chore: rename volumes for prom and grafana

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

.github/workflows/docker.yml

@@ -10,6 +10,12 @@ jobs:
     name: Push frontend to Docker Hub
     runs-on: ubuntu-latest
     steps:
+      - name: Wait
+        uses: NathanFirmo/wait-for-other-action@v1.0.4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          workflow: 'emojis.yml'
+
       - name: Check out the repo
         uses: actions/checkout@v3
 
@@ -29,6 +35,21 @@ jobs:
           images: srizan10/hclive
           tags: latest
 
+      - name: Download latest emoji importer
+        run: |
+          RELEASE_URL=$(curl -s https://api.github.com/repos/srizan10/hctv/releases/latest | \
+            grep "browser_download_url.*slack-import-emojis-linux-x86_64" | \
+            cut -d '"' -f 4)
+
+          curl -L -o slack-import-emojis-bin $RELEASE_URL
+          chmod +x slack-import-emojis-bin
+
+          mkdir -p apps/web/src/lib/instrumentation/
+
+          ./slack-import-emojis-bin default
+
+          cp emojis.json apps/web/
+
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -41,41 +62,7 @@ jobs:
           secrets: |
             TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
             TURBO_TEAM=${{ secrets.TURBO_TEAM }}
-  db:
-    name: Push db to Docker Hub
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: srizan10/hclive-db
-          tags: latest
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./packages/db/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64
-          secrets: |
-            TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
-            TURBO_TEAM=${{ secrets.TURBO_TEAM }}
+            SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
   chat:
     name: Push chat module to Docker Hub
     runs-on: ubuntu-latest
@@ -111,15 +98,43 @@ jobs:
           secrets: |
             TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
             TURBO_TEAM=${{ secrets.TURBO_TEAM }}
-  deploy:
-    name: Deploy to server
+  mediamtx:
+    name: Push MediaMTX image to Docker Hub
     runs-on: ubuntu-latest
-    needs: [frontend, db, chat]
     steps:
-      - name: Emit a webhook to the server
-        env:
-          AUTH_HEADER: ${{ secrets.WHSERVER_TOKEN }}
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: srizan10/hclive-mediamtx
+          tags: latest
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/mediamtx/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+  deploy:
+    name: Deploy to Coolify
+    runs-on: ubuntu-latest
+    needs: [frontend, chat, mediamtx]
+    steps:
+      - name: Send coolify redeploy webhook
         run: |
-          curl -X POST \
-            -H "Authorization: $AUTH_HEADER" \
-            https://webhooks.srizan.dev/hooks/hctv
+          curl -X POST -H "Authorization: Bearer ${{ secrets.COOLIFY_API_KEY }}" https://coolify.srizan.dev/api/v1/deploy?uuid=${{ secrets.COOLIFY_APP_UUID }}&force=true

.github/workflows/emojis.yml

@@ -0,0 +1,64 @@
+name: Slack Emoji Importer Release
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'slack-import-emojis/**'
+  workflow_dispatch:
+
+jobs:
+  build-and-release:
+    name: Build and create release
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./slack-import-emojis
+        
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@stable
+        
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: "./slack-import-emojis -> target"
+      
+      - name: Build release binary
+        run: cargo build --release
+
+      - name: Extract version from Cargo.toml
+        id: get_version
+        run: |
+          VERSION=$(grep '^version =' Cargo.toml | head -n 1 | cut -d '"' -f 2)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+      
+      - name: Create GitHub Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: emoji-importer-v${{ steps.get_version.outputs.version }}
+          name: Slack Emoji Importer v${{ steps.get_version.outputs.version }}
+          body: |
+            Slack Emoji Importer v${{ steps.get_version.outputs.version }}
+
+            Fetches emojis from the Slack workspace and exports them to JSON.
+
+            ## Usage
+            ```
+            export SLACK_TOKEN=xoxb-your-token
+            ./slack-import-emojis
+            ```
+          
+      - name: Upload Linux binary
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./slack-import-emojis/target/release/slack-import-emojis
+          asset_name: slack-import-emojis-linux-x86_64
+          asset_content_type: application/octet-stream

.gitignore

@@ -28,6 +28,7 @@ yarn-error.log*
 # local env files
 .env*.local
 .env* 
+!.env.example
 
 # vercel
 .vercel
@@ -42,4 +43,11 @@ dev/redis
 
 .turbo
 packages/db/generated/client
-*dist
+*dist
+
+slack-import-emojis/target
+**/*/emojis.json
+
+.idea
+
+/apps/docs/src/content/docs/typedoc-sdk

.vscode/mcp.json

@@ -0,0 +1,8 @@
+{
+  "servers": {
+    "Sentry": {
+      "url": "https://mcp.sentry.dev/mcp/sr-izan/hctv",
+      "type": "http"
+    }
+  }
+}

AGENTS.md

@@ -0,0 +1,343 @@
+# Agent Guidelines for HackClub.tv
+
+This document provides essential information for AI coding agents working on the HackClub.tv codebase.
+
+## Project Overview
+
+HackClub.tv is a live streaming platform built with Next.js 16, Prisma, and Turbo monorepo architecture.
+
+- **Monorepo**: Turborepo with pnpm workspaces
+- **Apps**: web (Next.js), chat (Hono), docs
+- **Packages**: db (Prisma), auth (Lucia), hono-ws, sdk
+- **Package Manager**: pnpm 10.6.5
+
+## Build, Lint, and Test Commands
+
+### Root Level Commands
+
+```bash
+pnpm install            # Install all dependencies
+pnpm build              # Build all apps and packages (uses Turbo)
+pnpm dev                # Start all apps in dev mode (uses Turbo)
+pnpm lint               # Lint all apps (uses Turbo)
+```
+
+### Database Commands
+
+```bash
+pnpm db:migrate         # Run Prisma migrations in dev
+pnpm prisma             # Run any Prisma command in db package
+```
+
+### App-Specific Commands
+
+```bash
+# Web app (Next.js)
+pnpm --filter=@hctv/web dev           # Start Next.js dev server
+pnpm --filter=@hctv/web build         # Build Next.js app
+pnpm --filter=@hctv/web lint          # Lint web app
+pnpm --filter=@hctv/web check-types   # Type check (tsc --noEmit)
+pnpm --filter=@hctv/web ui:add        # Add shadcn components
+
+# Chat app (Hono)
+pnpm --filter=@hctv/chat dev          # Start chat server with watch
+pnpm --filter=@hctv/chat build        # Build chat server
+
+# DB package (Prisma)
+pnpm --filter=@hctv/db db:generate    # Generate Prisma client
+pnpm --filter=@hctv/db db:migrate     # Run migrations
+pnpm --filter=@hctv/db build          # Generate client and build
+```
+
+### Running Single Tests
+
+This project does not currently have a test suite configured. When adding tests:
+
+- Use Vitest or Jest for unit tests
+- Use Playwright for E2E tests (recommended for Next.js)
+- Follow the pattern: `pnpm test -- <test-file-path>`
+
+### Docker Commands
+
+```bash
+pnpm docker:web         # Build web app Docker image
+pnpm docker:chat        # Build chat app Docker image
+pnpm r:rtmp             # Restart RTMP server
+```
+
+## Code Style Guidelines
+
+### Formatting
+
+- **Formatter**: Prettier (`.prettierrc.json`)
+- **Indentation**: 2 spaces (no tabs)
+- **Line Width**: 100 characters
+- **Quotes**: Single quotes
+- **Semicolons**: Required
+- **Trailing Commas**: ES5 style
+- **Linter**: ESLint with Next.js rules (`next/core-web-vitals`)
+
+### Import Organization
+
+Imports should be ordered as follows (no blank lines between groups):
+
+1. React/Next.js core imports
+2. Third-party libraries
+3. Internal components (`@/components`)
+4. Internal utilities/libs (`@/lib`)
+5. Package imports (`@hctv/*`)
+6. Type imports (use `import type` keyword)
+7. Relative imports
+
+```typescript
+import { useState, useEffect } from 'react';
+import { Send } from 'lucide-react';
+import { Button } from '@/components/ui/button';
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import type { User, Channel } from '@hctv/db';
+import { helper } from './utils';
+```
+
+### TypeScript Usage
+
+- **Strict mode**: Enabled
+- **Type over interface**: Use `type` for unions/intersections, `interface` for object shapes
+- **No implicit any**: Always type your variables
+- **Type imports**: Use `import type` for type-only imports
+- **Prisma types**: Import from `@hctv/db` and use type composition
+
+```typescript
+// Interfaces for props and object shapes
+interface ChatMessage {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+}
+
+// Type aliases for complex types
+type FormFieldConfig = {
+  name: string;
+  label?: string;
+};
+
+// Prisma type composition
+type StreamWithChannel = StreamInfo & { channel: Channel };
+```
+
+### Naming Conventions
+
+**Files:**
+
+- React components: `PascalCase.tsx` (e.g., `ChatPanel.tsx`)
+- Utilities/helpers: `camelCase.ts` (e.g., `validate.ts`)
+- Next.js pages: `page.tsx`, `route.ts`, `layout.tsx`
+- Client components: `page.client.tsx`
+
+**Variables & Functions:**
+
+- Components: `PascalCase`
+- Functions: `camelCase`
+- Constants: `SCREAMING_SNAKE_CASE`
+- Booleans: Use `is`, `has`, `should` prefixes
+- Refs: `Ref` suffix (e.g., `socketRef`)
+
+```typescript
+const MESSAGE_HISTORY_SIZE = 15;
+const isFollowing = await checkFollowing();
+const socketRef = useRef<WebSocket | null>(null);
+```
+
+### Error Handling
+
+**API Routes:**
+
+- Return `Response` objects with appropriate status codes
+- Use descriptive error messages
+- Status codes: 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found)
+
+```typescript
+if (!user) {
+  return new Response('Unauthorized', { status: 401 });
+}
+```
+
+**Server Actions:**
+
+- Return objects with `success` boolean and `error` or `data` fields
+- Use `zodVerify` helper for validation
+
+```typescript
+const zod = await zodVerify(schema, formData);
+if (!zod.success) {
+  return { success: false, error: zod.error };
+}
+return { success: true, data: result };
+```
+
+**Client-side:**
+
+- Use try-catch for async operations
+- Use toast notifications (sonner) for user feedback
+- Log errors with `console.error`
+
+### Async Patterns
+
+- **Prefer**: async/await over Promise chains
+- **Parallel operations**: Use `Promise.all()`
+- **No .then() chaining**: Except in utility functions like fetchers
+
+```typescript
+// Standard async/await
+const data = await prisma.model.findMany();
+
+// Parallel operations
+const [channelA, channelB] = await Promise.all([
+  prisma.channel.findUnique({ where: { id: 'a' } }),
+  prisma.channel.findUnique({ where: { id: 'b' } }),
+]);
+```
+
+## React Component Patterns
+
+### Component Structure
+
+1. Directive (`'use client'` or `'use server'`)
+2. Imports
+3. Component function
+4. Helper functions (if needed)
+5. Type/interface definitions (at bottom)
+
+```typescript
+'use client';
+
+import { useState } from 'react';
+import { Button } from '@/components/ui/button';
+
+export default function ChatPanel(props: Props) {
+  const [message, setMessage] = useState('');
+
+  return <div>{/* JSX */}</div>;
+}
+
+interface Props {
+  username: string;
+}
+```
+
+### Server vs Client Components
+
+- **Server components**: Default (no directive), use for data fetching
+- **Client components**: Add `'use client'`, use for interactivity
+- Fetch data in server components, pass to client components as props
+
+## Database Patterns (Prisma)
+
+### Imports
+
+```typescript
+import { prisma } from '@hctv/db';
+import type { User, Channel, StreamInfo } from '@hctv/db';
+```
+
+### Common Queries
+
+```typescript
+// FindUnique with relations
+const channel = await prisma.channel.findUnique({
+  where: { name: channelName },
+  include: { owner: true, streamInfo: true },
+});
+
+// FindMany with dynamic filters
+const where: Prisma.StreamInfoWhereInput = {};
+if (isLive) where.isLive = true;
+const streams = await prisma.streamInfo.findMany({ where });
+
+// Create with relations
+await prisma.channel.create({
+  data: {
+    name: channelName,
+    ownerId: user.id,
+    personalFor: { connect: { id: user.id } },
+  },
+});
+
+// Update
+await prisma.streamInfo.update({
+  where: { username },
+  data: { title: newTitle },
+});
+
+// Upsert
+await prisma.streamKey.upsert({
+  create: { key: newKey, channelId },
+  update: { key: newKey },
+  where: { channelId },
+});
+```
+
+### Redis Usage
+
+```typescript
+import { getRedisConnection } from '@hctv/db';
+
+const redis = getRedisConnection();
+await redis.set('key', 'value');
+await redis.get('key');
+await redis.setex('key', 30, 'value'); // with expiry
+```
+
+## API Route Patterns
+
+### Next.js App Router
+
+```typescript
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const param = searchParams.get('param');
+
+  const data = await prisma.model.findMany();
+  return Response.json(data);
+}
+```
+
+### Server Actions
+
+```typescript
+'use server';
+
+export async function createChannel(prev: any, formData: FormData) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return { success: false, error: 'Unauthorized' };
+  }
+
+  const zod = await zodVerify(createChannelSchema, formData);
+  if (!zod.success) {
+    return zod;
+  }
+
+  // ... processing
+
+  return { success: true };
+}
+```
+
+## Important Notes
+
+- **Turbo caching**: Build outputs are cached. Use `--force` to bypass cache
+- **Environment variables**: Use `NEXT_PUBLIC_` prefix for client-side vars
+- **Styling**: Tailwind CSS with shadcn/ui components, use `cn()` for conditional classes
+- **Data fetching**: SWR for client-side, direct Prisma for server components
+- **Validation**: Zod schemas for form and API validation
+- **Cache invalidation**: Use `revalidatePath()` after mutations

README.md

@@ -1,13 +1,7 @@
 # hackclub.tv
 
-This is the source code for [hackclub.tv (hctv.srizan.dev)](https://hctv.srizan.dev), a livestreaming website for hackclubbers.
+This is the source code for [hackclub.tv](https://hackclub.tv), a livestreaming website for hackclubbers.
 
-Development has been ongoing for a few months, and the site is now live! There are some half-baked features, but I'm all ears for feedback.
+The development setup guide can be read at <https://docs.hackclub.tv/guides/dev/>
 
-Join [#hctv](https://hackclub.slack.com/archives/C08HGLXGXAB) on the HC Slack for discussion and updates!
-
-## Features
-
-- High quality video streaming (low latency coming soon)
-- Chat with other viewers
-- Multiaccount support (database schema laid out, UI not implemented)
+Join [#hctv](https://hackclub.slack.com/archives/C08HGLXGXAB) on the Hack Club Slack for discussion and updates!

apps/chat/Dockerfile

@@ -1,10 +1,13 @@
 FROM node:lts-alpine AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
 
 FROM base AS builder
 RUN apk update
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
-RUN yarn global add turbo@^2
+RUN pnpm add -g turbo@^2
 COPY . .
 
 RUN turbo prune @hctv/chat --docker
@@ -16,10 +19,10 @@ WORKDIR /app
  
 # First install the dependencies
 COPY --from=builder /app/out/json/ .
-RUN yarn install --frozen-lockfile
+RUN pnpm install --frozen-lockfile
 
 COPY --from=builder /app/out/full/ .
-RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build --concurrency=1
+RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) pnpm turbo run build --concurrency=1
  
 FROM base AS runner
 WORKDIR /app

apps/chat/README.md

@@ -1,8 +0,0 @@
-```
-npm install
-npm run dev
-```
-
-```
-open http://localhost:3000
-```

apps/chat/package.json

@@ -7,13 +7,15 @@
     "build": "tsc --build"
   },
   "dependencies": {
-    "@hctv/auth": "*",
-    "@hctv/db": "*",
-    "@hctv/hono-ws": "*",
+    "@hctv/auth": "workspace:*",
+    "@hctv/db": "workspace:*",
+    "@hctv/hono-ws": "workspace:*",
     "@hono/node-server": "^1.14.0",
     "@hono/node-ws": "^1.1.0",
+    "@leeoniya/ufuzzy": "^1.0.18",
     "@oslojs/encoding": "^1.1.0",
-    "hono": "^4.7.5"
+    "hono": "^4.7.5",
+    "prom-client": "^15.1.3"
   },
   "devDependencies": {
     "@types/node": "^20.11.17",

apps/chat/src/index.ts

@@ -1,75 +1,587 @@
 import { serve } from '@hono/node-server';
-import { createNodeWebSocket, type ModifiedWebSocket } from '@hctv/hono-ws';
+import { createNodeWebSocket } from '@hctv/hono-ws';
 import { Hono } from 'hono';
 import { readFile } from 'node:fs/promises';
 import { lucia } from '@hctv/auth';
 import { getCookie } from 'hono/cookie';
+import {
+  chatMetricsRegistry,
+  recordChatConnectionAccepted,
+  recordChatConnectionRejected,
+  recordChatDisconnect,
+  recordChatError,
+  recordChatModerationBlock,
+  recordDeliveredChatMessage,
+  recordDeliveredChatMessageBytes,
+  recordEmojiSearchResults,
+  recordHistoryMessagesLoaded,
+  recordIncomingChatMessage,
+  recordUniqueChatter,
+  setChannelHistorySize,
+  setChatModerationState,
+  startChatMessageTimer,
+} from './metrics.js';
 import { getPersonalChannel } from './utils/personalChannel.js';
-import { prisma } from '@hctv/db';
+import { ChatModerationAction, getRedisConnection, prisma } from '@hctv/db';
+import uFuzzy from '@leeoniya/ufuzzy';
+import {
+  handleDeleteMessageCommand,
+  handleUserRestrictionCommand,
+  sendModerationError,
+} from './utils/moderation.js';
+import { randomString } from './utils/randomString.js';
+import type {
+  ChatModerationCommand,
+  ChatModerationSettingsShape,
+  ChatRestrictionState,
+  ChatSocket,
+  ChatUser,
+} from './types/chat.js';
+import { basicAuth } from 'hono/basic-auth';
 
+const redis = getRedisConnection();
+const MESSAGE_HISTORY_SIZE = 100;
+const MESSAGE_TTL = 60 * 60 * 24;
+const MODERATION_SETTINGS_CACHE_TTL_SECONDS = 30;
 const threed = await readFile('./src/3d.txt', 'utf-8');
+const uf = new uFuzzy();
+
+type IncomingMessage = {
+  type?: string;
+  [key: string]: unknown;
+};
+
+const METRICS_MESSAGE_TYPES = [
+  'ping',
+  'message',
+  'emojiMsg',
+  'emojiSearch',
+  'mod:deleteMessage',
+  'mod:timeoutUser',
+  'mod:banUser',
+  'mod:unbanUser',
+  'mod:liftTimeout',
+] as const;
+
+type MetricsMessageType = (typeof METRICS_MESSAGE_TYPES)[number] | 'unknown';
+
+function getMetricsMessageType(type: unknown): MetricsMessageType {
+  if (typeof type !== 'string') {
+    return 'unknown';
+  }
+
+  return (METRICS_MESSAGE_TYPES as readonly string[]).includes(type)
+    ? (type as MetricsMessageType)
+    : 'unknown';
+}
+
+const DEFAULT_MODERATION_SETTINGS: ChatModerationSettingsShape = {
+  blockedTerms: [],
+  slowModeSeconds: 0,
+  maxMessageLength: 400,
+  rateLimitCount: 8,
+  rateLimitWindowSeconds: 10,
+};
+
+function normalizeModerationSettings(
+  settings?: Partial<ChatModerationSettingsShape> | null
+): ChatModerationSettingsShape {
+  return {
+    blockedTerms:
+      settings?.blockedTerms
+        ?.map((term) => term.trim().toLowerCase())
+        .filter((term) => term.length >= 2)
+        .slice(0, 200) ?? [],
+    slowModeSeconds: Math.min(Math.max(settings?.slowModeSeconds ?? 0, 0), 120),
+    maxMessageLength: Math.min(Math.max(settings?.maxMessageLength ?? 50, 50), 2000),
+    rateLimitCount: Math.min(Math.max(settings?.rateLimitCount ?? 8, 3), 30),
+    rateLimitWindowSeconds: Math.min(Math.max(settings?.rateLimitWindowSeconds ?? 10, 5), 60),
+  };
+}
+
+function escapeRegExp(value: string): string {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+function containsBlockedTerm(message: string, blockedTerms: string[]): string | null {
+  const normalizedMessage = message.toLowerCase();
+
+  for (const term of blockedTerms) {
+    const regex = new RegExp(`(^|\\W)${escapeRegExp(term)}($|\\W)`, 'i');
+    if (regex.test(normalizedMessage)) {
+      return term;
+    }
+  }
+
+  return null;
+}
+
+async function getCachedModerationSettings(
+  channelId: string
+): Promise<ChatModerationSettingsShape> {
+  const cacheKey = `chat:moderation:settings:${channelId}`;
+  const cachedSettings = await redis.get(cacheKey);
+
+  if (cachedSettings) {
+    try {
+      return normalizeModerationSettings(JSON.parse(cachedSettings));
+    } catch {
+      await redis.del(cacheKey);
+    }
+  }
+
+  const dbSettings = await prisma.chatModerationSettings.findUnique({
+    where: { channelId },
+    select: {
+      blockedTerms: true,
+      slowModeSeconds: true,
+      maxMessageLength: true,
+      rateLimitCount: true,
+      rateLimitWindowSeconds: true,
+    },
+  });
+
+  const normalized = normalizeModerationSettings(dbSettings ?? DEFAULT_MODERATION_SETTINGS);
+  await redis.setex(cacheKey, MODERATION_SETTINGS_CACHE_TTL_SECONDS, JSON.stringify(normalized));
+  return normalized;
+}
+
+function resolveSocketState(socket: ChatSocket): ChatSocket {
+  return (socket.raw as unknown as ChatSocket | undefined) ?? socket;
+}
+
+function broadcastToChannel(
+  targetUsername: string,
+  ws: ChatSocket,
+  payload: Record<string, unknown>
+) {
+  ws.wss.clients.forEach((clientSocket: unknown) => {
+    const client = clientSocket as ChatSocket;
+    const clientState = resolveSocketState(client);
+    if (client.readyState === client.OPEN && clientState.targetUsername === targetUsername) {
+      client.send(JSON.stringify(payload));
+    }
+  });
+}
+
+async function getActiveRestriction(
+  channelId: string,
+  userId: string
+): Promise<ChatRestrictionState | null> {
+  const activeBan = await prisma.chatUserBan.findUnique({
+    where: {
+      channelId_userId: {
+        channelId,
+        userId,
+      },
+    },
+    select: {
+      reason: true,
+      expiresAt: true,
+    },
+  });
+
+  if (!activeBan) {
+    return null;
+  }
+
+  if (activeBan.expiresAt && activeBan.expiresAt < new Date()) {
+    await prisma.chatUserBan.delete({
+      where: {
+        channelId_userId: {
+          channelId,
+          userId,
+        },
+      },
+    });
+    return null;
+  }
+
+  return {
+    type: activeBan.expiresAt ? 'timeout' : 'ban',
+    reason: activeBan.reason,
+    expiresAt: activeBan.expiresAt,
+  };
+}
+
+async function sendChatAccessState(socket: ChatSocket, channelId: string, userId: string) {
+  const restriction = await getActiveRestriction(channelId, userId);
+  socket.send(
+    JSON.stringify({
+      type: 'chatAccess',
+      canSend: !restriction,
+      restriction,
+    })
+  );
+}
+
+async function broadcastRestrictionStateToUser(
+  targetUsername: string,
+  targetUserId: string,
+  channelId: string,
+  ws: ChatSocket
+) {
+  const restriction = await getActiveRestriction(channelId, targetUserId);
+  ws.wss.clients.forEach((clientSocket: unknown) => {
+    const client = clientSocket as ChatSocket;
+    const clientState = resolveSocketState(client);
+    if (
+      client.readyState === client.OPEN &&
+      clientState.targetUsername === targetUsername &&
+      clientState.chatUser?.id === targetUserId
+    ) {
+      client.send(
+        JSON.stringify({
+          type: 'chatAccess',
+          canSend: !restriction,
+          restriction,
+        })
+      );
+    }
+  });
+}
+
+const RATE_LIMIT_LUA = `
+local current = redis.call('INCR', KEYS[1])
+if current == 1 then
+  redis.call('EXPIRE', KEYS[1], ARGV[1])
+end
+return current
+`;
+
+async function isRateLimited(
+  channelId: string,
+  userId: string,
+  count: number,
+  windowSeconds: number
+): Promise<boolean> {
+  const key = `chat:ratelimit:${channelId}:${userId}`;
+  const currentCount = (await redis.eval(RATE_LIMIT_LUA, 1, key, String(windowSeconds))) as number;
+  return currentCount > count;
+}
+
+async function logModerationEvent(payload: {
+  action: ChatModerationAction;
+  channelId: string;
+  moderatorId: string;
+  targetUserId?: string;
+  reason?: string;
+  details?: Record<string, unknown>;
+}) {
+  await prisma.chatModerationEvent.create({
+    data: {
+      action: payload.action,
+      channelId: payload.channelId,
+      moderatorId: payload.moderatorId,
+      targetUserId: payload.targetUserId,
+      reason: payload.reason,
+      details: payload.details as any,
+    },
+  });
+}
+
+async function deleteMessageFromHistory(targetUsername: string, msgId: string): Promise<boolean> {
+  const channelKey = `chat:history:${targetUsername}`;
+  const history = await redis.zrange(channelKey, 0, -1);
+
+  for (const entry of history) {
+    try {
+      const parsed = JSON.parse(entry) as { msgId?: string };
+      if (parsed.msgId === msgId) {
+        await redis.zrem(channelKey, entry);
+        return true;
+      }
+    } catch {
+      continue;
+    }
+  }
+
+  return false;
+}
 
 const app = new Hono();
 const { injectWebSocket, upgradeWebSocket } = createNodeWebSocket({ app });
+if (process.env.NODE_ENV === 'production') {
+  app.use(
+    '/metrics',
+    basicAuth({ username: process.env.METRICS_USER!, password: process.env.METRICS_PASS! })
+  );
+}
 
 app.get('/', async (c) => {
   return c.text(threed);
 });
 
 app.get('/up', async (c) => {
-  return c.text('it works');
+  return c.text('hello world');
+});
+
+app.get('/metrics', async () => {
+  return new Response(await chatMetricsRegistry.metrics(), {
+    headers: {
+      'Content-Type': chatMetricsRegistry.contentType,
+      'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate',
+    },
+  });
 });
 
 app.get(
   '/ws/:username',
   upgradeWebSocket((c) => ({
-    // https://hono.dev/helpers/websocket
     async onOpen(evt, ws) {
+      let authMethod = 'unknown';
       const token = getCookie(c, 'auth_session');
-      if (!token) {
+      const grant = c.req.query('grant');
+      const authHeader = c.req.header('Authorization');
+      const botAuth = c.req.query('botAuth');
+
+      if (!token && (!grant || grant === 'null') && !authHeader && !botAuth) {
+        recordChatConnectionRejected(authMethod, 'missing_auth');
         ws.close();
         return;
       }
 
-      const { user } = await lucia.validateSession(token);
-      if (!user) {
-        ws.close();
-        return;
+      let chatUser: ChatUser | null = null;
+      let personalChannel: any = null;
+
+      let apiKey: string | null = null;
+      if (authHeader && authHeader.startsWith('Bearer ')) {
+        const extractedKey = authHeader.substring(7);
+        if (extractedKey.startsWith('hctvb_')) {
+          apiKey = extractedKey;
+        }
+      } else if (botAuth && typeof botAuth === 'string' && botAuth.trim().length > 0) {
+        if (botAuth.startsWith('hctvb_')) {
+          apiKey = botAuth;
+        }
       }
 
-      const personalChannel = await getPersonalChannel(user.id);
-      if (!personalChannel) {
+      if (apiKey) {
+        const botAccount = await prisma.botApiKey.findUnique({
+          where: { key: apiKey },
+          include: { botAccount: true },
+        });
+
+        if (botAccount) {
+          authMethod = 'bot_api_key';
+          chatUser = {
+            id: botAccount.botAccount.id,
+            username: botAccount.botAccount.slug,
+            pfpUrl: botAccount.botAccount.pfpUrl,
+            displayName: botAccount.botAccount.displayName,
+            isBot: true,
+            moderatorUserId: botAccount.botAccount.ownerId,
+            isPlatformAdmin: false,
+            channelRole: null,
+          };
+
+          personalChannel = {
+            id: botAccount.botAccount.id,
+            name: botAccount.botAccount.slug,
+          };
+        }
+      }
+
+      if (!chatUser && token) {
+        const session = await lucia.validateSession(token);
+        if (session.user) {
+          const userChannel = await getPersonalChannel(session.user.id);
+          if (userChannel) {
+            authMethod = 'session';
+            chatUser = {
+              id: session.user.id,
+              username: userChannel.name,
+              pfpUrl: session.user.pfpUrl,
+              isBot: false,
+              moderatorUserId: session.user.id,
+              isPlatformAdmin: Boolean(session.user.isAdmin),
+              channelRole: null,
+            };
+            personalChannel = userChannel;
+          }
+        }
+      }
+
+      const dbGrant =
+        grant && grant !== 'null'
+          ? await prisma.channel.findFirst({
+              where: { obsChatGrantToken: grant },
+            })
+          : null;
+
+      if (!chatUser && !dbGrant) {
+        recordChatConnectionRejected(authMethod, 'auth_failed');
         ws.close();
         return;
       }
 
       const { username } = c.req.param();
-      ws.targetUsername = username;
-      ws.user = user;
-      ws.personalChannel = personalChannel;
-      if (ws.raw) {
-        ws.raw.targetUsername = username;
-        // @ts-ignore
-        ws.raw.user = user;
-        ws.raw.personalChannel = personalChannel;
+      if (!chatUser && dbGrant) {
+        authMethod = 'obs_grant';
       }
 
-      await prisma.streamInfo.update({
-        where: {
-          username,
-        },
-        data: {
-          viewers: {
-            increment: 1,
+      if (dbGrant && dbGrant.name !== username) {
+        recordChatConnectionRejected(authMethod, 'grant_mismatch');
+        ws.close();
+        return;
+      }
+      const channel = await prisma.channel.findUnique({
+        where: { name: username },
+        select: {
+          id: true,
+          ownerId: true,
+          managers: {
+            select: {
+              id: true,
+            },
+          },
+          chatModerators: {
+            select: {
+              id: true,
+            },
+          },
+          chatModeratorBots: {
+            select: {
+              id: true,
+            },
           },
         },
       });
+
+      if (!channel) {
+        recordChatConnectionRejected(authMethod, 'channel_not_found');
+        ws.close();
+        return;
+      }
+
+      let channelRole: ChatUser['channelRole'] = null;
+      const activeChatUser = chatUser;
+      if (activeChatUser) {
+        if (activeChatUser.isBot) {
+          if (channel.chatModeratorBots.some((bot) => bot.id === activeChatUser.id)) {
+            channelRole = 'botModerator';
+          }
+        } else if (channel.ownerId === activeChatUser.id) {
+          channelRole = 'owner';
+        } else if (channel.managers.some((manager) => manager.id === activeChatUser.id)) {
+          channelRole = 'manager';
+        } else if (channel.chatModerators.some((moderator) => moderator.id === activeChatUser.id)) {
+          channelRole = 'chatModerator';
+        }
+      }
+
+      if (chatUser) {
+        const moderatorUser = await prisma.user.findUnique({
+          where: { id: chatUser.moderatorUserId },
+          select: { isAdmin: true },
+        });
+
+        chatUser = {
+          ...chatUser,
+          isPlatformAdmin: chatUser.isBot ? false : Boolean(moderatorUser?.isAdmin),
+          channelRole,
+        };
+      }
+
+      const isModerator = Boolean(
+        chatUser &&
+        (chatUser.isPlatformAdmin ||
+          chatUser.channelRole === 'owner' ||
+          chatUser.channelRole === 'manager' ||
+          chatUser.channelRole === 'chatModerator' ||
+          chatUser.channelRole === 'botModerator')
+      );
+
+      const moderationSettings = await getCachedModerationSettings(channel.id);
+
+      const socket = ws as unknown as ChatSocket;
+      const socketState = resolveSocketState(socket);
+
+      socket.targetUsername = username;
+      socket.channelId = channel.id;
+      socket.chatUser = chatUser;
+      socket.personalChannel = personalChannel;
+      socket.viewerId = randomString(10);
+      socket.isModerator = isModerator;
+      socket.excludeFromViewerCount = Boolean(dbGrant);
+
+      socketState.targetUsername = username;
+      socketState.channelId = channel.id;
+      socketState.chatUser = chatUser;
+      socketState.personalChannel = personalChannel;
+      socketState.viewerId = socket.viewerId;
+      socketState.isModerator = isModerator;
+      socket.metricsTracked = true;
+      socketState.metricsTracked = true;
+      socket.metricsAuthMethod = authMethod;
+      socketState.metricsAuthMethod = authMethod;
+
+      recordChatConnectionAccepted(username, authMethod);
+      setChatModerationState(username, {
+        blockedTerms: moderationSettings.blockedTerms.length,
+        maxMessageLength: moderationSettings.maxMessageLength,
+        rateLimitCount: moderationSettings.rateLimitCount,
+        rateLimitWindowSeconds: moderationSettings.rateLimitWindowSeconds,
+        slowModeSeconds: moderationSettings.slowModeSeconds,
+      });
+
+      socketState.excludeFromViewerCount = Boolean(dbGrant);
+
+      socket.send(
+        JSON.stringify({
+          type: 'session',
+          viewer: chatUser
+            ? {
+                id: chatUser.id,
+                username: chatUser.username,
+              }
+            : null,
+          permissions: {
+            canModerate: isModerator,
+          },
+          moderation: {
+            hasBlockedTerms: moderationSettings.blockedTerms.length > 0,
+            slowModeSeconds: moderationSettings.slowModeSeconds,
+            maxMessageLength: moderationSettings.maxMessageLength,
+          },
+        })
+      );
+
+      if (chatUser && !chatUser.isBot) {
+        await sendChatAccessState(socket, channel.id, chatUser.id);
+      }
+
+      const channelKey = `chat:history:${username}`;
+      const messages = await redis.zrange(channelKey, 0, MESSAGE_HISTORY_SIZE - 1);
+
+      if (messages.length > 0) {
+        recordHistoryMessagesLoaded(username, messages.length);
+        socket.send(
+          JSON.stringify({
+            type: 'history',
+            messages: messages.map((msg) => JSON.parse(msg)),
+          })
+        );
+      }
+      setChannelHistorySize(username, messages.length);
     },
     async onClose(evt, ws) {
-      console.log('client disconnected');
+      const socket = ws as unknown as ChatSocket;
+      const socketState = resolveSocketState(socket);
+      if (process.env.NODE_ENV !== 'production') console.log('client disconnected');
+      if (!socketState.targetUsername) return;
+
+      if (socketState.metricsTracked) {
+        recordChatDisconnect(
+          socketState.targetUsername,
+          socketState.metricsAuthMethod ?? 'unknown'
+        );
+        socketState.metricsTracked = false;
+      }
+
       const streamInfo = await prisma.streamInfo.findUnique({
         where: {
-          username: ws.targetUsername,
+          username: socketState.targetUsername,
         },
         select: {
           viewers: true,
@@ -78,40 +590,281 @@ app.get(
 
       if (!streamInfo) return;
 
-      await prisma.streamInfo.update({
-        where: {
-          username: ws.targetUsername,
-        },
-        data: {
-          viewers: streamInfo.viewers === 0 ? { set: 0 } : { decrement: 1 },
-        },
-      });
+      if (!socketState.excludeFromViewerCount) {
+        await redis.del(`viewer:${socketState.targetUsername}:${socketState.viewerId}`);
+      }
     },
-    onMessage(evt, ws) {
-      const msg = JSON.parse(evt.data.toString());
-      if (msg.type === 'ping') {
-        ws.send(
-          JSON.stringify({
-            type: 'pong',
-          })
-        );
-        return;
-      } else if (msg.type === 'message') {
-        ws.wss.clients.forEach((c) => {
-          const client = c as ModifiedWebSocket;
-          if (client.readyState === client.OPEN && client.targetUsername === ws.targetUsername) {
-            c.send(
-              JSON.stringify({
-                user: {
-                  id: ws.user.id,
-                  username: ws.personalChannel.name,
-                  pfpUrl: ws.user.pfpUrl,
-                },
-                message: msg.message,
-              })
+    async onMessage(evt, ws) {
+      let outcome = 'ignored';
+      let messageType = 'unknown';
+      let stopTimer: ReturnType<typeof startChatMessageTimer> | null = null;
+
+      try {
+        const socket = ws as unknown as ChatSocket;
+        const socketState = resolveSocketState(socket);
+        const rawPayload = evt.data.toString();
+        const msg = JSON.parse(rawPayload) as IncomingMessage;
+        messageType = getMetricsMessageType(msg.type);
+        recordIncomingChatMessage(messageType, Buffer.byteLength(rawPayload));
+        stopTimer = startChatMessageTimer(messageType);
+
+        if (msg.type === 'ping') {
+          if (!socketState.excludeFromViewerCount) {
+            await redis.setex(
+              `viewer:${socketState.targetUsername}:${socketState.viewerId}`,
+              30,
+              '1'
             );
           }
-        });
+          socket.send(JSON.stringify({ type: 'pong' }));
+          outcome = 'pong';
+          return;
+        }
+
+        if (msg.type === 'mod:deleteMessage') {
+          await handleDeleteMessageCommand(socket, socketState, msg as ChatModerationCommand, {
+            deleteMessageFromHistory,
+            logModerationEvent,
+            broadcastToChannel,
+          });
+          outcome = 'moderation';
+          return;
+        }
+
+        if (
+          msg.type === 'mod:timeoutUser' ||
+          msg.type === 'mod:banUser' ||
+          msg.type === 'mod:unbanUser' ||
+          msg.type === 'mod:liftTimeout'
+        ) {
+          await handleUserRestrictionCommand(socket, socketState, msg as ChatModerationCommand, {
+            logModerationEvent,
+            broadcastRestrictionStateToUser,
+            broadcastToChannel,
+          });
+          outcome = 'moderation';
+          return;
+        }
+
+        if (msg.type === 'message') {
+          if (
+            !socketState.chatUser ||
+            !socketState.personalChannel ||
+            !socketState.channelId ||
+            !socketState.targetUsername
+          ) {
+            return;
+          }
+
+          const chatUser = socketState.chatUser;
+          const channelId = socketState.channelId;
+          const targetUsername = socketState.targetUsername;
+          const isModerator = Boolean(socketState.isModerator);
+
+          if (!chatUser || !channelId || !targetUsername) {
+            return;
+          }
+
+          const moderationSettings = await getCachedModerationSettings(channelId);
+
+          const restriction = await getActiveRestriction(channelId, chatUser.id);
+          if (restriction) {
+            sendModerationError(
+              socket,
+              restriction.type === 'timeout' ? 'TIMED_OUT' : 'BANNED',
+              restriction.type === 'timeout'
+                ? 'You are currently timed out in this chat.'
+                : 'You are currently banned from this chat.',
+              restriction
+            );
+
+            await sendChatAccessState(socket, channelId, chatUser.id);
+            outcome = 'blocked';
+            return;
+          }
+
+          if (
+            !isModerator &&
+            (await isRateLimited(
+              channelId,
+              chatUser.id,
+              moderationSettings.rateLimitCount,
+              moderationSettings.rateLimitWindowSeconds
+            ))
+          ) {
+            sendModerationError(socket, 'RATE_LIMIT', 'You are sending messages too fast.');
+            recordChatModerationBlock('rate_limit');
+            outcome = 'rate_limited';
+            return;
+          }
+
+          if (!isModerator && moderationSettings.slowModeSeconds > 0) {
+            const slowModeKey = `chat:slowmode:${channelId}:${chatUser.id}`;
+            const timeRemaining = await redis.ttl(slowModeKey);
+            if (timeRemaining > 0) {
+              sendModerationError(socket, 'SLOW_MODE', `Slow mode is on. Wait ${timeRemaining}s.`);
+              recordChatModerationBlock('slow_mode');
+              outcome = 'slow_mode';
+              return;
+            }
+            await redis.setex(slowModeKey, moderationSettings.slowModeSeconds, '1');
+          }
+
+          const message = (msg.message as string).trim();
+          if (!message) {
+            return;
+          }
+          if (message.length > moderationSettings.maxMessageLength) {
+            sendModerationError(
+              socket,
+              'MESSAGE_TOO_LONG',
+              `Message exceeds ${moderationSettings.maxMessageLength} characters.`
+            );
+            recordChatModerationBlock('message_too_long');
+            outcome = 'message_too_long';
+            return;
+          }
+
+          const blockedTerm = containsBlockedTerm(message, moderationSettings.blockedTerms);
+          if (blockedTerm) {
+            if (!chatUser.isBot) {
+              await logModerationEvent({
+                action: ChatModerationAction.MESSAGE_BLOCKED,
+                channelId,
+                moderatorId: chatUser.id,
+                targetUserId: chatUser.id,
+                reason: 'Blocked term matched',
+                details: { blockedTerm },
+              });
+            }
+            recordChatModerationBlock('blocked_term');
+            sendModerationError(socket, 'BLOCKED_TERM', 'Message blocked by channel moderation.');
+            outcome = 'blocked_term';
+            return;
+          }
+
+          const msgId = crypto.randomUUID();
+          const msgObj = {
+            user: {
+              id: chatUser.id,
+              username: chatUser.username,
+              pfpUrl: chatUser.pfpUrl,
+              displayName: chatUser.displayName,
+              isBot: chatUser.isBot || false,
+              isPlatformAdmin: chatUser.isPlatformAdmin,
+              channelRole: chatUser.channelRole,
+            },
+            message,
+            msgId,
+            type: 'message',
+          };
+
+          const redisStr = JSON.stringify(msgObj);
+
+          const channelKey = `chat:history:${targetUsername}`;
+          await redis.zadd(channelKey, Date.now(), redisStr);
+          await redis.zremrangebyrank(channelKey, 0, -MESSAGE_HISTORY_SIZE - 1);
+          await redis.expire(channelKey, MESSAGE_TTL);
+          const historySize = await redis.zcard(channelKey);
+          setChannelHistorySize(targetUsername, historySize);
+
+          broadcastToChannel(targetUsername, socket, msgObj as unknown as Record<string, unknown>);
+          recordDeliveredChatMessage(chatUser.isBot ? 'bot' : 'user');
+          recordDeliveredChatMessageBytes(
+            chatUser.isBot ? 'bot' : 'user',
+            Buffer.byteLength(message)
+          );
+          const isFirstMessageFromUser =
+            (await redis.sadd(`chat:unique-chatters:${targetUsername}`, chatUser.id)) === 1;
+
+          if (isFirstMessageFromUser) {
+            recordUniqueChatter(chatUser.isBot ? 'bot' : 'user');
+          }
+          outcome = 'broadcast';
+        }
+        if (msg.type === 'emojiMsg') {
+          if (!socketState.chatUser) return;
+          const emojis = msg.emojis as string[];
+          const emojiMap: Record<string, string> = {};
+
+          await Promise.all(
+            emojis.map(async (emoji) => {
+              let url = await redis.hget('emojis', emoji);
+
+              if (!url) {
+                url = await redis.hget(`emojis:${emoji}`, 'url');
+              }
+              if (!url) {
+                url = await redis.hget(`emoji:${emoji}`, 'url');
+              }
+
+              emojiMap[emoji] = url ?? '';
+            })
+          );
+
+          ws.send(
+            JSON.stringify({
+              type: 'emojiMsgResponse',
+              emojis: emojiMap,
+            })
+          );
+          outcome = 'emoji_lookup';
+        }
+        if (msg.type === 'emojiSearch') {
+          if (!socketState.chatUser) return;
+          const rawSearchTerm = (msg.searchTerm as string)?.trim() ?? '';
+          if (!rawSearchTerm || rawSearchTerm.length > 50) {
+            ws.send(JSON.stringify({ type: 'emojiSearchResponse', results: [] }));
+            recordEmojiSearchResults('empty', 0);
+            outcome = 'emoji_search_empty';
+            return;
+          }
+          const searchTerm = rawSearchTerm;
+
+          const emojis = await redis.hgetall('emojis');
+          const emojiKeys = Object.keys(emojis);
+          const idxs = uf.filter(emojiKeys, searchTerm);
+
+          if (idxs && idxs.length > 0) {
+            const results: string[] = [];
+
+            if (idxs.length <= 150) {
+              const info = uf.info(idxs, emojiKeys, searchTerm);
+              const order = uf.sort(info, emojiKeys, searchTerm);
+              for (let i = 0; i < order.length && i < 10; i++) {
+                results.push(emojiKeys[idxs[order[i]]]);
+              }
+            } else {
+              for (let i = 0; i < idxs.length && i < 10; i++) {
+                results.push(emojiKeys[idxs[i]]);
+              }
+            }
+
+            ws.send(
+              JSON.stringify({
+                type: 'emojiSearchResponse',
+                results: results,
+              })
+            );
+            recordEmojiSearchResults('matched', results.length);
+            outcome = 'emoji_search';
+          } else {
+            ws.send(
+              JSON.stringify({
+                type: 'emojiSearchResponse',
+                results: [],
+              })
+            );
+            recordEmojiSearchResults('no_match', 0);
+            outcome = 'emoji_search_empty';
+          }
+        }
+      } catch (e) {
+        outcome = 'error';
+        recordChatError('on_message');
+        console.error('Error processing message:', e);
+      } finally {
+        stopTimer?.({ type: messageType, outcome });
       }
     },
   }))

apps/chat/src/metrics.ts

@@ -0,0 +1,251 @@
+import { collectDefaultMetrics, Counter, Gauge, Histogram, Registry } from 'prom-client';
+
+function createMetricsStore() {
+  const register = new Registry();
+  register.setDefaultLabels({ app: 'chat' });
+
+  collectDefaultMetrics({
+    prefix: 'hctv_chat_',
+    register,
+  });
+
+  const websocketConnections = new Gauge({
+    name: 'hctv_chat_websocket_connections',
+    help: 'Current number of active chat websocket connections.',
+    registers: [register],
+  });
+
+  const websocketConnectionsByChannel = new Gauge({
+    name: 'hctv_chat_websocket_connections_by_channel',
+    help: 'Current number of active chat websocket connections by target channel.',
+    labelNames: ['channel'],
+    registers: [register],
+  });
+
+  const websocketConnectionsByAuthMethod = new Gauge({
+    name: 'hctv_chat_websocket_connections_by_auth_method',
+    help: 'Current number of active chat websocket connections by auth method.',
+    labelNames: ['auth_method'],
+    registers: [register],
+  });
+
+  const websocketConnectionAttempts = new Counter({
+    name: 'hctv_chat_websocket_connection_attempts_total',
+    help: 'Total websocket connection attempts grouped by outcome, auth method, and rejection reason.',
+    labelNames: ['outcome', 'auth_method', 'reason'],
+    registers: [register],
+  });
+
+  const incomingMessages = new Counter({
+    name: 'hctv_chat_incoming_messages_total',
+    help: 'Total inbound websocket frames grouped by message type.',
+    labelNames: ['type'],
+    registers: [register],
+  });
+
+  const inboundPayloadBytes = new Counter({
+    name: 'hctv_chat_inbound_payload_bytes_total',
+    help: 'Total inbound websocket payload bytes grouped by message type.',
+    labelNames: ['type'],
+    registers: [register],
+  });
+
+  const messageDuration = new Histogram({
+    name: 'hctv_chat_message_duration_seconds',
+    help: 'Chat websocket message processing time in seconds.',
+    labelNames: ['type', 'outcome'],
+    buckets: [0.0005, 0.001, 0.005, 0.01, 0.025, 0.05, 0.1, 0.25, 0.5, 1],
+    registers: [register],
+  });
+
+  const deliveredMessages = new Counter({
+    name: 'hctv_chat_messages_delivered_total',
+    help: 'Total chat messages successfully broadcast, grouped by sender type.',
+    labelNames: ['sender_type'],
+    registers: [register],
+  });
+
+  const deliveredMessageBytes = new Counter({
+    name: 'hctv_chat_message_bytes_delivered_total',
+    help: 'Total message body bytes successfully broadcast, grouped by sender type.',
+    labelNames: ['sender_type'],
+    registers: [register],
+  });
+
+  const channelHistorySize = new Gauge({
+    name: 'hctv_chat_channel_history_size',
+    help: 'Current number of messages retained in Redis history for a channel.',
+    labelNames: ['channel'],
+    registers: [register],
+  });
+
+  const channelHistoryLoadedMessages = new Counter({
+    name: 'hctv_chat_history_messages_loaded_total',
+    help: 'Total history messages loaded from Redis during websocket joins.',
+    labelNames: ['channel'],
+    registers: [register],
+  });
+
+  const moderationState = new Gauge({
+    name: 'hctv_chat_moderation_state',
+    help: 'Current moderation settings by channel.',
+    labelNames: ['channel', 'setting'],
+    registers: [register],
+  });
+
+  const channelUniqueChatters = new Counter({
+    name: 'hctv_chat_unique_chatters_total',
+    help: 'Users who successfully sent at least one chat message, grouped by sender type.',
+    labelNames: ['sender_type'],
+    registers: [register],
+  });
+
+  const moderationActions = new Counter({
+    name: 'hctv_chat_moderation_actions_total',
+    help: 'Successful moderation actions performed in chat.',
+    labelNames: ['action'],
+    registers: [register],
+  });
+
+  const moderationBlocks = new Counter({
+    name: 'hctv_chat_moderation_blocks_total',
+    help: 'Message blocks and throttling decisions grouped by reason.',
+    labelNames: ['reason'],
+    registers: [register],
+  });
+
+  const emojiSearchResults = new Histogram({
+    name: 'hctv_chat_emoji_search_results',
+    help: 'Number of emoji search results returned per query.',
+    labelNames: ['outcome'],
+    buckets: [0, 1, 2, 5, 10, 25, 50, 100, 150],
+    registers: [register],
+  });
+
+  const errors = new Counter({
+    name: 'hctv_chat_errors_total',
+    help: 'Errors observed in the chat service grouped by phase.',
+    labelNames: ['phase'],
+    registers: [register],
+  });
+
+  return {
+    deliveredMessages,
+    deliveredMessageBytes,
+    channelHistoryLoadedMessages,
+    channelHistorySize,
+    emojiSearchResults,
+    errors,
+    inboundPayloadBytes,
+    incomingMessages,
+    messageDuration,
+    moderationActions,
+    moderationBlocks,
+    moderationState,
+    register,
+    channelUniqueChatters,
+    websocketConnectionAttempts,
+    websocketConnections,
+    websocketConnectionsByAuthMethod,
+    websocketConnectionsByChannel,
+  };
+}
+
+const globalForMetrics = globalThis as typeof globalThis & {
+  __hctvChatMetrics?: ReturnType<typeof createMetricsStore>;
+};
+
+const metrics = (globalForMetrics.__hctvChatMetrics ??= createMetricsStore());
+
+export const chatMetricsRegistry = metrics.register;
+
+export function recordChatConnectionAccepted(channel: string, authMethod: string): void {
+  metrics.websocketConnectionAttempts.inc({
+    auth_method: authMethod,
+    outcome: 'accepted',
+    reason: 'none',
+  });
+  metrics.websocketConnections.inc();
+  metrics.websocketConnectionsByChannel.inc({ channel });
+  metrics.websocketConnectionsByAuthMethod.inc({ auth_method: authMethod });
+}
+
+export function recordChatConnectionRejected(authMethod: string, reason: string): void {
+  metrics.websocketConnectionAttempts.inc({ auth_method: authMethod, outcome: 'rejected', reason });
+}
+
+export function recordChatDisconnect(channel: string, authMethod: string): void {
+  metrics.websocketConnections.dec();
+  metrics.websocketConnectionsByChannel.dec({ channel });
+  metrics.websocketConnectionsByAuthMethod.dec({ auth_method: authMethod });
+}
+
+export function recordIncomingChatMessage(type: string, payloadBytes: number): void {
+  metrics.incomingMessages.inc({ type });
+  metrics.inboundPayloadBytes.inc({ type }, payloadBytes);
+}
+
+export function startChatMessageTimer(type: string) {
+  return metrics.messageDuration.startTimer({ type });
+}
+
+export function recordDeliveredChatMessage(senderType: string): void {
+  metrics.deliveredMessages.inc({ sender_type: senderType });
+}
+
+export function recordDeliveredChatMessageBytes(senderType: string, bytes: number): void {
+  metrics.deliveredMessageBytes.inc({ sender_type: senderType }, bytes);
+}
+
+export function setChannelHistorySize(channel: string, size: number): void {
+  metrics.channelHistorySize.set({ channel }, size);
+}
+
+export function recordHistoryMessagesLoaded(channel: string, count: number): void {
+  if (count > 0) {
+    metrics.channelHistoryLoadedMessages.inc({ channel }, count);
+  }
+}
+
+export function setChatModerationState(
+  channel: string,
+  settings: {
+    blockedTerms: number;
+    maxMessageLength: number;
+    rateLimitCount: number;
+    rateLimitWindowSeconds: number;
+    slowModeSeconds: number;
+  }
+): void {
+  metrics.moderationState.set({ channel, setting: 'blocked_terms' }, settings.blockedTerms);
+  metrics.moderationState.set({ channel, setting: 'slow_mode_seconds' }, settings.slowModeSeconds);
+  metrics.moderationState.set(
+    { channel, setting: 'max_message_length' },
+    settings.maxMessageLength
+  );
+  metrics.moderationState.set({ channel, setting: 'rate_limit_count' }, settings.rateLimitCount);
+  metrics.moderationState.set(
+    { channel, setting: 'rate_limit_window_seconds' },
+    settings.rateLimitWindowSeconds
+  );
+}
+
+export function recordUniqueChatter(senderType: string): void {
+  metrics.channelUniqueChatters.inc({ sender_type: senderType });
+}
+
+export function recordChatModerationAction(action: string): void {
+  metrics.moderationActions.inc({ action });
+}
+
+export function recordChatModerationBlock(reason: string): void {
+  metrics.moderationBlocks.inc({ reason });
+}
+
+export function recordChatError(phase: string): void {
+  metrics.errors.inc({ phase });
+}
+
+export function recordEmojiSearchResults(outcome: string, count: number): void {
+  metrics.emojiSearchResults.observe({ outcome }, count);
+}

apps/chat/src/types/chat.ts

@@ -0,0 +1,70 @@
+import type { ModifiedWebSocket } from '@hctv/hono-ws';
+
+export interface ChatUser {
+  id: string;
+  username: string;
+  pfpUrl: string;
+  displayName?: string;
+  isBot: boolean;
+  moderatorUserId: string;
+  isPlatformAdmin: boolean;
+  channelRole: 'owner' | 'manager' | 'chatModerator' | 'botModerator' | null;
+}
+
+export interface ChatModerationSettingsShape {
+  blockedTerms: string[];
+  slowModeSeconds: number;
+  maxMessageLength: number;
+  rateLimitCount: number;
+  rateLimitWindowSeconds: number;
+}
+
+export interface ChatRestrictionState {
+  type: 'timeout' | 'ban';
+  reason: string;
+  expiresAt: Date | null;
+}
+
+export interface ChatSocket {
+  readyState: number;
+  OPEN: number;
+  send: (data: string) => void;
+  close: () => void;
+  wss: {
+    clients: Set<unknown>;
+  };
+  targetUsername?: string;
+  channelId?: string;
+  chatUser?: ChatUser | null;
+  personalChannel?: any;
+  viewerId?: string;
+  isModerator?: boolean;
+  metricsTracked?: boolean;
+  metricsAuthMethod?: string;
+  excludeFromViewerCount?: boolean;
+  raw?:
+    | (ModifiedWebSocket & {
+        targetUsername?: string;
+        channelId?: string;
+        chatUser?: ChatUser | null;
+        personalChannel?: any;
+        isModerator?: boolean;
+        metricsTracked?: boolean;
+        metricsAuthMethod?: string;
+        excludeFromViewerCount?: boolean;
+      })
+    | null;
+}
+
+export type ChatModerationCommand = {
+  type:
+    | 'mod:deleteMessage'
+    | 'mod:timeoutUser'
+    | 'mod:banUser'
+    | 'mod:unbanUser'
+    | 'mod:liftTimeout';
+  msgId?: string;
+  targetUserId?: string;
+  durationSeconds?: number;
+  reason?: string;
+};

apps/chat/src/utils/moderation.ts

@@ -0,0 +1,411 @@
+import { ChatModerationAction, prisma } from '@hctv/db';
+import { recordChatModerationAction } from '../metrics.js';
+import type {
+  ChatModerationCommand,
+  ChatRestrictionState,
+  ChatSocket,
+  ChatUser,
+} from '../types/chat.js';
+
+const ROLE_RANK: Record<NonNullable<ChatUser['channelRole']> | '__none__', number> = {
+  owner: 100,
+  manager: 50,
+  chatModerator: 10,
+  botModerator: 10,
+  __none__: 0,
+};
+
+function roleRank(role: ChatUser['channelRole']): number {
+  return role ? (ROLE_RANK[role] ?? 0) : ROLE_RANK.__none__;
+}
+
+type ModerationContext = {
+  chatUser: ChatUser;
+  targetUsername: string;
+  channelId: string;
+};
+
+type DeleteMessageDeps = {
+  deleteMessageFromHistory: (targetUsername: string, msgId: string) => Promise<boolean>;
+  logModerationEvent: (payload: {
+    action: ChatModerationAction;
+    channelId: string;
+    moderatorId: string;
+    targetUserId?: string;
+    reason?: string;
+    details?: Record<string, unknown>;
+  }) => Promise<void>;
+  broadcastToChannel: (
+    targetUsername: string,
+    ws: ChatSocket,
+    payload: Record<string, unknown>
+  ) => void;
+};
+
+type UserRestrictionDeps = {
+  logModerationEvent: (payload: {
+    action: ChatModerationAction;
+    channelId: string;
+    moderatorId: string;
+    targetUserId?: string;
+    reason?: string;
+    details?: Record<string, unknown>;
+  }) => Promise<void>;
+  broadcastRestrictionStateToUser: (
+    targetUsername: string,
+    targetUserId: string,
+    channelId: string,
+    ws: ChatSocket
+  ) => Promise<void>;
+  broadcastToChannel: (
+    targetUsername: string,
+    ws: ChatSocket,
+    payload: Record<string, unknown>
+  ) => void;
+};
+
+export function sendModerationError(
+  socket: ChatSocket,
+  code: string,
+  message: string,
+  restriction?: ChatRestrictionState
+) {
+  socket.send(
+    JSON.stringify({
+      type: 'moderationError',
+      code,
+      message,
+      restriction,
+    })
+  );
+}
+
+async function requireModerationContext(
+  socket: ChatSocket,
+  socketState: ChatSocket
+): Promise<ModerationContext | null> {
+  if (!socketState.chatUser || !socketState.targetUsername || !socketState.channelId) {
+    sendModerationError(socket, 'FORBIDDEN', 'You do not have permission to moderate this chat.');
+    return null;
+  }
+
+  const chatUser = socketState.chatUser;
+  const channelId = socketState.channelId;
+
+  const [channel, moderatorRecord] = await Promise.all([
+    prisma.channel.findUnique({
+      where: { id: channelId },
+      select: {
+        ownerId: true,
+        managers: { select: { id: true } },
+        chatModerators: { select: { id: true } },
+        chatModeratorBots: { select: { id: true } },
+      },
+    }),
+    prisma.user.findUnique({
+      where: { id: chatUser.moderatorUserId },
+      select: { isAdmin: true },
+    }),
+  ]);
+
+  if (!channel) {
+    sendModerationError(socket, 'FORBIDDEN', 'You do not have permission to moderate this chat.');
+    return null;
+  }
+
+  const isPlatformAdmin = chatUser.isBot ? false : Boolean(moderatorRecord?.isAdmin);
+
+  let channelRole: ChatUser['channelRole'] = null;
+  if (chatUser.isBot) {
+    if (channel.chatModeratorBots.some((b) => b.id === chatUser.id)) {
+      channelRole = 'botModerator';
+    }
+  } else if (channel.ownerId === chatUser.id) {
+    channelRole = 'owner';
+  } else if (channel.managers.some((m) => m.id === chatUser.id)) {
+    channelRole = 'manager';
+  } else if (channel.chatModerators.some((m) => m.id === chatUser.id)) {
+    channelRole = 'chatModerator';
+  }
+
+  const isModerator =
+    isPlatformAdmin ||
+    channelRole === 'owner' ||
+    channelRole === 'manager' ||
+    channelRole === 'chatModerator' ||
+    channelRole === 'botModerator';
+
+  if (!isModerator) {
+    sendModerationError(socket, 'FORBIDDEN', 'You do not have permission to moderate this chat.');
+    return null;
+  }
+
+  const resolvedChatUser: ChatUser = { ...chatUser, isPlatformAdmin, channelRole };
+
+  return {
+    chatUser: resolvedChatUser,
+    targetUsername: socketState.targetUsername,
+    channelId,
+  };
+}
+
+async function resolveModerationTarget(
+  socket: ChatSocket,
+  actingModeratorUserId: string,
+  rawTargetUserId: unknown,
+  channelId: string
+) {
+  const targetUserId = typeof rawTargetUserId === 'string' ? rawTargetUserId : '';
+
+  if (!targetUserId || targetUserId === actingModeratorUserId) {
+    sendModerationError(socket, 'INVALID_TARGET', 'Invalid moderation target.');
+    return null;
+  }
+
+  const targetUserRecord = await prisma.user.findUnique({
+    where: { id: targetUserId },
+    select: {
+      isAdmin: true,
+      personalChannel: { select: { name: true } },
+      ownedChannels: { where: { id: channelId }, select: { id: true } },
+      managedChannels: { where: { id: channelId }, select: { id: true } },
+      chatModeratedChannels: { where: { id: channelId }, select: { id: true } },
+    },
+  });
+
+  if (!targetUserRecord) {
+    sendModerationError(socket, 'INVALID_TARGET', 'Target user no longer exists.');
+    return null;
+  }
+
+  let targetChannelRole: ChatUser['channelRole'] = null;
+  if (targetUserRecord.ownedChannels.length > 0) {
+    targetChannelRole = 'owner';
+  } else if (targetUserRecord.managedChannels.length > 0) {
+    targetChannelRole = 'manager';
+  } else if (targetUserRecord.chatModeratedChannels.length > 0) {
+    targetChannelRole = 'chatModerator';
+  }
+
+  return {
+    targetUserId,
+    targetUserRecord,
+    targetChannelRole,
+    resolvedTargetUsername: targetUserRecord.personalChannel?.name ?? 'that user',
+  };
+}
+
+async function ensureAdminTargetModerationAllowed(
+  socket: ChatSocket,
+  actingModeratorUserId: string,
+  targetIsAdmin: boolean
+) {
+  if (!targetIsAdmin) {
+    return true;
+  }
+
+  const actingUserRecord = await prisma.user.findUnique({
+    where: { id: actingModeratorUserId },
+    select: { isAdmin: true },
+  });
+
+  if (!actingUserRecord?.isAdmin) {
+    sendModerationError(
+      socket,
+      'FORBIDDEN',
+      'Platform admins cannot be moderated via chat commands.'
+    );
+    return false;
+  }
+
+  return true;
+}
+
+function ensureRoleHierarchyAllowed(
+  socket: ChatSocket,
+  actorRole: ChatUser['channelRole'],
+  actorIsPlatformAdmin: boolean,
+  targetRole: ChatUser['channelRole']
+): boolean {
+  if (actorIsPlatformAdmin) return true;
+
+  if (roleRank(actorRole) <= roleRank(targetRole)) {
+    sendModerationError(
+      socket,
+      'FORBIDDEN',
+      'You cannot moderate a user with an equal or higher role than yours.'
+    );
+    return false;
+  }
+
+  return true;
+}
+
+export async function handleDeleteMessageCommand(
+  socket: ChatSocket,
+  socketState: ChatSocket,
+  msg: ChatModerationCommand,
+  deps: DeleteMessageDeps
+) {
+  const context = await requireModerationContext(socket, socketState);
+  if (!context) {
+    return;
+  }
+
+  const msgId = typeof msg.msgId === 'string' ? msg.msgId : '';
+  if (!msgId) {
+    sendModerationError(socket, 'INVALID_REQUEST', 'Invalid message id.');
+    return;
+  }
+
+  const deleted = await deps.deleteMessageFromHistory(context.targetUsername, msgId);
+  if (!deleted) {
+    sendModerationError(socket, 'NOT_FOUND', 'Message not found.');
+    return;
+  }
+
+  await deps.logModerationEvent({
+    action: ChatModerationAction.MESSAGE_DELETED,
+    channelId: context.channelId,
+    moderatorId: context.chatUser.moderatorUserId,
+    reason: 'Message deleted by moderator',
+    details: { msgId },
+  });
+  recordChatModerationAction('message_deleted');
+
+  deps.broadcastToChannel(context.targetUsername, socket, { type: 'messageDeleted', msgId });
+}
+
+export async function handleUserRestrictionCommand(
+  socket: ChatSocket,
+  socketState: ChatSocket,
+  msg: ChatModerationCommand,
+  deps: UserRestrictionDeps
+) {
+  const context = await requireModerationContext(socket, socketState);
+  if (!context) {
+    return;
+  }
+
+  const actingModeratorUserId = context.chatUser.moderatorUserId;
+  const target = await resolveModerationTarget(
+    socket,
+    actingModeratorUserId,
+    msg.targetUserId,
+    context.channelId
+  );
+  if (!target) {
+    return;
+  }
+
+  const canModerateTarget = await ensureAdminTargetModerationAllowed(
+    socket,
+    actingModeratorUserId,
+    target.targetUserRecord.isAdmin
+  );
+  if (!canModerateTarget) {
+    return;
+  }
+
+  const hierarchyAllowed = ensureRoleHierarchyAllowed(
+    socket,
+    context.chatUser.channelRole,
+    context.chatUser.isPlatformAdmin,
+    target.targetChannelRole
+  );
+  if (!hierarchyAllowed) {
+    return;
+  }
+
+  if (msg.type === 'mod:unbanUser' || msg.type === 'mod:liftTimeout') {
+    await prisma.chatUserBan.deleteMany({
+      where: {
+        channelId: context.channelId,
+        userId: target.targetUserId,
+      },
+    });
+
+    await deps.logModerationEvent({
+      action: ChatModerationAction.USER_UNBANNED,
+      channelId: context.channelId,
+      moderatorId: actingModeratorUserId,
+      targetUserId: target.targetUserId,
+      reason: 'User unbanned in chat',
+    });
+    recordChatModerationAction('user_unbanned');
+
+    await deps.broadcastRestrictionStateToUser(
+      context.targetUsername,
+      target.targetUserId,
+      context.channelId,
+      socket
+    );
+
+    deps.broadcastToChannel(context.targetUsername, socket, {
+      type: 'systemMsg',
+      message: `${target.resolvedTargetUsername} can chat again.`,
+    });
+    return;
+  }
+
+  const reason =
+    typeof msg.reason === 'string' && msg.reason.trim().length > 0
+      ? msg.reason.trim().slice(0, 250)
+      : msg.type === 'mod:timeoutUser'
+        ? 'Timed out by moderator'
+        : 'Banned by moderator';
+  const durationSeconds =
+    msg.type === 'mod:timeoutUser'
+      ? Math.min(Math.max(Number(msg.durationSeconds) || 300, 10), 60 * 60 * 24)
+      : null;
+  const expiresAt = durationSeconds ? new Date(Date.now() + durationSeconds * 1000) : null;
+
+  await prisma.chatUserBan.upsert({
+    where: {
+      channelId_userId: {
+        channelId: context.channelId,
+        userId: target.targetUserId,
+      },
+    },
+    create: {
+      channelId: context.channelId,
+      userId: target.targetUserId,
+      bannedById: actingModeratorUserId,
+      reason,
+      expiresAt,
+    },
+    update: {
+      bannedById: actingModeratorUserId,
+      reason,
+      expiresAt,
+    },
+  });
+
+  await deps.logModerationEvent({
+    action:
+      msg.type === 'mod:timeoutUser'
+        ? ChatModerationAction.USER_TIMEOUT
+        : ChatModerationAction.USER_BANNED,
+    channelId: context.channelId,
+    moderatorId: actingModeratorUserId,
+    targetUserId: target.targetUserId,
+    reason,
+    details: durationSeconds ? { durationSeconds } : undefined,
+  });
+  recordChatModerationAction(msg.type === 'mod:timeoutUser' ? 'user_timeout' : 'user_banned');
+
+  await deps.broadcastRestrictionStateToUser(
+    context.targetUsername,
+    target.targetUserId,
+    context.channelId,
+    socket
+  );
+
+  deps.broadcastToChannel(context.targetUsername, socket, {
+    type: 'systemMsg',
+    message:
+      msg.type === 'mod:timeoutUser'
+        ? `${target.resolvedTargetUsername} was timed out for ${durationSeconds}s.`
+        : `${target.resolvedTargetUsername} was banned.`,
+  });
+}

apps/chat/src/utils/randomString.ts

@@ -0,0 +1,8 @@
+export function randomString(length: number): string {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+  let result = '';
+  for (let i = 0; i < length; i++) {
+    result += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  return result;
+}

apps/docs/.gitignore

@@ -0,0 +1,21 @@
+# build output
+dist/
+# generated types
+.astro/
+
+# dependencies
+node_modules/
+
+# logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+
+# environment variables
+.env
+.env.production
+
+# macOS-specific files
+.DS_Store

apps/docs/.vscode/extensions.json

@@ -0,0 +1,4 @@
+{
+  "recommendations": ["astro-build.astro-vscode"],
+  "unwantedRecommendations": []
+}

apps/docs/.vscode/launch.json

@@ -0,0 +1,11 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "command": "./node_modules/.bin/astro dev",
+      "name": "Development server",
+      "request": "launch",
+      "type": "node-terminal"
+    }
+  ]
+}

apps/docs/astro.config.mjs

@@ -0,0 +1,45 @@
+// @ts-check
+import { defineConfig } from 'astro/config';
+import starlight from '@astrojs/starlight';
+import mermaid from 'astro-mermaid';
+import catppuccin from '@catppuccin/starlight';
+import starlightTypeDoc, { typeDocSidebarGroup } from 'starlight-typedoc';
+
+// https://astro.build/config
+export default defineConfig({
+  integrations: [
+    mermaid({
+      theme: 'base',
+      autoTheme: true,
+    }),
+    starlight({
+      title: 'hctv docs',
+      social: [{ icon: 'github', label: 'GitHub', href: 'https://github.com/SrIzan10/hctv' }],
+      plugins: [
+        catppuccin({
+          dark: { flavor: 'mocha', accent: 'blue' },
+          light: { flavor: 'latte', accent: 'blue' },
+        }),
+        starlightTypeDoc({
+          entryPoints: ['../../packages/sdk/src/index.ts'],
+          tsconfig: '../../packages/sdk/tsconfig.json',
+          output: 'typedoc-sdk',
+          sidebar: {
+            label: 'SDK Reference',
+          },
+        }),
+      ],
+      sidebar: [
+        {
+          label: 'API',
+          autogenerate: { directory: 'api' },
+        },
+        {
+          label: 'Guides',
+          autogenerate: { directory: 'guides' },
+        },
+        typeDocSidebarGroup,
+      ],
+    }),
+  ],
+});

apps/docs/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@hctv/docs",
+  "type": "module",
+  "version": "0.0.1",
+  "scripts": {
+    "dev": "astro dev",
+    "start": "astro dev",
+    "build": "astro build",
+    "preview": "astro preview",
+    "astro": "astro"
+  },
+  "dependencies": {
+    "@astrojs/starlight": "^0.35.2",
+    "@catppuccin/starlight": "^1.0.2",
+    "astro": "^5.6.1",
+    "astro-mermaid": "^1.0.4",
+    "mermaid": "^11.10.1",
+    "sharp": "^0.34.2",
+    "starlight-typedoc": "^0.21.5",
+    "typedoc": "^0.28.16",
+    "typedoc-plugin-markdown": "^4.9.0"
+  }
+}

apps/docs/public/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"><path fill-rule="evenodd" d="M81 36 64 0 47 36l-1 2-9-10a6 6 0 0 0-9 9l10 10h-2L0 64l36 17h2L28 91a6 6 0 1 0 9 9l9-10 1 2 17 36 17-36v-2l9 10a6 6 0 1 0 9-9l-9-9 2-1 36-17-36-17-2-1 9-9a6 6 0 1 0-9-9l-9 10v-2Zm-17 2-2 5c-4 8-11 15-19 19l-5 2 5 2c8 4 15 11 19 19l2 5 2-5c4-8 11-15 19-19l5-2-5-2c-8-4-15-11-19-19l-2-5Z" clip-rule="evenodd"/><path d="M118 19a6 6 0 0 0-9-9l-3 3a6 6 0 1 0 9 9l3-3Zm-96 4c-2 2-6 2-9 0l-3-3a6 6 0 1 1 9-9l3 3c3 2 3 6 0 9Zm0 82c-2-2-6-2-9 0l-3 3a6 6 0 1 0 9 9l3-3c3-2 3-6 0-9Zm96 4a6 6 0 0 1-9 9l-3-3a6 6 0 1 1 9-9l3 3Z"/><style>path{fill:#000}@media (prefers-color-scheme:dark){path{fill:#fff}}</style></svg>

apps/docs/src/content.config.ts

@@ -0,0 +1,7 @@
+import { defineCollection } from 'astro:content';
+import { docsLoader } from '@astrojs/starlight/loaders';
+import { docsSchema } from '@astrojs/starlight/schema';
+
+export const collections = {
+	docs: defineCollection({ loader: docsLoader(), schema: docsSchema() }),
+};

apps/docs/src/content/docs/api/chat.mdx

@@ -0,0 +1,353 @@
+---
+title: Chat
+description: Chat websocket
+---
+
+import { Aside } from '@astrojs/starlight/components';
+
+The chat system is powered by a websocket server. Please read the entire page before implementing anything, as there are some important notes.
+
+## Connection and messages
+
+The websocket server is located at `wss://hackclub.tv/api/chat/ws/:username`, where `:username` is the channel you want to connect to.
+
+You'll need to provide authentication, which can be done by providing an `auth_session` cookie, just like the REST API.
+
+<Aside type="tip">
+Bot accounts are now supported. You can choose to connect as a bot by providing a bot account's API key in one of two ways:
+- Using the `Authorization` header: `Bearer hctvb_xxxxxxx`
+- Using the `?botAuth=hctvb_xxxxxxx` query parameter
+
+**Security Note:** When using the `?botAuth=` query parameter, be aware that query parameters may be logged in server logs, and/or proxy logs. Use the `Authorization` header method whenever possible. The query parameter method should only be used when connecting from an environment where headers cannot be set.
+
+It is highly advised to use a bot account for any automated task, and to implement anything pointed out in this page.
+
+</Aside>
+
+Once connected, you must implement a subroutine in your code to send ping messages every about 5 seconds. This is because of Cloudflare limitations.
+
+Messages are sent and received in JSON format. The following message types are supported:
+
+- `session`: sent by the server immediately upon connection.
+  - received by client:
+
+    ```json
+    {
+      "type": "session",
+      "viewer": {
+        "id": "user_id",
+        "username": "your_username"
+      },
+      "permissions": {
+        "canModerate": false
+      },
+      "moderation": {
+        "hasBlockedTerms": false,
+        "slowModeSeconds": 0,
+        "maxMessageLength": 400
+      }
+    }
+    ```
+
+    `viewer` is `null` for unauthenticated (grant-only) connections. `canModerate` is `true` for channel owners, managers, moderators, and platform admins.
+
+- `chatAccess`: sent by the server on connect (for authenticated non-bot users) and whenever a user's restriction state changes.
+  - received by client:
+
+    ```json
+    {
+      "type": "chatAccess",
+      "canSend": true,
+      "restriction": null
+    }
+    ```
+
+    When the user is restricted, `canSend` is `false` and `restriction` contains:
+
+    ```json
+    {
+      "type": "timeout",
+      "reason": "Timed out by moderator",
+      "expiresAt": "2026-01-01T00:00:00.000Z"
+    }
+    ```
+
+    `type` is either `"timeout"` or `"ban"`. `expiresAt` is an ISO 8601 string for timeouts, or `null` for permanent bans.
+
+- `ping`: a ping message to keep the connection alive.
+  - sent by client:
+
+    ```json
+    {
+      "type": "ping"
+    }
+    ```
+
+  - received by client:
+
+    ```json
+    {
+      "type": "pong"
+    }
+    ```
+
+- `message`: a chat message.
+  - sent by client:
+
+    ```json
+    {
+      "type": "message",
+      "message": "Hello, world!"
+    }
+    ```
+
+  - received by client (broadcast to all viewers of the channel):
+
+    ```json
+    {
+      "type": "message",
+      "msgId": "uuid-v4",
+      "user": {
+        "id": "user_id",
+        "username": "user_who_sent_message",
+        "pfpUrl": "https://example.com/avatar.png",
+        "displayName": "Display Name",
+        "isBot": false,
+        "isPlatformAdmin": false,
+        "channelRole": null
+      },
+      "message": "Hello, world!"
+    }
+    ```
+
+    `channelRole` is one of `"owner"`, `"manager"`, `"chatModerator"`, `"botModerator"`, or `null`. `displayName` may be `undefined` for regular users.
+
+- `history`: the recent chat history, sent upon connection.
+  - received by client:
+
+    ```json
+    {
+      "type": "history",
+      "messages": [
+        {
+          "type": "message",
+          "msgId": "uuid-v4",
+          "user": {
+            "id": "user_id",
+            "username": "user_who_sent_message",
+            "pfpUrl": "https://example.com/avatar.png",
+            "displayName": "Display Name",
+            "isBot": false,
+            "isPlatformAdmin": false,
+            "channelRole": null
+          },
+          "message": "Hello, world!"
+        }
+      ]
+    }
+    ```
+
+    Up to 100 messages are returned. Each message has the same shape as a received `message` event.
+
+- `systemMsg`: a system notification broadcast to all viewers, e.g. when a user is banned or unbanned.
+  - received by client:
+
+    ```json
+    {
+      "type": "systemMsg",
+      "message": "username was banned."
+    }
+    ```
+
+- `moderationError`: sent to the acting client when a message or moderation action is rejected.
+  - received by client:
+
+    ```json
+    {
+      "type": "moderationError",
+      "code": "RATE_LIMIT",
+      "message": "You are sending messages too fast.",
+      "restriction": null
+    }
+    ```
+
+    `restriction` is only present (non-null) for `TIMED_OUT` and `BANNED` codes, and has the same shape as the `restriction` field in `chatAccess`. Possible codes:
+
+  | Code               | Trigger                                        |
+  | ------------------ | ---------------------------------------------- |
+  | `FORBIDDEN`        | Not permitted to perform the action            |
+  | `RATE_LIMIT`       | Too many messages in the rate limit window     |
+  | `SLOW_MODE`        | Sent before the slow mode cooldown expired     |
+  | `TIMED_OUT`        | User is currently timed out                    |
+  | `BANNED`           | User is permanently banned                     |
+  | `MESSAGE_TOO_LONG` | Message exceeds `maxMessageLength`             |
+  | `BLOCKED_TERM`     | Message contains a blocked term                |
+  | `INVALID_TARGET`   | Moderation target is invalid or does not exist |
+  | `INVALID_REQUEST`  | Malformed moderation command                   |
+  | `NOT_FOUND`        | Target message not found (delete)              |
+
+## Moderation commands
+
+moderation commands are only available to authenticated users with the `canModerate` permission (`owner`, `manager`, `chatModerator`, `botModerator`, or platform admin). sending any of these without permission returns a `moderationError` with code `FORBIDDEN`.
+
+obviously, role hierarchy is enforced: a `chatModerator` cannot moderate a `manager` or `owner`. Platform admins bypass hierarchy checks entirely.
+
+- `mod:deleteMessage`: delete a message from the chat history and broadcast its removal.
+  - sent by client:
+
+    ```json
+    {
+      "type": "mod:deleteMessage",
+      "msgId": "uuid-of-message-to-delete"
+    }
+    ```
+
+  - received by all clients on success:
+
+    ```json
+    {
+      "type": "messageDeleted",
+      "msgId": "uuid-of-message-to-delete"
+    }
+    ```
+
+- `mod:timeoutUser`: temporarily restrict a user from sending messages.
+  - sent by client:
+
+    ```json
+    {
+      "type": "mod:timeoutUser",
+      "targetUserId": "user_id",
+      "durationSeconds": 300,
+      "reason": "Optional reason"
+    }
+    ```
+
+    `durationSeconds` is clamped between 10 and 86400 (24 hours). Defaults to 300 if omitted. On success, a `systemMsg` is broadcast and the target receives a `chatAccess` update.
+
+- `mod:banUser`: permanently ban a user from sending messages.
+  - sent by client:
+
+    ```json
+    {
+      "type": "mod:banUser",
+      "targetUserId": "user_id",
+      "reason": "Optional reason"
+    }
+    ```
+
+    On success, a `systemMsg` is broadcast and the target receives a `chatAccess` update.
+
+- `mod:liftTimeout` / `mod:unbanUser`: remove an active timeout or ban.
+  - sent by client:
+
+    ```json
+    {
+      "type": "mod:liftTimeout",
+      "targetUserId": "user_id"
+    }
+    ```
+
+    Both types behave identically and remove any active restriction for the target user. On success, a `systemMsg` is broadcast and the target receives a `chatAccess` update with `canSend: true`.
+
+## Emoji handling
+
+_diagram source: devin deepwiki_
+
+```mermaid
+graph TB
+    subgraph "Emoji Processing Pipeline"
+        CHAT_MSG["Chat Message"]
+        PATTERN_MATCH["Regex :emoji: Pattern"]
+        EMOJI_REQUEST["emojiMsg WebSocket"]
+        REDIS_LOOKUP["Redis HGET emojis"]
+        FUZZY_SEARCH["uFuzzy"]
+        EMOJI_RESPONSE["emojiMsgResponse"]
+    end
+
+    subgraph "Redis Storage"
+        EMOJI_HASH["emojis hash key"]
+        EMOJI_PREFIXED["emoji:{name} url"]
+        EMOJIS_PREFIXED["emojis:{name} url"]
+    end
+
+    CHAT_MSG --> PATTERN_MATCH
+    PATTERN_MATCH --":emojiname:"--> EMOJI_REQUEST
+    EMOJI_REQUEST --> REDIS_LOOKUP
+
+    REDIS_LOOKUP --> EMOJI_HASH
+    REDIS_LOOKUP --> EMOJI_PREFIXED
+    REDIS_LOOKUP --> EMOJIS_PREFIXED
+
+    REDIS_LOOKUP --> EMOJI_RESPONSE
+
+    FUZZY_SEARCH --> EMOJI_HASH
+    FUZZY_SEARCH --"search results"--> EMOJI_RESPONSE
+```
+
+When a chat message is sent, the server looks for patterns in the format `:emojiname:` using regex. For each match, it sends a request to the `emojiMsg` WebSocket.  
+The server then checks Redis for the emoji URL and returns it.
+
+When a user wants to look up an emoji (by typing `:(partial name)`), the server uses uFuzzy to find matching emojis in the Redis `emojis` hash key and returns the results.
+
+<Aside type="caution">
+  `emojiMsg` and `emojiSearch` require an authenticated connection. They are not available to
+  grant-only (OBS) viewers.
+</Aside>
+
+Here's what gets sent on the websocket:
+
+- `emojiMsg`: Looks up emojis
+  - sent by client:
+
+    ```json
+    {
+      "type": "emojiMsg",
+      "emojis": ["aga", "yapa", "heavysob", "yay", "yay-bounce"]
+    }
+    ```
+
+  - received by client:
+
+    ```json
+    {
+      "type": "emojiMsgResponse",
+      "emojis": {
+        "aga": "https://emoji.slack-edge.com/aga.png",
+        "yapa": "https://emoji.slack-edge.com/yapa.png",
+        "heavysob": "https://emoji.slack-edge.com/heavysob.png",
+        "yay": "https://emoji.slack-edge.com/yay.png",
+        "yay-bounce": "https://emoji.slack-edge.com/yay-bounce.png"
+      }
+    }
+    ```
+
+- `emojiSearch`: Searches for emojis
+  - sent by client:
+
+    ```json
+    {
+      "type": "emojiSearch",
+      "searchTerm": "aga"
+    }
+    ```
+
+  - received by client:
+
+    ```json
+    {
+      "type": "emojiSearchResponse",
+      "results": [
+        "aga",
+        "aga-brick-throw",
+        "aga-dance",
+        "aga-transparent",
+        "a-aga",
+        "a-aga-transparent",
+        "agaban",
+        "agaboing",
+        "agabounce",
+        "agabusiness"
+      ]
+    }
+    ```

apps/docs/src/content/docs/api/index.mdx

@@ -0,0 +1,19 @@
+---
+title: API Documentation
+description: Documented API endpoints for hackclub.tv
+---
+
+hctv is meant to be one of the most hackable streaming platforms out there. to that end, we have a (currently limited) public API that you can use to interact with the platform.
+
+since this is beta software, the API is subject to change. additionally, many endpoints are yet not implemented or not fun to implement. please send a message in #hctv on the Hack Club Slack if you have any requests.
+
+## Base url
+
+base url for all endpoints is `https://hackclub.tv/api`.
+
+## Authentication
+
+most endpoints require authentication. this will be pointed out in the documentation.  
+for now, it is done via a cookie called `auth_session` (as per lucia auth). this will change in the future as bot accounts are planned.
+
+you'll need your user account to authenticate. as a recommendation, open an incognito window, log in to hctv, and copy the `auth_session` cookie from there.

apps/docs/src/content/docs/api/meta.json

@@ -0,0 +1,4 @@
+{
+  "title": "API",
+  "description": "Documented API endpoints for hackclub.tv"
+}

apps/docs/src/content/docs/api/rtmp.mdx

@@ -0,0 +1,12 @@
+---
+title: RTMP
+description: RTMP related endpoint group
+---
+
+## POST `/rtmp/streamKey`
+regenerates your stream key. **authentication required**.  
+body parameters (json):
+- `channel`: string - the channel name you want to regenerate the key for. must be one of your channels.
+
+response (json):
+- `key`: string - the new stream key

apps/docs/src/content/docs/api/stream.mdx

@@ -0,0 +1,47 @@
+---
+title: Stream
+description: Stream related endpoint group
+---
+
+## GET `/stream/follow`
+checks if **authenticated user** is following a certain channel.  
+query parameters:
+- `username`: string - the channel name you want to check.
+
+response (json):
+- `following`: boolean - whether the authenticated user is following the channel or not.
+
+## POST `/stream/follow`
+cycle through follow or unfollow a channel. **authentication required**.  
+body parameters (json):
+- `channel`: string - the channel name you want to make the action. must be one of your channels.
+
+response (json):
+- `success`: boolean - whether the operation was successful or not.
+
+## GET `/stream/followers/:channel`
+gets the followcount of a channel.
+path parameters:
+- `channel`: string - the channel name you want to get the followcount of.
+
+response (json):
+- `count`: integer - the number of followers the channel has.
+- `success`: boolean - whether the operation was successful or not. (true if 200 status code)
+
+## GET `/stream/info`
+get stream info of certain channels by filtering. **authentication on some**.
+query parameters:
+- `owned`: boolean (optional) - if true, only returns channels owned by the authenticated user. requires authentication.
+- `personal`: boolean (optional) - if true, only returns personal channels. requires authentication.
+- `live`: boolean (optional) - if true, only returns channels that are currently live.
+
+response (json):
+- StreamInfo[] (check database schema for all returned data or just try it out!)
+
+## GET `/stream/thumb/:channel`
+gets the preview thumbnail of a channel's livestream. **authentication required**
+
+path parameters:
+- `channel`: string - the channel name you want to get the thumbnail of.
+
+response: image (webp)

apps/docs/src/content/docs/guides/dev.mdx

@@ -0,0 +1,32 @@
+---
+title: Development Setup
+description: Instructions to set up a local development environment for hackclub.tv
+---
+
+1. clone repo
+2. `pnpm install`
+3. `cp apps/web/.env.example apps/web/.env && cp packages/db/.env.example packages/db/.env` 
+4. `pnpm dev`
+5. `pnpm db:migrate` (RUN THIS AFTER POPULATING ENV)
+
+- slack notifier app manifest is as follows:  
+```
+display_information:
+  # please change the name to something that can be linked to you if possible
+  name: hctv notifier dev
+features:
+  bot_user:
+    # same with this :pray:
+    display_name: hctv notifier dev
+    always_online: false
+oauth_config:
+  scopes:
+    bot:
+      - chat:write
+      - users:read
+      - channels:join
+settings:
+  org_deploy_enabled: false
+  socket_mode_enabled: false
+  token_rotation_enabled: false
+```

apps/docs/src/content/docs/guides/meta.json

@@ -0,0 +1,4 @@
+{
+  "title": "Guides",
+  "description": "Useful guides to help you get started with hackclub.tv"
+}

apps/docs/src/content/docs/guides/start-stream.mdx

@@ -0,0 +1,15 @@
+---
+title: How to stream
+description: Get started with OBS and streaming on hackclub.tv
+---
+
+- open obs
+- open settings
+- open "Stream"
+- set service to custom
+- set url to `srt://localhost:8890?streamid=publish:CHANNEL_NAME:thisusernameislongonpurposesoyoudontaccidentallyleakyourstreamkey:STREAM_KEY&pkt_size=1316`
+- on the website, click "Regenerate key"
+- paste the key into your obs "Stream Key"
+- start streaming!
+
+(screenshots to be added soon)

apps/docs/src/content/docs/index.mdx

@@ -0,0 +1,8 @@
+---
+title: About hctv docs
+description: Index documentation page!
+---
+
+Welcome to the hackclub.tv docs! Here you'll find tips and tricks to get the most out of hackclub.tv and its features.
+
+Additionally, some useful guides are available to help you get started with common tasks.

apps/docs/tsconfig.json

@@ -0,0 +1,5 @@
+{
+  "extends": "astro/tsconfigs/strict",
+  "include": [".astro/types.d.ts", "**/*"],
+  "exclude": ["dist"]
+}

apps/web/.env.example

@@ -0,0 +1,31 @@
+DATABASE_URL=postgresql://postgres:skbiditoilet@localhost:5555/postgres
+
+# make a slack app here: https://api.slack.com/apps
+SLACK_NOTIFIER_TOKEN=<make a bot for this, check app manifest below>
+
+# invite your bot to the channel you created. below is #hctv-dev, so use that if you want!
+NOTIFICATION_CHANNEL_ID=C08M3MGE6PJ
+
+REDIS_URL=redis://localhost:6379
+
+# get from https://uploadthing.com/
+UPLOADTHING_TOKEN=<get from uploadthing>
+
+# enable oauth mode on your hca account and make an app: https://auth.hackclub.com/identity/edit
+HCID_CLIENT=<auth.hackclub.com client>
+HCID_SECRET=<auth.hackclub.com secret>
+# make sure to put this as one of the redirect uri
+HCID_REDIRECT_URI=http://localhost:3000/auth/hackclub/callback
+
+# mediamtx settings
+NEXT_PUBLIC_MEDIAMTX_URL_HQ=http://localhost:8891
+MEDIAMTX_API_HQ=http://localhost:9997
+NEXT_PUBLIC_MEDIAMTX_INGEST_ROUTE_HQ=localhost:8890
+
+# commented because we don't have another ingest server as of right now
+# NEXT_PUBLIC_MEDIAMTX_URL_ASIA=http://localhost:8991
+# MEDIAMTX_API_ASIA=http://localhost:9999
+# NEXT_PUBLIC_MEDIAMTX_INGEST_ROUTE_ASIA=localhost:8990
+
+# idt you should change this
+MEDIAMTX_PUBLISH_KEY=rjq1xdpCPA4qyt3jge

apps/web/Dockerfile

@@ -1,14 +1,20 @@
-FROM node:lts-alpine AS base
+FROM node:22-slim AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
 
 FROM base AS builder
-RUN apk update
-RUN apk add --no-cache libc6-compat
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 # Set working directory
 WORKDIR /app
-# Replace <your-major-version> with the major version installed in your repository. For example:
-# RUN yarn global add turbo@^2
-RUN yarn global add turbo@^2
+RUN pnpm add -g turbo@^2
 COPY . .
+
+# Get the git commit hash before pruning (since .git might be removed)
+RUN git rev-parse --short HEAD > /tmp/commit_hash || echo "unknown" > /tmp/commit_hash
  
 # Generate a partial monorepo with a pruned lockfile for a target workspace.
 # Assuming "web" is the name entered in the project's package.json: { name: "web" }
@@ -16,25 +22,79 @@ RUN turbo prune @hctv/web --docker
  
 # Add lockfile and package.json's of isolated subworkspace
 FROM base AS installer
-RUN apk update
-RUN apk add --no-cache libc6-compat
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    libvips-dev \
+    python3 \
+    make \
+    g++ \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+# Get the commit hash from the builder stage
+COPY --from=builder /tmp/commit_hash /tmp/commit_hash
 WORKDIR /app
- 
+
 # First install the dependencies (as they change less often)
 COPY --from=builder /app/out/json/ .
-RUN yarn install --frozen-lockfile
+RUN pnpm install --frozen-lockfile
+
+# Install a standalone Prisma CLI for runtime migrations (no pnpm symlinks).
+RUN mkdir -p /opt/prisma-cli && cd /opt/prisma-cli && npm init -y && npm install prisma@6.5.0
 
 COPY --from=builder /app/out/full/ .
-RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build
+
+# Generate latest emojis.json during image build.
+RUN ARCH=$(dpkg --print-architecture) && \
+    if [ "$ARCH" = "amd64" ]; then EMOJI_ARCH="x86_64"; \
+    elif [ "$ARCH" = "arm64" ]; then EMOJI_ARCH="aarch64"; \
+    else EMOJI_ARCH=""; fi && \
+    RELEASE_JSON=$(curl -fsSL https://api.github.com/repos/srizan10/hctv/releases/latest || true) && \
+    RELEASE_URL=$(printf '%s' "$RELEASE_JSON" | grep "browser_download_url.*slack-import-emojis-linux-${EMOJI_ARCH}" | cut -d '"' -f 4 || true) && \
+    if [ -n "$RELEASE_URL" ] && \
+      curl -fsSL -o /tmp/slack-import-emojis-bin "$RELEASE_URL" && \
+      chmod +x /tmp/slack-import-emojis-bin && \
+      /tmp/slack-import-emojis-bin default; then \
+      cp /app/emojis.json /app/apps/web/emojis.json; \
+    else \
+      cp /app/apps/web/src/lib/instrumentation/emojis.json /app/apps/web/emojis.json; \
+    fi
+
+RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM --mount=type=secret,id=SENTRY_AUTH_TOKEN \
+    COMMIT=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \
+    TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) \
+    SENTRY_AUTH_TOKEN=$(cat /run/secrets/SENTRY_AUTH_TOKEN) \
+    commit=$COMMIT pnpm turbo run build --env-mode=loose
  
 FROM base AS runner
 WORKDIR /app
 
-RUN apk add --no-cache ffmpeg
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ffmpeg \
+    libvips42 \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd --system --gid 1001 nodejs
+RUN useradd --system --uid 1001 nextjs --create-home
+
+# Ensure home directory and cache directories have proper permissions
+RUN mkdir -p /home/nextjs/.cache && \
+    chown -R nextjs:nodejs /home/nextjs
+
+COPY --from=installer /tmp/commit_hash /tmp/commit_hash
+RUN COMMIT_VALUE=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \
+    echo "#!/bin/sh" > /usr/local/bin/start.sh && \
+    echo "set -e" >> /usr/local/bin/start.sh && \
+    echo "export COREPACK_ENABLE_DOWNLOAD_PROMPT=0" >> /usr/local/bin/start.sh && \
+    echo "export HOME=/home/nextjs" >> /usr/local/bin/start.sh && \
+    echo "echo 'Running database migrations...'" >> /usr/local/bin/start.sh && \
+    echo "node /opt/prisma-cli/node_modules/prisma/build/index.js migrate deploy --schema /app/packages/db/prisma/schema.prisma" >> /usr/local/bin/start.sh && \
+    echo "cd /app" >> /usr/local/bin/start.sh && \
+    echo "export commit=$COMMIT_VALUE" >> /usr/local/bin/start.sh && \
+    echo "echo 'Starting Next.js application...'" >> /usr/local/bin/start.sh && \
+    echo "exec node apps/web/server.js" >> /usr/local/bin/start.sh && \
+    chmod +x /usr/local/bin/start.sh
 
-# Don't run production as root
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
 USER nextjs
  
 # Automatically leverage output traces to reduce image size
@@ -42,5 +102,10 @@ USER nextjs
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public
- 
-CMD node apps/web/server.js
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/emojis.json ./emojis.json
+
+# Copy Prisma schema and migrations for prisma migrate deploy
+COPY --from=installer --chown=nextjs:nodejs /app/packages/db/prisma ./packages/db/prisma
+COPY --from=installer --chown=nextjs:nodejs /opt/prisma-cli /opt/prisma-cli
+
+CMD ["/usr/local/bin/start.sh"]

apps/web/benchmark.py

@@ -1,3 +1,5 @@
+# quick and dirty ai generated benchmark i created for hls streams
+
 #!/usr/bin/env python3
 import asyncio
 import aiohttp

apps/web/next.config.mjs

@@ -1,12 +1,21 @@
+import {withSentryConfig} from '@sentry/nextjs';
 import * as path from 'node:path';
 import { fileURLToPath } from 'url';
+import { readFileSync } from 'node:fs';
+import { execSync } from 'node:child_process';
+
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
 const LIVE_SERVER_URL =
   process.env.NODE_ENV === 'production'
-    ? 'https://backend.hctv.srizan.dev'
+    ? 'http://nginx-rtmp:8888'
     : 'http://localhost:8888';
+
+const packageJson = JSON.parse(readFileSync('./package.json', 'utf8'));
+const { version } = packageJson;
+const commit = process.env.commit || execSync('git rev-parse --short HEAD')
+  .toString().trim();
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   images: {
@@ -17,15 +26,28 @@ const nextConfig = {
       {
         hostname: 'secure.gravatar.com',
       },
+      {
+        hostname: 'emoji.slack-edge.com',
+      },
+      {
+        hostname: 'cdn.jsdelivr.net',
+        pathname: '/npm/emoji-datasource-twitter@15.1.2/img/twitter/64/*',
+      },
+      {
+        hostname: 'eoceqrx2r7.ufs.sh'
+      },
     ],
     minimumCacheTTL: 120,
   },
   env: {
     LIVE_SERVER_URL,
+    commit,
+    version,
   },
   reactStrictMode: false,
   output: 'standalone',
   outputFileTracingRoot: path.join(__dirname, '../../'),
+  serverExternalPackages: ['bullmq'],
   async rewrites() {
     return [
       {
@@ -34,6 +56,46 @@ const nextConfig = {
       },
     ];
   },
+  logging: {
+    incomingRequests: false,
+  },
 };
 
-export default nextConfig;
+export default withSentryConfig(nextConfig, {
+  // For all available options, see:
+  // https://www.npmjs.com/package/@sentry/webpack-plugin#options
+
+  org: "sr-izan",
+
+  project: "hctv",
+
+  // Auth token for uploading source maps
+  authToken: process.env.SENTRY_AUTH_TOKEN,
+
+  // Only print logs for uploading source maps in CI
+  silent: !process.env.CI,
+
+  // For all available options, see:
+  // https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/
+
+  // Upload a larger set of source maps for prettier stack traces (increases build time)
+  widenClientFileUpload: true,
+
+  // Hides source maps from generated client bundles
+  hideSourceMaps: true,
+
+  // Route browser requests to Sentry through a Next.js rewrite to circumvent ad-blockers.
+  // This can increase your server load as well as your hosting bill.
+  // Note: Check that the configured route will not match with your Next.js middleware, otherwise reporting of client-
+  // side errors will fail.
+  tunnelRoute: "/monitoring",
+
+  // Automatically tree-shake Sentry logger statements to reduce bundle size
+  disableLogger: true,
+
+  // Enables automatic instrumentation of Vercel Cron Monitors. (Does not yet work with App Router route handlers.)
+  // See the following for more information:
+  // https://docs.sentry.io/product/crons/
+  // https://vercel.com/docs/cron-jobs
+  automaticVercelMonitors: true,
+});

apps/web/package.json

@@ -1,63 +1,82 @@
 {
   "name": "@hctv/web",
-  "version": "0.1.0",
+  "version": "0.5.0",
   "private": true,
   "type": "module",
   "scripts": {
     "dd": "docker compose --file ../../dev/docker-compose.yml up -d",
-    "dev": "next dev --turbo",
+    "dev": "next dev --turbo -H 0.0.0.0",
     "donly": "docker compose --file ../../dev/docker-compose.yml up",
     "build": "next build",
     "start": "next start",
     "lint": "next lint",
     "ui:add": "shadcn add",
-    "check-types": "tsc --noEmit"
+    "check-types": "tsc --noEmit",
+    "genMtxTypes": "bunx openapi-typescript https://github.com/bluenviron/mediamtx/raw/refs/tags/v1.15.5/api/openapi.yaml -o ./src/lib/types/mediamtx.d.ts"
   },
   "dependencies": {
-    "@hctv/auth": "*",
-    "@hctv/db": "*",
+    "@hctv/auth": "workspace:*",
+    "@hctv/db": "workspace:*",
     "@hookform/resolvers": "^3.9.1",
-    "@livekit/components-react": "^2.7.0",
     "@lucia-auth/adapter-prisma": "^4.0.1",
     "@node-rs/argon2": "^2.0.2",
+    "@omit/react-confirm-dialog": "^1.2.0",
+    "@radix-ui/react-alert-dialog": "^1.1.15",
     "@radix-ui/react-avatar": "^1.0.4",
     "@radix-ui/react-checkbox": "^1.1.4",
     "@radix-ui/react-dialog": "^1.1.5",
     "@radix-ui/react-dropdown-menu": "^2.1.2",
+    "@radix-ui/react-hover-card": "^1.1.14",
     "@radix-ui/react-label": "^2.1.1",
     "@radix-ui/react-popover": "^1.1.5",
     "@radix-ui/react-select": "^2.1.5",
     "@radix-ui/react-separator": "^1.1.1",
-    "@radix-ui/react-slot": "^1.1.1",
+    "@radix-ui/react-slot": "^1.2.4",
     "@radix-ui/react-switch": "^1.1.3",
-    "@radix-ui/react-tooltip": "^1.1.6",
+    "@radix-ui/react-tabs": "^1.1.12",
+    "@radix-ui/react-tooltip": "^1.2.7",
+    "@scalar/api-reference-react": "^0.7.42",
+    "@sentry/nextjs": "^10",
     "@slack/web-api": "^7.9.1",
     "@uidotdev/usehooks": "^2.4.1",
-    "arctic": "^3.1.1",
+    "@uploadthing/react": "^7.3.1",
+    "ajv": "^8.17.1",
+    "arctic": "^3.7.0",
     "bullmq": "^5.45.2",
     "cheerio": "^1.0.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.0",
     "cmdk": "1.0.0",
+    "date-fns": "^4.1.0",
+    "embla-carousel-react": "^8.6.0",
     "hls-video-element": "^1.5.0",
-    "ioredis": "^5.6.0",
-    "livekit-client": "^2.8.0",
-    "livekit-server-sdk": "^2.9.7",
+    "hls.js": "^1.6.15",
     "lucia": "^3.2.2",
     "lucide-react": "^0.473.0",
     "media-chrome": "^4.8.0",
-    "next": "^15.2.4",
+    "next": "^16.1.0",
     "next-themes": "^0.4.4",
     "node-cron": "^3.0.3",
+    "nuqs": "^2.4.3",
     "pg": "^8.14.1",
     "pg-boss": "^10.1.6",
-    "react": "19",
-    "react-dom": "19",
+    "prom-client": "^15.1.3",
+    "react": "^19.2.3",
+    "react-day-picker": "^9.13.0",
+    "react-dom": "^19.2.3",
     "react-hook-form": "^7.54.2",
+    "rehype-raw": "^7.0.0",
+    "rehype-react": "^8.0.0",
+    "rehype-sanitize": "^6.0.0",
+    "remark-parse": "^11.0.0",
+    "remark-rehype": "^11.1.2",
+    "sharp": "^0.34.3",
     "sonner": "^1.4.41",
     "swr": "^2.3.0",
     "tailwind-merge": "^2.2.2",
     "tailwindcss-animate": "^1.0.7",
+    "unified": "^11.0.5",
+    "uploadthing": "^7.7.2",
     "util-utils": "^1.0.3",
     "valtio": "^2.1.2",
     "ws": "^8.18.1",
@@ -72,7 +91,7 @@
     "eslint": "^8",
     "eslint-config-next": "15.1.3",
     "postcss": "^8",
-    "shadcn": "^2.1.8",
+    "shadcn": "^2.7.0",
     "tailwindcss": "^3.4.1",
     "typescript": "^5"
   }

apps/web/sentry.edge.config.ts

@@ -0,0 +1,20 @@
+// This file configures the initialization of Sentry for edge features (middleware, edge routes, and so on).
+// The config you add here will be used whenever one of the edge features is loaded.
+// Note that this config is unrelated to the Vercel Edge Runtime and is also required when running locally.
+// https://docs.sentry.io/platforms/javascript/guides/nextjs/
+
+import * as Sentry from "@sentry/nextjs";
+
+Sentry.init({
+  dsn: "https://f3c26671c39af48406c6e23702a4f3dd@o4506961023860736.ingest.us.sentry.io/4509895816773632",
+
+  // Define how likely traces are sampled. Adjust this value in production, or use tracesSampler for greater control.
+  tracesSampleRate: 1,
+
+  // Enable logs to be sent to Sentry
+  enableLogs: true,
+
+  // Setting this option to true will print useful information to the console while you're setting up Sentry.
+  debug: false,
+  enabled: process.env.NODE_ENV === 'production',
+});

apps/web/src/app/(other)/chat/[username]/page.tsx

@@ -1,16 +1,18 @@
-import LiveStream from "@/components/app/Livestream/Livestream";
+import ChatPanel from "@/components/app/ChatPanel/ChatPanel";
 import { prisma } from '@hctv/db';
 
 export default async function Page({ params }: { params: Promise<{ username: string }> }) {
   const { username } = await params;
   const streamInfo = await prisma.streamInfo.findUnique({
     where: { username },
-    include: { ownedBy: true },
+    include: { channel: true },
   });
   if (!streamInfo) {
     return <div>Stream not found</div>;
   }
   return (
-    <LiveStream username={username} streamInfo={streamInfo} />
+    <div className="bg-transparent h-screen">
+      <ChatPanel isObsPanel />
+    </div>
   );
 }

apps/web/src/app/(protected)/api/rtmp/hls/[path]/route.ts

@@ -1,32 +0,0 @@
-import fsP from 'fs/promises';
-import fs from 'fs'; 
-import { getRedisConnection } from '@/lib/services/redis';
-import { cookies } from 'next/headers';
-
-export async function GET(request: Request, { params }: { params: Promise<{ path: string }> }) {
-  const { path } = await params;
-  const c = await cookies();
-  if (!getRedisConnection().exists(`sessions:${c.get('auth_session')?.value}`)) {
-    return new Response("Unauthorized", { status: 401 });
-  }
-  if (path.includes('..')) {
-    return new Response("nuh uh", { status: 403 });
-  }
-
-  const basePath = '/dev/shm/hls';
-  const filePath = `${basePath}/${path}`;
-  const exists = fs.existsSync(filePath);
-
-  if (!exists) {
-    return new Response("Not Found", { status: 404 });
-  }
-
-  const file = await fsP.readFile(filePath);
-  return new Response(file, {
-    headers: {
-      'Content-Type': 'application/octet-stream',
-      'Access-Control-Allow-Origin': '*',
-      'Access-Control-Allow-Methods': 'GET',
-    },
-  });
-}

apps/web/src/app/(protected)/api/rtmp/publish/route.ts

@@ -1,30 +0,0 @@
-import { prisma } from '@hctv/db';
-import { NextRequest } from 'next/server';
-
-export async function POST(request: NextRequest) {
-  const formData = await request.formData();
-  const streamKey = formData.get('name')?.toString() || '';
-
-  const key = await prisma.streamKey.findFirst({
-    where: {
-      key: streamKey,
-    },
-    include: {
-      channel: true,
-    },
-  });
-
-  if (!key) {
-    return new Response('nay', {
-      status: 403,
-    });
-  }
-
-  const headers = new Headers();
-  headers.append('Location', `rtmp://127.0.0.1/channel-live/${key.channel.name}`);
-  
-  return new Response(null, {
-    status: 302,
-    headers: headers,
-  });
-}

apps/web/src/app/(protected)/api/stream/info/route.ts

@@ -1,34 +0,0 @@
-import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import type { NextRequest } from 'next/server';
-
-export async function GET(request: NextRequest) {
-  const searchParams = request.nextUrl.searchParams;
-  const shouldGetOwned = searchParams.get('owned') === 'true';
-  const { user } = await validateRequest();
-  /* const db = await prisma.streamInfo.findMany({
-    include: { ownedBy: true },
-  }); */
-
-  if (shouldGetOwned) {
-    if (!user) {
-      return new Response('No user found in cookies', { status: 401 });
-    }
-    
-    const db = await prisma.streamInfo.findMany({
-      where: {
-        channel: {
-          ownerId: user.id,
-        },
-      },
-    });
-    return Response.json(db);
-  } else {
-    const db = await prisma.streamInfo.findMany({
-      include: {
-        channel: true,
-      }
-    });
-    return Response.json(db);
-  }
-}

apps/web/src/app/(protected)/layout.tsx

@@ -1,13 +0,0 @@
-import { validateRequest } from '@/lib/auth/validate';
-import { redirect, RedirectType } from 'next/navigation';
-
-export default async function Layout({ children }: { children: React.ReactNode }) {
-  const { user } = await validateRequest();
-  if (!user) {
-    return redirect('/auth/slack');
-  }
-  if (!user.hasOnboarded) {
-    return redirect(`/onboarding`, RedirectType.push);
-  }
-  return children;
-}

apps/web/src/app/(public)/onboarding/page.client.tsx

@@ -1,37 +0,0 @@
-'use client';
-
-import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
-import { Card, CardHeader, CardTitle, CardDescription, CardContent } from '@/components/ui/card';
-import { onboard } from '@/lib/form/actions';
-import { useSession } from '@/lib/providers/SessionProvider';
-import { redirect, useRouter } from 'next/navigation';
-
-export default function OnboardingClient() {
-  const { user } = useSession();
-  const router = useRouter();
-  
-  return (
-    <Card className="mx-auto max-w-sm border-0 shadow-none">
-      <CardHeader className="space-y-1">
-        <CardTitle>Welcome to hackclub.tv!</CardTitle>
-        <CardDescription>
-          To get started, please enter the username of your personal channel.
-        </CardDescription>
-      </CardHeader>
-      <CardContent>
-        <p>join #hctv! you will get welcomed to the channel after submitting the form!</p>
-        <UniversalForm
-          fields={[
-            { name: 'userId', label: 'User ID', type: 'hidden', value: user?.id },
-            { name: 'username', label: 'Username', type: 'text' },
-          ]}
-          schemaName="onboard"
-          action={onboard}
-          onActionComplete={() => {
-            window.location.href = '/';
-          }}
-        />
-      </CardContent>
-    </Card>
-  );
-}

apps/web/src/app/(public)/page.tsx

@@ -1,78 +0,0 @@
-import LandingPage from '@/components/app/LandingPage/LandingPage';
-import { Card, CardContent } from '@/components/ui/card';
-import ConfusedDino from '@/components/ui/confuseddino';
-import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import { Avatar, AvatarImage, AvatarFallback } from '@radix-ui/react-avatar';
-import Image from 'next/image';
-import Link from 'next/link';
-import { redirect } from 'next/navigation';
-
-export default async function Home() {
-  const { user } = await validateRequest();
-  if (user && !user?.hasOnboarded) {
-    redirect('/onboarding');
-  }
-  const streams = await prisma.streamInfo.findMany({
-    where: {
-      isLive: true,
-    },
-    include: {
-      channel: true,
-    },
-  });
-  if (!user) {
-    return <LandingPage />;
-  }
-  if (!streams.length) {
-    return (
-      <div className="flex justify-center items-center text-center flex-col pt-4 gap-2">
-        <h2>No streams found!!</h2>
-        <p>...maybe start one?</p>
-        <ConfusedDino className='w-40 h-40' />
-      </div>
-    );
-  }
-
-  return (
-    <div className="p-4">
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-6">
-        {streams.map((stream) => (
-          <Link href={`/${stream.username}`} key={stream.id}>
-            <Card className="overflow-hidden hover:shadow-lg transition-shadow">
-              <CardContent className="p-0">
-                <div className="relative">
-                  <Image
-                    src={`/api/stream/thumb/${stream.channel.name}`}
-                    width={512}
-                    height={512}
-                    alt={stream.title}
-                    className="w-full h-48 object-cover"
-                  />
-                  <div className="absolute bottom-2 left-2 bg-red-600 text-white text-xs font-bold px-2 py-1 rounded">
-                    LIVE
-                  </div>
-                  <div className="absolute bottom-2 right-2 bg-black bg-opacity-70 text-white text-xs px-2 py-1 rounded">
-                    {stream.viewers} viewers
-                  </div>
-                </div>
-                <div className="p-4">
-                  <div className="flex items-start">
-                    <Avatar className="h-10 w-10 mr-3">
-                      <AvatarImage src={stream.channel.pfpUrl} />
-                      <AvatarFallback>{stream.channel.name}</AvatarFallback>
-                    </Avatar>
-                    <div>
-                      <h3 className="font-semibold line-clamp-1">{stream.title}</h3>
-                      <p className="text-sm text-muted-foreground">{stream.category}</p>
-                    </div>
-                  </div>
-                </div>
-              </CardContent>
-            </Card>
-          </Link>
-        ))}
-      </div>
-    </div>
-  );
-}

apps/web/src/app/(ui)/(protected)/[username]/page.tsx

@@ -0,0 +1,39 @@
+import LiveStream from "@/components/app/Livestream/Livestream";
+import { prisma } from '@hctv/db';
+
+export default async function Page({ params }: { params: Promise<{ username: string }> }) {
+  const { username } = await params;
+  const streamInfo = await prisma.streamInfo.findUnique({
+    where: { username },
+    include: {
+      channel: {
+        include: {
+          restriction: true,
+        },
+      },
+    },
+  });
+  if (!streamInfo) {
+    return <div>Stream not found</div>;
+  }
+
+  if (streamInfo.channel.restriction) {
+    const isExpired = streamInfo.channel.restriction.expiresAt &&
+      new Date(streamInfo.channel.restriction.expiresAt) < new Date();
+    
+    if (!isExpired) {
+      return (
+        <div className="flex flex-col items-center justify-center h-[calc(100vh-64px)] p-4">
+          <h1 className="text-2xl font-bold text-destructive mb-2">Channel Restricted</h1>
+          <p className="text-muted-foreground text-center max-w-md">
+            This channel has been restricted by a moderator and is not currently available for viewing.
+          </p>
+        </div>
+      );
+    }
+  }
+
+  return (
+    <LiveStream username={username} streamInfo={streamInfo} />
+  );
+}

apps/web/src/app/(ui)/(protected)/admin/page.tsx

@@ -0,0 +1,17 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { redirect } from 'next/navigation';
+import AdminPanelClient from './page.client';
+
+export default async function AdminPage() {
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  if (!user.isAdmin) {
+    redirect('/');
+  }
+
+  return <AdminPanelClient currentUser={user} />;
+}

apps/web/src/app/(ui)/(protected)/admin/reports/[reportId]/page.client.tsx

@@ -0,0 +1,559 @@
+'use client';
+
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+import { format, formatDistanceToNow } from 'date-fns';
+import { toast } from 'sonner';
+import {
+  ArrowLeft,
+  Gavel,
+  Flag,
+  User,
+  MessageSquare,
+  Clock,
+  ShieldAlert,
+  ShieldOff,
+  ShieldCheck,
+  Trash2,
+  CheckCircle2,
+  XCircle,
+  AlertTriangle,
+  Timer,
+  Ban,
+  Unlock,
+  Info,
+} from 'lucide-react';
+import { Badge } from '@/components/ui/badge';
+import { Button } from '@/components/ui/button';
+import { Label } from '@/components/ui/label';
+import { Textarea } from '@/components/ui/textarea';
+import { Separator } from '@/components/ui/separator';
+import { cn } from '@/lib/utils';
+
+type ReportModerationAction =
+  | 'review'
+  | 'dismiss'
+  | 'delete_reported_message'
+  | 'timeout_10m'
+  | 'timeout_1h'
+  | 'ban_chat'
+  | 'lift_chat_ban'
+  | 'ban_platform'
+  | 'unban_platform';
+
+type ActionSeverity = 'info' | 'moderate' | 'severe';
+
+interface ActionOption {
+  value: ReportModerationAction;
+  label: string;
+  description: string;
+  severity: ActionSeverity;
+  requiresNote?: boolean;
+  icon: React.ReactNode;
+}
+
+const ACTION_OPTIONS: ActionOption[] = [
+  {
+    value: 'review',
+    label: 'Mark as reviewed',
+    description: 'Acknowledge the report without further action.',
+    severity: 'info',
+    icon: <CheckCircle2 className="h-4 w-4" />,
+  },
+  {
+    value: 'dismiss',
+    label: 'Dismiss',
+    description: 'Close this report as unfounded or resolved.',
+    severity: 'info',
+    icon: <XCircle className="h-4 w-4" />,
+  },
+  {
+    value: 'delete_reported_message',
+    label: 'Delete message',
+    description: 'Remove the reported message from the chat.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Trash2 className="h-4 w-4" />,
+  },
+  {
+    value: 'timeout_10m',
+    label: 'Timeout 10 minutes',
+    description: 'Prevent user from chatting for 10 minutes.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Timer className="h-4 w-4" />,
+  },
+  {
+    value: 'timeout_1h',
+    label: 'Timeout 1 hour',
+    description: 'Prevent user from chatting for 1 hour.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Timer className="h-4 w-4" />,
+  },
+  {
+    value: 'ban_chat',
+    label: 'Ban from chat',
+    description: 'Permanently ban user from chat.',
+    severity: 'severe',
+    requiresNote: true,
+    icon: <Ban className="h-4 w-4" />,
+  },
+  {
+    value: 'lift_chat_ban',
+    label: 'Lift chat ban',
+    description: 'Restore chat access for this user.',
+    severity: 'info',
+    requiresNote: true,
+    icon: <Unlock className="h-4 w-4" />,
+  },
+  {
+    value: 'ban_platform',
+    label: 'Ban from platform',
+    description: 'Permanently ban user from the entire platform.',
+    severity: 'severe',
+    requiresNote: true,
+    icon: <ShieldOff className="h-4 w-4" />,
+  },
+  {
+    value: 'unban_platform',
+    label: 'Unban from platform',
+    description: 'Restore platform access for this user.',
+    severity: 'info',
+    requiresNote: true,
+    icon: <ShieldCheck className="h-4 w-4" />,
+  },
+];
+
+const SEVERITY_STYLES: Record<
+  ActionSeverity,
+  { card: string; selected: string; icon: string; ring: string }
+> = {
+  info: {
+    card: 'border-border hover:border-muted-foreground/40 hover:bg-muted/30',
+    selected: 'border-primary bg-primary/5',
+    icon: 'text-muted-foreground',
+    ring: 'ring-primary/30',
+  },
+  moderate: {
+    card: 'border-border hover:border-amber-500/40 hover:bg-amber-500/5',
+    selected: 'border-amber-500 bg-amber-500/5',
+    icon: 'text-amber-500',
+    ring: 'ring-amber-500/30',
+  },
+  severe: {
+    card: 'border-border hover:border-destructive/40 hover:bg-destructive/5',
+    selected: 'border-destructive bg-destructive/5',
+    icon: 'text-destructive',
+    ring: 'ring-destructive/30',
+  },
+};
+
+const STATUS_CONFIG = {
+  OPEN: { label: 'Open', variant: 'destructive' as const, icon: <Flag className="h-3 w-3" /> },
+  REVIEWED: {
+    label: 'Reviewed',
+    variant: 'secondary' as const,
+    icon: <CheckCircle2 className="h-3 w-3" />,
+  },
+  DISMISSED: {
+    label: 'Dismissed',
+    variant: 'outline' as const,
+    icon: <XCircle className="h-3 w-3" />,
+  },
+};
+
+const ACTION_LABELS: Record<NonNullable<ChatReportCase['lastAction']>, string> = {
+  REVIEW: 'Marked as reviewed',
+  DISMISS: 'Dismissed',
+  DELETE_REPORTED_MESSAGE: 'Message deleted',
+  TIMEOUT_10M: 'User timed out (10m)',
+  TIMEOUT_1H: 'User timed out (1h)',
+  BAN_CHAT: 'Chat banned',
+  LIFT_CHAT_BAN: 'Chat ban lifted',
+  BAN_PLATFORM: 'Platform banned',
+  UNBAN_PLATFORM: 'Platform ban lifted',
+};
+
+function InfoRow({ label, children }: { label: string; children: React.ReactNode }) {
+  return (
+    <div className="flex flex-col gap-0.5">
+      <span className="text-[11px] font-medium uppercase tracking-wider text-muted-foreground">
+        {label}
+      </span>
+      <span className="text-sm">{children}</span>
+    </div>
+  );
+}
+
+function SectionLabel({ icon, children }: { icon: React.ReactNode; children: React.ReactNode }) {
+  return (
+    <div className="flex items-center gap-2 mb-3">
+      <span className="text-muted-foreground">{icon}</span>
+      <span className="text-xs font-semibold uppercase tracking-widest text-muted-foreground">
+        {children}
+      </span>
+    </div>
+  );
+}
+
+export default function ReportCasePageClient({ report }: ReportCasePageClientProps) {
+  const router = useRouter();
+  const [selectedAction, setSelectedAction] = useState<ReportModerationAction>('review');
+  const [note, setNote] = useState('');
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const selectedMeta = ACTION_OPTIONS.find((o) => o.value === selectedAction)!;
+  const requiresNote = Boolean(selectedMeta?.requiresNote);
+  const isSevere = selectedMeta?.severity === 'severe';
+
+  const statusConfig = STATUS_CONFIG[report.status];
+
+  const submitAction = async () => {
+    if (requiresNote && note.trim().length < 10) {
+      toast.error('Please include at least 10 characters for enforcement context.');
+      return;
+    }
+
+    setIsSubmitting(true);
+    try {
+      const res = await fetch('/api/admin/reports', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          reportId: report.id,
+          action: selectedAction,
+          note: note.trim() || undefined,
+        }),
+      });
+
+      if (!res.ok) {
+        const errorText = await res.text();
+        toast.error(errorText || 'Failed to apply action');
+        return;
+      }
+
+      toast.success('Report action applied');
+      setNote('');
+      router.refresh();
+    } catch {
+      toast.error('Failed to apply action');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const actionGroups: Array<{ label: string; actions: ActionOption[] }> = [
+    {
+      label: 'Informational',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'info'),
+    },
+    {
+      label: 'Moderation',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'moderate'),
+    },
+    {
+      label: 'Severe',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'severe'),
+    },
+  ];
+
+  return (
+    <div className="container max-w-5xl mx-auto py-8 px-4">
+      <div className="flex items-start justify-between gap-4 mb-8">
+        <div className="space-y-1">
+          <div className="flex items-center gap-3">
+            <h1 className="text-2xl font-bold tracking-tight">Report Case</h1>
+            <Badge
+              variant={statusConfig.variant}
+              className="flex items-center gap-1.5 text-xs px-2 py-0.5"
+            >
+              {statusConfig.icon}
+              {statusConfig.label}
+            </Badge>
+          </div>
+          <p className="text-xs text-muted-foreground font-mono">{report.id}</p>
+        </div>
+        <Button
+          variant="ghost"
+          size="sm"
+          onClick={() => router.push(`/admin?tab=reports&reportId=${report.id}`)}
+          className="shrink-0 gap-1.5"
+        >
+          <ArrowLeft className="h-4 w-4" />
+          Back to reports
+        </Button>
+      </div>
+
+      <div className="grid grid-cols-1 md:grid-cols-5 gap-6">
+        <div className="md:col-span-3 space-y-5">
+          {report.reportedMessage ? (
+            <div className="rounded-lg border border-border bg-muted/20 overflow-hidden">
+              <div className="px-4 py-3 border-b border-border bg-muted/30 flex items-center gap-2">
+                <MessageSquare className="h-3.5 w-3.5 text-muted-foreground" />
+                <span className="text-xs font-semibold uppercase tracking-wider text-muted-foreground">
+                  Reported message
+                </span>
+              </div>
+              <div className="px-4 py-4">
+                <p className="text-sm leading-relaxed break-words">{report.reportedMessage}</p>
+              </div>
+            </div>
+          ) : (
+            <div className="rounded-lg border border-dashed border-border px-4 py-5 flex items-center gap-3 text-muted-foreground">
+              <Info className="h-4 w-4 shrink-0" />
+              <span className="text-sm">No message content was captured with this report.</span>
+            </div>
+          )}
+
+          <div className="rounded-lg border border-border overflow-hidden">
+            <div className="px-4 py-3 border-b border-border bg-muted/20">
+              <SectionLabel icon={<User className="h-3.5 w-3.5" />}>Parties</SectionLabel>
+            </div>
+            <div className="px-4 py-4 grid grid-cols-2 gap-x-6 gap-y-4">
+              <InfoRow label="Reporter">
+                <span className="font-medium">{report.reporter}</span>
+              </InfoRow>
+              <InfoRow label="Target">
+                <div className="flex flex-wrap items-center gap-1.5">
+                  <span className="font-medium">{report.target}</span>
+                  {report.targetIsAdmin && (
+                    <Badge
+                      variant="outline"
+                      className="text-[10px] py-0 px-1.5 text-amber-500 border-amber-500/40"
+                    >
+                      Admin
+                    </Badge>
+                  )}
+                  {report.targetIsPlatformBanned && (
+                    <Badge
+                      variant="outline"
+                      className="text-[10px] py-0 px-1.5 text-destructive border-destructive/40"
+                    >
+                      Platform banned
+                    </Badge>
+                  )}
+                </div>
+              </InfoRow>
+              <InfoRow label="Channel">
+                <span className="font-mono text-xs bg-muted px-1.5 py-0.5 rounded">
+                  {report.channelName}
+                </span>
+              </InfoRow>
+              <InfoRow label="Reason">
+                <span>{report.reason}</span>
+              </InfoRow>
+            </div>
+          </div>
+
+          <div className="rounded-lg border border-border overflow-hidden">
+            <div className="px-4 py-3 border-b border-border bg-muted/20">
+              <SectionLabel icon={<Clock className="h-3.5 w-3.5" />}>Timeline</SectionLabel>
+            </div>
+            <div className="px-4 py-4 space-y-4">
+              <InfoRow label="Filed">
+                <span>
+                  {format(new Date(report.createdAt), 'PPP p')}{' '}
+                  <span className="text-muted-foreground text-xs">
+                    ({formatDistanceToNow(new Date(report.createdAt), { addSuffix: true })})
+                  </span>
+                </span>
+              </InfoRow>
+              {report.handledAt ? (
+                <InfoRow label="Last handled">
+                  <span>
+                    {format(new Date(report.handledAt), 'PPP p')}{' '}
+                    <span className="text-muted-foreground text-xs">
+                      ({formatDistanceToNow(new Date(report.handledAt), { addSuffix: true })})
+                    </span>
+                  </span>
+                </InfoRow>
+              ) : null}
+              <InfoRow label="Last action">
+                {report.lastAction ? (
+                  <span className="font-medium">{ACTION_LABELS[report.lastAction]}</span>
+                ) : (
+                  <span className="text-muted-foreground">None</span>
+                )}
+              </InfoRow>
+              <InfoRow label="Handled by">
+                {report.handledBy ? (
+                  <span className="font-medium">{report.handledBy}</span>
+                ) : (
+                  <span className="text-muted-foreground">—</span>
+                )}
+              </InfoRow>
+              {report.handlingNote ? (
+                <div className="pt-1">
+                  <span className="text-[11px] font-medium uppercase tracking-wider text-muted-foreground block mb-1.5">
+                    Last note
+                  </span>
+                  <p className="text-sm bg-muted/40 rounded-md px-3 py-2.5 leading-relaxed border border-border">
+                    {report.handlingNote}
+                  </p>
+                </div>
+              ) : null}
+            </div>
+          </div>
+
+          {report.targetIsAdmin && (
+            <div className="flex items-start gap-3 rounded-lg border border-amber-500/30 bg-amber-500/5 px-4 py-3">
+              <AlertTriangle className="h-4 w-4 text-amber-500 shrink-0 mt-0.5" />
+              <div className="text-sm text-amber-700 dark:text-amber-400 leading-snug">
+                <span className="font-semibold">Caution:</span> The reported user is a platform
+                admin. Enforcement actions will still apply.
+              </div>
+            </div>
+          )}
+        </div>
+
+        <div className="md:col-span-2">
+          <div className="rounded-lg border border-border overflow-hidden sticky top-6">
+            <div className="px-4 py-3 border-b border-border bg-muted/20 flex items-center gap-2">
+              <Gavel className="h-3.5 w-3.5 text-muted-foreground" />
+              <span className="text-xs font-semibold uppercase tracking-wider text-muted-foreground">
+                Enforcement
+              </span>
+            </div>
+
+            <div className="px-4 py-4 space-y-5">
+              {/* Action selector */}
+              <div className="space-y-3">
+                {actionGroups.map((group) => (
+                  <div key={group.label}>
+                    <p className="text-[10px] font-semibold uppercase tracking-widest text-muted-foreground mb-2">
+                      {group.label}
+                    </p>
+                    <div className="space-y-1.5">
+                      {group.actions.map((action) => {
+                        const isSelected = selectedAction === action.value;
+                        const styles = SEVERITY_STYLES[action.severity];
+                        return (
+                          <button
+                            key={action.value}
+                            type="button"
+                            onClick={() => setSelectedAction(action.value)}
+                            className={cn(
+                              'w-full flex items-start gap-3 rounded-md border px-3 py-2.5 text-left transition-all cursor-pointer',
+                              isSelected ? `${styles.selected} ring-1 ${styles.ring}` : styles.card
+                            )}
+                          >
+                            <span
+                              className={cn(
+                                'mt-0.5 shrink-0',
+                                isSelected ? styles.icon : 'text-muted-foreground'
+                              )}
+                            >
+                              {action.icon}
+                            </span>
+                            <div className="min-w-0">
+                              <p
+                                className={cn(
+                                  'text-sm font-medium leading-tight',
+                                  isSelected && action.severity === 'severe' && 'text-destructive',
+                                  isSelected &&
+                                    action.severity === 'moderate' &&
+                                    'text-amber-600 dark:text-amber-400'
+                                )}
+                              >
+                                {action.label}
+                              </p>
+                              <p className="text-[11px] text-muted-foreground mt-0.5 leading-snug">
+                                {action.description}
+                              </p>
+                            </div>
+                          </button>
+                        );
+                      })}
+                    </div>
+                  </div>
+                ))}
+              </div>
+
+              <Separator />
+
+              <div className="space-y-2">
+                <Label htmlFor="note" className="text-xs">
+                  Moderator note
+                  {requiresNote ? (
+                    <span className="text-destructive ml-1">*</span>
+                  ) : (
+                    <span className="text-muted-foreground ml-1">(optional)</span>
+                  )}
+                </Label>
+                <Textarea
+                  id="note"
+                  value={note}
+                  onChange={(e) => setNote(e.target.value)}
+                  placeholder="Explain why this action is being taken."
+                  rows={3}
+                  className="text-sm resize-none"
+                />
+                {requiresNote && (
+                  <p className="text-[11px] text-muted-foreground">Min. 10 characters required.</p>
+                )}
+              </div>
+
+              {isSevere && (
+                <div className="flex items-start gap-2.5 rounded-md border border-destructive/30 bg-destructive/5 px-3 py-2.5">
+                  <ShieldAlert className="h-4 w-4 text-destructive shrink-0 mt-0.5" />
+                  <p className="text-[12px] text-destructive leading-snug">
+                    This is a severe action may often not be easily undone. Double-check before
+                    applying.
+                  </p>
+                </div>
+              )}
+
+              <Button
+                onClick={submitAction}
+                disabled={isSubmitting}
+                variant={isSevere ? 'destructive' : 'default'}
+                className="w-full gap-2"
+                size="sm"
+              >
+                <Gavel className="h-3.5 w-3.5" />
+                {isSubmitting ? 'Applying…' : 'Apply action'}
+              </Button>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+// ─── Types ───────────────────────────────────────────────────────────────────
+
+interface ReportCasePageClientProps {
+  report: ChatReportCase;
+}
+
+interface ChatReportCase {
+  id: string;
+  status: 'OPEN' | 'REVIEWED' | 'DISMISSED';
+  reason: string;
+  reportedMessage: string | null;
+  reportedMessageId: string | null;
+  targetUsername: string | null;
+  channelName: string;
+  createdAt: string;
+  handledAt: string | null;
+  handlingNote: string | null;
+  lastAction:
+    | 'REVIEW'
+    | 'DISMISS'
+    | 'DELETE_REPORTED_MESSAGE'
+    | 'TIMEOUT_10M'
+    | 'TIMEOUT_1H'
+    | 'BAN_CHAT'
+    | 'LIFT_CHAT_BAN'
+    | 'BAN_PLATFORM'
+    | 'UNBAN_PLATFORM'
+    | null;
+  reporter: string;
+  target: string;
+  targetUserId: string | null;
+  targetIsAdmin: boolean;
+  targetIsPlatformBanned: boolean;
+  handledBy: string | null;
+}

apps/web/src/app/(ui)/(protected)/admin/reports/[reportId]/page.tsx

@@ -0,0 +1,96 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { notFound, redirect } from 'next/navigation';
+import ReportCasePageClient from './page.client';
+
+export default async function ReportCasePage({ params }: ReportCasePageProps) {
+  const { reportId } = await params;
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  if (!user.isAdmin) {
+    redirect('/');
+  }
+
+  const report = await prisma.chatUserReport.findUnique({
+    where: {
+      id: reportId,
+    },
+    include: {
+      channel: {
+        select: {
+          name: true,
+        },
+      },
+      reporter: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      targetUser: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+          ban: true,
+        },
+      },
+      handledBy: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  if (!report) {
+    notFound();
+  }
+
+  return (
+    <ReportCasePageClient
+      report={{
+        id: report.id,
+        status: report.status,
+        reason: report.reason,
+        reportedMessage: report.reportedMessage,
+        reportedMessageId: report.reportedMessageId,
+        targetUsername: report.targetUsername,
+        channelName: report.channel.name,
+        createdAt: report.createdAt.toISOString(),
+        handledAt: report.handledAt?.toISOString() ?? null,
+        handlingNote: report.handlingNote,
+        lastAction: report.lastAction,
+        reporter: report.reporter.personalChannel?.name ?? report.reporter.slack_id,
+        target:
+          report.targetUser?.personalChannel?.name ??
+          report.targetUsername ??
+          report.targetUserId ??
+          'unknown',
+        targetUserId: report.targetUserId,
+        targetIsAdmin: Boolean(report.targetUser?.isAdmin),
+        targetIsPlatformBanned: Boolean(report.targetUser?.ban),
+        handledBy: report.handledBy?.personalChannel?.name ?? report.handledBy?.slack_id ?? null,
+      }}
+    />
+  );
+}
+
+interface ReportCasePageProps {
+  params: Promise<{
+    reportId: string;
+  }>;
+}

apps/web/src/app/(ui)/(protected)/api/admin/audit/route.ts

@@ -0,0 +1,178 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const take = Math.min(Math.max(Number(searchParams.get('take') ?? 100), 10), 250);
+
+  const [adminLogs, chatLogs] = await Promise.all([
+    prisma.adminAuditLog.findMany({
+      orderBy: { createdAt: 'desc' },
+      take,
+      include: {
+        actor: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+      },
+    }),
+    prisma.chatModerationEvent.findMany({
+      orderBy: { createdAt: 'desc' },
+      take,
+      include: {
+        channel: {
+          select: {
+            id: true,
+            name: true,
+          },
+        },
+        moderator: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+        targetUser: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+      },
+    }),
+  ]);
+
+  const targetUserIds = [
+    ...new Set(adminLogs.map((log) => log.targetUserId).filter(Boolean)),
+  ] as string[];
+  const targetUsers =
+    targetUserIds.length > 0
+      ? await prisma.user.findMany({
+          where: {
+            id: {
+              in: targetUserIds,
+            },
+          },
+          include: {
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        })
+      : [];
+  const targetUserMap = new Map(
+    targetUsers.map((targetUser) => [
+      targetUser.id,
+      targetUser.personalChannel?.name ?? targetUser.slack_id,
+    ])
+  );
+  const targetUserAdminMap = new Map(
+    targetUsers.map((targetUser) => [targetUser.id, targetUser.isAdmin])
+  );
+
+  const actorIds = [
+    ...new Set([
+      ...adminLogs.map((log) => log.actorId),
+      ...chatLogs.map((log) => log.moderatorId),
+      ...chatLogs.map((log) => log.targetUserId).filter(Boolean),
+      ...targetUserIds,
+    ]),
+  ] as string[];
+
+  const modRoleUsers =
+    actorIds.length > 0
+      ? await prisma.user.findMany({
+          where: {
+            id: { in: actorIds },
+            OR: [
+              { ownedChannels: { some: {} } },
+              { managedChannels: { some: {} } },
+              { chatModeratedChannels: { some: {} } },
+            ],
+          },
+          select: {
+            id: true,
+          },
+        })
+      : [];
+  const channelModSet = new Set(modRoleUsers.map((user) => user.id));
+
+  const normalizedAdminLogs = adminLogs.map((log) => ({
+    id: log.id,
+    source: 'platform' as const,
+    action: log.action,
+    createdAt: log.createdAt,
+    actor: log.actor.personalChannel?.name ?? log.actor.slack_id,
+    target:
+      log.targetChannel ??
+      (log.targetUserId ? (targetUserMap.get(log.targetUserId) ?? log.targetUserId) : null),
+    reason: log.reason,
+    details: log.details,
+    actorMeta: {
+      isPlatformAdmin: log.actor.isAdmin,
+      isChannelModerator: channelModSet.has(log.actorId),
+    },
+    targetMeta: log.targetUserId
+      ? {
+          isPlatformAdmin: Boolean(targetUserAdminMap.get(log.targetUserId)),
+          isChannelModerator: channelModSet.has(log.targetUserId),
+        }
+      : null,
+  }));
+
+  const normalizedChatLogs = chatLogs.map((log) => ({
+    id: log.id,
+    source: 'chat' as const,
+    action: log.action,
+    createdAt: log.createdAt,
+    actor: log.moderator.personalChannel?.name ?? log.moderator.slack_id,
+    target: log.targetUser?.personalChannel?.name ?? log.channel.name,
+    reason: log.reason,
+    details: log.details,
+    channelName: log.channel.name,
+    actorMeta: {
+      isPlatformAdmin: log.moderator.isAdmin,
+      isChannelModerator: true,
+    },
+    targetMeta: log.targetUser
+      ? {
+          isPlatformAdmin: log.targetUser.isAdmin,
+          isChannelModerator: channelModSet.has(log.targetUser.id),
+        }
+      : null,
+  }));
+
+  const logs = [...normalizedAdminLogs, ...normalizedChatLogs]
+    .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime())
+    .slice(0, take);
+
+  return Response.json(logs);
+}

apps/web/src/app/(ui)/(protected)/api/admin/channels/route.ts

@@ -0,0 +1,142 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { AdminAuditAction, prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const search = searchParams.get('search') || '';
+
+  const channels = await prisma.channel.findMany({
+    where: search
+      ? {
+          OR: [
+            { name: { contains: search, mode: 'insensitive' } },
+            { description: { contains: search, mode: 'insensitive' } },
+          ],
+        }
+      : undefined,
+    include: {
+      restriction: true,
+      owner: {
+        select: {
+          id: true,
+          slack_id: true,
+          pfpUrl: true,
+          personalChannel: { select: { name: true } },
+        },
+      },
+      personalFor: {
+        select: {
+          id: true,
+        },
+      },
+    },
+    take: 50,
+  });
+  return Response.json(channels);
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    channelId: string;
+    action: 'restrict' | 'unrestrict';
+    reason?: string;
+    expiresAt?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const { channelId, action, reason, expiresAt } = body;
+
+  if (!channelId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  let expiresAtDate: Date | null = null;
+  if (expiresAt !== undefined && expiresAt !== null && expiresAt !== '') {
+    expiresAtDate = new Date(expiresAt);
+    if (isNaN(expiresAtDate.getTime())) {
+      return new Response('Invalid expiresAt date', { status: 400 });
+    }
+    if (expiresAtDate <= new Date()) {
+      return new Response('expiresAt must be a future date', { status: 400 });
+    }
+  }
+
+  const channel = await prisma.channel.findUnique({ where: { id: channelId } });
+  if (!channel) {
+    return new Response('Channel not found', { status: 404 });
+  }
+
+  if (action === 'restrict') {
+    if (!reason) {
+      return new Response('Reason is required for restricting', { status: 400 });
+    }
+
+    await prisma.channelRestriction.upsert({
+      where: { channelId },
+      update: {
+        reason,
+        restrictedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+      create: {
+        channelId,
+        reason,
+        restrictedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.CHANNEL_RESTRICTED,
+        actorId: user.id,
+        targetChannel: channel.name,
+        reason,
+        details: {
+          channelId,
+          expiresAt: expiresAtDate?.toISOString() ?? null,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'Channel restricted' });
+  }
+
+  if (action === 'unrestrict') {
+    const deleted = await prisma.channelRestriction.deleteMany({ where: { channelId } });
+    if (deleted.count === 0) {
+      return new Response('Channel does not have an active restriction', { status: 400 });
+    }
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.CHANNEL_UNRESTRICTED,
+        actorId: user.id,
+        targetChannel: channel.name,
+        details: {
+          channelId,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'Channel unrestricted' });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/admin/reports/route.ts

@@ -0,0 +1,529 @@
+import { validateRequest } from '@/lib/auth/validate';
+import {
+  AdminAuditAction,
+  ChatModerationAction,
+  ChatReportAction,
+  ChatReportStatus,
+  getRedisConnection,
+  prisma,
+} from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+const redis = getRedisConnection();
+const REPORT_ALREADY_HANDLED_ERROR = 'REPORT_ALREADY_HANDLED';
+const NO_ACTIVE_CHAT_BAN_ERROR = 'NO_ACTIVE_CHAT_BAN';
+const NO_ACTIVE_PLATFORM_BAN_ERROR = 'NO_ACTIVE_PLATFORM_BAN';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const take = Math.min(Math.max(Number(searchParams.get('take') ?? 100), 10), 250);
+  const reportId = searchParams.get('reportId')?.trim();
+
+  const reports = await prisma.chatUserReport.findMany({
+    orderBy: { createdAt: 'desc' },
+    take,
+    include: {
+      channel: {
+        select: {
+          name: true,
+        },
+      },
+      reporter: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      targetUser: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      handledBy: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  const normalizedReports = reports.map((report) => ({
+    id: report.id,
+    status: report.status,
+    reason: report.reason,
+    reportedMessage: report.reportedMessage,
+    reportedMessageId: report.reportedMessageId,
+    targetUsername: report.targetUsername,
+    channelName: report.channel.name,
+    createdAt: report.createdAt,
+    handledAt: report.handledAt,
+    handlingNote: report.handlingNote,
+    lastAction: report.lastAction,
+    reporter: report.reporter.personalChannel?.name ?? report.reporter.slack_id,
+    handledBy: report.handledBy?.personalChannel?.name ?? report.handledBy?.slack_id ?? null,
+    target:
+      report.targetUser?.personalChannel?.name ??
+      report.targetUsername ??
+      report.targetUserId ??
+      'unknown',
+  }));
+
+  return Response.json({
+    reports: normalizedReports,
+    reportId,
+  });
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    reportId?: string;
+    action?:
+      | 'review'
+      | 'dismiss'
+      | 'delete_reported_message'
+      | 'timeout_10m'
+      | 'timeout_1h'
+      | 'ban_chat'
+      | 'lift_chat_ban'
+      | 'ban_platform'
+      | 'unban_platform';
+    note?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const reportId = body.reportId?.trim();
+  const action = body.action;
+  const note = body.note?.trim() || null;
+
+  if (!reportId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  const report = await prisma.chatUserReport.findUnique({
+    where: { id: reportId },
+    include: {
+      channel: {
+        select: {
+          id: true,
+          name: true,
+        },
+      },
+      targetUser: {
+        select: {
+          id: true,
+          isAdmin: true,
+        },
+      },
+    },
+  });
+
+  if (!report) {
+    return new Response('Report not found', { status: 404 });
+  }
+
+  const targetUserId = report.targetUserId ?? report.targetUser?.id ?? null;
+  const isTargetAdmin = Boolean(report.targetUser?.isAdmin);
+
+  if (
+    (action === 'ban_platform' ||
+      action === 'ban_chat' ||
+      action === 'timeout_10m' ||
+      action === 'timeout_1h') &&
+    isTargetAdmin
+  ) {
+    return new Response('Cannot enforce this action on an admin user', { status: 400 });
+  }
+
+  const reportPatchBase = {
+    handledById: user.id,
+    handledAt: new Date(),
+    handlingNote: note,
+  };
+
+  if (action === 'review') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction: ChatReportAction.REVIEW,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_REVIEWED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'dismiss') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.DISMISSED,
+            lastAction: ChatReportAction.DISMISS,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_DISMISSED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'delete_reported_message') {
+    if (!report.reportedMessageId) {
+      return new Response('No reported message id available for this report', { status: 400 });
+    }
+
+    const channelKey = `chat:history:${report.channel.name}`;
+    const history = await redis.zrange(channelKey, 0, -1);
+    let deleted = false;
+
+    for (const entry of history) {
+      try {
+        const parsed = JSON.parse(entry) as { msgId?: string };
+        if (parsed.msgId === report.reportedMessageId) {
+          await redis.zrem(channelKey, entry);
+          deleted = true;
+          break;
+        }
+      } catch {
+        continue;
+      }
+    }
+
+    if (!deleted) {
+      return new Response('Reported message was not found in chat history', { status: 404 });
+    }
+
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction: ChatReportAction.DELETE_REPORTED_MESSAGE,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.chatModerationEvent.create({
+          data: {
+            action: ChatModerationAction.MESSAGE_DELETED,
+            channelId: report.channel.id,
+            moderatorId: user.id,
+            targetUserId,
+            reason: note ?? 'Message deleted from report review',
+            details: {
+              reportId,
+              msgId: report.reportedMessageId,
+            } as any,
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement: 'DELETE_REPORTED_MESSAGE',
+              msgId: report.reportedMessageId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (!targetUserId) {
+    return new Response('Report target is unavailable', { status: 400 });
+  }
+
+  if (
+    action === 'timeout_10m' ||
+    action === 'timeout_1h' ||
+    action === 'ban_chat' ||
+    action === 'lift_chat_ban'
+  ) {
+    const timeoutSeconds = action === 'timeout_10m' ? 600 : action === 'timeout_1h' ? 3600 : null;
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction:
+              action === 'timeout_10m'
+                ? ChatReportAction.TIMEOUT_10M
+                : action === 'timeout_1h'
+                  ? ChatReportAction.TIMEOUT_1H
+                  : action === 'ban_chat'
+                    ? ChatReportAction.BAN_CHAT
+                    : ChatReportAction.LIFT_CHAT_BAN,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        if (action === 'lift_chat_ban') {
+          const deleted = await tx.chatUserBan.deleteMany({
+            where: {
+              channelId: report.channel.id,
+              userId: targetUserId,
+            },
+          });
+          if (deleted.count === 0) {
+            throw new Error(NO_ACTIVE_CHAT_BAN_ERROR);
+          }
+        } else {
+          await tx.chatUserBan.upsert({
+            where: {
+              channelId_userId: {
+                channelId: report.channel.id,
+                userId: targetUserId,
+              },
+            },
+            create: {
+              channelId: report.channel.id,
+              userId: targetUserId,
+              bannedById: user.id,
+              reason: note ?? report.reason,
+              expiresAt: timeoutSeconds ? new Date(Date.now() + timeoutSeconds * 1000) : null,
+            },
+            update: {
+              bannedById: user.id,
+              reason: note ?? report.reason,
+              expiresAt: timeoutSeconds ? new Date(Date.now() + timeoutSeconds * 1000) : null,
+            },
+          });
+        }
+
+        await tx.chatModerationEvent.create({
+          data: {
+            action:
+              action === 'lift_chat_ban'
+                ? ChatModerationAction.USER_UNBANNED
+                : action === 'ban_chat'
+                  ? ChatModerationAction.USER_BANNED
+                  : ChatModerationAction.USER_TIMEOUT,
+            channelId: report.channel.id,
+            moderatorId: user.id,
+            targetUserId,
+            reason: note ?? report.reason,
+            details:
+              timeoutSeconds === null
+                ? ({ reportId } as any)
+                : ({ reportId, durationSeconds: timeoutSeconds } as any),
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement:
+                action === 'timeout_10m'
+                  ? 'TIMEOUT_10M'
+                  : action === 'timeout_1h'
+                    ? 'TIMEOUT_1H'
+                    : action === 'ban_chat'
+                      ? 'BAN_CHAT'
+                      : 'LIFT_CHAT_BAN',
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      if (error instanceof Error && error.message === NO_ACTIVE_CHAT_BAN_ERROR) {
+        return new Response('User does not have an active chat ban for this channel', {
+          status: 400,
+        });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'ban_platform' || action === 'unban_platform') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction:
+              action === 'ban_platform'
+                ? ChatReportAction.BAN_PLATFORM
+                : ChatReportAction.UNBAN_PLATFORM,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        if (action === 'ban_platform') {
+          await tx.userBan.upsert({
+            where: { userId: targetUserId },
+            update: {
+              reason: note ?? report.reason,
+              bannedBy: user.id,
+              expiresAt: null,
+            },
+            create: {
+              userId: targetUserId,
+              reason: note ?? report.reason,
+              bannedBy: user.id,
+              expiresAt: null,
+            },
+          });
+        } else {
+          const deleted = await tx.userBan.deleteMany({ where: { userId: targetUserId } });
+          if (deleted.count === 0) {
+            throw new Error(NO_ACTIVE_PLATFORM_BAN_ERROR);
+          }
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action:
+              action === 'ban_platform'
+                ? AdminAuditAction.USER_BANNED
+                : AdminAuditAction.USER_UNBANNED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              source: 'CHAT_REPORT',
+            } as any,
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement: action === 'ban_platform' ? 'BAN_PLATFORM' : 'UNBAN_PLATFORM',
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      if (error instanceof Error && error.message === NO_ACTIVE_PLATFORM_BAN_ERROR) {
+        return new Response('User does not have an active platform ban', { status: 400 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/admin/users/route.ts

@@ -0,0 +1,178 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { AdminAuditAction, prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const search = searchParams.get('search') || '';
+
+  const users = await prisma.user.findMany({
+    where: search
+      ? {
+          OR: [
+            { slack_id: { contains: search, mode: 'insensitive' } },
+            { email: { contains: search, mode: 'insensitive' } },
+            { personalChannel: { name: { contains: search, mode: 'insensitive' } } },
+          ],
+          hasOnboarded: true,
+        }
+      : undefined,
+    include: {
+      ban: true,
+      personalChannel: { select: { name: true } },
+    },
+    take: 50,
+  });
+  return Response.json(users);
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    userId: string;
+    action: 'ban' | 'unban' | 'promote' | 'demote';
+    reason?: string;
+    expiresAt?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const { userId, action, reason, expiresAt } = body;
+
+  if (!userId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  let expiresAtDate: Date | null = null;
+  if (expiresAt !== undefined && expiresAt !== null && expiresAt !== '') {
+    expiresAtDate = new Date(expiresAt);
+    if (isNaN(expiresAtDate.getTime())) {
+      return new Response('Invalid expiresAt date', { status: 400 });
+    }
+    if (expiresAtDate <= new Date()) {
+      return new Response('expiresAt must be a future date', { status: 400 });
+    }
+  }
+
+  const targetUser = await prisma.user.findUnique({ where: { id: userId } });
+  if (!targetUser) {
+    return new Response('User not found', { status: 404 });
+  }
+
+  if (action === 'ban') {
+    if (targetUser.isAdmin) {
+      return new Response('Cannot ban an admin', { status: 400 });
+    }
+
+    if (!reason) {
+      return new Response('Reason is required for banning', { status: 400 });
+    }
+
+    await prisma.userBan.upsert({
+      where: { userId },
+      update: {
+        reason,
+        bannedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+      create: {
+        userId,
+        reason,
+        bannedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_BANNED,
+        actorId: user.id,
+        targetUserId: userId,
+        reason,
+        details: {
+          expiresAt: expiresAtDate?.toISOString() ?? null,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User banned' });
+  }
+
+  if (action === 'unban') {
+    const deleted = await prisma.userBan.deleteMany({ where: { userId } });
+    if (deleted.count === 0) {
+      return new Response('User does not have an active platform ban', { status: 400 });
+    }
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_UNBANNED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User unbanned' });
+  }
+
+  if (action === 'promote') {
+    if (targetUser.isAdmin) {
+      return new Response('User is already an admin', { status: 400 });
+    }
+
+    await prisma.user.update({
+      where: { id: userId },
+      data: { isAdmin: true },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_PROMOTED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User promoted to admin' });
+  }
+
+  if (action === 'demote') {
+    if (!targetUser.isAdmin) {
+      return new Response('User is not an admin', { status: 400 });
+    }
+
+    if (targetUser.id === user.id) {
+      return new Response('Cannot demote yourself', { status: 400 });
+    }
+
+    await prisma.user.update({
+      where: { id: userId },
+      data: { isAdmin: false },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_DEMOTED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User demoted from admin' });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/commit/route.ts

@@ -0,0 +1,6 @@
+export function GET() {
+  return Response.json({
+    version: process.env.version,
+    commit: process.env.commit,
+  });
+}

apps/web/src/app/(ui)/(protected)/api/mediamtx/publish/route.ts

@@ -0,0 +1,96 @@
+import { prisma, getRedisConnection } from '@hctv/db';
+import { recordMediamtxAuth } from '@/lib/metrics';
+import { NextRequest } from 'next/server';
+import { z } from 'zod';
+
+export async function POST(request: NextRequest) {
+  const startedAt = performance.now();
+  let action = 'invalid';
+  let protocol = 'invalid';
+
+  const finish = (body: string, status: number, outcome: string) => {
+    recordMediamtxAuth(action, protocol, outcome, (performance.now() - startedAt) / 1000);
+    return new Response(body, { status });
+  };
+
+  const redis = getRedisConnection();
+  const body = await request.json();
+
+  if (process.env.NODE_ENV !== 'production') {
+    console.log('Mediamtx publish auth request:', JSON.stringify(body, null, 2));
+  }
+  const parsed = schema.safeParse(body);
+
+  if (!parsed.success) {
+    return finish('invalid request', 400, 'invalid_request');
+  }
+  const { action: parsedAction, protocol: parsedProtocol, path, password } = parsed.data;
+  action = parsedAction;
+  protocol = parsedProtocol;
+
+  if (parsedAction === 'publish' && parsedProtocol === 'srt') {
+    const channelKey = await redis.get(`streamKey:${path}`);
+
+    if (channelKey) {
+      if (channelKey !== password) {
+        return finish('invalid stream key', 403, 'invalid_stream_key');
+      }
+
+      const channel = await prisma.channel.findUnique({
+        where: { name: path },
+        include: {
+          restriction: true,
+          owner: {
+            include: { ban: true },
+          },
+          streamInfo: true,
+        },
+      });
+
+      if (channel?.restriction) {
+        const isExpired =
+          channel.restriction.expiresAt && new Date(channel.restriction.expiresAt) < new Date();
+        if (!isExpired) {
+          return finish('channel restricted', 403, 'channel_restricted');
+        }
+      }
+
+      if (channel?.owner?.ban) {
+        const isExpired =
+          channel.owner.ban.expiresAt && new Date(channel.owner.ban.expiresAt) < new Date();
+        if (!isExpired) {
+          return finish('user banned', 403, 'user_banned');
+        }
+      }
+
+      if (channel?.streamInfo[0].isLive) {
+        return finish('stream already live', 403, 'stream_already_live');
+      }
+
+      return finish('youre in yay', 200, 'authorized_publish');
+    }
+  } else if (parsedAction === 'read' && parsedProtocol === 'hls') {
+    if (password === process.env.MEDIAMTX_PUBLISH_KEY) {
+      return finish('authorized (hls read key for thumbs)', 200, 'authorized_thumbnail');
+    }
+    const sessionExists = await redis.exists(`sessions:${password}`);
+    if (!sessionExists) {
+      return finish('unauthorized', 401, 'unauthorized_session');
+    }
+    return finish('authorized', 200, 'authorized_read');
+  }
+
+  return finish('uhh', 401, 'unauthorized');
+}
+
+const schema = z.object({
+  user: z.string(),
+  password: z.string(),
+  token: z.string(),
+  ip: z.string(),
+  action: z.enum(['publish', 'read', 'playback', 'api', 'metrics', 'pprof']),
+  path: z.string(),
+  protocol: z.enum(['rtsp', 'rtmp', 'hls', 'webrtc', 'srt']),
+  id: z.string().nullable(),
+  query: z.string(),
+});

apps/web/src/app/(ui)/(protected)/api/rtmp/publish/route.ts

@@ -0,0 +1,57 @@
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function POST(request: NextRequest) {
+  const formData = await request.formData();
+  const streamKey = formData.get('name');
+  if (typeof streamKey !== 'string') {
+    return new Response('bad request', {
+      status: 400,
+    });
+  }
+
+  const key = await prisma.streamKey.findFirst({
+    where: {
+      key: streamKey,
+    },
+    include: {
+      channel: {
+        include: {
+          restriction: true,
+          owner: {
+            include: { ban: true },
+          },
+        },
+      },
+    },
+  });
+
+  if (!key) {
+    return new Response('nay', {
+      status: 403,
+    });
+  }
+
+  if (key.channel.restriction) {
+    const isExpired = key.channel.restriction.expiresAt &&
+      new Date(key.channel.restriction.expiresAt) < new Date();
+    if (!isExpired) {
+      return new Response('channel restricted', { status: 403 });
+    }
+  }
+
+  if (key.channel.owner?.ban) {
+    const isExpired = key.channel.owner.ban.expiresAt &&
+      new Date(key.channel.owner.ban.expiresAt) < new Date();
+    if (!isExpired) {
+      return new Response('user banned', { status: 403 });
+    }
+  }
+
+  return new Response('', {
+    status: 302,
+    headers: {
+      'Location': key.channel.name,
+    },
+  });
+}

apps/web/src/app/(ui)/(protected)/api/rtmp/streamKey/route.ts

@@ -1,6 +1,7 @@
 import { validateRequest } from '@/lib/auth/validate';
 import { prisma } from '@hctv/db';
 import { NextRequest } from "next/server";
+import { regenerateStreamKey } from '@/lib/db/streamKey';
 
 export async function POST(request: NextRequest) {
   const { user } = await validateRequest();
@@ -11,6 +12,10 @@ export async function POST(request: NextRequest) {
     return new Response('Unauthorized', { status: 401 });
   }
 
+  if (!channel || typeof channel !== 'string') {
+    return new Response('Bad Request', { status: 400 });
+  }
+
   const channelInfo = await prisma.channel.findUnique({
     where: { name: channel },
     include: {
@@ -30,20 +35,9 @@ export async function POST(request: NextRequest) {
     return new Response('Unauthorized', { status: 401 });
   }
 
-  const dbUpdate = await prisma.streamKey.upsert({
-    create: {
-      key: crypto.randomUUID(),
-      channelId: channelInfo.id
-    },
-    update: {
-      key: crypto.randomUUID()
-    },
-    where: {
-      channelId: channelInfo.id
-    }
-  })
+  const streamKey = await regenerateStreamKey(channelInfo.id, channel);
 
-  return new Response(JSON.stringify({ key: dbUpdate.key }), {
+  return new Response(JSON.stringify({ key: streamKey.key }), {
     status: 200,
     headers: {
       'Content-Type': 'application/json'

apps/web/src/app/(ui)/(protected)/api/settings/bot/[slug]/apiKey/route.ts

@@ -0,0 +1,124 @@
+import { validateRequest } from "@/lib/auth/validate";
+import { prisma } from "@hctv/db";
+import { NextRequest } from "next/server";
+import { z } from "zod";
+
+type Params = Promise<{ slug: string }>;
+
+export async function POST(request: NextRequest, segmentData: { params: Params }) {
+  const { slug } = await segmentData.params;
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response(JSON.stringify({ success: false, error: 'Unauthorized' }), { status: 401 });
+  }
+
+  const bodySchema = z.object({
+    action: z.enum(['revoke', 'regenerate', 'create']),
+    name: z.string().min(3, 'Name must be at least 3 characters long').max(50, 'Name must be at most 50 characters long'),
+  });
+  const body = await request.json();
+  const parsedBody = bodySchema.safeParse(body);
+  if (!parsedBody.success) {
+    return new Response(JSON.stringify({ success: false, error: parsedBody.error.errors.map(e => e.message).join(', ') }), { status: 400 });
+  }
+
+  const { action, name } = parsedBody.data;
+
+  if (action === 'create') {
+    const exists = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (exists) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key with this name already exists' }), { status: 400 });
+    }
+    const newKey = await prisma.botApiKey.create({
+      data: {
+        name,
+        botAccount: {
+          connect: {
+            ownerId: user.id,
+            slug,
+          }
+        },
+        key: generateApiKey(),
+      }
+    });
+    return new Response(JSON.stringify({ success: true, apiKey: newKey.key, id: newKey.id }));
+  }
+  if (action === 'regenerate') {
+    const existingKey = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (!existingKey) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key not found' }), { status: 404 });
+    }
+    const newKey = generateApiKey();
+    await prisma.botApiKey.update({
+      where: { id: existingKey.id },
+      data: { key: newKey },
+    });
+    return new Response(JSON.stringify({ success: true, apiKey: newKey, id: existingKey.id }));
+  }
+  if (action === 'revoke') {
+    const existingKey = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (!existingKey) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key not found' }), { status: 404 });
+    }
+    await prisma.botApiKey.delete({
+      where: { id: existingKey.id },
+    });
+    return new Response(JSON.stringify({ success: true }));
+  }
+  return new Response(JSON.stringify({ success: false, error: 'Invalid action' }), { status: 400 });
+}
+
+export async function GET(request: NextRequest, segmentData: { params: Params }) {
+  const { slug } = await segmentData.params;
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response(JSON.stringify({ success: false, error: 'Unauthorized' }), { status: 401 });
+  }
+
+  const apiKeys = await prisma.botApiKey.findMany({
+    where: {
+      botAccount: {
+        ownerId: user.id,
+        slug,
+      }
+    },
+    select: {
+      id: true,
+      name: true,
+      createdAt: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    }
+  });
+  return new Response(JSON.stringify({ success: true, apiKeys }));
+}
+
+function generateApiKey() {
+  const uuid = crypto.randomUUID().replace(/-/g, '');
+  return `hctvb_${uuid}`;
+}

apps/web/src/app/(ui)/(protected)/api/stream/chat/report/route.ts

@@ -0,0 +1,107 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma, getRedisConnection } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+const RATE_LIMIT_WINDOW_SECONDS = 10 * 60;
+const RATE_LIMIT_MAX_REPORTS = 5;
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+
+  let body: {
+    channelName?: string;
+    targetUserId?: string;
+    targetUsername?: string;
+    msgId?: string;
+    message?: string;
+    reason?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const channelName = body.channelName?.trim();
+  const targetUserId = body.targetUserId?.trim();
+  const reason = body.reason?.trim();
+
+  if (!channelName || !targetUserId || !reason) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  if (targetUserId === user.id) {
+    return new Response('You cannot report yourself', { status: 400 });
+  }
+
+  if (reason.length < 10 || reason.length > 1000) {
+    return new Response('Reason must be between 10 and 1000 characters', { status: 400 });
+  }
+
+  const redis = getRedisConnection();
+  const rateLimitKey = `report_rl:${user.id}`;
+  const currentCount = await redis.incr(rateLimitKey);
+  if (currentCount === 1) {
+    await redis.expire(rateLimitKey, RATE_LIMIT_WINDOW_SECONDS);
+  }
+  if (currentCount > RATE_LIMIT_MAX_REPORTS) {
+    return new Response('Too many reports submitted. Please wait before submitting more.', {
+      status: 429,
+    });
+  }
+
+  const [channel, targetUser] = await Promise.all([
+    prisma.channel.findUnique({
+      where: { name: channelName },
+      select: { id: true },
+    }),
+    prisma.user.findUnique({
+      where: { id: targetUserId },
+      select: { id: true, personalChannel: { select: { name: true } } },
+    }),
+  ]);
+
+  if (!channel) {
+    return new Response('Channel not found', { status: 404 });
+  }
+
+  if (!targetUser) {
+    return new Response('Target user not found', { status: 404 });
+  }
+
+  const msgId = body.msgId?.trim() || null;
+  const duplicateCheck = await prisma.chatUserReport.findFirst({
+    where: {
+      channelId: channel.id,
+      reporterId: user.id,
+      targetUserId: targetUser.id,
+      reportedMessageId: msgId,
+      status: 'OPEN',
+    },
+    select: { id: true },
+  });
+
+  if (duplicateCheck) {
+    return new Response('You have already submitted an open report for this message.', {
+      status: 409,
+    });
+  }
+
+  await prisma.chatUserReport.create({
+    data: {
+      channelId: channel.id,
+      reporterId: user.id,
+      targetUserId: targetUser.id,
+      targetUsername: body.targetUsername?.trim() || targetUser.personalChannel?.name || null,
+      reportedMessageId: msgId,
+      reportedMessage: body.message?.trim().slice(0, 1000) || null,
+      reason,
+    },
+  });
+
+  return Response.json({ success: true });
+}

apps/web/src/app/(ui)/(protected)/api/stream/follow/route.ts

@@ -103,7 +103,7 @@ export async function POST(request: NextRequest) {
     });
 
     await queue.add(`newFollow:${username}`, {
-      text: `You started following \`${username}\`!\n_Stream notifications are enabled by default. If you want to disable them, you can do so in \`Profile > Notifications\`._`,
+      text: `You started following \`${username}\`!\n_Stream notifications are disabled by default. If you want to enable them, you can do so in \`Profile > Notifications\`._`,
       channel: user.slack_id,
     });
   }

apps/web/src/app/(ui)/(protected)/api/stream/info/route.ts

@@ -0,0 +1,92 @@
+// FIXME: THIS EFFING SUCKS OH MY GOD
+
+import { validateRequest } from '@/lib/auth/validate';
+import { Prisma, prisma } from '@hctv/db';
+import type { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const searchParams = request.nextUrl.searchParams;
+  const shouldGetOwned = searchParams.get('owned') === 'true';
+  const allPersonalChannels = searchParams.get('personal') === 'true';
+  const isLive = searchParams.get('live') === 'true';
+  const username = searchParams.get('username');
+  const { user } = await validateRequest();
+
+  if ((shouldGetOwned || allPersonalChannels) && !user) {
+    return new Response('No user found in cookies', { status: 401 });
+  }
+
+  const where: Prisma.StreamInfoWhereInput = {};
+  const channelConditions: Prisma.ChannelWhereInput[] = [];
+
+  if (username) {
+    where.username = username;
+  }
+
+  if (shouldGetOwned && user) {
+    channelConditions.push({ ownerId: user.id });
+    channelConditions.push({ managers: { some: { id: user.id } } });
+  }
+
+  if (allPersonalChannels) {
+    channelConditions.push({
+      personalFor: {
+        isNot: null,
+      },
+    });
+  }
+
+  if (isLive) {
+    where.isLive = true;
+  }
+
+  if (channelConditions.length > 0) {
+    where.channel =
+      channelConditions.length === 1 ? channelConditions[0] : { OR: channelConditions };
+  }
+
+  const db = await prisma.streamInfo.findMany({
+    where,
+    include: {
+      channel: {
+        include: {
+          personalFor: true,
+          restriction: {
+            select: {
+              id: true,
+              expiresAt: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  db.forEach((obj) => {
+    if (obj.channel.personalFor) {
+      // @ts-ignore
+      delete obj.channel.personalFor.email;
+    }
+    // @ts-ignore
+    delete obj.channel.obsChatGrantToken;
+
+    if (obj.channel.restriction) {
+      const isExpired =
+        obj.channel.restriction.expiresAt &&
+        new Date(obj.channel.restriction.expiresAt) < new Date();
+      if (isExpired) {
+        // @ts-ignore
+        obj.channel.restriction = null;
+      } else {
+        // @ts-ignore
+        obj.channel.isRestricted = true;
+        // @ts-ignore
+        obj.channel.restrictionExpiresAt = obj.channel.restriction.expiresAt;
+        // @ts-ignore
+        delete obj.channel.restriction;
+      }
+    }
+  });
+
+  return Response.json(db);
+}

apps/web/src/app/(ui)/(protected)/api/stream/thumb/[username]/route.ts

@@ -12,8 +12,7 @@ export async function GET(request: Request, { params }: { params: Promise<{ user
     return new Response("nuh uh", { status: 403 });
   }
 
-  const basePath = '/dev/shm/hctv-thumb';
-  const filePath = `${basePath}/${username}.webp`;
+  const filePath = `/dev/shm/hctv-thumb/${username}.webp`;
 
   if (!fs.existsSync(filePath)) {
     return new Response("Not Found", { status: 404 });

apps/web/src/app/(ui)/(protected)/api/uploadthing/route.ts

@@ -0,0 +1,8 @@
+import { createRouteHandler } from "uploadthing/next";
+
+import { ourFileRouter } from "@/lib/services/uploadthing/fileRouter";
+
+// Export routes for Next App Router
+export const { GET, POST } = createRouteHandler({
+  router: ourFileRouter,
+});

apps/web/src/app/(ui)/(protected)/layout.tsx

@@ -0,0 +1,42 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { redirect, RedirectType } from 'next/navigation';
+import { prisma } from '@hctv/db';
+
+export default async function Layout({ children }: { children: React.ReactNode }) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return redirect('/auth/hackclub');
+  }
+  if (!user.hasOnboarded) {
+    return redirect(`/onboarding`, RedirectType.push);
+  }
+
+  const ban = await prisma.userBan.findUnique({
+    where: { userId: user.id },
+  });
+
+  if (ban) {
+    const isExpired = ban.expiresAt && new Date(ban.expiresAt) < new Date();
+    if (!isExpired) {
+      return (
+        <div className="flex flex-col items-center justify-center min-h-screen">
+          <h1 className="text-3xl font-bold text-destructive mb-4">Account Suspended</h1>
+          <p className="text-muted-foreground text-center max-w-md mb-4">
+            Your account has been suspended from hackclub.tv.
+          </p>
+          <div className="bg-muted p-4 rounded-lg max-w-md">
+            <p className="text-sm font-medium">Reason:</p>
+            <p className="text-sm text-muted-foreground">{ban.reason}</p>
+          </div>
+          {ban.expiresAt && (
+            <p className="text-sm text-muted-foreground mt-4">
+              Expires: {new Date(ban.expiresAt).toLocaleDateString()}
+            </p>
+          )}
+        </div>
+      );
+    }
+  }
+
+  return children;
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/apikeys.tsx

@@ -0,0 +1,221 @@
+'use client';
+
+import { Button } from '@/components/ui/button';
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardFooter,
+  CardHeader,
+  CardTitle,
+} from '@/components/ui/card';
+import { Input } from '@/components/ui/input';
+import { Skeleton } from '@/components/ui/skeleton';
+import { fetcher } from '@/lib/services/swr';
+import { useConfirm } from '@omit/react-confirm-dialog';
+import { Plus, RefreshCcw, Trash } from 'lucide-react';
+import { useState } from 'react';
+import { toast } from 'sonner';
+import useSWR from 'swr';
+import useSWRMutation from 'swr/mutation';
+
+export function ApiKeys({ slug }: { slug: string }) {
+  const confirm = useConfirm();
+  const [newApiKeyName, setNewApiKeyName] = useState('');
+  const { data, error, isLoading, mutate } = useSWR<GetResponse>(
+    `/api/settings/bot/${slug}/apiKey`,
+    fetcher
+  );
+  const { trigger } = useSWRMutation(`/api/settings/bot/${slug}/apiKey`, createApiKey);
+
+  const apiKeyCreate = () => {
+    if (newApiKeyName.trim().length < 3) {
+      toast.error('API Key name must be at least 3 characters long');
+      return;
+    }
+    if (newApiKeyName.trim().length > 50) {
+      toast.error('API Key name must be at most 50 characters long');
+      return;
+    }
+    trigger({ action: 'create', name: newApiKeyName }).then(
+      async (res: PostResponse) => {
+        if (res.success) {
+          setNewApiKeyName('');
+          await navigator.clipboard
+            .writeText(res.apiKey || '')
+            .then(() => toast.success('API key copied to clipboard'))
+            .catch(() => {
+              alert('Failed to copy API key to clipboard, here it is: ' + res.apiKey);
+            });
+          await mutate();
+        } else {
+          toast.error(res.error || 'Error creating API key');
+        }
+      }
+    );
+  };
+
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>API Keys</CardTitle>
+        <CardDescription>Manage your API keys</CardDescription>
+      </CardHeader>
+      <CardContent>
+        {isLoading && <ApiKeysSkeleton />}
+        {error && <p>Error loading API keys</p>}
+        {data && !data.success && <p>Error: Could not fetch API keys</p>}
+        {data && (
+          <div className="flex">
+            <Input
+              placeholder="New API Key Name"
+              className="flex-1 mr-2"
+              value={newApiKeyName}
+              onChange={(e) => setNewApiKeyName(e.target.value)}
+              onKeyDown={(e) => {
+                if (e.key === 'Enter') {
+                  apiKeyCreate();
+                }
+              }}
+            />
+            <Button
+              size="icon"
+              onClick={apiKeyCreate}
+            >
+              <Plus />
+            </Button>
+          </div>
+        )}
+        {data && data.success && data.apiKeys.length === 0 && <p>No API keys found</p>}
+        {data && data.success && data.apiKeys.length > 0 && (
+          <ul className="space-y-2 pt-4">
+            {data.apiKeys.map((key) => (
+              <li
+                key={key.id}
+                className="flex items-center justify-between p-3 bg-mantle/50 rounded-md"
+              >
+                <div className="flex-1">
+                  <strong className="text-sm font-medium">{key.name}</strong>
+                </div>
+                <div className="flex items-center space-x-2">
+                  <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={async () => {
+                      const confirmation = await confirm({
+                        title: 'Regenerate API Key',
+                        description:
+                          'Are you sure you want to regenerate this API key? The old key will stop working.',
+                        confirmText: 'Regenerate',
+                        cancelText: 'Cancel',
+                      });
+                      if (!confirmation) return;
+
+                      trigger({ action: 'regenerate', name: key.name }).then(
+                        async (res: PostResponse) => {
+                          if (res.success) {
+                            await navigator.clipboard
+                              .writeText(res.apiKey || '')
+                              .then(() => {
+                                toast.success('API key copied to clipboard');
+                              })
+                              .catch(() => {
+                                alert(
+                                  'Failed to copy API key to clipboard, here it is: ' + res.apiKey
+                                );
+                              });
+                            mutate();
+                          } else {
+                            toast.error(res.error || 'Error regenerating API key');
+                          }
+                        }
+                      );
+                    }}
+                  >
+                    <RefreshCcw className="h-4 w-4" />
+                  </Button>
+                  <Button
+                    variant="destructive"
+                    size="sm"
+                    onClick={async () => {
+                      const confirmation = await confirm({
+                        title: 'Revoke API Key',
+                        description:
+                          'Are you sure you want to revoke this API key? This action cannot be undone.',
+                        confirmText: 'Revoke',
+                        cancelText: 'Cancel',
+                      });
+                      if (!confirmation) return;
+                      trigger({ action: 'revoke', name: key.name }).then(
+                        async (res: PostResponse) => {
+                          if (res.success) {
+                            await mutate();
+                          } else {
+                            toast.error(res.error || 'Error revoking API key');
+                          }
+                        }
+                      );
+                    }}
+                  >
+                    <Trash className="h-4 w-4" />
+                  </Button>
+                </div>
+              </li>
+            ))}
+          </ul>
+        )}
+      </CardContent>
+    </Card>
+  );
+}
+
+function ApiKeysSkeleton() {
+  return (
+    <>
+      <div className='flex'>
+        <Skeleton className='h-10 flex-1 mr-2' />
+        <Skeleton className='h-10 w-10' />
+      </div>
+      <div className='space-y-2 pt-4'>
+        {[1, 2, 3].map((i) => (
+          <div key={i} className='flex items-center justify-between p-3 bg-mantle/50 rounded-md'>
+            <div className='flex-1'>
+              <Skeleton className='h-4 w-1/2' />
+            </div>
+            <div className='flex items-center space-x-2'>
+              <Skeleton className='h-8 w-8' />
+              <Skeleton className='h-8 w-8' />
+            </div>
+          </div>
+        ))}
+      </div>
+    </>
+  )
+}
+
+async function createApiKey(url: string, { arg }: { arg: PostRequest }) {
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(arg),
+  });
+  return res.json();
+}
+
+interface GetResponse {
+  success: boolean;
+  apiKeys: Array<{ id: string; name: string; createdAt: string }>;
+}
+
+interface PostRequest {
+  action: 'revoke' | 'regenerate' | 'create';
+  name: string;
+}
+interface PostResponse {
+  success: boolean;
+  apiKey?: string;
+  id?: string;
+  error?: string;
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/gensettings.tsx

@@ -0,0 +1,62 @@
+'use client';
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from '@/components/ui/card';
+import { editBot } from '@/lib/form/actions';
+import { BotAccount } from '@hctv/db';
+import { useRouter } from 'next/navigation';
+
+export function GeneralSettings(props: BotAccount) {
+  const router = useRouter();
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>General Settings</CardTitle>
+        <CardDescription>Edit your bot settings!</CardDescription>
+      </CardHeader>
+      <CardContent>
+        <UniversalForm
+          fields={[
+            {
+              name: 'from',
+              type: 'hidden',
+              value: props.id,
+              required: true,
+            },
+            {
+              name: 'name',
+              type: 'text',
+              label: 'Bot Name',
+              placeholder: 'Enter bot name',
+              required: true,
+              value: props.displayName,
+            },
+            {
+              name: 'slug',
+              type: 'text',
+              label: 'Bot Slug',
+              placeholder: 'Enter bot slug',
+              required: true,
+              value: props.slug
+            },
+            {
+              name: 'description',
+              type: 'textarea',
+              label: 'Description',
+              placeholder: 'Enter bot description',
+              value: props.description,
+              textArea: true,
+            },
+          ]}
+          schemaName={'editBot'}
+          action={editBot}
+        />
+      </CardContent>
+    </Card>
+  )
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/page.tsx

@@ -0,0 +1,46 @@
+import { getBotBySlug } from '@/lib/db/resolve';
+import { validateRequest } from '@/lib/auth/validate';
+import { can } from '@/lib/auth/abac';
+import { redirect } from 'next/navigation';
+import Image from 'next/image';
+import { GeneralSettings } from '@/app/(ui)/(protected)/settings/bot/[slug]/gensettings';
+import { ApiKeys } from '@/app/(ui)/(protected)/settings/bot/[slug]/apikeys';
+import Link from 'next/link';
+import { ArrowLeft } from 'lucide-react';
+
+export default async function Page({ params }: { params: Promise<{ slug: string }> }) {
+  const { user } = await validateRequest();
+  const { slug } = await params;
+  const bot = await getBotBySlug(slug);
+
+  if (!user || !bot || !can(user, 'update', 'bot', { bot })) {
+    redirect('/settings/bot');
+  }
+
+  return (
+    <div className={'container mx-auto py-6 space-y-6'}>
+      <Link href={'/settings/bot'} className="text-sm text-muted-foreground hover:underline flex items-center gap-2">
+        <ArrowLeft className='size-4' /> Back to Bot Accounts
+      </Link>
+      <div className="flex items-center justify-between">
+        <div className={'flex items-center space-x-4'}>
+          <Image
+            src={bot.pfpUrl}
+            alt={'Bot Avatar'}
+            width={48}
+            height={48}
+            className="rounded-full"
+          />
+          <div className={'flex flex-col'}>
+            <h1 className="text-3xl font-bold tracking-tight">{bot.displayName}</h1>
+            <p className="text-muted-foreground">Manage your bot account settings</p>
+          </div>
+        </div>
+      </div>
+      <div className="flex w-full gap-4 flex-col md:flex-row *:w-1/2">
+        <GeneralSettings {...bot} />
+        <ApiKeys slug={slug} />
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/bot/create/page.tsx

@@ -0,0 +1,65 @@
+'use client';
+
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import { createBot } from '@/lib/form/actions';
+import { Bot } from 'lucide-react';
+import { useRouter } from 'next/navigation';
+
+export default function Page() {
+  const router = useRouter();
+
+  return (
+    <div className="min-h-screen bg-background">
+      <div className="flex h-full w-full flex-col items-center justify-center px-4 py-12">
+        <div className="mb-8 text-center">
+          <div className="mx-auto mb-4 flex h-16 w-16 items-center justify-center rounded-full bg-primary shadow-lg">
+            <Bot className="h-8 w-8 text-primary-foreground" />
+          </div>
+          <h1 className="mb-2 text-3xl font-bold text-foreground">Create Bot Account</h1>
+          <p className="text-muted-foreground max-w-xl">
+            Create an automated bot account to provide custom functionality for your community.
+          </p>
+        </div>
+
+        <div className="w-full max-w-md bg-card rounded-xl p-8 border border-border">
+          <UniversalForm
+            fields={[
+              {
+                name: 'name',
+                type: 'text',
+                label: 'Bot Name',
+                placeholder: 'Enter bot name',
+                required: true,
+              },
+              {
+                name: 'slug',
+                type: 'text',
+                label: 'Bot Slug',
+                placeholder: 'Enter bot slug',
+                required: true,
+              },
+              {
+                name: 'description',
+                type: 'textarea',
+                label: 'Description',
+                placeholder: 'Enter bot description',
+              },
+            ]}
+            schemaName={'createBot'}
+            action={createBot}
+            onActionComplete={(res) => {
+              router.push(`/settings/bot/${res.slug}`);
+            }}
+          />
+        </div>
+
+        {/*
+          <p className="mt-6 text-sm text-muted-foreground text-center max-w-md">
+            Your bot will be created with chat permissions. You can configure advanced settings and
+            permissions after creation.
+          </p>
+        */}
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/bot/page.tsx

@@ -0,0 +1,88 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
+import { Badge } from '@/components/ui/badge';
+import { Separator } from '@/components/ui/separator';
+import Link from 'next/link';
+import { Plus, Bot, Calendar, Hash } from 'lucide-react';
+import { redirect } from 'next/navigation';
+import Image from 'next/image';
+
+export default async function Page() {
+  const { user } = await validateRequest();
+  if (!user) {
+    redirect('/');
+  }
+
+  const bots = await prisma.user.findFirst({
+    where: { id: user.id },
+    select: {
+      botAccounts: true,
+    },
+  });
+
+  return (
+    <div className="container mx-auto py-6 space-y-6">
+      <div className="flex items-center justify-between">
+        <div>
+          <h1 className="text-3xl font-bold tracking-tight">Bot Accounts</h1>
+          <p className="text-muted-foreground">Manage your automated bot accounts</p>
+        </div>
+        <Link href="/settings/bot/create">
+          <Button>
+            <Plus className="mr-2 h-4 w-4" />
+            Create Bot
+          </Button>
+        </Link>
+      </div>
+
+      <Separator />
+
+      {bots?.botAccounts.length ? (
+        <div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3">
+          {bots.botAccounts.map((bot) => (
+            <Link href={`/settings/bot/${bot.slug}`} key={bot.id}>
+              <Card key={bot.id} className="hover:shadow-md transition-shadow">
+                <CardHeader className="pb-3">
+                  <div className="flex items-center space-x-2">
+                    <Image src={bot.pfpUrl} alt={'Bot Avatar'} width={32} height={32} className="rounded-full" />
+                    <CardTitle className="text-lg">{bot.displayName}</CardTitle>
+                  </div>
+                </CardHeader>
+                <CardContent className="space-y-3">
+                  <div className="flex items-center space-x-2 text-sm text-muted-foreground">
+                    <Hash className="h-4 w-4" />
+                    <span>{bot.slug}</span>
+                  </div>
+                  <div className="flex items-center space-x-2 text-sm text-muted-foreground">
+                    <Calendar className="h-4 w-4" />
+                    <span>{new Date(bot.createdAt).toLocaleDateString()}</span>
+                  </div>
+                </CardContent>
+              </Card>
+            </Link>
+          ))}
+        </div>
+      ) : (
+        <Card className="text-center py-8">
+          <CardContent className="space-y-4">
+            <Bot className="mx-auto h-12 w-12 text-muted-foreground" />
+            <div>
+              <CardTitle>No bot accounts yet</CardTitle>
+              <CardDescription className="mt-2">
+                Get started by creating your first bot account
+              </CardDescription>
+            </div>
+            <Link href="/settings/bot/create">
+              <Button>
+                <Plus className="mr-2 h-4 w-4" />
+                Create Your First Bot
+              </Button>
+            </Link>
+          </CardContent>
+        </Card>
+      )}
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/channel/[channelName]/page.tsx

@@ -0,0 +1,96 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { redirect } from 'next/navigation';
+import ChannelSettingsClient from './page.client';
+import { resolvePersonalChannel } from '@/lib/auth/resolve';
+import { can } from '@/lib/auth/abac';
+
+export default async function ChannelSettingsPage({
+  params,
+}: {
+  params: Promise<{ channelName: string }>;
+}) {
+  const { channelName } = await params;
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  const channel = await prisma.channel.findUnique({
+    where: { name: channelName },
+    include: {
+      owner: true,
+      managers: true,
+      chatModerators: true,
+      chatModeratorBots: true,
+      streamInfo: true,
+      streamKey: true,
+      chatSettings: true,
+      followers: {
+        include: {
+          user: {
+            select: {
+              id: true,
+              slack_id: true,
+            },
+          },
+        },
+      },
+      personalFor: true,
+    },
+  });
+
+  if (!channel) {
+    redirect('/');
+  }
+
+  const isOwner = channel.ownerId === user.id;
+
+  if (!can(user, 'update', 'channel', { channel })) {
+    redirect('/');
+  }
+
+  const ownerPersonalChannel = await resolvePersonalChannel(channel.ownerId);
+  const managerPersonalChannels = await Promise.all(
+    channel.managers.map((manager) => resolvePersonalChannel(manager.id))
+  );
+  const managerIds = new Set(channel.managers.map((manager) => manager.id));
+  const extraChatModerators = channel.chatModerators.filter(
+    (moderator) => moderator.id !== channel.ownerId && !managerIds.has(moderator.id)
+  );
+  const chatModeratorPersonalChannels = await Promise.all(
+    extraChatModerators.map((moderator) => resolvePersonalChannel(moderator.id))
+  );
+  const followerPersonalChannels = await Promise.all(
+    channel.followers.map((follower) => resolvePersonalChannel(follower.user.id))
+  );
+  const allBotAccounts = await prisma.botAccount.findMany({
+    select: {
+      id: true,
+      displayName: true,
+      slug: true,
+      pfpUrl: true,
+    },
+    orderBy: {
+      slug: 'asc',
+    },
+  });
+
+  return (
+    <ChannelSettingsClient
+      channel={{
+        ...channel,
+        chatModerators: extraChatModerators,
+        ownerPersonalChannel,
+        managerPersonalChannels,
+        chatModeratorPersonalChannels,
+        followerPersonalChannels,
+        allBotAccounts,
+      }}
+      isOwner={isOwner}
+      currentUser={user}
+      isPersonal={channel.personalFor !== null}
+    />
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/channel/create/page.tsx

@@ -0,0 +1,51 @@
+'use client'
+
+import { UniversalForm } from "@/components/app/UniversalForm/UniversalForm";
+import { createChannel } from "@/lib/form/actions";
+import { Hash } from "lucide-react";
+import { useRouter } from "next/navigation";
+
+function CreateChannelPage() {
+  const router = useRouter();
+
+  return (
+    <div className="min-h-screen bg-background">
+      <div className="flex h-full w-full flex-col items-center justify-center px-4 py-12">
+        <div className="mb-8 text-center">
+          <div className="mx-auto mb-4 flex h-16 w-16 items-center justify-center rounded-full bg-primary shadow-lg">
+            <Hash className="h-8 w-8 text-primary-foreground" />
+          </div>
+          <h1 className="mb-2 text-3xl font-bold text-foreground">
+            Create New Channel
+          </h1>
+          <p className="text-muted-foreground max-w-xl">
+            IRL hackathons, game streams, and more are allowed! Create another channel apart from your personal one to diversify your content.
+          </p>
+        </div>
+
+
+        <div className="w-full max-w-md bg-card rounded-xl shadow-xl p-8 border border-border">
+          <UniversalForm
+            fields={[
+              { label: "Channel Name", name: "name", type: "text", placeholder: "Enter channel name" },
+            ]}
+            schemaName="createChannel"
+            action={createChannel}
+            onActionComplete={(r) => {
+              const channelName = r.channel;
+              if (channelName) {
+                router.push(`/${channelName}`);
+              }
+            }}
+          />
+        </div>
+
+        <p className="mt-6 text-sm text-muted-foreground text-center max-w-md">
+          Your channel will be ready to go live immediately after creation. You can always customize settings later.
+        </p>
+      </div>
+    </div>
+  );
+}
+
+export default CreateChannelPage;

apps/web/src/app/(ui)/(protected)/settings/channel/page.tsx

@@ -0,0 +1,18 @@
+import { resolvePersonalChannel } from '@/lib/auth/resolve';
+import { loadSearchParams } from '@/lib/nuqs/channelSettings';
+import { redirect } from 'next/navigation';
+
+export default async function ChannelSettingsRedirector({
+  searchParams,
+}: {
+  searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
+}) {
+  const { tab } = await loadSearchParams(searchParams);
+  const personalChannel = await resolvePersonalChannel();
+  if (personalChannel) {
+    return redirect(`/settings/channel/${personalChannel.name}?tab=${tab}`);
+  }
+
+  // lil easter egg i doubt anyone will see
+  return <p>erm</p>;
+}

apps/web/src/app/(ui)/(public)/auth/hackclub/callback/route.ts

@@ -1,16 +1,16 @@
-import { slack, lucia } from '@hctv/auth';
+import { hackClub, lucia, HCID_TOKEN_URL, HCID_USER_INFO_URL } from '@hctv/auth';
 import { cookies as nextCookies } from 'next/headers';
-import { decodeIdToken, OAuth2RequestError } from 'arctic';
+import { OAuth2RequestError } from 'arctic';
 import { generateIdFromEntropySize } from 'lucia';
 import { prisma } from '@hctv/db';
-import { getRedisConnection } from '@/lib/services/redis';
+import { getRedisConnection } from '@hctv/db';
 
 export async function GET(request: Request): Promise<Response> {
   const cookies = await nextCookies();
   const url = new URL(request.url);
 	const code = url.searchParams.get("code");
 	const state = url.searchParams.get("state");
-	const storedState = cookies.get("slack_oauth_state")?.value ?? null;
+	const storedState = cookies.get("hackclub_oauth_state")?.value ?? null;
 	if (!code || !state || !storedState || state !== storedState) {
     console.log('invalid state stuff');
 		return new Response(null, {
@@ -19,22 +19,38 @@ export async function GET(request: Request): Promise<Response> {
 	}
 
   try {
-    const tokens = await slack.validateAuthorizationCode(code);
-    const accessToken = tokens.accessToken()
-    const slackUserResponse = await fetch('https://slack.com/api/openid.connect.userInfo', {
+    const tokens = await hackClub.validateAuthorizationCode(HCID_TOKEN_URL, code, null);
+    const accessToken = tokens.accessToken();
+    const userResponse = await fetch(HCID_USER_INFO_URL, {
       headers: {
         'Authorization': `Bearer ${accessToken}`,
       },
     });
-    const slackUser: SlackUserInfo = await slackUserResponse.json();
+    const userResult: HackClubUserResponse = await userResponse.json();
+    const identity = userResult.identity;
+
+    const slackId = identity.slack_id;
+    if (!slackId) {
+      return new Response("Please make sure to have a Slack account before continuing.", {
+        status: 400,
+      });
+    }
 
     const existingUser = await prisma.user.findFirst({
       where: {
-        slack_id: slackUser.sub,
+        slack_id: slackId,
       },
     });
 
     if (existingUser) {
+      // Update email if it's missing or changed
+      if (existingUser.email !== identity.primary_email) {
+        await prisma.user.update({
+          where: { id: existingUser.id },
+          data: { email: identity.primary_email },
+        });
+      }
+
       const session = await lucia.createSession(existingUser.id, {});
       const sessionCookie = lucia.createSessionCookie(session.id);
       await getRedisConnection().set(`sessions:${session.id}`, '');
@@ -52,8 +68,9 @@ export async function GET(request: Request): Promise<Response> {
     await prisma.user.create({
       data: {
         id: userId,
-        slack_id: slackUser.sub,
-        pfpUrl: slackUser.picture,
+        slack_id: slackId,
+        email: identity.primary_email,
+        pfpUrl: identity.slack_id ? `https://cachet.dunkirk.sh/users/${identity.slack_id}/r` : 'https://github.com/hackclub.png',
         hasOnboarded: false,
       },
     });
@@ -83,40 +100,15 @@ export async function GET(request: Request): Promise<Response> {
   }
 }
 
-interface SlackUserInfo {
-  // OpenID Connect standard fields
-  ok: boolean;
-  sub: string;
-  email: string;
-  email_verified: boolean;
-  date_email_verified: number;
-  name: string;
-  picture: string;
-  given_name: string;
-  family_name: string;
-  locale: string;
-
-  // Slack-specific fields
-  ['https://slack.com/user_id']: string;
-  ['https://slack.com/team_id']: string;
-  ['https://slack.com/team_name']: string;
-  ['https://slack.com/team_domain']: string;
-
-  // User image URLs
-  ['https://slack.com/user_image_24']: string;
-  ['https://slack.com/user_image_32']: string;
-  ['https://slack.com/user_image_48']: string;
-  ['https://slack.com/user_image_72']: string;
-  ['https://slack.com/user_image_192']: string;
-  ['https://slack.com/user_image_512']: string;
-
-  // Team image URLs
-  ['https://slack.com/team_image_34']?: string;
-  ['https://slack.com/team_image_44']?: string;
-  ['https://slack.com/team_image_68']?: string;
-  ['https://slack.com/team_image_88']?: string;
-  ['https://slack.com/team_image_102']?: string;
-  ['https://slack.com/team_image_132']?: string;
-  ['https://slack.com/team_image_230']?: string;
-  ['https://slack.com/team_image_default']?: boolean;
+interface HackClubIdentity {
+  id: string;
+  slack_id?: string;
+  first_name: string;
+  last_name: string;
+  primary_email: string;
 }
+
+interface HackClubUserResponse {
+  identity: HackClubIdentity;
+}
+

apps/web/src/app/(ui)/(public)/auth/hackclub/route.ts

@@ -1,12 +1,12 @@
 import { generateState } from "arctic";
-import { slack } from '@hctv/auth';
+import { hackClub, HCID_AUTH_URL } from '@hctv/auth';
 import { cookies } from "next/headers";
 
 export async function GET(): Promise<Response> {
 	const state = generateState();
-	const url = slack.createAuthorizationURL(state, ['openid', 'profile']);
+	const url = hackClub.createAuthorizationURL(HCID_AUTH_URL, state, ['slack_id', 'verification_status', 'email']);
 
-	(await cookies()).set("slack_oauth_state", state, {
+	(await cookies()).set("hackclub_oauth_state", state, {
 		path: "/",
 		secure: process.env.NODE_ENV === "production",
 		httpOnly: true,

apps/web/src/app/(ui)/(public)/onboarding/page.client.tsx

@@ -0,0 +1,132 @@
+'use client';
+
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import { Card, CardHeader, CardTitle, CardDescription, CardContent } from '@/components/ui/card';
+import { onboard } from '@/lib/form/actions';
+import { useSession } from '@/lib/providers/SessionProvider';
+import { Avatar, AvatarFallback, AvatarImage } from '@/components/ui/avatar';
+import { User, Tv, Heart, MessageSquare } from 'lucide-react';
+import Image from 'next/image';
+
+export default function OnboardingClient() {
+  const { user } = useSession();
+  
+  return (
+    <div className="min-h-[93vh] flex items-center justify-center p-4">
+      <div className="w-full max-w-2xl space-y-8">
+        {/* welcome header */}
+        <div className="text-center space-y-2">
+          <div className="flex justify-center">
+            <div className="relative">
+              <Avatar className="h-20 w-20 border-4 border-primary/20">
+                <AvatarImage src={user?.pfpUrl} alt={`@${user?.id}`} />
+                <AvatarFallback className="text-2xl font-bold">
+                  {user?.id?.charAt(0)?.toUpperCase()}
+                </AvatarFallback>
+              </Avatar>
+            </div>
+          </div>
+          <div className="space-y-2">
+            <h1 className="text-3xl font-bold tracking-tight">
+              Welcome to hackclub.tv!
+            </h1>
+            <p className="text-lg text-muted-foreground flex gap-2 justify-center">
+              Let&apos;s get you set up <Image src="https://emoji.slack-edge.com/T0266FRGM/blahaj-heart/db9adf8229e9a4fb.png" alt=":blahaj-heart:" width={24} height={24} />
+            </p>
+          </div>
+        </div>
+
+        {/* explanation */}
+        <Card className="border-2 border-primary/10 bg-primary/5">
+          <CardHeader className="pb-4">
+            <CardTitle className="flex items-center gap-2 text-xl">
+              <User className="h-5 w-5 text-primary" />
+              Why do you need a personal channel?
+            </CardTitle>
+          </CardHeader>
+          <CardContent className="space-y-4">
+            <div className="grid gap-4 md:grid-cols-3">
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <Tv className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Stream content</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Share your coding sessions and projects!
+                  </p>
+                </div>
+              </div>
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <MessageSquare className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Chat with others</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Connect with other Hack Clubbers and grow your audience
+                  </p>
+                </div>
+              </div>
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <Heart className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Follow hackclubbers</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Stay updated with your favorite creators and streams
+                  </p>
+                </div>
+              </div>
+            </div>
+            
+            <div className="mt-6 p-4 bg-secondary/50 rounded-lg border border-muted">
+              <p className="text-sm text-muted-foreground">
+                <strong>Your personal channel</strong> is your home base on hctv. 
+                It&apos;s where your profile, streams, and content will live. You can always create 
+                additional channels later for different types of content!
+              </p>
+            </div>
+          </CardContent>
+        </Card>
+
+        {/* form */}
+        <Card className="shadow-lg">
+          <CardHeader className="text-center">
+            <CardTitle className="text-xl">Choose Your Channel Username</CardTitle>
+            <CardDescription>
+              This will be your unique identifier on hctv. Choose something memorable!
+            </CardDescription>
+          </CardHeader>
+          <CardContent>
+            <UniversalForm
+              fields={[
+                { name: 'userId', label: 'User ID', type: 'hidden', value: user?.id },
+                { 
+                  name: 'username', 
+                  label: 'Channel Username', 
+                  type: 'text',
+                  placeholder: 'e.g., yourname or yourname-codes',
+                  maxChars: 20,
+                  inputFilter: /[^a-z0-9_-]/g,
+                },
+              ]}
+              schemaName="onboard"
+              action={onboard}
+              onActionComplete={() => {
+                window.location.href = '/';
+              }}
+            />
+            <div className="mt-4 p-3 bg-muted/30 rounded-md">
+              <p className="text-xs text-muted-foreground">
+                <strong>Username rules:</strong> Only lowercase letters (a-z), numbers (0-9), 
+                underscores (_), and dashes (-) are allowed. Up to 20 characters. Must be unique across the platform.
+              </p>
+            </div>
+          </CardContent>
+        </Card>
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(public)/onboarding/page.tsx

@@ -4,7 +4,10 @@ import OnboardingClient from "./page.client";
 
 export default async function Page() {
   const { user } = await validateRequest();
-  if (user!.hasOnboarded) {
+  if (!user) {
+    return redirect('/');
+  }
+  if (user.hasOnboarded) {
     return redirect('/');
   }
   return <OnboardingClient />;

apps/web/src/app/(ui)/(public)/page.tsx

@@ -0,0 +1,55 @@
+import LandingPage from '@/components/app/LandingPage/LandingPage';
+import StreamGrid from '@/components/app/StreamGrid/StreamGrid';
+import ConfusedDino from '@/components/ui/confuseddino';
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import Link from 'next/link';
+import { redirect } from 'next/navigation';
+
+export default async function Home() {
+  const { user } = await validateRequest();
+  if (user && !user?.hasOnboarded) {
+    redirect('/onboarding');
+  }
+
+  const [liveStreams, offlineStreams] = await Promise.all([
+    prisma.streamInfo.findMany({
+      where: { isLive: true },
+      include: { channel: true },
+    }),
+    prisma.streamInfo.findMany({
+      where: { isLive: false },
+      include: { channel: true },
+    }),
+  ]);
+
+  if (!user) {
+    return <LandingPage />;
+  }
+
+  if (!liveStreams.length && !offlineStreams.length) {
+    return (
+      <div className="flex min-h-[60vh] flex-col items-center justify-center gap-5 px-4 text-center">
+        <ConfusedDino className="h-28 w-28 opacity-80" />
+        <div className="space-y-1.5">
+          <h2 className="pb-0 text-2xl font-semibold tracking-tight">Nothing live right now</h2>
+          <p className="text-sm text-muted-foreground">
+            Nobody&apos;s streaming yet — why not be the first?
+          </p>
+        </div>
+        <Link
+          href="/settings/channel"
+          className="inline-flex h-9 items-center justify-center rounded-md bg-primary px-5 text-sm font-medium text-primary-foreground shadow transition-colors hover:bg-primary/90 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring"
+        >
+          Start streaming
+        </Link>
+      </div>
+    );
+  }
+
+  return (
+    <div className="p-3 md:p-6">
+      <StreamGrid liveStreams={liveStreams} offlineStreams={offlineStreams} />
+    </div>
+  );
+}

apps/web/src/app/(ui)/layout.tsx

@@ -0,0 +1,77 @@
+import type { Metadata } from 'next';
+import { Inter } from 'next/font/google';
+import { cookies } from 'next/headers';
+import '../globals.css';
+import Navbar from '@/components/app/NavBar/NavBar';
+import { SessionProvider } from '@/lib/providers/SessionProvider';
+import { validateRequest } from '@/lib/auth/validate';
+import { Toaster } from '@/components/ui/sonner';
+import { ThemeProvider } from '@/lib/providers/ThemeProvider';
+import { SidebarProvider } from '@/components/ui/sidebar';
+import Sidebar from '@/components/app/Sidebar/Sidebar';
+import { cn } from '@/lib/utils';
+import EditLivestream from '@/components/app/EditLivestream/EditLivestream';
+import { StreamInfoProvider } from '@/lib/providers/StreamInfoProvider';
+import { NextSSRPlugin } from "@uploadthing/react/next-ssr-plugin";
+import { extractRouterConfig } from 'uploadthing/server';
+import { ourFileRouter } from '@/lib/services/uploadthing/fileRouter';
+import { NuqsAdapter } from 'nuqs/adapters/next/app'
+import SonnerNewVersion from '@/components/app/SonnerNewVersion/SonnerNewVersion';
+import ConfirmDialogProvider from '@/lib/providers/ConfirmProvider';
+
+const inter = Inter({ subsets: ['latin'] });
+
+export const metadata: Metadata = {
+  title: 'hackclub.tv',
+  description: "Hack Club's livestreaming platform",
+};
+
+export default async function RootLayout({
+  children,
+}: Readonly<{
+  children: React.ReactNode;
+}>) {
+  const sessionData = await validateRequest();
+  const cookieStore = await cookies();
+  const defaultOpen = cookieStore.get('sidebar:state')?.value === 'true';
+
+  return (
+    <html lang="en">
+      <body className={cn('flex flex-col h-screen', inter.className)}>
+        <SessionProvider value={sessionData}>
+          <ThemeProvider
+            attribute="class"
+            defaultTheme="system"
+            enableSystem
+            disableTransitionOnChange
+          >
+            <SonnerNewVersion />
+            <NextSSRPlugin
+              routerConfig={extractRouterConfig(ourFileRouter)}
+            />
+            <ConfirmDialogProvider defaultOptions={{
+              cancelButton: {
+                variant: 'outline',
+              },
+            }}>
+              <NuqsAdapter>
+                <SidebarProvider defaultOpen={defaultOpen}>
+                  <StreamInfoProvider>
+                    {/* this promise is ugly but i'm lazy to fix the type errors */}
+                    <Navbar editLivestream={Promise.resolve(<EditLivestream />)} />
+                    <div className="flex flex-1 pt-16 min-h-0 min-w-0">
+                      {/* pt-16 for navbar height */}
+                      <Sidebar className="pt-16" />
+                      <main className="flex-1 min-w-0">{children}</main>
+                    </div>
+                    <Toaster />
+                  </StreamInfoProvider>
+                </SidebarProvider>
+              </NuqsAdapter>
+            </ConfirmDialogProvider>
+          </ThemeProvider>
+        </SessionProvider>
+      </body>
+    </html>
+  );
+}

apps/web/src/app/api/metrics/route.ts

@@ -0,0 +1,58 @@
+import { webMetricsRegistry } from '@/lib/metrics';
+import { NextRequest, NextResponse } from 'next/server';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+export async function GET(req: NextRequest) {
+  if (process.env.NODE_ENV === 'production' && !isAuthenticated(req)) {
+    return new NextResponse('Authentication required', {
+      status: 401,
+      headers: { 'WWW-Authenticate': 'Basic' },
+    });
+  }
+  return new Response(await webMetricsRegistry.metrics(), {
+    headers: {
+      'Content-Type': webMetricsRegistry.contentType,
+      'Cache-Control': 'no-store, no-cache, must-revalidate, proxy-revalidate',
+    },
+  });
+}
+
+// source: https://vancelucas.com/blog/how-to-add-http-basic-auth-to-next-js/
+function isAuthenticated(req: NextRequest) {
+  const authheader = req.headers.get('authorization') ?? req.headers.get('Authorization');
+
+  if (!authheader) {
+    return false;
+  }
+
+  const parts = authheader.split(' ');
+  if (parts.length !== 2) {
+    return false;
+  }
+
+  const scheme = parts[0];
+  const encoded = parts[1];
+
+  if (scheme !== 'Basic' || !encoded) {
+    return false;
+  }
+
+  let decoded: string;
+  try {
+    decoded = Buffer.from(encoded, 'base64').toString();
+  } catch {
+    return false;
+  }
+
+  const separatorIndex = decoded.indexOf(':');
+  if (separatorIndex === -1) {
+    return false;
+  }
+
+  const user = decoded.substring(0, separatorIndex);
+  const pass = decoded.substring(separatorIndex + 1);
+
+  return user === process.env.METRICS_USER && pass === process.env.METRICS_PASS;
+}

apps/web/src/app/global-error.tsx

@@ -0,0 +1,23 @@
+"use client";
+
+import * as Sentry from "@sentry/nextjs";
+import NextError from "next/error";
+import { useEffect } from "react";
+
+export default function GlobalError({ error }: { error: Error & { digest?: string } }) {
+  useEffect(() => {
+    Sentry.captureException(error);
+  }, [error]);
+
+  return (
+    <html>
+      <body>
+        {/* `NextError` is the default Next.js error page component. Its type
+        definition requires a `statusCode` prop. However, since the App Router
+        does not expose status codes for errors, we simply pass 0 to render a
+        generic error message. */}
+        <NextError statusCode={0} />
+      </body>
+    </html>
+  );
+}

apps/web/src/app/globals.css

@@ -4,111 +4,125 @@
 
 @layer base {
   :root {
-    --background: 220 23.077% 94.902%;
-    --foreground: 233.793 16.022% 35.49%;
+    /* Light theme - based on your color scheme */
 
-    --muted: 222.857 15.909% 82.745%;
-    --muted-foreground: 233.333 12.796% 41.373%;
+    /* Main background and foreground */
+    --background: 350 59% 98%; /* FDF7F8 - main background */
+    --foreground: 351 34% 30%; /* 5D3A3F - main text */
 
-    --popover: 220 23.077% 94.902%;
-    --popover-foreground: 233.793 16.022% 35.49%;
+    /* Muted elements */
+    --muted: 350 40% 93%; /* F8E8EA - muted background */
+    --muted-foreground: 350 30% 45%; /* Lighter version of main text */
 
-    --card: 220 23.077% 94.902%;
-    --card-foreground: 233.793 16.022% 35.49%;
+    /* Popover and card */
+    --popover: 0 0% 100%; /* FFFFFF - popover background */
+    --popover-foreground: 351 34% 30%; /* 5D3A3F - popover text */
+    --card: 0 0% 100%; /* FFFFFF - card background */
+    --card-foreground: 351 34% 30%; /* 5D3A3F - card text */
 
-    --border: 225 13.559% 76.863%;
-    --input: 225 13.559% 76.863%;
+    /* Border and input */
+    --border: 350 30% 85%; /* Derived border color */
+    --input: 350 30% 85%; /* Input background */
 
-    --primary: 219.907 91.489% 53.922%;
-    --primary-foreground: 220 23.077% 94.902%;
+    /* Primary actions */
+    --primary: 350 70% 50%; /* C8394F - primary button */
+    --primary-foreground: 0 0% 100%; /* FFFFFF - text on primary */
 
-    --secondary: 222.857 15.909% 82.745%;
-    --secondary-foreground: 233.793 16.022% 35.49%;
+    /* Secondary elements */
+    --secondary: 350 40% 93%; /* F8E8EA - secondary background */
+    --secondary-foreground: 351 34% 30%; /* 5D3A3F - text on secondary */
 
-    --accent: 222.857 15.909% 82.745%;
-    --accent-foreground: 233.793 16.022% 35.49%;
+    /* Accent elements */
+    --accent: 350 70% 40%; /* A12D3E - accent color */
+    --accent-foreground: 0 0% 100%; /* FFFFFF - text on accent */
 
-    --destructive: 347.077 86.667% 44.118%;
-    --destructive-foreground: 220 21.951% 91.961%;
+    /* Destructive actions */
+    --destructive: 350 70% 55%; /* D63C56 - error/destroy */
+    --destructive-foreground: 0 0% 100%; /* FFFFFF - text on destructive */
 
-    --ring: 233.793 16.022% 35.49%;
+    /* Focus ring */
+    --ring: 350 70% 50%; /* C8394F - focus ring */
 
-    --surface-1: 225 14% 77%;
-    --surface-2: 227 12% 71%;
+    /* Surface colors */
+    --surface-1: 350 40% 93%; /* F8E8EA - surface 1 */
+    --surface-2: 350 35% 88%; /* Derived surface 2 */
 
-    --mantle: 220 22% 92%;
+    /* Mantle */
+    --mantle: 350 59% 98%; /* FDF7F8 - mantle */
 
+    /* Radius */
     --radius: 0.5rem;
 
-    --sidebar-background: 0 0% 98%;
-
-    --sidebar-foreground: 240 5.3% 26.1%;
-
-    --sidebar-primary: 240 5.9% 10%;
-
-    --sidebar-primary-foreground: 0 0% 98%;
-
-    --sidebar-accent: 240 4.8% 95.9%;
-
-    --sidebar-accent-foreground: 240 5.9% 10%;
-
-    --sidebar-border: 220 13% 91%;
-
-    --sidebar-ring: 217.2 91.2% 59.8%;
+    /* Sidebar specific */
+    --sidebar-background: 350 59% 98%; /* FDF7F8 - sidebar bg */
+    --sidebar-foreground: 351 34% 30%; /* 5D3A3F - sidebar text */
+    --sidebar-primary: 350 70% 50%; /* C8394F - sidebar primary */
+    --sidebar-primary-foreground: 0 0% 100%; /* FFFFFF - text on sidebar primary */
+    --sidebar-accent: 350 40% 93%; /* F8E8EA - sidebar accent */
+    --sidebar-accent-foreground: 351 34% 30%; /* 5D3A3F - text on sidebar accent */
+    --sidebar-border: 350 30% 85%; /* Derived border */
+    --sidebar-ring: 350 70% 50%; /* C8394F - sidebar focus ring */
   }
 
   .dark {
-    --background: 240 21.053% 14.902%;
-    --foreground: 226.154 63.934% 88.039%;
+    /* Dark theme - based on your color scheme */
 
-    --muted: 240 12% 19%;
-    --muted-foreground: 240 12% 69%;
+    /* Main background and foreground */
+    --background: 350 20% 15%; /* 2A1F21 - main background */
+    --foreground: 350 30% 92%; /* F5E6E8 - main text */
 
-    --popover: 240 21.053% 14.902%;
-    --popover-foreground: 226.154 63.934% 88.039%;
+    /* Muted elements */
+    --muted: 350 20% 25%; /* 4A2D31 - muted background */
+    --muted-foreground: 350 30% 75%; /* Lighter version of main text */
 
-    --card: 240 21.053% 14.902%;
-    --card-foreground: 226.154 63.934% 88.039%;
+    /* Popover and card */
+    --popover: 350 20% 15%; /* 2A1F21 - popover background */
+    --popover-foreground: 350 30% 92%; /* F5E6E8 - popover text */
+    --card: 350 20% 15%; /* 2A1F21 - card background */
+    --card-foreground: 350 30% 92%; /* F5E6E8 - card text */
 
-    --border: 234.286 13.208% 31.176%;
-    --input: 234.286 13.208% 31.176%;
+    /* Border and input */
+    --border: 350 20% 35%; /* Derived border color */
+    --input: 350 20% 35%; /* Input background */
 
-    --primary: 267 84% 81%;
-    --primary-foreground: 267 84% 21%;
+    /* Primary actions */
+    --primary: 350 100% 75%; /* FF7A8A - primary button */
+    --primary-foreground: 350 20% 15%; /* 2A1F21 - text on primary */
 
-    --secondary: 236.842 16.239% 22.941%;
-    --secondary-foreground: 226.154 63.934% 88.039%;
+    /* Secondary elements */
+    --secondary: 350 20% 25%; /* 4A2D31 - secondary background */
+    --secondary-foreground: 350 30% 92%; /* F5E6E8 - text on secondary */
 
-    --accent: 236.842 16.239% 22.941%;
-    --accent-foreground: 226.154 63.934% 88.039%;
+    /* Accent elements */
+    --accent: 350 100% 80%; /* FF9AAA - accent color */
+    --accent-foreground: 350 20% 15%; /* 2A1F21 - text on accent */
 
-    --destructive: 343.269 81.25% 74.902%;
-    --destructive-foreground: 240 21.311% 11.961%;
+    /* Destructive actions */
+    --destructive: 350 100% 70%; /* FF6B7D - error/destroy */
+    --destructive-foreground: 350 20% 15%; /* 2A1F21 - text on destructive */
 
-    --ring: 226.154 63.934% 88.039%;
+    /* Focus ring */
+    --ring: 350 100% 75%; /* FF7A8A - focus ring */
 
-    --surface-1: 234 13% 31%;
-    --surface-2: 233 12% 39%;
+    /* Surface colors */
+    --surface-1: 350 20% 25%; /* 4A2D31 - surface 1 */
+    --surface-2: 350 20% 35%; /* Derived surface 2 */
 
-    --mantle: 240 21.311% 11.961%;
+    /* Mantle */
+    --mantle: 350 20% 12%; /* 1F1617 - mantle */
 
+    /* Radius */
     --radius: 0.5rem;
 
-    --sidebar-background: 240 21.311% 11.961%;     /* crust - matches mantle var */
-    
-    --sidebar-foreground: 226.154 63.934% 88.039%; /* matches main foreground */
-    
-    --sidebar-primary: 217.168 91.87% 75.882%;     /* matches primary */
-    
-    --sidebar-primary-foreground: 240 21.053% 14.902%; /* matches primary-foreground */
-    
-    --sidebar-accent: 236.842 16.239% 22.941%;     /* matches accent */
-    
-    --sidebar-accent-foreground: 226.154 63.934% 88.039%; /* matches accent-foreground */
-    
-    --sidebar-border: 234.286 13.208% 31.176%;     /* matches border */
-    
-    --sidebar-ring: 217.168 91.87% 75.882%;        /* matches primary */
+    /* Sidebar specific */
+    --sidebar-background: 350 20% 12%; /* 1F1617 - sidebar bg */
+    --sidebar-foreground: 350 30% 92%; /* F5E6E8 - sidebar text */
+    --sidebar-primary: 350 100% 75%; /* FF7A8A - sidebar primary */
+    --sidebar-primary-foreground: 350 20% 15%; /* 2A1F21 - text on sidebar primary */
+    --sidebar-accent: 350 20% 25%; /* 4A2D31 - sidebar accent */
+    --sidebar-accent-foreground: 350 30% 92%; /* F5E6E8 - text on sidebar accent */
+    --sidebar-border: 350 20% 35%; /* Derived border */
+    --sidebar-ring: 350 100% 75%; /* FF7A8A - sidebar focus ring */
   }
 }
 
@@ -119,14 +133,20 @@
   body {
     @apply bg-background text-foreground;
   }
+  
+  .scrollbar-hide::-webkit-scrollbar { display: none; }
+  .scrollbar-hide { -ms-overflow-style: none; scrollbar-width: none; }
 }
+
 h1 {
   @apply scroll-m-20 text-4xl font-extrabold tracking-tight lg:text-5xl;
 }
+
 h2 {
   @apply scroll-m-20 pb-2 text-3xl font-semibold tracking-tight first:mt-0;
 }
 
+/* Media controller styles remain unchanged */
 media-controller {
   --media-primary-color: #ffffff;
   --media-secondary-color: hsla(var(--background), 0.85);
@@ -158,7 +178,7 @@ media-time-range {
 }
 
 media-time-display {
-  --media-text-color: #ffffff; 
+  --media-text-color: #ffffff;
 }
 
 media-controller::part(centered-layer) {

apps/web/src/app/layout.tsx

@@ -1,55 +1,28 @@
-import type { Metadata } from 'next';
-import { Inter } from 'next/font/google';
+import { NuqsAdapter } from 'nuqs/adapters/next/app';
 import './globals.css';
-import Navbar from '@/components/app/NavBar/NavBar';
-import { SessionProvider } from '@/lib/providers/SessionProvider';
-import { validateRequest } from '@/lib/auth/validate';
-import { Toaster } from '@/components/ui/sonner';
-import { ThemeProvider } from '@/lib/providers/ThemeProvider';
-import { SidebarProvider } from '@/components/ui/sidebar';
-import Sidebar from '@/components/app/Sidebar/Sidebar';
-import { cn } from '@/lib/utils';
-import EditLivestream from '@/components/app/EditLivestream/EditLivestream';
-import { StreamInfoProvider } from '@/lib/providers/StreamInfoProvider';
 
-const inter = Inter({ subsets: ['latin'] });
+export default function Layout({ children }: { children: React.ReactNode }) {
+  const publicEnv = Object.keys(process.env).reduce((acc, key) => {
+    if (key.startsWith('NEXT_PUBLIC_')) {
+      acc[key] = process.env[key];
+    }
+    return acc;
+  }, {} as Record<string, string | undefined>);
 
-export const metadata: Metadata = {
-  title: 'hackclub.tv',
-  description: "Hack Club's livestreaming platform",
-};
-
-export default async function RootLayout({
-  children,
-}: Readonly<{
-  children: React.ReactNode;
-}>) {
-  const sessionData = await validateRequest();
   return (
     <html lang="en">
-      <body className={cn('flex flex-col h-screen', inter.className)}>
-        <SessionProvider value={sessionData}>
-          <ThemeProvider
-            attribute="class"
-            defaultTheme="system"
-            enableSystem
-            disableTransitionOnChange
-          >
-            <SidebarProvider>
-              <StreamInfoProvider>
-                {/* this promise is ugly but i'm lazy to fix the type errors */}
-                <Navbar editLivestream={Promise.resolve(<EditLivestream />)} />
-                <div className="flex flex-1 pt-16">
-                  {/* pt-16 for navbar height */}
-                  <Sidebar className="pt-16" />
-                  <main className="flex-1 overflow-auto">{children}</main>
-                </div>
-                <Toaster />
-              </StreamInfoProvider>
-            </SidebarProvider>
-          </ThemeProvider>
-        </SessionProvider>
-      </body>
+      <head>
+        <script
+          dangerouslySetInnerHTML={{
+            __html: `window.__ENV = ${JSON.stringify(publicEnv)}`,
+          }}
+        />
+      </head>
+      <NuqsAdapter>
+        <body>
+          <main>{children}</main>
+        </body>
+      </NuqsAdapter>
     </html>
   );
 }

apps/web/src/components/app/BotCombobox/BotCombobox.tsx

@@ -0,0 +1,103 @@
+'use client';
+
+import * as React from 'react';
+import { Check, ChevronsUpDown } from 'lucide-react';
+import type { BotAccount } from '@hctv/db';
+
+import { Avatar, AvatarFallback, AvatarImage } from '@/components/ui/avatar';
+import { Button } from '@/components/ui/button';
+import {
+  Command,
+  CommandEmpty,
+  CommandGroup,
+  CommandInput,
+  CommandItem,
+  CommandList,
+} from '@/components/ui/command';
+import { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover';
+import { cn } from '@/lib/utils';
+
+export function BotCombobox({ bots, filter, value, modal, onValueChange }: Props) {
+  const [open, setOpen] = React.useState(false);
+
+  const selectedBot = bots.find((bot) => bot.id === value);
+  const availableBots = bots.filter((bot) => !filter?.includes(bot.id));
+
+  return (
+    <Popover open={open} onOpenChange={setOpen} modal={modal}>
+      <PopoverTrigger asChild>
+        <Button
+          variant="outline"
+          role="combobox"
+          aria-expanded={open}
+          className="w-full justify-between"
+        >
+          {selectedBot ? (
+            <div className="flex items-center gap-2 overflow-hidden">
+              <Avatar className="h-8 w-8 shrink-0">
+                <AvatarImage
+                  src={selectedBot.pfpUrl}
+                  alt={selectedBot.displayName}
+                  loading="lazy"
+                  decoding="async"
+                />
+                <AvatarFallback>{selectedBot.displayName[0]?.toUpperCase()}</AvatarFallback>
+              </Avatar>
+              <span className="truncate">{selectedBot.displayName}</span>
+            </div>
+          ) : (
+            'Select bot...'
+          )}
+          <ChevronsUpDown className="opacity-50" />
+        </Button>
+      </PopoverTrigger>
+      <PopoverContent className="w-[var(--radix-popover-trigger-width)] p-0">
+        <Command>
+          <CommandInput placeholder="Search bot..." className="h-9" />
+          <CommandList>
+            <CommandEmpty>No bot found.</CommandEmpty>
+            <CommandGroup>
+              {availableBots.map((bot) => (
+                <CommandItem
+                  key={bot.id}
+                  value={bot.id}
+                  onSelect={(currentValue) => {
+                    onValueChange(currentValue === value ? '' : currentValue);
+                    setOpen(false);
+                  }}
+                >
+                  <Avatar className="h-8 w-8">
+                    <AvatarImage
+                      src={bot.pfpUrl}
+                      alt={bot.displayName}
+                      loading="lazy"
+                      decoding="async"
+                    />
+                    <AvatarFallback>{bot.displayName[0]?.toUpperCase()}</AvatarFallback>
+                  </Avatar>
+                  <div className="flex flex-col">
+                    <span>{bot.displayName}</span>
+                    <span className="text-xs text-mantle-foreground">@{bot.slug}</span>
+                  </div>
+                  <Check
+                    className={cn('ml-auto', value === bot.id ? 'opacity-100' : 'opacity-0')}
+                  />
+                </CommandItem>
+              ))}
+            </CommandGroup>
+          </CommandList>
+        </Command>
+      </PopoverContent>
+    </Popover>
+  );
+}
+
+type BotLookupAccount = Pick<BotAccount, 'id' | 'displayName' | 'slug' | 'pfpUrl'>;
+
+type Props = {
+  bots: BotLookupAccount[];
+  filter?: string[];
+  value: string;
+  modal?: boolean;
+  onValueChange: (value: string) => void;
+};

apps/web/src/components/app/ChannelSelect/ChannelSelect.tsx

@@ -0,0 +1,46 @@
+'use client'
+
+import type { Channel } from "@hctv/db";
+import * as React from 'react';
+import { Plus } from 'lucide-react';
+import {
+  Select,
+  SelectContent,
+  SelectItem,
+  SelectTrigger,
+  SelectValue,
+} from '@/components/ui/select';
+import { Avatar, AvatarImage, AvatarFallback } from '@/components/ui/avatar';
+
+export function ChannelSelect(props: Props) {
+  const { channelList } = props;
+  return (
+    <Select onValueChange={props.onSelect} value={props.value}>
+      <SelectTrigger className="w-[180px]">
+        <SelectValue placeholder="Channel" />
+      </SelectTrigger>
+      <SelectContent>
+        {channelList.map((channel) => (
+          <SelectItem key={channel.id} value={channel.name}>
+            <div className="flex items-center gap-3">
+              <Avatar className="h-8 w-8">
+                <AvatarImage src={channel.pfpUrl} alt={channel.name} />
+                <AvatarFallback>{channel.name[0]}</AvatarFallback>
+              </Avatar>
+              <div className="font-medium">{channel.name}</div>
+            </div>
+          </SelectItem>
+        ))}
+        <SelectItem key="create" value="create" icon={<Plus className="h-4 w-4" />} className='h-11'>
+          Create Channel
+        </SelectItem>
+      </SelectContent>
+    </Select>
+  );
+}
+
+interface Props {
+  channelList: Channel[];
+  value?: string;
+  onSelect: (value: string) => void;
+}

apps/web/src/components/app/ChatPanel/ChatPanel.tsx

@@ -2,22 +2,40 @@
 
 import { useState, useRef, useEffect } from 'react';
 import { Send } from 'lucide-react';
-import { Input } from '@/components/ui/input';
+import { Textarea } from '@/components/ui/textarea';
 import { Button } from '@/components/ui/button';
 import { useParams } from 'next/navigation';
+import { Message } from './message';
+import { useMap } from '@uidotdev/usehooks';
+import { EmojiSearch } from './EmojiSearch';
+import { useQueryState } from 'nuqs';
+import { toast } from 'sonner';
 
-export default function ChatPanel() {
+export default function ChatPanel(props: Props) {
   const { username } = useParams();
+  const channelName = (Array.isArray(username) ? username[0] : username) ?? '';
+  const [grant, setGrant] = useQueryState('grant');
   const [message, setMessage] = useState('');
   const [chatMessages, setChatMessages] = useState<ChatMessage[]>([]);
   const scrollRef = useRef<HTMLDivElement>(null);
   const socketRef = useRef<WebSocket | null>(null);
+  const emojiMap = useMap() as Map<string, string>;
+  const [emojisToReq, setEmojisToReq] = useState<string[]>([]);
+  const [cursorPosition, setCursorPosition] = useState(0);
+  const textareaRef = useRef<HTMLTextAreaElement | null>(null);
+  const [viewer, setViewer] = useState<{ id: string; username: string } | null>(null);
+  const [canModerate, setCanModerate] = useState(false);
+  const [chatAccess, setChatAccess] = useState<ChatAccessState>({
+    canSend: true,
+    restriction: null,
+  });
 
   useEffect(() => {
+    console.log('Initializing WebSocket connection for user:', username);
     const socket = new WebSocket(
       `ws${window.location.protocol === 'https:' ? 's' : ''}://${
         window.location.host
-      }/api/stream/chat/ws/${username}`
+      }/api/stream/chat/ws/${channelName}?grant=${grant}`
     );
     socketRef.current = socket;
 
@@ -28,10 +46,59 @@ export default function ChatPanel() {
     socket.onmessage = (event) => {
       try {
         const data = JSON.parse(event.data);
-        if (data.type === 'ping' || data.type === 'pong' || !data.user) return;
-        setChatMessages((prev) => [...prev, data]);
+        console.log('Received websocket message:', data);
+
+        if (data.type === 'history') {
+          const messages = data.messages as ChatMessage[];
+          setChatMessages((prev) => [
+            ...prev,
+            ...messages,
+            { message: 'Welcome to the chat!', type: 'systemMsg' },
+          ]);
+          return;
+        }
+
+        if (data.type === 'session') {
+          setViewer(data.viewer ?? null);
+          setCanModerate(Boolean(data.permissions?.canModerate));
+          return;
+        }
+
+        if (data.type === 'chatAccess') {
+          setChatAccess({
+            canSend: Boolean(data.canSend),
+            restriction: data.restriction ?? null,
+          });
+          return;
+        }
+
+        if (data.type === 'systemMsg') {
+          setChatMessages((prev) => [...prev, { message: data.message, type: 'systemMsg' }]);
+          return;
+        }
+
+        if (data.type === 'messageDeleted') {
+          setChatMessages((prev) => prev.filter((message) => message.msgId !== data.msgId));
+          return;
+        }
+
+        if (data.type === 'moderationError') {
+          toast.error(data.message || 'Message blocked by moderation rules.');
+          return;
+        }
+
+        if (data.type === 'message') {
+          console.log('Adding new chat message:', data);
+          setChatMessages((prev) => [...prev, data]);
+        }
+
+        if (!data.type && data.message && data.user) {
+          console.log('Adding legacy chat message format:', data);
+          setChatMessages((prev) => [...prev, { ...data, type: 'message' }]);
+        }
       } catch (e) {
-        console.log('Received message confirmation:', event.data);
+        console.error('Error processing message:', e);
+        console.log('Raw message data:', event.data);
       }
     };
 
@@ -42,7 +109,7 @@ export default function ChatPanel() {
     return () => {
       socket.close();
     };
-  }, []);
+  }, [channelName]);
 
   useEffect(() => {
     if (scrollRef.current) {
@@ -54,6 +121,14 @@ export default function ChatPanel() {
   }, [chatMessages]);
 
   const sendMessage = () => {
+    if (!chatAccess.canSend) {
+      toast.error(
+        chatAccess.restriction?.type === 'timeout'
+          ? 'You are currently timed out in this chat.'
+          : 'You are currently banned from this chat.'
+      );
+      return;
+    }
     if (!message.trim()) return;
 
     if (socketRef.current && socketRef.current.readyState === WebSocket.OPEN) {
@@ -63,7 +138,7 @@ export default function ChatPanel() {
       const socket = new WebSocket(
         `ws${window.location.protocol === 'https:' ? 's' : ''}://${
           window.location.host
-        }/api/stream/chat/ws/${username}`
+        }/api/stream/chat/ws/${channelName}?grant=${grant}`
       );
       socket.onopen = () => {
         socket.send(JSON.stringify({ type: 'message', message }));
@@ -72,6 +147,15 @@ export default function ChatPanel() {
     }
   };
 
+  const sendModerationCommand = (command: ChatModerationCommand) => {
+    if (!socketRef.current || socketRef.current.readyState !== WebSocket.OPEN) {
+      toast.error('Chat connection is offline.');
+      return;
+    }
+
+    socketRef.current.send(JSON.stringify(command));
+  };
+
   useEffect(() => {
     const interval = setInterval(() => {
       if (socketRef.current && socketRef.current.readyState === WebSocket.OPEN) {
@@ -81,54 +165,263 @@ export default function ChatPanel() {
     return () => clearInterval(interval);
   }, []);
 
+  // emoji message collector
+  useEffect(() => {
+    if (chatMessages.length === 0) return;
+
+    const emojiPattern = /:[\w\-+]+:/g;
+    const newEmojis = chatMessages
+      .filter((msg) => msg.type === 'message')
+      .flatMap((msg) => {
+        if (!msg.message) return [];
+        const message = String(msg.message);
+        const matches = [...message.matchAll(emojiPattern)].map((m) => m[0]);
+        return matches;
+      })
+      .filter((emoji) => {
+        const emojiName = emoji.replaceAll(':', '');
+        return !emojiMap.has(emojiName) && emojiName.length > 0;
+      });
+
+    if (newEmojis.length > 0) {
+      console.log(`Found ${newEmojis.length} new emojis to request: ${newEmojis.join(', ')}`);
+      setEmojisToReq((prev) => [...new Set([...prev, ...newEmojis])]);
+    }
+  }, [chatMessages, emojiMap]);
+
+  // emoji requester
+  useEffect(() => {
+    if (emojisToReq.length === 0) return;
+
+    console.log('Requesting emojis:', emojisToReq);
+
+    // Ensure websocket is connected
+    if (!socketRef.current || socketRef.current.readyState !== WebSocket.OPEN) {
+      const socket = new WebSocket(
+        `ws${window.location.protocol === 'https:' ? 's' : ''}://${
+          window.location.host
+        }/api/stream/chat/ws/${channelName}?grant=${grant}`
+      );
+
+      socket.onopen = () => {
+        socketRef.current = socket;
+        sendEmojiRequest();
+      };
+
+      return () => {
+        socket.close();
+      };
+    } else {
+      sendEmojiRequest();
+    }
+
+    function sendEmojiRequest() {
+      const handleEmojiResponse = (event: MessageEvent) => {
+        try {
+          const data = JSON.parse(event.data);
+
+          if (data.type === 'emojiMsgResponse') {
+            const emojis = data.emojis as Record<string, string>;
+
+            let validEmojiCount = 0;
+            Object.entries(emojis).forEach(([name, url]) => {
+              if (url) {
+                emojiMap.set(name, url);
+                validEmojiCount++;
+              } else {
+                console.log(`No URL found for emoji: ${name}`);
+              }
+            });
+
+            console.log(`added ${validEmojiCount} valid emojis to map.`);
+
+            if (validEmojiCount > 0) {
+              const sampleName = Object.entries(emojis).find(([_, url]) => url)?.[0];
+              if (sampleName) {
+              }
+            } else {
+              console.warn('No valid emoji URLs received');
+            }
+          }
+        } catch (e) {
+          console.error('error processing emoji response:', e);
+        }
+      };
+
+      socketRef.current?.addEventListener('message', handleEmojiResponse);
+
+      const emojiRequest = {
+        type: 'emojiMsg',
+        emojis: emojisToReq.map((e) => e.replaceAll(':', '')),
+      };
+
+      console.log('sending emoji request:', emojiRequest);
+      socketRef.current?.send(JSON.stringify(emojiRequest));
+
+      return () => {
+        socketRef.current?.removeEventListener('message', handleEmojiResponse);
+        setEmojisToReq([]);
+      };
+    }
+  }, [emojisToReq, emojiMap, channelName]);
+
+  const handleEmojiSelect = (emojiName: string) => {
+    if (!textareaRef.current) return;
+
+    const textarea = textareaRef.current;
+    const beforeCursor = message.substring(0, cursorPosition);
+    const afterCursor = message.substring(cursorPosition);
+
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+    if (!match) return;
+
+    const startPos = beforeCursor.lastIndexOf(match[0]);
+    const newBeforeCursor = beforeCursor.substring(0, startPos);
+
+    const newMessage = `${newBeforeCursor}:${emojiName}: ${afterCursor}`;
+    setMessage(newMessage);
+
+    // 3 for colons and space
+    const newCursorPos = newBeforeCursor.length + emojiName.length + 3;
+
+    setTimeout(() => {
+      textarea.focus();
+      textarea.selectionStart = newCursorPos;
+      textarea.selectionEnd = newCursorPos;
+      setCursorPosition(newCursorPos);
+    }, 0);
+  };
+
+  const isEmojiSearchOpen = () => {
+    const beforeCursor = message.substring(0, cursorPosition);
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+    return match !== null;
+  };
+
   return (
-    <div className="md:border flex flex-col w-full min-w-[350px] h-full bg-mantle">
-      <div ref={scrollRef} className="flex-1 p-4 overflow-y-auto flex flex-col">
-        <div className="space-y-4 flex-1">
+    <div
+      className={`${props.isObsPanel ? 'w-full text-white' : 'md:border-l border-border bg-mantle w-[350px] max-w-[350px]'} flex flex-col h-full`}
+    >
+      <div
+        ref={scrollRef}
+        className={`flex-1 px-4 py-2 ${props.isObsPanel ? 'scrollbar-hide' : 'scrollbar-thin scrollbar-thumb-border scrollbar-track-transparent'} overflow-y-auto overflow-x-hidden`}
+      >
+        <div className="space-y-1 min-h-full flex flex-col justify-end">
           {chatMessages.map((msg, i) => (
-            <div key={i} className="flex space-x-2">
-              <div className="flex items-center gap-2">
-                <div className="font-bold shrink-0">{msg.user.username}</div>
-              </div>
-              <div
-                lang="en"
-                className="max-w-[calc(100%-4rem)] break-all whitespace-pre-wrap hyphens-auto"
-              >
-                {msg.message}
-              </div>
-            </div>
+            <Message
+              key={i}
+              user={msg.user}
+              message={msg.message}
+              type={msg.type}
+              emojiMap={emojiMap}
+              msgId={msg.msgId}
+              canModerate={canModerate && Boolean(viewer?.id)}
+              viewerId={viewer?.id}
+              channelName={channelName}
+              onModerationCommand={sendModerationCommand}
+            />
           ))}
         </div>
       </div>
-      <div className="p-4 border-t">
-        <div className="flex space-x-2">
-          <Input
-            value={message}
-            onChange={(e) => setMessage(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter') {
-                sendMessage();
-              }
-            }}
-            placeholder="Type a message"
-            className="flex-1 bg-transparent focus-visible:ring-offset-0"
+      {!props.isObsPanel && (
+        <div className="p-3 border-t border-border relative">
+          {!chatAccess.canSend && (
+            <p className="mb-2 text-xs text-destructive">
+              {chatAccess.restriction?.type === 'timeout'
+                ? `Timed out${chatAccess.restriction.expiresAt ? ` until ${new Date(chatAccess.restriction.expiresAt).toLocaleTimeString()}` : ''}.`
+                : 'You are banned from sending messages in this chat.'}
+            </p>
+          )}
+          <div className="flex gap-2">
+            <Textarea
+              ref={textareaRef}
+              value={message}
+              onChange={(e) => {
+                setMessage(e.target.value);
+                setCursorPosition(e.target.selectionStart || 0);
+              }}
+              onKeyDown={(e) => {
+                if (e.key === 'Enter' && !e.shiftKey && !isEmojiSearchOpen()) {
+                  e.preventDefault();
+                  sendMessage();
+                }
+              }}
+              onKeyUp={(e) => {
+                setCursorPosition(e.currentTarget.selectionStart || 0);
+              }}
+              onClick={(e) => {
+                setCursorPosition(e.currentTarget.selectionStart || 0);
+              }}
+              placeholder="Send a message..."
+              className="flex-1 bg-background/50 border-border focus-visible:ring-1 focus-visible:ring-primary focus-visible:ring-offset-0 min-h-[40px] max-h-[100px] resize-none py-2 text-sm"
+              rows={1}
+              disabled={!chatAccess.canSend}
+            />
+            <Button
+              size="icon"
+              className="shrink-0 transition-colors"
+              onClick={sendMessage}
+              disabled={!message.trim() || !chatAccess.canSend}
+            >
+              <Send className="h-4 w-4" />
+            </Button>
+          </div>
+          <EmojiSearch
+            message={message}
+            cursorPosition={cursorPosition}
+            onSelect={handleEmojiSelect}
+            socket={socketRef.current}
+            emojiMap={emojiMap}
+            textareaRef={textareaRef}
           />
-          <Button size="icon" className="text-black transition-colors" onClick={sendMessage}>
-            <Send className="h-4 w-4" />
-          </Button>
         </div>
-      </div>
+      )}
     </div>
   );
 }
 
-interface User {
+export interface ChatMessage {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+  msgId?: string;
+}
+
+export interface ChatModerationCommand {
+  type:
+    | 'mod:deleteMessage'
+    | 'mod:timeoutUser'
+    | 'mod:banUser'
+    | 'mod:unbanUser'
+    | 'mod:liftTimeout';
+  msgId?: string;
+  targetUserId?: string;
+  targetUsername?: string;
+  durationSeconds?: number;
+  reason?: string;
+}
+
+interface ChatAccessState {
+  canSend: boolean;
+  restriction: ChatRestriction | null;
+}
+
+interface ChatRestriction {
+  type: 'timeout' | 'ban';
+  reason?: string;
+  expiresAt?: string | null;
+}
+
+export interface User {
   id: string;
   username: string;
   pfpUrl: string;
+  isBot: boolean;
+  displayName?: string;
+  isPlatformAdmin?: boolean;
+  channelRole?: 'owner' | 'manager' | 'chatModerator' | 'botModerator' | null;
 }
 
-interface ChatMessage {
-  user: User;
-  message: string;
+interface Props {
+  isObsPanel?: boolean;
 }

apps/web/src/components/app/ChatPanel/EmojiSearch.tsx

@@ -0,0 +1,180 @@
+// source: ai
+import { useEffect, useState, useRef } from 'react';
+import { Check } from 'lucide-react';
+import Image from 'next/image';
+
+interface EmojiSearchProps {
+  message: string;
+  cursorPosition: number;
+  onSelect: (emoji: string) => void;
+  socket: WebSocket | null;
+  emojiMap: Map<string, string>;
+  textareaRef: React.RefObject<HTMLTextAreaElement>;
+}
+
+export function EmojiSearch({
+  message,
+  cursorPosition,
+  onSelect,
+  socket,
+  emojiMap,
+  textareaRef,
+}: EmojiSearchProps) {
+  const [searchTerm, setSearchTerm] = useState<string | null>(null);
+  const [searchResults, setSearchResults] = useState<string[]>([]);
+  const [selectedIndex, setSelectedIndex] = useState(0);
+  const resultsRef = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    const beforeCursor = message.substring(0, cursorPosition);
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+
+    if (match) {
+      const term = match[0].substring(1);
+      setSearchTerm(term);
+
+      if (term.length > 0) {
+        const localResults = Array.from(emojiMap.keys())
+          .filter((name) => name.toLowerCase().includes(term.toLowerCase()))
+          .slice(0, 5);
+
+        if (localResults.length > 0) {
+          setSearchResults(localResults);
+        }
+
+        if (socket && socket.readyState === WebSocket.OPEN) {
+          socket.send(
+            JSON.stringify({
+              type: 'emojiSearch',
+              searchTerm: term,
+            })
+          );
+        }
+      } else {
+        setSearchResults([]);
+      }
+    } else {
+      setSearchTerm(null);
+      setSearchResults([]);
+    }
+  }, [message, cursorPosition, socket, emojiMap]);
+
+  useEffect(() => {
+    if (!socket) return;
+
+    const handleEmojiSearchResponse = (event: MessageEvent) => {
+      try {
+        const data = JSON.parse(event.data);
+
+        if (data.type === 'emojiSearchResponse') {
+          const serverResults = data.results || [];
+
+          const localResults = Array.from(emojiMap.keys())
+            .filter((name) => searchTerm && name.toLowerCase().includes(searchTerm.toLowerCase()))
+            .slice(0, 5);
+
+          const combinedResults = [...serverResults];
+
+          localResults.forEach((name) => {
+            if (!combinedResults.includes(name)) {
+              combinedResults.push(name);
+            }
+          });
+
+          setSearchResults(combinedResults.slice(0, 10));
+          setSelectedIndex(0);
+        }
+      } catch (e) {
+        console.error('error processing emoji search response:', e);
+      }
+    };
+
+    socket.addEventListener('message', handleEmojiSearchResponse);
+    return () => {
+      socket.removeEventListener('message', handleEmojiSearchResponse);
+    };
+  }, [socket, searchTerm, emojiMap]);
+
+  useEffect(() => {
+    if (!textareaRef.current) return;
+
+    const handleKeyDown = (e: KeyboardEvent) => {
+      if (!searchTerm || searchResults.length === 0) return;
+
+      switch (e.key) {
+        case 'ArrowDown':
+          e.preventDefault();
+          setSelectedIndex((prev) => (prev + 1) % searchResults.length);
+          break;
+        case 'ArrowUp':
+          e.preventDefault();
+          setSelectedIndex((prev) => (prev - 1 + searchResults.length) % searchResults.length);
+          break;
+        case 'Enter':
+          if (searchResults[selectedIndex]) {
+            e.preventDefault();
+            onSelect(searchResults[selectedIndex]);
+          }
+          break;
+        case 'Tab':
+          if (searchResults[selectedIndex]) {
+            e.preventDefault();
+            onSelect(searchResults[selectedIndex]);
+          }
+          break;
+        case 'Escape':
+          e.preventDefault();
+          setSearchTerm(null);
+          setSearchResults([]);
+          break;
+      }
+    };
+
+    const textarea = textareaRef.current;
+    textarea.addEventListener('keydown', handleKeyDown);
+
+    return () => {
+      textarea.removeEventListener('keydown', handleKeyDown);
+    };
+  }, [searchTerm, searchResults, selectedIndex, onSelect, textareaRef]);
+
+  useEffect(() => {
+    if (resultsRef.current) {
+      const selectedElement = resultsRef.current.children[selectedIndex] as HTMLElement;
+      if (selectedElement) {
+        selectedElement.scrollIntoView({ block: 'nearest' });
+      }
+    }
+  }, [selectedIndex]);
+
+  if (!searchTerm || searchResults.length === 0) {
+    return null;
+  }
+
+  return (
+    <div className="absolute bottom-full left-0 right-0 mb-2 mx-0 bg-mantle border border-border rounded-lg shadow-lg max-h-60 overflow-y-auto z-10">
+      <div ref={resultsRef} className="py-1">
+        {searchResults.map((emojiName, index) => {
+          const isSelected = index === selectedIndex;
+          const emojiUrl = emojiMap.get(emojiName);
+
+          return (
+            <div
+              key={emojiName}
+              className={`px-3 py-2 flex items-center gap-3 cursor-pointer transition-colors ${
+                isSelected ? 'bg-primary/10' : 'hover:bg-primary/5'
+              }`}
+              onClick={() => onSelect(emojiName)}
+            >
+              {emojiUrl && (
+                <Image src={emojiUrl} alt={emojiName} width={24} height={24} className="w-6 h-6" />
+              )}
+              <span className="flex-grow text-sm font-medium">{emojiName}</span>
+              {isSelected && <Check className="h-4 w-4 text-primary" />}
+            </div>
+          );
+        })}
+      </div>
+    </div>
+  );
+}

apps/web/src/components/app/ChatPanel/message.tsx

@@ -0,0 +1,384 @@
+'use client';
+
+import { ChatModerationCommand, User } from './ChatPanel';
+import { useState } from 'react';
+import Image from 'next/image';
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from '@/components/ui/tooltip';
+import {
+  Ban,
+  Bot,
+  Clock3,
+  Crown,
+  EllipsisVertical,
+  Eraser,
+  Flag,
+  Shield,
+  ShieldAlert,
+  ShieldCheck,
+  UserRoundCheck,
+  Wrench,
+} from 'lucide-react';
+import type { LucideIcon } from 'lucide-react';
+import { Button } from '@/components/ui/button';
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from '@/components/ui/dropdown-menu';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from '@/components/ui/dialog';
+import { Textarea } from '@/components/ui/textarea';
+import { toast } from 'sonner';
+import { cn } from '@/lib/utils';
+
+type ChannelRole = NonNullable<User['channelRole']>;
+
+const ROLE_META: Record<ChannelRole, { label: string; icon: LucideIcon; className: string }> = {
+  owner: { label: 'Owner', icon: Crown, className: 'text-amber-500' },
+  manager: { label: 'Manager', icon: Wrench, className: 'text-violet-500' },
+  chatModerator: { label: 'Chat Mod', icon: Shield, className: 'text-emerald-500' },
+  botModerator: { label: 'Bot Mod', icon: ShieldCheck, className: 'text-cyan-500' },
+};
+
+function TooltipIcon({
+  icon: Icon,
+  label,
+  className,
+}: {
+  icon: LucideIcon;
+  label: string;
+  className?: string;
+}) {
+  return (
+    <Tooltip delayDuration={200}>
+      <TooltipTrigger asChild>
+        <Icon className={cn('size-3.5 shrink-0', className)} />
+      </TooltipTrigger>
+      <TooltipContent side="top">{label}</TooltipContent>
+    </Tooltip>
+  );
+}
+
+function UsernameRow({ user, displayName }: { user?: User; displayName?: string }) {
+  const role = user?.channelRole ? ROLE_META[user.channelRole] : null;
+
+  return (
+    <TooltipProvider>
+      <span className="font-semibold text-primary shrink-0 flex items-center gap-1">
+        {user?.isBot && <TooltipIcon icon={Bot} label="Bot" className="text-muted-foreground" />}
+        {role && <TooltipIcon icon={role.icon} label={role.label} className={role.className} />}
+        {user?.isPlatformAdmin && (
+          <TooltipIcon icon={ShieldAlert} label="Platform Admin" className="text-destructive" />
+        )}
+        <span>{displayName}</span>
+        <span className="font-normal text-muted-foreground select-none">:</span>
+      </span>
+    </TooltipProvider>
+  );
+}
+
+function ReportDialog({
+  open,
+  onOpenChange,
+  displayName,
+  message,
+  reportReason,
+  onReasonChange,
+  onSubmit,
+  isSubmitting,
+}: {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  displayName?: string;
+  message: string;
+  reportReason: string;
+  onReasonChange: (value: string) => void;
+  onSubmit: () => void;
+  isSubmitting: boolean;
+}) {
+  return (
+    <Dialog open={open} onOpenChange={onOpenChange}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>Report message</DialogTitle>
+          <DialogDescription>
+            Message against Hack Club's Code of Conduct? Let us know!
+          </DialogDescription>
+        </DialogHeader>
+        <div className="space-y-3">
+          <div className="text-sm text-muted-foreground rounded-md border p-3 bg-muted/30">
+            <p className="font-medium text-foreground mb-1">Reported user</p>
+            <p>{displayName}</p>
+            <p className="mt-2">{message}</p>
+          </div>
+          <div>
+            <label className="text-sm font-medium">Reason</label>
+            <Textarea
+              value={reportReason}
+              onChange={(e) => onReasonChange(e.target.value)}
+              placeholder="Describe why this should be reviewed (harassment, hate speech, spam, threats, etc)."
+              rows={5}
+              className="mt-2"
+            />
+            <p className="text-xs text-muted-foreground mt-1">Minimum 10 characters.</p>
+          </div>
+        </div>
+        <DialogFooter>
+          <Button variant="outline" onClick={() => onOpenChange(false)} disabled={isSubmitting}>
+            Cancel
+          </Button>
+          <Button onClick={onSubmit} disabled={isSubmitting || reportReason.trim().length < 10}>
+            Submit report
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
+export function Message({
+  user,
+  message,
+  type,
+  emojiMap,
+  msgId,
+  canModerate,
+  viewerId,
+  channelName,
+  onModerationCommand,
+}: MessageProps) {
+  const [reportOpen, setReportOpen] = useState(false);
+  const [reportReason, setReportReason] = useState('');
+  const [isSubmittingReport, setIsSubmittingReport] = useState(false);
+  const displayName = user?.displayName || user?.username;
+
+  if (type === 'systemMsg') {
+    return (
+      <div className="flex items-center justify-center py-1">
+        <span className="text-xs text-muted-foreground italic">{message}</span>
+      </div>
+    );
+  }
+
+  const submitReport = async () => {
+    if (!user?.id || !viewerId || viewerId === user.id) return;
+
+    const reason = reportReason.trim();
+    if (reason.length < 10) {
+      toast.error('Please include at least 10 characters explaining the report.');
+      return;
+    }
+
+    setIsSubmittingReport(true);
+    try {
+      const res = await fetch('/api/stream/chat/report', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          channelName,
+          targetUserId: user.id,
+          targetUsername: displayName,
+          msgId,
+          message,
+          reason,
+        }),
+      });
+
+      if (!res.ok) {
+        toast.error((await res.text()) || 'Failed to submit report.');
+        return;
+      }
+
+      toast.success('Report submitted. Thanks for helping keep chat safe.');
+      setReportReason('');
+      setReportOpen(false);
+    } catch {
+      toast.error('Failed to submit report.');
+    } finally {
+      setIsSubmittingReport(false);
+    }
+  };
+
+  const handleReportOpenChange = (open: boolean) => {
+    setReportOpen(open);
+    if (!open) setReportReason('');
+  };
+
+  return (
+    <>
+      <div className="group hover:bg-primary/5 rounded px-2 py-1 -mx-2 transition-colors">
+        <div className="flex items-start gap-1.5">
+          <UsernameRow user={user} displayName={displayName} />
+          <span
+            lang="en"
+            className="text-foreground min-w-0 flex-1"
+            style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }}
+          >
+            <EmojiRenderer text={message} emojiMap={emojiMap} />
+          </span>
+          {type === 'message' && user?.id && (
+            <MessageActionsMenu
+              user={user}
+              msgId={msgId}
+              canModerate={canModerate}
+              viewerId={viewerId}
+              onModerationCommand={onModerationCommand}
+              onOpenReport={() => setReportOpen(true)}
+            />
+          )}
+        </div>
+      </div>
+      <ReportDialog
+        open={reportOpen}
+        onOpenChange={handleReportOpenChange}
+        displayName={displayName}
+        message={message}
+        reportReason={reportReason}
+        onReasonChange={setReportReason}
+        onSubmit={submitReport}
+        isSubmitting={isSubmittingReport}
+      />
+    </>
+  );
+}
+
+function MessageActionsMenu({
+  user,
+  msgId,
+  canModerate,
+  viewerId,
+  onModerationCommand,
+  onOpenReport,
+}: {
+  user: User;
+  msgId?: string;
+  canModerate?: boolean;
+  viewerId?: string;
+  onModerationCommand?: (command: ChatModerationCommand) => void;
+  onOpenReport: () => void;
+}) {
+  if (!viewerId || !user.id || user.id === viewerId) return null;
+
+  const displayName = user.displayName || user.username;
+  const canMod = Boolean(canModerate && onModerationCommand);
+
+  const runModeration = (command: ChatModerationCommand) => onModerationCommand?.(command);
+
+  const timeout = (durationSeconds: number) =>
+    runModeration({
+      type: 'mod:timeoutUser',
+      targetUserId: user.id,
+      targetUsername: displayName,
+      durationSeconds,
+      reason: 'Timed out by moderator',
+    });
+
+  return (
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>
+        <Button variant="ghost" size="icon" className="h-7 w-7 opacity-0 group-hover:opacity-100">
+          <EllipsisVertical className="h-4 w-4" />
+        </Button>
+      </DropdownMenuTrigger>
+      <DropdownMenuContent align="end" className="w-52">
+        <DropdownMenuItem onClick={onOpenReport}>
+          <Flag className="mr-2 h-4 w-4" />
+          Report user
+        </DropdownMenuItem>
+        {canMod && (
+          <>
+            <DropdownMenuItem
+              onClick={() => msgId && runModeration({ type: 'mod:deleteMessage', msgId })}
+            >
+              <Eraser className="mr-2 h-4 w-4" />
+              Delete message
+            </DropdownMenuItem>
+            <DropdownMenuItem onClick={() => timeout(300)}>
+              <Clock3 className="mr-2 h-4 w-4" />
+              Timeout 5 min
+            </DropdownMenuItem>
+            <DropdownMenuItem onClick={() => timeout(3600)}>
+              <Clock3 className="mr-2 h-4 w-4" />
+              Timeout 1 hour
+            </DropdownMenuItem>
+            <DropdownMenuItem
+              className="text-destructive"
+              onClick={() =>
+                runModeration({
+                  type: 'mod:banUser',
+                  targetUserId: user.id,
+                  targetUsername: displayName,
+                  reason: 'Banned by moderator',
+                })
+              }
+            >
+              <Ban className="mr-2 h-4 w-4" />
+              Ban user
+            </DropdownMenuItem>
+            <DropdownMenuItem
+              onClick={() =>
+                runModeration({
+                  type: 'mod:liftTimeout',
+                  targetUserId: user.id,
+                  targetUsername: displayName,
+                })
+              }
+            >
+              <UserRoundCheck className="mr-2 h-4 w-4" />
+              Lift timeout/ban
+            </DropdownMenuItem>
+          </>
+        )}
+      </DropdownMenuContent>
+    </DropdownMenu>
+  );
+}
+
+export function EmojiRenderer({ text, emojiMap }: { text: string; emojiMap: Map<string, string> }) {
+  if (!text) return null;
+
+  return (
+    <TooltipProvider>
+      <>
+        {text.split(/(:[\w\-+]+:)/g).map((part, i) => {
+          if (part.match(/^:[\w\-+]+:$/)) {
+            const name = part.replaceAll(':', '');
+            const url = emojiMap.get(name);
+            if (url) {
+              return (
+                <Tooltip key={i} delayDuration={250}>
+                  <TooltipTrigger asChild>
+                    <span className="inline-flex items-center align-middle mx-0.5">
+                      <Image src={url} alt={part} width={20} height={20} className="inline-block" />
+                    </span>
+                  </TooltipTrigger>
+                  <TooltipContent>{part}</TooltipContent>
+                </Tooltip>
+              );
+            }
+          }
+          return part ? <span key={i}>{part}</span> : null;
+        })}
+      </>
+    </TooltipProvider>
+  );
+}
+
+interface MessageProps {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+  emojiMap: Map<string, string>;
+  msgId?: string;
+  canModerate?: boolean;
+  viewerId?: string;
+  channelName: string;
+  onModerationCommand?: (command: ChatModerationCommand) => void;
+}

apps/web/src/components/app/EditLivestream/EditLivestream.tsx

@@ -1,17 +1,16 @@
 import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import EditLivestreamDialog from './dialog';
+import { Button } from '@/components/ui/button';
+import Link from 'next/link';
 
 export default async function EditLivestream() {
   const { user } = await validateRequest();
   if (!user?.hasOnboarded) {
     return null;
   }
-  const ownedChannels = await prisma.channel.findMany({
-    where: {
-      OR: [{ ownerId: user.id }, { managers: { some: { id: user.id } } }],
-    },
-  });
 
-  return <EditLivestreamDialog ownedChannels={ownedChannels} />;
+  return (
+    <Link href={`/settings/channel?tab=stream`}>
+      <Button variant="outline">Edit Livestream</Button>
+    </Link>
+  );
 }

apps/web/src/components/app/EditLivestream/dialog.tsx

@@ -1,184 +0,0 @@
-'use client';
-import { Button } from '@/components/ui/button';
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from '@/components/ui/dialog';
-import { StreamInfo } from '@hctv/db';
-import { UniversalForm } from '../UniversalForm/UniversalForm';
-import { editStreamInfo } from '@/lib/form/actions';
-import RegenerateKey from '../RegenerateKey/RegenerateKey';
-import * as React from 'react';
-import { Check, ChevronsUpDown } from 'lucide-react';
-import { cn } from '@/lib/utils';
-import {
-  Command,
-  CommandEmpty,
-  CommandGroup,
-  CommandInput,
-  CommandItem,
-  CommandList,
-} from '@/components/ui/command';
-import { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover';
-import {
-  Select,
-  SelectContent,
-  SelectItem,
-  SelectTrigger,
-  SelectValue,
-} from '@/components/ui/select';
-import type { Channel } from '@hctv/db';
-import { Avatar, AvatarImage, AvatarFallback } from '@/components/ui/avatar';
-import useSWR, { Fetcher } from 'swr';
-import { fetcher } from '@/lib/services/swr';
-import { Skeleton } from '@/components/ui/skeleton';
-import Link from 'next/link';
-
-export default function EditLivestreamDialog(props: Props) {
-  const [selectedChannel, setSelectedChannel] = React.useState('');
-  const [streamInfo, setStreamInfo] = React.useState<StreamInfo>();
-
-  const { data, error } = useSWR(
-    selectedChannel ? '/api/stream/info?owned=true' : null,
-    fetcher as Fetcher<StreamInfo[]>
-  );
-
-  React.useEffect(() => {
-    if (error) {
-      console.error(error);
-    }
-  }, [error]);
-
-  React.useEffect(() => {
-    if (data && selectedChannel) {
-      const stream = data.find((stream) => stream.username === selectedChannel);
-      setStreamInfo(stream);
-    }
-  }, [data, selectedChannel]);
-
-  React.useEffect(() => {
-    if (props.ownedChannels.length > 0 && !selectedChannel) {
-      setSelectedChannel(props.ownedChannels[0].name);
-    }
-  }, [props.ownedChannels, selectedChannel]);
-
-  return (
-    <Dialog
-      onOpenChange={(op) => {
-        if (op) {
-          setSelectedChannel('');
-          setStreamInfo(undefined);
-        }
-      }}
-    >
-      <DialogTrigger asChild>
-        <Button variant="outline">Edit Livestream</Button>
-      </DialogTrigger>
-      <DialogContent>
-        <DialogHeader>
-          <DialogTitle>Edit livestream</DialogTitle>
-          <DialogDescription>Regenerate a key or edit your stream metadata</DialogDescription>
-        </DialogHeader>
-        <Link
-          href="https://gist.github.com/SrIzan10/ebd89ced6b21b016d4d389e6711a94e9"
-          target="_blank"
-        >
-          HOW TO STREAM (github gist link)
-        </Link>
-        <ChannelSelect
-          channelList={props.ownedChannels}
-          onSelect={setSelectedChannel}
-          value={selectedChannel}
-        />
-        {streamInfo && data ? (
-          <Form username={selectedChannel} streamInfo={streamInfo} />
-        ) : (
-          <FormSkeleton />
-        )}
-      </DialogContent>
-    </Dialog>
-  );
-}
-
-function Form(props: FormProps) {
-  return (
-      <UniversalForm
-        fields={[
-          { name: 'username', label: 'Username', value: props.username, type: 'hidden' },
-          { name: 'title', label: 'Title', type: 'text', value: props.streamInfo?.title },
-          { name: 'category', label: 'Category', type: 'text', value: props.streamInfo?.category },
-          { name: 'enableNotifications', label: 'Enable livestream notifications', type: 'hidden', value: props.streamInfo?.enableNotifications },
-        ]}
-        schemaName="streamInfoEdit"
-        action={editStreamInfo}
-        submitButtonDivClassname="float-right"
-        submitText="Save"
-        otherSubmitButton={<RegenerateKey channel={props.username} />}
-        key={props.streamInfo?.id}
-      />
-  )
-}
-function FormSkeleton() {
-  return (
-    <div className="space-y-4">
-      {/* Title field */}
-      <div className="space-y-2">
-        <Skeleton className="h-4 w-12" /> {/* Label */}
-        <Skeleton className="h-10 w-full" /> {/* Input */}
-      </div>
-
-      {/* Category field */}
-      <div className="space-y-2">
-        <Skeleton className="h-4 w-16" /> {/* Label */}
-        <Skeleton className="h-10 w-full" /> {/* Input */}
-      </div>
-
-      {/* Buttons */}
-      <div className="float-right flex gap-2 py-2">
-        <Skeleton className="h-10 w-32" /> {/* RegenerateKey button */}
-        <Skeleton className="h-10 w-24" /> {/* Save button */}
-      </div>
-    </div>
-  );
-}
-
-export function ChannelSelect(props: SelectProps) {
-  const { channelList } = props;
-  return (
-    <Select onValueChange={props.onSelect} value={props.value}>
-      <SelectTrigger className="w-[180px]">
-        <SelectValue placeholder="Channel" />
-      </SelectTrigger>
-      <SelectContent>
-        {channelList.map((channel) => (
-          <SelectItem key={channel.id} value={channel.name}>
-            <div className="flex items-center gap-3">
-              <Avatar className="h-8 w-8">
-                <AvatarImage src={channel.pfpUrl} alt={channel.name} />
-                <AvatarFallback>{channel.name[0]}</AvatarFallback>
-              </Avatar>
-              <div className="font-medium">{channel.name}</div>
-            </div>
-          </SelectItem>
-        ))}
-      </SelectContent>
-    </Select>
-  );
-}
-
-interface Props {
-  ownedChannels: Channel[];
-}
-interface FormProps {
-  username: string;
-  streamInfo: StreamInfo;
-}
-interface SelectProps {
-  channelList: Channel[];
-  value?: string;
-  onSelect: (value: string) => void;
-}

apps/web/src/components/app/LandingPage/LandingPage.tsx

@@ -1,80 +1,42 @@
 import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import { Badge } from "@/components/ui/badge";
+import { Play, Users, MessageCircle, Code, Zap, Heart } from "lucide-react";
 import Link from "next/link";
 
 export default function LandingPage() {
   return (
     <>
       <main className="flex-1">
-          <section className="w-full py-12 md:py-24 lg:py-32 xl:py-48">
-            <div className="container px-4 md:px-6">
-              <div className="flex flex-col items-center space-y-4 text-center">
-                <div className="flex items-center rounded-lg px-3 py-1 text-sm bg-mantle text-red-500">
-                    THIS IS A PLACEHOLDER WITH NO &quot;HACK CLUB&quot; VIBE, I&apos;M REALLY BAD AT LANDING PAGES SORRY
-                </div>
-                <div className="space-y-2">
-                  <h1 className="text-3xl font-bold tracking-tighter sm:text-4xl md:text-5xl lg:text-6xl/none">
-                    This is hackclub.tv
-                  </h1>
-                  <p className="mx-auto max-w-[700px] text-gray-500 md:text-xl dark:text-gray-400">
-                    The streaming service made by and for Hack Clubbers. Share your coding sessions, workshops, and hackathon moments live!
-                  </p>
-                </div>
-                <div className="space-x-4">
-                  <Link href="/login">
-                    <Button>Start Streaming Now!</Button>
-                  </Link>
-                </div>
+        <section className="relative w-full py-20 md:py-32 lg:py-40 xl:py-48 overflow-hidden">
+          <div className="absolute inset-0"></div>
+          <div className="container px-4 md:px-6 relative">
+            <div className="flex flex-col items-center space-y-8 text-center">              
+              <div className="space-y-6">
+                <h1 className="text-4xl font-bold tracking-tight sm:text-5xl md:text-6xl lg:text-7xl text-primary">
+                  hackclub.tv
+                </h1>
+                <p className="mx-auto max-w-[600px] text-lg text-muted-foreground md:text-xl">
+                  The streaming website for Hack Clubbers, by Hack Clubbers.
+                </p>
+              </div>
+              
+              <div className="flex flex-col sm:flex-row">
+                <Link href="/login" className="space-x-4">
+                  <Button size="lg" className="px-8 py-3 text-lg font-semibold">
+                    <Play className="w-5 h-5 mr-2" />
+                    Start Streaming
+                  </Button>
+                <Button variant="outline" size="lg" className="px-8 py-3 text-lg font-semibold">
+                  <Users className="w-5 h-5 mr-2" />
+                  Watch Streams
+                </Button>
+                </Link>
               </div>
             </div>
-          </section>
-          <section className="w-full py-12 md:py-24 lg:py-32 bg-mantle" id="features">
-            <div className="container px-4 md:px-6">
-              <div className="flex flex-col items-center justify-center space-y-4 text-center">
-                <div className="space-y-2">
-                  <div className="inline-block rounded-lg bg-gray-100 px-3 py-1 text-sm dark:bg-gray-800">
-                    Platform Features
-                  </div>
-                  <h2 className="text-3xl font-bold tracking-tighter sm:text-5xl">
-                    Built for Hack Clubbers, by Hack Clubbers
-                  </h2>
-                  <p className="max-w-[900px] text-gray-500 md:text-xl/relaxed lg:text-base/relaxed xl:text-xl/relaxed dark:text-gray-400">
-                    Everything you need to have a closer relationship with the Hack Club community!
-                  </p>
-                </div>
-              </div>
-              <div className="mx-auto max-w-5xl items-center gap-6 py-12 lg:grid-cols-2 lg:gap-12">
-                <div className="flex flex-col justify-center items-center text-center space-y-4">
-                  <ul className="grid gap-6">
-                    <li>
-                      <div className="grid gap-1">
-                        <h3 className="text-xl font-bold">Live Streaming</h3>
-                        <p className="text-gray-500 dark:text-gray-400">
-                          Stream your coding sessions with low-latency and high quality
-                        </p>
-                      </div>
-                    </li>
-                    <li>
-                      <div className="grid gap-1">
-                        <h3 className="text-xl font-bold">Chat Integration</h3>
-                        <p className="text-gray-500 dark:text-gray-400">
-                          Interact with viewers in real-time through the built-in chat system
-                        </p>
-                      </div>
-                    </li>
-                    <li>
-                      <div className="grid gap-1">
-                          <h3 className="text-xl font-bold">Community Features</h3>
-                          <p className="text-gray-500 dark:text-gray-400">
-                            Follow other streamers and build your network of Hack Club friends!
-                          </p>
-                      </div>
-                    </li>
-                  </ul>
-                </div>
-              </div>
-            </div>
-          </section>
-        </main>
-      </>
+          </div>
+        </section>
+      </main>
+    </>
   );
 }

apps/web/src/components/app/Livestream/Livestream.tsx

@@ -1,28 +1,77 @@
 'use client';
 
+import { useEffect, useState } from 'react';
+import { format } from 'date-fns';
 import StreamPlayer from '../StreamPlayer/StreamPlayer';
 import UserInfoCard from '../UserInfoCard/UserInfoCard';
 import ChatPanel from '../ChatPanel/ChatPanel';
-import type { StreamInfo, User } from '@hctv/db';
+import { Button } from '@/components/ui/button';
+import type { StreamInfo, Channel } from '@hctv/db';
 import { useIsMobile } from '@/lib/hooks/useMobile';
+import { useAllChannels } from '@/lib/hooks/useUserList';
+import { RefreshCw } from 'lucide-react';
 
 export default function LiveStream(props: Props) {
   const isMobile = useIsMobile();
-  
+  const { channels, refresh } = useAllChannels(5000);
+  const [isRestricted, setIsRestricted] = useState(false);
+  const [restrictionExpiresAt, setRestrictionExpiresAt] = useState<string | null>(null);
+  const [isRefreshing, setIsRefreshing] = useState(false);
+
+  useEffect(() => {
+    const currentStream = channels.find((s) => s.username === props.username);
+    if (currentStream?.channel?.isRestricted) {
+      setIsRestricted(true);
+      setRestrictionExpiresAt(currentStream.channel.restrictionExpiresAt || null);
+    } else if (isRestricted && currentStream && !currentStream.channel?.isRestricted) {
+      setIsRestricted(false);
+      setRestrictionExpiresAt(null);
+    }
+  }, [channels, props.username, isRestricted]);
+
+  const handleRefresh = async () => {
+    setIsRefreshing(true);
+    try {
+      await refresh();
+    } finally {
+      setIsRefreshing(false);
+    }
+  };
+
+  if (isRestricted) {
+    return (
+      <div className="flex flex-col items-center justify-center h-[calc(100vh-64px)] p-4">
+        <h1 className="text-2xl font-bold text-destructive mb-2">Channel Restricted</h1>
+        <p className="text-muted-foreground text-center max-w-md mb-4">
+          This channel has been restricted by a moderator and is no longer available for viewing.
+        </p>
+        {restrictionExpiresAt && (
+          <p className="text-sm text-muted-foreground mb-4">
+            Restriction lifts: {format(new Date(restrictionExpiresAt), 'PPP p')}
+          </p>
+        )}
+        <Button variant="outline" onClick={handleRefresh} disabled={isRefreshing}>
+          <RefreshCw className={`h-4 w-4 mr-2 ${isRefreshing ? 'animate-spin' : ''}`} />
+          {isRefreshing ? 'Checking...' : 'Check again'}
+        </Button>
+      </div>
+    );
+  }
+
   return (
     <div className={`${isMobile ? 'flex flex-col' : 'flex'} h-[calc(100vh-64px)] w-full`}>
-      <div className="flex-1 flex flex-col">
+      <div className="flex-1 flex flex-col min-w-0 overflow-hidden">
         <StreamPlayer />
         {isMobile && (
-          <div className="h-[300px]">
+          <div className="flex-1 min-h-[250px] max-h-[400px] border-t border-border">
             <ChatPanel />
           </div>
         )}
         <UserInfoCard streamInfo={props.streamInfo} />
       </div>
-      
+
       {!isMobile && (
-        <div>
+        <div className="h-full shrink-0">
           <ChatPanel />
         </div>
       )}
@@ -32,5 +81,5 @@ export default function LiveStream(props: Props) {
 
 interface Props {
   username: string;
-  streamInfo: StreamInfo & { ownedBy: User };
-}
+  streamInfo: StreamInfo & { channel: Channel };
+}

apps/web/src/components/app/MobileNavbarLinks/MobileNavbarLinks.tsx

@@ -1,35 +0,0 @@
-import { Button } from "@/components/ui/button";
-import {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuLabel,
-  DropdownMenuSeparator,
-  DropdownMenuGroup,
-  DropdownMenuItem,
-} from "@/components/ui/dropdown-menu";
-import Link from "next/link";
-import { links } from "../NavBar/NavBar";
-
-export default function MobileNavbarLinks() {
-  return (
-    <div className="flex md:hidden">
-        <DropdownMenu>
-        <DropdownMenuTrigger asChild>
-            <Button>Menu</Button>
-        </DropdownMenuTrigger>
-        <DropdownMenuContent className="w-56">
-            <DropdownMenuLabel>stack</DropdownMenuLabel>
-            <DropdownMenuSeparator />
-            <DropdownMenuGroup>
-                {links.map((link) => (
-                    <Link key={link.href} href={link.href}>
-                        <DropdownMenuItem>{link.name}</DropdownMenuItem>
-                    </Link>
-                ))}
-            </DropdownMenuGroup>
-        </DropdownMenuContent>
-        </DropdownMenu>
-    </div>
-  );
-}