diff --git a/.github/workflows/budibase_ci.yml b/.github/workflows/budibase_ci.yml
index c07f9b2c28..c64adb010f 100644
--- a/.github/workflows/budibase_ci.yml
+++ b/.github/workflows/budibase_ci.yml
@@ -10,8 +10,7 @@ on:
  pull_request:
     branches:
       - master
-      - develop 
-      - release 
+      - develop
  workflow_dispatch:
 
 env:
@@ -20,9 +19,67 @@ env:
   PERSONAL_ACCESS_TOKEN : ${{ secrets.PERSONAL_ACCESS_TOKEN }}
 
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js 14.x
+      uses: actions/setup-node@v1
+      with:
+        node-version: 14.x
+    - run: yarn
+    - run: yarn lint
+
   build:
     runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Pro
+        run: yarn install:pro $BRANCH $BASE_BRANCH
+      - run: yarn
+      - run: yarn bootstrap
+      - run: yarn build
 
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Pro
+        run: yarn install:pro $BRANCH $BASE_BRANCH
+      - run: yarn
+      - run: yarn bootstrap
+      - run: yarn test
+      - uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+          files: ./packages/server/coverage/clover.xml,./packages/worker/coverage/clover.xml,./packages/backend-core/coverage/clover.xml
+          name: codecov-umbrella
+          verbose: true
+
+  test-pro:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Pro
+        run: yarn install:pro $BRANCH $BASE_BRANCH
+      - run: yarn
+      - run: yarn bootstrap
+      - run: yarn test:pro
+
+  integration-test:
+    runs-on: ubuntu-latest
     services:
       couchdb:
         image: ibmcom/couchdb3
@@ -31,39 +88,18 @@ jobs:
           COUCHDB_USER: budibase
         ports:
           - 4567:5984
-
-    strategy:
-      matrix:
-        node-version: [14.x]
-
     steps:
-    - uses: actions/checkout@v2
-
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
-
-    - name: Install Pro
-      run: yarn install:pro $BRANCH $BASE_BRANCH
-
-    - run: yarn
-    - run: yarn bootstrap
-    - run: yarn lint
-    - run: yarn build
-    - run: yarn test
-      env:
-        CI: true
-        name: Budibase CI
-    - uses: codecov/codecov-action@v1
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
-        files: ./packages/server/coverage/clover.xml,./packages/worker/coverage/clover.xml,./packages/backend-core/coverage/clover.xml
-        name: codecov-umbrella
-        verbose: true 
-
-    - name: QA Core Integration Tests
-      run: | 
-        cd qa-core
-        yarn
-        yarn api:test:ci
\ No newline at end of file
+      - uses: actions/checkout@v2
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+      - name: Install Pro
+        run: yarn install:pro $BRANCH $BASE_BRANCH
+      - run: yarn
+      - run: yarn bootstrap
+      - run: yarn build
+      - run: |
+          cd qa-core
+          yarn
+          yarn api:test:ci
diff --git a/.github/workflows/deploy-preprod.yml b/.github/workflows/deploy-preprod.yml
index cef47636ee..eec5546444 100644
--- a/.github/workflows/deploy-preprod.yml
+++ b/.github/workflows/deploy-preprod.yml
@@ -37,7 +37,7 @@ jobs:
           wc -l values.preprod.yaml
 
       - name: Deploy to Preprod Environment
-        uses: glopezep/helm@v1.7.1
+        uses: budibase/helm@v1.8.0
         with:
           release: budibase-preprod
           namespace: budibase
diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml
index cff26fd7c8..1f7a5ebfd4 100644
--- a/.github/workflows/deploy-release.yml
+++ b/.github/workflows/deploy-release.yml
@@ -38,7 +38,7 @@ jobs:
           wc -l values.release.yaml
 
       - name: Deploy to Release Environment
-        uses: glopezep/helm@v1.7.1
+        uses: budibase/helm@v1.8.0
         with:
           release: budibase-release
           namespace: budibase
diff --git a/.github/workflows/release-develop.yml b/.github/workflows/release-develop.yml
index 1ac6b20003..e986179cfc 100644
--- a/.github/workflows/release-develop.yml
+++ b/.github/workflows/release-develop.yml
@@ -45,10 +45,9 @@ jobs:
 
       - run: yarn 
       - run: yarn bootstrap
-      - run: yarn lint 
       - run: yarn build
       - run: yarn build:sdk
-      - run: yarn test
+#      - run: yarn test
 
       - name: Publish budibase packages to NPM
         env:
@@ -69,83 +68,6 @@ jobs:
           DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKER_API_KEY }}
 
-  deploy-to-release-env:
-    needs: [release-images]
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Get the current budibase release version
-        id: version
-        run: |
-          release_version=$(cat lerna.json | jq -r '.version')
-          echo "RELEASE_VERSION=$release_version" >> $GITHUB_ENV
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-west-1
-
-      - name: Pull values.yaml from budibase-infra
-        run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
-          -H 'Accept: application/vnd.github.v3.raw' \
-          -o values.release.yaml \
-          -L https://api.github.com/repos/budibase/budibase-infra/contents/kubernetes/budibase-release/values.yaml
-          wc -l values.release.yaml
-
-      - name: Deploy to Release Environment
-        uses: glopezep/helm@v1.7.1
-        with:
-          release: budibase-release
-          namespace: budibase
-          chart: charts/budibase
-          token: ${{ github.token }}
-          helm: helm3
-          values: |
-            globals: 
-              appVersion: develop
-            ingress:
-              enabled: true
-              nginx: true
-          value-files: >-
-            [
-              "values.release.yaml"
-            ]
-        env:
-          KUBECONFIG_FILE: '${{ secrets.RELEASE_KUBECONFIG }}'
-      
-      - name: Re roll app-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment app-service -n budibase
-
-      - name: Re roll proxy-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment proxy-service -n budibase
-
-      - name: Re roll worker-service
-        uses: actions-hub/kubectl@master
-        env:
-          KUBE_CONFIG: ${{ secrets.RELEASE_KUBECONFIG_BASE64 }}
-        with:
-          args: rollout restart deployment worker-service -n budibase
-
-      - name: Discord Webhook Action
-        uses: tsickert/discord-webhook@v4.0.0
-        with:
-          webhook-url: ${{ secrets.PROD_DEPLOY_WEBHOOK_URL }}
-          content: "Release Env Deployment Complete: ${{ env.RELEASE_VERSION }} deployed to Budibase Release Env."
-          embed-title: ${{ env.RELEASE_VERSION }}
-
   release-helm-chart:
     needs: [release-images]
     runs-on: ubuntu-latest
@@ -194,5 +116,5 @@ jobs:
           PAYLOAD_VERSION: ${{ env.RELEASE_VERSION }}
         with:
           repository: budibase/budibase-deploys
-          event: deploy-budibase-develop-to-qa
+          event: budicloud-qa-deploy
           github_pat: ${{ secrets.GH_ACCESS_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/release-selfhost.yml b/.github/workflows/release-selfhost.yml
index 12fb8f5a9d..f5a2f643c3 100644
--- a/.github/workflows/release-selfhost.yml
+++ b/.github/workflows/release-selfhost.yml
@@ -16,9 +16,13 @@ jobs:
 
       - uses: actions/checkout@v2
         with: 
-          node-version: 14.x
           fetch_depth: 0
 
+      - name: Use Node.js 14.x
+        uses: actions/setup-node@v1
+        with:
+          node-version: 14.x
+
       - name: Get the latest budibase release version
         id: version
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2a28150891..a24537ccd4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -107,7 +107,7 @@ jobs:
           wc -l values.preprod.yaml
 
       - name: Deploy to Preprod Environment
-        uses: glopezep/helm@v1.7.1
+        uses: budibase/helm@v1.8.0
         with:
           release: budibase-preprod
           namespace: budibase
diff --git a/.github/workflows/smoke_test.yaml b/.github/workflows/smoke_test.yaml
index 29c7f5f85a..3fd61cd9c5 100644
--- a/.github/workflows/smoke_test.yaml
+++ b/.github/workflows/smoke_test.yaml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   nightly:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, qa]
 
     steps:
       - uses: actions/checkout@v2
@@ -15,30 +15,17 @@ jobs:
         uses: actions/setup-node@v1
         with:
           node-version: 14.x
-      - run: yarn
-      - run: yarn bootstrap
-      - run: yarn build
-      - name: Pull  from budibase-infra
+      - name: QA Core Integration Tests
         run: | 
-          curl -H "Authorization: token ${{ secrets.GH_PERSONAL_TOKEN }}" \
-          -H 'Accept: application/vnd.github.v3.raw' \
-          -o 
-          -L 
-          wc -l 
-      
-      - uses: actions/upload-artifact@v3
-        with:
-          name: Test Reports
-          path: 
+          cd qa-core
+          yarn
+          yarn api:test:ci
+        env:
+          BUDIBASE_HOST: budicloud.qa.budibase.net
+          BUDIBASE_ACCOUNTS_URL: https://account-portal.budicloud.qa.budibase.net
 
-      # TODO: enable once running in QA test env
-      # - name: Configure AWS Credentials
-      #   uses: aws-actions/configure-aws-credentials@v1
-      #   with:
-      #     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      #     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      #     aws-region: eu-west-1
-      
-      # - name: Upload test results HTML
-      #   uses: aws-actions/configure-aws-credentials@v1
-      #   run: aws s3 cp packages/builder/cypress/reports/testReport.html s3://{{ secrets.BUDI_QA_REPORTS_BUCKET_NAME }}/$GITHUB_RUN_ID/index.html
+      - name: Cypress Discord Notify
+        run: yarn test:notify
+        env:
+          WEBHOOK_URL: ${{ secrets.BUDI_QA_WEBHOOK }}
+          GITHUB_RUN_URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
\ No newline at end of file
diff --git a/.husky/pre-commit b/.husky/pre-commit
index 3b614330e0..6700f51282 100755
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1,2 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
-
-yarn run lint
diff --git a/.tool-versions b/.tool-versions
index 8a1af3c071..6ee8cc60be 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,2 +1,2 @@
 nodejs 14.19.3
-python 3.11.1
\ No newline at end of file
+python 3.10.0
\ No newline at end of file
diff --git a/charts/budibase/templates/proxy-service-deployment.yaml b/charts/budibase/templates/proxy-service-deployment.yaml
index e422df8db3..0dea38fcbd 100644
--- a/charts/budibase/templates/proxy-service-deployment.yaml
+++ b/charts/budibase/templates/proxy-service-deployment.yaml
@@ -51,6 +51,14 @@ spec:
           value: {{ tpl .Values.services.proxy.upstreams.minio . | quote }}
         - name: COUCHDB_UPSTREAM_URL
           value: {{ .Values.services.couchdb.url | default (tpl .Values.services.proxy.upstreams.couchdb .) | quote }}
+        {{ if .Values.services.proxy.proxyRateLimitWebhooksPerSecond }}
+        - name: PROXY_RATE_LIMIT_WEBHOOKS_PER_SECOND
+          value: {{ .Values.services.proxy.proxyRateLimitWebhooksPerSecond | quote }}
+        {{ end }}
+        {{ if .Values.services.proxy.proxyRateLimitApiPerSecond }}
+        - name: PROXY_RATE_LIMIT_API_PER_SECOND
+          value: {{ .Values.services.proxy.proxyRateLimitApiPerSecond | quote }}
+        {{ end }}
         - name: RESOLVER
           {{ if .Values.services.proxy.resolver }}
           value: {{ .Values.services.proxy.resolver }}
diff --git a/charts/budibase/values.yaml b/charts/budibase/values.yaml
index dd75b2daa3..536af8560f 100644
--- a/charts/budibase/values.yaml
+++ b/charts/budibase/values.yaml
@@ -245,7 +245,7 @@ couchdb:
   ## The CouchDB image
   image:
     repository: couchdb
-    tag: 3.2.1
+    tag: 3.1.1
     pullPolicy: IfNotPresent
 
   ## Experimental integration with Lucene-powered fulltext search
diff --git a/hosting/docker-compose.test.yaml b/hosting/docker-compose.test.yaml
index dfd78621c5..f059173d2d 100644
--- a/hosting/docker-compose.test.yaml
+++ b/hosting/docker-compose.test.yaml
@@ -8,8 +8,8 @@ services:
     # Last version that supports the "fs" backend
     image: minio/minio:RELEASE.2022-10-24T18-35-07Z
     ports:
-      - 9000
-      - 9001
+      - "9000"
+      - "9001"
     environment:
       MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
       MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
@@ -28,9 +28,9 @@ services:
       - COUCHDB_PASSWORD=${COUCH_DB_PASSWORD}
       - COUCHDB_USER=${COUCH_DB_USER}
     ports:
-      - 5984
-      - 4369
-      - 9100
+      - "5984"
+      - "4369"
+      - "9100"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:5984/_up"]
       interval: 30s
@@ -42,6 +42,6 @@ services:
     image: redis
     command: redis-server --requirepass ${REDIS_PASSWORD}
     ports:
-      - 6379
+      - "6379"
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "ping"]
\ No newline at end of file
diff --git a/hosting/proxy/nginx.prod.conf b/hosting/proxy/nginx.prod.conf
index 21b337deae..4d8b3466bf 100644
--- a/hosting/proxy/nginx.prod.conf
+++ b/hosting/proxy/nginx.prod.conf
@@ -55,7 +55,7 @@ http {
     set $csp_style "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me https://maxcdn.bootstrapcdn.com";
     set $csp_object "object-src 'none'";
     set $csp_base_uri "base-uri 'self'";
-    set $csp_connect "connect-src 'self' https://*.budibase.net https://api-iam.intercom.io https://api-iam.intercom.io  https://api-ping.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io  wss://nexus-websocket-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io  https://uploads.intercomcdn.com  https://uploads.intercomusercontent.com https://*.s3.amazonaws.com https://*.s3.us-east-2.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.s3.us-west-1.amazonaws.com https://*.s3.us-west-2.amazonaws.com https://*.s3.af-south-1.amazonaws.com https://*.s3.ap-east-1.amazonaws.com https://*.s3.ap-southeast-3.amazonaws.com https://*.s3.ap-south-1.amazonaws.com https://*.s3.ap-northeast-3.amazonaws.com https://*.s3.ap-northeast-2.amazonaws.com https://*.s3.ap-southeast-1.amazonaws.com https://*.s3.ap-southeast-2.amazonaws.com https://*.s3.ap-northeast-1.amazonaws.com https://*.s3.ca-central-1.amazonaws.com https://*.s3.cn-north-1.amazonaws.com https://*.s3.cn-northwest-1.amazonaws.com https://*.s3.eu-central-1.amazonaws.com https://*.s3.eu-west-1.amazonaws.com https://*.s3.eu-west-2.amazonaws.com https://*.s3.eu-south-1.amazonaws.com https://*.s3.eu-west-3.amazonaws.com https://*.s3.eu-north-1.amazonaws.com https://*.s3.sa-east-1.amazonaws.com https://*.s3.me-south-1.amazonaws.com https://*.s3.us-gov-east-1.amazonaws.com https://*.s3.us-gov-west-1.amazonaws.com https://api.github.com";
+    set $csp_connect "connect-src 'self' https://*.budibase.net https://api-iam.intercom.io https://api-iam.intercom.io  https://api-ping.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io  wss://nexus-websocket-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io  https://uploads.intercomcdn.com  https://uploads.intercomusercontent.com https://*.s3.*.amazonaws.com https://s3.*.amazonaws.com https://api.github.com";
     set $csp_font "font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me https://maxcdn.bootstrapcdn.com  https://js.intercomcdn.com  https://fonts.intercomcdn.com";
     set $csp_frame "frame-src 'self' https:";
     set $csp_img "img-src http: https: data: blob:";
diff --git a/lerna.json b/lerna.json
index 0377c73101..67b7904a53 100644
--- a/lerna.json
+++ b/lerna.json
@@ -1,5 +1,5 @@
 {
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "npmClient": "yarn",
   "packages": [
     "packages/*"
diff --git a/package.json b/package.json
index 3ead7d5553..815e470916 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
     "js-yaml": "^4.1.0",
     "kill-port": "^1.6.1",
     "lerna": "3.14.1",
-    "madge": "^5.0.1",
+    "madge": "^6.0.0",
     "prettier": "^2.3.1",
     "prettier-plugin-svelte": "^2.3.0",
     "rimraf": "^3.0.2",
@@ -44,7 +44,7 @@
     "dev": "yarn run kill-all && lerna link && lerna run --parallel dev:builder --concurrency 1",
     "dev:noserver": "yarn run kill-builder && lerna link && lerna run dev:stack:up && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
     "dev:server": "yarn run kill-server && lerna run --parallel dev:builder --concurrency 1 --scope @budibase/backend-core --scope @budibase/worker --scope @budibase/server",
-    "test": "lerna run test && yarn test:pro",
+    "test": "lerna run test",
     "test:pro": "bash scripts/pro/test.sh",
     "lint:eslint": "eslint packages && eslint qa-core",
     "lint:prettier": "prettier --check \"packages/**/*.{js,ts,svelte}\" && prettier --write \"examples/**/*.{js,ts,svelte}\" && prettier --check \"qa-core/**/*.{js,ts,svelte}\"",
@@ -84,4 +84,4 @@
     "install:pro": "bash scripts/pro/install.sh",
     "dep:clean": "yarn clean && yarn bootstrap"
   }
-}
\ No newline at end of file
+}
diff --git a/packages/backend-core/jest.config.ts b/packages/backend-core/jest.config.ts
index 0483fb073a..1e69797e71 100644
--- a/packages/backend-core/jest.config.ts
+++ b/packages/backend-core/jest.config.ts
@@ -9,15 +9,9 @@ const baseConfig: Config.InitialProjectOptions = {
   transform: {
     "^.+\\.ts?$": "@swc/jest",
   },
-}
-
-if (!process.env.CI) {
-  // use sources when not in CI
-  baseConfig.moduleNameMapper = {
+  moduleNameMapper: {
     "@budibase/types": "<rootDir>/../types/src",
-  }
-} else {
-  console.log("Running tests with compiled dependency sources")
+  },
 }
 
 const config: Config.InitialOptions = {
diff --git a/packages/backend-core/package.json b/packages/backend-core/package.json
index e6dda5e162..421304809c 100644
--- a/packages/backend-core/package.json
+++ b/packages/backend-core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -18,13 +18,13 @@
     "build:pro": "../../scripts/pro/build.sh",
     "postbuild": "yarn run build:pro",
     "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
-    "test": "jest --coverage --maxWorkers=2",
+    "test": "bash scripts/test.sh",
     "test:watch": "jest --watchAll"
   },
   "dependencies": {
-    "@budibase/nano": "10.1.1",
+    "@budibase/nano": "10.1.2",
     "@budibase/pouchdb-replication-stream": "1.2.10",
-    "@budibase/types": "^2.3.16",
+    "@budibase/types": "2.3.21-alpha.1",
     "@shopify/jest-koa-mocks": "5.0.1",
     "@techpass/passport-openidconnect": "0.3.2",
     "aws-cloudfront-sign": "2.2.0",
@@ -62,7 +62,7 @@
     "@trendyol/jest-testcontainers": "^2.1.1",
     "@types/chance": "1.1.3",
     "@types/ioredis": "4.28.0",
-    "@types/jest": "27.5.1",
+    "@types/jest": "28.1.1",
     "@types/koa": "2.13.4",
     "@types/koa-pino-logger": "3.0.0",
     "@types/lodash": "4.14.180",
diff --git a/packages/backend-core/scripts/test.sh b/packages/backend-core/scripts/test.sh
new file mode 100644
index 0000000000..4bf1900984
--- /dev/null
+++ b/packages/backend-core/scripts/test.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -n $CI ]]
+then
+  # --runInBand performs better in ci where resources are limited
+  echo "jest --coverage --runInBand"
+  jest --coverage --runInBand
+else
+  # --maxWorkers performs better in development
+  echo "jest --coverage"
+  jest --coverage
+fi
\ No newline at end of file
diff --git a/packages/backend-core/src/cloud/accounts.ts b/packages/backend-core/src/accounts/accounts.ts
similarity index 69%
rename from packages/backend-core/src/cloud/accounts.ts
rename to packages/backend-core/src/accounts/accounts.ts
index 90fa7ab824..a16d0f1074 100644
--- a/packages/backend-core/src/cloud/accounts.ts
+++ b/packages/backend-core/src/accounts/accounts.ts
@@ -1,13 +1,24 @@
 import API from "./api"
 import env from "../environment"
 import { Header } from "../constants"
-import { CloudAccount } from "@budibase/types"
+import { CloudAccount, HealthStatusResponse } from "@budibase/types"
 
 const api = new API(env.ACCOUNT_PORTAL_URL)
 
+/**
+ * This client is intended to be used in a cloud hosted deploy only.
+ * Rather than relying on each consumer to perform the necessary environmental checks
+ * we use the following check to exit early with a undefined response which should be
+ * handled by the caller.
+ */
+const EXIT_EARLY = env.SELF_HOSTED || env.DISABLE_ACCOUNT_PORTAL
+
 export const getAccount = async (
   email: string
 ): Promise<CloudAccount | undefined> => {
+  if (EXIT_EARLY) {
+    return
+  }
   const payload = {
     email,
   }
@@ -29,6 +40,9 @@ export const getAccount = async (
 export const getAccountByTenantId = async (
   tenantId: string
 ): Promise<CloudAccount | undefined> => {
+  if (EXIT_EARLY) {
+    return
+  }
   const payload = {
     tenantId,
   }
@@ -47,7 +61,12 @@ export const getAccountByTenantId = async (
   return json[0]
 }
 
-export const getStatus = async () => {
+export const getStatus = async (): Promise<
+  HealthStatusResponse | undefined
+> => {
+  if (EXIT_EARLY) {
+    return
+  }
   const response = await api.get(`/api/status`, {
     headers: {
       [Header.API_KEY]: env.ACCOUNT_PORTAL_API_KEY,
diff --git a/packages/backend-core/src/cloud/api.ts b/packages/backend-core/src/accounts/api.ts
similarity index 100%
rename from packages/backend-core/src/cloud/api.ts
rename to packages/backend-core/src/accounts/api.ts
diff --git a/packages/backend-core/src/accounts/index.ts b/packages/backend-core/src/accounts/index.ts
new file mode 100644
index 0000000000..f2ae03040e
--- /dev/null
+++ b/packages/backend-core/src/accounts/index.ts
@@ -0,0 +1 @@
+export * from "./accounts"
diff --git a/packages/backend-core/src/auth/auth.ts b/packages/backend-core/src/auth/auth.ts
index bbefb2933d..7e6fe4bcee 100644
--- a/packages/backend-core/src/auth/auth.ts
+++ b/packages/backend-core/src/auth/auth.ts
@@ -1,22 +1,36 @@
 const _passport = require("koa-passport")
 const LocalStrategy = require("passport-local").Strategy
 const JwtStrategy = require("passport-jwt").Strategy
-import { getGlobalDB } from "../tenancy"
-const refresh = require("passport-oauth2-refresh")
-import { Config } from "../constants"
-import { getScopedConfig } from "../db"
+import { getGlobalDB } from "../context"
+import { Cookie } from "../constants"
+import { getSessionsForUser, invalidateSessions } from "../security/sessions"
 import {
+  authenticated,
+  csrf,
+  google,
   jwt as jwtPassport,
   local,
-  authenticated,
-  tenancy,
-  csrf,
   oidc,
-  google,
+  tenancy,
 } from "../middleware"
+import * as userCache from "../cache/user"
 import { invalidateUser } from "../cache/user"
-import { User } from "@budibase/types"
+import {
+  ConfigType,
+  GoogleInnerConfig,
+  OIDCInnerConfig,
+  PlatformLogoutOpts,
+  SSOProviderType,
+  User,
+} from "@budibase/types"
 import { logAlert } from "../logging"
+import * as events from "../events"
+import * as configs from "../configs"
+import { clearCookie, getCookie } from "../utils"
+import { ssoSaveUserNoOp } from "../middleware/passport/sso/sso"
+import env from "../environment"
+
+const refresh = require("passport-oauth2-refresh")
 export {
   auditLog,
   authError,
@@ -39,7 +53,7 @@ export const jwt = require("jsonwebtoken")
 _passport.use(new LocalStrategy(local.options, local.authenticate))
 if (jwtPassport.options.secretOrKey) {
   _passport.use(new JwtStrategy(jwtPassport.options, jwtPassport.authenticate))
-} else {
+} else if (!env.DISABLE_JWT_WARNING) {
   logAlert("No JWT Secret supplied, cannot configure JWT strategy")
 }
 
@@ -58,11 +72,10 @@ _passport.deserializeUser(async (user: User, done: any) => {
 })
 
 async function refreshOIDCAccessToken(
-  db: any,
-  chosenConfig: any,
+  chosenConfig: OIDCInnerConfig,
   refreshToken: string
-) {
-  const callbackUrl = await oidc.getCallbackUrl(db, chosenConfig)
+): Promise<RefreshResponse> {
+  const callbackUrl = await oidc.getCallbackUrl()
   let enrichedConfig: any
   let strategy: any
 
@@ -71,7 +84,7 @@ async function refreshOIDCAccessToken(
     if (!enrichedConfig) {
       throw new Error("OIDC Config contents invalid")
     }
-    strategy = await oidc.strategyFactory(enrichedConfig)
+    strategy = await oidc.strategyFactory(enrichedConfig, ssoSaveUserNoOp)
   } catch (err) {
     console.error(err)
     throw new Error("Could not refresh OAuth Token")
@@ -85,7 +98,7 @@ async function refreshOIDCAccessToken(
 
   return new Promise(resolve => {
     refresh.requestNewAccessToken(
-      Config.OIDC,
+      ConfigType.OIDC,
       refreshToken,
       (err: any, accessToken: string, refreshToken: any, params: any) => {
         resolve({ err, accessToken, refreshToken, params })
@@ -95,15 +108,18 @@ async function refreshOIDCAccessToken(
 }
 
 async function refreshGoogleAccessToken(
-  db: any,
-  config: any,
+  config: GoogleInnerConfig,
   refreshToken: any
-) {
-  let callbackUrl = await google.getCallbackUrl(db, config)
+): Promise<RefreshResponse> {
+  let callbackUrl = await google.getCallbackUrl(config)
 
   let strategy
   try {
-    strategy = await google.strategyFactory(config, callbackUrl)
+    strategy = await google.strategyFactory(
+      config,
+      callbackUrl,
+      ssoSaveUserNoOp
+    )
   } catch (err: any) {
     console.error(err)
     throw new Error(
@@ -115,7 +131,7 @@ async function refreshGoogleAccessToken(
 
   return new Promise(resolve => {
     refresh.requestNewAccessToken(
-      Config.GOOGLE,
+      ConfigType.GOOGLE,
       refreshToken,
       (err: any, accessToken: string, refreshToken: string, params: any) => {
         resolve({ err, accessToken, refreshToken, params })
@@ -124,43 +140,41 @@ async function refreshGoogleAccessToken(
   })
 }
 
-export async function refreshOAuthToken(
-  refreshToken: string,
-  configType: string,
-  configId: string
-) {
-  const db = getGlobalDB()
-
-  const config = await getScopedConfig(db, {
-    type: configType,
-    group: {},
-  })
-
-  let chosenConfig = {}
-  let refreshResponse
-  if (configType === Config.OIDC) {
-    // configId - retrieved from cookie.
-    chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
-    if (!chosenConfig) {
-      throw new Error("Invalid OIDC configuration")
-    }
-    refreshResponse = await refreshOIDCAccessToken(
-      db,
-      chosenConfig,
-      refreshToken
-    )
-  } else {
-    chosenConfig = config
-    refreshResponse = await refreshGoogleAccessToken(
-      db,
-      chosenConfig,
-      refreshToken
-    )
+interface RefreshResponse {
+  err?: {
+    data?: string
   }
-
-  return refreshResponse
+  accessToken?: string
+  refreshToken?: string
+  params?: any
 }
 
+export async function refreshOAuthToken(
+  refreshToken: string,
+  providerType: SSOProviderType,
+  configId?: string
+): Promise<RefreshResponse> {
+  switch (providerType) {
+    case SSOProviderType.OIDC:
+      if (!configId) {
+        return { err: { data: "OIDC config id not provided" } }
+      }
+      const oidcConfig = await configs.getOIDCConfigById(configId)
+      if (!oidcConfig) {
+        return { err: { data: "OIDC configuration not found" } }
+      }
+      return refreshOIDCAccessToken(oidcConfig, refreshToken)
+    case SSOProviderType.GOOGLE:
+      let googleConfig = await configs.getGoogleConfig()
+      if (!googleConfig) {
+        return { err: { data: "Google configuration not found" } }
+      }
+      return refreshGoogleAccessToken(googleConfig, refreshToken)
+  }
+}
+
+// TODO: Refactor to use user save function instead to prevent the need for
+// manually saving and invalidating on callback
 export async function updateUserOAuth(userId: string, oAuthConfig: any) {
   const details = {
     accessToken: oAuthConfig.accessToken,
@@ -188,3 +202,32 @@ export async function updateUserOAuth(userId: string, oAuthConfig: any) {
     console.error("Could not update OAuth details for current user", e)
   }
 }
+
+/**
+ * Logs a user out from budibase. Re-used across account portal and builder.
+ */
+export async function platformLogout(opts: PlatformLogoutOpts) {
+  const ctx = opts.ctx
+  const userId = opts.userId
+  const keepActiveSession = opts.keepActiveSession
+
+  if (!ctx) throw new Error("Koa context must be supplied to logout.")
+
+  const currentSession = getCookie(ctx, Cookie.Auth)
+  let sessions = await getSessionsForUser(userId)
+
+  if (keepActiveSession) {
+    sessions = sessions.filter(
+      session => session.sessionId !== currentSession.sessionId
+    )
+  } else {
+    // clear cookies
+    clearCookie(ctx, Cookie.Auth)
+    clearCookie(ctx, Cookie.CurrentApp)
+  }
+
+  const sessionIds = sessions.map(({ sessionId }) => sessionId)
+  await invalidateSessions(userId, { sessionIds, reason: "logout" })
+  await events.auth.logout(ctx.user?.email)
+  await userCache.invalidateUser(userId)
+}
diff --git a/packages/backend-core/src/auth/tests/auth.spec.ts b/packages/backend-core/src/auth/tests/auth.spec.ts
new file mode 100644
index 0000000000..307f6a63c8
--- /dev/null
+++ b/packages/backend-core/src/auth/tests/auth.spec.ts
@@ -0,0 +1,13 @@
+import { structures, testEnv } from "../../../tests"
+import * as auth from "../auth"
+import * as events from "../../events"
+
+describe("platformLogout", () => {
+  it("should call platform logout", async () => {
+    await testEnv.withTenant(async () => {
+      const ctx = structures.koa.newContext()
+      await auth.platformLogout({ ctx, userId: "test" })
+      expect(events.auth.logout).toBeCalledTimes(1)
+    })
+  })
+})
diff --git a/packages/backend-core/src/cache/appMetadata.ts b/packages/backend-core/src/cache/appMetadata.ts
index d24c4a3140..5b66c356d3 100644
--- a/packages/backend-core/src/cache/appMetadata.ts
+++ b/packages/backend-core/src/cache/appMetadata.ts
@@ -1,6 +1,6 @@
 import { getAppClient } from "../redis/init"
 import { doWithDB, DocumentType } from "../db"
-import { Database } from "@budibase/types"
+import { Database, App } from "@budibase/types"
 
 const AppState = {
   INVALID: "invalid",
@@ -65,7 +65,7 @@ export async function getAppMetadata(appId: string) {
   if (isInvalid(metadata)) {
     throw { status: 404, message: "No app metadata found" }
   }
-  return metadata
+  return metadata as App
 }
 
 /**
diff --git a/packages/backend-core/src/cache/tests/writethrough.spec.js b/packages/backend-core/src/cache/tests/writethrough.spec.js
deleted file mode 100644
index fefca30c18..0000000000
--- a/packages/backend-core/src/cache/tests/writethrough.spec.js
+++ /dev/null
@@ -1,61 +0,0 @@
-require("../../../tests")
-const { Writethrough } = require("../writethrough")
-const { getDB } = require("../../db")
-const tk = require("timekeeper")
-const { structures } = require("../../../tests")
-
-const START_DATE = Date.now()
-tk.freeze(START_DATE)
-
-
-const DELAY = 5000
-
-const db = getDB(structures.db.id())
-const db2 = getDB(structures.db.id())
-const writethrough = new Writethrough(db, DELAY), writethrough2 = new Writethrough(db2, DELAY)
-
-describe("writethrough", () => {
-  describe("put", () => {
-    let first
-    it("should be able to store, will go to DB", async () => {
-      const response = await writethrough.put({ _id: "test", value: 1 })
-      const output = await db.get(response.id)
-      first = output
-      expect(output.value).toBe(1)
-    })
-
-    it("second put shouldn't update DB", async () => {
-      const response = await writethrough.put({ ...first, value: 2 })
-      const output = await db.get(response.id)
-      expect(first._rev).toBe(output._rev)
-      expect(output.value).toBe(1)
-    })
-
-    it("should put it again after delay period", async () => {
-      tk.freeze(START_DATE + DELAY + 1)
-      const response = await writethrough.put({ ...first, value: 3 })
-      const output = await db.get(response.id)
-      expect(response.rev).not.toBe(first._rev)
-      expect(output.value).toBe(3)
-    })
-  })
-
-  describe("get", () => {
-    it("should be able to retrieve", async () => {
-      const response = await writethrough.get("test")
-      expect(response.value).toBe(3)
-    })
-  })
-
-  describe("same doc, different databases (tenancy)", () => {
-    it("should be able to two different databases", async () => {
-      const resp1 = await writethrough.put({ _id: "db1", value: "first" })
-      const resp2 = await writethrough2.put({ _id: "db1", value: "second" })
-      expect(resp1.rev).toBeDefined()
-      expect(resp2.rev).toBeDefined()
-      expect((await db.get("db1")).value).toBe("first")
-      expect((await db2.get("db1")).value).toBe("second")
-    })
-  })
-})
-
diff --git a/packages/backend-core/src/cache/tests/writethrough.spec.ts b/packages/backend-core/src/cache/tests/writethrough.spec.ts
new file mode 100644
index 0000000000..d346788121
--- /dev/null
+++ b/packages/backend-core/src/cache/tests/writethrough.spec.ts
@@ -0,0 +1,73 @@
+import { structures, DBTestConfiguration } from "../../../tests"
+import { Writethrough } from "../writethrough"
+import { getDB } from "../../db"
+import tk from "timekeeper"
+
+const START_DATE = Date.now()
+tk.freeze(START_DATE)
+
+const DELAY = 5000
+
+describe("writethrough", () => {
+  const config = new DBTestConfiguration()
+
+  const db = getDB(structures.db.id())
+  const db2 = getDB(structures.db.id())
+
+  const writethrough = new Writethrough(db, DELAY)
+  const writethrough2 = new Writethrough(db2, DELAY)
+
+  describe("put", () => {
+    let first: any
+
+    it("should be able to store, will go to DB", async () => {
+      await config.doInTenant(async () => {
+        const response = await writethrough.put({ _id: "test", value: 1 })
+        const output = await db.get(response.id)
+        first = output
+        expect(output.value).toBe(1)
+      })
+    })
+
+    it("second put shouldn't update DB", async () => {
+      await config.doInTenant(async () => {
+        const response = await writethrough.put({ ...first, value: 2 })
+        const output = await db.get(response.id)
+        expect(first._rev).toBe(output._rev)
+        expect(output.value).toBe(1)
+      })
+    })
+
+    it("should put it again after delay period", async () => {
+      await config.doInTenant(async () => {
+        tk.freeze(START_DATE + DELAY + 1)
+        const response = await writethrough.put({ ...first, value: 3 })
+        const output = await db.get(response.id)
+        expect(response.rev).not.toBe(first._rev)
+        expect(output.value).toBe(3)
+      })
+    })
+  })
+
+  describe("get", () => {
+    it("should be able to retrieve", async () => {
+      await config.doInTenant(async () => {
+        const response = await writethrough.get("test")
+        expect(response.value).toBe(3)
+      })
+    })
+  })
+
+  describe("same doc, different databases (tenancy)", () => {
+    it("should be able to two different databases", async () => {
+      await config.doInTenant(async () => {
+        const resp1 = await writethrough.put({ _id: "db1", value: "first" })
+        const resp2 = await writethrough2.put({ _id: "db1", value: "second" })
+        expect(resp1.rev).toBeDefined()
+        expect(resp2.rev).toBeDefined()
+        expect((await db.get("db1")).value).toBe("first")
+        expect((await db2.get("db1")).value).toBe("second")
+      })
+    })
+  })
+})
diff --git a/packages/backend-core/src/cache/user.ts b/packages/backend-core/src/cache/user.ts
index a128465cd6..b514c3af9b 100644
--- a/packages/backend-core/src/cache/user.ts
+++ b/packages/backend-core/src/cache/user.ts
@@ -1,8 +1,9 @@
 import * as redis from "../redis/init"
-import { getTenantId, lookupTenantId, doWithGlobalDB } from "../tenancy"
+import * as tenancy from "../tenancy"
+import * as context from "../context"
+import * as platform from "../platform"
 import env from "../environment"
-import * as accounts from "../cloud/accounts"
-import { Database } from "@budibase/types"
+import * as accounts from "../accounts"
 
 const EXPIRY_SECONDS = 3600
 
@@ -10,7 +11,8 @@ const EXPIRY_SECONDS = 3600
  * The default populate user function
  */
 async function populateFromDB(userId: string, tenantId: string) {
-  const user = await doWithGlobalDB(tenantId, (db: Database) => db.get(userId))
+  const db = tenancy.getTenantDB(tenantId)
+  const user = await db.get(userId)
   user.budibaseAccess = true
   if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
     const account = await accounts.getAccount(user.email)
@@ -42,9 +44,9 @@ export async function getUser(
   }
   if (!tenantId) {
     try {
-      tenantId = getTenantId()
+      tenantId = context.getTenantId()
     } catch (err) {
-      tenantId = await lookupTenantId(userId)
+      tenantId = await platform.users.lookupTenantId(userId)
     }
   }
   const client = await redis.getUserClient()
diff --git a/packages/backend-core/src/configs/configs.ts b/packages/backend-core/src/configs/configs.ts
new file mode 100644
index 0000000000..b461497747
--- /dev/null
+++ b/packages/backend-core/src/configs/configs.ts
@@ -0,0 +1,244 @@
+import {
+  Config,
+  ConfigType,
+  GoogleConfig,
+  GoogleInnerConfig,
+  OIDCConfig,
+  OIDCInnerConfig,
+  SettingsConfig,
+  SettingsInnerConfig,
+  SMTPConfig,
+  SMTPInnerConfig,
+} from "@budibase/types"
+import { DocumentType, SEPARATOR } from "../constants"
+import { CacheKey, TTL, withCache } from "../cache"
+import * as context from "../context"
+import env from "../environment"
+import environment from "../environment"
+
+// UTILS
+
+/**
+ * Generates a new configuration ID.
+ * @returns {string} The new configuration ID which the config doc can be stored under.
+ */
+export function generateConfigID(type: ConfigType) {
+  return `${DocumentType.CONFIG}${SEPARATOR}${type}`
+}
+
+export async function getConfig<T extends Config>(
+  type: ConfigType
+): Promise<T | undefined> {
+  const db = context.getGlobalDB()
+  try {
+    // await to catch error
+    const config = (await db.get(generateConfigID(type))) as T
+    return config
+  } catch (e: any) {
+    if (e.status === 404) {
+      return
+    }
+    throw e
+  }
+}
+
+export async function save(
+  config: Config
+): Promise<{ id: string; rev: string }> {
+  const db = context.getGlobalDB()
+  return db.put(config)
+}
+
+// SETTINGS
+
+export async function getSettingsConfigDoc(): Promise<SettingsConfig> {
+  let config = await getConfig<SettingsConfig>(ConfigType.SETTINGS)
+
+  if (!config) {
+    config = {
+      _id: generateConfigID(ConfigType.SETTINGS),
+      type: ConfigType.SETTINGS,
+      config: {},
+    }
+  }
+
+  // overridden fields
+  config.config.platformUrl = await getPlatformUrl({
+    tenantAware: true,
+    config: config.config,
+  })
+  config.config.analyticsEnabled = await analyticsEnabled({
+    config: config.config,
+  })
+
+  return config
+}
+
+export async function getSettingsConfig(): Promise<SettingsInnerConfig> {
+  return (await getSettingsConfigDoc()).config
+}
+
+export async function getPlatformUrl(
+  opts: { tenantAware: boolean; config?: SettingsInnerConfig } = {
+    tenantAware: true,
+  }
+) {
+  let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
+
+  if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
+    // cloud and multi tenant - add the tenant to the default platform url
+    const tenantId = context.getTenantId()
+    if (!platformUrl.includes("localhost:")) {
+      platformUrl = platformUrl.replace("://", `://${tenantId}.`)
+    }
+  } else if (env.SELF_HOSTED) {
+    const config = opts?.config
+      ? opts.config
+      : // direct to db to prevent infinite loop
+        (await getConfig<SettingsConfig>(ConfigType.SETTINGS))?.config
+    if (config?.platformUrl) {
+      platformUrl = config.platformUrl
+    }
+  }
+
+  return platformUrl
+}
+
+export const analyticsEnabled = async (opts?: {
+  config?: SettingsInnerConfig
+}) => {
+  // cloud - always use the environment variable
+  if (!env.SELF_HOSTED) {
+    return !!env.ENABLE_ANALYTICS
+  }
+
+  // self host - prefer the settings doc
+  // use cache as events have high throughput
+  const enabledInDB = await withCache(
+    CacheKey.ANALYTICS_ENABLED,
+    TTL.ONE_DAY,
+    async () => {
+      const config = opts?.config
+        ? opts.config
+        : // direct to db to prevent infinite loop
+          (await getConfig<SettingsConfig>(ConfigType.SETTINGS))?.config
+
+      // need to do explicit checks in case the field is not set
+      if (config?.analyticsEnabled === false) {
+        return false
+      } else if (config?.analyticsEnabled === true) {
+        return true
+      }
+    }
+  )
+
+  if (enabledInDB !== undefined) {
+    return enabledInDB
+  }
+
+  // fallback to the environment variable
+  // explicitly check for 0 or false here, undefined or otherwise is treated as true
+  const envEnabled: any = env.ENABLE_ANALYTICS
+  if (envEnabled === 0 || envEnabled === false) {
+    return false
+  } else {
+    return true
+  }
+}
+
+// GOOGLE
+
+async function getGoogleConfigDoc(): Promise<GoogleConfig | undefined> {
+  return await getConfig<GoogleConfig>(ConfigType.GOOGLE)
+}
+
+export async function getGoogleConfig(): Promise<
+  GoogleInnerConfig | undefined
+> {
+  const config = await getGoogleConfigDoc()
+  return config?.config
+}
+
+export async function getGoogleDatasourceConfig(): Promise<
+  GoogleInnerConfig | undefined
+> {
+  if (!env.SELF_HOSTED) {
+    // always use the env vars in cloud
+    return getDefaultGoogleConfig()
+  }
+
+  // prefer the config in self-host
+  let config = await getGoogleConfig()
+
+  // fallback to env vars
+  if (!config || !config.activated) {
+    config = getDefaultGoogleConfig()
+  }
+
+  return config
+}
+
+export function getDefaultGoogleConfig(): GoogleInnerConfig | undefined {
+  if (environment.GOOGLE_CLIENT_ID && environment.GOOGLE_CLIENT_SECRET) {
+    return {
+      clientID: environment.GOOGLE_CLIENT_ID!,
+      clientSecret: environment.GOOGLE_CLIENT_SECRET!,
+      activated: true,
+    }
+  }
+}
+
+// OIDC
+
+async function getOIDCConfigDoc(): Promise<OIDCConfig | undefined> {
+  return getConfig<OIDCConfig>(ConfigType.OIDC)
+}
+
+export async function getOIDCConfig(): Promise<OIDCInnerConfig | undefined> {
+  const config = (await getOIDCConfigDoc())?.config
+  // default to the 0th config
+  return config?.configs && config.configs[0]
+}
+
+/**
+ * @param configId The config id of the inner config to retrieve
+ */
+export async function getOIDCConfigById(
+  configId: string
+): Promise<OIDCInnerConfig | undefined> {
+  const config = (await getConfig<OIDCConfig>(ConfigType.OIDC))?.config
+  return config && config.configs.filter((c: any) => c.uuid === configId)[0]
+}
+
+// SMTP
+
+export async function getSMTPConfigDoc(): Promise<SMTPConfig | undefined> {
+  return getConfig<SMTPConfig>(ConfigType.SMTP)
+}
+
+export async function getSMTPConfig(
+  isAutomation?: boolean
+): Promise<SMTPInnerConfig | undefined> {
+  const config = await getSMTPConfigDoc()
+  if (config) {
+    return config.config
+  }
+
+  // always allow fallback in self host
+  // in cloud don't allow for automations
+  const allowFallback = env.SELF_HOSTED || !isAutomation
+
+  // Use an SMTP fallback configuration from env variables
+  if (env.SMTP_FALLBACK_ENABLED && allowFallback) {
+    return {
+      port: env.SMTP_PORT,
+      host: env.SMTP_HOST!,
+      secure: false,
+      from: env.SMTP_FROM_ADDRESS!,
+      auth: {
+        user: env.SMTP_USER!,
+        pass: env.SMTP_PASSWORD!,
+      },
+    }
+  }
+}
diff --git a/packages/backend-core/src/configs/index.ts b/packages/backend-core/src/configs/index.ts
new file mode 100644
index 0000000000..783f22a0b9
--- /dev/null
+++ b/packages/backend-core/src/configs/index.ts
@@ -0,0 +1 @@
+export * from "./configs"
diff --git a/packages/backend-core/src/configs/tests/configs.spec.ts b/packages/backend-core/src/configs/tests/configs.spec.ts
new file mode 100644
index 0000000000..079f2ab681
--- /dev/null
+++ b/packages/backend-core/src/configs/tests/configs.spec.ts
@@ -0,0 +1,116 @@
+import { DBTestConfiguration, generator, testEnv } from "../../../tests"
+import { ConfigType } from "@budibase/types"
+import env from "../../environment"
+import * as configs from "../configs"
+
+const DEFAULT_URL = "http://localhost:10000"
+const ENV_URL = "http://env.com"
+
+describe("configs", () => {
+  const config = new DBTestConfiguration()
+
+  const setDbPlatformUrl = async (dbUrl: string) => {
+    const settingsConfig = {
+      _id: configs.generateConfigID(ConfigType.SETTINGS),
+      type: ConfigType.SETTINGS,
+      config: {
+        platformUrl: dbUrl,
+      },
+    }
+    await configs.save(settingsConfig)
+  }
+
+  beforeEach(async () => {
+    config.newTenant()
+  })
+
+  describe("getPlatformUrl", () => {
+    describe("self host", () => {
+      beforeEach(async () => {
+        testEnv.selfHosted()
+      })
+
+      it("gets the default url", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(DEFAULT_URL)
+        })
+      })
+
+      it("gets the platform url from the environment", async () => {
+        await config.doInTenant(async () => {
+          env._set("PLATFORM_URL", ENV_URL)
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(ENV_URL)
+        })
+      })
+
+      it("gets the platform url from the database", async () => {
+        await config.doInTenant(async () => {
+          const dbUrl = generator.url()
+          await setDbPlatformUrl(dbUrl)
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(dbUrl)
+        })
+      })
+    })
+
+    describe("cloud", () => {
+      function getTenantAwareUrl() {
+        return `http://${config.tenantId}.env.com`
+      }
+
+      beforeEach(async () => {
+        testEnv.cloudHosted()
+        testEnv.multiTenant()
+
+        env._set("PLATFORM_URL", ENV_URL)
+      })
+
+      it("gets the platform url from the environment without tenancy", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl({ tenantAware: false })
+          expect(url).toBe(ENV_URL)
+        })
+      })
+
+      it("gets the platform url from the environment with tenancy", async () => {
+        await config.doInTenant(async () => {
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(getTenantAwareUrl())
+        })
+      })
+
+      it("never gets the platform url from the database", async () => {
+        await config.doInTenant(async () => {
+          await setDbPlatformUrl(generator.url())
+          const url = await configs.getPlatformUrl()
+          expect(url).toBe(getTenantAwareUrl())
+        })
+      })
+    })
+  })
+
+  describe("getSettingsConfig", () => {
+    beforeAll(async () => {
+      testEnv.selfHosted()
+      env._set("PLATFORM_URL", "")
+    })
+
+    it("returns the platform url with an existing config", async () => {
+      await config.doInTenant(async () => {
+        const dbUrl = generator.url()
+        await setDbPlatformUrl(dbUrl)
+        const config = await configs.getSettingsConfig()
+        expect(config.platformUrl).toBe(dbUrl)
+      })
+    })
+
+    it("returns the platform url without an existing config", async () => {
+      await config.doInTenant(async () => {
+        const config = await configs.getSettingsConfig()
+        expect(config.platformUrl).toBe(DEFAULT_URL)
+      })
+    })
+  })
+})
diff --git a/packages/backend-core/src/constants/db.ts b/packages/backend-core/src/constants/db.ts
index f7d15b3880..d41098c405 100644
--- a/packages/backend-core/src/constants/db.ts
+++ b/packages/backend-core/src/constants/db.ts
@@ -68,6 +68,7 @@ export enum DocumentType {
   MEM_VIEW = "view",
   USER_FLAG = "flag",
   AUTOMATION_METADATA = "meta_au",
+  AUDIT_LOG = "al",
 }
 
 export const StaticDatabases = {
@@ -88,6 +89,9 @@ export const StaticDatabases = {
       install: "install",
     },
   },
+  AUDIT_LOGS: {
+    name: "audit-logs",
+  },
 }
 
 export const APP_PREFIX = DocumentType.APP + SEPARATOR
diff --git a/packages/backend-core/src/constants/misc.ts b/packages/backend-core/src/constants/misc.ts
index 0bf3df4094..e25c90575f 100644
--- a/packages/backend-core/src/constants/misc.ts
+++ b/packages/backend-core/src/constants/misc.ts
@@ -41,5 +41,6 @@ export enum Config {
   OIDC_LOGOS = "logos_oidc",
 }
 
+export const MIN_VALID_DATE = new Date(-2147483647000)
 export const MAX_VALID_DATE = new Date(2147483647000)
 export const DEFAULT_TENANT_ID = "default"
diff --git a/packages/backend-core/src/context/Context.ts b/packages/backend-core/src/context/Context.ts
index 02b7713764..d29b6935a8 100644
--- a/packages/backend-core/src/context/Context.ts
+++ b/packages/backend-core/src/context/Context.ts
@@ -1,5 +1,5 @@
 import { AsyncLocalStorage } from "async_hooks"
-import { ContextMap } from "./mainContext"
+import { ContextMap } from "./types"
 
 export default class Context {
   static storage = new AsyncLocalStorage<ContextMap>()
diff --git a/packages/backend-core/src/context/deprovision.ts b/packages/backend-core/src/context/deprovision.ts
deleted file mode 100644
index 81f03096dc..0000000000
--- a/packages/backend-core/src/context/deprovision.ts
+++ /dev/null
@@ -1,108 +0,0 @@
-import {
-  getGlobalUserParams,
-  getAllApps,
-  doWithDB,
-  StaticDatabases,
-} from "../db"
-import { doWithGlobalDB } from "../tenancy"
-import { App, Tenants, User, Database } from "@budibase/types"
-
-const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
-const PLATFORM_INFO_DB = StaticDatabases.PLATFORM_INFO.name
-
-async function removeTenantFromInfoDB(tenantId: string) {
-  try {
-    await doWithDB(PLATFORM_INFO_DB, async (infoDb: Database) => {
-      const tenants = (await infoDb.get(TENANT_DOC)) as Tenants
-      tenants.tenantIds = tenants.tenantIds.filter(id => id !== tenantId)
-
-      await infoDb.put(tenants)
-    })
-  } catch (err) {
-    console.error(`Error removing tenant ${tenantId} from info db`, err)
-    throw err
-  }
-}
-
-export async function removeUserFromInfoDB(dbUser: User) {
-  await doWithDB(PLATFORM_INFO_DB, async (infoDb: Database) => {
-    const keys = [dbUser._id!, dbUser.email]
-    const userDocs = await infoDb.allDocs({
-      keys,
-      include_docs: true,
-    })
-    const toDelete = userDocs.rows.map((row: any) => {
-      return {
-        ...row.doc,
-        _deleted: true,
-      }
-    })
-    await infoDb.bulkDocs(toDelete)
-  })
-}
-
-async function removeUsersFromInfoDB(tenantId: string) {
-  return doWithGlobalDB(tenantId, async (db: any) => {
-    try {
-      const allUsers = await db.allDocs(
-        getGlobalUserParams(null, {
-          include_docs: true,
-        })
-      )
-      await doWithDB(PLATFORM_INFO_DB, async (infoDb: any) => {
-        const allEmails = allUsers.rows.map((row: any) => row.doc.email)
-        // get the id docs
-        let keys = allUsers.rows.map((row: any) => row.id)
-        // and the email docs
-        keys = keys.concat(allEmails)
-        // retrieve the docs and delete them
-        const userDocs = await infoDb.allDocs({
-          keys,
-          include_docs: true,
-        })
-        const toDelete = userDocs.rows.map((row: any) => {
-          return {
-            ...row.doc,
-            _deleted: true,
-          }
-        })
-        await infoDb.bulkDocs(toDelete)
-      })
-    } catch (err) {
-      console.error(`Error removing tenant ${tenantId} users from info db`, err)
-      throw err
-    }
-  })
-}
-
-async function removeGlobalDB(tenantId: string) {
-  return doWithGlobalDB(tenantId, async (db: Database) => {
-    try {
-      await db.destroy()
-    } catch (err) {
-      console.error(`Error removing tenant ${tenantId} users from info db`, err)
-      throw err
-    }
-  })
-}
-
-async function removeTenantApps(tenantId: string) {
-  try {
-    const apps = (await getAllApps({ all: true })) as App[]
-    const destroyPromises = apps.map(app =>
-      doWithDB(app.appId, (db: Database) => db.destroy())
-    )
-    await Promise.allSettled(destroyPromises)
-  } catch (err) {
-    console.error(`Error removing tenant ${tenantId} apps`, err)
-    throw err
-  }
-}
-
-// can't live in tenancy package due to circular dependency on db/utils
-export async function deleteTenant(tenantId: string) {
-  await removeTenantFromInfoDB(tenantId)
-  await removeUsersFromInfoDB(tenantId)
-  await removeGlobalDB(tenantId)
-  await removeTenantApps(tenantId)
-}
diff --git a/packages/backend-core/src/context/identity.ts b/packages/backend-core/src/context/identity.ts
index 648dd1b5fd..84de3b68c9 100644
--- a/packages/backend-core/src/context/identity.ts
+++ b/packages/backend-core/src/context/identity.ts
@@ -5,6 +5,8 @@ import {
   isCloudAccount,
   Account,
   AccountUserContext,
+  UserContext,
+  Ctx,
 } from "@budibase/types"
 import * as context from "."
 
@@ -16,15 +18,22 @@ export function doInIdentityContext(identity: IdentityContext, task: any) {
   return context.doInIdentityContext(identity, task)
 }
 
-export function doInUserContext(user: User, task: any) {
-  const userContext: any = {
+// used in server/worker
+export function doInUserContext(user: User, ctx: Ctx, task: any) {
+  const userContext: UserContext = {
     ...user,
     _id: user._id as string,
     type: IdentityType.USER,
+    hostInfo: {
+      ipAddress: ctx.request.ip,
+      // filled in by koa-useragent package
+      userAgent: ctx.userAgent._agent.source,
+    },
   }
   return doInIdentityContext(userContext, task)
 }
 
+// used in account portal
 export function doInAccountContext(account: Account, task: any) {
   const _id = getAccountUserId(account)
   const tenantId = account.tenantId
diff --git a/packages/backend-core/src/context/mainContext.ts b/packages/backend-core/src/context/mainContext.ts
index 9884d25d5a..02ba16aa8c 100644
--- a/packages/backend-core/src/context/mainContext.ts
+++ b/packages/backend-core/src/context/mainContext.ts
@@ -11,13 +11,7 @@ import {
   DEFAULT_TENANT_ID,
 } from "../constants"
 import { Database, IdentityContext } from "@budibase/types"
-
-export type ContextMap = {
-  tenantId?: string
-  appId?: string
-  identity?: IdentityContext
-  environmentVariables?: Record<string, string>
-}
+import { ContextMap } from "./types"
 
 let TEST_APP_ID: string | null = null
 
@@ -30,14 +24,23 @@ export function getGlobalDBName(tenantId?: string) {
   return baseGlobalDBName(tenantId)
 }
 
-export function baseGlobalDBName(tenantId: string | undefined | null) {
-  let dbName
-  if (!tenantId || tenantId === DEFAULT_TENANT_ID) {
-    dbName = StaticDatabases.GLOBAL.name
-  } else {
-    dbName = `${tenantId}${SEPARATOR}${StaticDatabases.GLOBAL.name}`
+export function getAuditLogDBName(tenantId?: string) {
+  if (!tenantId) {
+    tenantId = getTenantId()
+  }
+  if (tenantId === DEFAULT_TENANT_ID) {
+    return StaticDatabases.AUDIT_LOGS.name
+  } else {
+    return `${tenantId}${SEPARATOR}${StaticDatabases.AUDIT_LOGS.name}`
+  }
+}
+
+export function baseGlobalDBName(tenantId: string | undefined | null) {
+  if (!tenantId || tenantId === DEFAULT_TENANT_ID) {
+    return StaticDatabases.GLOBAL.name
+  } else {
+    return `${tenantId}${SEPARATOR}${StaticDatabases.GLOBAL.name}`
   }
-  return dbName
 }
 
 export function isMultiTenant() {
@@ -228,6 +231,13 @@ export function getGlobalDB(): Database {
   return getDB(baseGlobalDBName(context?.tenantId))
 }
 
+export function getAuditLogsDB(): Database {
+  if (!getTenantId()) {
+    throw new Error("No tenant ID found - cannot open audit log DB")
+  }
+  return getDB(getAuditLogDBName())
+}
+
 /**
  * Gets the app database based on whatever the request
  * contained, dev or prod.
diff --git a/packages/backend-core/src/context/tests/index.spec.ts b/packages/backend-core/src/context/tests/index.spec.ts
index c9b5870ffa..5c8ce6fc19 100644
--- a/packages/backend-core/src/context/tests/index.spec.ts
+++ b/packages/backend-core/src/context/tests/index.spec.ts
@@ -1,11 +1,14 @@
-require("../../../tests")
+import { testEnv } from "../../../tests"
 const context = require("../")
 const { DEFAULT_TENANT_ID } = require("../../constants")
-import env from "../../environment"
 
 describe("context", () => {
   describe("doInTenant", () => {
     describe("single-tenancy", () => {
+      beforeAll(() => {
+        testEnv.singleTenant()
+      })
+
       it("defaults to the default tenant", () => {
         const tenantId = context.getTenantId()
         expect(tenantId).toBe(DEFAULT_TENANT_ID)
@@ -20,8 +23,8 @@ describe("context", () => {
     })
 
     describe("multi-tenancy", () => {
-      beforeEach(() => {
-        env._set("MULTI_TENANCY", 1)
+      beforeAll(() => {
+        testEnv.multiTenant()
       })
 
       it("fails when no tenant id is set", () => {
diff --git a/packages/backend-core/src/context/types.ts b/packages/backend-core/src/context/types.ts
new file mode 100644
index 0000000000..78197ed528
--- /dev/null
+++ b/packages/backend-core/src/context/types.ts
@@ -0,0 +1,9 @@
+import { IdentityContext } from "@budibase/types"
+
+// keep this out of Budibase types, don't want to expose context info
+export type ContextMap = {
+  tenantId?: string
+  appId?: string
+  identity?: IdentityContext
+  environmentVariables?: Record<string, string>
+}
diff --git a/packages/backend-core/src/db/db.ts b/packages/backend-core/src/db/db.ts
index bd6b5e13c1..f13eb9a965 100644
--- a/packages/backend-core/src/db/db.ts
+++ b/packages/backend-core/src/db/db.ts
@@ -1,7 +1,6 @@
 import env from "../environment"
-import { directCouchQuery, getPouchDB } from "./couch"
+import { directCouchQuery, DatabaseImpl } from "./couch"
 import { CouchFindOptions, Database } from "@budibase/types"
-import { DatabaseImpl } from "../db"
 
 const dbList = new Set()
 
diff --git a/packages/backend-core/src/db/index.ts b/packages/backend-core/src/db/index.ts
index 0d9f75fa18..a569b17b36 100644
--- a/packages/backend-core/src/db/index.ts
+++ b/packages/backend-core/src/db/index.ts
@@ -7,3 +7,4 @@ export { default as Replication } from "./Replication"
 // exports to support old export structure
 export * from "../constants/db"
 export { getGlobalDBName, baseGlobalDBName } from "../context"
+export * from "./lucene"
diff --git a/packages/backend-core/src/db/lucene.ts b/packages/backend-core/src/db/lucene.ts
new file mode 100644
index 0000000000..cba2f0138a
--- /dev/null
+++ b/packages/backend-core/src/db/lucene.ts
@@ -0,0 +1,624 @@
+import fetch from "node-fetch"
+import { getCouchInfo } from "./couch"
+import { SearchFilters, Row } from "@budibase/types"
+
+const QUERY_START_REGEX = /\d[0-9]*:/g
+
+interface SearchResponse<T> {
+  rows: T[] | any[]
+  bookmark: string
+}
+
+interface PaginatedSearchResponse<T> extends SearchResponse<T> {
+  hasNextPage: boolean
+}
+
+export type SearchParams<T> = {
+  tableId?: string
+  sort?: string
+  sortOrder?: string
+  sortType?: string
+  limit?: number
+  bookmark?: string
+  version?: string
+  indexer?: () => Promise<any>
+  disableEscaping?: boolean
+  rows?: T | Row[]
+}
+
+export function removeKeyNumbering(key: any): string {
+  if (typeof key === "string" && key.match(QUERY_START_REGEX) != null) {
+    const parts = key.split(":")
+    // remove the number
+    parts.shift()
+    return parts.join(":")
+  } else {
+    return key
+  }
+}
+
+/**
+ * Class to build lucene query URLs.
+ * Optionally takes a base lucene query object.
+ */
+export class QueryBuilder<T> {
+  dbName: string
+  index: string
+  query: SearchFilters
+  limit: number
+  sort?: string
+  bookmark?: string
+  sortOrder: string
+  sortType: string
+  includeDocs: boolean
+  version?: string
+  indexBuilder?: () => Promise<any>
+  noEscaping = false
+
+  constructor(dbName: string, index: string, base?: SearchFilters) {
+    this.dbName = dbName
+    this.index = index
+    this.query = {
+      allOr: false,
+      string: {},
+      fuzzy: {},
+      range: {},
+      equal: {},
+      notEqual: {},
+      empty: {},
+      notEmpty: {},
+      oneOf: {},
+      contains: {},
+      notContains: {},
+      containsAny: {},
+      ...base,
+    }
+    this.limit = 50
+    this.sortOrder = "ascending"
+    this.sortType = "string"
+    this.includeDocs = true
+  }
+
+  disableEscaping() {
+    this.noEscaping = true
+    return this
+  }
+
+  setIndexBuilder(builderFn: () => Promise<any>) {
+    this.indexBuilder = builderFn
+    return this
+  }
+
+  setVersion(version?: string) {
+    if (version != null) {
+      this.version = version
+    }
+    return this
+  }
+
+  setTable(tableId: string) {
+    this.query.equal!.tableId = tableId
+    return this
+  }
+
+  setLimit(limit?: number) {
+    if (limit != null) {
+      this.limit = limit
+    }
+    return this
+  }
+
+  setSort(sort?: string) {
+    if (sort != null) {
+      this.sort = sort
+    }
+    return this
+  }
+
+  setSortOrder(sortOrder?: string) {
+    if (sortOrder != null) {
+      this.sortOrder = sortOrder
+    }
+    return this
+  }
+
+  setSortType(sortType?: string) {
+    if (sortType != null) {
+      this.sortType = sortType
+    }
+    return this
+  }
+
+  setBookmark(bookmark?: string) {
+    if (bookmark != null) {
+      this.bookmark = bookmark
+    }
+    return this
+  }
+
+  excludeDocs() {
+    this.includeDocs = false
+    return this
+  }
+
+  addString(key: string, partial: string) {
+    this.query.string![key] = partial
+    return this
+  }
+
+  addFuzzy(key: string, fuzzy: string) {
+    this.query.fuzzy![key] = fuzzy
+    return this
+  }
+
+  addRange(key: string, low: string | number, high: string | number) {
+    this.query.range![key] = {
+      low,
+      high,
+    }
+    return this
+  }
+
+  addEqual(key: string, value: any) {
+    this.query.equal![key] = value
+    return this
+  }
+
+  addNotEqual(key: string, value: any) {
+    this.query.notEqual![key] = value
+    return this
+  }
+
+  addEmpty(key: string, value: any) {
+    this.query.empty![key] = value
+    return this
+  }
+
+  addNotEmpty(key: string, value: any) {
+    this.query.notEmpty![key] = value
+    return this
+  }
+
+  addOneOf(key: string, value: any) {
+    this.query.oneOf![key] = value
+    return this
+  }
+
+  addContains(key: string, value: any) {
+    this.query.contains![key] = value
+    return this
+  }
+
+  addNotContains(key: string, value: any) {
+    this.query.notContains![key] = value
+    return this
+  }
+
+  addContainsAny(key: string, value: any) {
+    this.query.containsAny![key] = value
+    return this
+  }
+
+  handleSpaces(input: string) {
+    if (this.noEscaping) {
+      return input
+    } else {
+      return input.replace(/ /g, "_")
+    }
+  }
+
+  /**
+   * Preprocesses a value before going into a lucene search.
+   * Transforms strings to lowercase and wraps strings and bools in quotes.
+   * @param value The value to process
+   * @param options The preprocess options
+   * @returns {string|*}
+   */
+  preprocess(value: any, { escape, lowercase, wrap, type }: any = {}) {
+    const hasVersion = !!this.version
+    // Determine if type needs wrapped
+    const originalType = typeof value
+    // Convert to lowercase
+    if (value && lowercase) {
+      value = value.toLowerCase ? value.toLowerCase() : value
+    }
+    // Escape characters
+    if (!this.noEscaping && escape && originalType === "string") {
+      value = `${value}`.replace(/[ #+\-&|!(){}\]^"~*?:\\]/g, "\\$&")
+    }
+
+    // Wrap in quotes
+    if (originalType === "string" && !isNaN(value) && !type) {
+      value = `"${value}"`
+    } else if (hasVersion && wrap) {
+      value = originalType === "number" ? value : `"${value}"`
+    }
+    return value
+  }
+
+  buildSearchQuery() {
+    const builder = this
+    let allOr = this.query && this.query.allOr
+    let query = allOr ? "" : "*:*"
+    const allPreProcessingOpts = { escape: true, lowercase: true, wrap: true }
+    let tableId
+    if (this.query.equal!.tableId) {
+      tableId = this.query.equal!.tableId
+      delete this.query.equal!.tableId
+    }
+
+    const equal = (key: string, value: any) => {
+      // 0 evaluates to false, which means we would return all rows if we don't check it
+      if (!value && value !== 0) {
+        return null
+      }
+      return `${key}:${builder.preprocess(value, allPreProcessingOpts)}`
+    }
+
+    const contains = (key: string, value: any, mode = "AND") => {
+      if (Array.isArray(value) && value.length === 0) {
+        return null
+      }
+      if (!Array.isArray(value)) {
+        return `${key}:${value}`
+      }
+      let statement = `${builder.preprocess(value[0], { escape: true })}`
+      for (let i = 1; i < value.length; i++) {
+        statement += ` ${mode} ${builder.preprocess(value[i], {
+          escape: true,
+        })}`
+      }
+      return `${key}:(${statement})`
+    }
+
+    const notContains = (key: string, value: any) => {
+      // @ts-ignore
+      const allPrefix = allOr === "" ? "*:* AND" : ""
+      return allPrefix + "NOT " + contains(key, value)
+    }
+
+    const containsAny = (key: string, value: any) => {
+      return contains(key, value, "OR")
+    }
+
+    const oneOf = (key: string, value: any) => {
+      if (!Array.isArray(value)) {
+        if (typeof value === "string") {
+          value = value.split(",")
+        } else {
+          return ""
+        }
+      }
+      let orStatement = `${builder.preprocess(value[0], allPreProcessingOpts)}`
+      for (let i = 1; i < value.length; i++) {
+        orStatement += ` OR ${builder.preprocess(
+          value[i],
+          allPreProcessingOpts
+        )}`
+      }
+      return `${key}:(${orStatement})`
+    }
+
+    function build(structure: any, queryFn: any) {
+      for (let [key, value] of Object.entries(structure)) {
+        // check for new format - remove numbering if needed
+        key = removeKeyNumbering(key)
+        key = builder.preprocess(builder.handleSpaces(key), {
+          escape: true,
+        })
+        const expression = queryFn(key, value)
+        if (expression == null) {
+          continue
+        }
+        if (query.length > 0) {
+          query += ` ${allOr ? "OR" : "AND"} `
+        }
+        query += expression
+      }
+    }
+
+    // Construct the actual lucene search query string from JSON structure
+    if (this.query.string) {
+      build(this.query.string, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        value = builder.preprocess(value, {
+          escape: true,
+          lowercase: true,
+          type: "string",
+        })
+        return `${key}:${value}*`
+      })
+    }
+    if (this.query.range) {
+      build(this.query.range, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        if (value.low == null || value.low === "") {
+          return null
+        }
+        if (value.high == null || value.high === "") {
+          return null
+        }
+        const low = builder.preprocess(value.low, allPreProcessingOpts)
+        const high = builder.preprocess(value.high, allPreProcessingOpts)
+        return `${key}:[${low} TO ${high}]`
+      })
+    }
+    if (this.query.fuzzy) {
+      build(this.query.fuzzy, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        value = builder.preprocess(value, {
+          escape: true,
+          lowercase: true,
+          type: "fuzzy",
+        })
+        return `${key}:${value}~`
+      })
+    }
+    if (this.query.equal) {
+      build(this.query.equal, equal)
+    }
+    if (this.query.notEqual) {
+      build(this.query.notEqual, (key: string, value: any) => {
+        if (!value) {
+          return null
+        }
+        return `!${key}:${builder.preprocess(value, allPreProcessingOpts)}`
+      })
+    }
+    if (this.query.empty) {
+      build(this.query.empty, (key: string) => `!${key}:["" TO *]`)
+    }
+    if (this.query.notEmpty) {
+      build(this.query.notEmpty, (key: string) => `${key}:["" TO *]`)
+    }
+    if (this.query.oneOf) {
+      build(this.query.oneOf, oneOf)
+    }
+    if (this.query.contains) {
+      build(this.query.contains, contains)
+    }
+    if (this.query.notContains) {
+      build(this.query.notContains, notContains)
+    }
+    if (this.query.containsAny) {
+      build(this.query.containsAny, containsAny)
+    }
+    // make sure table ID is always added as an AND
+    if (tableId) {
+      query = `(${query})`
+      allOr = false
+      build({ tableId }, equal)
+    }
+    return query
+  }
+
+  buildSearchBody() {
+    let body: any = {
+      q: this.buildSearchQuery(),
+      limit: Math.min(this.limit, 200),
+      include_docs: this.includeDocs,
+    }
+    if (this.bookmark) {
+      body.bookmark = this.bookmark
+    }
+    if (this.sort) {
+      const order = this.sortOrder === "descending" ? "-" : ""
+      const type = `<${this.sortType}>`
+      body.sort = `${order}${this.handleSpaces(this.sort)}${type}`
+    }
+    return body
+  }
+
+  async run() {
+    const { url, cookie } = getCouchInfo()
+    const fullPath = `${url}/${this.dbName}/_design/database/_search/${this.index}`
+    const body = this.buildSearchBody()
+    try {
+      return await runQuery<T>(fullPath, body, cookie)
+    } catch (err: any) {
+      if (err.status === 404 && this.indexBuilder) {
+        await this.indexBuilder()
+        return await runQuery<T>(fullPath, body, cookie)
+      } else {
+        throw err
+      }
+    }
+  }
+}
+
+/**
+ * Executes a lucene search query.
+ * @param url The query URL
+ * @param body The request body defining search criteria
+ * @param cookie The auth cookie for CouchDB
+ * @returns {Promise<{rows: []}>}
+ */
+async function runQuery<T>(
+  url: string,
+  body: any,
+  cookie: string
+): Promise<SearchResponse<T>> {
+  const response = await fetch(url, {
+    body: JSON.stringify(body),
+    method: "POST",
+    headers: {
+      Authorization: cookie,
+    },
+  })
+
+  if (response.status === 404) {
+    throw response
+  }
+  const json = await response.json()
+
+  let output: any = {
+    rows: [],
+  }
+  if (json.rows != null && json.rows.length > 0) {
+    output.rows = json.rows.map((row: any) => row.doc)
+  }
+  if (json.bookmark) {
+    output.bookmark = json.bookmark
+  }
+  return output
+}
+
+/**
+ * Gets round the fixed limit of 200 results from a query by fetching as many
+ * pages as required and concatenating the results. This recursively operates
+ * until enough results have been found.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The number of results to fetch
+ *   bookmark {string|null} Current bookmark in the recursive search
+ *   rows {array|null} Current results in the recursive search
+ * @returns {Promise<*[]|*>}
+ */
+async function recursiveSearch<T>(
+  dbName: string,
+  index: string,
+  query: any,
+  params: any
+): Promise<any> {
+  const bookmark = params.bookmark
+  const rows = params.rows || []
+  if (rows.length >= params.limit) {
+    return rows
+  }
+  let pageSize = 200
+  if (rows.length > params.limit - 200) {
+    pageSize = params.limit - rows.length
+  }
+  const page = await new QueryBuilder<T>(dbName, index, query)
+    .setVersion(params.version)
+    .setTable(params.tableId)
+    .setBookmark(bookmark)
+    .setLimit(pageSize)
+    .setSort(params.sort)
+    .setSortOrder(params.sortOrder)
+    .setSortType(params.sortType)
+    .run()
+  if (!page.rows.length) {
+    return rows
+  }
+  if (page.rows.length < 200) {
+    return [...rows, ...page.rows]
+  }
+  const newParams = {
+    ...params,
+    bookmark: page.bookmark,
+    rows: [...rows, ...page.rows],
+  }
+  return await recursiveSearch(dbName, index, query, newParams)
+}
+
+/**
+ * Performs a paginated search. A bookmark will be returned to allow the next
+ * page to be fetched. There is a max limit off 200 results per page in a
+ * paginated search.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The desired page size
+ *   bookmark {string} The bookmark to resume from
+ * @returns {Promise<{hasNextPage: boolean, rows: *[]}>}
+ */
+export async function paginatedSearch<T>(
+  dbName: string,
+  index: string,
+  query: SearchFilters,
+  params: SearchParams<T>
+) {
+  let limit = params.limit
+  if (limit == null || isNaN(limit) || limit < 0) {
+    limit = 50
+  }
+  limit = Math.min(limit, 200)
+  const search = new QueryBuilder<T>(dbName, index, query)
+  if (params.version) {
+    search.setVersion(params.version)
+  }
+  if (params.tableId) {
+    search.setTable(params.tableId)
+  }
+  if (params.sort) {
+    search
+      .setSort(params.sort)
+      .setSortOrder(params.sortOrder)
+      .setSortType(params.sortType)
+  }
+  if (params.indexer) {
+    search.setIndexBuilder(params.indexer)
+  }
+  if (params.disableEscaping) {
+    search.disableEscaping()
+  }
+  const searchResults = await search
+    .setBookmark(params.bookmark)
+    .setLimit(limit)
+    .run()
+
+  // Try fetching 1 row in the next page to see if another page of results
+  // exists or not
+  search.setBookmark(searchResults.bookmark).setLimit(1)
+  if (params.tableId) {
+    search.setTable(params.tableId)
+  }
+  const nextResults = await search.run()
+
+  return {
+    ...searchResults,
+    hasNextPage: nextResults.rows && nextResults.rows.length > 0,
+  }
+}
+
+/**
+ * Performs a full search, fetching multiple pages if required to return the
+ * desired amount of results. There is a limit of 1000 results to avoid
+ * heavy performance hits, and to avoid client components breaking from
+ * handling too much data.
+ * @param dbName {string} Which database to run a lucene query on
+ * @param index {string} Which search index to utilise
+ * @param query {object} The JSON query structure
+ * @param params {object} The search params including:
+ *   tableId {string} The table ID to search
+ *   sort {string} The sort column
+ *   sortOrder {string} The sort order ("ascending" or "descending")
+ *   sortType {string} Whether to treat sortable values as strings or
+ *     numbers. ("string" or "number")
+ *   limit {number} The desired number of results
+ * @returns {Promise<{rows: *}>}
+ */
+export async function fullSearch<T>(
+  dbName: string,
+  index: string,
+  query: SearchFilters,
+  params: SearchParams<T>
+) {
+  let limit = params.limit
+  if (limit == null || isNaN(limit) || limit < 0) {
+    limit = 1000
+  }
+  params.limit = Math.min(limit, 1000)
+  const rows = await recursiveSearch<T>(dbName, index, query, params)
+  return { rows }
+}
diff --git a/packages/backend-core/src/db/tests/lucene.spec.ts b/packages/backend-core/src/db/tests/lucene.spec.ts
new file mode 100644
index 0000000000..23b01e18df
--- /dev/null
+++ b/packages/backend-core/src/db/tests/lucene.spec.ts
@@ -0,0 +1,161 @@
+import { newid } from "../../newid"
+import { getDB } from "../db"
+import { Database } from "@budibase/types"
+import { QueryBuilder, paginatedSearch, fullSearch } from "../lucene"
+
+const INDEX_NAME = "main"
+
+const index = `function(doc) {
+  let props = ["property", "number"]
+  for (let key of props) {
+    if (doc[key]) {
+      index(key, doc[key])
+    }
+  }
+}`
+
+describe("lucene", () => {
+  let db: Database, dbName: string
+
+  beforeAll(async () => {
+    dbName = `db-${newid()}`
+    // create the DB for testing
+    db = getDB(dbName)
+    await db.put({ _id: newid(), property: "word" })
+    await db.put({ _id: newid(), property: "word2" })
+    await db.put({ _id: newid(), property: "word3", number: 1 })
+  })
+
+  it("should be able to create a lucene index", async () => {
+    const response = await db.put({
+      _id: "_design/database",
+      indexes: {
+        [INDEX_NAME]: {
+          index: index,
+          analyzer: "standard",
+        },
+      },
+    })
+    expect(response.ok).toBe(true)
+  })
+
+  describe("query builder", () => {
+    it("should be able to perform a basic query", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.setSort("property")
+      builder.setSortOrder("desc")
+      builder.setSortType("string")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(3)
+    })
+
+    it("should handle limits", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.setLimit(1)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a string search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addString("property", "wo")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(3)
+    })
+
+    it("should be able to perform a range search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addRange("number", 0, 1)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform an equal search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addEqual("property", "word2")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a not equal search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotEqual("property", "word2")
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform an empty search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addEmpty("number", true)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform a not empty search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotEmpty("number", true)
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a one of search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addOneOf("property", ["word", "word2"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+
+    it("should be able to perform a contains search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addContains("property", ["word"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(1)
+    })
+
+    it("should be able to perform a not contains search", async () => {
+      const builder = new QueryBuilder(dbName, INDEX_NAME)
+      builder.addNotContains("property", ["word2"])
+      const resp = await builder.run()
+      expect(resp.rows.length).toBe(2)
+    })
+  })
+
+  describe("paginated search", () => {
+    it("should be able to perform a paginated search", async () => {
+      const page = await paginatedSearch(
+        dbName,
+        INDEX_NAME,
+        {
+          string: {
+            property: "wo",
+          },
+        },
+        {
+          limit: 1,
+          sort: "property",
+          sortType: "string",
+          sortOrder: "desc",
+        }
+      )
+      expect(page.rows.length).toBe(1)
+      expect(page.hasNextPage).toBe(true)
+      expect(page.bookmark).toBeDefined()
+    })
+  })
+
+  describe("full search", () => {
+    it("should be able to perform a full search", async () => {
+      const page = await fullSearch(
+        dbName,
+        INDEX_NAME,
+        {
+          string: {
+            property: "wo",
+          },
+        },
+        {}
+      )
+      expect(page.rows.length).toBe(3)
+    })
+  })
+})
diff --git a/packages/backend-core/src/db/tests/utils.seq.spec.ts b/packages/backend-core/src/db/tests/utils.seq.spec.ts
deleted file mode 100644
index 83253402f7..0000000000
--- a/packages/backend-core/src/db/tests/utils.seq.spec.ts
+++ /dev/null
@@ -1,190 +0,0 @@
-require("../../../tests")
-const {
-  getDevelopmentAppID,
-  getProdAppID,
-  isDevAppID,
-  isProdAppID,
-} = require("../conversions")
-const { generateAppID, getPlatformUrl, getScopedConfig } = require("../utils")
-const tenancy = require("../../tenancy")
-const { Config, DEFAULT_TENANT_ID } = require("../../constants")
-import { generator } from "../../../tests"
-import env from "../../environment"
-
-describe("utils", () => {
-  describe("app ID manipulation", () => {
-    function getID() {
-      const appId = generateAppID()
-      const split = appId.split("_")
-      const uuid = split[split.length - 1]
-      const devAppId = `app_dev_${uuid}`
-      return { appId, devAppId, split, uuid }
-    }
-
-    it("should be able to generate a new app ID", () => {
-      expect(generateAppID().startsWith("app_")).toEqual(true)
-    })
-
-    it("should be able to convert a production app ID to development", () => {
-      const { appId, uuid } = getID()
-      expect(getDevelopmentAppID(appId)).toEqual(`app_dev_${uuid}`)
-    })
-
-    it("should be able to convert a development app ID to development", () => {
-      const { devAppId, uuid } = getID()
-      expect(getDevelopmentAppID(devAppId)).toEqual(`app_dev_${uuid}`)
-    })
-
-    it("should be able to convert a development ID to a production", () => {
-      const { devAppId, uuid } = getID()
-      expect(getProdAppID(devAppId)).toEqual(`app_${uuid}`)
-    })
-
-    it("should be able to convert a production ID to production", () => {
-      const { appId, uuid } = getID()
-      expect(getProdAppID(appId)).toEqual(`app_${uuid}`)
-    })
-
-    it("should be able to confirm dev app ID is development", () => {
-      const { devAppId } = getID()
-      expect(isDevAppID(devAppId)).toEqual(true)
-    })
-
-    it("should be able to confirm prod app ID is not development", () => {
-      const { appId } = getID()
-      expect(isDevAppID(appId)).toEqual(false)
-    })
-
-    it("should be able to confirm prod app ID is prod", () => {
-      const { appId } = getID()
-      expect(isProdAppID(appId)).toEqual(true)
-    })
-
-    it("should be able to confirm dev app ID is not prod", () => {
-      const { devAppId } = getID()
-      expect(isProdAppID(devAppId)).toEqual(false)
-    })
-  })
-})
-
-const DEFAULT_URL = "http://localhost:10000"
-const ENV_URL = "http://env.com"
-
-const setDbPlatformUrl = async (dbUrl: string) => {
-  const db = tenancy.getGlobalDB()
-  await db.put({
-    _id: "config_settings",
-    type: Config.SETTINGS,
-    config: {
-      platformUrl: dbUrl,
-    },
-  })
-}
-
-const clearSettingsConfig = async () => {
-  await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-    const db = tenancy.getGlobalDB()
-    try {
-      const config = await db.get("config_settings")
-      await db.remove("config_settings", config._rev)
-    } catch (e: any) {
-      if (e.status !== 404) {
-        throw e
-      }
-    }
-  })
-}
-
-describe("getPlatformUrl", () => {
-  describe("self host", () => {
-    beforeEach(async () => {
-      env._set("SELF_HOST", 1)
-      await clearSettingsConfig()
-    })
-
-    it("gets the default url", async () => {
-      await tenancy.doInTenant(null, async () => {
-        const url = await getPlatformUrl()
-        expect(url).toBe(DEFAULT_URL)
-      })
-    })
-
-    it("gets the platform url from the environment", async () => {
-      await tenancy.doInTenant(null, async () => {
-        env._set("PLATFORM_URL", ENV_URL)
-        const url = await getPlatformUrl()
-        expect(url).toBe(ENV_URL)
-      })
-    })
-
-    it("gets the platform url from the database", async () => {
-      await tenancy.doInTenant(null, async () => {
-        const dbUrl = generator.url()
-        await setDbPlatformUrl(dbUrl)
-        const url = await getPlatformUrl()
-        expect(url).toBe(dbUrl)
-      })
-    })
-  })
-
-  describe("cloud", () => {
-    const TENANT_AWARE_URL = "http://default.env.com"
-
-    beforeEach(async () => {
-      env._set("SELF_HOSTED", 0)
-      env._set("MULTI_TENANCY", 1)
-      env._set("PLATFORM_URL", ENV_URL)
-      await clearSettingsConfig()
-    })
-
-    it("gets the platform url from the environment without tenancy", async () => {
-      await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-        const url = await getPlatformUrl({ tenantAware: false })
-        expect(url).toBe(ENV_URL)
-      })
-    })
-
-    it("gets the platform url from the environment with tenancy", async () => {
-      await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-        const url = await getPlatformUrl()
-        expect(url).toBe(TENANT_AWARE_URL)
-      })
-    })
-
-    it("never gets the platform url from the database", async () => {
-      await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-        await setDbPlatformUrl(generator.url())
-        const url = await getPlatformUrl()
-        expect(url).toBe(TENANT_AWARE_URL)
-      })
-    })
-  })
-})
-
-describe("getScopedConfig", () => {
-  describe("settings config", () => {
-    beforeEach(async () => {
-      env._set("SELF_HOSTED", 1)
-      env._set("PLATFORM_URL", "")
-      await clearSettingsConfig()
-    })
-
-    it("returns the platform url with an existing config", async () => {
-      await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-        const dbUrl = generator.url()
-        await setDbPlatformUrl(dbUrl)
-        const db = tenancy.getGlobalDB()
-        const config = await getScopedConfig(db, { type: Config.SETTINGS })
-        expect(config.platformUrl).toBe(dbUrl)
-      })
-    })
-
-    it("returns the platform url without an existing config", async () => {
-      await tenancy.doInTenant(DEFAULT_TENANT_ID, async () => {
-        const db = tenancy.getGlobalDB()
-        const config = await getScopedConfig(db, { type: Config.SETTINGS })
-        expect(config.platformUrl).toBe(DEFAULT_URL)
-      })
-    })
-  })
-})
diff --git a/packages/backend-core/src/db/tests/utils.spec.ts b/packages/backend-core/src/db/tests/utils.spec.ts
new file mode 100644
index 0000000000..138457c65e
--- /dev/null
+++ b/packages/backend-core/src/db/tests/utils.spec.ts
@@ -0,0 +1,63 @@
+import {
+  getDevelopmentAppID,
+  getProdAppID,
+  isDevAppID,
+  isProdAppID,
+} from "../conversions"
+import { generateAppID } from "../utils"
+
+describe("utils", () => {
+  describe("generateAppID", () => {
+    function getID() {
+      const appId = generateAppID()
+      const split = appId.split("_")
+      const uuid = split[split.length - 1]
+      const devAppId = `app_dev_${uuid}`
+      return { appId, devAppId, split, uuid }
+    }
+
+    it("should be able to generate a new app ID", () => {
+      expect(generateAppID().startsWith("app_")).toEqual(true)
+    })
+
+    it("should be able to convert a production app ID to development", () => {
+      const { appId, uuid } = getID()
+      expect(getDevelopmentAppID(appId)).toEqual(`app_dev_${uuid}`)
+    })
+
+    it("should be able to convert a development app ID to development", () => {
+      const { devAppId, uuid } = getID()
+      expect(getDevelopmentAppID(devAppId)).toEqual(`app_dev_${uuid}`)
+    })
+
+    it("should be able to convert a development ID to a production", () => {
+      const { devAppId, uuid } = getID()
+      expect(getProdAppID(devAppId)).toEqual(`app_${uuid}`)
+    })
+
+    it("should be able to convert a production ID to production", () => {
+      const { appId, uuid } = getID()
+      expect(getProdAppID(appId)).toEqual(`app_${uuid}`)
+    })
+
+    it("should be able to confirm dev app ID is development", () => {
+      const { devAppId } = getID()
+      expect(isDevAppID(devAppId)).toEqual(true)
+    })
+
+    it("should be able to confirm prod app ID is not development", () => {
+      const { appId } = getID()
+      expect(isDevAppID(appId)).toEqual(false)
+    })
+
+    it("should be able to confirm prod app ID is prod", () => {
+      const { appId } = getID()
+      expect(isProdAppID(appId)).toEqual(true)
+    })
+
+    it("should be able to confirm dev app ID is not prod", () => {
+      const { devAppId } = getID()
+      expect(isProdAppID(devAppId)).toEqual(false)
+    })
+  })
+})
diff --git a/packages/backend-core/src/db/utils.ts b/packages/backend-core/src/db/utils.ts
index 233d044eaa..76c52d08ad 100644
--- a/packages/backend-core/src/db/utils.ts
+++ b/packages/backend-core/src/db/utils.ts
@@ -9,12 +9,11 @@ import {
   InternalTable,
   APP_PREFIX,
 } from "../constants"
-import { getTenantId, getGlobalDB, getGlobalDBName } from "../context"
+import { getTenantId, getGlobalDBName } from "../context"
 import { doWithDB, directCouchAllDbs } from "./db"
 import { getAppMetadata } from "../cache/appMetadata"
 import { isDevApp, isDevAppID, getProdAppID } from "./conversions"
-import * as events from "../events"
-import { App, Database, ConfigType, isSettingsConfig } from "@budibase/types"
+import { App, Database } from "@budibase/types"
 
 /**
  * Generates a new app ID.
@@ -366,6 +365,16 @@ export async function getAllApps({
   }
 }
 
+export async function getAppsByIDs(appIds: string[]) {
+  const settled = await Promise.allSettled(
+    appIds.map(appId => getAppMetadata(appId))
+  )
+  // have to list the apps which exist, some may have been deleted
+  return settled
+    .filter(promise => promise.status === "fulfilled")
+    .map(promise => (promise as PromiseFulfilledResult<App>).value)
+}
+
 /**
  * Utility function for getAllApps but filters to production apps only.
  */
@@ -382,6 +391,16 @@ export async function getDevAppIDs() {
   return apps.filter((id: any) => isDevAppID(id))
 }
 
+export function isSameAppID(
+  appId1: string | undefined,
+  appId2: string | undefined
+) {
+  if (appId1 == undefined || appId2 == undefined) {
+    return false
+  }
+  return getProdAppID(appId1) === getProdAppID(appId2)
+}
+
 export async function dbExists(dbName: any) {
   return doWithDB(
     dbName,
@@ -392,32 +411,6 @@ export async function dbExists(dbName: any) {
   )
 }
 
-/**
- * Generates a new configuration ID.
- * @returns {string} The new configuration ID which the config doc can be stored under.
- */
-export const generateConfigID = ({ type, workspace, user }: any) => {
-  const scope = [type, workspace, user].filter(Boolean).join(SEPARATOR)
-
-  return `${DocumentType.CONFIG}${SEPARATOR}${scope}`
-}
-
-/**
- * Gets parameters for retrieving configurations.
- */
-export const getConfigParams = (
-  { type, workspace, user }: any,
-  otherProps = {}
-) => {
-  const scope = [type, workspace, user].filter(Boolean).join(SEPARATOR)
-
-  return {
-    ...otherProps,
-    startkey: `${DocumentType.CONFIG}${SEPARATOR}${scope}`,
-    endkey: `${DocumentType.CONFIG}${SEPARATOR}${scope}${UNICODE_MAX}`,
-  }
-}
-
 /**
  * Generates a new dev info document ID - this is scoped to a user.
  * @returns {string} The new dev info ID which info for dev (like api key) can be stored under.
@@ -441,109 +434,6 @@ export const getPluginParams = (pluginId?: string | null, otherProps = {}) => {
   return getDocParams(DocumentType.PLUGIN, pluginId, otherProps)
 }
 
-/**
- * Returns the most granular configuration document from the DB based on the type, workspace and userID passed.
- * @param {Object} db - db instance to query
- * @param {Object} scopes - the type, workspace and userID scopes of the configuration.
- * @returns The most granular configuration document based on the scope.
- */
-export const getScopedFullConfig = async function (
-  db: any,
-  { type, user, workspace }: any
-) {
-  const response = await db.allDocs(
-    getConfigParams(
-      { type, user, workspace },
-      {
-        include_docs: true,
-      }
-    )
-  )
-
-  function determineScore(row: any) {
-    const config = row.doc
-
-    // Config is specific to a user and a workspace
-    if (config._id.includes(generateConfigID({ type, user, workspace }))) {
-      return 4
-    } else if (config._id.includes(generateConfigID({ type, user }))) {
-      // Config is specific to a user only
-      return 3
-    } else if (config._id.includes(generateConfigID({ type, workspace }))) {
-      // Config is specific to a workspace only
-      return 2
-    } else if (config._id.includes(generateConfigID({ type }))) {
-      // Config is specific to a type only
-      return 1
-    }
-    return 0
-  }
-
-  // Find the config with the most granular scope based on context
-  let scopedConfig = response.rows.sort(
-    (a: any, b: any) => determineScore(a) - determineScore(b)
-  )[0]
-
-  // custom logic for settings doc
-  if (type === ConfigType.SETTINGS) {
-    if (!scopedConfig || !scopedConfig.doc) {
-      // defaults
-      scopedConfig = {
-        doc: {
-          _id: generateConfigID({ type, user, workspace }),
-          type: ConfigType.SETTINGS,
-          config: {
-            platformUrl: await getPlatformUrl({ tenantAware: true }),
-            analyticsEnabled: await events.analytics.enabled(),
-          },
-        },
-      }
-    }
-
-    // will always be true - use assertion function to get type access
-    if (isSettingsConfig(scopedConfig.doc)) {
-      // overrides affected by environment
-      scopedConfig.doc.config.platformUrl = await getPlatformUrl({
-        tenantAware: true,
-      })
-      scopedConfig.doc.config.analyticsEnabled =
-        await events.analytics.enabled()
-    }
-  }
-
-  return scopedConfig && scopedConfig.doc
-}
-
-export const getPlatformUrl = async (opts = { tenantAware: true }) => {
-  let platformUrl = env.PLATFORM_URL || "http://localhost:10000"
-
-  if (!env.SELF_HOSTED && env.MULTI_TENANCY && opts.tenantAware) {
-    // cloud and multi tenant - add the tenant to the default platform url
-    const tenantId = getTenantId()
-    if (!platformUrl.includes("localhost:")) {
-      platformUrl = platformUrl.replace("://", `://${tenantId}.`)
-    }
-  } else if (env.SELF_HOSTED) {
-    const db = getGlobalDB()
-    // get the doc directly instead of with getScopedConfig to prevent loop
-    let settings
-    try {
-      settings = await db.get(generateConfigID({ type: ConfigType.SETTINGS }))
-    } catch (e: any) {
-      if (e.status !== 404) {
-        throw e
-      }
-    }
-
-    // self hosted - check for platform url override
-    if (settings && settings.config && settings.config.platformUrl) {
-      platformUrl = settings.config.platformUrl
-    }
-  }
-
-  return platformUrl
-}
-
 export function pagination(
   data: any[],
   pageSize: number,
@@ -577,8 +467,3 @@ export function pagination(
     nextPage,
   }
 }
-
-export async function getScopedConfig(db: any, params: any) {
-  const configDoc = await getScopedFullConfig(db, params)
-  return configDoc && configDoc.config ? configDoc.config : configDoc
-}
diff --git a/packages/backend-core/src/db/views.ts b/packages/backend-core/src/db/views.ts
index 4a87be0a68..8a2c2e7efd 100644
--- a/packages/backend-core/src/db/views.ts
+++ b/packages/backend-core/src/db/views.ts
@@ -1,13 +1,14 @@
 import {
-  DocumentType,
-  ViewName,
   DeprecatedViews,
+  DocumentType,
   SEPARATOR,
   StaticDatabases,
+  ViewName,
 } from "../constants"
 import { getGlobalDB } from "../context"
 import { doWithDB } from "./"
 import { Database, DatabaseQueryOpts } from "@budibase/types"
+import env from "../environment"
 
 const DESIGN_DB = "_design/database"
 
@@ -69,17 +70,6 @@ export const createNewUserEmailView = async () => {
   await createView(db, viewJs, ViewName.USER_BY_EMAIL)
 }
 
-export const createAccountEmailView = async () => {
-  const viewJs = `function(doc) {
-    if (doc._id.startsWith("${DocumentType.ACCOUNT_METADATA}${SEPARATOR}")) {
-      emit(doc.email.toLowerCase(), doc._id)
-    }
-  }`
-  await doWithDB(StaticDatabases.PLATFORM_INFO.name, async (db: Database) => {
-    await createView(db, viewJs, ViewName.ACCOUNT_BY_EMAIL)
-  })
-}
-
 export const createUserAppView = async () => {
   const db = getGlobalDB()
   const viewJs = `function(doc) {
@@ -113,17 +103,6 @@ export const createUserBuildersView = async () => {
   await createView(db, viewJs, ViewName.USER_BY_BUILDERS)
 }
 
-export const createPlatformUserView = async () => {
-  const viewJs = `function(doc) {
-    if (doc.tenantId) {
-      emit(doc._id.toLowerCase(), doc._id)
-    }
-  }`
-  await doWithDB(StaticDatabases.PLATFORM_INFO.name, async (db: Database) => {
-    await createView(db, viewJs, ViewName.PLATFORM_USERS_LOWERCASE)
-  })
-}
-
 export interface QueryViewOptions {
   arrayResponse?: boolean
 }
@@ -162,13 +141,48 @@ export const queryView = async <T>(
   }
 }
 
+// PLATFORM
+
+async function createPlatformView(viewJs: string, viewName: ViewName) {
+  try {
+    await doWithDB(StaticDatabases.PLATFORM_INFO.name, async (db: Database) => {
+      await createView(db, viewJs, viewName)
+    })
+  } catch (e: any) {
+    if (e.status === 409 && env.isTest()) {
+      // multiple tests can try to initialise platforms views
+      // at once - safe to exit on conflict
+      return
+    }
+    throw e
+  }
+}
+
+export const createPlatformAccountEmailView = async () => {
+  const viewJs = `function(doc) {
+    if (doc._id.startsWith("${DocumentType.ACCOUNT_METADATA}${SEPARATOR}")) {
+      emit(doc.email.toLowerCase(), doc._id)
+    }
+  }`
+  await createPlatformView(viewJs, ViewName.ACCOUNT_BY_EMAIL)
+}
+
+export const createPlatformUserView = async () => {
+  const viewJs = `function(doc) {
+    if (doc.tenantId) {
+      emit(doc._id.toLowerCase(), doc._id)
+    }
+  }`
+  await createPlatformView(viewJs, ViewName.PLATFORM_USERS_LOWERCASE)
+}
+
 export const queryPlatformView = async <T>(
   viewName: ViewName,
   params: DatabaseQueryOpts,
   opts?: QueryViewOptions
 ): Promise<T[] | T | undefined> => {
   const CreateFuncByName: any = {
-    [ViewName.ACCOUNT_BY_EMAIL]: createAccountEmailView,
+    [ViewName.ACCOUNT_BY_EMAIL]: createPlatformAccountEmailView,
     [ViewName.PLATFORM_USERS_LOWERCASE]: createPlatformUserView,
   }
 
diff --git a/packages/backend-core/src/environment.ts b/packages/backend-core/src/environment.ts
index d742ca1cc9..8dc2cce487 100644
--- a/packages/backend-core/src/environment.ts
+++ b/packages/backend-core/src/environment.ts
@@ -28,6 +28,8 @@ const DefaultBucketName = {
   PLUGINS: "plugins",
 }
 
+const selfHosted = !!parseInt(process.env.SELF_HOSTED || "")
+
 const environment = {
   isTest,
   isJest,
@@ -44,8 +46,9 @@ const environment = {
   GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
   GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET,
   SALT_ROUNDS: process.env.SALT_ROUNDS,
-  REDIS_URL: process.env.REDIS_URL,
-  REDIS_PASSWORD: process.env.REDIS_PASSWORD,
+  REDIS_URL: process.env.REDIS_URL || "localhost:6379",
+  REDIS_PASSWORD: process.env.REDIS_PASSWORD || "budibase",
+  MOCK_REDIS: process.env.MOCK_REDIS,
   MINIO_ACCESS_KEY: process.env.MINIO_ACCESS_KEY,
   MINIO_SECRET_KEY: process.env.MINIO_SECRET_KEY,
   AWS_REGION: process.env.AWS_REGION,
@@ -57,7 +60,7 @@ const environment = {
     process.env.ACCOUNT_PORTAL_URL || "https://account.budibase.app",
   ACCOUNT_PORTAL_API_KEY: process.env.ACCOUNT_PORTAL_API_KEY || "",
   DISABLE_ACCOUNT_PORTAL: process.env.DISABLE_ACCOUNT_PORTAL,
-  SELF_HOSTED: !!parseInt(process.env.SELF_HOSTED || ""),
+  SELF_HOSTED: selfHosted,
   COOKIE_DOMAIN: process.env.COOKIE_DOMAIN,
   PLATFORM_URL: process.env.PLATFORM_URL || "",
   POSTHOG_TOKEN: process.env.POSTHOG_TOKEN,
@@ -82,6 +85,24 @@ const environment = {
   SESSION_UPDATE_PERIOD: process.env.SESSION_UPDATE_PERIOD,
   DEPLOYMENT_ENVIRONMENT:
     process.env.DEPLOYMENT_ENVIRONMENT || "docker-compose",
+  ENABLE_4XX_HTTP_LOGGING: process.env.ENABLE_4XX_HTTP_LOGGING || true,
+  ENABLE_AUDIT_LOG_IP_ADDR: process.env.ENABLE_AUDIT_LOG_IP_ADDR,
+  // smtp
+  SMTP_FALLBACK_ENABLED: process.env.SMTP_FALLBACK_ENABLED,
+  SMTP_USER: process.env.SMTP_USER,
+  SMTP_PASSWORD: process.env.SMTP_PASSWORD,
+  SMTP_HOST: process.env.SMTP_HOST,
+  SMTP_PORT: parseInt(process.env.SMTP_PORT || ""),
+  SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
+  DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
+  /**
+   * Enable to allow an admin user to login using a password.
+   * This can be useful to prevent lockout when configuring SSO.
+   * However, this should be turned OFF by default for security purposes.
+   */
+  ENABLE_SSO_MAINTENANCE_MODE: selfHosted
+    ? process.env.ENABLE_SSO_MAINTENANCE_MODE
+    : false,
   _set(key: any, value: any) {
     process.env[key] = value
     // @ts-ignore
diff --git a/packages/backend-core/src/events/analytics.ts b/packages/backend-core/src/events/analytics.ts
index f621a9c98b..dcfd6d5104 100644
--- a/packages/backend-core/src/events/analytics.ts
+++ b/packages/backend-core/src/events/analytics.ts
@@ -1,55 +1,6 @@
-import env from "../environment"
-import * as tenancy from "../tenancy"
-import * as dbUtils from "../db/utils"
-import { Config } from "../constants"
-import { withCache, TTL, CacheKey } from "../cache"
+import * as configs from "../configs"
 
+// wrapper utility function
 export const enabled = async () => {
-  // cloud - always use the environment variable
-  if (!env.SELF_HOSTED) {
-    return !!env.ENABLE_ANALYTICS
-  }
-
-  // self host - prefer the settings doc
-  // use cache as events have high throughput
-  const enabledInDB = await withCache(
-    CacheKey.ANALYTICS_ENABLED,
-    TTL.ONE_DAY,
-    async () => {
-      const settings = await getSettingsDoc()
-
-      // need to do explicit checks in case the field is not set
-      if (settings?.config?.analyticsEnabled === false) {
-        return false
-      } else if (settings?.config?.analyticsEnabled === true) {
-        return true
-      }
-    }
-  )
-
-  if (enabledInDB !== undefined) {
-    return enabledInDB
-  }
-
-  // fallback to the environment variable
-  // explicitly check for 0 or false here, undefined or otherwise is treated as true
-  const envEnabled: any = env.ENABLE_ANALYTICS
-  if (envEnabled === 0 || envEnabled === false) {
-    return false
-  } else {
-    return true
-  }
-}
-
-const getSettingsDoc = async () => {
-  const db = tenancy.getGlobalDB()
-  let settings
-  try {
-    settings = await db.get(dbUtils.generateConfigID({ type: Config.SETTINGS }))
-  } catch (e: any) {
-    if (e.status !== 404) {
-      throw e
-    }
-  }
-  return settings
+  return configs.analyticsEnabled()
 }
diff --git a/packages/backend-core/src/events/events.ts b/packages/backend-core/src/events/events.ts
index 01928221a0..c2f7cf66ec 100644
--- a/packages/backend-core/src/events/events.ts
+++ b/packages/backend-core/src/events/events.ts
@@ -1,4 +1,4 @@
-import { Event } from "@budibase/types"
+import { Event, AuditedEventFriendlyName } from "@budibase/types"
 import { processors } from "./processors"
 import identification from "./identification"
 import * as backfill from "./backfill"
diff --git a/packages/backend-core/src/events/identification.ts b/packages/backend-core/src/events/identification.ts
index 8ac22b471c..9534fb293d 100644
--- a/packages/backend-core/src/events/identification.ts
+++ b/packages/backend-core/src/events/identification.ts
@@ -10,18 +10,17 @@ import {
   isCloudAccount,
   isSSOAccount,
   TenantGroup,
-  SettingsConfig,
   CloudAccount,
   UserIdentity,
   InstallationGroup,
   UserContext,
   Group,
+  isSSOUser,
 } from "@budibase/types"
 import { processors } from "./processors"
-import * as dbUtils from "../db/utils"
-import { Config } from "../constants"
 import { newid } from "../utils"
 import * as installation from "../installation"
+import * as configs from "../configs"
 import { withCache, TTL, CacheKey } from "../cache/generic"
 
 const pkg = require("../../package.json")
@@ -88,6 +87,7 @@ const getCurrentIdentity = async (): Promise<Identity> => {
       installationId,
       tenantId,
       environment,
+      hostInfo: userContext.hostInfo,
     }
   } else {
     throw new Error("Unknown identity type")
@@ -166,7 +166,10 @@ const identifyUser = async (
   const type = IdentityType.USER
   let builder = user.builder?.global || false
   let admin = user.admin?.global || false
-  let providerType = user.providerType
+  let providerType
+  if (isSSOUser(user)) {
+    providerType = user.providerType
+  }
   const accountHolder = account?.budibaseUserId === user._id || false
   const verified =
     account && account?.budibaseUserId === user._id ? account.verified : false
@@ -266,9 +269,7 @@ const getUniqueTenantId = async (tenantId: string): Promise<string> => {
   return context.doInTenant(tenantId, () => {
     return withCache(CacheKey.UNIQUE_TENANT_ID, TTL.ONE_DAY, async () => {
       const db = context.getGlobalDB()
-      const config: SettingsConfig = await dbUtils.getScopedFullConfig(db, {
-        type: Config.SETTINGS,
-      })
+      const config = await configs.getSettingsConfigDoc()
 
       let uniqueTenantId: string
       if (config.config.uniqueTenantId) {
diff --git a/packages/backend-core/src/events/processors/AuditLogsProcessor.ts b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts
new file mode 100644
index 0000000000..94b4e1b09f
--- /dev/null
+++ b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts
@@ -0,0 +1,93 @@
+import {
+  Event,
+  Identity,
+  Group,
+  IdentityType,
+  AuditLogQueueEvent,
+  AuditLogFn,
+  HostInfo,
+} from "@budibase/types"
+import { EventProcessor } from "./types"
+import { getAppId, doInTenant, getTenantId } from "../../context"
+import BullQueue from "bull"
+import { createQueue, JobQueue } from "../../queue"
+import { isAudited } from "../../utils"
+import env from "../../environment"
+
+export default class AuditLogsProcessor implements EventProcessor {
+  static auditLogsEnabled = false
+  static auditLogQueue: BullQueue.Queue<AuditLogQueueEvent>
+
+  // can't use constructor as need to return promise
+  static init(fn: AuditLogFn) {
+    AuditLogsProcessor.auditLogsEnabled = true
+    const writeAuditLogs = fn
+    AuditLogsProcessor.auditLogQueue = createQueue<AuditLogQueueEvent>(
+      JobQueue.AUDIT_LOG
+    )
+    return AuditLogsProcessor.auditLogQueue.process(async job => {
+      return doInTenant(job.data.tenantId, async () => {
+        let properties = job.data.properties
+        if (properties.audited) {
+          properties = {
+            ...properties,
+            ...properties.audited,
+          }
+          delete properties.audited
+        }
+
+        // this feature is disabled by default due to privacy requirements
+        // in some countries - available as env var in-case it is desired
+        // in self host deployments
+        let hostInfo: HostInfo | undefined = {}
+        if (env.ENABLE_AUDIT_LOG_IP_ADDR) {
+          hostInfo = job.data.opts.hostInfo
+        }
+
+        await writeAuditLogs(job.data.event, properties, {
+          userId: job.data.opts.userId,
+          timestamp: job.data.opts.timestamp,
+          appId: job.data.opts.appId,
+          hostInfo,
+        })
+      })
+    })
+  }
+
+  async processEvent(
+    event: Event,
+    identity: Identity,
+    properties: any,
+    timestamp?: string
+  ): Promise<void> {
+    if (AuditLogsProcessor.auditLogsEnabled && isAudited(event)) {
+      // only audit log actual events, don't include backfills
+      const userId =
+        identity.type === IdentityType.USER ? identity.id : undefined
+      // add to the event queue, rather than just writing immediately
+      await AuditLogsProcessor.auditLogQueue.add({
+        event,
+        properties,
+        opts: {
+          userId,
+          timestamp,
+          appId: getAppId(),
+          hostInfo: identity.hostInfo,
+        },
+        tenantId: getTenantId(),
+      })
+    }
+  }
+
+  async identify(identity: Identity, timestamp?: string | number) {
+    // no-op
+  }
+
+  async identifyGroup(group: Group, timestamp?: string | number) {
+    // no-op
+  }
+
+  shutdown(): void {
+    AuditLogsProcessor.auditLogQueue?.close()
+  }
+}
diff --git a/packages/backend-core/src/events/processors/index.ts b/packages/backend-core/src/events/processors/index.ts
index 0e75f050db..6646764e47 100644
--- a/packages/backend-core/src/events/processors/index.ts
+++ b/packages/backend-core/src/events/processors/index.ts
@@ -1,8 +1,19 @@
 import AnalyticsProcessor from "./AnalyticsProcessor"
 import LoggingProcessor from "./LoggingProcessor"
+import AuditLogsProcessor from "./AuditLogsProcessor"
 import Processors from "./Processors"
+import { AuditLogFn } from "@budibase/types"
 
 export const analyticsProcessor = new AnalyticsProcessor()
 const loggingProcessor = new LoggingProcessor()
+const auditLogsProcessor = new AuditLogsProcessor()
 
-export const processors = new Processors([analyticsProcessor, loggingProcessor])
+export function init(auditingFn: AuditLogFn) {
+  return AuditLogsProcessor.init(auditingFn)
+}
+
+export const processors = new Processors([
+  analyticsProcessor,
+  loggingProcessor,
+  auditLogsProcessor,
+])
diff --git a/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts b/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
index 593e5ff082..0dbe70d543 100644
--- a/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
+++ b/packages/backend-core/src/events/processors/posthog/PosthogProcessor.ts
@@ -47,6 +47,8 @@ export default class PosthogProcessor implements EventProcessor {
       return
     }
 
+    properties = this.clearPIIProperties(properties)
+
     properties.version = pkg.version
     properties.service = env.SERVICE
     properties.environment = identity.environment
@@ -79,6 +81,16 @@ export default class PosthogProcessor implements EventProcessor {
     this.posthog.capture(payload)
   }
 
+  clearPIIProperties(properties: any) {
+    if (properties.email) {
+      delete properties.email
+    }
+    if (properties.audited) {
+      delete properties.audited
+    }
+    return properties
+  }
+
   async identify(identity: Identity, timestamp?: string | number) {
     const payload: any = { distinctId: identity.id, properties: identity }
     if (timestamp) {
diff --git a/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts b/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
index 349a0427ac..8df4e40bcf 100644
--- a/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
+++ b/packages/backend-core/src/events/processors/posthog/tests/PosthogProcessor.spec.ts
@@ -1,4 +1,4 @@
-import "../../../../../tests"
+import { testEnv } from "../../../../../tests"
 import PosthogProcessor from "../PosthogProcessor"
 import { Event, IdentityType, Hosting } from "@budibase/types"
 const tk = require("timekeeper")
@@ -16,6 +16,10 @@ const newIdentity = () => {
 }
 
 describe("PosthogProcessor", () => {
+  beforeAll(() => {
+    testEnv.singleTenant()
+  })
+
   beforeEach(async () => {
     jest.clearAllMocks()
     await cache.bustCache(
@@ -45,6 +49,25 @@ describe("PosthogProcessor", () => {
       expect(processor.posthog.capture).toHaveBeenCalledTimes(0)
     })
 
+    it("removes audited information", async () => {
+      const processor = new PosthogProcessor("test")
+
+      const identity = newIdentity()
+      const properties = {
+        email: "test",
+        audited: {
+          name: "test",
+        },
+      }
+
+      await processor.processEvent(Event.USER_CREATED, identity, properties)
+      expect(processor.posthog.capture).toHaveBeenCalled()
+      // @ts-ignore
+      const call = processor.posthog.capture.mock.calls[0][0]
+      expect(call.properties.audited).toBeUndefined()
+      expect(call.properties.email).toBeUndefined()
+    })
+
     describe("rate limiting", () => {
       it("sends daily event once in same day", async () => {
         const processor = new PosthogProcessor("test")
diff --git a/packages/backend-core/src/events/publishers/app.ts b/packages/backend-core/src/events/publishers/app.ts
index 90da21f3f5..d08d59b5f1 100644
--- a/packages/backend-core/src/events/publishers/app.ts
+++ b/packages/backend-core/src/events/publishers/app.ts
@@ -19,6 +19,9 @@ const created = async (app: App, timestamp?: string | number) => {
   const properties: AppCreatedEvent = {
     appId: app.appId,
     version: app.version,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_CREATED, properties, timestamp)
 }
@@ -27,6 +30,9 @@ async function updated(app: App) {
   const properties: AppUpdatedEvent = {
     appId: app.appId,
     version: app.version,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_UPDATED, properties)
 }
@@ -34,6 +40,9 @@ async function updated(app: App) {
 async function deleted(app: App) {
   const properties: AppDeletedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_DELETED, properties)
 }
@@ -41,6 +50,9 @@ async function deleted(app: App) {
 async function published(app: App, timestamp?: string | number) {
   const properties: AppPublishedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_PUBLISHED, properties, timestamp)
 }
@@ -48,6 +60,9 @@ async function published(app: App, timestamp?: string | number) {
 async function unpublished(app: App) {
   const properties: AppUnpublishedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_UNPUBLISHED, properties)
 }
@@ -55,6 +70,9 @@ async function unpublished(app: App) {
 async function fileImported(app: App) {
   const properties: AppFileImportedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_FILE_IMPORTED, properties)
 }
@@ -63,6 +81,9 @@ async function templateImported(app: App, templateKey: string) {
   const properties: AppTemplateImportedEvent = {
     appId: app.appId,
     templateKey,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_TEMPLATE_IMPORTED, properties)
 }
@@ -76,6 +97,9 @@ async function versionUpdated(
     appId: app.appId,
     currentVersion,
     updatedToVersion,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_VERSION_UPDATED, properties)
 }
@@ -89,6 +113,9 @@ async function versionReverted(
     appId: app.appId,
     currentVersion,
     revertedToVersion,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_VERSION_REVERTED, properties)
 }
@@ -96,6 +123,9 @@ async function versionReverted(
 async function reverted(app: App) {
   const properties: AppRevertedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_REVERTED, properties)
 }
@@ -103,6 +133,9 @@ async function reverted(app: App) {
 async function exported(app: App) {
   const properties: AppExportedEvent = {
     appId: app.appId,
+    audited: {
+      name: app.name,
+    },
   }
   await publishEvent(Event.APP_EXPORTED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/auditLog.ts b/packages/backend-core/src/events/publishers/auditLog.ts
new file mode 100644
index 0000000000..7cfb76147a
--- /dev/null
+++ b/packages/backend-core/src/events/publishers/auditLog.ts
@@ -0,0 +1,26 @@
+import {
+  Event,
+  AuditLogSearchParams,
+  AuditLogFilteredEvent,
+  AuditLogDownloadedEvent,
+} from "@budibase/types"
+import { publishEvent } from "../events"
+
+async function filtered(search: AuditLogSearchParams) {
+  const properties: AuditLogFilteredEvent = {
+    filters: search,
+  }
+  await publishEvent(Event.AUDIT_LOGS_FILTERED, properties)
+}
+
+async function downloaded(search: AuditLogSearchParams) {
+  const properties: AuditLogDownloadedEvent = {
+    filters: search,
+  }
+  await publishEvent(Event.AUDIT_LOGS_DOWNLOADED, properties)
+}
+
+export default {
+  filtered,
+  downloaded,
+}
diff --git a/packages/backend-core/src/events/publishers/auth.ts b/packages/backend-core/src/events/publishers/auth.ts
index 4436045599..e275d2dbb0 100644
--- a/packages/backend-core/src/events/publishers/auth.ts
+++ b/packages/backend-core/src/events/publishers/auth.ts
@@ -12,19 +12,25 @@ import {
 } from "@budibase/types"
 import { identification } from ".."
 
-async function login(source: LoginSource) {
+async function login(source: LoginSource, email: string) {
   const identity = await identification.getCurrentIdentity()
   const properties: LoginEvent = {
     userId: identity.id,
     source,
+    audited: {
+      email,
+    },
   }
   await publishEvent(Event.AUTH_LOGIN, properties)
 }
 
-async function logout() {
+async function logout(email?: string) {
   const identity = await identification.getCurrentIdentity()
   const properties: LogoutEvent = {
     userId: identity.id,
+    audited: {
+      email,
+    },
   }
   await publishEvent(Event.AUTH_LOGOUT, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/automation.ts b/packages/backend-core/src/events/publishers/automation.ts
index 6eb36ab067..419d4136bd 100644
--- a/packages/backend-core/src/events/publishers/automation.ts
+++ b/packages/backend-core/src/events/publishers/automation.ts
@@ -18,6 +18,9 @@ async function created(automation: Automation, timestamp?: string | number) {
     automationId: automation._id as string,
     triggerId: automation.definition?.trigger?.id,
     triggerType: automation.definition?.trigger?.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_CREATED, properties, timestamp)
 }
@@ -38,6 +41,9 @@ async function deleted(automation: Automation) {
     automationId: automation._id as string,
     triggerId: automation.definition?.trigger?.id,
     triggerType: automation.definition?.trigger?.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_DELETED, properties)
 }
@@ -71,6 +77,9 @@ async function stepCreated(
     triggerType: automation.definition?.trigger?.stepId,
     stepId: step.id!,
     stepType: step.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_STEP_CREATED, properties, timestamp)
 }
@@ -83,6 +92,9 @@ async function stepDeleted(automation: Automation, step: AutomationStep) {
     triggerType: automation.definition?.trigger?.stepId,
     stepId: step.id!,
     stepType: step.stepId,
+    audited: {
+      name: automation.name,
+    },
   }
   await publishEvent(Event.AUTOMATION_STEP_DELETED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/backup.ts b/packages/backend-core/src/events/publishers/backup.ts
index 12263fe1ff..d7d87f09f1 100644
--- a/packages/backend-core/src/events/publishers/backup.ts
+++ b/packages/backend-core/src/events/publishers/backup.ts
@@ -13,6 +13,7 @@ async function appBackupRestored(backup: AppBackup) {
     appId: backup.appId,
     restoreId: backup._id!,
     backupCreatedAt: backup.timestamp,
+    name: backup.name as string,
   }
 
   await publishEvent(Event.APP_BACKUP_RESTORED, properties)
@@ -22,13 +23,15 @@ async function appBackupTriggered(
   appId: string,
   backupId: string,
   type: AppBackupType,
-  trigger: AppBackupTrigger
+  trigger: AppBackupTrigger,
+  name: string
 ) {
   const properties: AppBackupTriggeredEvent = {
     appId: appId,
     backupId,
     type,
     trigger,
+    name,
   }
   await publishEvent(Event.APP_BACKUP_TRIGGERED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/group.ts b/packages/backend-core/src/events/publishers/group.ts
index d79920562b..a000b880a2 100644
--- a/packages/backend-core/src/events/publishers/group.ts
+++ b/packages/backend-core/src/events/publishers/group.ts
@@ -8,12 +8,16 @@ import {
   GroupUsersAddedEvent,
   GroupUsersDeletedEvent,
   GroupAddedOnboardingEvent,
+  GroupPermissionsEditedEvent,
   UserGroupRoles,
 } from "@budibase/types"
 
 async function created(group: UserGroup, timestamp?: number) {
   const properties: GroupCreatedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_CREATED, properties, timestamp)
 }
@@ -21,6 +25,9 @@ async function created(group: UserGroup, timestamp?: number) {
 async function updated(group: UserGroup) {
   const properties: GroupUpdatedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_UPDATED, properties)
 }
@@ -28,6 +35,9 @@ async function updated(group: UserGroup) {
 async function deleted(group: UserGroup) {
   const properties: GroupDeletedEvent = {
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_DELETED, properties)
 }
@@ -36,6 +46,9 @@ async function usersAdded(count: number, group: UserGroup) {
   const properties: GroupUsersAddedEvent = {
     count,
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_USERS_ADDED, properties)
 }
@@ -44,6 +57,9 @@ async function usersDeleted(count: number, group: UserGroup) {
   const properties: GroupUsersDeletedEvent = {
     count,
     groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_USERS_REMOVED, properties)
 }
@@ -56,9 +72,13 @@ async function createdOnboarding(groupId: string) {
   await publishEvent(Event.USER_GROUP_ONBOARDING, properties)
 }
 
-async function permissionsEdited(roles: UserGroupRoles) {
-  const properties: UserGroupRoles = {
-    ...roles,
+async function permissionsEdited(group: UserGroup) {
+  const properties: GroupPermissionsEditedEvent = {
+    permissions: group.roles!,
+    groupId: group._id as string,
+    audited: {
+      name: group.name,
+    },
   }
   await publishEvent(Event.USER_GROUP_PERMISSIONS_EDITED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/index.ts b/packages/backend-core/src/events/publishers/index.ts
index 34e47b2990..87a34bf3f1 100644
--- a/packages/backend-core/src/events/publishers/index.ts
+++ b/packages/backend-core/src/events/publishers/index.ts
@@ -21,3 +21,4 @@ export { default as group } from "./group"
 export { default as plugin } from "./plugin"
 export { default as backup } from "./backup"
 export { default as environmentVariable } from "./environmentVariable"
+export { default as auditLog } from "./auditLog"
diff --git a/packages/backend-core/src/events/publishers/screen.ts b/packages/backend-core/src/events/publishers/screen.ts
index 27264b5847..df486029e8 100644
--- a/packages/backend-core/src/events/publishers/screen.ts
+++ b/packages/backend-core/src/events/publishers/screen.ts
@@ -11,6 +11,9 @@ async function created(screen: Screen, timestamp?: string | number) {
     layoutId: screen.layoutId,
     screenId: screen._id as string,
     roleId: screen.routing.roleId,
+    audited: {
+      name: screen.routing?.route,
+    },
   }
   await publishEvent(Event.SCREEN_CREATED, properties, timestamp)
 }
@@ -20,6 +23,9 @@ async function deleted(screen: Screen) {
     layoutId: screen.layoutId,
     screenId: screen._id as string,
     roleId: screen.routing.roleId,
+    audited: {
+      name: screen.routing?.route,
+    },
   }
   await publishEvent(Event.SCREEN_DELETED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/table.ts b/packages/backend-core/src/events/publishers/table.ts
index d50f4df0e1..dc3200291a 100644
--- a/packages/backend-core/src/events/publishers/table.ts
+++ b/packages/backend-core/src/events/publishers/table.ts
@@ -13,6 +13,9 @@ import {
 async function created(table: Table, timestamp?: string | number) {
   const properties: TableCreatedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_CREATED, properties, timestamp)
 }
@@ -20,6 +23,9 @@ async function created(table: Table, timestamp?: string | number) {
 async function updated(table: Table) {
   const properties: TableUpdatedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_UPDATED, properties)
 }
@@ -27,6 +33,9 @@ async function updated(table: Table) {
 async function deleted(table: Table) {
   const properties: TableDeletedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_DELETED, properties)
 }
@@ -35,6 +44,9 @@ async function exported(table: Table, format: TableExportFormat) {
   const properties: TableExportedEvent = {
     tableId: table._id as string,
     format,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_EXPORTED, properties)
 }
@@ -42,6 +54,9 @@ async function exported(table: Table, format: TableExportFormat) {
 async function imported(table: Table) {
   const properties: TableImportedEvent = {
     tableId: table._id as string,
+    audited: {
+      name: table.name,
+    },
   }
   await publishEvent(Event.TABLE_IMPORTED, properties)
 }
diff --git a/packages/backend-core/src/events/publishers/user.ts b/packages/backend-core/src/events/publishers/user.ts
index 1fe50149b5..8dbc494d1e 100644
--- a/packages/backend-core/src/events/publishers/user.ts
+++ b/packages/backend-core/src/events/publishers/user.ts
@@ -19,6 +19,9 @@ import {
 async function created(user: User, timestamp?: number) {
   const properties: UserCreatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_CREATED, properties, timestamp)
 }
@@ -26,6 +29,9 @@ async function created(user: User, timestamp?: number) {
 async function updated(user: User) {
   const properties: UserUpdatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_UPDATED, properties)
 }
@@ -33,6 +39,9 @@ async function updated(user: User) {
 async function deleted(user: User) {
   const properties: UserDeletedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_DELETED, properties)
 }
@@ -40,6 +49,9 @@ async function deleted(user: User) {
 export async function onboardingComplete(user: User) {
   const properties: UserOnboardingEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_ONBOARDING_COMPLETE, properties)
 }
@@ -49,6 +61,9 @@ export async function onboardingComplete(user: User) {
 async function permissionAdminAssigned(user: User, timestamp?: number) {
   const properties: UserPermissionAssignedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(
     Event.USER_PERMISSION_ADMIN_ASSIGNED,
@@ -60,6 +75,9 @@ async function permissionAdminAssigned(user: User, timestamp?: number) {
 async function permissionAdminRemoved(user: User) {
   const properties: UserPermissionRemovedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PERMISSION_ADMIN_REMOVED, properties)
 }
@@ -67,6 +85,9 @@ async function permissionAdminRemoved(user: User) {
 async function permissionBuilderAssigned(user: User, timestamp?: number) {
   const properties: UserPermissionAssignedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(
     Event.USER_PERMISSION_BUILDER_ASSIGNED,
@@ -78,20 +99,30 @@ async function permissionBuilderAssigned(user: User, timestamp?: number) {
 async function permissionBuilderRemoved(user: User) {
   const properties: UserPermissionRemovedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PERMISSION_BUILDER_REMOVED, properties)
 }
 
 // INVITE
 
-async function invited() {
-  const properties: UserInvitedEvent = {}
+async function invited(email: string) {
+  const properties: UserInvitedEvent = {
+    audited: {
+      email,
+    },
+  }
   await publishEvent(Event.USER_INVITED, properties)
 }
 
 async function inviteAccepted(user: User) {
   const properties: UserInviteAcceptedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_INVITED_ACCEPTED, properties)
 }
@@ -101,6 +132,9 @@ async function inviteAccepted(user: User) {
 async function passwordForceReset(user: User) {
   const properties: UserPasswordForceResetEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_FORCE_RESET, properties)
 }
@@ -108,6 +142,9 @@ async function passwordForceReset(user: User) {
 async function passwordUpdated(user: User) {
   const properties: UserPasswordUpdatedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_UPDATED, properties)
 }
@@ -115,6 +152,9 @@ async function passwordUpdated(user: User) {
 async function passwordResetRequested(user: User) {
   const properties: UserPasswordResetRequestedEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_RESET_REQUESTED, properties)
 }
@@ -122,6 +162,9 @@ async function passwordResetRequested(user: User) {
 async function passwordReset(user: User) {
   const properties: UserPasswordResetEvent = {
     userId: user._id as string,
+    audited: {
+      email: user.email,
+    },
   }
   await publishEvent(Event.USER_PASSWORD_RESET, properties)
 }
diff --git a/packages/backend-core/src/featureFlags/index.ts b/packages/backend-core/src/featureFlags/index.ts
index 34ee3599a5..877cd60e1a 100644
--- a/packages/backend-core/src/featureFlags/index.ts
+++ b/packages/backend-core/src/featureFlags/index.ts
@@ -1,5 +1,5 @@
 import env from "../environment"
-import * as tenancy from "../tenancy"
+import * as context from "../context"
 
 /**
  * Read the TENANT_FEATURE_FLAGS env var and return an array of features flags for each tenant.
@@ -28,7 +28,7 @@ export function buildFeatureFlags() {
 }
 
 export function isEnabled(featureFlag: string) {
-  const tenantId = tenancy.getTenantId()
+  const tenantId = context.getTenantId()
   const flags = getTenantFeatureFlags(tenantId)
   return flags.includes(featureFlag)
 }
diff --git a/packages/backend-core/src/index.ts b/packages/backend-core/src/index.ts
index b38a53e9e4..48569548e3 100644
--- a/packages/backend-core/src/index.ts
+++ b/packages/backend-core/src/index.ts
@@ -1,14 +1,14 @@
+export * as configs from "./configs"
 export * as events from "./events"
 export * as migrations from "./migrations"
 export * as users from "./users"
 export * as roles from "./security/roles"
 export * as permissions from "./security/permissions"
-export * as accounts from "./cloud/accounts"
+export * as accounts from "./accounts"
 export * as installation from "./installation"
-export * as tenancy from "./tenancy"
 export * as featureFlags from "./featureFlags"
 export * as sessions from "./security/sessions"
-export * as deprovisioning from "./context/deprovision"
+export * as platform from "./platform"
 export * as auth from "./auth"
 export * as constants from "./constants"
 export * as logging from "./logging"
@@ -21,9 +21,20 @@ export * as context from "./context"
 export * as cache from "./cache"
 export * as objectStore from "./objectStore"
 export * as redis from "./redis"
+export * as locks from "./redis/redlockImpl"
 export * as utils from "./utils"
 export * as errors from "./errors"
 export { default as env } from "./environment"
+export { SearchParams } from "./db"
+// Add context to tenancy for backwards compatibility
+// only do this for external usages to prevent internal
+// circular dependencies
+import * as context from "./context"
+import * as _tenancy from "./tenancy"
+export const tenancy = {
+  ..._tenancy,
+  ...context,
+}
 
 // expose error classes directly
 export * from "./errors"
@@ -31,10 +42,6 @@ export * from "./errors"
 // expose constants directly
 export * from "./constants"
 
-// expose inner locks from redis directly
-import * as redis from "./redis"
-export const locks = redis.redlock
-
 // expose package init function
 import * as db from "./db"
 export const init = (opts: any = {}) => {
diff --git a/packages/backend-core/src/middleware/authenticated.ts b/packages/backend-core/src/middleware/authenticated.ts
index 3b5e9ae162..0708581570 100644
--- a/packages/backend-core/src/middleware/authenticated.ts
+++ b/packages/backend-core/src/middleware/authenticated.ts
@@ -4,11 +4,11 @@ import { getUser } from "../cache/user"
 import { getSession, updateSessionTTL } from "../security/sessions"
 import { buildMatcherRegex, matches } from "./matchers"
 import { SEPARATOR, queryGlobalView, ViewName } from "../db"
-import { getGlobalDB, doInTenant } from "../tenancy"
+import { getGlobalDB, doInTenant } from "../context"
 import { decrypt } from "../security/encryption"
 import * as identity from "../context/identity"
 import env from "../environment"
-import { BBContext, EndpointMatcher } from "@budibase/types"
+import { Ctx, EndpointMatcher } from "@budibase/types"
 
 const ONE_MINUTE = env.SESSION_UPDATE_PERIOD
   ? parseInt(env.SESSION_UPDATE_PERIOD)
@@ -73,7 +73,7 @@ export default function (
   }
 ) {
   const noAuthOptions = noAuthPatterns ? buildMatcherRegex(noAuthPatterns) : []
-  return async (ctx: BBContext | any, next: any) => {
+  return async (ctx: Ctx | any, next: any) => {
     let publicEndpoint = false
     const version = ctx.request.headers[Header.API_VER]
     // the path is not authenticated
@@ -115,7 +115,8 @@ export default function (
           authenticated = true
         } catch (err: any) {
           authenticated = false
-          console.error("Auth Error", err?.message || err)
+          console.error(`Auth Error: ${err.message}`)
+          console.error(err)
           // remove the cookie as the user does not exist anymore
           clearCookie(ctx, Cookie.Auth)
         }
@@ -148,12 +149,13 @@ export default function (
       finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
 
       if (user && user.email) {
-        return identity.doInUserContext(user, next)
+        return identity.doInUserContext(user, ctx, next)
       } else {
         return next()
       }
     } catch (err: any) {
-      console.error("Auth Error", err?.message || err)
+      console.error(`Auth Error: ${err.message}`)
+      console.error(err)
       // invalid token, clear the cookie
       if (err && err.name === "JsonWebTokenError") {
         clearCookie(ctx, Cookie.Auth)
diff --git a/packages/backend-core/src/middleware/errorHandling.ts b/packages/backend-core/src/middleware/errorHandling.ts
new file mode 100644
index 0000000000..36aff2cdbc
--- /dev/null
+++ b/packages/backend-core/src/middleware/errorHandling.ts
@@ -0,0 +1,29 @@
+import { APIError } from "@budibase/types"
+import * as errors from "../errors"
+import env from "../environment"
+
+export async function errorHandling(ctx: any, next: any) {
+  try {
+    await next()
+  } catch (err: any) {
+    const status = err.status || err.statusCode || 500
+    ctx.status = status
+
+    if (status > 499 || env.ENABLE_4XX_HTTP_LOGGING) {
+      ctx.log.error(err)
+      console.trace(err)
+    }
+
+    const error = errors.getPublicError(err)
+    const body: APIError = {
+      message: err.message,
+      status: status,
+      validationErrors: err.validation,
+      error,
+    }
+
+    ctx.body = body
+  }
+}
+
+export default errorHandling
diff --git a/packages/backend-core/src/middleware/index.ts b/packages/backend-core/src/middleware/index.ts
index 4986cde64b..addeac6a1a 100644
--- a/packages/backend-core/src/middleware/index.ts
+++ b/packages/backend-core/src/middleware/index.ts
@@ -1,7 +1,7 @@
 export * as jwt from "./passport/jwt"
 export * as local from "./passport/local"
-export * as google from "./passport/google"
-export * as oidc from "./passport/oidc"
+export * as google from "./passport/sso/google"
+export * as oidc from "./passport/sso/oidc"
 import * as datasourceGoogle from "./passport/datasource/google"
 export const datasource = {
   google: datasourceGoogle,
@@ -16,4 +16,6 @@ export { default as adminOnly } from "./adminOnly"
 export { default as builderOrAdmin } from "./builderOrAdmin"
 export { default as builderOnly } from "./builderOnly"
 export { default as logging } from "./logging"
+export { default as errorHandling } from "./errorHandling"
+export { default as querystringToBody } from "./querystringToBody"
 export * as joiValidator from "./joi-validator"
diff --git a/packages/backend-core/src/middleware/passport/datasource/google.ts b/packages/backend-core/src/middleware/passport/datasource/google.ts
index 65620d7aa3..32451cb8d2 100644
--- a/packages/backend-core/src/middleware/passport/datasource/google.ts
+++ b/packages/backend-core/src/middleware/passport/datasource/google.ts
@@ -1,10 +1,10 @@
-import * as google from "../google"
-import { Cookie, Config } from "../../../constants"
+import * as google from "../sso/google"
+import { Cookie } from "../../../constants"
 import { clearCookie, getCookie } from "../../../utils"
-import { getScopedConfig, getPlatformUrl, doWithDB } from "../../../db"
-import environment from "../../../environment"
-import { getGlobalDB } from "../../../tenancy"
+import { doWithDB } from "../../../db"
+import * as configs from "../../../configs"
 import { BBContext, Database, SSOProfile } from "@budibase/types"
+import { ssoSaveUserNoOp } from "../sso/sso"
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
 
 type Passport = {
@@ -12,18 +12,12 @@ type Passport = {
 }
 
 async function fetchGoogleCreds() {
-  // try and get the config from the tenant
-  const db = getGlobalDB()
-  const googleConfig = await getScopedConfig(db, {
-    type: Config.GOOGLE,
-  })
-  // or fall back to env variables
-  return (
-    googleConfig || {
-      clientID: environment.GOOGLE_CLIENT_ID,
-      clientSecret: environment.GOOGLE_CLIENT_SECRET,
-    }
-  )
+  let config = await configs.getGoogleDatasourceConfig()
+
+  if (!config) {
+    throw new Error("No google configuration found")
+  }
+  return config
 }
 
 export async function preAuth(
@@ -33,10 +27,14 @@ export async function preAuth(
 ) {
   // get the relevant config
   const googleConfig = await fetchGoogleCreds()
-  const platformUrl = await getPlatformUrl({ tenantAware: false })
+  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
 
   let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
-  const strategy = await google.strategyFactory(googleConfig, callbackUrl)
+  const strategy = await google.strategyFactory(
+    googleConfig,
+    callbackUrl,
+    ssoSaveUserNoOp
+  )
 
   if (!ctx.query.appId || !ctx.query.datasourceId) {
     ctx.throw(400, "appId and datasourceId query params not present.")
@@ -56,7 +54,7 @@ export async function postAuth(
 ) {
   // get the relevant config
   const config = await fetchGoogleCreds()
-  const platformUrl = await getPlatformUrl({ tenantAware: false })
+  const platformUrl = await configs.getPlatformUrl({ tenantAware: false })
 
   let callbackUrl = `${platformUrl}/api/global/auth/datasource/google/callback`
   const authStateCookie = getCookie(ctx, Cookie.DatasourceAuth)
diff --git a/packages/backend-core/src/middleware/passport/local.ts b/packages/backend-core/src/middleware/passport/local.ts
index 8b85d3734c..e198032532 100644
--- a/packages/backend-core/src/middleware/passport/local.ts
+++ b/packages/backend-core/src/middleware/passport/local.ts
@@ -1,15 +1,10 @@
 import { UserStatus } from "../../constants"
-import { compare, newid } from "../../utils"
-import env from "../../environment"
+import { compare } from "../../utils"
 import * as users from "../../users"
 import { authError } from "./utils"
-import { createASession } from "../../security/sessions"
-import { getTenantId } from "../../tenancy"
 import { BBContext } from "@budibase/types"
-const jwt = require("jsonwebtoken")
 
 const INVALID_ERR = "Invalid credentials"
-const SSO_NO_PASSWORD = "SSO user does not have a password set"
 const EXPIRED = "This account has expired. Please reset your password"
 
 export const options = {
@@ -35,50 +30,25 @@ export async function authenticate(
 
   const dbUser = await users.getGlobalUserByEmail(email)
   if (dbUser == null) {
-    return authError(done, `User not found: [${email}]`)
-  }
-
-  // check that the user is currently inactive, if this is the case throw invalid
-  if (dbUser.status === UserStatus.INACTIVE) {
+    console.info(`user=${email} could not be found`)
     return authError(done, INVALID_ERR)
   }
 
-  // check that the user has a stored password before proceeding
-  if (!dbUser.password) {
-    if (
-      (dbUser.account && dbUser.account.authType === "sso") || // root account sso
-      dbUser.thirdPartyProfile // internal sso
-    ) {
-      return authError(done, SSO_NO_PASSWORD)
-    }
+  if (dbUser.status === UserStatus.INACTIVE) {
+    console.info(`user=${email} is inactive`, dbUser)
+    return authError(done, INVALID_ERR)
+  }
 
-    console.error("Non SSO usser has no password set", dbUser)
+  if (!dbUser.password) {
+    console.info(`user=${email} has no password set`, dbUser)
     return authError(done, EXPIRED)
   }
 
-  // authenticate
-  if (await compare(password, dbUser.password)) {
-    const sessionId = newid()
-    const tenantId = getTenantId()
-
-    await createASession(dbUser._id!, { sessionId, tenantId })
-
-    const token = jwt.sign(
-      {
-        userId: dbUser._id,
-        sessionId,
-        tenantId,
-      },
-      env.JWT_SECRET
-    )
-    // Remove users password in payload
-    delete dbUser.password
-
-    return done(null, {
-      ...dbUser,
-      token,
-    })
-  } else {
+  if (!(await compare(password, dbUser.password))) {
     return authError(done, INVALID_ERR)
   }
+
+  // intentionally remove the users password in payload
+  delete dbUser.password
+  return done(null, dbUser)
 }
diff --git a/packages/backend-core/src/middleware/passport/google.ts b/packages/backend-core/src/middleware/passport/sso/google.ts
similarity index 67%
rename from packages/backend-core/src/middleware/passport/google.ts
rename to packages/backend-core/src/middleware/passport/sso/google.ts
index dd3dc8b86d..ad7593e63d 100644
--- a/packages/backend-core/src/middleware/passport/google.ts
+++ b/packages/backend-core/src/middleware/passport/sso/google.ts
@@ -1,18 +1,25 @@
-import { ssoCallbackUrl } from "./utils"
-import { authenticateThirdParty, SaveUserFunction } from "./third-party-common"
-import { ConfigType, GoogleConfig, Database, SSOProfile } from "@budibase/types"
+import { ssoCallbackUrl } from "../utils"
+import * as sso from "./sso"
+import {
+  ConfigType,
+  SSOProfile,
+  SSOAuthDetails,
+  SSOProviderType,
+  SaveSSOUserFunction,
+  GoogleInnerConfig,
+} from "@budibase/types"
 const GoogleStrategy = require("passport-google-oauth").OAuth2Strategy
 
-export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
+export function buildVerifyFn(saveUserFn: SaveSSOUserFunction) {
   return (
     accessToken: string,
     refreshToken: string,
     profile: SSOProfile,
     done: Function
   ) => {
-    const thirdPartyUser = {
-      provider: profile.provider, // should always be 'google'
-      providerType: "google",
+    const details: SSOAuthDetails = {
+      provider: "google",
+      providerType: SSOProviderType.GOOGLE,
       userId: profile.id,
       profile: profile,
       email: profile._json.email,
@@ -22,8 +29,8 @@ export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
       },
     }
 
-    return authenticateThirdParty(
-      thirdPartyUser,
+    return sso.authenticate(
+      details,
       true, // require local accounts to exist
       done,
       saveUserFn
@@ -37,9 +44,9 @@ export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
  * @returns Dynamically configured Passport Google Strategy
  */
 export async function strategyFactory(
-  config: GoogleConfig["config"],
+  config: GoogleInnerConfig,
   callbackUrl: string,
-  saveUserFn?: SaveUserFunction
+  saveUserFn: SaveSSOUserFunction
 ) {
   try {
     const { clientID, clientSecret } = config
@@ -65,9 +72,6 @@ export async function strategyFactory(
   }
 }
 
-export async function getCallbackUrl(
-  db: Database,
-  config: { callbackURL?: string }
-) {
-  return ssoCallbackUrl(db, config, ConfigType.GOOGLE)
+export async function getCallbackUrl(config: GoogleInnerConfig) {
+  return ssoCallbackUrl(ConfigType.GOOGLE, config)
 }
diff --git a/packages/backend-core/src/middleware/passport/oidc.ts b/packages/backend-core/src/middleware/passport/sso/oidc.ts
similarity index 82%
rename from packages/backend-core/src/middleware/passport/oidc.ts
rename to packages/backend-core/src/middleware/passport/sso/oidc.ts
index 7caa177cf0..b6d5eb52e9 100644
--- a/packages/backend-core/src/middleware/passport/oidc.ts
+++ b/packages/backend-core/src/middleware/passport/sso/oidc.ts
@@ -1,22 +1,19 @@
 import fetch from "node-fetch"
-import { authenticateThirdParty, SaveUserFunction } from "./third-party-common"
-import { ssoCallbackUrl } from "./utils"
+import * as sso from "./sso"
+import { ssoCallbackUrl } from "../utils"
 import {
   ConfigType,
-  OIDCInnerCfg,
-  Database,
+  OIDCInnerConfig,
   SSOProfile,
-  ThirdPartyUser,
-  OIDCConfiguration,
+  OIDCStrategyConfiguration,
+  SSOAuthDetails,
+  SSOProviderType,
+  JwtClaims,
+  SaveSSOUserFunction,
 } from "@budibase/types"
 const OIDCStrategy = require("@techpass/passport-openidconnect").Strategy
 
-type JwtClaims = {
-  preferred_username: string
-  email: string
-}
-
-export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
+export function buildVerifyFn(saveUserFn: SaveSSOUserFunction) {
   /**
    * @param {*} issuer The identity provider base URL
    * @param {*} sub The user ID
@@ -39,10 +36,10 @@ export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
     params: any,
     done: Function
   ) => {
-    const thirdPartyUser: ThirdPartyUser = {
+    const details: SSOAuthDetails = {
       // store the issuer info to enable sync in future
       provider: issuer,
-      providerType: "oidc",
+      providerType: SSOProviderType.OIDC,
       userId: profile.id,
       profile: profile,
       email: getEmail(profile, jwtClaims),
@@ -52,8 +49,8 @@ export function buildVerifyFn(saveUserFn?: SaveUserFunction) {
       },
     }
 
-    return authenticateThirdParty(
-      thirdPartyUser,
+    return sso.authenticate(
+      details,
       false, // don't require local accounts to exist
       done,
       saveUserFn
@@ -104,8 +101,8 @@ function validEmail(value: string) {
  * @returns Dynamically configured Passport OIDC Strategy
  */
 export async function strategyFactory(
-  config: OIDCConfiguration,
-  saveUserFn?: SaveUserFunction
+  config: OIDCStrategyConfiguration,
+  saveUserFn: SaveSSOUserFunction
 ) {
   try {
     const verify = buildVerifyFn(saveUserFn)
@@ -119,14 +116,14 @@ export async function strategyFactory(
 }
 
 export async function fetchStrategyConfig(
-  enrichedConfig: OIDCInnerCfg,
+  oidcConfig: OIDCInnerConfig,
   callbackUrl?: string
-): Promise<OIDCConfiguration> {
+): Promise<OIDCStrategyConfiguration> {
   try {
-    const { clientID, clientSecret, configUrl } = enrichedConfig
+    const { clientID, clientSecret, configUrl } = oidcConfig
 
     if (!clientID || !clientSecret || !callbackUrl || !configUrl) {
-      //check for remote config and all required elements
+      // check for remote config and all required elements
       throw new Error(
         "Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl"
       )
@@ -159,9 +156,6 @@ export async function fetchStrategyConfig(
   }
 }
 
-export async function getCallbackUrl(
-  db: Database,
-  config: { callbackURL?: string }
-) {
-  return ssoCallbackUrl(db, config, ConfigType.OIDC)
+export async function getCallbackUrl() {
+  return ssoCallbackUrl(ConfigType.OIDC)
 }
diff --git a/packages/backend-core/src/middleware/passport/sso/sso.ts b/packages/backend-core/src/middleware/passport/sso/sso.ts
new file mode 100644
index 0000000000..2fc1184722
--- /dev/null
+++ b/packages/backend-core/src/middleware/passport/sso/sso.ts
@@ -0,0 +1,165 @@
+import { generateGlobalUserID } from "../../../db"
+import { authError } from "../utils"
+import * as users from "../../../users"
+import * as context from "../../../context"
+import fetch from "node-fetch"
+import {
+  SaveSSOUserFunction,
+  SaveUserOpts,
+  SSOAuthDetails,
+  SSOUser,
+  User,
+} from "@budibase/types"
+
+// no-op function for user save
+// - this allows datasource auth and access token refresh to work correctly
+// - prefer no-op over an optional argument to ensure function is provided to login flows
+export const ssoSaveUserNoOp: SaveSSOUserFunction = (
+  user: SSOUser,
+  opts: SaveUserOpts
+) => Promise.resolve(user)
+
+/**
+ * Common authentication logic for third parties. e.g. OAuth, OIDC.
+ */
+export async function authenticate(
+  details: SSOAuthDetails,
+  requireLocalAccount: boolean = true,
+  done: any,
+  saveUserFn: SaveSSOUserFunction
+) {
+  if (!saveUserFn) {
+    throw new Error("Save user function must be provided")
+  }
+  if (!details.userId) {
+    return authError(done, "sso user id required")
+  }
+  if (!details.email) {
+    return authError(done, "sso user email required")
+  }
+
+  // use the third party id
+  const userId = generateGlobalUserID(details.userId)
+
+  let dbUser: User | undefined
+
+  // try to load by id
+  try {
+    dbUser = await users.getById(userId)
+  } catch (err: any) {
+    // abort when not 404 error
+    if (!err.status || err.status !== 404) {
+      return authError(
+        done,
+        "Unexpected error when retrieving existing user",
+        err
+      )
+    }
+  }
+
+  // fallback to loading by email
+  if (!dbUser) {
+    dbUser = await users.getGlobalUserByEmail(details.email)
+  }
+
+  // exit early if there is still no user and auto creation is disabled
+  if (!dbUser && requireLocalAccount) {
+    return authError(
+      done,
+      "Email does not yet exist. You must set up your local budibase account first."
+    )
+  }
+
+  // first time creation
+  if (!dbUser) {
+    // setup a blank user using the third party id
+    dbUser = {
+      _id: userId,
+      email: details.email,
+      roles: {},
+      tenantId: context.getTenantId(),
+    }
+  }
+
+  let ssoUser = await syncUser(dbUser, details)
+  // never prompt for password reset
+  ssoUser.forceResetPassword = false
+
+  try {
+    // don't try to re-save any existing password
+    delete ssoUser.password
+    // create or sync the user
+    ssoUser = (await saveUserFn(ssoUser, {
+      hashPassword: false,
+      requirePassword: false,
+    })) as SSOUser
+  } catch (err: any) {
+    return authError(done, "Error saving user", err)
+  }
+
+  return done(null, ssoUser)
+}
+
+async function getProfilePictureUrl(user: User, details: SSOAuthDetails) {
+  const pictureUrl = details.profile?._json.picture
+  if (pictureUrl) {
+    const response = await fetch(pictureUrl)
+    if (response.status === 200) {
+      const type = response.headers.get("content-type") as string
+      if (type.startsWith("image/")) {
+        return pictureUrl
+      }
+    }
+  }
+}
+
+/**
+ * @returns a user that has been sync'd with third party information
+ */
+async function syncUser(user: User, details: SSOAuthDetails): Promise<SSOUser> {
+  let firstName
+  let lastName
+  let pictureUrl
+  let oauth2
+  let thirdPartyProfile
+
+  if (details.profile) {
+    const profile = details.profile
+
+    if (profile.name) {
+      const name = profile.name
+      // first name
+      if (name.givenName) {
+        firstName = name.givenName
+      }
+      // last name
+      if (name.familyName) {
+        lastName = name.familyName
+      }
+    }
+
+    pictureUrl = await getProfilePictureUrl(user, details)
+
+    thirdPartyProfile = {
+      ...profile._json,
+    }
+  }
+
+  // oauth tokens for future use
+  if (details.oauth2) {
+    oauth2 = {
+      ...details.oauth2,
+    }
+  }
+
+  return {
+    ...user,
+    provider: details.provider,
+    providerType: details.providerType,
+    firstName,
+    lastName,
+    thirdPartyProfile,
+    pictureUrl,
+    oauth2,
+  }
+}
diff --git a/packages/backend-core/src/middleware/passport/sso/tests/google.spec.ts b/packages/backend-core/src/middleware/passport/sso/tests/google.spec.ts
new file mode 100644
index 0000000000..d0689a1f0a
--- /dev/null
+++ b/packages/backend-core/src/middleware/passport/sso/tests/google.spec.ts
@@ -0,0 +1,67 @@
+import { generator, structures } from "../../../../../tests"
+import { SSOProviderType } from "@budibase/types"
+
+jest.mock("passport-google-oauth")
+const mockStrategy = require("passport-google-oauth").OAuth2Strategy
+
+jest.mock("../sso")
+import * as _sso from "../sso"
+const sso = jest.mocked(_sso)
+
+const mockSaveUserFn = jest.fn()
+const mockDone = jest.fn()
+
+import * as google from "../google"
+
+describe("google", () => {
+  describe("strategyFactory", () => {
+    const googleConfig = structures.sso.googleConfig()
+    const callbackUrl = generator.url()
+
+    it("should create successfully create a google strategy", async () => {
+      await google.strategyFactory(googleConfig, callbackUrl, mockSaveUserFn)
+
+      const expectedOptions = {
+        clientID: googleConfig.clientID,
+        clientSecret: googleConfig.clientSecret,
+        callbackURL: callbackUrl,
+      }
+
+      expect(mockStrategy).toHaveBeenCalledWith(
+        expectedOptions,
+        expect.anything()
+      )
+    })
+  })
+
+  describe("authenticate", () => {
+    const details = structures.sso.authDetails()
+    details.provider = "google"
+    details.providerType = SSOProviderType.GOOGLE
+
+    const profile = details.profile!
+    profile.provider = "google"
+
+    beforeEach(() => {
+      jest.clearAllMocks()
+    })
+
+    it("delegates authentication to third party common", async () => {
+      const authenticate = await google.buildVerifyFn(mockSaveUserFn)
+
+      await authenticate(
+        details.oauth2.accessToken,
+        details.oauth2.refreshToken!,
+        profile,
+        mockDone
+      )
+
+      expect(sso.authenticate).toHaveBeenCalledWith(
+        details,
+        true,
+        mockDone,
+        mockSaveUserFn
+      )
+    })
+  })
+})
diff --git a/packages/backend-core/src/middleware/passport/sso/tests/oidc.spec.ts b/packages/backend-core/src/middleware/passport/sso/tests/oidc.spec.ts
new file mode 100644
index 0000000000..a705739bd6
--- /dev/null
+++ b/packages/backend-core/src/middleware/passport/sso/tests/oidc.spec.ts
@@ -0,0 +1,152 @@
+import { generator, mocks, structures } from "../../../../../tests"
+import {
+  JwtClaims,
+  OIDCInnerConfig,
+  SSOAuthDetails,
+  SSOProviderType,
+} from "@budibase/types"
+import * as _sso from "../sso"
+import * as oidc from "../oidc"
+
+jest.mock("@techpass/passport-openidconnect")
+const mockStrategy = require("@techpass/passport-openidconnect").Strategy
+
+jest.mock("../sso")
+const sso = jest.mocked(_sso)
+
+const mockSaveUser = jest.fn()
+const mockDone = jest.fn()
+
+describe("oidc", () => {
+  const callbackUrl = generator.url()
+  const oidcConfig: OIDCInnerConfig = structures.sso.oidcConfig()
+  const wellKnownConfig = structures.sso.oidcWellKnownConfig()
+
+  function mockRetrieveWellKnownConfig() {
+    // mock the request to retrieve the oidc configuration
+    mocks.fetch.mockReturnValue({
+      ok: true,
+      json: () => wellKnownConfig,
+    })
+  }
+
+  beforeEach(() => {
+    mockRetrieveWellKnownConfig()
+  })
+
+  describe("strategyFactory", () => {
+    it("should create successfully create an oidc strategy", async () => {
+      const strategyConfiguration = await oidc.fetchStrategyConfig(
+        oidcConfig,
+        callbackUrl
+      )
+      await oidc.strategyFactory(strategyConfiguration, mockSaveUser)
+
+      expect(mocks.fetch).toHaveBeenCalledWith(oidcConfig.configUrl)
+
+      const expectedOptions = {
+        issuer: wellKnownConfig.issuer,
+        authorizationURL: wellKnownConfig.authorization_endpoint,
+        tokenURL: wellKnownConfig.token_endpoint,
+        userInfoURL: wellKnownConfig.userinfo_endpoint,
+        clientID: oidcConfig.clientID,
+        clientSecret: oidcConfig.clientSecret,
+        callbackURL: callbackUrl,
+      }
+      expect(mockStrategy).toHaveBeenCalledWith(
+        expectedOptions,
+        expect.anything()
+      )
+    })
+  })
+
+  describe("authenticate", () => {
+    const details: SSOAuthDetails = structures.sso.authDetails()
+    details.providerType = SSOProviderType.OIDC
+    const profile = details.profile!
+    const issuer = profile.provider
+
+    const sub = generator.string()
+    const idToken = generator.string()
+    const params = {}
+
+    let authenticateFn: any
+    let jwtClaims: JwtClaims
+
+    beforeEach(async () => {
+      jest.clearAllMocks()
+      authenticateFn = await oidc.buildVerifyFn(mockSaveUser)
+    })
+
+    async function authenticate() {
+      await authenticateFn(
+        issuer,
+        sub,
+        profile,
+        jwtClaims,
+        details.oauth2.accessToken,
+        details.oauth2.refreshToken,
+        idToken,
+        params,
+        mockDone
+      )
+    }
+
+    it("passes auth details to sso module", async () => {
+      await authenticate()
+
+      expect(sso.authenticate).toHaveBeenCalledWith(
+        details,
+        false,
+        mockDone,
+        mockSaveUser
+      )
+    })
+
+    it("uses JWT email to get email", async () => {
+      delete profile._json.email
+
+      jwtClaims = {
+        email: details.email,
+      }
+
+      await authenticate()
+
+      expect(sso.authenticate).toHaveBeenCalledWith(
+        details,
+        false,
+        mockDone,
+        mockSaveUser
+      )
+    })
+
+    it("uses JWT username to get email", async () => {
+      delete profile._json.email
+
+      jwtClaims = {
+        email: details.email,
+      }
+
+      await authenticate()
+
+      expect(sso.authenticate).toHaveBeenCalledWith(
+        details,
+        false,
+        mockDone,
+        mockSaveUser
+      )
+    })
+
+    it("uses JWT invalid username to get email", async () => {
+      delete profile._json.email
+
+      jwtClaims = {
+        preferred_username: "invalidUsername",
+      }
+
+      await expect(authenticate()).rejects.toThrow(
+        "Could not determine user email from profile"
+      )
+    })
+  })
+})
diff --git a/packages/backend-core/src/middleware/passport/sso/tests/sso.spec.ts b/packages/backend-core/src/middleware/passport/sso/tests/sso.spec.ts
new file mode 100644
index 0000000000..ae42fc01ea
--- /dev/null
+++ b/packages/backend-core/src/middleware/passport/sso/tests/sso.spec.ts
@@ -0,0 +1,196 @@
+import { structures, testEnv, mocks } from "../../../../../tests"
+import { SSOAuthDetails, User } from "@budibase/types"
+
+import { HTTPError } from "../../../../errors"
+import * as sso from "../sso"
+import * as context from "../../../../context"
+
+const mockDone = jest.fn()
+const mockSaveUser = jest.fn()
+
+jest.mock("../../../../users")
+import * as _users from "../../../../users"
+const users = jest.mocked(_users)
+
+const getErrorMessage = () => {
+  return mockDone.mock.calls[0][2].message
+}
+
+describe("sso", () => {
+  describe("authenticate", () => {
+    beforeEach(() => {
+      jest.clearAllMocks()
+      testEnv.singleTenant()
+    })
+
+    describe("validation", () => {
+      const testValidation = async (
+        details: SSOAuthDetails,
+        message: string
+      ) => {
+        await sso.authenticate(details, false, mockDone, mockSaveUser)
+
+        expect(mockDone.mock.calls.length).toBe(1)
+        expect(getErrorMessage()).toContain(message)
+      }
+
+      it("user id fails", async () => {
+        const details = structures.sso.authDetails()
+        details.userId = undefined!
+
+        await testValidation(details, "sso user id required")
+      })
+
+      it("email fails", async () => {
+        const details = structures.sso.authDetails()
+        details.email = undefined!
+
+        await testValidation(details, "sso user email required")
+      })
+    })
+
+    function mockGetProfilePicture() {
+      mocks.fetch.mockReturnValueOnce(
+        Promise.resolve({
+          status: 200,
+          headers: { get: () => "image/" },
+        })
+      )
+    }
+
+    describe("when the user doesn't exist", () => {
+      let user: User
+      let details: SSOAuthDetails
+
+      beforeEach(() => {
+        users.getById.mockImplementationOnce(() => {
+          throw new HTTPError("", 404)
+        })
+        mockGetProfilePicture()
+
+        user = structures.users.user()
+        delete user._rev
+        delete user._id
+
+        details = structures.sso.authDetails(user)
+        details.userId = structures.uuid()
+      })
+
+      describe("when a local account is required", () => {
+        it("returns an error message", async () => {
+          const details = structures.sso.authDetails()
+
+          await sso.authenticate(details, true, mockDone, mockSaveUser)
+
+          expect(mockDone.mock.calls.length).toBe(1)
+          expect(getErrorMessage()).toContain(
+            "Email does not yet exist. You must set up your local budibase account first."
+          )
+        })
+      })
+
+      describe("when a local account isn't required", () => {
+        it("creates and authenticates the user", async () => {
+          const ssoUser = structures.users.ssoUser({ user, details })
+          mockSaveUser.mockReturnValueOnce(ssoUser)
+
+          await sso.authenticate(details, false, mockDone, mockSaveUser)
+
+          // default roles for new user
+          ssoUser.roles = {}
+
+          // modified external id to match user format
+          ssoUser._id = "us_" + details.userId
+
+          // new sso user won't have a password
+          delete ssoUser.password
+
+          // new user isn't saved with rev
+          delete ssoUser._rev
+
+          // tenant id added
+          ssoUser.tenantId = context.getTenantId()
+
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false,
+          })
+          expect(mockDone).toBeCalledWith(null, ssoUser)
+        })
+      })
+    })
+
+    describe("when the user exists", () => {
+      let existingUser: User
+      let details: SSOAuthDetails
+
+      beforeEach(() => {
+        existingUser = structures.users.user()
+        existingUser._id = structures.uuid()
+        details = structures.sso.authDetails(existingUser)
+        mockGetProfilePicture()
+      })
+
+      describe("exists by email", () => {
+        beforeEach(() => {
+          users.getById.mockImplementationOnce(() => {
+            throw new HTTPError("", 404)
+          })
+          users.getGlobalUserByEmail.mockReturnValueOnce(
+            Promise.resolve(existingUser)
+          )
+        })
+
+        it("syncs and authenticates the user", async () => {
+          const ssoUser = structures.users.ssoUser({
+            user: existingUser,
+            details,
+          })
+          mockSaveUser.mockReturnValueOnce(ssoUser)
+
+          await sso.authenticate(details, true, mockDone, mockSaveUser)
+
+          // roles preserved
+          ssoUser.roles = existingUser.roles
+
+          // existing id preserved
+          ssoUser._id = existingUser._id
+
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false,
+          })
+          expect(mockDone).toBeCalledWith(null, ssoUser)
+        })
+      })
+
+      describe("exists by id", () => {
+        beforeEach(() => {
+          users.getById.mockReturnValueOnce(Promise.resolve(existingUser))
+        })
+
+        it("syncs and authenticates the user", async () => {
+          const ssoUser = structures.users.ssoUser({
+            user: existingUser,
+            details,
+          })
+          mockSaveUser.mockReturnValueOnce(ssoUser)
+
+          await sso.authenticate(details, true, mockDone, mockSaveUser)
+
+          // roles preserved
+          ssoUser.roles = existingUser.roles
+
+          // existing id preserved
+          ssoUser._id = existingUser._id
+
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false,
+          })
+          expect(mockDone).toBeCalledWith(null, ssoUser)
+        })
+      })
+    })
+  })
+})
diff --git a/packages/backend-core/src/middleware/passport/tests/google.spec.js b/packages/backend-core/src/middleware/passport/tests/google.spec.js
deleted file mode 100644
index c5580ea309..0000000000
--- a/packages/backend-core/src/middleware/passport/tests/google.spec.js
+++ /dev/null
@@ -1,79 +0,0 @@
-// Mock data
-
-const { data } = require("./utilities/mock-data")
-
-const TENANT_ID = "default"
-
-const googleConfig = {
-  clientID: data.clientID,
-  clientSecret: data.clientSecret,
-}
-
-const profile = {
-  id: "mockId",
-  _json: {
-    email : data.email
-  },
-  provider: "google"
-}
-
-const user = data.buildThirdPartyUser("google", "google", profile)
-
-describe("google", () => {
-  describe("strategyFactory", () => {  
-    // mock passport strategy factory
-    jest.mock("passport-google-oauth")
-    const mockStrategy = require("passport-google-oauth").OAuth2Strategy
-  
-    it("should create successfully create a google strategy", async () => {
-      const google = require("../google")
-
-      const callbackUrl = `/api/global/auth/${TENANT_ID}/google/callback`
-      await google.strategyFactory(googleConfig, callbackUrl)
-  
-      const expectedOptions = {
-        clientID: googleConfig.clientID,
-        clientSecret: googleConfig.clientSecret,
-        callbackURL: callbackUrl,
-      }
-
-      expect(mockStrategy).toHaveBeenCalledWith(
-        expectedOptions,
-        expect.anything()
-      )
-    })
-  })
-  
-  describe("authenticate", () => {    
-    afterEach(() => {
-      jest.clearAllMocks();
-    });
-
-    // mock third party common authentication
-    jest.mock("../third-party-common")
-    const authenticateThirdParty = require("../third-party-common").authenticateThirdParty
-
-    // mock the passport callback
-    const mockDone = jest.fn()
-
-    it("delegates authentication to third party common", async () => {
-      const google = require("../google")
-      const mockSaveUserFn = jest.fn()
-      const authenticate = await google.buildVerifyFn(mockSaveUserFn)
-
-      await authenticate(
-        data.accessToken,
-        data.refreshToken,
-        profile,
-        mockDone
-      )
-
-      expect(authenticateThirdParty).toHaveBeenCalledWith(
-        user,
-        true, 
-        mockDone,
-        mockSaveUserFn)
-    })
-  })
-})
-
diff --git a/packages/backend-core/src/middleware/passport/tests/oidc.spec.js b/packages/backend-core/src/middleware/passport/tests/oidc.spec.js
deleted file mode 100644
index 4c8aa94ddf..0000000000
--- a/packages/backend-core/src/middleware/passport/tests/oidc.spec.js
+++ /dev/null
@@ -1,144 +0,0 @@
-// Mock data
-const mockFetch = require("node-fetch")
-const { data } = require("./utilities/mock-data")
-const issuer = "mockIssuer"
-const sub = "mockSub"
-const profile = {
-  id: "mockId",
-  _json: {
-    email : data.email
-  }
-}
-let jwtClaims = {}  
-const idToken = "mockIdToken"
-const params = {}
-
-const callbackUrl = "http://somecallbackurl"
-
-// response from .well-known/openid-configuration
-const oidcConfigUrlResponse = {
-  issuer: issuer,
-  authorization_endpoint: "mockAuthorizationEndpoint",
-  token_endpoint: "mockTokenEndpoint",
-  userinfo_endpoint: "mockUserInfoEndpoint"
-}
-
-const oidcConfig = {
-  configUrl: "http://someconfigurl",
-  clientID: data.clientID,
-  clientSecret: data.clientSecret,
-}
-
-const user = data.buildThirdPartyUser(issuer, "oidc", profile)
-
-describe("oidc", () => {
-  describe("strategyFactory", () => {  
-    // mock passport strategy factory
-    jest.mock("@techpass/passport-openidconnect")
-    const mockStrategy = require("@techpass/passport-openidconnect").Strategy
-    
-    // mock the request to retrieve the oidc configuration
-    mockFetch.mockReturnValue({
-      ok: true,
-      json: () => oidcConfigUrlResponse
-    })
-  
-    it("should create successfully create an oidc strategy", async () => {
-      const oidc = require("../oidc")
-      const enrichedConfig = await oidc.fetchStrategyConfig(oidcConfig, callbackUrl)
-      await oidc.strategyFactory(enrichedConfig, callbackUrl)
-  
-      expect(mockFetch).toHaveBeenCalledWith(oidcConfig.configUrl)
-
-      const expectedOptions = {
-        issuer: oidcConfigUrlResponse.issuer,
-        authorizationURL: oidcConfigUrlResponse.authorization_endpoint,
-        tokenURL: oidcConfigUrlResponse.token_endpoint,
-        userInfoURL: oidcConfigUrlResponse.userinfo_endpoint,
-        clientID: oidcConfig.clientID,
-        clientSecret: oidcConfig.clientSecret,
-        callbackURL: callbackUrl,
-      }
-      expect(mockStrategy).toHaveBeenCalledWith(
-        expectedOptions,
-        expect.anything()
-      )
-    })
-  })
-  
-  describe("authenticate", () => {    
-    afterEach(() => {
-      jest.clearAllMocks()
-    });
-
-    // mock third party common authentication
-    jest.mock("../third-party-common")
-    const authenticateThirdParty = require("../third-party-common").authenticateThirdParty
-    
-    // mock the passport callback
-    const mockDone = jest.fn()
-    const mockSaveUserFn = jest.fn()
-
-    async function doAuthenticate() {
-      const oidc = require("../oidc")
-      const authenticate = await oidc.buildVerifyFn(mockSaveUserFn)
-
-      await authenticate(
-        issuer,
-        sub,
-        profile,
-        jwtClaims,
-        data.accessToken,
-        data.refreshToken,
-        idToken,
-        params,
-        mockDone
-      )
-    }
-
-    async function doTest() {
-      await doAuthenticate()
-
-      expect(authenticateThirdParty).toHaveBeenCalledWith(
-        user,
-        false, 
-        mockDone,
-        mockSaveUserFn,
-      )
-    }
-
-    it("delegates authentication to third party common", async () => {
-      await doTest()
-    })
-
-    it("uses JWT email to get email", async () => {
-      delete profile._json.email
-      jwtClaims = {
-        email : "mock@budibase.com"
-      }
-
-      await doTest()
-    })
-  
-    it("uses JWT username to get email", async () => {
-      delete profile._json.email
-      jwtClaims = {
-        preferred_username : "mock@budibase.com"
-      }
-
-      await doTest()
-    })
-
-    it("uses JWT invalid username to get email", async () => {
-      delete profile._json.email
-
-      jwtClaims = {
-        preferred_username : "invalidUsername"
-      }
-
-      await expect(doAuthenticate()).rejects.toThrow("Could not determine user email from profile");
-    })
-  
-  })
-})
-
diff --git a/packages/backend-core/src/middleware/passport/tests/third-party-common.seq.spec.js b/packages/backend-core/src/middleware/passport/tests/third-party-common.seq.spec.js
deleted file mode 100644
index d377d602f1..0000000000
--- a/packages/backend-core/src/middleware/passport/tests/third-party-common.seq.spec.js
+++ /dev/null
@@ -1,178 +0,0 @@
-require("../../../../tests")
-const { authenticateThirdParty } = require("../third-party-common")
-const { data } = require("./utilities/mock-data")
-const { DEFAULT_TENANT_ID } = require("../../../constants")
-
-const { generateGlobalUserID } = require("../../../db/utils")
-const { newid } = require("../../../utils")
-const { doWithGlobalDB, doInTenant } = require("../../../tenancy")
-
-const done = jest.fn()
-
-const getErrorMessage = () => {
-  return done.mock.calls[0][2].message
-}
-
-const saveUser = async (user) => {
-  return doWithGlobalDB(DEFAULT_TENANT_ID, async db => {
-    return await db.put(user)
-  })
-}
-
-function authenticate(user, requireLocal, saveFn) {
-  return doInTenant(DEFAULT_TENANT_ID, () => {
-    return authenticateThirdParty(user, requireLocal, done, saveFn)
-  })
-}
-
-describe("third party common", () => {
-  describe("authenticateThirdParty", () => {
-    let thirdPartyUser
-
-    beforeEach(() => {
-      thirdPartyUser = data.buildThirdPartyUser()
-    })
-
-    afterEach(async () => {
-      return doWithGlobalDB(DEFAULT_TENANT_ID, async db => {
-        jest.clearAllMocks()
-        await db.destroy()
-      })
-    })
-
-    describe("validation", () => {
-      const testValidation = async (message) => {
-        await authenticate(thirdPartyUser, false, saveUser)
-        expect(done.mock.calls.length).toBe(1)
-        expect(getErrorMessage()).toContain(message)
-      }
-
-      it("provider fails", async () => {
-        delete thirdPartyUser.provider
-        await testValidation("third party user provider required")
-      })
-
-      it("user id fails", async () => {
-        delete thirdPartyUser.userId
-        await testValidation("third party user id required")
-      })
-
-      it("email fails", async () => {
-        delete thirdPartyUser.email
-        await testValidation("third party user email required")
-      })
-    })
-
-    const expectUserIsAuthenticated = () => {
-      const user = done.mock.calls[0][1]
-      expect(user).toBeDefined()
-      expect(user._id).toBeDefined()
-      expect(user._rev).toBeDefined()
-      expect(user.token).toBeDefined()
-      return user
-    }
-
-    const expectUserIsSynced = (user, thirdPartyUser) => {
-      expect(user.provider).toBe(thirdPartyUser.provider)
-      expect(user.firstName).toBe(thirdPartyUser.profile.name.givenName)
-      expect(user.lastName).toBe(thirdPartyUser.profile.name.familyName)
-      expect(user.thirdPartyProfile).toStrictEqual(thirdPartyUser.profile._json)
-      expect(user.oauth2).toStrictEqual(thirdPartyUser.oauth2)
-    }
-
-    describe("when the user doesn't exist", () => {
-      describe("when a local account is required", () => {
-        it("returns an error message", async () => {
-          await authenticate(thirdPartyUser, true, saveUser)
-          expect(done.mock.calls.length).toBe(1)
-          expect(getErrorMessage()).toContain("Email does not yet exist. You must set up your local budibase account first.")
-        })
-      })
-
-      describe("when a local account isn't required", () => {
-        it("creates and authenticates the user", async () => {
-          await authenticate(thirdPartyUser, false, saveUser)
-          const user = expectUserIsAuthenticated()
-          expectUserIsSynced(user, thirdPartyUser)
-          expect(user.roles).toStrictEqual({})
-        })
-      })
-    })
-
-    describe("when the user exists", () => {
-      let dbUser
-      let id
-      let email
-
-      const createUser = async () => {
-        return doWithGlobalDB(DEFAULT_TENANT_ID, async db => {
-          dbUser = {
-            _id: id,
-            email: email,
-          }
-          const response = await db.put(dbUser)
-          dbUser._rev = response.rev
-          return dbUser
-        })
-      }
-
-      const expectUserIsUpdated = (user) => {
-        // id is unchanged
-        expect(user._id).toBe(id)
-        // user is updated
-        expect(user._rev).not.toBe(dbUser._rev)
-      }
-
-      describe("exists by email", () => {
-        beforeEach(async () => {
-          id = generateGlobalUserID(newid()) // random id
-          email = thirdPartyUser.email //  matching email
-          await createUser()
-        })
-
-        it("syncs and authenticates the user", async () => {
-          await authenticate(thirdPartyUser, true, saveUser)
-
-          const user = expectUserIsAuthenticated()
-          expectUserIsSynced(user, thirdPartyUser)
-          expectUserIsUpdated(user)
-        })
-      })
-
-      describe("exists by email with different casing", () => {
-        beforeEach(async () => {
-          id = generateGlobalUserID(newid()) // random id
-          email = thirdPartyUser.email.toUpperCase() //  matching email except for casing
-          await createUser()
-        })
-
-        it("syncs and authenticates the user", async () => {
-          await authenticate(thirdPartyUser, true, saveUser)
-
-          const user = expectUserIsAuthenticated()
-          expectUserIsSynced(user, thirdPartyUser)
-          expectUserIsUpdated(user)
-          expect(user.email).toBe(thirdPartyUser.email.toUpperCase())
-        })
-      })
-
-
-      describe("exists by id", () => {
-        beforeEach(async () => {
-          id = generateGlobalUserID(thirdPartyUser.userId) // matching id
-          email = "test@test.com" // random email
-          await createUser()
-        })
-
-        it("syncs and authenticates the user", async () => {
-          await authenticate(thirdPartyUser, true, saveUser)
-
-          const user = expectUserIsAuthenticated()
-          expectUserIsSynced(user, thirdPartyUser)
-          expectUserIsUpdated(user)
-        })
-      })
-    })
-  })
-})
-
diff --git a/packages/backend-core/src/middleware/passport/tests/utilities/mock-data.js b/packages/backend-core/src/middleware/passport/tests/utilities/mock-data.js
deleted file mode 100644
index 00ae82e47e..0000000000
--- a/packages/backend-core/src/middleware/passport/tests/utilities/mock-data.js
+++ /dev/null
@@ -1,54 +0,0 @@
-// Mock Data
-
-const mockClientID = "mockClientID"
-const mockClientSecret = "mockClientSecret"
-
-const mockEmail = "mock@budibase.com"
-const mockAccessToken = "mockAccessToken"
-const mockRefreshToken = "mockRefreshToken"
-
-const mockProvider = "mockProvider"
-const mockProviderType = "mockProviderType"
-
-const mockProfile = {
-  id: "mockId",
-  name: {
-    givenName: "mockGivenName",
-    familyName: "mockFamilyName",
-  },
-  _json: {
-    email: mockEmail,
-  },
-}
-
-const buildOauth2 = (
-  accessToken = mockAccessToken,
-  refreshToken = mockRefreshToken
-) => ({
-  accessToken: accessToken,
-  refreshToken: refreshToken,
-})
-
-const buildThirdPartyUser = (
-  provider = mockProvider,
-  providerType = mockProviderType,
-  profile = mockProfile,
-  email = mockEmail,
-  oauth2 = buildOauth2()
-) => ({
-  provider: provider,
-  providerType: providerType,
-  userId: profile.id,
-  profile: profile,
-  email: email,
-  oauth2: oauth2,
-})
-
-exports.data = {
-  clientID: mockClientID,
-  clientSecret: mockClientSecret,
-  email: mockEmail,
-  accessToken: mockAccessToken,
-  refreshToken: mockRefreshToken,
-  buildThirdPartyUser,
-}
diff --git a/packages/backend-core/src/middleware/passport/third-party-common.ts b/packages/backend-core/src/middleware/passport/third-party-common.ts
deleted file mode 100644
index 9d7b93f370..0000000000
--- a/packages/backend-core/src/middleware/passport/third-party-common.ts
+++ /dev/null
@@ -1,177 +0,0 @@
-import env from "../../environment"
-import { generateGlobalUserID } from "../../db"
-import { authError } from "./utils"
-import { newid } from "../../utils"
-import { createASession } from "../../security/sessions"
-import * as users from "../../users"
-import { getGlobalDB, getTenantId } from "../../tenancy"
-import fetch from "node-fetch"
-import { ThirdPartyUser } from "@budibase/types"
-const jwt = require("jsonwebtoken")
-
-type SaveUserOpts = {
-  requirePassword?: boolean
-  hashPassword?: boolean
-  currentUserId?: string
-}
-
-export type SaveUserFunction = (
-  user: ThirdPartyUser,
-  opts: SaveUserOpts
-) => Promise<any>
-
-/**
- * Common authentication logic for third parties. e.g. OAuth, OIDC.
- */
-export async function authenticateThirdParty(
-  thirdPartyUser: ThirdPartyUser,
-  requireLocalAccount: boolean = true,
-  done: Function,
-  saveUserFn?: SaveUserFunction
-) {
-  if (!saveUserFn) {
-    throw new Error("Save user function must be provided")
-  }
-  if (!thirdPartyUser.provider) {
-    return authError(done, "third party user provider required")
-  }
-  if (!thirdPartyUser.userId) {
-    return authError(done, "third party user id required")
-  }
-  if (!thirdPartyUser.email) {
-    return authError(done, "third party user email required")
-  }
-
-  // use the third party id
-  const userId = generateGlobalUserID(thirdPartyUser.userId)
-  const db = getGlobalDB()
-
-  let dbUser
-
-  // try to load by id
-  try {
-    dbUser = await db.get(userId)
-  } catch (err: any) {
-    // abort when not 404 error
-    if (!err.status || err.status !== 404) {
-      return authError(
-        done,
-        "Unexpected error when retrieving existing user",
-        err
-      )
-    }
-  }
-
-  // fallback to loading by email
-  if (!dbUser) {
-    dbUser = await users.getGlobalUserByEmail(thirdPartyUser.email)
-  }
-
-  // exit early if there is still no user and auto creation is disabled
-  if (!dbUser && requireLocalAccount) {
-    return authError(
-      done,
-      "Email does not yet exist. You must set up your local budibase account first."
-    )
-  }
-
-  // first time creation
-  if (!dbUser) {
-    // setup a blank user using the third party id
-    dbUser = {
-      _id: userId,
-      email: thirdPartyUser.email,
-      roles: {},
-    }
-  }
-
-  dbUser = await syncUser(dbUser, thirdPartyUser)
-
-  // never prompt for password reset
-  dbUser.forceResetPassword = false
-
-  // create or sync the user
-  try {
-    await saveUserFn(dbUser, { hashPassword: false, requirePassword: false })
-  } catch (err: any) {
-    return authError(done, "Error saving user", err)
-  }
-
-  // now that we're sure user exists, load them from the db
-  dbUser = await db.get(dbUser._id)
-
-  // authenticate
-  const sessionId = newid()
-  const tenantId = getTenantId()
-  await createASession(dbUser._id, { sessionId, tenantId })
-
-  dbUser.token = jwt.sign(
-    {
-      userId: dbUser._id,
-      sessionId,
-    },
-    env.JWT_SECRET
-  )
-
-  return done(null, dbUser)
-}
-
-async function syncProfilePicture(
-  user: ThirdPartyUser,
-  thirdPartyUser: ThirdPartyUser
-) {
-  const pictureUrl = thirdPartyUser.profile?._json.picture
-  if (pictureUrl) {
-    const response = await fetch(pictureUrl)
-
-    if (response.status === 200) {
-      const type = response.headers.get("content-type") as string
-      if (type.startsWith("image/")) {
-        user.pictureUrl = pictureUrl
-      }
-    }
-  }
-
-  return user
-}
-
-/**
- * @returns a user that has been sync'd with third party information
- */
-async function syncUser(user: ThirdPartyUser, thirdPartyUser: ThirdPartyUser) {
-  // provider
-  user.provider = thirdPartyUser.provider
-  user.providerType = thirdPartyUser.providerType
-
-  if (thirdPartyUser.profile) {
-    const profile = thirdPartyUser.profile
-
-    if (profile.name) {
-      const name = profile.name
-      // first name
-      if (name.givenName) {
-        user.firstName = name.givenName
-      }
-      // last name
-      if (name.familyName) {
-        user.lastName = name.familyName
-      }
-    }
-
-    user = await syncProfilePicture(user, thirdPartyUser)
-
-    // profile
-    user.thirdPartyProfile = {
-      ...profile._json,
-    }
-  }
-
-  // oauth tokens for future use
-  if (thirdPartyUser.oauth2) {
-    user.oauth2 = {
-      ...thirdPartyUser.oauth2,
-    }
-  }
-
-  return user
-}
diff --git a/packages/backend-core/src/middleware/passport/utils.ts b/packages/backend-core/src/middleware/passport/utils.ts
index 3d79aada28..7e0d3863a0 100644
--- a/packages/backend-core/src/middleware/passport/utils.ts
+++ b/packages/backend-core/src/middleware/passport/utils.ts
@@ -1,6 +1,6 @@
-import { isMultiTenant, getTenantId } from "../../tenancy"
-import { getScopedConfig } from "../../db"
-import { ConfigType, Database, Config } from "@budibase/types"
+import { getTenantId, isMultiTenant } from "../../context"
+import * as configs from "../../configs"
+import { ConfigType, GoogleInnerConfig } from "@budibase/types"
 
 /**
  * Utility to handle authentication errors.
@@ -19,17 +19,14 @@ export function authError(done: Function, message: string, err?: any) {
 }
 
 export async function ssoCallbackUrl(
-  db: Database,
-  config?: { callbackURL?: string },
-  type?: ConfigType
+  type: ConfigType,
+  config?: GoogleInnerConfig
 ) {
   // incase there is a callback URL from before
-  if (config && config.callbackURL) {
-    return config.callbackURL
+  if (config && (config as GoogleInnerConfig).callbackURL) {
+    return (config as GoogleInnerConfig).callbackURL as string
   }
-  const publicConfig = await getScopedConfig(db, {
-    type: ConfigType.SETTINGS,
-  })
+  const settingsConfig = await configs.getSettingsConfig()
 
   let callbackUrl = `/api/global/auth`
   if (isMultiTenant()) {
@@ -37,5 +34,5 @@ export async function ssoCallbackUrl(
   }
   callbackUrl += `/${type}/callback`
 
-  return `${publicConfig.platformUrl}${callbackUrl}`
+  return `${settingsConfig.platformUrl}${callbackUrl}`
 }
diff --git a/packages/backend-core/src/middleware/querystringToBody.ts b/packages/backend-core/src/middleware/querystringToBody.ts
new file mode 100644
index 0000000000..b6f109231a
--- /dev/null
+++ b/packages/backend-core/src/middleware/querystringToBody.ts
@@ -0,0 +1,28 @@
+import { Ctx } from "@budibase/types"
+
+/**
+ * Expects a standard "query" query string property which is the JSON body
+ * of the request, which has to be sent via query string due to the requirement
+ * of making an endpoint a GET request e.g. downloading a file stream.
+ */
+export default function (ctx: Ctx, next: any) {
+  const queryString = ctx.request.query?.query as string | undefined
+  if (ctx.request.method.toLowerCase() !== "get") {
+    ctx.throw(
+      500,
+      "Query to download middleware can only be used for get requests."
+    )
+  }
+  if (!queryString) {
+    return next()
+  }
+  const decoded = decodeURIComponent(queryString)
+  let json
+  try {
+    json = JSON.parse(decoded)
+  } catch (err) {
+    return next()
+  }
+  ctx.request.body = json
+  return next()
+}
diff --git a/packages/backend-core/src/middleware/tenancy.ts b/packages/backend-core/src/middleware/tenancy.ts
index a09c463045..22b7cc213d 100644
--- a/packages/backend-core/src/middleware/tenancy.ts
+++ b/packages/backend-core/src/middleware/tenancy.ts
@@ -1,4 +1,5 @@
-import { doInTenant, getTenantIDFromCtx } from "../tenancy"
+import { doInTenant } from "../context"
+import { getTenantIDFromCtx } from "../tenancy"
 import { buildMatcherRegex, matches } from "./matchers"
 import { Header } from "../constants"
 import {
diff --git a/packages/backend-core/src/migrations/migrations.ts b/packages/backend-core/src/migrations/migrations.ts
index 55b8ab1938..ab72091d56 100644
--- a/packages/backend-core/src/migrations/migrations.ts
+++ b/packages/backend-core/src/migrations/migrations.ts
@@ -4,10 +4,10 @@ import {
   StaticDatabases,
   getAllApps,
   getGlobalDBName,
-  doWithDB,
+  getDB,
 } from "../db"
 import environment from "../environment"
-import { doInTenant, getTenantIds, getTenantId } from "../tenancy"
+import * as platform from "../platform"
 import * as context from "../context"
 import { DEFINITIONS } from "."
 import {
@@ -47,7 +47,7 @@ export const runMigration = async (
   const migrationType = migration.type
   let tenantId: string | undefined
   if (migrationType !== MigrationType.INSTALLATION) {
-    tenantId = getTenantId()
+    tenantId = context.getTenantId()
   }
   const migrationName = migration.name
   const silent = migration.silent
@@ -86,66 +86,66 @@ export const runMigration = async (
     count++
     const lengthStatement = length > 1 ? `[${count}/${length}]` : ""
 
-    await doWithDB(dbName, async (db: any) => {
-      try {
-        const doc = await getMigrationsDoc(db)
+    const db = getDB(dbName)
 
-        // the migration has already been run
-        if (doc[migrationName]) {
-          // check for force
-          if (
-            options.force &&
-            options.force[migrationType] &&
-            options.force[migrationType].includes(migrationName)
-          ) {
-            log(
-              `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Forcing`
-            )
-          } else {
-            // no force, exit
-            return
-          }
-        }
+    try {
+      const doc = await getMigrationsDoc(db)
 
-        // check if the migration is not a no-op
-        if (!options.noOp) {
+      // the migration has already been run
+      if (doc[migrationName]) {
+        // check for force
+        if (
+          options.force &&
+          options.force[migrationType] &&
+          options.force[migrationType].includes(migrationName)
+        ) {
           log(
-            `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Running ${lengthStatement}`
-          )
-
-          if (migration.preventRetry) {
-            // eagerly set the completion date
-            // so that we never run this migration twice even upon failure
-            doc[migrationName] = Date.now()
-            const response = await db.put(doc)
-            doc._rev = response.rev
-          }
-
-          // run the migration
-          if (migrationType === MigrationType.APP) {
-            await context.doInAppContext(db.name, async () => {
-              await migration.fn(db)
-            })
-          } else {
-            await migration.fn(db)
-          }
-
-          log(
-            `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Complete`
+            `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Forcing`
           )
+        } else {
+          // no force, exit
+          return
         }
-
-        // mark as complete
-        doc[migrationName] = Date.now()
-        await db.put(doc)
-      } catch (err) {
-        console.error(
-          `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Error: `,
-          err
-        )
-        throw err
       }
-    })
+
+      // check if the migration is not a no-op
+      if (!options.noOp) {
+        log(
+          `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Running ${lengthStatement}`
+        )
+
+        if (migration.preventRetry) {
+          // eagerly set the completion date
+          // so that we never run this migration twice even upon failure
+          doc[migrationName] = Date.now()
+          const response = await db.put(doc)
+          doc._rev = response.rev
+        }
+
+        // run the migration
+        if (migrationType === MigrationType.APP) {
+          await context.doInAppContext(db.name, async () => {
+            await migration.fn(db)
+          })
+        } else {
+          await migration.fn(db)
+        }
+
+        log(
+          `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Complete`
+        )
+      }
+
+      // mark as complete
+      doc[migrationName] = Date.now()
+      await db.put(doc)
+    } catch (err) {
+      console.error(
+        `[Tenant: ${tenantId}] [Migration: ${migrationName}] [DB: ${dbName}] Error: `,
+        err
+      )
+      throw err
+    }
   }
 }
 
@@ -160,7 +160,7 @@ export const runMigrations = async (
       tenantIds = [options.noOp.tenantId]
     } else if (!options.tenantIds || !options.tenantIds.length) {
       // run for all tenants
-      tenantIds = await getTenantIds()
+      tenantIds = await platform.tenants.getTenantIds()
     } else {
       tenantIds = options.tenantIds
     }
@@ -185,7 +185,10 @@ export const runMigrations = async (
     // for all migrations
     for (const migration of migrations) {
       // run the migration
-      await doInTenant(tenantId, () => runMigration(migration, options))
+      await context.doInTenant(
+        tenantId,
+        async () => await runMigration(migration, options)
+      )
     }
   }
   console.log("Migrations complete")
diff --git a/packages/backend-core/src/migrations/tests/__snapshots__/index.spec.js.snap b/packages/backend-core/src/migrations/tests/__snapshots__/migrations.spec.ts.snap
similarity index 100%
rename from packages/backend-core/src/migrations/tests/__snapshots__/index.spec.js.snap
rename to packages/backend-core/src/migrations/tests/__snapshots__/migrations.spec.ts.snap
diff --git a/packages/backend-core/src/migrations/tests/index.spec.js b/packages/backend-core/src/migrations/tests/index.spec.js
deleted file mode 100644
index c1915510c3..0000000000
--- a/packages/backend-core/src/migrations/tests/index.spec.js
+++ /dev/null
@@ -1,57 +0,0 @@
-require("../../../tests")
-const { runMigrations, getMigrationsDoc } = require("../index")
-const { getGlobalDBName, getDB } = require("../../db")
-
-const { structures, testEnv } = require("../../../tests")
-testEnv.multiTenant()
-
-let db
-
-describe("migrations", () => {
-
-  const migrationFunction = jest.fn()
-
-  const MIGRATIONS = [{
-    type: "global",
-    name: "test",
-    fn: migrationFunction
-  }]
-
-  let tenantId
-
-  beforeEach(() => {
-    tenantId = structures.tenant.id()
-    db = getDB(getGlobalDBName(tenantId))
-  })
-
-  afterEach(async () => {
-    jest.clearAllMocks()
-    await db.destroy()
-  })
-
-  const migrate = () => {
-    return runMigrations(MIGRATIONS, { tenantIds: [tenantId]})
-  }
-
-  it("should run a new migration", async () => {
-    await migrate()
-    expect(migrationFunction).toHaveBeenCalled()
-    const doc = await getMigrationsDoc(db)
-    expect(doc.test).toBeDefined()
-  })
-
-  it("should match snapshot", async () => {
-    await migrate()
-    const doc = await getMigrationsDoc(db)
-    expect(doc).toMatchSnapshot()
-  })
-
-  it("should skip a previously run migration", async () => {
-    await migrate()
-    const previousMigrationTime = await getMigrationsDoc(db).test
-    await migrate()
-    const currentMigrationTime = await getMigrationsDoc(db).test
-    expect(migrationFunction).toHaveBeenCalledTimes(1)
-    expect(currentMigrationTime).toBe(previousMigrationTime)
-  })
-})
\ No newline at end of file
diff --git a/packages/backend-core/src/migrations/tests/migrations.spec.ts b/packages/backend-core/src/migrations/tests/migrations.spec.ts
new file mode 100644
index 0000000000..c74ab816c1
--- /dev/null
+++ b/packages/backend-core/src/migrations/tests/migrations.spec.ts
@@ -0,0 +1,64 @@
+import { testEnv, DBTestConfiguration } from "../../../tests"
+import * as migrations from "../index"
+import * as context from "../../context"
+import { MigrationType } from "@budibase/types"
+
+testEnv.multiTenant()
+
+describe("migrations", () => {
+  const config = new DBTestConfiguration()
+
+  const migrationFunction = jest.fn()
+
+  const MIGRATIONS = [
+    {
+      type: MigrationType.GLOBAL,
+      name: "test" as any,
+      fn: migrationFunction,
+    },
+  ]
+
+  beforeEach(() => {
+    config.newTenant()
+  })
+
+  afterEach(async () => {
+    jest.clearAllMocks()
+  })
+
+  const migrate = () => {
+    return migrations.runMigrations(MIGRATIONS, {
+      tenantIds: [config.tenantId],
+    })
+  }
+
+  it("should run a new migration", async () => {
+    await config.doInTenant(async () => {
+      await migrate()
+      expect(migrationFunction).toHaveBeenCalled()
+      const db = context.getGlobalDB()
+      const doc = await migrations.getMigrationsDoc(db)
+      expect(doc.test).toBeDefined()
+    })
+  })
+
+  it("should match snapshot", async () => {
+    await config.doInTenant(async () => {
+      await migrate()
+      const doc = await migrations.getMigrationsDoc(context.getGlobalDB())
+      expect(doc).toMatchSnapshot()
+    })
+  })
+
+  it("should skip a previously run migration", async () => {
+    await config.doInTenant(async () => {
+      const db = context.getGlobalDB()
+      await migrate()
+      const previousDoc = await migrations.getMigrationsDoc(db)
+      await migrate()
+      const currentDoc = await migrations.getMigrationsDoc(db)
+      expect(migrationFunction).toHaveBeenCalledTimes(1)
+      expect(currentDoc.test).toBe(previousDoc.test)
+    })
+  })
+})
diff --git a/packages/backend-core/src/objectStore/buckets/global.ts b/packages/backend-core/src/objectStore/buckets/global.ts
index 8bf883b11e..69e201bb98 100644
--- a/packages/backend-core/src/objectStore/buckets/global.ts
+++ b/packages/backend-core/src/objectStore/buckets/global.ts
@@ -1,5 +1,5 @@
 import env from "../../environment"
-import * as tenancy from "../../tenancy"
+import * as context from "../../context"
 import * as objectStore from "../objectStore"
 import * as cloudfront from "../cloudfront"
 
@@ -22,7 +22,7 @@ export const getGlobalFileUrl = (type: string, name: string, etag?: string) => {
 export const getGlobalFileS3Key = (type: string, name: string) => {
   let file = `${type}/${name}`
   if (env.MULTI_TENANCY) {
-    const tenantId = tenancy.getTenantId()
+    const tenantId = context.getTenantId()
     file = `${tenantId}/${file}`
   }
   return file
diff --git a/packages/backend-core/src/objectStore/buckets/plugins.ts b/packages/backend-core/src/objectStore/buckets/plugins.ts
index cd3bf77e87..f7721afb23 100644
--- a/packages/backend-core/src/objectStore/buckets/plugins.ts
+++ b/packages/backend-core/src/objectStore/buckets/plugins.ts
@@ -1,6 +1,6 @@
 import env from "../../environment"
 import * as objectStore from "../objectStore"
-import * as tenancy from "../../tenancy"
+import * as context from "../../context"
 import * as cloudfront from "../cloudfront"
 import { Plugin } from "@budibase/types"
 
@@ -61,7 +61,7 @@ const getPluginS3Key = (plugin: Plugin, fileName: string) => {
 export const getPluginS3Dir = (pluginName: string) => {
   let s3Key = `${pluginName}`
   if (env.MULTI_TENANCY) {
-    const tenantId = tenancy.getTenantId()
+    const tenantId = context.getTenantId()
     s3Key = `${tenantId}/${s3Key}`
   }
   if (env.CLOUDFRONT_CDN) {
diff --git a/packages/backend-core/src/platform/index.ts b/packages/backend-core/src/platform/index.ts
new file mode 100644
index 0000000000..877d85ade0
--- /dev/null
+++ b/packages/backend-core/src/platform/index.ts
@@ -0,0 +1,3 @@
+export * as users from "./users"
+export * as tenants from "./tenants"
+export * from "./platformDb"
diff --git a/packages/backend-core/src/platform/platformDb.ts b/packages/backend-core/src/platform/platformDb.ts
new file mode 100644
index 0000000000..90b683dd33
--- /dev/null
+++ b/packages/backend-core/src/platform/platformDb.ts
@@ -0,0 +1,6 @@
+import { StaticDatabases } from "../constants"
+import { getDB } from "../db/db"
+
+export function getPlatformDB() {
+  return getDB(StaticDatabases.PLATFORM_INFO.name)
+}
diff --git a/packages/backend-core/src/platform/tenants.ts b/packages/backend-core/src/platform/tenants.ts
new file mode 100644
index 0000000000..b6bc3410d8
--- /dev/null
+++ b/packages/backend-core/src/platform/tenants.ts
@@ -0,0 +1,101 @@
+import { StaticDatabases } from "../constants"
+import { getPlatformDB } from "./platformDb"
+import { LockName, LockOptions, LockType, Tenants } from "@budibase/types"
+import * as locks from "../redis/redlockImpl"
+
+const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
+
+export const tenacyLockOptions: LockOptions = {
+  type: LockType.DEFAULT,
+  name: LockName.UPDATE_TENANTS_DOC,
+  ttl: 10 * 1000, // auto expire after 10 seconds
+  systemLock: true,
+}
+
+// READ
+
+export async function getTenantIds(): Promise<string[]> {
+  const tenants = await getTenants()
+  return tenants.tenantIds
+}
+
+async function getTenants(): Promise<Tenants> {
+  const db = getPlatformDB()
+  let tenants: Tenants
+
+  try {
+    tenants = await db.get(TENANT_DOC)
+  } catch (e: any) {
+    // doesn't exist yet - create
+    if (e.status === 404) {
+      tenants = await createTenantsDoc()
+    } else {
+      throw e
+    }
+  }
+
+  return tenants
+}
+
+export async function exists(tenantId: string) {
+  const tenants = await getTenants()
+  return tenants.tenantIds.indexOf(tenantId) !== -1
+}
+
+// CREATE / UPDATE
+
+function newTenantsDoc(): Tenants {
+  return {
+    _id: TENANT_DOC,
+    tenantIds: [],
+  }
+}
+
+async function createTenantsDoc(): Promise<Tenants> {
+  const db = getPlatformDB()
+  let tenants = newTenantsDoc()
+
+  try {
+    const response = await db.put(tenants)
+    tenants._rev = response.rev
+  } catch (e: any) {
+    // don't throw 409 is doc has already been created
+    if (e.status === 409) {
+      return db.get(TENANT_DOC)
+    }
+    throw e
+  }
+
+  return tenants
+}
+
+export async function addTenant(tenantId: string) {
+  const db = getPlatformDB()
+
+  // use a lock as tenant creation is conflict prone
+  await locks.doWithLock(tenacyLockOptions, async () => {
+    const tenants = await getTenants()
+
+    // write the new tenant if it doesn't already exist
+    if (tenants.tenantIds.indexOf(tenantId) === -1) {
+      tenants.tenantIds.push(tenantId)
+      await db.put(tenants)
+    }
+  })
+}
+
+// DELETE
+
+export async function removeTenant(tenantId: string) {
+  try {
+    await locks.doWithLock(tenacyLockOptions, async () => {
+      const db = getPlatformDB()
+      const tenants = await getTenants()
+      tenants.tenantIds = tenants.tenantIds.filter(id => id !== tenantId)
+      await db.put(tenants)
+    })
+  } catch (err) {
+    console.error(`Error removing tenant ${tenantId} from info db`, err)
+    throw err
+  }
+}
diff --git a/packages/backend-core/src/platform/tests/tenants.spec.ts b/packages/backend-core/src/platform/tests/tenants.spec.ts
new file mode 100644
index 0000000000..92e999cb2d
--- /dev/null
+++ b/packages/backend-core/src/platform/tests/tenants.spec.ts
@@ -0,0 +1,25 @@
+import { DBTestConfiguration, structures } from "../../../tests"
+import * as tenants from "../tenants"
+
+describe("tenants", () => {
+  const config = new DBTestConfiguration()
+
+  describe("addTenant", () => {
+    it("concurrently adds multiple tenants safely", async () => {
+      const tenant1 = structures.tenant.id()
+      const tenant2 = structures.tenant.id()
+      const tenant3 = structures.tenant.id()
+
+      await Promise.all([
+        tenants.addTenant(tenant1),
+        tenants.addTenant(tenant2),
+        tenants.addTenant(tenant3),
+      ])
+
+      const tenantIds = await tenants.getTenantIds()
+      expect(tenantIds.includes(tenant1)).toBe(true)
+      expect(tenantIds.includes(tenant2)).toBe(true)
+      expect(tenantIds.includes(tenant3)).toBe(true)
+    })
+  })
+})
diff --git a/packages/backend-core/src/platform/users.ts b/packages/backend-core/src/platform/users.ts
new file mode 100644
index 0000000000..c65a7e0ec4
--- /dev/null
+++ b/packages/backend-core/src/platform/users.ts
@@ -0,0 +1,90 @@
+import { getPlatformDB } from "./platformDb"
+import { DEFAULT_TENANT_ID } from "../constants"
+import env from "../environment"
+import {
+  PlatformUser,
+  PlatformUserByEmail,
+  PlatformUserById,
+  User,
+} from "@budibase/types"
+
+// READ
+
+export async function lookupTenantId(userId: string) {
+  if (!env.MULTI_TENANCY) {
+    return DEFAULT_TENANT_ID
+  }
+
+  const user = await getUserDoc(userId)
+  return user.tenantId
+}
+
+async function getUserDoc(emailOrId: string): Promise<PlatformUser> {
+  const db = getPlatformDB()
+  return db.get(emailOrId)
+}
+
+// CREATE
+
+function newUserIdDoc(id: string, tenantId: string): PlatformUserById {
+  return {
+    _id: id,
+    tenantId,
+  }
+}
+
+function newUserEmailDoc(
+  userId: string,
+  email: string,
+  tenantId: string
+): PlatformUserByEmail {
+  return {
+    _id: email,
+    userId,
+    tenantId,
+  }
+}
+
+/**
+ * Add a new user id or email doc if it doesn't exist.
+ */
+async function addUserDoc(emailOrId: string, newDocFn: () => PlatformUser) {
+  const db = getPlatformDB()
+  let user: PlatformUser
+
+  try {
+    await db.get(emailOrId)
+  } catch (e: any) {
+    if (e.status === 404) {
+      user = newDocFn()
+      await db.put(user)
+    } else {
+      throw e
+    }
+  }
+}
+
+export async function addUser(tenantId: string, userId: string, email: string) {
+  await Promise.all([
+    addUserDoc(userId, () => newUserIdDoc(userId, tenantId)),
+    addUserDoc(email, () => newUserEmailDoc(userId, email, tenantId)),
+  ])
+}
+
+// DELETE
+
+export async function removeUser(user: User) {
+  const db = getPlatformDB()
+  const keys = [user._id!, user.email]
+  const userDocs = await db.allDocs({
+    keys,
+    include_docs: true,
+  })
+  const toDelete = userDocs.rows.map((row: any) => {
+    return {
+      ...row.doc,
+      _deleted: true,
+    }
+  })
+  await db.bulkDocs(toDelete)
+}
diff --git a/packages/backend-core/src/queue/constants.ts b/packages/backend-core/src/queue/constants.ts
index e8323dacb8..9261ed1176 100644
--- a/packages/backend-core/src/queue/constants.ts
+++ b/packages/backend-core/src/queue/constants.ts
@@ -1,4 +1,5 @@
 export enum JobQueue {
   AUTOMATION = "automationQueue",
   APP_BACKUP = "appBackupQueue",
+  AUDIT_LOG = "auditLogQueue",
 }
diff --git a/packages/backend-core/src/queue/queue.ts b/packages/backend-core/src/queue/queue.ts
index b34d46e463..c57ebafb1f 100644
--- a/packages/backend-core/src/queue/queue.ts
+++ b/packages/backend-core/src/queue/queue.ts
@@ -4,7 +4,6 @@ import { JobQueue } from "./constants"
 import InMemoryQueue from "./inMemoryQueue"
 import BullQueue from "bull"
 import { addListeners, StalledFn } from "./listeners"
-const { opts: redisOpts, redisProtocolUrl } = getRedisOptions()
 
 const CLEANUP_PERIOD_MS = 60 * 1000
 let QUEUES: BullQueue.Queue[] | InMemoryQueue[] = []
@@ -20,6 +19,7 @@ export function createQueue<T>(
   jobQueue: JobQueue,
   opts: { removeStalledCb?: StalledFn } = {}
 ): BullQueue.Queue<T> {
+  const { opts: redisOpts, redisProtocolUrl } = getRedisOptions()
   const queueConfig: any = redisProtocolUrl || { redis: redisOpts }
   let queue: any
   if (!env.isTest()) {
@@ -40,8 +40,10 @@ export function createQueue<T>(
 }
 
 export async function shutdown() {
-  if (QUEUES.length) {
+  if (cleanupInterval) {
     clearInterval(cleanupInterval)
+  }
+  if (QUEUES.length) {
     for (let queue of QUEUES) {
       await queue.close()
     }
diff --git a/packages/backend-core/src/redis/index.ts b/packages/backend-core/src/redis/index.ts
index ea4379f048..6585d6e4fa 100644
--- a/packages/backend-core/src/redis/index.ts
+++ b/packages/backend-core/src/redis/index.ts
@@ -3,4 +3,4 @@
 export { default as Client } from "./redis"
 export * as utils from "./utils"
 export * as clients from "./init"
-export * as redlock from "./redlock"
+export * as locks from "./redlockImpl"
diff --git a/packages/backend-core/src/redis/init.ts b/packages/backend-core/src/redis/init.ts
index 00329ffb84..485268edad 100644
--- a/packages/backend-core/src/redis/init.ts
+++ b/packages/backend-core/src/redis/init.ts
@@ -20,13 +20,17 @@ async function init() {
   ).init()
 }
 
-process.on("exit", async () => {
+export async function shutdown() {
   if (userClient) await userClient.finish()
   if (sessionClient) await sessionClient.finish()
   if (appClient) await appClient.finish()
   if (cacheClient) await cacheClient.finish()
   if (writethroughClient) await writethroughClient.finish()
   if (lockClient) await lockClient.finish()
+}
+
+process.on("exit", async () => {
+  await shutdown()
 })
 
 export async function getUserClient() {
diff --git a/packages/backend-core/src/redis/redis.ts b/packages/backend-core/src/redis/redis.ts
index 0267709cdc..951369496a 100644
--- a/packages/backend-core/src/redis/redis.ts
+++ b/packages/backend-core/src/redis/redis.ts
@@ -1,6 +1,6 @@
 import env from "../environment"
 // ioredis mock is all in memory
-const Redis = env.isTest() ? require("ioredis-mock") : require("ioredis")
+const Redis = env.MOCK_REDIS ? require("ioredis-mock") : require("ioredis")
 import {
   addDbPrefix,
   removeDbPrefix,
@@ -17,8 +17,13 @@ const DEFAULT_SELECT_DB = SelectableDatabase.DEFAULT
 // for testing just generate the client once
 let CLOSED = false
 let CLIENTS: { [key: number]: any } = {}
-// if in test always connected
-let CONNECTED = env.isTest()
+
+let CONNECTED = false
+
+// mock redis always connected
+if (env.MOCK_REDIS) {
+  CONNECTED = true
+}
 
 function pickClient(selectDb: number): any {
   return CLIENTS[selectDb]
@@ -57,7 +62,7 @@ function init(selectDb = DEFAULT_SELECT_DB) {
     return
   }
   // testing uses a single in memory client
-  if (env.isTest()) {
+  if (env.MOCK_REDIS) {
     CLIENTS[selectDb] = new Redis(getRedisOptions())
   }
   // start the timer - only allowed 5 seconds to connect
@@ -86,6 +91,11 @@ function init(selectDb = DEFAULT_SELECT_DB) {
   }
   // attach handlers
   client.on("end", (err: Error) => {
+    if (env.isTest()) {
+      // don't try to re-connect in test env
+      // allow the process to exit
+      return
+    }
     connectionError(selectDb, timeout, err)
   })
   client.on("error", (err: Error) => {
diff --git a/packages/backend-core/src/redis/redlock.ts b/packages/backend-core/src/redis/redlockImpl.ts
similarity index 73%
rename from packages/backend-core/src/redis/redlock.ts
rename to packages/backend-core/src/redis/redlockImpl.ts
index 54b2c0a8d1..136d7f5d33 100644
--- a/packages/backend-core/src/redis/redlock.ts
+++ b/packages/backend-core/src/redis/redlockImpl.ts
@@ -1,29 +1,22 @@
 import Redlock, { Options } from "redlock"
 import { getLockClient } from "./init"
 import { LockOptions, LockType } from "@budibase/types"
-import * as tenancy from "../tenancy"
-
-let noRetryRedlock: Redlock | undefined
+import * as context from "../context"
+import env from "../environment"
 
 const getClient = async (type: LockType): Promise<Redlock> => {
+  if (env.isTest() && type !== LockType.TRY_ONCE) {
+    return newRedlock(OPTIONS.TEST)
+  }
   switch (type) {
     case LockType.TRY_ONCE: {
-      if (!noRetryRedlock) {
-        noRetryRedlock = await newRedlock(OPTIONS.TRY_ONCE)
-      }
-      return noRetryRedlock
+      return newRedlock(OPTIONS.TRY_ONCE)
     }
     case LockType.DEFAULT: {
-      if (!noRetryRedlock) {
-        noRetryRedlock = await newRedlock(OPTIONS.DEFAULT)
-      }
-      return noRetryRedlock
+      return newRedlock(OPTIONS.DEFAULT)
     }
     case LockType.DELAY_500: {
-      if (!noRetryRedlock) {
-        noRetryRedlock = await newRedlock(OPTIONS.DELAY_500)
-      }
-      return noRetryRedlock
+      return newRedlock(OPTIONS.DELAY_500)
     }
     default: {
       throw new Error(`Could not get redlock client: ${type}`)
@@ -36,6 +29,11 @@ export const OPTIONS = {
     // immediately throws an error if the lock is already held
     retryCount: 0,
   },
+  TEST: {
+    // higher retry count in unit tests
+    // due to high contention.
+    retryCount: 100,
+  },
   DEFAULT: {
     // the expected clock drift; for more details
     // see http://redis.io/topics/distlock
@@ -69,28 +67,38 @@ export const doWithLock = async (opts: LockOptions, task: any) => {
   const redlock = await getClient(opts.type)
   let lock
   try {
-    // aquire lock
-    let name: string = `lock:${tenancy.getTenantId()}_${opts.name}`
+    // determine lock name
+    // by default use the tenantId for uniqueness, unless using a system lock
+    const prefix = opts.systemLock ? "system" : context.getTenantId()
+    let name: string = `lock:${prefix}_${opts.name}`
+
+    // add additional unique name if required
     if (opts.nameSuffix) {
       name = name + `_${opts.nameSuffix}`
     }
+
+    // create the lock
     lock = await redlock.lock(name, opts.ttl)
+
     // perform locked task
     // need to await to ensure completion before unlocking
     const result = await task()
     return result
   } catch (e: any) {
-    console.log("lock error")
+    console.warn("lock error")
     // lock limit exceeded
     if (e.name === "LockError") {
       if (opts.type === LockType.TRY_ONCE) {
         // don't throw for try-once locks, they will always error
         // due to retry count (0) exceeded
+        console.warn(e)
         return
       } else {
+        console.error(e)
         throw e
       }
     } else {
+      console.error(e)
       throw e
     }
   } finally {
diff --git a/packages/backend-core/src/redis/utils.ts b/packages/backend-core/src/redis/utils.ts
index 4c556ebd54..7606c77b87 100644
--- a/packages/backend-core/src/redis/utils.ts
+++ b/packages/backend-core/src/redis/utils.ts
@@ -2,8 +2,6 @@ import env from "../environment"
 
 const SLOT_REFRESH_MS = 2000
 const CONNECT_TIMEOUT_MS = 10000
-const REDIS_URL = !env.REDIS_URL ? "localhost:6379" : env.REDIS_URL
-const REDIS_PASSWORD = !env.REDIS_PASSWORD ? "budibase" : env.REDIS_PASSWORD
 export const SEPARATOR = "-"
 
 /**
@@ -60,8 +58,8 @@ export enum SelectableDatabase {
 }
 
 export function getRedisOptions(clustered = false) {
-  let password = REDIS_PASSWORD
-  let url: string[] | string = REDIS_URL.split("//")
+  let password = env.REDIS_PASSWORD
+  let url: string[] | string = env.REDIS_URL.split("//")
   // get rid of the protocol
   url = url.length > 1 ? url[1] : url[0]
   // check for a password etc
@@ -78,8 +76,8 @@ export function getRedisOptions(clustered = false) {
   let redisProtocolUrl
 
   // fully qualified redis URL
-  if (/rediss?:\/\//.test(REDIS_URL)) {
-    redisProtocolUrl = REDIS_URL
+  if (/rediss?:\/\//.test(env.REDIS_URL)) {
+    redisProtocolUrl = env.REDIS_URL
   }
 
   const opts: any = {
diff --git a/packages/backend-core/src/tenancy/db.ts b/packages/backend-core/src/tenancy/db.ts
new file mode 100644
index 0000000000..10477a8579
--- /dev/null
+++ b/packages/backend-core/src/tenancy/db.ts
@@ -0,0 +1,6 @@
+import { getDB } from "../db/db"
+import { getGlobalDBName } from "../context"
+
+export function getTenantDB(tenantId: string) {
+  return getDB(getGlobalDBName(tenantId))
+}
diff --git a/packages/backend-core/src/tenancy/index.ts b/packages/backend-core/src/tenancy/index.ts
index 1618a136dd..3f17e33271 100644
--- a/packages/backend-core/src/tenancy/index.ts
+++ b/packages/backend-core/src/tenancy/index.ts
@@ -1,2 +1,2 @@
-export * from "../context"
+export * from "./db"
 export * from "./tenancy"
diff --git a/packages/backend-core/src/tenancy/tenancy.ts b/packages/backend-core/src/tenancy/tenancy.ts
index 732402bcb7..e8ddf88226 100644
--- a/packages/backend-core/src/tenancy/tenancy.ts
+++ b/packages/backend-core/src/tenancy/tenancy.ts
@@ -1,4 +1,3 @@
-import { doWithDB, getGlobalDBName } from "../db"
 import {
   DEFAULT_TENANT_ID,
   getTenantId,
@@ -11,10 +10,7 @@ import {
   TenantResolutionStrategy,
   GetTenantIdOptions,
 } from "@budibase/types"
-import { Header, StaticDatabases } from "../constants"
-
-const TENANT_DOC = StaticDatabases.PLATFORM_INFO.docs.tenants
-const PLATFORM_INFO_DB = StaticDatabases.PLATFORM_INFO.name
+import { Header } from "../constants"
 
 export function addTenantToUrl(url: string) {
   const tenantId = getTenantId()
@@ -27,89 +23,6 @@ export function addTenantToUrl(url: string) {
   return url
 }
 
-export async function doesTenantExist(tenantId: string) {
-  return doWithDB(PLATFORM_INFO_DB, async (db: any) => {
-    let tenants
-    try {
-      tenants = await db.get(TENANT_DOC)
-    } catch (err) {
-      // if theres an error the doc doesn't exist, no tenants exist
-      return false
-    }
-    return (
-      tenants &&
-      Array.isArray(tenants.tenantIds) &&
-      tenants.tenantIds.indexOf(tenantId) !== -1
-    )
-  })
-}
-
-export async function tryAddTenant(
-  tenantId: string,
-  userId: string,
-  email: string,
-  afterCreateTenant: () => Promise<void>
-) {
-  return doWithDB(PLATFORM_INFO_DB, async (db: any) => {
-    const getDoc = async (id: string) => {
-      if (!id) {
-        return null
-      }
-      try {
-        return await db.get(id)
-      } catch (err) {
-        return { _id: id }
-      }
-    }
-    let [tenants, userIdDoc, emailDoc] = await Promise.all([
-      getDoc(TENANT_DOC),
-      getDoc(userId),
-      getDoc(email),
-    ])
-    if (!Array.isArray(tenants.tenantIds)) {
-      tenants = {
-        _id: TENANT_DOC,
-        tenantIds: [],
-      }
-    }
-    let promises = []
-    if (userIdDoc) {
-      userIdDoc.tenantId = tenantId
-      promises.push(db.put(userIdDoc))
-    }
-    if (emailDoc) {
-      emailDoc.tenantId = tenantId
-      emailDoc.userId = userId
-      promises.push(db.put(emailDoc))
-    }
-    if (tenants.tenantIds.indexOf(tenantId) === -1) {
-      tenants.tenantIds.push(tenantId)
-      promises.push(db.put(tenants))
-      await afterCreateTenant()
-    }
-    await Promise.all(promises)
-  })
-}
-
-export function doWithGlobalDB(tenantId: string, cb: any) {
-  return doWithDB(getGlobalDBName(tenantId), cb)
-}
-
-export async function lookupTenantId(userId: string) {
-  return doWithDB(StaticDatabases.PLATFORM_INFO.name, async (db: any) => {
-    let tenantId = env.MULTI_TENANCY ? DEFAULT_TENANT_ID : null
-    try {
-      const doc = await db.get(userId)
-      if (doc && doc.tenantId) {
-        tenantId = doc.tenantId
-      }
-    } catch (err) {
-      // just return the default
-    }
-    return tenantId
-  })
-}
-
 export const isUserInAppTenant = (appId: string, user?: any) => {
   let userTenantId
   if (user) {
@@ -121,19 +34,6 @@ export const isUserInAppTenant = (appId: string, user?: any) => {
   return tenantId === userTenantId
 }
 
-export async function getTenantIds() {
-  return doWithDB(PLATFORM_INFO_DB, async (db: any) => {
-    let tenants
-    try {
-      tenants = await db.get(TENANT_DOC)
-    } catch (err) {
-      // if theres an error the doc doesn't exist, no tenants exist
-      return []
-    }
-    return (tenants && tenants.tenantIds) || []
-  })
-}
-
 const ALL_STRATEGIES = Object.values(TenantResolutionStrategy)
 
 export const getTenantIDFromCtx = (
diff --git a/packages/backend-core/src/users.ts b/packages/backend-core/src/users.ts
index 7502ece47a..dfc544c3ed 100644
--- a/packages/backend-core/src/users.ts
+++ b/packages/backend-core/src/users.ts
@@ -7,18 +7,44 @@ import {
   UNICODE_MAX,
   DocumentType,
   SEPARATOR,
+  directCouchFind,
 } from "./db"
 import { BulkDocsResponse, User } from "@budibase/types"
 import { getGlobalDB } from "./context"
+import * as context from "./context"
 
-export const bulkGetGlobalUsersById = async (userIds: string[]) => {
+type GetOpts = { cleanup?: boolean }
+
+function removeUserPassword(users: User | User[]) {
+  if (Array.isArray(users)) {
+    return users.map(user => {
+      if (user) {
+        delete user.password
+        return user
+      }
+    })
+  } else if (users) {
+    delete users.password
+    return users
+  }
+  return users
+}
+
+export const bulkGetGlobalUsersById = async (
+  userIds: string[],
+  opts?: GetOpts
+) => {
   const db = getGlobalDB()
-  return (
+  let users = (
     await db.allDocs({
       keys: userIds,
       include_docs: true,
     })
   ).rows.map(row => row.doc) as User[]
+  if (opts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
 }
 
 export const getAllUserIds = async () => {
@@ -36,13 +62,22 @@ export const bulkUpdateGlobalUsers = async (users: User[]) => {
   return (await db.bulkDocs(users)) as BulkDocsResponse
 }
 
+export async function getById(id: string, opts?: GetOpts): Promise<User> {
+  const db = context.getGlobalDB()
+  let user = await db.get(id)
+  if (opts?.cleanup) {
+    user = removeUserPassword(user)
+  }
+  return user
+}
+
 /**
  * Given an email address this will use a view to search through
  * all the users to find one with this email address.
- * @param {string} email the email to lookup the user by.
  */
 export const getGlobalUserByEmail = async (
-  email: String
+  email: String,
+  opts?: GetOpts
 ): Promise<User | undefined> => {
   if (email == null) {
     throw "Must supply an email address to view"
@@ -58,10 +93,19 @@ export const getGlobalUserByEmail = async (
     throw new Error(`Multiple users found with email address: ${email}`)
   }
 
-  return response
+  let user = response as User
+  if (opts?.cleanup) {
+    user = removeUserPassword(user) as User
+  }
+
+  return user
 }
 
-export const searchGlobalUsersByApp = async (appId: any, opts: any) => {
+export const searchGlobalUsersByApp = async (
+  appId: any,
+  opts: any,
+  getOpts?: GetOpts
+) => {
   if (typeof appId !== "string") {
     throw new Error("Must provide a string based app ID")
   }
@@ -70,10 +114,54 @@ export const searchGlobalUsersByApp = async (appId: any, opts: any) => {
   })
   params.startkey = opts && opts.startkey ? opts.startkey : params.startkey
   let response = await queryGlobalView(ViewName.USER_BY_APP, params)
+
   if (!response) {
     response = []
   }
-  return Array.isArray(response) ? response : [response]
+  let users: User[] = Array.isArray(response) ? response : [response]
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
+}
+
+/*
+  Return any user who potentially has access to the application
+  Admins, developers and app users with the explicitly role.
+*/
+export const searchGlobalUsersByAppAccess = async (appId: any, opts: any) => {
+  const roleSelector = `roles.${appId}`
+
+  let orQuery: any[] = [
+    {
+      "builder.global": true,
+    },
+    {
+      "admin.global": true,
+    },
+  ]
+
+  if (appId) {
+    const roleCheck = {
+      [roleSelector]: {
+        $exists: true,
+      },
+    }
+    orQuery.push(roleCheck)
+  }
+
+  let searchOptions = {
+    selector: {
+      $or: orQuery,
+      _id: {
+        $regex: "^us_",
+      },
+    },
+    limit: opts?.limit || 50,
+  }
+
+  const resp = await directCouchFind(context.getGlobalDBName(), searchOptions)
+  return resp?.rows
 }
 
 export const getGlobalUserByAppPage = (appId: string, user: User) => {
@@ -86,7 +174,11 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
 /**
  * Performs a starts with search on the global email view.
  */
-export const searchGlobalUsersByEmail = async (email: string, opts: any) => {
+export const searchGlobalUsersByEmail = async (
+  email: string,
+  opts: any,
+  getOpts?: GetOpts
+) => {
   if (typeof email !== "string") {
     throw new Error("Must provide a string to search by")
   }
@@ -101,5 +193,9 @@ export const searchGlobalUsersByEmail = async (email: string, opts: any) => {
   if (!response) {
     response = []
   }
-  return Array.isArray(response) ? response : [response]
+  let users: User[] = Array.isArray(response) ? response : [response]
+  if (getOpts?.cleanup) {
+    users = removeUserPassword(users) as User[]
+  }
+  return users
 }
diff --git a/packages/backend-core/src/utils/tests/utils.spec.ts b/packages/backend-core/src/utils/tests/utils.spec.ts
index b3cd527fb3..7d6c5561e8 100644
--- a/packages/backend-core/src/utils/tests/utils.spec.ts
+++ b/packages/backend-core/src/utils/tests/utils.spec.ts
@@ -1,21 +1,12 @@
-import { structures } from "../../../tests"
+import { structures, DBTestConfiguration } from "../../../tests"
 import * as utils from "../../utils"
-import * as events from "../../events"
 import * as db from "../../db"
 import { Header } from "../../constants"
-import { doInTenant } from "../../context"
 import { newid } from "../../utils"
+import env from "../../environment"
 
 describe("utils", () => {
-  describe("platformLogout", () => {
-    it("should call platform logout", async () => {
-      await doInTenant(structures.tenant.id(), async () => {
-        const ctx = structures.koa.newContext()
-        await utils.platformLogout({ ctx, userId: "test" })
-        expect(events.auth.logout).toBeCalledTimes(1)
-      })
-    })
-  })
+  const config = new DBTestConfiguration()
 
   describe("getAppIdFromCtx", () => {
     it("gets appId from header", async () => {
@@ -50,21 +41,28 @@ describe("utils", () => {
     })
 
     it("gets appId from url", async () => {
-      const ctx = structures.koa.newContext()
-      const expected = db.generateAppID()
-      const app = structures.apps.app(expected)
+      await config.doInTenant(async () => {
+        const url = "http://test.com"
+        env._set("PLATFORM_URL", url)
 
-      // set custom url
-      const appUrl = newid()
-      app.url = `/${appUrl}`
-      ctx.path = `/app/${appUrl}`
+        const ctx = structures.koa.newContext()
+        ctx.host = `${config.tenantId}.test.com`
 
-      // save the app
-      const database = db.getDB(expected)
-      await database.put(app)
+        const expected = db.generateAppID(config.tenantId)
+        const app = structures.apps.app(expected)
 
-      const actual = await utils.getAppIdFromCtx(ctx)
-      expect(actual).toBe(expected)
+        // set custom url
+        const appUrl = newid()
+        app.url = `/${appUrl}`
+        ctx.path = `/app/${appUrl}`
+
+        // save the app
+        const database = db.getDB(expected)
+        await database.put(app)
+
+        const actual = await utils.getAppIdFromCtx(ctx)
+        expect(actual).toBe(expected)
+      })
     })
 
     it("doesn't get appId from url when previewing", async () => {
diff --git a/packages/backend-core/src/utils/utils.ts b/packages/backend-core/src/utils/utils.ts
index c608686431..3efd40ca80 100644
--- a/packages/backend-core/src/utils/utils.ts
+++ b/packages/backend-core/src/utils/utils.ts
@@ -2,21 +2,19 @@ import { getAllApps, queryGlobalView } from "../db"
 import { options } from "../middleware/passport/jwt"
 import {
   Header,
-  Cookie,
   MAX_VALID_DATE,
   DocumentType,
   SEPARATOR,
   ViewName,
 } from "../constants"
 import env from "../environment"
-import * as userCache from "../cache/user"
-import { getSessionsForUser, invalidateSessions } from "../security/sessions"
-import * as events from "../events"
 import * as tenancy from "../tenancy"
+import * as context from "../context"
 import {
   App,
+  AuditedEventFriendlyName,
   Ctx,
-  PlatformLogoutOpts,
+  Event,
   TenantResolutionStrategy,
 } from "@budibase/types"
 import { SetOption } from "cookies"
@@ -38,7 +36,7 @@ export async function resolveAppUrl(ctx: Ctx) {
   const appUrl = ctx.path.split("/")[2]
   let possibleAppUrl = `/${appUrl.toLowerCase()}`
 
-  let tenantId: string | null = tenancy.getTenantId()
+  let tenantId: string | null = context.getTenantId()
   if (env.MULTI_TENANCY) {
     // always use the tenant id from the subdomain in multi tenancy
     // this ensures the logged-in user tenant id doesn't overwrite
@@ -49,7 +47,7 @@ export async function resolveAppUrl(ctx: Ctx) {
   }
 
   // search prod apps for a url that matches
-  const apps: App[] = await tenancy.doInTenant(tenantId, () =>
+  const apps: App[] = await context.doInTenant(tenantId, () =>
     getAllApps({ dev: false })
   )
   const app = apps.filter(
@@ -222,35 +220,10 @@ export async function getBuildersCount() {
   return builders.length
 }
 
-/**
- * Logs a user out from budibase. Re-used across account portal and builder.
- */
-export async function platformLogout(opts: PlatformLogoutOpts) {
-  const ctx = opts.ctx
-  const userId = opts.userId
-  const keepActiveSession = opts.keepActiveSession
-
-  if (!ctx) throw new Error("Koa context must be supplied to logout.")
-
-  const currentSession = getCookie(ctx, Cookie.Auth)
-  let sessions = await getSessionsForUser(userId)
-
-  if (keepActiveSession) {
-    sessions = sessions.filter(
-      session => session.sessionId !== currentSession.sessionId
-    )
-  } else {
-    // clear cookies
-    clearCookie(ctx, Cookie.Auth)
-    clearCookie(ctx, Cookie.CurrentApp)
-  }
-
-  const sessionIds = sessions.map(({ sessionId }) => sessionId)
-  await invalidateSessions(userId, { sessionIds, reason: "logout" })
-  await events.auth.logout()
-  await userCache.invalidateUser(userId)
-}
-
 export function timeout(timeMs: number) {
   return new Promise(resolve => setTimeout(resolve, timeMs))
 }
+
+export function isAudited(event: Event) {
+  return !!AuditedEventFriendlyName[event]
+}
diff --git a/packages/backend-core/tests/jestEnv.ts b/packages/backend-core/tests/jestEnv.ts
index 1190eb3bb7..ec8de2942e 100644
--- a/packages/backend-core/tests/jestEnv.ts
+++ b/packages/backend-core/tests/jestEnv.ts
@@ -1,23 +1,6 @@
-import env from "../src/environment"
-import { mocks } from "./utilities"
-
-// must explicitly enable fetch mock
-mocks.fetch.enable()
-
-// mock all dates to 2020-01-01T00:00:00.000Z
-// use tk.reset() to use real dates in individual tests
-import tk from "timekeeper"
-tk.freeze(mocks.date.MOCK_DATE)
-
-env._set("SELF_HOSTED", "1")
-env._set("NODE_ENV", "jest")
-
-if (!process.env.DEBUG) {
-  global.console.log = jest.fn() // console.log are ignored in tests
-}
-
-if (!process.env.CI) {
-  // set a longer timeout in dev for debugging
-  // 100 seconds
-  jest.setTimeout(100000)
-}
+process.env.SELF_HOSTED = "1"
+process.env.MULTI_TENANCY = "1"
+process.env.NODE_ENV = "jest"
+process.env.MOCK_REDIS = "1"
+process.env.LOG_LEVEL = process.env.LOG_LEVEL || "error"
+process.env.ENABLE_4XX_HTTP_LOGGING = "0"
diff --git a/packages/backend-core/tests/jestSetup.ts b/packages/backend-core/tests/jestSetup.ts
index f7887ec824..e786086de6 100644
--- a/packages/backend-core/tests/jestSetup.ts
+++ b/packages/backend-core/tests/jestSetup.ts
@@ -1,4 +1,23 @@
+import "./logging"
 import env from "../src/environment"
-import { testContainerUtils } from "./utilities"
+import { mocks, testContainerUtils } from "./utilities"
+
+// must explicitly enable fetch mock
+mocks.fetch.enable()
+
+// mock all dates to 2020-01-01T00:00:00.000Z
+// use tk.reset() to use real dates in individual tests
+import tk from "timekeeper"
+tk.freeze(mocks.date.MOCK_DATE)
+
+if (!process.env.DEBUG) {
+  console.log = jest.fn() // console.log are ignored in tests
+}
+
+if (!process.env.CI) {
+  // set a longer timeout in dev for debugging
+  // 100 seconds
+  jest.setTimeout(100000)
+}
 
 testContainerUtils.setupEnv(env)
diff --git a/packages/backend-core/tests/logging.ts b/packages/backend-core/tests/logging.ts
new file mode 100644
index 0000000000..271f4d62ff
--- /dev/null
+++ b/packages/backend-core/tests/logging.ts
@@ -0,0 +1,34 @@
+export enum LogLevel {
+  TRACE = "trace",
+  DEBUG = "debug",
+  INFO = "info",
+  WARN = "warn",
+  ERROR = "error",
+}
+
+const LOG_INDEX: { [key in LogLevel]: number } = {
+  [LogLevel.TRACE]: 1,
+  [LogLevel.DEBUG]: 2,
+  [LogLevel.INFO]: 3,
+  [LogLevel.WARN]: 4,
+  [LogLevel.ERROR]: 5,
+}
+
+const setIndex = LOG_INDEX[process.env.LOG_LEVEL as LogLevel]
+
+if (setIndex > LOG_INDEX.trace) {
+  global.console.trace = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.debug) {
+  global.console.debug = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.info) {
+  global.console.info = jest.fn()
+  global.console.log = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.warn) {
+  global.console.warn = jest.fn()
+}
diff --git a/packages/backend-core/tests/utilities/DBTestConfiguration.ts b/packages/backend-core/tests/utilities/DBTestConfiguration.ts
new file mode 100644
index 0000000000..e5e57a99a3
--- /dev/null
+++ b/packages/backend-core/tests/utilities/DBTestConfiguration.ts
@@ -0,0 +1,36 @@
+import "./mocks"
+import * as structures from "./structures"
+import * as testEnv from "./testEnv"
+import * as context from "../../src/context"
+
+class DBTestConfiguration {
+  tenantId: string
+
+  constructor() {
+    // db tests need to be multi tenant to prevent conflicts
+    testEnv.multiTenant()
+    this.tenantId = structures.tenant.id()
+  }
+
+  newTenant() {
+    this.tenantId = structures.tenant.id()
+  }
+
+  // TENANCY
+
+  doInTenant(task: any) {
+    return context.doInTenant(this.tenantId, () => {
+      return task()
+    })
+  }
+
+  getTenantId() {
+    try {
+      return context.getTenantId()
+    } catch (e) {
+      return this.tenantId!
+    }
+  }
+}
+
+export default DBTestConfiguration
diff --git a/packages/backend-core/tests/utilities/db.ts b/packages/backend-core/tests/utilities/db.ts
deleted file mode 100644
index 84b77bb201..0000000000
--- a/packages/backend-core/tests/utilities/db.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-import * as db from "../../src/db"
-
-const dbConfig = {
-  inMemory: true,
-}
-
-export const init = () => {
-  db.init(dbConfig)
-}
diff --git a/packages/backend-core/tests/utilities/index.ts b/packages/backend-core/tests/utilities/index.ts
index 468d980a7f..efe014908b 100644
--- a/packages/backend-core/tests/utilities/index.ts
+++ b/packages/backend-core/tests/utilities/index.ts
@@ -4,5 +4,4 @@ export { generator } from "./structures"
 export * as testEnv from "./testEnv"
 export * as testContainerUtils from "./testContainerUtils"
 
-import * as dbConfig from "./db"
-dbConfig.init()
+export { default as DBTestConfiguration } from "./DBTestConfiguration"
diff --git a/packages/backend-core/tests/utilities/mocks/accounts.ts b/packages/backend-core/tests/utilities/mocks/accounts.ts
deleted file mode 100644
index e40d32b276..0000000000
--- a/packages/backend-core/tests/utilities/mocks/accounts.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-const mockGetAccount = jest.fn()
-const mockGetAccountByTenantId = jest.fn()
-const mockGetStatus = jest.fn()
-
-jest.mock("../../../src/cloud/accounts", () => ({
-  getAccount: mockGetAccount,
-  getAccountByTenantId: mockGetAccountByTenantId,
-  getStatus: mockGetStatus,
-}))
-
-export const getAccount = mockGetAccount
-export const getAccountByTenantId = mockGetAccountByTenantId
-export const getStatus = mockGetStatus
diff --git a/packages/backend-core/tests/utilities/mocks/index.ts b/packages/backend-core/tests/utilities/mocks/index.ts
index 401fd7d7a7..f5f45c0342 100644
--- a/packages/backend-core/tests/utilities/mocks/index.ts
+++ b/packages/backend-core/tests/utilities/mocks/index.ts
@@ -1,4 +1,7 @@
-export * as accounts from "./accounts"
+jest.mock("../../../src/accounts")
+import * as _accounts from "../../../src/accounts"
+export const accounts = jest.mocked(_accounts)
+
 export * as date from "./date"
 export * as licenses from "./licenses"
 export { default as fetch } from "./fetch"
diff --git a/packages/backend-core/tests/utilities/mocks/licenses.ts b/packages/backend-core/tests/utilities/mocks/licenses.ts
index e374612f5f..2ca41616e4 100644
--- a/packages/backend-core/tests/utilities/mocks/licenses.ts
+++ b/packages/backend-core/tests/utilities/mocks/licenses.ts
@@ -70,6 +70,10 @@ export const useBackups = () => {
   return useFeature(Feature.APP_BACKUPS)
 }
 
+export const useEnforceableSSO = () => {
+  return useFeature(Feature.ENFORCEABLE_SSO)
+}
+
 export const useGroups = () => {
   return useFeature(Feature.USER_GROUPS)
 }
@@ -78,6 +82,10 @@ export const useEnvironmentVariables = () => {
   return useFeature(Feature.ENVIRONMENT_VARIABLES)
 }
 
+export const useAuditLogs = () => {
+  return useFeature(Feature.AUDIT_LOGS)
+}
+
 // QUOTAS
 
 export const setAutomationLogsQuota = (value: number) => {
diff --git a/packages/backend-core/tests/utilities/structures/accounts.ts b/packages/backend-core/tests/utilities/structures/accounts.ts
index f1718aecc0..62a9ac19d1 100644
--- a/packages/backend-core/tests/utilities/structures/accounts.ts
+++ b/packages/backend-core/tests/utilities/structures/accounts.ts
@@ -1,6 +1,17 @@
 import { generator, uuid } from "."
 import * as db from "../../../src/db/utils"
-import { Account, AuthType, CloudAccount, Hosting } from "@budibase/types"
+import {
+  Account,
+  AccountSSOProvider,
+  AccountSSOProviderType,
+  AuthType,
+  CloudAccount,
+  Hosting,
+  SSOAccount,
+  CreateAccount,
+  CreatePassswordAccount,
+} from "@budibase/types"
+import _ from "lodash"
 
 export const account = (): Account => {
   return {
@@ -20,6 +31,10 @@ export const account = (): Account => {
   }
 }
 
+export function selfHostAccount() {
+  return account()
+}
+
 export const cloudAccount = (): CloudAccount => {
   return {
     ...account(),
@@ -27,3 +42,74 @@ export const cloudAccount = (): CloudAccount => {
     budibaseUserId: db.generateGlobalUserID(),
   }
 }
+
+function providerType(): AccountSSOProviderType {
+  return _.sample(
+    Object.values(AccountSSOProviderType)
+  ) as AccountSSOProviderType
+}
+
+function provider(): AccountSSOProvider {
+  return _.sample(Object.values(AccountSSOProvider)) as AccountSSOProvider
+}
+
+export function ssoAccount(account: Account = cloudAccount()): SSOAccount {
+  return {
+    ...account,
+    authType: AuthType.SSO,
+    oauth2: {
+      accessToken: generator.string(),
+      refreshToken: generator.string(),
+    },
+    pictureUrl: generator.url(),
+    provider: provider(),
+    providerType: providerType(),
+    thirdPartyProfile: {},
+  }
+}
+
+export const cloudCreateAccount: CreatePassswordAccount = {
+  email: "cloud@budibase.com",
+  tenantId: "cloud",
+  hosting: Hosting.CLOUD,
+  authType: AuthType.PASSWORD,
+  password: "Password123!",
+  tenantName: "cloud",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const cloudSSOCreateAccount: CreateAccount = {
+  email: "cloud-sso@budibase.com",
+  tenantId: "cloud-sso",
+  hosting: Hosting.CLOUD,
+  authType: AuthType.SSO,
+  tenantName: "cloudsso",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const selfCreateAccount: CreatePassswordAccount = {
+  email: "self@budibase.com",
+  tenantId: "self",
+  hosting: Hosting.SELF,
+  authType: AuthType.PASSWORD,
+  password: "Password123!",
+  tenantName: "self",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
+
+export const selfSSOCreateAccount: CreateAccount = {
+  email: "self-sso@budibase.com",
+  tenantId: "self-sso",
+  hosting: Hosting.SELF,
+  authType: AuthType.SSO,
+  tenantName: "selfsso",
+  name: "Budi Armstrong",
+  size: "10+",
+  profession: "Software Engineer",
+}
diff --git a/packages/backend-core/tests/utilities/structures/generator.ts b/packages/backend-core/tests/utilities/structures/generator.ts
new file mode 100644
index 0000000000..51567b152e
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/generator.ts
@@ -0,0 +1,2 @@
+import Chance from "chance"
+export const generator = new Chance()
diff --git a/packages/backend-core/tests/utilities/structures/index.ts b/packages/backend-core/tests/utilities/structures/index.ts
index e74751e479..ca77f476d0 100644
--- a/packages/backend-core/tests/utilities/structures/index.ts
+++ b/packages/backend-core/tests/utilities/structures/index.ts
@@ -1,12 +1,11 @@
 export * from "./common"
-
-import Chance from "chance"
-export const generator = new Chance()
-
 export * as accounts from "./accounts"
 export * as apps from "./apps"
+export * as db from "./db"
 export * as koa from "./koa"
 export * as licenses from "./licenses"
 export * as plugins from "./plugins"
+export * as sso from "./sso"
 export * as tenant from "./tenants"
-export * as db from "./db"
+export * as users from "./users"
+export { generator } from "./generator"
diff --git a/packages/backend-core/tests/utilities/structures/shared.ts b/packages/backend-core/tests/utilities/structures/shared.ts
new file mode 100644
index 0000000000..de0e19486c
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/shared.ts
@@ -0,0 +1,19 @@
+import { User } from "@budibase/types"
+import { generator } from "./generator"
+import { uuid } from "./common"
+
+export const newEmail = () => {
+  return `${uuid()}@test.com`
+}
+
+export const user = (userProps?: any): User => {
+  return {
+    email: newEmail(),
+    password: "test",
+    roles: { app_test: "admin" },
+    firstName: generator.first(),
+    lastName: generator.last(),
+    pictureUrl: "http://test.com",
+    ...userProps,
+  }
+}
diff --git a/packages/backend-core/tests/utilities/structures/sso.ts b/packages/backend-core/tests/utilities/structures/sso.ts
new file mode 100644
index 0000000000..7413fa3c09
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/sso.ts
@@ -0,0 +1,109 @@
+import {
+  GoogleInnerConfig,
+  JwtClaims,
+  OAuth2,
+  OIDCInnerConfig,
+  OIDCWellKnownConfig,
+  SSOAuthDetails,
+  SSOProfile,
+  SSOProviderType,
+  User,
+} from "@budibase/types"
+import { generator } from "./generator"
+import { uuid, email } from "./common"
+import * as shared from "./shared"
+import _ from "lodash"
+import { user } from "./shared"
+
+export function OAuth(): OAuth2 {
+  return {
+    refreshToken: generator.string(),
+    accessToken: generator.string(),
+  }
+}
+
+export function authDetails(userDoc?: User): SSOAuthDetails {
+  if (!userDoc) {
+    userDoc = user()
+  }
+
+  const userId = userDoc._id || uuid()
+  const provider = generator.string()
+
+  const profile = ssoProfile(userDoc)
+  profile.provider = provider
+  profile.id = userId
+
+  return {
+    email: userDoc.email,
+    oauth2: OAuth(),
+    profile,
+    provider,
+    providerType: providerType(),
+    userId,
+  }
+}
+
+export function providerType(): SSOProviderType {
+  return _.sample(Object.values(SSOProviderType)) as SSOProviderType
+}
+
+export function ssoProfile(user?: User): SSOProfile {
+  if (!user) {
+    user = shared.user()
+  }
+  return {
+    id: user._id!,
+    name: {
+      givenName: user.firstName,
+      familyName: user.lastName,
+    },
+    _json: {
+      email: user.email,
+      picture: "http://test.com",
+    },
+    provider: generator.string(),
+  }
+}
+
+// OIDC
+
+export function oidcConfig(): OIDCInnerConfig {
+  return {
+    uuid: uuid(),
+    activated: true,
+    logo: "",
+    name: generator.string(),
+    configUrl: "http://someconfigurl",
+    clientID: generator.string(),
+    clientSecret: generator.string(),
+    scopes: [],
+  }
+}
+
+// response from .well-known/openid-configuration
+export function oidcWellKnownConfig(): OIDCWellKnownConfig {
+  return {
+    issuer: generator.string(),
+    authorization_endpoint: generator.url(),
+    token_endpoint: generator.url(),
+    userinfo_endpoint: generator.url(),
+  }
+}
+
+export function jwtClaims(): JwtClaims {
+  return {
+    email: email(),
+    preferred_username: email(),
+  }
+}
+
+// GOOGLE
+
+export function googleConfig(): GoogleInnerConfig {
+  return {
+    activated: true,
+    clientID: generator.string(),
+    clientSecret: generator.string(),
+  }
+}
diff --git a/packages/backend-core/tests/utilities/structures/users.ts b/packages/backend-core/tests/utilities/structures/users.ts
new file mode 100644
index 0000000000..7a6b4f0d80
--- /dev/null
+++ b/packages/backend-core/tests/utilities/structures/users.ts
@@ -0,0 +1,54 @@
+import {
+  AdminUser,
+  BuilderUser,
+  SSOAuthDetails,
+  SSOUser,
+} from "@budibase/types"
+import { user } from "./shared"
+import { authDetails } from "./sso"
+
+export { user, newEmail } from "./shared"
+
+export const adminUser = (userProps?: any): AdminUser => {
+  return {
+    ...user(userProps),
+    admin: {
+      global: true,
+    },
+    builder: {
+      global: true,
+    },
+  }
+}
+
+export const builderUser = (userProps?: any): BuilderUser => {
+  return {
+    ...user(userProps),
+    builder: {
+      global: true,
+    },
+  }
+}
+
+export function ssoUser(
+  opts: { user?: any; details?: SSOAuthDetails } = {}
+): SSOUser {
+  const base = user(opts.user)
+  delete base.password
+
+  if (!opts.details) {
+    opts.details = authDetails(base)
+  }
+
+  return {
+    ...base,
+    forceResetPassword: false,
+    oauth2: opts.details?.oauth2,
+    provider: opts.details?.provider!,
+    providerType: opts.details?.providerType!,
+    thirdPartyProfile: {
+      email: base.email,
+      picture: base.pictureUrl,
+    },
+  }
+}
diff --git a/packages/backend-core/tests/utilities/testContainerUtils.ts b/packages/backend-core/tests/utilities/testContainerUtils.ts
index 22198bd496..f6c702f7ef 100644
--- a/packages/backend-core/tests/utilities/testContainerUtils.ts
+++ b/packages/backend-core/tests/utilities/testContainerUtils.ts
@@ -1,3 +1,31 @@
+import { execSync } from "child_process"
+
+let dockerPsResult: string | undefined
+
+function formatDockerPsResult(serverName: string, port: number) {
+  const lines = dockerPsResult?.split("\n")
+  let first = true
+  if (!lines) {
+    return null
+  }
+  for (let line of lines) {
+    if (first) {
+      first = false
+      continue
+    }
+    let toLookFor = serverName.split("-service")[0]
+    if (!line.includes(toLookFor)) {
+      continue
+    }
+    const regex = new RegExp(`0.0.0.0:([0-9]*)->${port}`, "g")
+    const found = line.match(regex)
+    if (found) {
+      return found[0].split(":")[1].split("->")[0]
+    }
+  }
+  return null
+}
+
 function getTestContainerSettings(
   serverName: string,
   key: string
@@ -14,10 +42,22 @@ function getTestContainerSettings(
 }
 
 function getContainerInfo(containerName: string, port: number) {
-  const assignedPort = getTestContainerSettings(
+  let assignedPort = getTestContainerSettings(
     containerName.toUpperCase(),
     `PORT_${port}`
   )
+  if (!dockerPsResult) {
+    try {
+      const outputBuffer = execSync("docker ps")
+      dockerPsResult = outputBuffer.toString("utf8")
+    } catch (err) {
+      //no-op
+    }
+  }
+  const possiblePort = formatDockerPsResult(containerName, port)
+  if (possiblePort) {
+    assignedPort = possiblePort
+  }
   const host = getTestContainerSettings(containerName.toUpperCase(), "IP")
   return {
     port: assignedPort,
@@ -34,12 +74,20 @@ function getMinioConfig() {
   return getContainerInfo("minio-service", 9000)
 }
 
+function getRedisConfig() {
+  return getContainerInfo("redis-service", 6379)
+}
+
 export function setupEnv(...envs: any[]) {
+  const couch = getCouchConfig(),
+    minio = getCouchConfig(),
+    redis = getRedisConfig()
   const configs = [
-    { key: "COUCH_DB_PORT", value: getCouchConfig().port },
-    { key: "COUCH_DB_URL", value: getCouchConfig().url },
-    { key: "MINIO_PORT", value: getMinioConfig().port },
-    { key: "MINIO_URL", value: getMinioConfig().url },
+    { key: "COUCH_DB_PORT", value: couch.port },
+    { key: "COUCH_DB_URL", value: couch.url },
+    { key: "MINIO_PORT", value: minio.port },
+    { key: "MINIO_URL", value: minio.url },
+    { key: "REDIS_URL", value: redis.url },
   ]
 
   for (const config of configs.filter(x => !!x.value)) {
diff --git a/packages/backend-core/tests/utilities/testEnv.ts b/packages/backend-core/tests/utilities/testEnv.ts
index b4f06b5153..b138e019fc 100644
--- a/packages/backend-core/tests/utilities/testEnv.ts
+++ b/packages/backend-core/tests/utilities/testEnv.ts
@@ -1,12 +1,12 @@
 import env from "../../src/environment"
-import * as tenancy from "../../src/tenancy"
-import { newid } from "../../src/utils"
+import * as context from "../../src/context"
+import * as structures from "./structures"
 
 // TENANCY
 
 export async function withTenant(task: (tenantId: string) => any) {
-  const tenantId = newid()
-  return tenancy.doInTenant(tenantId, async () => {
+  const tenantId = structures.tenant.id()
+  return context.doInTenant(tenantId, async () => {
     await task(tenantId)
   })
 }
@@ -19,6 +19,14 @@ export function multiTenant() {
   env._set("MULTI_TENANCY", 1)
 }
 
+export function selfHosted() {
+  env._set("SELF_HOSTED", 1)
+}
+
+export function cloudHosted() {
+  env._set("SELF_HOSTED", 0)
+}
+
 // NODE
 
 export function nodeDev() {
diff --git a/packages/backend-core/yarn.lock b/packages/backend-core/yarn.lock
index d88b1058f9..91c5c6c9f3 100644
--- a/packages/backend-core/yarn.lock
+++ b/packages/backend-core/yarn.lock
@@ -475,10 +475,10 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
@@ -1197,10 +1197,10 @@
   dependencies:
     "@types/istanbul-lib-report" "*"
 
-"@types/jest@27.5.1":
-  version "27.5.1"
-  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-27.5.1.tgz#2c8b6dc6ff85c33bcd07d0b62cb3d19ddfdb3ab9"
-  integrity sha512-fUy7YRpT+rHXto1YlL+J9rs0uLGyiqVt3ZOTQR+4ROc47yNl8WLdVLgUloBRhOxP1PZvguHl44T3H0wAWxahYQ==
+"@types/jest@28.1.1":
+  version "28.1.1"
+  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-28.1.1.tgz#8c9ba63702a11f8c386ee211280e8b68cb093cd1"
+  integrity sha512-C2p7yqleUKtCkVjlOur9BWVA4HgUQmEj/HWCt5WzZ5mLXrWnyIfl0wGuArc+kBXsy0ZZfLp+7dywB4HtSVYGVA==
   dependencies:
     jest-matcher-utils "^27.0.0"
     pretty-format "^27.0.0"
diff --git a/packages/bbui/package.json b/packages/bbui/package.json
index 073f57f094..502d32c7b0 100644
--- a/packages/bbui/package.json
+++ b/packages/bbui/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/bbui",
   "description": "A UI solution used in the different Budibase projects.",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "module": "dist/bbui.es.js",
@@ -38,7 +38,7 @@
   ],
   "dependencies": {
     "@adobe/spectrum-css-workflow-icons": "1.2.1",
-    "@budibase/string-templates": "^2.3.16",
+    "@budibase/string-templates": "2.3.21-alpha.1",
     "@spectrum-css/accordion": "3.0.24",
     "@spectrum-css/actionbutton": "1.0.1",
     "@spectrum-css/actiongroup": "1.0.1",
diff --git a/packages/bbui/src/ActionButton/ActionButton.svelte b/packages/bbui/src/ActionButton/ActionButton.svelte
index 663128160f..01f5033e6c 100644
--- a/packages/bbui/src/ActionButton/ActionButton.svelte
+++ b/packages/bbui/src/ActionButton/ActionButton.svelte
@@ -1,6 +1,9 @@
 <script>
   import "@spectrum-css/actionbutton/dist/index-vars.css"
   import { createEventDispatcher } from "svelte"
+  import Tooltip from "../Tooltip/Tooltip.svelte"
+  import { fade } from "svelte/transition"
+
   const dispatch = createEventDispatcher()
 
   export let quiet = false
@@ -13,6 +16,9 @@
   export let active = false
   export let fullWidth = false
   export let noPadding = false
+  export let tooltip = ""
+
+  let showTooltip = false
 
   function longPress(element) {
     if (!longPressable) return
@@ -35,42 +41,54 @@
   }
 </script>
 
-<button
-  use:longPress
-  class:spectrum-ActionButton--quiet={quiet}
-  class:spectrum-ActionButton--emphasized={emphasized}
-  class:is-selected={selected}
-  class:noPadding
-  class:fullWidth
-  class="spectrum-ActionButton spectrum-ActionButton--size{size}"
-  class:active
-  {disabled}
-  on:longPress
-  on:click|preventDefault
+<span
+  class="btn-wrap"
+  on:mouseover={() => (showTooltip = true)}
+  on:mouseleave={() => (showTooltip = false)}
+  on:focus={() => (showTooltip = true)}
 >
-  {#if longPressable}
-    <svg
-      class="spectrum-Icon spectrum-UIIcon-CornerTriangle100 spectrum-ActionButton-hold"
-      focusable="false"
-      aria-hidden="true"
-    >
-      <use xlink:href="#spectrum-css-icon-CornerTriangle100" />
-    </svg>
-  {/if}
-  {#if icon}
-    <svg
-      class="spectrum-Icon spectrum-Icon--size{size}"
-      focusable="false"
-      aria-hidden="true"
-      aria-label={icon}
-    >
-      <use xlink:href="#spectrum-icon-18-{icon}" />
-    </svg>
-  {/if}
-  {#if $$slots}
-    <span class="spectrum-ActionButton-label"><slot /></span>
-  {/if}
-</button>
+  <button
+    use:longPress
+    class:spectrum-ActionButton--quiet={quiet}
+    class:spectrum-ActionButton--emphasized={emphasized}
+    class:is-selected={selected}
+    class:noPadding
+    class:fullWidth
+    class="spectrum-ActionButton spectrum-ActionButton--size{size}"
+    class:active
+    {disabled}
+    on:longPress
+    on:click|preventDefault
+  >
+    {#if longPressable}
+      <svg
+        class="spectrum-Icon spectrum-UIIcon-CornerTriangle100 spectrum-ActionButton-hold"
+        focusable="false"
+        aria-hidden="true"
+      >
+        <use xlink:href="#spectrum-css-icon-CornerTriangle100" />
+      </svg>
+    {/if}
+    {#if icon}
+      <svg
+        class="spectrum-Icon spectrum-Icon--size{size}"
+        focusable="false"
+        aria-hidden="true"
+        aria-label={icon}
+      >
+        <use xlink:href="#spectrum-icon-18-{icon}" />
+      </svg>
+    {/if}
+    {#if $$slots}
+      <span class="spectrum-ActionButton-label"><slot /></span>
+    {/if}
+    {#if tooltip && showTooltip}
+      <div class="tooltip" in:fade={{ duration: 130, delay: 250 }}>
+        <Tooltip textWrapping direction="bottom" text={tooltip} />
+      </div>
+    {/if}
+  </button>
+</span>
 
 <style>
   .fullWidth {
@@ -98,4 +116,14 @@
   .is-selected:not(.emphasized) .spectrum-Icon {
     color: var(--spectrum-global-color-gray-900);
   }
+  .tooltip {
+    position: absolute;
+    pointer-events: none;
+    left: 50%;
+    top: calc(100% + 4px);
+    width: 100vw;
+    max-width: 150px;
+    transform: translateX(-50%);
+    text-align: center;
+  }
 </style>
diff --git a/packages/bbui/src/Form/Core/Multiselect.svelte b/packages/bbui/src/Form/Core/Multiselect.svelte
index d6c4dc23ac..1d04c210f4 100644
--- a/packages/bbui/src/Form/Core/Multiselect.svelte
+++ b/packages/bbui/src/Form/Core/Multiselect.svelte
@@ -14,6 +14,9 @@
   export let autocomplete = false
   export let sort = false
   export let autoWidth = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
 
   const dispatch = createEventDispatcher()
 
@@ -83,10 +86,13 @@
   {options}
   isPlaceholder={!value?.length}
   {autocomplete}
+  bind:fetchTerm
+  {useFetch}
   {isOptionSelected}
   {getOptionLabel}
   {getOptionValue}
   onSelectOption={toggleOption}
   {sort}
   {autoWidth}
+  {customPopoverHeight}
 />
diff --git a/packages/bbui/src/Form/Core/Picker.svelte b/packages/bbui/src/Form/Core/Picker.svelte
index 32cfcf3310..bd575600b1 100644
--- a/packages/bbui/src/Form/Core/Picker.svelte
+++ b/packages/bbui/src/Form/Core/Picker.svelte
@@ -24,6 +24,7 @@
   export let getOptionLabel = option => option
   export let getOptionValue = option => option
   export let getOptionIcon = () => null
+  export let useOptionIconImage = false
   export let getOptionColour = () => null
   export let open = false
   export let readonly = false
@@ -31,6 +32,11 @@
   export let autoWidth = false
   export let autocomplete = false
   export let sort = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
+  export let align = "left"
+  export let footer = null
 
   const dispatch = createEventDispatcher()
 
@@ -71,7 +77,7 @@
   }
 
   const getFilteredOptions = (options, term, getLabel) => {
-    if (autocomplete && term) {
+    if (autocomplete && term && !fetchTerm) {
       const lowerCaseTerm = term.toLowerCase()
       return options.filter(option => {
         return `${getLabel(option)}`.toLowerCase().includes(lowerCaseTerm)
@@ -130,12 +136,13 @@
 
 <Popover
   anchor={button}
-  align="left"
+  align={align || "left"}
   bind:this={popover}
   {open}
   on:close={() => (open = false)}
   useAnchorWidth={!autoWidth}
   maxWidth={autoWidth ? 400 : null}
+  customHeight={customPopoverHeight}
 >
   <div
     class="popover-content"
@@ -144,8 +151,9 @@
   >
     {#if autocomplete}
       <Search
-        value={searchTerm}
-        on:change={event => (searchTerm = event.detail)}
+        value={useFetch ? fetchTerm : searchTerm}
+        on:change={event =>
+          useFetch ? (fetchTerm = event.detail) : (searchTerm = event.detail)}
         {disabled}
         placeholder="Search"
       />
@@ -183,7 +191,16 @@
           >
             {#if getOptionIcon(option, idx)}
               <span class="option-extra icon">
-                <Icon size="S" name={getOptionIcon(option, idx)} />
+                {#if useOptionIconImage}
+                  <img
+                    src={getOptionIcon(option, idx)}
+                    alt="icon"
+                    width="15"
+                    height="15"
+                  />
+                {:else}
+                  <Icon size="S" name={getOptionIcon(option, idx)} />
+                {/if}
               </span>
             {/if}
             {#if getOptionColour(option, idx)}
@@ -205,6 +222,12 @@
         {/each}
       {/if}
     </ul>
+
+    {#if footer}
+      <div class="footer">
+        {footer}
+      </div>
+    {/if}
   </div>
 </Popover>
 
@@ -247,7 +270,7 @@
   }
   .popover-content.auto-width .spectrum-Menu-itemLabel {
     white-space: nowrap;
-    overflow: hidden;
+    overflow: none;
     text-overflow: ellipsis;
   }
   .popover-content:not(.auto-width) .spectrum-Menu-itemLabel {
@@ -281,4 +304,11 @@
   .popover-content :global(.spectrum-Search .spectrum-Textfield-icon) {
     top: 9px;
   }
+
+  .footer {
+    padding: 4px 12px 12px 12px;
+    font-style: italic;
+    max-width: 170px;
+    font-size: 12px;
+  }
 </style>
diff --git a/packages/bbui/src/Form/Core/Select.svelte b/packages/bbui/src/Form/Core/Select.svelte
index 721083e3a6..af45c1d9ff 100644
--- a/packages/bbui/src/Form/Core/Select.svelte
+++ b/packages/bbui/src/Form/Core/Select.svelte
@@ -11,6 +11,7 @@
   export let getOptionLabel = option => option
   export let getOptionValue = option => option
   export let getOptionIcon = () => null
+  export let useOptionIconImage = false
   export let getOptionColour = () => null
   export let isOptionEnabled
   export let readonly = false
@@ -18,6 +19,8 @@
   export let autoWidth = false
   export let autocomplete = false
   export let sort = false
+  export let align
+  export let footer = null
 
   const dispatch = createEventDispatcher()
 
@@ -41,7 +44,7 @@
   const getFieldText = (value, options, placeholder) => {
     // Always use placeholder if no value
     if (value == null || value === "") {
-      return placeholder || "Choose an option"
+      return placeholder !== false ? "Choose an option" : ""
     }
 
     return getFieldAttribute(getOptionLabel, value, options)
@@ -66,15 +69,18 @@
   {fieldColour}
   {options}
   {autoWidth}
+  {align}
+  {footer}
   {getOptionLabel}
   {getOptionValue}
   {getOptionIcon}
+  {useOptionIconImage}
   {getOptionColour}
   {isOptionEnabled}
   {autocomplete}
   {sort}
   isPlaceholder={value == null || value === ""}
-  placeholderOption={placeholder}
+  placeholderOption={placeholder === false ? null : placeholder}
   isOptionSelected={option => option === value}
   onSelectOption={selectOption}
 />
diff --git a/packages/bbui/src/Form/Multiselect.svelte b/packages/bbui/src/Form/Multiselect.svelte
index 7bcf22aa06..185eb7069b 100644
--- a/packages/bbui/src/Form/Multiselect.svelte
+++ b/packages/bbui/src/Form/Multiselect.svelte
@@ -15,6 +15,11 @@
   export let getOptionValue = option => option
   export let sort = false
   export let autoWidth = false
+  export let autocomplete = false
+  export let fetchTerm = null
+  export let useFetch = false
+  export let customPopoverHeight
+
   const dispatch = createEventDispatcher()
   const onChange = e => {
     value = e.detail
@@ -34,6 +39,10 @@
     {getOptionLabel}
     {getOptionValue}
     {autoWidth}
+    {autocomplete}
+    {customPopoverHeight}
+    bind:fetchTerm
+    {useFetch}
     on:change={onChange}
     on:click
   />
diff --git a/packages/bbui/src/Form/Select.svelte b/packages/bbui/src/Form/Select.svelte
index 69126e648d..e87496652d 100644
--- a/packages/bbui/src/Form/Select.svelte
+++ b/packages/bbui/src/Form/Select.svelte
@@ -14,12 +14,17 @@
   export let getOptionLabel = option => extractProperty(option, "label")
   export let getOptionValue = option => extractProperty(option, "value")
   export let getOptionIcon = option => option?.icon
+  export let useOptionIconImage = false
   export let getOptionColour = option => option?.colour
   export let isOptionEnabled
   export let quiet = false
   export let autoWidth = false
   export let sort = false
   export let tooltip = ""
+  export let autocomplete = false
+  export let customPopoverHeight
+  export let align
+  export let footer = null
 
   const dispatch = createEventDispatcher()
   const onChange = e => {
@@ -46,11 +51,16 @@
     {placeholder}
     {autoWidth}
     {sort}
+    {align}
+    {footer}
     {getOptionLabel}
     {getOptionValue}
     {getOptionIcon}
     {getOptionColour}
+    {useOptionIconImage}
     {isOptionEnabled}
+    {autocomplete}
+    {customPopoverHeight}
     on:change={onChange}
     on:click
   />
diff --git a/packages/bbui/src/Icon/Icon.svelte b/packages/bbui/src/Icon/Icon.svelte
index 8290acd7cc..452a8c74a1 100644
--- a/packages/bbui/src/Icon/Icon.svelte
+++ b/packages/bbui/src/Icon/Icon.svelte
@@ -67,6 +67,9 @@
     color: var(--spectrum-alias-icon-color-selected-hover) !important;
     cursor: pointer;
   }
+  svg.hoverable:active {
+    color: var(--spectrum-global-color-blue-400) !important;
+  }
 
   svg.disabled {
     color: var(--spectrum-global-color-gray-500) !important;
diff --git a/packages/bbui/src/InlineAlert/InlineAlert.svelte b/packages/bbui/src/InlineAlert/InlineAlert.svelte
index 57e7296234..bd873042b3 100644
--- a/packages/bbui/src/InlineAlert/InlineAlert.svelte
+++ b/packages/bbui/src/InlineAlert/InlineAlert.svelte
@@ -57,5 +57,7 @@
     --spectrum-semantic-negative-icon-color: #e34850;
     min-width: 100px;
     margin: 0;
+    border-color: var(--spectrum-global-color-gray-400);
+    border-width: 1px;
   }
 </style>
diff --git a/packages/bbui/src/Label/Label.svelte b/packages/bbui/src/Label/Label.svelte
index ee6d9adf76..261ca946ea 100644
--- a/packages/bbui/src/Label/Label.svelte
+++ b/packages/bbui/src/Label/Label.svelte
@@ -21,7 +21,7 @@
   label {
     padding: 0;
     white-space: nowrap;
-    color: var(--spectrum-global-color-gray-600);
+    color: var(--spectrum-global-color-gray-700);
   }
 
   .muted {
diff --git a/packages/bbui/src/Modal/Modal.svelte b/packages/bbui/src/Modal/Modal.svelte
index 47420444a2..45081356c1 100644
--- a/packages/bbui/src/Modal/Modal.svelte
+++ b/packages/bbui/src/Modal/Modal.svelte
@@ -1,7 +1,7 @@
 <script>
   import "@spectrum-css/modal/dist/index-vars.css"
   import "@spectrum-css/underlay/dist/index-vars.css"
-  import { createEventDispatcher, setContext, tick } from "svelte"
+  import { createEventDispatcher, setContext, tick, onMount } from "svelte"
   import { fade, fly } from "svelte/transition"
   import Portal from "svelte-portal"
   import Context from "../context"
@@ -62,9 +62,14 @@
   }
 
   setContext(Context.Modal, { show, hide, cancel })
-</script>
 
-<svelte:window on:keydown={handleKey} />
+  onMount(() => {
+    document.addEventListener("keydown", handleKey)
+    return () => {
+      document.removeEventListener("keydown", handleKey)
+    }
+  })
+</script>
 
 {#if inline}
   {#if visible}
diff --git a/packages/bbui/src/Popover/Popover.svelte b/packages/bbui/src/Popover/Popover.svelte
index 8f6ef06591..081e3a34df 100644
--- a/packages/bbui/src/Popover/Popover.svelte
+++ b/packages/bbui/src/Popover/Popover.svelte
@@ -18,6 +18,7 @@
   export let useAnchorWidth = false
   export let dismissible = true
   export let offset = 5
+  export let customHeight
 
   $: target = portalTarget || getContext(Context.PopoverRoot) || ".spectrum"
 
@@ -74,6 +75,7 @@
       on:keydown={handleEscape}
       class="spectrum-Popover is-open"
       role="presentation"
+      style="height: {customHeight}"
       transition:fly|local={{ y: -20, duration: 200 }}
     >
       <slot />
diff --git a/packages/bbui/src/helpers.js b/packages/bbui/src/helpers.js
index b02783e0bd..f2246fbb49 100644
--- a/packages/bbui/src/helpers.js
+++ b/packages/bbui/src/helpers.js
@@ -104,6 +104,9 @@ export const deepSet = (obj, key, value) => {
  * @param obj the object to clone
  */
 export const cloneDeep = obj => {
+  if (!obj) {
+    return obj
+  }
   return JSON.parse(JSON.stringify(obj))
 }
 
diff --git a/packages/builder/package.json b/packages/builder/package.json
index 7def4ba371..acc537e593 100644
--- a/packages/builder/package.json
+++ b/packages/builder/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/builder",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "license": "GPL-3.0",
   "private": true,
   "scripts": {
@@ -58,10 +58,10 @@
     }
   },
   "dependencies": {
-    "@budibase/bbui": "^2.3.16",
-    "@budibase/client": "^2.3.16",
-    "@budibase/frontend-core": "^2.3.16",
-    "@budibase/string-templates": "^2.3.16",
+    "@budibase/bbui": "2.3.21-alpha.1",
+    "@budibase/client": "2.3.21-alpha.1",
+    "@budibase/frontend-core": "2.3.21-alpha.1",
+    "@budibase/string-templates": "2.3.21-alpha.1",
     "@fortawesome/fontawesome-svg-core": "^6.2.1",
     "@fortawesome/free-brands-svg-icons": "^6.2.1",
     "@fortawesome/free-solid-svg-icons": "^6.2.1",
@@ -72,6 +72,7 @@
     "codemirror": "^5.59.0",
     "dayjs": "^1.11.2",
     "downloadjs": "1.4.7",
+    "fast-json-patch": "^3.1.1",
     "lodash": "4.17.21",
     "posthog-js": "^1.36.0",
     "remixicon": "2.5.0",
diff --git a/packages/builder/setup.js b/packages/builder/setup.js
index 744c20896a..b3fd96877b 100644
--- a/packages/builder/setup.js
+++ b/packages/builder/setup.js
@@ -19,6 +19,7 @@ process.env.COUCH_DB_USER = "budibase"
 process.env.COUCH_DB_PASSWORD = "budibase"
 process.env.INTERNAL_API_KEY = "budibase"
 process.env.ALLOW_DEV_AUTOMATIONS = 1
+process.env.MOCK_REDIS = 1
 
 // Stop info logs polluting test outputs
 process.env.LOG_LEVEL = "error"
diff --git a/packages/builder/src/builderStore/index.js b/packages/builder/src/builderStore/index.js
index 69bca7eac3..d15cdb6e98 100644
--- a/packages/builder/src/builderStore/index.js
+++ b/packages/builder/src/builderStore/index.js
@@ -5,12 +5,47 @@ import { getThemeStore } from "./store/theme"
 import { derived } from "svelte/store"
 import { findComponent, findComponentPath } from "./componentUtils"
 import { RoleUtils } from "@budibase/frontend-core"
+import { createHistoryStore } from "builderStore/store/history"
+import { get } from "svelte/store"
 
 export const store = getFrontendStore()
 export const automationStore = getAutomationStore()
 export const themeStore = getThemeStore()
 export const temporalStore = getTemporalStore()
 
+// Setup history for screens
+export const screenHistoryStore = createHistoryStore({
+  getDoc: id => get(store).screens?.find(screen => screen._id === id),
+  selectDoc: store.actions.screens.select,
+  afterAction: () => {
+    // Ensure a valid component is selected
+    if (!get(selectedComponent)) {
+      store.update(state => ({
+        ...state,
+        selectedComponentId: get(selectedScreen)?.props._id,
+      }))
+    }
+  },
+})
+store.actions.screens.save = screenHistoryStore.wrapSaveDoc(
+  store.actions.screens.save
+)
+store.actions.screens.delete = screenHistoryStore.wrapDeleteDoc(
+  store.actions.screens.delete
+)
+
+// Setup history for automations
+export const automationHistoryStore = createHistoryStore({
+  getDoc: automationStore.actions.getDefinition,
+  selectDoc: automationStore.actions.select,
+})
+automationStore.actions.save = automationHistoryStore.wrapSaveDoc(
+  automationStore.actions.save
+)
+automationStore.actions.delete = automationHistoryStore.wrapDeleteDoc(
+  automationStore.actions.delete
+)
+
 export const selectedScreen = derived(store, $store => {
   return $store.screens.find(screen => screen._id === $store.selectedScreenId)
 })
@@ -71,3 +106,13 @@ export const selectedComponentPath = derived(
     ).map(component => component._id)
   }
 )
+
+// Derived automation state
+export const selectedAutomation = derived(automationStore, $automationStore => {
+  if (!$automationStore.selectedAutomationId) {
+    return null
+  }
+  return $automationStore.automations?.find(
+    x => x._id === $automationStore.selectedAutomationId
+  )
+})
diff --git a/packages/builder/src/builderStore/store/automation/Automation.js b/packages/builder/src/builderStore/store/automation/Automation.js
deleted file mode 100644
index af0c03cb5a..0000000000
--- a/packages/builder/src/builderStore/store/automation/Automation.js
+++ /dev/null
@@ -1,69 +0,0 @@
-import { generate } from "shortid"
-
-/**
- * Class responsible for the traversing of the automation definition.
- * Automation definitions are stored in linked lists.
- */
-export default class Automation {
-  constructor(automation) {
-    this.automation = automation
-  }
-
-  hasTrigger() {
-    return this.automation.definition.trigger
-  }
-
-  addTestData(data) {
-    this.automation.testData = { ...this.automation.testData, ...data }
-  }
-
-  addBlock(block, idx) {
-    // Make sure to add trigger if doesn't exist
-    if (!this.hasTrigger() && block.type === "TRIGGER") {
-      const trigger = { id: generate(), ...block }
-      this.automation.definition.trigger = trigger
-      return trigger
-    }
-
-    const newBlock = { id: generate(), ...block }
-    this.automation.definition.steps.splice(idx, 0, newBlock)
-    return newBlock
-  }
-
-  updateBlock(updatedBlock, id) {
-    const { steps, trigger } = this.automation.definition
-
-    if (trigger && trigger.id === id) {
-      this.automation.definition.trigger = updatedBlock
-      return
-    }
-
-    const stepIdx = steps.findIndex(step => step.id === id)
-    if (stepIdx < 0) throw new Error("Block not found.")
-    steps.splice(stepIdx, 1, updatedBlock)
-    this.automation.definition.steps = steps
-  }
-
-  deleteBlock(id) {
-    const { steps, trigger } = this.automation.definition
-
-    if (trigger && trigger.id === id) {
-      this.automation.definition.trigger = null
-      return
-    }
-
-    const stepIdx = steps.findIndex(step => step.id === id)
-    if (stepIdx < 0) throw new Error("Block not found.")
-    steps.splice(stepIdx, 1)
-    this.automation.definition.steps = steps
-  }
-
-  constructBlock(type, stepId, blockDefinition) {
-    return {
-      ...blockDefinition,
-      inputs: blockDefinition.inputs || {},
-      stepId,
-      type,
-    }
-  }
-}
diff --git a/packages/builder/src/builderStore/store/automation/index.js b/packages/builder/src/builderStore/store/automation/index.js
index af102ab694..dc1e2a2cc1 100644
--- a/packages/builder/src/builderStore/store/automation/index.js
+++ b/packages/builder/src/builderStore/store/automation/index.js
@@ -1,16 +1,18 @@
-import { writable } from "svelte/store"
+import { writable, get } from "svelte/store"
 import { API } from "api"
-import Automation from "./Automation"
 import { cloneDeep } from "lodash/fp"
+import { generate } from "shortid"
+import { selectedAutomation } from "builderStore"
 
 const initialAutomationState = {
   automations: [],
+  testResults: null,
   showTestPanel: false,
   blockDefinitions: {
     TRIGGER: [],
     ACTION: [],
   },
-  selectedAutomation: null,
+  selectedAutomationId: null,
 }
 
 export const getAutomationStore = () => {
@@ -37,49 +39,41 @@ const automationActions = store => ({
       API.getAutomationDefinitions(),
     ])
     store.update(state => {
-      let selected = state.selectedAutomation?.automation
       state.automations = responses[0]
+      state.automations.sort((a, b) => {
+        return a.name < b.name ? -1 : 1
+      })
       state.blockDefinitions = {
         TRIGGER: responses[1].trigger,
         ACTION: responses[1].action,
       }
-      // If previously selected find the new obj and select it
-      if (selected) {
-        selected = responses[0].filter(
-          automation => automation._id === selected._id
-        )
-        state.selectedAutomation = new Automation(selected[0])
-      }
       return state
     })
   },
-  create: async ({ name }) => {
+  create: async (name, trigger) => {
     const automation = {
       name,
       type: "automation",
       definition: {
         steps: [],
+        trigger,
       },
     }
-    const response = await API.createAutomation(automation)
-    store.update(state => {
-      state.automations = [...state.automations, response.automation]
-      store.actions.select(response.automation)
-      return state
-    })
+    const response = await store.actions.save(automation)
+    await store.actions.fetch()
+    store.actions.select(response._id)
+    return response
   },
   duplicate: async automation => {
-    const response = await API.createAutomation({
+    const response = await store.actions.save({
       ...automation,
       name: `${automation.name} - copy`,
       _id: undefined,
       _ref: undefined,
     })
-    store.update(state => {
-      state.automations = [...state.automations, response.automation]
-      store.actions.select(response.automation)
-      return state
-    })
+    await store.actions.fetch()
+    store.actions.select(response._id)
+    return response
   },
   save: async automation => {
     const response = await API.updateAutomation(automation)
@@ -90,11 +84,13 @@ const automationActions = store => ({
       )
       if (existingIdx !== -1) {
         state.automations.splice(existingIdx, 1, updatedAutomation)
-        state.automations = [...state.automations]
-        store.actions.select(updatedAutomation)
         return state
+      } else {
+        state.automations = [...state.automations, updatedAutomation]
       }
+      return state
     })
+    return response.automation
   },
   delete: async automation => {
     await API.deleteAutomation({
@@ -102,34 +98,83 @@ const automationActions = store => ({
       automationRev: automation?._rev,
     })
     store.update(state => {
-      const existingIdx = state.automations.findIndex(
-        existing => existing._id === automation?._id
+      // Remove the automation
+      state.automations = state.automations.filter(
+        x => x._id !== automation._id
       )
-      state.automations.splice(existingIdx, 1)
-      state.automations = [...state.automations]
-      state.selectedAutomation = null
-      state.selectedBlock = null
+      // Select a new automation if required
+      if (automation._id === state.selectedAutomationId) {
+        store.actions.select(state.automations[0]?._id)
+      }
       return state
     })
+    await store.actions.fetch()
+  },
+  updateBlockInputs: async (block, data) => {
+    // Create new modified block
+    let newBlock = {
+      ...block,
+      inputs: {
+        ...block.inputs,
+        ...data,
+      },
+    }
+
+    // Remove any nullish or empty string values
+    Object.keys(newBlock.inputs).forEach(key => {
+      const val = newBlock.inputs[key]
+      if (val == null || val === "") {
+        delete newBlock.inputs[key]
+      }
+    })
+
+    // Create new modified automation
+    const automation = get(selectedAutomation)
+    const newAutomation = store.actions.getUpdatedDefinition(
+      automation,
+      newBlock
+    )
+
+    // Don't save if no changes were made
+    if (JSON.stringify(newAutomation) === JSON.stringify(automation)) {
+      return
+    }
+    await store.actions.save(newAutomation)
   },
   test: async (automation, testData) => {
-    store.update(state => {
-      state.selectedAutomation.testResults = null
-      return state
-    })
     const result = await API.testAutomation({
       automationId: automation?._id,
       testData,
     })
+    if (!result?.trigger && !result?.steps?.length) {
+      throw "Something went wrong testing your automation"
+    }
     store.update(state => {
-      state.selectedAutomation.testResults = result
+      state.testResults = result
       return state
     })
   },
-  select: automation => {
+  getDefinition: id => {
+    return get(store).automations?.find(x => x._id === id)
+  },
+  getUpdatedDefinition: (automation, block) => {
+    let newAutomation = cloneDeep(automation)
+    if (automation.definition.trigger?.id === block.id) {
+      newAutomation.definition.trigger = block
+    } else {
+      const idx = automation.definition.steps.findIndex(x => x.id === block.id)
+      newAutomation.definition.steps.splice(idx, 1, block)
+    }
+    return newAutomation
+  },
+  select: id => {
+    if (!id || id === get(store).selectedAutomationId) {
+      return
+    }
     store.update(state => {
-      state.selectedAutomation = new Automation(cloneDeep(automation))
-      state.selectedBlock = null
+      state.selectedAutomationId = id
+      state.testResults = null
+      state.showTestPanel = false
       return state
     })
   },
@@ -147,48 +192,57 @@ const automationActions = store => ({
       appId,
     })
   },
-  addTestDataToAutomation: data => {
-    store.update(state => {
-      state.selectedAutomation.addTestData(data)
-      return state
-    })
+  addTestDataToAutomation: async data => {
+    let newAutomation = cloneDeep(get(selectedAutomation))
+    newAutomation.testData = {
+      ...newAutomation.testData,
+      ...data,
+    }
+    await store.actions.save(newAutomation)
   },
-  addBlockToAutomation: (block, blockIdx) => {
-    store.update(state => {
-      state.selectedBlock = state.selectedAutomation.addBlock(
-        cloneDeep(block),
-        blockIdx
-      )
-      return state
-    })
+  constructBlock(type, stepId, blockDefinition) {
+    return {
+      ...blockDefinition,
+      inputs: blockDefinition.inputs || {},
+      stepId,
+      type,
+      id: generate(),
+    }
   },
-  toggleFieldControl: value => {
-    store.update(state => {
-      state.selectedBlock.rowControl = value
-      return state
-    })
+  addBlockToAutomation: async (block, blockIdx) => {
+    const automation = get(selectedAutomation)
+    let newAutomation = cloneDeep(automation)
+    if (!automation) {
+      return
+    }
+    newAutomation.definition.steps.splice(blockIdx, 0, block)
+    await store.actions.save(newAutomation)
   },
-  deleteAutomationBlock: block => {
-    store.update(state => {
-      const idx =
-        state.selectedAutomation.automation.definition.steps.findIndex(
-          x => x.id === block.id
-        )
-      state.selectedAutomation.deleteBlock(block.id)
+  /**
+   * "rowControl" appears to be the name of the flag used to determine whether
+   * a certain automation block uses values or bindings as inputs
+   */
+  toggleRowControl: async (block, rowControl) => {
+    const newBlock = { ...block, rowControl }
+    const newAutomation = store.actions.getUpdatedDefinition(
+      get(selectedAutomation),
+      newBlock
+    )
+    await store.actions.save(newAutomation)
+  },
+  deleteAutomationBlock: async block => {
+    const automation = get(selectedAutomation)
+    let newAutomation = cloneDeep(automation)
 
-      // Select next closest step
-      const steps = state.selectedAutomation.automation.definition.steps
-      let nextSelectedBlock
-      if (steps[idx] != null) {
-        nextSelectedBlock = steps[idx]
-      } else if (steps[idx - 1] != null) {
-        nextSelectedBlock = steps[idx - 1]
-      } else {
-        nextSelectedBlock =
-          state.selectedAutomation.automation.definition.trigger || null
-      }
-      state.selectedBlock = nextSelectedBlock
-      return state
-    })
+    // Delete trigger if required
+    if (newAutomation.definition.trigger?.id === block.id) {
+      delete newAutomation.definition.trigger
+    } else {
+      // Otherwise remove step
+      newAutomation.definition.steps = newAutomation.definition.steps.filter(
+        step => step.id !== block.id
+      )
+    }
+    await store.actions.save(newAutomation)
   },
 })
diff --git a/packages/builder/src/builderStore/store/automation/tests/Automation.spec.js b/packages/builder/src/builderStore/store/automation/tests/Automation.spec.js
deleted file mode 100644
index 8378310c2e..0000000000
--- a/packages/builder/src/builderStore/store/automation/tests/Automation.spec.js
+++ /dev/null
@@ -1,48 +0,0 @@
-import Automation from "../Automation"
-import TEST_AUTOMATION from "./testAutomation"
-
-const TEST_BLOCK = {
-  id: "AUXJQGZY7",
-  name: "Delay",
-  icon: "ri-time-fill",
-  tagline: "Delay for <b>{{time}}</b> milliseconds",
-  description: "Delay the automation until an amount of time has passed.",
-  params: { time: "number" },
-  type: "LOGIC",
-  args: { time: "5000" },
-  stepId: "DELAY",
-}
-
-describe("Automation Data Object", () => {
-  let automation
-
-  beforeEach(() => {
-    automation = new Automation({ ...TEST_AUTOMATION })
-  })
-
-  it("adds a automation block to the automation", () => {
-    automation.addBlock(TEST_BLOCK)
-    expect(automation.automation.definition)
-  })
-
-  it("updates a automation block with new attributes", () => {
-    const firstBlock = automation.automation.definition.steps[0]
-    const updatedBlock = {
-      ...firstBlock,
-      name: "UPDATED",
-    }
-    automation.updateBlock(updatedBlock, firstBlock.id)
-    expect(automation.automation.definition.steps[0]).toEqual(updatedBlock)
-  })
-
-  it("deletes a automation block successfully", () => {
-    const { steps } = automation.automation.definition
-    const originalLength = steps.length
-
-    const lastBlock = steps[steps.length - 1]
-    automation.deleteBlock(lastBlock.id)
-    expect(automation.automation.definition.steps.length).toBeLessThan(
-      originalLength
-    )
-  })
-})
diff --git a/packages/builder/src/builderStore/store/automation/tests/testAutomation.js b/packages/builder/src/builderStore/store/automation/tests/testAutomation.js
deleted file mode 100644
index 3fafbaf1d0..0000000000
--- a/packages/builder/src/builderStore/store/automation/tests/testAutomation.js
+++ /dev/null
@@ -1,78 +0,0 @@
-export default {
-  name: "Test automation",
-  definition: {
-    steps: [
-      {
-        id: "ANBDINAPS",
-        description: "Send an email.",
-        tagline: "Send email to <b>{{to}}</b>",
-        icon: "ri-mail-open-fill",
-        name: "Send Email",
-        params: {
-          to: "string",
-          from: "string",
-          subject: "longText",
-          text: "longText",
-        },
-        type: "ACTION",
-        args: {
-          text: "A user was created!",
-          subject: "New Budibase User",
-          from: "budimaster@budibase.com",
-          to: "test@test.com",
-        },
-        stepId: "SEND_EMAIL",
-      },
-    ],
-    trigger: {
-      id: "iRzYMOqND",
-      name: "Row Saved",
-      event: "row:save",
-      icon: "ri-save-line",
-      tagline: "Row is added to <b>{{table.name}}</b>",
-      description: "Fired when a row is saved to your database.",
-      params: { table: "table" },
-      type: "TRIGGER",
-      args: {
-        table: {
-          type: "table",
-          views: {},
-          name: "users",
-          schema: {
-            name: {
-              type: "string",
-              constraints: {
-                type: "string",
-                length: { maximum: 123 },
-                presence: { allowEmpty: false },
-              },
-              name: "name",
-            },
-            age: {
-              type: "number",
-              constraints: {
-                type: "number",
-                presence: { allowEmpty: false },
-                numericality: {
-                  greaterThanOrEqualTo: "",
-                  lessThanOrEqualTo: "",
-                },
-              },
-              name: "age",
-            },
-          },
-          _id: "c6b4e610cd984b588837bca27188a451",
-          _rev: "7-b8aa1ce0b53e88928bb88fc11bdc0aff",
-        },
-      },
-      stepId: "ROW_SAVED",
-    },
-  },
-  type: "automation",
-  ok: true,
-  id: "b384f861f4754e1693835324a7fcca62",
-  rev: "1-aa1c2cbd868ef02e26f8fad531dd7e37",
-  live: false,
-  _id: "b384f861f4754e1693835324a7fcca62",
-  _rev: "108-4116829ec375e0481d0ecab9e83a2caf",
-}
diff --git a/packages/builder/src/builderStore/store/frontend.js b/packages/builder/src/builderStore/store/frontend.js
index 7d19573cce..51f88add27 100644
--- a/packages/builder/src/builderStore/store/frontend.js
+++ b/packages/builder/src/builderStore/store/frontend.js
@@ -1,6 +1,11 @@
 import { get, writable } from "svelte/store"
 import { cloneDeep } from "lodash/fp"
-import { selectedScreen, selectedComponent } from "builderStore"
+import {
+  selectedScreen,
+  selectedComponent,
+  screenHistoryStore,
+  automationHistoryStore,
+} from "builderStore"
 import {
   datasources,
   integrations,
@@ -67,6 +72,8 @@ const INITIAL_FRONTEND_STATE = {
   // onboarding
   onboarding: false,
   tourNodes: null,
+
+  builderSidePanel: false,
 }
 
 export const getFrontendStore = () => {
@@ -122,6 +129,8 @@ export const getFrontendStore = () => {
         navigation: application.navigation || {},
         usedPlugins: application.usedPlugins || [],
       }))
+      screenHistoryStore.reset()
+      automationHistoryStore.reset()
 
       // Initialise backend stores
       database.set(application.instance)
@@ -179,10 +188,7 @@ export const getFrontendStore = () => {
         }
 
         // Check screen isn't already selected
-        if (
-          state.selectedScreenId === screen._id &&
-          state.selectedComponentId === screen.props?._id
-        ) {
+        if (state.selectedScreenId === screen._id) {
           return
         }
 
@@ -256,7 +262,7 @@ export const getFrontendStore = () => {
         }
       },
       save: async screen => {
-        /* 
+        /*
           Temporarily disabled to accomodate migration issues.
           store.actions.screens.validate(screen)
         */
@@ -312,7 +318,7 @@ export const getFrontendStore = () => {
         const screensToDelete = Array.isArray(screens) ? screens : [screens]
 
         // Build array of promises to speed up bulk deletions
-        const promises = []
+        let promises = []
         let deleteUrls = []
         screensToDelete.forEach(screen => {
           // Delete the screen
@@ -326,8 +332,8 @@ export const getFrontendStore = () => {
           deleteUrls.push(screen.routing.route)
         })
 
-        promises.push(store.actions.links.delete(deleteUrls))
         await Promise.all(promises)
+        await store.actions.links.delete(deleteUrls)
         const deletedIds = screensToDelete.map(screen => screen._id)
         const routesResponse = await API.fetchAppRoutes()
         store.update(state => {
@@ -347,6 +353,7 @@ export const getFrontendStore = () => {
 
           return state
         })
+        return null
       },
       updateSetting: async (screen, name, value) => {
         if (!screen || !name) {
diff --git a/packages/builder/src/builderStore/store/history.js b/packages/builder/src/builderStore/store/history.js
new file mode 100644
index 0000000000..0f21085c6a
--- /dev/null
+++ b/packages/builder/src/builderStore/store/history.js
@@ -0,0 +1,319 @@
+import * as jsonpatch from "fast-json-patch/index.mjs"
+import { writable, derived, get } from "svelte/store"
+
+const Operations = {
+  Add: "Add",
+  Delete: "Delete",
+  Change: "Change",
+}
+
+const initialState = {
+  history: [],
+  position: 0,
+  loading: false,
+}
+
+export const createHistoryStore = ({
+  getDoc,
+  selectDoc,
+  beforeAction,
+  afterAction,
+}) => {
+  // Use a derived store to check if we are able to undo or redo any operations
+  const store = writable(initialState)
+  const derivedStore = derived(store, $store => {
+    return {
+      ...$store,
+      canUndo: $store.position > 0,
+      canRedo: $store.position < $store.history.length,
+    }
+  })
+
+  // Wrapped versions of essential functions which we call ourselves when using
+  // undo and redo
+  let saveFn
+  let deleteFn
+
+  /**
+   * Internal util to set the loading flag
+   */
+  const startLoading = () => {
+    store.update(state => {
+      state.loading = true
+      return state
+    })
+  }
+
+  /**
+   * Internal util to unset the loading flag
+   */
+  const stopLoading = () => {
+    store.update(state => {
+      state.loading = false
+      return state
+    })
+  }
+
+  /**
+   * Resets history state
+   */
+  const reset = () => {
+    store.set(initialState)
+  }
+
+  /**
+   * Adds or updates an operation in history.
+   * For internal use only.
+   * @param operation the operation to save
+   */
+  const saveOperation = operation => {
+    store.update(state => {
+      // Update history
+      let history = state.history
+      let position = state.position
+      if (!operation.id) {
+        // Every time a new operation occurs we discard any redo potential
+        operation.id = Math.random()
+        history = [...history.slice(0, state.position), operation]
+        position += 1
+      } else {
+        // If this is a redo/undo of an existing operation, just update history
+        // to replace the doc object as revisions may have changed
+        const idx = history.findIndex(op => op.id === operation.id)
+        history[idx].doc = operation.doc
+      }
+      return { history, position }
+    })
+  }
+
+  /**
+   * Wraps the save function, which asynchronously updates a doc.
+   * The returned function is an enriched version of the real save function so
+   * that we can control history.
+   * @param fn the save function
+   * @returns {function} a wrapped version of the save function
+   */
+  const wrapSaveDoc = fn => {
+    saveFn = async (doc, operationId) => {
+      // Only works on a single doc at a time
+      if (!doc || Array.isArray(doc)) {
+        return
+      }
+      startLoading()
+      try {
+        const oldDoc = getDoc(doc._id)
+        const newDoc = jsonpatch.deepClone(await fn(doc))
+
+        // Store the change
+        if (!oldDoc) {
+          // If no old doc, this is an add operation
+          saveOperation({
+            type: Operations.Add,
+            doc: newDoc,
+            id: operationId,
+          })
+        } else {
+          // Otherwise this is a change operation
+          saveOperation({
+            type: Operations.Change,
+            forwardPatch: jsonpatch.compare(oldDoc, doc),
+            backwardsPatch: jsonpatch.compare(doc, oldDoc),
+            doc: newDoc,
+            id: operationId,
+          })
+        }
+        stopLoading()
+        return newDoc
+      } catch (error) {
+        // We want to allow errors to propagate up to normal handlers, but we
+        // want to stop loading first
+        stopLoading()
+        throw error
+      }
+    }
+    return saveFn
+  }
+
+  /**
+   * Wraps the delete function, which asynchronously deletes a doc.
+   * The returned function is an enriched version of the real delete function so
+   * that we can control history.
+   * @param fn the delete function
+   * @returns {function} a wrapped version of the delete function
+   */
+  const wrapDeleteDoc = fn => {
+    deleteFn = async (doc, operationId) => {
+      // Only works on a single doc at a time
+      if (!doc || Array.isArray(doc)) {
+        return
+      }
+      startLoading()
+      try {
+        const oldDoc = jsonpatch.deepClone(doc)
+        await fn(doc)
+        saveOperation({
+          type: Operations.Delete,
+          doc: oldDoc,
+          id: operationId,
+        })
+        stopLoading()
+      } catch (error) {
+        // We want to allow errors to propagate up to normal handlers, but we
+        // want to stop loading first
+        stopLoading()
+        throw error
+      }
+    }
+    return deleteFn
+  }
+
+  /**
+   * Asynchronously undoes the previous operation.
+   * Optionally selects the changed document so that changes are visible.
+   * @returns {Promise<void>}
+   */
+  const undo = async () => {
+    // Sanity checks
+    const { canUndo, history, position, loading } = get(derivedStore)
+    if (!canUndo || loading) {
+      return
+    }
+    const operation = history[position - 1]
+    if (!operation) {
+      return
+    }
+    startLoading()
+
+    // Before hook
+    await beforeAction?.(operation)
+
+    // Update state immediately to prevent further clicks and to prevent bad
+    // history in the event of an update failing
+    store.update(state => {
+      return {
+        ...state,
+        position: state.position - 1,
+      }
+    })
+
+    // Undo the operation
+    try {
+      // Undo ADD
+      if (operation.type === Operations.Add) {
+        // Try to get the latest doc version to delete
+        const latestDoc = getDoc(operation.doc._id)
+        const doc = latestDoc || operation.doc
+        await deleteFn(doc, operation.id)
+      }
+
+      // Undo DELETE
+      else if (operation.type === Operations.Delete) {
+        // Delete the _rev from the deleted doc so that we can save it as a new
+        // doc again without conflicts
+        let doc = jsonpatch.deepClone(operation.doc)
+        delete doc._rev
+        const created = await saveFn(doc, operation.id)
+        selectDoc?.(created?._id || doc._id)
+      }
+
+      // Undo CHANGE
+      else {
+        // Get the current doc and apply the backwards patch on top of it
+        let doc = jsonpatch.deepClone(getDoc(operation.doc._id))
+        if (doc) {
+          jsonpatch.applyPatch(
+            doc,
+            jsonpatch.deepClone(operation.backwardsPatch)
+          )
+          await saveFn(doc, operation.id)
+          selectDoc?.(doc._id)
+        }
+      }
+      stopLoading()
+    } catch (error) {
+      stopLoading()
+      throw error
+    }
+
+    // After hook
+    await afterAction?.(operation)
+  }
+
+  /**
+   * Asynchronously redoes the previous undo.
+   * Optionally selects the changed document so that changes are visible.
+   * @returns {Promise<void>}
+   */
+  const redo = async () => {
+    // Sanity checks
+    const { canRedo, history, position, loading } = get(derivedStore)
+    if (!canRedo || loading) {
+      return
+    }
+    const operation = history[position]
+    if (!operation) {
+      return
+    }
+    startLoading()
+
+    // Before hook
+    await beforeAction?.(operation)
+
+    // Update state immediately to prevent further clicks and to prevent bad
+    // history in the event of an update failing
+    store.update(state => {
+      return {
+        ...state,
+        position: state.position + 1,
+      }
+    })
+
+    // Redo the operation
+    try {
+      // Redo ADD
+      if (operation.type === Operations.Add) {
+        // Delete the _rev from the deleted doc so that we can save it as a new
+        // doc again without conflicts
+        let doc = jsonpatch.deepClone(operation.doc)
+        delete doc._rev
+        const created = await saveFn(doc, operation.id)
+        selectDoc?.(created?._id || doc._id)
+      }
+
+      // Redo DELETE
+      else if (operation.type === Operations.Delete) {
+        // Try to get the latest doc version to delete
+        const latestDoc = getDoc(operation.doc._id)
+        const doc = latestDoc || operation.doc
+        await deleteFn(doc, operation.id)
+      }
+
+      // Redo CHANGE
+      else {
+        // Get the current doc and apply the forwards patch on top of it
+        let doc = jsonpatch.deepClone(getDoc(operation.doc._id))
+        if (doc) {
+          jsonpatch.applyPatch(doc, jsonpatch.deepClone(operation.forwardPatch))
+          await saveFn(doc, operation.id)
+          selectDoc?.(doc._id)
+        }
+      }
+      stopLoading()
+    } catch (error) {
+      stopLoading()
+      throw error
+    }
+
+    // After hook
+    await afterAction?.(operation)
+  }
+
+  return {
+    subscribe: derivedStore.subscribe,
+    wrapSaveDoc,
+    wrapDeleteDoc,
+    reset,
+    undo,
+    redo,
+  }
+}
diff --git a/packages/builder/src/components/automation/AutomationBuilder/AutomationBuilder.svelte b/packages/builder/src/components/automation/AutomationBuilder/AutomationBuilder.svelte
index e852ee1a0d..b80ba45086 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/AutomationBuilder.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/AutomationBuilder.svelte
@@ -1,10 +1,10 @@
 <script>
-  import { automationStore } from "builderStore"
+  import { selectedAutomation } from "builderStore"
   import Flowchart from "./FlowChart/FlowChart.svelte"
-
-  $: automation = $automationStore.selectedAutomation?.automation
 </script>
 
-{#if automation}
-  <Flowchart {automation} />
+{#if $selectedAutomation}
+  {#key $selectedAutomation._id}
+    <Flowchart automation={$selectedAutomation} />
+  {/key}
 {/if}
diff --git a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/ActionModal.svelte b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/ActionModal.svelte
index caf8835b86..f30b49eb39 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/ActionModal.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/ActionModal.svelte
@@ -5,7 +5,6 @@
     Detail,
     Body,
     Icon,
-    Tooltip,
     notifications,
   } from "@budibase/bbui"
   import { automationStore } from "builderStore"
@@ -13,7 +12,6 @@
   import { externalActions } from "./ExternalActions"
 
   export let blockIdx
-  export let blockComplete
 
   const disabled = {
     SEND_EMAIL_SMTP: {
@@ -50,15 +48,12 @@
 
   async function addBlockToAutomation() {
     try {
-      const newBlock = $automationStore.selectedAutomation.constructBlock(
+      const newBlock = automationStore.actions.constructBlock(
         "ACTION",
         actionVal.stepId,
         actionVal
       )
-      automationStore.actions.addBlockToAutomation(newBlock, blockIdx + 1)
-      await automationStore.actions.save(
-        $automationStore.selectedAutomation?.automation
-      )
+      await automationStore.actions.addBlockToAutomation(newBlock, blockIdx + 1)
     } catch (error) {
       notifications.error("Error saving automation")
     }
@@ -66,20 +61,14 @@
 </script>
 
 <ModalContent
-  title="Create Automation"
+  title="Add automation step"
   confirmText="Save"
   size="M"
   disabled={!selectedAction}
-  onConfirm={() => {
-    blockComplete = true
-    addBlockToAutomation()
-  }}
+  onConfirm={addBlockToAutomation}
 >
-  <Body size="XS">Select an app or event.</Body>
-
-  <Layout noPadding>
-    <Body size="S">Apps</Body>
-
+  <Layout noPadding gap="XS">
+    <Detail size="S">Apps</Detail>
     <div class="item-list">
       {#each Object.entries(external) as [idx, action]}
         <div
@@ -95,64 +84,45 @@
               alt="zapier"
             />
             <span class="icon-spacing">
-              <Body size="XS">{idx.charAt(0).toUpperCase() + idx.slice(1)}</Body
-              ></span
-            >
+              <Body size="XS">
+                {idx.charAt(0).toUpperCase() + idx.slice(1)}
+              </Body>
+            </span>
           </div>
         </div>
       {/each}
     </div>
+  </Layout>
 
+  <Layout noPadding gap="XS">
     <Detail size="S">Actions</Detail>
-
     <div class="item-list">
       {#each Object.entries(internal) as [idx, action]}
-        {#if disabled[idx] && disabled[idx].disabled}
-          <Tooltip text={disabled[idx].message} direction="bottom">
-            <div
-              class="item"
-              class:selected={selectedAction === action.name}
-              class:disabled={true}
-              on:click={() => selectAction(action)}
-            >
-              <div class="item-body">
-                <Icon name={action.icon} />
-                <span class="icon-spacing">
-                  <Body size="XS">{action.name}</Body></span
-                >
-              </div>
-            </div>
-          </Tooltip>
-        {:else}
-          <div
-            class="item"
-            class:selected={selectedAction === action.name}
-            on:click={() => selectAction(action)}
-          >
-            <div class="item-body">
-              <Icon name={action.icon} />
-              <span class="icon-spacing">
-                <Body size="XS">{action.name}</Body></span
-              >
-            </div>
+        {@const isDisabled = disabled[idx] && disabled[idx].disabled}
+        <div
+          class="item"
+          class:disabled={isDisabled}
+          class:selected={selectedAction === action.name}
+          on:click={isDisabled ? null : () => selectAction(action)}
+        >
+          <div class="item-body">
+            <Icon name={action.icon} />
+            <Body size="XS">{action.name}</Body>
+            {#if isDisabled}
+              <Icon name="Help" tooltip={disabled[idx].message} />
+            {/if}
           </div>
-        {/if}
+        </div>
       {/each}
     </div>
   </Layout>
 </ModalContent>
 
 <style>
-  .disabled {
-    opacity: 0.3;
-    pointer-events: none;
-  }
-  .icon-spacing {
-    margin-left: var(--spacing-m);
-  }
   .item-body {
     display: flex;
     margin-left: var(--spacing-m);
+    gap: var(--spacing-m);
   }
   .item-list {
     display: grid;
@@ -171,8 +141,15 @@
     box-sizing: border-box;
     border-width: 2px;
   }
-  .item:hover,
+  .item:not(.disabled):hover,
   .selected {
     background: var(--spectrum-alias-background-color-tertiary);
   }
+  .disabled {
+    background: var(--spectrum-global-color-gray-200);
+    color: var(--spectrum-global-color-gray-500);
+  }
+  .disabled :global(.spectrum-Body) {
+    color: var(--spectrum-global-color-gray-600);
+  }
 </style>
diff --git a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowChart.svelte b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowChart.svelte
index 4b01616b54..63a3478ef3 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowChart.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowChart.svelte
@@ -1,5 +1,5 @@
 <script>
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
   import FlowItem from "./FlowItem.svelte"
   import TestDataModal from "./TestDataModal.svelte"
@@ -13,27 +13,28 @@
     Modal,
   } from "@budibase/bbui"
   import { ActionStepID } from "constants/backend/automations"
+  import UndoRedoControl from "components/common/UndoRedoControl.svelte"
+  import { automationHistoryStore } from "builderStore"
 
   export let automation
+
   let testDataModal
-  let blocks
   let confirmDeleteDialog
 
-  $: {
-    blocks = []
-    if (automation) {
-      if (automation.definition.trigger) {
-        blocks.push(automation.definition.trigger)
-      }
-      blocks = blocks.concat(automation.definition.steps || [])
+  $: blocks = getBlocks(automation)
+
+  const getBlocks = automation => {
+    let blocks = []
+    if (automation.definition.trigger) {
+      blocks.push(automation.definition.trigger)
     }
+    blocks = blocks.concat(automation.definition.steps || [])
+    return blocks
   }
 
   async function deleteAutomation() {
     try {
-      await automationStore.actions.delete(
-        $automationStore.selectedAutomation?.automation
-      )
+      await automationStore.actions.delete($selectedAutomation)
     } catch (error) {
       notifications.error("Error deleting automation")
     }
@@ -41,20 +42,17 @@
 </script>
 
 <div class="canvas">
-  <div style="float: left; padding-left: var(--spacing-xl);">
+  <div class="header">
     <Heading size="S">{automation.name}</Heading>
-  </div>
-  <div style="float: right; padding-right: var(--spacing-xl);" class="title">
-    <div class="subtitle">
-      <div style="display:flex; align-items: center;">
-        <div class="icon">
-          <Icon
-            on:click={confirmDeleteDialog.show}
-            hoverable
-            size="M"
-            name="DeleteOutline"
-          />
-        </div>
+    <div class="controls">
+      <UndoRedoControl store={automationHistoryStore} />
+      <Icon
+        on:click={confirmDeleteDialog.show}
+        hoverable
+        size="M"
+        name="DeleteOutline"
+      />
+      <div class="buttons">
         <ActionButton
           on:click={() => {
             testDataModal.show()
@@ -62,15 +60,13 @@
           icon="MultipleCheck"
           size="M">Run test</ActionButton
         >
-        <div style="padding-left: var(--spacing-m);">
-          <ActionButton
-            disabled={!$automationStore.selectedAutomation?.testResults}
-            on:click={() => {
-              $automationStore.showTestPanel = true
-            }}
-            size="M">Test Details</ActionButton
-          >
-        </div>
+        <ActionButton
+          disabled={!$automationStore.testResults}
+          on:click={() => {
+            $automationStore.showTestPanel = true
+          }}
+          size="M">Test Details</ActionButton
+        >
       </div>
     </div>
   </div>
@@ -80,7 +76,7 @@
     <div
       class="block"
       animate:flip={{ duration: 500 }}
-      in:fly|local={{ x: 500, duration: 500 }}
+      in:fly={{ x: 500, duration: 500 }}
       out:fly|local={{ x: 500, duration: 500 }}
     >
       {#if block.stepId !== ActionStepID.LOOP}
@@ -105,6 +101,9 @@
 </Modal>
 
 <style>
+  .canvas {
+    padding: var(--spacing-l) var(--spacing-xl);
+  }
   /* Fix for firefox not respecting bottom padding in scrolling containers */
   .canvas > *:last-child {
     padding-bottom: 40px;
@@ -122,18 +121,19 @@
     text-align: left;
   }
 
-  .title {
-    padding-bottom: var(--spacing-xl);
-  }
-
-  .subtitle {
-    padding-bottom: var(--spacing-xl);
+  .header {
     display: flex;
     justify-content: space-between;
     align-items: center;
   }
-  .icon {
-    cursor: pointer;
-    padding-right: var(--spacing-m);
+  .controls,
+  .buttons {
+    display: flex;
+    justify-content: flex-end;
+    align-items: center;
+    gap: var(--spacing-xl);
+  }
+  .buttons {
+    gap: var(--spacing-s);
   }
 </style>
diff --git a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItem.svelte b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItem.svelte
index d6e5fcb36d..7484a60502 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItem.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItem.svelte
@@ -1,5 +1,5 @@
 <script>
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import {
     Icon,
     Divider,
@@ -23,36 +23,26 @@
   export let block
   export let testDataModal
   export let idx
+
   let selected
   let webhookModal
   let actionModal
-  let blockComplete
+  let open = true
   let showLooping = false
   let role
 
-  $: automationId = $automationStore.selectedAutomation?.automation._id
+  $: automationId = $selectedAutomation?._id
   $: showBindingPicker =
     block.stepId === ActionStepID.CREATE_ROW ||
     block.stepId === ActionStepID.UPDATE_ROW
-
   $: isTrigger = block.type === "TRIGGER"
-
-  $: selected = $automationStore.selectedBlock?.id === block.id
-  $: steps =
-    $automationStore.selectedAutomation?.automation?.definition?.steps ?? []
-
+  $: steps = $selectedAutomation?.definition?.steps ?? []
   $: blockIdx = steps.findIndex(step => step.id === block.id)
   $: lastStep = !isTrigger && blockIdx + 1 === steps.length
-
-  $: totalBlocks =
-    $automationStore.selectedAutomation?.automation?.definition?.steps.length +
-    1
-
-  $: loopingSelected =
-    $automationStore.selectedAutomation?.automation.definition.steps.find(
-      x => x.blockToLoop === block.id
-    )
-
+  $: totalBlocks = $selectedAutomation?.definition?.steps.length + 1
+  $: loopBlock = $selectedAutomation?.definition.steps.find(
+    x => x.blockToLoop === block.id
+  )
   $: isAppAction = block?.stepId === TriggerStepID.APP
   $: isAppAction && setPermissions(role)
   $: isAppAction && getPermissions(automationId)
@@ -81,76 +71,54 @@
   }
 
   async function removeLooping() {
-    loopingSelected = false
-    let loopBlock =
-      $automationStore.selectedAutomation?.automation.definition.steps.find(
-        x => x.blockToLoop === block.id
-      )
-    automationStore.actions.deleteAutomationBlock(loopBlock)
-    await automationStore.actions.save(
-      $automationStore.selectedAutomation?.automation
+    let loopBlock = $selectedAutomation?.definition.steps.find(
+      x => x.blockToLoop === block.id
     )
+    try {
+      await automationStore.actions.deleteAutomationBlock(loopBlock)
+    } catch (error) {
+      notifications.error("Error saving automation")
+    }
   }
 
   async function deleteStep() {
-    let loopBlock =
-      $automationStore.selectedAutomation?.automation.definition.steps.find(
-        x => x.blockToLoop === block.id
-      )
+    let loopBlock = $selectedAutomation?.definition.steps.find(
+      x => x.blockToLoop === block.id
+    )
 
     try {
       if (loopBlock) {
-        automationStore.actions.deleteAutomationBlock(loopBlock)
+        await automationStore.actions.deleteAutomationBlock(loopBlock)
       }
-      automationStore.actions.deleteAutomationBlock(block)
-      await automationStore.actions.save(
-        $automationStore.selectedAutomation?.automation
-      )
+      await automationStore.actions.deleteAutomationBlock(block)
     } catch (error) {
-      notifications.error("Error saving notification")
+      notifications.error("Error saving automation")
     }
   }
-  function toggleFieldControl(evt) {
-    onSelect(block)
-    let rowControl
-    if (evt.detail === "Use values") {
-      rowControl = false
-    } else {
-      rowControl = true
-    }
-    automationStore.actions.toggleFieldControl(rowControl)
-    automationStore.actions.save(
-      $automationStore.selectedAutomation?.automation
-    )
+
+  /**
+   * "rowControl" appears to be the name of the flag used to determine whether
+   * a certain automation block uses values or bindings as inputs
+   */
+  function toggleRowControl(evt) {
+    const rowControl = evt.detail !== "Use values"
+    automationStore.actions.toggleRowControl(block, rowControl)
   }
 
   async function addLooping() {
-    loopingSelected = true
     const loopDefinition = $automationStore.blockDefinitions.ACTION.LOOP
-
-    const loopBlock = $automationStore.selectedAutomation.constructBlock(
+    const loopBlock = automationStore.actions.constructBlock(
       "ACTION",
       "LOOP",
       loopDefinition
     )
     loopBlock.blockToLoop = block.id
-    block.loopBlock = loopBlock.id
-    automationStore.actions.addBlockToAutomation(loopBlock, blockIdx)
-    await automationStore.actions.save(
-      $automationStore.selectedAutomation?.automation
-    )
-  }
-
-  async function onSelect(block) {
-    await automationStore.update(state => {
-      state.selectedBlock = block
-      return state
-    })
+    await automationStore.actions.addBlockToAutomation(loopBlock, blockIdx)
   }
 </script>
 
 <div class={`block ${block.type} hoverable`} class:selected on:click={() => {}}>
-  {#if loopingSelected}
+  {#if loopBlock}
     <div class="blockSection">
       <div
         on:click={() => {
@@ -174,13 +142,8 @@
         </div>
 
         <div class="blockTitle">
-          <div
-            style="margin-left: 10px;"
-            on:click={() => {
-              onSelect(block)
-            }}
-          >
-            <Icon name={showLooping ? "ChevronUp" : "ChevronDown"} />
+          <div style="margin-left: 10px;" on:click={() => {}}>
+            <Icon hoverable name={showLooping ? "ChevronDown" : "ChevronUp"} />
           </div>
         </div>
       </div>
@@ -198,9 +161,7 @@
               $automationStore.blockDefinitions.ACTION.LOOP.schema.inputs
                 .properties
             )}
-            block={$automationStore.selectedAutomation?.automation.definition.steps.find(
-              x => x.blockToLoop === block.id
-            )}
+            block={loopBlock}
             {webhookModal}
           />
         </Layout>
@@ -209,22 +170,28 @@
     {/if}
   {/if}
 
-  <FlowItemHeader bind:blockComplete {block} {testDataModal} {idx} />
-  {#if !blockComplete}
+  <FlowItemHeader
+    {open}
+    {block}
+    {testDataModal}
+    {idx}
+    on:toggle={() => (open = !open)}
+  />
+  {#if open}
     <Divider noMargin />
     <div class="blockSection">
       <Layout noPadding gap="S">
         {#if !isTrigger}
           <div>
             <div class="block-options">
-              {#if !loopingSelected}
-                <ActionButton on:click={() => addLooping()} icon="Reuse"
-                  >Add Looping</ActionButton
-                >
+              {#if !loopBlock}
+                <ActionButton on:click={() => addLooping()} icon="Reuse">
+                  Add Looping
+                </ActionButton>
               {/if}
               {#if showBindingPicker}
                 <Select
-                  on:change={toggleFieldControl}
+                  on:change={toggleRowControl}
                   defaultValue="Use values"
                   autoWidth
                   value={block.rowControl ? "Use bindings" : "Use values"}
@@ -250,16 +217,16 @@
           {webhookModal}
         />
         {#if lastStep}
-          <Button on:click={() => testDataModal.show()} cta
-            >Finish and test automation</Button
-          >
+          <Button on:click={() => testDataModal.show()} cta>
+            Finish and test automation
+          </Button>
         {/if}
       </Layout>
     </div>
   {/if}
 
   <Modal bind:this={actionModal} width="30%">
-    <ActionModal {blockIdx} bind:blockComplete />
+    <ActionModal {blockIdx} />
   </Modal>
 
   <Modal bind:this={webhookModal} width="30%">
diff --git a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItemHeader.svelte b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItemHeader.svelte
index bc40b7bf85..c09474a370 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItemHeader.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/FlowItemHeader.svelte
@@ -2,21 +2,22 @@
   import { automationStore } from "builderStore"
   import { Icon, Body, Detail, StatusLight } from "@budibase/bbui"
   import { externalActions } from "./ExternalActions"
+  import { createEventDispatcher } from "svelte"
 
   export let block
-  export let blockComplete
+  export let open
   export let showTestStatus = false
-  export let showParameters = {}
   export let testResult
   export let isTrigger
   export let idx
 
+  const dispatch = createEventDispatcher()
+
   $: {
     if (!testResult) {
-      testResult =
-        $automationStore.selectedAutomation?.testResults?.steps.filter(step =>
-          block.id ? step.id === block.id : step.stepId === block.stepId
-        )[0]
+      testResult = $automationStore.testResults?.steps?.filter(step =>
+        block.id ? step.id === block.id : step.stepId === block.stepId
+      )?.[0]
     }
   }
   $: isTrigger = isTrigger || block.type === "TRIGGER"
@@ -45,13 +46,7 @@
 </script>
 
 <div class="blockSection">
-  <div
-    on:click={() => {
-      blockComplete = !blockComplete
-      showParameters[block.id] = blockComplete
-    }}
-    class="splitHeader"
-  >
+  <div on:click={() => dispatch("toggle")} class="splitHeader">
     <div class="center-items">
       {#if externalActions[block.stepId]}
         <img
@@ -99,7 +94,7 @@
           onSelect(block)
         }}
       >
-        <Icon hoverable name={blockComplete ? "ChevronUp" : "ChevronDown"} />
+        <Icon hoverable name={open ? "ChevronUp" : "ChevronDown"} />
       </div>
     </div>
   </div>
diff --git a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/TestDataModal.svelte b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/TestDataModal.svelte
index 3beb6cd79b..cd170142e4 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/FlowChart/TestDataModal.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/FlowChart/TestDataModal.svelte
@@ -7,7 +7,7 @@
     Label,
     notifications,
   } from "@budibase/bbui"
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import AutomationBlockSetup from "../../SetupPanel/AutomationBlockSetup.svelte"
   import { cloneDeep } from "lodash/fp"
 
@@ -17,9 +17,7 @@
 
   $: {
     // clone the trigger so we're not mutating the reference
-    trigger = cloneDeep(
-      $automationStore.selectedAutomation.automation.definition.trigger
-    )
+    trigger = cloneDeep($selectedAutomation.definition.trigger)
 
     // get the outputs so we can define the fields
     let schema = Object.entries(trigger.schema?.outputs?.properties || {})
@@ -32,7 +30,7 @@
   }
 
   // check to see if there is existing test data in the store
-  $: testData = $automationStore.selectedAutomation.automation.testData || {}
+  $: testData = $selectedAutomation.testData || {}
 
   // Check the schema to see if required fields have been entered
   $: isError = !trigger.schema.outputs.required.every(
@@ -51,10 +49,7 @@
 
   const testAutomation = async () => {
     try {
-      await automationStore.actions.test(
-        $automationStore.selectedAutomation?.automation,
-        testData
-      )
+      await automationStore.actions.test($selectedAutomation, testData)
       $automationStore.showTestPanel = true
     } catch (error) {
       notifications.error("Error testing automation")
@@ -70,8 +65,8 @@
   onConfirm={testAutomation}
   cancelText="Cancel"
 >
-  <Tabs selected="Form" quiet
-    ><Tab icon="Form" title="Form">
+  <Tabs selected="Form" quiet>
+    <Tab icon="Form" title="Form">
       <div class="tab-content-padding">
         <AutomationBlockSetup
           {testData}
@@ -86,11 +81,7 @@
         <Label>JSON</Label>
         <div class="text-area-container">
           <TextArea
-            value={JSON.stringify(
-              $automationStore.selectedAutomation.automation.testData,
-              null,
-              2
-            )}
+            value={JSON.stringify($selectedAutomation.testData, null, 2)}
             error={failedParse}
             on:change={e => parseTestJSON(e)}
           />
diff --git a/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte b/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
index bd46c70df5..d74eab3622 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/TestDisplay.svelte
@@ -7,7 +7,7 @@
   export let testResults
   export let width = "400px"
 
-  let showParameters
+  let openBlocks = {}
   let blocks
 
   function prepTestResults(results) {
@@ -48,14 +48,15 @@
     <div class="block" style={width ? `width: ${width}` : ""}>
       {#if block.stepId !== ActionStepID.LOOP}
         <FlowItemHeader
-          showTestStatus={true}
-          bind:showParameters
-          {block}
+          open={!!openBlocks[block.id]}
+          on:toggle={() => (openBlocks[block.id] = !openBlocks[block.id])}
           isTrigger={idx === 0}
-          {idx}
           testResult={filteredResults?.[idx]}
+          showTestStatus
+          {block}
+          {idx}
         />
-        {#if showParameters && showParameters[block.id]}
+        {#if openBlocks[block.id]}
           <Divider noMargin />
           {#if filteredResults?.[idx]?.outputs.iterations}
             <div style="display: flex; padding: 10px 10px 0px 12px;">
diff --git a/packages/builder/src/components/automation/AutomationBuilder/TestPanel.svelte b/packages/builder/src/components/automation/AutomationBuilder/TestPanel.svelte
index 4f09edf7c2..c2626fb3c2 100644
--- a/packages/builder/src/components/automation/AutomationBuilder/TestPanel.svelte
+++ b/packages/builder/src/components/automation/AutomationBuilder/TestPanel.svelte
@@ -2,26 +2,8 @@
   import { Icon, Divider } from "@budibase/bbui"
   import TestDisplay from "./TestDisplay.svelte"
   import { automationStore } from "builderStore"
-  import { ActionStepID } from "constants/backend/automations"
 
   export let automation
-
-  let blocks, testResults
-
-  $: {
-    blocks = []
-    if (automation) {
-      if (automation.definition.trigger) {
-        blocks.push(automation.definition.trigger)
-      }
-      blocks = blocks
-        .concat(automation.definition.steps || [])
-        .filter(x => x.stepId !== ActionStepID.LOOP)
-    } else if ($automationStore.selectedAutomation) {
-      automation = $automationStore.selectedAutomation
-    }
-  }
-  $: testResults = $automationStore.selectedAutomation?.testResults
 </script>
 
 <div class="title">
@@ -42,7 +24,7 @@
 
 <Divider />
 
-<TestDisplay {automation} {testResults} />
+<TestDisplay {automation} testResults={$automationStore.testResults} />
 
 <style>
   .title {
diff --git a/packages/builder/src/components/automation/AutomationPanel/AutomationList.svelte b/packages/builder/src/components/automation/AutomationPanel/AutomationList.svelte
index c7bd43661b..80d65a5cb6 100644
--- a/packages/builder/src/components/automation/AutomationPanel/AutomationList.svelte
+++ b/packages/builder/src/components/automation/AutomationPanel/AutomationList.svelte
@@ -1,12 +1,11 @@
 <script>
   import { onMount } from "svelte"
-  import { goto } from "@roxi/routify"
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import NavItem from "components/common/NavItem.svelte"
   import EditAutomationPopover from "./EditAutomationPopover.svelte"
   import { notifications } from "@budibase/bbui"
 
-  $: selectedAutomationId = $automationStore.selectedAutomation?.automation?._id
+  $: selectedAutomationId = $selectedAutomation?._id
 
   onMount(async () => {
     try {
@@ -16,9 +15,8 @@
     }
   })
 
-  function selectAutomation(automation) {
-    automationStore.actions.select(automation)
-    $goto(`./${automation._id}`)
+  function selectAutomation(id) {
+    automationStore.actions.select(id)
   }
 </script>
 
@@ -29,7 +27,7 @@
       icon="ShareAndroid"
       text={automation.name}
       selected={automation._id === selectedAutomationId}
-      on:click={() => selectAutomation(automation)}
+      on:click={() => selectAutomation(automation._id)}
     >
       <EditAutomationPopover {automation} />
     </NavItem>
@@ -42,5 +40,6 @@
     flex-direction: column;
     justify-content: flex-start;
     align-items: stretch;
+    margin: 0 calc(-1 * var(--spacing-xl));
   }
 </style>
diff --git a/packages/builder/src/components/automation/AutomationPanel/AutomationPanel.svelte b/packages/builder/src/components/automation/AutomationPanel/AutomationPanel.svelte
index dc442c0fae..85e6a5faa3 100644
--- a/packages/builder/src/components/automation/AutomationPanel/AutomationPanel.svelte
+++ b/packages/builder/src/components/automation/AutomationPanel/AutomationPanel.svelte
@@ -1,36 +1,20 @@
 <script>
   import AutomationList from "./AutomationList.svelte"
   import CreateAutomationModal from "./CreateAutomationModal.svelte"
-  import { Modal, Tabs, Tab, Button, Layout } from "@budibase/bbui"
+  import { Modal, Button, Layout } from "@budibase/bbui"
+  import Panel from "components/design/Panel.svelte"
 
   export let modal
   export let webhookModal
 </script>
 
-<div class="nav">
-  <Tabs selected="Automations">
-    <Tab title="Automations">
-      <Layout paddingX="L" paddingY="L" gap="S">
-        <Button cta wide on:click={modal.show}>Add automation</Button>
-      </Layout>
-      <AutomationList />
-      <Modal bind:this={modal}>
-        <CreateAutomationModal {webhookModal} />
-      </Modal>
-    </Tab>
-  </Tabs>
-</div>
+<Panel title="Automations" borderRight>
+  <Layout paddingX="L" paddingY="XL" gap="S">
+    <Button cta on:click={modal.show}>Add automation</Button>
+    <AutomationList />
+  </Layout>
+</Panel>
 
-<style>
-  .nav {
-    overflow-y: auto;
-    background: var(--background);
-    display: flex;
-    flex-direction: column;
-    justify-content: flex-start;
-    align-items: stretch;
-    position: relative;
-    border-right: var(--border-light);
-    padding-bottom: 60px;
-  }
-</style>
+<Modal bind:this={modal}>
+  <CreateAutomationModal {webhookModal} />
+</Modal>
diff --git a/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte b/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte
index 3549bc6de8..5fb27eaaf3 100644
--- a/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte
+++ b/packages/builder/src/components/automation/AutomationPanel/CreateAutomationModal.svelte
@@ -1,6 +1,4 @@
 <script>
-  import { goto } from "@roxi/routify"
-  import { database } from "stores/backend"
   import { automationStore } from "builderStore"
   import { notifications } from "@budibase/bbui"
   import {
@@ -10,48 +8,37 @@
     Layout,
     Body,
     Icon,
+    Label,
   } from "@budibase/bbui"
   import { TriggerStepID } from "constants/backend/automations"
 
+  export let webhookModal
+
   let name
   let selectedTrigger
   let nameTouched = false
   let triggerVal
-  export let webhookModal
 
-  $: instanceId = $database._id
   $: nameError =
     nameTouched && !name ? "Please specify a name for the automation." : null
+  $: triggers = Object.entries($automationStore.blockDefinitions.TRIGGER)
 
   async function createAutomation() {
     try {
-      await automationStore.actions.create({
-        name,
-        instanceId,
-      })
-      const newBlock = $automationStore.selectedAutomation.constructBlock(
+      const trigger = automationStore.actions.constructBlock(
         "TRIGGER",
         triggerVal.stepId,
         triggerVal
       )
-
-      automationStore.actions.addBlockToAutomation(newBlock)
+      await automationStore.actions.create(name, trigger)
       if (triggerVal.stepId === TriggerStepID.WEBHOOK) {
-        webhookModal.show
+        webhookModal.show()
       }
-
-      await automationStore.actions.save(
-        $automationStore.selectedAutomation?.automation
-      )
-
       notifications.success(`Automation ${name} created`)
-
-      $goto(`./${$automationStore.selectedAutomation.automation._id}`)
     } catch (error) {
       notifications.error("Error creating automation")
     }
   }
-  $: triggers = Object.entries($automationStore.blockDefinitions.TRIGGER)
 
   const selectTrigger = trigger => {
     triggerVal = trigger
@@ -70,9 +57,9 @@
     header="You must publish your app to activate your automations."
     message="To test your automation before publishing, you can use the 'Run Test' functionality on the next screen."
   />
-  <Body size="XS"
-    >Please name your automation, then select a trigger. Every automation must
-    start with a trigger.
+  <Body size="S">
+    Please name your automation, then select a trigger.<br />
+    Every automation must start with a trigger.
   </Body>
   <Input
     bind:value={name}
@@ -81,9 +68,8 @@
     label="Name"
   />
 
-  <Layout noPadding>
-    <Body size="S">Triggers</Body>
-
+  <Layout noPadding gap="XS">
+    <Label size="S">Trigger</Label>
     <div class="item-list">
       {#each triggers as [idx, trigger]}
         <div
diff --git a/packages/builder/src/components/automation/AutomationPanel/EditAutomationPopover.svelte b/packages/builder/src/components/automation/AutomationPanel/EditAutomationPopover.svelte
index 30892882bf..0ce9c781ac 100644
--- a/packages/builder/src/components/automation/AutomationPanel/EditAutomationPopover.svelte
+++ b/packages/builder/src/components/automation/AutomationPanel/EditAutomationPopover.svelte
@@ -1,5 +1,4 @@
 <script>
-  import { goto } from "@roxi/routify"
   import { automationStore } from "builderStore"
   import { ActionMenu, MenuItem, notifications, Icon } from "@budibase/bbui"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
@@ -14,7 +13,6 @@
     try {
       await automationStore.actions.delete(automation)
       notifications.success("Automation deleted successfully")
-      $goto("../automate")
     } catch (error) {
       notifications.error("Error deleting automation")
     }
@@ -24,7 +22,6 @@
     try {
       await automationStore.actions.duplicate(automation)
       notifications.success("Automation has been duplicated successfully")
-      $goto(`./${$automationStore.selectedAutomation.automation._id}`)
     } catch (error) {
       notifications.error("Error duplicating automation")
     }
diff --git a/packages/builder/src/components/automation/AutomationPanel/UpdateAutomationModal.svelte b/packages/builder/src/components/automation/AutomationPanel/UpdateAutomationModal.svelte
index 9075a5433c..ac96eb6b70 100644
--- a/packages/builder/src/components/automation/AutomationPanel/UpdateAutomationModal.svelte
+++ b/packages/builder/src/components/automation/AutomationPanel/UpdateAutomationModal.svelte
@@ -3,13 +3,13 @@
   import { notifications } from "@budibase/bbui"
   import { Icon, Input, ModalContent, Modal } from "@budibase/bbui"
 
+  export let automation
+  export let onCancel = undefined
+
   let name
   let error = ""
   let modal
 
-  export let automation
-  export let onCancel = undefined
-
   export const show = () => {
     name = automation?.name
     modal.show()
diff --git a/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte b/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte
index a3fc44f8c2..f47fb8a086 100644
--- a/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/AutomationBlockSetup.svelte
@@ -15,8 +15,7 @@
     notifications,
   } from "@budibase/bbui"
   import CreateWebhookModal from "components/automation/Shared/CreateWebhookModal.svelte"
-
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import { tables } from "stores/backend"
   import { environment, licensing } from "stores/portal"
   import WebhookDisplay from "../Shared/WebhookDisplay.svelte"
@@ -50,22 +49,8 @@
   $: filters = lookForFilters(schemaProperties) || []
   $: tempFilters = filters
   $: stepId = block.stepId
-  $: bindings = getAvailableBindings(
-    block || $automationStore.selectedBlock,
-    $automationStore.selectedAutomation?.automation?.definition
-  )
-
+  $: bindings = getAvailableBindings(block, $selectedAutomation?.definition)
   $: getInputData(testData, block.inputs)
-  const getInputData = (testData, blockInputs) => {
-    let newInputData = testData || blockInputs
-
-    if (block.event === "app:trigger" && !newInputData?.fields) {
-      newInputData = cloneDeep(blockInputs)
-    }
-
-    inputData = newInputData
-  }
-
   $: tableId = inputData ? inputData.tableId : null
   $: table = tableId
     ? $tables.list.find(table => table._id === inputData.tableId)
@@ -76,39 +61,48 @@
   $: isTrigger = block?.type === "TRIGGER"
   $: isUpdateRow = stepId === ActionStepID.UPDATE_ROW
 
+  const getInputData = (testData, blockInputs) => {
+    let newInputData = testData || blockInputs
+    if (block.event === "app:trigger" && !newInputData?.fields) {
+      newInputData = cloneDeep(blockInputs)
+    }
+    inputData = newInputData
+  }
+
   const onChange = Utils.sequential(async (e, key) => {
+    // We need to cache the schema as part of the definition because it is
+    // used in the server to detect relationships. It would be far better to
+    // instead fetch the schema in the backend at runtime.
+    let schema
     if (e.detail?.tableId) {
-      const tableSchema = getSchemaForTable(e.detail.tableId, {
+      schema = getSchemaForTable(e.detail.tableId, {
         searchableSchema: true,
       }).schema
-      if (isTestModal) {
-        testData.schema = tableSchema
-      } else {
-        block.inputs.schema = tableSchema
-      }
     }
+
     try {
       if (isTestModal) {
+        let newTestData = { schema }
+
         // Special case for webhook, as it requires a body, but the schema already brings back the body's contents
         if (stepId === TriggerStepID.WEBHOOK) {
-          automationStore.actions.addTestDataToAutomation({
+          newTestData = {
+            ...newTestData,
             body: {
               [key]: e.detail,
-              ...$automationStore.selectedAutomation.automation.testData?.body,
+              ...$selectedAutomation.testData?.body,
             },
-          })
+          }
         }
-        automationStore.actions.addTestDataToAutomation({
+        newTestData = {
+          ...newTestData,
           [key]: e.detail,
-        })
-        testData[key] = e.detail
+        }
+        await automationStore.actions.addTestDataToAutomation(newTestData)
       } else {
-        block.inputs[key] = e.detail
+        const data = { schema, [key]: e.detail }
+        await automationStore.actions.updateBlockInputs(block, data)
       }
-
-      await automationStore.actions.save(
-        $automationStore.selectedAutomation?.automation
-      )
     } catch (error) {
       notifications.error("Error saving automation")
     }
diff --git a/packages/builder/src/components/automation/SetupPanel/CronBuilder.svelte b/packages/builder/src/components/automation/SetupPanel/CronBuilder.svelte
index f2da863424..162285fd73 100644
--- a/packages/builder/src/components/automation/SetupPanel/CronBuilder.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/CronBuilder.svelte
@@ -5,7 +5,11 @@
   const dispatch = createEventDispatcher()
 
   export let value
+
   const onChange = e => {
+    if (e.detail === value) {
+      return
+    }
     value = e.detail
     dispatch("change", e.detail)
   }
@@ -43,7 +47,12 @@
 </script>
 
 <div class="block-field">
-  <Input on:change={onChange} {value} on:blur={() => (touched = true)} />
+  <Input
+    on:change={onChange}
+    {value}
+    on:blur={() => (touched = true)}
+    updateOnChange={false}
+  />
   {#if touched && !value}
     <Label><div class="error">Please specify a CRON expression</div></Label>
   {/if}
diff --git a/packages/builder/src/components/automation/Shared/CreateWebhookModal.svelte b/packages/builder/src/components/automation/Shared/CreateWebhookModal.svelte
index 59bf818b71..86eadd66a1 100644
--- a/packages/builder/src/components/automation/Shared/CreateWebhookModal.svelte
+++ b/packages/builder/src/components/automation/Shared/CreateWebhookModal.svelte
@@ -1,17 +1,18 @@
 <script>
   import { Icon, notifications } from "@budibase/bbui"
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import WebhookDisplay from "./WebhookDisplay.svelte"
   import { ModalContent } from "@budibase/bbui"
   import { onMount, onDestroy } from "svelte"
 
   const POLL_RATE_MS = 2500
+
   let interval
   let finished = false
   let schemaURL
   let propCount = 0
 
-  $: automation = $automationStore.selectedAutomation?.automation
+  $: automation = $selectedAutomation
 
   onMount(async () => {
     if (!automation?.definition?.trigger?.inputs.schemaUrl) {
diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
index 95e53b4192..352f094507 100644
--- a/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
+++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditColumn.svelte
@@ -18,7 +18,6 @@
   import { TableNames, UNEDITABLE_USER_FIELDS } from "constants"
   import {
     FIELDS,
-    AUTO_COLUMN_SUB_TYPES,
     RelationshipTypes,
     ALLOWABLE_STRING_OPTIONS,
     ALLOWABLE_NUMBER_OPTIONS,
@@ -132,12 +131,6 @@
     : availableAutoColumns
 
   // used to select what different options can be displayed for column type
-  $: canBeSearched =
-    editableColumn?.type !== LINK_TYPE &&
-    editableColumn?.type !== JSON_TYPE &&
-    editableColumn?.subtype !== AUTO_COLUMN_SUB_TYPES.CREATED_BY &&
-    editableColumn?.subtype !== AUTO_COLUMN_SUB_TYPES.UPDATED_BY &&
-    editableColumn?.type !== FORMULA_TYPE
   $: canBeDisplay =
     editableColumn?.type !== LINK_TYPE &&
     editableColumn?.type !== AUTO_TYPE &&
@@ -199,13 +192,13 @@
     editableColumn.name = originalName
   }
 
-  function deleteColumn() {
+  async function deleteColumn() {
     try {
       editableColumn.name = deleteColName
       if (editableColumn.name === $tables.selected.primaryDisplay) {
         notifications.error("You cannot delete the display column")
       } else {
-        tables.deleteField(editableColumn)
+        await tables.deleteField(editableColumn)
         notifications.success(`Column ${editableColumn.name} deleted.`)
         confirmDeleteDialog.hide()
         hide()
@@ -254,18 +247,6 @@
     }
   }
 
-  function onChangePrimaryIndex(e) {
-    indexes = e.detail ? [editableColumn.name] : []
-  }
-
-  function onChangeSecondaryIndex(e) {
-    if (e.detail) {
-      indexes[1] = editableColumn.name
-    } else {
-      indexes = indexes.slice(0, 1)
-    }
-  }
-
   function openJsonSchemaEditor() {
     jsonSchemaModal.show()
   }
@@ -460,24 +441,6 @@
     </div>
   {/if}
 
-  {#if canBeSearched && !external}
-    <div>
-      <Label>Search Indexes</Label>
-      <Toggle
-        value={indexes[0] === editableColumn.name}
-        disabled={indexes[1] === editableColumn.name}
-        on:change={onChangePrimaryIndex}
-        text="Primary"
-      />
-      <Toggle
-        value={indexes[1] === editableColumn.name}
-        disabled={!indexes[0] || indexes[0] === editableColumn.name}
-        on:change={onChangeSecondaryIndex}
-        text="Secondary"
-      />
-    </div>
-  {/if}
-
   {#if editableColumn.type === "string"}
     <Input
       type="number"
diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte
index 645e82c8ba..09a67cb6fe 100644
--- a/packages/builder/src/components/common/RoleSelect.svelte
+++ b/packages/builder/src/components/common/RoleSelect.svelte
@@ -11,16 +11,24 @@
   export let quiet = false
   export let allowPublic = true
   export let allowRemove = false
+  export let disabled = false
+  export let align
+  export let footer = null
+  export let allowedRoles = null
 
   const dispatch = createEventDispatcher()
   const RemoveID = "remove"
 
-  $: options = getOptions($roles, allowPublic, allowRemove)
+  $: options = getOptions($roles, allowPublic, allowRemove, allowedRoles)
 
-  const getOptions = (roles, allowPublic) => {
+  const getOptions = (roles, allowPublic, allowRemove, allowedRoles) => {
+    if (allowedRoles?.length) {
+      return roles.filter(role => allowedRoles.includes(role._id))
+    }
+    let newRoles = [...roles]
     if (allowRemove) {
-      roles = [
-        ...roles,
+      newRoles = [
+        ...newRoles,
         {
           _id: RemoveID,
           name: "Remove",
@@ -28,9 +36,9 @@
       ]
     }
     if (allowPublic) {
-      return roles
+      return newRoles
     }
-    return roles.filter(role => role._id !== Constants.Roles.PUBLIC)
+    return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
   }
 
   const getColor = role => {
@@ -59,6 +67,9 @@
 <Select
   {autoWidth}
   {quiet}
+  {disabled}
+  {align}
+  {footer}
   bind:value
   on:change={onChange}
   {options}
diff --git a/packages/builder/src/components/common/UndoRedoControl.svelte b/packages/builder/src/components/common/UndoRedoControl.svelte
new file mode 100644
index 0000000000..321350e32a
--- /dev/null
+++ b/packages/builder/src/components/common/UndoRedoControl.svelte
@@ -0,0 +1,57 @@
+<script>
+  import { Icon } from "@budibase/bbui"
+  import { onMount } from "svelte"
+
+  export let store
+
+  const handleKeyPress = e => {
+    if (!(e.ctrlKey || e.metaKey)) {
+      return
+    }
+    if (e.shiftKey && e.key === "Z") {
+      store.redo()
+    } else if (e.key === "z") {
+      store.undo()
+    }
+  }
+
+  onMount(() => {
+    document.addEventListener("keydown", handleKeyPress)
+
+    return () => {
+      document.removeEventListener("keydown", handleKeyPress)
+    }
+  })
+</script>
+
+<div class="undo-redo">
+  <Icon
+    name="Undo"
+    hoverable
+    on:click={store.undo}
+    disabled={!$store.canUndo}
+    tooltip="Undo latest change"
+  />
+  <Icon
+    name="Redo"
+    hoverable
+    on:click={store.redo}
+    disabled={!$store.canRedo}
+    tooltip="Redo latest undo"
+  />
+</div>
+
+<style>
+  .undo-redo {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-start;
+    align-items: center;
+    gap: var(--spacing-xs);
+    padding-right: var(--spacing-xl);
+    border-right: var(--border-light);
+  }
+  .undo-redo :global(svg) {
+    padding: 6px;
+  }
+</style>
diff --git a/packages/builder/src/components/common/bindings/BindingPanel.svelte b/packages/builder/src/components/common/bindings/BindingPanel.svelte
index 7daf2173a7..3a1c6c4fee 100644
--- a/packages/builder/src/components/common/bindings/BindingPanel.svelte
+++ b/packages/builder/src/components/common/bindings/BindingPanel.svelte
@@ -183,6 +183,7 @@
     bind:this={popover}
     anchor={popoverAnchor}
     maxWidth={300}
+    dismissible={false}
   >
     <Layout gap="S">
       <div class="helper">
diff --git a/packages/builder/src/components/deploy/DeployNavigation.svelte b/packages/builder/src/components/deploy/AppActions.svelte
similarity index 52%
rename from packages/builder/src/components/deploy/DeployNavigation.svelte
rename to packages/builder/src/components/deploy/AppActions.svelte
index d3a428fed2..daed564204 100644
--- a/packages/builder/src/components/deploy/DeployNavigation.svelte
+++ b/packages/builder/src/components/deploy/AppActions.svelte
@@ -6,8 +6,10 @@
     Heading,
     Body,
     Button,
-    Icon,
+    ActionButton,
   } from "@budibase/bbui"
+  import RevertModal from "components/deploy/RevertModal.svelte"
+  import VersionModal from "components/deploy/VersionModal.svelte"
   import { processStringSync } from "@budibase/string-templates"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
   import analytics, { Events, EventSource } from "analytics"
@@ -16,6 +18,9 @@
   import { onMount } from "svelte"
   import DeployModal from "components/deploy/DeployModal.svelte"
   import { apps } from "stores/portal"
+  import { store } from "builderStore"
+  import TourWrap from "components/portal/onboarding/TourWrap.svelte"
+  import { TOUR_STEP_KEYS } from "components/portal/onboarding/tours.js"
 
   export let application
 
@@ -108,66 +113,97 @@
   })
 </script>
 
-<div class="deployment-top-nav">
-  {#if isPublished}
-    <div class="publish-popover">
-      <div bind:this={publishPopoverAnchor}>
-        <Icon
-          size="M"
-          hoverable
-          name="Globe"
-          tooltip="Your published app"
-          on:click={publishPopover.show()}
-        />
-      </div>
-      <Popover
-        bind:this={publishPopover}
-        align="right"
-        disabled={!isPublished}
-        anchor={publishPopoverAnchor}
-        offset={10}
-      >
-        <div class="popover-content">
-          <Layout noPadding gap="M">
-            <Heading size="XS">Your published app</Heading>
-            <Body size="S">
-              <span class="publish-popover-message">
-                {processStringSync(
-                  "Last published {{ duration time 'millisecond' }} ago",
-                  {
-                    time:
-                      new Date().getTime() -
-                      new Date(latestDeployments[0].updatedAt).getTime(),
-                  }
-                )}
-              </span>
-            </Body>
-            <div class="buttons">
-              <Button
-                warning={true}
-                icon="GlobeStrike"
-                disabled={!isPublished}
-                on:click={unpublishApp}
-              >
-                Unpublish
-              </Button>
-              <Button cta on:click={viewApp}>View app</Button>
-            </div>
-          </Layout>
-        </div>
-      </Popover>
+<div class="action-top-nav">
+  <div class="action-buttons">
+    <div class="version">
+      <VersionModal />
     </div>
-  {/if}
+    <RevertModal />
 
-  {#if !isPublished}
-    <Icon
-      size="M"
-      name="GlobeStrike"
-      disabled
-      tooltip="Your app has not been published yet"
-    />
-  {/if}
+    {#if isPublished}
+      <div class="publish-popover">
+        <div bind:this={publishPopoverAnchor}>
+          <ActionButton
+            quiet
+            icon="Globe"
+            size="M"
+            tooltip="Your published app"
+            on:click={publishPopover.show()}
+          />
+        </div>
+        <Popover
+          bind:this={publishPopover}
+          align="right"
+          disabled={!isPublished}
+          anchor={publishPopoverAnchor}
+          offset={10}
+        >
+          <div class="popover-content">
+            <Layout noPadding gap="M">
+              <Heading size="XS">Your published app</Heading>
+              <Body size="S">
+                <span class="publish-popover-message">
+                  {processStringSync(
+                    "Last published {{ duration time 'millisecond' }} ago",
+                    {
+                      time:
+                        new Date().getTime() -
+                        new Date(latestDeployments[0].updatedAt).getTime(),
+                    }
+                  )}
+                </span>
+              </Body>
+              <div class="buttons">
+                <Button
+                  warning={true}
+                  icon="GlobeStrike"
+                  disabled={!isPublished}
+                  on:click={unpublishApp}
+                >
+                  Unpublish
+                </Button>
+                <Button cta on:click={viewApp}>View app</Button>
+              </div>
+            </Layout>
+          </div>
+        </Popover>
+      </div>
+    {/if}
+
+    {#if !isPublished}
+      <ActionButton
+        quiet
+        icon="GlobeStrike"
+        size="M"
+        tooltip="Your app has not been published yet"
+        disabled
+      />
+    {/if}
+
+    <TourWrap
+      tourStepKey={$store.onboarding
+        ? TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT
+        : TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT}
+    >
+      <span id="builder-app-users-button">
+        <ActionButton
+          quiet
+          icon="UserGroup"
+          size="M"
+          on:click={() => {
+            store.update(state => {
+              state.builderSidePanel = true
+              return state
+            })
+          }}
+        >
+          Users
+        </ActionButton>
+      </span>
+    </TourWrap>
+  </div>
 </div>
+
 <ConfirmDialog
   bind:this={unpublishModal}
   title="Confirm unpublish"
@@ -183,6 +219,11 @@
 </div>
 
 <style>
+  /* .banner-btn {
+    display: flex;
+    align-items: center;
+    gap: var(--spacing-s);
+  } */
   .popover-content {
     padding: var(--spacing-xl);
   }
@@ -191,6 +232,22 @@
     flex-direction: row;
     justify-content: flex-end;
     align-items: center;
-    gap: var(--spacing-m);
+    gap: var(--spacing-l);
+  }
+  .action-buttons {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    align-items: center;
+    /* gap: var(--spacing-s); */
+  }
+  .version {
+    margin-right: var(--spacing-s);
+  }
+  .action-top-nav {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    align-items: center;
   }
 </style>
diff --git a/packages/builder/src/components/deploy/RevertModal.svelte b/packages/builder/src/components/deploy/RevertModal.svelte
index a8f9d8f6e3..0c3372f8ec 100644
--- a/packages/builder/src/components/deploy/RevertModal.svelte
+++ b/packages/builder/src/components/deploy/RevertModal.svelte
@@ -1,10 +1,10 @@
 <script>
   import {
-    Icon,
     Input,
     Modal,
     notifications,
     ModalContent,
+    ActionButton,
   } from "@budibase/bbui"
   import { store } from "builderStore"
   import { API } from "api"
@@ -28,12 +28,14 @@
   }
 </script>
 
-<Icon
-  name="Revert"
-  hoverable
-  on:click={revertModal.show}
+<ActionButton
+  quiet
+  icon="Revert"
+  size="M"
   tooltip="Revert changes"
+  on:click={revertModal.show}
 />
+
 <Modal bind:this={revertModal}>
   <ModalContent
     title="Revert Changes"
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/ButtonActionEditor.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/ButtonActionEditor.svelte
index 6a23ba8cbd..2c5f07240e 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/ButtonActionEditor.svelte
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/ButtonActionEditor.svelte
@@ -42,29 +42,22 @@
       return
     }
     try {
-      await automationStore.actions.create({
-        name: parameters.newAutomationName,
-      })
-      const appActionDefinition = $automationStore.blockDefinitions.TRIGGER.APP
-      const newBlock = $automationStore.selectedAutomation.constructBlock(
+      let trigger = automationStore.actions.constructBlock(
         "TRIGGER",
         "APP",
-        appActionDefinition
+        $automationStore.blockDefinitions.TRIGGER.APP
       )
-
-      newBlock.inputs = {
+      trigger.inputs = {
         fields: Object.keys(parameters.fields ?? {}).reduce((fields, key) => {
           fields[key] = "string"
           return fields
         }, {}),
       }
-
-      automationStore.actions.addBlockToAutomation(newBlock)
-      await automationStore.actions.save(
-        $automationStore.selectedAutomation?.automation
+      const automation = await automationStore.actions.create(
+        parameters.newAutomationName,
+        trigger
       )
-      parameters.automationId =
-        $automationStore.selectedAutomation.automation._id
+      parameters.automationId = automation._id
       delete parameters.newAutomationName
     } catch (error) {
       notifications.error("Error creating automation")
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
index 840a639fb4..ba72fd2ed7 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/ExecuteQuery.svelte
@@ -20,6 +20,12 @@
     x =>
       x._id !== BUDIBASE_INTERNAL_DB_ID && x.type !== BUDIBASE_DATASOURCE_TYPE
   )
+  // Ensure query params exist so they can be bound
+  $: {
+    if (!parameters.queryParams) {
+      parameters.queryParams = {}
+    }
+  }
 
   function fetchQueryDefinition(query) {
     const source = $datasources.list.find(
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/FetchRow.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/FetchRow.svelte
new file mode 100644
index 0000000000..fb8b8c3f90
--- /dev/null
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/FetchRow.svelte
@@ -0,0 +1,40 @@
+<script>
+  import { Select, Label } from "@budibase/bbui"
+  import { tables } from "stores/backend"
+  import DrawerBindableInput from "components/common/bindings/DrawerBindableInput.svelte"
+
+  export let parameters
+  export let bindings = []
+
+  $: tableOptions = $tables.list || []
+</script>
+
+<div class="root">
+  <Label>Table</Label>
+  <Select
+    bind:value={parameters.tableId}
+    options={tableOptions}
+    getOptionLabel={table => table.name}
+    getOptionValue={table => table._id}
+  />
+
+  <Label small>Row ID</Label>
+  <DrawerBindableInput
+    {bindings}
+    title="Row ID to Fetch"
+    value={parameters.rowId}
+    on:change={value => (parameters.rowId = value.detail)}
+  />
+</div>
+
+<style>
+  .root {
+    display: grid;
+    column-gap: var(--spacing-l);
+    row-gap: var(--spacing-s);
+    grid-template-columns: 60px 1fr;
+    align-items: center;
+    max-width: 800px;
+    margin: 0 auto;
+  }
+</style>
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
index d90b645315..dca2887fb4 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/NavigateTo.svelte
@@ -1,22 +1,66 @@
 <script>
-  import { Label, Checkbox } from "@budibase/bbui"
+  import { store } from "builderStore"
+  import { onMount } from "svelte"
+  import { Label, Checkbox, Select } from "@budibase/bbui"
   import DrawerBindableInput from "components/common/bindings/DrawerBindableInput.svelte"
+  import DrawerBindableCombobox from "components/common/bindings/DrawerBindableCombobox.svelte"
 
   export let parameters
   export let bindings = []
+
+  $: urlOptions = $store.screens
+    .map(screen => screen.routing?.route)
+    .filter(x => x != null)
+
+  const typeOptions = [
+    {
+      label: "Screen",
+      value: "screen",
+    },
+    {
+      label: "URL",
+      value: "url",
+    },
+  ]
+
+  onMount(() => {
+    if (!parameters.type) {
+      parameters.type = "screen"
+    }
+  })
 </script>
 
 <div class="root">
-  <Label small>Screen</Label>
-  <DrawerBindableInput
-    title="Destination URL"
-    placeholder="/screen"
-    value={parameters.url}
-    on:change={value => (parameters.url = value.detail)}
-    {bindings}
+  <Label small>Destination</Label>
+  <Select
+    placeholder={null}
+    bind:value={parameters.type}
+    options={typeOptions}
+    on:change={() => (parameters.url = "")}
   />
-  <div />
-  <Checkbox text="Open screen in modal" bind:value={parameters.peek} />
+  {#if parameters.type === "screen"}
+    <DrawerBindableCombobox
+      title="Destination"
+      placeholder="/screen"
+      value={parameters.url}
+      on:change={value => (parameters.url = value.detail)}
+      {bindings}
+      options={urlOptions}
+      appendBindingsAsOptions={false}
+    />
+    <div />
+    <Checkbox text="Open screen in modal" bind:value={parameters.peek} />
+  {:else}
+    <DrawerBindableInput
+      title="Destination"
+      placeholder="/url"
+      value={parameters.url}
+      on:change={value => (parameters.url = value.detail)}
+      {bindings}
+    />
+    <div />
+    <Checkbox text="New Tab" bind:value={parameters.externalNewTab} />
+  {/if}
 </div>
 
 <style>
@@ -24,7 +68,7 @@
     display: grid;
     align-items: center;
     gap: var(--spacing-m);
-    grid-template-columns: auto 1fr;
+    grid-template-columns: auto;
     max-width: 400px;
     margin: 0 auto;
   }
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/index.js b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/index.js
index 90ce1607e4..eee7f5b757 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/index.js
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/actions/index.js
@@ -1,3 +1,4 @@
+export { default as FetchRow } from "./FetchRow.svelte"
 export { default as NavigateTo } from "./NavigateTo.svelte"
 export { default as SaveRow } from "./SaveRow.svelte"
 export { default as DeleteRow } from "./DeleteRow.svelte"
diff --git a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/manifest.json b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/manifest.json
index 7497990304..97ac9aa0b6 100644
--- a/packages/builder/src/components/design/settings/controls/ButtonActionEditor/manifest.json
+++ b/packages/builder/src/components/design/settings/controls/ButtonActionEditor/manifest.json
@@ -27,6 +27,17 @@
       "type": "data",
       "component": "DeleteRow"
     },
+    {
+      "name": "Fetch Row",
+      "type": "data",
+      "component": "FetchRow",
+      "context": [
+        {
+          "label": "Fetched row",
+          "value": "row"
+        }
+      ]
+    },
     {
       "name": "Navigate To",
       "type": "application",
@@ -135,4 +146,4 @@
       "dependsOnFeature": "sidePanel"
     }
   ]
-}
\ No newline at end of file
+}
diff --git a/packages/builder/src/components/design/settings/controls/FilterEditor/FilterDrawer.svelte b/packages/builder/src/components/design/settings/controls/FilterEditor/FilterDrawer.svelte
index bf07cddf23..f56d7a78d4 100644
--- a/packages/builder/src/components/design/settings/controls/FilterEditor/FilterDrawer.svelte
+++ b/packages/builder/src/components/design/settings/controls/FilterEditor/FilterDrawer.svelte
@@ -254,8 +254,8 @@
               {:else if filter.type === "datetime"}
                 <DatePicker
                   disabled={filter.noValue}
-                  enableTime={!getSchema(filter).dateOnly}
-                  timeOnly={getSchema(filter).timeOnly}
+                  enableTime={!getSchema(filter)?.dateOnly}
+                  timeOnly={getSchema(filter)?.timeOnly}
                   bind:value={filter.value}
                 />
               {:else}
diff --git a/packages/builder/src/components/integration/QueryViewer.svelte b/packages/builder/src/components/integration/QueryViewer.svelte
index 2109356c74..7a76970ecb 100644
--- a/packages/builder/src/components/integration/QueryViewer.svelte
+++ b/packages/builder/src/components/integration/QueryViewer.svelte
@@ -35,6 +35,7 @@
   let parameters
   let data = []
   let saveId
+  let currentTab = "JSON"
 
   $: datasource = $datasources.list.find(ds => ds._id === query.datasourceId)
   $: query.schema = fieldsToSchema(fields)
@@ -84,7 +85,16 @@
         return
       }
       data = response.rows
+      // need to merge fields that already exist/might have changed
+      if (fields) {
+        for (let key of Object.keys(response.schema)) {
+          if (fields[key]) {
+            response.schema[key] = fields[key]
+          }
+        }
+      }
       fields = response.schema
+      currentTab = "JSON"
       notifications.success("Query executed successfully")
     } catch (error) {
       notifications.error(`Query Error: ${error.message}`)
@@ -205,7 +215,7 @@
       </Body>
       <section class="viewer">
         {#if data}
-          <Tabs selected="JSON">
+          <Tabs bind:selected={currentTab}>
             <Tab title="JSON">
               <JSONPreview data={data[0]} minHeight="120" />
             </Tab>
diff --git a/packages/builder/src/components/portal/onboarding/TourPopover.svelte b/packages/builder/src/components/portal/onboarding/TourPopover.svelte
index e6a4ed3b27..37ed0c6350 100644
--- a/packages/builder/src/components/portal/onboarding/TourPopover.svelte
+++ b/packages/builder/src/components/portal/onboarding/TourPopover.svelte
@@ -122,7 +122,9 @@
         <Layout noPadding gap="M">
           <div class="tour-header">
             <Heading size="XS">{tourStep?.title || "-"}</Heading>
-            <div>{`${tourStepIdx + 1}/${tourSteps?.length}`}</div>
+            {#if tourSteps?.length > 1}
+              <div>{`${tourStepIdx + 1}/${tourSteps?.length}`}</div>
+            {/if}
           </div>
           <Body size="S">
             <span class="tour-body">
diff --git a/packages/builder/src/components/portal/onboarding/TourWrap.svelte b/packages/builder/src/components/portal/onboarding/TourWrap.svelte
index 1be149f7fa..2fff8507c5 100644
--- a/packages/builder/src/components/portal/onboarding/TourWrap.svelte
+++ b/packages/builder/src/components/portal/onboarding/TourWrap.svelte
@@ -6,16 +6,19 @@
 
   export let tourStepKey
 
-  let currentTour
+  let currentTourStep
   let ready = false
   let handler
 
   onMount(() => {
     if (!$store.tourKey) return
 
-    currentTour = TOURS[$store.tourKey].find(step => step.id === tourStepKey)
+    currentTourStep = TOURS[$store.tourKey].find(
+      step => step.id === tourStepKey
+    )
+    if (!currentTourStep) return
 
-    const elem = document.querySelector(currentTour.query)
+    const elem = document.querySelector(currentTourStep.query)
     handler = tourHandler(elem, tourStepKey)
     ready = true
   })
diff --git a/packages/builder/src/components/portal/onboarding/tours.js b/packages/builder/src/components/portal/onboarding/tours.js
index d1485c4872..e28c638a4a 100644
--- a/packages/builder/src/components/portal/onboarding/tours.js
+++ b/packages/builder/src/components/portal/onboarding/tours.js
@@ -9,11 +9,14 @@ export const TOUR_STEP_KEYS = {
   BUILDER_APP_PUBLISH: "builder-app-publish",
   BUILDER_DATA_SECTION: "builder-data-section",
   BUILDER_DESIGN_SECTION: "builder-design-section",
+  BUILDER_USER_MANAGEMENT: "builder-user-management",
   BUILDER_AUTOMATE_SECTION: "builder-automate-section",
+  FEATURE_USER_MANAGEMENT: "feature-user-management",
 }
 
 export const TOUR_KEYS = {
   TOUR_BUILDER_ONBOARDING: "builder-onboarding",
+  FEATURE_ONBOARDING: "feature-onboarding",
 }
 
 const tourEvent = eventKey => {
@@ -58,6 +61,15 @@ const getTours = () => {
         },
         align: "left",
       },
+      {
+        id: TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT,
+        title: "Users",
+        query: ".toprightnav #builder-app-users-button",
+        body: "Add users to your app and control what level of access they have.",
+        onLoad: () => {
+          tourEvent(TOUR_STEP_KEYS.BUILDER_USER_MANAGEMENT)
+        },
+      },
       {
         id: TOUR_STEP_KEYS.BUILDER_APP_PUBLISH,
         title: "Publish",
@@ -79,6 +91,37 @@ const getTours = () => {
             // Update the cached user
             await auth.getSelf()
 
+            store.update(state => ({
+              ...state,
+              tourNodes: undefined,
+              tourKey: undefined,
+              tourKeyStep: undefined,
+              onboarding: false,
+            }))
+          }
+        },
+      },
+    ],
+    [TOUR_KEYS.FEATURE_ONBOARDING]: [
+      {
+        id: TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT,
+        title: "Users",
+        query: ".toprightnav #builder-app-users-button",
+        body: "Add users to your app and control what level of access they have.",
+        onLoad: () => {
+          tourEvent(TOUR_STEP_KEYS.FEATURE_USER_MANAGEMENT)
+        },
+        onComplete: async () => {
+          // Push the onboarding forward
+          if (get(auth).user) {
+            await users.save({
+              ...get(auth).user,
+              onboardedAt: new Date().toISOString(),
+            })
+
+            // Update the cached user
+            await auth.getSelf()
+
             store.update(state => ({
               ...state,
               tourNodes: undefined,
diff --git a/packages/builder/src/components/settings/UserGroupPicker.svelte b/packages/builder/src/components/settings/UserGroupPicker.svelte
index 1c69e48da1..b1b59cda7a 100644
--- a/packages/builder/src/components/settings/UserGroupPicker.svelte
+++ b/packages/builder/src/components/settings/UserGroupPicker.svelte
@@ -18,7 +18,7 @@
     return list.map(item => {
       return {
         ...item,
-        selected: selected.find(x => x === item._id) != null,
+        selected: selected?.find(x => x === item._id) != null,
       }
     })
   }
diff --git a/packages/builder/src/components/start/CreateAppModal.svelte b/packages/builder/src/components/start/CreateAppModal.svelte
index 9ebc046cdc..62194df3db 100644
--- a/packages/builder/src/components/start/CreateAppModal.svelte
+++ b/packages/builder/src/components/start/CreateAppModal.svelte
@@ -26,7 +26,15 @@
 
   const values = writable({ name: "", url: null })
   const validation = createValidationStore()
-  $: validation.check($values)
+
+  $: {
+    const { url } = $values
+
+    validation.check({
+      ...$values,
+      url: url?.[0] === "/" ? url.substring(1, url.length) : url,
+    })
+  }
 
   onMount(async () => {
     const lastChar = $auth.user?.firstName
@@ -87,7 +95,11 @@
     appValidation.url(validation, { apps: applications })
     appValidation.file(validation, { template })
     // init validation
-    validation.check($values)
+    const { url } = $values
+    validation.check({
+      ...$values,
+      url: url?.[0] === "/" ? url.substring(1, url.length) : url,
+    })
   }
 
   async function createNewApp() {
diff --git a/packages/builder/src/components/start/UpdateAppModal.svelte b/packages/builder/src/components/start/UpdateAppModal.svelte
index a41ebccaeb..59d2957bf5 100644
--- a/packages/builder/src/components/start/UpdateAppModal.svelte
+++ b/packages/builder/src/components/start/UpdateAppModal.svelte
@@ -23,14 +23,25 @@
   })
   const validation = createValidationStore()
 
-  $: validation.check($values)
+  $: {
+    const { url } = $values
+
+    validation.check({
+      ...$values,
+      url: url?.[0] === "/" ? url.substring(1, url.length) : url,
+    })
+  }
 
   const setupValidation = async () => {
     const applications = svelteGet(apps)
     appValidation.name(validation, { apps: applications, currentApp: app })
     appValidation.url(validation, { apps: applications, currentApp: app })
     // init validation
-    validation.check($values)
+    const { url } = $values
+    validation.check({
+      ...$values,
+      url: url?.[0] === "/" ? url.substring(1, url.length) : url,
+    })
   }
 
   async function updateApp() {
diff --git a/packages/builder/src/constants/index.js b/packages/builder/src/constants/index.js
index 803cafcffb..99c731231d 100644
--- a/packages/builder/src/constants/index.js
+++ b/packages/builder/src/constants/index.js
@@ -46,7 +46,7 @@ export const LAYOUT_NAMES = {
 // one or more word characters and whitespace
 export const APP_NAME_REGEX = /^[\w\s]+$/
 // zero or more non-whitespace characters
-export const APP_URL_REGEX = /^\S*$/
+export const APP_URL_REGEX = /^[0-9a-zA-Z-_]+$/
 
 export const DefaultAppTheme = {
   primaryColor: "var(--spectrum-global-color-blue-600)",
@@ -62,3 +62,8 @@ export const PluginSource = {
   GITHUB: "Github",
   FILE: "File Upload",
 }
+
+export const OnboardingType = {
+  EMAIL: "email",
+  PASSWORD: "password",
+}
diff --git a/packages/builder/src/helpers/userInitials.js b/packages/builder/src/helpers/userInitials.js
new file mode 100644
index 0000000000..c87d38c494
--- /dev/null
+++ b/packages/builder/src/helpers/userInitials.js
@@ -0,0 +1,13 @@
+const getUserInitials = user => {
+  if (user.firstName && user.lastName) {
+    return user.firstName[0] + user.lastName[0]
+  } else if (user.firstName) {
+    return user.firstName[0]
+  } else if (user.email) {
+    return user.email[0]
+  }
+
+  return "U"
+}
+
+export default getUserInitials
diff --git a/packages/builder/src/helpers/validation/yup/app.js b/packages/builder/src/helpers/validation/yup/app.js
index 4e41576d46..8498255cc9 100644
--- a/packages/builder/src/helpers/validation/yup/app.js
+++ b/packages/builder/src/helpers/validation/yup/app.js
@@ -62,11 +62,9 @@ export const url = (validation, { apps, currentApp } = { apps: [] }) => {
         }
         // make it clear that this is a url path and cannot be a full url
         return (
-          value.startsWith("/") &&
           !value.includes("http") &&
           !value.includes("www") &&
-          !value.includes(".") &&
-          value.length > 1 // just '/' is not valid
+          !value.includes(".")
         )
       })
   )
diff --git a/packages/builder/src/pages/builder/admin/index.svelte b/packages/builder/src/pages/builder/admin/index.svelte
index cc1a70b3bc..dc87054b0c 100644
--- a/packages/builder/src/pages/builder/admin/index.svelte
+++ b/packages/builder/src/pages/builder/admin/index.svelte
@@ -149,6 +149,7 @@
     <Layout gap="XS" noPadding justifyItems="center">
       <Button
         cta
+        size="L"
         disabled={Object.keys(errors).length > 0 || submitted}
         on:click={save}
       >
diff --git a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
new file mode 100644
index 0000000000..a38751f5d4
--- /dev/null
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@@ -0,0 +1,763 @@
+<script>
+  import {
+    Icon,
+    Heading,
+    Layout,
+    Input,
+    clickOutside,
+    notifications,
+    ActionButton,
+  } from "@budibase/bbui"
+  import { store } from "builderStore"
+  import { groups, licensing, apps, users } from "stores/portal"
+  import { fetchData } from "@budibase/frontend-core"
+  import { API } from "api"
+  import { onMount } from "svelte"
+  import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
+  import RoleSelect from "components/common/RoleSelect.svelte"
+  import { Constants, Utils } from "@budibase/frontend-core"
+  import { emailValidator } from "helpers/validation"
+  import CopyInput from "components/common/inputs/CopyInput.svelte"
+  import { roles } from "stores/backend"
+
+  let query = null
+  let loaded = false
+  let rendered = false
+  let inviting = false
+  let searchFocus = false
+
+  let appInvites = []
+  let filteredInvites = []
+  let filteredUsers = []
+  let filteredGroups = []
+  let selectedGroup
+  let userOnboardResponse = null
+
+  $: queryIsEmail = emailValidator(query) === true
+  $: prodAppId = apps.getProdAppID($store.appId)
+  $: promptInvite = showInvite(
+    filteredInvites,
+    filteredUsers,
+    filteredGroups,
+    query
+  )
+
+  const showInvite = (invites, users, groups, query) => {
+    return !invites?.length && !users?.length && !groups?.length && query
+  }
+
+  const filterInvites = async query => {
+    appInvites = await getInvites()
+    if (!query || query == "") {
+      filteredInvites = appInvites
+      return
+    }
+    filteredInvites = appInvites.filter(invite => invite.email.includes(query))
+  }
+
+  $: filterInvites(query)
+
+  const usersFetch = fetchData({
+    API,
+    datasource: {
+      type: "user",
+    },
+  })
+
+  const searchUsers = async (query, sidePaneOpen, loaded) => {
+    if (!sidePaneOpen || !loaded) {
+      return
+    }
+    if (!prodAppId) {
+      console.log("Application id required")
+      return
+    }
+    await usersFetch.update({
+      query: {
+        appId: query ? null : prodAppId,
+        email: query,
+        paginated: query ? null : false,
+      },
+    })
+    await usersFetch.refresh()
+
+    filteredUsers = $usersFetch.rows.map(user => {
+      const isBuilderOrAdmin = user.admin?.global || user.builder?.global
+      let role = undefined
+      if (isBuilderOrAdmin) {
+        role = Constants.Roles.ADMIN
+      } else {
+        const appRole = Object.keys(user.roles).find(x => x === prodAppId)
+        if (appRole) {
+          role = user.roles[appRole]
+        }
+      }
+
+      return {
+        ...user,
+        role,
+        isBuilderOrAdmin,
+      }
+    })
+  }
+
+  const debouncedUpdateFetch = Utils.debounce(searchUsers, 250)
+  $: debouncedUpdateFetch(query, $store.builderSidePanel, loaded)
+
+  const updateAppUser = async (user, role) => {
+    if (!prodAppId) {
+      notifications.error("Application id must be specified")
+      return
+    }
+    const update = await users.get(user._id)
+    await users.save({
+      ...update,
+      roles: {
+        ...update.roles,
+        [prodAppId]: role,
+      },
+    })
+    await searchUsers(query, $store.builderSidePanel, loaded)
+  }
+
+  const onUpdateUser = async (user, role) => {
+    if (!user) {
+      notifications.error("A user must be specified")
+      return
+    }
+    try {
+      if (user.role === role) {
+        return
+      }
+      await updateAppUser(user, role)
+    } catch (error) {
+      console.error(error)
+      notifications.error("User could not be updated")
+    }
+  }
+
+  const updateAppGroup = async (target, role) => {
+    if (!prodAppId) {
+      notifications.error("Application id must be specified")
+      return
+    }
+
+    if (!role) {
+      await groups.actions.removeApp(target._id, prodAppId)
+    } else {
+      await groups.actions.addApp(target._id, prodAppId, role)
+    }
+
+    await usersFetch.refresh()
+    await groups.actions.init()
+  }
+
+  const onUpdateGroup = async (group, role) => {
+    if (!group) {
+      notifications.error("A group must be specified")
+      return
+    }
+    try {
+      await updateAppGroup(group, role)
+    } catch {
+      notifications.error("Group update failed")
+    }
+  }
+
+  const getAppGroups = (allGroups, appId) => {
+    if (!allGroups) {
+      return []
+    }
+    return allGroups.filter(group => {
+      if (!group.roles) {
+        return false
+      }
+      return groups.actions.getGroupAppIds(group).includes(appId)
+    })
+  }
+
+  const searchGroups = (userGroups, query) => {
+    let filterGroups = query?.length
+      ? userGroups
+      : getAppGroups(userGroups, prodAppId)
+    return filterGroups
+      .filter(group => {
+        if (!query?.length) {
+          return true
+        }
+        //Group Name only.
+        const nameMatch = group.name
+          ?.toLowerCase()
+          .includes(query?.toLowerCase())
+
+        return nameMatch
+      })
+      .map(enrichGroupRole)
+  }
+
+  const enrichGroupRole = group => {
+    return {
+      ...group,
+      role: group.roles?.[
+        groups.actions.getGroupAppIds(group).find(x => x === prodAppId)
+      ],
+    }
+  }
+
+  const getEnrichedGroups = groups => {
+    return groups.map(enrichGroupRole)
+  }
+
+  // Adds the 'role' attribute and sets it to the current app.
+  $: enrichedGroups = getEnrichedGroups($groups)
+  $: filteredGroups = searchGroups(enrichedGroups, query)
+  $: groupUsers = buildGroupUsers(filteredGroups, filteredUsers)
+  $: allUsers = [...filteredUsers, ...groupUsers]
+
+  /*
+    Create pseudo users from the "users" attribute on app groups.
+    These users will appear muted in the UI and show the ROLE
+    inherited from their parent group. The users allow assigning of user 
+    specific roles for the app.
+  */
+  const buildGroupUsers = (userGroups, filteredUsers) => {
+    if (query) {
+      return []
+    }
+    // Must exclude users who have explicit privileges
+    const userByEmail = filteredUsers.reduce((acc, user) => {
+      if (user.role || user.admin?.global || user.builder?.global) {
+        acc.push(user.email)
+      }
+      return acc
+    }, [])
+
+    const indexedUsers = userGroups.reduce((acc, group) => {
+      group.users.forEach(user => {
+        if (userByEmail.indexOf(user.email) == -1) {
+          acc[user._id] = {
+            _id: user._id,
+            email: user.email,
+            role: group.role,
+            group: group.name,
+          }
+        }
+      })
+      return acc
+    }, {})
+    return Object.values(indexedUsers)
+  }
+
+  const getInvites = async () => {
+    try {
+      const invites = await users.getInvites()
+      return invites
+    } catch (error) {
+      notifications.error(error.message)
+      return []
+    }
+  }
+
+  async function inviteUser() {
+    if (!queryIsEmail) {
+      notifications.error("Email is not valid")
+      return
+    }
+    const newUserEmail = query + ""
+    inviting = true
+
+    const payload = [
+      {
+        email: newUserEmail,
+        builder: false,
+        admin: false,
+        apps: { [prodAppId]: Constants.Roles.BASIC },
+      },
+    ]
+    let userInviteResponse
+    try {
+      userInviteResponse = await users.onboard(payload)
+
+      const newUser = userInviteResponse?.successful.find(
+        user => user.email === newUserEmail
+      )
+      if (newUser) {
+        notifications.success(
+          userInviteResponse.created
+            ? "User created successfully"
+            : "User invite successful"
+        )
+      } else {
+        throw new Error("User invite failed")
+      }
+    } catch (error) {
+      console.error(error.message)
+      notifications.error("Error inviting user")
+    }
+    inviting = false
+    return userInviteResponse
+  }
+
+  const onInviteUser = async () => {
+    userOnboardResponse = await inviteUser()
+
+    const userInviteSuccess = userOnboardResponse?.successful
+    if (userInviteSuccess && userInviteSuccess[0].email === query) {
+      query = null
+      query = userInviteSuccess[0].email
+    }
+  }
+
+  const onUpdateUserInvite = async (invite, role) => {
+    await users.updateInvite({
+      code: invite.code,
+      apps: {
+        ...invite.apps,
+        [prodAppId]: role,
+      },
+    })
+    await filterInvites()
+  }
+
+  const onUninviteAppUser = async invite => {
+    await uninviteAppUser(invite)
+    await filterInvites()
+  }
+
+  // Purge only the app from the invite or recind the invite if only 1 app remains?
+  const uninviteAppUser = async invite => {
+    let updated = { ...invite }
+    delete updated.info.apps[prodAppId]
+
+    return await users.updateInvite({
+      code: updated.code,
+      apps: updated.apps,
+    })
+  }
+
+  const initSidePanel = async sidePaneOpen => {
+    if (sidePaneOpen === true) {
+      await groups.actions.init()
+    }
+    loaded = true
+  }
+
+  $: initSidePanel($store.builderSidePanel)
+
+  onMount(() => {
+    rendered = true
+  })
+
+  const userTitle = user => {
+    if (user.admin?.global) {
+      return "Admin"
+    } else if (user.builder?.global) {
+      return "Developer"
+    } else {
+      return "App user"
+    }
+  }
+
+  const getRoleFooter = user => {
+    if (user.group) {
+      const role = $roles.find(role => role._id === user.role)
+      return `This user has been given ${role?.name} access from the ${user.group} group`
+    }
+    if (user.isBuilderOrAdmin) {
+      return "This user's role grants admin access to all apps"
+    }
+    return null
+  }
+</script>
+
+<div
+  id="builder-side-panel-container"
+  class:open={$store.builderSidePanel}
+  use:clickOutside={$store.builderSidePanel
+    ? () => {
+        store.update(state => {
+          state.builderSidePanel = false
+          return state
+        })
+      }
+    : () => {}}
+>
+  <div class="builder-side-panel-header">
+    <Heading size="S">Users</Heading>
+    <Icon
+      color="var(--spectrum-global-color-gray-600)"
+      name="RailRightClose"
+      hoverable
+      on:click={() => {
+        store.update(state => {
+          state.builderSidePanel = false
+          return state
+        })
+      }}
+    />
+  </div>
+  <div class="search" class:focused={searchFocus}>
+    <span class="search-input">
+      <Input
+        placeholder={"Add users and groups to your app"}
+        autocomplete="off"
+        disabled={inviting}
+        value={query}
+        on:input={e => {
+          query = e.target.value.trim()
+        }}
+        on:focus={() => (searchFocus = true)}
+        on:blur={() => (searchFocus = false)}
+      />
+    </span>
+
+    <span
+      class="search-input-icon"
+      class:searching={query}
+      on:click={() => {
+        if (!query) {
+          return
+        }
+        query = null
+        userOnboardResponse = null
+      }}
+    >
+      <Icon name={query ? "Close" : "Search"} />
+    </span>
+  </div>
+
+  <div class="body">
+    {#if promptInvite && !userOnboardResponse}
+      <Layout gap="S" paddingX="XL">
+        <div class="invite-header">
+          <Heading size="XS">No user found</Heading>
+          <div class="invite-directions">
+            Add a valid email to invite a new user
+          </div>
+        </div>
+        <div class="invite-form">
+          <span>{query || ""}</span>
+          <ActionButton
+            icon="UserAdd"
+            disabled={!queryIsEmail || inviting}
+            on:click={onInviteUser}
+          >
+            Add user
+          </ActionButton>
+        </div>
+      </Layout>
+    {/if}
+
+    {#if !promptInvite}
+      <Layout gap="L" noPadding>
+        {#if filteredInvites?.length}
+          <Layout noPadding gap="XS">
+            <div class="auth-entity-header">
+              <div class="auth-entity-title">Pending invites</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each filteredInvites as invite}
+              <div class="auth-entity">
+                <div class="details">
+                  <div class="user-email" title={invite.email}>
+                    {invite.email}
+                  </div>
+                </div>
+                <div class="auth-entity-access">
+                  <RoleSelect
+                    placeholder={false}
+                    value={invite.info.apps?.[prodAppId]}
+                    allowRemove={invite.info.apps?.[prodAppId]}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateUserInvite(invite, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUninviteAppUser(invite)
+                    }}
+                    autoWidth
+                    align="right"
+                  />
+                </div>
+              </div>
+            {/each}
+          </Layout>
+        {/if}
+
+        {#if $licensing.groupsEnabled && filteredGroups?.length}
+          <Layout noPadding gap="XS">
+            <div class="auth-entity-header">
+              <div class="auth-entity-title">Groups</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each filteredGroups as group}
+              <div
+                class="auth-entity group"
+                on:click={() => {
+                  if (selectedGroup != group._id) {
+                    selectedGroup = group._id
+                  } else {
+                    selectedGroup = null
+                  }
+                }}
+                on:keydown={() => {}}
+              >
+                <div class="details">
+                  <GroupIcon {group} size="S" />
+                  <div>
+                    {group.name}
+                  </div>
+                  <div class="auth-entity-meta">
+                    {`${group.users?.length} user${
+                      group.users?.length != 1 ? "s" : ""
+                    }`}
+                  </div>
+                </div>
+                <div class="auth-entity-access">
+                  <RoleSelect
+                    placeholder={false}
+                    value={group.role}
+                    allowRemove={group.role}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateGroup(group, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUpdateGroup(group)
+                    }}
+                    autoWidth
+                    align="right"
+                  />
+                </div>
+              </div>
+            {/each}
+          </Layout>
+        {/if}
+
+        {#if filteredUsers?.length}
+          <div class="auth-entity-section">
+            <div class="auth-entity-header ">
+              <div class="auth-entity-title">Users</div>
+              <div class="auth-entity-access-title">Access</div>
+            </div>
+            {#each allUsers as user}
+              <div class="auth-entity">
+                <div class="details">
+                  <div class="user-email" title={user.email}>
+                    {user.email}
+                  </div>
+                  <div class="auth-entity-meta">
+                    {userTitle(user)}
+                  </div>
+                </div>
+                <div class="auth-entity-access" class:muted={user.group}>
+                  <RoleSelect
+                    footer={getRoleFooter(user)}
+                    placeholder={false}
+                    value={user.role}
+                    allowRemove={user.role && !user.group}
+                    allowPublic={false}
+                    quiet={true}
+                    on:change={e => {
+                      onUpdateUser(user, e.detail)
+                    }}
+                    on:remove={() => {
+                      onUpdateUser(user)
+                    }}
+                    autoWidth
+                    align="right"
+                    allowedRoles={user.isBuilderOrAdmin
+                      ? [Constants.Roles.ADMIN]
+                      : null}
+                  />
+                </div>
+              </div>
+            {/each}
+          </div>
+        {/if}
+      </Layout>
+    {/if}
+
+    {#if userOnboardResponse?.created}
+      <Layout gap="S" paddingX="XL">
+        <div class="invite-header">
+          <Heading size="XS">User added!</Heading>
+          <div class="invite-directions">
+            Email invites are not available without SMTP configuration. Here is
+            the password that has been generated for this user.
+          </div>
+        </div>
+        <div>
+          <CopyInput
+            value={userOnboardResponse.successful[0]?.password}
+            label="Password"
+          />
+        </div>
+      </Layout>
+    {/if}
+  </div>
+</div>
+
+<style>
+  .search :global(input) {
+    padding-left: 0px;
+  }
+
+  .search {
+    display: flex;
+    align-items: center;
+  }
+
+  .search-input {
+    flex: 1;
+  }
+
+  .search-input-icon.searching {
+    cursor: pointer;
+  }
+
+  .auth-entity-section {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-s);
+    width: 400px;
+  }
+
+  .auth-entity-meta {
+    color: var(--spectrum-global-color-gray-600);
+    font-size: 12px;
+    white-space: nowrap;
+  }
+
+  .auth-entity-access {
+    margin-right: var(--spacing-m);
+  }
+  .auth-entity-access.muted :global(.spectrum-Picker-label),
+  .auth-entity-access.muted :global(.spectrum-StatusLight) {
+    opacity: 0.5;
+  }
+
+  .auth-entity-header {
+    color: var(--spectrum-global-color-gray-600);
+  }
+
+  .auth-entity,
+  .auth-entity-header {
+    padding: 0px var(--spacing-xl);
+  }
+
+  .auth-entity,
+  .auth-entity-header {
+    display: grid;
+    grid-template-columns: 1fr 110px;
+    align-items: center;
+    gap: var(--spacing-xl);
+  }
+
+  .auth-entity .details {
+    display: flex;
+    align-items: center;
+    gap: var(--spacing-m);
+    color: var(--spectrum-global-color-gray-900);
+  }
+
+  .auth-entity .user-email {
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    overflow: hidden;
+    color: var(--spectrum-global-color-gray-900);
+  }
+
+  #builder-side-panel-container {
+    box-sizing: border-box;
+    max-width: calc(100vw - 40px);
+    background: var(--background);
+    border-left: var(--border-light);
+    z-index: 3;
+    display: flex;
+    flex-direction: column;
+    overflow-y: auto;
+    overflow-x: hidden;
+    transition: transform 130ms ease-out;
+    position: absolute;
+    width: 400px;
+    right: 0;
+    transform: translateX(100%);
+    height: 100%;
+  }
+
+  .builder-side-panel-header,
+  #builder-side-panel-container .search {
+    padding: 0px var(--spacing-xl);
+  }
+
+  #builder-side-panel-container .auth-entity .details {
+    box-sizing: border-box;
+  }
+
+  .invite-form {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+  }
+
+  #builder-side-panel-container .search {
+    padding-top: var(--spacing-m);
+    padding-bottom: var(--spacing-m);
+    border-top: var(--border-light);
+    border-bottom: var(--border-light);
+    border-left: 2px solid transparent;
+    border-right: 2px solid transparent;
+    margin-right: 1px;
+  }
+
+  #builder-side-panel-container .search :global(input) {
+    border: none;
+    border-radius: 0px;
+    background: none;
+  }
+
+  #builder-side-panel-container .search :global(input) {
+    border: none;
+    border-radius: 0px;
+  }
+
+  #builder-side-panel-container .search.focused {
+    border-color: var(
+      --spectrum-textfield-m-border-color-down,
+      var(--spectrum-alias-border-color-mouse-focus)
+    );
+  }
+
+  #builder-side-panel-container .search :global(input::placeholder) {
+    font-style: normal;
+  }
+
+  #builder-side-panel-container.open {
+    transform: translateX(0);
+    box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);
+  }
+
+  .builder-side-panel-header {
+    height: 58px;
+    display: flex;
+    flex-direction: row;
+    justify-content: space-between;
+    align-items: center;
+  }
+
+  .invite-header {
+    display: flex;
+    gap: var(--spacing-s);
+    flex-direction: column;
+  }
+
+  .body {
+    display: flex;
+    flex-direction: column;
+    gap: var(--spacing-xl);
+    padding: var(--spacing-xl) 0;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/app/[application]/_layout.svelte b/packages/builder/src/pages/builder/app/[application]/_layout.svelte
index f561bd8ecd..a4b4982fca 100644
--- a/packages/builder/src/pages/builder/app/[application]/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_layout.svelte
@@ -13,15 +13,14 @@
     notifications,
   } from "@budibase/bbui"
 
-  import RevertModal from "components/deploy/RevertModal.svelte"
-  import VersionModal from "components/deploy/VersionModal.svelte"
-  import DeployNavigation from "components/deploy/DeployNavigation.svelte"
+  import AppActions from "components/deploy/AppActions.svelte"
   import { API } from "api"
   import { isActive, goto, layout, redirect } from "@roxi/routify"
   import { capitalise } from "helpers"
   import { onMount, onDestroy } from "svelte"
   import TourWrap from "components/portal/onboarding/TourWrap.svelte"
   import TourPopover from "components/portal/onboarding/TourPopover.svelte"
+  import BuilderSidePanel from "./_components/BuilderSidePanel.svelte"
   import { TOUR_KEYS, TOURS } from "components/portal/onboarding/tours.js"
 
   export let application
@@ -69,22 +68,32 @@
   }
 
   const initTour = async () => {
-    if (
-      !$auth.user?.onboardedAt &&
-      isEnabled(TENANT_FEATURE_FLAGS.ONBOARDING_TOUR)
-    ) {
-      // Determine the correct step
-      const activeNav = $layout.children.find(c => $isActive(c.path))
-      const onboardingTour = TOURS[TOUR_KEYS.TOUR_BUILDER_ONBOARDING]
-      const targetStep = activeNav
-        ? onboardingTour.find(step => step.route === activeNav?.path)
-        : null
-      await store.update(state => ({
-        ...state,
-        onboarding: true,
-        tourKey: TOUR_KEYS.TOUR_BUILDER_ONBOARDING,
-        tourStepKey: targetStep?.id,
-      }))
+    // Check if onboarding is enabled.
+    if (isEnabled(TENANT_FEATURE_FLAGS.ONBOARDING_TOUR)) {
+      if (!$auth.user?.onboardedAt) {
+        // Determine the correct step
+        const activeNav = $layout.children.find(c => $isActive(c.path))
+        const onboardingTour = TOURS[TOUR_KEYS.TOUR_BUILDER_ONBOARDING]
+        const targetStep = activeNav
+          ? onboardingTour.find(step => step.route === activeNav?.path)
+          : null
+        await store.update(state => ({
+          ...state,
+          onboarding: true,
+          tourKey: TOUR_KEYS.TOUR_BUILDER_ONBOARDING,
+          tourStepKey: targetStep?.id,
+        }))
+      } else {
+        // Feature tour date
+        const release_date = new Date("2023-03-01T00:00:00.000Z")
+        const onboarded = new Date($auth.user?.onboardedAt)
+        if (onboarded < release_date) {
+          await store.update(state => ({
+            ...state,
+            tourKey: TOUR_KEYS.FEATURE_ONBOARDING,
+          }))
+        }
+      }
     }
   }
 
@@ -116,6 +125,11 @@
   <div class="loading" />
 {:then _}
   <TourPopover />
+
+  {#if $store.builderSidePanel}
+    <BuilderSidePanel />
+  {/if}
+
   <div class="root">
     <div class="top-nav">
       <div class="topleftnav">
@@ -181,11 +195,7 @@
         </Tabs>
       </div>
       <div class="toprightnav">
-        <div class="version">
-          <VersionModal />
-        </div>
-        <RevertModal />
-        <DeployNavigation {application} />
+        <AppActions {application} />
       </div>
     </div>
     <slot />
@@ -250,10 +260,6 @@
     flex-direction: row;
     justify-content: flex-end;
     align-items: center;
-    gap: var(--spacing-xl);
-  }
-
-  .version {
-    margin-right: var(--spacing-s);
+    gap: var(--spacing-l);
   }
 </style>
diff --git a/packages/builder/src/pages/builder/app/[application]/automate/[automation]/_layout.svelte b/packages/builder/src/pages/builder/app/[application]/automate/[automationId]/_layout.svelte
similarity index 100%
rename from packages/builder/src/pages/builder/app/[application]/automate/[automation]/_layout.svelte
rename to packages/builder/src/pages/builder/app/[application]/automate/[automationId]/_layout.svelte
diff --git a/packages/builder/src/pages/builder/app/[application]/automate/[automation]/index.svelte b/packages/builder/src/pages/builder/app/[application]/automate/[automationId]/index.svelte
similarity index 100%
rename from packages/builder/src/pages/builder/app/[application]/automate/[automation]/index.svelte
rename to packages/builder/src/pages/builder/app/[application]/automate/[automationId]/index.svelte
diff --git a/packages/builder/src/pages/builder/app/[application]/automate/_layout.svelte b/packages/builder/src/pages/builder/app/[application]/automate/_layout.svelte
index b1d01d58cf..74dfe671ab 100644
--- a/packages/builder/src/pages/builder/app/[application]/automate/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/automate/_layout.svelte
@@ -1,30 +1,40 @@
 <script>
   import { Heading, Body, Layout, Button, Modal } from "@budibase/bbui"
-  import { automationStore } from "builderStore"
+  import { automationStore, selectedAutomation } from "builderStore"
   import AutomationPanel from "components/automation/AutomationPanel/AutomationPanel.svelte"
   import CreateAutomationModal from "components/automation/AutomationPanel/CreateAutomationModal.svelte"
   import CreateWebhookModal from "components/automation/Shared/CreateWebhookModal.svelte"
   import TestPanel from "components/automation/AutomationBuilder/TestPanel.svelte"
-  import { onMount } from "svelte"
+  import { onDestroy, onMount } from "svelte"
+  import { syncURLToState } from "helpers/urlStateSync"
+  import * as routify from "@roxi/routify"
 
-  $: automation =
-    $automationStore.selectedAutomation?.automation ||
-    $automationStore.automations[0]
+  // Keep URL and state in sync for selected screen ID
+  const stopSyncing = syncURLToState({
+    urlParam: "automationId",
+    stateKey: "selectedAutomationId",
+    validate: id => $automationStore.automations.some(x => x._id === id),
+    fallbackUrl: "./index",
+    store: automationStore,
+    up: automationStore.actions.select,
+    routify,
+  })
 
   let modal
   let webhookModal
+
   onMount(() => {
     $automationStore.showTestPanel = false
   })
+
+  onDestroy(stopSyncing)
 </script>
 
 <!-- routify:options index=3 -->
 <div class="root">
-  <div class="nav">
-    <AutomationPanel {modal} {webhookModal} />
-  </div>
+  <AutomationPanel {modal} {webhookModal} />
   <div class="content">
-    {#if automation}
+    {#if $automationStore.automations?.length}
       <slot />
     {:else}
       <div class="centered">
@@ -40,9 +50,9 @@
             </svg>
             <Heading size="M">You have no automations</Heading>
             <Body size="M">Let's fix that. Call the bots!</Body>
-            <Button on:click={() => modal.show()} size="M" cta
-              >Create automation</Button
-            >
+            <Button on:click={() => modal.show()} size="M" cta>
+              Create automation
+            </Button>
           </Layout>
         </div>
       </div>
@@ -51,7 +61,7 @@
 
   {#if $automationStore.showTestPanel}
     <div class="setup">
-      <TestPanel {automation} />
+      <TestPanel automation={$selectedAutomation} />
     </div>
   {/if}
   <Modal bind:this={modal}>
@@ -71,22 +81,8 @@
     grid-template-columns: 260px minmax(510px, 1fr) fit-content(500px);
     overflow: hidden;
   }
-
-  .nav {
-    overflow-y: auto;
-    display: flex;
-    flex-direction: column;
-    justify-content: flex-start;
-    align-items: stretch;
-    border-right: var(--border-light);
-    background-color: var(--background);
-    padding-bottom: 60px;
-    overflow: hidden;
-  }
-
   .content {
     position: relative;
-    padding-top: var(--spacing-l);
     display: flex;
     flex-direction: column;
     justify-content: flex-start;
diff --git a/packages/builder/src/pages/builder/app/[application]/automate/index.svelte b/packages/builder/src/pages/builder/app/[application]/automate/index.svelte
index b861e82dd1..ea2c853139 100644
--- a/packages/builder/src/pages/builder/app/[application]/automate/index.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/automate/index.svelte
@@ -1,17 +1,10 @@
 <script>
-  import { redirect, leftover } from "@roxi/routify"
-  import { onMount } from "svelte"
+  import { redirect } from "@roxi/routify"
   import { automationStore } from "builderStore"
 
-  onMount(async () => {
-    // navigate to first automation in list, if not already selected
-    if (
-      !$leftover &&
-      $automationStore.automations.length > 0 &&
-      (!$automationStore.selectedAutomation ||
-        !$automationStore.selectedAutomation?.automation?._id)
-    ) {
+  $: {
+    if ($automationStore.automations?.length) {
       $redirect(`./${$automationStore.automations[0]._id}`)
     }
-  })
+  }
 </script>
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/AppPanel.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/AppPanel.svelte
index e97e3ee15c..785b221239 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/AppPanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/AppPanel.svelte
@@ -1,9 +1,11 @@
 <script>
   import DevicePreviewSelect from "./DevicePreviewSelect.svelte"
   import AppPreview from "./AppPreview.svelte"
-  import { store, sortedScreens } from "builderStore"
+  import { store, sortedScreens, screenHistoryStore } from "builderStore"
   import { Select } from "@budibase/bbui"
   import { RoleUtils } from "@budibase/frontend-core"
+  import UndoRedoControl from "components/common/UndoRedoControl.svelte"
+  import { isActive } from "@roxi/routify"
 </script>
 
 <div class="app-panel">
@@ -22,6 +24,9 @@
       />
     </div>
     <div class="header-right">
+      {#if $isActive("./screens") || $isActive("./components")}
+        <UndoRedoControl store={screenHistoryStore} />
+      {/if}
       {#if $store.clientFeatures.devicePreview}
         <DevicePreviewSelect />
       {/if}
@@ -52,6 +57,7 @@
     align-items: flex-start;
     gap: var(--spacing-l);
     margin: 0 2px;
+    z-index: 1;
   }
   .header-left,
   .header-right {
@@ -59,7 +65,7 @@
     flex-direction: row;
     justify-content: flex-start;
     align-items: center;
-    gap: var(--spacing-l);
+    gap: var(--spacing-xl);
   }
   .header-left {
     flex: 1 1 auto;
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/navigation/ComponentKeyHandler.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/navigation/ComponentKeyHandler.svelte
index f83e5d6194..956e1f7a3b 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/navigation/ComponentKeyHandler.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/components/[componentId]/_components/navigation/ComponentKeyHandler.svelte
@@ -12,30 +12,30 @@
   let componentToEject
 
   const keyHandlers = {
-    ["^ArrowUp"]: async component => {
+    ["Ctrl+ArrowUp"]: async component => {
       await store.actions.components.moveUp(component)
     },
-    ["^ArrowDown"]: async component => {
+    ["Ctrl+ArrowDown"]: async component => {
       await store.actions.components.moveDown(component)
     },
-    ["^c"]: component => {
+    ["Ctrl+c"]: component => {
       store.actions.components.copy(component, false)
     },
-    ["^x"]: component => {
+    ["Ctrl+x"]: component => {
       store.actions.components.copy(component, true)
     },
-    ["^v"]: async component => {
+    ["Ctrl+v"]: async component => {
       await store.actions.components.paste(component, "inside")
     },
-    ["^d"]: async component => {
+    ["Ctrl+d"]: async component => {
       store.actions.components.copy(component)
       await store.actions.components.paste(component, "below")
     },
-    ["^e"]: component => {
+    ["Ctrl+e"]: component => {
       componentToEject = component
       confirmEjectDialog.show()
     },
-    ["^Enter"]: () => {
+    ["Ctrl+Enter"]: () => {
       $goto("./new")
     },
     ["Delete"]: component => {
@@ -53,14 +53,19 @@
       store.actions.components.selectNext()
     },
     ["Escape"]: () => {
-      if (!$isActive("/new")) {
-        return false
+      if ($isActive("./new")) {
+        $goto("./")
       }
-      $goto("./")
     },
   }
 
-  const handleKeyAction = async (event, component, key, ctrlKey = false) => {
+  const handleKeyAction = async ({
+    event,
+    component,
+    key,
+    ctrlKey = false,
+    shiftKey = false,
+  }) => {
     if (!component || !key) {
       return false
     }
@@ -69,9 +74,12 @@
       if (key === "Backspace") {
         key = "Delete"
       }
-      // Prefix key with a caret for ctrl modifier
+      // Prefix keys for modifiers
+      if (shiftKey) {
+        key = "Shift+" + key
+      }
       if (ctrlKey) {
-        key = "^" + key
+        key = "Ctrl+" + key
       }
       const handler = keyHandlers[key]
       if (!handler) {
@@ -97,19 +105,26 @@
       return
     }
     // Key events are always for the selected component
-    return await handleKeyAction(
-      e,
-      $selectedComponent,
-      e.key,
-      e.ctrlKey || e.metaKey
-    )
+    return await handleKeyAction({
+      event: e,
+      component: $selectedComponent,
+      key: e.key,
+      ctrlKey: e.ctrlKey || e.metaKey,
+      shiftKey: e.shiftKey,
+    })
   }
 
   const handleComponentMenu = async e => {
     // Menu events can be for any component
-    const { id, key, ctrlKey } = e.detail
+    const { id, key, ctrlKey, shiftKey } = e.detail
     const component = findComponent($selectedScreen.props, id)
-    return await handleKeyAction(null, component, key, ctrlKey)
+    return await handleKeyAction({
+      event: null,
+      component,
+      key,
+      ctrlKey,
+      shiftKey,
+    })
   }
 
   onMount(() => {
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/NewScreenModal.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/NewScreenModal.svelte
index b5cd28c702..e3a974b344 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/NewScreenModal.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/NewScreenModal.svelte
@@ -1,11 +1,13 @@
 <script>
   import { tables } from "stores/backend"
   import { ModalContent, Body, Layout, Icon, Heading } from "@budibase/bbui"
+  import blankScreenPreview from "./blankScreenPreview.png"
+  import listScreenPreview from "./listScreenPreview.png"
 
   export let onConfirm
   export let onCancel
 
-  let autoCreateModeKey = "autoCreate"
+  let listScreenModeKey = "autoCreate"
   let blankScreenModeKey = "blankScreen"
 
   let selectedScreenMode
@@ -23,61 +25,77 @@
     onConfirm={confirmScreenSelection}
     {onCancel}
     disabled={!selectedScreenMode}
-    size="L"
+    size="M"
   >
     <Layout noPadding gap="S">
       <div
-        class="screen-type item"
+        class="screen-type item blankView"
         class:selected={selectedScreenMode == blankScreenModeKey}
         on:click={() => {
           selectedScreenMode = blankScreenModeKey
         }}
       >
         <div class="content screen-type-wrap">
-          <Icon name="WebPage" />
+          <img
+            alt="blank screen preview"
+            class="preview"
+            src={blankScreenPreview}
+          />
           <div class="screen-type-text">
             <Heading size="XS">Blank screen</Heading>
-            <Body size="S">Add a blank screen</Body>
+            <Body size="S">Add an empty blank screen</Body>
           </div>
         </div>
         <div
           style="color: var(--spectrum-global-color-green-600); float: right"
         >
-          {#if selectedScreenMode == blankScreenModeKey}
-            <div class="checkmark-spacing">
-              <Icon size="S" name="CheckmarkCircle" />
-            </div>
-          {/if}
+          <div
+            class={`checkmark-spacing ${
+              selectedScreenMode == blankScreenModeKey ? "visible" : ""
+            }`}
+          >
+            <Icon size="S" name="CheckmarkCircle" />
+          </div>
         </div>
       </div>
 
+      <div class="listViewTitle">
+        <Heading size="XS">Quickly create a screen from your data</Heading>
+      </div>
+
       <div
         class="screen-type item"
-        class:selected={selectedScreenMode == autoCreateModeKey}
+        class:selected={selectedScreenMode == listScreenModeKey}
         on:click={() => {
-          selectedScreenMode = autoCreateModeKey
+          selectedScreenMode = listScreenModeKey
         }}
         class:disabled={!$tables.list.filter(table => table._id !== "ta_users")
           .length}
       >
         <div class="content screen-type-wrap">
-          <Icon name="WebPages" />
+          <img
+            alt="list screen preview"
+            class="preview"
+            src={listScreenPreview}
+          />
           <div class="screen-type-text">
-            <Heading size="XS">Autogenerated screens</Heading>
+            <Heading size="XS">List view</Heading>
             <Body size="S">
-              Add autogenerated screens with CRUD functionality to get a working
-              app quickly! (Requires a datasource)
+              Create, edit and view your data in a list view screen with side
+              panel
             </Body>
           </div>
         </div>
         <div
           style="color: var(--spectrum-global-color-green-600); float: right"
         >
-          {#if selectedScreenMode == autoCreateModeKey}
-            <div class="checkmark-spacing">
-              <Icon size="S" name="CheckmarkCircle" />
-            </div>
-          {/if}
+          <div
+            class={`checkmark-spacing ${
+              selectedScreenMode == listScreenModeKey ? "visible" : ""
+            }`}
+          >
+            <Icon size="S" name="CheckmarkCircle" />
+          </div>
         </div>
       </div>
     </Layout>
@@ -85,9 +103,6 @@
 </div>
 
 <style>
-  .screen-type.item {
-    padding: var(--spectrum-alias-item-padding-xl);
-  }
   .screen-type-wrap {
     display: flex;
     flex-direction: row;
@@ -99,6 +114,7 @@
   }
   .checkmark-spacing {
     margin-right: var(--spacing-m);
+    opacity: 0;
   }
   .content {
     letter-spacing: 0px;
@@ -106,7 +122,6 @@
   .item {
     cursor: pointer;
     grid-gap: var(--spectrum-alias-grid-margin-xsmall);
-    padding: var(--spectrum-alias-item-padding-s);
     background: var(--spectrum-alias-background-color-secondary);
     transition: 0.3s all;
     border: 1px solid var(--spectrum-global-color-gray-300);
@@ -132,4 +147,19 @@
   .screen-type-wrap :global(.spectrum-Heading) {
     padding-bottom: var(--spectrum-alias-item-padding-s);
   }
+  .preview {
+    width: 140px;
+  }
+
+  .listViewTitle {
+    margin-top: 35px;
+  }
+
+  .blankView {
+    margin-top: 10px;
+  }
+
+  .visible {
+    opacity: 1;
+  }
 </style>
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/ScreenSettingsPanel.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/ScreenSettingsPanel.svelte
index 507d7a36d9..02c3586f7d 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/ScreenSettingsPanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/ScreenSettingsPanel.svelte
@@ -25,7 +25,7 @@
   let errors = {}
 
   const routeTaken = url => {
-    const roleId = get(selectedScreen)?.routing.roleId || "BASIC"
+    const roleId = get(selectedScreen).routing.roleId || "BASIC"
     return get(store).screens.some(
       screen =>
         screen.routing.route.toLowerCase() === url.toLowerCase() &&
@@ -34,7 +34,7 @@
   }
 
   const roleTaken = roleId => {
-    const url = get(selectedScreen)?.routing.route
+    const url = get(selectedScreen).routing.route
     return get(store).screens.some(
       screen =>
         screen.routing.route.toLowerCase() === url.toLowerCase() &&
@@ -95,7 +95,7 @@
         return sanitizeUrl(val)
       },
       validate: route => {
-        const existingRoute = get(selectedScreen)?.routing.route
+        const existingRoute = get(selectedScreen).routing.route
         if (route !== existingRoute && routeTaken(route)) {
           return "That URL is already in use for this role"
         }
@@ -107,7 +107,7 @@
       label: "Access",
       control: RoleSelect,
       validate: role => {
-        const existingRole = get(selectedScreen)?.routing.roleId
+        const existingRole = get(selectedScreen).routing.roleId
         if (role !== existingRole && roleTaken(role)) {
           return "That role is already in use for this URL"
         }
@@ -146,7 +146,7 @@
 </script>
 
 <Panel
-  title={$selectedScreen?.routing.route}
+  title={$selectedScreen.routing.route}
   icon={$selectedScreen.routing.route === "/" ? "Home" : "WebPage"}
   borderLeft
 >
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/blankScreenPreview.png b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/blankScreenPreview.png
new file mode 100644
index 0000000000..0511e2f4fe
Binary files /dev/null and b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/blankScreenPreview.png differ
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/listScreenPreview.png b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/listScreenPreview.png
new file mode 100644
index 0000000000..b98210d90c
Binary files /dev/null and b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/_components/listScreenPreview.png differ
diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/index.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/index.svelte
index d1a5df68e1..6236721e1a 100644
--- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/index.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/screens/index.svelte
@@ -5,6 +5,8 @@
 </script>
 
 <ScreenListPanel />
-{#key $selectedScreen?._id}
-  <ScreenSettingsPanel />
-{/key}
+{#if $selectedScreen}
+  {#key $selectedScreen._id}
+    <ScreenSettingsPanel />
+  {/key}
+{/if}
diff --git a/packages/builder/src/pages/builder/auth/login.svelte b/packages/builder/src/pages/builder/auth/login.svelte
index 80122c23a5..06e09e4fee 100644
--- a/packages/builder/src/pages/builder/auth/login.svelte
+++ b/packages/builder/src/pages/builder/auth/login.svelte
@@ -79,67 +79,71 @@
           <OIDCButton oidcIcon={$oidc.logo} oidcName={$oidc.name} />
           <GoogleButton />
         </FancyForm>
-        <Divider />
       {/if}
-      <FancyForm bind:this={form}>
-        <FancyInput
-          label="Your work email"
-          value={formData.username}
-          on:change={e => {
-            formData = {
-              ...formData,
-              username: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              username: !formData.username
-                ? "Please enter a valid email"
-                : undefined,
-            }
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.username}
-        />
-        <FancyInput
-          label="Password"
-          value={formData.password}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              password: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              password: !formData.password
-                ? "Please enter your password"
-                : undefined,
-            }
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.password}
-        />
-      </FancyForm>
-    </Layout>
-    <Layout gap="XS" noPadding justifyItems="center">
-      <Button
-        size="L"
-        cta
-        disabled={Object.keys(errors).length > 0}
-        on:click={login}
-      >
-        Log in to {company}
-      </Button>
-    </Layout>
-    <Layout gap="XS" noPadding justifyItems="center">
-      <div class="user-actions">
-        <ActionButton size="L" quiet on:click={() => $goto("./forgot")}>
-          Forgot password?
-        </ActionButton>
-      </div>
+      {#if !$organisation.isSSOEnforced}
+        <Divider />
+        <FancyForm bind:this={form}>
+          <FancyInput
+            label="Your work email"
+            value={formData.username}
+            on:change={e => {
+              formData = {
+                ...formData,
+                username: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                username: !formData.username
+                  ? "Please enter a valid email"
+                  : undefined,
+              }
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.username}
+          />
+          <FancyInput
+            label="Password"
+            value={formData.password}
+            type="password"
+            on:change={e => {
+              formData = {
+                ...formData,
+                password: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                password: !formData.password
+                  ? "Please enter your password"
+                  : undefined,
+              }
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.password}
+          />
+        </FancyForm>
+      {/if}
     </Layout>
+    {#if !$organisation.isSSOEnforced}
+      <Layout gap="XS" noPadding justifyItems="center">
+        <Button
+          size="L"
+          cta
+          disabled={Object.keys(errors).length > 0}
+          on:click={login}
+        >
+          Log in to {company}
+        </Button>
+      </Layout>
+      <Layout gap="XS" noPadding justifyItems="center">
+        <div class="user-actions">
+          <ActionButton size="L" quiet on:click={() => $goto("./forgot")}>
+            Forgot password?
+          </ActionButton>
+        </div>
+      </Layout>
+    {/if}
 
     {#if cloud}
       <Body size="xs" textAlign="center">
diff --git a/packages/builder/src/pages/builder/invite/index.svelte b/packages/builder/src/pages/builder/invite/index.svelte
index 35231117c4..606a1162ce 100644
--- a/packages/builder/src/pages/builder/invite/index.svelte
+++ b/packages/builder/src/pages/builder/invite/index.svelte
@@ -13,6 +13,7 @@
   let formData = {}
   let onboarding = false
   let errors = {}
+  let loaded = false
 
   $: company = $organisation.company || "Budibase"
 
@@ -39,6 +40,11 @@
       if (invite?.email) {
         formData.email = invite?.email
       }
+      if ($organisation.isSSOEnforced) {
+        // auto accept invite and redirect to login
+        await users.acceptInvite(inviteCode)
+        $goto("../auth")
+      }
     } catch (error) {
       notifications.error(error.message)
     }
@@ -61,130 +67,135 @@
     try {
       await organisation.init()
       await getInvite()
+      loaded = true
     } catch (error) {
       notifications.error("Error getting invite config")
     }
   })
 </script>
 
-<TestimonialPage>
-  <Layout gap="M" noPadding>
-    <img alt="logo" src={$organisation.logoUrl || Logo} />
-    <Layout gap="XS" noPadding>
-      <Heading size="M">Join {company}</Heading>
-      <Body size="M">Create your account to access your budibase apps!</Body>
-    </Layout>
+{#if loaded}
+  <TestimonialPage>
+    <Layout gap="M" noPadding>
+      <img alt="logo" src={$organisation.logoUrl || Logo} />
+      <Layout gap="XS" noPadding>
+        <Heading size="M">Join {company}</Heading>
+        <Body size="M">Create your account to access your budibase apps!</Body>
+      </Layout>
 
-    <Layout gap="S" noPadding>
-      <FancyForm bind:this={form}>
-        <FancyInput
-          label="Email"
-          value={formData.email}
-          disabled={true}
-          error={errors.email}
-        />
-        <FancyInput
-          label="First name"
-          value={formData.firstName}
-          on:change={e => {
-            formData = {
-              ...formData,
-              firstName: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              firstName: !formData.firstName
-                ? "Please enter your first name"
-                : undefined,
-            }
-
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.firstName}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Last name (optional)"
-          value={formData.lastName}
-          on:change={e => {
-            formData = {
-              ...formData,
-              lastName: e.detail,
-            }
-          }}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Password"
-          value={formData.password}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              password: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {}
-
-            fieldError["password"] = !formData.password
-              ? "Please enter a password"
-              : undefined
-
-            fieldError["confirmationPassword"] =
-              !passwordsMatch(
-                formData.password,
-                formData.confirmationPassword
-              ) && formData.confirmationPassword
-                ? "Passwords must match"
-                : undefined
-
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.password}
-          disabled={onboarding}
-        />
-        <FancyInput
-          label="Repeat password"
-          value={formData.confirmationPassword}
-          type="password"
-          on:change={e => {
-            formData = {
-              ...formData,
-              confirmationPassword: e.detail,
-            }
-          }}
-          validate={() => {
-            let fieldError = {
-              confirmationPassword:
-                !passwordsMatch(
-                  formData.password,
-                  formData.confirmationPassword
-                ) && formData.password
-                  ? "Passwords must match"
+      <Layout gap="S" noPadding>
+        <FancyForm bind:this={form}>
+          <FancyInput
+            label="Email"
+            value={formData.email}
+            disabled={true}
+            error={errors.email}
+          />
+          <FancyInput
+            label="First name"
+            value={formData.firstName}
+            on:change={e => {
+              formData = {
+                ...formData,
+                firstName: e.detail,
+              }
+            }}
+            validate={() => {
+              let fieldError = {
+                firstName: !formData.firstName
+                  ? "Please enter your first name"
                   : undefined,
-            }
+              }
 
-            errors = handleError({ ...errors, ...fieldError })
-          }}
-          error={errors.confirmationPassword}
-          disabled={onboarding}
-        />
-      </FancyForm>
+              errors = handleError({ ...errors, ...fieldError })
+            }}
+            error={errors.firstName}
+            disabled={onboarding}
+          />
+          <FancyInput
+            label="Last name (optional)"
+            value={formData.lastName}
+            on:change={e => {
+              formData = {
+                ...formData,
+                lastName: e.detail,
+              }
+            }}
+            disabled={onboarding}
+          />
+          {#if !$organisation.isSSOEnforced}
+            <FancyInput
+              label="Password"
+              value={formData.password}
+              type="password"
+              on:change={e => {
+                formData = {
+                  ...formData,
+                  password: e.detail,
+                }
+              }}
+              validate={() => {
+                let fieldError = {}
+
+                fieldError["password"] = !formData.password
+                  ? "Please enter a password"
+                  : undefined
+
+                fieldError["confirmationPassword"] =
+                  !passwordsMatch(
+                    formData.password,
+                    formData.confirmationPassword
+                  ) && formData.confirmationPassword
+                    ? "Passwords must match"
+                    : undefined
+
+                errors = handleError({ ...errors, ...fieldError })
+              }}
+              error={errors.password}
+              disabled={onboarding}
+            />
+            <FancyInput
+              label="Repeat password"
+              value={formData.confirmationPassword}
+              type="password"
+              on:change={e => {
+                formData = {
+                  ...formData,
+                  confirmationPassword: e.detail,
+                }
+              }}
+              validate={() => {
+                let fieldError = {
+                  confirmationPassword:
+                    !passwordsMatch(
+                      formData.password,
+                      formData.confirmationPassword
+                    ) && formData.password
+                      ? "Passwords must match"
+                      : undefined,
+                }
+
+                errors = handleError({ ...errors, ...fieldError })
+              }}
+              error={errors.confirmationPassword}
+              disabled={onboarding}
+            />
+          {/if}
+        </FancyForm>
+      </Layout>
+      <div>
+        <Button
+          size="L"
+          disabled={Object.keys(errors).length > 0 || onboarding}
+          cta
+          on:click={acceptInvite}
+        >
+          Create account
+        </Button>
+      </div>
     </Layout>
-    <div>
-      <Button
-        size="L"
-        disabled={Object.keys(errors).length > 0 || onboarding}
-        cta
-        on:click={acceptInvite}
-      >
-        Create account
-      </Button>
-    </div>
-  </Layout>
-</TestimonialPage>
+  </TestimonialPage>
+{/if}
 
 <style>
   img {
diff --git a/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte b/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte
new file mode 100644
index 0000000000..e6f4075e2e
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/_components/LockedFeature.svelte
@@ -0,0 +1,76 @@
+<script>
+  import {
+    Layout,
+    Heading,
+    Body,
+    Button,
+    Divider,
+    Tags,
+    Tag,
+  } from "@budibase/bbui"
+  import { auth, admin } from "stores/portal"
+
+  export let title
+  export let planType
+  export let description
+  export let enabled
+  export let upgradeButtonClick
+</script>
+
+<Layout noPadding>
+  <Layout gap="XS" noPadding>
+    <div class="title">
+      <Heading size="M">{title}</Heading>
+      {#if !enabled}
+        <Tags>
+          <Tag icon="LockClosed">{planType}</Tag>
+        </Tags>
+      {/if}
+    </div>
+    <Body>{description}</Body>
+  </Layout>
+  <Divider size="S" />
+
+  {#if enabled}
+    <slot />
+  {:else}
+    <div class="buttons">
+      <Button
+        primary
+        disabled={!$auth.accountPortalAccess && $admin.cloud}
+        on:click={async () => upgradeButtonClick()}
+      >
+        Upgrade
+      </Button>
+      <!--Show the view plans button-->
+      <Button
+        secondary
+        on:click={() => {
+          window.open("https://budibase.com/pricing/", "_blank")
+        }}
+      >
+        View Plans
+      </Button>
+    </div>
+  {/if}
+</Layout>
+
+<style>
+  .buttons {
+    display: flex;
+    gap: var(--spacing-l);
+  }
+  .title {
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    justify-content: flex-start;
+    gap: var(--spacing-m);
+  }
+
+  .buttons {
+    display: flex;
+    flex-direction: row;
+    gap: var(--spacing-m);
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/_components/UserDropdown.svelte b/packages/builder/src/pages/builder/portal/_components/UserDropdown.svelte
index d396edd4e2..935d69812f 100644
--- a/packages/builder/src/pages/builder/portal/_components/UserDropdown.svelte
+++ b/packages/builder/src/pages/builder/portal/_components/UserDropdown.svelte
@@ -30,9 +30,11 @@
     My profile
   </MenuItem>
   <MenuItem icon="Moon" on:click={() => themeModal.show()}>Theme</MenuItem>
-  <MenuItem icon="LockClosed" on:click={() => updatePasswordModal.show()}>
-    Update password
-  </MenuItem>
+  {#if !$auth.isSSO}
+    <MenuItem icon="LockClosed" on:click={() => updatePasswordModal.show()}>
+      Update password
+    </MenuItem>
+  {/if}
   <MenuItem icon="Key" on:click={() => apiKeyModal.show()}>
     View API key
   </MenuItem>
diff --git a/packages/builder/src/pages/builder/portal/account/_layout.svelte b/packages/builder/src/pages/builder/portal/account/_layout.svelte
index 3083b574a8..892e853aad 100644
--- a/packages/builder/src/pages/builder/portal/account/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/account/_layout.svelte
@@ -4,12 +4,13 @@
   import { Content, SideNav, SideNavItem } from "components/portal/page"
   import { menu } from "stores/portal"
 
+  $: wide = $isActive("./auditLogs")
   $: pages = $menu.find(x => x.title === "Account")?.subPages || []
   $: !pages.length && $goto("../")
 </script>
 
 <Page>
-  <Content narrow>
+  <Content narrow={!wide}>
     <div slot="side-nav">
       <SideNav>
         {#each pages as { title, href }}
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte
new file mode 100644
index 0000000000..08260ecc5c
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/AppColumnRenderer.svelte
@@ -0,0 +1,5 @@
+<script>
+  export let value
+</script>
+
+<div>{value?.name || ""}</div>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte
new file mode 100644
index 0000000000..b6c0262b47
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/TimeRenderer.svelte
@@ -0,0 +1,11 @@
+<script>
+  import dayjs from "dayjs"
+  import relativeTime from "dayjs/plugin/relativeTime"
+  dayjs.extend(relativeTime)
+
+  export let row
+</script>
+
+<div>
+  {dayjs(row.timestamp).fromNow()}
+</div>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte
new file mode 100644
index 0000000000..e36648447b
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/UserRenderer.svelte
@@ -0,0 +1,47 @@
+<script>
+  import { Avatar, Tooltip } from "@budibase/bbui"
+  export let row
+
+  let showTooltip
+  const getInitials = user => {
+    let initials = ""
+    initials += user.firstName ? user.firstName[0] : ""
+    initials += user.lastName ? user.lastName[0] : ""
+
+    return initials === "" ? user.email[0] : initials
+  }
+</script>
+
+{#if row?.user?.email}
+  <div
+    class="container"
+    on:mouseover={() => (showTooltip = true)}
+    on:focus={() => (showTooltip = true)}
+    on:mouseleave={() => (showTooltip = false)}
+  >
+    <Avatar size="M" initials={getInitials(row.user)} />
+  </div>
+  {#if showTooltip}
+    <div class="tooltip">
+      <Tooltip textWrapping text={row.user.email} direction="bottom" />
+    </div>
+  {/if}
+{/if}
+
+<style>
+  .container {
+    position: relative;
+  }
+  .tooltip {
+    z-index: 1;
+    position: absolute;
+    top: 75%;
+    left: 120%;
+    transform: translateX(-100%) translateY(-50%);
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    width: 130px;
+    pointer-events: none;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte
new file mode 100644
index 0000000000..b62ee48cb8
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/_components/ViewDetailsRenderer.svelte
@@ -0,0 +1,13 @@
+<script>
+  import { ActionButton } from "@budibase/bbui"
+  import { getContext } from "svelte"
+
+  export let row
+  const auditLogs = getContext("auditLogs")
+  const onClick = e => {
+    e.stopPropagation()
+    auditLogs.viewDetails(row)
+  }
+</script>
+
+<ActionButton size="S" on:click={onClick}>Details</ActionButton>
diff --git a/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte b/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte
new file mode 100644
index 0000000000..7b35cfa6b7
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/account/auditLogs/index.svelte
@@ -0,0 +1,502 @@
+<!-- If working on this file, you may notice that if you click the download button in the UI
+     hot reload will stop working due to the use of window.location. You'll need to reload the pag
+     to get it working again.
+-->
+<script>
+  import {
+    Layout,
+    Table,
+    Search,
+    Multiselect,
+    notifications,
+    Icon,
+    clickOutside,
+    CoreTextArea,
+    DatePicker,
+    Pagination,
+    Helpers,
+    Divider,
+    ActionButton,
+  } from "@budibase/bbui"
+  import { licensing, users, apps, auditLogs } from "stores/portal"
+  import LockedFeature from "../../_components/LockedFeature.svelte"
+  import { createPaginationStore } from "helpers/pagination"
+  import { onMount, setContext } from "svelte"
+  import ViewDetailsRenderer from "./_components/ViewDetailsRenderer.svelte"
+  import UserRenderer from "./_components/UserRenderer.svelte"
+  import TimeRenderer from "./_components/TimeRenderer.svelte"
+  import AppColumnRenderer from "./_components/AppColumnRenderer.svelte"
+  import { cloneDeep } from "lodash"
+
+  const schema = {
+    date: { width: "0.8fr" },
+    user: { width: "0.5fr" },
+    name: { width: "2fr", displayName: "Event" },
+    app: { width: "1.5fr" },
+    view: { width: "0.1fr", borderLeft: true, displayName: "" },
+  }
+
+  const customRenderers = [
+    {
+      column: "view",
+      component: ViewDetailsRenderer,
+    },
+    {
+      column: "user",
+      component: UserRenderer,
+    },
+    {
+      column: "date",
+      component: TimeRenderer,
+    },
+    {
+      column: "app",
+      component: AppColumnRenderer,
+    },
+  ]
+
+  let userSearchTerm = ""
+  let logSearchTerm = ""
+  let userPageInfo = createPaginationStore()
+  let logsPageInfo = createPaginationStore()
+
+  let prevUserSearch = undefined
+  let prevLogSearch = undefined
+  let selectedUsers = []
+  let selectedApps = []
+  let selectedEvents = []
+  let selectedLog
+  let sidePanelVisible = false
+  let wideSidePanel = false
+  let timer
+  let startDate = new Date()
+  startDate.setDate(startDate.getDate() - 30)
+  let endDate = new Date()
+
+  $: fetchUsers(userPage, userSearchTerm)
+  $: fetchLogs({
+    logsPage,
+    logSearchTerm,
+    startDate,
+    endDate,
+    selectedUsers,
+    selectedApps,
+    selectedEvents,
+  })
+  $: userPage = $userPageInfo.page
+  $: logsPage = $logsPageInfo.page
+
+  $: sortedUsers = sort(
+    enrich($users.data || [], selectedUsers, "_id"),
+    "email"
+  )
+  $: sortedEvents = sort(
+    enrich(parseEventObject($auditLogs.events), selectedEvents, "id"),
+    "id"
+  )
+  $: sortedApps = sort(enrich($apps, selectedApps, "appId"), "name")
+
+  const debounce = value => {
+    clearTimeout(timer)
+    timer = setTimeout(() => {
+      logSearchTerm = value
+    }, 400)
+  }
+
+  const fetchUsers = async (userPage, search) => {
+    if ($userPageInfo.loading) {
+      return
+    }
+    // need to remove the page if they've started searching
+    if (search && !prevUserSearch) {
+      userPageInfo.reset()
+      userPage = undefined
+    }
+    prevUserSearch = search
+    try {
+      userPageInfo.loading()
+      await users.search({ userPage, email: search })
+      userPageInfo.fetched($users.hasNextPage, $users.nextPage)
+    } catch (error) {
+      notifications.error("Error getting user list")
+    }
+  }
+
+  const fetchLogs = async ({
+    logsPage,
+    logSearchTerm,
+    startDate,
+    endDate,
+    selectedUsers,
+    selectedApps,
+    selectedEvents,
+  }) => {
+    if ($logsPageInfo.loading) {
+      return
+    }
+    // need to remove the page if they've started searching
+    if (logSearchTerm && !prevLogSearch) {
+      logsPageInfo.reset()
+      logsPage = undefined
+    }
+    prevLogSearch = logSearchTerm
+    try {
+      logsPageInfo.loading()
+      await auditLogs.search({
+        bookmark: logsPage,
+        startDate,
+        endDate,
+        fullSearch: logSearchTerm,
+        userIds: selectedUsers,
+        appIds: selectedApps,
+        events: selectedEvents,
+      })
+      logsPageInfo.fetched(
+        $auditLogs.logs.hasNextPage,
+        $auditLogs.logs.bookmark
+      )
+    } catch (error) {
+      notifications.error(`Error getting audit logs - ${error}`)
+    }
+  }
+
+  const enrich = (list, selected, key) => {
+    return list.map(item => {
+      return {
+        ...item,
+        selected:
+          selected.find(x => x === item[key] || x.includes(item[key])) != null,
+      }
+    })
+  }
+
+  const sort = (list, key) => {
+    let sortedList = list.slice()
+    sortedList?.sort((a, b) => {
+      if (a.selected === b.selected) {
+        return a[key] < b[key] ? -1 : 1
+      } else if (a.selected) {
+        return -1
+      } else if (b.selected) {
+        return 1
+      }
+      return 0
+    })
+    return sortedList
+  }
+
+  const parseEventObject = obj => {
+    // convert obj which is an object of key value pairs to an array of objects
+    // with the key as the id and the value as the name
+    if (obj) {
+      return Object.entries(obj).map(([id, label]) => {
+        return { id, label }
+      })
+    }
+  }
+
+  const viewDetails = detail => {
+    selectedLog = detail
+    sidePanelVisible = true
+  }
+
+  const downloadLogs = async () => {
+    try {
+      window.location = auditLogs.getDownloadUrl({
+        startDate,
+        endDate,
+        fullSearch: logSearchTerm,
+        userIds: selectedUsers,
+        appIds: selectedApps,
+        events: selectedEvents,
+      })
+    } catch (error) {
+      notifications.error(`Error downloading logs: ` + error.message)
+    }
+  }
+
+  setContext("auditLogs", {
+    viewDetails,
+  })
+
+  const copyToClipboard = async value => {
+    await Helpers.copyToClipboard(value)
+    notifications.success("Copied")
+  }
+
+  function cleanupMetadata(log) {
+    const cloned = cloneDeep(log)
+    cloned.userId = cloned.user._id
+    if (cloned.app) {
+      cloned.appId = cloned.app.appId
+    }
+    // remove props that are confused/not returned in download
+    delete cloned._id
+    delete cloned._rev
+    delete cloned.app
+    delete cloned.user
+    return cloned
+  }
+
+  onMount(async () => {
+    await auditLogs.getEventDefinitions()
+    await licensing.init()
+  })
+</script>
+
+<LockedFeature
+  title={"Audit Logs"}
+  planType={"Business plan"}
+  description={"View all events that have occurred in your Budibase installation"}
+  enabled={$licensing.auditLogsEnabled}
+  upgradeButtonClick={async () => {
+    $licensing.goToUpgradePage()
+  }}
+>
+  <div class="controls">
+    <div class="select">
+      <Multiselect
+        bind:fetchTerm={userSearchTerm}
+        useFetch
+        placeholder="All users"
+        label="Users"
+        autocomplete
+        bind:value={selectedUsers}
+        getOptionValue={user => user._id}
+        getOptionLabel={user => user.email}
+        options={sortedUsers}
+      />
+    </div>
+    <div class="select">
+      <Multiselect
+        autocomplete
+        placeholder="All apps"
+        label="Apps"
+        getOptionValue={app => app.instance._id}
+        getOptionLabel={app => app.name}
+        options={sortedApps}
+        bind:value={selectedApps}
+      />
+    </div>
+    <div class="select">
+      <Multiselect
+        customPopoverHeight="500px"
+        autocomplete
+        getOptionValue={event => event.id}
+        getOptionLabel={event => event.label}
+        options={sortedEvents}
+        placeholder="All events"
+        label="Events"
+        bind:value={selectedEvents}
+      />
+    </div>
+
+    <div class="date-picker">
+      <DatePicker
+        value={[startDate, endDate]}
+        placeholder="Choose date range"
+        range={true}
+        on:change={e => {
+          if (e.detail[0]?.length === 1) {
+            startDate = e.detail[0][0].toISOString()
+            endDate = ""
+          } else if (e.detail[0]?.length > 1) {
+            startDate = e.detail[0][0].toISOString()
+            endDate = e.detail[0][1].toISOString()
+          } else {
+            startDate = ""
+            endDate = ""
+          }
+        }}
+      />
+    </div>
+    <div class="freeSearch">
+      <Search placeholder="Search" on:change={e => debounce(e.detail)} />
+    </div>
+
+    <div class="">
+      <ActionButton size="M" icon="Download" on:click={() => downloadLogs()} />
+    </div>
+  </div>
+  <Layout noPadding>
+    <Table
+      on:click={({ detail }) => viewDetails(detail)}
+      {customRenderers}
+      data={$auditLogs.logs.data}
+      allowEditColumns={false}
+      allowEditRows={false}
+      allowSelectRows={false}
+      {schema}
+    />
+    <div class="pagination">
+      <Pagination
+        page={$logsPageInfo.pageNumber}
+        hasPrevPage={$logsPageInfo.loading ? false : $logsPageInfo.hasPrevPage}
+        hasNextPage={$logsPageInfo.loading ? false : $logsPageInfo.hasNextPage}
+        goToPrevPage={logsPageInfo.prevPage}
+        goToNextPage={logsPageInfo.nextPage}
+      />
+    </div>
+  </Layout>
+</LockedFeature>
+
+{#if selectedLog}
+  <div
+    id="side-panel"
+    class:wide={wideSidePanel}
+    class:visible={sidePanelVisible}
+    use:clickOutside={() => {
+      sidePanelVisible = false
+    }}
+  >
+    <div class="side-panel-header">
+      Audit Log
+      <div class="side-panel-icons">
+        <Icon
+          size="S"
+          hoverable
+          name={wideSidePanel ? "Minimize" : "Maximize"}
+          on:click={() => {
+            wideSidePanel = !wideSidePanel
+          }}
+        />
+        <Icon
+          hoverable
+          name="Close"
+          on:click={() => {
+            sidePanelVisible = false
+          }}
+        />
+      </div>
+    </div>
+    <Divider />
+
+    <div class="side-panel-body">
+      <div
+        on:click={() => copyToClipboard(JSON.stringify(selectedLog.metadata))}
+        class="copy-icon"
+      >
+        <Icon name="Copy" size="S" />
+      </div>
+      <CoreTextArea
+        disabled
+        minHeight={"300px"}
+        height={"100%"}
+        value={JSON.stringify(cleanupMetadata(selectedLog), null, 2)}
+      />
+    </div>
+  </div>
+{/if}
+
+<style>
+  .copy-icon {
+    right: 16px;
+    top: 80px;
+    z-index: 10;
+    justify-content: center;
+    align-items: center;
+    display: flex;
+    flex-direction: row;
+    box-sizing: border-box;
+
+    border: 1px solid var(--spectrum-alias-border-color);
+    border-radius: var(--spectrum-alias-border-radius-regular);
+    width: 31px;
+    color: var(--spectrum-alias-text-color);
+    background-color: var(--spectrum-global-color-gray-75);
+    transition: background-color
+        var(--spectrum-global-animation-duration-100, 130ms),
+      box-shadow var(--spectrum-global-animation-duration-100, 130ms),
+      border-color var(--spectrum-global-animation-duration-100, 130ms);
+    height: calc(var(--spectrum-alias-item-height-m) - 2px);
+    position: absolute;
+  }
+  .copy-icon:hover {
+    cursor: pointer;
+    color: var(--spectrum-alias-text-color-hover);
+    background-color: var(--spectrum-global-color-gray-50);
+    border-color: var(--spectrum-alias-border-color-hover);
+  }
+  .side-panel-header {
+    display: flex;
+    padding: 20px 10px 10px 10px;
+    gap: var(--spacing-s);
+    justify-content: space-between;
+    align-items: center;
+  }
+
+  .pagination {
+    display: flex;
+    flex-direction: row;
+    justify-content: flex-end;
+    margin-top: var(--spacing-xl);
+  }
+
+  .side-panel-body {
+    padding: 10px;
+    height: calc(100% - 67px);
+  }
+  #side-panel {
+    position: absolute;
+    right: 0;
+    top: 0;
+    padding-bottom: 24px;
+    background: var(--background);
+    border-left: var(--border-light);
+    width: 320px;
+    max-width: calc(100vw - 48px - 48px);
+    transform: translateX(100%);
+    transition: transform 130ms ease-in-out;
+    height: calc(100% - 24px);
+    overflow-y: hidden;
+    overflow-x: hidden;
+    z-index: 2;
+  }
+  #side-panel.visible {
+    transform: translateX(0);
+  }
+
+  #side-panel.wide {
+    width: 500px;
+  }
+
+  #side-panel :global(textarea) {
+    min-height: 100% !important;
+    background-color: var(
+      --spectrum-textfield-m-background-color,
+      var(--spectrum-global-color-gray-50)
+    );
+    padding-top: var(--spacing-l);
+    padding-left: var(--spacing-l);
+    font-size: 13px;
+  }
+
+  .controls {
+    display: flex;
+    flex-direction: row;
+    gap: var(--spacing-l);
+    flex-wrap: wrap;
+    align-items: center;
+  }
+
+  .side-panel-icons {
+    display: flex;
+    gap: var(--spacing-l);
+  }
+
+  .select {
+    flex-basis: calc(33.33% - 10px);
+    width: 0;
+    min-width: 100px;
+  }
+
+  .date-picker {
+    flex-basis: calc(70% - 32px);
+    min-width: 100px;
+  }
+
+  .freeSearch {
+    flex-basis: 25%;
+    min-width: 100px;
+  }
+</style>
diff --git a/packages/builder/src/pages/builder/portal/apps/onboarding/_components/NamePanel.svelte b/packages/builder/src/pages/builder/portal/apps/onboarding/_components/NamePanel.svelte
index 730cfbe4a2..1264b63531 100644
--- a/packages/builder/src/pages/builder/portal/apps/onboarding/_components/NamePanel.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/onboarding/_components/NamePanel.svelte
@@ -1,6 +1,7 @@
 <script>
   import { Button, FancyForm, FancyInput } from "@budibase/bbui"
   import PanelHeader from "./PanelHeader.svelte"
+  import { APP_URL_REGEX } from "constants"
 
   export let name = ""
   export let url = ""
@@ -25,6 +26,10 @@
     if (url.length < 1) {
       return "URL must be provided"
     }
+
+    if (!APP_URL_REGEX.test(url)) {
+      return "Invalid URL"
+    }
   }
 </script>
 
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/ActionsRenderer.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/ActionsRenderer.svelte
index 7dc302186a..4787112760 100644
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/ActionsRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/ActionsRenderer.svelte
@@ -3,31 +3,26 @@
     ActionMenu,
     MenuItem,
     Icon,
-    Input,
     Heading,
     Body,
     Modal,
   } from "@budibase/bbui"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
   import CreateRestoreModal from "./CreateRestoreModal.svelte"
-  import { createEventDispatcher, onMount } from "svelte"
+  import { createEventDispatcher } from "svelte"
 
   export let row
 
   let deleteDialog
   let restoreDialog
-  let updateDialog
-  let name
   let restoreBackupModal
 
   const dispatch = createEventDispatcher()
 
-  const onClickRestore = name => {
+  const onClickRestore = () => {
     dispatch("buttonclick", {
       type: "backupRestore",
-      name,
       backupId: row._id,
-      restoreBackupName: name,
     })
   }
 
@@ -38,21 +33,9 @@
     })
   }
 
-  const onClickUpdate = () => {
-    dispatch("buttonclick", {
-      type: "backupUpdate",
-      backupId: row._id,
-      name,
-    })
-  }
-
   async function downloadExport() {
     window.open(`/api/apps/${row.appId}/backups/${row._id}/file`, "_blank")
   }
-
-  onMount(() => {
-    name = row.name
-  })
 </script>
 
 <div class="cell">
@@ -66,12 +49,11 @@
       <MenuItem on:click={deleteDialog.show} icon="Delete">Delete</MenuItem>
       <MenuItem on:click={downloadExport} icon="Download">Download</MenuItem>
     {/if}
-    <MenuItem on:click={updateDialog.show} icon="Edit">Rename</MenuItem>
   </ActionMenu>
 </div>
 
 <Modal bind:this={restoreBackupModal}>
-  <CreateRestoreModal confirm={name => onClickRestore(name)} />
+  <CreateRestoreModal confirm={onClickRestore} />
 </Modal>
 
 <ConfirmDialog
@@ -80,9 +62,7 @@
   onOk={onClickDelete}
   title="Confirm Deletion"
 >
-  Are you sure you wish to delete the backup
-  <i>{row.name}?</i>
-  This action cannot be undone.
+  Are you sure you wish to delete this backup? This action cannot be undone.
 </ConfirmDialog>
 
 <ConfirmDialog
@@ -92,21 +72,10 @@
   title="Confirm restore"
   warning={false}
 >
-  <Heading size="S">{row.name || "Backup"}</Heading>
+  <Heading size="S">Backup</Heading>
   <Body size="S">{new Date(row.timestamp).toLocaleString()}</Body>
 </ConfirmDialog>
 
-<ConfirmDialog
-  bind:this={updateDialog}
-  disabled={!name}
-  okText="Confirm"
-  onOk={onClickUpdate}
-  title="Update Backup"
-  warning={false}
->
-  <Input onlabel="Backup name" bind:value={name} />
-</ConfirmDialog>
-
 <style>
   .cell {
     display: flex;
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/CreateBackupModal.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/CreateBackupModal.svelte
deleted file mode 100644
index 4701115640..0000000000
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/CreateBackupModal.svelte
+++ /dev/null
@@ -1,22 +0,0 @@
-<script>
-  import { ModalContent, Input } from "@budibase/bbui"
-  import { auth } from "stores/portal"
-
-  export let createManualBackup
-
-  let templateName = $auth.user.firstName
-    ? `${$auth.user.firstName}'s Backup`
-    : "New Backup"
-  let name = templateName
-</script>
-
-<ModalContent
-  onConfirm={() => createManualBackup(name)}
-  title="Create new backup"
-  diabled={!name}
-  confirmText="Create"
-  ><Input label="Backup name" bind:value={name} /></ModalContent
->
-
-<style>
-</style>
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/NameRenderer.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/NameRenderer.svelte
deleted file mode 100644
index 93eda410fe..0000000000
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/NameRenderer.svelte
+++ /dev/null
@@ -1,8 +0,0 @@
-<script>
-  import { truncate } from "lodash"
-
-  export let value
-  $: truncatedValue = truncate(value, { length: 12 })
-</script>
-
-{truncatedValue}
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/TimeAgoRenderer.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/TimeAgoRenderer.svelte
new file mode 100644
index 0000000000..fd67b4010b
--- /dev/null
+++ b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/TimeAgoRenderer.svelte
@@ -0,0 +1,10 @@
+<script>
+  import dayjs from "dayjs"
+  import relativeTime from "dayjs/plugin/relativeTime"
+
+  dayjs.extend(relativeTime)
+
+  export let value
+</script>
+
+<span title={value}>{dayjs(value).fromNow()}</span>
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/UserRenderer.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/UserRenderer.svelte
index abab314d05..a9aabae857 100644
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/UserRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/_components/UserRenderer.svelte
@@ -1,17 +1,14 @@
 <script>
+  import getUserInitials from "helpers/userInitials.js"
+  import { Avatar } from "@budibase/bbui"
+
   export let value
 
-  let firstName = value?.firstName
-  let lastName = value?.lastName || ""
-
-  $: username =
-    firstName && lastName ? `${firstName} ${lastName}` : value?.email
+  $: initials = getUserInitials(value)
 </script>
 
-<div class="cell">
-  {#if value != null}
-    <div>{username}</div>
-  {/if}
+<div title={value.email} class="cell">
+  <Avatar size="M" {initials} />
 </div>
 
 <style>
diff --git a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
index c15f944601..4ff9ea386a 100644
--- a/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
+++ b/packages/builder/src/pages/builder/portal/overview/[appId]/backups/index.svelte
@@ -4,7 +4,6 @@
     DatePicker,
     Divider,
     Layout,
-    Modal,
     notifications,
     Pagination,
     Select,
@@ -16,25 +15,22 @@
   } from "@budibase/bbui"
   import { backups, licensing, auth, admin, overview } from "stores/portal"
   import { createPaginationStore } from "helpers/pagination"
-  import DateRenderer from "components/common/renderers/DateTimeRenderer.svelte"
+  import TimeAgoRenderer from "./_components/TimeAgoRenderer.svelte"
   import AppSizeRenderer from "./_components/AppSizeRenderer.svelte"
-  import CreateBackupModal from "./_components/CreateBackupModal.svelte"
   import ActionsRenderer from "./_components/ActionsRenderer.svelte"
   import UserRenderer from "./_components/UserRenderer.svelte"
   import StatusRenderer from "./_components/StatusRenderer.svelte"
   import TypeRenderer from "./_components/TypeRenderer.svelte"
-  import NameRenderer from "./_components/NameRenderer.svelte"
   import BackupsDefault from "assets/backups-default.png"
   import { BackupTrigger, BackupType } from "constants/backend/backups"
   import { onMount } from "svelte"
 
+  let loading = true
   let backupData = null
-  let modal
   let pageInfo = createPaginationStore()
   let filterOpt = null
   let startDate = null
   let endDate = null
-  let loaded = false
   let filters = [
     {
       label: "Manual backup",
@@ -44,10 +40,6 @@
       label: "Published backup",
       value: { type: BackupType.BACKUP, trigger: BackupTrigger.PUBLISH },
     },
-    {
-      label: "Scheduled backup",
-      value: { type: BackupType.BACKUP, trigger: BackupTrigger.SCHEDULED },
-    },
     {
       label: "Pre-restore backup",
       value: { type: BackupType.BACKUP, trigger: BackupTrigger.RESTORING },
@@ -71,10 +63,6 @@
       displayName: "Date",
       width: "auto",
     },
-    name: {
-      displayName: "Name",
-      width: "auto",
-    },
     appSize: {
       displayName: "App size",
       width: "auto",
@@ -96,11 +84,10 @@
   const customRenderers = [
     { column: "appSize", component: AppSizeRenderer },
     { column: "actions", component: ActionsRenderer },
-    { column: "createdAt", component: DateRenderer },
+    { column: "createdAt", component: TimeAgoRenderer },
     { column: "createdBy", component: UserRenderer },
     { column: "status", component: StatusRenderer },
     { column: "type", component: TypeRenderer },
-    { column: "name", component: NameRenderer },
   ]
 
   function flattenBackups(backups) {
@@ -126,11 +113,11 @@
     backupData = flattenBackups(response.data)
   }
 
-  async function createManualBackup(name) {
+  async function createManualBackup() {
     try {
+      loading = true
       let response = await backups.createManualBackup({
         appId: app.instance._id,
-        name,
       })
       await fetchBackups(filterOpt, page)
       notifications.success(response.message)
@@ -139,6 +126,20 @@
     }
   }
 
+  const poll = backupData => {
+    if (backupData === null) {
+      return
+    }
+
+    if (backupData.some(datum => datum.status === "started")) {
+      setTimeout(() => fetchBackups(filterOpt, page), 2000)
+    } else {
+      loading = false
+    }
+  }
+
+  $: poll(backupData)
+
   async function handleButtonClick({ detail }) {
     if (detail.type === "backupDelete") {
       await backups.deleteBackup({
@@ -165,7 +166,7 @@
 
   onMount(async () => {
     await fetchBackups(filterOpt, page, startDate, endDate)
-    loaded = true
+    loading = false
   })
 </script>
 
@@ -184,7 +185,7 @@
   <Divider />
 
   {#if !$licensing.backupsEnabled}
-    {#if !$auth.accountPortalAccess && !$licensing.groupsEnabled && $admin.cloud}
+    {#if !$auth.accountPortalAccess && $admin.cloud}
       <Body>Contact your account holder to upgrade your plan.</Body>
     {/if}
     <div class="pro-buttons">
@@ -206,7 +207,7 @@
         View plans
       </Button>
     </div>
-  {:else if !backupData?.length && loaded && !filterOpt && !startDate}
+  {:else if !backupData?.length && !loading && !filterOpt && !startDate}
     <div class="center">
       <Layout noPadding gap="S" justifyItems="center">
         <img height="130px" src={BackupsDefault} alt="BackupsDefault" />
@@ -215,11 +216,13 @@
           <Body>You can manually back up your app any time</Body>
         </Layout>
         <div>
-          <Button on:click={modal.show} cta>Create backup</Button>
+          <Button cta disabled={loading} on:click={createManualBackup}>
+            Create backup
+          </Button>
         </div>
       </Layout>
     </div>
-  {:else if loaded}
+  {:else}
     <Layout noPadding gap="M" alignContent="start">
       <div class="controls">
         <div class="search">
@@ -245,7 +248,9 @@
           />
         </div>
         <div>
-          <Button cta on:click={modal.show}>Create new backup</Button>
+          <Button cta disabled={loading} on:click={createManualBackup}
+            >Create new backup</Button
+          >
         </div>
       </div>
       <div class="table">
@@ -275,10 +280,6 @@
   {/if}
 </Layout>
 
-<Modal bind:this={modal}>
-  <CreateBackupModal {createManualBackup} />
-</Modal>
-
 <style>
   .title {
     display: flex;
diff --git a/packages/builder/src/pages/builder/portal/settings/auth/index.svelte b/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
index 608ca271c0..0e82dd31e7 100644
--- a/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/auth/index.svelte
@@ -22,10 +22,11 @@
     Tags,
     Icon,
     Helpers,
+    Link,
   } from "@budibase/bbui"
   import { onMount } from "svelte"
   import { API } from "api"
-  import { organisation, admin } from "stores/portal"
+  import { organisation, admin, licensing } from "stores/portal"
 
   const ConfigTypes = {
     Google: "google",
@@ -34,6 +35,8 @@
 
   const HasSpacesRegex = /[\\"\s]/
 
+  $: enforcedSSO = $organisation.isSSOEnforced
+
   // Some older google configs contain a manually specified value - retain the functionality to edit the field
   // When there is no value or we are in the cloud - prohibit editing the field, must use platform url to change
   $: googleCallbackUrl = undefined
@@ -128,24 +131,25 @@
     isEqual(providers.google?.config, originalGoogleDoc?.config)
       ? (googleSaveButtonDisabled = true)
       : (googleSaveButtonDisabled = false)
+
+    // delete the callback url which is never saved to the oidc
+    // config doc, to ensure an accurate comparison
+    delete providers.oidc?.config.configs[0].callbackURL
+
     isEqual(providers.oidc?.config, originalOidcDoc?.config)
       ? (oidcSaveButtonDisabled = true)
       : (oidcSaveButtonDisabled = false)
   }
 
-  // Create a flag so that it will only try to save completed forms
-  $: partialGoogle =
-    providers.google?.config?.clientID || providers.google?.config?.clientSecret
-  $: partialOidc =
-    providers.oidc?.config?.configs[0].configUrl ||
-    providers.oidc?.config?.configs[0].clientID ||
-    providers.oidc?.config?.configs[0].clientSecret
-  $: googleComplete =
+  $: googleComplete = !!(
     providers.google?.config?.clientID && providers.google?.config?.clientSecret
-  $: oidcComplete =
+  )
+
+  $: oidcComplete = !!(
     providers.oidc?.config?.configs[0].configUrl &&
     providers.oidc?.config?.configs[0].clientID &&
     providers.oidc?.config?.configs[0].clientSecret
+  )
 
   const onFileSelected = e => {
     let fileName = e.target.files[0].name
@@ -154,71 +158,90 @@
     iconDropdownOptions.unshift({ label: fileName, value: fileName })
   }
 
-  async function save(docs) {
-    let calls = []
-    // Only if the user has provided an image, upload it
+  async function toggleIsSSOEnforced() {
+    const value = $organisation.isSSOEnforced
+    try {
+      await organisation.save({ isSSOEnforced: !value })
+    } catch (e) {
+      notifications.error(e.message)
+    }
+  }
+
+  async function saveConfig(config) {
+    // Delete unsupported fields
+    delete config.createdAt
+    delete config.updatedAt
+    return API.saveConfig(config)
+  }
+
+  async function saveOIDCLogo() {
     if (image) {
       let data = new FormData()
       data.append("file", image)
-      calls.push(
-        API.uploadOIDCLogo({
-          name: image.name,
-          data,
-        })
+      await API.uploadOIDCLogo({
+        name: image.name,
+        data,
+      })
+    }
+  }
+
+  async function saveOIDC() {
+    if (!oidcComplete) {
+      notifications.error(
+        `Please fill in all required ${ConfigTypes.OIDC} fields`
       )
+      return
     }
-    docs.forEach(element => {
-      // Delete unsupported fields
-      delete element.createdAt
-      delete element.updatedAt
 
-      const { activated } = element.config
+    const oidc = providers.oidc
 
-      if (element.type === ConfigTypes.OIDC) {
-        // Add a UUID here so each config is distinguishable when it arrives at the login page
-        for (let config of element.config.configs) {
-          if (!config.uuid) {
-            config.uuid = Helpers.uuid()
-          }
-          // Callback urls shouldn't be included
-          delete config.callbackURL
-        }
-        if ((partialOidc || activated) && !oidcComplete) {
-          notifications.error(
-            `Please fill in all required ${ConfigTypes.OIDC} fields`
-          )
-        } else if (oidcComplete || !activated) {
-          calls.push(API.saveConfig(element))
-          // Turn the save button grey when clicked
-          oidcSaveButtonDisabled = true
-          originalOidcDoc = cloneDeep(providers.oidc)
-        }
+    // Add a UUID here so each config is distinguishable when it arrives at the login page
+    for (let config of oidc.config.configs) {
+      if (!config.uuid) {
+        config.uuid = Helpers.uuid()
       }
-      if (element.type === ConfigTypes.Google) {
-        if ((partialGoogle || activated) && !googleComplete) {
-          notifications.error(
-            `Please fill in all required ${ConfigTypes.Google} fields`
-          )
-        } else if (googleComplete || !activated) {
-          calls.push(API.saveConfig(element))
-          googleSaveButtonDisabled = true
-          originalGoogleDoc = cloneDeep(providers.google)
-        }
-      }
-    })
-    if (calls.length) {
-      Promise.all(calls)
-        .then(data => {
-          data.forEach(res => {
-            providers[res.type]._rev = res._rev
-            providers[res.type]._id = res._id
-          })
-          notifications.success(`Settings saved`)
-        })
-        .catch(() => {
-          notifications.error("Failed to update auth settings")
-        })
+      // Callback urls shouldn't be included
+      delete config.callbackURL
     }
+
+    try {
+      const res = await saveConfig(oidc)
+      providers[res.type]._rev = res._rev
+      providers[res.type]._id = res._id
+      await saveOIDCLogo()
+      notifications.success(`Settings saved`)
+    } catch (e) {
+      notifications.error(e.message)
+      return
+    }
+
+    // Turn the save button grey when clicked
+    oidcSaveButtonDisabled = true
+    originalOidcDoc = cloneDeep(providers.oidc)
+  }
+
+  async function saveGoogle() {
+    if (!googleComplete) {
+      notifications.error(
+        `Please fill in all required ${ConfigTypes.Google} fields`
+      )
+      return
+    }
+
+    const google = providers.google
+
+    try {
+      const res = await saveConfig(google)
+      providers[res.type]._rev = res._rev
+      providers[res.type]._id = res._id
+      notifications.success(`Settings saved`)
+    } catch (e) {
+      notifications.error(e.message)
+      return
+    }
+
+    googleSaveButtonDisabled = true
+    originalGoogleDoc = cloneDeep(providers.google)
   }
 
   let defaultScopes = ["profile", "email", "offline_access"]
@@ -258,7 +281,7 @@
     if (!googleDoc?._id) {
       providers.google = {
         type: ConfigTypes.Google,
-        config: { activated: true },
+        config: { activated: false },
       }
       originalGoogleDoc = cloneDeep(googleDoc)
     } else {
@@ -282,14 +305,17 @@
     }
     if (oidcLogos?.config) {
       const logoKeys = Object.keys(oidcLogos.config)
-      logoKeys.map(logoKey => {
-        const logoUrl = oidcLogos.config[logoKey]
-        iconDropdownOptions.unshift({
-          label: logoKey,
-          value: logoKey,
-          icon: logoUrl,
+      logoKeys
+        // don't include the etag entry in the logo config
+        .filter(key => !key.toLowerCase().includes("etag"))
+        .map(logoKey => {
+          const logoUrl = oidcLogos.config[logoKey]
+          iconDropdownOptions.unshift({
+            label: logoKey,
+            value: logoKey,
+            icon: logoUrl,
+          })
         })
-      })
     }
 
     // Fetch OIDC config
@@ -302,7 +328,7 @@
     if (!oidcDoc?._id) {
       providers.oidc = {
         type: ConfigTypes.OIDC,
-        config: { configs: [{ activated: true, scopes: defaultScopes }] },
+        config: { configs: [{ activated: false, scopes: defaultScopes }] },
       }
     } else {
       originalOidcDoc = cloneDeep(oidcDoc)
@@ -316,6 +342,49 @@
     <Heading size="M">Authentication</Heading>
     <Body>Add additional authentication methods from the options below</Body>
   </Layout>
+  <Divider />
+  <Layout noPadding gap="XS">
+    <Heading size="S">Single Sign-On URL</Heading>
+    <Body size="S">
+      Use the following link to access your configured identity provider.
+    </Body>
+    <Body size="S">
+      <div class="sso-link">
+        <Link href={$organisation.platformUrl} target="_blank"
+          >{$organisation.platformUrl}</Link
+        >
+        <div class="sso-link-icon">
+          <Icon size="XS" name="LinkOutLight" />
+        </div>
+      </div>
+    </Body>
+  </Layout>
+  <Divider />
+  <Layout noPadding gap="XS">
+    <div class="provider-title">
+      <div class="enforce-sso-heading-container">
+        <div class="enforce-sso-title">
+          <Heading size="S">Enforce Single Sign-On</Heading>
+        </div>
+        {#if !$licensing.enforceableSSO}
+          <Tags>
+            <Tag icon="LockClosed">Enterprise plan</Tag>
+          </Tags>
+        {/if}
+      </div>
+      {#if $licensing.enforceableSSO}
+        <Toggle on:change={toggleIsSSOEnforced} bind:value={enforcedSSO} />
+      {/if}
+    </div>
+    <Body size="S">
+      Require SSO authentication for all users. It is recommended to read the
+      help <Link
+        size="M"
+        href={"https://docs.budibase.com/docs/authentication-and-sso"}
+        >documentation</Link
+      > before enabling this feature.
+    </Body>
+  </Layout>
   {#if providers.google}
     <Divider />
     <Layout gap="XS" noPadding>
@@ -362,7 +431,7 @@
       <Button
         disabled={googleSaveButtonDisabled}
         cta
-        on:click={() => save([providers.google])}
+        on:click={() => saveGoogle()}
       >
         Save
       </Button>
@@ -418,6 +487,7 @@
         <Select
           label=""
           bind:value={providers.oidc.config.configs[0].logo}
+          useOptionIconImage
           options={iconDropdownOptions}
           on:change={e => e.detail === "Upload" && fileinput.click()}
         />
@@ -524,11 +594,7 @@
       </div>
     </Layout>
     <div>
-      <Button
-        disabled={oidcSaveButtonDisabled}
-        cta
-        on:click={() => save([providers.oidc])}
-      >
+      <Button disabled={oidcSaveButtonDisabled} cta on:click={() => saveOIDC()}>
         Save
       </Button>
     </div>
@@ -546,7 +612,24 @@
   input[type="file"] {
     display: none;
   }
-
+  .sso-link-icon {
+    padding-top: 4px;
+    margin-left: 3px;
+  }
+  .sso-link {
+    margin-top: 12px;
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+  }
+  .enforce-sso-title {
+    margin-right: 10px;
+  }
+  .enforce-sso-heading-container {
+    display: flex;
+    flex-direction: row;
+    align-items: start;
+  }
   .provider-title {
     display: flex;
     flex-direction: row;
diff --git a/packages/builder/src/pages/builder/portal/settings/environment/index.svelte b/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
index 3c170235e9..cff578febd 100644
--- a/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/environment/index.svelte
@@ -1,21 +1,17 @@
 <script>
   import {
     Layout,
-    Heading,
-    Body,
     Button,
-    Divider,
     Modal,
     Table,
-    Tags,
-    Tag,
     InlineAlert,
     notifications,
   } from "@budibase/bbui"
-  import { environment, licensing, auth, admin } from "stores/portal"
+  import { environment, licensing } from "stores/portal"
   import { onMount } from "svelte"
   import CreateEditVariableModal from "components/portal/environment/CreateEditVariableModal.svelte"
   import EditVariableColumn from "./_components/EditVariableColumn.svelte"
+  import LockedFeature from "../../_components/LockedFeature.svelte"
 
   let modal
 
@@ -61,91 +57,43 @@
   }
 </script>
 
-<Layout noPadding>
-  <Layout gap="XS" noPadding>
-    <div class="title">
-      <Heading size="M">Environment Variables</Heading>
-      {#if !$licensing.environmentVariablesEnabled}
-        <Tags>
-          <Tag icon="LockClosed">Business plan</Tag>
-        </Tags>
-      {/if}
-    </div>
-    <Body
-      >Add and manage environment variables for development and production</Body
-    >
-  </Layout>
-  <Divider size="S" />
-
-  {#if $licensing.environmentVariablesEnabled}
-    {#if noEncryptionKey}
-      <InlineAlert
-        message="Your Budibase installation does not have a key for encryption, please update your app service's environment variables to contain an 'ENCRYPTION_KEY' value."
-        header="No encryption key found"
-        type="error"
-      />
-    {/if}
-    <div>
-      <Button on:click={modal.show} cta disabled={noEncryptionKey}
-        >Add Variable</Button
-      >
-    </div>
-
-    <Layout noPadding>
-      <Table
-        {schema}
-        data={$environment.variables}
-        allowEditColumns={false}
-        allowEditRows={false}
-        allowSelectRows={false}
-        {customRenderers}
-      />
-    </Layout>
-  {:else}
-    <div class="buttons">
-      <Button
-        primary
-        disabled={!$auth.accountPortalAccess && $admin.cloud}
-        on:click={async () => {
-          await environment.upgradePanelOpened()
-          $licensing.goToUpgradePage()
-        }}
-      >
-        Upgrade
-      </Button>
-      <!--Show the view plans button-->
-      <Button
-        secondary
-        on:click={() => {
-          window.open("https://budibase.com/pricing/", "_blank")
-        }}
-      >
-        View Plans
-      </Button>
-    </div>
+<LockedFeature
+  title={"Environment Variables"}
+  planType={"Business plan"}
+  description={"Add and manage environment variables for development and production"}
+  enabled={$licensing.environmentVariablesEnabled}
+  upgradeButtonClick={async () => {
+    await environment.upgradePanelOpened()
+    $licensing.goToUpgradePage()
+  }}
+>
+  {#if noEncryptionKey}
+    <InlineAlert
+      message="Your Budibase installation does not have a key for encryption, please update your app service's environment variables to contain an 'ENCRYPTION_KEY' value."
+      header="No encryption key found"
+      type="error"
+    />
   {/if}
-</Layout>
+  <div>
+    <Button on:click={modal.show} cta disabled={noEncryptionKey}
+      >Add Variable</Button
+    >
+  </div>
+  <Layout noPadding>
+    <Table
+      {schema}
+      data={$environment.variables}
+      allowEditColumns={false}
+      allowEditRows={false}
+      allowSelectRows={false}
+      {customRenderers}
+    />
+  </Layout>
+</LockedFeature>
 
 <Modal bind:this={modal}>
   <CreateEditVariableModal {save} />
 </Modal>
 
 <style>
-  .buttons {
-    display: flex;
-    gap: var(--spacing-l);
-  }
-  .title {
-    display: flex;
-    flex-direction: row;
-    align-items: center;
-    justify-content: flex-start;
-    gap: var(--spacing-m);
-  }
-
-  .buttons {
-    display: flex;
-    flex-direction: row;
-    gap: var(--spacing-m);
-  }
 </style>
diff --git a/packages/builder/src/pages/builder/portal/settings/organisation.svelte b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
index 8e4d6e738c..bba046ce10 100644
--- a/packages/builder/src/pages/builder/portal/settings/organisation.svelte
+++ b/packages/builder/src/pages/builder/portal/settings/organisation.svelte
@@ -24,6 +24,7 @@
   }
 
   const values = writable({
+    isSSOEnforced: $organisation.isSSOEnforced,
     company: $organisation.company,
     platformUrl: $organisation.platformUrl,
     analyticsEnabled: $organisation.analyticsEnabled,
@@ -54,6 +55,7 @@
       }
 
       const config = {
+        isSSOEnforced: $values.isSSOEnforced,
         company: $values.company ?? "",
         platformUrl: $values.platformUrl ?? "",
         analyticsEnabled: $values.analyticsEnabled,
diff --git a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
index b14e3420cc..1c26273a8d 100644
--- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
@@ -81,6 +81,7 @@
   let user
   let loaded = false
 
+  $: isSSO = !!user?.provider
   $: readonly = !$auth.isAdmin
   $: fullName = user?.firstName ? user?.firstName + " " + user?.lastName : ""
   $: privileged = user?.admin?.global || user?.builder?.global
@@ -246,9 +247,11 @@
             <span slot="control">
               <Icon hoverable name="More" />
             </span>
-            <MenuItem on:click={resetPasswordModal.show} icon="Refresh">
-              Force password reset
-            </MenuItem>
+            {#if !isSSO}
+              <MenuItem on:click={resetPasswordModal.show} icon="Refresh">
+                Force password reset
+              </MenuItem>
+            {/if}
             <MenuItem on:click={deleteModal.show} icon="Delete">
               Delete
             </MenuItem>
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
index 7ec6d338d5..0048853545 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/OnboardingTypeModal.svelte
@@ -1,9 +1,8 @@
 <script>
   import { ModalContent, Body, Layout, Icon } from "@budibase/bbui"
+  import { OnboardingType } from "../../../../../../constants"
 
   export let chooseCreationType
-  let emailOnboardingKey = "emailOnboarding"
-  let basicOnboaridngKey = "basicOnboarding"
 
   let selectedOnboardingType
 </script>
@@ -20,9 +19,9 @@
   <Layout noPadding gap="S">
     <div
       class="onboarding-type item"
-      class:selected={selectedOnboardingType == emailOnboardingKey}
+      class:selected={selectedOnboardingType == OnboardingType.EMAIL}
       on:click={() => {
-        selectedOnboardingType = emailOnboardingKey
+        selectedOnboardingType = OnboardingType.EMAIL
       }}
     >
       <div class="content onboarding-type-wrap">
@@ -32,7 +31,7 @@
         </div>
       </div>
       <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == emailOnboardingKey}
+        {#if selectedOnboardingType == OnboardingType.EMAIL}
           <div class="checkmark-spacing">
             <Icon size="S" name="CheckmarkCircle" />
           </div>
@@ -42,9 +41,9 @@
 
     <div
       class="onboarding-type item"
-      class:selected={selectedOnboardingType == basicOnboaridngKey}
+      class:selected={selectedOnboardingType == OnboardingType.PASSWORD}
       on:click={() => {
-        selectedOnboardingType = basicOnboaridngKey
+        selectedOnboardingType = OnboardingType.PASSWORD
       }}
     >
       <div class="content onboarding-type-wrap">
@@ -54,7 +53,7 @@
         </div>
       </div>
       <div style="color: var(--spectrum-global-color-green-600); float: right">
-        {#if selectedOnboardingType == basicOnboaridngKey}
+        {#if selectedOnboardingType == OnboardingType.PASSWORD}
           <div class="checkmark-spacing">
             <Icon size="S" name="CheckmarkCircle" />
           </div>
diff --git a/packages/builder/src/pages/builder/portal/users/users/index.svelte b/packages/builder/src/pages/builder/portal/users/users/index.svelte
index 0776b1adc4..4f80e1a942 100644
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@@ -13,7 +13,7 @@
     Divider,
   } from "@budibase/bbui"
   import AddUserModal from "./_components/AddUserModal.svelte"
-  import { users, groups, auth, licensing } from "stores/portal"
+  import { users, groups, auth, licensing, organisation } from "stores/portal"
   import { onMount } from "svelte"
   import DeleteRowsButton from "components/backend/DataTable/buttons/DeleteRowsButton.svelte"
   import GroupsTableRenderer from "./_components/GroupsTableRenderer.svelte"
@@ -27,6 +27,7 @@
   import { get } from "svelte/store"
   import { Constants, Utils, fetchData } from "@budibase/frontend-core"
   import { API } from "api"
+  import { OnboardingType } from "../../../../../constants"
 
   const fetch = fetchData({
     API,
@@ -105,10 +106,18 @@
   const debouncedUpdateFetch = Utils.debounce(updateFetch, 250)
 
   const showOnboardingTypeModal = async addUsersData => {
+    // no-op if users already exist
     userData = await removingDuplicities(addUsersData)
-    if (!userData?.users?.length) return
+    if (!userData?.users?.length) {
+      return
+    }
 
-    onboardingTypeModal.show()
+    if ($organisation.isSSOEnforced) {
+      // bypass the onboarding type selection of sso is enforced
+      await chooseCreationType(OnboardingType.EMAIL)
+    } else {
+      onboardingTypeModal.show()
+    }
   }
 
   async function createUserFlow() {
@@ -181,7 +190,7 @@
   }
 
   async function chooseCreationType(onboardingType) {
-    if (onboardingType === "emailOnboarding") {
+    if (onboardingType === OnboardingType.EMAIL) {
       await createUserFlow()
     } else {
       await createUsers()
diff --git a/packages/builder/src/stores/portal/auditLogs.js b/packages/builder/src/stores/portal/auditLogs.js
new file mode 100644
index 0000000000..9abf8ec11b
--- /dev/null
+++ b/packages/builder/src/stores/portal/auditLogs.js
@@ -0,0 +1,43 @@
+import { writable, get } from "svelte/store"
+import { API } from "api"
+import { licensing } from "stores/portal"
+
+export function createAuditLogsStore() {
+  const { subscribe, update } = writable({
+    events: {},
+    logs: {},
+  })
+
+  async function search(opts = {}) {
+    if (get(licensing).auditLogsEnabled) {
+      const paged = await API.searchAuditLogs(opts)
+
+      update(state => {
+        return { ...state, logs: { ...paged, opts } }
+      })
+
+      return paged
+    }
+  }
+
+  async function getEventDefinitions() {
+    const events = await API.getEventDefinitions()
+
+    update(state => {
+      return { ...state, ...events }
+    })
+  }
+
+  function getDownloadUrl(opts = {}) {
+    return API.getDownloadUrl(opts)
+  }
+
+  return {
+    subscribe,
+    search,
+    getEventDefinitions,
+    getDownloadUrl,
+  }
+}
+
+export const auditLogs = createAuditLogsStore()
diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js
index b10cd05e00..d11033c142 100644
--- a/packages/builder/src/stores/portal/auth.js
+++ b/packages/builder/src/stores/portal/auth.js
@@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store"
 import { API } from "api"
 import { admin } from "stores/portal"
 import analytics from "analytics"
+import getUserInitials from "helpers/userInitials.js"
 
 export function createAuthStore() {
   const auth = writable({
@@ -18,16 +19,7 @@ export function createAuthStore() {
     let isBuilder = false
     if ($store.user) {
       const user = $store.user
-      if (user.firstName) {
-        initials = user.firstName[0]
-        if (user.lastName) {
-          initials += user.lastName[0]
-        }
-      } else if (user.email) {
-        initials = user.email[0]
-      } else {
-        initials = "Unknown"
-      }
+      initials = getUserInitials(user)
       isAdmin = !!user.admin?.global
       isBuilder = !!user.builder?.global
     }
@@ -41,6 +33,7 @@ export function createAuthStore() {
       initials,
       isAdmin,
       isBuilder,
+      isSSO: !!$store.user?.provider,
     }
   })
 
diff --git a/packages/builder/src/stores/portal/backups.js b/packages/builder/src/stores/portal/backups.js
index 328a9d37cc..6ac70ef36c 100644
--- a/packages/builder/src/stores/portal/backups.js
+++ b/packages/builder/src/stores/portal/backups.js
@@ -30,8 +30,8 @@ export function createBackupsStore() {
     return API.deleteBackup({ appId, backupId })
   }
 
-  async function createManualBackup(appId, name) {
-    return API.createManualBackup(appId, name)
+  async function createManualBackup(appId) {
+    return API.createManualBackup(appId)
   }
 
   async function updateBackup({ appId, backupId, name }) {
diff --git a/packages/builder/src/stores/portal/index.js b/packages/builder/src/stores/portal/index.js
index 8d704a5e15..e8f7853165 100644
--- a/packages/builder/src/stores/portal/index.js
+++ b/packages/builder/src/stores/portal/index.js
@@ -13,3 +13,4 @@ export { backups } from "./backups"
 export { overview } from "./overview"
 export { environment } from "./environment"
 export { menu } from "./menu"
+export { auditLogs } from "./auditLogs"
diff --git a/packages/builder/src/stores/portal/licensing.js b/packages/builder/src/stores/portal/licensing.js
index 6f5c80e03c..df63e9455b 100644
--- a/packages/builder/src/stores/portal/licensing.js
+++ b/packages/builder/src/stores/portal/licensing.js
@@ -63,7 +63,13 @@ export const createLicensingStore = () => {
       const environmentVariablesEnabled = license.features.includes(
         Constants.Features.ENVIRONMENT_VARIABLES
       )
+      const enforceableSSO = license.features.includes(
+        Constants.Features.ENFORCEABLE_SSO
+      )
 
+      const auditLogsEnabled = license.features.includes(
+        Constants.Features.AUDIT_LOGS
+      )
       store.update(state => {
         return {
           ...state,
@@ -72,6 +78,8 @@ export const createLicensingStore = () => {
           groupsEnabled,
           backupsEnabled,
           environmentVariablesEnabled,
+          auditLogsEnabled,
+          enforceableSSO,
         }
       })
     },
diff --git a/packages/builder/src/stores/portal/menu.js b/packages/builder/src/stores/portal/menu.js
index 8eea36c08c..d791a4ac91 100644
--- a/packages/builder/src/stores/portal/menu.js
+++ b/packages/builder/src/stores/portal/menu.js
@@ -76,6 +76,12 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/account/usage",
       },
     ]
+    if ($auth.isAdmin) {
+      accountSubPages.push({
+        title: "Audit Logs",
+        href: "/builder/portal/account/auditLogs",
+      })
+    }
     if ($admin.cloud && $auth?.user?.accountPortalAccess) {
       accountSubPages.push({
         title: "Upgrade",
@@ -87,6 +93,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
         href: "/builder/portal/account/upgrade",
       })
     }
+    // add license check here
     if (
       $auth?.user?.accountPortalAccess &&
       $auth.user.account.stripeCustomerId
diff --git a/packages/builder/src/stores/portal/organisation.js b/packages/builder/src/stores/portal/organisation.js
index 9709578fa2..36bf98b0ba 100644
--- a/packages/builder/src/stores/portal/organisation.js
+++ b/packages/builder/src/stores/portal/organisation.js
@@ -1,6 +1,7 @@
 import { writable, get } from "svelte/store"
 import { API } from "api"
 import { auth } from "stores/portal"
+import _ from "lodash"
 
 const DEFAULT_CONFIG = {
   platformUrl: "",
@@ -11,6 +12,7 @@ const DEFAULT_CONFIG = {
   google: undefined,
   oidcCallbackUrl: "",
   googleCallbackUrl: "",
+  isSSOEnforced: false,
 }
 
 export function createOrganisationStore() {
@@ -19,21 +21,20 @@ export function createOrganisationStore() {
 
   async function init() {
     const tenantId = get(auth).tenantId
-    const tenant = await API.getTenantConfig(tenantId)
-    set({ ...DEFAULT_CONFIG, ...tenant.config, _rev: tenant._rev })
+    const settingsConfigDoc = await API.getTenantConfig(tenantId)
+    set({ ...DEFAULT_CONFIG, ...settingsConfigDoc.config })
   }
 
   async function save(config) {
     // Delete non-persisted fields
-    const storeConfig = get(store)
+    const storeConfig = _.cloneDeep(get(store))
     delete storeConfig.oidc
     delete storeConfig.google
     delete storeConfig.oidcCallbackUrl
     delete storeConfig.googleCallbackUrl
     await API.saveConfig({
       type: "settings",
-      config: { ...get(store), ...config },
-      _rev: get(store)._rev,
+      config: { ...storeConfig, ...config },
     })
     await init()
   }
diff --git a/packages/builder/src/stores/portal/users.js b/packages/builder/src/stores/portal/users.js
index 1510207604..206e14568b 100644
--- a/packages/builder/src/stores/portal/users.js
+++ b/packages/builder/src/stores/portal/users.js
@@ -26,9 +26,15 @@ export function createUsersStore() {
     return await API.getUsers()
   }
 
+  // One or more users.
+  async function onboard(payload) {
+    return await API.onboardUsers(payload)
+  }
+
   async function invite(payload) {
     return API.inviteUsers(payload)
   }
+
   async function acceptInvite(inviteCode, password, firstName, lastName) {
     return API.acceptInvite({
       inviteCode,
@@ -42,6 +48,14 @@ export function createUsersStore() {
     return API.getUserInvite(inviteCode)
   }
 
+  async function getInvites() {
+    return API.getUserInvites()
+  }
+
+  async function updateInvite(invite) {
+    return API.updateUserInvite(invite)
+  }
+
   async function create(data) {
     let mappedUsers = data.users.map(user => {
       const body = {
@@ -106,8 +120,11 @@ export function createUsersStore() {
     getUserRole,
     fetch,
     invite,
+    onboard,
     acceptInvite,
     fetchInvite,
+    getInvites,
+    updateInvite,
     create,
     save,
     bulkDelete,
diff --git a/packages/builder/yarn.lock b/packages/builder/yarn.lock
index 20fc29b0e3..7035ca1765 100644
--- a/packages/builder/yarn.lock
+++ b/packages/builder/yarn.lock
@@ -3178,6 +3178,11 @@ fast-glob@^3.0.3:
     merge2 "^1.3.0"
     micromatch "^4.0.4"
 
+fast-json-patch@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/fast-json-patch/-/fast-json-patch-3.1.1.tgz#85064ea1b1ebf97a3f7ad01e23f9337e72c66947"
+  integrity sha512-vf6IHUX2SBcA+5/+4883dsIjpBTqmfBjmYiWK1savxQmFk4JfBMLa7ynTYOs1Rolp/T1betJxHiGD3g1Mn8lUQ==
+
 fast-json-stable-stringify@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633"
diff --git a/packages/cli/.gitignore b/packages/cli/.gitignore
index 655ef7b624..8d8de9a0da 100644
--- a/packages/cli/.gitignore
+++ b/packages/cli/.gitignore
@@ -6,3 +6,4 @@ docker-error.log
 envoy.yaml
 *.tar.gz
 prebuilds/
+dist/
diff --git a/packages/cli/package.json b/packages/cli/package.json
index 5209c51b2e..bfced9355d 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,16 +1,19 @@
 {
   "name": "@budibase/cli",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase CLI, for developers, self hosting and migrations.",
-  "main": "src/index.js",
+  "main": "dist/index.js",
   "bin": {
-    "budi": "src/index.js"
+    "budi": "dist/index.js"
   },
   "author": "Budibase",
   "license": "GPL-3.0",
   "scripts": {
     "prebuild": "rm -rf prebuilds 2> /dev/null && cp -r node_modules/leveldown/prebuilds prebuilds",
-    "build": "yarn prebuild && renamer --find .node --replace .fake 'prebuilds/**' && pkg . --out-path build && yarn postbuild",
+    "rename": "renamer --find .node --replace .fake 'prebuilds/**'",
+    "tsc": "tsc -p tsconfig.build.json",
+    "pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip",
+    "build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild",
     "postbuild": "rm -rf prebuilds 2> /dev/null"
   },
   "pkg": {
@@ -26,9 +29,9 @@
     "outputPath": "build"
   },
   "dependencies": {
-    "@budibase/backend-core": "^2.3.16",
-    "@budibase/string-templates": "^2.3.16",
-    "@budibase/types": "^2.3.16",
+    "@budibase/backend-core": "2.3.21-alpha.1",
+    "@budibase/string-templates": "2.3.21-alpha.1",
+    "@budibase/types": "2.3.21-alpha.1",
     "axios": "0.21.2",
     "chalk": "4.1.0",
     "cli-progress": "3.11.2",
@@ -40,7 +43,7 @@
     "inquirer": "8.0.0",
     "joi": "17.6.0",
     "lookpath": "1.1.0",
-    "node-fetch": "2",
+    "node-fetch": "2.6.7",
     "pkg": "5.8.0",
     "posthog-node": "1.0.7",
     "pouchdb": "7.3.0",
@@ -50,8 +53,15 @@
     "yaml": "^2.1.1"
   },
   "devDependencies": {
+    "@swc/core": "^1.3.25",
+    "@swc/jest": "^0.2.24",
+    "@types/jest": "^29.4.0",
+    "@types/node-fetch": "2.6.1",
+    "@types/pouchdb": "^6.4.0",
     "copyfiles": "^2.4.1",
     "eslint": "^7.20.0",
-    "renamer": "^4.0.0"
+    "renamer": "^4.0.0",
+    "ts-node": "^10.9.1",
+    "typescript": "4.7.3"
   }
 }
diff --git a/packages/cli/src/analytics/Client.js b/packages/cli/src/analytics/Client.js
deleted file mode 100644
index 717a50198b..0000000000
--- a/packages/cli/src/analytics/Client.js
+++ /dev/null
@@ -1,32 +0,0 @@
-const PostHog = require("posthog-node")
-const { POSTHOG_TOKEN, AnalyticsEvents } = require("../constants")
-const ConfigManager = require("../structures/ConfigManager")
-
-class AnalyticsClient {
-  constructor() {
-    this.client = new PostHog(POSTHOG_TOKEN)
-    this.configManager = new ConfigManager()
-  }
-
-  capture(event) {
-    if (this.configManager.config.analyticsDisabled) return
-
-    this.client.capture(event)
-  }
-
-  enable() {
-    this.configManager.removeKey("analyticsDisabled")
-    this.client.capture({ event: AnalyticsEvents.OptIn, distinctId: "cli" })
-  }
-
-  disable() {
-    this.client.capture({ event: AnalyticsEvents.OptOut, distinctId: "cli" })
-    this.configManager.setValue("analyticsDisabled", true)
-  }
-
-  status() {
-    return this.configManager.config.analyticsDisabled ? "disabled" : "enabled"
-  }
-}
-
-module.exports = AnalyticsClient
diff --git a/packages/cli/src/analytics/Client.ts b/packages/cli/src/analytics/Client.ts
new file mode 100644
index 0000000000..19b171026d
--- /dev/null
+++ b/packages/cli/src/analytics/Client.ts
@@ -0,0 +1,33 @@
+import PostHog from "posthog-node"
+import { POSTHOG_TOKEN, AnalyticsEvent } from "../constants"
+import { ConfigManager } from "../structures/ConfigManager"
+
+export class AnalyticsClient {
+  client: PostHog
+  configManager: ConfigManager
+
+  constructor() {
+    this.client = new PostHog(POSTHOG_TOKEN, {})
+    this.configManager = new ConfigManager()
+  }
+
+  capture(event: { distinctId: string; event: string; properties?: any }) {
+    if (this.configManager.config.analyticsDisabled) return
+
+    this.client.capture(event)
+  }
+
+  enable() {
+    this.configManager.removeKey("analyticsDisabled")
+    this.client.capture({ event: AnalyticsEvent.OptIn, distinctId: "cli" })
+  }
+
+  disable() {
+    this.client.capture({ event: AnalyticsEvent.OptOut, distinctId: "cli" })
+    this.configManager.setValue("analyticsDisabled", true)
+  }
+
+  status() {
+    return this.configManager.config.analyticsDisabled ? "disabled" : "enabled"
+  }
+}
diff --git a/packages/cli/src/analytics/index.js b/packages/cli/src/analytics/index.ts
similarity index 76%
rename from packages/cli/src/analytics/index.js
rename to packages/cli/src/analytics/index.ts
index d85323d1d0..077104c165 100644
--- a/packages/cli/src/analytics/index.js
+++ b/packages/cli/src/analytics/index.ts
@@ -1,7 +1,7 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const { success, error } = require("../utils")
-const AnalyticsClient = require("./Client")
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import { success, error } from "../utils"
+import { AnalyticsClient } from "./Client"
 
 const client = new AnalyticsClient()
 
@@ -14,11 +14,10 @@ async function optOut() {
         "Successfully opted out of Budibase analytics. You can opt in at any time by running 'budi analytics opt-in'"
       )
     )
-  } catch (err) {
+  } catch (err: any) {
     console.log(
       error(
-        "Error opting out of Budibase analytics. Please try again later.",
-        err
+        `Error opting out of Budibase analytics. Please try again later - ${err}`
       )
     )
   }
@@ -50,7 +49,7 @@ async function status() {
   }
 }
 
-const command = new Command(`${CommandWords.ANALYTICS}`)
+export default new Command(`${CommandWord.ANALYTICS}`)
   .addHelp("Control the analytics you send to Budibase.")
   .addSubOption("--optin", "Opt in to sending analytics to Budibase", optIn)
   .addSubOption("--optout", "Opt out of sending analytics to Budibase.", optOut)
@@ -59,5 +58,3 @@ const command = new Command(`${CommandWords.ANALYTICS}`)
     "Check whether you are currently opted in to Budibase analytics.",
     status
   )
-
-exports.command = command
diff --git a/packages/cli/src/backups/index.js b/packages/cli/src/backups/index.ts
similarity index 79%
rename from packages/cli/src/backups/index.js
rename to packages/cli/src/backups/index.ts
index 47b54fa9a0..2b148f34af 100644
--- a/packages/cli/src/backups/index.js
+++ b/packages/cli/src/backups/index.ts
@@ -1,28 +1,30 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const fs = require("fs")
-const { join } = require("path")
-const { getAllDbs } = require("../core/db")
-const tar = require("tar")
-const { progressBar, httpCall } = require("../utils")
-const {
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import fs from "fs"
+import { join } from "path"
+import { getAllDbs } from "../core/db"
+import { progressBar, httpCall } from "../utils"
+import {
   TEMP_DIR,
   COUCH_DIR,
   MINIO_DIR,
   getConfig,
   replication,
   getPouches,
-} = require("./utils")
-const { exportObjects, importObjects } = require("./objectStore")
+} from "./utils"
+import { exportObjects, importObjects } from "./objectStore"
+const tar = require("tar")
 
-async function exportBackup(opts) {
+type BackupOpts = { env?: string; import?: string; export?: string }
+
+async function exportBackup(opts: BackupOpts) {
   const envFile = opts.env || undefined
-  let filename = opts["export"] || opts
+  let filename = opts["export"] || (opts as string)
   if (typeof filename !== "string") {
     filename = `backup-${new Date().toISOString()}.tar.gz`
   }
   const config = await getConfig(envFile)
-  const dbList = await getAllDbs(config["COUCH_DB_URL"])
+  const dbList = (await getAllDbs(config["COUCH_DB_URL"])) as string[]
   const { Remote, Local } = getPouches(config)
   if (fs.existsSync(TEMP_DIR)) {
     fs.rmSync(TEMP_DIR, { recursive: true })
@@ -55,9 +57,9 @@ async function exportBackup(opts) {
   console.log(`Generated export file - ${filename}`)
 }
 
-async function importBackup(opts) {
+async function importBackup(opts: BackupOpts) {
   const envFile = opts.env || undefined
-  const filename = opts["import"] || opts
+  const filename = opts["import"] || (opts as string)
   const config = await getConfig(envFile)
   if (!filename || !fs.existsSync(filename)) {
     console.error("Cannot import without specifying a valid file to import")
@@ -99,7 +101,7 @@ async function importBackup(opts) {
   fs.rmSync(TEMP_DIR, { recursive: true })
 }
 
-async function pickOne(opts) {
+async function pickOne(opts: BackupOpts) {
   if (opts["import"]) {
     return importBackup(opts)
   } else if (opts["export"]) {
@@ -107,7 +109,7 @@ async function pickOne(opts) {
   }
 }
 
-const command = new Command(`${CommandWords.BACKUPS}`)
+export default new Command(`${CommandWord.BACKUPS}`)
   .addHelp(
     "Allows building backups of Budibase, as well as importing a backup to a new instance."
   )
@@ -126,5 +128,3 @@ const command = new Command(`${CommandWords.BACKUPS}`)
     "Provide an environment variable file to configure the CLI.",
     pickOne
   )
-
-exports.command = command
diff --git a/packages/cli/src/backups/objectStore.js b/packages/cli/src/backups/objectStore.ts
similarity index 81%
rename from packages/cli/src/backups/objectStore.js
rename to packages/cli/src/backups/objectStore.ts
index 407659d54a..d801f6e453 100644
--- a/packages/cli/src/backups/objectStore.js
+++ b/packages/cli/src/backups/objectStore.ts
@@ -1,8 +1,8 @@
-const { objectStore } = require("@budibase/backend-core")
-const fs = require("fs")
-const { join } = require("path")
-const { TEMP_DIR, MINIO_DIR } = require("./utils")
-const { progressBar } = require("../utils")
+import { objectStore } from "@budibase/backend-core"
+import fs from "fs"
+import { join } from "path"
+import { TEMP_DIR, MINIO_DIR } from "./utils"
+import { progressBar } from "../utils"
 const {
   ObjectStoreBuckets,
   ObjectStore,
@@ -13,10 +13,10 @@ const {
 
 const bucketList = Object.values(ObjectStoreBuckets)
 
-exports.exportObjects = async () => {
+export async function exportObjects() {
   const path = join(TEMP_DIR, MINIO_DIR)
   fs.mkdirSync(path)
-  let fullList = []
+  let fullList: any[] = []
   let errorCount = 0
   for (let bucket of bucketList) {
     const client = ObjectStore(bucket)
@@ -26,7 +26,7 @@ exports.exportObjects = async () => {
       errorCount++
       continue
     }
-    const list = await client.listObjectsV2().promise()
+    const list = (await client.listObjectsV2().promise()) as { Contents: any[] }
     fullList = fullList.concat(list.Contents.map(el => ({ ...el, bucket })))
   }
   if (errorCount === bucketList.length) {
@@ -48,7 +48,7 @@ exports.exportObjects = async () => {
   bar.stop()
 }
 
-exports.importObjects = async () => {
+export async function importObjects() {
   const path = join(TEMP_DIR, MINIO_DIR)
   const buckets = fs.readdirSync(path)
   let total = 0
diff --git a/packages/cli/src/backups/utils.js b/packages/cli/src/backups/utils.ts
similarity index 66%
rename from packages/cli/src/backups/utils.js
rename to packages/cli/src/backups/utils.ts
index 21d3504373..30e79ac17b 100644
--- a/packages/cli/src/backups/utils.js
+++ b/packages/cli/src/backups/utils.ts
@@ -1,12 +1,13 @@
-const dotenv = require("dotenv")
-const fs = require("fs")
-const { string } = require("../questions")
-const { getPouch } = require("../core/db")
-const { env: environment } = require("@budibase/backend-core")
+import dotenv from "dotenv"
+import fs from "fs"
+import { string } from "../questions"
+import { getPouch } from "../core/db"
+import { env as environment } from "@budibase/backend-core"
+import PouchDB from "pouchdb"
 
-exports.TEMP_DIR = ".temp"
-exports.COUCH_DIR = "couchdb"
-exports.MINIO_DIR = "minio"
+export const TEMP_DIR = ".temp"
+export const COUCH_DIR = "couchdb"
+export const MINIO_DIR = "minio"
 
 const REQUIRED = [
   { value: "MAIN_PORT", default: "10000" },
@@ -19,7 +20,7 @@ const REQUIRED = [
   { value: "MINIO_SECRET_KEY" },
 ]
 
-exports.checkURLs = config => {
+export function checkURLs(config: Record<string, string>) {
   const mainPort = config["MAIN_PORT"],
     username = config["COUCH_DB_USER"],
     password = config["COUCH_DB_PASSWORD"]
@@ -34,23 +35,23 @@ exports.checkURLs = config => {
   return config
 }
 
-exports.askQuestions = async () => {
+export async function askQuestions() {
   console.log(
     "*** NOTE: use a .env file to load these parameters repeatedly ***"
   )
-  let config = {}
+  let config: Record<string, string> = {}
   for (let property of REQUIRED) {
     config[property.value] = await string(property.value, property.default)
   }
   return config
 }
 
-exports.loadEnvironment = path => {
+export function loadEnvironment(path: string) {
   if (!fs.existsSync(path)) {
     throw "Unable to file specified .env file"
   }
   const env = fs.readFileSync(path, "utf8")
-  const config = exports.checkURLs(dotenv.parse(env))
+  const config = checkURLs(dotenv.parse(env))
   for (let required of REQUIRED) {
     if (!config[required.value]) {
       throw `Cannot find "${required.value}" property in .env file`
@@ -60,12 +61,12 @@ exports.loadEnvironment = path => {
 }
 
 // true is the default value passed by commander
-exports.getConfig = async (envFile = true) => {
+export async function getConfig(envFile: boolean | string = true) {
   let config
   if (envFile !== true) {
-    config = exports.loadEnvironment(envFile)
+    config = loadEnvironment(envFile as string)
   } else {
-    config = await exports.askQuestions()
+    config = await askQuestions()
   }
   // fill out environment
   for (let key of Object.keys(config)) {
@@ -74,12 +75,16 @@ exports.getConfig = async (envFile = true) => {
   return config
 }
 
-exports.replication = async (from, to) => {
+export async function replication(
+  from: PouchDB.Database,
+  to: PouchDB.Database
+) {
   const pouch = getPouch()
   try {
     await pouch.replicate(from, to, {
       batch_size: 1000,
-      batch_limit: 5,
+      batches_limit: 5,
+      // @ts-ignore
       style: "main_only",
     })
   } catch (err) {
@@ -87,7 +92,7 @@ exports.replication = async (from, to) => {
   }
 }
 
-exports.getPouches = config => {
+export function getPouches(config: Record<string, string>) {
   const Remote = getPouch(config["COUCH_DB_URL"])
   const Local = getPouch()
   return { Remote, Local }
diff --git a/packages/cli/src/constants.js b/packages/cli/src/constants.js
deleted file mode 100644
index 6b0265ffd2..0000000000
--- a/packages/cli/src/constants.js
+++ /dev/null
@@ -1,25 +0,0 @@
-const { Event } = require("@budibase/types")
-
-exports.CommandWords = {
-  BACKUPS: "backups",
-  HOSTING: "hosting",
-  ANALYTICS: "analytics",
-  HELP: "help",
-  PLUGIN: "plugins",
-}
-
-exports.InitTypes = {
-  QUICK: "quick",
-  DIGITAL_OCEAN: "do",
-}
-
-exports.AnalyticsEvents = {
-  OptOut: "analytics:opt:out",
-  OptIn: "analytics:opt:in",
-  SelfHostInit: "hosting:init",
-  PluginInit: Event.PLUGIN_INIT,
-}
-
-exports.POSTHOG_TOKEN = "phc_yGOn4i7jWKaCTapdGR6lfA4AvmuEQ2ijn5zAVSFYPlS"
-
-exports.GENERATED_USER_EMAIL = "admin@admin.com"
diff --git a/packages/cli/src/constants.ts b/packages/cli/src/constants.ts
new file mode 100644
index 0000000000..6fa5822986
--- /dev/null
+++ b/packages/cli/src/constants.ts
@@ -0,0 +1,4 @@
+export { CommandWord, InitType, AnalyticsEvent } from "@budibase/types"
+
+export const POSTHOG_TOKEN = "phc_yGOn4i7jWKaCTapdGR6lfA4AvmuEQ2ijn5zAVSFYPlS"
+export const GENERATED_USER_EMAIL = "admin@admin.com"
diff --git a/packages/cli/src/core/db.js b/packages/cli/src/core/db.ts
similarity index 69%
rename from packages/cli/src/core/db.js
rename to packages/cli/src/core/db.ts
index 38f383d99e..f2afb8bcd4 100644
--- a/packages/cli/src/core/db.js
+++ b/packages/cli/src/core/db.ts
@@ -1,12 +1,12 @@
-const PouchDB = require("pouchdb")
-const { checkSlashesInUrl } = require("../utils")
-const fetch = require("node-fetch")
+import PouchDB from "pouchdb"
+import { checkSlashesInUrl } from "../utils"
+import fetch from "node-fetch"
 
 /**
  * Fully qualified URL including username and password, or nothing for local
  */
-exports.getPouch = (url = undefined) => {
-  let POUCH_DB_DEFAULTS = {}
+export function getPouch(url?: string) {
+  let POUCH_DB_DEFAULTS
   if (!url) {
     POUCH_DB_DEFAULTS = {
       prefix: undefined,
@@ -19,11 +19,12 @@ exports.getPouch = (url = undefined) => {
   }
   const replicationStream = require("pouchdb-replication-stream")
   PouchDB.plugin(replicationStream.plugin)
+  // @ts-ignore
   PouchDB.adapter("writableStream", replicationStream.adapters.writableStream)
-  return PouchDB.defaults(POUCH_DB_DEFAULTS)
+  return PouchDB.defaults(POUCH_DB_DEFAULTS) as PouchDB.Static
 }
 
-exports.getAllDbs = async url => {
+export async function getAllDbs(url: string) {
   const response = await fetch(
     checkSlashesInUrl(encodeURI(`${url}/_all_dbs`)),
     {
diff --git a/packages/cli/src/environment.js b/packages/cli/src/environment.ts
similarity index 57%
rename from packages/cli/src/environment.js
rename to packages/cli/src/environment.ts
index c8c8fe87e9..9d017f99b2 100644
--- a/packages/cli/src/environment.js
+++ b/packages/cli/src/environment.ts
@@ -1,2 +1,3 @@
 process.env.NO_JS = "1"
 process.env.JS_BCRYPT = "1"
+process.env.DISABLE_JWT_WARNING = "1"
diff --git a/packages/cli/src/events.js b/packages/cli/src/events.js
deleted file mode 100644
index 63d4fca1ea..0000000000
--- a/packages/cli/src/events.js
+++ /dev/null
@@ -1,11 +0,0 @@
-const AnalyticsClient = require("./analytics/Client")
-
-const client = new AnalyticsClient()
-
-exports.captureEvent = (event, properties) => {
-  client.capture({
-    distinctId: "cli",
-    event,
-    properties,
-  })
-}
diff --git a/packages/cli/src/events.ts b/packages/cli/src/events.ts
new file mode 100644
index 0000000000..c05a596c0a
--- /dev/null
+++ b/packages/cli/src/events.ts
@@ -0,0 +1,11 @@
+import { AnalyticsClient } from "./analytics/Client"
+
+const client = new AnalyticsClient()
+
+export function captureEvent(event: string, properties: any) {
+  client.capture({
+    distinctId: "cli",
+    event,
+    properties,
+  })
+}
diff --git a/packages/cli/src/exec.js b/packages/cli/src/exec.ts
similarity index 55%
rename from packages/cli/src/exec.js
rename to packages/cli/src/exec.ts
index 4df486aed6..b121ca0e03 100644
--- a/packages/cli/src/exec.js
+++ b/packages/cli/src/exec.ts
@@ -1,21 +1,21 @@
-const util = require("util")
-const exec = util.promisify(require("child_process").exec)
+import util from "util"
+const runCommand = util.promisify(require("child_process").exec)
 
-exports.exec = async (command, dir = "./") => {
-  const { stdout } = await exec(command, { cwd: dir })
+export async function exec(command: string, dir = "./") {
+  const { stdout } = await runCommand(command, { cwd: dir })
   return stdout
 }
 
-exports.utilityInstalled = async utilName => {
+export async function utilityInstalled(utilName: string) {
   try {
-    await exports.exec(`${utilName} --version`)
+    await exec(`${utilName} --version`)
     return true
   } catch (err) {
     return false
   }
 }
 
-exports.runPkgCommand = async (command, dir = "./") => {
+export async function runPkgCommand(command: string, dir = "./") {
   const yarn = await exports.utilityInstalled("yarn")
   const npm = await exports.utilityInstalled("npm")
   if (!yarn && !npm) {
diff --git a/packages/cli/src/hosting/genUser.js b/packages/cli/src/hosting/genUser.ts
similarity index 68%
rename from packages/cli/src/hosting/genUser.js
rename to packages/cli/src/hosting/genUser.ts
index 7ee11179af..e02bb20e1f 100644
--- a/packages/cli/src/hosting/genUser.js
+++ b/packages/cli/src/hosting/genUser.ts
@@ -2,15 +2,16 @@ const { success } = require("../utils")
 const { updateDockerComposeService } = require("./utils")
 const randomString = require("randomstring")
 const { GENERATED_USER_EMAIL } = require("../constants")
+import { DockerCompose } from "./types"
 
-exports.generateUser = async (password, silent) => {
+export async function generateUser(password: string | null, silent: boolean) {
   const email = GENERATED_USER_EMAIL
   if (!password) {
     password = randomString.generate({ length: 6 })
   }
-  updateDockerComposeService(service => {
+  updateDockerComposeService((service: DockerCompose) => {
     service.environment["BB_ADMIN_USER_EMAIL"] = email
-    service.environment["BB_ADMIN_USER_PASSWORD"] = password
+    service.environment["BB_ADMIN_USER_PASSWORD"] = password as string
   })
   if (!silent) {
     console.log(
diff --git a/packages/cli/src/hosting/index.js b/packages/cli/src/hosting/index.ts
similarity index 68%
rename from packages/cli/src/hosting/index.js
rename to packages/cli/src/hosting/index.ts
index d8133c4959..3326061c9a 100644
--- a/packages/cli/src/hosting/index.js
+++ b/packages/cli/src/hosting/index.ts
@@ -1,14 +1,14 @@
-const Command = require("../structures/Command")
-const { CommandWords } = require("../constants")
-const { init } = require("./init")
-const { start } = require("./start")
-const { stop } = require("./stop")
-const { status } = require("./status")
-const { update } = require("./update")
-const { generateUser } = require("./genUser")
-const { watchPlugins } = require("./watch")
+import { Command } from "../structures/Command"
+import { CommandWord } from "../constants"
+import { init } from "./init"
+import { start } from "./start"
+import { stop } from "./stop"
+import { status } from "./status"
+import { update } from "./update"
+import { generateUser } from "./genUser"
+import { watchPlugins } from "./watch"
 
-const command = new Command(`${CommandWords.HOSTING}`)
+export default new Command(`${CommandWord.HOSTING}`)
   .addHelp("Controls self hosting on the Budibase platform.")
   .addSubOption(
     "--init [type]",
@@ -46,5 +46,3 @@ const command = new Command(`${CommandWords.HOSTING}`)
     generateUser
   )
   .addSubOption("--single", "Specify this with init to use the single image.")
-
-exports.command = command
diff --git a/packages/cli/src/hosting/init.js b/packages/cli/src/hosting/init.ts
similarity index 58%
rename from packages/cli/src/hosting/init.js
rename to packages/cli/src/hosting/init.ts
index 88063f1732..04943ce4e7 100644
--- a/packages/cli/src/hosting/init.js
+++ b/packages/cli/src/hosting/init.ts
@@ -1,24 +1,25 @@
-const { InitTypes, AnalyticsEvents } = require("../constants")
-const { confirmation } = require("../questions")
-const { captureEvent } = require("../events")
-const makeFiles = require("./makeFiles")
-const axios = require("axios")
-const { parseEnv } = require("../utils")
-const { checkDockerConfigured, downloadFiles } = require("./utils")
-const { watchPlugins } = require("./watch")
-const { generateUser } = require("./genUser")
+import { InitType, AnalyticsEvent } from "../constants"
+import { confirmation } from "../questions"
+import { captureEvent } from "../events"
+import * as makeFiles from "./makeFiles"
+import { parseEnv } from "../utils"
+import { checkDockerConfigured, downloadDockerCompose } from "./utils"
+import { watchPlugins } from "./watch"
+import { generateUser } from "./genUser"
+import fetch from "node-fetch"
 
 const DO_USER_DATA_URL = "http://169.254.169.254/metadata/v1/user-data"
 
-async function getInitConfig(type, isQuick, port) {
-  const config = isQuick ? makeFiles.QUICK_CONFIG : {}
-  if (type === InitTypes.DIGITAL_OCEAN) {
+async function getInitConfig(type: string, isQuick: boolean, port: number) {
+  const config: any = isQuick ? makeFiles.QUICK_CONFIG : {}
+  if (type === InitType.DIGITAL_OCEAN) {
     try {
-      const output = await axios.get(DO_USER_DATA_URL)
-      const response = parseEnv(output.data)
+      const output = await fetch(DO_USER_DATA_URL)
+      const data = await output.text()
+      const response = parseEnv(data)
       for (let [key, value] of Object.entries(makeFiles.ConfigMap)) {
         if (response[key]) {
-          config[value] = response[key]
+          config[value as string] = response[key]
         }
       }
     } catch (err) {
@@ -32,7 +33,7 @@ async function getInitConfig(type, isQuick, port) {
   return config
 }
 
-exports.init = async opts => {
+export async function init(opts: any) {
   let type, isSingle, watchDir, genUser, port, silent
   if (typeof opts === "string") {
     type = opts
@@ -44,7 +45,7 @@ exports.init = async opts => {
     port = opts["port"]
     silent = opts["silent"]
   }
-  const isQuick = type === InitTypes.QUICK || type === InitTypes.DIGITAL_OCEAN
+  const isQuick = type === InitType.QUICK || type === InitType.DIGITAL_OCEAN
   await checkDockerConfigured()
   if (!isQuick) {
     const shouldContinue = await confirmation(
@@ -55,12 +56,12 @@ exports.init = async opts => {
       return
     }
   }
-  captureEvent(AnalyticsEvents.SelfHostInit, {
+  captureEvent(AnalyticsEvent.SelfHostInit, {
     type,
   })
   const config = await getInitConfig(type, isQuick, port)
   if (!isSingle) {
-    await downloadFiles()
+    await downloadDockerCompose()
     await makeFiles.makeEnv(config, silent)
   } else {
     await makeFiles.makeSingleCompose(config, silent)
diff --git a/packages/cli/src/hosting/makeFiles.js b/packages/cli/src/hosting/makeFiles.ts
similarity index 76%
rename from packages/cli/src/hosting/makeFiles.js
rename to packages/cli/src/hosting/makeFiles.ts
index abb0736858..9574e107a6 100644
--- a/packages/cli/src/hosting/makeFiles.js
+++ b/packages/cli/src/hosting/makeFiles.ts
@@ -1,15 +1,15 @@
-const { number } = require("../questions")
-const { success, stringifyToDotEnv } = require("../utils")
-const fs = require("fs")
-const path = require("path")
+import { number } from "../questions"
+import { success, stringifyToDotEnv } from "../utils"
+import fs from "fs"
+import path from "path"
+import yaml from "yaml"
+import { getAppService } from "./utils"
 const randomString = require("randomstring")
-const yaml = require("yaml")
-const { getAppService } = require("./utils")
 
 const SINGLE_IMAGE = "budibase/budibase:latest"
 const VOL_NAME = "budibase_data"
-const COMPOSE_PATH = path.resolve("./docker-compose.yaml")
-const ENV_PATH = path.resolve("./.env")
+export const COMPOSE_PATH = path.resolve("./docker-compose.yaml")
+export const ENV_PATH = path.resolve("./.env")
 
 function getSecrets(opts = { single: false }) {
   const secrets = [
@@ -19,7 +19,7 @@ function getSecrets(opts = { single: false }) {
     "REDIS_PASSWORD",
     "INTERNAL_API_KEY",
   ]
-  const obj = {}
+  const obj: Record<string, string> = {}
   secrets.forEach(secret => (obj[secret] = randomString.generate()))
   // setup couch creds separately
   if (opts && opts.single) {
@@ -32,7 +32,7 @@ function getSecrets(opts = { single: false }) {
   return obj
 }
 
-function getSingleCompose(port) {
+function getSingleCompose(port: number) {
   const singleComposeObj = {
     version: "3",
     services: {
@@ -53,7 +53,7 @@ function getSingleCompose(port) {
   return yaml.stringify(singleComposeObj)
 }
 
-function getEnv(port) {
+function getEnv(port: number) {
   const partOne = stringifyToDotEnv({
     MAIN_PORT: port,
   })
@@ -77,19 +77,21 @@ function getEnv(port) {
   ].join("\n")
 }
 
-exports.ENV_PATH = ENV_PATH
-exports.COMPOSE_PATH = COMPOSE_PATH
-
-module.exports.ConfigMap = {
+export const ConfigMap = {
   MAIN_PORT: "port",
 }
 
-module.exports.QUICK_CONFIG = {
+export const QUICK_CONFIG = {
   key: "budibase",
   port: 10000,
 }
 
-async function make(path, contentsFn, inputs = {}, silent) {
+async function make(
+  path: string,
+  contentsFn: Function,
+  inputs: any = {},
+  silent: boolean
+) {
   const port =
     inputs.port ||
     (await number(
@@ -107,15 +109,15 @@ async function make(path, contentsFn, inputs = {}, silent) {
   }
 }
 
-module.exports.makeEnv = async (inputs = {}, silent) => {
+export async function makeEnv(inputs: any = {}, silent: boolean) {
   return make(ENV_PATH, getEnv, inputs, silent)
 }
 
-module.exports.makeSingleCompose = async (inputs = {}, silent) => {
+export async function makeSingleCompose(inputs: any = {}, silent: boolean) {
   return make(COMPOSE_PATH, getSingleCompose, inputs, silent)
 }
 
-module.exports.getEnvProperty = property => {
+export function getEnvProperty(property: string) {
   const props = fs.readFileSync(ENV_PATH, "utf8").split(property)
   if (props[0].charAt(0) === "=") {
     property = props[0]
@@ -125,7 +127,7 @@ module.exports.getEnvProperty = property => {
   return property.split("=")[1].split("\n")[0]
 }
 
-module.exports.getComposeProperty = property => {
+export function getComposeProperty(property: string) {
   const { service } = getAppService(COMPOSE_PATH)
   if (property === "port" && Array.isArray(service.ports)) {
     const port = service.ports[0]
diff --git a/packages/cli/src/hosting/start.js b/packages/cli/src/hosting/start.ts
similarity index 69%
rename from packages/cli/src/hosting/start.js
rename to packages/cli/src/hosting/start.ts
index 33b5eb92ce..75e3df451f 100644
--- a/packages/cli/src/hosting/start.js
+++ b/packages/cli/src/hosting/start.ts
@@ -1,14 +1,10 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info, success } = require("../utils")
-const makeFiles = require("./makeFiles")
-const compose = require("docker-compose")
-const fs = require("fs")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info, success } from "../utils"
+import * as makeFiles from "./makeFiles"
+import compose from "docker-compose"
+import fs from "fs"
 
-exports.start = async () => {
+export async function start() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(
diff --git a/packages/cli/src/hosting/status.js b/packages/cli/src/hosting/status.ts
similarity index 50%
rename from packages/cli/src/hosting/status.js
rename to packages/cli/src/hosting/status.ts
index 2b98392133..8a0803bc26 100644
--- a/packages/cli/src/hosting/status.js
+++ b/packages/cli/src/hosting/status.ts
@@ -1,12 +1,8 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info } = require("../utils")
-const compose = require("docker-compose")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info } from "../utils"
+import compose from "docker-compose"
 
-exports.status = async () => {
+export async function status() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(info("Budibase status"))
diff --git a/packages/cli/src/hosting/stop.js b/packages/cli/src/hosting/stop.ts
similarity index 54%
rename from packages/cli/src/hosting/stop.js
rename to packages/cli/src/hosting/stop.ts
index 5f38c93484..cff5e83028 100644
--- a/packages/cli/src/hosting/stop.js
+++ b/packages/cli/src/hosting/stop.ts
@@ -1,12 +1,8 @@
-const {
-  checkDockerConfigured,
-  checkInitComplete,
-  handleError,
-} = require("./utils")
-const { info, success } = require("../utils")
-const compose = require("docker-compose")
+import { checkDockerConfigured, checkInitComplete, handleError } from "./utils"
+import { info, success } from "../utils"
+import compose from "docker-compose"
 
-exports.stop = async () => {
+export async function stop() {
   await checkDockerConfigured()
   checkInitComplete()
   console.log(info("Stopping services, this may take a moment."))
diff --git a/packages/cli/src/hosting/types.ts b/packages/cli/src/hosting/types.ts
new file mode 100644
index 0000000000..ee50ccebfc
--- /dev/null
+++ b/packages/cli/src/hosting/types.ts
@@ -0,0 +1,4 @@
+export interface DockerCompose {
+  environment: Record<string, string>
+  volumes: string[]
+}
diff --git a/packages/cli/src/hosting/update.js b/packages/cli/src/hosting/update.ts
similarity index 77%
rename from packages/cli/src/hosting/update.js
rename to packages/cli/src/hosting/update.ts
index 7d3367ce57..161cc04ae1 100644
--- a/packages/cli/src/hosting/update.js
+++ b/packages/cli/src/hosting/update.ts
@@ -1,20 +1,20 @@
-const {
+import {
   checkDockerConfigured,
   checkInitComplete,
-  downloadFiles,
+  downloadDockerCompose,
   handleError,
   getServices,
-} = require("./utils")
-const { confirmation } = require("../questions")
-const compose = require("docker-compose")
-const { COMPOSE_PATH } = require("./makeFiles")
-const { info, success } = require("../utils")
-const { start } = require("./start")
+} from "./utils"
+import { confirmation } from "../questions"
+import compose from "docker-compose"
+import { COMPOSE_PATH } from "./makeFiles"
+import { info, success } from "../utils"
+import { start } from "./start"
 
 const BB_COMPOSE_SERVICES = ["app-service", "worker-service", "proxy-service"]
 const BB_SINGLE_SERVICE = ["budibase"]
 
-exports.update = async () => {
+export async function update() {
   const { services } = getServices(COMPOSE_PATH)
   const isSingle = Object.keys(services).length === 1
   await checkDockerConfigured()
@@ -23,7 +23,7 @@ exports.update = async () => {
     !isSingle &&
     (await confirmation("Do you wish to update you docker-compose.yaml?"))
   ) {
-    await downloadFiles()
+    await downloadDockerCompose()
   }
   await handleError(async () => {
     const status = await compose.ps()
diff --git a/packages/cli/src/hosting/utils.js b/packages/cli/src/hosting/utils.ts
similarity index 62%
rename from packages/cli/src/hosting/utils.js
rename to packages/cli/src/hosting/utils.ts
index 952974ee83..9e5bd367ed 100644
--- a/packages/cli/src/hosting/utils.js
+++ b/packages/cli/src/hosting/utils.ts
@@ -1,24 +1,24 @@
-const { lookpath } = require("lookpath")
-const fs = require("fs")
-const makeFiles = require("./makeFiles")
-const { logErrorToFile, downloadFile, error } = require("../utils")
-const yaml = require("yaml")
+import { lookpath } from "lookpath"
+import fs from "fs"
+import * as makeFiles from "./makeFiles"
+import { logErrorToFile, downloadFile, error } from "../utils"
+import yaml from "yaml"
+import { DockerCompose } from "./types"
 
 const ERROR_FILE = "docker-error.log"
-const FILE_URLS = [
-  "https://raw.githubusercontent.com/Budibase/budibase/master/hosting/docker-compose.yaml",
-]
+const COMPOSE_URL =
+  "https://raw.githubusercontent.com/Budibase/budibase/master/hosting/docker-compose.yaml"
 
-exports.downloadFiles = async () => {
-  const promises = []
-  for (let url of FILE_URLS) {
-    const fileName = url.split("/").slice(-1)[0]
-    promises.push(downloadFile(url, `./${fileName}`))
+export async function downloadDockerCompose() {
+  const fileName = COMPOSE_URL.split("/").slice(-1)[0]
+  try {
+    await downloadFile(COMPOSE_URL, `./${fileName}`)
+  } catch (err) {
+    console.error(error(`Failed to retrieve compose file - ${err}`))
   }
-  await Promise.all(promises)
 }
 
-exports.checkDockerConfigured = async () => {
+export async function checkDockerConfigured() {
   const error =
     "docker/docker-compose has not been installed, please follow instructions at: https://docs.budibase.com/docs/docker-compose"
   const docker = await lookpath("docker")
@@ -28,7 +28,7 @@ exports.checkDockerConfigured = async () => {
   }
 }
 
-exports.checkInitComplete = () => {
+export function checkInitComplete() {
   if (
     !fs.existsSync(makeFiles.ENV_PATH) &&
     !fs.existsSync(makeFiles.COMPOSE_PATH)
@@ -37,10 +37,10 @@ exports.checkInitComplete = () => {
   }
 }
 
-exports.handleError = async func => {
+export async function handleError(func: Function) {
   try {
     await func()
-  } catch (err) {
+  } catch (err: any) {
     if (err && err.err) {
       logErrorToFile(ERROR_FILE, err.err)
     }
@@ -48,14 +48,14 @@ exports.handleError = async func => {
   }
 }
 
-exports.getServices = path => {
+export function getServices(path: string) {
   const dockerYaml = fs.readFileSync(path, "utf8")
   const parsedYaml = yaml.parse(dockerYaml)
   return { yaml: parsedYaml, services: parsedYaml.services }
 }
 
-exports.getAppService = path => {
-  const { yaml, services } = exports.getServices(path),
+export function getAppService(path: string) {
+  const { yaml, services } = getServices(path),
     serviceList = Object.keys(services)
   let service
   if (services["app-service"]) {
@@ -66,14 +66,17 @@ exports.getAppService = path => {
   return { yaml, service }
 }
 
-exports.updateDockerComposeService = updateFn => {
+export function updateDockerComposeService(
+  // eslint-disable-next-line no-unused-vars
+  updateFn: (service: DockerCompose) => void
+) {
   const opts = ["docker-compose.yaml", "docker-compose.yml"]
   const dockerFilePath = opts.find(name => fs.existsSync(name))
   if (!dockerFilePath) {
     console.log(error("Unable to locate docker-compose YAML."))
     return
   }
-  const { yaml: parsedYaml, service } = exports.getAppService(dockerFilePath)
+  const { yaml: parsedYaml, service } = getAppService(dockerFilePath)
   if (!service) {
     console.log(
       error(
diff --git a/packages/cli/src/hosting/watch.js b/packages/cli/src/hosting/watch.ts
similarity index 71%
rename from packages/cli/src/hosting/watch.js
rename to packages/cli/src/hosting/watch.ts
index 56f1c8e201..4bd7f6f568 100644
--- a/packages/cli/src/hosting/watch.js
+++ b/packages/cli/src/hosting/watch.ts
@@ -1,9 +1,10 @@
-const { resolve } = require("path")
-const fs = require("fs")
-const { error, success } = require("../utils")
-const { updateDockerComposeService } = require("./utils")
+import { resolve } from "path"
+import fs from "fs"
+import { error, success } from "../utils"
+import { updateDockerComposeService } from "./utils"
+import { DockerCompose } from "./types"
 
-exports.watchPlugins = async (pluginPath, silent) => {
+export async function watchPlugins(pluginPath: string, silent: boolean) {
   const PLUGIN_PATH = "/plugins"
   // get absolute path
   pluginPath = resolve(pluginPath)
@@ -15,7 +16,7 @@ exports.watchPlugins = async (pluginPath, silent) => {
     )
     return
   }
-  updateDockerComposeService(service => {
+  updateDockerComposeService((service: DockerCompose) => {
     // set environment variable
     service.environment["PLUGINS_DIR"] = PLUGIN_PATH
     // add volumes to parsed yaml
diff --git a/packages/cli/src/index.js b/packages/cli/src/index.ts
similarity index 74%
rename from packages/cli/src/index.js
rename to packages/cli/src/index.ts
index 9d1004fc20..77e4d6da8e 100644
--- a/packages/cli/src/index.js
+++ b/packages/cli/src/index.ts
@@ -1,10 +1,10 @@
 #!/usr/bin/env node
-require("./prebuilds")
-require("./environment")
+import "./prebuilds"
+import "./environment"
+import { getCommands } from "./options"
+import { Command } from "commander"
+import { getHelpDescription } from "./utils"
 const json = require("../package.json")
-const { getCommands } = require("./options")
-const { Command } = require("commander")
-const { getHelpDescription } = require("./utils")
 
 // add hosting config
 async function init() {
diff --git a/packages/cli/src/options.js b/packages/cli/src/options.js
deleted file mode 100644
index 1e58ee2725..0000000000
--- a/packages/cli/src/options.js
+++ /dev/null
@@ -1,8 +0,0 @@
-const analytics = require("./analytics")
-const hosting = require("./hosting")
-const backups = require("./backups")
-const plugins = require("./plugins")
-
-exports.getCommands = () => {
-  return [hosting.command, analytics.command, backups.command, plugins.command]
-}
diff --git a/packages/cli/src/options.ts b/packages/cli/src/options.ts
new file mode 100644
index 0000000000..4fc6d9e952
--- /dev/null
+++ b/packages/cli/src/options.ts
@@ -0,0 +1,8 @@
+import analytics from "./analytics"
+import hosting from "./hosting"
+import backups from "./backups"
+import plugins from "./plugins"
+
+export function getCommands() {
+  return [hosting, analytics, backups, plugins]
+}
diff --git a/packages/cli/src/plugins/index.js b/packages/cli/src/plugins/index.ts
similarity index 82%
rename from packages/cli/src/plugins/index.js
rename to packages/cli/src/plugins/index.ts
index 5786c521b2..cfafd67720 100644
--- a/packages/cli/src/plugins/index.js
+++ b/packages/cli/src/plugins/index.ts
@@ -1,18 +1,22 @@
-const Command = require("../structures/Command")
-const { CommandWords, AnalyticsEvents, InitTypes } = require("../constants")
-const { getSkeleton, fleshOutSkeleton } = require("./skeleton")
-const questions = require("../questions")
-const fs = require("fs")
-const { PLUGIN_TYPE_ARR } = require("@budibase/types")
-const { plugins } = require("@budibase/backend-core")
-const { runPkgCommand } = require("../exec")
-const { join } = require("path")
-const { success, error, info, moveDirectory } = require("../utils")
-const { captureEvent } = require("../events")
+import { Command } from "../structures/Command"
+import { CommandWord, AnalyticsEvent, InitType } from "../constants"
+import { getSkeleton, fleshOutSkeleton } from "./skeleton"
+import * as questions from "../questions"
+import fs from "fs"
+import { PluginType, PLUGIN_TYPE_ARR } from "@budibase/types"
+import { plugins } from "@budibase/backend-core"
+import { runPkgCommand } from "../exec"
+import { join } from "path"
+import { success, error, info, moveDirectory } from "../utils"
+import { captureEvent } from "../events"
+import { GENERATED_USER_EMAIL } from "../constants"
+import { init as hostingInit } from "../hosting/init"
+import { start as hostingStart } from "../hosting/start"
 const fp = require("find-free-port")
-const { GENERATED_USER_EMAIL } = require("../constants")
-const { init: hostingInit } = require("../hosting/init")
-const { start: hostingStart } = require("../hosting/start")
+
+type PluginOpts = {
+  init?: PluginType
+}
 
 function checkInPlugin() {
   if (!fs.existsSync("package.json")) {
@@ -27,7 +31,7 @@ function checkInPlugin() {
   }
 }
 
-async function askAboutTopLevel(name) {
+async function askAboutTopLevel(name: string) {
   const files = fs.readdirSync(process.cwd())
   // we are in an empty git repo, don't ask
   if (files.find(file => file === ".git")) {
@@ -45,8 +49,8 @@ async function askAboutTopLevel(name) {
   }
 }
 
-async function init(opts) {
-  const type = opts["init"] || opts
+async function init(opts: PluginOpts) {
+  const type = opts["init"] || (opts as PluginType)
   if (!type || !PLUGIN_TYPE_ARR.includes(type)) {
     console.log(
       error(
@@ -82,7 +86,7 @@ async function init(opts) {
   } else {
     console.log(info(`Plugin created in directory "${name}"`))
   }
-  captureEvent(AnalyticsEvents.PluginInit, {
+  captureEvent(AnalyticsEvent.PluginInit, {
     type,
     name,
     description,
@@ -109,7 +113,7 @@ async function verify() {
     version = pkgJson.version
     plugins.validate(schemaJson)
     return { name, version }
-  } catch (err) {
+  } catch (err: any) {
     if (err && err.message && err.message.includes("not valid JSON")) {
       console.log(error(`schema.json is not valid JSON: ${err.message}`))
     } else {
@@ -120,7 +124,7 @@ async function verify() {
 
 async function build() {
   const verified = await verify()
-  if (!verified.name) {
+  if (!verified?.name) {
     return
   }
   console.log(success("Verified!"))
@@ -132,7 +136,7 @@ async function build() {
 
 async function watch() {
   const verified = await verify()
-  if (!verified.name) {
+  if (!verified?.name) {
     return
   }
   const output = join("dist", `${verified.name}-${verified.version}.tar.gz`)
@@ -150,7 +154,7 @@ async function dev() {
   const [port] = await fp(10000)
   const password = "admin"
   await hostingInit({
-    init: InitTypes.QUICK,
+    init: InitType.QUICK,
     single: true,
     watchPluginDir: pluginDir,
     genUser: password,
@@ -168,7 +172,7 @@ async function dev() {
   console.log(success("Password: ") + info(password))
 }
 
-const command = new Command(`${CommandWords.PLUGIN}`)
+export default new Command(`${CommandWord.PLUGIN}`)
   .addHelp(
     "Custom plugins for Budibase, init, build and verify your components and datasources with this tool."
   )
@@ -192,5 +196,3 @@ const command = new Command(`${CommandWords.PLUGIN}`)
     "Run a development environment which automatically watches the current directory.",
     dev
   )
-
-exports.command = command
diff --git a/packages/cli/src/plugins/skeleton.js b/packages/cli/src/plugins/skeleton.ts
similarity index 75%
rename from packages/cli/src/plugins/skeleton.js
rename to packages/cli/src/plugins/skeleton.ts
index 76b9aa2d8a..0146588b38 100644
--- a/packages/cli/src/plugins/skeleton.js
+++ b/packages/cli/src/plugins/skeleton.ts
@@ -1,21 +1,21 @@
-const fetch = require("node-fetch")
+import fetch from "node-fetch"
+import fs from "fs"
+import os from "os"
+import { join } from "path"
+import { processStringSync } from "@budibase/string-templates"
 const download = require("download")
-const fs = require("fs")
-const os = require("os")
-const { join } = require("path")
 const tar = require("tar")
-const { processStringSync } = require("@budibase/string-templates")
 
 const HBS_FILES = ["package.json.hbs", "schema.json.hbs", "README.md.hbs"]
 
-async function getSkeletonUrl(type) {
+async function getSkeletonUrl(type: string) {
   const resp = await fetch(
     "https://api.github.com/repos/budibase/budibase-skeleton/releases/latest"
   )
   if (resp.status >= 300) {
     throw new Error("Failed to retrieve skeleton metadata")
   }
-  const json = await resp.json()
+  const json = (await resp.json()) as { assets: any[] }
   for (let asset of json["assets"]) {
     if (asset.name && asset.name.includes(type)) {
       return asset["browser_download_url"]
@@ -24,7 +24,7 @@ async function getSkeletonUrl(type) {
   throw new Error("No skeleton found in latest release.")
 }
 
-exports.getSkeleton = async (type, name) => {
+export async function getSkeleton(type: string, name: string) {
   const url = await getSkeletonUrl(type)
   const tarballFile = join(os.tmpdir(), "skeleton.tar.gz")
 
@@ -40,7 +40,12 @@ exports.getSkeleton = async (type, name) => {
   fs.rmSync(tarballFile)
 }
 
-exports.fleshOutSkeleton = async (type, name, description, version) => {
+export async function fleshOutSkeleton(
+  type: string,
+  name: string,
+  description: string,
+  version: string
+) {
   for (let file of HBS_FILES) {
     const oldFile = join(name, file),
       newFile = join(name, file.substring(0, file.length - 4))
diff --git a/packages/cli/src/prebuilds.js b/packages/cli/src/prebuilds.ts
similarity index 87%
rename from packages/cli/src/prebuilds.js
rename to packages/cli/src/prebuilds.ts
index 0decdc6c63..bfdae90cf3 100644
--- a/packages/cli/src/prebuilds.js
+++ b/packages/cli/src/prebuilds.ts
@@ -1,7 +1,8 @@
-const os = require("os")
-const { join } = require("path")
-const fs = require("fs")
-const { error } = require("./utils")
+import os from "os"
+import { join } from "path"
+import fs from "fs"
+import { error } from "./utils"
+
 const PREBUILDS = "prebuilds"
 const ARCH = `${os.platform()}-${os.arch()}`
 const PREBUILD_DIR = join(process.execPath, "..", PREBUILDS, ARCH)
@@ -26,8 +27,8 @@ function checkForBinaries() {
   }
 }
 
-function cleanup(evt) {
-  if (!isNaN(evt)) {
+function cleanup(evt?: number) {
+  if (evt && !isNaN(evt)) {
     return
   }
   if (evt) {
diff --git a/packages/cli/src/questions.js b/packages/cli/src/questions.ts
similarity index 70%
rename from packages/cli/src/questions.js
rename to packages/cli/src/questions.ts
index ea0c412a60..4f4cf77e97 100644
--- a/packages/cli/src/questions.js
+++ b/packages/cli/src/questions.ts
@@ -1,6 +1,6 @@
 const inquirer = require("inquirer")
 
-exports.confirmation = async question => {
+export async function confirmation(question: string) {
   const config = {
     type: "confirm",
     message: question,
@@ -10,8 +10,8 @@ exports.confirmation = async question => {
   return (await inquirer.prompt(config)).confirmation
 }
 
-exports.string = async (question, defaultString = null) => {
-  const config = {
+export async function string(question: string, defaultString?: string) {
+  const config: any = {
     type: "input",
     name: "string",
     message: question,
@@ -22,12 +22,12 @@ exports.string = async (question, defaultString = null) => {
   return (await inquirer.prompt(config)).string
 }
 
-exports.number = async (question, defaultNumber) => {
-  const config = {
+export async function number(question: string, defaultNumber?: number) {
+  const config: any = {
     type: "input",
     name: "number",
     message: question,
-    validate: value => {
+    validate: (value: string) => {
       let valid = !isNaN(parseFloat(value))
       return valid || "Please enter a number"
     },
diff --git a/packages/cli/src/structures/Command.js b/packages/cli/src/structures/Command.ts
similarity index 74%
rename from packages/cli/src/structures/Command.js
rename to packages/cli/src/structures/Command.ts
index e383c14263..cf9f93758b 100644
--- a/packages/cli/src/structures/Command.js
+++ b/packages/cli/src/structures/Command.ts
@@ -1,19 +1,31 @@
-const {
+import {
   getSubHelpDescription,
   getHelpDescription,
   error,
   capitaliseFirstLetter,
-} = require("../utils")
+} from "../utils"
 
-class Command {
-  constructor(command, func = null) {
+type CommandOpt = {
+  command: string
+  help: string
+  func?: Function
+  extras: any[]
+}
+
+export class Command {
+  command: string
+  opts: CommandOpt[]
+  func?: Function
+  help?: string
+
+  constructor(command: string, func?: Function) {
     // if there are options, need to just get the command name
     this.command = command
     this.opts = []
     this.func = func
   }
 
-  convertToCommander(lookup) {
+  convertToCommander(lookup: string) {
     const parts = lookup.toLowerCase().split("-")
     // camel case, separate out first
     const first = parts.shift()
@@ -22,21 +34,26 @@ class Command {
       .join("")
   }
 
-  addHelp(help) {
+  addHelp(help: string) {
     this.help = help
     return this
   }
 
-  addSubOption(command, help, func, extras = []) {
+  addSubOption(
+    command: string,
+    help: string,
+    func?: Function,
+    extras: any[] = []
+  ) {
     this.opts.push({ command, help, func, extras })
     return this
   }
 
-  configure(program) {
+  configure(program: any) {
     const thisCmd = this
     let command = program.command(thisCmd.command)
     if (this.help) {
-      command = command.description(getHelpDescription(thisCmd.help))
+      command = command.description(getHelpDescription(thisCmd.help!))
     }
     for (let opt of thisCmd.opts) {
       command = command.option(opt.command, getSubHelpDescription(opt.help))
@@ -45,7 +62,7 @@ class Command {
       "--help",
       getSubHelpDescription(`Get help with ${this.command} options`)
     )
-    command.action(async options => {
+    command.action(async (options: Record<string, string>) => {
       try {
         let executed = false,
           found = false
@@ -53,7 +70,7 @@ class Command {
           let lookup = opt.command.split(" ")[0].replace("--", "")
           // need to handle how commander converts watch-plugin-dir to watchPluginDir
           lookup = this.convertToCommander(lookup)
-          found = !executed && options[lookup]
+          found = !executed && !!options[lookup]
           if (found && opt.func) {
             const input =
               Object.keys(options).length > 1 ? options : options[lookup]
@@ -69,11 +86,9 @@ class Command {
           console.log(error(`Unknown ${this.command} option.`))
           command.help()
         }
-      } catch (err) {
+      } catch (err: any) {
         console.log(error(err))
       }
     })
   }
 }
-
-module.exports = Command
diff --git a/packages/cli/src/structures/ConfigManager.js b/packages/cli/src/structures/ConfigManager.ts
similarity index 83%
rename from packages/cli/src/structures/ConfigManager.js
rename to packages/cli/src/structures/ConfigManager.ts
index 35799b8e92..e428395a40 100644
--- a/packages/cli/src/structures/ConfigManager.js
+++ b/packages/cli/src/structures/ConfigManager.ts
@@ -3,7 +3,9 @@ const path = require("path")
 const os = require("os")
 const { error } = require("../utils")
 
-class ConfigManager {
+export class ConfigManager {
+  path: string
+
   constructor() {
     this.path = path.join(os.homedir(), ".budibase.json")
     if (!fs.existsSync(this.path)) {
@@ -24,26 +26,24 @@ class ConfigManager {
     }
   }
 
-  set config(json) {
+  set config(json: any) {
     fs.writeFileSync(this.path, JSON.stringify(json))
   }
 
-  getValue(key) {
+  getValue(key: string) {
     return this.config[key]
   }
 
-  setValue(key, value) {
+  setValue(key: string, value: any) {
     this.config = {
       ...this.config,
       [key]: value,
     }
   }
 
-  removeKey(key) {
+  removeKey(key: string) {
     const updated = { ...this.config }
     delete updated[key]
     this.config = updated
   }
 }
-
-module.exports = ConfigManager
diff --git a/packages/cli/src/utils.js b/packages/cli/src/utils.js
deleted file mode 100644
index d041fb498a..0000000000
--- a/packages/cli/src/utils.js
+++ /dev/null
@@ -1,106 +0,0 @@
-const chalk = require("chalk")
-const fs = require("fs")
-const axios = require("axios")
-const path = require("path")
-const progress = require("cli-progress")
-const { join } = require("path")
-
-exports.downloadFile = async (url, filePath) => {
-  filePath = path.resolve(filePath)
-  const writer = fs.createWriteStream(filePath)
-
-  const response = await axios({
-    url,
-    method: "GET",
-    responseType: "stream",
-  })
-
-  response.data.pipe(writer)
-
-  return new Promise((resolve, reject) => {
-    writer.on("finish", resolve)
-    writer.on("error", reject)
-  })
-}
-
-exports.httpCall = async (url, method) => {
-  const response = await axios({
-    url,
-    method,
-  })
-  return response.data
-}
-
-exports.getHelpDescription = string => {
-  return chalk.cyan(string)
-}
-
-exports.getSubHelpDescription = string => {
-  return chalk.green(string)
-}
-
-exports.error = error => {
-  return chalk.red(`Error - ${error}`)
-}
-
-exports.success = success => {
-  return chalk.green(success)
-}
-
-exports.info = info => {
-  return chalk.cyan(info)
-}
-
-exports.logErrorToFile = (file, error) => {
-  fs.writeFileSync(path.resolve(`./${file}`), `Budibase Error\n${error}`)
-}
-
-exports.parseEnv = env => {
-  const lines = env.toString().split("\n")
-  let result = {}
-  for (const line of lines) {
-    const match = line.match(/^([^=:#]+?)[=:](.*)/)
-    if (match) {
-      result[match[1].trim()] = match[2].trim()
-    }
-  }
-  return result
-}
-
-exports.progressBar = total => {
-  const bar = new progress.SingleBar({}, progress.Presets.shades_classic)
-  bar.start(total, 0)
-  return bar
-}
-
-exports.checkSlashesInUrl = url => {
-  return url.replace(/(https?:\/\/)|(\/)+/g, "$1$2")
-}
-
-exports.moveDirectory = (oldPath, newPath) => {
-  const files = fs.readdirSync(oldPath)
-  // check any file exists already
-  for (let file of files) {
-    if (fs.existsSync(join(newPath, file))) {
-      throw new Error(
-        "Unable to remove top level directory - some skeleton files already exist."
-      )
-    }
-  }
-  for (let file of files) {
-    fs.renameSync(join(oldPath, file), join(newPath, file))
-  }
-  fs.rmdirSync(oldPath)
-}
-
-exports.capitaliseFirstLetter = str => {
-  return str.charAt(0).toUpperCase() + str.slice(1)
-}
-
-exports.stringifyToDotEnv = json => {
-  let str = ""
-  for (let [key, value] of Object.entries(json)) {
-    str += `${key}=${value}\n`
-  }
-  return str
-}
diff --git a/packages/cli/src/utils.ts b/packages/cli/src/utils.ts
new file mode 100644
index 0000000000..b9aa1ffce0
--- /dev/null
+++ b/packages/cli/src/utils.ts
@@ -0,0 +1,112 @@
+import chalk from "chalk"
+import fs from "fs"
+import path from "path"
+import { join } from "path"
+import fetch from "node-fetch"
+const progress = require("cli-progress")
+
+export function downloadFile(url: string, filePath: string) {
+  return new Promise((resolve, reject) => {
+    filePath = path.resolve(filePath)
+    fetch(url, {
+      method: "GET",
+    })
+      .then(response => {
+        const writer = fs.createWriteStream(filePath)
+        if (response.body) {
+          response.body.pipe(writer)
+          response.body.on("end", resolve)
+          response.body.on("error", reject)
+        } else {
+          throw new Error(
+            `Unable to retrieve docker-compose file - ${response.status}`
+          )
+        }
+      })
+      .catch(err => {
+        throw err
+      })
+  })
+}
+
+export async function httpCall(url: string, method: string) {
+  const response = await fetch(url, {
+    method,
+  })
+  return response.body
+}
+
+export function getHelpDescription(str: string) {
+  return chalk.cyan(str)
+}
+
+export function getSubHelpDescription(str: string) {
+  return chalk.green(str)
+}
+
+export function error(err: string | number) {
+  process.exitCode = -1
+  return chalk.red(`Error - ${err}`)
+}
+
+export function success(str: string) {
+  return chalk.green(str)
+}
+
+export function info(str: string) {
+  return chalk.cyan(str)
+}
+
+export function logErrorToFile(file: string, error: string) {
+  fs.writeFileSync(path.resolve(`./${file}`), `Budibase Error\n${error}`)
+}
+
+export function parseEnv(env: string) {
+  const lines = env.toString().split("\n")
+  let result: Record<string, string> = {}
+  for (const line of lines) {
+    const match = line.match(/^([^=:#]+?)[=:](.*)/)
+    if (match) {
+      result[match[1].trim()] = match[2].trim()
+    }
+  }
+  return result
+}
+
+export function progressBar(total: number) {
+  const bar = new progress.SingleBar({}, progress.Presets.shades_classic)
+  bar.start(total, 0)
+  return bar
+}
+
+export function checkSlashesInUrl(url: string) {
+  return url.replace(/(https?:\/\/)|(\/)+/g, "$1$2")
+}
+
+export function moveDirectory(oldPath: string, newPath: string) {
+  const files = fs.readdirSync(oldPath)
+  // check any file exists already
+  for (let file of files) {
+    if (fs.existsSync(join(newPath, file))) {
+      throw new Error(
+        "Unable to remove top level directory - some skeleton files already exist."
+      )
+    }
+  }
+  for (let file of files) {
+    fs.renameSync(join(oldPath, file), join(newPath, file))
+  }
+  fs.rmdirSync(oldPath)
+}
+
+export function capitaliseFirstLetter(str: string) {
+  return str.charAt(0).toUpperCase() + str.slice(1)
+}
+
+export function stringifyToDotEnv(json: Record<string, string | number>) {
+  let str = ""
+  for (let [key, value] of Object.entries(json)) {
+    str += `${key}=${value}\n`
+  }
+  return str
+}
diff --git a/packages/cli/start.sh b/packages/cli/start.sh
new file mode 100755
index 0000000000..9650f0bbfa
--- /dev/null
+++ b/packages/cli/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+dir="$(dirname -- "$(readlink -f "${BASH_SOURCE}")")"
+${dir}/node_modules/ts-node/dist/bin.js ${dir}/src/index.ts $@
diff --git a/packages/cli/tsconfig.build.json b/packages/cli/tsconfig.build.json
new file mode 100644
index 0000000000..8b2d44aec8
--- /dev/null
+++ b/packages/cli/tsconfig.build.json
@@ -0,0 +1,24 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "module": "commonjs",
+    "lib": ["es2020"],
+    "strict": true,
+    "noImplicitAny": true,
+    "esModuleInterop": true,
+    "resolveJsonModule": true,
+    "incremental": true,
+    "types": [ "node", "jest" ],
+    "outDir": "dist",
+    "skipLibCheck": true
+  },
+  "include": [
+    "src/**/*"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist",
+    "**/*.spec.ts",
+    "**/*.spec.js"
+  ]
+}
diff --git a/packages/cli/tsconfig.json b/packages/cli/tsconfig.json
new file mode 100644
index 0000000000..b60cb7eed3
--- /dev/null
+++ b/packages/cli/tsconfig.json
@@ -0,0 +1,30 @@
+{
+  "extends": "./tsconfig.build.json",
+  "compilerOptions": {
+    "composite": true,
+    "declaration": true,
+    "sourceMap": true,
+    "baseUrl": ".",
+    "paths": {
+      "@budibase/types": ["../types/src"],
+      "@budibase/backend-core": ["../backend-core/src"],
+      "@budibase/backend-core/*": ["../backend-core/*"],
+    }
+  },
+  "ts-node": {
+    "require": ["tsconfig-paths/register"],
+    "swc": true
+  },
+  "references": [
+    { "path": "../types" },
+    { "path": "../backend-core" },
+  ],
+  "include": [
+    "src/**/*",
+    "package.json"
+  ],
+  "exclude": [
+    "node_modules",
+    "dist"
+  ]
+}
\ No newline at end of file
diff --git a/packages/cli/yarn.lock b/packages/cli/yarn.lock
index 638c8e6aa3..89e1f7c5cb 100644
--- a/packages/cli/yarn.lock
+++ b/packages/cli/yarn.lock
@@ -9,6 +9,13 @@
   dependencies:
     "@babel/highlight" "^7.10.4"
 
+"@babel/code-frame@^7.12.13":
+  version "7.18.6"
+  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.18.6.tgz#3b25d38c89600baa2dcc219edfa88a74eb2c427a"
+  integrity sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==
+  dependencies:
+    "@babel/highlight" "^7.18.6"
+
 "@babel/generator@7.18.2":
   version "7.18.2"
   resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.2.tgz#33873d6f89b21efe2da63fe554460f3df1c5880d"
@@ -33,7 +40,7 @@
   resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.19.1.tgz#7eea834cf32901ffdc1a7ee555e2f9c27e249ca2"
   integrity sha512-awrNfaMtnHUr653GgGEs++LlAvW6w+DcPrOliSMXWCKo597CwL5Acf/wWdNkf/tfEQE3mjkeD1YOVZOUV/od1w==
 
-"@babel/highlight@^7.10.4":
+"@babel/highlight@^7.10.4", "@babel/highlight@^7.18.6":
   version "7.18.6"
   resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.18.6.tgz#81158601e93e2563795adcbfbdf5d64be3f2ecdf"
   integrity sha512-u7stbOuYjaPezCuLj29hNW1v64M2Md2qupEKP1fHc7WdOA3DgLh37suiSrZYY7haUB7iBeQZ9P1uiRF359do3g==
@@ -71,6 +78,13 @@
     "@babel/helper-validator-identifier" "^7.19.1"
     to-fast-properties "^2.0.0"
 
+"@cspotcode/source-map-support@^0.8.0":
+  version "0.8.1"
+  resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1"
+  integrity sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==
+  dependencies:
+    "@jridgewell/trace-mapping" "0.3.9"
+
 "@eslint/eslintrc@^0.4.3":
   version "0.4.3"
   resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-0.4.3.tgz#9e42981ef035beb3dd49add17acb96e8ff6f394c"
@@ -112,6 +126,50 @@
   resolved "https://registry.yarnpkg.com/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz#b520529ec21d8e5945a1851dfd1c32e94e39ff45"
   integrity sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==
 
+"@jest/create-cache-key-function@^27.4.2":
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/@jest/create-cache-key-function/-/create-cache-key-function-27.5.1.tgz#7448fae15602ea95c828f5eceed35c202a820b31"
+  integrity sha512-dmH1yW+makpTSURTy8VzdUwFnfQh1G8R+DxO2Ho2FFmBbKFEVm+3jWdvFhE2VqB/LATCTokkP0dotjyQyw5/AQ==
+  dependencies:
+    "@jest/types" "^27.5.1"
+
+"@jest/expect-utils@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/expect-utils/-/expect-utils-29.4.3.tgz#95ce4df62952f071bcd618225ac7c47eaa81431e"
+  integrity sha512-/6JWbkxHOP8EoS8jeeTd9dTfc9Uawi+43oLKHfp6zzux3U2hqOOVnV3ai4RpDYHOccL6g+5nrxpoc8DmJxtXVQ==
+  dependencies:
+    jest-get-type "^29.4.3"
+
+"@jest/schemas@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/schemas/-/schemas-29.4.3.tgz#39cf1b8469afc40b6f5a2baaa146e332c4151788"
+  integrity sha512-VLYKXQmtmuEz6IxJsrZwzG9NvtkQsWNnWMsKxqWNu3+CnfzJQhp0WDDKWLVV9hLKr0l3SLLFRqcYHjhtyuDVxg==
+  dependencies:
+    "@sinclair/typebox" "^0.25.16"
+
+"@jest/types@^27.5.1":
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/@jest/types/-/types-27.5.1.tgz#3c79ec4a8ba61c170bf937bcf9e98a9df175ec80"
+  integrity sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==
+  dependencies:
+    "@types/istanbul-lib-coverage" "^2.0.0"
+    "@types/istanbul-reports" "^3.0.0"
+    "@types/node" "*"
+    "@types/yargs" "^16.0.0"
+    chalk "^4.0.0"
+
+"@jest/types@^29.4.3":
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/@jest/types/-/types-29.4.3.tgz#9069145f4ef09adf10cec1b2901b2d390031431f"
+  integrity sha512-bPYfw8V65v17m2Od1cv44FH+SiKW7w2Xu7trhcdTLUmSv85rfKsP+qXSjO4KGJr4dtPSzl/gvslZBXctf1qGEA==
+  dependencies:
+    "@jest/schemas" "^29.4.3"
+    "@types/istanbul-lib-coverage" "^2.0.0"
+    "@types/istanbul-reports" "^3.0.0"
+    "@types/node" "*"
+    "@types/yargs" "^17.0.8"
+    chalk "^4.0.0"
+
 "@jridgewell/gen-mapping@^0.3.0":
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz#c1aedc61e853f2bb9f5dfe6d4442d3b565b253b9"
@@ -121,7 +179,7 @@
     "@jridgewell/sourcemap-codec" "^1.4.10"
     "@jridgewell/trace-mapping" "^0.3.9"
 
-"@jridgewell/resolve-uri@3.1.0":
+"@jridgewell/resolve-uri@3.1.0", "@jridgewell/resolve-uri@^3.0.3":
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz#2203b118c157721addfe69d47b70465463066d78"
   integrity sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==
@@ -136,6 +194,14 @@
   resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz#add4c98d341472a289190b424efbdb096991bb24"
   integrity sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==
 
+"@jridgewell/trace-mapping@0.3.9":
+  version "0.3.9"
+  resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz#6534fd5933a53ba7cbf3a17615e273a0d1273ff9"
+  integrity sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==
+  dependencies:
+    "@jridgewell/resolve-uri" "^3.0.3"
+    "@jridgewell/sourcemap-codec" "^1.4.10"
+
 "@jridgewell/trace-mapping@^0.3.9":
   version "0.3.17"
   resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.17.tgz#793041277af9073b0951a7fe0f0d8c4c98c36985"
@@ -182,11 +248,332 @@
   resolved "https://registry.yarnpkg.com/@sideway/pinpoint/-/pinpoint-2.0.0.tgz#cff8ffadc372ad29fd3f78277aeb29e632cc70df"
   integrity sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==
 
+"@sinclair/typebox@^0.25.16":
+  version "0.25.24"
+  resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.25.24.tgz#8c7688559979f7079aacaf31aa881c3aa410b718"
+  integrity sha512-XJfwUVUKDHF5ugKwIcxEgc9k8b7HbznCp6eUfWgu710hMPNIO4aw4/zB5RogDQz8nd6gyCDpU9O/m6qYEWY6yQ==
+
 "@sindresorhus/is@^0.7.0":
   version "0.7.0"
   resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.7.0.tgz#9a06f4f137ee84d7df0460c1fdb1135ffa6c50fd"
   integrity sha512-ONhaKPIufzzrlNbqtWFFd+jlnemX6lJAgq9ZeiZtS7I1PIf/la7CW4m83rTXRnVnsMbW2k56pGYu7AUFJD9Pow==
 
+"@swc/core-darwin-arm64@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-arm64/-/core-darwin-arm64-1.3.37.tgz#a92e075ae35f18a64aaf3823ea175f03564f8da1"
+  integrity sha512-iIyVqqioUpVeT/hbBVfkrsjfCyL4idNH+LVKGmoTAWaTTSB0+UNhNuA7Wh2CqIHWh1Mv7IlumitWPcqsVDdoEw==
+
+"@swc/core-darwin-x64@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-darwin-x64/-/core-darwin-x64-1.3.37.tgz#a3cc06c87140a2ca0b8e7ef1f3d5cc34dd080429"
+  integrity sha512-dao5nXPWKxtaxqak4ZkRyBoApNIelW/glantQhPhj0FjMjuIQc+v03ldJ8XDByWOG+6xuVUTheANCtEccxoQBw==
+
+"@swc/core-linux-arm-gnueabihf@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm-gnueabihf/-/core-linux-arm-gnueabihf-1.3.37.tgz#f7d8f8523830c6be653f608839d4bd5598457f1f"
+  integrity sha512-/mVrc8H/f062CUkqKGmBiil2VIYu4mKawHxERfeP1y38X5K/OwjG5s9MgO9TVxy+Ly6vejwj70kRhSa3hVp1Bw==
+
+"@swc/core-linux-arm64-gnu@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-gnu/-/core-linux-arm64-gnu-1.3.37.tgz#b162febd9de14fb08000c722b063be2bb5aefa6b"
+  integrity sha512-eRQ3KaZI0j5LidTfOIi/kUVOOMuVmw1HCdt/Z1TAUKoHMLVxY8xcJ3pEE3/+ednI60EmHpwpJRs6LelXyL6uzQ==
+
+"@swc/core-linux-arm64-musl@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-arm64-musl/-/core-linux-arm64-musl-1.3.37.tgz#3b1a628e880fbb1a5e2a7a46d42e8aa878c6bfdd"
+  integrity sha512-w2BRLODyxNQY2rfHZMZ5ir6QrrnGBPlnIslTrgKmVbn1OjZoxUCtuqhrYnCmybaAc4DOkeH02TqynEFXrm+EMw==
+
+"@swc/core-linux-x64-gnu@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-gnu/-/core-linux-x64-gnu-1.3.37.tgz#ed443ad77dc90e415267d02a38e4113047b2d3d8"
+  integrity sha512-CfoH8EsZJZ9kunjMUjBNYD5fFuO86zw+K/o4wEw72Yg6ZEiqPmeIlCKU8tpTv4sK+CbhUXrmVzMB5tqsb2jALQ==
+
+"@swc/core-linux-x64-musl@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-linux-x64-musl/-/core-linux-x64-musl-1.3.37.tgz#de607a4985458bd6e8b0e40f0d62d0e26bd8df1e"
+  integrity sha512-9YPrHYNdoG7PK11gV51GfL45biI2dic+YTqHUDKyykemsD7Ot1zUFX7Ty//pdvpKcKSff6SrHbfFACD5ziNirA==
+
+"@swc/core-win32-arm64-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-arm64-msvc/-/core-win32-arm64-msvc-1.3.37.tgz#d5851a47d7df183929b9746d56f76c282f940e6a"
+  integrity sha512-h17Ek8/wCDje6BrXOvCXBM80oBRmTSMMdLyt87whTl5xqYlWYYs9oQIzZndNRTlNpTgjGO8Ns2eo4kwVxIkBIA==
+
+"@swc/core-win32-ia32-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-ia32-msvc/-/core-win32-ia32-msvc-1.3.37.tgz#06ad7016f61b56aec4abf60eab3a91b786f9e294"
+  integrity sha512-1BR175E1olGy/zdt94cgdb6ps/lBNissAOaxyBk8taFpcjy3zpdP30yAoH0GIsC6isnZ5JfArbOJNRXXO5tE0Q==
+
+"@swc/core-win32-x64-msvc@1.3.37":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core-win32-x64-msvc/-/core-win32-x64-msvc-1.3.37.tgz#60139a7089003a7447a4efef9704ae8fde21995e"
+  integrity sha512-1siDQ7dccQ1pesJmgAL3BUBbRPtfbNInOWnZOkiie/DfFqGQ117QKnCVyjUvwFKfTQx1+3UUTDmMSlRd00SlXg==
+
+"@swc/core@^1.3.25":
+  version "1.3.37"
+  resolved "https://registry.yarnpkg.com/@swc/core/-/core-1.3.37.tgz#644653fa7deb20c7c342e7fd019c7abc44ecf1bf"
+  integrity sha512-VOFlEQ1pReOM73N9A7R8rt561GU8Rxsq833jiimWDUB2sXEN3V6n6wFTgYmZuMz2T4/R0cQA1nV48KkaT4gkFw==
+  optionalDependencies:
+    "@swc/core-darwin-arm64" "1.3.37"
+    "@swc/core-darwin-x64" "1.3.37"
+    "@swc/core-linux-arm-gnueabihf" "1.3.37"
+    "@swc/core-linux-arm64-gnu" "1.3.37"
+    "@swc/core-linux-arm64-musl" "1.3.37"
+    "@swc/core-linux-x64-gnu" "1.3.37"
+    "@swc/core-linux-x64-musl" "1.3.37"
+    "@swc/core-win32-arm64-msvc" "1.3.37"
+    "@swc/core-win32-ia32-msvc" "1.3.37"
+    "@swc/core-win32-x64-msvc" "1.3.37"
+
+"@swc/jest@^0.2.24":
+  version "0.2.24"
+  resolved "https://registry.yarnpkg.com/@swc/jest/-/jest-0.2.24.tgz#35d9377ede049613cd5fdd6c24af2b8dcf622875"
+  integrity sha512-fwgxQbM1wXzyKzl1+IW0aGrRvAA8k0Y3NxFhKigbPjOJ4mCKnWEcNX9HQS3gshflcxq8YKhadabGUVfdwjCr6Q==
+  dependencies:
+    "@jest/create-cache-key-function" "^27.4.2"
+    jsonc-parser "^3.2.0"
+
+"@tsconfig/node10@^1.0.7":
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2"
+  integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA==
+
+"@tsconfig/node12@^1.0.7":
+  version "1.0.11"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.11.tgz#ee3def1f27d9ed66dac6e46a295cffb0152e058d"
+  integrity sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==
+
+"@tsconfig/node14@^1.0.0":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node14/-/node14-1.0.3.tgz#e4386316284f00b98435bf40f72f75a09dabf6c1"
+  integrity sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==
+
+"@tsconfig/node16@^1.0.2":
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.3.tgz#472eaab5f15c1ffdd7f8628bd4c4f753995ec79e"
+  integrity sha512-yOlFc+7UtL/89t2ZhjPvvB/DeAr3r+Dq58IgzsFkOAvVC6NMJXmCGjbptdXdR9qsX7pKcTL+s87FtYREi2dEEQ==
+
+"@types/debug@*":
+  version "4.1.7"
+  resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.7.tgz#7cc0ea761509124709b8b2d1090d8f6c17aadb82"
+  integrity sha512-9AonUzyTjXXhEOa0DnqpzZi6VHlqKMswga9EXjpXnnqxwLtdvPPtlO8evrI5D9S6asFRCQ6v+wpiUKbw+vKqyg==
+  dependencies:
+    "@types/ms" "*"
+
+"@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0":
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz#8467d4b3c087805d63580480890791277ce35c44"
+  integrity sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==
+
+"@types/istanbul-lib-report@*":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz#c14c24f18ea8190c118ee7562b7ff99a36552686"
+  integrity sha512-plGgXAPfVKFoYfa9NpYDAkseG+g6Jr294RqeqcqDixSbU34MZVJRi/P+7Y8GDpzkEwLaGZZOpKIEmeVZNtKsrg==
+  dependencies:
+    "@types/istanbul-lib-coverage" "*"
+
+"@types/istanbul-reports@^3.0.0":
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.1.tgz#9153fe98bba2bd565a63add9436d6f0d7f8468ff"
+  integrity sha512-c3mAZEuK0lvBp8tmuL74XRKn1+y2dcwOUpH7x4WrF6gk1GIgiluDRgMYQtw2OFcBvAJWlt6ASU3tSqxp0Uu0Aw==
+  dependencies:
+    "@types/istanbul-lib-report" "*"
+
+"@types/jest@^29.4.0":
+  version "29.4.0"
+  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-29.4.0.tgz#a8444ad1704493e84dbf07bb05990b275b3b9206"
+  integrity sha512-VaywcGQ9tPorCX/Jkkni7RWGFfI11whqzs8dvxF41P17Z+z872thvEvlIbznjPJ02kl1HMX3LmLOonsj2n7HeQ==
+  dependencies:
+    expect "^29.0.0"
+    pretty-format "^29.0.0"
+
+"@types/ms@*":
+  version "0.7.31"
+  resolved "https://registry.yarnpkg.com/@types/ms/-/ms-0.7.31.tgz#31b7ca6407128a3d2bbc27fe2d21b345397f6197"
+  integrity sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA==
+
+"@types/node-fetch@2.6.1":
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/@types/node-fetch/-/node-fetch-2.6.1.tgz#8f127c50481db65886800ef496f20bbf15518975"
+  integrity sha512-oMqjURCaxoSIsHSr1E47QHzbmzNR5rK8McHuNb11BOM9cHcIK3Avy0s/b2JlXHoQGTYS3NsvWzV1M0iK7l0wbA==
+  dependencies:
+    "@types/node" "*"
+    form-data "^3.0.0"
+
+"@types/node@*":
+  version "18.14.4"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-18.14.4.tgz#0e64ec0b35a772e1e3d849f9a0ff61782d0cb647"
+  integrity sha512-VhCw7I7qO2X49+jaKcAUwi3rR+hbxT5VcYF493+Z5kMLI0DL568b7JI4IDJaxWFH0D/xwmGJNoXisyX+w7GH/g==
+
+"@types/pouchdb-adapter-cordova-sqlite@*":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-cordova-sqlite/-/pouchdb-adapter-cordova-sqlite-1.0.1.tgz#49e5ee6df7cc0c23196fcb340f43a560e74eb1d6"
+  integrity sha512-nqlXpW1ho3KBg1mUQvZgH2755y3z/rw4UA7ZJCPMRTHofxGMY8izRVw5rHBL4/7P615or0J2udpRYxgkT3D02g==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-fruitdown@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-fruitdown/-/pouchdb-adapter-fruitdown-6.1.3.tgz#9b140ad9645cc56068728acf08ec19ac0046658e"
+  integrity sha512-Wz1Z1JLOW1hgmFQjqnSkmyyfH7by/iWb4abKn684WMvQfmxx6BxKJpJ4+eulkVPQzzgMMSgU1MpnQOm9FgRkbw==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-http@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-http/-/pouchdb-adapter-http-6.1.3.tgz#6e592d5f48deb6274a21ddac1498dd308096bcf3"
+  integrity sha512-9Z4TLbF/KJWy/D2sWRPBA+RNU0odQimfdvlDX+EY7rGcd3aVoH8qjD/X0Xcd/0dfBH5pKrNIMFFQgW/TylRCmA==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-idb@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-idb/-/pouchdb-adapter-idb-6.1.4.tgz#cb9a18864585d600820cd325f007614c5c3989cd"
+  integrity sha512-KIAXbkF4uYUz0ZwfNEFLtEkK44mEWopAsD76UhucH92XnJloBysav+TjI4FFfYQyTjoW3S1s6V+Z14CUJZ0F6w==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-leveldb@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-leveldb/-/pouchdb-adapter-leveldb-6.1.3.tgz#17c7e75d75b992050bca15991e97fba575c61bb3"
+  integrity sha512-ex8NFqQGFwEpFi7AaZ5YofmuemfZNsL3nTFZBUCAKYMBkazQij1pe2ILLStSvJr0XS0qxgXjCEW19T5Wqiiskg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-localstorage@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-localstorage/-/pouchdb-adapter-localstorage-6.1.3.tgz#0dde02ba6b9d6073a295a20196563942ba9a54bd"
+  integrity sha512-oor040tye1KKiGLWYtIy7rRT7C2yoyX3Tf6elEJRpjOA7Ja/H8lKc4LaSh9ATbptIcES6MRqZDxtp7ly9hsW3Q==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-memory@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-memory/-/pouchdb-adapter-memory-6.1.3.tgz#9eabdbc890fcf58960ee8b68b8685f837e75c844"
+  integrity sha512-gVbsIMzDzgZYThFVT4eVNsmuZwVm/4jDxP1sjlgc3qtDIxbtBhGgyNfcskwwz9Zu5Lv1avkDsIWvcxQhnvRlHg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-node-websql@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-node-websql/-/pouchdb-adapter-node-websql-6.1.3.tgz#aa18bc68af8cf509acd12c400010dcd5fab2243d"
+  integrity sha512-F/P+os6Jsa7CgHtH64+Z0HfwIcj0hIRB5z8gNhF7L7dxPWoAfkopK5H2gydrP3sQrlGyN4WInF+UJW/Zu1+FKg==
+  dependencies:
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-adapter-websql@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-adapter-websql/-/pouchdb-adapter-websql-6.1.4.tgz#359fbe42ccac0ac90b492ddb8c32fafd0aa96d79"
+  integrity sha512-zMJQCtXC40hBsIDRn0GhmpeGMK0f9l/OGWfLguvczROzxxcOD7REI+e6SEmX7gJKw5JuMvlfuHzkQwjmvSJbtg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-browser@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-browser/-/pouchdb-browser-6.1.3.tgz#8f33d6ef58d6817d1f6d36979148a1c7f63244d8"
+  integrity sha512-EdYowrWxW9SWBMX/rux2eq7dbHi5Zeyzz+FF/IAsgQKnUxgeCO5VO2j4zTzos0SDyJvAQU+EYRc11r7xGn5tvA==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-idb" "*"
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/pouchdb-core@*":
+  version "7.0.10"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-core/-/pouchdb-core-7.0.10.tgz#d1ea1549e7fad6cb579f71459b1bc27252e06a5a"
+  integrity sha512-mKhjLlWWXyV3PTTjDhzDV1kc2dolO7VYFa75IoKM/hr8Er9eo8RIbS7mJLfC8r/C3p6ihZu9yZs1PWC1LQ0SOA==
+  dependencies:
+    "@types/debug" "*"
+    "@types/pouchdb-find" "*"
+
+"@types/pouchdb-find@*":
+  version "7.3.0"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-find/-/pouchdb-find-7.3.0.tgz#b917030e9f4bf6e56bf8c3b9fe4b2a25e989009a"
+  integrity sha512-sFPli5tBjGX9UfXioik1jUzPdcN84eV82n0lmEFuoPepWqkLjQcyri0eOa++HYOaNPyMDhKFBqEALEZivK2dRg==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-http@*":
+  version "6.1.3"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-http/-/pouchdb-http-6.1.3.tgz#09576c0d409da1f8dee34ec5b768415e2472ea52"
+  integrity sha512-0e9E5SqNOyPl/3FnEIbENssB4FlJsNYuOy131nxrZk36S+y1R/6qO7ZVRypWpGTqBWSuVd7gCsq2UDwO/285+w==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-mapreduce@*":
+  version "6.1.7"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-mapreduce/-/pouchdb-mapreduce-6.1.7.tgz#9ab32d1e0f234f1bf6d1e4c5d7e216e9e23ac0a3"
+  integrity sha512-WzBwm7tmO9QhfRzVaWT4v6JQSS/fG2OoUDrWrhX87rPe2Pn6laPvdK5li6myNRxCoI/l5e8Jd+oYBAFnaiFucA==
+  dependencies:
+    "@types/pouchdb-core" "*"
+
+"@types/pouchdb-node@*":
+  version "6.1.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-node/-/pouchdb-node-6.1.4.tgz#5214c0169fcfd2237d373380bbd65a934feb5dfb"
+  integrity sha512-wnTCH8X1JOPpNOfVhz8HW0AvmdHh6pt40MuRj0jQnK7QEHsHS79WujsKTKSOF8QXtPwpvCNSsI7ut7H7tfxxJQ==
+  dependencies:
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-leveldb" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/pouchdb-replication@*":
+  version "6.4.4"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb-replication/-/pouchdb-replication-6.4.4.tgz#743406c90f13a988fa3e346ea74ce40acd170d00"
+  integrity sha512-BsE5LKpjJK4iAf6Fx5kyrMw+33V+Ip7uWldUnU2BYrrvtR+MLD22dcImm7DZN1st2wPPb91i0XEnQzvP0w1C/Q==
+  dependencies:
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-find" "*"
+
+"@types/pouchdb@^6.4.0":
+  version "6.4.0"
+  resolved "https://registry.yarnpkg.com/@types/pouchdb/-/pouchdb-6.4.0.tgz#f9c41ca64b23029f9bf2eb4bf6956e6431cb79f8"
+  integrity sha512-eGCpX+NXhd5VLJuJMzwe3L79fa9+IDTrAG3CPaf4s/31PD56hOrhDJTSmRELSXuiqXr6+OHzzP0PldSaWsFt7w==
+  dependencies:
+    "@types/pouchdb-adapter-cordova-sqlite" "*"
+    "@types/pouchdb-adapter-fruitdown" "*"
+    "@types/pouchdb-adapter-http" "*"
+    "@types/pouchdb-adapter-idb" "*"
+    "@types/pouchdb-adapter-leveldb" "*"
+    "@types/pouchdb-adapter-localstorage" "*"
+    "@types/pouchdb-adapter-memory" "*"
+    "@types/pouchdb-adapter-node-websql" "*"
+    "@types/pouchdb-adapter-websql" "*"
+    "@types/pouchdb-browser" "*"
+    "@types/pouchdb-core" "*"
+    "@types/pouchdb-http" "*"
+    "@types/pouchdb-mapreduce" "*"
+    "@types/pouchdb-node" "*"
+    "@types/pouchdb-replication" "*"
+
+"@types/stack-utils@^2.0.0":
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c"
+  integrity sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==
+
+"@types/yargs-parser@*":
+  version "21.0.0"
+  resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.0.tgz#0c60e537fa790f5f9472ed2776c2b71ec117351b"
+  integrity sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==
+
+"@types/yargs@^16.0.0":
+  version "16.0.5"
+  resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-16.0.5.tgz#12cc86393985735a283e387936398c2f9e5f88e3"
+  integrity sha512-AxO/ADJOBFJScHbWhq2xAhlWP24rY4aCEG/NFaMvbT3X2MgRsLjhjQwsn0Zi5zn0LG9jUhCCZMeX9Dkuw6k+vQ==
+  dependencies:
+    "@types/yargs-parser" "*"
+
+"@types/yargs@^17.0.8":
+  version "17.0.22"
+  resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-17.0.22.tgz#7dd37697691b5f17d020f3c63e7a45971ff71e9a"
+  integrity sha512-pet5WJ9U8yPVRhkwuEIp5ktAeAqRZOq4UdAyWLWzxbtpyXnzbtLdKiXAjJzi/KLmPGS9wk86lUFWZFN6sISo4g==
+  dependencies:
+    "@types/yargs-parser" "*"
+
 abort-controller@3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392"
@@ -221,11 +608,21 @@ acorn-jsx@^5.3.1:
   resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937"
   integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==
 
+acorn-walk@^8.1.1:
+  version "8.2.0"
+  resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1"
+  integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==
+
 acorn@^7.4.0:
   version "7.4.1"
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-7.4.1.tgz#feaed255973d2e77555b83dbc08851a6c63520fa"
   integrity sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==
 
+acorn@^8.4.1:
+  version "8.8.2"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
+  integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
+
 agent-base@6:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77"
@@ -289,6 +686,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0:
   dependencies:
     color-convert "^2.0.1"
 
+ansi-styles@^5.0.0:
+  version "5.2.0"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-5.2.0.tgz#07449690ad45777d1924ac2abb2fc8895dba836b"
+  integrity sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==
+
 aproba@^1.0.3:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/aproba/-/aproba-1.2.0.tgz#6802e6264efd18c790a1b0d517f0f2627bf2c94a"
@@ -309,6 +711,11 @@ are-we-there-yet@~1.1.2:
     delegates "^1.0.0"
     readable-stream "^2.0.6"
 
+arg@^4.1.0:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
+  integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
+
 argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
@@ -351,6 +758,11 @@ astral-regex@^2.0.0:
   resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31"
   integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==
 
+asynckit@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+  integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
+
 at-least-node@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2"
@@ -519,6 +931,11 @@ chownr@^2.0.0:
   resolved "https://registry.yarnpkg.com/chownr/-/chownr-2.0.0.tgz#15bfbe53d2eab4cf70f18a8cd68ebe5b3cb1dece"
   integrity sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==
 
+ci-info@^3.2.0:
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.8.0.tgz#81408265a5380c929f0bc665d62256628ce9ef91"
+  integrity sha512-eXTggHWSooYhq49F2opQhuHWgzucfF2YgODK4e1566GQs5BIfP30B0oenwBJHfWxAs2fyPB1s7Mg949zLf61Yw==
+
 cli-cursor@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/cli-cursor/-/cli-cursor-3.1.0.tgz#264305a7ae490d1d03bf0c9ba7c925d1753af307"
@@ -588,6 +1005,13 @@ color-name@~1.1.4:
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
   integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
 
+combined-stream@^1.0.8:
+  version "1.0.8"
+  resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f"
+  integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
+  dependencies:
+    delayed-stream "~1.0.0"
+
 command-line-args@^5.2.0:
   version "5.2.1"
   resolved "https://registry.yarnpkg.com/command-line-args/-/command-line-args-5.2.1.tgz#c44c32e437a57d7c51157696893c5909e9cec42e"
@@ -658,6 +1082,11 @@ core-util-is@~1.0.0:
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85"
   integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
 
+create-require@^1.1.0:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333"
+  integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==
+
 cross-spawn@^7.0.2:
   version "7.0.3"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
@@ -774,6 +1203,11 @@ deferred-leveldown@~5.3.0:
     abstract-leveldown "~6.2.1"
     inherits "^2.0.3"
 
+delayed-stream@~1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619"
+  integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
+
 delegates@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
@@ -784,6 +1218,16 @@ detect-libc@^1.0.3:
   resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-1.0.3.tgz#fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b"
   integrity sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==
 
+diff-sequences@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-29.4.3.tgz#9314bc1fabe09267ffeca9cbafc457d8499a13f2"
+  integrity sha512-ofrBgwpPhCD85kMKtE9RYFFq6OC1A89oW2vvgWZNCwxrUpRUILopY7lsYyMDSjc8g6U6aiO0Qubg6r4Wgt5ZnA==
+
+diff@^4.0.1:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d"
+  integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==
+
 dir-glob@^3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f"
@@ -888,6 +1332,11 @@ escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
   integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==
 
+escape-string-regexp@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344"
+  integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==
+
 escape-string-regexp@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34"
@@ -1017,6 +1466,17 @@ expand-template@^2.0.3:
   resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
   integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==
 
+expect@^29.0.0:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/expect/-/expect-29.4.3.tgz#5e47757316df744fe3b8926c3ae8a3ebdafff7fe"
+  integrity sha512-uC05+Q7eXECFpgDrHdXA4k2rpMyStAYPItEDLyQDo5Ta7fVkJnNA/4zh/OIVkVVNZ1oOK1PipQoyNjuZ6sz6Dg==
+  dependencies:
+    "@jest/expect-utils" "^29.4.3"
+    jest-get-type "^29.4.3"
+    jest-matcher-utils "^29.4.3"
+    jest-message-util "^29.4.3"
+    jest-util "^29.4.3"
+
 ext-list@^2.0.0:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/ext-list/-/ext-list-2.2.2.tgz#0b98e64ed82f5acf0f2931babf69212ef52ddd37"
@@ -1191,6 +1651,15 @@ follow-redirects@^1.14.0:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5"
   integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==
 
+form-data@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-3.0.1.tgz#ebd53791b78356a99af9a300d4282c4d5eb9755f"
+  integrity sha512-RHkBKtLWUVwd7SqRIvCZMEvAMoGUp0XU+seQiZejj0COz3RI3hWP4sCv3gZWWLjJTd7rGwcsF5eKZGii0r/hbg==
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.8"
+    mime-types "^2.1.12"
+
 from2@^2.1.1, from2@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/from2/-/from2-2.3.0.tgz#8bfb5502bde4a4d36cfdeea007fcca21d7e382af"
@@ -1348,7 +1817,7 @@ got@^8.3.1:
     url-parse-lax "^3.0.0"
     url-to-options "^1.0.1"
 
-graceful-fs@^4.1.10, graceful-fs@^4.1.6, graceful-fs@^4.2.0:
+graceful-fs@^4.1.10, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.9:
   version "4.2.10"
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
@@ -1604,6 +2073,58 @@ isurl@^1.0.0-alpha5:
     has-to-string-tag-x "^1.2.0"
     is-object "^1.0.1"
 
+jest-diff@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-29.4.3.tgz#42f4eb34d0bf8c0fb08b0501069b87e8e84df347"
+  integrity sha512-YB+ocenx7FZ3T5O9lMVMeLYV4265socJKtkwgk/6YUz/VsEzYDkiMuMhWzZmxm3wDRQvayJu/PjkjjSkjoHsCA==
+  dependencies:
+    chalk "^4.0.0"
+    diff-sequences "^29.4.3"
+    jest-get-type "^29.4.3"
+    pretty-format "^29.4.3"
+
+jest-get-type@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-get-type/-/jest-get-type-29.4.3.tgz#1ab7a5207c995161100b5187159ca82dd48b3dd5"
+  integrity sha512-J5Xez4nRRMjk8emnTpWrlkyb9pfRQQanDrvWHhsR1+VUfbwxi30eVcZFlcdGInRibU4G5LwHXpI7IRHU0CY+gg==
+
+jest-matcher-utils@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-29.4.3.tgz#ea68ebc0568aebea4c4213b99f169ff786df96a0"
+  integrity sha512-TTciiXEONycZ03h6R6pYiZlSkvYgT0l8aa49z/DLSGYjex4orMUcafuLXYyyEDWB1RKglq00jzwY00Ei7yFNVg==
+  dependencies:
+    chalk "^4.0.0"
+    jest-diff "^29.4.3"
+    jest-get-type "^29.4.3"
+    pretty-format "^29.4.3"
+
+jest-message-util@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-message-util/-/jest-message-util-29.4.3.tgz#65b5280c0fdc9419503b49d4f48d4999d481cb5b"
+  integrity sha512-1Y8Zd4ZCN7o/QnWdMmT76If8LuDv23Z1DRovBj/vcSFNlGCJGoO8D1nJDw1AdyAGUk0myDLFGN5RbNeJyCRGCw==
+  dependencies:
+    "@babel/code-frame" "^7.12.13"
+    "@jest/types" "^29.4.3"
+    "@types/stack-utils" "^2.0.0"
+    chalk "^4.0.0"
+    graceful-fs "^4.2.9"
+    micromatch "^4.0.4"
+    pretty-format "^29.4.3"
+    slash "^3.0.0"
+    stack-utils "^2.0.3"
+
+jest-util@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.4.3.tgz#851a148e23fc2b633c55f6dad2e45d7f4579f496"
+  integrity sha512-ToSGORAz4SSSoqxDSylWX8JzkOQR7zoBtNRsA7e+1WUX5F8jrOwaNpuh1YfJHJKDHXLHmObv5eOjejUd+/Ws+Q==
+  dependencies:
+    "@jest/types" "^29.4.3"
+    "@types/node" "*"
+    chalk "^4.0.0"
+    ci-info "^3.2.0"
+    graceful-fs "^4.2.9"
+    picomatch "^2.2.3"
+
 joi@17.6.0:
   version "17.6.0"
   resolved "https://registry.yarnpkg.com/joi/-/joi-17.6.0.tgz#0bb54f2f006c09a96e75ce687957bd04290054b2"
@@ -1663,6 +2184,11 @@ json-stringify-safe@^5.0.1:
   resolved "https://registry.yarnpkg.com/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz#1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
   integrity sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==
 
+jsonc-parser@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.2.0.tgz#31ff3f4c2b9793f89c67212627c51c6394f88e76"
+  integrity sha512-gfFQZrcTc8CnKXp6Y4/CBT3fTc0OVuDofpre4aEeEpSBPV5X5v4+Vmx+8snU7RLPrNHPKSgLxGo9YuQzz20o+w==
+
 jsonfile@^6.0.1:
   version "6.1.0"
   resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae"
@@ -1857,6 +2383,11 @@ make-dir@^2.1.0:
     pify "^4.0.1"
     semver "^5.6.0"
 
+make-error@^1.1.1:
+  version "1.3.6"
+  resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2"
+  integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==
+
 md5@^2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/md5/-/md5-2.3.0.tgz#c3da9a6aae3a30b46b7b0c349b87b110dc3bda4f"
@@ -1879,11 +2410,18 @@ micromatch@^4.0.4:
     braces "^3.0.2"
     picomatch "^2.3.1"
 
-mime-db@^1.28.0:
+mime-db@1.52.0, mime-db@^1.28.0:
   version "1.52.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"
   integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
 
+mime-types@^2.1.12:
+  version "2.1.35"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a"
+  integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
+  dependencies:
+    mime-db "1.52.0"
+
 mimic-fn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b"
@@ -1991,7 +2529,7 @@ node-abi@^2.21.0:
   dependencies:
     semver "^5.4.1"
 
-node-fetch@2, node-fetch@2.6.7, node-fetch@^2.6.6:
+node-fetch@2.6.7, node-fetch@^2.6.6:
   version "2.6.7"
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.7.tgz#24de9fba827e3b4ae44dc8b20256a379160052ad"
   integrity sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==
@@ -2137,7 +2675,7 @@ pend@~1.2.0:
   resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50"
   integrity sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==
 
-picomatch@^2.3.1:
+picomatch@^2.2.3, picomatch@^2.3.1:
   version "2.3.1"
   resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42"
   integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==
@@ -2300,6 +2838,15 @@ prepend-http@^2.0.0:
   resolved "https://registry.yarnpkg.com/prepend-http/-/prepend-http-2.0.0.tgz#e92434bfa5ea8c19f41cdfd401d741a3c819d897"
   integrity sha512-ravE6m9Atw9Z/jjttRUZ+clIXogdghyZAuWJ3qEzjT+jI/dL1ifAqhZeC5VHzQp1MSt1+jxKkFNemj/iO7tVUA==
 
+pretty-format@^29.0.0, pretty-format@^29.4.3:
+  version "29.4.3"
+  resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-29.4.3.tgz#25500ada21a53c9e8423205cf0337056b201244c"
+  integrity sha512-cvpcHTc42lcsvOOAzd3XuNWTcvk1Jmnzqeu+WsOuiPmxUJTnkbAcFNsRKvEpBEUFVUgy/GTZLulZDcDEi+CIlA==
+  dependencies:
+    "@jest/schemas" "^29.4.3"
+    ansi-styles "^5.0.0"
+    react-is "^18.0.0"
+
 printj@^1.3.0:
   version "1.3.1"
   resolved "https://registry.yarnpkg.com/printj/-/printj-1.3.1.tgz#9af6b1d55647a1587ac44f4c1654a4b95b8e12cb"
@@ -2374,6 +2921,11 @@ rc@^1.2.7:
     minimist "^1.2.0"
     strip-json-comments "~2.0.1"
 
+react-is@^18.0.0:
+  version "18.2.0"
+  resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.2.0.tgz#199431eeaaa2e09f86427efbb4f1473edb47609b"
+  integrity sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w==
+
 readable-stream@1.1.14, readable-stream@^1.0.27-1:
   version "1.1.14"
   resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-1.1.14.tgz#7cf4c54ef648e3813084c636dd2079e166c081d9"
@@ -2656,6 +3208,13 @@ sprintf-js@~1.0.2:
   resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
   integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==
 
+stack-utils@^2.0.3:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/stack-utils/-/stack-utils-2.0.6.tgz#aaf0748169c02fc33c8232abccf933f54a1cc34f"
+  integrity sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==
+  dependencies:
+    escape-string-regexp "^2.0.0"
+
 stream-meter@^1.0.4:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/stream-meter/-/stream-meter-1.0.4.tgz#52af95aa5ea760a2491716704dbff90f73afdd1d"
@@ -2911,6 +3470,25 @@ trim-repeated@^1.0.0:
   dependencies:
     escape-string-regexp "^1.0.2"
 
+ts-node@^10.9.1:
+  version "10.9.1"
+  resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b"
+  integrity sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==
+  dependencies:
+    "@cspotcode/source-map-support" "^0.8.0"
+    "@tsconfig/node10" "^1.0.7"
+    "@tsconfig/node12" "^1.0.7"
+    "@tsconfig/node14" "^1.0.0"
+    "@tsconfig/node16" "^1.0.2"
+    acorn "^8.4.1"
+    acorn-walk "^8.1.1"
+    arg "^4.1.0"
+    create-require "^1.1.0"
+    diff "^4.0.1"
+    make-error "^1.1.1"
+    v8-compile-cache-lib "^3.0.1"
+    yn "3.1.1"
+
 tslib@^1.9.0:
   version "1.14.1"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
@@ -2940,6 +3518,11 @@ type-fest@^0.21.3:
   resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37"
   integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==
 
+typescript@4.7.3:
+  version "4.7.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.7.3.tgz#8364b502d5257b540f9de4c40be84c98e23a129d"
+  integrity sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==
+
 typical@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/typical/-/typical-4.0.0.tgz#cbeaff3b9d7ae1e2bbfaf5a4e6f11eccfde94fc4"
@@ -3015,6 +3598,11 @@ uuid@8.3.2, uuid@^8.3.2:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
 
+v8-compile-cache-lib@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf"
+  integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==
+
 v8-compile-cache@^2.0.3:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.3.0.tgz#2de19618c66dc247dcfb6f99338035d8245a2cee"
@@ -3131,3 +3719,8 @@ yauzl@^2.4.2:
   dependencies:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
+
+yn@3.1.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/yn/-/yn-3.1.1.tgz#1e87401a09d767c1d5eab26a6e4c185182d2eb50"
+  integrity sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==
diff --git a/packages/client/package.json b/packages/client/package.json
index 5e2dad5217..067f25e790 100644
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/client",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "license": "MPL-2.0",
   "module": "dist/budibase-client.js",
   "main": "dist/budibase-client.js",
@@ -19,9 +19,9 @@
     "dev:builder": "rollup -cw"
   },
   "dependencies": {
-    "@budibase/bbui": "^2.3.16",
-    "@budibase/frontend-core": "^2.3.16",
-    "@budibase/string-templates": "^2.3.16",
+    "@budibase/bbui": "2.3.21-alpha.1",
+    "@budibase/frontend-core": "2.3.21-alpha.1",
+    "@budibase/string-templates": "2.3.21-alpha.1",
     "@spectrum-css/button": "^3.0.3",
     "@spectrum-css/card": "^3.0.3",
     "@spectrum-css/divider": "^1.0.3",
diff --git a/packages/client/src/components/Component.svelte b/packages/client/src/components/Component.svelte
index a846a315bc..d94199bc49 100644
--- a/packages/client/src/components/Component.svelte
+++ b/packages/client/src/components/Component.svelte
@@ -72,6 +72,9 @@
   // These are a combination of the enriched, nested and conditional settings.
   let cachedSettings
 
+  // Conditional UI expressions, enriched and ready to evaluate
+  let conditions
+
   // Latest timestamp that we started a props update.
   // Due to enrichment now being async, we need to avoid overwriting newer
   // settings with old ones, depending on how long enrichment takes.
@@ -150,9 +153,7 @@
   $: enrichComponentSettings($context, settingsDefinitionMap)
 
   // Evaluate conditional UI settings and store any component setting changes
-  // which need to be made. This is broken into 2 lines to avoid svelte
-  // reactivity re-evaluating conditions more often than necessary.
-  $: conditions = enrichedSettings?._conditions
+  // which need to be made
   $: evaluateConditions(conditions)
 
   // Determine and apply settings to the component
@@ -297,7 +298,7 @@
     let newStaticSettings = { ...settings }
     let newDynamicSettings = { ...settings }
 
-    // Attach some internal properties
+    // Attach some internal properties which we assume always need enriched
     newDynamicSettings["_conditions"] = instance._conditions
     newDynamicSettings["_css"] = instance._styles?.custom
 
@@ -336,6 +337,24 @@
     }
   }
 
+  // Generates the array of conditional UI expressions, accounting for both
+  // nested and non-nested settings, extracting a mixture of values from both
+  // the un-enriched and enriched settings
+  const generateConditions = () => {
+    if (!enrichedSettings?._conditions) {
+      conditions = []
+      return
+    }
+    conditions = enrichedSettings._conditions.map(condition => {
+      const raw = instance._conditions?.find(x => x.id === condition.id)
+      if (settingsDefinitionMap[condition.setting]?.nested && raw) {
+        return { ...condition, settingValue: raw.settingValue }
+      } else {
+        return condition
+      }
+    })
+  }
+
   // Enriches any string component props using handlebars
   const enrichComponentSettings = (
     context,
@@ -364,7 +383,11 @@
       return
     }
 
+    // Store new enriched settings
     enrichedSettings = newEnrichedSettings
+
+    // Once settings have been enriched, re-evaluate conditions
+    generateConditions()
   }
 
   // Evaluates the list of conditional UI conditions and determines any setting
diff --git a/packages/client/src/stores/routes.js b/packages/client/src/stores/routes.js
index 69cd42d5f5..8e318af2e3 100644
--- a/packages/client/src/stores/routes.js
+++ b/packages/client/src/stores/routes.js
@@ -66,22 +66,27 @@ const createRouteStore = () => {
       return state
     })
   }
-  const navigate = (url, peek) => {
+  const navigate = (url, peek, externalNewTab) => {
     if (get(builderStore).inBuilder) {
       return
     }
     if (url) {
       // If we're already peeking, don't peek again
       const isPeeking = get(store).queryParams?.peek
-      if (peek && !isPeeking) {
+      const external = !url.startsWith("/")
+      if (peek && !isPeeking && !external) {
         peekStore.actions.showPeek(url)
-      } else {
-        const external = !url.startsWith("/")
-        if (external) {
-          window.location.href = url
-        } else {
-          push(url)
+      } else if (external) {
+        if (url.startsWith("www")) {
+          url = `https://${url}`
         }
+        if (externalNewTab) {
+          window.open(url, "_blank")
+        } else {
+          window.location.href = url
+        }
+      } else {
+        push(url)
       }
     }
   }
diff --git a/packages/client/src/utils/buttonActions.js b/packages/client/src/utils/buttonActions.js
index 06bc6f356a..895584b782 100644
--- a/packages/client/src/utils/buttonActions.js
+++ b/packages/client/src/utils/buttonActions.js
@@ -87,6 +87,20 @@ const duplicateRowHandler = async (action, context) => {
   }
 }
 
+const fetchRowHandler = async action => {
+  const { tableId, rowId } = action.parameters
+
+  if (tableId && rowId) {
+    try {
+      const row = await API.fetchRow({ tableId, rowId })
+
+      return { row }
+    } catch (error) {
+      return false
+    }
+  }
+}
+
 const deleteRowHandler = async action => {
   const { tableId, revId, rowId, notificationOverride } = action.parameters
   if (tableId && rowId) {
@@ -126,8 +140,8 @@ const triggerAutomationHandler = async action => {
 }
 
 const navigationHandler = action => {
-  const { url, peek } = action.parameters
-  routeStore.actions.navigate(url, peek)
+  const { url, peek, externalNewTab } = action.parameters
+  routeStore.actions.navigate(url, peek, externalNewTab)
 }
 
 const queryExecutionHandler = async action => {
@@ -341,6 +355,7 @@ const CloseSidePanelHandler = () => {
 }
 
 const handlerMap = {
+  ["Fetch Row"]: fetchRowHandler,
   ["Save Row"]: saveRowHandler,
   ["Duplicate Row"]: duplicateRowHandler,
   ["Delete Row"]: deleteRowHandler,
diff --git a/packages/frontend-core/package.json b/packages/frontend-core/package.json
index 897b7107cf..90040e88c3 100644
--- a/packages/frontend-core/package.json
+++ b/packages/frontend-core/package.json
@@ -1,12 +1,12 @@
 {
   "name": "@budibase/frontend-core",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase frontend core libraries used in builder and client",
   "author": "Budibase",
   "license": "MPL-2.0",
   "svelte": "src/index.js",
   "dependencies": {
-    "@budibase/bbui": "^2.3.16",
+    "@budibase/bbui": "2.3.21-alpha.1",
     "lodash": "^4.17.21",
     "svelte": "^3.46.2"
   }
diff --git a/packages/frontend-core/src/api/auditLogs.js b/packages/frontend-core/src/api/auditLogs.js
new file mode 100644
index 0000000000..c4230df6d9
--- /dev/null
+++ b/packages/frontend-core/src/api/auditLogs.js
@@ -0,0 +1,63 @@
+const buildOpts = ({
+  bookmark,
+  userIds,
+  appIds,
+  startDate,
+  endDate,
+  fullSearch,
+  events,
+}) => {
+  const opts = {}
+
+  if (bookmark) {
+    opts.bookmark = bookmark
+  }
+
+  if (startDate && endDate) {
+    opts.startDate = startDate
+    opts.endDate = endDate
+  } else if (startDate && !endDate) {
+    opts.startDate = startDate
+  }
+
+  if (fullSearch) {
+    opts.fullSearch = fullSearch
+  }
+
+  if (events.length) {
+    opts.events = events
+  }
+
+  if (userIds.length) {
+    opts.userIds = userIds
+  }
+
+  if (appIds.length) {
+    opts.appIds = appIds
+  }
+
+  return opts
+}
+
+export const buildAuditLogsEndpoints = API => ({
+  /**
+   * Gets a list of users in the current tenant.
+   */
+  searchAuditLogs: async opts => {
+    return await API.post({
+      url: `/api/global/auditlogs/search`,
+      body: buildOpts(opts),
+    })
+  },
+
+  getEventDefinitions: async () => {
+    return await API.get({
+      url: `/api/global/auditlogs/definitions`,
+    })
+  },
+
+  getDownloadUrl: opts => {
+    const query = encodeURIComponent(JSON.stringify(opts))
+    return `/api/global/auditlogs/download?query=${query}`
+  },
+})
diff --git a/packages/frontend-core/src/api/backups.js b/packages/frontend-core/src/api/backups.js
index 8658815b15..7663ae09af 100644
--- a/packages/frontend-core/src/api/backups.js
+++ b/packages/frontend-core/src/api/backups.js
@@ -21,10 +21,9 @@ export const buildBackupsEndpoints = API => ({
     })
   },
 
-  createManualBackup: async ({ appId, name }) => {
+  createManualBackup: async ({ appId }) => {
     return await API.post({
       url: `/api/apps/${appId}/backups`,
-      body: { name },
     })
   },
 
diff --git a/packages/frontend-core/src/api/index.js b/packages/frontend-core/src/api/index.js
index e2935b416b..f8eee45cb8 100644
--- a/packages/frontend-core/src/api/index.js
+++ b/packages/frontend-core/src/api/index.js
@@ -28,6 +28,8 @@ import { buildPluginEndpoints } from "./plugins"
 import { buildBackupsEndpoints } from "./backups"
 import { buildEnvironmentVariableEndpoints } from "./environmentVariables"
 import { buildEventEndpoints } from "./events"
+import { buildAuditLogsEndpoints } from "./auditLogs"
+
 const defaultAPIClientConfig = {
   /**
    * Certain definitions can't change at runtime for client apps, such as the
@@ -250,5 +252,6 @@ export const createAPIClient = config => {
     ...buildBackupsEndpoints(API),
     ...buildEnvironmentVariableEndpoints(API),
     ...buildEventEndpoints(API),
+    ...buildAuditLogsEndpoints(API),
   }
 }
diff --git a/packages/frontend-core/src/api/user.js b/packages/frontend-core/src/api/user.js
index 9875605ce0..cb8a8f6555 100644
--- a/packages/frontend-core/src/api/user.js
+++ b/packages/frontend-core/src/api/user.js
@@ -12,8 +12,10 @@ export const buildUserEndpoints = API => ({
    * Gets a list of users in the current tenant.
    * @param {string} page The page to retrieve
    * @param {string} search The starts with string to search username/email by.
+   * @param {string} appId Facilitate app/role based user searching
+   * @param {boolean} paginated Allow the disabling of pagination
    */
-  searchUsers: async ({ page, email, appId } = {}) => {
+  searchUsers: async ({ paginated, page, email, appId } = {}) => {
     const opts = {}
     if (page) {
       opts.page = page
@@ -24,6 +26,9 @@ export const buildUserEndpoints = API => ({
     if (appId) {
       opts.appId = appId
     }
+    if (typeof paginated === "boolean") {
+      opts.paginated = paginated
+    }
     return await API.post({
       url: `/api/global/users/search`,
       body: opts,
@@ -133,7 +138,7 @@ export const buildUserEndpoints = API => ({
    * @param builder whether the user should be a global builder
    * @param admin whether the user should be a global admin
    */
-  inviteUser: async ({ email, builder, admin }) => {
+  inviteUser: async ({ email, builder, admin, apps }) => {
     return await API.post({
       url: "/api/global/users/invite",
       body: {
@@ -141,11 +146,43 @@ export const buildUserEndpoints = API => ({
         userInfo: {
           admin: admin ? { global: true } : undefined,
           builder: builder ? { global: true } : undefined,
+          apps: apps ? apps : undefined,
         },
       },
     })
   },
 
+  onboardUsers: async payload => {
+    return await API.post({
+      url: "/api/global/users/onboard",
+      body: payload.map(invite => {
+        const { email, admin, builder, apps } = invite
+        return {
+          email,
+          userInfo: {
+            admin: admin ? { global: true } : undefined,
+            builder: builder ? { global: true } : undefined,
+            apps: apps ? apps : undefined,
+          },
+        }
+      }),
+    })
+  },
+
+  /**
+   * Accepts a user invite as a body and will update the associated app roles.
+   * for an existing invite
+   * @param invite the invite code sent in the email
+   */
+  updateUserInvite: async invite => {
+    await API.post({
+      url: `/api/global/users/invite/update/${invite.code}`,
+      body: {
+        apps: invite.apps,
+      },
+    })
+  },
+
   /**
    * Retrieves the invitation associated with a provided code.
    * @param code The unique code for the target invite
@@ -156,6 +193,16 @@ export const buildUserEndpoints = API => ({
     })
   },
 
+  /**
+   * Retrieves the invitation associated with a provided code.
+   * @param code The unique code for the target invite
+   */
+  getUserInvites: async () => {
+    return await API.get({
+      url: `/api/global/users/invites`,
+    })
+  },
+
   /**
    * Invites multiple users to the current tenant.
    * @param users An array of users to invite
@@ -169,6 +216,7 @@ export const buildUserEndpoints = API => ({
           admin: user.admin ? { global: true } : undefined,
           builder: user.admin || user.builder ? { global: true } : undefined,
           userGroups: user.groups,
+          roles: user.apps ? user.apps : undefined,
         },
       })),
     })
diff --git a/packages/frontend-core/src/constants.js b/packages/frontend-core/src/constants.js
index 3a16013df2..09b7a00aec 100644
--- a/packages/frontend-core/src/constants.js
+++ b/packages/frontend-core/src/constants.js
@@ -115,6 +115,8 @@ export const Features = {
   USER_GROUPS: "userGroups",
   BACKUPS: "appBackups",
   ENVIRONMENT_VARIABLES: "environmentVariables",
+  AUDIT_LOGS: "auditLogs",
+  ENFORCEABLE_SSO: "enforceableSSO",
 }
 
 // Role IDs
diff --git a/packages/frontend-core/src/fetch/UserFetch.js b/packages/frontend-core/src/fetch/UserFetch.js
index 9aeadbc0f5..5372d0ec33 100644
--- a/packages/frontend-core/src/fetch/UserFetch.js
+++ b/packages/frontend-core/src/fetch/UserFetch.js
@@ -35,6 +35,7 @@ export default class UserFetch extends DataFetch {
         page: cursor,
         email: query.email,
         appId: query.appId,
+        paginated: query.paginated,
       })
       return {
         rows: res?.data || [],
diff --git a/packages/sdk/package.json b/packages/sdk/package.json
index 51f5ca70e0..4745854121 100644
--- a/packages/sdk/package.json
+++ b/packages/sdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/sdk",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase Public API SDK",
   "author": "Budibase",
   "license": "MPL-2.0",
diff --git a/packages/server/__mocks__/node-fetch.ts b/packages/server/__mocks__/node-fetch.ts
index 78071dc8af..fdf44d173d 100644
--- a/packages/server/__mocks__/node-fetch.ts
+++ b/packages/server/__mocks__/node-fetch.ts
@@ -172,6 +172,9 @@ module FetchMock {
         ),
         ok: true,
       })
+    } else if (url === "https://www.googleapis.com/oauth2/v4/token") {
+      // any valid response
+      return json({})
     } else if (url.includes("failonce.com")) {
       failCount++
       if (failCount === 1) {
diff --git a/packages/server/jest.config.ts b/packages/server/jest.config.ts
index 41558d4c8e..f247e90bd1 100644
--- a/packages/server/jest.config.ts
+++ b/packages/server/jest.config.ts
@@ -11,22 +11,17 @@ const baseConfig: Config.InitialProjectOptions = {
   transform: {
     "^.+\\.ts?$": "@swc/jest",
   },
-}
-
-if (!process.env.CI) {
-  // use sources when not in CI
-  baseConfig.moduleNameMapper = {
+  moduleNameMapper: {
     "@budibase/backend-core/(.*)": "<rootDir>/../backend-core/$1",
     "@budibase/backend-core": "<rootDir>/../backend-core/src",
     "@budibase/types": "<rootDir>/../types/src",
-  }
-  // add pro sources if they exist
-  if (fs.existsSync("../../../budibase-pro")) {
-    baseConfig.moduleNameMapper["@budibase/pro"] =
-      "<rootDir>/../../../budibase-pro/packages/pro/src"
-  }
-} else {
-  console.log("Running tests with compiled dependency sources")
+  },
+}
+
+// add pro sources if they exist
+if (fs.existsSync("../../../budibase-pro")) {
+  baseConfig.moduleNameMapper["@budibase/pro"] =
+    "<rootDir>/../../../budibase-pro/packages/pro/src"
 }
 
 const config: Config.InitialOptions = {
@@ -44,6 +39,7 @@ const config: Config.InitialOptions = {
   ],
   collectCoverageFrom: [
     "src/**/*.{js,ts}",
+    "../backend-core/src/**/*.{js,ts}",
     // The use of coverage with couchdb view functions breaks tests
     "!src/db/views/staticViews.*",
   ],
diff --git a/packages/server/package.json b/packages/server/package.json
index 61d57c4179..d9b1e1a9a1 100644
--- a/packages/server/package.json
+++ b/packages/server/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/server",
   "email": "hi@budibase.com",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase Web Server",
   "main": "src/index.ts",
   "repository": {
@@ -14,7 +14,7 @@
     "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
     "debug": "yarn build && node --expose-gc --inspect=9222 dist/index.js",
     "postbuild": "copyfiles -u 1 src/**/*.svelte dist/ && copyfiles -u 1 src/**/*.hbs dist/ && copyfiles -u 1 src/**/*.json dist/",
-    "test": "jest --coverage --maxWorkers=2",
+    "test": "bash scripts/test.sh",
     "test:watch": "jest --watch",
     "predocker": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client",
     "build:docker": "yarn run predocker && docker build . -t app-service --label version=$BUDIBASE_RELEASE_VERSION",
@@ -25,7 +25,7 @@
     "dev:stack:down": "node scripts/dev/manage.js down",
     "dev:stack:nuke": "node scripts/dev/manage.js nuke",
     "dev:builder": "yarn run dev:stack:up && nodemon",
-    "specs": "node specs/generate.js && openapi-typescript specs/openapi.yaml --output src/definitions/openapi.ts",
+    "specs": "ts-node specs/generate.ts && openapi-typescript specs/openapi.yaml --output src/definitions/openapi.ts",
     "initialise": "node scripts/initialise.js",
     "env:multi:enable": "node scripts/multiTenancy.js enable",
     "env:multi:disable": "node scripts/multiTenancy.js disable",
@@ -43,11 +43,11 @@
   "license": "GPL-3.0",
   "dependencies": {
     "@apidevtools/swagger-parser": "10.0.3",
-    "@budibase/backend-core": "^2.3.16",
-    "@budibase/client": "^2.3.16",
-    "@budibase/pro": "2.3.16",
-    "@budibase/string-templates": "^2.3.16",
-    "@budibase/types": "^2.3.16",
+    "@budibase/backend-core": "2.3.21-alpha.1",
+    "@budibase/client": "2.3.21-alpha.1",
+    "@budibase/pro": "2.3.21-alpha.1",
+    "@budibase/string-templates": "2.3.21-alpha.1",
+    "@budibase/types": "2.3.21-alpha.1",
     "@bull-board/api": "3.7.0",
     "@bull-board/koa": "3.9.4",
     "@elastic/elasticsearch": "7.10.0",
@@ -87,6 +87,7 @@
     "koa-send": "5.0.0",
     "koa-session": "5.12.0",
     "koa-static": "5.0.0",
+    "koa-useragent": "^4.1.0",
     "koa2-ratelimit": "1.1.1",
     "lodash": "4.17.21",
     "memorystream": "0.3.1",
@@ -142,6 +143,7 @@
     "@types/pouchdb": "6.4.0",
     "@types/redis": "4.0.11",
     "@types/server-destroy": "1.0.1",
+    "@types/supertest": "2.0.12",
     "@types/tar": "6.1.3",
     "@typescript-eslint/parser": "5.45.0",
     "apidoc": "0.50.4",
@@ -160,7 +162,7 @@
     "path-to-regexp": "6.2.0",
     "prettier": "2.5.1",
     "rimraf": "3.0.2",
-    "supertest": "4.0.2",
+    "supertest": "6.2.2",
     "swagger-jsdoc": "6.1.0",
     "timekeeper": "2.2.0",
     "ts-jest": "28.0.4",
diff --git a/packages/server/scripts/test.sh b/packages/server/scripts/test.sh
new file mode 100644
index 0000000000..2f3f54cb25
--- /dev/null
+++ b/packages/server/scripts/test.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -n $CI ]]
+then
+  # --runInBand performs better in ci where resources are limited
+  echo "jest --coverage --runInBand"
+  jest --coverage --runInBand
+else
+  # --maxWorkers performs better in development
+  echo "jest --coverage --maxWorkers=2"
+  jest --coverage --maxWorkers=2
+fi
\ No newline at end of file
diff --git a/packages/server/specs/generate.js b/packages/server/specs/generate.ts
similarity index 87%
rename from packages/server/specs/generate.js
rename to packages/server/specs/generate.ts
index f6a055f683..39d8a50ade 100644
--- a/packages/server/specs/generate.js
+++ b/packages/server/specs/generate.ts
@@ -1,9 +1,9 @@
+import { join } from "path"
+import { writeFileSync } from "fs"
+import { examples, schemas } from "./resources"
+import * as parameters from "./parameters"
+import * as security from "./security"
 const swaggerJsdoc = require("swagger-jsdoc")
-const { join } = require("path")
-const { writeFileSync } = require("fs")
-const { examples, schemas } = require("./resources")
-const parameters = require("./parameters")
-const security = require("./security")
 
 const VARIABLES = {}
 
@@ -60,7 +60,7 @@ const options = {
   apis: [join(__dirname, "..", "src", "api", "routes", "public", "*.ts")],
 }
 
-function writeFile(output, filename) {
+function writeFile(output: any, filename: string) {
   try {
     const path = join(__dirname, filename)
     let spec = output
@@ -79,7 +79,7 @@ function writeFile(output, filename) {
   }
 }
 
-function run() {
+export function run() {
   const outputJSON = swaggerJsdoc(options)
   options.format = ".yaml"
   const outputYAML = swaggerJsdoc(options)
@@ -90,5 +90,3 @@ function run() {
 if (require.main === module) {
   run()
 }
-
-module.exports = run
diff --git a/packages/server/specs/openapi.json b/packages/server/specs/openapi.json
index e1b977b113..121828b21c 100644
--- a/packages/server/specs/openapi.json
+++ b/packages/server/specs/openapi.json
@@ -1829,7 +1829,7 @@
   "paths": {
     "/applications": {
       "post": {
-        "operationId": "create",
+        "operationId": "appCreate",
         "summary": "Create an application",
         "tags": [
           "applications"
@@ -1870,7 +1870,7 @@
     },
     "/applications/{appId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "appUpdate",
         "summary": "Update an application",
         "tags": [
           "applications"
@@ -1909,7 +1909,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "appDestroy",
         "summary": "Delete an application",
         "tags": [
           "applications"
@@ -1938,7 +1938,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "appGetById",
         "summary": "Retrieve an application",
         "tags": [
           "applications"
@@ -1969,7 +1969,7 @@
     },
     "/applications/{appId}/unpublish": {
       "post": {
-        "operationId": "unpublish",
+        "operationId": "appUnpublish",
         "summary": "Unpublish an application",
         "tags": [
           "applications"
@@ -1988,7 +1988,7 @@
     },
     "/applications/{appId}/publish": {
       "post": {
-        "operationId": "publish",
+        "operationId": "appPublish",
         "summary": "Unpublish an application",
         "tags": [
           "applications"
@@ -2019,7 +2019,7 @@
     },
     "/applications/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "appSearch",
         "summary": "Search for applications",
         "description": "Based on application properties (currently only name) search for applications.",
         "tags": [
@@ -2074,7 +2074,7 @@
     },
     "/queries/{queryId}": {
       "post": {
-        "operationId": "execute",
+        "operationId": "queryExecute",
         "summary": "Execute a query",
         "description": "Queries which have been created within a Budibase app can be executed using this,",
         "tags": [
@@ -2122,7 +2122,7 @@
     },
     "/queries/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "querySearch",
         "summary": "Search for queries",
         "description": "Based on query properties (currently only name) search for queries.",
         "tags": [
@@ -2164,7 +2164,7 @@
     },
     "/tables/{tableId}/rows": {
       "post": {
-        "operationId": "create",
+        "operationId": "rowCreate",
         "summary": "Create a row",
         "description": "Creates a row within the specified table.",
         "tags": [
@@ -2214,7 +2214,7 @@
     },
     "/tables/{tableId}/rows/{rowId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "rowUpdate",
         "summary": "Update a row",
         "description": "Updates a row within the specified table.",
         "tags": [
@@ -2265,7 +2265,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "rowDestroy",
         "summary": "Delete a row",
         "description": "Deletes a row within the specified table.",
         "tags": [
@@ -2301,7 +2301,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "rowGetById",
         "summary": "Retrieve a row",
         "description": "This gets a single row, it will be enriched with the full related rows, rather than the squashed \"primaryDisplay\" format returned by the search endpoint.",
         "tags": [
@@ -2339,7 +2339,7 @@
     },
     "/tables/{tableId}/rows/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "rowSearch",
         "summary": "Search for rows",
         "tags": [
           "rows"
@@ -2383,7 +2383,7 @@
     },
     "/tables": {
       "post": {
-        "operationId": "create",
+        "operationId": "tableCreate",
         "summary": "Create a table",
         "description": "Create a table, this could be internal or external.",
         "tags": [
@@ -2429,7 +2429,7 @@
     },
     "/tables/{tableId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "tableUpdate",
         "summary": "Update a table",
         "description": "Update a table, this could be internal or external.",
         "tags": [
@@ -2476,7 +2476,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "tableDestroy",
         "summary": "Delete a table",
         "description": "Delete a table, this could be internal or external.",
         "tags": [
@@ -2509,7 +2509,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "tableGetById",
         "summary": "Retrieve a table",
         "description": "Lookup a table, this could be internal or external.",
         "tags": [
@@ -2544,7 +2544,7 @@
     },
     "/tables/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "tableSearch",
         "summary": "Search for tables",
         "description": "Based on table properties (currently only name) search for tables. This could be an internal or an external table.",
         "tags": [
@@ -2586,7 +2586,7 @@
     },
     "/users": {
       "post": {
-        "operationId": "create",
+        "operationId": "userCreate",
         "summary": "Create a user",
         "tags": [
           "users"
@@ -2622,7 +2622,7 @@
     },
     "/users/{userId}": {
       "put": {
-        "operationId": "update",
+        "operationId": "userUpdate",
         "summary": "Update a user",
         "tags": [
           "users"
@@ -2661,7 +2661,7 @@
         }
       },
       "delete": {
-        "operationId": "destroy",
+        "operationId": "userDestroy",
         "summary": "Delete a user",
         "tags": [
           "users"
@@ -2690,7 +2690,7 @@
         }
       },
       "get": {
-        "operationId": "getById",
+        "operationId": "userGetById",
         "summary": "Retrieve a user",
         "tags": [
           "users"
@@ -2721,7 +2721,7 @@
     },
     "/users/search": {
       "post": {
-        "operationId": "search",
+        "operationId": "userSearch",
         "summary": "Search for users",
         "description": "Based on user properties (currently only name) search for users.",
         "tags": [
diff --git a/packages/server/specs/openapi.yaml b/packages/server/specs/openapi.yaml
index dc92c818b7..3243959c65 100644
--- a/packages/server/specs/openapi.yaml
+++ b/packages/server/specs/openapi.yaml
@@ -1397,7 +1397,7 @@ security:
 paths:
   /applications:
     post:
-      operationId: create
+      operationId: appCreate
       summary: Create an application
       tags:
         - applications
@@ -1421,7 +1421,7 @@ paths:
                   $ref: "#/components/examples/application"
   "/applications/{appId}":
     put:
-      operationId: update
+      operationId: appUpdate
       summary: Update an application
       tags:
         - applications
@@ -1444,7 +1444,7 @@ paths:
                 application:
                   $ref: "#/components/examples/application"
     delete:
-      operationId: destroy
+      operationId: appDestroy
       summary: Delete an application
       tags:
         - applications
@@ -1461,7 +1461,7 @@ paths:
                 application:
                   $ref: "#/components/examples/application"
     get:
-      operationId: getById
+      operationId: appGetById
       summary: Retrieve an application
       tags:
         - applications
@@ -1479,7 +1479,7 @@ paths:
                   $ref: "#/components/examples/application"
   "/applications/{appId}/unpublish":
     post:
-      operationId: unpublish
+      operationId: appUnpublish
       summary: Unpublish an application
       tags:
         - applications
@@ -1490,7 +1490,7 @@ paths:
           description: The app was published successfully.
   "/applications/{appId}/publish":
     post:
-      operationId: publish
+      operationId: appPublish
       summary: Unpublish an application
       tags:
         - applications
@@ -1508,7 +1508,7 @@ paths:
                   $ref: "#/components/examples/deploymentOutput"
   /applications/search:
     post:
-      operationId: search
+      operationId: appSearch
       summary: Search for applications
       description: Based on application properties (currently only name) search for
         applications.
@@ -1545,7 +1545,7 @@ paths:
             ? text/plain
   "/queries/{queryId}":
     post:
-      operationId: execute
+      operationId: queryExecute
       summary: Execute a query
       description: Queries which have been created within a Budibase app can be
         executed using this,
@@ -1574,7 +1574,7 @@ paths:
                   $ref: "#/components/examples/sqlResponse"
   /queries/search:
     post:
-      operationId: search
+      operationId: querySearch
       summary: Search for queries
       description: Based on query properties (currently only name) search for queries.
       tags:
@@ -1599,7 +1599,7 @@ paths:
                   $ref: "#/components/examples/queries"
   "/tables/{tableId}/rows":
     post:
-      operationId: create
+      operationId: rowCreate
       summary: Create a row
       description: Creates a row within the specified table.
       tags:
@@ -1630,7 +1630,7 @@ paths:
                   $ref: "#/components/examples/row"
   "/tables/{tableId}/rows/{rowId}":
     put:
-      operationId: update
+      operationId: rowUpdate
       summary: Update a row
       description: Updates a row within the specified table.
       tags:
@@ -1660,7 +1660,7 @@ paths:
                 row:
                   $ref: "#/components/examples/row"
     delete:
-      operationId: destroy
+      operationId: rowDestroy
       summary: Delete a row
       description: Deletes a row within the specified table.
       tags:
@@ -1681,7 +1681,7 @@ paths:
                 row:
                   $ref: "#/components/examples/row"
     get:
-      operationId: getById
+      operationId: rowGetById
       summary: Retrieve a row
       description: This gets a single row, it will be enriched with the full related
         rows, rather than the squashed "primaryDisplay" format returned by the
@@ -1704,7 +1704,7 @@ paths:
                   $ref: "#/components/examples/enrichedRow"
   "/tables/{tableId}/rows/search":
     post:
-      operationId: search
+      operationId: rowSearch
       summary: Search for rows
       tags:
         - rows
@@ -1730,7 +1730,7 @@ paths:
                   $ref: "#/components/examples/rows"
   /tables:
     post:
-      operationId: create
+      operationId: tableCreate
       summary: Create a table
       description: Create a table, this could be internal or external.
       tags:
@@ -1758,7 +1758,7 @@ paths:
                   $ref: "#/components/examples/table"
   "/tables/{tableId}":
     put:
-      operationId: update
+      operationId: tableUpdate
       summary: Update a table
       description: Update a table, this could be internal or external.
       tags:
@@ -1785,7 +1785,7 @@ paths:
                 table:
                   $ref: "#/components/examples/table"
     delete:
-      operationId: destroy
+      operationId: tableDestroy
       summary: Delete a table
       description: Delete a table, this could be internal or external.
       tags:
@@ -1804,7 +1804,7 @@ paths:
                 table:
                   $ref: "#/components/examples/table"
     get:
-      operationId: getById
+      operationId: tableGetById
       summary: Retrieve a table
       description: Lookup a table, this could be internal or external.
       tags:
@@ -1824,7 +1824,7 @@ paths:
                   $ref: "#/components/examples/table"
   /tables/search:
     post:
-      operationId: search
+      operationId: tableSearch
       summary: Search for tables
       description: Based on table properties (currently only name) search for tables.
         This could be an internal or an external table.
@@ -1850,7 +1850,7 @@ paths:
                   $ref: "#/components/examples/tables"
   /users:
     post:
-      operationId: create
+      operationId: userCreate
       summary: Create a user
       tags:
         - users
@@ -1872,7 +1872,7 @@ paths:
                   $ref: "#/components/examples/user"
   "/users/{userId}":
     put:
-      operationId: update
+      operationId: userUpdate
       summary: Update a user
       tags:
         - users
@@ -1895,7 +1895,7 @@ paths:
                 user:
                   $ref: "#/components/examples/user"
     delete:
-      operationId: destroy
+      operationId: userDestroy
       summary: Delete a user
       tags:
         - users
@@ -1912,7 +1912,7 @@ paths:
                 user:
                   $ref: "#/components/examples/user"
     get:
-      operationId: getById
+      operationId: userGetById
       summary: Retrieve a user
       tags:
         - users
@@ -1930,7 +1930,7 @@ paths:
                   $ref: "#/components/examples/user"
   /users/search:
     post:
-      operationId: search
+      operationId: userSearch
       summary: Search for users
       description: Based on user properties (currently only name) search for users.
       tags:
diff --git a/packages/server/specs/parameters.js b/packages/server/specs/parameters.ts
similarity index 86%
rename from packages/server/specs/parameters.js
rename to packages/server/specs/parameters.ts
index ca7a0a9a27..a928026bb1 100644
--- a/packages/server/specs/parameters.js
+++ b/packages/server/specs/parameters.ts
@@ -1,4 +1,4 @@
-exports.tableId = {
+export const tableId = {
   in: "path",
   name: "tableId",
   required: true,
@@ -8,7 +8,7 @@ exports.tableId = {
   },
 }
 
-exports.rowId = {
+export const rowId = {
   in: "path",
   name: "rowId",
   required: true,
@@ -18,7 +18,7 @@ exports.rowId = {
   },
 }
 
-exports.appId = {
+export const appId = {
   in: "header",
   name: "x-budibase-app-id",
   required: true,
@@ -28,7 +28,7 @@ exports.appId = {
   },
 }
 
-exports.appIdUrl = {
+export const appIdUrl = {
   in: "path",
   name: "appId",
   required: true,
@@ -38,7 +38,7 @@ exports.appIdUrl = {
   },
 }
 
-exports.queryId = {
+export const queryId = {
   in: "path",
   name: "queryId",
   required: true,
@@ -48,7 +48,7 @@ exports.queryId = {
   },
 }
 
-exports.userId = {
+export const userId = {
   in: "path",
   name: "userId",
   required: true,
diff --git a/packages/server/specs/resources/application.js b/packages/server/specs/resources/application.ts
similarity index 94%
rename from packages/server/specs/resources/application.js
rename to packages/server/specs/resources/application.ts
index 6e73817898..aa037da154 100644
--- a/packages/server/specs/resources/application.js
+++ b/packages/server/specs/resources/application.ts
@@ -1,6 +1,6 @@
-const userResource = require("./user")
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import userResource from "./user"
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const application = {
   _id: "app_metadata",
@@ -96,7 +96,7 @@ const deploymentOutputSchema = object({
   },
 })
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     application: {
       value: {
diff --git a/packages/server/specs/resources/index.js b/packages/server/specs/resources/index.ts
similarity index 56%
rename from packages/server/specs/resources/index.js
rename to packages/server/specs/resources/index.ts
index 67421fa494..f1729f4541 100644
--- a/packages/server/specs/resources/index.js
+++ b/packages/server/specs/resources/index.ts
@@ -1,11 +1,11 @@
-const application = require("./application")
-const row = require("./row")
-const table = require("./table")
-const query = require("./query")
-const user = require("./user")
-const misc = require("./misc")
+import application from "./application"
+import row from "./row"
+import table from "./table"
+import query from "./query"
+import user from "./user"
+import misc from "./misc"
 
-exports.examples = {
+export const examples = {
   ...application.getExamples(),
   ...row.getExamples(),
   ...table.getExamples(),
@@ -14,7 +14,7 @@ exports.examples = {
   ...misc.getExamples(),
 }
 
-exports.schemas = {
+export const schemas = {
   ...application.getSchemas(),
   ...row.getSchemas(),
   ...table.getSchemas(),
diff --git a/packages/server/specs/resources/misc.js b/packages/server/specs/resources/misc.ts
similarity index 96%
rename from packages/server/specs/resources/misc.js
rename to packages/server/specs/resources/misc.ts
index 32a81da9ec..16cb831c86 100644
--- a/packages/server/specs/resources/misc.js
+++ b/packages/server/specs/resources/misc.ts
@@ -1,7 +1,7 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
-module.exports = new Resource().setSchemas({
+export default new Resource().setSchemas({
   rowSearch: object(
     {
       query: {
diff --git a/packages/server/specs/resources/query.js b/packages/server/specs/resources/query.ts
similarity index 96%
rename from packages/server/specs/resources/query.js
rename to packages/server/specs/resources/query.ts
index 10544ee7eb..1db80e6011 100644
--- a/packages/server/specs/resources/query.js
+++ b/packages/server/specs/resources/query.ts
@@ -1,6 +1,6 @@
-const Resource = require("./utils/Resource")
-const { object } = require("./utils")
-const { BaseQueryVerbs } = require("../../dist/constants")
+import Resource from "./utils/Resource"
+import { object } from "./utils"
+import { BaseQueryVerbs } from "../../src/constants"
 
 const query = {
   _id: "query_datasource_plus_4d8be0c506b9465daf4bf84d890fdab6_454854487c574d45bc4029b1e153219e",
@@ -189,7 +189,7 @@ const executeQueryOutputSchema = object(
   { required: ["data"] }
 )
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     query: {
       value: {
diff --git a/packages/server/specs/resources/row.js b/packages/server/specs/resources/row.ts
similarity index 94%
rename from packages/server/specs/resources/row.js
rename to packages/server/specs/resources/row.ts
index 4e6359a029..aeb66b8e46 100644
--- a/packages/server/specs/resources/row.js
+++ b/packages/server/specs/resources/row.ts
@@ -1,5 +1,5 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const baseRow = {
   _id: "ro_ta_5b1649e42a5b41dea4ef7742a36a7a70_e6dc7e38cf1343b2b56760265201cda4",
@@ -56,7 +56,6 @@ const rowSchema = {
 const rowOutputSchema = {
   ...rowSchema,
   properties: {
-    ...rowSchema.properties,
     _id: {
       description: "The ID of the row.",
       type: "string",
@@ -93,7 +92,7 @@ const searchOutputSchema = {
   },
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     inputRow: {
       value: inputRow,
diff --git a/packages/server/specs/resources/table.js b/packages/server/specs/resources/table.ts
similarity index 97%
rename from packages/server/specs/resources/table.js
rename to packages/server/specs/resources/table.ts
index 9bc57daf42..0fd063beb7 100644
--- a/packages/server/specs/resources/table.js
+++ b/packages/server/specs/resources/table.ts
@@ -1,10 +1,10 @@
-const {
+import {
   FieldTypes,
   RelationshipTypes,
   FormulaTypes,
-} = require("../../dist/constants")
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+} from "../../src/constants"
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const table = {
   _id: "ta_5b1649e42a5b41dea4ef7742a36a7a70",
@@ -170,7 +170,7 @@ const tableOutputSchema = {
   required: [...tableSchema.required, "_id"],
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     table: {
       value: {
diff --git a/packages/server/specs/resources/user.js b/packages/server/specs/resources/user.ts
similarity index 96%
rename from packages/server/specs/resources/user.js
rename to packages/server/specs/resources/user.ts
index 8fb505dfb5..a7b9f1ddb9 100644
--- a/packages/server/specs/resources/user.js
+++ b/packages/server/specs/resources/user.ts
@@ -1,5 +1,5 @@
-const { object } = require("./utils")
-const Resource = require("./utils/Resource")
+import { object } from "./utils"
+import Resource from "./utils/Resource"
 
 const user = {
   _id: "us_693a73206518477283a8d5ae31103252",
@@ -105,7 +105,7 @@ const userOutputSchema = {
   required: [...userSchema.required, "_id"],
 }
 
-module.exports = new Resource()
+export default new Resource()
   .setExamples({
     user: {
       value: {
diff --git a/packages/server/specs/resources/utils/Resource.js b/packages/server/specs/resources/utils/Resource.js
deleted file mode 100644
index 69ed7001a6..0000000000
--- a/packages/server/specs/resources/utils/Resource.js
+++ /dev/null
@@ -1,26 +0,0 @@
-class Resource {
-  constructor() {
-    this.examples = {}
-    this.schemas = {}
-  }
-
-  setExamples(examples) {
-    this.examples = examples
-    return this
-  }
-
-  setSchemas(schemas) {
-    this.schemas = schemas
-    return this
-  }
-
-  getExamples() {
-    return this.examples
-  }
-
-  getSchemas() {
-    return this.schemas
-  }
-}
-
-module.exports = Resource
diff --git a/packages/server/specs/resources/utils/Resource.ts b/packages/server/specs/resources/utils/Resource.ts
new file mode 100644
index 0000000000..3b9065db82
--- /dev/null
+++ b/packages/server/specs/resources/utils/Resource.ts
@@ -0,0 +1,39 @@
+type Example = {
+  [key: string]: {
+    [key: string]: any
+  }
+}
+
+type Schema = {
+  [key: string]: {
+    [key: string]: any
+  }
+}
+
+export default class Resource {
+  examples: Example
+  schemas: Schema
+
+  constructor() {
+    this.examples = {}
+    this.schemas = {}
+  }
+
+  setExamples(examples: Example) {
+    this.examples = examples
+    return this
+  }
+
+  setSchemas(schemas: Schema) {
+    this.schemas = schemas
+    return this
+  }
+
+  getExamples() {
+    return this.examples
+  }
+
+  getSchemas() {
+    return this.schemas
+  }
+}
diff --git a/packages/server/specs/resources/utils/index.js b/packages/server/specs/resources/utils/index.ts
similarity index 79%
rename from packages/server/specs/resources/utils/index.js
rename to packages/server/specs/resources/utils/index.ts
index 9bd0ecc6cf..6791fb06d7 100644
--- a/packages/server/specs/resources/utils/index.js
+++ b/packages/server/specs/resources/utils/index.ts
@@ -1,4 +1,4 @@
-exports.object = (props, opts) => {
+export const object = (props: any, opts?: any) => {
   const base = {
     type: "object",
     properties: props,
diff --git a/packages/server/specs/security.js b/packages/server/specs/security.ts
similarity index 87%
rename from packages/server/specs/security.js
rename to packages/server/specs/security.ts
index cbdeb40c63..e431801a07 100644
--- a/packages/server/specs/security.js
+++ b/packages/server/specs/security.ts
@@ -1,4 +1,4 @@
-exports.ApiKeyAuth = {
+export const ApiKeyAuth = {
   type: "apiKey",
   in: "header",
   name: "x-budibase-api-key",
diff --git a/packages/server/src/api/controllers/automation.ts b/packages/server/src/api/controllers/automation.ts
index 0e6624d125..8ccd3fb3d0 100644
--- a/packages/server/src/api/controllers/automation.ts
+++ b/packages/server/src/api/controllers/automation.ts
@@ -65,10 +65,14 @@ export async function create(ctx: BBContext) {
 
   // call through to update if already exists
   if (automation._id && automation._rev) {
-    return update(ctx)
+    await update(ctx)
+    return
   }
 
-  automation._id = generateAutomationID()
+  // Respect existing IDs if recreating a deleted automation
+  if (!automation._id) {
+    automation._id = generateAutomationID()
+  }
 
   automation.type = "automation"
   automation = cleanAutomationInputs(automation)
@@ -126,6 +130,13 @@ export async function update(ctx: BBContext) {
   const db = context.getAppDB()
   let automation = ctx.request.body
   automation.appId = ctx.appId
+
+  // Call through to create if it doesn't exist
+  if (!automation._id || !automation._rev) {
+    await create(ctx)
+    return
+  }
+
   const oldAutomation = await db.get(automation._id)
   automation = cleanAutomationInputs(automation)
   automation = await checkForWebhooks({
diff --git a/packages/server/src/api/controllers/cloud.ts b/packages/server/src/api/controllers/cloud.ts
index 7f43f21fc9..7be00e3a1d 100644
--- a/packages/server/src/api/controllers/cloud.ts
+++ b/packages/server/src/api/controllers/cloud.ts
@@ -58,7 +58,7 @@ export async function exportApps(ctx: Ctx) {
 }
 
 async function checkHasBeenImported() {
-  if (!env.SELF_HOSTED || env.MULTI_TENANCY) {
+  if (!env.SELF_HOSTED) {
     return true
   }
   const apps = await dbCore.getAllApps({ all: true })
@@ -72,7 +72,7 @@ export async function hasBeenImported(ctx: Ctx) {
 }
 
 export async function importApps(ctx: Ctx) {
-  if (!env.SELF_HOSTED || env.MULTI_TENANCY) {
+  if (!env.SELF_HOSTED) {
     ctx.throw(400, "Importing only allowed in self hosted environments.")
   }
   const beenImported = await checkHasBeenImported()
diff --git a/packages/server/src/api/controllers/row/ExternalRequest.ts b/packages/server/src/api/controllers/row/ExternalRequest.ts
index 2faff95595..bdf8d485f2 100644
--- a/packages/server/src/api/controllers/row/ExternalRequest.ts
+++ b/packages/server/src/api/controllers/row/ExternalRequest.ts
@@ -24,8 +24,7 @@ import { breakExternalTableId, isSQL } from "../../../integrations/utils"
 import { processObjectSync } from "@budibase/string-templates"
 import { cloneDeep } from "lodash/fp"
 import { processFormulas, processDates } from "../../../utilities/rowProcessor"
-import { context } from "@budibase/backend-core"
-import { removeKeyNumbering } from "./utils"
+import { db as dbCore } from "@budibase/backend-core"
 import sdk from "../../../sdk"
 
 export interface ManyRelationship {
@@ -61,7 +60,7 @@ function buildFilters(
     let prefix = 1
     for (let operator of Object.values(filters)) {
       for (let field of Object.keys(operator || {})) {
-        if (removeKeyNumbering(field) === "_id") {
+        if (dbCore.removeKeyNumbering(field) === "_id") {
           if (primary) {
             const parts = breakRowIdField(operator[field])
             for (let field of primary) {
@@ -142,7 +141,11 @@ function cleanupConfig(config: RunConfig, table: Table): RunConfig {
   return config
 }
 
-function generateIdForRow(row: Row | undefined, table: Table): string {
+function generateIdForRow(
+  row: Row | undefined,
+  table: Table,
+  isLinked: boolean = false
+): string {
   const primary = table.primary
   if (!row || !primary) {
     return ""
@@ -150,8 +153,12 @@ function generateIdForRow(row: Row | undefined, table: Table): string {
   // build id array
   let idParts = []
   for (let field of primary) {
-    // need to handle table name + field or just field, depending on if relationships used
-    const fieldValue = row[`${table.name}.${field}`] || row[field]
+    let fieldValue = extractFieldValue({
+      row,
+      tableName: table.name,
+      fieldName: field,
+      isLinked,
+    })
     if (fieldValue) {
       idParts.push(fieldValue)
     }
@@ -174,18 +181,52 @@ function getEndpoint(tableId: string | undefined, operation: string) {
   }
 }
 
-function basicProcessing(row: Row, table: Table): Row {
+// need to handle table name + field or just field, depending on if relationships used
+function extractFieldValue({
+  row,
+  tableName,
+  fieldName,
+  isLinked,
+}: {
+  row: Row
+  tableName: string
+  fieldName: string
+  isLinked: boolean
+}) {
+  let value = row[`${tableName}.${fieldName}`]
+  if (value == null && !isLinked) {
+    value = row[fieldName]
+  }
+  return value
+}
+
+function basicProcessing({
+  row,
+  table,
+  isLinked,
+}: {
+  row: Row
+  table: Table
+  isLinked: boolean
+}): Row {
   const thisRow: Row = {}
   // filter the row down to what is actually the row (not joined)
-  for (let fieldName of Object.keys(table.schema)) {
-    const pathValue = row[`${table.name}.${fieldName}`]
-    const value = pathValue != null ? pathValue : row[fieldName]
+  for (let field of Object.values(table.schema)) {
+    const fieldName = field.name
+
+    const value = extractFieldValue({
+      row,
+      tableName: table.name,
+      fieldName,
+      isLinked,
+    })
+
     // all responses include "select col as table.col" so that overlaps are handled
     if (value != null) {
       thisRow[fieldName] = value
     }
   }
-  thisRow._id = generateIdForRow(row, table)
+  thisRow._id = generateIdForRow(row, table, isLinked)
   thisRow.tableId = table._id
   thisRow._rev = "rev"
   return processFormulas(table, thisRow)
@@ -293,7 +334,7 @@ export class ExternalRequest {
         // we're not inserting a doc, will be a bunch of update calls
         const otherKey: string = field.throughFrom || linkTablePrimary
         const thisKey: string = field.throughTo || tablePrimary
-        row[key].map((relationship: any) => {
+        row[key].forEach((relationship: any) => {
           manyRelationships.push({
             tableId: field.through || field.tableId,
             isUpdate: false,
@@ -309,7 +350,7 @@ export class ExternalRequest {
         const thisKey: string = "id"
         // @ts-ignore
         const otherKey: string = field.fieldName
-        row[key].map((relationship: any) => {
+        row[key].forEach((relationship: any) => {
           manyRelationships.push({
             tableId: field.tableId,
             isUpdate: true,
@@ -379,7 +420,8 @@ export class ExternalRequest {
       ) {
         continue
       }
-      let linked = basicProcessing(row, linkedTable)
+
+      let linked = basicProcessing({ row, table: linkedTable, isLinked: true })
       if (!linked._id) {
         continue
       }
@@ -427,7 +469,10 @@ export class ExternalRequest {
         )
         continue
       }
-      const thisRow = fixArrayTypes(basicProcessing(row, table), table)
+      const thisRow = fixArrayTypes(
+        basicProcessing({ row, table, isLinked: false }),
+        table
+      )
       if (thisRow._id == null) {
         throw "Unable to generate row ID for SQL rows"
       }
@@ -567,19 +612,41 @@ export class ExternalRequest {
       const { key, tableId, isUpdate, id, ...rest } = relationship
       const body: { [key: string]: any } = processObjectSync(rest, row, {})
       const linkTable = this.getTable(tableId)
-      // @ts-ignore
-      const linkPrimary = linkTable?.primary[0]
+      const relationshipPrimary = linkTable?.primary || []
+      const linkPrimary = relationshipPrimary[0]
       if (!linkTable || !linkPrimary) {
         return
       }
+
+      const linkSecondary = relationshipPrimary[1]
+
       const rows = related[key]?.rows || []
-      const found = rows.find(
-        (row: { [key: string]: any }) =>
+
+      function relationshipMatchPredicate({
+        row,
+        linkPrimary,
+        linkSecondary,
+      }: {
+        row: { [key: string]: any }
+        linkPrimary: string
+        linkSecondary?: string
+      }) {
+        const matchesPrimaryLink =
           row[linkPrimary] === relationship.id ||
           row[linkPrimary] === body?.[linkPrimary]
+        if (!matchesPrimaryLink || !linkSecondary) {
+          return matchesPrimaryLink
+        }
+
+        const matchesSecondayLink = row[linkSecondary] === body?.[linkSecondary]
+        return matchesPrimaryLink && matchesSecondayLink
+      }
+
+      const existingRelationship = rows.find((row: { [key: string]: any }) =>
+        relationshipMatchPredicate({ row, linkPrimary, linkSecondary })
       )
       const operation = isUpdate ? Operation.UPDATE : Operation.CREATE
-      if (!found) {
+      if (!existingRelationship) {
         promises.push(
           getDatasourceAndQuery({
             endpoint: getEndpoint(tableId, operation),
@@ -590,7 +657,7 @@ export class ExternalRequest {
         )
       } else {
         // remove the relationship from cache so it isn't adjusted again
-        rows.splice(rows.indexOf(found), 1)
+        rows.splice(rows.indexOf(existingRelationship), 1)
       }
     }
     // finally cleanup anything that needs to be removed
@@ -629,10 +696,7 @@ export class ExternalRequest {
    * Creating the specific list of fields that we desire, and excluding the ones that are no use to us
    * is more performant and has the added benefit of protecting against this scenario.
    */
-  buildFields(
-    table: Table,
-    includeRelations: IncludeRelationship = IncludeRelationship.INCLUDE
-  ) {
+  buildFields(table: Table, includeRelations: boolean) {
     function extractRealFields(table: Table, existing: string[] = []) {
       return Object.entries(table.schema)
         .filter(
@@ -691,6 +755,10 @@ export class ExternalRequest {
     }
     filters = buildFilters(id, filters || {}, table)
     const relationships = this.buildRelationships(table)
+
+    const includeSqlRelationships =
+      config.includeSqlRelationships === IncludeRelationship.INCLUDE
+
     // clean up row on ingress using schema
     const processed = this.inputProcessing(row, table)
     row = processed.row
@@ -708,9 +776,7 @@ export class ExternalRequest {
       },
       resource: {
         // have to specify the fields to avoid column overlap (for SQL)
-        fields: isSql
-          ? this.buildFields(table, config.includeSqlRelationships)
-          : [],
+        fields: isSql ? this.buildFields(table, includeSqlRelationships) : [],
       },
       filters,
       sort,
@@ -725,6 +791,7 @@ export class ExternalRequest {
         table,
       },
     }
+
     // can't really use response right now
     const response = await getDatasourceAndQuery(json)
     // handle many to many relationships now if we know the ID (could be auto increment)
diff --git a/packages/server/src/api/controllers/row/external.ts b/packages/server/src/api/controllers/row/external.ts
index 6120c3cdcb..1b2301f139 100644
--- a/packages/server/src/api/controllers/row/external.ts
+++ b/packages/server/src/api/controllers/row/external.ts
@@ -58,7 +58,7 @@ export async function patch(ctx: BBContext) {
   return handleRequest(Operation.UPDATE, tableId, {
     id: breakRowIdField(id),
     row: inputs,
-    includeSqlRelationships: IncludeRelationship.EXCLUDE,
+    includeSqlRelationships: IncludeRelationship.INCLUDE,
   })
 }
 
diff --git a/packages/server/src/api/controllers/row/internalSearch.ts b/packages/server/src/api/controllers/row/internalSearch.ts
index 7068aabc5a..9dc12342d6 100644
--- a/packages/server/src/api/controllers/row/internalSearch.ts
+++ b/packages/server/src/api/controllers/row/internalSearch.ts
@@ -1,531 +1,18 @@
-import { SearchIndexes } from "../../../db/utils"
-import { removeKeyNumbering } from "./utils"
-import fetch from "node-fetch"
-import { db as dbCore, context } from "@budibase/backend-core"
-import { SearchFilters, Row } from "@budibase/types"
+import { db as dbCore, context, SearchParams } from "@budibase/backend-core"
+import { SearchFilters, Row, SearchIndex } from "@budibase/types"
 
-type SearchParams = {
-  tableId: string
-  sort?: string
-  sortOrder?: string
-  sortType?: string
-  limit?: number
-  bookmark?: string
-  version?: string
-  rows?: Row[]
-}
-
-/**
- * Class to build lucene query URLs.
- * Optionally takes a base lucene query object.
- */
-export class QueryBuilder {
-  query: SearchFilters
-  limit: number
-  sort?: string
-  bookmark?: string
-  sortOrder: string
-  sortType: string
-  includeDocs: boolean
-  version?: string
-
-  constructor(base?: SearchFilters) {
-    this.query = {
-      allOr: false,
-      string: {},
-      fuzzy: {},
-      range: {},
-      equal: {},
-      notEqual: {},
-      empty: {},
-      notEmpty: {},
-      oneOf: {},
-      contains: {},
-      notContains: {},
-      containsAny: {},
-      ...base,
-    }
-    this.limit = 50
-    this.sortOrder = "ascending"
-    this.sortType = "string"
-    this.includeDocs = true
-  }
-
-  setVersion(version?: string) {
-    if (version != null) {
-      this.version = version
-    }
-    return this
-  }
-
-  setTable(tableId: string) {
-    this.query.equal!.tableId = tableId
-    return this
-  }
-
-  setLimit(limit?: number) {
-    if (limit != null) {
-      this.limit = limit
-    }
-    return this
-  }
-
-  setSort(sort?: string) {
-    if (sort != null) {
-      this.sort = sort
-    }
-    return this
-  }
-
-  setSortOrder(sortOrder?: string) {
-    if (sortOrder != null) {
-      this.sortOrder = sortOrder
-    }
-    return this
-  }
-
-  setSortType(sortType?: string) {
-    if (sortType != null) {
-      this.sortType = sortType
-    }
-    return this
-  }
-
-  setBookmark(bookmark?: string) {
-    if (bookmark != null) {
-      this.bookmark = bookmark
-    }
-    return this
-  }
-
-  excludeDocs() {
-    this.includeDocs = false
-    return this
-  }
-
-  addString(key: string, partial: string) {
-    this.query.string![key] = partial
-    return this
-  }
-
-  addFuzzy(key: string, fuzzy: string) {
-    this.query.fuzzy![key] = fuzzy
-    return this
-  }
-
-  addRange(key: string, low: string | number, high: string | number) {
-    this.query.range![key] = {
-      low,
-      high,
-    }
-    return this
-  }
-
-  addEqual(key: string, value: any) {
-    this.query.equal![key] = value
-    return this
-  }
-
-  addNotEqual(key: string, value: any) {
-    this.query.notEqual![key] = value
-    return this
-  }
-
-  addEmpty(key: string, value: any) {
-    this.query.empty![key] = value
-    return this
-  }
-
-  addNotEmpty(key: string, value: any) {
-    this.query.notEmpty![key] = value
-    return this
-  }
-
-  addOneOf(key: string, value: any) {
-    this.query.oneOf![key] = value
-    return this
-  }
-
-  addContains(key: string, value: any) {
-    this.query.contains![key] = value
-    return this
-  }
-
-  addNotContains(key: string, value: any) {
-    this.query.notContains![key] = value
-    return this
-  }
-
-  addContainsAny(key: string, value: any) {
-    this.query.containsAny![key] = value
-    return this
-  }
-
-  /**
-   * Preprocesses a value before going into a lucene search.
-   * Transforms strings to lowercase and wraps strings and bools in quotes.
-   * @param value The value to process
-   * @param options The preprocess options
-   * @returns {string|*}
-   */
-  preprocess(value: any, { escape, lowercase, wrap, type }: any = {}) {
-    const hasVersion = !!this.version
-    // Determine if type needs wrapped
-    const originalType = typeof value
-    // Convert to lowercase
-    if (value && lowercase) {
-      value = value.toLowerCase ? value.toLowerCase() : value
-    }
-    // Escape characters
-    if (escape && originalType === "string") {
-      value = `${value}`.replace(/[ #+\-&|!(){}\]^"~*?:\\]/g, "\\$&")
-    }
-
-    // Wrap in quotes
-    if (originalType === "string" && !isNaN(value) && !type) {
-      value = `"${value}"`
-    } else if (hasVersion && wrap) {
-      value = originalType === "number" ? value : `"${value}"`
-    }
-    return value
-  }
-
-  buildSearchQuery() {
-    const builder = this
-    let allOr = this.query && this.query.allOr
-    let query = allOr ? "" : "*:*"
-    const allPreProcessingOpts = { escape: true, lowercase: true, wrap: true }
-    let tableId
-    if (this.query.equal!.tableId) {
-      tableId = this.query.equal!.tableId
-      delete this.query.equal!.tableId
-    }
-
-    const equal = (key: string, value: any) => {
-      // 0 evaluates to false, which means we would return all rows if we don't check it
-      if (!value && value !== 0) {
-        return null
-      }
-      return `${key}:${builder.preprocess(value, allPreProcessingOpts)}`
-    }
-
-    const contains = (key: string, value: any, mode = "AND") => {
-      if (Array.isArray(value) && value.length === 0) {
-        return null
-      }
-      if (!Array.isArray(value)) {
-        return `${key}:${value}`
-      }
-      let statement = `${builder.preprocess(value[0], { escape: true })}`
-      for (let i = 1; i < value.length; i++) {
-        statement += ` ${mode} ${builder.preprocess(value[i], {
-          escape: true,
-        })}`
-      }
-      return `${key}:(${statement})`
-    }
-
-    const notContains = (key: string, value: any) => {
-      // @ts-ignore
-      const allPrefix = allOr === "" ? "*:* AND" : ""
-      return allPrefix + "NOT " + contains(key, value)
-    }
-
-    const containsAny = (key: string, value: any) => {
-      return contains(key, value, "OR")
-    }
-
-    const oneOf = (key: string, value: any) => {
-      if (!Array.isArray(value)) {
-        if (typeof value === "string") {
-          value = value.split(",")
-        } else {
-          return ""
-        }
-      }
-      let orStatement = `${builder.preprocess(value[0], allPreProcessingOpts)}`
-      for (let i = 1; i < value.length; i++) {
-        orStatement += ` OR ${builder.preprocess(
-          value[i],
-          allPreProcessingOpts
-        )}`
-      }
-      return `${key}:(${orStatement})`
-    }
-
-    function build(structure: any, queryFn: any) {
-      for (let [key, value] of Object.entries(structure)) {
-        // check for new format - remove numbering if needed
-        key = removeKeyNumbering(key)
-        key = builder.preprocess(key.replace(/ /g, "_"), {
-          escape: true,
-        })
-        const expression = queryFn(key, value)
-        if (expression == null) {
-          continue
-        }
-        if (query.length > 0) {
-          query += ` ${allOr ? "OR" : "AND"} `
-        }
-        query += expression
-      }
-    }
-
-    // Construct the actual lucene search query string from JSON structure
-    if (this.query.string) {
-      build(this.query.string, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        value = builder.preprocess(value, {
-          escape: true,
-          lowercase: true,
-          type: "string",
-        })
-        return `${key}:${value}*`
-      })
-    }
-    if (this.query.range) {
-      build(this.query.range, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        if (value.low == null || value.low === "") {
-          return null
-        }
-        if (value.high == null || value.high === "") {
-          return null
-        }
-        const low = builder.preprocess(value.low, allPreProcessingOpts)
-        const high = builder.preprocess(value.high, allPreProcessingOpts)
-        return `${key}:[${low} TO ${high}]`
-      })
-    }
-    if (this.query.fuzzy) {
-      build(this.query.fuzzy, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        value = builder.preprocess(value, {
-          escape: true,
-          lowercase: true,
-          type: "fuzzy",
-        })
-        return `${key}:${value}~`
-      })
-    }
-    if (this.query.equal) {
-      build(this.query.equal, equal)
-    }
-    if (this.query.notEqual) {
-      build(this.query.notEqual, (key: string, value: any) => {
-        if (!value) {
-          return null
-        }
-        return `!${key}:${builder.preprocess(value, allPreProcessingOpts)}`
-      })
-    }
-    if (this.query.empty) {
-      build(this.query.empty, (key: string) => `!${key}:["" TO *]`)
-    }
-    if (this.query.notEmpty) {
-      build(this.query.notEmpty, (key: string) => `${key}:["" TO *]`)
-    }
-    if (this.query.oneOf) {
-      build(this.query.oneOf, oneOf)
-    }
-    if (this.query.contains) {
-      build(this.query.contains, contains)
-    }
-    if (this.query.notContains) {
-      build(this.query.notContains, notContains)
-    }
-    if (this.query.containsAny) {
-      build(this.query.containsAny, containsAny)
-    }
-    // make sure table ID is always added as an AND
-    if (tableId) {
-      query = `(${query})`
-      allOr = false
-      build({ tableId }, equal)
-    }
-    return query
-  }
-
-  buildSearchBody() {
-    let body: any = {
-      q: this.buildSearchQuery(),
-      limit: Math.min(this.limit, 200),
-      include_docs: this.includeDocs,
-    }
-    if (this.bookmark) {
-      body.bookmark = this.bookmark
-    }
-    if (this.sort) {
-      const order = this.sortOrder === "descending" ? "-" : ""
-      const type = `<${this.sortType}>`
-      body.sort = `${order}${this.sort.replace(/ /g, "_")}${type}`
-    }
-    return body
-  }
-
-  async run() {
-    const appId = context.getAppId()
-    const { url, cookie } = dbCore.getCouchInfo()
-    const fullPath = `${url}/${appId}/_design/database/_search/${SearchIndexes.ROWS}`
-    const body = this.buildSearchBody()
-    return await runQuery(fullPath, body, cookie)
-  }
-}
-
-/**
- * Executes a lucene search query.
- * @param url The query URL
- * @param body The request body defining search criteria
- * @param cookie The auth cookie for CouchDB
- * @returns {Promise<{rows: []}>}
- */
-const runQuery = async (url: string, body: any, cookie: string) => {
-  const response = await fetch(url, {
-    body: JSON.stringify(body),
-    method: "POST",
-    headers: {
-      Authorization: cookie,
-    },
-  })
-  const json = await response.json()
-
-  let output: any = {
-    rows: [],
-  }
-  if (json.rows != null && json.rows.length > 0) {
-    output.rows = json.rows.map((row: any) => row.doc)
-  }
-  if (json.bookmark) {
-    output.bookmark = json.bookmark
-  }
-  return output
-}
-
-/**
- * Gets round the fixed limit of 200 results from a query by fetching as many
- * pages as required and concatenating the results. This recursively operates
- * until enough results have been found.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The number of results to fetch
- *   bookmark {string|null} Current bookmark in the recursive search
- *   rows {array|null} Current results in the recursive search
- * @returns {Promise<*[]|*>}
- */
-async function recursiveSearch(query: any, params: any): Promise<any> {
-  const bookmark = params.bookmark
-  const rows = params.rows || []
-  if (rows.length >= params.limit) {
-    return rows
-  }
-  let pageSize = 200
-  if (rows.length > params.limit - 200) {
-    pageSize = params.limit - rows.length
-  }
-  const page = await new QueryBuilder(query)
-    .setVersion(params.version)
-    .setTable(params.tableId)
-    .setBookmark(bookmark)
-    .setLimit(pageSize)
-    .setSort(params.sort)
-    .setSortOrder(params.sortOrder)
-    .setSortType(params.sortType)
-    .run()
-  if (!page.rows.length) {
-    return rows
-  }
-  if (page.rows.length < 200) {
-    return [...rows, ...page.rows]
-  }
-  const newParams = {
-    ...params,
-    bookmark: page.bookmark,
-    rows: [...rows, ...page.rows],
-  }
-  return await recursiveSearch(query, newParams)
-}
-
-/**
- * Performs a paginated search. A bookmark will be returned to allow the next
- * page to be fetched. There is a max limit off 200 results per page in a
- * paginated search.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The desired page size
- *   bookmark {string} The bookmark to resume from
- * @returns {Promise<{hasNextPage: boolean, rows: *[]}>}
- */
 export async function paginatedSearch(
   query: SearchFilters,
-  params: SearchParams
+  params: SearchParams<Row>
 ) {
-  let limit = params.limit
-  if (limit == null || isNaN(limit) || limit < 0) {
-    limit = 50
-  }
-  limit = Math.min(limit, 200)
-  const search = new QueryBuilder(query)
-    .setVersion(params.version)
-    .setTable(params.tableId)
-    .setSort(params.sort)
-    .setSortOrder(params.sortOrder)
-    .setSortType(params.sortType)
-  const searchResults = await search
-    .setBookmark(params.bookmark)
-    .setLimit(limit)
-    .run()
-
-  // Try fetching 1 row in the next page to see if another page of results
-  // exists or not
-  const nextResults = await search
-    .setTable(params.tableId)
-    .setBookmark(searchResults.bookmark)
-    .setLimit(1)
-    .run()
-
-  return {
-    ...searchResults,
-    hasNextPage: nextResults.rows && nextResults.rows.length > 0,
-  }
+  const appId = context.getAppId()
+  return dbCore.paginatedSearch(appId!, SearchIndex.ROWS, query, params)
 }
 
-/**
- * Performs a full search, fetching multiple pages if required to return the
- * desired amount of results. There is a limit of 1000 results to avoid
- * heavy performance hits, and to avoid client components breaking from
- * handling too much data.
- * @param query {object} The JSON query structure
- * @param params {object} The search params including:
- *   tableId {string} The table ID to search
- *   sort {string} The sort column
- *   sortOrder {string} The sort order ("ascending" or "descending")
- *   sortType {string} Whether to treat sortable values as strings or
- *     numbers. ("string" or "number")
- *   limit {number} The desired number of results
- * @returns {Promise<{rows: *}>}
- */
-export async function fullSearch(query: SearchFilters, params: SearchParams) {
-  let limit = params.limit
-  if (limit == null || isNaN(limit) || limit < 0) {
-    limit = 1000
-  }
-  params.limit = Math.min(limit, 1000)
-  const rows = await recursiveSearch(query, params)
-  return { rows }
+export async function fullSearch(
+  query: SearchFilters,
+  params: SearchParams<Row>
+) {
+  const appId = context.getAppId()
+  return dbCore.fullSearch(appId!, SearchIndex.ROWS, query, params)
 }
diff --git a/packages/server/src/api/controllers/row/staticFormula.ts b/packages/server/src/api/controllers/row/staticFormula.ts
index 47a5af8f5a..6ba44dc23a 100644
--- a/packages/server/src/api/controllers/row/staticFormula.ts
+++ b/packages/server/src/api/controllers/row/staticFormula.ts
@@ -38,7 +38,13 @@ export async function updateRelatedFormula(
         if (!relatedRows[relatedTableId]) {
           relatedRows[relatedTableId] = []
         }
-        relatedRows[relatedTableId] = relatedRows[relatedTableId].concat(field)
+        // filter down to the rows which are not already included in related
+        const currentIds = relatedRows[relatedTableId].map(row => row._id)
+        const uniqueRelatedRows = field.filter(
+          (row: Row) => !currentIds.includes(row._id)
+        )
+        relatedRows[relatedTableId] =
+          relatedRows[relatedTableId].concat(uniqueRelatedRows)
       }
     }
     for (let tableId of table.relatedFormula) {
diff --git a/packages/server/src/api/controllers/row/utils.ts b/packages/server/src/api/controllers/row/utils.ts
index f0f1075205..82232b7f98 100644
--- a/packages/server/src/api/controllers/row/utils.ts
+++ b/packages/server/src/api/controllers/row/utils.ts
@@ -3,8 +3,7 @@ import * as userController from "../user"
 import { FieldTypes } from "../../../constants"
 import { context } from "@budibase/backend-core"
 import { makeExternalQuery } from "../../../integrations/base/query"
-import { BBContext, Row, Table } from "@budibase/types"
-export { removeKeyNumbering } from "../../../integrations/base/utils"
+import { Row, Table } from "@budibase/types"
 const validateJs = require("validate.js")
 const { cloneDeep } = require("lodash/fp")
 import { Format } from "../view/exporters"
diff --git a/packages/server/src/api/index.ts b/packages/server/src/api/index.ts
index 3375161dd8..78a6056366 100644
--- a/packages/server/src/api/index.ts
+++ b/packages/server/src/api/index.ts
@@ -1,5 +1,5 @@
 import Router from "@koa/router"
-import { errors, auth } from "@budibase/backend-core"
+import { auth, middleware } from "@budibase/backend-core"
 import currentApp from "../middleware/currentapp"
 import zlib from "zlib"
 import { mainRoutes, staticRoutes, publicRoutes } from "./routes"
@@ -14,6 +14,8 @@ export const router: Router = new Router()
 router.get("/health", ctx => (ctx.status = 200))
 router.get("/version", ctx => (ctx.body = pkg.version))
 
+router.use(middleware.errorHandling)
+
 router
   .use(
     compress({
@@ -54,27 +56,6 @@ router
   .use(currentApp)
   .use(auth.auditLog)
 
-// error handling middleware
-router.use(async (ctx, next) => {
-  try {
-    await next()
-  } catch (err: any) {
-    ctx.status = err.status || err.statusCode || 500
-    const error = errors.getPublicError(err)
-    ctx.body = {
-      message: err.message,
-      status: ctx.status,
-      validationErrors: err.validation,
-      error,
-    }
-    ctx.log.error(err)
-    // unauthorised errors don't provide a useful trace
-    if (!env.isTest()) {
-      console.trace(err)
-    }
-  }
-})
-
 // authenticated routes
 for (let route of mainRoutes) {
   router.use(route.routes())
diff --git a/packages/server/src/api/routes/automation.ts b/packages/server/src/api/routes/automation.ts
index dc0f171584..cb8b6042ae 100644
--- a/packages/server/src/api/routes/automation.ts
+++ b/packages/server/src/api/routes/automation.ts
@@ -38,7 +38,7 @@ router
     "/api/automations",
     bodyResource("_id"),
     authorized(permissions.BUILDER),
-    automationValidator(true),
+    automationValidator(false),
     controller.update
   )
   .post(
diff --git a/packages/server/src/api/routes/public/applications.ts b/packages/server/src/api/routes/public/applications.ts
index 9d6c380e60..088d974e6c 100644
--- a/packages/server/src/api/routes/public/applications.ts
+++ b/packages/server/src/api/routes/public/applications.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /applications:
  *   post:
- *     operationId: create
+ *     operationId: appCreate
  *     summary: Create an application
  *     tags:
  *       - applications
@@ -42,7 +42,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   put:
- *     operationId: update
+ *     operationId: appUpdate
  *     summary: Update an application
  *     tags:
  *       - applications
@@ -75,7 +75,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: appDestroy
  *     summary: Delete an application
  *     tags:
  *       - applications
@@ -98,7 +98,7 @@ write.push(new Endpoint("delete", "/applications/:appId", controller.destroy))
  * @openapi
  * /applications/{appId}/unpublish:
  *   post:
- *     operationId: unpublish
+ *     operationId: appUnpublish
  *     summary: Unpublish an application
  *     tags:
  *       - applications
@@ -116,7 +116,7 @@ write.push(
  * @openapi
  * /applications/{appId}/publish:
  *   post:
- *     operationId: publish
+ *     operationId: appPublish
  *     summary: Unpublish an application
  *     tags:
  *       - applications
@@ -141,7 +141,7 @@ write.push(
  * @openapi
  * /applications/{appId}:
  *   get:
- *     operationId: getById
+ *     operationId: appGetById
  *     summary: Retrieve an application
  *     tags:
  *       - applications
@@ -164,7 +164,7 @@ read.push(new Endpoint("get", "/applications/:appId", controller.read))
  * @openapi
  * /applications/search:
  *   post:
- *     operationId: search
+ *     operationId: appSearch
  *     summary: Search for applications
  *     description: Based on application properties (currently only name) search for applications.
  *     tags:
diff --git a/packages/server/src/api/routes/public/queries.ts b/packages/server/src/api/routes/public/queries.ts
index dc18fb91ac..854db3c964 100644
--- a/packages/server/src/api/routes/public/queries.ts
+++ b/packages/server/src/api/routes/public/queries.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /queries/{queryId}:
  *   post:
- *     operationId: execute
+ *     operationId: queryExecute
  *     summary: Execute a query
  *     description: Queries which have been created within a Budibase app can be executed using this,
  *     tags:
@@ -43,7 +43,7 @@ write.push(new Endpoint("post", "/queries/:queryId", controller.execute))
  * @openapi
  * /queries/search:
  *   post:
- *     operationId: search
+ *     operationId: querySearch
  *     summary: Search for queries
  *     description: Based on query properties (currently only name) search for queries.
  *     tags:
diff --git a/packages/server/src/api/routes/public/rows.ts b/packages/server/src/api/routes/public/rows.ts
index 9109ae76b8..80ad6d6434 100644
--- a/packages/server/src/api/routes/public/rows.ts
+++ b/packages/server/src/api/routes/public/rows.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /tables/{tableId}/rows:
  *   post:
- *     operationId: create
+ *     operationId: rowCreate
  *     summary: Create a row
  *     description: Creates a row within the specified table.
  *     tags:
@@ -44,7 +44,7 @@ write.push(new Endpoint("post", "/tables/:tableId/rows", controller.create))
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   put:
- *     operationId: update
+ *     operationId: rowUpdate
  *     summary: Update a row
  *     description: Updates a row within the specified table.
  *     tags:
@@ -81,7 +81,7 @@ write.push(
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: rowDestroy
  *     summary: Delete a row
  *     description: Deletes a row within the specified table.
  *     tags:
@@ -109,7 +109,7 @@ write.push(
  * @openapi
  * /tables/{tableId}/rows/{rowId}:
  *   get:
- *     operationId: getById
+ *     operationId: rowGetById
  *     summary: Retrieve a row
  *     description: This gets a single row, it will be enriched with the full related rows, rather than
  *       the squashed "primaryDisplay" format returned by the search endpoint.
@@ -136,7 +136,7 @@ read.push(new Endpoint("get", "/tables/:tableId/rows/:rowId", controller.read))
  * @openapi
  * /tables/{tableId}/rows/search:
  *   post:
- *     operationId: search
+ *     operationId: rowSearch
  *     summary: Search for rows
  *     tags:
  *       - rows
diff --git a/packages/server/src/api/routes/public/tables.ts b/packages/server/src/api/routes/public/tables.ts
index 74cd8ca3cf..f8d62c4a37 100644
--- a/packages/server/src/api/routes/public/tables.ts
+++ b/packages/server/src/api/routes/public/tables.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /tables:
  *   post:
- *     operationId: create
+ *     operationId: tableCreate
  *     summary: Create a table
  *     description: Create a table, this could be internal or external.
  *     tags:
@@ -46,7 +46,7 @@ write.push(
  * @openapi
  * /tables/{tableId}:
  *   put:
- *     operationId: update
+ *     operationId: tableUpdate
  *     summary: Update a table
  *     description: Update a table, this could be internal or external.
  *     tags:
@@ -83,7 +83,7 @@ write.push(
  * @openapi
  * /tables/{tableId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: tableDestroy
  *     summary: Delete a table
  *     description: Delete a table, this could be internal or external.
  *     tags:
@@ -108,7 +108,7 @@ write.push(new Endpoint("delete", "/tables/:tableId", controller.destroy))
  * @openapi
  * /tables/{tableId}:
  *   get:
- *     operationId: getById
+ *     operationId: tableGetById
  *     summary: Retrieve a table
  *     description: Lookup a table, this could be internal or external.
  *     tags:
@@ -133,7 +133,7 @@ read.push(new Endpoint("get", "/tables/:tableId", controller.read))
  * @openapi
  * /tables/search:
  *   post:
- *     operationId: search
+ *     operationId: tableSearch
  *     summary: Search for tables
  *     description: Based on table properties (currently only name) search for tables. This could be
  *       an internal or an external table.
diff --git a/packages/server/src/api/routes/public/tests/compare.spec.js b/packages/server/src/api/routes/public/tests/compare.spec.ts
similarity index 80%
rename from packages/server/src/api/routes/public/tests/compare.spec.js
rename to packages/server/src/api/routes/public/tests/compare.spec.ts
index 36693a1098..f9616b06e1 100644
--- a/packages/server/src/api/routes/public/tests/compare.spec.js
+++ b/packages/server/src/api/routes/public/tests/compare.spec.ts
@@ -1,13 +1,14 @@
-const jestOpenAPI = require("jest-openapi").default
-const generateSchema = require("../../../../../specs/generate")
-const setup = require("../../tests/utilities")
-const { generateMakeRequest } = require("./utils")
+import jestOpenAPI from "jest-openapi"
+import { run as generateSchema } from "../../../../../specs/generate"
+import * as setup from "../../tests/utilities"
+import { generateMakeRequest } from "./utils"
+import { Table, App, Row, User } from "@budibase/types"
 
 const yamlPath = generateSchema()
-jestOpenAPI(yamlPath)
+jestOpenAPI(yamlPath!)
 
 let config = setup.getConfig()
-let apiKey, table, app, makeRequest
+let apiKey: string, table: Table, app: App, makeRequest: any
 
 beforeAll(async () => {
   app = await config.init()
@@ -25,19 +26,29 @@ describe("check the applications endpoints", () => {
   })
 
   it("should allow creating an application", async () => {
-    const res = await makeRequest("post", "/applications", {
-      name: "new App"
-    }, null)
+    const res = await makeRequest(
+      "post",
+      "/applications",
+      {
+        name: "new App",
+      },
+      null
+    )
     expect(res).toSatisfyApiSpec()
   })
 
   it("should allow updating an application", async () => {
     const app = config.getApp()
     const appId = config.getAppId()
-    const res = await makeRequest("put", `/applications/${appId}`, {
-      ...app,
-      name: "updated app name",
-    }, appId)
+    const res = await makeRequest(
+      "put",
+      `/applications/${appId}`,
+      {
+        ...app,
+        name: "updated app name",
+      },
+      appId
+    )
     expect(res).toSatisfyApiSpec()
   })
 
@@ -47,7 +58,10 @@ describe("check the applications endpoints", () => {
   })
 
   it("should allow deleting an application", async () => {
-    const res = await makeRequest("delete", `/applications/${config.getAppId()}`)
+    const res = await makeRequest(
+      "delete",
+      `/applications/${config.getAppId()}`
+    )
     expect(res).toSatisfyApiSpec()
   })
 })
@@ -68,8 +82,8 @@ describe("check the tables endpoints", () => {
         column1: {
           type: "string",
           constraints: {},
-        }
-      }
+        },
+      },
     })
     expect(res).toSatisfyApiSpec()
   })
@@ -92,12 +106,11 @@ describe("check the tables endpoints", () => {
 })
 
 describe("check the rows endpoints", () => {
-  let row
+  let row: Row
   it("should allow retrieving rows through search", async () => {
     table = await config.updateTable()
     const res = await makeRequest("post", `/tables/${table._id}/rows/search`, {
-      query: {
-      },
+      query: {},
     })
     expect(res).toSatisfyApiSpec()
   })
@@ -111,9 +124,13 @@ describe("check the rows endpoints", () => {
   })
 
   it("should allow updating a row", async () => {
-    const res = await makeRequest("put", `/tables/${table._id}/rows/${row._id}`, {
-      name: "test row updated",
-    })
+    const res = await makeRequest(
+      "put",
+      `/tables/${table._id}/rows/${row._id}`,
+      {
+        name: "test row updated",
+      }
+    )
     expect(res).toSatisfyApiSpec()
   })
 
@@ -123,13 +140,16 @@ describe("check the rows endpoints", () => {
   })
 
   it("should allow deleting a row", async () => {
-    const res = await makeRequest("delete", `/tables/${table._id}/rows/${row._id}`)
+    const res = await makeRequest(
+      "delete",
+      `/tables/${table._id}/rows/${row._id}`
+    )
     expect(res).toSatisfyApiSpec()
   })
 })
 
 describe("check the users endpoints", () => {
-  let user
+  let user: User
   it("should allow retrieving users through search", async () => {
     user = await config.createUser()
     const res = await makeRequest("post", "/users/search")
@@ -163,4 +183,3 @@ describe("check the queries endpoints", () => {
     expect(res).toSatisfyApiSpec()
   })
 })
-
diff --git a/packages/server/src/api/routes/public/users.ts b/packages/server/src/api/routes/public/users.ts
index 67b73f6cbe..0787dfa3dc 100644
--- a/packages/server/src/api/routes/public/users.ts
+++ b/packages/server/src/api/routes/public/users.ts
@@ -9,7 +9,7 @@ const read = [],
  * @openapi
  * /users:
  *   post:
- *     operationId: create
+ *     operationId: userCreate
  *     summary: Create a user
  *     tags:
  *       - users
@@ -36,7 +36,7 @@ write.push(new Endpoint("post", "/users", controller.create))
  * @openapi
  * /users/{userId}:
  *   put:
- *     operationId: update
+ *     operationId: userUpdate
  *     summary: Update a user
  *     tags:
  *       - users
@@ -65,7 +65,7 @@ write.push(new Endpoint("put", "/users/:userId", controller.update))
  * @openapi
  * /users/{userId}:
  *   delete:
- *     operationId: destroy
+ *     operationId: userDestroy
  *     summary: Delete a user
  *     tags:
  *       - users
@@ -88,7 +88,7 @@ write.push(new Endpoint("delete", "/users/:userId", controller.destroy))
  * @openapi
  * /users/{userId}:
  *   get:
- *     operationId: getById
+ *     operationId: userGetById
  *     summary: Retrieve a user
  *     tags:
  *       - users
@@ -111,7 +111,7 @@ read.push(new Endpoint("get", "/users/:userId", controller.read))
  * @openapi
  * /users/search:
  *   post:
- *     operationId: search
+ *     operationId: userSearch
  *     summary: Search for users
  *     description: Based on user properties (currently only name) search for users.
  *     tags:
diff --git a/packages/server/src/api/routes/tests/backup.spec.ts b/packages/server/src/api/routes/tests/backup.spec.ts
index 7b325c080d..ef362ef403 100644
--- a/packages/server/src/api/routes/tests/backup.spec.ts
+++ b/packages/server/src/api/routes/tests/backup.spec.ts
@@ -19,7 +19,6 @@ describe("/backups", () => {
         .get(`/api/backups/export?appId=${config.getAppId()}&appname=test`)
         .set(config.defaultHeaders())
         .expect(200)
-      expect(res.text).toBeDefined()
       expect(res.headers["content-type"]).toEqual("application/gzip")
       expect(events.app.exported).toBeCalledTimes(1)
     })
diff --git a/packages/server/src/api/routes/tests/cloud.seq.spec.ts b/packages/server/src/api/routes/tests/cloud.spec.ts
similarity index 70%
rename from packages/server/src/api/routes/tests/cloud.seq.spec.ts
rename to packages/server/src/api/routes/tests/cloud.spec.ts
index d9bd6221ad..aad1214a31 100644
--- a/packages/server/src/api/routes/tests/cloud.seq.spec.ts
+++ b/packages/server/src/api/routes/tests/cloud.spec.ts
@@ -1,3 +1,5 @@
+import { App } from "@budibase/types"
+
 jest.setTimeout(30000)
 
 import { AppStatus } from "../../../db/utils"
@@ -5,6 +7,7 @@ import { AppStatus } from "../../../db/utils"
 import * as setup from "./utilities"
 
 import { wipeDb } from "./utilities/TestFunctions"
+import { tenancy } from "@budibase/backend-core"
 
 describe("/cloud", () => {
   let request = setup.getRequest()!
@@ -12,18 +15,10 @@ describe("/cloud", () => {
 
   afterAll(setup.afterAll)
 
-  beforeAll(() => {
+  beforeAll(async () => {
     // Importing is only allowed in self hosted environments
-    config.modeSelf()
-  })
-
-  beforeEach(async () => {
     await config.init()
-  })
-
-  afterEach(async () => {
-    // clear all mocks
-    jest.clearAllMocks()
+    config.modeSelf()
   })
 
   describe("import", () => {
@@ -32,30 +27,28 @@ describe("/cloud", () => {
       // import will not run
       await wipeDb()
 
-      // get a count of apps before the import
-      const preImportApps = await request
-        .get(`/api/applications?status=${AppStatus.ALL}`)
-        .set(config.defaultHeaders())
-        .expect("Content-Type", /json/)
-        .expect(200)
-
       // Perform the import
       const res = await request
         .post(`/api/cloud/import`)
+        .set(config.publicHeaders())
         .attach("importFile", "src/api/routes/tests/data/export-test.tar.gz")
-        .set(config.defaultHeaders())
         .expect(200)
       expect(res.body.message).toEqual("Apps successfully imported.")
 
       // get a count of apps after the import
       const postImportApps = await request
         .get(`/api/applications?status=${AppStatus.ALL}`)
-        .set(config.defaultHeaders())
+        .set(config.publicHeaders())
         .expect("Content-Type", /json/)
         .expect(200)
 
+      const apps = postImportApps.body as App[]
       // There are two apps in the file that was imported so check for this
-      expect(postImportApps.body.length).toEqual(2)
+      expect(apps.length).toEqual(2)
+      // The new tenant id was assigned to the imported apps
+      expect(tenancy.getTenantIDFromAppID(apps[0].appId)).toBe(
+        config.getTenantId()
+      )
     })
   })
 })
diff --git a/packages/server/src/api/routes/tests/static.spec.js b/packages/server/src/api/routes/tests/static.spec.js
index a0532f12fb..13d963d057 100644
--- a/packages/server/src/api/routes/tests/static.spec.js
+++ b/packages/server/src/api/routes/tests/static.spec.js
@@ -13,18 +13,6 @@ describe("/static", () => {
     app = await config.init()
   })
 
-  describe("/builder", () => {
-    it("should serve the builder", async () => {
-      const res = await request
-        .get("/builder/portal")
-        .set(config.defaultHeaders())
-        .expect("Content-Type", /text\/html/)
-        .expect(200)
-
-      expect(res.text).toContain("<title>Budibase</title>")
-    })
-  })
-
   describe("/app", () => {
     beforeEach(() => {
       jest.clearAllMocks()
diff --git a/packages/server/src/api/routes/tests/user.spec.js b/packages/server/src/api/routes/tests/user.spec.js
index bae784cf3d..6b674a8479 100644
--- a/packages/server/src/api/routes/tests/user.spec.js
+++ b/packages/server/src/api/routes/tests/user.spec.js
@@ -1,4 +1,4 @@
-const { roles, utils } = require("@budibase/backend-core")
+const { roles } = require("@budibase/backend-core")
 const { checkPermissionsEndpoint } = require("./utilities/TestFunctions")
 const setup = require("./utilities")
 const { BUILTIN_ROLE_IDS } = roles
@@ -21,8 +21,7 @@ describe("/users", () => {
 
   afterAll(setup.afterAll)
 
-  // For some reason this cannot be a beforeAll or the test "should be able to update the user" fail
-  beforeEach(async () => {
+  beforeAll(async () => {
     await config.init()
   })
 
diff --git a/packages/server/src/api/routes/tests/utilities/TestFunctions.ts b/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
index 3f57c1e8ef..5a1ed5210e 100644
--- a/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
+++ b/packages/server/src/api/routes/tests/utilities/TestFunctions.ts
@@ -2,7 +2,6 @@ import * as rowController from "../../../controllers/row"
 import * as appController from "../../../controllers/application"
 import { AppStatus } from "../../../../db/utils"
 import { roles, tenancy, context } from "@budibase/backend-core"
-import { TENANT_ID } from "../../../../tests/utilities/structures"
 import env from "../../../../environment"
 import { db } from "@budibase/backend-core"
 import Nano from "@budibase/nano"
@@ -33,7 +32,7 @@ export const getAllTableRows = async (config: any) => {
 }
 
 export const clearAllApps = async (
-  tenantId = TENANT_ID,
+  tenantId: string,
   exceptions: Array<string> = []
 ) => {
   await tenancy.doInTenant(tenantId, async () => {
diff --git a/packages/server/src/app.ts b/packages/server/src/app.ts
index 03dce4f875..00f2aca7fc 100644
--- a/packages/server/src/app.ts
+++ b/packages/server/src/app.ts
@@ -32,6 +32,7 @@ import { initialise as initialiseWebsockets } from "./websocket"
 import { startup } from "./startup"
 const Sentry = require("@sentry/node")
 const destroyable = require("server-destroy")
+const { userAgent } = require("koa-useragent")
 
 const app = new Koa()
 
@@ -53,6 +54,7 @@ app.use(
 )
 
 app.use(middleware.logging)
+app.use(userAgent)
 
 if (env.isProd()) {
   env._set("NODE_ENV", "production")
diff --git a/packages/server/src/automations/steps/discord.ts b/packages/server/src/automations/steps/discord.ts
index ae484fa42e..5d7487ed3b 100644
--- a/packages/server/src/automations/steps/discord.ts
+++ b/packages/server/src/automations/steps/discord.ts
@@ -67,17 +67,33 @@ export async function run({ inputs }: AutomationStepInput) {
   if (!avatar_url) {
     avatar_url = DEFAULT_AVATAR_URL
   }
-  const response = await fetch(url, {
-    method: "post",
-    body: JSON.stringify({
-      username,
-      avatar_url,
-      content,
-    }),
-    headers: {
-      "Content-Type": "application/json",
-    },
-  })
+  if (!url?.trim()?.length) {
+    return {
+      httpStatus: 400,
+      response: "Missing Webhook URL",
+      success: false,
+    }
+  }
+  let response
+  try {
+    response = await fetch(url, {
+      method: "post",
+      body: JSON.stringify({
+        username,
+        avatar_url,
+        content,
+      }),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    })
+  } catch (err: any) {
+    return {
+      httpStatus: 400,
+      response: err.message,
+      success: false,
+    }
+  }
 
   const { status, message } = await getFetchResponse(response)
   return {
diff --git a/packages/server/src/automations/steps/integromat.ts b/packages/server/src/automations/steps/integromat.ts
index dd897b5429..811c0a3d91 100644
--- a/packages/server/src/automations/steps/integromat.ts
+++ b/packages/server/src/automations/steps/integromat.ts
@@ -69,19 +69,35 @@ export const definition: AutomationStepSchema = {
 export async function run({ inputs }: AutomationStepInput) {
   const { url, value1, value2, value3, value4, value5 } = inputs
 
-  const response = await fetch(url, {
-    method: "post",
-    body: JSON.stringify({
-      value1,
-      value2,
-      value3,
-      value4,
-      value5,
-    }),
-    headers: {
-      "Content-Type": "application/json",
-    },
-  })
+  if (!url?.trim()?.length) {
+    return {
+      httpStatus: 400,
+      response: "Missing Webhook URL",
+      success: false,
+    }
+  }
+  let response
+  try {
+    response = await fetch(url, {
+      method: "post",
+      body: JSON.stringify({
+        value1,
+        value2,
+        value3,
+        value4,
+        value5,
+      }),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    })
+  } catch (err: any) {
+    return {
+      httpStatus: 400,
+      response: err.message,
+      success: false,
+    }
+  }
 
   const { status, message } = await getFetchResponse(response)
   return {
diff --git a/packages/server/src/automations/steps/slack.ts b/packages/server/src/automations/steps/slack.ts
index 47c66bebf3..0c9320a699 100644
--- a/packages/server/src/automations/steps/slack.ts
+++ b/packages/server/src/automations/steps/slack.ts
@@ -50,15 +50,31 @@ export const definition: AutomationStepSchema = {
 
 export async function run({ inputs }: AutomationStepInput) {
   let { url, text } = inputs
-  const response = await fetch(url, {
-    method: "post",
-    body: JSON.stringify({
-      text,
-    }),
-    headers: {
-      "Content-Type": "application/json",
-    },
-  })
+  if (!url?.trim()?.length) {
+    return {
+      httpStatus: 400,
+      response: "Missing Webhook URL",
+      success: false,
+    }
+  }
+  let response
+  try {
+    response = await fetch(url, {
+      method: "post",
+      body: JSON.stringify({
+        text,
+      }),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    })
+  } catch (err: any) {
+    return {
+      httpStatus: 400,
+      response: err.message,
+      success: false,
+    }
+  }
 
   const { status, message } = await getFetchResponse(response)
   return {
diff --git a/packages/server/src/automations/steps/zapier.ts b/packages/server/src/automations/steps/zapier.ts
index 1a48c1ec92..90068e685d 100644
--- a/packages/server/src/automations/steps/zapier.ts
+++ b/packages/server/src/automations/steps/zapier.ts
@@ -63,22 +63,38 @@ export const definition: AutomationStepSchema = {
 export async function run({ inputs }: AutomationStepInput) {
   const { url, value1, value2, value3, value4, value5 } = inputs
 
+  if (!url?.trim()?.length) {
+    return {
+      httpStatus: 400,
+      response: "Missing Webhook URL",
+      success: false,
+    }
+  }
   // send the platform to make sure zaps always work, even
   // if no values supplied
-  const response = await fetch(url, {
-    method: "post",
-    body: JSON.stringify({
-      platform: "budibase",
-      value1,
-      value2,
-      value3,
-      value4,
-      value5,
-    }),
-    headers: {
-      "Content-Type": "application/json",
-    },
-  })
+  let response
+  try {
+    response = await fetch(url, {
+      method: "post",
+      body: JSON.stringify({
+        platform: "budibase",
+        value1,
+        value2,
+        value3,
+        value4,
+        value5,
+      }),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    })
+  } catch (err: any) {
+    return {
+      httpStatus: 400,
+      response: err.message,
+      success: false,
+    }
+  }
 
   const { status, message } = await getFetchResponse(response)
 
diff --git a/packages/server/src/db/index.ts b/packages/server/src/db/index.ts
index fa8027dcc1..157c2f4fb3 100644
--- a/packages/server/src/db/index.ts
+++ b/packages/server/src/db/index.ts
@@ -1,4 +1,4 @@
-import { init as coreInit } from "@budibase/backend-core"
+import * as core from "@budibase/backend-core"
 import env from "../environment"
 
 export function init() {
@@ -12,5 +12,5 @@ export function init() {
     dbConfig.allDbs = true
   }
 
-  coreInit({ db: dbConfig })
+  core.init({ db: dbConfig })
 }
diff --git a/packages/server/src/db/utils.ts b/packages/server/src/db/utils.ts
index ac5a6162b9..50341e4abc 100644
--- a/packages/server/src/db/utils.ts
+++ b/packages/server/src/db/utils.ts
@@ -9,10 +9,6 @@ export const AppStatus = {
   DEPLOYED: "published",
 }
 
-export const SearchIndexes = {
-  ROWS: "rows",
-}
-
 export const BudibaseInternalDB = {
   _id: "bb_internal",
   type: dbCore.BUDIBASE_DATASOURCE_TYPE,
diff --git a/packages/server/src/db/views/staticViews.ts b/packages/server/src/db/views/staticViews.ts
index 4bccfebeee..730e5b1e66 100644
--- a/packages/server/src/db/views/staticViews.ts
+++ b/packages/server/src/db/views/staticViews.ts
@@ -1,6 +1,6 @@
 import { context } from "@budibase/backend-core"
-import { DocumentType, SEPARATOR, ViewName, SearchIndexes } from "../utils"
-import { LinkDocument, Row } from "@budibase/types"
+import { DocumentType, SEPARATOR, ViewName } from "../utils"
+import { LinkDocument, Row, SearchIndex } from "@budibase/types"
 const SCREEN_PREFIX = DocumentType.SCREEN + SEPARATOR
 
 /**************************************************
@@ -91,7 +91,7 @@ async function searchIndex(indexName: string, fnString: string) {
 
 export async function createAllSearchIndex() {
   await searchIndex(
-    SearchIndexes.ROWS,
+    SearchIndex.ROWS,
     function (doc: Row) {
       function idx(input: Row, prev?: string) {
         for (let key of Object.keys(input)) {
diff --git a/packages/server/src/definitions/openapi.ts b/packages/server/src/definitions/openapi.ts
index 7c02aac060..8c44131e96 100644
--- a/packages/server/src/definitions/openapi.ts
+++ b/packages/server/src/definitions/openapi.ts
@@ -5,67 +5,73 @@
 
 export interface paths {
   "/applications": {
-    post: operations["create"];
+    post: operations["appCreate"];
   };
   "/applications/{appId}": {
-    get: operations["getById"];
-    put: operations["update"];
-    delete: operations["destroy"];
+    get: operations["appGetById"];
+    put: operations["appUpdate"];
+    delete: operations["appDestroy"];
+  };
+  "/applications/{appId}/unpublish": {
+    post: operations["appUnpublish"];
+  };
+  "/applications/{appId}/publish": {
+    post: operations["appPublish"];
   };
   "/applications/search": {
     /** Based on application properties (currently only name) search for applications. */
-    post: operations["search"];
+    post: operations["appSearch"];
   };
   "/queries/{queryId}": {
     /** Queries which have been created within a Budibase app can be executed using this, */
-    post: operations["execute"];
+    post: operations["queryExecute"];
   };
   "/queries/search": {
     /** Based on query properties (currently only name) search for queries. */
-    post: operations["search"];
+    post: operations["querySearch"];
   };
   "/tables/{tableId}/rows": {
     /** Creates a row within the specified table. */
-    post: operations["create"];
+    post: operations["rowCreate"];
   };
   "/tables/{tableId}/rows/{rowId}": {
     /** This gets a single row, it will be enriched with the full related rows, rather than the squashed "primaryDisplay" format returned by the search endpoint. */
-    get: operations["getById"];
+    get: operations["rowGetById"];
     /** Updates a row within the specified table. */
-    put: operations["update"];
+    put: operations["rowUpdate"];
     /** Deletes a row within the specified table. */
-    delete: operations["destroy"];
+    delete: operations["rowDestroy"];
   };
   "/tables/{tableId}/rows/search": {
-    post: operations["search"];
+    post: operations["rowSearch"];
   };
   "/tables": {
     /** Create a table, this could be internal or external. */
-    post: operations["create"];
+    post: operations["tableCreate"];
   };
   "/tables/{tableId}": {
     /** Lookup a table, this could be internal or external. */
-    get: operations["getById"];
+    get: operations["tableGetById"];
     /** Update a table, this could be internal or external. */
-    put: operations["update"];
+    put: operations["tableUpdate"];
     /** Delete a table, this could be internal or external. */
-    delete: operations["destroy"];
+    delete: operations["tableDestroy"];
   };
   "/tables/search": {
     /** Based on table properties (currently only name) search for tables. This could be an internal or an external table. */
-    post: operations["search"];
+    post: operations["tableSearch"];
   };
   "/users": {
-    post: operations["create"];
+    post: operations["userCreate"];
   };
   "/users/{userId}": {
-    get: operations["getById"];
-    put: operations["update"];
-    delete: operations["destroy"];
+    get: operations["userGetById"];
+    put: operations["userUpdate"];
+    delete: operations["userDestroy"];
   };
   "/users/search": {
     /** Based on user properties (currently only name) search for users. */
-    post: operations["search"];
+    post: operations["userSearch"];
   };
 }
 
@@ -102,16 +108,6 @@ export interface components {
         lockedBy?: { [key: string]: unknown };
       };
     };
-    deploymentOutput: {
-      data: {
-        /** @description The ID of the deployment. */
-        _id: string;
-        /** @description The status of the deployment. */
-        status: "SUCCESS" | "FAILURE";
-        /** @description The URL by which the published app is accessed. */
-        appUrl?: string;
-      }
-    };
     applicationSearch: {
       data: {
         /** @description The name of the app. */
@@ -137,6 +133,19 @@ export interface components {
         lockedBy?: { [key: string]: unknown };
       }[];
     };
+    deploymentOutput: {
+      data: {
+        /** @description The ID of the app. */
+        _id: string;
+        /**
+         * @description Status of the deployment, whether it succeeded or failed
+         * @enum {string}
+         */
+        status: "SUCCESS" | "FAILURE";
+        /** @description The URL of the published app */
+        appUrl: string;
+      };
+    };
     /** @description The row to be created/updated, based on the table schema. */
     row: { [key: string]: unknown };
     searchOutput: {
@@ -231,7 +240,6 @@ export interface components {
                */
               type?:
                 | "string"
-                | "barcodeqr"
                 | "longform"
                 | "options"
                 | "number"
@@ -243,7 +251,8 @@ export interface components {
                 | "formula"
                 | "auto"
                 | "json"
-                | "internal";
+                | "internal"
+                | "barcodeqr";
               /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
               constraints?: {
                 /** @enum {string} */
@@ -337,7 +346,6 @@ export interface components {
                  */
                 type?:
                   | "string"
-                  | "barcodeqr"
                   | "longform"
                   | "options"
                   | "number"
@@ -349,7 +357,8 @@ export interface components {
                   | "formula"
                   | "auto"
                   | "json"
-                  | "internal";
+                  | "internal"
+                  | "barcodeqr";
                 /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
                 constraints?: {
                   /** @enum {string} */
@@ -445,7 +454,6 @@ export interface components {
                  */
                 type?:
                   | "string"
-                  | "barcodeqr"
                   | "longform"
                   | "options"
                   | "number"
@@ -457,7 +465,8 @@ export interface components {
                   | "formula"
                   | "auto"
                   | "json"
-                  | "internal";
+                  | "internal"
+                  | "barcodeqr";
                 /** @description A constraint can be applied to the column which will be validated against when a row is saved. */
                 constraints?: {
                   /** @enum {string} */
@@ -717,81 +726,115 @@ export interface components {
 }
 
 export interface operations {
-  create: {
+  appCreate: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
     responses: {
-      /** Returns the created user. */
+      /** Returns the created application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
     requestBody: {
       content: {
-        "application/json": components["schemas"]["user"];
+        "application/json": components["schemas"]["application"];
       };
     };
   };
-  getById: {
+  appGetById: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the retrieved user. */
+      /** Returns the retrieved application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
   };
-  update: {
+  appUpdate: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the updated user. */
+      /** Returns the updated application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
     requestBody: {
       content: {
-        "application/json": components["schemas"]["user"];
+        "application/json": components["schemas"]["application"];
       };
     };
   };
-  destroy: {
+  appDestroy: {
     parameters: {
       path: {
-        /** The ID of the user which this request is targeting. */
-        userId: components["parameters"]["userId"];
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
       };
     };
     responses: {
-      /** Returns the deleted user. */
+      /** Returns the deleted application. */
       200: {
         content: {
-          "application/json": components["schemas"]["userOutput"];
+          "application/json": components["schemas"]["applicationOutput"];
         };
       };
     };
   };
-  /** Based on user properties (currently only name) search for users. */
-  search: {
+  appUnpublish: {
+    parameters: {
+      path: {
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
+      };
+    };
     responses: {
-      /** Returns the found users based on search parameters. */
+      /** The app was published successfully. */
+      204: never;
+    };
+  };
+  appPublish: {
+    parameters: {
+      path: {
+        /** The ID of the app which this request is targeting. */
+        appId: components["parameters"]["appIdUrl"];
+      };
+    };
+    responses: {
+      /** Returns the deployment object. */
       200: {
         content: {
-          "application/json": components["schemas"]["userSearch"];
+          "application/json": components["schemas"]["deploymentOutput"];
+        };
+      };
+    };
+  };
+  /** Based on application properties (currently only name) search for applications. */
+  appSearch: {
+    responses: {
+      /** Returns the applications that were found based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["applicationSearch"];
         };
       };
     };
@@ -802,7 +845,7 @@ export interface operations {
     };
   };
   /** Queries which have been created within a Budibase app can be executed using this, */
-  execute: {
+  queryExecute: {
     parameters: {
       path: {
         /** The ID of the query which this request is targeting. */
@@ -827,6 +870,349 @@ export interface operations {
       };
     };
   };
+  /** Based on query properties (currently only name) search for queries. */
+  querySearch: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the queries found based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["querySearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
+  /** Creates a row within the specified table. */
+  rowCreate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created row, including the ID which has been generated for it. This can be found in the Budibase portal, viewed under the developer information. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["row"];
+      };
+    };
+  };
+  /** This gets a single row, it will be enriched with the full related rows, rather than the squashed "primaryDisplay" format returned by the search endpoint. */
+  rowGetById: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved row. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+  };
+  /** Updates a row within the specified table. */
+  rowUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created row, including the ID which has been generated for it. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["row"];
+      };
+    };
+  };
+  /** Deletes a row within the specified table. */
+  rowDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+        /** The ID of the row which this request is targeting. */
+        rowId: components["parameters"]["rowId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted row, including the ID which has been generated for it. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["rowOutput"];
+        };
+      };
+    };
+  };
+  rowSearch: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** The response will contain an array of rows that match the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["searchOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["rowSearch"];
+      };
+    };
+  };
+  /** Create a table, this could be internal or external. */
+  tableCreate: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the created table, including the ID which has been generated for it. This can be internal or external datasources. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["table"];
+      };
+    };
+  };
+  /** Lookup a table, this could be internal or external. */
+  tableGetById: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+  };
+  /** Update a table, this could be internal or external. */
+  tableUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the updated table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["table"];
+      };
+    };
+  };
+  /** Delete a table, this could be internal or external. */
+  tableDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the table which this request is targeting. */
+        tableId: components["parameters"]["tableId"];
+      };
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted table. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableOutput"];
+        };
+      };
+    };
+  };
+  /** Based on table properties (currently only name) search for tables. This could be an internal or an external table. */
+  tableSearch: {
+    parameters: {
+      header: {
+        /** The ID of the app which this request is targeting. */
+        "x-budibase-app-id": components["parameters"]["appId"];
+      };
+    };
+    responses: {
+      /** Returns the found tables, based on the search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["tableSearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
+  userCreate: {
+    responses: {
+      /** Returns the created user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["user"];
+      };
+    };
+  };
+  userGetById: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the retrieved user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+  };
+  userUpdate: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the updated user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["user"];
+      };
+    };
+  };
+  userDestroy: {
+    parameters: {
+      path: {
+        /** The ID of the user which this request is targeting. */
+        userId: components["parameters"]["userId"];
+      };
+    };
+    responses: {
+      /** Returns the deleted user. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userOutput"];
+        };
+      };
+    };
+  };
+  /** Based on user properties (currently only name) search for users. */
+  userSearch: {
+    responses: {
+      /** Returns the found users based on search parameters. */
+      200: {
+        content: {
+          "application/json": components["schemas"]["userSearch"];
+        };
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["nameSearch"];
+      };
+    };
+  };
 }
 
 export interface external {}
diff --git a/packages/server/src/integration-test/postgres.spec.ts b/packages/server/src/integration-test/postgres.spec.ts
index ecfb532e7f..2afff8b786 100644
--- a/packages/server/src/integration-test/postgres.spec.ts
+++ b/packages/server/src/integration-test/postgres.spec.ts
@@ -27,7 +27,9 @@ describe("row api - postgres", () => {
   let makeRequest: MakeRequestResponse,
     postgresDatasource: Datasource,
     primaryPostgresTable: Table,
-    auxPostgresTable: Table
+    oneToManyRelationshipInfo: ForeignTableInfo,
+    manyToOneRelationshipInfo: ForeignTableInfo,
+    manyToManyRelationshipInfo: ForeignTableInfo
 
   let host: string
   let port: number
@@ -67,37 +69,58 @@ describe("row api - postgres", () => {
       },
     })
 
-    auxPostgresTable = await config.createTable({
-      name: generator.word({ length: 10 }),
-      type: "external",
-      primary: ["id"],
-      schema: {
-        id: {
-          name: "id",
-          type: FieldType.AUTO,
-          constraints: {
-            presence: true,
+    async function createAuxTable(prefix: string) {
+      return await config.createTable({
+        name: `${prefix}_${generator.word({ length: 6 })}`,
+        type: "external",
+        primary: ["id"],
+        primaryDisplay: "title",
+        schema: {
+          id: {
+            name: "id",
+            type: FieldType.AUTO,
+            autocolumn: true,
+            constraints: {
+              presence: true,
+            },
+          },
+          title: {
+            name: "title",
+            type: FieldType.STRING,
+            constraints: {
+              presence: true,
+            },
           },
         },
-        title: {
-          name: "title",
-          type: FieldType.STRING,
-          constraints: {
-            presence: true,
-          },
-        },
-      },
-      sourceId: postgresDatasource._id,
-    })
+        sourceId: postgresDatasource._id,
+      })
+    }
+
+    oneToManyRelationshipInfo = {
+      table: await createAuxTable("o2m"),
+      fieldName: "oneToManyRelation",
+      relationshipType: RelationshipTypes.ONE_TO_MANY,
+    }
+    manyToOneRelationshipInfo = {
+      table: await createAuxTable("m2o"),
+      fieldName: "manyToOneRelation",
+      relationshipType: RelationshipTypes.MANY_TO_ONE,
+    }
+    manyToManyRelationshipInfo = {
+      table: await createAuxTable("m2m"),
+      fieldName: "manyToManyRelation",
+      relationshipType: RelationshipTypes.MANY_TO_MANY,
+    }
 
     primaryPostgresTable = await config.createTable({
-      name: generator.word({ length: 10 }),
+      name: `p_${generator.word({ length: 6 })}`,
       type: "external",
       primary: ["id"],
       schema: {
         id: {
           name: "id",
           type: FieldType.AUTO,
+          autocolumn: true,
           constraints: {
             presence: true,
           },
@@ -117,25 +140,48 @@ describe("row api - postgres", () => {
           name: "value",
           type: FieldType.NUMBER,
         },
-        linkedField: {
+        oneToManyRelation: {
           type: FieldType.LINK,
           constraints: {
             type: "array",
             presence: false,
           },
-          fieldName: "foreignField",
-          name: "linkedField",
+          fieldName: oneToManyRelationshipInfo.fieldName,
+          name: "oneToManyRelation",
           relationshipType: RelationshipTypes.ONE_TO_MANY,
-          tableId: auxPostgresTable._id,
+          tableId: oneToManyRelationshipInfo.table._id,
+          main: true,
+        },
+        manyToOneRelation: {
+          type: FieldType.LINK,
+          constraints: {
+            type: "array",
+            presence: false,
+          },
+          fieldName: manyToOneRelationshipInfo.fieldName,
+          name: "manyToOneRelation",
+          relationshipType: RelationshipTypes.MANY_TO_ONE,
+          tableId: manyToOneRelationshipInfo.table._id,
+          main: true,
+        },
+        manyToManyRelation: {
+          type: FieldType.LINK,
+          constraints: {
+            type: "array",
+            presence: false,
+          },
+          fieldName: manyToManyRelationshipInfo.fieldName,
+          name: "manyToManyRelation",
+          relationshipType: RelationshipTypes.MANY_TO_MANY,
+          tableId: manyToManyRelationshipInfo.table._id,
+          main: true,
         },
       },
       sourceId: postgresDatasource._id,
     })
   })
 
-  afterAll(async () => {
-    await config.end()
-  })
+  afterAll(config.end)
 
   function generateRandomPrimaryRowData() {
     return {
@@ -151,22 +197,99 @@ describe("row api - postgres", () => {
     value: number
   }
 
+  type ForeignTableInfo = {
+    table: Table
+    fieldName: string
+    relationshipType: RelationshipTypes
+  }
+
+  type ForeignRowsInfo = {
+    row: Row
+    relationshipType: RelationshipTypes
+  }
+
   async function createPrimaryRow(opts: {
     rowData: PrimaryRowData
-    createForeignRow?: boolean
+    createForeignRows?: {
+      createOneToMany?: boolean
+      createManyToOne?: number
+      createManyToMany?: number
+    }
   }) {
-    let { rowData } = opts
-    let foreignRow: Row | undefined
-    if (opts?.createForeignRow) {
-      foreignRow = await config.createRow({
-        tableId: auxPostgresTable._id,
+    let { rowData } = opts as any
+    let foreignRows: ForeignRowsInfo[] = []
+
+    async function createForeignRow(tableInfo: ForeignTableInfo) {
+      const foreignKey = `fk_${tableInfo.table.name}_${tableInfo.fieldName}`
+
+      const foreignRow = await config.createRow({
+        tableId: tableInfo.table._id,
         title: generator.name(),
       })
 
       rowData = {
         ...rowData,
-        [`fk_${auxPostgresTable.name}_foreignField`]: foreignRow.id,
+        [foreignKey]: foreignRow.id,
       }
+      foreignRows.push({
+        row: foreignRow,
+
+        relationshipType: tableInfo.relationshipType,
+      })
+    }
+
+    if (opts?.createForeignRows?.createOneToMany) {
+      const foreignKey = `fk_${oneToManyRelationshipInfo.table.name}_${oneToManyRelationshipInfo.fieldName}`
+
+      const foreignRow = await config.createRow({
+        tableId: oneToManyRelationshipInfo.table._id,
+        title: generator.name(),
+      })
+
+      rowData = {
+        ...rowData,
+        [foreignKey]: foreignRow.id,
+      }
+      foreignRows.push({
+        row: foreignRow,
+        relationshipType: oneToManyRelationshipInfo.relationshipType,
+      })
+    }
+
+    for (let i = 0; i < (opts?.createForeignRows?.createManyToOne || 0); i++) {
+      const foreignRow = await config.createRow({
+        tableId: manyToOneRelationshipInfo.table._id,
+        title: generator.name(),
+      })
+
+      rowData = {
+        ...rowData,
+        [manyToOneRelationshipInfo.fieldName]:
+          rowData[manyToOneRelationshipInfo.fieldName] || [],
+      }
+      rowData[manyToOneRelationshipInfo.fieldName].push(foreignRow._id)
+      foreignRows.push({
+        row: foreignRow,
+        relationshipType: RelationshipTypes.MANY_TO_ONE,
+      })
+    }
+
+    for (let i = 0; i < (opts?.createForeignRows?.createManyToMany || 0); i++) {
+      const foreignRow = await config.createRow({
+        tableId: manyToManyRelationshipInfo.table._id,
+        title: generator.name(),
+      })
+
+      rowData = {
+        ...rowData,
+        [manyToManyRelationshipInfo.fieldName]:
+          rowData[manyToManyRelationshipInfo.fieldName] || [],
+      }
+      rowData[manyToManyRelationshipInfo.fieldName].push(foreignRow._id)
+      foreignRows.push({
+        row: foreignRow,
+        relationshipType: RelationshipTypes.MANY_TO_MANY,
+      })
     }
 
     const row = await config.createRow({
@@ -174,7 +297,7 @@ describe("row api - postgres", () => {
       ...rowData,
     })
 
-    return { row, foreignRow }
+    return { row, foreignRows }
   }
 
   async function createDefaultPgTable() {
@@ -198,7 +321,9 @@ describe("row api - postgres", () => {
   async function populatePrimaryRows(
     count: number,
     opts?: {
-      createForeignRow?: boolean
+      createOneToMany?: boolean
+      createManyToOne?: number
+      createManyToMany?: number
     }
   ) {
     return await Promise.all(
@@ -210,7 +335,7 @@ describe("row api - postgres", () => {
             rowData,
             ...(await createPrimaryRow({
               rowData,
-              createForeignRow: opts?.createForeignRow,
+              createForeignRows: opts,
             })),
           }
         })
@@ -295,7 +420,7 @@ describe("row api - postgres", () => {
     describe("given than a row exists", () => {
       let row: Row
       beforeEach(async () => {
-        let rowResponse = _.sample(await populatePrimaryRows(10))!
+        let rowResponse = _.sample(await populatePrimaryRows(1))!
         row = rowResponse.row
       })
 
@@ -403,7 +528,7 @@ describe("row api - postgres", () => {
       let rows: { row: Row; rowData: PrimaryRowData }[]
 
       beforeEach(async () => {
-        rows = await populatePrimaryRows(10)
+        rows = await populatePrimaryRows(5)
       })
 
       it("a single row can be retrieved successfully", async () => {
@@ -419,24 +544,136 @@ describe("row api - postgres", () => {
 
     describe("given a row with relation data", () => {
       let row: Row
-      beforeEach(async () => {
-        let [createdRow] = await populatePrimaryRows(1, {
-          createForeignRow: true,
+      let rowData: {
+        name: string
+        description: string
+        value: number
+      }
+      let foreignRows: ForeignRowsInfo[]
+
+      describe("with all relationship types", () => {
+        beforeEach(async () => {
+          let [createdRow] = await populatePrimaryRows(1, {
+            createOneToMany: true,
+            createManyToOne: 3,
+            createManyToMany: 2,
+          })
+          row = createdRow.row
+          rowData = createdRow.rowData
+          foreignRows = createdRow.foreignRows
+        })
+
+        it("only one to many foreign keys are retrieved", async () => {
+          const res = await getRow(primaryPostgresTable._id, row.id)
+
+          expect(res.status).toBe(200)
+
+          const one2ManyForeignRows = foreignRows.filter(
+            x => x.relationshipType === RelationshipTypes.ONE_TO_MANY
+          )
+          expect(one2ManyForeignRows).toHaveLength(1)
+
+          expect(res.body).toEqual({
+            ...rowData,
+            id: row.id,
+            tableId: row.tableId,
+            _id: expect.any(String),
+            _rev: expect.any(String),
+            [`fk_${oneToManyRelationshipInfo.table.name}_${oneToManyRelationshipInfo.fieldName}`]:
+              one2ManyForeignRows[0].row.id,
+          })
+
+          expect(res.body[oneToManyRelationshipInfo.fieldName]).toBeUndefined()
         })
-        row = createdRow.row
       })
 
-      it("foreign key fields are not retrieved", async () => {
-        const res = await getRow(primaryPostgresTable._id, row.id)
-
-        expect(res.status).toBe(200)
-
-        expect(res.body).toEqual({
-          ...row,
-          _id: expect.any(String),
-          _rev: expect.any(String),
+      describe("with only one to many", () => {
+        beforeEach(async () => {
+          let [createdRow] = await populatePrimaryRows(1, {
+            createOneToMany: true,
+          })
+          row = createdRow.row
+          rowData = createdRow.rowData
+          foreignRows = createdRow.foreignRows
+        })
+
+        it("only one to many foreign keys are retrieved", async () => {
+          const res = await getRow(primaryPostgresTable._id, row.id)
+
+          expect(res.status).toBe(200)
+
+          expect(foreignRows).toHaveLength(1)
+
+          expect(res.body).toEqual({
+            ...rowData,
+            id: row.id,
+            tableId: row.tableId,
+            _id: expect.any(String),
+            _rev: expect.any(String),
+            [`fk_${oneToManyRelationshipInfo.table.name}_${oneToManyRelationshipInfo.fieldName}`]:
+              foreignRows[0].row.id,
+          })
+
+          expect(res.body[oneToManyRelationshipInfo.fieldName]).toBeUndefined()
+        })
+      })
+
+      describe("with only many to one", () => {
+        beforeEach(async () => {
+          let [createdRow] = await populatePrimaryRows(1, {
+            createManyToOne: 3,
+          })
+          row = createdRow.row
+          rowData = createdRow.rowData
+          foreignRows = createdRow.foreignRows
+        })
+
+        it("only one to many foreign keys are retrieved", async () => {
+          const res = await getRow(primaryPostgresTable._id, row.id)
+
+          expect(res.status).toBe(200)
+
+          expect(foreignRows).toHaveLength(3)
+
+          expect(res.body).toEqual({
+            ...rowData,
+            id: row.id,
+            tableId: row.tableId,
+            _id: expect.any(String),
+            _rev: expect.any(String),
+          })
+
+          expect(res.body[oneToManyRelationshipInfo.fieldName]).toBeUndefined()
+        })
+      })
+
+      describe("with only many to many", () => {
+        beforeEach(async () => {
+          let [createdRow] = await populatePrimaryRows(1, {
+            createManyToMany: 2,
+          })
+          row = createdRow.row
+          rowData = createdRow.rowData
+          foreignRows = createdRow.foreignRows
+        })
+
+        it("only one to many foreign keys are retrieved", async () => {
+          const res = await getRow(primaryPostgresTable._id, row.id)
+
+          expect(res.status).toBe(200)
+
+          expect(foreignRows).toHaveLength(2)
+
+          expect(res.body).toEqual({
+            ...rowData,
+            id: row.id,
+            tableId: row.tableId,
+            _id: expect.any(String),
+            _rev: expect.any(String),
+          })
+
+          expect(res.body[oneToManyRelationshipInfo.fieldName]).toBeUndefined()
         })
-        expect(res.body.foreignField).toBeUndefined()
       })
     })
   })
@@ -657,31 +894,74 @@ describe("row api - postgres", () => {
     const getAll = (tableId: string | undefined, rowId: string | undefined) =>
       makeRequest("get", `/api/${tableId}/${rowId}/enrich`)
     describe("given a row with relation data", () => {
-      let row: Row, foreignRow: Row | undefined
+      let row: Row, rowData: PrimaryRowData, foreignRows: ForeignRowsInfo[]
 
-      beforeEach(async () => {
-        const rowsInfo = await createPrimaryRow({
-          rowData: generateRandomPrimaryRowData(),
-          createForeignRow: true,
+      describe("with all relationship types", () => {
+        beforeEach(async () => {
+          rowData = generateRandomPrimaryRowData()
+          const rowsInfo = await createPrimaryRow({
+            rowData,
+            createForeignRows: {
+              createOneToMany: true,
+              createManyToOne: 3,
+              createManyToMany: 2,
+            },
+          })
+
+          row = rowsInfo.row
+          foreignRows = rowsInfo.foreignRows
         })
 
-        row = rowsInfo.row
-        foreignRow = rowsInfo.foreignRow
-      })
+        it("enrich populates the foreign fields", async () => {
+          const res = await getAll(primaryPostgresTable._id, row.id)
 
-      it("enrich populates the foreign field", async () => {
-        const res = await getAll(primaryPostgresTable._id, row.id)
+          expect(res.status).toBe(200)
 
-        expect(res.status).toBe(200)
-
-        expect(foreignRow).toBeDefined()
-        expect(res.body).toEqual({
-          ...row,
-          linkedField: [
-            {
-              ...foreignRow,
-            },
-          ],
+          const foreignRowsByType = _.groupBy(
+            foreignRows,
+            x => x.relationshipType
+          )
+          expect(res.body).toEqual({
+            ...rowData,
+            [`fk_${oneToManyRelationshipInfo.table.name}_${oneToManyRelationshipInfo.fieldName}`]:
+              foreignRowsByType[RelationshipTypes.ONE_TO_MANY][0].row.id,
+            [oneToManyRelationshipInfo.fieldName]: [
+              {
+                ...foreignRowsByType[RelationshipTypes.ONE_TO_MANY][0].row,
+                _id: expect.any(String),
+                _rev: expect.any(String),
+              },
+            ],
+            [manyToOneRelationshipInfo.fieldName]: [
+              {
+                ...foreignRowsByType[RelationshipTypes.MANY_TO_ONE][0].row,
+                [`fk_${manyToOneRelationshipInfo.table.name}_${manyToOneRelationshipInfo.fieldName}`]:
+                  row.id,
+              },
+              {
+                ...foreignRowsByType[RelationshipTypes.MANY_TO_ONE][1].row,
+                [`fk_${manyToOneRelationshipInfo.table.name}_${manyToOneRelationshipInfo.fieldName}`]:
+                  row.id,
+              },
+              {
+                ...foreignRowsByType[RelationshipTypes.MANY_TO_ONE][2].row,
+                [`fk_${manyToOneRelationshipInfo.table.name}_${manyToOneRelationshipInfo.fieldName}`]:
+                  row.id,
+              },
+            ],
+            [manyToManyRelationshipInfo.fieldName]: [
+              {
+                ...foreignRowsByType[RelationshipTypes.MANY_TO_MANY][0].row,
+              },
+              {
+                ...foreignRowsByType[RelationshipTypes.MANY_TO_MANY][1].row,
+              },
+            ],
+            id: row.id,
+            tableId: row.tableId,
+            _id: expect.any(String),
+            _rev: expect.any(String),
+          })
         })
       })
     })
@@ -704,7 +984,7 @@ describe("row api - postgres", () => {
       const rowsCount = 6
       let rows: {
         row: Row
-        foreignRow: Row | undefined
+        foreignRows: ForeignRowsInfo[]
         rowData: PrimaryRowData
       }[]
       beforeEach(async () => {
diff --git a/packages/server/src/integrations/base/sql.ts b/packages/server/src/integrations/base/sql.ts
index e66795a6db..00e62d3ce4 100644
--- a/packages/server/src/integrations/base/sql.ts
+++ b/packages/server/src/integrations/base/sql.ts
@@ -6,11 +6,11 @@ import {
   SearchFilters,
   SortDirection,
 } from "@budibase/types"
+import { db as dbCore } from "@budibase/backend-core"
 import { QueryOptions } from "../../definitions/datasource"
 import { isIsoDateString, SqlClient } from "../utils"
 import SqlTableQueryBuilder from "./sqlTable"
 import environment from "../../environment"
-import { removeKeyNumbering } from "./utils"
 
 const envLimit = environment.SQL_MAX_ROWS
   ? parseInt(environment.SQL_MAX_ROWS)
@@ -136,7 +136,7 @@ class InternalBuilder {
       fn: (key: string, value: any) => void
     ) {
       for (let [key, value] of Object.entries(structure)) {
-        const updatedKey = removeKeyNumbering(key)
+        const updatedKey = dbCore.removeKeyNumbering(key)
         const isRelationshipField = updatedKey.includes(".")
         if (!opts.relationship && !isRelationshipField) {
           fn(`${opts.tableName}.${updatedKey}`, value)
@@ -415,9 +415,7 @@ class InternalBuilder {
     if (opts.disableReturning) {
       return query.insert(parsedBody)
     } else {
-      return query
-        .insert(parsedBody)
-        .returning(generateSelectStatement(json, knex))
+      return query.insert(parsedBody).returning("*")
     }
   }
 
@@ -502,9 +500,7 @@ class InternalBuilder {
     if (opts.disableReturning) {
       return query.update(parsedBody)
     } else {
-      return query
-        .update(parsedBody)
-        .returning(generateSelectStatement(json, knex))
+      return query.update(parsedBody).returning("*")
     }
   }
 
diff --git a/packages/server/src/integrations/base/utils.ts b/packages/server/src/integrations/base/utils.ts
deleted file mode 100644
index 54efdb91a0..0000000000
--- a/packages/server/src/integrations/base/utils.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-const QUERY_START_REGEX = /\d[0-9]*:/g
-
-export function removeKeyNumbering(key: any): string {
-  if (typeof key === "string" && key.match(QUERY_START_REGEX) != null) {
-    const parts = key.split(":")
-    // remove the number
-    parts.shift()
-    return parts.join(":")
-  } else {
-    return key
-  }
-}
diff --git a/packages/server/src/integrations/googlesheets.ts b/packages/server/src/integrations/googlesheets.ts
index d3caf0b944..6f202f9c3a 100644
--- a/packages/server/src/integrations/googlesheets.ts
+++ b/packages/server/src/integrations/googlesheets.ts
@@ -11,9 +11,8 @@ import { OAuth2Client } from "google-auth-library"
 import { buildExternalTableId } from "./utils"
 import { DataSourceOperation, FieldTypes } from "../constants"
 import { GoogleSpreadsheet } from "google-spreadsheet"
-import env from "../environment"
-import { tenancy, db as dbCore, constants } from "@budibase/backend-core"
-const fetch = require("node-fetch")
+import fetch from "node-fetch"
+import { configs, HTTPError } from "@budibase/backend-core"
 
 interface GoogleSheetsConfig {
   spreadsheetId: string
@@ -112,7 +111,7 @@ const SCHEMA: Integration = {
 
 class GoogleSheetsIntegration implements DatasourcePlus {
   private readonly config: GoogleSheetsConfig
-  private client: any
+  private client: GoogleSpreadsheet
   public tables: Record<string, Table> = {}
   public schemaErrors: Record<string, string> = {}
 
@@ -173,16 +172,9 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async connect() {
     try {
       // Initialise oAuth client
-      const db = tenancy.getGlobalDB()
-      let googleConfig = await dbCore.getScopedConfig(db, {
-        type: constants.Config.GOOGLE,
-      })
-
+      let googleConfig = await configs.getGoogleDatasourceConfig()
       if (!googleConfig) {
-        googleConfig = {
-          clientID: env.GOOGLE_CLIENT_ID,
-          clientSecret: env.GOOGLE_CLIENT_SECRET,
-        }
+        throw new HTTPError("Google config not found", 400)
       }
 
       const oauthClient = new OAuth2Client({
@@ -211,7 +203,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
 
   async buildSchema(datasourceId: string) {
     await this.connect()
-    const sheets = await this.client.sheetsByIndex
+    const sheets = this.client.sheetsByIndex
     const tables: Record<string, Table> = {}
     for (let sheet of sheets) {
       // must fetch rows to determine schema
@@ -294,7 +286,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async updateTable(table?: any) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[table.name]
+      const sheet = this.client.sheetsByTitle[table.name]
       await sheet.loadHeaderRow()
 
       if (table._rename) {
@@ -308,10 +300,17 @@ class GoogleSheetsIntegration implements DatasourcePlus {
         }
         await sheet.setHeaderRow(headers)
       } else {
-        let newField = Object.keys(table.schema).find(
+        const updatedHeaderValues = [...sheet.headerValues]
+
+        const newField = Object.keys(table.schema).find(
           key => !sheet.headerValues.includes(key)
         )
-        await sheet.setHeaderRow([...sheet.headerValues, newField])
+
+        if (newField) {
+          updatedHeaderValues.push(newField)
+        }
+
+        await sheet.setHeaderRow(updatedHeaderValues)
       }
     } catch (err) {
       console.error("Error updating table in google sheets", err)
@@ -322,7 +321,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async deleteTable(sheet: any) {
     try {
       await this.connect()
-      const sheetToDelete = await this.client.sheetsByTitle[sheet]
+      const sheetToDelete = this.client.sheetsByTitle[sheet]
       return await sheetToDelete.delete()
     } catch (err) {
       console.error("Error deleting table in google sheets", err)
@@ -333,7 +332,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async create(query: { sheet: string; row: any }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rowToInsert =
         typeof query.row === "string" ? JSON.parse(query.row) : query.row
       const row = await sheet.addRow(rowToInsert)
@@ -349,7 +348,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async read(query: { sheet: string }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rows = await sheet.getRows()
       const headerValues = sheet.headerValues
       const response = []
@@ -368,7 +367,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
   async update(query: { sheet: string; rowIndex: number; row: any }) {
     try {
       await this.connect()
-      const sheet = await this.client.sheetsByTitle[query.sheet]
+      const sheet = this.client.sheetsByTitle[query.sheet]
       const rows = await sheet.getRows()
       const row = rows[query.rowIndex]
       if (row) {
@@ -392,7 +391,7 @@ class GoogleSheetsIntegration implements DatasourcePlus {
 
   async delete(query: { sheet: string; rowIndex: number }) {
     await this.connect()
-    const sheet = await this.client.sheetsByTitle[query.sheet]
+    const sheet = this.client.sheetsByTitle[query.sheet]
     const rows = await sheet.getRows()
     const row = rows[query.rowIndex]
     if (row) {
diff --git a/packages/server/src/integrations/tests/couchdb.spec.ts b/packages/server/src/integrations/tests/couchdb.spec.ts
index 0d744cd343..66735d7b74 100644
--- a/packages/server/src/integrations/tests/couchdb.spec.ts
+++ b/packages/server/src/integrations/tests/couchdb.spec.ts
@@ -1,5 +1,3 @@
-import { DatabaseWithConnection } from "@budibase/backend-core/src/db"
-
 jest.mock("@budibase/backend-core", () => {
   const core = jest.requireActual("@budibase/backend-core")
   return {
diff --git a/packages/server/src/integrations/tests/googlesheets.spec.ts b/packages/server/src/integrations/tests/googlesheets.spec.ts
new file mode 100644
index 0000000000..1e28be33c6
--- /dev/null
+++ b/packages/server/src/integrations/tests/googlesheets.spec.ts
@@ -0,0 +1,122 @@
+import type { GoogleSpreadsheetWorksheet } from "google-spreadsheet"
+
+jest.mock("google-auth-library")
+const { OAuth2Client } = require("google-auth-library")
+
+const setCredentialsMock = jest.fn()
+const getAccessTokenMock = jest.fn()
+
+OAuth2Client.mockImplementation(() => {
+  return {
+    setCredentials: setCredentialsMock,
+    getAccessToken: getAccessTokenMock,
+  }
+})
+
+jest.mock("google-spreadsheet")
+const { GoogleSpreadsheet } = require("google-spreadsheet")
+
+const sheetsByTitle: { [title: string]: GoogleSpreadsheetWorksheet } = {}
+
+GoogleSpreadsheet.mockImplementation(() => {
+  return {
+    useOAuth2Client: jest.fn(),
+    loadInfo: jest.fn(),
+    sheetsByTitle,
+  }
+})
+
+import { structures } from "@budibase/backend-core/tests"
+import TestConfiguration from "../../tests/utilities/TestConfiguration"
+import GoogleSheetsIntegration from "../googlesheets"
+import { FieldType, Table, TableSchema } from "../../../../types/src/documents"
+
+describe("Google Sheets Integration", () => {
+  let integration: any,
+    config = new TestConfiguration()
+
+  beforeEach(async () => {
+    integration = new GoogleSheetsIntegration.integration({
+      spreadsheetId: "randomId",
+      auth: {
+        appId: "appId",
+        accessToken: "accessToken",
+        refreshToken: "refreshToken",
+      },
+    })
+    await config.init()
+  })
+
+  function createBasicTable(name: string, columns: string[]): Table {
+    return {
+      name,
+      schema: {
+        ...columns.reduce((p, c) => {
+          p[c] = {
+            name: c,
+            type: FieldType.STRING,
+            constraints: {
+              type: "string",
+            },
+          }
+          return p
+        }, {} as TableSchema),
+      },
+    }
+  }
+
+  function createSheet({
+    headerValues,
+  }: {
+    headerValues: string[]
+  }): GoogleSpreadsheetWorksheet {
+    return {
+      // to ignore the unmapped fields
+      ...({} as any),
+      loadHeaderRow: jest.fn(),
+      headerValues,
+      setHeaderRow: jest.fn(),
+    }
+  }
+
+  describe("update table", () => {
+    test("adding a new field will be adding a new header row", async () => {
+      await config.doInContext(structures.uuid(), async () => {
+        const tableColumns = ["name", "description", "new field"]
+        const table = createBasicTable(structures.uuid(), tableColumns)
+
+        const sheet = createSheet({ headerValues: ["name", "description"] })
+        sheetsByTitle[table.name] = sheet
+        await integration.updateTable(table)
+
+        expect(sheet.loadHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledWith(tableColumns)
+      })
+    })
+
+    test("removing an existing field will not remove the data from the spreadsheet", async () => {
+      await config.doInContext(structures.uuid(), async () => {
+        const tableColumns = ["name"]
+        const table = createBasicTable(structures.uuid(), tableColumns)
+
+        const sheet = createSheet({
+          headerValues: ["name", "description", "location"],
+        })
+        sheetsByTitle[table.name] = sheet
+        await integration.updateTable(table)
+
+        expect(sheet.loadHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledTimes(1)
+        expect(sheet.setHeaderRow).toBeCalledWith([
+          "name",
+          "description",
+          "location",
+        ])
+
+        // No undefineds are sent
+        expect((sheet.setHeaderRow as any).mock.calls[0][0]).toHaveLength(3)
+      })
+    })
+  })
+})
diff --git a/packages/server/src/middleware/authorized.ts b/packages/server/src/middleware/authorized.ts
index d3fd4de81d..6268163fb2 100644
--- a/packages/server/src/middleware/authorized.ts
+++ b/packages/server/src/middleware/authorized.ts
@@ -79,10 +79,6 @@ export default (
       return ctx.throw(403, "No user info found")
     }
 
-    // check general builder stuff, this middleware is a good way
-    // to find API endpoints which are builder focused
-    await builderMiddleware(ctx, permType)
-
     // get the resource roles
     let resourceRoles: any = []
     let otherLevelRoles: any = []
@@ -112,6 +108,12 @@ export default (
       return ctx.throw(403, "Session not authenticated")
     }
 
+    // check general builder stuff, this middleware is a good way
+    // to find API endpoints which are builder focused
+    if (permType === permissions.PermissionType.BUILDER) {
+      await builderMiddleware(ctx)
+    }
+
     try {
       // check authorized
       await checkAuthorized(ctx, resourceRoles, permType, permLevel)
diff --git a/packages/server/src/middleware/builder.ts b/packages/server/src/middleware/builder.ts
index 7df6c7ad33..5174f618a0 100644
--- a/packages/server/src/middleware/builder.ts
+++ b/packages/server/src/middleware/builder.ts
@@ -64,13 +64,18 @@ async function updateAppUpdatedAt(ctx: BBContext) {
   })
 }
 
-export default async function builder(ctx: BBContext, permType: string) {
+export default async function builder(ctx: BBContext) {
   const appId = ctx.appId
   // this only functions within an app context
   if (!appId) {
     return
   }
-  const isBuilderApi = permType === permissions.PermissionType.BUILDER
+
+  // check authenticated
+  if (!ctx.isAuthenticated) {
+    return ctx.throw(403, "Session not authenticated")
+  }
+
   const referer = ctx.headers["referer"]
 
   const overviewPath = "/builder/portal/overview/"
@@ -82,7 +87,7 @@ export default async function builder(ctx: BBContext, permType: string) {
   const hasAppId = !referer ? false : referer.includes(appId)
   const editingApp = referer ? hasAppId : false
   // check this is a builder call and editing
-  if (!isBuilderApi || !editingApp) {
+  if (!editingApp) {
     return
   }
   // check locks
diff --git a/packages/server/src/migrations/functions/backfill/global/configs.ts b/packages/server/src/migrations/functions/backfill/global/configs.ts
index 7eaa987bc7..1b76727bbe 100644
--- a/packages/server/src/migrations/functions/backfill/global/configs.ts
+++ b/packages/server/src/migrations/functions/backfill/global/configs.ts
@@ -1,4 +1,9 @@
-import { events, db as dbUtils } from "@budibase/backend-core"
+import {
+  events,
+  DocumentType,
+  SEPARATOR,
+  UNICODE_MAX,
+} from "@budibase/backend-core"
 import {
   Config,
   isSMTPConfig,
@@ -9,15 +14,16 @@ import {
 } from "@budibase/types"
 import env from "./../../../../environment"
 
+export const getConfigParams = () => {
+  return {
+    include_docs: true,
+    startkey: `${DocumentType.CONFIG}${SEPARATOR}`,
+    endkey: `${DocumentType.CONFIG}${SEPARATOR}${UNICODE_MAX}`,
+  }
+}
+
 const getConfigs = async (globalDb: any): Promise<Config[]> => {
-  const response = await globalDb.allDocs(
-    dbUtils.getConfigParams(
-      {},
-      {
-        include_docs: true,
-      }
-    )
-  )
+  const response = await globalDb.allDocs(getConfigParams())
   return response.rows.map((row: any) => row.doc)
 }
 
diff --git a/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js b/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
index c0066b1c71..15ddcfd1ef 100644
--- a/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
+++ b/packages/server/src/migrations/functions/tests/userEmailViewCasing.spec.js
@@ -8,9 +8,8 @@ jest.mock("@budibase/backend-core", () => {
     }
   }
 })
-const { tenancy, db: dbCore } = require("@budibase/backend-core")
+const { context, db: dbCore } = require("@budibase/backend-core")
 const TestConfig = require("../../../tests/utilities/TestConfiguration")
-const { TENANT_ID } = require("../../../tests/utilities/structures")
 
 // mock email view creation
 
@@ -26,8 +25,8 @@ describe("run", () => {
     afterAll(config.end)
 
     it("runs successfully", async () => {
-      await tenancy.doInTenant(TENANT_ID, async () => {
-        const globalDb = tenancy.getGlobalDB()
+      await config.doInTenant(async () => {
+        const globalDb = context.getGlobalDB()
         await migration.run(globalDb)
         expect(dbCore.createNewUserEmailView).toHaveBeenCalledTimes(1)
       })
diff --git a/packages/server/src/migrations/tests/helpers.ts b/packages/server/src/migrations/tests/helpers.ts
index 17658d5290..35831a2fd0 100644
--- a/packages/server/src/migrations/tests/helpers.ts
+++ b/packages/server/src/migrations/tests/helpers.ts
@@ -1,7 +1,7 @@
 // Mimic configs test configuration from worker, creation configs directly in database
 
 import * as structures from "./structures"
-import { db } from "@budibase/backend-core"
+import { configs } from "@budibase/backend-core"
 import { Config } from "@budibase/types"
 
 export const saveSettingsConfig = async (globalDb: any) => {
@@ -25,7 +25,7 @@ export const saveSmtpConfig = async (globalDb: any) => {
 }
 
 const saveConfig = async (config: Config, globalDb: any) => {
-  config._id = db.generateConfigID({ type: config.type })
+  config._id = configs.generateConfigID(config.type)
 
   let response
   try {
diff --git a/packages/server/src/migrations/tests/structures.ts b/packages/server/src/migrations/tests/structures.ts
index bd48bf63cd..b075c04f5c 100644
--- a/packages/server/src/migrations/tests/structures.ts
+++ b/packages/server/src/migrations/tests/structures.ts
@@ -20,6 +20,7 @@ export const oidc = (conf?: OIDCConfig): OIDCConfig => {
           name: "Active Directory",
           uuid: utils.newid(),
           activated: true,
+          scopes: [],
           ...conf,
         },
       ],
diff --git a/packages/server/src/sdk/app/backups/constants.ts b/packages/server/src/sdk/app/backups/constants.ts
index 2f011ea2de..0584fcb3d0 100644
--- a/packages/server/src/sdk/app/backups/constants.ts
+++ b/packages/server/src/sdk/app/backups/constants.ts
@@ -1,2 +1,3 @@
 export const DB_EXPORT_FILE = "db.txt"
 export const GLOBAL_DB_EXPORT_FILE = "global.txt"
+export const STATIC_APP_FILES = ["manifest.json", "budibase-client.js"]
diff --git a/packages/server/src/sdk/app/backups/exports.ts b/packages/server/src/sdk/app/backups/exports.ts
index 25bd1f4795..c10f106451 100644
--- a/packages/server/src/sdk/app/backups/exports.ts
+++ b/packages/server/src/sdk/app/backups/exports.ts
@@ -7,10 +7,15 @@ import {
   TABLE_ROW_PREFIX,
   USER_METDATA_PREFIX,
 } from "../../../db/utils"
-import { DB_EXPORT_FILE, GLOBAL_DB_EXPORT_FILE } from "./constants"
+import {
+  DB_EXPORT_FILE,
+  GLOBAL_DB_EXPORT_FILE,
+  STATIC_APP_FILES,
+} from "./constants"
 import fs from "fs"
 import { join } from "path"
 import env from "../../../environment"
+
 const uuid = require("uuid/v4")
 const tar = require("tar")
 const MemoryStream = require("memorystream")
@@ -91,14 +96,25 @@ export async function exportApp(appId: string, config?: ExportOpts) {
   const prodAppId = dbCore.getProdAppID(appId)
   const appPath = `${prodAppId}/`
   // export bucket contents
-  let tmpPath
+  let tmpPath = createTempFolder(uuid())
   if (!env.isTest()) {
-    tmpPath = await objectStore.retrieveDirectory(
-      ObjectStoreBuckets.APPS,
-      appPath
-    )
-  } else {
-    tmpPath = createTempFolder(uuid())
+    // write just the static files
+    if (config?.excludeRows) {
+      for (let path of STATIC_APP_FILES) {
+        const contents = await objectStore.retrieve(
+          ObjectStoreBuckets.APPS,
+          join(appPath, path)
+        )
+        fs.writeFileSync(join(tmpPath, path), contents)
+      }
+    }
+    // get all of the files
+    else {
+      tmpPath = await objectStore.retrieveDirectory(
+        ObjectStoreBuckets.APPS,
+        appPath
+      )
+    }
   }
   const downloadedPath = join(tmpPath, appPath)
   if (fs.existsSync(downloadedPath)) {
diff --git a/packages/server/src/sdk/app/rows/attachments.ts b/packages/server/src/sdk/app/rows/attachments.ts
index 67f58f8f2c..bd04f64146 100644
--- a/packages/server/src/sdk/app/rows/attachments.ts
+++ b/packages/server/src/sdk/app/rows/attachments.ts
@@ -13,13 +13,13 @@ function generateAttachmentFindParams(
 ) {
   const params: CouchFindOptions = {
     selector: {
+      $or: attachmentCols.map(col => ({ [col]: { $exists: true } })),
       _id: {
         $regex: `^${DocumentType.ROW}${SEPARATOR}${tableId}`,
       },
     },
     limit: FIND_LIMIT,
   }
-  attachmentCols.forEach(col => (params.selector[col] = { $exists: true }))
   if (bookmark) {
     params.bookmark = bookmark
   }
diff --git a/packages/server/src/startup.ts b/packages/server/src/startup.ts
index f70694226d..6cdbf87c2c 100644
--- a/packages/server/src/startup.ts
+++ b/packages/server/src/startup.ts
@@ -5,7 +5,7 @@ import {
   generateApiKey,
   getChecklist,
 } from "./utilities/workerRequests"
-import { installation, tenancy, logging } from "@budibase/backend-core"
+import { installation, tenancy, logging, events } from "@budibase/backend-core"
 import fs from "fs"
 import { watch } from "./watch"
 import * as automations from "./automations"
@@ -124,6 +124,9 @@ export async function startup(app?: any, server?: any) {
   // get the references to the queue promises, don't await as
   // they will never end, unless the processing stops
   let queuePromises = []
+  // configure events to use the pro audit log write
+  // can't integrate directly into backend-core due to cyclic issues
+  queuePromises.push(events.processors.init(pro.sdk.auditLogs.write))
   queuePromises.push(automations.init())
   queuePromises.push(initPro())
   if (app) {
diff --git a/packages/server/src/tests/jestEnv.ts b/packages/server/src/tests/jestEnv.ts
index 9707893bd9..7727bb6007 100644
--- a/packages/server/src/tests/jestEnv.ts
+++ b/packages/server/src/tests/jestEnv.ts
@@ -1,9 +1,11 @@
-import env from "../environment"
 import { tmpdir } from "os"
 
-env._set("SELF_HOSTED", "1")
-env._set("NODE_ENV", "jest")
-env._set("MULTI_TENANCY", "1")
+process.env.SELF_HOSTED = "1"
+process.env.NODE_ENV = "jest"
+process.env.MULTI_TENANCY = "1"
 // @ts-ignore
-env._set("BUDIBASE_DIR", tmpdir("budibase-unittests"))
-env._set("LOG_LEVEL", "silent")
+process.env.BUDIBASE_DIR = tmpdir("budibase-unittests")
+process.env.LOG_LEVEL = process.env.LOG_LEVEL || "error"
+process.env.ENABLE_4XX_HTTP_LOGGING = "0"
+process.env.MOCK_REDIS = "1"
+process.env.PLATFORM_URL = "http://localhost:10000"
diff --git a/packages/server/src/tests/jestSetup.ts b/packages/server/src/tests/jestSetup.ts
index d87ccbfe7c..b052d9941b 100644
--- a/packages/server/src/tests/jestSetup.ts
+++ b/packages/server/src/tests/jestSetup.ts
@@ -1,3 +1,4 @@
+import "./logging"
 import env from "../environment"
 import { env as coreEnv } from "@budibase/backend-core"
 import { testContainerUtils } from "@budibase/backend-core/tests"
diff --git a/packages/server/src/tests/logging.ts b/packages/server/src/tests/logging.ts
new file mode 100644
index 0000000000..271f4d62ff
--- /dev/null
+++ b/packages/server/src/tests/logging.ts
@@ -0,0 +1,34 @@
+export enum LogLevel {
+  TRACE = "trace",
+  DEBUG = "debug",
+  INFO = "info",
+  WARN = "warn",
+  ERROR = "error",
+}
+
+const LOG_INDEX: { [key in LogLevel]: number } = {
+  [LogLevel.TRACE]: 1,
+  [LogLevel.DEBUG]: 2,
+  [LogLevel.INFO]: 3,
+  [LogLevel.WARN]: 4,
+  [LogLevel.ERROR]: 5,
+}
+
+const setIndex = LOG_INDEX[process.env.LOG_LEVEL as LogLevel]
+
+if (setIndex > LOG_INDEX.trace) {
+  global.console.trace = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.debug) {
+  global.console.debug = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.info) {
+  global.console.info = jest.fn()
+  global.console.log = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.warn) {
+  global.console.warn = jest.fn()
+}
diff --git a/packages/server/src/tests/utilities/TestConfiguration.ts b/packages/server/src/tests/utilities/TestConfiguration.ts
index aa149b092c..e9b770229f 100644
--- a/packages/server/src/tests/utilities/TestConfiguration.ts
+++ b/packages/server/src/tests/utilities/TestConfiguration.ts
@@ -21,7 +21,6 @@ import {
   basicScreen,
   basicLayout,
   basicWebhook,
-  TENANT_ID,
 } from "./structures"
 import {
   constants,
@@ -41,8 +40,8 @@ import { generateUserMetadataID } from "../../db/utils"
 import { startup } from "../../startup"
 import supertest from "supertest"
 import {
+  App,
   AuthToken,
-  Database,
   Datasource,
   Row,
   SourceName,
@@ -63,7 +62,7 @@ class TestConfiguration {
   started: boolean
   appId: string | null
   allApps: any[]
-  app: any
+  app?: App
   prodApp: any
   prodAppId: any
   user: any
@@ -73,7 +72,7 @@ class TestConfiguration {
   linkedTable: any
   automation: any
   datasource: any
-  tenantId: string | null
+  tenantId?: string
   defaultUserValues: DefaultUserValues
 
   constructor(openServer = true) {
@@ -89,7 +88,6 @@ class TestConfiguration {
     }
     this.appId = null
     this.allApps = []
-    this.tenantId = null
     this.defaultUserValues = this.populateDefaultUserValues()
   }
 
@@ -154,19 +152,10 @@ class TestConfiguration {
 
   // use a new id as the name to avoid name collisions
   async init(appName = newid()) {
-    this.defaultUserValues = this.populateDefaultUserValues()
-    if (context.isMultiTenant()) {
-      this.tenantId = structures.tenant.id()
-    }
-
     if (!this.started) {
       await startup()
     }
-    this.user = await this.globalUser()
-    this.globalUserId = this.user._id
-    this.userMetadataId = generateUserMetadataID(this.globalUserId)
-
-    return this.createApp(appName)
+    return this.newTenant(appName)
   }
 
   end() {
@@ -182,24 +171,22 @@ class TestConfiguration {
   }
 
   // MODES
-  #setMultiTenancy = (value: boolean) => {
+  setMultiTenancy = (value: boolean) => {
     env._set("MULTI_TENANCY", value)
     coreEnv._set("MULTI_TENANCY", value)
   }
 
-  #setSelfHosted = (value: boolean) => {
+  setSelfHosted = (value: boolean) => {
     env._set("SELF_HOSTED", value)
     coreEnv._set("SELF_HOSTED", value)
   }
 
   modeCloud = () => {
-    this.#setSelfHosted(false)
-    this.#setMultiTenancy(true)
+    this.setSelfHosted(false)
   }
 
   modeSelf = () => {
-    this.#setSelfHosted(true)
-    this.#setMultiTenancy(false)
+    this.setSelfHosted(true)
   }
 
   // UTILS
@@ -236,42 +223,41 @@ class TestConfiguration {
     email = this.defaultUserValues.email,
     roles,
   }: any = {}) {
-    return tenancy.doWithGlobalDB(this.getTenantId(), async (db: Database) => {
-      let existing
-      try {
-        existing = await db.get(id)
-      } catch (err) {
-        existing = { email }
-      }
-      const user = {
-        _id: id,
-        ...existing,
-        roles: roles || {},
-        tenantId: this.getTenantId(),
-        firstName,
-        lastName,
-      }
-      await sessions.createASession(id, {
-        sessionId: "sessionid",
-        tenantId: this.getTenantId(),
-        csrfToken: this.defaultUserValues.csrfToken,
-      })
-      if (builder) {
-        user.builder = { global: true }
-      } else {
-        user.builder = { global: false }
-      }
-      if (admin) {
-        user.admin = { global: true }
-      } else {
-        user.admin = { global: false }
-      }
-      const resp = await db.put(user)
-      return {
-        _rev: resp.rev,
-        ...user,
-      }
+    const db = tenancy.getTenantDB(this.getTenantId())
+    let existing
+    try {
+      existing = await db.get(id)
+    } catch (err) {
+      existing = { email }
+    }
+    const user = {
+      _id: id,
+      ...existing,
+      roles: roles || {},
+      tenantId: this.getTenantId(),
+      firstName,
+      lastName,
+    }
+    await sessions.createASession(id, {
+      sessionId: "sessionid",
+      tenantId: this.getTenantId(),
+      csrfToken: this.defaultUserValues.csrfToken,
     })
+    if (builder) {
+      user.builder = { global: true }
+    } else {
+      user.builder = { global: false }
+    }
+    if (admin) {
+      user.admin = { global: true }
+    } else {
+      user.admin = { global: false }
+    }
+    const resp = await db.put(user)
+    return {
+      _rev: resp.rev,
+      ...user,
+    }
   }
 
   async createUser(
@@ -355,6 +341,8 @@ class TestConfiguration {
     })
   }
 
+  // HEADERS
+
   defaultHeaders(extras = {}) {
     const tenantId = this.getTenantId()
     const authObj: AuthToken = {
@@ -375,6 +363,7 @@ class TestConfiguration {
         `${constants.Cookie.CurrentApp}=${appToken}`,
       ],
       [constants.Header.CSRF_TOKEN]: this.defaultUserValues.csrfToken,
+      Host: this.tenantHost(),
       ...extras,
     }
 
@@ -384,10 +373,6 @@ class TestConfiguration {
     return headers
   }
 
-  getTenantId() {
-    return this.tenantId || TENANT_ID
-  }
-
   publicHeaders({ prodApp = true } = {}) {
     const appId = prodApp ? this.prodAppId : this.appId
 
@@ -398,9 +383,7 @@ class TestConfiguration {
       headers[constants.Header.APP_ID] = appId
     }
 
-    if (this.tenantId) {
-      headers[constants.Header.TENANT_ID] = this.tenantId
-    }
+    headers[constants.Header.TENANT_ID] = this.getTenantId()
 
     return headers
   }
@@ -414,27 +397,54 @@ class TestConfiguration {
     return this.login({ email, roleId, builder, prodApp })
   }
 
+  // TENANCY
+
+  tenantHost() {
+    const tenantId = this.getTenantId()
+    const platformHost = new URL(coreEnv.PLATFORM_URL).host.split(":")[0]
+    return `${tenantId}.${platformHost}`
+  }
+
+  getTenantId() {
+    if (!this.tenantId) {
+      throw new Error("no test tenant id - init has not been called")
+    }
+    return this.tenantId
+  }
+
+  async newTenant(appName = newid()): Promise<App> {
+    this.defaultUserValues = this.populateDefaultUserValues()
+    this.tenantId = structures.tenant.id()
+    this.user = await this.globalUser()
+    this.globalUserId = this.user._id
+    this.userMetadataId = generateUserMetadataID(this.globalUserId)
+    return this.createApp(appName)
+  }
+
+  doInTenant(task: any) {
+    return context.doInTenant(this.getTenantId(), task)
+  }
+
   // API
 
   async generateApiKey(userId = this.defaultUserValues.globalUserId) {
-    return tenancy.doWithGlobalDB(this.getTenantId(), async (db: any) => {
-      const id = dbCore.generateDevInfoID(userId)
-      let devInfo
-      try {
-        devInfo = await db.get(id)
-      } catch (err) {
-        devInfo = { _id: id, userId }
-      }
-      devInfo.apiKey = encryption.encrypt(
-        `${this.getTenantId()}${dbCore.SEPARATOR}${newid()}`
-      )
-      await db.put(devInfo)
-      return devInfo.apiKey
-    })
+    const db = tenancy.getTenantDB(this.getTenantId())
+    const id = dbCore.generateDevInfoID(userId)
+    let devInfo
+    try {
+      devInfo = await db.get(id)
+    } catch (err) {
+      devInfo = { _id: id, userId }
+    }
+    devInfo.apiKey = encryption.encrypt(
+      `${this.getTenantId()}${dbCore.SEPARATOR}${newid()}`
+    )
+    await db.put(devInfo)
+    return devInfo.apiKey
   }
 
   // APP
-  async createApp(appName: string) {
+  async createApp(appName: string): Promise<App> {
     // create dev app
     // clear any old app
     this.appId = null
@@ -444,7 +454,7 @@ class TestConfiguration {
         null,
         controllers.app.create
       )
-      this.appId = this.app.appId
+      this.appId = this.app?.appId!
     })
     return await context.doInAppContext(this.appId, async () => {
       // create production app
diff --git a/packages/server/src/tests/utilities/structures.ts b/packages/server/src/tests/utilities/structures.ts
index c1959dc791..e38c0a5275 100644
--- a/packages/server/src/tests/utilities/structures.ts
+++ b/packages/server/src/tests/utilities/structures.ts
@@ -13,8 +13,6 @@ import {
 
 const { v4: uuidv4 } = require("uuid")
 
-export const TENANT_ID = "default"
-
 export function basicTable() {
   return {
     name: "TestTable",
diff --git a/packages/server/src/utilities/redis.ts b/packages/server/src/utilities/redis.ts
index 1b7a3ce64c..dc37baae58 100644
--- a/packages/server/src/utilities/redis.ts
+++ b/packages/server/src/utilities/redis.ts
@@ -21,6 +21,8 @@ export async function shutdown() {
   if (devAppClient) await devAppClient.finish()
   if (debounceClient) await debounceClient.finish()
   if (flagClient) await flagClient.finish()
+  // shutdown core clients
+  await redis.clients.shutdown()
   console.log("Redis shutdown")
 }
 
diff --git a/packages/server/tsconfig.build.json b/packages/server/tsconfig.build.json
index 212fc1479d..9289b6f9da 100644
--- a/packages/server/tsconfig.build.json
+++ b/packages/server/tsconfig.build.json
@@ -20,6 +20,7 @@
     "dist",
     "src/tests",
     "src/api/routes/tests/utilities",
+    "src/api/routes/public/tests/utils.ts",
     "src/automations/tests/utilities",
     "**/*.spec.ts",
     "**/*.spec.js"
diff --git a/packages/server/yarn.lock b/packages/server/yarn.lock
index 497507c40d..b3996e5a3c 100644
--- a/packages/server/yarn.lock
+++ b/packages/server/yarn.lock
@@ -1278,13 +1278,14 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.16.tgz#05a8434501718b9eab0109be03c677c1d546fe17"
-  integrity sha512-wMuqxKVua3/3XejUMH/fJQgu1kK6t4HYpB5AY58sumNSLbFFp1MyqL+1LMSmpUY0nbjExq+9+wseNsnbWicWUw==
+"@budibase/backend-core@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.21-alpha.1.tgz#151eaee7f30a3c9bf8e5ab3c30bdbb67a34f9b26"
+  integrity sha512-YyclBgY7YGjlzjI2fNRSj4vJfudXB+1KjZBvZ5EhGKvPZDqhIE+I+7nXRxxFxTtEe0m+p673KjntgREybXPZaQ==
   dependencies:
-    "@budibase/nano" "10.1.1"
-    "@budibase/types" "^2.3.16"
+    "@budibase/nano" "10.1.2"
+    "@budibase/pouchdb-replication-stream" "1.2.10"
+    "@budibase/types" "2.3.21-alpha.1"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-cloudfront-sign "2.2.0"
@@ -1309,7 +1310,6 @@
     posthog-node "1.3.0"
     pouchdb "7.3.0"
     pouchdb-find "7.2.2"
-    pouchdb-replication-stream "1.2.9"
     redlock "4.2.0"
     sanitize-s3-objectkey "0.0.1"
     semver "7.3.7"
@@ -1367,10 +1367,35 @@
     svelte-flatpickr "^3.2.3"
     svelte-portal "^1.0.0"
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/handlebars-helpers@^0.11.8":
+  version "0.11.8"
+  resolved "https://registry.yarnpkg.com/@budibase/handlebars-helpers/-/handlebars-helpers-0.11.8.tgz#6953d29673a8c5c407e096c0a84890465c7ce841"
+  integrity sha512-ggWJUt0GqsHFAEup5tlWlcrmYML57nKhpNGGLzVsqXVYN8eVmf3xluYmmMe7fDYhQH0leSprrdEXmsdFQF3HAQ==
+  dependencies:
+    array-sort "^1.0.0"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    for-in "^1.0.2"
+    get-object "^0.2.0"
+    get-value "^3.0.1"
+    handlebars "^4.7.7"
+    handlebars-utils "^1.0.6"
+    has-value "^2.0.2"
+    helper-md "^0.2.2"
+    html-tag "^2.0.0"
+    is-even "^1.0.0"
+    is-glob "^4.0.1"
+    kind-of "^6.0.3"
+    micromatch "^3.1.5"
+    relative "^3.0.2"
+    striptags "^3.1.1"
+    to-gfm-code-block "^0.1.1"
+    year "^0.2.1"
+
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
@@ -1379,18 +1404,33 @@
     qs "^6.11.0"
     tough-cookie "^4.1.2"
 
-"@budibase/pro@2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.16.tgz#3eca93b826ed6da5b6941d8b384c34c57da2b1b4"
-  integrity sha512-lIbPXOs61WP7jE80XHRDkBRmSEMYjiaog+qw0dUVP+Kp1QvBDa5Bdg7ESiy8YBae2+55FqXsb8nXjsqqbwFWDA==
+"@budibase/pouchdb-replication-stream@1.2.10":
+  version "1.2.10"
+  resolved "https://registry.yarnpkg.com/@budibase/pouchdb-replication-stream/-/pouchdb-replication-stream-1.2.10.tgz#4100df2effd7c823edadddcdbdc380f6827eebf5"
+  integrity sha512-1zeorOwbelZ7HF5vFB+pKE8Mnh31om8k1M6T3AZXVULYTHLsyJrMTozSv5CJ1P8ZfOIJab09HDzCXDh2icFekg==
   dependencies:
-    "@budibase/backend-core" "2.3.16"
-    "@budibase/types" "2.3.16"
+    argsarray "0.0.1"
+    inherits "^2.0.3"
+    lodash.pick "^4.0.0"
+    ndjson "^1.4.3"
+    pouch-stream "^0.4.0"
+    pouchdb-promise "^6.0.4"
+    through2 "^2.0.0"
+
+"@budibase/pro@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.21-alpha.1.tgz#c7ccff06c36b7dafbdaafdfb525c2ca72ebfd050"
+  integrity sha512-oxOM+0le4SNk2b9jI9sym8qBwi4Uu1soJG68TSdoLluHXzQsXJNrwueO5FY8PS+50Y2HmeIQPCVw2fGWRC7Cjg==
+  dependencies:
+    "@budibase/backend-core" "2.3.21-alpha.1"
+    "@budibase/string-templates" "2.3.20"
+    "@budibase/types" "2.3.21-alpha.1"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
     jsonwebtoken "8.5.1"
     lru-cache "^7.14.1"
+    memorystream "^0.3.1"
     node-fetch "^2.6.1"
 
 "@budibase/standard-components@^0.9.139":
@@ -1411,10 +1451,22 @@
     svelte-apexcharts "^1.0.2"
     svelte-flatpickr "^3.1.0"
 
-"@budibase/types@2.3.16", "@budibase/types@^2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.16.tgz#6d94b5f34ca58bcca1cca45737d0d1d0b21c9413"
-  integrity sha512-7caUKOlhleQL5gRqcgxSWvHcWIbl8hRPFl5ttWlLTfGO7BDMIRrcW7Wmptmgzoc6MiNCQAQ/uuZ8DeVOlJKRBA==
+"@budibase/string-templates@2.3.20":
+  version "2.3.20"
+  resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-2.3.20.tgz#35f74b6f515e8127cc375ee0a4679b0a7c117588"
+  integrity sha512-wMKau3IzVF6M+dRu99aKV1yMdrrK5lghVm9qYtR1B163SMbHEwC8JmZFGPLIi1XsG0T+vw+xfcemfJ2zcATWwg==
+  dependencies:
+    "@budibase/handlebars-helpers" "^0.11.8"
+    dayjs "^1.10.4"
+    handlebars "^4.7.6"
+    handlebars-utils "^1.0.6"
+    lodash "^4.17.20"
+    vm2 "^3.9.4"
+
+"@budibase/types@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.21-alpha.1.tgz#d606f5f8d47ad5e50f80b09ae0434802b810c041"
+  integrity sha512-55Hk7/s7IV4+u1IjuKwlHKPKutsKbHbNbKPK0FStiZgCMG7/+GPysRWdSY9VgLL9XPHOlQ5dtI6jzuWU7ihH/g==
 
 "@bull-board/api@3.7.0":
   version "3.7.0"
@@ -3581,6 +3633,14 @@
   resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c"
   integrity sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==
 
+"@types/superagent@*":
+  version "4.1.16"
+  resolved "https://registry.yarnpkg.com/@types/superagent/-/superagent-4.1.16.tgz#12c9c16f232f9d89beab91d69368f96ce8e2d881"
+  integrity sha512-tLfnlJf6A5mB6ddqF159GqcDizfzbMUB1/DeT59/wBNqzRTNNKsaw79A/1TZ84X+f/EwWH8FeuSkjlCLyqS/zQ==
+  dependencies:
+    "@types/cookiejar" "*"
+    "@types/node" "*"
+
 "@types/superagent@^4.1.12":
   version "4.1.15"
   resolved "https://registry.yarnpkg.com/@types/superagent/-/superagent-4.1.15.tgz#63297de457eba5e2bc502a7609426c4cceab434a"
@@ -3589,6 +3649,13 @@
     "@types/cookiejar" "*"
     "@types/node" "*"
 
+"@types/supertest@2.0.12":
+  version "2.0.12"
+  resolved "https://registry.yarnpkg.com/@types/supertest/-/supertest-2.0.12.tgz#ddb4a0568597c9aadff8dbec5b2e8fddbe8692fc"
+  integrity sha512-X3HPWTwXRerBZS7Mo1k6vMVR1Z6zmJcDVn5O/31whe0tnjE4te6ZJSJGq1RiqHPjzPdMTfjCFogDJmwng9xHaQ==
+  dependencies:
+    "@types/superagent" "*"
+
 "@types/tar@6.1.3":
   version "6.1.3"
   resolved "https://registry.yarnpkg.com/@types/tar/-/tar-6.1.3.tgz#46a2ce7617950c4852dfd7e9cd41aa8161b9d750"
@@ -4202,7 +4269,7 @@ arg@^4.1.0:
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
   integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
 
-argparse@^1.0.7:
+argparse@^1.0.10, argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
   integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
@@ -4249,6 +4316,15 @@ array-equal@^1.0.0:
   resolved "https://registry.yarnpkg.com/array-equal/-/array-equal-1.0.0.tgz#8c2a5ef2472fd9ea742b04c77a75093ba2757c93"
   integrity sha512-H3LU5RLiSsGXPhN+Nipar0iR0IofH+8r89G2y1tBKxQ/agagKyAjhkAFDRBfodP2caPrNKHpAWNIM/c9yeL7uA==
 
+array-sort@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/array-sort/-/array-sort-1.0.0.tgz#e4c05356453f56f53512a7d1d6123f2c54c0a88a"
+  integrity sha512-ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg==
+  dependencies:
+    default-compare "^1.0.0"
+    get-value "^2.0.6"
+    kind-of "^5.0.2"
+
 array-union@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d"
@@ -4275,7 +4351,7 @@ arrify@^2.0.0:
   resolved "https://registry.yarnpkg.com/arrify/-/arrify-2.0.1.tgz#c9655e9331e0abcd588d2a7cad7e9956f66701fa"
   integrity sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==
 
-asap@^2.0.3:
+asap@^2.0.0, asap@^2.0.3:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46"
   integrity sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==
@@ -4392,6 +4468,13 @@ atomic-sleep@^1.0.0:
   resolved "https://registry.yarnpkg.com/atomic-sleep/-/atomic-sleep-1.0.0.tgz#eb85b77a601fc932cfe432c5acd364a9e2c9075b"
   integrity sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==
 
+autolinker@~0.28.0:
+  version "0.28.1"
+  resolved "https://registry.yarnpkg.com/autolinker/-/autolinker-0.28.1.tgz#0652b491881879f0775dace0cdca3233942a4e47"
+  integrity sha512-zQAFO1Dlsn69eXaO6+7YZc+v84aquQKbwpzCE3L0stj56ERn9hutFxPopViLjo9G+rWwjozRhgS5KJ25Xy19cQ==
+  dependencies:
+    gulp-header "^1.7.1"
+
 available-typed-arrays@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7"
@@ -5450,7 +5533,7 @@ commoner@^0.10.1:
     q "^1.1.2"
     recast "^0.11.17"
 
-component-emitter@^1.2.0, component-emitter@^1.2.1:
+component-emitter@^1.2.1, component-emitter@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
   integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==
@@ -5472,6 +5555,13 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+concat-with-sourcemaps@*:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/concat-with-sourcemaps/-/concat-with-sourcemaps-1.1.0.tgz#d4ea93f05ae25790951b99e7b3b09e3908a4082e"
+  integrity sha512-4gEjHJFT9e+2W/77h/DS5SGUgwDaOwprX8L/gl5+3ixnzkVJJsZWDSelmN3Oilw3LNDZjZV0yqH1hLG3k6nghg==
+  dependencies:
+    source-map "^0.6.1"
+
 condense-newlines@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/condense-newlines/-/condense-newlines-0.2.1.tgz#3de985553139475d32502c83b02f60684d24c55f"
@@ -5552,7 +5642,7 @@ cookie@^0.5.0:
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
   integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
 
-cookiejar@^2.1.0:
+cookiejar@^2.1.3:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"
   integrity sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==
@@ -5913,6 +6003,13 @@ deepmerge@^4.2.2:
   resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
   integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
 
+default-compare@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/default-compare/-/default-compare-1.0.0.tgz#cb61131844ad84d84788fb68fd01681ca7781a2f"
+  integrity sha512-QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ==
+  dependencies:
+    kind-of "^5.0.2"
+
 default-shell@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/default-shell/-/default-shell-1.0.1.tgz#752304bddc6174f49eb29cb988feea0b8813c8bc"
@@ -6044,6 +6141,14 @@ detective@^4.3.1:
     acorn "^5.2.1"
     defined "^1.0.0"
 
+dezalgo@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.4.tgz#751235260469084c132157dfa857f386d4c33d81"
+  integrity sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==
+  dependencies:
+    asap "^2.0.0"
+    wrappy "1"
+
 diagnostics_channel@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/diagnostics_channel/-/diagnostics_channel-1.1.0.tgz#bd66c49124ce3bac697dff57466464487f57cea5"
@@ -6086,20 +6191,13 @@ dir-glob@^3.0.1:
   dependencies:
     path-type "^4.0.0"
 
-docker-compose@0.23.17:
+docker-compose@0.23.17, docker-compose@^0.23.5:
   version "0.23.17"
   resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.17.tgz#8816bef82562d9417dc8c790aa4871350f93a2ba"
   integrity sha512-YJV18YoYIcxOdJKeFcCFihE6F4M2NExWM/d4S1ITcS9samHKnNUihz9kjggr0dNtsrbpFNc7/Yzd19DWs+m1xg==
   dependencies:
     yaml "^1.10.2"
 
-docker-compose@^0.23.5:
-  version "0.23.19"
-  resolved "https://registry.yarnpkg.com/docker-compose/-/docker-compose-0.23.19.tgz#9947726e2fe67bdfa9e8efe1ff15aa0de2e10eb8"
-  integrity sha512-v5vNLIdUqwj4my80wxFDkNH+4S85zsRuH29SO7dCWVWPCMt/ohZBsGN6g6KXWifT0pzQ7uOxqEKCYCDPJ8Vz4g==
-  dependencies:
-    yaml "^1.10.2"
-
 docker-modem@^3.0.0:
   version "3.0.6"
   resolved "https://registry.yarnpkg.com/docker-modem/-/docker-modem-3.0.6.tgz#8c76338641679e28ec2323abb65b3276fb1ce597"
@@ -6388,6 +6486,11 @@ enhanced-resolve@^5.9.3:
     graceful-fs "^4.2.4"
     tapable "^2.2.0"
 
+ent@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d"
+  integrity sha512-GHrMyVZQWvTIdDtpiEXdHZnFQKzeO09apj8Cbl4pKWy4i0Oprcq17usfDt5aO63swf0JOeMWjWQE/LzgSRuWpA==
+
 entities@~2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/entities/-/entities-2.1.0.tgz#992d3129cf7df6870b96c57858c249a120f8b8b5"
@@ -6947,6 +7050,11 @@ expose-loader@^3.1.0:
   resolved "https://registry.yarnpkg.com/expose-loader/-/expose-loader-3.1.0.tgz#7a0bdecb345b921ca238a8c4715a4ea7e227213f"
   integrity sha512-2RExSo0yJiqP+xiUue13jQa2IHE8kLDzTI7b6kn+vUlBVvlzNSiLDzo4e5Pp5J039usvTUnxZ8sUOhv0Kg15NA==
 
+express-useragent@^1.0.15:
+  version "1.0.15"
+  resolved "https://registry.yarnpkg.com/express-useragent/-/express-useragent-1.0.15.tgz#cefda5fa4904345d51d3368b117a8dd4124985d9"
+  integrity sha512-eq5xMiYCYwFPoekffMjvEIk+NWdlQY9Y38OsTyl13IvA728vKT+q/CSERYWzcw93HGBJcIqMIsZC5CZGARPVdg==
+
 ext-list@^2.0.0:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/ext-list/-/ext-list-2.2.2.tgz#0b98e64ed82f5acf0f2931babf69212ef52ddd37"
@@ -6977,7 +7085,7 @@ extend-shallow@^3.0.0, extend-shallow@^3.0.2:
     assign-symbols "^1.0.0"
     is-extendable "^1.0.1"
 
-extend@^3.0.0, extend@^3.0.2, extend@~3.0.2:
+extend@^3.0.2, extend@~3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
   integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
@@ -7066,7 +7174,7 @@ fast-redact@^3.0.0:
   resolved "https://registry.yarnpkg.com/fast-redact/-/fast-redact-3.1.1.tgz#790fcff8f808c2e12fabbfb2be5cb2deda448fa0"
   integrity sha512-odVmjC8x8jNeMZ3C+rPMESzXVSEU8tSWSHv9HFxP2mm89G/1WwqhrerJDQm9Zus8X6aoRgQDThKqptdNA6bt+A==
 
-fast-safe-stringify@^2.0.7, fast-safe-stringify@^2.0.8:
+fast-safe-stringify@^2.0.7, fast-safe-stringify@^2.0.8, fast-safe-stringify@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz#c406a83b6e70d9e35ce3b30a81141df30aeba884"
   integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==
@@ -7358,7 +7466,7 @@ form-data@4.0.0, form-data@^4.0.0:
     combined-stream "^1.0.8"
     mime-types "^2.1.12"
 
-form-data@^2.3.1, form-data@^2.5.0:
+form-data@^2.5.0:
   version "2.5.1"
   resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.5.1.tgz#f2cbec57b5e59e23716e128fe44d4e5dd23895f4"
   integrity sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==
@@ -7385,11 +7493,21 @@ form-data@~2.3.2:
     combined-stream "^1.0.6"
     mime-types "^2.1.12"
 
-formidable@^1.1.1, formidable@^1.2.0:
+formidable@^1.1.1:
   version "1.2.6"
   resolved "https://registry.yarnpkg.com/formidable/-/formidable-1.2.6.tgz#d2a51d60162bbc9b4a055d8457a7c75315d1a168"
   integrity sha512-KcpbcpuLNOwrEjnbpMC0gS+X8ciDoZE1kkqzat4a8vrprf+s9pKNQ/QIwWfbfs4ltgmFl3MD177SNTkve3BwGQ==
 
+formidable@^2.0.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/formidable/-/formidable-2.1.1.tgz#81269cbea1a613240049f5f61a9d97731517414f"
+  integrity sha512-0EcS9wCFEzLvfiks7omJ+SiYJAiD+TzK4Pcw1UlUoGnhUxDcMKjt0P7x8wEb0u6OHu8Nb98WG3nxtlF5C7bvUQ==
+  dependencies:
+    dezalgo "^1.0.4"
+    hexoid "^1.0.0"
+    once "^1.4.0"
+    qs "^6.11.0"
+
 forwarded-parse@^2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/forwarded-parse/-/forwarded-parse-2.1.2.tgz#08511eddaaa2ddfd56ba11138eee7df117a09325"
@@ -7573,6 +7691,14 @@ get-intrinsic@^1.0.2, get-intrinsic@^1.1.0, get-intrinsic@^1.1.1:
     has "^1.0.3"
     has-symbols "^1.0.3"
 
+get-object@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/get-object/-/get-object-0.2.0.tgz#d92ff7d5190c64530cda0543dac63a3d47fe8c0c"
+  integrity sha512-7P6y6k6EzEFmO/XyUyFlXm1YLJy9xeA1x/grNV8276abX5GuwUtYgKFkRFkLixw4hf4Pz9q2vgv/8Ar42R0HuQ==
+  dependencies:
+    is-number "^2.0.2"
+    isobject "^0.2.0"
+
 get-package-type@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a"
@@ -7635,6 +7761,13 @@ get-value@^2.0.3, get-value@^2.0.6:
   resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
   integrity sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA==
 
+get-value@^3.0.0, get-value@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-3.0.1.tgz#5efd2a157f1d6a516d7524e124ac52d0a39ef5a8"
+  integrity sha512-mKZj9JLQrwMBtj5wxi6MH8Z5eSKaERpAwjg43dPtlGI1ZVEgH/qC7T8/6R2OBSUA+zzHBZgICsVJaEIV2tKTDA==
+  dependencies:
+    isobject "^3.0.1"
+
 getopts@2.3.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/getopts/-/getopts-2.3.0.tgz#71e5593284807e03e2427449d4f6712a268666f4"
@@ -7922,7 +8055,24 @@ gtoken@^5.0.4:
     google-p12-pem "^3.1.3"
     jws "^4.0.0"
 
-handlebars@^4.7.7:
+gulp-header@^1.7.1:
+  version "1.8.12"
+  resolved "https://registry.yarnpkg.com/gulp-header/-/gulp-header-1.8.12.tgz#ad306be0066599127281c4f8786660e705080a84"
+  integrity sha512-lh9HLdb53sC7XIZOYzTXM4lFuXElv3EVkSDhsd7DoJBj7hm+Ni7D3qYbb+Rr8DuM8nRanBvkVO9d7askreXGnQ==
+  dependencies:
+    concat-with-sourcemaps "*"
+    lodash.template "^4.4.0"
+    through2 "^2.0.0"
+
+handlebars-utils@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/handlebars-utils/-/handlebars-utils-1.0.6.tgz#cb9db43362479054782d86ffe10f47abc76357f9"
+  integrity sha512-d5mmoQXdeEqSKMtQQZ9WkiUcO1E3tPbWxluCK9hVgIDPzQa9WsKo3Lbe/sGflTe7TomHEeZaOgwIkyIr1kfzkw==
+  dependencies:
+    kind-of "^6.0.0"
+    typeof-article "^0.1.1"
+
+handlebars@^4.7.6, handlebars@^4.7.7:
   version "4.7.7"
   resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
   integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
@@ -8016,6 +8166,14 @@ has-value@^1.0.0:
     has-values "^1.0.0"
     isobject "^3.0.0"
 
+has-value@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-2.0.2.tgz#d0f12e8780ba8e90e66ad1a21c707fdb67c25658"
+  integrity sha512-ybKOlcRsK2MqrM3Hmz/lQxXHZ6ejzSPzpNabKB45jb5qDgJvKPa3SdapTsTLwEb9WltgWpOmNax7i+DzNOk4TA==
+  dependencies:
+    get-value "^3.0.0"
+    has-values "^2.0.1"
+
 has-values@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
@@ -8029,6 +8187,13 @@ has-values@^1.0.0:
     is-number "^3.0.0"
     kind-of "^4.0.0"
 
+has-values@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-2.0.1.tgz#3876200ff86d8a8546a9264a952c17d5fc17579d"
+  integrity sha512-+QdH3jOmq9P8GfdjFg0eJudqx1FqU62NQJ4P16rOEHeRdl7ckgwn6uqQjzYE0ZoHVV/e5E2esuJ5Gl5+HUW19w==
+  dependencies:
+    kind-of "^6.0.2"
+
 has-yarn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77"
@@ -8041,6 +8206,21 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
+helper-md@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/helper-md/-/helper-md-0.2.2.tgz#c1f59d7e55bbae23362fd8a0e971607aec69d41f"
+  integrity sha512-49TaQzK+Ic7ZVTq4i1UZxRUJEmAilTk8hz7q4I0WNUaTclLR8ArJV5B3A1fe1xF2HtsDTr2gYKLaVTof/Lt84Q==
+  dependencies:
+    ent "^2.2.0"
+    extend-shallow "^2.0.1"
+    fs-exists-sync "^0.1.0"
+    remarkable "^1.6.2"
+
+hexoid@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18"
+  integrity sha512-QFLV0taWQOZtvIRIAdBChesmogZrtuXvVWsFHZTk2SU+anspqZ2vMnoLg7IE1+Uk16N19APic1BuF8bC8c2m5g==
+
 homedir-polyfill@^1.0.0, homedir-polyfill@^1.0.1:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz#743298cef4e5af3e194161fbadcc2151d3a058e8"
@@ -8070,6 +8250,14 @@ html-escaper@^2.0.0:
   resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
   integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==
 
+html-tag@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/html-tag/-/html-tag-2.0.0.tgz#36c3bc8d816fd30b570d5764a497a641640c2fed"
+  integrity sha512-XxzooSo6oBoxBEUazgjdXj7VwTn/iSTSZzTYKzYY6I916tkaYzypHxy+pbVU1h+0UQ9JlVf5XkNQyxOAiiQO1g==
+  dependencies:
+    is-self-closing "^1.0.1"
+    kind-of "^6.0.0"
+
 http-assert@^1.3.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/http-assert/-/http-assert-1.5.0.tgz#c389ccd87ac16ed2dfa6246fd73b926aa00e6b8f"
@@ -8546,6 +8734,13 @@ is-docker@^2.0.0, is-docker@^2.1.1:
   resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-2.2.1.tgz#33eeabe23cfe86f14bde4408a02c0cfb853acdaa"
   integrity sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==
 
+is-even@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-even/-/is-even-1.0.0.tgz#76b5055fbad8d294a86b6a949015e1c97b717c06"
+  integrity sha512-LEhnkAdJqic4Dbqn58A0y52IXoHWlsueqQkKfMfdEnIYG8A1sm/GHidKkS6yvXlMoRrkM34csHnXQtOqcb+Jzg==
+  dependencies:
+    is-odd "^0.1.2"
+
 is-extendable@^0.1.0, is-extendable@^0.1.1:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
@@ -8652,6 +8847,13 @@ is-number-object@^1.0.4:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-number@^2.0.2:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-2.1.0.tgz#01fcbbb393463a548f2f466cce16dece49db908f"
+  integrity sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==
+  dependencies:
+    kind-of "^3.0.2"
+
 is-number@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
@@ -8674,6 +8876,13 @@ is-object@^1.0.1:
   resolved "https://registry.yarnpkg.com/is-object/-/is-object-1.0.2.tgz#a56552e1c665c9e950b4a025461da87e72f86fcf"
   integrity sha512-2rRIahhZr2UWb45fIOuvZGpFtz0TyOZLf32KxBbSoUCeZR495zCKlWUKKUByk3geS2eAs7ZAABt0Y/Rx0GiQGA==
 
+is-odd@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/is-odd/-/is-odd-0.1.2.tgz#bc573b5ce371ef2aad6e6f49799b72bef13978a7"
+  integrity sha512-Ri7C2K7o5IrUU9UEI8losXJCCD/UtsaIrkR5sxIcFg4xQ9cRJXlWA5DQvTE0yDc0krvSNLsRGXN11UPS6KyfBw==
+  dependencies:
+    is-number "^3.0.0"
+
 is-path-inside@^3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
@@ -8714,6 +8923,13 @@ is-retry-allowed@^2.2.0:
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz#88f34cbd236e043e71b6932d09b0c65fb7b4d71d"
   integrity sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==
 
+is-self-closing@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-self-closing/-/is-self-closing-1.0.1.tgz#5f406b527c7b12610176320338af0fa3896416e4"
+  integrity sha512-E+60FomW7Blv5GXTlYee2KDrnG6srxF7Xt1SjrhWUGUEsTFIqY/nq2y3DaftCsgUMdh89V07IVfhY9KIJhLezg==
+  dependencies:
+    self-closing-tags "^1.0.1"
+
 is-shared-array-buffer@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79"
@@ -8829,6 +9045,11 @@ isexe@^2.0.0:
   resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isobject@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-0.2.0.tgz#a3432192f39b910b5f02cc989487836ec70aa85e"
+  integrity sha512-VaWq6XYAsbvM0wf4dyBO7WH9D7GosB7ZZlqrawI9BBiTMINBeCyqSKBa35m870MY3O4aM31pYyZi9DfGrYMJrQ==
+
 isobject@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
@@ -10023,7 +10244,7 @@ keyv@^3.0.0:
   dependencies:
     json-buffer "3.0.0"
 
-kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
+kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.1.0, kind-of@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
   integrity sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==
@@ -10037,12 +10258,12 @@ kind-of@^4.0.0:
   dependencies:
     is-buffer "^1.1.5"
 
-kind-of@^5.0.0:
+kind-of@^5.0.0, kind-of@^5.0.2:
   version "5.1.0"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
   integrity sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==
 
-kind-of@^6.0.0, kind-of@^6.0.2:
+kind-of@^6.0.0, kind-of@^6.0.2, kind-of@^6.0.3:
   version "6.0.3"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
   integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
@@ -10192,6 +10413,13 @@ koa-static@5.0.0, koa-static@^5.0.0:
     debug "^3.1.0"
     koa-send "^5.0.0"
 
+koa-useragent@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/koa-useragent/-/koa-useragent-4.1.0.tgz#d3f128b552c6da3e5e9e9e9c887b2922b16e4468"
+  integrity sha512-x/HUDZ1zAmNNh5hA9hHbPm9p3UVg2prlpHzxCXQCzbibrNS0kmj7MkCResCbAbG7ZT6FVxNSMjR94ZGamdMwxA==
+  dependencies:
+    express-useragent "^1.0.15"
+
 koa-views@^7.0.1:
   version "7.0.2"
   resolved "https://registry.yarnpkg.com/koa-views/-/koa-views-7.0.2.tgz#c96fd9e2143ef00c29dc5160c5ed639891aa723d"
@@ -10462,6 +10690,11 @@ locate-path@^5.0.0:
   dependencies:
     p-locate "^4.1.0"
 
+lodash._reinterpolate@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
+  integrity sha512-xYHt68QRoYGjeeM/XOE1uJtvXQAgvszfBhjV4yvsQH0u2i9I6cI6c6/eG4Hh3UAOVn0y/xAXwmTzEay49Q//HA==
+
 lodash.camelcase@^4.3.0:
   version "4.3.0"
   resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6"
@@ -10572,6 +10805,21 @@ lodash.sortby@^4.7.0:
   resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
   integrity sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==
 
+lodash.template@^4.4.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
+  integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+    lodash.templatesettings "^4.0.0"
+
+lodash.templatesettings@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz#e481310f049d3cf6d47e912ad09313b154f0fb33"
+  integrity sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+
 lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
@@ -10587,7 +10835,7 @@ lodash.xor@^4.5.0:
   resolved "https://registry.yarnpkg.com/lodash.xor/-/lodash.xor-4.5.0.tgz#4d48ed7e98095b0632582ba714d3ff8ae8fb1db6"
   integrity sha512-sVN2zimthq7aZ5sPGXnSz32rZPuqcparVW50chJQe+mzTYV+IsxSsl/2gnkWWE2Of7K3myBQBqtLKOUEHJKRsQ==
 
-lodash@4.17.21, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.21, lodash@^4.17.3:
+lodash@4.17.21, lodash@^4.17.11, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.3:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
@@ -10655,7 +10903,12 @@ lru-cache@^6.0.0:
   dependencies:
     yallist "^4.0.0"
 
-lru-cache@^7.14.0, lru-cache@^7.14.1:
+lru-cache@^7.14.0:
+  version "7.16.1"
+  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.16.1.tgz#7acea16fecd9ed11430e78443c2bb81a06d3dea9"
+  integrity sha512-9kkuMZHnLH/8qXARvYSjNvq8S1GYFFzynQTAfKeaJ0sIrR3PUPuu37Z+EiIANiZBvpfTf2B5y8ecDLSMWlLv+w==
+
+lru-cache@^7.14.1:
   version "7.14.1"
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.14.1.tgz#8da8d2f5f59827edb388e63e459ac23d6d408fea"
   integrity sha512-ysxwsnTKdAx96aTRdhDOCQfDgbHnt8SK0KY8SEjO0wHinhWOFTESbjVCMPbU1uGXg/ch4lifqx0wfjOawU2+WA==
@@ -10814,7 +11067,7 @@ memory-pager@^1.0.2:
   resolved "https://registry.yarnpkg.com/memory-pager/-/memory-pager-1.5.0.tgz#d8751655d22d384682741c972f2c3d6dfa3e66b5"
   integrity sha512-ZS4Bp4r/Zoeq6+NLJpP+0Zzm0pR8whtGPf1XExKLJBAczGMnSi3It14OiNCStjQjM6NU1okjQGSxgEZN8eBYKg==
 
-memorystream@0.3.1:
+memorystream@0.3.1, memorystream@^0.3.1:
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2"
   integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw==
@@ -10834,12 +11087,12 @@ merge2@^1.3.0, merge2@^1.4.1:
   resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae"
   integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
 
-methods@^1.1.1, methods@^1.1.2:
+methods@^1.1.2:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
   integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
 
-micromatch@^3.1.10, micromatch@^3.1.4:
+micromatch@^3.1.10, micromatch@^3.1.4, micromatch@^3.1.5:
   version "3.1.10"
   resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
   integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==
@@ -10886,7 +11139,12 @@ mime-types@^2.1.12, mime-types@^2.1.18, mime-types@^2.1.24, mime-types@^2.1.27,
   dependencies:
     mime-db "1.52.0"
 
-mime@^1.3.4, mime@^1.4.1:
+mime@2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/mime/-/mime-2.6.0.tgz#a2a682a95cd4d0cb1d6257e28f83da7e35800367"
+  integrity sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==
+
+mime@^1.3.4:
   version "1.6.0"
   resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
   integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
@@ -12676,14 +12934,14 @@ q@^1.1.2:
   resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7"
   integrity sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw==
 
-qs@^6.11.0:
+qs@^6.10.3, qs@^6.11.0:
   version "6.11.0"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
   integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
   dependencies:
     side-channel "^1.0.4"
 
-qs@^6.4.0, qs@^6.5.1:
+qs@^6.4.0:
   version "6.10.5"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.5.tgz#974715920a80ff6a262264acd2c7e6c2a53282b4"
   integrity sha512-O5RlPh0VFtR78y79rgcgKK4wbAI0C5zGVLztOIdpWX6ep368q5Hv6XRxDvXuZ9q3C6v+e3n8UfZZJw7IIG27eQ==
@@ -13030,6 +13288,21 @@ relative-microtime@^2.0.0:
   resolved "https://registry.yarnpkg.com/relative-microtime/-/relative-microtime-2.0.0.tgz#cceed2af095ecd72ea32011279c79e5fcc7de29b"
   integrity sha512-l18ha6HEZc+No/uK4GyAnNxgKW7nvEe35IaeN54sShMojtqik2a6GbTyuiezkjpPaqP874Z3lW5ysBo5irz4NA==
 
+relative@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/relative/-/relative-3.0.2.tgz#0dcd8ec54a5d35a3c15e104503d65375b5a5367f"
+  integrity sha512-Q5W2qeYtY9GbiR8z1yHNZ1DGhyjb4AnLEjt8iE6XfcC1QIu+FAtj3HQaO0wH28H1mX6cqNLvAqWhP402dxJGyA==
+  dependencies:
+    isobject "^2.0.0"
+
+remarkable@^1.6.2:
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/remarkable/-/remarkable-1.7.4.tgz#19073cb960398c87a7d6546eaa5e50d2022fcd00"
+  integrity sha512-e6NKUXgX95whv7IgddywbeN/ItCkWbISmc2DiqHJb0wTrqZIexqdco5b8Z3XZoo/48IdNVKM9ZCvTPJ4F5uvhg==
+  dependencies:
+    argparse "^1.0.10"
+    autolinker "~0.28.0"
+
 remove-trailing-separator@^1.0.1:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz#c24bce2a283adad5bc3f58e0d48249b92379d8ef"
@@ -13378,6 +13651,11 @@ seek-bzip@^1.0.5:
   dependencies:
     commander "^2.8.1"
 
+self-closing-tags@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/self-closing-tags/-/self-closing-tags-1.0.1.tgz#6c5fa497994bb826b484216916371accee490a5d"
+  integrity sha512-7t6hNbYMxM+VHXTgJmxwgZgLGktuXtVVD5AivWzNTdJBM4DBjnDKDzkf2SrNjihaArpeJYNjxkELBu1evI4lQA==
+
 semver-compare@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc"
@@ -14166,6 +14444,11 @@ strip-outer@^1.0.0:
   dependencies:
     escape-string-regexp "^1.0.2"
 
+striptags@^3.1.1:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/striptags/-/striptags-3.2.0.tgz#cc74a137db2de8b0b9a370006334161f7dd67052"
+  integrity sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==
+
 style-loader@^3.3.1:
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-3.3.1.tgz#057dfa6b3d4d7c7064462830f9113ed417d38575"
@@ -14181,29 +14464,30 @@ sublevel-pouchdb@7.2.2:
     ltgt "2.2.1"
     readable-stream "1.1.14"
 
-superagent@^3.8.3:
-  version "3.8.3"
-  resolved "https://registry.yarnpkg.com/superagent/-/superagent-3.8.3.tgz#460ea0dbdb7d5b11bc4f78deba565f86a178e128"
-  integrity sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==
+superagent@^7.1.0:
+  version "7.1.6"
+  resolved "https://registry.yarnpkg.com/superagent/-/superagent-7.1.6.tgz#64f303ed4e4aba1e9da319f134107a54cacdc9c6"
+  integrity sha512-gZkVCQR1gy/oUXr+kxJMLDjla434KmSOKbx5iGD30Ql+AkJQ/YlPKECJy2nhqOsHLjGHzoDTXNSjhnvWhzKk7g==
   dependencies:
-    component-emitter "^1.2.0"
-    cookiejar "^2.1.0"
-    debug "^3.1.0"
-    extend "^3.0.0"
-    form-data "^2.3.1"
-    formidable "^1.2.0"
-    methods "^1.1.1"
-    mime "^1.4.1"
-    qs "^6.5.1"
-    readable-stream "^2.3.5"
+    component-emitter "^1.3.0"
+    cookiejar "^2.1.3"
+    debug "^4.3.4"
+    fast-safe-stringify "^2.1.1"
+    form-data "^4.0.0"
+    formidable "^2.0.1"
+    methods "^1.1.2"
+    mime "2.6.0"
+    qs "^6.10.3"
+    readable-stream "^3.6.0"
+    semver "^7.3.7"
 
-supertest@4.0.2:
-  version "4.0.2"
-  resolved "https://registry.yarnpkg.com/supertest/-/supertest-4.0.2.tgz#c2234dbdd6dc79b6f15b99c8d6577b90e4ce3f36"
-  integrity sha512-1BAbvrOZsGA3YTCWqbmh14L0YEq0EGICX/nBnfkfVJn7SrxQV1I3pMYjSzG9y/7ZU2V9dWqyqk2POwxlb09duQ==
+supertest@6.2.2:
+  version "6.2.2"
+  resolved "https://registry.yarnpkg.com/supertest/-/supertest-6.2.2.tgz#04a5998fd3efaff187cb69f07a169755d655b001"
+  integrity sha512-wCw9WhAtKJsBvh07RaS+/By91NNE0Wh0DN19/hWPlBOU8tAfOtbZoVSV4xXeoKoxgPx0rx2y+y+8660XtE7jzg==
   dependencies:
     methods "^1.1.2"
-    superagent "^3.8.3"
+    superagent "^7.1.0"
 
 supports-color@^5.3.0, supports-color@^5.5.0:
   version "5.5.0"
@@ -14649,6 +14933,11 @@ to-fast-properties@^2.0.0:
   resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
   integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
 
+to-gfm-code-block@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/to-gfm-code-block/-/to-gfm-code-block-0.1.1.tgz#25d045a5fae553189e9637b590900da732d8aa82"
+  integrity sha512-LQRZWyn8d5amUKnfR9A9Uu7x9ss7Re8peuWR2gkh1E+ildOfv2aF26JpuDg8JtvCduu5+hOrMIH+XstZtnagqg==
+
 to-json-schema@0.2.5:
   version "0.2.5"
   resolved "https://registry.yarnpkg.com/to-json-schema/-/to-json-schema-0.2.5.tgz#ef3c3f11ad64460dcfbdbafd0fd525d69d62a98f"
@@ -14917,6 +15206,13 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
+typeof-article@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/typeof-article/-/typeof-article-0.1.1.tgz#9f07e733c3fbb646ffa9e61c08debacd460e06af"
+  integrity sha512-Vn42zdX3FhmUrzEmitX3iYyLb+Umwpmv8fkZRIknYh84lmdrwqZA5xYaoKiIj2Rc5i/5wcDrpUmZcbk1U51vTw==
+  dependencies:
+    kind-of "^3.1.0"
+
 typeof@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/typeof/-/typeof-1.0.0.tgz#9c84403f2323ae5399167275497638ea1d2f2440"
@@ -15277,6 +15573,14 @@ vm2@3.9.11:
     acorn "^8.7.0"
     acorn-walk "^8.2.0"
 
+vm2@^3.9.4:
+  version "3.9.14"
+  resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.14.tgz#964042b474cf1e6e4f475a39144773cdb9deb734"
+  integrity sha512-HgvPHYHeQy8+QhzlFryvSteA4uQLBCOub02mgqdR+0bN/akRZ48TGB1v0aCv7ksyc0HXx16AZtMHKS38alc6TA==
+  dependencies:
+    acorn "^8.7.0"
+    acorn-walk "^8.2.0"
+
 vuvuzela@1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/vuvuzela/-/vuvuzela-1.0.3.tgz#3be145e58271c73ca55279dd851f12a682114b0b"
@@ -15838,6 +16142,11 @@ yauzl@^2.4.2:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
 
+year@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/year/-/year-0.2.1.tgz#4083ae520a318b23ec86037f3000cb892bdf9bb0"
+  integrity sha512-9GnJUZ0QM4OgXuOzsKNzTJ5EOkums1Xc+3YQXp+Q+UxFjf7zLucp9dQ8QMIft0Szs1E1hUiXFim1OYfEKFq97w==
+
 ylru@^1.2.0:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/ylru/-/ylru-1.3.2.tgz#0de48017473275a4cbdfc83a1eaf67c01af8a785"
diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json
index 6b99e321e5..5e3fcecbcb 100644
--- a/packages/string-templates/package.json
+++ b/packages/string-templates/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/string-templates",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Handlebars wrapper for Budibase templating.",
   "main": "src/index.cjs",
   "module": "dist/bundle.mjs",
diff --git a/packages/types/package.json b/packages/types/package.json
index 7d679edcf6..c4b238276d 100644
--- a/packages/types/package.json
+++ b/packages/types/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@budibase/types",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase types",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/packages/types/src/api/account/index.ts b/packages/types/src/api/account/index.ts
index 0cbc487bcc..4be610d1b3 100644
--- a/packages/types/src/api/account/index.ts
+++ b/packages/types/src/api/account/index.ts
@@ -1,2 +1,3 @@
 export * from "./user"
 export * from "./license"
+export * from "./status"
diff --git a/packages/types/src/api/account/status.ts b/packages/types/src/api/account/status.ts
new file mode 100644
index 0000000000..f6a0db7a5e
--- /dev/null
+++ b/packages/types/src/api/account/status.ts
@@ -0,0 +1,7 @@
+export interface HealthStatusResponse {
+  passing: boolean
+  checks: {
+    login: boolean
+    search: boolean
+  }
+}
diff --git a/packages/types/src/api/web/auth.ts b/packages/types/src/api/web/auth.ts
new file mode 100644
index 0000000000..e31a151c48
--- /dev/null
+++ b/packages/types/src/api/web/auth.ts
@@ -0,0 +1,25 @@
+export interface LoginRequest {
+  username: string
+  password: string
+}
+
+export interface PasswordResetRequest {
+  email: string
+}
+
+export interface PasswordResetUpdateRequest {
+  resetCode: string
+  password: string
+}
+
+export interface UpdateSelfRequest {
+  firstName?: string
+  lastName?: string
+  password?: string
+  forceResetPassword?: boolean
+}
+
+export interface UpdateSelfResponse {
+  _id: string
+  _rev: string
+}
diff --git a/packages/types/src/api/web/errors.ts b/packages/types/src/api/web/errors.ts
index 65870d6a29..996c0ba34c 100644
--- a/packages/types/src/api/web/errors.ts
+++ b/packages/types/src/api/web/errors.ts
@@ -2,4 +2,5 @@ export interface APIError {
   message: string
   status: number
   error?: any
+  validationErrors?: any
 }
diff --git a/packages/types/src/api/web/global/auditLogs.ts b/packages/types/src/api/web/global/auditLogs.ts
new file mode 100644
index 0000000000..a890f3a751
--- /dev/null
+++ b/packages/types/src/api/web/global/auditLogs.ts
@@ -0,0 +1,51 @@
+import { Event, AuditedEventFriendlyName } from "../../../sdk"
+import {
+  PaginationResponse,
+  PaginationRequest,
+  BasicPaginationRequest,
+} from "../"
+import { User, App } from "../../../"
+
+export interface AuditLogSearchParams {
+  userIds?: string[]
+  appIds?: string[]
+  events?: Event[]
+  startDate?: string
+  endDate?: string
+  fullSearch?: string
+  bookmark?: string
+}
+
+export interface DownloadAuditLogsRequest extends AuditLogSearchParams {}
+
+export interface SearchAuditLogsRequest
+  extends BasicPaginationRequest,
+    AuditLogSearchParams {}
+
+export enum AuditLogResourceStatus {
+  DELETED = "deleted",
+}
+
+export type DeletedResourceInfo = {
+  _id: string
+  status: AuditLogResourceStatus
+  email?: string
+  name?: string
+}
+
+export interface AuditLogEnriched {
+  app?: App | DeletedResourceInfo
+  user: User | DeletedResourceInfo
+  event: Event
+  timestamp: string
+  name: string
+  metadata: any
+}
+
+export interface SearchAuditLogsResponse extends PaginationResponse {
+  data: AuditLogEnriched[]
+}
+
+export interface DefinitionsAuditLogsResponse {
+  events: Record<string, string>
+}
diff --git a/packages/types/src/api/web/global/configs.ts b/packages/types/src/api/web/global/configs.ts
new file mode 100644
index 0000000000..1476d13cee
--- /dev/null
+++ b/packages/types/src/api/web/global/configs.ts
@@ -0,0 +1,23 @@
+import { SettingsConfig, SettingsInnerConfig } from "../../../documents"
+
+/**
+ * Settings that aren't stored in the database - enriched at runtime.
+ */
+export interface PublicSettingsInnerConfig extends SettingsInnerConfig {
+  google: boolean
+  oidc: boolean
+  oidcCallbackUrl: string
+  googleCallbackUrl: string
+}
+
+export interface GetPublicSettingsResponse extends SettingsConfig {
+  config: PublicSettingsInnerConfig
+}
+
+export interface PublicOIDCConfig {
+  logo?: string
+  name?: string
+  uuid?: string
+}
+
+export type GetPublicOIDCConfigResponse = PublicOIDCConfig[]
diff --git a/packages/types/src/api/web/global/index.ts b/packages/types/src/api/web/global/index.ts
index 415ed55ab1..21a5de3727 100644
--- a/packages/types/src/api/web/global/index.ts
+++ b/packages/types/src/api/web/global/index.ts
@@ -1,2 +1,4 @@
 export * from "./environmentVariables"
+export * from "./auditLogs"
 export * from "./events"
+export * from "./configs"
diff --git a/packages/types/src/api/web/index.ts b/packages/types/src/api/web/index.ts
index 9688a89c7b..141119c837 100644
--- a/packages/types/src/api/web/index.ts
+++ b/packages/types/src/api/web/index.ts
@@ -1,6 +1,8 @@
 export * from "./analytics"
+export * from "./auth"
 export * from "./user"
 export * from "./errors"
 export * from "./schedule"
 export * from "./app"
 export * from "./global"
+export * from "./pagination"
diff --git a/packages/types/src/api/web/pagination.ts b/packages/types/src/api/web/pagination.ts
new file mode 100644
index 0000000000..ae4c56971a
--- /dev/null
+++ b/packages/types/src/api/web/pagination.ts
@@ -0,0 +1,27 @@
+export enum SortOrder {
+  ASCENDING = "ascending",
+  DESCENDING = "descending",
+}
+
+export enum SortType {
+  STRING = "string",
+  number = "number",
+}
+
+export interface BasicPaginationRequest {
+  bookmark?: string
+}
+
+export interface PaginationRequest extends BasicPaginationRequest {
+  limit?: number
+  sort?: {
+    order: SortOrder
+    column: string
+    type: SortType
+  }
+}
+
+export interface PaginationResponse {
+  bookmark: string
+  hasNextPage: boolean
+}
diff --git a/packages/types/src/api/web/user.ts b/packages/types/src/api/web/user.ts
index 6acaf6912d..63d6be6fa0 100644
--- a/packages/types/src/api/web/user.ts
+++ b/packages/types/src/api/web/user.ts
@@ -1,6 +1,6 @@
 import { User } from "../../documents"
 
-export interface CreateUserResponse {
+export interface SaveUserResponse {
   _id: string
   _rev: string
   email: string
@@ -16,6 +16,7 @@ export interface BulkUserRequest {
     userIds: string[]
   }
   create?: {
+    roles?: any[]
     users: User[]
     groups: any[]
   }
@@ -49,7 +50,7 @@ export interface SearchUsersRequest {
   page?: string
   email?: string
   appId?: string
-  userIds?: string[]
+  paginated?: boolean
 }
 
 export interface CreateAdminUserRequest {
@@ -58,6 +59,25 @@ export interface CreateAdminUserRequest {
   tenantId: string
 }
 
+export interface CreateAdminUserResponse {
+  _id: string
+  _rev: string
+  email: string
+}
+
+export interface AcceptUserInviteRequest {
+  inviteCode: string
+  password: string
+  firstName: string
+  lastName: string
+}
+
+export interface AcceptUserInviteResponse {
+  _id: string
+  _rev: string
+  email: string
+}
+
 export interface SyncUserRequest {
   previousUser?: User
 }
diff --git a/packages/types/src/documents/account/account.ts b/packages/types/src/documents/account/account.ts
index a8684f8427..cacdc4e9a2 100644
--- a/packages/types/src/documents/account/account.ts
+++ b/packages/types/src/documents/account/account.ts
@@ -79,14 +79,24 @@ export const isSelfHostAccount = (account: Account) =>
 export const isSSOAccount = (account: Account): account is SSOAccount =>
   account.authType === AuthType.SSO
 
-export interface SSOAccount extends Account {
-  pictureUrl?: string
-  provider?: string
-  providerType?: string
+export enum AccountSSOProviderType {
+  GOOGLE = "google",
+}
+
+export enum AccountSSOProvider {
+  GOOGLE = "google",
+}
+
+export interface AccountSSO {
+  provider: AccountSSOProvider
+  providerType: AccountSSOProviderType
   oauth2?: OAuthTokens
+  pictureUrl?: string
   thirdPartyProfile: any // TODO: define what the google profile looks like
 }
 
+export type SSOAccount = (Account | CloudAccount) & AccountSSO
+
 export enum AuthType {
   SSO = "sso",
   PASSWORD = "password",
diff --git a/packages/types/src/documents/global/auditLogs.ts b/packages/types/src/documents/global/auditLogs.ts
new file mode 100644
index 0000000000..091c7b8418
--- /dev/null
+++ b/packages/types/src/documents/global/auditLogs.ts
@@ -0,0 +1,19 @@
+import { Document } from "../document"
+import { Event } from "../../sdk"
+
+export const AuditLogSystemUser = "SYSTEM"
+
+export type FallbackInfo = {
+  appName?: string
+  email?: string
+}
+
+export interface AuditLogDoc extends Document {
+  appId?: string
+  event: Event
+  userId: string
+  timestamp: string
+  metadata: any
+  name: string
+  fallback?: FallbackInfo
+}
diff --git a/packages/types/src/documents/global/config.ts b/packages/types/src/documents/global/config.ts
index 9b05069c9a..6e86ed2674 100644
--- a/packages/types/src/documents/global/config.ts
+++ b/packages/types/src/documents/global/config.ts
@@ -5,37 +5,55 @@ export interface Config extends Document {
   config: any
 }
 
-export interface SMTPConfig extends Config {
-  config: {
-    port: number
-    host: string
-    from: string
-    subject: string
-    secure: boolean
+export interface SMTPInnerConfig {
+  port: number
+  host: string
+  from: string
+  subject?: string
+  secure: boolean
+  auth?: {
+    user: string
+    pass: string
   }
+  connectionTimeout?: any
+}
+
+export interface SMTPConfig extends Config {
+  config: SMTPInnerConfig
+}
+
+export interface SettingsInnerConfig {
+  platformUrl?: string
+  company?: string
+  logoUrl?: string // Populated on read
+  logoUrlEtag?: string
+  uniqueTenantId?: string
+  analyticsEnabled?: boolean
+  isSSOEnforced?: boolean
 }
 
 export interface SettingsConfig extends Config {
-  config: {
-    company: string
-    // Populated on read
-    logoUrl?: string
-    logoUrlEtag?: boolean
-    platformUrl: string
-    uniqueTenantId?: string
-    analyticsEnabled?: boolean
-  }
+  config: SettingsInnerConfig
+}
+
+export type SSOConfigType = ConfigType.GOOGLE | ConfigType.OIDC
+export type SSOConfig = GoogleInnerConfig | OIDCInnerConfig
+
+export interface GoogleInnerConfig {
+  clientID: string
+  clientSecret: string
+  activated: boolean
+  /**
+   * @deprecated read only
+   */
+  callbackURL?: string
 }
 
 export interface GoogleConfig extends Config {
-  config: {
-    clientID: string
-    clientSecret: string
-    activated: boolean
-  }
+  config: GoogleInnerConfig
 }
 
-export interface OIDCConfiguration {
+export interface OIDCStrategyConfiguration {
   issuer: string
   authorizationURL: string
   tokenURL: string
@@ -45,7 +63,11 @@ export interface OIDCConfiguration {
   callbackURL: string
 }
 
-export interface OIDCInnerCfg {
+export interface OIDCConfigs {
+  configs: OIDCInnerConfig[]
+}
+
+export interface OIDCInnerConfig {
   configUrl: string
   clientID: string
   clientSecret: string
@@ -53,12 +75,18 @@ export interface OIDCInnerCfg {
   name: string
   uuid: string
   activated: boolean
+  scopes: string[]
 }
 
 export interface OIDCConfig extends Config {
-  config: {
-    configs: OIDCInnerCfg[]
-  }
+  config: OIDCConfigs
+}
+
+export interface OIDCWellKnownConfig {
+  issuer: string
+  authorization_endpoint: string
+  token_endpoint: string
+  userinfo_endpoint: string
 }
 
 export const isSettingsConfig = (config: Config): config is SettingsConfig =>
diff --git a/packages/types/src/documents/global/index.ts b/packages/types/src/documents/global/index.ts
index 11ce7513f2..b728439dd6 100644
--- a/packages/types/src/documents/global/index.ts
+++ b/packages/types/src/documents/global/index.ts
@@ -6,3 +6,4 @@ export * from "./quotas"
 export * from "./schedule"
 export * from "./templates"
 export * from "./environmentVariables"
+export * from "./auditLogs"
diff --git a/packages/types/src/documents/global/user.ts b/packages/types/src/documents/global/user.ts
index aef36c3469..af48dbb758 100644
--- a/packages/types/src/documents/global/user.ts
+++ b/packages/types/src/documents/global/user.ts
@@ -1,37 +1,44 @@
 import { Document } from "../document"
 
-export interface SSOProfile {
-  id: string
-  name?: {
-    givenName?: string
-    familyName?: string
-  }
-  _json: {
-    email: string
-    picture: string
-  }
-  provider?: string
+// SSO
+
+export interface SSOProfileJson {
+  email?: string
+  picture?: string
 }
 
-export interface ThirdPartyUser extends Document {
-  thirdPartyProfile?: SSOProfile["_json"]
-  firstName?: string
-  lastName?: string
-  pictureUrl?: string
-  profile?: SSOProfile
-  oauth2?: any
-  provider?: string
-  providerType?: string
-  email: string
-  userId?: string
-  forceResetPassword?: boolean
-  userGroups?: string[]
+export interface OAuth2 {
+  accessToken: string
+  refreshToken?: string
 }
 
-export interface User extends ThirdPartyUser {
+export enum SSOProviderType {
+  OIDC = "oidc",
+  GOOGLE = "google",
+}
+
+export interface UserSSO {
+  provider: string // the individual provider e.g. Okta, Auth0, Google
+  providerType: SSOProviderType
+  oauth2?: OAuth2
+  thirdPartyProfile?: SSOProfileJson
+}
+
+export type SSOUser = User & UserSSO
+
+export function isSSOUser(user: User): user is SSOUser {
+  return !!(user as SSOUser).providerType
+}
+
+// USER
+
+export interface User extends Document {
   tenantId: string
   email: string
   userId?: string
+  firstName?: string
+  lastName?: string
+  pictureUrl?: string
   forceResetPassword?: boolean
   roles: UserRoles
   builder?: {
@@ -41,20 +48,23 @@ export interface User extends ThirdPartyUser {
     global: boolean
   }
   password?: string
-  status?: string
+  status?: UserStatus
   createdAt?: number // override the default createdAt behaviour - users sdk historically set this to Date.now()
   dayPassRecordedAt?: string
-  account?: {
-    authType: string
-  }
+  userGroups?: string[]
   onboardedAt?: string
 }
 
+export enum UserStatus {
+  ACTIVE = "active",
+  INACTIVE = "inactive",
+}
+
 export interface UserRoles {
   [key: string]: string
 }
 
-// utility types
+// UTILITY TYPES
 
 export interface BuilderUser extends User {
   builder: {
diff --git a/packages/types/src/sdk/auditLogs.ts b/packages/types/src/sdk/auditLogs.ts
new file mode 100644
index 0000000000..cf12a79688
--- /dev/null
+++ b/packages/types/src/sdk/auditLogs.ts
@@ -0,0 +1,22 @@
+import { Event, HostInfo } from "./events"
+import { AuditLogDoc } from "../documents"
+
+export type AuditWriteOpts = {
+  appId?: string
+  timestamp?: string | number
+  userId?: string
+  hostInfo?: HostInfo
+}
+
+export type AuditLogFn = (
+  event: Event,
+  metadata: any,
+  opts: AuditWriteOpts
+) => Promise<AuditLogDoc | undefined>
+
+export type AuditLogQueueEvent = {
+  event: Event
+  properties: any
+  opts: AuditWriteOpts
+  tenantId: string
+}
diff --git a/packages/types/src/sdk/cli/constants.ts b/packages/types/src/sdk/cli/constants.ts
new file mode 100644
index 0000000000..17d570b8be
--- /dev/null
+++ b/packages/types/src/sdk/cli/constants.ts
@@ -0,0 +1,21 @@
+import { Event } from "../events"
+
+export enum CommandWord {
+  BACKUPS = "backups",
+  HOSTING = "hosting",
+  ANALYTICS = "analytics",
+  HELP = "help",
+  PLUGIN = "plugins",
+}
+
+export enum InitType {
+  QUICK = "quick",
+  DIGITAL_OCEAN = "do",
+}
+
+export const AnalyticsEvent = {
+  OptOut: "analytics:opt:out",
+  OptIn: "analytics:opt:in",
+  SelfHostInit: "hosting:init",
+  PluginInit: Event.PLUGIN_INIT,
+}
diff --git a/packages/types/src/sdk/cli/index.ts b/packages/types/src/sdk/cli/index.ts
new file mode 100644
index 0000000000..23fdb69814
--- /dev/null
+++ b/packages/types/src/sdk/cli/index.ts
@@ -0,0 +1 @@
+export * from "./constants"
diff --git a/packages/types/src/sdk/context.ts b/packages/types/src/sdk/context.ts
index b3403df8af..c8345de196 100644
--- a/packages/types/src/sdk/context.ts
+++ b/packages/types/src/sdk/context.ts
@@ -1,5 +1,5 @@
 import { User, Account } from "../documents"
-import { IdentityType } from "./events"
+import { IdentityType, HostInfo } from "./events"
 
 export interface BaseContext {
   _id: string
@@ -16,6 +16,7 @@ export interface UserContext extends BaseContext, User {
   _id: string
   tenantId: string
   account?: Account
+  hostInfo: HostInfo
 }
 
 export type IdentityContext = BaseContext | AccountUserContext | UserContext
diff --git a/packages/types/src/sdk/db.ts b/packages/types/src/sdk/db.ts
index 35d198ccb2..6e213b5831 100644
--- a/packages/types/src/sdk/db.ts
+++ b/packages/types/src/sdk/db.ts
@@ -1,5 +1,11 @@
 import Nano from "@budibase/nano"
 import { AllDocsResponse, AnyDocument, Document } from "../"
+import { Writable } from "stream"
+
+export enum SearchIndex {
+  ROWS = "rows",
+  AUDIT = "audit",
+}
 
 export type PouchOptions = {
   inMemory?: boolean
@@ -63,6 +69,18 @@ export const isDocument = (doc: any): doc is Document => {
   return typeof doc === "object" && doc._id && doc._rev
 }
 
+export interface DatabaseDumpOpts {
+  filter?: (doc: AnyDocument) => boolean
+  batch_size?: number
+  batch_limit?: number
+  style?: "main_only" | "all_docs"
+  timeout?: number
+  doc_ids?: string[]
+  query_params?: any
+  view?: string
+  selector?: any
+}
+
 export interface Database {
   name: string
 
@@ -87,7 +105,7 @@ export interface Database {
   compact(): Promise<Nano.OkResponse | void>
   // these are all PouchDB related functions that are rarely used - in future
   // should be replaced by better typed/non-pouch implemented methods
-  dump(...args: any[]): Promise<any>
+  dump(stream: Writable, opts?: DatabaseDumpOpts): Promise<any>
   load(...args: any[]): Promise<any>
   createIndex(...args: any[]): Promise<any>
   deleteIndex(...args: any[]): Promise<any>
diff --git a/packages/types/src/sdk/events/app.ts b/packages/types/src/sdk/events/app.ts
index 73d491070f..602dd8b6a5 100644
--- a/packages/types/src/sdk/events/app.ts
+++ b/packages/types/src/sdk/events/app.ts
@@ -3,50 +3,83 @@ import { BaseEvent } from "./event"
 export interface AppCreatedEvent extends BaseEvent {
   appId: string
   version: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppUpdatedEvent extends BaseEvent {
   appId: string
   version: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppDeletedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppPublishedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppUnpublishedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppFileImportedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppTemplateImportedEvent extends BaseEvent {
   appId: string
   templateKey: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppVersionUpdatedEvent extends BaseEvent {
   appId: string
   currentVersion: string
   updatedToVersion: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppVersionRevertedEvent extends BaseEvent {
   appId: string
   currentVersion: string
   revertedToVersion: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppRevertedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AppExportedEvent extends BaseEvent {
   appId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/auditLog.ts b/packages/types/src/sdk/events/auditLog.ts
new file mode 100644
index 0000000000..5f3edfb826
--- /dev/null
+++ b/packages/types/src/sdk/events/auditLog.ts
@@ -0,0 +1,10 @@
+import { BaseEvent } from "./event"
+import { AuditLogSearchParams } from "../../api"
+
+export interface AuditLogFilteredEvent extends BaseEvent {
+  filters: AuditLogSearchParams
+}
+
+export interface AuditLogDownloadedEvent extends BaseEvent {
+  filters: AuditLogSearchParams
+}
diff --git a/packages/types/src/sdk/events/auth.ts b/packages/types/src/sdk/events/auth.ts
index eb9f3148a3..c7171d923d 100644
--- a/packages/types/src/sdk/events/auth.ts
+++ b/packages/types/src/sdk/events/auth.ts
@@ -7,10 +7,16 @@ export type SSOType = ConfigType.OIDC | ConfigType.GOOGLE
 export interface LoginEvent extends BaseEvent {
   userId: string
   source: LoginSource
+  audited: {
+    email: string
+  }
 }
 
 export interface LogoutEvent extends BaseEvent {
   userId: string
+  audited: {
+    email?: string
+  }
 }
 
 export interface SSOCreatedEvent extends BaseEvent {
diff --git a/packages/types/src/sdk/events/automation.ts b/packages/types/src/sdk/events/automation.ts
index beabdbb9eb..a3f4d15186 100644
--- a/packages/types/src/sdk/events/automation.ts
+++ b/packages/types/src/sdk/events/automation.ts
@@ -5,6 +5,9 @@ export interface AutomationCreatedEvent extends BaseEvent {
   automationId: string
   triggerId: string
   triggerType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationTriggerUpdatedEvent extends BaseEvent {
@@ -19,6 +22,9 @@ export interface AutomationDeletedEvent extends BaseEvent {
   automationId: string
   triggerId: string
   triggerType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationTestedEvent extends BaseEvent {
@@ -35,6 +41,9 @@ export interface AutomationStepCreatedEvent extends BaseEvent {
   triggerType: string
   stepId: string
   stepType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationStepDeletedEvent extends BaseEvent {
@@ -44,6 +53,9 @@ export interface AutomationStepDeletedEvent extends BaseEvent {
   triggerType: string
   stepId: string
   stepType: string
+  audited: {
+    name: string
+  }
 }
 
 export interface AutomationsRunEvent extends BaseEvent {
diff --git a/packages/types/src/sdk/events/backup.ts b/packages/types/src/sdk/events/backup.ts
index 1dddc109cc..23863cf8ac 100644
--- a/packages/types/src/sdk/events/backup.ts
+++ b/packages/types/src/sdk/events/backup.ts
@@ -5,6 +5,7 @@ export interface AppBackupRestoreEvent extends BaseEvent {
   appId: string
   restoreId: string
   backupCreatedAt: string
+  name: string
 }
 
 export interface AppBackupTriggeredEvent extends BaseEvent {
@@ -12,4 +13,5 @@ export interface AppBackupTriggeredEvent extends BaseEvent {
   appId: string
   trigger: AppBackupTrigger
   type: AppBackupType
+  name: string
 }
diff --git a/packages/types/src/sdk/events/event.ts b/packages/types/src/sdk/events/event.ts
index f509682add..3d0d3122b5 100644
--- a/packages/types/src/sdk/events/event.ts
+++ b/packages/types/src/sdk/events/event.ts
@@ -180,6 +180,190 @@ export enum Event {
   ENVIRONMENT_VARIABLE_CREATED = "environment_variable:created",
   ENVIRONMENT_VARIABLE_DELETED = "environment_variable:deleted",
   ENVIRONMENT_VARIABLE_UPGRADE_PANEL_OPENED = "environment_variable:upgrade_panel_opened",
+
+  // AUDIT LOG
+  AUDIT_LOGS_FILTERED = "audit_log:filtered",
+  AUDIT_LOGS_DOWNLOADED = "audit_log:downloaded",
+}
+
+// all events that are not audited have been added to this record as undefined, this means
+// that Typescript can protect us against new events being added and auditing of those
+// events not being considered. This might be a little ugly, but provides a level of
+// Typescript build protection for the audit log feature, any new event also needs to be
+// added to this map, during which the developer will need to consider if it should be
+// a user facing event or not.
+export const AuditedEventFriendlyName: Record<Event, string | undefined> = {
+  // USER
+  [Event.USER_CREATED]: `User "{{ email }}" created`,
+  [Event.USER_UPDATED]: `User "{{ email }}" updated`,
+  [Event.USER_DELETED]: `User "{{ email }}" deleted`,
+  [Event.USER_PERMISSION_ADMIN_ASSIGNED]: `User "{{ email }}" admin role assigned`,
+  [Event.USER_PERMISSION_ADMIN_REMOVED]: `User "{{ email }}" admin role removed`,
+  [Event.USER_PERMISSION_BUILDER_ASSIGNED]: `User "{{ email }}" builder role assigned`,
+  [Event.USER_PERMISSION_BUILDER_REMOVED]: `User "{{ email }}" builder role removed`,
+  [Event.USER_INVITED]: `User "{{ email }}" invited`,
+  [Event.USER_INVITED_ACCEPTED]: `User "{{ email }}" accepted invite`,
+  [Event.USER_PASSWORD_UPDATED]: `User "{{ email }}" password updated`,
+  [Event.USER_PASSWORD_RESET_REQUESTED]: `User "{{ email }}" password reset requested`,
+  [Event.USER_PASSWORD_RESET]: `User "{{ email }}" password reset`,
+  [Event.USER_GROUP_CREATED]: `User group "{{ name }}" created`,
+  [Event.USER_GROUP_UPDATED]: `User group "{{ name }}" updated`,
+  [Event.USER_GROUP_DELETED]: `User group "{{ name }}" deleted`,
+  [Event.USER_GROUP_USERS_ADDED]: `User group "{{ name }}" {{ count }} users added`,
+  [Event.USER_GROUP_USERS_REMOVED]: `User group "{{ name }}" {{ count }} users removed`,
+  [Event.USER_GROUP_PERMISSIONS_EDITED]: `User group "{{ name }}" permissions edited`,
+  [Event.USER_PASSWORD_FORCE_RESET]: undefined,
+  [Event.USER_GROUP_ONBOARDING]: undefined,
+  [Event.USER_ONBOARDING_COMPLETE]: undefined,
+
+  // EMAIL
+  [Event.EMAIL_SMTP_CREATED]: `Email configuration created`,
+  [Event.EMAIL_SMTP_UPDATED]: `Email configuration updated`,
+
+  // AUTH
+  [Event.AUTH_SSO_CREATED]: `SSO configuration created`,
+  [Event.AUTH_SSO_UPDATED]: `SSO configuration updated`,
+  [Event.AUTH_SSO_ACTIVATED]: `SSO configuration activated`,
+  [Event.AUTH_SSO_DEACTIVATED]: `SSO configuration deactivated`,
+  [Event.AUTH_LOGIN]: `User "{{ email }}" logged in`,
+  [Event.AUTH_LOGOUT]: `User "{{ email }}" logged out`,
+
+  // ORG
+  [Event.ORG_NAME_UPDATED]: `Organisation name updated`,
+  [Event.ORG_LOGO_UPDATED]: `Organisation logo updated`,
+  [Event.ORG_PLATFORM_URL_UPDATED]: `Organisation platform URL updated`,
+
+  // APP
+  [Event.APP_CREATED]: `App "{{ name }}" created`,
+  [Event.APP_UPDATED]: `App "{{ name }}" updated`,
+  [Event.APP_DELETED]: `App "{{ name }}" deleted`,
+  [Event.APP_PUBLISHED]: `App "{{ name }}" published`,
+  [Event.APP_UNPUBLISHED]: `App "{{ name }}" unpublished`,
+  [Event.APP_TEMPLATE_IMPORTED]: `App "{{ name }}" template imported`,
+  [Event.APP_FILE_IMPORTED]: `App "{{ name }}" file imported`,
+  [Event.APP_VERSION_UPDATED]: `App "{{ name }}" version updated`,
+  [Event.APP_VERSION_REVERTED]: `App "{{ name }}" version reverted`,
+  [Event.APP_REVERTED]: `App "{{ name }}" reverted`,
+  [Event.APP_EXPORTED]: `App "{{ name }}" exported`,
+  [Event.APP_BACKUP_RESTORED]: `App backup "{{ name }}" restored`,
+  [Event.APP_BACKUP_TRIGGERED]: `App backup "{{ name }}" triggered`,
+
+  // DATASOURCE
+  [Event.DATASOURCE_CREATED]: `Datasource created`,
+  [Event.DATASOURCE_UPDATED]: `Datasource updated`,
+  [Event.DATASOURCE_DELETED]: `Datasource deleted`,
+
+  // QUERY
+  [Event.QUERY_CREATED]: `Query created`,
+  [Event.QUERY_UPDATED]: `Query updated`,
+  [Event.QUERY_DELETED]: `Query deleted`,
+  [Event.QUERY_IMPORT]: `Query import`,
+  [Event.QUERIES_RUN]: undefined,
+  [Event.QUERY_PREVIEWED]: undefined,
+
+  // TABLE
+  [Event.TABLE_CREATED]: `Table "{{ name }}" created`,
+  [Event.TABLE_UPDATED]: `Table "{{ name }}" updated`,
+  [Event.TABLE_DELETED]: `Table "{{ name }}" deleted`,
+  [Event.TABLE_EXPORTED]: `Table "{{ name }}" exported`,
+  [Event.TABLE_IMPORTED]: `Table "{{ name }}" imported`,
+  [Event.TABLE_DATA_IMPORTED]: `Data imported to table`,
+
+  // ROWS
+  [Event.ROWS_CREATED]: `Rows created`,
+  [Event.ROWS_IMPORTED]: `Rows imported`,
+
+  // AUTOMATION
+  [Event.AUTOMATION_CREATED]: `Automation "{{ name }}" created`,
+  [Event.AUTOMATION_DELETED]: `Automation "{{ name }}" deleted`,
+  [Event.AUTOMATION_STEP_CREATED]: `Automation "{{ name }}" step added`,
+  [Event.AUTOMATION_STEP_DELETED]: `Automation "{{ name }}" step removed`,
+  [Event.AUTOMATION_TESTED]: undefined,
+  [Event.AUTOMATIONS_RUN]: undefined,
+  [Event.AUTOMATION_TRIGGER_UPDATED]: undefined,
+
+  // SCREEN
+  [Event.SCREEN_CREATED]: `Screen "{{ name }}" created`,
+  [Event.SCREEN_DELETED]: `Screen "{{ name }}" deleted`,
+
+  // COMPONENT
+  [Event.COMPONENT_CREATED]: `Component created`,
+  [Event.COMPONENT_DELETED]: `Component deleted`,
+
+  // ENVIRONMENT VARIABLE
+  [Event.ENVIRONMENT_VARIABLE_CREATED]: `Environment variable created`,
+  [Event.ENVIRONMENT_VARIABLE_DELETED]: `Environment variable deleted`,
+  [Event.ENVIRONMENT_VARIABLE_UPGRADE_PANEL_OPENED]: undefined,
+
+  // PLUGIN
+  [Event.PLUGIN_IMPORTED]: `Plugin imported`,
+  [Event.PLUGIN_DELETED]: `Plugin deleted`,
+  [Event.PLUGIN_INIT]: undefined,
+
+  // ROLE - NOT AUDITED
+  [Event.ROLE_CREATED]: undefined,
+  [Event.ROLE_UPDATED]: undefined,
+  [Event.ROLE_DELETED]: undefined,
+  [Event.ROLE_ASSIGNED]: undefined,
+  [Event.ROLE_UNASSIGNED]: undefined,
+
+  // LICENSE - NOT AUDITED
+  [Event.LICENSE_PLAN_CHANGED]: undefined,
+  [Event.LICENSE_TIER_CHANGED]: undefined,
+  [Event.LICENSE_ACTIVATED]: undefined,
+  [Event.LICENSE_PAYMENT_FAILED]: undefined,
+  [Event.LICENSE_PAYMENT_RECOVERED]: undefined,
+  [Event.LICENSE_CHECKOUT_OPENED]: undefined,
+  [Event.LICENSE_CHECKOUT_SUCCESS]: undefined,
+  [Event.LICENSE_PORTAL_OPENED]: undefined,
+
+  // ACCOUNT - NOT AUDITED
+  [Event.ACCOUNT_CREATED]: undefined,
+  [Event.ACCOUNT_DELETED]: undefined,
+  [Event.ACCOUNT_VERIFIED]: undefined,
+
+  // BACKFILL - NOT AUDITED
+  [Event.APP_BACKFILL_SUCCEEDED]: undefined,
+  [Event.APP_BACKFILL_FAILED]: undefined,
+  [Event.TENANT_BACKFILL_SUCCEEDED]: undefined,
+  [Event.TENANT_BACKFILL_FAILED]: undefined,
+  [Event.INSTALLATION_BACKFILL_SUCCEEDED]: undefined,
+  [Event.INSTALLATION_BACKFILL_FAILED]: undefined,
+
+  // LAYOUT - NOT AUDITED
+  [Event.LAYOUT_CREATED]: undefined,
+  [Event.LAYOUT_DELETED]: undefined,
+
+  // VIEW - NOT AUDITED
+  [Event.VIEW_CREATED]: undefined,
+  [Event.VIEW_UPDATED]: undefined,
+  [Event.VIEW_DELETED]: undefined,
+  [Event.VIEW_EXPORTED]: undefined,
+  [Event.VIEW_FILTER_CREATED]: undefined,
+  [Event.VIEW_FILTER_UPDATED]: undefined,
+  [Event.VIEW_FILTER_DELETED]: undefined,
+  [Event.VIEW_CALCULATION_CREATED]: undefined,
+  [Event.VIEW_CALCULATION_UPDATED]: undefined,
+  [Event.VIEW_CALCULATION_DELETED]: undefined,
+
+  // SERVED - NOT AUDITED
+  [Event.SERVED_BUILDER]: undefined,
+  [Event.SERVED_APP]: undefined,
+  [Event.SERVED_APP_PREVIEW]: undefined,
+
+  // ANALYTICS - NOT AUDITED
+  [Event.ANALYTICS_OPT_OUT]: undefined,
+  [Event.ANALYTICS_OPT_IN]: undefined,
+
+  // INSTALLATION - NOT AUDITED
+  [Event.INSTALLATION_VERSION_CHECKED]: undefined,
+  [Event.INSTALLATION_VERSION_UPGRADED]: undefined,
+  [Event.INSTALLATION_VERSION_DOWNGRADED]: undefined,
+  [Event.INSTALLATION_FIRST_STARTUP]: undefined,
+
+  // AUDIT LOG - NOT AUDITED
+  [Event.AUDIT_LOGS_FILTERED]: undefined,
+  [Event.AUDIT_LOGS_DOWNLOADED]: undefined,
 }
 
 // properties added at the final stage of the event pipeline
@@ -191,6 +375,11 @@ export interface BaseEvent {
   installationId?: string
   tenantId?: string
   hosting?: Hosting
+  // any props in the audited section will be removed before passing events
+  // up out of system (purely for use with auditing)
+  audited?: {
+    [key: string]: any
+  }
 }
 
 export type TableExportFormat = "json" | "csv"
diff --git a/packages/types/src/sdk/events/identification.ts b/packages/types/src/sdk/events/identification.ts
index 3f4e7ec9d4..627254882e 100644
--- a/packages/types/src/sdk/events/identification.ts
+++ b/packages/types/src/sdk/events/identification.ts
@@ -34,6 +34,11 @@ export enum IdentityType {
   INSTALLATION = "installation",
 }
 
+export interface HostInfo {
+  ipAddress?: string
+  userAgent?: string
+}
+
 export interface Identity {
   id: string
   type: IdentityType
@@ -41,6 +46,7 @@ export interface Identity {
   environment: string
   installationId?: string
   tenantId?: string
+  hostInfo?: HostInfo
 }
 
 export interface UserIdentity extends Identity {
diff --git a/packages/types/src/sdk/events/index.ts b/packages/types/src/sdk/events/index.ts
index 009d9beac4..745f84d2a3 100644
--- a/packages/types/src/sdk/events/index.ts
+++ b/packages/types/src/sdk/events/index.ts
@@ -22,3 +22,4 @@ export * from "./userGroup"
 export * from "./plugin"
 export * from "./backup"
 export * from "./environmentVariable"
+export * from "./auditLog"
diff --git a/packages/types/src/sdk/events/screen.ts b/packages/types/src/sdk/events/screen.ts
index 23c468b7ad..e6b1d4d360 100644
--- a/packages/types/src/sdk/events/screen.ts
+++ b/packages/types/src/sdk/events/screen.ts
@@ -4,10 +4,16 @@ export interface ScreenCreatedEvent extends BaseEvent {
   screenId: string
   layoutId?: string
   roleId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface ScreenDeletedEvent extends BaseEvent {
   screenId: string
   layoutId?: string
   roleId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/table.ts b/packages/types/src/sdk/events/table.ts
index da3c7edf47..8df2a95796 100644
--- a/packages/types/src/sdk/events/table.ts
+++ b/packages/types/src/sdk/events/table.ts
@@ -2,21 +2,36 @@ import { BaseEvent, TableExportFormat } from "./event"
 
 export interface TableCreatedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableUpdatedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableDeletedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface TableExportedEvent extends BaseEvent {
   tableId: string
   format: TableExportFormat
+  audited: {
+    name: string
+  }
 }
 
 export interface TableImportedEvent extends BaseEvent {
   tableId: string
+  audited: {
+    name: string
+  }
 }
diff --git a/packages/types/src/sdk/events/user.ts b/packages/types/src/sdk/events/user.ts
index 3f8f72801c..ab4b4d9724 100644
--- a/packages/types/src/sdk/events/user.ts
+++ b/packages/types/src/sdk/events/user.ts
@@ -2,47 +2,84 @@ import { BaseEvent } from "./event"
 
 export interface UserCreatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserUpdatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserDeletedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserOnboardingEvent extends BaseEvent {
   userId: string
   step?: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPermissionAssignedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPermissionRemovedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
-export interface UserInvitedEvent extends BaseEvent {}
+export interface UserInvitedEvent extends BaseEvent {
+  audited: {
+    email: string
+  }
+}
 
 export interface UserInviteAcceptedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordForceResetEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordUpdatedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordResetRequestedEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
 
 export interface UserPasswordResetEvent extends BaseEvent {
   userId: string
+  audited: {
+    email: string
+  }
 }
diff --git a/packages/types/src/sdk/events/userGroup.ts b/packages/types/src/sdk/events/userGroup.ts
index 2ce642e274..d82ab70b4c 100644
--- a/packages/types/src/sdk/events/userGroup.ts
+++ b/packages/types/src/sdk/events/userGroup.ts
@@ -2,27 +2,50 @@ import { BaseEvent } from "./event"
 
 export interface GroupCreatedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUpdatedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupDeletedEvent extends BaseEvent {
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUsersAddedEvent extends BaseEvent {
   count: number
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupUsersDeletedEvent extends BaseEvent {
   count: number
   groupId: string
+  audited: {
+    name: string
+  }
 }
 
 export interface GroupAddedOnboardingEvent extends BaseEvent {
   groupId: string
   onboarding: boolean
 }
+
+export interface GroupPermissionsEditedEvent extends BaseEvent {
+  permissions: Record<string, string>
+  groupId: string
+  audited: {
+    name: string
+  }
+}
diff --git a/packages/types/src/sdk/index.ts b/packages/types/src/sdk/index.ts
index f8f9d9cb97..8fc5fb287e 100644
--- a/packages/types/src/sdk/index.ts
+++ b/packages/types/src/sdk/index.ts
@@ -12,3 +12,7 @@ export * from "./db"
 export * from "./middleware"
 export * from "./featureFlag"
 export * from "./environmentVariables"
+export * from "./auditLogs"
+export * from "./sso"
+export * from "./user"
+export * from "./cli"
diff --git a/packages/types/src/sdk/licensing/feature.ts b/packages/types/src/sdk/licensing/feature.ts
index a39bcab18b..9f6090623b 100644
--- a/packages/types/src/sdk/licensing/feature.ts
+++ b/packages/types/src/sdk/licensing/feature.ts
@@ -2,4 +2,6 @@ export enum Feature {
   USER_GROUPS = "userGroups",
   APP_BACKUPS = "appBackups",
   ENVIRONMENT_VARIABLES = "environmentVariables",
+  AUDIT_LOGS = "auditLogs",
+  ENFORCEABLE_SSO = "enforceableSSO",
 }
diff --git a/packages/types/src/sdk/locks.ts b/packages/types/src/sdk/locks.ts
index e6809319b1..d868691891 100644
--- a/packages/types/src/sdk/locks.ts
+++ b/packages/types/src/sdk/locks.ts
@@ -12,6 +12,7 @@ export enum LockName {
   MIGRATIONS = "migrations",
   TRIGGER_QUOTA = "trigger_quota",
   SYNC_ACCOUNT_LICENSE = "sync_account_license",
+  UPDATE_TENANTS_DOC = "update_tenants_doc",
 }
 
 export interface LockOptions {
diff --git a/packages/types/src/sdk/sso.ts b/packages/types/src/sdk/sso.ts
new file mode 100644
index 0000000000..2141204ccb
--- /dev/null
+++ b/packages/types/src/sdk/sso.ts
@@ -0,0 +1,37 @@
+import {
+  OAuth2,
+  SSOProfileJson,
+  SSOProviderType,
+  SSOUser,
+  User,
+} from "../documents"
+import { SaveUserOpts } from "./user"
+
+export interface JwtClaims {
+  preferred_username?: string
+  email?: string
+}
+
+export interface SSOAuthDetails {
+  oauth2: OAuth2
+  provider: string
+  providerType: SSOProviderType
+  userId: string
+  email?: string
+  profile?: SSOProfile
+}
+
+export interface SSOProfile {
+  id: string
+  name?: {
+    givenName?: string
+    familyName?: string
+  }
+  _json: SSOProfileJson
+  provider?: string
+}
+
+export type SaveSSOUserFunction = (
+  user: SSOUser,
+  opts: SaveUserOpts
+) => Promise<User>
diff --git a/packages/types/src/sdk/user.ts b/packages/types/src/sdk/user.ts
new file mode 100644
index 0000000000..1602eeb6c8
--- /dev/null
+++ b/packages/types/src/sdk/user.ts
@@ -0,0 +1,12 @@
+export interface UpdateSelf {
+  firstName?: string
+  lastName?: string
+  password?: string
+  forceResetPassword?: boolean
+}
+
+export interface SaveUserOpts {
+  hashPassword?: boolean
+  requirePassword?: boolean
+  currentUserId?: string
+}
diff --git a/packages/worker/jest.config.ts b/packages/worker/jest.config.ts
index 8b0514211b..3655479d82 100644
--- a/packages/worker/jest.config.ts
+++ b/packages/worker/jest.config.ts
@@ -7,29 +7,24 @@ const config: Config.InitialOptions = {
   preset: "@trendyol/jest-testcontainers",
   setupFiles: ["./src/tests/jestEnv.ts"],
   setupFilesAfterEnv: ["./src/tests/jestSetup.ts"],
-  collectCoverageFrom: ["src/**/*.{js,ts}"],
+  collectCoverageFrom: ["src/**/*.{js,ts}", "../backend-core/src/**/*.{js,ts}"],
   coverageReporters: ["lcov", "json", "clover"],
   transform: {
     "^.+\\.ts?$": "@swc/jest",
   },
-}
-
-if (!process.env.CI) {
-  // use sources when not in CI
-  config.moduleNameMapper = {
+  moduleNameMapper: {
     "@budibase/backend-core/(.*)": "<rootDir>/../backend-core/$1",
     "@budibase/backend-core": "<rootDir>/../backend-core/src",
     "@budibase/types": "<rootDir>/../types/src",
-  }
-  // add pro sources if they exist
-  if (fs.existsSync("../../../budibase-pro")) {
-    config.moduleNameMapper["@budibase/pro/(.*)"] =
-      "<rootDir>/../../../budibase-pro/packages/pro/$1"
-    config.moduleNameMapper["@budibase/pro"] =
-      "<rootDir>/../../../budibase-pro/packages/pro/src"
-  }
-} else {
-  console.log("Running tests with compiled dependency sources")
+  },
+}
+
+// add pro sources if they exist
+if (fs.existsSync("../../../budibase-pro")) {
+  config.moduleNameMapper["@budibase/pro/(.*)"] =
+    "<rootDir>/../../../budibase-pro/packages/pro/$1"
+  config.moduleNameMapper["@budibase/pro"] =
+    "<rootDir>/../../../budibase-pro/packages/pro/src"
 }
 
 export default config
diff --git a/packages/worker/package.json b/packages/worker/package.json
index 6da61f1183..913f0378bf 100644
--- a/packages/worker/package.json
+++ b/packages/worker/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "2.3.16",
+  "version": "2.3.21-alpha.1",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -22,7 +22,7 @@
     "build:docker": "docker build . -t worker-service --label version=$BUDIBASE_RELEASE_VERSION",
     "dev:stack:init": "node ./scripts/dev/manage.js init",
     "dev:builder": "npm run dev:stack:init && nodemon",
-    "test": "jest --coverage --maxWorkers=2",
+    "test": "bash scripts/test.sh",
     "test:watch": "jest --watch",
     "env:multi:enable": "node scripts/multiTenancy.js enable",
     "env:multi:disable": "node scripts/multiTenancy.js disable",
@@ -36,10 +36,10 @@
   "author": "Budibase",
   "license": "GPL-3.0",
   "dependencies": {
-    "@budibase/backend-core": "^2.3.16",
-    "@budibase/pro": "2.3.16",
-    "@budibase/string-templates": "^2.3.16",
-    "@budibase/types": "^2.3.16",
+    "@budibase/backend-core": "2.3.21-alpha.1",
+    "@budibase/pro": "2.3.21-alpha.1",
+    "@budibase/string-templates": "2.3.21-alpha.1",
+    "@budibase/types": "2.3.21-alpha.1",
     "@koa/router": "8.0.8",
     "@sentry/node": "6.17.7",
     "@techpass/passport-openidconnect": "0.3.2",
@@ -60,6 +60,7 @@
     "koa-send": "5.0.1",
     "koa-session": "5.13.1",
     "koa-static": "5.0.0",
+    "koa-useragent": "^4.1.0",
     "node-fetch": "2.6.7",
     "nodemailer": "6.7.2",
     "passport-google-oauth": "2.0.0",
@@ -74,7 +75,7 @@
     "@swc/core": "^1.3.25",
     "@swc/jest": "^0.2.24",
     "@trendyol/jest-testcontainers": "^2.1.1",
-    "@types/jest": "26.0.23",
+    "@types/jest": "28.1.1",
     "@types/jsonwebtoken": "8.5.1",
     "@types/koa": "2.13.4",
     "@types/koa__router": "8.0.8",
@@ -82,6 +83,7 @@
     "@types/node-fetch": "2.6.1",
     "@types/pouchdb": "6.4.0",
     "@types/server-destroy": "1.0.1",
+    "@types/supertest": "2.0.12",
     "@types/uuid": "8.3.4",
     "@typescript-eslint/parser": "5.45.0",
     "copyfiles": "2.4.1",
diff --git a/packages/worker/scripts/dev/manage.js b/packages/worker/scripts/dev/manage.js
index 01cdef08ff..21a9eab9c6 100644
--- a/packages/worker/scripts/dev/manage.js
+++ b/packages/worker/scripts/dev/manage.js
@@ -29,6 +29,7 @@ async function init() {
       SERVICE: "worker-service",
       DEPLOYMENT_ENVIRONMENT: "development",
       TENANT_FEATURE_FLAGS: "*:LICENSING,*:USER_GROUPS,*:ONBOARDING_TOUR",
+      ENABLE_EMAIL_TEST_MODE: 1,
     }
     let envFile = ""
     Object.keys(envFileJson).forEach(key => {
diff --git a/packages/worker/scripts/test.sh b/packages/worker/scripts/test.sh
new file mode 100644
index 0000000000..2f3f54cb25
--- /dev/null
+++ b/packages/worker/scripts/test.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [[ -n $CI ]]
+then
+  # --runInBand performs better in ci where resources are limited
+  echo "jest --coverage --runInBand"
+  jest --coverage --runInBand
+else
+  # --maxWorkers performs better in development
+  echo "jest --coverage --maxWorkers=2"
+  jest --coverage --maxWorkers=2
+fi
\ No newline at end of file
diff --git a/packages/worker/src/api/controllers/global/auth.ts b/packages/worker/src/api/controllers/global/auth.ts
index 738b67c553..362723abd9 100644
--- a/packages/worker/src/api/controllers/global/auth.ts
+++ b/packages/worker/src/api/controllers/global/auth.ts
@@ -1,49 +1,55 @@
 import {
-  auth,
+  auth as authCore,
   constants,
   context,
-  db as dbCore,
   events,
-  tenancy,
-  users as usersCore,
-  utils,
+  utils as utilsCore,
+  configs,
 } from "@budibase/backend-core"
-import { EmailTemplatePurpose } from "../../../constants"
-import { isEmailConfigured, sendEmail } from "../../../utilities/email"
-import { checkResetPasswordCode } from "../../../utilities/redis"
+import {
+  ConfigType,
+  User,
+  Ctx,
+  LoginRequest,
+  SSOUser,
+  PasswordResetRequest,
+  PasswordResetUpdateRequest,
+  GoogleInnerConfig,
+} from "@budibase/types"
 import env from "../../../environment"
-import sdk from "../../../sdk"
-import { ConfigType, User } from "@budibase/types"
 
-const { setCookie, getCookie, clearCookie, hash, platformLogout } = utils
+import * as authSdk from "../../../sdk/auth"
+import * as userSdk from "../../../sdk/users"
+
 const { Cookie, Header } = constants
-const { passport, ssoCallbackUrl, google, oidc } = auth
+const { passport, ssoCallbackUrl, google, oidc } = authCore
+const { setCookie, getCookie, clearCookie } = utilsCore
 
-export async function googleCallbackUrl(config?: { callbackURL?: string }) {
-  return ssoCallbackUrl(tenancy.getGlobalDB(), config, ConfigType.GOOGLE)
-}
+// LOGIN / LOGOUT
 
-export async function oidcCallbackUrl(config?: { callbackURL?: string }) {
-  return ssoCallbackUrl(tenancy.getGlobalDB(), config, ConfigType.OIDC)
-}
-
-async function authInternal(ctx: any, user: any, err: any = null, info = null) {
+async function passportCallback(
+  ctx: Ctx,
+  user: User,
+  err: any = null,
+  info: { message: string } | null = null
+) {
   if (err) {
     console.error("Authentication error")
     console.error(err)
     console.trace(err)
     return ctx.throw(403, info ? info : "Unauthorized")
   }
-
   if (!user) {
     console.error("Authentication error - no user provided")
     return ctx.throw(403, info ? info : "Unauthorized")
   }
 
+  const token = await authSdk.loginUser(user)
+
   // set a cookie for browser access
-  setCookie(ctx, user.token, Cookie.Auth, { sign: false })
+  setCookie(ctx, token, Cookie.Auth, { sign: false })
   // set the token in a header as well for APIs
-  ctx.set(Header.TOKEN, user.token)
+  ctx.set(Header.TOKEN, token)
   // get rid of any app cookies on login
   // have to check test because this breaks cypress
   if (!env.isTest()) {
@@ -51,19 +57,35 @@ async function authInternal(ctx: any, user: any, err: any = null, info = null) {
   }
 }
 
-export const authenticate = async (ctx: any, next: any) => {
+export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
+  const email = ctx.request.body.username
+
+  const user = await userSdk.getUserByEmail(email)
+  if (user && (await userSdk.isPreventPasswordActions(user))) {
+    ctx.throw(403, "Invalid credentials")
+  }
+
   return passport.authenticate(
     "local",
     async (err: any, user: User, info: any) => {
-      await authInternal(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("local")
+      await passportCallback(ctx, user, err, info)
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("local", user.email)
       })
       ctx.status = 200
     }
   )(ctx, next)
 }
 
+export const logout = async (ctx: any) => {
+  if (ctx.user && ctx.user._id) {
+    await authSdk.logout({ ctx, userId: ctx.user._id })
+  }
+  ctx.body = { message: "User logged out." }
+}
+
+// INIT
+
 export const setInitInfo = (ctx: any) => {
   const initInfo = ctx.request.body
   setCookie(ctx, initInfo, Cookie.Init)
@@ -79,32 +101,16 @@ export const getInitInfo = (ctx: any) => {
   }
 }
 
+// PASSWORD MANAGEMENT
+
 /**
  * Reset the user password, used as part of a forgotten password flow.
  */
-export const reset = async (ctx: any) => {
+export const reset = async (ctx: Ctx<PasswordResetRequest>) => {
   const { email } = ctx.request.body
-  const configured = await isEmailConfigured()
-  if (!configured) {
-    ctx.throw(
-      400,
-      "Please contact your platform administrator, SMTP is not configured."
-    )
-  }
-  try {
-    const user = (await usersCore.getGlobalUserByEmail(email)) as User
-    // only if user exists, don't error though if they don't
-    if (user) {
-      await sendEmail(email, EmailTemplatePurpose.PASSWORD_RECOVERY, {
-        user,
-        subject: "{{ company }} platform password reset",
-      })
-      await events.user.passwordResetRequested(user)
-    }
-  } catch (err) {
-    console.log(err)
-    // don't throw any kind of error to the user, this might give away something
-  }
+
+  await authSdk.reset(email)
+
   ctx.body = {
     message: "Please check your email for a reset link.",
   }
@@ -113,32 +119,21 @@ export const reset = async (ctx: any) => {
 /**
  * Perform the user password update if the provided reset code is valid.
  */
-export const resetUpdate = async (ctx: any) => {
+export const resetUpdate = async (ctx: Ctx<PasswordResetUpdateRequest>) => {
   const { resetCode, password } = ctx.request.body
   try {
-    const { userId } = await checkResetPasswordCode(resetCode)
-    const db = tenancy.getGlobalDB()
-    const user = await db.get(userId)
-    user.password = await hash(password)
-    await db.put(user)
+    await authSdk.resetUpdate(resetCode, password)
     ctx.body = {
       message: "password reset successfully.",
     }
-    // remove password from the user before sending events
-    delete user.password
-    await events.user.passwordReset(user)
   } catch (err) {
-    console.error(err)
+    console.warn(err)
+    // hide any details of the error for security
     ctx.throw(400, "Cannot reset password.")
   }
 }
 
-export const logout = async (ctx: any) => {
-  if (ctx.user && ctx.user._id) {
-    await platformLogout({ ctx, userId: ctx.user._id })
-  }
-  ctx.body = { message: "User logged out." }
-}
+// DATASOURCE
 
 export const datasourcePreAuth = async (ctx: any, next: any) => {
   const provider = ctx.params.provider
@@ -166,22 +161,26 @@ export const datasourceAuth = async (ctx: any, next: any) => {
   return handler.postAuth(passport, ctx, next)
 }
 
+// GOOGLE SSO
+
+export async function googleCallbackUrl(config?: GoogleInnerConfig) {
+  return ssoCallbackUrl(ConfigType.GOOGLE, config)
+}
+
 /**
  * The initial call that google authentication makes to take you to the google login screen.
  * On a successful login, you will be redirected to the googleAuth callback route.
  */
 export const googlePreAuth = async (ctx: any, next: any) => {
-  const db = tenancy.getGlobalDB()
-
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.GOOGLE,
-    workspace: ctx.query.workspace,
-  })
+  const config = await configs.getGoogleConfig()
+  if (!config) {
+    return ctx.throw(400, "Google config not found")
+  }
   let callbackUrl = await googleCallbackUrl(config)
   const strategy = await google.strategyFactory(
     config,
     callbackUrl,
-    sdk.users.save
+    userSdk.save
   )
 
   return passport.authenticate(strategy, {
@@ -191,72 +190,71 @@ export const googlePreAuth = async (ctx: any, next: any) => {
   })(ctx, next)
 }
 
-export const googleAuth = async (ctx: any, next: any) => {
-  const db = tenancy.getGlobalDB()
-
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.GOOGLE,
-    workspace: ctx.query.workspace,
-  })
+export const googleCallback = async (ctx: any, next: any) => {
+  const config = await configs.getGoogleConfig()
+  if (!config) {
+    return ctx.throw(400, "Google config not found")
+  }
   const callbackUrl = await googleCallbackUrl(config)
   const strategy = await google.strategyFactory(
     config,
     callbackUrl,
-    sdk.users.save
+    userSdk.save
   )
 
   return passport.authenticate(
     strategy,
     { successRedirect: "/", failureRedirect: "/error" },
-    async (err: any, user: User, info: any) => {
-      await authInternal(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("google-internal")
+    async (err: any, user: SSOUser, info: any) => {
+      await passportCallback(ctx, user, err, info)
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("google-internal", user.email)
       })
       ctx.redirect("/")
     }
   )(ctx, next)
 }
 
-export const oidcStrategyFactory = async (ctx: any, configId: any) => {
-  const db = tenancy.getGlobalDB()
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.OIDC,
-    group: ctx.query.group,
-  })
+// OIDC SSO
 
-  const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
-  let callbackUrl = await oidcCallbackUrl(chosenConfig)
+export async function oidcCallbackUrl() {
+  return ssoCallbackUrl(ConfigType.OIDC)
+}
+
+export const oidcStrategyFactory = async (ctx: any, configId: any) => {
+  const config = await configs.getOIDCConfig()
+  if (!config) {
+    return ctx.throw(400, "OIDC config not found")
+  }
+
+  let callbackUrl = await oidcCallbackUrl()
 
   //Remote Config
-  const enrichedConfig = await oidc.fetchStrategyConfig(
-    chosenConfig,
-    callbackUrl
-  )
-  return oidc.strategyFactory(enrichedConfig, sdk.users.save)
+  const enrichedConfig = await oidc.fetchStrategyConfig(config, callbackUrl)
+  return oidc.strategyFactory(enrichedConfig, userSdk.save)
 }
 
 /**
  * The initial call that OIDC authentication makes to take you to the configured OIDC login screen.
  * On a successful login, you will be redirected to the oidcAuth callback route.
  */
-export const oidcPreAuth = async (ctx: any, next: any) => {
+export const oidcPreAuth = async (ctx: Ctx, next: any) => {
   const { configId } = ctx.params
+  if (!configId) {
+    ctx.throw(400, "OIDC config id is required")
+  }
   const strategy = await oidcStrategyFactory(ctx, configId)
 
   setCookie(ctx, configId, Cookie.OIDC_CONFIG)
 
-  const db = tenancy.getGlobalDB()
-  const config = await dbCore.getScopedConfig(db, {
-    type: ConfigType.OIDC,
-    group: ctx.query.group,
-  })
-
-  const chosenConfig = config.configs.filter((c: any) => c.uuid === configId)[0]
+  const config = await configs.getOIDCConfigById(configId)
+  if (!config) {
+    return ctx.throw(400, "OIDC config not found")
+  }
 
   let authScopes =
-    chosenConfig.scopes?.length > 0
-      ? chosenConfig.scopes
+    config.scopes?.length > 0
+      ? config.scopes
       : ["profile", "email", "offline_access"]
 
   return passport.authenticate(strategy, {
@@ -265,17 +263,17 @@ export const oidcPreAuth = async (ctx: any, next: any) => {
   })(ctx, next)
 }
 
-export const oidcAuth = async (ctx: any, next: any) => {
+export const oidcCallback = async (ctx: any, next: any) => {
   const configId = getCookie(ctx, Cookie.OIDC_CONFIG)
   const strategy = await oidcStrategyFactory(ctx, configId)
 
   return passport.authenticate(
     strategy,
     { successRedirect: "/", failureRedirect: "/error" },
-    async (err: any, user: any, info: any) => {
-      await authInternal(ctx, user, err, info)
-      await context.identity.doInUserContext(user, async () => {
-        await events.auth.login("oidc")
+    async (err: any, user: SSOUser, info: any) => {
+      await passportCallback(ctx, user, err, info)
+      await context.identity.doInUserContext(user, ctx, async () => {
+        await events.auth.login("oidc", user.email)
       })
       ctx.redirect("/")
     }
diff --git a/packages/worker/src/api/controllers/global/configs.ts b/packages/worker/src/api/controllers/global/configs.ts
index 855d766a87..02459855c2 100644
--- a/packages/worker/src/api/controllers/global/configs.ts
+++ b/packages/worker/src/api/controllers/global/configs.ts
@@ -2,38 +2,37 @@ import * as email from "../../../utilities/email"
 import env from "../../../environment"
 import { googleCallbackUrl, oidcCallbackUrl } from "./auth"
 import {
-  events,
   cache,
-  objectStore,
-  tenancy,
+  configs,
   db as dbCore,
   env as coreEnv,
+  events,
+  objectStore,
+  tenancy,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
 import {
-  Database,
-  Config as ConfigDoc,
+  Config,
   ConfigType,
-  SSOType,
-  GoogleConfig,
-  OIDCConfig,
-  SettingsConfig,
+  Ctx,
+  GetPublicOIDCConfigResponse,
+  GetPublicSettingsResponse,
+  GoogleInnerConfig,
   isGoogleConfig,
   isOIDCConfig,
   isSettingsConfig,
   isSMTPConfig,
-  Ctx,
+  OIDCConfigs,
+  SettingsInnerConfig,
+  SSOConfig,
+  SSOConfigType,
   UserCtx,
 } from "@budibase/types"
+import * as pro from "@budibase/pro"
 
-const getEventFns = async (db: Database, config: ConfigDoc) => {
+const getEventFns = async (config: Config, existing?: Config) => {
   const fns = []
 
-  let existing
-  if (config._id) {
-    existing = await db.get(config._id)
-  }
-
   if (!existing) {
     if (isSMTPConfig(config)) {
       fns.push(events.email.SMTPCreated)
@@ -125,31 +124,96 @@ const getEventFns = async (db: Database, config: ConfigDoc) => {
   return fns
 }
 
-export async function save(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-  const { type, workspace, user, config } = ctx.request.body
-  let eventFns = await getEventFns(db, ctx.request.body)
-  // Config does not exist yet
-  if (!ctx.request.body._id) {
-    ctx.request.body._id = dbCore.generateConfigID({
-      type,
-      workspace,
-      user,
-    })
+type SSOConfigs = { [key in SSOConfigType]: SSOConfig | undefined }
+
+async function getSSOConfigs(): Promise<SSOConfigs> {
+  const google = await configs.getGoogleConfig()
+  const oidc = await configs.getOIDCConfig()
+  return {
+    [ConfigType.GOOGLE]: google,
+    [ConfigType.OIDC]: oidc,
   }
+}
+
+async function hasActivatedConfig(ssoConfigs?: SSOConfigs) {
+  if (!ssoConfigs) {
+    ssoConfigs = await getSSOConfigs()
+  }
+  return !!Object.values(ssoConfigs).find(c => c?.activated)
+}
+
+async function verifySettingsConfig(config: SettingsInnerConfig) {
+  if (config.isSSOEnforced) {
+    const valid = await hasActivatedConfig()
+    if (!valid) {
+      throw new Error("Cannot enforce SSO without an activated configuration")
+    }
+  }
+}
+
+async function verifySSOConfig(type: SSOConfigType, config: SSOConfig) {
+  const settings = await configs.getSettingsConfig()
+  if (settings.isSSOEnforced && !config.activated) {
+    // config is being saved as deactivated
+    // ensure there is at least one other activated sso config
+    const ssoConfigs = await getSSOConfigs()
+
+    // overwrite the config being updated
+    // to reflect the desired state
+    ssoConfigs[type] = config
+
+    const activated = await hasActivatedConfig(ssoConfigs)
+    if (!activated) {
+      throw new Error(
+        "Configuration cannot be deactivated while SSO is enforced"
+      )
+    }
+  }
+}
+
+async function verifyGoogleConfig(config: GoogleInnerConfig) {
+  await verifySSOConfig(ConfigType.GOOGLE, config)
+}
+
+async function verifyOIDCConfig(config: OIDCConfigs) {
+  await verifySSOConfig(ConfigType.OIDC, config.configs[0])
+}
+
+export async function save(ctx: UserCtx<Config>) {
+  const body = ctx.request.body
+  const type = body.type
+  const config = body.config
+
+  const existingConfig = await configs.getConfig(type)
+  let eventFns = await getEventFns(ctx.request.body, existingConfig)
+
+  if (existingConfig) {
+    body._rev = existingConfig._rev
+  }
+
   try {
     // verify the configuration
     switch (type) {
       case ConfigType.SMTP:
         await email.verifyConfig(config)
         break
+      case ConfigType.SETTINGS:
+        await verifySettingsConfig(config)
+        break
+      case ConfigType.GOOGLE:
+        await verifyGoogleConfig(config)
+        break
+      case ConfigType.OIDC:
+        await verifyOIDCConfig(config)
+        break
     }
   } catch (err: any) {
     ctx.throw(400, err)
   }
 
   try {
-    const response = await db.put(ctx.request.body)
+    body._id = configs.generateConfigID(type)
+    const response = await configs.save(body)
     await cache.bustCache(cache.CacheKey.CHECKLIST)
     await cache.bustCache(cache.CacheKey.ANALYTICS_ENABLED)
 
@@ -167,44 +231,11 @@ export async function save(ctx: UserCtx) {
   }
 }
 
-export async function fetch(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-  const response = await db.allDocs(
-    dbCore.getConfigParams(
-      { type: ctx.params.type },
-      {
-        include_docs: true,
-      }
-    )
-  )
-  ctx.body = response.rows.map(row => row.doc)
-}
-
-/**
- * Gets the most granular config for a particular configuration type.
- * The hierarchy is type -> workspace -> user.
- */
 export async function find(ctx: UserCtx) {
-  const db = tenancy.getGlobalDB()
-
-  const { userId, workspaceId } = ctx.query
-  if (workspaceId && userId) {
-    const workspace = await db.get(workspaceId as string)
-    const userInWorkspace = workspace.users.some(
-      (workspaceUser: any) => workspaceUser === userId
-    )
-    if (!ctx.user!.admin && !userInWorkspace) {
-      ctx.throw(400, `User is not in specified workspace: ${workspace}.`)
-    }
-  }
-
   try {
     // Find the config with the most granular scope based on context
-    const scopedConfig = await dbCore.getScopedFullConfig(db, {
-      type: ctx.params.type,
-      user: userId,
-      workspace: workspaceId,
-    })
+    const type = ctx.params.type
+    const scopedConfig = await configs.getConfig(type)
 
     if (scopedConfig) {
       ctx.body = scopedConfig
@@ -217,85 +248,70 @@ export async function find(ctx: UserCtx) {
   }
 }
 
-export async function publicOidc(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
+export async function publicOidc(ctx: Ctx<void, GetPublicOIDCConfigResponse>) {
   try {
     // Find the config with the most granular scope based on context
-    const oidcConfig: OIDCConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.OIDC,
-    })
+    const config = await configs.getOIDCConfig()
 
-    if (!oidcConfig) {
-      ctx.body = {}
+    if (!config) {
+      ctx.body = []
     } else {
-      ctx.body = oidcConfig.config.configs.map(config => ({
-        logo: config.logo,
-        name: config.name,
-        uuid: config.uuid,
-      }))
+      ctx.body = [
+        {
+          logo: config.logo,
+          name: config.name,
+          uuid: config.uuid,
+        },
+      ]
     }
   } catch (err: any) {
     ctx.throw(err.status, err)
   }
 }
 
-export async function publicSettings(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
-
+export async function publicSettings(
+  ctx: Ctx<void, GetPublicSettingsResponse>
+) {
   try {
-    // Find the config with the most granular scope based on context
-    const publicConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.SETTINGS,
-    })
-
-    const googleConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.GOOGLE,
-    })
-
-    const oidcConfig = await dbCore.getScopedFullConfig(db, {
-      type: ConfigType.OIDC,
-    })
-
-    let config
-    if (!publicConfig) {
-      config = {
-        config: {},
-      }
-    } else {
-      config = publicConfig
-    }
-
-    // enrich the logo url
-    // empty url means deleted
-    if (config.config.logoUrl && config.config.logoUrl !== "") {
-      config.config.logoUrl = objectStore.getGlobalFileUrl(
+    // settings
+    const configDoc = await configs.getSettingsConfigDoc()
+    const config = configDoc.config
+    // enrich the logo url - empty url means deleted
+    if (config.logoUrl && config.logoUrl !== "") {
+      config.logoUrl = objectStore.getGlobalFileUrl(
         "settings",
         "logoUrl",
-        config.config.logoUrlEtag
+        config.logoUrlEtag
       )
     }
 
-    // google button flag
-    if (googleConfig && googleConfig.config) {
-      // activated by default for configs pre-activated flag
-      config.config.google =
-        googleConfig.config.activated == null || googleConfig.config.activated
-    } else {
-      config.config.google = false
+    // google
+    const googleConfig = await configs.getGoogleConfig()
+    const preActivated = googleConfig?.activated == null
+    const google = preActivated || !!googleConfig?.activated
+    const _googleCallbackUrl = await googleCallbackUrl(googleConfig)
+
+    // oidc
+    const oidcConfig = await configs.getOIDCConfig()
+    const oidc = oidcConfig?.activated || false
+    const _oidcCallbackUrl = await oidcCallbackUrl()
+
+    // sso enforced
+    const isSSOEnforced = await pro.features.isSSOEnforced({ config })
+
+    ctx.body = {
+      type: ConfigType.SETTINGS,
+      _id: configDoc._id,
+      _rev: configDoc._rev,
+      config: {
+        ...config,
+        google,
+        oidc,
+        isSSOEnforced,
+        oidcCallbackUrl: _oidcCallbackUrl,
+        googleCallbackUrl: _googleCallbackUrl,
+      },
     }
-
-    // callback urls
-    config.config.oidcCallbackUrl = await oidcCallbackUrl()
-    config.config.googleCallbackUrl = await googleCallbackUrl()
-
-    // oidc button flag
-    if (oidcConfig && oidcConfig.config) {
-      config.config.oidc = oidcConfig.config.configs[0].activated
-    } else {
-      config.config.oidc = false
-    }
-
-    ctx.body = config
   } catch (err: any) {
     ctx.throw(err.status, err)
   }
@@ -319,12 +335,11 @@ export async function upload(ctx: UserCtx) {
   })
 
   // add to configuration structure
-  // TODO: right now this only does a global level
-  const db = tenancy.getGlobalDB()
-  let cfgStructure = await dbCore.getScopedFullConfig(db, { type })
-  if (!cfgStructure) {
-    cfgStructure = {
-      _id: dbCore.generateConfigID({ type }),
+  let config = await configs.getConfig(type)
+  if (!config) {
+    config = {
+      _id: configs.generateConfigID(type),
+      type,
       config: {},
     }
   }
@@ -332,14 +347,14 @@ export async function upload(ctx: UserCtx) {
   // save the Etag for cache bursting
   const etag = result.ETag
   if (etag) {
-    cfgStructure.config[`${name}Etag`] = etag.replace(/"/g, "")
+    config.config[`${name}Etag`] = etag.replace(/"/g, "")
   }
 
   // save the file key
-  cfgStructure.config[`${name}`] = key
+  config.config[`${name}`] = key
 
   // write back to db
-  await db.put(cfgStructure)
+  await configs.save(config)
 
   ctx.body = {
     message: "File has been uploaded and url stored to config.",
@@ -360,7 +375,6 @@ export async function destroy(ctx: UserCtx) {
 }
 
 export async function configChecklist(ctx: Ctx) {
-  const db = tenancy.getGlobalDB()
   const tenantId = tenancy.getTenantId()
 
   try {
@@ -375,19 +389,13 @@ export async function configChecklist(ctx: Ctx) {
         }
 
         // They have set up SMTP
-        const smtpConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.SMTP,
-        })
+        const smtpConfig = await configs.getSMTPConfig()
 
         // They have set up Google Auth
-        const googleConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.GOOGLE,
-        })
+        const googleConfig = await configs.getGoogleConfig()
 
         // They have set up OIDC
-        const oidcConfig = await dbCore.getScopedFullConfig(db, {
-          type: ConfigType.OIDC,
-        })
+        const oidcConfig = await configs.getOIDCConfig()
 
         // They have set up a global user
         const userExists = await checkAnyUserExists()
diff --git a/packages/worker/src/api/controllers/global/self.ts b/packages/worker/src/api/controllers/global/self.ts
index 06906f1e8e..889a3e6a27 100644
--- a/packages/worker/src/api/controllers/global/self.ts
+++ b/packages/worker/src/api/controllers/global/self.ts
@@ -1,18 +1,22 @@
-import sdk from "../../../sdk"
+import * as userSdk from "../../../sdk/users"
 import {
-  events,
   featureFlags,
   tenancy,
   constants,
   db as dbCore,
   utils,
-  cache,
   encryption,
+  auth as authCore,
 } from "@budibase/backend-core"
 import env from "../../../environment"
 import { groups } from "@budibase/pro"
-const { hash, platformLogout, getCookie, clearCookie, newid } = utils
-const { user: userCache } = cache
+import {
+  UpdateSelfRequest,
+  UpdateSelfResponse,
+  UpdateSelf,
+  UserCtx,
+} from "@budibase/types"
+const { getCookie, clearCookie, newid } = utils
 
 function newTestApiKey() {
   return env.ENCRYPTED_TEST_PUBLIC_API_KEY
@@ -93,17 +97,6 @@ const addSessionAttributesToUser = (ctx: any) => {
   ctx.body.csrfToken = ctx.user.csrfToken
 }
 
-const sanitiseUserUpdate = (ctx: any) => {
-  const allowed = ["firstName", "lastName", "password", "forceResetPassword"]
-  const resp: { [key: string]: any } = {}
-  for (let [key, value] of Object.entries(ctx.request.body)) {
-    if (allowed.includes(key)) {
-      resp[key] = value
-    }
-  }
-  return resp
-}
-
 export async function getSelf(ctx: any) {
   if (!ctx.user) {
     ctx.throw(403, "User not logged in")
@@ -116,7 +109,7 @@ export async function getSelf(ctx: any) {
   checkCurrentApp(ctx)
 
   // get the main body of the user
-  const user = await sdk.users.getUser(userId)
+  const user = await userSdk.getUser(userId)
   ctx.body = await groups.enrichUserRolesFromGroups(user)
 
   // add the feature flags for this tenant
@@ -126,39 +119,30 @@ export async function getSelf(ctx: any) {
   addSessionAttributesToUser(ctx)
 }
 
-export async function updateSelf(ctx: any) {
-  const db = tenancy.getGlobalDB()
-  const user = await db.get(ctx.user._id)
-  let passwordChange = false
+export async function updateSelf(
+  ctx: UserCtx<UpdateSelfRequest, UpdateSelfResponse>
+) {
+  const body = ctx.request.body
+  const update: UpdateSelf = {
+    firstName: body.firstName,
+    lastName: body.lastName,
+    password: body.password,
+    forceResetPassword: body.forceResetPassword,
+  }
 
-  const userUpdateObj = sanitiseUserUpdate(ctx)
-  if (userUpdateObj.password) {
-    // changing password
-    passwordChange = true
-    userUpdateObj.password = await hash(userUpdateObj.password)
+  const user = await userSdk.updateSelf(ctx.user._id!, update)
+
+  if (update.password) {
     // Log all other sessions out apart from the current one
-    await platformLogout({
+    await authCore.platformLogout({
       ctx,
-      userId: ctx.user._id,
+      userId: ctx.user._id!,
       keepActiveSession: true,
     })
   }
 
-  const response = await db.put({
-    ...user,
-    ...userUpdateObj,
-  })
-  await userCache.invalidateUser(user._id)
   ctx.body = {
-    _id: response.id,
-    _rev: response.rev,
-  }
-
-  // remove the old password from the user before sending events
-  user._rev = response.rev
-  delete user.password
-  await events.user.updated(user)
-  if (passwordChange) {
-    await events.user.passwordUpdated(user)
+    _id: user._id!,
+    _rev: user._rev!,
   }
 }
diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts
index 817480151d..d68e726e71 100644
--- a/packages/worker/src/api/controllers/global/users.ts
+++ b/packages/worker/src/api/controllers/global/users.ts
@@ -1,31 +1,54 @@
-import { checkInviteCode } from "../../../utilities/redis"
-import sdk from "../../../sdk"
+import {
+  checkInviteCode,
+  getInviteCodes,
+  updateInviteCode,
+} from "../../../utilities/redis"
+// import sdk from "../../../sdk"
+import * as userSdk from "../../../sdk/users"
 import env from "../../../environment"
 import {
+  AcceptUserInviteRequest,
+  AcceptUserInviteResponse,
   BulkUserRequest,
   BulkUserResponse,
   CloudAccount,
   CreateAdminUserRequest,
+  CreateAdminUserResponse,
+  Ctx,
   InviteUserRequest,
   InviteUsersRequest,
+  MigrationType,
+  SaveUserResponse,
   SearchUsersRequest,
   User,
+  UserCtx,
 } from "@budibase/types"
 import {
   accounts,
   cache,
   errors,
   events,
+  migrations,
   tenancy,
+  platform,
 } from "@budibase/backend-core"
 import { checkAnyUserExists } from "../../../utilities/users"
+import { isEmailConfigured } from "../../../utilities/email"
 
 const MAX_USERS_UPLOAD_LIMIT = 1000
 
-export const save = async (ctx: any) => {
+export const save = async (ctx: UserCtx<User, SaveUserResponse>) => {
   try {
     const currentUserId = ctx.user._id
-    ctx.body = await sdk.users.save(ctx.request.body, { currentUserId })
+    const requestUser = ctx.request.body
+
+    const user = await userSdk.save(requestUser, { currentUserId })
+
+    ctx.body = {
+      _id: user._id!,
+      _rev: user._rev!,
+      email: user.email,
+    }
   } catch (err: any) {
     ctx.throw(err.status || 400, err)
   }
@@ -35,7 +58,7 @@ const bulkDelete = async (userIds: string[], currentUserId: string) => {
   if (userIds?.indexOf(currentUserId) !== -1) {
     throw new Error("Unable to delete self.")
   }
-  return await sdk.users.bulkDelete(userIds)
+  return await userSdk.bulkDelete(userIds)
 }
 
 const bulkCreate = async (users: User[], groupIds: string[]) => {
@@ -44,7 +67,7 @@ const bulkCreate = async (users: User[], groupIds: string[]) => {
       "Max limit for upload is 1000 users. Please reduce file size and try again."
     )
   }
-  return await sdk.users.bulkCreate(users, groupIds)
+  return await userSdk.bulkCreate(users, groupIds)
 }
 
 export const bulkUpdate = async (ctx: any) => {
@@ -68,19 +91,30 @@ const parseBooleanParam = (param: any) => {
   return !(param && param === "false")
 }
 
-export const adminUser = async (ctx: any) => {
-  const { email, password, tenantId } = ctx.request
-    .body as CreateAdminUserRequest
+export const adminUser = async (
+  ctx: Ctx<CreateAdminUserRequest, CreateAdminUserResponse>
+) => {
+  const { email, password, tenantId } = ctx.request.body
+
+  if (await platform.tenants.exists(tenantId)) {
+    ctx.throw(403, "Organisation already exists.")
+  }
+
+  if (env.MULTI_TENANCY) {
+    // store the new tenant record in the platform db
+    await platform.tenants.addTenant(tenantId)
+    await migrations.backPopulateMigrations({
+      type: MigrationType.GLOBAL,
+      tenantId,
+    })
+  }
+
   await tenancy.doInTenant(tenantId, async () => {
     // account portal sends a pre-hashed password - honour param to prevent double hashing
     const hashPassword = parseBooleanParam(ctx.request.query.hashPassword)
     // account portal sends no password for SSO users
     const requirePassword = parseBooleanParam(ctx.request.query.requirePassword)
 
-    if (await tenancy.doesTenantExist(tenantId)) {
-      ctx.throw(403, "Organisation already exists.")
-    }
-
     const userExists = await checkAnyUserExists()
     if (userExists) {
       ctx.throw(
@@ -106,7 +140,7 @@ export const adminUser = async (ctx: any) => {
       // always bust checklist beforehand, if an error occurs but can proceed, don't get
       // stuck in a cycle
       await cache.bustCache(cache.CacheKey.CHECKLIST)
-      const finalUser = await sdk.users.save(user, {
+      const finalUser = await userSdk.save(user, {
         hashPassword,
         requirePassword,
       })
@@ -118,7 +152,11 @@ export const adminUser = async (ctx: any) => {
       }
       await events.identification.identifyTenantGroup(tenantId, account)
 
-      ctx.body = finalUser
+      ctx.body = {
+        _id: finalUser._id!,
+        _rev: finalUser._rev!,
+        email: finalUser.email,
+      }
     } catch (err: any) {
       ctx.throw(err.status || 400, err)
     }
@@ -128,7 +166,7 @@ export const adminUser = async (ctx: any) => {
 export const countByApp = async (ctx: any) => {
   const appId = ctx.params.appId
   try {
-    ctx.body = await sdk.users.countUsersByApp(appId)
+    ctx.body = await userSdk.countUsersByApp(appId)
   } catch (err: any) {
     ctx.throw(err.status || 400, err)
   }
@@ -140,28 +178,40 @@ export const destroy = async (ctx: any) => {
     ctx.throw(400, "Unable to delete self.")
   }
 
-  await sdk.users.destroy(id, ctx.user)
+  await userSdk.destroy(id, ctx.user)
 
   ctx.body = {
     message: `User ${id} deleted.`,
   }
 }
 
+export const getAppUsers = async (ctx: any) => {
+  const body = ctx.request.body as SearchUsersRequest
+  const users = await userSdk.getUsersByAppAccess(body?.appId)
+
+  ctx.body = { data: users }
+}
+
 export const search = async (ctx: any) => {
   const body = ctx.request.body as SearchUsersRequest
-  const paginated = await sdk.users.paginatedUsers(body)
-  // user hashed password shouldn't ever be returned
-  for (let user of paginated.data) {
-    if (user) {
-      delete user.password
+
+  if (body.paginated === false) {
+    await getAppUsers(ctx)
+  } else {
+    const paginated = await userSdk.paginatedUsers(body)
+    // user hashed password shouldn't ever be returned
+    for (let user of paginated.data) {
+      if (user) {
+        delete user.password
+      }
     }
+    ctx.body = paginated
   }
-  ctx.body = paginated
 }
 
 // called internally by app server user fetch
 export const fetch = async (ctx: any) => {
-  const all = await sdk.users.allUsers()
+  const all = await userSdk.allUsers()
   // user hashed password shouldn't ever be returned
   for (let user of all) {
     if (user) {
@@ -173,12 +223,12 @@ export const fetch = async (ctx: any) => {
 
 // called internally by app server user find
 export const find = async (ctx: any) => {
-  ctx.body = await sdk.users.getUser(ctx.params.id)
+  ctx.body = await userSdk.getUser(ctx.params.id)
 }
 
 export const tenantUserLookup = async (ctx: any) => {
   const id = ctx.params.id
-  const user = await sdk.users.getPlatformUser(id)
+  const user = await userSdk.getPlatformUser(id)
   if (user) {
     ctx.body = user
   } else {
@@ -186,9 +236,71 @@ export const tenantUserLookup = async (ctx: any) => {
   }
 }
 
+/* 
+  Encapsulate the app user onboarding flows here.
+*/
+export const onboardUsers = async (ctx: any) => {
+  const request = ctx.request.body as InviteUsersRequest | BulkUserRequest
+  const isBulkCreate = "create" in request
+
+  const emailConfigured = await isEmailConfigured()
+
+  let onboardingResponse
+
+  if (isBulkCreate) {
+    // @ts-ignore
+    const { users, groups, roles } = request.create
+    const assignUsers = users.map((user: User) => (user.roles = roles))
+    onboardingResponse = await userSdk.bulkCreate(assignUsers, groups)
+    ctx.body = onboardingResponse
+  } else if (emailConfigured) {
+    onboardingResponse = await inviteMultiple(ctx)
+  } else if (!emailConfigured) {
+    const inviteRequest = ctx.request.body as InviteUsersRequest
+
+    let createdPasswords: any = {}
+
+    const users: User[] = inviteRequest.map(invite => {
+      let password = Math.random().toString(36).substring(2, 22)
+
+      // Temp password to be passed to the user.
+      createdPasswords[invite.email] = password
+
+      return {
+        email: invite.email,
+        password,
+        forceResetPassword: true,
+        roles: invite.userInfo.apps,
+        admin: { global: false },
+        builder: { global: false },
+        tenantId: tenancy.getTenantId(),
+      }
+    })
+    let bulkCreateReponse = await userSdk.bulkCreate(users, [])
+
+    // Apply temporary credentials
+    let createWithCredentials = {
+      ...bulkCreateReponse,
+      successful: bulkCreateReponse?.successful.map(user => {
+        return {
+          ...user,
+          password: createdPasswords[user.email],
+        }
+      }),
+      created: true,
+    }
+
+    ctx.body = createWithCredentials
+  } else {
+    ctx.throw(400, "User onboarding failed")
+  }
+}
+
 export const invite = async (ctx: any) => {
   const request = ctx.request.body as InviteUserRequest
-  const response = await sdk.users.invite([request])
+
+  let multiRequest = [request] as InviteUsersRequest
+  const response = await userSdk.invite(multiRequest)
 
   // explicitly throw for single user invite
   if (response.unsuccessful.length) {
@@ -202,12 +314,14 @@ export const invite = async (ctx: any) => {
 
   ctx.body = {
     message: "Invitation has been sent.",
+    successful: response.successful,
+    unsuccessful: response.unsuccessful,
   }
 }
 
 export const inviteMultiple = async (ctx: any) => {
   const request = ctx.request.body as InviteUsersRequest
-  ctx.body = await sdk.users.invite(request)
+  ctx.body = await userSdk.invite(request)
 }
 
 export const checkInvite = async (ctx: any) => {
@@ -223,24 +337,89 @@ export const checkInvite = async (ctx: any) => {
   }
 }
 
-export const inviteAccept = async (ctx: any) => {
+export const getUserInvites = async (ctx: any) => {
+  let invites
+  try {
+    // Restricted to the currently authenticated tenant
+    invites = await getInviteCodes([ctx.user.tenantId])
+  } catch (e) {
+    ctx.throw(400, "There was a problem fetching invites")
+  }
+  ctx.body = invites
+}
+
+export const updateInvite = async (ctx: any) => {
+  const { code } = ctx.params
+  let updateBody = { ...ctx.request.body }
+
+  delete updateBody.email
+
+  let invite
+  try {
+    invite = await checkInviteCode(code, false)
+    if (!invite) {
+      throw new Error("The invite could not be retrieved")
+    }
+  } catch (e) {
+    ctx.throw(400, "There was a problem with the invite")
+  }
+
+  let updated = {
+    ...invite,
+  }
+
+  if (!updateBody?.apps || !Object.keys(updateBody?.apps).length) {
+    updated.info.apps = []
+  } else {
+    updated.info = {
+      ...invite.info,
+      apps: {
+        ...invite.info.apps,
+        ...updateBody.apps,
+      },
+    }
+  }
+
+  await updateInviteCode(code, updated)
+  ctx.body = { ...invite }
+}
+
+export const inviteAccept = async (
+  ctx: Ctx<AcceptUserInviteRequest, AcceptUserInviteResponse>
+) => {
   const { inviteCode, password, firstName, lastName } = ctx.request.body
   try {
     // info is an extension of the user object that was stored by global
     const { email, info }: any = await checkInviteCode(inviteCode)
-    ctx.body = await tenancy.doInTenant(info.tenantId, async () => {
-      const saved = await sdk.users.save({
+    const user = await tenancy.doInTenant(info.tenantId, async () => {
+      let request = {
         firstName,
         lastName,
         password,
         email,
+        roles: info.apps,
+        tenantId: info.tenantId,
+      }
+
+      delete info.apps
+
+      request = {
+        ...request,
         ...info,
-      })
+      }
+
+      const saved = await userSdk.save(request)
       const db = tenancy.getGlobalDB()
       const user = await db.get(saved._id)
       await events.user.inviteAccepted(user)
       return saved
     })
+
+    ctx.body = {
+      _id: user._id,
+      _rev: user._rev,
+      email: user.email,
+    }
   } catch (err: any) {
     if (err.code === errors.codes.USAGE_LIMIT_EXCEEDED) {
       // explicitly re-throw limit exceeded errors
diff --git a/packages/worker/src/api/controllers/system/accounts.ts b/packages/worker/src/api/controllers/system/accounts.ts
index 0aa5f25785..10b809c0b5 100644
--- a/packages/worker/src/api/controllers/system/accounts.ts
+++ b/packages/worker/src/api/controllers/system/accounts.ts
@@ -1,21 +1,23 @@
 import { Account, AccountMetadata } from "@budibase/types"
-import sdk from "../../../sdk"
+import * as accounts from "../../../sdk/accounts"
 
 export const save = async (ctx: any) => {
   const account = ctx.request.body as Account
   let metadata: AccountMetadata = {
-    _id: sdk.accounts.formatAccountMetadataId(account.accountId),
+    _id: accounts.metadata.formatAccountMetadataId(account.accountId),
     email: account.email,
   }
 
-  metadata = await sdk.accounts.saveMetadata(metadata)
+  metadata = await accounts.metadata.saveMetadata(metadata)
 
   ctx.body = metadata
   ctx.status = 200
 }
 
 export const destroy = async (ctx: any) => {
-  const accountId = sdk.accounts.formatAccountMetadataId(ctx.params.accountId)
-  await sdk.accounts.destroyMetadata(accountId)
+  const accountId = accounts.metadata.formatAccountMetadataId(
+    ctx.params.accountId
+  )
+  await accounts.metadata.destroyMetadata(accountId)
   ctx.status = 204
 }
diff --git a/packages/worker/src/api/controllers/system/tenants.ts b/packages/worker/src/api/controllers/system/tenants.ts
index 6916049534..151507358f 100644
--- a/packages/worker/src/api/controllers/system/tenants.ts
+++ b/packages/worker/src/api/controllers/system/tenants.ts
@@ -1,8 +1,7 @@
-import { BBContext } from "@budibase/types"
-import { deprovisioning } from "@budibase/backend-core"
-import { quotas } from "@budibase/pro"
+import { UserCtx } from "@budibase/types"
+import * as tenantSdk from "../../../sdk/tenants"
 
-const _delete = async (ctx: BBContext) => {
+export async function destroy(ctx: UserCtx) {
   const user = ctx.user!
   const tenantId = ctx.params.tenantId
 
@@ -11,13 +10,10 @@ const _delete = async (ctx: BBContext) => {
   }
 
   try {
-    await quotas.bustCache()
-    await deprovisioning.deleteTenant(tenantId)
+    await tenantSdk.deleteTenant(tenantId)
     ctx.status = 204
   } catch (err) {
     ctx.log.error(err)
     throw err
   }
 }
-
-export { _delete as delete }
diff --git a/packages/worker/src/api/index.ts b/packages/worker/src/api/index.ts
index d8df62f532..b390d36bb8 100644
--- a/packages/worker/src/api/index.ts
+++ b/packages/worker/src/api/index.ts
@@ -3,8 +3,7 @@ const compress = require("koa-compress")
 const zlib = require("zlib")
 import { routes } from "./routes"
 import { middleware as pro } from "@budibase/pro"
-import { errors, auth, middleware } from "@budibase/backend-core"
-import { APIError } from "@budibase/types"
+import { auth, middleware } from "@budibase/backend-core"
 
 const PUBLIC_ENDPOINTS = [
   // deprecated single tenant sso callback
@@ -109,7 +108,9 @@ const NO_TENANCY_ENDPOINTS = [
 const NO_CSRF_ENDPOINTS = [...PUBLIC_ENDPOINTS]
 
 const router: Router = new Router()
+
 router
+  .use(middleware.errorHandling)
   .use(
     compress({
       threshold: 2048,
@@ -136,29 +137,12 @@ router
       (!ctx.isAuthenticated || (ctx.user && !ctx.user.budibaseAccess)) &&
       !ctx.internal
     ) {
-      ctx.throw(403, "Unauthorized - no public worker access")
+      ctx.throw(403, "Unauthorized")
     }
     return next()
   })
   .use(middleware.auditLog)
 
-// error handling middleware - TODO: This could be moved to backend-core
-router.use(async (ctx, next) => {
-  try {
-    await next()
-  } catch (err: any) {
-    ctx.log.error(err)
-    ctx.status = err.status || err.statusCode || 500
-    const error = errors.getPublicError(err)
-    const body: APIError = {
-      message: err.message,
-      status: ctx.status,
-      error,
-    }
-    ctx.body = body
-  }
-})
-
 router.get("/health", ctx => (ctx.status = 200))
 
 // authenticated routes
diff --git a/packages/worker/src/api/routes/global/auth.ts b/packages/worker/src/api/routes/global/auth.ts
index b13cef2fc6..503182a418 100644
--- a/packages/worker/src/api/routes/global/auth.ts
+++ b/packages/worker/src/api/routes/global/auth.ts
@@ -33,7 +33,7 @@ router
   .post(
     "/api/global/auth/:tenantId/login",
     buildAuthValidation(),
-    authController.authenticate
+    authController.login
   )
   .post("/api/global/auth/logout", authController.logout)
   .post(
@@ -68,21 +68,24 @@ router
 
   // GOOGLE - MULTI TENANT
   .get("/api/global/auth/:tenantId/google", authController.googlePreAuth)
-  .get("/api/global/auth/:tenantId/google/callback", authController.googleAuth)
+  .get(
+    "/api/global/auth/:tenantId/google/callback",
+    authController.googleCallback
+  )
 
   // GOOGLE - SINGLE TENANT - DEPRECATED
-  .get("/api/global/auth/google/callback", authController.googleAuth)
-  .get("/api/admin/auth/google/callback", authController.googleAuth)
+  .get("/api/global/auth/google/callback", authController.googleCallback)
+  .get("/api/admin/auth/google/callback", authController.googleCallback)
 
   // OIDC - MULTI TENANT
   .get(
     "/api/global/auth/:tenantId/oidc/configs/:configId",
     authController.oidcPreAuth
   )
-  .get("/api/global/auth/:tenantId/oidc/callback", authController.oidcAuth)
+  .get("/api/global/auth/:tenantId/oidc/callback", authController.oidcCallback)
 
   // OIDC - SINGLE TENANT - DEPRECATED
-  .get("/api/global/auth/oidc/callback", authController.oidcAuth)
-  .get("/api/admin/auth/oidc/callback", authController.oidcAuth)
+  .get("/api/global/auth/oidc/callback", authController.oidcCallback)
+  .get("/api/admin/auth/oidc/callback", authController.oidcCallback)
 
 export default router
diff --git a/packages/worker/src/api/routes/global/configs.ts b/packages/worker/src/api/routes/global/configs.ts
index 38a31a28e6..88c6bfbe7d 100644
--- a/packages/worker/src/api/routes/global/configs.ts
+++ b/packages/worker/src/api/routes/global/configs.ts
@@ -34,8 +34,8 @@ function settingValidation() {
 function googleValidation() {
   // prettier-ignore
   return Joi.object({
-    clientID: Joi.when('activated', { is: true, then: Joi.string().required() }),
-    clientSecret: Joi.when('activated', { is: true, then: Joi.string().required() }),
+    clientID: Joi.string().required(),
+    clientSecret: Joi.string().required(),
     activated: Joi.boolean().required(),
   }).unknown(true)
 }
@@ -45,12 +45,12 @@ function oidcValidation() {
   return Joi.object({
     configs: Joi.array().items(
       Joi.object({
-        clientID: Joi.when('activated', { is: true, then: Joi.string().required() }),
-        clientSecret: Joi.when('activated', { is: true, then: Joi.string().required() }),
-        configUrl: Joi.when('activated', { is: true, then: Joi.string().required() }),
+        clientID: Joi.string().required(),
+        clientSecret: Joi.string().required(),
+        configUrl: Joi.string().required(),
         logo: Joi.string().allow("", null),
         name: Joi.string().allow("", null),
-        uuid: Joi.when('activated', { is: true, then: Joi.string().required() }),
+        uuid: Joi.string().required(),
         activated: Joi.boolean().required(),
         scopes: Joi.array().optional()
       })
@@ -104,13 +104,7 @@ router
     controller.save
   )
   .delete("/api/global/configs/:id/:rev", auth.adminOnly, controller.destroy)
-  .get("/api/global/configs", controller.fetch)
   .get("/api/global/configs/checklist", controller.configChecklist)
-  .get(
-    "/api/global/configs/all/:type",
-    buildConfigGetValidation(),
-    controller.fetch
-  )
   .get("/api/global/configs/public", controller.publicSettings)
   .get("/api/global/configs/public/oidc", controller.publicOidc)
   .get("/api/global/configs/:type", buildConfigGetValidation(), controller.find)
diff --git a/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
new file mode 100644
index 0000000000..19e3cd64b4
--- /dev/null
+++ b/packages/worker/src/api/routes/global/tests/auditLogs.spec.ts
@@ -0,0 +1,111 @@
+import { mocks, structures } from "@budibase/backend-core/tests"
+import { context, events } from "@budibase/backend-core"
+import { Event, IdentityType } from "@budibase/types"
+import { TestConfiguration } from "../../../../tests"
+
+mocks.licenses.useAuditLogs()
+
+const BASE_IDENTITY = {
+  account: undefined,
+  type: IdentityType.USER,
+}
+const USER_AUDIT_LOG_COUNT = 3
+const APP_ID = "app_1"
+
+describe("/api/global/auditlogs", () => {
+  const config = new TestConfiguration()
+
+  beforeAll(async () => {
+    await config.beforeAll()
+  })
+
+  afterAll(async () => {
+    await config.afterAll()
+  })
+
+  describe("POST /api/global/auditlogs/search", () => {
+    it("should be able to fire some events (create audit logs)", async () => {
+      await context.doInTenant(config.tenantId, async () => {
+        const userId = config.user!._id!
+        const identity = {
+          ...BASE_IDENTITY,
+          _id: userId,
+          tenantId: config.tenantId,
+        }
+        await context.doInIdentityContext(identity, async () => {
+          for (let i = 0; i < USER_AUDIT_LOG_COUNT; i++) {
+            await events.user.created(structures.users.user())
+          }
+          await context.doInAppContext(APP_ID, async () => {
+            await events.app.created(structures.apps.app(APP_ID))
+          })
+          // fetch the user created events
+          const response = await config.api.auditLogs.search({
+            events: [Event.USER_CREATED],
+          })
+          expect(response.data).toBeDefined()
+          // there will be an initial event which comes from the default user creation
+          expect(response.data.length).toBe(USER_AUDIT_LOG_COUNT + 1)
+        })
+      })
+    })
+
+    it("should be able to search by event", async () => {
+      const response = await config.api.auditLogs.search({
+        events: [Event.USER_CREATED],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.event).toBe(Event.USER_CREATED)
+      }
+    })
+
+    it("should be able to search by time range (frozen)", async () => {
+      // this is frozen, only need to add 1 and minus 1
+      const now = new Date()
+      const start = new Date()
+      start.setSeconds(now.getSeconds() - 1)
+      const end = new Date()
+      end.setSeconds(now.getSeconds() + 1)
+      const response = await config.api.auditLogs.search({
+        startDate: start.toISOString(),
+        endDate: end.toISOString(),
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.timestamp).toBe(now.toISOString())
+      }
+    })
+
+    it("should be able to search by user ID", async () => {
+      const userId = config.user!._id!
+      const response = await config.api.auditLogs.search({
+        userIds: [userId],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.user._id).toBe(userId)
+      }
+    })
+
+    it("should be able to search by app ID", async () => {
+      const response = await config.api.auditLogs.search({
+        appIds: [APP_ID],
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.app?._id).toBe(APP_ID)
+      }
+    })
+
+    it("should be able to search by full string", async () => {
+      const response = await config.api.auditLogs.search({
+        fullSearch: "User",
+      })
+      expect(response.data.length).toBeGreaterThan(0)
+      for (let log of response.data) {
+        expect(log.name.includes("User")).toBe(true)
+      }
+    })
+  })
+})
diff --git a/packages/worker/src/api/routes/global/tests/auth.spec.ts b/packages/worker/src/api/routes/global/tests/auth.spec.ts
index ee753d49dc..6c133df652 100644
--- a/packages/worker/src/api/routes/global/tests/auth.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/auth.spec.ts
@@ -1,13 +1,27 @@
-jest.mock("nodemailer")
-import { TestConfiguration, mocks } from "../../../../tests"
-const sendMailMock = mocks.email.mock()
-import { events, tenancy } from "@budibase/backend-core"
-import { structures } from "@budibase/backend-core/tests"
+import { CloudAccount, SSOUser, User } from "@budibase/types"
 
-const expectSetAuthCookie = (res: any) => {
-  expect(
-    res.get("Set-Cookie").find((c: string) => c.startsWith("budibase:auth"))
-  ).toBeDefined()
+jest.mock("nodemailer")
+import {
+  TestConfiguration,
+  mocks,
+  structures,
+  generator,
+} from "../../../../tests"
+const sendMailMock = mocks.email.mock()
+import { events, constants } from "@budibase/backend-core"
+import { Response } from "superagent"
+
+import * as userSdk from "../../../../sdk/users"
+
+function getAuthCookie(response: Response) {
+  return response.headers["set-cookie"]
+    .find((s: string) => s.startsWith(`${constants.Cookie.Auth}=`))
+    .split("=")[1]
+    .split(";")[0]
+}
+
+const expectSetAuthCookie = (response: Response) => {
+  expect(getAuthCookie(response).length > 1).toBe(true)
 }
 
 describe("/api/global/auth", () => {
@@ -25,60 +39,237 @@ describe("/api/global/auth", () => {
     jest.clearAllMocks()
   })
 
+  async function createSSOUser() {
+    return config.doInTenant(async () => {
+      return userSdk.save(structures.users.ssoUser(), {
+        requirePassword: false,
+      })
+    })
+  }
+
   describe("password", () => {
     describe("POST /api/global/auth/:tenantId/login", () => {
-      it("should login", () => {})
+      it("logs in with correct credentials", async () => {
+        const tenantId = config.tenantId!
+        const email = config.user?.email!
+        const password = config.userPassword
+
+        const response = await config.api.auth.login(tenantId, email, password)
+
+        expectSetAuthCookie(response)
+        expect(events.auth.login).toBeCalledTimes(1)
+      })
+
+      it("should return 403 with incorrect credentials", async () => {
+        const tenantId = config.tenantId!
+        const email = config.user?.email!
+        const password = "incorrect"
+
+        const response = await config.api.auth.login(
+          tenantId,
+          email,
+          password,
+          { status: 403 }
+        )
+        expect(response.body).toEqual({
+          message: "Invalid credentials",
+          status: 403,
+        })
+      })
+
+      it("should return 403 when user doesn't exist", async () => {
+        const tenantId = config.tenantId!
+        const email = "invaliduser@test.com"
+        const password = "password"
+
+        const response = await config.api.auth.login(
+          tenantId,
+          email,
+          password,
+          { status: 403 }
+        )
+        expect(response.body).toEqual({
+          message: "Invalid credentials",
+          status: 403,
+        })
+      })
+
+      describe("sso user", () => {
+        let user: User
+
+        async function testSSOUser() {
+          const tenantId = user.tenantId!
+          const email = user.email
+          const password = "test"
+
+          const response = await config.api.auth.login(
+            tenantId,
+            email,
+            password,
+            { status: 403 }
+          )
+
+          expect(response.body).toEqual({
+            message: "Invalid credentials",
+            status: 403,
+          })
+        }
+
+        describe("budibase sso user", () => {
+          it("should prevent user from logging in", async () => {
+            user = await createSSOUser()
+            await testSSOUser()
+          })
+        })
+
+        describe("root account sso user", () => {
+          it("should prevent user from logging in", async () => {
+            user = await config.createUser()
+            const account = structures.accounts.ssoAccount() as CloudAccount
+            mocks.accounts.getAccount.mockReturnValueOnce(
+              Promise.resolve(account)
+            )
+
+            await testSSOUser()
+          })
+        })
+      })
     })
 
     describe("POST /api/global/auth/logout", () => {
       it("should logout", async () => {
-        await config.api.auth.logout()
+        const response = await config.api.auth.logout()
         expect(events.auth.logout).toBeCalledTimes(1)
 
-        // TODO: Verify sessions deleted
+        const authCookie = getAuthCookie(response)
+        expect(authCookie).toBe("")
       })
     })
 
     describe("POST /api/global/auth/:tenantId/reset", () => {
       it("should generate password reset email", async () => {
-        await tenancy.doInTenant(config.tenant1User!.tenantId, async () => {
-          const userEmail = structures.email()
-          const { res, code } = await config.api.auth.requestPasswordReset(
+        const user = await config.createUser()
+
+        const { res, code } = await config.api.auth.requestPasswordReset(
+          sendMailMock,
+          user.email
+        )
+
+        expect(res.body).toEqual({
+          message: "Please check your email for a reset link.",
+        })
+        expect(sendMailMock).toHaveBeenCalled()
+        expect(code).toBeDefined()
+        expect(events.user.passwordResetRequested).toBeCalledTimes(1)
+        expect(events.user.passwordResetRequested).toBeCalledWith(user)
+      })
+
+      describe("sso user", () => {
+        let user: User
+
+        async function testSSOUser() {
+          const { res } = await config.api.auth.requestPasswordReset(
             sendMailMock,
-            userEmail
+            user.email
           )
-          const user = await config.getUser(userEmail)
+          expect(sendMailMock).not.toHaveBeenCalled()
+        }
 
-          expect(res.body).toEqual({
-            message: "Please check your email for a reset link.",
+        describe("budibase sso user", () => {
+          it("should prevent user from generating password reset email", async () => {
+            user = await createSSOUser()
+            await testSSOUser()
           })
-          expect(sendMailMock).toHaveBeenCalled()
+        })
 
-          expect(code).toBeDefined()
-          expect(events.user.passwordResetRequested).toBeCalledTimes(1)
-          expect(events.user.passwordResetRequested).toBeCalledWith(user)
+        describe("root account sso user", () => {
+          it("should prevent user from generating password reset email", async () => {
+            user = await config.createUser(structures.users.user())
+            const account = structures.accounts.ssoAccount() as CloudAccount
+            mocks.accounts.getAccount.mockReturnValueOnce(
+              Promise.resolve(account)
+            )
+
+            await testSSOUser()
+          })
         })
       })
     })
 
     describe("POST /api/global/auth/:tenantId/reset/update", () => {
       it("should reset password", async () => {
-        await tenancy.doInTenant(config.tenant1User!.tenantId, async () => {
-          const userEmail = structures.email()
-          const { code } = await config.api.auth.requestPasswordReset(
-            sendMailMock,
-            userEmail
+        let user = await config.createUser()
+        const { code } = await config.api.auth.requestPasswordReset(
+          sendMailMock,
+          user.email
+        )
+        delete user.password
+
+        const newPassword = "newpassword"
+        const res = await config.api.auth.updatePassword(code!, newPassword)
+
+        user = await config.getUser(user.email)
+        delete user.password
+
+        expect(res.body).toEqual({ message: "password reset successfully." })
+        expect(events.user.passwordReset).toBeCalledTimes(1)
+        expect(events.user.passwordReset).toBeCalledWith(user)
+
+        // login using new password
+        await config.api.auth.login(user.tenantId, user.email, newPassword)
+      })
+
+      describe("sso user", () => {
+        let user: User | SSOUser
+
+        async function testSSOUser(code: string) {
+          const res = await config.api.auth.updatePassword(
+            code!,
+            generator.string(),
+            { status: 400 }
           )
-          const user = await config.getUser(userEmail)
-          delete user.password
 
-          const res = await config.api.auth.updatePassword(code)
+          expect(res.body).toEqual({
+            message: "Cannot reset password.",
+            status: 400,
+          })
+        }
 
-          expect(res.body).toEqual({ message: "password reset successfully." })
-          expect(events.user.passwordReset).toBeCalledTimes(1)
-          expect(events.user.passwordReset).toBeCalledWith(user)
+        describe("budibase sso user", () => {
+          it("should prevent user from generating password reset email", async () => {
+            user = await config.createUser()
+            const { code } = await config.api.auth.requestPasswordReset(
+              sendMailMock,
+              user.email
+            )
+
+            // convert to sso now that password reset has been requested
+            const ssoUser = user as SSOUser
+            ssoUser.providerType = structures.sso.providerType()
+            delete ssoUser.password
+            await config.doInTenant(() => userSdk.save(ssoUser))
+
+            await testSSOUser(code!)
+          })
+        })
+
+        describe("root account sso user", () => {
+          it("should prevent user from generating password reset email", async () => {
+            user = await config.createUser()
+            const { code } = await config.api.auth.requestPasswordReset(
+              sendMailMock,
+              user.email
+            )
+
+            // convert to account owner now that password has been requested
+            const account = structures.accounts.ssoAccount() as CloudAccount
+            mocks.accounts.getAccount.mockReturnValueOnce(
+              Promise.resolve(account)
+            )
+
+            await testSSOUser(code!)
+          })
         })
-        // TODO: Login using new password
       })
     })
   })
@@ -153,7 +344,7 @@ describe("/api/global/auth", () => {
         const location: string = res.get("location")
         expect(
           location.startsWith(
-            "http://localhost/auth?response_type=code&client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A10000%2Fapi%2Fglobal%2Fauth%2Fdefault%2Foidc%2Fcallback&scope=openid%20profile%20email%20offline_access"
+            `http://localhost/auth?response_type=code&client_id=clientId&redirect_uri=http%3A%2F%2Flocalhost%3A10000%2Fapi%2Fglobal%2Fauth%2F${config.tenantId}%2Foidc%2Fcallback&scope=openid%20profile%20email%20offline_access`
           )
         ).toBe(true)
       })
@@ -166,7 +357,7 @@ describe("/api/global/auth", () => {
 
         const res = await config.api.configs.OIDCCallback(configId, preAuthRes)
 
-        expect(events.auth.login).toBeCalledWith("oidc")
+        expect(events.auth.login).toBeCalledWith("oidc", "oauth@example.com")
         expect(events.auth.login).toBeCalledTimes(1)
         expect(res.status).toBe(302)
         const location: string = res.get("location")
diff --git a/packages/worker/src/api/routes/global/tests/configs.spec.ts b/packages/worker/src/api/routes/global/tests/configs.spec.ts
index ee27c4d451..892fe8a67b 100644
--- a/packages/worker/src/api/routes/global/tests/configs.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/configs.spec.ts
@@ -2,7 +2,8 @@
 jest.mock("nodemailer")
 import { TestConfiguration, structures, mocks } from "../../../../tests"
 mocks.email.mock()
-import { Config, context, events } from "@budibase/backend-core"
+import { events } from "@budibase/backend-core"
+import { GetPublicSettingsResponse, Config, ConfigType } from "@budibase/types"
 
 describe("configs", () => {
   const config = new TestConfiguration()
@@ -19,22 +20,29 @@ describe("configs", () => {
     await config.afterAll()
   })
 
-  describe("post /api/global/configs", () => {
-    const saveConfig = async (conf: any, _id?: string, _rev?: string) => {
-      const data = {
-        ...conf,
-        _id,
-        _rev,
-      }
-
-      const res = await config.api.configs.saveConfig(data)
-
-      return {
-        ...data,
-        ...res.body,
-      }
+  const saveConfig = async (conf: Config, _id?: string, _rev?: string) => {
+    const data = {
+      ...conf,
+      _id,
+      _rev,
     }
+    const res = await config.api.configs.saveConfig(data)
+    return {
+      ...data,
+      ...res.body,
+    }
+  }
 
+  const saveSettingsConfig = async (
+    conf?: any,
+    _id?: string,
+    _rev?: string
+  ) => {
+    const settingsConfig = structures.configs.settings(conf)
+    return saveConfig(settingsConfig, _id, _rev)
+  }
+
+  describe("POST /api/global/configs", () => {
     describe("google", () => {
       const saveGoogleConfig = async (
         conf?: any,
@@ -49,20 +57,20 @@ describe("configs", () => {
         it("should create activated google config", async () => {
           await saveGoogleConfig()
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
 
         it("should create deactivated google config", async () => {
           await saveGoogleConfig({ activated: false })
           expect(events.auth.SSOCreated).toBeCalledTimes(1)
-          expect(events.auth.SSOCreated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).not.toBeCalled()
-          await config.deleteConfig(Config.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
       })
 
@@ -76,11 +84,11 @@ describe("configs", () => {
             googleConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSOActivated).not.toBeCalled()
           expect(events.auth.SSODeactivated).toBeCalledTimes(1)
-          expect(events.auth.SSODeactivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSODeactivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
 
         it("should update google config to activated", async () => {
@@ -92,11 +100,11 @@ describe("configs", () => {
             googleConf._rev
           )
           expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-          expect(events.auth.SSOUpdated).toBeCalledWith(Config.GOOGLE)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.GOOGLE)
           expect(events.auth.SSODeactivated).not.toBeCalled()
           expect(events.auth.SSOActivated).toBeCalledTimes(1)
-          expect(events.auth.SSOActivated).toBeCalledWith(Config.GOOGLE)
-          await config.deleteConfig(Config.GOOGLE)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.GOOGLE)
+          await config.deleteConfig(ConfigType.GOOGLE)
         })
       })
     })
@@ -113,64 +121,56 @@ describe("configs", () => {
 
       describe("create", () => {
         it("should create activated OIDC config", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            await saveOIDCConfig()
-            expect(events.auth.SSOCreated).toBeCalledTimes(1)
-            expect(events.auth.SSOCreated).toBeCalledWith(Config.OIDC)
-            expect(events.auth.SSODeactivated).not.toBeCalled()
-            expect(events.auth.SSOActivated).toBeCalledTimes(1)
-            expect(events.auth.SSOActivated).toBeCalledWith(Config.OIDC)
-            await config.deleteConfig(Config.OIDC)
-          })
+          await saveOIDCConfig()
+          expect(events.auth.SSOCreated).toBeCalledTimes(1)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.OIDC)
+          expect(events.auth.SSODeactivated).not.toBeCalled()
+          expect(events.auth.SSOActivated).toBeCalledTimes(1)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
 
         it("should create deactivated OIDC config", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            await saveOIDCConfig({ activated: false })
-            expect(events.auth.SSOCreated).toBeCalledTimes(1)
-            expect(events.auth.SSOCreated).toBeCalledWith(Config.OIDC)
-            expect(events.auth.SSOActivated).not.toBeCalled()
-            expect(events.auth.SSODeactivated).not.toBeCalled()
-            await config.deleteConfig(Config.OIDC)
-          })
+          await saveOIDCConfig({ activated: false })
+          expect(events.auth.SSOCreated).toBeCalledTimes(1)
+          expect(events.auth.SSOCreated).toBeCalledWith(ConfigType.OIDC)
+          expect(events.auth.SSOActivated).not.toBeCalled()
+          expect(events.auth.SSODeactivated).not.toBeCalled()
+          await config.deleteConfig(ConfigType.OIDC)
         })
       })
 
       describe("update", () => {
         it("should update OIDC config to deactivated", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            const oidcConf = await saveOIDCConfig()
-            jest.clearAllMocks()
-            await saveOIDCConfig(
-              { ...oidcConf.config.configs[0], activated: false },
-              oidcConf._id,
-              oidcConf._rev
-            )
-            expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-            expect(events.auth.SSOUpdated).toBeCalledWith(Config.OIDC)
-            expect(events.auth.SSOActivated).not.toBeCalled()
-            expect(events.auth.SSODeactivated).toBeCalledTimes(1)
-            expect(events.auth.SSODeactivated).toBeCalledWith(Config.OIDC)
-            await config.deleteConfig(Config.OIDC)
-          })
+          const oidcConf = await saveOIDCConfig()
+          jest.clearAllMocks()
+          await saveOIDCConfig(
+            { ...oidcConf.config.configs[0], activated: false },
+            oidcConf._id,
+            oidcConf._rev
+          )
+          expect(events.auth.SSOUpdated).toBeCalledTimes(1)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.OIDC)
+          expect(events.auth.SSOActivated).not.toBeCalled()
+          expect(events.auth.SSODeactivated).toBeCalledTimes(1)
+          expect(events.auth.SSODeactivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
 
         it("should update OIDC config to activated", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            const oidcConf = await saveOIDCConfig({ activated: false })
-            jest.clearAllMocks()
-            await saveOIDCConfig(
-              { ...oidcConf.config.configs[0], activated: true },
-              oidcConf._id,
-              oidcConf._rev
-            )
-            expect(events.auth.SSOUpdated).toBeCalledTimes(1)
-            expect(events.auth.SSOUpdated).toBeCalledWith(Config.OIDC)
-            expect(events.auth.SSODeactivated).not.toBeCalled()
-            expect(events.auth.SSOActivated).toBeCalledTimes(1)
-            expect(events.auth.SSOActivated).toBeCalledWith(Config.OIDC)
-            await config.deleteConfig(Config.OIDC)
-          })
+          const oidcConf = await saveOIDCConfig({ activated: false })
+          jest.clearAllMocks()
+          await saveOIDCConfig(
+            { ...oidcConf.config.configs[0], activated: true },
+            oidcConf._id,
+            oidcConf._rev
+          )
+          expect(events.auth.SSOUpdated).toBeCalledTimes(1)
+          expect(events.auth.SSOUpdated).toBeCalledWith(ConfigType.OIDC)
+          expect(events.auth.SSODeactivated).not.toBeCalled()
+          expect(events.auth.SSOActivated).toBeCalledTimes(1)
+          expect(events.auth.SSOActivated).toBeCalledWith(ConfigType.OIDC)
+          await config.deleteConfig(ConfigType.OIDC)
         })
       })
     })
@@ -187,101 +187,82 @@ describe("configs", () => {
 
       describe("create", () => {
         it("should create SMTP config", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            await config.deleteConfig(Config.SMTP)
-            await saveSMTPConfig()
-            expect(events.email.SMTPUpdated).not.toBeCalled()
-            expect(events.email.SMTPCreated).toBeCalledTimes(1)
-            await config.deleteConfig(Config.SMTP)
-          })
+          await config.deleteConfig(ConfigType.SMTP)
+          await saveSMTPConfig()
+          expect(events.email.SMTPUpdated).not.toBeCalled()
+          expect(events.email.SMTPCreated).toBeCalledTimes(1)
+          await config.deleteConfig(ConfigType.SMTP)
         })
       })
 
       describe("update", () => {
         it("should update SMTP config", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            const smtpConf = await saveSMTPConfig()
-            jest.clearAllMocks()
-            await saveSMTPConfig(smtpConf.config, smtpConf._id, smtpConf._rev)
-            expect(events.email.SMTPCreated).not.toBeCalled()
-            expect(events.email.SMTPUpdated).toBeCalledTimes(1)
-            await config.deleteConfig(Config.SMTP)
-          })
+          const smtpConf = await saveSMTPConfig()
+          jest.clearAllMocks()
+          await saveSMTPConfig(smtpConf.config, smtpConf._id, smtpConf._rev)
+          expect(events.email.SMTPCreated).not.toBeCalled()
+          expect(events.email.SMTPUpdated).toBeCalledTimes(1)
+          await config.deleteConfig(ConfigType.SMTP)
         })
       })
     })
 
     describe("settings", () => {
-      const saveSettingsConfig = async (
-        conf?: any,
-        _id?: string,
-        _rev?: string
-      ) => {
-        const settingsConfig = structures.configs.settings(conf)
-        return saveConfig(settingsConfig, _id, _rev)
-      }
-
       describe("create", () => {
         it("should create settings config with default settings", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            await config.deleteConfig(Config.SETTINGS)
+          await config.deleteConfig(ConfigType.SETTINGS)
 
-            await saveSettingsConfig()
+          await saveSettingsConfig()
 
-            expect(events.org.nameUpdated).not.toBeCalled()
-            expect(events.org.logoUpdated).not.toBeCalled()
-            expect(events.org.platformURLUpdated).not.toBeCalled()
-          })
+          expect(events.org.nameUpdated).not.toBeCalled()
+          expect(events.org.logoUpdated).not.toBeCalled()
+          expect(events.org.platformURLUpdated).not.toBeCalled()
         })
 
         it("should create settings config with non-default settings", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            config.modeSelf()
-            await config.deleteConfig(Config.SETTINGS)
-            const conf = {
-              company: "acme",
-              logoUrl: "http://example.com",
-              platformUrl: "http://example.com",
-            }
+          config.selfHosted()
+          await config.deleteConfig(ConfigType.SETTINGS)
+          const conf = {
+            company: "acme",
+            logoUrl: "http://example.com",
+            platformUrl: "http://example.com",
+          }
 
-            await saveSettingsConfig(conf)
+          await saveSettingsConfig(conf)
 
-            expect(events.org.nameUpdated).toBeCalledTimes(1)
-            expect(events.org.logoUpdated).toBeCalledTimes(1)
-            expect(events.org.platformURLUpdated).toBeCalledTimes(1)
-            config.modeCloud()
-          })
+          expect(events.org.nameUpdated).toBeCalledTimes(1)
+          expect(events.org.logoUpdated).toBeCalledTimes(1)
+          expect(events.org.platformURLUpdated).toBeCalledTimes(1)
+          config.cloudHosted()
         })
       })
 
       describe("update", () => {
         it("should update settings config", async () => {
-          await context.doInTenant(config.tenant1User!.tenantId, async () => {
-            config.modeSelf()
-            await config.deleteConfig(Config.SETTINGS)
-            const settingsConfig = await saveSettingsConfig()
-            settingsConfig.config.company = "acme"
-            settingsConfig.config.logoUrl = "http://example.com"
-            settingsConfig.config.platformUrl = "http://example.com"
+          config.selfHosted()
+          await config.deleteConfig(ConfigType.SETTINGS)
+          const settingsConfig = await saveSettingsConfig()
+          settingsConfig.config.company = "acme"
+          settingsConfig.config.logoUrl = "http://example.com"
+          settingsConfig.config.platformUrl = "http://example.com"
 
-            await saveSettingsConfig(
-              settingsConfig.config,
-              settingsConfig._id,
-              settingsConfig._rev
-            )
+          await saveSettingsConfig(
+            settingsConfig.config,
+            settingsConfig._id,
+            settingsConfig._rev
+          )
 
-            expect(events.org.nameUpdated).toBeCalledTimes(1)
-            expect(events.org.logoUpdated).toBeCalledTimes(1)
-            expect(events.org.platformURLUpdated).toBeCalledTimes(1)
-            config.modeCloud()
-          })
+          expect(events.org.nameUpdated).toBeCalledTimes(1)
+          expect(events.org.logoUpdated).toBeCalledTimes(1)
+          expect(events.org.platformURLUpdated).toBeCalledTimes(1)
+          config.cloudHosted()
         })
       })
     })
   })
 
-  it("should return the correct checklist status based on the state of the budibase installation", async () => {
-    await context.doInTenant(config.tenant1User!.tenantId, async () => {
+  describe("GET /api/global/configs/checklist", () => {
+    it("should return the correct checklist", async () => {
       await config.saveSmtpConfig()
 
       const res = await config.api.configs.getConfigChecklist()
@@ -292,4 +273,31 @@ describe("configs", () => {
       expect(checklist.adminUser.checked).toBeTruthy()
     })
   })
+
+  describe("GET /api/global/configs/public", () => {
+    it("should return the expected public settings", async () => {
+      await saveSettingsConfig()
+
+      const res = await config.api.configs.getPublicSettings()
+      const body = res.body as GetPublicSettingsResponse
+
+      const expected = {
+        _id: "config_settings",
+        type: "settings",
+        config: {
+          company: "Budibase",
+          logoUrl: "",
+          analyticsEnabled: false,
+          google: true,
+          googleCallbackUrl: `http://localhost:10000/api/global/auth/${config.tenantId}/google/callback`,
+          isSSOEnforced: false,
+          oidc: false,
+          oidcCallbackUrl: `http://localhost:10000/api/global/auth/${config.tenantId}/oidc/callback`,
+          platformUrl: "http://localhost:10000",
+        },
+      }
+      delete body._rev
+      expect(body).toEqual(expected)
+    })
+  })
 })
diff --git a/packages/worker/src/api/routes/global/tests/realEmail.spec.ts b/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
index 1c180be75d..8ad7363c85 100644
--- a/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/realEmail.spec.ts
@@ -1,3 +1,4 @@
+jest.unmock("node-fetch")
 import { TestConfiguration } from "../../../../tests"
 import { EmailTemplatePurpose } from "../../../../constants"
 const nodemailer = require("nodemailer")
diff --git a/packages/worker/src/api/routes/global/tests/roles.spec.ts b/packages/worker/src/api/routes/global/tests/roles.spec.ts
index 622a643f25..477ccaf94c 100644
--- a/packages/worker/src/api/routes/global/tests/roles.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/roles.spec.ts
@@ -32,6 +32,7 @@ async function addAppMetadata() {
 
 describe("/api/global/roles", () => {
   const config = new TestConfiguration()
+
   const role = new roles.Role(
     db.generateRoleID("newRole"),
     roles.BUILTIN_ROLE_IDS.BASIC,
@@ -43,13 +44,13 @@ describe("/api/global/roles", () => {
   })
 
   beforeEach(async () => {
-    appId = db.generateAppID()
+    appId = db.generateAppID(config.tenantId)
     appDb = db.getDB(appId)
     const mockAppDB = context.getAppDB as Mock
     mockAppDB.mockReturnValue(appDb)
 
     await addAppMetadata()
-    appDb.put(role)
+    await appDb.put(role)
   })
 
   afterAll(async () => {
diff --git a/packages/worker/src/api/routes/global/tests/self.spec.ts b/packages/worker/src/api/routes/global/tests/self.spec.ts
index d253a7f24e..74d24c7c31 100644
--- a/packages/worker/src/api/routes/global/tests/self.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/self.spec.ts
@@ -30,7 +30,7 @@ describe("/api/global/self", () => {
       user.dayPassRecordedAt = mocks.date.MOCK_DATE.toISOString()
       expect(res.body._id).toBe(user._id)
       expect(events.user.updated).toBeCalledTimes(1)
-      expect(events.user.updated).toBeCalledWith(user)
+      expect(events.user.updated).toBeCalledWith(dbUser)
       expect(events.user.passwordUpdated).not.toBeCalled()
     })
 
@@ -44,12 +44,11 @@ describe("/api/global/self", () => {
       const dbUser = await config.getUser(user.email)
       user._rev = dbUser._rev
       user.dayPassRecordedAt = mocks.date.MOCK_DATE.toISOString()
-      delete user.password
       expect(res.body._id).toBe(user._id)
       expect(events.user.updated).toBeCalledTimes(1)
-      expect(events.user.updated).toBeCalledWith(user)
+      expect(events.user.updated).toBeCalledWith(dbUser)
       expect(events.user.passwordUpdated).toBeCalledTimes(1)
-      expect(events.user.passwordUpdated).toBeCalledWith(user)
+      expect(events.user.passwordUpdated).toBeCalledWith(dbUser)
     })
   })
 })
diff --git a/packages/worker/src/api/routes/global/tests/users.spec.ts b/packages/worker/src/api/routes/global/tests/users.spec.ts
index a8b07ec815..085c976649 100644
--- a/packages/worker/src/api/routes/global/tests/users.spec.ts
+++ b/packages/worker/src/api/routes/global/tests/users.spec.ts
@@ -3,7 +3,9 @@ import { InviteUsersResponse, User } from "@budibase/types"
 jest.mock("nodemailer")
 import { TestConfiguration, mocks, structures } from "../../../../tests"
 const sendMailMock = mocks.email.mock()
-import { context, events, tenancy } from "@budibase/backend-core"
+import { events, tenancy, accounts as _accounts } from "@budibase/backend-core"
+
+const accounts = jest.mocked(_accounts)
 
 describe("/api/global/users", () => {
   const config = new TestConfiguration()
@@ -20,26 +22,28 @@ describe("/api/global/users", () => {
     jest.clearAllMocks()
   })
 
-  describe("invite", () => {
+  describe("POST /api/global/users/invite", () => {
     it("should be able to generate an invitation", async () => {
-      await context.doInTenant(config.tenant1User!.tenantId, async () => {
-        const email = structures.users.newEmail()
-        const { code, res } = await config.api.users.sendUserInvite(
-          sendMailMock,
-          email
-        )
+      const email = structures.users.newEmail()
+      const { code, res } = await config.api.users.sendUserInvite(
+        sendMailMock,
+        email
+      )
 
-        expect(res.body).toEqual({ message: "Invitation has been sent." })
-        expect(sendMailMock).toHaveBeenCalled()
-        expect(code).toBeDefined()
-        expect(events.user.invited).toBeCalledTimes(1)
-      })
+      expect(res.body?.message).toBe("Invitation has been sent.")
+      expect(res.body?.unsuccessful.length).toBe(0)
+      expect(res.body?.successful.length).toBe(1)
+      expect(res.body?.successful[0].email).toBe(email)
+
+      expect(sendMailMock).toHaveBeenCalled()
+      expect(code).toBeDefined()
+      expect(events.user.invited).toBeCalledTimes(1)
     })
 
     it("should not be able to generate an invitation for existing user", async () => {
       const { code, res } = await config.api.users.sendUserInvite(
         sendMailMock,
-        config.defaultUser!.email,
+        config.user!.email,
         400
       )
 
@@ -50,26 +54,24 @@ describe("/api/global/users", () => {
     })
 
     it("should be able to create new user from invite", async () => {
-      await context.doInTenant(config.tenant1User!.tenantId, async () => {
-        const email = structures.users.newEmail()
-        const { code } = await config.api.users.sendUserInvite(
-          sendMailMock,
-          email
-        )
+      const email = structures.users.newEmail()
+      const { code } = await config.api.users.sendUserInvite(
+        sendMailMock,
+        email
+      )
 
-        const res = await config.api.users.acceptInvite(code)
+      const res = await config.api.users.acceptInvite(code)
 
-        expect(res.body._id).toBeDefined()
-        const user = await config.getUser(email)
-        expect(user).toBeDefined()
-        expect(user._id).toEqual(res.body._id)
-        expect(events.user.inviteAccepted).toBeCalledTimes(1)
-        expect(events.user.inviteAccepted).toBeCalledWith(user)
-      })
+      expect(res.body._id).toBeDefined()
+      const user = await config.getUser(email)
+      expect(user).toBeDefined()
+      expect(user._id).toEqual(res.body._id)
+      expect(events.user.inviteAccepted).toBeCalledTimes(1)
+      expect(events.user.inviteAccepted).toBeCalledWith(user)
     })
   })
 
-  describe("inviteMultiple", () => {
+  describe("POST /api/global/users/multi/invite", () => {
     it("should be able to generate an invitation", async () => {
       const newUserInvite = () => ({
         email: structures.users.newEmail(),
@@ -87,7 +89,7 @@ describe("/api/global/users", () => {
     })
 
     it("should not be able to generate an invitation for existing user", async () => {
-      const request = [{ email: config.defaultUser!.email, userInfo: {} }]
+      const request = [{ email: config.user!.email, userInfo: {} }]
 
       const res = await config.api.users.sendMultiUserInvite(request)
 
@@ -100,7 +102,7 @@ describe("/api/global/users", () => {
     })
   })
 
-  describe("bulk (create)", () => {
+  describe("POST /api/global/users/bulk", () => {
     it("should ignore users existing in the same tenant", async () => {
       const user = await config.createUser()
       jest.clearAllMocks()
@@ -163,7 +165,7 @@ describe("/api/global/users", () => {
     })
   })
 
-  describe("create", () => {
+  describe("POST /api/global/users", () => {
     it("should be able to create a basic user", async () => {
       const user = structures.users.user()
 
@@ -242,7 +244,7 @@ describe("/api/global/users", () => {
     it("should not be able to create user with the same email as an account", async () => {
       const user = structures.users.user()
       const account = structures.accounts.cloudAccount()
-      mocks.accounts.getAccount.mockReturnValueOnce(account)
+      accounts.getAccount.mockReturnValueOnce(Promise.resolve(account))
 
       const response = await config.api.users.saveUser(user, 400)
 
@@ -283,7 +285,7 @@ describe("/api/global/users", () => {
     })
   })
 
-  describe("update", () => {
+  describe("POST /api/global/users (update)", () => {
     it("should be able to update a basic user", async () => {
       const user = await config.createUser()
       jest.clearAllMocks()
@@ -298,7 +300,7 @@ describe("/api/global/users", () => {
     })
 
     it("should not allow a user to update their own admin/builder status", async () => {
-      const user = (await config.api.users.getUser(config.defaultUser?._id!))
+      const user = (await config.api.users.getUser(config.user?._id!))
         .body as User
       await config.api.users.saveUser({
         ...user,
@@ -468,9 +470,9 @@ describe("/api/global/users", () => {
     })
   })
 
-  describe("bulk (delete)", () => {
+  describe("POST /api/global/users/bulk (delete)", () => {
     it("should not be able to bulk delete current user", async () => {
-      const user = await config.defaultUser!
+      const user = await config.user!
 
       const response = await config.api.users.bulkDeleteUsers([user._id!], 400)
 
@@ -482,7 +484,7 @@ describe("/api/global/users", () => {
       const user = await config.createUser()
       const account = structures.accounts.cloudAccount()
       account.budibaseUserId = user._id!
-      mocks.accounts.getAccountByTenantId.mockReturnValue(account)
+      accounts.getAccountByTenantId.mockReturnValue(Promise.resolve(account))
 
       const response = await config.api.users.bulkDeleteUsers([user._id!])
 
@@ -497,7 +499,7 @@ describe("/api/global/users", () => {
 
     it("should be able to bulk delete users", async () => {
       const account = structures.accounts.cloudAccount()
-      mocks.accounts.getAccountByTenantId.mockReturnValue(account)
+      accounts.getAccountByTenantId.mockReturnValue(Promise.resolve(account))
 
       const builder = structures.users.builderUser()
       const admin = structures.users.adminUser()
@@ -521,7 +523,7 @@ describe("/api/global/users", () => {
     })
   })
 
-  describe("destroy", () => {
+  describe("DELETE /api/global/users/:userId", () => {
     it("should be able to destroy a basic user", async () => {
       const user = await config.createUser()
       jest.clearAllMocks()
@@ -558,7 +560,7 @@ describe("/api/global/users", () => {
     it("should not be able to destroy account owner", async () => {
       const user = await config.createUser()
       const account = structures.accounts.cloudAccount()
-      mocks.accounts.getAccount.mockReturnValueOnce(account)
+      accounts.getAccount.mockReturnValueOnce(Promise.resolve(account))
 
       const response = await config.api.users.deleteUser(user._id!, 400)
 
@@ -566,10 +568,10 @@ describe("/api/global/users", () => {
     })
 
     it("should not be able to destroy account owner as account owner", async () => {
-      const user = await config.defaultUser!
+      const user = await config.user!
       const account = structures.accounts.cloudAccount()
       account.email = user.email
-      mocks.accounts.getAccount.mockReturnValueOnce(account)
+      accounts.getAccount.mockReturnValueOnce(Promise.resolve(account))
 
       const response = await config.api.users.deleteUser(user._id!, 400)
 
diff --git a/packages/worker/src/api/routes/global/users.ts b/packages/worker/src/api/routes/global/users.ts
index a73462b235..a6312679c3 100644
--- a/packages/worker/src/api/routes/global/users.ts
+++ b/packages/worker/src/api/routes/global/users.ts
@@ -38,13 +38,6 @@ function buildInviteMultipleValidation() {
   ))
 }
 
-function buildInviteLookupValidation() {
-  // prettier-ignore
-  return auth.joiValidator.params(Joi.object({
-    code: Joi.string().required()
-  }).unknown(true))
-}
-
 const createUserAdminOnly = (ctx: any, next: any) => {
   if (!ctx.request.body._id) {
     return auth.adminOnly(ctx, next)
@@ -57,8 +50,8 @@ function buildInviteAcceptValidation() {
   // prettier-ignore
   return auth.joiValidator.body(Joi.object({
     inviteCode: Joi.string().required(),
-    password: Joi.string().required(),
-    firstName: Joi.string().required(),
+    password: Joi.string().optional(),
+    firstName: Joi.string().optional(),
     lastName: Joi.string().optional(),
   }).required().unknown(true))
 }
@@ -88,22 +81,34 @@ router
   .get("/api/global/roles/:appId")
   .post(
     "/api/global/users/invite",
-    auth.adminOnly,
+    auth.builderOrAdmin,
     buildInviteValidation(),
     controller.invite
   )
+  .post(
+    "/api/global/users/onboard",
+    auth.builderOrAdmin,
+    buildInviteMultipleValidation(),
+    controller.onboardUsers
+  )
   .post(
     "/api/global/users/multi/invite",
-    auth.adminOnly,
+    auth.builderOrAdmin,
     buildInviteMultipleValidation(),
     controller.inviteMultiple
   )
 
   // non-global endpoints
+  .get("/api/global/users/invite/:code", controller.checkInvite)
+  .post(
+    "/api/global/users/invite/update/:code",
+    auth.builderOrAdmin,
+    controller.updateInvite
+  )
   .get(
-    "/api/global/users/invite/:code",
-    buildInviteLookupValidation(),
-    controller.checkInvite
+    "/api/global/users/invites",
+    auth.builderOrAdmin,
+    controller.getUserInvites
   )
   .post(
     "/api/global/users/invite/accept",
diff --git a/packages/worker/src/api/routes/index.ts b/packages/worker/src/api/routes/index.ts
index 3aa9422238..c64ad44423 100644
--- a/packages/worker/src/api/routes/index.ts
+++ b/packages/worker/src/api/routes/index.ts
@@ -18,6 +18,8 @@ import accountRoutes from "./system/accounts"
 import restoreRoutes from "./system/restore"
 
 let userGroupRoutes = api.groups
+let auditLogRoutes = api.auditLogs
+
 export const routes: Router[] = [
   configRoutes,
   userRoutes,
@@ -32,6 +34,7 @@ export const routes: Router[] = [
   selfRoutes,
   licenseRoutes,
   userGroupRoutes,
+  auditLogRoutes,
   migrationRoutes,
   accountRoutes,
   restoreRoutes,
diff --git a/packages/worker/src/api/routes/system/tenants.ts b/packages/worker/src/api/routes/system/tenants.ts
index 111cfc5819..234459cfdc 100644
--- a/packages/worker/src/api/routes/system/tenants.ts
+++ b/packages/worker/src/api/routes/system/tenants.ts
@@ -7,7 +7,7 @@ const router: Router = new Router()
 router.delete(
   "/api/system/tenants/:tenantId",
   middleware.adminOnly,
-  controller.delete
+  controller.destroy
 )
 
 export default router
diff --git a/packages/worker/src/api/routes/system/tests/accounts.spec.ts b/packages/worker/src/api/routes/system/tests/accounts.spec.ts
index fd54dd2b0a..7df2950212 100644
--- a/packages/worker/src/api/routes/system/tests/accounts.spec.ts
+++ b/packages/worker/src/api/routes/system/tests/accounts.spec.ts
@@ -1,4 +1,4 @@
-import sdk from "../../../../sdk"
+import * as accounts from "../../../../sdk/accounts"
 import { TestConfiguration, structures } from "../../../../tests"
 import { v4 as uuid } from "uuid"
 
@@ -24,8 +24,8 @@ describe("accounts", () => {
 
         const response = await config.api.accounts.saveMetadata(account)
 
-        const id = sdk.accounts.formatAccountMetadataId(account.accountId)
-        const metadata = await sdk.accounts.getMetadata(id)
+        const id = accounts.metadata.formatAccountMetadataId(account.accountId)
+        const metadata = await accounts.metadata.getMetadata(id)
         expect(response).toStrictEqual(metadata)
       })
     })
@@ -37,7 +37,7 @@ describe("accounts", () => {
 
         await config.api.accounts.destroyMetadata(account.accountId)
 
-        const deleted = await sdk.accounts.getMetadata(account.accountId)
+        const deleted = await accounts.metadata.getMetadata(account.accountId)
         expect(deleted).toBe(undefined)
       })
 
diff --git a/packages/worker/src/api/routes/system/tests/migrations.spec.ts b/packages/worker/src/api/routes/system/tests/migrations.spec.ts
index 304a64761e..950f5c2153 100644
--- a/packages/worker/src/api/routes/system/tests/migrations.spec.ts
+++ b/packages/worker/src/api/routes/system/tests/migrations.spec.ts
@@ -30,7 +30,7 @@ describe("/api/system/migrations", () => {
         headers: {},
         status: 403,
       })
-      expect(res.text).toBe("Unauthorized - no public worker access")
+      expect(res.body).toEqual({ message: "Unauthorized", status: 403 })
       expect(migrateFn).toBeCalledTimes(0)
     })
 
@@ -47,7 +47,7 @@ describe("/api/system/migrations", () => {
         headers: {},
         status: 403,
       })
-      expect(res.text).toBe("Unauthorized - no public worker access")
+      expect(res.body).toEqual({ message: "Unauthorized", status: 403 })
     })
 
     it("returns definitions", async () => {
diff --git a/packages/worker/src/api/routes/system/tests/restore.spec.ts b/packages/worker/src/api/routes/system/tests/restore.spec.ts
index 4dd973270f..2130fd8dde 100644
--- a/packages/worker/src/api/routes/system/tests/restore.spec.ts
+++ b/packages/worker/src/api/routes/system/tests/restore.spec.ts
@@ -25,12 +25,12 @@ describe("/api/system/restore", () => {
     })
 
     it("restores in self host", async () => {
-      config.modeSelf()
+      config.selfHosted()
       const res = await config.api.restore.restored()
       expect(res.body).toEqual({
         message: "System prepared after restore.",
       })
-      config.modeCloud()
+      config.cloudHosted()
     })
   })
 })
diff --git a/packages/worker/src/api/routes/system/tests/status.spec.ts b/packages/worker/src/api/routes/system/tests/status.spec.ts
index afd3f8ac46..fe0ff13551 100644
--- a/packages/worker/src/api/routes/system/tests/status.spec.ts
+++ b/packages/worker/src/api/routes/system/tests/status.spec.ts
@@ -1,6 +1,6 @@
 import { TestConfiguration } from "../../../../tests"
-import { accounts } from "@budibase/backend-core"
-import { mocks } from "@budibase/backend-core/tests"
+import { accounts as _accounts } from "@budibase/backend-core"
+const accounts = jest.mocked(_accounts)
 
 describe("/api/system/status", () => {
   const config = new TestConfiguration()
@@ -19,7 +19,7 @@ describe("/api/system/status", () => {
 
   describe("GET /api/system/status", () => {
     it("returns status in self host", async () => {
-      config.modeSelf()
+      config.selfHosted()
       const res = await config.api.status.getStatus()
       expect(res.body).toEqual({
         health: {
@@ -27,7 +27,7 @@ describe("/api/system/status", () => {
         },
       })
       expect(accounts.getStatus).toBeCalledTimes(0)
-      config.modeCloud()
+      config.cloudHosted()
     })
 
     it("returns status in cloud", async () => {
@@ -37,7 +37,7 @@ describe("/api/system/status", () => {
         },
       }
 
-      mocks.accounts.getStatus.mockReturnValueOnce(value)
+      accounts.getStatus.mockReturnValueOnce(Promise.resolve(value))
 
       const res = await config.api.status.getStatus()
 
diff --git a/packages/worker/src/db/index.ts b/packages/worker/src/db/index.ts
index d74d00d910..157c2f4fb3 100644
--- a/packages/worker/src/db/index.ts
+++ b/packages/worker/src/db/index.ts
@@ -1,10 +1,16 @@
 import * as core from "@budibase/backend-core"
 import env from "../environment"
 
-export const init = () => {
-  const dbConfig: any = {}
+export function init() {
+  const dbConfig: any = {
+    replication: true,
+    find: true,
+  }
+
   if (env.isTest() && !env.COUCH_DB_URL) {
     dbConfig.inMemory = true
+    dbConfig.allDbs = true
   }
+
   core.init({ db: dbConfig })
 }
diff --git a/packages/worker/src/environment.ts b/packages/worker/src/environment.ts
index 52fec210bc..cd5360f7f7 100644
--- a/packages/worker/src/environment.ts
+++ b/packages/worker/src/environment.ts
@@ -65,6 +65,10 @@ const environment = {
   CHECKLIST_CACHE_TTL: parseIntSafe(process.env.CHECKLIST_CACHE_TTL) || 3600,
   SESSION_UPDATE_PERIOD: process.env.SESSION_UPDATE_PERIOD,
   ENCRYPTED_TEST_PUBLIC_API_KEY: process.env.ENCRYPTED_TEST_PUBLIC_API_KEY,
+  /**
+   * Mock the email service in use - links to ethereal hosted emails are logged instead.
+   */
+  ENABLE_EMAIL_TEST_MODE: process.env.ENABLE_EMAIL_TEST_MODE,
   _set(key: any, value: any) {
     process.env[key] = value
     // @ts-ignore
diff --git a/packages/worker/src/index.ts b/packages/worker/src/index.ts
index 1eff6c06fb..04413e8429 100644
--- a/packages/worker/src/index.ts
+++ b/packages/worker/src/index.ts
@@ -13,7 +13,15 @@ import { Event } from "@sentry/types/dist/event"
 import Application from "koa"
 import { bootstrap } from "global-agent"
 import * as db from "./db"
-import { auth, logging, events, middleware } from "@budibase/backend-core"
+import { sdk as proSdk } from "@budibase/pro"
+import {
+  auth,
+  logging,
+  events,
+  middleware,
+  queue,
+  env as coreEnv,
+} from "@budibase/backend-core"
 db.init()
 import Koa from "koa"
 import koaBody from "koa-body"
@@ -23,8 +31,20 @@ import * as redis from "./utilities/redis"
 const Sentry = require("@sentry/node")
 const koaSession = require("koa-session")
 const logger = require("koa-pino-logger")
+const { userAgent } = require("koa-useragent")
+
 import destroyable from "server-destroy"
 
+// configure events to use the pro audit log write
+// can't integrate directly into backend-core due to cyclic issues
+events.processors.init(proSdk.auditLogs.write)
+
+if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE) {
+  console.warn(
+    "Warning: ENABLE_SSO_MAINTENANCE_MODE is set. It is recommended this flag is disabled if maintenance is not in progress"
+  )
+}
+
 // this will setup http and https proxies form env variables
 bootstrap()
 
@@ -37,6 +57,7 @@ app.use(koaBody({ multipart: true }))
 app.use(koaSession(app))
 app.use(middleware.logging)
 app.use(logger(logging.pinoSettings()))
+app.use(userAgent)
 
 // authentication
 app.use(auth.passport.initialize())
@@ -72,6 +93,7 @@ server.on("close", async () => {
   console.log("Server Closed")
   await redis.shutdown()
   await events.shutdown()
+  await queue.shutdown()
   if (!env.isTest()) {
     process.exit(errCode)
   }
diff --git a/packages/worker/src/middleware/tests/tenancy.spec.ts b/packages/worker/src/middleware/tests/tenancy.spec.ts
index a8b7a50e55..8853291634 100644
--- a/packages/worker/src/middleware/tests/tenancy.spec.ts
+++ b/packages/worker/src/middleware/tests/tenancy.spec.ts
@@ -24,7 +24,7 @@ describe("tenancy middleware", () => {
   })
 
   it("should get tenant id from header", async () => {
-    const tenantId = structures.uuid()
+    const tenantId = structures.tenant.id()
     const headers = {
       [constants.Header.TENANT_ID]: tenantId,
     }
@@ -35,7 +35,7 @@ describe("tenancy middleware", () => {
   })
 
   it("should get tenant id from query param", async () => {
-    const tenantId = structures.uuid()
+    const tenantId = structures.tenant.id()
     const res = await config.request.get(
       `/api/global/configs/checklist?tenantId=${tenantId}`
     )
@@ -43,7 +43,7 @@ describe("tenancy middleware", () => {
   })
 
   it("should get tenant id from subdomain", async () => {
-    const tenantId = structures.uuid()
+    const tenantId = structures.tenant.id()
     const headers = {
       host: `${tenantId}.localhost:10000`,
     }
@@ -67,7 +67,7 @@ describe("tenancy middleware", () => {
   it("should throw when no tenant id is found", async () => {
     const res = await config.request.get(`/api/global/configs/checklist`)
     expect(res.status).toBe(403)
-    expect(res.text).toBe("Tenant id not set")
+    expect(res.body).toEqual({ message: "Tenant id not set", status: 403 })
     expect(res.headers[constants.Header.TENANT_ID]).toBe(undefined)
   })
 })
diff --git a/packages/worker/src/migrations/functions/globalInfoSyncUsers.ts b/packages/worker/src/migrations/functions/globalInfoSyncUsers.ts
index 941791fe93..1ffcc762c4 100644
--- a/packages/worker/src/migrations/functions/globalInfoSyncUsers.ts
+++ b/packages/worker/src/migrations/functions/globalInfoSyncUsers.ts
@@ -1,5 +1,6 @@
 import { User } from "@budibase/types"
-import sdk from "../../sdk"
+import * as usersSdk from "../../sdk/users"
+import { platform } from "@budibase/backend-core"
 
 /**
  * Date:
@@ -9,11 +10,11 @@ import sdk from "../../sdk"
  * Re-sync the global-db users to the global-info db users
  */
 export const run = async (globalDb: any) => {
-  const users = (await sdk.users.allUsers()) as User[]
+  const users = (await usersSdk.allUsers()) as User[]
   const promises = []
   for (let user of users) {
     promises.push(
-      sdk.users.addTenant(user.tenantId, user._id as string, user.email)
+      platform.users.addUser(user.tenantId, user._id as string, user.email)
     )
   }
   await Promise.all(promises)
diff --git a/packages/worker/src/sdk/accounts/index.ts b/packages/worker/src/sdk/accounts/index.ts
index f2ae03040e..72db8c3d85 100644
--- a/packages/worker/src/sdk/accounts/index.ts
+++ b/packages/worker/src/sdk/accounts/index.ts
@@ -1 +1,2 @@
-export * from "./accounts"
+export * as metadata from "./metadata"
+export { accounts as api } from "@budibase/backend-core"
diff --git a/packages/worker/src/sdk/accounts/accounts.ts b/packages/worker/src/sdk/accounts/metadata.ts
similarity index 99%
rename from packages/worker/src/sdk/accounts/accounts.ts
rename to packages/worker/src/sdk/accounts/metadata.ts
index e43285087b..64065e8b78 100644
--- a/packages/worker/src/sdk/accounts/accounts.ts
+++ b/packages/worker/src/sdk/accounts/metadata.ts
@@ -2,7 +2,6 @@ import { AccountMetadata } from "@budibase/types"
 import {
   db,
   StaticDatabases,
-  HTTPError,
   DocumentType,
   SEPARATOR,
 } from "@budibase/backend-core"
diff --git a/packages/worker/src/sdk/auth/auth.ts b/packages/worker/src/sdk/auth/auth.ts
new file mode 100644
index 0000000000..98830c576d
--- /dev/null
+++ b/packages/worker/src/sdk/auth/auth.ts
@@ -0,0 +1,86 @@
+import {
+  auth as authCore,
+  tenancy,
+  utils as coreUtils,
+  sessions,
+  events,
+  HTTPError,
+} from "@budibase/backend-core"
+import { PlatformLogoutOpts, User } from "@budibase/types"
+import jwt from "jsonwebtoken"
+import env from "../../environment"
+import * as userSdk from "../users"
+import * as emails from "../../utilities/email"
+import * as redis from "../../utilities/redis"
+import { EmailTemplatePurpose } from "../../constants"
+
+// LOGIN / LOGOUT
+
+export async function loginUser(user: User) {
+  const sessionId = coreUtils.newid()
+  const tenantId = tenancy.getTenantId()
+  await sessions.createASession(user._id!, { sessionId, tenantId })
+  const token = jwt.sign(
+    {
+      userId: user._id,
+      sessionId,
+      tenantId,
+    },
+    env.JWT_SECRET!
+  )
+  return token
+}
+
+export async function logout(opts: PlatformLogoutOpts) {
+  // TODO: This should be moved out of core and into worker only
+  // account-portal can call worker endpoint
+  return authCore.platformLogout(opts)
+}
+
+// PASSWORD MANAGEMENT
+
+/**
+ * Reset the user password, used as part of a forgotten password flow.
+ */
+export const reset = async (email: string) => {
+  const configured = await emails.isEmailConfigured()
+  if (!configured) {
+    throw new HTTPError(
+      "Please contact your platform administrator, SMTP is not configured.",
+      400
+    )
+  }
+
+  const user = await userSdk.core.getGlobalUserByEmail(email)
+  // exit if user doesn't exist
+  if (!user) {
+    return
+  }
+
+  // exit if user has sso
+  if (await userSdk.isPreventPasswordActions(user)) {
+    return
+  }
+
+  // send password reset
+  await emails.sendEmail(email, EmailTemplatePurpose.PASSWORD_RECOVERY, {
+    user,
+    subject: "{{ company }} platform password reset",
+  })
+  await events.user.passwordResetRequested(user)
+}
+
+/**
+ * Perform the user password update if the provided reset code is valid.
+ */
+export const resetUpdate = async (resetCode: string, password: string) => {
+  const { userId } = await redis.checkResetPasswordCode(resetCode)
+
+  let user = await userSdk.getUser(userId)
+  user.password = password
+  user = await userSdk.save(user)
+
+  // remove password from the user before sending events
+  delete user.password
+  await events.user.passwordReset(user)
+}
diff --git a/packages/worker/src/sdk/auth/index.ts b/packages/worker/src/sdk/auth/index.ts
new file mode 100644
index 0000000000..306751af96
--- /dev/null
+++ b/packages/worker/src/sdk/auth/index.ts
@@ -0,0 +1 @@
+export * from "./auth"
diff --git a/packages/worker/src/sdk/tenants/index.ts b/packages/worker/src/sdk/tenants/index.ts
new file mode 100644
index 0000000000..19b7ea6615
--- /dev/null
+++ b/packages/worker/src/sdk/tenants/index.ts
@@ -0,0 +1 @@
+export * from "./tenants"
diff --git a/packages/worker/src/sdk/tenants/tenants.ts b/packages/worker/src/sdk/tenants/tenants.ts
new file mode 100644
index 0000000000..829b144c75
--- /dev/null
+++ b/packages/worker/src/sdk/tenants/tenants.ts
@@ -0,0 +1,76 @@
+import { App } from "@budibase/types"
+import { tenancy, db as dbCore, platform } from "@budibase/backend-core"
+import { quotas } from "@budibase/pro"
+
+export async function deleteTenant(tenantId: string) {
+  await quotas.bustCache()
+  await platform.tenants.removeTenant(tenantId)
+  await removeTenantUsers(tenantId)
+  await removeTenantApps(tenantId)
+  await removeGlobalDB(tenantId)
+}
+
+async function removeGlobalDB(tenantId: string) {
+  try {
+    const db = tenancy.getTenantDB(tenantId)
+    await db.destroy()
+  } catch (err) {
+    console.error(`Error removing tenant ${tenantId} users from info db`, err)
+    throw err
+  }
+}
+
+async function removeTenantApps(tenantId: string) {
+  try {
+    const apps = (await dbCore.getAllApps({ all: true })) as App[]
+    const destroyPromises = apps.map(app => {
+      const db = dbCore.getDB(app.appId)
+      return db.destroy()
+    })
+    await Promise.allSettled(destroyPromises)
+  } catch (err) {
+    console.error(`Error removing tenant ${tenantId} apps`, err)
+    throw err
+  }
+}
+
+function getTenantUsers(tenantId: string) {
+  const db = tenancy.getTenantDB(tenantId)
+
+  return db.allDocs(
+    dbCore.getGlobalUserParams(null, {
+      include_docs: true,
+    })
+  )
+}
+
+async function removeTenantUsers(tenantId: string) {
+  try {
+    const allUsers = await getTenantUsers(tenantId)
+    const allEmails = allUsers.rows.map((row: any) => row.doc.email)
+
+    // get the id and email doc ids
+    let keys = allUsers.rows.map((row: any) => row.id)
+    keys = keys.concat(allEmails)
+
+    const platformDb = platform.getPlatformDB()
+
+    // retrieve the docs
+    const userDocs = await platformDb.allDocs({
+      keys,
+      include_docs: true,
+    })
+
+    // delete the docs
+    const toDelete = userDocs.rows.map((row: any) => {
+      return {
+        ...row.doc,
+        _deleted: true,
+      }
+    })
+    await platformDb.bulkDocs(toDelete)
+  } catch (err) {
+    console.error(`Error removing tenant ${tenantId} users from info db`, err)
+    throw err
+  }
+}
diff --git a/packages/worker/src/sdk/users/events.ts b/packages/worker/src/sdk/users/events.ts
index 17c4748dff..7d86182a3c 100644
--- a/packages/worker/src/sdk/users/events.ts
+++ b/packages/worker/src/sdk/users/events.ts
@@ -84,6 +84,10 @@ export const handleSaveEvents = async (
     ) {
       await events.user.passwordForceReset(user)
     }
+
+    if (user.password !== existingUser.password) {
+      await events.user.passwordUpdated(user)
+    }
   } else {
     await events.user.created(user)
   }
diff --git a/packages/worker/src/sdk/users/index.ts b/packages/worker/src/sdk/users/index.ts
index 056d6e5675..2eaa0e68a2 100644
--- a/packages/worker/src/sdk/users/index.ts
+++ b/packages/worker/src/sdk/users/index.ts
@@ -1 +1,2 @@
 export * from "./users"
+export { users as core } from "@budibase/backend-core"
diff --git a/packages/worker/src/sdk/users/tests/users.spec.ts b/packages/worker/src/sdk/users/tests/users.spec.ts
new file mode 100644
index 0000000000..77f02eec7a
--- /dev/null
+++ b/packages/worker/src/sdk/users/tests/users.spec.ts
@@ -0,0 +1,76 @@
+import { structures } from "../../../tests"
+import { mocks } from "@budibase/backend-core/tests"
+import { env } from "@budibase/backend-core"
+import * as users from "../users"
+import { CloudAccount } from "@budibase/types"
+import { isPreventPasswordActions } from "../users"
+
+jest.mock("@budibase/pro")
+import * as _pro from "@budibase/pro"
+const pro = jest.mocked(_pro, true)
+
+describe("users", () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+  })
+
+  describe("isPreventPasswordActions", () => {
+    it("returns false for non sso user", async () => {
+      const user = structures.users.user()
+      const result = await users.isPreventPasswordActions(user)
+      expect(result).toBe(false)
+    })
+
+    it("returns true for sso account user", async () => {
+      const user = structures.users.user()
+      mocks.accounts.getAccount.mockReturnValue(
+        Promise.resolve(structures.accounts.ssoAccount() as CloudAccount)
+      )
+      const result = await users.isPreventPasswordActions(user)
+      expect(result).toBe(true)
+    })
+
+    it("returns true for sso user", async () => {
+      const user = structures.users.ssoUser()
+      const result = await users.isPreventPasswordActions(user)
+      expect(result).toBe(true)
+    })
+
+    describe("enforced sso", () => {
+      it("returns true for all users when sso is enforced", async () => {
+        const user = structures.users.user()
+        pro.features.isSSOEnforced.mockReturnValue(Promise.resolve(true))
+        const result = await users.isPreventPasswordActions(user)
+        expect(result).toBe(true)
+      })
+    })
+
+    describe("sso maintenance mode", () => {
+      beforeEach(() => {
+        env._set("ENABLE_SSO_MAINTENANCE_MODE", true)
+      })
+
+      afterEach(() => {
+        env._set("ENABLE_SSO_MAINTENANCE_MODE", false)
+      })
+
+      describe("non-admin user", () => {
+        it("returns true", async () => {
+          const user = structures.users.ssoUser()
+          const result = await users.isPreventPasswordActions(user)
+          expect(result).toBe(true)
+        })
+      })
+
+      describe("admin user", () => {
+        it("returns false", async () => {
+          const user = structures.users.ssoUser({
+            user: structures.users.adminUser(),
+          })
+          const result = await users.isPreventPasswordActions(user)
+          expect(result).toBe(false)
+        })
+      })
+    })
+  })
+})
diff --git a/packages/worker/src/sdk/users/users.ts b/packages/worker/src/sdk/users/users.ts
index 8410d0b2e0..126f91d3e1 100644
--- a/packages/worker/src/sdk/users/users.ts
+++ b/packages/worker/src/sdk/users/users.ts
@@ -6,36 +6,37 @@ import {
   cache,
   constants,
   db as dbUtils,
-  deprovisioning,
   events,
   HTTPError,
-  migrations,
   sessions,
   tenancy,
+  platform,
   users as usersCore,
   utils,
   ViewName,
+  env as coreEnv,
 } from "@budibase/backend-core"
 import {
   AccountMetadata,
   AllDocsResponse,
   BulkUserResponse,
   CloudAccount,
-  CreateUserResponse,
   InviteUsersRequest,
   InviteUsersResponse,
-  MigrationType,
+  isSSOAccount,
+  isSSOUser,
   PlatformUser,
   PlatformUserByEmail,
   RowResponse,
   SearchUsersRequest,
+  UpdateSelf,
   User,
-  ThirdPartyUser,
-  isUser,
+  SaveUserOpts,
 } from "@budibase/types"
 import { sendEmail } from "../../utilities/email"
 import { EmailTemplatePurpose } from "../../constants"
-import { groups as groupsSdk } from "@budibase/pro"
+import * as pro from "@budibase/pro"
+import * as accountSdk from "../accounts"
 
 const PAGE_LIMIT = 8
 
@@ -56,11 +57,22 @@ export const countUsersByApp = async (appId: string) => {
   }
 }
 
+export const getUsersByAppAccess = async (appId?: string) => {
+  const opts: any = {
+    include_docs: true,
+    limit: 50,
+  }
+  let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
+    appId,
+    opts
+  )
+  return response
+}
+
 export const paginatedUsers = async ({
   page,
   email,
   appId,
-  userIds,
 }: SearchUsersRequest = {}) => {
   const db = tenancy.getGlobalDB()
   // get one extra document, to have the next page
@@ -94,26 +106,23 @@ export const paginatedUsers = async ({
   })
 }
 
+export async function getUserByEmail(email: string) {
+  return usersCore.getGlobalUserByEmail(email)
+}
+
 /**
  * Gets a user by ID from the global database, based on the current tenancy.
  */
 export const getUser = async (userId: string) => {
-  const db = tenancy.getGlobalDB()
-  let user = await db.get(userId)
+  const user = await usersCore.getById(userId)
   if (user) {
     delete user.password
   }
   return user
 }
 
-export interface SaveUserOpts {
-  hashPassword?: boolean
-  requirePassword?: boolean
-  currentUserId?: string
-}
-
 const buildUser = async (
-  user: User | ThirdPartyUser,
+  user: User,
   opts: SaveUserOpts = {
     hashPassword: true,
     requirePassword: true,
@@ -121,24 +130,31 @@ const buildUser = async (
   tenantId: string,
   dbUser?: any
 ): Promise<User> => {
-  let fullUser = user as User
-  let { password, _id } = fullUser
+  let { password, _id } = user
 
   let hashedPassword
   if (password) {
+    if (await isPreventPasswordActions(user)) {
+      throw new HTTPError("Password change is disabled for this user", 400)
+    }
     hashedPassword = opts.hashPassword ? await utils.hash(password) : password
   } else if (dbUser) {
     hashedPassword = dbUser.password
-  } else if (opts.requirePassword) {
+  }
+
+  // passwords are never required if sso is enforced
+  const requirePasswords =
+    opts.requirePassword && !(await pro.features.isSSOEnforced())
+  if (!hashedPassword && requirePasswords) {
     throw "Password must be specified."
   }
 
   _id = _id || dbUtils.generateGlobalUserID()
 
-  fullUser = {
+  const fullUser = {
     createdAt: Date.now(),
     ...dbUser,
-    ...fullUser,
+    ...user,
     _id,
     password: hashedPassword,
     tenantId,
@@ -189,10 +205,41 @@ const validateUniqueUser = async (email: string, tenantId: string) => {
   }
 }
 
+export async function isPreventPasswordActions(user: User) {
+  // when in maintenance mode we allow sso users with the admin role
+  // to perform any password action - this prevents lockout
+  if (coreEnv.ENABLE_SSO_MAINTENANCE_MODE && user.admin?.global) {
+    return false
+  }
+
+  // SSO is enforced for all users
+  if (await pro.features.isSSOEnforced()) {
+    return true
+  }
+
+  // Check local sso
+  if (isSSOUser(user)) {
+    return true
+  }
+
+  // Check account sso
+  const account = await accountSdk.api.getAccount(user.email)
+  return !!(account && isSSOAccount(account))
+}
+
+export async function updateSelf(id: string, data: UpdateSelf) {
+  let user = await getUser(id)
+  user = {
+    ...user,
+    ...data,
+  }
+  return save(user)
+}
+
 export const save = async (
-  user: User | ThirdPartyUser,
+  user: User,
   opts: SaveUserOpts = {}
-): Promise<CreateUserResponse> => {
+): Promise<User> => {
   // default booleans to true
   if (opts.hashPassword == null) {
     opts.hashPassword = true
@@ -203,7 +250,7 @@ export const save = async (
   const tenantId = tenancy.getTenantId()
   const db = tenancy.getGlobalDB()
 
-  let { email, _id, userGroups = [] } = user
+  let { email, _id, userGroups = [], roles } = user
 
   if (!email && !_id) {
     throw new Error("_id or email is required")
@@ -245,6 +292,10 @@ export const save = async (
     builtUser.roles = dbUser.roles
   }
 
+  if (!dbUser && roles?.length) {
+    builtUser.roles = { ...roles }
+  }
+
   // make sure we set the _id field for a new user
   // Also if this is a new user, associate groups with them
   let groupPromises = []
@@ -253,7 +304,7 @@ export const save = async (
 
     if (userGroups.length > 0) {
       for (let groupId of userGroups) {
-        groupPromises.push(groupsSdk.addUsers(groupId, [_id]))
+        groupPromises.push(pro.groups.addUsers(groupId, [_id]))
       }
     }
   }
@@ -264,6 +315,7 @@ export const save = async (
     builtUser._rev = response.rev
 
     await eventHelpers.handleSaveEvents(builtUser, dbUser)
+    await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
     await cache.user.invalidateUser(response.id)
 
     // let server know to sync user
@@ -271,11 +323,8 @@ export const save = async (
 
     await Promise.all(groupPromises)
 
-    return {
-      _id: response.id,
-      _rev: response.rev,
-      email,
-    }
+    // finally returned the saved user from the db
+    return db.get(builtUser._id!)
   } catch (err: any) {
     if (err.status === 409) {
       throw "User exists already"
@@ -285,21 +334,6 @@ export const save = async (
   }
 }
 
-export const addTenant = async (
-  tenantId: string,
-  _id: string,
-  email: string
-) => {
-  if (env.MULTI_TENANCY) {
-    const afterCreateTenant = () =>
-      migrations.backPopulateMigrations({
-        type: MigrationType.GLOBAL,
-        tenantId,
-      })
-    await tenancy.tryAddTenant(tenantId, _id, email, afterCreateTenant)
-  }
-}
-
 const getExistingTenantUsers = async (emails: string[]): Promise<User[]> => {
   const lcEmails = emails.map(email => email.toLowerCase())
   const params = {
@@ -431,7 +465,7 @@ export const bulkCreate = async (
   for (const user of usersToBulkSave) {
     // TODO: Refactor to bulk insert users into the info db
     // instead of relying on looping tenant creation
-    await addTenant(tenantId, user._id, user.email)
+    await platform.users.addUser(tenantId, user._id, user.email)
     await eventHelpers.handleSaveEvents(user, undefined)
     await apps.syncUserInApps(user._id)
   }
@@ -448,7 +482,7 @@ export const bulkCreate = async (
     const groupPromises = []
     const createdUserIds = saved.map(user => user._id)
     for (let groupId of groups) {
-      groupPromises.push(groupsSdk.addUsers(groupId, createdUserIds))
+      groupPromises.push(pro.groups.addUsers(groupId, createdUserIds))
     }
     await Promise.all(groupPromises)
   }
@@ -549,7 +583,7 @@ export const bulkDelete = async (
 
 export const destroy = async (id: string, currentUser: any) => {
   const db = tenancy.getGlobalDB()
-  const dbUser = await db.get(id)
+  const dbUser = (await db.get(id)) as User
   const userId = dbUser._id as string
 
   if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
@@ -565,7 +599,7 @@ export const destroy = async (id: string, currentUser: any) => {
     }
   }
 
-  await deprovisioning.removeUserFromInfoDB(dbUser)
+  await platform.users.removeUser(dbUser)
 
   await db.remove(userId, dbUser._rev)
 
@@ -578,7 +612,7 @@ export const destroy = async (id: string, currentUser: any) => {
 
 const bulkDeleteProcessing = async (dbUser: User) => {
   const userId = dbUser._id as string
-  await deprovisioning.removeUserFromInfoDB(dbUser)
+  await platform.users.removeUser(dbUser)
   await eventHelpers.handleDeleteEvents(dbUser)
   await cache.user.invalidateUser(userId)
   await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
@@ -623,7 +657,7 @@ export const invite = async (
       }
       await sendEmail(user.email, EmailTemplatePurpose.INVITATION, opts)
       response.successful.push({ email: user.email })
-      await events.user.invited()
+      await events.user.invited(user.email)
     } catch (e) {
       console.error(`Failed to send email invitation email=${user.email}`, e)
       response.unsuccessful.push({
diff --git a/packages/worker/src/tests/TestConfiguration.ts b/packages/worker/src/tests/TestConfiguration.ts
index 0cc1e61e65..3004d0aed4 100644
--- a/packages/worker/src/tests/TestConfiguration.ts
+++ b/packages/worker/src/tests/TestConfiguration.ts
@@ -15,61 +15,29 @@ const supertest = require("supertest")
 import { Config } from "../constants"
 import {
   users,
-  tenancy,
+  context,
   sessions,
   auth,
   constants,
   env as coreEnv,
-  DEFAULT_TENANT_ID,
 } from "@budibase/backend-core"
-import structures, { TENANT_ID, CSRF_TOKEN } from "./structures"
-import { CreateUserResponse, User, AuthToken } from "@budibase/types"
+import structures, { CSRF_TOKEN } from "./structures"
+import { SaveUserResponse, User, AuthToken } from "@budibase/types"
 import API from "./api"
-import sdk from "../sdk"
-
-enum Mode {
-  CLOUD = "cloud",
-  SELF = "self",
-}
-
-async function retry<T extends (...arg0: any[]) => any>(
-  fn: T,
-  maxTry: number = 5,
-  retryCount = 1
-): Promise<Awaited<ReturnType<T>>> {
-  const currRetry = typeof retryCount === "number" ? retryCount : 1
-  try {
-    const result = await fn()
-    return result
-  } catch (e) {
-    console.log(`Retry ${currRetry} failed.`)
-    if (currRetry > maxTry) {
-      console.log(`All ${maxTry} retry attempts exhausted`)
-      throw e
-    }
-    return retry(fn, maxTry, currRetry + 1)
-  }
-}
 
 class TestConfiguration {
   server: any
   request: any
   api: API
-  defaultUser?: User
-  tenant1User?: User
-  #tenantId?: string
+  tenantId: string
+  user?: User
+  userPassword = "test"
 
-  constructor(
-    opts: { openServer: boolean; mode: Mode } = {
-      openServer: true,
-      mode: Mode.CLOUD,
-    }
-  ) {
-    if (opts.mode === Mode.CLOUD) {
-      this.modeCloud()
-    } else if (opts.mode === Mode.SELF) {
-      this.modeSelf()
-    }
+  constructor(opts: { openServer: boolean } = { openServer: true }) {
+    // default to cloud hosting
+    this.cloudHosted()
+
+    this.tenantId = structures.tenant.id()
 
     if (opts.openServer) {
       env.PORT = "0" // random port
@@ -85,26 +53,19 @@ class TestConfiguration {
     return this.request
   }
 
-  // MODES
-
-  setMultiTenancy = (value: boolean) => {
-    env._set("MULTI_TENANCY", value)
-    coreEnv._set("MULTI_TENANCY", value)
-  }
+  // HOSTING
 
   setSelfHosted = (value: boolean) => {
     env._set("SELF_HOSTED", value)
     coreEnv._set("SELF_HOSTED", value)
   }
 
-  modeCloud = () => {
+  cloudHosted = () => {
     this.setSelfHosted(false)
-    this.setMultiTenancy(true)
   }
 
-  modeSelf = () => {
+  selfHosted = () => {
     this.setSelfHosted(true)
-    this.setMultiTenancy(false)
   }
 
   // UTILS
@@ -125,7 +86,7 @@ class TestConfiguration {
     if (params) {
       request.params = params
     }
-    await tenancy.doInTenant(this.getTenantId(), () => {
+    await context.doInTenant(this.getTenantId(), () => {
       return controlFunc(request)
     })
     return request.body
@@ -135,18 +96,10 @@ class TestConfiguration {
 
   async beforeAll() {
     try {
-      this.#tenantId = structures.tenant.id()
-
-      // Running tests in parallel causes issues creating the globaldb twice. This ensures the db is properly created before starting
-      await retry(async () => await this.createDefaultUser())
-      await this.createSession(this.defaultUser!)
-
-      await tenancy.doInTenant(this.#tenantId, async () => {
-        await this.createTenant1User()
-        await this.createSession(this.tenant1User!)
-      })
+      await this.createDefaultUser()
+      await this.createSession(this.user!)
     } catch (e: any) {
-      console.log(e)
+      console.error(e)
       throw new Error(e.message)
     }
   }
@@ -159,12 +112,16 @@ class TestConfiguration {
 
   // TENANCY
 
+  doInTenant(task: any) {
+    return context.doInTenant(this.tenantId, () => {
+      return task()
+    })
+  }
+
   createTenant = async (): Promise<User> => {
     // create user / new tenant
     const res = await this.api.users.createAdminUser()
 
-    await sdk.users.addTenant(res.tenantId, res.userId, res.email)
-
     // return the created user
     const userRes = await this.api.users.getUser(res.userId, {
       headers: {
@@ -182,9 +139,9 @@ class TestConfiguration {
 
   getTenantId() {
     try {
-      return tenancy.getTenantId()
-    } catch (e: any) {
-      return DEFAULT_TENANT_ID
+      return context.getTenantId()
+    } catch (e) {
+      return this.tenantId!
     }
   }
 
@@ -232,14 +189,11 @@ class TestConfiguration {
   }
 
   defaultHeaders() {
-    const tenantId = this.getTenantId()
-    if (tenantId === TENANT_ID) {
-      return this.authHeaders(this.defaultUser!)
-    } else if (tenantId === this.getTenantId()) {
-      return this.authHeaders(this.tenant1User!)
-    } else {
-      throw new Error("could not determine auth headers to use")
-    }
+    return this.authHeaders(this.user!)
+  }
+
+  tenantIdHeaders() {
+    return { [constants.Header.TENANT_ID]: this.tenantId }
   }
 
   internalAPIHeaders() {
@@ -254,20 +208,15 @@ class TestConfiguration {
 
   async createDefaultUser() {
     const user = structures.users.adminUser({
-      password: "test",
+      password: this.userPassword,
     })
-    this.defaultUser = await this.createUser(user)
-  }
-
-  async createTenant1User() {
-    const user = structures.users.adminUser({
-      password: "test",
+    await context.doInTenant(this.tenantId!, async () => {
+      this.user = await this.createUser(user)
     })
-    this.tenant1User = await this.createUser(user)
   }
 
   async getUser(email: string): Promise<User> {
-    return tenancy.doInTenant(this.getTenantId(), () => {
+    return context.doInTenant(this.getTenantId(), () => {
       return users.getGlobalUserByEmail(email)
     })
   }
@@ -277,7 +226,7 @@ class TestConfiguration {
       user = structures.users.user()
     }
     const response = await this._req(user, null, controllers.users.save)
-    const body = response as CreateUserResponse
+    const body = response as SaveUserResponse
     return this.getUser(body.email)
   }
 
diff --git a/packages/worker/src/tests/api/auditLogs.ts b/packages/worker/src/tests/api/auditLogs.ts
new file mode 100644
index 0000000000..d7bc4d99fb
--- /dev/null
+++ b/packages/worker/src/tests/api/auditLogs.ts
@@ -0,0 +1,26 @@
+import { AuditLogSearchParams, SearchAuditLogsResponse } from "@budibase/types"
+import TestConfiguration from "../TestConfiguration"
+import { TestAPI } from "./base"
+
+export class AuditLogAPI extends TestAPI {
+  constructor(config: TestConfiguration) {
+    super(config)
+  }
+
+  search = async (search: AuditLogSearchParams) => {
+    const res = await this.request
+      .post("/api/global/auditlogs/search")
+      .send(search)
+      .set(this.config.defaultHeaders())
+      .expect("Content-Type", /json/)
+      .expect(200)
+    return res.body as SearchAuditLogsResponse
+  }
+
+  download = (search: AuditLogSearchParams) => {
+    const query = encodeURIComponent(JSON.stringify(search))
+    return this.request
+      .get(`/api/global/auditlogs/download?query=${query}`)
+      .set(this.config.defaultHeaders())
+  }
+}
diff --git a/packages/worker/src/tests/api/auth.ts b/packages/worker/src/tests/api/auth.ts
index ccbf747273..552d4da505 100644
--- a/packages/worker/src/tests/api/auth.ts
+++ b/packages/worker/src/tests/api/auth.ts
@@ -1,21 +1,39 @@
-import structures from "../structures"
 import TestConfiguration from "../TestConfiguration"
-import { TestAPI } from "./base"
+import { TestAPI, TestAPIOpts } from "./base"
 
 export class AuthAPI extends TestAPI {
   constructor(config: TestConfiguration) {
     super(config)
   }
 
-  updatePassword = (code: string) => {
+  updatePassword = (
+    resetCode: string,
+    password: string,
+    opts?: TestAPIOpts
+  ) => {
     return this.request
       .post(`/api/global/auth/${this.config.getTenantId()}/reset/update`)
       .send({
-        password: "newpassword",
-        resetCode: code,
+        password,
+        resetCode,
       })
       .expect("Content-Type", /json/)
-      .expect(200)
+      .expect(opts?.status ? opts.status : 200)
+  }
+
+  login = (
+    tenantId: string,
+    email: string,
+    password: string,
+    opts?: TestAPIOpts
+  ) => {
+    return this.request
+      .post(`/api/global/auth/${tenantId}/login`)
+      .send({
+        username: email,
+        password: password,
+      })
+      .expect(opts?.status ? opts.status : 200)
   }
 
   logout = () => {
@@ -25,25 +43,33 @@ export class AuthAPI extends TestAPI {
       .expect(200)
   }
 
-  requestPasswordReset = async (sendMailMock: any, userEmail: string) => {
+  requestPasswordReset = async (
+    sendMailMock: any,
+    email: string,
+    opts?: TestAPIOpts
+  ) => {
     await this.config.saveSmtpConfig()
     await this.config.saveSettingsConfig()
-    await this.config.createUser({
-      ...structures.users.user(),
-      email: userEmail,
-    })
+
     const res = await this.request
       .post(`/api/global/auth/${this.config.getTenantId()}/reset`)
       .send({
-        email: userEmail,
+        email: email,
       })
       .expect("Content-Type", /json/)
-      .expect(200)
-    const emailCall = sendMailMock.mock.calls[0][0]
-    const parts = emailCall.html.split(
-      `http://localhost:10000/builder/auth/reset?code=`
-    )
-    const code = parts[1].split('"')[0].split("&")[0]
+      .expect(opts?.status ? opts.status : 200)
+
+    let code: string | undefined
+    if (res.status === 200) {
+      if (sendMailMock.mock.calls.length) {
+        const emailCall = sendMailMock.mock.calls[0][0]
+        const parts = emailCall.html.split(
+          `http://localhost:10000/builder/auth/reset?code=`
+        )
+        code = parts[1].split('"')[0].split("&")[0]
+      }
+    }
+
     return { code, res }
   }
 }
diff --git a/packages/worker/src/tests/api/base.ts b/packages/worker/src/tests/api/base.ts
index c1263ed5cb..460d61e70a 100644
--- a/packages/worker/src/tests/api/base.ts
+++ b/packages/worker/src/tests/api/base.ts
@@ -1,4 +1,5 @@
 import TestConfiguration from "../TestConfiguration"
+import { SuperTest, Test } from "supertest"
 
 export interface TestAPIOpts {
   headers?: any
@@ -7,7 +8,7 @@ export interface TestAPIOpts {
 
 export abstract class TestAPI {
   config: TestConfiguration
-  request: any
+  request: SuperTest<Test>
 
   protected constructor(config: TestConfiguration) {
     this.config = config
diff --git a/packages/worker/src/tests/api/configs.ts b/packages/worker/src/tests/api/configs.ts
index 76a6f31415..74cef2bf8b 100644
--- a/packages/worker/src/tests/api/configs.ts
+++ b/packages/worker/src/tests/api/configs.ts
@@ -14,6 +14,14 @@ export class ConfigAPI extends TestAPI {
       .expect("Content-Type", /json/)
   }
 
+  getPublicSettings = () => {
+    return this.request
+      .get(`/api/global/configs/public`)
+      .set(this.config.defaultHeaders())
+      .expect(200)
+      .expect("Content-Type", /json/)
+  }
+
   saveConfig = (data: any) => {
     return this.request
       .post(`/api/global/configs`)
diff --git a/packages/worker/src/tests/api/email.ts b/packages/worker/src/tests/api/email.ts
index ba7c7dbec0..fd3c622cfa 100644
--- a/packages/worker/src/tests/api/email.ts
+++ b/packages/worker/src/tests/api/email.ts
@@ -13,6 +13,7 @@ export class EmailAPI extends TestAPI {
         email: "test@test.com",
         purpose,
         tenantId: this.config.getTenantId(),
+        userId: this.config.user?._id!,
       })
       .set(this.config.defaultHeaders())
       .expect("Content-Type", /json/)
diff --git a/packages/worker/src/tests/api/index.ts b/packages/worker/src/tests/api/index.ts
index 0bd0308e2f..166996e792 100644
--- a/packages/worker/src/tests/api/index.ts
+++ b/packages/worker/src/tests/api/index.ts
@@ -14,6 +14,7 @@ import { GroupsAPI } from "./groups"
 import { RolesAPI } from "./roles"
 import { TemplatesAPI } from "./templates"
 import { LicenseAPI } from "./license"
+import { AuditLogAPI } from "./auditLogs"
 export default class API {
   accounts: AccountAPI
   auth: AuthAPI
@@ -30,6 +31,7 @@ export default class API {
   roles: RolesAPI
   templates: TemplatesAPI
   license: LicenseAPI
+  auditLogs: AuditLogAPI
 
   constructor(config: TestConfiguration) {
     this.accounts = new AccountAPI(config)
@@ -47,5 +49,6 @@ export default class API {
     this.roles = new RolesAPI(config)
     this.templates = new TemplatesAPI(config)
     this.license = new LicenseAPI(config)
+    this.auditLogs = new AuditLogAPI(config)
   }
 }
diff --git a/packages/worker/src/tests/api/restore.ts b/packages/worker/src/tests/api/restore.ts
index 6069c20185..c6a646317d 100644
--- a/packages/worker/src/tests/api/restore.ts
+++ b/packages/worker/src/tests/api/restore.ts
@@ -9,6 +9,7 @@ export class RestoreAPI extends TestAPI {
   restored = (opts?: TestAPIOpts) => {
     return this.request
       .post(`/api/system/restored`)
+      .set(this.config.tenantIdHeaders())
       .expect(opts?.status ? opts.status : 200)
   }
 }
diff --git a/packages/worker/src/tests/jestEnv.ts b/packages/worker/src/tests/jestEnv.ts
index 0b27cf52aa..061897451e 100644
--- a/packages/worker/src/tests/jestEnv.ts
+++ b/packages/worker/src/tests/jestEnv.ts
@@ -1,7 +1,8 @@
 process.env.SELF_HOSTED = "0"
 process.env.NODE_ENV = "jest"
 process.env.JWT_SECRET = "test-jwtsecret"
-process.env.LOG_LEVEL = "silent"
+process.env.LOG_LEVEL = process.env.LOG_LEVEL || "error"
+process.env.ENABLE_4XX_HTTP_LOGGING = "0"
 process.env.MULTI_TENANCY = "1"
 process.env.MINIO_URL = "http://localhost"
 process.env.MINIO_ACCESS_KEY = "test"
diff --git a/packages/worker/src/tests/jestSetup.ts b/packages/worker/src/tests/jestSetup.ts
index 2deef96176..31d36f00ae 100644
--- a/packages/worker/src/tests/jestSetup.ts
+++ b/packages/worker/src/tests/jestSetup.ts
@@ -1,5 +1,6 @@
-import { mocks, testContainerUtils } from "@budibase/backend-core/tests"
+import "./logging"
 
+import { mocks, testContainerUtils } from "@budibase/backend-core/tests"
 import env from "../environment"
 import { env as coreEnv } from "@budibase/backend-core"
 
@@ -11,10 +12,6 @@ mocks.fetch.enable()
 const tk = require("timekeeper")
 tk.freeze(mocks.date.MOCK_DATE)
 
-if (!process.env.DEBUG) {
-  global.console.log = jest.fn() // console.log are ignored in tests
-}
-
 if (!process.env.CI) {
   // set a longer timeout in dev for debugging
   // 100 seconds
diff --git a/packages/worker/src/tests/logging.ts b/packages/worker/src/tests/logging.ts
new file mode 100644
index 0000000000..271f4d62ff
--- /dev/null
+++ b/packages/worker/src/tests/logging.ts
@@ -0,0 +1,34 @@
+export enum LogLevel {
+  TRACE = "trace",
+  DEBUG = "debug",
+  INFO = "info",
+  WARN = "warn",
+  ERROR = "error",
+}
+
+const LOG_INDEX: { [key in LogLevel]: number } = {
+  [LogLevel.TRACE]: 1,
+  [LogLevel.DEBUG]: 2,
+  [LogLevel.INFO]: 3,
+  [LogLevel.WARN]: 4,
+  [LogLevel.ERROR]: 5,
+}
+
+const setIndex = LOG_INDEX[process.env.LOG_LEVEL as LogLevel]
+
+if (setIndex > LOG_INDEX.trace) {
+  global.console.trace = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.debug) {
+  global.console.debug = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.info) {
+  global.console.info = jest.fn()
+  global.console.log = jest.fn()
+}
+
+if (setIndex > LOG_INDEX.warn) {
+  global.console.warn = jest.fn()
+}
diff --git a/packages/worker/src/tests/structures/configs.ts b/packages/worker/src/tests/structures/configs.ts
index 2c76f271c4..d50f5ebc72 100644
--- a/packages/worker/src/tests/structures/configs.ts
+++ b/packages/worker/src/tests/structures/configs.ts
@@ -1,9 +1,15 @@
-import { Config } from "../../constants"
 import { utils } from "@budibase/backend-core"
+import {
+  SettingsConfig,
+  ConfigType,
+  SMTPConfig,
+  GoogleConfig,
+  OIDCConfig,
+} from "@budibase/types"
 
-export function oidc(conf?: any) {
+export function oidc(conf?: any): OIDCConfig {
   return {
-    type: Config.OIDC,
+    type: ConfigType.OIDC,
     config: {
       configs: [
         {
@@ -21,9 +27,9 @@ export function oidc(conf?: any) {
   }
 }
 
-export function google(conf?: any) {
+export function google(conf?: any): GoogleConfig {
   return {
-    type: Config.GOOGLE,
+    type: ConfigType.GOOGLE,
     config: {
       clientID: "clientId",
       clientSecret: "clientSecret",
@@ -33,9 +39,9 @@ export function google(conf?: any) {
   }
 }
 
-export function smtp(conf?: any) {
+export function smtp(conf?: any): SMTPConfig {
   return {
-    type: Config.SMTP,
+    type: ConfigType.SMTP,
     config: {
       port: 12345,
       host: "smtptesthost.com",
@@ -47,25 +53,26 @@ export function smtp(conf?: any) {
   }
 }
 
-export function smtpEthereal() {
+export function smtpEthereal(): SMTPConfig {
   return {
-    type: Config.SMTP,
+    type: ConfigType.SMTP,
     config: {
       port: 587,
       host: "smtp.ethereal.email",
+      from: "testfrom@test.com",
       secure: false,
       auth: {
-        user: "don.bahringer@ethereal.email",
-        pass: "yCKSH8rWyUPbnhGYk9",
+        user: "wyatt.zulauf29@ethereal.email",
+        pass: "tEwDtHBWWxusVWAPfa",
       },
       connectionTimeout: 1000, // must be less than the jest default of 5000
     },
   }
 }
 
-export function settings(conf?: any) {
+export function settings(conf?: any): SettingsConfig {
   return {
-    type: Config.SETTINGS,
+    type: ConfigType.SETTINGS,
     config: {
       platformUrl: "http://localhost:10000",
       logoUrl: "",
diff --git a/packages/worker/src/tests/structures/index.ts b/packages/worker/src/tests/structures/index.ts
index dad055f7a7..bec15df6dd 100644
--- a/packages/worker/src/tests/structures/index.ts
+++ b/packages/worker/src/tests/structures/index.ts
@@ -1,6 +1,5 @@
 import { structures } from "@budibase/backend-core/tests"
 import * as configs from "./configs"
-import * as users from "./users"
 import * as groups from "./groups"
 import { v4 as uuid } from "uuid"
 
@@ -11,7 +10,6 @@ const pkg = {
   ...structures,
   uuid,
   configs,
-  users,
   TENANT_ID,
   CSRF_TOKEN,
   groups,
diff --git a/packages/worker/src/tests/structures/users.ts b/packages/worker/src/tests/structures/users.ts
deleted file mode 100644
index 3348670b7d..0000000000
--- a/packages/worker/src/tests/structures/users.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-export const email = "test@test.com"
-import { AdminUser, BuilderUser, User } from "@budibase/types"
-import { v4 as uuid } from "uuid"
-
-export const newEmail = () => {
-  return `${uuid()}@test.com`
-}
-
-export const user = (userProps?: any): User => {
-  return {
-    email: newEmail(),
-    password: "test",
-    roles: { app_test: "admin" },
-    ...userProps,
-  }
-}
-
-export const adminUser = (userProps?: any): AdminUser => {
-  return {
-    ...user(userProps),
-    admin: {
-      global: true,
-    },
-    builder: {
-      global: true,
-    },
-  }
-}
-
-export const builderUser = (userProps?: any): BuilderUser => {
-  return {
-    ...user(userProps),
-    builder: {
-      global: true,
-    },
-  }
-}
diff --git a/packages/worker/src/utilities/email.ts b/packages/worker/src/utilities/email.ts
index 7ec3447707..4fd8a82161 100644
--- a/packages/worker/src/utilities/email.ts
+++ b/packages/worker/src/utilities/email.ts
@@ -1,11 +1,11 @@
 import env from "../environment"
-import { EmailTemplatePurpose, TemplateType, Config } from "../constants"
+import { EmailTemplatePurpose, TemplateType } from "../constants"
 import { getTemplateByPurpose } from "../constants/templates"
 import { getSettingsTemplateContext } from "./templates"
 import { processString } from "@budibase/string-templates"
 import { getResetPasswordCode, getInviteCode } from "./redis"
-import { User, Database } from "@budibase/types"
-import { tenancy, db as dbCore } from "@budibase/backend-core"
+import { User, SMTPInnerConfig } from "@budibase/types"
+import { configs } from "@budibase/backend-core"
 const nodemailer = require("nodemailer")
 
 type SendEmailOpts = {
@@ -26,7 +26,7 @@ type SendEmailOpts = {
   automation?: boolean
 }
 
-const TEST_MODE = false
+const TEST_MODE = env.ENABLE_EMAIL_TEST_MODE && env.isDev()
 const TYPE = TemplateType.EMAIL
 
 const FULL_EMAIL_PURPOSES = [
@@ -36,24 +36,24 @@ const FULL_EMAIL_PURPOSES = [
   EmailTemplatePurpose.CUSTOM,
 ]
 
-function createSMTPTransport(config: any) {
+function createSMTPTransport(config?: SMTPInnerConfig) {
   let options: any
-  let secure = config.secure
+  let secure = config?.secure
   // default it if not specified
   if (secure == null) {
-    secure = config.port === 465
+    secure = config?.port === 465
   }
   if (!TEST_MODE) {
     options = {
-      port: config.port,
-      host: config.host,
+      port: config?.port,
+      host: config?.host,
       secure: secure,
-      auth: config.auth,
+      auth: config?.auth,
     }
     options.tls = {
       rejectUnauthorized: false,
     }
-    if (config.connectionTimeout) {
+    if (config?.connectionTimeout) {
       options.connectionTimeout = config.connectionTimeout
     }
   } else {
@@ -62,8 +62,8 @@ function createSMTPTransport(config: any) {
       host: "smtp.ethereal.email",
       secure: false,
       auth: {
-        user: "don.bahringer@ethereal.email",
-        pass: "yCKSH8rWyUPbnhGYk9",
+        user: "wyatt.zulauf29@ethereal.email",
+        pass: "tEwDtHBWWxusVWAPfa",
       },
     }
   }
@@ -134,57 +134,16 @@ async function buildEmail(
   })
 }
 
-/**
- * Utility function for finding most valid SMTP configuration.
- * @param {object} db The CouchDB database which is to be looked up within.
- * @param {string|null} workspaceId If using finer grain control of configs a workspace can be used.
- * @param {boolean|null} automation Whether or not the configuration is being fetched for an email automation.
- * @return {Promise<object|null>} returns the SMTP configuration if it exists
- */
-async function getSmtpConfiguration(
-  db: Database,
-  workspaceId?: string,
-  automation?: boolean
-) {
-  const params: any = {
-    type: Config.SMTP,
-  }
-  if (workspaceId) {
-    params.workspace = workspaceId
-  }
-
-  const customConfig = await dbCore.getScopedConfig(db, params)
-
-  if (customConfig) {
-    return customConfig
-  }
-
-  // Use an SMTP fallback configuration from env variables
-  if (!automation && env.SMTP_FALLBACK_ENABLED) {
-    return {
-      port: env.SMTP_PORT,
-      host: env.SMTP_HOST,
-      secure: false,
-      from: env.SMTP_FROM_ADDRESS,
-      auth: {
-        user: env.SMTP_USER,
-        pass: env.SMTP_PASSWORD,
-      },
-    }
-  }
-}
-
 /**
  * Checks if a SMTP config exists based on passed in parameters.
  * @return {Promise<boolean>} returns true if there is a configuration that can be used.
  */
-export async function isEmailConfigured(workspaceId?: string) {
+export async function isEmailConfigured() {
   // when "testing" or smtp fallback is enabled simply return true
   if (TEST_MODE || env.SMTP_FALLBACK_ENABLED) {
     return true
   }
-  const db = tenancy.getGlobalDB()
-  const config = await getSmtpConfiguration(db, workspaceId)
+  const config = await configs.getSMTPConfig()
   return config != null
 }
 
@@ -202,22 +161,17 @@ export async function sendEmail(
   purpose: EmailTemplatePurpose,
   opts: SendEmailOpts
 ) {
-  const db = tenancy.getGlobalDB()
-  let config =
-    (await getSmtpConfiguration(db, opts?.workspaceId, opts?.automation)) || {}
-  if (Object.keys(config).length === 0 && !TEST_MODE) {
+  const config = await configs.getSMTPConfig(opts?.automation)
+  if (!config && !TEST_MODE) {
     throw "Unable to find SMTP configuration."
   }
   const transport = createSMTPTransport(config)
   // if there is a link code needed this will retrieve it
   const code = await getLinkCode(purpose, email, opts.user, opts?.info)
-  let context
-  if (code) {
-    context = await getSettingsTemplateContext(purpose, code)
-  }
+  let context = await getSettingsTemplateContext(purpose, code)
 
   let message: any = {
-    from: opts?.from || config.from,
+    from: opts?.from || config?.from,
     html: await buildEmail(purpose, email, context, {
       user: opts?.user,
       contents: opts?.contents,
@@ -231,9 +185,9 @@ export async function sendEmail(
     bcc: opts?.bcc,
   }
 
-  if (opts?.subject || config.subject) {
+  if (opts?.subject || config?.subject) {
     message.subject = await processString(
-      opts?.subject || config.subject,
+      (opts?.subject || config?.subject) as string,
       context
     )
   }
@@ -249,7 +203,7 @@ export async function sendEmail(
  * @param {object} config an SMTP configuration - this is based on the nodemailer API.
  * @return {Promise<boolean>} returns true if the configuration is valid.
  */
-export async function verifyConfig(config: any) {
+export async function verifyConfig(config: SMTPInnerConfig) {
   const transport = createSMTPTransport(config)
   await transport.verify()
 }
diff --git a/packages/worker/src/utilities/redis.ts b/packages/worker/src/utilities/redis.ts
index 893ec9f0a8..7b3f251c0e 100644
--- a/packages/worker/src/utilities/redis.ts
+++ b/packages/worker/src/utilities/redis.ts
@@ -7,7 +7,7 @@ function getExpirySecondsForDB(db: string) {
       return 3600
     case redis.utils.Databases.INVITATIONS:
       // a day
-      return 86400
+      return 604800
   }
 }
 
@@ -29,11 +29,25 @@ async function writeACode(db: string, value: any) {
   return code
 }
 
+async function updateACode(db: string, code: string, value: any) {
+  const client = await getClient(db)
+  await client.store(code, value, getExpirySecondsForDB(db))
+}
+
+/**
+ * Given an invite code and invite body, allow the update an existing/valid invite in redis
+ * @param {string} inviteCode The invite code for an invite in redis
+ * @param {object} value The body of the updated user invitation
+ */
+export async function updateInviteCode(inviteCode: string, value: string) {
+  await updateACode(redis.utils.Databases.INVITATIONS, inviteCode, value)
+}
+
 async function getACode(db: string, code: string, deleteCode = true) {
   const client = await getClient(db)
   const value = await client.get(code)
   if (!value) {
-    throw "Invalid code."
+    throw new Error("Invalid code.")
   }
   if (deleteCode) {
     await client.delete(code)
@@ -54,6 +68,8 @@ export async function init() {
 export async function shutdown() {
   if (pwResetClient) await pwResetClient.finish()
   if (invitationClient) await invitationClient.finish()
+  // shutdown core clients
+  await redis.clients.shutdown()
   console.log("Redis shutdown")
 }
 
@@ -111,3 +127,27 @@ export async function checkInviteCode(
     throw "Invitation is not valid or has expired, please request a new one."
   }
 }
+
+/** 
+  Get all currently available user invitations.
+  @return {Object[]} A list of all objects containing invite metadata
+**/
+export async function getInviteCodes(tenantIds?: string[]) {
+  const client = await getClient(redis.utils.Databases.INVITATIONS)
+  const invites: any[] = await client.scan()
+
+  const results = invites.map(invite => {
+    return {
+      ...invite.value,
+      code: invite.key,
+    }
+  })
+  return results.reduce((acc, invite) => {
+    if (tenantIds?.length && tenantIds.includes(invite.info.tenantId)) {
+      acc.push(invite)
+    } else {
+      acc.push(invite)
+    }
+    return acc
+  }, [])
+}
diff --git a/packages/worker/src/utilities/templates.ts b/packages/worker/src/utilities/templates.ts
index ede95dbe4a..1597325c7c 100644
--- a/packages/worker/src/utilities/templates.ts
+++ b/packages/worker/src/utilities/templates.ts
@@ -1,6 +1,5 @@
-import { db as dbCore, tenancy } from "@budibase/backend-core"
+import { tenancy, configs } from "@budibase/backend-core"
 import {
-  Config,
   InternalTemplateBinding,
   LOGO_URL,
   EmailTemplatePurpose,
@@ -10,20 +9,16 @@ const BASE_COMPANY = "Budibase"
 
 export async function getSettingsTemplateContext(
   purpose: EmailTemplatePurpose,
-  code?: string
+  code?: string | null
 ) {
-  const db = tenancy.getGlobalDB()
-  // TODO: use more granular settings in the future if required
-  let settings =
-    (await dbCore.getScopedConfig(db, { type: Config.SETTINGS })) || {}
+  let settings = await configs.getSettingsConfig()
   const URL = settings.platformUrl
   const context: any = {
     [InternalTemplateBinding.LOGO_URL]:
       checkSlashesInUrl(`${URL}/${settings.logoUrl}`) || LOGO_URL,
     [InternalTemplateBinding.PLATFORM_URL]: URL,
     [InternalTemplateBinding.COMPANY]: settings.company || BASE_COMPANY,
-    [InternalTemplateBinding.DOCS_URL]:
-      settings.docsUrl || "https://docs.budibase.com/",
+    [InternalTemplateBinding.DOCS_URL]: "https://docs.budibase.com/",
     [InternalTemplateBinding.LOGIN_URL]: checkSlashesInUrl(
       tenancy.addTenantToUrl(`${URL}/login`)
     ),
diff --git a/packages/worker/yarn.lock b/packages/worker/yarn.lock
index d1f13b4d46..0b5f083bb4 100644
--- a/packages/worker/yarn.lock
+++ b/packages/worker/yarn.lock
@@ -475,13 +475,14 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.16.tgz#05a8434501718b9eab0109be03c677c1d546fe17"
-  integrity sha512-wMuqxKVua3/3XejUMH/fJQgu1kK6t4HYpB5AY58sumNSLbFFp1MyqL+1LMSmpUY0nbjExq+9+wseNsnbWicWUw==
+"@budibase/backend-core@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.21-alpha.1.tgz#151eaee7f30a3c9bf8e5ab3c30bdbb67a34f9b26"
+  integrity sha512-YyclBgY7YGjlzjI2fNRSj4vJfudXB+1KjZBvZ5EhGKvPZDqhIE+I+7nXRxxFxTtEe0m+p673KjntgREybXPZaQ==
   dependencies:
-    "@budibase/nano" "10.1.1"
-    "@budibase/types" "^2.3.16"
+    "@budibase/nano" "10.1.2"
+    "@budibase/pouchdb-replication-stream" "1.2.10"
+    "@budibase/types" "2.3.21-alpha.1"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
     aws-cloudfront-sign "2.2.0"
@@ -506,7 +507,6 @@
     posthog-node "1.3.0"
     pouchdb "7.3.0"
     pouchdb-find "7.2.2"
-    pouchdb-replication-stream "1.2.9"
     redlock "4.2.0"
     sanitize-s3-objectkey "0.0.1"
     semver "7.3.7"
@@ -514,10 +514,35 @@
     uuid "8.3.2"
     zlib "1.0.5"
 
-"@budibase/nano@10.1.1":
-  version "10.1.1"
-  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
-  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+"@budibase/handlebars-helpers@^0.11.8":
+  version "0.11.8"
+  resolved "https://registry.yarnpkg.com/@budibase/handlebars-helpers/-/handlebars-helpers-0.11.8.tgz#6953d29673a8c5c407e096c0a84890465c7ce841"
+  integrity sha512-ggWJUt0GqsHFAEup5tlWlcrmYML57nKhpNGGLzVsqXVYN8eVmf3xluYmmMe7fDYhQH0leSprrdEXmsdFQF3HAQ==
+  dependencies:
+    array-sort "^1.0.0"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    for-in "^1.0.2"
+    get-object "^0.2.0"
+    get-value "^3.0.1"
+    handlebars "^4.7.7"
+    handlebars-utils "^1.0.6"
+    has-value "^2.0.2"
+    helper-md "^0.2.2"
+    html-tag "^2.0.0"
+    is-even "^1.0.0"
+    is-glob "^4.0.1"
+    kind-of "^6.0.3"
+    micromatch "^3.1.5"
+    relative "^3.0.2"
+    striptags "^3.1.1"
+    to-gfm-code-block "^0.1.1"
+    year "^0.2.1"
+
+"@budibase/nano@10.1.2":
+  version "10.1.2"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.2.tgz#10fae5a1ab39be6a81261f40e7b7ec6d21cbdd4a"
+  integrity sha512-1w+YN2n/M5aZ9hBKCP4NEjdQbT8BfCLRizkdvm0Je665eEHw3aE1hvo8mon9Ro9QuDdxj1DfDMMFnym6/QUwpQ==
   dependencies:
     "@types/tough-cookie" "^4.0.2"
     axios "^1.1.3"
@@ -526,24 +551,51 @@
     qs "^6.11.0"
     tough-cookie "^4.1.2"
 
-"@budibase/pro@2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.16.tgz#3eca93b826ed6da5b6941d8b384c34c57da2b1b4"
-  integrity sha512-lIbPXOs61WP7jE80XHRDkBRmSEMYjiaog+qw0dUVP+Kp1QvBDa5Bdg7ESiy8YBae2+55FqXsb8nXjsqqbwFWDA==
+"@budibase/pouchdb-replication-stream@1.2.10":
+  version "1.2.10"
+  resolved "https://registry.yarnpkg.com/@budibase/pouchdb-replication-stream/-/pouchdb-replication-stream-1.2.10.tgz#4100df2effd7c823edadddcdbdc380f6827eebf5"
+  integrity sha512-1zeorOwbelZ7HF5vFB+pKE8Mnh31om8k1M6T3AZXVULYTHLsyJrMTozSv5CJ1P8ZfOIJab09HDzCXDh2icFekg==
   dependencies:
-    "@budibase/backend-core" "2.3.16"
-    "@budibase/types" "2.3.16"
+    argsarray "0.0.1"
+    inherits "^2.0.3"
+    lodash.pick "^4.0.0"
+    ndjson "^1.4.3"
+    pouch-stream "^0.4.0"
+    pouchdb-promise "^6.0.4"
+    through2 "^2.0.0"
+
+"@budibase/pro@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-2.3.21-alpha.1.tgz#c7ccff06c36b7dafbdaafdfb525c2ca72ebfd050"
+  integrity sha512-oxOM+0le4SNk2b9jI9sym8qBwi4Uu1soJG68TSdoLluHXzQsXJNrwueO5FY8PS+50Y2HmeIQPCVw2fGWRC7Cjg==
+  dependencies:
+    "@budibase/backend-core" "2.3.21-alpha.1"
+    "@budibase/string-templates" "2.3.20"
+    "@budibase/types" "2.3.21-alpha.1"
     "@koa/router" "8.0.8"
     bull "4.10.1"
     joi "17.6.0"
     jsonwebtoken "8.5.1"
     lru-cache "^7.14.1"
+    memorystream "^0.3.1"
     node-fetch "^2.6.1"
 
-"@budibase/types@2.3.16", "@budibase/types@^2.3.16":
-  version "2.3.16"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.16.tgz#6d94b5f34ca58bcca1cca45737d0d1d0b21c9413"
-  integrity sha512-7caUKOlhleQL5gRqcgxSWvHcWIbl8hRPFl5ttWlLTfGO7BDMIRrcW7Wmptmgzoc6MiNCQAQ/uuZ8DeVOlJKRBA==
+"@budibase/string-templates@2.3.20":
+  version "2.3.20"
+  resolved "https://registry.yarnpkg.com/@budibase/string-templates/-/string-templates-2.3.20.tgz#35f74b6f515e8127cc375ee0a4679b0a7c117588"
+  integrity sha512-wMKau3IzVF6M+dRu99aKV1yMdrrK5lghVm9qYtR1B163SMbHEwC8JmZFGPLIi1XsG0T+vw+xfcemfJ2zcATWwg==
+  dependencies:
+    "@budibase/handlebars-helpers" "^0.11.8"
+    dayjs "^1.10.4"
+    handlebars "^4.7.6"
+    handlebars-utils "^1.0.6"
+    lodash "^4.17.20"
+    vm2 "^3.9.4"
+
+"@budibase/types@2.3.21-alpha.1":
+  version "2.3.21-alpha.1"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.21-alpha.1.tgz#d606f5f8d47ad5e50f80b09ae0434802b810c041"
+  integrity sha512-55Hk7/s7IV4+u1IjuKwlHKPKutsKbHbNbKPK0FStiZgCMG7/+GPysRWdSY9VgLL9XPHOlQ5dtI6jzuWU7ihH/g==
 
 "@cspotcode/source-map-support@^0.8.0":
   version "0.8.1"
@@ -834,17 +886,6 @@
     slash "^3.0.0"
     write-file-atomic "^4.0.1"
 
-"@jest/types@^26.6.2":
-  version "26.6.2"
-  resolved "https://registry.yarnpkg.com/@jest/types/-/types-26.6.2.tgz#bef5a532030e1d88a2f5a6d933f84e97226ed48e"
-  integrity sha512-fC6QCp7Sc5sX6g8Tvbmj4XUTbyrik0akgRy03yjXbQaBWWNWGE7SGtJk98m0N8nzegD/7SggrUlivxo5ax4KWQ==
-  dependencies:
-    "@types/istanbul-lib-coverage" "^2.0.0"
-    "@types/istanbul-reports" "^3.0.0"
-    "@types/node" "*"
-    "@types/yargs" "^15.0.0"
-    chalk "^4.0.0"
-
 "@jest/types@^27.5.1":
   version "27.5.1"
   resolved "https://registry.yarnpkg.com/@jest/types/-/types-27.5.1.tgz#3c79ec4a8ba61c170bf937bcf9e98a9df175ec80"
@@ -1404,6 +1445,11 @@
   resolved "https://registry.yarnpkg.com/@types/content-disposition/-/content-disposition-0.5.5.tgz#650820e95de346e1f84e30667d168c8fd25aa6e3"
   integrity sha512-v6LCdKfK6BwcqMo+wYW05rLS12S0ZO0Fl4w1h4aaZMD7bqT3gVUns6FvLJKGZHQmYn3SX55JWGpziwJRwVgutA==
 
+"@types/cookiejar@*":
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/@types/cookiejar/-/cookiejar-2.1.2.tgz#66ad9331f63fe8a3d3d9d8c6e3906dd10f6446e8"
+  integrity sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==
+
 "@types/cookies@*":
   version "0.7.7"
   resolved "https://registry.yarnpkg.com/@types/cookies/-/cookies-0.7.7.tgz#7a92453d1d16389c05a5301eef566f34946cfd81"
@@ -1500,13 +1546,13 @@
   dependencies:
     "@types/istanbul-lib-report" "*"
 
-"@types/jest@26.0.23":
-  version "26.0.23"
-  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-26.0.23.tgz#a1b7eab3c503b80451d019efb588ec63522ee4e7"
-  integrity sha512-ZHLmWMJ9jJ9PTiT58juykZpL7KjwJywFN3Rr2pTSkyQfydf/rk22yS7W8p5DaVUMQ2BQC7oYiU3FjbTM/mYrOA==
+"@types/jest@28.1.1":
+  version "28.1.1"
+  resolved "https://registry.yarnpkg.com/@types/jest/-/jest-28.1.1.tgz#8c9ba63702a11f8c386ee211280e8b68cb093cd1"
+  integrity sha512-C2p7yqleUKtCkVjlOur9BWVA4HgUQmEj/HWCt5WzZ5mLXrWnyIfl0wGuArc+kBXsy0ZZfLp+7dywB4HtSVYGVA==
   dependencies:
-    jest-diff "^26.0.0"
-    pretty-format "^26.0.0"
+    jest-matcher-utils "^27.0.0"
+    pretty-format "^27.0.0"
 
 "@types/json-buffer@~3.0.0":
   version "3.0.0"
@@ -1781,6 +1827,21 @@
   resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c"
   integrity sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==
 
+"@types/superagent@*":
+  version "4.1.16"
+  resolved "https://registry.yarnpkg.com/@types/superagent/-/superagent-4.1.16.tgz#12c9c16f232f9d89beab91d69368f96ce8e2d881"
+  integrity sha512-tLfnlJf6A5mB6ddqF159GqcDizfzbMUB1/DeT59/wBNqzRTNNKsaw79A/1TZ84X+f/EwWH8FeuSkjlCLyqS/zQ==
+  dependencies:
+    "@types/cookiejar" "*"
+    "@types/node" "*"
+
+"@types/supertest@2.0.12":
+  version "2.0.12"
+  resolved "https://registry.yarnpkg.com/@types/supertest/-/supertest-2.0.12.tgz#ddb4a0568597c9aadff8dbec5b2e8fddbe8692fc"
+  integrity sha512-X3HPWTwXRerBZS7Mo1k6vMVR1Z6zmJcDVn5O/31whe0tnjE4te6ZJSJGq1RiqHPjzPdMTfjCFogDJmwng9xHaQ==
+  dependencies:
+    "@types/superagent" "*"
+
 "@types/tough-cookie@^4.0.2":
   version "4.0.2"
   resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
@@ -1796,13 +1857,6 @@
   resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.0.tgz#0c60e537fa790f5f9472ed2776c2b71ec117351b"
   integrity sha512-iO9ZQHkZxHn4mSakYV0vFHAVDyEOIJQrV2uZ06HxEPcx+mt8swXoZHIbaaJ2crJYFfErySgktuTZ3BeLz+XmFA==
 
-"@types/yargs@^15.0.0":
-  version "15.0.14"
-  resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-15.0.14.tgz#26d821ddb89e70492160b66d10a0eb6df8f6fb06"
-  integrity sha512-yEJzHoxf6SyQGhBhIYGXQDSCkJjB6HohDShto7m8vaKg9Yp0Yn8+71J9eakh2bnPg6BfsH9PRMhiRTZnd4eXGQ==
-  dependencies:
-    "@types/yargs-parser" "*"
-
 "@types/yargs@^16.0.0":
   version "16.0.5"
   resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-16.0.5.tgz#12cc86393985735a283e387936398c2f9e5f88e3"
@@ -1915,7 +1969,7 @@ acorn-jsx@^5.2.0:
   resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937"
   integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==
 
-acorn-walk@^8.1.1:
+acorn-walk@^8.1.1, acorn-walk@^8.2.0:
   version "8.2.0"
   resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.2.0.tgz#741210f2e2426454508853a2f44d0ab83b7f69c1"
   integrity sha512-k+iyHEuPgSw6SbuDpGQM+06HQUa04DZ3o+F6CSzXMvvI5KMvnaEqXe+YVe555R9nn6GPt404fos4wcgpw12SDA==
@@ -1935,6 +1989,11 @@ acorn@^8.4.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.7.1.tgz#0197122c843d1bf6d0a5e83220a788f278f63c30"
   integrity sha512-Xx54uLJQZ19lKygFXOWsscKUbsBZW0CPykPhVQdhIeIwrbPmJzqeASDInc8nKBnp/JT6igTs82qPXz069H8I/A==
 
+acorn@^8.7.0:
+  version "8.8.2"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
+  integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
+
 after-all-results@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/after-all-results/-/after-all-results-2.0.0.tgz#6ac2fc202b500f88da8f4f5530cfa100f4c6a2d0"
@@ -1990,7 +2049,7 @@ ansi-regex@^4.1.0:
   resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-4.1.1.tgz#164daac87ab2d6f6db3a29875e2d1766582dabed"
   integrity sha512-ILlv4k/3f6vfQ4OoP2AGvirOktlQ98ZEL1k9FaQjxa3L1abBgbuTDAdPOpvbGncC0BTVQrl+OM8xZGK6tWXt7g==
 
-ansi-regex@^5.0.0, ansi-regex@^5.0.1:
+ansi-regex@^5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
   integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
@@ -2045,7 +2104,7 @@ arg@^4.1.0:
   resolved "https://registry.yarnpkg.com/arg/-/arg-4.1.3.tgz#269fc7ad5b8e42cb63c896d5666017261c144089"
   integrity sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==
 
-argparse@^1.0.7:
+argparse@^1.0.10, argparse@^1.0.7:
   version "1.0.10"
   resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911"
   integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==
@@ -2067,11 +2126,40 @@ argsarray@0.0.1:
   resolved "https://registry.yarnpkg.com/argsarray/-/argsarray-0.0.1.tgz#6e7207b4ecdb39b0af88303fa5ae22bda8df61cb"
   integrity sha512-u96dg2GcAKtpTrBdDoFIM7PjcBA+6rSP0OR94MOReNRyUECL6MtQt5XXmRr4qrftYaef9+l5hcpO5te7sML1Cg==
 
+arr-diff@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520"
+  integrity sha512-YVIQ82gZPGBebQV/a8dar4AitzCQs0jjXwMPZllpXMaGjXPYVUawSxQrRsjhjupyVxEvbHgUmIhKVlND+j02kA==
+
+arr-flatten@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/arr-flatten/-/arr-flatten-1.1.0.tgz#36048bbff4e7b47e136644316c99669ea5ae91f1"
+  integrity sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==
+
+arr-union@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4"
+  integrity sha512-sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q==
+
+array-sort@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/array-sort/-/array-sort-1.0.0.tgz#e4c05356453f56f53512a7d1d6123f2c54c0a88a"
+  integrity sha512-ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg==
+  dependencies:
+    default-compare "^1.0.0"
+    get-value "^2.0.6"
+    kind-of "^5.0.2"
+
 array-union@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d"
   integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==
 
+array-unique@^0.3.2:
+  version "0.3.2"
+  resolved "https://registry.yarnpkg.com/array-unique/-/array-unique-0.3.2.tgz#a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"
+  integrity sha512-SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ==
+
 asap@^2.0.0:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/asap/-/asap-2.0.6.tgz#e50347611d7e690943208bbdafebcbc2fb866d46"
@@ -2089,6 +2177,11 @@ assert-plus@1.0.0, assert-plus@^1.0.0:
   resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
   integrity sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==
 
+assign-symbols@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
+  integrity sha512-Q+JC7Whu8HhmTdBph/Tq59IoRtoy6KAm5zzPv00WdujX82lbAL8K7WVjne7vdCsAmbF4AYaDOPyO3k0kl8qIrw==
+
 ast-types@0.9.6:
   version "0.9.6"
   resolved "https://registry.yarnpkg.com/ast-types/-/ast-types-0.9.6.tgz#102c9e9e9005d3e7e3829bf0c4fa24ee862ee9b9"
@@ -2123,11 +2216,23 @@ asynckit@^0.4.0:
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
+atob@^2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
+  integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==
+
 atomic-sleep@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/atomic-sleep/-/atomic-sleep-1.0.0.tgz#eb85b77a601fc932cfe432c5acd364a9e2c9075b"
   integrity sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==
 
+autolinker@~0.28.0:
+  version "0.28.1"
+  resolved "https://registry.yarnpkg.com/autolinker/-/autolinker-0.28.1.tgz#0652b491881879f0775dace0cdca3233942a4e47"
+  integrity sha512-zQAFO1Dlsn69eXaO6+7YZc+v84aquQKbwpzCE3L0stj56ERn9hutFxPopViLjo9G+rWwjozRhgS5KJ25Xy19cQ==
+  dependencies:
+    gulp-header "^1.7.1"
+
 aws-cloudfront-sign@2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/aws-cloudfront-sign/-/aws-cloudfront-sign-2.2.0.tgz#3910f5a6d0d90fec07f2b4ef8ab07f3eefb5625d"
@@ -2264,6 +2369,19 @@ base64url@3.x.x, base64url@^3.0.1:
   resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
   integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
 
+base@^0.11.1:
+  version "0.11.2"
+  resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
+  integrity sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==
+  dependencies:
+    cache-base "^1.0.1"
+    class-utils "^0.3.5"
+    component-emitter "^1.2.1"
+    define-property "^1.0.0"
+    isobject "^3.0.1"
+    mixin-deep "^1.2.0"
+    pascalcase "^0.1.1"
+
 basic-auth@^2.0.1:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/basic-auth/-/basic-auth-2.0.1.tgz#b998279bf47ce38344b4f3cf916d4679bbf51e3a"
@@ -2342,6 +2460,22 @@ brace-expansion@^1.1.7:
     balanced-match "^1.0.0"
     concat-map "0.0.1"
 
+braces@^2.3.1:
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/braces/-/braces-2.3.2.tgz#5979fd3f14cd531565e5fa2df1abfff1dfaee729"
+  integrity sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==
+  dependencies:
+    arr-flatten "^1.1.0"
+    array-unique "^0.3.2"
+    extend-shallow "^2.0.1"
+    fill-range "^4.0.0"
+    isobject "^3.0.1"
+    repeat-element "^1.1.2"
+    snapdragon "^0.8.1"
+    snapdragon-node "^2.0.1"
+    split-string "^3.0.2"
+    to-regex "^3.0.1"
+
 braces@^3.0.2, braces@~3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107"
@@ -2453,6 +2587,21 @@ bytes@3.1.2, bytes@^3.0.0:
   resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5"
   integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
 
+cache-base@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/cache-base/-/cache-base-1.0.1.tgz#0a7f46416831c8b662ee36fe4e7c59d76f666ab2"
+  integrity sha512-AKcdTnFSWATd5/GCPRxr2ChwIJ85CeyrEyjRHlKxQ56d4XJMGym0uAiKn0xbLOGOl3+yRpOTi484dVCEc5AUzQ==
+  dependencies:
+    collection-visit "^1.0.0"
+    component-emitter "^1.2.1"
+    get-value "^2.0.6"
+    has-value "^1.0.0"
+    isobject "^3.0.1"
+    set-value "^2.0.0"
+    to-object-path "^0.3.0"
+    union-value "^1.0.0"
+    unset-value "^1.0.0"
+
 cache-content-type@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/cache-content-type/-/cache-content-type-1.0.1.tgz#035cde2b08ee2129f4a8315ea8f00a00dba1453c"
@@ -2607,6 +2756,16 @@ cjs-module-lexer@^1.0.0:
   resolved "https://registry.yarnpkg.com/cjs-module-lexer/-/cjs-module-lexer-1.2.2.tgz#9f84ba3244a512f3a54e5277e8eef4c489864e40"
   integrity sha512-cOU9usZw8/dXIXKtwa8pM0OTJQuJkxMN6w30csNRUerHfeQ5R6U3kkU/FtJeIf3M202OHfY2U8ccInBG7/xogA==
 
+class-utils@^0.3.5:
+  version "0.3.6"
+  resolved "https://registry.yarnpkg.com/class-utils/-/class-utils-0.3.6.tgz#f93369ae8b9a7ce02fd41faad0ca83033190c463"
+  integrity sha512-qOhPa/Fj7s6TY8H8esGu5QNpMMQxz79h+urzrNYN6mn+9BnxlDGf5QZ+XeCDsxSjPqsSR56XOZOJmpeurnLMeg==
+  dependencies:
+    arr-union "^3.1.0"
+    define-property "^0.2.5"
+    isobject "^3.0.0"
+    static-extend "^0.1.1"
+
 cli-boxes@^2.2.1:
   version "2.2.1"
   resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-2.2.1.tgz#ddd5035d25094fce220e9cab40a45840a440318f"
@@ -2679,6 +2838,14 @@ collect-v8-coverage@^1.0.0:
   resolved "https://registry.yarnpkg.com/collect-v8-coverage/-/collect-v8-coverage-1.0.1.tgz#cc2c8e94fc18bbdffe64d6534570c8a673b27f59"
   integrity sha512-iBPtljfCNcTKNAto0KEtDfZ3qzjJvqE3aTGZsbhjSBlorqpXJlaWWtPO35D+ZImoC3KWejX64o+yPGxhWSTzfg==
 
+collection-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/collection-visit/-/collection-visit-1.0.0.tgz#4bc0373c164bc3291b4d368c829cf1a80a59dca0"
+  integrity sha512-lNkKvzEeMBBjUGHZ+q6z9pSJla0KWAQPvtzhEV9+iGyQYG+pBpl7xKDhxoNSOZH2hhv0v5k0y2yAM4o4SjoSkw==
+  dependencies:
+    map-visit "^1.0.0"
+    object-visit "^1.0.0"
+
 color-convert@^1.9.0:
   version "1.9.3"
   resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-1.9.3.tgz#bb71850690e1f136567de629d2d5471deda4c1e8"
@@ -2735,7 +2902,7 @@ commoner@^0.10.1:
     q "^1.1.2"
     recast "^0.11.17"
 
-component-emitter@^1.3.0:
+component-emitter@^1.2.1, component-emitter@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
   integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==
@@ -2765,6 +2932,13 @@ concat-map@0.0.1:
   resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b"
   integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==
 
+concat-with-sourcemaps@*:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/concat-with-sourcemaps/-/concat-with-sourcemaps-1.1.0.tgz#d4ea93f05ae25790951b99e7b3b09e3908a4082e"
+  integrity sha512-4gEjHJFT9e+2W/77h/DS5SGUgwDaOwprX8L/gl5+3ixnzkVJJsZWDSelmN3Oilw3LNDZjZV0yqH1hLG3k6nghg==
+  dependencies:
+    source-map "^0.6.1"
+
 configstore@^5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/configstore/-/configstore-5.0.1.tgz#d365021b5df4b98cdd187d6a3b0e3f6a7cc5ed96"
@@ -2834,6 +3008,11 @@ cookies@~0.8.0:
     depd "~2.0.0"
     keygrip "~1.1.0"
 
+copy-descriptor@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/copy-descriptor/-/copy-descriptor-0.1.1.tgz#676f6eb3c39997c2ee1ac3a924fd6124748f578d"
+  integrity sha512-XgZ0pFcakEUlbwQEVNg3+QAis1FyTL3Qel9FYy8pSkQqoG3PNoT0bOCQtOXcOkur21r2Eq2kI+IE+gsmAEVlYw==
+
 copyfiles@2.4.1:
   version "2.4.1"
   resolved "https://registry.yarnpkg.com/copyfiles/-/copyfiles-2.4.1.tgz#d2dcff60aaad1015f09d0b66e7f0f1c5cd3c5da5"
@@ -2946,6 +3125,11 @@ dateformat@^4.5.1:
   resolved "https://registry.yarnpkg.com/dateformat/-/dateformat-4.6.3.tgz#556fa6497e5217fedb78821424f8a1c22fa3f4b5"
   integrity sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA==
 
+dayjs@^1.10.4:
+  version "1.11.7"
+  resolved "https://registry.yarnpkg.com/dayjs/-/dayjs-1.11.7.tgz#4b296922642f70999544d1144a2c25730fce63e2"
+  integrity sha512-+Yw9U6YO5TQohxLcIkrXBeY73WP3ejHWVvx8XCk3gxvQDCTEmS48ZrSZCKciI7Bhl/uCMyxYtE9UqRILmFphkQ==
+
 dd-trace@3.13.2:
   version "3.13.2"
   resolved "https://registry.yarnpkg.com/dd-trace/-/dd-trace-3.13.2.tgz#95b1ec480ab9ac406e1da7591a8c6f678d3799fd"
@@ -2986,6 +3170,13 @@ debug@4, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1, debug@^4.3.1, debug@^4.3.2, d
   dependencies:
     ms "2.1.2"
 
+debug@^2.2.0, debug@^2.3.3:
+  version "2.6.9"
+  resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f"
+  integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
+  dependencies:
+    ms "2.0.0"
+
 debug@^3.1.0, debug@^3.2.7:
   version "3.2.7"
   resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a"
@@ -2998,6 +3189,11 @@ debuglog@^1.0.0:
   resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
   integrity sha512-syBZ+rnAK3EgMsH2aYEOLUW7mZSY9Gb+0wUMCFsZvcmiz+HigA0LOcq/HoQqVuGG+EKykunc7QG2bzrponfaSw==
 
+decode-uri-component@^0.2.0:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9"
+  integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==
+
 decompress-response@^3.3.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-3.3.0.tgz#80a4dd323748384bfa248083622aedec982adff3"
@@ -3037,6 +3233,13 @@ deepmerge@^4.2.2:
   resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
   integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
 
+default-compare@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/default-compare/-/default-compare-1.0.0.tgz#cb61131844ad84d84788fb68fd01681ca7781a2f"
+  integrity sha512-QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ==
+  dependencies:
+    kind-of "^5.0.2"
+
 defer-to-connect@^1.0.1:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-1.1.3.tgz#331ae050c08dcf789f8c83a7b81f0ed94f4ac591"
@@ -3063,6 +3266,28 @@ define-properties@^1.1.3, define-properties@^1.1.4:
     has-property-descriptors "^1.0.0"
     object-keys "^1.1.1"
 
+define-property@^0.2.5:
+  version "0.2.5"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-0.2.5.tgz#c35b1ef918ec3c990f9a5bc57be04aacec5c8116"
+  integrity sha512-Rr7ADjQZenceVOAKop6ALkkRAmH1A4Gx9hV/7ZujPUN2rkATqFO0JZLZInbAjpZYoJ1gUx8MRMQVkYemcbMSTA==
+  dependencies:
+    is-descriptor "^0.1.0"
+
+define-property@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-1.0.0.tgz#769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"
+  integrity sha512-cZTYKFWspt9jZsMscWo8sc/5lbPC9Q0N5nBLgb+Yd915iL3udB1uFgS3B8YCx66UVHq018DAVFoee7x+gxggeA==
+  dependencies:
+    is-descriptor "^1.0.0"
+
+define-property@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/define-property/-/define-property-2.0.2.tgz#d459689e8d654ba77e02a817f8710d702cb16e9d"
+  integrity sha512-jwK2UV4cnPpbcG7+VRARKTZPUWowwXA8bzH5NP6ud0oeAxyYPuGZUAC7hMugpCdz4BeSZl2Dl9k66CHJ/46ZYQ==
+  dependencies:
+    is-descriptor "^1.0.2"
+    isobject "^3.0.1"
+
 defined@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/defined/-/defined-1.0.0.tgz#c98d9bcef75674188e110969151199e39b1fa693"
@@ -3139,10 +3364,10 @@ diagnostics_channel@^1.1.0:
   resolved "https://registry.yarnpkg.com/diagnostics_channel/-/diagnostics_channel-1.1.0.tgz#bd66c49124ce3bac697dff57466464487f57cea5"
   integrity sha512-OE1ngLDjSBPG6Tx0YATELzYzy3RKHC+7veQ8gLa8yS7AAgw65mFbVdcsu3501abqOZCEZqZyAIemB0zXlqDSuw==
 
-diff-sequences@^26.6.2:
-  version "26.6.2"
-  resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-26.6.2.tgz#48ba99157de1923412eed41db6b6d4aa9ca7c0b1"
-  integrity sha512-Mv/TDa3nZ9sbc5soK+OoA74BsS3mL37yixCvUAQkiuA4Wz6YtwP/K47n2rv2ovzHZvoiQeA5FTQOschKkEwB0Q==
+diff-sequences@^27.5.1:
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-27.5.1.tgz#eaecc0d327fd68c8d9672a1e64ab8dccb2ef5327"
+  integrity sha512-k1gCAXAsNgLwEL+Y8Wvl+M6oEFj5bgazfZULpS5CneoPPXRaCCW7dm+q21Ky2VEE5X+VeRDBVg1Pcvvsr4TtNQ==
 
 diff-sequences@^28.1.1:
   version "28.1.1"
@@ -3356,6 +3581,11 @@ end-stream@~0.1.0:
   dependencies:
     write-stream "~0.4.3"
 
+ent@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d"
+  integrity sha512-GHrMyVZQWvTIdDtpiEXdHZnFQKzeO09apj8Cbl4pKWy4i0Oprcq17usfDt5aO63swf0JOeMWjWQE/LzgSRuWpA==
+
 errno@~0.1.1:
   version "0.1.8"
   resolved "https://registry.yarnpkg.com/errno/-/errno-0.1.8.tgz#8bb3e9c7d463be4976ff888f76b4809ebc2e811f"
@@ -3620,6 +3850,19 @@ exit@^0.1.2:
   resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c"
   integrity sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==
 
+expand-brackets@^2.1.4:
+  version "2.1.4"
+  resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622"
+  integrity sha512-w/ozOKR9Obk3qoWeY/WDi6MFta9AoMR+zud60mdnbniMcBxRuFJyDt2LdX/14A1UABeqk+Uk+LDfUpvoGKppZA==
+  dependencies:
+    debug "^2.3.3"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    posix-character-classes "^0.1.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 expand-tilde@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/expand-tilde/-/expand-tilde-1.2.2.tgz#0b81eba897e5a3d31d1c3d102f8f01441e559449"
@@ -3638,6 +3881,26 @@ expect@^28.1.3:
     jest-message-util "^28.1.3"
     jest-util "^28.1.3"
 
+express-useragent@^1.0.15:
+  version "1.0.15"
+  resolved "https://registry.yarnpkg.com/express-useragent/-/express-useragent-1.0.15.tgz#cefda5fa4904345d51d3368b117a8dd4124985d9"
+  integrity sha512-eq5xMiYCYwFPoekffMjvEIk+NWdlQY9Y38OsTyl13IvA728vKT+q/CSERYWzcw93HGBJcIqMIsZC5CZGARPVdg==
+
+extend-shallow@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
+  integrity sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==
+  dependencies:
+    is-extendable "^0.1.0"
+
+extend-shallow@^3.0.0, extend-shallow@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-3.0.2.tgz#26a71aaf073b39fb2127172746131c2704028db8"
+  integrity sha512-BwY5b5Ql4+qZoefgMj2NUmx+tehVTH/Kf4k1ZEtOHNFcm2wSxMRo992l6X3TIgni2eZVTZ85xMOjF31fwZAj6Q==
+  dependencies:
+    assign-symbols "^1.0.0"
+    is-extendable "^1.0.1"
+
 extend@~3.0.2:
   version "3.0.2"
   resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa"
@@ -3652,6 +3915,20 @@ external-editor@^3.0.3:
     iconv-lite "^0.4.24"
     tmp "^0.0.33"
 
+extglob@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/extglob/-/extglob-2.0.4.tgz#ad00fe4dc612a9232e8718711dc5cb5ab0285543"
+  integrity sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==
+  dependencies:
+    array-unique "^0.3.2"
+    define-property "^1.0.0"
+    expand-brackets "^2.1.4"
+    extend-shallow "^2.0.1"
+    fragment-cache "^0.2.1"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 extsprintf@1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/extsprintf/-/extsprintf-1.3.0.tgz#96918440e3041a7a414f8c52e3c574eb3c3e1e05"
@@ -3764,6 +4041,16 @@ file-entry-cache@^5.0.1:
   dependencies:
     flat-cache "^2.0.1"
 
+fill-range@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-4.0.0.tgz#d544811d428f98eb06a63dc402d2403c328c38f7"
+  integrity sha512-VcpLTWqWDiTerugjj8e3+esbg+skS3M9e54UuR3iCeIDMXCLTsAH8hTSzDQU/X6/6t3eYkOKoZSef2PlU6U1XQ==
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+    to-regex-range "^2.1.0"
+
 fill-range@^7.0.1:
   version "7.0.1"
   resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40"
@@ -3828,6 +4115,11 @@ follow-redirects@^1.15.0:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13"
   integrity sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==
 
+for-in@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"
+  integrity sha512-7EwmXrOjyL+ChxMhmG5lnW9MPt1aIeZEwKhQzoBUdTV0N3zuwWDZYVJatDvZ2OyzPUvdIAZDsCetk3coyMfcnQ==
+
 forever-agent@~0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
@@ -3880,6 +4172,13 @@ forwarded-parse@^2.1.0:
   resolved "https://registry.yarnpkg.com/forwarded-parse/-/forwarded-parse-2.1.2.tgz#08511eddaaa2ddfd56ba11138eee7df117a09325"
   integrity sha512-alTFZZQDKMporBH77856pXgzhEzaUVmLCDk+egLgIgHst3Tpndzz8MnKe+GzRJRfvVdn69HhpW7cmXzvtLvJAw==
 
+fragment-cache@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/fragment-cache/-/fragment-cache-0.2.1.tgz#4290fad27f13e89be7f33799c6bc5a0abfff0d19"
+  integrity sha512-GMBAbW9antB8iZRHLoGw0b3HANt57diZYFO/HL1JGIC1MjKrdmhxvrJbupnVvpys0zsz7yBApXdQyfepKly2kA==
+  dependencies:
+    map-cache "^0.2.2"
+
 fresh@^0.5.2, fresh@~0.5.2:
   version "0.5.2"
   resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7"
@@ -3971,6 +4270,14 @@ get-intrinsic@^1.0.2, get-intrinsic@^1.1.0, get-intrinsic@^1.1.1:
     has "^1.0.3"
     has-symbols "^1.0.3"
 
+get-object@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/get-object/-/get-object-0.2.0.tgz#d92ff7d5190c64530cda0543dac63a3d47fe8c0c"
+  integrity sha512-7P6y6k6EzEFmO/XyUyFlXm1YLJy9xeA1x/grNV8276abX5GuwUtYgKFkRFkLixw4hf4Pz9q2vgv/8Ar42R0HuQ==
+  dependencies:
+    is-number "^2.0.2"
+    isobject "^0.2.0"
+
 get-package-type@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a"
@@ -4008,6 +4315,18 @@ get-symbol-description@^1.0.0:
     call-bind "^1.0.2"
     get-intrinsic "^1.1.1"
 
+get-value@^2.0.3, get-value@^2.0.6:
+  version "2.0.6"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-2.0.6.tgz#dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
+  integrity sha512-Ln0UQDlxH1BapMu3GPtf7CuYNwRZf2gwCuPqbyG6pB8WfmFpzqcy4xtAaAMUhnNqjMKTiCPZG2oMT3YSx8U2NA==
+
+get-value@^3.0.0, get-value@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/get-value/-/get-value-3.0.1.tgz#5efd2a157f1d6a516d7524e124ac52d0a39ef5a8"
+  integrity sha512-mKZj9JLQrwMBtj5wxi6MH8Z5eSKaERpAwjg43dPtlGI1ZVEgH/qC7T8/6R2OBSUA+zzHBZgICsVJaEIV2tKTDA==
+  dependencies:
+    isobject "^3.0.1"
+
 getpass@^0.1.1:
   version "0.1.7"
   resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
@@ -4152,6 +4471,35 @@ graceful-fs@^4.1.2, graceful-fs@^4.2.9:
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
 
+gulp-header@^1.7.1:
+  version "1.8.12"
+  resolved "https://registry.yarnpkg.com/gulp-header/-/gulp-header-1.8.12.tgz#ad306be0066599127281c4f8786660e705080a84"
+  integrity sha512-lh9HLdb53sC7XIZOYzTXM4lFuXElv3EVkSDhsd7DoJBj7hm+Ni7D3qYbb+Rr8DuM8nRanBvkVO9d7askreXGnQ==
+  dependencies:
+    concat-with-sourcemaps "*"
+    lodash.template "^4.4.0"
+    through2 "^2.0.0"
+
+handlebars-utils@^1.0.6:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/handlebars-utils/-/handlebars-utils-1.0.6.tgz#cb9db43362479054782d86ffe10f47abc76357f9"
+  integrity sha512-d5mmoQXdeEqSKMtQQZ9WkiUcO1E3tPbWxluCK9hVgIDPzQa9WsKo3Lbe/sGflTe7TomHEeZaOgwIkyIr1kfzkw==
+  dependencies:
+    kind-of "^6.0.0"
+    typeof-article "^0.1.1"
+
+handlebars@^4.7.6, handlebars@^4.7.7:
+  version "4.7.7"
+  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
+  integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
+  dependencies:
+    minimist "^1.2.5"
+    neo-async "^2.6.0"
+    source-map "^0.6.1"
+    wordwrap "^1.0.0"
+  optionalDependencies:
+    uglify-js "^3.1.4"
+
 har-schema@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
@@ -4204,6 +4552,52 @@ has-unicode@^2.0.1:
   resolved "https://registry.yarnpkg.com/has-unicode/-/has-unicode-2.0.1.tgz#e0e6fe6a28cf51138855e086d1691e771de2a8b9"
   integrity sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==
 
+has-value@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-0.3.1.tgz#7b1f58bada62ca827ec0a2078025654845995e1f"
+  integrity sha512-gpG936j8/MzaeID5Yif+577c17TxaDmhuyVgSwtnL/q8UUTySg8Mecb+8Cf1otgLoD7DDH75axp86ER7LFsf3Q==
+  dependencies:
+    get-value "^2.0.3"
+    has-values "^0.1.4"
+    isobject "^2.0.0"
+
+has-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-1.0.0.tgz#18b281da585b1c5c51def24c930ed29a0be6b177"
+  integrity sha512-IBXk4GTsLYdQ7Rvt+GRBrFSVEkmuOUy4re0Xjd9kJSUQpnTrWR4/y9RpfexN9vkAPMFuQoeWKwqzPozRTlasGw==
+  dependencies:
+    get-value "^2.0.6"
+    has-values "^1.0.0"
+    isobject "^3.0.0"
+
+has-value@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/has-value/-/has-value-2.0.2.tgz#d0f12e8780ba8e90e66ad1a21c707fdb67c25658"
+  integrity sha512-ybKOlcRsK2MqrM3Hmz/lQxXHZ6ejzSPzpNabKB45jb5qDgJvKPa3SdapTsTLwEb9WltgWpOmNax7i+DzNOk4TA==
+  dependencies:
+    get-value "^3.0.0"
+    has-values "^2.0.1"
+
+has-values@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-0.1.4.tgz#6d61de95d91dfca9b9a02089ad384bff8f62b771"
+  integrity sha512-J8S0cEdWuQbqD9//tlZxiMuMNmxB8PlEwvYwuxsTmR1G5RXUePEX/SJn7aD0GMLieuZYSwNH0cQuJGwnYunXRQ==
+
+has-values@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-1.0.0.tgz#95b0b63fec2146619a6fe57fe75628d5a39efe4f"
+  integrity sha512-ODYZC64uqzmtfGMEAX/FvZiRyWLpAC3vYnNunURUnkGVTS+mI0smVsWaPydRBsE3g+ok7h960jChO8mFcWlHaQ==
+  dependencies:
+    is-number "^3.0.0"
+    kind-of "^4.0.0"
+
+has-values@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/has-values/-/has-values-2.0.1.tgz#3876200ff86d8a8546a9264a952c17d5fc17579d"
+  integrity sha512-+QdH3jOmq9P8GfdjFg0eJudqx1FqU62NQJ4P16rOEHeRdl7ckgwn6uqQjzYE0ZoHVV/e5E2esuJ5Gl5+HUW19w==
+  dependencies:
+    kind-of "^6.0.2"
+
 has-yarn@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-2.1.0.tgz#137e11354a7b5bf11aa5cb649cf0c6f3ff2b2e77"
@@ -4216,6 +4610,16 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
+helper-md@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/helper-md/-/helper-md-0.2.2.tgz#c1f59d7e55bbae23362fd8a0e971607aec69d41f"
+  integrity sha512-49TaQzK+Ic7ZVTq4i1UZxRUJEmAilTk8hz7q4I0WNUaTclLR8ArJV5B3A1fe1xF2HtsDTr2gYKLaVTof/Lt84Q==
+  dependencies:
+    ent "^2.2.0"
+    extend-shallow "^2.0.1"
+    fs-exists-sync "^0.1.0"
+    remarkable "^1.6.2"
+
 hexoid@1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/hexoid/-/hexoid-1.0.0.tgz#ad10c6573fb907de23d9ec63a711267d9dc9bc18"
@@ -4233,6 +4637,14 @@ html-escaper@^2.0.0:
   resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
   integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==
 
+html-tag@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/html-tag/-/html-tag-2.0.0.tgz#36c3bc8d816fd30b570d5764a497a641640c2fed"
+  integrity sha512-XxzooSo6oBoxBEUazgjdXj7VwTn/iSTSZzTYKzYY6I916tkaYzypHxy+pbVU1h+0UQ9JlVf5XkNQyxOAiiQO1g==
+  dependencies:
+    is-self-closing "^1.0.1"
+    kind-of "^6.0.0"
+
 http-assert@^1.3.0:
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/http-assert/-/http-assert-1.5.0.tgz#c389ccd87ac16ed2dfa6246fd73b926aa00e6b8f"
@@ -4504,6 +4916,20 @@ ipaddr.js@^2.0.1:
   resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-2.0.1.tgz#eca256a7a877e917aeb368b0a7497ddf42ef81c0"
   integrity sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==
 
+is-accessor-descriptor@^0.1.6:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz#a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
+  integrity sha512-e1BM1qnDbMRG3ll2U9dSK0UMHuWOs3pY3AtcFsmvwPtKL3MML/Q86i+GilLfvqEs4GW+ExB91tQ3Ig9noDIZ+A==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-accessor-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz#169c2f6d3df1f992618072365c9b0ea1f6878656"
+  integrity sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==
+  dependencies:
+    kind-of "^6.0.0"
+
 is-arrayish@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
@@ -4531,7 +4957,7 @@ is-boolean-object@^1.1.0:
     call-bind "^1.0.2"
     has-tostringtag "^1.0.0"
 
-is-buffer@~1.1.6:
+is-buffer@^1.1.5, is-buffer@~1.1.6:
   version "1.1.6"
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
   integrity sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w==
@@ -4567,6 +4993,20 @@ is-core-module@^2.9.0:
   dependencies:
     has "^1.0.3"
 
+is-data-descriptor@^0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz#0b5ee648388e2c860282e793f1856fec3f301b56"
+  integrity sha512-+w9D5ulSoBNlmw9OHn3U2v51SyoCd0he+bB3xMl62oijhrspxowjU+AIcDY0N3iEJbUEkB15IlMASQsxYigvXg==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-data-descriptor@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz#d84876321d0e7add03990406abbbbd36ba9268c7"
+  integrity sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==
+  dependencies:
+    kind-of "^6.0.0"
+
 is-date-object@^1.0.1:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f"
@@ -4574,6 +5014,43 @@ is-date-object@^1.0.1:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-descriptor@^0.1.0:
+  version "0.1.6"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-0.1.6.tgz#366d8240dde487ca51823b1ab9f07a10a78251ca"
+  integrity sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==
+  dependencies:
+    is-accessor-descriptor "^0.1.6"
+    is-data-descriptor "^0.1.4"
+    kind-of "^5.0.0"
+
+is-descriptor@^1.0.0, is-descriptor@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-descriptor/-/is-descriptor-1.0.2.tgz#3b159746a66604b04f8c81524ba365c5f14d86ec"
+  integrity sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==
+  dependencies:
+    is-accessor-descriptor "^1.0.0"
+    is-data-descriptor "^1.0.0"
+    kind-of "^6.0.2"
+
+is-even@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/is-even/-/is-even-1.0.0.tgz#76b5055fbad8d294a86b6a949015e1c97b717c06"
+  integrity sha512-LEhnkAdJqic4Dbqn58A0y52IXoHWlsueqQkKfMfdEnIYG8A1sm/GHidKkS6yvXlMoRrkM34csHnXQtOqcb+Jzg==
+  dependencies:
+    is-odd "^0.1.2"
+
+is-extendable@^0.1.0, is-extendable@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89"
+  integrity sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==
+
+is-extendable@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-1.0.1.tgz#a7470f9e426733d81bd81e1155264e3a3507cab4"
+  integrity sha512-arnXMxT1hhoKo9k1LZdmlNyJdDDfy2v0fXjFlmok4+i8ul/6WlbVge9bhM74OpNPQPMGUToDtz+KXa1PneJxOA==
+  dependencies:
+    is-plain-object "^2.0.4"
+
 is-extglob@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2"
@@ -4658,6 +5135,20 @@ is-number-object@^1.0.4:
   dependencies:
     has-tostringtag "^1.0.0"
 
+is-number@^2.0.2:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-2.1.0.tgz#01fcbbb393463a548f2f466cce16dece49db908f"
+  integrity sha512-QUzH43Gfb9+5yckcrSA0VBDwEtDUchrk4F6tfJZQuNzDJbEDB9cZNzSfXGQ1jqmdDY/kl41lUOWM9syA8z8jlg==
+  dependencies:
+    kind-of "^3.0.2"
+
+is-number@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/is-number/-/is-number-3.0.0.tgz#24fd6201a4782cf50561c810276afc7d12d71195"
+  integrity sha512-4cboCqIpliH+mAvFNegjZQ4kgKc3ZUhQVr3HvWbSh5q3WH2v82ct+T2Y1hdU5Gdtorx/cLifQjqCbL7bpznLTg==
+  dependencies:
+    kind-of "^3.0.2"
+
 is-number@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b"
@@ -4668,11 +5159,25 @@ is-obj@^2.0.0:
   resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982"
   integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==
 
+is-odd@^0.1.2:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/is-odd/-/is-odd-0.1.2.tgz#bc573b5ce371ef2aad6e6f49799b72bef13978a7"
+  integrity sha512-Ri7C2K7o5IrUU9UEI8losXJCCD/UtsaIrkR5sxIcFg4xQ9cRJXlWA5DQvTE0yDc0krvSNLsRGXN11UPS6KyfBw==
+  dependencies:
+    is-number "^3.0.0"
+
 is-path-inside@^3.0.2:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283"
   integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==
 
+is-plain-object@^2.0.3, is-plain-object@^2.0.4:
+  version "2.0.4"
+  resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
+  integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
+  dependencies:
+    isobject "^3.0.1"
+
 is-regex@^1.1.4:
   version "1.1.4"
   resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.4.tgz#eef5663cd59fa4c0ae339505323df6854bb15958"
@@ -4686,6 +5191,13 @@ is-retry-allowed@^2.2.0:
   resolved "https://registry.yarnpkg.com/is-retry-allowed/-/is-retry-allowed-2.2.0.tgz#88f34cbd236e043e71b6932d09b0c65fb7b4d71d"
   integrity sha512-XVm7LOeLpTW4jV19QSH38vkswxoLud8sQ57YwJVTPWdiaI9I8keEhGFpBlslyVsgdQy4Opg8QOLb8YRgsyZiQg==
 
+is-self-closing@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-self-closing/-/is-self-closing-1.0.1.tgz#5f406b527c7b12610176320338af0fa3896416e4"
+  integrity sha512-E+60FomW7Blv5GXTlYee2KDrnG6srxF7Xt1SjrhWUGUEsTFIqY/nq2y3DaftCsgUMdh89V07IVfhY9KIJhLezg==
+  dependencies:
+    self-closing-tags "^1.0.1"
+
 is-shared-array-buffer@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79"
@@ -4738,6 +5250,11 @@ is-windows@^0.2.0:
   resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-0.2.0.tgz#de1aa6d63ea29dd248737b69f1ff8b8002d2108c"
   integrity sha512-n67eJYmXbniZB7RF4I/FTjK1s6RPOCTxhYrVYLRaCt3lF0mpWZPKr3T2LSZAqyjQsxR2qMmGYXXzK0YWwcPM1Q==
 
+is-windows@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/is-windows/-/is-windows-1.0.2.tgz#d1850eb9791ecd18e6182ce12a30f396634bb19d"
+  integrity sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==
+
 is-yarn-global@^0.3.0:
   version "0.3.0"
   resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.3.0.tgz#d502d3382590ea3004893746754c89139973e232"
@@ -4748,7 +5265,7 @@ isarray@0.0.1:
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
   integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==
 
-isarray@^1.0.0, isarray@~1.0.0:
+isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
   integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==
@@ -4758,6 +5275,23 @@ isexe@^2.0.0:
   resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isobject@^0.2.0:
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-0.2.0.tgz#a3432192f39b910b5f02cc989487836ec70aa85e"
+  integrity sha512-VaWq6XYAsbvM0wf4dyBO7WH9D7GosB7ZZlqrawI9BBiTMINBeCyqSKBa35m870MY3O4aM31pYyZi9DfGrYMJrQ==
+
+isobject@^2.0.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-2.1.0.tgz#f065561096a3f1da2ef46272f815c840d87e0c89"
+  integrity sha512-+OUdGJlgjOBZDfxnDjYYG6zp487z0JGNQq3cYQYg5f5hKR+syHMsaztzGeml/4kGG55CSpKSpWTY+jYGgsHLgA==
+  dependencies:
+    isarray "1.0.0"
+
+isobject@^3.0.0, isobject@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
+  integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==
+
 isstream@~0.1.2:
   version "0.1.2"
   resolved "https://registry.yarnpkg.com/isstream/-/isstream-0.1.2.tgz#47e63f7af55afa6f92e1500e690eb8b8529c099a"
@@ -4884,15 +5418,15 @@ jest-config@^28.1.3:
     slash "^3.0.0"
     strip-json-comments "^3.1.1"
 
-jest-diff@^26.0.0:
-  version "26.6.2"
-  resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-26.6.2.tgz#1aa7468b52c3a68d7d5c5fdcdfcd5e49bd164394"
-  integrity sha512-6m+9Z3Gv9wN0WFVasqjCL/06+EFCMTqDEUl/b87HYK2rAPTyfz4ZIuSlPhY51PIQRWx5TaxeF1qmXKe9gfN3sA==
+jest-diff@^27.5.1:
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-27.5.1.tgz#a07f5011ac9e6643cf8a95a462b7b1ecf6680def"
+  integrity sha512-m0NvkX55LDt9T4mctTEgnZk3fmEg3NRYutvMPWM/0iPnkFj2wIeF45O1718cMSOFO1vINkqmxqD8vE37uTEbqw==
   dependencies:
     chalk "^4.0.0"
-    diff-sequences "^26.6.2"
-    jest-get-type "^26.3.0"
-    pretty-format "^26.6.2"
+    diff-sequences "^27.5.1"
+    jest-get-type "^27.5.1"
+    pretty-format "^27.5.1"
 
 jest-diff@^28.1.3:
   version "28.1.3"
@@ -4934,10 +5468,10 @@ jest-environment-node@^28.1.3:
     jest-mock "^28.1.3"
     jest-util "^28.1.3"
 
-jest-get-type@^26.3.0:
-  version "26.3.0"
-  resolved "https://registry.yarnpkg.com/jest-get-type/-/jest-get-type-26.3.0.tgz#e97dc3c3f53c2b406ca7afaed4493b1d099199e0"
-  integrity sha512-TpfaviN1R2pQWkIihlfEanwOXK0zcxrKEE4MlU6Tn7keoXdN6/3gK/xl0yEh8DOunn5pOVGKf8hB4R9gVh04ig==
+jest-get-type@^27.5.1:
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/jest-get-type/-/jest-get-type-27.5.1.tgz#3cd613c507b0f7ace013df407a1c1cd578bcb4f1"
+  integrity sha512-2KY95ksYSaK7DMBWQn6dQz3kqAf3BB64y2udeG+hv4KfSOb9qwcYQstTJc1KCbsix+wLZWZYN8t7nwX3GOBLRw==
 
 jest-get-type@^28.0.2:
   version "28.0.2"
@@ -4971,6 +5505,16 @@ jest-leak-detector@^28.1.3:
     jest-get-type "^28.0.2"
     pretty-format "^28.1.3"
 
+jest-matcher-utils@^27.0.0:
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-27.5.1.tgz#9c0cdbda8245bc22d2331729d1091308b40cf8ab"
+  integrity sha512-z2uTx/T6LBaCoNWNFWwChLBKYxTMcGBRjAt+2SbP929/Fflb9aa5LGma654Rz8z9HLxsrUaYzxE9T/EFIL/PAw==
+  dependencies:
+    chalk "^4.0.0"
+    jest-diff "^27.5.1"
+    jest-get-type "^27.5.1"
+    pretty-format "^27.5.1"
+
 jest-matcher-utils@^28.1.3:
   version "28.1.3"
   resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-28.1.3.tgz#5a77f1c129dd5ba3b4d7fc20728806c78893146e"
@@ -5358,6 +5902,30 @@ keyv@^4.0.0:
     compress-brotli "^1.3.8"
     json-buffer "3.0.1"
 
+kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.1.0, kind-of@^3.2.0:
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
+  integrity sha512-NOW9QQXMoZGg/oqnVNoNTTIFEIid1627WCffUBJEdMxYApq7mNE7CpzucIPc+ZQg25Phej7IJSmX3hO+oblOtQ==
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-4.0.0.tgz#20813df3d712928b207378691a45066fae72dd57"
+  integrity sha512-24XsCxmEbRwEDbz/qz3stgin8TTzZ1ESR56OMCN0ujYg+vRutNSiOj9bHH9u85DKgXguraugV5sFuvbD4FW/hw==
+  dependencies:
+    is-buffer "^1.1.5"
+
+kind-of@^5.0.0, kind-of@^5.0.2:
+  version "5.1.0"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-5.1.0.tgz#729c91e2d857b7a419a1f9aa65685c4c33f5845d"
+  integrity sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==
+
+kind-of@^6.0.0, kind-of@^6.0.2, kind-of@^6.0.3:
+  version "6.0.3"
+  resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd"
+  integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==
+
 kleur@^3.0.3:
   version "3.0.3"
   resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e"
@@ -5442,6 +6010,13 @@ koa-static@5.0.0:
     debug "^3.1.0"
     koa-send "^5.0.0"
 
+koa-useragent@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/koa-useragent/-/koa-useragent-4.1.0.tgz#d3f128b552c6da3e5e9e9e9c887b2922b16e4468"
+  integrity sha512-x/HUDZ1zAmNNh5hA9hHbPm9p3UVg2prlpHzxCXQCzbibrNS0kmj7MkCResCbAbG7ZT6FVxNSMjR94ZGamdMwxA==
+  dependencies:
+    express-useragent "^1.0.15"
+
 koa@2.13.4, koa@^2.13.4:
   version "2.13.4"
   resolved "https://registry.yarnpkg.com/koa/-/koa-2.13.4.tgz#ee5b0cb39e0b8069c38d115139c774833d32462e"
@@ -5614,6 +6189,11 @@ locate-path@^5.0.0:
   dependencies:
     p-locate "^4.1.0"
 
+lodash._reinterpolate@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
+  integrity sha512-xYHt68QRoYGjeeM/XOE1uJtvXQAgvszfBhjV4yvsQH0u2i9I6cI6c6/eG4Hh3UAOVn0y/xAXwmTzEay49Q//HA==
+
 lodash.defaults@^4.2.0:
   version "4.2.0"
   resolved "https://registry.yarnpkg.com/lodash.defaults/-/lodash.defaults-4.2.0.tgz#d09178716ffea4dde9e5fb7b37f6f0802274580c"
@@ -5684,12 +6264,27 @@ lodash.sortby@^4.7.0:
   resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
   integrity sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==
 
+lodash.template@^4.4.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
+  integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+    lodash.templatesettings "^4.0.0"
+
+lodash.templatesettings@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/lodash.templatesettings/-/lodash.templatesettings-4.2.0.tgz#e481310f049d3cf6d47e912ad09313b154f0fb33"
+  integrity sha512-stgLz+i3Aa9mZgnjr/O+v9ruKZsPsndy7qPZOchbqk2cnTU1ZaldKK+v7m54WoKIyxiuMZTKT2H81F8BeAc3ZQ==
+  dependencies:
+    lodash._reinterpolate "^3.0.0"
+
 lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
   integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==
 
-lodash@4.17.21, lodash@^4.17.14, lodash@^4.17.19, lodash@^4.17.21:
+lodash@4.17.21, lodash@^4.17.14, lodash@^4.17.19, lodash@^4.17.20, lodash@^4.17.21:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
@@ -5768,6 +6363,18 @@ makeerror@1.0.12:
   dependencies:
     tmpl "1.0.5"
 
+map-cache@^0.2.2:
+  version "0.2.2"
+  resolved "https://registry.yarnpkg.com/map-cache/-/map-cache-0.2.2.tgz#c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"
+  integrity sha512-8y/eV9QQZCiyn1SprXSrCmqJN0yNRATe+PO8ztwqrvrbdRLA3eYJF0yaR0YayLWkMbsQSKWS9N2gPcGEc4UsZg==
+
+map-visit@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/map-visit/-/map-visit-1.0.0.tgz#ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"
+  integrity sha512-4y7uGv8bd2WdM9vpQsiQNo41Ln1NvhvDRuVt0k2JZQ+ezN2uaQes7lZeZ+QQUHOLQAtDaBJ+7wCbi+ab/KFs+w==
+  dependencies:
+    object-visit "^1.0.0"
+
 mapcap@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/mapcap/-/mapcap-1.0.0.tgz#e8e29d04a160eaf8c92ec4bcbd2c5d07ed037e5a"
@@ -5824,6 +6431,11 @@ memdown@1.4.1:
     ltgt "~2.2.0"
     safe-buffer "~5.1.1"
 
+memorystream@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/memorystream/-/memorystream-0.3.1.tgz#86d7090b30ce455d63fbae12dda51a47ddcaf9b2"
+  integrity sha512-S3UwM3yj5mtUSEfP41UZmt/0SCoVYUcU1rkXv+BQ5Ig8ndL4sPoJNBUJERafdPb5jjHJGuMgytgKvKIf58XNBw==
+
 merge-descriptors@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.1.tgz#b00aaa556dd8b44568150ec9d1b953f3f90cbb61"
@@ -5844,6 +6456,25 @@ methods@^1.1.2:
   resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee"
   integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
 
+micromatch@^3.1.5:
+  version "3.1.10"
+  resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"
+  integrity sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    braces "^2.3.1"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    extglob "^2.0.4"
+    fragment-cache "^0.2.1"
+    kind-of "^6.0.2"
+    nanomatch "^1.2.9"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.2"
+
 micromatch@^4.0.4:
   version "4.0.5"
   resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6"
@@ -5901,6 +6532,11 @@ minimist@^1.2.0, minimist@^1.2.6:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
   integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
+minimist@^1.2.5:
+  version "1.2.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c"
+  integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
+
 minipass@^3.0.0:
   version "3.1.6"
   resolved "https://registry.yarnpkg.com/minipass/-/minipass-3.1.6.tgz#3b8150aa688a711a1521af5e8779c1d3bb4f45ee"
@@ -5916,6 +6552,14 @@ minizlib@^2.1.1:
     minipass "^3.0.0"
     yallist "^4.0.0"
 
+mixin-deep@^1.2.0:
+  version "1.3.2"
+  resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
+  integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==
+  dependencies:
+    for-in "^1.0.2"
+    is-extendable "^1.0.1"
+
 mkdirp-classic@^0.5.2:
   version "0.5.3"
   resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113"
@@ -5948,6 +6592,11 @@ mri@1.1.4:
   resolved "https://registry.yarnpkg.com/mri/-/mri-1.1.4.tgz#7cb1dd1b9b40905f1fac053abe25b6720f44744a"
   integrity sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==
 
+ms@2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
+  integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==
+
 ms@2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
@@ -5989,6 +6638,23 @@ nan@^2.15.0, nan@^2.16.0:
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.17.0.tgz#c0150a2368a182f033e9aa5195ec76ea41a199cb"
   integrity sha512-2ZTgtl0nJsO0KQCjEpxcIr5D+Yv90plTitZt9JBfQvVJDS5seMl3FOvsh3+9CoYWXf/1l5OaZzzF6nDm4cagaQ==
 
+nanomatch@^1.2.9:
+  version "1.2.13"
+  resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119"
+  integrity sha512-fpoe2T0RbHwBTBUOftAfBPaDEi06ufaUai0mE6Yn1kacc3SnTErfb/h+X94VXzI64rKFHYImXSvdwGGCmwOqCA==
+  dependencies:
+    arr-diff "^4.0.0"
+    array-unique "^0.3.2"
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    fragment-cache "^0.2.1"
+    is-windows "^1.0.2"
+    kind-of "^6.0.2"
+    object.pick "^1.3.0"
+    regex-not "^1.0.0"
+    snapdragon "^0.8.1"
+    to-regex "^3.0.1"
+
 napi-macros@~2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/napi-macros/-/napi-macros-2.0.0.tgz#2b6bae421e7b96eb687aa6c77a7858640670001b"
@@ -6014,6 +6680,11 @@ negotiator@0.6.3:
   resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
   integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
 
+neo-async@^2.6.0:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
+  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
+
 next-line@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/next-line/-/next-line-1.1.0.tgz#fcae57853052b6a9bae8208e40dd7d3c2d304603"
@@ -6197,6 +6868,15 @@ object-assign@^4.1.1:
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
 
+object-copy@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
+  integrity sha512-79LYn6VAb63zgtmAteVOWo9Vdj71ZVBy3Pbse+VqxDpEP83XuujMrGqHIwAXJ5I/aM0zU7dIyIAhifVTPrNItQ==
+  dependencies:
+    copy-descriptor "^0.1.0"
+    define-property "^0.2.5"
+    kind-of "^3.0.3"
+
 object-filter-sequence@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/object-filter-sequence/-/object-filter-sequence-1.0.0.tgz#10bb05402fff100082b80d7e83991b10db411692"
@@ -6219,6 +6899,13 @@ object-keys@^1.1.1:
   resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e"
   integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==
 
+object-visit@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/object-visit/-/object-visit-1.0.1.tgz#f79c4493af0c5377b59fe39d395e41042dd045bb"
+  integrity sha512-GBaMwwAVK9qbQN3Scdo0OyvgPW7l3lnaVMj84uTOZlswkX0KpF6fyDBJhtTthf7pymztoN36/KEr1DyhF96zEA==
+  dependencies:
+    isobject "^3.0.0"
+
 object.assign@^4.1.2:
   version "4.1.4"
   resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f"
@@ -6238,6 +6925,13 @@ object.entries@^1.0.4, object.entries@^1.1.0:
     define-properties "^1.1.3"
     es-abstract "^1.19.1"
 
+object.pick@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/object.pick/-/object.pick-1.3.0.tgz#87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
+  integrity sha512-tqa/UMy/CCoYmj+H5qc07qvSL9dqcs/WZENZ1JbtWBlATP+iVOe778gE6MSijnyCnORzDuX6hU+LA4SZ09YjFQ==
+  dependencies:
+    isobject "^3.0.1"
+
 on-finished@^2.3.0:
   version "2.4.1"
   resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.4.1.tgz#58c8c44116e54845ad57f14ab10b03533184ac3f"
@@ -6393,6 +7087,11 @@ parseurl@^1.3.2, parseurl@^1.3.3:
   resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
   integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
 
+pascalcase@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/pascalcase/-/pascalcase-0.1.1.tgz#b363e55e8006ca6fe21784d2db22bd15d7917f14"
+  integrity sha512-XHXfu/yOQRy9vYOtUDVMN60OEJjW013GoObG1o+xwQTpB9eYJX/BjXMsdW13ZDPruFhYYn0AG22w0xgQMwl3Nw==
+
 passport-google-oauth1@1.x.x:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/passport-google-oauth1/-/passport-google-oauth1-1.0.0.tgz#af74a803df51ec646f66a44d82282be6f108e0cc"
@@ -6597,6 +7296,11 @@ pkg-dir@^4.2.0:
   dependencies:
     find-up "^4.0.0"
 
+posix-character-classes@^0.1.0:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/posix-character-classes/-/posix-character-classes-0.1.1.tgz#01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
+  integrity sha512-xTgYBc3fuo7Yt7JbiuFxSYGToMoz8fLoE6TC9Wx1P/u+LfeThMOAqmuyECnlBaaJb+u1m9hHiXUEtwW4OzfUJg==
+
 posthog-node@1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/posthog-node/-/posthog-node-1.3.0.tgz#804ed2f213a2f05253f798bf9569d55a9cad94f7"
@@ -6768,19 +7472,6 @@ pouchdb-promise@6.4.3, pouchdb-promise@^6.0.4:
   dependencies:
     lie "3.1.1"
 
-pouchdb-replication-stream@1.2.9:
-  version "1.2.9"
-  resolved "https://registry.yarnpkg.com/pouchdb-replication-stream/-/pouchdb-replication-stream-1.2.9.tgz#aa4fa5d8f52df4825392f18e07c7e11acffc650a"
-  integrity sha512-hM8XRBfamTTUwRhKwLS/jSNouBhn9R/4ugdHNRD1EvJzwV8iImh6sDYbCU9PGuznjyOjXz6vpFRzKeI2KYfwnQ==
-  dependencies:
-    argsarray "0.0.1"
-    inherits "^2.0.3"
-    lodash.pick "^4.0.0"
-    ndjson "^1.4.3"
-    pouch-stream "^0.4.0"
-    pouchdb-promise "^6.0.4"
-    through2 "^2.0.0"
-
 pouchdb-selector-core@7.2.2:
   version "7.2.2"
   resolved "https://registry.yarnpkg.com/pouchdb-selector-core/-/pouchdb-selector-core-7.2.2.tgz#264d7436a8c8ac3801f39960e79875ef7f3879a0"
@@ -6844,14 +7535,13 @@ prettier@2.3.1:
   resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.3.1.tgz#76903c3f8c4449bc9ac597acefa24dc5ad4cbea6"
   integrity sha512-p+vNbgpLjif/+D+DwAZAbndtRrR0md0MwfmOVN9N+2RgyACMT+7tfaRnT+WDPkqnuVwleyuBIG2XBxKDme3hPA==
 
-pretty-format@^26.0.0, pretty-format@^26.6.2:
-  version "26.6.2"
-  resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-26.6.2.tgz#e35c2705f14cb7fe2fe94fa078345b444120fc93"
-  integrity sha512-7AeGuCYNGmycyQbCqd/3PWH4eOoX/OiCa0uphp57NVTeAGdJGaAliecxwBDHYQCIvrW7aDBZCYeNTP/WX69mkg==
+pretty-format@^27.0.0, pretty-format@^27.5.1:
+  version "27.5.1"
+  resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-27.5.1.tgz#2181879fdea51a7a5851fb39d920faa63f01d88e"
+  integrity sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==
   dependencies:
-    "@jest/types" "^26.6.2"
-    ansi-regex "^5.0.0"
-    ansi-styles "^4.0.0"
+    ansi-regex "^5.0.1"
+    ansi-styles "^5.0.0"
     react-is "^17.0.1"
 
 pretty-format@^28.1.3:
@@ -7147,6 +7837,14 @@ regenerator-runtime@^0.13.4:
   resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz#8925742a98ffd90814988d7566ad30ca3b263b52"
   integrity sha512-p3VT+cOEgxFsRRA9X4lkI1E+k2/CtnKtU4gcxyaCUreilL/vqI6CdZ3wxVUx3UOUg+gnUOQQcRI7BmSI656MYA==
 
+regex-not@^1.0.0, regex-not@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/regex-not/-/regex-not-1.0.2.tgz#1f4ece27e00b0b65e0247a6810e6a85d83a5752c"
+  integrity sha512-J6SDjUgDxQj5NusnOtdFxDwN/+HWykR8GELwctJ7mdqhcyy1xEc4SRFHUXvxTp661YaVKAjfRLZ9cCqS6tn32A==
+  dependencies:
+    extend-shallow "^3.0.2"
+    safe-regex "^1.1.0"
+
 regexp.prototype.flags@^1.4.3:
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz#87cab30f80f66660181a3bb7bf5981a872b367ac"
@@ -7180,11 +7878,36 @@ relative-microtime@^2.0.0:
   resolved "https://registry.yarnpkg.com/relative-microtime/-/relative-microtime-2.0.0.tgz#cceed2af095ecd72ea32011279c79e5fcc7de29b"
   integrity sha512-l18ha6HEZc+No/uK4GyAnNxgKW7nvEe35IaeN54sShMojtqik2a6GbTyuiezkjpPaqP874Z3lW5ysBo5irz4NA==
 
+relative@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/relative/-/relative-3.0.2.tgz#0dcd8ec54a5d35a3c15e104503d65375b5a5367f"
+  integrity sha512-Q5W2qeYtY9GbiR8z1yHNZ1DGhyjb4AnLEjt8iE6XfcC1QIu+FAtj3HQaO0wH28H1mX6cqNLvAqWhP402dxJGyA==
+  dependencies:
+    isobject "^2.0.0"
+
+remarkable@^1.6.2:
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/remarkable/-/remarkable-1.7.4.tgz#19073cb960398c87a7d6546eaa5e50d2022fcd00"
+  integrity sha512-e6NKUXgX95whv7IgddywbeN/ItCkWbISmc2DiqHJb0wTrqZIexqdco5b8Z3XZoo/48IdNVKM9ZCvTPJ4F5uvhg==
+  dependencies:
+    argparse "^1.0.10"
+    autolinker "~0.28.0"
+
 remove-trailing-slash@^0.1.1:
   version "0.1.1"
   resolved "https://registry.yarnpkg.com/remove-trailing-slash/-/remove-trailing-slash-0.1.1.tgz#be2285a59f39c74d1bce4f825950061915e3780d"
   integrity sha512-o4S4Qh6L2jpnCy83ysZDau+VORNvnFw07CKSAymkd6ICNVEPisMyzlc00KlvvicsxKck94SEwhDnMNdICzO+tA==
 
+repeat-element@^1.1.2:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/repeat-element/-/repeat-element-1.1.4.tgz#be681520847ab58c7568ac75fbfad28ed42d39e9"
+  integrity sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==
+
+repeat-string@^1.6.1:
+  version "1.6.1"
+  resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637"
+  integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==
+
 request@^2.88.0:
   version "2.88.2"
   resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
@@ -7268,6 +7991,11 @@ resolve-path@^1.4.0:
     http-errors "~1.6.2"
     path-is-absolute "1.0.1"
 
+resolve-url@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/resolve-url/-/resolve-url-0.2.1.tgz#2c637fe77c893afd2a663fe21aa9080068e2052a"
+  integrity sha512-ZuF55hVUQaaczgOIwqWzkEcEidmlD/xl44x1UZnhOXcYuFN2S6+rcxpG+C1N3So0wvNI3DmJICUFfu2SxhBmvg==
+
 resolve.exports@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/resolve.exports/-/resolve.exports-1.1.0.tgz#5ce842b94b05146c0e03076985d1d0e7e48c90c9"
@@ -7313,6 +8041,11 @@ restore-cursor@^3.1.0:
     onetime "^5.1.0"
     signal-exit "^3.0.2"
 
+ret@~0.1.10:
+  version "0.1.15"
+  resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc"
+  integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==
+
 retry@^0.10.1:
   version "0.10.1"
   resolved "https://registry.yarnpkg.com/retry/-/retry-0.10.1.tgz#e76388d217992c252750241d3d3956fed98d8ff4"
@@ -7383,6 +8116,13 @@ safe-buffer@5.2.1, safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.2.0:
   resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
+safe-regex@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-1.1.0.tgz#40a3669f3b077d1e943d44629e157dd48023bf2e"
+  integrity sha512-aJXcif4xnaNUzvUuC5gcb46oTS7zvg4jpMTnuqtrEPlR3vFr4pxtdTwaF1Qs3Enjn9HK+ZlwQui+a7z0SywIzg==
+  dependencies:
+    ret "~0.1.10"
+
 "safer-buffer@>= 2.1.2 < 3", safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
@@ -7403,6 +8143,11 @@ sax@>=0.1.1, sax@>=0.6.0:
   resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9"
   integrity sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==
 
+self-closing-tags@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/self-closing-tags/-/self-closing-tags-1.0.1.tgz#6c5fa497994bb826b484216916371accee490a5d"
+  integrity sha512-7t6hNbYMxM+VHXTgJmxwgZgLGktuXtVVD5AivWzNTdJBM4DBjnDKDzkf2SrNjihaArpeJYNjxkELBu1evI4lQA==
+
 semver-compare@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc"
@@ -7461,6 +8206,16 @@ set-cookie-serde@^1.0.0:
   resolved "https://registry.yarnpkg.com/set-cookie-serde/-/set-cookie-serde-1.0.0.tgz#bcf9c260ed2212ac4005a53eacbaaa37c07ac452"
   integrity sha512-Vq8e5GsupfJ7okHIvEPcfs5neCo7MZ1ZuWrO3sllYi3DOWt6bSSCpADzqXjz3k0fXehnoFIrmmhty9IN6U6BXQ==
 
+set-value@^2.0.0, set-value@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
+  integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
+  dependencies:
+    extend-shallow "^2.0.1"
+    is-extendable "^0.1.1"
+    is-plain-object "^2.0.3"
+    split-string "^3.0.1"
+
 setprototypeof@1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656"
@@ -7538,6 +8293,36 @@ slice-ansi@^2.1.0:
     astral-regex "^1.0.0"
     is-fullwidth-code-point "^2.0.0"
 
+snapdragon-node@^2.0.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b"
+  integrity sha512-O27l4xaMYt/RSQ5TR3vpWCAB5Kb/czIcqUFOM/C4fYcLnbZUc1PkjTAMjof2pBWaSTwOUd6qUHcFGVGj7aIwnw==
+  dependencies:
+    define-property "^1.0.0"
+    isobject "^3.0.0"
+    snapdragon-util "^3.0.1"
+
+snapdragon-util@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/snapdragon-util/-/snapdragon-util-3.0.1.tgz#f956479486f2acd79700693f6f7b805e45ab56e2"
+  integrity sha512-mbKkMdQKsjX4BAL4bRYTj21edOf8cN7XHdYUJEe+Zn99hVEYcMvKPct1IqNe7+AZPirn8BCDOQBHQZknqmKlZQ==
+  dependencies:
+    kind-of "^3.2.0"
+
+snapdragon@^0.8.1:
+  version "0.8.2"
+  resolved "https://registry.yarnpkg.com/snapdragon/-/snapdragon-0.8.2.tgz#64922e7c565b0e14204ba1aa7d6964278d25182d"
+  integrity sha512-FtyOnWN/wCHTVXOMwvSv26d+ko5vWlIDD6zoUJ7LW8vh+ZBC8QdljveRP+crNrtBwioEUWy/4dMtbBjA4ioNlg==
+  dependencies:
+    base "^0.11.1"
+    debug "^2.2.0"
+    define-property "^0.2.5"
+    extend-shallow "^2.0.1"
+    map-cache "^0.2.2"
+    source-map "^0.5.6"
+    source-map-resolve "^0.5.0"
+    use "^3.1.0"
+
 sonic-boom@^1.0.2:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/sonic-boom/-/sonic-boom-1.4.1.tgz#d35d6a74076624f12e6f917ade7b9d75e918f53e"
@@ -7546,6 +8331,17 @@ sonic-boom@^1.0.2:
     atomic-sleep "^1.0.0"
     flatstr "^1.0.12"
 
+source-map-resolve@^0.5.0:
+  version "0.5.3"
+  resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.3.tgz#190866bece7553e1f8f267a2ee82c606b5509a1a"
+  integrity sha512-Htz+RnsXWk5+P2slx5Jh3Q66vhQj1Cllm0zvnaY98+NFx+Dv2CF/f5O/t8x+KaNdrdIAsruNzoh/KpialbqAnw==
+  dependencies:
+    atob "^2.1.2"
+    decode-uri-component "^0.2.0"
+    resolve-url "^0.2.1"
+    source-map-url "^0.4.0"
+    urix "^0.1.0"
+
 source-map-support@0.5.13:
   version "0.5.13"
   resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.13.tgz#31b24a9c2e73c2de85066c0feb7d44767ed52932"
@@ -7554,6 +8350,11 @@ source-map-support@0.5.13:
     buffer-from "^1.0.0"
     source-map "^0.6.0"
 
+source-map-url@^0.4.0:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/source-map-url/-/source-map-url-0.4.1.tgz#0af66605a745a5a2f91cf1bbf8a7afbc283dec56"
+  integrity sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==
+
 source-map@^0.4.2:
   version "0.4.4"
   resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.4.4.tgz#eba4f5da9c0dc999de68032d8b4f76173652036b"
@@ -7561,6 +8362,11 @@ source-map@^0.4.2:
   dependencies:
     amdefine ">=0.0.4"
 
+source-map@^0.5.6, source-map@~0.5.0:
+  version "0.5.7"
+  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
+  integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==
+
 source-map@^0.6.0, source-map@^0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
@@ -7578,11 +8384,6 @@ source-map@^0.8.0-beta.0:
   dependencies:
     whatwg-url "^7.0.0"
 
-source-map@~0.5.0:
-  version "0.5.7"
-  resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
-  integrity sha512-LbrmJOMUSdEVxIKvdcJzQC+nQhe8FUZQTXQy6+I75skNgn3OoQ0DZA8YnFa7gp8tqtL3KPf1kmo0R5DoApeSGQ==
-
 spark-md5@3.0.1:
   version "3.0.1"
   resolved "https://registry.yarnpkg.com/spark-md5/-/spark-md5-3.0.1.tgz#83a0e255734f2ab4e5c466e5a2cfc9ba2aa2124d"
@@ -7598,6 +8399,13 @@ split-ca@^1.0.1:
   resolved "https://registry.yarnpkg.com/split-ca/-/split-ca-1.0.1.tgz#6c83aff3692fa61256e0cd197e05e9de157691a6"
   integrity sha512-Q5thBSxp5t8WPTTJQS59LrGqOZqOsrhDGDVm8azCqIBjSBd7nd9o2PM+mDulQQkh8h//4U6hFZnc/mul8t5pWQ==
 
+split-string@^3.0.1, split-string@^3.0.2:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2"
+  integrity sha512-NzNVhJDYpwceVVii8/Hu6DKfD2G+NrQHlS/V/qgv763EYudVwEcMQNxd2lh+0VrUByXN/oJkl5grOhYWvQUYiw==
+  dependencies:
+    extend-shallow "^3.0.0"
+
 split2@^2.1.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/split2/-/split2-2.2.0.tgz#186b2575bcf83e85b7d18465756238ee4ee42493"
@@ -7677,6 +8485,14 @@ standard-as-callback@^2.1.0:
   resolved "https://registry.yarnpkg.com/standard-as-callback/-/standard-as-callback-2.1.0.tgz#8953fc05359868a77b5b9739a665c5977bb7df45"
   integrity sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==
 
+static-extend@^0.1.1:
+  version "0.1.2"
+  resolved "https://registry.yarnpkg.com/static-extend/-/static-extend-0.1.2.tgz#60809c39cbff55337226fd5e0b520f341f1fb5c6"
+  integrity sha512-72E9+uLc27Mt718pMHt9VMNiAL4LMsmDbBva8mxWUCkT07fSzEGMYUCk0XWY6lp0j6RBAG4cJ3mWuZv2OE3s0g==
+  dependencies:
+    define-property "^0.2.5"
+    object-copy "^0.1.0"
+
 statuses@2.0.1, statuses@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63"
@@ -7813,6 +8629,11 @@ strip-json-comments@~2.0.1:
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
   integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==
 
+striptags@^3.1.1:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/striptags/-/striptags-3.2.0.tgz#cc74a137db2de8b0b9a370006334161f7dd67052"
+  integrity sha512-g45ZOGzHDMe2bdYMdIvdAfCQkCTDMGBazSw1ypMowwGIee7ZQ5dU0rBJ8Jqgl+jAKIv4dbeE1jscZq9wid1Tkw==
+
 sublevel-pouchdb@7.2.2:
   version "7.2.2"
   resolved "https://registry.yarnpkg.com/sublevel-pouchdb/-/sublevel-pouchdb-7.2.2.tgz#49e46cd37883bf7ff5006d7c5b9bcc7bcc1f422f"
@@ -8022,11 +8843,31 @@ to-fast-properties@^2.0.0:
   resolved "https://registry.yarnpkg.com/to-fast-properties/-/to-fast-properties-2.0.0.tgz#dc5e698cbd079265bc73e0377681a4e4e83f616e"
   integrity sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=
 
+to-gfm-code-block@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/to-gfm-code-block/-/to-gfm-code-block-0.1.1.tgz#25d045a5fae553189e9637b590900da732d8aa82"
+  integrity sha512-LQRZWyn8d5amUKnfR9A9Uu7x9ss7Re8peuWR2gkh1E+ildOfv2aF26JpuDg8JtvCduu5+hOrMIH+XstZtnagqg==
+
+to-object-path@^0.3.0:
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/to-object-path/-/to-object-path-0.3.0.tgz#297588b7b0e7e0ac08e04e672f85c1f4999e17af"
+  integrity sha512-9mWHdnGRuh3onocaHzukyvCZhzvr6tiflAy/JRFXcJX0TjgfWA9pk9t8CMbzmBE4Jfw58pXbkngtBtqYxzNEyg==
+  dependencies:
+    kind-of "^3.0.2"
+
 to-readable-stream@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/to-readable-stream/-/to-readable-stream-1.0.0.tgz#ce0aa0c2f3df6adf852efb404a783e77c0475771"
   integrity sha512-Iq25XBt6zD5npPhlLVXGFN3/gyR2/qODcKNNyTMd4vbm39HUaOiAM4PMq0eMVC/Tkxz+Zjdsc55g9yyz+Yq00Q==
 
+to-regex-range@^2.1.0:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-2.1.1.tgz#7c80c17b9dfebe599e27367e0d4dd5590141db38"
+  integrity sha512-ZZWNfCjUokXXDGXFpZehJIkZqq91BcULFq/Pi7M5i4JnxXdhMKAK682z8bCW3o8Hj1wuuzoKcW3DfVzaP6VuNg==
+  dependencies:
+    is-number "^3.0.0"
+    repeat-string "^1.6.1"
+
 to-regex-range@^5.0.1:
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4"
@@ -8034,6 +8875,16 @@ to-regex-range@^5.0.1:
   dependencies:
     is-number "^7.0.0"
 
+to-regex@^3.0.1, to-regex@^3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/to-regex/-/to-regex-3.0.2.tgz#13cfdd9b336552f30b51f33a8ae1b42a7a7599ce"
+  integrity sha512-FWtleNAtZ/Ki2qtqej2CXTOayOH9bHDQF+Q48VpWyDXjbYxA4Yz8iDB31zXOBUlOHHKidDbqGVrTUvQMPmBGBw==
+  dependencies:
+    define-property "^2.0.2"
+    extend-shallow "^3.0.2"
+    regex-not "^1.0.2"
+    safe-regex "^1.1.0"
+
 to-source-code@^1.0.0:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/to-source-code/-/to-source-code-1.0.2.tgz#dd136bdb1e1dbd80bbeacf088992678e9070bfea"
@@ -8215,11 +9066,23 @@ typedarray-to-buffer@^3.1.5:
   dependencies:
     is-typedarray "^1.0.0"
 
+typeof-article@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/typeof-article/-/typeof-article-0.1.1.tgz#9f07e733c3fbb646ffa9e61c08debacd460e06af"
+  integrity sha512-Vn42zdX3FhmUrzEmitX3iYyLb+Umwpmv8fkZRIknYh84lmdrwqZA5xYaoKiIj2Rc5i/5wcDrpUmZcbk1U51vTw==
+  dependencies:
+    kind-of "^3.1.0"
+
 typescript@4.7.3:
   version "4.7.3"
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.7.3.tgz#8364b502d5257b540f9de4c40be84c98e23a129d"
   integrity sha512-WOkT3XYvrpXx4vMMqlD+8R8R37fZkjyLGlxavMc4iB8lrl8L0DeTcHbYgw/v0N/z9wAFsgBhcsF0ruoySS22mA==
 
+uglify-js@^3.1.4:
+  version "3.17.4"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.17.4.tgz#61678cf5fa3f5b7eb789bb345df29afb8257c22c"
+  integrity sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==
+
 uid2@0.0.x:
   version "0.0.4"
   resolved "https://registry.yarnpkg.com/uid2/-/uid2-0.0.4.tgz#033f3b1d5d32505f5ce5f888b9f3b667123c0a44"
@@ -8253,6 +9116,16 @@ unicode-substring@^0.1.0:
   resolved "https://registry.yarnpkg.com/unicode-substring/-/unicode-substring-0.1.0.tgz#6120ce3c390385dbcd0f60c32b9065c4181d4b36"
   integrity sha512-36Xaw9wXi7MB/3/EQZZHkZyyiRNa9i3k9YtPAz2KfqMVH2xutdXyMHn4Igarmnvr+wOrfWa/6njhY+jPpXN2EQ==
 
+union-value@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
+  integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==
+  dependencies:
+    arr-union "^3.1.0"
+    get-value "^2.0.6"
+    is-extendable "^0.1.1"
+    set-value "^2.0.1"
+
 unique-string@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-2.0.0.tgz#39c6451f81afb2749de2b233e3f7c5e8843bd89d"
@@ -8275,6 +9148,14 @@ unpipe@1.0.0:
   resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"
   integrity sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=
 
+unset-value@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/unset-value/-/unset-value-1.0.0.tgz#8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"
+  integrity sha512-PcA2tsuGSF9cnySLHTLSh2qrQiJ70mn+r+Glzxv2TWZblxsxCC52BDlZoPCsz7STd9pN7EZetkWZBAvk4cgZdQ==
+  dependencies:
+    has-value "^0.3.1"
+    isobject "^3.0.0"
+
 untildify@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/untildify/-/untildify-4.0.0.tgz#2bc947b953652487e4600949fb091e3ae8cd919b"
@@ -8325,6 +9206,11 @@ urijs@^1.19.2:
   resolved "https://registry.yarnpkg.com/urijs/-/urijs-1.19.11.tgz#204b0d6b605ae80bea54bea39280cdb7c9f923cc"
   integrity sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==
 
+urix@^0.1.0:
+  version "0.1.0"
+  resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72"
+  integrity sha512-Am1ousAhSLBeB9cG/7k7r2R0zj50uDRlZHPGbazid5s9rlF1F/QKYObEKSIunSjIOkJZqwRRLpvewjEkM7pSqg==
+
 url-parse-lax@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/url-parse-lax/-/url-parse-lax-3.0.0.tgz#16b5cafc07dbe3676c1b1999177823d6503acb0c"
@@ -8348,6 +9234,11 @@ url@0.10.3:
     punycode "1.3.2"
     querystring "0.2.0"
 
+use@^3.1.0:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/use/-/use-3.1.1.tgz#d50c8cac79a19fbc20f2911f56eb973f4e10070f"
+  integrity sha512-cwESVXlO3url9YWlFW/TA9cshCEhtu7IKJ/p5soJ/gGpj7vbvFrAY/eIioQ6Dw23KjZhYgiIo8HOs1nQ2vr/oQ==
+
 util-deprecate@^1.0.1, util-deprecate@~1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"
@@ -8411,6 +9302,14 @@ verror@1.10.0:
     core-util-is "1.0.2"
     extsprintf "^1.2.0"
 
+vm2@^3.9.4:
+  version "3.9.14"
+  resolved "https://registry.yarnpkg.com/vm2/-/vm2-3.9.14.tgz#964042b474cf1e6e4f475a39144773cdb9deb734"
+  integrity sha512-HgvPHYHeQy8+QhzlFryvSteA4uQLBCOub02mgqdR+0bN/akRZ48TGB1v0aCv7ksyc0HXx16AZtMHKS38alc6TA==
+  dependencies:
+    acorn "^8.7.0"
+    acorn-walk "^8.2.0"
+
 vuvuzela@1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/vuvuzela/-/vuvuzela-1.0.3.tgz#3be145e58271c73ca55279dd851f12a682114b0b"
@@ -8502,6 +9401,11 @@ word-wrap@~1.2.3:
   resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
   integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
 
+wordwrap@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
+  integrity sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==
+
 wrap-ansi@^7.0.0:
   version "7.0.0"
   resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
@@ -8634,6 +9538,11 @@ yargs@^17.3.1:
     y18n "^5.0.5"
     yargs-parser "^21.1.1"
 
+year@^0.2.1:
+  version "0.2.1"
+  resolved "https://registry.yarnpkg.com/year/-/year-0.2.1.tgz#4083ae520a318b23ec86037f3000cb892bdf9bb0"
+  integrity sha512-9GnJUZ0QM4OgXuOzsKNzTJ5EOkums1Xc+3YQXp+Q+UxFjf7zLucp9dQ8QMIft0Szs1E1hUiXFim1OYfEKFq97w==
+
 ylru@^1.2.0:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/ylru/-/ylru-1.3.2.tgz#0de48017473275a4cbdfc83a1eaf67c01af8a785"
diff --git a/qa-core/.gitignore b/qa-core/.gitignore
index e82880bc81..08660a00a8 100644
--- a/qa-core/.gitignore
+++ b/qa-core/.gitignore
@@ -1,4 +1,5 @@
 node_modules/
 .env
 watchtower-hook.json
-dist/
\ No newline at end of file
+dist/
+.testReport.json
diff --git a/qa-core/package.json b/qa-core/package.json
index 8508361566..15246af294 100644
--- a/qa-core/package.json
+++ b/qa-core/package.json
@@ -12,6 +12,8 @@
     "test": "env-cmd jest --runInBand",
     "test:watch": "env-cmd jest --watch",
     "test:debug": "DEBUG=1 jest",
+    "test:notify": "node scripts/testResultsWebhook",
+    "test:ci": "jest --runInBand --json --outputFile=testResults.json",
     "docker:up": "docker-compose up -d",
     "docker:down": "docker-compose down",
     "api:server:setup": "npm run docker:up && env-cmd ts-node ../packages/builder/ts/setup.ts",
@@ -36,7 +38,7 @@
     ]
   },
   "devDependencies": {
-    "@budibase/types": "1.3.4",
+    "@budibase/types": "^2.3.17",
     "@types/jest": "29.0.0",
     "@types/node-fetch": "2.6.2",
     "chance": "1.1.8",
@@ -51,8 +53,8 @@
     "typescript": "4.7.3"
   },
   "dependencies": {
-    "@budibase/backend-core": "^2.0.5",
+    "@budibase/backend-core": "^2.3.17",
     "form-data": "^4.0.0",
     "node-fetch": "2"
   }
-}
\ No newline at end of file
+}
diff --git a/packages/builder/scripts/cypressResultsWebhook.js b/qa-core/scripts/testResultsWebhook.js
similarity index 70%
rename from packages/builder/scripts/cypressResultsWebhook.js
rename to qa-core/scripts/testResultsWebhook.js
index 4de4c01cc7..fc00bf34ad 100644
--- a/packages/builder/scripts/cypressResultsWebhook.js
+++ b/qa-core/scripts/testResultsWebhook.js
@@ -4,37 +4,30 @@ const fetch = require("node-fetch")
 const path = require("path")
 const fs = require("fs")
 
-const WEBHOOK_URL = process.env.CYPRESS_WEBHOOK_URL
-const DASHBOARD_URL = process.env.CYPRESS_DASHBOARD_URL
+const WEBHOOK_URL = process.env.WEBHOOK_URL
 const GIT_SHA = process.env.GITHUB_SHA
 const GITHUB_ACTIONS_RUN_URL = process.env.GITHUB_ACTIONS_RUN_URL
 
 async function generateReport() {
   // read the report file
-  const REPORT_PATH = path.resolve(
-    __dirname,
-    "..",
-    "cypress",
-    "reports",
-    "testReport.json"
-  )
+  const REPORT_PATH = path.resolve(__dirname, "..", "testReport.json")
   const report = fs.readFileSync(REPORT_PATH, "utf-8")
   return JSON.parse(report)
 }
 
-async function discordCypressResultsNotification(report) {
+async function discordResultsNotification(report) {
   const {
-    suites,
-    tests,
-    passes,
-    pending,
-    failures,
-    duration,
-    passPercent,
-    skipped,
-  } = report.stats
+    numTotalTestSuites,
+    numTotalTests,
+    numPassedTests,
+    numPendingTests,
+    numFailedTests,
+    success,
+    startTime,
+    endTime,
+  } = report
 
-  const OUTCOME = failures > 0 ? "failure" : "success"
+  const OUTCOME = success ? "success" : "failure"
 
   const options = {
     method: "POST",
@@ -68,51 +61,51 @@ async function discordCypressResultsNotification(report) {
               name: "Commit",
               value: `https://github.com/Budibase/budibase/commit/${GIT_SHA}`,
             },
-            {
-              name: "Cypress Dashboard URL",
-              value: DASHBOARD_URL || "None Supplied",
-            },
             {
               name: "Github Actions Run URL",
               value: GITHUB_ACTIONS_RUN_URL || "None Supplied",
             },
             {
               name: "Test Suites",
-              value: suites,
+              value: numTotalTestSuites,
             },
             {
               name: "Tests",
-              value: tests,
+              value: numTotalTests,
             },
             {
               name: "Passed",
-              value: passes,
+              value: numPassedTests,
             },
             {
               name: "Pending",
-              value: pending,
-            },
-            {
-              name: "Skipped",
-              value: skipped,
+              value: numPendingTests,
             },
             {
               name: "Failures",
-              value: failures,
+              value: numFailedTests,
             },
             {
               name: "Duration",
-              value: `${duration / 1000} Seconds`,
+              value: endTime
+                ? `${(endTime - startTime) / 1000} Seconds`
+                : "DNF",
             },
             {
               name: "Pass Percentage",
-              value: Math.floor(passPercent),
+              value: Math.floor((numPassedTests / numTotalTests) * 100),
             },
           ],
         },
       ],
     }),
   }
+
+  // Only post in discord when tests fail
+  if (success) {
+    return
+  }
+
   const response = await fetch(WEBHOOK_URL, options)
 
   if (response.status >= 201) {
@@ -125,7 +118,7 @@ async function discordCypressResultsNotification(report) {
 
 async function run() {
   const report = await generateReport()
-  await discordCypressResultsNotification(report)
+  await discordResultsNotification(report)
 }
 
 run()
diff --git a/qa-core/yarn.lock b/qa-core/yarn.lock
index b090ff872f..be6207bbad 100644
--- a/qa-core/yarn.lock
+++ b/qa-core/yarn.lock
@@ -297,27 +297,30 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/backend-core@^2.0.5":
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.0.5.tgz#e720ad8a0fd0eb0157d8ec332e530b481fd5b912"
-  integrity sha512-uY/YQgZ1xTm3npzWNRgZQBY/nj2ZxSkGtGbgK4NyWwZzvVUwd9vfNAIdKf7crECMJncH1x4H9TalQoFXb/cmbA==
+"@budibase/backend-core@^2.3.17":
+  version "2.3.17"
+  resolved "https://registry.yarnpkg.com/@budibase/backend-core/-/backend-core-2.3.17.tgz#27c8c2144bfda1533b43da6de7111c0819aea6a5"
+  integrity sha512-KcmF2OrNLjLbFtNbYD4ZufnsnwmN2Ez/occgWiecvFRAHOhpkm+Hoy6VggpG1YJBp1DG9kLh3WAZbeYI3QoJbw==
   dependencies:
-    "@budibase/types" "^2.0.5"
+    "@budibase/nano" "10.1.1"
+    "@budibase/types" "^2.3.17"
     "@shopify/jest-koa-mocks" "5.0.1"
     "@techpass/passport-openidconnect" "0.3.2"
+    aws-cloudfront-sign "2.2.0"
     aws-sdk "2.1030.0"
     bcrypt "5.0.1"
     bcryptjs "2.4.3"
+    bull "4.10.1"
+    correlation-id "4.0.0"
     dotenv "16.0.1"
     emitter-listener "1.1.2"
     ioredis "4.28.0"
     joi "17.6.0"
-    jsonwebtoken "8.5.1"
+    jsonwebtoken "9.0.0"
     koa-passport "4.1.4"
     lodash "4.17.21"
     lodash.isarguments "3.1.0"
     node-fetch "2.6.7"
-    passport-google-auth "1.0.2"
     passport-google-oauth "2.0.0"
     passport-jwt "4.0.0"
     passport-local "1.0.0"
@@ -333,15 +336,22 @@
     uuid "8.3.2"
     zlib "1.0.5"
 
-"@budibase/types@1.3.4":
-  version "1.3.4"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-1.3.4.tgz#25f087b024e843eb372e50c81f8f925fb39f1dfd"
-  integrity sha512-ndyWs8yeCS7cpZjApDB1HhY6UUM2SRBUgAMCZOZaWABG9JHeCbx7x0e/pA2SZjswdMXqS5WmnEd3br5wuvUzJw==
+"@budibase/nano@10.1.1":
+  version "10.1.1"
+  resolved "https://registry.yarnpkg.com/@budibase/nano/-/nano-10.1.1.tgz#36ccda4d9bb64b5ee14dd2b27a295b40739b1038"
+  integrity sha512-kbMIzMkjVtl+xI0UPwVU0/pn8/ccxTyfzwBz6Z+ZiN2oUSb0fJCe0qwA6o8dxwSa8nZu4MbGAeMJl3CJndmWtA==
+  dependencies:
+    "@types/tough-cookie" "^4.0.2"
+    axios "^1.1.3"
+    http-cookie-agent "^4.0.2"
+    node-abort-controller "^3.0.1"
+    qs "^6.11.0"
+    tough-cookie "^4.1.2"
 
-"@budibase/types@^2.0.5":
-  version "2.0.5"
-  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.0.5.tgz#852c86611f237640b59d8dc4ae0c8c5fec491cf1"
-  integrity sha512-MnnDEB22kbXRsztmHPgvFDSYavpb0qm6H6Y/3UHXKqyFEg/KRpiF1p7lYsN+FAUDAWxpFgI+kp2Yw6gWyA5FLQ==
+"@budibase/types@^2.3.17":
+  version "2.3.17"
+  resolved "https://registry.yarnpkg.com/@budibase/types/-/types-2.3.17.tgz#d97c1de5fb03c91ff7e55d7c8c3901e5e2e95995"
+  integrity sha512-p/6WgwNjVGfwyNLOofhPEG7S3tt5URxAVs+mPXuLn5bsAqRxxJ5XObvw8chijYXmewhGP0hjONQDkmDJ0FkHuA==
 
 "@cspotcode/source-map-support@^0.8.0":
   version "0.8.1"
@@ -660,6 +670,36 @@
     semver "^7.3.5"
     tar "^6.1.11"
 
+"@msgpackr-extract/msgpackr-extract-darwin-arm64@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-darwin-arm64/-/msgpackr-extract-darwin-arm64-3.0.0.tgz#d31a238c943ffc34bab73ad6ce7a6466d65888ef"
+  integrity sha512-5qpnNHUyyEj9H3sm/4Um/bnx1lrQGhe8iqry/1d+cQYCRd/gzYA0YLeq0ezlk4hKx4vO+dsEsNyeowqRqslwQA==
+
+"@msgpackr-extract/msgpackr-extract-darwin-x64@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-darwin-x64/-/msgpackr-extract-darwin-x64-3.0.0.tgz#2f6fbbec3d3f0bbe9c6678c899f1c1a6e25ed980"
+  integrity sha512-ZphTFFd6SFweNAMKD+QJCrWpgkjf4qBuHltiMkKkD6FFrB3NOTRVmetAGTkJ57pa+s6J0yCH06LujWB9rZe94g==
+
+"@msgpackr-extract/msgpackr-extract-linux-arm64@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-linux-arm64/-/msgpackr-extract-linux-arm64-3.0.0.tgz#19875441da50b9aa8f8e726eb097a4cead435a3f"
+  integrity sha512-NEX6hdSvP4BmVyegaIbrGxvHzHvTzzsPaxXCsUt0mbLbPpEftsvNwaEVKOowXnLoeuGeD4MaqSwL3BUK2elsUA==
+
+"@msgpackr-extract/msgpackr-extract-linux-arm@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-linux-arm/-/msgpackr-extract-linux-arm-3.0.0.tgz#3b855ac72cc16e89db2f72adf47ddc964c20a53d"
+  integrity sha512-ztKVV1dO/sSZyGse0PBCq3Pk1PkYjsA/dsEWE7lfrGoAK3i9HpS2o7XjGQ7V4va6nX+xPPOiuYpQwa4Bi6vlww==
+
+"@msgpackr-extract/msgpackr-extract-linux-x64@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-linux-x64/-/msgpackr-extract-linux-x64-3.0.0.tgz#455f1d5bb00e87f78c67711f26e7bff9f1457684"
+  integrity sha512-9uvdAkZMOPCY7SPRxZLW8XGqBOVNVEhqlgffenN8shA1XR9FWVsSM13nr/oHtNgXg6iVyML7RwWPyqUeThlwxg==
+
+"@msgpackr-extract/msgpackr-extract-win32-x64@3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@msgpackr-extract/msgpackr-extract-win32-x64/-/msgpackr-extract-win32-x64-3.0.0.tgz#03c6bfcd3acb179ea69546c20d50895b9d623ada"
+  integrity sha512-Wg0+9615kHKlr9iLVcG5I+/CHnf6w3x5UADRv8Ad16yA0Bu5l9eVOROjV7aHPG6uC8ZPFIVVaoSjDChD+Y0pzg==
+
 "@shopify/jest-koa-mocks@5.0.1":
   version "5.0.1"
   resolved "https://registry.yarnpkg.com/@shopify/jest-koa-mocks/-/jest-koa-mocks-5.0.1.tgz#fba490b6b7985fbb571eb9974897d396a3642e94"
@@ -825,6 +865,11 @@
   resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-2.0.1.tgz#20f18294f797f2209b5f65c8e3b5c8e8261d127c"
   integrity sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==
 
+"@types/tough-cookie@^4.0.2":
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.2.tgz#6286b4c7228d58ab7866d19716f3696e03a09397"
+  integrity sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==
+
 "@types/yargs-parser@*":
   version "21.0.0"
   resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.0.tgz#0c60e537fa790f5f9472ed2776c2b71ec117351b"
@@ -889,7 +934,7 @@ acorn@^8.4.1:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.0.tgz#88c0187620435c7f6015803f5539dae05a9dbea8"
   integrity sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==
 
-agent-base@6:
+agent-base@6, agent-base@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77"
   integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==
@@ -987,18 +1032,18 @@ assert-plus@1.0.0, assert-plus@^1.0.0:
   resolved "https://registry.yarnpkg.com/assert-plus/-/assert-plus-1.0.0.tgz#f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
   integrity sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==
 
-async@~2.1.4:
-  version "2.1.5"
-  resolved "https://registry.yarnpkg.com/async/-/async-2.1.5.tgz#e587c68580994ac67fc56ff86d3ac56bdbe810bc"
-  integrity sha512-+g/Ncjbx0JSq2Mk03WQkyKvNh5q9Qvyo/RIqIqnmC5feJY70PNl2ESwZU2BhAB+AZPkHNzzyC2Dq2AS5VnTKhQ==
-  dependencies:
-    lodash "^4.14.0"
-
 asynckit@^0.4.0:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
+aws-cloudfront-sign@2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/aws-cloudfront-sign/-/aws-cloudfront-sign-2.2.0.tgz#3910f5a6d0d90fec07f2b4ef8ab07f3eefb5625d"
+  integrity sha512-qG+rwZMP3KRTPPbVmWY8DlrT56AkA4iVOeo23vkdK2EXeW/brJFN2haSNKzVz+oYhFMEIzVVloeAcrEzuRkuVQ==
+  dependencies:
+    lodash "^3.6.0"
+
 aws-sdk@2.1030.0:
   version "2.1030.0"
   resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1030.0.tgz#24a856af3d2b8b37c14a8f59974993661c66fd82"
@@ -1046,6 +1091,15 @@ axios@^0.21.1:
   dependencies:
     follow-redirects "^1.14.0"
 
+axios@^1.1.3:
+  version "1.3.3"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.3.3.tgz#e7011384ba839b885007c9c9fae1ff23dceb295b"
+  integrity sha512-eYq77dYIFS77AQlhzEL937yUBSepBfPIe8FcgEDN35vMNZKMrs81pgnyrQpwfy4NF4b4XWX1Zgx7yX+25w8QJA==
+  dependencies:
+    follow-redirects "^1.15.0"
+    form-data "^4.0.0"
+    proxy-from-env "^1.1.0"
+
 babel-jest@^28.1.3:
   version "28.1.3"
   resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-28.1.3.tgz#c1187258197c099072156a0a121c11ee1e3917d5"
@@ -1226,6 +1280,21 @@ buffer@^5.5.0, buffer@^5.6.0:
     base64-js "^1.3.1"
     ieee754 "^1.1.13"
 
+bull@4.10.1:
+  version "4.10.1"
+  resolved "https://registry.yarnpkg.com/bull/-/bull-4.10.1.tgz#f14974b6089358b62b495a2cbf838aadc098e43f"
+  integrity sha512-Fp21tRPb2EaZPVfmM+ONZKVz2RA+to+zGgaTLyCKt3JMSU8OOBqK8143OQrnGuGpsyE5G+9FevFAGhdZZfQP2g==
+  dependencies:
+    cron-parser "^4.2.1"
+    debuglog "^1.0.0"
+    get-port "^5.1.1"
+    ioredis "^4.28.5"
+    lodash "^4.17.21"
+    msgpackr "^1.5.2"
+    p-timeout "^3.2.0"
+    semver "^7.3.2"
+    uuid "^8.3.0"
+
 cache-content-type@^1.0.0:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/cache-content-type/-/cache-content-type-1.0.1.tgz#035cde2b08ee2129f4a8315ea8f00a00dba1453c"
@@ -1234,6 +1303,14 @@ cache-content-type@^1.0.0:
     mime-types "^2.1.18"
     ylru "^1.2.0"
 
+call-bind@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c"
+  integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==
+  dependencies:
+    function-bind "^1.1.1"
+    get-intrinsic "^1.0.2"
+
 callsites@^3.0.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73"
@@ -1438,11 +1515,25 @@ core-util-is@~1.0.0:
   resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85"
   integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
 
+correlation-id@4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/correlation-id/-/correlation-id-4.0.0.tgz#c1d3038e5f30d7bfeae5728ff96f27a7506bc2c0"
+  integrity sha512-WvXtJBlovvOBKqTz/YwWP2gm6CXJZJArfGimp9s/ehmhJMPFbmnPMQe3K60Q9idGNixMvKojMjleyDhZEFdHfg==
+  dependencies:
+    uuid "^8.3.1"
+
 create-require@^1.1.0:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/create-require/-/create-require-1.1.1.tgz#c1d7e8f1e5f6cfc9ff65f9cd352d37348756c333"
   integrity sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==
 
+cron-parser@^4.2.1:
+  version "4.7.1"
+  resolved "https://registry.yarnpkg.com/cron-parser/-/cron-parser-4.7.1.tgz#1e325a6a18e797a634ada1e2599ece0b6b5ed177"
+  integrity sha512-WguFaoQ0hQ61SgsCZLHUcNbAvlK0lypKXu62ARguefYmjzaOXIVRNrAmyXzabTwUn4sQvQLkk6bjH+ipGfw8bA==
+  dependencies:
+    luxon "^3.2.1"
+
 cross-spawn@^7.0.0, cross-spawn@^7.0.3:
   version "7.0.3"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
@@ -1478,6 +1569,11 @@ debug@4.3.2:
   dependencies:
     ms "2.1.2"
 
+debuglog@^1.0.0:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492"
+  integrity sha512-syBZ+rnAK3EgMsH2aYEOLUW7mZSY9Gb+0wUMCFsZvcmiz+HigA0LOcq/HoQqVuGG+EKykunc7QG2bzrponfaSw==
+
 dedent@^0.7.0:
   version "0.7.0"
   resolved "https://registry.yarnpkg.com/dedent/-/dedent-0.7.0.tgz#2495ddbaf6eb874abb0e1be9df22d2e5a544326c"
@@ -1820,7 +1916,7 @@ follow-redirects@^1.14.0:
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5"
   integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==
 
-follow-redirects@^1.14.4:
+follow-redirects@^1.14.4, follow-redirects@^1.15.0:
   version "1.15.2"
   resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13"
   integrity sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==
@@ -1919,11 +2015,25 @@ get-caller-file@^2.0.5:
   resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
   integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
 
+get-intrinsic@^1.0.2:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.0.tgz#7ad1dc0535f3a2904bba075772763e5051f6d05f"
+  integrity sha512-L049y6nFOuom5wGyRc3/gdTLO94dySVKRACj1RmJZBQXlbTMhtNIgkWkUHq+jYmZvKf14EW1EoJnnjbmoHij0Q==
+  dependencies:
+    function-bind "^1.1.1"
+    has "^1.0.3"
+    has-symbols "^1.0.3"
+
 get-package-type@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/get-package-type/-/get-package-type-0.1.0.tgz#8de2d803cff44df3bc6c456e6668b36c3926e11a"
   integrity sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==
 
+get-port@^5.1.1:
+  version "5.1.1"
+  resolved "https://registry.yarnpkg.com/get-port/-/get-port-5.1.1.tgz#0469ed07563479de6efb986baf053dcd7d4e3193"
+  integrity sha512-g/Q1aTSDOxFpchXC4i8ZWvxA1lnPqx/JHqcpIw0/LX9T8x/GBbi6YnlN5nhaKIFkT8oFsscUKgDJYxfwfS6QsQ==
+
 get-stream@^6.0.0:
   version "6.0.1"
   resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7"
@@ -1953,47 +2063,11 @@ globals@^11.1.0:
   resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
   integrity sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==
 
-google-auth-library@~0.10.0:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-0.10.0.tgz#6e15babee85fd1dd14d8d128a295b6838d52136e"
-  integrity sha512-KM54Y9GhdAzfXUHmWEoYmaOykSLuMG7W4HvVLYqyogxOyE6px8oSS8W13ngqW0oDGZ915GFW3V6OM6+qcdvPOA==
-  dependencies:
-    gtoken "^1.2.1"
-    jws "^3.1.4"
-    lodash.noop "^3.0.1"
-    request "^2.74.0"
-
-google-p12-pem@^0.1.0:
-  version "0.1.2"
-  resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-0.1.2.tgz#33c46ab021aa734fa0332b3960a9a3ffcb2f3177"
-  integrity sha512-puhMlJ2+E/rgvxWaqgN/nC7x623OAE8MR9vBUqxF0inCE7HoVfCHvTeQ9+BR+rj9KM0fIg6XV6tmbt7XHHssoQ==
-  dependencies:
-    node-forge "^0.7.1"
-
-googleapis@^16.0.0:
-  version "16.1.0"
-  resolved "https://registry.yarnpkg.com/googleapis/-/googleapis-16.1.0.tgz#0f19f2d70572d918881a0f626e3b1a2fa8629576"
-  integrity sha512-5czmF7xkIlJKc1+/+5tltrI1skoR3HKtkDOld9rk+DOucTpZRjOhCoJzoSjxB3M8rP2tEb1VIr1TPyzR3V2PUQ==
-  dependencies:
-    async "~2.1.4"
-    google-auth-library "~0.10.0"
-    string-template "~1.0.0"
-
 graceful-fs@^4.2.9:
   version "4.2.10"
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
 
-gtoken@^1.2.1:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-1.2.3.tgz#5509571b8afd4322e124cf66cf68115284c476d8"
-  integrity sha512-wQAJflfoqSgMWrSBk9Fg86q+sd6s7y6uJhIvvIPz++RElGlMtEqsdAR2oWwZ/WTEtp7P9xFbJRrT976oRgzJ/w==
-  dependencies:
-    google-p12-pem "^0.1.0"
-    jws "^3.0.0"
-    mime "^1.4.1"
-    request "^2.72.0"
-
 har-schema@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
@@ -2017,7 +2091,7 @@ has-flag@^4.0.0:
   resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
   integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
 
-has-symbols@^1.0.2:
+has-symbols@^1.0.2, has-symbols@^1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
   integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
@@ -2054,6 +2128,13 @@ http-assert@^1.3.0:
     deep-equal "~1.0.1"
     http-errors "~1.8.0"
 
+http-cookie-agent@^4.0.2:
+  version "4.0.2"
+  resolved "https://registry.yarnpkg.com/http-cookie-agent/-/http-cookie-agent-4.0.2.tgz#dcdaae18ed1f7452d81ae4d5cd80b227d6831b69"
+  integrity sha512-noTmxdH5CuytTnLj/Qv3Z84e/YFq8yLXAw3pqIYZ25Edhb9pQErIAC+ednw40Cic6Le/h9ryph5/TqsvkOaUCw==
+  dependencies:
+    agent-base "^6.0.2"
+
 http-errors@^1.6.3, http-errors@~1.8.0:
   version "1.8.1"
   resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c"
@@ -2150,6 +2231,23 @@ ioredis@4.28.0:
     redis-parser "^3.0.0"
     standard-as-callback "^2.1.0"
 
+ioredis@^4.28.5:
+  version "4.28.5"
+  resolved "https://registry.yarnpkg.com/ioredis/-/ioredis-4.28.5.tgz#5c149e6a8d76a7f8fa8a504ffc85b7d5b6797f9f"
+  integrity sha512-3GYo0GJtLqgNXj4YhrisLaNNvWSNwSS2wS4OELGfGxH8I69+XfNdnmV1AyN+ZqMh0i7eX+SWjrwFKDBDgfBC1A==
+  dependencies:
+    cluster-key-slot "^1.1.0"
+    debug "^4.3.1"
+    denque "^1.1.0"
+    lodash.defaults "^4.2.0"
+    lodash.flatten "^4.4.0"
+    lodash.isarguments "^3.1.0"
+    p-map "^2.1.0"
+    redis-commands "1.7.0"
+    redis-errors "^1.2.0"
+    redis-parser "^3.0.0"
+    standard-as-callback "^2.1.0"
+
 is-arrayish@^0.2.1:
   version "0.2.1"
   resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d"
@@ -2745,7 +2843,17 @@ json5@^2.2.1:
   resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
   integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==
 
-jsonwebtoken@8.5.1, jsonwebtoken@^8.2.0:
+jsonwebtoken@9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.0.tgz#d0faf9ba1cc3a56255fe49c0961a67e520c1926d"
+  integrity sha512-tuGfYXxkQGDPnLJ7SibiQgVgeDgfbPq2k2ICcbgqW8WxWLBAxKQM/ZCu/IT8SOSwmaYl4dpTFCW5xZv7YbbWUw==
+  dependencies:
+    jws "^3.2.2"
+    lodash "^4.17.21"
+    ms "^2.1.1"
+    semver "^7.3.8"
+
+jsonwebtoken@^8.2.0:
   version "8.5.1"
   resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
   integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==
@@ -2780,7 +2888,7 @@ jwa@^1.4.1:
     ecdsa-sig-formatter "1.0.11"
     safe-buffer "^5.0.1"
 
-jws@^3.0.0, jws@^3.1.4, jws@^3.2.2:
+jws@^3.2.2:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
   integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==
@@ -3017,11 +3125,6 @@ lodash.memoize@4.x:
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
   integrity sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==
 
-lodash.noop@^3.0.1:
-  version "3.0.1"
-  resolved "https://registry.yarnpkg.com/lodash.noop/-/lodash.noop-3.0.1.tgz#38188f4d650a3a474258439b96ec45b32617133c"
-  integrity sha512-TmYdmu/pebrdTIBDK/FDx9Bmfzs9x0sZG6QIJuMDTqEPfeciLcN13ij+cOd0i9vwJfBtbG9UQ+C7MkXgYxrIJg==
-
 lodash.once@^4.0.0:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
@@ -3032,11 +3135,16 @@ lodash.pick@^4.0.0:
   resolved "https://registry.yarnpkg.com/lodash.pick/-/lodash.pick-4.4.0.tgz#52f05610fff9ded422611441ed1fc123a03001b3"
   integrity sha512-hXt6Ul/5yWjfklSGvLQl8vM//l3FtyHZeuelpzK6mm99pNvN9yTDruNZPEJZD1oWrqo+izBmB7oUfWgcCX7s4Q==
 
-lodash@4.17.21, lodash@^4.14.0, lodash@^4.17.21:
+lodash@4.17.21, lodash@^4.17.21:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
 
+lodash@^3.6.0:
+  version "3.10.1"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-3.10.1.tgz#5bf45e8e49ba4189e17d482789dfd15bd140b7b6"
+  integrity sha512-9mDDwqVIma6OZX79ZlDACZl8sBm0TEnkf99zV3iMA4GzkIT/9hiqP5mY0HoT1iNLCrKc/R1HByV+yJfRWVJryQ==
+
 lru-cache@^6.0.0:
   version "6.0.0"
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-6.0.0.tgz#6d6fe6570ebd96aaf90fcad1dafa3b2566db3a94"
@@ -3049,6 +3157,11 @@ ltgt@2.2.1, ltgt@^2.1.2:
   resolved "https://registry.yarnpkg.com/ltgt/-/ltgt-2.2.1.tgz#f35ca91c493f7b73da0e07495304f17b31f87ee5"
   integrity sha512-AI2r85+4MquTw9ZYqabu4nMwy9Oftlfa/e/52t9IjtfG+mGBbTNdAoZ3RQKLHR6r0wQnwZnPIEh/Ya6XTWAKNA==
 
+luxon@^3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/luxon/-/luxon-3.2.1.tgz#14f1af209188ad61212578ea7e3d518d18cee45f"
+  integrity sha512-QrwPArQCNLAKGO/C+ZIilgIuDnEnKx5QYODdDtbFaxzsbZcc/a7WFq7MhsVYgRlwawLtvOUESTlfJ+hc/USqPg==
+
 make-dir@^3.0.0, make-dir@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/make-dir/-/make-dir-3.1.0.tgz#415e967046b3a7f1d185277d84aa58203726a13f"
@@ -3122,7 +3235,7 @@ mime-types@^2.1.12, mime-types@^2.1.18, mime-types@~2.1.19, mime-types@~2.1.24,
   dependencies:
     mime-db "1.52.0"
 
-mime@^1.3.4, mime@^1.4.1:
+mime@^1.3.4:
   version "1.6.0"
   resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1"
   integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
@@ -3179,6 +3292,27 @@ ms@^2.1.1, ms@^2.1.3:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
   integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
 
+msgpackr-extract@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/msgpackr-extract/-/msgpackr-extract-3.0.0.tgz#5b5c5fbfff25be5ee5b5a82a9cbe02e37f72bed0"
+  integrity sha512-oy6KCk1+X4Bn5m6Ycq5N1EWl9npqG/cLrE8ga8NX7ZqfqYUUBS08beCQaGq80fjbKBySur0E6x//yZjzNJDt3A==
+  dependencies:
+    node-gyp-build-optional-packages "5.0.7"
+  optionalDependencies:
+    "@msgpackr-extract/msgpackr-extract-darwin-arm64" "3.0.0"
+    "@msgpackr-extract/msgpackr-extract-darwin-x64" "3.0.0"
+    "@msgpackr-extract/msgpackr-extract-linux-arm" "3.0.0"
+    "@msgpackr-extract/msgpackr-extract-linux-arm64" "3.0.0"
+    "@msgpackr-extract/msgpackr-extract-linux-x64" "3.0.0"
+    "@msgpackr-extract/msgpackr-extract-win32-x64" "3.0.0"
+
+msgpackr@^1.5.2:
+  version "1.8.3"
+  resolved "https://registry.yarnpkg.com/msgpackr/-/msgpackr-1.8.3.tgz#78c1b91359f72707f4abeaca40cc423bd2d75185"
+  integrity sha512-m2JefwcKNzoHYXkH/5jzHRxAw7XLWsAdvu0FOJ+OLwwozwOV/J6UA62iLkfIMbg7G8+dIuRwgg6oz+QoQ4YkoA==
+  optionalDependencies:
+    msgpackr-extract "^3.0.0"
+
 napi-macros@~2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/napi-macros/-/napi-macros-2.0.0.tgz#2b6bae421e7b96eb687aa6c77a7858640670001b"
@@ -3204,6 +3338,11 @@ negotiator@0.6.3:
   resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd"
   integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
 
+node-abort-controller@^3.0.1:
+  version "3.1.1"
+  resolved "https://registry.yarnpkg.com/node-abort-controller/-/node-abort-controller-3.1.1.tgz#a94377e964a9a37ac3976d848cb5c765833b8548"
+  integrity sha512-AGK2yQKIjRuqnc6VkX2Xj5d+QW8xZ87pa1UK6yA6ouUyuxfHuMP6umE5QK7UmTeOAymo+Zx1Fxiuw9rVx8taHQ==
+
 node-addon-api@^3.1.0:
   version "3.2.1"
   resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.2.1.tgz#81325e0a2117789c0128dab65e7e38f07ceba161"
@@ -3221,10 +3360,10 @@ node-fetch@2.6.0:
   resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.6.0.tgz#e633456386d4aa55863f676a7ab0daa8fdecb0fd"
   integrity sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA==
 
-node-forge@^0.7.1:
-  version "0.7.6"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.6.tgz#fdf3b418aee1f94f0ef642cd63486c77ca9724ac"
-  integrity sha512-sol30LUpz1jQFBjOKwbjxijiE3b6pjd74YwfD0fJOKPjF+fONKb2Yg8rYgS6+bK6VDl+/wfr4IYpC7jDzLUIfw==
+node-gyp-build-optional-packages@5.0.7:
+  version "5.0.7"
+  resolved "https://registry.yarnpkg.com/node-gyp-build-optional-packages/-/node-gyp-build-optional-packages-5.0.7.tgz#5d2632bbde0ab2f6e22f1bbac2199b07244ae0b3"
+  integrity sha512-YlCCc6Wffkx0kHkmam79GKvDQ6x+QZkMjFGrIMxgFNILFvGSbCp2fCBC55pGTT9gVaz8Na5CLmxt/urtzRv36w==
 
 node-gyp-build@~4.1.0:
   version "4.1.1"
@@ -3301,6 +3440,11 @@ object-assign@^4.1.1:
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
 
+object-inspect@^1.9.0:
+  version "1.12.3"
+  resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9"
+  integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g==
+
 on-finished@^2.3.0:
   version "2.4.1"
   resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.4.1.tgz#58c8c44116e54845ad57f14ab10b03533184ac3f"
@@ -3327,6 +3471,11 @@ only@~0.0.2:
   resolved "https://registry.yarnpkg.com/only/-/only-0.0.2.tgz#2afde84d03e50b9a8edc444e30610a70295edfb4"
   integrity sha512-Fvw+Jemq5fjjyWz6CpKx6w9s7xxqo3+JCyM0WXWeCSOboZ8ABkyvP8ID4CZuChA/wxSx+XSJmdOm8rGVyJ1hdQ==
 
+p-finally@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/p-finally/-/p-finally-1.0.0.tgz#3fbcfb15b899a44123b34b6dcc18b724336a2cae"
+  integrity sha512-LICb2p9CB7FS+0eR1oqWnHhp0FljGLZCWBE9aix0Uye9W8LTQPwMTYVGWQWIw9RdQiDg4+epXQODwIYJtSJaow==
+
 p-limit@^2.2.0:
   version "2.3.0"
   resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-2.3.0.tgz#3dd33c647a214fdfffd835933eb086da0dc21db1"
@@ -3353,6 +3502,13 @@ p-map@^2.1.0:
   resolved "https://registry.yarnpkg.com/p-map/-/p-map-2.1.0.tgz#310928feef9c9ecc65b68b17693018a665cea175"
   integrity sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==
 
+p-timeout@^3.2.0:
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/p-timeout/-/p-timeout-3.2.0.tgz#c7e17abc971d2a7962ef83626b35d635acf23dfe"
+  integrity sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg==
+  dependencies:
+    p-finally "^1.0.0"
+
 p-try@^2.0.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/p-try/-/p-try-2.2.0.tgz#cb2868540e313d61de58fafbe35ce9004d5540e6"
@@ -3373,14 +3529,6 @@ parseurl@^1.3.2, parseurl@^1.3.3:
   resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4"
   integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
 
-passport-google-auth@1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/passport-google-auth/-/passport-google-auth-1.0.2.tgz#8b300b5aa442ef433de1d832ed3112877d0b2938"
-  integrity sha512-cfAqna6jZLyMEwUdd4PIwAh2mQKQVEDAaRIaom1pG6h4x4Gwjllf/Jflt3TkR1Sen5Rkvr3l7kSXCWE1EKkh8g==
-  dependencies:
-    googleapis "^16.0.0"
-    passport-strategy "1.x"
-
 passport-google-oauth1@1.x.x:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/passport-google-oauth1/-/passport-google-oauth1-1.0.0.tgz#af74a803df51ec646f66a44d82282be6f108e0cc"
@@ -3443,7 +3591,7 @@ passport-oauth2@1.x.x:
     uid2 "0.0.x"
     utils-merge "1.x.x"
 
-passport-strategy@1.x, passport-strategy@1.x.x, passport-strategy@^1.0.0:
+passport-strategy@1.x.x, passport-strategy@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"
   integrity sha512-CB97UUvDKJde2V0KDWWB3lyf6PC3FaZP7YxZ2G8OAtn9p4HI9j9JLP9qjOGZFvyl8uwNT8qM+hGnz/n16NI7oA==
@@ -3720,6 +3868,11 @@ prompts@^2.0.1:
     kleur "^3.0.3"
     sisteransi "^1.0.5"
 
+proxy-from-env@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
+  integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
+
 prr@~1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/prr/-/prr-1.0.1.tgz#d3fc114ba06995a45ec6893f484ceb1d78f5f476"
@@ -3755,6 +3908,13 @@ punycode@^2.1.0, punycode@^2.1.1:
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
   integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
 
+qs@^6.11.0:
+  version "6.11.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
+  integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
+  dependencies:
+    side-channel "^1.0.4"
+
 qs@~6.5.2:
   version "6.5.3"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad"
@@ -3851,7 +4011,7 @@ remove-trailing-slash@^0.1.1:
   resolved "https://registry.yarnpkg.com/remove-trailing-slash/-/remove-trailing-slash-0.1.1.tgz#be2285a59f39c74d1bce4f825950061915e3780d"
   integrity sha512-o4S4Qh6L2jpnCy83ysZDau+VORNvnFw07CKSAymkd6ICNVEPisMyzlc00KlvvicsxKck94SEwhDnMNdICzO+tA==
 
-request@^2.72.0, request@^2.74.0, request@^2.88.0:
+request@^2.88.0:
   version "2.88.2"
   resolved "https://registry.yarnpkg.com/request/-/request-2.88.2.tgz#d73c918731cb5a87da047e207234146f664d12b3"
   integrity sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==
@@ -3974,6 +4134,13 @@ semver@^6.0.0, semver@^6.3.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
   integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
 
+semver@^7.3.2, semver@^7.3.8:
+  version "7.3.8"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798"
+  integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==
+  dependencies:
+    lru-cache "^6.0.0"
+
 set-blocking@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
@@ -4001,6 +4168,15 @@ shimmer@^1.2.0:
   resolved "https://registry.yarnpkg.com/shimmer/-/shimmer-1.2.1.tgz#610859f7de327b587efebf501fb43117f9aff337"
   integrity sha512-sQTKC1Re/rM6XyFM6fIAGHRPVGvyXfgzIDvzoq608vM+jeyVD0Tu1E6Np0Kc2zAIFWIj963V2800iF/9LPieQw==
 
+side-channel@^1.0.4:
+  version "1.0.4"
+  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf"
+  integrity sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==
+  dependencies:
+    call-bind "^1.0.0"
+    get-intrinsic "^1.0.2"
+    object-inspect "^1.9.0"
+
 signal-exit@^3.0.0, signal-exit@^3.0.3, signal-exit@^3.0.7:
   version "3.0.7"
   resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9"
@@ -4123,11 +4299,6 @@ string-length@^4.0.1:
     char-regex "^1.0.2"
     strip-ansi "^6.0.0"
 
-string-template@~1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/string-template/-/string-template-1.0.0.tgz#9e9f2233dc00f218718ec379a28a5673ecca8b96"
-  integrity sha512-SLqR3GBUXuoPP5MmYtD7ompvXiG87QjT6lzOszyXjTM86Uu7At7vNnt2xgyTLq5o9T4IxTYFyGxcULqpsmsfdg==
-
 "string-width@^1.0.2 || 2 || 3 || 4", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3:
   version "4.2.3"
   resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
@@ -4315,7 +4486,7 @@ toidentifier@1.0.1:
   resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
   integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
 
-"tough-cookie@^2.3.3 || ^3.0.1 || ^4.0.0":
+"tough-cookie@^2.3.3 || ^3.0.1 || ^4.0.0", tough-cookie@^4.1.2:
   version "4.1.2"
   resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.2.tgz#e53e84b85f24e0b65dd526f46628db6c85f6b874"
   integrity sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==
@@ -4486,7 +4657,7 @@ uuid@8.1.0:
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.1.0.tgz#6f1536eb43249f473abc6bd58ff983da1ca30d8d"
   integrity sha512-CI18flHDznR0lq54xBycOVmphdCYnQLKn8abKn7PXUiKUGdEd+/l9LWNJmugXel4hXq7S+RMNl34ecyC9TntWg==
 
-uuid@8.3.2, uuid@^8.3.2:
+uuid@8.3.2, uuid@^8.3.0, uuid@^8.3.1, uuid@^8.3.2:
   version "8.3.2"
   resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2"
   integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
diff --git a/scripts/link-dependencies.sh b/scripts/link-dependencies.sh
index d2a501162b..9926f3dd2b 100755
--- a/scripts/link-dependencies.sh
+++ b/scripts/link-dependencies.sh
@@ -44,6 +44,9 @@ if [ -d "../budibase-pro" ]; then
   echo "Linking types to pro"
   yarn link '@budibase/types'
 
+  echo "Linking string-templates to pro"
+  yarn link '@budibase/string-templates'
+
   cd ../../../budibase
 
   echo "Linking pro to worker"
diff --git a/scripts/pro/release.sh b/scripts/pro/release.sh
index 7fbb3c0fd6..e57d8deeb8 100755
--- a/scripts/pro/release.sh
+++ b/scripts/pro/release.sh
@@ -53,7 +53,7 @@ yarn clean -y && yarn bootstrap
 
 # Commit and push
 git add packages/pro/yarn.lock
-git commit -m "Update dependency versions to $VERSION"
+git commit -m "Update dependency versions to $VERSION" -n
 git push
 
 #############################################
@@ -91,5 +91,5 @@ git add packages/server/package.json
 git add packages/server/yarn.lock
 git add packages/worker/package.json
 git add packages/worker/yarn.lock
-git commit -m "Update pro version to $VERSION"
+git commit -m "Update pro version to $VERSION" -n
 git push
diff --git a/yarn.lock b/yarn.lock
index f80cde1b6f..bcd33ad2b6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1064,6 +1064,11 @@
   resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.45.0.tgz#794760b9037ee4154c09549ef5a96599621109c5"
   integrity sha512-QQij+u/vgskA66azc9dCmx+rev79PzX8uDHpsqSjEFtfF2gBUTRCpvYMh2gw2ghkJabNkPlSUCimsyBEQZd1DA==
 
+"@typescript-eslint/types@5.53.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.53.0.tgz#f79eca62b97e518ee124086a21a24f3be267026f"
+  integrity sha512-5kcDL9ZUIP756K6+QOAfPkigJmCPHcLN7Zjdz76lQWWDdzfOhZDTj1irs6gPBKiXx5/6O3L0+AvupAut3z7D2A==
+
 "@typescript-eslint/typescript-estree@5.45.0":
   version "5.45.0"
   resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.45.0.tgz#f70a0d646d7f38c0dfd6936a5e171a77f1e5291d"
@@ -1090,6 +1095,19 @@
     semver "^7.3.5"
     tsutils "^3.21.0"
 
+"@typescript-eslint/typescript-estree@^5.13.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.53.0.tgz#bc651dc28cf18ab248ecd18a4c886c744aebd690"
+  integrity sha512-eKmipH7QyScpHSkhbptBBYh9v8FxtngLquq292YTEQ1pxVs39yFBlLC1xeIZcPPz1RWGqb7YgERJRGkjw8ZV7w==
+  dependencies:
+    "@typescript-eslint/types" "5.53.0"
+    "@typescript-eslint/visitor-keys" "5.53.0"
+    debug "^4.3.4"
+    globby "^11.1.0"
+    is-glob "^4.0.3"
+    semver "^7.3.7"
+    tsutils "^3.21.0"
+
 "@typescript-eslint/visitor-keys@4.33.0":
   version "4.33.0"
   resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.33.0.tgz#2a22f77a41604289b7a186586e9ec48ca92ef1dd"
@@ -1106,6 +1124,14 @@
     "@typescript-eslint/types" "5.45.0"
     eslint-visitor-keys "^3.3.0"
 
+"@typescript-eslint/visitor-keys@5.53.0":
+  version "5.53.0"
+  resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.53.0.tgz#8a5126623937cdd909c30d8fa72f79fa56cc1a9f"
+  integrity sha512-JqNLnX3leaHFZEN0gCh81sIvgrp/2GOACZNgO4+Tkf64u51kTpAyWFOY8XHx8XuXr3N2C9zgPPHtcpMg6z1g0w==
+  dependencies:
+    "@typescript-eslint/types" "5.53.0"
+    eslint-visitor-keys "^3.3.0"
+
 JSONStream@^1.0.4, JSONStream@^1.3.4:
   version "1.3.5"
   resolved "https://registry.yarnpkg.com/JSONStream/-/JSONStream-1.3.5.tgz#3208c1f08d3a4d99261ab64f92302bc15e111ca0"
@@ -1214,6 +1240,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0:
   dependencies:
     color-convert "^2.0.1"
 
+any-promise@^1.1.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/any-promise/-/any-promise-1.3.0.tgz#abc6afeedcea52e809cdc0376aed3ce39635d17f"
+  integrity sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==
+
 app-module-path@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/app-module-path/-/app-module-path-2.2.0.tgz#641aa55dfb7d6a6f0a8141c4b9c0aa50b6c24dd5"
@@ -1793,6 +1824,11 @@ commander@^7.2.0:
   resolved "https://registry.yarnpkg.com/commander/-/commander-7.2.0.tgz#a36cb57d0b501ce108e4d20559a150a391d97ab7"
   integrity sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==
 
+commander@^9.1.0:
+  version "9.5.0"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-9.5.0.tgz#bc08d1eb5cedf7ccb797a96199d41c7bc3e60d30"
+  integrity sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==
+
 commondir@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/commondir/-/commondir-1.0.1.tgz#ddd800da0c66127393cca5950ea968a3aaf1253b"
@@ -2139,16 +2175,16 @@ delegates@^1.0.0:
   resolved "https://registry.yarnpkg.com/delegates/-/delegates-1.0.0.tgz#84c6e159b81904fdca59a0ef44cd870d31250f9a"
   integrity sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==
 
-dependency-tree@^8.1.1:
-  version "8.1.2"
-  resolved "https://registry.yarnpkg.com/dependency-tree/-/dependency-tree-8.1.2.tgz#c9e652984f53bd0239bc8a3e50cbd52f05b2e770"
-  integrity sha512-c4CL1IKxkKng0oT5xrg4uNiiMVFqTGOXqHSFx7XEFdgSsp6nw3AGGruICppzJUrfad/r7GLqt26rmWU4h4j39A==
+dependency-tree@^9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/dependency-tree/-/dependency-tree-9.0.0.tgz#9288dd6daf35f6510c1ea30d9894b75369aa50a2"
+  integrity sha512-osYHZJ1fBSon3lNLw70amAXsQ+RGzXsPvk9HbBgTLbp/bQBmpH5mOmsUvqXU+YEWVU0ZLewsmzOET/8jWswjDQ==
   dependencies:
     commander "^2.20.3"
     debug "^4.3.1"
     filing-cabinet "^3.0.1"
-    precinct "^8.0.0"
-    typescript "^3.9.7"
+    precinct "^9.0.0"
+    typescript "^4.0.0"
 
 deprecation@^2.0.0, deprecation@^2.3.1:
   version "2.3.1"
@@ -2170,6 +2206,16 @@ detective-amd@^3.1.0:
     get-amd-module-type "^3.0.0"
     node-source-walk "^4.2.0"
 
+detective-amd@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/detective-amd/-/detective-amd-4.0.1.tgz#1a827d9e4fa2f832506bd87aa392f124155bca3a"
+  integrity sha512-bDo22IYbJ8yzALB0Ow5CQLtyhU1BpDksLB9dsWHI9Eh0N3OQR6aQqhjPsNDd69ncYwRfL1sTo7OA9T3VRVSe2Q==
+  dependencies:
+    ast-module-types "^3.0.0"
+    escodegen "^2.0.0"
+    get-amd-module-type "^4.0.0"
+    node-source-walk "^5.0.0"
+
 detective-cjs@^3.1.1:
   version "3.1.3"
   resolved "https://registry.yarnpkg.com/detective-cjs/-/detective-cjs-3.1.3.tgz#50e107d67b37f459b0ec02966ceb7e20a73f268b"
@@ -2178,13 +2224,28 @@ detective-cjs@^3.1.1:
     ast-module-types "^3.0.0"
     node-source-walk "^4.0.0"
 
-detective-es6@^2.2.0, detective-es6@^2.2.1:
+detective-cjs@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/detective-cjs/-/detective-cjs-4.0.0.tgz#316e2c7ae14276a5dcfe0c43dc05d8cf9a0e5cf9"
+  integrity sha512-VsD6Yo1+1xgxJWoeDRyut7eqZ8EWaJI70C5eanSAPcBHzenHZx0uhjxaaEfIm0cHII7dBiwU98Orh44bwXN2jg==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
+detective-es6@^2.2.1:
   version "2.2.2"
   resolved "https://registry.yarnpkg.com/detective-es6/-/detective-es6-2.2.2.tgz#ee5f880981d9fecae9a694007029a2f6f26d8d28"
   integrity sha512-eZUKCUsbHm8xoeoCM0z6JFwvDfJ5Ww5HANo+jPR7AzkFpW9Mun3t/TqIF2jjeWa2TFbAiGaWESykf2OQp3oeMw==
   dependencies:
     node-source-walk "^4.0.0"
 
+detective-es6@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/detective-es6/-/detective-es6-3.0.0.tgz#78c9ef5492d5b59748b411aecaaf52b5ca0f0bc2"
+  integrity sha512-Uv2b5Uih7vorYlqGzCX+nTPUb4CMzUAn3VPHTV5p5lBkAN4cAApLGgUz4mZE2sXlBfv4/LMmeP7qzxHV/ZcfWA==
+  dependencies:
+    node-source-walk "^5.0.0"
+
 detective-less@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/detective-less/-/detective-less-1.0.2.tgz#a68af9ca5f69d74b7d0aa190218b211d83b4f7e3"
@@ -2204,14 +2265,14 @@ detective-postcss@^4.0.0:
     postcss "^8.1.7"
     postcss-values-parser "^2.0.1"
 
-detective-postcss@^5.0.0:
-  version "5.1.1"
-  resolved "https://registry.yarnpkg.com/detective-postcss/-/detective-postcss-5.1.1.tgz#ec23ac3818f8be95ac3a38a8b9f3b6d43103ef87"
-  integrity sha512-YJMsvA0Y6/ST9abMNcQytl9iFQ2bfu4I7B74IUiAvyThfaI9Y666yipL+SrqfReoIekeIEwmGH72oeqX63mwUw==
+detective-postcss@^6.0.1, detective-postcss@^6.1.0:
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/detective-postcss/-/detective-postcss-6.1.0.tgz#01ca6f83dbc3158540fb0e6a6c631f3998946e54"
+  integrity sha512-ZFZnEmUrL2XHAC0j/4D1fdwZbo/anAcK84soJh7qc7xfx2Kc8gFO5Bk5I9jU7NLC/OAF1Yho1GLxEDnmQnRH2A==
   dependencies:
     is-url "^1.2.4"
-    postcss "^8.4.6"
-    postcss-values-parser "^5.0.0"
+    postcss "^8.4.12"
+    postcss-values-parser "^6.0.2"
 
 detective-sass@^3.0.1:
   version "3.0.2"
@@ -2221,6 +2282,14 @@ detective-sass@^3.0.1:
     gonzales-pe "^4.3.0"
     node-source-walk "^4.0.0"
 
+detective-sass@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/detective-sass/-/detective-sass-4.0.1.tgz#2a9e303a0bd472d00aaa79512334845e3acbaffc"
+  integrity sha512-80zfpxux1krOrkxCHbtwvIs2gNHUBScnSqlGl0FvUuHVz8HD6vD2ov66OroMctyvzhM67fxhuEeVjIk18s6yTQ==
+  dependencies:
+    gonzales-pe "^4.3.0"
+    node-source-walk "^5.0.0"
+
 detective-scss@^2.0.1:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/detective-scss/-/detective-scss-2.0.2.tgz#7d2a642616d44bf677963484fa8754d9558b8235"
@@ -2229,11 +2298,24 @@ detective-scss@^2.0.1:
     gonzales-pe "^4.3.0"
     node-source-walk "^4.0.0"
 
+detective-scss@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/detective-scss/-/detective-scss-3.0.0.tgz#c3c7bc4799f51515a4f0ed1e8ca491151364230f"
+  integrity sha512-37MB/mhJyS45ngqfzd6eTbuLMoDgdZnH03ZOMW2m9WqJ/Rlbuc8kZAr0Ypovaf1DJiTRzy5mmxzOTja85jbzlA==
+  dependencies:
+    gonzales-pe "^4.3.0"
+    node-source-walk "^5.0.0"
+
 detective-stylus@^1.0.0:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/detective-stylus/-/detective-stylus-1.0.3.tgz#20a702936c9fd7d4203fd7a903314b5dd43ac713"
   integrity sha512-4/bfIU5kqjwugymoxLXXLltzQNeQfxGoLm2eIaqtnkWxqbhap9puDVpJPVDx96hnptdERzS5Cy6p9N8/08A69Q==
 
+detective-stylus@^2.0.0, detective-stylus@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/detective-stylus/-/detective-stylus-2.0.1.tgz#d528dfa7ef3c4eb2fbc9a7249d54906ec4e05d09"
+  integrity sha512-/Tvs1pWLg8eYwwV6kZQY5IslGaYqc/GACxjcaGudiNtN5nKCH6o2WnJK3j0gA3huCnoQcbv8X7oz/c1lnvE3zQ==
+
 detective-typescript@^7.0.0:
   version "7.0.2"
   resolved "https://registry.yarnpkg.com/detective-typescript/-/detective-typescript-7.0.2.tgz#c6e00b4c28764741ef719662250e6b014a5f3c8e"
@@ -2244,6 +2326,16 @@ detective-typescript@^7.0.0:
     node-source-walk "^4.2.0"
     typescript "^3.9.10"
 
+detective-typescript@^9.0.0:
+  version "9.0.0"
+  resolved "https://registry.yarnpkg.com/detective-typescript/-/detective-typescript-9.0.0.tgz#57d674cec49ec775460ab975b5bcbb5c2d32ff8e"
+  integrity sha512-lR78AugfUSBojwlSRZBeEqQ1l8LI7rbxOl1qTUnGLcjZQDjZmrZCb7R46rK8U8B5WzFvJrxa7fEBA8FoD/n5fA==
+  dependencies:
+    "@typescript-eslint/typescript-estree" "^5.13.0"
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+    typescript "^4.5.5"
+
 dezalgo@^1.0.0:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/dezalgo/-/dezalgo-1.0.4.tgz#751235260469084c132157dfa857f386d4c33d81"
@@ -2937,6 +3029,14 @@ get-amd-module-type@^3.0.0:
     ast-module-types "^3.0.0"
     node-source-walk "^4.2.2"
 
+get-amd-module-type@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/get-amd-module-type/-/get-amd-module-type-4.0.0.tgz#3d4e5b44eec81f8337157d7c52c4fa9389aff78b"
+  integrity sha512-GbBawUCuA2tY8ztiMiVo3e3P95gc2TVrfYFfpUHdHQA8WyxMCckK29bQsVKhYX8SUf+w6JLhL2LG8tSC0ANt9Q==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
 get-caller-file@^1.0.1:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-1.0.3.tgz#f978fa4c90d1dfe7ff2d6beda2a515e713bdcf4a"
@@ -3148,13 +3248,6 @@ graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
   integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
 
-graphviz@0.0.9:
-  version "0.0.9"
-  resolved "https://registry.yarnpkg.com/graphviz/-/graphviz-0.0.9.tgz#0bbf1df588c6a92259282da35323622528c4bbc4"
-  integrity sha512-SmoY2pOtcikmMCqCSy2NO1YsRfu9OO0wpTlOYW++giGjfX1a6gax/m1Fo8IdUd0/3H15cTOfR1SMKwohj4LKsg==
-  dependencies:
-    temp "~0.4.0"
-
 handlebars@^4.7.6:
   version "4.7.7"
   resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
@@ -4167,31 +4260,32 @@ macos-release@^2.2.0:
   resolved "https://registry.yarnpkg.com/macos-release/-/macos-release-2.5.0.tgz#067c2c88b5f3fb3c56a375b2ec93826220fa1ff2"
   integrity sha512-EIgv+QZ9r+814gjJj0Bt5vSLJLzswGmSUbUpbi9AIr/fsN2IWFBl2NucV9PAiek+U1STK468tEkxmVYUtuAN3g==
 
-madge@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/madge/-/madge-5.0.1.tgz#2096d9006558ea0669b3ade89c2cda708a24e22b"
-  integrity sha512-krmSWL9Hkgub74bOjnjWRoFPAJvPwSG6Dbta06qhWOq6X/n/FPzO3ESZvbFYVIvG2g4UHXvCJN1b+RZLaSs9nA==
+madge@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/madge/-/madge-6.0.0.tgz#d17d68d1023376318cae89abd16629d329f4ed0a"
+  integrity sha512-dddxP62sj5pL+l9MJnq9C34VFqmRj+2+uSOdn/7lOTSliLRH0WyQ8uCEF3VxkPRNOBvMKK2xumnIE15HRSAL9A==
   dependencies:
     chalk "^4.1.1"
     commander "^7.2.0"
     commondir "^1.0.1"
     debug "^4.3.1"
-    dependency-tree "^8.1.1"
-    detective-amd "^3.1.0"
-    detective-cjs "^3.1.1"
-    detective-es6 "^2.2.0"
+    dependency-tree "^9.0.0"
+    detective-amd "^4.0.1"
+    detective-cjs "^4.0.0"
+    detective-es6 "^3.0.0"
     detective-less "^1.0.2"
-    detective-postcss "^5.0.0"
-    detective-sass "^3.0.1"
-    detective-scss "^2.0.1"
-    detective-stylus "^1.0.0"
-    detective-typescript "^7.0.0"
-    graphviz "0.0.9"
+    detective-postcss "^6.1.0"
+    detective-sass "^4.0.1"
+    detective-scss "^3.0.0"
+    detective-stylus "^2.0.1"
+    detective-typescript "^9.0.0"
     ora "^5.4.1"
     pluralize "^8.0.0"
     precinct "^8.1.0"
     pretty-ms "^7.0.1"
     rc "^1.2.7"
+    stream-to-array "^2.3.0"
+    ts-graphviz "^1.5.0"
     typescript "^3.9.5"
     walkdir "^0.4.1"
 
@@ -4481,6 +4575,14 @@ module-definition@^3.3.1:
     ast-module-types "^3.0.0"
     node-source-walk "^4.0.0"
 
+module-definition@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/module-definition/-/module-definition-4.0.0.tgz#5b39cca9be28c5b0fec768eb2d9fd8de08a2550b"
+  integrity sha512-wntiAHV4lDn24BQn2kX6LKq0y85phHLHiv3aOPDF+lIs06kVjEMTe/ZTdrbVLnQV5FQsjik21taknvMhKY1Cug==
+  dependencies:
+    ast-module-types "^3.0.0"
+    node-source-walk "^5.0.0"
+
 module-lookup-amd@^7.0.1:
   version "7.0.1"
   resolved "https://registry.yarnpkg.com/module-lookup-amd/-/module-lookup-amd-7.0.1.tgz#d67c1a93f2ff8e38b8774b99a638e9a4395774b2"
@@ -4616,6 +4718,13 @@ node-source-walk@^4.0.0, node-source-walk@^4.2.0, node-source-walk@^4.2.2:
   dependencies:
     "@babel/parser" "^7.0.0"
 
+node-source-walk@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/node-source-walk/-/node-source-walk-5.0.0.tgz#7cf93a0d12408081531fc440a00d7019eb3d5665"
+  integrity sha512-58APXoMXpmmU+oVBJFajhTCoD8d/OGtngnVAWzIo2A8yn0IXwBzvIVIsTzoie/SrA37u+1hnpNz2HMWx/VIqlw==
+  dependencies:
+    "@babel/parser" "^7.0.0"
+
 "nopt@2 || 3":
   version "3.0.6"
   resolved "https://registry.yarnpkg.com/nopt/-/nopt-3.0.6.tgz#c6465dbf08abcd4db359317f79ac68a646b28ff9"
@@ -5246,16 +5355,16 @@ postcss-values-parser@^2.0.1:
     indexes-of "^1.0.1"
     uniq "^1.0.1"
 
-postcss-values-parser@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/postcss-values-parser/-/postcss-values-parser-5.0.0.tgz#10c61ac3f488e4de25746b829ea8d8894e9ac3d2"
-  integrity sha512-2viDDjMMrt21W2izbeiJxl3kFuD/+asgB0CBwPEgSyhCmBnDIa/y+pLaoyX+q3I3DHH0oPPL3cgjVTQvlS1Maw==
+postcss-values-parser@^6.0.2:
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/postcss-values-parser/-/postcss-values-parser-6.0.2.tgz#636edc5b86c953896f1bb0d7a7a6615df00fb76f"
+  integrity sha512-YLJpK0N1brcNJrs9WatuJFtHaV9q5aAOj+S4DI5S7jgHlRfm0PIbDCAFRYMQD5SHq7Fy6xsDhyutgS0QOAs0qw==
   dependencies:
     color-name "^1.1.4"
     is-url-superb "^4.0.0"
     quote-unquote "^1.0.0"
 
-postcss@^8.1.7, postcss@^8.4.6:
+postcss@^8.1.7:
   version "8.4.16"
   resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.16.tgz#33a1d675fac39941f5f445db0de4db2b6e01d43c"
   integrity sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==
@@ -5264,7 +5373,16 @@ postcss@^8.1.7, postcss@^8.4.6:
     picocolors "^1.0.0"
     source-map-js "^1.0.2"
 
-precinct@^8.0.0, precinct@^8.1.0:
+postcss@^8.4.12:
+  version "8.4.21"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.21.tgz#c639b719a57efc3187b13a1d765675485f4134f4"
+  integrity sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==
+  dependencies:
+    nanoid "^3.3.4"
+    picocolors "^1.0.0"
+    source-map-js "^1.0.2"
+
+precinct@^8.1.0:
   version "8.3.1"
   resolved "https://registry.yarnpkg.com/precinct/-/precinct-8.3.1.tgz#94b99b623df144eed1ce40e0801c86078466f0dc"
   integrity sha512-pVppfMWLp2wF68rwHqBIpPBYY8Kd12lDhk8LVQzOwqllifVR15qNFyod43YLyFpurKRZQKnE7E4pofAagDOm2Q==
@@ -5283,6 +5401,24 @@ precinct@^8.0.0, precinct@^8.1.0:
     module-definition "^3.3.1"
     node-source-walk "^4.2.0"
 
+precinct@^9.0.0:
+  version "9.0.1"
+  resolved "https://registry.yarnpkg.com/precinct/-/precinct-9.0.1.tgz#64e7ea0de4bea1b73572e50531dfe297c7b8a7c7"
+  integrity sha512-hVNS6JvfvlZ64B3ezKeGAcVhIuOvuAiSVzagHX/+KjVPkYWoCNkfyMgCl1bjDtAFQSlzi95NcS9ykUWrl1L1vA==
+  dependencies:
+    commander "^9.1.0"
+    detective-amd "^4.0.1"
+    detective-cjs "^4.0.0"
+    detective-es6 "^3.0.0"
+    detective-less "^1.0.2"
+    detective-postcss "^6.0.1"
+    detective-sass "^4.0.1"
+    detective-scss "^3.0.0"
+    detective-stylus "^2.0.0"
+    detective-typescript "^9.0.0"
+    module-definition "^4.0.0"
+    node-source-walk "^5.0.0"
+
 prelude-ls@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396"
@@ -6168,6 +6304,13 @@ stream-shift@^1.0.0:
   resolved "https://registry.yarnpkg.com/stream-shift/-/stream-shift-1.0.1.tgz#d7088281559ab2778424279b0877da3c392d5a3d"
   integrity sha512-AiisoFqQ0vbGcZgQPY1cdP2I76glaVA/RauYR4G4thNFgkTqr90yXTo4LYX60Jl+sIlPNHHdGSwo01AvbKUSVQ==
 
+stream-to-array@^2.3.0:
+  version "2.3.0"
+  resolved "https://registry.yarnpkg.com/stream-to-array/-/stream-to-array-2.3.0.tgz#bbf6b39f5f43ec30bc71babcb37557acecf34353"
+  integrity sha512-UsZtOYEn4tWU2RGLOXr/o/xjRBftZRlG3dEWoaHr8j4GuypJ3isitGbVyjQKAuMu+xbiop8q224TjiZWc4XTZA==
+  dependencies:
+    any-promise "^1.1.0"
+
 strict-uri-encode@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546"
@@ -6401,11 +6544,6 @@ temp-write@^3.4.0:
     temp-dir "^1.0.0"
     uuid "^3.0.1"
 
-temp@~0.4.0:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/temp/-/temp-0.4.0.tgz#671ad63d57be0fe9d7294664b3fc400636678a60"
-  integrity sha512-IsFisGgDKk7qzK9erMIkQe/XwiSUdac7z3wYOsjcLkhPBy3k1SlvLoIh2dAHIlEpgA971CgguMrx9z8fFg7tSA==
-
 text-extensions@^1.0.0:
   version "1.9.0"
   resolved "https://registry.yarnpkg.com/text-extensions/-/text-extensions-1.9.0.tgz#1853e45fee39c945ce6f6c36b2d659b5aabc2a26"
@@ -6523,6 +6661,11 @@ trim-newlines@^3.0.0:
   resolved "https://registry.yarnpkg.com/trim-newlines/-/trim-newlines-3.0.1.tgz#260a5d962d8b752425b32f3a7db0dcacd176c144"
   integrity sha512-c1PTsA3tYrIsLGkJkzHF+w9F2EyxfXGo4UyJc4pFL++FMjnq0HJS69T3M7d//gKrFKwy429bouPescbjecU+Zw==
 
+ts-graphviz@^1.5.0:
+  version "1.5.4"
+  resolved "https://registry.yarnpkg.com/ts-graphviz/-/ts-graphviz-1.5.4.tgz#61a3059afeac4f6d4be3c6729a4d88546ca9e095"
+  integrity sha512-oxhI6wfPQBJC8WSiP0AjDI8z+9hcc9yl1etaynQJmQ2Yivn0KlT0oImLzJct7Es0TR/6xphzvJBAhGzgOjTGmQ==
+
 tsconfig-paths@^3.10.1:
   version "3.14.1"
   resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a"
@@ -6606,6 +6749,11 @@ typescript@^3.9.10, typescript@^3.9.5, typescript@^3.9.7:
   resolved "https://registry.yarnpkg.com/typescript/-/typescript-3.9.10.tgz#70f3910ac7a51ed6bef79da7800690b19bf778b8"
   integrity sha512-w6fIxVE/H1PkLKcCPsFqKE7Kv7QUwhU8qQY2MueZXWx5cPZdwFupLgKK3vntcK98BtNHZtAF4LA/yl2a7k8R6Q==
 
+typescript@^4.0.0, typescript@^4.5.5:
+  version "4.9.5"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.5.tgz#095979f9bcc0d09da324d58d03ce8f8374cbe65a"
+  integrity sha512-1FXk9E2Hm+QzZQ7z+McJiHL4NW1F2EzMu9Nq9i3zAaGqibafqYwCVU6WyWAuyQRRzOlxou8xZSyXLEN8oKj24g==
+
 uglify-js@^3.1.4:
   version "3.16.1"
   resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.16.1.tgz#0e7ec928b3d0b1e1d952bce634c384fd56377317"