request/access-approval-request-fns.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-fns.ts
@ -1,53 +0,0 @@
-import { PackRule, unpackRules } from "@casl/ability/extra";
-
-import { UnauthorizedError } from "@app/lib/errors";
-
-import { TVerifyPermission } from "./access-approval-request-types";
-
-function filterUnique(value: string, index: number, array: string[]) {
-  return array.indexOf(value) === index;
-}
-
-export const verifyRequestedPermissions = ({ permissions }: TVerifyPermission) => {
-  const permission = unpackRules(
-    permissions as PackRule<{
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      conditions?: Record<string, any>;
-      action: string;
-      subject: [string];
-    }>[]
-  );
-
-  if (!permission || !permission.length) {
-    throw new UnauthorizedError({ message: "No permission provided" });
-  }
-
-  const requestedPermissions: string[] = [];
-
-  for (const p of permission) {
-    if (p.action[0] === "read") requestedPermissions.push("Read Access");
-    if (p.action[0] === "create") requestedPermissions.push("Create Access");
-    if (p.action[0] === "delete") requestedPermissions.push("Delete Access");
-    if (p.action[0] === "edit") requestedPermissions.push("Edit Access");
-  }
-
-  const firstPermission = permission[0];
-
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars, @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access
-  const permissionSecretPath = firstPermission.conditions?.secretPath?.$glob;
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars, @typescript-eslint/no-unsafe-assignment
-  const permissionEnv = firstPermission.conditions?.environment;
-
-  if (!permissionEnv || typeof permissionEnv !== "string") {
-    throw new UnauthorizedError({ message: "Permission environment is not a string" });
-  }
-  if (!permissionSecretPath || typeof permissionSecretPath !== "string") {
-    throw new UnauthorizedError({ message: "Permission path is not a string" });
-  }
-
-  return {
-    envSlug: permissionEnv,
-    secretPath: permissionSecretPath,
-    accessTypes: requestedPermissions.filter(filterUnique)
-  };
-};
--- a/backend/src/ee/services/access-approval-request/access-approval-request-reviewer-dal.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-reviewer-dal.ts
@ -1,10 +0,0 @@
-import { TDbClient } from "@app/db";
-import { TableName } from "@app/db/schemas";
-import { ormify } from "@app/lib/knex";
-
-export type TAccessApprovalRequestReviewerDALFactory = ReturnType<typeof accessApprovalRequestReviewerDALFactory>;
-
-export const accessApprovalRequestReviewerDALFactory = (db: TDbClient) => {
-  const secretApprovalRequestReviewerOrm = ormify(db, TableName.AccessApprovalRequestReviewer);
-  return secretApprovalRequestReviewerOrm;
-};
--- a/backend/src/ee/services/access-approval-request/access-approval-request-service.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-service.ts
@ -1,369 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import ms from "ms";
-
-import { ProjectMembershipRole } from "@app/db/schemas";
-import { getConfig } from "@app/lib/config/env";
-import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
-import { alphaNumericNanoId } from "@app/lib/nanoid";
-import { TProjectDALFactory } from "@app/services/project/project-dal";
-import { TProjectEnvDALFactory } from "@app/services/project-env/project-env-dal";
-import { TProjectMembershipDALFactory } from "@app/services/project-membership/project-membership-dal";
-import { SmtpTemplates, TSmtpService } from "@app/services/smtp/smtp-service";
-import { TUserDALFactory } from "@app/services/user/user-dal";
-
-import { TAccessApprovalPolicyApproverDALFactory } from "../access-approval-policy/access-approval-policy-approver-dal";
-import { TAccessApprovalPolicyDALFactory } from "../access-approval-policy/access-approval-policy-dal";
-import { verifyApprovers } from "../access-approval-policy/access-approval-policy-fns";
-import { TPermissionServiceFactory } from "../permission/permission-service";
-import { TProjectUserAdditionalPrivilegeDALFactory } from "../project-user-additional-privilege/project-user-additional-privilege-dal";
-import { ProjectUserAdditionalPrivilegeTemporaryMode } from "../project-user-additional-privilege/project-user-additional-privilege-types";
-import { TAccessApprovalRequestDALFactory } from "./access-approval-request-dal";
-import { verifyRequestedPermissions } from "./access-approval-request-fns";
-import { TAccessApprovalRequestReviewerDALFactory } from "./access-approval-request-reviewer-dal";
-import {
-  ApprovalStatus,
-  TCreateAccessApprovalRequestDTO,
-  TGetAccessRequestCountDTO,
-  TListApprovalRequestsDTO,
-  TReviewAccessRequestDTO
-} from "./access-approval-request-types";
-
-type TSecretApprovalRequestServiceFactoryDep = {
-  additionalPrivilegeDAL: Pick<TProjectUserAdditionalPrivilegeDALFactory, "create" | "findById">;
-  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  accessApprovalPolicyApproverDAL: Pick<TAccessApprovalPolicyApproverDALFactory, "find">;
-  projectEnvDAL: Pick<TProjectEnvDALFactory, "findOne">;
-  projectDAL: Pick<TProjectDALFactory, "checkProjectUpgradeStatus" | "findProjectBySlug">;
-  accessApprovalRequestDAL: Pick<
-    TAccessApprovalRequestDALFactory,
-    | "create"
-    | "find"
-    | "findRequestsWithPrivilegeByPolicyIds"
-    | "findById"
-    | "transaction"
-    | "updateById"
-    | "findOne"
-    | "getCount"
-  >;
-  accessApprovalPolicyDAL: Pick<TAccessApprovalPolicyDALFactory, "findOne" | "find">;
-  accessApprovalRequestReviewerDAL: Pick<
-    TAccessApprovalRequestReviewerDALFactory,
-    "create" | "find" | "findOne" | "transaction"
-  >;
-  projectMembershipDAL: Pick<TProjectMembershipDALFactory, "findById">;
-  smtpService: Pick<TSmtpService, "sendMail">;
-  userDAL: Pick<TUserDALFactory, "findUserByProjectMembershipId" | "findUsersByProjectMembershipIds">;
-};
-
-export type TAccessApprovalRequestServiceFactory = ReturnType<typeof accessApprovalRequestServiceFactory>;
-
-export const accessApprovalRequestServiceFactory = ({
-  projectDAL,
-  projectEnvDAL,
-  permissionService,
-  accessApprovalRequestDAL,
-  accessApprovalRequestReviewerDAL,
-  projectMembershipDAL,
-  accessApprovalPolicyDAL,
-  accessApprovalPolicyApproverDAL,
-  additionalPrivilegeDAL,
-  smtpService,
-  userDAL
-}: TSecretApprovalRequestServiceFactoryDep) => {
-  const createAccessApprovalRequest = async ({
-    isTemporary,
-    temporaryRange,
-    actorId,
-    permissions: requestedPermissions,
-    actor,
-    actorOrgId,
-    actorAuthMethod,
-    projectSlug
-  }: TCreateAccessApprovalRequestDTO) => {
-    const cfg = getConfig();
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-    if (!project) throw new UnauthorizedError({ message: "Project not found" });
-
-    // Anyone can create an access approval request.
-    const { membership } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    if (!membership) throw new UnauthorizedError({ message: "You are not a member of this project" });
-
-    const requestedByUser = await userDAL.findUserByProjectMembershipId(membership.id);
-    if (!requestedByUser) throw new UnauthorizedError({ message: "User not found" });
-
-    await projectDAL.checkProjectUpgradeStatus(project.id);
-
-    const { envSlug, secretPath, accessTypes } = verifyRequestedPermissions({ permissions: requestedPermissions });
-    const environment = await projectEnvDAL.findOne({ projectId: project.id, slug: envSlug });
-
-    if (!environment) throw new UnauthorizedError({ message: "Environment not found" });
-
-    const policy = await accessApprovalPolicyDAL.findOne({
-      envId: environment.id,
-      secretPath
-    });
-    if (!policy) throw new UnauthorizedError({ message: "No policy matching criteria was found." });
-
-    const approvers = await accessApprovalPolicyApproverDAL.find({
-      policyId: policy.id
-    });
-
-    const approverUsers = await userDAL.findUsersByProjectMembershipIds(
-      approvers.map((approver) => approver.approverId)
-    );
-
-    const duplicateRequests = await accessApprovalRequestDAL.find({
-      policyId: policy.id,
-      requestedBy: membership.id,
-      permissions: JSON.stringify(requestedPermissions),
-      isTemporary
-    });
-
-    if (duplicateRequests?.length > 0) {
-      for await (const duplicateRequest of duplicateRequests) {
-        if (duplicateRequest.privilegeId) {
-          const privilege = await additionalPrivilegeDAL.findById(duplicateRequest.privilegeId);
-
-          const isExpired = new Date() > new Date(privilege.temporaryAccessEndTime || ("" as string));
-
-          if (!isExpired || !privilege.isTemporary) {
-            throw new BadRequestError({ message: "You already have an active privilege with the same criteria" });
-          }
-        } else {
-          const reviewers = await accessApprovalRequestReviewerDAL.find({
-            requestId: duplicateRequest.id
-          });
-
-          const isRejected = reviewers.some((reviewer) => reviewer.status === ApprovalStatus.REJECTED);
-
-          if (!isRejected) {
-            throw new BadRequestError({ message: "You already have a pending access request with the same criteria" });
-          }
-        }
-      }
-    }
-
-    const approval = await accessApprovalRequestDAL.transaction(async (tx) => {
-      const approvalRequest = await accessApprovalRequestDAL.create(
-        {
-          policyId: policy.id,
-          requestedBy: membership.id,
-          temporaryRange: temporaryRange || null,
-          permissions: JSON.stringify(requestedPermissions),
-          isTemporary
-        },
-        tx
-      );
-
-      await smtpService.sendMail({
-        recipients: approverUsers.filter((approver) => approver.email).map((approver) => approver.email!),
-        subjectLine: "Access Approval Request",
-
-        substitutions: {
-          projectName: project.name,
-          requesterFullName: `${requestedByUser.firstName} ${requestedByUser.lastName}`,
-          requesterEmail: requestedByUser.email,
-          isTemporary,
-          ...(isTemporary && {
-            expiresIn: ms(ms(temporaryRange || ""), { long: true })
-          }),
-          secretPath,
-          environment: envSlug,
-          permissions: accessTypes,
-          approvalUrl: `${cfg.SITE_URL}/project/${project.id}/approval`
-        },
-        template: SmtpTemplates.AccessApprovalRequest
-      });
-
-      return approvalRequest;
-    });
-
-    return { request: approval };
-  };
-
-  const listApprovalRequests = async ({
-    projectSlug,
-    authorProjectMembershipId,
-    envSlug,
-    actor,
-    actorOrgId,
-    actorId,
-    actorAuthMethod
-  }: TListApprovalRequestsDTO) => {
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-    if (!project) throw new UnauthorizedError({ message: "Project not found" });
-
-    const { membership } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    if (!membership) throw new UnauthorizedError({ message: "You are not a member of this project" });
-
-    const policies = await accessApprovalPolicyDAL.find({ projectId: project.id });
-    let requests = await accessApprovalRequestDAL.findRequestsWithPrivilegeByPolicyIds(policies.map((p) => p.id));
-
-    if (authorProjectMembershipId) {
-      requests = requests.filter((request) => request.requestedBy === authorProjectMembershipId);
-    }
-
-    if (envSlug) {
-      requests = requests.filter((request) => request.environment === envSlug);
-    }
-
-    return { requests };
-  };
-
-  const reviewAccessRequest = async ({
-    requestId,
-    actor,
-    status,
-    actorId,
-    actorAuthMethod,
-    actorOrgId
-  }: TReviewAccessRequestDTO) => {
-    const accessApprovalRequest = await accessApprovalRequestDAL.findById(requestId);
-    if (!accessApprovalRequest) throw new BadRequestError({ message: "Secret approval request not found" });
-
-    const { policy } = accessApprovalRequest;
-    const { membership, hasRole } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      accessApprovalRequest.projectId,
-      actorAuthMethod,
-      actorOrgId
-    );
-
-    if (!membership) throw new UnauthorizedError({ message: "You are not a member of this project" });
-
-    if (
-      !hasRole(ProjectMembershipRole.Admin) &&
-      accessApprovalRequest.requestedBy !== membership.id && // The request wasn't made by the current user
-      !policy.approvers.find((approverId) => approverId === membership.id) // The request isn't performed by an assigned approver
-    ) {
-      throw new UnauthorizedError({ message: "You are not authorized to approve this request" });
-    }
-
-    const reviewerProjectMembership = await projectMembershipDAL.findById(membership.id);
-
-    await verifyApprovers({
-      projectId: accessApprovalRequest.projectId,
-      orgId: actorOrgId,
-      envSlug: accessApprovalRequest.environment,
-      secretPath: accessApprovalRequest.policy.secretPath!,
-      actorAuthMethod,
-      permissionService,
-      userIds: [reviewerProjectMembership.userId]
-    });
-
-    const existingReviews = await accessApprovalRequestReviewerDAL.find({ requestId: accessApprovalRequest.id });
-    if (existingReviews.some((review) => review.status === ApprovalStatus.REJECTED)) {
-      throw new BadRequestError({ message: "The request has already been rejected by another reviewer" });
-    }
-
-    const reviewStatus = await accessApprovalRequestReviewerDAL.transaction(async (tx) => {
-      const review = await accessApprovalRequestReviewerDAL.findOne(
-        {
-          requestId: accessApprovalRequest.id,
-          member: membership.id
-        },
-        tx
-      );
-      if (!review) {
-        const newReview = await accessApprovalRequestReviewerDAL.create(
-          {
-            status,
-            requestId: accessApprovalRequest.id,
-            member: membership.id
-          },
-          tx
-        );
-
-        const allReviews = [...existingReviews, newReview];
-
-        const approvedReviews = allReviews.filter((r) => r.status === ApprovalStatus.APPROVED);
-
-        // approvals is the required number of approvals. If the number of approved reviews is equal to the number of required approvals, then the request is approved.
-        if (approvedReviews.length === policy.approvals) {
-          if (accessApprovalRequest.isTemporary && !accessApprovalRequest.temporaryRange) {
-            throw new BadRequestError({ message: "Temporary range is required for temporary access" });
-          }
-
-          let privilegeId: string | null = null;
-
-          if (!accessApprovalRequest.isTemporary && !accessApprovalRequest.temporaryRange) {
-            // Permanent access
-            const privilege = await additionalPrivilegeDAL.create(
-              {
-                projectMembershipId: accessApprovalRequest.requestedBy,
-                slug: `requested-privilege-${slugify(alphaNumericNanoId(12))}`,
-                permissions: JSON.stringify(accessApprovalRequest.permissions)
-              },
-              tx
-            );
-            privilegeId = privilege.id;
-          } else {
-            // Temporary access
-            const relativeTempAllocatedTimeInMs = ms(accessApprovalRequest.temporaryRange!);
-            const startTime = new Date();
-
-            const privilege = await additionalPrivilegeDAL.create(
-              {
-                projectMembershipId: accessApprovalRequest.requestedBy,
-                slug: `requested-privilege-${slugify(alphaNumericNanoId(12))}`,
-                permissions: JSON.stringify(accessApprovalRequest.permissions),
-                isTemporary: true,
-                temporaryMode: ProjectUserAdditionalPrivilegeTemporaryMode.Relative,
-                temporaryRange: accessApprovalRequest.temporaryRange!,
-                temporaryAccessStartTime: startTime,
-                temporaryAccessEndTime: new Date(new Date(startTime).getTime() + relativeTempAllocatedTimeInMs)
-              },
-              tx
-            );
-            privilegeId = privilege.id;
-          }
-
-          await accessApprovalRequestDAL.updateById(accessApprovalRequest.id, { privilegeId }, tx);
-        }
-
-        return newReview;
-      }
-      throw new BadRequestError({ message: "You have already reviewed this request" });
-    });
-
-    return reviewStatus;
-  };
-
-  const getCount = async ({ projectSlug, actor, actorAuthMethod, actorId, actorOrgId }: TGetAccessRequestCountDTO) => {
-    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
-    if (!project) throw new UnauthorizedError({ message: "Project not found" });
-
-    const { membership } = await permissionService.getProjectPermission(
-      actor,
-      actorId,
-      project.id,
-      actorAuthMethod,
-      actorOrgId
-    );
-    if (!membership) throw new BadRequestError({ message: "User not found in project" });
-
-    const count = await accessApprovalRequestDAL.getCount({ projectId: project.id });
-
-    return { count };
-  };
-
-  return {
-    createAccessApprovalRequest,
-    listApprovalRequests,
-    reviewAccessRequest,
-    getCount
-  };
-};
--- a/backend/src/ee/services/access-approval-request/access-approval-request-types.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-types.ts
@ -1,33 +0,0 @@
-import { TProjectPermission } from "@app/lib/types";
-
-export enum ApprovalStatus {
-  PENDING = "pending",
-  APPROVED = "approved",
-  REJECTED = "rejected"
-}
-
-export type TVerifyPermission = {
-  permissions: unknown;
-};
-
-export type TGetAccessRequestCountDTO = {
-  projectSlug: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TReviewAccessRequestDTO = {
-  requestId: string;
-  status: ApprovalStatus;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TCreateAccessApprovalRequestDTO = {
-  projectSlug: string;
-  permissions: unknown;
-  isTemporary: boolean;
-  temporaryRange?: string;
-} & Omit<TProjectPermission, "projectId">;
-
-export type TListApprovalRequestsDTO = {
-  projectSlug: string;
-  authorProjectMembershipId?: string;
-  envSlug?: string;
-} & Omit<TProjectPermission, "projectId">;
--- a/backend/src/ee/services/audit-log-stream/audit-log-stream-dal.ts
+++ b/backend/src/ee/services/audit-log-stream/audit-log-stream-dal.ts
@ -1,11 +0,0 @@
-import { TDbClient } from "@app/db";
-import { TableName } from "@app/db/schemas";
-import { ormify } from "@app/lib/knex";
-
-export type TAuditLogStreamDALFactory = ReturnType<typeof auditLogStreamDALFactory>;
-
-export const auditLogStreamDALFactory = (db: TDbClient) => {
-  const orm = ormify(db, TableName.AuditLogStream);
-
-  return orm;
-};
--- a/backend/src/ee/services/audit-log-stream/audit-log-stream-service.ts
+++ b/backend/src/ee/services/audit-log-stream/audit-log-stream-service.ts
@ -1,233 +0,0 @@
-import { ForbiddenError } from "@casl/ability";
-import { RawAxiosRequestHeaders } from "axios";
-
-import { SecretKeyEncoding } from "@app/db/schemas";
-import { request } from "@app/lib/config/request";
-import { infisicalSymmetricDecrypt, infisicalSymmetricEncypt } from "@app/lib/crypto/encryption";
-import { BadRequestError } from "@app/lib/errors";
-import { validateLocalIps } from "@app/lib/validator";
-
-import { AUDIT_LOG_STREAM_TIMEOUT } from "../audit-log/audit-log-queue";
-import { TLicenseServiceFactory } from "../license/license-service";
-import { OrgPermissionActions, OrgPermissionSubjects } from "../permission/org-permission";
-import { TPermissionServiceFactory } from "../permission/permission-service";
-import { TAuditLogStreamDALFactory } from "./audit-log-stream-dal";
-import {
-  LogStreamHeaders,
-  TCreateAuditLogStreamDTO,
-  TDeleteAuditLogStreamDTO,
-  TGetDetailsAuditLogStreamDTO,
-  TListAuditLogStreamDTO,
-  TUpdateAuditLogStreamDTO
-} from "./audit-log-stream-types";
-
-type TAuditLogStreamServiceFactoryDep = {
-  auditLogStreamDAL: TAuditLogStreamDALFactory;
-  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
-};
-
-export type TAuditLogStreamServiceFactory = ReturnType<typeof auditLogStreamServiceFactory>;
-
-export const auditLogStreamServiceFactory = ({
-  auditLogStreamDAL,
-  permissionService,
-  licenseService
-}: TAuditLogStreamServiceFactoryDep) => {
-  const create = async ({
-    url,
-    actor,
-    headers = [],
-    actorId,
-    actorOrgId,
-    actorAuthMethod
-  }: TCreateAuditLogStreamDTO) => {
-    if (!actorOrgId) throw new BadRequestError({ message: "Missing org id from token" });
-
-    const plan = await licenseService.getPlan(actorOrgId);
-    if (!plan.auditLogStreams)
-      throw new BadRequestError({
-        message: "Failed to create audit log streams due to plan restriction. Upgrade plan to create group."
-      });
-
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      actorOrgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.Settings);
-
-    validateLocalIps(url);
-
-    const totalStreams = await auditLogStreamDAL.find({ orgId: actorOrgId });
-    if (totalStreams.length >= plan.auditLogStreamLimit) {
-      throw new BadRequestError({
-        message:
-          "Failed to create audit log streams due to plan limit reached. Kindly contact Infisical to add more streams."
-      });
-    }
-
-    // testing connection first
-    const streamHeaders: RawAxiosRequestHeaders = { "Content-Type": "application/json" };
-    if (headers.length)
-      headers.forEach(({ key, value }) => {
-        streamHeaders[key] = value;
-      });
-    await request
-      .post(
-        url,
-        { ping: "ok" },
-        {
-          headers: streamHeaders,
-          // request timeout
-          timeout: AUDIT_LOG_STREAM_TIMEOUT,
-          // connection timeout
-          signal: AbortSignal.timeout(AUDIT_LOG_STREAM_TIMEOUT)
-        }
-      )
-      .catch((err) => {
-        throw new Error(`Failed to connect with the source ${(err as Error)?.message}`);
-      });
-    const encryptedHeaders = headers ? infisicalSymmetricEncypt(JSON.stringify(headers)) : undefined;
-    const logStream = await auditLogStreamDAL.create({
-      orgId: actorOrgId,
-      url,
-      ...(encryptedHeaders
-        ? {
-            encryptedHeadersCiphertext: encryptedHeaders.ciphertext,
-            encryptedHeadersIV: encryptedHeaders.iv,
-            encryptedHeadersTag: encryptedHeaders.tag,
-            encryptedHeadersAlgorithm: encryptedHeaders.algorithm,
-            encryptedHeadersKeyEncoding: encryptedHeaders.encoding
-          }
-        : {})
-    });
-    return logStream;
-  };
-
-  const updateById = async ({
-    id,
-    url,
-    actor,
-    headers = [],
-    actorId,
-    actorOrgId,
-    actorAuthMethod
-  }: TUpdateAuditLogStreamDTO) => {
-    if (!actorOrgId) throw new BadRequestError({ message: "Missing org id from token" });
-
-    const plan = await licenseService.getPlan(actorOrgId);
-    if (!plan.auditLogStreams)
-      throw new BadRequestError({
-        message: "Failed to update audit log streams due to plan restriction. Upgrade plan to create group."
-      });
-
-    const logStream = await auditLogStreamDAL.findById(id);
-    if (!logStream) throw new BadRequestError({ message: "Audit log stream not found" });
-
-    const { orgId } = logStream;
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Settings);
-
-    if (url) validateLocalIps(url);
-
-    // testing connection first
-    const streamHeaders: RawAxiosRequestHeaders = { "Content-Type": "application/json" };
-    if (headers.length)
-      headers.forEach(({ key, value }) => {
-        streamHeaders[key] = value;
-      });
-
-    await request
-      .post(
-        url || logStream.url,
-        { ping: "ok" },
-        {
-          headers: streamHeaders,
-          // request timeout
-          timeout: AUDIT_LOG_STREAM_TIMEOUT,
-          // connection timeout
-          signal: AbortSignal.timeout(AUDIT_LOG_STREAM_TIMEOUT)
-        }
-      )
-      .catch((err) => {
-        throw new Error(`Failed to connect with the source ${(err as Error)?.message}`);
-      });
-
-    const encryptedHeaders = headers ? infisicalSymmetricEncypt(JSON.stringify(headers)) : undefined;
-    const updatedLogStream = await auditLogStreamDAL.updateById(id, {
-      url,
-      ...(encryptedHeaders
-        ? {
-            encryptedHeadersCiphertext: encryptedHeaders.ciphertext,
-            encryptedHeadersIV: encryptedHeaders.iv,
-            encryptedHeadersTag: encryptedHeaders.tag,
-            encryptedHeadersAlgorithm: encryptedHeaders.algorithm,
-            encryptedHeadersKeyEncoding: encryptedHeaders.encoding
-          }
-        : {})
-    });
-    return updatedLogStream;
-  };
-
-  const deleteById = async ({ id, actor, actorId, actorOrgId, actorAuthMethod }: TDeleteAuditLogStreamDTO) => {
-    if (!actorOrgId) throw new BadRequestError({ message: "Missing org id from token" });
-
-    const logStream = await auditLogStreamDAL.findById(id);
-    if (!logStream) throw new BadRequestError({ message: "Audit log stream not found" });
-
-    const { orgId } = logStream;
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Delete, OrgPermissionSubjects.Settings);
-
-    const deletedLogStream = await auditLogStreamDAL.deleteById(id);
-    return deletedLogStream;
-  };
-
-  const getById = async ({ id, actor, actorId, actorOrgId, actorAuthMethod }: TGetDetailsAuditLogStreamDTO) => {
-    const logStream = await auditLogStreamDAL.findById(id);
-    if (!logStream) throw new BadRequestError({ message: "Audit log stream not found" });
-
-    const { orgId } = logStream;
-    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorAuthMethod, actorOrgId);
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Settings);
-
-    const headers =
-      logStream?.encryptedHeadersCiphertext && logStream?.encryptedHeadersIV && logStream?.encryptedHeadersTag
-        ? (JSON.parse(
-            infisicalSymmetricDecrypt({
-              tag: logStream.encryptedHeadersTag,
-              iv: logStream.encryptedHeadersIV,
-              ciphertext: logStream.encryptedHeadersCiphertext,
-              keyEncoding: logStream.encryptedHeadersKeyEncoding as SecretKeyEncoding
-            })
-          ) as LogStreamHeaders[])
-        : undefined;
-
-    return { ...logStream, headers };
-  };
-
-  const list = async ({ actor, actorId, actorOrgId, actorAuthMethod }: TListAuditLogStreamDTO) => {
-    const { permission } = await permissionService.getOrgPermission(
-      actor,
-      actorId,
-      actorOrgId,
-      actorAuthMethod,
-      actorOrgId
-    );
-    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.Settings);
-
-    const logStreams = await auditLogStreamDAL.find({ orgId: actorOrgId });
-    return logStreams;
-  };
-
-  return {
-    create,
-    updateById,
-    deleteById,
-    getById,
-    list
-  };
-};
--- a/backend/src/ee/services/audit-log-stream/audit-log-stream-types.ts
+++ b/backend/src/ee/services/audit-log-stream/audit-log-stream-types.ts
@ -1,27 +0,0 @@
-import { TOrgPermission } from "@app/lib/types";
-
-export type LogStreamHeaders = {
-  key: string;
-  value: string;
-};
-
-export type TCreateAuditLogStreamDTO = Omit<TOrgPermission, "orgId"> & {
-  url: string;
-  headers?: LogStreamHeaders[];
-};
-
-export type TUpdateAuditLogStreamDTO = Omit<TOrgPermission, "orgId"> & {
-  id: string;
-  url?: string;
-  headers?: LogStreamHeaders[];
-};
-
-export type TDeleteAuditLogStreamDTO = Omit<TOrgPermission, "orgId"> & {
-  id: string;
-};
-
-export type TListAuditLogStreamDTO = Omit<TOrgPermission, "orgId">;
-
-export type TGetDetailsAuditLogStreamDTO = Omit<TOrgPermission, "orgId"> & {
-  id: string;
-};
--- a/backend/src/ee/services/audit-log/audit-log-queue.ts
+++ b/backend/src/ee/services/audit-log/audit-log-queue.ts
@ -1,21 +1,13 @@
-import { RawAxiosRequestHeaders } from "axios";
-
-import { SecretKeyEncoding } from "@app/db/schemas";
-import { request } from "@app/lib/config/request";
-import { infisicalSymmetricDecrypt } from "@app/lib/crypto/encryption";
 import { logger } from "@app/lib/logger";
 import { QueueJobs, QueueName, TQueueServiceFactory } from "@app/queue";
 import { TProjectDALFactory } from "@app/services/project/project-dal";

-import { TAuditLogStreamDALFactory } from "../audit-log-stream/audit-log-stream-dal";
-import { LogStreamHeaders } from "../audit-log-stream/audit-log-stream-types";
 import { TLicenseServiceFactory } from "../license/license-service";
 import { TAuditLogDALFactory } from "./audit-log-dal";
 import { TCreateAuditLogDTO } from "./audit-log-types";

 type TAuditLogQueueServiceFactoryDep = {
  auditLogDAL: TAuditLogDALFactory;
-  auditLogStreamDAL: Pick<TAuditLogStreamDALFactory, "find">;
  queueService: TQueueServiceFactory;
  projectDAL: Pick<TProjectDALFactory, "findById">;
  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
@ -23,15 +15,11 @@ type TAuditLogQueueServiceFactoryDep = {

 export type TAuditLogQueueServiceFactory = ReturnType<typeof auditLogQueueServiceFactory>;

-// keep this timeout 5s it must be fast because else the queue will take time to finish
-// audit log is a crowded queue thus needs to be fast
-export const AUDIT_LOG_STREAM_TIMEOUT = 5 * 1000;
 export const auditLogQueueServiceFactory = ({
  auditLogDAL,
  queueService,
  projectDAL,
-  licenseService,
-  auditLogStreamDAL
+  licenseService
 }: TAuditLogQueueServiceFactoryDep) => {
  const pushToLog = async (data: TCreateAuditLogDTO) => {
    await queueService.queue(QueueName.AuditLog, QueueJobs.AuditLog, data, {
@ -59,7 +47,7 @@ export const auditLogQueueServiceFactory = ({
    // skip inserting if audit log retention is 0 meaning its not supported
    if (ttl === 0) return;

-    const auditLog = await auditLogDAL.create({
+    await auditLogDAL.create({
      actor: actor.type,
      actorMetadata: actor.metadata,
      userAgent,
@ -71,46 +59,6 @@ export const auditLogQueueServiceFactory = ({
      eventMetadata: event.metadata,
      userAgentType
    });
-
-    const logStreams = orgId ? await auditLogStreamDAL.find({ orgId }) : [];
-    await Promise.allSettled(
-      logStreams.map(
-        async ({
-          url,
-          encryptedHeadersTag,
-          encryptedHeadersIV,
-          encryptedHeadersKeyEncoding,
-          encryptedHeadersCiphertext
-        }) => {
-          const streamHeaders =
-            encryptedHeadersIV && encryptedHeadersCiphertext && encryptedHeadersTag
-              ? (JSON.parse(
-                  infisicalSymmetricDecrypt({
-                    keyEncoding: encryptedHeadersKeyEncoding as SecretKeyEncoding,
-                    iv: encryptedHeadersIV,
-                    tag: encryptedHeadersTag,
-                    ciphertext: encryptedHeadersCiphertext
-                  })
-                ) as LogStreamHeaders[])
-              : [];
-
-          const headers: RawAxiosRequestHeaders = { "Content-Type": "application/json" };
-
-          if (streamHeaders.length)
-            streamHeaders.forEach(({ key, value }) => {
-              headers[key] = value;
-            });
-
-          return request.post(url, auditLog, {
-            headers,
-            // request timeout
-            timeout: AUDIT_LOG_STREAM_TIMEOUT,
-            // connection timeout
-            signal: AbortSignal.timeout(AUDIT_LOG_STREAM_TIMEOUT)
-          });
-        }
-      )
-    );
  });

  queueService.start(QueueName.AuditLogPrune, async () => {
--- a/Show More
+++ b/Show More