feat(sdk): moderation features

Ensure pnpm manifests in Docker builds

.github/workflows/docker.yml

@@ -10,6 +10,12 @@ jobs:
     name: Push frontend to Docker Hub
     runs-on: ubuntu-latest
     steps:
+      - name: Wait 
+        uses: NathanFirmo/wait-for-other-action@v1.0.4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          workflow: 'emojis.yml'
+
       - name: Check out the repo
         uses: actions/checkout@v3
 
@@ -29,6 +35,21 @@ jobs:
           images: srizan10/hclive
           tags: latest
 
+      - name: Download latest emoji importer
+        run: |
+          RELEASE_URL=$(curl -s https://api.github.com/repos/srizan10/hctv/releases/latest | \
+            grep "browser_download_url.*slack-import-emojis-linux-x86_64" | \
+            cut -d '"' -f 4)
+          
+          curl -L -o slack-import-emojis-bin $RELEASE_URL
+          chmod +x slack-import-emojis-bin
+          
+          mkdir -p apps/web/src/lib/instrumentation/
+          
+          ./slack-import-emojis-bin default
+
+          cp emojis.json apps/web/
+
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -41,41 +62,7 @@ jobs:
           secrets: |
             TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
             TURBO_TEAM=${{ secrets.TURBO_TEAM }}
-  db:
-    name: Push db to Docker Hub
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out the repo
-        uses: actions/checkout@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-        with:
-          images: srizan10/hclive-db
-          tags: latest
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./packages/db/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64
-          secrets: |
-            TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
-            TURBO_TEAM=${{ secrets.TURBO_TEAM }}
+            SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
   chat:
     name: Push chat module to Docker Hub
     runs-on: ubuntu-latest
@@ -112,14 +99,10 @@ jobs:
             TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
             TURBO_TEAM=${{ secrets.TURBO_TEAM }}
   deploy:
-    name: Deploy to server
+    name: Deploy to Coolify
     runs-on: ubuntu-latest
-    needs: [frontend, db, chat]
+    needs: [frontend, chat]
     steps:
-      - name: Emit a webhook to the server
-        env:
-          AUTH_HEADER: ${{ secrets.WHSERVER_TOKEN }}
+      - name: Send coolify redeploy webhook
         run: |
-          curl -X POST \
-            -H "Authorization: $AUTH_HEADER" \
-            https://webhooks.srizan.dev/hooks/hctv
+          curl -X POST -H "Authorization: Bearer ${{ secrets.COOLIFY_API_KEY }}" https://coolify.srizan.dev/api/v1/deploy?uuid=${{ secrets.COOLIFY_APP_UUID }}&force=true

.github/workflows/emojis.yml

@@ -0,0 +1,64 @@
+name: Slack Emoji Importer Release
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'slack-import-emojis/**'
+  workflow_dispatch:
+
+jobs:
+  build-and-release:
+    name: Build and create release
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./slack-import-emojis
+        
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Rust
+        uses: dtolnay/rust-toolchain@stable
+        
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: "./slack-import-emojis -> target"
+      
+      - name: Build release binary
+        run: cargo build --release
+
+      - name: Extract version from Cargo.toml
+        id: get_version
+        run: |
+          VERSION=$(grep '^version =' Cargo.toml | head -n 1 | cut -d '"' -f 2)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+      
+      - name: Create GitHub Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: emoji-importer-v${{ steps.get_version.outputs.version }}
+          name: Slack Emoji Importer v${{ steps.get_version.outputs.version }}
+          body: |
+            Slack Emoji Importer v${{ steps.get_version.outputs.version }}
+
+            Fetches emojis from the Slack workspace and exports them to JSON.
+
+            ## Usage
+            ```
+            export SLACK_TOKEN=xoxb-your-token
+            ./slack-import-emojis
+            ```
+          
+      - name: Upload Linux binary
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./slack-import-emojis/target/release/slack-import-emojis
+          asset_name: slack-import-emojis-linux-x86_64
+          asset_content_type: application/octet-stream

.gitignore

@@ -28,6 +28,7 @@ yarn-error.log*
 # local env files
 .env*.local
 .env* 
+!.env.example
 
 # vercel
 .vercel
@@ -42,4 +43,11 @@ dev/redis
 
 .turbo
 packages/db/generated/client
-*dist
+*dist
+
+slack-import-emojis/target
+**/*/emojis.json
+
+.idea
+
+/apps/docs/src/content/docs/typedoc-sdk

.vscode/mcp.json

@@ -0,0 +1,8 @@
+{
+  "servers": {
+    "Sentry": {
+      "url": "https://mcp.sentry.dev/mcp/sr-izan/hctv",
+      "type": "http"
+    }
+  }
+}

AGENTS.md

@@ -0,0 +1,343 @@
+# Agent Guidelines for HackClub.tv
+
+This document provides essential information for AI coding agents working on the HackClub.tv codebase.
+
+## Project Overview
+
+HackClub.tv is a live streaming platform built with Next.js 16, Prisma, and Turbo monorepo architecture.
+
+- **Monorepo**: Turborepo with pnpm workspaces
+- **Apps**: web (Next.js), chat (Hono), docs
+- **Packages**: db (Prisma), auth (Lucia), hono-ws, sdk
+- **Package Manager**: pnpm 10.6.5
+
+## Build, Lint, and Test Commands
+
+### Root Level Commands
+
+```bash
+pnpm install            # Install all dependencies
+pnpm build              # Build all apps and packages (uses Turbo)
+pnpm dev                # Start all apps in dev mode (uses Turbo)
+pnpm lint               # Lint all apps (uses Turbo)
+```
+
+### Database Commands
+
+```bash
+pnpm db:migrate         # Run Prisma migrations in dev
+pnpm prisma             # Run any Prisma command in db package
+```
+
+### App-Specific Commands
+
+```bash
+# Web app (Next.js)
+pnpm --filter=@hctv/web dev           # Start Next.js dev server
+pnpm --filter=@hctv/web build         # Build Next.js app
+pnpm --filter=@hctv/web lint          # Lint web app
+pnpm --filter=@hctv/web check-types   # Type check (tsc --noEmit)
+pnpm --filter=@hctv/web ui:add        # Add shadcn components
+
+# Chat app (Hono)
+pnpm --filter=@hctv/chat dev          # Start chat server with watch
+pnpm --filter=@hctv/chat build        # Build chat server
+
+# DB package (Prisma)
+pnpm --filter=@hctv/db db:generate    # Generate Prisma client
+pnpm --filter=@hctv/db db:migrate     # Run migrations
+pnpm --filter=@hctv/db build          # Generate client and build
+```
+
+### Running Single Tests
+
+This project does not currently have a test suite configured. When adding tests:
+
+- Use Vitest or Jest for unit tests
+- Use Playwright for E2E tests (recommended for Next.js)
+- Follow the pattern: `pnpm test -- <test-file-path>`
+
+### Docker Commands
+
+```bash
+pnpm docker:web         # Build web app Docker image
+pnpm docker:chat        # Build chat app Docker image
+pnpm r:rtmp             # Restart RTMP server
+```
+
+## Code Style Guidelines
+
+### Formatting
+
+- **Formatter**: Prettier (`.prettierrc.json`)
+- **Indentation**: 2 spaces (no tabs)
+- **Line Width**: 100 characters
+- **Quotes**: Single quotes
+- **Semicolons**: Required
+- **Trailing Commas**: ES5 style
+- **Linter**: ESLint with Next.js rules (`next/core-web-vitals`)
+
+### Import Organization
+
+Imports should be ordered as follows (no blank lines between groups):
+
+1. React/Next.js core imports
+2. Third-party libraries
+3. Internal components (`@/components`)
+4. Internal utilities/libs (`@/lib`)
+5. Package imports (`@hctv/*`)
+6. Type imports (use `import type` keyword)
+7. Relative imports
+
+```typescript
+import { useState, useEffect } from 'react';
+import { Send } from 'lucide-react';
+import { Button } from '@/components/ui/button';
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import type { User, Channel } from '@hctv/db';
+import { helper } from './utils';
+```
+
+### TypeScript Usage
+
+- **Strict mode**: Enabled
+- **Type over interface**: Use `type` for unions/intersections, `interface` for object shapes
+- **No implicit any**: Always type your variables
+- **Type imports**: Use `import type` for type-only imports
+- **Prisma types**: Import from `@hctv/db` and use type composition
+
+```typescript
+// Interfaces for props and object shapes
+interface ChatMessage {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+}
+
+// Type aliases for complex types
+type FormFieldConfig = {
+  name: string;
+  label?: string;
+};
+
+// Prisma type composition
+type StreamWithChannel = StreamInfo & { channel: Channel };
+```
+
+### Naming Conventions
+
+**Files:**
+
+- React components: `PascalCase.tsx` (e.g., `ChatPanel.tsx`)
+- Utilities/helpers: `camelCase.ts` (e.g., `validate.ts`)
+- Next.js pages: `page.tsx`, `route.ts`, `layout.tsx`
+- Client components: `page.client.tsx`
+
+**Variables & Functions:**
+
+- Components: `PascalCase`
+- Functions: `camelCase`
+- Constants: `SCREAMING_SNAKE_CASE`
+- Booleans: Use `is`, `has`, `should` prefixes
+- Refs: `Ref` suffix (e.g., `socketRef`)
+
+```typescript
+const MESSAGE_HISTORY_SIZE = 15;
+const isFollowing = await checkFollowing();
+const socketRef = useRef<WebSocket | null>(null);
+```
+
+### Error Handling
+
+**API Routes:**
+
+- Return `Response` objects with appropriate status codes
+- Use descriptive error messages
+- Status codes: 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found)
+
+```typescript
+if (!user) {
+  return new Response('Unauthorized', { status: 401 });
+}
+```
+
+**Server Actions:**
+
+- Return objects with `success` boolean and `error` or `data` fields
+- Use `zodVerify` helper for validation
+
+```typescript
+const zod = await zodVerify(schema, formData);
+if (!zod.success) {
+  return { success: false, error: zod.error };
+}
+return { success: true, data: result };
+```
+
+**Client-side:**
+
+- Use try-catch for async operations
+- Use toast notifications (sonner) for user feedback
+- Log errors with `console.error`
+
+### Async Patterns
+
+- **Prefer**: async/await over Promise chains
+- **Parallel operations**: Use `Promise.all()`
+- **No .then() chaining**: Except in utility functions like fetchers
+
+```typescript
+// Standard async/await
+const data = await prisma.model.findMany();
+
+// Parallel operations
+const [channelA, channelB] = await Promise.all([
+  prisma.channel.findUnique({ where: { id: 'a' } }),
+  prisma.channel.findUnique({ where: { id: 'b' } }),
+]);
+```
+
+## React Component Patterns
+
+### Component Structure
+
+1. Directive (`'use client'` or `'use server'`)
+2. Imports
+3. Component function
+4. Helper functions (if needed)
+5. Type/interface definitions (at bottom)
+
+```typescript
+'use client';
+
+import { useState } from 'react';
+import { Button } from '@/components/ui/button';
+
+export default function ChatPanel(props: Props) {
+  const [message, setMessage] = useState('');
+
+  return <div>{/* JSX */}</div>;
+}
+
+interface Props {
+  username: string;
+}
+```
+
+### Server vs Client Components
+
+- **Server components**: Default (no directive), use for data fetching
+- **Client components**: Add `'use client'`, use for interactivity
+- Fetch data in server components, pass to client components as props
+
+## Database Patterns (Prisma)
+
+### Imports
+
+```typescript
+import { prisma } from '@hctv/db';
+import type { User, Channel, StreamInfo } from '@hctv/db';
+```
+
+### Common Queries
+
+```typescript
+// FindUnique with relations
+const channel = await prisma.channel.findUnique({
+  where: { name: channelName },
+  include: { owner: true, streamInfo: true },
+});
+
+// FindMany with dynamic filters
+const where: Prisma.StreamInfoWhereInput = {};
+if (isLive) where.isLive = true;
+const streams = await prisma.streamInfo.findMany({ where });
+
+// Create with relations
+await prisma.channel.create({
+  data: {
+    name: channelName,
+    ownerId: user.id,
+    personalFor: { connect: { id: user.id } },
+  },
+});
+
+// Update
+await prisma.streamInfo.update({
+  where: { username },
+  data: { title: newTitle },
+});
+
+// Upsert
+await prisma.streamKey.upsert({
+  create: { key: newKey, channelId },
+  update: { key: newKey },
+  where: { channelId },
+});
+```
+
+### Redis Usage
+
+```typescript
+import { getRedisConnection } from '@hctv/db';
+
+const redis = getRedisConnection();
+await redis.set('key', 'value');
+await redis.get('key');
+await redis.setex('key', 30, 'value'); // with expiry
+```
+
+## API Route Patterns
+
+### Next.js App Router
+
+```typescript
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const param = searchParams.get('param');
+
+  const data = await prisma.model.findMany();
+  return Response.json(data);
+}
+```
+
+### Server Actions
+
+```typescript
+'use server';
+
+export async function createChannel(prev: any, formData: FormData) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return { success: false, error: 'Unauthorized' };
+  }
+
+  const zod = await zodVerify(createChannelSchema, formData);
+  if (!zod.success) {
+    return zod;
+  }
+
+  // ... processing
+
+  return { success: true };
+}
+```
+
+## Important Notes
+
+- **Turbo caching**: Build outputs are cached. Use `--force` to bypass cache
+- **Environment variables**: Use `NEXT_PUBLIC_` prefix for client-side vars
+- **Styling**: Tailwind CSS with shadcn/ui components, use `cn()` for conditional classes
+- **Data fetching**: SWR for client-side, direct Prisma for server components
+- **Validation**: Zod schemas for form and API validation
+- **Cache invalidation**: Use `revalidatePath()` after mutations

LICENSE

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

README.md

@@ -1,13 +1,7 @@
 # hackclub.tv
 
-This is the source code for [hackclub.tv (hctv.srizan.dev)](https://hctv.srizan.dev), a livestreaming website for hackclubbers.
+This is the source code for [hackclub.tv](https://hackclub.tv), a livestreaming website for hackclubbers.
 
-Development has been ongoing for a few months, and the site is now live! There are some half-baked features, but I'm all ears for feedback.
+The development setup guide can be read at <https://docs.hackclub.tv/guides/dev/>
 
-Join [#hctv](https://hackclub.slack.com/archives/C08HGLXGXAB) on the HC Slack for discussion and updates!
-
-## Features
-
-- High quality video streaming (low latency coming soon)
-- Chat with other viewers
-- Multiaccount support (database schema laid out, UI not implemented)
+Join [#hctv](https://hackclub.slack.com/archives/C08HGLXGXAB) on the Hack Club Slack for discussion and updates!

apps/chat/Dockerfile

@@ -1,10 +1,13 @@
 FROM node:lts-alpine AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
 
 FROM base AS builder
 RUN apk update
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
-RUN yarn global add turbo@^2
+RUN pnpm add -g turbo@^2
 COPY . .
 
 RUN turbo prune @hctv/chat --docker
@@ -16,10 +19,10 @@ WORKDIR /app
  
 # First install the dependencies
 COPY --from=builder /app/out/json/ .
-RUN yarn install --frozen-lockfile
+RUN pnpm install --frozen-lockfile
 
 COPY --from=builder /app/out/full/ .
-RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build --concurrency=1
+RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) pnpm turbo run build --concurrency=1
  
 FROM base AS runner
 WORKDIR /app

apps/chat/README.md

@@ -1,8 +0,0 @@
-```
-npm install
-npm run dev
-```
-
-```
-open http://localhost:3000
-```

apps/chat/package.json

@@ -7,11 +7,12 @@
     "build": "tsc --build"
   },
   "dependencies": {
-    "@hctv/auth": "*",
-    "@hctv/db": "*",
-    "@hctv/hono-ws": "*",
+    "@hctv/auth": "workspace:*",
+    "@hctv/db": "workspace:*",
+    "@hctv/hono-ws": "workspace:*",
     "@hono/node-server": "^1.14.0",
     "@hono/node-ws": "^1.1.0",
+    "@leeoniya/ufuzzy": "^1.0.18",
     "@oslojs/encoding": "^1.1.0",
     "hono": "^4.7.5"
   },

apps/chat/src/utils/randomString.ts

@@ -0,0 +1,8 @@
+export function randomString(length: number): string {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+  let result = '';
+  for (let i = 0; i < length; i++) {
+    result += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  return result;
+}

apps/docs/.gitignore

@@ -0,0 +1,21 @@
+# build output
+dist/
+# generated types
+.astro/
+
+# dependencies
+node_modules/
+
+# logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+
+# environment variables
+.env
+.env.production
+
+# macOS-specific files
+.DS_Store

apps/docs/.vscode/extensions.json

@@ -0,0 +1,4 @@
+{
+  "recommendations": ["astro-build.astro-vscode"],
+  "unwantedRecommendations": []
+}

apps/docs/.vscode/launch.json

@@ -0,0 +1,11 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "command": "./node_modules/.bin/astro dev",
+      "name": "Development server",
+      "request": "launch",
+      "type": "node-terminal"
+    }
+  ]
+}

apps/docs/astro.config.mjs

@@ -0,0 +1,45 @@
+// @ts-check
+import { defineConfig } from 'astro/config';
+import starlight from '@astrojs/starlight';
+import mermaid from 'astro-mermaid';
+import catppuccin from '@catppuccin/starlight';
+import starlightTypeDoc, { typeDocSidebarGroup } from 'starlight-typedoc';
+
+// https://astro.build/config
+export default defineConfig({
+  integrations: [
+    mermaid({
+      theme: 'base',
+      autoTheme: true,
+    }),
+    starlight({
+      title: 'hctv docs',
+      social: [{ icon: 'github', label: 'GitHub', href: 'https://github.com/SrIzan10/hctv' }],
+      plugins: [
+        catppuccin({
+          dark: { flavor: 'mocha', accent: 'blue' },
+          light: { flavor: 'latte', accent: 'blue' },
+        }),
+        starlightTypeDoc({
+          entryPoints: ['../../packages/sdk/src/index.ts'],
+          tsconfig: '../../packages/sdk/tsconfig.json',
+          output: 'typedoc-sdk',
+          sidebar: {
+            label: 'SDK Reference',
+          },
+        }),
+      ],
+      sidebar: [
+        {
+          label: 'API',
+          autogenerate: { directory: 'api' },
+        },
+        {
+          label: 'Guides',
+          autogenerate: { directory: 'guides' },
+        },
+        typeDocSidebarGroup,
+      ],
+    }),
+  ],
+});

apps/docs/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@hctv/docs",
+  "type": "module",
+  "version": "0.0.1",
+  "scripts": {
+    "dev": "astro dev",
+    "start": "astro dev",
+    "build": "astro build",
+    "preview": "astro preview",
+    "astro": "astro"
+  },
+  "dependencies": {
+    "@astrojs/starlight": "^0.35.2",
+    "@catppuccin/starlight": "^1.0.2",
+    "astro": "^5.6.1",
+    "astro-mermaid": "^1.0.4",
+    "mermaid": "^11.10.1",
+    "sharp": "^0.34.2",
+    "starlight-typedoc": "^0.21.5",
+    "typedoc": "^0.28.16",
+    "typedoc-plugin-markdown": "^4.9.0"
+  }
+}

apps/docs/public/favicon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"><path fill-rule="evenodd" d="M81 36 64 0 47 36l-1 2-9-10a6 6 0 0 0-9 9l10 10h-2L0 64l36 17h2L28 91a6 6 0 1 0 9 9l9-10 1 2 17 36 17-36v-2l9 10a6 6 0 1 0 9-9l-9-9 2-1 36-17-36-17-2-1 9-9a6 6 0 1 0-9-9l-9 10v-2Zm-17 2-2 5c-4 8-11 15-19 19l-5 2 5 2c8 4 15 11 19 19l2 5 2-5c4-8 11-15 19-19l5-2-5-2c-8-4-15-11-19-19l-2-5Z" clip-rule="evenodd"/><path d="M118 19a6 6 0 0 0-9-9l-3 3a6 6 0 1 0 9 9l3-3Zm-96 4c-2 2-6 2-9 0l-3-3a6 6 0 1 1 9-9l3 3c3 2 3 6 0 9Zm0 82c-2-2-6-2-9 0l-3 3a6 6 0 1 0 9 9l3-3c3-2 3-6 0-9Zm96 4a6 6 0 0 1-9 9l-3-3a6 6 0 1 1 9-9l3 3Z"/><style>path{fill:#000}@media (prefers-color-scheme:dark){path{fill:#fff}}</style></svg>

apps/docs/src/content.config.ts

@@ -0,0 +1,7 @@
+import { defineCollection } from 'astro:content';
+import { docsLoader } from '@astrojs/starlight/loaders';
+import { docsSchema } from '@astrojs/starlight/schema';
+
+export const collections = {
+	docs: defineCollection({ loader: docsLoader(), schema: docsSchema() }),
+};

apps/docs/src/content/docs/api/chat.mdx

@@ -0,0 +1,276 @@
+---
+title: Chat
+description: Chat websocket
+---
+
+import { Aside } from '@astrojs/starlight/components';
+
+The chat system is powered by a websocket server. Please read the entire page before implementing anything, as there are some important notes.
+
+## Connection and messages
+
+The websocket server is located at `wss://hackclub.tv/api/stream/chat/ws/:username`, where `:username` is the channel you want to connect to.
+
+You'll need to provide authentication, which can be done by providing an `auth_session` cookie, just like the REST API.
+
+<Aside type="tip">
+Bot accounts are now supported. You can choose to connect as a bot by providing a bot account's API key in one of two ways:
+- Using the `Authorization` header: `Bearer hctvb_xxxxxxx`
+- Using the `?botAuth=hctvb_xxxxxxx` query parameter
+
+**Security Note:** When using the `?botAuth=` query parameter, be aware that query parameters may be logged in server logs, and/or proxy logs. Use the `Authorization` header method whenever possible. The query parameter method should only be used when connecting from an environment where headers cannot be set.
+
+It is highly advised to use a bot account for any automated task, and to implement anything pointed out in this page.
+
+</Aside>
+
+Once connected, you must implement a subroutine in your code to send ping messages every about 5 seconds. This is because of Cloudflare limitations.
+
+Messages are sent and received in JSON format. The following message types are supported:
+
+- `message`: a chat message.
+  - sent by client:
+    ```json
+    {
+      "type": "message",
+      "message": "Hello, world!"
+    }
+    ```
+  - received by client:
+    ```json
+    {
+      "user": {
+        "id": "user_id",
+        "username": "user_who_sent_message",
+        "avatar": "https://emoji.slack-edge.com/avatar.png"
+      },
+      "message": "Hello, world!"
+    }
+    ```
+- `ping`: a ping message to keep the connection alive.
+  - sent by client:
+    ```json
+    {
+      "type": "ping"
+    }
+    ```
+  - received by client:
+    ```json
+    {
+      "type": "pong"
+    }
+    ```
+- `history`: a message containing the chat history. This is sent upon connection.
+  - received by client:
+    ```json
+    {
+      "type": "history",
+      "messages": [
+        {
+          "user": {
+            "id": "user_id",
+            "username": "user_who_sent_message",
+            "avatar": "https://emoji.slack-edge.com/avatar.png"
+          },
+          "message": "Hello, world!",
+          "type": "message",
+        },
+        ...
+      ]
+    }
+    ```
+
+## Moderation messages
+
+Chat moderation is available over the same websocket connection when the connected account is a channel moderator.
+
+- `mod:deleteMessage`: delete a message from chat history.
+  - sent by client:
+    ```json
+    {
+      "type": "mod:deleteMessage",
+      "msgId": "chat_message_id"
+    }
+    ```
+  - received by clients in the same channel:
+    ```json
+    {
+      "type": "messageDeleted",
+      "msgId": "chat_message_id"
+    }
+    ```
+- `mod:timeoutUser`: temporarily remove a user's ability to send messages.
+  - sent by client:
+    ```json
+    {
+      "type": "mod:timeoutUser",
+      "targetUserId": "user_id",
+      "targetUsername": "username",
+      "durationSeconds": 300,
+      "reason": "optional reason"
+    }
+    ```
+- `mod:banUser`: ban a user from chat indefinitely.
+  - sent by client:
+    ```json
+    {
+      "type": "mod:banUser",
+      "targetUserId": "user_id",
+      "targetUsername": "username",
+      "reason": "optional reason"
+    }
+    ```
+- `mod:liftTimeout` and `mod:unbanUser`: remove an existing timeout/ban.
+  - sent by client:
+    ```json
+    {
+      "type": "mod:unbanUser",
+      "targetUserId": "user_id",
+      "targetUsername": "username"
+    }
+    ```
+- `chatAccess`: tells a user whether they can currently send messages.
+  - received by client:
+    ```json
+    {
+      "type": "chatAccess",
+      "canSend": false,
+      "restriction": {
+        "type": "timeout",
+        "reason": "spamming",
+        "expiresAt": "2026-02-21T10:00:00.000Z"
+      }
+    }
+    ```
+- `moderationError`: returned when a moderation action is rejected.
+  - received by client:
+    ```json
+    {
+      "type": "moderationError",
+      "code": "INVALID_TARGET",
+      "message": "Invalid moderation target."
+    }
+    ```
+
+## SDK moderation usage (`@hctv/sdk`)
+
+If you're building bots, you can call moderation helpers directly:
+
+```ts
+import { HctvSdk } from '@hctv/sdk';
+
+const sdk = new HctvSdk({ botToken: process.env.HCTV_BOT_TOKEN! });
+await sdk.chat.connect('channel-name');
+
+sdk.chat.timeoutUser('channel-name', 'target-user-id', 'target-username', 300, 'spam');
+sdk.chat.banUser('channel-name', 'target-user-id', 'target-username', 'severe abuse');
+sdk.chat.liftTimeout('channel-name', 'target-user-id', 'target-username');
+sdk.chat.unbanUser('channel-name', 'target-user-id', 'target-username');
+sdk.chat.deleteMessage('channel-name', 'message-id');
+
+sdk.chat.onModerationError((error, channel) => {
+  console.error(`[${channel}] moderation error`, error.code, error.message);
+});
+
+sdk.chat.onChatAccess((access, channel) => {
+  console.log(`[${channel}] canSend=${access.canSend}`);
+});
+
+sdk.chat.onModerationEvent((event) => {
+  if (event.type === 'messageDeleted') {
+    console.log('deleted message', event.msgId);
+  }
+});
+```
+
+## Emoji handling
+
+_diagram source: devin deepwiki_
+
+```mermaid
+graph TB
+    subgraph "Emoji Processing Pipeline"
+        CHAT_MSG["Chat Message"]
+        PATTERN_MATCH["Regex :emoji: Pattern"]
+        EMOJI_REQUEST["emojiMsg WebSocket"]
+        REDIS_LOOKUP["Redis HGET emojis"]
+        FUZZY_SEARCH["uFuzzy"]
+        EMOJI_RESPONSE["emojiMsgResponse"]
+    end
+
+    subgraph "Redis Storage"
+        EMOJI_HASH["emojis hash key"]
+        EMOJI_PREFIXED["emoji:{name} url"]
+        EMOJIS_PREFIXED["emojis:{name} url"]
+    end
+
+    CHAT_MSG --> PATTERN_MATCH
+    PATTERN_MATCH --":emojiname:"--> EMOJI_REQUEST
+    EMOJI_REQUEST --> REDIS_LOOKUP
+
+    REDIS_LOOKUP --> EMOJI_HASH
+    REDIS_LOOKUP --> EMOJI_PREFIXED
+    REDIS_LOOKUP --> EMOJIS_PREFIXED
+
+    REDIS_LOOKUP --> EMOJI_RESPONSE
+
+    FUZZY_SEARCH --> EMOJI_HASH
+    FUZZY_SEARCH --"search results"--> EMOJI_RESPONSE
+```
+
+When a chat message is sent, the server looks for patterns in the format `:emojiname:` using regex. For each match, it sends a request to the `emojiMsg` WebSocket.  
+The server then checks Redis for the emoji URL and returns it.
+
+When a user wants to look up an emoji (by typing `:(partial name)`), the server uses uFuzzy to find matching emojis in the Redis `emojis` hash key and returns the results.
+
+Here's what gets sent on the websocket:
+
+- `emojiMsg`: Looks up emojis
+  - sent by client:
+    ```json
+    {
+      "type": "emojiMsg",
+      "emojis": ["aga", "yapa", "heavysob", "yay", "yay-bounce"]
+    }
+    ```
+  - received by client:
+    ```json
+    {
+      "type": "emojiMsgResponse",
+      "emojis": {
+        // rough example of urls
+        "aga": "https://emoji.slack-edge.com/aga.png",
+        "yapa": "https://emoji.slack-edge.com/yapa.png",
+        "heavysob": "https://emoji.slack-edge.com/heavysob.png",
+        "yay": "https://emoji.slack-edge.com/yay.png",
+        "yay-bounce": "https://emoji.slack-edge.com/yay-bounce.png"
+      }
+    }
+    ```
+- `emojiSearch`: Searches for emojis
+  - sent by client:
+    ```json
+    {
+      "type": "emojiSearch",
+      "searchTerm": "aga"
+    }
+    ```
+  - received by client:
+    ```json
+    {
+      "type": "emojiSearchResponse",
+      "results": [
+        // real results btw
+        "aga",
+        "aga-brick-throw",
+        "aga-dance",
+        "aga-transparent",
+        "a-aga",
+        "a-aga-transparent",
+        "agaban",
+        "agaboing",
+        "agabounce",
+        "agabusiness"
+      ]
+    }
+    ```

apps/docs/src/content/docs/api/index.mdx

@@ -0,0 +1,19 @@
+---
+title: API Documentation
+description: Documented API endpoints for hackclub.tv
+---
+
+hctv is meant to be one of the most hackable streaming platforms out there. to that end, we have a (currently limited) public API that you can use to interact with the platform.
+
+since this is beta software, the API is subject to change. additionally, many endpoints are yet not implemented or not fun to implement. please send a message in #hctv on the Hack Club Slack if you have any requests.
+
+## Base url
+
+base url for all endpoints is `https://hackclub.tv/api`.
+
+## Authentication
+
+most endpoints require authentication. this will be pointed out in the documentation.  
+for now, it is done via a cookie called `auth_session` (as per lucia auth). this will change in the future as bot accounts are planned.
+
+you'll need your user account to authenticate. as a recommendation, open an incognito window, log in to hctv, and copy the `auth_session` cookie from there.

apps/docs/src/content/docs/api/meta.json

@@ -0,0 +1,4 @@
+{
+  "title": "API",
+  "description": "Documented API endpoints for hackclub.tv"
+}

apps/docs/src/content/docs/api/rtmp.mdx

@@ -0,0 +1,12 @@
+---
+title: RTMP
+description: RTMP related endpoint group
+---
+
+## POST `/rtmp/streamKey`
+regenerates your stream key. **authentication required**.  
+body parameters (json):
+- `channel`: string - the channel name you want to regenerate the key for. must be one of your channels.
+
+response (json):
+- `key`: string - the new stream key

apps/docs/src/content/docs/api/stream.mdx

@@ -0,0 +1,47 @@
+---
+title: Stream
+description: Stream related endpoint group
+---
+
+## GET `/stream/follow`
+checks if **authenticated user** is following a certain channel.  
+query parameters:
+- `username`: string - the channel name you want to check.
+
+response (json):
+- `following`: boolean - whether the authenticated user is following the channel or not.
+
+## POST `/stream/follow`
+cycle through follow or unfollow a channel. **authentication required**.  
+body parameters (json):
+- `channel`: string - the channel name you want to make the action. must be one of your channels.
+
+response (json):
+- `success`: boolean - whether the operation was successful or not.
+
+## GET `/stream/followers/:channel`
+gets the followcount of a channel.
+path parameters:
+- `channel`: string - the channel name you want to get the followcount of.
+
+response (json):
+- `count`: integer - the number of followers the channel has.
+- `success`: boolean - whether the operation was successful or not. (true if 200 status code)
+
+## GET `/stream/info`
+get stream info of certain channels by filtering. **authentication on some**.
+query parameters:
+- `owned`: boolean (optional) - if true, only returns channels owned by the authenticated user. requires authentication.
+- `personal`: boolean (optional) - if true, only returns personal channels. requires authentication.
+- `live`: boolean (optional) - if true, only returns channels that are currently live.
+
+response (json):
+- StreamInfo[] (check database schema for all returned data or just try it out!)
+
+## GET `/stream/thumb/:channel`
+gets the preview thumbnail of a channel's livestream. **authentication required**
+
+path parameters:
+- `channel`: string - the channel name you want to get the thumbnail of.
+
+response: image (webp)

apps/docs/src/content/docs/guides/dev.mdx

@@ -0,0 +1,32 @@
+---
+title: Development Setup
+description: Instructions to set up a local development environment for hackclub.tv
+---
+
+1. clone repo
+2. `pnpm install`
+3. `cp apps/web/.env.example apps/web/.env && cp packages/db/.env.example packages/db/.env` 
+4. `pnpm dev`
+5. `pnpm db:migrate` (RUN THIS AFTER POPULATING ENV)
+
+- slack notifier app manifest is as follows:  
+```
+display_information:
+  # please change the name to something that can be linked to you if possible
+  name: hctv notifier dev
+features:
+  bot_user:
+    # same with this :pray:
+    display_name: hctv notifier dev
+    always_online: false
+oauth_config:
+  scopes:
+    bot:
+      - chat:write
+      - users:read
+      - channels:join
+settings:
+  org_deploy_enabled: false
+  socket_mode_enabled: false
+  token_rotation_enabled: false
+```

apps/docs/src/content/docs/guides/meta.json

@@ -0,0 +1,4 @@
+{
+  "title": "Guides",
+  "description": "Useful guides to help you get started with hackclub.tv"
+}

apps/docs/src/content/docs/guides/start-stream.mdx

@@ -0,0 +1,15 @@
+---
+title: How to stream
+description: Get started with OBS and streaming on hackclub.tv
+---
+
+- open obs
+- open settings
+- open "Stream"
+- set service to custom
+- set url to `srt://localhost:8890?streamid=publish:CHANNEL_NAME:thisusernameislongonpurposesoyoudontaccidentallyleakyourstreamkey:STREAM_KEY&pkt_size=1316`
+- on the website, click "Regenerate key"
+- paste the key into your obs "Stream Key"
+- start streaming!
+
+(screenshots to be added soon)

apps/docs/src/content/docs/index.mdx

@@ -0,0 +1,8 @@
+---
+title: About hctv docs
+description: Index documentation page!
+---
+
+Welcome to the hackclub.tv docs! Here you'll find tips and tricks to get the most out of hackclub.tv and its features.
+
+Additionally, some useful guides are available to help you get started with common tasks.

apps/docs/tsconfig.json

@@ -0,0 +1,5 @@
+{
+  "extends": "astro/tsconfigs/strict",
+  "include": [".astro/types.d.ts", "**/*"],
+  "exclude": ["dist"]
+}

apps/web/.env.example

@@ -0,0 +1,31 @@
+DATABASE_URL=postgresql://postgres:skbiditoilet@localhost:5555/postgres
+
+# make a slack app here: https://api.slack.com/apps
+SLACK_NOTIFIER_TOKEN=<make a bot for this, check app manifest below>
+
+# invite your bot to the channel you created. below is #hctv-dev, so use that if you want!
+NOTIFICATION_CHANNEL_ID=C08M3MGE6PJ
+
+REDIS_URL=redis://localhost:6379
+
+# get from https://uploadthing.com/
+UPLOADTHING_TOKEN=<get from uploadthing>
+
+# enable oauth mode on your hca account and make an app: https://auth.hackclub.com/identity/edit
+HCID_CLIENT=<auth.hackclub.com client>
+HCID_SECRET=<auth.hackclub.com secret>
+# make sure to put this as one of the redirect uri
+HCID_REDIRECT_URI=http://localhost:3000/auth/hackclub/callback
+
+# mediamtx settings
+NEXT_PUBLIC_MEDIAMTX_URL_HQ=http://localhost:8891
+MEDIAMTX_API_HQ=http://localhost:9997
+NEXT_PUBLIC_MEDIAMTX_INGEST_ROUTE_HQ=localhost:8890
+
+# commented because we don't have another ingest server as of right now
+# NEXT_PUBLIC_MEDIAMTX_URL_ASIA=http://localhost:8991
+# MEDIAMTX_API_ASIA=http://localhost:9999
+# NEXT_PUBLIC_MEDIAMTX_INGEST_ROUTE_ASIA=localhost:8990
+
+# idt you should change this
+MEDIAMTX_PUBLISH_KEY=rjq1xdpCPA4qyt3jge

apps/web/Dockerfile

@@ -1,14 +1,20 @@
-FROM node:lts-alpine AS base
+FROM node:22-slim AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
 
 FROM base AS builder
-RUN apk update
-RUN apk add --no-cache libc6-compat
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 # Set working directory
 WORKDIR /app
-# Replace <your-major-version> with the major version installed in your repository. For example:
-# RUN yarn global add turbo@^2
-RUN yarn global add turbo@^2
+RUN pnpm add -g turbo@^2
 COPY . .
+
+# Get the git commit hash before pruning (since .git might be removed)
+RUN git rev-parse --short HEAD > /tmp/commit_hash || echo "unknown" > /tmp/commit_hash
  
 # Generate a partial monorepo with a pruned lockfile for a target workspace.
 # Assuming "web" is the name entered in the project's package.json: { name: "web" }
@@ -16,23 +22,79 @@ RUN turbo prune @hctv/web --docker
  
 # Add lockfile and package.json's of isolated subworkspace
 FROM base AS installer
-RUN apk update
-RUN apk add --no-cache libc6-compat
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    libvips-dev \
+    python3 \
+    make \
+    g++ \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+# Get the commit hash from the builder stage
+COPY --from=builder /tmp/commit_hash /tmp/commit_hash
 WORKDIR /app
- 
+
 # First install the dependencies (as they change less often)
 COPY --from=builder /app/out/json/ .
-RUN yarn install --frozen-lockfile
+RUN pnpm install --frozen-lockfile
+
+# Install a standalone Prisma CLI for runtime migrations (no pnpm symlinks).
+RUN mkdir -p /opt/prisma-cli && cd /opt/prisma-cli && npm init -y && npm install prisma@6.5.0
 
 COPY --from=builder /app/out/full/ .
-RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build
+
+# Generate latest emojis.json during image build.
+RUN ARCH=$(dpkg --print-architecture) && \
+    if [ "$ARCH" = "amd64" ]; then EMOJI_ARCH="x86_64"; \
+    elif [ "$ARCH" = "arm64" ]; then EMOJI_ARCH="aarch64"; \
+    else EMOJI_ARCH=""; fi && \
+    RELEASE_JSON=$(curl -fsSL https://api.github.com/repos/srizan10/hctv/releases/latest || true) && \
+    RELEASE_URL=$(printf '%s' "$RELEASE_JSON" | grep "browser_download_url.*slack-import-emojis-linux-${EMOJI_ARCH}" | cut -d '"' -f 4 || true) && \
+    if [ -n "$RELEASE_URL" ] && \
+      curl -fsSL -o /tmp/slack-import-emojis-bin "$RELEASE_URL" && \
+      chmod +x /tmp/slack-import-emojis-bin && \
+      /tmp/slack-import-emojis-bin default; then \
+      cp /app/emojis.json /app/apps/web/emojis.json; \
+    else \
+      cp /app/apps/web/src/lib/instrumentation/emojis.json /app/apps/web/emojis.json; \
+    fi
+
+RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM --mount=type=secret,id=SENTRY_AUTH_TOKEN \
+    COMMIT=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \
+    TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) \
+    SENTRY_AUTH_TOKEN=$(cat /run/secrets/SENTRY_AUTH_TOKEN) \
+    commit=$COMMIT pnpm turbo run build --env-mode=loose
  
 FROM base AS runner
 WORKDIR /app
- 
-# Don't run production as root
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ffmpeg \
+    libvips42 \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd --system --gid 1001 nodejs
+RUN useradd --system --uid 1001 nextjs --create-home
+
+# Ensure home directory and cache directories have proper permissions
+RUN mkdir -p /home/nextjs/.cache && \
+    chown -R nextjs:nodejs /home/nextjs
+
+COPY --from=installer /tmp/commit_hash /tmp/commit_hash
+RUN COMMIT_VALUE=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \
+    echo "#!/bin/sh" > /usr/local/bin/start.sh && \
+    echo "set -e" >> /usr/local/bin/start.sh && \
+    echo "export COREPACK_ENABLE_DOWNLOAD_PROMPT=0" >> /usr/local/bin/start.sh && \
+    echo "export HOME=/home/nextjs" >> /usr/local/bin/start.sh && \
+    echo "echo 'Running database migrations...'" >> /usr/local/bin/start.sh && \
+    echo "node /opt/prisma-cli/node_modules/prisma/build/index.js migrate deploy --schema /app/packages/db/prisma/schema.prisma" >> /usr/local/bin/start.sh && \
+    echo "cd /app" >> /usr/local/bin/start.sh && \
+    echo "export commit=$COMMIT_VALUE" >> /usr/local/bin/start.sh && \
+    echo "echo 'Starting Next.js application...'" >> /usr/local/bin/start.sh && \
+    echo "exec node apps/web/server.js" >> /usr/local/bin/start.sh && \
+    chmod +x /usr/local/bin/start.sh
+
 USER nextjs
  
 # Automatically leverage output traces to reduce image size
@@ -40,5 +102,10 @@ USER nextjs
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
 COPY --from=installer --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public
- 
-CMD node apps/web/server.js
+COPY --from=installer --chown=nextjs:nodejs /app/apps/web/emojis.json ./emojis.json
+
+# Copy Prisma schema and migrations for prisma migrate deploy
+COPY --from=installer --chown=nextjs:nodejs /app/packages/db/prisma ./packages/db/prisma
+COPY --from=installer --chown=nextjs:nodejs /opt/prisma-cli /opt/prisma-cli
+
+CMD ["/usr/local/bin/start.sh"]

apps/web/benchmark.py

@@ -1,3 +1,5 @@
+# quick and dirty ai generated benchmark i created for hls streams
+
 #!/usr/bin/env python3
 import asyncio
 import aiohttp

apps/web/next.config.mjs

@@ -1,12 +1,21 @@
+import {withSentryConfig} from '@sentry/nextjs';
 import * as path from 'node:path';
 import { fileURLToPath } from 'url';
+import { readFileSync } from 'node:fs';
+import { execSync } from 'node:child_process';
+
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
 const LIVE_SERVER_URL =
   process.env.NODE_ENV === 'production'
-    ? 'https://backend.hctv.srizan.dev'
+    ? 'http://nginx-rtmp:8888'
     : 'http://localhost:8888';
+
+const packageJson = JSON.parse(readFileSync('./package.json', 'utf8'));
+const { version } = packageJson;
+const commit = process.env.commit || execSync('git rev-parse --short HEAD')
+  .toString().trim();
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   images: {
@@ -17,14 +26,28 @@ const nextConfig = {
       {
         hostname: 'secure.gravatar.com',
       },
+      {
+        hostname: 'emoji.slack-edge.com',
+      },
+      {
+        hostname: 'cdn.jsdelivr.net',
+        pathname: '/npm/emoji-datasource-twitter@15.1.2/img/twitter/64/*',
+      },
+      {
+        hostname: 'eoceqrx2r7.ufs.sh'
+      },
     ],
+    minimumCacheTTL: 120,
   },
   env: {
     LIVE_SERVER_URL,
+    commit,
+    version,
   },
   reactStrictMode: false,
   output: 'standalone',
   outputFileTracingRoot: path.join(__dirname, '../../'),
+  serverExternalPackages: ['bullmq'],
   async rewrites() {
     return [
       {
@@ -32,7 +55,47 @@ const nextConfig = {
         destination: `http://${process.env.NODE_ENV === 'production' ? 'chat' : 'localhost'}:8000/:path*`,
       },
     ];
-  }
+  },
+  logging: {
+    incomingRequests: false,
+  },
 };
 
-export default nextConfig;
+export default withSentryConfig(nextConfig, {
+  // For all available options, see:
+  // https://www.npmjs.com/package/@sentry/webpack-plugin#options
+
+  org: "sr-izan",
+
+  project: "hctv",
+
+  // Auth token for uploading source maps
+  authToken: process.env.SENTRY_AUTH_TOKEN,
+
+  // Only print logs for uploading source maps in CI
+  silent: !process.env.CI,
+
+  // For all available options, see:
+  // https://docs.sentry.io/platforms/javascript/guides/nextjs/manual-setup/
+
+  // Upload a larger set of source maps for prettier stack traces (increases build time)
+  widenClientFileUpload: true,
+
+  // Hides source maps from generated client bundles
+  hideSourceMaps: true,
+
+  // Route browser requests to Sentry through a Next.js rewrite to circumvent ad-blockers.
+  // This can increase your server load as well as your hosting bill.
+  // Note: Check that the configured route will not match with your Next.js middleware, otherwise reporting of client-
+  // side errors will fail.
+  tunnelRoute: "/monitoring",
+
+  // Automatically tree-shake Sentry logger statements to reduce bundle size
+  disableLogger: true,
+
+  // Enables automatic instrumentation of Vercel Cron Monitors. (Does not yet work with App Router route handlers.)
+  // See the following for more information:
+  // https://docs.sentry.io/product/crons/
+  // https://vercel.com/docs/cron-jobs
+  automaticVercelMonitors: true,
+});

apps/web/package.json

@@ -1,61 +1,81 @@
 {
   "name": "@hctv/web",
-  "version": "0.1.0",
+  "version": "0.5.0",
   "private": true,
   "type": "module",
   "scripts": {
     "dd": "docker compose --file ../../dev/docker-compose.yml up -d",
-    "dev": "next dev --turbo",
+    "dev": "next dev --turbo -H 0.0.0.0",
     "donly": "docker compose --file ../../dev/docker-compose.yml up",
     "build": "next build",
     "start": "next start",
     "lint": "next lint",
     "ui:add": "shadcn add",
-    "check-types": "tsc --noEmit"
+    "check-types": "tsc --noEmit",
+    "genMtxTypes": "bunx openapi-typescript https://github.com/bluenviron/mediamtx/raw/refs/tags/v1.15.5/api/openapi.yaml -o ./src/lib/types/mediamtx.d.ts"
   },
   "dependencies": {
-    "@hctv/auth": "*",
-    "@hctv/db": "*",
+    "@hctv/auth": "workspace:*",
+    "@hctv/db": "workspace:*",
     "@hookform/resolvers": "^3.9.1",
-    "@livekit/components-react": "^2.7.0",
     "@lucia-auth/adapter-prisma": "^4.0.1",
     "@node-rs/argon2": "^2.0.2",
+    "@omit/react-confirm-dialog": "^1.2.0",
+    "@radix-ui/react-alert-dialog": "^1.1.15",
     "@radix-ui/react-avatar": "^1.0.4",
+    "@radix-ui/react-checkbox": "^1.1.4",
     "@radix-ui/react-dialog": "^1.1.5",
     "@radix-ui/react-dropdown-menu": "^2.1.2",
+    "@radix-ui/react-hover-card": "^1.1.14",
     "@radix-ui/react-label": "^2.1.1",
     "@radix-ui/react-popover": "^1.1.5",
     "@radix-ui/react-select": "^2.1.5",
     "@radix-ui/react-separator": "^1.1.1",
-    "@radix-ui/react-slot": "^1.1.1",
+    "@radix-ui/react-slot": "^1.2.4",
     "@radix-ui/react-switch": "^1.1.3",
-    "@radix-ui/react-tooltip": "^1.1.6",
+    "@radix-ui/react-tabs": "^1.1.12",
+    "@radix-ui/react-tooltip": "^1.2.7",
+    "@scalar/api-reference-react": "^0.7.42",
+    "@sentry/nextjs": "^10",
     "@slack/web-api": "^7.9.1",
     "@uidotdev/usehooks": "^2.4.1",
-    "arctic": "^3.1.1",
+    "@uploadthing/react": "^7.3.1",
+    "ajv": "^8.17.1",
+    "arctic": "^3.7.0",
     "bullmq": "^5.45.2",
     "cheerio": "^1.0.0",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.0",
     "cmdk": "1.0.0",
+    "date-fns": "^4.1.0",
+    "embla-carousel-react": "^8.6.0",
     "hls-video-element": "^1.5.0",
-    "ioredis": "^5.6.0",
-    "livekit-client": "^2.8.0",
-    "livekit-server-sdk": "^2.9.7",
+    "hls.js": "^1.6.15",
     "lucia": "^3.2.2",
     "lucide-react": "^0.473.0",
     "media-chrome": "^4.8.0",
-    "next": "^15.2.3",
+    "next": "^16.1.0",
     "next-themes": "^0.4.4",
+    "node-cron": "^3.0.3",
+    "nuqs": "^2.4.3",
     "pg": "^8.14.1",
     "pg-boss": "^10.1.6",
-    "react": "19",
-    "react-dom": "19",
+    "react": "^19.2.3",
+    "react-day-picker": "^9.13.0",
+    "react-dom": "^19.2.3",
     "react-hook-form": "^7.54.2",
+    "rehype-raw": "^7.0.0",
+    "rehype-react": "^8.0.0",
+    "rehype-sanitize": "^6.0.0",
+    "remark-parse": "^11.0.0",
+    "remark-rehype": "^11.1.2",
+    "sharp": "^0.34.3",
     "sonner": "^1.4.41",
     "swr": "^2.3.0",
     "tailwind-merge": "^2.2.2",
     "tailwindcss-animate": "^1.0.7",
+    "unified": "^11.0.5",
+    "uploadthing": "^7.7.2",
     "util-utils": "^1.0.3",
     "valtio": "^2.1.2",
     "ws": "^8.18.1",
@@ -63,13 +83,14 @@
   },
   "devDependencies": {
     "@types/node": "^20",
+    "@types/node-cron": "^3.0.11",
     "@types/react": "^18",
     "@types/react-dom": "^18",
     "@types/ws": "^8.18.0",
     "eslint": "^8",
     "eslint-config-next": "15.1.3",
     "postcss": "^8",
-    "shadcn": "^2.1.8",
+    "shadcn": "^2.7.0",
     "tailwindcss": "^3.4.1",
     "typescript": "^5"
   }

apps/web/sentry.edge.config.ts

@@ -0,0 +1,20 @@
+// This file configures the initialization of Sentry for edge features (middleware, edge routes, and so on).
+// The config you add here will be used whenever one of the edge features is loaded.
+// Note that this config is unrelated to the Vercel Edge Runtime and is also required when running locally.
+// https://docs.sentry.io/platforms/javascript/guides/nextjs/
+
+import * as Sentry from "@sentry/nextjs";
+
+Sentry.init({
+  dsn: "https://f3c26671c39af48406c6e23702a4f3dd@o4506961023860736.ingest.us.sentry.io/4509895816773632",
+
+  // Define how likely traces are sampled. Adjust this value in production, or use tracesSampler for greater control.
+  tracesSampleRate: 1,
+
+  // Enable logs to be sent to Sentry
+  enableLogs: true,
+
+  // Setting this option to true will print useful information to the console while you're setting up Sentry.
+  debug: false,
+  enabled: process.env.NODE_ENV === 'production',
+});

apps/web/src/app/(other)/chat/[username]/page.tsx

@@ -1,16 +1,18 @@
-import LiveStream from "@/components/app/Livestream/Livestream";
+import ChatPanel from "@/components/app/ChatPanel/ChatPanel";
 import { prisma } from '@hctv/db';
 
 export default async function Page({ params }: { params: Promise<{ username: string }> }) {
   const { username } = await params;
   const streamInfo = await prisma.streamInfo.findUnique({
     where: { username },
-    include: { ownedBy: true },
+    include: { channel: true },
   });
   if (!streamInfo) {
     return <div>Stream not found</div>;
   }
   return (
-    <LiveStream username={username} streamInfo={streamInfo} />
+    <div className="bg-transparent h-screen">
+      <ChatPanel isObsPanel />
+    </div>
   );
 }

apps/web/src/app/(protected)/api/rtmp/publish/route.ts

@@ -1,30 +0,0 @@
-import { prisma } from '@hctv/db';
-import { NextRequest } from 'next/server';
-
-export async function POST(request: NextRequest) {
-  const formData = await request.formData();
-  const streamKey = formData.get('name')?.toString() || '';
-
-  const key = await prisma.streamKey.findFirst({
-    where: {
-      key: streamKey,
-    },
-    include: {
-      channel: true,
-    },
-  });
-
-  if (!key) {
-    return new Response('nay', {
-      status: 403,
-    });
-  }
-
-  const headers = new Headers();
-  headers.append('Location', `rtmp://127.0.0.1/channel-live/${key.channel.name}`);
-  
-  return new Response(null, {
-    status: 302,
-    headers: headers,
-  });
-}

apps/web/src/app/(protected)/api/stream/info/route.ts

@@ -1,34 +0,0 @@
-import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import type { NextRequest } from 'next/server';
-
-export async function GET(request: NextRequest) {
-  const searchParams = request.nextUrl.searchParams;
-  const shouldGetOwned = searchParams.get('owned') === 'true';
-  const { user } = await validateRequest();
-  /* const db = await prisma.streamInfo.findMany({
-    include: { ownedBy: true },
-  }); */
-
-  if (shouldGetOwned) {
-    if (!user) {
-      return new Response('No user found in cookies', { status: 401 });
-    }
-    
-    const db = await prisma.streamInfo.findMany({
-      where: {
-        channel: {
-          ownerId: user.id,
-        },
-      },
-    });
-    return Response.json(db);
-  } else {
-    const db = await prisma.streamInfo.findMany({
-      include: {
-        channel: true,
-      }
-    });
-    return Response.json(db);
-  }
-}

apps/web/src/app/(protected)/layout.tsx

@@ -1,13 +0,0 @@
-import { validateRequest } from '@/lib/auth/validate';
-import { redirect, RedirectType } from 'next/navigation';
-
-export default async function Layout({ children }: { children: React.ReactNode }) {
-  const { user } = await validateRequest();
-  if (!user) {
-    return redirect('/auth/slack');
-  }
-  if (!user.hasOnboarded) {
-    return redirect(`/onboarding`, RedirectType.push);
-  }
-  return children;
-}

apps/web/src/app/(public)/onboarding/page.client.tsx

@@ -1,37 +0,0 @@
-'use client';
-
-import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
-import { Card, CardHeader, CardTitle, CardDescription, CardContent } from '@/components/ui/card';
-import { onboard } from '@/lib/form/actions';
-import { useSession } from '@/lib/providers/SessionProvider';
-import { redirect, useRouter } from 'next/navigation';
-
-export default function OnboardingClient() {
-  const { user } = useSession();
-  const router = useRouter();
-  
-  return (
-    <Card className="mx-auto max-w-sm border-0 shadow-none">
-      <CardHeader className="space-y-1">
-        <CardTitle>Welcome to hackclub.tv!</CardTitle>
-        <CardDescription>
-          To get started, please enter the username of your personal channel.
-        </CardDescription>
-      </CardHeader>
-      <CardContent>
-        <p>join #hctv! you will get welcomed to the channel after submitting the form!</p>
-        <UniversalForm
-          fields={[
-            { name: 'userId', label: 'User ID', type: 'hidden', value: user?.id },
-            { name: 'username', label: 'Username', type: 'text' },
-          ]}
-          schemaName="onboard"
-          action={onboard}
-          onActionComplete={() => {
-            window.location.href = '/';
-          }}
-        />
-      </CardContent>
-    </Card>
-  );
-}

apps/web/src/app/(public)/page.tsx

@@ -1,78 +0,0 @@
-import LandingPage from '@/components/app/LandingPage/LandingPage';
-import { Card, CardContent } from '@/components/ui/card';
-import ConfusedDino from '@/components/ui/confuseddino';
-import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import { Avatar, AvatarImage, AvatarFallback } from '@radix-ui/react-avatar';
-import Image from 'next/image';
-import Link from 'next/link';
-import { redirect } from 'next/navigation';
-
-export default async function Home() {
-  const { user } = await validateRequest();
-  if (user && !user?.hasOnboarded) {
-    redirect('/onboarding');
-  }
-  const streams = await prisma.streamInfo.findMany({
-    where: {
-      isLive: true,
-    },
-    include: {
-      channel: true,
-    },
-  });
-  if (!user) {
-    return <LandingPage />;
-  }
-  if (!streams.length) {
-    return (
-      <div className="flex justify-center items-center text-center flex-col pt-4 gap-2">
-        <h2>No streams found!!</h2>
-        <p>...maybe start one?</p>
-        <ConfusedDino className='w-40 h-40' />
-      </div>
-    );
-  }
-
-  return (
-    <div className="p-4">
-      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-6">
-        {streams.map((stream) => (
-          <Link href={`/${stream.username}`} key={stream.id}>
-            <Card className="overflow-hidden hover:shadow-lg transition-shadow">
-              <CardContent className="p-0">
-                <div className="relative">
-                  <Image
-                    src={stream.channel.pfpUrl || '/placeholder.svg'}
-                    width={512}
-                    height={512}
-                    alt={stream.title}
-                    className="w-full h-48 object-cover"
-                  />
-                  <div className="absolute bottom-2 left-2 bg-red-600 text-white text-xs font-bold px-2 py-1 rounded">
-                    LIVE
-                  </div>
-                  <div className="absolute bottom-2 right-2 bg-black bg-opacity-70 text-white text-xs px-2 py-1 rounded">
-                    {stream.viewers} viewers
-                  </div>
-                </div>
-                <div className="p-4">
-                  <div className="flex items-start">
-                    <Avatar className="h-10 w-10 mr-3">
-                      <AvatarImage src={stream.channel.pfpUrl} />
-                      <AvatarFallback>{stream.channel.name}</AvatarFallback>
-                    </Avatar>
-                    <div>
-                      <h3 className="font-semibold line-clamp-1">{stream.title}</h3>
-                      <p className="text-sm text-muted-foreground">{stream.category}</p>
-                    </div>
-                  </div>
-                </div>
-              </CardContent>
-            </Card>
-          </Link>
-        ))}
-      </div>
-    </div>
-  );
-}

apps/web/src/app/(ui)/(protected)/[username]/page.tsx

@@ -0,0 +1,39 @@
+import LiveStream from "@/components/app/Livestream/Livestream";
+import { prisma } from '@hctv/db';
+
+export default async function Page({ params }: { params: Promise<{ username: string }> }) {
+  const { username } = await params;
+  const streamInfo = await prisma.streamInfo.findUnique({
+    where: { username },
+    include: {
+      channel: {
+        include: {
+          restriction: true,
+        },
+      },
+    },
+  });
+  if (!streamInfo) {
+    return <div>Stream not found</div>;
+  }
+
+  if (streamInfo.channel.restriction) {
+    const isExpired = streamInfo.channel.restriction.expiresAt &&
+      new Date(streamInfo.channel.restriction.expiresAt) < new Date();
+    
+    if (!isExpired) {
+      return (
+        <div className="flex flex-col items-center justify-center h-[calc(100vh-64px)] p-4">
+          <h1 className="text-2xl font-bold text-destructive mb-2">Channel Restricted</h1>
+          <p className="text-muted-foreground text-center max-w-md">
+            This channel has been restricted by a moderator and is not currently available for viewing.
+          </p>
+        </div>
+      );
+    }
+  }
+
+  return (
+    <LiveStream username={username} streamInfo={streamInfo} />
+  );
+}

apps/web/src/app/(ui)/(protected)/admin/page.tsx

@@ -0,0 +1,17 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { redirect } from 'next/navigation';
+import AdminPanelClient from './page.client';
+
+export default async function AdminPage() {
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  if (!user.isAdmin) {
+    redirect('/');
+  }
+
+  return <AdminPanelClient currentUser={user} />;
+}

apps/web/src/app/(ui)/(protected)/admin/reports/[reportId]/page.client.tsx

@@ -0,0 +1,559 @@
+'use client';
+
+import { useState } from 'react';
+import { useRouter } from 'next/navigation';
+import { format, formatDistanceToNow } from 'date-fns';
+import { toast } from 'sonner';
+import {
+  ArrowLeft,
+  Gavel,
+  Flag,
+  User,
+  MessageSquare,
+  Clock,
+  ShieldAlert,
+  ShieldOff,
+  ShieldCheck,
+  Trash2,
+  CheckCircle2,
+  XCircle,
+  AlertTriangle,
+  Timer,
+  Ban,
+  Unlock,
+  Info,
+} from 'lucide-react';
+import { Badge } from '@/components/ui/badge';
+import { Button } from '@/components/ui/button';
+import { Label } from '@/components/ui/label';
+import { Textarea } from '@/components/ui/textarea';
+import { Separator } from '@/components/ui/separator';
+import { cn } from '@/lib/utils';
+
+type ReportModerationAction =
+  | 'review'
+  | 'dismiss'
+  | 'delete_reported_message'
+  | 'timeout_10m'
+  | 'timeout_1h'
+  | 'ban_chat'
+  | 'lift_chat_ban'
+  | 'ban_platform'
+  | 'unban_platform';
+
+type ActionSeverity = 'info' | 'moderate' | 'severe';
+
+interface ActionOption {
+  value: ReportModerationAction;
+  label: string;
+  description: string;
+  severity: ActionSeverity;
+  requiresNote?: boolean;
+  icon: React.ReactNode;
+}
+
+const ACTION_OPTIONS: ActionOption[] = [
+  {
+    value: 'review',
+    label: 'Mark as reviewed',
+    description: 'Acknowledge the report without further action.',
+    severity: 'info',
+    icon: <CheckCircle2 className="h-4 w-4" />,
+  },
+  {
+    value: 'dismiss',
+    label: 'Dismiss',
+    description: 'Close this report as unfounded or resolved.',
+    severity: 'info',
+    icon: <XCircle className="h-4 w-4" />,
+  },
+  {
+    value: 'delete_reported_message',
+    label: 'Delete message',
+    description: 'Remove the reported message from the chat.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Trash2 className="h-4 w-4" />,
+  },
+  {
+    value: 'timeout_10m',
+    label: 'Timeout 10 minutes',
+    description: 'Prevent user from chatting for 10 minutes.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Timer className="h-4 w-4" />,
+  },
+  {
+    value: 'timeout_1h',
+    label: 'Timeout 1 hour',
+    description: 'Prevent user from chatting for 1 hour.',
+    severity: 'moderate',
+    requiresNote: true,
+    icon: <Timer className="h-4 w-4" />,
+  },
+  {
+    value: 'ban_chat',
+    label: 'Ban from chat',
+    description: 'Permanently ban user from chat.',
+    severity: 'severe',
+    requiresNote: true,
+    icon: <Ban className="h-4 w-4" />,
+  },
+  {
+    value: 'lift_chat_ban',
+    label: 'Lift chat ban',
+    description: 'Restore chat access for this user.',
+    severity: 'info',
+    requiresNote: true,
+    icon: <Unlock className="h-4 w-4" />,
+  },
+  {
+    value: 'ban_platform',
+    label: 'Ban from platform',
+    description: 'Permanently ban user from the entire platform.',
+    severity: 'severe',
+    requiresNote: true,
+    icon: <ShieldOff className="h-4 w-4" />,
+  },
+  {
+    value: 'unban_platform',
+    label: 'Unban from platform',
+    description: 'Restore platform access for this user.',
+    severity: 'info',
+    requiresNote: true,
+    icon: <ShieldCheck className="h-4 w-4" />,
+  },
+];
+
+const SEVERITY_STYLES: Record<
+  ActionSeverity,
+  { card: string; selected: string; icon: string; ring: string }
+> = {
+  info: {
+    card: 'border-border hover:border-muted-foreground/40 hover:bg-muted/30',
+    selected: 'border-primary bg-primary/5',
+    icon: 'text-muted-foreground',
+    ring: 'ring-primary/30',
+  },
+  moderate: {
+    card: 'border-border hover:border-amber-500/40 hover:bg-amber-500/5',
+    selected: 'border-amber-500 bg-amber-500/5',
+    icon: 'text-amber-500',
+    ring: 'ring-amber-500/30',
+  },
+  severe: {
+    card: 'border-border hover:border-destructive/40 hover:bg-destructive/5',
+    selected: 'border-destructive bg-destructive/5',
+    icon: 'text-destructive',
+    ring: 'ring-destructive/30',
+  },
+};
+
+const STATUS_CONFIG = {
+  OPEN: { label: 'Open', variant: 'destructive' as const, icon: <Flag className="h-3 w-3" /> },
+  REVIEWED: {
+    label: 'Reviewed',
+    variant: 'secondary' as const,
+    icon: <CheckCircle2 className="h-3 w-3" />,
+  },
+  DISMISSED: {
+    label: 'Dismissed',
+    variant: 'outline' as const,
+    icon: <XCircle className="h-3 w-3" />,
+  },
+};
+
+const ACTION_LABELS: Record<NonNullable<ChatReportCase['lastAction']>, string> = {
+  REVIEW: 'Marked as reviewed',
+  DISMISS: 'Dismissed',
+  DELETE_REPORTED_MESSAGE: 'Message deleted',
+  TIMEOUT_10M: 'User timed out (10m)',
+  TIMEOUT_1H: 'User timed out (1h)',
+  BAN_CHAT: 'Chat banned',
+  LIFT_CHAT_BAN: 'Chat ban lifted',
+  BAN_PLATFORM: 'Platform banned',
+  UNBAN_PLATFORM: 'Platform ban lifted',
+};
+
+function InfoRow({ label, children }: { label: string; children: React.ReactNode }) {
+  return (
+    <div className="flex flex-col gap-0.5">
+      <span className="text-[11px] font-medium uppercase tracking-wider text-muted-foreground">
+        {label}
+      </span>
+      <span className="text-sm">{children}</span>
+    </div>
+  );
+}
+
+function SectionLabel({ icon, children }: { icon: React.ReactNode; children: React.ReactNode }) {
+  return (
+    <div className="flex items-center gap-2 mb-3">
+      <span className="text-muted-foreground">{icon}</span>
+      <span className="text-xs font-semibold uppercase tracking-widest text-muted-foreground">
+        {children}
+      </span>
+    </div>
+  );
+}
+
+export default function ReportCasePageClient({ report }: ReportCasePageClientProps) {
+  const router = useRouter();
+  const [selectedAction, setSelectedAction] = useState<ReportModerationAction>('review');
+  const [note, setNote] = useState('');
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const selectedMeta = ACTION_OPTIONS.find((o) => o.value === selectedAction)!;
+  const requiresNote = Boolean(selectedMeta?.requiresNote);
+  const isSevere = selectedMeta?.severity === 'severe';
+
+  const statusConfig = STATUS_CONFIG[report.status];
+
+  const submitAction = async () => {
+    if (requiresNote && note.trim().length < 10) {
+      toast.error('Please include at least 10 characters for enforcement context.');
+      return;
+    }
+
+    setIsSubmitting(true);
+    try {
+      const res = await fetch('/api/admin/reports', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          reportId: report.id,
+          action: selectedAction,
+          note: note.trim() || undefined,
+        }),
+      });
+
+      if (!res.ok) {
+        const errorText = await res.text();
+        toast.error(errorText || 'Failed to apply action');
+        return;
+      }
+
+      toast.success('Report action applied');
+      setNote('');
+      router.refresh();
+    } catch {
+      toast.error('Failed to apply action');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const actionGroups: Array<{ label: string; actions: ActionOption[] }> = [
+    {
+      label: 'Informational',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'info'),
+    },
+    {
+      label: 'Moderation',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'moderate'),
+    },
+    {
+      label: 'Severe',
+      actions: ACTION_OPTIONS.filter((a) => a.severity === 'severe'),
+    },
+  ];
+
+  return (
+    <div className="container max-w-5xl mx-auto py-8 px-4">
+      <div className="flex items-start justify-between gap-4 mb-8">
+        <div className="space-y-1">
+          <div className="flex items-center gap-3">
+            <h1 className="text-2xl font-bold tracking-tight">Report Case</h1>
+            <Badge
+              variant={statusConfig.variant}
+              className="flex items-center gap-1.5 text-xs px-2 py-0.5"
+            >
+              {statusConfig.icon}
+              {statusConfig.label}
+            </Badge>
+          </div>
+          <p className="text-xs text-muted-foreground font-mono">{report.id}</p>
+        </div>
+        <Button
+          variant="ghost"
+          size="sm"
+          onClick={() => router.push(`/admin?tab=reports&reportId=${report.id}`)}
+          className="shrink-0 gap-1.5"
+        >
+          <ArrowLeft className="h-4 w-4" />
+          Back to reports
+        </Button>
+      </div>
+
+      <div className="grid grid-cols-1 md:grid-cols-5 gap-6">
+        <div className="md:col-span-3 space-y-5">
+          {report.reportedMessage ? (
+            <div className="rounded-lg border border-border bg-muted/20 overflow-hidden">
+              <div className="px-4 py-3 border-b border-border bg-muted/30 flex items-center gap-2">
+                <MessageSquare className="h-3.5 w-3.5 text-muted-foreground" />
+                <span className="text-xs font-semibold uppercase tracking-wider text-muted-foreground">
+                  Reported message
+                </span>
+              </div>
+              <div className="px-4 py-4">
+                <p className="text-sm leading-relaxed break-words">{report.reportedMessage}</p>
+              </div>
+            </div>
+          ) : (
+            <div className="rounded-lg border border-dashed border-border px-4 py-5 flex items-center gap-3 text-muted-foreground">
+              <Info className="h-4 w-4 shrink-0" />
+              <span className="text-sm">No message content was captured with this report.</span>
+            </div>
+          )}
+
+          <div className="rounded-lg border border-border overflow-hidden">
+            <div className="px-4 py-3 border-b border-border bg-muted/20">
+              <SectionLabel icon={<User className="h-3.5 w-3.5" />}>Parties</SectionLabel>
+            </div>
+            <div className="px-4 py-4 grid grid-cols-2 gap-x-6 gap-y-4">
+              <InfoRow label="Reporter">
+                <span className="font-medium">{report.reporter}</span>
+              </InfoRow>
+              <InfoRow label="Target">
+                <div className="flex flex-wrap items-center gap-1.5">
+                  <span className="font-medium">{report.target}</span>
+                  {report.targetIsAdmin && (
+                    <Badge
+                      variant="outline"
+                      className="text-[10px] py-0 px-1.5 text-amber-500 border-amber-500/40"
+                    >
+                      Admin
+                    </Badge>
+                  )}
+                  {report.targetIsPlatformBanned && (
+                    <Badge
+                      variant="outline"
+                      className="text-[10px] py-0 px-1.5 text-destructive border-destructive/40"
+                    >
+                      Platform banned
+                    </Badge>
+                  )}
+                </div>
+              </InfoRow>
+              <InfoRow label="Channel">
+                <span className="font-mono text-xs bg-muted px-1.5 py-0.5 rounded">
+                  {report.channelName}
+                </span>
+              </InfoRow>
+              <InfoRow label="Reason">
+                <span>{report.reason}</span>
+              </InfoRow>
+            </div>
+          </div>
+
+          <div className="rounded-lg border border-border overflow-hidden">
+            <div className="px-4 py-3 border-b border-border bg-muted/20">
+              <SectionLabel icon={<Clock className="h-3.5 w-3.5" />}>Timeline</SectionLabel>
+            </div>
+            <div className="px-4 py-4 space-y-4">
+              <InfoRow label="Filed">
+                <span>
+                  {format(new Date(report.createdAt), 'PPP p')}{' '}
+                  <span className="text-muted-foreground text-xs">
+                    ({formatDistanceToNow(new Date(report.createdAt), { addSuffix: true })})
+                  </span>
+                </span>
+              </InfoRow>
+              {report.handledAt ? (
+                <InfoRow label="Last handled">
+                  <span>
+                    {format(new Date(report.handledAt), 'PPP p')}{' '}
+                    <span className="text-muted-foreground text-xs">
+                      ({formatDistanceToNow(new Date(report.handledAt), { addSuffix: true })})
+                    </span>
+                  </span>
+                </InfoRow>
+              ) : null}
+              <InfoRow label="Last action">
+                {report.lastAction ? (
+                  <span className="font-medium">{ACTION_LABELS[report.lastAction]}</span>
+                ) : (
+                  <span className="text-muted-foreground">None</span>
+                )}
+              </InfoRow>
+              <InfoRow label="Handled by">
+                {report.handledBy ? (
+                  <span className="font-medium">{report.handledBy}</span>
+                ) : (
+                  <span className="text-muted-foreground">—</span>
+                )}
+              </InfoRow>
+              {report.handlingNote ? (
+                <div className="pt-1">
+                  <span className="text-[11px] font-medium uppercase tracking-wider text-muted-foreground block mb-1.5">
+                    Last note
+                  </span>
+                  <p className="text-sm bg-muted/40 rounded-md px-3 py-2.5 leading-relaxed border border-border">
+                    {report.handlingNote}
+                  </p>
+                </div>
+              ) : null}
+            </div>
+          </div>
+
+          {report.targetIsAdmin && (
+            <div className="flex items-start gap-3 rounded-lg border border-amber-500/30 bg-amber-500/5 px-4 py-3">
+              <AlertTriangle className="h-4 w-4 text-amber-500 shrink-0 mt-0.5" />
+              <div className="text-sm text-amber-700 dark:text-amber-400 leading-snug">
+                <span className="font-semibold">Caution:</span> The reported user is a platform
+                admin. Enforcement actions will still apply.
+              </div>
+            </div>
+          )}
+        </div>
+
+        <div className="md:col-span-2">
+          <div className="rounded-lg border border-border overflow-hidden sticky top-6">
+            <div className="px-4 py-3 border-b border-border bg-muted/20 flex items-center gap-2">
+              <Gavel className="h-3.5 w-3.5 text-muted-foreground" />
+              <span className="text-xs font-semibold uppercase tracking-wider text-muted-foreground">
+                Enforcement
+              </span>
+            </div>
+
+            <div className="px-4 py-4 space-y-5">
+              {/* Action selector */}
+              <div className="space-y-3">
+                {actionGroups.map((group) => (
+                  <div key={group.label}>
+                    <p className="text-[10px] font-semibold uppercase tracking-widest text-muted-foreground mb-2">
+                      {group.label}
+                    </p>
+                    <div className="space-y-1.5">
+                      {group.actions.map((action) => {
+                        const isSelected = selectedAction === action.value;
+                        const styles = SEVERITY_STYLES[action.severity];
+                        return (
+                          <button
+                            key={action.value}
+                            type="button"
+                            onClick={() => setSelectedAction(action.value)}
+                            className={cn(
+                              'w-full flex items-start gap-3 rounded-md border px-3 py-2.5 text-left transition-all cursor-pointer',
+                              isSelected ? `${styles.selected} ring-1 ${styles.ring}` : styles.card
+                            )}
+                          >
+                            <span
+                              className={cn(
+                                'mt-0.5 shrink-0',
+                                isSelected ? styles.icon : 'text-muted-foreground'
+                              )}
+                            >
+                              {action.icon}
+                            </span>
+                            <div className="min-w-0">
+                              <p
+                                className={cn(
+                                  'text-sm font-medium leading-tight',
+                                  isSelected && action.severity === 'severe' && 'text-destructive',
+                                  isSelected &&
+                                    action.severity === 'moderate' &&
+                                    'text-amber-600 dark:text-amber-400'
+                                )}
+                              >
+                                {action.label}
+                              </p>
+                              <p className="text-[11px] text-muted-foreground mt-0.5 leading-snug">
+                                {action.description}
+                              </p>
+                            </div>
+                          </button>
+                        );
+                      })}
+                    </div>
+                  </div>
+                ))}
+              </div>
+
+              <Separator />
+
+              <div className="space-y-2">
+                <Label htmlFor="note" className="text-xs">
+                  Moderator note
+                  {requiresNote ? (
+                    <span className="text-destructive ml-1">*</span>
+                  ) : (
+                    <span className="text-muted-foreground ml-1">(optional)</span>
+                  )}
+                </Label>
+                <Textarea
+                  id="note"
+                  value={note}
+                  onChange={(e) => setNote(e.target.value)}
+                  placeholder="Explain why this action is being taken."
+                  rows={3}
+                  className="text-sm resize-none"
+                />
+                {requiresNote && (
+                  <p className="text-[11px] text-muted-foreground">Min. 10 characters required.</p>
+                )}
+              </div>
+
+              {isSevere && (
+                <div className="flex items-start gap-2.5 rounded-md border border-destructive/30 bg-destructive/5 px-3 py-2.5">
+                  <ShieldAlert className="h-4 w-4 text-destructive shrink-0 mt-0.5" />
+                  <p className="text-[12px] text-destructive leading-snug">
+                    This is a severe action may often not be easily undone. Double-check before
+                    applying.
+                  </p>
+                </div>
+              )}
+
+              <Button
+                onClick={submitAction}
+                disabled={isSubmitting}
+                variant={isSevere ? 'destructive' : 'default'}
+                className="w-full gap-2"
+                size="sm"
+              >
+                <Gavel className="h-3.5 w-3.5" />
+                {isSubmitting ? 'Applying…' : 'Apply action'}
+              </Button>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+// ─── Types ───────────────────────────────────────────────────────────────────
+
+interface ReportCasePageClientProps {
+  report: ChatReportCase;
+}
+
+interface ChatReportCase {
+  id: string;
+  status: 'OPEN' | 'REVIEWED' | 'DISMISSED';
+  reason: string;
+  reportedMessage: string | null;
+  reportedMessageId: string | null;
+  targetUsername: string | null;
+  channelName: string;
+  createdAt: string;
+  handledAt: string | null;
+  handlingNote: string | null;
+  lastAction:
+    | 'REVIEW'
+    | 'DISMISS'
+    | 'DELETE_REPORTED_MESSAGE'
+    | 'TIMEOUT_10M'
+    | 'TIMEOUT_1H'
+    | 'BAN_CHAT'
+    | 'LIFT_CHAT_BAN'
+    | 'BAN_PLATFORM'
+    | 'UNBAN_PLATFORM'
+    | null;
+  reporter: string;
+  target: string;
+  targetUserId: string | null;
+  targetIsAdmin: boolean;
+  targetIsPlatformBanned: boolean;
+  handledBy: string | null;
+}

apps/web/src/app/(ui)/(protected)/admin/reports/[reportId]/page.tsx

@@ -0,0 +1,96 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { notFound, redirect } from 'next/navigation';
+import ReportCasePageClient from './page.client';
+
+export default async function ReportCasePage({ params }: ReportCasePageProps) {
+  const { reportId } = await params;
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  if (!user.isAdmin) {
+    redirect('/');
+  }
+
+  const report = await prisma.chatUserReport.findUnique({
+    where: {
+      id: reportId,
+    },
+    include: {
+      channel: {
+        select: {
+          name: true,
+        },
+      },
+      reporter: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      targetUser: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+          ban: true,
+        },
+      },
+      handledBy: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  if (!report) {
+    notFound();
+  }
+
+  return (
+    <ReportCasePageClient
+      report={{
+        id: report.id,
+        status: report.status,
+        reason: report.reason,
+        reportedMessage: report.reportedMessage,
+        reportedMessageId: report.reportedMessageId,
+        targetUsername: report.targetUsername,
+        channelName: report.channel.name,
+        createdAt: report.createdAt.toISOString(),
+        handledAt: report.handledAt?.toISOString() ?? null,
+        handlingNote: report.handlingNote,
+        lastAction: report.lastAction,
+        reporter: report.reporter.personalChannel?.name ?? report.reporter.slack_id,
+        target:
+          report.targetUser?.personalChannel?.name ??
+          report.targetUsername ??
+          report.targetUserId ??
+          'unknown',
+        targetUserId: report.targetUserId,
+        targetIsAdmin: Boolean(report.targetUser?.isAdmin),
+        targetIsPlatformBanned: Boolean(report.targetUser?.ban),
+        handledBy: report.handledBy?.personalChannel?.name ?? report.handledBy?.slack_id ?? null,
+      }}
+    />
+  );
+}
+
+interface ReportCasePageProps {
+  params: Promise<{
+    reportId: string;
+  }>;
+}

apps/web/src/app/(ui)/(protected)/api/admin/audit/route.ts

@@ -0,0 +1,178 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const take = Math.min(Math.max(Number(searchParams.get('take') ?? 100), 10), 250);
+
+  const [adminLogs, chatLogs] = await Promise.all([
+    prisma.adminAuditLog.findMany({
+      orderBy: { createdAt: 'desc' },
+      take,
+      include: {
+        actor: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+      },
+    }),
+    prisma.chatModerationEvent.findMany({
+      orderBy: { createdAt: 'desc' },
+      take,
+      include: {
+        channel: {
+          select: {
+            id: true,
+            name: true,
+          },
+        },
+        moderator: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+        targetUser: {
+          select: {
+            id: true,
+            isAdmin: true,
+            slack_id: true,
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        },
+      },
+    }),
+  ]);
+
+  const targetUserIds = [
+    ...new Set(adminLogs.map((log) => log.targetUserId).filter(Boolean)),
+  ] as string[];
+  const targetUsers =
+    targetUserIds.length > 0
+      ? await prisma.user.findMany({
+          where: {
+            id: {
+              in: targetUserIds,
+            },
+          },
+          include: {
+            personalChannel: {
+              select: {
+                name: true,
+              },
+            },
+          },
+        })
+      : [];
+  const targetUserMap = new Map(
+    targetUsers.map((targetUser) => [
+      targetUser.id,
+      targetUser.personalChannel?.name ?? targetUser.slack_id,
+    ])
+  );
+  const targetUserAdminMap = new Map(
+    targetUsers.map((targetUser) => [targetUser.id, targetUser.isAdmin])
+  );
+
+  const actorIds = [
+    ...new Set([
+      ...adminLogs.map((log) => log.actorId),
+      ...chatLogs.map((log) => log.moderatorId),
+      ...chatLogs.map((log) => log.targetUserId).filter(Boolean),
+      ...targetUserIds,
+    ]),
+  ] as string[];
+
+  const modRoleUsers =
+    actorIds.length > 0
+      ? await prisma.user.findMany({
+          where: {
+            id: { in: actorIds },
+            OR: [
+              { ownedChannels: { some: {} } },
+              { managedChannels: { some: {} } },
+              { chatModeratedChannels: { some: {} } },
+            ],
+          },
+          select: {
+            id: true,
+          },
+        })
+      : [];
+  const channelModSet = new Set(modRoleUsers.map((user) => user.id));
+
+  const normalizedAdminLogs = adminLogs.map((log) => ({
+    id: log.id,
+    source: 'platform' as const,
+    action: log.action,
+    createdAt: log.createdAt,
+    actor: log.actor.personalChannel?.name ?? log.actor.slack_id,
+    target:
+      log.targetChannel ??
+      (log.targetUserId ? (targetUserMap.get(log.targetUserId) ?? log.targetUserId) : null),
+    reason: log.reason,
+    details: log.details,
+    actorMeta: {
+      isPlatformAdmin: log.actor.isAdmin,
+      isChannelModerator: channelModSet.has(log.actorId),
+    },
+    targetMeta: log.targetUserId
+      ? {
+          isPlatformAdmin: Boolean(targetUserAdminMap.get(log.targetUserId)),
+          isChannelModerator: channelModSet.has(log.targetUserId),
+        }
+      : null,
+  }));
+
+  const normalizedChatLogs = chatLogs.map((log) => ({
+    id: log.id,
+    source: 'chat' as const,
+    action: log.action,
+    createdAt: log.createdAt,
+    actor: log.moderator.personalChannel?.name ?? log.moderator.slack_id,
+    target: log.targetUser?.personalChannel?.name ?? log.channel.name,
+    reason: log.reason,
+    details: log.details,
+    channelName: log.channel.name,
+    actorMeta: {
+      isPlatformAdmin: log.moderator.isAdmin,
+      isChannelModerator: true,
+    },
+    targetMeta: log.targetUser
+      ? {
+          isPlatformAdmin: log.targetUser.isAdmin,
+          isChannelModerator: channelModSet.has(log.targetUser.id),
+        }
+      : null,
+  }));
+
+  const logs = [...normalizedAdminLogs, ...normalizedChatLogs]
+    .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime())
+    .slice(0, take);
+
+  return Response.json(logs);
+}

apps/web/src/app/(ui)/(protected)/api/admin/channels/route.ts

@@ -0,0 +1,142 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { AdminAuditAction, prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const search = searchParams.get('search') || '';
+
+  const channels = await prisma.channel.findMany({
+    where: search
+      ? {
+          OR: [
+            { name: { contains: search, mode: 'insensitive' } },
+            { description: { contains: search, mode: 'insensitive' } },
+          ],
+        }
+      : undefined,
+    include: {
+      restriction: true,
+      owner: {
+        select: {
+          id: true,
+          slack_id: true,
+          pfpUrl: true,
+          personalChannel: { select: { name: true } },
+        },
+      },
+      personalFor: {
+        select: {
+          id: true,
+        },
+      },
+    },
+    take: 50,
+  });
+  return Response.json(channels);
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    channelId: string;
+    action: 'restrict' | 'unrestrict';
+    reason?: string;
+    expiresAt?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const { channelId, action, reason, expiresAt } = body;
+
+  if (!channelId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  let expiresAtDate: Date | null = null;
+  if (expiresAt !== undefined && expiresAt !== null && expiresAt !== '') {
+    expiresAtDate = new Date(expiresAt);
+    if (isNaN(expiresAtDate.getTime())) {
+      return new Response('Invalid expiresAt date', { status: 400 });
+    }
+    if (expiresAtDate <= new Date()) {
+      return new Response('expiresAt must be a future date', { status: 400 });
+    }
+  }
+
+  const channel = await prisma.channel.findUnique({ where: { id: channelId } });
+  if (!channel) {
+    return new Response('Channel not found', { status: 404 });
+  }
+
+  if (action === 'restrict') {
+    if (!reason) {
+      return new Response('Reason is required for restricting', { status: 400 });
+    }
+
+    await prisma.channelRestriction.upsert({
+      where: { channelId },
+      update: {
+        reason,
+        restrictedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+      create: {
+        channelId,
+        reason,
+        restrictedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.CHANNEL_RESTRICTED,
+        actorId: user.id,
+        targetChannel: channel.name,
+        reason,
+        details: {
+          channelId,
+          expiresAt: expiresAtDate?.toISOString() ?? null,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'Channel restricted' });
+  }
+
+  if (action === 'unrestrict') {
+    const deleted = await prisma.channelRestriction.deleteMany({ where: { channelId } });
+    if (deleted.count === 0) {
+      return new Response('Channel does not have an active restriction', { status: 400 });
+    }
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.CHANNEL_UNRESTRICTED,
+        actorId: user.id,
+        targetChannel: channel.name,
+        details: {
+          channelId,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'Channel unrestricted' });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/admin/reports/route.ts

@@ -0,0 +1,529 @@
+import { validateRequest } from '@/lib/auth/validate';
+import {
+  AdminAuditAction,
+  ChatModerationAction,
+  ChatReportAction,
+  ChatReportStatus,
+  getRedisConnection,
+  prisma,
+} from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+const redis = getRedisConnection();
+const REPORT_ALREADY_HANDLED_ERROR = 'REPORT_ALREADY_HANDLED';
+const NO_ACTIVE_CHAT_BAN_ERROR = 'NO_ACTIVE_CHAT_BAN';
+const NO_ACTIVE_PLATFORM_BAN_ERROR = 'NO_ACTIVE_PLATFORM_BAN';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const take = Math.min(Math.max(Number(searchParams.get('take') ?? 100), 10), 250);
+  const reportId = searchParams.get('reportId')?.trim();
+
+  const reports = await prisma.chatUserReport.findMany({
+    orderBy: { createdAt: 'desc' },
+    take,
+    include: {
+      channel: {
+        select: {
+          name: true,
+        },
+      },
+      reporter: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      targetUser: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+      handledBy: {
+        include: {
+          personalChannel: {
+            select: {
+              name: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  const normalizedReports = reports.map((report) => ({
+    id: report.id,
+    status: report.status,
+    reason: report.reason,
+    reportedMessage: report.reportedMessage,
+    reportedMessageId: report.reportedMessageId,
+    targetUsername: report.targetUsername,
+    channelName: report.channel.name,
+    createdAt: report.createdAt,
+    handledAt: report.handledAt,
+    handlingNote: report.handlingNote,
+    lastAction: report.lastAction,
+    reporter: report.reporter.personalChannel?.name ?? report.reporter.slack_id,
+    handledBy: report.handledBy?.personalChannel?.name ?? report.handledBy?.slack_id ?? null,
+    target:
+      report.targetUser?.personalChannel?.name ??
+      report.targetUsername ??
+      report.targetUserId ??
+      'unknown',
+  }));
+
+  return Response.json({
+    reports: normalizedReports,
+    reportId,
+  });
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    reportId?: string;
+    action?:
+      | 'review'
+      | 'dismiss'
+      | 'delete_reported_message'
+      | 'timeout_10m'
+      | 'timeout_1h'
+      | 'ban_chat'
+      | 'lift_chat_ban'
+      | 'ban_platform'
+      | 'unban_platform';
+    note?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const reportId = body.reportId?.trim();
+  const action = body.action;
+  const note = body.note?.trim() || null;
+
+  if (!reportId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  const report = await prisma.chatUserReport.findUnique({
+    where: { id: reportId },
+    include: {
+      channel: {
+        select: {
+          id: true,
+          name: true,
+        },
+      },
+      targetUser: {
+        select: {
+          id: true,
+          isAdmin: true,
+        },
+      },
+    },
+  });
+
+  if (!report) {
+    return new Response('Report not found', { status: 404 });
+  }
+
+  const targetUserId = report.targetUserId ?? report.targetUser?.id ?? null;
+  const isTargetAdmin = Boolean(report.targetUser?.isAdmin);
+
+  if (
+    (action === 'ban_platform' ||
+      action === 'ban_chat' ||
+      action === 'timeout_10m' ||
+      action === 'timeout_1h') &&
+    isTargetAdmin
+  ) {
+    return new Response('Cannot enforce this action on an admin user', { status: 400 });
+  }
+
+  const reportPatchBase = {
+    handledById: user.id,
+    handledAt: new Date(),
+    handlingNote: note,
+  };
+
+  if (action === 'review') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction: ChatReportAction.REVIEW,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_REVIEWED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'dismiss') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.DISMISSED,
+            lastAction: ChatReportAction.DISMISS,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_DISMISSED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'delete_reported_message') {
+    if (!report.reportedMessageId) {
+      return new Response('No reported message id available for this report', { status: 400 });
+    }
+
+    const channelKey = `chat:history:${report.channel.name}`;
+    const history = await redis.zrange(channelKey, 0, -1);
+    let deleted = false;
+
+    for (const entry of history) {
+      try {
+        const parsed = JSON.parse(entry) as { msgId?: string };
+        if (parsed.msgId === report.reportedMessageId) {
+          await redis.zrem(channelKey, entry);
+          deleted = true;
+          break;
+        }
+      } catch {
+        continue;
+      }
+    }
+
+    if (!deleted) {
+      return new Response('Reported message was not found in chat history', { status: 404 });
+    }
+
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction: ChatReportAction.DELETE_REPORTED_MESSAGE,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        await tx.chatModerationEvent.create({
+          data: {
+            action: ChatModerationAction.MESSAGE_DELETED,
+            channelId: report.channel.id,
+            moderatorId: user.id,
+            targetUserId,
+            reason: note ?? 'Message deleted from report review',
+            details: {
+              reportId,
+              msgId: report.reportedMessageId,
+            } as any,
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement: 'DELETE_REPORTED_MESSAGE',
+              msgId: report.reportedMessageId,
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (!targetUserId) {
+    return new Response('Report target is unavailable', { status: 400 });
+  }
+
+  if (
+    action === 'timeout_10m' ||
+    action === 'timeout_1h' ||
+    action === 'ban_chat' ||
+    action === 'lift_chat_ban'
+  ) {
+    const timeoutSeconds = action === 'timeout_10m' ? 600 : action === 'timeout_1h' ? 3600 : null;
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction:
+              action === 'timeout_10m'
+                ? ChatReportAction.TIMEOUT_10M
+                : action === 'timeout_1h'
+                  ? ChatReportAction.TIMEOUT_1H
+                  : action === 'ban_chat'
+                    ? ChatReportAction.BAN_CHAT
+                    : ChatReportAction.LIFT_CHAT_BAN,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        if (action === 'lift_chat_ban') {
+          const deleted = await tx.chatUserBan.deleteMany({
+            where: {
+              channelId: report.channel.id,
+              userId: targetUserId,
+            },
+          });
+          if (deleted.count === 0) {
+            throw new Error(NO_ACTIVE_CHAT_BAN_ERROR);
+          }
+        } else {
+          await tx.chatUserBan.upsert({
+            where: {
+              channelId_userId: {
+                channelId: report.channel.id,
+                userId: targetUserId,
+              },
+            },
+            create: {
+              channelId: report.channel.id,
+              userId: targetUserId,
+              bannedById: user.id,
+              reason: note ?? report.reason,
+              expiresAt: timeoutSeconds ? new Date(Date.now() + timeoutSeconds * 1000) : null,
+            },
+            update: {
+              bannedById: user.id,
+              reason: note ?? report.reason,
+              expiresAt: timeoutSeconds ? new Date(Date.now() + timeoutSeconds * 1000) : null,
+            },
+          });
+        }
+
+        await tx.chatModerationEvent.create({
+          data: {
+            action:
+              action === 'lift_chat_ban'
+                ? ChatModerationAction.USER_UNBANNED
+                : action === 'ban_chat'
+                  ? ChatModerationAction.USER_BANNED
+                  : ChatModerationAction.USER_TIMEOUT,
+            channelId: report.channel.id,
+            moderatorId: user.id,
+            targetUserId,
+            reason: note ?? report.reason,
+            details:
+              timeoutSeconds === null
+                ? ({ reportId } as any)
+                : ({ reportId, durationSeconds: timeoutSeconds } as any),
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement:
+                action === 'timeout_10m'
+                  ? 'TIMEOUT_10M'
+                  : action === 'timeout_1h'
+                    ? 'TIMEOUT_1H'
+                    : action === 'ban_chat'
+                      ? 'BAN_CHAT'
+                      : 'LIFT_CHAT_BAN',
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      if (error instanceof Error && error.message === NO_ACTIVE_CHAT_BAN_ERROR) {
+        return new Response('User does not have an active chat ban for this channel', {
+          status: 400,
+        });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  if (action === 'ban_platform' || action === 'unban_platform') {
+    try {
+      await prisma.$transaction(async (tx) => {
+        const claimed = await tx.chatUserReport.updateMany({
+          where: { id: reportId, status: ChatReportStatus.OPEN },
+          data: {
+            ...reportPatchBase,
+            status: ChatReportStatus.REVIEWED,
+            lastAction:
+              action === 'ban_platform'
+                ? ChatReportAction.BAN_PLATFORM
+                : ChatReportAction.UNBAN_PLATFORM,
+          },
+        });
+        if (claimed.count === 0) {
+          throw new Error(REPORT_ALREADY_HANDLED_ERROR);
+        }
+
+        if (action === 'ban_platform') {
+          await tx.userBan.upsert({
+            where: { userId: targetUserId },
+            update: {
+              reason: note ?? report.reason,
+              bannedBy: user.id,
+              expiresAt: null,
+            },
+            create: {
+              userId: targetUserId,
+              reason: note ?? report.reason,
+              bannedBy: user.id,
+              expiresAt: null,
+            },
+          });
+        } else {
+          const deleted = await tx.userBan.deleteMany({ where: { userId: targetUserId } });
+          if (deleted.count === 0) {
+            throw new Error(NO_ACTIVE_PLATFORM_BAN_ERROR);
+          }
+        }
+
+        await tx.adminAuditLog.create({
+          data: {
+            action:
+              action === 'ban_platform'
+                ? AdminAuditAction.USER_BANNED
+                : AdminAuditAction.USER_UNBANNED,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              source: 'CHAT_REPORT',
+            } as any,
+          },
+        });
+
+        await tx.adminAuditLog.create({
+          data: {
+            action: AdminAuditAction.REPORT_ENFORCEMENT,
+            actorId: user.id,
+            targetUserId,
+            targetChannel: report.channel.name,
+            reason: note,
+            details: {
+              reportId,
+              enforcement: action === 'ban_platform' ? 'BAN_PLATFORM' : 'UNBAN_PLATFORM',
+            } as any,
+          },
+        });
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message === REPORT_ALREADY_HANDLED_ERROR) {
+        return new Response('Report has already been handled', { status: 409 });
+      }
+      if (error instanceof Error && error.message === NO_ACTIVE_PLATFORM_BAN_ERROR) {
+        return new Response('User does not have an active platform ban', { status: 400 });
+      }
+      throw error;
+    }
+
+    return Response.json({ success: true });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/admin/users/route.ts

@@ -0,0 +1,178 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { AdminAuditAction, prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  const searchParams = request.nextUrl.searchParams;
+  const search = searchParams.get('search') || '';
+
+  const users = await prisma.user.findMany({
+    where: search
+      ? {
+          OR: [
+            { slack_id: { contains: search, mode: 'insensitive' } },
+            { email: { contains: search, mode: 'insensitive' } },
+            { personalChannel: { name: { contains: search, mode: 'insensitive' } } },
+          ],
+          hasOnboarded: true,
+        }
+      : undefined,
+    include: {
+      ban: true,
+      personalChannel: { select: { name: true } },
+    },
+    take: 50,
+  });
+  return Response.json(users);
+}
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user?.isAdmin) {
+    return new Response('Forbidden', { status: 403 });
+  }
+
+  let body: {
+    userId: string;
+    action: 'ban' | 'unban' | 'promote' | 'demote';
+    reason?: string;
+    expiresAt?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const { userId, action, reason, expiresAt } = body;
+
+  if (!userId || !action) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  let expiresAtDate: Date | null = null;
+  if (expiresAt !== undefined && expiresAt !== null && expiresAt !== '') {
+    expiresAtDate = new Date(expiresAt);
+    if (isNaN(expiresAtDate.getTime())) {
+      return new Response('Invalid expiresAt date', { status: 400 });
+    }
+    if (expiresAtDate <= new Date()) {
+      return new Response('expiresAt must be a future date', { status: 400 });
+    }
+  }
+
+  const targetUser = await prisma.user.findUnique({ where: { id: userId } });
+  if (!targetUser) {
+    return new Response('User not found', { status: 404 });
+  }
+
+  if (action === 'ban') {
+    if (targetUser.isAdmin) {
+      return new Response('Cannot ban an admin', { status: 400 });
+    }
+
+    if (!reason) {
+      return new Response('Reason is required for banning', { status: 400 });
+    }
+
+    await prisma.userBan.upsert({
+      where: { userId },
+      update: {
+        reason,
+        bannedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+      create: {
+        userId,
+        reason,
+        bannedBy: user.id,
+        expiresAt: expiresAtDate,
+      },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_BANNED,
+        actorId: user.id,
+        targetUserId: userId,
+        reason,
+        details: {
+          expiresAt: expiresAtDate?.toISOString() ?? null,
+        } as any,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User banned' });
+  }
+
+  if (action === 'unban') {
+    const deleted = await prisma.userBan.deleteMany({ where: { userId } });
+    if (deleted.count === 0) {
+      return new Response('User does not have an active platform ban', { status: 400 });
+    }
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_UNBANNED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User unbanned' });
+  }
+
+  if (action === 'promote') {
+    if (targetUser.isAdmin) {
+      return new Response('User is already an admin', { status: 400 });
+    }
+
+    await prisma.user.update({
+      where: { id: userId },
+      data: { isAdmin: true },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_PROMOTED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User promoted to admin' });
+  }
+
+  if (action === 'demote') {
+    if (!targetUser.isAdmin) {
+      return new Response('User is not an admin', { status: 400 });
+    }
+
+    if (targetUser.id === user.id) {
+      return new Response('Cannot demote yourself', { status: 400 });
+    }
+
+    await prisma.user.update({
+      where: { id: userId },
+      data: { isAdmin: false },
+    });
+
+    await prisma.adminAuditLog.create({
+      data: {
+        action: AdminAuditAction.USER_DEMOTED,
+        actorId: user.id,
+        targetUserId: userId,
+      },
+    });
+
+    return Response.json({ success: true, message: 'User demoted from admin' });
+  }
+
+  return new Response('Invalid action', { status: 400 });
+}

apps/web/src/app/(ui)/(protected)/api/commit/route.ts

@@ -0,0 +1,6 @@
+export function GET() {
+  return Response.json({
+    version: process.env.version,
+    commit: process.env.commit,
+  });
+}

apps/web/src/app/(ui)/(protected)/api/mediamtx/publish/route.ts

@@ -0,0 +1,86 @@
+import { prisma, getRedisConnection } from '@hctv/db';
+import { NextRequest } from 'next/server';
+import { z } from 'zod';
+
+export async function POST(request: NextRequest) {
+  const redis = getRedisConnection();
+  const body = await request.json();
+
+  if (process.env.NODE_ENV !== 'production') {
+    console.log(
+      'Mediamtx publish auth request:',
+      JSON.stringify(body, null, 2)
+    );
+  };
+  const parsed = schema.safeParse(body);
+
+  if (!parsed.success) {
+    return new Response('invalid request', { status: 400 });
+  }
+  const { action, protocol, path, password } = parsed.data;
+  if (action === 'publish' && protocol === 'srt') {
+    const channelKey = await redis.get(`streamKey:${path}`);
+
+    if (channelKey) {
+      if (channelKey !== password) {
+        return new Response('invalid stream key', { status: 403 });
+      }
+
+      const channel = await prisma.channel.findUnique({
+        where: { name: path },
+        include: {
+          restriction: true,
+          owner: {
+            include: { ban: true },
+          },
+          streamInfo: true,
+        },
+      });
+
+      if (channel?.restriction) {
+        const isExpired = channel.restriction.expiresAt &&
+          new Date(channel.restriction.expiresAt) < new Date();
+        if (!isExpired) {
+          return new Response('channel restricted', { status: 403 });
+        }
+      }
+
+      if (channel?.owner?.ban) {
+        const isExpired = channel.owner.ban.expiresAt &&
+          new Date(channel.owner.ban.expiresAt) < new Date();
+        if (!isExpired) {
+          return new Response('user banned', { status: 403 });
+        }
+      }
+
+      if (channel?.streamInfo[0].isLive) {
+        return new Response('stream already live', { status: 403 });
+      }
+
+      return new Response('youre in yay', { status: 200 });
+    }
+  } else if (action === 'read' && protocol === 'hls') {
+    if (password === process.env.MEDIAMTX_PUBLISH_KEY) {
+      return new Response('authorized (hls read key for thumbs)', { status: 200 });
+    }
+    const sessionExists = await redis.exists(`sessions:${password}`);
+    if (!sessionExists) {
+      return new Response('unauthorized', { status: 401 });
+    }
+    return new Response('authorized', { status: 200 });
+  }
+
+  return new Response('uhh', { status: 401 });
+}
+
+const schema = z.object({
+  user: z.string(),
+  password: z.string(),
+  token: z.string(),
+  ip: z.string(),
+  action: z.enum(['publish', 'read', 'playback', 'api', 'metrics', 'pprof']),
+  path: z.string(),
+  protocol: z.enum(['rtsp', 'rtmp', 'hls', 'webrtc', 'srt']),
+  id: z.string().nullable(),
+  query: z.string(),
+});

apps/web/src/app/(ui)/(protected)/api/rtmp/publish/route.ts

@@ -0,0 +1,57 @@
+import { prisma } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+export async function POST(request: NextRequest) {
+  const formData = await request.formData();
+  const streamKey = formData.get('name');
+  if (typeof streamKey !== 'string') {
+    return new Response('bad request', {
+      status: 400,
+    });
+  }
+
+  const key = await prisma.streamKey.findFirst({
+    where: {
+      key: streamKey,
+    },
+    include: {
+      channel: {
+        include: {
+          restriction: true,
+          owner: {
+            include: { ban: true },
+          },
+        },
+      },
+    },
+  });
+
+  if (!key) {
+    return new Response('nay', {
+      status: 403,
+    });
+  }
+
+  if (key.channel.restriction) {
+    const isExpired = key.channel.restriction.expiresAt &&
+      new Date(key.channel.restriction.expiresAt) < new Date();
+    if (!isExpired) {
+      return new Response('channel restricted', { status: 403 });
+    }
+  }
+
+  if (key.channel.owner?.ban) {
+    const isExpired = key.channel.owner.ban.expiresAt &&
+      new Date(key.channel.owner.ban.expiresAt) < new Date();
+    if (!isExpired) {
+      return new Response('user banned', { status: 403 });
+    }
+  }
+
+  return new Response('', {
+    status: 302,
+    headers: {
+      'Location': key.channel.name,
+    },
+  });
+}

apps/web/src/app/(ui)/(protected)/api/rtmp/streamKey/route.ts

@@ -1,6 +1,7 @@
 import { validateRequest } from '@/lib/auth/validate';
 import { prisma } from '@hctv/db';
 import { NextRequest } from "next/server";
+import { regenerateStreamKey } from '@/lib/db/streamKey';
 
 export async function POST(request: NextRequest) {
   const { user } = await validateRequest();
@@ -11,6 +12,10 @@ export async function POST(request: NextRequest) {
     return new Response('Unauthorized', { status: 401 });
   }
 
+  if (!channel || typeof channel !== 'string') {
+    return new Response('Bad Request', { status: 400 });
+  }
+
   const channelInfo = await prisma.channel.findUnique({
     where: { name: channel },
     include: {
@@ -30,20 +35,9 @@ export async function POST(request: NextRequest) {
     return new Response('Unauthorized', { status: 401 });
   }
 
-  const dbUpdate = await prisma.streamKey.upsert({
-    create: {
-      key: crypto.randomUUID(),
-      channelId: channelInfo.id
-    },
-    update: {
-      key: crypto.randomUUID()
-    },
-    where: {
-      channelId: channelInfo.id
-    }
-  })
+  const streamKey = await regenerateStreamKey(channelInfo.id, channel);
 
-  return new Response(JSON.stringify({ key: dbUpdate.key }), {
+  return new Response(JSON.stringify({ key: streamKey.key }), {
     status: 200,
     headers: {
       'Content-Type': 'application/json'

apps/web/src/app/(ui)/(protected)/api/settings/bot/[slug]/apiKey/route.ts

@@ -0,0 +1,124 @@
+import { validateRequest } from "@/lib/auth/validate";
+import { prisma } from "@hctv/db";
+import { NextRequest } from "next/server";
+import { z } from "zod";
+
+type Params = Promise<{ slug: string }>;
+
+export async function POST(request: NextRequest, segmentData: { params: Params }) {
+  const { slug } = await segmentData.params;
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response(JSON.stringify({ success: false, error: 'Unauthorized' }), { status: 401 });
+  }
+
+  const bodySchema = z.object({
+    action: z.enum(['revoke', 'regenerate', 'create']),
+    name: z.string().min(3, 'Name must be at least 3 characters long').max(50, 'Name must be at most 50 characters long'),
+  });
+  const body = await request.json();
+  const parsedBody = bodySchema.safeParse(body);
+  if (!parsedBody.success) {
+    return new Response(JSON.stringify({ success: false, error: parsedBody.error.errors.map(e => e.message).join(', ') }), { status: 400 });
+  }
+
+  const { action, name } = parsedBody.data;
+
+  if (action === 'create') {
+    const exists = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (exists) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key with this name already exists' }), { status: 400 });
+    }
+    const newKey = await prisma.botApiKey.create({
+      data: {
+        name,
+        botAccount: {
+          connect: {
+            ownerId: user.id,
+            slug,
+          }
+        },
+        key: generateApiKey(),
+      }
+    });
+    return new Response(JSON.stringify({ success: true, apiKey: newKey.key, id: newKey.id }));
+  }
+  if (action === 'regenerate') {
+    const existingKey = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (!existingKey) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key not found' }), { status: 404 });
+    }
+    const newKey = generateApiKey();
+    await prisma.botApiKey.update({
+      where: { id: existingKey.id },
+      data: { key: newKey },
+    });
+    return new Response(JSON.stringify({ success: true, apiKey: newKey, id: existingKey.id }));
+  }
+  if (action === 'revoke') {
+    const existingKey = await prisma.botApiKey.findFirst({
+      where: {
+        name,
+        botAccount: {
+          ownerId: user.id,
+          slug,
+        }
+      }
+    });
+    if (!existingKey) {
+      return new Response(JSON.stringify({ success: false, error: 'API Key not found' }), { status: 404 });
+    }
+    await prisma.botApiKey.delete({
+      where: { id: existingKey.id },
+    });
+    return new Response(JSON.stringify({ success: true }));
+  }
+  return new Response(JSON.stringify({ success: false, error: 'Invalid action' }), { status: 400 });
+}
+
+export async function GET(request: NextRequest, segmentData: { params: Params }) {
+  const { slug } = await segmentData.params;
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response(JSON.stringify({ success: false, error: 'Unauthorized' }), { status: 401 });
+  }
+
+  const apiKeys = await prisma.botApiKey.findMany({
+    where: {
+      botAccount: {
+        ownerId: user.id,
+        slug,
+      }
+    },
+    select: {
+      id: true,
+      name: true,
+      createdAt: true,
+    },
+    orderBy: {
+      createdAt: 'desc',
+    }
+  });
+  return new Response(JSON.stringify({ success: true, apiKeys }));
+}
+
+function generateApiKey() {
+  const uuid = crypto.randomUUID().replace(/-/g, '');
+  return `hctvb_${uuid}`;
+}

apps/web/src/app/(ui)/(protected)/api/stream/chat/report/route.ts

@@ -0,0 +1,107 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma, getRedisConnection } from '@hctv/db';
+import { NextRequest } from 'next/server';
+
+const RATE_LIMIT_WINDOW_SECONDS = 10 * 60;
+const RATE_LIMIT_MAX_REPORTS = 5;
+
+export async function POST(request: NextRequest) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+
+  let body: {
+    channelName?: string;
+    targetUserId?: string;
+    targetUsername?: string;
+    msgId?: string;
+    message?: string;
+    reason?: string;
+  };
+
+  try {
+    body = await request.json();
+  } catch {
+    return new Response('Invalid JSON body', { status: 400 });
+  }
+
+  const channelName = body.channelName?.trim();
+  const targetUserId = body.targetUserId?.trim();
+  const reason = body.reason?.trim();
+
+  if (!channelName || !targetUserId || !reason) {
+    return new Response('Missing required fields', { status: 400 });
+  }
+
+  if (targetUserId === user.id) {
+    return new Response('You cannot report yourself', { status: 400 });
+  }
+
+  if (reason.length < 10 || reason.length > 1000) {
+    return new Response('Reason must be between 10 and 1000 characters', { status: 400 });
+  }
+
+  const redis = getRedisConnection();
+  const rateLimitKey = `report_rl:${user.id}`;
+  const currentCount = await redis.incr(rateLimitKey);
+  if (currentCount === 1) {
+    await redis.expire(rateLimitKey, RATE_LIMIT_WINDOW_SECONDS);
+  }
+  if (currentCount > RATE_LIMIT_MAX_REPORTS) {
+    return new Response('Too many reports submitted. Please wait before submitting more.', {
+      status: 429,
+    });
+  }
+
+  const [channel, targetUser] = await Promise.all([
+    prisma.channel.findUnique({
+      where: { name: channelName },
+      select: { id: true },
+    }),
+    prisma.user.findUnique({
+      where: { id: targetUserId },
+      select: { id: true, personalChannel: { select: { name: true } } },
+    }),
+  ]);
+
+  if (!channel) {
+    return new Response('Channel not found', { status: 404 });
+  }
+
+  if (!targetUser) {
+    return new Response('Target user not found', { status: 404 });
+  }
+
+  const msgId = body.msgId?.trim() || null;
+  const duplicateCheck = await prisma.chatUserReport.findFirst({
+    where: {
+      channelId: channel.id,
+      reporterId: user.id,
+      targetUserId: targetUser.id,
+      reportedMessageId: msgId,
+      status: 'OPEN',
+    },
+    select: { id: true },
+  });
+
+  if (duplicateCheck) {
+    return new Response('You have already submitted an open report for this message.', {
+      status: 409,
+    });
+  }
+
+  await prisma.chatUserReport.create({
+    data: {
+      channelId: channel.id,
+      reporterId: user.id,
+      targetUserId: targetUser.id,
+      targetUsername: body.targetUsername?.trim() || targetUser.personalChannel?.name || null,
+      reportedMessageId: msgId,
+      reportedMessage: body.message?.trim().slice(0, 1000) || null,
+      reason,
+    },
+  });
+
+  return Response.json({ success: true });
+}

apps/web/src/app/(ui)/(protected)/api/stream/follow/route.ts

@@ -103,7 +103,7 @@ export async function POST(request: NextRequest) {
     });
 
     await queue.add(`newFollow:${username}`, {
-      text: `You started following \`${username}\`!\n_Stream notifications are enabled by default. If you want to disable them, you can do so in \`Profile > Notifications\`._`,
+      text: `You started following \`${username}\`!\n_Stream notifications are disabled by default. If you want to enable them, you can do so in \`Profile > Notifications\`._`,
       channel: user.slack_id,
     });
   }

apps/web/src/app/(ui)/(protected)/api/stream/info/route.ts

@@ -0,0 +1,91 @@
+// FIXME: THIS EFFING SUCKS OH MY GOD
+
+import { validateRequest } from '@/lib/auth/validate';
+import { Prisma, prisma } from '@hctv/db';
+import type { NextRequest } from 'next/server';
+
+export async function GET(request: NextRequest) {
+  const searchParams = request.nextUrl.searchParams;
+  const shouldGetOwned = searchParams.get('owned') === 'true';
+  const allPersonalChannels = searchParams.get('personal') === 'true';
+  const isLive = searchParams.get('live') === 'true';
+  const username = searchParams.get('username');
+  const { user } = await validateRequest();
+
+  if ((shouldGetOwned || allPersonalChannels) && !user) {
+    return new Response('No user found in cookies', { status: 401 });
+  }
+
+  const where: Prisma.StreamInfoWhereInput = {};
+  const channelConditions: Prisma.ChannelWhereInput[] = [];
+
+  if (username) {
+    where.username = username;
+  }
+
+  if (shouldGetOwned && user) {
+    channelConditions.push({ ownerId: user.id });
+  }
+
+  if (allPersonalChannels) {
+    channelConditions.push({ 
+      personalFor: { 
+        isNot: null 
+      } 
+    });
+  }
+
+  if (isLive) {
+    where.isLive = true;
+  }
+
+  if (channelConditions.length > 0) {
+    where.channel = channelConditions.length === 1 
+      ? channelConditions[0]
+      : { OR: channelConditions };
+  }
+
+  const db = await prisma.streamInfo.findMany({
+    where,
+    include: {
+      channel: {
+        include: {
+          personalFor: true,
+          restriction: {
+            select: {
+              id: true,
+              expiresAt: true,
+            },
+          },
+        }
+      },
+    },
+  });
+
+  db.forEach((obj) => {
+    if (obj.channel.personalFor) {
+      // @ts-ignore
+      delete obj.channel.personalFor.email;
+    }
+    // @ts-ignore
+    delete obj.channel.obsChatGrantToken;
+
+    if (obj.channel.restriction) {
+      const isExpired = obj.channel.restriction.expiresAt &&
+        new Date(obj.channel.restriction.expiresAt) < new Date();
+      if (isExpired) {
+        // @ts-ignore
+        obj.channel.restriction = null;
+      } else {
+        // @ts-ignore
+        obj.channel.isRestricted = true;
+        // @ts-ignore
+        obj.channel.restrictionExpiresAt = obj.channel.restriction.expiresAt;
+        // @ts-ignore
+        delete obj.channel.restriction;
+      }
+    }
+  });
+
+  return Response.json(db);
+}

apps/web/src/app/(ui)/(protected)/api/stream/thumb/[username]/route.ts

@@ -1,31 +1,29 @@
 import { validateRequest } from '@/lib/auth/validate';
 import fsP from 'fs/promises';
-import fs from 'fs'; 
+import fs from 'fs';
 
-export async function GET(request: Request, { params }: { params: Promise<{ path: string }> }) {
-  const { path } = await params;
+export async function GET(request: Request, { params }: { params: Promise<{ username: string }> }) {
+  const { username } = await params;
   const { user } = await validateRequest();
   if (!user) {
     return new Response("Unauthorized", { status: 401 });
   }
-  if (path.includes('..')) {
+  if (username.includes('..')) {
     return new Response("nuh uh", { status: 403 });
   }
 
-  const basePath = '/dev/shm/hls';
-  const filePath = `${basePath}/${path}`;
-  const exists = fs.existsSync(filePath);
+  const filePath = `/dev/shm/hctv-thumb/${username}.webp`;
 
-  if (!exists) {
+  if (!fs.existsSync(filePath)) {
     return new Response("Not Found", { status: 404 });
   }
 
-  const file = await fsP.readFile(filePath);
-  return new Response(file, {
+  const fileContent = await fsP.readFile(filePath);
+  return new Response(fileContent, {
     headers: {
-      'Content-Type': 'application/octet-stream',
+      'Content-Type': 'image/webp',
       'Access-Control-Allow-Origin': '*',
       'Access-Control-Allow-Methods': 'GET',
     },
   });
-}
+}

apps/web/src/app/(ui)/(protected)/api/uploadthing/route.ts

@@ -0,0 +1,8 @@
+import { createRouteHandler } from "uploadthing/next";
+
+import { ourFileRouter } from "@/lib/services/uploadthing/fileRouter";
+
+// Export routes for Next App Router
+export const { GET, POST } = createRouteHandler({
+  router: ourFileRouter,
+});

apps/web/src/app/(ui)/(protected)/layout.tsx

@@ -0,0 +1,42 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { redirect, RedirectType } from 'next/navigation';
+import { prisma } from '@hctv/db';
+
+export default async function Layout({ children }: { children: React.ReactNode }) {
+  const { user } = await validateRequest();
+  if (!user) {
+    return redirect('/auth/hackclub');
+  }
+  if (!user.hasOnboarded) {
+    return redirect(`/onboarding`, RedirectType.push);
+  }
+
+  const ban = await prisma.userBan.findUnique({
+    where: { userId: user.id },
+  });
+
+  if (ban) {
+    const isExpired = ban.expiresAt && new Date(ban.expiresAt) < new Date();
+    if (!isExpired) {
+      return (
+        <div className="flex flex-col items-center justify-center min-h-screen">
+          <h1 className="text-3xl font-bold text-destructive mb-4">Account Suspended</h1>
+          <p className="text-muted-foreground text-center max-w-md mb-4">
+            Your account has been suspended from hackclub.tv.
+          </p>
+          <div className="bg-muted p-4 rounded-lg max-w-md">
+            <p className="text-sm font-medium">Reason:</p>
+            <p className="text-sm text-muted-foreground">{ban.reason}</p>
+          </div>
+          {ban.expiresAt && (
+            <p className="text-sm text-muted-foreground mt-4">
+              Expires: {new Date(ban.expiresAt).toLocaleDateString()}
+            </p>
+          )}
+        </div>
+      );
+    }
+  }
+
+  return children;
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/apikeys.tsx

@@ -0,0 +1,221 @@
+'use client';
+
+import { Button } from '@/components/ui/button';
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardFooter,
+  CardHeader,
+  CardTitle,
+} from '@/components/ui/card';
+import { Input } from '@/components/ui/input';
+import { Skeleton } from '@/components/ui/skeleton';
+import { fetcher } from '@/lib/services/swr';
+import { useConfirm } from '@omit/react-confirm-dialog';
+import { Plus, RefreshCcw, Trash } from 'lucide-react';
+import { useState } from 'react';
+import { toast } from 'sonner';
+import useSWR from 'swr';
+import useSWRMutation from 'swr/mutation';
+
+export function ApiKeys({ slug }: { slug: string }) {
+  const confirm = useConfirm();
+  const [newApiKeyName, setNewApiKeyName] = useState('');
+  const { data, error, isLoading, mutate } = useSWR<GetResponse>(
+    `/api/settings/bot/${slug}/apiKey`,
+    fetcher
+  );
+  const { trigger } = useSWRMutation(`/api/settings/bot/${slug}/apiKey`, createApiKey);
+
+  const apiKeyCreate = () => {
+    if (newApiKeyName.trim().length < 3) {
+      toast.error('API Key name must be at least 3 characters long');
+      return;
+    }
+    if (newApiKeyName.trim().length > 50) {
+      toast.error('API Key name must be at most 50 characters long');
+      return;
+    }
+    trigger({ action: 'create', name: newApiKeyName }).then(
+      async (res: PostResponse) => {
+        if (res.success) {
+          setNewApiKeyName('');
+          await navigator.clipboard
+            .writeText(res.apiKey || '')
+            .then(() => toast.success('API key copied to clipboard'))
+            .catch(() => {
+              alert('Failed to copy API key to clipboard, here it is: ' + res.apiKey);
+            });
+          await mutate();
+        } else {
+          toast.error(res.error || 'Error creating API key');
+        }
+      }
+    );
+  };
+
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>API Keys</CardTitle>
+        <CardDescription>Manage your API keys</CardDescription>
+      </CardHeader>
+      <CardContent>
+        {isLoading && <ApiKeysSkeleton />}
+        {error && <p>Error loading API keys</p>}
+        {data && !data.success && <p>Error: Could not fetch API keys</p>}
+        {data && (
+          <div className="flex">
+            <Input
+              placeholder="New API Key Name"
+              className="flex-1 mr-2"
+              value={newApiKeyName}
+              onChange={(e) => setNewApiKeyName(e.target.value)}
+              onKeyDown={(e) => {
+                if (e.key === 'Enter') {
+                  apiKeyCreate();
+                }
+              }}
+            />
+            <Button
+              size="icon"
+              onClick={apiKeyCreate}
+            >
+              <Plus />
+            </Button>
+          </div>
+        )}
+        {data && data.success && data.apiKeys.length === 0 && <p>No API keys found</p>}
+        {data && data.success && data.apiKeys.length > 0 && (
+          <ul className="space-y-2 pt-4">
+            {data.apiKeys.map((key) => (
+              <li
+                key={key.id}
+                className="flex items-center justify-between p-3 bg-mantle/50 rounded-md"
+              >
+                <div className="flex-1">
+                  <strong className="text-sm font-medium">{key.name}</strong>
+                </div>
+                <div className="flex items-center space-x-2">
+                  <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={async () => {
+                      const confirmation = await confirm({
+                        title: 'Regenerate API Key',
+                        description:
+                          'Are you sure you want to regenerate this API key? The old key will stop working.',
+                        confirmText: 'Regenerate',
+                        cancelText: 'Cancel',
+                      });
+                      if (!confirmation) return;
+
+                      trigger({ action: 'regenerate', name: key.name }).then(
+                        async (res: PostResponse) => {
+                          if (res.success) {
+                            await navigator.clipboard
+                              .writeText(res.apiKey || '')
+                              .then(() => {
+                                toast.success('API key copied to clipboard');
+                              })
+                              .catch(() => {
+                                alert(
+                                  'Failed to copy API key to clipboard, here it is: ' + res.apiKey
+                                );
+                              });
+                            mutate();
+                          } else {
+                            toast.error(res.error || 'Error regenerating API key');
+                          }
+                        }
+                      );
+                    }}
+                  >
+                    <RefreshCcw className="h-4 w-4" />
+                  </Button>
+                  <Button
+                    variant="destructive"
+                    size="sm"
+                    onClick={async () => {
+                      const confirmation = await confirm({
+                        title: 'Revoke API Key',
+                        description:
+                          'Are you sure you want to revoke this API key? This action cannot be undone.',
+                        confirmText: 'Revoke',
+                        cancelText: 'Cancel',
+                      });
+                      if (!confirmation) return;
+                      trigger({ action: 'revoke', name: key.name }).then(
+                        async (res: PostResponse) => {
+                          if (res.success) {
+                            await mutate();
+                          } else {
+                            toast.error(res.error || 'Error revoking API key');
+                          }
+                        }
+                      );
+                    }}
+                  >
+                    <Trash className="h-4 w-4" />
+                  </Button>
+                </div>
+              </li>
+            ))}
+          </ul>
+        )}
+      </CardContent>
+    </Card>
+  );
+}
+
+function ApiKeysSkeleton() {
+  return (
+    <>
+      <div className='flex'>
+        <Skeleton className='h-10 flex-1 mr-2' />
+        <Skeleton className='h-10 w-10' />
+      </div>
+      <div className='space-y-2 pt-4'>
+        {[1, 2, 3].map((i) => (
+          <div key={i} className='flex items-center justify-between p-3 bg-mantle/50 rounded-md'>
+            <div className='flex-1'>
+              <Skeleton className='h-4 w-1/2' />
+            </div>
+            <div className='flex items-center space-x-2'>
+              <Skeleton className='h-8 w-8' />
+              <Skeleton className='h-8 w-8' />
+            </div>
+          </div>
+        ))}
+      </div>
+    </>
+  )
+}
+
+async function createApiKey(url: string, { arg }: { arg: PostRequest }) {
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(arg),
+  });
+  return res.json();
+}
+
+interface GetResponse {
+  success: boolean;
+  apiKeys: Array<{ id: string; name: string; createdAt: string }>;
+}
+
+interface PostRequest {
+  action: 'revoke' | 'regenerate' | 'create';
+  name: string;
+}
+interface PostResponse {
+  success: boolean;
+  apiKey?: string;
+  id?: string;
+  error?: string;
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/gensettings.tsx

@@ -0,0 +1,62 @@
+'use client';
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import {
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+} from '@/components/ui/card';
+import { editBot } from '@/lib/form/actions';
+import { BotAccount } from '@hctv/db';
+import { useRouter } from 'next/navigation';
+
+export function GeneralSettings(props: BotAccount) {
+  const router = useRouter();
+  return (
+    <Card>
+      <CardHeader>
+        <CardTitle>General Settings</CardTitle>
+        <CardDescription>Edit your bot settings!</CardDescription>
+      </CardHeader>
+      <CardContent>
+        <UniversalForm
+          fields={[
+            {
+              name: 'from',
+              type: 'hidden',
+              value: props.id,
+              required: true,
+            },
+            {
+              name: 'name',
+              type: 'text',
+              label: 'Bot Name',
+              placeholder: 'Enter bot name',
+              required: true,
+              value: props.displayName,
+            },
+            {
+              name: 'slug',
+              type: 'text',
+              label: 'Bot Slug',
+              placeholder: 'Enter bot slug',
+              required: true,
+              value: props.slug
+            },
+            {
+              name: 'description',
+              type: 'textarea',
+              label: 'Description',
+              placeholder: 'Enter bot description',
+              value: props.description,
+              textArea: true,
+            },
+          ]}
+          schemaName={'editBot'}
+          action={editBot}
+        />
+      </CardContent>
+    </Card>
+  )
+}

apps/web/src/app/(ui)/(protected)/settings/bot/[slug]/page.tsx

@@ -0,0 +1,46 @@
+import { getBotBySlug } from '@/lib/db/resolve';
+import { validateRequest } from '@/lib/auth/validate';
+import { can } from '@/lib/auth/abac';
+import { redirect } from 'next/navigation';
+import Image from 'next/image';
+import { GeneralSettings } from '@/app/(ui)/(protected)/settings/bot/[slug]/gensettings';
+import { ApiKeys } from '@/app/(ui)/(protected)/settings/bot/[slug]/apikeys';
+import Link from 'next/link';
+import { ArrowLeft } from 'lucide-react';
+
+export default async function Page({ params }: { params: Promise<{ slug: string }> }) {
+  const { user } = await validateRequest();
+  const { slug } = await params;
+  const bot = await getBotBySlug(slug);
+
+  if (!user || !bot || !can(user, 'update', 'bot', { bot })) {
+    redirect('/settings/bot');
+  }
+
+  return (
+    <div className={'container mx-auto py-6 space-y-6'}>
+      <Link href={'/settings/bot'} className="text-sm text-muted-foreground hover:underline flex items-center gap-2">
+        <ArrowLeft className='size-4' /> Back to Bot Accounts
+      </Link>
+      <div className="flex items-center justify-between">
+        <div className={'flex items-center space-x-4'}>
+          <Image
+            src={bot.pfpUrl}
+            alt={'Bot Avatar'}
+            width={48}
+            height={48}
+            className="rounded-full"
+          />
+          <div className={'flex flex-col'}>
+            <h1 className="text-3xl font-bold tracking-tight">{bot.displayName}</h1>
+            <p className="text-muted-foreground">Manage your bot account settings</p>
+          </div>
+        </div>
+      </div>
+      <div className="flex w-full gap-4 flex-col md:flex-row *:w-1/2">
+        <GeneralSettings {...bot} />
+        <ApiKeys slug={slug} />
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/bot/create/page.tsx

@@ -0,0 +1,65 @@
+'use client';
+
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import { createBot } from '@/lib/form/actions';
+import { Bot } from 'lucide-react';
+import { useRouter } from 'next/navigation';
+
+export default function Page() {
+  const router = useRouter();
+
+  return (
+    <div className="min-h-screen bg-background">
+      <div className="flex h-full w-full flex-col items-center justify-center px-4 py-12">
+        <div className="mb-8 text-center">
+          <div className="mx-auto mb-4 flex h-16 w-16 items-center justify-center rounded-full bg-primary shadow-lg">
+            <Bot className="h-8 w-8 text-primary-foreground" />
+          </div>
+          <h1 className="mb-2 text-3xl font-bold text-foreground">Create Bot Account</h1>
+          <p className="text-muted-foreground max-w-xl">
+            Create an automated bot account to provide custom functionality for your community.
+          </p>
+        </div>
+
+        <div className="w-full max-w-md bg-card rounded-xl p-8 border border-border">
+          <UniversalForm
+            fields={[
+              {
+                name: 'name',
+                type: 'text',
+                label: 'Bot Name',
+                placeholder: 'Enter bot name',
+                required: true,
+              },
+              {
+                name: 'slug',
+                type: 'text',
+                label: 'Bot Slug',
+                placeholder: 'Enter bot slug',
+                required: true,
+              },
+              {
+                name: 'description',
+                type: 'textarea',
+                label: 'Description',
+                placeholder: 'Enter bot description',
+              },
+            ]}
+            schemaName={'createBot'}
+            action={createBot}
+            onActionComplete={(res) => {
+              router.push(`/settings/bot/${res.slug}`);
+            }}
+          />
+        </div>
+
+        {/*
+          <p className="mt-6 text-sm text-muted-foreground text-center max-w-md">
+            Your bot will be created with chat permissions. You can configure advanced settings and
+            permissions after creation.
+          </p>
+        */}
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/bot/page.tsx

@@ -0,0 +1,88 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { Button } from '@/components/ui/button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
+import { Badge } from '@/components/ui/badge';
+import { Separator } from '@/components/ui/separator';
+import Link from 'next/link';
+import { Plus, Bot, Calendar, Hash } from 'lucide-react';
+import { redirect } from 'next/navigation';
+import Image from 'next/image';
+
+export default async function Page() {
+  const { user } = await validateRequest();
+  if (!user) {
+    redirect('/');
+  }
+
+  const bots = await prisma.user.findFirst({
+    where: { id: user.id },
+    select: {
+      botAccounts: true,
+    },
+  });
+
+  return (
+    <div className="container mx-auto py-6 space-y-6">
+      <div className="flex items-center justify-between">
+        <div>
+          <h1 className="text-3xl font-bold tracking-tight">Bot Accounts</h1>
+          <p className="text-muted-foreground">Manage your automated bot accounts</p>
+        </div>
+        <Link href="/settings/bot/create">
+          <Button>
+            <Plus className="mr-2 h-4 w-4" />
+            Create Bot
+          </Button>
+        </Link>
+      </div>
+
+      <Separator />
+
+      {bots?.botAccounts.length ? (
+        <div className="grid gap-4 md:grid-cols-2 lg:grid-cols-3">
+          {bots.botAccounts.map((bot) => (
+            <Link href={`/settings/bot/${bot.slug}`} key={bot.id}>
+              <Card key={bot.id} className="hover:shadow-md transition-shadow">
+                <CardHeader className="pb-3">
+                  <div className="flex items-center space-x-2">
+                    <Image src={bot.pfpUrl} alt={'Bot Avatar'} width={32} height={32} className="rounded-full" />
+                    <CardTitle className="text-lg">{bot.displayName}</CardTitle>
+                  </div>
+                </CardHeader>
+                <CardContent className="space-y-3">
+                  <div className="flex items-center space-x-2 text-sm text-muted-foreground">
+                    <Hash className="h-4 w-4" />
+                    <span>{bot.slug}</span>
+                  </div>
+                  <div className="flex items-center space-x-2 text-sm text-muted-foreground">
+                    <Calendar className="h-4 w-4" />
+                    <span>{new Date(bot.createdAt).toLocaleDateString()}</span>
+                  </div>
+                </CardContent>
+              </Card>
+            </Link>
+          ))}
+        </div>
+      ) : (
+        <Card className="text-center py-8">
+          <CardContent className="space-y-4">
+            <Bot className="mx-auto h-12 w-12 text-muted-foreground" />
+            <div>
+              <CardTitle>No bot accounts yet</CardTitle>
+              <CardDescription className="mt-2">
+                Get started by creating your first bot account
+              </CardDescription>
+            </div>
+            <Link href="/settings/bot/create">
+              <Button>
+                <Plus className="mr-2 h-4 w-4" />
+                Create Your First Bot
+              </Button>
+            </Link>
+          </CardContent>
+        </Card>
+      )}
+    </div>
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/channel/[channelName]/page.tsx

@@ -0,0 +1,96 @@
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import { redirect } from 'next/navigation';
+import ChannelSettingsClient from './page.client';
+import { resolvePersonalChannel } from '@/lib/auth/resolve';
+import { can } from '@/lib/auth/abac';
+
+export default async function ChannelSettingsPage({
+  params,
+}: {
+  params: Promise<{ channelName: string }>;
+}) {
+  const { channelName } = await params;
+  const { user } = await validateRequest();
+
+  if (!user) {
+    redirect('/auth/hackclub');
+  }
+
+  const channel = await prisma.channel.findUnique({
+    where: { name: channelName },
+    include: {
+      owner: true,
+      managers: true,
+      chatModerators: true,
+      chatModeratorBots: true,
+      streamInfo: true,
+      streamKey: true,
+      chatSettings: true,
+      followers: {
+        include: {
+          user: {
+            select: {
+              id: true,
+              slack_id: true,
+            },
+          },
+        },
+      },
+      personalFor: true,
+    },
+  });
+
+  if (!channel) {
+    redirect('/');
+  }
+
+  const isOwner = channel.ownerId === user.id;
+
+  if (!can(user, 'update', 'channel', { channel })) {
+    redirect('/');
+  }
+
+  const ownerPersonalChannel = await resolvePersonalChannel(channel.ownerId);
+  const managerPersonalChannels = await Promise.all(
+    channel.managers.map((manager) => resolvePersonalChannel(manager.id))
+  );
+  const managerIds = new Set(channel.managers.map((manager) => manager.id));
+  const extraChatModerators = channel.chatModerators.filter(
+    (moderator) => moderator.id !== channel.ownerId && !managerIds.has(moderator.id)
+  );
+  const chatModeratorPersonalChannels = await Promise.all(
+    extraChatModerators.map((moderator) => resolvePersonalChannel(moderator.id))
+  );
+  const followerPersonalChannels = await Promise.all(
+    channel.followers.map((follower) => resolvePersonalChannel(follower.user.id))
+  );
+  const teamMemberIds = [channel.ownerId, ...channel.managers.map((manager) => manager.id)];
+  const teamBotAccounts = await prisma.botAccount.findMany({
+    where: {
+      ownerId: {
+        in: teamMemberIds,
+      },
+    },
+    orderBy: {
+      slug: 'asc',
+    },
+  });
+
+  return (
+    <ChannelSettingsClient
+      channel={{
+        ...channel,
+        chatModerators: extraChatModerators,
+        ownerPersonalChannel,
+        managerPersonalChannels,
+        chatModeratorPersonalChannels,
+        followerPersonalChannels,
+        teamBotAccounts,
+      }}
+      isOwner={isOwner}
+      currentUser={user}
+      isPersonal={channel.personalFor !== null}
+    />
+  );
+}

apps/web/src/app/(ui)/(protected)/settings/channel/create/page.tsx

@@ -0,0 +1,51 @@
+'use client'
+
+import { UniversalForm } from "@/components/app/UniversalForm/UniversalForm";
+import { createChannel } from "@/lib/form/actions";
+import { Hash } from "lucide-react";
+import { useRouter } from "next/navigation";
+
+function CreateChannelPage() {
+  const router = useRouter();
+
+  return (
+    <div className="min-h-screen bg-background">
+      <div className="flex h-full w-full flex-col items-center justify-center px-4 py-12">
+        <div className="mb-8 text-center">
+          <div className="mx-auto mb-4 flex h-16 w-16 items-center justify-center rounded-full bg-primary shadow-lg">
+            <Hash className="h-8 w-8 text-primary-foreground" />
+          </div>
+          <h1 className="mb-2 text-3xl font-bold text-foreground">
+            Create New Channel
+          </h1>
+          <p className="text-muted-foreground max-w-xl">
+            IRL hackathons, game streams, and more are allowed! Create another channel apart from your personal one to diversify your content.
+          </p>
+        </div>
+
+
+        <div className="w-full max-w-md bg-card rounded-xl shadow-xl p-8 border border-border">
+          <UniversalForm
+            fields={[
+              { label: "Channel Name", name: "name", type: "text", placeholder: "Enter channel name" },
+            ]}
+            schemaName="createChannel"
+            action={createChannel}
+            onActionComplete={(r) => {
+              const channelName = r.channel;
+              if (channelName) {
+                router.push(`/${channelName}`);
+              }
+            }}
+          />
+        </div>
+
+        <p className="mt-6 text-sm text-muted-foreground text-center max-w-md">
+          Your channel will be ready to go live immediately after creation. You can always customize settings later.
+        </p>
+      </div>
+    </div>
+  );
+}
+
+export default CreateChannelPage;

apps/web/src/app/(ui)/(protected)/settings/channel/page.tsx

@@ -0,0 +1,18 @@
+import { resolvePersonalChannel } from '@/lib/auth/resolve';
+import { loadSearchParams } from '@/lib/nuqs/channelSettings';
+import { redirect } from 'next/navigation';
+
+export default async function ChannelSettingsRedirector({
+  searchParams,
+}: {
+  searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
+}) {
+  const { tab } = await loadSearchParams(searchParams);
+  const personalChannel = await resolvePersonalChannel();
+  if (personalChannel) {
+    return redirect(`/settings/channel/${personalChannel.name}?tab=${tab}`);
+  }
+
+  // lil easter egg i doubt anyone will see
+  return <p>erm</p>;
+}

apps/web/src/app/(ui)/(public)/auth/hackclub/callback/route.ts

@@ -1,15 +1,16 @@
-import { slack, lucia } from '@hctv/auth';
+import { hackClub, lucia, HCID_TOKEN_URL, HCID_USER_INFO_URL } from '@hctv/auth';
 import { cookies as nextCookies } from 'next/headers';
-import { decodeIdToken, OAuth2RequestError } from 'arctic';
+import { OAuth2RequestError } from 'arctic';
 import { generateIdFromEntropySize } from 'lucia';
 import { prisma } from '@hctv/db';
+import { getRedisConnection } from '@hctv/db';
 
 export async function GET(request: Request): Promise<Response> {
   const cookies = await nextCookies();
   const url = new URL(request.url);
 	const code = url.searchParams.get("code");
 	const state = url.searchParams.get("state");
-	const storedState = cookies.get("slack_oauth_state")?.value ?? null;
+	const storedState = cookies.get("hackclub_oauth_state")?.value ?? null;
 	if (!code || !state || !storedState || state !== storedState) {
     console.log('invalid state stuff');
 		return new Response(null, {
@@ -18,24 +19,41 @@ export async function GET(request: Request): Promise<Response> {
 	}
 
   try {
-    const tokens = await slack.validateAuthorizationCode(code);
-    const accessToken = tokens.accessToken()
-    const slackUserResponse = await fetch('https://slack.com/api/openid.connect.userInfo', {
+    const tokens = await hackClub.validateAuthorizationCode(HCID_TOKEN_URL, code, null);
+    const accessToken = tokens.accessToken();
+    const userResponse = await fetch(HCID_USER_INFO_URL, {
       headers: {
         'Authorization': `Bearer ${accessToken}`,
       },
     });
-    const slackUser: SlackUserInfo = await slackUserResponse.json();
+    const userResult: HackClubUserResponse = await userResponse.json();
+    const identity = userResult.identity;
+
+    const slackId = identity.slack_id;
+    if (!slackId) {
+      return new Response("Please make sure to have a Slack account before continuing.", {
+        status: 400,
+      });
+    }
 
     const existingUser = await prisma.user.findFirst({
       where: {
-        slack_id: slackUser.sub,
+        slack_id: slackId,
       },
     });
 
     if (existingUser) {
+      // Update email if it's missing or changed
+      if (existingUser.email !== identity.primary_email) {
+        await prisma.user.update({
+          where: { id: existingUser.id },
+          data: { email: identity.primary_email },
+        });
+      }
+
       const session = await lucia.createSession(existingUser.id, {});
       const sessionCookie = lucia.createSessionCookie(session.id);
+      await getRedisConnection().set(`sessions:${session.id}`, '');
       cookies.set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
       return new Response(null, {
         status: 302,
@@ -50,14 +68,16 @@ export async function GET(request: Request): Promise<Response> {
     await prisma.user.create({
       data: {
         id: userId,
-        slack_id: slackUser.sub,
-        pfpUrl: slackUser.picture,
+        slack_id: slackId,
+        email: identity.primary_email,
+        pfpUrl: identity.slack_id ? `https://cachet.dunkirk.sh/users/${identity.slack_id}/r` : 'https://github.com/hackclub.png',
         hasOnboarded: false,
       },
     });
 
     const session = await lucia.createSession(userId, {});
     const sessionCookie = lucia.createSessionCookie(session.id);
+    await getRedisConnection().set(`sessions:${session.id}`, '');
     cookies.set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
     return new Response(null, {
       status: 302,
@@ -80,40 +100,15 @@ export async function GET(request: Request): Promise<Response> {
   }
 }
 
-interface SlackUserInfo {
-  // OpenID Connect standard fields
-  ok: boolean;
-  sub: string;
-  email: string;
-  email_verified: boolean;
-  date_email_verified: number;
-  name: string;
-  picture: string;
-  given_name: string;
-  family_name: string;
-  locale: string;
-
-  // Slack-specific fields
-  ['https://slack.com/user_id']: string;
-  ['https://slack.com/team_id']: string;
-  ['https://slack.com/team_name']: string;
-  ['https://slack.com/team_domain']: string;
-
-  // User image URLs
-  ['https://slack.com/user_image_24']: string;
-  ['https://slack.com/user_image_32']: string;
-  ['https://slack.com/user_image_48']: string;
-  ['https://slack.com/user_image_72']: string;
-  ['https://slack.com/user_image_192']: string;
-  ['https://slack.com/user_image_512']: string;
-
-  // Team image URLs
-  ['https://slack.com/team_image_34']?: string;
-  ['https://slack.com/team_image_44']?: string;
-  ['https://slack.com/team_image_68']?: string;
-  ['https://slack.com/team_image_88']?: string;
-  ['https://slack.com/team_image_102']?: string;
-  ['https://slack.com/team_image_132']?: string;
-  ['https://slack.com/team_image_230']?: string;
-  ['https://slack.com/team_image_default']?: boolean;
+interface HackClubIdentity {
+  id: string;
+  slack_id?: string;
+  first_name: string;
+  last_name: string;
+  primary_email: string;
 }
+
+interface HackClubUserResponse {
+  identity: HackClubIdentity;
+}
+

apps/web/src/app/(ui)/(public)/auth/hackclub/route.ts

@@ -1,12 +1,12 @@
 import { generateState } from "arctic";
-import { slack } from '@hctv/auth';
+import { hackClub, HCID_AUTH_URL } from '@hctv/auth';
 import { cookies } from "next/headers";
 
 export async function GET(): Promise<Response> {
 	const state = generateState();
-	const url = slack.createAuthorizationURL(state, ['openid', 'profile']);
+	const url = hackClub.createAuthorizationURL(HCID_AUTH_URL, state, ['slack_id', 'verification_status', 'email']);
 
-	(await cookies()).set("slack_oauth_state", state, {
+	(await cookies()).set("hackclub_oauth_state", state, {
 		path: "/",
 		secure: process.env.NODE_ENV === "production",
 		httpOnly: true,

apps/web/src/app/(ui)/(public)/onboarding/page.client.tsx

@@ -0,0 +1,132 @@
+'use client';
+
+import { UniversalForm } from '@/components/app/UniversalForm/UniversalForm';
+import { Card, CardHeader, CardTitle, CardDescription, CardContent } from '@/components/ui/card';
+import { onboard } from '@/lib/form/actions';
+import { useSession } from '@/lib/providers/SessionProvider';
+import { Avatar, AvatarFallback, AvatarImage } from '@/components/ui/avatar';
+import { User, Tv, Heart, MessageSquare } from 'lucide-react';
+import Image from 'next/image';
+
+export default function OnboardingClient() {
+  const { user } = useSession();
+  
+  return (
+    <div className="min-h-[93vh] flex items-center justify-center p-4">
+      <div className="w-full max-w-2xl space-y-8">
+        {/* welcome header */}
+        <div className="text-center space-y-2">
+          <div className="flex justify-center">
+            <div className="relative">
+              <Avatar className="h-20 w-20 border-4 border-primary/20">
+                <AvatarImage src={user?.pfpUrl} alt={`@${user?.id}`} />
+                <AvatarFallback className="text-2xl font-bold">
+                  {user?.id?.charAt(0)?.toUpperCase()}
+                </AvatarFallback>
+              </Avatar>
+            </div>
+          </div>
+          <div className="space-y-2">
+            <h1 className="text-3xl font-bold tracking-tight">
+              Welcome to hackclub.tv!
+            </h1>
+            <p className="text-lg text-muted-foreground flex gap-2 justify-center">
+              Let&apos;s get you set up <Image src="https://emoji.slack-edge.com/T0266FRGM/blahaj-heart/db9adf8229e9a4fb.png" alt=":blahaj-heart:" width={24} height={24} />
+            </p>
+          </div>
+        </div>
+
+        {/* explanation */}
+        <Card className="border-2 border-primary/10 bg-primary/5">
+          <CardHeader className="pb-4">
+            <CardTitle className="flex items-center gap-2 text-xl">
+              <User className="h-5 w-5 text-primary" />
+              Why do you need a personal channel?
+            </CardTitle>
+          </CardHeader>
+          <CardContent className="space-y-4">
+            <div className="grid gap-4 md:grid-cols-3">
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <Tv className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Stream content</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Share your coding sessions and projects!
+                  </p>
+                </div>
+              </div>
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <MessageSquare className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Chat with others</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Connect with other Hack Clubbers and grow your audience
+                  </p>
+                </div>
+              </div>
+              <div className="flex items-start gap-3">
+                <div className="flex-shrink-0 w-8 h-8 bg-primary/10 rounded-lg flex items-center justify-center">
+                  <Heart className="w-4 h-4 text-primary" />
+                </div>
+                <div>
+                  <h3 className="font-semibold text-sm">Follow hackclubbers</h3>
+                  <p className="text-xs text-muted-foreground">
+                    Stay updated with your favorite creators and streams
+                  </p>
+                </div>
+              </div>
+            </div>
+            
+            <div className="mt-6 p-4 bg-secondary/50 rounded-lg border border-muted">
+              <p className="text-sm text-muted-foreground">
+                <strong>Your personal channel</strong> is your home base on hctv. 
+                It&apos;s where your profile, streams, and content will live. You can always create 
+                additional channels later for different types of content!
+              </p>
+            </div>
+          </CardContent>
+        </Card>
+
+        {/* form */}
+        <Card className="shadow-lg">
+          <CardHeader className="text-center">
+            <CardTitle className="text-xl">Choose Your Channel Username</CardTitle>
+            <CardDescription>
+              This will be your unique identifier on hctv. Choose something memorable!
+            </CardDescription>
+          </CardHeader>
+          <CardContent>
+            <UniversalForm
+              fields={[
+                { name: 'userId', label: 'User ID', type: 'hidden', value: user?.id },
+                { 
+                  name: 'username', 
+                  label: 'Channel Username', 
+                  type: 'text',
+                  placeholder: 'e.g., yourname or yourname-codes',
+                  maxChars: 20,
+                  inputFilter: /[^a-z0-9_-]/g,
+                },
+              ]}
+              schemaName="onboard"
+              action={onboard}
+              onActionComplete={() => {
+                window.location.href = '/';
+              }}
+            />
+            <div className="mt-4 p-3 bg-muted/30 rounded-md">
+              <p className="text-xs text-muted-foreground">
+                <strong>Username rules:</strong> Only lowercase letters (a-z), numbers (0-9), 
+                underscores (_), and dashes (-) are allowed. Up to 20 characters. Must be unique across the platform.
+              </p>
+            </div>
+          </CardContent>
+        </Card>
+      </div>
+    </div>
+  );
+}

apps/web/src/app/(ui)/(public)/onboarding/page.tsx

@@ -4,7 +4,10 @@ import OnboardingClient from "./page.client";
 
 export default async function Page() {
   const { user } = await validateRequest();
-  if (user!.hasOnboarded) {
+  if (!user) {
+    return redirect('/');
+  }
+  if (user.hasOnboarded) {
     return redirect('/');
   }
   return <OnboardingClient />;

apps/web/src/app/(ui)/(public)/page.tsx

@@ -0,0 +1,55 @@
+import LandingPage from '@/components/app/LandingPage/LandingPage';
+import StreamGrid from '@/components/app/StreamGrid/StreamGrid';
+import ConfusedDino from '@/components/ui/confuseddino';
+import { validateRequest } from '@/lib/auth/validate';
+import { prisma } from '@hctv/db';
+import Link from 'next/link';
+import { redirect } from 'next/navigation';
+
+export default async function Home() {
+  const { user } = await validateRequest();
+  if (user && !user?.hasOnboarded) {
+    redirect('/onboarding');
+  }
+
+  const [liveStreams, offlineStreams] = await Promise.all([
+    prisma.streamInfo.findMany({
+      where: { isLive: true },
+      include: { channel: true },
+    }),
+    prisma.streamInfo.findMany({
+      where: { isLive: false },
+      include: { channel: true },
+    }),
+  ]);
+
+  if (!user) {
+    return <LandingPage />;
+  }
+
+  if (!liveStreams.length && !offlineStreams.length) {
+    return (
+      <div className="flex min-h-[60vh] flex-col items-center justify-center gap-5 px-4 text-center">
+        <ConfusedDino className="h-28 w-28 opacity-80" />
+        <div className="space-y-1.5">
+          <h2 className="pb-0 text-2xl font-semibold tracking-tight">Nothing live right now</h2>
+          <p className="text-sm text-muted-foreground">
+            Nobody&apos;s streaming yet — why not be the first?
+          </p>
+        </div>
+        <Link
+          href="/settings/channel"
+          className="inline-flex h-9 items-center justify-center rounded-md bg-primary px-5 text-sm font-medium text-primary-foreground shadow transition-colors hover:bg-primary/90 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring"
+        >
+          Start streaming
+        </Link>
+      </div>
+    );
+  }
+
+  return (
+    <div className="p-3 md:p-6">
+      <StreamGrid liveStreams={liveStreams} offlineStreams={offlineStreams} />
+    </div>
+  );
+}

apps/web/src/app/(ui)/layout.tsx

@@ -0,0 +1,77 @@
+import type { Metadata } from 'next';
+import { Inter } from 'next/font/google';
+import { cookies } from 'next/headers';
+import '../globals.css';
+import Navbar from '@/components/app/NavBar/NavBar';
+import { SessionProvider } from '@/lib/providers/SessionProvider';
+import { validateRequest } from '@/lib/auth/validate';
+import { Toaster } from '@/components/ui/sonner';
+import { ThemeProvider } from '@/lib/providers/ThemeProvider';
+import { SidebarProvider } from '@/components/ui/sidebar';
+import Sidebar from '@/components/app/Sidebar/Sidebar';
+import { cn } from '@/lib/utils';
+import EditLivestream from '@/components/app/EditLivestream/EditLivestream';
+import { StreamInfoProvider } from '@/lib/providers/StreamInfoProvider';
+import { NextSSRPlugin } from "@uploadthing/react/next-ssr-plugin";
+import { extractRouterConfig } from 'uploadthing/server';
+import { ourFileRouter } from '@/lib/services/uploadthing/fileRouter';
+import { NuqsAdapter } from 'nuqs/adapters/next/app'
+import SonnerNewVersion from '@/components/app/SonnerNewVersion/SonnerNewVersion';
+import ConfirmDialogProvider from '@/lib/providers/ConfirmProvider';
+
+const inter = Inter({ subsets: ['latin'] });
+
+export const metadata: Metadata = {
+  title: 'hackclub.tv',
+  description: "Hack Club's livestreaming platform",
+};
+
+export default async function RootLayout({
+  children,
+}: Readonly<{
+  children: React.ReactNode;
+}>) {
+  const sessionData = await validateRequest();
+  const cookieStore = await cookies();
+  const defaultOpen = cookieStore.get('sidebar:state')?.value === 'true';
+
+  return (
+    <html lang="en">
+      <body className={cn('flex flex-col h-screen', inter.className)}>
+        <SessionProvider value={sessionData}>
+          <ThemeProvider
+            attribute="class"
+            defaultTheme="system"
+            enableSystem
+            disableTransitionOnChange
+          >
+            <SonnerNewVersion />
+            <NextSSRPlugin
+              routerConfig={extractRouterConfig(ourFileRouter)}
+            />
+            <ConfirmDialogProvider defaultOptions={{
+              cancelButton: {
+                variant: 'outline',
+              },
+            }}>
+              <NuqsAdapter>
+                <SidebarProvider defaultOpen={defaultOpen}>
+                  <StreamInfoProvider>
+                    {/* this promise is ugly but i'm lazy to fix the type errors */}
+                    <Navbar editLivestream={Promise.resolve(<EditLivestream />)} />
+                    <div className="flex flex-1 pt-16">
+                      {/* pt-16 for navbar height */}
+                      <Sidebar className="pt-16" />
+                      <main className="flex-1 overflow-auto">{children}</main>
+                    </div>
+                    <Toaster />
+                  </StreamInfoProvider>
+                </SidebarProvider>
+              </NuqsAdapter>
+            </ConfirmDialogProvider>
+          </ThemeProvider>
+        </SessionProvider>
+      </body>
+    </html>
+  );
+}

apps/web/src/app/global-error.tsx

@@ -0,0 +1,23 @@
+"use client";
+
+import * as Sentry from "@sentry/nextjs";
+import NextError from "next/error";
+import { useEffect } from "react";
+
+export default function GlobalError({ error }: { error: Error & { digest?: string } }) {
+  useEffect(() => {
+    Sentry.captureException(error);
+  }, [error]);
+
+  return (
+    <html>
+      <body>
+        {/* `NextError` is the default Next.js error page component. Its type
+        definition requires a `statusCode` prop. However, since the App Router
+        does not expose status codes for errors, we simply pass 0 to render a
+        generic error message. */}
+        <NextError statusCode={0} />
+      </body>
+    </html>
+  );
+}

apps/web/src/app/globals.css

@@ -4,111 +4,125 @@
 
 @layer base {
   :root {
-    --background: 220 23.077% 94.902%;
-    --foreground: 233.793 16.022% 35.49%;
+    /* Light theme - based on your color scheme */
 
-    --muted: 222.857 15.909% 82.745%;
-    --muted-foreground: 233.333 12.796% 41.373%;
+    /* Main background and foreground */
+    --background: 350 59% 98%; /* FDF7F8 - main background */
+    --foreground: 351 34% 30%; /* 5D3A3F - main text */
 
-    --popover: 220 23.077% 94.902%;
-    --popover-foreground: 233.793 16.022% 35.49%;
+    /* Muted elements */
+    --muted: 350 40% 93%; /* F8E8EA - muted background */
+    --muted-foreground: 350 30% 45%; /* Lighter version of main text */
 
-    --card: 220 23.077% 94.902%;
-    --card-foreground: 233.793 16.022% 35.49%;
+    /* Popover and card */
+    --popover: 0 0% 100%; /* FFFFFF - popover background */
+    --popover-foreground: 351 34% 30%; /* 5D3A3F - popover text */
+    --card: 0 0% 100%; /* FFFFFF - card background */
+    --card-foreground: 351 34% 30%; /* 5D3A3F - card text */
 
-    --border: 225 13.559% 76.863%;
-    --input: 225 13.559% 76.863%;
+    /* Border and input */
+    --border: 350 30% 85%; /* Derived border color */
+    --input: 350 30% 85%; /* Input background */
 
-    --primary: 219.907 91.489% 53.922%;
-    --primary-foreground: 220 23.077% 94.902%;
+    /* Primary actions */
+    --primary: 350 70% 50%; /* C8394F - primary button */
+    --primary-foreground: 0 0% 100%; /* FFFFFF - text on primary */
 
-    --secondary: 222.857 15.909% 82.745%;
-    --secondary-foreground: 233.793 16.022% 35.49%;
+    /* Secondary elements */
+    --secondary: 350 40% 93%; /* F8E8EA - secondary background */
+    --secondary-foreground: 351 34% 30%; /* 5D3A3F - text on secondary */
 
-    --accent: 222.857 15.909% 82.745%;
-    --accent-foreground: 233.793 16.022% 35.49%;
+    /* Accent elements */
+    --accent: 350 70% 40%; /* A12D3E - accent color */
+    --accent-foreground: 0 0% 100%; /* FFFFFF - text on accent */
 
-    --destructive: 347.077 86.667% 44.118%;
-    --destructive-foreground: 220 21.951% 91.961%;
+    /* Destructive actions */
+    --destructive: 350 70% 55%; /* D63C56 - error/destroy */
+    --destructive-foreground: 0 0% 100%; /* FFFFFF - text on destructive */
 
-    --ring: 233.793 16.022% 35.49%;
+    /* Focus ring */
+    --ring: 350 70% 50%; /* C8394F - focus ring */
 
-    --surface-1: 225 14% 77%;
-    --surface-2: 227 12% 71%;
+    /* Surface colors */
+    --surface-1: 350 40% 93%; /* F8E8EA - surface 1 */
+    --surface-2: 350 35% 88%; /* Derived surface 2 */
 
-    --mantle: 220 22% 92%;
+    /* Mantle */
+    --mantle: 350 59% 98%; /* FDF7F8 - mantle */
 
+    /* Radius */
     --radius: 0.5rem;
 
-    --sidebar-background: 0 0% 98%;
-
-    --sidebar-foreground: 240 5.3% 26.1%;
-
-    --sidebar-primary: 240 5.9% 10%;
-
-    --sidebar-primary-foreground: 0 0% 98%;
-
-    --sidebar-accent: 240 4.8% 95.9%;
-
-    --sidebar-accent-foreground: 240 5.9% 10%;
-
-    --sidebar-border: 220 13% 91%;
-
-    --sidebar-ring: 217.2 91.2% 59.8%;
+    /* Sidebar specific */
+    --sidebar-background: 350 59% 98%; /* FDF7F8 - sidebar bg */
+    --sidebar-foreground: 351 34% 30%; /* 5D3A3F - sidebar text */
+    --sidebar-primary: 350 70% 50%; /* C8394F - sidebar primary */
+    --sidebar-primary-foreground: 0 0% 100%; /* FFFFFF - text on sidebar primary */
+    --sidebar-accent: 350 40% 93%; /* F8E8EA - sidebar accent */
+    --sidebar-accent-foreground: 351 34% 30%; /* 5D3A3F - text on sidebar accent */
+    --sidebar-border: 350 30% 85%; /* Derived border */
+    --sidebar-ring: 350 70% 50%; /* C8394F - sidebar focus ring */
   }
 
   .dark {
-    --background: 240 21.053% 14.902%;
-    --foreground: 226.154 63.934% 88.039%;
+    /* Dark theme - based on your color scheme */
 
-    --muted: 240 12% 19%;
-    --muted-foreground: 240 12% 69%;
+    /* Main background and foreground */
+    --background: 350 20% 15%; /* 2A1F21 - main background */
+    --foreground: 350 30% 92%; /* F5E6E8 - main text */
 
-    --popover: 240 21.053% 14.902%;
-    --popover-foreground: 226.154 63.934% 88.039%;
+    /* Muted elements */
+    --muted: 350 20% 25%; /* 4A2D31 - muted background */
+    --muted-foreground: 350 30% 75%; /* Lighter version of main text */
 
-    --card: 240 21.053% 14.902%;
-    --card-foreground: 226.154 63.934% 88.039%;
+    /* Popover and card */
+    --popover: 350 20% 15%; /* 2A1F21 - popover background */
+    --popover-foreground: 350 30% 92%; /* F5E6E8 - popover text */
+    --card: 350 20% 15%; /* 2A1F21 - card background */
+    --card-foreground: 350 30% 92%; /* F5E6E8 - card text */
 
-    --border: 234.286 13.208% 31.176%;
-    --input: 234.286 13.208% 31.176%;
+    /* Border and input */
+    --border: 350 20% 35%; /* Derived border color */
+    --input: 350 20% 35%; /* Input background */
 
-    --primary: 267 84% 81%;
-    --primary-foreground: 267 84% 21%;
+    /* Primary actions */
+    --primary: 350 100% 75%; /* FF7A8A - primary button */
+    --primary-foreground: 350 20% 15%; /* 2A1F21 - text on primary */
 
-    --secondary: 236.842 16.239% 22.941%;
-    --secondary-foreground: 226.154 63.934% 88.039%;
+    /* Secondary elements */
+    --secondary: 350 20% 25%; /* 4A2D31 - secondary background */
+    --secondary-foreground: 350 30% 92%; /* F5E6E8 - text on secondary */
 
-    --accent: 236.842 16.239% 22.941%;
-    --accent-foreground: 226.154 63.934% 88.039%;
+    /* Accent elements */
+    --accent: 350 100% 80%; /* FF9AAA - accent color */
+    --accent-foreground: 350 20% 15%; /* 2A1F21 - text on accent */
 
-    --destructive: 343.269 81.25% 74.902%;
-    --destructive-foreground: 240 21.311% 11.961%;
+    /* Destructive actions */
+    --destructive: 350 100% 70%; /* FF6B7D - error/destroy */
+    --destructive-foreground: 350 20% 15%; /* 2A1F21 - text on destructive */
 
-    --ring: 226.154 63.934% 88.039%;
+    /* Focus ring */
+    --ring: 350 100% 75%; /* FF7A8A - focus ring */
 
-    --surface-1: 234 13% 31%;
-    --surface-2: 233 12% 39%;
+    /* Surface colors */
+    --surface-1: 350 20% 25%; /* 4A2D31 - surface 1 */
+    --surface-2: 350 20% 35%; /* Derived surface 2 */
 
-    --mantle: 240 21.311% 11.961%;
+    /* Mantle */
+    --mantle: 350 20% 12%; /* 1F1617 - mantle */
 
+    /* Radius */
     --radius: 0.5rem;
 
-    --sidebar-background: 240 21.311% 11.961%;     /* crust - matches mantle var */
-    
-    --sidebar-foreground: 226.154 63.934% 88.039%; /* matches main foreground */
-    
-    --sidebar-primary: 217.168 91.87% 75.882%;     /* matches primary */
-    
-    --sidebar-primary-foreground: 240 21.053% 14.902%; /* matches primary-foreground */
-    
-    --sidebar-accent: 236.842 16.239% 22.941%;     /* matches accent */
-    
-    --sidebar-accent-foreground: 226.154 63.934% 88.039%; /* matches accent-foreground */
-    
-    --sidebar-border: 234.286 13.208% 31.176%;     /* matches border */
-    
-    --sidebar-ring: 217.168 91.87% 75.882%;        /* matches primary */
+    /* Sidebar specific */
+    --sidebar-background: 350 20% 12%; /* 1F1617 - sidebar bg */
+    --sidebar-foreground: 350 30% 92%; /* F5E6E8 - sidebar text */
+    --sidebar-primary: 350 100% 75%; /* FF7A8A - sidebar primary */
+    --sidebar-primary-foreground: 350 20% 15%; /* 2A1F21 - text on sidebar primary */
+    --sidebar-accent: 350 20% 25%; /* 4A2D31 - sidebar accent */
+    --sidebar-accent-foreground: 350 30% 92%; /* F5E6E8 - text on sidebar accent */
+    --sidebar-border: 350 20% 35%; /* Derived border */
+    --sidebar-ring: 350 100% 75%; /* FF7A8A - sidebar focus ring */
   }
 }
 
@@ -119,14 +133,20 @@
   body {
     @apply bg-background text-foreground;
   }
+  
+  .scrollbar-hide::-webkit-scrollbar { display: none; }
+  .scrollbar-hide { -ms-overflow-style: none; scrollbar-width: none; }
 }
+
 h1 {
   @apply scroll-m-20 text-4xl font-extrabold tracking-tight lg:text-5xl;
 }
+
 h2 {
   @apply scroll-m-20 pb-2 text-3xl font-semibold tracking-tight first:mt-0;
 }
 
+/* Media controller styles remain unchanged */
 media-controller {
   --media-primary-color: #ffffff;
   --media-secondary-color: hsla(var(--background), 0.85);
@@ -158,7 +178,7 @@ media-time-range {
 }
 
 media-time-display {
-  --media-text-color: #ffffff; 
+  --media-text-color: #ffffff;
 }
 
 media-controller::part(centered-layer) {

apps/web/src/app/layout.tsx

@@ -1,55 +1,28 @@
-import type { Metadata } from 'next';
-import { Inter } from 'next/font/google';
+import { NuqsAdapter } from 'nuqs/adapters/next/app';
 import './globals.css';
-import Navbar from '@/components/app/NavBar/NavBar';
-import { SessionProvider } from '@/lib/providers/SessionProvider';
-import { validateRequest } from '@/lib/auth/validate';
-import { Toaster } from '@/components/ui/sonner';
-import { ThemeProvider } from '@/lib/providers/ThemeProvider';
-import { SidebarProvider } from '@/components/ui/sidebar';
-import Sidebar from '@/components/app/Sidebar/Sidebar';
-import { cn } from '@/lib/utils';
-import EditLivestream from '@/components/app/EditLivestream/EditLivestream';
-import { StreamInfoProvider } from '@/lib/providers/StreamInfoProvider';
 
-const inter = Inter({ subsets: ['latin'] });
+export default function Layout({ children }: { children: React.ReactNode }) {
+  const publicEnv = Object.keys(process.env).reduce((acc, key) => {
+    if (key.startsWith('NEXT_PUBLIC_')) {
+      acc[key] = process.env[key];
+    }
+    return acc;
+  }, {} as Record<string, string | undefined>);
 
-export const metadata: Metadata = {
-  title: 'hackclub.tv',
-  description: "Hack Club's livestreaming platform",
-};
-
-export default async function RootLayout({
-  children,
-}: Readonly<{
-  children: React.ReactNode;
-}>) {
-  const sessionData = await validateRequest();
   return (
     <html lang="en">
-      <body className={cn('flex flex-col h-screen', inter.className)}>
-        <SessionProvider value={sessionData}>
-          <ThemeProvider
-            attribute="class"
-            defaultTheme="system"
-            enableSystem
-            disableTransitionOnChange
-          >
-            <SidebarProvider>
-              <StreamInfoProvider>
-                {/* this promise is ugly but i'm lazy to fix the type errors */}
-                <Navbar editLivestream={Promise.resolve(<EditLivestream />)} />
-                <div className="flex flex-1 pt-16">
-                  {/* pt-16 for navbar height */}
-                  <Sidebar className="pt-16" />
-                  <main className="flex-1 overflow-auto">{children}</main>
-                </div>
-                <Toaster />
-              </StreamInfoProvider>
-            </SidebarProvider>
-          </ThemeProvider>
-        </SessionProvider>
-      </body>
+      <head>
+        <script
+          dangerouslySetInnerHTML={{
+            __html: `window.__ENV = ${JSON.stringify(publicEnv)}`,
+          }}
+        />
+      </head>
+      <NuqsAdapter>
+        <body>
+          <main>{children}</main>
+        </body>
+      </NuqsAdapter>
     </html>
   );
 }

apps/web/src/components/app/ChannelSelect/ChannelSelect.tsx

@@ -0,0 +1,46 @@
+'use client'
+
+import type { Channel } from "@hctv/db";
+import * as React from 'react';
+import { Plus } from 'lucide-react';
+import {
+  Select,
+  SelectContent,
+  SelectItem,
+  SelectTrigger,
+  SelectValue,
+} from '@/components/ui/select';
+import { Avatar, AvatarImage, AvatarFallback } from '@/components/ui/avatar';
+
+export function ChannelSelect(props: Props) {
+  const { channelList } = props;
+  return (
+    <Select onValueChange={props.onSelect} value={props.value}>
+      <SelectTrigger className="w-[180px]">
+        <SelectValue placeholder="Channel" />
+      </SelectTrigger>
+      <SelectContent>
+        {channelList.map((channel) => (
+          <SelectItem key={channel.id} value={channel.name}>
+            <div className="flex items-center gap-3">
+              <Avatar className="h-8 w-8">
+                <AvatarImage src={channel.pfpUrl} alt={channel.name} />
+                <AvatarFallback>{channel.name[0]}</AvatarFallback>
+              </Avatar>
+              <div className="font-medium">{channel.name}</div>
+            </div>
+          </SelectItem>
+        ))}
+        <SelectItem key="create" value="create" icon={<Plus className="h-4 w-4" />} className='h-11'>
+          Create Channel
+        </SelectItem>
+      </SelectContent>
+    </Select>
+  );
+}
+
+interface Props {
+  channelList: Channel[];
+  value?: string;
+  onSelect: (value: string) => void;
+}

apps/web/src/components/app/ChatPanel/ChatPanel.tsx

@@ -2,22 +2,40 @@
 
 import { useState, useRef, useEffect } from 'react';
 import { Send } from 'lucide-react';
-import { Input } from '@/components/ui/input';
+import { Textarea } from '@/components/ui/textarea';
 import { Button } from '@/components/ui/button';
 import { useParams } from 'next/navigation';
+import { Message } from './message';
+import { useMap } from '@uidotdev/usehooks';
+import { EmojiSearch } from './EmojiSearch';
+import { useQueryState } from 'nuqs';
+import { toast } from 'sonner';
 
-export default function ChatPanel() {
+export default function ChatPanel(props: Props) {
   const { username } = useParams();
+  const channelName = (Array.isArray(username) ? username[0] : username) ?? '';
+  const [grant, setGrant] = useQueryState('grant');
   const [message, setMessage] = useState('');
   const [chatMessages, setChatMessages] = useState<ChatMessage[]>([]);
   const scrollRef = useRef<HTMLDivElement>(null);
   const socketRef = useRef<WebSocket | null>(null);
+  const emojiMap = useMap() as Map<string, string>;
+  const [emojisToReq, setEmojisToReq] = useState<string[]>([]);
+  const [cursorPosition, setCursorPosition] = useState(0);
+  const textareaRef = useRef<HTMLTextAreaElement | null>(null);
+  const [viewer, setViewer] = useState<{ id: string; username: string } | null>(null);
+  const [canModerate, setCanModerate] = useState(false);
+  const [chatAccess, setChatAccess] = useState<ChatAccessState>({
+    canSend: true,
+    restriction: null,
+  });
 
   useEffect(() => {
+    console.log('Initializing WebSocket connection for user:', username);
     const socket = new WebSocket(
       `ws${window.location.protocol === 'https:' ? 's' : ''}://${
         window.location.host
-      }/api/stream/chat/ws/${username}`
+      }/api/stream/chat/ws/${channelName}?grant=${grant}`
     );
     socketRef.current = socket;
 
@@ -28,10 +46,59 @@ export default function ChatPanel() {
     socket.onmessage = (event) => {
       try {
         const data = JSON.parse(event.data);
-        if (data.type === 'ping' || data.type === 'pong' || !data.user) return;
-        setChatMessages((prev) => [...prev, data]);
+        console.log('Received websocket message:', data);
+
+        if (data.type === 'history') {
+          const messages = data.messages as ChatMessage[];
+          setChatMessages((prev) => [
+            ...prev,
+            ...messages,
+            { message: 'Welcome to the chat!', type: 'systemMsg' },
+          ]);
+          return;
+        }
+
+        if (data.type === 'session') {
+          setViewer(data.viewer ?? null);
+          setCanModerate(Boolean(data.permissions?.canModerate));
+          return;
+        }
+
+        if (data.type === 'chatAccess') {
+          setChatAccess({
+            canSend: Boolean(data.canSend),
+            restriction: data.restriction ?? null,
+          });
+          return;
+        }
+
+        if (data.type === 'systemMsg') {
+          setChatMessages((prev) => [...prev, { message: data.message, type: 'systemMsg' }]);
+          return;
+        }
+
+        if (data.type === 'messageDeleted') {
+          setChatMessages((prev) => prev.filter((message) => message.msgId !== data.msgId));
+          return;
+        }
+
+        if (data.type === 'moderationError') {
+          toast.error(data.message || 'Message blocked by moderation rules.');
+          return;
+        }
+
+        if (data.type === 'message') {
+          console.log('Adding new chat message:', data);
+          setChatMessages((prev) => [...prev, data]);
+        }
+
+        if (!data.type && data.message && data.user) {
+          console.log('Adding legacy chat message format:', data);
+          setChatMessages((prev) => [...prev, { ...data, type: 'message' }]);
+        }
       } catch (e) {
-        console.log('Received message confirmation:', event.data);
+        console.error('Error processing message:', e);
+        console.log('Raw message data:', event.data);
       }
     };
 
@@ -42,7 +109,7 @@ export default function ChatPanel() {
     return () => {
       socket.close();
     };
-  }, []);
+  }, [channelName]);
 
   useEffect(() => {
     if (scrollRef.current) {
@@ -54,6 +121,14 @@ export default function ChatPanel() {
   }, [chatMessages]);
 
   const sendMessage = () => {
+    if (!chatAccess.canSend) {
+      toast.error(
+        chatAccess.restriction?.type === 'timeout'
+          ? 'You are currently timed out in this chat.'
+          : 'You are currently banned from this chat.'
+      );
+      return;
+    }
     if (!message.trim()) return;
 
     if (socketRef.current && socketRef.current.readyState === WebSocket.OPEN) {
@@ -63,7 +138,7 @@ export default function ChatPanel() {
       const socket = new WebSocket(
         `ws${window.location.protocol === 'https:' ? 's' : ''}://${
           window.location.host
-        }/api/stream/chat/ws/${username}`
+        }/api/stream/chat/ws/${channelName}?grant=${grant}`
       );
       socket.onopen = () => {
         socket.send(JSON.stringify({ type: 'message', message }));
@@ -72,6 +147,15 @@ export default function ChatPanel() {
     }
   };
 
+  const sendModerationCommand = (command: ChatModerationCommand) => {
+    if (!socketRef.current || socketRef.current.readyState !== WebSocket.OPEN) {
+      toast.error('Chat connection is offline.');
+      return;
+    }
+
+    socketRef.current.send(JSON.stringify(command));
+  };
+
   useEffect(() => {
     const interval = setInterval(() => {
       if (socketRef.current && socketRef.current.readyState === WebSocket.OPEN) {
@@ -81,54 +165,263 @@ export default function ChatPanel() {
     return () => clearInterval(interval);
   }, []);
 
+  // emoji message collector
+  useEffect(() => {
+    if (chatMessages.length === 0) return;
+
+    const emojiPattern = /:[\w\-+]+:/g;
+    const newEmojis = chatMessages
+      .filter((msg) => msg.type === 'message')
+      .flatMap((msg) => {
+        if (!msg.message) return [];
+        const message = String(msg.message);
+        const matches = [...message.matchAll(emojiPattern)].map((m) => m[0]);
+        return matches;
+      })
+      .filter((emoji) => {
+        const emojiName = emoji.replaceAll(':', '');
+        return !emojiMap.has(emojiName) && emojiName.length > 0;
+      });
+
+    if (newEmojis.length > 0) {
+      console.log(`Found ${newEmojis.length} new emojis to request: ${newEmojis.join(', ')}`);
+      setEmojisToReq((prev) => [...new Set([...prev, ...newEmojis])]);
+    }
+  }, [chatMessages, emojiMap]);
+
+  // emoji requester
+  useEffect(() => {
+    if (emojisToReq.length === 0) return;
+
+    console.log('Requesting emojis:', emojisToReq);
+
+    // Ensure websocket is connected
+    if (!socketRef.current || socketRef.current.readyState !== WebSocket.OPEN) {
+      const socket = new WebSocket(
+        `ws${window.location.protocol === 'https:' ? 's' : ''}://${
+          window.location.host
+        }/api/stream/chat/ws/${channelName}?grant=${grant}`
+      );
+
+      socket.onopen = () => {
+        socketRef.current = socket;
+        sendEmojiRequest();
+      };
+
+      return () => {
+        socket.close();
+      };
+    } else {
+      sendEmojiRequest();
+    }
+
+    function sendEmojiRequest() {
+      const handleEmojiResponse = (event: MessageEvent) => {
+        try {
+          const data = JSON.parse(event.data);
+
+          if (data.type === 'emojiMsgResponse') {
+            const emojis = data.emojis as Record<string, string>;
+
+            let validEmojiCount = 0;
+            Object.entries(emojis).forEach(([name, url]) => {
+              if (url) {
+                emojiMap.set(name, url);
+                validEmojiCount++;
+              } else {
+                console.log(`No URL found for emoji: ${name}`);
+              }
+            });
+
+            console.log(`added ${validEmojiCount} valid emojis to map.`);
+
+            if (validEmojiCount > 0) {
+              const sampleName = Object.entries(emojis).find(([_, url]) => url)?.[0];
+              if (sampleName) {
+              }
+            } else {
+              console.warn('No valid emoji URLs received');
+            }
+          }
+        } catch (e) {
+          console.error('error processing emoji response:', e);
+        }
+      };
+
+      socketRef.current?.addEventListener('message', handleEmojiResponse);
+
+      const emojiRequest = {
+        type: 'emojiMsg',
+        emojis: emojisToReq.map((e) => e.replaceAll(':', '')),
+      };
+
+      console.log('sending emoji request:', emojiRequest);
+      socketRef.current?.send(JSON.stringify(emojiRequest));
+
+      return () => {
+        socketRef.current?.removeEventListener('message', handleEmojiResponse);
+        setEmojisToReq([]);
+      };
+    }
+  }, [emojisToReq, emojiMap, channelName]);
+
+  const handleEmojiSelect = (emojiName: string) => {
+    if (!textareaRef.current) return;
+
+    const textarea = textareaRef.current;
+    const beforeCursor = message.substring(0, cursorPosition);
+    const afterCursor = message.substring(cursorPosition);
+
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+    if (!match) return;
+
+    const startPos = beforeCursor.lastIndexOf(match[0]);
+    const newBeforeCursor = beforeCursor.substring(0, startPos);
+
+    const newMessage = `${newBeforeCursor}:${emojiName}: ${afterCursor}`;
+    setMessage(newMessage);
+
+    // 3 for colons and space
+    const newCursorPos = newBeforeCursor.length + emojiName.length + 3;
+
+    setTimeout(() => {
+      textarea.focus();
+      textarea.selectionStart = newCursorPos;
+      textarea.selectionEnd = newCursorPos;
+      setCursorPosition(newCursorPos);
+    }, 0);
+  };
+
+  const isEmojiSearchOpen = () => {
+    const beforeCursor = message.substring(0, cursorPosition);
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+    return match !== null;
+  };
+
   return (
-    <div className="md:border flex flex-col w-full min-w-[350px] h-full bg-mantle">
-      <div ref={scrollRef} className="flex-1 p-4 overflow-y-auto flex flex-col">
-        <div className="space-y-4 flex-1">
+    <div
+      className={`${props.isObsPanel ? 'w-full text-white' : 'md:border-l border-border bg-mantle w-[350px] max-w-[350px]'} flex flex-col h-full`}
+    >
+      <div
+        ref={scrollRef}
+        className={`flex-1 px-4 py-2 ${props.isObsPanel ? 'scrollbar-hide' : 'scrollbar-thin scrollbar-thumb-border scrollbar-track-transparent'} overflow-y-auto overflow-x-hidden`}
+      >
+        <div className="space-y-1 min-h-full flex flex-col justify-end">
           {chatMessages.map((msg, i) => (
-            <div key={i} className="flex space-x-2">
-              <div className="flex items-center gap-2">
-                <div className="font-bold shrink-0">{msg.user.username}</div>
-              </div>
-              <div
-                lang="en"
-                className="max-w-[calc(100%-4rem)] break-all whitespace-pre-wrap hyphens-auto"
-              >
-                {msg.message}
-              </div>
-            </div>
+            <Message
+              key={i}
+              user={msg.user}
+              message={msg.message}
+              type={msg.type}
+              emojiMap={emojiMap}
+              msgId={msg.msgId}
+              canModerate={canModerate && Boolean(viewer?.id)}
+              viewerId={viewer?.id}
+              channelName={channelName}
+              onModerationCommand={sendModerationCommand}
+            />
           ))}
         </div>
       </div>
-      <div className="p-4 border-t">
-        <div className="flex space-x-2">
-          <Input
-            value={message}
-            onChange={(e) => setMessage(e.target.value)}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter') {
-                sendMessage();
-              }
-            }}
-            placeholder="Type a message"
-            className="flex-1 bg-transparent focus-visible:ring-offset-0"
+      {!props.isObsPanel && (
+        <div className="p-3 border-t border-border relative">
+          {!chatAccess.canSend && (
+            <p className="mb-2 text-xs text-destructive">
+              {chatAccess.restriction?.type === 'timeout'
+                ? `Timed out${chatAccess.restriction.expiresAt ? ` until ${new Date(chatAccess.restriction.expiresAt).toLocaleTimeString()}` : ''}.`
+                : 'You are banned from sending messages in this chat.'}
+            </p>
+          )}
+          <div className="flex gap-2">
+            <Textarea
+              ref={textareaRef}
+              value={message}
+              onChange={(e) => {
+                setMessage(e.target.value);
+                setCursorPosition(e.target.selectionStart || 0);
+              }}
+              onKeyDown={(e) => {
+                if (e.key === 'Enter' && !e.shiftKey && !isEmojiSearchOpen()) {
+                  e.preventDefault();
+                  sendMessage();
+                }
+              }}
+              onKeyUp={(e) => {
+                setCursorPosition(e.currentTarget.selectionStart || 0);
+              }}
+              onClick={(e) => {
+                setCursorPosition(e.currentTarget.selectionStart || 0);
+              }}
+              placeholder="Send a message..."
+              className="flex-1 bg-background/50 border-border focus-visible:ring-1 focus-visible:ring-primary focus-visible:ring-offset-0 min-h-[40px] max-h-[100px] resize-none py-2 text-sm"
+              rows={1}
+              disabled={!chatAccess.canSend}
+            />
+            <Button
+              size="icon"
+              className="shrink-0 transition-colors"
+              onClick={sendMessage}
+              disabled={!message.trim() || !chatAccess.canSend}
+            >
+              <Send className="h-4 w-4" />
+            </Button>
+          </div>
+          <EmojiSearch
+            message={message}
+            cursorPosition={cursorPosition}
+            onSelect={handleEmojiSelect}
+            socket={socketRef.current}
+            emojiMap={emojiMap}
+            textareaRef={textareaRef}
           />
-          <Button size="icon" className="text-black transition-colors" onClick={sendMessage}>
-            <Send className="h-4 w-4" />
-          </Button>
         </div>
-      </div>
+      )}
     </div>
   );
 }
 
-interface User {
+export interface ChatMessage {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+  msgId?: string;
+}
+
+export interface ChatModerationCommand {
+  type:
+    | 'mod:deleteMessage'
+    | 'mod:timeoutUser'
+    | 'mod:banUser'
+    | 'mod:unbanUser'
+    | 'mod:liftTimeout';
+  msgId?: string;
+  targetUserId?: string;
+  targetUsername?: string;
+  durationSeconds?: number;
+  reason?: string;
+}
+
+interface ChatAccessState {
+  canSend: boolean;
+  restriction: ChatRestriction | null;
+}
+
+interface ChatRestriction {
+  type: 'timeout' | 'ban';
+  reason?: string;
+  expiresAt?: string | null;
+}
+
+export interface User {
   id: string;
   username: string;
   pfpUrl: string;
+  isBot: boolean;
+  displayName?: string;
+  isPlatformAdmin?: boolean;
+  channelRole?: 'owner' | 'manager' | 'chatModerator' | 'botModerator' | null;
 }
 
-interface ChatMessage {
-  user: User;
-  message: string;
+interface Props {
+  isObsPanel?: boolean;
 }

apps/web/src/components/app/ChatPanel/EmojiSearch.tsx

@@ -0,0 +1,180 @@
+// source: ai
+import { useEffect, useState, useRef } from 'react';
+import { Check } from 'lucide-react';
+import Image from 'next/image';
+
+interface EmojiSearchProps {
+  message: string;
+  cursorPosition: number;
+  onSelect: (emoji: string) => void;
+  socket: WebSocket | null;
+  emojiMap: Map<string, string>;
+  textareaRef: React.RefObject<HTMLTextAreaElement>;
+}
+
+export function EmojiSearch({
+  message,
+  cursorPosition,
+  onSelect,
+  socket,
+  emojiMap,
+  textareaRef,
+}: EmojiSearchProps) {
+  const [searchTerm, setSearchTerm] = useState<string | null>(null);
+  const [searchResults, setSearchResults] = useState<string[]>([]);
+  const [selectedIndex, setSelectedIndex] = useState(0);
+  const resultsRef = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    const beforeCursor = message.substring(0, cursorPosition);
+    const match = beforeCursor.match(/:[\w\-+]*$/);
+
+    if (match) {
+      const term = match[0].substring(1);
+      setSearchTerm(term);
+
+      if (term.length > 0) {
+        const localResults = Array.from(emojiMap.keys())
+          .filter((name) => name.toLowerCase().includes(term.toLowerCase()))
+          .slice(0, 5);
+
+        if (localResults.length > 0) {
+          setSearchResults(localResults);
+        }
+
+        if (socket && socket.readyState === WebSocket.OPEN) {
+          socket.send(
+            JSON.stringify({
+              type: 'emojiSearch',
+              searchTerm: term,
+            })
+          );
+        }
+      } else {
+        setSearchResults([]);
+      }
+    } else {
+      setSearchTerm(null);
+      setSearchResults([]);
+    }
+  }, [message, cursorPosition, socket, emojiMap]);
+
+  useEffect(() => {
+    if (!socket) return;
+
+    const handleEmojiSearchResponse = (event: MessageEvent) => {
+      try {
+        const data = JSON.parse(event.data);
+
+        if (data.type === 'emojiSearchResponse') {
+          const serverResults = data.results || [];
+
+          const localResults = Array.from(emojiMap.keys())
+            .filter((name) => searchTerm && name.toLowerCase().includes(searchTerm.toLowerCase()))
+            .slice(0, 5);
+
+          const combinedResults = [...serverResults];
+
+          localResults.forEach((name) => {
+            if (!combinedResults.includes(name)) {
+              combinedResults.push(name);
+            }
+          });
+
+          setSearchResults(combinedResults.slice(0, 10));
+          setSelectedIndex(0);
+        }
+      } catch (e) {
+        console.error('error processing emoji search response:', e);
+      }
+    };
+
+    socket.addEventListener('message', handleEmojiSearchResponse);
+    return () => {
+      socket.removeEventListener('message', handleEmojiSearchResponse);
+    };
+  }, [socket, searchTerm, emojiMap]);
+
+  useEffect(() => {
+    if (!textareaRef.current) return;
+
+    const handleKeyDown = (e: KeyboardEvent) => {
+      if (!searchTerm || searchResults.length === 0) return;
+
+      switch (e.key) {
+        case 'ArrowDown':
+          e.preventDefault();
+          setSelectedIndex((prev) => (prev + 1) % searchResults.length);
+          break;
+        case 'ArrowUp':
+          e.preventDefault();
+          setSelectedIndex((prev) => (prev - 1 + searchResults.length) % searchResults.length);
+          break;
+        case 'Enter':
+          if (searchResults[selectedIndex]) {
+            e.preventDefault();
+            onSelect(searchResults[selectedIndex]);
+          }
+          break;
+        case 'Tab':
+          if (searchResults[selectedIndex]) {
+            e.preventDefault();
+            onSelect(searchResults[selectedIndex]);
+          }
+          break;
+        case 'Escape':
+          e.preventDefault();
+          setSearchTerm(null);
+          setSearchResults([]);
+          break;
+      }
+    };
+
+    const textarea = textareaRef.current;
+    textarea.addEventListener('keydown', handleKeyDown);
+
+    return () => {
+      textarea.removeEventListener('keydown', handleKeyDown);
+    };
+  }, [searchTerm, searchResults, selectedIndex, onSelect, textareaRef]);
+
+  useEffect(() => {
+    if (resultsRef.current) {
+      const selectedElement = resultsRef.current.children[selectedIndex] as HTMLElement;
+      if (selectedElement) {
+        selectedElement.scrollIntoView({ block: 'nearest' });
+      }
+    }
+  }, [selectedIndex]);
+
+  if (!searchTerm || searchResults.length === 0) {
+    return null;
+  }
+
+  return (
+    <div className="absolute bottom-full left-0 right-0 mb-2 mx-0 bg-mantle border border-border rounded-lg shadow-lg max-h-60 overflow-y-auto z-10">
+      <div ref={resultsRef} className="py-1">
+        {searchResults.map((emojiName, index) => {
+          const isSelected = index === selectedIndex;
+          const emojiUrl = emojiMap.get(emojiName);
+
+          return (
+            <div
+              key={emojiName}
+              className={`px-3 py-2 flex items-center gap-3 cursor-pointer transition-colors ${
+                isSelected ? 'bg-primary/10' : 'hover:bg-primary/5'
+              }`}
+              onClick={() => onSelect(emojiName)}
+            >
+              {emojiUrl && (
+                <Image src={emojiUrl} alt={emojiName} width={24} height={24} className="w-6 h-6" />
+              )}
+              <span className="flex-grow text-sm font-medium">{emojiName}</span>
+              {isSelected && <Check className="h-4 w-4 text-primary" />}
+            </div>
+          );
+        })}
+      </div>
+    </div>
+  );
+}

apps/web/src/components/app/ChatPanel/message.tsx

@@ -0,0 +1,384 @@
+'use client';
+
+import { ChatModerationCommand, User } from './ChatPanel';
+import { useState } from 'react';
+import Image from 'next/image';
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from '@/components/ui/tooltip';
+import {
+  Ban,
+  Bot,
+  Clock3,
+  Crown,
+  EllipsisVertical,
+  Eraser,
+  Flag,
+  Shield,
+  ShieldAlert,
+  ShieldCheck,
+  UserRoundCheck,
+  Wrench,
+} from 'lucide-react';
+import type { LucideIcon } from 'lucide-react';
+import { Button } from '@/components/ui/button';
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from '@/components/ui/dropdown-menu';
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from '@/components/ui/dialog';
+import { Textarea } from '@/components/ui/textarea';
+import { toast } from 'sonner';
+import { cn } from '@/lib/utils';
+
+type ChannelRole = NonNullable<User['channelRole']>;
+
+const ROLE_META: Record<ChannelRole, { label: string; icon: LucideIcon; className: string }> = {
+  owner: { label: 'Owner', icon: Crown, className: 'text-amber-500' },
+  manager: { label: 'Manager', icon: Wrench, className: 'text-violet-500' },
+  chatModerator: { label: 'Chat Mod', icon: Shield, className: 'text-emerald-500' },
+  botModerator: { label: 'Bot Mod', icon: ShieldCheck, className: 'text-cyan-500' },
+};
+
+function TooltipIcon({
+  icon: Icon,
+  label,
+  className,
+}: {
+  icon: LucideIcon;
+  label: string;
+  className?: string;
+}) {
+  return (
+    <Tooltip delayDuration={200}>
+      <TooltipTrigger asChild>
+        <Icon className={cn('size-3.5 shrink-0', className)} />
+      </TooltipTrigger>
+      <TooltipContent side="top">{label}</TooltipContent>
+    </Tooltip>
+  );
+}
+
+function UsernameRow({ user, displayName }: { user?: User; displayName?: string }) {
+  const role = user?.channelRole ? ROLE_META[user.channelRole] : null;
+
+  return (
+    <TooltipProvider>
+      <span className="font-semibold text-primary shrink-0 flex items-center gap-1">
+        {user?.isBot && <TooltipIcon icon={Bot} label="Bot" className="text-muted-foreground" />}
+        {role && <TooltipIcon icon={role.icon} label={role.label} className={role.className} />}
+        {user?.isPlatformAdmin && (
+          <TooltipIcon icon={ShieldAlert} label="Platform Admin" className="text-destructive" />
+        )}
+        <span>{displayName}</span>
+        <span className="font-normal text-muted-foreground select-none">:</span>
+      </span>
+    </TooltipProvider>
+  );
+}
+
+function ReportDialog({
+  open,
+  onOpenChange,
+  displayName,
+  message,
+  reportReason,
+  onReasonChange,
+  onSubmit,
+  isSubmitting,
+}: {
+  open: boolean;
+  onOpenChange: (open: boolean) => void;
+  displayName?: string;
+  message: string;
+  reportReason: string;
+  onReasonChange: (value: string) => void;
+  onSubmit: () => void;
+  isSubmitting: boolean;
+}) {
+  return (
+    <Dialog open={open} onOpenChange={onOpenChange}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>Report message</DialogTitle>
+          <DialogDescription>
+            Message against Hack Club's Code of Conduct? Let us know!
+          </DialogDescription>
+        </DialogHeader>
+        <div className="space-y-3">
+          <div className="text-sm text-muted-foreground rounded-md border p-3 bg-muted/30">
+            <p className="font-medium text-foreground mb-1">Reported user</p>
+            <p>{displayName}</p>
+            <p className="mt-2">{message}</p>
+          </div>
+          <div>
+            <label className="text-sm font-medium">Reason</label>
+            <Textarea
+              value={reportReason}
+              onChange={(e) => onReasonChange(e.target.value)}
+              placeholder="Describe why this should be reviewed (harassment, hate speech, spam, threats, etc)."
+              rows={5}
+              className="mt-2"
+            />
+            <p className="text-xs text-muted-foreground mt-1">Minimum 10 characters.</p>
+          </div>
+        </div>
+        <DialogFooter>
+          <Button variant="outline" onClick={() => onOpenChange(false)} disabled={isSubmitting}>
+            Cancel
+          </Button>
+          <Button onClick={onSubmit} disabled={isSubmitting || reportReason.trim().length < 10}>
+            Submit report
+          </Button>
+        </DialogFooter>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
+export function Message({
+  user,
+  message,
+  type,
+  emojiMap,
+  msgId,
+  canModerate,
+  viewerId,
+  channelName,
+  onModerationCommand,
+}: MessageProps) {
+  const [reportOpen, setReportOpen] = useState(false);
+  const [reportReason, setReportReason] = useState('');
+  const [isSubmittingReport, setIsSubmittingReport] = useState(false);
+  const displayName = user?.displayName || user?.username;
+
+  if (type === 'systemMsg') {
+    return (
+      <div className="flex items-center justify-center py-1">
+        <span className="text-xs text-muted-foreground italic">{message}</span>
+      </div>
+    );
+  }
+
+  const submitReport = async () => {
+    if (!user?.id || !viewerId || viewerId === user.id) return;
+
+    const reason = reportReason.trim();
+    if (reason.length < 10) {
+      toast.error('Please include at least 10 characters explaining the report.');
+      return;
+    }
+
+    setIsSubmittingReport(true);
+    try {
+      const res = await fetch('/api/stream/chat/report', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          channelName,
+          targetUserId: user.id,
+          targetUsername: displayName,
+          msgId,
+          message,
+          reason,
+        }),
+      });
+
+      if (!res.ok) {
+        toast.error((await res.text()) || 'Failed to submit report.');
+        return;
+      }
+
+      toast.success('Report submitted. Thanks for helping keep chat safe.');
+      setReportReason('');
+      setReportOpen(false);
+    } catch {
+      toast.error('Failed to submit report.');
+    } finally {
+      setIsSubmittingReport(false);
+    }
+  };
+
+  const handleReportOpenChange = (open: boolean) => {
+    setReportOpen(open);
+    if (!open) setReportReason('');
+  };
+
+  return (
+    <>
+      <div className="group hover:bg-primary/5 rounded px-2 py-1 -mx-2 transition-colors">
+        <div className="flex items-start gap-1.5">
+          <UsernameRow user={user} displayName={displayName} />
+          <span
+            lang="en"
+            className="text-foreground min-w-0 flex-1"
+            style={{ overflowWrap: 'anywhere', wordBreak: 'break-word' }}
+          >
+            <EmojiRenderer text={message} emojiMap={emojiMap} />
+          </span>
+          {type === 'message' && user?.id && (
+            <MessageActionsMenu
+              user={user}
+              msgId={msgId}
+              canModerate={canModerate}
+              viewerId={viewerId}
+              onModerationCommand={onModerationCommand}
+              onOpenReport={() => setReportOpen(true)}
+            />
+          )}
+        </div>
+      </div>
+      <ReportDialog
+        open={reportOpen}
+        onOpenChange={handleReportOpenChange}
+        displayName={displayName}
+        message={message}
+        reportReason={reportReason}
+        onReasonChange={setReportReason}
+        onSubmit={submitReport}
+        isSubmitting={isSubmittingReport}
+      />
+    </>
+  );
+}
+
+function MessageActionsMenu({
+  user,
+  msgId,
+  canModerate,
+  viewerId,
+  onModerationCommand,
+  onOpenReport,
+}: {
+  user: User;
+  msgId?: string;
+  canModerate?: boolean;
+  viewerId?: string;
+  onModerationCommand?: (command: ChatModerationCommand) => void;
+  onOpenReport: () => void;
+}) {
+  if (!viewerId || !user.id || user.id === viewerId) return null;
+
+  const displayName = user.displayName || user.username;
+  const canMod = Boolean(canModerate && onModerationCommand);
+
+  const runModeration = (command: ChatModerationCommand) => onModerationCommand?.(command);
+
+  const timeout = (durationSeconds: number) =>
+    runModeration({
+      type: 'mod:timeoutUser',
+      targetUserId: user.id,
+      targetUsername: displayName,
+      durationSeconds,
+      reason: 'Timed out by moderator',
+    });
+
+  return (
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>
+        <Button variant="ghost" size="icon" className="h-7 w-7 opacity-0 group-hover:opacity-100">
+          <EllipsisVertical className="h-4 w-4" />
+        </Button>
+      </DropdownMenuTrigger>
+      <DropdownMenuContent align="end" className="w-52">
+        <DropdownMenuItem onClick={onOpenReport}>
+          <Flag className="mr-2 h-4 w-4" />
+          Report user
+        </DropdownMenuItem>
+        {canMod && (
+          <>
+            <DropdownMenuItem
+              onClick={() => msgId && runModeration({ type: 'mod:deleteMessage', msgId })}
+            >
+              <Eraser className="mr-2 h-4 w-4" />
+              Delete message
+            </DropdownMenuItem>
+            <DropdownMenuItem onClick={() => timeout(300)}>
+              <Clock3 className="mr-2 h-4 w-4" />
+              Timeout 5 min
+            </DropdownMenuItem>
+            <DropdownMenuItem onClick={() => timeout(3600)}>
+              <Clock3 className="mr-2 h-4 w-4" />
+              Timeout 1 hour
+            </DropdownMenuItem>
+            <DropdownMenuItem
+              className="text-destructive"
+              onClick={() =>
+                runModeration({
+                  type: 'mod:banUser',
+                  targetUserId: user.id,
+                  targetUsername: displayName,
+                  reason: 'Banned by moderator',
+                })
+              }
+            >
+              <Ban className="mr-2 h-4 w-4" />
+              Ban user
+            </DropdownMenuItem>
+            <DropdownMenuItem
+              onClick={() =>
+                runModeration({
+                  type: 'mod:liftTimeout',
+                  targetUserId: user.id,
+                  targetUsername: displayName,
+                })
+              }
+            >
+              <UserRoundCheck className="mr-2 h-4 w-4" />
+              Lift timeout/ban
+            </DropdownMenuItem>
+          </>
+        )}
+      </DropdownMenuContent>
+    </DropdownMenu>
+  );
+}
+
+export function EmojiRenderer({ text, emojiMap }: { text: string; emojiMap: Map<string, string> }) {
+  if (!text) return null;
+
+  return (
+    <TooltipProvider>
+      <>
+        {text.split(/(:[\w\-+]+:)/g).map((part, i) => {
+          if (part.match(/^:[\w\-+]+:$/)) {
+            const name = part.replaceAll(':', '');
+            const url = emojiMap.get(name);
+            if (url) {
+              return (
+                <Tooltip key={i} delayDuration={250}>
+                  <TooltipTrigger asChild>
+                    <span className="inline-flex items-center align-middle mx-0.5">
+                      <Image src={url} alt={part} width={20} height={20} className="inline-block" />
+                    </span>
+                  </TooltipTrigger>
+                  <TooltipContent>{part}</TooltipContent>
+                </Tooltip>
+              );
+            }
+          }
+          return part ? <span key={i}>{part}</span> : null;
+        })}
+      </>
+    </TooltipProvider>
+  );
+}
+
+interface MessageProps {
+  user?: User;
+  message: string;
+  type: 'message' | 'systemMsg';
+  emojiMap: Map<string, string>;
+  msgId?: string;
+  canModerate?: boolean;
+  viewerId?: string;
+  channelName: string;
+  onModerationCommand?: (command: ChatModerationCommand) => void;
+}

apps/web/src/components/app/EditLivestream/EditLivestream.tsx

@@ -1,17 +1,16 @@
 import { validateRequest } from '@/lib/auth/validate';
-import { prisma } from '@hctv/db';
-import EditLivestreamDialog from './dialog';
+import { Button } from '@/components/ui/button';
+import Link from 'next/link';
 
 export default async function EditLivestream() {
   const { user } = await validateRequest();
   if (!user?.hasOnboarded) {
     return null;
   }
-  const ownedChannels = await prisma.channel.findMany({
-    where: {
-      OR: [{ ownerId: user.id }, { managers: { some: { id: user.id } } }],
-    },
-  });
 
-  return <EditLivestreamDialog ownedChannels={ownedChannels} />;
+  return (
+    <Link href={`/settings/channel?tab=stream`}>
+      <Button variant="outline">Edit Livestream</Button>
+    </Link>
+  );
 }

apps/web/src/components/app/EditLivestream/dialog.tsx

@@ -1,183 +0,0 @@
-'use client';
-import { Button } from '@/components/ui/button';
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from '@/components/ui/dialog';
-import { StreamInfo } from '@hctv/db';
-import { UniversalForm } from '../UniversalForm/UniversalForm';
-import { editStreamInfo } from '@/lib/form/actions';
-import RegenerateKey from '../RegenerateKey/RegenerateKey';
-import * as React from 'react';
-import { Check, ChevronsUpDown } from 'lucide-react';
-import { cn } from '@/lib/utils';
-import {
-  Command,
-  CommandEmpty,
-  CommandGroup,
-  CommandInput,
-  CommandItem,
-  CommandList,
-} from '@/components/ui/command';
-import { Popover, PopoverContent, PopoverTrigger } from '@/components/ui/popover';
-import {
-  Select,
-  SelectContent,
-  SelectItem,
-  SelectTrigger,
-  SelectValue,
-} from '@/components/ui/select';
-import type { Channel } from '@hctv/db';
-import { Avatar, AvatarImage, AvatarFallback } from '@/components/ui/avatar';
-import useSWR, { Fetcher } from 'swr';
-import { fetcher } from '@/lib/services/swr';
-import { Skeleton } from '@/components/ui/skeleton';
-import Link from 'next/link';
-
-export default function EditLivestreamDialog(props: Props) {
-  const [selectedChannel, setSelectedChannel] = React.useState('');
-  const [streamInfo, setStreamInfo] = React.useState<StreamInfo>();
-
-  const { data, error } = useSWR(
-    selectedChannel ? '/api/stream/info?owned=true' : null,
-    fetcher as Fetcher<StreamInfo[]>
-  );
-
-  React.useEffect(() => {
-    if (error) {
-      console.error(error);
-    }
-  }, [error]);
-
-  React.useEffect(() => {
-    if (data && selectedChannel) {
-      const stream = data.find((stream) => stream.username === selectedChannel);
-      setStreamInfo(stream);
-    }
-  }, [data, selectedChannel]);
-
-  React.useEffect(() => {
-    if (props.ownedChannels.length > 0 && !selectedChannel) {
-      setSelectedChannel(props.ownedChannels[0].name);
-    }
-  }, [props.ownedChannels, selectedChannel]);
-
-  return (
-    <Dialog
-      onOpenChange={(op) => {
-        if (op) {
-          setSelectedChannel('');
-          setStreamInfo(undefined);
-        }
-      }}
-    >
-      <DialogTrigger asChild>
-        <Button variant="outline">Edit Livestream</Button>
-      </DialogTrigger>
-      <DialogContent>
-        <DialogHeader>
-          <DialogTitle>Edit livestream</DialogTitle>
-          <DialogDescription>Regenerate a key or edit your stream metadata</DialogDescription>
-        </DialogHeader>
-        <Link
-          href="https://gist.github.com/SrIzan10/ebd89ced6b21b016d4d389e6711a94e9"
-          target="_blank"
-        >
-          HOW TO STREAM (github gist link)
-        </Link>
-        <ChannelSelect
-          channelList={props.ownedChannels}
-          onSelect={setSelectedChannel}
-          value={selectedChannel}
-        />
-        {streamInfo && data ? (
-          <Form username={selectedChannel} streamInfo={streamInfo} />
-        ) : (
-          <FormSkeleton />
-        )}
-      </DialogContent>
-    </Dialog>
-  );
-}
-
-function Form(props: FormProps) {
-  return (
-    <UniversalForm
-      fields={[
-        { name: 'username', label: 'Username', value: props.username, type: 'hidden' },
-        { name: 'title', label: 'Title', type: 'text', value: props.streamInfo?.title },
-        { name: 'category', label: 'Category', type: 'text', value: props.streamInfo?.category },
-      ]}
-      schemaName="streamInfoEdit"
-      action={editStreamInfo}
-      submitButtonDivClassname="float-right"
-      submitText="Save"
-      otherSubmitButton={<RegenerateKey channel={props.username} />}
-      key={props.streamInfo?.id}
-    />
-  );
-}
-function FormSkeleton() {
-  return (
-    <div className="space-y-4">
-      {/* Title field */}
-      <div className="space-y-2">
-        <Skeleton className="h-4 w-12" /> {/* Label */}
-        <Skeleton className="h-10 w-full" /> {/* Input */}
-      </div>
-
-      {/* Category field */}
-      <div className="space-y-2">
-        <Skeleton className="h-4 w-16" /> {/* Label */}
-        <Skeleton className="h-10 w-full" /> {/* Input */}
-      </div>
-
-      {/* Buttons */}
-      <div className="float-right flex gap-2 py-2">
-        <Skeleton className="h-10 w-32" /> {/* RegenerateKey button */}
-        <Skeleton className="h-10 w-24" /> {/* Save button */}
-      </div>
-    </div>
-  );
-}
-
-export function ChannelSelect(props: SelectProps) {
-  const { channelList } = props;
-  return (
-    <Select onValueChange={props.onSelect} value={props.value}>
-      <SelectTrigger className="w-[180px]">
-        <SelectValue placeholder="Channel" />
-      </SelectTrigger>
-      <SelectContent>
-        {channelList.map((channel) => (
-          <SelectItem key={channel.id} value={channel.name}>
-            <div className="flex items-center gap-3">
-              <Avatar className="h-8 w-8">
-                <AvatarImage src={channel.pfpUrl} alt={channel.name} />
-                <AvatarFallback>{channel.name[0]}</AvatarFallback>
-              </Avatar>
-              <div className="font-medium">{channel.name}</div>
-            </div>
-          </SelectItem>
-        ))}
-      </SelectContent>
-    </Select>
-  );
-}
-
-interface Props {
-  ownedChannels: Channel[];
-}
-interface FormProps {
-  username: string;
-  streamInfo: StreamInfo;
-}
-interface SelectProps {
-  channelList: Channel[];
-  value?: string;
-  onSelect: (value: string) => void;
-}

apps/web/src/components/app/LandingPage/LandingPage.tsx

@@ -1,80 +1,42 @@
 import { Button } from "@/components/ui/button";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import { Badge } from "@/components/ui/badge";
+import { Play, Users, MessageCircle, Code, Zap, Heart } from "lucide-react";
 import Link from "next/link";
 
 export default function LandingPage() {
   return (
     <>
       <main className="flex-1">
-          <section className="w-full py-12 md:py-24 lg:py-32 xl:py-48">
-            <div className="container px-4 md:px-6">
-              <div className="flex flex-col items-center space-y-4 text-center">
-                <div className="flex items-center rounded-lg px-3 py-1 text-sm bg-mantle text-red-500">
-                    THIS IS A PLACEHOLDER WITH NO &quot;HACK CLUB&quot; VIBE, I&apos;M REALLY BAD AT LANDING PAGES SORRY
-                </div>
-                <div className="space-y-2">
-                  <h1 className="text-3xl font-bold tracking-tighter sm:text-4xl md:text-5xl lg:text-6xl/none">
-                    This is hackclub.tv
-                  </h1>
-                  <p className="mx-auto max-w-[700px] text-gray-500 md:text-xl dark:text-gray-400">
-                    The streaming service made by and for Hack Clubbers. Share your coding sessions, workshops, and hackathon moments live!
-                  </p>
-                </div>
-                <div className="space-x-4">
-                  <Link href="/login">
-                    <Button>Start Streaming Now!</Button>
-                  </Link>
-                </div>
+        <section className="relative w-full py-20 md:py-32 lg:py-40 xl:py-48 overflow-hidden">
+          <div className="absolute inset-0"></div>
+          <div className="container px-4 md:px-6 relative">
+            <div className="flex flex-col items-center space-y-8 text-center">              
+              <div className="space-y-6">
+                <h1 className="text-4xl font-bold tracking-tight sm:text-5xl md:text-6xl lg:text-7xl text-primary">
+                  hackclub.tv
+                </h1>
+                <p className="mx-auto max-w-[600px] text-lg text-muted-foreground md:text-xl">
+                  The streaming website for Hack Clubbers, by Hack Clubbers.
+                </p>
+              </div>
+              
+              <div className="flex flex-col sm:flex-row">
+                <Link href="/login" className="space-x-4">
+                  <Button size="lg" className="px-8 py-3 text-lg font-semibold">
+                    <Play className="w-5 h-5 mr-2" />
+                    Start Streaming
+                  </Button>
+                <Button variant="outline" size="lg" className="px-8 py-3 text-lg font-semibold">
+                  <Users className="w-5 h-5 mr-2" />
+                  Watch Streams
+                </Button>
+                </Link>
               </div>
             </div>
-          </section>
-          <section className="w-full py-12 md:py-24 lg:py-32 bg-mantle" id="features">
-            <div className="container px-4 md:px-6">
-              <div className="flex flex-col items-center justify-center space-y-4 text-center">
-                <div className="space-y-2">
-                  <div className="inline-block rounded-lg bg-gray-100 px-3 py-1 text-sm dark:bg-gray-800">
-                    Platform Features
-                  </div>
-                  <h2 className="text-3xl font-bold tracking-tighter sm:text-5xl">
-                    Built for Hack Clubbers, by Hack Clubbers
-                  </h2>
-                  <p className="max-w-[900px] text-gray-500 md:text-xl/relaxed lg:text-base/relaxed xl:text-xl/relaxed dark:text-gray-400">
-                    Everything you need to have a closer relationship with the Hack Club community!
-                  </p>
-                </div>
-              </div>
-              <div className="mx-auto max-w-5xl items-center gap-6 py-12 lg:grid-cols-2 lg:gap-12">
-                <div className="flex flex-col justify-center items-center text-center space-y-4">
-                  <ul className="grid gap-6">
-                    <li>
-                      <div className="grid gap-1">
-                        <h3 className="text-xl font-bold">Live Streaming</h3>
-                        <p className="text-gray-500 dark:text-gray-400">
-                          Stream your coding sessions with low-latency and high quality
-                        </p>
-                      </div>
-                    </li>
-                    <li>
-                      <div className="grid gap-1">
-                        <h3 className="text-xl font-bold">Chat Integration</h3>
-                        <p className="text-gray-500 dark:text-gray-400">
-                          Interact with viewers in real-time through the built-in chat system
-                        </p>
-                      </div>
-                    </li>
-                    <li>
-                      <div className="grid gap-1">
-                          <h3 className="text-xl font-bold">Community Features</h3>
-                          <p className="text-gray-500 dark:text-gray-400">
-                            Follow other streamers and build your network of Hack Club friends!
-                          </p>
-                      </div>
-                    </li>
-                  </ul>
-                </div>
-              </div>
-            </div>
-          </section>
-        </main>
-      </>
+          </div>
+        </section>
+      </main>
+    </>
   );
 }

apps/web/src/components/app/Livestream/Livestream.tsx

@@ -1,28 +1,77 @@
 'use client';
 
+import { useEffect, useState } from 'react';
+import { format } from 'date-fns';
 import StreamPlayer from '../StreamPlayer/StreamPlayer';
 import UserInfoCard from '../UserInfoCard/UserInfoCard';
 import ChatPanel from '../ChatPanel/ChatPanel';
-import type { StreamInfo, User } from '@hctv/db';
+import { Button } from '@/components/ui/button';
+import type { StreamInfo, Channel } from '@hctv/db';
 import { useIsMobile } from '@/lib/hooks/useMobile';
+import { useAllChannels } from '@/lib/hooks/useUserList';
+import { RefreshCw } from 'lucide-react';
 
 export default function LiveStream(props: Props) {
   const isMobile = useIsMobile();
-  
+  const { channels, refresh } = useAllChannels(5000);
+  const [isRestricted, setIsRestricted] = useState(false);
+  const [restrictionExpiresAt, setRestrictionExpiresAt] = useState<string | null>(null);
+  const [isRefreshing, setIsRefreshing] = useState(false);
+
+  useEffect(() => {
+    const currentStream = channels.find((s) => s.username === props.username);
+    if (currentStream?.channel?.isRestricted) {
+      setIsRestricted(true);
+      setRestrictionExpiresAt(currentStream.channel.restrictionExpiresAt || null);
+    } else if (isRestricted && currentStream && !currentStream.channel?.isRestricted) {
+      setIsRestricted(false);
+      setRestrictionExpiresAt(null);
+    }
+  }, [channels, props.username, isRestricted]);
+
+  const handleRefresh = async () => {
+    setIsRefreshing(true);
+    try {
+      await refresh();
+    } finally {
+      setIsRefreshing(false);
+    }
+  };
+
+  if (isRestricted) {
+    return (
+      <div className="flex flex-col items-center justify-center h-[calc(100vh-64px)] p-4">
+        <h1 className="text-2xl font-bold text-destructive mb-2">Channel Restricted</h1>
+        <p className="text-muted-foreground text-center max-w-md mb-4">
+          This channel has been restricted by a moderator and is no longer available for viewing.
+        </p>
+        {restrictionExpiresAt && (
+          <p className="text-sm text-muted-foreground mb-4">
+            Restriction lifts: {format(new Date(restrictionExpiresAt), 'PPP p')}
+          </p>
+        )}
+        <Button variant="outline" onClick={handleRefresh} disabled={isRefreshing}>
+          <RefreshCw className={`h-4 w-4 mr-2 ${isRefreshing ? 'animate-spin' : ''}`} />
+          {isRefreshing ? 'Checking...' : 'Check again'}
+        </Button>
+      </div>
+    );
+  }
+
   return (
     <div className={`${isMobile ? 'flex flex-col' : 'flex'} h-[calc(100vh-64px)] w-full`}>
-      <div className="flex-1 flex flex-col">
+      <div className="flex-1 flex flex-col min-w-0 overflow-hidden">
         <StreamPlayer />
         {isMobile && (
-          <div className="h-[300px]">
+          <div className="flex-1 min-h-[250px] max-h-[400px] border-t border-border">
             <ChatPanel />
           </div>
         )}
         <UserInfoCard streamInfo={props.streamInfo} />
       </div>
-      
+
       {!isMobile && (
-        <div>
+        <div className="h-full shrink-0">
           <ChatPanel />
         </div>
       )}
@@ -32,5 +81,5 @@ export default function LiveStream(props: Props) {
 
 interface Props {
   username: string;
-  streamInfo: StreamInfo & { ownedBy: User };
-}
+  streamInfo: StreamInfo & { channel: Channel };
+}

apps/web/src/components/app/MobileNavbarLinks/MobileNavbarLinks.tsx

@@ -1,35 +0,0 @@
-import { Button } from "@/components/ui/button";
-import {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuLabel,
-  DropdownMenuSeparator,
-  DropdownMenuGroup,
-  DropdownMenuItem,
-} from "@/components/ui/dropdown-menu";
-import Link from "next/link";
-import { links } from "../NavBar/NavBar";
-
-export default function MobileNavbarLinks() {
-  return (
-    <div className="flex md:hidden">
-        <DropdownMenu>
-        <DropdownMenuTrigger asChild>
-            <Button>Menu</Button>
-        </DropdownMenuTrigger>
-        <DropdownMenuContent className="w-56">
-            <DropdownMenuLabel>stack</DropdownMenuLabel>
-            <DropdownMenuSeparator />
-            <DropdownMenuGroup>
-                {links.map((link) => (
-                    <Link key={link.href} href={link.href}>
-                        <DropdownMenuItem>{link.name}</DropdownMenuItem>
-                    </Link>
-                ))}
-            </DropdownMenuGroup>
-        </DropdownMenuContent>
-        </DropdownMenu>
-    </div>
-  );
-}

apps/web/src/components/app/NavBar/NavBar.tsx

@@ -15,23 +15,9 @@ import { logout } from '@/lib/auth/actions';
 import { useSession } from '@/lib/providers/SessionProvider';
 import Link from 'next/link';
 import { ThemeSwitcher } from '../ThemeSwitcher/ThemeSwitcher';
-import { Slack } from 'lucide-react';
+import { IdCard, Shield } from 'lucide-react';
 import { SidebarTrigger } from '@/components/ui/sidebar';
 
-export const links = [{ href: '/', name: 'home (placeholder link)' }];
-
-function NavbarLinks() {
-  return (
-    <>
-      {links.map((link) => (
-        <Link key={link.href} href={link.href}>
-          <Button variant={'link'}>{link.name}</Button>
-        </Link>
-      ))}
-    </>
-  );
-}
-
 export default function Navbar(props: Props) {
   const { user } = useSession();
   return (
@@ -46,10 +32,6 @@ export default function Navbar(props: Props) {
           <SidebarTrigger />
         </div>
 
-        <div className="hidden md:flex">
-          <NavbarLinks />
-        </div>
-
         {/* Right Side Items */}
         <div className="flex items-center gap-1 md:gap-3 shrink-0">
           {props.editLivestream && <div className="hidden sm:block">{props.editLivestream}</div>}
@@ -69,6 +51,33 @@ export default function Navbar(props: Props) {
                   <Link href={`/settings/follows`}>
                     <DropdownMenuItem className="cursor-pointer">Follows</DropdownMenuItem>
                   </Link>
+                  <Link href={`/settings/channel/create`}>
+                    <DropdownMenuItem className="cursor-pointer">Create channel</DropdownMenuItem>
+                  </Link>
+                  <Link href={`/settings/bot`}>
+                    <DropdownMenuItem className="cursor-pointer">Bot accounts</DropdownMenuItem>
+                  </Link>
+                  {user.isAdmin && (
+                    <>
+                      <DropdownMenuSeparator />
+                      <Link href={`/admin`}>
+                        <DropdownMenuItem className="cursor-pointer text-primary">
+                          <Shield className="w-4 h-4 mr-2" />
+                          Admin Panel
+                        </DropdownMenuItem>
+                      </Link>
+                    </>
+                  )}
+                  <DropdownMenuSeparator />
+                  <Link href={'https://docs.hackclub.tv'} target="_blank" rel="noreferrer">
+                    <DropdownMenuItem className="cursor-pointer">API Docs</DropdownMenuItem>
+                  </Link>
+                  <Link href={'https://github.com/SrIzan10/hctv'} target="_blank" rel="noreferrer">
+                    <DropdownMenuItem className="cursor-pointer">Github</DropdownMenuItem>
+                  </Link>
+                  <Link href={'https://github.com/sponsors/SrIzan10'} target="_blank" rel="noreferrer">
+                    <DropdownMenuItem className="cursor-pointer">Sponsor</DropdownMenuItem>
+                  </Link>
                 </DropdownMenuGroup>
                 <DropdownMenuSeparator />
                 <DropdownMenuGroup>
@@ -85,12 +94,23 @@ export default function Navbar(props: Props) {
                 <DropdownMenuGroup>
                   <ThemeSwitcher />
                 </DropdownMenuGroup>
+                <DropdownMenuGroup>
+                  <p className="text-gray-500 dark:text-gray-400 text-sm px-2">
+                    v{process.env.version}-{process.env.NODE_ENV === 'development' ? 'dev' : 'prod'}, commit{' '}
+                    <Link
+                      href={`https://github.com/SrIzan10/hctv/commit/${process.env.commit}`}
+                      target="_blank"
+                    >
+                      {process.env.commit}
+                    </Link>
+                  </p>
+                </DropdownMenuGroup>
               </DropdownMenuContent>
             </DropdownMenu>
           ) : (
-            <Link href="/auth/slack">
+            <Link href="/auth/hackclub">
               <Button variant="outline" size="sm" className="gap-1 md:gap-2 text-xs md:text-sm">
-                <Slack className="w-3 h-3 md:w-4 md:h-4" />
+                <IdCard className="w-3 h-3 md:w-4 md:h-4" />
                 <span className="hidden sm:inline">Sign in</span>
                 <span className="sm:hidden">Login</span>
               </Button>

apps/web/src/components/app/Sidebar/Sidebar.tsx

@@ -1,135 +1,162 @@
 'use client';
 
 import * as React from 'react';
-import { ChevronDown, ChevronUp } from 'lucide-react';
-import { Avatar, AvatarFallback, AvatarImage } from '@/components/ui/avatar';
 import {
   Sidebar as UISidebar,
   SidebarContent,
   SidebarGroup,
   SidebarGroupContent,
   SidebarGroupLabel,
-  SidebarHeader,
   SidebarMenu,
   SidebarMenuButton,
   SidebarMenuItem,
+  useSidebar,
 } from '@/components/ui/sidebar';
-import { StreamInfoResponse, useStreams } from '@/lib/providers/StreamInfoProvider';
+import { StreamInfoResponse } from '@/lib/providers/StreamInfoProvider';
 import { useRouter } from 'next/navigation';
 import { Skeleton } from '@/components/ui/skeleton';
+import { useAllChannels } from '@/lib/hooks/useUserList';
+import { Separator } from '@/components/ui/separator';
 
 export default function Sidebar({ ...props }: React.ComponentProps<typeof UISidebar>) {
-  const { stream, isLoading } = useStreams();
-  const [followedExpanded, setFollowedExpanded] = React.useState(true);
+  const { channels: stream, isLoading } = useAllChannels(5000);
+  const { state } = useSidebar();
+  const isCollapsed = state === 'collapsed';
 
-  if (isLoading) return <SidebarSkeleton />;
+  if (isLoading) return <SidebarSkeleton {...props} />;
 
   const liveStreamers = stream?.filter((s) => s.isLive) || [];
   const offlineStreamers = stream?.filter((s) => !s.isLive) || [];
 
   return (
-    <UISidebar {...props}>
+    <UISidebar collapsible="icon" {...props}>
       <SidebarContent>
         <SidebarGroup>
-          <SidebarGroupLabel asChild>
-            <button
-              onClick={() => setFollowedExpanded(!followedExpanded)}
-              className="w-full flex items-center justify-between"
-            >
-              <span>Live Channels</span>
-              {followedExpanded ? (
-                <ChevronUp className="h-4 w-4" />
-              ) : (
-                <ChevronDown className="h-4 w-4" />
-              )}
-            </button>
+          <SidebarGroupLabel className="flex items-center justify-between px-2 py-1.5">
+            <span className="text-xs font-semibold uppercase text-muted-foreground group-data-[collapsible=icon]:opacity-0 transition-opacity duration-200">
+              Live Channels
+            </span>
+            <span className="text-xs text-muted-foreground group-data-[collapsible=icon]:opacity-0 transition-opacity duration-200">
+              {liveStreamers.length}
+            </span>
           </SidebarGroupLabel>
 
-          {followedExpanded && (
-            <SidebarGroupContent>
-              <SidebarMenu>
-                {liveStreamers.map((streamer) => (
-                  <StreamerItem key={streamer.id} streamer={streamer} />
-                ))}
-              </SidebarMenu>
-            </SidebarGroupContent>
-          )}
+          <SidebarGroupContent>
+            <SidebarMenu>
+              {liveStreamers.length === 0 && !isCollapsed && (
+                <div className="px-4 py-2 text-sm text-muted-foreground">
+                  No channels live
+                </div>
+              )}
+              {liveStreamers.map((streamer) => (
+                <StreamerItem key={streamer.id} streamer={streamer} isCollapsed={isCollapsed} />
+              ))}
+            </SidebarMenu>
+          </SidebarGroupContent>
         </SidebarGroup>
 
-        {offlineStreamers.length > 0 && (
-          <SidebarGroup>
-            <SidebarGroupLabel>Offline Channels</SidebarGroupLabel>
-            <SidebarGroupContent>
-              <SidebarMenu>
-                {offlineStreamers.map((streamer) => (
-                  <StreamerItem key={streamer.id} streamer={streamer} />
-                ))}
-              </SidebarMenu>
-            </SidebarGroupContent>
-          </SidebarGroup>
-        )}
+        <Separator className="group-data-[collapsible=icon]:block hidden" />
+        
+        <SidebarGroup>
+          <SidebarGroupLabel className="flex items-center justify-between px-2 py-1.5">
+            <span className="text-xs font-semibold uppercase text-muted-foreground group-data-[collapsible=icon]:opacity-0 transition-opacity duration-200">
+              Offline Channels
+            </span>
+          </SidebarGroupLabel>
+          <SidebarGroupContent>
+            <SidebarMenu>
+              {offlineStreamers.map((streamer) => (
+                <StreamerItem key={streamer.id} streamer={streamer} isCollapsed={isCollapsed} />
+              ))}
+            </SidebarMenu>
+          </SidebarGroupContent>
+        </SidebarGroup>
       </SidebarContent>
     </UISidebar>
   );
 }
 
-function StreamerItem({ streamer }: { streamer: StreamInfoResponse[0] }) {
+function StreamerItem({ streamer, isCollapsed }: { streamer: StreamInfoResponse[0], isCollapsed: boolean }) {
   const router = useRouter();
+  
   return (
-    <SidebarMenuItem key={streamer.id} className={streamer.isLive ? '' : '*:text-muted-foreground'}>
-      <SidebarMenuButton className="flex items-center gap-3 h-full" onClick={() => {
-        router.push(`/${streamer.username}`);
-      }}>
-        <div className="relative">
-          <Avatar className="h-9 w-9">
-            <AvatarImage src={streamer.channel.pfpUrl} alt={streamer.username} />
-            <AvatarFallback>{streamer.username}</AvatarFallback>
-          </Avatar>
-          {streamer.isLive && (
-            <span className="absolute -top-1 -right-1 w-3 h-3 bg-primary rounded-full border-2 border-black" />
+    <SidebarMenuItem>
+      <SidebarMenuButton
+        asChild
+        tooltip={streamer.username}
+        className="h-12"
+        onClick={() => router.push(`/${streamer.username}`)}
+      >
+        <button className="flex w-full items-center gap-3">
+          <div className="relative flex-shrink-0">
+            {/* eslint-disable-next-line @next/next/no-img-element */}
+            <img
+              src={streamer.channel.pfpUrl}
+              alt={streamer.username}
+              className="h-8 w-8 rounded-full object-cover"
+              loading="lazy"
+            />
+            {streamer.isLive && (
+              <span className="absolute -bottom-0.5 -right-0.5 flex h-3 w-3 items-center justify-center rounded-full bg-background ring-2 ring-background">
+                <span className="h-2 w-2 rounded-full bg-red-500 animate-pulse" />
+              </span>
+            )}
+          </div>
+          
+          {!isCollapsed && (
+            <div className="flex flex-1 flex-col items-start overflow-hidden">
+              <div className="flex w-full items-center justify-between">
+                <span className="truncate font-medium text-sm leading-none">
+                  {streamer.username}
+                </span>
+                {streamer.isLive && (
+                  <div className="flex items-center gap-1 text-xs text-red-500">
+                    <span className="h-1.5 w-1.5 rounded-full bg-red-500" />
+                    <span>{streamer.viewers}</span>
+                  </div>
+                )}
+              </div>
+              <span className="truncate text-xs text-muted-foreground w-full text-left">
+                {streamer.isLive ? streamer.title || streamer.category || 'Live' : 'Offline'}
+              </span>
+            </div>
           )}
-        </div>
-        <div className="flex-1">
-          <p className="font-medium truncate">{streamer.username}</p>
-          <p className="text-sm truncate">{streamer.category}</p>
-          {streamer.isLive && (
-            <p className="text-sm">
-              {streamer.viewers} viewer{streamer.viewers === 1 ? '' : 's'}
-            </p>
-          )}
-        </div>
+        </button>
       </SidebarMenuButton>
     </SidebarMenuItem>
   );
 }
 
 function SidebarSkeleton({ ...props }: React.ComponentProps<typeof UISidebar>) {
+  const { state } = useSidebar();
+  const isCollapsed = state === 'collapsed';
+
   return (
-    <UISidebar {...props}>
+    <UISidebar collapsible="icon" {...props}>
       <SidebarContent>
         <SidebarGroup>
-          <SidebarGroupLabel asChild>
-            <button className="w-full flex items-center justify-between">
-              <span>Live Channels</span>
-              <ChevronUp className="h-4 w-4" />
-            </button>
+          <SidebarGroupLabel className="px-2 py-1.5">
+            <Skeleton className="h-4 w-24 group-data-[collapsible=icon]:opacity-0 transition-opacity duration-200" />
           </SidebarGroupLabel>
-
           <SidebarGroupContent>
             <SidebarMenu>
               {Array(3).fill(0).map((_, i) => (
-                <StreamerItemSkeleton key={i} />
+                <StreamerItemSkeleton key={i} isCollapsed={isCollapsed} />
               ))}
             </SidebarMenu>
           </SidebarGroupContent>
         </SidebarGroup>
 
+        <Separator className="group-data-[collapsible=icon]:block hidden" />
+
         <SidebarGroup>
-          <SidebarGroupLabel>Offline Channels</SidebarGroupLabel>
+          <SidebarGroupLabel className="px-2 py-1.5">
+            <Skeleton className="h-4 w-24 group-data-[collapsible=icon]:opacity-0 transition-opacity duration-200" />
+          </SidebarGroupLabel>
           <SidebarGroupContent>
             <SidebarMenu>
               {Array(5).fill(0).map((_, i) => (
-                <StreamerItemSkeleton key={i} />
+                <StreamerItemSkeleton key={i} isCollapsed={isCollapsed} />
               ))}
             </SidebarMenu>
           </SidebarGroupContent>
@@ -139,16 +166,18 @@ function SidebarSkeleton({ ...props }: React.ComponentProps<typeof UISidebar>) {
   );
 }
 
-function StreamerItemSkeleton() {
+function StreamerItemSkeleton({ isCollapsed }: { isCollapsed: boolean }) {
   return (
     <SidebarMenuItem>
-      <SidebarMenuButton className="flex items-center gap-3 h-full">
-        <div className="relative">
-          <Skeleton className="h-9 w-9 rounded-full" />
-        </div>
-        <div className="flex-1 space-y-2">
-          <Skeleton className="h-4 w-24" />
-          <Skeleton className="h-3 w-16" />
+      <SidebarMenuButton className="h-12">
+        <div className="flex w-full items-center gap-3">
+          <Skeleton className="h-8 w-8 rounded-full flex-shrink-0" />
+          {!isCollapsed && (
+            <div className="flex-1 space-y-1.5">
+              <Skeleton className="h-3.5 w-24" />
+              <Skeleton className="h-3 w-16" />
+            </div>
+          )}
         </div>
       </SidebarMenuButton>
     </SidebarMenuItem>

apps/web/src/components/app/SonnerNewVersion/SonnerNewVersion.tsx

@@ -0,0 +1,52 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import useSWR from 'swr';
+import { toast } from 'sonner';
+import { fetcher } from '@/lib/services/swr';
+
+
+export default function SonnerNewVersion() {
+  const [initialCommitId, setInitialCommitId] = useState<string | null>(null);
+  const [hasShownToast, setHasShownToast] = useState(false);
+
+  const { data } = useSWR('/api/commit', fetcher, {
+    refreshInterval: 5000,
+    revalidateOnFocus: false,
+    revalidateOnReconnect: false,
+  });
+
+  useEffect(() => {
+    if (data?.commit && !initialCommitId) {
+      setInitialCommitId(data.commit);
+    }
+  }, [data?.commit, initialCommitId]);
+  
+  useEffect(() => {
+    if (
+      initialCommitId &&
+      data?.commit &&
+      data.commit !== initialCommitId &&
+      !hasShownToast
+    ) {
+      toast('New version available!', {
+        action: {
+          label: 'Refresh',
+          onClick: () => window.location.reload(),
+        },
+        duration: Infinity,
+        position: 'top-center'
+      });
+      setHasShownToast(true);
+    }
+  }, [data?.commit, initialCommitId, hasShownToast]);
+
+  useEffect(() => {
+    if (hasShownToast && data?.commit !== initialCommitId) {
+      setInitialCommitId(data.commit);
+      setHasShownToast(false);
+    }
+  }, [data?.commit, initialCommitId, hasShownToast]);
+
+  return null;
+}

apps/web/src/components/app/StreamGrid/StreamGrid.tsx

@@ -0,0 +1,178 @@
+'use client';
+
+import Link from 'next/link';
+import { Avatar, AvatarFallback, AvatarImage } from '@/components/ui/avatar';
+import { Badge } from '@/components/ui/badge';
+import ConfusedDino from '@/components/ui/confuseddino';
+import {
+  Carousel,
+  CarouselContent,
+  CarouselItem,
+  CarouselNext,
+  CarouselPrevious,
+} from '@/components/ui/carousel';
+import type { Channel, StreamInfo } from '@hctv/db';
+
+type StreamWithChannel = StreamInfo & { channel: Channel };
+
+interface StreamGridProps {
+  liveStreams: StreamWithChannel[];
+  offlineStreams: StreamWithChannel[];
+}
+
+export default function StreamGrid({ liveStreams, offlineStreams }: StreamGridProps) {
+  const sortedLiveStreams = [...liveStreams].sort((a, b) => b.viewers - a.viewers);
+
+  return (
+    <div className="space-y-8 md:space-y-10">
+      {sortedLiveStreams.length === 0 && (
+        <div className="flex flex-col items-center gap-4 py-10 text-center">
+          <ConfusedDino className="h-24 w-24 opacity-70" />
+          <div className="space-y-1">
+            <p className="font-semibold">Nobody&apos;s live right now</p>
+            <p className="text-sm text-muted-foreground">Why not be the first?</p>
+          </div>
+          <Link
+            href="/settings/channel"
+            className="inline-flex h-9 items-center justify-center rounded-md bg-primary px-5 text-sm font-medium text-primary-foreground shadow-sm transition-colors hover:bg-primary/90"
+          >
+            Start streaming
+          </Link>
+        </div>
+      )}
+
+      {sortedLiveStreams.length > 0 && (
+        <section>
+          <SectionHeading label="Live now" count={sortedLiveStreams.length} />
+          <div className="grid grid-cols-1 gap-3 sm:grid-cols-2 md:gap-4 lg:grid-cols-3 xl:grid-cols-4">
+            {sortedLiveStreams.map((stream) => (
+              <StreamCard key={stream.id} stream={stream} />
+            ))}
+          </div>
+        </section>
+      )}
+
+      {offlineStreams.length > 0 && (
+        <section>
+          <SectionHeading label="Offline channels" count={offlineStreams.length} />
+          <div className="relative">
+            <Carousel opts={{ align: 'start', dragFree: true }}>
+              <CarouselContent>
+                {offlineStreams.map((stream) => (
+                  <CarouselItem
+                    key={stream.id}
+                    className="flex basis-[74px] justify-center sm:basis-[82px] md:basis-[90px] lg:basis-[100px]"
+                  >
+                    <OfflineCard stream={stream} />
+                  </CarouselItem>
+                ))}
+              </CarouselContent>
+              <CarouselPrevious className="hidden md:flex" />
+              <CarouselNext className="hidden md:flex" />
+            </Carousel>
+          </div>
+        </section>
+      )}
+    </div>
+  );
+}
+
+function StreamCard({ stream }: { stream: StreamWithChannel }) {
+  return (
+    <Link href={`/${stream.username}`} className="group block w-full max-w-sm">
+      <div className="overflow-hidden rounded-lg border border-border bg-card shadow-sm transition-shadow duration-200 group-hover:shadow-md">
+        <div className="relative aspect-video overflow-hidden bg-muted">
+          <img
+            src={`/api/stream/thumb/${stream.channel.name}`}
+            alt={stream.title}
+            className="absolute inset-0 object-cover"
+          />
+          <div className="absolute inset-0 bg-gradient-to-t from-black/60 via-transparent to-transparent" />
+          <div className="absolute bottom-1.5 left-1.5 md:bottom-2 md:left-2">
+            <LiveBadge small />
+          </div>
+          <div className="absolute bottom-1.5 right-1.5 md:bottom-2 md:right-2">
+            <ViewerCount count={stream.viewers} small />
+          </div>
+        </div>
+        <div className="flex items-start gap-2 p-2 md:gap-3 md:p-3">
+          <Avatar className="h-7 w-7 shrink-0 ring-1 ring-primary/20 md:h-8 md:w-8">
+            <AvatarImage src={stream.channel.pfpUrl} alt={stream.channel.name} />
+            <AvatarFallback className="text-[10px]">
+              {stream.channel.name.slice(0, 2).toUpperCase()}
+            </AvatarFallback>
+          </Avatar>
+          <div className="min-w-0 flex-1">
+            <p className="truncate text-xs font-medium leading-snug md:text-sm">{stream.title}</p>
+            <p className="truncate text-[10px] text-muted-foreground md:text-xs">
+              {stream.channel.name}
+            </p>
+            {stream.category && (
+              <Badge
+                variant="secondary"
+                className="mt-1 rounded-full px-1.5 py-0 text-[9px] font-medium md:mt-1.5 md:px-2 md:text-[10px]"
+              >
+                {stream.category}
+              </Badge>
+            )}
+          </div>
+        </div>
+      </div>
+    </Link>
+  );
+}
+
+function OfflineCard({ stream }: { stream: StreamWithChannel }) {
+  return (
+    <Link href={`/${stream.username}`} className="group inline-flex">
+      <div className="flex w-[70px] flex-col items-center gap-1 rounded-lg p-1.5 transition-colors duration-150 hover:bg-muted/50 sm:w-[78px] md:w-[86px] md:gap-1.5 md:p-2">
+        <div className="relative">
+          <Avatar className="h-9 w-9 ring-2 ring-border transition-colors duration-150 group-hover:ring-border/60 sm:h-10 sm:w-10 md:h-11 md:w-11">
+            <AvatarImage src={stream.channel.pfpUrl} alt={stream.channel.name} />
+            <AvatarFallback className="text-xs font-semibold">
+              {stream.channel.name.slice(0, 2).toUpperCase()}
+            </AvatarFallback>
+          </Avatar>
+          <span className="absolute -bottom-0.5 -right-0.5 h-2.5 w-2.5 rounded-full border-2 border-background bg-muted-foreground/40" />
+        </div>
+        <p className="w-full truncate text-center text-[10px] font-medium">{stream.channel.name}</p>
+      </div>
+    </Link>
+  );
+}
+
+function LiveBadge({ small }: { small?: boolean }) {
+  return (
+    <span
+      className={`flex items-center gap-1 rounded-full bg-red-600 font-bold uppercase tracking-wide text-white ${small ? 'px-1.5 py-0.5 text-[9px]' : 'px-2 py-0.5 text-[10px]'}`}
+    >
+      <span className="inline-block h-1.5 w-1.5 animate-pulse rounded-full bg-white" />
+      Live
+    </span>
+  );
+}
+
+function ViewerCount({ count, small }: { count: number; small?: boolean }) {
+  return (
+    <span
+      className={`flex items-center gap-1 rounded-full bg-black/70 font-medium text-white backdrop-blur-sm ${small ? 'px-1.5 py-0.5 text-[9px]' : 'px-2 py-0.5 text-xs'}`}
+    >
+      <span className="inline-block h-1.5 w-1.5 rounded-full bg-red-400" />
+      {count.toLocaleString()}
+    </span>
+  );
+}
+
+function SectionHeading({ label, count }: { label: string; count?: number }) {
+  return (
+    <div className="mb-3 flex items-center gap-2">
+      <h2 className="pb-0 text-sm font-semibold tracking-tight md:text-base">{label}</h2>
+      {count !== undefined && (
+        <span className="rounded-full bg-primary/10 px-2 py-0.5 text-xs font-medium text-primary">
+          {count}
+        </span>
+      )}
+      <div className="ml-2 h-px flex-1 bg-border" />
+    </div>
+  );
+}

apps/web/src/components/app/StreamPlayer/StreamPlayer.tsx

@@ -1,44 +1,70 @@
 'use client';
 
 import { useParams } from 'next/navigation';
+import { useRef, useEffect } from 'react';
 import {
   MediaController,
   MediaLoadingIndicator,
   MediaControlBar,
   MediaPlayButton,
-  MediaSeekBackwardButton,
-  MediaSeekForwardButton,
   MediaMuteButton,
   MediaVolumeRange,
-  MediaFullscreenButton
+  MediaFullscreenButton,
 } from 'media-chrome/react';
-import HlsVideo from 'hls-video-element/react'
+import HlsVideo from 'hls-video-element/react';
+import { useSession } from '@/lib/providers/SessionProvider';
+import { useUserStreamInfo } from '@/lib/hooks/useUserList';
+import { getMediamtxClientEnvs } from '@/lib/utils/mediamtx/client';
 
 export default function StreamPlayer() {
   const { username } = useParams();
+  const { session } = useSession();
+  const { streamInfo: userInfo } = useUserStreamInfo(username!.toString());
+  
+  const videoRef = useRef(null);
+
+  useEffect(() => {
+    const video = videoRef.current;
+    if (video && username && session) {
+      const user = 'skibiditoilet';
+      const credentials = btoa(`${user}:${session.id}`);
+
+      // @ts-ignore
+      video.config = {
+        xhrSetup: (xhr: XMLHttpRequest) => {
+          xhr.setRequestHeader('Authorization', `Basic ${credentials}`);
+        },
+        lowLatencyMode: true,
+        debug: process.env.NODE_ENV === 'development',
+        backBufferLength: 90,
+        enableWorker: true,
+        maxLiveSyncPlaybackRate: 1.5,
+        liveSyncDurationCount: 2,
+        liveMaxLatencyDurationCount: 4,
+      };
+
+      // @ts-ignore
+      video.src = `${getMediamtxClientEnvs(userInfo?.streamRegion!).publicUrl}/${username}/index.m3u8`;
+    }
+
+    return () => {
+      if (video) {
+        // @ts-ignore
+        video.src = '';
+      }
+    };
+  }, [username, session]);
 
   return (
-    <MediaController className='w-full aspect-video'>
+    <MediaController className="w-full aspect-video">
       <HlsVideo
-        src={`/api/rtmp/hls/${username}.m3u8`}
+        ref={videoRef}
         slot="media"
         crossOrigin="anonymous"
         autoplay
-        config={{
-          lowLatencyMode: true,
-          liveSyncDurationCount: 2, // Use only 1 segment for sync
-          liveMaxLatencyDurationCount: 3, // Maximum latency allowed
-          liveDurationInfinity: true,
-          enableWorker: true,
-          backBufferLength: 0, // No back buffer
-          startLevel: -1, // Auto level selection
-          maxBufferLength: 4, // Maximum buffer length in seconds
-          maxMaxBufferLength: 6,
-          debug: false,
-        }}
       />
       <MediaLoadingIndicator slot="centered-chrome" noAutohide />
-      <MediaControlBar className='w-full px-2'>
+      <MediaControlBar className="w-full px-2">
         <div className="flex items-center gap-2">
           <MediaPlayButton />
           <MediaMuteButton />