diff --git a/docs/assets/images/deploystack/deploystack-iac-flow-via-github-app.webp b/docs/assets/images/deploystack/deploystack-iac-flow-via-github-app.webp
deleted file mode 100644
index 5d508fc..0000000
Binary files a/docs/assets/images/deploystack/deploystack-iac-flow-via-github-app.webp and /dev/null differ
diff --git a/docs/assets/images/deploystack/iac-lifecycle.drawio.svg b/docs/assets/images/deploystack/iac-lifecycle.drawio.svg
deleted file mode 100644
index 1be411a..0000000
--- a/docs/assets/images/deploystack/iac-lifecycle.drawio.svg
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Do not edit this file with editors other than diagrams.net -->
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="701px" height="281px" viewBox="-0.5 -0.5 701 281" content="&lt;mxfile host=&quot;Electron&quot; modified=&quot;2025-01-01T11:29:49.877Z&quot; agent=&quot;5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/20.3.0 Chrome/104.0.5112.114 Electron/20.1.3 Safari/537.36&quot; etag=&quot;3V4dlYKFwf43ZYONJMyE&quot; version=&quot;20.3.0&quot; type=&quot;device&quot;&gt;&lt;diagram id=&quot;4JMzsYXdFfdS60jvqWZ1&quot; name=&quot;IaC Lifecycle&quot;&gt;7Vpdc+MmFP01fkxGH5GcPMZ2mu2MN5vG2+mmb1hgiQYJDUKxlV/fi0CWZOx8dO0knfWMJ2MOIOCeA/cIZ+CP09W1QHnylWPCBp6DVwN/MvC88+Ac/iqg0kBw7mkgFhRryG2BGX0iBnQMWlJMil5DyTmTNO+DEc8yEskehoTgy36zBWf9UXMUEwuYRYjZ6F8Uy8Qsyxu2+BdC46QZ2Q0vdE2KmsZmJUWCMF92IP9q4I8F51J/S1djwlTsmrjofr/tqF1PTJBMvqbD+O+b/O5qdfPtJnvySH7/x01anZinPCJWmgX/nlFJkeo4I7LMzdxl1QSkWNKUoQxKowXP5MzUuFCOEsrwFFW8VBMqJIoemtIo4YI+QXt4sm4M1UIavn2n12KmegKsUEEKaHPbrNLdgL6iVa/hFBXSABFnDOUFna/nlyIR02zEpeSpaWSWT4Qkq51xdddsgcoJT4kUFTQxHc4Mv1W/uGzV4jkGS7pKaXSBjELj9ZPXg92BolEWwwLeMJq7bTR/YzDEJBEZkmTEywwXXeHAl84yW6iW0xuk5VnSGgsCIwJ2iknOeFUrRJ0NVMBCuV56T2zAiqy1IvgDGXPGBeAZ1+qjjDUQJgtUMtUUMRpngDCyUEXFLIXdfGnglGKsHj4qchTRLJ7WzSZnLXJngqYgDt0XrN60CXQk8IRRzmkm6ygGI/hAXMfOaTAIYLpjKLttGT6quZBjnsEKEK31REChS6JUOhJcIom0Pl8txt3b2FZo1Sf/JUluiqSryJ463ioF35LCJcYATHj0QIQ+vRc0LgWSFGJ1lMFBZBB+tAzOLBnMynlKZZ3T1TnQngqnlB9VcBAVXHy0CgJLBd9JmjOdGa5JRvQpMPDCmsM5nA9hLOuIGKQBcH18nEh+QlHU1MKc5m0PJ+W4VPlzQ0tCpT2CjTFYJlSSGVCuapfgY5UdkWljVfZgEnyvn7eHW/J2uIWF8FAsuEMrJgSD8zVFEGrCY54hdtWiozZqSqFtmynnuYnVP0TKytg6VMK27kUSoiWqH6Z/XbhXBdgipjhZdSsnVW8zqAk+H39YDy9FRJ5ZeKjbgfuMybO7KNxOqCAgVfrYn8je6QmtTfJnjvUW+S5oHBNhZ8mjM3/ema+PuZ+y5j9F69Ci9Y7kvKDa/DrjBNw+Ofqf/5r5dmzZz2KDzy32bwV/pLi2wHp/H7k/DPcf7n0vbO8LTpekR+YPzPyH+93mJrNDvX7ROZHG9wL1jm13u5lhM9MnKFdfo4pRMGTCf9nDzrV1m87XAGTyuDZ030oJj2lScaETvxvsJwcH5y9fWG0zvofLwa5952lb4QxfqstjFWOGioJGGz52ReWPzveOi4VSa2JVofGwn8D7NhfoL3nfYDulHc6CLZQ12Ps4ZNe+X/xVaAxeSaPr/B94tG+FLB6jUjyuX9ZfJHVNUMvJfbduB0F16ZYICusiokP9WxWyzw372aiuR4Dwo6rTwLiCdgK3CmhzQBhuvIiFzoZs9BN39B72e/ubmUFH0fTa/+8Y7i95YXW2kbe3vT29842V/fpkH/iHv8La5+5+9V3UjoT8Tie0fRl1TeWXElTrXOY5g1cMrf8Plqz3jpKFYvvLvT5p2n9/8K/+BQ==&lt;/diagram&gt;&lt;/mxfile&gt;"><defs><clipPath id="mx-clip-4-30-192-30-0"><rect x="4" y="30" width="192" height="30"/></clipPath><clipPath id="mx-clip-4-60-192-30-0"><rect x="4" y="60" width="192" height="30"/></clipPath><clipPath id="mx-clip-4-90-192-30-0"><rect x="4" y="90" width="192" height="30"/></clipPath><clipPath id="mx-clip-4-190-192-30-0"><rect x="4" y="190" width="192" height="30"/></clipPath><clipPath id="mx-clip-4-220-192-30-0"><rect x="4" y="220" width="192" height="30"/></clipPath><clipPath id="mx-clip-4-250-192-30-0"><rect x="4" y="250" width="192" height="30"/></clipPath></defs><g><path d="M 0 30 L 0 0 L 200 0 L 200 30" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 0 30 L 0 120 L 200 120 L 200 30" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 0 30 L 200 30" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" font-weight="bold" pointer-events="none" text-anchor="middle" font-size="12px"><text x="99.5" y="19.5">Initial Setup</text></g><rect x="0" y="30" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-30-192-30-0)" font-size="12px"><text x="5.5" y="49.5">Create .deploystack directory</text></g><rect x="0" y="60" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-60-192-30-0)" font-size="12px"><text x="5.5" y="79.5">Add Docker configurations</text></g><rect x="0" y="90" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-90-192-30-0)" font-size="12px"><text x="5.5" y="109.5">Submit to deploystack.io</text></g><rect x="280" y="30" width="160" height="60" rx="9" ry="9" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="none"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 60px; margin-left: 281px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: none; white-space: normal; overflow-wrap: normal;">Template Generation<br /><b>docker-to-iac</b> module</div></div></div></foreignObject><text x="360" y="64" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Template Generation...</text></switch></g><path d="M 200 220 L 233.63 220" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 238.88 220 L 231.88 223.5 L 233.63 220 L 231.88 216.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 0 190 L 0 160 L 200 160 L 200 190" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 0 190 L 0 280 L 200 280 L 200 190" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 0 190 L 200 190" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" font-weight="bold" pointer-events="none" text-anchor="middle" font-size="12px"><text x="99.5" y="179.5">Update Triggers</text></g><rect x="0" y="190" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-190-192-30-0)" font-size="12px"><text x="5.5" y="209.5">Repository Changes</text></g><rect x="0" y="220" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-220-192-30-0)" font-size="12px"><text x="5.5" y="239.5">Provider Updates</text></g><rect x="0" y="250" width="200" height="30" fill="rgb(255, 255, 255)" stroke="none" pointer-events="none"/><g fill="rgb(0, 0, 0)" font-family="Helvetica" pointer-events="none" clip-path="url(#mx-clip-4-250-192-30-0)" font-size="12px"><text x="5.5" y="269.5">System Updates</text></g><path d="M 540 15 C 540 6.72 575.82 0 620 0 C 641.22 0 661.57 1.58 676.57 4.39 C 691.57 7.21 700 11.02 700 15 L 700 105 C 700 113.28 664.18 120 620 120 C 575.82 120 540 113.28 540 105 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 700 15 C 700 23.28 664.18 30 620 30 C 575.82 30 540 23.28 540 15" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 73px; margin-left: 541px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: none; white-space: normal; overflow-wrap: normal;">deploy-templates <br />Repository</div></div></div></foreignObject><text x="620" y="76" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">deploy-templates...</text></switch></g><path d="M 200 60 L 273.63 60" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 278.88 60 L 271.88 63.5 L 273.63 60 L 271.88 56.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 440 60 L 533.63 60" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 538.88 60 L 531.88 63.5 L 533.63 60 L 531.88 56.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 600 220 Q 620 220 620 126.37" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 620 121.12 L 623.5 128.12 L 620 126.37 L 616.5 128.12 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><rect x="440" y="190" width="160" height="60" rx="9" ry="9" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="none"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 220px; margin-left: 441px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: none; white-space: normal; overflow-wrap: normal;">Template Generation<br /><b>docker-to-iac</b> module</div></div></div></foreignObject><text x="520" y="224" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Template Generation...</text></switch></g><path d="M 400 220 L 433.63 220" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><path d="M 438.88 220 L 431.88 223.5 L 433.63 220 L 431.88 216.5 Z" fill="rgb(0, 0, 0)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="none"/><rect x="240" y="190" width="160" height="60" rx="9" ry="9" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="none"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 158px; height: 1px; padding-top: 220px; margin-left: 241px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: none; white-space: normal; overflow-wrap: normal;">GitHub Application</div></div></div></foreignObject><text x="320" y="224" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">GitHub Application</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/assets/images/deploystack/iac-lifecycle.webp b/docs/assets/images/deploystack/iac-lifecycle.webp
deleted file mode 100644
index 3e40e44..0000000
Binary files a/docs/assets/images/deploystack/iac-lifecycle.webp and /dev/null differ
diff --git a/docs/development/backend/api-security.mdx b/docs/development/backend/api-security.mdx
index 5f2ece2..c248a0f 100644
--- a/docs/development/backend/api-security.mdx
+++ b/docs/development/backend/api-security.mdx
@@ -238,6 +238,9 @@ requireOAuthScope('scope.name')               // Enforce OAuth2 scope requiremen
 // Satellite authentication (API key-based)
 requireSatelliteAuth()                        // Validates satellite API keys using argon2
 requireUserOrSatelliteAuth()                  // Accept either user auth or satellite API key
+
+// Registration token authentication (specialized)
+validateRegistrationToken()                   // Validates JWT registration tokens for satellite pairing
 ```
 
 ### Dual Authentication Support
@@ -342,6 +345,44 @@ interface SatelliteContext {
 - **Key Rotation**: New API key generated on each satellite registration
 - **Scope Isolation**: Satellites can only access their own resources and endpoints
 
+### Registration Token Authentication
+
+For satellite registration security, the system uses specialized JWT-based registration tokens that follow a different security model than regular user authentication.
+
+#### Registration Token Middleware
+
+The `validateRegistrationToken()` middleware (located in `src/middleware/registrationTokenMiddleware.ts`) provides secure satellite registration through:
+
+- **JWT Validation**: Cryptographically signed tokens with HMAC-SHA256
+- **Single-Use Enforcement**: Tokens consumed after successful registration
+- **Scope Validation**: Global vs team token verification
+- **Security Event Logging**: Failed attempts monitored and logged
+
+#### Token Format and Usage
+
+Registration tokens follow specific prefixes:
+- `deploystack_satellite_global_` for DeployStack-operated satellites
+- `deploystack_satellite_team_` for customer-deployed team satellites
+
+Tokens are passed via standard Authorization header: `Bearer deploystack_satellite_*`
+
+#### Error Response Pattern
+
+Unlike regular authentication errors, registration token failures provide specific instructions:
+
+```typescript
+{
+  "success": false,
+  "error": "registration_token_required",
+  "message": "Registration token required in Authorization header",
+  "instructions": "Set Authorization: Bearer <registration_token> header"
+}
+```
+
+#### Usage Context
+
+Registration token authentication is exclusively used for the `/api/satellites/register` endpoint. It should not be used for regular API endpoints, which use the standard authentication methods above.
+
 ### Team-Aware Permission System
 
 For endpoints that operate within team contexts (e.g., `/teams/:teamId/resource`), use the team-aware permission middleware:
diff --git a/docs/development/backend/api.mdx b/docs/development/backend/api.mdx
index 0c17983..847363d 100644
--- a/docs/development/backend/api.mdx
+++ b/docs/development/backend/api.mdx
@@ -16,7 +16,7 @@ The DeployStack Backend uses Fastify with Swagger plugins to automatically gener
 - **Automated Generation**: Specifications are generated from actual route code
 - **Type Safety**: TypeScript interfaces provide compile-time checking
 
-## 🔒 Security First
+## Security First
 
 **IMPORTANT**: Before developing any protected API endpoints, read the [API Security Best Practices](/development/backend/api-security) documentation. It covers critical security patterns including:
 
@@ -27,11 +27,11 @@ The DeployStack Backend uses Fastify with Swagger plugins to automatically gener
 
 **Key Rule**: Always use `preValidation` for authorization checks to prevent information disclosure to unauthorized users.
 
-## 🔐 Dual Authentication Support
+## Authentication Methods
 
-The DeployStack Backend supports **dual authentication** for API endpoints, allowing both web users (cookie-based) and CLI users (OAuth2 Bearer tokens) to access the same endpoints seamlessly.
+The DeployStack Backend supports **multiple authentication methods** for different use cases, allowing web users, CLI users, and satellites to access appropriate endpoints.
 
-### Authentication Methods
+### Standard Authentication Methods
 
 1. **Cookie Authentication** (Web Users)
    - Session-based authentication using HTTP cookies
@@ -43,7 +43,13 @@ The DeployStack Backend supports **dual authentication** for API endpoints, allo
    - Uses `Authorization: Bearer <token>` header
    - Scope-based access control
 
-### Dual Authentication Middleware
+3. **Registration Token Authentication** (Satellite Registration)
+   - Specialized JWT-based tokens for secure satellite pairing
+   - Uses `Authorization: Bearer deploystack_satellite_*` header pattern
+   - Single-use tokens with scope validation (global vs team)
+   - Exclusively for `/api/satellites/register` endpoint
+
+### Multi-Authentication Middleware
 
 Use these middleware functions to enable dual authentication on endpoints:
 
@@ -409,13 +415,13 @@ export default async function yourRoute(server: FastifyInstance) {
 ```
 
 **Key Requirements:**
-- ✅ **Parameter name**: `server: FastifyInstance` (not `fastify`)
-- ✅ **Method calls**: `server.post()` (not `fastify.post()`)
-- ✅ **preValidation first**: Authorization before schema
-- ✅ **Reusable schemas**: Define schema constants at the top
-- ✅ **Single source**: Same schema for both `body` and `requestBody`
-- ✅ **TypeScript interfaces**: Provide type safety
-- ✅ **Manual JSON serialization**: Use `JSON.stringify()` for responses
+-  **Parameter name**: `server: FastifyInstance` (not `fastify`)
+-  **Method calls**: `server.post()` (not `fastify.post()`)
+-  **preValidation first**: Authorization before schema
+-  **Reusable schemas**: Define schema constants at the top
+-  **Single source**: Same schema for both `body` and `requestBody`
+-  **TypeScript interfaces**: Provide type safety
+-  **Manual JSON serialization**: Use `JSON.stringify()` for responses
 
 ### Registration in index.ts
 
@@ -451,15 +457,15 @@ export const registerRoutes = (server: FastifyInstance): void => {
 }
 ```
 
-### ✅ What TO Do
+###  What TO Do
 
 ```typescript
-// ✅ GOOD: Import and register separate route files
+//  GOOD: Import and register separate route files
 import myEndpointRoute from './my-endpoint'
 
 export const registerRoutes = (server: FastifyInstance): void => {
   server.register(async (apiInstance) => {
-    // ✅ GOOD: Register imported route
+    //  GOOD: Register imported route
     await apiInstance.register(myEndpointRoute);
   }, { prefix: '/api' });
 }
@@ -479,7 +485,7 @@ export const registerRoutes = (server: FastifyInstance): void => {
 
 **IMPORTANT**: The `Content-Type: application/json` header is required for specific HTTP methods when sending request body data.
 
-#### ✅ ALWAYS Include Content-Type for:
+####  ALWAYS Include Content-Type for:
 - **POST** requests with request body data
 - **PUT** requests with request body data  
 - **PATCH** requests with request body data
@@ -699,7 +705,7 @@ export default async function yourRoute(server: FastifyInstance) {
 ### Required Response Pattern
 
 ```typescript
-// ✅ CORRECT: Manual JSON serialization
+//  CORRECT: Manual JSON serialization
 const successResponse: SuccessResponse = {
   success: true,
   message: 'Operation completed successfully',
@@ -728,7 +734,7 @@ return reply.status(200).send(response);
 All error responses must also use manual JSON serialization:
 
 ```typescript
-// ✅ CORRECT: Error response with manual serialization
+//  CORRECT: Error response with manual serialization
 const errorResponse: ErrorResponse = {
   success: false,
   error: 'Detailed error message'
@@ -742,7 +748,7 @@ return reply.status(400).type('application/json').send(jsonString);
 Authentication middleware and hooks must also use this pattern:
 
 ```typescript
-// ✅ CORRECT: Authentication error with manual serialization
+//  CORRECT: Authentication error with manual serialization
 const errorResponse = {
   success: false,
   error: 'Unauthorized: Authentication required.'
@@ -754,11 +760,11 @@ return reply.status(401).type('application/json').send(jsonString);
 ### Why This Pattern is Required
 
 The manual JSON serialization pattern ensures:
-- ✅ Consistent, parseable JSON responses
-- ✅ Proper `success`/`error` properties in all responses
-- ✅ Reliable client-server communication
-- ✅ Passing e2e tests
-- ✅ No `"[object Object]"` serialization issues
+-  Consistent, parseable JSON responses
+-  Proper `success`/`error` properties in all responses
+-  Reliable client-server communication
+-  Passing e2e tests
+-  No `"[object Object]"` serialization issues
 
 ### Why Both `body` and `requestBody` Properties?
 
@@ -790,7 +796,7 @@ if (request.body.type !== 'mysql' && request.body.type !== 'sqlite') {
 }
 ```
 
-✅ **Do trust Fastify's automatic validation:**
+ **Do trust Fastify's automatic validation:**
 
 ```typescript
 // GOOD: Trust the validation - if handler runs, data is valid
diff --git a/docs/development/backend/auth.mdx b/docs/development/backend/auth.mdx
index 8cdd1ba..5185896 100644
--- a/docs/development/backend/auth.mdx
+++ b/docs/development/backend/auth.mdx
@@ -114,15 +114,14 @@ Enforces authentication on protected routes:
 
 ### Email Registration Process
 
-1. **Validation**: Input validation using Zod schemas
-2. **Uniqueness Check**: Verify username and email availability
-3. **Password Hashing**: Secure hash generation with Argon2
-4. **User Creation**: Database insertion with role assignment
-5. **First User Logic**: Automatic global_admin role for first user
-6. **Email Verification**: Send verification email (if enabled)
-7. **Team Creation**: Automatic default team creation
-8. **Session Creation**: Immediate login after registration
-9. **Response**: User data and success message
+1. **Uniqueness Check**: Verify username and email availability
+2. **Password Hashing**: Secure hash generation with Argon2
+3. **User Creation**: Database insertion with role assignment
+4. **First User Logic**: Automatic global_admin role for first user
+5. **Email Verification**: Send verification email (if enabled)
+6. **Team Creation**: Automatic default team creation
+7. **Session Creation**: Immediate login after registration
+8. **Response**: User data and success message
 
 ### Role Assignment
 
@@ -227,7 +226,6 @@ Endpoints can accept either authentication method using `requireAuthenticationAn
 
 ### Validation and Sanitization
 
-- **Input Validation**: All inputs validated with Zod schemas
 - **Email Normalization**: Lowercase conversion before storage
 - **SQL Injection Prevention**: Parameterized queries via Drizzle ORM
 - **XSS Prevention**: httpOnly cookies, no client-side session access
diff --git a/docs/development/backend/database.mdx b/docs/development/backend/database.mdx
index 6ded987..37942bf 100644
--- a/docs/development/backend/database.mdx
+++ b/docs/development/backend/database.mdx
@@ -170,6 +170,123 @@ export default async function yourRoute(server: FastifyInstance) {
 
 **Avoid:** Direct usage of `server.db` as it can cause "Cannot read properties of null" errors.
 
+## Database Driver Compatibility
+
+⚠️ **Critical for Multi-Database Applications**: Understanding driver differences prevents hours of debugging!
+
+### The Problem: Different Result Property Names
+
+When performing database operations (INSERT, UPDATE, DELETE), different database drivers return different property names in their result objects:
+
+```typescript
+// SQLite (better-sqlite3) result object
+{
+  changes: 1,                    // ← Number of affected rows
+  lastInsertRowid: "abc123"
+}
+
+// Turso (libSQL) result object  
+{
+  rowsAffected: 1,               // ← Number of affected rows
+  lastInsertRowid: "abc123"
+}
+```
+
+**Key Difference:**
+- **SQLite**: Uses `result.changes` to indicate affected rows
+- **Turso**: Uses `result.rowsAffected` to indicate affected rows
+
+### Real-World Impact
+
+This difference caused a production bug where DELETE operations appeared to fail in Turso but worked in SQLite development:
+
+```typescript
+// ❌ WRONG: Only works with SQLite
+const deleted = result.changes > 0;
+
+// ✅ CORRECT: Works with both SQLite and Turso
+const deleted = (result.changes || result.rowsAffected || 0) > 0;
+```
+
+**Symptoms of this bug:**
+- ✅ Works perfectly in development (SQLite)
+- ❌ Fails mysteriously in production (Turso)
+- 🔄 Data actually gets modified, but application thinks it failed
+- 🐛 Users see error messages even though operation succeeded
+
+### DeployStack's Built-in Solution
+
+DeployStack services automatically handle this compatibility issue. For example, in `McpInstallationService.deleteInstallation()`:
+
+```typescript
+// DeployStack handles both drivers automatically
+const deleted = (result.changes || result.rowsAffected || 0) > 0;
+```
+
+### Writing Compatible Database Code
+
+When writing custom database operations, always use the cross-compatible pattern:
+
+```typescript
+// ✅ CORRECT: Multi-driver compatible
+export class MyService {
+  async deleteRecord(id: string): Promise<boolean> {
+    const result = await this.db
+      .delete(myTable)
+      .where(eq(myTable.id, id));
+
+    // Handle both SQLite and Turso drivers
+    return (result.changes || result.rowsAffected || 0) > 0;
+  }
+
+  async updateRecord(id: string, data: any): Promise<boolean> {
+    const result = await this.db
+      .update(myTable)
+      .set(data)
+      .where(eq(myTable.id, id));
+
+    // Same pattern for updates
+    return (result.changes || result.rowsAffected || 0) > 0;
+  }
+}
+```
+
+### Testing Across Database Types
+
+To catch these issues during development:
+
+1. **Test with both databases**: Run your code against both SQLite and Turso
+2. **Use integration tests**: Write tests that verify actual database operations
+3. **Check result objects**: Log result objects during development to see the structure
+
+```typescript
+// Debug logging to see result structure
+const result = await db.delete(table).where(condition);
+console.log('Delete result:', result); // Inspect the actual properties
+```
+
+### Why This Happens
+
+This difference exists because:
+
+- **SQLite/better-sqlite3**: Uses the native SQLite C API which returns `changes`
+- **Turso/libSQL**: Uses the HTTP/WebSocket protocol which standardizes on `rowsAffected`
+
+Both represent the same concept (number of affected rows) but with different property names.
+
+### Prevention Checklist
+
+When writing database operations:
+
+- [ ] Use `(result.changes || result.rowsAffected || 0)` pattern
+- [ ] Test with both SQLite and Turso if possible  
+- [ ] Look for existing DeployStack service patterns to follow
+- [ ] Never assume specific property names exist
+- [ ] Add debug logging when troubleshooting database operations
+
+> **💡 Pro Tip**: This pattern also future-proofs your code for additional database types that DeployStack might support later.
+
+
 ## Database Structure
 
 The database schema is defined in `src/db/schema.sqlite.ts`. This is the **single source of truth** for all database schema definitions and works across all supported database types.
diff --git a/docs/development/backend/global-settings.mdx b/docs/development/backend/global-settings.mdx
index c860280..e171820 100644
--- a/docs/development/backend/global-settings.mdx
+++ b/docs/development/backend/global-settings.mdx
@@ -45,7 +45,6 @@ The system includes an **auto-initialization feature** that automatically create
 - **Encryption Support**: Automatic encryption for sensitive values using AES-256-GCM
 - **Group Metadata**: Display names, descriptions, icons, and sort order for groups
 - **Admin-Only Access**: Only `global_admin` users can manage settings
-- **Type Safety**: Zod schema validation for all inputs
 - **Audit Trail**: Track setting changes with timestamps
 - **Search Functionality**: Find settings by key patterns
 - **Bulk Operations**: Create/update multiple settings at once
diff --git a/docs/development/backend/index.mdx b/docs/development/backend/index.mdx
index b90bd55..427d73d 100644
--- a/docs/development/backend/index.mdx
+++ b/docs/development/backend/index.mdx
@@ -16,7 +16,7 @@ The DeployStack backend is a modern, high-performance Node.js application built
 - **Framework**: Fastify for high-performance HTTP server
 - **Language**: TypeScript for type safety
 - **Database**: SQLite (default) or PostgreSQL with Drizzle ORM
-- **Validation**: Zod for request/response validation and OpenAPI generation
+- **Validation**: JSON Schema for request/response validation and OpenAPI generation
 - **Plugin System**: Extensible architecture with security isolation
 - **Authentication**: Dual authentication system - cookie-based sessions for frontend and OAuth 2.1 for satellite access
 
@@ -38,7 +38,7 @@ The development server starts at `http://localhost:3000` with API documentation
     href="/deploystack/development/backend/api" 
     title="API Documentation"
   >
-    Learn how to generate OpenAPI specifications, use Swagger UI, and implement Zod validation for automatic API documentation.
+    Learn how to generate OpenAPI specifications, use Swagger UI, and implement JSON Schema validation for automatic API documentation.
   </Card>
   
   <Card 
@@ -135,7 +135,7 @@ services/backend/
 - **Lifecycle Management**: Proper initialization and cleanup
 
 ### API Documentation
-- **Automatic Generation**: OpenAPI 3.0 specs from Zod schemas
+- **Automatic Generation**: OpenAPI 3.0 specs from JSON schemas
 - **Interactive Testing**: Swagger UI for API exploration
 - **Type Safety**: Request/response validation with TypeScript
 
diff --git a/docs/development/backend/mail.mdx b/docs/development/backend/mail.mdx
index 54cebaf..9486177 100644
--- a/docs/development/backend/mail.mdx
+++ b/docs/development/backend/mail.mdx
@@ -14,7 +14,6 @@ The email system provides a comprehensive solution for sending templated emails
 - **Nodemailer**: For SMTP email delivery
 - **Pug Templates**: For beautiful, maintainable email templates
 - **Global Settings Integration**: Automatic SMTP configuration from global settings
-- **Zod Validation**: Type-safe email parameter validation
 - **Template Caching**: Performance optimization for template rendering
 
 ## Architecture
@@ -23,7 +22,7 @@ The email system provides a comprehensive solution for sending templated emails
 src/email/
 ├── emailService.ts       # Main email service with SMTP integration
 ├── templateRenderer.ts   # Pug template compilation and rendering
-├── types.ts             # TypeScript interfaces and Zod schemas
+├── types.ts             # TypeScript interfaces schemas
 ├── index.ts             # Module exports
 └── templates/
     ├── layouts/
diff --git a/docs/development/backend/mcp-configuration-architecture.mdx b/docs/development/backend/mcp-configuration-architecture.mdx
index cea646f..a52e75b 100644
--- a/docs/development/backend/mcp-configuration-architecture.mdx
+++ b/docs/development/backend/mcp-configuration-architecture.mdx
@@ -44,14 +44,13 @@ Traditional MCP configurations assume a single user per installation. DeployStac
 **Team Setup:**
 - Team: "DevOps Team" 
 - Members: User A, User B
-- Devices: Each user has laptop + desktop
-- Total Configurations: 4 different configurations for the same MCP server
+- Total Configurations: 2 different user configurations for the same MCP server
 
 **User Requirements:**
-- User A needs access to `/Users/userA/Desktop`
-- User B needs access to `/Users/userB/Desktop` and `/Users/userB/Projects`
+- User A needs personal search preferences (Google, 10 results per page)
+- User B needs different preferences (Bing, 20 results per page)
 - Both users share the same team API credentials
-- Each user may have different debug settings
+- Each user may have different cache settings
 
 ### Solution Architecture
 
@@ -59,7 +58,7 @@ The three-tier system addresses this by:
 
 1. **Template Level**: Defines what arguments are fixed vs configurable
 2. **Team Level**: Manages shared credentials and team-wide settings
-3. **User Level**: Allows individual customization per user and device
+3. **User Level**: Allows individual customization per user
 
 ## Database Schema
 
@@ -93,12 +92,11 @@ team_env: text('team_env')                   -- Team environment variables (JSON
 
 ### Tier 3: User Configuration (`mcpUserConfigurations`)
 
-Individual user configurations support multiple devices:
+Individual user configurations:
 
 ```sql
 installation_id: text('installation_id')     -- References team installation
 user_id: text('user_id')                     -- User who owns this config
-device_name: text('device_name')             -- "MacBook Pro", "Work PC", etc.
 
 user_args: text('user_args')                 -- User arguments (JSON array)
 user_env: text('user_env')                   -- User environment variables (JSON object)
diff --git a/docs/development/backend/oauth2-server.mdx b/docs/development/backend/oauth2-server.mdx
index 9c2c485..22f7c1d 100644
--- a/docs/development/backend/oauth2-server.mdx
+++ b/docs/development/backend/oauth2-server.mdx
@@ -9,7 +9,7 @@ This document describes the OAuth2 authorization server implementation in the De
 
 ## Overview
 
-The OAuth2 server provides RFC 6749 compliant authorization for programmatic API access with RFC 7591 Dynamic Client Registration support. This enables the DeployStack Gateway CLI, MCP clients (VS Code, Cursor, Claude.ai), and other tools to authenticate users and access APIs on their behalf using Bearer tokens instead of cookies.
+The OAuth2 server provides RFC 6749 compliant authorization for programmatic API access with RFC 7591 Dynamic Client Registration support. This enables the DeployStack Satellite, MCP clients (VS Code, Cursor, Claude.ai), and other tools to authenticate users and access APIs on their behalf using Bearer tokens instead of cookies.
 
 ## Architecture
 
@@ -451,7 +451,7 @@ For the current list of supported scopes, check the source code at:
 When adding support for a new OAuth scope in the backend:
 
 1. **Add the scope** to the `allowedScopes` array in `services/backend/src/services/oauth/authorizationService.ts`
-2. **Update clients** to request the new scope (Gateway, MCP clients)
+2. **Update clients** to request the new scope (Satellite, MCP clients)
 3. **Apply scope enforcement** to relevant API endpoints using middleware
 4. **Test the complete flow** to ensure proper scope validation
 
diff --git a/docs/development/backend/satellite-communication.mdx b/docs/development/backend/satellite-communication.mdx
index e17f7cd..8a17548 100644
--- a/docs/development/backend/satellite-communication.mdx
+++ b/docs/development/backend/satellite-communication.mdx
@@ -83,39 +83,32 @@ Satellites use **outbound-only HTTPS polling** to communicate with the backend,
 
 ## Satellite Pairing Process
 
-### Registration Token Flow
+### Security Architecture
 
-The satellite pairing process follows a secure two-phase approach:
+The satellite pairing process implements a secure **two-phase JWT-based authentication system** that prevents unauthorized satellite connections. For complete implementation details, see [API Security - Registration Token Authentication](/development/backend/api-security#registration-token-authentication).
 
 **Phase 1: Token Generation**
-- Administrators generate temporary registration tokens
-- Global tokens for global satellites (global_admin only)
-- Team tokens for team satellites (team_admin for specific teams)
-- Tokens have scope-specific prefixes and expiration times
+- Administrators generate temporary registration tokens through admin APIs
+- Scope-specific tokens (global vs team) with cryptographic signatures
+- Token management endpoints for generation, listing, and revocation
 
 **Phase 2: Satellite Registration**
-- Satellites use registration tokens to authenticate initial pairing
-- Backend validates token scope and expiration
-- Permanent API keys issued after successful registration
-- Registration tokens marked as used (single-use security)
+- Satellites authenticate using `Authorization: Bearer deploystack_satellite_*` headers
+- Backend validates JWT tokens with single-use consumption
+- Permanent API keys issued after successful token validation
+- Token consumed to prevent replay attacks
 
-### Token Security Model
+**Breaking Change**: As of Phase 3 implementation, all new satellite registrations require valid registration tokens. The open registration system has been secured.
 
-**Registration Token Prefixes**:
-- Global satellites: `deploystack_satellite_global_...`
-- Team satellites: `deploystack_satellite_team_...`
+### Registration Middleware
 
-**Token Characteristics**:
-- JWT-based with cryptographic signatures
-- Short expiration times (1 hour global, 24 hours team)
-- Single-use to prevent replay attacks
-- Audit trail for compliance
+The secure registration process is implemented through specialized middleware. For technical implementation details, see `services/backend/src/middleware/registrationTokenMiddleware.ts`.
 
-**Operational API Keys**:
-- Permanent keys for ongoing satellite communication
-- Scope-specific prefixes for security validation
-- Argon2 hashed storage in database
-- Support for key rotation and revocation
+**Key Security Features**:
+- JWT signature verification with HMAC-SHA256
+- Scope validation (global vs team tokens)
+- Security event logging for failed attempts
+- Structured error responses with actionable instructions
 
 ## Command Orchestration
 
diff --git a/docs/development/backend/security.mdx b/docs/development/backend/security.mdx
index 69bff57..b104337 100644
--- a/docs/development/backend/security.mdx
+++ b/docs/development/backend/security.mdx
@@ -38,7 +38,7 @@ User sessions are managed using `lucia-auth` v3.
 
 ## Data Validation
 
-All incoming data from clients (e.g., API request bodies, URL parameters) is rigorously validated using `zod` schemas on the server-side before being processed. This helps prevent common vulnerabilities such as injection attacks and unexpected data handling errors.
+All incoming data from clients (e.g., API request bodies, URL parameters) is rigorously validated using JSON Schema on the server-side before being processed. This helps prevent common vulnerabilities such as injection attacks and unexpected data handling errors.
 
 - Registration endpoint validates: username, email, password, first_name, last_name
 - **Email verification endpoint validates: verification token format and expiration**
@@ -94,7 +94,7 @@ The OAuth2 server implementation follows RFC 6749 and RFC 7636 security standard
 
 ### Authorization Flow Security
 - **State Parameter:** CSRF protection with cryptographically random state
-- **Client Validation:** Hardcoded client credentials for `deploystack-gateway-cli`
+- **Client Validation:** Dynamic client registration for MCP clients with validation against allowed patterns
 - **Redirect URI Validation:** Whitelist of allowed callback URLs
 - **Consent Page:** User authorization with security warnings
 - **Session Binding:** OAuth2 flow requires active user session
@@ -116,7 +116,7 @@ We strive to keep our dependencies up-to-date and regularly review them for know
 - `@node-rs/argon2`: Password hashing
 - `lucia`: Session management
 - `drizzle-orm`: Database ORM with parameterized queries
-- `zod`: Input validation and sanitization
+- `@fastify/swagger`: JSON Schema validation and API documentation
 - `@fastify/cookie`: Secure cookie handling
 - `node:crypto`: Built-in cryptographic functions for global settings encryption
 
diff --git a/docs/development/index.mdx b/docs/development/index.mdx
index 3d8111a..dd72f5a 100644
--- a/docs/development/index.mdx
+++ b/docs/development/index.mdx
@@ -127,7 +127,6 @@ deploystack/
 - **Fastify** for high-performance cloud control plane
 - **TypeScript** with full type safety
 - **Drizzle ORM** supporting SQLite and PostgreSQL
-- **Zod** validation with automatic OpenAPI generation
 - **Plugin System** with isolated routes (`/api/plugin/<id>/`)
 - **Role-Based Access Control** with session management
 
diff --git a/docs/development/meta.json b/docs/development/meta.json
index 0176672..caffe29 100644
--- a/docs/development/meta.json
+++ b/docs/development/meta.json
@@ -8,6 +8,6 @@
     "---Sections---",
     "frontend",
     "backend",
-    "gateway"
+    "satellite"
   ]
 }
\ No newline at end of file
diff --git a/docs/development/satellite/backend-communication.mdx b/docs/development/satellite/backend-communication.mdx
index 5637c77..c022988 100644
--- a/docs/development/satellite/backend-communication.mdx
+++ b/docs/development/satellite/backend-communication.mdx
@@ -77,9 +77,9 @@ if (connectionStatus.connection_status === 'connected') {
 
 ### Phase 2: Satellite Registration ✅
 
-Satellite registration is now fully implemented with automatic startup registration and upsert logic for restarts.
+Satellite registration is now fully implemented with secure JWT-based token authentication preventing unauthorized satellite connections.
 
-For complete registration documentation, see [Satellite Registration](/development/satellite/registration).
+For complete registration documentation, see [Satellite Registration](/development/satellite/registration). For backend token management details, see [Registration Token Authentication](/development/backend/api-security#registration-token-authentication).
 
 ### Phase 3: Heartbeat Authentication ✅
 
@@ -277,7 +277,8 @@ npm install
 
 # Configure environment
 cp .env.example .env
-# Edit DEPLOYSTACK_BACKEND_URL as needed
+# Edit DEPLOYSTACK_BACKEND_URL and add DEPLOYSTACK_REGISTRATION_TOKEN
+# Obtain registration token from backend admin interface first
 
 # Start development server
 npm run dev
@@ -289,14 +290,17 @@ npm run dev
 ```bash
 # Required environment variables
 DEPLOYSTACK_BACKEND_URL=http://localhost:3000
+DEPLOYSTACK_SATELLITE_NAME=dev-satellite-001
+DEPLOYSTACK_REGISTRATION_TOKEN=deploystack_satellite_global_eyJhbGc...
 LOG_LEVEL=debug
 PORT=3001
 
 # Optional configuration
 NODE_ENV=development
-SATELLITE_ID=dev-satellite-01
 ```
 
+**Note:** `DEPLOYSTACK_REGISTRATION_TOKEN` is only required for initial satellite pairing. Once registered, satellites use their permanent API keys for all communication.
+
 ### Testing Backend Communication
 
 ```bash
@@ -329,10 +333,13 @@ See `services/backend/src/db/schema.sqlite.ts` for complete schema definitions.
 ### Authentication Flow
 
 **Registration Phase:**
-1. Generate temporary registration token
-2. Satellite registers with token
-3. Backend validates and issues permanent API key
-4. Satellite stores API key securely
+1. Admin generates JWT registration token via backend API
+2. Satellite includes token in Authorization header during registration
+3. Backend validates token signature, scope, and expiration
+4. Backend consumes single-use token and issues permanent API key
+5. Satellite stores API key securely for ongoing communication
+
+For detailed token validation process, see [Registration Security](/development/backend/satellite-communication#satellite-pairing-process).
 
 **Operational Phase:**
 1. All requests include `Authorization: Bearer {api_key}`
diff --git a/docs/development/satellite/registration.mdx b/docs/development/satellite/registration.mdx
index 5a8fa04..59ee1d7 100644
--- a/docs/development/satellite/registration.mdx
+++ b/docs/development/satellite/registration.mdx
@@ -10,6 +10,62 @@ import { Callout } from 'fumadocs-ui/components/callout';
 
 DeployStack Satellite implements automatic registration with the Backend during startup. This document covers the complete registration process, environment variable requirements, validation rules, and upsert logic for satellite restarts.
 
+## Persistent Storage
+
+### API Key Persistence
+
+Satellites automatically save their registration credentials to persistent storage to avoid re-registration on restart:
+
+**Storage Location:**
+```
+services/satellite/persistent_data/
+└── backend.key.json
+```
+
+**File Structure:**
+```json
+{
+  "api_key": "deploystack_satellite_api_global_EACQ7NeRD4gNjFjPAiz90AR7NqL-LF9d",
+  "satellite_id": "vwokw4qbax0cyin",
+  "satellite_name": "dev-satellite-005",
+  "registered_at": "2025-09-23T15:42:46.118Z",
+  "last_verified": "2025-09-23T15:42:46.118Z"
+}
+```
+
+### Registration Token Usage
+
+**Single-Use Registration Flow:**
+- **First startup**: Uses registration token → Saves API key to file
+- **Subsequent startups**: Uses saved API key → No token needed
+- **Token expiration**: Only affects first-time registration
+
+**Benefits:**
+- **No re-registration**: Satellites restart without consuming new tokens
+- **Server restarts**: Automatic recovery after system reboots
+- **Development workflow**: Frequent restarts don't require new tokens
+
+### Storage Management
+
+**Automatic Operations:**
+- **Save**: Credentials saved after successful registration
+- **Load**: Credentials loaded on startup before attempting registration
+- **Verify**: API key verified with backend heartbeat
+- **Clear**: Invalid credentials automatically cleared
+
+**Manual Operations:**
+```bash
+# Force re-registration (delete persistent storage)
+rm services/satellite/persistent_data/backend.key.json
+
+# View current credentials
+cat services/satellite/persistent_data/backend.key.json
+```
+
+<Callout type="info">
+**Important**: The `persistent_data/` directory must be writable by the satellite process. In production deployments, ensure proper volume mounting and permissions.
+</Callout>
+
 ## Registration Overview
 
 ### Automatic Registration Flow
@@ -19,33 +75,47 @@ Satellites register automatically during startup following this sequence:
 ```
 Satellite Startup
     │
-    ├── 1. Validate DEPLOYSTACK_SATELLITE_NAME
+    ├── 1. Check Persistent Storage
+    │   ├── Load persistent_data/backend.key.json
+    │   ├── If API key exists → Verify with heartbeat
+    │   └── If valid → Skip registration
+    │
+    ├── 2. Validate DEPLOYSTACK_SATELLITE_NAME
     │   ├── Length: 10-32 characters
     │   ├── Characters: a-z, 0-9, -, _
     │   └── Fail-fast if invalid
     │
-    ├── 2. Test Backend Connection
+    ├── 3. Validate DEPLOYSTACK_REGISTRATION_TOKEN
+    │   ├── JWT token format validation
+    │   ├── Required token prefix check
+    │   └── Fail-fast if missing or invalid
+    │
+    ├── 4. Test Backend Connection
     │   ├── GET /api/health (5s timeout)
     │   └── Exit if unreachable
     │
-    ├── 3. Register with Backend
+    ├── 5. Register with Backend (if needed)
     │   ├── POST /api/satellites/register
-    │   ├── Upsert logic (create or update)
-    │   └── Receive API key
+    │   ├── Authorization: Bearer {registration_token}
+    │   ├── Receive permanent API key
+    │   └── Save credentials to persistent storage
     │
-    └── 4. Start MCP Transport Services
+    └── 6. Start MCP Transport Services
         ├── SSE Handler
         ├── Streamable HTTP Handler
         └── Session Manager
 ```
 
-### Upsert Registration Logic
+### Secure Token-Based Registration
 
-The registration endpoint implements **upsert behavior** to handle satellite restarts:
+The registration system requires **valid JWT registration tokens** for security:
 
-- **First Registration**: Creates new satellite record in database
-- **Re-Registration**: Updates existing satellite record with new API key and system info
-- **No Conflicts**: Satellite restarts work seamlessly without 409 errors
+- **Token Required**: All satellites must provide valid registration tokens during startup
+- **Single-Use**: Registration tokens are consumed after successful pairing
+- **Admin-Controlled**: Only administrators can generate registration tokens
+- **No Open Registration**: Satellites cannot register without proper authorization
+
+For detailed token management, see [Registration Token Authentication](/development/backend/api-security#registration-token-authentication).
 
 ## Environment Variables
 
@@ -57,15 +127,39 @@ DEPLOYSTACK_SATELLITE_NAME=dev-satellite-001
 
 # Backend connection
 DEPLOYSTACK_BACKEND_URL=http://localhost:3000
+
+# Registration token (required for secure pairing)
+DEPLOYSTACK_REGISTRATION_TOKEN=deploystack_satellite_global_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
 ```
 
+## Registration Token Requirements
+
+### Token Types and Sources
+
+Satellites require registration tokens generated by administrators:
+
+**Global Satellite Tokens:**
+- Format: `deploystack_satellite_global_eyJhbGc...`
+- Generated by: `global_admin` users via backend API
+- Scope: Can register global satellites serving all teams
+- Expiration: 1 hour (configurable)
+
+**Team Satellite Tokens:**
+- Format: `deploystack_satellite_team_eyJhbGc...`
+- Generated by: `team_admin` users for specific teams
+- Scope: Can register team satellites for specific team only
+- Expiration: 24 hours (configurable)
+
+For token generation APIs, see [Satellite Communication - Registration Tokens](/development/backend/satellite-communication#satellite-pairing-process).
+
 ### Security Model
 
 All satellites register with secure defaults controlled by the backend:
 
-- **Satellite Type**: Always `global` (backend-controlled)
+- **Token-Based Pairing**: Valid JWT registration token required
+- **Satellite Type**: Determined by token scope (global or team)
 - **Status**: Always `inactive` (requires admin activation)
-- **Team Assignment**: Always `null` (admin-controlled via backend interface)
+- **Single-Use Tokens**: Registration tokens consumed after successful pairing
 
 ## Satellite Name Validation
 
@@ -205,15 +299,28 @@ git clone https://github.com/deploystackio/deploystack.git
 cd deploystack/services/satellite
 npm install
 
-# Configure satellite identity
+# Configure satellite identity and registration token
 cp .env.example .env
 echo "DEPLOYSTACK_SATELLITE_NAME=dev-satellite-001" >> .env
 echo "DEPLOYSTACK_BACKEND_URL=http://localhost:3000" >> .env
+echo "DEPLOYSTACK_REGISTRATION_TOKEN=your-token-here" >> .env
 
 # Start satellite (will auto-register)
 npm run dev
 ```
 
+**⚠️ Obtaining Registration Token:**
+You must first generate a registration token via the backend API or admin interface:
+
+```bash
+# Generate global registration token (requires global_admin)
+curl -X POST http://localhost:3000/api/satellites/global/registration-tokens \
+  -H "Cookie: your-session-cookie" \
+  -H "Content-Type: application/json"
+
+# Copy the returned token to your .env file
+```
+
 ### Expected Registration Output
 
 ```bash
@@ -226,21 +333,25 @@ npm run dev
 [INFO] 🔑 API key received and ready for authenticated communication
 ```
 
-### Testing Satellite Restarts
+### Token Expiration and Re-Registration
 
-To verify upsert registration logic:
+Registration tokens are single-use and expire:
 
 ```bash
-# Start satellite
+# First registration (consumes token)
 npm run dev
-# Wait for successful registration
+# ✅ Registration successful
 
-# Stop satellite (Ctrl+C)
-# Start again
-npm run dev
-# Should see "re-registered successfully" instead of conflict error
+# Stop and restart satellite
+# Ctrl+C, then npm run dev again
+# ✅ Uses permanent API key (no token needed)
+
+# If satellite needs new registration token:
+# ❌ Generate new token and update DEPLOYSTACK_REGISTRATION_TOKEN
 ```
 
+**Important:** Once registered, satellites use their permanent API key for all communication. Registration tokens are only needed for initial pairing.
+
 ## Security Considerations
 
 ### API Key Management
@@ -273,6 +384,18 @@ npm run dev
 ```
 **Solution:** Set the required environment variable
 
+**Missing Registration Token:**
+```bash
+❌ FATAL ERROR: DEPLOYSTACK_REGISTRATION_TOKEN ist erforderlich
+```
+**Solution:** Obtain registration token from admin and set environment variable
+
+**Invalid Registration Token:**
+```bash
+❌ FATAL ERROR: Invalid registration token format or expired
+```
+**Solution:** Generate new registration token from admin interface
+
 **Invalid Satellite Name:**
 ```bash
 ❌ FATAL ERROR: Ungültiger Satellite Name
@@ -311,15 +434,19 @@ open http://localhost:3001/documentation
 - ✅ Default inactive status requiring admin activation
 
 **Security Improvements:**
-- ✅ All satellites register as `global` and `inactive` by default
-- ✅ Team assignment controlled exclusively by backend administrators
+- ✅ JWT-based registration token system prevents unauthorized satellites
+- ✅ Single-use tokens with cryptographic validation
+- ✅ Admin-controlled token generation with proper scope enforcement
+- ✅ All satellites register as `inactive` requiring admin activation
 
 **Planned Features:**
-- 🚧 Bearer token authentication for Backend communication
+- ✅ JWT-based registration token system (Phase 3 complete)
+- ✅ Bearer token authentication for Backend communication
+- 🚧 Admin interface for registration token management (Phase 4)
+- 🚧 Satellite client registration token support (Phase 5)
 - 🚧 API key rotation and renewal
 - 🚧 Registration status monitoring and alerts
-- 🚧 Admin interface for satellite activation and team assignment
 
 <Callout type="info">
-The satellite registration system is production-ready and handles both initial registration and restart scenarios seamlessly. The upsert logic ensures satellites can restart without manual intervention while maintaining security through API key rotation.
+The satellite registration system implements secure JWT-based pairing to prevent unauthorized satellite connections. Once registered with a valid token, satellites receive permanent API keys for ongoing communication. See [Backend API Security](/development/backend/api-security#registration-token-authentication) for complete token management details.
 </Callout>
diff --git a/docs/index.mdx b/docs/index.mdx
index 91c9aeb..0d6cd95 100644
--- a/docs/index.mdx
+++ b/docs/index.mdx
@@ -1,6 +1,6 @@
 ---
 title: DeployStack Documentation
-description: Official DeployStack documentation - The Enterprise Control Plane for MCP servers. Secure, centralized management of your organization's AI tool landscape with the DeployStack Gateway.
+description: Official DeployStack documentation - The Enterprise Control Plane for MCP servers. Secure, centralized management of your organization's AI tool landscape with the DeployStack Satellite.
 sidebar: Introduction
 icon: Star
 ---
@@ -10,7 +10,7 @@ import { Plug, Settings, Users, Code2, Server, Zap, Shield, Wrench, Terminal, Co
 
 # DeployStack - Enterprise Control Plane for MCP
 
-DeployStack is the **Enterprise Control Plane for the Model Context Protocol (MCP) ecosystem**. We provide a secure, centralized platform to manage your company's entire AI tool landscape, eliminating credential sprawl and enabling developers to move faster and more securely through our local DeployStack Gateway.
+DeployStack is the **Enterprise Control Plane for the Model Context Protocol (MCP) ecosystem**. We provide a secure, centralized platform to manage your company's entire AI tool landscape, eliminating credential sprawl and enabling developers to move faster and more securely through edge DeployStack Satellite.
 
 ## User Guides
 
@@ -20,7 +20,7 @@ DeployStack is the **Enterprise Control Plane for the Model Context Protocol (MC
     href="/quick-start" 
     title="DeployStack Quick Start"
   >
-    Get started with DeployStack in minutes. Set up your first MCP server and connect to the DeployStack Gateway.
+    Get started with DeployStack in minutes. Set up your first MCP server and connect to the DeployStack Satellite.
   </Card>
 
   <Card 
@@ -71,10 +71,10 @@ DeployStack is the **Enterprise Control Plane for the Model Context Protocol (MC
   
   <Card 
     icon={<Plug />} 
-    href="/development/gateway" 
-    title="Gateway Development"
+    href="/development/satellite" 
+    title="Satellite Development"
   >
-    Build and extend the DeployStack Gateway for secure MCP server management
+    Build and extend the DeployStack Satellite for secure MCP server management
   </Card>
 </Cards>
 
@@ -90,7 +90,7 @@ DeployStack consists of several integrated components that work together to prov
 
 <Cards>
 <Card icon={<Container className="text-primary" />} title="deploystack" href="https://github.com/deploystackio/deploystack">
-The main platform providing centralized MCP server management, team collaboration, and the DeployStack Gateway
+The main platform providing centralized MCP server management, team collaboration, and secure credential storage
 </Card>
 <Card icon={<BookOpenText className="text-primary" />} title="awesome-mcp-server" href="https://github.com/deploystackio/awesome-mcp-server">
 Community-curated catalog of production-ready MCP servers with standardized configurations
diff --git a/docs/local-setup.mdx b/docs/local-setup.mdx
index 4f57137..628478e 100644
--- a/docs/local-setup.mdx
+++ b/docs/local-setup.mdx
@@ -25,7 +25,7 @@ This guide is for contributors and developers who want to run DeployStack locall
     
     - **[Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)**: Version control system
     - **[Node.js v18+](https://nodejs.org/en/download)**: JavaScript runtime (v18 or higher required)
-    - **[npm v8+](https://www.npmjs.com/get-npm)**: Package manager (comes with Node.js)
+    - **[npm v8+](https://docs.npmjs.com/getting-started)**: Package manager (comes with Node.js)
     - **[Docker](https://docs.docker.com/get-docker/)**: For running databases (optional but recommended)
     
     ### Verify Installation
diff --git a/docs/mcp-admin-schema-workflow.mdx b/docs/mcp-admin-schema-workflow.mdx
index d60b1a5..4b7bbc2 100644
--- a/docs/mcp-admin-schema-workflow.mdx
+++ b/docs/mcp-admin-schema-workflow.mdx
@@ -44,17 +44,19 @@ Input the raw Claude Desktop configuration:
 ```json
 {
   "mcpServers": {
-    "filesystem": {
+    "web-search": {
       "command": "npx",
       "args": [
         "-y",
-        "@modelcontextprotocol/server-filesystem",
-        "/Users/username/Desktop"
-      ]
+        "@brightdata/mcp-server-web-search"
+      ],
+      "env": {
+        "API_KEY": "your-api-key-here",
+        "SEARCH_QUOTA": "1000"
+      }
     }
   }
 }
-```
 
 The system extracts all arguments and environment variables for categorization.
 
@@ -86,35 +88,40 @@ For every argument and environment variable extracted from the Claude Desktop co
 
 This sophisticated system determines the exact configuration experience for teams and users.
 
-### Example: Filesystem MCP Server
+### Example: Web Search MCP Server
 
 **Raw Configuration:**
 ```json
 {
   "mcpServers": {
-    "filesystem": {
+    "web-search": {
       "command": "npx",
       "args": [
         "-y",
-        "@modelcontextprotocol/server-filesystem",
-        "/Users/username/Desktop"
-      ]
+        "@brightdata/mcp-server-web-search"
+      ],
+      "env": {
+        "API_KEY": "your-api-key-here",
+        "SEARCH_QUOTA": "1000",
+        "DEFAULT_ENGINE": "google"
+      }
     }
   }
 }
 ```
 
 **Your Categorization:**
-- **🔒 Template**: `-y` and `@modelcontextprotocol/server-filesystem` (system commands, locked forever)
-- **🔓 User Configurable**: `/Users/username/Desktop` (personal directory paths, default unlocked)
-- **No Team Level**: This server doesn't need shared team configuration
+- **🔒 Template**: `-y` and `@brightdata/mcp-server-web-search` (system commands, locked forever)
+- **🔧 Team Configurable**: `API_KEY` and `SEARCH_QUOTA` (shared credentials and limits)
+- **🔓 User Configurable**: `DEFAULT_ENGINE` (personal search preference, default unlocked)
 
 **Lock/Unlock Decisions:**
-- Directory paths: Default unlocked (users can customize their own directories)
-- No visibility restrictions (directory paths are not sensitive)
-- Validation: Require valid directory paths, allow 1-10 directories per user
+- API credentials: Default locked for users, hidden from users (security)
+- Search quota: Default locked for users, visible to users (team resource management)
+- Search engine: Default unlocked (users can customize their preference)
+- Validation: API key must be valid format, quota must be positive number
 
-**Result**: Users can configure their own directories, but can't modify the core system commands.
+**Result**: Teams manage shared API credentials and usage quotas, but users can customize their search engine preferences.
 
 ### Another Example: API MCP Server with Secrets
 
@@ -161,9 +168,9 @@ DeployStack provides suggestions to help with categorization:
 - Service endpoints
 
 **🔓 User Configurable Suggestions:**
-- File paths with `/Users/` or `/home/`
-- Debug and preference settings
-- Device-specific configuration
+- Search preferences and result formatting
+- Cache and performance settings
+- Personal API preferences
 
 ### Configuration Schema Step Interface
 
@@ -177,15 +184,10 @@ Extracted Arguments from Claude Desktop Config:
 │     Configuration Level: Template (Static) ▼                               │
 │     ✓ Locked Forever (Cannot be changed by teams or users)                │
 │                                                                             │
-│ [1] "@modelcontextprotocol/server-filesystem"                             │
+│ [1] "@brightdata/mcp-server-web-search"                                   │
 │     Configuration Level: Template (Static) ▼                               │
 │     ✓ Locked Forever (Cannot be changed by teams or users)                │
 │                                                                             │
-│ [2] "/Users/username/Desktop"                                              │
-│     Configuration Level: User Configurable ▼                               │
-│     ☐ Default Team Locked (Recommended: Unlocked for personal paths)       │
-│     Schema: Directory Path, Required: Yes, Min: 1, Max: 10                 │
-│                                                                             │
 │ [+] Add team-configurable argument                                          │
 │ [+] Add user-configurable argument                                          │
 └─────────────────────────────────────────────────────────────────────────────┘
@@ -195,20 +197,28 @@ Extracted Arguments from Claude Desktop Config:
 ```
 Extracted Environment Variables from Claude Desktop Config:
 ┌─────────────────────────────────────────────────────────────────────────────┐
-│ TEAM_TOKEN: "my-team-token"                                                 │
+│ API_KEY: "your-api-key-here"                                                │
 │ Configuration Level: Team Configurable ▼                                   │
 │ ├─ Type: Secret ▼                                                          │
 │ ├─ Required: ✓                                                             │
-│ ├─ Description: Team authentication token                                   │
+│ ├─ Description: BrightData API authentication key                           │
 │ ├─ ✓ Default Team Locked (Users cannot modify)                             │
-│ └─ ☐ Visible to Users (Recommended: Hidden for secrets)                  │
+│ └─ ✓ Hidden from Users (Recommended for API keys)                          │
 │                                                                             │
-│ USER_TOKEN: "my-user-token"                                                 │
+│ SEARCH_QUOTA: "1000"                                                        │
+│ Configuration Level: Team Configurable ▼                                   │
+│ ├─ Type: Number ▼                                                          │
+│ ├─ Required: ✓                                                             │
+│ ├─ Description: Daily search query limit                                    │
+│ ├─ ✓ Default Team Locked (Teams control resource limits)                   │
+│ └─ ☐ Hidden from Users (Users can see their quota limits)                  │
+│                                                                             │
+│ DEFAULT_ENGINE: "google"                                                    │
 │ Configuration Level: User Configurable ▼                                   │
-│ ├─ Type: Secret ▼                                                          │
+│ ├─ Type: String ▼                                                          │
 │ ├─ Required: ☐                                                             │
-│ ├─ Description: Personal user authentication token                          │
-│ └─ ☐ Default Team Locked (Recommended: Unlocked for user control)        │
+│ ├─ Description: Preferred search engine                                     │
+│ └─ ☐ Default Team Locked (Recommended: Unlocked for user preference)      │
 │                                                                             │
 │ [+] Add team-configurable environment variable                              │
 │ [+] Add user-configurable environment variable                              │
diff --git a/docs/mcp-configuration.mdx b/docs/mcp-configuration.mdx
index cc4cee6..edeff47 100644
--- a/docs/mcp-configuration.mdx
+++ b/docs/mcp-configuration.mdx
@@ -14,9 +14,9 @@ The system separates configuration into three distinct layers:
 
 1. **Template Level** - Global schemas and locked elements defined by administrators
 2. **Team Level** - Shared team configurations with lock/unlock controls  
-3. **User Level** - Personal configurations within team-defined boundaries **per device**
+3. **User Level** - Personal configurations within team-defined boundaries
 
-This architecture enables teams to share common settings like API keys while allowing individual members to customize personal settings like local file paths across multiple devices. Each user can have different configurations on different devices while maintaining team security and standards.
+This architecture enables teams to share common settings like API keys while allowing individual members to customize personal settings like local file paths while maintaining team security and standards.
 
 ## How It Works
 
@@ -42,12 +42,11 @@ This architecture enables teams to share common settings like API keys while all
                                         │
                                         ▼
 ┌─────────────────────────────────────────────────────────────────────────────────┐
-│ TIER 3: USER (Individual) - Device-Aware                                      │
+│ TIER 3: USER (Individual)                                                      │
 │ ┌─────────────────────────────────────────────────────────────────────────────┐ │
-│ │ 🔓 Personal Settings: Local paths, preferences (per device)                │ │
-│ │ 💻 Multi-Device: Different configs per device with automatic registration   │ │
-│ │ 🔗 Automatic Inheritance: Use team credentials seamlessly across devices    │ │
-│ │ 🛡️ Device Security: Hardware fingerprinting and secure registration        │ │
+│ │ 🔓 Personal Settings: Local paths, preferences                             │ │
+│ │ 🔗 Automatic Inheritance: Use team credentials seamlessly                  │ │
+│ │ 🛡️ Team Security: Access controlled through team OAuth tokens             │ │
 │ └─────────────────────────────────────────────────────────────────────────────┘ │
 └─────────────────────────────────────────────────────────────────────────────────┘
                                         │
@@ -78,10 +77,9 @@ The heart of the system is sophisticated lock/unlock controls with precise categ
 
 **User Access:**
 - **Personal Customization** - Modify only unlocked elements within boundaries set by global admin categorization
-- **Device-Specific Settings** - Configure personal settings across multiple devices with automatic device registration
 - **Secure Experience** - No access to locked configuration, team secrets, or template elements
 - **Focused Interface** - See only configuration elements designated as personally configurable
-- **Multi-Device Workflow** - Seamlessly work across different devices with device-specific configurations
+- **Team Integration** - Access through OAuth team authentication
 
 ## User Journey Workflows
 
@@ -98,9 +96,9 @@ Key workflow: Repository → Claude Desktop Config → **Configuration Schema Ca
 Key workflow: Browse Catalog → Configure Team Settings → Set Lock Controls → Deploy Installation
 
 ### For Individual Users
-**[User Configuration](/mcp-user-configuration)** - Learn how to configure personal MCP settings and customize your workflow across multiple devices.
+**[User Configuration](/mcp-user-configuration)** - Learn how to configure personal MCP settings and customize your workflow.
 
-Key workflow: Access Team Installation → Configure Personal Settings → Multi-Device Setup → Save Configuration
+Key workflow: Access Team Installation → Configure Personal Settings → Save Configuration
 
 ## Configuration Assembly Example
 
@@ -122,7 +120,7 @@ Here's how the three tiers combine into a final runtime configuration:
 }
 ```
 
-**User (Individual - i.e.: your MacBook Pro):**
+**User (Individual):**
 ```json
 {
   "args": ["/Users/alice/Development", "/Users/alice/Projects"],
@@ -156,7 +154,7 @@ Here's how the three tiers combine into a final runtime configuration:
 
 **Simplicity:** Users see only what they can configure, teams share common settings automatically
 
-**Flexibility:** Support for variable-length configurations and multi-device setups
+**Flexibility:** Support for variable-length configurations and individual customization
 
 **Collaboration:** Teams coordinate through shared settings while maintaining individual customization
 
@@ -177,6 +175,6 @@ For complete system understanding:
 - [MCP Catalog](/mcp-catalog) - Browse and discover available MCP servers
 - [Teams](/teams) - Team structure and membership management
 - [MCP Installation](/mcp-installation) - Basic MCP server installation concepts
-- [Security and Privacy](/security) - Platform security including device security
+- [Security and Privacy](/security) - Platform security and data protection
 
-The three-tier configuration system provides secure, scalable MCP server management that grows from individual developers to enterprise teams while maintaining simplicity and security at every level. Global administrators have sophisticated control over configuration boundaries through schema categorization, ensuring appropriate access and customization at each tier. The device-aware architecture enables seamless multi-device workflows while maintaining enterprise-grade security and governance.
+The three-tier configuration system provides secure, scalable MCP server management that grows from individual developers to enterprise teams while maintaining simplicity and security at every level. Global administrators have sophisticated control over configuration boundaries through schema categorization, ensuring appropriate access and customization at each tier. The OAuth-based team authentication ensures enterprise-grade security and governance.
diff --git a/docs/mcp-team-installation.mdx b/docs/mcp-team-installation.mdx
index 2ddc143..3d7b018 100644
--- a/docs/mcp-team-installation.mdx
+++ b/docs/mcp-team-installation.mdx
@@ -54,31 +54,32 @@ The lock/unlock system gives you granular control over what team members can mod
 
 **When to Unlock:**
 - **Personal Workflow** - Individual customization needs
-- **Device Differences** - Different computers and environments
 - **User Preferences** - Personal productivity settings
 
 ## Team Configuration Example
 
-**Development Team Filesystem Server:**
+**Team Web Search Server:**
 
 ```
-Installation Name: "Development Team Filesystem"
+Installation Name: "Team Web Search"
 
 Template Configuration (Set by Global Admin, Cannot Change):
 ├─ Command: "npx" (🔒 Locked Forever)
-├─ Package: "@modelcontextprotocol/server-filesystem" (🔒 Locked Forever)
+├─ Package: "@brightdata/mcp-server-web-search" (🔒 Locked Forever)
 ├─ System Flag: "-y" (🔒 Locked Forever)
 
 Team Configuration (You Control):
-├─ GIT_ACCESS_TOKEN: "••••• (encrypted secret)" (🔒 Locked)
-├─ SHARED_PROJECT_ROOT: "/company/projects" (🔒 Locked)
+├─ API_KEY: "••••• (encrypted secret)" (🔒 Locked)
+├─ SEARCH_QUOTA: "1000 queries/day" (🔒 Locked)
+├─ CONTENT_FILTERS: "enabled" (🔒 Locked)
 
 User Controls (You Decide Lock/Unlock):
-├─ Personal Directories: 🔓 Unlocked (users add their own paths)
-├─ Debug Mode: 🔓 Unlocked (individual preference)
+├─ Default Search Engine: 🔓 Unlocked (users choose preference)
+├─ Results Per Page: 🔓 Unlocked (individual preference)
+├─ Cache Settings: 🔓 Unlocked (performance tuning)
 ```
 
-**Result:** Team members automatically inherit template configuration and team credentials, but can add personal directories and control debug settings within the boundaries you set.
+**Result:** Team members automatically inherit template configuration and team API credentials with quota limits, but can customize their search preferences and performance settings within the boundaries you set.
 
 ## Credential Management
 
@@ -116,9 +117,9 @@ Based on your lock/unlock decisions and the schema boundaries set by global admi
 
 - Only see configuration elements they can modify
 - Use team credentials automatically without seeing sensitive values
-- Can customize unlocked elements for their workflow across multiple devices
-- Get consistent behavior across all team members and devices
-- Benefit from automatic device registration and management
+- Can customize unlocked elements for their workflow
+- Get consistent behavior across all team members
+- Benefit from satellite-managed remote execution
 
 For details on the user experience, see [MCP User Configuration](/mcp-user-configuration).
 
diff --git a/docs/mcp-user-configuration.mdx b/docs/mcp-user-configuration.mdx
index 7ec7502..526bfcb 100644
--- a/docs/mcp-user-configuration.mdx
+++ b/docs/mcp-user-configuration.mdx
@@ -1,6 +1,6 @@
 ---
 title: MCP User Configuration and Personal Settings
-description: Learn how individual users configure personal MCP settings, customize their workflow across multiple devices, and work within team-defined boundaries.
+description: Learn how individual users configure personal MCP settings, customize their workflow, and work within team-defined boundaries.
 sidebar: User Configuration
 ---
 
@@ -13,7 +13,6 @@ Individual users customize personal MCP settings within boundaries set by their
 As a user, you personalize your MCP server experience within team-defined boundaries:
 
 - **Personal Settings** that adapt to your individual workflow
-- **Multi-Device Support** for different computers and environments  
 - **Automatic Team Integration** with shared credentials and team standards
 - **Simplified Interface** showing only settings you can modify
 - **Secure Experience** without credential management burden
@@ -27,7 +26,6 @@ Your configuration options are precisely determined by how global administrators
 **🔓 You Can Configure:**
 - **Unlocked Elements** - Settings your team admin made available for personal customization
 - **User-Specific Elements** - Settings designed for individual workflow (like local file paths)
-- **Device-Specific Settings** - Different configurations for different computers
 
 **🔒 You Cannot See or Modify:**
 - **Locked Team Settings** - Shared configuration controlled by team administrators
@@ -46,26 +44,24 @@ For details on how global administrators define these boundaries and team admini
 When you configure an MCP server, you see a clean interface focused only on your personal options:
 
 ```
-Personal Configuration: "Development Team Filesystem"
+Personal Configuration: "Team Web Search"
 
 YOUR PERSONAL SETTINGS
 
-Device: MacBook Pro ▼ [Change Device]
+Search Preferences:
+├─ Default Search Engine: Google ▼
+├─ Results Per Page: 10 ▼  
+└─ Safe Search: Moderate ▼
 
-Personal Directories (Add directories you want to access):
-├─ /Users/alice/Development
-├─ /Users/alice/Projects  
-└─ [+] Add another directory
-
-Debug Settings:
-├─ Enable Debug Mode: ✓
-└─ Debug Level: Verbose ▼
+Cache Settings:
+├─ Enable Result Caching: ✓
+└─ Cache Duration: 1 hour ▼
 
 TEAM-MANAGED SETTINGS (You inherit these automatically)
 
 ✓ Team API credentials: ••••• (encrypted, see Security)
-✓ Shared project access: /company/projects
-✓ Team backup settings: Enabled
+✓ Shared search quotas: 1000 queries/day
+✓ Team content filters: Enabled
 
 [Save Configuration] [Test Configuration]
 ```
@@ -73,7 +69,6 @@ TEAM-MANAGED SETTINGS (You inherit these automatically)
 **Key Interface Features:**
 - **Only Personal Options** - You see only settings you can modify
 - **Clear Inheritance** - Understanding of what you get from your team
-- **Device Context** - Configure settings for specific devices
 - **Validation** - Immediate feedback on configuration validity
 
 ## Personal Configuration Types
@@ -82,31 +77,17 @@ TEAM-MANAGED SETTINGS (You inherit these automatically)
 
 Most commonly, you'll configure:
 
-**Directory Paths:**
-- Local directories you want MCP servers to access
-- Personal project folders
-- Document directories
-- Workspace locations
-
-**Example:**
-```
-Personal Directories:
-├─ /Users/alice/Development
-├─ /Users/alice/Projects
-└─ /Users/alice/Documents/Work
-```
+**API Preferences:**
+- Search result limits and pagination
+- Content filtering and safety settings
+- Cache and performance preferences
 
 ### User Environment Variables
 
 **Personal Preferences:**
-- Debug settings and logging levels
+- Search engine preferences and result formatting
+- Cache settings and performance tuning
 - Interface customization options
-- Cache and temporary file locations
-
-**Device-Specific Settings:**
-- Local file paths and cache directories
-- Hardware-specific optimizations
-- Network and connection preferences
 
 ## Configuration Process
 
@@ -114,10 +95,9 @@ When you first configure an MCP server:
 
 1. **Access Team Installation** - Navigate to your team's MCP server installations
 2. **Select Server** - Choose the server you want to configure personally
-3. **Device Setup** - Provide a name for your current device
-4. **Personal Configuration** - Configure only the unlocked elements
-5. **Validation** - System validates your configuration against team schema
-6. **Save and Deploy** - Personal configuration is saved and ready to use
+3. **Personal Configuration** - Configure only the unlocked elements
+4. **Validation** - System validates your configuration against team schema
+5. **Save and Deploy** - Personal configuration is saved and ready to use
 
 ## Configuration Assembly
 
@@ -128,35 +108,35 @@ Final Configuration = Template + Team + Your Personal Settings
 
 Template (System):
 ├─ Command: "npx"
-├─ Package: "@modelcontextprotocol/server-filesystem"
+├─ Package: "@brightdata/mcp-server-web-search"
 └─ System flags: "-y"
 
 + Team (Shared):
 ├─ Team API Key: "••••• (encrypted secret, hidden from you)"
-├─ Shared directory: "/company/projects"
-└─ Backup enabled: true
+├─ Search quota: "1000 queries/day"
+└─ Content filters: "enabled"
 
-+ Your Personal (Device):
-├─ Your directories: ["/Users/alice/Development", "/Users/alice/Projects"]
-├─ Debug: true
-└─ Log level: "verbose"
++ Your Personal Settings:
+├─ Default search engine: "google"
+├─ Results per page: 10
+└─ Cache duration: "1 hour"
 
 = Final Runtime Configuration:
-Command: npx -y @modelcontextprotocol/server-filesystem 
-         /Users/alice/Development /Users/alice/Projects
+Command: npx -y @brightdata/mcp-server-web-search
 Environment: {
   "TEAM_API_KEY": "decrypted-for-runtime-only",
-  "SHARED_DIR": "/company/projects", 
-  "BACKUP_ENABLED": "true",
-  "DEBUG": "true",
-  "LOG_LEVEL": "verbose"
+  "SEARCH_QUOTA": "1000", 
+  "CONTENT_FILTERS": "enabled",
+  "DEFAULT_ENGINE": "google",
+  "RESULTS_PER_PAGE": "10",
+  "CACHE_DURATION": "3600"
 }
 ```
 
 **Automatic Validation:**
 - Your settings are validated against the schema
 - Type checking ensures correct data formats
-- Invalid directory paths are caught before saving
+- Invalid search preferences are caught before saving
 - Missing required fields are highlighted
 
 ## Related Documentation
diff --git a/docs/meta.json b/docs/meta.json
index 893ced2..6173308 100644
--- a/docs/meta.json
+++ b/docs/meta.json
@@ -13,7 +13,6 @@
     "onboard-new-team-members",
     "global-settings",
     "security",
-    "device-management",
     "---MCP Server---",
     "mcp-catalog",
     "mcp-installation",
diff --git a/docs/security.mdx b/docs/security.mdx
index e3d0200..37bdbfc 100644
--- a/docs/security.mdx
+++ b/docs/security.mdx
@@ -54,7 +54,7 @@ DeployStack automatically protects sensitive MCP configuration values through a
 **API Response Protection:**
 - **Automatic Masking**: All API responses automatically mask secret values as `*****`
 - **No Secret Exposure**: Secret values never appear in API responses, logs, or user interfaces
-- **Runtime Decryption**: Only authorized operations (like gateway configuration generation) can decrypt secrets for actual use
+- **Runtime Decryption**: Only authorized operations (like satellite configuration generation) can decrypt secrets for actual use
 
 **Three-Tier Secret Management:**
 - **Template Level**: Global administrators define which fields are secret types in schemas
diff --git a/docs/teams.mdx b/docs/teams.mdx
index 6e22031..cfbaf19 100644
--- a/docs/teams.mdx
+++ b/docs/teams.mdx
@@ -19,7 +19,7 @@ In DeployStack, teams provide:
 - **Team Collaboration**: Teams support multiple members with role-based access control
 - **Default Team Protection**: Your personal default team cannot have additional members added
 
-Every team acts as a complete team environment, containing everything needed to configure and manage MCP servers through the DeployStack Gateway.
+Every team acts as a complete team environment, containing everything needed to configure and manage MCP servers through the DeployStack Satellite.
 
 ## Getting Started with Teams
 
diff --git a/package-lock.json b/package-lock.json
index f2eb507..11582a9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,10 +10,10 @@
       "hasInstallScript": true,
       "dependencies": {
         "@types/mdx": "^2.0.13",
-        "fumadocs-core": "^15.6.9",
-        "fumadocs-mdx": "^11.8.0",
+        "fumadocs-core": "^15.7.13",
+        "fumadocs-mdx": "^12.0.1",
         "fumadocs-ui": "^15.7.7",
-        "lucide-react": "^0.525.0",
+        "lucide-react": "^0.544.0",
         "mdx": "^0.3.1",
         "next": "^15.5.2",
         "node-fetch": "^3.3.2",
@@ -24,14 +24,14 @@
       "devDependencies": {
         "@semantic-release/github": "^11.0.5",
         "@tailwindcss/postcss": "^4.1.12",
-        "@types/node": "24.3.0",
+        "@types/node": "24.5.2",
         "@types/react": "^19.1.12",
         "@types/react-dom": "^19.1.8",
         "autoprefixer": "^10.4.21",
         "markdownlint-cli": "^0.45.0",
         "markdownlint-cli2": "^0.18.1",
         "postcss": "^8.5.6",
-        "tailwindcss": "^4.1.12",
+        "tailwindcss": "^4.1.13",
         "typescript": "5.9.2"
       }
     },
@@ -186,9 +186,9 @@
       }
     },
     "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.9.tgz",
-      "integrity": "sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz",
+      "integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==",
       "cpu": [
         "ppc64"
       ],
@@ -202,9 +202,9 @@
       }
     },
     "node_modules/@esbuild/android-arm": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.9.tgz",
-      "integrity": "sha512-5WNI1DaMtxQ7t7B6xa572XMXpHAaI/9Hnhk8lcxF4zVN4xstUgTlvuGDorBguKEnZO70qwEcLpfifMLoxiPqHQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz",
+      "integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==",
       "cpu": [
         "arm"
       ],
@@ -218,9 +218,9 @@
       }
     },
     "node_modules/@esbuild/android-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.9.tgz",
-      "integrity": "sha512-IDrddSmpSv51ftWslJMvl3Q2ZT98fUSL2/rlUXuVqRXHCs5EUF1/f+jbjF5+NG9UffUDMCiTyh8iec7u8RlTLg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz",
+      "integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==",
       "cpu": [
         "arm64"
       ],
@@ -234,9 +234,9 @@
       }
     },
     "node_modules/@esbuild/android-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.9.tgz",
-      "integrity": "sha512-I853iMZ1hWZdNllhVZKm34f4wErd4lMyeV7BLzEExGEIZYsOzqDWDf+y082izYUE8gtJnYHdeDpN/6tUdwvfiw==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz",
+      "integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==",
       "cpu": [
         "x64"
       ],
@@ -250,9 +250,9 @@
       }
     },
     "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.9.tgz",
-      "integrity": "sha512-XIpIDMAjOELi/9PB30vEbVMs3GV1v2zkkPnuyRRURbhqjyzIINwj+nbQATh4H9GxUgH1kFsEyQMxwiLFKUS6Rg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz",
+      "integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==",
       "cpu": [
         "arm64"
       ],
@@ -266,9 +266,9 @@
       }
     },
     "node_modules/@esbuild/darwin-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.9.tgz",
-      "integrity": "sha512-jhHfBzjYTA1IQu8VyrjCX4ApJDnH+ez+IYVEoJHeqJm9VhG9Dh2BYaJritkYK3vMaXrf7Ogr/0MQ8/MeIefsPQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz",
+      "integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==",
       "cpu": [
         "x64"
       ],
@@ -282,9 +282,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-z93DmbnY6fX9+KdD4Ue/H6sYs+bhFQJNCPZsi4XWJoYblUqT06MQUdBCpcSfuiN72AbqeBFu5LVQTjfXDE2A6Q==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz",
+      "integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==",
       "cpu": [
         "arm64"
       ],
@@ -298,9 +298,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.9.tgz",
-      "integrity": "sha512-mrKX6H/vOyo5v71YfXWJxLVxgy1kyt1MQaD8wZJgJfG4gq4DpQGpgTB74e5yBeQdyMTbgxp0YtNj7NuHN0PoZg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz",
+      "integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==",
       "cpu": [
         "x64"
       ],
@@ -314,9 +314,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.9.tgz",
-      "integrity": "sha512-HBU2Xv78SMgaydBmdor38lg8YDnFKSARg1Q6AT0/y2ezUAKiZvc211RDFHlEZRFNRVhcMamiToo7bDx3VEOYQw==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz",
+      "integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==",
       "cpu": [
         "arm"
       ],
@@ -330,9 +330,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.9.tgz",
-      "integrity": "sha512-BlB7bIcLT3G26urh5Dmse7fiLmLXnRlopw4s8DalgZ8ef79Jj4aUcYbk90g8iCa2467HX8SAIidbL7gsqXHdRw==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz",
+      "integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==",
       "cpu": [
         "arm64"
       ],
@@ -346,9 +346,9 @@
       }
     },
     "node_modules/@esbuild/linux-ia32": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.9.tgz",
-      "integrity": "sha512-e7S3MOJPZGp2QW6AK6+Ly81rC7oOSerQ+P8L0ta4FhVi+/j/v2yZzx5CqqDaWjtPFfYz21Vi1S0auHrap3Ma3A==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz",
+      "integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==",
       "cpu": [
         "ia32"
       ],
@@ -362,9 +362,9 @@
       }
     },
     "node_modules/@esbuild/linux-loong64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.9.tgz",
-      "integrity": "sha512-Sbe10Bnn0oUAB2AalYztvGcK+o6YFFA/9829PhOCUS9vkJElXGdphz0A3DbMdP8gmKkqPmPcMJmJOrI3VYB1JQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz",
+      "integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==",
       "cpu": [
         "loong64"
       ],
@@ -378,9 +378,9 @@
       }
     },
     "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.9.tgz",
-      "integrity": "sha512-YcM5br0mVyZw2jcQeLIkhWtKPeVfAerES5PvOzaDxVtIyZ2NUBZKNLjC5z3/fUlDgT6w89VsxP2qzNipOaaDyA==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz",
+      "integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==",
       "cpu": [
         "mips64el"
       ],
@@ -394,9 +394,9 @@
       }
     },
     "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.9.tgz",
-      "integrity": "sha512-++0HQvasdo20JytyDpFvQtNrEsAgNG2CY1CLMwGXfFTKGBGQT3bOeLSYE2l1fYdvML5KUuwn9Z8L1EWe2tzs1w==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz",
+      "integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==",
       "cpu": [
         "ppc64"
       ],
@@ -410,9 +410,9 @@
       }
     },
     "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.9.tgz",
-      "integrity": "sha512-uNIBa279Y3fkjV+2cUjx36xkx7eSjb8IvnL01eXUKXez/CBHNRw5ekCGMPM0BcmqBxBcdgUWuUXmVWwm4CH9kg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz",
+      "integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==",
       "cpu": [
         "riscv64"
       ],
@@ -426,9 +426,9 @@
       }
     },
     "node_modules/@esbuild/linux-s390x": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.9.tgz",
-      "integrity": "sha512-Mfiphvp3MjC/lctb+7D287Xw1DGzqJPb/J2aHHcHxflUo+8tmN/6d4k6I2yFR7BVo5/g7x2Monq4+Yew0EHRIA==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz",
+      "integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==",
       "cpu": [
         "s390x"
       ],
@@ -442,9 +442,9 @@
       }
     },
     "node_modules/@esbuild/linux-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.9.tgz",
-      "integrity": "sha512-iSwByxzRe48YVkmpbgoxVzn76BXjlYFXC7NvLYq+b+kDjyyk30J0JY47DIn8z1MO3K0oSl9fZoRmZPQI4Hklzg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz",
+      "integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==",
       "cpu": [
         "x64"
       ],
@@ -458,9 +458,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-9jNJl6FqaUG+COdQMjSCGW4QiMHH88xWbvZ+kRVblZsWrkXlABuGdFJ1E9L7HK+T0Yqd4akKNa/lO0+jDxQD4Q==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz",
+      "integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==",
       "cpu": [
         "arm64"
       ],
@@ -474,9 +474,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.9.tgz",
-      "integrity": "sha512-RLLdkflmqRG8KanPGOU7Rpg829ZHu8nFy5Pqdi9U01VYtG9Y0zOG6Vr2z4/S+/3zIyOxiK6cCeYNWOFR9QP87g==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz",
+      "integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==",
       "cpu": [
         "x64"
       ],
@@ -490,9 +490,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.9.tgz",
-      "integrity": "sha512-YaFBlPGeDasft5IIM+CQAhJAqS3St3nJzDEgsgFixcfZeyGPCd6eJBWzke5piZuZ7CtL656eOSYKk4Ls2C0FRQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz",
+      "integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==",
       "cpu": [
         "arm64"
       ],
@@ -506,9 +506,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.9.tgz",
-      "integrity": "sha512-1MkgTCuvMGWuqVtAvkpkXFmtL8XhWy+j4jaSO2wxfJtilVCi0ZE37b8uOdMItIHz4I6z1bWWtEX4CJwcKYLcuA==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz",
+      "integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==",
       "cpu": [
         "x64"
       ],
@@ -522,9 +522,9 @@
       }
     },
     "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.9.tgz",
-      "integrity": "sha512-4Xd0xNiMVXKh6Fa7HEJQbrpP3m3DDn43jKxMjxLLRjWnRsfxjORYJlXPO4JNcXtOyfajXorRKY9NkOpTHptErg==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz",
+      "integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==",
       "cpu": [
         "arm64"
       ],
@@ -538,9 +538,9 @@
       }
     },
     "node_modules/@esbuild/sunos-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.9.tgz",
-      "integrity": "sha512-WjH4s6hzo00nNezhp3wFIAfmGZ8U7KtrJNlFMRKxiI9mxEK1scOMAaa9i4crUtu+tBr+0IN6JCuAcSBJZfnphw==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz",
+      "integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==",
       "cpu": [
         "x64"
       ],
@@ -554,9 +554,9 @@
       }
     },
     "node_modules/@esbuild/win32-arm64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.9.tgz",
-      "integrity": "sha512-mGFrVJHmZiRqmP8xFOc6b84/7xa5y5YvR1x8djzXpJBSv/UsNK6aqec+6JDjConTgvvQefdGhFDAs2DLAds6gQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz",
+      "integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==",
       "cpu": [
         "arm64"
       ],
@@ -570,9 +570,9 @@
       }
     },
     "node_modules/@esbuild/win32-ia32": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.9.tgz",
-      "integrity": "sha512-b33gLVU2k11nVx1OhX3C8QQP6UHQK4ZtN56oFWvVXvz2VkDoe6fbG8TOgHFxEvqeqohmRnIHe5A1+HADk4OQww==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz",
+      "integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==",
       "cpu": [
         "ia32"
       ],
@@ -586,9 +586,9 @@
       }
     },
     "node_modules/@esbuild/win32-x64": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.9.tgz",
-      "integrity": "sha512-PPOl1mi6lpLNQxnGoyAfschAodRFYXJ+9fs6WHXz7CSWKbOqiMZsubC+BQsVKuul+3vKLuwTHsS2c2y9EoKwxQ==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz",
+      "integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==",
       "cpu": [
         "x64"
       ],
@@ -1148,15 +1148,16 @@
       }
     },
     "node_modules/@mdx-js/mdx": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-3.1.0.tgz",
-      "integrity": "sha512-/QxEhPAvGwbQmy1Px8F899L5Uc2KZ6JtXwlCgJmjSTBedwOZkByYcBG4GceIGPXRDsmfxhHazuS+hlOShRLeDw==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-3.1.1.tgz",
+      "integrity": "sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ==",
       "license": "MIT",
       "dependencies": {
         "@types/estree": "^1.0.0",
         "@types/estree-jsx": "^1.0.0",
         "@types/hast": "^3.0.0",
         "@types/mdx": "^2.0.0",
+        "acorn": "^8.0.0",
         "collapse-white-space": "^2.0.0",
         "devlop": "^1.0.0",
         "estree-util-is-identifier-name": "^3.0.0",
@@ -1184,12 +1185,12 @@
       }
     },
     "node_modules/@mdx-js/mdx/node_modules/source-map": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
-      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "version": "0.7.6",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.6.tgz",
+      "integrity": "sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ==",
       "license": "BSD-3-Clause",
       "engines": {
-        "node": ">= 8"
+        "node": ">= 12"
       }
     },
     "node_modules/@next/env": {
@@ -1521,9 +1522,9 @@
       }
     },
     "node_modules/@orama/orama": {
-      "version": "3.1.12",
-      "resolved": "https://registry.npmjs.org/@orama/orama/-/orama-3.1.12.tgz",
-      "integrity": "sha512-U7PY8FwXHuJ6bNBpbsqe0KLzb91IcJuORDggqHHkFy1waokY5SpWLN9tzB3AOW776awp6s1bjwts9I9Davy3lw==",
+      "version": "3.1.14",
+      "resolved": "https://registry.npmjs.org/@orama/orama/-/orama-3.1.14.tgz",
+      "integrity": "sha512-Iq4RxYC7y0pA/hLgcUGpYYs5Vze4qNmJk0Qi1uIrg2bHGpm6A06nbjWcH9h4HQsddkDFFlanLj/zYBH3Sxdb4w==",
       "license": "Apache-2.0",
       "engines": {
         "node": ">= 20.0.0"
@@ -2460,84 +2461,84 @@
       }
     },
     "node_modules/@shikijs/core": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/core/-/core-3.12.1.tgz",
-      "integrity": "sha512-j9+UDQ6M50xvaSR/e9lg212H0Fqxy3lYd39Q6YITYQxfrb5VYNUKPLZp4PN9f+YmRcdpyNAm3obn/tIZ2WkUWg==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/core/-/core-3.13.0.tgz",
+      "integrity": "sha512-3P8rGsg2Eh2qIHekwuQjzWhKI4jV97PhvYjYUzGqjvJfqdQPz+nMlfWahU24GZAyW1FxFI1sYjyhfh5CoLmIUA==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1",
+        "@shikijs/types": "3.13.0",
         "@shikijs/vscode-textmate": "^10.0.2",
         "@types/hast": "^3.0.4",
         "hast-util-to-html": "^9.0.5"
       }
     },
     "node_modules/@shikijs/engine-javascript": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/engine-javascript/-/engine-javascript-3.12.1.tgz",
-      "integrity": "sha512-mwif5T3rEBSMn/1m9dNi4WmB4dxH4VfYqreQMLpbFYov8MM3Gus98I549amFMjtEmYDAkTKGP7bmsv1n9t9I+A==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/engine-javascript/-/engine-javascript-3.13.0.tgz",
+      "integrity": "sha512-Ty7xv32XCp8u0eQt8rItpMs6rU9Ki6LJ1dQOW3V/56PKDcpvfHPnYFbsx5FFUP2Yim34m/UkazidamMNVR4vKg==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1",
+        "@shikijs/types": "3.13.0",
         "@shikijs/vscode-textmate": "^10.0.2",
         "oniguruma-to-es": "^4.3.3"
       }
     },
     "node_modules/@shikijs/engine-oniguruma": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-3.12.1.tgz",
-      "integrity": "sha512-hbYq+XOc55CU7Irkhsgwh8WgQbx2W5IVzHV4l+wZ874olMLSNg5o3F73vo9m4SAhimFyqq/86xnx9h+T30HhhQ==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-3.13.0.tgz",
+      "integrity": "sha512-O42rBGr4UDSlhT2ZFMxqM7QzIU+IcpoTMzb3W7AlziI1ZF7R8eS2M0yt5Ry35nnnTX/LTLXFPUjRFCIW+Operg==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1",
+        "@shikijs/types": "3.13.0",
         "@shikijs/vscode-textmate": "^10.0.2"
       }
     },
     "node_modules/@shikijs/langs": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-3.12.1.tgz",
-      "integrity": "sha512-Y1MbMfVO5baRz7Boo7EoD36TmzfUx/I5n8e+wZumx6SlUA81Zj1ZwNJL871iIuSHrdsheV4AxJtHQ9mlooklmg==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-3.13.0.tgz",
+      "integrity": "sha512-672c3WAETDYHwrRP0yLy3W1QYB89Hbpj+pO4KhxK6FzIrDI2FoEXNiNCut6BQmEApYLfuYfpgOZaqbY+E9b8wQ==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1"
+        "@shikijs/types": "3.13.0"
       }
     },
     "node_modules/@shikijs/rehype": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/rehype/-/rehype-3.12.1.tgz",
-      "integrity": "sha512-MEWt7qNyvlzVsQAf6WWTX+EN5IxRW3VUfzxrmQQHOUXjGePjQcVpHuaapW/BxgUX5hNhXKUtBVR7KMwY3ASLjA==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/rehype/-/rehype-3.13.0.tgz",
+      "integrity": "sha512-dxvB5gXEpiTI3beGwOPEwxFxQNmUWM4cwOWbvUmL6DnQJGl18/+cCjVHZK2OnasmU0v7SvM39Zh3iliWdwfBDA==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1",
+        "@shikijs/types": "3.13.0",
         "@types/hast": "^3.0.4",
         "hast-util-to-string": "^3.0.1",
-        "shiki": "3.12.1",
+        "shiki": "3.13.0",
         "unified": "^11.0.5",
         "unist-util-visit": "^5.0.0"
       }
     },
     "node_modules/@shikijs/themes": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-3.12.1.tgz",
-      "integrity": "sha512-9JrAm9cA5hqM/YXymA3oAAZdnCgQf1zyrNDtsnM105nNEoEpux4dyzdoOjc2KawEKj1iUs/WH2ota6Atp7GYkQ==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-3.13.0.tgz",
+      "integrity": "sha512-Vxw1Nm1/Od8jyA7QuAenaV78BG2nSr3/gCGdBkLpfLscddCkzkL36Q5b67SrLLfvAJTOUzW39x4FHVCFriPVgg==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/types": "3.12.1"
+        "@shikijs/types": "3.13.0"
       }
     },
     "node_modules/@shikijs/transformers": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/transformers/-/transformers-3.12.1.tgz",
-      "integrity": "sha512-crGh3cSZf6mwg3K2W8i79Ja+q4tVClRHdHLnUGi5arS58+cqdzsbkrEZBDMyevf9ehmjFUWDTEwCMEyp9I3z0g==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/transformers/-/transformers-3.13.0.tgz",
+      "integrity": "sha512-833lcuVzcRiG+fXvgslWsM2f4gHpjEgui1ipIknSizRuTgMkNZupiXE5/TVJ6eSYfhNBFhBZKkReKWO2GgYmqA==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/core": "3.12.1",
-        "@shikijs/types": "3.12.1"
+        "@shikijs/core": "3.13.0",
+        "@shikijs/types": "3.13.0"
       }
     },
     "node_modules/@shikijs/types": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/@shikijs/types/-/types-3.12.1.tgz",
-      "integrity": "sha512-Is/p+1vTss22LIsGCJTmGrxu7ZC1iBL9doJFYLaZ4aI8d0VDXb7Mn0kBzhkc7pdsRpmUbQLQ5HXwNpa3H6F8og==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/@shikijs/types/-/types-3.13.0.tgz",
+      "integrity": "sha512-oM9P+NCFri/mmQ8LoFGVfVyemm5Hi27330zuOBp0annwJdKH1kOLndw3zCtAVDehPLg9fKqoEx3Ht/wNZxolfw==",
       "license": "MIT",
       "dependencies": {
         "@shikijs/vscode-textmate": "^10.0.2",
@@ -2608,6 +2609,13 @@
         "tailwindcss": "4.1.12"
       }
     },
+    "node_modules/@tailwindcss/node/node_modules/tailwindcss": {
+      "version": "4.1.12",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.12.tgz",
+      "integrity": "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@tailwindcss/oxide": {
       "version": "4.1.12",
       "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.12.tgz",
@@ -2928,6 +2936,13 @@
         "tailwindcss": "4.1.12"
       }
     },
+    "node_modules/@tailwindcss/postcss/node_modules/tailwindcss": {
+      "version": "4.1.12",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.12.tgz",
+      "integrity": "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/debug": {
       "version": "4.1.12",
       "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz",
@@ -2990,13 +3005,13 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "24.3.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.0.tgz",
-      "integrity": "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow==",
+      "version": "24.5.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+      "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.10.0"
+        "undici-types": "~7.12.0"
       }
     },
     "node_modules/@types/normalize-package-data": {
@@ -4522,9 +4537,9 @@
       }
     },
     "node_modules/esbuild": {
-      "version": "0.25.9",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz",
-      "integrity": "sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==",
+      "version": "0.25.10",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz",
+      "integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==",
       "hasInstallScript": true,
       "license": "MIT",
       "bin": {
@@ -4534,32 +4549,32 @@
         "node": ">=18"
       },
       "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.25.9",
-        "@esbuild/android-arm": "0.25.9",
-        "@esbuild/android-arm64": "0.25.9",
-        "@esbuild/android-x64": "0.25.9",
-        "@esbuild/darwin-arm64": "0.25.9",
-        "@esbuild/darwin-x64": "0.25.9",
-        "@esbuild/freebsd-arm64": "0.25.9",
-        "@esbuild/freebsd-x64": "0.25.9",
-        "@esbuild/linux-arm": "0.25.9",
-        "@esbuild/linux-arm64": "0.25.9",
-        "@esbuild/linux-ia32": "0.25.9",
-        "@esbuild/linux-loong64": "0.25.9",
-        "@esbuild/linux-mips64el": "0.25.9",
-        "@esbuild/linux-ppc64": "0.25.9",
-        "@esbuild/linux-riscv64": "0.25.9",
-        "@esbuild/linux-s390x": "0.25.9",
-        "@esbuild/linux-x64": "0.25.9",
-        "@esbuild/netbsd-arm64": "0.25.9",
-        "@esbuild/netbsd-x64": "0.25.9",
-        "@esbuild/openbsd-arm64": "0.25.9",
-        "@esbuild/openbsd-x64": "0.25.9",
-        "@esbuild/openharmony-arm64": "0.25.9",
-        "@esbuild/sunos-x64": "0.25.9",
-        "@esbuild/win32-arm64": "0.25.9",
-        "@esbuild/win32-ia32": "0.25.9",
-        "@esbuild/win32-x64": "0.25.9"
+        "@esbuild/aix-ppc64": "0.25.10",
+        "@esbuild/android-arm": "0.25.10",
+        "@esbuild/android-arm64": "0.25.10",
+        "@esbuild/android-x64": "0.25.10",
+        "@esbuild/darwin-arm64": "0.25.10",
+        "@esbuild/darwin-x64": "0.25.10",
+        "@esbuild/freebsd-arm64": "0.25.10",
+        "@esbuild/freebsd-x64": "0.25.10",
+        "@esbuild/linux-arm": "0.25.10",
+        "@esbuild/linux-arm64": "0.25.10",
+        "@esbuild/linux-ia32": "0.25.10",
+        "@esbuild/linux-loong64": "0.25.10",
+        "@esbuild/linux-mips64el": "0.25.10",
+        "@esbuild/linux-ppc64": "0.25.10",
+        "@esbuild/linux-riscv64": "0.25.10",
+        "@esbuild/linux-s390x": "0.25.10",
+        "@esbuild/linux-x64": "0.25.10",
+        "@esbuild/netbsd-arm64": "0.25.10",
+        "@esbuild/netbsd-x64": "0.25.10",
+        "@esbuild/openbsd-arm64": "0.25.10",
+        "@esbuild/openbsd-x64": "0.25.10",
+        "@esbuild/openharmony-arm64": "0.25.10",
+        "@esbuild/sunos-x64": "0.25.10",
+        "@esbuild/win32-arm64": "0.25.10",
+        "@esbuild/win32-ia32": "0.25.10",
+        "@esbuild/win32-x64": "0.25.10"
       }
     },
     "node_modules/escalade": {
@@ -4653,12 +4668,12 @@
       }
     },
     "node_modules/estree-util-to-js/node_modules/source-map": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz",
-      "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==",
+      "version": "0.7.6",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.6.tgz",
+      "integrity": "sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ==",
       "license": "BSD-3-Clause",
       "engines": {
-        "node": ">= 8"
+        "node": ">= 12"
       }
     },
     "node_modules/estree-util-value-to-estree": {
@@ -4983,15 +4998,15 @@
       }
     },
     "node_modules/fumadocs-core": {
-      "version": "15.7.7",
-      "resolved": "https://registry.npmjs.org/fumadocs-core/-/fumadocs-core-15.7.7.tgz",
-      "integrity": "sha512-4mo8y1L2VV9TcrQ1gses3c5zzCaPwDPYjfrPET4Qf+m7GPOqZ7wiUeXMTYb98T+N5wS0G/fsr/xFPZkgwD44gQ==",
+      "version": "15.7.13",
+      "resolved": "https://registry.npmjs.org/fumadocs-core/-/fumadocs-core-15.7.13.tgz",
+      "integrity": "sha512-pXSu5/7newNu1nxhz3tp5e0P8jS5oA4jpxWM9o/Rdt6mXjR0FymgHzFDesFVirpSCSjZDTa7RyWDRnyvEOYtvQ==",
       "license": "MIT",
       "dependencies": {
         "@formatjs/intl-localematcher": "^0.6.1",
-        "@orama/orama": "^3.1.12",
-        "@shikijs/rehype": "^3.12.0",
-        "@shikijs/transformers": "^3.12.0",
+        "@orama/orama": "^3.1.13",
+        "@shikijs/rehype": "^3.12.2",
+        "@shikijs/transformers": "^3.12.2",
         "github-slugger": "^2.0.0",
         "hast-util-to-estree": "^3.1.3",
         "hast-util-to-jsx-runtime": "^2.3.6",
@@ -5003,18 +5018,20 @@
         "remark-gfm": "^4.0.1",
         "remark-rehype": "^11.1.2",
         "scroll-into-view-if-needed": "^3.1.0",
-        "shiki": "^3.12.0",
+        "shiki": "^3.12.2",
         "unist-util-visit": "^5.0.0"
       },
       "peerDependencies": {
         "@mixedbread/sdk": "^0.19.0",
         "@oramacloud/client": "1.x.x || 2.x.x",
+        "@tanstack/react-router": "1.x.x",
         "@types/react": "*",
         "algoliasearch": "5.x.x",
         "next": "14.x.x || 15.x.x",
         "react": "18.x.x || 19.x.x",
         "react-dom": "18.x.x || 19.x.x",
-        "react-router": "7.x.x"
+        "react-router": "7.x.x",
+        "waku": "^0.26.0"
       },
       "peerDependenciesMeta": {
         "@mixedbread/sdk": {
@@ -5023,6 +5040,9 @@
         "@oramacloud/client": {
           "optional": true
         },
+        "@tanstack/react-router": {
+          "optional": true
+        },
         "@types/react": {
           "optional": true
         },
@@ -5040,30 +5060,37 @@
         },
         "react-router": {
           "optional": true
+        },
+        "waku": {
+          "optional": true
         }
       }
     },
     "node_modules/fumadocs-mdx": {
-      "version": "11.8.0",
-      "resolved": "https://registry.npmjs.org/fumadocs-mdx/-/fumadocs-mdx-11.8.0.tgz",
-      "integrity": "sha512-svbJBgkvLHG3GX2tG+TxiMPDnvE2QDHCIT2wgcYf+flWoDIMgh8ZWTvv4r5/BpU+svYeEd6sKFq3sEjlgDM4ag==",
+      "version": "12.0.1",
+      "resolved": "https://registry.npmjs.org/fumadocs-mdx/-/fumadocs-mdx-12.0.1.tgz",
+      "integrity": "sha512-o0Qf5pY5RGjn0IoiWbJQ+Yx2MKCwg/RTe0MdtLY2ue8OeRnZHCoPedBJFHQ0ep1X2rzAhjcmfTT5hxc3SELJGg==",
       "license": "MIT",
       "dependencies": {
-        "@mdx-js/mdx": "^3.1.0",
+        "@mdx-js/mdx": "^3.1.1",
         "@standard-schema/spec": "^1.0.0",
         "chokidar": "^4.0.3",
-        "esbuild": "^0.25.9",
+        "esbuild": "^0.25.10",
         "estree-util-value-to-estree": "^3.4.0",
         "js-yaml": "^4.1.0",
-        "lru-cache": "^11.1.0",
+        "lru-cache": "^11.2.2",
+        "mdast-util-to-markdown": "^2.1.2",
         "picocolors": "^1.1.1",
+        "remark-mdx": "^3.1.1",
+        "remark-parse": "^11.0.0",
         "tinyexec": "^1.0.1",
-        "tinyglobby": "^0.2.14",
+        "tinyglobby": "^0.2.15",
+        "unified": "^11.0.5",
         "unist-util-visit": "^5.0.0",
-        "zod": "^4.0.17"
+        "zod": "^4.1.11"
       },
       "bin": {
-        "fumadocs-mdx": "bin.js"
+        "fumadocs-mdx": "dist/bin.js"
       },
       "peerDependencies": {
         "@fumadocs/mdx-remote": "^1.4.0",
@@ -5088,9 +5115,9 @@
       }
     },
     "node_modules/fumadocs-mdx/node_modules/lru-cache": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.1.0.tgz",
-      "integrity": "sha512-QIXZUBJUx+2zHUdQujWejBkcD9+cs94tLn0+YL8UrCh+D5sCXZ4c7LaEH48pNwRY3MLDgqUFyhlCyjJPf1WP0A==",
+      "version": "11.2.2",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.2.tgz",
+      "integrity": "sha512-F9ODfyqML2coTIsQpSkRHnLSZMtkU8Q+mSfcaIyKwy58u+8k5nvAYeiNhsyMARvzNcXJ9QfWVrcPsC9e9rAxtg==",
       "license": "ISC",
       "engines": {
         "node": "20 || >=22"
@@ -5140,6 +5167,67 @@
         }
       }
     },
+    "node_modules/fumadocs-ui/node_modules/fumadocs-core": {
+      "version": "15.7.7",
+      "resolved": "https://registry.npmjs.org/fumadocs-core/-/fumadocs-core-15.7.7.tgz",
+      "integrity": "sha512-4mo8y1L2VV9TcrQ1gses3c5zzCaPwDPYjfrPET4Qf+m7GPOqZ7wiUeXMTYb98T+N5wS0G/fsr/xFPZkgwD44gQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@formatjs/intl-localematcher": "^0.6.1",
+        "@orama/orama": "^3.1.12",
+        "@shikijs/rehype": "^3.12.0",
+        "@shikijs/transformers": "^3.12.0",
+        "github-slugger": "^2.0.0",
+        "hast-util-to-estree": "^3.1.3",
+        "hast-util-to-jsx-runtime": "^2.3.6",
+        "image-size": "^2.0.2",
+        "negotiator": "^1.0.0",
+        "npm-to-yarn": "^3.0.1",
+        "react-remove-scroll": "^2.7.1",
+        "remark": "^15.0.0",
+        "remark-gfm": "^4.0.1",
+        "remark-rehype": "^11.1.2",
+        "scroll-into-view-if-needed": "^3.1.0",
+        "shiki": "^3.12.0",
+        "unist-util-visit": "^5.0.0"
+      },
+      "peerDependencies": {
+        "@mixedbread/sdk": "^0.19.0",
+        "@oramacloud/client": "1.x.x || 2.x.x",
+        "@types/react": "*",
+        "algoliasearch": "5.x.x",
+        "next": "14.x.x || 15.x.x",
+        "react": "18.x.x || 19.x.x",
+        "react-dom": "18.x.x || 19.x.x",
+        "react-router": "7.x.x"
+      },
+      "peerDependenciesMeta": {
+        "@mixedbread/sdk": {
+          "optional": true
+        },
+        "@oramacloud/client": {
+          "optional": true
+        },
+        "@types/react": {
+          "optional": true
+        },
+        "algoliasearch": {
+          "optional": true
+        },
+        "next": {
+          "optional": true
+        },
+        "react": {
+          "optional": true
+        },
+        "react-dom": {
+          "optional": true
+        },
+        "react-router": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/function-bind": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
@@ -6445,9 +6533,10 @@
       "peer": true
     },
     "node_modules/lucide-react": {
-      "version": "0.525.0",
-      "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.525.0.tgz",
-      "integrity": "sha512-Tm1txJ2OkymCGkvwoHt33Y2JpN5xucVq1slHcgE6Lk0WjDfjgKWor5CdVER8U6DvcfMwh4M8XxmpTiyzfmfDYQ==",
+      "version": "0.544.0",
+      "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.544.0.tgz",
+      "integrity": "sha512-t5tS44bqd825zAW45UQxpG2CvcC4urOwn2TrwSH8u+MjeE+1NnWl6QqeQ/6NdjMqdOygyiT9p3Ev0p1NJykxjw==",
+      "license": "ISC",
       "peerDependencies": {
         "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0"
       }
@@ -11907,9 +11996,9 @@
       }
     },
     "node_modules/recma-jsx": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/recma-jsx/-/recma-jsx-1.0.0.tgz",
-      "integrity": "sha512-5vwkv65qWwYxg+Atz95acp8DMu1JDSqdGkA2Of1j6rCreyFUE/gp15fC8MnGEuG1W68UKjM6x6+YTWIh7hZM/Q==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/recma-jsx/-/recma-jsx-1.0.1.tgz",
+      "integrity": "sha512-huSIy7VU2Z5OLv6oFLosQGGDqPqdO1iq6bWNAdhzMxSJP7RAso4fCZ1cKu8j9YHCZf3TPrq4dw3okhrylgcd7w==",
       "license": "MIT",
       "dependencies": {
         "acorn-jsx": "^5.0.0",
@@ -11921,6 +12010,9 @@
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/unified"
+      },
+      "peerDependencies": {
+        "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
       }
     },
     "node_modules/recma-parse": {
@@ -12068,9 +12160,9 @@
       }
     },
     "node_modules/remark-mdx": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-3.1.0.tgz",
-      "integrity": "sha512-Ngl/H3YXyBV9RcRNdlYsZujAmhsxwzxpDzpDEhFBVAGthS4GDgnctpDjgFl/ULx5UEDzqtW1cyBSNKqYYrqLBA==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-3.1.1.tgz",
+      "integrity": "sha512-Pjj2IYlUY3+D8x00UJsIOg5BEvfMyeI+2uLPn9VO9Wg4MEtN/VTIq2NEJQfde9PnX15KgtHyl9S0BcTnWrIuWg==",
       "license": "MIT",
       "dependencies": {
         "mdast-util-mdx": "^3.0.0",
@@ -12419,17 +12511,17 @@
       }
     },
     "node_modules/shiki": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/shiki/-/shiki-3.12.1.tgz",
-      "integrity": "sha512-eMlxVaXyuNQAQCaMtDKQjKv0eVm+kA6fsZtv9UqKgspP+7lWCVi7SoN+cJq1dawvIDQY7TI3SixamztotM6R6Q==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/shiki/-/shiki-3.13.0.tgz",
+      "integrity": "sha512-aZW4l8Og16CokuCLf8CF8kq+KK2yOygapU5m3+hoGw0Mdosc6fPitjM+ujYarppj5ZIKGyPDPP1vqmQhr+5/0g==",
       "license": "MIT",
       "dependencies": {
-        "@shikijs/core": "3.12.1",
-        "@shikijs/engine-javascript": "3.12.1",
-        "@shikijs/engine-oniguruma": "3.12.1",
-        "@shikijs/langs": "3.12.1",
-        "@shikijs/themes": "3.12.1",
-        "@shikijs/types": "3.12.1",
+        "@shikijs/core": "3.13.0",
+        "@shikijs/engine-javascript": "3.13.0",
+        "@shikijs/engine-oniguruma": "3.13.0",
+        "@shikijs/langs": "3.13.0",
+        "@shikijs/themes": "3.13.0",
+        "@shikijs/types": "3.13.0",
         "@shikijs/vscode-textmate": "^10.0.2",
         "@types/hast": "^3.0.4"
       }
@@ -13008,9 +13100,9 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "4.1.12",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.12.tgz",
-      "integrity": "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA==",
+      "version": "4.1.13",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.13.tgz",
+      "integrity": "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w==",
       "devOptional": true,
       "license": "MIT"
     },
@@ -13166,13 +13258,13 @@
       "license": "MIT"
     },
     "node_modules/tinyglobby": {
-      "version": "0.2.14",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.14.tgz",
-      "integrity": "sha512-tX5e7OM1HnYr2+a2C/4V0htOcSQcoSTH9KgJnVvNm5zm/cyEWKJ7j7YutsH9CxMdtOkkLFy2AHrMci9IM8IPZQ==",
+      "version": "0.2.15",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
       "license": "MIT",
       "dependencies": {
-        "fdir": "^6.4.4",
-        "picomatch": "^4.0.2"
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3"
       },
       "engines": {
         "node": ">=12.0.0"
@@ -13182,10 +13274,13 @@
       }
     },
     "node_modules/tinyglobby/node_modules/fdir": {
-      "version": "6.4.5",
-      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.5.tgz",
-      "integrity": "sha512-4BG7puHpVsIYxZUbiUE3RqGloLaSSwzYie5jvasC4LWuBWzZawynvYouhjbQKw2JuIGYdm0DzIxl8iVidKlUEw==",
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
       "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
       "peerDependencies": {
         "picomatch": "^3 || ^4"
       },
@@ -13196,9 +13291,9 @@
       }
     },
     "node_modules/tinyglobby/node_modules/picomatch": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
-      "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -13305,9 +13400,9 @@
       "license": "MIT"
     },
     "node_modules/undici-types": {
-      "version": "7.10.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.10.0.tgz",
-      "integrity": "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==",
+      "version": "7.12.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+      "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -13911,9 +14006,9 @@
       }
     },
     "node_modules/zod": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.1.tgz",
-      "integrity": "sha512-SgMZK/h8Tigt9nnKkfJMvB/mKjiJXaX26xegP4sa+0wHIFVFWVlsQGdhklDmuargBD3Hsi3rsQRIzwJIhTPJHA==",
+      "version": "4.1.11",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.11.tgz",
+      "integrity": "sha512-WPsqwxITS2tzx1bzhIKsEs19ABD5vmCVa4xBo2tq/SrV4RNZtfws1EnCWQXM6yh8bD08a1idvkB5MZSBiZsjwg==",
       "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/colinhacks"
diff --git a/package.json b/package.json
index 1258975..c20a18a 100644
--- a/package.json
+++ b/package.json
@@ -15,10 +15,10 @@
   },
   "dependencies": {
     "@types/mdx": "^2.0.13",
-    "fumadocs-core": "^15.6.9",
-    "fumadocs-mdx": "^11.8.0",
+    "fumadocs-core": "^15.7.13",
+    "fumadocs-mdx": "^12.0.1",
     "fumadocs-ui": "^15.7.7",
-    "lucide-react": "^0.525.0",
+    "lucide-react": "^0.544.0",
     "mdx": "^0.3.1",
     "next": "^15.5.2",
     "node-fetch": "^3.3.2",
@@ -29,14 +29,14 @@
   "devDependencies": {
     "@semantic-release/github": "^11.0.5",
     "@tailwindcss/postcss": "^4.1.12",
-    "@types/node": "24.3.0",
+    "@types/node": "24.5.2",
     "@types/react": "^19.1.12",
     "@types/react-dom": "^19.1.8",
     "autoprefixer": "^10.4.21",
     "markdownlint-cli": "^0.45.0",
     "markdownlint-cli2": "^0.18.1",
     "postcss": "^8.5.6",
-    "tailwindcss": "^4.1.12",
+    "tailwindcss": "^4.1.13",
     "typescript": "5.9.2"
   }
 }