diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 6ace2303d9..854bc2e6dc 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -2,10 +2,11 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: bug
+labels: bug, linear
 assignees: ''
 
 ---
+
 **Checklist**
 - [ ] I have searched budibase discussions and github issues to check if my issue already exists
 
diff --git a/.github/workflows/budibase_ci.yml b/.github/workflows/budibase_ci.yml
index e0263546ff..c64adb010f 100644
--- a/.github/workflows/budibase_ci.yml
+++ b/.github/workflows/budibase_ci.yml
@@ -10,7 +10,7 @@ on:
  pull_request:
     branches:
       - master
-      - develop 
+      - develop
  workflow_dispatch:
 
 env:
@@ -64,6 +64,20 @@ jobs:
           name: codecov-umbrella
           verbose: true
 
+  test-pro:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Pro
+        run: yarn install:pro $BRANCH $BASE_BRANCH
+      - run: yarn
+      - run: yarn bootstrap
+      - run: yarn test:pro
+
   integration-test:
     runs-on: ubuntu-latest
     services:
diff --git a/.github/workflows/deploy-cloud.yaml b/.github/workflows/deploy-cloud.yaml
index 644eb5f1be..fa80da846f 100644
--- a/.github/workflows/deploy-cloud.yaml
+++ b/.github/workflows/deploy-cloud.yaml
@@ -22,7 +22,7 @@ jobs:
 
       - name: Pull values.yaml from budibase-infra
         run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
+          curl -H "Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}" \
           -H 'Accept: application/vnd.github.v3.raw' \
           -o values.production.yaml \
           -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/values.yaml
diff --git a/.github/workflows/deploy-preprod.yml b/.github/workflows/deploy-preprod.yml
index cef47636ee..803dd6af52 100644
--- a/.github/workflows/deploy-preprod.yml
+++ b/.github/workflows/deploy-preprod.yml
@@ -1,18 +1,16 @@
-name: Budibase Deploy Preprod
-
+name: "deploy-preprod"
 on:
- workflow_dispatch:
-
-env:
-  INTERCOM_TOKEN: ${{ secrets.INTERCOM_TOKEN }}
-  SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+  workflow_dispatch:
+  workflow_call:
 
 jobs:
-  release:
+  deploy-to-legacy-preprod-env:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v2
+      - name: 'Get Previous tag'
+        id: previoustag
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -21,23 +19,16 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: eu-west-1
 
-
-      - name: Get the latest budibase release version
-        id: version
-        run: | 
-          release_version=$(cat lerna.json | jq -r '.version')
-          echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
-
       - name: Pull values.yaml from budibase-infra
-        run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
+        run: |
+          curl -H "Authorization: token ${{ secrets.GH_ACCESS_TOKEN }}" \
           -H 'Accept: application/vnd.github.v3.raw' \
           -o values.preprod.yaml \
           -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/budibase-preprod/values.yaml
           wc -l values.preprod.yaml
 
       - name: Deploy to Preprod Environment
-        uses: glopezep/helm@v1.7.1
+        uses: budibase/helm@v1.8.0
         with:
           release: budibase-preprod
           namespace: budibase
@@ -46,7 +37,7 @@ jobs:
           helm: helm3
           values: |
             globals: 
-              appVersion: v${{ env.RELEASE_VERSION }}
+              appVersion: ${{ steps.previoustag.outputs.tag }}
             ingress:
               enabled: true
               nginx: true
@@ -61,5 +52,5 @@ jobs:
         uses: tsickert/discord-webhook@v4.0.0
         with:
           webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }}
-          content: "Preprod Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Pre-prod."
-          embed-title: ${{ env.RELEASE_VERSION }}
+          content: "Preprod Deployment Complete: ${{ steps.previoustag.outputs.tag }} deployed to Budibase Pre-prod."
+          embed-title: ${{ steps.previoustag.outputs.tag }}
\ No newline at end of file
diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml
deleted file mode 100644
index cff26fd7c8..0000000000
--- a/.github/workflows/deploy-release.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-name: Budibase Deploy Release
-
-on:
- workflow_dispatch:
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
-
-      - name: Fail if branch is not develop
-        if: github.ref != 'refs/heads/develop'
-        run: | 
-          echo "Ref is not develop, you must run this job from develop."
-          exit 1
-
-      - name: Get the latest budibase release version
-        id: version
-        run: | 
-          release_version=$(cat lerna.json | jq -r '.version')
-          echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
-
-      - name: Pull values.yaml from budibase-infra
-        run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
-          -H 'Accept: application/vnd.github.v3.raw' \
-          -o values.release.yaml \
-          -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/budibase-release/values.yaml
-          wc -l values.release.yaml
-
-      - name: Deploy to Release Environment
-        uses: glopezep/helm@v1.7.1
-        with:
-          release: budibase-release
-          namespace: budibase
-          chart: charts/budibase
-          token: ${{ github.token }}
-          helm: helm3
-          values: |
-            globals: 
-              appVersion: develop
-            ingress:
-              enabled: true
-              nginx: true
-          value-files: >-
-            [
-              "values.release.yaml"
-            ]
-        env:
-          KUBECONFIG_FILE: '${{ secrets.RELEASE_KUBECONFIG }}'
-
-      - name: Re roll app-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment app-service -n budibase
-
-      - name: Re roll proxy-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment proxy-service -n budibase
-
-      - name: Re roll worker-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment worker-service -n budibase
-
-
-      - name: Discord Webhook Action
-        uses: tsickert/discord-webhook@v4.0.0
-        with:
-          webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }}
-          content: "Release Env Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Release Env."
-          embed-title: ${{ env.RELEASE_VERSION }}
diff --git a/.github/workflows/release-develop.yml b/.github/workflows/release-develop.yml
index e986179cfc..68c949447c 100644
--- a/.github/workflows/release-develop.yml
+++ b/.github/workflows/release-develop.yml
@@ -117,4 +117,4 @@ jobs:
         with:
           repository: budibase/budibase-deploys
           event: budicloud-qa-deploy
-          github_pat: ${{ secrets.GH_ACCESS_TOKEN }}
\ No newline at end of file
+          github_pat: ${{ secrets.GH_ACCESS_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release-master.yml
similarity index 53%
rename from .github/workflows/release.yml
rename to .github/workflows/release-master.yml
index 2a28150891..3ae265fa21 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release-master.yml
@@ -35,9 +35,8 @@ env:
   PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
 
 jobs:
-  release:
+  release-images:
     runs-on: ubuntu-latest
-
     steps:
       - name: Fail if branch is not master
         if: github.ref != 'refs/heads/master' 
@@ -57,14 +56,6 @@ jobs:
       - run: yarn lint
       - run: yarn build
       - run: yarn build:sdk
-      - run: yarn test
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
 
       - name: Publish budibase packages to NPM
         env:
@@ -90,46 +81,63 @@ jobs:
           DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }}
           BUDIBASE_RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }}
-      
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
 
-      - name: Pull values.yaml from budibase-infra
-        run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
-          -H 'Accept: application/vnd.github.v3.raw' \
-          -o values.preprod.yaml \
-          -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/budibase-preprod/values.yaml
-          wc -l values.preprod.yaml
+  release-helm-chart:
+    needs: [release-images]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Helm
+        uses: azure/setup-helm@v1
+        id: helm-install
 
-      - name: Deploy to Preprod Environment
-        uses: glopezep/helm@v1.7.1
-        with:
-          release: budibase-preprod
-          namespace: budibase
-          chart: charts/budibase
-          token: ${{ github.token }}
-          helm: helm3
-          values: |
-            globals: 
-              appVersion: ${{ steps.previoustag.outputs.tag }}
-            ingress:
-              enabled: true
-              nginx: true
-          value-files: >-
-            [
-              "values.preprod.yaml"
-            ]
+      - name: 'Get Previous tag'
+        id: previoustag
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+
+      # due to helm repo index issue: https://github.com/helm/helm/issues/7363
+      # we need to create new package in a different dir, merge the index and move the package back
+      - name: Build and release helm chart
+        run: |
+          git config user.name "Budibase Helm Bot"
+          git config user.email "<>"
+          git reset --hard
+          git pull
+          mkdir sync
+          echo "Packaging chart to sync dir"
+          helm package charts/budibase --version 0.0.0-master --app-version "$RELEASE_VERSION" --destination sync
+          echo "Packaging successful"
+          git checkout gh-pages
+          echo "Indexing helm repo"         
+          helm repo index --merge docs/index.yaml sync
+          mv -f sync/* docs
+          rm -rf sync
+          echo "Pushing new helm release"
+          git add -A
+          git commit -m "Helm Release: ${{ env.RELEASE_VERSION }}"
+          git push
         env:
-          KUBECONFIG_FILE: '${{ secrets.PREPROD_KUBECONFIG }}'
+          RELEASE_VERSION: ${{ steps.previoustag.outputs.tag }}
 
-      - name: Discord Webhook Action
-        uses: tsickert/discord-webhook@v4.0.0
+  deploy-to-legacy-preprod-env:
+    needs: [release-images]
+    uses: ./.github/workflows/deploy-preprod.yml
+    secrets: inherit
+
+  # Trigger deploy to new EKS preprod environment
+  trigger-deploy-to-preprod-env:
+    needs: [release-helm-chart]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: 'Get Previous tag'
+        id: previoustag
+        uses: "WyriHaximus/github-action-get-previous-tag@v1"
+
+      - uses: passeidireto/trigger-external-workflow-action@main
+        env:
+          PAYLOAD_VERSION: ${{ steps.previoustag.outputs.tag }}
         with:
-          webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }}
-          content: "Preprod Deployment Complete: ${{ steps.previoustag.outputs.tag }} deployed to Budibase Pre-prod."
-          embed-title: ${{ steps.previoustag.outputs.tag }}
+          repository: budibase/budibase-deploys
+          event: budicloud-preprod-deploy
+          github_pat: ${{ secrets.GH_ACCESS_TOKEN }}
diff --git a/.github/workflows/release-selfhost.yml b/.github/workflows/release-selfhost.yml
index 12fb8f5a9d..f5a2f643c3 100644
--- a/.github/workflows/release-selfhost.yml
+++ b/.github/workflows/release-selfhost.yml
@@ -16,9 +16,13 @@ jobs:
 
       - uses: actions/checkout@v2
         with: 
-          node-version: 14.x
           fetch_depth: 0
 
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+
       - name: Get the latest budibase release version
         id: version
         run: |
diff --git a/.github/workflows/deploy-single-image.yml b/.github/workflows/release-singleimage.yml
similarity index 100%
rename from .github/workflows/deploy-single-image.yml
rename to .github/workflows/release-singleimage.yml
diff --git a/.github/workflows/smoke_test.yaml b/.github/workflows/smoke_test.yaml
deleted file mode 100644
index 3fd61cd9c5..0000000000
--- a/.github/workflows/smoke_test.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-name: Budibase Nightly Tests
-
-on:
- workflow_dispatch:
- schedule:
-  - cron: "0 5 * * *" # every day at 5AM
-
-jobs:
-  nightly:
-    runs-on: [self-hosted, qa]
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js 14.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 14.x
-      - name: QA Core Integration Tests
-        run: | 
-          cd qa-core
-          yarn
-          yarn api:test:ci
-        env:
-          BUDIBASE_HOST: budicloud.qa.budibase.net
-          BUDIBASE_ACCOUNTS_URL: https://account-portal.budicloud.qa.budibase.net
-
-      - name: Cypress Discord Notify
-        run: yarn test:notify
-        env:
-          WEBHOOK_URL: ${{ secrets.BUDI_QA_WEBHOOK }}
-          GITHUB_RUN_URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
\ No newline at end of file
diff --git a/charts/budibase/templates/proxy-service-deployment.yaml b/charts/budibase/templates/proxy-service-deployment.yaml
index e422df8db3..0dea38fcbd 100644
--- a/charts/budibase/templates/proxy-service-deployment.yaml
+++ b/charts/budibase/templates/proxy-service-deployment.yaml
@@ -51,6 +51,14 @@ spec:
           value: {{ tpl .Values.services.proxy.upstreams.minio . | quote }}
         - name: COUCHDB_UPSTREAM_URL
           value: {{ .Values.services.couchdb.url | default (tpl .Values.services.proxy.upstreams.couchdb .) | quote }}
+        {{ if .Values.services.proxy.proxyRateLimitWebhooksPerSecond }}
+        - name: PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND
+          value: {{ .Values.services.proxy.proxyRateLimitWebhooksPerSecond | quote }}
+        {{ end }}
+        {{ if .Values.services.proxy.proxyRateLimitApiPerSecond }}
+        - name: PROXY_RATE_LIMIT_API_PER_SECOND
+          value: {{ .Values.services.proxy.proxyRateLimitApiPerSecond | quote }}
+        {{ end }}
         - name: RESOLVER
           {{ if .Values.services.proxy.resolver }}
           value: {{ .Values.services.proxy.resolver }}
diff --git a/charts/budibase/values.yaml b/charts/budibase/values.yaml
index dd75b2daa3..536af8560f 100644
--- a/charts/budibase/values.yaml
+++ b/charts/budibase/values.yaml
@@ -245,7 +245,7 @@ couchdb:
   ## The CouchDB image
   image:
     repository: couchdb
-    tag: 3.2.1
+    tag: 3.1.1
     pullPolicy: IfNotPresent
 
   ## Experimental integration with Lucene-powered fulltext search
diff --git a/docs/DEV-SETUP-DEBIAN.md b/docs/DEV-SETUP-DEBIAN.md
index 9edd8286cb..cfd7eebf47 100644
--- a/docs/DEV-SETUP-DEBIAN.md
+++ b/docs/DEV-SETUP-DEBIAN.md
@@ -52,4 +52,14 @@ So this command will actually run the application in dev mode. It creates .env f
 
 The dev version will be available on port 10000 i.e.
 
-http://127.0.0.1:10000/builder/admin
\ No newline at end of file
+http://127.0.0.1:10000/builder/admin
+
+### File descriptor issues with Vite and Chrome in Linux
+If your dev environment stalls forever, with some network requests stuck in flight, it's likely that Chrome is trying to open more file descriptors than your system allows.
+To fix this, apply the following tweaks.
+
+Debian based distros:
+Add `* - nofile 65536` to `/etc/security/limits.conf`.
+
+Arch:
+Add `DefaultLimitNOFILE=65536` to `/etc/systemd/system.conf`.
\ No newline at end of file
diff --git a/hosting/docker-compose.dev.yaml b/hosting/docker-compose.dev.yaml
index 7d8198db73..394f5ac256 100644
--- a/hosting/docker-compose.dev.yaml
+++ b/hosting/docker-compose.dev.yaml
@@ -6,8 +6,7 @@ services:
   minio-service:
     container_name: budi-minio-dev
     restart: on-failure
-    # Last version that supports the "fs" backend
-    image: minio/minio:RELEASE.2022-10-24T18-35-07Z
+    image: minio/minio
     volumes:
       - minio_data:/data
     ports:
@@ -69,4 +68,4 @@ volumes:
   minio_data:
     driver: local
   redis_data:
-    driver: local
\ No newline at end of file
+    driver: local
diff --git a/hosting/docker-compose.test.yaml b/hosting/docker-compose.test.yaml
index dfd78621c5..f059173d2d 100644
--- a/hosting/docker-compose.test.yaml
+++ b/hosting/docker-compose.test.yaml
@@ -8,8 +8,8 @@ services:
     # Last version that supports the "fs" backend
     image: minio/minio:RELEASE.2022-10-24T18-35-07Z
     ports:
-      - 9000
-      - 9001
+      - "9000"
+      - "9001"
     environment:
       MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
       MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
@@ -28,9 +28,9 @@ services:
       - COUCHDB_PASSWORD=${COUCH_DB_PASSWORD}
       - COUCHDB_USER=${COUCH_DB_USER}
     ports:
-      - 5984
-      - 4369
-      - 9100
+      - "5984"
+      - "4369"
+      - "9100"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:5984/_up"]
       interval: 30s
@@ -42,6 +42,6 @@ services:
     image: redis
     command: redis-server --requirepass ${REDIS_PASSWORD}
     ports:
-      - 6379
+      - "6379"
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "ping"]
\ No newline at end of file
diff --git a/hosting/proxy/nginx.prod.conf b/hosting/proxy/nginx.prod.conf
index 4d8b3466bf..8954106feb 100644
--- a/hosting/proxy/nginx.prod.conf
+++ b/hosting/proxy/nginx.prod.conf
@@ -55,12 +55,12 @@ http {
     set $csp_style "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me https://maxcdn.bootstrapcdn.com";
     set $csp_object "object-src 'none'";
     set $csp_base_uri "base-uri 'self'";
-    set $csp_connect "connect-src 'self' https://*.budibase.net https://api-iam.intercom.io https://api-iam.intercom.io  https://api-ping.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io  wss://nexus-websocket-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io  https://uploads.intercomcdn.com  https://uploads.intercomusercontent.com https://*.s3.*.amazonaws.com https://s3.*.amazonaws.com https://api.github.com";
+    set $csp_connect "connect-src 'self' https://*.budibase.net https://api-iam.intercom.io https://api-iam.intercom.io  https://api-ping.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io  wss://nexus-websocket-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io  https://uploads.intercomcdn.com  https://uploads.intercomusercontent.com https://*.s3.amazonaws.com https://*.s3.us-east-2.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.s3.us-west-1.amazonaws.com https://*.s3.us-west-2.amazonaws.com https://*.s3.af-south-1.amazonaws.com https://*.s3.ap-east-1.amazonaws.com https://*.s3.ap-southeast-3.amazonaws.com https://*.s3.ap-south-1.amazonaws.com https://*.s3.ap-northeast-3.amazonaws.com https://*.s3.ap-northeast-2.amazonaws.com https://*.s3.ap-southeast-1.amazonaws.com https://*.s3.ap-southeast-2.amazonaws.com https://*.s3.ap-northeast-1.amazonaws.com https://*.s3.ca-central-1.amazonaws.com https://*.s3.cn-north-1.amazonaws.com https://*.s3.cn-northwest-1.amazonaws.com https://*.s3.eu-central-1.amazonaws.com https://*.s3.eu-west-1.amazonaws.com https://*.s3.eu-west-2.amazonaws.com https://*.s3.eu-south-1.amazonaws.com https://*.s3.eu-west-3.amazonaws.com https://*.s3.eu-north-1.amazonaws.com https://*.s3.sa-east-1.amazonaws.com https://*.s3.me-south-1.amazonaws.com https://*.s3.us-gov-east-1.amazonaws.com https://*.s3.us-gov-west-1.amazonaws.com https://api.github.com";    
     set $csp_font "font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com  https://js.intercomcdn.com  https://fonts.intercomcdn.com";
     set $csp_frame "frame-src 'self' https:";
     set $csp_img "img-src http: https: data: blob:";
     set $csp_manifest "manifest-src 'self'";
-    set $csp_media "media-src 'self' https://js.intercomcdn.com";
+    set $csp_media "media-src 'self' https://js.intercomcdn.com https://cdn.budi.live"; 
     set $csp_worker "worker-src 'none'";
 
     error_page 502 503 504 /error.html;
diff --git a/lerna.json b/lerna.json
index 5145222dfa..4fb904f81f 100644
--- a/lerna.json
+++ b/lerna.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "npmClient": "yarn",
   "packages": [
     "packages/*"
diff --git a/package.json b/package.json
index 3ead7d5553..815e470916 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
     "js-yaml": "^4.1.0",
     "kill-port": "^1.6.1",
     "lerna": "3.14.1",
-    "madge": "^5.0.1",
+    "madge": "^6.0.0",
     "prettier": "^2.3.1",
     "prettier-plugin-svelte": "^2.3.0",
     "rimraf": "^3.0.2",
@@ -44,7 +44,7 @@
     "dev": "yarn run kill-all && lerna link && lerna run --parallel dev:builder --concurrency 1",
     "dev:noserver": "yarn run kill-builder && lerna link && lerna run dev:stack:up && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
     "dev:server": "yarn run kill-server && lerna run --parallel dev:builder --concurrency 1 --scope @budibase/backend-core --scope @budibase/worker --scope @budibase/server",
-    "test": "lerna run test && yarn test:pro",
+    "test": "lerna run test",
     "test:pro": "bash scripts/pro/test.sh",
     "lint:eslint": "eslint packages && eslint qa-core",
     "lint:prettier": "prettier --check \"packages/**/*.{js,ts,svelte}\" && prettier --write \"examples/**/*.{js,ts,svelte}\" && prettier --check \"qa-core/**/*.{js,ts,svelte}\"",
@@ -84,4 +84,4 @@
     "install:pro": "bash scripts/pro/install.sh",
     "dep:clean": "yarn clean && yarn bootstrap"
   }
-}
\ No newline at end of file
+}
diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json
index 428d785a44..fff4040c22 100644
--- a/packages/backend-core/package.json
+++ b/packages/backend-core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -22,9 +22,9 @@
     "test:watch": "jest --watchAll"
   },
   "dependencies": {
-    "@budibase/nano": "10.1.1",
+    "@budibase/nano": "10.1.2",
     "@budibase/pouchdb-replication-stream": "1.2.10",
-    "@budibase/types": "2.3.18-alpha.12",
+    "@budibase/types": "2.4.12-alpha.0",
     "@shopify/jest-koa-mocks": "5.0.1",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-cloudfront-sign": "2.2.0",
diff --git a/packages/backend-core/src/auth/auth.ts b/packages/backend-core/src/auth/auth.ts
index bee245a3ae..7e6fe4bcee 100644
--- a/packages/backend-core/src/auth/auth.ts
+++ b/packages/backend-core/src/auth/auth.ts
@@ -2,25 +2,35 @@ const _passport = require("koa-passport")
 const LocalStrategy = require("passport-local").Strategy
 const JwtStrategy = require("passport-jwt").Strategy
 import { getGlobalDB } from "../context"
-const refresh = require("passport-oauth2-refresh")
-import { Config, Cookie } from "../constants"
-import { getScopedConfig } from "../db"
+import { Cookie } from "../constants"
 import { getSessionsForUser, invalidateSessions } from "../security/sessions"
 import {
+  authenticated,
+  csrf,
+  google,
   jwt as jwtPassport,
   local,
-  authenticated,
-  tenancy,
-  csrf,
   oidc,
-  google,
+  tenancy,
 } from "../middleware"
+import * as userCache from "../cache/user"
 import { invalidateUser } from "../cache/user"
-import { PlatformLogoutOpts, User } from "@budibase/types"
+import {
+  ConfigType,
+  GoogleInnerConfig,
+  OIDCInnerConfig,
+  PlatformLogoutOpts,
+  SSOProviderType,
+  User,
+} from "@budibase/types"
 import { logAlert } from "../logging"
 import * as events from "../events"
-import * as userCache from "../cache/user"
+import * as configs from "../configs"
 import { clearCookie, getCookie } from "../utils"
+import { ssoSaveUserNoOp } from "../middleware/passport/sso/sso"
+import env from "../environment"
+
+const refresh = require("passport-oauth2-refresh")
 export {
   auditLog,
   authError,
@@ -33,7 +43,6 @@ export {
   google,
   oidc,
 } from "../middleware"
-import { ssoSaveUserNoOp } from "../middleware/passport/sso/sso"
 export const buildAuthMiddleware = authenticated
 export const buildTenancyMiddleware = tenancy
 export const buildCsrfMiddleware = csrf
@@ -44,7 +53,7 @@ export const jwt = require("jsonwebtoken")
 _passport.use(new LocalStrategy(local.options, local.authenticate))
 if (jwtPassport.options.secretOrKey) {
   _passport.use(new JwtStrategy(jwtPassport.options, jwtPassport.authenticate))
-} else {
+} else if (!env.DISABLE_JWT_WARNING) {
   logAlert("No JWT Secret supplied, cannot configure JWT strategy")
 }
 
@@ -63,11 +72,10 @@ _passport.deserializeUser(async (user: User, done: any) => {
 })
 
 async function refreshOIDCAccessToken(
-  db: any,
-  chosenConfig: any,
+  chosenConfig: OIDCInnerConfig,
   refreshToken: string
-) {
-  const callbackUrl = await oidc.getCallbackUrl(db, chosenConfig)
+): Promise<RefreshResponse> {
+  const callbackUrl = await oidc.getCallbackUrl()
   let enrichedConfig: any
   let strategy: any
 
@@ -90,7 +98,7 @@ async function refreshOIDCAccessToken(
 
   return new Promise(resolve => {
     refresh.requestNewAccessToken(
-      Config.OIDC,
+      ConfigType.OIDC,
       refreshToken,
       (err: any, accessToken: string, refreshToken: any, params: any) => {
         resolve({ err, accessToken, refreshToken, params })
@@ -100,11 +108,10 @@ async function refreshOIDCAccessToken(
 }
 
 async function refreshGoogleAccessToken(
-  db: any,
-  config: any,
+  config: GoogleInnerConfig,
   refreshToken: any
-) {
-  let callbackUrl = await google.getCallbackUrl(db, config)
+): Promise<RefreshResponse> {
+  let callbackUrl = await google.getCallbackUrl(config)
 
   let strategy
   try {
@@ -124,7 +131,7 @@ async function refreshGoogleAccessToken(
 
   return new Promise(resolve => {
     refresh.requestNewAccessToken(
-      Config.GOOGLE,
+      ConfigType.GOOGLE,
       refreshToken,
       (err: any, accessToken: string, refreshToken: string, params: any) => {
         resolve({ err, accessToken, refreshToken, params })
@@ -133,41 +140,37 @@ async function refreshGoogleAccessToken(
   })
 }
 
+interface RefreshResponse {
+  err?: {
+    data?: string
+  }
+  accessToken?: string
+  refreshToken?: string
+  params?: any
+}
+
 export async function refreshOAuthToken(
   refreshToken: string,
-  configType: string,
-  configId: string
-) {
-  const db = getGlobalDB()
-
-  const config = await getScopedConfig(db, {
-    type: configType,
-    group: {},
-  })
-
-  let chosenConfig = {}
-  let refreshResponse
-  if (configType === Config.OIDC) {
-    // configId - retrieved from cookie.
-    chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
-    if (!chosenConfig) {
-      throw new Error("Invalid OIDC configuration")
-    }
-    refreshResponse = await refreshOIDCAccessToken(
-      db,
-      chosenConfig,
-      refreshToken
-    )
-  } else {
-    chosenConfig = config
-    refreshResponse = await refreshGoogleAccessToken(
-      db,
-      chosenConfig,
-      refreshToken
-    )
+  providerType: SSOProviderType,
+  configId?: string
+): Promise<RefreshResponse> {
+  switch (providerType) {
+    case SSOProviderType.OIDC:
+      if (!configId) {
+        return { err: { data: "OIDC config id not provided" } }
+      }
+      const oidcConfig = await configs.getOIDCConfigById(configId)
+      if (!oidcConfig) {
+        return { err: { data: "OIDC configuration not found" } }
+      }
+      return refreshOIDCAccessToken(oidcConfig, refreshToken)
+    case SSOProviderType.GOOGLE:
+      let googleConfig = await configs.getGoogleConfig()
+      if (!googleConfig) {
+        return { err: { data: "Google configuration not found" } }
+      }
+      return refreshGoogleAccessToken(googleConfig, refreshToken)
   }
-
-  return refreshResponse
 }
 
 // TODO: Refactor to use user save function instead to prevent the need for
@@ -225,6 +228,6 @@ export async function platformLogout(opts: PlatformLogoutOpts) {
 
   const sessionIds = sessions.map(({ sessionId }) => sessionId)
   await invalidateSessions(userId, { sessionIds, reason: "logout" })
-  await events.auth.logout()
+  await events.auth.logout(ctx.user?.email)
   await userCache.invalidateUser(userId)
 }
diff --git a/packages/backend-core/src/cache/appMetadata.ts b/packages/backend-core/src/cache/appMetadata.ts
index d24c4a3140..5b66c356d3 100644
--- a/packages/backend-core/src/cache/appMetadata.ts
+++ b/packages/backend-core/src/cache/appMetadata.ts
@@ -1,6 +1,6 @@
 import { getAppClient } from "../redis/init"
 import { doWithDB, DocumentType } from "../db"
-import { Database } from "@budibase/types"
+import { Database, App } from "@budibase/types"
 
 const AppState = {
   INVALID: "invalid",
@@ -65,7 +65,7 @@ export async function getAppMetadata(appId: string) {
   if (isInvalid(metadata)) {
     throw { status: 404, message: "No app metadata found" }
   }
-  return metadata
+  return metadata as App
 }
 
 /**
diff --git a/packages/backend-core/src/cache/tests/writethrough.spec.ts b/packages/backend-core/src/cache/tests/writethrough.spec.ts
index d346788121..a34f05e881 100644
--- a/packages/backend-core/src/cache/tests/writethrough.spec.ts
+++ b/packages/backend-core/src/cache/tests/writethrough.spec.ts
@@ -1,10 +1,13 @@
-import { structures, DBTestConfiguration } from "../../../tests"
+import {
+  structures,
+  DBTestConfiguration,
+  expectFunctionWasCalledTimesWith,
+} from "../../../tests"
 import { Writethrough } from "../writethrough"
 import { getDB } from "../../db"
 import tk from "timekeeper"
 
-const START_DATE = Date.now()
-tk.freeze(START_DATE)
+tk.freeze(Date.now())
 
 const DELAY = 5000
 
@@ -17,34 +20,99 @@ describe("writethrough", () => {
   const writethrough = new Writethrough(db, DELAY)
   const writethrough2 = new Writethrough(db2, DELAY)
 
+  const docId = structures.uuid()
+
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
   describe("put", () => {
-    let first: any
+    let current: any
 
     it("should be able to store, will go to DB", async () => {
       await config.doInTenant(async () => {
-        const response = await writethrough.put({ _id: "test", value: 1 })
+        const response = await writethrough.put({
+          _id: docId,
+          value: 1,
+        })
         const output = await db.get(response.id)
-        first = output
+        current = output
         expect(output.value).toBe(1)
       })
     })
 
     it("second put shouldn't update DB", async () => {
       await config.doInTenant(async () => {
-        const response = await writethrough.put({ ...first, value: 2 })
+        const response = await writethrough.put({ ...current, value: 2 })
         const output = await db.get(response.id)
-        expect(first._rev).toBe(output._rev)
+        expect(current._rev).toBe(output._rev)
         expect(output.value).toBe(1)
       })
     })
 
     it("should put it again after delay period", async () => {
       await config.doInTenant(async () => {
-        tk.freeze(START_DATE + DELAY + 1)
-        const response = await writethrough.put({ ...first, value: 3 })
+        tk.freeze(Date.now() + DELAY + 1)
+        const response = await writethrough.put({ ...current, value: 3 })
         const output = await db.get(response.id)
-        expect(response.rev).not.toBe(first._rev)
+        expect(response.rev).not.toBe(current._rev)
         expect(output.value).toBe(3)
+
+        current = output
+      })
+    })
+
+    it("should handle parallel DB updates ignoring conflicts", async () => {
+      await config.doInTenant(async () => {
+        tk.freeze(Date.now() + DELAY + 1)
+        const responses = await Promise.all([
+          writethrough.put({ ...current, value: 4 }),
+          writethrough.put({ ...current, value: 4 }),
+          writethrough.put({ ...current, value: 4 }),
+        ])
+
+        const newRev = responses.map(x => x.rev).find(x => x !== current._rev)
+        expect(newRev).toBeDefined()
+        expect(responses.map(x => x.rev)).toEqual(
+          expect.arrayContaining([current._rev, current._rev, newRev])
+        )
+        expectFunctionWasCalledTimesWith(
+          console.warn,
+          2,
+          "bb-warn: Ignoring redlock conflict in write-through cache"
+        )
+
+        const output = await db.get(current._id)
+        expect(output.value).toBe(4)
+        expect(output._rev).toBe(newRev)
+
+        current = output
+      })
+    })
+
+    it("should handle updates with documents falling behind", async () => {
+      await config.doInTenant(async () => {
+        tk.freeze(Date.now() + DELAY + 1)
+
+        const id = structures.uuid()
+        await writethrough.put({ _id: id, value: 1 })
+        const doc = await writethrough.get(id)
+
+        // Updating document
+        tk.freeze(Date.now() + DELAY + 1)
+        await writethrough.put({ ...doc, value: 2 })
+
+        // Update with the old rev value
+        tk.freeze(Date.now() + DELAY + 1)
+        const res = await writethrough.put({
+          ...doc,
+          value: 3,
+        })
+        expect(res.ok).toBe(true)
+
+        const output = await db.get(id)
+        expect(output.value).toBe(3)
+        expect(output._rev).toBe(res.rev)
       })
     })
   })
@@ -52,8 +120,8 @@ describe("writethrough", () => {
   describe("get", () => {
     it("should be able to retrieve", async () => {
       await config.doInTenant(async () => {
-        const response = await writethrough.get("test")
-        expect(response.value).toBe(3)
+        const response = await writethrough.get(docId)
+        expect(response.value).toBe(4)
       })
     })
   })
diff --git a/packages/backend-core/src/cache/writethrough.ts b/packages/backend-core/src/cache/writethrough.ts
index dc889d5b18..a3b1ecc08d 100644
--- a/packages/backend-core/src/cache/writethrough.ts
+++ b/packages/backend-core/src/cache/writethrough.ts
@@ -1,7 +1,8 @@
 import BaseCache from "./base"
 import { getWritethroughClient } from "../redis/init"
 import { logWarn } from "../logging"
-import { Database } from "@budibase/types"
+import { Database, Document, LockName, LockType } from "@budibase/types"
+import * as locks from "../redis/redlockImpl"
 
 const DEFAULT_WRITE_RATE_MS = 10000
 let CACHE: BaseCache | null = null
@@ -27,44 +28,62 @@ function makeCacheItem(doc: any, lastWrite: number | null = null): CacheItem {
   return { doc, lastWrite: lastWrite || Date.now() }
 }
 
-export async function put(
+async function put(
   db: Database,
-  doc: any,
+  doc: Document,
   writeRateMs: number = DEFAULT_WRITE_RATE_MS
 ) {
   const cache = await getCache()
   const key = doc._id
-  let cacheItem: CacheItem | undefined = await cache.get(makeCacheKey(db, key))
+  let cacheItem: CacheItem | undefined
+  if (key) {
+    cacheItem = await cache.get(makeCacheKey(db, key))
+  }
   const updateDb = !cacheItem || cacheItem.lastWrite < Date.now() - writeRateMs
   let output = doc
   if (updateDb) {
-    const writeDb = async (toWrite: any) => {
-      // doc should contain the _id and _rev
-      const response = await db.put(toWrite)
-      output = {
-        ...doc,
-        _id: response.id,
-        _rev: response.rev,
-      }
-    }
-    try {
-      await writeDb(doc)
-    } catch (err: any) {
-      if (err.status !== 409) {
-        throw err
-      } else {
-        // Swallow 409s but log them
-        logWarn(`Ignoring conflict in write-through cache`)
+    const lockResponse = await locks.doWithLock(
+      {
+        type: LockType.TRY_ONCE,
+        name: LockName.PERSIST_WRITETHROUGH,
+        resource: key,
+        ttl: 1000,
+      },
+      async () => {
+        const writeDb = async (toWrite: any) => {
+          // doc should contain the _id and _rev
+          const response = await db.put(toWrite, { force: true })
+          output = {
+            ...doc,
+            _id: response.id,
+            _rev: response.rev,
+          }
+        }
+        try {
+          await writeDb(doc)
+        } catch (err: any) {
+          if (err.status !== 409) {
+            throw err
+          } else {
+            // Swallow 409s but log them
+            logWarn(`Ignoring conflict in write-through cache`)
+          }
+        }
       }
+    )
+    if (!lockResponse.executed) {
+      logWarn(`Ignoring redlock conflict in write-through cache`)
     }
   }
   // if we are updating the DB then need to set the lastWrite to now
   cacheItem = makeCacheItem(output, updateDb ? null : cacheItem?.lastWrite)
-  await cache.store(makeCacheKey(db, key), cacheItem)
+  if (output._id) {
+    await cache.store(makeCacheKey(db, output._id), cacheItem)
+  }
   return { ok: true, id: output._id, rev: output._rev }
 }
 
-export async function get(db: Database, id: string): Promise<any> {
+async function get(db: Database, id: string): Promise<any> {
   const cache = await getCache()
   const cacheKey = makeCacheKey(db, id)
   let cacheItem: CacheItem = await cache.get(cacheKey)
@@ -76,11 +95,7 @@ export async function get(db: Database, id: string): Promise<any> {
   return cacheItem.doc
 }
 
-export async function remove(
-  db: Database,
-  docOrId: any,
-  rev?: any
-): Promise<void> {
+async function remove(db: Database, docOrId: any, rev?: any): Promise<void> {
   const cache = await getCache()
   if (!docOrId) {
     throw new Error("No ID/Rev provided.")
diff --git a/packages/backend-core/src/configs/configs.ts b/packages/backend-core/src/configs/configs.ts
new file mode 100644
index 0000000000..b461497747
--- /dev/null
+++ b/packages/backend-core/src/configs/configs.ts
@@ -0,0 +1,244 @@
+import {
+  Config,
+  ConfigType,
+  GoogleConfig,
+  GoogleInnerConfig,
+  OIDCConfig,
+  OIDCInnerConfig,
+  SettingsConfig,
+  SettingsInnerConfig,
+  SMTPConfig,
+  SMTPInnerConfig,
+} from "@budibase/types"
+import { DocumentType, SEPARATOR } from "../constants"
+import { CacheKey, TTL, withCache } from "../cache"
+import * as context from "../context"
+import env from "../environment"
+import environment from "../environment"
+
+// UTILS
+
+/**
+ * Generates a new configuration ID.
+ * @returns {string} The new configuration ID which the config doc can be stored under.
+ */
+export function generateConfigID(type: ConfigType) {
+  return `${DocumentType.CONFIG}${SEPARATOR}${type}`
+}
+
+export async function getConfig<T extends Config>(
+  type: ConfigType
+): Promise<T | undefined> {
+  const db = context.getGlobalDB()
+  try {
+    // await to catch error
+    const config = (await db.get(generateConfigID(type))) as T
+    return config
+  } catch (e: any) {
+    if (e.status === 404) {
+      return
+    }
+    throw e
+  }
+}
+
+export async function save(
+  config: Config
+): Promise<{ id: string; rev: string }> {
+  const db = context.getGlobalDB()
+  return db.put(config)
+}
+
+// SETTINGS
+
+export async function getSettingsConfigDoc(): Promise<SettingsConfig> {
+  let config = await getConfig<SettingsConfig>(ConfigType.SETTINGS)
+
+  if (!config) {
+    config = {
+      _id: generateConfigID(ConfigType.SETTINGS),
+      type: ConfigType.SETTINGS,
+      config: {},
+    }
+  }
+
+  // overridden fields
+  config.config.platformUrl = await getPlatformUrl({
+    tenantAware: true,
+    config: config.config,
+  })
+  config.config.analyticsEnabled = await analyticsEnabled({
+    config: config.config,
+  })
+
+  return config
+}
+
+export async function getSettingsConfig(): Promise<SettingsInnerConfig> {
+  return (await getSettingsConfigDoc()).config
+}
+
+export async function getPlatformUrl(
+  opts: { tenantAware: boolean; config?: SettingsInnerConfig } = {
+    tenantAware: true,
+  }
+) {
+  let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
+
+  if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
+    // cloud and multi tenant - add the tenant to the default platform url
+    const tenantId = context.getTenantId()
+    if (!platformUrl.includes("localhost:")) {
+      platformUrl = platformUrl.replace("://", `://${tenantId}.`)
+    }
+  } else if (env.SELF_HOSTED) {
+    const config = opts?.config
+      ? opts.config
+      : // direct to db to prevent infinite loop
+        (await getConfig<SettingsConfig>(ConfigType.SETTINGS))?.config
+    if (config?.platformUrl) {
+      platformUrl = config.platformUrl
+    }
+  }
+
+  return platformUrl
+}
+
+export const analyticsEnabled = async (opts?: {
+  config?: SettingsInnerConfig
+}) => {
+  // cloud - always use the environment variable
+  if (!env.SELF_HOSTED) {
+    return !!env.ENABLE_ANALYTICS
+  }
+
+  // self host - prefer the settings doc
+  // use cache as events have high throughput
+  const enabledInDB = await withCache(
+    CacheKey.ANALYTICS_ENABLED,
+    TTL.ONE_DAY,
+    async () => {
+      const config = opts?.config
+        ? opts.config
+        : // direct to db to prevent infinite loop
+          (await getConfig<SettingsConfig>(ConfigType.SETTINGS))?.config
+
+      // need to do explicit checks in case the field is not set
+      if (config?.analyticsEnabled === false) {
+        return false
+      } else if (config?.analyticsEnabled === true) {
+        return true
+      }
+    }
+  )
+
+  if (enabledInDB !== undefined) {
+    return enabledInDB
+  }
+
+  // fallback to the environment variable
+  // explicitly check for 0 or false here, undefined or otherwise is treated as true
+  const envEnabled: any = env.ENABLE_ANALYTICS
+  if (envEnabled === 0 || envEnabled === false) {
+    return false
+  } else {
+    return true
+  }
+}
+
+// GOOGLE
+
+async function getGoogleConfigDoc(): Promise<GoogleConfig | undefined> {
+  return await getConfig<GoogleConfig>(ConfigType.GOOGLE)
+}
+
+export async function getGoogleConfig(): Promise<
+  GoogleInnerConfig | undefined
+> {
+  const config = await getGoogleConfigDoc()
+  return config?.config
+}
+
+export async function getGoogleDatasourceConfig(): Promise<
+  GoogleInnerConfig | undefined
+> {
+  if (!env.SELF_HOSTED) {
+    // always use the env vars in cloud
+    return getDefaultGoogleConfig()
+  }
+
+  // prefer the config in self-host
+  let config = await getGoogleConfig()
+
+  // fallback to env vars
+  if (!config || !config.activated) {
+    config = getDefaultGoogleConfig()
+  }
+
+  return config
+}
+
+export function getDefaultGoogleConfig(): GoogleInnerConfig | undefined {
+  if (environment.GOOGLE_CLIENT_ID && environment.GOOGLE_CLIENT_SECRET) {
+    return {
+      clientID: environment.GOOGLE_CLIENT_ID!,
+      clientSecret: environment.GOOGLE_CLIENT_SECRET!,
+      activated: true,
+    }
+  }
+}
+
+// OIDC
+
+async function getOIDCConfigDoc(): Promise<OIDCConfig | undefined> {
+  return getConfig<OIDCConfig>(ConfigType.OIDC)
+}
+
+export async function getOIDCConfig(): Promise<OIDCInnerConfig | undefined> {
+  const config = (await getOIDCConfigDoc())?.config
+  // default to the 0th config
+  return config?.configs && config.configs[0]
+}
+
+/**
+ * @param configId The config id of the inner config to retrieve
+ */
+export async function getOIDCConfigById(
+  configId: string
+): Promise<OIDCInnerConfig | undefined> {
+  const config = (await getConfig<OIDCConfig>(ConfigType.OIDC))?.config
+  return config && config.configs.filter((c: any) => c.uuid === configId)[0]
+}
+
+// SMTP
+
+export async function getSMTPConfigDoc(): Promise<SMTPConfig | undefined> {
+  return getConfig<SMTPConfig>(ConfigType.SMTP)
+}
+
+export async function getSMTPConfig(
+  isAutomation?: boolean
+): Promise<SMTPInnerConfig | undefined> {
+  const config = await getSMTPConfigDoc()
+  if (config) {
+    return config.config
+  }
+
+  // always allow fallback in self host
+  // in cloud don't allow for automations
+  const allowFallback = env.SELF_HOSTED || !isAutomation
+
+  // Use an SMTP fallback configuration from env variables
+  if (env.SMTP_FALLBACK_ENABLED && allowFallback) {
+    return {
+      port: env.SMTP_PORT,
+      host: env.SMTP_HOST!,
+      secure: false,
+      from: env.SMTP_FROM_ADDRESS!,
+      auth: {
+        user: env.SMTP_USER!,
+        pass: env.SMTP_PASSWORD!,
+      },
+    }
+  }
+}
diff --git a/packages/backend-core/src/configs/index.ts b/packages/backend-core/src/configs/index.ts
new file mode 100644
index 0000000000..783f22a0b9
--- /dev/null
+++ b/packages/backend-core/src/configs/index.ts
@@ -0,0 +1 @@
+export * from "./configs"
diff --git a/packages/backend-core/src/configs/tests/configs.spec.ts b/packages/backend-core/src/configs/tests/configs.spec.ts
new file mode 100644
index 0000000000..079f2ab681
--- /dev/null
+++ b/packages/backend-core/src/configs/tests/configs.spec.ts
@@ -0,0 +1,116 @@
+import { DBTestConfiguration, generator, testEnv } from "../../../tests"
+import { ConfigType } from "@budibase/types"
+import env from "../../environment"
+import * as configs from "../configs"
+
+const DEFAULT_URL = "http://localhost:10000"
+const ENV_URL = "http://env.com"
+
+describe("configs", () => {
+  const config = new DBTestConfiguration()
+
+  const setDbPlatformUrl = async (dbUrl: string) => {
+    const settingsConfig = {
+      _id: configs.generateConfigID(ConfigType.SETTINGS),
+      type: ConfigType.SETTINGS,
+      config: {
+        platformUrl: dbUrl,
+      },
+    }
+    await configs.save(settingsConfig)
+  }
+
+  beforeEach(async () => {
+    config.newTenant()
+  })
+
+  describe("getPlatformUrl", () => {
+    describe("self host", () => {
+      beforeEach(async () => {
+        testEnv.selfHosted()
+      })
+
+      it("gets the default url", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(DEFAULT_URL)
+        })
+      })
+
+      it("gets the platform url from the environment", async () => {
+        await config.doInTenant(async () => {
+          env._set("PLATFORM_URL", ENV_URL)
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(ENV_URL)
+        })
+      })
+
+      it("gets the platform url from the database", async () => {
+        await config.doInTenant(async () => {
+          const dbUrl = generator.url()
+          await setDbPlatformUrl(dbUrl)
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(dbUrl)
+        })
+      })
+    })
+
+    describe("cloud", () => {
+      function getTenantAwareUrl() {
+        return `http://${config.tenantId}.env.com`
+      }
+
+      beforeEach(async () => {
+        testEnv.cloudHosted()
+        testEnv.multiTenant()
+
+        env._set("PLATFORM_URL", ENV_URL)
+      })
+
+      it("gets the platform url from the environment without tenancy", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl({ tenantAware: false })
+          expect(url).toBe(ENV_URL)
+        })
+      })
+
+      it("gets the platform url from the environment with tenancy", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(getTenantAwareUrl())
+        })
+      })
+
+      it("never gets the platform url from the database", async () => {
+        await config.doInTenant(async () => {
+          await setDbPlatformUrl(generator.url())
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(getTenantAwareUrl())
+        })
+      })
+    })
+  })
+
+  describe("getSettingsConfig", () => {
+    beforeAll(async () => {
+      testEnv.selfHosted()
+      env._set("PLATFORM_URL", "")
+    })
+
+    it("returns the platform url with an existing config", async () => {
+      await config.doInTenant(async () => {
+        const dbUrl = generator.url()
+        await setDbPlatformUrl(dbUrl)
+        const config = await configs.getSettingsConfig()
+        expect(config.platformUrl).toBe(dbUrl)
+      })
+    })
+
+    it("returns the platform url without an existing config", async () => {
+      await config.doInTenant(async () => {
+        const config = await configs.getSettingsConfig()
+        expect(config.platformUrl).toBe(DEFAULT_URL)
+      })
+    })
+  })
+})
diff --git a/packages/backend-core/src/constants/db.ts b/packages/backend-core/src/constants/db.ts
index f7d15b3880..d41098c405 100644
--- a/packages/backend-core/src/constants/db.ts
+++ b/packages/backend-core/src/constants/db.ts
@@ -68,6 +68,7 @@ export enum DocumentType {
   MEM_VIEW = "view",
   USER_FLAG = "flag",
   AUTOMATION_METADATA = "meta_au",
+  AUDIT_LOG = "al",
 }
 
 export const StaticDatabases = {
@@ -88,6 +89,9 @@ export const StaticDatabases = {
       install: "install",
     },
   },
+  AUDIT_LOGS: {
+    name: "audit-logs",
+  },
 }
 
 export const APP_PREFIX = DocumentType.APP + SEPARATOR
diff --git a/packages/backend-core/src/constants/misc.ts b/packages/backend-core/src/constants/misc.ts
index 0bf3df4094..e25c90575f 100644
--- a/packages/backend-core/src/constants/misc.ts
+++ b/packages/backend-core/src/constants/misc.ts
@@ -41,5 +41,6 @@ export enum Config {
   OIDC_LOGOS = "logos_oidc",
 }
 
+export const MIN_VALID_DATE = new Date(-2147483647000)
 export const MAX_VALID_DATE = new Date(2147483647000)
 export const DEFAULT_TENANT_ID = "default"
diff --git a/packages/backend-core/src/context/Context.ts b/packages/backend-core/src/context/Context.ts
index 02b7713764..d29b6935a8 100644
--- a/packages/backend-core/src/context/Context.ts
+++ b/packages/backend-core/src/context/Context.ts
@@ -1,5 +1,5 @@
 import { AsyncLocalStorage } from "async_hooks"
-import { ContextMap } from "./mainContext"
+import { ContextMap } from "./types"
 
 export default class Context {
   static storage = new AsyncLocalStorage<ContextMap>()
diff --git a/packages/backend-core/src/context/identity.ts b/packages/backend-core/src/context/identity.ts
index 648dd1b5fd..84de3b68c9 100644
--- a/packages/backend-core/src/context/identity.ts
+++ b/packages/backend-core/src/context/identity.ts
@@ -5,6 +5,8 @@ import {
   isCloudAccount,
   Account,
   AccountUserContext,
+  UserContext,
+  Ctx,
 } from "@budibase/types"
 import * as context from "."
 
@@ -16,15 +18,22 @@ export function doInIdentityContext(identity: IdentityContext, task: any) {
   return context.doInIdentityContext(identity, task)
 }
 
-export function doInUserContext(user: User, task: any) {
-  const userContext: any = {
+// used in server/worker
+export function doInUserContext(user: User, ctx: Ctx, task: any) {
+  const userContext: UserContext = {
     ...user,
     _id: user._id as string,
     type: IdentityType.USER,
+    hostInfo: {
+      ipAddress: ctx.request.ip,
+      // filled in by koa-useragent package
+      userAgent: ctx.userAgent._agent.source,
+    },
   }
   return doInIdentityContext(userContext, task)
 }
 
+// used in account portal
 export function doInAccountContext(account: Account, task: any) {
   const _id = getAccountUserId(account)
   const tenantId = account.tenantId
diff --git a/packages/backend-core/src/context/mainContext.ts b/packages/backend-core/src/context/mainContext.ts
index 9884d25d5a..02ba16aa8c 100644
--- a/packages/backend-core/src/context/mainContext.ts
+++ b/packages/backend-core/src/context/mainContext.ts
@@ -11,13 +11,7 @@ import {
   DEFAULT_TENANT_ID,
 } from "../constants"
 import { Database, IdentityContext } from "@budibase/types"
-
-export type ContextMap = {
-  tenantId?: string
-  appId?: string
-  identity?: IdentityContext
-  environmentVariables?: Record<string, string>
-}
+import { ContextMap } from "./types"
 
 let TEST_APP_ID: string | null = null
 
@@ -30,14 +24,23 @@ export function getGlobalDBName(tenantId?: string) {
   return baseGlobalDBName(tenantId)
 }
 
-export function baseGlobalDBName(tenantId: string | undefined | null) {
-  let dbName
-  if (!tenantId || tenantId === DEFAULT_TENANT_ID) {
-    dbName = StaticDatabases.GLOBAL.name
-  } else {
-    dbName = `${tenantId}${SEPARATOR}${StaticDatabases.GLOBAL.name}`
+export function getAuditLogDBName(tenantId?: string) {
+  if (!tenantId) {
+    tenantId = getTenantId()
+  }
+  if (tenantId === DEFAULT_TENANT_ID) {
+    return StaticDatabases.AUDIT_LOGS.name
+  } else {
+    return `${tenantId}${SEPARATOR}${StaticDatabases.AUDIT_LOGS.name}`
+  }
+}
+
+export function baseGlobalDBName(tenantId: string | undefined | null) {
+  if (!tenantId || tenantId === DEFAULT_TENANT_ID) {
+    return StaticDatabases.GLOBAL.name
+  } else {
+    return `${tenantId}${SEPARATOR}${StaticDatabases.GLOBAL.name}`
   }
-  return dbName
 }
 
 export function isMultiTenant() {
@@ -228,6 +231,13 @@ export function getGlobalDB(): Database {
   return getDB(baseGlobalDBName(context?.tenantId))
 }
 
+export function getAuditLogsDB(): Database {
+  if (!getTenantId()) {
+    throw new Error("No tenant ID found - cannot open audit log DB")
+  }
+  return getDB(getAuditLogDBName())
+}
+
 /**
  * Gets the app database based on whatever the request
  * contained, dev or prod.
diff --git a/packages/backend-core/src/context/types.ts b/packages/backend-core/src/context/types.ts
new file mode 100644
index 0000000000..78197ed528
--- /dev/null
+++ b/packages/backend-core/src/context/types.ts
@@ -0,0 +1,9 @@
+import { IdentityContext } from "@budibase/types"
+
+// keep this out of Budibase types, don't want to expose context info
+export type ContextMap = {
+  tenantId?: string
+  appId?: string
+  identity?: IdentityContext
+  environmentVariables?: Record<string, string>
+}
diff --git a/packages/backend-core/src/db/index.ts b/packages/backend-core/src/db/index.ts
index 0d9f75fa18..a569b17b36 100644
--- a/packages/backend-core/src/db/index.ts
+++ b/packages/backend-core/src/db/index.ts
@@ -7,3 +7,4 @@ export { default as Replication } from "./Replication"
 // exports to support old export structure
 export * from "../constants/db"
 export { getGlobalDBName, baseGlobalDBName } from "../context"
+export * from "./lucene"
diff --git a/packages/backend-core/src/db/lucene.ts b/packages/backend-core/src/db/lucene.ts
new file mode 100644
index 0000000000..cba2f0138a
--- /dev/null
+++ b/packages/backend-core/src/db/lucene.ts
@@ -0,0 +1,624 @@
+import fetch from "node-fetch"
+import { getCouchInfo } from "./couch"
+import { SearchFilters, Row } from "@budibase/types"
+
+const QUERY_START_REGEX = /\d[0-9]*:/g
+
+interface SearchResponse<T> {
+  rows: T[] | any[]
+  bookmark: string
+}
+
+interface PaginatedSearchResponse<T> extends SearchResponse<T> {
+  hasNextPage: boolean
+}
+
+export type SearchParams<T> = {
+  tableId?: string
+  sort?: string
+  sortOrder?: string
+  sortType?: string
+  limit?: number
+  bookmark?: string
+  version?: string
+  indexer?: () => Promise<any>
+  disableEscaping?: boolean
+  rows?: T | Row[]
+}
+
+export function removeKeyNumbering(key: any): string {
+  if (typeof key === "string" && key.match(QUERY_START_REGEX) != null) {
+    const parts = key.split(":")
+    // remove the number
+    parts.shift()
+    return parts.join(":")
+  } else {
+    return key
+  }
+}
+
+/**
+ * Class to build lucene query URLs.
+ * Optionally takes a base lucene query object.
+ */
+export class QueryBuilder<T> {
+  dbName: string
+  index: string
+  query: SearchFilters
+  limit: number
+  sort?: string
+  bookmark?: string
+  sortOrder: string
+  sortType: string
+  includeDocs: boolean
+  version?: string
+  indexBuilder?: () => Promise<any>
+  noEscaping = false
+
+  constructor(dbName: string, index: string, base?: SearchFilters) {
+    this.dbName = dbName
+    this.index = index
+    this.query = {
+      allOr: false,
+      string: {},
+      fuzzy: {},
+      range: {},
+      equal: {},
+      notEqual: {},
+      empty: {},
+      notEmpty: {},
+      oneOf: {},
+      contains: {},
+      notContains: {},
+      containsAny: {},
+      ...base,
+    }
+    this.limit = 50
+    this.sortOrder = "ascending"
+    this.sortType = "string"
+    this.includeDocs = true
+  }
+
+  disableEscaping() {
+    this.noEscaping = true
+    return this
+  }
+
+  setIndexBuilder(builderFn: () => Promise<any>) {
+    this.indexBuilder = builderFn
+    return this
+  }
+
+  setVersion(version?: string) {
+    if (version != null) {
+      this.version = version
+    }
+    return this
+  }
+
+  setTable(tableId: string) {
+    this.query.equal!.tableId = tableId
+    return this
+  }
+
+  setLimit(limit?: number) {
+    if (limit != null) {
+      this.limit = limit
+    }
+    return this
+  }
+
+  setSort(sort?: string) {
+    if (sort != null) {
+      this.sort = sort
+    }
+    return this
+  }
+
+  setSortOrder(sortOrder?: string) {
+    if (sortOrder != null) {
+      this.sortOrder = sortOrder
+    }
+    return this
+  }
+
+  setSortType(sortType?: string) {
+    if (sortType != null) {
+      this.sortType = sortType
+    }
+    return this
+  }
+
+  setBookmark(bookmark?: string) {
+    if (bookmark != null) {
+      this.bookmark = bookmark
+    }
+    return this
+  }
+
+  excludeDocs() {
+    this.includeDocs = false
+    return this
+  }
+
+  addString(key: string, partial: string) {
+    this.query.string![key] = partial
+    return this
+  }
+
+  addFuzzy(key: string, fuzzy: string) {
+    this.query.fuzzy![key] = fuzzy
+    return this
+  }
+
+  addRange(key: string, low: string | number, high: string | number) {
+    this.query.range![key] = {
+      low,
+      high,
+    }
+    return this
+  }
+
+  addEqual(key: string, value: any) {
+    this.query.equal![key] = value
+    return this
+  }
+
+  addNotEqual(key: string, value: any) {
+    this.query.notEqual![key] = value
+    return this
+  }
+
+  addEmpty(key: string, value: any) {
+    this.query.empty![key] = value
+    return this
+  }
+
+  addNotEmpty(key: string, value: any) {
+    this.query.notEmpty![key] = value
+    return this
+  }
+
+  addOneOf(key: string, value: any) {
+    this.query.oneOf![key] = value
+    return this
+  }
+
+  addContains(key: string, value: any) {
+    this.query.contains![key] = value
+    return this
+  }
+
+  addNotContains(key: string, value: any) {
+    this.query.notContains![key] = value
+    return this
+  }
+
+  addContainsAny(key: string, value: any) {
+    this.query.containsAny![key] = value
+    return this
+  }
+
+  handleSpaces(input: string) {
+    if (this.noEscaping) {
+      return input
+    } else {
+      return input.replace(/ /g, "_")
+    }
+  }
+
+  /**
+   * Preprocesses a value before going into a lucene search.
+   * Transforms strings to lowercase and wraps strings and bools in quotes.
+   * @param value The value to process
+   * @param options The preprocess options
+   * @returns {string|*}
+   */
+  preprocess(value: any, { escape, lowercase, wrap, type }: any = {}) {
+    const hasVersion = !!this.version
+    // Determine if type needs wrapped
+    const originalType = typeof value
+    // Convert to lowercase
+    if (value && lowercase) {
+      value = value.toLowerCase ? value.toLowerCase() : value
+    }
+    // Escape characters
+    if (!this.noEscaping && escape && originalType === "string") {
+      value = `${value}`.replace(/[ #+\-&|!(){}\]^"~*?:\\]/g, "\\$&")
+    }
+
+    // Wrap in quotes
+    if (originalType === "string" && !isNaN(value) && !type) {
+      value = `"${value}"`
+    } else if (hasVersion && wrap) {
+      value = originalType === "number" ? value : `"${value}"`
+    }
+    return value
+  }
+
+  buildSearchQuery() {
+    const builder = this
+    let allOr = this.query && this.query.allOr
+    let query = allOr ? "" : "*:*"
+    const allPreProcessingOpts = { escape: true, lowercase: true, wrap: true }
+    let tableId
+    if (this.query.equal!.tableId) {
+      tableId = this.query.equal!.tableId
+      delete this.query.equal!.tableId
+    }
+
+    const equal = (key: string, value: any) => {
+      // 0 evaluates to false, which means we would return all rows if we don't check it
+      if (!value && value !== 0) {
+        return null
+      }
+      return `${key}:${builder.preprocess(value, allPreProcessingOpts)}`
+    }
+
+    const contains = (key: string, value: any, mode = "AND") => {
+      if (Array.isArray(value) && value.length === 0) {
+        return null
+      }
+      if (!Array.isArray(value)) {
+        return `${key}:${value}`
+      }
+      let statement = `${builder.preprocess(value[0], { escape: true })}`
+      for (let i = 1; i < value.length; i++) {
+        statement += ` ${mode} ${builder.preprocess(value[i], {
+          escape: true,
+        })}`
+      }
+      return `${key}:(${statement})`
+    }
+
+    const notContains = (key: string, value: any) => {
+      // @ts-ignore
+      const allPrefix = allOr === "" ? "*:* AND" : ""
+      return allPrefix + "NOT " + contains(key, value)
+    }
+
+    const containsAny = (key: string, value: any) => {
+      return contains(key, value, "OR")
+    }
+
+    const oneOf = (key: string, value: any) => {
+      if (!Array.isArray(value)) {
+        if (typeof value === "string") {
+          value = value.split(",")
+        } else {
+          return ""
+        }
+      }
+      let orStatement = `${builder.preprocess(value[0], allPreProcessingOpts)}`
+      for (let i = 1; i < value.length; i++) {
+        orStatement += ` OR ${builder.preprocess(
+          value[i],
+          allPreProcessingOpts
+        )}`
+      }
+      return `${key}:(${orStatement})`
+    }
+
+    function build(structure: any, queryFn: any) {
+      for (let [key, value] of Object.entries(structure)) {
+        // check for new format - remove numbering if needed
+        key = removeKeyNumbering(key)
+        key = builder.preprocess(builder.handleSpaces(key), {
+          escape: true,
+        })
+        const expression = queryFn(key, value)
+        if (expression == null) {
+          continue
+        }
+        if (query.length > 0) {
+          query += ` ${allOr ? "OR" : "AND"} `
+        }
+        query += expression
+      }
+    }
+
+    // Construct the actual lucene search query string from JSON structure
+    if (this.query.string) {
+      build(this.query.string, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        value = builder.preprocess(value, {
+          escape: true,
+          lowercase: true,
+          type: "string",
+        })
+        return `${key}:${value}*`
+      })
+    }
+    if (this.query.range) {
+      build(this.query.range, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        if (value.low == null || value.low === "") {
+          return null
+        }
+        if (value.high == null || value.high === "") {
+          return null
+        }
+        const low = builder.preprocess(value.low, allPreProcessingOpts)
+        const high = builder.preprocess(value.high, allPreProcessingOpts)
+        return `${key}:[${low} TO ${high}]`
+      })
+    }
+    if (this.query.fuzzy) {
+      build(this.query.fuzzy, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        value = builder.preprocess(value, {
+          escape: true,
+          lowercase: true,
+          type: "fuzzy",
+        })
+        return `${key}:${value}~`
+      })
+    }
+    if (this.query.equal) {
+      build(this.query.equal, equal)
+    }
+    if (this.query.notEqual) {
+      build(this.query.notEqual, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        return `!${key}:${builder.preprocess(value, allPreProcessingOpts)}`
+      })
+    }
+    if (this.query.empty) {
+      build(this.query.empty, (key: string) => `!${key}:["" TO *]`)
+    }
+    if (this.query.notEmpty) {
+      build(this.query.notEmpty, (key: string) => `${key}:["" TO *]`)
+    }
+    if (this.query.oneOf) {
+      build(this.query.oneOf, oneOf)
+    }
+    if (this.query.contains) {
+      build(this.query.contains, contains)
+    }
+    if (this.query.notContains) {
+      build(this.query.notContains, notContains)
+    }
+    if (this.query.containsAny) {
+      build(this.query.containsAny, containsAny)
+    }
+    // make sure table ID is always added as an AND
+    if (tableId) {
+      query = `(${query})`
+      allOr = false
+      build({ tableId }, equal)
+    }
+    return query
+  }
+
+  buildSearchBody() {
+    let body: any = {
+      q: this.buildSearchQuery(),
+      limit: Math.min(this.limit, 200),
+      include_docs: this.includeDocs,
+    }
+    if (this.bookmark) {
+      body.bookmark = this.bookmark
+    }
+    if (this.sort) {
+      const order = this.sortOrder === "descending" ? "-" : ""
+      const type = `<${this.sortType}>`
+      body.sort = `${order}${this.handleSpaces(this.sort)}${type}`
+    }
+    return body
+  }
+
+  async run() {
+    const { url, cookie } = getCouchInfo()
+    const fullPath = `${url}/${this.dbName}/_design/database/_search/${this.index}`
+    const body = this.buildSearchBody()
+    try {
+      return await runQuery<T>(fullPath, body, cookie)
+    } catch (err: any) {
+      if (err.status === 404 && this.indexBuilder) {
+        await this.indexBuilder()
+        return await runQuery<T>(fullPath, body, cookie)
+      } else {
+        throw err
+      }
+    }
+  }
+}
+
+/**
+ * Executes a lucene search query.
+ * @param url The query URL
+ * @param body The request body defining search criteria
+ * @param cookie The auth cookie for CouchDB
+ * @returns {Promise<{rows: []}>}
+ */
+async function runQuery<T>(
+  url: string,
+  body: any,
+  cookie: string
+): Promise<SearchResponse<T>> {
+  const response = await fetch(url, {
+    body: JSON.stringify(body),
+    method: "POST",
+    headers: {
+      Authorization: cookie,
+    },
+  })
+
+  if (response.status === 404) {
+    throw response
+  }
+  const json = await response.json()
+
+  let output: any = {
+    rows: [],
+  }
+  if (json.rows != null && json.rows.length > 0) {
+    output.rows = json.rows.map((row: any) => row.doc)
+  }
+  if (json.bookmark) {
+    output.bookmark = json.bookmark
+  }
+  return output
+}
+
+/**
+ * Gets round the fixed limit of 200 results from a query by fetching as many
+ * pages as required and concatenating the results. This recursively operates
+ * until enough results have been found.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The number of results to fetch
+ *   bookmark {string|null} Current bookmark in the recursive search
+ *   rows {array|null} Current results in the recursive search
+ * @returns {Promise<*[]|*>}
+ */
+async function recursiveSearch<T>(
+  dbName: string,
+  index: string,
+  query: any,
+  params: any
+): Promise<any> {
+  const bookmark = params.bookmark
+  const rows = params.rows || []
+  if (rows.length >= params.limit) {
+    return rows
+  }
+  let pageSize = 200
+  if (rows.length > params.limit - 200) {
+    pageSize = params.limit - rows.length
+  }
+  const page = await new QueryBuilder<T>(dbName, index, query)
+    .setVersion(params.version)
+    .setTable(params.tableId)
+    .setBookmark(bookmark)
+    .setLimit(pageSize)
+    .setSort(params.sort)
+    .setSortOrder(params.sortOrder)
+    .setSortType(params.sortType)
+    .run()
+  if (!page.rows.length) {
+    return rows
+  }
+  if (page.rows.length < 200) {
+    return [...rows, ...page.rows]
+  }
+  const newParams = {
+    ...params,
+    bookmark: page.bookmark,
+    rows: [...rows, ...page.rows],
+  }
+  return await recursiveSearch(dbName, index, query, newParams)
+}
+
+/**
+ * Performs a paginated search. A bookmark will be returned to allow the next
+ * page to be fetched. There is a max limit off 200 results per page in a
+ * paginated search.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The desired page size
+ *   bookmark {string} The bookmark to resume from
+ * @returns {Promise<{hasNextPage: boolean, rows: *[]}>}
+ */
+export async function paginatedSearch<T>(
+  dbName: string,
+  index: string,
+  query: SearchFilters,
+  params: SearchParams<T>
+) {
+  let limit = params.limit
+  if (limit == null || isNaN(limit) || limit < 0) {
+    limit = 50
+  }
+  limit = Math.min(limit, 200)
+  const search = new QueryBuilder<T>(dbName, index, query)
+  if (params.version) {
+    search.setVersion(params.version)
+  }
+  if (params.tableId) {
+    search.setTable(params.tableId)
+  }
+  if (params.sort) {
+    search
+      .setSort(params.sort)
+      .setSortOrder(params.sortOrder)
+      .setSortType(params.sortType)
+  }
+  if (params.indexer) {
+    search.setIndexBuilder(params.indexer)
+  }
+  if (params.disableEscaping) {
+    search.disableEscaping()
+  }
+  const searchResults = await search
+    .setBookmark(params.bookmark)
+    .setLimit(limit)
+    .run()
+
+  // Try fetching 1 row in the next page to see if another page of results
+  // exists or not
+  search.setBookmark(searchResults.bookmark).setLimit(1)
+  if (params.tableId) {
+    search.setTable(params.tableId)
+  }
+  const nextResults = await search.run()
+
+  return {
+    ...searchResults,
+    hasNextPage: nextResults.rows && nextResults.rows.length > 0,
+  }
+}
+
+/**
+ * Performs a full search, fetching multiple pages if required to return the
+ * desired amount of results. There is a limit of 1000 results to avoid
+ * heavy performance hits, and to avoid client components breaking from
+ * handling too much data.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The desired number of results
+ * @returns {Promise<{rows: *}>}
+ */
+export async function fullSearch<T>(
+  dbName: string,
+  index: string,
+  query: SearchFilters,
+  params: SearchParams<T>
+) {
+  let limit = params.limit
+  if (limit == null || isNaN(limit) || limit < 0) {
+    limit = 1000
+  }
+  params.limit = Math.min(limit, 1000)
+  const rows = await recursiveSearch<T>(dbName, index, query, params)
+  return { rows }
+}
diff --git a/packages/backend-core/src/db/tests/lucene.spec.ts b/packages/backend-core/src/db/tests/lucene.spec.ts
new file mode 100644
index 0000000000..23b01e18df
--- /dev/null
+++ b/packages/backend-core/src/db/tests/lucene.spec.ts
@@ -0,0 +1,161 @@
+import { newid } from "../../newid"
+import { getDB } from "../db"
+import { Database } from "@budibase/types"
+import { QueryBuilder, paginatedSearch, fullSearch } from "../lucene"
+
+const INDEX_NAME = "main"
+
+const index = `function(doc) {
+  let props = ["property", "number"]
+  for (let key of props) {
+    if (doc[key]) {
+      index(key, doc[key])
+    }
+  }
+}`
+
+describe("lucene", () => {
+  let db: Database, dbName: string
+
+  beforeAll(async () => {
+    dbName = `db-${newid()}`
+    // create the DB for testing
+    db = getDB(dbName)
+    await db.put({ _id: newid(), property: "word" })
+    await db.put({ _id: newid(), property: "word2" })
+    await db.put({ _id: newid(), property: "word3", number: 1 })
+  })
+
+  it("should be able to create a lucene index", async () => {
+    const response = await db.put({
+      _id: "_design/database",
+      indexes: {
+        [INDEX_NAME]: {
+          index: index,
+          analyzer: "standard",
+        },
+      },
+    })
+    expect(response.ok).toBe(true)
+  })
+
+  describe("query builder", () => {
+    it("should be able to perform a basic query", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.setSort("property")
+      builder.setSortOrder("desc")
+      builder.setSortType("string")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(3)
+    })
+
+    it("should handle limits", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.setLimit(1)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a string search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addString("property", "wo")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(3)
+    })
+
+    it("should be able to perform a range search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addRange("number", 0, 1)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform an equal search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addEqual("property", "word2")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a not equal search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotEqual("property", "word2")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform an empty search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addEmpty("number", true)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform a not empty search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotEmpty("number", true)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a one of search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addOneOf("property", ["word", "word2"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform a contains search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addContains("property", ["word"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a not contains search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotContains("property", ["word2"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+  })
+
+  describe("paginated search", () => {
+    it("should be able to perform a paginated search", async () => {
+      const page = await paginatedSearch(
+        dbName,
+        INDEX_NAME,
+        {
+          string: {
+            property: "wo",
+          },
+        },
+        {
+          limit: 1,
+          sort: "property",
+          sortType: "string",
+          sortOrder: "desc",
+        }
+      )
+      expect(page.rows.length).toBe(1)
+      expect(page.hasNextPage).toBe(true)
+      expect(page.bookmark).toBeDefined()
+    })
+  })
+
+  describe("full search", () => {
+    it("should be able to perform a full search", async () => {
+      const page = await fullSearch(
+        dbName,
+        INDEX_NAME,
+        {
+          string: {
+            property: "wo",
+          },
+        },
+        {}
+      )
+      expect(page.rows.length).toBe(3)
+    })
+  })
+})
diff --git a/packages/backend-core/src/db/tests/utils.spec.ts b/packages/backend-core/src/db/tests/utils.spec.ts
index 7bdca5ae8b..138457c65e 100644
--- a/packages/backend-core/src/db/tests/utils.spec.ts
+++ b/packages/backend-core/src/db/tests/utils.spec.ts
@@ -1,19 +1,13 @@
-import { generator, DBTestConfiguration, testEnv } from "../../../tests"
 import {
   getDevelopmentAppID,
   getProdAppID,
   isDevAppID,
   isProdAppID,
 } from "../conversions"
-import { generateAppID, getPlatformUrl, getScopedConfig } from "../utils"
-import * as context from "../../context"
-import { Config } from "../../constants"
-import env from "../../environment"
+import { generateAppID } from "../utils"
 
 describe("utils", () => {
-  const config = new DBTestConfiguration()
-
-  describe("app ID manipulation", () => {
+  describe("generateAppID", () => {
     function getID() {
       const appId = generateAppID()
       const split = appId.split("_")
@@ -66,127 +60,4 @@ describe("utils", () => {
       expect(isProdAppID(devAppId)).toEqual(false)
     })
   })
-
-  const DEFAULT_URL = "http://localhost:10000"
-  const ENV_URL = "http://env.com"
-
-  const setDbPlatformUrl = async (dbUrl: string) => {
-    const db = context.getGlobalDB()
-    await db.put({
-      _id: "config_settings",
-      type: Config.SETTINGS,
-      config: {
-        platformUrl: dbUrl,
-      },
-    })
-  }
-
-  const clearSettingsConfig = async () => {
-    await config.doInTenant(async () => {
-      const db = context.getGlobalDB()
-      try {
-        const config = await db.get("config_settings")
-        await db.remove("config_settings", config._rev)
-      } catch (e: any) {
-        if (e.status !== 404) {
-          throw e
-        }
-      }
-    })
-  }
-
-  describe("getPlatformUrl", () => {
-    describe("self host", () => {
-      beforeEach(async () => {
-        testEnv.selfHosted()
-        await clearSettingsConfig()
-      })
-
-      it("gets the default url", async () => {
-        await config.doInTenant(async () => {
-          const url = await getPlatformUrl()
-          expect(url).toBe(DEFAULT_URL)
-        })
-      })
-
-      it("gets the platform url from the environment", async () => {
-        await config.doInTenant(async () => {
-          env._set("PLATFORM_URL", ENV_URL)
-          const url = await getPlatformUrl()
-          expect(url).toBe(ENV_URL)
-        })
-      })
-
-      it("gets the platform url from the database", async () => {
-        await config.doInTenant(async () => {
-          const dbUrl = generator.url()
-          await setDbPlatformUrl(dbUrl)
-          const url = await getPlatformUrl()
-          expect(url).toBe(dbUrl)
-        })
-      })
-    })
-
-    describe("cloud", () => {
-      const TENANT_AWARE_URL = `http://${config.tenantId}.env.com`
-
-      beforeEach(async () => {
-        testEnv.cloudHosted()
-        testEnv.multiTenant()
-
-        env._set("PLATFORM_URL", ENV_URL)
-        await clearSettingsConfig()
-      })
-
-      it("gets the platform url from the environment without tenancy", async () => {
-        await config.doInTenant(async () => {
-          const url = await getPlatformUrl({ tenantAware: false })
-          expect(url).toBe(ENV_URL)
-        })
-      })
-
-      it("gets the platform url from the environment with tenancy", async () => {
-        await config.doInTenant(async () => {
-          const url = await getPlatformUrl()
-          expect(url).toBe(TENANT_AWARE_URL)
-        })
-      })
-
-      it("never gets the platform url from the database", async () => {
-        await config.doInTenant(async () => {
-          await setDbPlatformUrl(generator.url())
-          const url = await getPlatformUrl()
-          expect(url).toBe(TENANT_AWARE_URL)
-        })
-      })
-    })
-  })
-
-  describe("getScopedConfig", () => {
-    describe("settings config", () => {
-      beforeEach(async () => {
-        env._set("SELF_HOSTED", 1)
-        env._set("PLATFORM_URL", "")
-        await clearSettingsConfig()
-      })
-
-      it("returns the platform url with an existing config", async () => {
-        await config.doInTenant(async () => {
-          const dbUrl = generator.url()
-          await setDbPlatformUrl(dbUrl)
-          const db = context.getGlobalDB()
-          const config = await getScopedConfig(db, { type: Config.SETTINGS })
-          expect(config.platformUrl).toBe(dbUrl)
-        })
-      })
-
-      it("returns the platform url without an existing config", async () => {
-        await config.doInTenant(async () => {
-          const db = context.getGlobalDB()
-          const config = await getScopedConfig(db, { type: Config.SETTINGS })
-          expect(config.platformUrl).toBe(DEFAULT_URL)
-        })
-      })
-    })
-  })
 })
diff --git a/packages/backend-core/src/db/utils.ts b/packages/backend-core/src/db/utils.ts
index 233d044eaa..76c52d08ad 100644
--- a/packages/backend-core/src/db/utils.ts
+++ b/packages/backend-core/src/db/utils.ts
@@ -9,12 +9,11 @@ import {
   InternalTable,
   APP_PREFIX,
 } from "../constants"
-import { getTenantId, getGlobalDB, getGlobalDBName } from "../context"
+import { getTenantId, getGlobalDBName } from "../context"
 import { doWithDB, directCouchAllDbs } from "./db"
 import { getAppMetadata } from "../cache/appMetadata"
 import { isDevApp, isDevAppID, getProdAppID } from "./conversions"
-import * as events from "../events"
-import { App, Database, ConfigType, isSettingsConfig } from "@budibase/types"
+import { App, Database } from "@budibase/types"
 
 /**
  * Generates a new app ID.
@@ -366,6 +365,16 @@ export async function getAllApps({
   }
 }
 
+export async function getAppsByIDs(appIds: string[]) {
+  const settled = await Promise.allSettled(
+    appIds.map(appId => getAppMetadata(appId))
+  )
+  // have to list the apps which exist, some may have been deleted
+  return settled
+    .filter(promise => promise.status === "fulfilled")
+    .map(promise => (promise as PromiseFulfilledResult<App>).value)
+}
+
 /**
  * Utility function for getAllApps but filters to production apps only.
  */
@@ -382,6 +391,16 @@ export async function getDevAppIDs() {
   return apps.filter((id: any) => isDevAppID(id))
 }
 
+export function isSameAppID(
+  appId1: string | undefined,
+  appId2: string | undefined
+) {
+  if (appId1 == undefined || appId2 == undefined) {
+    return false
+  }
+  return getProdAppID(appId1) === getProdAppID(appId2)
+}
+
 export async function dbExists(dbName: any) {
   return doWithDB(
     dbName,
@@ -392,32 +411,6 @@ export async function dbExists(dbName: any) {
   )
 }
 
-/**
- * Generates a new configuration ID.
- * @returns {string} The new configuration ID which the config doc can be stored under.
- */
-export const generateConfigID = ({ type, workspace, user }: any) => {
-  const scope = [type, workspace, user].filter(Boolean).join(SEPARATOR)
-
-  return `${DocumentType.CONFIG}${SEPARATOR}${scope}`
-}
-
-/**
- * Gets parameters for retrieving configurations.
- */
-export const getConfigParams = (
-  { type, workspace, user }: any,
-  otherProps = {}
-) => {
-  const scope = [type, workspace, user].filter(Boolean).join(SEPARATOR)
-
-  return {
-    ...otherProps,
-    startkey: `${DocumentType.CONFIG}${SEPARATOR}${scope}`,
-    endkey: `${DocumentType.CONFIG}${SEPARATOR}${scope}${UNICODE_MAX}`,
-  }
-}
-
 /**
  * Generates a new dev info document ID - this is scoped to a user.
  * @returns {string} The new dev info ID which info for dev (like api key) can be stored under.
@@ -441,109 +434,6 @@ export const getPluginParams = (pluginId?: string | null, otherProps = {}) => {
   return getDocParams(DocumentType.PLUGIN, pluginId, otherProps)
 }
 
-/**
- * Returns the most granular configuration document from the DB based on the type, workspace and userID passed.
- * @param {Object} db - db instance to query
- * @param {Object} scopes - the type, workspace and userID scopes of the configuration.
- * @returns The most granular configuration document based on the scope.
- */
-export const getScopedFullConfig = async function (
-  db: any,
-  { type, user, workspace }: any
-) {
-  const response = await db.allDocs(
-    getConfigParams(
-      { type, user, workspace },
-      {
-        include_docs: true,
-      }
-    )
-  )
-
-  function determineScore(row: any) {
-    const config = row.doc
-
-    // Config is specific to a user and a workspace
-    if (config._id.includes(generateConfigID({ type, user, workspace }))) {
-      return 4
-    } else if (config._id.includes(generateConfigID({ type, user }))) {
-      // Config is specific to a user only
-      return 3
-    } else if (config._id.includes(generateConfigID({ type, workspace }))) {
-      // Config is specific to a workspace only
-      return 2
-    } else if (config._id.includes(generateConfigID({ type }))) {
-      // Config is specific to a type only
-      return 1
-    }
-    return 0
-  }
-
-  // Find the config with the most granular scope based on context
-  let scopedConfig = response.rows.sort(
-    (a: any, b: any) => determineScore(a) - determineScore(b)
-  )[0]
-
-  // custom logic for settings doc
-  if (type === ConfigType.SETTINGS) {
-    if (!scopedConfig || !scopedConfig.doc) {
-      // defaults
-      scopedConfig = {
-        doc: {
-          _id: generateConfigID({ type, user, workspace }),
-          type: ConfigType.SETTINGS,
-          config: {
-            platformUrl: await getPlatformUrl({ tenantAware: true }),
-            analyticsEnabled: await events.analytics.enabled(),
-          },
-        },
-      }
-    }
-
-    // will always be true - use assertion function to get type access
-    if (isSettingsConfig(scopedConfig.doc)) {
-      // overrides affected by environment
-      scopedConfig.doc.config.platformUrl = await getPlatformUrl({
-        tenantAware: true,
-      })
-      scopedConfig.doc.config.analyticsEnabled =
-        await events.analytics.enabled()
-    }
-  }
-
-  return scopedConfig && scopedConfig.doc
-}
-
-export const getPlatformUrl = async (opts = { tenantAware: true }) => {
-  let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
-
-  if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
-    // cloud and multi tenant - add the tenant to the default platform url
-    const tenantId = getTenantId()
-    if (!platformUrl.includes("localhost:")) {
-      platformUrl = platformUrl.replace("://", `://${tenantId}.`)
-    }
-  } else if (env.SELF_HOSTED) {
-    const db = getGlobalDB()
-    // get the doc directly instead of with getScopedConfig to prevent loop
-    let settings
-    try {
-      settings = await db.get(generateConfigID({ type: ConfigType.SETTINGS }))
-    } catch (e: any) {
-      if (e.status !== 404) {
-        throw e
-      }
-    }
-
-    // self hosted - check for platform url override
-    if (settings && settings.config && settings.config.platformUrl) {
-      platformUrl = settings.config.platformUrl
-    }
-  }
-
-  return platformUrl
-}
-
 export function pagination(
   data: any[],
   pageSize: number,
@@ -577,8 +467,3 @@ export function pagination(
     nextPage,
   }
 }
-
-export async function getScopedConfig(db: any, params: any) {
-  const configDoc = await getScopedFullConfig(db, params)
-  return configDoc && configDoc.config ? configDoc.config : configDoc
-}
diff --git a/packages/backend-core/src/environment.ts b/packages/backend-core/src/environment.ts
index ed7a161160..8dc2cce487 100644
--- a/packages/backend-core/src/environment.ts
+++ b/packages/backend-core/src/environment.ts
@@ -28,6 +28,8 @@ const DefaultBucketName = {
   PLUGINS: "plugins",
 }
 
+const selfHosted = !!parseInt(process.env.SELF_HOSTED || "")
+
 const environment = {
   isTest,
   isJest,
@@ -58,7 +60,7 @@ const environment = {
     process.env.ACCOUNT_PORTAL_URL || "https://account.budibase.app",
   ACCOUNT_PORTAL_API_KEY: process.env.ACCOUNT_PORTAL_API_KEY || "",
   DISABLE_ACCOUNT_PORTAL: process.env.DISABLE_ACCOUNT_PORTAL,
-  SELF_HOSTED: !!parseInt(process.env.SELF_HOSTED || ""),
+  SELF_HOSTED: selfHosted,
   COOKIE_DOMAIN: process.env.COOKIE_DOMAIN,
   PLATFORM_URL: process.env.PLATFORM_URL || "",
   POSTHOG_TOKEN: process.env.POSTHOG_TOKEN,
@@ -84,6 +86,23 @@ const environment = {
   DEPLOYMENT_ENVIRONMENT:
     process.env.DEPLOYMENT_ENVIRONMENT || "docker-compose",
   ENABLE_4XX_HTTP_LOGGING: process.env.ENABLE_4XX_HTTP_LOGGING || true,
+  ENABLE_AUDIT_LOG_IP_ADDR: process.env.ENABLE_AUDIT_LOG_IP_ADDR,
+  // smtp
+  SMTP_FALLBACK_ENABLED: process.env.SMTP_FALLBACK_ENABLED,
+  SMTP_USER: process.env.SMTP_USER,
+  SMTP_PASSWORD: process.env.SMTP_PASSWORD,
+  SMTP_HOST: process.env.SMTP_HOST,
+  SMTP_PORT: parseInt(process.env.SMTP_PORT || ""),
+  SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
+  DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
+  /**
+   * Enable to allow an admin user to login using a password.
+   * This can be useful to prevent lockout when configuring SSO.
+   * However, this should be turned OFF by default for security purposes.
+   */
+  ENABLE_SSO_MAINTENANCE_MODE: selfHosted
+    ? process.env.ENABLE_SSO_MAINTENANCE_MODE
+    : false,
   _set(key: any, value: any) {
     process.env[key] = value
     // @ts-ignore
diff --git a/packages/backend-core/src/events/analytics.ts b/packages/backend-core/src/events/analytics.ts
index 7fbc6d9c2b..dcfd6d5104 100644
--- a/packages/backend-core/src/events/analytics.ts
+++ b/packages/backend-core/src/events/analytics.ts
@@ -1,55 +1,6 @@
-import env from "../environment"
-import * as context from "../context"
-import * as dbUtils from "../db/utils"
-import { Config } from "../constants"
-import { withCache, TTL, CacheKey } from "../cache"
+import * as configs from "../configs"
 
+// wrapper utility function
 export const enabled = async () => {
-  // cloud - always use the environment variable
-  if (!env.SELF_HOSTED) {
-    return !!env.ENABLE_ANALYTICS
-  }
-
-  // self host - prefer the settings doc
-  // use cache as events have high throughput
-  const enabledInDB = await withCache(
-    CacheKey.ANALYTICS_ENABLED,
-    TTL.ONE_DAY,
-    async () => {
-      const settings = await getSettingsDoc()
-
-      // need to do explicit checks in case the field is not set
-      if (settings?.config?.analyticsEnabled === false) {
-        return false
-      } else if (settings?.config?.analyticsEnabled === true) {
-        return true
-      }
-    }
-  )
-
-  if (enabledInDB !== undefined) {
-    return enabledInDB
-  }
-
-  // fallback to the environment variable
-  // explicitly check for 0 or false here, undefined or otherwise is treated as true
-  const envEnabled: any = env.ENABLE_ANALYTICS
-  if (envEnabled === 0 || envEnabled === false) {
-    return false
-  } else {
-    return true
-  }
-}
-
-const getSettingsDoc = async () => {
-  const db = context.getGlobalDB()
-  let settings
-  try {
-    settings = await db.get(dbUtils.generateConfigID({ type: Config.SETTINGS }))
-  } catch (e: any) {
-    if (e.status !== 404) {
-      throw e
-    }
-  }
-  return settings
+  return configs.analyticsEnabled()
 }
diff --git a/packages/backend-core/src/events/events.ts b/packages/backend-core/src/events/events.ts
index 01928221a0..c2f7cf66ec 100644
--- a/packages/backend-core/src/events/events.ts
+++ b/packages/backend-core/src/events/events.ts
@@ -1,4 +1,4 @@
-import { Event } from "@budibase/types"
+import { Event, AuditedEventFriendlyName } from "@budibase/types"
 import { processors } from "./processors"
 import identification from "./identification"
 import * as backfill from "./backfill"
diff --git a/packages/backend-core/src/events/identification.ts b/packages/backend-core/src/events/identification.ts
index 7cade9e14b..9534fb293d 100644
--- a/packages/backend-core/src/events/identification.ts
+++ b/packages/backend-core/src/events/identification.ts
@@ -10,7 +10,6 @@ import {
   isCloudAccount,
   isSSOAccount,
   TenantGroup,
-  SettingsConfig,
   CloudAccount,
   UserIdentity,
   InstallationGroup,
@@ -19,10 +18,9 @@ import {
   isSSOUser,
 } from "@budibase/types"
 import { processors } from "./processors"
-import * as dbUtils from "../db/utils"
-import { Config } from "../constants"
 import { newid } from "../utils"
 import * as installation from "../installation"
+import * as configs from "../configs"
 import { withCache, TTL, CacheKey } from "../cache/generic"
 
 const pkg = require("../../package.json")
@@ -89,6 +87,7 @@ const getCurrentIdentity = async (): Promise<Identity> => {
       installationId,
       tenantId,
       environment,
+      hostInfo: userContext.hostInfo,
     }
   } else {
     throw new Error("Unknown identity type")
@@ -270,9 +269,7 @@ const getUniqueTenantId = async (tenantId: string): Promise<string> => {
   return context.doInTenant(tenantId, () => {
     return withCache(CacheKey.UNIQUE_TENANT_ID, TTL.ONE_DAY, async () => {
       const db = context.getGlobalDB()
-      const config: SettingsConfig = await dbUtils.getScopedFullConfig(db, {
-        type: Config.SETTINGS,
-      })
+      const config = await configs.getSettingsConfigDoc()
 
       let uniqueTenantId: string
       if (config.config.uniqueTenantId) {
diff --git a/packages/backend-core/src/events/processors/AuditLogsProcessor.ts b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts
new file mode 100644
index 0000000000..94b4e1b09f
--- /dev/null
+++ b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts
@@ -0,0 +1,93 @@
+import {
+  Event,
+  Identity,
+  Group,
+  IdentityType,
+  AuditLogQueueEvent,
+  AuditLogFn,
+  HostInfo,
+} from "@budibase/types"
+import { EventProcessor } from "./types"
+import { getAppId, doInTenant, getTenantId } from "../../context"
+import BullQueue from "bull"
+import { createQueue, JobQueue } from "../../queue"
+import { isAudited } from "../../utils"
+import env from "../../environment"
+
+export default class AuditLogsProcessor implements EventProcessor {
+  static auditLogsEnabled = false
+  static auditLogQueue: BullQueue.Queue<AuditLogQueueEvent>
+
+  // can't use constructor as need to return promise
+  static init(fn: AuditLogFn) {
+    AuditLogsProcessor.auditLogsEnabled = true
+    const writeAuditLogs = fn
+    AuditLogsProcessor.auditLogQueue = createQueue<AuditLogQueueEvent>(
+      JobQueue.AUDIT_LOG
+    )
+    return AuditLogsProcessor.auditLogQueue.process(async job => {
+      return doInTenant(job.data.tenantId, async () => {
+        let properties = job.data.properties
+        if (properties.audited) {
+          properties = {
+            ...properties,
+            ...properties.audited,
+          }
+          delete properties.audited
+        }
+
+        // this feature is disabled by default due to privacy requirements
+        // in some countries - available as env var in-case it is desired
+        // in self host deployments
+        let hostInfo: HostInfo | undefined = {}
+        if (env.ENABLE_AUDIT_LOG_IP_ADDR) {
+          hostInfo = job.data.opts.hostInfo
+        }
+
+        await writeAuditLogs(job.data.event, properties, {
+          userId: job.data.opts.userId,
+          timestamp: job.data.opts.timestamp,
+          appId: job.data.opts.appId,
+          hostInfo,
+        })
+      })
+    })
+  }
+
+  async processEvent(
+    event: Event,
+    identity: Identity,
+    properties: any,
+    timestamp?: string
+  ): Promise<void> {
+    if (AuditLogsProcessor.auditLogsEnabled && isAudited(event)) {
+      // only audit log actual events, don't include backfills
+      const userId =
+        identity.type === IdentityType.USER ? identity.id : undefined
+      // add to the event queue, rather than just writing immediately
+      await AuditLogsProcessor.auditLogQueue.add({
+        event,
+        properties,
+        opts: {
+          userId,
+          timestamp,
+          appId: getAppId(),
+          hostInfo: identity.hostInfo,
+        },
+        tenantId: getTenantId(),
+      })
+    }
+  }
+
+  async identify(identity: Identity, timestamp?: string | number) {
+    // no-op
+  }
+
+  async identifyGroup(group: Group, timestamp?: string | number) {
+    // no-op
+  }
+
+  shutdown(): void {
+    AuditLogsProcessor.auditLogQueue?.close()
+  }
+}
diff --git a/packages/backend-core/src/events/processors/index.ts b/packages/backend-core/src/events/processors/index.ts
index 0e75f050db..6646764e47 100644
--- a/packages/backend-core/src/events/processors/index.ts
+++ b/packages/backend-core/src/events/processors/index.ts
@@ -1,8 +1,19 @@
 import AnalyticsProcessor from "./AnalyticsProcessor"
 import LoggingProcessor from "./LoggingProcessor"
+import AuditLogsProcessor from "./AuditLogsProcessor"
 import Processors from "./Processors"
+import { AuditLogFn } from "@budibase/types"
 
 export const analyticsProcessor = new AnalyticsProcessor()
 const loggingProcessor = new LoggingProcessor()
+const auditLogsProcessor = new AuditLogsProcessor()
 
-export const processors = new Processors([analyticsProcessor, loggingProcessor])
+export function init(auditingFn: AuditLogFn) {
+  return AuditLogsProcessor.init(auditingFn)
+}
+
+export const processors = new Processors([
+  analyticsProcessor,
+  loggingProcessor,
+  auditLogsProcessor,
+])
diff --git a/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts b/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
index 593e5ff082..0dbe70d543 100644
--- a/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
+++ b/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
@@ -47,6 +47,8 @@ export default class PosthogProcessor implements EventProcessor {
       return
     }
 
+    properties = this.clearPIIProperties(properties)
+
     properties.version = pkg.version
     properties.service = env.SERVICE
     properties.environment = identity.environment
@@ -79,6 +81,16 @@ export default class PosthogProcessor implements EventProcessor {
     this.posthog.capture(payload)
   }
 
+  clearPIIProperties(properties: any) {
+    if (properties.email) {
+      delete properties.email
+    }
+    if (properties.audited) {
+      delete properties.audited
+    }
+    return properties
+  }
+
   async identify(identity: Identity, timestamp?: string | number) {
     const payload: any = { distinctId: identity.id, properties: identity }
     if (timestamp) {
diff --git a/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts b/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
index 2c1340d36e..8df4e40bcf 100644
--- a/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
+++ b/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
@@ -49,6 +49,25 @@ describe("PosthogProcessor", () => {
       expect(processor.posthog.capture).toHaveBeenCalledTimes(0)
     })
 
+    it("removes audited information", async () => {
+      const processor = new PosthogProcessor("test")
+
+      const identity = newIdentity()
+      const properties = {
+        email: "test",
+        audited: {
+          name: "test",
+        },
+      }
+
+      await processor.processEvent(Event.USER_CREATED, identity, properties)
+      expect(processor.posthog.capture).toHaveBeenCalled()
+      // @ts-ignore
+      const call = processor.posthog.capture.mock.calls[0][0]
+      expect(call.properties.audited).toBeUndefined()
+      expect(call.properties.email).toBeUndefined()
+    })
+
     describe("rate limiting", () => {
       it("sends daily event once in same day", async () => {
         const processor = new PosthogProcessor("test")
diff --git a/packages/backend-core/src/events/publishers/app.ts b/packages/backend-core/src/events/publishers/app.ts
index 90da21f3f5..d08d59b5f1 100644
--- a/packages/backend-core/src/events/publishers/app.ts
+++ b/packages/backend-core/src/events/publishers/app.ts
@@ -19,6 +19,9 @@ const created = async (app: App, timestamp?: string | number) => {
   const properties: AppCreatedEvent = {
     appId: app.appId,
     version: app.version,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_CREATED, properties, timestamp)
 }
@@ -27,6 +30,9 @@ async function updated(app: App) {
   const properties: AppUpdatedEvent = {
     appId: app.appId,
     version: app.version,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_UPDATED, properties)
 }
@@ -34,6 +40,9 @@ async function updated(app: App) {
 async function deleted(app: App) {
   const properties: AppDeletedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_DELETED, properties)
 }
@@ -41,6 +50,9 @@ async function deleted(app: App) {
 async function published(app: App, timestamp?: string | number) {
   const properties: AppPublishedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_PUBLISHED, properties, timestamp)
 }
@@ -48,6 +60,9 @@ async function published(app: App, timestamp?: string | number) {
 async function unpublished(app: App) {
   const properties: AppUnpublishedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_UNPUBLISHED, properties)
 }
@@ -55,6 +70,9 @@ async function unpublished(app: App) {
 async function fileImported(app: App) {
   const properties: AppFileImportedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_FILE_IMPORTED, properties)
 }
@@ -63,6 +81,9 @@ async function templateImported(app: App, templateKey: string) {
   const properties: AppTemplateImportedEvent = {
     appId: app.appId,
     templateKey,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_TEMPLATE_IMPORTED, properties)
 }
@@ -76,6 +97,9 @@ async function versionUpdated(
     appId: app.appId,
     currentVersion,
     updatedToVersion,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_VERSION_UPDATED, properties)
 }
@@ -89,6 +113,9 @@ async function versionReverted(
     appId: app.appId,
     currentVersion,
     revertedToVersion,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_VERSION_REVERTED, properties)
 }
@@ -96,6 +123,9 @@ async function versionReverted(
 async function reverted(app: App) {
   const properties: AppRevertedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_REVERTED, properties)
 }
@@ -103,6 +133,9 @@ async function reverted(app: App) {
 async function exported(app: App) {
   const properties: AppExportedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_EXPORTED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/auditLog.ts b/packages/backend-core/src/events/publishers/auditLog.ts
new file mode 100644
index 0000000000..7cfb76147a
--- /dev/null
+++ b/packages/backend-core/src/events/publishers/auditLog.ts
@@ -0,0 +1,26 @@
+import {
+  Event,
+  AuditLogSearchParams,
+  AuditLogFilteredEvent,
+  AuditLogDownloadedEvent,
+} from "@budibase/types"
+import { publishEvent } from "../events"
+
+async function filtered(search: AuditLogSearchParams) {
+  const properties: AuditLogFilteredEvent = {
+    filters: search,
+  }
+  await publishEvent(Event.AUDIT_LOGS_FILTERED, properties)
+}
+
+async function downloaded(search: AuditLogSearchParams) {
+  const properties: AuditLogDownloadedEvent = {
+    filters: search,
+  }
+  await publishEvent(Event.AUDIT_LOGS_DOWNLOADED, properties)
+}
+
+export default {
+  filtered,
+  downloaded,
+}
diff --git a/packages/backend-core/src/events/publishers/auth.ts b/packages/backend-core/src/events/publishers/auth.ts
index 4436045599..e275d2dbb0 100644
--- a/packages/backend-core/src/events/publishers/auth.ts
+++ b/packages/backend-core/src/events/publishers/auth.ts
@@ -12,19 +12,25 @@ import {
 } from "@budibase/types"
 import { identification } from ".."
 
-async function login(source: LoginSource) {
+async function login(source: LoginSource, email: string) {
   const identity = await identification.getCurrentIdentity()
   const properties: LoginEvent = {
     userId: identity.id,
     source,
+    audited: {
+      email,
+    },
   }
   await publishEvent(Event.AUTH_LOGIN, properties)
 }
 
-async function logout() {
+async function logout(email?: string) {
   const identity = await identification.getCurrentIdentity()
   const properties: LogoutEvent = {
     userId: identity.id,
+    audited: {
+      email,
+    },
   }
   await publishEvent(Event.AUTH_LOGOUT, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/automation.ts b/packages/backend-core/src/events/publishers/automation.ts
index 6eb36ab067..419d4136bd 100644
--- a/packages/backend-core/src/events/publishers/automation.ts
+++ b/packages/backend-core/src/events/publishers/automation.ts
@@ -18,6 +18,9 @@ async function created(automation: Automation, timestamp?: string | number) {
     automationId: automation._id as string,
     triggerId: automation.definition?.trigger?.id,
     triggerType: automation.definition?.trigger?.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_CREATED, properties, timestamp)
 }
@@ -38,6 +41,9 @@ async function deleted(automation: Automation) {
     automationId: automation._id as string,
     triggerId: automation.definition?.trigger?.id,
     triggerType: automation.definition?.trigger?.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_DELETED, properties)
 }
@@ -71,6 +77,9 @@ async function stepCreated(
     triggerType: automation.definition?.trigger?.stepId,
     stepId: step.id!,
     stepType: step.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_STEP_CREATED, properties, timestamp)
 }
@@ -83,6 +92,9 @@ async function stepDeleted(automation: Automation, step: AutomationStep) {
     triggerType: automation.definition?.trigger?.stepId,
     stepId: step.id!,
     stepType: step.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_STEP_DELETED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/backup.ts b/packages/backend-core/src/events/publishers/backup.ts
index 12263fe1ff..d7d87f09f1 100644
--- a/packages/backend-core/src/events/publishers/backup.ts
+++ b/packages/backend-core/src/events/publishers/backup.ts
@@ -13,6 +13,7 @@ async function appBackupRestored(backup: AppBackup) {
     appId: backup.appId,
     restoreId: backup._id!,
     backupCreatedAt: backup.timestamp,
+    name: backup.name as string,
   }
 
   await publishEvent(Event.APP_BACKUP_RESTORED, properties)
@@ -22,13 +23,15 @@ async function appBackupTriggered(
   appId: string,
   backupId: string,
   type: AppBackupType,
-  trigger: AppBackupTrigger
+  trigger: AppBackupTrigger,
+  name: string
 ) {
   const properties: AppBackupTriggeredEvent = {
     appId: appId,
     backupId,
     type,
     trigger,
+    name,
   }
   await publishEvent(Event.APP_BACKUP_TRIGGERED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/group.ts b/packages/backend-core/src/events/publishers/group.ts
index d79920562b..a000b880a2 100644
--- a/packages/backend-core/src/events/publishers/group.ts
+++ b/packages/backend-core/src/events/publishers/group.ts
@@ -8,12 +8,16 @@ import {
   GroupUsersAddedEvent,
   GroupUsersDeletedEvent,
   GroupAddedOnboardingEvent,
+  GroupPermissionsEditedEvent,
   UserGroupRoles,
 } from "@budibase/types"
 
 async function created(group: UserGroup, timestamp?: number) {
   const properties: GroupCreatedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_CREATED, properties, timestamp)
 }
@@ -21,6 +25,9 @@ async function created(group: UserGroup, timestamp?: number) {
 async function updated(group: UserGroup) {
   const properties: GroupUpdatedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_UPDATED, properties)
 }
@@ -28,6 +35,9 @@ async function updated(group: UserGroup) {
 async function deleted(group: UserGroup) {
   const properties: GroupDeletedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_DELETED, properties)
 }
@@ -36,6 +46,9 @@ async function usersAdded(count: number, group: UserGroup) {
   const properties: GroupUsersAddedEvent = {
     count,
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_USERS_ADDED, properties)
 }
@@ -44,6 +57,9 @@ async function usersDeleted(count: number, group: UserGroup) {
   const properties: GroupUsersDeletedEvent = {
     count,
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_USERS_REMOVED, properties)
 }
@@ -56,9 +72,13 @@ async function createdOnboarding(groupId: string) {
   await publishEvent(Event.USER_GROUP_ONBOARDING, properties)
 }
 
-async function permissionsEdited(roles: UserGroupRoles) {
-  const properties: UserGroupRoles = {
-    ...roles,
+async function permissionsEdited(group: UserGroup) {
+  const properties: GroupPermissionsEditedEvent = {
+    permissions: group.roles!,
+    groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_PERMISSIONS_EDITED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/index.ts b/packages/backend-core/src/events/publishers/index.ts
index 34e47b2990..87a34bf3f1 100644
--- a/packages/backend-core/src/events/publishers/index.ts
+++ b/packages/backend-core/src/events/publishers/index.ts
@@ -21,3 +21,4 @@ export { default as group } from "./group"
 export { default as plugin } from "./plugin"
 export { default as backup } from "./backup"
 export { default as environmentVariable } from "./environmentVariable"
+export { default as auditLog } from "./auditLog"
diff --git a/packages/backend-core/src/events/publishers/screen.ts b/packages/backend-core/src/events/publishers/screen.ts
index 27264b5847..df486029e8 100644
--- a/packages/backend-core/src/events/publishers/screen.ts
+++ b/packages/backend-core/src/events/publishers/screen.ts
@@ -11,6 +11,9 @@ async function created(screen: Screen, timestamp?: string | number) {
     layoutId: screen.layoutId,
     screenId: screen._id as string,
     roleId: screen.routing.roleId,
+    audited: {
+      name: screen.routing?.route,
+    },
   }
   await publishEvent(Event.SCREEN_CREATED, properties, timestamp)
 }
@@ -20,6 +23,9 @@ async function deleted(screen: Screen) {
     layoutId: screen.layoutId,
     screenId: screen._id as string,
     roleId: screen.routing.roleId,
+    audited: {
+      name: screen.routing?.route,
+    },
   }
   await publishEvent(Event.SCREEN_DELETED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/table.ts b/packages/backend-core/src/events/publishers/table.ts
index d50f4df0e1..dc3200291a 100644
--- a/packages/backend-core/src/events/publishers/table.ts
+++ b/packages/backend-core/src/events/publishers/table.ts
@@ -13,6 +13,9 @@ import {
 async function created(table: Table, timestamp?: string | number) {
   const properties: TableCreatedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_CREATED, properties, timestamp)
 }
@@ -20,6 +23,9 @@ async function created(table: Table, timestamp?: string | number) {
 async function updated(table: Table) {
   const properties: TableUpdatedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_UPDATED, properties)
 }
@@ -27,6 +33,9 @@ async function updated(table: Table) {
 async function deleted(table: Table) {
   const properties: TableDeletedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_DELETED, properties)
 }
@@ -35,6 +44,9 @@ async function exported(table: Table, format: TableExportFormat) {
   const properties: TableExportedEvent = {
     tableId: table._id as string,
     format,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_EXPORTED, properties)
 }
@@ -42,6 +54,9 @@ async function exported(table: Table, format: TableExportFormat) {
 async function imported(table: Table) {
   const properties: TableImportedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_IMPORTED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/user.ts b/packages/backend-core/src/events/publishers/user.ts
index 1fe50149b5..8dbc494d1e 100644
--- a/packages/backend-core/src/events/publishers/user.ts
+++ b/packages/backend-core/src/events/publishers/user.ts
@@ -19,6 +19,9 @@ import {
 async function created(user: User, timestamp?: number) {
   const properties: UserCreatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_CREATED, properties, timestamp)
 }
@@ -26,6 +29,9 @@ async function created(user: User, timestamp?: number) {
 async function updated(user: User) {
   const properties: UserUpdatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_UPDATED, properties)
 }
@@ -33,6 +39,9 @@ async function updated(user: User) {
 async function deleted(user: User) {
   const properties: UserDeletedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_DELETED, properties)
 }
@@ -40,6 +49,9 @@ async function deleted(user: User) {
 export async function onboardingComplete(user: User) {
   const properties: UserOnboardingEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_ONBOARDING_COMPLETE, properties)
 }
@@ -49,6 +61,9 @@ export async function onboardingComplete(user: User) {
 async function permissionAdminAssigned(user: User, timestamp?: number) {
   const properties: UserPermissionAssignedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(
     Event.USER_PERMISSION_ADMIN_ASSIGNED,
@@ -60,6 +75,9 @@ async function permissionAdminAssigned(user: User, timestamp?: number) {
 async function permissionAdminRemoved(user: User) {
   const properties: UserPermissionRemovedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PERMISSION_ADMIN_REMOVED, properties)
 }
@@ -67,6 +85,9 @@ async function permissionAdminRemoved(user: User) {
 async function permissionBuilderAssigned(user: User, timestamp?: number) {
   const properties: UserPermissionAssignedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(
     Event.USER_PERMISSION_BUILDER_ASSIGNED,
@@ -78,20 +99,30 @@ async function permissionBuilderAssigned(user: User, timestamp?: number) {
 async function permissionBuilderRemoved(user: User) {
   const properties: UserPermissionRemovedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PERMISSION_BUILDER_REMOVED, properties)
 }
 
 // INVITE
 
-async function invited() {
-  const properties: UserInvitedEvent = {}
+async function invited(email: string) {
+  const properties: UserInvitedEvent = {
+    audited: {
+      email,
+    },
+  }
   await publishEvent(Event.USER_INVITED, properties)
 }
 
 async function inviteAccepted(user: User) {
   const properties: UserInviteAcceptedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_INVITED_ACCEPTED, properties)
 }
@@ -101,6 +132,9 @@ async function inviteAccepted(user: User) {
 async function passwordForceReset(user: User) {
   const properties: UserPasswordForceResetEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_FORCE_RESET, properties)
 }
@@ -108,6 +142,9 @@ async function passwordForceReset(user: User) {
 async function passwordUpdated(user: User) {
   const properties: UserPasswordUpdatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_UPDATED, properties)
 }
@@ -115,6 +152,9 @@ async function passwordUpdated(user: User) {
 async function passwordResetRequested(user: User) {
   const properties: UserPasswordResetRequestedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_RESET_REQUESTED, properties)
 }
@@ -122,6 +162,9 @@ async function passwordResetRequested(user: User) {
 async function passwordReset(user: User) {
   const properties: UserPasswordResetEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_RESET, properties)
 }
diff --git a/packages/backend-core/src/index.ts b/packages/backend-core/src/index.ts
index d507d8175f..48569548e3 100644
--- a/packages/backend-core/src/index.ts
+++ b/packages/backend-core/src/index.ts
@@ -1,3 +1,4 @@
+export * as configs from "./configs"
 export * as events from "./events"
 export * as migrations from "./migrations"
 export * as users from "./users"
@@ -20,11 +21,11 @@ export * as context from "./context"
 export * as cache from "./cache"
 export * as objectStore from "./objectStore"
 export * as redis from "./redis"
-export * as locks from "./redis/redlock"
+export * as locks from "./redis/redlockImpl"
 export * as utils from "./utils"
 export * as errors from "./errors"
 export { default as env } from "./environment"
-
+export { SearchParams } from "./db"
 // Add context to tenancy for backwards compatibility
 // only do this for external usages to prevent internal
 // circular dependencies
diff --git a/packages/backend-core/src/middleware/authenticated.ts b/packages/backend-core/src/middleware/authenticated.ts
index 4bb2aaba76..0708581570 100644
--- a/packages/backend-core/src/middleware/authenticated.ts
+++ b/packages/backend-core/src/middleware/authenticated.ts
@@ -8,7 +8,7 @@ import { getGlobalDB, doInTenant } from "../context"
 import { decrypt } from "../security/encryption"
 import * as identity from "../context/identity"
 import env from "../environment"
-import { BBContext, EndpointMatcher } from "@budibase/types"
+import { Ctx, EndpointMatcher } from "@budibase/types"
 
 const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
   ? parseInt(env.SESSION_UPDATE_PERIOD)
@@ -73,7 +73,7 @@ export default function (
   }
 ) {
   const noAuthOptions = noAuthPatterns ? buildMatcherRegex(noAuthPatterns) : []
-  return async (ctx: BBContext | any, next: any) => {
+  return async (ctx: Ctx | any, next: any) => {
     let publicEndpoint = false
     const version = ctx.request.headers[Header.API_VER]
     // the path is not authenticated
@@ -115,7 +115,8 @@ export default function (
           authenticated = true
         } catch (err: any) {
           authenticated = false
-          console.error("Auth Error", err?.message || err)
+          console.error(`Auth Error: ${err.message}`)
+          console.error(err)
           // remove the cookie as the user does not exist anymore
           clearCookie(ctx, Cookie.Auth)
         }
@@ -148,12 +149,13 @@ export default function (
       finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
 
       if (user && user.email) {
-        return identity.doInUserContext(user, next)
+        return identity.doInUserContext(user, ctx, next)
       } else {
         return next()
       }
     } catch (err: any) {
-      console.error("Auth Error", err?.message || err)
+      console.error(`Auth Error: ${err.message}`)
+      console.error(err)
       // invalid token, clear the cookie
       if (err && err.name === "JsonWebTokenError") {
         clearCookie(ctx, Cookie.Auth)
diff --git a/packages/backend-core/src/middleware/errorHandling.ts b/packages/backend-core/src/middleware/errorHandling.ts
index 5ac70c33e5..36aff2cdbc 100644
--- a/packages/backend-core/src/middleware/errorHandling.ts
+++ b/packages/backend-core/src/middleware/errorHandling.ts
@@ -11,6 +11,7 @@ export async function errorHandling(ctx: any, next: any) {
 
     if (status > 499 || env.ENABLE_4XX_HTTP_LOGGING) {
       ctx.log.error(err)
+      console.trace(err)
     }
 
     const error = errors.getPublicError(err)
diff --git a/packages/backend-core/src/middleware/index.ts b/packages/backend-core/src/middleware/index.ts
index de609f9a3e..addeac6a1a 100644
--- a/packages/backend-core/src/middleware/index.ts
+++ b/packages/backend-core/src/middleware/index.ts
@@ -17,4 +17,5 @@ export { default as builderOrAdmin } from "./builderOrAdmin"
 export { default as builderOnly } from "./builderOnly"
 export { default as logging } from "./logging"
 export { default as errorHandling } from "./errorHandling"
+export { default as querystringToBody } from "./querystringToBody"
 export * as joiValidator from "./joi-validator"
diff --git a/packages/backend-core/src/middleware/passport/datasource/google.ts b/packages/backend-core/src/middleware/passport/datasource/google.ts
index 112f8d2096..32451cb8d2 100644
--- a/packages/backend-core/src/middleware/passport/datasource/google.ts
+++ b/packages/backend-core/src/middleware/passport/datasource/google.ts
@@ -1,9 +1,8 @@
 import * as google from "../sso/google"
-import { Cookie, Config } from "../../../constants"
+import { Cookie } from "../../../constants"
 import { clearCookie, getCookie } from "../../../utils"
-import { getScopedConfig, getPlatformUrl, doWithDB } from "../../../db"
-import environment from "../../../environment"
-import { getGlobalDB } from "../../../context"
+import { doWithDB } from "../../../db"
+import * as configs from "../../../configs"
 import { BBContext, Database, SSOProfile } from "@budibase/types"
 import { ssoSaveUserNoOp } from "../sso/sso"
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
@@ -13,18 +12,12 @@ type Passport = {
 }
 
 async function fetchGoogleCreds() {
-  // try and get the config from the tenant
-  const db = getGlobalDB()
-  const googleConfig = await getScopedConfig(db, {
-    type: Config.GOOGLE,
-  })
-  // or fall back to env variables
-  return (
-    googleConfig || {
-      clientID: environment.GOOGLE_CLIENT_ID,
-      clientSecret: environment.GOOGLE_CLIENT_SECRET,
-    }
-  )
+  let config = await configs.getGoogleDatasourceConfig()
+
+  if (!config) {
+    throw new Error("No google configuration found")
+  }
+  return config
 }
 
 export async function preAuth(
@@ -34,7 +27,7 @@ export async function preAuth(
 ) {
   // get the relevant config
   const googleConfig = await fetchGoogleCreds()
-  const platformUrl = await getPlatformUrl({ tenantAware: false })
+  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
 
   let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
   const strategy = await google.strategyFactory(
@@ -61,7 +54,7 @@ export async function postAuth(
 ) {
   // get the relevant config
   const config = await fetchGoogleCreds()
-  const platformUrl = await getPlatformUrl({ tenantAware: false })
+  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
 
   let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
   const authStateCookie = getCookie(ctx, Cookie.DatasourceAuth)
diff --git a/packages/backend-core/src/middleware/passport/sso/google.ts b/packages/backend-core/src/middleware/passport/sso/google.ts
index d26d7d6a8d..ad7593e63d 100644
--- a/packages/backend-core/src/middleware/passport/sso/google.ts
+++ b/packages/backend-core/src/middleware/passport/sso/google.ts
@@ -2,12 +2,11 @@ import { ssoCallbackUrl } from "../utils"
 import * as sso from "./sso"
 import {
   ConfigType,
-  GoogleConfig,
-  Database,
   SSOProfile,
   SSOAuthDetails,
   SSOProviderType,
   SaveSSOUserFunction,
+  GoogleInnerConfig,
 } from "@budibase/types"
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
 
@@ -45,7 +44,7 @@ export function buildVerifyFn(saveUserFn: SaveSSOUserFunction) {
  * @returns Dynamically configured Passport Google Strategy
  */
 export async function strategyFactory(
-  config: GoogleConfig["config"],
+  config: GoogleInnerConfig,
   callbackUrl: string,
   saveUserFn: SaveSSOUserFunction
 ) {
@@ -73,9 +72,6 @@ export async function strategyFactory(
   }
 }
 
-export async function getCallbackUrl(
-  db: Database,
-  config: { callbackURL?: string }
-) {
-  return ssoCallbackUrl(db, config, ConfigType.GOOGLE)
+export async function getCallbackUrl(config: GoogleInnerConfig) {
+  return ssoCallbackUrl(ConfigType.GOOGLE, config)
 }
diff --git a/packages/backend-core/src/middleware/passport/sso/oidc.ts b/packages/backend-core/src/middleware/passport/sso/oidc.ts
index 1fb44b84a3..b6d5eb52e9 100644
--- a/packages/backend-core/src/middleware/passport/sso/oidc.ts
+++ b/packages/backend-core/src/middleware/passport/sso/oidc.ts
@@ -4,7 +4,6 @@ import { ssoCallbackUrl } from "../utils"
 import {
   ConfigType,
   OIDCInnerConfig,
-  Database,
   SSOProfile,
   OIDCStrategyConfiguration,
   SSOAuthDetails,
@@ -157,9 +156,6 @@ export async function fetchStrategyConfig(
   }
 }
 
-export async function getCallbackUrl(
-  db: Database,
-  config: { callbackURL?: string }
-) {
-  return ssoCallbackUrl(db, config, ConfigType.OIDC)
+export async function getCallbackUrl() {
+  return ssoCallbackUrl(ConfigType.OIDC)
 }
diff --git a/packages/backend-core/src/middleware/passport/utils.ts b/packages/backend-core/src/middleware/passport/utils.ts
index 6eb3bc29d1..7e0d3863a0 100644
--- a/packages/backend-core/src/middleware/passport/utils.ts
+++ b/packages/backend-core/src/middleware/passport/utils.ts
@@ -1,6 +1,6 @@
-import { isMultiTenant, getTenantId } from "../../context"
-import { getScopedConfig } from "../../db"
-import { ConfigType, Database } from "@budibase/types"
+import { getTenantId, isMultiTenant } from "../../context"
+import * as configs from "../../configs"
+import { ConfigType, GoogleInnerConfig } from "@budibase/types"
 
 /**
  * Utility to handle authentication errors.
@@ -19,17 +19,14 @@ export function authError(done: Function, message: string, err?: any) {
 }
 
 export async function ssoCallbackUrl(
-  db: Database,
-  config?: { callbackURL?: string },
-  type?: ConfigType
+  type: ConfigType,
+  config?: GoogleInnerConfig
 ) {
   // incase there is a callback URL from before
-  if (config && config.callbackURL) {
-    return config.callbackURL
+  if (config && (config as GoogleInnerConfig).callbackURL) {
+    return (config as GoogleInnerConfig).callbackURL as string
   }
-  const publicConfig = await getScopedConfig(db, {
-    type: ConfigType.SETTINGS,
-  })
+  const settingsConfig = await configs.getSettingsConfig()
 
   let callbackUrl = `/api/global/auth`
   if (isMultiTenant()) {
@@ -37,5 +34,5 @@ export async function ssoCallbackUrl(
   }
   callbackUrl += `/${type}/callback`
 
-  return `${publicConfig.platformUrl}${callbackUrl}`
+  return `${settingsConfig.platformUrl}${callbackUrl}`
 }
diff --git a/packages/backend-core/src/middleware/querystringToBody.ts b/packages/backend-core/src/middleware/querystringToBody.ts
new file mode 100644
index 0000000000..b6f109231a
--- /dev/null
+++ b/packages/backend-core/src/middleware/querystringToBody.ts
@@ -0,0 +1,28 @@
+import { Ctx } from "@budibase/types"
+
+/**
+ * Expects a standard "query" query string property which is the JSON body
+ * of the request, which has to be sent via query string due to the requirement
+ * of making an endpoint a GET request e.g. downloading a file stream.
+ */
+export default function (ctx: Ctx, next: any) {
+  const queryString = ctx.request.query?.query as string | undefined
+  if (ctx.request.method.toLowerCase() !== "get") {
+    ctx.throw(
+      500,
+      "Query to download middleware can only be used for get requests."
+    )
+  }
+  if (!queryString) {
+    return next()
+  }
+  const decoded = decodeURIComponent(queryString)
+  let json
+  try {
+    json = JSON.parse(decoded)
+  } catch (err) {
+    return next()
+  }
+  ctx.request.body = json
+  return next()
+}
diff --git a/packages/backend-core/src/migrations/migrations.ts b/packages/backend-core/src/migrations/migrations.ts
index 2e3524775f..ab72091d56 100644
--- a/packages/backend-core/src/migrations/migrations.ts
+++ b/packages/backend-core/src/migrations/migrations.ts
@@ -87,6 +87,7 @@ export const runMigration = async (
     const lengthStatement = length > 1 ? `[${count}/${length}]` : ""
 
     const db = getDB(dbName)
+
     try {
       const doc = await getMigrationsDoc(db)
 
diff --git a/packages/backend-core/src/platform/tenants.ts b/packages/backend-core/src/platform/tenants.ts
index b9f946a735..b6bc3410d8 100644
--- a/packages/backend-core/src/platform/tenants.ts
+++ b/packages/backend-core/src/platform/tenants.ts
@@ -1,7 +1,7 @@
 import { StaticDatabases } from "../constants"
 import { getPlatformDB } from "./platformDb"
 import { LockName, LockOptions, LockType, Tenants } from "@budibase/types"
-import * as locks from "../redis/redlock"
+import * as locks from "../redis/redlockImpl"
 
 const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
 
diff --git a/packages/backend-core/src/queue/constants.ts b/packages/backend-core/src/queue/constants.ts
index e8323dacb8..9261ed1176 100644
--- a/packages/backend-core/src/queue/constants.ts
+++ b/packages/backend-core/src/queue/constants.ts
@@ -1,4 +1,5 @@
 export enum JobQueue {
   AUTOMATION = "automationQueue",
   APP_BACKUP = "appBackupQueue",
+  AUDIT_LOG = "auditLogQueue",
 }
diff --git a/packages/backend-core/src/queue/queue.ts b/packages/backend-core/src/queue/queue.ts
index 8e1fc1fbf3..c57ebafb1f 100644
--- a/packages/backend-core/src/queue/queue.ts
+++ b/packages/backend-core/src/queue/queue.ts
@@ -40,8 +40,10 @@ export function createQueue<T>(
 }
 
 export async function shutdown() {
-  if (QUEUES.length) {
+  if (cleanupInterval) {
     clearInterval(cleanupInterval)
+  }
+  if (QUEUES.length) {
     for (let queue of QUEUES) {
       await queue.close()
     }
diff --git a/packages/backend-core/src/redis/index.ts b/packages/backend-core/src/redis/index.ts
index 5bf2c65c39..6585d6e4fa 100644
--- a/packages/backend-core/src/redis/index.ts
+++ b/packages/backend-core/src/redis/index.ts
@@ -3,4 +3,4 @@
 export { default as Client } from "./redis"
 export * as utils from "./utils"
 export * as clients from "./init"
-export * as locks from "./redlock"
+export * as locks from "./redlockImpl"
diff --git a/packages/backend-core/src/redis/redlock.ts b/packages/backend-core/src/redis/redlockImpl.ts
similarity index 83%
rename from packages/backend-core/src/redis/redlock.ts
rename to packages/backend-core/src/redis/redlockImpl.ts
index 136d7f5d33..5e71488689 100644
--- a/packages/backend-core/src/redis/redlock.ts
+++ b/packages/backend-core/src/redis/redlockImpl.ts
@@ -24,7 +24,7 @@ const getClient = async (type: LockType): Promise<Redlock> => {
   }
 }
 
-export const OPTIONS = {
+const OPTIONS = {
   TRY_ONCE: {
     // immediately throws an error if the lock is already held
     retryCount: 0,
@@ -56,14 +56,29 @@ export const OPTIONS = {
   },
 }
 
-export const newRedlock = async (opts: Options = {}) => {
+const newRedlock = async (opts: Options = {}) => {
   let options = { ...OPTIONS.DEFAULT, ...opts }
   const redisWrapper = await getLockClient()
   const client = redisWrapper.getClient()
   return new Redlock([client], options)
 }
 
-export const doWithLock = async (opts: LockOptions, task: any) => {
+type SuccessfulRedlockExecution<T> = {
+  executed: true
+  result: T
+}
+type UnsuccessfulRedlockExecution = {
+  executed: false
+}
+
+type RedlockExecution<T> =
+  | SuccessfulRedlockExecution<T>
+  | UnsuccessfulRedlockExecution
+
+export const doWithLock = async <T>(
+  opts: LockOptions,
+  task: () => Promise<T>
+): Promise<RedlockExecution<T>> => {
   const redlock = await getClient(opts.type)
   let lock
   try {
@@ -73,8 +88,8 @@ export const doWithLock = async (opts: LockOptions, task: any) => {
     let name: string = `lock:${prefix}_${opts.name}`
 
     // add additional unique name if required
-    if (opts.nameSuffix) {
-      name = name + `_${opts.nameSuffix}`
+    if (opts.resource) {
+      name = name + `_${opts.resource}`
     }
 
     // create the lock
@@ -83,7 +98,7 @@ export const doWithLock = async (opts: LockOptions, task: any) => {
     // perform locked task
     // need to await to ensure completion before unlocking
     const result = await task()
-    return result
+    return { executed: true, result }
   } catch (e: any) {
     console.warn("lock error")
     // lock limit exceeded
@@ -92,7 +107,7 @@ export const doWithLock = async (opts: LockOptions, task: any) => {
         // don't throw for try-once locks, they will always error
         // due to retry count (0) exceeded
         console.warn(e)
-        return
+        return { executed: false }
       } else {
         console.error(e)
         throw e
diff --git a/packages/backend-core/src/users.ts b/packages/backend-core/src/users.ts
index ef76af390d..dfc544c3ed 100644
--- a/packages/backend-core/src/users.ts
+++ b/packages/backend-core/src/users.ts
@@ -5,19 +5,56 @@ import {
   generateAppUserID,
   queryGlobalView,
   UNICODE_MAX,
+  DocumentType,
+  SEPARATOR,
+  directCouchFind,
 } from "./db"
 import { BulkDocsResponse, User } from "@budibase/types"
 import { getGlobalDB } from "./context"
 import * as context from "./context"
 
-export const bulkGetGlobalUsersById = async (userIds: string[]) => {
+type GetOpts = { cleanup?: boolean }
+
+function removeUserPassword(users: User | User[]) {
+  if (Array.isArray(users)) {
+    return users.map(user => {
+      if (user) {
+        delete user.password
+        return user
+      }
+    })
+  } else if (users) {
+    delete users.password
+    return users
+  }
+  return users
+}
+
+export const bulkGetGlobalUsersById = async (
+  userIds: string[],
+  opts?: GetOpts
+) => {
   const db = getGlobalDB()
-  return (
+  let users = (
     await db.allDocs({
       keys: userIds,
       include_docs: true,
     })
   ).rows.map(row => row.doc) as User[]
+  if (opts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
+}
+
+export const getAllUserIds = async () => {
+  const db = getGlobalDB()
+  const startKey = `${DocumentType.USER}${SEPARATOR}`
+  const response = await db.allDocs({
+    startkey: startKey,
+    endkey: `${startKey}${UNICODE_MAX}`,
+  })
+  return response.rows.map(row => row.id)
 }
 
 export const bulkUpdateGlobalUsers = async (users: User[]) => {
@@ -25,18 +62,22 @@ export const bulkUpdateGlobalUsers = async (users: User[]) => {
   return (await db.bulkDocs(users)) as BulkDocsResponse
 }
 
-export async function getById(id: string): Promise<User> {
+export async function getById(id: string, opts?: GetOpts): Promise<User> {
   const db = context.getGlobalDB()
-  return db.get(id)
+  let user = await db.get(id)
+  if (opts?.cleanup) {
+    user = removeUserPassword(user)
+  }
+  return user
 }
 
 /**
  * Given an email address this will use a view to search through
  * all the users to find one with this email address.
- * @param {string} email the email to lookup the user by.
  */
 export const getGlobalUserByEmail = async (
-  email: String
+  email: String,
+  opts?: GetOpts
 ): Promise<User | undefined> => {
   if (email == null) {
     throw "Must supply an email address to view"
@@ -52,10 +93,19 @@ export const getGlobalUserByEmail = async (
     throw new Error(`Multiple users found with email address: ${email}`)
   }
 
-  return response
+  let user = response as User
+  if (opts?.cleanup) {
+    user = removeUserPassword(user) as User
+  }
+
+  return user
 }
 
-export const searchGlobalUsersByApp = async (appId: any, opts: any) => {
+export const searchGlobalUsersByApp = async (
+  appId: any,
+  opts: any,
+  getOpts?: GetOpts
+) => {
   if (typeof appId !== "string") {
     throw new Error("Must provide a string based app ID")
   }
@@ -64,10 +114,54 @@ export const searchGlobalUsersByApp = async (appId: any, opts: any) => {
   })
   params.startkey = opts && opts.startkey ? opts.startkey : params.startkey
   let response = await queryGlobalView(ViewName.USER_BY_APP, params)
+
   if (!response) {
     response = []
   }
-  return Array.isArray(response) ? response : [response]
+  let users: User[] = Array.isArray(response) ? response : [response]
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
+}
+
+/*
+  Return any user who potentially has access to the application
+  Admins, developers and app users with the explicitly role.
+*/
+export const searchGlobalUsersByAppAccess = async (appId: any, opts: any) => {
+  const roleSelector = `roles.${appId}`
+
+  let orQuery: any[] = [
+    {
+      "builder.global": true,
+    },
+    {
+      "admin.global": true,
+    },
+  ]
+
+  if (appId) {
+    const roleCheck = {
+      [roleSelector]: {
+        $exists: true,
+      },
+    }
+    orQuery.push(roleCheck)
+  }
+
+  let searchOptions = {
+    selector: {
+      $or: orQuery,
+      _id: {
+        $regex: "^us_",
+      },
+    },
+    limit: opts?.limit || 50,
+  }
+
+  const resp = await directCouchFind(context.getGlobalDBName(), searchOptions)
+  return resp?.rows
 }
 
 export const getGlobalUserByAppPage = (appId: string, user: User) => {
@@ -80,7 +174,11 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
 /**
  * Performs a starts with search on the global email view.
  */
-export const searchGlobalUsersByEmail = async (email: string, opts: any) => {
+export const searchGlobalUsersByEmail = async (
+  email: string,
+  opts: any,
+  getOpts?: GetOpts
+) => {
   if (typeof email !== "string") {
     throw new Error("Must provide a string to search by")
   }
@@ -95,5 +193,9 @@ export const searchGlobalUsersByEmail = async (email: string, opts: any) => {
   if (!response) {
     response = []
   }
-  return Array.isArray(response) ? response : [response]
+  let users: User[] = Array.isArray(response) ? response : [response]
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
 }
diff --git a/packages/backend-core/src/utils/utils.ts b/packages/backend-core/src/utils/utils.ts
index 3731e134ad..3efd40ca80 100644
--- a/packages/backend-core/src/utils/utils.ts
+++ b/packages/backend-core/src/utils/utils.ts
@@ -10,7 +10,13 @@ import {
 import env from "../environment"
 import * as tenancy from "../tenancy"
 import * as context from "../context"
-import { App, Ctx, TenantResolutionStrategy } from "@budibase/types"
+import {
+  App,
+  AuditedEventFriendlyName,
+  Ctx,
+  Event,
+  TenantResolutionStrategy,
+} from "@budibase/types"
 import { SetOption } from "cookies"
 const jwt = require("jsonwebtoken")
 
@@ -217,3 +223,7 @@ export async function getBuildersCount() {
 export function timeout(timeMs: number) {
   return new Promise(resolve => setTimeout(resolve, timeMs))
 }
+
+export function isAudited(event: Event) {
+  return !!AuditedEventFriendlyName[event]
+}
diff --git a/packages/backend-core/tests/utilities/index.ts b/packages/backend-core/tests/utilities/index.ts
index efe014908b..1c73216d76 100644
--- a/packages/backend-core/tests/utilities/index.ts
+++ b/packages/backend-core/tests/utilities/index.ts
@@ -4,4 +4,6 @@ export { generator } from "./structures"
 export * as testEnv from "./testEnv"
 export * as testContainerUtils from "./testContainerUtils"
 
+export * from "./jestUtils"
+
 export { default as DBTestConfiguration } from "./DBTestConfiguration"
diff --git a/packages/backend-core/tests/utilities/jestUtils.ts b/packages/backend-core/tests/utilities/jestUtils.ts
new file mode 100644
index 0000000000..d84eac548c
--- /dev/null
+++ b/packages/backend-core/tests/utilities/jestUtils.ts
@@ -0,0 +1,9 @@
+export function expectFunctionWasCalledTimesWith(
+  jestFunction: any,
+  times: number,
+  argument: any
+) {
+  expect(
+    jestFunction.mock.calls.filter((call: any) => call[0] === argument).length
+  ).toBe(times)
+}
diff --git a/packages/backend-core/tests/utilities/mocks/licenses.ts b/packages/backend-core/tests/utilities/mocks/licenses.ts
index e374612f5f..2ca41616e4 100644
--- a/packages/backend-core/tests/utilities/mocks/licenses.ts
+++ b/packages/backend-core/tests/utilities/mocks/licenses.ts
@@ -70,6 +70,10 @@ export const useBackups = () => {
   return useFeature(Feature.APP_BACKUPS)
 }
 
+export const useEnforceableSSO = () => {
+  return useFeature(Feature.ENFORCEABLE_SSO)
+}
+
 export const useGroups = () => {
   return useFeature(Feature.USER_GROUPS)
 }
@@ -78,6 +82,10 @@ export const useEnvironmentVariables = () => {
   return useFeature(Feature.ENVIRONMENT_VARIABLES)
 }
 
+export const useAuditLogs = () => {
+  return useFeature(Feature.AUDIT_LOGS)
+}
+
 // QUOTAS
 
 export const setAutomationLogsQuota = (value: number) => {
diff --git a/packages/backend-core/tests/utilities/structures/accounts.ts b/packages/backend-core/tests/utilities/structures/accounts.ts
index 6bfeedf196..62a9ac19d1 100644
--- a/packages/backend-core/tests/utilities/structures/accounts.ts
+++ b/packages/backend-core/tests/utilities/structures/accounts.ts
@@ -8,6 +8,8 @@ import {
   CloudAccount,
   Hosting,
   SSOAccount,
+  CreateAccount,
+  CreatePassswordAccount,
 } from "@budibase/types"
 import _ from "lodash"
 
@@ -29,6 +31,10 @@ export const account = (): Account => {
   }
 }
 
+export function selfHostAccount() {
+  return account()
+}
+
 export const cloudAccount = (): CloudAccount => {
   return {
     ...account(),
@@ -47,9 +53,9 @@ function provider(): AccountSSOProvider {
   return _.sample(Object.values(AccountSSOProvider)) as AccountSSOProvider
 }
 
-export function ssoAccount(): SSOAccount {
+export function ssoAccount(account: Account = cloudAccount()): SSOAccount {
   return {
-    ...cloudAccount(),
+    ...account,
     authType: AuthType.SSO,
     oauth2: {
       accessToken: generator.string(),
@@ -61,3 +67,49 @@ export function ssoAccount(): SSOAccount {
     thirdPartyProfile: {},
   }
 }
+
+export const cloudCreateAccount: CreatePassswordAccount = {
+  email: "cloud@budibase.com",
+  tenantId: "cloud",
+  hosting: Hosting.CLOUD,
+  authType: AuthType.PASSWORD,
+  password: "Password123!",
+  tenantName: "cloud",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const cloudSSOCreateAccount: CreateAccount = {
+  email: "cloud-sso@budibase.com",
+  tenantId: "cloud-sso",
+  hosting: Hosting.CLOUD,
+  authType: AuthType.SSO,
+  tenantName: "cloudsso",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const selfCreateAccount: CreatePassswordAccount = {
+  email: "self@budibase.com",
+  tenantId: "self",
+  hosting: Hosting.SELF,
+  authType: AuthType.PASSWORD,
+  password: "Password123!",
+  tenantName: "self",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const selfSSOCreateAccount: CreateAccount = {
+  email: "self-sso@budibase.com",
+  tenantId: "self-sso",
+  hosting: Hosting.SELF,
+  authType: AuthType.SSO,
+  tenantName: "selfsso",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
diff --git a/packages/backend-core/tests/utilities/structures/db.ts b/packages/backend-core/tests/utilities/structures/db.ts
index e25b707cb9..f4a677e777 100644
--- a/packages/backend-core/tests/utilities/structures/db.ts
+++ b/packages/backend-core/tests/utilities/structures/db.ts
@@ -1,5 +1,12 @@
+import { structures } from ".."
 import { newid } from "../../../src/newid"
 
 export function id() {
   return `db_${newid()}`
 }
+
+export function rev() {
+  return `${structures.generator.character({
+    numeric: true,
+  })}-${structures.uuid().replace(/-/, "")}`
+}
diff --git a/packages/backend-core/tests/utilities/structures/generator.ts b/packages/backend-core/tests/utilities/structures/generator.ts
new file mode 100644
index 0000000000..51567b152e
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/generator.ts
@@ -0,0 +1,2 @@
+import Chance from "chance"
+export const generator = new Chance()
diff --git a/packages/backend-core/tests/utilities/structures/index.ts b/packages/backend-core/tests/utilities/structures/index.ts
index d0073ba851..ca77f476d0 100644
--- a/packages/backend-core/tests/utilities/structures/index.ts
+++ b/packages/backend-core/tests/utilities/structures/index.ts
@@ -1,8 +1,4 @@
 export * from "./common"
-
-import Chance from "chance"
-export const generator = new Chance()
-
 export * as accounts from "./accounts"
 export * as apps from "./apps"
 export * as db from "./db"
@@ -12,3 +8,4 @@ export * as plugins from "./plugins"
 export * as sso from "./sso"
 export * as tenant from "./tenants"
 export * as users from "./users"
+export { generator } from "./generator"
diff --git a/packages/backend-core/tests/utilities/structures/shared.ts b/packages/backend-core/tests/utilities/structures/shared.ts
new file mode 100644
index 0000000000..de0e19486c
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/shared.ts
@@ -0,0 +1,19 @@
+import { User } from "@budibase/types"
+import { generator } from "./generator"
+import { uuid } from "./common"
+
+export const newEmail = () => {
+  return `${uuid()}@test.com`
+}
+
+export const user = (userProps?: any): User => {
+  return {
+    email: newEmail(),
+    password: "test",
+    roles: { app_test: "admin" },
+    firstName: generator.first(),
+    lastName: generator.last(),
+    pictureUrl: "http://test.com",
+    ...userProps,
+  }
+}
diff --git a/packages/backend-core/tests/utilities/structures/sso.ts b/packages/backend-core/tests/utilities/structures/sso.ts
index ad5e8e87ef..7413fa3c09 100644
--- a/packages/backend-core/tests/utilities/structures/sso.ts
+++ b/packages/backend-core/tests/utilities/structures/sso.ts
@@ -1,6 +1,7 @@
 import {
   GoogleInnerConfig,
   JwtClaims,
+  OAuth2,
   OIDCInnerConfig,
   OIDCWellKnownConfig,
   SSOAuthDetails,
@@ -8,8 +9,40 @@ import {
   SSOProviderType,
   User,
 } from "@budibase/types"
-import { uuid, generator, users, email } from "./index"
+import { generator } from "./generator"
+import { uuid, email } from "./common"
+import * as shared from "./shared"
 import _ from "lodash"
+import { user } from "./shared"
+
+export function OAuth(): OAuth2 {
+  return {
+    refreshToken: generator.string(),
+    accessToken: generator.string(),
+  }
+}
+
+export function authDetails(userDoc?: User): SSOAuthDetails {
+  if (!userDoc) {
+    userDoc = user()
+  }
+
+  const userId = userDoc._id || uuid()
+  const provider = generator.string()
+
+  const profile = ssoProfile(userDoc)
+  profile.provider = provider
+  profile.id = userId
+
+  return {
+    email: userDoc.email,
+    oauth2: OAuth(),
+    profile,
+    provider,
+    providerType: providerType(),
+    userId,
+  }
+}
 
 export function providerType(): SSOProviderType {
   return _.sample(Object.values(SSOProviderType)) as SSOProviderType
@@ -17,7 +50,7 @@ export function providerType(): SSOProviderType {
 
 export function ssoProfile(user?: User): SSOProfile {
   if (!user) {
-    user = users.user()
+    user = shared.user()
   }
   return {
     id: user._id!,
@@ -33,31 +66,6 @@ export function ssoProfile(user?: User): SSOProfile {
   }
 }
 
-export function authDetails(user?: User): SSOAuthDetails {
-  if (!user) {
-    user = users.user()
-  }
-
-  const userId = user._id || uuid()
-  const provider = generator.string()
-
-  const profile = ssoProfile(user)
-  profile.provider = provider
-  profile.id = userId
-
-  return {
-    email: user.email,
-    oauth2: {
-      refreshToken: generator.string(),
-      accessToken: generator.string(),
-    },
-    profile,
-    provider,
-    providerType: providerType(),
-    userId,
-  }
-}
-
 // OIDC
 
 export function oidcConfig(): OIDCInnerConfig {
@@ -69,6 +77,7 @@ export function oidcConfig(): OIDCInnerConfig {
     configUrl: "http://someconfigurl",
     clientID: generator.string(),
     clientSecret: generator.string(),
+    scopes: [],
   }
 }
 
diff --git a/packages/backend-core/tests/utilities/structures/users.ts b/packages/backend-core/tests/utilities/structures/users.ts
index 332c27ca12..7a6b4f0d80 100644
--- a/packages/backend-core/tests/utilities/structures/users.ts
+++ b/packages/backend-core/tests/utilities/structures/users.ts
@@ -1,29 +1,13 @@
-import { generator } from "../"
 import {
   AdminUser,
   BuilderUser,
   SSOAuthDetails,
   SSOUser,
-  User,
 } from "@budibase/types"
-import { v4 as uuid } from "uuid"
-import * as sso from "./sso"
+import { user } from "./shared"
+import { authDetails } from "./sso"
 
-export const newEmail = () => {
-  return `${uuid()}@test.com`
-}
-
-export const user = (userProps?: any): User => {
-  return {
-    email: newEmail(),
-    password: "test",
-    roles: { app_test: "admin" },
-    firstName: generator.first(),
-    lastName: generator.last(),
-    pictureUrl: "http://test.com",
-    ...userProps,
-  }
-}
+export { user, newEmail } from "./shared"
 
 export const adminUser = (userProps?: any): AdminUser => {
   return {
@@ -53,7 +37,7 @@ export function ssoUser(
   delete base.password
 
   if (!opts.details) {
-    opts.details = sso.authDetails(base)
+    opts.details = authDetails(base)
   }
 
   return {
diff --git a/packages/backend-core/tests/utilities/testContainerUtils.ts b/packages/backend-core/tests/utilities/testContainerUtils.ts
index 11c5fca806..f6c702f7ef 100644
--- a/packages/backend-core/tests/utilities/testContainerUtils.ts
+++ b/packages/backend-core/tests/utilities/testContainerUtils.ts
@@ -1,3 +1,31 @@
+import { execSync } from "child_process"
+
+let dockerPsResult: string | undefined
+
+function formatDockerPsResult(serverName: string, port: number) {
+  const lines = dockerPsResult?.split("\n")
+  let first = true
+  if (!lines) {
+    return null
+  }
+  for (let line of lines) {
+    if (first) {
+      first = false
+      continue
+    }
+    let toLookFor = serverName.split("-service")[0]
+    if (!line.includes(toLookFor)) {
+      continue
+    }
+    const regex = new RegExp(`0.0.0.0:([0-9]*)->${port}`, "g")
+    const found = line.match(regex)
+    if (found) {
+      return found[0].split(":")[1].split("->")[0]
+    }
+  }
+  return null
+}
+
 function getTestContainerSettings(
   serverName: string,
   key: string
@@ -14,10 +42,22 @@ function getTestContainerSettings(
 }
 
 function getContainerInfo(containerName: string, port: number) {
-  const assignedPort = getTestContainerSettings(
+  let assignedPort = getTestContainerSettings(
     containerName.toUpperCase(),
     `PORT_${port}`
   )
+  if (!dockerPsResult) {
+    try {
+      const outputBuffer = execSync("docker ps")
+      dockerPsResult = outputBuffer.toString("utf8")
+    } catch (err) {
+      //no-op
+    }
+  }
+  const possiblePort = formatDockerPsResult(containerName, port)
+  if (possiblePort) {
+    assignedPort = possiblePort
+  }
   const host = getTestContainerSettings(containerName.toUpperCase(), "IP")
   return {
     port: assignedPort,
@@ -39,12 +79,15 @@ function getRedisConfig() {
 }
 
 export function setupEnv(...envs: any[]) {
+  const couch = getCouchConfig(),
+    minio = getCouchConfig(),
+    redis = getRedisConfig()
   const configs = [
-    { key: "COUCH_DB_PORT", value: getCouchConfig().port },
-    { key: "COUCH_DB_URL", value: getCouchConfig().url },
-    { key: "MINIO_PORT", value: getMinioConfig().port },
-    { key: "MINIO_URL", value: getMinioConfig().url },
-    { key: "REDIS_URL", value: getRedisConfig().url },
+    { key: "COUCH_DB_PORT", value: couch.port },
+    { key: "COUCH_DB_URL", value: couch.url },
+    { key: "MINIO_PORT", value: minio.port },
+    { key: "MINIO_URL", value: minio.url },
+    { key: "REDIS_URL", value: redis.url },
   ]
 
   for (const config of configs.filter(x => !!x.value)) {
diff --git a/packages/backend-core/yarn.lock b/packages/backend-core/yarn.lock
index 5f8edb3df6..91c5c6c9f3 100644
--- a/packages/backend-core/yarn.lock
+++ b/packages/backend-core/yarn.lock
@@ -475,10 +475,10 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
diff --git a/packages/bbui/package.json b/packages/bbui/package.json
index b697a532ad..05e826eb81 100644
--- a/packages/bbui/package.json
+++ b/packages/bbui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/bbui",
   "description": "A UI solution used in the different Budibase projects.",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "module": "dist/bbui.es.js",
@@ -38,7 +38,8 @@
   ],
   "dependencies": {
     "@adobe/spectrum-css-workflow-icons": "1.2.1",
-    "@budibase/string-templates": "2.3.18-alpha.12",
+    "@budibase/shared-core": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
     "@spectrum-css/accordion": "3.0.24",
     "@spectrum-css/actionbutton": "1.0.1",
     "@spectrum-css/actiongroup": "1.0.1",
diff --git a/packages/bbui/src/ActionButton/ActionButton.svelte b/packages/bbui/src/ActionButton/ActionButton.svelte
index 663128160f..60c8bec80b 100644
--- a/packages/bbui/src/ActionButton/ActionButton.svelte
+++ b/packages/bbui/src/ActionButton/ActionButton.svelte
@@ -1,6 +1,9 @@
 <script>
   import "@spectrum-css/actionbutton/dist/index-vars.css"
   import { createEventDispatcher } from "svelte"
+  import Tooltip from "../Tooltip/Tooltip.svelte"
+  import { fade } from "svelte/transition"
+
   const dispatch = createEventDispatcher()
 
   export let quiet = false
@@ -13,6 +16,9 @@
   export let active = false
   export let fullWidth = false
   export let noPadding = false
+  export let tooltip = ""
+
+  let showTooltip = false
 
   function longPress(element) {
     if (!longPressable) return
@@ -35,42 +41,54 @@
   }
 </script>
 
-<button
-  use:longPress
-  class:spectrum-ActionButton--quiet={quiet}
-  class:spectrum-ActionButton--emphasized={emphasized}
-  class:is-selected={selected}
-  class:noPadding
-  class:fullWidth
-  class="spectrum-ActionButton spectrum-ActionButton--size{size}"
-  class:active
-  {disabled}
-  on:longPress
-  on:click|preventDefault
+<span
+  class="btn-wrap"
+  on:mouseover={() => (showTooltip = true)}
+  on:mouseleave={() => (showTooltip = false)}
+  on:focus={() => (showTooltip = true)}
 >
-  {#if longPressable}
-    <svg
-      class="spectrum-Icon spectrum-UIIcon-CornerTriangle100 spectrum-ActionButton-hold"
-      focusable="false"
-      aria-hidden="true"
-    >
-      <use xlink:href="#spectrum-css-icon-CornerTriangle100" />
-    </svg>
-  {/if}
-  {#if icon}
-    <svg
-      class="spectrum-Icon spectrum-Icon--size{size}"
-      focusable="false"
-      aria-hidden="true"
-      aria-label={icon}
-    >
-      <use xlink:href="#spectrum-icon-18-{icon}" />
-    </svg>
-  {/if}
-  {#if $$slots}
-    <span class="spectrum-ActionButton-label"><slot /></span>
-  {/if}
-</button>
+  <button
+    use:longPress
+    class:spectrum-ActionButton--quiet={quiet}
+    class:spectrum-ActionButton--emphasized={emphasized}
+    class:is-selected={selected}
+    class:noPadding
+    class:fullWidth
+    class="spectrum-ActionButton spectrum-ActionButton--size{size}"
+    class:active
+    {disabled}
+    on:longPress
+    on:click|preventDefault
+  >
+    {#if longPressable}
+      <svg
+        class="spectrum-Icon spectrum-UIIcon-CornerTriangle100 spectrum-ActionButton-hold"
+        focusable="false"
+        aria-hidden="true"
+      >
+        <use xlink:href="#spectrum-css-icon-CornerTriangle100" />
+      </svg>
+    {/if}
+    {#if icon}
+      <svg
+        class="spectrum-Icon spectrum-Icon--size{size}"
+        focusable="false"
+        aria-hidden="true"
+        aria-label={icon}
+      >
+        <use xlink:href="#spectrum-icon-18-{icon}" />
+      </svg>
+    {/if}
+    {#if $$slots}
+      <span class="spectrum-ActionButton-label"><slot /></span>
+    {/if}
+    {#if tooltip && showTooltip}
+      <div class="tooltip" in:fade={{ duration: 130, delay: 250 }}>
+        <Tooltip textWrapping direction="bottom" text={tooltip} />
+      </div>
+    {/if}
+  </button>
+</span>
 
 <style>
   .fullWidth {
@@ -95,7 +113,20 @@
   .spectrum-ActionButton--quiet {
     padding: 0 8px;
   }
+  .spectrum-ActionButton--quiet.is-selected {
+    color: var(--spectrum-global-color-gray-900);
+  }
   .is-selected:not(.emphasized) .spectrum-Icon {
     color: var(--spectrum-global-color-gray-900);
   }
+  .tooltip {
+    position: absolute;
+    pointer-events: none;
+    left: 50%;
+    top: calc(100% + 4px);
+    width: 100vw;
+    max-width: 150px;
+    transform: translateX(-50%);
+    text-align: center;
+  }
 </style>
diff --git a/packages/bbui/src/Actions/position_dropdown.js b/packages/bbui/src/Actions/position_dropdown.js
index abc7188985..ecbb5747c4 100644
--- a/packages/bbui/src/Actions/position_dropdown.js
+++ b/packages/bbui/src/Actions/position_dropdown.js
@@ -31,6 +31,7 @@ export default function positionDropdown(element, opts) {
       styles.top = anchorBounds.top
     } else if (window.innerHeight - anchorBounds.bottom < 100) {
       styles.top = anchorBounds.top - elementBounds.height - offset
+      styles.maxHeight = 240
     } else {
       styles.top = anchorBounds.bottom + offset
       styles.maxHeight = window.innerHeight - anchorBounds.bottom - 20
diff --git a/packages/bbui/src/Form/Core/Multiselect.svelte b/packages/bbui/src/Form/Core/Multiselect.svelte
index d6c4dc23ac..1d04c210f4 100644
--- a/packages/bbui/src/Form/Core/Multiselect.svelte
+++ b/packages/bbui/src/Form/Core/Multiselect.svelte
@@ -14,6 +14,9 @@
   export let autocomplete = false
   export let sort = false
   export let autoWidth = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
 
   const dispatch = createEventDispatcher()
 
@@ -83,10 +86,13 @@
   {options}
   isPlaceholder={!value?.length}
   {autocomplete}
+  bind:fetchTerm
+  {useFetch}
   {isOptionSelected}
   {getOptionLabel}
   {getOptionValue}
   onSelectOption={toggleOption}
   {sort}
   {autoWidth}
+  {customPopoverHeight}
 />
diff --git a/packages/bbui/src/Form/Core/Picker.svelte b/packages/bbui/src/Form/Core/Picker.svelte
index 32cfcf3310..bd575600b1 100644
--- a/packages/bbui/src/Form/Core/Picker.svelte
+++ b/packages/bbui/src/Form/Core/Picker.svelte
@@ -24,6 +24,7 @@
   export let getOptionLabel = option => option
   export let getOptionValue = option => option
   export let getOptionIcon = () => null
+  export let useOptionIconImage = false
   export let getOptionColour = () => null
   export let open = false
   export let readonly = false
@@ -31,6 +32,11 @@
   export let autoWidth = false
   export let autocomplete = false
   export let sort = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
+  export let align = "left"
+  export let footer = null
 
   const dispatch = createEventDispatcher()
 
@@ -71,7 +77,7 @@
   }
 
   const getFilteredOptions = (options, term, getLabel) => {
-    if (autocomplete && term) {
+    if (autocomplete && term && !fetchTerm) {
       const lowerCaseTerm = term.toLowerCase()
       return options.filter(option => {
         return `${getLabel(option)}`.toLowerCase().includes(lowerCaseTerm)
@@ -130,12 +136,13 @@
 
 <Popover
   anchor={button}
-  align="left"
+  align={align || "left"}
   bind:this={popover}
   {open}
   on:close={() => (open = false)}
   useAnchorWidth={!autoWidth}
   maxWidth={autoWidth ? 400 : null}
+  customHeight={customPopoverHeight}
 >
   <div
     class="popover-content"
@@ -144,8 +151,9 @@
   >
     {#if autocomplete}
       <Search
-        value={searchTerm}
-        on:change={event => (searchTerm = event.detail)}
+        value={useFetch ? fetchTerm : searchTerm}
+        on:change={event =>
+          useFetch ? (fetchTerm = event.detail) : (searchTerm = event.detail)}
         {disabled}
         placeholder="Search"
       />
@@ -183,7 +191,16 @@
           >
             {#if getOptionIcon(option, idx)}
               <span class="option-extra icon">
-                <Icon size="S" name={getOptionIcon(option, idx)} />
+                {#if useOptionIconImage}
+                  <img
+                    src={getOptionIcon(option, idx)}
+                    alt="icon"
+                    width="15"
+                    height="15"
+                  />
+                {:else}
+                  <Icon size="S" name={getOptionIcon(option, idx)} />
+                {/if}
               </span>
             {/if}
             {#if getOptionColour(option, idx)}
@@ -205,6 +222,12 @@
         {/each}
       {/if}
     </ul>
+
+    {#if footer}
+      <div class="footer">
+        {footer}
+      </div>
+    {/if}
   </div>
 </Popover>
 
@@ -247,7 +270,7 @@
   }
   .popover-content.auto-width .spectrum-Menu-itemLabel {
     white-space: nowrap;
-    overflow: hidden;
+    overflow: none;
     text-overflow: ellipsis;
   }
   .popover-content:not(.auto-width) .spectrum-Menu-itemLabel {
@@ -281,4 +304,11 @@
   .popover-content :global(.spectrum-Search .spectrum-Textfield-icon) {
     top: 9px;
   }
+
+  .footer {
+    padding: 4px 12px 12px 12px;
+    font-style: italic;
+    max-width: 170px;
+    font-size: 12px;
+  }
 </style>
diff --git a/packages/bbui/src/Form/Core/Select.svelte b/packages/bbui/src/Form/Core/Select.svelte
index 721083e3a6..af45c1d9ff 100644
--- a/packages/bbui/src/Form/Core/Select.svelte
+++ b/packages/bbui/src/Form/Core/Select.svelte
@@ -11,6 +11,7 @@
   export let getOptionLabel = option => option
   export let getOptionValue = option => option
   export let getOptionIcon = () => null
+  export let useOptionIconImage = false
   export let getOptionColour = () => null
   export let isOptionEnabled
   export let readonly = false
@@ -18,6 +19,8 @@
   export let autoWidth = false
   export let autocomplete = false
   export let sort = false
+  export let align
+  export let footer = null
 
   const dispatch = createEventDispatcher()
 
@@ -41,7 +44,7 @@
   const getFieldText = (value, options, placeholder) => {
     // Always use placeholder if no value
     if (value == null || value === "") {
-      return placeholder || "Choose an option"
+      return placeholder !== false ? "Choose an option" : ""
     }
 
     return getFieldAttribute(getOptionLabel, value, options)
@@ -66,15 +69,18 @@
   {fieldColour}
   {options}
   {autoWidth}
+  {align}
+  {footer}
   {getOptionLabel}
   {getOptionValue}
   {getOptionIcon}
+  {useOptionIconImage}
   {getOptionColour}
   {isOptionEnabled}
   {autocomplete}
   {sort}
   isPlaceholder={value == null || value === ""}
-  placeholderOption={placeholder}
+  placeholderOption={placeholder === false ? null : placeholder}
   isOptionSelected={option => option === value}
   onSelectOption={selectOption}
 />
diff --git a/packages/bbui/src/Form/Multiselect.svelte b/packages/bbui/src/Form/Multiselect.svelte
index 7bcf22aa06..185eb7069b 100644
--- a/packages/bbui/src/Form/Multiselect.svelte
+++ b/packages/bbui/src/Form/Multiselect.svelte
@@ -15,6 +15,11 @@
   export let getOptionValue = option => option
   export let sort = false
   export let autoWidth = false
+  export let autocomplete = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
+
   const dispatch = createEventDispatcher()
   const onChange = e => {
     value = e.detail
@@ -34,6 +39,10 @@
     {getOptionLabel}
     {getOptionValue}
     {autoWidth}
+    {autocomplete}
+    {customPopoverHeight}
+    bind:fetchTerm
+    {useFetch}
     on:change={onChange}
     on:click
   />
diff --git a/packages/bbui/src/Form/Select.svelte b/packages/bbui/src/Form/Select.svelte
index 69126e648d..e87496652d 100644
--- a/packages/bbui/src/Form/Select.svelte
+++ b/packages/bbui/src/Form/Select.svelte
@@ -14,12 +14,17 @@
   export let getOptionLabel = option => extractProperty(option, "label")
   export let getOptionValue = option => extractProperty(option, "value")
   export let getOptionIcon = option => option?.icon
+  export let useOptionIconImage = false
   export let getOptionColour = option => option?.colour
   export let isOptionEnabled
   export let quiet = false
   export let autoWidth = false
   export let sort = false
   export let tooltip = ""
+  export let autocomplete = false
+  export let customPopoverHeight
+  export let align
+  export let footer = null
 
   const dispatch = createEventDispatcher()
   const onChange = e => {
@@ -46,11 +51,16 @@
     {placeholder}
     {autoWidth}
     {sort}
+    {align}
+    {footer}
     {getOptionLabel}
     {getOptionValue}
     {getOptionIcon}
     {getOptionColour}
+    {useOptionIconImage}
     {isOptionEnabled}
+    {autocomplete}
+    {customPopoverHeight}
     on:change={onChange}
     on:click
   />
diff --git a/packages/bbui/src/Modal/Modal.svelte b/packages/bbui/src/Modal/Modal.svelte
index 45081356c1..f56ef1187f 100644
--- a/packages/bbui/src/Modal/Modal.svelte
+++ b/packages/bbui/src/Modal/Modal.svelte
@@ -29,6 +29,14 @@
     visible = false
   }
 
+  export function toggle() {
+    if (visible) {
+      hide()
+    } else {
+      show()
+    }
+  }
+
   export function cancel() {
     if (!visible) {
       return
@@ -61,7 +69,7 @@
     }
   }
 
-  setContext(Context.Modal, { show, hide, cancel })
+  setContext(Context.Modal, { show, hide, toggle, cancel })
 
   onMount(() => {
     document.addEventListener("keydown", handleKey)
diff --git a/packages/bbui/src/Popover/Popover.svelte b/packages/bbui/src/Popover/Popover.svelte
index 8f6ef06591..081e3a34df 100644
--- a/packages/bbui/src/Popover/Popover.svelte
+++ b/packages/bbui/src/Popover/Popover.svelte
@@ -18,6 +18,7 @@
   export let useAnchorWidth = false
   export let dismissible = true
   export let offset = 5
+  export let customHeight
 
   $: target = portalTarget || getContext(Context.PopoverRoot) || ".spectrum"
 
@@ -74,6 +75,7 @@
       on:keydown={handleEscape}
       class="spectrum-Popover is-open"
       role="presentation"
+      style="height: {customHeight}"
       transition:fly|local={{ y: -20, duration: 200 }}
     >
       <slot />
diff --git a/packages/bbui/src/helpers.js b/packages/bbui/src/helpers.js
index f2246fbb49..32030322d9 100644
--- a/packages/bbui/src/helpers.js
+++ b/packages/bbui/src/helpers.js
@@ -1,3 +1,6 @@
+import { helpers } from "@budibase/shared-core"
+export const deepGet = helpers.deepGet
+
 /**
  * Generates a DOM safe UUID.
  * Starting with a letter is important to make it DOM safe.
@@ -41,30 +44,6 @@ export const hashString = string => {
   return hash.toString()
 }
 
-/**
- * Gets a key within an object. The key supports dot syntax for retrieving deep
- * fields - e.g. "a.b.c".
- * Exact matches of keys with dots in them take precedence over nested keys of
- * the same path - e.g. getting "a.b" from { "a.b": "foo", a: { b: "bar" } }
- * will return "foo" over "bar".
- * @param obj the object
- * @param key the key
- * @return {*|null} the value or null if a value was not found for this key
- */
-export const deepGet = (obj, key) => {
-  if (!obj || !key) {
-    return null
-  }
-  if (Object.prototype.hasOwnProperty.call(obj, key)) {
-    return obj[key]
-  }
-  const split = key.split(".")
-  for (let i = 0; i < split.length; i++) {
-    obj = obj?.[split[i]]
-  }
-  return obj
-}
-
 /**
  * Sets a key within an object. The key supports dot syntax for retrieving deep
  * fields - e.g. "a.b.c".
diff --git a/packages/builder/package.json b/packages/builder/package.json
index b3afb4de2a..7d8e2a8ae9 100644
--- a/packages/builder/package.json
+++ b/packages/builder/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/builder",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "license": "GPL-3.0",
   "private": true,
   "scripts": {
@@ -58,10 +58,11 @@
     }
   },
   "dependencies": {
-    "@budibase/bbui": "2.3.18-alpha.12",
-    "@budibase/client": "2.3.18-alpha.12",
-    "@budibase/frontend-core": "2.3.18-alpha.12",
-    "@budibase/string-templates": "2.3.18-alpha.12",
+    "@budibase/bbui": "2.4.12-alpha.0",
+    "@budibase/client": "2.4.12-alpha.0",
+    "@budibase/frontend-core": "2.4.12-alpha.0",
+    "@budibase/shared-core": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
     "@fortawesome/fontawesome-svg-core": "^6.2.1",
     "@fortawesome/free-brands-svg-icons": "^6.2.1",
     "@fortawesome/free-solid-svg-icons": "^6.2.1",
diff --git a/packages/builder/src/builderStore/store/frontend.js b/packages/builder/src/builderStore/store/frontend.js
index d58a2d5b9e..51f88add27 100644
--- a/packages/builder/src/builderStore/store/frontend.js
+++ b/packages/builder/src/builderStore/store/frontend.js
@@ -72,6 +72,8 @@ const INITIAL_FRONTEND_STATE = {
   // onboarding
   onboarding: false,
   tourNodes: null,
+
+  builderSidePanel: false,
 }
 
 export const getFrontendStore = () => {
diff --git a/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte b/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
index d74eab3622..043844b6d2 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
@@ -73,14 +73,14 @@
             <Tabs noHorizPadding selected="Input">
               <Tab title="Input">
                 <TextArea
-                  minHeight="80px"
+                  minHeight="160px"
                   disabled
                   value={textArea(filteredResults?.[idx]?.inputs, "No input")}
                 />
               </Tab>
               <Tab title="Output">
                 <TextArea
-                  minHeight="100px"
+                  minHeight="160px"
                   disabled
                   value={textArea(filteredResults?.[idx]?.outputs, "No output")}
                 />
@@ -98,8 +98,9 @@
 
 <style>
   .container {
-    padding: 0 30px 0 30px;
+    padding: 0 30px 30px 30px;
     height: 100%;
+    overflow: auto;
   }
 
   .tabs {
diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
index d7225a6645..352f094507 100644
--- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
@@ -192,13 +192,13 @@
     editableColumn.name = originalName
   }
 
-  function deleteColumn() {
+  async function deleteColumn() {
     try {
       editableColumn.name = deleteColName
       if (editableColumn.name === $tables.selected.primaryDisplay) {
         notifications.error("You cannot delete the display column")
       } else {
-        tables.deleteField(editableColumn)
+        await tables.deleteField(editableColumn)
         notifications.success(`Column ${editableColumn.name} deleted.`)
         confirmDeleteDialog.hide()
         hide()
diff --git a/packages/builder/src/components/commandPalette/CommandPalette.svelte b/packages/builder/src/components/commandPalette/CommandPalette.svelte
new file mode 100644
index 0000000000..cf976a799e
--- /dev/null
+++ b/packages/builder/src/components/commandPalette/CommandPalette.svelte
@@ -0,0 +1,333 @@
+<script>
+  import {
+    Context,
+    Icon,
+    Input,
+    ModalContent,
+    Detail,
+    notifications,
+  } from "@budibase/bbui"
+  import { API } from "api"
+  import { goto } from "@roxi/routify"
+  import {
+    store,
+    sortedScreens,
+    automationStore,
+    themeStore,
+  } from "builderStore"
+  import { datasources, queries, tables, views } from "stores/backend"
+  import { getContext } from "svelte"
+  import { Constants } from "@budibase/frontend-core"
+
+  const modalContext = getContext(Context.Modal)
+  const commands = [
+    {
+      type: "Access",
+      name: "Invite users and manage app access",
+      description: "",
+      icon: "User",
+      action: () =>
+        store.update(state => ({ ...state, builderSidePanel: true })),
+    },
+    {
+      type: "Navigate",
+      name: "Portal",
+      description: "",
+      icon: "Compass",
+      action: () => $goto("../../portal"),
+    },
+    {
+      type: "Navigate",
+      name: "Data",
+      description: "",
+      icon: "Compass",
+      action: () => $goto("./data"),
+    },
+    {
+      type: "Navigate",
+      name: "Design",
+      description: "",
+      icon: "Compass",
+      action: () => $goto("./design"),
+    },
+    {
+      type: "Navigate",
+      name: "Automations",
+      description: "",
+      icon: "Compass",
+      action: () => $goto("./automate"),
+    },
+    {
+      type: "Publish",
+      name: "App",
+      description: "Deploy your application",
+      icon: "Box",
+      action: deployApp,
+    },
+    {
+      type: "Preview",
+      name: "App",
+      description: "",
+      icon: "Play",
+      action: () => window.open(`/${$store.appId}`),
+    },
+    {
+      type: "Preview",
+      name: "Published App",
+      icon: "Play",
+      action: () => window.open(`/app${$store.url}`),
+    },
+    {
+      type: "Support",
+      name: "Raise Github Discussion",
+      icon: "Help",
+      action: () =>
+        window.open(`https://github.com/Budibase/budibase/discussions/new`),
+    },
+    {
+      type: "Support",
+      name: "Raise A Bug",
+      icon: "Bug",
+      action: () =>
+        window.open(
+          `https://github.com/Budibase/budibase/issues/new?assignees=&labels=bug&template=bug_report.md&title=`
+        ),
+    },
+    ...$datasources?.list.map(datasource => ({
+      type: "Datasource",
+      name: `${datasource.name}`,
+      icon: "Data",
+      action: () => $goto(`./data/datasource/${datasource._id}`),
+    })),
+    ...$tables?.list.map(table => ({
+      type: "Table",
+      name: table.name,
+      icon: "Table",
+      action: () => $goto(`./data/table/${table._id}`),
+    })),
+    ...$views?.list.map(view => ({
+      type: "View",
+      name: view.name,
+      icon: "Remove",
+      action: () => $goto(`./data/view/${view.name}`),
+    })),
+    ...$queries?.list.map(query => ({
+      type: "Query",
+      name: query.name,
+      icon: "SQLQuery",
+      action: () => $goto(`./data/query/${query._id}`),
+    })),
+    ...$sortedScreens.map(screen => ({
+      type: "Screen",
+      name: screen.routing.route,
+      icon: "WebPage",
+      action: () => $goto(`./design/${screen._id}/components`),
+    })),
+    ...$automationStore?.automations.map(automation => ({
+      type: "Automation",
+      name: automation.name,
+      icon: "ShareAndroid",
+      action: () => $goto(`./automate/${automation._id}`),
+    })),
+    ...Constants.Themes.map(theme => ({
+      type: "Change Builder Theme",
+      name: theme.name,
+      icon: "ColorPalette",
+      action: () =>
+        themeStore.update(state => {
+          state.theme = theme.class
+          return state
+        }),
+    })),
+  ]
+
+  let search
+  let selected = null
+
+  $: enrichedCommands = commands.map(cmd => ({
+    ...cmd,
+    searchValue: `${cmd.type} ${cmd.name}`.toLowerCase(),
+  }))
+  $: results = filterResults(enrichedCommands, search)
+  $: categories = groupResults(results)
+
+  const filterResults = (commands, search) => {
+    if (!search) {
+      selected = null
+      return commands
+    }
+    selected = 0
+    search = search.toLowerCase()
+    return commands
+      .filter(cmd => cmd.searchValue.includes(search))
+      .map((cmd, idx) => ({
+        ...cmd,
+        idx,
+      }))
+  }
+
+  const groupResults = results => {
+    let categories = {}
+    results?.forEach(result => {
+      if (!categories[result.type]) {
+        categories[result.type] = []
+      }
+      categories[result.type].push(result)
+    })
+    return Object.entries(categories)
+  }
+
+  const onKeyDown = e => {
+    if (e.key === "ArrowDown") {
+      e.preventDefault()
+      if (selected === null) {
+        selected = 0
+        return
+      }
+      if (selected < results.length - 1) {
+        selected += 1
+      }
+    } else if (e.key === "ArrowUp") {
+      e.preventDefault()
+      if (selected === null) {
+        selected = results.length - 1
+        return
+      }
+      if (selected > 0) {
+        selected -= 1
+      }
+    } else if (e.key === "Enter") {
+      if (selected == null) {
+        return
+      }
+      runAction(results[selected])
+    } else if (e.key === "Escape") {
+      modalContext.hide()
+    }
+  }
+
+  async function deployApp() {
+    try {
+      await API.deployAppChanges()
+      notifications.success("Application published successfully")
+    } catch (error) {
+      notifications.error("Error publishing app")
+    }
+  }
+
+  const runAction = command => {
+    if (!command) {
+      return
+    }
+    command.action()
+    modalContext.hide()
+  }
+</script>
+
+<svelte:window on:keydown={onKeyDown} />
+<ModalContent
+  size="L"
+  showCancelButton={false}
+  showConfirmButton={false}
+  showCloseIcon={false}
+>
+  <div class="content">
+    <div class="title">
+      <Icon size="XL" name="Search" />
+      <Input bind:value={search} quiet placeholder="Search for command" />
+    </div>
+    <div class="commands">
+      {#each categories as [name, results], catIdx}
+        <div class="category">
+          <Detail>{name}</Detail>
+          <div class="options">
+            {#each results as command, cmdIdx}
+              <div
+                class="command"
+                on:click={() => runAction(command)}
+                class:selected={command.idx === selected}
+              >
+                <Icon size="M" name={command.icon} />
+                <strong>{command.type}:&nbsp;</strong>
+                <div class="name">
+                  {command.name}
+                </div>
+              </div>
+            {/each}
+          </div>
+        </div>
+      {/each}
+    </div>
+  </div>
+</ModalContent>
+
+<style>
+  .content {
+    margin: -40px;
+    overflow: hidden;
+  }
+  .title {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-start;
+    align-items: center;
+    padding: var(--spacing-xl) var(--spacing-xl) var(--spacing-l)
+      var(--spacing-xl);
+    border-bottom: var(--border-dark);
+    gap: var(--spacing-m);
+    border-bottom-width: 2px;
+  }
+  .title :global(.spectrum-Textfield-input) {
+    border-bottom: none;
+    font-size: 20px;
+  }
+
+  .commands {
+    height: 378px;
+    overflow: scroll;
+  }
+
+  .category {
+    padding: var(--spacing-m) var(--spacing-xl);
+    border-bottom: var(--border-light);
+  }
+  .category:last-of-type {
+    border-bottom: none;
+  }
+  .category :global(.spectrum-Detail) {
+    color: var(--spectrum-global-color-gray-600);
+  }
+  .options {
+    padding-top: var(--spacing-m);
+    margin: 0 calc(-1 * var(--spacing-xl));
+  }
+
+  .command {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-start;
+    align-items: center;
+    padding: var(--spacing-s) var(--spacing-xl);
+    cursor: pointer;
+    overflow: hidden;
+    transition: color 130ms ease-out, background-color 130ms ease-out;
+  }
+  .command:hover,
+  .selected {
+    color: var(--spectrum-global-color-gray-900);
+    background-color: var(--spectrum-global-color-gray-300);
+  }
+  .command strong {
+    margin-left: var(--spacing-m);
+  }
+  .name {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+  }
+
+  footer {
+    display: flex;
+    justify-content: center;
+  }
+</style>
diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte
index 645e82c8ba..09a67cb6fe 100644
--- a/packages/builder/src/components/common/RoleSelect.svelte
+++ b/packages/builder/src/components/common/RoleSelect.svelte
@@ -11,16 +11,24 @@
   export let quiet = false
   export let allowPublic = true
   export let allowRemove = false
+  export let disabled = false
+  export let align
+  export let footer = null
+  export let allowedRoles = null
 
   const dispatch = createEventDispatcher()
   const RemoveID = "remove"
 
-  $: options = getOptions($roles, allowPublic, allowRemove)
+  $: options = getOptions($roles, allowPublic, allowRemove, allowedRoles)
 
-  const getOptions = (roles, allowPublic) => {
+  const getOptions = (roles, allowPublic, allowRemove, allowedRoles) => {
+    if (allowedRoles?.length) {
+      return roles.filter(role => allowedRoles.includes(role._id))
+    }
+    let newRoles = [...roles]
     if (allowRemove) {
-      roles = [
-        ...roles,
+      newRoles = [
+        ...newRoles,
         {
           _id: RemoveID,
           name: "Remove",
@@ -28,9 +36,9 @@
       ]
     }
     if (allowPublic) {
-      return roles
+      return newRoles
     }
-    return roles.filter(role => role._id !== Constants.Roles.PUBLIC)
+    return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
   }
 
   const getColor = role => {
@@ -59,6 +67,9 @@
 <Select
   {autoWidth}
   {quiet}
+  {disabled}
+  {align}
+  {footer}
   bind:value
   on:change={onChange}
   {options}
diff --git a/packages/builder/src/components/deploy/DeployNavigation.svelte b/packages/builder/src/components/deploy/AppActions.svelte
similarity index 52%
rename from packages/builder/src/components/deploy/DeployNavigation.svelte
rename to packages/builder/src/components/deploy/AppActions.svelte
index d3a428fed2..daed564204 100644
--- a/packages/builder/src/components/deploy/DeployNavigation.svelte
+++ b/packages/builder/src/components/deploy/AppActions.svelte
@@ -6,8 +6,10 @@
     Heading,
     Body,
     Button,
-    Icon,
+    ActionButton,
   } from "@budibase/bbui"
+  import RevertModal from "components/deploy/RevertModal.svelte"
+  import VersionModal from "components/deploy/VersionModal.svelte"
   import { processStringSync } from "@budibase/string-templates"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
   import analytics, { Events, EventSource } from "analytics"
@@ -16,6 +18,9 @@
   import { onMount } from "svelte"
   import DeployModal from "components/deploy/DeployModal.svelte"
   import { apps } from "stores/portal"
+  import { store } from "builderStore"
+  import TourWrap from "components/portal/onboarding/TourWrap.svelte"
+  import { TOUR_STEP_KEYS } from "components/portal/onboarding/tours.js"
 
   export let application
 
@@ -108,66 +113,97 @@
   })
 </script>
 
-<div class="deployment-top-nav">
-  {#if isPublished}
-    <div class="publish-popover">
-      <div bind:this={publishPopoverAnchor}>
-        <Icon
-          size="M"
-          hoverable
-          name="Globe"
-          tooltip="Your published app"
-          on:click={publishPopover.show()}
-        />
-      </div>
-      <Popover
-        bind:this={publishPopover}
-        align="right"
-        disabled={!isPublished}
-        anchor={publishPopoverAnchor}
-        offset={10}
-      >
-        <div class="popover-content">
-          <Layout noPadding gap="M">
-            <Heading size="XS">Your published app</Heading>
-            <Body size="S">
-              <span class="publish-popover-message">
-                {processStringSync(
-                  "Last published {{ duration time 'millisecond' }} ago",
-                  {
-                    time:
-                      new Date().getTime() -
-                      new Date(latestDeployments[0].updatedAt).getTime(),
-                  }
-                )}
-              </span>
-            </Body>
-            <div class="buttons">
-              <Button
-                warning={true}
-                icon="GlobeStrike"
-                disabled={!isPublished}
-                on:click={unpublishApp}
-              >
-                Unpublish
-              </Button>
-              <Button cta on:click={viewApp}>View app</Button>
-            </div>
-          </Layout>
-        </div>
-      </Popover>
+<div class="action-top-nav">
+  <div class="action-buttons">
+    <div class="version">
+      <VersionModal />
     </div>
-  {/if}
+    <RevertModal />
 
-  {#if !isPublished}
-    <Icon
-      size="M"
-      name="GlobeStrike"
-      disabled
-      tooltip="Your app has not been published yet"
-    />
-  {/if}
+    {#if isPublished}
+      <div class="publish-popover">
+        <div bind:this={publishPopoverAnchor}>
+          <ActionButton
+            quiet
+            icon="Globe"
+            size="M"
+            tooltip="Your published app"
+            on:click={publishPopover.show()}
+          />
+        </div>
+        <Popover
+          bind:this={publishPopover}
+          align="right"
+          disabled={!isPublished}
+          anchor={publishPopoverAnchor}
+          offset={10}
+        >
+          <div class="popover-content">
+            <Layout noPadding gap="M">
+              <Heading size="XS">Your published app</Heading>
+              <Body size="S">
+                <span class="publish-popover-message">
+                  {processStringSync(
+                    "Last published {{ duration time 'millisecond' }} ago",
+                    {
+                      time:
+                        new Date().getTime() -
+                        new Date(latestDeployments[0].updatedAt).getTime(),
+                    }
+                  )}
+                </span>
+              </Body>
+              <div class="buttons">
+                <Button
+                  warning={true}
+                  icon="GlobeStrike"
+                  disabled={!isPublished}
+                  on:click={unpublishApp}
+                >
+                  Unpublish
+                </Button>
+                <Button cta on:click={viewApp}>View app</Button>
+              </div>
+            </Layout>
+          </div>
+        </Popover>
+      </div>
+    {/if}
+
+    {#if !isPublished}
+      <ActionButton
+        quiet
+        icon="GlobeStrike"
+        size="M"
+        tooltip="Your app has not been published yet"
+        disabled
+      />
+    {/if}
+
+    <TourWrap
+      tourStepKey={$store.onboarding
+        ? TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT
+        : TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT}
+    >
+      <span id="builder-app-users-button">
+        <ActionButton
+          quiet
+          icon="UserGroup"
+          size="M"
+          on:click={() => {
+            store.update(state => {
+              state.builderSidePanel = true
+              return state
+            })
+          }}
+        >
+          Users
+        </ActionButton>
+      </span>
+    </TourWrap>
+  </div>
 </div>
+
 <ConfirmDialog
   bind:this={unpublishModal}
   title="Confirm unpublish"
@@ -183,6 +219,11 @@
 </div>
 
 <style>
+  /* .banner-btn {
+    display: flex;
+    align-items: center;
+    gap: var(--spacing-s);
+  } */
   .popover-content {
     padding: var(--spacing-xl);
   }
@@ -191,6 +232,22 @@
     flex-direction: row;
     justify-content: flex-end;
     align-items: center;
-    gap: var(--spacing-m);
+    gap: var(--spacing-l);
+  }
+  .action-buttons {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    align-items: center;
+    /* gap: var(--spacing-s); */
+  }
+  .version {
+    margin-right: var(--spacing-s);
+  }
+  .action-top-nav {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    align-items: center;
   }
 </style>
diff --git a/packages/builder/src/components/deploy/RevertModal.svelte b/packages/builder/src/components/deploy/RevertModal.svelte
index a8f9d8f6e3..0c3372f8ec 100644
--- a/packages/builder/src/components/deploy/RevertModal.svelte
+++ b/packages/builder/src/components/deploy/RevertModal.svelte
@@ -1,10 +1,10 @@
 <script>
   import {
-    Icon,
     Input,
     Modal,
     notifications,
     ModalContent,
+    ActionButton,
   } from "@budibase/bbui"
   import { store } from "builderStore"
   import { API } from "api"
@@ -28,12 +28,14 @@
   }
 </script>
 
-<Icon
-  name="Revert"
-  hoverable
-  on:click={revertModal.show}
+<ActionButton
+  quiet
+  icon="Revert"
+  size="M"
   tooltip="Revert changes"
+  on:click={revertModal.show}
 />
+
 <Modal bind:this={revertModal}>
   <ModalContent
     title="Revert Changes"
diff --git a/packages/builder/src/components/deploy/VersionModal.svelte b/packages/builder/src/components/deploy/VersionModal.svelte
index 23d9fd83a0..f357cc7820 100644
--- a/packages/builder/src/components/deploy/VersionModal.svelte
+++ b/packages/builder/src/components/deploy/VersionModal.svelte
@@ -24,7 +24,10 @@
   let updateModal
 
   $: appId = $store.appId
-  $: updateAvailable = clientPackage.version !== $store.version
+  $: updateAvailable =
+    clientPackage.version &&
+    $store.version &&
+    clientPackage.version !== $store.version
   $: revertAvailable = $store.revertableVersion != null
 
   const refreshAppPackage = async () => {
diff --git a/packages/builder/src/components/design/Panel.svelte b/packages/builder/src/components/design/Panel.svelte
index a1e3bd7eb7..6c8753a99e 100644
--- a/packages/builder/src/components/design/Panel.svelte
+++ b/packages/builder/src/components/design/Panel.svelte
@@ -14,10 +14,11 @@
   export let borderRight = false
 
   let wide = false
+  $: customHeaderContent = $$slots["panel-header-content"]
 </script>
 
 <div class="panel" class:wide class:borderLeft class:borderRight>
-  <div class="header">
+  <div class="header" class:custom={customHeaderContent}>
     {#if showBackButton}
       <Icon name="ArrowLeft" hoverable on:click={onClickBackButton} />
     {/if}
@@ -43,6 +44,13 @@
       <Icon name="Close" hoverable on:click={onClickCloseButton} />
     {/if}
   </div>
+
+  {#if customHeaderContent}
+    <span class="custom-content-wrap">
+      <slot name="panel-header-content" />
+    </span>
+  {/if}
+
   <div class="body">
     <slot />
   </div>
@@ -116,4 +124,10 @@
     justify-content: flex-start;
     align-items: stretch;
   }
+  .header.custom {
+    border: none;
+  }
+  .custom-content-wrap {
+    border-bottom: var(--border-light);
+  }
 </style>
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
index 840a639fb4..ba72fd2ed7 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
@@ -20,6 +20,12 @@
     x =>
       x._id !== BUDIBASE_INTERNAL_DB_ID && x.type !== BUDIBASE_DATASOURCE_TYPE
   )
+  // Ensure query params exist so they can be bound
+  $: {
+    if (!parameters.queryParams) {
+      parameters.queryParams = {}
+    }
+  }
 
   function fetchQueryDefinition(query) {
     const source = $datasources.list.find(
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
index d90b645315..dca2887fb4 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
@@ -1,22 +1,66 @@
 <script>
-  import { Label, Checkbox } from "@budibase/bbui"
+  import { store } from "builderStore"
+  import { onMount } from "svelte"
+  import { Label, Checkbox, Select } from "@budibase/bbui"
   import DrawerBindableInput from "components/common/bindings/DrawerBindableInput.svelte"
+  import DrawerBindableCombobox from "components/common/bindings/DrawerBindableCombobox.svelte"
 
   export let parameters
   export let bindings = []
+
+  $: urlOptions = $store.screens
+    .map(screen => screen.routing?.route)
+    .filter(x => x != null)
+
+  const typeOptions = [
+    {
+      label: "Screen",
+      value: "screen",
+    },
+    {
+      label: "URL",
+      value: "url",
+    },
+  ]
+
+  onMount(() => {
+    if (!parameters.type) {
+      parameters.type = "screen"
+    }
+  })
 </script>
 
 <div class="root">
-  <Label small>Screen</Label>
-  <DrawerBindableInput
-    title="Destination URL"
-    placeholder="/screen"
-    value={parameters.url}
-    on:change={value => (parameters.url = value.detail)}
-    {bindings}
+  <Label small>Destination</Label>
+  <Select
+    placeholder={null}
+    bind:value={parameters.type}
+    options={typeOptions}
+    on:change={() => (parameters.url = "")}
   />
-  <div />
-  <Checkbox text="Open screen in modal" bind:value={parameters.peek} />
+  {#if parameters.type === "screen"}
+    <DrawerBindableCombobox
+      title="Destination"
+      placeholder="/screen"
+      value={parameters.url}
+      on:change={value => (parameters.url = value.detail)}
+      {bindings}
+      options={urlOptions}
+      appendBindingsAsOptions={false}
+    />
+    <div />
+    <Checkbox text="Open screen in modal" bind:value={parameters.peek} />
+  {:else}
+    <DrawerBindableInput
+      title="Destination"
+      placeholder="/url"
+      value={parameters.url}
+      on:change={value => (parameters.url = value.detail)}
+      {bindings}
+    />
+    <div />
+    <Checkbox text="New Tab" bind:value={parameters.externalNewTab} />
+  {/if}
 </div>
 
 <style>
@@ -24,7 +68,7 @@
     display: grid;
     align-items: center;
     gap: var(--spacing-m);
-    grid-template-columns: auto 1fr;
+    grid-template-columns: auto;
     max-width: 400px;
     margin: 0 auto;
   }
diff --git a/packages/builder/src/components/design/settings/controls/ColumnEditor/ColumnEditor.svelte b/packages/builder/src/components/design/settings/controls/ColumnEditor/ColumnEditor.svelte
index 36cc9f619d..098a8f7ed7 100644
--- a/packages/builder/src/components/design/settings/controls/ColumnEditor/ColumnEditor.svelte
+++ b/packages/builder/src/components/design/settings/controls/ColumnEditor/ColumnEditor.svelte
@@ -8,6 +8,7 @@
     getSchemaForDatasource,
   } from "builderStore/dataBinding"
   import { currentAsset } from "builderStore"
+  import { getFields } from "helpers/searchFields"
 
   export let componentInstance
   export let value = []
@@ -21,9 +22,14 @@
 
   $: datasource = getDatasourceForProvider($currentAsset, componentInstance)
   $: schema = getSchema($currentAsset, datasource)
-  $: options = Object.keys(schema || {})
+  $: options = allowCellEditing
+    ? Object.keys(schema || {})
+    : enrichedSchemaFields?.map(field => field.name)
   $: sanitisedValue = getValidColumns(value, options)
   $: updateBoundValue(sanitisedValue)
+  $: enrichedSchemaFields = getFields(Object.values(schema) || [], {
+    allowLinks: true,
+  })
 
   const getSchema = (asset, datasource) => {
     const schema = getSchemaForDatasource(asset, datasource).schema
diff --git a/packages/builder/src/components/integration/QueryViewer.svelte b/packages/builder/src/components/integration/QueryViewer.svelte
index 2109356c74..7a76970ecb 100644
--- a/packages/builder/src/components/integration/QueryViewer.svelte
+++ b/packages/builder/src/components/integration/QueryViewer.svelte
@@ -35,6 +35,7 @@
   let parameters
   let data = []
   let saveId
+  let currentTab = "JSON"
 
   $: datasource = $datasources.list.find(ds => ds._id === query.datasourceId)
   $: query.schema = fieldsToSchema(fields)
@@ -84,7 +85,16 @@
         return
       }
       data = response.rows
+      // need to merge fields that already exist/might have changed
+      if (fields) {
+        for (let key of Object.keys(response.schema)) {
+          if (fields[key]) {
+            response.schema[key] = fields[key]
+          }
+        }
+      }
       fields = response.schema
+      currentTab = "JSON"
       notifications.success("Query executed successfully")
     } catch (error) {
       notifications.error(`Query Error: ${error.message}`)
@@ -205,7 +215,7 @@
       </Body>
       <section class="viewer">
         {#if data}
-          <Tabs selected="JSON">
+          <Tabs bind:selected={currentTab}>
             <Tab title="JSON">
               <JSONPreview data={data[0]} minHeight="120" />
             </Tab>
diff --git a/packages/builder/src/components/integration/RestQueryViewer.svelte b/packages/builder/src/components/integration/RestQueryViewer.svelte
index 0ba232cbdb..1f21ae897e 100644
--- a/packages/builder/src/components/integration/RestQueryViewer.svelte
+++ b/packages/builder/src/components/integration/RestQueryViewer.svelte
@@ -120,7 +120,7 @@
 
   const cleanUrl = inputUrl =>
     url
-      ?.replace(/(http)|(https)|[{}:]/g, "")
+      ?.replace(/(https)|(http)|[{}:]/g, "")
       ?.replaceAll(".", "_")
       ?.replaceAll("/", " ")
       ?.trim() || inputUrl
diff --git a/packages/builder/src/components/portal/onboarding/TourPopover.svelte b/packages/builder/src/components/portal/onboarding/TourPopover.svelte
index e6a4ed3b27..37ed0c6350 100644
--- a/packages/builder/src/components/portal/onboarding/TourPopover.svelte
+++ b/packages/builder/src/components/portal/onboarding/TourPopover.svelte
@@ -122,7 +122,9 @@
         <Layout noPadding gap="M">
           <div class="tour-header">
             <Heading size="XS">{tourStep?.title || "-"}</Heading>
-            <div>{`${tourStepIdx + 1}/${tourSteps?.length}`}</div>
+            {#if tourSteps?.length > 1}
+              <div>{`${tourStepIdx + 1}/${tourSteps?.length}`}</div>
+            {/if}
           </div>
           <Body size="S">
             <span class="tour-body">
diff --git a/packages/builder/src/components/portal/onboarding/TourWrap.svelte b/packages/builder/src/components/portal/onboarding/TourWrap.svelte
index 1be149f7fa..2fff8507c5 100644
--- a/packages/builder/src/components/portal/onboarding/TourWrap.svelte
+++ b/packages/builder/src/components/portal/onboarding/TourWrap.svelte
@@ -6,16 +6,19 @@
 
   export let tourStepKey
 
-  let currentTour
+  let currentTourStep
   let ready = false
   let handler
 
   onMount(() => {
     if (!$store.tourKey) return
 
-    currentTour = TOURS[$store.tourKey].find(step => step.id === tourStepKey)
+    currentTourStep = TOURS[$store.tourKey].find(
+      step => step.id === tourStepKey
+    )
+    if (!currentTourStep) return
 
-    const elem = document.querySelector(currentTour.query)
+    const elem = document.querySelector(currentTourStep.query)
     handler = tourHandler(elem, tourStepKey)
     ready = true
   })
diff --git a/packages/builder/src/components/portal/onboarding/tours.js b/packages/builder/src/components/portal/onboarding/tours.js
index d1485c4872..3ca25b7481 100644
--- a/packages/builder/src/components/portal/onboarding/tours.js
+++ b/packages/builder/src/components/portal/onboarding/tours.js
@@ -1,19 +1,23 @@
 import { get } from "svelte/store"
 import { store } from "builderStore"
-import { users, auth } from "stores/portal"
+import { auth } from "stores/portal"
 import analytics from "analytics"
 import { OnboardingData, OnboardingDesign, OnboardingPublish } from "./steps"
+import { API } from "api"
 const ONBOARDING_EVENT_PREFIX = "onboarding"
 
 export const TOUR_STEP_KEYS = {
   BUILDER_APP_PUBLISH: "builder-app-publish",
   BUILDER_DATA_SECTION: "builder-data-section",
   BUILDER_DESIGN_SECTION: "builder-design-section",
+  BUILDER_USER_MANAGEMENT: "builder-user-management",
   BUILDER_AUTOMATE_SECTION: "builder-automate-section",
+  FEATURE_USER_MANAGEMENT: "feature-user-management",
 }
 
 export const TOUR_KEYS = {
   TOUR_BUILDER_ONBOARDING: "builder-onboarding",
+  FEATURE_ONBOARDING: "feature-onboarding",
 }
 
 const tourEvent = eventKey => {
@@ -58,6 +62,15 @@ const getTours = () => {
         },
         align: "left",
       },
+      {
+        id: TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT,
+        title: "Users",
+        query: ".toprightnav #builder-app-users-button",
+        body: "Add users to your app and control what level of access they have.",
+        onLoad: () => {
+          tourEvent(TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT)
+        },
+      },
       {
         id: TOUR_STEP_KEYS.BUILDER_APP_PUBLISH,
         title: "Publish",
@@ -71,8 +84,37 @@ const getTours = () => {
           // Mark the users onboarding as complete
           // Clear all tour related state
           if (get(auth).user) {
-            await users.save({
-              ...get(auth).user,
+            await API.updateSelf({
+              onboardedAt: new Date().toISOString(),
+            })
+
+            // Update the cached user
+            await auth.getSelf()
+
+            store.update(state => ({
+              ...state,
+              tourNodes: undefined,
+              tourKey: undefined,
+              tourKeyStep: undefined,
+              onboarding: false,
+            }))
+          }
+        },
+      },
+    ],
+    [TOUR_KEYS.FEATURE_ONBOARDING]: [
+      {
+        id: TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT,
+        title: "Users",
+        query: ".toprightnav #builder-app-users-button",
+        body: "Add users to your app and control what level of access they have.",
+        onLoad: () => {
+          tourEvent(TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT)
+        },
+        onComplete: async () => {
+          // Push the onboarding forward
+          if (get(auth).user) {
+            await API.updateSelf({
               onboardedAt: new Date().toISOString(),
             })
 
diff --git a/packages/builder/src/components/settings/ProfileModal.svelte b/packages/builder/src/components/settings/ProfileModal.svelte
index daeeb791bb..caaf5154b3 100644
--- a/packages/builder/src/components/settings/ProfileModal.svelte
+++ b/packages/builder/src/components/settings/ProfileModal.svelte
@@ -13,6 +13,7 @@
       await auth.updateSelf($values)
       notifications.success("Information updated successfully")
     } catch (error) {
+      console.error(error)
       notifications.error("Failed to update information")
     }
   }
diff --git a/packages/builder/src/components/settings/UserGroupPicker.svelte b/packages/builder/src/components/settings/UserGroupPicker.svelte
index 1c69e48da1..b1b59cda7a 100644
--- a/packages/builder/src/components/settings/UserGroupPicker.svelte
+++ b/packages/builder/src/components/settings/UserGroupPicker.svelte
@@ -18,7 +18,7 @@
     return list.map(item => {
       return {
         ...item,
-        selected: selected.find(x => x === item._id) != null,
+        selected: selected?.find(x => x === item._id) != null,
       }
     })
   }
diff --git a/packages/builder/src/constants/index.js b/packages/builder/src/constants/index.js
index f68202f81e..99c731231d 100644
--- a/packages/builder/src/constants/index.js
+++ b/packages/builder/src/constants/index.js
@@ -62,3 +62,8 @@ export const PluginSource = {
   GITHUB: "Github",
   FILE: "File Upload",
 }
+
+export const OnboardingType = {
+  EMAIL: "email",
+  PASSWORD: "password",
+}
diff --git a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
new file mode 100644
index 0000000000..cd0b549d5d
--- /dev/null
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@@ -0,0 +1,774 @@
+<script>
+  import {
+    Icon,
+    Heading,
+    Layout,
+    Input,
+    clickOutside,
+    notifications,
+    ActionButton,
+  } from "@budibase/bbui"
+  import { store } from "builderStore"
+  import { groups, licensing, apps, users } from "stores/portal"
+  import { fetchData } from "@budibase/frontend-core"
+  import { API } from "api"
+  import { onMount } from "svelte"
+  import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
+  import RoleSelect from "components/common/RoleSelect.svelte"
+  import { Constants, Utils } from "@budibase/frontend-core"
+  import { emailValidator } from "helpers/validation"
+  import CopyInput from "components/common/inputs/CopyInput.svelte"
+  import { roles } from "stores/backend"
+
+  let query = null
+  let loaded = false
+  let rendered = false
+  let inviting = false
+  let searchFocus = false
+
+  let appInvites = []
+  let filteredInvites = []
+  let filteredUsers = []
+  let filteredGroups = []
+  let selectedGroup
+  let userOnboardResponse = null
+
+  $: queryIsEmail = emailValidator(query) === true
+  $: prodAppId = apps.getProdAppID($store.appId)
+  $: promptInvite = showInvite(
+    filteredInvites,
+    filteredUsers,
+    filteredGroups,
+    query
+  )
+
+  const showInvite = (invites, users, groups, query) => {
+    return !invites?.length && !users?.length && !groups?.length && query
+  }
+
+  const filterInvites = async query => {
+    appInvites = await getInvites()
+    if (!query || query == "") {
+      filteredInvites = appInvites
+      return
+    }
+    filteredInvites = appInvites.filter(invite => invite.email.includes(query))
+  }
+
+  $: filterInvites(query)
+
+  const usersFetch = fetchData({
+    API,
+    datasource: {
+      type: "user",
+    },
+  })
+
+  const searchUsers = async (query, sidePaneOpen, loaded) => {
+    if (!sidePaneOpen || !loaded) {
+      return
+    }
+    if (!prodAppId) {
+      console.log("Application id required")
+      return
+    }
+    await usersFetch.update({
+      query: {
+        appId: query ? null : prodAppId,
+        email: query,
+        paginated: query ? null : false,
+      },
+    })
+    await usersFetch.refresh()
+
+    filteredUsers = $usersFetch.rows.map(user => {
+      const isBuilderOrAdmin = user.admin?.global || user.builder?.global
+      let role = undefined
+      if (isBuilderOrAdmin) {
+        role = Constants.Roles.ADMIN
+      } else {
+        const appRole = Object.keys(user.roles).find(x => x === prodAppId)
+        if (appRole) {
+          role = user.roles[appRole]
+        }
+      }
+
+      return {
+        ...user,
+        role,
+        isBuilderOrAdmin,
+      }
+    })
+  }
+
+  const debouncedUpdateFetch = Utils.debounce(searchUsers, 250)
+  $: debouncedUpdateFetch(query, $store.builderSidePanel, loaded)
+
+  const updateAppUser = async (user, role) => {
+    if (!prodAppId) {
+      notifications.error("Application id must be specified")
+      return
+    }
+    const update = await users.get(user._id)
+    await users.save({
+      ...update,
+      roles: {
+        ...update.roles,
+        [prodAppId]: role,
+      },
+    })
+    await searchUsers(query, $store.builderSidePanel, loaded)
+  }
+
+  const onUpdateUser = async (user, role) => {
+    if (!user) {
+      notifications.error("A user must be specified")
+      return
+    }
+    try {
+      if (user.role === role) {
+        return
+      }
+      await updateAppUser(user, role)
+    } catch (error) {
+      console.error(error)
+      notifications.error("User could not be updated")
+    }
+  }
+
+  const updateAppGroup = async (target, role) => {
+    if (!prodAppId) {
+      notifications.error("Application id must be specified")
+      return
+    }
+
+    if (!role) {
+      await groups.actions.removeApp(target._id, prodAppId)
+    } else {
+      await groups.actions.addApp(target._id, prodAppId, role)
+    }
+
+    await usersFetch.refresh()
+    await groups.actions.init()
+  }
+
+  const onUpdateGroup = async (group, role) => {
+    if (!group) {
+      notifications.error("A group must be specified")
+      return
+    }
+    try {
+      await updateAppGroup(group, role)
+    } catch {
+      notifications.error("Group update failed")
+    }
+  }
+
+  const getAppGroups = (allGroups, appId) => {
+    if (!allGroups) {
+      return []
+    }
+    return allGroups.filter(group => {
+      if (!group.roles) {
+        return false
+      }
+      return groups.actions.getGroupAppIds(group).includes(appId)
+    })
+  }
+
+  const searchGroups = (userGroups, query) => {
+    let filterGroups = query?.length
+      ? userGroups
+      : getAppGroups(userGroups, prodAppId)
+    return filterGroups
+      .filter(group => {
+        if (!query?.length) {
+          return true
+        }
+        //Group Name only.
+        const nameMatch = group.name
+          ?.toLowerCase()
+          .includes(query?.toLowerCase())
+
+        return nameMatch
+      })
+      .map(enrichGroupRole)
+  }
+
+  const enrichGroupRole = group => {
+    return {
+      ...group,
+      role: group.roles?.[
+        groups.actions.getGroupAppIds(group).find(x => x === prodAppId)
+      ],
+    }
+  }
+
+  const getEnrichedGroups = groups => {
+    return groups.map(enrichGroupRole)
+  }
+
+  // Adds the 'role' attribute and sets it to the current app.
+  $: enrichedGroups = getEnrichedGroups($groups)
+  $: filteredGroups = searchGroups(enrichedGroups, query)
+  $: groupUsers = buildGroupUsers(filteredGroups, filteredUsers)
+  $: allUsers = [...filteredUsers, ...groupUsers]
+
+  /*
+    Create pseudo users from the "users" attribute on app groups.
+    These users will appear muted in the UI and show the ROLE
+    inherited from their parent group. The users allow assigning of user 
+    specific roles for the app.
+  */
+  const buildGroupUsers = (userGroups, filteredUsers) => {
+    if (query) {
+      return []
+    }
+    // Must exclude users who have explicit privileges
+    const userByEmail = filteredUsers.reduce((acc, user) => {
+      if (user.role || user.admin?.global || user.builder?.global) {
+        acc.push(user.email)
+      }
+      return acc
+    }, [])
+
+    const indexedUsers = userGroups.reduce((acc, group) => {
+      group.users.forEach(user => {
+        if (userByEmail.indexOf(user.email) == -1) {
+          acc[user._id] = {
+            _id: user._id,
+            email: user.email,
+            role: group.role,
+            group: group.name,
+          }
+        }
+      })
+      return acc
+    }, {})
+    return Object.values(indexedUsers)
+  }
+
+  const getInvites = async () => {
+    try {
+      const invites = await users.getInvites()
+      return invites
+    } catch (error) {
+      notifications.error(error.message)
+      return []
+    }
+  }
+
+  async function inviteUser() {
+    if (!queryIsEmail) {
+      notifications.error("Email is not valid")
+      return
+    }
+    const newUserEmail = query + ""
+    inviting = true
+
+    const payload = [
+      {
+        email: newUserEmail,
+        builder: false,
+        admin: false,
+        apps: { [prodAppId]: Constants.Roles.BASIC },
+      },
+    ]
+    let userInviteResponse
+    try {
+      userInviteResponse = await users.onboard(payload)
+
+      const newUser = userInviteResponse?.successful.find(
+        user => user.email === newUserEmail
+      )
+      if (newUser) {
+        notifications.success(
+          userInviteResponse.created
+            ? "User created successfully"
+            : "User invite successful"
+        )
+      } else {
+        throw new Error("User invite failed")
+      }
+    } catch (error) {
+      console.error(error.message)
+      notifications.error("Error inviting user")
+    }
+    inviting = false
+    return userInviteResponse
+  }
+
+  const onInviteUser = async () => {
+    userOnboardResponse = await inviteUser()
+
+    const userInviteSuccess = userOnboardResponse?.successful
+    if (userInviteSuccess && userInviteSuccess[0].email === query) {
+      query = null
+      query = userInviteSuccess[0].email
+    }
+  }
+
+  const onUpdateUserInvite = async (invite, role) => {
+    await users.updateInvite({
+      code: invite.code,
+      apps: {
+        ...invite.apps,
+        [prodAppId]: role,
+      },
+    })
+    await filterInvites()
+  }
+
+  const onUninviteAppUser = async invite => {
+    await uninviteAppUser(invite)
+    await filterInvites()
+  }
+
+  // Purge only the app from the invite or recind the invite if only 1 app remains?
+  const uninviteAppUser = async invite => {
+    let updated = { ...invite }
+    delete updated.info.apps[prodAppId]
+
+    return await users.updateInvite({
+      code: updated.code,
+      apps: updated.apps,
+    })
+  }
+
+  const initSidePanel = async sidePaneOpen => {
+    if (sidePaneOpen === true) {
+      await groups.actions.init()
+    }
+    loaded = true
+  }
+
+  $: initSidePanel($store.builderSidePanel)
+
+  onMount(() => {
+    rendered = true
+    searchFocus = true
+  })
+
+  function handleKeyDown(evt) {
+    if (evt.key === "Enter" && queryIsEmail && !inviting) {
+      onInviteUser()
+    }
+  }
+
+  const userTitle = user => {
+    if (user.admin?.global) {
+      return "Admin"
+    } else if (user.builder?.global) {
+      return "Developer"
+    } else {
+      return "App user"
+    }
+  }
+
+  const getRoleFooter = user => {
+    if (user.group) {
+      const role = $roles.find(role => role._id === user.role)
+      return `This user has been given ${role?.name} access from the ${user.group} group`
+    }
+    if (user.isBuilderOrAdmin) {
+      return "This user's role grants admin access to all apps"
+    }
+    return null
+  }
+</script>
+
+<svelte:window on:keydown={handleKeyDown} />
+
+<div
+  id="builder-side-panel-container"
+  class:open={$store.builderSidePanel}
+  use:clickOutside={$store.builderSidePanel
+    ? () => {
+        store.update(state => {
+          state.builderSidePanel = false
+          return state
+        })
+      }
+    : () => {}}
+>
+  <div class="builder-side-panel-header">
+    <Heading size="S">Users</Heading>
+    <Icon
+      color="var(--spectrum-global-color-gray-600)"
+      name="RailRightClose"
+      hoverable
+      on:click={() => {
+        store.update(state => {
+          state.builderSidePanel = false
+          return state
+        })
+      }}
+    />
+  </div>
+  <div class="search" class:focused={searchFocus}>
+    <span class="search-input">
+      <Input
+        placeholder={"Add users and groups to your app"}
+        autocomplete="off"
+        disabled={inviting}
+        value={query}
+        autofocus
+        on:input={e => {
+          query = e.target.value.trim()
+        }}
+        on:focus={() => (searchFocus = true)}
+        on:blur={() => (searchFocus = false)}
+      />
+    </span>
+
+    <span
+      class="search-input-icon"
+      class:searching={query}
+      on:click={() => {
+        if (!query) {
+          return
+        }
+        query = null
+        userOnboardResponse = null
+      }}
+    >
+      <Icon name={query ? "Close" : "Search"} />
+    </span>
+  </div>
+
+  <div class="body">
+    {#if promptInvite && !userOnboardResponse}
+      <Layout gap="S" paddingX="XL">
+        <div class="invite-header">
+          <Heading size="XS">No user found</Heading>
+          <div class="invite-directions">
+            Add a valid email to invite a new user
+          </div>
+        </div>
+        <div class="invite-form">
+          <span>{query || ""}</span>
+          <ActionButton
+            icon="UserAdd"
+            disabled={!queryIsEmail || inviting}
+            on:click={onInviteUser}
+          >
+            Add user
+          </ActionButton>
+        </div>
+      </Layout>
+    {/if}
+
+    {#if !promptInvite}
+      <Layout gap="L" noPadding>
+        {#if filteredInvites?.length}
+          <Layout noPadding gap="XS">
+            <div class="auth-entity-header">
+              <div class="auth-entity-title">Pending invites</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each filteredInvites as invite}
+              <div class="auth-entity">
+                <div class="details">
+                  <div class="user-email" title={invite.email}>
+                    {invite.email}
+                  </div>
+                </div>
+                <div class="auth-entity-access">
+                  <RoleSelect
+                    placeholder={false}
+                    value={invite.info.apps?.[prodAppId]}
+                    allowRemove={invite.info.apps?.[prodAppId]}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateUserInvite(invite, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUninviteAppUser(invite)
+                    }}
+                    autoWidth
+                    align="right"
+                  />
+                </div>
+              </div>
+            {/each}
+          </Layout>
+        {/if}
+
+        {#if $licensing.groupsEnabled && filteredGroups?.length}
+          <Layout noPadding gap="XS">
+            <div class="auth-entity-header">
+              <div class="auth-entity-title">Groups</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each filteredGroups as group}
+              <div
+                class="auth-entity group"
+                on:click={() => {
+                  if (selectedGroup != group._id) {
+                    selectedGroup = group._id
+                  } else {
+                    selectedGroup = null
+                  }
+                }}
+                on:keydown={() => {}}
+              >
+                <div class="details">
+                  <GroupIcon {group} size="S" />
+                  <div>
+                    {group.name}
+                  </div>
+                  <div class="auth-entity-meta">
+                    {`${group.users?.length} user${
+                      group.users?.length != 1 ? "s" : ""
+                    }`}
+                  </div>
+                </div>
+                <div class="auth-entity-access">
+                  <RoleSelect
+                    placeholder={false}
+                    value={group.role}
+                    allowRemove={group.role}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateGroup(group, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUpdateGroup(group)
+                    }}
+                    autoWidth
+                    align="right"
+                  />
+                </div>
+              </div>
+            {/each}
+          </Layout>
+        {/if}
+
+        {#if filteredUsers?.length}
+          <div class="auth-entity-section">
+            <div class="auth-entity-header ">
+              <div class="auth-entity-title">Users</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each allUsers as user}
+              <div class="auth-entity">
+                <div class="details">
+                  <div class="user-email" title={user.email}>
+                    {user.email}
+                  </div>
+                  <div class="auth-entity-meta">
+                    {userTitle(user)}
+                  </div>
+                </div>
+                <div class="auth-entity-access" class:muted={user.group}>
+                  <RoleSelect
+                    footer={getRoleFooter(user)}
+                    placeholder={false}
+                    value={user.role}
+                    allowRemove={user.role && !user.group}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateUser(user, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUpdateUser(user)
+                    }}
+                    autoWidth
+                    align="right"
+                    allowedRoles={user.isBuilderOrAdmin
+                      ? [Constants.Roles.ADMIN]
+                      : null}
+                  />
+                </div>
+              </div>
+            {/each}
+          </div>
+        {/if}
+      </Layout>
+    {/if}
+
+    {#if userOnboardResponse?.created}
+      <Layout gap="S" paddingX="XL">
+        <div class="invite-header">
+          <Heading size="XS">User added!</Heading>
+          <div class="invite-directions">
+            Email invites are not available without SMTP configuration. Here is
+            the password that has been generated for this user.
+          </div>
+        </div>
+        <div>
+          <CopyInput
+            value={userOnboardResponse.successful[0]?.password}
+            label="Password"
+          />
+        </div>
+      </Layout>
+    {/if}
+  </div>
+</div>
+
+<style>
+  .search :global(input) {
+    padding-left: 0px;
+  }
+
+  .search {
+    display: flex;
+    align-items: center;
+  }
+
+  .search-input {
+    flex: 1;
+  }
+
+  .search-input-icon.searching {
+    cursor: pointer;
+  }
+
+  .auth-entity-section {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-s);
+    width: 400px;
+  }
+
+  .auth-entity-meta {
+    color: var(--spectrum-global-color-gray-600);
+    font-size: 12px;
+    white-space: nowrap;
+  }
+
+  .auth-entity-access {
+    margin-right: var(--spacing-m);
+  }
+  .auth-entity-access.muted :global(.spectrum-Picker-label),
+  .auth-entity-access.muted :global(.spectrum-StatusLight) {
+    opacity: 0.5;
+  }
+
+  .auth-entity-header {
+    color: var(--spectrum-global-color-gray-600);
+  }
+
+  .auth-entity,
+  .auth-entity-header {
+    padding: 0px var(--spacing-xl);
+  }
+
+  .auth-entity,
+  .auth-entity-header {
+    display: grid;
+    grid-template-columns: 1fr 110px;
+    align-items: center;
+    gap: var(--spacing-xl);
+  }
+
+  .auth-entity .details {
+    display: flex;
+    align-items: center;
+    gap: var(--spacing-m);
+    color: var(--spectrum-global-color-gray-900);
+    overflow: hidden;
+  }
+
+  .auth-entity .user-email {
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    overflow: hidden;
+    color: var(--spectrum-global-color-gray-900);
+  }
+
+  #builder-side-panel-container {
+    box-sizing: border-box;
+    max-width: calc(100vw - 40px);
+    background: var(--background);
+    border-left: var(--border-light);
+    z-index: 3;
+    display: flex;
+    flex-direction: column;
+    overflow-y: auto;
+    overflow-x: hidden;
+    transition: transform 130ms ease-out;
+    position: absolute;
+    width: 400px;
+    right: 0;
+    transform: translateX(100%);
+    height: 100%;
+  }
+
+  .builder-side-panel-header,
+  #builder-side-panel-container .search {
+    padding: 0px var(--spacing-xl);
+  }
+
+  #builder-side-panel-container .auth-entity .details {
+    box-sizing: border-box;
+  }
+
+  .invite-form {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+  }
+
+  #builder-side-panel-container .search {
+    padding-top: var(--spacing-m);
+    padding-bottom: var(--spacing-m);
+    border-top: var(--border-light);
+    border-bottom: var(--border-light);
+    border-left: 2px solid transparent;
+    border-right: 2px solid transparent;
+    margin-right: 1px;
+  }
+
+  #builder-side-panel-container .search :global(input) {
+    border: none;
+    border-radius: 0px;
+    background: none;
+  }
+
+  #builder-side-panel-container .search :global(input) {
+    border: none;
+    border-radius: 0px;
+  }
+
+  #builder-side-panel-container .search.focused {
+    border-color: var(
+      --spectrum-textfield-m-border-color-down,
+      var(--spectrum-alias-border-color-mouse-focus)
+    );
+  }
+
+  #builder-side-panel-container .search :global(input::placeholder) {
+    font-style: normal;
+  }
+
+  #builder-side-panel-container.open {
+    transform: translateX(0);
+    box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);
+  }
+
+  .builder-side-panel-header {
+    display: flex;
+    flex-direction: row;
+    justify-content: space-between;
+    align-items: center;
+    flex: 0 0 58px;
+  }
+
+  .invite-header {
+    display: flex;
+    gap: var(--spacing-s);
+    flex-direction: column;
+  }
+
+  .body {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+    padding: var(--spacing-xl) 0;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/app/[application]/_layout.svelte b/packages/builder/src/pages/builder/app/[application]/_layout.svelte
index f561bd8ecd..ff728312c1 100644
--- a/packages/builder/src/pages/builder/app/[application]/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_layout.svelte
@@ -10,28 +10,26 @@
     Tabs,
     Tab,
     Heading,
+    Modal,
     notifications,
   } from "@budibase/bbui"
 
-  import RevertModal from "components/deploy/RevertModal.svelte"
-  import VersionModal from "components/deploy/VersionModal.svelte"
-  import DeployNavigation from "components/deploy/DeployNavigation.svelte"
+  import AppActions from "components/deploy/AppActions.svelte"
   import { API } from "api"
   import { isActive, goto, layout, redirect } from "@roxi/routify"
   import { capitalise } from "helpers"
   import { onMount, onDestroy } from "svelte"
+  import CommandPalette from "components/commandPalette/CommandPalette.svelte"
   import TourWrap from "components/portal/onboarding/TourWrap.svelte"
   import TourPopover from "components/portal/onboarding/TourPopover.svelte"
+  import BuilderSidePanel from "./_components/BuilderSidePanel.svelte"
   import { TOUR_KEYS, TOURS } from "components/portal/onboarding/tours.js"
 
   export let application
 
-  // Get Package and set store
   let promise = getPackage()
-  // let betaAccess = false
-
-  // Sync once when you load the app
   let hasSynced = false
+  let commandPaletteModal
 
   $: selected = capitalise(
     $layout.children.find(layout => $isActive(layout.path))?.title ?? "data"
@@ -51,7 +49,6 @@
       $redirect("../../")
     }
   }
-
   // Handles navigation between frontend, backend, automation.
   // This remembers your last place on each of the sections
   // e.g. if one of your screens is selected on front end, then
@@ -68,23 +65,41 @@
     })
   }
 
+  // Event handler for the command palette
+  const handleKeyDown = e => {
+    if (e.key === "k" && (e.ctrlKey || e.metaKey)) {
+      e.preventDefault()
+      commandPaletteModal.toggle()
+    }
+  }
+
   const initTour = async () => {
-    if (
-      !$auth.user?.onboardedAt &&
-      isEnabled(TENANT_FEATURE_FLAGS.ONBOARDING_TOUR)
-    ) {
-      // Determine the correct step
-      const activeNav = $layout.children.find(c => $isActive(c.path))
-      const onboardingTour = TOURS[TOUR_KEYS.TOUR_BUILDER_ONBOARDING]
-      const targetStep = activeNav
-        ? onboardingTour.find(step => step.route === activeNav?.path)
-        : null
-      await store.update(state => ({
-        ...state,
-        onboarding: true,
-        tourKey: TOUR_KEYS.TOUR_BUILDER_ONBOARDING,
-        tourStepKey: targetStep?.id,
-      }))
+    // Check if onboarding is enabled.
+    if (isEnabled(TENANT_FEATURE_FLAGS.ONBOARDING_TOUR)) {
+      if (!$auth.user?.onboardedAt) {
+        // Determine the correct step
+        const activeNav = $layout.children.find(c => $isActive(c.path))
+        const onboardingTour = TOURS[TOUR_KEYS.TOUR_BUILDER_ONBOARDING]
+        const targetStep = activeNav
+          ? onboardingTour.find(step => step.route === activeNav?.path)
+          : null
+        await store.update(state => ({
+          ...state,
+          onboarding: true,
+          tourKey: TOUR_KEYS.TOUR_BUILDER_ONBOARDING,
+          tourStepKey: targetStep?.id,
+        }))
+      } else {
+        // Feature tour date
+        const release_date = new Date("2023-03-01T00:00:00.000Z")
+        const onboarded = new Date($auth.user?.onboardedAt)
+        if (onboarded < release_date) {
+          await store.update(state => ({
+            ...state,
+            tourKey: TOUR_KEYS.FEATURE_ONBOARDING,
+          }))
+        }
+      }
     }
   }
 
@@ -111,88 +126,91 @@
   })
 </script>
 
-{#await promise}
-  <!-- This should probably be some kind of loading state? -->
-  <div class="loading" />
-{:then _}
-  <TourPopover />
-  <div class="root">
-    <div class="top-nav">
-      <div class="topleftnav">
-        <ActionMenu>
-          <div slot="control">
-            <Icon size="M" hoverable name="ShowMenu" />
-          </div>
-          <MenuItem on:click={() => $goto("../../portal/apps")}>
-            Exit to portal
-          </MenuItem>
-          <MenuItem
-            on:click={() => $goto(`../../portal/overview/${application}`)}
-          >
-            Overview
-          </MenuItem>
-          <MenuItem
-            on:click={() =>
-              $goto(`../../portal/overview/${application}/access`)}
-          >
-            Access
-          </MenuItem>
-          <MenuItem
-            on:click={() =>
-              $goto(`../../portal/overview/${application}/automation-history`)}
-          >
-            Automation history
-          </MenuItem>
-          <MenuItem
-            on:click={() =>
-              $goto(`../../portal/overview/${application}/backups`)}
-          >
-            Backups
-          </MenuItem>
+<TourPopover />
 
-          <MenuItem
-            on:click={() =>
-              $goto(`../../portal/overview/${application}/name-and-url`)}
-          >
-            Name and URL
-          </MenuItem>
-          <MenuItem
-            on:click={() =>
-              $goto(`../../portal/overview/${application}/version`)}
-          >
-            Version
-          </MenuItem>
-        </ActionMenu>
-        <Heading size="XS">{$store.name || "App"}</Heading>
-      </div>
-      <div class="topcenternav">
-        <Tabs {selected} size="M">
-          {#each $layout.children as { path, title }}
-            <TourWrap tourStepKey={`builder-${title}-section`}>
-              <Tab
-                quiet
-                selected={$isActive(path)}
-                on:click={topItemNavigate(path)}
-                title={capitalise(title)}
-                id={`builder-${title}-tab`}
-              />
-            </TourWrap>
-          {/each}
-        </Tabs>
-      </div>
-      <div class="toprightnav">
-        <div class="version">
-          <VersionModal />
+{#if $store.builderSidePanel}
+  <BuilderSidePanel />
+{/if}
+
+<div class="root">
+  <div class="top-nav">
+    <div class="topleftnav">
+      <ActionMenu>
+        <div slot="control">
+          <Icon size="M" hoverable name="ShowMenu" />
         </div>
-        <RevertModal />
-        <DeployNavigation {application} />
-      </div>
+        <MenuItem on:click={() => $goto("../../portal/apps")}>
+          Exit to portal
+        </MenuItem>
+        <MenuItem
+          on:click={() => $goto(`../../portal/overview/${application}`)}
+        >
+          Overview
+        </MenuItem>
+        <MenuItem
+          on:click={() => $goto(`../../portal/overview/${application}/access`)}
+        >
+          Access
+        </MenuItem>
+        <MenuItem
+          on:click={() =>
+            $goto(`../../portal/overview/${application}/automation-history`)}
+        >
+          Automation history
+        </MenuItem>
+        <MenuItem
+          on:click={() => $goto(`../../portal/overview/${application}/backups`)}
+        >
+          Backups
+        </MenuItem>
+
+        <MenuItem
+          on:click={() =>
+            $goto(`../../portal/overview/${application}/name-and-url`)}
+        >
+          Name and URL
+        </MenuItem>
+        <MenuItem
+          on:click={() => $goto(`../../portal/overview/${application}/version`)}
+        >
+          Version
+        </MenuItem>
+      </ActionMenu>
+      <Heading size="XS">{$store.name}</Heading>
+    </div>
+    <div class="topcenternav">
+      <Tabs {selected} size="M">
+        {#each $layout.children as { path, title }}
+          <TourWrap tourStepKey={`builder-${title}-section`}>
+            <Tab
+              quiet
+              selected={$isActive(path)}
+              on:click={topItemNavigate(path)}
+              title={capitalise(title)}
+              id={`builder-${title}-tab`}
+            />
+          </TourWrap>
+        {/each}
+      </Tabs>
+    </div>
+    <div class="toprightnav">
+      <AppActions {application} />
     </div>
-    <slot />
   </div>
-{:catch error}
-  <p>Something went wrong: {error.message}</p>
-{/await}
+  {#await promise}
+    <!-- This should probably be some kind of loading state? -->
+    <div class="loading" />
+  {:then _}
+    <slot />
+  {:catch error}
+    <p>Something went wrong: {error.message}</p>
+  {/await}
+</div>
+
+<svelte:window on:keydown={handleKeyDown} />
+<Modal bind:this={commandPaletteModal}>
+  <CommandPalette />
+</Modal>
 
 <style>
   .loading {
@@ -250,10 +268,6 @@
     flex-direction: row;
     justify-content: flex-end;
     align-items: center;
-    gap: var(--spacing-xl);
-  }
-
-  .version {
-    margin-right: var(--spacing-s);
+    gap: var(--spacing-l);
   }
 </style>
diff --git a/packages/builder/src/pages/builder/app/[application]/data/table/[tableId]/index.svelte b/packages/builder/src/pages/builder/app/[application]/data/table/[tableId]/index.svelte
index 8f89643abb..20b1b0ce7d 100644
--- a/packages/builder/src/pages/builder/app/[application]/data/table/[tableId]/index.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/data/table/[tableId]/index.svelte
@@ -34,8 +34,8 @@
   {#if duplicates?.length}
     <div class="alert-wrap">
       <Banner type="warning" showCloseButton={false}>
-        {`Schema Invalid - There are duplicate auto column types defined in this schema. 
-      Please delete the duplicate entries where appropriate: - 
+        {`Schema Invalid - There are duplicate auto column types defined in this schema.
+      Please delete the duplicate entries where appropriate: -
       ${invalidColumnText.join(", ")}`}
       </Banner>
     </div>
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/settings/ComponentSettingsPanel.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/settings/ComponentSettingsPanel.svelte
index 096e47430c..1e889ffe93 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/settings/ComponentSettingsPanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/settings/ComponentSettingsPanel.svelte
@@ -10,6 +10,8 @@
     getBindableProperties,
     getComponentBindableProperties,
   } from "builderStore/dataBinding"
+  import { ActionButton } from "@budibase/bbui"
+  import { capitalise } from "helpers"
 
   $: componentInstance = $selectedComponent
   $: componentDefinition = store.actions.components.getDefinition(
@@ -25,32 +27,69 @@
   )
   $: isScreen = $selectedComponent?._id === $selectedScreen?.props._id
   $: title = isScreen ? "Screen" : $selectedComponent?._instanceName
+
+  let section = "settings"
+  const tabs = ["settings", "styles", "conditions"]
+
+  $: id = $selectedComponent?._id
+  $: id, (section = tabs[0])
 </script>
 
 {#if $selectedComponent}
   {#key $selectedComponent._id}
     <Panel {title} icon={componentDefinition?.icon} borderLeft>
-      {#if componentDefinition?.info}
-        <ComponentInfoSection {componentDefinition} />
+      <span slot="panel-header-content">
+        <div class="settings-tabs">
+          {#each tabs as tab}
+            <ActionButton
+              size="M"
+              quiet
+              selected={section === tab}
+              on:click={() => {
+                section = tab
+              }}
+            >
+              {capitalise(tab)}
+            </ActionButton>
+          {/each}
+        </div>
+      </span>
+      {#if section == "settings"}
+        {#if componentDefinition?.info}
+          <ComponentInfoSection {componentDefinition} />
+        {/if}
+        <ComponentSettingsSection
+          {componentInstance}
+          {componentDefinition}
+          {bindings}
+          {componentBindings}
+          {isScreen}
+        />
+      {/if}
+      {#if section == "styles"}
+        <DesignSection {componentInstance} {componentDefinition} {bindings} />
+        <CustomStylesSection
+          {componentInstance}
+          {componentDefinition}
+          {bindings}
+        />
+      {/if}
+      {#if section == "conditions"}
+        <ConditionalUISection
+          {componentInstance}
+          {componentDefinition}
+          {bindings}
+        />
       {/if}
-      <ComponentSettingsSection
-        {componentInstance}
-        {componentDefinition}
-        {bindings}
-        {componentBindings}
-        {isScreen}
-      />
-      <DesignSection {componentInstance} {componentDefinition} {bindings} />
-      <CustomStylesSection
-        {componentInstance}
-        {componentDefinition}
-        {bindings}
-      />
-      <ConditionalUISection
-        {componentInstance}
-        {componentDefinition}
-        {bindings}
-      />
     </Panel>
   {/key}
 {/if}
+
+<style>
+  .settings-tabs {
+    display: flex;
+    gap: var(--spacing-s);
+    padding: 0 var(--spacing-l);
+    padding-bottom: var(--spacing-l);
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/auth/login.svelte b/packages/builder/src/pages/builder/auth/login.svelte
index 80122c23a5..06e09e4fee 100644
--- a/packages/builder/src/pages/builder/auth/login.svelte
+++ b/packages/builder/src/pages/builder/auth/login.svelte
@@ -79,67 +79,71 @@
           <OIDCButton oidcIcon={$oidc.logo} oidcName={$oidc.name} />
           <GoogleButton />
         </FancyForm>
-        <Divider />
       {/if}
-      <FancyForm bind:this={form}>
-        <FancyInput
-          label="Your work email"
-          value={formData.username}
-          on:change={e => {
-            formData = {
-              ...formData,
-              username: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              username: !formData.username
-                ? "Please enter a valid email"
-                : undefined,
-            }
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.username}
-        />
-        <FancyInput
-          label="Password"
-          value={formData.password}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              password: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              password: !formData.password
-                ? "Please enter your password"
-                : undefined,
-            }
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.password}
-        />
-      </FancyForm>
-    </Layout>
-    <Layout gap="XS" noPadding justifyItems="center">
-      <Button
-        size="L"
-        cta
-        disabled={Object.keys(errors).length > 0}
-        on:click={login}
-      >
-        Log in to {company}
-      </Button>
-    </Layout>
-    <Layout gap="XS" noPadding justifyItems="center">
-      <div class="user-actions">
-        <ActionButton size="L" quiet on:click={() => $goto("./forgot")}>
-          Forgot password?
-        </ActionButton>
-      </div>
+      {#if !$organisation.isSSOEnforced}
+        <Divider />
+        <FancyForm bind:this={form}>
+          <FancyInput
+            label="Your work email"
+            value={formData.username}
+            on:change={e => {
+              formData = {
+                ...formData,
+                username: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                username: !formData.username
+                  ? "Please enter a valid email"
+                  : undefined,
+              }
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.username}
+          />
+          <FancyInput
+            label="Password"
+            value={formData.password}
+            type="password"
+            on:change={e => {
+              formData = {
+                ...formData,
+                password: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                password: !formData.password
+                  ? "Please enter your password"
+                  : undefined,
+              }
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.password}
+          />
+        </FancyForm>
+      {/if}
     </Layout>
+    {#if !$organisation.isSSOEnforced}
+      <Layout gap="XS" noPadding justifyItems="center">
+        <Button
+          size="L"
+          cta
+          disabled={Object.keys(errors).length > 0}
+          on:click={login}
+        >
+          Log in to {company}
+        </Button>
+      </Layout>
+      <Layout gap="XS" noPadding justifyItems="center">
+        <div class="user-actions">
+          <ActionButton size="L" quiet on:click={() => $goto("./forgot")}>
+            Forgot password?
+          </ActionButton>
+        </div>
+      </Layout>
+    {/if}
 
     {#if cloud}
       <Body size="xs" textAlign="center">
diff --git a/packages/builder/src/pages/builder/invite/index.svelte b/packages/builder/src/pages/builder/invite/index.svelte
index 35231117c4..606a1162ce 100644
--- a/packages/builder/src/pages/builder/invite/index.svelte
+++ b/packages/builder/src/pages/builder/invite/index.svelte
@@ -13,6 +13,7 @@
   let formData = {}
   let onboarding = false
   let errors = {}
+  let loaded = false
 
   $: company = $organisation.company || "Budibase"
 
@@ -39,6 +40,11 @@
       if (invite?.email) {
         formData.email = invite?.email
       }
+      if ($organisation.isSSOEnforced) {
+        // auto accept invite and redirect to login
+        await users.acceptInvite(inviteCode)
+        $goto("../auth")
+      }
     } catch (error) {
       notifications.error(error.message)
     }
@@ -61,130 +67,135 @@
     try {
       await organisation.init()
       await getInvite()
+      loaded = true
     } catch (error) {
       notifications.error("Error getting invite config")
     }
   })
 </script>
 
-<TestimonialPage>
-  <Layout gap="M" noPadding>
-    <img alt="logo" src={$organisation.logoUrl || Logo} />
-    <Layout gap="XS" noPadding>
-      <Heading size="M">Join {company}</Heading>
-      <Body size="M">Create your account to access your budibase apps!</Body>
-    </Layout>
+{#if loaded}
+  <TestimonialPage>
+    <Layout gap="M" noPadding>
+      <img alt="logo" src={$organisation.logoUrl || Logo} />
+      <Layout gap="XS" noPadding>
+        <Heading size="M">Join {company}</Heading>
+        <Body size="M">Create your account to access your budibase apps!</Body>
+      </Layout>
 
-    <Layout gap="S" noPadding>
-      <FancyForm bind:this={form}>
-        <FancyInput
-          label="Email"
-          value={formData.email}
-          disabled={true}
-          error={errors.email}
-        />
-        <FancyInput
-          label="First name"
-          value={formData.firstName}
-          on:change={e => {
-            formData = {
-              ...formData,
-              firstName: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              firstName: !formData.firstName
-                ? "Please enter your first name"
-                : undefined,
-            }
-
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.firstName}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Last name (optional)"
-          value={formData.lastName}
-          on:change={e => {
-            formData = {
-              ...formData,
-              lastName: e.detail,
-            }
-          }}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Password"
-          value={formData.password}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              password: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {}
-
-            fieldError["password"] = !formData.password
-              ? "Please enter a password"
-              : undefined
-
-            fieldError["confirmationPassword"] =
-              !passwordsMatch(
-                formData.password,
-                formData.confirmationPassword
-              ) && formData.confirmationPassword
-                ? "Passwords must match"
-                : undefined
-
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.password}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Repeat password"
-          value={formData.confirmationPassword}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              confirmationPassword: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              confirmationPassword:
-                !passwordsMatch(
-                  formData.password,
-                  formData.confirmationPassword
-                ) && formData.password
-                  ? "Passwords must match"
+      <Layout gap="S" noPadding>
+        <FancyForm bind:this={form}>
+          <FancyInput
+            label="Email"
+            value={formData.email}
+            disabled={true}
+            error={errors.email}
+          />
+          <FancyInput
+            label="First name"
+            value={formData.firstName}
+            on:change={e => {
+              formData = {
+                ...formData,
+                firstName: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                firstName: !formData.firstName
+                  ? "Please enter your first name"
                   : undefined,
-            }
+              }
 
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.confirmationPassword}
-          disabled={onboarding}
-        />
-      </FancyForm>
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.firstName}
+            disabled={onboarding}
+          />
+          <FancyInput
+            label="Last name (optional)"
+            value={formData.lastName}
+            on:change={e => {
+              formData = {
+                ...formData,
+                lastName: e.detail,
+              }
+            }}
+            disabled={onboarding}
+          />
+          {#if !$organisation.isSSOEnforced}
+            <FancyInput
+              label="Password"
+              value={formData.password}
+              type="password"
+              on:change={e => {
+                formData = {
+                  ...formData,
+                  password: e.detail,
+                }
+              }}
+              validate={() => {
+                let fieldError = {}
+
+                fieldError["password"] = !formData.password
+                  ? "Please enter a password"
+                  : undefined
+
+                fieldError["confirmationPassword"] =
+                  !passwordsMatch(
+                    formData.password,
+                    formData.confirmationPassword
+                  ) && formData.confirmationPassword
+                    ? "Passwords must match"
+                    : undefined
+
+                errors = handleError({ ...errors, ...fieldError })
+              }}
+              error={errors.password}
+              disabled={onboarding}
+            />
+            <FancyInput
+              label="Repeat password"
+              value={formData.confirmationPassword}
+              type="password"
+              on:change={e => {
+                formData = {
+                  ...formData,
+                  confirmationPassword: e.detail,
+                }
+              }}
+              validate={() => {
+                let fieldError = {
+                  confirmationPassword:
+                    !passwordsMatch(
+                      formData.password,
+                      formData.confirmationPassword
+                    ) && formData.password
+                      ? "Passwords must match"
+                      : undefined,
+                }
+
+                errors = handleError({ ...errors, ...fieldError })
+              }}
+              error={errors.confirmationPassword}
+              disabled={onboarding}
+            />
+          {/if}
+        </FancyForm>
+      </Layout>
+      <div>
+        <Button
+          size="L"
+          disabled={Object.keys(errors).length > 0 || onboarding}
+          cta
+          on:click={acceptInvite}
+        >
+          Create account
+        </Button>
+      </div>
     </Layout>
-    <div>
-      <Button
-        size="L"
-        disabled={Object.keys(errors).length > 0 || onboarding}
-        cta
-        on:click={acceptInvite}
-      >
-        Create account
-      </Button>
-    </div>
-  </Layout>
-</TestimonialPage>
+  </TestimonialPage>
+{/if}
 
 <style>
   img {
diff --git a/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte b/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte
new file mode 100644
index 0000000000..e6f4075e2e
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte
@@ -0,0 +1,76 @@
+<script>
+  import {
+    Layout,
+    Heading,
+    Body,
+    Button,
+    Divider,
+    Tags,
+    Tag,
+  } from "@budibase/bbui"
+  import { auth, admin } from "stores/portal"
+
+  export let title
+  export let planType
+  export let description
+  export let enabled
+  export let upgradeButtonClick
+</script>
+
+<Layout noPadding>
+  <Layout gap="XS" noPadding>
+    <div class="title">
+      <Heading size="M">{title}</Heading>
+      {#if !enabled}
+        <Tags>
+          <Tag icon="LockClosed">{planType}</Tag>
+        </Tags>
+      {/if}
+    </div>
+    <Body>{description}</Body>
+  </Layout>
+  <Divider size="S" />
+
+  {#if enabled}
+    <slot />
+  {:else}
+    <div class="buttons">
+      <Button
+        primary
+        disabled={!$auth.accountPortalAccess && $admin.cloud}
+        on:click={async () => upgradeButtonClick()}
+      >
+        Upgrade
+      </Button>
+      <!--Show the view plans button-->
+      <Button
+        secondary
+        on:click={() => {
+          window.open("https://budibase.com/pricing/", "_blank")
+        }}
+      >
+        View Plans
+      </Button>
+    </div>
+  {/if}
+</Layout>
+
+<style>
+  .buttons {
+    display: flex;
+    gap: var(--spacing-l);
+  }
+  .title {
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    justify-content: flex-start;
+    gap: var(--spacing-m);
+  }
+
+  .buttons {
+    display: flex;
+    flex-direction: row;
+    gap: var(--spacing-m);
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte b/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
index d8481efc41..b67693a552 100644
--- a/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
+++ b/packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
@@ -1,11 +1,11 @@
 <script>
   import { Button } from "@budibase/bbui"
   import { goto } from "@roxi/routify"
-  import { auth, admin } from "stores/portal"
+  import { auth, admin, licensing } from "stores/portal"
   import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
 </script>
 
-{#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING)}
+{#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan}
   {#if $admin.cloud && $auth?.user?.accountPortalAccess}
     <Button
       cta
diff --git a/packages/builder/src/pages/builder/portal/account/_layout.svelte b/packages/builder/src/pages/builder/portal/account/_layout.svelte
index 3083b574a8..892e853aad 100644
--- a/packages/builder/src/pages/builder/portal/account/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/account/_layout.svelte
@@ -4,12 +4,13 @@
   import { Content, SideNav, SideNavItem } from "components/portal/page"
   import { menu } from "stores/portal"
 
+  $: wide = $isActive("./auditLogs")
   $: pages = $menu.find(x => x.title === "Account")?.subPages || []
   $: !pages.length && $goto("../")
 </script>
 
 <Page>
-  <Content narrow>
+  <Content narrow={!wide}>
     <div slot="side-nav">
       <SideNav>
         {#each pages as { title, href }}
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte
new file mode 100644
index 0000000000..08260ecc5c
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte
@@ -0,0 +1,5 @@
+<script>
+  export let value
+</script>
+
+<div>{value?.name || ""}</div>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte
new file mode 100644
index 0000000000..b6c0262b47
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte
@@ -0,0 +1,11 @@
+<script>
+  import dayjs from "dayjs"
+  import relativeTime from "dayjs/plugin/relativeTime"
+  dayjs.extend(relativeTime)
+
+  export let row
+</script>
+
+<div>
+  {dayjs(row.timestamp).fromNow()}
+</div>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte
new file mode 100644
index 0000000000..e36648447b
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte
@@ -0,0 +1,47 @@
+<script>
+  import { Avatar, Tooltip } from "@budibase/bbui"
+  export let row
+
+  let showTooltip
+  const getInitials = user => {
+    let initials = ""
+    initials += user.firstName ? user.firstName[0] : ""
+    initials += user.lastName ? user.lastName[0] : ""
+
+    return initials === "" ? user.email[0] : initials
+  }
+</script>
+
+{#if row?.user?.email}
+  <div
+    class="container"
+    on:mouseover={() => (showTooltip = true)}
+    on:focus={() => (showTooltip = true)}
+    on:mouseleave={() => (showTooltip = false)}
+  >
+    <Avatar size="M" initials={getInitials(row.user)} />
+  </div>
+  {#if showTooltip}
+    <div class="tooltip">
+      <Tooltip textWrapping text={row.user.email} direction="bottom" />
+    </div>
+  {/if}
+{/if}
+
+<style>
+  .container {
+    position: relative;
+  }
+  .tooltip {
+    z-index: 1;
+    position: absolute;
+    top: 75%;
+    left: 120%;
+    transform: translateX(-100%) translateY(-50%);
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    width: 130px;
+    pointer-events: none;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte
new file mode 100644
index 0000000000..b62ee48cb8
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte
@@ -0,0 +1,13 @@
+<script>
+  import { ActionButton } from "@budibase/bbui"
+  import { getContext } from "svelte"
+
+  export let row
+  const auditLogs = getContext("auditLogs")
+  const onClick = e => {
+    e.stopPropagation()
+    auditLogs.viewDetails(row)
+  }
+</script>
+
+<ActionButton size="S" on:click={onClick}>Details</ActionButton>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte
new file mode 100644
index 0000000000..7b35cfa6b7
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte
@@ -0,0 +1,502 @@
+<!-- If working on this file, you may notice that if you click the download button in the UI
+     hot reload will stop working due to the use of window.location. You'll need to reload the pag
+     to get it working again.
+-->
+<script>
+  import {
+    Layout,
+    Table,
+    Search,
+    Multiselect,
+    notifications,
+    Icon,
+    clickOutside,
+    CoreTextArea,
+    DatePicker,
+    Pagination,
+    Helpers,
+    Divider,
+    ActionButton,
+  } from "@budibase/bbui"
+  import { licensing, users, apps, auditLogs } from "stores/portal"
+  import LockedFeature from "../../_components/LockedFeature.svelte"
+  import { createPaginationStore } from "helpers/pagination"
+  import { onMount, setContext } from "svelte"
+  import ViewDetailsRenderer from "./_components/ViewDetailsRenderer.svelte"
+  import UserRenderer from "./_components/UserRenderer.svelte"
+  import TimeRenderer from "./_components/TimeRenderer.svelte"
+  import AppColumnRenderer from "./_components/AppColumnRenderer.svelte"
+  import { cloneDeep } from "lodash"
+
+  const schema = {
+    date: { width: "0.8fr" },
+    user: { width: "0.5fr" },
+    name: { width: "2fr", displayName: "Event" },
+    app: { width: "1.5fr" },
+    view: { width: "0.1fr", borderLeft: true, displayName: "" },
+  }
+
+  const customRenderers = [
+    {
+      column: "view",
+      component: ViewDetailsRenderer,
+    },
+    {
+      column: "user",
+      component: UserRenderer,
+    },
+    {
+      column: "date",
+      component: TimeRenderer,
+    },
+    {
+      column: "app",
+      component: AppColumnRenderer,
+    },
+  ]
+
+  let userSearchTerm = ""
+  let logSearchTerm = ""
+  let userPageInfo = createPaginationStore()
+  let logsPageInfo = createPaginationStore()
+
+  let prevUserSearch = undefined
+  let prevLogSearch = undefined
+  let selectedUsers = []
+  let selectedApps = []
+  let selectedEvents = []
+  let selectedLog
+  let sidePanelVisible = false
+  let wideSidePanel = false
+  let timer
+  let startDate = new Date()
+  startDate.setDate(startDate.getDate() - 30)
+  let endDate = new Date()
+
+  $: fetchUsers(userPage, userSearchTerm)
+  $: fetchLogs({
+    logsPage,
+    logSearchTerm,
+    startDate,
+    endDate,
+    selectedUsers,
+    selectedApps,
+    selectedEvents,
+  })
+  $: userPage = $userPageInfo.page
+  $: logsPage = $logsPageInfo.page
+
+  $: sortedUsers = sort(
+    enrich($users.data || [], selectedUsers, "_id"),
+    "email"
+  )
+  $: sortedEvents = sort(
+    enrich(parseEventObject($auditLogs.events), selectedEvents, "id"),
+    "id"
+  )
+  $: sortedApps = sort(enrich($apps, selectedApps, "appId"), "name")
+
+  const debounce = value => {
+    clearTimeout(timer)
+    timer = setTimeout(() => {
+      logSearchTerm = value
+    }, 400)
+  }
+
+  const fetchUsers = async (userPage, search) => {
+    if ($userPageInfo.loading) {
+      return
+    }
+    // need to remove the page if they've started searching
+    if (search && !prevUserSearch) {
+      userPageInfo.reset()
+      userPage = undefined
+    }
+    prevUserSearch = search
+    try {
+      userPageInfo.loading()
+      await users.search({ userPage, email: search })
+      userPageInfo.fetched($users.hasNextPage, $users.nextPage)
+    } catch (error) {
+      notifications.error("Error getting user list")
+    }
+  }
+
+  const fetchLogs = async ({
+    logsPage,
+    logSearchTerm,
+    startDate,
+    endDate,
+    selectedUsers,
+    selectedApps,
+    selectedEvents,
+  }) => {
+    if ($logsPageInfo.loading) {
+      return
+    }
+    // need to remove the page if they've started searching
+    if (logSearchTerm && !prevLogSearch) {
+      logsPageInfo.reset()
+      logsPage = undefined
+    }
+    prevLogSearch = logSearchTerm
+    try {
+      logsPageInfo.loading()
+      await auditLogs.search({
+        bookmark: logsPage,
+        startDate,
+        endDate,
+        fullSearch: logSearchTerm,
+        userIds: selectedUsers,
+        appIds: selectedApps,
+        events: selectedEvents,
+      })
+      logsPageInfo.fetched(
+        $auditLogs.logs.hasNextPage,
+        $auditLogs.logs.bookmark
+      )
+    } catch (error) {
+      notifications.error(`Error getting audit logs - ${error}`)
+    }
+  }
+
+  const enrich = (list, selected, key) => {
+    return list.map(item => {
+      return {
+        ...item,
+        selected:
+          selected.find(x => x === item[key] || x.includes(item[key])) != null,
+      }
+    })
+  }
+
+  const sort = (list, key) => {
+    let sortedList = list.slice()
+    sortedList?.sort((a, b) => {
+      if (a.selected === b.selected) {
+        return a[key] < b[key] ? -1 : 1
+      } else if (a.selected) {
+        return -1
+      } else if (b.selected) {
+        return 1
+      }
+      return 0
+    })
+    return sortedList
+  }
+
+  const parseEventObject = obj => {
+    // convert obj which is an object of key value pairs to an array of objects
+    // with the key as the id and the value as the name
+    if (obj) {
+      return Object.entries(obj).map(([id, label]) => {
+        return { id, label }
+      })
+    }
+  }
+
+  const viewDetails = detail => {
+    selectedLog = detail
+    sidePanelVisible = true
+  }
+
+  const downloadLogs = async () => {
+    try {
+      window.location = auditLogs.getDownloadUrl({
+        startDate,
+        endDate,
+        fullSearch: logSearchTerm,
+        userIds: selectedUsers,
+        appIds: selectedApps,
+        events: selectedEvents,
+      })
+    } catch (error) {
+      notifications.error(`Error downloading logs: ` + error.message)
+    }
+  }
+
+  setContext("auditLogs", {
+    viewDetails,
+  })
+
+  const copyToClipboard = async value => {
+    await Helpers.copyToClipboard(value)
+    notifications.success("Copied")
+  }
+
+  function cleanupMetadata(log) {
+    const cloned = cloneDeep(log)
+    cloned.userId = cloned.user._id
+    if (cloned.app) {
+      cloned.appId = cloned.app.appId
+    }
+    // remove props that are confused/not returned in download
+    delete cloned._id
+    delete cloned._rev
+    delete cloned.app
+    delete cloned.user
+    return cloned
+  }
+
+  onMount(async () => {
+    await auditLogs.getEventDefinitions()
+    await licensing.init()
+  })
+</script>
+
+<LockedFeature
+  title={"Audit Logs"}
+  planType={"Business plan"}
+  description={"View all events that have occurred in your Budibase installation"}
+  enabled={$licensing.auditLogsEnabled}
+  upgradeButtonClick={async () => {
+    $licensing.goToUpgradePage()
+  }}
+>
+  <div class="controls">
+    <div class="select">
+      <Multiselect
+        bind:fetchTerm={userSearchTerm}
+        useFetch
+        placeholder="All users"
+        label="Users"
+        autocomplete
+        bind:value={selectedUsers}
+        getOptionValue={user => user._id}
+        getOptionLabel={user => user.email}
+        options={sortedUsers}
+      />
+    </div>
+    <div class="select">
+      <Multiselect
+        autocomplete
+        placeholder="All apps"
+        label="Apps"
+        getOptionValue={app => app.instance._id}
+        getOptionLabel={app => app.name}
+        options={sortedApps}
+        bind:value={selectedApps}
+      />
+    </div>
+    <div class="select">
+      <Multiselect
+        customPopoverHeight="500px"
+        autocomplete
+        getOptionValue={event => event.id}
+        getOptionLabel={event => event.label}
+        options={sortedEvents}
+        placeholder="All events"
+        label="Events"
+        bind:value={selectedEvents}
+      />
+    </div>
+
+    <div class="date-picker">
+      <DatePicker
+        value={[startDate, endDate]}
+        placeholder="Choose date range"
+        range={true}
+        on:change={e => {
+          if (e.detail[0]?.length === 1) {
+            startDate = e.detail[0][0].toISOString()
+            endDate = ""
+          } else if (e.detail[0]?.length > 1) {
+            startDate = e.detail[0][0].toISOString()
+            endDate = e.detail[0][1].toISOString()
+          } else {
+            startDate = ""
+            endDate = ""
+          }
+        }}
+      />
+    </div>
+    <div class="freeSearch">
+      <Search placeholder="Search" on:change={e => debounce(e.detail)} />
+    </div>
+
+    <div class="">
+      <ActionButton size="M" icon="Download" on:click={() => downloadLogs()} />
+    </div>
+  </div>
+  <Layout noPadding>
+    <Table
+      on:click={({ detail }) => viewDetails(detail)}
+      {customRenderers}
+      data={$auditLogs.logs.data}
+      allowEditColumns={false}
+      allowEditRows={false}
+      allowSelectRows={false}
+      {schema}
+    />
+    <div class="pagination">
+      <Pagination
+        page={$logsPageInfo.pageNumber}
+        hasPrevPage={$logsPageInfo.loading ? false : $logsPageInfo.hasPrevPage}
+        hasNextPage={$logsPageInfo.loading ? false : $logsPageInfo.hasNextPage}
+        goToPrevPage={logsPageInfo.prevPage}
+        goToNextPage={logsPageInfo.nextPage}
+      />
+    </div>
+  </Layout>
+</LockedFeature>
+
+{#if selectedLog}
+  <div
+    id="side-panel"
+    class:wide={wideSidePanel}
+    class:visible={sidePanelVisible}
+    use:clickOutside={() => {
+      sidePanelVisible = false
+    }}
+  >
+    <div class="side-panel-header">
+      Audit Log
+      <div class="side-panel-icons">
+        <Icon
+          size="S"
+          hoverable
+          name={wideSidePanel ? "Minimize" : "Maximize"}
+          on:click={() => {
+            wideSidePanel = !wideSidePanel
+          }}
+        />
+        <Icon
+          hoverable
+          name="Close"
+          on:click={() => {
+            sidePanelVisible = false
+          }}
+        />
+      </div>
+    </div>
+    <Divider />
+
+    <div class="side-panel-body">
+      <div
+        on:click={() => copyToClipboard(JSON.stringify(selectedLog.metadata))}
+        class="copy-icon"
+      >
+        <Icon name="Copy" size="S" />
+      </div>
+      <CoreTextArea
+        disabled
+        minHeight={"300px"}
+        height={"100%"}
+        value={JSON.stringify(cleanupMetadata(selectedLog), null, 2)}
+      />
+    </div>
+  </div>
+{/if}
+
+<style>
+  .copy-icon {
+    right: 16px;
+    top: 80px;
+    z-index: 10;
+    justify-content: center;
+    align-items: center;
+    display: flex;
+    flex-direction: row;
+    box-sizing: border-box;
+
+    border: 1px solid var(--spectrum-alias-border-color);
+    border-radius: var(--spectrum-alias-border-radius-regular);
+    width: 31px;
+    color: var(--spectrum-alias-text-color);
+    background-color: var(--spectrum-global-color-gray-75);
+    transition: background-color
+        var(--spectrum-global-animation-duration-100, 130ms),
+      box-shadow var(--spectrum-global-animation-duration-100, 130ms),
+      border-color var(--spectrum-global-animation-duration-100, 130ms);
+    height: calc(var(--spectrum-alias-item-height-m) - 2px);
+    position: absolute;
+  }
+  .copy-icon:hover {
+    cursor: pointer;
+    color: var(--spectrum-alias-text-color-hover);
+    background-color: var(--spectrum-global-color-gray-50);
+    border-color: var(--spectrum-alias-border-color-hover);
+  }
+  .side-panel-header {
+    display: flex;
+    padding: 20px 10px 10px 10px;
+    gap: var(--spacing-s);
+    justify-content: space-between;
+    align-items: center;
+  }
+
+  .pagination {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    margin-top: var(--spacing-xl);
+  }
+
+  .side-panel-body {
+    padding: 10px;
+    height: calc(100% - 67px);
+  }
+  #side-panel {
+    position: absolute;
+    right: 0;
+    top: 0;
+    padding-bottom: 24px;
+    background: var(--background);
+    border-left: var(--border-light);
+    width: 320px;
+    max-width: calc(100vw - 48px - 48px);
+    transform: translateX(100%);
+    transition: transform 130ms ease-in-out;
+    height: calc(100% - 24px);
+    overflow-y: hidden;
+    overflow-x: hidden;
+    z-index: 2;
+  }
+  #side-panel.visible {
+    transform: translateX(0);
+  }
+
+  #side-panel.wide {
+    width: 500px;
+  }
+
+  #side-panel :global(textarea) {
+    min-height: 100% !important;
+    background-color: var(
+      --spectrum-textfield-m-background-color,
+      var(--spectrum-global-color-gray-50)
+    );
+    padding-top: var(--spacing-l);
+    padding-left: var(--spacing-l);
+    font-size: 13px;
+  }
+
+  .controls {
+    display: flex;
+    flex-direction: row;
+    gap: var(--spacing-l);
+    flex-wrap: wrap;
+    align-items: center;
+  }
+
+  .side-panel-icons {
+    display: flex;
+    gap: var(--spacing-l);
+  }
+
+  .select {
+    flex-basis: calc(33.33% - 10px);
+    width: 0;
+    min-width: 100px;
+  }
+
+  .date-picker {
+    flex-basis: calc(70% - 32px);
+    min-width: 100px;
+  }
+
+  .freeSearch {
+    flex-basis: 25%;
+    min-width: 100px;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
index f2592ec805..4ff9ea386a 100644
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
+++ b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
@@ -185,7 +185,7 @@
   <Divider />
 
   {#if !$licensing.backupsEnabled}
-    {#if !$auth.accountPortalAccess && !$licensing.groupsEnabled && $admin.cloud}
+    {#if !$auth.accountPortalAccess && $admin.cloud}
       <Body>Contact your account holder to upgrade your plan.</Body>
     {/if}
     <div class="pro-buttons">
diff --git a/packages/builder/src/pages/builder/portal/settings/auth/index.svelte b/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
index 608ca271c0..0e82dd31e7 100644
--- a/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
@@ -22,10 +22,11 @@
     Tags,
     Icon,
     Helpers,
+    Link,
   } from "@budibase/bbui"
   import { onMount } from "svelte"
   import { API } from "api"
-  import { organisation, admin } from "stores/portal"
+  import { organisation, admin, licensing } from "stores/portal"
 
   const ConfigTypes = {
     Google: "google",
@@ -34,6 +35,8 @@
 
   const HasSpacesRegex = /[\\"\s]/
 
+  $: enforcedSSO = $organisation.isSSOEnforced
+
   // Some older google configs contain a manually specified value - retain the functionality to edit the field
   // When there is no value or we are in the cloud - prohibit editing the field, must use platform url to change
   $: googleCallbackUrl = undefined
@@ -128,24 +131,25 @@
     isEqual(providers.google?.config, originalGoogleDoc?.config)
       ? (googleSaveButtonDisabled = true)
       : (googleSaveButtonDisabled = false)
+
+    // delete the callback url which is never saved to the oidc
+    // config doc, to ensure an accurate comparison
+    delete providers.oidc?.config.configs[0].callbackURL
+
     isEqual(providers.oidc?.config, originalOidcDoc?.config)
       ? (oidcSaveButtonDisabled = true)
       : (oidcSaveButtonDisabled = false)
   }
 
-  // Create a flag so that it will only try to save completed forms
-  $: partialGoogle =
-    providers.google?.config?.clientID || providers.google?.config?.clientSecret
-  $: partialOidc =
-    providers.oidc?.config?.configs[0].configUrl ||
-    providers.oidc?.config?.configs[0].clientID ||
-    providers.oidc?.config?.configs[0].clientSecret
-  $: googleComplete =
+  $: googleComplete = !!(
     providers.google?.config?.clientID && providers.google?.config?.clientSecret
-  $: oidcComplete =
+  )
+
+  $: oidcComplete = !!(
     providers.oidc?.config?.configs[0].configUrl &&
     providers.oidc?.config?.configs[0].clientID &&
     providers.oidc?.config?.configs[0].clientSecret
+  )
 
   const onFileSelected = e => {
     let fileName = e.target.files[0].name
@@ -154,71 +158,90 @@
     iconDropdownOptions.unshift({ label: fileName, value: fileName })
   }
 
-  async function save(docs) {
-    let calls = []
-    // Only if the user has provided an image, upload it
+  async function toggleIsSSOEnforced() {
+    const value = $organisation.isSSOEnforced
+    try {
+      await organisation.save({ isSSOEnforced: !value })
+    } catch (e) {
+      notifications.error(e.message)
+    }
+  }
+
+  async function saveConfig(config) {
+    // Delete unsupported fields
+    delete config.createdAt
+    delete config.updatedAt
+    return API.saveConfig(config)
+  }
+
+  async function saveOIDCLogo() {
     if (image) {
       let data = new FormData()
       data.append("file", image)
-      calls.push(
-        API.uploadOIDCLogo({
-          name: image.name,
-          data,
-        })
+      await API.uploadOIDCLogo({
+        name: image.name,
+        data,
+      })
+    }
+  }
+
+  async function saveOIDC() {
+    if (!oidcComplete) {
+      notifications.error(
+        `Please fill in all required ${ConfigTypes.OIDC} fields`
       )
+      return
     }
-    docs.forEach(element => {
-      // Delete unsupported fields
-      delete element.createdAt
-      delete element.updatedAt
 
-      const { activated } = element.config
+    const oidc = providers.oidc
 
-      if (element.type === ConfigTypes.OIDC) {
-        // Add a UUID here so each config is distinguishable when it arrives at the login page
-        for (let config of element.config.configs) {
-          if (!config.uuid) {
-            config.uuid = Helpers.uuid()
-          }
-          // Callback urls shouldn't be included
-          delete config.callbackURL
-        }
-        if ((partialOidc || activated) && !oidcComplete) {
-          notifications.error(
-            `Please fill in all required ${ConfigTypes.OIDC} fields`
-          )
-        } else if (oidcComplete || !activated) {
-          calls.push(API.saveConfig(element))
-          // Turn the save button grey when clicked
-          oidcSaveButtonDisabled = true
-          originalOidcDoc = cloneDeep(providers.oidc)
-        }
+    // Add a UUID here so each config is distinguishable when it arrives at the login page
+    for (let config of oidc.config.configs) {
+      if (!config.uuid) {
+        config.uuid = Helpers.uuid()
       }
-      if (element.type === ConfigTypes.Google) {
-        if ((partialGoogle || activated) && !googleComplete) {
-          notifications.error(
-            `Please fill in all required ${ConfigTypes.Google} fields`
-          )
-        } else if (googleComplete || !activated) {
-          calls.push(API.saveConfig(element))
-          googleSaveButtonDisabled = true
-          originalGoogleDoc = cloneDeep(providers.google)
-        }
-      }
-    })
-    if (calls.length) {
-      Promise.all(calls)
-        .then(data => {
-          data.forEach(res => {
-            providers[res.type]._rev = res._rev
-            providers[res.type]._id = res._id
-          })
-          notifications.success(`Settings saved`)
-        })
-        .catch(() => {
-          notifications.error("Failed to update auth settings")
-        })
+      // Callback urls shouldn't be included
+      delete config.callbackURL
     }
+
+    try {
+      const res = await saveConfig(oidc)
+      providers[res.type]._rev = res._rev
+      providers[res.type]._id = res._id
+      await saveOIDCLogo()
+      notifications.success(`Settings saved`)
+    } catch (e) {
+      notifications.error(e.message)
+      return
+    }
+
+    // Turn the save button grey when clicked
+    oidcSaveButtonDisabled = true
+    originalOidcDoc = cloneDeep(providers.oidc)
+  }
+
+  async function saveGoogle() {
+    if (!googleComplete) {
+      notifications.error(
+        `Please fill in all required ${ConfigTypes.Google} fields`
+      )
+      return
+    }
+
+    const google = providers.google
+
+    try {
+      const res = await saveConfig(google)
+      providers[res.type]._rev = res._rev
+      providers[res.type]._id = res._id
+      notifications.success(`Settings saved`)
+    } catch (e) {
+      notifications.error(e.message)
+      return
+    }
+
+    googleSaveButtonDisabled = true
+    originalGoogleDoc = cloneDeep(providers.google)
   }
 
   let defaultScopes = ["profile", "email", "offline_access"]
@@ -258,7 +281,7 @@
     if (!googleDoc?._id) {
       providers.google = {
         type: ConfigTypes.Google,
-        config: { activated: true },
+        config: { activated: false },
       }
       originalGoogleDoc = cloneDeep(googleDoc)
     } else {
@@ -282,14 +305,17 @@
     }
     if (oidcLogos?.config) {
       const logoKeys = Object.keys(oidcLogos.config)
-      logoKeys.map(logoKey => {
-        const logoUrl = oidcLogos.config[logoKey]
-        iconDropdownOptions.unshift({
-          label: logoKey,
-          value: logoKey,
-          icon: logoUrl,
+      logoKeys
+        // don't include the etag entry in the logo config
+        .filter(key => !key.toLowerCase().includes("etag"))
+        .map(logoKey => {
+          const logoUrl = oidcLogos.config[logoKey]
+          iconDropdownOptions.unshift({
+            label: logoKey,
+            value: logoKey,
+            icon: logoUrl,
+          })
         })
-      })
     }
 
     // Fetch OIDC config
@@ -302,7 +328,7 @@
     if (!oidcDoc?._id) {
       providers.oidc = {
         type: ConfigTypes.OIDC,
-        config: { configs: [{ activated: true, scopes: defaultScopes }] },
+        config: { configs: [{ activated: false, scopes: defaultScopes }] },
       }
     } else {
       originalOidcDoc = cloneDeep(oidcDoc)
@@ -316,6 +342,49 @@
     <Heading size="M">Authentication</Heading>
     <Body>Add additional authentication methods from the options below</Body>
   </Layout>
+  <Divider />
+  <Layout noPadding gap="XS">
+    <Heading size="S">Single Sign-On URL</Heading>
+    <Body size="S">
+      Use the following link to access your configured identity provider.
+    </Body>
+    <Body size="S">
+      <div class="sso-link">
+        <Link href={$organisation.platformUrl} target="_blank"
+          >{$organisation.platformUrl}</Link
+        >
+        <div class="sso-link-icon">
+          <Icon size="XS" name="LinkOutLight" />
+        </div>
+      </div>
+    </Body>
+  </Layout>
+  <Divider />
+  <Layout noPadding gap="XS">
+    <div class="provider-title">
+      <div class="enforce-sso-heading-container">
+        <div class="enforce-sso-title">
+          <Heading size="S">Enforce Single Sign-On</Heading>
+        </div>
+        {#if !$licensing.enforceableSSO}
+          <Tags>
+            <Tag icon="LockClosed">Enterprise plan</Tag>
+          </Tags>
+        {/if}
+      </div>
+      {#if $licensing.enforceableSSO}
+        <Toggle on:change={toggleIsSSOEnforced} bind:value={enforcedSSO} />
+      {/if}
+    </div>
+    <Body size="S">
+      Require SSO authentication for all users. It is recommended to read the
+      help <Link
+        size="M"
+        href={"https://docs.budibase.com/docs/authentication-and-sso"}
+        >documentation</Link
+      > before enabling this feature.
+    </Body>
+  </Layout>
   {#if providers.google}
     <Divider />
     <Layout gap="XS" noPadding>
@@ -362,7 +431,7 @@
       <Button
         disabled={googleSaveButtonDisabled}
         cta
-        on:click={() => save([providers.google])}
+        on:click={() => saveGoogle()}
       >
         Save
       </Button>
@@ -418,6 +487,7 @@
         <Select
           label=""
           bind:value={providers.oidc.config.configs[0].logo}
+          useOptionIconImage
           options={iconDropdownOptions}
           on:change={e => e.detail === "Upload" && fileinput.click()}
         />
@@ -524,11 +594,7 @@
       </div>
     </Layout>
     <div>
-      <Button
-        disabled={oidcSaveButtonDisabled}
-        cta
-        on:click={() => save([providers.oidc])}
-      >
+      <Button disabled={oidcSaveButtonDisabled} cta on:click={() => saveOIDC()}>
         Save
       </Button>
     </div>
@@ -546,7 +612,24 @@
   input[type="file"] {
     display: none;
   }
-
+  .sso-link-icon {
+    padding-top: 4px;
+    margin-left: 3px;
+  }
+  .sso-link {
+    margin-top: 12px;
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+  .enforce-sso-title {
+    margin-right: 10px;
+  }
+  .enforce-sso-heading-container {
+    display: flex;
+    flex-direction: row;
+    align-items: start;
+  }
   .provider-title {
     display: flex;
     flex-direction: row;
diff --git a/packages/builder/src/pages/builder/portal/settings/environment/index.svelte b/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
index 3c170235e9..cff578febd 100644
--- a/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
@@ -1,21 +1,17 @@
 <script>
   import {
     Layout,
-    Heading,
-    Body,
     Button,
-    Divider,
     Modal,
     Table,
-    Tags,
-    Tag,
     InlineAlert,
     notifications,
   } from "@budibase/bbui"
-  import { environment, licensing, auth, admin } from "stores/portal"
+  import { environment, licensing } from "stores/portal"
   import { onMount } from "svelte"
   import CreateEditVariableModal from "components/portal/environment/CreateEditVariableModal.svelte"
   import EditVariableColumn from "./_components/EditVariableColumn.svelte"
+  import LockedFeature from "../../_components/LockedFeature.svelte"
 
   let modal
 
@@ -61,91 +57,43 @@
   }
 </script>
 
-<Layout noPadding>
-  <Layout gap="XS" noPadding>
-    <div class="title">
-      <Heading size="M">Environment Variables</Heading>
-      {#if !$licensing.environmentVariablesEnabled}
-        <Tags>
-          <Tag icon="LockClosed">Business plan</Tag>
-        </Tags>
-      {/if}
-    </div>
-    <Body
-      >Add and manage environment variables for development and production</Body
-    >
-  </Layout>
-  <Divider size="S" />
-
-  {#if $licensing.environmentVariablesEnabled}
-    {#if noEncryptionKey}
-      <InlineAlert
-        message="Your Budibase installation does not have a key for encryption, please update your app service's environment variables to contain an 'ENCRYPTION_KEY' value."
-        header="No encryption key found"
-        type="error"
-      />
-    {/if}
-    <div>
-      <Button on:click={modal.show} cta disabled={noEncryptionKey}
-        >Add Variable</Button
-      >
-    </div>
-
-    <Layout noPadding>
-      <Table
-        {schema}
-        data={$environment.variables}
-        allowEditColumns={false}
-        allowEditRows={false}
-        allowSelectRows={false}
-        {customRenderers}
-      />
-    </Layout>
-  {:else}
-    <div class="buttons">
-      <Button
-        primary
-        disabled={!$auth.accountPortalAccess && $admin.cloud}
-        on:click={async () => {
-          await environment.upgradePanelOpened()
-          $licensing.goToUpgradePage()
-        }}
-      >
-        Upgrade
-      </Button>
-      <!--Show the view plans button-->
-      <Button
-        secondary
-        on:click={() => {
-          window.open("https://budibase.com/pricing/", "_blank")
-        }}
-      >
-        View Plans
-      </Button>
-    </div>
+<LockedFeature
+  title={"Environment Variables"}
+  planType={"Business plan"}
+  description={"Add and manage environment variables for development and production"}
+  enabled={$licensing.environmentVariablesEnabled}
+  upgradeButtonClick={async () => {
+    await environment.upgradePanelOpened()
+    $licensing.goToUpgradePage()
+  }}
+>
+  {#if noEncryptionKey}
+    <InlineAlert
+      message="Your Budibase installation does not have a key for encryption, please update your app service's environment variables to contain an 'ENCRYPTION_KEY' value."
+      header="No encryption key found"
+      type="error"
+    />
   {/if}
-</Layout>
+  <div>
+    <Button on:click={modal.show} cta disabled={noEncryptionKey}
+      >Add Variable</Button
+    >
+  </div>
+  <Layout noPadding>
+    <Table
+      {schema}
+      data={$environment.variables}
+      allowEditColumns={false}
+      allowEditRows={false}
+      allowSelectRows={false}
+      {customRenderers}
+    />
+  </Layout>
+</LockedFeature>
 
 <Modal bind:this={modal}>
   <CreateEditVariableModal {save} />
 </Modal>
 
 <style>
-  .buttons {
-    display: flex;
-    gap: var(--spacing-l);
-  }
-  .title {
-    display: flex;
-    flex-direction: row;
-    align-items: center;
-    justify-content: flex-start;
-    gap: var(--spacing-m);
-  }
-
-  .buttons {
-    display: flex;
-    flex-direction: row;
-    gap: var(--spacing-m);
-  }
 </style>
diff --git a/packages/builder/src/pages/builder/portal/settings/organisation.svelte b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
index 8e4d6e738c..bba046ce10 100644
--- a/packages/builder/src/pages/builder/portal/settings/organisation.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
@@ -24,6 +24,7 @@
   }
 
   const values = writable({
+    isSSOEnforced: $organisation.isSSOEnforced,
     company: $organisation.company,
     platformUrl: $organisation.platformUrl,
     analyticsEnabled: $organisation.analyticsEnabled,
@@ -54,6 +55,7 @@
       }
 
       const config = {
+        isSSOEnforced: $values.isSSOEnforced,
         company: $values.company ?? "",
         platformUrl: $values.platformUrl ?? "",
         analyticsEnabled: $values.analyticsEnabled,
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
index 7ec6d338d5..0048853545 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
@@ -1,9 +1,8 @@
 <script>
   import { ModalContent, Body, Layout, Icon } from "@budibase/bbui"
+  import { OnboardingType } from "../../../../../../constants"
 
   export let chooseCreationType
-  let emailOnboardingKey = "emailOnboarding"
-  let basicOnboaridngKey = "basicOnboarding"
 
   let selectedOnboardingType
 </script>
@@ -20,9 +19,9 @@
   <Layout noPadding gap="S">
     <div
       class="onboarding-type item"
-      class:selected={selectedOnboardingType == emailOnboardingKey}
+      class:selected={selectedOnboardingType == OnboardingType.EMAIL}
       on:click={() => {
-        selectedOnboardingType = emailOnboardingKey
+        selectedOnboardingType = OnboardingType.EMAIL
       }}
     >
       <div class="content onboarding-type-wrap">
@@ -32,7 +31,7 @@
         </div>
       </div>
       <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == emailOnboardingKey}
+        {#if selectedOnboardingType == OnboardingType.EMAIL}
           <div class="checkmark-spacing">
             <Icon size="S" name="CheckmarkCircle" />
           </div>
@@ -42,9 +41,9 @@
 
     <div
       class="onboarding-type item"
-      class:selected={selectedOnboardingType == basicOnboaridngKey}
+      class:selected={selectedOnboardingType == OnboardingType.PASSWORD}
       on:click={() => {
-        selectedOnboardingType = basicOnboaridngKey
+        selectedOnboardingType = OnboardingType.PASSWORD
       }}
     >
       <div class="content onboarding-type-wrap">
@@ -54,7 +53,7 @@
         </div>
       </div>
       <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == basicOnboaridngKey}
+        {#if selectedOnboardingType == OnboardingType.PASSWORD}
           <div class="checkmark-spacing">
             <Icon size="S" name="CheckmarkCircle" />
           </div>
diff --git a/packages/builder/src/pages/builder/portal/users/users/index.svelte b/packages/builder/src/pages/builder/portal/users/users/index.svelte
index 0776b1adc4..4f80e1a942 100644
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@@ -13,7 +13,7 @@
     Divider,
   } from "@budibase/bbui"
   import AddUserModal from "./_components/AddUserModal.svelte"
-  import { users, groups, auth, licensing } from "stores/portal"
+  import { users, groups, auth, licensing, organisation } from "stores/portal"
   import { onMount } from "svelte"
   import DeleteRowsButton from "components/backend/DataTable/buttons/DeleteRowsButton.svelte"
   import GroupsTableRenderer from "./_components/GroupsTableRenderer.svelte"
@@ -27,6 +27,7 @@
   import { get } from "svelte/store"
   import { Constants, Utils, fetchData } from "@budibase/frontend-core"
   import { API } from "api"
+  import { OnboardingType } from "../../../../../constants"
 
   const fetch = fetchData({
     API,
@@ -105,10 +106,18 @@
   const debouncedUpdateFetch = Utils.debounce(updateFetch, 250)
 
   const showOnboardingTypeModal = async addUsersData => {
+    // no-op if users already exist
     userData = await removingDuplicities(addUsersData)
-    if (!userData?.users?.length) return
+    if (!userData?.users?.length) {
+      return
+    }
 
-    onboardingTypeModal.show()
+    if ($organisation.isSSOEnforced) {
+      // bypass the onboarding type selection of sso is enforced
+      await chooseCreationType(OnboardingType.EMAIL)
+    } else {
+      onboardingTypeModal.show()
+    }
   }
 
   async function createUserFlow() {
@@ -181,7 +190,7 @@
   }
 
   async function chooseCreationType(onboardingType) {
-    if (onboardingType === "emailOnboarding") {
+    if (onboardingType === OnboardingType.EMAIL) {
       await createUserFlow()
     } else {
       await createUsers()
diff --git a/packages/builder/src/stores/portal/auditLogs.js b/packages/builder/src/stores/portal/auditLogs.js
new file mode 100644
index 0000000000..9abf8ec11b
--- /dev/null
+++ b/packages/builder/src/stores/portal/auditLogs.js
@@ -0,0 +1,43 @@
+import { writable, get } from "svelte/store"
+import { API } from "api"
+import { licensing } from "stores/portal"
+
+export function createAuditLogsStore() {
+  const { subscribe, update } = writable({
+    events: {},
+    logs: {},
+  })
+
+  async function search(opts = {}) {
+    if (get(licensing).auditLogsEnabled) {
+      const paged = await API.searchAuditLogs(opts)
+
+      update(state => {
+        return { ...state, logs: { ...paged, opts } }
+      })
+
+      return paged
+    }
+  }
+
+  async function getEventDefinitions() {
+    const events = await API.getEventDefinitions()
+
+    update(state => {
+      return { ...state, ...events }
+    })
+  }
+
+  function getDownloadUrl(opts = {}) {
+    return API.getDownloadUrl(opts)
+  }
+
+  return {
+    subscribe,
+    search,
+    getEventDefinitions,
+    getDownloadUrl,
+  }
+}
+
+export const auditLogs = createAuditLogsStore()
diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js
index d11033c142..2ab68b11b4 100644
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@@ -154,9 +154,14 @@ export function createAuthStore() {
       await setInitInfo({})
     },
     updateSelf: async fields => {
-      const newUser = { ...get(auth).user, ...fields }
-      await API.updateSelf(newUser)
-      setUser(newUser)
+      await API.updateSelf({ ...fields })
+      // Refetch to enrich after update.
+      try {
+        const user = await API.fetchBuilderSelf()
+        setUser(user)
+      } catch (error) {
+        setUser(null)
+      }
     },
     forgotPassword: async email => {
       const tenantId = get(store).tenantId
diff --git a/packages/builder/src/stores/portal/index.js b/packages/builder/src/stores/portal/index.js
index 8d704a5e15..e8f7853165 100644
--- a/packages/builder/src/stores/portal/index.js
+++ b/packages/builder/src/stores/portal/index.js
@@ -13,3 +13,4 @@ export { backups } from "./backups"
 export { overview } from "./overview"
 export { environment } from "./environment"
 export { menu } from "./menu"
+export { auditLogs } from "./auditLogs"
diff --git a/packages/builder/src/stores/portal/licensing.js b/packages/builder/src/stores/portal/licensing.js
index 6f5c80e03c..cf04eed9e6 100644
--- a/packages/builder/src/stores/portal/licensing.js
+++ b/packages/builder/src/stores/portal/licensing.js
@@ -12,6 +12,7 @@ export const createLicensingStore = () => {
     // the top level license
     license: undefined,
     isFreePlan: true,
+    isEnterprisePlan: true,
     // features
     groupsEnabled: false,
     backupsEnabled: false,
@@ -53,7 +54,9 @@ export const createLicensingStore = () => {
     },
     setLicense: () => {
       const license = get(auth).user.license
-      const isFreePlan = license?.plan.type === Constants.PlanType.FREE
+      const planType = license?.plan.type
+      const isEnterprisePlan = planType === Constants.PlanType.ENTERPRISE
+      const isFreePlan = planType === Constants.PlanType.FREE
       const groupsEnabled = license.features.includes(
         Constants.Features.USER_GROUPS
       )
@@ -63,15 +66,24 @@ export const createLicensingStore = () => {
       const environmentVariablesEnabled = license.features.includes(
         Constants.Features.ENVIRONMENT_VARIABLES
       )
+      const enforceableSSO = license.features.includes(
+        Constants.Features.ENFORCEABLE_SSO
+      )
 
+      const auditLogsEnabled = license.features.includes(
+        Constants.Features.AUDIT_LOGS
+      )
       store.update(state => {
         return {
           ...state,
           license,
+          isEnterprisePlan,
           isFreePlan,
           groupsEnabled,
           backupsEnabled,
           environmentVariablesEnabled,
+          auditLogsEnabled,
+          enforceableSSO,
         }
       })
     },
diff --git a/packages/builder/src/stores/portal/menu.js b/packages/builder/src/stores/portal/menu.js
index 8eea36c08c..d791a4ac91 100644
--- a/packages/builder/src/stores/portal/menu.js
+++ b/packages/builder/src/stores/portal/menu.js
@@ -76,6 +76,12 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/account/usage",
       },
     ]
+    if ($auth.isAdmin) {
+      accountSubPages.push({
+        title: "Audit Logs",
+        href: "/builder/portal/account/auditLogs",
+      })
+    }
     if ($admin.cloud && $auth?.user?.accountPortalAccess) {
       accountSubPages.push({
         title: "Upgrade",
@@ -87,6 +93,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/account/upgrade",
       })
     }
+    // add license check here
     if (
       $auth?.user?.accountPortalAccess &&
       $auth.user.account.stripeCustomerId
diff --git a/packages/builder/src/stores/portal/organisation.js b/packages/builder/src/stores/portal/organisation.js
index 9709578fa2..36bf98b0ba 100644
--- a/packages/builder/src/stores/portal/organisation.js
+++ b/packages/builder/src/stores/portal/organisation.js
@@ -1,6 +1,7 @@
 import { writable, get } from "svelte/store"
 import { API } from "api"
 import { auth } from "stores/portal"
+import _ from "lodash"
 
 const DEFAULT_CONFIG = {
   platformUrl: "",
@@ -11,6 +12,7 @@ const DEFAULT_CONFIG = {
   google: undefined,
   oidcCallbackUrl: "",
   googleCallbackUrl: "",
+  isSSOEnforced: false,
 }
 
 export function createOrganisationStore() {
@@ -19,21 +21,20 @@ export function createOrganisationStore() {
 
   async function init() {
     const tenantId = get(auth).tenantId
-    const tenant = await API.getTenantConfig(tenantId)
-    set({ ...DEFAULT_CONFIG, ...tenant.config, _rev: tenant._rev })
+    const settingsConfigDoc = await API.getTenantConfig(tenantId)
+    set({ ...DEFAULT_CONFIG, ...settingsConfigDoc.config })
   }
 
   async function save(config) {
     // Delete non-persisted fields
-    const storeConfig = get(store)
+    const storeConfig = _.cloneDeep(get(store))
     delete storeConfig.oidc
     delete storeConfig.google
     delete storeConfig.oidcCallbackUrl
     delete storeConfig.googleCallbackUrl
     await API.saveConfig({
       type: "settings",
-      config: { ...get(store), ...config },
-      _rev: get(store)._rev,
+      config: { ...storeConfig, ...config },
     })
     await init()
   }
diff --git a/packages/builder/src/stores/portal/users.js b/packages/builder/src/stores/portal/users.js
index 1510207604..206e14568b 100644
--- a/packages/builder/src/stores/portal/users.js
+++ b/packages/builder/src/stores/portal/users.js
@@ -26,9 +26,15 @@ export function createUsersStore() {
     return await API.getUsers()
   }
 
+  // One or more users.
+  async function onboard(payload) {
+    return await API.onboardUsers(payload)
+  }
+
   async function invite(payload) {
     return API.inviteUsers(payload)
   }
+
   async function acceptInvite(inviteCode, password, firstName, lastName) {
     return API.acceptInvite({
       inviteCode,
@@ -42,6 +48,14 @@ export function createUsersStore() {
     return API.getUserInvite(inviteCode)
   }
 
+  async function getInvites() {
+    return API.getUserInvites()
+  }
+
+  async function updateInvite(invite) {
+    return API.updateUserInvite(invite)
+  }
+
   async function create(data) {
     let mappedUsers = data.users.map(user => {
       const body = {
@@ -106,8 +120,11 @@ export function createUsersStore() {
     getUserRole,
     fetch,
     invite,
+    onboard,
     acceptInvite,
     fetchInvite,
+    getInvites,
+    updateInvite,
     create,
     save,
     bulkDelete,
diff --git a/packages/cli/.gitignore b/packages/cli/.gitignore
index 655ef7b624..8d8de9a0da 100644
--- a/packages/cli/.gitignore
+++ b/packages/cli/.gitignore
@@ -6,3 +6,4 @@ docker-error.log
 envoy.yaml
 *.tar.gz
 prebuilds/
+dist/
diff --git a/packages/cli/package.json b/packages/cli/package.json
index 5bc10322c1..50b31cc7dd 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,16 +1,19 @@
 {
   "name": "@budibase/cli",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase CLI, for developers, self hosting and migrations.",
-  "main": "src/index.js",
+  "main": "dist/index.js",
   "bin": {
-    "budi": "src/index.js"
+    "budi": "dist/index.js"
   },
   "author": "Budibase",
   "license": "GPL-3.0",
   "scripts": {
     "prebuild": "rm -rf prebuilds 2> /dev/null && cp -r node_modules/leveldown/prebuilds prebuilds",
-    "build": "yarn prebuild && renamer --find .node --replace .fake 'prebuilds/**' && pkg . --out-path build && yarn postbuild",
+    "rename": "renamer --find .node --replace .fake 'prebuilds/**'",
+    "tsc": "tsc -p tsconfig.build.json",
+    "pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip",
+    "build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild",
     "postbuild": "rm -rf prebuilds 2> /dev/null"
   },
   "pkg": {
@@ -26,21 +29,21 @@
     "outputPath": "build"
   },
   "dependencies": {
-    "@budibase/backend-core": "2.3.18-alpha.12",
-    "@budibase/string-templates": "2.3.18-alpha.12",
-    "@budibase/types": "2.3.18-alpha.12",
+    "@budibase/backend-core": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
+    "@budibase/types": "2.4.12-alpha.0",
     "axios": "0.21.2",
     "chalk": "4.1.0",
     "cli-progress": "3.11.2",
     "commander": "7.1.0",
-    "docker-compose": "0.23.6",
+    "docker-compose": "0.23.12",
     "dotenv": "16.0.1",
     "download": "8.0.0",
     "find-free-port": "^2.0.0",
     "inquirer": "8.0.0",
     "joi": "17.6.0",
     "lookpath": "1.1.0",
-    "node-fetch": "2",
+    "node-fetch": "2.6.7",
     "pkg": "5.8.0",
     "posthog-node": "1.0.7",
     "pouchdb": "7.3.0",
@@ -50,8 +53,15 @@
     "yaml": "^2.1.1"
   },
   "devDependencies": {
+    "@swc/core": "^1.3.25",
+    "@swc/jest": "^0.2.24",
+    "@types/jest": "^29.4.0",
+    "@types/node-fetch": "2.6.1",
+    "@types/pouchdb": "^6.4.0",
     "copyfiles": "^2.4.1",
     "eslint": "^7.20.0",
-    "renamer": "^4.0.0"
+    "renamer": "^4.0.0",
+    "ts-node": "^10.9.1",
+    "typescript": "4.7.3"
   }
 }
diff --git a/packages/cli/src/analytics/Client.js b/packages/cli/src/analytics/Client.js
deleted file mode 100644
index 717a50198b..0000000000
--- a/packages/cli/src/analytics/Client.js
+++ /dev/null
@@ -1,32 +0,0 @@
-const PostHog = require("posthog-node")
-const { POSTHOG_TOKEN, AnalyticsEvents } = require("../constants")
-const ConfigManager = require("../structures/ConfigManager")
-
-class AnalyticsClient {
-  constructor() {
-    this.client = new PostHog(POSTHOG_TOKEN)
-    this.configManager = new ConfigManager()
-  }
-
-  capture(event) {
-    if (this.configManager.config.analyticsDisabled) return
-
-    this.client.capture(event)
-  }
-
-  enable() {
-    this.configManager.removeKey("analyticsDisabled")
-    this.client.capture({ event: AnalyticsEvents.OptIn, distinctId: "cli" })
-  }
-
-  disable() {
-    this.client.capture({ event: AnalyticsEvents.OptOut, distinctId: "cli" })
-    this.configManager.setValue("analyticsDisabled", true)
-  }
-
-  status() {
-    return this.configManager.config.analyticsDisabled ? "disabled" : "enabled"
-  }
-}
-
-module.exports = AnalyticsClient
diff --git a/packages/cli/src/analytics/Client.ts b/packages/cli/src/analytics/Client.ts
new file mode 100644
index 0000000000..19b171026d
--- /dev/null
+++ b/packages/cli/src/analytics/Client.ts
@@ -0,0 +1,33 @@
+import PostHog from "posthog-node"
+import { POSTHOG_TOKEN, AnalyticsEvent } from "../constants"
+import { ConfigManager } from "../structures/ConfigManager"
+
+export class AnalyticsClient {
+  client: PostHog
+  configManager: ConfigManager
+
+  constructor() {
+    this.client = new PostHog(POSTHOG_TOKEN, {})
+    this.configManager = new ConfigManager()
+  }
+
+  capture(event: { distinctId: string; event: string; properties?: any }) {
+    if (this.configManager.config.analyticsDisabled) return
+
+    this.client.capture(event)
+  }
+
+  enable() {
+    this.configManager.removeKey("analyticsDisabled")
+    this.client.capture({ event: AnalyticsEvent.OptIn, distinctId: "cli" })
+  }
+
+  disable() {
+    this.client.capture({ event: AnalyticsEvent.OptOut, distinctId: "cli" })
+    this.configManager.setValue("analyticsDisabled", true)
+  }
+
+  status() {
+    return this.configManager.config.analyticsDisabled ? "disabled" : "enabled"
+  }
+}
diff --git a/packages/cli/src/analytics/index.js b/packages/cli/src/analytics/index.ts
similarity index 76%
rename from packages/cli/src/analytics/index.js
rename to packages/cli/src/analytics/index.ts
index d85323d1d0..077104c165 100644
--- a/packages/cli/src/analytics/index.js
+++ b/packages/cli/src/analytics/index.ts
@@ -1,7 +1,7 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const { success, error } = require("../utils")
-const AnalyticsClient = require("./Client")
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import { success, error } from "../utils"
+import { AnalyticsClient } from "./Client"
 
 const client = new AnalyticsClient()
 
@@ -14,11 +14,10 @@ async function optOut() {
         "Successfully opted out of Budibase analytics. You can opt in at any time by running 'budi analytics opt-in'"
       )
     )
-  } catch (err) {
+  } catch (err: any) {
     console.log(
       error(
-        "Error opting out of Budibase analytics. Please try again later.",
-        err
+        `Error opting out of Budibase analytics. Please try again later - ${err}`
       )
     )
   }
@@ -50,7 +49,7 @@ async function status() {
   }
 }
 
-const command = new Command(`${CommandWords.ANALYTICS}`)
+export default new Command(`${CommandWord.ANALYTICS}`)
   .addHelp("Control the analytics you send to Budibase.")
   .addSubOption("--optin", "Opt in to sending analytics to Budibase", optIn)
   .addSubOption("--optout", "Opt out of sending analytics to Budibase.", optOut)
@@ -59,5 +58,3 @@ const command = new Command(`${CommandWords.ANALYTICS}`)
     "Check whether you are currently opted in to Budibase analytics.",
     status
   )
-
-exports.command = command
diff --git a/packages/cli/src/backups/index.js b/packages/cli/src/backups/index.ts
similarity index 79%
rename from packages/cli/src/backups/index.js
rename to packages/cli/src/backups/index.ts
index 47b54fa9a0..2b148f34af 100644
--- a/packages/cli/src/backups/index.js
+++ b/packages/cli/src/backups/index.ts
@@ -1,28 +1,30 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const fs = require("fs")
-const { join } = require("path")
-const { getAllDbs } = require("../core/db")
-const tar = require("tar")
-const { progressBar, httpCall } = require("../utils")
-const {
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import fs from "fs"
+import { join } from "path"
+import { getAllDbs } from "../core/db"
+import { progressBar, httpCall } from "../utils"
+import {
   TEMP_DIR,
   COUCH_DIR,
   MINIO_DIR,
   getConfig,
   replication,
   getPouches,
-} = require("./utils")
-const { exportObjects, importObjects } = require("./objectStore")
+} from "./utils"
+import { exportObjects, importObjects } from "./objectStore"
+const tar = require("tar")
 
-async function exportBackup(opts) {
+type BackupOpts = { env?: string; import?: string; export?: string }
+
+async function exportBackup(opts: BackupOpts) {
   const envFile = opts.env || undefined
-  let filename = opts["export"] || opts
+  let filename = opts["export"] || (opts as string)
   if (typeof filename !== "string") {
     filename = `backup-${new Date().toISOString()}.tar.gz`
   }
   const config = await getConfig(envFile)
-  const dbList = await getAllDbs(config["COUCH_DB_URL"])
+  const dbList = (await getAllDbs(config["COUCH_DB_URL"])) as string[]
   const { Remote, Local } = getPouches(config)
   if (fs.existsSync(TEMP_DIR)) {
     fs.rmSync(TEMP_DIR, { recursive: true })
@@ -55,9 +57,9 @@ async function exportBackup(opts) {
   console.log(`Generated export file - ${filename}`)
 }
 
-async function importBackup(opts) {
+async function importBackup(opts: BackupOpts) {
   const envFile = opts.env || undefined
-  const filename = opts["import"] || opts
+  const filename = opts["import"] || (opts as string)
   const config = await getConfig(envFile)
   if (!filename || !fs.existsSync(filename)) {
     console.error("Cannot import without specifying a valid file to import")
@@ -99,7 +101,7 @@ async function importBackup(opts) {
   fs.rmSync(TEMP_DIR, { recursive: true })
 }
 
-async function pickOne(opts) {
+async function pickOne(opts: BackupOpts) {
   if (opts["import"]) {
     return importBackup(opts)
   } else if (opts["export"]) {
@@ -107,7 +109,7 @@ async function pickOne(opts) {
   }
 }
 
-const command = new Command(`${CommandWords.BACKUPS}`)
+export default new Command(`${CommandWord.BACKUPS}`)
   .addHelp(
     "Allows building backups of Budibase, as well as importing a backup to a new instance."
   )
@@ -126,5 +128,3 @@ const command = new Command(`${CommandWords.BACKUPS}`)
     "Provide an environment variable file to configure the CLI.",
     pickOne
   )
-
-exports.command = command
diff --git a/packages/cli/src/backups/objectStore.js b/packages/cli/src/backups/objectStore.ts
similarity index 81%
rename from packages/cli/src/backups/objectStore.js
rename to packages/cli/src/backups/objectStore.ts
index 407659d54a..d801f6e453 100644
--- a/packages/cli/src/backups/objectStore.js
+++ b/packages/cli/src/backups/objectStore.ts
@@ -1,8 +1,8 @@
-const { objectStore } = require("@budibase/backend-core")
-const fs = require("fs")
-const { join } = require("path")
-const { TEMP_DIR, MINIO_DIR } = require("./utils")
-const { progressBar } = require("../utils")
+import { objectStore } from "@budibase/backend-core"
+import fs from "fs"
+import { join } from "path"
+import { TEMP_DIR, MINIO_DIR } from "./utils"
+import { progressBar } from "../utils"
 const {
   ObjectStoreBuckets,
   ObjectStore,
@@ -13,10 +13,10 @@ const {
 
 const bucketList = Object.values(ObjectStoreBuckets)
 
-exports.exportObjects = async () => {
+export async function exportObjects() {
   const path = join(TEMP_DIR, MINIO_DIR)
   fs.mkdirSync(path)
-  let fullList = []
+  let fullList: any[] = []
   let errorCount = 0
   for (let bucket of bucketList) {
     const client = ObjectStore(bucket)
@@ -26,7 +26,7 @@ exports.exportObjects = async () => {
       errorCount++
       continue
     }
-    const list = await client.listObjectsV2().promise()
+    const list = (await client.listObjectsV2().promise()) as { Contents: any[] }
     fullList = fullList.concat(list.Contents.map(el => ({ ...el, bucket })))
   }
   if (errorCount === bucketList.length) {
@@ -48,7 +48,7 @@ exports.exportObjects = async () => {
   bar.stop()
 }
 
-exports.importObjects = async () => {
+export async function importObjects() {
   const path = join(TEMP_DIR, MINIO_DIR)
   const buckets = fs.readdirSync(path)
   let total = 0
diff --git a/packages/cli/src/backups/utils.js b/packages/cli/src/backups/utils.ts
similarity index 66%
rename from packages/cli/src/backups/utils.js
rename to packages/cli/src/backups/utils.ts
index 21d3504373..30e79ac17b 100644
--- a/packages/cli/src/backups/utils.js
+++ b/packages/cli/src/backups/utils.ts
@@ -1,12 +1,13 @@
-const dotenv = require("dotenv")
-const fs = require("fs")
-const { string } = require("../questions")
-const { getPouch } = require("../core/db")
-const { env: environment } = require("@budibase/backend-core")
+import dotenv from "dotenv"
+import fs from "fs"
+import { string } from "../questions"
+import { getPouch } from "../core/db"
+import { env as environment } from "@budibase/backend-core"
+import PouchDB from "pouchdb"
 
-exports.TEMP_DIR = ".temp"
-exports.COUCH_DIR = "couchdb"
-exports.MINIO_DIR = "minio"
+export const TEMP_DIR = ".temp"
+export const COUCH_DIR = "couchdb"
+export const MINIO_DIR = "minio"
 
 const REQUIRED = [
   { value: "MAIN_PORT", default: "10000" },
@@ -19,7 +20,7 @@ const REQUIRED = [
   { value: "MINIO_SECRET_KEY" },
 ]
 
-exports.checkURLs = config => {
+export function checkURLs(config: Record<string, string>) {
   const mainPort = config["MAIN_PORT"],
     username = config["COUCH_DB_USER"],
     password = config["COUCH_DB_PASSWORD"]
@@ -34,23 +35,23 @@ exports.checkURLs = config => {
   return config
 }
 
-exports.askQuestions = async () => {
+export async function askQuestions() {
   console.log(
     "*** NOTE: use a .env file to load these parameters repeatedly ***"
   )
-  let config = {}
+  let config: Record<string, string> = {}
   for (let property of REQUIRED) {
     config[property.value] = await string(property.value, property.default)
   }
   return config
 }
 
-exports.loadEnvironment = path => {
+export function loadEnvironment(path: string) {
   if (!fs.existsSync(path)) {
     throw "Unable to file specified .env file"
   }
   const env = fs.readFileSync(path, "utf8")
-  const config = exports.checkURLs(dotenv.parse(env))
+  const config = checkURLs(dotenv.parse(env))
   for (let required of REQUIRED) {
     if (!config[required.value]) {
       throw `Cannot find "${required.value}" property in .env file`
@@ -60,12 +61,12 @@ exports.loadEnvironment = path => {
 }
 
 // true is the default value passed by commander
-exports.getConfig = async (envFile = true) => {
+export async function getConfig(envFile: boolean | string = true) {
   let config
   if (envFile !== true) {
-    config = exports.loadEnvironment(envFile)
+    config = loadEnvironment(envFile as string)
   } else {
-    config = await exports.askQuestions()
+    config = await askQuestions()
   }
   // fill out environment
   for (let key of Object.keys(config)) {
@@ -74,12 +75,16 @@ exports.getConfig = async (envFile = true) => {
   return config
 }
 
-exports.replication = async (from, to) => {
+export async function replication(
+  from: PouchDB.Database,
+  to: PouchDB.Database
+) {
   const pouch = getPouch()
   try {
     await pouch.replicate(from, to, {
       batch_size: 1000,
-      batch_limit: 5,
+      batches_limit: 5,
+      // @ts-ignore
       style: "main_only",
     })
   } catch (err) {
@@ -87,7 +92,7 @@ exports.replication = async (from, to) => {
   }
 }
 
-exports.getPouches = config => {
+export function getPouches(config: Record<string, string>) {
   const Remote = getPouch(config["COUCH_DB_URL"])
   const Local = getPouch()
   return { Remote, Local }
diff --git a/packages/cli/src/constants.js b/packages/cli/src/constants.js
deleted file mode 100644
index 6b0265ffd2..0000000000
--- a/packages/cli/src/constants.js
+++ /dev/null
@@ -1,25 +0,0 @@
-const { Event } = require("@budibase/types")
-
-exports.CommandWords = {
-  BACKUPS: "backups",
-  HOSTING: "hosting",
-  ANALYTICS: "analytics",
-  HELP: "help",
-  PLUGIN: "plugins",
-}
-
-exports.InitTypes = {
-  QUICK: "quick",
-  DIGITAL_OCEAN: "do",
-}
-
-exports.AnalyticsEvents = {
-  OptOut: "analytics:opt:out",
-  OptIn: "analytics:opt:in",
-  SelfHostInit: "hosting:init",
-  PluginInit: Event.PLUGIN_INIT,
-}
-
-exports.POSTHOG_TOKEN = "phc_yGOn4i7jWKaCTapdGR6lfA4AvmuEQ2ijn5zAVSFYPlS"
-
-exports.GENERATED_USER_EMAIL = "admin@admin.com"
diff --git a/packages/cli/src/constants.ts b/packages/cli/src/constants.ts
new file mode 100644
index 0000000000..6fa5822986
--- /dev/null
+++ b/packages/cli/src/constants.ts
@@ -0,0 +1,4 @@
+export { CommandWord, InitType, AnalyticsEvent } from "@budibase/types"
+
+export const POSTHOG_TOKEN = "phc_yGOn4i7jWKaCTapdGR6lfA4AvmuEQ2ijn5zAVSFYPlS"
+export const GENERATED_USER_EMAIL = "admin@admin.com"
diff --git a/packages/cli/src/core/db.js b/packages/cli/src/core/db.ts
similarity index 69%
rename from packages/cli/src/core/db.js
rename to packages/cli/src/core/db.ts
index 38f383d99e..f2afb8bcd4 100644
--- a/packages/cli/src/core/db.js
+++ b/packages/cli/src/core/db.ts
@@ -1,12 +1,12 @@
-const PouchDB = require("pouchdb")
-const { checkSlashesInUrl } = require("../utils")
-const fetch = require("node-fetch")
+import PouchDB from "pouchdb"
+import { checkSlashesInUrl } from "../utils"
+import fetch from "node-fetch"
 
 /**
  * Fully qualified URL including username and password, or nothing for local
  */
-exports.getPouch = (url = undefined) => {
-  let POUCH_DB_DEFAULTS = {}
+export function getPouch(url?: string) {
+  let POUCH_DB_DEFAULTS
   if (!url) {
     POUCH_DB_DEFAULTS = {
       prefix: undefined,
@@ -19,11 +19,12 @@ exports.getPouch = (url = undefined) => {
   }
   const replicationStream = require("pouchdb-replication-stream")
   PouchDB.plugin(replicationStream.plugin)
+  // @ts-ignore
   PouchDB.adapter("writableStream", replicationStream.adapters.writableStream)
-  return PouchDB.defaults(POUCH_DB_DEFAULTS)
+  return PouchDB.defaults(POUCH_DB_DEFAULTS) as PouchDB.Static
 }
 
-exports.getAllDbs = async url => {
+export async function getAllDbs(url: string) {
   const response = await fetch(
     checkSlashesInUrl(encodeURI(`${url}/_all_dbs`)),
     {
diff --git a/packages/cli/src/environment.js b/packages/cli/src/environment.ts
similarity index 57%
rename from packages/cli/src/environment.js
rename to packages/cli/src/environment.ts
index c8c8fe87e9..9d017f99b2 100644
--- a/packages/cli/src/environment.js
+++ b/packages/cli/src/environment.ts
@@ -1,2 +1,3 @@
 process.env.NO_JS = "1"
 process.env.JS_BCRYPT = "1"
+process.env.DISABLE_JWT_WARNING = "1"
diff --git a/packages/cli/src/events.js b/packages/cli/src/events.js
deleted file mode 100644
index 63d4fca1ea..0000000000
--- a/packages/cli/src/events.js
+++ /dev/null
@@ -1,11 +0,0 @@
-const AnalyticsClient = require("./analytics/Client")
-
-const client = new AnalyticsClient()
-
-exports.captureEvent = (event, properties) => {
-  client.capture({
-    distinctId: "cli",
-    event,
-    properties,
-  })
-}
diff --git a/packages/cli/src/events.ts b/packages/cli/src/events.ts
new file mode 100644
index 0000000000..c05a596c0a
--- /dev/null
+++ b/packages/cli/src/events.ts
@@ -0,0 +1,11 @@
+import { AnalyticsClient } from "./analytics/Client"
+
+const client = new AnalyticsClient()
+
+export function captureEvent(event: string, properties: any) {
+  client.capture({
+    distinctId: "cli",
+    event,
+    properties,
+  })
+}
diff --git a/packages/cli/src/exec.js b/packages/cli/src/exec.ts
similarity index 55%
rename from packages/cli/src/exec.js
rename to packages/cli/src/exec.ts
index 4df486aed6..b121ca0e03 100644
--- a/packages/cli/src/exec.js
+++ b/packages/cli/src/exec.ts
@@ -1,21 +1,21 @@
-const util = require("util")
-const exec = util.promisify(require("child_process").exec)
+import util from "util"
+const runCommand = util.promisify(require("child_process").exec)
 
-exports.exec = async (command, dir = "./") => {
-  const { stdout } = await exec(command, { cwd: dir })
+export async function exec(command: string, dir = "./") {
+  const { stdout } = await runCommand(command, { cwd: dir })
   return stdout
 }
 
-exports.utilityInstalled = async utilName => {
+export async function utilityInstalled(utilName: string) {
   try {
-    await exports.exec(`${utilName} --version`)
+    await exec(`${utilName} --version`)
     return true
   } catch (err) {
     return false
   }
 }
 
-exports.runPkgCommand = async (command, dir = "./") => {
+export async function runPkgCommand(command: string, dir = "./") {
   const yarn = await exports.utilityInstalled("yarn")
   const npm = await exports.utilityInstalled("npm")
   if (!yarn && !npm) {
diff --git a/packages/cli/src/hosting/genUser.js b/packages/cli/src/hosting/genUser.ts
similarity index 68%
rename from packages/cli/src/hosting/genUser.js
rename to packages/cli/src/hosting/genUser.ts
index 7ee11179af..e02bb20e1f 100644
--- a/packages/cli/src/hosting/genUser.js
+++ b/packages/cli/src/hosting/genUser.ts
@@ -2,15 +2,16 @@ const { success } = require("../utils")
 const { updateDockerComposeService } = require("./utils")
 const randomString = require("randomstring")
 const { GENERATED_USER_EMAIL } = require("../constants")
+import { DockerCompose } from "./types"
 
-exports.generateUser = async (password, silent) => {
+export async function generateUser(password: string | null, silent: boolean) {
   const email = GENERATED_USER_EMAIL
   if (!password) {
     password = randomString.generate({ length: 6 })
   }
-  updateDockerComposeService(service => {
+  updateDockerComposeService((service: DockerCompose) => {
     service.environment["BB_ADMIN_USER_EMAIL"] = email
-    service.environment["BB_ADMIN_USER_PASSWORD"] = password
+    service.environment["BB_ADMIN_USER_PASSWORD"] = password as string
   })
   if (!silent) {
     console.log(
diff --git a/packages/cli/src/hosting/index.js b/packages/cli/src/hosting/index.ts
similarity index 68%
rename from packages/cli/src/hosting/index.js
rename to packages/cli/src/hosting/index.ts
index d8133c4959..3326061c9a 100644
--- a/packages/cli/src/hosting/index.js
+++ b/packages/cli/src/hosting/index.ts
@@ -1,14 +1,14 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const { init } = require("./init")
-const { start } = require("./start")
-const { stop } = require("./stop")
-const { status } = require("./status")
-const { update } = require("./update")
-const { generateUser } = require("./genUser")
-const { watchPlugins } = require("./watch")
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import { init } from "./init"
+import { start } from "./start"
+import { stop } from "./stop"
+import { status } from "./status"
+import { update } from "./update"
+import { generateUser } from "./genUser"
+import { watchPlugins } from "./watch"
 
-const command = new Command(`${CommandWords.HOSTING}`)
+export default new Command(`${CommandWord.HOSTING}`)
   .addHelp("Controls self hosting on the Budibase platform.")
   .addSubOption(
     "--init [type]",
@@ -46,5 +46,3 @@ const command = new Command(`${CommandWords.HOSTING}`)
     generateUser
   )
   .addSubOption("--single", "Specify this with init to use the single image.")
-
-exports.command = command
diff --git a/packages/cli/src/hosting/init.js b/packages/cli/src/hosting/init.ts
similarity index 58%
rename from packages/cli/src/hosting/init.js
rename to packages/cli/src/hosting/init.ts
index 88063f1732..04943ce4e7 100644
--- a/packages/cli/src/hosting/init.js
+++ b/packages/cli/src/hosting/init.ts
@@ -1,24 +1,25 @@
-const { InitTypes, AnalyticsEvents } = require("../constants")
-const { confirmation } = require("../questions")
-const { captureEvent } = require("../events")
-const makeFiles = require("./makeFiles")
-const axios = require("axios")
-const { parseEnv } = require("../utils")
-const { checkDockerConfigured, downloadFiles } = require("./utils")
-const { watchPlugins } = require("./watch")
-const { generateUser } = require("./genUser")
+import { InitType, AnalyticsEvent } from "../constants"
+import { confirmation } from "../questions"
+import { captureEvent } from "../events"
+import * as makeFiles from "./makeFiles"
+import { parseEnv } from "../utils"
+import { checkDockerConfigured, downloadDockerCompose } from "./utils"
+import { watchPlugins } from "./watch"
+import { generateUser } from "./genUser"
+import fetch from "node-fetch"
 
 const DO_USER_DATA_URL = "http://169.254.169.254/metadata/v1/user-data"
 
-async function getInitConfig(type, isQuick, port) {
-  const config = isQuick ? makeFiles.QUICK_CONFIG : {}
-  if (type === InitTypes.DIGITAL_OCEAN) {
+async function getInitConfig(type: string, isQuick: boolean, port: number) {
+  const config: any = isQuick ? makeFiles.QUICK_CONFIG : {}
+  if (type === InitType.DIGITAL_OCEAN) {
     try {
-      const output = await axios.get(DO_USER_DATA_URL)
-      const response = parseEnv(output.data)
+      const output = await fetch(DO_USER_DATA_URL)
+      const data = await output.text()
+      const response = parseEnv(data)
       for (let [key, value] of Object.entries(makeFiles.ConfigMap)) {
         if (response[key]) {
-          config[value] = response[key]
+          config[value as string] = response[key]
         }
       }
     } catch (err) {
@@ -32,7 +33,7 @@ async function getInitConfig(type, isQuick, port) {
   return config
 }
 
-exports.init = async opts => {
+export async function init(opts: any) {
   let type, isSingle, watchDir, genUser, port, silent
   if (typeof opts === "string") {
     type = opts
@@ -44,7 +45,7 @@ exports.init = async opts => {
     port = opts["port"]
     silent = opts["silent"]
   }
-  const isQuick = type === InitTypes.QUICK || type === InitTypes.DIGITAL_OCEAN
+  const isQuick = type === InitType.QUICK || type === InitType.DIGITAL_OCEAN
   await checkDockerConfigured()
   if (!isQuick) {
     const shouldContinue = await confirmation(
@@ -55,12 +56,12 @@ exports.init = async opts => {
       return
     }
   }
-  captureEvent(AnalyticsEvents.SelfHostInit, {
+  captureEvent(AnalyticsEvent.SelfHostInit, {
     type,
   })
   const config = await getInitConfig(type, isQuick, port)
   if (!isSingle) {
-    await downloadFiles()
+    await downloadDockerCompose()
     await makeFiles.makeEnv(config, silent)
   } else {
     await makeFiles.makeSingleCompose(config, silent)
diff --git a/packages/cli/src/hosting/makeFiles.js b/packages/cli/src/hosting/makeFiles.ts
similarity index 76%
rename from packages/cli/src/hosting/makeFiles.js
rename to packages/cli/src/hosting/makeFiles.ts
index abb0736858..9574e107a6 100644
--- a/packages/cli/src/hosting/makeFiles.js
+++ b/packages/cli/src/hosting/makeFiles.ts
@@ -1,15 +1,15 @@
-const { number } = require("../questions")
-const { success, stringifyToDotEnv } = require("../utils")
-const fs = require("fs")
-const path = require("path")
+import { number } from "../questions"
+import { success, stringifyToDotEnv } from "../utils"
+import fs from "fs"
+import path from "path"
+import yaml from "yaml"
+import { getAppService } from "./utils"
 const randomString = require("randomstring")
-const yaml = require("yaml")
-const { getAppService } = require("./utils")
 
 const SINGLE_IMAGE = "budibase/budibase:latest"
 const VOL_NAME = "budibase_data"
-const COMPOSE_PATH = path.resolve("./docker-compose.yaml")
-const ENV_PATH = path.resolve("./.env")
+export const COMPOSE_PATH = path.resolve("./docker-compose.yaml")
+export const ENV_PATH = path.resolve("./.env")
 
 function getSecrets(opts = { single: false }) {
   const secrets = [
@@ -19,7 +19,7 @@ function getSecrets(opts = { single: false }) {
     "REDIS_PASSWORD",
     "INTERNAL_API_KEY",
   ]
-  const obj = {}
+  const obj: Record<string, string> = {}
   secrets.forEach(secret => (obj[secret] = randomString.generate()))
   // setup couch creds separately
   if (opts && opts.single) {
@@ -32,7 +32,7 @@ function getSecrets(opts = { single: false }) {
   return obj
 }
 
-function getSingleCompose(port) {
+function getSingleCompose(port: number) {
   const singleComposeObj = {
     version: "3",
     services: {
@@ -53,7 +53,7 @@ function getSingleCompose(port) {
   return yaml.stringify(singleComposeObj)
 }
 
-function getEnv(port) {
+function getEnv(port: number) {
   const partOne = stringifyToDotEnv({
     MAIN_PORT: port,
   })
@@ -77,19 +77,21 @@ function getEnv(port) {
   ].join("\n")
 }
 
-exports.ENV_PATH = ENV_PATH
-exports.COMPOSE_PATH = COMPOSE_PATH
-
-module.exports.ConfigMap = {
+export const ConfigMap = {
   MAIN_PORT: "port",
 }
 
-module.exports.QUICK_CONFIG = {
+export const QUICK_CONFIG = {
   key: "budibase",
   port: 10000,
 }
 
-async function make(path, contentsFn, inputs = {}, silent) {
+async function make(
+  path: string,
+  contentsFn: Function,
+  inputs: any = {},
+  silent: boolean
+) {
   const port =
     inputs.port ||
     (await number(
@@ -107,15 +109,15 @@ async function make(path, contentsFn, inputs = {}, silent) {
   }
 }
 
-module.exports.makeEnv = async (inputs = {}, silent) => {
+export async function makeEnv(inputs: any = {}, silent: boolean) {
   return make(ENV_PATH, getEnv, inputs, silent)
 }
 
-module.exports.makeSingleCompose = async (inputs = {}, silent) => {
+export async function makeSingleCompose(inputs: any = {}, silent: boolean) {
   return make(COMPOSE_PATH, getSingleCompose, inputs, silent)
 }
 
-module.exports.getEnvProperty = property => {
+export function getEnvProperty(property: string) {
   const props = fs.readFileSync(ENV_PATH, "utf8").split(property)
   if (props[0].charAt(0) === "=") {
     property = props[0]
@@ -125,7 +127,7 @@ module.exports.getEnvProperty = property => {
   return property.split("=")[1].split("\n")[0]
 }
 
-module.exports.getComposeProperty = property => {
+export function getComposeProperty(property: string) {
   const { service } = getAppService(COMPOSE_PATH)
   if (property === "port" && Array.isArray(service.ports)) {
     const port = service.ports[0]
diff --git a/packages/cli/src/hosting/start.js b/packages/cli/src/hosting/start.ts
similarity index 69%
rename from packages/cli/src/hosting/start.js
rename to packages/cli/src/hosting/start.ts
index 33b5eb92ce..75e3df451f 100644
--- a/packages/cli/src/hosting/start.js
+++ b/packages/cli/src/hosting/start.ts
@@ -1,14 +1,10 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info, success } = require("../utils")
-const makeFiles = require("./makeFiles")
-const compose = require("docker-compose")
-const fs = require("fs")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info, success } from "../utils"
+import * as makeFiles from "./makeFiles"
+import compose from "docker-compose"
+import fs from "fs"
 
-exports.start = async () => {
+export async function start() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(
diff --git a/packages/cli/src/hosting/status.js b/packages/cli/src/hosting/status.ts
similarity index 50%
rename from packages/cli/src/hosting/status.js
rename to packages/cli/src/hosting/status.ts
index 2b98392133..8a0803bc26 100644
--- a/packages/cli/src/hosting/status.js
+++ b/packages/cli/src/hosting/status.ts
@@ -1,12 +1,8 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info } = require("../utils")
-const compose = require("docker-compose")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info } from "../utils"
+import compose from "docker-compose"
 
-exports.status = async () => {
+export async function status() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(info("Budibase status"))
diff --git a/packages/cli/src/hosting/stop.js b/packages/cli/src/hosting/stop.ts
similarity index 54%
rename from packages/cli/src/hosting/stop.js
rename to packages/cli/src/hosting/stop.ts
index 5f38c93484..cff5e83028 100644
--- a/packages/cli/src/hosting/stop.js
+++ b/packages/cli/src/hosting/stop.ts
@@ -1,12 +1,8 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info, success } = require("../utils")
-const compose = require("docker-compose")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info, success } from "../utils"
+import compose from "docker-compose"
 
-exports.stop = async () => {
+export async function stop() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(info("Stopping services, this may take a moment."))
diff --git a/packages/cli/src/hosting/types.ts b/packages/cli/src/hosting/types.ts
new file mode 100644
index 0000000000..ee50ccebfc
--- /dev/null
+++ b/packages/cli/src/hosting/types.ts
@@ -0,0 +1,4 @@
+export interface DockerCompose {
+  environment: Record<string, string>
+  volumes: string[]
+}
diff --git a/packages/cli/src/hosting/update.js b/packages/cli/src/hosting/update.ts
similarity index 77%
rename from packages/cli/src/hosting/update.js
rename to packages/cli/src/hosting/update.ts
index 7d3367ce57..161cc04ae1 100644
--- a/packages/cli/src/hosting/update.js
+++ b/packages/cli/src/hosting/update.ts
@@ -1,20 +1,20 @@
-const {
+import {
   checkDockerConfigured,
   checkInitComplete,
-  downloadFiles,
+  downloadDockerCompose,
   handleError,
   getServices,
-} = require("./utils")
-const { confirmation } = require("../questions")
-const compose = require("docker-compose")
-const { COMPOSE_PATH } = require("./makeFiles")
-const { info, success } = require("../utils")
-const { start } = require("./start")
+} from "./utils"
+import { confirmation } from "../questions"
+import compose from "docker-compose"
+import { COMPOSE_PATH } from "./makeFiles"
+import { info, success } from "../utils"
+import { start } from "./start"
 
 const BB_COMPOSE_SERVICES = ["app-service", "worker-service", "proxy-service"]
 const BB_SINGLE_SERVICE = ["budibase"]
 
-exports.update = async () => {
+export async function update() {
   const { services } = getServices(COMPOSE_PATH)
   const isSingle = Object.keys(services).length === 1
   await checkDockerConfigured()
@@ -23,7 +23,7 @@ exports.update = async () => {
     !isSingle &&
     (await confirmation("Do you wish to update you docker-compose.yaml?"))
   ) {
-    await downloadFiles()
+    await downloadDockerCompose()
   }
   await handleError(async () => {
     const status = await compose.ps()
diff --git a/packages/cli/src/hosting/utils.js b/packages/cli/src/hosting/utils.ts
similarity index 62%
rename from packages/cli/src/hosting/utils.js
rename to packages/cli/src/hosting/utils.ts
index 952974ee83..9e5bd367ed 100644
--- a/packages/cli/src/hosting/utils.js
+++ b/packages/cli/src/hosting/utils.ts
@@ -1,24 +1,24 @@
-const { lookpath } = require("lookpath")
-const fs = require("fs")
-const makeFiles = require("./makeFiles")
-const { logErrorToFile, downloadFile, error } = require("../utils")
-const yaml = require("yaml")
+import { lookpath } from "lookpath"
+import fs from "fs"
+import * as makeFiles from "./makeFiles"
+import { logErrorToFile, downloadFile, error } from "../utils"
+import yaml from "yaml"
+import { DockerCompose } from "./types"
 
 const ERROR_FILE = "docker-error.log"
-const FILE_URLS = [
-  "https://raw.githubusercontent.com/Budibase/budibase/master/hosting/docker-compose.yaml",
-]
+const COMPOSE_URL =
+  "https://raw.githubusercontent.com/Budibase/budibase/master/hosting/docker-compose.yaml"
 
-exports.downloadFiles = async () => {
-  const promises = []
-  for (let url of FILE_URLS) {
-    const fileName = url.split("/").slice(-1)[0]
-    promises.push(downloadFile(url, `./${fileName}`))
+export async function downloadDockerCompose() {
+  const fileName = COMPOSE_URL.split("/").slice(-1)[0]
+  try {
+    await downloadFile(COMPOSE_URL, `./${fileName}`)
+  } catch (err) {
+    console.error(error(`Failed to retrieve compose file - ${err}`))
   }
-  await Promise.all(promises)
 }
 
-exports.checkDockerConfigured = async () => {
+export async function checkDockerConfigured() {
   const error =
     "docker/docker-compose has not been installed, please follow instructions at: https://docs.budibase.com/docs/docker-compose"
   const docker = await lookpath("docker")
@@ -28,7 +28,7 @@ exports.checkDockerConfigured = async () => {
   }
 }
 
-exports.checkInitComplete = () => {
+export function checkInitComplete() {
   if (
     !fs.existsSync(makeFiles.ENV_PATH) &&
     !fs.existsSync(makeFiles.COMPOSE_PATH)
@@ -37,10 +37,10 @@ exports.checkInitComplete = () => {
   }
 }
 
-exports.handleError = async func => {
+export async function handleError(func: Function) {
   try {
     await func()
-  } catch (err) {
+  } catch (err: any) {
     if (err && err.err) {
       logErrorToFile(ERROR_FILE, err.err)
     }
@@ -48,14 +48,14 @@ exports.handleError = async func => {
   }
 }
 
-exports.getServices = path => {
+export function getServices(path: string) {
   const dockerYaml = fs.readFileSync(path, "utf8")
   const parsedYaml = yaml.parse(dockerYaml)
   return { yaml: parsedYaml, services: parsedYaml.services }
 }
 
-exports.getAppService = path => {
-  const { yaml, services } = exports.getServices(path),
+export function getAppService(path: string) {
+  const { yaml, services } = getServices(path),
     serviceList = Object.keys(services)
   let service
   if (services["app-service"]) {
@@ -66,14 +66,17 @@ exports.getAppService = path => {
   return { yaml, service }
 }
 
-exports.updateDockerComposeService = updateFn => {
+export function updateDockerComposeService(
+  // eslint-disable-next-line no-unused-vars
+  updateFn: (service: DockerCompose) => void
+) {
   const opts = ["docker-compose.yaml", "docker-compose.yml"]
   const dockerFilePath = opts.find(name => fs.existsSync(name))
   if (!dockerFilePath) {
     console.log(error("Unable to locate docker-compose YAML."))
     return
   }
-  const { yaml: parsedYaml, service } = exports.getAppService(dockerFilePath)
+  const { yaml: parsedYaml, service } = getAppService(dockerFilePath)
   if (!service) {
     console.log(
       error(
diff --git a/packages/cli/src/hosting/watch.js b/packages/cli/src/hosting/watch.ts
similarity index 71%
rename from packages/cli/src/hosting/watch.js
rename to packages/cli/src/hosting/watch.ts
index 56f1c8e201..4bd7f6f568 100644
--- a/packages/cli/src/hosting/watch.js
+++ b/packages/cli/src/hosting/watch.ts
@@ -1,9 +1,10 @@
-const { resolve } = require("path")
-const fs = require("fs")
-const { error, success } = require("../utils")
-const { updateDockerComposeService } = require("./utils")
+import { resolve } from "path"
+import fs from "fs"
+import { error, success } from "../utils"
+import { updateDockerComposeService } from "./utils"
+import { DockerCompose } from "./types"
 
-exports.watchPlugins = async (pluginPath, silent) => {
+export async function watchPlugins(pluginPath: string, silent: boolean) {
   const PLUGIN_PATH = "/plugins"
   // get absolute path
   pluginPath = resolve(pluginPath)
@@ -15,7 +16,7 @@ exports.watchPlugins = async (pluginPath, silent) => {
     )
     return
   }
-  updateDockerComposeService(service => {
+  updateDockerComposeService((service: DockerCompose) => {
     // set environment variable
     service.environment["PLUGINS_DIR"] = PLUGIN_PATH
     // add volumes to parsed yaml
diff --git a/packages/cli/src/index.js b/packages/cli/src/index.ts
similarity index 74%
rename from packages/cli/src/index.js
rename to packages/cli/src/index.ts
index 9d1004fc20..77e4d6da8e 100644
--- a/packages/cli/src/index.js
+++ b/packages/cli/src/index.ts
@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-require("./prebuilds")
-require("./environment")
+import "./prebuilds"
+import "./environment"
+import { getCommands } from "./options"
+import { Command } from "commander"
+import { getHelpDescription } from "./utils"
 const json = require("../package.json")
-const { getCommands } = require("./options")
-const { Command } = require("commander")
-const { getHelpDescription } = require("./utils")
 
 // add hosting config
 async function init() {
diff --git a/packages/cli/src/options.js b/packages/cli/src/options.js
deleted file mode 100644
index 1e58ee2725..0000000000
--- a/packages/cli/src/options.js
+++ /dev/null
@@ -1,8 +0,0 @@
-const analytics = require("./analytics")
-const hosting = require("./hosting")
-const backups = require("./backups")
-const plugins = require("./plugins")
-
-exports.getCommands = () => {
-  return [hosting.command, analytics.command, backups.command, plugins.command]
-}
diff --git a/packages/cli/src/options.ts b/packages/cli/src/options.ts
new file mode 100644
index 0000000000..4fc6d9e952
--- /dev/null
+++ b/packages/cli/src/options.ts
@@ -0,0 +1,8 @@
+import analytics from "./analytics"
+import hosting from "./hosting"
+import backups from "./backups"
+import plugins from "./plugins"
+
+export function getCommands() {
+  return [hosting, analytics, backups, plugins]
+}
diff --git a/packages/cli/src/plugins/index.js b/packages/cli/src/plugins/index.ts
similarity index 82%
rename from packages/cli/src/plugins/index.js
rename to packages/cli/src/plugins/index.ts
index 5786c521b2..cfafd67720 100644
--- a/packages/cli/src/plugins/index.js
+++ b/packages/cli/src/plugins/index.ts
@@ -1,18 +1,22 @@
-const Command = require("../structures/Command")
-const { CommandWords, AnalyticsEvents, InitTypes } = require("../constants")
-const { getSkeleton, fleshOutSkeleton } = require("./skeleton")
-const questions = require("../questions")
-const fs = require("fs")
-const { PLUGIN_TYPE_ARR } = require("@budibase/types")
-const { plugins } = require("@budibase/backend-core")
-const { runPkgCommand } = require("../exec")
-const { join } = require("path")
-const { success, error, info, moveDirectory } = require("../utils")
-const { captureEvent } = require("../events")
+import { Command } from "../structures/Command"
+import { CommandWord, AnalyticsEvent, InitType } from "../constants"
+import { getSkeleton, fleshOutSkeleton } from "./skeleton"
+import * as questions from "../questions"
+import fs from "fs"
+import { PluginType, PLUGIN_TYPE_ARR } from "@budibase/types"
+import { plugins } from "@budibase/backend-core"
+import { runPkgCommand } from "../exec"
+import { join } from "path"
+import { success, error, info, moveDirectory } from "../utils"
+import { captureEvent } from "../events"
+import { GENERATED_USER_EMAIL } from "../constants"
+import { init as hostingInit } from "../hosting/init"
+import { start as hostingStart } from "../hosting/start"
 const fp = require("find-free-port")
-const { GENERATED_USER_EMAIL } = require("../constants")
-const { init: hostingInit } = require("../hosting/init")
-const { start: hostingStart } = require("../hosting/start")
+
+type PluginOpts = {
+  init?: PluginType
+}
 
 function checkInPlugin() {
   if (!fs.existsSync("package.json")) {
@@ -27,7 +31,7 @@ function checkInPlugin() {
   }
 }
 
-async function askAboutTopLevel(name) {
+async function askAboutTopLevel(name: string) {
   const files = fs.readdirSync(process.cwd())
   // we are in an empty git repo, don't ask
   if (files.find(file => file === ".git")) {
@@ -45,8 +49,8 @@ async function askAboutTopLevel(name) {
   }
 }
 
-async function init(opts) {
-  const type = opts["init"] || opts
+async function init(opts: PluginOpts) {
+  const type = opts["init"] || (opts as PluginType)
   if (!type || !PLUGIN_TYPE_ARR.includes(type)) {
     console.log(
       error(
@@ -82,7 +86,7 @@ async function init(opts) {
   } else {
     console.log(info(`Plugin created in directory "${name}"`))
   }
-  captureEvent(AnalyticsEvents.PluginInit, {
+  captureEvent(AnalyticsEvent.PluginInit, {
     type,
     name,
     description,
@@ -109,7 +113,7 @@ async function verify() {
     version = pkgJson.version
     plugins.validate(schemaJson)
     return { name, version }
-  } catch (err) {
+  } catch (err: any) {
     if (err && err.message && err.message.includes("not valid JSON")) {
       console.log(error(`schema.json is not valid JSON: ${err.message}`))
     } else {
@@ -120,7 +124,7 @@ async function verify() {
 
 async function build() {
   const verified = await verify()
-  if (!verified.name) {
+  if (!verified?.name) {
     return
   }
   console.log(success("Verified!"))
@@ -132,7 +136,7 @@ async function build() {
 
 async function watch() {
   const verified = await verify()
-  if (!verified.name) {
+  if (!verified?.name) {
     return
   }
   const output = join("dist", `${verified.name}-${verified.version}.tar.gz`)
@@ -150,7 +154,7 @@ async function dev() {
   const [port] = await fp(10000)
   const password = "admin"
   await hostingInit({
-    init: InitTypes.QUICK,
+    init: InitType.QUICK,
     single: true,
     watchPluginDir: pluginDir,
     genUser: password,
@@ -168,7 +172,7 @@ async function dev() {
   console.log(success("Password: ") + info(password))
 }
 
-const command = new Command(`${CommandWords.PLUGIN}`)
+export default new Command(`${CommandWord.PLUGIN}`)
   .addHelp(
     "Custom plugins for Budibase, init, build and verify your components and datasources with this tool."
   )
@@ -192,5 +196,3 @@ const command = new Command(`${CommandWords.PLUGIN}`)
     "Run a development environment which automatically watches the current directory.",
     dev
   )
-
-exports.command = command
diff --git a/packages/cli/src/plugins/skeleton.js b/packages/cli/src/plugins/skeleton.ts
similarity index 75%
rename from packages/cli/src/plugins/skeleton.js
rename to packages/cli/src/plugins/skeleton.ts
index 76b9aa2d8a..0146588b38 100644
--- a/packages/cli/src/plugins/skeleton.js
+++ b/packages/cli/src/plugins/skeleton.ts
@@ -1,21 +1,21 @@
-const fetch = require("node-fetch")
+import fetch from "node-fetch"
+import fs from "fs"
+import os from "os"
+import { join } from "path"
+import { processStringSync } from "@budibase/string-templates"
 const download = require("download")
-const fs = require("fs")
-const os = require("os")
-const { join } = require("path")
 const tar = require("tar")
-const { processStringSync } = require("@budibase/string-templates")
 
 const HBS_FILES = ["package.json.hbs", "schema.json.hbs", "README.md.hbs"]
 
-async function getSkeletonUrl(type) {
+async function getSkeletonUrl(type: string) {
   const resp = await fetch(
     "https://api.github.com/repos/budibase/budibase-skeleton/releases/latest"
   )
   if (resp.status >= 300) {
     throw new Error("Failed to retrieve skeleton metadata")
   }
-  const json = await resp.json()
+  const json = (await resp.json()) as { assets: any[] }
   for (let asset of json["assets"]) {
     if (asset.name && asset.name.includes(type)) {
       return asset["browser_download_url"]
@@ -24,7 +24,7 @@ async function getSkeletonUrl(type) {
   throw new Error("No skeleton found in latest release.")
 }
 
-exports.getSkeleton = async (type, name) => {
+export async function getSkeleton(type: string, name: string) {
   const url = await getSkeletonUrl(type)
   const tarballFile = join(os.tmpdir(), "skeleton.tar.gz")
 
@@ -40,7 +40,12 @@ exports.getSkeleton = async (type, name) => {
   fs.rmSync(tarballFile)
 }
 
-exports.fleshOutSkeleton = async (type, name, description, version) => {
+export async function fleshOutSkeleton(
+  type: string,
+  name: string,
+  description: string,
+  version: string
+) {
   for (let file of HBS_FILES) {
     const oldFile = join(name, file),
       newFile = join(name, file.substring(0, file.length - 4))
diff --git a/packages/cli/src/prebuilds.js b/packages/cli/src/prebuilds.ts
similarity index 87%
rename from packages/cli/src/prebuilds.js
rename to packages/cli/src/prebuilds.ts
index 0decdc6c63..bfdae90cf3 100644
--- a/packages/cli/src/prebuilds.js
+++ b/packages/cli/src/prebuilds.ts
@@ -1,7 +1,8 @@
-const os = require("os")
-const { join } = require("path")
-const fs = require("fs")
-const { error } = require("./utils")
+import os from "os"
+import { join } from "path"
+import fs from "fs"
+import { error } from "./utils"
+
 const PREBUILDS = "prebuilds"
 const ARCH = `${os.platform()}-${os.arch()}`
 const PREBUILD_DIR = join(process.execPath, "..", PREBUILDS, ARCH)
@@ -26,8 +27,8 @@ function checkForBinaries() {
   }
 }
 
-function cleanup(evt) {
-  if (!isNaN(evt)) {
+function cleanup(evt?: number) {
+  if (evt && !isNaN(evt)) {
     return
   }
   if (evt) {
diff --git a/packages/cli/src/questions.js b/packages/cli/src/questions.ts
similarity index 70%
rename from packages/cli/src/questions.js
rename to packages/cli/src/questions.ts
index ea0c412a60..4f4cf77e97 100644
--- a/packages/cli/src/questions.js
+++ b/packages/cli/src/questions.ts
@@ -1,6 +1,6 @@
 const inquirer = require("inquirer")
 
-exports.confirmation = async question => {
+export async function confirmation(question: string) {
   const config = {
     type: "confirm",
     message: question,
@@ -10,8 +10,8 @@ exports.confirmation = async question => {
   return (await inquirer.prompt(config)).confirmation
 }
 
-exports.string = async (question, defaultString = null) => {
-  const config = {
+export async function string(question: string, defaultString?: string) {
+  const config: any = {
     type: "input",
     name: "string",
     message: question,
@@ -22,12 +22,12 @@ exports.string = async (question, defaultString = null) => {
   return (await inquirer.prompt(config)).string
 }
 
-exports.number = async (question, defaultNumber) => {
-  const config = {
+export async function number(question: string, defaultNumber?: number) {
+  const config: any = {
     type: "input",
     name: "number",
     message: question,
-    validate: value => {
+    validate: (value: string) => {
       let valid = !isNaN(parseFloat(value))
       return valid || "Please enter a number"
     },
diff --git a/packages/cli/src/structures/Command.js b/packages/cli/src/structures/Command.ts
similarity index 74%
rename from packages/cli/src/structures/Command.js
rename to packages/cli/src/structures/Command.ts
index e383c14263..cf9f93758b 100644
--- a/packages/cli/src/structures/Command.js
+++ b/packages/cli/src/structures/Command.ts
@@ -1,19 +1,31 @@
-const {
+import {
   getSubHelpDescription,
   getHelpDescription,
   error,
   capitaliseFirstLetter,
-} = require("../utils")
+} from "../utils"
 
-class Command {
-  constructor(command, func = null) {
+type CommandOpt = {
+  command: string
+  help: string
+  func?: Function
+  extras: any[]
+}
+
+export class Command {
+  command: string
+  opts: CommandOpt[]
+  func?: Function
+  help?: string
+
+  constructor(command: string, func?: Function) {
     // if there are options, need to just get the command name
     this.command = command
     this.opts = []
     this.func = func
   }
 
-  convertToCommander(lookup) {
+  convertToCommander(lookup: string) {
     const parts = lookup.toLowerCase().split("-")
     // camel case, separate out first
     const first = parts.shift()
@@ -22,21 +34,26 @@ class Command {
       .join("")
   }
 
-  addHelp(help) {
+  addHelp(help: string) {
     this.help = help
     return this
   }
 
-  addSubOption(command, help, func, extras = []) {
+  addSubOption(
+    command: string,
+    help: string,
+    func?: Function,
+    extras: any[] = []
+  ) {
     this.opts.push({ command, help, func, extras })
     return this
   }
 
-  configure(program) {
+  configure(program: any) {
     const thisCmd = this
     let command = program.command(thisCmd.command)
     if (this.help) {
-      command = command.description(getHelpDescription(thisCmd.help))
+      command = command.description(getHelpDescription(thisCmd.help!))
     }
     for (let opt of thisCmd.opts) {
       command = command.option(opt.command, getSubHelpDescription(opt.help))
@@ -45,7 +62,7 @@ class Command {
       "--help",
       getSubHelpDescription(`Get help with ${this.command} options`)
     )
-    command.action(async options => {
+    command.action(async (options: Record<string, string>) => {
       try {
         let executed = false,
           found = false
@@ -53,7 +70,7 @@ class Command {
           let lookup = opt.command.split(" ")[0].replace("--", "")
           // need to handle how commander converts watch-plugin-dir to watchPluginDir
           lookup = this.convertToCommander(lookup)
-          found = !executed && options[lookup]
+          found = !executed && !!options[lookup]
           if (found && opt.func) {
             const input =
               Object.keys(options).length > 1 ? options : options[lookup]
@@ -69,11 +86,9 @@ class Command {
           console.log(error(`Unknown ${this.command} option.`))
           command.help()
         }
-      } catch (err) {
+      } catch (err: any) {
         console.log(error(err))
       }
     })
   }
 }
-
-module.exports = Command
diff --git a/packages/cli/src/structures/ConfigManager.js b/packages/cli/src/structures/ConfigManager.ts
similarity index 83%
rename from packages/cli/src/structures/ConfigManager.js
rename to packages/cli/src/structures/ConfigManager.ts
index 35799b8e92..e428395a40 100644
--- a/packages/cli/src/structures/ConfigManager.js
+++ b/packages/cli/src/structures/ConfigManager.ts
@@ -3,7 +3,9 @@ const path = require("path")
 const os = require("os")
 const { error } = require("../utils")
 
-class ConfigManager {
+export class ConfigManager {
+  path: string
+
   constructor() {
     this.path = path.join(os.homedir(), ".budibase.json")
     if (!fs.existsSync(this.path)) {
@@ -24,26 +26,24 @@ class ConfigManager {
     }
   }
 
-  set config(json) {
+  set config(json: any) {
     fs.writeFileSync(this.path, JSON.stringify(json))
   }
 
-  getValue(key) {
+  getValue(key: string) {
     return this.config[key]
   }
 
-  setValue(key, value) {
+  setValue(key: string, value: any) {
     this.config = {
       ...this.config,
       [key]: value,
     }
   }
 
-  removeKey(key) {
+  removeKey(key: string) {
     const updated = { ...this.config }
     delete updated[key]
     this.config = updated
   }
 }
-
-module.exports = ConfigManager
diff --git a/packages/cli/src/utils.js b/packages/cli/src/utils.js
deleted file mode 100644
index d041fb498a..0000000000
--- a/packages/cli/src/utils.js
+++ /dev/null
@@ -1,106 +0,0 @@
-const chalk = require("chalk")
-const fs = require("fs")
-const axios = require("axios")
-const path = require("path")
-const progress = require("cli-progress")
-const { join } = require("path")
-
-exports.downloadFile = async (url, filePath) => {
-  filePath = path.resolve(filePath)
-  const writer = fs.createWriteStream(filePath)
-
-  const response = await axios({
-    url,
-    method: "GET",
-    responseType: "stream",
-  })
-
-  response.data.pipe(writer)
-
-  return new Promise((resolve, reject) => {
-    writer.on("finish", resolve)
-    writer.on("error", reject)
-  })
-}
-
-exports.httpCall = async (url, method) => {
-  const response = await axios({
-    url,
-    method,
-  })
-  return response.data
-}
-
-exports.getHelpDescription = string => {
-  return chalk.cyan(string)
-}
-
-exports.getSubHelpDescription = string => {
-  return chalk.green(string)
-}
-
-exports.error = error => {
-  return chalk.red(`Error - ${error}`)
-}
-
-exports.success = success => {
-  return chalk.green(success)
-}
-
-exports.info = info => {
-  return chalk.cyan(info)
-}
-
-exports.logErrorToFile = (file, error) => {
-  fs.writeFileSync(path.resolve(`./${file}`), `Budibase Error\n${error}`)
-}
-
-exports.parseEnv = env => {
-  const lines = env.toString().split("\n")
-  let result = {}
-  for (const line of lines) {
-    const match = line.match(/^([^=:#]+?)[=:](.*)/)
-    if (match) {
-      result[match[1].trim()] = match[2].trim()
-    }
-  }
-  return result
-}
-
-exports.progressBar = total => {
-  const bar = new progress.SingleBar({}, progress.Presets.shades_classic)
-  bar.start(total, 0)
-  return bar
-}
-
-exports.checkSlashesInUrl = url => {
-  return url.replace(/(https?:\/\/)|(\/)+/g, "$1$2")
-}
-
-exports.moveDirectory = (oldPath, newPath) => {
-  const files = fs.readdirSync(oldPath)
-  // check any file exists already
-  for (let file of files) {
-    if (fs.existsSync(join(newPath, file))) {
-      throw new Error(
-        "Unable to remove top level directory - some skeleton files already exist."
-      )
-    }
-  }
-  for (let file of files) {
-    fs.renameSync(join(oldPath, file), join(newPath, file))
-  }
-  fs.rmdirSync(oldPath)
-}
-
-exports.capitaliseFirstLetter = str => {
-  return str.charAt(0).toUpperCase() + str.slice(1)
-}
-
-exports.stringifyToDotEnv = json => {
-  let str = ""
-  for (let [key, value] of Object.entries(json)) {
-    str += `${key}=${value}\n`
-  }
-  return str
-}
diff --git a/packages/cli/src/utils.ts b/packages/cli/src/utils.ts
new file mode 100644
index 0000000000..b9aa1ffce0
--- /dev/null
+++ b/packages/cli/src/utils.ts
@@ -0,0 +1,112 @@
+import chalk from "chalk"
+import fs from "fs"
+import path from "path"
+import { join } from "path"
+import fetch from "node-fetch"
+const progress = require("cli-progress")
+
+export function downloadFile(url: string, filePath: string) {
+  return new Promise((resolve, reject) => {
+    filePath = path.resolve(filePath)
+    fetch(url, {
+      method: "GET",
+    })
+      .then(response => {
+        const writer = fs.createWriteStream(filePath)
+        if (response.body) {
+          response.body.pipe(writer)
+          response.body.on("end", resolve)
+          response.body.on("error", reject)
+        } else {
+          throw new Error(
+            `Unable to retrieve docker-compose file - ${response.status}`
+          )
+        }
+      })
+      .catch(err => {
+        throw err
+      })
+  })
+}
+
+export async function httpCall(url: string, method: string) {
+  const response = await fetch(url, {
+    method,
+  })
+  return response.body
+}
+
+export function getHelpDescription(str: string) {
+  return chalk.cyan(str)
+}
+
+export function getSubHelpDescription(str: string) {
+  return chalk.green(str)
+}
+
+export function error(err: string | number) {
+  process.exitCode = -1
+  return chalk.red(`Error - ${err}`)
+}
+
+export function success(str: string) {
+  return chalk.green(str)
+}
+
+export function info(str: string) {
+  return chalk.cyan(str)
+}
+
+export function logErrorToFile(file: string, error: string) {
+  fs.writeFileSync(path.resolve(`./${file}`), `Budibase Error\n${error}`)
+}
+
+export function parseEnv(env: string) {
+  const lines = env.toString().split("\n")
+  let result: Record<string, string> = {}
+  for (const line of lines) {
+    const match = line.match(/^([^=:#]+?)[=:](.*)/)
+    if (match) {
+      result[match[1].trim()] = match[2].trim()
+    }
+  }
+  return result
+}
+
+export function progressBar(total: number) {
+  const bar = new progress.SingleBar({}, progress.Presets.shades_classic)
+  bar.start(total, 0)
+  return bar
+}
+
+export function checkSlashesInUrl(url: string) {
+  return url.replace(/(https?:\/\/)|(\/)+/g, "$1$2")
+}
+
+export function moveDirectory(oldPath: string, newPath: string) {
+  const files = fs.readdirSync(oldPath)
+  // check any file exists already
+  for (let file of files) {
+    if (fs.existsSync(join(newPath, file))) {
+      throw new Error(
+        "Unable to remove top level directory - some skeleton files already exist."
+      )
+    }
+  }
+  for (let file of files) {
+    fs.renameSync(join(oldPath, file), join(newPath, file))
+  }
+  fs.rmdirSync(oldPath)
+}
+
+export function capitaliseFirstLetter(str: string) {
+  return str.charAt(0).toUpperCase() + str.slice(1)
+}
+
+export function stringifyToDotEnv(json: Record<string, string | number>) {
+  let str = ""
+  for (let [key, value] of Object.entries(json)) {
+    str += `${key}=${value}\n`
+  }
+  return str
+}
diff --git a/packages/cli/start.sh b/packages/cli/start.sh
new file mode 100755
index 0000000000..9650f0bbfa
--- /dev/null
+++ b/packages/cli/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+dir="$(dirname -- "$(readlink -f "${BASH_SOURCE}")")"
+${dir}/node_modules/ts-node/dist/bin.js ${dir}/src/index.ts $@
diff --git a/packages/cli/tsconfig.build.json b/packages/cli/tsconfig.build.json
new file mode 100644
index 0000000000..8b2d44aec8
--- /dev/null
+++ b/packages/cli/tsconfig.build.json
@@ -0,0 +1,24 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "module": "commonjs",
+    "lib": ["es2020"],
+    "strict": true,
+    "noImplicitAny": true,
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "incremental": true,
+    "types": [ "node", "jest" ],
+    "outDir": "dist",
+    "skipLibCheck": true
+  },
+  "include": [
+    "src/**/*"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist",
+    "**/*.spec.ts",
+    "**/*.spec.js"
+  ]
+}
diff --git a/packages/cli/tsconfig.json b/packages/cli/tsconfig.json
new file mode 100644
index 0000000000..b60cb7eed3
--- /dev/null
+++ b/packages/cli/tsconfig.json
@@ -0,0 +1,30 @@
+{
+  "extends": "./tsconfig.build.json",
+  "compilerOptions": {
+    "composite": true,
+    "declaration": true,
+    "sourceMap": true,
+    "baseUrl": ".",
+    "paths": {
+      "@budibase/types": ["../types/src"],
+      "@budibase/backend-core": ["../backend-core/src"],
+      "@budibase/backend-core/*": ["../backend-core/*"],
+    }
+  },
+  "ts-node": {
+    "require": ["tsconfig-paths/register"],
+    "swc": true
+  },
+  "references": [
+    { "path": "../types" },
+    { "path": "../backend-core" },
+  ],
+  "include": [
+    "src/**/*",
+    "package.json"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist"
+  ]
+}
\ No newline at end of file
diff --git a/packages/cli/yarn.lock b/packages/cli/yarn.lock
index 638c8e6aa3..dddb04137b 100644
--- a/packages/cli/yarn.lock
+++ b/packages/cli/yarn.lock
@@ -9,6 +9,13 @@
   dependencies:
     "@babel/highlight" "^7.10.4"
 
+"@babel/code-frame@^7.12.13":
+  version "7.18.6"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.18.6.tgz#3b25d38c89600baa2dcc219edfa88a74eb2c427a"
+  integrity sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==
+  dependencies:
+    "@babel/highlight" "^7.18.6"
+
 "@babel/generator@7.18.2":
   version "7.18.2"
   resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.2.tgz#33873d6f89b21efe2da63fe554460f3df1c5880d"
@@ -33,7 +40,7 @@
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz#7eea834cf32901ffdc1a7ee555e2f9c27e249ca2"
   integrity sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==
 
-"@babel/highlight@^7.10.4":
+"@babel/highlight@^7.10.4", "@babel/highlight@^7.18.6":
   version "7.18.6"
   resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.18.6.tgz#81158601e93e2563795adcbfbdf5d64be3f2ecdf"
   integrity sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==
@@ -71,6 +78,13 @@
     "@babel/helper-validator-identifier" "^7.19.1"
     to-fast-properties "^2.0.0"
 
+"@cspotcode/source-map-support@^0.8.0":
+  version "0.8.1"
+  resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1"
+  integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==
+  dependencies:
+    "@jridgewell/trace-mapping" "0.3.9"
+
 "@eslint/eslintrc@^0.4.3":
   version "0.4.3"
   resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.4.3.tgz#9e42981ef035beb3dd49add17acb96e8ff6f394c"
@@ -112,6 +126,50 @@
   resolved "https://registry.yarnpkg.com/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz#b520529ec21d8e5945a1851dfd1c32e94e39ff45"
   integrity sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==
 
+"@jest/create-cache-key-function@^27.4.2":
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/@jest/create-cache-key-function/-/create-cache-key-function-27.5.1.tgz#7448fae15602ea95c828f5eceed35c202a820b31"
+  integrity sha512-dmH1yW+makpTSURTy8VzdUwFnfQh1G8R+DxO2Ho2FFmBbKFEVm+3jWdvFhE2VqB/LATCTokkP0dotjyQyw5/AQ==
+  dependencies:
+    "@jest/types" "^27.5.1"
+
+"@jest/expect-utils@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/expect-utils/-/expect-utils-29.4.3.tgz#95ce4df62952f071bcd618225ac7c47eaa81431e"
+  integrity sha512-/6JWbkxHOP8EoS8jeeTd9dTfc9Uawi+43oLKHfp6zzux3U2hqOOVnV3ai4RpDYHOccL6g+5nrxpoc8DmJxtXVQ==
+  dependencies:
+    jest-get-type "^29.4.3"
+
+"@jest/schemas@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/schemas/-/schemas-29.4.3.tgz#39cf1b8469afc40b6f5a2baaa146e332c4151788"
+  integrity sha512-VLYKXQmtmuEz6IxJsrZwzG9NvtkQsWNnWMsKxqWNu3+CnfzJQhp0WDDKWLVV9hLKr0l3SLLFRqcYHjhtyuDVxg==
+  dependencies:
+    "@sinclair/typebox" "^0.25.16"
+
+"@jest/types@^27.5.1":
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/@jest/types/-/types-27.5.1.tgz#3c79ec4a8ba61c170bf937bcf9e98a9df175ec80"
+  integrity sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==
+  dependencies:
+    "@types/istanbul-lib-coverage" "^2.0.0"
+    "@types/istanbul-reports" "^3.0.0"
+    "@types/node" "*"
+    "@types/yargs" "^16.0.0"
+    chalk "^4.0.0"
+
+"@jest/types@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/types/-/types-29.4.3.tgz#9069145f4ef09adf10cec1b2901b2d390031431f"
+  integrity sha512-bPYfw8V65v17m2Od1cv44FH+SiKW7w2Xu7trhcdTLUmSv85rfKsP+qXSjO4KGJr4dtPSzl/gvslZBXctf1qGEA==
+  dependencies:
+    "@jest/schemas" "^29.4.3"
+    "@types/istanbul-lib-coverage" "^2.0.0"
+    "@types/istanbul-reports" "^3.0.0"
+    "@types/node" "*"
+    "@types/yargs" "^17.0.8"
+    chalk "^4.0.0"
+
 "@jridgewell/gen-mapping@^0.3.0":
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
@@ -121,7 +179,7 @@
     "@jridgewell/sourcemap-codec" "^1.4.10"
     "@jridgewell/trace-mapping" "^0.3.9"
 
-"@jridgewell/resolve-uri@3.1.0":
+"@jridgewell/resolve-uri@3.1.0", "@jridgewell/resolve-uri@^3.0.3":
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78"
   integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==
@@ -136,6 +194,14 @@
   resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
   integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
 
+"@jridgewell/trace-mapping@0.3.9":
+  version "0.3.9"
+  resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9"
+  integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==
+  dependencies:
+    "@jridgewell/resolve-uri" "^3.0.3"
+    "@jridgewell/sourcemap-codec" "^1.4.10"
+
 "@jridgewell/trace-mapping@^0.3.9":
   version "0.3.17"
   resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz#793041277af9073b0951a7fe0f0d8c4c98c36985"
@@ -182,11 +248,332 @@
   resolved "https://registry.yarnpkg.com/@sideway/pinpoint/-/pinpoint-2.0.0.tgz#cff8ffadc372ad29fd3f78277aeb29e632cc70df"
   integrity sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==
 
+"@sinclair/typebox@^0.25.16":
+  version "0.25.24"
+  resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.25.24.tgz#8c7688559979f7079aacaf31aa881c3aa410b718"
+  integrity sha512-XJfwUVUKDHF5ugKwIcxEgc9k8b7HbznCp6eUfWgu710hMPNIO4aw4/zB5RogDQz8nd6gyCDpU9O/m6qYEWY6yQ==
+
 "@sindresorhus/is@^0.7.0":
   version "0.7.0"
   resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.7.0.tgz#9a06f4f137ee84d7df0460c1fdb1135ffa6c50fd"
   integrity sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==
 
+"@swc/core-darwin-arm64@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.3.37.tgz#a92e075ae35f18a64aaf3823ea175f03564f8da1"
+  integrity sha512-iIyVqqioUpVeT/hbBVfkrsjfCyL4idNH+LVKGmoTAWaTTSB0+UNhNuA7Wh2CqIHWh1Mv7IlumitWPcqsVDdoEw==
+
+"@swc/core-darwin-x64@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.3.37.tgz#a3cc06c87140a2ca0b8e7ef1f3d5cc34dd080429"
+  integrity sha512-dao5nXPWKxtaxqak4ZkRyBoApNIelW/glantQhPhj0FjMjuIQc+v03ldJ8XDByWOG+6xuVUTheANCtEccxoQBw==
+
+"@swc/core-linux-arm-gnueabihf@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.3.37.tgz#f7d8f8523830c6be653f608839d4bd5598457f1f"
+  integrity sha512-/mVrc8H/f062CUkqKGmBiil2VIYu4mKawHxERfeP1y38X5K/OwjG5s9MgO9TVxy+Ly6vejwj70kRhSa3hVp1Bw==
+
+"@swc/core-linux-arm64-gnu@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.3.37.tgz#b162febd9de14fb08000c722b063be2bb5aefa6b"
+  integrity sha512-eRQ3KaZI0j5LidTfOIi/kUVOOMuVmw1HCdt/Z1TAUKoHMLVxY8xcJ3pEE3/+ednI60EmHpwpJRs6LelXyL6uzQ==
+
+"@swc/core-linux-arm64-musl@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.3.37.tgz#3b1a628e880fbb1a5e2a7a46d42e8aa878c6bfdd"
+  integrity sha512-w2BRLODyxNQY2rfHZMZ5ir6QrrnGBPlnIslTrgKmVbn1OjZoxUCtuqhrYnCmybaAc4DOkeH02TqynEFXrm+EMw==
+
+"@swc/core-linux-x64-gnu@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.3.37.tgz#ed443ad77dc90e415267d02a38e4113047b2d3d8"
+  integrity sha512-CfoH8EsZJZ9kunjMUjBNYD5fFuO86zw+K/o4wEw72Yg6ZEiqPmeIlCKU8tpTv4sK+CbhUXrmVzMB5tqsb2jALQ==
+
+"@swc/core-linux-x64-musl@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.3.37.tgz#de607a4985458bd6e8b0e40f0d62d0e26bd8df1e"
+  integrity sha512-9YPrHYNdoG7PK11gV51GfL45biI2dic+YTqHUDKyykemsD7Ot1zUFX7Ty//pdvpKcKSff6SrHbfFACD5ziNirA==
+
+"@swc/core-win32-arm64-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.3.37.tgz#d5851a47d7df183929b9746d56f76c282f940e6a"
+  integrity sha512-h17Ek8/wCDje6BrXOvCXBM80oBRmTSMMdLyt87whTl5xqYlWYYs9oQIzZndNRTlNpTgjGO8Ns2eo4kwVxIkBIA==
+
+"@swc/core-win32-ia32-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.3.37.tgz#06ad7016f61b56aec4abf60eab3a91b786f9e294"
+  integrity sha512-1BR175E1olGy/zdt94cgdb6ps/lBNissAOaxyBk8taFpcjy3zpdP30yAoH0GIsC6isnZ5JfArbOJNRXXO5tE0Q==
+
+"@swc/core-win32-x64-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.3.37.tgz#60139a7089003a7447a4efef9704ae8fde21995e"
+  integrity sha512-1siDQ7dccQ1pesJmgAL3BUBbRPtfbNInOWnZOkiie/DfFqGQ117QKnCVyjUvwFKfTQx1+3UUTDmMSlRd00SlXg==
+
+"@swc/core@^1.3.25":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.3.37.tgz#644653fa7deb20c7c342e7fd019c7abc44ecf1bf"
+  integrity sha512-VOFlEQ1pReOM73N9A7R8rt561GU8Rxsq833jiimWDUB2sXEN3V6n6wFTgYmZuMz2T4/R0cQA1nV48KkaT4gkFw==
+  optionalDependencies:
+    "@swc/core-darwin-arm64" "1.3.37"
+    "@swc/core-darwin-x64" "1.3.37"
+    "@swc/core-linux-arm-gnueabihf" "1.3.37"
+    "@swc/core-linux-arm64-gnu" "1.3.37"
+    "@swc/core-linux-arm64-musl" "1.3.37"
+    "@swc/core-linux-x64-gnu" "1.3.37"
+    "@swc/core-linux-x64-musl" "1.3.37"
+    "@swc/core-win32-arm64-msvc" "1.3.37"
+    "@swc/core-win32-ia32-msvc" "1.3.37"
+    "@swc/core-win32-x64-msvc" "1.3.37"
+
+"@swc/jest@^0.2.24":
+  version "0.2.24"
+  resolved "https://registry.yarnpkg.com/@swc/jest/-/jest-0.2.24.tgz#35d9377ede049613cd5fdd6c24af2b8dcf622875"
+  integrity sha512-fwgxQbM1wXzyKzl1+IW0aGrRvAA8k0Y3NxFhKigbPjOJ4mCKnWEcNX9HQS3gshflcxq8YKhadabGUVfdwjCr6Q==
+  dependencies:
+    "@jest/create-cache-key-function" "^27.4.2"
+    jsonc-parser "^3.2.0"
+
+"@tsconfig/node10@^1.0.7":
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2"
+  integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==
+
+"@tsconfig/node12@^1.0.7":
+  version "1.0.11"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d"
+  integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==
+
+"@tsconfig/node14@^1.0.0":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1"
+  integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==
+
+"@tsconfig/node16@^1.0.2":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.3.tgz#472eaab5f15c1ffdd7f8628bd4c4f753995ec79e"
+  integrity sha512-yOlFc+7UtL/89t2ZhjPvvB/DeAr3r+Dq58IgzsFkOAvVC6NMJXmCGjbptdXdR9qsX7pKcTL+s87FtYREi2dEEQ==
+
+"@types/debug@*":
+  version "4.1.7"
+  resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.7.tgz#7cc0ea761509124709b8b2d1090d8f6c17aadb82"
+  integrity sha512-9AonUzyTjXXhEOa0DnqpzZi6VHlqKMswga9EXjpXnnqxwLtdvPPtlO8evrI5D9S6asFRCQ6v+wpiUKbw+vKqyg==
+  dependencies:
+    "@types/ms" "*"
+
+"@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz#8467d4b3c087805d63580480890791277ce35c44"
+  integrity sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==
+
+"@types/istanbul-lib-report@*":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz#c14c24f18ea8190c118ee7562b7ff99a36552686"
+  integrity sha512-plGgXAPfVKFoYfa9NpYDAkseG+g6Jr294RqeqcqDixSbU34MZVJRi/P+7Y8GDpzkEwLaGZZOpKIEmeVZNtKsrg==
+  dependencies:
+    "@types/istanbul-lib-coverage" "*"
+
+"@types/istanbul-reports@^3.0.0":
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.1.tgz#9153fe98bba2bd565a63add9436d6f0d7f8468ff"
+  integrity sha512-c3mAZEuK0lvBp8tmuL74XRKn1+y2dcwOUpH7x4WrF6gk1GIgiluDRgMYQtw2OFcBvAJWlt6ASU3tSqxp0Uu0Aw==
+  dependencies:
+    "@types/istanbul-lib-report" "*"
+
+"@types/jest@^29.4.0":
+  version "29.4.0"
+  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-29.4.0.tgz#a8444ad1704493e84dbf07bb05990b275b3b9206"
+  integrity sha512-VaywcGQ9tPorCX/Jkkni7RWGFfI11whqzs8dvxF41P17Z+z872thvEvlIbznjPJ02kl1HMX3LmLOonsj2n7HeQ==
+  dependencies:
+    expect "^29.0.0"
+    pretty-format "^29.0.0"
+
+"@types/ms@*":
+  version "0.7.31"
+  resolved "https://registry.yarnpkg.com/@types/ms/-/ms-0.7.31.tgz#31b7ca6407128a3d2bbc27fe2d21b345397f6197"
+  integrity sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA==
+
+"@types/node-fetch@2.6.1":
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.1.tgz#8f127c50481db65886800ef496f20bbf15518975"
+  integrity sha512-oMqjURCaxoSIsHSr1E47QHzbmzNR5rK8McHuNb11BOM9cHcIK3Avy0s/b2JlXHoQGTYS3NsvWzV1M0iK7l0wbA==
+  dependencies:
+    "@types/node" "*"
+    form-data "^3.0.0"
+
+"@types/node@*":
+  version "18.14.4"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.14.4.tgz#0e64ec0b35a772e1e3d849f9a0ff61782d0cb647"
+  integrity sha512-VhCw7I7qO2X49+jaKcAUwi3rR+hbxT5VcYF493+Z5kMLI0DL568b7JI4IDJaxWFH0D/xwmGJNoXisyX+w7GH/g==
+
+"@types/pouchdb-adapter-cordova-sqlite@*":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-cordova-sqlite/-/pouchdb-adapter-cordova-sqlite-1.0.1.tgz#49e5ee6df7cc0c23196fcb340f43a560e74eb1d6"
+  integrity sha512-nqlXpW1ho3KBg1mUQvZgH2755y3z/rw4UA7ZJCPMRTHofxGMY8izRVw5rHBL4/7P615or0J2udpRYxgkT3D02g==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-fruitdown@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-fruitdown/-/pouchdb-adapter-fruitdown-6.1.3.tgz#9b140ad9645cc56068728acf08ec19ac0046658e"
+  integrity sha512-Wz1Z1JLOW1hgmFQjqnSkmyyfH7by/iWb4abKn684WMvQfmxx6BxKJpJ4+eulkVPQzzgMMSgU1MpnQOm9FgRkbw==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-http@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-http/-/pouchdb-adapter-http-6.1.3.tgz#6e592d5f48deb6274a21ddac1498dd308096bcf3"
+  integrity sha512-9Z4TLbF/KJWy/D2sWRPBA+RNU0odQimfdvlDX+EY7rGcd3aVoH8qjD/X0Xcd/0dfBH5pKrNIMFFQgW/TylRCmA==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-idb@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-idb/-/pouchdb-adapter-idb-6.1.4.tgz#cb9a18864585d600820cd325f007614c5c3989cd"
+  integrity sha512-KIAXbkF4uYUz0ZwfNEFLtEkK44mEWopAsD76UhucH92XnJloBysav+TjI4FFfYQyTjoW3S1s6V+Z14CUJZ0F6w==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-leveldb@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-leveldb/-/pouchdb-adapter-leveldb-6.1.3.tgz#17c7e75d75b992050bca15991e97fba575c61bb3"
+  integrity sha512-ex8NFqQGFwEpFi7AaZ5YofmuemfZNsL3nTFZBUCAKYMBkazQij1pe2ILLStSvJr0XS0qxgXjCEW19T5Wqiiskg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-localstorage@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-localstorage/-/pouchdb-adapter-localstorage-6.1.3.tgz#0dde02ba6b9d6073a295a20196563942ba9a54bd"
+  integrity sha512-oor040tye1KKiGLWYtIy7rRT7C2yoyX3Tf6elEJRpjOA7Ja/H8lKc4LaSh9ATbptIcES6MRqZDxtp7ly9hsW3Q==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-memory@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-memory/-/pouchdb-adapter-memory-6.1.3.tgz#9eabdbc890fcf58960ee8b68b8685f837e75c844"
+  integrity sha512-gVbsIMzDzgZYThFVT4eVNsmuZwVm/4jDxP1sjlgc3qtDIxbtBhGgyNfcskwwz9Zu5Lv1avkDsIWvcxQhnvRlHg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-node-websql@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-node-websql/-/pouchdb-adapter-node-websql-6.1.3.tgz#aa18bc68af8cf509acd12c400010dcd5fab2243d"
+  integrity sha512-F/P+os6Jsa7CgHtH64+Z0HfwIcj0hIRB5z8gNhF7L7dxPWoAfkopK5H2gydrP3sQrlGyN4WInF+UJW/Zu1+FKg==
+  dependencies:
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-websql@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-websql/-/pouchdb-adapter-websql-6.1.4.tgz#359fbe42ccac0ac90b492ddb8c32fafd0aa96d79"
+  integrity sha512-zMJQCtXC40hBsIDRn0GhmpeGMK0f9l/OGWfLguvczROzxxcOD7REI+e6SEmX7gJKw5JuMvlfuHzkQwjmvSJbtg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-browser@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-browser/-/pouchdb-browser-6.1.3.tgz#8f33d6ef58d6817d1f6d36979148a1c7f63244d8"
+  integrity sha512-EdYowrWxW9SWBMX/rux2eq7dbHi5Zeyzz+FF/IAsgQKnUxgeCO5VO2j4zTzos0SDyJvAQU+EYRc11r7xGn5tvA==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-idb" "*"
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/pouchdb-core@*":
+  version "7.0.10"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-core/-/pouchdb-core-7.0.10.tgz#d1ea1549e7fad6cb579f71459b1bc27252e06a5a"
+  integrity sha512-mKhjLlWWXyV3PTTjDhzDV1kc2dolO7VYFa75IoKM/hr8Er9eo8RIbS7mJLfC8r/C3p6ihZu9yZs1PWC1LQ0SOA==
+  dependencies:
+    "@types/debug" "*"
+    "@types/pouchdb-find" "*"
+
+"@types/pouchdb-find@*":
+  version "7.3.0"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-find/-/pouchdb-find-7.3.0.tgz#b917030e9f4bf6e56bf8c3b9fe4b2a25e989009a"
+  integrity sha512-sFPli5tBjGX9UfXioik1jUzPdcN84eV82n0lmEFuoPepWqkLjQcyri0eOa++HYOaNPyMDhKFBqEALEZivK2dRg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-http@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-http/-/pouchdb-http-6.1.3.tgz#09576c0d409da1f8dee34ec5b768415e2472ea52"
+  integrity sha512-0e9E5SqNOyPl/3FnEIbENssB4FlJsNYuOy131nxrZk36S+y1R/6qO7ZVRypWpGTqBWSuVd7gCsq2UDwO/285+w==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-mapreduce@*":
+  version "6.1.7"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-mapreduce/-/pouchdb-mapreduce-6.1.7.tgz#9ab32d1e0f234f1bf6d1e4c5d7e216e9e23ac0a3"
+  integrity sha512-WzBwm7tmO9QhfRzVaWT4v6JQSS/fG2OoUDrWrhX87rPe2Pn6laPvdK5li6myNRxCoI/l5e8Jd+oYBAFnaiFucA==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-node@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-node/-/pouchdb-node-6.1.4.tgz#5214c0169fcfd2237d373380bbd65a934feb5dfb"
+  integrity sha512-wnTCH8X1JOPpNOfVhz8HW0AvmdHh6pt40MuRj0jQnK7QEHsHS79WujsKTKSOF8QXtPwpvCNSsI7ut7H7tfxxJQ==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-leveldb" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/pouchdb-replication@*":
+  version "6.4.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-replication/-/pouchdb-replication-6.4.4.tgz#743406c90f13a988fa3e346ea74ce40acd170d00"
+  integrity sha512-BsE5LKpjJK4iAf6Fx5kyrMw+33V+Ip7uWldUnU2BYrrvtR+MLD22dcImm7DZN1st2wPPb91i0XEnQzvP0w1C/Q==
+  dependencies:
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-find" "*"
+
+"@types/pouchdb@^6.4.0":
+  version "6.4.0"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb/-/pouchdb-6.4.0.tgz#f9c41ca64b23029f9bf2eb4bf6956e6431cb79f8"
+  integrity sha512-eGCpX+NXhd5VLJuJMzwe3L79fa9+IDTrAG3CPaf4s/31PD56hOrhDJTSmRELSXuiqXr6+OHzzP0PldSaWsFt7w==
+  dependencies:
+    "@types/pouchdb-adapter-cordova-sqlite" "*"
+    "@types/pouchdb-adapter-fruitdown" "*"
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-idb" "*"
+    "@types/pouchdb-adapter-leveldb" "*"
+    "@types/pouchdb-adapter-localstorage" "*"
+    "@types/pouchdb-adapter-memory" "*"
+    "@types/pouchdb-adapter-node-websql" "*"
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-browser" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-http" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-node" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/stack-utils@^2.0.0":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c"
+  integrity sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==
+
+"@types/yargs-parser@*":
+  version "21.0.0"
+  resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.0.tgz#0c60e537fa790f5f9472ed2776c2b71ec117351b"
+  integrity sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==
+
+"@types/yargs@^16.0.0":
+  version "16.0.5"
+  resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-16.0.5.tgz#12cc86393985735a283e387936398c2f9e5f88e3"
+  integrity sha512-AxO/ADJOBFJScHbWhq2xAhlWP24rY4aCEG/NFaMvbT3X2MgRsLjhjQwsn0Zi5zn0LG9jUhCCZMeX9Dkuw6k+vQ==
+  dependencies:
+    "@types/yargs-parser" "*"
+
+"@types/yargs@^17.0.8":
+  version "17.0.22"
+  resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-17.0.22.tgz#7dd37697691b5f17d020f3c63e7a45971ff71e9a"
+  integrity sha512-pet5WJ9U8yPVRhkwuEIp5ktAeAqRZOq4UdAyWLWzxbtpyXnzbtLdKiXAjJzi/KLmPGS9wk86lUFWZFN6sISo4g==
+  dependencies:
+    "@types/yargs-parser" "*"
+
 abort-controller@3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392"
@@ -221,11 +608,21 @@ acorn-jsx@^5.3.1:
   resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937"
   integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==
 
+acorn-walk@^8.1.1:
+  version "8.2.0"
+  resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1"
+  integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==
+
 acorn@^7.4.0:
   version "7.4.1"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
   integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
 
+acorn@^8.4.1:
+  version "8.8.2"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
+  integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
+
 agent-base@6:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77"
@@ -289,6 +686,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0:
   dependencies:
     color-convert "^2.0.1"
 
+ansi-styles@^5.0.0:
+  version "5.2.0"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-5.2.0.tgz#07449690ad45777d1924ac2abb2fc8895dba836b"
+  integrity sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==
+
 aproba@^1.0.3:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a"
@@ -309,6 +711,11 @@ are-we-there-yet@~1.1.2:
     delegates "^1.0.0"
     readable-stream "^2.0.6"
 
+arg@^4.1.0:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
+  integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
+
 argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
@@ -351,6 +758,11 @@ astral-regex@^2.0.0:
   resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31"
   integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==
 
+asynckit@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+  integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
+
 at-least-node@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2"
@@ -519,6 +931,11 @@ chownr@^2.0.0:
   resolved "https://registry.yarnpkg.com/chownr/-/chownr-2.0.0.tgz#15bfbe53d2eab4cf70f18a8cd68ebe5b3cb1dece"
   integrity sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==
 
+ci-info@^3.2.0:
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.8.0.tgz#81408265a5380c929f0bc665d62256628ce9ef91"
+  integrity sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==
+
 cli-cursor@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-3.1.0.tgz#264305a7ae490d1d03bf0c9ba7c925d1753af307"
@@ -588,6 +1005,13 @@ color-name@~1.1.4:
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
   integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
 
+combined-stream@^1.0.8:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
+  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
+  dependencies:
+    delayed-stream "~1.0.0"
+
 command-line-args@^5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/command-line-args/-/command-line-args-5.2.1.tgz#c44c32e437a57d7c51157696893c5909e9cec42e"
@@ -658,6 +1082,11 @@ core-util-is@~1.0.0:
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85"
   integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
 
+create-require@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333"
+  integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==
+
 cross-spawn@^7.0.2:
   version "7.0.3"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
@@ -774,6 +1203,11 @@ deferred-leveldown@~5.3.0:
     abstract-leveldown "~6.2.1"
     inherits "^2.0.3"
 
+delayed-stream@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
+  integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
+
 delegates@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
@@ -784,6 +1218,16 @@ detect-libc@^1.0.3:
   resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
   integrity sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==
 
+diff-sequences@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-29.4.3.tgz#9314bc1fabe09267ffeca9cbafc457d8499a13f2"
+  integrity sha512-ofrBgwpPhCD85kMKtE9RYFFq6OC1A89oW2vvgWZNCwxrUpRUILopY7lsYyMDSjc8g6U6aiO0Qubg6r4Wgt5ZnA==
+
+diff@^4.0.1:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d"
+  integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==
+
 dir-glob@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f"
@@ -791,10 +1235,12 @@ dir-glob@^3.0.1:
   dependencies:
     path-type "^4.0.0"
 
-docker-compose@0.23.6:
-  version "0.23.6"
-  resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.6.tgz#bd21e17d599f17fcf7a4b5d607cff0358a9c378b"
-  integrity sha512-y3Q8MkwG862rNqkvEQG59/7Fi2/fzs3NYDCvqUAAD+z0WGs2qcJ9hRcn34hWgWv9ouPkFqe3Vwca0h+4bIIRWw==
+docker-compose@0.23.12:
+  version "0.23.12"
+  resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.12.tgz#fa883b98be08f6926143d06bf9e522ef7ed3210c"
+  integrity sha512-KFbSMqQBuHjTGZGmYDOCO0L4SaML3BsWTId5oSUyaBa22vALuFHNv+UdDWs3HcMylHWKsxCbLB7hnM/nCosWZw==
+  dependencies:
+    yaml "^1.10.2"
 
 doctrine@^3.0.0:
   version "3.0.0"
@@ -888,6 +1334,11 @@ escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
   integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==
 
+escape-string-regexp@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344"
+  integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==
+
 escape-string-regexp@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34"
@@ -1017,6 +1468,17 @@ expand-template@^2.0.3:
   resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
   integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==
 
+expect@^29.0.0:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/expect/-/expect-29.4.3.tgz#5e47757316df744fe3b8926c3ae8a3ebdafff7fe"
+  integrity sha512-uC05+Q7eXECFpgDrHdXA4k2rpMyStAYPItEDLyQDo5Ta7fVkJnNA/4zh/OIVkVVNZ1oOK1PipQoyNjuZ6sz6Dg==
+  dependencies:
+    "@jest/expect-utils" "^29.4.3"
+    jest-get-type "^29.4.3"
+    jest-matcher-utils "^29.4.3"
+    jest-message-util "^29.4.3"
+    jest-util "^29.4.3"
+
 ext-list@^2.0.0:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/ext-list/-/ext-list-2.2.2.tgz#0b98e64ed82f5acf0f2931babf69212ef52ddd37"
@@ -1191,6 +1653,15 @@ follow-redirects@^1.14.0:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5"
   integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==
 
+form-data@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.1.tgz#ebd53791b78356a99af9a300d4282c4d5eb9755f"
+  integrity sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.8"
+    mime-types "^2.1.12"
+
 from2@^2.1.1, from2@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/from2/-/from2-2.3.0.tgz#8bfb5502bde4a4d36cfdeea007fcca21d7e382af"
@@ -1348,7 +1819,7 @@ got@^8.3.1:
     url-parse-lax "^3.0.0"
     url-to-options "^1.0.1"
 
-graceful-fs@^4.1.10, graceful-fs@^4.1.6, graceful-fs@^4.2.0:
+graceful-fs@^4.1.10, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.9:
   version "4.2.10"
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
@@ -1604,6 +2075,58 @@ isurl@^1.0.0-alpha5:
     has-to-string-tag-x "^1.2.0"
     is-object "^1.0.1"
 
+jest-diff@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-29.4.3.tgz#42f4eb34d0bf8c0fb08b0501069b87e8e84df347"
+  integrity sha512-YB+ocenx7FZ3T5O9lMVMeLYV4265socJKtkwgk/6YUz/VsEzYDkiMuMhWzZmxm3wDRQvayJu/PjkjjSkjoHsCA==
+  dependencies:
+    chalk "^4.0.0"
+    diff-sequences "^29.4.3"
+    jest-get-type "^29.4.3"
+    pretty-format "^29.4.3"
+
+jest-get-type@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-get-type/-/jest-get-type-29.4.3.tgz#1ab7a5207c995161100b5187159ca82dd48b3dd5"
+  integrity sha512-J5Xez4nRRMjk8emnTpWrlkyb9pfRQQanDrvWHhsR1+VUfbwxi30eVcZFlcdGInRibU4G5LwHXpI7IRHU0CY+gg==
+
+jest-matcher-utils@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-29.4.3.tgz#ea68ebc0568aebea4c4213b99f169ff786df96a0"
+  integrity sha512-TTciiXEONycZ03h6R6pYiZlSkvYgT0l8aa49z/DLSGYjex4orMUcafuLXYyyEDWB1RKglq00jzwY00Ei7yFNVg==
+  dependencies:
+    chalk "^4.0.0"
+    jest-diff "^29.4.3"
+    jest-get-type "^29.4.3"
+    pretty-format "^29.4.3"
+
+jest-message-util@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-message-util/-/jest-message-util-29.4.3.tgz#65b5280c0fdc9419503b49d4f48d4999d481cb5b"
+  integrity sha512-1Y8Zd4ZCN7o/QnWdMmT76If8LuDv23Z1DRovBj/vcSFNlGCJGoO8D1nJDw1AdyAGUk0myDLFGN5RbNeJyCRGCw==
+  dependencies:
+    "@babel/code-frame" "^7.12.13"
+    "@jest/types" "^29.4.3"
+    "@types/stack-utils" "^2.0.0"
+    chalk "^4.0.0"
+    graceful-fs "^4.2.9"
+    micromatch "^4.0.4"
+    pretty-format "^29.4.3"
+    slash "^3.0.0"
+    stack-utils "^2.0.3"
+
+jest-util@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.4.3.tgz#851a148e23fc2b633c55f6dad2e45d7f4579f496"
+  integrity sha512-ToSGORAz4SSSoqxDSylWX8JzkOQR7zoBtNRsA7e+1WUX5F8jrOwaNpuh1YfJHJKDHXLHmObv5eOjejUd+/Ws+Q==
+  dependencies:
+    "@jest/types" "^29.4.3"
+    "@types/node" "*"
+    chalk "^4.0.0"
+    ci-info "^3.2.0"
+    graceful-fs "^4.2.9"
+    picomatch "^2.2.3"
+
 joi@17.6.0:
   version "17.6.0"
   resolved "https://registry.yarnpkg.com/joi/-/joi-17.6.0.tgz#0bb54f2f006c09a96e75ce687957bd04290054b2"
@@ -1663,6 +2186,11 @@ json-stringify-safe@^5.0.1:
   resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
   integrity sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==
 
+jsonc-parser@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.2.0.tgz#31ff3f4c2b9793f89c67212627c51c6394f88e76"
+  integrity sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==
+
 jsonfile@^6.0.1:
   version "6.1.0"
   resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae"
@@ -1857,6 +2385,11 @@ make-dir@^2.1.0:
     pify "^4.0.1"
     semver "^5.6.0"
 
+make-error@^1.1.1:
+  version "1.3.6"
+  resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2"
+  integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==
+
 md5@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/md5/-/md5-2.3.0.tgz#c3da9a6aae3a30b46b7b0c349b87b110dc3bda4f"
@@ -1879,11 +2412,18 @@ micromatch@^4.0.4:
     braces "^3.0.2"
     picomatch "^2.3.1"
 
-mime-db@^1.28.0:
+mime-db@1.52.0, mime-db@^1.28.0:
   version "1.52.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
   integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
 
+mime-types@^2.1.12:
+  version "2.1.35"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
+  integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
+  dependencies:
+    mime-db "1.52.0"
+
 mimic-fn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b"
@@ -1991,7 +2531,7 @@ node-abi@^2.21.0:
   dependencies:
     semver "^5.4.1"
 
-node-fetch@2, node-fetch@2.6.7, node-fetch@^2.6.6:
+node-fetch@2.6.7, node-fetch@^2.6.6:
   version "2.6.7"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
   integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
@@ -2137,7 +2677,7 @@ pend@~1.2.0:
   resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50"
   integrity sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==
 
-picomatch@^2.3.1:
+picomatch@^2.2.3, picomatch@^2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
   integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
@@ -2300,6 +2840,15 @@ prepend-http@^2.0.0:
   resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-2.0.0.tgz#e92434bfa5ea8c19f41cdfd401d741a3c819d897"
   integrity sha512-ravE6m9Atw9Z/jjttRUZ+clIXogdghyZAuWJ3qEzjT+jI/dL1ifAqhZeC5VHzQp1MSt1+jxKkFNemj/iO7tVUA==
 
+pretty-format@^29.0.0, pretty-format@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-29.4.3.tgz#25500ada21a53c9e8423205cf0337056b201244c"
+  integrity sha512-cvpcHTc42lcsvOOAzd3XuNWTcvk1Jmnzqeu+WsOuiPmxUJTnkbAcFNsRKvEpBEUFVUgy/GTZLulZDcDEi+CIlA==
+  dependencies:
+    "@jest/schemas" "^29.4.3"
+    ansi-styles "^5.0.0"
+    react-is "^18.0.0"
+
 printj@^1.3.0:
   version "1.3.1"
   resolved "https://registry.yarnpkg.com/printj/-/printj-1.3.1.tgz#9af6b1d55647a1587ac44f4c1654a4b95b8e12cb"
@@ -2374,6 +2923,11 @@ rc@^1.2.7:
     minimist "^1.2.0"
     strip-json-comments "~2.0.1"
 
+react-is@^18.0.0:
+  version "18.2.0"
+  resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.2.0.tgz#199431eeaaa2e09f86427efbb4f1473edb47609b"
+  integrity sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w==
+
 readable-stream@1.1.14, readable-stream@^1.0.27-1:
   version "1.1.14"
   resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.14.tgz#7cf4c54ef648e3813084c636dd2079e166c081d9"
@@ -2656,6 +3210,13 @@ sprintf-js@~1.0.2:
   resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
   integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==
 
+stack-utils@^2.0.3:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/stack-utils/-/stack-utils-2.0.6.tgz#aaf0748169c02fc33c8232abccf933f54a1cc34f"
+  integrity sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==
+  dependencies:
+    escape-string-regexp "^2.0.0"
+
 stream-meter@^1.0.4:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/stream-meter/-/stream-meter-1.0.4.tgz#52af95aa5ea760a2491716704dbff90f73afdd1d"
@@ -2911,6 +3472,25 @@ trim-repeated@^1.0.0:
   dependencies:
     escape-string-regexp "^1.0.2"
 
+ts-node@^10.9.1:
+  version "10.9.1"
+  resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b"
+  integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==
+  dependencies:
+    "@cspotcode/source-map-support" "^0.8.0"
+    "@tsconfig/node10" "^1.0.7"
+    "@tsconfig/node12" "^1.0.7"
+    "@tsconfig/node14" "^1.0.0"
+    "@tsconfig/node16" "^1.0.2"
+    acorn "^8.4.1"
+    acorn-walk "^8.1.1"
+    arg "^4.1.0"
+    create-require "^1.1.0"
+    diff "^4.0.1"
+    make-error "^1.1.1"
+    v8-compile-cache-lib "^3.0.1"
+    yn "3.1.1"
+
 tslib@^1.9.0:
   version "1.14.1"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
@@ -2940,6 +3520,11 @@ type-fest@^0.21.3:
   resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37"
   integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==
 
+typescript@4.7.3:
+  version "4.7.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.7.3.tgz#8364b502d5257b540f9de4c40be84c98e23a129d"
+  integrity sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==
+
 typical@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/typical/-/typical-4.0.0.tgz#cbeaff3b9d7ae1e2bbfaf5a4e6f11eccfde94fc4"
@@ -3015,6 +3600,11 @@ uuid@8.3.2, uuid@^8.3.2:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
 
+v8-compile-cache-lib@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf"
+  integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==
+
 v8-compile-cache@^2.0.3:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz#2de19618c66dc247dcfb6f99338035d8245a2cee"
@@ -3101,6 +3691,11 @@ yallist@^4.0.0:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
   integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
 
+yaml@^1.10.2:
+  version "1.10.2"
+  resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b"
+  integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==
+
 yaml@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.1.1.tgz#1e06fb4ca46e60d9da07e4f786ea370ed3c3cfec"
@@ -3131,3 +3726,8 @@ yauzl@^2.4.2:
   dependencies:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
+
+yn@3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50"
+  integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==
diff --git a/packages/client/package.json b/packages/client/package.json
index c18aa46812..84648927cd 100644
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/client",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "license": "MPL-2.0",
   "module": "dist/budibase-client.js",
   "main": "dist/budibase-client.js",
@@ -19,9 +19,11 @@
     "dev:builder": "rollup -cw"
   },
   "dependencies": {
-    "@budibase/bbui": "2.3.18-alpha.12",
-    "@budibase/frontend-core": "2.3.18-alpha.12",
-    "@budibase/string-templates": "2.3.18-alpha.12",
+    "@budibase/bbui": "2.4.12-alpha.0",
+    "@budibase/frontend-core": "2.4.12-alpha.0",
+    "@budibase/shared-core": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
+    "@budibase/types": "2.4.8-alpha.4",
     "@spectrum-css/button": "^3.0.3",
     "@spectrum-css/card": "^3.0.3",
     "@spectrum-css/divider": "^1.0.3",
diff --git a/packages/client/rollup.config.js b/packages/client/rollup.config.js
index f56714b51a..c22b928f10 100644
--- a/packages/client/rollup.config.js
+++ b/packages/client/rollup.config.js
@@ -20,6 +20,19 @@ const ignoredWarnings = [
   "a11y-click-events-have-key-events",
 ]
 
+const devPaths = production
+  ? []
+  : [
+      {
+        find: "@budibase/shared-core",
+        replacement: path.resolve("../shared-core/dist/mjs/src/index"),
+      },
+      {
+        find: "@budibase/types",
+        replacement: path.resolve("../types/dist/mjs/index"),
+      },
+    ]
+
 export default {
   input: "src/index.js",
   output: [
@@ -69,6 +82,7 @@ export default {
           find: "sdk",
           replacement: path.resolve("./src/sdk"),
         },
+        ...devPaths,
       ],
     }),
     svelte({
diff --git a/packages/client/src/components/app/dynamic-filter/FilterModal.svelte b/packages/client/src/components/app/dynamic-filter/FilterModal.svelte
index 5bc3e500a1..3b397761cc 100644
--- a/packages/client/src/components/app/dynamic-filter/FilterModal.svelte
+++ b/packages/client/src/components/app/dynamic-filter/FilterModal.svelte
@@ -57,6 +57,9 @@
   const onFieldChange = (expression, field) => {
     // Update the field type
     expression.type = schemaFields.find(x => x.name === field)?.type
+    expression.externalType = schemaFields.find(
+      x => x.name === field
+    )?.externalType
 
     // Ensure a valid operator is set
     const validOperators = LuceneUtils.getValidOperatorsForType(
diff --git a/packages/client/src/components/app/embedded-map/EmbeddedMap.svelte b/packages/client/src/components/app/embedded-map/EmbeddedMap.svelte
index 2cfe3f497f..3bb7d5606d 100644
--- a/packages/client/src/components/app/embedded-map/EmbeddedMap.svelte
+++ b/packages/client/src/components/app/embedded-map/EmbeddedMap.svelte
@@ -283,27 +283,32 @@
     if (mapInstance) {
       mapInstance.remove()
     }
-    mapInstance = L.map(embeddedMapId, mapOptions)
-    mapMarkerGroup.addTo(mapInstance)
-    candidateMarkerGroup.addTo(mapInstance)
 
-    // Add attribution
-    const cleanAttribution = sanitizeHtml(attribution, {
-      allowedTags: ["a"],
-      allowedAttributes: {
-        a: ["href", "target"],
-      },
-    })
-    L.tileLayer(tileURL, {
-      attribution: "&copy; " + cleanAttribution,
-      zoom,
-    }).addTo(mapInstance)
+    try {
+      mapInstance = L.map(embeddedMapId, mapOptions)
+      mapMarkerGroup.addTo(mapInstance)
+      candidateMarkerGroup.addTo(mapInstance)
 
-    // Add click handler
-    mapInstance.on("click", handleMapClick)
+      // Add attribution
+      const cleanAttribution = sanitizeHtml(attribution, {
+        allowedTags: ["a"],
+        allowedAttributes: {
+          a: ["href", "target"],
+        },
+      })
+      L.tileLayer(tileURL, {
+        attribution: "&copy; " + cleanAttribution,
+        zoom,
+      }).addTo(mapInstance)
 
-    // Reset view
-    resetView()
+      // Add click handler
+      mapInstance.on("click", handleMapClick)
+
+      // Reset view
+      resetView()
+    } catch (e) {
+      console.log("There was a problem with the map", e)
+    }
   }
 
   const handleMapClick = e => {
diff --git a/packages/client/src/stores/routes.js b/packages/client/src/stores/routes.js
index 69cd42d5f5..8e318af2e3 100644
--- a/packages/client/src/stores/routes.js
+++ b/packages/client/src/stores/routes.js
@@ -66,22 +66,27 @@ const createRouteStore = () => {
       return state
     })
   }
-  const navigate = (url, peek) => {
+  const navigate = (url, peek, externalNewTab) => {
     if (get(builderStore).inBuilder) {
       return
     }
     if (url) {
       // If we're already peeking, don't peek again
       const isPeeking = get(store).queryParams?.peek
-      if (peek && !isPeeking) {
+      const external = !url.startsWith("/")
+      if (peek && !isPeeking && !external) {
         peekStore.actions.showPeek(url)
-      } else {
-        const external = !url.startsWith("/")
-        if (external) {
-          window.location.href = url
-        } else {
-          push(url)
+      } else if (external) {
+        if (url.startsWith("www")) {
+          url = `https://${url}`
         }
+        if (externalNewTab) {
+          window.open(url, "_blank")
+        } else {
+          window.location.href = url
+        }
+      } else {
+        push(url)
       }
     }
   }
diff --git a/packages/client/src/utils/buttonActions.js b/packages/client/src/utils/buttonActions.js
index 55bd4d987d..895584b782 100644
--- a/packages/client/src/utils/buttonActions.js
+++ b/packages/client/src/utils/buttonActions.js
@@ -140,8 +140,8 @@ const triggerAutomationHandler = async action => {
 }
 
 const navigationHandler = action => {
-  const { url, peek } = action.parameters
-  routeStore.actions.navigate(url, peek)
+  const { url, peek, externalNewTab } = action.parameters
+  routeStore.actions.navigate(url, peek, externalNewTab)
 }
 
 const queryExecutionHandler = async action => {
diff --git a/packages/client/src/utils/schema.js b/packages/client/src/utils/schema.js
index 433a1c5fee..e450c516d7 100644
--- a/packages/client/src/utils/schema.js
+++ b/packages/client/src/utils/schema.js
@@ -81,6 +81,7 @@ export const getRelationshipSchemaAdditions = async schema => {
       Object.keys(linkSchema || {}).forEach(linkKey => {
         relationshipAdditions[`${fieldKey}.${linkKey}`] = {
           type: linkSchema[linkKey].type,
+          externalType: linkSchema[linkKey].externalType,
         }
       })
     }
diff --git a/packages/client/yarn.lock b/packages/client/yarn.lock
index e7140f7af3..189c93c120 100644
--- a/packages/client/yarn.lock
+++ b/packages/client/yarn.lock
@@ -23,6 +23,11 @@
     chalk "^2.0.0"
     js-tokens "^4.0.0"
 
+"@budibase/types@2.4.8-alpha.4":
+  version "2.4.8-alpha.4"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.4.8-alpha.4.tgz#4e6dec50eef381994432ef4d08587a9a7156dd84"
+  integrity sha512-aiHHOvsDLHQ2OFmLgaSUttQwSuaPBqF1lbyyCkEJIbbl/qo9EPNZGl+AkB7wo12U5HdqWhr9OpFL12EqkcD4GA==
+
 "@jridgewell/gen-mapping@^0.3.0":
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json
index bc7a82d0a6..aefd78d8ea 100644
--- a/packages/frontend-core/package.json
+++ b/packages/frontend-core/package.json
@@ -1,12 +1,13 @@
 {
   "name": "@budibase/frontend-core",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase frontend core libraries used in builder and client",
   "author": "Budibase",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "dependencies": {
-    "@budibase/bbui": "2.3.18-alpha.12",
+    "@budibase/bbui": "2.4.12-alpha.0",
+    "@budibase/shared-core": "2.4.12-alpha.0",
     "lodash": "^4.17.21",
     "svelte": "^3.46.2"
   }
diff --git a/packages/frontend-core/src/api/auditLogs.js b/packages/frontend-core/src/api/auditLogs.js
new file mode 100644
index 0000000000..c4230df6d9
--- /dev/null
+++ b/packages/frontend-core/src/api/auditLogs.js
@@ -0,0 +1,63 @@
+const buildOpts = ({
+  bookmark,
+  userIds,
+  appIds,
+  startDate,
+  endDate,
+  fullSearch,
+  events,
+}) => {
+  const opts = {}
+
+  if (bookmark) {
+    opts.bookmark = bookmark
+  }
+
+  if (startDate && endDate) {
+    opts.startDate = startDate
+    opts.endDate = endDate
+  } else if (startDate && !endDate) {
+    opts.startDate = startDate
+  }
+
+  if (fullSearch) {
+    opts.fullSearch = fullSearch
+  }
+
+  if (events.length) {
+    opts.events = events
+  }
+
+  if (userIds.length) {
+    opts.userIds = userIds
+  }
+
+  if (appIds.length) {
+    opts.appIds = appIds
+  }
+
+  return opts
+}
+
+export const buildAuditLogsEndpoints = API => ({
+  /**
+   * Gets a list of users in the current tenant.
+   */
+  searchAuditLogs: async opts => {
+    return await API.post({
+      url: `/api/global/auditlogs/search`,
+      body: buildOpts(opts),
+    })
+  },
+
+  getEventDefinitions: async () => {
+    return await API.get({
+      url: `/api/global/auditlogs/definitions`,
+    })
+  },
+
+  getDownloadUrl: opts => {
+    const query = encodeURIComponent(JSON.stringify(opts))
+    return `/api/global/auditlogs/download?query=${query}`
+  },
+})
diff --git a/packages/frontend-core/src/api/index.js b/packages/frontend-core/src/api/index.js
index e2935b416b..f8eee45cb8 100644
--- a/packages/frontend-core/src/api/index.js
+++ b/packages/frontend-core/src/api/index.js
@@ -28,6 +28,8 @@ import { buildPluginEndpoints } from "./plugins"
 import { buildBackupsEndpoints } from "./backups"
 import { buildEnvironmentVariableEndpoints } from "./environmentVariables"
 import { buildEventEndpoints } from "./events"
+import { buildAuditLogsEndpoints } from "./auditLogs"
+
 const defaultAPIClientConfig = {
   /**
    * Certain definitions can't change at runtime for client apps, such as the
@@ -250,5 +252,6 @@ export const createAPIClient = config => {
     ...buildBackupsEndpoints(API),
     ...buildEnvironmentVariableEndpoints(API),
     ...buildEventEndpoints(API),
+    ...buildAuditLogsEndpoints(API),
   }
 }
diff --git a/packages/frontend-core/src/api/user.js b/packages/frontend-core/src/api/user.js
index 9875605ce0..d8723a649c 100644
--- a/packages/frontend-core/src/api/user.js
+++ b/packages/frontend-core/src/api/user.js
@@ -12,8 +12,10 @@ export const buildUserEndpoints = API => ({
    * Gets a list of users in the current tenant.
    * @param {string} page The page to retrieve
    * @param {string} search The starts with string to search username/email by.
+   * @param {string} appId Facilitate app/role based user searching
+   * @param {boolean} paginated Allow the disabling of pagination
    */
-  searchUsers: async ({ page, email, appId } = {}) => {
+  searchUsers: async ({ paginated, page, email, appId } = {}) => {
     const opts = {}
     if (page) {
       opts.page = page
@@ -24,6 +26,9 @@ export const buildUserEndpoints = API => ({
     if (appId) {
       opts.appId = appId
     }
+    if (typeof paginated === "boolean") {
+      opts.paginated = paginated
+    }
     return await API.post({
       url: `/api/global/users/search`,
       body: opts,
@@ -133,7 +138,7 @@ export const buildUserEndpoints = API => ({
    * @param builder whether the user should be a global builder
    * @param admin whether the user should be a global admin
    */
-  inviteUser: async ({ email, builder, admin }) => {
+  inviteUser: async ({ email, builder, admin, apps }) => {
     return await API.post({
       url: "/api/global/users/invite",
       body: {
@@ -141,11 +146,43 @@ export const buildUserEndpoints = API => ({
         userInfo: {
           admin: admin ? { global: true } : undefined,
           builder: builder ? { global: true } : undefined,
+          apps: apps ? apps : undefined,
         },
       },
     })
   },
 
+  onboardUsers: async payload => {
+    return await API.post({
+      url: "/api/global/users/onboard",
+      body: payload.map(invite => {
+        const { email, admin, builder, apps } = invite
+        return {
+          email,
+          userInfo: {
+            admin: admin ? { global: true } : undefined,
+            builder: builder ? { global: true } : undefined,
+            apps: apps ? apps : undefined,
+          },
+        }
+      }),
+    })
+  },
+
+  /**
+   * Accepts a user invite as a body and will update the associated app roles.
+   * for an existing invite
+   * @param invite the invite code sent in the email
+   */
+  updateUserInvite: async invite => {
+    await API.post({
+      url: `/api/global/users/invite/update/${invite.code}`,
+      body: {
+        apps: invite.apps,
+      },
+    })
+  },
+
   /**
    * Retrieves the invitation associated with a provided code.
    * @param code The unique code for the target invite
@@ -156,6 +193,15 @@ export const buildUserEndpoints = API => ({
     })
   },
 
+  /**
+   * Retrieves all user invitations for the current tenant.
+   */
+  getUserInvites: async () => {
+    return await API.get({
+      url: `/api/global/users/invites`,
+    })
+  },
+
   /**
    * Invites multiple users to the current tenant.
    * @param users An array of users to invite
@@ -169,6 +215,7 @@ export const buildUserEndpoints = API => ({
           admin: user.admin ? { global: true } : undefined,
           builder: user.admin || user.builder ? { global: true } : undefined,
           userGroups: user.groups,
+          roles: user.apps ? user.apps : undefined,
         },
       })),
     })
diff --git a/packages/frontend-core/src/constants.js b/packages/frontend-core/src/constants.js
index 3a16013df2..bdf7abe36f 100644
--- a/packages/frontend-core/src/constants.js
+++ b/packages/frontend-core/src/constants.js
@@ -1,56 +1,7 @@
 /**
  * Operator options for lucene queries
  */
-export const OperatorOptions = {
-  Equals: {
-    value: "equal",
-    label: "Equals",
-  },
-  NotEquals: {
-    value: "notEqual",
-    label: "Not equals",
-  },
-  Empty: {
-    value: "empty",
-    label: "Is empty",
-  },
-  NotEmpty: {
-    value: "notEmpty",
-    label: "Is not empty",
-  },
-  StartsWith: {
-    value: "string",
-    label: "Starts with",
-  },
-  Like: {
-    value: "fuzzy",
-    label: "Like",
-  },
-  MoreThan: {
-    value: "rangeLow",
-    label: "More than or equal to",
-  },
-  LessThan: {
-    value: "rangeHigh",
-    label: "Less than or equal to",
-  },
-  Contains: {
-    value: "contains",
-    label: "Contains",
-  },
-  NotContains: {
-    value: "notContains",
-    label: "Does not contain",
-  },
-  In: {
-    value: "oneOf",
-    label: "Is in",
-  },
-  ContainsAny: {
-    value: "containsAny",
-    label: "Has any",
-  },
-}
+export { OperatorOptions, SqlNumberTypeRangeMap } from "@budibase/shared-core"
 
 // Cookie names
 export const Cookies = {
@@ -115,6 +66,8 @@ export const Features = {
   USER_GROUPS: "userGroups",
   BACKUPS: "appBackups",
   ENVIRONMENT_VARIABLES: "environmentVariables",
+  AUDIT_LOGS: "auditLogs",
+  ENFORCEABLE_SSO: "enforceableSSO",
 }
 
 // Role IDs
@@ -125,27 +78,6 @@ export const Roles = {
   PUBLIC: "PUBLIC",
   BUILDER: "BUILDER",
 }
-/**
- * Maximum minimum range for SQL number values
- */
-export const SqlNumberTypeRangeMap = {
-  integer: {
-    max: 2147483647,
-    min: -2147483648,
-  },
-  int: {
-    max: 2147483647,
-    min: -2147483648,
-  },
-  smallint: {
-    max: 32767,
-    min: -32768,
-  },
-  mediumint: {
-    max: 8388607,
-    min: -8388608,
-  },
-}
 
 export const Themes = [
   {
diff --git a/packages/frontend-core/src/fetch/DataFetch.js b/packages/frontend-core/src/fetch/DataFetch.js
index 37e300e354..9b687e9844 100644
--- a/packages/frontend-core/src/fetch/DataFetch.js
+++ b/packages/frontend-core/src/fetch/DataFetch.js
@@ -1,13 +1,11 @@
 import { writable, derived, get } from "svelte/store"
 import { cloneDeep } from "lodash/fp"
-import {
-  buildLuceneQuery,
-  luceneLimit,
-  runLuceneQuery,
-  luceneSort,
-} from "../utils/lucene"
+import { LuceneUtils } from "../utils"
 import { convertJSONSchemaToTableSchema } from "../utils/json"
 
+const { buildLuceneQuery, luceneLimit, runLuceneQuery, luceneSort } =
+  LuceneUtils
+
 /**
  * Parent class which handles the implementation of fetching data from an
  * internal table or datasource plus.
diff --git a/packages/frontend-core/src/fetch/UserFetch.js b/packages/frontend-core/src/fetch/UserFetch.js
index 9aeadbc0f5..5372d0ec33 100644
--- a/packages/frontend-core/src/fetch/UserFetch.js
+++ b/packages/frontend-core/src/fetch/UserFetch.js
@@ -35,6 +35,7 @@ export default class UserFetch extends DataFetch {
         page: cursor,
         email: query.email,
         appId: query.appId,
+        paginated: query.paginated,
       })
       return {
         rows: res?.data || [],
diff --git a/packages/frontend-core/src/utils/index.js b/packages/frontend-core/src/utils/index.js
index 3ba3bf0fd4..6ac7c65c62 100644
--- a/packages/frontend-core/src/utils/index.js
+++ b/packages/frontend-core/src/utils/index.js
@@ -1,4 +1,4 @@
-export * as LuceneUtils from "./lucene"
+export { dataFilters as LuceneUtils } from "@budibase/shared-core"
 export * as JSONUtils from "./json"
 export * as CookieUtils from "./cookies"
 export * as RoleUtils from "./roles"
diff --git a/packages/sdk/package.json b/packages/sdk/package.json
index 8199e84495..7e9fba775d 100644
--- a/packages/sdk/package.json
+++ b/packages/sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/sdk",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase Public API SDK",
   "author": "Budibase",
   "license": "MPL-2.0",
diff --git a/packages/server/__mocks__/node-fetch.ts b/packages/server/__mocks__/node-fetch.ts
index 78071dc8af..fdf44d173d 100644
--- a/packages/server/__mocks__/node-fetch.ts
+++ b/packages/server/__mocks__/node-fetch.ts
@@ -172,6 +172,9 @@ module FetchMock {
         ),
         ok: true,
       })
+    } else if (url === "https://www.googleapis.com/oauth2/v4/token") {
+      // any valid response
+      return json({})
     } else if (url.includes("failonce.com")) {
       failCount++
       if (failCount === 1) {
diff --git a/packages/server/jest.config.ts b/packages/server/jest.config.ts
index 331912aa19..03eca3705b 100644
--- a/packages/server/jest.config.ts
+++ b/packages/server/jest.config.ts
@@ -14,6 +14,7 @@ const baseConfig: Config.InitialProjectOptions = {
   moduleNameMapper: {
     "@budibase/backend-core/(.*)": "<rootDir>/../backend-core/$1",
     "@budibase/backend-core": "<rootDir>/../backend-core/src",
+    "@budibase/shared-core": "<rootDir>/../shared-core/src",
     "@budibase/types": "<rootDir>/../types/src",
   },
 }
@@ -39,6 +40,7 @@ const config: Config.InitialOptions = {
   ],
   collectCoverageFrom: [
     "src/**/*.{js,ts}",
+    "../backend-core/src/**/*.{js,ts}",
     // The use of coverage with couchdb view functions breaks tests
     "!src/db/views/staticViews.*",
   ],
diff --git a/packages/server/package.json b/packages/server/package.json
index aa3754ee94..0a01940050 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/server",
   "email": "hi@budibase.com",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase Web Server",
   "main": "src/index.ts",
   "repository": {
@@ -25,7 +25,7 @@
     "dev:stack:down": "node scripts/dev/manage.js down",
     "dev:stack:nuke": "node scripts/dev/manage.js nuke",
     "dev:builder": "yarn run dev:stack:up && nodemon",
-    "specs": "node specs/generate.js && openapi-typescript specs/openapi.yaml --output src/definitions/openapi.ts",
+    "specs": "ts-node specs/generate.ts && openapi-typescript specs/openapi.yaml --output src/definitions/openapi.ts",
     "initialise": "node scripts/initialise.js",
     "env:multi:enable": "node scripts/multiTenancy.js enable",
     "env:multi:disable": "node scripts/multiTenancy.js disable",
@@ -43,11 +43,12 @@
   "license": "GPL-3.0",
   "dependencies": {
     "@apidevtools/swagger-parser": "10.0.3",
-    "@budibase/backend-core": "2.3.18-alpha.12",
-    "@budibase/client": "2.3.18-alpha.12",
-    "@budibase/pro": "2.3.18-alpha.12",
-    "@budibase/string-templates": "2.3.18-alpha.12",
-    "@budibase/types": "2.3.18-alpha.12",
+    "@budibase/backend-core": "2.4.12-alpha.0",
+    "@budibase/client": "2.4.12-alpha.0",
+    "@budibase/pro": "2.4.12-alpha.0",
+    "@budibase/shared-core": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
+    "@budibase/types": "2.4.12-alpha.0",
     "@bull-board/api": "3.7.0",
     "@bull-board/koa": "3.9.4",
     "@elastic/elasticsearch": "7.10.0",
@@ -87,6 +88,7 @@
     "koa-send": "5.0.0",
     "koa-session": "5.12.0",
     "koa-static": "5.0.0",
+    "koa-useragent": "^4.1.0",
     "koa2-ratelimit": "1.1.1",
     "lodash": "4.17.21",
     "memorystream": "0.3.1",
diff --git a/packages/server/specs/generate.js b/packages/server/specs/generate.ts
similarity index 87%
rename from packages/server/specs/generate.js
rename to packages/server/specs/generate.ts
index f6a055f683..39d8a50ade 100644
--- a/packages/server/specs/generate.js
+++ b/packages/server/specs/generate.ts
@@ -1,9 +1,9 @@
+import { join } from "path"
+import { writeFileSync } from "fs"
+import { examples, schemas } from "./resources"
+import * as parameters from "./parameters"
+import * as security from "./security"
 const swaggerJsdoc = require("swagger-jsdoc")
-const { join } = require("path")
-const { writeFileSync } = require("fs")
-const { examples, schemas } = require("./resources")
-const parameters = require("./parameters")
-const security = require("./security")
 
 const VARIABLES = {}
 
@@ -60,7 +60,7 @@ const options = {
   apis: [join(__dirname, "..", "src", "api", "routes", "public", "*.ts")],
 }
 
-function writeFile(output, filename) {
+function writeFile(output: any, filename: string) {
   try {
     const path = join(__dirname, filename)
     let spec = output
@@ -79,7 +79,7 @@ function writeFile(output, filename) {
   }
 }
 
-function run() {
+export function run() {
   const outputJSON = swaggerJsdoc(options)
   options.format = ".yaml"
   const outputYAML = swaggerJsdoc(options)
@@ -90,5 +90,3 @@ function run() {
 if (require.main === module) {
   run()
 }
-
-module.exports = run
diff --git a/packages/server/specs/openapi.json b/packages/server/specs/openapi.json
index cf4eef75a9..bcff78e861 100644
--- a/packages/server/specs/openapi.json
+++ b/packages/server/specs/openapi.json
@@ -115,6 +115,15 @@
           ]
         }
       },
+      "deploymentOutput": {
+        "value": {
+          "data": {
+            "_id": "ef12381f934b4f129675cdbb76eff3c2",
+            "status": "SUCCESS",
+            "appUrl": "/app-url"
+          }
+        }
+      },
       "inputRow": {
         "value": {
           "_id": "ro_ta_5b1649e42a5b41dea4ef7742a36a7a70_e6dc7e38cf1343b2b56760265201cda4",
@@ -413,6 +422,9 @@
             }
           ]
         }
+      },
+      "metrics": {
+        "value": "# HELP budibase_os_uptime Time in seconds that the host operating system has been up.\n# TYPE budibase_os_uptime counter\nbudibase_os_uptime 54958\n# HELP budibase_os_free_mem Bytes of memory free for usage on the host operating system.\n# TYPE budibase_os_free_mem gauge\nbudibase_os_free_mem 804507648\n# HELP budibase_os_total_mem Total bytes of memory on the host operating system.\n# TYPE budibase_os_total_mem gauge\nbudibase_os_total_mem 16742404096\n# HELP budibase_os_used_mem Total bytes of memory in use on the host operating system.\n# TYPE budibase_os_used_mem gauge\nbudibase_os_used_mem 15937896448\n# HELP budibase_os_load1 Host operating system load average.\n# TYPE budibase_os_load1 gauge\nbudibase_os_load1 1.91\n# HELP budibase_os_load5 Host operating system load average.\n# TYPE budibase_os_load5 gauge\nbudibase_os_load5 1.75\n# HELP budibase_os_load15 Host operating system load average.\n# TYPE budibase_os_load15 gauge\nbudibase_os_load15 1.56\n# HELP budibase_tenant_user_count The number of users created.\n# TYPE budibase_tenant_user_count gauge\nbudibase_tenant_user_count 1\n# HELP budibase_tenant_app_count The number of apps created by a user.\n# TYPE budibase_tenant_app_count gauge\nbudibase_tenant_app_count 2\n# HELP budibase_tenant_production_app_count The number of apps a user has published.\n# TYPE budibase_tenant_production_app_count gauge\nbudibase_tenant_production_app_count 1\n# HELP budibase_tenant_dev_app_count The number of apps a user has unpublished in development.\n# TYPE budibase_tenant_dev_app_count gauge\nbudibase_tenant_dev_app_count 1\n# HELP budibase_tenant_db_count The number of couchdb databases including global tables such as _users.\n# TYPE budibase_tenant_db_count gauge\nbudibase_tenant_db_count 3\n# HELP budibase_quota_usage_apps The number of apps created.\n# TYPE budibase_quota_usage_apps gauge\nbudibase_quota_usage_apps 1\n# HELP budibase_quota_limit_apps The limit on the number of apps that can be created.\n# TYPE budibase_quota_limit_apps gauge\nbudibase_quota_limit_apps 9007199254740991\n# HELP budibase_quota_usage_rows The number of database rows used from the quota.\n# TYPE budibase_quota_usage_rows gauge\nbudibase_quota_usage_rows 0\n# HELP budibase_quota_limit_rows The limit on the number of rows that can be created.\n# TYPE budibase_quota_limit_rows gauge\nbudibase_quota_limit_rows 9007199254740991\n# HELP budibase_quota_usage_plugins The number of plugins in use.\n# TYPE budibase_quota_usage_plugins gauge\nbudibase_quota_usage_plugins 0\n# HELP budibase_quota_limit_plugins The limit on the number of plugins that can be created.\n# TYPE budibase_quota_limit_plugins gauge\nbudibase_quota_limit_plugins 9007199254740991\n# HELP budibase_quota_usage_user_groups The number of user groups created.\n# TYPE budibase_quota_usage_user_groups gauge\nbudibase_quota_usage_user_groups 0\n# HELP budibase_quota_limit_user_groups The limit on the number of user groups that can be created.\n# TYPE budibase_quota_limit_user_groups gauge\nbudibase_quota_limit_user_groups 9007199254740991\n# HELP budibase_quota_usage_queries The number of queries used in the current month.\n# TYPE budibase_quota_usage_queries gauge\nbudibase_quota_usage_queries 0\n# HELP budibase_quota_limit_queries The limit on the number of queries for the current month.\n# TYPE budibase_quota_limit_queries gauge\nbudibase_quota_limit_queries 9007199254740991\n# HELP budibase_quota_usage_automations The number of automations used in the current month.\n# TYPE budibase_quota_usage_automations gauge\nbudibase_quota_usage_automations 0\n# HELP budibase_quota_limit_automations The limit on the number of automations that can be created.\n# TYPE budibase_quota_limit_automations gauge\nbudibase_quota_limit_automations 9007199254740991\n"
       }
     },
     "securitySchemes": {
@@ -1829,7 +1841,7 @@
   "paths": {
     "/applications": {
       "post": {
-        "operationId": "create",
+        "operationId": "appCreate",
         "summary": "Create an application",
         "tags": [
           "applications"
@@ -1870,7 +1882,7 @@
     },
     "/applications/{appId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "appUpdate",
         "summary": "Update an application",
         "tags": [
           "applications"
@@ -1909,7 +1921,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "appDestroy",
         "summary": "Delete an application",
         "tags": [
           "applications"
@@ -1938,7 +1950,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "appGetById",
         "summary": "Retrieve an application",
         "tags": [
           "applications"
@@ -1969,7 +1981,7 @@
     },
     "/applications/{appId}/unpublish": {
       "post": {
-        "operationId": "unpublish",
+        "operationId": "appUnpublish",
         "summary": "Unpublish an application",
         "tags": [
           "applications"
@@ -1988,7 +2000,7 @@
     },
     "/applications/{appId}/publish": {
       "post": {
-        "operationId": "publish",
+        "operationId": "appPublish",
         "summary": "Unpublish an application",
         "tags": [
           "applications"
@@ -2019,7 +2031,7 @@
     },
     "/applications/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "appSearch",
         "summary": "Search for applications",
         "description": "Based on application properties (currently only name) search for applications.",
         "tags": [
@@ -2054,9 +2066,36 @@
         }
       }
     },
+    "/metrics": {
+      "get": {
+        "operationId": "metricsGet",
+        "summary": "Retrieve Budibase tenant metrics",
+        "description": "Output metrics in OpenMetrics format compatible with Prometheus",
+        "tags": [
+          "metrics"
+        ],
+        "responses": {
+          "200": {
+            "description": "Returns tenant metrics.",
+            "content": {
+              "text/plain": {
+                "schema": {
+                  "type": "string"
+                },
+                "examples": {
+                  "metrics": {
+                    "$ref": "#/components/examples/metrics"
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "/queries/{queryId}": {
       "post": {
-        "operationId": "execute",
+        "operationId": "queryExecute",
         "summary": "Execute a query",
         "description": "Queries which have been created within a Budibase app can be executed using this,",
         "tags": [
@@ -2104,7 +2143,7 @@
     },
     "/queries/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "querySearch",
         "summary": "Search for queries",
         "description": "Based on query properties (currently only name) search for queries.",
         "tags": [
@@ -2146,7 +2185,7 @@
     },
     "/tables/{tableId}/rows": {
       "post": {
-        "operationId": "create",
+        "operationId": "rowCreate",
         "summary": "Create a row",
         "description": "Creates a row within the specified table.",
         "tags": [
@@ -2196,7 +2235,7 @@
     },
     "/tables/{tableId}/rows/{rowId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "rowUpdate",
         "summary": "Update a row",
         "description": "Updates a row within the specified table.",
         "tags": [
@@ -2247,7 +2286,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "rowDestroy",
         "summary": "Delete a row",
         "description": "Deletes a row within the specified table.",
         "tags": [
@@ -2283,7 +2322,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "rowGetById",
         "summary": "Retrieve a row",
         "description": "This gets a single row, it will be enriched with the full related rows, rather than the squashed \"primaryDisplay\" format returned by the search endpoint.",
         "tags": [
@@ -2321,7 +2360,7 @@
     },
     "/tables/{tableId}/rows/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "rowSearch",
         "summary": "Search for rows",
         "tags": [
           "rows"
@@ -2365,7 +2404,7 @@
     },
     "/tables": {
       "post": {
-        "operationId": "create",
+        "operationId": "tableCreate",
         "summary": "Create a table",
         "description": "Create a table, this could be internal or external.",
         "tags": [
@@ -2411,7 +2450,7 @@
     },
     "/tables/{tableId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "tableUpdate",
         "summary": "Update a table",
         "description": "Update a table, this could be internal or external.",
         "tags": [
@@ -2458,7 +2497,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "tableDestroy",
         "summary": "Delete a table",
         "description": "Delete a table, this could be internal or external.",
         "tags": [
@@ -2491,7 +2530,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "tableGetById",
         "summary": "Retrieve a table",
         "description": "Lookup a table, this could be internal or external.",
         "tags": [
@@ -2526,7 +2565,7 @@
     },
     "/tables/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "tableSearch",
         "summary": "Search for tables",
         "description": "Based on table properties (currently only name) search for tables. This could be an internal or an external table.",
         "tags": [
@@ -2568,7 +2607,7 @@
     },
     "/users": {
       "post": {
-        "operationId": "create",
+        "operationId": "userCreate",
         "summary": "Create a user",
         "tags": [
           "users"
@@ -2604,7 +2643,7 @@
     },
     "/users/{userId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "userUpdate",
         "summary": "Update a user",
         "tags": [
           "users"
@@ -2643,7 +2682,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "userDestroy",
         "summary": "Delete a user",
         "tags": [
           "users"
@@ -2672,7 +2711,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "userGetById",
         "summary": "Retrieve a user",
         "tags": [
           "users"
@@ -2703,7 +2742,7 @@
     },
     "/users/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "userSearch",
         "summary": "Search for users",
         "description": "Based on user properties (currently only name) search for users.",
         "tags": [
diff --git a/packages/server/specs/openapi.yaml b/packages/server/specs/openapi.yaml
index 414efe7adb..a9daed6c76 100644
--- a/packages/server/specs/openapi.yaml
+++ b/packages/server/specs/openapi.yaml
@@ -85,6 +85,12 @@ components:
             updatedAt: 2022-02-22T13:00:54.035Z
             createdAt: 2022-02-11T18:02:26.961Z
             status: development
+    deploymentOutput:
+      value:
+        data:
+          _id: ef12381f934b4f129675cdbb76eff3c2
+          status: SUCCESS
+          appUrl: /app-url
     inputRow:
       value:
         _id: ro_ta_5b1649e42a5b41dea4ef7742a36a7a70_e6dc7e38cf1343b2b56760265201cda4
@@ -290,6 +296,152 @@ components:
               name: Admin
               permissionId: admin
               inherits: POWER
+    metrics:
+      value: >
+        # HELP budibase_os_uptime Time in seconds that the host operating system
+        has been up.
+
+        # TYPE budibase_os_uptime counter
+
+        budibase_os_uptime 54958
+
+        # HELP budibase_os_free_mem Bytes of memory free for usage on the host operating system.
+
+        # TYPE budibase_os_free_mem gauge
+
+        budibase_os_free_mem 804507648
+
+        # HELP budibase_os_total_mem Total bytes of memory on the host operating system.
+
+        # TYPE budibase_os_total_mem gauge
+
+        budibase_os_total_mem 16742404096
+
+        # HELP budibase_os_used_mem Total bytes of memory in use on the host operating system.
+
+        # TYPE budibase_os_used_mem gauge
+
+        budibase_os_used_mem 15937896448
+
+        # HELP budibase_os_load1 Host operating system load average.
+
+        # TYPE budibase_os_load1 gauge
+
+        budibase_os_load1 1.91
+
+        # HELP budibase_os_load5 Host operating system load average.
+
+        # TYPE budibase_os_load5 gauge
+
+        budibase_os_load5 1.75
+
+        # HELP budibase_os_load15 Host operating system load average.
+
+        # TYPE budibase_os_load15 gauge
+
+        budibase_os_load15 1.56
+
+        # HELP budibase_tenant_user_count The number of users created.
+
+        # TYPE budibase_tenant_user_count gauge
+
+        budibase_tenant_user_count 1
+
+        # HELP budibase_tenant_app_count The number of apps created by a user.
+
+        # TYPE budibase_tenant_app_count gauge
+
+        budibase_tenant_app_count 2
+
+        # HELP budibase_tenant_production_app_count The number of apps a user has published.
+
+        # TYPE budibase_tenant_production_app_count gauge
+
+        budibase_tenant_production_app_count 1
+
+        # HELP budibase_tenant_dev_app_count The number of apps a user has unpublished in development.
+
+        # TYPE budibase_tenant_dev_app_count gauge
+
+        budibase_tenant_dev_app_count 1
+
+        # HELP budibase_tenant_db_count The number of couchdb databases including global tables such as _users.
+
+        # TYPE budibase_tenant_db_count gauge
+
+        budibase_tenant_db_count 3
+
+        # HELP budibase_quota_usage_apps The number of apps created.
+
+        # TYPE budibase_quota_usage_apps gauge
+
+        budibase_quota_usage_apps 1
+
+        # HELP budibase_quota_limit_apps The limit on the number of apps that can be created.
+
+        # TYPE budibase_quota_limit_apps gauge
+
+        budibase_quota_limit_apps 9007199254740991
+
+        # HELP budibase_quota_usage_rows The number of database rows used from the quota.
+
+        # TYPE budibase_quota_usage_rows gauge
+
+        budibase_quota_usage_rows 0
+
+        # HELP budibase_quota_limit_rows The limit on the number of rows that can be created.
+
+        # TYPE budibase_quota_limit_rows gauge
+
+        budibase_quota_limit_rows 9007199254740991
+
+        # HELP budibase_quota_usage_plugins The number of plugins in use.
+
+        # TYPE budibase_quota_usage_plugins gauge
+
+        budibase_quota_usage_plugins 0
+
+        # HELP budibase_quota_limit_plugins The limit on the number of plugins that can be created.
+
+        # TYPE budibase_quota_limit_plugins gauge
+
+        budibase_quota_limit_plugins 9007199254740991
+
+        # HELP budibase_quota_usage_user_groups The number of user groups created.
+
+        # TYPE budibase_quota_usage_user_groups gauge
+
+        budibase_quota_usage_user_groups 0
+
+        # HELP budibase_quota_limit_user_groups The limit on the number of user groups that can be created.
+
+        # TYPE budibase_quota_limit_user_groups gauge
+
+        budibase_quota_limit_user_groups 9007199254740991
+
+        # HELP budibase_quota_usage_queries The number of queries used in the current month.
+
+        # TYPE budibase_quota_usage_queries gauge
+
+        budibase_quota_usage_queries 0
+
+        # HELP budibase_quota_limit_queries The limit on the number of queries for the current month.
+
+        # TYPE budibase_quota_limit_queries gauge
+
+        budibase_quota_limit_queries 9007199254740991
+
+        # HELP budibase_quota_usage_automations The number of automations used in the current month.
+
+        # TYPE budibase_quota_usage_automations gauge
+
+        budibase_quota_usage_automations 0
+
+        # HELP budibase_quota_limit_automations The limit on the number of automations that can be created.
+
+        # TYPE budibase_quota_limit_automations gauge
+
+        budibase_quota_limit_automations 9007199254740991
   securitySchemes:
     ApiKeyAuth:
       type: apiKey
@@ -1397,7 +1549,7 @@ security:
 paths:
   /applications:
     post:
-      operationId: create
+      operationId: appCreate
       summary: Create an application
       tags:
         - applications
@@ -1421,7 +1573,7 @@ paths:
                   $ref: "#/components/examples/application"
   "/applications/{appId}":
     put:
-      operationId: update
+      operationId: appUpdate
       summary: Update an application
       tags:
         - applications
@@ -1444,7 +1596,7 @@ paths:
                 application:
                   $ref: "#/components/examples/application"
     delete:
-      operationId: destroy
+      operationId: appDestroy
       summary: Delete an application
       tags:
         - applications
@@ -1461,7 +1613,7 @@ paths:
                 application:
                   $ref: "#/components/examples/application"
     get:
-      operationId: getById
+      operationId: appGetById
       summary: Retrieve an application
       tags:
         - applications
@@ -1479,7 +1631,7 @@ paths:
                   $ref: "#/components/examples/application"
   "/applications/{appId}/unpublish":
     post:
-      operationId: unpublish
+      operationId: appUnpublish
       summary: Unpublish an application
       tags:
         - applications
@@ -1490,7 +1642,7 @@ paths:
           description: The app was published successfully.
   "/applications/{appId}/publish":
     post:
-      operationId: publish
+      operationId: appPublish
       summary: Unpublish an application
       tags:
         - applications
@@ -1508,7 +1660,7 @@ paths:
                   $ref: "#/components/examples/deploymentOutput"
   /applications/search:
     post:
-      operationId: search
+      operationId: appSearch
       summary: Search for applications
       description: Based on application properties (currently only name) search for
         applications.
@@ -1531,9 +1683,26 @@ paths:
               examples:
                 applications:
                   $ref: "#/components/examples/applications"
+  /metrics:
+    get:
+      operationId: metricsGet
+      summary: Retrieve Budibase tenant metrics
+      description: Output metrics in OpenMetrics format compatible with Prometheus
+      tags:
+        - metrics
+      responses:
+        "200":
+          description: Returns tenant metrics.
+          content:
+            text/plain:
+              schema:
+                type: string
+              examples:
+                metrics:
+                  $ref: "#/components/examples/metrics"
   "/queries/{queryId}":
     post:
-      operationId: execute
+      operationId: queryExecute
       summary: Execute a query
       description: Queries which have been created within a Budibase app can be
         executed using this,
@@ -1562,7 +1731,7 @@ paths:
                   $ref: "#/components/examples/sqlResponse"
   /queries/search:
     post:
-      operationId: search
+      operationId: querySearch
       summary: Search for queries
       description: Based on query properties (currently only name) search for queries.
       tags:
@@ -1587,7 +1756,7 @@ paths:
                   $ref: "#/components/examples/queries"
   "/tables/{tableId}/rows":
     post:
-      operationId: create
+      operationId: rowCreate
       summary: Create a row
       description: Creates a row within the specified table.
       tags:
@@ -1618,7 +1787,7 @@ paths:
                   $ref: "#/components/examples/row"
   "/tables/{tableId}/rows/{rowId}":
     put:
-      operationId: update
+      operationId: rowUpdate
       summary: Update a row
       description: Updates a row within the specified table.
       tags:
@@ -1648,7 +1817,7 @@ paths:
                 row:
                   $ref: "#/components/examples/row"
     delete:
-      operationId: destroy
+      operationId: rowDestroy
       summary: Delete a row
       description: Deletes a row within the specified table.
       tags:
@@ -1669,7 +1838,7 @@ paths:
                 row:
                   $ref: "#/components/examples/row"
     get:
-      operationId: getById
+      operationId: rowGetById
       summary: Retrieve a row
       description: This gets a single row, it will be enriched with the full related
         rows, rather than the squashed "primaryDisplay" format returned by the
@@ -1692,7 +1861,7 @@ paths:
                   $ref: "#/components/examples/enrichedRow"
   "/tables/{tableId}/rows/search":
     post:
-      operationId: search
+      operationId: rowSearch
       summary: Search for rows
       tags:
         - rows
@@ -1718,7 +1887,7 @@ paths:
                   $ref: "#/components/examples/rows"
   /tables:
     post:
-      operationId: create
+      operationId: tableCreate
       summary: Create a table
       description: Create a table, this could be internal or external.
       tags:
@@ -1746,7 +1915,7 @@ paths:
                   $ref: "#/components/examples/table"
   "/tables/{tableId}":
     put:
-      operationId: update
+      operationId: tableUpdate
       summary: Update a table
       description: Update a table, this could be internal or external.
       tags:
@@ -1773,7 +1942,7 @@ paths:
                 table:
                   $ref: "#/components/examples/table"
     delete:
-      operationId: destroy
+      operationId: tableDestroy
       summary: Delete a table
       description: Delete a table, this could be internal or external.
       tags:
@@ -1792,7 +1961,7 @@ paths:
                 table:
                   $ref: "#/components/examples/table"
     get:
-      operationId: getById
+      operationId: tableGetById
       summary: Retrieve a table
       description: Lookup a table, this could be internal or external.
       tags:
@@ -1812,7 +1981,7 @@ paths:
                   $ref: "#/components/examples/table"
   /tables/search:
     post:
-      operationId: search
+      operationId: tableSearch
       summary: Search for tables
       description: Based on table properties (currently only name) search for tables.
         This could be an internal or an external table.
@@ -1838,7 +2007,7 @@ paths:
                   $ref: "#/components/examples/tables"
   /users:
     post:
-      operationId: create
+      operationId: userCreate
       summary: Create a user
       tags:
         - users
@@ -1860,7 +2029,7 @@ paths:
                   $ref: "#/components/examples/user"
   "/users/{userId}":
     put:
-      operationId: update
+      operationId: userUpdate
       summary: Update a user
       tags:
         - users
@@ -1883,7 +2052,7 @@ paths:
                 user:
                   $ref: "#/components/examples/user"
     delete:
-      operationId: destroy
+      operationId: userDestroy
       summary: Delete a user
       tags:
         - users
@@ -1900,7 +2069,7 @@ paths:
                 user:
                   $ref: "#/components/examples/user"
     get:
-      operationId: getById
+      operationId: userGetById
       summary: Retrieve a user
       tags:
         - users
@@ -1918,7 +2087,7 @@ paths:
                   $ref: "#/components/examples/user"
   /users/search:
     post:
-      operationId: search
+      operationId: userSearch
       summary: Search for users
       description: Based on user properties (currently only name) search for users.
       tags:
diff --git a/packages/server/specs/parameters.js b/packages/server/specs/parameters.ts
similarity index 86%
rename from packages/server/specs/parameters.js
rename to packages/server/specs/parameters.ts
index ca7a0a9a27..a928026bb1 100644
--- a/packages/server/specs/parameters.js
+++ b/packages/server/specs/parameters.ts
@@ -1,4 +1,4 @@
-exports.tableId = {
+export const tableId = {
   in: "path",
   name: "tableId",
   required: true,
@@ -8,7 +8,7 @@ exports.tableId = {
   },
 }
 
-exports.rowId = {
+export const rowId = {
   in: "path",
   name: "rowId",
   required: true,
@@ -18,7 +18,7 @@ exports.rowId = {
   },
 }
 
-exports.appId = {
+export const appId = {
   in: "header",
   name: "x-budibase-app-id",
   required: true,
@@ -28,7 +28,7 @@ exports.appId = {
   },
 }
 
-exports.appIdUrl = {
+export const appIdUrl = {
   in: "path",
   name: "appId",
   required: true,
@@ -38,7 +38,7 @@ exports.appIdUrl = {
   },
 }
 
-exports.queryId = {
+export const queryId = {
   in: "path",
   name: "queryId",
   required: true,
@@ -48,7 +48,7 @@ exports.queryId = {
   },
 }
 
-exports.userId = {
+export const userId = {
   in: "path",
   name: "userId",
   required: true,
diff --git a/packages/server/specs/resources/application.js b/packages/server/specs/resources/application.ts
similarity index 89%
rename from packages/server/specs/resources/application.js
rename to packages/server/specs/resources/application.ts
index 6e73817898..cd7a68c049 100644
--- a/packages/server/specs/resources/application.js
+++ b/packages/server/specs/resources/application.ts
@@ -1,6 +1,6 @@
-const userResource = require("./user")
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import userResource from "./user"
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const application = {
   _id: "app_metadata",
@@ -15,6 +15,12 @@ const application = {
   lockedBy: userResource.getExamples().user.value.user,
 }
 
+const deployment = {
+  _id: "ef12381f934b4f129675cdbb76eff3c2",
+  status: "SUCCESS",
+  appUrl: "/app-url",
+}
+
 const base = {
   name: {
     description: "The name of the app.",
@@ -96,7 +102,7 @@ const deploymentOutputSchema = object({
   },
 })
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     application: {
       value: {
@@ -108,6 +114,11 @@ module.exports = new Resource()
         data: [application],
       },
     },
+    deploymentOutput: {
+      value: {
+        data: deployment,
+      },
+    },
   })
   .setSchemas({
     application: applicationSchema,
diff --git a/packages/server/specs/resources/index.js b/packages/server/specs/resources/index.ts
similarity index 52%
rename from packages/server/specs/resources/index.js
rename to packages/server/specs/resources/index.ts
index 67421fa494..6b8a1aa437 100644
--- a/packages/server/specs/resources/index.js
+++ b/packages/server/specs/resources/index.ts
@@ -1,20 +1,22 @@
-const application = require("./application")
-const row = require("./row")
-const table = require("./table")
-const query = require("./query")
-const user = require("./user")
-const misc = require("./misc")
+import application from "./application"
+import row from "./row"
+import table from "./table"
+import query from "./query"
+import user from "./user"
+import metrics from "./metrics"
+import misc from "./misc"
 
-exports.examples = {
+export const examples = {
   ...application.getExamples(),
   ...row.getExamples(),
   ...table.getExamples(),
   ...query.getExamples(),
   ...user.getExamples(),
   ...misc.getExamples(),
+  ...metrics.getExamples(),
 }
 
-exports.schemas = {
+export const schemas = {
   ...application.getSchemas(),
   ...row.getSchemas(),
   ...table.getSchemas(),
diff --git a/packages/server/specs/resources/metrics.ts b/packages/server/specs/resources/metrics.ts
new file mode 100644
index 0000000000..1dfbe101d8
--- /dev/null
+++ b/packages/server/specs/resources/metrics.ts
@@ -0,0 +1,81 @@
+import Resource from "./utils/Resource"
+
+const metricsResponse =
+  "# HELP budibase_os_uptime Time in seconds that the host operating system has been up.\n" +
+  "# TYPE budibase_os_uptime counter\n" +
+  "budibase_os_uptime 54958\n" +
+  "# HELP budibase_os_free_mem Bytes of memory free for usage on the host operating system.\n" +
+  "# TYPE budibase_os_free_mem gauge\n" +
+  "budibase_os_free_mem 804507648\n" +
+  "# HELP budibase_os_total_mem Total bytes of memory on the host operating system.\n" +
+  "# TYPE budibase_os_total_mem gauge\n" +
+  "budibase_os_total_mem 16742404096\n" +
+  "# HELP budibase_os_used_mem Total bytes of memory in use on the host operating system.\n" +
+  "# TYPE budibase_os_used_mem gauge\n" +
+  "budibase_os_used_mem 15937896448\n" +
+  "# HELP budibase_os_load1 Host operating system load average.\n" +
+  "# TYPE budibase_os_load1 gauge\n" +
+  "budibase_os_load1 1.91\n" +
+  "# HELP budibase_os_load5 Host operating system load average.\n" +
+  "# TYPE budibase_os_load5 gauge\n" +
+  "budibase_os_load5 1.75\n" +
+  "# HELP budibase_os_load15 Host operating system load average.\n" +
+  "# TYPE budibase_os_load15 gauge\n" +
+  "budibase_os_load15 1.56\n" +
+  "# HELP budibase_tenant_user_count The number of users created.\n" +
+  "# TYPE budibase_tenant_user_count gauge\n" +
+  "budibase_tenant_user_count 1\n" +
+  "# HELP budibase_tenant_app_count The number of apps created by a user.\n" +
+  "# TYPE budibase_tenant_app_count gauge\n" +
+  "budibase_tenant_app_count 2\n" +
+  "# HELP budibase_tenant_production_app_count The number of apps a user has published.\n" +
+  "# TYPE budibase_tenant_production_app_count gauge\n" +
+  "budibase_tenant_production_app_count 1\n" +
+  "# HELP budibase_tenant_dev_app_count The number of apps a user has unpublished in development.\n" +
+  "# TYPE budibase_tenant_dev_app_count gauge\n" +
+  "budibase_tenant_dev_app_count 1\n" +
+  "# HELP budibase_tenant_db_count The number of couchdb databases including global tables such as _users.\n" +
+  "# TYPE budibase_tenant_db_count gauge\n" +
+  "budibase_tenant_db_count 3\n" +
+  "# HELP budibase_quota_usage_apps The number of apps created.\n" +
+  "# TYPE budibase_quota_usage_apps gauge\n" +
+  "budibase_quota_usage_apps 1\n" +
+  "# HELP budibase_quota_limit_apps The limit on the number of apps that can be created.\n" +
+  "# TYPE budibase_quota_limit_apps gauge\n" +
+  "budibase_quota_limit_apps 9007199254740991\n" +
+  "# HELP budibase_quota_usage_rows The number of database rows used from the quota.\n" +
+  "# TYPE budibase_quota_usage_rows gauge\n" +
+  "budibase_quota_usage_rows 0\n" +
+  "# HELP budibase_quota_limit_rows The limit on the number of rows that can be created.\n" +
+  "# TYPE budibase_quota_limit_rows gauge\n" +
+  "budibase_quota_limit_rows 9007199254740991\n" +
+  "# HELP budibase_quota_usage_plugins The number of plugins in use.\n" +
+  "# TYPE budibase_quota_usage_plugins gauge\n" +
+  "budibase_quota_usage_plugins 0\n" +
+  "# HELP budibase_quota_limit_plugins The limit on the number of plugins that can be created.\n" +
+  "# TYPE budibase_quota_limit_plugins gauge\n" +
+  "budibase_quota_limit_plugins 9007199254740991\n" +
+  "# HELP budibase_quota_usage_user_groups The number of user groups created.\n" +
+  "# TYPE budibase_quota_usage_user_groups gauge\n" +
+  "budibase_quota_usage_user_groups 0\n" +
+  "# HELP budibase_quota_limit_user_groups The limit on the number of user groups that can be created.\n" +
+  "# TYPE budibase_quota_limit_user_groups gauge\n" +
+  "budibase_quota_limit_user_groups 9007199254740991\n" +
+  "# HELP budibase_quota_usage_queries The number of queries used in the current month.\n" +
+  "# TYPE budibase_quota_usage_queries gauge\n" +
+  "budibase_quota_usage_queries 0\n" +
+  "# HELP budibase_quota_limit_queries The limit on the number of queries for the current month.\n" +
+  "# TYPE budibase_quota_limit_queries gauge\n" +
+  "budibase_quota_limit_queries 9007199254740991\n" +
+  "# HELP budibase_quota_usage_automations The number of automations used in the current month.\n" +
+  "# TYPE budibase_quota_usage_automations gauge\n" +
+  "budibase_quota_usage_automations 0\n" +
+  "# HELP budibase_quota_limit_automations The limit on the number of automations that can be created.\n" +
+  "# TYPE budibase_quota_limit_automations gauge\n" +
+  "budibase_quota_limit_automations 9007199254740991\n"
+
+export default new Resource().setExamples({
+  metrics: {
+    value: metricsResponse,
+  },
+})
diff --git a/packages/server/specs/resources/misc.js b/packages/server/specs/resources/misc.ts
similarity index 96%
rename from packages/server/specs/resources/misc.js
rename to packages/server/specs/resources/misc.ts
index 32a81da9ec..16cb831c86 100644
--- a/packages/server/specs/resources/misc.js
+++ b/packages/server/specs/resources/misc.ts
@@ -1,7 +1,7 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
-module.exports = new Resource().setSchemas({
+export default new Resource().setSchemas({
   rowSearch: object(
     {
       query: {
diff --git a/packages/server/specs/resources/query.js b/packages/server/specs/resources/query.ts
similarity index 96%
rename from packages/server/specs/resources/query.js
rename to packages/server/specs/resources/query.ts
index 1442e46a04..1db80e6011 100644
--- a/packages/server/specs/resources/query.js
+++ b/packages/server/specs/resources/query.ts
@@ -1,6 +1,6 @@
-const Resource = require("./utils/Resource")
-const { object } = require("./utils")
-const { BaseQueryVerbs } = require("../../src/constants")
+import Resource from "./utils/Resource"
+import { object } from "./utils"
+import { BaseQueryVerbs } from "../../src/constants"
 
 const query = {
   _id: "query_datasource_plus_4d8be0c506b9465daf4bf84d890fdab6_454854487c574d45bc4029b1e153219e",
@@ -189,7 +189,7 @@ const executeQueryOutputSchema = object(
   { required: ["data"] }
 )
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     query: {
       value: {
diff --git a/packages/server/specs/resources/row.js b/packages/server/specs/resources/row.ts
similarity index 94%
rename from packages/server/specs/resources/row.js
rename to packages/server/specs/resources/row.ts
index 4e6359a029..aeb66b8e46 100644
--- a/packages/server/specs/resources/row.js
+++ b/packages/server/specs/resources/row.ts
@@ -1,5 +1,5 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const baseRow = {
   _id: "ro_ta_5b1649e42a5b41dea4ef7742a36a7a70_e6dc7e38cf1343b2b56760265201cda4",
@@ -56,7 +56,6 @@ const rowSchema = {
 const rowOutputSchema = {
   ...rowSchema,
   properties: {
-    ...rowSchema.properties,
     _id: {
       description: "The ID of the row.",
       type: "string",
@@ -93,7 +92,7 @@ const searchOutputSchema = {
   },
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     inputRow: {
       value: inputRow,
diff --git a/packages/server/specs/resources/table.js b/packages/server/specs/resources/table.ts
similarity index 97%
rename from packages/server/specs/resources/table.js
rename to packages/server/specs/resources/table.ts
index 523a3a9dfd..0fd063beb7 100644
--- a/packages/server/specs/resources/table.js
+++ b/packages/server/specs/resources/table.ts
@@ -1,10 +1,10 @@
-const {
+import {
   FieldTypes,
   RelationshipTypes,
   FormulaTypes,
-} = require("../../src/constants")
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+} from "../../src/constants"
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const table = {
   _id: "ta_5b1649e42a5b41dea4ef7742a36a7a70",
@@ -170,7 +170,7 @@ const tableOutputSchema = {
   required: [...tableSchema.required, "_id"],
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     table: {
       value: {
diff --git a/packages/server/specs/resources/user.js b/packages/server/specs/resources/user.ts
similarity index 96%
rename from packages/server/specs/resources/user.js
rename to packages/server/specs/resources/user.ts
index 8fb505dfb5..a7b9f1ddb9 100644
--- a/packages/server/specs/resources/user.js
+++ b/packages/server/specs/resources/user.ts
@@ -1,5 +1,5 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const user = {
   _id: "us_693a73206518477283a8d5ae31103252",
@@ -105,7 +105,7 @@ const userOutputSchema = {
   required: [...userSchema.required, "_id"],
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     user: {
       value: {
diff --git a/packages/server/specs/resources/utils/Resource.js b/packages/server/specs/resources/utils/Resource.js
deleted file mode 100644
index 69ed7001a6..0000000000
--- a/packages/server/specs/resources/utils/Resource.js
+++ /dev/null
@@ -1,26 +0,0 @@
-class Resource {
-  constructor() {
-    this.examples = {}
-    this.schemas = {}
-  }
-
-  setExamples(examples) {
-    this.examples = examples
-    return this
-  }
-
-  setSchemas(schemas) {
-    this.schemas = schemas
-    return this
-  }
-
-  getExamples() {
-    return this.examples
-  }
-
-  getSchemas() {
-    return this.schemas
-  }
-}
-
-module.exports = Resource
diff --git a/packages/server/specs/resources/utils/Resource.ts b/packages/server/specs/resources/utils/Resource.ts
new file mode 100644
index 0000000000..3b9065db82
--- /dev/null
+++ b/packages/server/specs/resources/utils/Resource.ts
@@ -0,0 +1,39 @@
+type Example = {
+  [key: string]: {
+    [key: string]: any
+  }
+}
+
+type Schema = {
+  [key: string]: {
+    [key: string]: any
+  }
+}
+
+export default class Resource {
+  examples: Example
+  schemas: Schema
+
+  constructor() {
+    this.examples = {}
+    this.schemas = {}
+  }
+
+  setExamples(examples: Example) {
+    this.examples = examples
+    return this
+  }
+
+  setSchemas(schemas: Schema) {
+    this.schemas = schemas
+    return this
+  }
+
+  getExamples() {
+    return this.examples
+  }
+
+  getSchemas() {
+    return this.schemas
+  }
+}
diff --git a/packages/server/specs/resources/utils/index.js b/packages/server/specs/resources/utils/index.ts
similarity index 79%
rename from packages/server/specs/resources/utils/index.js
rename to packages/server/specs/resources/utils/index.ts
index 9bd0ecc6cf..6791fb06d7 100644
--- a/packages/server/specs/resources/utils/index.js
+++ b/packages/server/specs/resources/utils/index.ts
@@ -1,4 +1,4 @@
-exports.object = (props, opts) => {
+export const object = (props: any, opts?: any) => {
   const base = {
     type: "object",
     properties: props,
diff --git a/packages/server/specs/security.js b/packages/server/specs/security.ts
similarity index 87%
rename from packages/server/specs/security.js
rename to packages/server/specs/security.ts
index cbdeb40c63..e431801a07 100644
--- a/packages/server/specs/security.js
+++ b/packages/server/specs/security.ts
@@ -1,4 +1,4 @@
-exports.ApiKeyAuth = {
+export const ApiKeyAuth = {
   type: "apiKey",
   in: "header",
   name: "x-budibase-api-key",
diff --git a/packages/server/src/api/controllers/cloud.ts b/packages/server/src/api/controllers/cloud.ts
index 7f43f21fc9..7be00e3a1d 100644
--- a/packages/server/src/api/controllers/cloud.ts
+++ b/packages/server/src/api/controllers/cloud.ts
@@ -58,7 +58,7 @@ export async function exportApps(ctx: Ctx) {
 }
 
 async function checkHasBeenImported() {
-  if (!env.SELF_HOSTED || env.MULTI_TENANCY) {
+  if (!env.SELF_HOSTED) {
     return true
   }
   const apps = await dbCore.getAllApps({ all: true })
@@ -72,7 +72,7 @@ export async function hasBeenImported(ctx: Ctx) {
 }
 
 export async function importApps(ctx: Ctx) {
-  if (!env.SELF_HOSTED || env.MULTI_TENANCY) {
+  if (!env.SELF_HOSTED) {
     ctx.throw(400, "Importing only allowed in self hosted environments.")
   }
   const beenImported = await checkHasBeenImported()
diff --git a/packages/server/src/api/controllers/public/metrics.ts b/packages/server/src/api/controllers/public/metrics.ts
new file mode 100644
index 0000000000..b6a8de3b7c
--- /dev/null
+++ b/packages/server/src/api/controllers/public/metrics.ts
@@ -0,0 +1,251 @@
+import { Ctx } from "@budibase/types"
+import { users as userCore, db as dbCore } from "@budibase/backend-core"
+import { quotas, licensing } from "@budibase/pro"
+
+import os from "os"
+
+export async function fetch(ctx: Ctx) {
+  // *** OPERATING SYSTEM ***
+  const freeMem = os.freemem()
+  const totalMem = os.totalmem()
+  const usedMem = totalMem - freeMem
+  const uptime = os.uptime()
+
+  // *** APPS ***
+  const allDatabases = await dbCore.getAllDbs()
+  const devAppIDs = await dbCore.getDevAppIDs()
+  const prodAppIDs = await dbCore.getProdAppIDs()
+  const allAppIds = await dbCore.getAllApps({ idsOnly: true })
+
+  // *** USERS ***
+  const usersObject = await userCore.getAllUserIds()
+
+  // *** QUOTAS ***
+  const usage = await quotas.getQuotaUsage()
+  const license = await licensing.cache.getCachedLicense()
+  const appsQuotaUsage = usage.usageQuota.apps
+  const rowsQuotaUsage = usage.usageQuota.rows
+  const pluginsQuotaUsage = usage.usageQuota.plugins
+  const userGroupsQuotaUsage = usage.usageQuota.userGroups
+  const queryQuotaUsage = usage.monthly.current.queries
+  const automationsQuotaUsage = usage.monthly.current.automations
+  const appsQuotaLimit = license.quotas.usage.static.apps.value
+  const rowsQuotaLimit = license.quotas.usage.static.rows.value
+  const userGroupsQuotaLimit = license.quotas.usage.static.userGroups.value
+  const pluginsQuotaLimit = license.quotas.usage.static.plugins.value
+  const queryQuotaLimit = license.quotas.usage.monthly.queries.value
+  const automationsQuotaLimit = license.quotas.usage.monthly.automations.value
+
+  // *** BUILD THE OUTPUT STRING ***
+  var outputString = ""
+
+  // **** budibase_os_uptime ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_uptime",
+    "Time in seconds that the host operating system has been up",
+    "counter",
+    uptime
+  )
+
+  // **** budibase_os_free_mem ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_free_mem",
+    "Bytes of memory free for usage on the host operating system",
+    "gauge",
+    freeMem
+  )
+
+  // **** budibase_os_total_mem ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_total_mem",
+    "Total bytes of memory on the host operating system",
+    "gauge",
+    totalMem
+  )
+
+  // **** budibase_os_used_mem ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_used_mem",
+    "Total bytes of memory in use on the host operating system",
+    "gauge",
+    usedMem
+  )
+
+  // **** budibase_os_load1 ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_load1",
+    "Host operating system load average",
+    "gauge",
+    os.loadavg()[0]
+  )
+
+  // **** budibase_os_load5 ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_load5",
+    "Host operating system load average",
+    "gauge",
+    os.loadavg()[1]
+  )
+  // **** budibase_os_load15 ****
+  outputString += convertToOpenMetrics(
+    "budibase_os_load15",
+    "Host operating system load average",
+    "gauge",
+    os.loadavg()[2]
+  )
+
+  // **** budibase_tenant_user_count ****
+  outputString += convertToOpenMetrics(
+    "budibase_tenant_user_count",
+    "The number of users created",
+    "gauge",
+    usersObject.length
+  )
+
+  // **** budibase_tenant_app_count ****
+  outputString += convertToOpenMetrics(
+    "budibase_tenant_app_count",
+    "The number of apps created by a user",
+    "gauge",
+    allAppIds.length
+  )
+
+  // **** budibase_tenant_production_app_count ****
+  outputString += convertToOpenMetrics(
+    "budibase_tenant_production_app_count",
+    "The number of apps a user has published",
+    "gauge",
+    prodAppIDs.length
+  )
+
+  // **** budibase_tenant_dev_app_count ****
+  outputString += convertToOpenMetrics(
+    "budibase_tenant_dev_app_count",
+    "The number of apps a user has unpublished in development",
+    "gauge",
+    devAppIDs.length
+  )
+
+  // **** budibase_tenant_db_count ****
+  outputString += convertToOpenMetrics(
+    "budibase_tenant_db_count",
+    "The number of couchdb databases including global tables such as _users",
+    "gauge",
+    allDatabases.length
+  )
+
+  // **** budibase_quota_usage_apps ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_apps",
+    "The number of apps created",
+    "gauge",
+    appsQuotaUsage
+  )
+
+  // **** budibase_quota_limit_apps ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_apps",
+    "The limit on the number of apps that can be created",
+    "gauge",
+    appsQuotaLimit == -1 ? Number.MAX_SAFE_INTEGER : appsQuotaLimit
+  )
+
+  // **** budibase_quota_usage_rows ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_rows",
+    "The number of database rows used from the quota",
+    "gauge",
+    rowsQuotaUsage
+  )
+
+  // **** budibase_quota_limit_rows ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_rows",
+    "The limit on the number of rows that can be created",
+    "gauge",
+    rowsQuotaLimit == -1 ? Number.MAX_SAFE_INTEGER : rowsQuotaLimit
+  )
+
+  // **** budibase_quota_usage_plugins ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_plugins",
+    "The number of plugins in use",
+    "gauge",
+    pluginsQuotaUsage
+  )
+
+  // **** budibase_quota_limit_plugins ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_plugins",
+    "The limit on the number of plugins that can be created",
+    "gauge",
+    pluginsQuotaLimit == -1 ? Number.MAX_SAFE_INTEGER : pluginsQuotaLimit
+  )
+
+  // **** budibase_quota_usage_user_groups ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_user_groups",
+    "The number of user groups created",
+    "gauge",
+    userGroupsQuotaUsage
+  )
+
+  // **** budibase_quota_limit_user_groups ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_user_groups",
+    "The limit on the number of user groups that can be created",
+    "gauge",
+    userGroupsQuotaLimit == -1 ? Number.MAX_SAFE_INTEGER : userGroupsQuotaLimit
+  )
+
+  // **** budibase_quota_usage_queries ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_queries",
+    "The number of queries used in the current month",
+    "gauge",
+    queryQuotaUsage
+  )
+
+  // **** budibase_quota_limit_queries ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_queries",
+    "The limit on the number of queries for the current month",
+    "gauge",
+    queryQuotaLimit == -1 ? Number.MAX_SAFE_INTEGER : queryQuotaLimit
+  )
+
+  // **** budibase_quota_usage_automations ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_usage_automations",
+    "The number of automations used in the current month",
+    "gauge",
+    automationsQuotaUsage
+  )
+
+  // **** budibase_quota_limit_automations ****
+  outputString += convertToOpenMetrics(
+    "budibase_quota_limit_automations",
+    "The limit on the number of automations that can be created",
+    "gauge",
+    automationsQuotaLimit == -1
+      ? Number.MAX_SAFE_INTEGER
+      : automationsQuotaLimit
+  )
+  ctx.body = outputString
+  ctx.set("Content-Type", "text/plain")
+}
+
+export function convertToOpenMetrics(
+  metricName: string,
+  metricHelp: string,
+  metricType: string,
+  metricValue: number
+) {
+  return `# HELP ${metricName} ${metricHelp}.
+# TYPE ${metricName} ${metricType}
+${metricName} ${metricValue}\n`
+}
+
+export default {
+  fetch,
+}
diff --git a/packages/server/src/api/controllers/row/ExternalRequest.ts b/packages/server/src/api/controllers/row/ExternalRequest.ts
index c3b7636636..44b38bbeac 100644
--- a/packages/server/src/api/controllers/row/ExternalRequest.ts
+++ b/packages/server/src/api/controllers/row/ExternalRequest.ts
@@ -11,6 +11,8 @@ import {
   Row,
   Table,
   RelationshipTypes,
+  FieldType,
+  SortType,
 } from "@budibase/types"
 import {
   breakRowIdField,
@@ -24,8 +26,7 @@ import { breakExternalTableId, isSQL } from "../../../integrations/utils"
 import { processObjectSync } from "@budibase/string-templates"
 import { cloneDeep } from "lodash/fp"
 import { processFormulas, processDates } from "../../../utilities/rowProcessor"
-import { context } from "@budibase/backend-core"
-import { removeKeyNumbering } from "./utils"
+import { db as dbCore } from "@budibase/backend-core"
 import sdk from "../../../sdk"
 
 export interface ManyRelationship {
@@ -61,7 +62,7 @@ function buildFilters(
     let prefix = 1
     for (let operator of Object.values(filters)) {
       for (let field of Object.keys(operator || {})) {
-        if (removeKeyNumbering(field) === "_id") {
+        if (dbCore.removeKeyNumbering(field) === "_id") {
           if (primary) {
             const parts = breakRowIdField(operator[field])
             for (let field of primary) {
@@ -750,8 +751,16 @@ export class ExternalRequest {
     )
     //if the sort column is a formula, remove it
     for (let sortColumn of Object.keys(sort || {})) {
-      if (table.schema[sortColumn]?.type === "formula") {
-        delete sort?.[sortColumn]
+      if (!sort?.[sortColumn]) {
+        continue
+      }
+      switch (table.schema[sortColumn]?.type) {
+        case FieldType.FORMULA:
+          delete sort?.[sortColumn]
+          break
+        case FieldType.NUMBER:
+          sort[sortColumn].type = SortType.number
+          break
       }
     }
     filters = buildFilters(id, filters || {}, table)
diff --git a/packages/server/src/api/controllers/row/external.ts b/packages/server/src/api/controllers/row/external.ts
index 1b2301f139..8a7a9a6c69 100644
--- a/packages/server/src/api/controllers/row/external.ts
+++ b/packages/server/src/api/controllers/row/external.ts
@@ -8,7 +8,6 @@ import {
   breakRowIdField,
 } from "../../../integrations/utils"
 import { ExternalRequest, RunConfig } from "./ExternalRequest"
-import { context } from "@budibase/backend-core"
 import * as exporters from "../view/exporters"
 import { apiFileReturn } from "../../../utilities/fileSystem"
 import {
@@ -19,6 +18,7 @@ import {
   Table,
   Datasource,
   IncludeRelationship,
+  SortJson,
 } from "@budibase/types"
 import sdk from "../../../sdk"
 
@@ -142,14 +142,14 @@ export async function search(ctx: BBContext) {
       limit: limit,
     }
   }
-  let sort
+  let sort: SortJson | undefined
   if (params.sort) {
     const direction =
       params.sortOrder === "descending"
         ? SortDirection.DESCENDING
         : SortDirection.ASCENDING
     sort = {
-      [params.sort]: direction,
+      [params.sort]: { direction },
     }
   }
   try {
diff --git a/packages/server/src/api/controllers/row/internalSearch.ts b/packages/server/src/api/controllers/row/internalSearch.ts
index 7068aabc5a..9dc12342d6 100644
--- a/packages/server/src/api/controllers/row/internalSearch.ts
+++ b/packages/server/src/api/controllers/row/internalSearch.ts
@@ -1,531 +1,18 @@
-import { SearchIndexes } from "../../../db/utils"
-import { removeKeyNumbering } from "./utils"
-import fetch from "node-fetch"
-import { db as dbCore, context } from "@budibase/backend-core"
-import { SearchFilters, Row } from "@budibase/types"
+import { db as dbCore, context, SearchParams } from "@budibase/backend-core"
+import { SearchFilters, Row, SearchIndex } from "@budibase/types"
 
-type SearchParams = {
-  tableId: string
-  sort?: string
-  sortOrder?: string
-  sortType?: string
-  limit?: number
-  bookmark?: string
-  version?: string
-  rows?: Row[]
-}
-
-/**
- * Class to build lucene query URLs.
- * Optionally takes a base lucene query object.
- */
-export class QueryBuilder {
-  query: SearchFilters
-  limit: number
-  sort?: string
-  bookmark?: string
-  sortOrder: string
-  sortType: string
-  includeDocs: boolean
-  version?: string
-
-  constructor(base?: SearchFilters) {
-    this.query = {
-      allOr: false,
-      string: {},
-      fuzzy: {},
-      range: {},
-      equal: {},
-      notEqual: {},
-      empty: {},
-      notEmpty: {},
-      oneOf: {},
-      contains: {},
-      notContains: {},
-      containsAny: {},
-      ...base,
-    }
-    this.limit = 50
-    this.sortOrder = "ascending"
-    this.sortType = "string"
-    this.includeDocs = true
-  }
-
-  setVersion(version?: string) {
-    if (version != null) {
-      this.version = version
-    }
-    return this
-  }
-
-  setTable(tableId: string) {
-    this.query.equal!.tableId = tableId
-    return this
-  }
-
-  setLimit(limit?: number) {
-    if (limit != null) {
-      this.limit = limit
-    }
-    return this
-  }
-
-  setSort(sort?: string) {
-    if (sort != null) {
-      this.sort = sort
-    }
-    return this
-  }
-
-  setSortOrder(sortOrder?: string) {
-    if (sortOrder != null) {
-      this.sortOrder = sortOrder
-    }
-    return this
-  }
-
-  setSortType(sortType?: string) {
-    if (sortType != null) {
-      this.sortType = sortType
-    }
-    return this
-  }
-
-  setBookmark(bookmark?: string) {
-    if (bookmark != null) {
-      this.bookmark = bookmark
-    }
-    return this
-  }
-
-  excludeDocs() {
-    this.includeDocs = false
-    return this
-  }
-
-  addString(key: string, partial: string) {
-    this.query.string![key] = partial
-    return this
-  }
-
-  addFuzzy(key: string, fuzzy: string) {
-    this.query.fuzzy![key] = fuzzy
-    return this
-  }
-
-  addRange(key: string, low: string | number, high: string | number) {
-    this.query.range![key] = {
-      low,
-      high,
-    }
-    return this
-  }
-
-  addEqual(key: string, value: any) {
-    this.query.equal![key] = value
-    return this
-  }
-
-  addNotEqual(key: string, value: any) {
-    this.query.notEqual![key] = value
-    return this
-  }
-
-  addEmpty(key: string, value: any) {
-    this.query.empty![key] = value
-    return this
-  }
-
-  addNotEmpty(key: string, value: any) {
-    this.query.notEmpty![key] = value
-    return this
-  }
-
-  addOneOf(key: string, value: any) {
-    this.query.oneOf![key] = value
-    return this
-  }
-
-  addContains(key: string, value: any) {
-    this.query.contains![key] = value
-    return this
-  }
-
-  addNotContains(key: string, value: any) {
-    this.query.notContains![key] = value
-    return this
-  }
-
-  addContainsAny(key: string, value: any) {
-    this.query.containsAny![key] = value
-    return this
-  }
-
-  /**
-   * Preprocesses a value before going into a lucene search.
-   * Transforms strings to lowercase and wraps strings and bools in quotes.
-   * @param value The value to process
-   * @param options The preprocess options
-   * @returns {string|*}
-   */
-  preprocess(value: any, { escape, lowercase, wrap, type }: any = {}) {
-    const hasVersion = !!this.version
-    // Determine if type needs wrapped
-    const originalType = typeof value
-    // Convert to lowercase
-    if (value && lowercase) {
-      value = value.toLowerCase ? value.toLowerCase() : value
-    }
-    // Escape characters
-    if (escape && originalType === "string") {
-      value = `${value}`.replace(/[ #+\-&|!(){}\]^"~*?:\\]/g, "\\$&")
-    }
-
-    // Wrap in quotes
-    if (originalType === "string" && !isNaN(value) && !type) {
-      value = `"${value}"`
-    } else if (hasVersion && wrap) {
-      value = originalType === "number" ? value : `"${value}"`
-    }
-    return value
-  }
-
-  buildSearchQuery() {
-    const builder = this
-    let allOr = this.query && this.query.allOr
-    let query = allOr ? "" : "*:*"
-    const allPreProcessingOpts = { escape: true, lowercase: true, wrap: true }
-    let tableId
-    if (this.query.equal!.tableId) {
-      tableId = this.query.equal!.tableId
-      delete this.query.equal!.tableId
-    }
-
-    const equal = (key: string, value: any) => {
-      // 0 evaluates to false, which means we would return all rows if we don't check it
-      if (!value && value !== 0) {
-        return null
-      }
-      return `${key}:${builder.preprocess(value, allPreProcessingOpts)}`
-    }
-
-    const contains = (key: string, value: any, mode = "AND") => {
-      if (Array.isArray(value) && value.length === 0) {
-        return null
-      }
-      if (!Array.isArray(value)) {
-        return `${key}:${value}`
-      }
-      let statement = `${builder.preprocess(value[0], { escape: true })}`
-      for (let i = 1; i < value.length; i++) {
-        statement += ` ${mode} ${builder.preprocess(value[i], {
-          escape: true,
-        })}`
-      }
-      return `${key}:(${statement})`
-    }
-
-    const notContains = (key: string, value: any) => {
-      // @ts-ignore
-      const allPrefix = allOr === "" ? "*:* AND" : ""
-      return allPrefix + "NOT " + contains(key, value)
-    }
-
-    const containsAny = (key: string, value: any) => {
-      return contains(key, value, "OR")
-    }
-
-    const oneOf = (key: string, value: any) => {
-      if (!Array.isArray(value)) {
-        if (typeof value === "string") {
-          value = value.split(",")
-        } else {
-          return ""
-        }
-      }
-      let orStatement = `${builder.preprocess(value[0], allPreProcessingOpts)}`
-      for (let i = 1; i < value.length; i++) {
-        orStatement += ` OR ${builder.preprocess(
-          value[i],
-          allPreProcessingOpts
-        )}`
-      }
-      return `${key}:(${orStatement})`
-    }
-
-    function build(structure: any, queryFn: any) {
-      for (let [key, value] of Object.entries(structure)) {
-        // check for new format - remove numbering if needed
-        key = removeKeyNumbering(key)
-        key = builder.preprocess(key.replace(/ /g, "_"), {
-          escape: true,
-        })
-        const expression = queryFn(key, value)
-        if (expression == null) {
-          continue
-        }
-        if (query.length > 0) {
-          query += ` ${allOr ? "OR" : "AND"} `
-        }
-        query += expression
-      }
-    }
-
-    // Construct the actual lucene search query string from JSON structure
-    if (this.query.string) {
-      build(this.query.string, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        value = builder.preprocess(value, {
-          escape: true,
-          lowercase: true,
-          type: "string",
-        })
-        return `${key}:${value}*`
-      })
-    }
-    if (this.query.range) {
-      build(this.query.range, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        if (value.low == null || value.low === "") {
-          return null
-        }
-        if (value.high == null || value.high === "") {
-          return null
-        }
-        const low = builder.preprocess(value.low, allPreProcessingOpts)
-        const high = builder.preprocess(value.high, allPreProcessingOpts)
-        return `${key}:[${low} TO ${high}]`
-      })
-    }
-    if (this.query.fuzzy) {
-      build(this.query.fuzzy, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        value = builder.preprocess(value, {
-          escape: true,
-          lowercase: true,
-          type: "fuzzy",
-        })
-        return `${key}:${value}~`
-      })
-    }
-    if (this.query.equal) {
-      build(this.query.equal, equal)
-    }
-    if (this.query.notEqual) {
-      build(this.query.notEqual, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        return `!${key}:${builder.preprocess(value, allPreProcessingOpts)}`
-      })
-    }
-    if (this.query.empty) {
-      build(this.query.empty, (key: string) => `!${key}:["" TO *]`)
-    }
-    if (this.query.notEmpty) {
-      build(this.query.notEmpty, (key: string) => `${key}:["" TO *]`)
-    }
-    if (this.query.oneOf) {
-      build(this.query.oneOf, oneOf)
-    }
-    if (this.query.contains) {
-      build(this.query.contains, contains)
-    }
-    if (this.query.notContains) {
-      build(this.query.notContains, notContains)
-    }
-    if (this.query.containsAny) {
-      build(this.query.containsAny, containsAny)
-    }
-    // make sure table ID is always added as an AND
-    if (tableId) {
-      query = `(${query})`
-      allOr = false
-      build({ tableId }, equal)
-    }
-    return query
-  }
-
-  buildSearchBody() {
-    let body: any = {
-      q: this.buildSearchQuery(),
-      limit: Math.min(this.limit, 200),
-      include_docs: this.includeDocs,
-    }
-    if (this.bookmark) {
-      body.bookmark = this.bookmark
-    }
-    if (this.sort) {
-      const order = this.sortOrder === "descending" ? "-" : ""
-      const type = `<${this.sortType}>`
-      body.sort = `${order}${this.sort.replace(/ /g, "_")}${type}`
-    }
-    return body
-  }
-
-  async run() {
-    const appId = context.getAppId()
-    const { url, cookie } = dbCore.getCouchInfo()
-    const fullPath = `${url}/${appId}/_design/database/_search/${SearchIndexes.ROWS}`
-    const body = this.buildSearchBody()
-    return await runQuery(fullPath, body, cookie)
-  }
-}
-
-/**
- * Executes a lucene search query.
- * @param url The query URL
- * @param body The request body defining search criteria
- * @param cookie The auth cookie for CouchDB
- * @returns {Promise<{rows: []}>}
- */
-const runQuery = async (url: string, body: any, cookie: string) => {
-  const response = await fetch(url, {
-    body: JSON.stringify(body),
-    method: "POST",
-    headers: {
-      Authorization: cookie,
-    },
-  })
-  const json = await response.json()
-
-  let output: any = {
-    rows: [],
-  }
-  if (json.rows != null && json.rows.length > 0) {
-    output.rows = json.rows.map((row: any) => row.doc)
-  }
-  if (json.bookmark) {
-    output.bookmark = json.bookmark
-  }
-  return output
-}
-
-/**
- * Gets round the fixed limit of 200 results from a query by fetching as many
- * pages as required and concatenating the results. This recursively operates
- * until enough results have been found.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The number of results to fetch
- *   bookmark {string|null} Current bookmark in the recursive search
- *   rows {array|null} Current results in the recursive search
- * @returns {Promise<*[]|*>}
- */
-async function recursiveSearch(query: any, params: any): Promise<any> {
-  const bookmark = params.bookmark
-  const rows = params.rows || []
-  if (rows.length >= params.limit) {
-    return rows
-  }
-  let pageSize = 200
-  if (rows.length > params.limit - 200) {
-    pageSize = params.limit - rows.length
-  }
-  const page = await new QueryBuilder(query)
-    .setVersion(params.version)
-    .setTable(params.tableId)
-    .setBookmark(bookmark)
-    .setLimit(pageSize)
-    .setSort(params.sort)
-    .setSortOrder(params.sortOrder)
-    .setSortType(params.sortType)
-    .run()
-  if (!page.rows.length) {
-    return rows
-  }
-  if (page.rows.length < 200) {
-    return [...rows, ...page.rows]
-  }
-  const newParams = {
-    ...params,
-    bookmark: page.bookmark,
-    rows: [...rows, ...page.rows],
-  }
-  return await recursiveSearch(query, newParams)
-}
-
-/**
- * Performs a paginated search. A bookmark will be returned to allow the next
- * page to be fetched. There is a max limit off 200 results per page in a
- * paginated search.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The desired page size
- *   bookmark {string} The bookmark to resume from
- * @returns {Promise<{hasNextPage: boolean, rows: *[]}>}
- */
 export async function paginatedSearch(
   query: SearchFilters,
-  params: SearchParams
+  params: SearchParams<Row>
 ) {
-  let limit = params.limit
-  if (limit == null || isNaN(limit) || limit < 0) {
-    limit = 50
-  }
-  limit = Math.min(limit, 200)
-  const search = new QueryBuilder(query)
-    .setVersion(params.version)
-    .setTable(params.tableId)
-    .setSort(params.sort)
-    .setSortOrder(params.sortOrder)
-    .setSortType(params.sortType)
-  const searchResults = await search
-    .setBookmark(params.bookmark)
-    .setLimit(limit)
-    .run()
-
-  // Try fetching 1 row in the next page to see if another page of results
-  // exists or not
-  const nextResults = await search
-    .setTable(params.tableId)
-    .setBookmark(searchResults.bookmark)
-    .setLimit(1)
-    .run()
-
-  return {
-    ...searchResults,
-    hasNextPage: nextResults.rows && nextResults.rows.length > 0,
-  }
+  const appId = context.getAppId()
+  return dbCore.paginatedSearch(appId!, SearchIndex.ROWS, query, params)
 }
 
-/**
- * Performs a full search, fetching multiple pages if required to return the
- * desired amount of results. There is a limit of 1000 results to avoid
- * heavy performance hits, and to avoid client components breaking from
- * handling too much data.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The desired number of results
- * @returns {Promise<{rows: *}>}
- */
-export async function fullSearch(query: SearchFilters, params: SearchParams) {
-  let limit = params.limit
-  if (limit == null || isNaN(limit) || limit < 0) {
-    limit = 1000
-  }
-  params.limit = Math.min(limit, 1000)
-  const rows = await recursiveSearch(query, params)
-  return { rows }
+export async function fullSearch(
+  query: SearchFilters,
+  params: SearchParams<Row>
+) {
+  const appId = context.getAppId()
+  return dbCore.fullSearch(appId!, SearchIndex.ROWS, query, params)
 }
diff --git a/packages/server/src/api/controllers/row/utils.ts b/packages/server/src/api/controllers/row/utils.ts
index f0f1075205..82232b7f98 100644
--- a/packages/server/src/api/controllers/row/utils.ts
+++ b/packages/server/src/api/controllers/row/utils.ts
@@ -3,8 +3,7 @@ import * as userController from "../user"
 import { FieldTypes } from "../../../constants"
 import { context } from "@budibase/backend-core"
 import { makeExternalQuery } from "../../../integrations/base/query"
-import { BBContext, Row, Table } from "@budibase/types"
-export { removeKeyNumbering } from "../../../integrations/base/utils"
+import { Row, Table } from "@budibase/types"
 const validateJs = require("validate.js")
 const { cloneDeep } = require("lodash/fp")
 import { Format } from "../view/exporters"
diff --git a/packages/server/src/api/routes/public/applications.ts b/packages/server/src/api/routes/public/applications.ts
index 9d6c380e60..088d974e6c 100644
--- a/packages/server/src/api/routes/public/applications.ts
+++ b/packages/server/src/api/routes/public/applications.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /applications:
  *   post:
- *     operationId: create
+ *     operationId: appCreate
  *     summary: Create an application
  *     tags:
  *       - applications
@@ -42,7 +42,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   put:
- *     operationId: update
+ *     operationId: appUpdate
  *     summary: Update an application
  *     tags:
  *       - applications
@@ -75,7 +75,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: appDestroy
  *     summary: Delete an application
  *     tags:
  *       - applications
@@ -98,7 +98,7 @@ write.push(new Endpoint("delete", "/applications/:appId", controller.destroy))
  * @openapi
  * /applications/{appId}/unpublish:
  *   post:
- *     operationId: unpublish
+ *     operationId: appUnpublish
  *     summary: Unpublish an application
  *     tags:
  *       - applications
@@ -116,7 +116,7 @@ write.push(
  * @openapi
  * /applications/{appId}/publish:
  *   post:
- *     operationId: publish
+ *     operationId: appPublish
  *     summary: Unpublish an application
  *     tags:
  *       - applications
@@ -141,7 +141,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   get:
- *     operationId: getById
+ *     operationId: appGetById
  *     summary: Retrieve an application
  *     tags:
  *       - applications
@@ -164,7 +164,7 @@ read.push(new Endpoint("get", "/applications/:appId", controller.read))
  * @openapi
  * /applications/search:
  *   post:
- *     operationId: search
+ *     operationId: appSearch
  *     summary: Search for applications
  *     description: Based on application properties (currently only name) search for applications.
  *     tags:
diff --git a/packages/server/src/api/routes/public/index.ts b/packages/server/src/api/routes/public/index.ts
index 79e7731752..e2bce1e730 100644
--- a/packages/server/src/api/routes/public/index.ts
+++ b/packages/server/src/api/routes/public/index.ts
@@ -1,4 +1,5 @@
 import appEndpoints from "./applications"
+import metricEndpoints from "./metrics"
 import queryEndpoints from "./queries"
 import tableEndpoints from "./tables"
 import rowEndpoints from "./rows"
@@ -12,7 +13,7 @@ import env from "../../../environment"
 // below imports don't have declaration files
 const Router = require("@koa/router")
 const { RateLimit, Stores } = require("koa2-ratelimit")
-import { redis, permissions } from "@budibase/backend-core"
+import { middleware, redis, permissions } from "@budibase/backend-core"
 const { PermissionType, PermissionLevel } = permissions
 
 const PREFIX = "/api/public/v1"
@@ -91,6 +92,13 @@ function addToRouter(endpoints: any) {
   }
 }
 
+function applyAdminRoutes(endpoints: any) {
+  addMiddleware(endpoints.read, middleware.builderOrAdmin)
+  addMiddleware(endpoints.write, middleware.builderOrAdmin)
+  addToRouter(endpoints.read)
+  addToRouter(endpoints.write)
+}
+
 function applyRoutes(
   endpoints: any,
   permType: string,
@@ -119,6 +127,7 @@ function applyRoutes(
   addToRouter(endpoints.write)
 }
 
+applyAdminRoutes(metricEndpoints)
 applyRoutes(appEndpoints, PermissionType.APP, "appId")
 applyRoutes(tableEndpoints, PermissionType.TABLE, "tableId")
 applyRoutes(userEndpoints, PermissionType.USER, "userId")
diff --git a/packages/server/src/api/routes/public/metrics.ts b/packages/server/src/api/routes/public/metrics.ts
new file mode 100644
index 0000000000..841da0e804
--- /dev/null
+++ b/packages/server/src/api/routes/public/metrics.ts
@@ -0,0 +1,28 @@
+import controller from "../../controllers/public/metrics"
+import Endpoint from "./utils/Endpoint"
+
+const read = []
+
+/**
+ * @openapi
+ * /metrics:
+ *   get:
+ *     operationId: metricsGet
+ *     summary: Retrieve Budibase tenant metrics
+ *     description: Output metrics in OpenMetrics format compatible with Prometheus
+ *     tags:
+ *       - metrics
+ *     responses:
+ *       200:
+ *         description: Returns tenant metrics.
+ *         content:
+ *           text/plain:
+ *             schema:
+ *               type: string
+ *             examples:
+ *               metrics:
+ *                 $ref: '#/components/examples/metrics'
+ */
+read.push(new Endpoint("get", "/metrics", controller.fetch))
+
+export default { read }
diff --git a/packages/server/src/api/routes/public/queries.ts b/packages/server/src/api/routes/public/queries.ts
index dc18fb91ac..854db3c964 100644
--- a/packages/server/src/api/routes/public/queries.ts
+++ b/packages/server/src/api/routes/public/queries.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /queries/{queryId}:
  *   post:
- *     operationId: execute
+ *     operationId: queryExecute
  *     summary: Execute a query
  *     description: Queries which have been created within a Budibase app can be executed using this,
  *     tags:
@@ -43,7 +43,7 @@ write.push(new Endpoint("post", "/queries/:queryId", controller.execute))
  * @openapi
  * /queries/search:
  *   post:
- *     operationId: search
+ *     operationId: querySearch
  *     summary: Search for queries
  *     description: Based on query properties (currently only name) search for queries.
  *     tags:
diff --git a/packages/server/src/api/routes/public/rows.ts b/packages/server/src/api/routes/public/rows.ts
index 9109ae76b8..80ad6d6434 100644
--- a/packages/server/src/api/routes/public/rows.ts
+++ b/packages/server/src/api/routes/public/rows.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /tables/{tableId}/rows:
  *   post:
- *     operationId: create
+ *     operationId: rowCreate
  *     summary: Create a row
  *     description: Creates a row within the specified table.
  *     tags:
@@ -44,7 +44,7 @@ write.push(new Endpoint("post", "/tables/:tableId/rows", controller.create))
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   put:
- *     operationId: update
+ *     operationId: rowUpdate
  *     summary: Update a row
  *     description: Updates a row within the specified table.
  *     tags:
@@ -81,7 +81,7 @@ write.push(
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: rowDestroy
  *     summary: Delete a row
  *     description: Deletes a row within the specified table.
  *     tags:
@@ -109,7 +109,7 @@ write.push(
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   get:
- *     operationId: getById
+ *     operationId: rowGetById
  *     summary: Retrieve a row
  *     description: This gets a single row, it will be enriched with the full related rows, rather than
  *       the squashed "primaryDisplay" format returned by the search endpoint.
@@ -136,7 +136,7 @@ read.push(new Endpoint("get", "/tables/:tableId/rows/:rowId", controller.read))
  * @openapi
  * /tables/{tableId}/rows/search:
  *   post:
- *     operationId: search
+ *     operationId: rowSearch
  *     summary: Search for rows
  *     tags:
  *       - rows
diff --git a/packages/server/src/api/routes/public/tables.ts b/packages/server/src/api/routes/public/tables.ts
index 74cd8ca3cf..f8d62c4a37 100644
--- a/packages/server/src/api/routes/public/tables.ts
+++ b/packages/server/src/api/routes/public/tables.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /tables:
  *   post:
- *     operationId: create
+ *     operationId: tableCreate
  *     summary: Create a table
  *     description: Create a table, this could be internal or external.
  *     tags:
@@ -46,7 +46,7 @@ write.push(
  * @openapi
  * /tables/{tableId}:
  *   put:
- *     operationId: update
+ *     operationId: tableUpdate
  *     summary: Update a table
  *     description: Update a table, this could be internal or external.
  *     tags:
@@ -83,7 +83,7 @@ write.push(
  * @openapi
  * /tables/{tableId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: tableDestroy
  *     summary: Delete a table
  *     description: Delete a table, this could be internal or external.
  *     tags:
@@ -108,7 +108,7 @@ write.push(new Endpoint("delete", "/tables/:tableId", controller.destroy))
  * @openapi
  * /tables/{tableId}:
  *   get:
- *     operationId: getById
+ *     operationId: tableGetById
  *     summary: Retrieve a table
  *     description: Lookup a table, this could be internal or external.
  *     tags:
@@ -133,7 +133,7 @@ read.push(new Endpoint("get", "/tables/:tableId", controller.read))
  * @openapi
  * /tables/search:
  *   post:
- *     operationId: search
+ *     operationId: tableSearch
  *     summary: Search for tables
  *     description: Based on table properties (currently only name) search for tables. This could be
  *       an internal or an external table.
diff --git a/packages/server/src/api/routes/public/tests/compare.spec.js b/packages/server/src/api/routes/public/tests/compare.spec.ts
similarity index 80%
rename from packages/server/src/api/routes/public/tests/compare.spec.js
rename to packages/server/src/api/routes/public/tests/compare.spec.ts
index 36693a1098..f9616b06e1 100644
--- a/packages/server/src/api/routes/public/tests/compare.spec.js
+++ b/packages/server/src/api/routes/public/tests/compare.spec.ts
@@ -1,13 +1,14 @@
-const jestOpenAPI = require("jest-openapi").default
-const generateSchema = require("../../../../../specs/generate")
-const setup = require("../../tests/utilities")
-const { generateMakeRequest } = require("./utils")
+import jestOpenAPI from "jest-openapi"
+import { run as generateSchema } from "../../../../../specs/generate"
+import * as setup from "../../tests/utilities"
+import { generateMakeRequest } from "./utils"
+import { Table, App, Row, User } from "@budibase/types"
 
 const yamlPath = generateSchema()
-jestOpenAPI(yamlPath)
+jestOpenAPI(yamlPath!)
 
 let config = setup.getConfig()
-let apiKey, table, app, makeRequest
+let apiKey: string, table: Table, app: App, makeRequest: any
 
 beforeAll(async () => {
   app = await config.init()
@@ -25,19 +26,29 @@ describe("check the applications endpoints", () => {
   })
 
   it("should allow creating an application", async () => {
-    const res = await makeRequest("post", "/applications", {
-      name: "new App"
-    }, null)
+    const res = await makeRequest(
+      "post",
+      "/applications",
+      {
+        name: "new App",
+      },
+      null
+    )
     expect(res).toSatisfyApiSpec()
   })
 
   it("should allow updating an application", async () => {
     const app = config.getApp()
     const appId = config.getAppId()
-    const res = await makeRequest("put", `/applications/${appId}`, {
-      ...app,
-      name: "updated app name",
-    }, appId)
+    const res = await makeRequest(
+      "put",
+      `/applications/${appId}`,
+      {
+        ...app,
+        name: "updated app name",
+      },
+      appId
+    )
     expect(res).toSatisfyApiSpec()
   })
 
@@ -47,7 +58,10 @@ describe("check the applications endpoints", () => {
   })
 
   it("should allow deleting an application", async () => {
-    const res = await makeRequest("delete", `/applications/${config.getAppId()}`)
+    const res = await makeRequest(
+      "delete",
+      `/applications/${config.getAppId()}`
+    )
     expect(res).toSatisfyApiSpec()
   })
 })
@@ -68,8 +82,8 @@ describe("check the tables endpoints", () => {
         column1: {
           type: "string",
           constraints: {},
-        }
-      }
+        },
+      },
     })
     expect(res).toSatisfyApiSpec()
   })
@@ -92,12 +106,11 @@ describe("check the tables endpoints", () => {
 })
 
 describe("check the rows endpoints", () => {
-  let row
+  let row: Row
   it("should allow retrieving rows through search", async () => {
     table = await config.updateTable()
     const res = await makeRequest("post", `/tables/${table._id}/rows/search`, {
-      query: {
-      },
+      query: {},
     })
     expect(res).toSatisfyApiSpec()
   })
@@ -111,9 +124,13 @@ describe("check the rows endpoints", () => {
   })
 
   it("should allow updating a row", async () => {
-    const res = await makeRequest("put", `/tables/${table._id}/rows/${row._id}`, {
-      name: "test row updated",
-    })
+    const res = await makeRequest(
+      "put",
+      `/tables/${table._id}/rows/${row._id}`,
+      {
+        name: "test row updated",
+      }
+    )
     expect(res).toSatisfyApiSpec()
   })
 
@@ -123,13 +140,16 @@ describe("check the rows endpoints", () => {
   })
 
   it("should allow deleting a row", async () => {
-    const res = await makeRequest("delete", `/tables/${table._id}/rows/${row._id}`)
+    const res = await makeRequest(
+      "delete",
+      `/tables/${table._id}/rows/${row._id}`
+    )
     expect(res).toSatisfyApiSpec()
   })
 })
 
 describe("check the users endpoints", () => {
-  let user
+  let user: User
   it("should allow retrieving users through search", async () => {
     user = await config.createUser()
     const res = await makeRequest("post", "/users/search")
@@ -163,4 +183,3 @@ describe("check the queries endpoints", () => {
     expect(res).toSatisfyApiSpec()
   })
 })
-
diff --git a/packages/server/src/api/routes/public/tests/metrics.spec.js b/packages/server/src/api/routes/public/tests/metrics.spec.js
new file mode 100644
index 0000000000..8e226ec958
--- /dev/null
+++ b/packages/server/src/api/routes/public/tests/metrics.spec.js
@@ -0,0 +1,34 @@
+const setup = require("../../tests/utilities")
+
+jest.setTimeout(30000)
+
+describe("/metrics", () => {
+  let request = setup.getRequest()
+  let config = setup.getConfig()
+
+  afterAll(setup.afterAll)
+
+  // For some reason this cannot be a beforeAll or the test "should be able to update the user" fail
+  beforeEach(async () => {
+    await config.init()
+  })
+
+  describe("get", () => {
+    it("returns a list of metrics", async () => {
+      const res = await request
+        .get(`/api/public/v1/metrics`)
+        .set(config.defaultHeaders())
+        .expect("Content-Type", /text\/plain/)
+        .expect(200)
+      expect(res.text).toContain("budibase_tenant_user_count")
+    })
+
+    it("endpoint should not be publicly exposed", async () => {
+      await request
+      .get(`/api/public/v1/metrics`)
+      .set(config.publicHeaders())
+      .expect(403)
+    })
+  })
+
+})
diff --git a/packages/server/src/api/routes/public/users.ts b/packages/server/src/api/routes/public/users.ts
index 67b73f6cbe..0787dfa3dc 100644
--- a/packages/server/src/api/routes/public/users.ts
+++ b/packages/server/src/api/routes/public/users.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /users:
  *   post:
- *     operationId: create
+ *     operationId: userCreate
  *     summary: Create a user
  *     tags:
  *       - users
@@ -36,7 +36,7 @@ write.push(new Endpoint("post", "/users", controller.create))
  * @openapi
  * /users/{userId}:
  *   put:
- *     operationId: update
+ *     operationId: userUpdate
  *     summary: Update a user
  *     tags:
  *       - users
@@ -65,7 +65,7 @@ write.push(new Endpoint("put", "/users/:userId", controller.update))
  * @openapi
  * /users/{userId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: userDestroy
  *     summary: Delete a user
  *     tags:
  *       - users
@@ -88,7 +88,7 @@ write.push(new Endpoint("delete", "/users/:userId", controller.destroy))
  * @openapi
  * /users/{userId}:
  *   get:
- *     operationId: getById
+ *     operationId: userGetById
  *     summary: Retrieve a user
  *     tags:
  *       - users
@@ -111,7 +111,7 @@ read.push(new Endpoint("get", "/users/:userId", controller.read))
  * @openapi
  * /users/search:
  *   post:
- *     operationId: search
+ *     operationId: userSearch
  *     summary: Search for users
  *     description: Based on user properties (currently only name) search for users.
  *     tags:
diff --git a/packages/server/src/api/routes/tests/cloud.seq.spec.ts b/packages/server/src/api/routes/tests/cloud.spec.ts
similarity index 70%
rename from packages/server/src/api/routes/tests/cloud.seq.spec.ts
rename to packages/server/src/api/routes/tests/cloud.spec.ts
index d9bd6221ad..aad1214a31 100644
--- a/packages/server/src/api/routes/tests/cloud.seq.spec.ts
+++ b/packages/server/src/api/routes/tests/cloud.spec.ts
@@ -1,3 +1,5 @@
+import { App } from "@budibase/types"
+
 jest.setTimeout(30000)
 
 import { AppStatus } from "../../../db/utils"
@@ -5,6 +7,7 @@ import { AppStatus } from "../../../db/utils"
 import * as setup from "./utilities"
 
 import { wipeDb } from "./utilities/TestFunctions"
+import { tenancy } from "@budibase/backend-core"
 
 describe("/cloud", () => {
   let request = setup.getRequest()!
@@ -12,18 +15,10 @@ describe("/cloud", () => {
 
   afterAll(setup.afterAll)
 
-  beforeAll(() => {
+  beforeAll(async () => {
     // Importing is only allowed in self hosted environments
-    config.modeSelf()
-  })
-
-  beforeEach(async () => {
     await config.init()
-  })
-
-  afterEach(async () => {
-    // clear all mocks
-    jest.clearAllMocks()
+    config.modeSelf()
   })
 
   describe("import", () => {
@@ -32,30 +27,28 @@ describe("/cloud", () => {
       // import will not run
       await wipeDb()
 
-      // get a count of apps before the import
-      const preImportApps = await request
-        .get(`/api/applications?status=${AppStatus.ALL}`)
-        .set(config.defaultHeaders())
-        .expect("Content-Type", /json/)
-        .expect(200)
-
       // Perform the import
       const res = await request
         .post(`/api/cloud/import`)
+        .set(config.publicHeaders())
         .attach("importFile", "src/api/routes/tests/data/export-test.tar.gz")
-        .set(config.defaultHeaders())
         .expect(200)
       expect(res.body.message).toEqual("Apps successfully imported.")
 
       // get a count of apps after the import
       const postImportApps = await request
         .get(`/api/applications?status=${AppStatus.ALL}`)
-        .set(config.defaultHeaders())
+        .set(config.publicHeaders())
         .expect("Content-Type", /json/)
         .expect(200)
 
+      const apps = postImportApps.body as App[]
       // There are two apps in the file that was imported so check for this
-      expect(postImportApps.body.length).toEqual(2)
+      expect(apps.length).toEqual(2)
+      // The new tenant id was assigned to the imported apps
+      expect(tenancy.getTenantIDFromAppID(apps[0].appId)).toBe(
+        config.getTenantId()
+      )
     })
   })
 })
diff --git a/packages/server/src/api/routes/tests/utilities/TestFunctions.ts b/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
index 3f57c1e8ef..5a1ed5210e 100644
--- a/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
+++ b/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
@@ -2,7 +2,6 @@ import * as rowController from "../../../controllers/row"
 import * as appController from "../../../controllers/application"
 import { AppStatus } from "../../../../db/utils"
 import { roles, tenancy, context } from "@budibase/backend-core"
-import { TENANT_ID } from "../../../../tests/utilities/structures"
 import env from "../../../../environment"
 import { db } from "@budibase/backend-core"
 import Nano from "@budibase/nano"
@@ -33,7 +32,7 @@ export const getAllTableRows = async (config: any) => {
 }
 
 export const clearAllApps = async (
-  tenantId = TENANT_ID,
+  tenantId: string,
   exceptions: Array<string> = []
 ) => {
   await tenancy.doInTenant(tenantId, async () => {
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts
index 03dce4f875..00f2aca7fc 100644
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@@ -32,6 +32,7 @@ import { initialise as initialiseWebsockets } from "./websocket"
 import { startup } from "./startup"
 const Sentry = require("@sentry/node")
 const destroyable = require("server-destroy")
+const { userAgent } = require("koa-useragent")
 
 const app = new Koa()
 
@@ -53,6 +54,7 @@ app.use(
 )
 
 app.use(middleware.logging)
+app.use(userAgent)
 
 if (env.isProd()) {
   env._set("NODE_ENV", "production")
diff --git a/packages/server/src/automations/automationUtils.ts b/packages/server/src/automations/automationUtils.ts
index 7691bf7a6f..254d9c624b 100644
--- a/packages/server/src/automations/automationUtils.ts
+++ b/packages/server/src/automations/automationUtils.ts
@@ -52,14 +52,18 @@ export function cleanInputValues(inputs: Record<string, any>, schema: any) {
       }
     }
   }
-  //Check if input field should be a relationship and cast to array
+  //Check if input field for Update Row should be a relationship and cast to array
   for (let key in inputs.row) {
     if (
       inputs.schema?.[key]?.type === "link" &&
       inputs.row[key] &&
       typeof inputs.row[key] === "string"
     ) {
-      inputs.row[key] = JSON.parse(inputs.row[key])
+      try {
+        inputs.row[key] = JSON.parse(inputs.row[key])
+      } catch (e) {
+        //Link is not an array or object, so continue
+      }
     }
   }
   return inputs
diff --git a/packages/server/src/automations/unitTests/automationUtils.spec.ts b/packages/server/src/automations/unitTests/automationUtils.spec.ts
index b80b2d60be..2291df9bc2 100644
--- a/packages/server/src/automations/unitTests/automationUtils.spec.ts
+++ b/packages/server/src/automations/unitTests/automationUtils.spec.ts
@@ -62,4 +62,72 @@ describe("automationUtils", () => {
       ).toThrow()
     })
   })
+
+  describe("cleanInputValues", () => {
+    it("should handle array relationship fields from read binding", () => {
+      const schema = {
+        relationship: {
+          type: "link",
+          constraints: {
+            type: "array",
+            presence: false,
+          },
+          fieldName: "Users",
+          name: "relationship",
+          relationshipType: "many-to-many",
+          tableId: "ta_users",
+          sortable: false,
+        },
+      }
+      expect(
+        automationUtils.cleanInputValues(
+          {
+            row: {
+              relationship: `[{"_id": "ro_ta_users_us_3"}]`,
+            },
+            schema,
+          },
+          schema
+        )
+      ).toEqual({
+        row: {
+          relationship: [{ _id: "ro_ta_users_us_3" }],
+        },
+        schema,
+      })
+    })
+
+    it("should handle single string relationship field", () => {
+      const schema = {
+        relationship: {
+          type: "link",
+          constraints: {
+            type: "array",
+            presence: false,
+          },
+          fieldName: "Users",
+          name: "relationship",
+          relationshipType: "many-to-many",
+          tableId: "ta_users",
+          sortable: false,
+        },
+      }
+      expect(
+        automationUtils.cleanInputValues(
+          {
+            row: {
+              relationship: `ro_ta_users_us_3`,
+            },
+            schema,
+          },
+          schema
+        )
+      ).toEqual({
+        row: {
+          relationship: "ro_ta_users_us_3",
+        },
+        schema,
+      })
+    })
+  })
 })
diff --git a/packages/server/src/db/index.ts b/packages/server/src/db/index.ts
index fa8027dcc1..157c2f4fb3 100644
--- a/packages/server/src/db/index.ts
+++ b/packages/server/src/db/index.ts
@@ -1,4 +1,4 @@
-import { init as coreInit } from "@budibase/backend-core"
+import * as core from "@budibase/backend-core"
 import env from "../environment"
 
 export function init() {
@@ -12,5 +12,5 @@ export function init() {
     dbConfig.allDbs = true
   }
 
-  coreInit({ db: dbConfig })
+  core.init({ db: dbConfig })
 }
diff --git a/packages/server/src/db/utils.ts b/packages/server/src/db/utils.ts
index ac5a6162b9..50341e4abc 100644
--- a/packages/server/src/db/utils.ts
+++ b/packages/server/src/db/utils.ts
@@ -9,10 +9,6 @@ export const AppStatus = {
   DEPLOYED: "published",
 }
 
-export const SearchIndexes = {
-  ROWS: "rows",
-}
-
 export const BudibaseInternalDB = {
   _id: "bb_internal",
   type: dbCore.BUDIBASE_DATASOURCE_TYPE,
diff --git a/packages/server/src/db/views/staticViews.ts b/packages/server/src/db/views/staticViews.ts
index 4bccfebeee..730e5b1e66 100644
--- a/packages/server/src/db/views/staticViews.ts
+++ b/packages/server/src/db/views/staticViews.ts
@@ -1,6 +1,6 @@
 import { context } from "@budibase/backend-core"
-import { DocumentType, SEPARATOR, ViewName, SearchIndexes } from "../utils"
-import { LinkDocument, Row } from "@budibase/types"
+import { DocumentType, SEPARATOR, ViewName } from "../utils"
+import { LinkDocument, Row, SearchIndex } from "@budibase/types"
 const SCREEN_PREFIX = DocumentType.SCREEN + SEPARATOR
 
 /**************************************************
@@ -91,7 +91,7 @@ async function searchIndex(indexName: string, fnString: string) {
 
 export async function createAllSearchIndex() {
   await searchIndex(
-    SearchIndexes.ROWS,
+    SearchIndex.ROWS,
     function (doc: Row) {
       function idx(input: Row, prev?: string) {
         for (let key of Object.keys(input)) {
diff --git a/packages/server/src/definitions/openapi.ts b/packages/server/src/definitions/openapi.ts
index 7c02aac060..5ca4990647 100644
--- a/packages/server/src/definitions/openapi.ts
+++ b/packages/server/src/definitions/openapi.ts
@@ -5,67 +5,77 @@
 
 export interface paths {
   "/applications": {
-    post: operations["create"];
+    post: operations["appCreate"];
   };
   "/applications/{appId}": {
-    get: operations["getById"];
-    put: operations["update"];
-    delete: operations["destroy"];
+    get: operations["appGetById"];
+    put: operations["appUpdate"];
+    delete: operations["appDestroy"];
+  };
+  "/applications/{appId}/unpublish": {
+    post: operations["appUnpublish"];
+  };
+  "/applications/{appId}/publish": {
+    post: operations["appPublish"];
   };
   "/applications/search": {
     /** Based on application properties (currently only name) search for applications. */
-    post: operations["search"];
+    post: operations["appSearch"];
+  };
+  "/metrics": {
+    /** Output metrics in OpenMetrics format compatible with Prometheus */
+    get: operations["metricsGet"];
   };
   "/queries/{queryId}": {
     /** Queries which have been created within a Budibase app can be executed using this, */
-    post: operations["execute"];
+    post: operations["queryExecute"];
   };
   "/queries/search": {
     /** Based on query properties (currently only name) search for queries. */
-    post: operations["search"];
+    post: operations["querySearch"];
   };
   "/tables/{tableId}/rows": {
     /** Creates a row within the specified table. */
-    post: operations["create"];
+    post: operations["rowCreate"];
   };
   "/tables/{tableId}/rows/{rowId}": {
     /** This gets a single row, it will be enriched with the full related rows, rather than the squashed "primaryDisplay" format returned by the search endpoint. */
-    get: operations["getById"];
+    get: operations["rowGetById"];
     /** Updates a row within the specified table. */
-    put: operations["update"];
+    put: operations["rowUpdate"];
     /** Deletes a row within the specified table. */
-    delete: operations["destroy"];
+    delete: operations["rowDestroy"];
   };
   "/tables/{tableId}/rows/search": {
-    post: operations["search"];
+    post: operations["rowSearch"];
   };
   "/tables": {
     /** Create a table, this could be internal or external. */
-    post: operations["create"];
+    post: operations["tableCreate"];
   };
   "/tables/{tableId}": {
     /** Lookup a table, this could be internal or external. */
-    get: operations["getById"];
+    get: operations["tableGetById"];
     /** Update a table, this could be internal or external. */
-    put: operations["update"];
+    put: operations["tableUpdate"];
     /** Delete a table, this could be internal or external. */
-    delete: operations["destroy"];
+    delete: operations["tableDestroy"];
   };
   "/tables/search": {
     /** Based on table properties (currently only name) search for tables. This could be an internal or an external table. */
-    post: operations["search"];
+    post: operations["tableSearch"];
   };
   "/users": {
-    post: operations["create"];
+    post: operations["userCreate"];
   };
   "/users/{userId}": {
-    get: operations["getById"];
-    put: operations["update"];
-    delete: operations["destroy"];
+    get: operations["userGetById"];
+    put: operations["userUpdate"];
+    delete: operations["userDestroy"];
   };
   "/users/search": {
     /** Based on user properties (currently only name) search for users. */
-    post: operations["search"];
+    post: operations["userSearch"];
   };
 }
 
@@ -102,16 +112,6 @@ export interface components {
         lockedBy?: { [key: string]: unknown };
       };
     };
-    deploymentOutput: {
-      data: {
-        /** @description The ID of the deployment. */
-        _id: string;
-        /** @description The status of the deployment. */
-        status: "SUCCESS" | "FAILURE";
-        /** @description The URL by which the published app is accessed. */
-        appUrl?: string;
-      }
-    };
     applicationSearch: {
       data: {
         /** @description The name of the app. */
@@ -137,6 +137,19 @@ export interface components {
         lockedBy?: { [key: string]: unknown };
       }[];
     };
+    deploymentOutput: {
+      data: {
+        /** @description The ID of the app. */
+        _id: string;
+        /**
+         * @description Status of the deployment, whether it succeeded or failed
+         * @enum {string}
+         */
+        status: "SUCCESS" | "FAILURE";
+        /** @description The URL of the published app */
+        appUrl: string;
+      };
+    };
     /** @description The row to be created/updated, based on the table schema. */
     row: { [key: string]: unknown };
     searchOutput: {
@@ -231,7 +244,6 @@ export interface components {
                */
               type?:
                 | "string"
-                | "barcodeqr"
                 | "longform"
                 | "options"
                 | "number"
@@ -243,7 +255,8 @@ export interface components {
                 | "formula"
                 | "auto"
                 | "json"
-                | "internal";
+                | "internal"
+                | "barcodeqr";
               /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
               constraints?: {
                 /** @enum {string} */
@@ -337,7 +350,6 @@ export interface components {
                  */
                 type?:
                   | "string"
-                  | "barcodeqr"
                   | "longform"
                   | "options"
                   | "number"
@@ -349,7 +361,8 @@ export interface components {
                   | "formula"
                   | "auto"
                   | "json"
-                  | "internal";
+                  | "internal"
+                  | "barcodeqr";
                 /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
                 constraints?: {
                   /** @enum {string} */
@@ -445,7 +458,6 @@ export interface components {
                  */
                 type?:
                   | "string"
-                  | "barcodeqr"
                   | "longform"
                   | "options"
                   | "number"
@@ -457,7 +469,8 @@ export interface components {
                   | "formula"
                   | "auto"
                   | "json"
-                  | "internal";
+                  | "internal"
+                  | "barcodeqr";
                 /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
                 constraints?: {
                   /** @enum {string} */
@@ -717,81 +730,115 @@ export interface components {
 }
 
 export interface operations {
-  create: {
+  appCreate: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
     responses: {
-      /** Returns the created user. */
+      /** Returns the created application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
     requestBody: {
       content: {
-        "application/json": components["schemas"]["user"];
+        "application/json": components["schemas"]["application"];
       };
     };
   };
-  getById: {
+  appGetById: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the retrieved user. */
+      /** Returns the retrieved application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
   };
-  update: {
+  appUpdate: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the updated user. */
+      /** Returns the updated application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
     requestBody: {
       content: {
-        "application/json": components["schemas"]["user"];
+        "application/json": components["schemas"]["application"];
       };
     };
   };
-  destroy: {
+  appDestroy: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the deleted user. */
+      /** Returns the deleted application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
   };
-  /** Based on user properties (currently only name) search for users. */
-  search: {
+  appUnpublish: {
+    parameters: {
+      path: {
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
+      };
+    };
     responses: {
-      /** Returns the found users based on search parameters. */
+      /** The app was published successfully. */
+      204: never;
+    };
+  };
+  appPublish: {
+    parameters: {
+      path: {
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
+      };
+    };
+    responses: {
+      /** Returns the deployment object. */
       200: {
         content: {
-          "application/json": components["schemas"]["userSearch"];
+          "application/json": components["schemas"]["deploymentOutput"];
+        };
+      };
+    };
+  };
+  /** Based on application properties (currently only name) search for applications. */
+  appSearch: {
+    responses: {
+      /** Returns the applications that were found based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["applicationSearch"];
         };
       };
     };
@@ -801,8 +848,19 @@ export interface operations {
       };
     };
   };
+  /** Output metrics in OpenMetrics format compatible with Prometheus */
+  metricsGet: {
+    responses: {
+      /** Returns tenant metrics. */
+      200: {
+        content: {
+          "text/plain": string;
+        };
+      };
+    };
+  };
   /** Queries which have been created within a Budibase app can be executed using this, */
-  execute: {
+  queryExecute: {
     parameters: {
       path: {
         /** The ID of the query which this request is targeting. */
@@ -827,6 +885,349 @@ export interface operations {
       };
     };
   };
+  /** Based on query properties (currently only name) search for queries. */
+  querySearch: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the queries found based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["querySearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
+  /** Creates a row within the specified table. */
+  rowCreate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created row, including the ID which has been generated for it. This can be found in the Budibase portal, viewed under the developer information. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["row"];
+      };
+    };
+  };
+  /** This gets a single row, it will be enriched with the full related rows, rather than the squashed "primaryDisplay" format returned by the search endpoint. */
+  rowGetById: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved row. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+  };
+  /** Updates a row within the specified table. */
+  rowUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created row, including the ID which has been generated for it. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["row"];
+      };
+    };
+  };
+  /** Deletes a row within the specified table. */
+  rowDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted row, including the ID which has been generated for it. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+  };
+  rowSearch: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** The response will contain an array of rows that match the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["searchOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["rowSearch"];
+      };
+    };
+  };
+  /** Create a table, this could be internal or external. */
+  tableCreate: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created table, including the ID which has been generated for it. This can be internal or external datasources. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["table"];
+      };
+    };
+  };
+  /** Lookup a table, this could be internal or external. */
+  tableGetById: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+  };
+  /** Update a table, this could be internal or external. */
+  tableUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the updated table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["table"];
+      };
+    };
+  };
+  /** Delete a table, this could be internal or external. */
+  tableDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+  };
+  /** Based on table properties (currently only name) search for tables. This could be an internal or an external table. */
+  tableSearch: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the found tables, based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableSearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
+  userCreate: {
+    responses: {
+      /** Returns the created user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["user"];
+      };
+    };
+  };
+  userGetById: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+  };
+  userUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the updated user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["user"];
+      };
+    };
+  };
+  userDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+  };
+  /** Based on user properties (currently only name) search for users. */
+  userSearch: {
+    responses: {
+      /** Returns the found users based on search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userSearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
 }
 
 export interface external {}
diff --git a/packages/server/src/integrations/base/sql.ts b/packages/server/src/integrations/base/sql.ts
index 6871d7b0ba..a21c8e7d54 100644
--- a/packages/server/src/integrations/base/sql.ts
+++ b/packages/server/src/integrations/base/sql.ts
@@ -6,11 +6,11 @@ import {
   SearchFilters,
   SortDirection,
 } from "@budibase/types"
+import { db as dbCore } from "@budibase/backend-core"
 import { QueryOptions } from "../../definitions/datasource"
 import { isIsoDateString, SqlClient } from "../utils"
 import SqlTableQueryBuilder from "./sqlTable"
 import environment from "../../environment"
-import { removeKeyNumbering } from "./utils"
 
 const envLimit = environment.SQL_MAX_ROWS
   ? parseInt(environment.SQL_MAX_ROWS)
@@ -136,7 +136,7 @@ class InternalBuilder {
       fn: (key: string, value: any) => void
     ) {
       for (let [key, value] of Object.entries(structure)) {
-        const updatedKey = removeKeyNumbering(key)
+        const updatedKey = dbCore.removeKeyNumbering(key)
         const isRelationshipField = updatedKey.includes(".")
         if (!opts.relationship && !isRelationshipField) {
           fn(`${opts.tableName}.${updatedKey}`, value)
@@ -317,7 +317,8 @@ class InternalBuilder {
     const table = json.meta?.table
     if (sort) {
       for (let [key, value] of Object.entries(sort)) {
-        const direction = value === SortDirection.ASCENDING ? "asc" : "desc"
+        const direction =
+          value.direction === SortDirection.ASCENDING ? "asc" : "desc"
         query = query.orderBy(`${table?.name}.${key}`, direction)
       }
     } else if (this.client === SqlClient.MS_SQL && paginate?.limit) {
diff --git a/packages/server/src/integrations/base/utils.ts b/packages/server/src/integrations/base/utils.ts
deleted file mode 100644
index 54efdb91a0..0000000000
--- a/packages/server/src/integrations/base/utils.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-const QUERY_START_REGEX = /\d[0-9]*:/g
-
-export function removeKeyNumbering(key: any): string {
-  if (typeof key === "string" && key.match(QUERY_START_REGEX) != null) {
-    const parts = key.split(":")
-    // remove the number
-    parts.shift()
-    return parts.join(":")
-  } else {
-    return key
-  }
-}
diff --git a/packages/server/src/integrations/googlesheets.ts b/packages/server/src/integrations/googlesheets.ts
index d3caf0b944..0c658df0f5 100644
--- a/packages/server/src/integrations/googlesheets.ts
+++ b/packages/server/src/integrations/googlesheets.ts
@@ -2,8 +2,11 @@ import {
   DatasourceFieldType,
   DatasourcePlus,
   Integration,
+  PaginationJson,
   QueryJson,
   QueryType,
+  SearchFilters,
+  SortJson,
   Table,
   TableSchema,
 } from "@budibase/types"
@@ -11,9 +14,9 @@ import { OAuth2Client } from "google-auth-library"
 import { buildExternalTableId } from "./utils"
 import { DataSourceOperation, FieldTypes } from "../constants"
 import { GoogleSpreadsheet } from "google-spreadsheet"
-import env from "../environment"
-import { tenancy, db as dbCore, constants } from "@budibase/backend-core"
-const fetch = require("node-fetch")
+import fetch from "node-fetch"
+import { configs, HTTPError } from "@budibase/backend-core"
+import { dataFilters } from "@budibase/shared-core"
 
 interface GoogleSheetsConfig {
   spreadsheetId: string
@@ -112,7 +115,7 @@ const SCHEMA: Integration = {
 
 class GoogleSheetsIntegration implements DatasourcePlus {
   private readonly config: GoogleSheetsConfig
-  private client: any
+  private client: GoogleSpreadsheet
   public tables: Record<string, Table> = {}
   public schemaErrors: Record<string, string> = {}
 
@@ -173,16 +176,9 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async connect() {
     try {
       // Initialise oAuth client
-      const db = tenancy.getGlobalDB()
-      let googleConfig = await dbCore.getScopedConfig(db, {
-        type: constants.Config.GOOGLE,
-      })
-
+      let googleConfig = await configs.getGoogleDatasourceConfig()
       if (!googleConfig) {
-        googleConfig = {
-          clientID: env.GOOGLE_CLIENT_ID,
-          clientSecret: env.GOOGLE_CLIENT_SECRET,
-        }
+        throw new HTTPError("Google config not found", 400)
       }
 
       const oauthClient = new OAuth2Client({
@@ -211,7 +207,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
 
   async buildSchema(datasourceId: string) {
     await this.connect()
-    const sheets = await this.client.sheetsByIndex
+    const sheets = this.client.sheetsByIndex
     const tables: Record<string, Table> = {}
     for (let sheet of sheets) {
       // must fetch rows to determine schema
@@ -245,7 +241,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
     const handlers = {
       [DataSourceOperation.CREATE]: () =>
         this.create({ sheet, row: json.body }),
-      [DataSourceOperation.READ]: () => this.read({ sheet }),
+      [DataSourceOperation.READ]: () => this.read({ ...json, sheet }),
       [DataSourceOperation.UPDATE]: () =>
         this.update({
           // exclude the header row and zero index
@@ -294,7 +290,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async updateTable(table?: any) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[table.name]
+      const sheet = this.client.sheetsByTitle[table.name]
       await sheet.loadHeaderRow()
 
       if (table._rename) {
@@ -308,10 +304,17 @@ class GoogleSheetsIntegration implements DatasourcePlus {
         }
         await sheet.setHeaderRow(headers)
       } else {
-        let newField = Object.keys(table.schema).find(
+        const updatedHeaderValues = [...sheet.headerValues]
+
+        const newField = Object.keys(table.schema).find(
           key => !sheet.headerValues.includes(key)
         )
-        await sheet.setHeaderRow([...sheet.headerValues, newField])
+
+        if (newField) {
+          updatedHeaderValues.push(newField)
+        }
+
+        await sheet.setHeaderRow(updatedHeaderValues)
       }
     } catch (err) {
       console.error("Error updating table in google sheets", err)
@@ -322,7 +325,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async deleteTable(sheet: any) {
     try {
       await this.connect()
-      const sheetToDelete = await this.client.sheetsByTitle[sheet]
+      const sheetToDelete = this.client.sheetsByTitle[sheet]
       return await sheetToDelete.delete()
     } catch (err) {
       console.error("Error deleting table in google sheets", err)
@@ -333,7 +336,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async create(query: { sheet: string; row: any }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rowToInsert =
         typeof query.row === "string" ? JSON.parse(query.row) : query.row
       const row = await sheet.addRow(rowToInsert)
@@ -346,18 +349,40 @@ class GoogleSheetsIntegration implements DatasourcePlus {
     }
   }
 
-  async read(query: { sheet: string }) {
+  async read(query: {
+    sheet: string
+    filters?: SearchFilters
+    sort?: SortJson
+    paginate?: PaginationJson
+  }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rows = await sheet.getRows()
+      const filtered = dataFilters.runLuceneQuery(rows, query.filters)
       const headerValues = sheet.headerValues
-      const response = []
-      for (let row of rows) {
+      let response = []
+      for (let row of filtered) {
         response.push(
           this.buildRowObject(headerValues, row._rawData, row._rowNumber)
         )
       }
+
+      if (query.sort) {
+        if (Object.keys(query.sort).length !== 1) {
+          console.warn("Googlesheets does not support multiple sorting", {
+            sortInfo: query.sort,
+          })
+        }
+        const [sortField, sortInfo] = Object.entries(query.sort)[0]
+        response = dataFilters.luceneSort(
+          response,
+          sortField,
+          sortInfo.direction,
+          sortInfo.type
+        )
+      }
+
       return response
     } catch (err) {
       console.error("Error reading from google sheets", err)
@@ -368,7 +393,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async update(query: { sheet: string; rowIndex: number; row: any }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rows = await sheet.getRows()
       const row = rows[query.rowIndex]
       if (row) {
@@ -392,7 +417,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
 
   async delete(query: { sheet: string; rowIndex: number }) {
     await this.connect()
-    const sheet = await this.client.sheetsByTitle[query.sheet]
+    const sheet = this.client.sheetsByTitle[query.sheet]
     const rows = await sheet.getRows()
     const row = rows[query.rowIndex]
     if (row) {
diff --git a/packages/server/src/integrations/tests/googlesheets.spec.ts b/packages/server/src/integrations/tests/googlesheets.spec.ts
new file mode 100644
index 0000000000..5d7c184abd
--- /dev/null
+++ b/packages/server/src/integrations/tests/googlesheets.spec.ts
@@ -0,0 +1,126 @@
+import type { GoogleSpreadsheetWorksheet } from "google-spreadsheet"
+
+jest.mock("google-auth-library")
+const { OAuth2Client } = require("google-auth-library")
+
+const setCredentialsMock = jest.fn()
+const getAccessTokenMock = jest.fn()
+
+OAuth2Client.mockImplementation(() => {
+  return {
+    setCredentials: setCredentialsMock,
+    getAccessToken: getAccessTokenMock,
+  }
+})
+
+jest.mock("google-spreadsheet")
+const { GoogleSpreadsheet } = require("google-spreadsheet")
+
+const sheetsByTitle: { [title: string]: GoogleSpreadsheetWorksheet } = {}
+
+GoogleSpreadsheet.mockImplementation(() => {
+  return {
+    useOAuth2Client: jest.fn(),
+    loadInfo: jest.fn(),
+    sheetsByTitle,
+  }
+})
+
+import { structures } from "@budibase/backend-core/tests"
+import TestConfiguration from "../../tests/utilities/TestConfiguration"
+import GoogleSheetsIntegration from "../googlesheets"
+import { FieldType, Table, TableSchema } from "../../../../types/src/documents"
+
+describe("Google Sheets Integration", () => {
+  let integration: any,
+    config = new TestConfiguration()
+
+  beforeAll(() => {
+    config.setGoogleAuth("test")
+  })
+
+  beforeEach(async () => {
+    integration = new GoogleSheetsIntegration.integration({
+      spreadsheetId: "randomId",
+      auth: {
+        appId: "appId",
+        accessToken: "accessToken",
+        refreshToken: "refreshToken",
+      },
+    })
+    await config.init()
+  })
+
+  function createBasicTable(name: string, columns: string[]): Table {
+    return {
+      name,
+      schema: {
+        ...columns.reduce((p, c) => {
+          p[c] = {
+            name: c,
+            type: FieldType.STRING,
+            constraints: {
+              type: "string",
+            },
+          }
+          return p
+        }, {} as TableSchema),
+      },
+    }
+  }
+
+  function createSheet({
+    headerValues,
+  }: {
+    headerValues: string[]
+  }): GoogleSpreadsheetWorksheet {
+    return {
+      // to ignore the unmapped fields
+      ...({} as any),
+      loadHeaderRow: jest.fn(),
+      headerValues,
+      setHeaderRow: jest.fn(),
+    }
+  }
+
+  describe("update table", () => {
+    test("adding a new field will be adding a new header row", async () => {
+      await config.doInContext(structures.uuid(), async () => {
+        const tableColumns = ["name", "description", "new field"]
+        const table = createBasicTable(structures.uuid(), tableColumns)
+
+        const sheet = createSheet({ headerValues: ["name", "description"] })
+        sheetsByTitle[table.name] = sheet
+        await integration.updateTable(table)
+
+        expect(sheet.loadHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledWith(tableColumns)
+      })
+    })
+
+    test("removing an existing field will not remove the data from the spreadsheet", async () => {
+      await config.doInContext(structures.uuid(), async () => {
+        const tableColumns = ["name"]
+        const table = createBasicTable(structures.uuid(), tableColumns)
+
+        const sheet = createSheet({
+          headerValues: ["name", "description", "location"],
+        })
+        sheetsByTitle[table.name] = sheet
+        await integration.updateTable(table)
+
+        expect(sheet.loadHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledWith([
+          "name",
+          "description",
+          "location",
+        ])
+
+        // No undefineds are sent
+        expect((sheet.setHeaderRow as any).mock.calls[0][0]).toHaveLength(3)
+      })
+    })
+  })
+})
diff --git a/packages/server/src/integrations/utils.ts b/packages/server/src/integrations/utils.ts
index 4681cd4f2a..356a08f4a0 100644
--- a/packages/server/src/integrations/utils.ts
+++ b/packages/server/src/integrations/utils.ts
@@ -223,14 +223,15 @@ function shouldCopySpecialColumn(
   column: { type: string },
   fetchedColumn: { type: string } | undefined
 ) {
+  const isFormula = column.type === FieldTypes.FORMULA
   const specialTypes = [
     FieldTypes.OPTIONS,
     FieldTypes.LONGFORM,
     FieldTypes.ARRAY,
     FieldTypes.FORMULA,
   ]
-  // column has been deleted, remove
-  if (column && !fetchedColumn) {
+  // column has been deleted, remove - formulas will never exist, always copy
+  if (!isFormula && column && !fetchedColumn) {
     return false
   }
   const fetchedIsNumber =
diff --git a/packages/server/src/migrations/functions/backfill/global/configs.ts b/packages/server/src/migrations/functions/backfill/global/configs.ts
index 7eaa987bc7..1b76727bbe 100644
--- a/packages/server/src/migrations/functions/backfill/global/configs.ts
+++ b/packages/server/src/migrations/functions/backfill/global/configs.ts
@@ -1,4 +1,9 @@
-import { events, db as dbUtils } from "@budibase/backend-core"
+import {
+  events,
+  DocumentType,
+  SEPARATOR,
+  UNICODE_MAX,
+} from "@budibase/backend-core"
 import {
   Config,
   isSMTPConfig,
@@ -9,15 +14,16 @@ import {
 } from "@budibase/types"
 import env from "./../../../../environment"
 
+export const getConfigParams = () => {
+  return {
+    include_docs: true,
+    startkey: `${DocumentType.CONFIG}${SEPARATOR}`,
+    endkey: `${DocumentType.CONFIG}${SEPARATOR}${UNICODE_MAX}`,
+  }
+}
+
 const getConfigs = async (globalDb: any): Promise<Config[]> => {
-  const response = await globalDb.allDocs(
-    dbUtils.getConfigParams(
-      {},
-      {
-        include_docs: true,
-      }
-    )
-  )
+  const response = await globalDb.allDocs(getConfigParams())
   return response.rows.map((row: any) => row.doc)
 }
 
diff --git a/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js b/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
index c0066b1c71..15ddcfd1ef 100644
--- a/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
+++ b/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
@@ -8,9 +8,8 @@ jest.mock("@budibase/backend-core", () => {
     }
   }
 })
-const { tenancy, db: dbCore } = require("@budibase/backend-core")
+const { context, db: dbCore } = require("@budibase/backend-core")
 const TestConfig = require("../../../tests/utilities/TestConfiguration")
-const { TENANT_ID } = require("../../../tests/utilities/structures")
 
 // mock email view creation
 
@@ -26,8 +25,8 @@ describe("run", () => {
     afterAll(config.end)
 
     it("runs successfully", async () => {
-      await tenancy.doInTenant(TENANT_ID, async () => {
-        const globalDb = tenancy.getGlobalDB()
+      await config.doInTenant(async () => {
+        const globalDb = context.getGlobalDB()
         await migration.run(globalDb)
         expect(dbCore.createNewUserEmailView).toHaveBeenCalledTimes(1)
       })
diff --git a/packages/server/src/migrations/tests/helpers.ts b/packages/server/src/migrations/tests/helpers.ts
index 17658d5290..35831a2fd0 100644
--- a/packages/server/src/migrations/tests/helpers.ts
+++ b/packages/server/src/migrations/tests/helpers.ts
@@ -1,7 +1,7 @@
 // Mimic configs test configuration from worker, creation configs directly in database
 
 import * as structures from "./structures"
-import { db } from "@budibase/backend-core"
+import { configs } from "@budibase/backend-core"
 import { Config } from "@budibase/types"
 
 export const saveSettingsConfig = async (globalDb: any) => {
@@ -25,7 +25,7 @@ export const saveSmtpConfig = async (globalDb: any) => {
 }
 
 const saveConfig = async (config: Config, globalDb: any) => {
-  config._id = db.generateConfigID({ type: config.type })
+  config._id = configs.generateConfigID(config.type)
 
   let response
   try {
diff --git a/packages/server/src/migrations/tests/structures.ts b/packages/server/src/migrations/tests/structures.ts
index bd48bf63cd..b075c04f5c 100644
--- a/packages/server/src/migrations/tests/structures.ts
+++ b/packages/server/src/migrations/tests/structures.ts
@@ -20,6 +20,7 @@ export const oidc = (conf?: OIDCConfig): OIDCConfig => {
           name: "Active Directory",
           uuid: utils.newid(),
           activated: true,
+          scopes: [],
           ...conf,
         },
       ],
diff --git a/packages/server/src/sdk/app/backups/constants.ts b/packages/server/src/sdk/app/backups/constants.ts
index 2f011ea2de..0584fcb3d0 100644
--- a/packages/server/src/sdk/app/backups/constants.ts
+++ b/packages/server/src/sdk/app/backups/constants.ts
@@ -1,2 +1,3 @@
 export const DB_EXPORT_FILE = "db.txt"
 export const GLOBAL_DB_EXPORT_FILE = "global.txt"
+export const STATIC_APP_FILES = ["manifest.json", "budibase-client.js"]
diff --git a/packages/server/src/sdk/app/backups/exports.ts b/packages/server/src/sdk/app/backups/exports.ts
index 25bd1f4795..c10f106451 100644
--- a/packages/server/src/sdk/app/backups/exports.ts
+++ b/packages/server/src/sdk/app/backups/exports.ts
@@ -7,10 +7,15 @@ import {
   TABLE_ROW_PREFIX,
   USER_METDATA_PREFIX,
 } from "../../../db/utils"
-import { DB_EXPORT_FILE, GLOBAL_DB_EXPORT_FILE } from "./constants"
+import {
+  DB_EXPORT_FILE,
+  GLOBAL_DB_EXPORT_FILE,
+  STATIC_APP_FILES,
+} from "./constants"
 import fs from "fs"
 import { join } from "path"
 import env from "../../../environment"
+
 const uuid = require("uuid/v4")
 const tar = require("tar")
 const MemoryStream = require("memorystream")
@@ -91,14 +96,25 @@ export async function exportApp(appId: string, config?: ExportOpts) {
   const prodAppId = dbCore.getProdAppID(appId)
   const appPath = `${prodAppId}/`
   // export bucket contents
-  let tmpPath
+  let tmpPath = createTempFolder(uuid())
   if (!env.isTest()) {
-    tmpPath = await objectStore.retrieveDirectory(
-      ObjectStoreBuckets.APPS,
-      appPath
-    )
-  } else {
-    tmpPath = createTempFolder(uuid())
+    // write just the static files
+    if (config?.excludeRows) {
+      for (let path of STATIC_APP_FILES) {
+        const contents = await objectStore.retrieve(
+          ObjectStoreBuckets.APPS,
+          join(appPath, path)
+        )
+        fs.writeFileSync(join(tmpPath, path), contents)
+      }
+    }
+    // get all of the files
+    else {
+      tmpPath = await objectStore.retrieveDirectory(
+        ObjectStoreBuckets.APPS,
+        appPath
+      )
+    }
   }
   const downloadedPath = join(tmpPath, appPath)
   if (fs.existsSync(downloadedPath)) {
diff --git a/packages/server/src/sdk/app/rows/attachments.ts b/packages/server/src/sdk/app/rows/attachments.ts
index 67f58f8f2c..bd04f64146 100644
--- a/packages/server/src/sdk/app/rows/attachments.ts
+++ b/packages/server/src/sdk/app/rows/attachments.ts
@@ -13,13 +13,13 @@ function generateAttachmentFindParams(
 ) {
   const params: CouchFindOptions = {
     selector: {
+      $or: attachmentCols.map(col => ({ [col]: { $exists: true } })),
       _id: {
         $regex: `^${DocumentType.ROW}${SEPARATOR}${tableId}`,
       },
     },
     limit: FIND_LIMIT,
   }
-  attachmentCols.forEach(col => (params.selector[col] = { $exists: true }))
   if (bookmark) {
     params.bookmark = bookmark
   }
diff --git a/packages/server/src/startup.ts b/packages/server/src/startup.ts
index f70694226d..6cdbf87c2c 100644
--- a/packages/server/src/startup.ts
+++ b/packages/server/src/startup.ts
@@ -5,7 +5,7 @@ import {
   generateApiKey,
   getChecklist,
 } from "./utilities/workerRequests"
-import { installation, tenancy, logging } from "@budibase/backend-core"
+import { installation, tenancy, logging, events } from "@budibase/backend-core"
 import fs from "fs"
 import { watch } from "./watch"
 import * as automations from "./automations"
@@ -124,6 +124,9 @@ export async function startup(app?: any, server?: any) {
   // get the references to the queue promises, don't await as
   // they will never end, unless the processing stops
   let queuePromises = []
+  // configure events to use the pro audit log write
+  // can't integrate directly into backend-core due to cyclic issues
+  queuePromises.push(events.processors.init(pro.sdk.auditLogs.write))
   queuePromises.push(automations.init())
   queuePromises.push(initPro())
   if (app) {
diff --git a/packages/server/src/tests/jestEnv.ts b/packages/server/src/tests/jestEnv.ts
index c567b260b3..7727bb6007 100644
--- a/packages/server/src/tests/jestEnv.ts
+++ b/packages/server/src/tests/jestEnv.ts
@@ -8,3 +8,4 @@ process.env.BUDIBASE_DIR = tmpdir("budibase-unittests")
 process.env.LOG_LEVEL = process.env.LOG_LEVEL || "error"
 process.env.ENABLE_4XX_HTTP_LOGGING = "0"
 process.env.MOCK_REDIS = "1"
+process.env.PLATFORM_URL = "http://localhost:10000"
diff --git a/packages/server/src/tests/utilities/TestConfiguration.ts b/packages/server/src/tests/utilities/TestConfiguration.ts
index 88545dbcbb..9aab76ba4d 100644
--- a/packages/server/src/tests/utilities/TestConfiguration.ts
+++ b/packages/server/src/tests/utilities/TestConfiguration.ts
@@ -21,7 +21,6 @@ import {
   basicScreen,
   basicLayout,
   basicWebhook,
-  TENANT_ID,
 } from "./structures"
 import {
   constants,
@@ -41,8 +40,8 @@ import { generateUserMetadataID } from "../../db/utils"
 import { startup } from "../../startup"
 import supertest from "supertest"
 import {
+  App,
   AuthToken,
-  Database,
   Datasource,
   Row,
   SourceName,
@@ -63,7 +62,7 @@ class TestConfiguration {
   started: boolean
   appId: string | null
   allApps: any[]
-  app: any
+  app?: App
   prodApp: any
   prodAppId: any
   user: any
@@ -73,7 +72,7 @@ class TestConfiguration {
   linkedTable: any
   automation: any
   datasource: any
-  tenantId: string | null
+  tenantId?: string
   defaultUserValues: DefaultUserValues
 
   constructor(openServer = true) {
@@ -89,7 +88,6 @@ class TestConfiguration {
     }
     this.appId = null
     this.allApps = []
-    this.tenantId = null
     this.defaultUserValues = this.populateDefaultUserValues()
   }
 
@@ -154,19 +152,10 @@ class TestConfiguration {
 
   // use a new id as the name to avoid name collisions
   async init(appName = newid()) {
-    this.defaultUserValues = this.populateDefaultUserValues()
-    if (context.isMultiTenant()) {
-      this.tenantId = structures.tenant.id()
-    }
-
     if (!this.started) {
       await startup()
     }
-    this.user = await this.globalUser()
-    this.globalUserId = this.user._id
-    this.userMetadataId = generateUserMetadataID(this.globalUserId)
-
-    return this.createApp(appName)
+    return this.newTenant(appName)
   }
 
   end() {
@@ -182,24 +171,29 @@ class TestConfiguration {
   }
 
   // MODES
-  #setMultiTenancy = (value: boolean) => {
+  setMultiTenancy = (value: boolean) => {
     env._set("MULTI_TENANCY", value)
     coreEnv._set("MULTI_TENANCY", value)
   }
 
-  #setSelfHosted = (value: boolean) => {
+  setSelfHosted = (value: boolean) => {
     env._set("SELF_HOSTED", value)
     coreEnv._set("SELF_HOSTED", value)
   }
 
+  setGoogleAuth = (value: string) => {
+    env._set("GOOGLE_CLIENT_ID", value)
+    env._set("GOOGLE_CLIENT_SECRET", value)
+    coreEnv._set("GOOGLE_CLIENT_ID", value)
+    coreEnv._set("GOOGLE_CLIENT_SECRET", value)
+  }
+
   modeCloud = () => {
-    this.#setSelfHosted(false)
-    this.#setMultiTenancy(true)
+    this.setSelfHosted(false)
   }
 
   modeSelf = () => {
-    this.#setSelfHosted(true)
-    this.#setMultiTenancy(false)
+    this.setSelfHosted(true)
   }
 
   // UTILS
@@ -354,6 +348,8 @@ class TestConfiguration {
     })
   }
 
+  // HEADERS
+
   defaultHeaders(extras = {}) {
     const tenantId = this.getTenantId()
     const authObj: AuthToken = {
@@ -374,6 +370,7 @@ class TestConfiguration {
         `${constants.Cookie.CurrentApp}=${appToken}`,
       ],
       [constants.Header.CSRF_TOKEN]: this.defaultUserValues.csrfToken,
+      Host: this.tenantHost(),
       ...extras,
     }
 
@@ -383,10 +380,6 @@ class TestConfiguration {
     return headers
   }
 
-  getTenantId() {
-    return this.tenantId || TENANT_ID
-  }
-
   publicHeaders({ prodApp = true } = {}) {
     const appId = prodApp ? this.prodAppId : this.appId
 
@@ -397,9 +390,7 @@ class TestConfiguration {
       headers[constants.Header.APP_ID] = appId
     }
 
-    if (this.tenantId) {
-      headers[constants.Header.TENANT_ID] = this.tenantId
-    }
+    headers[constants.Header.TENANT_ID] = this.getTenantId()
 
     return headers
   }
@@ -413,6 +404,34 @@ class TestConfiguration {
     return this.login({ email, roleId, builder, prodApp })
   }
 
+  // TENANCY
+
+  tenantHost() {
+    const tenantId = this.getTenantId()
+    const platformHost = new URL(coreEnv.PLATFORM_URL).host.split(":")[0]
+    return `${tenantId}.${platformHost}`
+  }
+
+  getTenantId() {
+    if (!this.tenantId) {
+      throw new Error("no test tenant id - init has not been called")
+    }
+    return this.tenantId
+  }
+
+  async newTenant(appName = newid()): Promise<App> {
+    this.defaultUserValues = this.populateDefaultUserValues()
+    this.tenantId = structures.tenant.id()
+    this.user = await this.globalUser()
+    this.globalUserId = this.user._id
+    this.userMetadataId = generateUserMetadataID(this.globalUserId)
+    return this.createApp(appName)
+  }
+
+  doInTenant(task: any) {
+    return context.doInTenant(this.getTenantId(), task)
+  }
+
   // API
 
   async generateApiKey(userId = this.defaultUserValues.globalUserId) {
@@ -432,7 +451,7 @@ class TestConfiguration {
   }
 
   // APP
-  async createApp(appName: string) {
+  async createApp(appName: string): Promise<App> {
     // create dev app
     // clear any old app
     this.appId = null
@@ -442,7 +461,7 @@ class TestConfiguration {
         null,
         controllers.app.create
       )
-      this.appId = this.app.appId
+      this.appId = this.app?.appId!
     })
     return await context.doInAppContext(this.appId, async () => {
       // create production app
diff --git a/packages/server/src/tests/utilities/structures.ts b/packages/server/src/tests/utilities/structures.ts
index c1959dc791..e38c0a5275 100644
--- a/packages/server/src/tests/utilities/structures.ts
+++ b/packages/server/src/tests/utilities/structures.ts
@@ -13,8 +13,6 @@ import {
 
 const { v4: uuidv4 } = require("uuid")
 
-export const TENANT_ID = "default"
-
 export function basicTable() {
   return {
     name: "TestTable",
diff --git a/packages/server/src/utilities/global.ts b/packages/server/src/utilities/global.ts
index c9161aa426..45e58c8419 100644
--- a/packages/server/src/utilities/global.ts
+++ b/packages/server/src/utilities/global.ts
@@ -35,8 +35,6 @@ export function updateAppRole(
     user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN
   } else if (!user.roleId && !user?.userGroups?.length) {
     user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
-  } else if (user?.userGroups?.length) {
-    user.roleId = undefined
   }
 
   delete user.roles
diff --git a/packages/server/tsconfig.json b/packages/server/tsconfig.json
index dba0d6328a..5f4ee1a701 100644
--- a/packages/server/tsconfig.json
+++ b/packages/server/tsconfig.json
@@ -9,6 +9,7 @@
       "@budibase/types": ["../types/src"],
       "@budibase/backend-core": ["../backend-core/src"],
       "@budibase/backend-core/*": ["../backend-core/*"],
+      "@budibase/shared-core": ["../shared-core/src"],
       "@budibase/pro": ["../../../budibase-pro/packages/pro/src"]
     }
   },
@@ -19,15 +20,9 @@
   "references": [
     { "path": "../types" },
     { "path": "../backend-core" },
+    { "path": "../shared-core" },
     { "path": "../../../budibase-pro/packages/pro" }
   ],
-  "include": [
-    "src/**/*",
-    "specs",
-    "package.json"
-  ],
-  "exclude": [
-    "node_modules",
-    "dist"
-  ]
-}
\ No newline at end of file
+  "include": ["src/**/*", "specs", "package.json"],
+  "exclude": ["node_modules", "dist"]
+}
diff --git a/packages/server/yarn.lock b/packages/server/yarn.lock
index 0526603777..09204eb44a 100644
--- a/packages/server/yarn.lock
+++ b/packages/server/yarn.lock
@@ -1278,14 +1278,14 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.18-alpha.12.tgz#ad1b16be64b78b596af2b5f75647c32e8f6f101a"
-  integrity sha512-E1NEO+/sNkkRqn/xk9XQmFBO9/dl27w9EB0QGztti/16JV9NgxyDQCJIdGwlD08s1y/lUwOKk0TkSZJs+CTYDw==
+"@budibase/backend-core@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.4.12-alpha.0.tgz#4ca56bd24a9ff8a744436dd8754a98e1cb314a99"
+  integrity sha512-GCZwU/vO4itHxbtdDug8LseBU6S3EMHfB2BjvAIqfR3rGtA6n8i8fWJKBxuJY4b3IWbGynGZLYM/y4oRHVY1HA==
   dependencies:
-    "@budibase/nano" "10.1.1"
+    "@budibase/nano" "10.1.2"
     "@budibase/pouchdb-replication-stream" "1.2.10"
-    "@budibase/types" "2.3.18-alpha.12"
+    "@budibase/types" "2.4.12-alpha.0"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-cloudfront-sign "2.2.0"
@@ -1367,10 +1367,35 @@
     svelte-flatpickr "^3.2.3"
     svelte-portal "^1.0.0"
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/handlebars-helpers@^0.11.8":
+  version "0.11.8"
+  resolved "https://registry.yarnpkg.com/@budibase/handlebars-helpers/-/handlebars-helpers-0.11.8.tgz#6953d29673a8c5c407e096c0a84890465c7ce841"
+  integrity sha512-ggWJUt0GqsHFAEup5tlWlcrmYML57nKhpNGGLzVsqXVYN8eVmf3xluYmmMe7fDYhQH0leSprrdEXmsdFQF3HAQ==
+  dependencies:
+    array-sort "^1.0.0"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    for-in "^1.0.2"
+    get-object "^0.2.0"
+    get-value "^3.0.1"
+    handlebars "^4.7.7"
+    handlebars-utils "^1.0.6"
+    has-value "^2.0.2"
+    helper-md "^0.2.2"
+    html-tag "^2.0.0"
+    is-even "^1.0.0"
+    is-glob "^4.0.1"
+    kind-of "^6.0.3"
+    micromatch "^3.1.5"
+    relative "^3.0.2"
+    striptags "^3.1.1"
+    to-gfm-code-block "^0.1.1"
+    year "^0.2.1"
+
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
@@ -1392,18 +1417,20 @@
     pouchdb-promise "^6.0.4"
     through2 "^2.0.0"
 
-"@budibase/pro@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.18-alpha.12.tgz#be552b3a9f5850e746081540d6586aae69147bec"
-  integrity sha512-M3b0njzSi47KH6uaQfYPoA2KWrjPiwcU3ONyaVWXHIktVrIKtYaFwOLBr/dmWGfMrL2297SSqg7V4DTaLyAhnw==
+"@budibase/pro@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.4.12-alpha.0.tgz#27f0b52b19eb50bab5337ae04791a36b0e7d44b9"
+  integrity sha512-sXYKrR25CGDQj4+3SIXhPM0z7kDyLQwclHMag+5OewT9wHqKS6nKFLy3k+4eYDnus99t4MBv6EDXVnhb/gEjBQ==
   dependencies:
-    "@budibase/backend-core" "2.3.18-alpha.12"
-    "@budibase/types" "2.3.18-alpha.12"
+    "@budibase/backend-core" "2.4.12-alpha.0"
+    "@budibase/string-templates" "2.3.20"
+    "@budibase/types" "2.4.12-alpha.0"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
     jsonwebtoken "8.5.1"
     lru-cache "^7.14.1"
+    memorystream "^0.3.1"
     node-fetch "^2.6.1"
 
 "@budibase/standard-components@^0.9.139":
@@ -1424,10 +1451,22 @@
     svelte-apexcharts "^1.0.2"
     svelte-flatpickr "^3.1.0"
 
-"@budibase/types@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.18-alpha.12.tgz#a63eb978ccc7e55c209b3e9d71f9aecf7facc0d1"
-  integrity sha512-27o2BmI/HXIR3frZ8FtqHgAe1hd8jPIzgPaEhKrQiYJ/opUVccqupx9ld75Hyk9E6cdXu0UF0/+LxPpUmMugag==
+"@budibase/string-templates@2.3.20":
+  version "2.3.20"
+  resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-2.3.20.tgz#35f74b6f515e8127cc375ee0a4679b0a7c117588"
+  integrity sha512-wMKau3IzVF6M+dRu99aKV1yMdrrK5lghVm9qYtR1B163SMbHEwC8JmZFGPLIi1XsG0T+vw+xfcemfJ2zcATWwg==
+  dependencies:
+    "@budibase/handlebars-helpers" "^0.11.8"
+    dayjs "^1.10.4"
+    handlebars "^4.7.6"
+    handlebars-utils "^1.0.6"
+    lodash "^4.17.20"
+    vm2 "^3.9.4"
+
+"@budibase/types@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.4.12-alpha.0.tgz#f46f4d5db05db0c98aca6bd572c2be0d27ec1961"
+  integrity sha512-NziMSJMDA070h/wfb/cTv8ZYHaUyLwEHqDXfMqy/XxGMruR+5u6uxRxvSAhg2EwNjmyRGhuBTUUsA/m5Wghj8g==
 
 "@bull-board/api@3.7.0":
   version "3.7.0"
@@ -4230,7 +4269,7 @@ arg@^4.1.0:
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
   integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
 
-argparse@^1.0.7:
+argparse@^1.0.10, argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
   integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
@@ -4277,6 +4316,15 @@ array-equal@^1.0.0:
   resolved "https://registry.yarnpkg.com/array-equal/-/array-equal-1.0.0.tgz#8c2a5ef2472fd9ea742b04c77a75093ba2757c93"
   integrity sha512-H3LU5RLiSsGXPhN+Nipar0iR0IofH+8r89G2y1tBKxQ/agagKyAjhkAFDRBfodP2caPrNKHpAWNIM/c9yeL7uA==
 
+array-sort@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/array-sort/-/array-sort-1.0.0.tgz#e4c05356453f56f53512a7d1d6123f2c54c0a88a"
+  integrity sha512-ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg==
+  dependencies:
+    default-compare "^1.0.0"
+    get-value "^2.0.6"
+    kind-of "^5.0.2"
+
 array-union@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d"
@@ -4420,6 +4468,13 @@ atomic-sleep@^1.0.0:
   resolved "https://registry.yarnpkg.com/atomic-sleep/-/atomic-sleep-1.0.0.tgz#eb85b77a601fc932cfe432c5acd364a9e2c9075b"
   integrity sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==
 
+autolinker@~0.28.0:
+  version "0.28.1"
+  resolved "https://registry.yarnpkg.com/autolinker/-/autolinker-0.28.1.tgz#0652b491881879f0775dace0cdca3233942a4e47"
+  integrity sha512-zQAFO1Dlsn69eXaO6+7YZc+v84aquQKbwpzCE3L0stj56ERn9hutFxPopViLjo9G+rWwjozRhgS5KJ25Xy19cQ==
+  dependencies:
+    gulp-header "^1.7.1"
+
 available-typed-arrays@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7"
@@ -5500,6 +5555,13 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+concat-with-sourcemaps@*:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/concat-with-sourcemaps/-/concat-with-sourcemaps-1.1.0.tgz#d4ea93f05ae25790951b99e7b3b09e3908a4082e"
+  integrity sha512-4gEjHJFT9e+2W/77h/DS5SGUgwDaOwprX8L/gl5+3ixnzkVJJsZWDSelmN3Oilw3LNDZjZV0yqH1hLG3k6nghg==
+  dependencies:
+    source-map "^0.6.1"
+
 condense-newlines@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/condense-newlines/-/condense-newlines-0.2.1.tgz#3de985553139475d32502c83b02f60684d24c55f"
@@ -5941,6 +6003,13 @@ deepmerge@^4.2.2:
   resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
   integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
 
+default-compare@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/default-compare/-/default-compare-1.0.0.tgz#cb61131844ad84d84788fb68fd01681ca7781a2f"
+  integrity sha512-QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ==
+  dependencies:
+    kind-of "^5.0.2"
+
 default-shell@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/default-shell/-/default-shell-1.0.1.tgz#752304bddc6174f49eb29cb988feea0b8813c8bc"
@@ -6122,20 +6191,13 @@ dir-glob@^3.0.1:
   dependencies:
     path-type "^4.0.0"
 
-docker-compose@0.23.17:
+docker-compose@0.23.17, docker-compose@^0.23.5:
   version "0.23.17"
   resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.17.tgz#8816bef82562d9417dc8c790aa4871350f93a2ba"
   integrity sha512-YJV18YoYIcxOdJKeFcCFihE6F4M2NExWM/d4S1ITcS9samHKnNUihz9kjggr0dNtsrbpFNc7/Yzd19DWs+m1xg==
   dependencies:
     yaml "^1.10.2"
 
-docker-compose@^0.23.5:
-  version "0.23.19"
-  resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.19.tgz#9947726e2fe67bdfa9e8efe1ff15aa0de2e10eb8"
-  integrity sha512-v5vNLIdUqwj4my80wxFDkNH+4S85zsRuH29SO7dCWVWPCMt/ohZBsGN6g6KXWifT0pzQ7uOxqEKCYCDPJ8Vz4g==
-  dependencies:
-    yaml "^1.10.2"
-
 docker-modem@^3.0.0:
   version "3.0.6"
   resolved "https://registry.yarnpkg.com/docker-modem/-/docker-modem-3.0.6.tgz#8c76338641679e28ec2323abb65b3276fb1ce597"
@@ -6424,6 +6486,11 @@ enhanced-resolve@^5.9.3:
     graceful-fs "^4.2.4"
     tapable "^2.2.0"
 
+ent@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d"
+  integrity sha512-GHrMyVZQWvTIdDtpiEXdHZnFQKzeO09apj8Cbl4pKWy4i0Oprcq17usfDt5aO63swf0JOeMWjWQE/LzgSRuWpA==
+
 entities@~2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5"
@@ -6983,6 +7050,11 @@ expose-loader@^3.1.0:
   resolved "https://registry.yarnpkg.com/expose-loader/-/expose-loader-3.1.0.tgz#7a0bdecb345b921ca238a8c4715a4ea7e227213f"
   integrity sha512-2RExSo0yJiqP+xiUue13jQa2IHE8kLDzTI7b6kn+vUlBVvlzNSiLDzo4e5Pp5J039usvTUnxZ8sUOhv0Kg15NA==
 
+express-useragent@^1.0.15:
+  version "1.0.15"
+  resolved "https://registry.yarnpkg.com/express-useragent/-/express-useragent-1.0.15.tgz#cefda5fa4904345d51d3368b117a8dd4124985d9"
+  integrity sha512-eq5xMiYCYwFPoekffMjvEIk+NWdlQY9Y38OsTyl13IvA728vKT+q/CSERYWzcw93HGBJcIqMIsZC5CZGARPVdg==
+
 ext-list@^2.0.0:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/ext-list/-/ext-list-2.2.2.tgz#0b98e64ed82f5acf0f2931babf69212ef52ddd37"
@@ -7619,6 +7691,14 @@ get-intrinsic@^1.0.2, get-intrinsic@^1.1.0, get-intrinsic@^1.1.1:
     has "^1.0.3"
     has-symbols "^1.0.3"
 
+get-object@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/get-object/-/get-object-0.2.0.tgz#d92ff7d5190c64530cda0543dac63a3d47fe8c0c"
+  integrity sha512-7P6y6k6EzEFmO/XyUyFlXm1YLJy9xeA1x/grNV8276abX5GuwUtYgKFkRFkLixw4hf4Pz9q2vgv/8Ar42R0HuQ==
+  dependencies:
+    is-number "^2.0.2"
+    isobject "^0.2.0"
+
 get-package-type@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a"
@@ -7681,6 +7761,13 @@ get-value@^2.0.3, get-value@^2.0.6:
   resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
   integrity sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA==
 
+get-value@^3.0.0, get-value@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-3.0.1.tgz#5efd2a157f1d6a516d7524e124ac52d0a39ef5a8"
+  integrity sha512-mKZj9JLQrwMBtj5wxi6MH8Z5eSKaERpAwjg43dPtlGI1ZVEgH/qC7T8/6R2OBSUA+zzHBZgICsVJaEIV2tKTDA==
+  dependencies:
+    isobject "^3.0.1"
+
 getopts@2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/getopts/-/getopts-2.3.0.tgz#71e5593284807e03e2427449d4f6712a268666f4"
@@ -7968,7 +8055,24 @@ gtoken@^5.0.4:
     google-p12-pem "^3.1.3"
     jws "^4.0.0"
 
-handlebars@^4.7.7:
+gulp-header@^1.7.1:
+  version "1.8.12"
+  resolved "https://registry.yarnpkg.com/gulp-header/-/gulp-header-1.8.12.tgz#ad306be0066599127281c4f8786660e705080a84"
+  integrity sha512-lh9HLdb53sC7XIZOYzTXM4lFuXElv3EVkSDhsd7DoJBj7hm+Ni7D3qYbb+Rr8DuM8nRanBvkVO9d7askreXGnQ==
+  dependencies:
+    concat-with-sourcemaps "*"
+    lodash.template "^4.4.0"
+    through2 "^2.0.0"
+
+handlebars-utils@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/handlebars-utils/-/handlebars-utils-1.0.6.tgz#cb9db43362479054782d86ffe10f47abc76357f9"
+  integrity sha512-d5mmoQXdeEqSKMtQQZ9WkiUcO1E3tPbWxluCK9hVgIDPzQa9WsKo3Lbe/sGflTe7TomHEeZaOgwIkyIr1kfzkw==
+  dependencies:
+    kind-of "^6.0.0"
+    typeof-article "^0.1.1"
+
+handlebars@^4.7.6, handlebars@^4.7.7:
   version "4.7.7"
   resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
   integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
@@ -8062,6 +8166,14 @@ has-value@^1.0.0:
     has-values "^1.0.0"
     isobject "^3.0.0"
 
+has-value@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-2.0.2.tgz#d0f12e8780ba8e90e66ad1a21c707fdb67c25658"
+  integrity sha512-ybKOlcRsK2MqrM3Hmz/lQxXHZ6ejzSPzpNabKB45jb5qDgJvKPa3SdapTsTLwEb9WltgWpOmNax7i+DzNOk4TA==
+  dependencies:
+    get-value "^3.0.0"
+    has-values "^2.0.1"
+
 has-values@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
@@ -8075,6 +8187,13 @@ has-values@^1.0.0:
     is-number "^3.0.0"
     kind-of "^4.0.0"
 
+has-values@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-2.0.1.tgz#3876200ff86d8a8546a9264a952c17d5fc17579d"
+  integrity sha512-+QdH3jOmq9P8GfdjFg0eJudqx1FqU62NQJ4P16rOEHeRdl7ckgwn6uqQjzYE0ZoHVV/e5E2esuJ5Gl5+HUW19w==
+  dependencies:
+    kind-of "^6.0.2"
+
 has-yarn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77"
@@ -8087,6 +8206,16 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
+helper-md@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/helper-md/-/helper-md-0.2.2.tgz#c1f59d7e55bbae23362fd8a0e971607aec69d41f"
+  integrity sha512-49TaQzK+Ic7ZVTq4i1UZxRUJEmAilTk8hz7q4I0WNUaTclLR8ArJV5B3A1fe1xF2HtsDTr2gYKLaVTof/Lt84Q==
+  dependencies:
+    ent "^2.2.0"
+    extend-shallow "^2.0.1"
+    fs-exists-sync "^0.1.0"
+    remarkable "^1.6.2"
+
 hexoid@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18"
@@ -8121,6 +8250,14 @@ html-escaper@^2.0.0:
   resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
   integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==
 
+html-tag@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/html-tag/-/html-tag-2.0.0.tgz#36c3bc8d816fd30b570d5764a497a641640c2fed"
+  integrity sha512-XxzooSo6oBoxBEUazgjdXj7VwTn/iSTSZzTYKzYY6I916tkaYzypHxy+pbVU1h+0UQ9JlVf5XkNQyxOAiiQO1g==
+  dependencies:
+    is-self-closing "^1.0.1"
+    kind-of "^6.0.0"
+
 http-assert@^1.3.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/http-assert/-/http-assert-1.5.0.tgz#c389ccd87ac16ed2dfa6246fd73b926aa00e6b8f"
@@ -8597,6 +8734,13 @@ is-docker@^2.0.0, is-docker@^2.1.1:
   resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-2.2.1.tgz#33eeabe23cfe86f14bde4408a02c0cfb853acdaa"
   integrity sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==
 
+is-even@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-even/-/is-even-1.0.0.tgz#76b5055fbad8d294a86b6a949015e1c97b717c06"
+  integrity sha512-LEhnkAdJqic4Dbqn58A0y52IXoHWlsueqQkKfMfdEnIYG8A1sm/GHidKkS6yvXlMoRrkM34csHnXQtOqcb+Jzg==
+  dependencies:
+    is-odd "^0.1.2"
+
 is-extendable@^0.1.0, is-extendable@^0.1.1:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
@@ -8703,6 +8847,13 @@ is-number-object@^1.0.4:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-number@^2.0.2:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-2.1.0.tgz#01fcbbb393463a548f2f466cce16dece49db908f"
+  integrity sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==
+  dependencies:
+    kind-of "^3.0.2"
+
 is-number@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
@@ -8725,6 +8876,13 @@ is-object@^1.0.1:
   resolved "https://registry.yarnpkg.com/is-object/-/is-object-1.0.2.tgz#a56552e1c665c9e950b4a025461da87e72f86fcf"
   integrity sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==
 
+is-odd@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/is-odd/-/is-odd-0.1.2.tgz#bc573b5ce371ef2aad6e6f49799b72bef13978a7"
+  integrity sha512-Ri7C2K7o5IrUU9UEI8losXJCCD/UtsaIrkR5sxIcFg4xQ9cRJXlWA5DQvTE0yDc0krvSNLsRGXN11UPS6KyfBw==
+  dependencies:
+    is-number "^3.0.0"
+
 is-path-inside@^3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
@@ -8765,6 +8923,13 @@ is-retry-allowed@^2.2.0:
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz#88f34cbd236e043e71b6932d09b0c65fb7b4d71d"
   integrity sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==
 
+is-self-closing@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-self-closing/-/is-self-closing-1.0.1.tgz#5f406b527c7b12610176320338af0fa3896416e4"
+  integrity sha512-E+60FomW7Blv5GXTlYee2KDrnG6srxF7Xt1SjrhWUGUEsTFIqY/nq2y3DaftCsgUMdh89V07IVfhY9KIJhLezg==
+  dependencies:
+    self-closing-tags "^1.0.1"
+
 is-shared-array-buffer@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79"
@@ -8880,6 +9045,11 @@ isexe@^2.0.0:
   resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isobject@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-0.2.0.tgz#a3432192f39b910b5f02cc989487836ec70aa85e"
+  integrity sha512-VaWq6XYAsbvM0wf4dyBO7WH9D7GosB7ZZlqrawI9BBiTMINBeCyqSKBa35m870MY3O4aM31pYyZi9DfGrYMJrQ==
+
 isobject@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
@@ -10074,7 +10244,7 @@ keyv@^3.0.0:
   dependencies:
     json-buffer "3.0.0"
 
-kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
+kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.1.0, kind-of@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
   integrity sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==
@@ -10088,12 +10258,12 @@ kind-of@^4.0.0:
   dependencies:
     is-buffer "^1.1.5"
 
-kind-of@^5.0.0:
+kind-of@^5.0.0, kind-of@^5.0.2:
   version "5.1.0"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
   integrity sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==
 
-kind-of@^6.0.0, kind-of@^6.0.2:
+kind-of@^6.0.0, kind-of@^6.0.2, kind-of@^6.0.3:
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
   integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
@@ -10243,6 +10413,13 @@ koa-static@5.0.0, koa-static@^5.0.0:
     debug "^3.1.0"
     koa-send "^5.0.0"
 
+koa-useragent@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/koa-useragent/-/koa-useragent-4.1.0.tgz#d3f128b552c6da3e5e9e9e9c887b2922b16e4468"
+  integrity sha512-x/HUDZ1zAmNNh5hA9hHbPm9p3UVg2prlpHzxCXQCzbibrNS0kmj7MkCResCbAbG7ZT6FVxNSMjR94ZGamdMwxA==
+  dependencies:
+    express-useragent "^1.0.15"
+
 koa-views@^7.0.1:
   version "7.0.2"
   resolved "https://registry.yarnpkg.com/koa-views/-/koa-views-7.0.2.tgz#c96fd9e2143ef00c29dc5160c5ed639891aa723d"
@@ -10513,6 +10690,11 @@ locate-path@^5.0.0:
   dependencies:
     p-locate "^4.1.0"
 
+lodash._reinterpolate@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
+  integrity sha512-xYHt68QRoYGjeeM/XOE1uJtvXQAgvszfBhjV4yvsQH0u2i9I6cI6c6/eG4Hh3UAOVn0y/xAXwmTzEay49Q//HA==
+
 lodash.camelcase@^4.3.0:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6"
@@ -10623,6 +10805,21 @@ lodash.sortby@^4.7.0:
   resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
   integrity sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==
 
+lodash.template@^4.4.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
+  integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+    lodash.templatesettings "^4.0.0"
+
+lodash.templatesettings@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz#e481310f049d3cf6d47e912ad09313b154f0fb33"
+  integrity sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+
 lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
@@ -10638,7 +10835,7 @@ lodash.xor@^4.5.0:
   resolved "https://registry.yarnpkg.com/lodash.xor/-/lodash.xor-4.5.0.tgz#4d48ed7e98095b0632582ba714d3ff8ae8fb1db6"
   integrity sha512-sVN2zimthq7aZ5sPGXnSz32rZPuqcparVW50chJQe+mzTYV+IsxSsl/2gnkWWE2Of7K3myBQBqtLKOUEHJKRsQ==
 
-lodash@4.17.21, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.21, lodash@^4.17.3:
+lodash@4.17.21, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.3:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
@@ -10706,7 +10903,12 @@ lru-cache@^6.0.0:
   dependencies:
     yallist "^4.0.0"
 
-lru-cache@^7.14.0, lru-cache@^7.14.1:
+lru-cache@^7.14.0:
+  version "7.16.1"
+  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.16.1.tgz#7acea16fecd9ed11430e78443c2bb81a06d3dea9"
+  integrity sha512-9kkuMZHnLH/8qXARvYSjNvq8S1GYFFzynQTAfKeaJ0sIrR3PUPuu37Z+EiIANiZBvpfTf2B5y8ecDLSMWlLv+w==
+
+lru-cache@^7.14.1:
   version "7.14.1"
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.14.1.tgz#8da8d2f5f59827edb388e63e459ac23d6d408fea"
   integrity sha512-ysxwsnTKdAx96aTRdhDOCQfDgbHnt8SK0KY8SEjO0wHinhWOFTESbjVCMPbU1uGXg/ch4lifqx0wfjOawU2+WA==
@@ -10865,7 +11067,7 @@ memory-pager@^1.0.2:
   resolved "https://registry.yarnpkg.com/memory-pager/-/memory-pager-1.5.0.tgz#d8751655d22d384682741c972f2c3d6dfa3e66b5"
   integrity sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==
 
-memorystream@0.3.1:
+memorystream@0.3.1, memorystream@^0.3.1:
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2"
   integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw==
@@ -10890,7 +11092,7 @@ methods@^1.1.2:
   resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
   integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
 
-micromatch@^3.1.10, micromatch@^3.1.4:
+micromatch@^3.1.10, micromatch@^3.1.4, micromatch@^3.1.5:
   version "3.1.10"
   resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
   integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==
@@ -13086,6 +13288,21 @@ relative-microtime@^2.0.0:
   resolved "https://registry.yarnpkg.com/relative-microtime/-/relative-microtime-2.0.0.tgz#cceed2af095ecd72ea32011279c79e5fcc7de29b"
   integrity sha512-l18ha6HEZc+No/uK4GyAnNxgKW7nvEe35IaeN54sShMojtqik2a6GbTyuiezkjpPaqP874Z3lW5ysBo5irz4NA==
 
+relative@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/relative/-/relative-3.0.2.tgz#0dcd8ec54a5d35a3c15e104503d65375b5a5367f"
+  integrity sha512-Q5W2qeYtY9GbiR8z1yHNZ1DGhyjb4AnLEjt8iE6XfcC1QIu+FAtj3HQaO0wH28H1mX6cqNLvAqWhP402dxJGyA==
+  dependencies:
+    isobject "^2.0.0"
+
+remarkable@^1.6.2:
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/remarkable/-/remarkable-1.7.4.tgz#19073cb960398c87a7d6546eaa5e50d2022fcd00"
+  integrity sha512-e6NKUXgX95whv7IgddywbeN/ItCkWbISmc2DiqHJb0wTrqZIexqdco5b8Z3XZoo/48IdNVKM9ZCvTPJ4F5uvhg==
+  dependencies:
+    argparse "^1.0.10"
+    autolinker "~0.28.0"
+
 remove-trailing-separator@^1.0.1:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz#c24bce2a283adad5bc3f58e0d48249b92379d8ef"
@@ -13434,6 +13651,11 @@ seek-bzip@^1.0.5:
   dependencies:
     commander "^2.8.1"
 
+self-closing-tags@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/self-closing-tags/-/self-closing-tags-1.0.1.tgz#6c5fa497994bb826b484216916371accee490a5d"
+  integrity sha512-7t6hNbYMxM+VHXTgJmxwgZgLGktuXtVVD5AivWzNTdJBM4DBjnDKDzkf2SrNjihaArpeJYNjxkELBu1evI4lQA==
+
 semver-compare@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc"
@@ -14222,6 +14444,11 @@ strip-outer@^1.0.0:
   dependencies:
     escape-string-regexp "^1.0.2"
 
+striptags@^3.1.1:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/striptags/-/striptags-3.2.0.tgz#cc74a137db2de8b0b9a370006334161f7dd67052"
+  integrity sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==
+
 style-loader@^3.3.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-3.3.1.tgz#057dfa6b3d4d7c7064462830f9113ed417d38575"
@@ -14706,6 +14933,11 @@ to-fast-properties@^2.0.0:
   resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
   integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
 
+to-gfm-code-block@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/to-gfm-code-block/-/to-gfm-code-block-0.1.1.tgz#25d045a5fae553189e9637b590900da732d8aa82"
+  integrity sha512-LQRZWyn8d5amUKnfR9A9Uu7x9ss7Re8peuWR2gkh1E+ildOfv2aF26JpuDg8JtvCduu5+hOrMIH+XstZtnagqg==
+
 to-json-schema@0.2.5:
   version "0.2.5"
   resolved "https://registry.yarnpkg.com/to-json-schema/-/to-json-schema-0.2.5.tgz#ef3c3f11ad64460dcfbdbafd0fd525d69d62a98f"
@@ -14974,6 +15206,13 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
+typeof-article@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/typeof-article/-/typeof-article-0.1.1.tgz#9f07e733c3fbb646ffa9e61c08debacd460e06af"
+  integrity sha512-Vn42zdX3FhmUrzEmitX3iYyLb+Umwpmv8fkZRIknYh84lmdrwqZA5xYaoKiIj2Rc5i/5wcDrpUmZcbk1U51vTw==
+  dependencies:
+    kind-of "^3.1.0"
+
 typeof@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/typeof/-/typeof-1.0.0.tgz#9c84403f2323ae5399167275497638ea1d2f2440"
@@ -15334,6 +15573,14 @@ vm2@3.9.11:
     acorn "^8.7.0"
     acorn-walk "^8.2.0"
 
+vm2@^3.9.4:
+  version "3.9.14"
+  resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.14.tgz#964042b474cf1e6e4f475a39144773cdb9deb734"
+  integrity sha512-HgvPHYHeQy8+QhzlFryvSteA4uQLBCOub02mgqdR+0bN/akRZ48TGB1v0aCv7ksyc0HXx16AZtMHKS38alc6TA==
+  dependencies:
+    acorn "^8.7.0"
+    acorn-walk "^8.2.0"
+
 vuvuzela@1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/vuvuzela/-/vuvuzela-1.0.3.tgz#3be145e58271c73ca55279dd851f12a682114b0b"
@@ -15895,6 +16142,11 @@ yauzl@^2.4.2:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
 
+year@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/year/-/year-0.2.1.tgz#4083ae520a318b23ec86037f3000cb892bdf9bb0"
+  integrity sha512-9GnJUZ0QM4OgXuOzsKNzTJ5EOkums1Xc+3YQXp+Q+UxFjf7zLucp9dQ8QMIft0Szs1E1hUiXFim1OYfEKFq97w==
+
 ylru@^1.2.0:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/ylru/-/ylru-1.3.2.tgz#0de48017473275a4cbdfc83a1eaf67c01af8a785"
diff --git a/packages/shared-core/.gitignore b/packages/shared-core/.gitignore
new file mode 100644
index 0000000000..04c01ba7ba
--- /dev/null
+++ b/packages/shared-core/.gitignore
@@ -0,0 +1,2 @@
+node_modules/
+dist/
\ No newline at end of file
diff --git a/packages/shared-core/package.json b/packages/shared-core/package.json
new file mode 100644
index 0000000000..221ff7ae34
--- /dev/null
+++ b/packages/shared-core/package.json
@@ -0,0 +1,30 @@
+{
+  "name": "@budibase/shared-core",
+  "version": "2.4.12-alpha.0",
+  "description": "Shared data utils",
+  "main": "dist/cjs/src/index.js",
+  "types": "dist/mjs/src/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/mjs/src/index.js",
+      "require": "./dist/cjs/src/index.js"
+    },
+    "./package.json": "./dist/mjs/package.json"
+  },
+  "author": "Budibase",
+  "license": "GPL-3.0",
+  "scripts": {
+    "prebuild": "rimraf dist/",
+    "build": "tsc -p tsconfig.build.json && tsc -p tsconfig-cjs.build.json",
+    "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
+    "dev:builder": "yarn prebuild && concurrently \"tsc -p tsconfig.build.json --watch\" \"tsc -p tsconfig-cjs.build.json --watch\""
+  },
+  "dependencies": {
+    "@budibase/types": "2.4.5-alpha.0"
+  },
+  "devDependencies": {
+    "concurrently": "^7.6.0",
+    "rimraf": "3.0.2",
+    "typescript": "4.7.3"
+  }
+}
diff --git a/packages/shared-core/src/constants.ts b/packages/shared-core/src/constants.ts
new file mode 100644
index 0000000000..35b02d1e15
--- /dev/null
+++ b/packages/shared-core/src/constants.ts
@@ -0,0 +1,69 @@
+export const OperatorOptions = {
+  Equals: {
+    value: "equal",
+    label: "Equals",
+  },
+  NotEquals: {
+    value: "notEqual",
+    label: "Not equals",
+  },
+  Empty: {
+    value: "empty",
+    label: "Is empty",
+  },
+  NotEmpty: {
+    value: "notEmpty",
+    label: "Is not empty",
+  },
+  StartsWith: {
+    value: "string",
+    label: "Starts with",
+  },
+  Like: {
+    value: "fuzzy",
+    label: "Like",
+  },
+  MoreThan: {
+    value: "rangeLow",
+    label: "More than or equal to",
+  },
+  LessThan: {
+    value: "rangeHigh",
+    label: "Less than or equal to",
+  },
+  Contains: {
+    value: "contains",
+    label: "Contains",
+  },
+  NotContains: {
+    value: "notContains",
+    label: "Does not contain",
+  },
+  In: {
+    value: "oneOf",
+    label: "Is in",
+  },
+  ContainsAny: {
+    value: "containsAny",
+    label: "Has any",
+  },
+}
+
+export const SqlNumberTypeRangeMap = {
+  integer: {
+    max: 2147483647,
+    min: -2147483648,
+  },
+  int: {
+    max: 2147483647,
+    min: -2147483648,
+  },
+  smallint: {
+    max: 32767,
+    min: -32768,
+  },
+  mediumint: {
+    max: 8388607,
+    min: -8388608,
+  },
+}
diff --git a/packages/frontend-core/src/utils/lucene.js b/packages/shared-core/src/filters.ts
similarity index 60%
rename from packages/frontend-core/src/utils/lucene.js
rename to packages/shared-core/src/filters.ts
index 427d8f8b97..2486ca1050 100644
--- a/packages/frontend-core/src/utils/lucene.js
+++ b/packages/shared-core/src/filters.ts
@@ -1,5 +1,6 @@
-import { Helpers } from "@budibase/bbui"
-import { OperatorOptions, SqlNumberTypeRangeMap } from "../constants"
+import { Datasource, FieldType, SortDirection, SortType } from "@budibase/types"
+import { OperatorOptions, SqlNumberTypeRangeMap } from "./constants"
+import { deepGet } from "./helpers"
 
 const HBS_REGEX = /{{([^{].*?)}}/g
 
@@ -7,7 +8,11 @@ const HBS_REGEX = /{{([^{].*?)}}/g
  * Returns the valid operator options for a certain data type
  * @param type the data type
  */
-export const getValidOperatorsForType = (type, field, datasource) => {
+export const getValidOperatorsForType = (
+  type: FieldType,
+  field: string,
+  datasource: Datasource & { tableId: any } // TODO: is this table id ever populated?
+) => {
   const Op = OperatorOptions
   const stringOps = [
     Op.Equals,
@@ -27,7 +32,10 @@ export const getValidOperatorsForType = (type, field, datasource) => {
     Op.NotEmpty,
     Op.In,
   ]
-  let ops = []
+  let ops: {
+    value: string
+    label: string
+  }[] = []
   if (type === "string") {
     ops = stringOps
   } else if (type === "number") {
@@ -70,13 +78,13 @@ export const NoEmptyFilterStrings = [
   OperatorOptions.NotEquals.value,
   OperatorOptions.Contains.value,
   OperatorOptions.NotContains.value,
-]
+] as (keyof QueryFields)[]
 
 /**
  * Removes any fields that contain empty strings that would cause inconsistent
  * behaviour with how backend tables are filtered (no value means no filter).
  */
-const cleanupQuery = query => {
+const cleanupQuery = (query: Query) => {
   if (!query) {
     return query
   }
@@ -84,9 +92,10 @@ const cleanupQuery = query => {
     if (!query[filterField]) {
       continue
     }
-    for (let [key, value] of Object.entries(query[filterField])) {
+
+    for (let [key, value] of Object.entries(query[filterField]!)) {
       if (value == null || value === "") {
-        delete query[filterField][key]
+        delete query[filterField]![key]
       }
     }
   }
@@ -96,7 +105,7 @@ const cleanupQuery = query => {
 /**
  * Removes a numeric prefix on field names designed to give fields uniqueness
  */
-const removeKeyNumbering = key => {
+const removeKeyNumbering = (key: string) => {
   if (typeof key === "string" && key.match(/\d[0-9]*:/g) != null) {
     const parts = key.split(":")
     parts.shift()
@@ -106,12 +115,66 @@ const removeKeyNumbering = key => {
   }
 }
 
+type Filter = {
+  operator: keyof Query
+  field: string
+  type: any
+  value: any
+  externalType: keyof typeof SqlNumberTypeRangeMap
+}
+
+type Query = QueryFields & QueryConfig
+type QueryFields = {
+  string?: {
+    [key: string]: string
+  }
+  fuzzy?: {
+    [key: string]: string
+  }
+  range?: {
+    [key: string]: {
+      high: number | string
+      low: number | string
+    }
+  }
+  equal?: {
+    [key: string]: any
+  }
+  notEqual?: {
+    [key: string]: any
+  }
+  empty?: {
+    [key: string]: any
+  }
+  notEmpty?: {
+    [key: string]: any
+  }
+  oneOf?: {
+    [key: string]: any[]
+  }
+  contains?: {
+    [key: string]: any[]
+  }
+  notContains?: {
+    [key: string]: any[]
+  }
+  containsAny?: {
+    [key: string]: any[]
+  }
+}
+
+type QueryConfig = {
+  allOr?: boolean
+}
+
+type QueryFieldsType = keyof QueryFields
+
 /**
  * Builds a lucene JSON query from the filter structure generated in the builder
  * @param filter the builder filter structure
  */
-export const buildLuceneQuery = filter => {
-  let query = {
+export const buildLuceneQuery = (filter: Filter[]) => {
+  let query: Query = {
     string: {},
     fuzzy: {},
     range: {},
@@ -128,7 +191,7 @@ export const buildLuceneQuery = filter => {
     filter.forEach(expression => {
       let { operator, field, type, value, externalType } = expression
       const isHbs =
-        typeof value === "string" && value.match(HBS_REGEX)?.length > 0
+        typeof value === "string" && (value.match(HBS_REGEX) || []).length > 0
       // Parse all values into correct types
       if (operator === "allOr") {
         query.allOr = true
@@ -167,7 +230,7 @@ export const buildLuceneQuery = filter => {
       ) {
         value = value.split(",")
       }
-      if (operator.startsWith("range")) {
+      if (operator.startsWith("range") && query.range) {
         const minint =
           SqlNumberTypeRangeMap[externalType]?.min || Number.MIN_SAFE_INTEGER
         const maxint =
@@ -178,9 +241,13 @@ export const buildLuceneQuery = filter => {
             high: type === "number" ? maxint : "9999-00-00T00:00:00.000Z",
           }
         }
-        if (operator === "rangeLow" && value != null && value !== "") {
+        if ((operator as any) === "rangeLow" && value != null && value !== "") {
           query.range[field].low = value
-        } else if (operator === "rangeHigh" && value != null && value !== "") {
+        } else if (
+          (operator as any) === "rangeHigh" &&
+          value != null &&
+          value !== ""
+        ) {
           query.range[field].high = value
         }
       } else if (query[operator]) {
@@ -189,14 +256,18 @@ export const buildLuceneQuery = filter => {
           // "equals false" needs to be "not equals true"
           // "not equals false" needs to be "equals true"
           if (operator === "equal" && value === false) {
+            query.notEqual = query.notEqual || {}
             query.notEqual[field] = true
           } else if (operator === "notEqual" && value === false) {
+            query.equal = query.equal || {}
             query.equal[field] = true
           } else {
-            query[operator][field] = value
+            query[operator] = query[operator] || {}
+            query[operator]![field] = value
           }
         } else {
-          query[operator][field] = value
+          query[operator] = query[operator] || {}
+          query[operator]![field] = value
         }
       }
     })
@@ -209,7 +280,7 @@ export const buildLuceneQuery = filter => {
  * @param docs the data
  * @param query the JSON lucene query
  */
-export const runLuceneQuery = (docs, query) => {
+export const runLuceneQuery = (docs: any[], query?: Query) => {
   if (!docs || !Array.isArray(docs)) {
     return []
   }
@@ -221,87 +292,110 @@ export const runLuceneQuery = (docs, query) => {
   query = cleanupQuery(query)
 
   // Iterates over a set of filters and evaluates a fail function against a doc
-  const match = (type, failFn) => doc => {
-    const filters = Object.entries(query[type] || {})
-    for (let i = 0; i < filters.length; i++) {
-      const [key, testValue] = filters[i]
-      const docValue = Helpers.deepGet(doc, removeKeyNumbering(key))
-      if (failFn(docValue, testValue)) {
-        return false
+  const match =
+    (
+      type: QueryFieldsType,
+      failFn: (docValue: any, testValue: any) => boolean
+    ) =>
+    (doc: any) => {
+      const filters = Object.entries(query![type] || {})
+      for (let i = 0; i < filters.length; i++) {
+        const [key, testValue] = filters[i]
+        const docValue = deepGet(doc, removeKeyNumbering(key))
+        if (failFn(docValue, testValue)) {
+          return false
+        }
       }
+      return true
     }
-    return true
-  }
 
   // Process a string match (fails if the value does not start with the string)
-  const stringMatch = match("string", (docValue, testValue) => {
+  const stringMatch = match("string", (docValue: string, testValue: string) => {
     return (
       !docValue || !docValue?.toLowerCase().startsWith(testValue?.toLowerCase())
     )
   })
 
   // Process a fuzzy match (treat the same as starts with when running locally)
-  const fuzzyMatch = match("fuzzy", (docValue, testValue) => {
+  const fuzzyMatch = match("fuzzy", (docValue: string, testValue: string) => {
     return (
       !docValue || !docValue?.toLowerCase().startsWith(testValue?.toLowerCase())
     )
   })
 
   // Process a range match
-  const rangeMatch = match("range", (docValue, testValue) => {
-    return (
-      docValue == null ||
-      docValue === "" ||
-      docValue < testValue.low ||
-      docValue > testValue.high
-    )
-  })
+  const rangeMatch = match(
+    "range",
+    (
+      docValue: string | number | null,
+      testValue: { low: number; high: number }
+    ) => {
+      return (
+        docValue == null ||
+        docValue === "" ||
+        docValue < testValue.low ||
+        docValue > testValue.high
+      )
+    }
+  )
 
   // Process an equal match (fails if the value is different)
-  const equalMatch = match("equal", (docValue, testValue) => {
-    return testValue != null && testValue !== "" && docValue !== testValue
-  })
+  const equalMatch = match(
+    "equal",
+    (docValue: any, testValue: string | null) => {
+      return testValue != null && testValue !== "" && docValue !== testValue
+    }
+  )
 
   // Process a not-equal match (fails if the value is the same)
-  const notEqualMatch = match("notEqual", (docValue, testValue) => {
-    return testValue != null && testValue !== "" && docValue === testValue
-  })
+  const notEqualMatch = match(
+    "notEqual",
+    (docValue: any, testValue: string | null) => {
+      return testValue != null && testValue !== "" && docValue === testValue
+    }
+  )
 
   // Process an empty match (fails if the value is not empty)
-  const emptyMatch = match("empty", docValue => {
+  const emptyMatch = match("empty", (docValue: string | null) => {
     return docValue != null && docValue !== ""
   })
 
   // Process a not-empty match (fails is the value is empty)
-  const notEmptyMatch = match("notEmpty", docValue => {
+  const notEmptyMatch = match("notEmpty", (docValue: string | null) => {
     return docValue == null || docValue === ""
   })
 
   // Process an includes match (fails if the value is not included)
-  const oneOf = match("oneOf", (docValue, testValue) => {
+  const oneOf = match("oneOf", (docValue: any, testValue: any) => {
     if (typeof testValue === "string") {
       testValue = testValue.split(",")
       if (typeof docValue === "number") {
-        testValue = testValue.map(item => parseFloat(item))
+        testValue = testValue.map((item: string) => parseFloat(item))
       }
     }
     return !testValue?.includes(docValue)
   })
 
-  const containsAny = match("containsAny", (docValue, testValue) => {
+  const containsAny = match("containsAny", (docValue: any, testValue: any) => {
     return !docValue?.includes(...testValue)
   })
 
-  const contains = match("contains", (docValue, testValue) => {
-    return !testValue?.every(item => docValue?.includes(item))
-  })
+  const contains = match(
+    "contains",
+    (docValue: string | any[], testValue: any[]) => {
+      return !testValue?.every((item: any) => docValue?.includes(item))
+    }
+  )
 
-  const notContains = match("notContains", (docValue, testValue) => {
-    return testValue?.every(item => docValue?.includes(item))
-  })
+  const notContains = match(
+    "notContains",
+    (docValue: string | any[], testValue: any[]) => {
+      return testValue?.every((item: any) => docValue?.includes(item))
+    }
+  )
 
   // Match a document against all criteria
-  const docMatch = doc => {
+  const docMatch = (doc: any) => {
     return (
       stringMatch(doc) &&
       fuzzyMatch(doc) &&
@@ -329,20 +423,28 @@ export const runLuceneQuery = (docs, query) => {
  * @param sortOrder the sort order ("ascending" or "descending")
  * @param sortType the type of sort ("string" or "number")
  */
-export const luceneSort = (docs, sort, sortOrder, sortType = "string") => {
+export const luceneSort = (
+  docs: any[],
+  sort: string,
+  sortOrder: SortDirection,
+  sortType = SortType.STRING
+) => {
   if (!sort || !sortOrder || !sortType) {
     return docs
   }
-  const parse = sortType === "string" ? x => `${x}` : x => parseFloat(x)
-  return docs.slice().sort((a, b) => {
-    const colA = parse(a[sort])
-    const colB = parse(b[sort])
-    if (sortOrder === "Descending") {
-      return colA > colB ? -1 : 1
-    } else {
-      return colA > colB ? 1 : -1
-    }
-  })
+  const parse =
+    sortType === "string" ? (x: any) => `${x}` : (x: string) => parseFloat(x)
+  return docs
+    .slice()
+    .sort((a: { [x: string]: any }, b: { [x: string]: any }) => {
+      const colA = parse(a[sort])
+      const colB = parse(b[sort])
+      if (sortOrder.toLowerCase() === "descending") {
+        return colA > colB ? -1 : 1
+      } else {
+        return colA > colB ? 1 : -1
+      }
+    })
 }
 
 /**
@@ -351,7 +453,7 @@ export const luceneSort = (docs, sort, sortOrder, sortType = "string") => {
  * @param docs the data
  * @param limit the number of docs to limit to
  */
-export const luceneLimit = (docs, limit) => {
+export const luceneLimit = (docs: any[], limit: string) => {
   const numLimit = parseFloat(limit)
   if (isNaN(numLimit)) {
     return docs
diff --git a/packages/shared-core/src/helpers.ts b/packages/shared-core/src/helpers.ts
new file mode 100644
index 0000000000..8ecfc24b56
--- /dev/null
+++ b/packages/shared-core/src/helpers.ts
@@ -0,0 +1,23 @@
+/**
+ * Gets a key within an object. The key supports dot syntax for retrieving deep
+ * fields - e.g. "a.b.c".
+ * Exact matches of keys with dots in them take precedence over nested keys of
+ * the same path - e.g. getting "a.b" from { "a.b": "foo", a: { b: "bar" } }
+ * will return "foo" over "bar".
+ * @param obj the object
+ * @param key the key
+ * @return {*|null} the value or null if a value was not found for this key
+ */
+export const deepGet = (obj: { [x: string]: any }, key: string) => {
+  if (!obj || !key) {
+    return null
+  }
+  if (Object.prototype.hasOwnProperty.call(obj, key)) {
+    return obj[key]
+  }
+  const split = key.split(".")
+  for (let i = 0; i < split.length; i++) {
+    obj = obj?.[split[i]]
+  }
+  return obj
+}
diff --git a/packages/shared-core/src/index.ts b/packages/shared-core/src/index.ts
new file mode 100644
index 0000000000..21f2f2c639
--- /dev/null
+++ b/packages/shared-core/src/index.ts
@@ -0,0 +1,4 @@
+export * from "./constants"
+export * as dataFilters from "./filters"
+export * as helpers from "./helpers"
+export * as utils from "./utils"
diff --git a/packages/shared-core/src/utils.ts b/packages/shared-core/src/utils.ts
new file mode 100644
index 0000000000..720027d6a7
--- /dev/null
+++ b/packages/shared-core/src/utils.ts
@@ -0,0 +1,6 @@
+export function unreachable(
+  value: never,
+  message = `No such case in exhaustive switch: ${value}`
+) {
+  throw new Error(message)
+}
diff --git a/packages/shared-core/tsconfig-base.build.json b/packages/shared-core/tsconfig-base.build.json
new file mode 100644
index 0000000000..9715eb06cf
--- /dev/null
+++ b/packages/shared-core/tsconfig-base.build.json
@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "moduleResolution": "node",
+    "lib": ["es2020"],
+    "strict": true,
+    "noImplicitAny": true,
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "incremental": true,
+    "sourceMap": true,
+    "declaration": true,
+    "types": ["node"],
+    "outDir": "dist",
+    "skipLibCheck": true
+  },
+  "include": ["**/*.js", "**/*.ts", "package.json"],
+  "exclude": [
+    "node_modules",
+    "dist",
+    "**/*.spec.ts",
+    "**/*.spec.js",
+    "__mocks__"
+  ]
+}
diff --git a/packages/shared-core/tsconfig-cjs.build.json b/packages/shared-core/tsconfig-cjs.build.json
new file mode 100644
index 0000000000..9b479b7b34
--- /dev/null
+++ b/packages/shared-core/tsconfig-cjs.build.json
@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig-base.build.json",
+  "compilerOptions": {
+    "module": "commonjs",
+    "outDir": "dist/cjs",
+    "target": "es2015"
+  }
+}
diff --git a/packages/shared-core/tsconfig.build.json b/packages/shared-core/tsconfig.build.json
new file mode 100644
index 0000000000..4d3c9fc2e0
--- /dev/null
+++ b/packages/shared-core/tsconfig.build.json
@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig-base.build.json",
+  "compilerOptions": {
+    "module": "esnext",
+    "outDir": "dist/mjs",
+    "target": "esnext"
+  }
+}
diff --git a/packages/shared-core/tsconfig.json b/packages/shared-core/tsconfig.json
new file mode 100644
index 0000000000..58c9a25d5e
--- /dev/null
+++ b/packages/shared-core/tsconfig.json
@@ -0,0 +1,11 @@
+{
+  "extends": "./tsconfig.build.json",
+  "compilerOptions": {
+    "composite": true,
+    "baseUrl": ".",
+    "paths": {
+      "@budibase/types": ["../types/src"]
+    }
+  },
+  "references": [{ "path": "../types" }]
+}
diff --git a/packages/shared-core/yarn.lock b/packages/shared-core/yarn.lock
new file mode 100644
index 0000000000..c1578954fc
--- /dev/null
+++ b/packages/shared-core/yarn.lock
@@ -0,0 +1,277 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+"@budibase/types@2.4.5-alpha.0":
+  version "2.4.5-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.4.5-alpha.0.tgz#70fea09b5e471fe8fa6a760a1a2dd0dd74caac3a"
+  integrity sha512-tVFM9XnKwcCOo7nw6v7C8ZsK9hQLQBv3kHDn7/MFWnDMFCj72pUdtP/iFrAKr2c3tE84lkkWJfNHIolMSktHZA==
+
+ansi-regex@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
+
+ansi-styles@^4.0.0, ansi-styles@^4.1.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937"
+  integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
+  dependencies:
+    color-convert "^2.0.1"
+
+balanced-match@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee"
+  integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
+
+brace-expansion@^1.1.7:
+  version "1.1.11"
+  resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
+  integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==
+  dependencies:
+    balanced-match "^1.0.0"
+    concat-map "0.0.1"
+
+chalk@^4.1.0:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
+  integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
+  dependencies:
+    ansi-styles "^4.1.0"
+    supports-color "^7.1.0"
+
+cliui@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa"
+  integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==
+  dependencies:
+    string-width "^4.2.0"
+    strip-ansi "^6.0.1"
+    wrap-ansi "^7.0.0"
+
+color-convert@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
+  integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
+  dependencies:
+    color-name "~1.1.4"
+
+color-name@~1.1.4:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
+  integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
+
+concat-map@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+  integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
+
+concurrently@^7.6.0:
+  version "7.6.0"
+  resolved "https://registry.yarnpkg.com/concurrently/-/concurrently-7.6.0.tgz#531a6f5f30cf616f355a4afb8f8fcb2bba65a49a"
+  integrity sha512-BKtRgvcJGeZ4XttiDiNcFiRlxoAeZOseqUvyYRUp/Vtd+9p1ULmeoSqGsDA+2ivdeDFpqrJvGvmI+StKfKl5hw==
+  dependencies:
+    chalk "^4.1.0"
+    date-fns "^2.29.1"
+    lodash "^4.17.21"
+    rxjs "^7.0.0"
+    shell-quote "^1.7.3"
+    spawn-command "^0.0.2-1"
+    supports-color "^8.1.0"
+    tree-kill "^1.2.2"
+    yargs "^17.3.1"
+
+date-fns@^2.29.1:
+  version "2.29.3"
+  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.29.3.tgz#27402d2fc67eb442b511b70bbdf98e6411cd68a8"
+  integrity sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==
+
+emoji-regex@^8.0.0:
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37"
+  integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==
+
+escalade@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40"
+  integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==
+
+fs.realpath@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
+  integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
+
+get-caller-file@^2.0.5:
+  version "2.0.5"
+  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
+  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
+
+glob@^7.1.3:
+  version "7.2.3"
+  resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b"
+  integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^3.1.1"
+    once "^1.3.0"
+    path-is-absolute "^1.0.0"
+
+has-flag@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
+  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
+
+inflight@^1.0.4:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9"
+  integrity sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==
+  dependencies:
+    once "^1.3.0"
+    wrappy "1"
+
+inherits@2:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
+  integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
+
+is-fullwidth-code-point@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d"
+  integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
+
+lodash@^4.17.21:
+  version "4.17.21"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
+
+minimatch@^3.1.1:
+  version "3.1.2"
+  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
+  integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==
+  dependencies:
+    brace-expansion "^1.1.7"
+
+once@^1.3.0:
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
+  integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==
+  dependencies:
+    wrappy "1"
+
+path-is-absolute@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
+  integrity sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==
+
+require-directory@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"
+  integrity sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==
+
+rimraf@3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a"
+  integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==
+  dependencies:
+    glob "^7.1.3"
+
+rxjs@^7.0.0:
+  version "7.8.0"
+  resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-7.8.0.tgz#90a938862a82888ff4c7359811a595e14e1e09a4"
+  integrity sha512-F2+gxDshqmIub1KdvZkaEfGDwLNpPvk9Fs6LD/MyQxNgMds/WH9OdDDXOmxUZpME+iSK3rQCctkL0DYyytUqMg==
+  dependencies:
+    tslib "^2.1.0"
+
+shell-quote@^1.7.3:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.0.tgz#20d078d0eaf71d54f43bd2ba14a1b5b9bfa5c8ba"
+  integrity sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==
+
+spawn-command@^0.0.2-1:
+  version "0.0.2-1"
+  resolved "https://registry.yarnpkg.com/spawn-command/-/spawn-command-0.0.2-1.tgz#62f5e9466981c1b796dc5929937e11c9c6921bd0"
+  integrity sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg==
+
+string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
+  version "4.2.3"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
+  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
+  dependencies:
+    emoji-regex "^8.0.0"
+    is-fullwidth-code-point "^3.0.0"
+    strip-ansi "^6.0.1"
+
+strip-ansi@^6.0.0, strip-ansi@^6.0.1:
+  version "6.0.1"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
+  integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
+  dependencies:
+    ansi-regex "^5.0.1"
+
+supports-color@^7.1.0:
+  version "7.2.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"
+  integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==
+  dependencies:
+    has-flag "^4.0.0"
+
+supports-color@^8.1.0:
+  version "8.1.1"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c"
+  integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==
+  dependencies:
+    has-flag "^4.0.0"
+
+tree-kill@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/tree-kill/-/tree-kill-1.2.2.tgz#4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc"
+  integrity sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==
+
+tslib@^2.1.0:
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.5.0.tgz#42bfed86f5787aeb41d031866c8f402429e0fddf"
+  integrity sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==
+
+typescript@4.7.3:
+  version "4.7.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.7.3.tgz#8364b502d5257b540f9de4c40be84c98e23a129d"
+  integrity sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==
+
+wrap-ansi@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
+  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
+  dependencies:
+    ansi-styles "^4.0.0"
+    string-width "^4.1.0"
+    strip-ansi "^6.0.0"
+
+wrappy@1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
+  integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
+
+y18n@^5.0.5:
+  version "5.0.8"
+  resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
+  integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
+
+yargs-parser@^21.1.1:
+  version "21.1.1"
+  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35"
+  integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==
+
+yargs@^17.3.1:
+  version "17.7.1"
+  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.1.tgz#34a77645201d1a8fc5213ace787c220eabbd0967"
+  integrity sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==
+  dependencies:
+    cliui "^8.0.1"
+    escalade "^3.1.1"
+    get-caller-file "^2.0.5"
+    require-directory "^2.1.1"
+    string-width "^4.2.3"
+    y18n "^5.0.5"
+    yargs-parser "^21.1.1"
diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json
index 1baef9fcf0..f24feac504 100644
--- a/packages/string-templates/package.json
+++ b/packages/string-templates/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/string-templates",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Handlebars wrapper for Budibase templating.",
   "main": "src/index.cjs",
   "module": "dist/bundle.mjs",
diff --git a/packages/types/package.json b/packages/types/package.json
index e3972ab5ea..fbd23ef21c 100644
--- a/packages/types/package.json
+++ b/packages/types/package.json
@@ -1,15 +1,22 @@
 {
   "name": "@budibase/types",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase types",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "main": "dist/cjs/index.js",
+  "types": "dist/mjs/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/mjs/index.js",
+      "require": "./dist/cjs/index.js"
+    }
+  },
   "author": "Budibase",
   "license": "GPL-3.0",
   "scripts": {
     "prebuild": "rimraf dist/",
-    "build": "tsc -p tsconfig.build.json",
-    "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput"
+    "build": "tsc -p tsconfig.build.json && tsc -p tsconfig-cjs.build.json",
+    "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
+    "dev:builder": "yarn prebuild && concurrently \"tsc -p tsconfig.build.json --watch\" \"tsc -p tsconfig-cjs.build.json --watch\""
   },
   "jest": {},
   "devDependencies": {
@@ -18,6 +25,7 @@
     "@types/koa": "2.13.4",
     "@types/node": "14.18.20",
     "@types/pouchdb": "6.4.0",
+    "concurrently": "^7.6.0",
     "koa-body": "4.2.0",
     "rimraf": "3.0.2",
     "typescript": "4.7.3"
diff --git a/packages/types/src/api/web/auth.ts b/packages/types/src/api/web/auth.ts
index e31a151c48..46b1e8cec9 100644
--- a/packages/types/src/api/web/auth.ts
+++ b/packages/types/src/api/web/auth.ts
@@ -17,6 +17,7 @@ export interface UpdateSelfRequest {
   lastName?: string
   password?: string
   forceResetPassword?: boolean
+  onboardedAt?: string
 }
 
 export interface UpdateSelfResponse {
diff --git a/packages/types/src/api/web/global/auditLogs.ts b/packages/types/src/api/web/global/auditLogs.ts
new file mode 100644
index 0000000000..a890f3a751
--- /dev/null
+++ b/packages/types/src/api/web/global/auditLogs.ts
@@ -0,0 +1,51 @@
+import { Event, AuditedEventFriendlyName } from "../../../sdk"
+import {
+  PaginationResponse,
+  PaginationRequest,
+  BasicPaginationRequest,
+} from "../"
+import { User, App } from "../../../"
+
+export interface AuditLogSearchParams {
+  userIds?: string[]
+  appIds?: string[]
+  events?: Event[]
+  startDate?: string
+  endDate?: string
+  fullSearch?: string
+  bookmark?: string
+}
+
+export interface DownloadAuditLogsRequest extends AuditLogSearchParams {}
+
+export interface SearchAuditLogsRequest
+  extends BasicPaginationRequest,
+    AuditLogSearchParams {}
+
+export enum AuditLogResourceStatus {
+  DELETED = "deleted",
+}
+
+export type DeletedResourceInfo = {
+  _id: string
+  status: AuditLogResourceStatus
+  email?: string
+  name?: string
+}
+
+export interface AuditLogEnriched {
+  app?: App | DeletedResourceInfo
+  user: User | DeletedResourceInfo
+  event: Event
+  timestamp: string
+  name: string
+  metadata: any
+}
+
+export interface SearchAuditLogsResponse extends PaginationResponse {
+  data: AuditLogEnriched[]
+}
+
+export interface DefinitionsAuditLogsResponse {
+  events: Record<string, string>
+}
diff --git a/packages/types/src/api/web/global/configs.ts b/packages/types/src/api/web/global/configs.ts
new file mode 100644
index 0000000000..1476d13cee
--- /dev/null
+++ b/packages/types/src/api/web/global/configs.ts
@@ -0,0 +1,23 @@
+import { SettingsConfig, SettingsInnerConfig } from "../../../documents"
+
+/**
+ * Settings that aren't stored in the database - enriched at runtime.
+ */
+export interface PublicSettingsInnerConfig extends SettingsInnerConfig {
+  google: boolean
+  oidc: boolean
+  oidcCallbackUrl: string
+  googleCallbackUrl: string
+}
+
+export interface GetPublicSettingsResponse extends SettingsConfig {
+  config: PublicSettingsInnerConfig
+}
+
+export interface PublicOIDCConfig {
+  logo?: string
+  name?: string
+  uuid?: string
+}
+
+export type GetPublicOIDCConfigResponse = PublicOIDCConfig[]
diff --git a/packages/types/src/api/web/global/index.ts b/packages/types/src/api/web/global/index.ts
index 415ed55ab1..21a5de3727 100644
--- a/packages/types/src/api/web/global/index.ts
+++ b/packages/types/src/api/web/global/index.ts
@@ -1,2 +1,4 @@
 export * from "./environmentVariables"
+export * from "./auditLogs"
 export * from "./events"
+export * from "./configs"
diff --git a/packages/types/src/api/web/index.ts b/packages/types/src/api/web/index.ts
index 8ed5b0aad4..141119c837 100644
--- a/packages/types/src/api/web/index.ts
+++ b/packages/types/src/api/web/index.ts
@@ -5,3 +5,4 @@ export * from "./errors"
 export * from "./schedule"
 export * from "./app"
 export * from "./global"
+export * from "./pagination"
diff --git a/packages/types/src/api/web/pagination.ts b/packages/types/src/api/web/pagination.ts
new file mode 100644
index 0000000000..ae4c56971a
--- /dev/null
+++ b/packages/types/src/api/web/pagination.ts
@@ -0,0 +1,27 @@
+export enum SortOrder {
+  ASCENDING = "ascending",
+  DESCENDING = "descending",
+}
+
+export enum SortType {
+  STRING = "string",
+  number = "number",
+}
+
+export interface BasicPaginationRequest {
+  bookmark?: string
+}
+
+export interface PaginationRequest extends BasicPaginationRequest {
+  limit?: number
+  sort?: {
+    order: SortOrder
+    column: string
+    type: SortType
+  }
+}
+
+export interface PaginationResponse {
+  bookmark: string
+  hasNextPage: boolean
+}
diff --git a/packages/types/src/api/web/user.ts b/packages/types/src/api/web/user.ts
index a435808f7e..63d6be6fa0 100644
--- a/packages/types/src/api/web/user.ts
+++ b/packages/types/src/api/web/user.ts
@@ -16,6 +16,7 @@ export interface BulkUserRequest {
     userIds: string[]
   }
   create?: {
+    roles?: any[]
     users: User[]
     groups: any[]
   }
@@ -49,7 +50,7 @@ export interface SearchUsersRequest {
   page?: string
   email?: string
   appId?: string
-  userIds?: string[]
+  paginated?: boolean
 }
 
 export interface CreateAdminUserRequest {
diff --git a/packages/types/src/documents/global/auditLogs.ts b/packages/types/src/documents/global/auditLogs.ts
new file mode 100644
index 0000000000..091c7b8418
--- /dev/null
+++ b/packages/types/src/documents/global/auditLogs.ts
@@ -0,0 +1,19 @@
+import { Document } from "../document"
+import { Event } from "../../sdk"
+
+export const AuditLogSystemUser = "SYSTEM"
+
+export type FallbackInfo = {
+  appName?: string
+  email?: string
+}
+
+export interface AuditLogDoc extends Document {
+  appId?: string
+  event: Event
+  userId: string
+  timestamp: string
+  metadata: any
+  name: string
+  fallback?: FallbackInfo
+}
diff --git a/packages/types/src/documents/global/config.ts b/packages/types/src/documents/global/config.ts
index 99dec534b6..6e86ed2674 100644
--- a/packages/types/src/documents/global/config.ts
+++ b/packages/types/src/documents/global/config.ts
@@ -5,32 +5,48 @@ export interface Config extends Document {
   config: any
 }
 
-export interface SMTPConfig extends Config {
-  config: {
-    port: number
-    host: string
-    from: string
-    subject: string
-    secure: boolean
+export interface SMTPInnerConfig {
+  port: number
+  host: string
+  from: string
+  subject?: string
+  secure: boolean
+  auth?: {
+    user: string
+    pass: string
   }
+  connectionTimeout?: any
+}
+
+export interface SMTPConfig extends Config {
+  config: SMTPInnerConfig
+}
+
+export interface SettingsInnerConfig {
+  platformUrl?: string
+  company?: string
+  logoUrl?: string // Populated on read
+  logoUrlEtag?: string
+  uniqueTenantId?: string
+  analyticsEnabled?: boolean
+  isSSOEnforced?: boolean
 }
 
 export interface SettingsConfig extends Config {
-  config: {
-    company: string
-    // Populated on read
-    logoUrl?: string
-    logoUrlEtag?: boolean
-    platformUrl: string
-    uniqueTenantId?: string
-    analyticsEnabled?: boolean
-  }
+  config: SettingsInnerConfig
 }
 
+export type SSOConfigType = ConfigType.GOOGLE | ConfigType.OIDC
+export type SSOConfig = GoogleInnerConfig | OIDCInnerConfig
+
 export interface GoogleInnerConfig {
   clientID: string
   clientSecret: string
   activated: boolean
+  /**
+   * @deprecated read only
+   */
+  callbackURL?: string
 }
 
 export interface GoogleConfig extends Config {
@@ -47,6 +63,10 @@ export interface OIDCStrategyConfiguration {
   callbackURL: string
 }
 
+export interface OIDCConfigs {
+  configs: OIDCInnerConfig[]
+}
+
 export interface OIDCInnerConfig {
   configUrl: string
   clientID: string
@@ -55,12 +75,11 @@ export interface OIDCInnerConfig {
   name: string
   uuid: string
   activated: boolean
+  scopes: string[]
 }
 
 export interface OIDCConfig extends Config {
-  config: {
-    configs: OIDCInnerConfig[]
-  }
+  config: OIDCConfigs
 }
 
 export interface OIDCWellKnownConfig {
diff --git a/packages/types/src/documents/global/index.ts b/packages/types/src/documents/global/index.ts
index 11ce7513f2..b728439dd6 100644
--- a/packages/types/src/documents/global/index.ts
+++ b/packages/types/src/documents/global/index.ts
@@ -6,3 +6,4 @@ export * from "./quotas"
 export * from "./schedule"
 export * from "./templates"
 export * from "./environmentVariables"
+export * from "./auditLogs"
diff --git a/packages/types/src/documents/global/user.ts b/packages/types/src/documents/global/user.ts
index 2ef13a7412..af48dbb758 100644
--- a/packages/types/src/documents/global/user.ts
+++ b/packages/types/src/documents/global/user.ts
@@ -48,13 +48,18 @@ export interface User extends Document {
     global: boolean
   }
   password?: string
-  status?: string
+  status?: UserStatus
   createdAt?: number // override the default createdAt behaviour - users sdk historically set this to Date.now()
   dayPassRecordedAt?: string
   userGroups?: string[]
   onboardedAt?: string
 }
 
+export enum UserStatus {
+  ACTIVE = "active",
+  INACTIVE = "inactive",
+}
+
 export interface UserRoles {
   [key: string]: string
 }
diff --git a/packages/types/src/sdk/auditLogs.ts b/packages/types/src/sdk/auditLogs.ts
new file mode 100644
index 0000000000..cf12a79688
--- /dev/null
+++ b/packages/types/src/sdk/auditLogs.ts
@@ -0,0 +1,22 @@
+import { Event, HostInfo } from "./events"
+import { AuditLogDoc } from "../documents"
+
+export type AuditWriteOpts = {
+  appId?: string
+  timestamp?: string | number
+  userId?: string
+  hostInfo?: HostInfo
+}
+
+export type AuditLogFn = (
+  event: Event,
+  metadata: any,
+  opts: AuditWriteOpts
+) => Promise<AuditLogDoc | undefined>
+
+export type AuditLogQueueEvent = {
+  event: Event
+  properties: any
+  opts: AuditWriteOpts
+  tenantId: string
+}
diff --git a/packages/types/src/sdk/cli/constants.ts b/packages/types/src/sdk/cli/constants.ts
new file mode 100644
index 0000000000..17d570b8be
--- /dev/null
+++ b/packages/types/src/sdk/cli/constants.ts
@@ -0,0 +1,21 @@
+import { Event } from "../events"
+
+export enum CommandWord {
+  BACKUPS = "backups",
+  HOSTING = "hosting",
+  ANALYTICS = "analytics",
+  HELP = "help",
+  PLUGIN = "plugins",
+}
+
+export enum InitType {
+  QUICK = "quick",
+  DIGITAL_OCEAN = "do",
+}
+
+export const AnalyticsEvent = {
+  OptOut: "analytics:opt:out",
+  OptIn: "analytics:opt:in",
+  SelfHostInit: "hosting:init",
+  PluginInit: Event.PLUGIN_INIT,
+}
diff --git a/packages/types/src/sdk/cli/index.ts b/packages/types/src/sdk/cli/index.ts
new file mode 100644
index 0000000000..23fdb69814
--- /dev/null
+++ b/packages/types/src/sdk/cli/index.ts
@@ -0,0 +1 @@
+export * from "./constants"
diff --git a/packages/types/src/sdk/context.ts b/packages/types/src/sdk/context.ts
index b3403df8af..c8345de196 100644
--- a/packages/types/src/sdk/context.ts
+++ b/packages/types/src/sdk/context.ts
@@ -1,5 +1,5 @@
 import { User, Account } from "../documents"
-import { IdentityType } from "./events"
+import { IdentityType, HostInfo } from "./events"
 
 export interface BaseContext {
   _id: string
@@ -16,6 +16,7 @@ export interface UserContext extends BaseContext, User {
   _id: string
   tenantId: string
   account?: Account
+  hostInfo: HostInfo
 }
 
 export type IdentityContext = BaseContext | AccountUserContext | UserContext
diff --git a/packages/types/src/sdk/db.ts b/packages/types/src/sdk/db.ts
index 35d198ccb2..6e213b5831 100644
--- a/packages/types/src/sdk/db.ts
+++ b/packages/types/src/sdk/db.ts
@@ -1,5 +1,11 @@
 import Nano from "@budibase/nano"
 import { AllDocsResponse, AnyDocument, Document } from "../"
+import { Writable } from "stream"
+
+export enum SearchIndex {
+  ROWS = "rows",
+  AUDIT = "audit",
+}
 
 export type PouchOptions = {
   inMemory?: boolean
@@ -63,6 +69,18 @@ export const isDocument = (doc: any): doc is Document => {
   return typeof doc === "object" && doc._id && doc._rev
 }
 
+export interface DatabaseDumpOpts {
+  filter?: (doc: AnyDocument) => boolean
+  batch_size?: number
+  batch_limit?: number
+  style?: "main_only" | "all_docs"
+  timeout?: number
+  doc_ids?: string[]
+  query_params?: any
+  view?: string
+  selector?: any
+}
+
 export interface Database {
   name: string
 
@@ -87,7 +105,7 @@ export interface Database {
   compact(): Promise<Nano.OkResponse | void>
   // these are all PouchDB related functions that are rarely used - in future
   // should be replaced by better typed/non-pouch implemented methods
-  dump(...args: any[]): Promise<any>
+  dump(stream: Writable, opts?: DatabaseDumpOpts): Promise<any>
   load(...args: any[]): Promise<any>
   createIndex(...args: any[]): Promise<any>
   deleteIndex(...args: any[]): Promise<any>
diff --git a/packages/types/src/sdk/events/app.ts b/packages/types/src/sdk/events/app.ts
index 73d491070f..602dd8b6a5 100644
--- a/packages/types/src/sdk/events/app.ts
+++ b/packages/types/src/sdk/events/app.ts
@@ -3,50 +3,83 @@ import { BaseEvent } from "./event"
 export interface AppCreatedEvent extends BaseEvent {
   appId: string
   version: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppUpdatedEvent extends BaseEvent {
   appId: string
   version: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppDeletedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppPublishedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppUnpublishedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppFileImportedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppTemplateImportedEvent extends BaseEvent {
   appId: string
   templateKey: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppVersionUpdatedEvent extends BaseEvent {
   appId: string
   currentVersion: string
   updatedToVersion: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppVersionRevertedEvent extends BaseEvent {
   appId: string
   currentVersion: string
   revertedToVersion: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppRevertedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppExportedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/auditLog.ts b/packages/types/src/sdk/events/auditLog.ts
new file mode 100644
index 0000000000..5f3edfb826
--- /dev/null
+++ b/packages/types/src/sdk/events/auditLog.ts
@@ -0,0 +1,10 @@
+import { BaseEvent } from "./event"
+import { AuditLogSearchParams } from "../../api"
+
+export interface AuditLogFilteredEvent extends BaseEvent {
+  filters: AuditLogSearchParams
+}
+
+export interface AuditLogDownloadedEvent extends BaseEvent {
+  filters: AuditLogSearchParams
+}
diff --git a/packages/types/src/sdk/events/auth.ts b/packages/types/src/sdk/events/auth.ts
index eb9f3148a3..c7171d923d 100644
--- a/packages/types/src/sdk/events/auth.ts
+++ b/packages/types/src/sdk/events/auth.ts
@@ -7,10 +7,16 @@ export type SSOType = ConfigType.OIDC | ConfigType.GOOGLE
 export interface LoginEvent extends BaseEvent {
   userId: string
   source: LoginSource
+  audited: {
+    email: string
+  }
 }
 
 export interface LogoutEvent extends BaseEvent {
   userId: string
+  audited: {
+    email?: string
+  }
 }
 
 export interface SSOCreatedEvent extends BaseEvent {
diff --git a/packages/types/src/sdk/events/automation.ts b/packages/types/src/sdk/events/automation.ts
index beabdbb9eb..a3f4d15186 100644
--- a/packages/types/src/sdk/events/automation.ts
+++ b/packages/types/src/sdk/events/automation.ts
@@ -5,6 +5,9 @@ export interface AutomationCreatedEvent extends BaseEvent {
   automationId: string
   triggerId: string
   triggerType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationTriggerUpdatedEvent extends BaseEvent {
@@ -19,6 +22,9 @@ export interface AutomationDeletedEvent extends BaseEvent {
   automationId: string
   triggerId: string
   triggerType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationTestedEvent extends BaseEvent {
@@ -35,6 +41,9 @@ export interface AutomationStepCreatedEvent extends BaseEvent {
   triggerType: string
   stepId: string
   stepType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationStepDeletedEvent extends BaseEvent {
@@ -44,6 +53,9 @@ export interface AutomationStepDeletedEvent extends BaseEvent {
   triggerType: string
   stepId: string
   stepType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationsRunEvent extends BaseEvent {
diff --git a/packages/types/src/sdk/events/backup.ts b/packages/types/src/sdk/events/backup.ts
index 1dddc109cc..23863cf8ac 100644
--- a/packages/types/src/sdk/events/backup.ts
+++ b/packages/types/src/sdk/events/backup.ts
@@ -5,6 +5,7 @@ export interface AppBackupRestoreEvent extends BaseEvent {
   appId: string
   restoreId: string
   backupCreatedAt: string
+  name: string
 }
 
 export interface AppBackupTriggeredEvent extends BaseEvent {
@@ -12,4 +13,5 @@ export interface AppBackupTriggeredEvent extends BaseEvent {
   appId: string
   trigger: AppBackupTrigger
   type: AppBackupType
+  name: string
 }
diff --git a/packages/types/src/sdk/events/event.ts b/packages/types/src/sdk/events/event.ts
index f509682add..3d0d3122b5 100644
--- a/packages/types/src/sdk/events/event.ts
+++ b/packages/types/src/sdk/events/event.ts
@@ -180,6 +180,190 @@ export enum Event {
   ENVIRONMENT_VARIABLE_CREATED = "environment_variable:created",
   ENVIRONMENT_VARIABLE_DELETED = "environment_variable:deleted",
   ENVIRONMENT_VARIABLE_UPGRADE_PANEL_OPENED = "environment_variable:upgrade_panel_opened",
+
+  // AUDIT LOG
+  AUDIT_LOGS_FILTERED = "audit_log:filtered",
+  AUDIT_LOGS_DOWNLOADED = "audit_log:downloaded",
+}
+
+// all events that are not audited have been added to this record as undefined, this means
+// that Typescript can protect us against new events being added and auditing of those
+// events not being considered. This might be a little ugly, but provides a level of
+// Typescript build protection for the audit log feature, any new event also needs to be
+// added to this map, during which the developer will need to consider if it should be
+// a user facing event or not.
+export const AuditedEventFriendlyName: Record<Event, string | undefined> = {
+  // USER
+  [Event.USER_CREATED]: `User "{{ email }}" created`,
+  [Event.USER_UPDATED]: `User "{{ email }}" updated`,
+  [Event.USER_DELETED]: `User "{{ email }}" deleted`,
+  [Event.USER_PERMISSION_ADMIN_ASSIGNED]: `User "{{ email }}" admin role assigned`,
+  [Event.USER_PERMISSION_ADMIN_REMOVED]: `User "{{ email }}" admin role removed`,
+  [Event.USER_PERMISSION_BUILDER_ASSIGNED]: `User "{{ email }}" builder role assigned`,
+  [Event.USER_PERMISSION_BUILDER_REMOVED]: `User "{{ email }}" builder role removed`,
+  [Event.USER_INVITED]: `User "{{ email }}" invited`,
+  [Event.USER_INVITED_ACCEPTED]: `User "{{ email }}" accepted invite`,
+  [Event.USER_PASSWORD_UPDATED]: `User "{{ email }}" password updated`,
+  [Event.USER_PASSWORD_RESET_REQUESTED]: `User "{{ email }}" password reset requested`,
+  [Event.USER_PASSWORD_RESET]: `User "{{ email }}" password reset`,
+  [Event.USER_GROUP_CREATED]: `User group "{{ name }}" created`,
+  [Event.USER_GROUP_UPDATED]: `User group "{{ name }}" updated`,
+  [Event.USER_GROUP_DELETED]: `User group "{{ name }}" deleted`,
+  [Event.USER_GROUP_USERS_ADDED]: `User group "{{ name }}" {{ count }} users added`,
+  [Event.USER_GROUP_USERS_REMOVED]: `User group "{{ name }}" {{ count }} users removed`,
+  [Event.USER_GROUP_PERMISSIONS_EDITED]: `User group "{{ name }}" permissions edited`,
+  [Event.USER_PASSWORD_FORCE_RESET]: undefined,
+  [Event.USER_GROUP_ONBOARDING]: undefined,
+  [Event.USER_ONBOARDING_COMPLETE]: undefined,
+
+  // EMAIL
+  [Event.EMAIL_SMTP_CREATED]: `Email configuration created`,
+  [Event.EMAIL_SMTP_UPDATED]: `Email configuration updated`,
+
+  // AUTH
+  [Event.AUTH_SSO_CREATED]: `SSO configuration created`,
+  [Event.AUTH_SSO_UPDATED]: `SSO configuration updated`,
+  [Event.AUTH_SSO_ACTIVATED]: `SSO configuration activated`,
+  [Event.AUTH_SSO_DEACTIVATED]: `SSO configuration deactivated`,
+  [Event.AUTH_LOGIN]: `User "{{ email }}" logged in`,
+  [Event.AUTH_LOGOUT]: `User "{{ email }}" logged out`,
+
+  // ORG
+  [Event.ORG_NAME_UPDATED]: `Organisation name updated`,
+  [Event.ORG_LOGO_UPDATED]: `Organisation logo updated`,
+  [Event.ORG_PLATFORM_URL_UPDATED]: `Organisation platform URL updated`,
+
+  // APP
+  [Event.APP_CREATED]: `App "{{ name }}" created`,
+  [Event.APP_UPDATED]: `App "{{ name }}" updated`,
+  [Event.APP_DELETED]: `App "{{ name }}" deleted`,
+  [Event.APP_PUBLISHED]: `App "{{ name }}" published`,
+  [Event.APP_UNPUBLISHED]: `App "{{ name }}" unpublished`,
+  [Event.APP_TEMPLATE_IMPORTED]: `App "{{ name }}" template imported`,
+  [Event.APP_FILE_IMPORTED]: `App "{{ name }}" file imported`,
+  [Event.APP_VERSION_UPDATED]: `App "{{ name }}" version updated`,
+  [Event.APP_VERSION_REVERTED]: `App "{{ name }}" version reverted`,
+  [Event.APP_REVERTED]: `App "{{ name }}" reverted`,
+  [Event.APP_EXPORTED]: `App "{{ name }}" exported`,
+  [Event.APP_BACKUP_RESTORED]: `App backup "{{ name }}" restored`,
+  [Event.APP_BACKUP_TRIGGERED]: `App backup "{{ name }}" triggered`,
+
+  // DATASOURCE
+  [Event.DATASOURCE_CREATED]: `Datasource created`,
+  [Event.DATASOURCE_UPDATED]: `Datasource updated`,
+  [Event.DATASOURCE_DELETED]: `Datasource deleted`,
+
+  // QUERY
+  [Event.QUERY_CREATED]: `Query created`,
+  [Event.QUERY_UPDATED]: `Query updated`,
+  [Event.QUERY_DELETED]: `Query deleted`,
+  [Event.QUERY_IMPORT]: `Query import`,
+  [Event.QUERIES_RUN]: undefined,
+  [Event.QUERY_PREVIEWED]: undefined,
+
+  // TABLE
+  [Event.TABLE_CREATED]: `Table "{{ name }}" created`,
+  [Event.TABLE_UPDATED]: `Table "{{ name }}" updated`,
+  [Event.TABLE_DELETED]: `Table "{{ name }}" deleted`,
+  [Event.TABLE_EXPORTED]: `Table "{{ name }}" exported`,
+  [Event.TABLE_IMPORTED]: `Table "{{ name }}" imported`,
+  [Event.TABLE_DATA_IMPORTED]: `Data imported to table`,
+
+  // ROWS
+  [Event.ROWS_CREATED]: `Rows created`,
+  [Event.ROWS_IMPORTED]: `Rows imported`,
+
+  // AUTOMATION
+  [Event.AUTOMATION_CREATED]: `Automation "{{ name }}" created`,
+  [Event.AUTOMATION_DELETED]: `Automation "{{ name }}" deleted`,
+  [Event.AUTOMATION_STEP_CREATED]: `Automation "{{ name }}" step added`,
+  [Event.AUTOMATION_STEP_DELETED]: `Automation "{{ name }}" step removed`,
+  [Event.AUTOMATION_TESTED]: undefined,
+  [Event.AUTOMATIONS_RUN]: undefined,
+  [Event.AUTOMATION_TRIGGER_UPDATED]: undefined,
+
+  // SCREEN
+  [Event.SCREEN_CREATED]: `Screen "{{ name }}" created`,
+  [Event.SCREEN_DELETED]: `Screen "{{ name }}" deleted`,
+
+  // COMPONENT
+  [Event.COMPONENT_CREATED]: `Component created`,
+  [Event.COMPONENT_DELETED]: `Component deleted`,
+
+  // ENVIRONMENT VARIABLE
+  [Event.ENVIRONMENT_VARIABLE_CREATED]: `Environment variable created`,
+  [Event.ENVIRONMENT_VARIABLE_DELETED]: `Environment variable deleted`,
+  [Event.ENVIRONMENT_VARIABLE_UPGRADE_PANEL_OPENED]: undefined,
+
+  // PLUGIN
+  [Event.PLUGIN_IMPORTED]: `Plugin imported`,
+  [Event.PLUGIN_DELETED]: `Plugin deleted`,
+  [Event.PLUGIN_INIT]: undefined,
+
+  // ROLE - NOT AUDITED
+  [Event.ROLE_CREATED]: undefined,
+  [Event.ROLE_UPDATED]: undefined,
+  [Event.ROLE_DELETED]: undefined,
+  [Event.ROLE_ASSIGNED]: undefined,
+  [Event.ROLE_UNASSIGNED]: undefined,
+
+  // LICENSE - NOT AUDITED
+  [Event.LICENSE_PLAN_CHANGED]: undefined,
+  [Event.LICENSE_TIER_CHANGED]: undefined,
+  [Event.LICENSE_ACTIVATED]: undefined,
+  [Event.LICENSE_PAYMENT_FAILED]: undefined,
+  [Event.LICENSE_PAYMENT_RECOVERED]: undefined,
+  [Event.LICENSE_CHECKOUT_OPENED]: undefined,
+  [Event.LICENSE_CHECKOUT_SUCCESS]: undefined,
+  [Event.LICENSE_PORTAL_OPENED]: undefined,
+
+  // ACCOUNT - NOT AUDITED
+  [Event.ACCOUNT_CREATED]: undefined,
+  [Event.ACCOUNT_DELETED]: undefined,
+  [Event.ACCOUNT_VERIFIED]: undefined,
+
+  // BACKFILL - NOT AUDITED
+  [Event.APP_BACKFILL_SUCCEEDED]: undefined,
+  [Event.APP_BACKFILL_FAILED]: undefined,
+  [Event.TENANT_BACKFILL_SUCCEEDED]: undefined,
+  [Event.TENANT_BACKFILL_FAILED]: undefined,
+  [Event.INSTALLATION_BACKFILL_SUCCEEDED]: undefined,
+  [Event.INSTALLATION_BACKFILL_FAILED]: undefined,
+
+  // LAYOUT - NOT AUDITED
+  [Event.LAYOUT_CREATED]: undefined,
+  [Event.LAYOUT_DELETED]: undefined,
+
+  // VIEW - NOT AUDITED
+  [Event.VIEW_CREATED]: undefined,
+  [Event.VIEW_UPDATED]: undefined,
+  [Event.VIEW_DELETED]: undefined,
+  [Event.VIEW_EXPORTED]: undefined,
+  [Event.VIEW_FILTER_CREATED]: undefined,
+  [Event.VIEW_FILTER_UPDATED]: undefined,
+  [Event.VIEW_FILTER_DELETED]: undefined,
+  [Event.VIEW_CALCULATION_CREATED]: undefined,
+  [Event.VIEW_CALCULATION_UPDATED]: undefined,
+  [Event.VIEW_CALCULATION_DELETED]: undefined,
+
+  // SERVED - NOT AUDITED
+  [Event.SERVED_BUILDER]: undefined,
+  [Event.SERVED_APP]: undefined,
+  [Event.SERVED_APP_PREVIEW]: undefined,
+
+  // ANALYTICS - NOT AUDITED
+  [Event.ANALYTICS_OPT_OUT]: undefined,
+  [Event.ANALYTICS_OPT_IN]: undefined,
+
+  // INSTALLATION - NOT AUDITED
+  [Event.INSTALLATION_VERSION_CHECKED]: undefined,
+  [Event.INSTALLATION_VERSION_UPGRADED]: undefined,
+  [Event.INSTALLATION_VERSION_DOWNGRADED]: undefined,
+  [Event.INSTALLATION_FIRST_STARTUP]: undefined,
+
+  // AUDIT LOG - NOT AUDITED
+  [Event.AUDIT_LOGS_FILTERED]: undefined,
+  [Event.AUDIT_LOGS_DOWNLOADED]: undefined,
 }
 
 // properties added at the final stage of the event pipeline
@@ -191,6 +375,11 @@ export interface BaseEvent {
   installationId?: string
   tenantId?: string
   hosting?: Hosting
+  // any props in the audited section will be removed before passing events
+  // up out of system (purely for use with auditing)
+  audited?: {
+    [key: string]: any
+  }
 }
 
 export type TableExportFormat = "json" | "csv"
diff --git a/packages/types/src/sdk/events/identification.ts b/packages/types/src/sdk/events/identification.ts
index 3f4e7ec9d4..627254882e 100644
--- a/packages/types/src/sdk/events/identification.ts
+++ b/packages/types/src/sdk/events/identification.ts
@@ -34,6 +34,11 @@ export enum IdentityType {
   INSTALLATION = "installation",
 }
 
+export interface HostInfo {
+  ipAddress?: string
+  userAgent?: string
+}
+
 export interface Identity {
   id: string
   type: IdentityType
@@ -41,6 +46,7 @@ export interface Identity {
   environment: string
   installationId?: string
   tenantId?: string
+  hostInfo?: HostInfo
 }
 
 export interface UserIdentity extends Identity {
diff --git a/packages/types/src/sdk/events/index.ts b/packages/types/src/sdk/events/index.ts
index 009d9beac4..745f84d2a3 100644
--- a/packages/types/src/sdk/events/index.ts
+++ b/packages/types/src/sdk/events/index.ts
@@ -22,3 +22,4 @@ export * from "./userGroup"
 export * from "./plugin"
 export * from "./backup"
 export * from "./environmentVariable"
+export * from "./auditLog"
diff --git a/packages/types/src/sdk/events/screen.ts b/packages/types/src/sdk/events/screen.ts
index 23c468b7ad..e6b1d4d360 100644
--- a/packages/types/src/sdk/events/screen.ts
+++ b/packages/types/src/sdk/events/screen.ts
@@ -4,10 +4,16 @@ export interface ScreenCreatedEvent extends BaseEvent {
   screenId: string
   layoutId?: string
   roleId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface ScreenDeletedEvent extends BaseEvent {
   screenId: string
   layoutId?: string
   roleId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/table.ts b/packages/types/src/sdk/events/table.ts
index da3c7edf47..8df2a95796 100644
--- a/packages/types/src/sdk/events/table.ts
+++ b/packages/types/src/sdk/events/table.ts
@@ -2,21 +2,36 @@ import { BaseEvent, TableExportFormat } from "./event"
 
 export interface TableCreatedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableUpdatedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableDeletedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableExportedEvent extends BaseEvent {
   tableId: string
   format: TableExportFormat
+  audited: {
+    name: string
+  }
 }
 
 export interface TableImportedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/user.ts b/packages/types/src/sdk/events/user.ts
index 3f8f72801c..ab4b4d9724 100644
--- a/packages/types/src/sdk/events/user.ts
+++ b/packages/types/src/sdk/events/user.ts
@@ -2,47 +2,84 @@ import { BaseEvent } from "./event"
 
 export interface UserCreatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserUpdatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserDeletedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserOnboardingEvent extends BaseEvent {
   userId: string
   step?: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPermissionAssignedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPermissionRemovedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
-export interface UserInvitedEvent extends BaseEvent {}
+export interface UserInvitedEvent extends BaseEvent {
+  audited: {
+    email: string
+  }
+}
 
 export interface UserInviteAcceptedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordForceResetEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordUpdatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordResetRequestedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordResetEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
diff --git a/packages/types/src/sdk/events/userGroup.ts b/packages/types/src/sdk/events/userGroup.ts
index 2ce642e274..d82ab70b4c 100644
--- a/packages/types/src/sdk/events/userGroup.ts
+++ b/packages/types/src/sdk/events/userGroup.ts
@@ -2,27 +2,50 @@ import { BaseEvent } from "./event"
 
 export interface GroupCreatedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUpdatedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupDeletedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUsersAddedEvent extends BaseEvent {
   count: number
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUsersDeletedEvent extends BaseEvent {
   count: number
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupAddedOnboardingEvent extends BaseEvent {
   groupId: string
   onboarding: boolean
 }
+
+export interface GroupPermissionsEditedEvent extends BaseEvent {
+  permissions: Record<string, string>
+  groupId: string
+  audited: {
+    name: string
+  }
+}
diff --git a/packages/types/src/sdk/index.ts b/packages/types/src/sdk/index.ts
index be12d45527..8fc5fb287e 100644
--- a/packages/types/src/sdk/index.ts
+++ b/packages/types/src/sdk/index.ts
@@ -12,5 +12,7 @@ export * from "./db"
 export * from "./middleware"
 export * from "./featureFlag"
 export * from "./environmentVariables"
+export * from "./auditLogs"
 export * from "./sso"
 export * from "./user"
+export * from "./cli"
diff --git a/packages/types/src/sdk/licensing/feature.ts b/packages/types/src/sdk/licensing/feature.ts
index a39bcab18b..9f6090623b 100644
--- a/packages/types/src/sdk/licensing/feature.ts
+++ b/packages/types/src/sdk/licensing/feature.ts
@@ -2,4 +2,6 @@ export enum Feature {
   USER_GROUPS = "userGroups",
   APP_BACKUPS = "appBackups",
   ENVIRONMENT_VARIABLES = "environmentVariables",
+  AUDIT_LOGS = "auditLogs",
+  ENFORCEABLE_SSO = "enforceableSSO",
 }
diff --git a/packages/types/src/sdk/locks.ts b/packages/types/src/sdk/locks.ts
index d868691891..3f6f03b811 100644
--- a/packages/types/src/sdk/locks.ts
+++ b/packages/types/src/sdk/locks.ts
@@ -13,6 +13,7 @@ export enum LockName {
   TRIGGER_QUOTA = "trigger_quota",
   SYNC_ACCOUNT_LICENSE = "sync_account_license",
   UPDATE_TENANTS_DOC = "update_tenants_doc",
+  PERSIST_WRITETHROUGH = "persist_writethrough",
 }
 
 export interface LockOptions {
@@ -29,9 +30,9 @@ export interface LockOptions {
    */
   ttl: number
   /**
-   * The suffix to add to the lock name for additional uniqueness
+   * The individual resource to lock. This is useful for locking around very specific identifiers, e.g. a document that is prone to conflicts
    */
-  nameSuffix?: string
+  resource?: string
   /**
    * This is a system-wide lock - don't use tenancy in lock key
    */
diff --git a/packages/types/src/sdk/search.ts b/packages/types/src/sdk/search.ts
index d5ea664c6b..d4c5135038 100644
--- a/packages/types/src/sdk/search.ts
+++ b/packages/types/src/sdk/search.ts
@@ -1,5 +1,6 @@
 import { Operation, SortDirection } from "./datasources"
 import { Row, Table } from "../documents"
+import { SortType } from "../api"
 
 export interface SearchFilters {
   allOr?: boolean
@@ -42,7 +43,10 @@ export interface SearchFilters {
 }
 
 export interface SortJson {
-  [key: string]: SortDirection
+  [key: string]: {
+    direction: SortDirection
+    type?: SortType
+  }
 }
 
 export interface PaginationJson {
diff --git a/packages/types/src/sdk/user.ts b/packages/types/src/sdk/user.ts
index 1602eeb6c8..2b970da1a9 100644
--- a/packages/types/src/sdk/user.ts
+++ b/packages/types/src/sdk/user.ts
@@ -1,10 +1,3 @@
-export interface UpdateSelf {
-  firstName?: string
-  lastName?: string
-  password?: string
-  forceResetPassword?: boolean
-}
-
 export interface SaveUserOpts {
   hashPassword?: boolean
   requirePassword?: boolean
diff --git a/packages/types/tsconfig-base.build.json b/packages/types/tsconfig-base.build.json
new file mode 100644
index 0000000000..a955d2a179
--- /dev/null
+++ b/packages/types/tsconfig-base.build.json
@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "lib": ["es2020"],
+    "strict": true,
+    "noImplicitAny": true,
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "incremental": true,
+    "sourceMap": true,
+    "declaration": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist", "**/*.spec.ts", "**/*.spec.js"]
+}
diff --git a/packages/types/tsconfig-cjs.build.json b/packages/types/tsconfig-cjs.build.json
new file mode 100644
index 0000000000..9b479b7b34
--- /dev/null
+++ b/packages/types/tsconfig-cjs.build.json
@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig-base.build.json",
+  "compilerOptions": {
+    "module": "commonjs",
+    "outDir": "dist/cjs",
+    "target": "es2015"
+  }
+}
diff --git a/packages/types/tsconfig.build.json b/packages/types/tsconfig.build.json
index 86f128c056..9643676b52 100644
--- a/packages/types/tsconfig.build.json
+++ b/packages/types/tsconfig.build.json
@@ -1,24 +1,8 @@
 {
+  "extends": "./tsconfig-base.build.json",
   "compilerOptions": {
     "target": "es6",
-    "module": "commonjs",
-    "lib": ["es2020"],
-    "strict": true,
-    "noImplicitAny": true,
-    "esModuleInterop": true,
-    "resolveJsonModule": true,
-    "incremental": true,
-    "sourceMap": true,
-    "declaration": true,
-    "outDir": "dist"
-  },
-  "include": [
-    "src/**/*"
-  ],
-  "exclude": [
-    "node_modules",
-    "dist",
-    "**/*.spec.ts",
-    "**/*.spec.js"
-  ]
-}
\ No newline at end of file
+    "moduleResolution": "node",
+    "outDir": "dist/mjs"
+  }
+}
diff --git a/packages/types/yarn.lock b/packages/types/yarn.lock
index 4b45eb90ed..64aaf584a4 100644
--- a/packages/types/yarn.lock
+++ b/packages/types/yarn.lock
@@ -337,6 +337,18 @@ agent-base@^6.0.2:
   dependencies:
     debug "4"
 
+ansi-regex@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
+
+ansi-styles@^4.0.0, ansi-styles@^4.1.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937"
+  integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
+  dependencies:
+    color-convert "^2.0.1"
+
 asynckit@^0.4.0:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
@@ -377,6 +389,23 @@ call-bind@^1.0.0:
     function-bind "^1.1.1"
     get-intrinsic "^1.0.2"
 
+chalk@^4.1.0:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01"
+  integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==
+  dependencies:
+    ansi-styles "^4.1.0"
+    supports-color "^7.1.0"
+
+cliui@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa"
+  integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==
+  dependencies:
+    string-width "^4.2.0"
+    strip-ansi "^6.0.1"
+    wrap-ansi "^7.0.0"
+
 co-body@^5.1.1:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/co-body/-/co-body-5.2.0.tgz#5a0a658c46029131e0e3a306f67647302f71c124"
@@ -387,6 +416,18 @@ co-body@^5.1.1:
     raw-body "^2.2.0"
     type-is "^1.6.14"
 
+color-convert@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
+  integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
+  dependencies:
+    color-name "~1.1.4"
+
+color-name@~1.1.4:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
+  integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
+
 combined-stream@^1.0.8:
   version "1.0.8"
   resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
@@ -399,6 +440,26 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+concurrently@^7.6.0:
+  version "7.6.0"
+  resolved "https://registry.yarnpkg.com/concurrently/-/concurrently-7.6.0.tgz#531a6f5f30cf616f355a4afb8f8fcb2bba65a49a"
+  integrity sha512-BKtRgvcJGeZ4XttiDiNcFiRlxoAeZOseqUvyYRUp/Vtd+9p1ULmeoSqGsDA+2ivdeDFpqrJvGvmI+StKfKl5hw==
+  dependencies:
+    chalk "^4.1.0"
+    date-fns "^2.29.1"
+    lodash "^4.17.21"
+    rxjs "^7.0.0"
+    shell-quote "^1.7.3"
+    spawn-command "^0.0.2-1"
+    supports-color "^8.1.0"
+    tree-kill "^1.2.2"
+    yargs "^17.3.1"
+
+date-fns@^2.29.1:
+  version "2.29.3"
+  resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.29.3.tgz#27402d2fc67eb442b511b70bbdf98e6411cd68a8"
+  integrity sha512-dDCnyH2WnnKusqvZZ6+jA1O51Ibt8ZMRNkDZdyAyK4YfbDwa/cEmuztzG5pk6hqlp9aSBPYcjOlktquahGwGeA==
+
 debug@4:
   version "4.3.4"
   resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865"
@@ -416,6 +477,16 @@ depd@2.0.0:
   resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df"
   integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==
 
+emoji-regex@^8.0.0:
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37"
+  integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==
+
+escalade@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40"
+  integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==
+
 follow-redirects@^1.15.0:
   version "1.15.2"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13"
@@ -445,6 +516,11 @@ function-bind@^1.1.1:
   resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d"
   integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==
 
+get-caller-file@^2.0.5:
+  version "2.0.5"
+  resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
+  integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
+
 get-intrinsic@^1.0.2:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.1.3.tgz#063c84329ad93e83893c7f4f243ef63ffa351385"
@@ -466,6 +542,11 @@ glob@^7.1.3:
     once "^1.3.0"
     path-is-absolute "^1.0.0"
 
+has-flag@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
+  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
+
 has-symbols@^1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
@@ -521,6 +602,11 @@ inherits@2, inherits@2.0.4:
   resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c"
   integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
 
+is-fullwidth-code-point@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d"
+  integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
+
 json5@*:
   version "2.2.3"
   resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
@@ -535,6 +621,11 @@ koa-body@4.2.0:
     co-body "^5.1.1"
     formidable "^1.1.1"
 
+lodash@^4.17.21:
+  version "4.17.21"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
+  integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
+
 media-typer@0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
@@ -623,6 +714,11 @@ raw-body@^2.2.0:
     iconv-lite "0.4.24"
     unpipe "1.0.0"
 
+require-directory@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"
+  integrity sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==
+
 requires-port@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff"
@@ -635,6 +731,13 @@ rimraf@3.0.2:
   dependencies:
     glob "^7.1.3"
 
+rxjs@^7.0.0:
+  version "7.8.0"
+  resolved "https://registry.yarnpkg.com/rxjs/-/rxjs-7.8.0.tgz#90a938862a82888ff4c7359811a595e14e1e09a4"
+  integrity sha512-F2+gxDshqmIub1KdvZkaEfGDwLNpPvk9Fs6LD/MyQxNgMds/WH9OdDDXOmxUZpME+iSK3rQCctkL0DYyytUqMg==
+  dependencies:
+    tslib "^2.1.0"
+
 "safer-buffer@>= 2.1.2 < 3":
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
@@ -645,6 +748,11 @@ setprototypeof@1.2.0:
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424"
   integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
 
+shell-quote@^1.7.3:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.0.tgz#20d078d0eaf71d54f43bd2ba14a1b5b9bfa5c8ba"
+  integrity sha512-QHsz8GgQIGKlRi24yFc6a6lN69Idnx634w49ay6+jA5yFh7a1UY+4Rp6HPx/L/1zcEDPEij8cIsiqR6bQsE5VQ==
+
 side-channel@^1.0.4:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf"
@@ -654,11 +762,46 @@ side-channel@^1.0.4:
     get-intrinsic "^1.0.2"
     object-inspect "^1.9.0"
 
+spawn-command@^0.0.2-1:
+  version "0.0.2-1"
+  resolved "https://registry.yarnpkg.com/spawn-command/-/spawn-command-0.0.2-1.tgz#62f5e9466981c1b796dc5929937e11c9c6921bd0"
+  integrity sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg==
+
 statuses@2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63"
   integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==
 
+string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
+  version "4.2.3"
+  resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
+  integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
+  dependencies:
+    emoji-regex "^8.0.0"
+    is-fullwidth-code-point "^3.0.0"
+    strip-ansi "^6.0.1"
+
+strip-ansi@^6.0.0, strip-ansi@^6.0.1:
+  version "6.0.1"
+  resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
+  integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
+  dependencies:
+    ansi-regex "^5.0.1"
+
+supports-color@^7.1.0:
+  version "7.2.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da"
+  integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==
+  dependencies:
+    has-flag "^4.0.0"
+
+supports-color@^8.1.0:
+  version "8.1.1"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c"
+  integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==
+  dependencies:
+    has-flag "^4.0.0"
+
 toidentifier@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
@@ -674,6 +817,16 @@ tough-cookie@^4.1.2:
     universalify "^0.2.0"
     url-parse "^1.5.3"
 
+tree-kill@^1.2.2:
+  version "1.2.2"
+  resolved "https://registry.yarnpkg.com/tree-kill/-/tree-kill-1.2.2.tgz#4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc"
+  integrity sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==
+
+tslib@^2.1.0:
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.5.0.tgz#42bfed86f5787aeb41d031866c8f402429e0fddf"
+  integrity sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==
+
 type-is@^1.6.14:
   version "1.6.18"
   resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131"
@@ -705,7 +858,39 @@ url-parse@^1.5.3:
     querystringify "^2.1.1"
     requires-port "^1.0.0"
 
+wrap-ansi@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
+  integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
+  dependencies:
+    ansi-styles "^4.0.0"
+    string-width "^4.1.0"
+    strip-ansi "^6.0.0"
+
 wrappy@1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
+
+y18n@^5.0.5:
+  version "5.0.8"
+  resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
+  integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
+
+yargs-parser@^21.1.1:
+  version "21.1.1"
+  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35"
+  integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==
+
+yargs@^17.3.1:
+  version "17.7.1"
+  resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.1.tgz#34a77645201d1a8fc5213ace787c220eabbd0967"
+  integrity sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==
+  dependencies:
+    cliui "^8.0.1"
+    escalade "^3.1.1"
+    get-caller-file "^2.0.5"
+    require-directory "^2.1.1"
+    string-width "^4.2.3"
+    y18n "^5.0.5"
+    yargs-parser "^21.1.1"
diff --git a/packages/worker/jest.config.ts b/packages/worker/jest.config.ts
index cdacfa411a..3655479d82 100644
--- a/packages/worker/jest.config.ts
+++ b/packages/worker/jest.config.ts
@@ -7,7 +7,7 @@ const config: Config.InitialOptions = {
   preset: "@trendyol/jest-testcontainers",
   setupFiles: ["./src/tests/jestEnv.ts"],
   setupFilesAfterEnv: ["./src/tests/jestSetup.ts"],
-  collectCoverageFrom: ["src/**/*.{js,ts}"],
+  collectCoverageFrom: ["src/**/*.{js,ts}", "../backend-core/src/**/*.{js,ts}"],
   coverageReporters: ["lcov", "json", "clover"],
   transform: {
     "^.+\\.ts?$": "@swc/jest",
diff --git a/packages/worker/package.json b/packages/worker/package.json
index 6d7cae05a6..70c21019f3 100644
--- a/packages/worker/package.json
+++ b/packages/worker/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "2.3.18-alpha.12",
+  "version": "2.4.12-alpha.0",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -36,10 +36,10 @@
   "author": "Budibase",
   "license": "GPL-3.0",
   "dependencies": {
-    "@budibase/backend-core": "2.3.18-alpha.12",
-    "@budibase/pro": "2.3.18-alpha.12",
-    "@budibase/string-templates": "2.3.18-alpha.12",
-    "@budibase/types": "2.3.18-alpha.12",
+    "@budibase/backend-core": "2.4.12-alpha.0",
+    "@budibase/pro": "2.4.12-alpha.0",
+    "@budibase/string-templates": "2.4.12-alpha.0",
+    "@budibase/types": "2.4.12-alpha.0",
     "@koa/router": "8.0.8",
     "@sentry/node": "6.17.7",
     "@techpass/passport-openidconnect": "0.3.2",
@@ -60,6 +60,7 @@
     "koa-send": "5.0.1",
     "koa-session": "5.13.1",
     "koa-static": "5.0.0",
+    "koa-useragent": "^4.1.0",
     "node-fetch": "2.6.7",
     "nodemailer": "6.7.2",
     "passport-google-oauth": "2.0.0",
diff --git a/packages/worker/src/api/controllers/global/auth.ts b/packages/worker/src/api/controllers/global/auth.ts
index 948a98cf3a..1286fd519d 100644
--- a/packages/worker/src/api/controllers/global/auth.ts
+++ b/packages/worker/src/api/controllers/global/auth.ts
@@ -2,10 +2,9 @@ import {
   auth as authCore,
   constants,
   context,
-  db as dbCore,
   events,
-  tenancy,
   utils as utilsCore,
+  configs,
 } from "@budibase/backend-core"
 import {
   ConfigType,
@@ -15,6 +14,7 @@ import {
   SSOUser,
   PasswordResetRequest,
   PasswordResetUpdateRequest,
+  GoogleInnerConfig,
 } from "@budibase/types"
 import env from "../../../environment"
 
@@ -61,16 +61,16 @@ export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
   const email = ctx.request.body.username
 
   const user = await userSdk.getUserByEmail(email)
-  if (user && (await userSdk.isPreventSSOPasswords(user))) {
-    ctx.throw(400, "SSO user cannot login using password")
+  if (user && (await userSdk.isPreventPasswordActions(user))) {
+    ctx.throw(403, "Invalid credentials")
   }
 
   return passport.authenticate(
     "local",
     async (err: any, user: User, info: any) => {
       await passportCallback(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("local")
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("local", user.email)
       })
       ctx.status = 200
     }
@@ -163,8 +163,8 @@ export const datasourceAuth = async (ctx: any, next: any) => {
 
 // GOOGLE SSO
 
-export async function googleCallbackUrl(config?: { callbackURL?: string }) {
-  return ssoCallbackUrl(tenancy.getGlobalDB(), config, ConfigType.GOOGLE)
+export async function googleCallbackUrl(config?: GoogleInnerConfig) {
+  return ssoCallbackUrl(ConfigType.GOOGLE, config)
 }
 
 /**
@@ -172,12 +172,10 @@ export async function googleCallbackUrl(config?: { callbackURL?: string }) {
  * On a successful login, you will be redirected to the googleAuth callback route.
  */
 export const googlePreAuth = async (ctx: any, next: any) => {
-  const db = tenancy.getGlobalDB()
-
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.GOOGLE,
-    workspace: ctx.query.workspace,
-  })
+  const config = await configs.getGoogleConfig()
+  if (!config) {
+    return ctx.throw(400, "Google config not found")
+  }
   let callbackUrl = await googleCallbackUrl(config)
   const strategy = await google.strategyFactory(
     config,
@@ -193,12 +191,10 @@ export const googlePreAuth = async (ctx: any, next: any) => {
 }
 
 export const googleCallback = async (ctx: any, next: any) => {
-  const db = tenancy.getGlobalDB()
-
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.GOOGLE,
-    workspace: ctx.query.workspace,
-  })
+  const config = await configs.getGoogleConfig()
+  if (!config) {
+    return ctx.throw(400, "Google config not found")
+  }
   const callbackUrl = await googleCallbackUrl(config)
   const strategy = await google.strategyFactory(
     config,
@@ -208,38 +204,36 @@ export const googleCallback = async (ctx: any, next: any) => {
 
   return passport.authenticate(
     strategy,
-    { successRedirect: "/", failureRedirect: "/error" },
+    {
+      successRedirect: env.PASSPORT_GOOGLEAUTH_SUCCESS_REDIRECT,
+      failureRedirect: env.PASSPORT_GOOGLEAUTH_FAILURE_REDIRECT,
+    },
     async (err: any, user: SSOUser, info: any) => {
       await passportCallback(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("google-internal")
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("google-internal", user.email)
       })
-      ctx.redirect("/")
+      ctx.redirect(env.PASSPORT_GOOGLEAUTH_SUCCESS_REDIRECT)
     }
   )(ctx, next)
 }
 
 // OIDC SSO
 
-export async function oidcCallbackUrl(config?: { callbackURL?: string }) {
-  return ssoCallbackUrl(tenancy.getGlobalDB(), config, ConfigType.OIDC)
+export async function oidcCallbackUrl() {
+  return ssoCallbackUrl(ConfigType.OIDC)
 }
 
 export const oidcStrategyFactory = async (ctx: any, configId: any) => {
-  const db = tenancy.getGlobalDB()
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.OIDC,
-    group: ctx.query.group,
-  })
+  const config = await configs.getOIDCConfig()
+  if (!config) {
+    return ctx.throw(400, "OIDC config not found")
+  }
 
-  const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
-  let callbackUrl = await oidcCallbackUrl(chosenConfig)
+  let callbackUrl = await oidcCallbackUrl()
 
   //Remote Config
-  const enrichedConfig = await oidc.fetchStrategyConfig(
-    chosenConfig,
-    callbackUrl
-  )
+  const enrichedConfig = await oidc.fetchStrategyConfig(config, callbackUrl)
   return oidc.strategyFactory(enrichedConfig, userSdk.save)
 }
 
@@ -247,23 +241,23 @@ export const oidcStrategyFactory = async (ctx: any, configId: any) => {
  * The initial call that OIDC authentication makes to take you to the configured OIDC login screen.
  * On a successful login, you will be redirected to the oidcAuth callback route.
  */
-export const oidcPreAuth = async (ctx: any, next: any) => {
+export const oidcPreAuth = async (ctx: Ctx, next: any) => {
   const { configId } = ctx.params
+  if (!configId) {
+    ctx.throw(400, "OIDC config id is required")
+  }
   const strategy = await oidcStrategyFactory(ctx, configId)
 
   setCookie(ctx, configId, Cookie.OIDC_CONFIG)
 
-  const db = tenancy.getGlobalDB()
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.OIDC,
-    group: ctx.query.group,
-  })
-
-  const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
+  const config = await configs.getOIDCConfigById(configId)
+  if (!config) {
+    return ctx.throw(400, "OIDC config not found")
+  }
 
   let authScopes =
-    chosenConfig.scopes?.length > 0
-      ? chosenConfig.scopes
+    config.scopes?.length > 0
+      ? config.scopes
       : ["profile", "email", "offline_access"]
 
   return passport.authenticate(strategy, {
@@ -278,13 +272,16 @@ export const oidcCallback = async (ctx: any, next: any) => {
 
   return passport.authenticate(
     strategy,
-    { successRedirect: "/", failureRedirect: "/error" },
+    {
+      successRedirect: env.PASSPORT_OIDCAUTH_SUCCESS_REDIRECT,
+      failureRedirect: env.PASSPORT_OIDCAUTH_FAILURE_REDIRECT,
+    },
     async (err: any, user: SSOUser, info: any) => {
       await passportCallback(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("oidc")
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("oidc", user.email)
       })
-      ctx.redirect("/")
+      ctx.redirect(env.PASSPORT_OIDCAUTH_SUCCESS_REDIRECT)
     }
   )(ctx, next)
 }
diff --git a/packages/worker/src/api/controllers/global/configs.ts b/packages/worker/src/api/controllers/global/configs.ts
index 855d766a87..02459855c2 100644
--- a/packages/worker/src/api/controllers/global/configs.ts
+++ b/packages/worker/src/api/controllers/global/configs.ts
@@ -2,38 +2,37 @@ import * as email from "../../../utilities/email"
 import env from "../../../environment"
 import { googleCallbackUrl, oidcCallbackUrl } from "./auth"
 import {
-  events,
   cache,
-  objectStore,
-  tenancy,
+  configs,
   db as dbCore,
   env as coreEnv,
+  events,
+  objectStore,
+  tenancy,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
 import {
-  Database,
-  Config as ConfigDoc,
+  Config,
   ConfigType,
-  SSOType,
-  GoogleConfig,
-  OIDCConfig,
-  SettingsConfig,
+  Ctx,
+  GetPublicOIDCConfigResponse,
+  GetPublicSettingsResponse,
+  GoogleInnerConfig,
   isGoogleConfig,
   isOIDCConfig,
   isSettingsConfig,
   isSMTPConfig,
-  Ctx,
+  OIDCConfigs,
+  SettingsInnerConfig,
+  SSOConfig,
+  SSOConfigType,
   UserCtx,
 } from "@budibase/types"
+import * as pro from "@budibase/pro"
 
-const getEventFns = async (db: Database, config: ConfigDoc) => {
+const getEventFns = async (config: Config, existing?: Config) => {
   const fns = []
 
-  let existing
-  if (config._id) {
-    existing = await db.get(config._id)
-  }
-
   if (!existing) {
     if (isSMTPConfig(config)) {
       fns.push(events.email.SMTPCreated)
@@ -125,31 +124,96 @@ const getEventFns = async (db: Database, config: ConfigDoc) => {
   return fns
 }
 
-export async function save(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-  const { type, workspace, user, config } = ctx.request.body
-  let eventFns = await getEventFns(db, ctx.request.body)
-  // Config does not exist yet
-  if (!ctx.request.body._id) {
-    ctx.request.body._id = dbCore.generateConfigID({
-      type,
-      workspace,
-      user,
-    })
+type SSOConfigs = { [key in SSOConfigType]: SSOConfig | undefined }
+
+async function getSSOConfigs(): Promise<SSOConfigs> {
+  const google = await configs.getGoogleConfig()
+  const oidc = await configs.getOIDCConfig()
+  return {
+    [ConfigType.GOOGLE]: google,
+    [ConfigType.OIDC]: oidc,
   }
+}
+
+async function hasActivatedConfig(ssoConfigs?: SSOConfigs) {
+  if (!ssoConfigs) {
+    ssoConfigs = await getSSOConfigs()
+  }
+  return !!Object.values(ssoConfigs).find(c => c?.activated)
+}
+
+async function verifySettingsConfig(config: SettingsInnerConfig) {
+  if (config.isSSOEnforced) {
+    const valid = await hasActivatedConfig()
+    if (!valid) {
+      throw new Error("Cannot enforce SSO without an activated configuration")
+    }
+  }
+}
+
+async function verifySSOConfig(type: SSOConfigType, config: SSOConfig) {
+  const settings = await configs.getSettingsConfig()
+  if (settings.isSSOEnforced && !config.activated) {
+    // config is being saved as deactivated
+    // ensure there is at least one other activated sso config
+    const ssoConfigs = await getSSOConfigs()
+
+    // overwrite the config being updated
+    // to reflect the desired state
+    ssoConfigs[type] = config
+
+    const activated = await hasActivatedConfig(ssoConfigs)
+    if (!activated) {
+      throw new Error(
+        "Configuration cannot be deactivated while SSO is enforced"
+      )
+    }
+  }
+}
+
+async function verifyGoogleConfig(config: GoogleInnerConfig) {
+  await verifySSOConfig(ConfigType.GOOGLE, config)
+}
+
+async function verifyOIDCConfig(config: OIDCConfigs) {
+  await verifySSOConfig(ConfigType.OIDC, config.configs[0])
+}
+
+export async function save(ctx: UserCtx<Config>) {
+  const body = ctx.request.body
+  const type = body.type
+  const config = body.config
+
+  const existingConfig = await configs.getConfig(type)
+  let eventFns = await getEventFns(ctx.request.body, existingConfig)
+
+  if (existingConfig) {
+    body._rev = existingConfig._rev
+  }
+
   try {
     // verify the configuration
     switch (type) {
       case ConfigType.SMTP:
         await email.verifyConfig(config)
         break
+      case ConfigType.SETTINGS:
+        await verifySettingsConfig(config)
+        break
+      case ConfigType.GOOGLE:
+        await verifyGoogleConfig(config)
+        break
+      case ConfigType.OIDC:
+        await verifyOIDCConfig(config)
+        break
     }
   } catch (err: any) {
     ctx.throw(400, err)
   }
 
   try {
-    const response = await db.put(ctx.request.body)
+    body._id = configs.generateConfigID(type)
+    const response = await configs.save(body)
     await cache.bustCache(cache.CacheKey.CHECKLIST)
     await cache.bustCache(cache.CacheKey.ANALYTICS_ENABLED)
 
@@ -167,44 +231,11 @@ export async function save(ctx: UserCtx) {
   }
 }
 
-export async function fetch(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-  const response = await db.allDocs(
-    dbCore.getConfigParams(
-      { type: ctx.params.type },
-      {
-        include_docs: true,
-      }
-    )
-  )
-  ctx.body = response.rows.map(row => row.doc)
-}
-
-/**
- * Gets the most granular config for a particular configuration type.
- * The hierarchy is type -> workspace -> user.
- */
 export async function find(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-
-  const { userId, workspaceId } = ctx.query
-  if (workspaceId && userId) {
-    const workspace = await db.get(workspaceId as string)
-    const userInWorkspace = workspace.users.some(
-      (workspaceUser: any) => workspaceUser === userId
-    )
-    if (!ctx.user!.admin && !userInWorkspace) {
-      ctx.throw(400, `User is not in specified workspace: ${workspace}.`)
-    }
-  }
-
   try {
     // Find the config with the most granular scope based on context
-    const scopedConfig = await dbCore.getScopedFullConfig(db, {
-      type: ctx.params.type,
-      user: userId,
-      workspace: workspaceId,
-    })
+    const type = ctx.params.type
+    const scopedConfig = await configs.getConfig(type)
 
     if (scopedConfig) {
       ctx.body = scopedConfig
@@ -217,85 +248,70 @@ export async function find(ctx: UserCtx) {
   }
 }
 
-export async function publicOidc(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
+export async function publicOidc(ctx: Ctx<void, GetPublicOIDCConfigResponse>) {
   try {
     // Find the config with the most granular scope based on context
-    const oidcConfig: OIDCConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.OIDC,
-    })
+    const config = await configs.getOIDCConfig()
 
-    if (!oidcConfig) {
-      ctx.body = {}
+    if (!config) {
+      ctx.body = []
     } else {
-      ctx.body = oidcConfig.config.configs.map(config => ({
-        logo: config.logo,
-        name: config.name,
-        uuid: config.uuid,
-      }))
+      ctx.body = [
+        {
+          logo: config.logo,
+          name: config.name,
+          uuid: config.uuid,
+        },
+      ]
     }
   } catch (err: any) {
     ctx.throw(err.status, err)
   }
 }
 
-export async function publicSettings(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
-
+export async function publicSettings(
+  ctx: Ctx<void, GetPublicSettingsResponse>
+) {
   try {
-    // Find the config with the most granular scope based on context
-    const publicConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.SETTINGS,
-    })
-
-    const googleConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.GOOGLE,
-    })
-
-    const oidcConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.OIDC,
-    })
-
-    let config
-    if (!publicConfig) {
-      config = {
-        config: {},
-      }
-    } else {
-      config = publicConfig
-    }
-
-    // enrich the logo url
-    // empty url means deleted
-    if (config.config.logoUrl && config.config.logoUrl !== "") {
-      config.config.logoUrl = objectStore.getGlobalFileUrl(
+    // settings
+    const configDoc = await configs.getSettingsConfigDoc()
+    const config = configDoc.config
+    // enrich the logo url - empty url means deleted
+    if (config.logoUrl && config.logoUrl !== "") {
+      config.logoUrl = objectStore.getGlobalFileUrl(
         "settings",
         "logoUrl",
-        config.config.logoUrlEtag
+        config.logoUrlEtag
       )
     }
 
-    // google button flag
-    if (googleConfig && googleConfig.config) {
-      // activated by default for configs pre-activated flag
-      config.config.google =
-        googleConfig.config.activated == null || googleConfig.config.activated
-    } else {
-      config.config.google = false
+    // google
+    const googleConfig = await configs.getGoogleConfig()
+    const preActivated = googleConfig?.activated == null
+    const google = preActivated || !!googleConfig?.activated
+    const _googleCallbackUrl = await googleCallbackUrl(googleConfig)
+
+    // oidc
+    const oidcConfig = await configs.getOIDCConfig()
+    const oidc = oidcConfig?.activated || false
+    const _oidcCallbackUrl = await oidcCallbackUrl()
+
+    // sso enforced
+    const isSSOEnforced = await pro.features.isSSOEnforced({ config })
+
+    ctx.body = {
+      type: ConfigType.SETTINGS,
+      _id: configDoc._id,
+      _rev: configDoc._rev,
+      config: {
+        ...config,
+        google,
+        oidc,
+        isSSOEnforced,
+        oidcCallbackUrl: _oidcCallbackUrl,
+        googleCallbackUrl: _googleCallbackUrl,
+      },
     }
-
-    // callback urls
-    config.config.oidcCallbackUrl = await oidcCallbackUrl()
-    config.config.googleCallbackUrl = await googleCallbackUrl()
-
-    // oidc button flag
-    if (oidcConfig && oidcConfig.config) {
-      config.config.oidc = oidcConfig.config.configs[0].activated
-    } else {
-      config.config.oidc = false
-    }
-
-    ctx.body = config
   } catch (err: any) {
     ctx.throw(err.status, err)
   }
@@ -319,12 +335,11 @@ export async function upload(ctx: UserCtx) {
   })
 
   // add to configuration structure
-  // TODO: right now this only does a global level
-  const db = tenancy.getGlobalDB()
-  let cfgStructure = await dbCore.getScopedFullConfig(db, { type })
-  if (!cfgStructure) {
-    cfgStructure = {
-      _id: dbCore.generateConfigID({ type }),
+  let config = await configs.getConfig(type)
+  if (!config) {
+    config = {
+      _id: configs.generateConfigID(type),
+      type,
       config: {},
     }
   }
@@ -332,14 +347,14 @@ export async function upload(ctx: UserCtx) {
   // save the Etag for cache bursting
   const etag = result.ETag
   if (etag) {
-    cfgStructure.config[`${name}Etag`] = etag.replace(/"/g, "")
+    config.config[`${name}Etag`] = etag.replace(/"/g, "")
   }
 
   // save the file key
-  cfgStructure.config[`${name}`] = key
+  config.config[`${name}`] = key
 
   // write back to db
-  await db.put(cfgStructure)
+  await configs.save(config)
 
   ctx.body = {
     message: "File has been uploaded and url stored to config.",
@@ -360,7 +375,6 @@ export async function destroy(ctx: UserCtx) {
 }
 
 export async function configChecklist(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
   const tenantId = tenancy.getTenantId()
 
   try {
@@ -375,19 +389,13 @@ export async function configChecklist(ctx: Ctx) {
         }
 
         // They have set up SMTP
-        const smtpConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.SMTP,
-        })
+        const smtpConfig = await configs.getSMTPConfig()
 
         // They have set up Google Auth
-        const googleConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.GOOGLE,
-        })
+        const googleConfig = await configs.getGoogleConfig()
 
         // They have set up OIDC
-        const oidcConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.OIDC,
-        })
+        const oidcConfig = await configs.getOIDCConfig()
 
         // They have set up a global user
         const userExists = await checkAnyUserExists()
diff --git a/packages/worker/src/api/controllers/global/self.ts b/packages/worker/src/api/controllers/global/self.ts
index 889a3e6a27..78e5bf7164 100644
--- a/packages/worker/src/api/controllers/global/self.ts
+++ b/packages/worker/src/api/controllers/global/self.ts
@@ -10,12 +10,7 @@ import {
 } from "@budibase/backend-core"
 import env from "../../../environment"
 import { groups } from "@budibase/pro"
-import {
-  UpdateSelfRequest,
-  UpdateSelfResponse,
-  UpdateSelf,
-  UserCtx,
-} from "@budibase/types"
+import { UpdateSelfRequest, UpdateSelfResponse, UserCtx } from "@budibase/types"
 const { getCookie, clearCookie, newid } = utils
 
 function newTestApiKey() {
@@ -122,15 +117,14 @@ export async function getSelf(ctx: any) {
 export async function updateSelf(
   ctx: UserCtx<UpdateSelfRequest, UpdateSelfResponse>
 ) {
-  const body = ctx.request.body
-  const update: UpdateSelf = {
-    firstName: body.firstName,
-    lastName: body.lastName,
-    password: body.password,
-    forceResetPassword: body.forceResetPassword,
-  }
+  const update = ctx.request.body
 
-  const user = await userSdk.updateSelf(ctx.user._id!, update)
+  let user = await userSdk.getUser(ctx.user._id!)
+  user = {
+    ...user,
+    ...update,
+  }
+  user = await userSdk.save(user, { requirePassword: false })
 
   if (update.password) {
     // Log all other sessions out apart from the current one
diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts
index c722d27faa..921f99fa31 100644
--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@@ -1,4 +1,9 @@
-import { checkInviteCode } from "../../../utilities/redis"
+import {
+  checkInviteCode,
+  getInviteCodes,
+  updateInviteCode,
+} from "../../../utilities/redis"
+// import sdk from "../../../sdk"
 import * as userSdk from "../../../sdk/users"
 import env from "../../../environment"
 import {
@@ -28,6 +33,7 @@ import {
   platform,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
+import { isEmailConfigured } from "../../../utilities/email"
 
 const MAX_USERS_UPLOAD_LIMIT = 1000
 
@@ -179,16 +185,28 @@ export const destroy = async (ctx: any) => {
   }
 }
 
+export const getAppUsers = async (ctx: any) => {
+  const body = ctx.request.body as SearchUsersRequest
+  const users = await userSdk.getUsersByAppAccess(body?.appId)
+
+  ctx.body = { data: users }
+}
+
 export const search = async (ctx: any) => {
   const body = ctx.request.body as SearchUsersRequest
-  const paginated = await userSdk.paginatedUsers(body)
-  // user hashed password shouldn't ever be returned
-  for (let user of paginated.data) {
-    if (user) {
-      delete user.password
+
+  if (body.paginated === false) {
+    await getAppUsers(ctx)
+  } else {
+    const paginated = await userSdk.paginatedUsers(body)
+    // user hashed password shouldn't ever be returned
+    for (let user of paginated.data) {
+      if (user) {
+        delete user.password
+      }
     }
+    ctx.body = paginated
   }
-  ctx.body = paginated
 }
 
 // called internally by app server user fetch
@@ -218,9 +236,71 @@ export const tenantUserLookup = async (ctx: any) => {
   }
 }
 
+/* 
+  Encapsulate the app user onboarding flows here.
+*/
+export const onboardUsers = async (ctx: any) => {
+  const request = ctx.request.body as InviteUsersRequest | BulkUserRequest
+  const isBulkCreate = "create" in request
+
+  const emailConfigured = await isEmailConfigured()
+
+  let onboardingResponse
+
+  if (isBulkCreate) {
+    // @ts-ignore
+    const { users, groups, roles } = request.create
+    const assignUsers = users.map((user: User) => (user.roles = roles))
+    onboardingResponse = await userSdk.bulkCreate(assignUsers, groups)
+    ctx.body = onboardingResponse
+  } else if (emailConfigured) {
+    onboardingResponse = await inviteMultiple(ctx)
+  } else if (!emailConfigured) {
+    const inviteRequest = ctx.request.body as InviteUsersRequest
+
+    let createdPasswords: any = {}
+
+    const users: User[] = inviteRequest.map(invite => {
+      let password = Math.random().toString(36).substring(2, 22)
+
+      // Temp password to be passed to the user.
+      createdPasswords[invite.email] = password
+
+      return {
+        email: invite.email,
+        password,
+        forceResetPassword: true,
+        roles: invite.userInfo.apps,
+        admin: { global: false },
+        builder: { global: false },
+        tenantId: tenancy.getTenantId(),
+      }
+    })
+    let bulkCreateReponse = await userSdk.bulkCreate(users, [])
+
+    // Apply temporary credentials
+    let createWithCredentials = {
+      ...bulkCreateReponse,
+      successful: bulkCreateReponse?.successful.map(user => {
+        return {
+          ...user,
+          password: createdPasswords[user.email],
+        }
+      }),
+      created: true,
+    }
+
+    ctx.body = createWithCredentials
+  } else {
+    ctx.throw(400, "User onboarding failed")
+  }
+}
+
 export const invite = async (ctx: any) => {
   const request = ctx.request.body as InviteUserRequest
-  const response = await userSdk.invite([request])
+
+  let multiRequest = [request] as InviteUsersRequest
+  const response = await userSdk.invite(multiRequest)
 
   // explicitly throw for single user invite
   if (response.unsuccessful.length) {
@@ -234,6 +314,8 @@ export const invite = async (ctx: any) => {
 
   ctx.body = {
     message: "Invitation has been sent.",
+    successful: response.successful,
+    unsuccessful: response.unsuccessful,
   }
 }
 
@@ -255,6 +337,53 @@ export const checkInvite = async (ctx: any) => {
   }
 }
 
+export const getUserInvites = async (ctx: any) => {
+  let invites
+  try {
+    // Restricted to the currently authenticated tenant
+    invites = await getInviteCodes()
+  } catch (e) {
+    ctx.throw(400, "There was a problem fetching invites")
+  }
+  ctx.body = invites
+}
+
+export const updateInvite = async (ctx: any) => {
+  const { code } = ctx.params
+  let updateBody = { ...ctx.request.body }
+
+  delete updateBody.email
+
+  let invite
+  try {
+    invite = await checkInviteCode(code, false)
+    if (!invite) {
+      throw new Error("The invite could not be retrieved")
+    }
+  } catch (e) {
+    ctx.throw(400, "There was a problem with the invite")
+  }
+
+  let updated = {
+    ...invite,
+  }
+
+  if (!updateBody?.apps || !Object.keys(updateBody?.apps).length) {
+    updated.info.apps = []
+  } else {
+    updated.info = {
+      ...invite.info,
+      apps: {
+        ...invite.info.apps,
+        ...updateBody.apps,
+      },
+    }
+  }
+
+  await updateInviteCode(code, updated)
+  ctx.body = { ...invite }
+}
+
 export const inviteAccept = async (
   ctx: Ctx<AcceptUserInviteRequest, AcceptUserInviteResponse>
 ) => {
@@ -263,13 +392,23 @@ export const inviteAccept = async (
     // info is an extension of the user object that was stored by global
     const { email, info }: any = await checkInviteCode(inviteCode)
     const user = await tenancy.doInTenant(info.tenantId, async () => {
-      const saved = await userSdk.save({
+      let request = {
         firstName,
         lastName,
         password,
         email,
+        roles: info.apps,
+        tenantId: info.tenantId,
+      }
+
+      delete info.apps
+
+      request = {
+        ...request,
         ...info,
-      })
+      }
+
+      const saved = await userSdk.save(request)
       const db = tenancy.getGlobalDB()
       const user = await db.get(saved._id)
       await events.user.inviteAccepted(user)
diff --git a/packages/worker/src/api/routes/global/configs.ts b/packages/worker/src/api/routes/global/configs.ts
index 38a31a28e6..88c6bfbe7d 100644
--- a/packages/worker/src/api/routes/global/configs.ts
+++ b/packages/worker/src/api/routes/global/configs.ts
@@ -34,8 +34,8 @@ function settingValidation() {
 function googleValidation() {
   // prettier-ignore
   return Joi.object({
-    clientID: Joi.when('activated', { is: true, then: Joi.string().required() }),
-    clientSecret: Joi.when('activated', { is: true, then: Joi.string().required() }),
+    clientID: Joi.string().required(),
+    clientSecret: Joi.string().required(),
     activated: Joi.boolean().required(),
   }).unknown(true)
 }
@@ -45,12 +45,12 @@ function oidcValidation() {
   return Joi.object({
     configs: Joi.array().items(
       Joi.object({
-        clientID: Joi.when('activated', { is: true, then: Joi.string().required() }),
-        clientSecret: Joi.when('activated', { is: true, then: Joi.string().required() }),
-        configUrl: Joi.when('activated', { is: true, then: Joi.string().required() }),
+        clientID: Joi.string().required(),
+        clientSecret: Joi.string().required(),
+        configUrl: Joi.string().required(),
         logo: Joi.string().allow("", null),
         name: Joi.string().allow("", null),
-        uuid: Joi.when('activated', { is: true, then: Joi.string().required() }),
+        uuid: Joi.string().required(),
         activated: Joi.boolean().required(),
         scopes: Joi.array().optional()
       })
@@ -104,13 +104,7 @@ router
     controller.save
   )
   .delete("/api/global/configs/:id/:rev", auth.adminOnly, controller.destroy)
-  .get("/api/global/configs", controller.fetch)
   .get("/api/global/configs/checklist", controller.configChecklist)
-  .get(
-    "/api/global/configs/all/:type",
-    buildConfigGetValidation(),
-    controller.fetch
-  )
   .get("/api/global/configs/public", controller.publicSettings)
   .get("/api/global/configs/public/oidc", controller.publicOidc)
   .get("/api/global/configs/:type", buildConfigGetValidation(), controller.find)
diff --git a/packages/worker/src/api/routes/global/self.ts b/packages/worker/src/api/routes/global/self.ts
index 8784bb8b20..c1f1b80543 100644
--- a/packages/worker/src/api/routes/global/self.ts
+++ b/packages/worker/src/api/routes/global/self.ts
@@ -11,7 +11,7 @@ router
   .get("/api/global/self", controller.getSelf)
   .post(
     "/api/global/self",
-    users.buildUserSaveValidation(true),
+    users.buildSelfSaveValidation(),
     controller.updateSelf
   )
 
diff --git a/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
new file mode 100644
index 0000000000..19e3cd64b4
--- /dev/null
+++ b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
@@ -0,0 +1,111 @@
+import { mocks, structures } from "@budibase/backend-core/tests"
+import { context, events } from "@budibase/backend-core"
+import { Event, IdentityType } from "@budibase/types"
+import { TestConfiguration } from "../../../../tests"
+
+mocks.licenses.useAuditLogs()
+
+const BASE_IDENTITY = {
+  account: undefined,
+  type: IdentityType.USER,
+}
+const USER_AUDIT_LOG_COUNT = 3
+const APP_ID = "app_1"
+
+describe("/api/global/auditlogs", () => {
+  const config = new TestConfiguration()
+
+  beforeAll(async () => {
+    await config.beforeAll()
+  })
+
+  afterAll(async () => {
+    await config.afterAll()
+  })
+
+  describe("POST /api/global/auditlogs/search", () => {
+    it("should be able to fire some events (create audit logs)", async () => {
+      await context.doInTenant(config.tenantId, async () => {
+        const userId = config.user!._id!
+        const identity = {
+          ...BASE_IDENTITY,
+          _id: userId,
+          tenantId: config.tenantId,
+        }
+        await context.doInIdentityContext(identity, async () => {
+          for (let i = 0; i < USER_AUDIT_LOG_COUNT; i++) {
+            await events.user.created(structures.users.user())
+          }
+          await context.doInAppContext(APP_ID, async () => {
+            await events.app.created(structures.apps.app(APP_ID))
+          })
+          // fetch the user created events
+          const response = await config.api.auditLogs.search({
+            events: [Event.USER_CREATED],
+          })
+          expect(response.data).toBeDefined()
+          // there will be an initial event which comes from the default user creation
+          expect(response.data.length).toBe(USER_AUDIT_LOG_COUNT + 1)
+        })
+      })
+    })
+
+    it("should be able to search by event", async () => {
+      const response = await config.api.auditLogs.search({
+        events: [Event.USER_CREATED],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.event).toBe(Event.USER_CREATED)
+      }
+    })
+
+    it("should be able to search by time range (frozen)", async () => {
+      // this is frozen, only need to add 1 and minus 1
+      const now = new Date()
+      const start = new Date()
+      start.setSeconds(now.getSeconds() - 1)
+      const end = new Date()
+      end.setSeconds(now.getSeconds() + 1)
+      const response = await config.api.auditLogs.search({
+        startDate: start.toISOString(),
+        endDate: end.toISOString(),
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.timestamp).toBe(now.toISOString())
+      }
+    })
+
+    it("should be able to search by user ID", async () => {
+      const userId = config.user!._id!
+      const response = await config.api.auditLogs.search({
+        userIds: [userId],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.user._id).toBe(userId)
+      }
+    })
+
+    it("should be able to search by app ID", async () => {
+      const response = await config.api.auditLogs.search({
+        appIds: [APP_ID],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.app?._id).toBe(APP_ID)
+      }
+    })
+
+    it("should be able to search by full string", async () => {
+      const response = await config.api.auditLogs.search({
+        fullSearch: "User",
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.name.includes("User")).toBe(true)
+      }
+    })
+  })
+})
diff --git a/packages/worker/src/api/routes/global/tests/auth.spec.ts b/packages/worker/src/api/routes/global/tests/auth.spec.ts
index 84f8ce1b0a..6c133df652 100644
--- a/packages/worker/src/api/routes/global/tests/auth.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/auth.spec.ts
@@ -106,12 +106,12 @@ describe("/api/global/auth", () => {
             tenantId,
             email,
             password,
-            { status: 400 }
+            { status: 403 }
           )
 
           expect(response.body).toEqual({
-            message: "SSO user cannot login using password",
-            status: 400,
+            message: "Invalid credentials",
+            status: 403,
           })
         }
 
@@ -170,18 +170,8 @@ describe("/api/global/auth", () => {
         async function testSSOUser() {
           const { res } = await config.api.auth.requestPasswordReset(
             sendMailMock,
-            user.email,
-            { status: 400 }
+            user.email
           )
-
-          expect(res.body).toEqual({
-            message: "SSO user cannot reset password",
-            status: 400,
-            error: {
-              code: "http",
-              type: "generic",
-            },
-          })
           expect(sendMailMock).not.toHaveBeenCalled()
         }
 
@@ -367,7 +357,7 @@ describe("/api/global/auth", () => {
 
         const res = await config.api.configs.OIDCCallback(configId, preAuthRes)
 
-        expect(events.auth.login).toBeCalledWith("oidc")
+        expect(events.auth.login).toBeCalledWith("oidc", "oauth@example.com")
         expect(events.auth.login).toBeCalledTimes(1)
         expect(res.status).toBe(302)
         const location: string = res.get("location")
diff --git a/packages/worker/src/api/routes/global/tests/configs.spec.ts b/packages/worker/src/api/routes/global/tests/configs.spec.ts
index 39ad74d295..892fe8a67b 100644
--- a/packages/worker/src/api/routes/global/tests/configs.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/configs.spec.ts
@@ -2,7 +2,8 @@
 jest.mock("nodemailer")
 import { TestConfiguration, structures, mocks } from "../../../../tests"
 mocks.email.mock()
-import { Config, events } from "@budibase/backend-core"
+import { events } from "@budibase/backend-core"
+import { GetPublicSettingsResponse, Config, ConfigType } from "@budibase/types"
 
 describe("configs", () => {
   const config = new TestConfiguration()
@@ -19,22 +20,29 @@ describe("configs", () => {
     await config.afterAll()
   })
 
-  describe("post /api/global/configs", () => {
-    const saveConfig = async (conf: any, _id?: string, _rev?: string) => {
-      const data = {
-        ...conf,
-        _id,
-        _rev,
-      }
-
-      const res = await config.api.configs.saveConfig(data)
-
-      return {
-        ...data,
-        ...res.body,
-      }
+  const saveConfig = async (conf: Config, _id?: string, _rev?: string) => {
+    const data = {
+      ...conf,
+      _id,
+      _rev,
     }
+    const res = await config.api.configs.saveConfig(data)
+    return {
+      ...data,
+      ...res.body,
+    }
+  }
 
+  const saveSettingsConfig = async (
+    conf?: any,
+    _id?: string,
+    _rev?: string
+  ) => {
+    const settingsConfig = structures.configs.settings(conf)
+    return saveConfig(settingsConfig, _id, _rev)
+  }
+
+  describe("POST /api/global/configs", () => {
     describe("google", () => {
       const saveGoogleConfig = async (
         conf?: any,
@@ -49,20 +57,20 @@ describe("configs", () => {
         it("should create activated google config", async () => {
           await saveGoogleConfig()
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
 
         it("should create deactivated google config", async () => {
           await saveGoogleConfig({ activated: false })
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).not.toBeCalled()
-          await config.deleteConfig(Config.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
       })
 
@@ -76,11 +84,11 @@ describe("configs", () => {
             googleConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).toBeCalledTimes(1)
-          expect(events.auth.SSODeactivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSODeactivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
 
         it("should update google config to activated", async () => {
@@ -92,11 +100,11 @@ describe("configs", () => {
             googleConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
       })
     })
@@ -115,20 +123,20 @@ describe("configs", () => {
         it("should create activated OIDC config", async () => {
           await saveOIDCConfig()
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.OIDC)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.OIDC)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.OIDC)
-          await config.deleteConfig(Config.OIDC)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
 
         it("should create deactivated OIDC config", async () => {
           await saveOIDCConfig({ activated: false })
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.OIDC)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.OIDC)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).not.toBeCalled()
-          await config.deleteConfig(Config.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
       })
 
@@ -142,11 +150,11 @@ describe("configs", () => {
             oidcConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.OIDC)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.OIDC)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).toBeCalledTimes(1)
-          expect(events.auth.SSODeactivated).toBeCalledWith(Config.OIDC)
-          await config.deleteConfig(Config.OIDC)
+          expect(events.auth.SSODeactivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
 
         it("should update OIDC config to activated", async () => {
@@ -158,11 +166,11 @@ describe("configs", () => {
             oidcConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.OIDC)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.OIDC)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.OIDC)
-          await config.deleteConfig(Config.OIDC)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
       })
     })
@@ -179,11 +187,11 @@ describe("configs", () => {
 
       describe("create", () => {
         it("should create SMTP config", async () => {
-          await config.deleteConfig(Config.SMTP)
+          await config.deleteConfig(ConfigType.SMTP)
           await saveSMTPConfig()
           expect(events.email.SMTPUpdated).not.toBeCalled()
           expect(events.email.SMTPCreated).toBeCalledTimes(1)
-          await config.deleteConfig(Config.SMTP)
+          await config.deleteConfig(ConfigType.SMTP)
         })
       })
 
@@ -194,24 +202,15 @@ describe("configs", () => {
           await saveSMTPConfig(smtpConf.config, smtpConf._id, smtpConf._rev)
           expect(events.email.SMTPCreated).not.toBeCalled()
           expect(events.email.SMTPUpdated).toBeCalledTimes(1)
-          await config.deleteConfig(Config.SMTP)
+          await config.deleteConfig(ConfigType.SMTP)
         })
       })
     })
 
     describe("settings", () => {
-      const saveSettingsConfig = async (
-        conf?: any,
-        _id?: string,
-        _rev?: string
-      ) => {
-        const settingsConfig = structures.configs.settings(conf)
-        return saveConfig(settingsConfig, _id, _rev)
-      }
-
       describe("create", () => {
         it("should create settings config with default settings", async () => {
-          await config.deleteConfig(Config.SETTINGS)
+          await config.deleteConfig(ConfigType.SETTINGS)
 
           await saveSettingsConfig()
 
@@ -222,7 +221,7 @@ describe("configs", () => {
 
         it("should create settings config with non-default settings", async () => {
           config.selfHosted()
-          await config.deleteConfig(Config.SETTINGS)
+          await config.deleteConfig(ConfigType.SETTINGS)
           const conf = {
             company: "acme",
             logoUrl: "http://example.com",
@@ -241,7 +240,7 @@ describe("configs", () => {
       describe("update", () => {
         it("should update settings config", async () => {
           config.selfHosted()
-          await config.deleteConfig(Config.SETTINGS)
+          await config.deleteConfig(ConfigType.SETTINGS)
           const settingsConfig = await saveSettingsConfig()
           settingsConfig.config.company = "acme"
           settingsConfig.config.logoUrl = "http://example.com"
@@ -262,14 +261,43 @@ describe("configs", () => {
     })
   })
 
-  it("should return the correct checklist status based on the state of the budibase installation", async () => {
-    await config.saveSmtpConfig()
+  describe("GET /api/global/configs/checklist", () => {
+    it("should return the correct checklist", async () => {
+      await config.saveSmtpConfig()
 
-    const res = await config.api.configs.getConfigChecklist()
-    const checklist = res.body
+      const res = await config.api.configs.getConfigChecklist()
+      const checklist = res.body
 
-    expect(checklist.apps.checked).toBeFalsy()
-    expect(checklist.smtp.checked).toBeTruthy()
-    expect(checklist.adminUser.checked).toBeTruthy()
+      expect(checklist.apps.checked).toBeFalsy()
+      expect(checklist.smtp.checked).toBeTruthy()
+      expect(checklist.adminUser.checked).toBeTruthy()
+    })
+  })
+
+  describe("GET /api/global/configs/public", () => {
+    it("should return the expected public settings", async () => {
+      await saveSettingsConfig()
+
+      const res = await config.api.configs.getPublicSettings()
+      const body = res.body as GetPublicSettingsResponse
+
+      const expected = {
+        _id: "config_settings",
+        type: "settings",
+        config: {
+          company: "Budibase",
+          logoUrl: "",
+          analyticsEnabled: false,
+          google: true,
+          googleCallbackUrl: `http://localhost:10000/api/global/auth/${config.tenantId}/google/callback`,
+          isSSOEnforced: false,
+          oidc: false,
+          oidcCallbackUrl: `http://localhost:10000/api/global/auth/${config.tenantId}/oidc/callback`,
+          platformUrl: "http://localhost:10000",
+        },
+      }
+      delete body._rev
+      expect(body).toEqual(expected)
+    })
   })
 })
diff --git a/packages/worker/src/api/routes/global/tests/realEmail.spec.ts b/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
index 1c180be75d..8ad7363c85 100644
--- a/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
@@ -1,3 +1,4 @@
+jest.unmock("node-fetch")
 import { TestConfiguration } from "../../../../tests"
 import { EmailTemplatePurpose } from "../../../../constants"
 const nodemailer = require("nodemailer")
diff --git a/packages/worker/src/api/routes/global/tests/self.spec.ts b/packages/worker/src/api/routes/global/tests/self.spec.ts
index 74d24c7c31..f3959c7521 100644
--- a/packages/worker/src/api/routes/global/tests/self.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/self.spec.ts
@@ -18,30 +18,26 @@ describe("/api/global/self", () => {
   })
 
   describe("update", () => {
-    it("should update self", async () => {
+    it("should reject updates with forbidden keys", async () => {
       const user = await config.createUser()
       await config.createSession(user)
-
       delete user.password
-      const res = await config.api.self.updateSelf(user)
 
-      const dbUser = await config.getUser(user.email)
-      user._rev = dbUser._rev
-      user.dayPassRecordedAt = mocks.date.MOCK_DATE.toISOString()
-      expect(res.body._id).toBe(user._id)
-      expect(events.user.updated).toBeCalledTimes(1)
-      expect(events.user.updated).toBeCalledWith(dbUser)
-      expect(events.user.passwordUpdated).not.toBeCalled()
+      await config.api.self.updateSelf(user, user).expect(400)
     })
 
     it("should update password", async () => {
       const user = await config.createUser()
       await config.createSession(user)
 
-      user.password = "newPassword"
-      const res = await config.api.self.updateSelf(user)
+      const res = await config.api.self
+        .updateSelf(user, {
+          password: "newPassword",
+        })
+        .expect(200)
 
       const dbUser = await config.getUser(user.email)
+
       user._rev = dbUser._rev
       user.dayPassRecordedAt = mocks.date.MOCK_DATE.toISOString()
       expect(res.body._id).toBe(user._id)
@@ -51,4 +47,22 @@ describe("/api/global/self", () => {
       expect(events.user.passwordUpdated).toBeCalledWith(dbUser)
     })
   })
+
+  it("should update onboarding", async () => {
+    const user = await config.createUser()
+    await config.createSession(user)
+
+    const res = await config.api.self
+      .updateSelf(user, {
+        onboardedAt: "2023-03-07T14:10:54.869Z",
+      })
+      .expect(200)
+
+    const dbUser = await config.getUser(user.email)
+
+    user._rev = dbUser._rev
+    user.dayPassRecordedAt = mocks.date.MOCK_DATE.toISOString()
+    expect(dbUser.onboardedAt).toBe("2023-03-07T14:10:54.869Z")
+    expect(res.body._id).toBe(user._id)
+  })
 })
diff --git a/packages/worker/src/api/routes/global/tests/users.spec.ts b/packages/worker/src/api/routes/global/tests/users.spec.ts
index 31ef1d9b0c..d1afa0191e 100644
--- a/packages/worker/src/api/routes/global/tests/users.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/users.spec.ts
@@ -4,6 +4,7 @@ jest.mock("nodemailer")
 import { TestConfiguration, mocks, structures } from "../../../../tests"
 const sendMailMock = mocks.email.mock()
 import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
+import * as userSdk from "../../../../sdk/users"
 
 const accounts = jest.mocked(_accounts)
 
@@ -30,7 +31,11 @@ describe("/api/global/users", () => {
         email
       )
 
-      expect(res.body).toEqual({ message: "Invitation has been sent." })
+      expect(res.body?.message).toBe("Invitation has been sent.")
+      expect(res.body?.unsuccessful.length).toBe(0)
+      expect(res.body?.successful.length).toBe(1)
+      expect(res.body?.successful[0].email).toBe(email)
+
       expect(sendMailMock).toHaveBeenCalled()
       expect(code).toBeDefined()
       expect(events.user.invited).toBeCalledTimes(1)
@@ -464,6 +469,20 @@ describe("/api/global/users", () => {
         config.authHeaders(nonAdmin)
       )
     })
+
+    describe("sso users", () => {
+      function createSSOUser() {
+        return config.doInTenant(() => {
+          const user = structures.users.ssoUser()
+          return userSdk.save(user, { requirePassword: false })
+        })
+      }
+
+      it("should be able to update an sso user that has no password", async () => {
+        const user = await createSSOUser()
+        await config.api.users.saveUser(user)
+      })
+    })
   })
 
   describe("POST /api/global/users/bulk (delete)", () => {
diff --git a/packages/worker/src/api/routes/global/users.ts b/packages/worker/src/api/routes/global/users.ts
index a73462b235..47e76c17be 100644
--- a/packages/worker/src/api/routes/global/users.ts
+++ b/packages/worker/src/api/routes/global/users.ts
@@ -38,13 +38,6 @@ function buildInviteMultipleValidation() {
   ))
 }
 
-function buildInviteLookupValidation() {
-  // prettier-ignore
-  return auth.joiValidator.params(Joi.object({
-    code: Joi.string().required()
-  }).unknown(true))
-}
-
 const createUserAdminOnly = (ctx: any, next: any) => {
   if (!ctx.request.body._id) {
     return auth.adminOnly(ctx, next)
@@ -57,8 +50,8 @@ function buildInviteAcceptValidation() {
   // prettier-ignore
   return auth.joiValidator.body(Joi.object({
     inviteCode: Joi.string().required(),
-    password: Joi.string().required(),
-    firstName: Joi.string().required(),
+    password: Joi.string().optional(),
+    firstName: Joi.string().optional(),
     lastName: Joi.string().optional(),
   }).required().unknown(true))
 }
@@ -88,22 +81,34 @@ router
   .get("/api/global/roles/:appId")
   .post(
     "/api/global/users/invite",
-    auth.adminOnly,
+    auth.builderOrAdmin,
     buildInviteValidation(),
     controller.invite
   )
+  .post(
+    "/api/global/users/onboard",
+    auth.builderOrAdmin,
+    buildInviteMultipleValidation(),
+    controller.onboardUsers
+  )
   .post(
     "/api/global/users/multi/invite",
-    auth.adminOnly,
+    auth.builderOrAdmin,
     buildInviteMultipleValidation(),
     controller.inviteMultiple
   )
 
   // non-global endpoints
+  .get("/api/global/users/invite/:code", controller.checkInvite)
+  .post(
+    "/api/global/users/invite/update/:code",
+    auth.builderOrAdmin,
+    controller.updateInvite
+  )
   .get(
-    "/api/global/users/invite/:code",
-    buildInviteLookupValidation(),
-    controller.checkInvite
+    "/api/global/users/invites",
+    auth.builderOrAdmin,
+    controller.getUserInvites
   )
   .post(
     "/api/global/users/invite/accept",
@@ -123,7 +128,7 @@ router
   .get("/api/global/users/self", selfController.getSelf)
   .post(
     "/api/global/users/self",
-    users.buildUserSaveValidation(true),
+    users.buildUserSaveValidation(),
     selfController.updateSelf
   )
 
diff --git a/packages/worker/src/api/routes/index.ts b/packages/worker/src/api/routes/index.ts
index 3aa9422238..c64ad44423 100644
--- a/packages/worker/src/api/routes/index.ts
+++ b/packages/worker/src/api/routes/index.ts
@@ -18,6 +18,8 @@ import accountRoutes from "./system/accounts"
 import restoreRoutes from "./system/restore"
 
 let userGroupRoutes = api.groups
+let auditLogRoutes = api.auditLogs
+
 export const routes: Router[] = [
   configRoutes,
   userRoutes,
@@ -32,6 +34,7 @@ export const routes: Router[] = [
   selfRoutes,
   licenseRoutes,
   userGroupRoutes,
+  auditLogRoutes,
   migrationRoutes,
   accountRoutes,
   restoreRoutes,
diff --git a/packages/worker/src/api/routes/validation/users.ts b/packages/worker/src/api/routes/validation/users.ts
index 35f293ce87..30a3d67434 100644
--- a/packages/worker/src/api/routes/validation/users.ts
+++ b/packages/worker/src/api/routes/validation/users.ts
@@ -17,13 +17,22 @@ let schema: any = {
   roles: Joi.object().pattern(/.*/, Joi.string()).required().unknown(true),
 }
 
-export const buildUserSaveValidation = (isSelf = false) => {
-  if (!isSelf) {
-    schema = {
-      ...schema,
-      _id: Joi.string(),
-      _rev: Joi.string(),
-    }
+export const buildSelfSaveValidation = () => {
+  schema = {
+    password: Joi.string().optional(),
+    forceResetPassword: Joi.boolean().optional(),
+    firstName: Joi.string().allow("").optional(),
+    lastName: Joi.string().allow("").optional(),
+    onboardedAt: Joi.string().optional(),
+  }
+  return auth.joiValidator.body(Joi.object(schema).required().unknown(false))
+}
+
+export const buildUserSaveValidation = () => {
+  schema = {
+    ...schema,
+    _id: Joi.string(),
+    _rev: Joi.string(),
   }
   return auth.joiValidator.body(Joi.object(schema).required().unknown(true))
 }
diff --git a/packages/worker/src/db/index.ts b/packages/worker/src/db/index.ts
index d74d00d910..157c2f4fb3 100644
--- a/packages/worker/src/db/index.ts
+++ b/packages/worker/src/db/index.ts
@@ -1,10 +1,16 @@
 import * as core from "@budibase/backend-core"
 import env from "../environment"
 
-export const init = () => {
-  const dbConfig: any = {}
+export function init() {
+  const dbConfig: any = {
+    replication: true,
+    find: true,
+  }
+
   if (env.isTest() && !env.COUCH_DB_URL) {
     dbConfig.inMemory = true
+    dbConfig.allDbs = true
   }
+
   core.init({ db: dbConfig })
 }
diff --git a/packages/worker/src/environment.ts b/packages/worker/src/environment.ts
index 71fd89f276..3b5960f6f5 100644
--- a/packages/worker/src/environment.ts
+++ b/packages/worker/src/environment.ts
@@ -26,8 +26,6 @@ function parseIntSafe(number: any) {
   }
 }
 
-const selfHosted = !!parseInt(process.env.SELF_HOSTED || "")
-
 const environment = {
   // auth
   MINIO_ACCESS_KEY: process.env.MINIO_ACCESS_KEY,
@@ -51,7 +49,7 @@ const environment = {
   CLUSTER_PORT: process.env.CLUSTER_PORT,
   // flags
   NODE_ENV: process.env.NODE_ENV,
-  SELF_HOSTED: selfHosted,
+  SELF_HOSTED: !!parseInt(process.env.SELF_HOSTED || ""),
   LOG_LEVEL: process.env.LOG_LEVEL,
   MULTI_TENANCY: process.env.MULTI_TENANCY,
   DISABLE_ACCOUNT_PORTAL: process.env.DISABLE_ACCOUNT_PORTAL,
@@ -71,14 +69,15 @@ const environment = {
    * Mock the email service in use - links to ethereal hosted emails are logged instead.
    */
   ENABLE_EMAIL_TEST_MODE: process.env.ENABLE_EMAIL_TEST_MODE,
-  /**
-   * Enable to allow an admin user to login using a password.
-   * This can be useful to prevent lockout when configuring SSO.
-   * However, this should be turned OFF by default for security purposes.
-   */
-  ENABLE_SSO_MAINTENANCE_MODE: selfHosted
-    ? process.env.ENABLE_SSO_MAINTENANCE_MODE
-    : false,
+  PASSPORT_GOOGLEAUTH_SUCCESS_REDIRECT:
+    process.env.PASSPORT_GOOGLEAUTH_SUCCESS_REDIRECT || "/",
+  PASSPORT_GOOGLEAUTH_FAILURE_REDIRECT:
+    process.env.PASSPORT_GOOGLEAUTH_FAILURE_REDIRECT || "/error",
+  PASSPORT_OIDCAUTH_SUCCESS_REDIRECT:
+    process.env.PASSPORT_OIDCAUTH_SUCCESS_REDIRECT || "/",
+  PASSPORT_OIDCAUTH_FAILURE_REDIRECT:
+    process.env.PASSPORT_OIDCAUTH_FAILURE_REDIRECT || "/error",
+
   _set(key: any, value: any) {
     process.env[key] = value
     // @ts-ignore
diff --git a/packages/worker/src/index.ts b/packages/worker/src/index.ts
index 1e3ff3cbdf..04413e8429 100644
--- a/packages/worker/src/index.ts
+++ b/packages/worker/src/index.ts
@@ -13,7 +13,15 @@ import { Event } from "@sentry/types/dist/event"
 import Application from "koa"
 import { bootstrap } from "global-agent"
 import * as db from "./db"
-import { auth, logging, events, middleware } from "@budibase/backend-core"
+import { sdk as proSdk } from "@budibase/pro"
+import {
+  auth,
+  logging,
+  events,
+  middleware,
+  queue,
+  env as coreEnv,
+} from "@budibase/backend-core"
 db.init()
 import Koa from "koa"
 import koaBody from "koa-body"
@@ -23,9 +31,15 @@ import * as redis from "./utilities/redis"
 const Sentry = require("@sentry/node")
 const koaSession = require("koa-session")
 const logger = require("koa-pino-logger")
+const { userAgent } = require("koa-useragent")
+
 import destroyable from "server-destroy"
 
-if (env.ENABLE_SSO_MAINTENANCE_MODE) {
+// configure events to use the pro audit log write
+// can't integrate directly into backend-core due to cyclic issues
+events.processors.init(proSdk.auditLogs.write)
+
+if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE) {
   console.warn(
     "Warning: ENABLE_SSO_MAINTENANCE_MODE is set. It is recommended this flag is disabled if maintenance is not in progress"
   )
@@ -43,6 +57,7 @@ app.use(koaBody({ multipart: true }))
 app.use(koaSession(app))
 app.use(middleware.logging)
 app.use(logger(logging.pinoSettings()))
+app.use(userAgent)
 
 // authentication
 app.use(auth.passport.initialize())
@@ -78,6 +93,7 @@ server.on("close", async () => {
   console.log("Server Closed")
   await redis.shutdown()
   await events.shutdown()
+  await queue.shutdown()
   if (!env.isTest()) {
     process.exit(errCode)
   }
diff --git a/packages/worker/src/sdk/auth/auth.ts b/packages/worker/src/sdk/auth/auth.ts
index 15a4f3c7e7..98830c576d 100644
--- a/packages/worker/src/sdk/auth/auth.ts
+++ b/packages/worker/src/sdk/auth/auth.ts
@@ -58,8 +58,8 @@ export const reset = async (email: string) => {
   }
 
   // exit if user has sso
-  if (await userSdk.isPreventSSOPasswords(user)) {
-    throw new HTTPError("SSO user cannot reset password", 400)
+  if (await userSdk.isPreventPasswordActions(user)) {
+    return
   }
 
   // send password reset
diff --git a/packages/worker/src/sdk/users/tests/users.spec.ts b/packages/worker/src/sdk/users/tests/users.spec.ts
index 41d9298997..77f02eec7a 100644
--- a/packages/worker/src/sdk/users/tests/users.spec.ts
+++ b/packages/worker/src/sdk/users/tests/users.spec.ts
@@ -1,26 +1,50 @@
 import { structures } from "../../../tests"
-import * as users from "../users"
-import env from "../../../environment"
 import { mocks } from "@budibase/backend-core/tests"
+import { env } from "@budibase/backend-core"
+import * as users from "../users"
 import { CloudAccount } from "@budibase/types"
+import { isPreventPasswordActions } from "../users"
+
+jest.mock("@budibase/pro")
+import * as _pro from "@budibase/pro"
+const pro = jest.mocked(_pro, true)
 
 describe("users", () => {
-  describe("isPreventSSOPasswords", () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
+  describe("isPreventPasswordActions", () => {
+    it("returns false for non sso user", async () => {
+      const user = structures.users.user()
+      const result = await users.isPreventPasswordActions(user)
+      expect(result).toBe(false)
+    })
+
     it("returns true for sso account user", async () => {
       const user = structures.users.user()
       mocks.accounts.getAccount.mockReturnValue(
         Promise.resolve(structures.accounts.ssoAccount() as CloudAccount)
       )
-      const result = await users.isPreventSSOPasswords(user)
+      const result = await users.isPreventPasswordActions(user)
       expect(result).toBe(true)
     })
 
     it("returns true for sso user", async () => {
       const user = structures.users.ssoUser()
-      const result = await users.isPreventSSOPasswords(user)
+      const result = await users.isPreventPasswordActions(user)
       expect(result).toBe(true)
     })
 
+    describe("enforced sso", () => {
+      it("returns true for all users when sso is enforced", async () => {
+        const user = structures.users.user()
+        pro.features.isSSOEnforced.mockReturnValue(Promise.resolve(true))
+        const result = await users.isPreventPasswordActions(user)
+        expect(result).toBe(true)
+      })
+    })
+
     describe("sso maintenance mode", () => {
       beforeEach(() => {
         env._set("ENABLE_SSO_MAINTENANCE_MODE", true)
@@ -33,7 +57,7 @@ describe("users", () => {
       describe("non-admin user", () => {
         it("returns true", async () => {
           const user = structures.users.ssoUser()
-          const result = await users.isPreventSSOPasswords(user)
+          const result = await users.isPreventPasswordActions(user)
           expect(result).toBe(true)
         })
       })
@@ -43,7 +67,7 @@ describe("users", () => {
           const user = structures.users.ssoUser({
             user: structures.users.adminUser(),
           })
-          const result = await users.isPreventSSOPasswords(user)
+          const result = await users.isPreventPasswordActions(user)
           expect(result).toBe(false)
         })
       })
diff --git a/packages/worker/src/sdk/users/users.ts b/packages/worker/src/sdk/users/users.ts
index 7d4a2f04f0..135128d816 100644
--- a/packages/worker/src/sdk/users/users.ts
+++ b/packages/worker/src/sdk/users/users.ts
@@ -14,6 +14,7 @@ import {
   users as usersCore,
   utils,
   ViewName,
+  env as coreEnv,
 } from "@budibase/backend-core"
 import {
   AccountMetadata,
@@ -28,13 +29,12 @@ import {
   PlatformUserByEmail,
   RowResponse,
   SearchUsersRequest,
-  UpdateSelf,
   User,
   SaveUserOpts,
 } from "@budibase/types"
 import { sendEmail } from "../../utilities/email"
 import { EmailTemplatePurpose } from "../../constants"
-import { groups as groupsSdk } from "@budibase/pro"
+import * as pro from "@budibase/pro"
 import * as accountSdk from "../accounts"
 
 const PAGE_LIMIT = 8
@@ -56,11 +56,22 @@ export const countUsersByApp = async (appId: string) => {
   }
 }
 
+export const getUsersByAppAccess = async (appId?: string) => {
+  const opts: any = {
+    include_docs: true,
+    limit: 50,
+  }
+  let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
+    appId,
+    opts
+  )
+  return response
+}
+
 export const paginatedUsers = async ({
   page,
   email,
   appId,
-  userIds,
 }: SearchUsersRequest = {}) => {
   const db = tenancy.getGlobalDB()
   // get one extra document, to have the next page
@@ -120,15 +131,25 @@ const buildUser = async (
 ): Promise<User> => {
   let { password, _id } = user
 
+  // don't require a password if the db user doesn't already have one
+  if (dbUser && !dbUser.password) {
+    opts.requirePassword = false
+  }
+
   let hashedPassword
   if (password) {
-    if (await isPreventSSOPasswords(user)) {
-      throw new HTTPError("SSO user cannot set password", 400)
+    if (await isPreventPasswordActions(user)) {
+      throw new HTTPError("Password change is disabled for this user", 400)
     }
     hashedPassword = opts.hashPassword ? await utils.hash(password) : password
   } else if (dbUser) {
     hashedPassword = dbUser.password
-  } else if (opts.requirePassword) {
+  }
+
+  // passwords are never required if sso is enforced
+  const requirePasswords =
+    opts.requirePassword && !(await pro.features.isSSOEnforced())
+  if (!hashedPassword && requirePasswords) {
     throw "Password must be specified."
   }
 
@@ -188,13 +209,18 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
   }
 }
 
-export async function isPreventSSOPasswords(user: User) {
+export async function isPreventPasswordActions(user: User) {
   // when in maintenance mode we allow sso users with the admin role
   // to perform any password action - this prevents lockout
-  if (env.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
+  if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
     return false
   }
 
+  // SSO is enforced for all users
+  if (await pro.features.isSSOEnforced()) {
+    return true
+  }
+
   // Check local sso
   if (isSSOUser(user)) {
     return true
@@ -205,15 +231,6 @@ export async function isPreventSSOPasswords(user: User) {
   return !!(account && isSSOAccount(account))
 }
 
-export async function updateSelf(id: string, data: UpdateSelf) {
-  let user = await getUser(id)
-  user = {
-    ...user,
-    ...data,
-  }
-  return save(user)
-}
-
 export const save = async (
   user: User,
   opts: SaveUserOpts = {}
@@ -228,7 +245,7 @@ export const save = async (
   const tenantId = tenancy.getTenantId()
   const db = tenancy.getGlobalDB()
 
-  let { email, _id, userGroups = [] } = user
+  let { email, _id, userGroups = [], roles } = user
 
   if (!email && !_id) {
     throw new Error("_id or email is required")
@@ -270,6 +287,10 @@ export const save = async (
     builtUser.roles = dbUser.roles
   }
 
+  if (!dbUser && roles?.length) {
+    builtUser.roles = { ...roles }
+  }
+
   // make sure we set the _id field for a new user
   // Also if this is a new user, associate groups with them
   let groupPromises = []
@@ -278,7 +299,7 @@ export const save = async (
 
     if (userGroups.length > 0) {
       for (let groupId of userGroups) {
-        groupPromises.push(groupsSdk.addUsers(groupId, [_id]))
+        groupPromises.push(pro.groups.addUsers(groupId, [_id]))
       }
     }
   }
@@ -456,7 +477,7 @@ export const bulkCreate = async (
     const groupPromises = []
     const createdUserIds = saved.map(user => user._id)
     for (let groupId of groups) {
-      groupPromises.push(groupsSdk.addUsers(groupId, createdUserIds))
+      groupPromises.push(pro.groups.addUsers(groupId, createdUserIds))
     }
     await Promise.all(groupPromises)
   }
@@ -631,7 +652,7 @@ export const invite = async (
       }
       await sendEmail(user.email, EmailTemplatePurpose.INVITATION, opts)
       response.successful.push({ email: user.email })
-      await events.user.invited()
+      await events.user.invited(user.email)
     } catch (e) {
       console.error(`Failed to send email invitation email=${user.email}`, e)
       response.unsuccessful.push({
diff --git a/packages/worker/src/tests/api/auditLogs.ts b/packages/worker/src/tests/api/auditLogs.ts
new file mode 100644
index 0000000000..d7bc4d99fb
--- /dev/null
+++ b/packages/worker/src/tests/api/auditLogs.ts
@@ -0,0 +1,26 @@
+import { AuditLogSearchParams, SearchAuditLogsResponse } from "@budibase/types"
+import TestConfiguration from "../TestConfiguration"
+import { TestAPI } from "./base"
+
+export class AuditLogAPI extends TestAPI {
+  constructor(config: TestConfiguration) {
+    super(config)
+  }
+
+  search = async (search: AuditLogSearchParams) => {
+    const res = await this.request
+      .post("/api/global/auditlogs/search")
+      .send(search)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(200)
+    return res.body as SearchAuditLogsResponse
+  }
+
+  download = (search: AuditLogSearchParams) => {
+    const query = encodeURIComponent(JSON.stringify(search))
+    return this.request
+      .get(`/api/global/auditlogs/download?query=${query}`)
+      .set(this.config.defaultHeaders())
+  }
+}
diff --git a/packages/worker/src/tests/api/auth.ts b/packages/worker/src/tests/api/auth.ts
index bd0471ca74..552d4da505 100644
--- a/packages/worker/src/tests/api/auth.ts
+++ b/packages/worker/src/tests/api/auth.ts
@@ -61,11 +61,13 @@ export class AuthAPI extends TestAPI {
 
     let code: string | undefined
     if (res.status === 200) {
-      const emailCall = sendMailMock.mock.calls[0][0]
-      const parts = emailCall.html.split(
-        `http://localhost:10000/builder/auth/reset?code=`
-      )
-      code = parts[1].split('"')[0].split("&")[0]
+      if (sendMailMock.mock.calls.length) {
+        const emailCall = sendMailMock.mock.calls[0][0]
+        const parts = emailCall.html.split(
+          `http://localhost:10000/builder/auth/reset?code=`
+        )
+        code = parts[1].split('"')[0].split("&")[0]
+      }
     }
 
     return { code, res }
diff --git a/packages/worker/src/tests/api/configs.ts b/packages/worker/src/tests/api/configs.ts
index 76a6f31415..74cef2bf8b 100644
--- a/packages/worker/src/tests/api/configs.ts
+++ b/packages/worker/src/tests/api/configs.ts
@@ -14,6 +14,14 @@ export class ConfigAPI extends TestAPI {
       .expect("Content-Type", /json/)
   }
 
+  getPublicSettings = () => {
+    return this.request
+      .get(`/api/global/configs/public`)
+      .set(this.config.defaultHeaders())
+      .expect(200)
+      .expect("Content-Type", /json/)
+  }
+
   saveConfig = (data: any) => {
     return this.request
       .post(`/api/global/configs`)
diff --git a/packages/worker/src/tests/api/email.ts b/packages/worker/src/tests/api/email.ts
index ba7c7dbec0..fd3c622cfa 100644
--- a/packages/worker/src/tests/api/email.ts
+++ b/packages/worker/src/tests/api/email.ts
@@ -13,6 +13,7 @@ export class EmailAPI extends TestAPI {
         email: "test@test.com",
         purpose,
         tenantId: this.config.getTenantId(),
+        userId: this.config.user?._id!,
       })
       .set(this.config.defaultHeaders())
       .expect("Content-Type", /json/)
diff --git a/packages/worker/src/tests/api/index.ts b/packages/worker/src/tests/api/index.ts
index 0bd0308e2f..166996e792 100644
--- a/packages/worker/src/tests/api/index.ts
+++ b/packages/worker/src/tests/api/index.ts
@@ -14,6 +14,7 @@ import { GroupsAPI } from "./groups"
 import { RolesAPI } from "./roles"
 import { TemplatesAPI } from "./templates"
 import { LicenseAPI } from "./license"
+import { AuditLogAPI } from "./auditLogs"
 export default class API {
   accounts: AccountAPI
   auth: AuthAPI
@@ -30,6 +31,7 @@ export default class API {
   roles: RolesAPI
   templates: TemplatesAPI
   license: LicenseAPI
+  auditLogs: AuditLogAPI
 
   constructor(config: TestConfiguration) {
     this.accounts = new AccountAPI(config)
@@ -47,5 +49,6 @@ export default class API {
     this.roles = new RolesAPI(config)
     this.templates = new TemplatesAPI(config)
     this.license = new LicenseAPI(config)
+    this.auditLogs = new AuditLogAPI(config)
   }
 }
diff --git a/packages/worker/src/tests/api/self.ts b/packages/worker/src/tests/api/self.ts
index dcc6c1a98b..1c1492f37f 100644
--- a/packages/worker/src/tests/api/self.ts
+++ b/packages/worker/src/tests/api/self.ts
@@ -7,13 +7,12 @@ export class SelfAPI extends TestAPI {
     super(config)
   }
 
-  updateSelf = (user: User) => {
+  updateSelf = (user: User, update: any) => {
     return this.request
       .post(`/api/global/self`)
-      .send(user)
+      .send(update)
       .set(this.config.authHeaders(user))
       .expect("Content-Type", /json/)
-      .expect(200)
   }
 
   getSelf = (user: User) => {
diff --git a/packages/worker/src/tests/structures/configs.ts b/packages/worker/src/tests/structures/configs.ts
index 2c76f271c4..d50f5ebc72 100644
--- a/packages/worker/src/tests/structures/configs.ts
+++ b/packages/worker/src/tests/structures/configs.ts
@@ -1,9 +1,15 @@
-import { Config } from "../../constants"
 import { utils } from "@budibase/backend-core"
+import {
+  SettingsConfig,
+  ConfigType,
+  SMTPConfig,
+  GoogleConfig,
+  OIDCConfig,
+} from "@budibase/types"
 
-export function oidc(conf?: any) {
+export function oidc(conf?: any): OIDCConfig {
   return {
-    type: Config.OIDC,
+    type: ConfigType.OIDC,
     config: {
       configs: [
         {
@@ -21,9 +27,9 @@ export function oidc(conf?: any) {
   }
 }
 
-export function google(conf?: any) {
+export function google(conf?: any): GoogleConfig {
   return {
-    type: Config.GOOGLE,
+    type: ConfigType.GOOGLE,
     config: {
       clientID: "clientId",
       clientSecret: "clientSecret",
@@ -33,9 +39,9 @@ export function google(conf?: any) {
   }
 }
 
-export function smtp(conf?: any) {
+export function smtp(conf?: any): SMTPConfig {
   return {
-    type: Config.SMTP,
+    type: ConfigType.SMTP,
     config: {
       port: 12345,
       host: "smtptesthost.com",
@@ -47,25 +53,26 @@ export function smtp(conf?: any) {
   }
 }
 
-export function smtpEthereal() {
+export function smtpEthereal(): SMTPConfig {
   return {
-    type: Config.SMTP,
+    type: ConfigType.SMTP,
     config: {
       port: 587,
       host: "smtp.ethereal.email",
+      from: "testfrom@test.com",
       secure: false,
       auth: {
-        user: "don.bahringer@ethereal.email",
-        pass: "yCKSH8rWyUPbnhGYk9",
+        user: "wyatt.zulauf29@ethereal.email",
+        pass: "tEwDtHBWWxusVWAPfa",
       },
       connectionTimeout: 1000, // must be less than the jest default of 5000
     },
   }
 }
 
-export function settings(conf?: any) {
+export function settings(conf?: any): SettingsConfig {
   return {
-    type: Config.SETTINGS,
+    type: ConfigType.SETTINGS,
     config: {
       platformUrl: "http://localhost:10000",
       logoUrl: "",
diff --git a/packages/worker/src/utilities/email.ts b/packages/worker/src/utilities/email.ts
index 66e860edcb..4fd8a82161 100644
--- a/packages/worker/src/utilities/email.ts
+++ b/packages/worker/src/utilities/email.ts
@@ -1,11 +1,11 @@
 import env from "../environment"
-import { EmailTemplatePurpose, TemplateType, Config } from "../constants"
+import { EmailTemplatePurpose, TemplateType } from "../constants"
 import { getTemplateByPurpose } from "../constants/templates"
 import { getSettingsTemplateContext } from "./templates"
 import { processString } from "@budibase/string-templates"
 import { getResetPasswordCode, getInviteCode } from "./redis"
-import { User, Database } from "@budibase/types"
-import { tenancy, db as dbCore } from "@budibase/backend-core"
+import { User, SMTPInnerConfig } from "@budibase/types"
+import { configs } from "@budibase/backend-core"
 const nodemailer = require("nodemailer")
 
 type SendEmailOpts = {
@@ -36,24 +36,24 @@ const FULL_EMAIL_PURPOSES = [
   EmailTemplatePurpose.CUSTOM,
 ]
 
-function createSMTPTransport(config: any) {
+function createSMTPTransport(config?: SMTPInnerConfig) {
   let options: any
-  let secure = config.secure
+  let secure = config?.secure
   // default it if not specified
   if (secure == null) {
-    secure = config.port === 465
+    secure = config?.port === 465
   }
   if (!TEST_MODE) {
     options = {
-      port: config.port,
-      host: config.host,
+      port: config?.port,
+      host: config?.host,
       secure: secure,
-      auth: config.auth,
+      auth: config?.auth,
     }
     options.tls = {
       rejectUnauthorized: false,
     }
-    if (config.connectionTimeout) {
+    if (config?.connectionTimeout) {
       options.connectionTimeout = config.connectionTimeout
     }
   } else {
@@ -134,57 +134,16 @@ async function buildEmail(
   })
 }
 
-/**
- * Utility function for finding most valid SMTP configuration.
- * @param {object} db The CouchDB database which is to be looked up within.
- * @param {string|null} workspaceId If using finer grain control of configs a workspace can be used.
- * @param {boolean|null} automation Whether or not the configuration is being fetched for an email automation.
- * @return {Promise<object|null>} returns the SMTP configuration if it exists
- */
-async function getSmtpConfiguration(
-  db: Database,
-  workspaceId?: string,
-  automation?: boolean
-) {
-  const params: any = {
-    type: Config.SMTP,
-  }
-  if (workspaceId) {
-    params.workspace = workspaceId
-  }
-
-  const customConfig = await dbCore.getScopedConfig(db, params)
-
-  if (customConfig) {
-    return customConfig
-  }
-
-  // Use an SMTP fallback configuration from env variables
-  if (!automation && env.SMTP_FALLBACK_ENABLED) {
-    return {
-      port: env.SMTP_PORT,
-      host: env.SMTP_HOST,
-      secure: false,
-      from: env.SMTP_FROM_ADDRESS,
-      auth: {
-        user: env.SMTP_USER,
-        pass: env.SMTP_PASSWORD,
-      },
-    }
-  }
-}
-
 /**
  * Checks if a SMTP config exists based on passed in parameters.
  * @return {Promise<boolean>} returns true if there is a configuration that can be used.
  */
-export async function isEmailConfigured(workspaceId?: string) {
+export async function isEmailConfigured() {
   // when "testing" or smtp fallback is enabled simply return true
   if (TEST_MODE || env.SMTP_FALLBACK_ENABLED) {
     return true
   }
-  const db = tenancy.getGlobalDB()
-  const config = await getSmtpConfiguration(db, workspaceId)
+  const config = await configs.getSMTPConfig()
   return config != null
 }
 
@@ -202,22 +161,17 @@ export async function sendEmail(
   purpose: EmailTemplatePurpose,
   opts: SendEmailOpts
 ) {
-  const db = tenancy.getGlobalDB()
-  let config =
-    (await getSmtpConfiguration(db, opts?.workspaceId, opts?.automation)) || {}
-  if (Object.keys(config).length === 0 && !TEST_MODE) {
+  const config = await configs.getSMTPConfig(opts?.automation)
+  if (!config && !TEST_MODE) {
     throw "Unable to find SMTP configuration."
   }
   const transport = createSMTPTransport(config)
   // if there is a link code needed this will retrieve it
   const code = await getLinkCode(purpose, email, opts.user, opts?.info)
-  let context
-  if (code) {
-    context = await getSettingsTemplateContext(purpose, code)
-  }
+  let context = await getSettingsTemplateContext(purpose, code)
 
   let message: any = {
-    from: opts?.from || config.from,
+    from: opts?.from || config?.from,
     html: await buildEmail(purpose, email, context, {
       user: opts?.user,
       contents: opts?.contents,
@@ -231,9 +185,9 @@ export async function sendEmail(
     bcc: opts?.bcc,
   }
 
-  if (opts?.subject || config.subject) {
+  if (opts?.subject || config?.subject) {
     message.subject = await processString(
-      opts?.subject || config.subject,
+      (opts?.subject || config?.subject) as string,
       context
     )
   }
@@ -249,7 +203,7 @@ export async function sendEmail(
  * @param {object} config an SMTP configuration - this is based on the nodemailer API.
  * @return {Promise<boolean>} returns true if the configuration is valid.
  */
-export async function verifyConfig(config: any) {
+export async function verifyConfig(config: SMTPInnerConfig) {
   const transport = createSMTPTransport(config)
   await transport.verify()
 }
diff --git a/packages/worker/src/utilities/redis.ts b/packages/worker/src/utilities/redis.ts
index 9171fe97ee..d77e44cd9f 100644
--- a/packages/worker/src/utilities/redis.ts
+++ b/packages/worker/src/utilities/redis.ts
@@ -1,4 +1,5 @@
-import { redis, utils } from "@budibase/backend-core"
+import { redis, utils, tenancy } from "@budibase/backend-core"
+import env from "../environment"
 
 function getExpirySecondsForDB(db: string) {
   switch (db) {
@@ -7,7 +8,7 @@ function getExpirySecondsForDB(db: string) {
       return 3600
     case redis.utils.Databases.INVITATIONS:
       // a day
-      return 86400
+      return 604800
   }
 }
 
@@ -29,11 +30,25 @@ async function writeACode(db: string, value: any) {
   return code
 }
 
+async function updateACode(db: string, code: string, value: any) {
+  const client = await getClient(db)
+  await client.store(code, value, getExpirySecondsForDB(db))
+}
+
+/**
+ * Given an invite code and invite body, allow the update an existing/valid invite in redis
+ * @param {string} inviteCode The invite code for an invite in redis
+ * @param {object} value The body of the updated user invitation
+ */
+export async function updateInviteCode(inviteCode: string, value: string) {
+  await updateACode(redis.utils.Databases.INVITATIONS, inviteCode, value)
+}
+
 async function getACode(db: string, code: string, deleteCode = true) {
   const client = await getClient(db)
   const value = await client.get(code)
   if (!value) {
-    throw "Invalid code."
+    throw new Error("Invalid code.")
   }
   if (deleteCode) {
     await client.delete(code)
@@ -113,3 +128,23 @@ export async function checkInviteCode(
     throw "Invitation is not valid or has expired, please request a new one."
   }
 }
+
+/** 
+  Get all currently available user invitations for the current tenant.
+**/
+export async function getInviteCodes() {
+  const client = await getClient(redis.utils.Databases.INVITATIONS)
+  const invites: any[] = await client.scan()
+
+  const results = invites.map(invite => {
+    return {
+      ...invite.value,
+      code: invite.key,
+    }
+  })
+  if (!env.MULTI_TENANCY) {
+    return results
+  }
+  const tenantId = tenancy.getTenantId()
+  return results.filter(invite => tenantId === invite.info.tenantId)
+}
diff --git a/packages/worker/src/utilities/templates.ts b/packages/worker/src/utilities/templates.ts
index ede95dbe4a..1597325c7c 100644
--- a/packages/worker/src/utilities/templates.ts
+++ b/packages/worker/src/utilities/templates.ts
@@ -1,6 +1,5 @@
-import { db as dbCore, tenancy } from "@budibase/backend-core"
+import { tenancy, configs } from "@budibase/backend-core"
 import {
-  Config,
   InternalTemplateBinding,
   LOGO_URL,
   EmailTemplatePurpose,
@@ -10,20 +9,16 @@ const BASE_COMPANY = "Budibase"
 
 export async function getSettingsTemplateContext(
   purpose: EmailTemplatePurpose,
-  code?: string
+  code?: string | null
 ) {
-  const db = tenancy.getGlobalDB()
-  // TODO: use more granular settings in the future if required
-  let settings =
-    (await dbCore.getScopedConfig(db, { type: Config.SETTINGS })) || {}
+  let settings = await configs.getSettingsConfig()
   const URL = settings.platformUrl
   const context: any = {
     [InternalTemplateBinding.LOGO_URL]:
       checkSlashesInUrl(`${URL}/${settings.logoUrl}`) || LOGO_URL,
     [InternalTemplateBinding.PLATFORM_URL]: URL,
     [InternalTemplateBinding.COMPANY]: settings.company || BASE_COMPANY,
-    [InternalTemplateBinding.DOCS_URL]:
-      settings.docsUrl || "https://docs.budibase.com/",
+    [InternalTemplateBinding.DOCS_URL]: "https://docs.budibase.com/",
     [InternalTemplateBinding.LOGIN_URL]: checkSlashesInUrl(
       tenancy.addTenantToUrl(`${URL}/login`)
     ),
diff --git a/packages/worker/yarn.lock b/packages/worker/yarn.lock
index 99f46ba5fb..1ac712b1d0 100644
--- a/packages/worker/yarn.lock
+++ b/packages/worker/yarn.lock
@@ -475,14 +475,14 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.18-alpha.12.tgz#ad1b16be64b78b596af2b5f75647c32e8f6f101a"
-  integrity sha512-E1NEO+/sNkkRqn/xk9XQmFBO9/dl27w9EB0QGztti/16JV9NgxyDQCJIdGwlD08s1y/lUwOKk0TkSZJs+CTYDw==
+"@budibase/backend-core@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.4.12-alpha.0.tgz#4ca56bd24a9ff8a744436dd8754a98e1cb314a99"
+  integrity sha512-GCZwU/vO4itHxbtdDug8LseBU6S3EMHfB2BjvAIqfR3rGtA6n8i8fWJKBxuJY4b3IWbGynGZLYM/y4oRHVY1HA==
   dependencies:
-    "@budibase/nano" "10.1.1"
+    "@budibase/nano" "10.1.2"
     "@budibase/pouchdb-replication-stream" "1.2.10"
-    "@budibase/types" "2.3.18-alpha.12"
+    "@budibase/types" "2.4.12-alpha.0"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-cloudfront-sign "2.2.0"
@@ -514,10 +514,35 @@
     uuid "8.3.2"
     zlib "1.0.5"
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/handlebars-helpers@^0.11.8":
+  version "0.11.8"
+  resolved "https://registry.yarnpkg.com/@budibase/handlebars-helpers/-/handlebars-helpers-0.11.8.tgz#6953d29673a8c5c407e096c0a84890465c7ce841"
+  integrity sha512-ggWJUt0GqsHFAEup5tlWlcrmYML57nKhpNGGLzVsqXVYN8eVmf3xluYmmMe7fDYhQH0leSprrdEXmsdFQF3HAQ==
+  dependencies:
+    array-sort "^1.0.0"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    for-in "^1.0.2"
+    get-object "^0.2.0"
+    get-value "^3.0.1"
+    handlebars "^4.7.7"
+    handlebars-utils "^1.0.6"
+    has-value "^2.0.2"
+    helper-md "^0.2.2"
+    html-tag "^2.0.0"
+    is-even "^1.0.0"
+    is-glob "^4.0.1"
+    kind-of "^6.0.3"
+    micromatch "^3.1.5"
+    relative "^3.0.2"
+    striptags "^3.1.1"
+    to-gfm-code-block "^0.1.1"
+    year "^0.2.1"
+
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
@@ -539,24 +564,38 @@
     pouchdb-promise "^6.0.4"
     through2 "^2.0.0"
 
-"@budibase/pro@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.18-alpha.12.tgz#be552b3a9f5850e746081540d6586aae69147bec"
-  integrity sha512-M3b0njzSi47KH6uaQfYPoA2KWrjPiwcU3ONyaVWXHIktVrIKtYaFwOLBr/dmWGfMrL2297SSqg7V4DTaLyAhnw==
+"@budibase/pro@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.4.12-alpha.0.tgz#27f0b52b19eb50bab5337ae04791a36b0e7d44b9"
+  integrity sha512-sXYKrR25CGDQj4+3SIXhPM0z7kDyLQwclHMag+5OewT9wHqKS6nKFLy3k+4eYDnus99t4MBv6EDXVnhb/gEjBQ==
   dependencies:
-    "@budibase/backend-core" "2.3.18-alpha.12"
-    "@budibase/types" "2.3.18-alpha.12"
+    "@budibase/backend-core" "2.4.12-alpha.0"
+    "@budibase/string-templates" "2.3.20"
+    "@budibase/types" "2.4.12-alpha.0"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
     jsonwebtoken "8.5.1"
     lru-cache "^7.14.1"
+    memorystream "^0.3.1"
     node-fetch "^2.6.1"
 
-"@budibase/types@2.3.18-alpha.12":
-  version "2.3.18-alpha.12"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.18-alpha.12.tgz#a63eb978ccc7e55c209b3e9d71f9aecf7facc0d1"
-  integrity sha512-27o2BmI/HXIR3frZ8FtqHgAe1hd8jPIzgPaEhKrQiYJ/opUVccqupx9ld75Hyk9E6cdXu0UF0/+LxPpUmMugag==
+"@budibase/string-templates@2.3.20":
+  version "2.3.20"
+  resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-2.3.20.tgz#35f74b6f515e8127cc375ee0a4679b0a7c117588"
+  integrity sha512-wMKau3IzVF6M+dRu99aKV1yMdrrK5lghVm9qYtR1B163SMbHEwC8JmZFGPLIi1XsG0T+vw+xfcemfJ2zcATWwg==
+  dependencies:
+    "@budibase/handlebars-helpers" "^0.11.8"
+    dayjs "^1.10.4"
+    handlebars "^4.7.6"
+    handlebars-utils "^1.0.6"
+    lodash "^4.17.20"
+    vm2 "^3.9.4"
+
+"@budibase/types@2.4.12-alpha.0":
+  version "2.4.12-alpha.0"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.4.12-alpha.0.tgz#f46f4d5db05db0c98aca6bd572c2be0d27ec1961"
+  integrity sha512-NziMSJMDA070h/wfb/cTv8ZYHaUyLwEHqDXfMqy/XxGMruR+5u6uxRxvSAhg2EwNjmyRGhuBTUUsA/m5Wghj8g==
 
 "@cspotcode/source-map-support@^0.8.0":
   version "0.8.1"
@@ -1930,7 +1969,7 @@ acorn-jsx@^5.2.0:
   resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937"
   integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==
 
-acorn-walk@^8.1.1:
+acorn-walk@^8.1.1, acorn-walk@^8.2.0:
   version "8.2.0"
   resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1"
   integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==
@@ -1950,6 +1989,11 @@ acorn@^8.4.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30"
   integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==
 
+acorn@^8.7.0:
+  version "8.8.2"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
+  integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
+
 after-all-results@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/after-all-results/-/after-all-results-2.0.0.tgz#6ac2fc202b500f88da8f4f5530cfa100f4c6a2d0"
@@ -2060,7 +2104,7 @@ arg@^4.1.0:
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
   integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
 
-argparse@^1.0.7:
+argparse@^1.0.10, argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
   integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
@@ -2082,11 +2126,40 @@ argsarray@0.0.1:
   resolved "https://registry.yarnpkg.com/argsarray/-/argsarray-0.0.1.tgz#6e7207b4ecdb39b0af88303fa5ae22bda8df61cb"
   integrity sha512-u96dg2GcAKtpTrBdDoFIM7PjcBA+6rSP0OR94MOReNRyUECL6MtQt5XXmRr4qrftYaef9+l5hcpO5te7sML1Cg==
 
+arr-diff@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
+  integrity sha512-YVIQ82gZPGBebQV/a8dar4AitzCQs0jjXwMPZllpXMaGjXPYVUawSxQrRsjhjupyVxEvbHgUmIhKVlND+j02kA==
+
+arr-flatten@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1"
+  integrity sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==
+
+arr-union@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
+  integrity sha512-sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q==
+
+array-sort@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/array-sort/-/array-sort-1.0.0.tgz#e4c05356453f56f53512a7d1d6123f2c54c0a88a"
+  integrity sha512-ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg==
+  dependencies:
+    default-compare "^1.0.0"
+    get-value "^2.0.6"
+    kind-of "^5.0.2"
+
 array-union@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d"
   integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==
 
+array-unique@^0.3.2:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"
+  integrity sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ==
+
 asap@^2.0.0:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46"
@@ -2104,6 +2177,11 @@ assert-plus@1.0.0, assert-plus@^1.0.0:
   resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
   integrity sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==
 
+assign-symbols@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
+  integrity sha512-Q+JC7Whu8HhmTdBph/Tq59IoRtoy6KAm5zzPv00WdujX82lbAL8K7WVjne7vdCsAmbF4AYaDOPyO3k0kl8qIrw==
+
 ast-types@0.9.6:
   version "0.9.6"
   resolved "https://registry.yarnpkg.com/ast-types/-/ast-types-0.9.6.tgz#102c9e9e9005d3e7e3829bf0c4fa24ee862ee9b9"
@@ -2138,11 +2216,23 @@ asynckit@^0.4.0:
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
+atob@^2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
+  integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==
+
 atomic-sleep@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/atomic-sleep/-/atomic-sleep-1.0.0.tgz#eb85b77a601fc932cfe432c5acd364a9e2c9075b"
   integrity sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==
 
+autolinker@~0.28.0:
+  version "0.28.1"
+  resolved "https://registry.yarnpkg.com/autolinker/-/autolinker-0.28.1.tgz#0652b491881879f0775dace0cdca3233942a4e47"
+  integrity sha512-zQAFO1Dlsn69eXaO6+7YZc+v84aquQKbwpzCE3L0stj56ERn9hutFxPopViLjo9G+rWwjozRhgS5KJ25Xy19cQ==
+  dependencies:
+    gulp-header "^1.7.1"
+
 aws-cloudfront-sign@2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/aws-cloudfront-sign/-/aws-cloudfront-sign-2.2.0.tgz#3910f5a6d0d90fec07f2b4ef8ab07f3eefb5625d"
@@ -2279,6 +2369,19 @@ base64url@3.x.x, base64url@^3.0.1:
   resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
   integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
 
+base@^0.11.1:
+  version "0.11.2"
+  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
+  integrity sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==
+  dependencies:
+    cache-base "^1.0.1"
+    class-utils "^0.3.5"
+    component-emitter "^1.2.1"
+    define-property "^1.0.0"
+    isobject "^3.0.1"
+    mixin-deep "^1.2.0"
+    pascalcase "^0.1.1"
+
 basic-auth@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.1.tgz#b998279bf47ce38344b4f3cf916d4679bbf51e3a"
@@ -2357,6 +2460,22 @@ brace-expansion@^1.1.7:
     balanced-match "^1.0.0"
     concat-map "0.0.1"
 
+braces@^2.3.1:
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-2.3.2.tgz#5979fd3f14cd531565e5fa2df1abfff1dfaee729"
+  integrity sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==
+  dependencies:
+    arr-flatten "^1.1.0"
+    array-unique "^0.3.2"
+    extend-shallow "^2.0.1"
+    fill-range "^4.0.0"
+    isobject "^3.0.1"
+    repeat-element "^1.1.2"
+    snapdragon "^0.8.1"
+    snapdragon-node "^2.0.1"
+    split-string "^3.0.2"
+    to-regex "^3.0.1"
+
 braces@^3.0.2, braces@~3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
@@ -2468,6 +2587,21 @@ bytes@3.1.2, bytes@^3.0.0:
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5"
   integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
 
+cache-base@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
+  integrity sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==
+  dependencies:
+    collection-visit "^1.0.0"
+    component-emitter "^1.2.1"
+    get-value "^2.0.6"
+    has-value "^1.0.0"
+    isobject "^3.0.1"
+    set-value "^2.0.0"
+    to-object-path "^0.3.0"
+    union-value "^1.0.0"
+    unset-value "^1.0.0"
+
 cache-content-type@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/cache-content-type/-/cache-content-type-1.0.1.tgz#035cde2b08ee2129f4a8315ea8f00a00dba1453c"
@@ -2622,6 +2756,16 @@ cjs-module-lexer@^1.0.0:
   resolved "https://registry.yarnpkg.com/cjs-module-lexer/-/cjs-module-lexer-1.2.2.tgz#9f84ba3244a512f3a54e5277e8eef4c489864e40"
   integrity sha512-cOU9usZw8/dXIXKtwa8pM0OTJQuJkxMN6w30csNRUerHfeQ5R6U3kkU/FtJeIf3M202OHfY2U8ccInBG7/xogA==
 
+class-utils@^0.3.5:
+  version "0.3.6"
+  resolved "https://registry.yarnpkg.com/class-utils/-/class-utils-0.3.6.tgz#f93369ae8b9a7ce02fd41faad0ca83033190c463"
+  integrity sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==
+  dependencies:
+    arr-union "^3.1.0"
+    define-property "^0.2.5"
+    isobject "^3.0.0"
+    static-extend "^0.1.1"
+
 cli-boxes@^2.2.1:
   version "2.2.1"
   resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.1.tgz#ddd5035d25094fce220e9cab40a45840a440318f"
@@ -2694,6 +2838,14 @@ collect-v8-coverage@^1.0.0:
   resolved "https://registry.yarnpkg.com/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz#cc2c8e94fc18bbdffe64d6534570c8a673b27f59"
   integrity sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==
 
+collection-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/collection-visit/-/collection-visit-1.0.0.tgz#4bc0373c164bc3291b4d368c829cf1a80a59dca0"
+  integrity sha512-lNkKvzEeMBBjUGHZ+q6z9pSJla0KWAQPvtzhEV9+iGyQYG+pBpl7xKDhxoNSOZH2hhv0v5k0y2yAM4o4SjoSkw==
+  dependencies:
+    map-visit "^1.0.0"
+    object-visit "^1.0.0"
+
 color-convert@^1.9.0:
   version "1.9.3"
   resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8"
@@ -2750,7 +2902,7 @@ commoner@^0.10.1:
     q "^1.1.2"
     recast "^0.11.17"
 
-component-emitter@^1.3.0:
+component-emitter@^1.2.1, component-emitter@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
   integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==
@@ -2780,6 +2932,13 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+concat-with-sourcemaps@*:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/concat-with-sourcemaps/-/concat-with-sourcemaps-1.1.0.tgz#d4ea93f05ae25790951b99e7b3b09e3908a4082e"
+  integrity sha512-4gEjHJFT9e+2W/77h/DS5SGUgwDaOwprX8L/gl5+3ixnzkVJJsZWDSelmN3Oilw3LNDZjZV0yqH1hLG3k6nghg==
+  dependencies:
+    source-map "^0.6.1"
+
 configstore@^5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/configstore/-/configstore-5.0.1.tgz#d365021b5df4b98cdd187d6a3b0e3f6a7cc5ed96"
@@ -2849,6 +3008,11 @@ cookies@~0.8.0:
     depd "~2.0.0"
     keygrip "~1.1.0"
 
+copy-descriptor@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d"
+  integrity sha512-XgZ0pFcakEUlbwQEVNg3+QAis1FyTL3Qel9FYy8pSkQqoG3PNoT0bOCQtOXcOkur21r2Eq2kI+IE+gsmAEVlYw==
+
 copyfiles@2.4.1:
   version "2.4.1"
   resolved "https://registry.yarnpkg.com/copyfiles/-/copyfiles-2.4.1.tgz#d2dcff60aaad1015f09d0b66e7f0f1c5cd3c5da5"
@@ -2961,6 +3125,11 @@ dateformat@^4.5.1:
   resolved "https://registry.yarnpkg.com/dateformat/-/dateformat-4.6.3.tgz#556fa6497e5217fedb78821424f8a1c22fa3f4b5"
   integrity sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA==
 
+dayjs@^1.10.4:
+  version "1.11.7"
+  resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.7.tgz#4b296922642f70999544d1144a2c25730fce63e2"
+  integrity sha512-+Yw9U6YO5TQohxLcIkrXBeY73WP3ejHWVvx8XCk3gxvQDCTEmS48ZrSZCKciI7Bhl/uCMyxYtE9UqRILmFphkQ==
+
 dd-trace@3.13.2:
   version "3.13.2"
   resolved "https://registry.yarnpkg.com/dd-trace/-/dd-trace-3.13.2.tgz#95b1ec480ab9ac406e1da7591a8c6f678d3799fd"
@@ -3001,6 +3170,13 @@ debug@4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, d
   dependencies:
     ms "2.1.2"
 
+debug@^2.2.0, debug@^2.3.3:
+  version "2.6.9"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
+  integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
+  dependencies:
+    ms "2.0.0"
+
 debug@^3.1.0, debug@^3.2.7:
   version "3.2.7"
   resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a"
@@ -3013,6 +3189,11 @@ debuglog@^1.0.0:
   resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
   integrity sha512-syBZ+rnAK3EgMsH2aYEOLUW7mZSY9Gb+0wUMCFsZvcmiz+HigA0LOcq/HoQqVuGG+EKykunc7QG2bzrponfaSw==
 
+decode-uri-component@^0.2.0:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9"
+  integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==
+
 decompress-response@^3.3.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-3.3.0.tgz#80a4dd323748384bfa248083622aedec982adff3"
@@ -3052,6 +3233,13 @@ deepmerge@^4.2.2:
   resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
   integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
 
+default-compare@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/default-compare/-/default-compare-1.0.0.tgz#cb61131844ad84d84788fb68fd01681ca7781a2f"
+  integrity sha512-QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ==
+  dependencies:
+    kind-of "^5.0.2"
+
 defer-to-connect@^1.0.1:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-1.1.3.tgz#331ae050c08dcf789f8c83a7b81f0ed94f4ac591"
@@ -3078,6 +3266,28 @@ define-properties@^1.1.3, define-properties@^1.1.4:
     has-property-descriptors "^1.0.0"
     object-keys "^1.1.1"
 
+define-property@^0.2.5:
+  version "0.2.5"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-0.2.5.tgz#c35b1ef918ec3c990f9a5bc57be04aacec5c8116"
+  integrity sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==
+  dependencies:
+    is-descriptor "^0.1.0"
+
+define-property@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-1.0.0.tgz#769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"
+  integrity sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==
+  dependencies:
+    is-descriptor "^1.0.0"
+
+define-property@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-2.0.2.tgz#d459689e8d654ba77e02a817f8710d702cb16e9d"
+  integrity sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==
+  dependencies:
+    is-descriptor "^1.0.2"
+    isobject "^3.0.1"
+
 defined@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/defined/-/defined-1.0.0.tgz#c98d9bcef75674188e110969151199e39b1fa693"
@@ -3371,6 +3581,11 @@ end-stream@~0.1.0:
   dependencies:
     write-stream "~0.4.3"
 
+ent@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d"
+  integrity sha512-GHrMyVZQWvTIdDtpiEXdHZnFQKzeO09apj8Cbl4pKWy4i0Oprcq17usfDt5aO63swf0JOeMWjWQE/LzgSRuWpA==
+
 errno@~0.1.1:
   version "0.1.8"
   resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.8.tgz#8bb3e9c7d463be4976ff888f76b4809ebc2e811f"
@@ -3635,6 +3850,19 @@ exit@^0.1.2:
   resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c"
   integrity sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==
 
+expand-brackets@^2.1.4:
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622"
+  integrity sha512-w/ozOKR9Obk3qoWeY/WDi6MFta9AoMR+zud60mdnbniMcBxRuFJyDt2LdX/14A1UABeqk+Uk+LDfUpvoGKppZA==
+  dependencies:
+    debug "^2.3.3"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    posix-character-classes "^0.1.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 expand-tilde@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/expand-tilde/-/expand-tilde-1.2.2.tgz#0b81eba897e5a3d31d1c3d102f8f01441e559449"
@@ -3653,6 +3881,26 @@ expect@^28.1.3:
     jest-message-util "^28.1.3"
     jest-util "^28.1.3"
 
+express-useragent@^1.0.15:
+  version "1.0.15"
+  resolved "https://registry.yarnpkg.com/express-useragent/-/express-useragent-1.0.15.tgz#cefda5fa4904345d51d3368b117a8dd4124985d9"
+  integrity sha512-eq5xMiYCYwFPoekffMjvEIk+NWdlQY9Y38OsTyl13IvA728vKT+q/CSERYWzcw93HGBJcIqMIsZC5CZGARPVdg==
+
+extend-shallow@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
+  integrity sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==
+  dependencies:
+    is-extendable "^0.1.0"
+
+extend-shallow@^3.0.0, extend-shallow@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-3.0.2.tgz#26a71aaf073b39fb2127172746131c2704028db8"
+  integrity sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==
+  dependencies:
+    assign-symbols "^1.0.0"
+    is-extendable "^1.0.1"
+
 extend@~3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
@@ -3667,6 +3915,20 @@ external-editor@^3.0.3:
     iconv-lite "^0.4.24"
     tmp "^0.0.33"
 
+extglob@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/extglob/-/extglob-2.0.4.tgz#ad00fe4dc612a9232e8718711dc5cb5ab0285543"
+  integrity sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==
+  dependencies:
+    array-unique "^0.3.2"
+    define-property "^1.0.0"
+    expand-brackets "^2.1.4"
+    extend-shallow "^2.0.1"
+    fragment-cache "^0.2.1"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 extsprintf@1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
@@ -3779,6 +4041,16 @@ file-entry-cache@^5.0.1:
   dependencies:
     flat-cache "^2.0.1"
 
+fill-range@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7"
+  integrity sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+    to-regex-range "^2.1.0"
+
 fill-range@^7.0.1:
   version "7.0.1"
   resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
@@ -3843,6 +4115,11 @@ follow-redirects@^1.15.0:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13"
   integrity sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==
 
+for-in@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
+  integrity sha512-7EwmXrOjyL+ChxMhmG5lnW9MPt1aIeZEwKhQzoBUdTV0N3zuwWDZYVJatDvZ2OyzPUvdIAZDsCetk3coyMfcnQ==
+
 forever-agent@~0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
@@ -3895,6 +4172,13 @@ forwarded-parse@^2.1.0:
   resolved "https://registry.yarnpkg.com/forwarded-parse/-/forwarded-parse-2.1.2.tgz#08511eddaaa2ddfd56ba11138eee7df117a09325"
   integrity sha512-alTFZZQDKMporBH77856pXgzhEzaUVmLCDk+egLgIgHst3Tpndzz8MnKe+GzRJRfvVdn69HhpW7cmXzvtLvJAw==
 
+fragment-cache@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/fragment-cache/-/fragment-cache-0.2.1.tgz#4290fad27f13e89be7f33799c6bc5a0abfff0d19"
+  integrity sha512-GMBAbW9antB8iZRHLoGw0b3HANt57diZYFO/HL1JGIC1MjKrdmhxvrJbupnVvpys0zsz7yBApXdQyfepKly2kA==
+  dependencies:
+    map-cache "^0.2.2"
+
 fresh@^0.5.2, fresh@~0.5.2:
   version "0.5.2"
   resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
@@ -3986,6 +4270,14 @@ get-intrinsic@^1.0.2, get-intrinsic@^1.1.0, get-intrinsic@^1.1.1:
     has "^1.0.3"
     has-symbols "^1.0.3"
 
+get-object@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/get-object/-/get-object-0.2.0.tgz#d92ff7d5190c64530cda0543dac63a3d47fe8c0c"
+  integrity sha512-7P6y6k6EzEFmO/XyUyFlXm1YLJy9xeA1x/grNV8276abX5GuwUtYgKFkRFkLixw4hf4Pz9q2vgv/8Ar42R0HuQ==
+  dependencies:
+    is-number "^2.0.2"
+    isobject "^0.2.0"
+
 get-package-type@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a"
@@ -4023,6 +4315,18 @@ get-symbol-description@^1.0.0:
     call-bind "^1.0.2"
     get-intrinsic "^1.1.1"
 
+get-value@^2.0.3, get-value@^2.0.6:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
+  integrity sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA==
+
+get-value@^3.0.0, get-value@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-3.0.1.tgz#5efd2a157f1d6a516d7524e124ac52d0a39ef5a8"
+  integrity sha512-mKZj9JLQrwMBtj5wxi6MH8Z5eSKaERpAwjg43dPtlGI1ZVEgH/qC7T8/6R2OBSUA+zzHBZgICsVJaEIV2tKTDA==
+  dependencies:
+    isobject "^3.0.1"
+
 getpass@^0.1.1:
   version "0.1.7"
   resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
@@ -4167,6 +4471,35 @@ graceful-fs@^4.1.2, graceful-fs@^4.2.9:
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
 
+gulp-header@^1.7.1:
+  version "1.8.12"
+  resolved "https://registry.yarnpkg.com/gulp-header/-/gulp-header-1.8.12.tgz#ad306be0066599127281c4f8786660e705080a84"
+  integrity sha512-lh9HLdb53sC7XIZOYzTXM4lFuXElv3EVkSDhsd7DoJBj7hm+Ni7D3qYbb+Rr8DuM8nRanBvkVO9d7askreXGnQ==
+  dependencies:
+    concat-with-sourcemaps "*"
+    lodash.template "^4.4.0"
+    through2 "^2.0.0"
+
+handlebars-utils@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/handlebars-utils/-/handlebars-utils-1.0.6.tgz#cb9db43362479054782d86ffe10f47abc76357f9"
+  integrity sha512-d5mmoQXdeEqSKMtQQZ9WkiUcO1E3tPbWxluCK9hVgIDPzQa9WsKo3Lbe/sGflTe7TomHEeZaOgwIkyIr1kfzkw==
+  dependencies:
+    kind-of "^6.0.0"
+    typeof-article "^0.1.1"
+
+handlebars@^4.7.6, handlebars@^4.7.7:
+  version "4.7.7"
+  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
+  integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
+  dependencies:
+    minimist "^1.2.5"
+    neo-async "^2.6.0"
+    source-map "^0.6.1"
+    wordwrap "^1.0.0"
+  optionalDependencies:
+    uglify-js "^3.1.4"
+
 har-schema@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
@@ -4219,6 +4552,52 @@ has-unicode@^2.0.1:
   resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
   integrity sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==
 
+has-value@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
+  integrity sha512-gpG936j8/MzaeID5Yif+577c17TxaDmhuyVgSwtnL/q8UUTySg8Mecb+8Cf1otgLoD7DDH75axp86ER7LFsf3Q==
+  dependencies:
+    get-value "^2.0.3"
+    has-values "^0.1.4"
+    isobject "^2.0.0"
+
+has-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-1.0.0.tgz#18b281da585b1c5c51def24c930ed29a0be6b177"
+  integrity sha512-IBXk4GTsLYdQ7Rvt+GRBrFSVEkmuOUy4re0Xjd9kJSUQpnTrWR4/y9RpfexN9vkAPMFuQoeWKwqzPozRTlasGw==
+  dependencies:
+    get-value "^2.0.6"
+    has-values "^1.0.0"
+    isobject "^3.0.0"
+
+has-value@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-2.0.2.tgz#d0f12e8780ba8e90e66ad1a21c707fdb67c25658"
+  integrity sha512-ybKOlcRsK2MqrM3Hmz/lQxXHZ6ejzSPzpNabKB45jb5qDgJvKPa3SdapTsTLwEb9WltgWpOmNax7i+DzNOk4TA==
+  dependencies:
+    get-value "^3.0.0"
+    has-values "^2.0.1"
+
+has-values@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
+  integrity sha512-J8S0cEdWuQbqD9//tlZxiMuMNmxB8PlEwvYwuxsTmR1G5RXUePEX/SJn7aD0GMLieuZYSwNH0cQuJGwnYunXRQ==
+
+has-values@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-1.0.0.tgz#95b0b63fec2146619a6fe57fe75628d5a39efe4f"
+  integrity sha512-ODYZC64uqzmtfGMEAX/FvZiRyWLpAC3vYnNunURUnkGVTS+mI0smVsWaPydRBsE3g+ok7h960jChO8mFcWlHaQ==
+  dependencies:
+    is-number "^3.0.0"
+    kind-of "^4.0.0"
+
+has-values@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-2.0.1.tgz#3876200ff86d8a8546a9264a952c17d5fc17579d"
+  integrity sha512-+QdH3jOmq9P8GfdjFg0eJudqx1FqU62NQJ4P16rOEHeRdl7ckgwn6uqQjzYE0ZoHVV/e5E2esuJ5Gl5+HUW19w==
+  dependencies:
+    kind-of "^6.0.2"
+
 has-yarn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77"
@@ -4231,6 +4610,16 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
+helper-md@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/helper-md/-/helper-md-0.2.2.tgz#c1f59d7e55bbae23362fd8a0e971607aec69d41f"
+  integrity sha512-49TaQzK+Ic7ZVTq4i1UZxRUJEmAilTk8hz7q4I0WNUaTclLR8ArJV5B3A1fe1xF2HtsDTr2gYKLaVTof/Lt84Q==
+  dependencies:
+    ent "^2.2.0"
+    extend-shallow "^2.0.1"
+    fs-exists-sync "^0.1.0"
+    remarkable "^1.6.2"
+
 hexoid@1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18"
@@ -4248,6 +4637,14 @@ html-escaper@^2.0.0:
   resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
   integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==
 
+html-tag@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/html-tag/-/html-tag-2.0.0.tgz#36c3bc8d816fd30b570d5764a497a641640c2fed"
+  integrity sha512-XxzooSo6oBoxBEUazgjdXj7VwTn/iSTSZzTYKzYY6I916tkaYzypHxy+pbVU1h+0UQ9JlVf5XkNQyxOAiiQO1g==
+  dependencies:
+    is-self-closing "^1.0.1"
+    kind-of "^6.0.0"
+
 http-assert@^1.3.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/http-assert/-/http-assert-1.5.0.tgz#c389ccd87ac16ed2dfa6246fd73b926aa00e6b8f"
@@ -4519,6 +4916,20 @@ ipaddr.js@^2.0.1:
   resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-2.0.1.tgz#eca256a7a877e917aeb368b0a7497ddf42ef81c0"
   integrity sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==
 
+is-accessor-descriptor@^0.1.6:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
+  integrity sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-accessor-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz#169c2f6d3df1f992618072365c9b0ea1f6878656"
+  integrity sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==
+  dependencies:
+    kind-of "^6.0.0"
+
 is-arrayish@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
@@ -4546,7 +4957,7 @@ is-boolean-object@^1.1.0:
     call-bind "^1.0.2"
     has-tostringtag "^1.0.0"
 
-is-buffer@~1.1.6:
+is-buffer@^1.1.5, is-buffer@~1.1.6:
   version "1.1.6"
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
   integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
@@ -4582,6 +4993,20 @@ is-core-module@^2.9.0:
   dependencies:
     has "^1.0.3"
 
+is-data-descriptor@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz#0b5ee648388e2c860282e793f1856fec3f301b56"
+  integrity sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-data-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz#d84876321d0e7add03990406abbbbd36ba9268c7"
+  integrity sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==
+  dependencies:
+    kind-of "^6.0.0"
+
 is-date-object@^1.0.1:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f"
@@ -4589,6 +5014,43 @@ is-date-object@^1.0.1:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-descriptor@^0.1.0:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-0.1.6.tgz#366d8240dde487ca51823b1ab9f07a10a78251ca"
+  integrity sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==
+  dependencies:
+    is-accessor-descriptor "^0.1.6"
+    is-data-descriptor "^0.1.4"
+    kind-of "^5.0.0"
+
+is-descriptor@^1.0.0, is-descriptor@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-1.0.2.tgz#3b159746a66604b04f8c81524ba365c5f14d86ec"
+  integrity sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==
+  dependencies:
+    is-accessor-descriptor "^1.0.0"
+    is-data-descriptor "^1.0.0"
+    kind-of "^6.0.2"
+
+is-even@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-even/-/is-even-1.0.0.tgz#76b5055fbad8d294a86b6a949015e1c97b717c06"
+  integrity sha512-LEhnkAdJqic4Dbqn58A0y52IXoHWlsueqQkKfMfdEnIYG8A1sm/GHidKkS6yvXlMoRrkM34csHnXQtOqcb+Jzg==
+  dependencies:
+    is-odd "^0.1.2"
+
+is-extendable@^0.1.0, is-extendable@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
+  integrity sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==
+
+is-extendable@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4"
+  integrity sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==
+  dependencies:
+    is-plain-object "^2.0.4"
+
 is-extglob@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2"
@@ -4673,6 +5135,20 @@ is-number-object@^1.0.4:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-number@^2.0.2:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-2.1.0.tgz#01fcbbb393463a548f2f466cce16dece49db908f"
+  integrity sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-number@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
+  integrity sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==
+  dependencies:
+    kind-of "^3.0.2"
+
 is-number@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b"
@@ -4683,11 +5159,25 @@ is-obj@^2.0.0:
   resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982"
   integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==
 
+is-odd@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/is-odd/-/is-odd-0.1.2.tgz#bc573b5ce371ef2aad6e6f49799b72bef13978a7"
+  integrity sha512-Ri7C2K7o5IrUU9UEI8losXJCCD/UtsaIrkR5sxIcFg4xQ9cRJXlWA5DQvTE0yDc0krvSNLsRGXN11UPS6KyfBw==
+  dependencies:
+    is-number "^3.0.0"
+
 is-path-inside@^3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
   integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==
 
+is-plain-object@^2.0.3, is-plain-object@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
+  integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
+  dependencies:
+    isobject "^3.0.1"
+
 is-regex@^1.1.4:
   version "1.1.4"
   resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.4.tgz#eef5663cd59fa4c0ae339505323df6854bb15958"
@@ -4701,6 +5191,13 @@ is-retry-allowed@^2.2.0:
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz#88f34cbd236e043e71b6932d09b0c65fb7b4d71d"
   integrity sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==
 
+is-self-closing@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-self-closing/-/is-self-closing-1.0.1.tgz#5f406b527c7b12610176320338af0fa3896416e4"
+  integrity sha512-E+60FomW7Blv5GXTlYee2KDrnG6srxF7Xt1SjrhWUGUEsTFIqY/nq2y3DaftCsgUMdh89V07IVfhY9KIJhLezg==
+  dependencies:
+    self-closing-tags "^1.0.1"
+
 is-shared-array-buffer@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79"
@@ -4753,6 +5250,11 @@ is-windows@^0.2.0:
   resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-0.2.0.tgz#de1aa6d63ea29dd248737b69f1ff8b8002d2108c"
   integrity sha512-n67eJYmXbniZB7RF4I/FTjK1s6RPOCTxhYrVYLRaCt3lF0mpWZPKr3T2LSZAqyjQsxR2qMmGYXXzK0YWwcPM1Q==
 
+is-windows@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d"
+  integrity sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==
+
 is-yarn-global@^0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.3.0.tgz#d502d3382590ea3004893746754c89139973e232"
@@ -4763,7 +5265,7 @@ isarray@0.0.1:
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
   integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==
 
-isarray@^1.0.0, isarray@~1.0.0:
+isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
   integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==
@@ -4773,6 +5275,23 @@ isexe@^2.0.0:
   resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isobject@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-0.2.0.tgz#a3432192f39b910b5f02cc989487836ec70aa85e"
+  integrity sha512-VaWq6XYAsbvM0wf4dyBO7WH9D7GosB7ZZlqrawI9BBiTMINBeCyqSKBa35m870MY3O4aM31pYyZi9DfGrYMJrQ==
+
+isobject@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
+  integrity sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==
+  dependencies:
+    isarray "1.0.0"
+
+isobject@^3.0.0, isobject@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
+  integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==
+
 isstream@~0.1.2:
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
@@ -5383,6 +5902,30 @@ keyv@^4.0.0:
     compress-brotli "^1.3.8"
     json-buffer "3.0.1"
 
+kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.1.0, kind-of@^3.2.0:
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
+  integrity sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-4.0.0.tgz#20813df3d712928b207378691a45066fae72dd57"
+  integrity sha512-24XsCxmEbRwEDbz/qz3stgin8TTzZ1ESR56OMCN0ujYg+vRutNSiOj9bHH9u85DKgXguraugV5sFuvbD4FW/hw==
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^5.0.0, kind-of@^5.0.2:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
+  integrity sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==
+
+kind-of@^6.0.0, kind-of@^6.0.2, kind-of@^6.0.3:
+  version "6.0.3"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
+  integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
+
 kleur@^3.0.3:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e"
@@ -5467,6 +6010,13 @@ koa-static@5.0.0:
     debug "^3.1.0"
     koa-send "^5.0.0"
 
+koa-useragent@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/koa-useragent/-/koa-useragent-4.1.0.tgz#d3f128b552c6da3e5e9e9e9c887b2922b16e4468"
+  integrity sha512-x/HUDZ1zAmNNh5hA9hHbPm9p3UVg2prlpHzxCXQCzbibrNS0kmj7MkCResCbAbG7ZT6FVxNSMjR94ZGamdMwxA==
+  dependencies:
+    express-useragent "^1.0.15"
+
 koa@2.13.4, koa@^2.13.4:
   version "2.13.4"
   resolved "https://registry.yarnpkg.com/koa/-/koa-2.13.4.tgz#ee5b0cb39e0b8069c38d115139c774833d32462e"
@@ -5639,6 +6189,11 @@ locate-path@^5.0.0:
   dependencies:
     p-locate "^4.1.0"
 
+lodash._reinterpolate@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
+  integrity sha512-xYHt68QRoYGjeeM/XOE1uJtvXQAgvszfBhjV4yvsQH0u2i9I6cI6c6/eG4Hh3UAOVn0y/xAXwmTzEay49Q//HA==
+
 lodash.defaults@^4.2.0:
   version "4.2.0"
   resolved "https://registry.yarnpkg.com/lodash.defaults/-/lodash.defaults-4.2.0.tgz#d09178716ffea4dde9e5fb7b37f6f0802274580c"
@@ -5709,12 +6264,27 @@ lodash.sortby@^4.7.0:
   resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
   integrity sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==
 
+lodash.template@^4.4.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
+  integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+    lodash.templatesettings "^4.0.0"
+
+lodash.templatesettings@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz#e481310f049d3cf6d47e912ad09313b154f0fb33"
+  integrity sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+
 lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
   integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==
 
-lodash@4.17.21, lodash@^4.17.14, lodash@^4.17.19, lodash@^4.17.21:
+lodash@4.17.21, lodash@^4.17.14, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
@@ -5793,6 +6363,18 @@ makeerror@1.0.12:
   dependencies:
     tmpl "1.0.5"
 
+map-cache@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"
+  integrity sha512-8y/eV9QQZCiyn1SprXSrCmqJN0yNRATe+PO8ztwqrvrbdRLA3eYJF0yaR0YayLWkMbsQSKWS9N2gPcGEc4UsZg==
+
+map-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"
+  integrity sha512-4y7uGv8bd2WdM9vpQsiQNo41Ln1NvhvDRuVt0k2JZQ+ezN2uaQes7lZeZ+QQUHOLQAtDaBJ+7wCbi+ab/KFs+w==
+  dependencies:
+    object-visit "^1.0.0"
+
 mapcap@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/mapcap/-/mapcap-1.0.0.tgz#e8e29d04a160eaf8c92ec4bcbd2c5d07ed037e5a"
@@ -5849,6 +6431,11 @@ memdown@1.4.1:
     ltgt "~2.2.0"
     safe-buffer "~5.1.1"
 
+memorystream@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2"
+  integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw==
+
 merge-descriptors@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
@@ -5869,6 +6456,25 @@ methods@^1.1.2:
   resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
   integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
 
+micromatch@^3.1.5:
+  version "3.1.10"
+  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
+  integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    braces "^2.3.1"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    extglob "^2.0.4"
+    fragment-cache "^0.2.1"
+    kind-of "^6.0.2"
+    nanomatch "^1.2.9"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.2"
+
 micromatch@^4.0.4:
   version "4.0.5"
   resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6"
@@ -5926,6 +6532,11 @@ minimist@^1.2.0, minimist@^1.2.6:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
   integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
+minimist@^1.2.5:
+  version "1.2.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
+  integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
+
 minipass@^3.0.0:
   version "3.1.6"
   resolved "https://registry.yarnpkg.com/minipass/-/minipass-3.1.6.tgz#3b8150aa688a711a1521af5e8779c1d3bb4f45ee"
@@ -5941,6 +6552,14 @@ minizlib@^2.1.1:
     minipass "^3.0.0"
     yallist "^4.0.0"
 
+mixin-deep@^1.2.0:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
+  integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==
+  dependencies:
+    for-in "^1.0.2"
+    is-extendable "^1.0.1"
+
 mkdirp-classic@^0.5.2:
   version "0.5.3"
   resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113"
@@ -5973,6 +6592,11 @@ mri@1.1.4:
   resolved "https://registry.yarnpkg.com/mri/-/mri-1.1.4.tgz#7cb1dd1b9b40905f1fac053abe25b6720f44744a"
   integrity sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==
 
+ms@2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
+  integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==
+
 ms@2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
@@ -6014,6 +6638,23 @@ nan@^2.15.0, nan@^2.16.0:
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.17.0.tgz#c0150a2368a182f033e9aa5195ec76ea41a199cb"
   integrity sha512-2ZTgtl0nJsO0KQCjEpxcIr5D+Yv90plTitZt9JBfQvVJDS5seMl3FOvsh3+9CoYWXf/1l5OaZzzF6nDm4cagaQ==
 
+nanomatch@^1.2.9:
+  version "1.2.13"
+  resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119"
+  integrity sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    fragment-cache "^0.2.1"
+    is-windows "^1.0.2"
+    kind-of "^6.0.2"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 napi-macros@~2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/napi-macros/-/napi-macros-2.0.0.tgz#2b6bae421e7b96eb687aa6c77a7858640670001b"
@@ -6039,6 +6680,11 @@ negotiator@0.6.3:
   resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
   integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
 
+neo-async@^2.6.0:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
+  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
+
 next-line@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/next-line/-/next-line-1.1.0.tgz#fcae57853052b6a9bae8208e40dd7d3c2d304603"
@@ -6222,6 +6868,15 @@ object-assign@^4.1.1:
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
 
+object-copy@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
+  integrity sha512-79LYn6VAb63zgtmAteVOWo9Vdj71ZVBy3Pbse+VqxDpEP83XuujMrGqHIwAXJ5I/aM0zU7dIyIAhifVTPrNItQ==
+  dependencies:
+    copy-descriptor "^0.1.0"
+    define-property "^0.2.5"
+    kind-of "^3.0.3"
+
 object-filter-sequence@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/object-filter-sequence/-/object-filter-sequence-1.0.0.tgz#10bb05402fff100082b80d7e83991b10db411692"
@@ -6244,6 +6899,13 @@ object-keys@^1.1.1:
   resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
   integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==
 
+object-visit@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/object-visit/-/object-visit-1.0.1.tgz#f79c4493af0c5377b59fe39d395e41042dd045bb"
+  integrity sha512-GBaMwwAVK9qbQN3Scdo0OyvgPW7l3lnaVMj84uTOZlswkX0KpF6fyDBJhtTthf7pymztoN36/KEr1DyhF96zEA==
+  dependencies:
+    isobject "^3.0.0"
+
 object.assign@^4.1.2:
   version "4.1.4"
   resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f"
@@ -6263,6 +6925,13 @@ object.entries@^1.0.4, object.entries@^1.1.0:
     define-properties "^1.1.3"
     es-abstract "^1.19.1"
 
+object.pick@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
+  integrity sha512-tqa/UMy/CCoYmj+H5qc07qvSL9dqcs/WZENZ1JbtWBlATP+iVOe778gE6MSijnyCnORzDuX6hU+LA4SZ09YjFQ==
+  dependencies:
+    isobject "^3.0.1"
+
 on-finished@^2.3.0:
   version "2.4.1"
   resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.4.1.tgz#58c8c44116e54845ad57f14ab10b03533184ac3f"
@@ -6418,6 +7087,11 @@ parseurl@^1.3.2, parseurl@^1.3.3:
   resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
   integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
 
+pascalcase@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
+  integrity sha512-XHXfu/yOQRy9vYOtUDVMN60OEJjW013GoObG1o+xwQTpB9eYJX/BjXMsdW13ZDPruFhYYn0AG22w0xgQMwl3Nw==
+
 passport-google-oauth1@1.x.x:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/passport-google-oauth1/-/passport-google-oauth1-1.0.0.tgz#af74a803df51ec646f66a44d82282be6f108e0cc"
@@ -6622,6 +7296,11 @@ pkg-dir@^4.2.0:
   dependencies:
     find-up "^4.0.0"
 
+posix-character-classes@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
+  integrity sha512-xTgYBc3fuo7Yt7JbiuFxSYGToMoz8fLoE6TC9Wx1P/u+LfeThMOAqmuyECnlBaaJb+u1m9hHiXUEtwW4OzfUJg==
+
 posthog-node@1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/posthog-node/-/posthog-node-1.3.0.tgz#804ed2f213a2f05253f798bf9569d55a9cad94f7"
@@ -7158,6 +7837,14 @@ regenerator-runtime@^0.13.4:
   resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz#8925742a98ffd90814988d7566ad30ca3b263b52"
   integrity sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==
 
+regex-not@^1.0.0, regex-not@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c"
+  integrity sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==
+  dependencies:
+    extend-shallow "^3.0.2"
+    safe-regex "^1.1.0"
+
 regexp.prototype.flags@^1.4.3:
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz#87cab30f80f66660181a3bb7bf5981a872b367ac"
@@ -7191,11 +7878,36 @@ relative-microtime@^2.0.0:
   resolved "https://registry.yarnpkg.com/relative-microtime/-/relative-microtime-2.0.0.tgz#cceed2af095ecd72ea32011279c79e5fcc7de29b"
   integrity sha512-l18ha6HEZc+No/uK4GyAnNxgKW7nvEe35IaeN54sShMojtqik2a6GbTyuiezkjpPaqP874Z3lW5ysBo5irz4NA==
 
+relative@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/relative/-/relative-3.0.2.tgz#0dcd8ec54a5d35a3c15e104503d65375b5a5367f"
+  integrity sha512-Q5W2qeYtY9GbiR8z1yHNZ1DGhyjb4AnLEjt8iE6XfcC1QIu+FAtj3HQaO0wH28H1mX6cqNLvAqWhP402dxJGyA==
+  dependencies:
+    isobject "^2.0.0"
+
+remarkable@^1.6.2:
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/remarkable/-/remarkable-1.7.4.tgz#19073cb960398c87a7d6546eaa5e50d2022fcd00"
+  integrity sha512-e6NKUXgX95whv7IgddywbeN/ItCkWbISmc2DiqHJb0wTrqZIexqdco5b8Z3XZoo/48IdNVKM9ZCvTPJ4F5uvhg==
+  dependencies:
+    argparse "^1.0.10"
+    autolinker "~0.28.0"
+
 remove-trailing-slash@^0.1.1:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/remove-trailing-slash/-/remove-trailing-slash-0.1.1.tgz#be2285a59f39c74d1bce4f825950061915e3780d"
   integrity sha512-o4S4Qh6L2jpnCy83ysZDau+VORNvnFw07CKSAymkd6ICNVEPisMyzlc00KlvvicsxKck94SEwhDnMNdICzO+tA==
 
+repeat-element@^1.1.2:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/repeat-element/-/repeat-element-1.1.4.tgz#be681520847ab58c7568ac75fbfad28ed42d39e9"
+  integrity sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==
+
+repeat-string@^1.6.1:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637"
+  integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==
+
 request@^2.88.0:
   version "2.88.2"
   resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
@@ -7279,6 +7991,11 @@ resolve-path@^1.4.0:
     http-errors "~1.6.2"
     path-is-absolute "1.0.1"
 
+resolve-url@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a"
+  integrity sha512-ZuF55hVUQaaczgOIwqWzkEcEidmlD/xl44x1UZnhOXcYuFN2S6+rcxpG+C1N3So0wvNI3DmJICUFfu2SxhBmvg==
+
 resolve.exports@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/resolve.exports/-/resolve.exports-1.1.0.tgz#5ce842b94b05146c0e03076985d1d0e7e48c90c9"
@@ -7324,6 +8041,11 @@ restore-cursor@^3.1.0:
     onetime "^5.1.0"
     signal-exit "^3.0.2"
 
+ret@~0.1.10:
+  version "0.1.15"
+  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+  integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==
+
 retry@^0.10.1:
   version "0.10.1"
   resolved "https://registry.yarnpkg.com/retry/-/retry-0.10.1.tgz#e76388d217992c252750241d3d3956fed98d8ff4"
@@ -7394,6 +8116,13 @@ safe-buffer@5.2.1, safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.2.0:
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
+safe-regex@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
+  integrity sha512-aJXcif4xnaNUzvUuC5gcb46oTS7zvg4jpMTnuqtrEPlR3vFr4pxtdTwaF1Qs3Enjn9HK+ZlwQui+a7z0SywIzg==
+  dependencies:
+    ret "~0.1.10"
+
 "safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
@@ -7414,6 +8143,11 @@ sax@>=0.1.1, sax@>=0.6.0:
   resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
   integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
 
+self-closing-tags@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/self-closing-tags/-/self-closing-tags-1.0.1.tgz#6c5fa497994bb826b484216916371accee490a5d"
+  integrity sha512-7t6hNbYMxM+VHXTgJmxwgZgLGktuXtVVD5AivWzNTdJBM4DBjnDKDzkf2SrNjihaArpeJYNjxkELBu1evI4lQA==
+
 semver-compare@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc"
@@ -7472,6 +8206,16 @@ set-cookie-serde@^1.0.0:
   resolved "https://registry.yarnpkg.com/set-cookie-serde/-/set-cookie-serde-1.0.0.tgz#bcf9c260ed2212ac4005a53eacbaaa37c07ac452"
   integrity sha512-Vq8e5GsupfJ7okHIvEPcfs5neCo7MZ1ZuWrO3sllYi3DOWt6bSSCpADzqXjz3k0fXehnoFIrmmhty9IN6U6BXQ==
 
+set-value@^2.0.0, set-value@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
+  integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-extendable "^0.1.1"
+    is-plain-object "^2.0.3"
+    split-string "^3.0.1"
+
 setprototypeof@1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
@@ -7549,6 +8293,36 @@ slice-ansi@^2.1.0:
     astral-regex "^1.0.0"
     is-fullwidth-code-point "^2.0.0"
 
+snapdragon-node@^2.0.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b"
+  integrity sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==
+  dependencies:
+    define-property "^1.0.0"
+    isobject "^3.0.0"
+    snapdragon-util "^3.0.1"
+
+snapdragon-util@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-util/-/snapdragon-util-3.0.1.tgz#f956479486f2acd79700693f6f7b805e45ab56e2"
+  integrity sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==
+  dependencies:
+    kind-of "^3.2.0"
+
+snapdragon@^0.8.1:
+  version "0.8.2"
+  resolved "https://registry.yarnpkg.com/snapdragon/-/snapdragon-0.8.2.tgz#64922e7c565b0e14204ba1aa7d6964278d25182d"
+  integrity sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==
+  dependencies:
+    base "^0.11.1"
+    debug "^2.2.0"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    map-cache "^0.2.2"
+    source-map "^0.5.6"
+    source-map-resolve "^0.5.0"
+    use "^3.1.0"
+
 sonic-boom@^1.0.2:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/sonic-boom/-/sonic-boom-1.4.1.tgz#d35d6a74076624f12e6f917ade7b9d75e918f53e"
@@ -7557,6 +8331,17 @@ sonic-boom@^1.0.2:
     atomic-sleep "^1.0.0"
     flatstr "^1.0.12"
 
+source-map-resolve@^0.5.0:
+  version "0.5.3"
+  resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.3.tgz#190866bece7553e1f8f267a2ee82c606b5509a1a"
+  integrity sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==
+  dependencies:
+    atob "^2.1.2"
+    decode-uri-component "^0.2.0"
+    resolve-url "^0.2.1"
+    source-map-url "^0.4.0"
+    urix "^0.1.0"
+
 source-map-support@0.5.13:
   version "0.5.13"
   resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.13.tgz#31b24a9c2e73c2de85066c0feb7d44767ed52932"
@@ -7565,6 +8350,11 @@ source-map-support@0.5.13:
     buffer-from "^1.0.0"
     source-map "^0.6.0"
 
+source-map-url@^0.4.0:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.1.tgz#0af66605a745a5a2f91cf1bbf8a7afbc283dec56"
+  integrity sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==
+
 source-map@^0.4.2:
   version "0.4.4"
   resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.4.4.tgz#eba4f5da9c0dc999de68032d8b4f76173652036b"
@@ -7572,6 +8362,11 @@ source-map@^0.4.2:
   dependencies:
     amdefine ">=0.0.4"
 
+source-map@^0.5.6, source-map@~0.5.0:
+  version "0.5.7"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
+  integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==
+
 source-map@^0.6.0, source-map@^0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
@@ -7589,11 +8384,6 @@ source-map@^0.8.0-beta.0:
   dependencies:
     whatwg-url "^7.0.0"
 
-source-map@~0.5.0:
-  version "0.5.7"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
-  integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==
-
 spark-md5@3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/spark-md5/-/spark-md5-3.0.1.tgz#83a0e255734f2ab4e5c466e5a2cfc9ba2aa2124d"
@@ -7609,6 +8399,13 @@ split-ca@^1.0.1:
   resolved "https://registry.yarnpkg.com/split-ca/-/split-ca-1.0.1.tgz#6c83aff3692fa61256e0cd197e05e9de157691a6"
   integrity sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ==
 
+split-string@^3.0.1, split-string@^3.0.2:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2"
+  integrity sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==
+  dependencies:
+    extend-shallow "^3.0.0"
+
 split2@^2.1.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/split2/-/split2-2.2.0.tgz#186b2575bcf83e85b7d18465756238ee4ee42493"
@@ -7688,6 +8485,14 @@ standard-as-callback@^2.1.0:
   resolved "https://registry.yarnpkg.com/standard-as-callback/-/standard-as-callback-2.1.0.tgz#8953fc05359868a77b5b9739a665c5977bb7df45"
   integrity sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==
 
+static-extend@^0.1.1:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/static-extend/-/static-extend-0.1.2.tgz#60809c39cbff55337226fd5e0b520f341f1fb5c6"
+  integrity sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g==
+  dependencies:
+    define-property "^0.2.5"
+    object-copy "^0.1.0"
+
 statuses@2.0.1, statuses@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63"
@@ -7824,6 +8629,11 @@ strip-json-comments@~2.0.1:
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
   integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==
 
+striptags@^3.1.1:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/striptags/-/striptags-3.2.0.tgz#cc74a137db2de8b0b9a370006334161f7dd67052"
+  integrity sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==
+
 sublevel-pouchdb@7.2.2:
   version "7.2.2"
   resolved "https://registry.yarnpkg.com/sublevel-pouchdb/-/sublevel-pouchdb-7.2.2.tgz#49e46cd37883bf7ff5006d7c5b9bcc7bcc1f422f"
@@ -8033,11 +8843,31 @@ to-fast-properties@^2.0.0:
   resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
   integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
 
+to-gfm-code-block@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/to-gfm-code-block/-/to-gfm-code-block-0.1.1.tgz#25d045a5fae553189e9637b590900da732d8aa82"
+  integrity sha512-LQRZWyn8d5amUKnfR9A9Uu7x9ss7Re8peuWR2gkh1E+ildOfv2aF26JpuDg8JtvCduu5+hOrMIH+XstZtnagqg==
+
+to-object-path@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/to-object-path/-/to-object-path-0.3.0.tgz#297588b7b0e7e0ac08e04e672f85c1f4999e17af"
+  integrity sha512-9mWHdnGRuh3onocaHzukyvCZhzvr6tiflAy/JRFXcJX0TjgfWA9pk9t8CMbzmBE4Jfw58pXbkngtBtqYxzNEyg==
+  dependencies:
+    kind-of "^3.0.2"
+
 to-readable-stream@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/to-readable-stream/-/to-readable-stream-1.0.0.tgz#ce0aa0c2f3df6adf852efb404a783e77c0475771"
   integrity sha512-Iq25XBt6zD5npPhlLVXGFN3/gyR2/qODcKNNyTMd4vbm39HUaOiAM4PMq0eMVC/Tkxz+Zjdsc55g9yyz+Yq00Q==
 
+to-regex-range@^2.1.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2.1.1.tgz#7c80c17b9dfebe599e27367e0d4dd5590141db38"
+  integrity sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==
+  dependencies:
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+
 to-regex-range@^5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4"
@@ -8045,6 +8875,16 @@ to-regex-range@^5.0.1:
   dependencies:
     is-number "^7.0.0"
 
+to-regex@^3.0.1, to-regex@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/to-regex/-/to-regex-3.0.2.tgz#13cfdd9b336552f30b51f33a8ae1b42a7a7599ce"
+  integrity sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==
+  dependencies:
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    regex-not "^1.0.2"
+    safe-regex "^1.1.0"
+
 to-source-code@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/to-source-code/-/to-source-code-1.0.2.tgz#dd136bdb1e1dbd80bbeacf088992678e9070bfea"
@@ -8226,11 +9066,23 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
+typeof-article@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/typeof-article/-/typeof-article-0.1.1.tgz#9f07e733c3fbb646ffa9e61c08debacd460e06af"
+  integrity sha512-Vn42zdX3FhmUrzEmitX3iYyLb+Umwpmv8fkZRIknYh84lmdrwqZA5xYaoKiIj2Rc5i/5wcDrpUmZcbk1U51vTw==
+  dependencies:
+    kind-of "^3.1.0"
+
 typescript@4.7.3:
   version "4.7.3"
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.7.3.tgz#8364b502d5257b540f9de4c40be84c98e23a129d"
   integrity sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==
 
+uglify-js@^3.1.4:
+  version "3.17.4"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.17.4.tgz#61678cf5fa3f5b7eb789bb345df29afb8257c22c"
+  integrity sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==
+
 uid2@0.0.x:
   version "0.0.4"
   resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.4.tgz#033f3b1d5d32505f5ce5f888b9f3b667123c0a44"
@@ -8264,6 +9116,16 @@ unicode-substring@^0.1.0:
   resolved "https://registry.yarnpkg.com/unicode-substring/-/unicode-substring-0.1.0.tgz#6120ce3c390385dbcd0f60c32b9065c4181d4b36"
   integrity sha512-36Xaw9wXi7MB/3/EQZZHkZyyiRNa9i3k9YtPAz2KfqMVH2xutdXyMHn4Igarmnvr+wOrfWa/6njhY+jPpXN2EQ==
 
+union-value@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
+  integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==
+  dependencies:
+    arr-union "^3.1.0"
+    get-value "^2.0.6"
+    is-extendable "^0.1.1"
+    set-value "^2.0.1"
+
 unique-string@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-2.0.0.tgz#39c6451f81afb2749de2b233e3f7c5e8843bd89d"
@@ -8286,6 +9148,14 @@ unpipe@1.0.0:
   resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
   integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=
 
+unset-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/unset-value/-/unset-value-1.0.0.tgz#8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"
+  integrity sha512-PcA2tsuGSF9cnySLHTLSh2qrQiJ70mn+r+Glzxv2TWZblxsxCC52BDlZoPCsz7STd9pN7EZetkWZBAvk4cgZdQ==
+  dependencies:
+    has-value "^0.3.1"
+    isobject "^3.0.0"
+
 untildify@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/untildify/-/untildify-4.0.0.tgz#2bc947b953652487e4600949fb091e3ae8cd919b"
@@ -8336,6 +9206,11 @@ urijs@^1.19.2:
   resolved "https://registry.yarnpkg.com/urijs/-/urijs-1.19.11.tgz#204b0d6b605ae80bea54bea39280cdb7c9f923cc"
   integrity sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==
 
+urix@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72"
+  integrity sha512-Am1ousAhSLBeB9cG/7k7r2R0zj50uDRlZHPGbazid5s9rlF1F/QKYObEKSIunSjIOkJZqwRRLpvewjEkM7pSqg==
+
 url-parse-lax@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/url-parse-lax/-/url-parse-lax-3.0.0.tgz#16b5cafc07dbe3676c1b1999177823d6503acb0c"
@@ -8359,6 +9234,11 @@ url@0.10.3:
     punycode "1.3.2"
     querystring "0.2.0"
 
+use@^3.1.0:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/use/-/use-3.1.1.tgz#d50c8cac79a19fbc20f2911f56eb973f4e10070f"
+  integrity sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==
+
 util-deprecate@^1.0.1, util-deprecate@~1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
@@ -8422,6 +9302,14 @@ verror@1.10.0:
     core-util-is "1.0.2"
     extsprintf "^1.2.0"
 
+vm2@^3.9.4:
+  version "3.9.14"
+  resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.14.tgz#964042b474cf1e6e4f475a39144773cdb9deb734"
+  integrity sha512-HgvPHYHeQy8+QhzlFryvSteA4uQLBCOub02mgqdR+0bN/akRZ48TGB1v0aCv7ksyc0HXx16AZtMHKS38alc6TA==
+  dependencies:
+    acorn "^8.7.0"
+    acorn-walk "^8.2.0"
+
 vuvuzela@1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/vuvuzela/-/vuvuzela-1.0.3.tgz#3be145e58271c73ca55279dd851f12a682114b0b"
@@ -8513,6 +9401,11 @@ word-wrap@~1.2.3:
   resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
   integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
 
+wordwrap@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
+  integrity sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==
+
 wrap-ansi@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
@@ -8645,6 +9538,11 @@ yargs@^17.3.1:
     y18n "^5.0.5"
     yargs-parser "^21.1.1"
 
+year@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/year/-/year-0.2.1.tgz#4083ae520a318b23ec86037f3000cb892bdf9bb0"
+  integrity sha512-9GnJUZ0QM4OgXuOzsKNzTJ5EOkums1Xc+3YQXp+Q+UxFjf7zLucp9dQ8QMIft0Szs1E1hUiXFim1OYfEKFq97w==
+
 ylru@^1.2.0:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/ylru/-/ylru-1.3.2.tgz#0de48017473275a4cbdfc83a1eaf67c01af8a785"
diff --git a/scripts/link-dependencies.sh b/scripts/link-dependencies.sh
index d2a501162b..31d99fda3c 100755
--- a/scripts/link-dependencies.sh
+++ b/scripts/link-dependencies.sh
@@ -28,6 +28,12 @@ yarn unlink
 yarn link
 cd -
 
+echo "Linking shared-core"
+cd packages/shared-core
+yarn unlink
+yarn link
+cd -
+
 if [ -d "../budibase-pro" ]; then
   cd ../budibase-pro
   echo "Bootstrapping budibase-pro"
@@ -44,6 +50,9 @@ if [ -d "../budibase-pro" ]; then
   echo "Linking types to pro"
   yarn link '@budibase/types'
 
+  echo "Linking string-templates to pro"
+  yarn link '@budibase/string-templates'
+
   cd ../../../budibase
 
   echo "Linking pro to worker"
diff --git a/yarn.lock b/yarn.lock
index f80cde1b6f..bcd33ad2b6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1064,6 +1064,11 @@
   resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.45.0.tgz#794760b9037ee4154c09549ef5a96599621109c5"
   integrity sha512-QQij+u/vgskA66azc9dCmx+rev79PzX8uDHpsqSjEFtfF2gBUTRCpvYMh2gw2ghkJabNkPlSUCimsyBEQZd1DA==
 
+"@typescript-eslint/types@5.53.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.53.0.tgz#f79eca62b97e518ee124086a21a24f3be267026f"
+  integrity sha512-5kcDL9ZUIP756K6+QOAfPkigJmCPHcLN7Zjdz76lQWWDdzfOhZDTj1irs6gPBKiXx5/6O3L0+AvupAut3z7D2A==
+
 "@typescript-eslint/typescript-estree@5.45.0":
   version "5.45.0"
   resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.45.0.tgz#f70a0d646d7f38c0dfd6936a5e171a77f1e5291d"
@@ -1090,6 +1095,19 @@
     semver "^7.3.5"
     tsutils "^3.21.0"
 
+"@typescript-eslint/typescript-estree@^5.13.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.53.0.tgz#bc651dc28cf18ab248ecd18a4c886c744aebd690"
+  integrity sha512-eKmipH7QyScpHSkhbptBBYh9v8FxtngLquq292YTEQ1pxVs39yFBlLC1xeIZcPPz1RWGqb7YgERJRGkjw8ZV7w==
+  dependencies:
+    "@typescript-eslint/types" "5.53.0"
+    "@typescript-eslint/visitor-keys" "5.53.0"
+    debug "^4.3.4"
+    globby "^11.1.0"
+    is-glob "^4.0.3"
+    semver "^7.3.7"
+    tsutils "^3.21.0"
+
 "@typescript-eslint/visitor-keys@4.33.0":
   version "4.33.0"
   resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz#2a22f77a41604289b7a186586e9ec48ca92ef1dd"
@@ -1106,6 +1124,14 @@
     "@typescript-eslint/types" "5.45.0"
     eslint-visitor-keys "^3.3.0"
 
+"@typescript-eslint/visitor-keys@5.53.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.53.0.tgz#8a5126623937cdd909c30d8fa72f79fa56cc1a9f"
+  integrity sha512-JqNLnX3leaHFZEN0gCh81sIvgrp/2GOACZNgO4+Tkf64u51kTpAyWFOY8XHx8XuXr3N2C9zgPPHtcpMg6z1g0w==
+  dependencies:
+    "@typescript-eslint/types" "5.53.0"
+    eslint-visitor-keys "^3.3.0"
+
 JSONStream@^1.0.4, JSONStream@^1.3.4:
   version "1.3.5"
   resolved "https://registry.yarnpkg.com/JSONStream/-/JSONStream-1.3.5.tgz#3208c1f08d3a4d99261ab64f92302bc15e111ca0"
@@ -1214,6 +1240,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0:
   dependencies:
     color-convert "^2.0.1"
 
+any-promise@^1.1.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/any-promise/-/any-promise-1.3.0.tgz#abc6afeedcea52e809cdc0376aed3ce39635d17f"
+  integrity sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==
+
 app-module-path@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/app-module-path/-/app-module-path-2.2.0.tgz#641aa55dfb7d6a6f0a8141c4b9c0aa50b6c24dd5"
@@ -1793,6 +1824,11 @@ commander@^7.2.0:
   resolved "https://registry.yarnpkg.com/commander/-/commander-7.2.0.tgz#a36cb57d0b501ce108e4d20559a150a391d97ab7"
   integrity sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==
 
+commander@^9.1.0:
+  version "9.5.0"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-9.5.0.tgz#bc08d1eb5cedf7ccb797a96199d41c7bc3e60d30"
+  integrity sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==
+
 commondir@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/commondir/-/commondir-1.0.1.tgz#ddd800da0c66127393cca5950ea968a3aaf1253b"
@@ -2139,16 +2175,16 @@ delegates@^1.0.0:
   resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
   integrity sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==
 
-dependency-tree@^8.1.1:
-  version "8.1.2"
-  resolved "https://registry.yarnpkg.com/dependency-tree/-/dependency-tree-8.1.2.tgz#c9e652984f53bd0239bc8a3e50cbd52f05b2e770"
-  integrity sha512-c4CL1IKxkKng0oT5xrg4uNiiMVFqTGOXqHSFx7XEFdgSsp6nw3AGGruICppzJUrfad/r7GLqt26rmWU4h4j39A==
+dependency-tree@^9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/dependency-tree/-/dependency-tree-9.0.0.tgz#9288dd6daf35f6510c1ea30d9894b75369aa50a2"
+  integrity sha512-osYHZJ1fBSon3lNLw70amAXsQ+RGzXsPvk9HbBgTLbp/bQBmpH5mOmsUvqXU+YEWVU0ZLewsmzOET/8jWswjDQ==
   dependencies:
     commander "^2.20.3"
     debug "^4.3.1"
     filing-cabinet "^3.0.1"
-    precinct "^8.0.0"
-    typescript "^3.9.7"
+    precinct "^9.0.0"
+    typescript "^4.0.0"
 
 deprecation@^2.0.0, deprecation@^2.3.1:
   version "2.3.1"
@@ -2170,6 +2206,16 @@ detective-amd@^3.1.0:
     get-amd-module-type "^3.0.0"
     node-source-walk "^4.2.0"
 
+detective-amd@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/detective-amd/-/detective-amd-4.0.1.tgz#1a827d9e4fa2f832506bd87aa392f124155bca3a"
+  integrity sha512-bDo22IYbJ8yzALB0Ow5CQLtyhU1BpDksLB9dsWHI9Eh0N3OQR6aQqhjPsNDd69ncYwRfL1sTo7OA9T3VRVSe2Q==
+  dependencies:
+    ast-module-types "^3.0.0"
+    escodegen "^2.0.0"
+    get-amd-module-type "^4.0.0"
+    node-source-walk "^5.0.0"
+
 detective-cjs@^3.1.1:
   version "3.1.3"
   resolved "https://registry.yarnpkg.com/detective-cjs/-/detective-cjs-3.1.3.tgz#50e107d67b37f459b0ec02966ceb7e20a73f268b"
@@ -2178,13 +2224,28 @@ detective-cjs@^3.1.1:
     ast-module-types "^3.0.0"
     node-source-walk "^4.0.0"
 
-detective-es6@^2.2.0, detective-es6@^2.2.1:
+detective-cjs@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/detective-cjs/-/detective-cjs-4.0.0.tgz#316e2c7ae14276a5dcfe0c43dc05d8cf9a0e5cf9"
+  integrity sha512-VsD6Yo1+1xgxJWoeDRyut7eqZ8EWaJI70C5eanSAPcBHzenHZx0uhjxaaEfIm0cHII7dBiwU98Orh44bwXN2jg==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
+detective-es6@^2.2.1:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/detective-es6/-/detective-es6-2.2.2.tgz#ee5f880981d9fecae9a694007029a2f6f26d8d28"
   integrity sha512-eZUKCUsbHm8xoeoCM0z6JFwvDfJ5Ww5HANo+jPR7AzkFpW9Mun3t/TqIF2jjeWa2TFbAiGaWESykf2OQp3oeMw==
   dependencies:
     node-source-walk "^4.0.0"
 
+detective-es6@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/detective-es6/-/detective-es6-3.0.0.tgz#78c9ef5492d5b59748b411aecaaf52b5ca0f0bc2"
+  integrity sha512-Uv2b5Uih7vorYlqGzCX+nTPUb4CMzUAn3VPHTV5p5lBkAN4cAApLGgUz4mZE2sXlBfv4/LMmeP7qzxHV/ZcfWA==
+  dependencies:
+    node-source-walk "^5.0.0"
+
 detective-less@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/detective-less/-/detective-less-1.0.2.tgz#a68af9ca5f69d74b7d0aa190218b211d83b4f7e3"
@@ -2204,14 +2265,14 @@ detective-postcss@^4.0.0:
     postcss "^8.1.7"
     postcss-values-parser "^2.0.1"
 
-detective-postcss@^5.0.0:
-  version "5.1.1"
-  resolved "https://registry.yarnpkg.com/detective-postcss/-/detective-postcss-5.1.1.tgz#ec23ac3818f8be95ac3a38a8b9f3b6d43103ef87"
-  integrity sha512-YJMsvA0Y6/ST9abMNcQytl9iFQ2bfu4I7B74IUiAvyThfaI9Y666yipL+SrqfReoIekeIEwmGH72oeqX63mwUw==
+detective-postcss@^6.0.1, detective-postcss@^6.1.0:
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/detective-postcss/-/detective-postcss-6.1.0.tgz#01ca6f83dbc3158540fb0e6a6c631f3998946e54"
+  integrity sha512-ZFZnEmUrL2XHAC0j/4D1fdwZbo/anAcK84soJh7qc7xfx2Kc8gFO5Bk5I9jU7NLC/OAF1Yho1GLxEDnmQnRH2A==
   dependencies:
     is-url "^1.2.4"
-    postcss "^8.4.6"
-    postcss-values-parser "^5.0.0"
+    postcss "^8.4.12"
+    postcss-values-parser "^6.0.2"
 
 detective-sass@^3.0.1:
   version "3.0.2"
@@ -2221,6 +2282,14 @@ detective-sass@^3.0.1:
     gonzales-pe "^4.3.0"
     node-source-walk "^4.0.0"
 
+detective-sass@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/detective-sass/-/detective-sass-4.0.1.tgz#2a9e303a0bd472d00aaa79512334845e3acbaffc"
+  integrity sha512-80zfpxux1krOrkxCHbtwvIs2gNHUBScnSqlGl0FvUuHVz8HD6vD2ov66OroMctyvzhM67fxhuEeVjIk18s6yTQ==
+  dependencies:
+    gonzales-pe "^4.3.0"
+    node-source-walk "^5.0.0"
+
 detective-scss@^2.0.1:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/detective-scss/-/detective-scss-2.0.2.tgz#7d2a642616d44bf677963484fa8754d9558b8235"
@@ -2229,11 +2298,24 @@ detective-scss@^2.0.1:
     gonzales-pe "^4.3.0"
     node-source-walk "^4.0.0"
 
+detective-scss@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/detective-scss/-/detective-scss-3.0.0.tgz#c3c7bc4799f51515a4f0ed1e8ca491151364230f"
+  integrity sha512-37MB/mhJyS45ngqfzd6eTbuLMoDgdZnH03ZOMW2m9WqJ/Rlbuc8kZAr0Ypovaf1DJiTRzy5mmxzOTja85jbzlA==
+  dependencies:
+    gonzales-pe "^4.3.0"
+    node-source-walk "^5.0.0"
+
 detective-stylus@^1.0.0:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/detective-stylus/-/detective-stylus-1.0.3.tgz#20a702936c9fd7d4203fd7a903314b5dd43ac713"
   integrity sha512-4/bfIU5kqjwugymoxLXXLltzQNeQfxGoLm2eIaqtnkWxqbhap9puDVpJPVDx96hnptdERzS5Cy6p9N8/08A69Q==
 
+detective-stylus@^2.0.0, detective-stylus@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/detective-stylus/-/detective-stylus-2.0.1.tgz#d528dfa7ef3c4eb2fbc9a7249d54906ec4e05d09"
+  integrity sha512-/Tvs1pWLg8eYwwV6kZQY5IslGaYqc/GACxjcaGudiNtN5nKCH6o2WnJK3j0gA3huCnoQcbv8X7oz/c1lnvE3zQ==
+
 detective-typescript@^7.0.0:
   version "7.0.2"
   resolved "https://registry.yarnpkg.com/detective-typescript/-/detective-typescript-7.0.2.tgz#c6e00b4c28764741ef719662250e6b014a5f3c8e"
@@ -2244,6 +2326,16 @@ detective-typescript@^7.0.0:
     node-source-walk "^4.2.0"
     typescript "^3.9.10"
 
+detective-typescript@^9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/detective-typescript/-/detective-typescript-9.0.0.tgz#57d674cec49ec775460ab975b5bcbb5c2d32ff8e"
+  integrity sha512-lR78AugfUSBojwlSRZBeEqQ1l8LI7rbxOl1qTUnGLcjZQDjZmrZCb7R46rK8U8B5WzFvJrxa7fEBA8FoD/n5fA==
+  dependencies:
+    "@typescript-eslint/typescript-estree" "^5.13.0"
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+    typescript "^4.5.5"
+
 dezalgo@^1.0.0:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.4.tgz#751235260469084c132157dfa857f386d4c33d81"
@@ -2937,6 +3029,14 @@ get-amd-module-type@^3.0.0:
     ast-module-types "^3.0.0"
     node-source-walk "^4.2.2"
 
+get-amd-module-type@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/get-amd-module-type/-/get-amd-module-type-4.0.0.tgz#3d4e5b44eec81f8337157d7c52c4fa9389aff78b"
+  integrity sha512-GbBawUCuA2tY8ztiMiVo3e3P95gc2TVrfYFfpUHdHQA8WyxMCckK29bQsVKhYX8SUf+w6JLhL2LG8tSC0ANt9Q==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
 get-caller-file@^1.0.1:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-1.0.3.tgz#f978fa4c90d1dfe7ff2d6beda2a515e713bdcf4a"
@@ -3148,13 +3248,6 @@ graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
 
-graphviz@0.0.9:
-  version "0.0.9"
-  resolved "https://registry.yarnpkg.com/graphviz/-/graphviz-0.0.9.tgz#0bbf1df588c6a92259282da35323622528c4bbc4"
-  integrity sha512-SmoY2pOtcikmMCqCSy2NO1YsRfu9OO0wpTlOYW++giGjfX1a6gax/m1Fo8IdUd0/3H15cTOfR1SMKwohj4LKsg==
-  dependencies:
-    temp "~0.4.0"
-
 handlebars@^4.7.6:
   version "4.7.7"
   resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
@@ -4167,31 +4260,32 @@ macos-release@^2.2.0:
   resolved "https://registry.yarnpkg.com/macos-release/-/macos-release-2.5.0.tgz#067c2c88b5f3fb3c56a375b2ec93826220fa1ff2"
   integrity sha512-EIgv+QZ9r+814gjJj0Bt5vSLJLzswGmSUbUpbi9AIr/fsN2IWFBl2NucV9PAiek+U1STK468tEkxmVYUtuAN3g==
 
-madge@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/madge/-/madge-5.0.1.tgz#2096d9006558ea0669b3ade89c2cda708a24e22b"
-  integrity sha512-krmSWL9Hkgub74bOjnjWRoFPAJvPwSG6Dbta06qhWOq6X/n/FPzO3ESZvbFYVIvG2g4UHXvCJN1b+RZLaSs9nA==
+madge@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/madge/-/madge-6.0.0.tgz#d17d68d1023376318cae89abd16629d329f4ed0a"
+  integrity sha512-dddxP62sj5pL+l9MJnq9C34VFqmRj+2+uSOdn/7lOTSliLRH0WyQ8uCEF3VxkPRNOBvMKK2xumnIE15HRSAL9A==
   dependencies:
     chalk "^4.1.1"
     commander "^7.2.0"
     commondir "^1.0.1"
     debug "^4.3.1"
-    dependency-tree "^8.1.1"
-    detective-amd "^3.1.0"
-    detective-cjs "^3.1.1"
-    detective-es6 "^2.2.0"
+    dependency-tree "^9.0.0"
+    detective-amd "^4.0.1"
+    detective-cjs "^4.0.0"
+    detective-es6 "^3.0.0"
     detective-less "^1.0.2"
-    detective-postcss "^5.0.0"
-    detective-sass "^3.0.1"
-    detective-scss "^2.0.1"
-    detective-stylus "^1.0.0"
-    detective-typescript "^7.0.0"
-    graphviz "0.0.9"
+    detective-postcss "^6.1.0"
+    detective-sass "^4.0.1"
+    detective-scss "^3.0.0"
+    detective-stylus "^2.0.1"
+    detective-typescript "^9.0.0"
     ora "^5.4.1"
     pluralize "^8.0.0"
     precinct "^8.1.0"
     pretty-ms "^7.0.1"
     rc "^1.2.7"
+    stream-to-array "^2.3.0"
+    ts-graphviz "^1.5.0"
     typescript "^3.9.5"
     walkdir "^0.4.1"
 
@@ -4481,6 +4575,14 @@ module-definition@^3.3.1:
     ast-module-types "^3.0.0"
     node-source-walk "^4.0.0"
 
+module-definition@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/module-definition/-/module-definition-4.0.0.tgz#5b39cca9be28c5b0fec768eb2d9fd8de08a2550b"
+  integrity sha512-wntiAHV4lDn24BQn2kX6LKq0y85phHLHiv3aOPDF+lIs06kVjEMTe/ZTdrbVLnQV5FQsjik21taknvMhKY1Cug==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
 module-lookup-amd@^7.0.1:
   version "7.0.1"
   resolved "https://registry.yarnpkg.com/module-lookup-amd/-/module-lookup-amd-7.0.1.tgz#d67c1a93f2ff8e38b8774b99a638e9a4395774b2"
@@ -4616,6 +4718,13 @@ node-source-walk@^4.0.0, node-source-walk@^4.2.0, node-source-walk@^4.2.2:
   dependencies:
     "@babel/parser" "^7.0.0"
 
+node-source-walk@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/node-source-walk/-/node-source-walk-5.0.0.tgz#7cf93a0d12408081531fc440a00d7019eb3d5665"
+  integrity sha512-58APXoMXpmmU+oVBJFajhTCoD8d/OGtngnVAWzIo2A8yn0IXwBzvIVIsTzoie/SrA37u+1hnpNz2HMWx/VIqlw==
+  dependencies:
+    "@babel/parser" "^7.0.0"
+
 "nopt@2 || 3":
   version "3.0.6"
   resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9"
@@ -5246,16 +5355,16 @@ postcss-values-parser@^2.0.1:
     indexes-of "^1.0.1"
     uniq "^1.0.1"
 
-postcss-values-parser@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-values-parser/-/postcss-values-parser-5.0.0.tgz#10c61ac3f488e4de25746b829ea8d8894e9ac3d2"
-  integrity sha512-2viDDjMMrt21W2izbeiJxl3kFuD/+asgB0CBwPEgSyhCmBnDIa/y+pLaoyX+q3I3DHH0oPPL3cgjVTQvlS1Maw==
+postcss-values-parser@^6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-values-parser/-/postcss-values-parser-6.0.2.tgz#636edc5b86c953896f1bb0d7a7a6615df00fb76f"
+  integrity sha512-YLJpK0N1brcNJrs9WatuJFtHaV9q5aAOj+S4DI5S7jgHlRfm0PIbDCAFRYMQD5SHq7Fy6xsDhyutgS0QOAs0qw==
   dependencies:
     color-name "^1.1.4"
     is-url-superb "^4.0.0"
     quote-unquote "^1.0.0"
 
-postcss@^8.1.7, postcss@^8.4.6:
+postcss@^8.1.7:
   version "8.4.16"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.16.tgz#33a1d675fac39941f5f445db0de4db2b6e01d43c"
   integrity sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==
@@ -5264,7 +5373,16 @@ postcss@^8.1.7, postcss@^8.4.6:
     picocolors "^1.0.0"
     source-map-js "^1.0.2"
 
-precinct@^8.0.0, precinct@^8.1.0:
+postcss@^8.4.12:
+  version "8.4.21"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.21.tgz#c639b719a57efc3187b13a1d765675485f4134f4"
+  integrity sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==
+  dependencies:
+    nanoid "^3.3.4"
+    picocolors "^1.0.0"
+    source-map-js "^1.0.2"
+
+precinct@^8.1.0:
   version "8.3.1"
   resolved "https://registry.yarnpkg.com/precinct/-/precinct-8.3.1.tgz#94b99b623df144eed1ce40e0801c86078466f0dc"
   integrity sha512-pVppfMWLp2wF68rwHqBIpPBYY8Kd12lDhk8LVQzOwqllifVR15qNFyod43YLyFpurKRZQKnE7E4pofAagDOm2Q==
@@ -5283,6 +5401,24 @@ precinct@^8.0.0, precinct@^8.1.0:
     module-definition "^3.3.1"
     node-source-walk "^4.2.0"
 
+precinct@^9.0.0:
+  version "9.0.1"
+  resolved "https://registry.yarnpkg.com/precinct/-/precinct-9.0.1.tgz#64e7ea0de4bea1b73572e50531dfe297c7b8a7c7"
+  integrity sha512-hVNS6JvfvlZ64B3ezKeGAcVhIuOvuAiSVzagHX/+KjVPkYWoCNkfyMgCl1bjDtAFQSlzi95NcS9ykUWrl1L1vA==
+  dependencies:
+    commander "^9.1.0"
+    detective-amd "^4.0.1"
+    detective-cjs "^4.0.0"
+    detective-es6 "^3.0.0"
+    detective-less "^1.0.2"
+    detective-postcss "^6.0.1"
+    detective-sass "^4.0.1"
+    detective-scss "^3.0.0"
+    detective-stylus "^2.0.0"
+    detective-typescript "^9.0.0"
+    module-definition "^4.0.0"
+    node-source-walk "^5.0.0"
+
 prelude-ls@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396"
@@ -6168,6 +6304,13 @@ stream-shift@^1.0.0:
   resolved "https://registry.yarnpkg.com/stream-shift/-/stream-shift-1.0.1.tgz#d7088281559ab2778424279b0877da3c392d5a3d"
   integrity sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ==
 
+stream-to-array@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/stream-to-array/-/stream-to-array-2.3.0.tgz#bbf6b39f5f43ec30bc71babcb37557acecf34353"
+  integrity sha512-UsZtOYEn4tWU2RGLOXr/o/xjRBftZRlG3dEWoaHr8j4GuypJ3isitGbVyjQKAuMu+xbiop8q224TjiZWc4XTZA==
+  dependencies:
+    any-promise "^1.1.0"
+
 strict-uri-encode@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546"
@@ -6401,11 +6544,6 @@ temp-write@^3.4.0:
     temp-dir "^1.0.0"
     uuid "^3.0.1"
 
-temp@~0.4.0:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/temp/-/temp-0.4.0.tgz#671ad63d57be0fe9d7294664b3fc400636678a60"
-  integrity sha512-IsFisGgDKk7qzK9erMIkQe/XwiSUdac7z3wYOsjcLkhPBy3k1SlvLoIh2dAHIlEpgA971CgguMrx9z8fFg7tSA==
-
 text-extensions@^1.0.0:
   version "1.9.0"
   resolved "https://registry.yarnpkg.com/text-extensions/-/text-extensions-1.9.0.tgz#1853e45fee39c945ce6f6c36b2d659b5aabc2a26"
@@ -6523,6 +6661,11 @@ trim-newlines@^3.0.0:
   resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-3.0.1.tgz#260a5d962d8b752425b32f3a7db0dcacd176c144"
   integrity sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw==
 
+ts-graphviz@^1.5.0:
+  version "1.5.4"
+  resolved "https://registry.yarnpkg.com/ts-graphviz/-/ts-graphviz-1.5.4.tgz#61a3059afeac4f6d4be3c6729a4d88546ca9e095"
+  integrity sha512-oxhI6wfPQBJC8WSiP0AjDI8z+9hcc9yl1etaynQJmQ2Yivn0KlT0oImLzJct7Es0TR/6xphzvJBAhGzgOjTGmQ==
+
 tsconfig-paths@^3.10.1:
   version "3.14.1"
   resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a"
@@ -6606,6 +6749,11 @@ typescript@^3.9.10, typescript@^3.9.5, typescript@^3.9.7:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-3.9.10.tgz#70f3910ac7a51ed6bef79da7800690b19bf778b8"
   integrity sha512-w6fIxVE/H1PkLKcCPsFqKE7Kv7QUwhU8qQY2MueZXWx5cPZdwFupLgKK3vntcK98BtNHZtAF4LA/yl2a7k8R6Q==
 
+typescript@^4.0.0, typescript@^4.5.5:
+  version "4.9.5"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.5.tgz#095979f9bcc0d09da324d58d03ce8f8374cbe65a"
+  integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==
+
 uglify-js@^3.1.4:
   version "3.16.1"
   resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.16.1.tgz#0e7ec928b3d0b1e1d952bce634c384fd56377317"