Add model download to FAQ.md

docs(release): finalize v1.30.3 release notes [skip ci]
chore(release): 1.30.3 [skip ci]
2026-03-28 19:49:25 +01:00 · 2026-03-26 23:12:49 -07:00 · 2026-03-25 23:40:34 +00:00 · 2026-03-25 23:39:41 +00:00 · 2026-03-25 16:30:35 -07:00 · 2026-03-25 16:30:35 -07:00
235 changed files with 22417 additions and 5214 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -2,4 +2,7 @@
 .env.*
 .git
 node_modules
-*.log
+*.log
 admin/storage
 admin/node_modules
 admin/build
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -0,0 +1,193 @@
 name: Bug Report
 description: Report a bug or issue with Project N.O.M.A.D.
 title: "[Bug]: "
 labels: ["bug", "needs-triage"]
 body:
  - type: markdown
    attributes:
      value: |
        Thanks for taking the time to report a bug! Please fill out the information below to help us diagnose and fix the issue.
        **Before submitting:**
        - Search existing issues to avoid duplicates
        - Ensure you're running the latest version of N.O.M.A.D.
        - Redact any personal or sensitive information from logs/configs
        - Please don't submit issues related to running N.O.M.A.D. on Unraid or another NAS - we don't have plans to support these kinds of platforms at this time
  - type: dropdown
    id: issue-category
    attributes:
      label: Issue Category
      description: What area is this issue related to?
      options:
        - Installation/Setup
        - AI Assistant (Ollama)
        - Knowledge Base/RAG (Document Upload)
        - Docker/Container Issues
        - GPU Configuration
        - Content Downloads (ZIM, Maps, Collections)
        - Service Management (Start/Stop/Update)
        - System Performance/Resources
        - UI/Frontend Issue
        - Other
    validations:
      required: true
  - type: textarea
    id: description
    attributes:
      label: Bug Description
      description: Provide a clear and concise description of what the bug is
      placeholder: What happened? What did you expect to happen?
    validations:
      required: true
  - type: textarea
    id: reproduction
    attributes:
      label: Steps to Reproduce
      description: How can we reproduce this issue?
      placeholder: |
        1. Go to '...'
        2. Click on '...'
        3. See error
    validations:
      required: true
  - type: textarea
    id: expected-behavior
    attributes:
      label: Expected Behavior
      description: What did you expect to happen?
      placeholder: Describe the expected outcome
    validations:
      required: true
  - type: textarea
    id: actual-behavior
    attributes:
      label: Actual Behavior
      description: What actually happened?
      placeholder: Describe what actually occurred, including any error messages
    validations:
      required: true
  - type: input
    id: nomad-version
    attributes:
      label: N.O.M.A.D. Version
      description: What version of N.O.M.A.D. are you running? (Check Settings > Update or run `docker ps` and check nomad_admin image tag)
      placeholder: "e.g., 1.29.0"
    validations:
      required: true
  - type: dropdown
    id: os
    attributes:
      label: Operating System
      description: What OS are you running N.O.M.A.D. on?
      options:
        - Ubuntu 24.04
        - Ubuntu 22.04
        - Ubuntu 20.04
        - Debian 13 (Trixie)
        - Debian 12 (Bookworm)
        - Debian 11 (Bullseye)
        - Other Debian-based
        - Other (not yet officially supported)
    validations:
      required: true
  - type: input
    id: docker-version
    attributes:
      label: Docker Version
      description: What version of Docker are you running? (`docker --version`)
      placeholder: "e.g., Docker version 24.0.7"
  - type: dropdown
    id: gpu-present
    attributes:
      label: Do you have a dedicated GPU?
      options:
        - "Yes"
        - "No"
        - "Not sure"
    validations:
      required: true
  - type: input
    id: gpu-model
    attributes:
      label: GPU Model (if applicable)
      description: What GPU model do you have? (Check Settings > System or run `nvidia-smi` if NVIDIA GPU)
      placeholder: "e.g., NVIDIA GeForce RTX 3060"
  - type: textarea
    id: system-specs
    attributes:
      label: System Specifications
      description: Provide relevant system specs (CPU, RAM, available disk space)
      placeholder: |
        CPU: 
        RAM: 
        Available Disk Space: 
        GPU (if any): 
  - type: textarea
    id: service-status
    attributes:
      label: Service Status (if relevant)
      description: If this is a service-related issue, what's the status of relevant services? (Check Settings > Apps or run `docker ps`)
      placeholder: |
        Paste output from `docker ps` or describe service states from the UI
  - type: textarea
    id: logs
    attributes:
      label: Relevant Logs
      description: |
        Include any relevant logs or error messages. **Please redact any personal/sensitive information.**
        Useful commands for collecting logs:
        - N.O.M.A.D. management app: `docker logs nomad_admin`
        - Ollama: `docker logs nomad_ollama`
        - Qdrant: `docker logs nomad_qdrant`
        - Specific service: `docker logs nomad_<service-name>`
      placeholder: Paste relevant log output here
      render: shell
  - type: textarea
    id: browser-console
    attributes:
      label: Browser Console Errors (if UI issue)
      description: If this is a UI issue, include any errors from your browser's developer console (F12)
      placeholder: Paste browser console errors here
      render: javascript
  - type: textarea
    id: screenshots
    attributes:
      label: Screenshots
      description: If applicable, add screenshots to help explain your problem (drag and drop images here)
  - type: textarea
    id: additional-context
    attributes:
      label: Additional Context
      description: Add any other context about the problem here (network setup, custom configurations, recent changes, etc.)
  - type: checkboxes
    id: terms
    attributes:
      label: Pre-submission Checklist
      description: Please confirm the following before submitting
      options:
        - label: I have searched for existing issues that might be related to this bug
          required: true
        - label: I am running the latest version of Project N.O.M.A.D. (or have noted my version above)
          required: true
        - label: I have redacted any personal or sensitive information from logs and screenshots
          required: true
        - label: This issue is NOT related to running N.O.M.A.D. on an unsupported/non-Debian-based OS
          required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,17 @@
 blank_issues_enabled: false
 contact_links:
  - name: 💬 Discord Community
    url: https://discord.com/invite/crosstalksolutions
    about: Join our Discord community for general questions, support, and discussions
  - name: 📖 Documentation
    url: https://projectnomad.us
    about: Check the official documentation and guides
  - name: 🏆 Community Leaderboard
    url: https://benchmark.projectnomad.us
    about: View the N.O.M.A.D. benchmark leaderboard
  - name: 🤝 Contributing Guide
    url: https://github.com/Crosstalk-Solutions/project-nomad/blob/main/CONTRIBUTING.md
    about: Learn how to contribute to Project N.O.M.A.D.
  - name: 📅 Roadmap
    url: https://roadmap.projectnomad.us
    about: See our public roadmap, vote on features, and suggest new ones
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@ -0,0 +1,150 @@
 name: Feature Request
 description: Suggest a new feature or enhancement for Project N.O.M.A.D.
 title: "[Feature]: "
 labels: ["enhancement", "needs-discussion"]
 body:
  - type: markdown
    attributes:
      value: |
        Thanks for your interest in improving Project N.O.M.A.D.! Before you submit a feature request, consider checking our [roadmap](https://roadmap.projectnomad.us) to see if it's already planned or in progress. You're welcome to suggest new ideas there if you don't plan on opening PRs yourself.
        **Please note:** Feature requests are not guaranteed to be implemented. All requests are evaluated based on alignment with the project's goals, feasibility, and community demand.
        **Before submitting:**
        - Search existing feature requests and our [roadmap](https://roadmap.projectnomad.us) to avoid duplicates
        - Consider if this aligns with N.O.M.A.D.'s mission: offline-first knowledge and education
        - Consider the technical feasibility of the feature: N.O.M.A.D. is designed to be containerized and run on a wide range of hardware, so features that require heavy resources (aside from GPU-intensive tasks) or complex host configurations may be less likely to be implemented
        - Consider the scope of the feature: Small, focused enhancements that can be implemented incrementally are more likely to be implemented than large, broad features that would require significant development effort or have an unclear path forward
        - If you're able to contribute code, testing, or documentation, that significantly increases the chances of your feature being implemented
  - type: dropdown
    id: feature-category
    attributes:
      label: Feature Category
      description: What area does this feature relate to?
      options:
        - New Service/Tool Integration
        - AI Assistant Enhancement
        - Knowledge Base/RAG Improvement
        - Content Management (ZIM, Maps, Collections)
        - UI/UX Improvement
        - System Management
        - Performance Optimization
        - Documentation
        - Security
        - Other
    validations:
      required: true
  - type: textarea
    id: problem
    attributes:
      label: Problem Statement
      description: What problem does this feature solve? Is your feature request related to a pain point?
      placeholder: I find it frustrating when... / It would be helpful if... / Users struggle with...
    validations:
      required: true
  - type: textarea
    id: solution
    attributes:
      label: Proposed Solution
      description: Describe the feature or enhancement you'd like to see
      placeholder: Add a feature that... / Change the behavior to... / Integrate with...
    validations:
      required: true
  - type: textarea
    id: alternatives
    attributes:
      label: Alternative Solutions
      description: Have you considered any alternative solutions or workarounds?
      placeholder: I've tried... / Another approach could be... / A workaround is...
  - type: textarea
    id: use-case
    attributes:
      label: Use Case
      description: Describe a specific scenario where this feature would be valuable
      placeholder: |
        As a [type of user], when I [do something], I want to [accomplish something] so that [benefit].
        Example: Because I have a dedicated GPU, I want to be able to see in the UI if GPU support is enabled so that I can optimize performance and troubleshoot issues more easily.
  - type: dropdown
    id: user-type
    attributes:
      label: Who would benefit from this feature?
      description: What type of users would find this most valuable?
      multiple: true
      options:
        - Individual/Home Users
        - Families
        - Teachers/Educators
        - Students
        - Survivalists/Preppers
        - Developers/Contributors
        - Organizations
        - All Users
    validations:
      required: true
  - type: dropdown
    id: priority
    attributes:
      label: How important is this feature to you?
      options:
        - Critical - Blocking my use of N.O.M.A.D.
        - High - Would significantly improve my experience
        - Medium - Would be nice to have
        - Low - Minor convenience
    validations:
      required: true
  - type: textarea
    id: implementation-ideas
    attributes:
      label: Implementation Ideas (Optional)
      description: If you have technical suggestions for how this could be implemented, share them here
      placeholder: This could potentially use... / It might integrate with... / A possible approach is...
  - type: textarea
    id: examples
    attributes:
      label: Examples or References
      description: Are there similar features in other applications? Include links, screenshots, or descriptions
      placeholder: Similar to how [app name] does... / See this example at [URL]
  - type: dropdown
    id: willing-to-contribute
    attributes:
      label: Would you be willing to help implement this?
      description: Contributing increases the likelihood of implementation
      options:
        - "Yes - I can write the code"
        - "Yes - I can help test"
        - "Yes - I can help with documentation"
        - "Maybe - with guidance"
        - "No - I don't have the skills/time"
    validations:
      required: true
  - type: textarea
    id: additional-context
    attributes:
      label: Additional Context
      description: Add any other context, mockups, diagrams, or information about the feature request
  - type: checkboxes
    id: checklist
    attributes:
      label: Pre-submission Checklist
      description: Please confirm the following before submitting
      options:
        - label: I have searched for existing feature requests that might be similar
          required: true
        - label: This feature aligns with N.O.M.A.D.'s mission of offline-first knowledge and education
          required: true
        - label: I understand that feature requests are not guaranteed to be implemented
          required: true
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@ -0,0 +1,7 @@
 version: 2
 updates:
  - package-ecosystem: "npm"
    directory: "/admin"
    schedule:
      interval: "weekly"
    target-branch: "rc"
--- a/.github/scripts/finalize-release-notes.sh
+++ b/.github/scripts/finalize-release-notes.sh
@ -0,0 +1,133 @@
 #!/usr/bin/env bash
 #
 # finalize-release-notes.sh
 #
 # Stamps the "## Unreleased" section in a release-notes file with a version
 # and date, and extracts the section content for use in GitHub releases / email.
 # Also includes all commits since the last release for complete transparency.
 #
 # Usage:  finalize-release-notes.sh <version> <file-path>
 #
 # Exit codes:
 #   0 - Success: section stamped and extracted
 #   1 - No "## Unreleased" section found (skip gracefully)
 #   2 - Unreleased section exists but is empty (skip gracefully)
 set -euo pipefail
 VERSION="${1:?Usage: finalize-release-notes.sh <version> <file-path>}"
 FILE="${2:?Usage: finalize-release-notes.sh <version> <file-path>}"
 if [[ ! -f "$FILE" ]]; then
  echo "Error: File not found: $FILE" >&2
  exit 1
 fi
 # Find the line number of the ## Unreleased header (case-insensitive)
 HEADER_LINE=$(grep -inm1 '^## unreleased' "$FILE" | cut -d: -f1)
 if [[ -z "$HEADER_LINE" ]]; then
  echo "No '## Unreleased' section found. Skipping."
  exit 1
 fi
 TOTAL_LINES=$(wc -l < "$FILE")
 # Find the next section header (## Version ...) or --- separator after the Unreleased header
 NEXT_SECTION_LINE=""
 if [[ $HEADER_LINE -lt $TOTAL_LINES ]]; then
  NEXT_SECTION_LINE=$(tail -n +"$((HEADER_LINE + 1))" "$FILE" \
    | grep -nm1 '^## \|^---$' \
    | cut -d: -f1)
 fi
 if [[ -n "$NEXT_SECTION_LINE" ]]; then
  # NEXT_SECTION_LINE is relative to HEADER_LINE+1, convert to absolute
  END_LINE=$((HEADER_LINE + NEXT_SECTION_LINE - 1))
 else
  # Section runs to end of file
  END_LINE=$TOTAL_LINES
 fi
 # Extract content between header and next section (exclusive of both boundaries)
 CONTENT_START=$((HEADER_LINE + 1))
 CONTENT_END=$END_LINE
 # Extract the section body (between header line and the next boundary)
 SECTION_BODY=$(sed -n "${CONTENT_START},${CONTENT_END}p" "$FILE" | sed '/^$/N;/^\n$/d')
 # Check for actual content: strip blank lines and lines that are only markdown headers (###...)
 TRIMMED=$(echo "$SECTION_BODY" | sed '/^[[:space:]]*$/d')
 HAS_CONTENT=$(echo "$SECTION_BODY" | sed '/^[[:space:]]*$/d' | grep -v '^###' || true)
 if [[ -z "$TRIMMED" || -z "$HAS_CONTENT" ]]; then
  echo "Unreleased section is empty. Skipping."
  exit 2
 fi
 # Format the date as "Month Day, Year"
 DATE_STAMP=$(date +'%B %-d, %Y')
 NEW_HEADER="## Version ${VERSION} - ${DATE_STAMP}"
 # Build the replacement: swap the header line, keep everything else intact
 {
  # Lines before the Unreleased header
  if [[ $HEADER_LINE -gt 1 ]]; then
    head -n "$((HEADER_LINE - 1))" "$FILE"
  fi
  # New versioned header
  echo "$NEW_HEADER"
  # Content between header and next section
  sed -n "${CONTENT_START},${CONTENT_END}p" "$FILE"
  # Rest of the file after the section
  if [[ $END_LINE -lt $TOTAL_LINES ]]; then
    tail -n +"$((END_LINE + 1))" "$FILE"
  fi
 } > "${FILE}.tmp"
 mv "${FILE}.tmp" "$FILE"
 # Get commits since the last release
 LAST_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
 COMMIT_LIST=""
 if [[ -n "$LAST_TAG" ]]; then
  echo "Fetching commits since ${LAST_TAG}..."
  # Get commits between last tag and HEAD, excluding merge commits and skip ci commits
  COMMIT_LIST=$(git log "${LAST_TAG}..HEAD" \
    --no-merges \
    --pretty=format:"- %s ([%h](https://github.com/${GITHUB_REPOSITORY}/commit/%H))" \
    --grep="\[skip ci\]" --invert-grep \
    || echo "")
 else
  echo "No previous tag found, fetching all commits..."
  COMMIT_LIST=$(git log \
    --no-merges \
    --pretty=format:"- %s ([%h](https://github.com/${GITHUB_REPOSITORY}/commit/%H))" \
    --grep="\[skip ci\]" --invert-grep \
    || echo "")
 fi
 # Write the extracted section content (for GitHub release body / future email)
 {
  echo "$NEW_HEADER"
  echo ""
  if [[ -n "$TRIMMED" ]]; then
    echo "$TRIMMED"
    echo ""
  fi
  # Add commit history if available
  if [[ -n "$COMMIT_LIST" ]]; then
    echo "---"
    echo ""
    echo "### 📝 All Changes"
    echo ""
    echo "$COMMIT_LIST"
  fi
 } > "${FILE}.section"
 echo "Finalized release notes for v${VERSION}"
 echo "  Updated: ${FILE}"
 echo "  Extracted: ${FILE}.section"
 exit 0
--- a/.github/workflows/build-admin-on-pr.yml
+++ b/.github/workflows/build-admin-on-pr.yml
@ -0,0 +1,25 @@
 name: Build Admin
 on: pull_request
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version: '24'
          cache: 'npm'
      - name: Install dependencies
        run: npm ci
        working-directory: ./admin
      - name: Run build
        run: npm run build
        working-directory: ./admin
--- a/.github/workflows/build-disk-collector.yml
+++ b/.github/workflows/build-disk-collector.yml
@ -0,0 +1,51 @@
 name: Build Disk Collector Image
 on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Semantic version to label the Docker image under (no "v" prefix, e.g. "1.2.3")'
        required: true
        type: string
      tag_latest:
        description: 'Also tag this image as :latest?'
        required: false
        type: boolean
        default: false
 jobs:
  check_authorization:
    name: Check authorization to publish new Docker image
    runs-on: ubuntu-latest
    outputs:
      isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
    steps:
      - name: check-auth
        id: check-auth
        run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
  build:
    name: Build disk-collector image
    needs: check_authorization
    if: needs.check_authorization.outputs.isAuthorized == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: install/sidecar-disk-collector
          push: true
          tags: |
            ghcr.io/crosstalk-solutions/project-nomad-disk-collector:${{ inputs.version }}
            ghcr.io/crosstalk-solutions/project-nomad-disk-collector:v${{ inputs.version }}
            ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad-disk-collector:latest' || '' }}
--- a/.github/workflows/build-primary-image.yml
+++ b/.github/workflows/build-primary-image.yml
@ -1,12 +1,17 @@
-name: Build Docker Image
+name: Build Primary Docker Image
 on:
  workflow_dispatch:
    inputs:
      version:
-        description: 'Semantic version to label the Docker image under'
+        description: 'Semantic version to label the Docker image under (no "v" prefix, e.g. "1.2.3")'
        required: true
        type: string
      tag_latest:
        description: 'Also tag this image as :latest? (Keep false for RC and beta releases)'
        required: false
        type: boolean
        default: false
 jobs:
  check_authorization:
@ -28,7 +33,7 @@ jobs:
      packages: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
@ -41,4 +46,9 @@ jobs:
          push: true
          tags: |
            ghcr.io/crosstalk-solutions/project-nomad:${{ inputs.version }}
-            ghcr.io/crosstalk-solutions/project-nomad:latest
+            ghcr.io/crosstalk-solutions/project-nomad:v${{ inputs.version }}
            ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad:latest' || '' }}
          build-args: |
            VERSION=${{ inputs.version }}
            BUILD_DATE=${{ github.event.workflow_run.created_at }}
            VCS_REF=${{ github.sha }}
--- a/.github/workflows/build-sidecar-updater.yml
+++ b/.github/workflows/build-sidecar-updater.yml
@ -0,0 +1,51 @@
 name: Build Sidecar Updater Image
 on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Semantic version to label the Docker image under (no "v" prefix, e.g. "1.2.3")'
        required: true
        type: string
      tag_latest:
        description: 'Also tag this image as :latest?'
        required: false
        type: boolean
        default: false
 jobs:
  check_authorization:
    name: Check authorization to publish new Docker image
    runs-on: ubuntu-latest
    outputs:
      isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
    steps:
      - name: check-auth
        id: check-auth
        run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
  build:
    name: Build sidecar-updater image
    needs: check_authorization
    if: needs.check_authorization.outputs.isAuthorized == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: install/sidecar-updater
          push: true
          tags: |
            ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:${{ inputs.version }}
            ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:v${{ inputs.version }}
            ${{ inputs.tag_latest && 'ghcr.io/crosstalk-solutions/project-nomad-sidecar-updater:latest' || '' }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -22,7 +22,7 @@ jobs:
      newVersion: ${{ steps.semver.outputs.new_release_version }}
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          persist-credentials: false
@ -34,4 +34,58 @@ jobs:
          GIT_AUTHOR_NAME: cosmistack-bot
          GIT_AUTHOR_EMAIL: dev@cosmistack.com
          GIT_COMMITTER_NAME: cosmistack-bot
-          GIT_COMMITTER_EMAIL: dev@cosmistack.com
+          GIT_COMMITTER_EMAIL: dev@cosmistack.com
      - name: Finalize release notes
        # Skip for pre-releases (versions containing a hyphen, e.g. 1.27.0-rc.1)
        if: |
          steps.semver.outputs.new_release_published == 'true' &&
          !contains(steps.semver.outputs.new_release_version, '-')
        id: finalize-notes
        env:
          GITHUB_REPOSITORY: ${{ github.repository }}
        run: |
          git pull origin main
          chmod +x .github/scripts/finalize-release-notes.sh
          EXIT_CODE=0
          .github/scripts/finalize-release-notes.sh \
            "${{ steps.semver.outputs.new_release_version }}" \
            admin/docs/release-notes.md || EXIT_CODE=$?
          if [[ "$EXIT_CODE" -eq 0 ]]; then
            echo "has_notes=true" >> $GITHUB_OUTPUT
          else
            echo "has_notes=false" >> $GITHUB_OUTPUT
          fi
      - name: Commit finalized release notes
        if: |
          steps.semver.outputs.new_release_published == 'true' &&
          steps.finalize-notes.outputs.has_notes == 'true' &&
          !contains(steps.semver.outputs.new_release_version, '-')
        run: |
          git config user.name "cosmistack-bot"
          git config user.email "dev@cosmistack.com"
          git remote set-url origin https://x-access-token:${{ secrets.COSMISTACKBOT_ACCESS_TOKEN }}@github.com/${{ github.repository }}.git
          git add admin/docs/release-notes.md
          git commit -m "docs(release): finalize v${{ steps.semver.outputs.new_release_version }} release notes [skip ci]"
          git push origin main
      - name: Update GitHub release body
        if: |
          steps.semver.outputs.new_release_published == 'true' &&
          steps.finalize-notes.outputs.has_notes == 'true' &&
          !contains(steps.semver.outputs.new_release_version, '-')
        env:
          GH_TOKEN: ${{ secrets.COSMISTACKBOT_ACCESS_TOKEN }}
        run: |
          gh release edit "v${{ steps.semver.outputs.new_release_version }}" \
            --notes-file admin/docs/release-notes.md.section
      # Future: Send release notes email
      # - name: Send release notes email
      #   if: steps.semver.outputs.new_release_published == 'true' && steps.finalize-notes.outputs.has_notes == 'true'
      #   run: |
      #     curl -X POST "https://api.projectnomad.us/api/v1/newsletter/release" \
      #       -H "Authorization: Bearer ${{ secrets.NOMAD_API_KEY }}" \
      #       -H "Content-Type: application/json" \
      #       -d "{\"version\": \"${{ steps.semver.outputs.new_release_version }}\", \"body\": $(cat admin/docs/release-notes.md.section | jq -Rs .)}"
--- a/.github/workflows/validate-collection-urls.yml
+++ b/.github/workflows/validate-collection-urls.yml
@ -0,0 +1,58 @@
 name: Validate Collection URLs
 on:
  push:
    paths:
      - 'collections/**.json'
  pull_request:
    paths:
      - 'collections/**.json'
 jobs:
  validate-urls:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - name: Extract and validate URLs
        run: |
          FAILED=0
          CHECKED=0
          FAILED_URLS=""
          # Recursively extract all non-null string URLs from every JSON file in collections/
          URLS=$(jq -r '.. | .url? | select(type == "string")' collections/*.json | sort -u)
          while IFS= read -r url; do
            [ -z "$url" ] && continue
            CHECKED=$((CHECKED + 1))
            printf "Checking: %s ... " "$url"
            # Use Range: bytes=0-0 to avoid downloading the full file.
            # --max-filesize 1 aborts early if the server ignores the Range header
            # and returns 200 with the full body. The HTTP status is still captured.
            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
              --range 0-0 \
              --max-filesize 1 \
              --max-time 30 \
              --location \
              "$url")
            if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "206" ]; then
              echo "OK ($HTTP_CODE)"
            else
              echo "FAILED ($HTTP_CODE)"
              FAILED=$((FAILED + 1))
              FAILED_URLS="$FAILED_URLS\n  - $url (HTTP $HTTP_CODE)"
            fi
          done <<< "$URLS"
          echo ""
          echo "Checked $CHECKED URLs, $FAILED failed."
          if [ "$FAILED" -gt 0 ]; then
            echo ""
            echo "Broken URLs:"
            printf "%b\n" "$FAILED_URLS"
            exit 1
          fi
--- a/.releaserc.json
+++ b/.releaserc.json
@ -1,5 +1,8 @@
 {
-  "branches": ["master"],
+  "branches": [
    "main",
    { "name": "rc", "prerelease": "rc" }
  ],
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -0,0 +1,128 @@
 # Contributor Covenant Code of Conduct
 ## Our Pledge
 We as members, contributors, and leaders pledge to make participation in our
 community a harassment-free experience for everyone, regardless of age, body
 size, visible or invisible disability, ethnicity, sex characteristics, gender
 identity and expression, level of experience, education, socio-economic status,
 nationality, personal appearance, race, religion, or sexual identity
 and orientation.
 We pledge to act and interact in ways that contribute to an open, welcoming,
 diverse, inclusive, and healthy community.
 ## Our Standards
 Examples of behavior that contributes to a positive environment for our
 community include:
 * Demonstrating empathy and kindness toward other people
 * Being respectful of differing opinions, viewpoints, and experiences
 * Giving and gracefully accepting constructive feedback
 * Accepting responsibility and apologizing to those affected by our mistakes,
  and learning from the experience
 * Focusing on what is best not just for us as individuals, but for the
  overall community
 Examples of unacceptable behavior include:
 * The use of sexualized language or imagery, and sexual attention or
  advances of any kind
 * Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
 * Publishing others' private information, such as a physical or email
  address, without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
  professional setting
 ## Enforcement Responsibilities
 Community leaders are responsible for clarifying and enforcing our standards of
 acceptable behavior and will take appropriate and fair corrective action in
 response to any behavior that they deem inappropriate, threatening, offensive,
 or harmful.
 Community leaders have the right and responsibility to remove, edit, or reject
 comments, commits, code, wiki edits, issues, and other contributions that are
 not aligned to this Code of Conduct, and will communicate reasons for moderation
 decisions when appropriate.
 ## Scope
 This Code of Conduct applies within all community spaces, and also applies when
 an individual is officially representing the community in public spaces.
 Examples of representing our community include using an official e-mail address,
 posting via an official social media account, or acting as an appointed
 representative at an online or offline event.
 ## Enforcement
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
 .
 All complaints will be reviewed and investigated promptly and fairly.
 All community leaders are obligated to respect the privacy and security of the
 reporter of any incident.
 ## Enforcement Guidelines
 Community leaders will follow these Community Impact Guidelines in determining
 the consequences for any action they deem in violation of this Code of Conduct:
 ### 1. Correction
 **Community Impact**: Use of inappropriate language or other behavior deemed
 unprofessional or unwelcome in the community.
 **Consequence**: A private, written warning from community leaders, providing
 clarity around the nature of the violation and an explanation of why the
 behavior was inappropriate. A public apology may be requested.
 ### 2. Warning
 **Community Impact**: A violation through a single incident or series
 of actions.
 **Consequence**: A warning with consequences for continued behavior. No
 interaction with the people involved, including unsolicited interaction with
 those enforcing the Code of Conduct, for a specified period of time. This
 includes avoiding interactions in community spaces as well as external channels
 like social media. Violating these terms may lead to a temporary or
 permanent ban.
 ### 3. Temporary Ban
 **Community Impact**: A serious violation of community standards, including
 sustained inappropriate behavior.
 **Consequence**: A temporary ban from any sort of interaction or public
 communication with the community for a specified period of time. No public or
 private interaction with the people involved, including unsolicited interaction
 with those enforcing the Code of Conduct, is allowed during this period.
 Violating these terms may lead to a permanent ban.
 ### 4. Permanent Ban
 **Community Impact**: Demonstrating a pattern of violation of community
 standards, including sustained inappropriate behavior,  harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
 **Consequence**: A permanent ban from any sort of public interaction within
 the community.
 ## Attribution
 This Code of Conduct is adapted from the [Contributor Covenant][homepage],
 version 2.0, available at
 https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
 Community Impact Guidelines were inspired by [Mozilla's code of conduct
 enforcement ladder](https://github.com/mozilla/diversity).
 [homepage]: https://www.contributor-covenant.org
 For answers to common questions about this code of conduct, see the FAQ at
 https://www.contributor-covenant.org/faq. Translations are available at
 https://www.contributor-covenant.org/translations.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1,187 @@
 # Contributing to Project N.O.M.A.D.
 Thank you for your interest in contributing to Project N.O.M.A.D.! Community contributions are what keep this project growing and improving. Please read this guide fully before getting started — it will save you (and the maintainers) a lot of time.
 > **Note:** Acceptance of contributions is not guaranteed. All pull requests are evaluated based on quality, relevance, and alignment with the project's goals. The maintainers of Project N.O.M.A.D. ("Nomad") reserve the right accept, deny, or modify any pull request at their sole discretion.
 ---
 ## Table of Contents
 - [Code of Conduct](#code-of-conduct)
 - [Before You Start](#before-you-start)
 - [Getting Started](#getting-started)
 - [Development Workflow](#development-workflow)
 - [Commit Messages](#commit-messages)
 - [Release Notes](#release-notes)
 - [Versioning](#versioning)
 - [Submitting a Pull Request](#submitting-a-pull-request)
 - [Feedback & Community](#feedback--community)
 ---
 ## Code of Conduct
 Please read and review our full [Code of Conduct](https://github.com/Crosstalk-Solutions/project-nomad/blob/main/CODE_OF_CONDUCT.md) before contributing. In short: please be respectful and considerate in all interactions with maintainers and other contributors.
 We are committed to providing a welcoming environment for everyone. Disrespectful or abusive behavior will not be tolerated. 
 ---
 ## Before You Start
 **Open an issue first.** Before writing any code, please [open an issue](../../issues/new) to discuss your proposed change. This helps avoid duplicate work and ensures your contribution aligns with the project's direction.
 When opening an issue:
 - Use a clear, descriptive title
 - Describe the problem you're solving or the feature you want to add
 - If it's a bug, include steps to reproduce it and as much detail about your environment as possible
 - Ensure you redact any personal or sensitive information in any logs, configs, etc.
 ---
 ## Getting Started with Contributing
 **Please note**: this is the Getting Started guide for developing and contributing to Nomad, NOT [installing Nomad](https://github.com/Crosstalk-Solutions/project-nomad/blob/main/README.md) for regular use! 
 ### Prerequisites
 - A Debian-based OS (Ubuntu recommended)
 - `sudo`/root privileges
 - Docker installed and running
 - A stable internet connection (required for dependency downloads)
 - Node.js (for frontend/admin work)
 ### Fork & Clone
 1. Click **Fork** at the top right of this repository
 2. Clone your fork locally:
   ```bash
   git clone https://github.com/YOUR_USERNAME/project-nomad.git
   cd project-nomad
   ```
 3. Add the upstream remote so you can stay in sync:
   ```bash
   git remote add upstream https://github.com/Crosstalk-Solutions/project-nomad.git
   ```
 ### Avoid Installing a Release Version Locally
 Because Nomad relies heavily on Docker, we actually recommend against installing a release version of the project on the same local machine where you are developing. This can lead to conflicts with ports, volumes, and other resources. Instead, you can run your development version in a separate Docker environment while keeping your local machine clean. It certainly __can__ be done, but it adds complexity to your setup and workflow. If you choose to install a release version locally, please ensure you have a clear strategy for managing potential conflicts and resource usage.
 ---
 ## Development Workflow
 1. **Sync with upstream** before starting any new work. We prefer rebasing over merge commits to keep a clean, linear git history as much as possible (this also makes it easier for maintainers to review and merge your changes). To sync with upstream:
   ```bash
   git fetch upstream
   git checkout main
   git rebase upstream/main
   ```
 2. **Create a feature branch** off `main` with a descriptive name:
   ```bash
   git checkout -b fix/issue-123
   # or
   git checkout -b feature/add-new-tool
   ```
 3. **Make your changes.** Follow existing code style and conventions. Test your changes locally against a running N.O.M.A.D. instance before submitting.
 4. **Add release notes** (see [Release Notes](#release-notes) below).
 5. **Commit your changes** using [Conventional Commits](#commit-messages).
 6. **Push your branch** and open a pull request.
 ---
 ## Commit Messages
 This project uses [Conventional Commits](https://www.conventionalcommits.org/). All commit messages must follow this format:
 ```
 <type>(<scope>): <description>
 ```
 **Common types:**
 | Type | When to use |
 |------|-------------|
 | `feat` | A new user-facing feature |
 | `fix` | A bug fix |
 | `docs` | Documentation changes only |
 | `refactor` | Code change that isn't a fix or feature and does not affect functionality |
 | `chore` | Build process, dependency updates, tooling |
 | `test` | Adding or updating tests |
 **Scope** is optional but encouraged — use it to indicate the area of the codebase affected (e.g., `api`, `ui`, `maps`).
 **Examples:**
 ```
 feat(ui): add dark mode toggle to Command Center
 fix(api): resolve container status not updating after restart
 docs: update hardware requirements in README
 chore(deps): bump docker-compose to v2.24
 ```
 ---
 ## Release Notes
 Human-readable release notes live in [`admin/docs/release-notes.md`](admin/docs/release-notes.md) and are displayed directly in the Command Center UI.
 When your changes include anything user-facing, **add a summary to the `## Unreleased` section** at the top of that file under the appropriate heading:
 - **Features** — new user-facing capabilities
 - **Bug Fixes** — corrections to existing behavior
 - **Improvements** — enhancements, refactors, docs, or dependency updates
 Use the format `- **Area**: Description` to stay consistent with existing entries.
 **Example:**
 ```markdown
 ## Unreleased
 ### Features
 - **Maps**: Added support for downloading South America regional maps
 ### Bug Fixes
 - **AI Chat**: Fixed document upload failing on filenames with special characters
 ```
 > When a release is triggered, CI automatically stamps the version and date, commits the update, and publishes the content to the GitHub release. You do not need to do this manually.
 ---
 ## Versioning
 This project uses [Semantic Versioning](https://semver.org/). Versions are managed in the root `package.json` and updated automatically by `semantic-release`. The `project-nomad` Docker image uses this version. The `admin/package.json` version stays at `0.0.0` and should not be changed manually.
 ---
 ## Submitting a Pull Request
 1. Push your branch to your fork:
   ```bash
   git push origin your-branch-name
   ```
 2. Open a pull request against the `main` branch of this repository
 3. In the PR description:
   - Summarize what your changes do and why
   - Reference the related issue (e.g., `Closes #123`)
   - Note any relevant testing steps or environment details
 4. Be responsive to feedback — maintainers may request changes. Pull requests with no activity for an extended period may be closed.
 ---
 ## Feedback & Community
 Have questions or want to discuss ideas before opening an issue? Join the community:
 - **Discord:** [Join the Crosstalk Solutions server](https://discord.com/invite/crosstalksolutions) — the best place to get help, share your builds, and talk with other N.O.M.A.D. users
 - **Website:** [www.projectnomad.us](https://www.projectnomad.us)
 - **Benchmark Leaderboard:** [benchmark.projectnomad.us](https://benchmark.projectnomad.us)
 ---
 *Project N.O.M.A.D. is licensed under the [Apache License 2.0](LICENSE).*
--- a/31
+++ b/31
@ -1,7 +1,7 @@
-FROM node:22.16.0-alpine3.22 AS base
+FROM node:22-slim AS base
-# Install bash & curl for entrypoint script compatibility
+# Install bash & curl for entrypoint script compatibility, graphicsmagick for pdf2pic, and vips-dev & build-base for sharp 
-RUN apk add --no-cache bash curl
+RUN apt-get update && apt-get install -y bash curl graphicsmagick libvips-dev build-essential
 # All deps stage
 FROM base AS deps
@ -24,12 +24,35 @@ RUN node ace build
 # Production stage
 FROM base
 ARG VERSION=dev
 ARG BUILD_DATE
 ARG VCS_REF
 # Labels
 LABEL org.opencontainers.image.title="Project N.O.M.A.D" \
      org.opencontainers.image.description="The Project N.O.M.A.D Official Docker image" \
      org.opencontainers.image.version="${VERSION}" \
      org.opencontainers.image.created="${BUILD_DATE}" \
      org.opencontainers.image.revision="${VCS_REF}" \
      org.opencontainers.image.vendor="Crosstalk Solutions, LLC" \
      org.opencontainers.image.documentation="https://github.com/CrosstalkSolutions/project-nomad/blob/main/README.md" \
      org.opencontainers.image.source="https://github.com/CrosstalkSolutions/project-nomad" \
      org.opencontainers.image.licenses="Apache-2.0"
 ENV NODE_ENV=production
 WORKDIR /app
 COPY --from=production-deps /app/node_modules /app/node_modules
 COPY --from=build /app/build /app
 # Copy root package.json for version info
 COPY package.json /app/version.json
 # Copy docs and README for access within the container
 COPY admin/docs /app/docs
 COPY README.md /app/README.md
 # Copy entrypoint script and ensure it's executable
 COPY install/entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
 EXPOSE 8080
-CMD ["node", "./bin/server.js"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
--- a/FAQ.md
+++ b/FAQ.md
@ -0,0 +1,100 @@
 # Frequently Asked Questions (FAQ)
 Find answers to some of the most common questions about Project N.O.M.A.D.
 ## Can I customize the port(s) that NOMAD uses?
 Yes, you can customize the ports that NOMAD's core services (Command Center, MySQL, Redis) use. Please refer to the [Advanced Installation](README.md#advanced-installation) section of the README for more details on how to do this.
 Note: As of 3/24/2026, only the core services defined in the `docker-compose.yml` file currently support port customization - the installable applications (e.g. Ollama, Kiwix, etc.) do not yet support this, but we have multiple PR's in the works to add this feature for all installable applications in a future release.
 ## Can I customize the storage location for NOMAD's data?
 Yes, you can customize the storage location for NOMAD's content by modifying the `docker-compose.yml` file to adjust the appropriate bind mounts to point to your desired storage location on your host machine. Please refer to the [Advanced Installation](README.md#advanced-installation) section of the README for more details on how to do this.
 ## Can I run NOMAD on MAC, WSL2, or a non-Debian-based Distro?
 See [Why does NOMAD require a Debian-based OS?](#why-does-nomad-require-a-debian-based-os)
 ## Why does NOMAD require a Debian-based OS?
 Project N.O.M.A.D. is currently designed to run on Debian-based Linux distributions (with Ubuntu being the recommended distro) because our installation scripts and Docker configurations are optimized for this environment. While it's technically possible to run the Docker containers on other operating systems that support Docker, we have not tested or optimized the installation process for non-Debian-based systems, so we cannot guarantee a smooth experience on those platforms at this time.
 Support for other operating systems will come in the future, but because our development resources are limited as a free and open-source project, we needed to prioritize our efforts and focus on a narrower set of supported platforms for the initial release. We chose Debian-based Linux as our starting point because it's widely used, easy to spin up, and provides a stable environment for running Docker containers.
 Community members have provided guides for running N.O.M.A.D. on other platforms (e.g. WSL2, Mac, etc.) in our Discord community and [Github Discussions](https://github.com/Crosstalk-Solutions/project-nomad/discussions), so if you're interested in running N.O.M.A.D. on a non-Debian-based system, we recommend checking there for any available resources or guides. However, keep in mind that if you choose to run N.O.M.A.D. on a non-Debian-based system, you may encounter issues that we won't be able to provide support for, and you may need to have a higher level of technical expertise to troubleshoot and resolve any problems that arise.
 ## Can I run NOMAD on a Raspberry Pi or other ARM-based device?
 Project N.O.M.A.D. is currently designed to run on x86-64 architecture, and we have not yet tested or optimized it for ARM-based devices like the Raspberry Pi (and have not published any official images for ARM architecture).
 Support for ARM-based devices is on our roadmap, but our initial focus was on x86-64 hardware due to its widespread use and compatibility with a wide range of applications.
 Community members have forked and published their own ARM-compatible images and installation guides for running N.O.M.A.D. on Raspberry Pi and other ARM-based devices in our Discord community and [Github Discussions](https://github.com/Crosstalk-Solutions/project-nomad/discussions), but these are not officially supported by the core development team, and we cannot guarantee their functionality or provide support for any issues that arise when using these community-created resources.
 ## What are the hardware requirements for running NOMAD?
 Project N.O.M.A.D. itself is quite lightweight and can run on even modest x86-64 hardware, but the tools and resources you choose to install with N.O.M.A.D. will determine the specs required for your unique deployment. Please see the [Hardware Guide](https://www.projectnomad.us/hardware) for detailed build recommendations at various price points.
 ## Does NOMAD support languages other than English?
 As of March 2026, Project N.O.M.A.D.'s UI is only available in English, and the majority of the tools and resources available through N.O.M.A.D. are also primarily in English. However, we have multi-language support on our roadmap for a future release, and we are actively working on adding support for additional languages both in the UI and in the available tools/resources. If you're interested in contributing to this effort, please check out our [CONTRIBUTING.md](CONTRIBUTING.md) file for guidelines on how to get involved.
 ## What technologies is NOMAD built with?
 Project N.O.M.A.D. is built using a combination of technologies, including:
 - **Docker:** for containerization of the Command Center and its dependencies
 - **Node.js & TypeScript:** for the backend of the Command Center, particularly the [AdonisJS](https://adonisjs.com/) framework
 - **React:** for the frontend of the Command Center, utilizing [Vite](https://vitejs.dev/) and [Inertia.js](https://inertiajs.com/) under the hood
 - **MySQL:** for the Command Center's database
 - **Redis:** for various caching, background jobs, "cron" tasks, and other internal processes within the Command Center
 NOMAD makes use of the Docker-outside-of-Docker ("DooD") pattern, which allows the Command Center to manage and orchestrate other Docker containers on the host machine without needing to run Docker itself inside a container. This approach provides better performance and compatibility with a wider range of host environments while still allowing for powerful container management capabilities through the Command Center's UI.
 ## Can I run NOMAD if I have existing Docker containers on my machine?
 Yes, you can safely run Project N.O.M.A.D. on a machine that already has existing Docker containers. NOMAD is designed to coexist with other Docker containers and will not interfere with them as long as there are no port conflicts or resource constraints.
 All of NOMAD's containers are prefixed with `nomad_` in their names, so they can be easily identified and managed separately from any other containers you may have running. Just make sure to review the ports that NOMAD's core services (Command Center, MySQL, Redis) use during installation and adjust them if necessary to avoid conflicts with your existing containers.
 ## Why does NOMAD require access to the Docker socket?
 See [What technologies is NOMAD built with?](#what-technologies-is-nomad-built-with)
 ## Can I use any AI models?
 NOMAD by default uses Ollama inside of a docker container to run LLM Models for the AI Assistant. So if you find a model on HuggingFace for example, you won't be able to use that model in NOMAD. The list of available models in the AI Assistant settings (/settings/models) may not show all of the models you are looking for. If you found a model from https://ollama.com/search that you'd like to try and its not in the settings page, you can use a curl command to download the model.  
 `curl -X POST -H "Content-Type: application/json" -d '{"model":"MODEL_NAME_HERE"}' http://localhost:8080/api/ollama/models` replacing MODEL_NAME_HERE with the model name from whats in the ollama website.
 ## Do I have to install the AI features in NOMAD?
 No, the AI features in NOMAD (Ollama, Qdrant, custom RAG pipeline, etc.) are all optional and not required to use the core functionality of NOMAD.
 ## Is NOMAD actually free? Are there any hidden costs?
 Yes, Project N.O.M.A.D. is completely free and open-source software licensed under the Apache License 2.0. There are no hidden costs or fees associated with using NOMAD itself, and we don't have any plans to introduce "premium" features or paid tiers.
 Aside from the cost of the hardware you choose to run it on, there are no costs associated with using NOMAD.
 ## Do you sell hardware or pre-built devices with NOMAD pre-installed?
 No, we do not sell hardware or pre-built devices with NOMAD pre-installed at this time. Project N.O.M.A.D. is a free and open-source software project, and we provide detailed installation instructions and hardware recommendations for users to set up their own NOMAD instances on compatible hardware of their choice. The tradeoff to this DIY approach is some additional setup time and technical know-how required on the user's end, but it also allows for greater flexibility and customization in terms of hardware selection and configuration to best suit each user's unique needs, budget, and preferences.
 ## How quickly are issues resolved when reported?
 We strive to address and resolve issues as quickly as possible, but please keep in mind that Project N.O.M.A.D. is a free and open-source project maintained by a small team of volunteers. We prioritize issues based on their severity, impact on users, and the resources required to resolve them. Critical issues that affect a large number of users are typically addressed more quickly, while less severe issues may take longer to resolve. Aside from the development efforts needed to address the issue, we do our best to conduct thorough testing and validation to ensure that any fix we implement doesn't introduce new issues or regressions, which also adds to the time it takes to resolve an issue.
 We also encourage community involvement in troubleshooting and resolving issues, so if you encounter a problem, please consider checking our Discord community and Github Discussions for potential solutions or workarounds while we work on an official fix.
 ## How often are new features added or updates released?
 We aim to release updates and new features on a regular basis, but the exact timing can vary based on the complexity of the features being developed, the resources available to our volunteer development team, and the feedback and needs of our community. We typically release smaller "patch" versions more frequently to address bugs and make minor improvements, while larger feature releases may take more time to develop and test before they're ready for release.
 ## I opened a PR to contribute a new feature or fix a bug. How long does it usually take for PRs to be reviewed and merged?
 We appreciate all contributions to the project and strive to review and merge pull requests (PRs) as quickly as possible. The time it takes for a PR to be reviewed and merged can vary based on several factors, including the complexity of the changes, the current workload of our maintainers, and the need for any additional testing or revisions.
 Because NOMAD is still a young project, some PRs (particularly those for new features) may take longer to review and merge as we prioritize building out the core functionality and ensuring stability before adding new features. However, we do our best to provide timely feedback on all PRs and keep contributors informed about the status of their contributions.
 ## I have a question that isn't answered here. Where can I ask for help?
 If you have a question that isn't answered in this FAQ, please feel free to ask for help in our Discord community (https://discord.com/invite/crosstalksolutions) or on our Github Discussions page (https://github.com/Crosstalk-Solutions/project-nomad/discussions).
 ## I have a suggestion for a new feature or improvement. How can I share it?
 We welcome and encourage suggestions for new features and improvements! We highly encourage sharing your ideas (or upvoting existing suggestions) on our public roadmap at https://roadmap.projectnomad.us, where we track new feature requests. This is the best way to ensure that your suggestion is seen by the development team and the community, and it also allows other community members to upvote and show support for your idea, which can help prioritize it for future development.
--- a/190
+++ b/190
@ -0,0 +1,190 @@
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to the Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by the Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding any notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   Copyright 2024-2026 Crosstalk Solutions LLC
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/README.md
+++ b/README.md
@ -1,38 +1,64 @@
-# *NOTE: Project N.O.M.A.D. is still in active development and should not be considered stable!*
+<div align="center">
 <img src="https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/admin/public/project_nomad_logo.png" width="200" height="200"/>
 # Project N.O.M.A.D.
 ### Node for Offline Media, Archives, and Data
 **Knowledge That Never Goes Offline**
 [![Website](https://img.shields.io/badge/Website-projectnomad.us-blue)](https://www.projectnomad.us)
 [![Discord](https://img.shields.io/badge/Discord-Join%20Community-5865F2)](https://discord.com/invite/crosstalksolutions)
 [![Benchmark](https://img.shields.io/badge/Benchmark-Leaderboard-green)](https://benchmark.projectnomad.us)
 <div style="width: 100;text-align: center;margin-bottom: 25px;">
 <img src="https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/master/admin/public/project_nomad_logo.png" width="200" height="200"/>
 </div>
-# Project N.O.M.A.D. (Node for Offline Media, Archives, and Data)
+---
-Project N.O.M.A.D., is a self-contained, offline survival computer packed with critical tools, knowledge, and AI to keep you informed and empowered—anytime, anywhere.
+
 Project N.O.M.A.D. is a self-contained, offline-first knowledge and education server packed with critical tools, knowledge, and AI to keep you informed and empowered—anytime, anywhere.
 ## Installation & Quickstart
 Project N.O.M.A.D. can be installed on any Debian-based operating system (we recommend Ubuntu). Installation is completely terminal-based, and all tools and resources are designed to be accessed through the browser, so there's no need for a desktop environment if you'd rather setup N.O.M.A.D. as a "server" and access it through other clients.
 *Note: sudo/root privileges are required to run the install script*
-#### One-liner (recommended for fresh Ubuntu installs)
+### Quick Install (Debian-based OS Only)
 ```bash
-sudo apt-get update && sudo apt-get install -y curl && curl -fsSL https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/master/install/install_nomad.sh | sudo bash
+sudo apt-get update && sudo apt-get install -y curl && curl -fsSL https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/install/install_nomad.sh -o install_nomad.sh && sudo bash install_nomad.sh
 ```
 #### Two-step install (if you already have curl)
 ```bash
 curl -fsSL https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/master/install/install_nomad.sh -o install_nomad.sh
 ```
 ```bash
 sudo bash install_nomad.sh
 ```
 Project N.O.M.A.D. is now installed on your device! Open a browser and navigate to `http://localhost:8080` (or `http://DEVICE_IP:8080`) to start exploring!
-## How It Works
+For a complete step-by-step walkthrough (including Ubuntu installation), see the [Installation Guide](https://www.projectnomad.us/install).
 From a technical standpoint, N.O.M.A.D. is primarily a management UI ("Command Center") and API that orchestrates a goodie basket of containerized offline archive tools and resources such as 
 [Kiwix](https://kiwix.org/), [OpenStreetMap](https://www.openstreetmap.org/), [Ollama](https://ollama.com/), [OpenWebUI](https://openwebui.com/), and more.
-By abstracting the installation of each of these awesome tools, N.O.M.A.D. makes getting your offline survival computer up and running a breeze! N.O.M.A.D. also includes some additional built-in handy tools, such as a ZIM library managment interface, calculators, and more.
+### Advanced Installation
 For more control over the installation process, copy and paste the [Docker Compose template](https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/install/management_compose.yaml) into a `docker-compose.yml` file and customize it to your liking (be sure to replace any placeholders with your actual values). Then, run `docker compose up -d` to start the Command Center and its dependencies. Note: this method is recommended for advanced users only, as it requires familiarity with Docker and manual configuration before starting.
 ## How It Works
 N.O.M.A.D. is a management UI ("Command Center") and API that orchestrates a collection of containerized tools and resources via [Docker](https://www.docker.com/). It handles installation, configuration, and updates for everything — so you don't have to.
 **Built-in capabilities include:**
 - **AI Chat with Knowledge Base** — local AI chat powered by [Ollama](https://ollama.com/), with document upload and semantic search (RAG via [Qdrant](https://qdrant.tech/))
 - **Information Library** — offline Wikipedia, medical references, ebooks, and more via [Kiwix](https://kiwix.org/)
 - **Education Platform** — Khan Academy courses with progress tracking via [Kolibri](https://learningequality.org/kolibri/)
 - **Offline Maps** — downloadable regional maps via [ProtoMaps](https://protomaps.com)
 - **Data Tools** — encryption, encoding, and analysis via [CyberChef](https://gchq.github.io/CyberChef/)
 - **Notes** — local note-taking via [FlatNotes](https://github.com/dullage/flatnotes)
 - **System Benchmark** — hardware scoring with a [community leaderboard](https://benchmark.projectnomad.us)
 - **Easy Setup Wizard** — guided first-time configuration with curated content collections
 N.O.M.A.D. also includes built-in tools like a Wikipedia content selector, ZIM library manager, and content explorer.
 ## What's Included
 | Capability | Powered By | What You Get |
 |-----------|-----------|-------------|
 | Information Library | Kiwix | Offline Wikipedia, medical references, survival guides, ebooks |
 | AI Assistant | Ollama + Qdrant | Built-in chat with document upload and semantic search |
 | Education Platform | Kolibri | Khan Academy courses, progress tracking, multi-user support |
 | Offline Maps | ProtoMaps | Downloadable regional maps with search and navigation |
 | Data Tools | CyberChef | Encryption, encoding, hashing, and data analysis |
 | Notes | FlatNotes | Local note-taking with markdown support |
 | System Benchmark | Built-in | Hardware scoring, Builder Tags, and community leaderboard |
 ## Device Requirements
 While many similar offline survival computers are designed to be run on bare-minimum, lightweight hardware, Project N.O.M.A.D. is quite the opposite. To install and run the
@ -54,13 +80,18 @@ To run LLM's and other included AI tools:
 #### Optimal Specs
 - Processor: AMD Ryzen 7 or Intel Core i7 or better
 - RAM: 32 GB system memory
- Graphics: NVIDIA RTX 3060 or better (more VRAM = run larger models)
+- Graphics: NVIDIA RTX 3060 or AMD equivalent or better (more VRAM = run larger models)
 - Storage: At least 250 GB free disk space (preferably on SSD)
 - OS: Debian-based (Ubuntu recommended)
 - Stable internet connection (required during install only)
 **For detailed build recommendations at three price points ($150–$1,000+), see the [Hardware Guide](https://www.projectnomad.us/hardware).**
 Again, Project N.O.M.A.D. itself is quite lightweight - it's the tools and resources you choose to install with N.O.M.A.D. that will determine the specs required for your unique deployment
 ## Frequently Asked Questions (FAQ)
 For answers to common questions about Project N.O.M.A.D., please see our [FAQ](FAQ.md) page.
 ## About Internet Usage & Privacy
 Project N.O.M.A.D. is designed for offline usage. An internet connection is only required during the initial installation (to download dependencies) and if you (the user) decide to download additional tools and resources at a later time. Otherwise, N.O.M.A.D. does not require an internet connection and has ZERO built-in telemetry.
@ -69,10 +100,24 @@ To test internet connectivity, N.O.M.A.D. attempts to make a request to Cloudfla
 ## About Security
 By design, Project N.O.M.A.D. is intended to be open and available without hurdles - it includes no authentication. If you decide to connect your device to a local network after install (e.g. for allowing other devices to access it's resources), you can block/open ports to control which services are exposed.
-## Versioning
+**Will authentication be added in the future?** Maybe. It's not currently a priority, but if there's enough demand for it, we may consider building in an optional authentication layer in a future release to support uses cases where multiple users need access to the same instance but with different permission levels (e.g. family use with parental controls, classroom use with teacher/admin accounts, etc.). We have a suggestion for this on our public roadmap, so if this is something you'd like to see, please upvote it here: https://roadmap.projectnomad.us/posts/1/user-authentication-please-build-in-user-auth-with-admin-user-roles
-This project uses semantic versioning. The version is managed in the root `package.json` 
+
-and automatically updated by semantic-release. For simplicity's sake, the "project-nomad" container
+For now, we recommend using network-level controls to manage access if you're planning to expose your N.O.M.A.D. instance to other devices on a local network. N.O.M.A.D. is not designed to be exposed directly to the internet, and we strongly advise against doing so unless you really know what you're doing, have taken appropriate security measures, and understand the risks involved.
-uses the same version defined there instead of the version in `admin/package.json` (stays at 0.0.0), as it's the only container derived from the code.
+
 ## Contributing
 Contributions are welcome and appreciated! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute to the project.
 ## Community & Resources
 - **Website:** [www.projectnomad.us](https://www.projectnomad.us) - Learn more about the project
 - **Discord:** [Join the Community](https://discord.com/invite/crosstalksolutions) - Get help, share your builds, and connect with other NOMAD users
 - **Benchmark Leaderboard:** [benchmark.projectnomad.us](https://benchmark.projectnomad.us) - See how your hardware stacks up against other NOMAD builds
 - **Troubleshooting Guide:** [TROUBLESHOOTING.md](TROUBLESHOOTING.md) - Find solutions to common issues
 - **FAQ:** [FAQ.md](FAQ.md) - Find answers to frequently asked questions
 ## License
 Project N.O.M.A.D. is licensed under the [Apache License 2.0](LICENSE).
 ## Helper Scripts
 Once installed, Project N.O.M.A.D. has a few helper scripts should you ever need to troubleshoot issues or perform maintenance that can't be done through the Command Center. All of these scripts are found in Project N.O.M.A.D.'s install directory, `/opt/project-nomad`
@ -87,7 +132,7 @@ sudo bash /opt/project-nomad/start_nomad.sh
 ###### Stop Script - Stops all installed project containers
 ```bash
-sudo bash /opt/project-nomad/start_nomad.sh
+sudo bash /opt/project-nomad/stop_nomad.sh
 ```
 ###
@ -98,9 +143,5 @@ sudo bash /opt/project-nomad/update_nomad.sh
 ###### Uninstall Script - Need to start fresh? Use the uninstall script to make your life easy. Note: this cannot be undone!
 ```bash
-curl -fsSL https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/master/install/uninstall_nomad.sh -o uninstall_nomad.sh
+curl -fsSL https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/install/uninstall_nomad.sh -o uninstall_nomad.sh && sudo bash uninstall_nomad.sh
 ```
 ```bash
 sudo bash uninstall_nomad.sh
 ```
--- a/admin/README.md
+++ b/admin/README.md
@ -1,5 +0,0 @@
 ## Docker container
 ```
 docker run --rm -it -p 8080:8080 jturnercosmistack/projectnomad:admin-latest -e PORT=8080 -e HOST=0.0.0.0 -e APP_KEY=secretlongpasswordsecret -e LOG_LEVEL=debug -e DRIVE_DISK=fs
 ```
--- a/admin/app/controllers/benchmark_controller.ts
+++ b/admin/app/controllers/benchmark_controller.ts
@ -179,7 +179,9 @@ export default class BenchmarkController {
        percentile: submitResult.percentile,
      })
    } catch (error) {
-      return response.status(400).send({
+      // Pass through the status code from the service if available, otherwise default to 400
      const statusCode = (error as any).statusCode || 400
      return response.status(statusCode).send({
        success: false,
        error: error.message,
      })
--- a/admin/app/controllers/chats_controller.ts
+++ b/admin/app/controllers/chats_controller.ts
@ -0,0 +1,113 @@
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
 import { ChatService } from '#services/chat_service'
 import { createSessionSchema, updateSessionSchema, addMessageSchema } from '#validators/chat'
 import KVStore from '#models/kv_store'
 import { SystemService } from '#services/system_service'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
@inject()
 export default class ChatsController {
  constructor(private chatService: ChatService, private systemService: SystemService) {}
  async inertia({ inertia, response }: HttpContext) {
    const aiAssistantInstalled = await this.systemService.checkServiceInstalled(SERVICE_NAMES.OLLAMA)
    if (!aiAssistantInstalled) {
      return response.status(404).json({ error: 'AI Assistant service not installed' })
    }
    const chatSuggestionsEnabled = await KVStore.getValue('chat.suggestionsEnabled')
    return inertia.render('chat', {
      settings: {
        chatSuggestionsEnabled: chatSuggestionsEnabled ?? false,
      },
    })
  }
  async index({}: HttpContext) {
    return await this.chatService.getAllSessions()
  }
  async show({ params, response }: HttpContext) {
    const sessionId = parseInt(params.id)
    const session = await this.chatService.getSession(sessionId)
    if (!session) {
      return response.status(404).json({ error: 'Session not found' })
    }
    return session
  }
  async store({ request, response }: HttpContext) {
    try {
      const data = await request.validateUsing(createSessionSchema)
      const session = await this.chatService.createSession(data.title, data.model)
      return response.status(201).json(session)
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to create session',
      })
    }
  }
  async suggestions({ response }: HttpContext) {
    try {
      const suggestions = await this.chatService.getChatSuggestions()
      return response.status(200).json({ suggestions })
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to get suggestions',
      })
    }
  }
  async update({ params, request, response }: HttpContext) {
    try {
      const sessionId = parseInt(params.id)
      const data = await request.validateUsing(updateSessionSchema)
      const session = await this.chatService.updateSession(sessionId, data)
      return session
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to update session',
      })
    }
  }
  async destroy({ params, response }: HttpContext) {
    try {
      const sessionId = parseInt(params.id)
      await this.chatService.deleteSession(sessionId)
      return response.status(204)
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to delete session',
      })
    }
  }
  async addMessage({ params, request, response }: HttpContext) {
    try {
      const sessionId = parseInt(params.id)
      const data = await request.validateUsing(addMessageSchema)
      const message = await this.chatService.addMessage(sessionId, data.role, data.content)
      return response.status(201).json(message)
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to add message',
      })
    }
  }
  async destroyAll({ response }: HttpContext) {
    try {
      const result = await this.chatService.deleteAllSessions()
      return response.status(200).json(result)
    } catch (error) {
      return response.status(500).json({
        error: error instanceof Error ? error.message : 'Failed to delete all sessions',
      })
    }
  }
 }
--- a/admin/app/controllers/collection_updates_controller.ts
+++ b/admin/app/controllers/collection_updates_controller.ts
@ -0,0 +1,30 @@
 import { CollectionUpdateService } from '#services/collection_update_service'
 import {
  assertNotPrivateUrl,
  applyContentUpdateValidator,
  applyAllContentUpdatesValidator,
 } from '#validators/common'
 import type { HttpContext } from '@adonisjs/core/http'
 export default class CollectionUpdatesController {
  async checkForUpdates({}: HttpContext) {
    const service = new CollectionUpdateService()
    return await service.checkForUpdates()
  }
  async applyUpdate({ request }: HttpContext) {
    const update = await request.validateUsing(applyContentUpdateValidator)
    assertNotPrivateUrl(update.download_url)
    const service = new CollectionUpdateService()
    return await service.applyUpdate(update)
  }
  async applyAllUpdates({ request }: HttpContext) {
    const { updates } = await request.validateUsing(applyAllContentUpdatesValidator)
    for (const update of updates) {
      assertNotPrivateUrl(update.download_url)
    }
    const service = new CollectionUpdateService()
    return await service.applyAllUpdates(updates)
  }
 }
--- a/admin/app/controllers/downloads_controller.ts
+++ b/admin/app/controllers/downloads_controller.ts
@ -15,4 +15,9 @@ export default class DownloadsController {
    const payload = await request.validateUsing(downloadJobsByFiletypeSchema)
    return this.downloadService.listDownloadJobs(payload.params.filetype)
  }
  async removeJob({ params }: HttpContext) {
    await this.downloadService.removeFailedJob(params.jobId)
    return { success: true }
  }
 }
--- a/admin/app/controllers/easy_setup_controller.ts
+++ b/admin/app/controllers/easy_setup_controller.ts
@ -1,5 +1,6 @@
 import { SystemService } from '#services/system_service'
 import { ZimService } from '#services/zim_service'
 import { CollectionManifestService } from '#services/collection_manifest_service'
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
@ -26,4 +27,22 @@ export default class EasySetupController {
  async listCuratedCategories({}: HttpContext) {
    return await this.zimService.listCuratedCategories()
  }
  async refreshManifests({}: HttpContext) {
    const manifestService = new CollectionManifestService()
    const [zimChanged, mapsChanged, wikiChanged] = await Promise.all([
      manifestService.fetchAndCacheSpec('zim_categories'),
      manifestService.fetchAndCacheSpec('maps'),
      manifestService.fetchAndCacheSpec('wikipedia'),
    ])
    return {
      success: true,
      changed: {
        zim_categories: zimChanged,
        maps: mapsChanged,
        wikipedia: wikiChanged,
      },
    }
  }
 }
--- a/admin/app/controllers/maps_controller.ts
+++ b/admin/app/controllers/maps_controller.ts
@ -1,5 +1,6 @@
 import { MapService } from '#services/map_service'
 import {
  assertNotPrivateUrl,
  downloadCollectionValidator,
  filenameParamValidator,
  remoteDownloadValidator,
@ -25,12 +26,14 @@ export default class MapsController {
  async downloadBaseAssets({ request }: HttpContext) {
    const payload = await request.validateUsing(remoteDownloadValidatorOptional)
    if (payload.url) assertNotPrivateUrl(payload.url)
    await this.mapService.downloadBaseAssets(payload.url)
    return { success: true }
  }
  async downloadRemote({ request }: HttpContext) {
    const payload = await request.validateUsing(remoteDownloadValidator)
    assertNotPrivateUrl(payload.url)
    const filename = await this.mapService.downloadRemote(payload.url)
    return {
      message: 'Download started successfully',
@ -52,6 +55,7 @@ export default class MapsController {
  // For providing a "preflight" check in the UI before actually starting a background download
  async downloadRemotePreflight({ request }: HttpContext) {
    const payload = await request.validateUsing(remoteDownloadValidator)
    assertNotPrivateUrl(payload.url)
    const info = await this.mapService.downloadRemotePreflight(payload.url)
    return info
  }
@ -69,7 +73,7 @@ export default class MapsController {
    return await this.mapService.listRegions()
  }
-  async styles({ response }: HttpContext) {
+  async styles({ request, response }: HttpContext) {
    // Automatically ensure base assets are present before generating styles
    const baseAssetsExist = await this.mapService.ensureBaseAssets()
    if (!baseAssetsExist) {
@ -79,7 +83,7 @@ export default class MapsController {
      })
    }
-    const styles = await this.mapService.generateStylesJSON()
+    const styles = await this.mapService.generateStylesJSON(request.host(), request.protocol())
    return response.json(styles)
  }
--- a/admin/app/controllers/ollama_controller.ts
+++ b/admin/app/controllers/ollama_controller.ts
@ -0,0 +1,275 @@
 import { ChatService } from '#services/chat_service'
 import { OllamaService } from '#services/ollama_service'
 import { RagService } from '#services/rag_service'
 import { modelNameSchema } from '#validators/download'
 import { chatSchema, getAvailableModelsSchema } from '#validators/ollama'
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
 import { DEFAULT_QUERY_REWRITE_MODEL, RAG_CONTEXT_LIMITS, SYSTEM_PROMPTS } from '../../constants/ollama.js'
 import logger from '@adonisjs/core/services/logger'
 import type { Message } from 'ollama'
@inject()
 export default class OllamaController {
  constructor(
    private chatService: ChatService,
    private ollamaService: OllamaService,
    private ragService: RagService
  ) { }
  async availableModels({ request }: HttpContext) {
    const reqData = await request.validateUsing(getAvailableModelsSchema)
    return await this.ollamaService.getAvailableModels({
      sort: reqData.sort,
      recommendedOnly: reqData.recommendedOnly,
      query: reqData.query || null,
      limit: reqData.limit || 15,
      force: reqData.force,
    })
  }
  async chat({ request, response }: HttpContext) {
    const reqData = await request.validateUsing(chatSchema)
    // Flush SSE headers immediately so the client connection is open while
    // pre-processing (query rewriting, RAG lookup) runs in the background.
    if (reqData.stream) {
      response.response.setHeader('Content-Type', 'text/event-stream')
      response.response.setHeader('Cache-Control', 'no-cache')
      response.response.setHeader('Connection', 'keep-alive')
      response.response.flushHeaders()
    }
    try {
      // If there are no system messages in the chat inject system prompts
      const hasSystemMessage = reqData.messages.some((msg) => msg.role === 'system')
      if (!hasSystemMessage) {
        const systemPrompt = {
          role: 'system' as const,
          content: SYSTEM_PROMPTS.default,
        }
        logger.debug('[OllamaController] Injecting system prompt')
        reqData.messages.unshift(systemPrompt)
      }
      // Query rewriting for better RAG retrieval with manageable context
      // Will return user's latest message if no rewriting is needed
      const rewrittenQuery = await this.rewriteQueryWithContext(reqData.messages)
      logger.debug(`[OllamaController] Rewritten query for RAG: "${rewrittenQuery}"`)
      if (rewrittenQuery) {
        const relevantDocs = await this.ragService.searchSimilarDocuments(
          rewrittenQuery,
          5, // Top 5 most relevant chunks
          0.3 // Minimum similarity score of 0.3
        )
        logger.debug(`[RAG] Retrieved ${relevantDocs.length} relevant documents for query: "${rewrittenQuery}"`)
        // If relevant context is found, inject as a system message with adaptive limits
        if (relevantDocs.length > 0) {
          // Determine context budget based on model size
          const { maxResults, maxTokens } = this.getContextLimitsForModel(reqData.model)
          let trimmedDocs = relevantDocs.slice(0, maxResults)
          // Apply token cap if set (estimate ~4 chars per token)
          // Always include the first (most relevant) result — the cap only gates subsequent results
          if (maxTokens > 0) {
            const charCap = maxTokens * 4
            let totalChars = 0
            trimmedDocs = trimmedDocs.filter((doc, idx) => {
              totalChars += doc.text.length
              return idx === 0 || totalChars <= charCap
            })
          }
          logger.debug(
            `[RAG] Injecting ${trimmedDocs.length}/${relevantDocs.length} results (model: ${reqData.model}, maxResults: ${maxResults}, maxTokens: ${maxTokens || 'unlimited'})`
          )
          const contextText = trimmedDocs
            .map((doc, idx) => `[Context ${idx + 1}] (Relevance: ${(doc.score * 100).toFixed(1)}%)\n${doc.text}`)
            .join('\n\n')
          const systemMessage = {
            role: 'system' as const,
            content: SYSTEM_PROMPTS.rag_context(contextText),
          }
          // Insert system message at the beginning (after any existing system messages)
          const firstNonSystemIndex = reqData.messages.findIndex((msg) => msg.role !== 'system')
          const insertIndex = firstNonSystemIndex === -1 ? 0 : firstNonSystemIndex
          reqData.messages.splice(insertIndex, 0, systemMessage)
        }
      }
      // Check if the model supports "thinking" capability for enhanced response generation
      // If gpt-oss model, it requires a text param for "think" https://docs.ollama.com/api/chat
      const thinkingCapability = await this.ollamaService.checkModelHasThinking(reqData.model)
      const think: boolean | 'medium' = thinkingCapability ? (reqData.model.startsWith('gpt-oss') ? 'medium' : true) : false
      // Separate sessionId from the Ollama request payload — Ollama rejects unknown fields
      const { sessionId, ...ollamaRequest } = reqData
      // Save user message to DB before streaming if sessionId provided
      let userContent: string | null = null
      if (sessionId) {
        const lastUserMsg = [...reqData.messages].reverse().find((m) => m.role === 'user')
        if (lastUserMsg) {
          userContent = lastUserMsg.content
          await this.chatService.addMessage(sessionId, 'user', userContent)
        }
      }
      if (reqData.stream) {
        logger.debug(`[OllamaController] Initiating streaming response for model: "${reqData.model}" with think: ${think}`)
        // Headers already flushed above
        const stream = await this.ollamaService.chatStream({ ...ollamaRequest, think })
        let fullContent = ''
        for await (const chunk of stream) {
          if (chunk.message?.content) {
            fullContent += chunk.message.content
          }
          response.response.write(`data: ${JSON.stringify(chunk)}\n\n`)
        }
        response.response.end()
        // Save assistant message and optionally generate title
        if (sessionId && fullContent) {
          await this.chatService.addMessage(sessionId, 'assistant', fullContent)
          const messageCount = await this.chatService.getMessageCount(sessionId)
          if (messageCount <= 2 && userContent) {
            this.chatService.generateTitle(sessionId, userContent, fullContent).catch((err) => {
              logger.error(`[OllamaController] Title generation failed: ${err instanceof Error ? err.message : err}`)
            })
          }
        }
        return
      }
      // Non-streaming (legacy) path
      const result = await this.ollamaService.chat({ ...ollamaRequest, think })
      if (sessionId && result?.message?.content) {
        await this.chatService.addMessage(sessionId, 'assistant', result.message.content)
        const messageCount = await this.chatService.getMessageCount(sessionId)
        if (messageCount <= 2 && userContent) {
          this.chatService.generateTitle(sessionId, userContent, result.message.content).catch((err) => {
            logger.error(`[OllamaController] Title generation failed: ${err instanceof Error ? err.message : err}`)
          })
        }
      }
      return result
    } catch (error) {
      if (reqData.stream) {
        response.response.write(`data: ${JSON.stringify({ error: true })}\n\n`)
        response.response.end()
        return
      }
      throw error
    }
  }
  async deleteModel({ request }: HttpContext) {
    const reqData = await request.validateUsing(modelNameSchema)
    await this.ollamaService.deleteModel(reqData.model)
    return {
      success: true,
      message: `Model deleted: ${reqData.model}`,
    }
  }
  async dispatchModelDownload({ request }: HttpContext) {
    const reqData = await request.validateUsing(modelNameSchema)
    await this.ollamaService.dispatchModelDownload(reqData.model)
    return {
      success: true,
      message: `Download job dispatched for model: ${reqData.model}`,
    }
  }
  async installedModels({ }: HttpContext) {
    return await this.ollamaService.getModels()
  }
  /**
   * Determines RAG context limits based on model size extracted from the model name.
   * Parses size indicators like "1b", "3b", "8b", "70b" from model names/tags.
   */
  private getContextLimitsForModel(modelName: string): { maxResults: number; maxTokens: number } {
    // Extract parameter count from model name (e.g., "llama3.2:3b", "qwen2.5:1.5b", "gemma:7b")
    const sizeMatch = modelName.match(/(\d+\.?\d*)[bB]/)
    const paramBillions = sizeMatch ? parseFloat(sizeMatch[1]) : 8 // default to 8B if unknown
    for (const tier of RAG_CONTEXT_LIMITS) {
      if (paramBillions <= tier.maxParams) {
        return { maxResults: tier.maxResults, maxTokens: tier.maxTokens }
      }
    }
    // Fallback: no limits
    return { maxResults: 5, maxTokens: 0 }
  }
  private async rewriteQueryWithContext(
    messages: Message[]
  ): Promise<string | null> {
    try {
      // Get recent conversation history (last 6 messages for 3 turns)
      const recentMessages = messages.slice(-6)
      // Skip rewriting for short conversations. Rewriting adds latency with
      // little RAG benefit until there is enough context to matter.
      const userMessages = recentMessages.filter(msg => msg.role === 'user')
      if (userMessages.length <= 2) {
        return userMessages[userMessages.length - 1]?.content || null
      }
      const conversationContext = recentMessages
        .map(msg => {
          const role = msg.role === 'user' ? 'User' : 'Assistant'
          // Truncate assistant messages to first 200 chars to keep context manageable
          const content = msg.role === 'assistant'
            ? msg.content.slice(0, 200) + (msg.content.length > 200 ? '...' : '')
            : msg.content
          return `${role}: "${content}"`
        })
        .join('\n')
      const installedModels = await this.ollamaService.getModels(true)
      const rewriteModelAvailable = installedModels?.some(model => model.name === DEFAULT_QUERY_REWRITE_MODEL)
      if (!rewriteModelAvailable) {
        logger.warn(`[RAG] Query rewrite model "${DEFAULT_QUERY_REWRITE_MODEL}" not available. Skipping query rewriting.`)
        const lastUserMessage = [...messages].reverse().find(msg => msg.role === 'user')
        return lastUserMessage?.content || null
      }
      // FUTURE ENHANCEMENT: allow the user to specify which model to use for rewriting
      const response = await this.ollamaService.chat({
        model: DEFAULT_QUERY_REWRITE_MODEL,
        messages: [
          {
            role: 'system',
            content: SYSTEM_PROMPTS.query_rewrite,
          },
          {
            role: 'user',
            content: `Conversation:\n${conversationContext}\n\nRewritten Query:`,
          },
        ],
      })
      const rewrittenQuery = response.message.content.trim()
      logger.info(`[RAG] Query rewritten: "${rewrittenQuery}"`)
      return rewrittenQuery
    } catch (error) {
      logger.error(
        `[RAG] Query rewriting failed: ${error instanceof Error ? error.message : error}`
      )
      // Fallback to last user message if rewriting fails
      const lastUserMessage = [...messages].reverse().find(msg => msg.role === 'user')
      return lastUserMessage?.content || null
    }
  }
 }
--- a/admin/app/controllers/openwebui_controller.ts
+++ b/admin/app/controllers/openwebui_controller.ts
@ -1,40 +0,0 @@
 import { OpenWebUIService } from '#services/openwebui_service'
 import { modelNameSchema } from '#validators/download'
 import { getAvailableModelsSchema } from '#validators/openwebui'
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
@inject()
 export default class OpenWebUIController {
  constructor(private openWebUIService: OpenWebUIService) {}
  async models({ request }: HttpContext) {
    const reqData = await request.validateUsing(getAvailableModelsSchema)
    return await this.openWebUIService.getAvailableModels({
      sort: reqData.sort,
      recommendedOnly: reqData.recommendedOnly,
    })
  }
  async installedModels({}: HttpContext) {
    return await this.openWebUIService.getInstalledModels()
  }
  async deleteModel({ request }: HttpContext) {
    const reqData = await request.validateUsing(modelNameSchema)
    await this.openWebUIService.deleteModel(reqData.model)
    return {
      success: true,
      message: `Model deleted: ${reqData.model}`,
    }
  }
  async dispatchModelDownload({ request }: HttpContext) {
    const reqData = await request.validateUsing(modelNameSchema)
    await this.openWebUIService.dispatchModelDownload(reqData.model)
    return {
      success: true,
      message: `Download job dispatched for model: ${reqData.model}`,
    }
  }
 }
--- a/admin/app/controllers/rag_controller.ts
+++ b/admin/app/controllers/rag_controller.ts
@ -0,0 +1,85 @@
 import { RagService } from '#services/rag_service'
 import { EmbedFileJob } from '#jobs/embed_file_job'
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
 import app from '@adonisjs/core/services/app'
 import { randomBytes } from 'node:crypto'
 import { sanitizeFilename } from '../utils/fs.js'
 import { deleteFileSchema, getJobStatusSchema } from '#validators/rag'
@inject()
 export default class RagController {
  constructor(private ragService: RagService) { }
  public async upload({ request, response }: HttpContext) {
    const uploadedFile = request.file('file')
    if (!uploadedFile) {
      return response.status(400).json({ error: 'No file uploaded' })
    }
    const randomSuffix = randomBytes(6).toString('hex')
    const sanitizedName = sanitizeFilename(uploadedFile.clientName)
    const fileName = `${sanitizedName}-${randomSuffix}.${uploadedFile.extname || 'txt'}`
    const fullPath = app.makePath(RagService.UPLOADS_STORAGE_PATH, fileName)
    await uploadedFile.move(app.makePath(RagService.UPLOADS_STORAGE_PATH), {
      name: fileName,
    })
    // Dispatch background job for embedding
    const result = await EmbedFileJob.dispatch({
      filePath: fullPath,
      fileName,
    })
    return response.status(202).json({
      message: result.message,
      jobId: result.jobId,
      fileName,
      filePath: `/${RagService.UPLOADS_STORAGE_PATH}/${fileName}`,
      alreadyProcessing: !result.created,
    })
  }
  public async getActiveJobs({ response }: HttpContext) {
    const jobs = await EmbedFileJob.listActiveJobs()
    return response.status(200).json(jobs)
  }
  public async getJobStatus({ request, response }: HttpContext) {
    const reqData = await request.validateUsing(getJobStatusSchema)
    const fullPath = app.makePath(RagService.UPLOADS_STORAGE_PATH, reqData.filePath)
    const status = await EmbedFileJob.getStatus(fullPath)
    if (!status.exists) {
      return response.status(404).json({ error: 'Job not found for this file' })
    }
    return response.status(200).json(status)
  }
  public async getStoredFiles({ response }: HttpContext) {
    const files = await this.ragService.getStoredFiles()
    return response.status(200).json({ files })
  }
  public async deleteFile({ request, response }: HttpContext) {
    const { source } = await request.validateUsing(deleteFileSchema)
    const result = await this.ragService.deleteFileBySource(source)
    if (!result.success) {
      return response.status(500).json({ error: result.message })
    }
    return response.status(200).json({ message: result.message })
  }
  public async scanAndSync({ response }: HttpContext) {
    try {
      const syncResult = await this.ragService.scanAndSyncStorage()
      return response.status(200).json(syncResult)
    } catch (error) {
      return response.status(500).json({ error: 'Error scanning and syncing storage', details: error.message })
    }
  }
 }
--- a/admin/app/controllers/settings_controller.ts
+++ b/admin/app/controllers/settings_controller.ts
@ -1,17 +1,20 @@
 import KVStore from '#models/kv_store';
 import { BenchmarkService } from '#services/benchmark_service';
 import { MapService } from '#services/map_service';
-import { OpenWebUIService } from '#services/openwebui_service';
+import { OllamaService } from '#services/ollama_service';
 import { SystemService } from '#services/system_service';
 import { updateSettingSchema } from '#validators/settings';
 import { inject } from '@adonisjs/core';
 import type { HttpContext } from '@adonisjs/core/http'
 import type { KVStoreKey } from '../../types/kv_store.js';
@inject()
 export default class SettingsController {
    constructor(
        private systemService: SystemService,
        private mapService: MapService,
-        private openWebUIService: OpenWebUIService,
+        private benchmarkService: BenchmarkService,
-        private benchmarkService: BenchmarkService
+        private ollamaService: OllamaService
    ) { }
    async system({ inertia }: HttpContext) {
@ -36,6 +39,10 @@ export default class SettingsController {
        return inertia.render('settings/legal');
    }
    async support({ inertia }: HttpContext) {
        return inertia.render('settings/support');
    }
    async maps({ inertia }: HttpContext) {
        const baseAssetsCheck = await this.mapService.ensureBaseAssets();
        const regionFiles = await this.mapService.listRegions();
@ -48,12 +55,18 @@ export default class SettingsController {
    }
    async models({ inertia }: HttpContext) {
-        const availableModels = await this.openWebUIService.getAvailableModels();
+        const availableModels = await this.ollamaService.getAvailableModels({ sort: 'pulls', recommendedOnly: false, query: null, limit: 15 });
-        const installedModels = await this.openWebUIService.getInstalledModels();
+        const installedModels = await this.ollamaService.getModels();
        const chatSuggestionsEnabled = await KVStore.getValue('chat.suggestionsEnabled')
        const aiAssistantCustomName = await KVStore.getValue('ai.assistantCustomName')
        return inertia.render('settings/models', {
            models: {
-                availableModels: availableModels || [],
+                availableModels: availableModels?.models || [],
-                installedModels: installedModels || []
+                installedModels: installedModels || [],
                settings: {
                    chatSuggestionsEnabled: chatSuggestionsEnabled ?? false,
                    aiAssistantCustomName: aiAssistantCustomName ?? '',
                }
            }
        });
    }
@ -88,4 +101,16 @@ export default class SettingsController {
            }
        });
    }
    async getSetting({ request, response }: HttpContext) {
        const key = request.qs().key;
        const value = await KVStore.getValue(key as KVStoreKey);
        return response.status(200).send({ key, value });
    }
    async updateSetting({ request, response }: HttpContext) {
        const reqData = await request.validateUsing(updateSettingSchema);
        await this.systemService.updateSetting(reqData.key, reqData.value);
        return response.status(200).send({ success: true, message: 'Setting updated successfully' });
    }
 }
--- a/admin/app/controllers/system_controller.ts
+++ b/admin/app/controllers/system_controller.ts
@ -1,7 +1,9 @@
 import { DockerService } from '#services/docker_service';
 import { SystemService } from '#services/system_service'
 import { SystemUpdateService } from '#services/system_update_service'
-import { affectServiceValidator, installServiceValidator, subscribeToReleaseNotesValidator } from '#validators/system';
+import { ContainerRegistryService } from '#services/container_registry_service'
 import { CheckServiceUpdatesJob } from '#jobs/check_service_updates_job'
 import { affectServiceValidator, checkLatestVersionValidator, installServiceValidator, subscribeToReleaseNotesValidator, updateServiceValidator } from '#validators/system';
 import { inject } from '@adonisjs/core'
 import type { HttpContext } from '@adonisjs/core/http'
@ -10,7 +12,8 @@ export default class SystemController {
    constructor(
        private systemService: SystemService,
        private dockerService: DockerService,
-        private systemUpdateService: SystemUpdateService
+        private systemUpdateService: SystemUpdateService,
        private containerRegistryService: ContainerRegistryService
    ) { }
    async getInternetStatus({ }: HttpContext) {
@ -32,7 +35,7 @@ export default class SystemController {
        if (result.success) {
            response.send({ success: true, message: result.message });
        } else {
-            response.status(400).send({ error: result.message });
+            response.status(400).send({ success: false, message: result.message });
        }
    }
@ -46,8 +49,9 @@ export default class SystemController {
        response.send({ success: result.success, message: result.message });
    }
-    async checkLatestVersion({ }: HttpContext) {
+    async checkLatestVersion({ request }: HttpContext) {
-        return await this.systemService.checkLatestVersion();
+        const payload = await request.validateUsing(checkLatestVersionValidator)
        return await this.systemService.checkLatestVersion(payload.force);
    }
    async forceReinstallService({ request, response }: HttpContext) {
@ -103,9 +107,75 @@ export default class SystemController {
        response.send({ logs });
    }
-    
+
    async subscribeToReleaseNotes({ request }: HttpContext) {
        const reqData = await request.validateUsing(subscribeToReleaseNotesValidator);
        return await this.systemService.subscribeToReleaseNotes(reqData.email);
    }
    async getDebugInfo({}: HttpContext) {
        const debugInfo = await this.systemService.getDebugInfo()
        return { debugInfo }
    }
    async checkServiceUpdates({ response }: HttpContext) {
        await CheckServiceUpdatesJob.dispatch()
        response.send({ success: true, message: 'Service update check dispatched' })
    }
    async getAvailableVersions({ params, response }: HttpContext) {
        const serviceName = params.name
        const service = await (await import('#models/service')).default
            .query()
            .where('service_name', serviceName)
            .where('installed', true)
            .first()
        if (!service) {
            return response.status(404).send({ error: `Service ${serviceName} not found or not installed` })
        }
        try {
            const hostArch = await this.getHostArch()
            const updates = await this.containerRegistryService.getAvailableUpdates(
                service.container_image,
                hostArch,
                service.source_repo
            )
            response.send({ versions: updates })
        } catch (error) {
            response.status(500).send({ error: `Failed to fetch versions: ${error.message}` })
        }
    }
    async updateService({ request, response }: HttpContext) {
        const payload = await request.validateUsing(updateServiceValidator)
        const result = await this.dockerService.updateContainer(
            payload.service_name,
            payload.target_version
        )
        if (result.success) {
            response.send({ success: true, message: result.message })
        } else {
            response.status(400).send({ error: result.message })
        }
    }
    private async getHostArch(): Promise<string> {
        try {
            const info = await this.dockerService.docker.info()
            const arch = info.Architecture || ''
            const archMap: Record<string, string> = {
                x86_64: 'amd64',
                aarch64: 'arm64',
                armv7l: 'arm',
                amd64: 'amd64',
                arm64: 'arm64',
            }
            return archMap[arch] || arch.toLowerCase()
        } catch {
            return 'amd64'
        }
    }
 }
--- a/admin/app/controllers/zim_controller.ts
+++ b/admin/app/controllers/zim_controller.ts
@ -1,9 +1,10 @@
 import { ZimService } from '#services/zim_service'
 import {
-  downloadCollectionValidator,
+  assertNotPrivateUrl,
  downloadCategoryTierValidator,
  filenameParamValidator,
-  remoteDownloadValidator,
+  remoteDownloadWithMetadataValidator,
-  saveInstalledTierValidator,
+  selectWikipediaValidator,
 } from '#validators/common'
 import { listRemoteZimValidator } from '#validators/zim'
 import { inject } from '@adonisjs/core'
@ -24,7 +25,8 @@ export default class ZimController {
  }
  async downloadRemote({ request }: HttpContext) {
-    const payload = await request.validateUsing(remoteDownloadValidator)
+    const payload = await request.validateUsing(remoteDownloadWithMetadataValidator)
    assertNotPrivateUrl(payload.url)
    const { filename, jobId } = await this.zimService.downloadRemote(payload.url)
    return {
@ -35,32 +37,25 @@ export default class ZimController {
    }
  }
-  async downloadCollection({ request }: HttpContext) {
+  async listCuratedCategories({}: HttpContext) {
-    const payload = await request.validateUsing(downloadCollectionValidator)
+    return await this.zimService.listCuratedCategories()
-    const resources = await this.zimService.downloadCollection(payload.slug)
+  }
  async downloadCategoryTier({ request }: HttpContext) {
    const payload = await request.validateUsing(downloadCategoryTierValidator)
    const resources = await this.zimService.downloadCategoryTier(
      payload.categorySlug,
      payload.tierSlug
    )
    return {
      message: 'Download started successfully',
-      slug: payload.slug,
+      categorySlug: payload.categorySlug,
      tierSlug: payload.tierSlug,
      resources,
    }
  }
  async listCuratedCollections({}: HttpContext) {
    return this.zimService.listCuratedCollections()
  }
  async fetchLatestCollections({}: HttpContext) {
    const success = await this.zimService.fetchLatestCollections()
    return { success }
  }
  async saveInstalledTier({ request }: HttpContext) {
    const payload = await request.validateUsing(saveInstalledTierValidator)
    await this.zimService.saveInstalledTier(payload.categorySlug, payload.tierSlug)
    return { success: true }
  }
  async delete({ request, response }: HttpContext) {
    const payload = await request.validateUsing(filenameParamValidator)
@ -79,4 +74,15 @@ export default class ZimController {
      message: 'ZIM file deleted successfully',
    }
  }
  // Wikipedia selector endpoints
  async getWikipediaState({}: HttpContext) {
    return this.zimService.getWikipediaState()
  }
  async selectWikipedia({ request }: HttpContext) {
    const payload = await request.validateUsing(selectWikipediaValidator)
    return this.zimService.selectWikipedia(payload.optionId)
  }
 }
--- a/admin/app/jobs/check_service_updates_job.ts
+++ b/admin/app/jobs/check_service_updates_job.ts
@ -0,0 +1,134 @@
 import { Job } from 'bullmq'
 import { QueueService } from '#services/queue_service'
 import { DockerService } from '#services/docker_service'
 import { ContainerRegistryService } from '#services/container_registry_service'
 import Service from '#models/service'
 import logger from '@adonisjs/core/services/logger'
 import transmit from '@adonisjs/transmit/services/main'
 import { BROADCAST_CHANNELS } from '../../constants/broadcast.js'
 import { DateTime } from 'luxon'
 export class CheckServiceUpdatesJob {
  static get queue() {
    return 'service-updates'
  }
  static get key() {
    return 'check-service-updates'
  }
  async handle(_job: Job) {
    logger.info('[CheckServiceUpdatesJob] Checking for service updates...')
    const dockerService = new DockerService()
    const registryService = new ContainerRegistryService()
    // Determine host architecture
    const hostArch = await this.getHostArch(dockerService)
    const installedServices = await Service.query().where('installed', true)
    let updatesFound = 0
    for (const service of installedServices) {
      try {
        const updates = await registryService.getAvailableUpdates(
          service.container_image,
          hostArch,
          service.source_repo
        )
        const latestUpdate = updates.length > 0 ? updates[0].tag : null
        service.available_update_version = latestUpdate
        service.update_checked_at = DateTime.now()
        await service.save()
        if (latestUpdate) {
          updatesFound++
          logger.info(
            `[CheckServiceUpdatesJob] Update available for ${service.service_name}: ${service.container_image} → ${latestUpdate}`
          )
        }
      } catch (error) {
        logger.error(
          `[CheckServiceUpdatesJob] Failed to check updates for ${service.service_name}: ${error.message}`
        )
        // Continue checking other services
      }
    }
    logger.info(
      `[CheckServiceUpdatesJob] Completed. ${updatesFound} update(s) found for ${installedServices.length} service(s).`
    )
    // Broadcast completion so the frontend can refresh
    transmit.broadcast(BROADCAST_CHANNELS.SERVICE_UPDATES, {
      status: 'completed',
      updatesFound,
      timestamp: new Date().toISOString(),
    })
    return { updatesFound }
  }
  private async getHostArch(dockerService: DockerService): Promise<string> {
    try {
      const info = await dockerService.docker.info()
      const arch = info.Architecture || ''
      // Map Docker architecture names to OCI names
      const archMap: Record<string, string> = {
        x86_64: 'amd64',
        aarch64: 'arm64',
        armv7l: 'arm',
        amd64: 'amd64',
        arm64: 'arm64',
      }
      return archMap[arch] || arch.toLowerCase()
    } catch (error) {
      logger.warn(
        `[CheckServiceUpdatesJob] Could not detect host architecture: ${error.message}. Defaulting to amd64.`
      )
      return 'amd64'
    }
  }
  static async scheduleNightly() {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    await queue.upsertJobScheduler(
      'nightly-service-update-check',
      { pattern: '0 3 * * *' },
      {
        name: this.key,
        opts: {
          removeOnComplete: { count: 7 },
          removeOnFail: { count: 5 },
        },
      }
    )
    logger.info('[CheckServiceUpdatesJob] Service update check scheduled with cron: 0 3 * * *')
  }
  static async dispatch() {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    const job = await queue.add(
      this.key,
      {},
      {
        attempts: 3,
        backoff: { type: 'exponential', delay: 60000 },
        removeOnComplete: { count: 7 },
        removeOnFail: { count: 5 },
      }
    )
    logger.info(`[CheckServiceUpdatesJob] Dispatched ad-hoc service update check job ${job.id}`)
    return job
  }
 }
--- a/admin/app/jobs/check_update_job.ts
+++ b/admin/app/jobs/check_update_job.ts
@ -0,0 +1,77 @@
 import { Job } from 'bullmq'
 import { QueueService } from '#services/queue_service'
 import { DockerService } from '#services/docker_service'
 import { SystemService } from '#services/system_service'
 import logger from '@adonisjs/core/services/logger'
 import KVStore from '#models/kv_store'
 export class CheckUpdateJob {
  static get queue() {
    return 'system'
  }
  static get key() {
    return 'check-update'
  }
  async handle(_job: Job) {
    logger.info('[CheckUpdateJob] Running update check...')
    const dockerService = new DockerService()
    const systemService = new SystemService(dockerService)
    try {
      const result = await systemService.checkLatestVersion()
      if (result.updateAvailable) {
        logger.info(
          `[CheckUpdateJob] Update available: ${result.currentVersion} → ${result.latestVersion}`
        )
      } else {
        await KVStore.setValue('system.updateAvailable', false)
        logger.info(
          `[CheckUpdateJob] System is up to date (${result.currentVersion})`
        )
      }
      return result
    } catch (error) {
      logger.error(`[CheckUpdateJob] Update check failed: ${error.message}`)
      throw error
    }
  }
  static async scheduleNightly() {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    await queue.upsertJobScheduler(
      'nightly-update-check',
      { pattern: '0 2,14 * * *' }, // Every 12 hours at 2am and 2pm
      {
        name: this.key,
        opts: {
          removeOnComplete: { count: 7 },
          removeOnFail: { count: 5 },
        },
      }
    )
    logger.info('[CheckUpdateJob] Update check scheduled with cron: 0 2,14 * * *')
  }
  static async dispatch() {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    const job = await queue.add(this.key, {}, {
      attempts: 3,
      backoff: { type: 'exponential', delay: 60000 },
      removeOnComplete: { count: 7 },
      removeOnFail: { count: 5 },
    })
    logger.info(`[CheckUpdateJob] Dispatched ad-hoc update check job ${job.id}`)
    return job
  }
 }
--- a/admin/app/jobs/download_model_job.ts
+++ b/admin/app/jobs/download_model_job.ts
@ -1,9 +1,8 @@
-import { Job } from 'bullmq'
+import { Job, UnrecoverableError } from 'bullmq'
 import { QueueService } from '#services/queue_service'
 import { OpenWebUIService } from '#services/openwebui_service'
 import { createHash } from 'crypto'
 import logger from '@adonisjs/core/services/logger'
-import { DockerService } from '#services/docker_service'
+import { OllamaService } from '#services/ollama_service'
 export interface DownloadModelJobParams {
  modelName: string
@ -27,52 +26,36 @@ export class DownloadModelJob {
    logger.info(`[DownloadModelJob] Attempting to download model: ${modelName}`)
-    // Check if OpenWebUI/Ollama services are ready
+    const ollamaService = new OllamaService()
    const dockerService = new DockerService()
    const openWebUIService = new OpenWebUIService(dockerService)
    // Use getInstalledModels to check if the service is ready
    // Even if no models are installed, this should return an empty array if ready
-    const existingModels = await openWebUIService.getInstalledModels()
+    const existingModels = await ollamaService.getModels()
    if (!existingModels) {
      logger.warn(
-        `[DownloadModelJob] OpenWebUI service not ready yet for model ${modelName}. Will retry...`
+        `[DownloadModelJob] Ollama service not ready yet for model ${modelName}. Will retry...`
      )
-      throw new Error('OpenWebUI service not ready yet')
+      throw new Error('Ollama service not ready yet')
    }
    logger.info(
-      `[DownloadModelJob] OpenWebUI service is ready. Initiating download for ${modelName}`
+      `[DownloadModelJob] Ollama service is ready. Initiating download for ${modelName}`
    )
    // Services are ready, initiate the download with progress tracking
-    const result = await openWebUIService._downloadModel(modelName, (progress) => {
+    const result = await ollamaService.downloadModel(modelName, (progressPercent) => {
-      // Update job progress in BullMQ
+      if (progressPercent) {
-      const progressData = {
+        job.updateProgress(Math.floor(progressPercent))
        status: progress.status,
        percent: progress.percent,
        completed: progress.completed,
        total: progress.total,
      }
      // Update the job progress (0-100 scale for BullMQ)
      if (progress.percent !== undefined) {
        job.updateProgress(progress.percent)
      }
      // Log progress with job context
      if (progress.percent !== undefined) {
        logger.info(
-          `[DownloadModelJob] Model ${modelName}: ${progress.status} - ${progress.percent}% (${progress.completed}/${progress.total} bytes)`
+          `[DownloadModelJob] Model ${modelName}: ${progressPercent}%`
        )
      } else {
        logger.info(`[DownloadModelJob] Model ${modelName}: ${progress.status}`)
      }
      // Store detailed progress in job data for clients to query
      job.updateData({
        ...job.data,
-        progress: progressData,
+        status: 'downloading',
        progress: progressPercent,
        progress_timestamp: new Date().toISOString(),
      })
    })
@ -80,6 +63,10 @@ export class DownloadModelJob {
      logger.error(
        `[DownloadModelJob] Failed to initiate download for model ${modelName}: ${result.message}`
      )
      // Don't retry errors that will never succeed (e.g., Ollama version too old)
      if (result.retryable === false) {
        throw new UnrecoverableError(result.message)
      }
      throw new Error(`Failed to initiate download for model: ${result.message}`)
    }
@ -102,6 +89,15 @@ export class DownloadModelJob {
    const queue = queueService.getQueue(this.queue)
    const jobId = this.getJobId(params.modelName)
    // Clear any previous failed job so a fresh attempt can be dispatched
    const existing = await queue.getJob(jobId)
    if (existing) {
      const state = await existing.getState()
      if (state === 'failed') {
        await existing.remove()
      }
    }
    try {
      const job = await queue.add(this.key, params, {
        jobId,
@ -121,9 +117,9 @@ export class DownloadModelJob {
      }
    } catch (error) {
      if (error.message.includes('job already exists')) {
-        const existing = await queue.getJob(jobId)
+        const active = await queue.getJob(jobId)
        return {
-          job: existing,
+          job: active,
          created: false,
          message: `Job already exists for model ${params.modelName}`,
        }
--- a/admin/app/jobs/embed_file_job.ts
+++ b/admin/app/jobs/embed_file_job.ts
@ -0,0 +1,259 @@
 import { Job, UnrecoverableError } from 'bullmq'
 import { QueueService } from '#services/queue_service'
 import { EmbedJobWithProgress } from '../../types/rag.js'
 import { RagService } from '#services/rag_service'
 import { DockerService } from '#services/docker_service'
 import { OllamaService } from '#services/ollama_service'
 import { createHash } from 'crypto'
 import logger from '@adonisjs/core/services/logger'
 export interface EmbedFileJobParams {
  filePath: string
  fileName: string
  fileSize?: number
  // Batch processing for large ZIM files
  batchOffset?: number  // Current batch offset (for ZIM files)
  totalArticles?: number // Total articles in ZIM (for progress tracking)
  isFinalBatch?: boolean // Whether this is the last batch (prevents premature deletion)
 }
 export class EmbedFileJob {
  static get queue() {
    return 'file-embeddings'
  }
  static get key() {
    return 'embed-file'
  }
  static getJobId(filePath: string): string {
    return createHash('sha256').update(filePath).digest('hex').slice(0, 16)
  }
  async handle(job: Job) {
    const { filePath, fileName, batchOffset, totalArticles } = job.data as EmbedFileJobParams
    const isZimBatch = batchOffset !== undefined
    const batchInfo = isZimBatch ? ` (batch offset: ${batchOffset})` : ''
    logger.info(`[EmbedFileJob] Starting embedding process for: ${fileName}${batchInfo}`)
    const dockerService = new DockerService()
    const ollamaService = new OllamaService()
    const ragService = new RagService(dockerService, ollamaService)
    try {
      // Check if Ollama and Qdrant services are installed and ready
      // Use UnrecoverableError for "not installed" so BullMQ won't retry —
      // retrying 30x when the service doesn't exist just wastes Redis connections
      const ollamaUrl = await dockerService.getServiceURL('nomad_ollama')
      if (!ollamaUrl) {
        logger.warn('[EmbedFileJob] Ollama is not installed. Skipping embedding for: %s', fileName)
        throw new UnrecoverableError('Ollama service is not installed. Install AI Assistant to enable file embeddings.')
      }
      const existingModels = await ollamaService.getModels()
      if (!existingModels) {
        logger.warn('[EmbedFileJob] Ollama service not ready yet. Will retry...')
        throw new Error('Ollama service not ready yet')
      }
      const qdrantUrl = await dockerService.getServiceURL('nomad_qdrant')
      if (!qdrantUrl) {
        logger.warn('[EmbedFileJob] Qdrant is not installed. Skipping embedding for: %s', fileName)
        throw new UnrecoverableError('Qdrant service is not installed. Install AI Assistant to enable file embeddings.')
      }
      logger.info(`[EmbedFileJob] Services ready. Processing file: ${fileName}`)
      // Update progress starting
      await job.updateProgress(5)
      await job.updateData({
        ...job.data,
        status: 'processing',
        startedAt: job.data.startedAt || Date.now(),
      })
      logger.info(`[EmbedFileJob] Processing file: ${filePath}`)
      // Progress callback: maps service-reported 0-100% into the 5-95% job range
      const onProgress = async (percent: number) => {
        await job.updateProgress(Math.min(95, Math.round(5 + percent * 0.9)))
      }
      // Process and embed the file
      // Only allow deletion if explicitly marked as final batch
      const allowDeletion = job.data.isFinalBatch === true
      const result = await ragService.processAndEmbedFile(
        filePath,
        allowDeletion,
        batchOffset,
        onProgress
      )
      if (!result.success) {
        logger.error(`[EmbedFileJob] Failed to process file ${fileName}: ${result.message}`)
        throw new Error(result.message)
      }
      // For ZIM files with batching, check if more batches are needed
      if (result.hasMoreBatches) {
        const nextOffset = (batchOffset || 0) + (result.articlesProcessed || 0)
        logger.info(
          `[EmbedFileJob] Batch complete. Dispatching next batch at offset ${nextOffset}`
        )
        // Dispatch next batch (not final yet)
        await EmbedFileJob.dispatch({
          filePath,
          fileName,
          batchOffset: nextOffset,
          totalArticles: totalArticles || result.totalArticles,
          isFinalBatch: false, // Explicitly not final
        })
        // Calculate progress based on articles processed
        const progress = totalArticles
          ? Math.round((nextOffset / totalArticles) * 100)
          : 50
        await job.updateProgress(progress)
        await job.updateData({
          ...job.data,
          status: 'batch_completed',
          lastBatchAt: Date.now(),
          chunks: (job.data.chunks || 0) + (result.chunks || 0),
        })
        return {
          success: true,
          fileName,
          filePath,
          chunks: result.chunks,
          hasMoreBatches: true,
          nextOffset,
          message: `Batch embedded ${result.chunks} chunks, next batch queued`,
        }
      }
      // Final batch or non-batched file - mark as complete
      const totalChunks = (job.data.chunks || 0) + (result.chunks || 0)
      await job.updateProgress(100)
      await job.updateData({
        ...job.data,
        status: 'completed',
        completedAt: Date.now(),
        chunks: totalChunks,
      })
      const batchMsg = isZimBatch ? ` (final batch, total chunks: ${totalChunks})` : ''
      logger.info(
        `[EmbedFileJob] Successfully embedded ${result.chunks} chunks from file: ${fileName}${batchMsg}`
      )
      return {
        success: true,
        fileName,
        filePath,
        chunks: result.chunks,
        message: `Successfully embedded ${result.chunks} chunks`,
      }
    } catch (error) {
      logger.error(`[EmbedFileJob] Error embedding file ${fileName}:`, error)
      await job.updateData({
        ...job.data,
        status: 'failed',
        failedAt: Date.now(),
        error: error instanceof Error ? error.message : 'Unknown error',
      })
      throw error
    }
  }
  static async listActiveJobs(): Promise<EmbedJobWithProgress[]> {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    const jobs = await queue.getJobs(['waiting', 'active', 'delayed'])
    return jobs.map((job) => ({
      jobId: job.id!.toString(),
      fileName: (job.data as EmbedFileJobParams).fileName,
      filePath: (job.data as EmbedFileJobParams).filePath,
      progress: typeof job.progress === 'number' ? job.progress : 0,
      status: ((job.data as any).status as string) ?? 'waiting',
    }))
  }
  static async getByFilePath(filePath: string): Promise<Job | undefined> {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    const jobId = this.getJobId(filePath)
    return await queue.getJob(jobId)
  }
  static async dispatch(params: EmbedFileJobParams) {
    const queueService = new QueueService()
    const queue = queueService.getQueue(this.queue)
    const jobId = this.getJobId(params.filePath)
    try {
      const job = await queue.add(this.key, params, {
        jobId,
        attempts: 30,
        backoff: {
          type: 'fixed',
          delay: 60000, // Check every 60 seconds for service readiness
        },
        removeOnComplete: { count: 50 }, // Keep last 50 completed jobs for history
        removeOnFail: { count: 20 } // Keep last 20 failed jobs for debugging
      })
      logger.info(`[EmbedFileJob] Dispatched embedding job for file: ${params.fileName}`)
      return {
        job,
        created: true,
        jobId,
        message: `File queued for embedding: ${params.fileName}`,
      }
    } catch (error) {
      if (error.message && error.message.includes('job already exists')) {
        const existing = await queue.getJob(jobId)
        logger.info(`[EmbedFileJob] Job already exists for file: ${params.fileName}`)
        return {
          job: existing,
          created: false,
          jobId,
          message: `Embedding job already exists for: ${params.fileName}`,
        }
      }
      throw error
    }
  }
  static async getStatus(filePath: string): Promise<{
    exists: boolean
    status?: string
    progress?: number
    chunks?: number
    error?: string
  }> {
    const job = await this.getByFilePath(filePath)
    if (!job) {
      return { exists: false }
    }
    const state = await job.getState()
    const data = job.data
    return {
      exists: true,
      status: data.status || state,
      progress: typeof job.progress === 'number' ? job.progress : undefined,
      chunks: data.chunks,
      error: data.error,
    }
  }
 }
--- a/admin/app/jobs/run_download_job.ts
+++ b/admin/app/jobs/run_download_job.ts
@ -6,6 +6,7 @@ import { createHash } from 'crypto'
 import { DockerService } from '#services/docker_service'
 import { ZimService } from '#services/zim_service'
 import { MapService } from '#services/map_service'
 import { EmbedFileJob } from './embed_file_job.js'
 export class RunDownloadJob {
  static get queue() {
@ -21,20 +22,9 @@ export class RunDownloadJob {
  }
  async handle(job: Job) {
-    const { url, filepath, timeout, allowedMimeTypes, forceNew, filetype } =
+    const { url, filepath, timeout, allowedMimeTypes, forceNew, filetype, resourceMetadata } =
      job.data as RunDownloadJobParams
    //    console.log("Simulating delay for job for URL:", url)
    //  await new Promise((resolve) => setTimeout(resolve, 30000)) // Simulate initial delay
    //  console.log("Starting download for URL:", url)
    // // simulate progress updates for demonstration
    // for (let progress = 0; progress <= 100; progress += 10) {
    //   await new Promise((resolve) => setTimeout(resolve, 20000)) // Simulate time taken for each progress step
    //   job.updateProgress(progress)
    //   console.log(`Job progress for URL ${url}: ${progress}%`)
    // }
    await doResumableDownload({
      url,
      filepath,
@ -47,17 +37,70 @@ export class RunDownloadJob {
      },
      async onComplete(url) {
        try {
          // Create InstalledResource entry if metadata was provided
          if (resourceMetadata) {
            const { default: InstalledResource } = await import('#models/installed_resource')
            const { DateTime } = await import('luxon')
            const { getFileStatsIfExists, deleteFileIfExists } = await import('../utils/fs.js')
            const stats = await getFileStatsIfExists(filepath)
            // Look up the old entry so we can clean up the previous file after updating
            const oldEntry = await InstalledResource.query()
              .where('resource_id', resourceMetadata.resource_id)
              .where('resource_type', filetype as 'zim' | 'map')
              .first()
            const oldFilePath = oldEntry?.file_path ?? null
            await InstalledResource.updateOrCreate(
              { resource_id: resourceMetadata.resource_id, resource_type: filetype as 'zim' | 'map' },
              {
                version: resourceMetadata.version,
                collection_ref: resourceMetadata.collection_ref,
                url: url,
                file_path: filepath,
                file_size_bytes: stats ? Number(stats.size) : null,
                installed_at: DateTime.now(),
              }
            )
            // Delete the old file if it differs from the new one
            if (oldFilePath && oldFilePath !== filepath) {
              try {
                await deleteFileIfExists(oldFilePath)
                console.log(`[RunDownloadJob] Deleted old file: ${oldFilePath}`)
              } catch (deleteError) {
                console.warn(
                  `[RunDownloadJob] Failed to delete old file ${oldFilePath}:`,
                  deleteError
                )
              }
            }
          }
          if (filetype === 'zim') {
            const dockerService = new DockerService()
            const zimService = new ZimService(dockerService)
            await zimService.downloadRemoteSuccessCallback([url], true)
            // Only dispatch embedding job if AI Assistant (Ollama) is installed
            const ollamaUrl = await dockerService.getServiceURL('nomad_ollama')
            if (ollamaUrl) {
              try {
                await EmbedFileJob.dispatch({
                  fileName: url.split('/').pop() || '',
                  filePath: filepath,
                })
              } catch (error) {
                console.error(`[RunDownloadJob] Error dispatching EmbedFileJob for URL ${url}:`, error)
              }
            }
          } else if (filetype === 'map') {
            const mapsService = new MapService()
            await mapsService.downloadRemoteSuccessCallback([url], false)
          }
        } catch (error) {
          console.error(
-            `[RunDownloadJob] Error in ZIM download success callback for URL ${url}:`,
+            `[RunDownloadJob] Error in download success callback for URL ${url}:`,
            error
          )
        }
--- a/admin/app/models/chat_message.ts
+++ b/admin/app/models/chat_message.ts
@ -0,0 +1,29 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, belongsTo, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import type { BelongsTo } from '@adonisjs/lucid/types/relations'
 import ChatSession from './chat_session.js'
 export default class ChatMessage extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
  declare session_id: number
  @column()
  declare role: 'system' | 'user' | 'assistant'
  @column()
  declare content: string
  @belongsTo(() => ChatSession, { foreignKey: 'id', localKey: 'session_id' })
  declare session: BelongsTo<typeof ChatSession>
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
  @column.dateTime({ autoCreate: true, autoUpdate: true })
  declare updated_at: DateTime
 }
--- a/admin/app/models/chat_session.ts
+++ b/admin/app/models/chat_session.ts
@ -0,0 +1,29 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, hasMany, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import type { HasMany } from '@adonisjs/lucid/types/relations'
 import ChatMessage from './chat_message.js'
 export default class ChatSession extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
  declare title: string
  @column()
  declare model: string | null
  @hasMany(() => ChatMessage, {
    foreignKey: 'session_id',
    localKey: 'id',
  })
  declare messages: HasMany<typeof ChatMessage>
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
  @column.dateTime({ autoCreate: true, autoUpdate: true })
  declare updated_at: DateTime
 }
--- a/admin/app/models/collection_manifest.ts
+++ b/admin/app/models/collection_manifest.ts
@ -0,0 +1,22 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import type { ManifestType } from '../../types/collections.js'
 export default class CollectionManifest extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare type: ManifestType
  @column()
  declare spec_version: string
  @column({
    consume: (value: string) => (typeof value === 'string' ? JSON.parse(value) : value),
    prepare: (value: any) => JSON.stringify(value),
  })
  declare spec_data: any
  @column.dateTime()
  declare fetched_at: DateTime
 }
--- a/admin/app/models/curated_collection.ts
+++ b/admin/app/models/curated_collection.ts
@ -1,39 +0,0 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, hasMany, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import CuratedCollectionResource from './curated_collection_resource.js'
 import type { HasMany } from '@adonisjs/lucid/types/relations'
 import type { CuratedCollectionType } from '../../types/curated_collections.js'
 export default class CuratedCollection extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare slug: string
  @column()
  declare type: CuratedCollectionType
  @column()
  declare name: string
  @column()
  declare description: string
  @column()
  declare icon: string
  @column()
  declare language: string
  @hasMany(() => CuratedCollectionResource, {
    foreignKey: 'curated_collection_slug',
    localKey: 'slug',
  })
  declare resources: HasMany<typeof CuratedCollectionResource>
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
  @column.dateTime({ autoCreate: true, autoUpdate: true })
  declare updated_at: DateTime
 }
--- a/admin/app/models/curated_collection_resource.ts
+++ b/admin/app/models/curated_collection_resource.ts
@ -1,41 +0,0 @@
 import { DateTime } from 'luxon'
 import { BaseModel, belongsTo, column, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import CuratedCollection from './curated_collection.js'
 import type { BelongsTo } from '@adonisjs/lucid/types/relations'
 export default class CuratedCollectionResource extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
  declare curated_collection_slug: string
  @belongsTo(() => CuratedCollection, {
    foreignKey: 'slug',
    localKey: 'curated_collection_slug',
  })
  declare curated_collection: BelongsTo<typeof CuratedCollection>
  @column()
  declare title: string
  @column()
  declare url: string
  @column()
  declare description: string
  @column()
  declare size_mb: number
  @column()
  declare downloaded: boolean
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
  @column.dateTime({ autoCreate: true, autoUpdate: true })
  declare updated_at: DateTime
 }
--- a/admin/app/models/installed_resource.ts
+++ b/admin/app/models/installed_resource.ts
@ -0,0 +1,33 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 export default class InstalledResource extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
  declare resource_id: string
  @column()
  declare resource_type: 'zim' | 'map'
  @column()
  declare collection_ref: string | null
  @column()
  declare version: string
  @column()
  declare url: string
  @column()
  declare file_path: string
  @column()
  declare file_size_bytes: number | null
  @column.dateTime()
  declare installed_at: DateTime
 }
--- a/admin/app/models/kv_store.ts
+++ b/admin/app/models/kv_store.ts
@ -0,0 +1,64 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
 import { KV_STORE_SCHEMA, type KVStoreKey, type KVStoreValue } from '../../types/kv_store.js'
 import { parseBoolean } from '../utils/misc.js'
 /**
 * Generic key-value store model for storing various settings
 * that don't necessitate their own dedicated models.
 */
 export default class KVStore extends BaseModel {
  static table = 'kv_store'
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
  declare key: KVStoreKey
  @column()
  declare value: string | null
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
  @column.dateTime({ autoCreate: true, autoUpdate: true })
  declare updated_at: DateTime
  /**
   * Get a setting value by key, automatically deserializing to the correct type.
   */
  static async getValue<K extends KVStoreKey>(key: K): Promise<KVStoreValue<K> | null> {
    const setting = await this.findBy('key', key)
    if (!setting || setting.value === undefined || setting.value === null) {
      return null
    }
    const raw = String(setting.value)
    return (KV_STORE_SCHEMA[key] === 'boolean' ? parseBoolean(raw) : raw) as KVStoreValue<K>
  }
  /**
   * Set a setting value by key (creates if not exists), automatically serializing to string.
   */
  static async setValue<K extends KVStoreKey>(key: K, value: KVStoreValue<K>): Promise<KVStore> {
    const serialized = String(value)
    const setting = await this.firstOrCreate({ key }, { key, value: serialized })
    if (setting.value !== serialized) {
      setting.value = serialized
      await setting.save()
    }
    return setting
  }
  /**
   * Clear a setting value by key, storing null so getValue returns null.
   */
  static async clearValue<K extends KVStoreKey>(key: K): Promise<void> {
    const setting = await this.findBy('key', key)
    if (setting && setting.value !== null) {
      setting.value = null
      await setting.save()
    }
  }
 }
--- a/admin/app/models/service.ts
+++ b/admin/app/models/service.ts
@ -62,6 +62,15 @@ export default class Service extends BaseModel {
  @column()
  declare metadata: string | null
  @column()
  declare source_repo: string | null
  @column()
  declare available_update_version: string | null
  @column.dateTime()
  declare update_checked_at: DateTime | null
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
--- a/admin/app/models/wikipedia_selection.ts
+++ b/admin/app/models/wikipedia_selection.ts
@ -1,17 +1,23 @@
 import { DateTime } from 'luxon'
 import { BaseModel, column, SnakeCaseNamingStrategy } from '@adonisjs/lucid/orm'
-export default class InstalledTier extends BaseModel {
+export default class WikipediaSelection extends BaseModel {
  static namingStrategy = new SnakeCaseNamingStrategy()
  @column({ isPrimary: true })
  declare id: number
  @column()
-  declare category_slug: string
+  declare option_id: string
  @column()
-  declare tier_slug: string
+  declare url: string | null
  @column()
  declare filename: string | null
  @column()
  declare status: 'none' | 'downloading' | 'installed' | 'failed'
  @column.dateTime({ autoCreate: true })
  declare created_at: DateTime
--- a/admin/app/services/benchmark_service.ts
+++ b/admin/app/services/benchmark_service.ts
@ -24,12 +24,15 @@ import type {
 } from '../../types/benchmark.js'
 import { randomUUID, createHmac } from 'node:crypto'
 import { DockerService } from './docker_service.js'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
 import { BROADCAST_CHANNELS } from '../../constants/broadcast.js'
 import Dockerode from 'dockerode'
 // HMAC secret for signing submissions to the benchmark repository
 // This provides basic protection against casual API abuse.
 // Note: Since NOMAD is open source, a determined attacker could extract this.
 // For stronger protection, see challenge-response authentication.
-const BENCHMARK_HMAC_SECRET = 'nomad-benchmark-v1-2026'
+const BENCHMARK_HMAC_SECRET = '778ba65d0bc0e23119e5ffce4b3716648a7d071f0a47ec3f'
 // Re-export default weights for use in service
 const SCORE_WEIGHTS = {
@ -44,7 +47,6 @@ const SCORE_WEIGHTS = {
 // Benchmark configuration constants
 const SYSBENCH_IMAGE = 'severalnines/sysbench:latest'
 const SYSBENCH_CONTAINER_NAME = 'nomad_benchmark_sysbench'
 const BENCHMARK_CHANNEL = 'benchmark-progress'
 // Reference model for AI benchmark - small but meaningful
 const AI_BENCHMARK_MODEL = 'llama3.2:1b'
@ -185,8 +187,14 @@ export class BenchmarkService {
      return response.data as RepositorySubmitResponse
    } catch (error) {
-      logger.error(`Failed to submit benchmark to repository: ${error.message}`)
+      const detail = error.response?.data?.error || error.message || 'Unknown error'
-      throw new Error(`Failed to submit benchmark: ${error.message}`)
+      const statusCode = error.response?.status
      logger.error(`Failed to submit benchmark to repository: ${detail} (Status: ${statusCode})`)
      // Create an error with the status code attached for proper handling upstream
      const err: any = new Error(`Failed to submit benchmark: ${detail}`)
      err.statusCode = statusCode
      throw err
    }
  }
@ -269,14 +277,44 @@ export class BenchmarkService {
        gpuModel = discreteGpu?.model || graphics.controllers[0]?.model || null
      }
-      // Fallback: Extract integrated GPU from CPU model name (common for AMD APUs)
+      // Fallback: Check Docker for nvidia runtime and query GPU model via nvidia-smi
-      // e.g., "AMD Ryzen AI 9 HX 370 w/ Radeon 890M" -> "Radeon 890M"
+      if (!gpuModel) {
        try {
          const dockerInfo = await this.dockerService.docker.info()
          const runtimes = dockerInfo.Runtimes || {}
          if ('nvidia' in runtimes) {
            logger.info('[BenchmarkService] NVIDIA container runtime detected, querying GPU model via nvidia-smi')
            const systemService = new (await import('./system_service.js')).SystemService(this.dockerService)
            const nvidiaInfo = await systemService.getNvidiaSmiInfo()
            if (Array.isArray(nvidiaInfo) && nvidiaInfo.length > 0) {
              gpuModel = nvidiaInfo[0].model
            } else {
              logger.warn(`[BenchmarkService] NVIDIA runtime detected but failed to get GPU info: ${typeof nvidiaInfo === 'string' ? nvidiaInfo : JSON.stringify(nvidiaInfo)}`)
            }
          }
        } catch (dockerError) {
          logger.warn(`[BenchmarkService] Could not query Docker info for GPU detection: ${dockerError.message}`)
        }
      }
      // Fallback: Extract integrated GPU from CPU model name
      if (!gpuModel) {
        const cpuFullName = `${cpu.manufacturer} ${cpu.brand}`
        // AMD APUs: e.g., "AMD Ryzen AI 9 HX 370 w/ Radeon 890M" -> "Radeon 890M"
        const radeonMatch = cpuFullName.match(/w\/\s*(Radeon\s+\d+\w*)/i)
        if (radeonMatch) {
          gpuModel = radeonMatch[1]
        }
        // Intel Core Ultra: These have Intel Arc Graphics integrated
        // e.g., "Intel Core Ultra 9 285HX" -> "Intel Arc Graphics (Integrated)"
        if (!gpuModel && cpu.manufacturer?.toLowerCase().includes('intel')) {
          if (cpu.brand?.toLowerCase().includes('core ultra')) {
            gpuModel = 'Intel Arc Graphics (Integrated)'
          }
        }
      }
      return {
@ -412,7 +450,7 @@ export class BenchmarkService {
    this._updateStatus('running_ai', 'Running AI benchmark...')
-    const ollamaAPIURL = await this.dockerService.getServiceURL(DockerService.OLLAMA_SERVICE_NAME)
+    const ollamaAPIURL = await this.dockerService.getServiceURL(SERVICE_NAMES.OLLAMA)
    if (!ollamaAPIURL) {
      throw new Error('AI Assistant service location could not be determined. Ensure AI Assistant is installed and running.')
    }
@ -426,21 +464,10 @@ export class BenchmarkService {
    }
    // Check if the benchmark model is available, pull if not
-    const modelsResponse = await axios.get(`${ollamaAPIURL}/api/tags`)
+    const ollamaService = new (await import('./ollama_service.js')).OllamaService()
-    const models = modelsResponse.data.models || []
+    const modelResponse = await ollamaService.downloadModel(AI_BENCHMARK_MODEL)
-    const hasModel = models.some((m: any) => m.name === AI_BENCHMARK_MODEL || m.name.startsWith(AI_BENCHMARK_MODEL.split(':')[0]))
+    if (!modelResponse.success) {
-
+      throw new Error(`Model does not exist and failed to download: ${modelResponse.message}`)
    if (!hasModel) {
      this._updateStatus('downloading_ai_model', `Downloading AI benchmark model (${AI_BENCHMARK_MODEL})... This may take a few minutes on first run.`)
      logger.info(`[BenchmarkService] Model ${AI_BENCHMARK_MODEL} not found, downloading...`)
      try {
        // Model pull can take several minutes, use longer timeout
        await axios.post(`${ollamaAPIURL}/api/pull`, { name: AI_BENCHMARK_MODEL }, { timeout: 600000 })
        logger.info(`[BenchmarkService] Model ${AI_BENCHMARK_MODEL} downloaded successfully`)
      } catch (pullError) {
        throw new Error(`Failed to download AI benchmark model (${AI_BENCHMARK_MODEL}): ${pullError.message}`)
      }
    }
    // Run inference benchmark
@ -544,10 +571,10 @@ export class BenchmarkService {
   */
  private _normalizeScore(value: number, reference: number): number {
    if (value <= 0) return 0
-    // Log scale: score = 50 * (1 + log2(value/reference))
+    // Log scale with widened range: dividing log2 by 3 prevents scores from
-    // This gives 50 at reference value, scales logarithmically
+    // clamping to 0% for below-average hardware. Gives 50% at reference value.
    const ratio = value / reference
-    const score = 50 * (1 + Math.log2(Math.max(0.01, ratio)))
+    const score = 50 * (1 + Math.log2(Math.max(0.01, ratio)) / 3)
    return Math.min(100, Math.max(0, score)) / 100
  }
@ -556,9 +583,9 @@ export class BenchmarkService {
   */
  private _normalizeScoreInverse(value: number, reference: number): number {
    if (value <= 0) return 1
-    // Inverse: lower values = higher scores
+    // Inverse: lower values = higher scores, with widened log range
    const ratio = reference / value
-    const score = 50 * (1 + Math.log2(Math.max(0.01, ratio)))
+    const score = 50 * (1 + Math.log2(Math.max(0.01, ratio)) / 3)
    return Math.min(100, Math.max(0, score)) / 100
  }
@ -592,6 +619,7 @@ export class BenchmarkService {
    const eventsMatch = output.match(/events per second:\s*([\d.]+)/i)
    const totalTimeMatch = output.match(/total time:\s*([\d.]+)s/i)
    const totalEventsMatch = output.match(/total number of events:\s*(\d+)/i)
    logger.debug(`[BenchmarkService] CPU output parsing - events/s: ${eventsMatch?.[1]}, total_time: ${totalTimeMatch?.[1]}, total_events: ${totalEventsMatch?.[1]}`)
    return {
      events_per_second: eventsMatch ? parseFloat(eventsMatch[1]) : 0,
@ -687,23 +715,26 @@ export class BenchmarkService {
   * Run a sysbench command in a Docker container
   */
  private async _runSysbenchCommand(cmd: string[]): Promise<string> {
    let container: Dockerode.Container | null = null
    try {
      // Create container with TTY to avoid multiplexed output
-      const container = await this.dockerService.docker.createContainer({
+      container = await this.dockerService.docker.createContainer({
        Image: SYSBENCH_IMAGE,
        Cmd: cmd,
        name: `${SYSBENCH_CONTAINER_NAME}_${Date.now()}`,
        Tty: true, // Important: prevents multiplexed stdout/stderr headers
        HostConfig: {
-          AutoRemove: true,
+          AutoRemove: false, // Don't auto-remove to avoid race condition with fetching logs
        },
      })
      // Start container
      await container.start()
-      // Wait for completion and get logs
+      // Wait for completion
      await container.wait()
      // Get logs after container has finished
      const logs = await container.logs({
        stdout: true,
        stderr: true,
@ -714,8 +745,24 @@ export class BenchmarkService {
        .replace(/[\x00-\x08]/g, '') // Remove control characters
        .trim()
      // Manually remove the container after getting logs
      try {
        await container.remove()
      } catch (removeError) {
        // Log but don't fail if removal fails (container might already be gone)
        logger.warn(`Failed to remove sysbench container: ${removeError.message}`)
      }
      return output
    } catch (error) {
      // Clean up container on error if it exists
      if (container) {
        try {
          await container.remove({ force: true })
        } catch (removeError) {
          // Ignore removal errors
        }
      }
      logger.error(`Sysbench command failed: ${error.message}`)
      throw new Error(`Sysbench command failed: ${error.message}`)
    }
@ -735,7 +782,7 @@ export class BenchmarkService {
      timestamp: new Date().toISOString(),
    }
-    transmit.broadcast(BENCHMARK_CHANNEL, {
+    transmit.broadcast(BROADCAST_CHANNELS.BENCHMARK_PROGRESS, {
      benchmark_id: this.currentBenchmarkId,
      ...progress,
    })
--- a/admin/app/services/chat_service.ts
+++ b/admin/app/services/chat_service.ts
@ -0,0 +1,289 @@
 import ChatSession from '#models/chat_session'
 import ChatMessage from '#models/chat_message'
 import logger from '@adonisjs/core/services/logger'
 import { DateTime } from 'luxon'
 import { inject } from '@adonisjs/core'
 import { OllamaService } from './ollama_service.js'
 import { DEFAULT_QUERY_REWRITE_MODEL, SYSTEM_PROMPTS } from '../../constants/ollama.js'
 import { toTitleCase } from '../utils/misc.js'
@inject()
 export class ChatService {
  constructor(private ollamaService: OllamaService) {}
  async getAllSessions() {
    try {
      const sessions = await ChatSession.query().orderBy('updated_at', 'desc')
      return sessions.map((session) => ({
        id: session.id.toString(),
        title: session.title,
        model: session.model,
        timestamp: session.updated_at.toJSDate(),
        lastMessage: null, // Will be populated from messages if needed
      }))
    } catch (error) {
      logger.error(
        `[ChatService] Failed to get sessions: ${error instanceof Error ? error.message : error}`
      )
      return []
    }
  }
  async getChatSuggestions() {
    try {
      const models = await this.ollamaService.getModels()
      if (!models || models.length === 0) {
        return [] // If no models are available, return empty suggestions
      }
      // Larger models generally give "better" responses, so pick the largest one
      const largestModel = models.reduce((prev, current) => {
        return prev.size > current.size ? prev : current
      })
      if (!largestModel) {
        return []
      }
      const response = await this.ollamaService.chat({
        model: largestModel.name,
        messages: [
          {
            role: 'user',
            content: SYSTEM_PROMPTS.chat_suggestions,
          }
        ],
        stream: false,
      })
      if (response && response.message && response.message.content) {
        const content = response.message.content.trim()
        // Handle both comma-separated and newline-separated formats
        let suggestions: string[] = []
        // Try splitting by commas first
        if (content.includes(',')) {
          suggestions = content.split(',').map((s) => s.trim())
        } 
        // Fall back to newline separation
        else {
          suggestions = content
            .split(/\r?\n/)
            .map((s) => s.trim())
            // Remove numbered list markers (1., 2., 3., etc.) and bullet points
            .map((s) => s.replace(/^\d+\.\s*/, '').replace(/^[-*•]\s*/, ''))
            // Remove surrounding quotes if present
            .map((s) => s.replace(/^["']|["']$/g, ''))
        }
        // Filter out empty strings and limit to 3 suggestions
        const filtered =  suggestions
          .filter((s) => s.length > 0)
          .slice(0, 3)
        return filtered.map((s) => toTitleCase(s))
      } else {
        return []
      }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to get chat suggestions: ${
          error instanceof Error ? error.message : error
        }`
      )
      return []
    }
  }
  async getSession(sessionId: number) {
    try {
      const session = await ChatSession.query().where('id', sessionId).preload('messages').first()
      if (!session) {
        return null
      }
      return {
        id: session.id.toString(),
        title: session.title,
        model: session.model,
        timestamp: session.updated_at.toJSDate(),
        messages: session.messages.map((msg) => ({
          id: msg.id.toString(),
          role: msg.role,
          content: msg.content,
          timestamp: msg.created_at.toJSDate(),
        })),
      }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to get session ${sessionId}: ${
          error instanceof Error ? error.message : error
        }`
      )
      return null
    }
  }
  async createSession(title: string, model?: string) {
    try {
      const session = await ChatSession.create({
        title,
        model: model || null,
      })
      return {
        id: session.id.toString(),
        title: session.title,
        model: session.model,
        timestamp: session.created_at.toJSDate(),
      }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to create session: ${error instanceof Error ? error.message : error}`
      )
      throw new Error('Failed to create chat session')
    }
  }
  async updateSession(sessionId: number, data: { title?: string; model?: string }) {
    try {
      const session = await ChatSession.findOrFail(sessionId)
      if (data.title) {
        session.title = data.title
      }
      if (data.model !== undefined) {
        session.model = data.model
      }
      await session.save()
      return {
        id: session.id.toString(),
        title: session.title,
        model: session.model,
        timestamp: session.updated_at.toJSDate(),
      }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to update session ${sessionId}: ${
          error instanceof Error ? error.message : error
        }`
      )
      throw new Error('Failed to update chat session')
    }
  }
  async addMessage(sessionId: number, role: 'system' | 'user' | 'assistant', content: string) {
    try {
      const message = await ChatMessage.create({
        session_id: sessionId,
        role,
        content,
      })
      // Update session's updated_at timestamp
      const session = await ChatSession.findOrFail(sessionId)
      session.updated_at = DateTime.now()
      await session.save()
      return {
        id: message.id.toString(),
        role: message.role,
        content: message.content,
        timestamp: message.created_at.toJSDate(),
      }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to add message to session ${sessionId}: ${
          error instanceof Error ? error.message : error
        }`
      )
      throw new Error('Failed to add message')
    }
  }
  async deleteSession(sessionId: number) {
    try {
      const session = await ChatSession.findOrFail(sessionId)
      await session.delete()
      return { success: true }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to delete session ${sessionId}: ${
          error instanceof Error ? error.message : error
        }`
      )
      throw new Error('Failed to delete chat session')
    }
  }
  async getMessageCount(sessionId: number): Promise<number> {
    try {
      const count = await ChatMessage.query().where('session_id', sessionId).count('* as total')
      return Number(count[0].$extras.total)
    } catch (error) {
      logger.error(
        `[ChatService] Failed to get message count for session ${sessionId}: ${error instanceof Error ? error.message : error}`
      )
      return 0
    }
  }
  async generateTitle(sessionId: number, userMessage: string, assistantMessage: string) {
    try {
      const models = await this.ollamaService.getModels()
      const titleModelAvailable = models?.some((m) => m.name === DEFAULT_QUERY_REWRITE_MODEL)
      let title: string
      if (!titleModelAvailable) {
        title = userMessage.slice(0, 57) + (userMessage.length > 57 ? '...' : '')
      } else {
        const response = await this.ollamaService.chat({
          model: DEFAULT_QUERY_REWRITE_MODEL,
          messages: [
            { role: 'system', content: SYSTEM_PROMPTS.title_generation },
            { role: 'user', content: userMessage },
            { role: 'assistant', content: assistantMessage },
          ],
        })
        title = response?.message?.content?.trim()
        if (!title) {
          title = userMessage.slice(0, 57) + (userMessage.length > 57 ? '...' : '')
        }
      }
      await this.updateSession(sessionId, { title })
      logger.info(`[ChatService] Generated title for session ${sessionId}: "${title}"`)
    } catch (error) {
      logger.error(
        `[ChatService] Failed to generate title for session ${sessionId}: ${error instanceof Error ? error.message : error}`
      )
      // Fall back to truncated user message
      try {
        const fallbackTitle = userMessage.slice(0, 57) + (userMessage.length > 57 ? '...' : '')
        await this.updateSession(sessionId, { title: fallbackTitle })
      } catch {
        // Silently fail - session keeps "New Chat" title
      }
    }
  }
  async deleteAllSessions() {
    try {
      await ChatSession.query().delete()
      return { success: true, message: 'All chat sessions deleted' }
    } catch (error) {
      logger.error(
        `[ChatService] Failed to delete all sessions: ${
          error instanceof Error ? error.message : error
        }`
      )
      throw new Error('Failed to delete all chat sessions')
    }
  }
 }
--- a/admin/app/services/collection_manifest_service.ts
+++ b/admin/app/services/collection_manifest_service.ts
@ -0,0 +1,317 @@
 import axios from 'axios'
 import vine from '@vinejs/vine'
 import logger from '@adonisjs/core/services/logger'
 import { DateTime } from 'luxon'
 import { join } from 'path'
 import CollectionManifest from '#models/collection_manifest'
 import InstalledResource from '#models/installed_resource'
 import { zimCategoriesSpecSchema, mapsSpecSchema, wikipediaSpecSchema } from '#validators/curated_collections'
 import {
  ensureDirectoryExists,
  listDirectoryContents,
  getFileStatsIfExists,
  ZIM_STORAGE_PATH,
 } from '../utils/fs.js'
 import type {
  ManifestType,
  ZimCategoriesSpec,
  MapsSpec,
  CategoryWithStatus,
  CollectionWithStatus,
  SpecResource,
  SpecTier,
 } from '../../types/collections.js'
 const SPEC_URLS: Record<ManifestType, string> = {
  zim_categories: 'https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/collections/kiwix-categories.json',
  maps: 'https://github.com/Crosstalk-Solutions/project-nomad/raw/refs/heads/main/collections/maps.json',
  wikipedia: 'https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/collections/wikipedia.json',
 }
 const VALIDATORS: Record<ManifestType, any> = {
  zim_categories: zimCategoriesSpecSchema,
  maps: mapsSpecSchema,
  wikipedia: wikipediaSpecSchema,
 }
 export class CollectionManifestService {
  private readonly mapStoragePath = '/storage/maps'
  // ---- Spec management ----
  async fetchAndCacheSpec(type: ManifestType): Promise<boolean> {
    try {
      const response = await axios.get(SPEC_URLS[type], { timeout: 15000 })
      const validated = await vine.validate({
        schema: VALIDATORS[type],
        data: response.data,
      })
      const existing = await CollectionManifest.find(type)
      const specVersion = validated.spec_version
      if (existing) {
        const changed = existing.spec_version !== specVersion
        existing.spec_version = specVersion
        existing.spec_data = validated
        existing.fetched_at = DateTime.now()
        await existing.save()
        return changed
      }
      await CollectionManifest.create({
        type,
        spec_version: specVersion,
        spec_data: validated,
        fetched_at: DateTime.now(),
      })
      return true
    } catch (error) {
      logger.error(`[CollectionManifestService] Failed to fetch spec for ${type}:`, error?.message || error)
      return false
    }
  }
  async getCachedSpec<T>(type: ManifestType): Promise<T | null> {
    const manifest = await CollectionManifest.find(type)
    if (!manifest) return null
    return manifest.spec_data as T
  }
  async getSpecWithFallback<T>(type: ManifestType): Promise<T | null> {
    try {
      await this.fetchAndCacheSpec(type)
    } catch {
      // Fetch failed, will fall back to cache
    }
    return this.getCachedSpec<T>(type)
  }
  // ---- Status computation ----
  async getCategoriesWithStatus(): Promise<CategoryWithStatus[]> {
    const spec = await this.getSpecWithFallback<ZimCategoriesSpec>('zim_categories')
    if (!spec) return []
    const installedResources = await InstalledResource.query().where('resource_type', 'zim')
    const installedMap = new Map(installedResources.map((r) => [r.resource_id, r]))
    return spec.categories.map((category) => ({
      ...category,
      installedTierSlug: this.getInstalledTierForCategory(category.tiers, installedMap),
    }))
  }
  async getMapCollectionsWithStatus(): Promise<CollectionWithStatus[]> {
    const spec = await this.getSpecWithFallback<MapsSpec>('maps')
    if (!spec) return []
    const installedResources = await InstalledResource.query().where('resource_type', 'map')
    const installedIds = new Set(installedResources.map((r) => r.resource_id))
    return spec.collections.map((collection) => {
      const installedCount = collection.resources.filter((r) => installedIds.has(r.id)).length
      return {
        ...collection,
        all_installed: installedCount === collection.resources.length,
        installed_count: installedCount,
        total_count: collection.resources.length,
      }
    })
  }
  // ---- Tier resolution ----
  static resolveTierResources(tier: SpecTier, allTiers: SpecTier[]): SpecResource[] {
    const visited = new Set<string>()
    return CollectionManifestService._resolveTierResourcesInner(tier, allTiers, visited)
  }
  private static _resolveTierResourcesInner(
    tier: SpecTier,
    allTiers: SpecTier[],
    visited: Set<string>
  ): SpecResource[] {
    if (visited.has(tier.slug)) return [] // cycle detection
    visited.add(tier.slug)
    const resources: SpecResource[] = []
    if (tier.includesTier) {
      const included = allTiers.find((t) => t.slug === tier.includesTier)
      if (included) {
        resources.push(...CollectionManifestService._resolveTierResourcesInner(included, allTiers, visited))
      }
    }
    resources.push(...tier.resources)
    return resources
  }
  getInstalledTierForCategory(
    tiers: SpecTier[],
    installedMap: Map<string, InstalledResource>
  ): string | undefined {
    // Check from highest tier to lowest (tiers are ordered low to high in spec)
    const reversedTiers = [...tiers].reverse()
    for (const tier of reversedTiers) {
      const resolved = CollectionManifestService.resolveTierResources(tier, tiers)
      if (resolved.length === 0) continue
      const allInstalled = resolved.every((r) => installedMap.has(r.id))
      if (allInstalled) {
        return tier.slug
      }
    }
    return undefined
  }
  // ---- Filename parsing ----
  static parseZimFilename(filename: string): { resource_id: string; version: string } | null {
    const name = filename.replace(/\.zim$/, '')
    const match = name.match(/^(.+)_(\d{4}-\d{2})$/)
    if (!match) return null
    return { resource_id: match[1], version: match[2] }
  }
  static parseMapFilename(filename: string): { resource_id: string; version: string } | null {
    const name = filename.replace(/\.pmtiles$/, '')
    const match = name.match(/^(.+)_(\d{4}-\d{2})$/)
    if (!match) return null
    return { resource_id: match[1], version: match[2] }
  }
  // ---- Filesystem reconciliation ----
  async reconcileFromFilesystem(): Promise<{ zim: number; map: number }> {
    let zimCount = 0
    let mapCount = 0
    console.log("RECONCILING FILESYSTEM MANIFESTS...")
    // Reconcile ZIM files
    try {
      const zimDir = join(process.cwd(), ZIM_STORAGE_PATH)
      await ensureDirectoryExists(zimDir)
      const zimItems = await listDirectoryContents(zimDir)
      const zimFiles = zimItems.filter((f) => f.name.endsWith('.zim'))
      console.log(`Found ${zimFiles.length} ZIM files on disk. Reconciling with database...`)
      // Get spec for URL lookup
      const zimSpec = await this.getCachedSpec<ZimCategoriesSpec>('zim_categories')
      const specResourceMap = new Map<string, SpecResource>()
      if (zimSpec) {
        for (const cat of zimSpec.categories) {
          for (const tier of cat.tiers) {
            for (const res of tier.resources) {
              specResourceMap.set(res.id, res)
            }
          }
        }
      }
      const seenZimIds = new Set<string>()
      for (const file of zimFiles) {
        console.log(`Processing ZIM file: ${file.name}`)
        // Skip Wikipedia files (managed by WikipediaSelection model)
        if (file.name.startsWith('wikipedia_en_')) continue
        const parsed = CollectionManifestService.parseZimFilename(file.name)
        console.log(`Parsed ZIM filename:`, parsed)
        if (!parsed) continue
        seenZimIds.add(parsed.resource_id)
        const specRes = specResourceMap.get(parsed.resource_id)
        const filePath = join(zimDir, file.name)
        const stats = await getFileStatsIfExists(filePath)
        await InstalledResource.updateOrCreate(
          { resource_id: parsed.resource_id, resource_type: 'zim' },
          {
            version: parsed.version,
            url: specRes?.url || '',
            file_path: filePath,
            file_size_bytes: stats ? Number(stats.size) : null,
            installed_at: DateTime.now(),
          }
        )
        zimCount++
      }
      // Remove entries for ZIM files no longer on disk
      const existingZim = await InstalledResource.query().where('resource_type', 'zim')
      for (const entry of existingZim) {
        if (!seenZimIds.has(entry.resource_id)) {
          await entry.delete()
        }
      }
    } catch (error) {
      logger.error('[CollectionManifestService] Error reconciling ZIM files:', error)
    }
    // Reconcile map files
    try {
      const mapDir = join(process.cwd(), this.mapStoragePath, 'pmtiles')
      await ensureDirectoryExists(mapDir)
      const mapItems = await listDirectoryContents(mapDir)
      const mapFiles = mapItems.filter((f) => f.name.endsWith('.pmtiles'))
      // Get spec for URL/version lookup
      const mapSpec = await this.getCachedSpec<MapsSpec>('maps')
      const mapResourceMap = new Map<string, SpecResource>()
      if (mapSpec) {
        for (const col of mapSpec.collections) {
          for (const res of col.resources) {
            mapResourceMap.set(res.id, res)
          }
        }
      }
      const seenMapIds = new Set<string>()
      for (const file of mapFiles) {
        const parsed = CollectionManifestService.parseMapFilename(file.name)
        if (!parsed) continue
        seenMapIds.add(parsed.resource_id)
        const specRes = mapResourceMap.get(parsed.resource_id)
        const filePath = join(mapDir, file.name)
        const stats = await getFileStatsIfExists(filePath)
        await InstalledResource.updateOrCreate(
          { resource_id: parsed.resource_id, resource_type: 'map' },
          {
            version: parsed.version,
            url: specRes?.url || '',
            file_path: filePath,
            file_size_bytes: stats ? Number(stats.size) : null,
            installed_at: DateTime.now(),
          }
        )
        mapCount++
      }
      // Remove entries for map files no longer on disk
      const existingMaps = await InstalledResource.query().where('resource_type', 'map')
      for (const entry of existingMaps) {
        if (!seenMapIds.has(entry.resource_id)) {
          await entry.delete()
        }
      }
    } catch (error) {
      logger.error('[CollectionManifestService] Error reconciling map files:', error)
    }
    logger.info(`[CollectionManifestService] Reconciled ${zimCount} ZIM files, ${mapCount} map files`)
    return { zim: zimCount, map: mapCount }
  }
 }
--- a/admin/app/services/collection_update_service.ts
+++ b/admin/app/services/collection_update_service.ts
@ -0,0 +1,157 @@
 import logger from '@adonisjs/core/services/logger'
 import env from '#start/env'
 import axios from 'axios'
 import InstalledResource from '#models/installed_resource'
 import { RunDownloadJob } from '../jobs/run_download_job.js'
 import { ZIM_STORAGE_PATH } from '../utils/fs.js'
 import { join } from 'path'
 import type {
  ResourceUpdateCheckRequest,
  ResourceUpdateInfo,
  ContentUpdateCheckResult,
 } from '../../types/collections.js'
 import { NOMAD_API_DEFAULT_BASE_URL } from '../../constants/misc.js'
 const MAP_STORAGE_PATH = '/storage/maps'
 const ZIM_MIME_TYPES = ['application/x-zim', 'application/x-openzim', 'application/octet-stream']
 const PMTILES_MIME_TYPES = ['application/vnd.pmtiles', 'application/octet-stream']
 export class CollectionUpdateService {
  async checkForUpdates(): Promise<ContentUpdateCheckResult> {
    const nomadAPIURL = env.get('NOMAD_API_URL') || NOMAD_API_DEFAULT_BASE_URL
    if (!nomadAPIURL) {
      return {
        updates: [],
        checked_at: new Date().toISOString(),
        error: 'Nomad API is not configured. Set the NOMAD_API_URL environment variable.',
      }
    }
    const installed = await InstalledResource.all()
    if (installed.length === 0) {
      return {
        updates: [],
        checked_at: new Date().toISOString(),
      }
    }
    const requestBody: ResourceUpdateCheckRequest = {
      resources: installed.map((r) => ({
        resource_id: r.resource_id,
        resource_type: r.resource_type,
        installed_version: r.version,
      })),
    }
    try {
      const response = await axios.post<ResourceUpdateInfo[]>(`${nomadAPIURL}/api/v1/resources/check-updates`, requestBody, {
        timeout: 15000,
      })
      logger.info(
        `[CollectionUpdateService] Update check complete: ${response.data.length} update(s) available`
      )
      return {
        updates: response.data,
        checked_at: new Date().toISOString(),
      }
    } catch (error) {
      if (axios.isAxiosError(error) && error.response) {
        logger.error(
          `[CollectionUpdateService] Nomad API returned ${error.response.status}: ${JSON.stringify(error.response.data)}`
        )
        return {
          updates: [],
          checked_at: new Date().toISOString(),
          error: `Nomad API returned status ${error.response.status}`,
        }
      }
      const message =
        error instanceof Error ? error.message : 'Unknown error contacting Nomad API'
      logger.error(`[CollectionUpdateService] Failed to check for updates: ${message}`)
      return {
        updates: [],
        checked_at: new Date().toISOString(),
        error: `Failed to contact Nomad API: ${message}`,
      }
    }
  }
  async applyUpdate(
    update: ResourceUpdateInfo
  ): Promise<{ success: boolean; jobId?: string; error?: string }> {
    // Check if a download is already in progress for this URL
    const existingJob = await RunDownloadJob.getByUrl(update.download_url)
    if (existingJob) {
      const state = await existingJob.getState()
      if (state === 'active' || state === 'waiting' || state === 'delayed') {
        return {
          success: false,
          error: `A download is already in progress for ${update.resource_id}`,
        }
      }
    }
    const filename = this.buildFilename(update)
    const filepath = this.buildFilepath(update, filename)
    const result = await RunDownloadJob.dispatch({
      url: update.download_url,
      filepath,
      timeout: 30000,
      allowedMimeTypes:
        update.resource_type === 'zim' ? ZIM_MIME_TYPES : PMTILES_MIME_TYPES,
      forceNew: true,
      filetype: update.resource_type,
      resourceMetadata: {
        resource_id: update.resource_id,
        version: update.latest_version,
        collection_ref: null,
      },
    })
    if (!result || !result.job) {
      return { success: false, error: 'Failed to dispatch download job' }
    }
    logger.info(
      `[CollectionUpdateService] Dispatched update download for ${update.resource_id}: ${update.installed_version} → ${update.latest_version}`
    )
    return { success: true, jobId: result.job.id }
  }
  async applyAllUpdates(
    updates: ResourceUpdateInfo[]
  ): Promise<{ results: Array<{ resource_id: string; success: boolean; jobId?: string; error?: string }> }> {
    const results: Array<{
      resource_id: string
      success: boolean
      jobId?: string
      error?: string
    }> = []
    for (const update of updates) {
      const result = await this.applyUpdate(update)
      results.push({ resource_id: update.resource_id, ...result })
    }
    return { results }
  }
  private buildFilename(update: ResourceUpdateInfo): string {
    if (update.resource_type === 'zim') {
      return `${update.resource_id}_${update.latest_version}.zim`
    }
    return `${update.resource_id}_${update.latest_version}.pmtiles`
  }
  private buildFilepath(update: ResourceUpdateInfo, filename: string): string {
    if (update.resource_type === 'zim') {
      return join(process.cwd(), ZIM_STORAGE_PATH, filename)
    }
    return join(process.cwd(), MAP_STORAGE_PATH, 'pmtiles', filename)
  }
 }
--- a/admin/app/services/container_registry_service.ts
+++ b/admin/app/services/container_registry_service.ts
@ -0,0 +1,484 @@
 import logger from '@adonisjs/core/services/logger'
 import { isNewerVersion, parseMajorVersion } from '../utils/version.js'
 export interface ParsedImageReference {
  registry: string
  namespace: string
  repo: string
  tag: string
  /** Full name for registry API calls: namespace/repo */
  fullName: string
 }
 export interface AvailableUpdate {
  tag: string
  isLatest: boolean
  releaseUrl?: string
 }
 interface TokenCacheEntry {
  token: string
  expiresAt: number
 }
 const SEMVER_TAG_PATTERN = /^v?(\d+\.\d+(?:\.\d+)?)$/
 const PLATFORM_SUFFIXES = ['-arm64', '-amd64', '-alpine', '-slim', '-cuda', '-rocm']
 const REJECTED_TAGS = new Set(['latest', 'nightly', 'edge', 'dev', 'beta', 'alpha', 'canary', 'rc', 'test', 'debug'])
 export class ContainerRegistryService {
  private tokenCache = new Map<string, TokenCacheEntry>()
  private sourceUrlCache = new Map<string, string | null>()
  private releaseTagPrefixCache = new Map<string, string>()
  /**
   * Parse a Docker image reference string into its components.
   */
  parseImageReference(image: string): ParsedImageReference {
    let registry: string
    let remainder: string
    let tag = 'latest'
    // Split off the tag
    const lastColon = image.lastIndexOf(':')
    if (lastColon > -1 && !image.substring(lastColon).includes('/')) {
      tag = image.substring(lastColon + 1)
      image = image.substring(0, lastColon)
    }
    // Determine registry vs image path
    const parts = image.split('/')
    if (parts.length === 1) {
      // e.g. "nginx" → Docker Hub library image
      registry = 'registry-1.docker.io'
      remainder = `library/${parts[0]}`
    } else if (parts.length === 2 && !parts[0].includes('.') && !parts[0].includes(':')) {
      // e.g. "ollama/ollama" → Docker Hub user image
      registry = 'registry-1.docker.io'
      remainder = image
    } else {
      // e.g. "ghcr.io/kiwix/kiwix-serve" → custom registry
      registry = parts[0]
      remainder = parts.slice(1).join('/')
    }
    const namespaceParts = remainder.split('/')
    const repo = namespaceParts.pop()!
    const namespace = namespaceParts.join('/')
    return {
      registry,
      namespace,
      repo,
      tag,
      fullName: remainder,
    }
  }
  /**
   * Get an anonymous auth token for the given registry and repository.
   * NOTE: This could be expanded in the future to support private repo authentication
   */
  private async getToken(registry: string, fullName: string): Promise<string> {
    const cacheKey = `${registry}/${fullName}`
    const cached = this.tokenCache.get(cacheKey)
    if (cached && cached.expiresAt > Date.now()) {
      return cached.token
    }
    let tokenUrl: string
    if (registry === 'registry-1.docker.io') {
      tokenUrl = `https://auth.docker.io/token?service=registry.docker.io&scope=repository:${fullName}:pull`
    } else if (registry === 'ghcr.io') {
      tokenUrl = `https://ghcr.io/token?service=ghcr.io&scope=repository:${fullName}:pull`
    } else {
      // For other registries, try the standard v2 token endpoint
      tokenUrl = `https://${registry}/token?service=${registry}&scope=repository:${fullName}:pull`
    }
    const response = await this.fetchWithRetry(tokenUrl)
    if (!response.ok) {
      throw new Error(`Failed to get auth token from ${registry}: ${response.status}`)
    }
    const data = (await response.json()) as { token?: string; access_token?: string }
    const token = data.token || data.access_token || ''
    if (!token) {
      throw new Error(`No token returned from ${registry}`)
    }
    // Cache for 5 minutes (tokens usually last longer, but be conservative)
    this.tokenCache.set(cacheKey, {
      token,
      expiresAt: Date.now() + 5 * 60 * 1000,
    })
    return token
  }
  /**
   * List all tags for a given image from the registry.
   */
  async listTags(parsed: ParsedImageReference): Promise<string[]> {
    const token = await this.getToken(parsed.registry, parsed.fullName)
    const allTags: string[] = []
    let url = `https://${parsed.registry}/v2/${parsed.fullName}/tags/list?n=1000`
    while (url) {
      const response = await this.fetchWithRetry(url, {
        headers: { Authorization: `Bearer ${token}` },
      })
      if (!response.ok) {
        throw new Error(`Failed to list tags for ${parsed.fullName}: ${response.status}`)
      }
      const data = (await response.json()) as { tags?: string[] }
      if (data.tags) {
        allTags.push(...data.tags)
      }
      // Handle pagination via Link header
      const linkHeader = response.headers.get('link')
      if (linkHeader) {
        const match = linkHeader.match(/<([^>]+)>;\s*rel="next"/)
        url = match ? match[1] : ''
      } else {
        url = ''
      }
    }
    return allTags
  }
  /**
   * Check if a specific tag supports the given architecture by fetching its manifest.
   */
  async checkArchSupport(parsed: ParsedImageReference, tag: string, hostArch: string): Promise<boolean> {
    try {
      const token = await this.getToken(parsed.registry, parsed.fullName)
      const url = `https://${parsed.registry}/v2/${parsed.fullName}/manifests/${tag}`
      const response = await this.fetchWithRetry(url, {
        headers: {
          Authorization: `Bearer ${token}`,
          Accept: [
            'application/vnd.oci.image.index.v1+json',
            'application/vnd.docker.distribution.manifest.list.v2+json',
            'application/vnd.oci.image.manifest.v1+json',
            'application/vnd.docker.distribution.manifest.v2+json',
          ].join(', '),
        },
      })
      if (!response.ok) return true // If we can't check, assume it's compatible
      const manifest = (await response.json()) as {
        mediaType?: string
        manifests?: Array<{ platform?: { architecture?: string } }>
      }
      const mediaType = manifest.mediaType || response.headers.get('content-type') || ''
      // Manifest list — check if any platform matches
      if (
        mediaType.includes('manifest.list') ||
        mediaType.includes('image.index') ||
        manifest.manifests
      ) {
        const manifests = manifest.manifests || []
        return manifests.some(
          (m: any) => m.platform && m.platform.architecture === hostArch
        )
      }
      // Single manifest — assume compatible (can't easily determine arch without fetching config blob)
      return true
    } catch (error) {
      logger.warn(`[ContainerRegistryService] Error checking arch for ${tag}: ${error.message}`)
      return true // Assume compatible on error
    }
  }
  /**
   * Extract the source repository URL from an image's OCI labels.
   * Uses the standardized `org.opencontainers.image.source` label.
   * Result is cached per image (not per tag).
   */
  async getSourceUrl(parsed: ParsedImageReference): Promise<string | null> {
    const cacheKey = `${parsed.registry}/${parsed.fullName}`
    if (this.sourceUrlCache.has(cacheKey)) {
      return this.sourceUrlCache.get(cacheKey)!
    }
    try {
      const token = await this.getToken(parsed.registry, parsed.fullName)
      // First get the manifest to find the config blob digest
      const manifestUrl = `https://${parsed.registry}/v2/${parsed.fullName}/manifests/${parsed.tag}`
      const manifestRes = await this.fetchWithRetry(manifestUrl, {
        headers: {
          Authorization: `Bearer ${token}`,
          Accept: [
            'application/vnd.oci.image.manifest.v1+json',
            'application/vnd.docker.distribution.manifest.v2+json',
            'application/vnd.oci.image.index.v1+json',
            'application/vnd.docker.distribution.manifest.list.v2+json',
          ].join(', '),
        },
      })
      if (!manifestRes.ok) {
        this.sourceUrlCache.set(cacheKey, null)
        return null
      }
      const manifest = (await manifestRes.json()) as {
        config?: { digest?: string }
        manifests?: Array<{ digest?: string; mediaType?: string; platform?: { architecture?: string } }>
      }
      // If this is a manifest list, pick the first manifest to get the config
      let configDigest = manifest.config?.digest
      if (!configDigest && manifest.manifests?.length) {
        const firstManifest = manifest.manifests[0]
        if (firstManifest.digest) {
          const childRes = await this.fetchWithRetry(
            `https://${parsed.registry}/v2/${parsed.fullName}/manifests/${firstManifest.digest}`,
            {
              headers: {
                Authorization: `Bearer ${token}`,
                Accept: 'application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json',
              },
            }
          )
          if (childRes.ok) {
            const childManifest = (await childRes.json()) as { config?: { digest?: string } }
            configDigest = childManifest.config?.digest
          }
        }
      }
      if (!configDigest) {
        this.sourceUrlCache.set(cacheKey, null)
        return null
      }
      // Fetch the config blob to read labels
      const blobUrl = `https://${parsed.registry}/v2/${parsed.fullName}/blobs/${configDigest}`
      const blobRes = await this.fetchWithRetry(blobUrl, {
        headers: { Authorization: `Bearer ${token}` },
      })
      if (!blobRes.ok) {
        this.sourceUrlCache.set(cacheKey, null)
        return null
      }
      const config = (await blobRes.json()) as {
        config?: { Labels?: Record<string, string> }
      }
      const sourceUrl = config.config?.Labels?.['org.opencontainers.image.source'] || null
      this.sourceUrlCache.set(cacheKey, sourceUrl)
      return sourceUrl
    } catch (error) {
      logger.warn(`[ContainerRegistryService] Failed to get source URL for ${cacheKey}: ${error.message}`)
      this.sourceUrlCache.set(cacheKey, null)
      return null
    }
  }
  /**
   * Detect whether a GitHub/GitLab repo uses a 'v' prefix on release tags.
   * Probes the GitHub API with the current tag to determine the convention,
   * then caches the result per source URL.
   */
  async detectReleaseTagPrefix(sourceUrl: string, sampleTag: string): Promise<string> {
    if (this.releaseTagPrefixCache.has(sourceUrl)) {
      return this.releaseTagPrefixCache.get(sourceUrl)!
    }
    try {
      const url = new URL(sourceUrl)
      if (url.hostname !== 'github.com') {
        this.releaseTagPrefixCache.set(sourceUrl, '')
        return ''
      }
      const cleanPath = url.pathname.replace(/\.git$/, '').replace(/\/$/, '')
      const strippedTag = sampleTag.replace(/^v/, '')
      const vTag = `v${strippedTag}`
      // Try both variants against GitHub's API — the one that 200s tells us the convention
      // Try v-prefixed first since it's more common
      const vRes = await this.fetchWithRetry(
        `https://api.github.com/repos${cleanPath}/releases/tags/${vTag}`,
        { headers: { Accept: 'application/vnd.github.v3+json', 'User-Agent': 'ProjectNomad' } },
        1
      )
      if (vRes.ok) {
        this.releaseTagPrefixCache.set(sourceUrl, 'v')
        return 'v'
      }
      const plainRes = await this.fetchWithRetry(
        `https://api.github.com/repos${cleanPath}/releases/tags/${strippedTag}`,
        { headers: { Accept: 'application/vnd.github.v3+json', 'User-Agent': 'ProjectNomad' } },
        1
      )
      if (plainRes.ok) {
        this.releaseTagPrefixCache.set(sourceUrl, '')
        return ''
      }
    } catch {
      // On error, fall through to default
    }
    // Default: no prefix modification
    this.releaseTagPrefixCache.set(sourceUrl, '')
    return ''
  }
  /**
   * Build a release URL for a specific tag given a source repository URL and
   * the detected release tag prefix convention.
   * Supports GitHub and GitLab URL patterns.
   */
  buildReleaseUrl(sourceUrl: string, tag: string, releaseTagPrefix: string): string | undefined {
    try {
      const url = new URL(sourceUrl)
      if (url.hostname === 'github.com' || url.hostname.includes('gitlab')) {
        const cleanPath = url.pathname.replace(/\.git$/, '').replace(/\/$/, '')
        const strippedTag = tag.replace(/^v/, '')
        const releaseTag = releaseTagPrefix ? `${releaseTagPrefix}${strippedTag}` : strippedTag
        return `${url.origin}${cleanPath}/releases/tag/${releaseTag}`
      }
    } catch {
      // Invalid URL, skip
    }
    return undefined
  }
  /**
   * Filter and sort tags to find compatible updates for a service.
   */
  filterCompatibleUpdates(
    tags: string[],
    currentTag: string,
    majorVersion: number
  ): string[] {
    return tags
      .filter((tag) => {
        // Must match semver pattern
        if (!SEMVER_TAG_PATTERN.test(tag)) return false
        // Reject known non-version tags
        if (REJECTED_TAGS.has(tag.toLowerCase())) return false
        // Reject platform suffixes
        if (PLATFORM_SUFFIXES.some((suffix) => tag.toLowerCase().endsWith(suffix))) return false
        // Must be same major version
        if (parseMajorVersion(tag) !== majorVersion) return false
        // Must be newer than current
        return isNewerVersion(tag, currentTag)
      })
      .sort((a, b) => (isNewerVersion(a, b) ? -1 : 1)) // Newest first
  }
  /**
   * High-level method to get available updates for a service.
   * Returns a sorted list of compatible newer versions (newest first).
   */
  async getAvailableUpdates(
    containerImage: string,
    hostArch: string,
    fallbackSourceRepo?: string | null
  ): Promise<AvailableUpdate[]> {
    const parsed = this.parseImageReference(containerImage)
    const currentTag = parsed.tag
    if (currentTag === 'latest') {
      logger.warn(
        `[ContainerRegistryService] Cannot check updates for ${containerImage} — using :latest tag`
      )
      return []
    }
    const majorVersion = parseMajorVersion(currentTag)
    // Fetch tags and source URL in parallel
    const [tags, ociSourceUrl] = await Promise.all([
      this.listTags(parsed),
      this.getSourceUrl(parsed),
    ])
    // OCI label takes precedence, fall back to DB-stored source_repo
    const sourceUrl = ociSourceUrl || fallbackSourceRepo || null
    const compatible = this.filterCompatibleUpdates(tags, currentTag, majorVersion)
    // Detect release tag prefix convention (e.g. 'v' vs no prefix) if we have a source URL
    let releaseTagPrefix = ''
    if (sourceUrl) {
      releaseTagPrefix = await this.detectReleaseTagPrefix(sourceUrl, currentTag)
    }
    // Check architecture support for the top candidates (limit checks to save API calls)
    const maxArchChecks = 10
    const results: AvailableUpdate[] = []
    for (const tag of compatible.slice(0, maxArchChecks)) {
      const supported = await this.checkArchSupport(parsed, tag, hostArch)
      if (supported) {
        results.push({
          tag,
          isLatest: results.length === 0,
          releaseUrl: sourceUrl ? this.buildReleaseUrl(sourceUrl, tag, releaseTagPrefix) : undefined,
        })
      }
    }
    // For remaining tags (beyond arch check limit), include them but mark as not latest
    for (const tag of compatible.slice(maxArchChecks)) {
      results.push({
        tag,
        isLatest: false,
        releaseUrl: sourceUrl ? this.buildReleaseUrl(sourceUrl, tag, releaseTagPrefix) : undefined,
      })
    }
    return results
  }
  /**
   * Fetch with retry and exponential backoff for rate limiting.
   */
  private async fetchWithRetry(
    url: string,
    init?: RequestInit,
    maxRetries = 3
  ): Promise<Response> {
    for (let attempt = 0; attempt <= maxRetries; attempt++) {
      const response = await fetch(url, init)
      if (response.status === 429 && attempt < maxRetries) {
        const retryAfter = response.headers.get('retry-after')
        const delay = retryAfter
          ? parseInt(retryAfter, 10) * 1000
          : Math.pow(2, attempt) * 1000
        logger.warn(
          `[ContainerRegistryService] Rate limited on ${url}, retrying in ${delay}ms`
        )
        await new Promise((resolve) => setTimeout(resolve, delay))
        continue
      }
      return response
    }
    throw new Error(`Failed to fetch ${url} after ${maxRetries} retries`)
  }
 }
--- a/admin/app/services/docker_service.ts
+++ b/admin/app/services/docker_service.ts
@ -6,18 +6,17 @@ import transmit from '@adonisjs/transmit/services/main'
 import { doResumableDownloadWithRetry } from '../utils/downloads.js'
 import { join } from 'path'
 import { ZIM_STORAGE_PATH } from '../utils/fs.js'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
 import { exec } from 'child_process'
 import { promisify } from 'util'
 // import { readdir } from 'fs/promises'
 import KVStore from '#models/kv_store'
 import { BROADCAST_CHANNELS } from '../../constants/broadcast.js'
@inject()
 export class DockerService {
  public docker: Docker
  private activeInstallations: Set<string> = new Set()
  public static KIWIX_SERVICE_NAME = 'nomad_kiwix_serve'
  public static OLLAMA_SERVICE_NAME = 'nomad_ollama'
  public static OPEN_WEBUI_SERVICE_NAME = 'nomad_open_webui'
  public static CYBERCHEF_SERVICE_NAME = 'nomad_cyberchef'
  public static FLATNOTES_SERVICE_NAME = 'nomad_flatnotes'
  public static KOLIBRI_SERVICE_NAME = 'nomad_kolibri'
  public static BENCHMARK_SERVICE_NAME = 'nomad_benchmark'
  public static NOMAD_NETWORK = 'project-nomad_default'
  constructor() {
@ -114,8 +113,8 @@ export class DockerService {
      const containers = await this.docker.listContainers({ all: true })
      const containerMap = new Map<string, Docker.ContainerInfo>()
      containers.forEach((container) => {
-        const name = container.Names[0].replace('/', '')
+        const name = container.Names[0]?.replace('/', '')
-        if (name.startsWith('nomad_')) {
+        if (name && name.startsWith('nomad_')) {
          containerMap.set(name, container)
        }
      })
@ -310,11 +309,7 @@ export class DockerService {
        }
      } catch (error) {
        logger.warn(`Error during container cleanup: ${error.message}`)
-        this._broadcast(
+        this._broadcast(serviceName, 'cleanup-warning', `Warning during cleanup: ${error.message}`)
          serviceName,
          'cleanup-warning',
          `Warning during cleanup: ${error.message}`
        )
      }
      // Step 3: Clear volumes/data if needed
@ -356,7 +351,7 @@ export class DockerService {
      // Step 5: Recreate the container
      this._broadcast(serviceName, 'recreating', `Recreating container...`)
      const containerConfig = this._parseContainerConfig(service.container_config)
-      
+
      // Execute installation asynchronously and handle cleanup
      this._createContainer(service, containerConfig).catch(async (error) => {
        logger.error(`Reinstallation failed for ${serviceName}: ${error.message}`)
@ -427,16 +422,25 @@ export class DockerService {
        }
      }
-      // Start pulling the Docker image and wait for it to complete
+      const imageExists = await this._checkImageExists(service.container_image)
-      const pullStream = await this.docker.pull(service.container_image)
+      if (imageExists) {
-      this._broadcast(
+        this._broadcast(
-        service.service_name,
+          service.service_name,
-        'pulling',
+          'image-exists',
-        `Pulling Docker image ${service.container_image}...`
+          `Docker image ${service.container_image} already exists locally. Skipping pull...`
-      )
+        )
-      await new Promise((res) => this.docker.modem.followProgress(pullStream, res))
+      } else {
        // Start pulling the Docker image and wait for it to complete
        const pullStream = await this.docker.pull(service.container_image)
        this._broadcast(
          service.service_name,
          'pulling',
          `Pulling Docker image ${service.container_image}...`
        )
        await new Promise((res) => this.docker.modem.followProgress(pullStream, res))
      }
-      if (service.service_name === DockerService.KIWIX_SERVICE_NAME) {
+      if (service.service_name === SERVICE_NAMES.KIWIX) {
        await this._runPreinstallActions__KiwixServe()
        this._broadcast(
          service.service_name,
@ -445,16 +449,67 @@ export class DockerService {
        )
      }
      // GPU-aware configuration for Ollama
      let finalImage = service.container_image
      let gpuHostConfig = containerConfig?.HostConfig || {}
      if (service.service_name === SERVICE_NAMES.OLLAMA) {
        const gpuResult = await this._detectGPUType()
        if (gpuResult.type === 'nvidia') {
          this._broadcast(
            service.service_name,
            'gpu-config',
            `NVIDIA container runtime detected. Configuring container with GPU support...`
          )
          // Add GPU support for NVIDIA
          gpuHostConfig = {
            ...gpuHostConfig,
            DeviceRequests: [
              {
                Driver: 'nvidia',
                Count: -1, // -1 means all GPUs
                Capabilities: [['gpu']],
              },
            ],
          }
        } else if (gpuResult.type === 'amd') {
          this._broadcast(
            service.service_name,
            'gpu-config',
            `AMD GPU detected. ROCm GPU acceleration is not yet supported in this version — proceeding with CPU-only configuration. GPU support for AMD will be available in a future update.`
          )
          logger.warn('[DockerService] AMD GPU detected but ROCm support is not yet enabled. Using CPU-only configuration.')
          // TODO: Re-enable AMD GPU support once ROCm image and device discovery are validated.
          // When re-enabling:
          //   1. Switch image to 'ollama/ollama:rocm'
          //   2. Restore _discoverAMDDevices() to map /dev/kfd and /dev/dri/* into the container
        } else if (gpuResult.toolkitMissing) {
          this._broadcast(
            service.service_name,
            'gpu-config',
            `NVIDIA GPU detected but NVIDIA Container Toolkit is not installed. Using CPU-only configuration. Install the toolkit and reinstall AI Assistant for GPU acceleration: https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html`
          )
        } else {
          this._broadcast(
            service.service_name,
            'gpu-config',
            `No GPU detected. Using CPU-only configuration...`
          )
        }
      }
      this._broadcast(
        service.service_name,
        'creating',
        `Creating Docker container for service ${service.service_name}...`
      )
      const container = await this.docker.createContainer({
-        Image: service.container_image,
+        Image: finalImage,
        name: service.service_name,
        ...(containerConfig?.User && { User: containerConfig.User }),
-        ...(containerConfig?.HostConfig && { HostConfig: containerConfig.HostConfig }),
+        HostConfig: gpuHostConfig,
        ...(containerConfig?.WorkingDir && { WorkingDir: containerConfig.WorkingDir }),
        ...(containerConfig?.ExposedPorts && { ExposedPorts: containerConfig.ExposedPorts }),
        ...(containerConfig?.Env && { Env: containerConfig.Env }),
@ -466,7 +521,7 @@ export class DockerService {
              [DockerService.NOMAD_NETWORK]: {},
            },
          },
-        })
+        }),
      })
      this._broadcast(
@ -488,6 +543,22 @@ export class DockerService {
      // Remove from active installs tracking
      this.activeInstallations.delete(service.service_name)
      // If Ollama was just installed, trigger Nomad docs discovery and embedding
      if (service.service_name === SERVICE_NAMES.OLLAMA) {
        logger.info('[DockerService] Ollama installation complete. Default behavior is to not enable chat suggestions.')
        await KVStore.setValue('chat.suggestionsEnabled', false)
        logger.info('[DockerService] Ollama installation complete. Triggering Nomad docs discovery...')
        // Need to use dynamic imports here to avoid circular dependency
        const ollamaService = new (await import('./ollama_service.js')).OllamaService()
        const ragService = new (await import('./rag_service.js')).RagService(this, ollamaService)
        ragService.discoverNomadDocs().catch((error) => {
          logger.error('[DockerService] Failed to discover Nomad docs:', error)
        })
      }
      this._broadcast(
        service.service_name,
        'completed',
@ -526,8 +597,7 @@ export class DockerService {
      }
      const dockerContainer = this.docker.getContainer(container.Id)
-      await dockerContainer.stop()
+      await dockerContainer.remove({ force: true })
      await dockerContainer.remove()
      return { success: true, message: `Service ${serviceName} container removed successfully` }
    } catch (error) {
@ -545,18 +615,18 @@ export class DockerService {
     * We'll download the lightweight mini Wikipedia Top 100 zim file for this purpose.
     **/
    const WIKIPEDIA_ZIM_URL =
-      'https://github.com/Crosstalk-Solutions/project-nomad/raw/refs/heads/master/install/wikipedia_en_100_mini_2025-06.zim'
+      'https://github.com/Crosstalk-Solutions/project-nomad/raw/refs/heads/main/install/wikipedia_en_100_mini_2026-01.zim'
-    const filename = 'wikipedia_en_100_mini_2025-06.zim'
+    const filename = 'wikipedia_en_100_mini_2026-01.zim'
    const filepath = join(process.cwd(), ZIM_STORAGE_PATH, filename)
    logger.info(`[DockerService] Kiwix Serve pre-install: Downloading ZIM file to ${filepath}`)
    this._broadcast(
-      DockerService.KIWIX_SERVICE_NAME,
+      SERVICE_NAMES.KIWIX,
      'preinstall',
      `Running pre-install actions for Kiwix Serve...`
    )
    this._broadcast(
-      DockerService.KIWIX_SERVICE_NAME,
+      SERVICE_NAMES.KIWIX,
      'preinstall',
      `Downloading Wikipedia ZIM file from ${WIKIPEDIA_ZIM_URL}. This may take some time...`
    )
@ -574,13 +644,13 @@ export class DockerService {
      })
      this._broadcast(
-        DockerService.KIWIX_SERVICE_NAME,
+        SERVICE_NAMES.KIWIX,
        'preinstall',
        `Downloaded Wikipedia ZIM file to ${filepath}`
      )
    } catch (error) {
      this._broadcast(
-        DockerService.KIWIX_SERVICE_NAME,
+        SERVICE_NAMES.KIWIX,
        'preinstall-error',
        `Failed to download Wikipedia ZIM file: ${error.message}`
      )
@ -596,6 +666,10 @@ export class DockerService {
        await service.save()
      }
      this.activeInstallations.delete(serviceName)
      // Ensure any partially created container is removed
      await this._removeServiceContainer(serviceName)
      logger.info(`[DockerService] Cleaned up failed installation for ${serviceName}`)
    } catch (error) {
      logger.error(
@ -604,8 +678,365 @@ export class DockerService {
    }
  }
  /**
   * Detect GPU type and toolkit availability.
   * Primary: Check Docker runtimes via docker.info() (works from inside containers).
   * Fallback: lspci for host-based installs and AMD detection.
   */
  private async _detectGPUType(): Promise<{ type: 'nvidia' | 'amd' | 'none'; toolkitMissing?: boolean }> {
    try {
      // Primary: Check Docker daemon for nvidia runtime (works from inside containers)
      try {
        const dockerInfo = await this.docker.info()
        const runtimes = dockerInfo.Runtimes || {}
        if ('nvidia' in runtimes) {
          logger.info('[DockerService] NVIDIA container runtime detected via Docker API')
          await this._persistGPUType('nvidia')
          return { type: 'nvidia' }
        }
      } catch (error) {
        logger.warn(`[DockerService] Could not query Docker info for GPU runtimes: ${error.message}`)
      }
      // Fallback: lspci for host-based installs (not available inside Docker)
      const execAsync = promisify(exec)
      // Check for NVIDIA GPU via lspci
      try {
        const { stdout: nvidiaCheck } = await execAsync(
          'lspci 2>/dev/null | grep -i nvidia || true'
        )
        if (nvidiaCheck.trim()) {
          // GPU hardware found but no nvidia runtime — toolkit not installed
          logger.warn('[DockerService] NVIDIA GPU detected via lspci but NVIDIA Container Toolkit is not installed')
          return { type: 'none', toolkitMissing: true }
        }
      } catch (error) {
        // lspci not available (likely inside Docker container), continue
      }
      // Check for AMD GPU via lspci — restrict to display controller classes to avoid
      // false positives from AMD CPU host bridges, PCI bridges, and chipset devices.
      try {
        const { stdout: amdCheck } = await execAsync(
          'lspci 2>/dev/null | grep -iE "VGA|3D controller|Display" | grep -iE "amd|radeon" || true'
        )
        if (amdCheck.trim()) {
          logger.info('[DockerService] AMD GPU detected via lspci')
          await this._persistGPUType('amd')
          return { type: 'amd' }
        }
      } catch (error) {
        // lspci not available, continue
      }
      // Last resort: check if we previously detected a GPU and it's likely still present.
      // This handles cases where live detection fails transiently (e.g., Docker daemon
      // hiccup, runtime temporarily unavailable) but the hardware hasn't changed.
      try {
        const savedType = await KVStore.getValue('gpu.type')
        if (savedType === 'nvidia' || savedType === 'amd') {
          logger.info(`[DockerService] No GPU detected live, but KV store has '${savedType}' from previous detection. Using saved value.`)
          return { type: savedType as 'nvidia' | 'amd' }
        }
      } catch {
        // KV store not available, continue
      }
      logger.info('[DockerService] No GPU detected')
      return { type: 'none' }
    } catch (error) {
      logger.warn(`[DockerService] Error detecting GPU type: ${error.message}`)
      return { type: 'none' }
    }
  }
  private async _persistGPUType(type: 'nvidia' | 'amd'): Promise<void> {
    try {
      await KVStore.setValue('gpu.type', type)
      logger.info(`[DockerService] Persisted GPU type '${type}' to KV store`)
    } catch (error) {
      logger.warn(`[DockerService] Failed to persist GPU type: ${error.message}`)
    }
  }
  /**
   * Discover AMD GPU DRI devices dynamically.
   * Returns an array of device configurations for Docker.
   */
  // private async _discoverAMDDevices(): Promise<
  //   Array<{ PathOnHost: string; PathInContainer: string; CgroupPermissions: string }>
  // > {
  //   try {
  //     const devices: Array<{
  //       PathOnHost: string
  //       PathInContainer: string
  //       CgroupPermissions: string
  //     }> = []
  //     // Always add /dev/kfd (Kernel Fusion Driver)
  //     devices.push({
  //       PathOnHost: '/dev/kfd',
  //       PathInContainer: '/dev/kfd',
  //       CgroupPermissions: 'rwm',
  //     })
  //     // Discover DRI devices in /dev/dri/
  //     try {
  //       const driDevices = await readdir('/dev/dri')
  //       for (const device of driDevices) {
  //         const devicePath = `/dev/dri/${device}`
  //         devices.push({
  //           PathOnHost: devicePath,
  //           PathInContainer: devicePath,
  //           CgroupPermissions: 'rwm',
  //         })
  //       }
  //       logger.info(
  //         `[DockerService] Discovered ${driDevices.length} DRI devices: ${driDevices.join(', ')}`
  //       )
  //     } catch (error) {
  //       logger.warn(`[DockerService] Could not read /dev/dri directory: ${error.message}`)
  //       // Fallback to common device names if directory read fails
  //       const fallbackDevices = ['card0', 'renderD128']
  //       for (const device of fallbackDevices) {
  //         devices.push({
  //           PathOnHost: `/dev/dri/${device}`,
  //           PathInContainer: `/dev/dri/${device}`,
  //           CgroupPermissions: 'rwm',
  //         })
  //       }
  //       logger.info(`[DockerService] Using fallback DRI devices: ${fallbackDevices.join(', ')}`)
  //     }
  //     return devices
  //   } catch (error) {
  //     logger.error(`[DockerService] Error discovering AMD devices: ${error.message}`)
  //     return []
  //   }
  // }
  /**
   * Update a service container to a new image version while preserving volumes and data.
   * Includes automatic rollback if the new container fails health checks.
   */
  async updateContainer(
    serviceName: string,
    targetVersion: string
  ): Promise<{ success: boolean; message: string }> {
    try {
      const service = await Service.query().where('service_name', serviceName).first()
      if (!service) {
        return { success: false, message: `Service ${serviceName} not found` }
      }
      if (!service.installed) {
        return { success: false, message: `Service ${serviceName} is not installed` }
      }
      if (this.activeInstallations.has(serviceName)) {
        return { success: false, message: `Service ${serviceName} already has an operation in progress` }
      }
      this.activeInstallations.add(serviceName)
      // Compute new image string
      const currentImage = service.container_image
      const imageBase = currentImage.includes(':')
        ? currentImage.substring(0, currentImage.lastIndexOf(':'))
        : currentImage
      const newImage = `${imageBase}:${targetVersion}`
      // Step 1: Pull new image
      this._broadcast(serviceName, 'update-pulling', `Pulling image ${newImage}...`)
      const pullStream = await this.docker.pull(newImage)
      await new Promise((res) => this.docker.modem.followProgress(pullStream, res))
      // Step 2: Find and stop existing container
      this._broadcast(serviceName, 'update-stopping', `Stopping current container...`)
      const containers = await this.docker.listContainers({ all: true })
      const existingContainer = containers.find((c) => c.Names.includes(`/${serviceName}`))
      if (!existingContainer) {
        this.activeInstallations.delete(serviceName)
        return { success: false, message: `Container for ${serviceName} not found` }
      }
      const oldContainer = this.docker.getContainer(existingContainer.Id)
      // Inspect to capture full config before stopping
      const inspectData = await oldContainer.inspect()
      if (existingContainer.State === 'running') {
        await oldContainer.stop({ t: 15 })
      }
      // Step 3: Rename old container as safety net
      const oldName = `${serviceName}_old`
      await oldContainer.rename({ name: oldName })
      // Step 4: Create new container with inspected config + new image
      this._broadcast(serviceName, 'update-creating', `Creating updated container...`)
      const hostConfig = inspectData.HostConfig || {}
      // Re-run GPU detection for Ollama so updates always reflect the current GPU environment.
      // This handles cases where the NVIDIA Container Toolkit was installed after the initial
      // Ollama setup, and ensures DeviceRequests are always built fresh rather than relying on
      // round-tripping the Docker inspect format back into the create API.
      let updatedDeviceRequests: any[] | undefined = undefined
      if (serviceName === SERVICE_NAMES.OLLAMA) {
        const gpuResult = await this._detectGPUType()
        if (gpuResult.type === 'nvidia') {
          this._broadcast(
            serviceName,
            'update-gpu-config',
            `NVIDIA container runtime detected. Configuring updated container with GPU support...`
          )
          updatedDeviceRequests = [
            {
              Driver: 'nvidia',
              Count: -1,
              Capabilities: [['gpu']],
            },
          ]
        } else if (gpuResult.type === 'amd') {
          this._broadcast(
            serviceName,
            'update-gpu-config',
            `AMD GPU detected. ROCm GPU acceleration is not yet supported — using CPU-only configuration.`
          )
        } else if (gpuResult.toolkitMissing) {
          this._broadcast(
            serviceName,
            'update-gpu-config',
            `NVIDIA GPU detected but NVIDIA Container Toolkit is not installed. Using CPU-only configuration. Install the toolkit and reinstall AI Assistant for GPU acceleration: https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html`
          )
        } else {
          this._broadcast(serviceName, 'update-gpu-config', `No GPU detected. Using CPU-only configuration.`)
        }
      }
      const newContainerConfig: any = {
        Image: newImage,
        name: serviceName,
        Env: inspectData.Config?.Env || undefined,
        Cmd: inspectData.Config?.Cmd || undefined,
        ExposedPorts: inspectData.Config?.ExposedPorts || undefined,
        WorkingDir: inspectData.Config?.WorkingDir || undefined,
        User: inspectData.Config?.User || undefined,
        HostConfig: {
          Binds: hostConfig.Binds || undefined,
          PortBindings: hostConfig.PortBindings || undefined,
          RestartPolicy: hostConfig.RestartPolicy || undefined,
          DeviceRequests: serviceName === SERVICE_NAMES.OLLAMA ? updatedDeviceRequests : (hostConfig.DeviceRequests || undefined),
          Devices: hostConfig.Devices || undefined,
        },
        NetworkingConfig: inspectData.NetworkSettings?.Networks
          ? {
              EndpointsConfig: Object.fromEntries(
                Object.keys(inspectData.NetworkSettings.Networks).map((net) => [net, {}])
              ),
            }
          : undefined,
      }
      // Remove undefined values from HostConfig
      Object.keys(newContainerConfig.HostConfig).forEach((key) => {
        if (newContainerConfig.HostConfig[key] === undefined) {
          delete newContainerConfig.HostConfig[key]
        }
      })
      let newContainer: any
      try {
        newContainer = await this.docker.createContainer(newContainerConfig)
      } catch (createError) {
        // Rollback: rename old container back
        this._broadcast(serviceName, 'update-rollback', `Failed to create new container: ${createError.message}. Rolling back...`)
        const rollbackContainer = this.docker.getContainer((await this.docker.listContainers({ all: true })).find((c) => c.Names.includes(`/${oldName}`))!.Id)
        await rollbackContainer.rename({ name: serviceName })
        await rollbackContainer.start()
        this.activeInstallations.delete(serviceName)
        return { success: false, message: `Failed to create updated container: ${createError.message}` }
      }
      // Step 5: Start new container
      this._broadcast(serviceName, 'update-starting', `Starting updated container...`)
      await newContainer.start()
      // Step 6: Health check — verify container stays running for 5 seconds
      await new Promise((resolve) => setTimeout(resolve, 5000))
      const newContainerInfo = await newContainer.inspect()
      if (newContainerInfo.State?.Running) {
        // Healthy — clean up old container
        try {
          const oldContainerRef = this.docker.getContainer(
            (await this.docker.listContainers({ all: true })).find((c) =>
              c.Names.includes(`/${oldName}`)
            )?.Id || ''
          )
          await oldContainerRef.remove({ force: true })
        } catch {
          // Old container may already be gone
        }
        // Update DB
        service.container_image = newImage
        service.available_update_version = null
        await service.save()
        this.activeInstallations.delete(serviceName)
        this._broadcast(
          serviceName,
          'update-complete',
          `Successfully updated ${serviceName} to ${targetVersion}`
        )
        return { success: true, message: `Service ${serviceName} updated to ${targetVersion}` }
      } else {
        // Unhealthy — rollback
        this._broadcast(
          serviceName,
          'update-rollback',
          `New container failed health check. Rolling back to previous version...`
        )
        try {
          await newContainer.stop({ t: 5 }).catch(() => {})
          await newContainer.remove({ force: true })
        } catch {
          // Best effort cleanup
        }
        // Restore old container
        const oldContainers = await this.docker.listContainers({ all: true })
        const oldRef = oldContainers.find((c) => c.Names.includes(`/${oldName}`))
        if (oldRef) {
          const rollbackContainer = this.docker.getContainer(oldRef.Id)
          await rollbackContainer.rename({ name: serviceName })
          await rollbackContainer.start()
        }
        this.activeInstallations.delete(serviceName)
        return {
          success: false,
          message: `Update failed: new container did not stay running. Rolled back to previous version.`,
        }
      }
    } catch (error) {
      this.activeInstallations.delete(serviceName)
      this._broadcast(
        serviceName,
        'update-rollback',
        `Update failed: ${error.message}`
      )
      logger.error(`[DockerService] Update failed for ${serviceName}: ${error.message}`)
      return { success: false, message: `Update failed: ${error.message}` }
    }
  }
  private _broadcast(service: string, status: string, message: string) {
-    transmit.broadcast('service-installation', {
+    transmit.broadcast(BROADCAST_CHANNELS.SERVICE_INSTALLATION, {
      service_name: service,
      timestamp: new Date().toISOString(),
      status,
@ -632,4 +1063,22 @@ export class DockerService {
      throw new Error(`Invalid container configuration: ${error.message}`)
    }
  }
  /**
   * Check if a Docker image exists locally.
   * @param imageName - The name and tag of the image (e.g., "nginx:latest")
   * @returns - True if the image exists locally, false otherwise
   */
  private async _checkImageExists(imageName: string): Promise<boolean> {
    try {
      const images = await this.docker.listImages()
      // Check if any image has a RepoTag that matches the requested image
      return images.some((image) => image.RepoTags && image.RepoTags.includes(imageName))
    } catch (error) {
      logger.warn(`Error checking if image exists: ${error.message}`)
      // If run into an error, assume the image does not exist
      return false
    }
  }
 }
--- a/admin/app/services/docs_service.ts
+++ b/admin/app/services/docs_service.ts
@ -3,9 +3,20 @@ import { streamToString } from '../../util/docs.js'
 import { getFile, getFileStatsIfExists, listDirectoryContentsRecursive } from '../utils/fs.js'
 import path from 'path'
 import InternalServerErrorException from '#exceptions/internal_server_error_exception'
 import logger from '@adonisjs/core/services/logger'
 export class DocsService {
  private docsPath = path.join(process.cwd(), 'docs')
  private static readonly DOC_ORDER: Record<string, number> = {
    'home': 1,
    'getting-started': 2,
    'use-cases': 3,
    'faq': 4,
    'about': 5,
    'release-notes': 6,
  }
  async getDocs() {
    const contents = await listDirectoryContentsRecursive(this.docsPath)
    const files: Array<{ title: string; slug: string }> = []
@ -20,7 +31,11 @@ export class DocsService {
      }
    }
-    return files.sort((a, b) => a.title.localeCompare(b.title))
+    return files.sort((a, b) => {
      const orderA = DocsService.DOC_ORDER[a.slug] ?? 999
      const orderB = DocsService.DOC_ORDER[b.slug] ?? 999
      return orderA - orderB
    })
  }
  parse(content: string) {
@ -32,13 +47,13 @@ export class DocsService {
      // Filter out attribute-undefined errors which may be caused by emojis and special characters
      const criticalErrors = errors.filter((e) => e.error.id !== 'attribute-undefined')
      if (criticalErrors.length > 0) {
-        console.error('Markdoc validation errors:', errors.map((e) => JSON.stringify(e.error)).join(', '))
+        logger.error('Markdoc validation errors:', errors.map((e) => JSON.stringify(e.error)).join(', '))
        throw new Error('Markdoc validation failed')
      }
      return Markdoc.transform(ast, config)
    } catch (error) {
-      console.log('Error parsing Markdoc content:', error)
+      logger.error('Error parsing Markdoc content:', error)
      throw new InternalServerErrorException(`Error parsing content: ${(error as Error).message}`)
    }
  }
@ -51,12 +66,19 @@ export class DocsService {
      const filename = _filename.endsWith('.md') ? _filename : `${_filename}.md`
-      const fileExists = await getFileStatsIfExists(path.join(this.docsPath, filename))
+      // Prevent path traversal — resolved path must stay within the docs directory
      const basePath = path.resolve(this.docsPath)
      const fullPath = path.resolve(path.join(this.docsPath, filename))
      if (!fullPath.startsWith(basePath + path.sep)) {
        throw new Error('Invalid document slug')
      }
      const fileExists = await getFileStatsIfExists(fullPath)
      if (!fileExists) {
        throw new Error(`File not found: ${filename}`)
      }
-      const fileStream = await getFile(path.join(this.docsPath, filename), 'stream')
+      const fileStream = await getFile(fullPath, 'stream')
      if (!fileStream) {
        throw new Error(`Failed to read file stream: ${filename}`)
      }
@ -67,9 +89,17 @@ export class DocsService {
    }
  }
  private static readonly TITLE_OVERRIDES: Record<string, string> = {
    'faq': 'FAQ',
  }
  private prettify(filename: string) {
    const slug = filename.replace(/\.md$/, '')
    if (DocsService.TITLE_OVERRIDES[slug]) {
      return DocsService.TITLE_OVERRIDES[slug]
    }
    // Remove hyphens, underscores, and file extension
-    const cleaned = filename.replace(/_/g, ' ').replace(/\.md$/, '').replace(/-/g, ' ')
+    const cleaned = slug.replace(/_/g, ' ').replace(/-/g, ' ')
    // Convert to Title Case
    const titleCased = cleaned.replace(/\b\w/g, (char) => char.toUpperCase())
    return titleCased.charAt(0).toUpperCase() + titleCased.slice(1)
@ -115,6 +145,58 @@ export class DocsService {
            class: { type: String }
          }
        },
        table: {
          render: 'Table',
        },
        thead: {
          render: 'TableHead',
        },
        tbody: {
          render: 'TableBody',
        },
        tr: {
          render: 'TableRow',
        },
        th: {
          render: 'TableHeader',
        },
        td: {
          render: 'TableCell',
        },
        paragraph: {
          render: 'Paragraph',
        },
        image: {
          render: 'Image',
          attributes: {
            src: { type: String, required: true },
            alt: { type: String },
            title: { type: String },
          },
        },
        link: {
          render: 'Link',
          attributes: {
            href: { type: String, required: true },
            title: { type: String },
          },
        },
        fence: {
          render: 'CodeBlock',
          attributes: {
            content: { type: String },
            language: { type: String },
          },
        },
        code: {
          render: 'InlineCode',
          attributes: {
            content: { type: String },
          },
        },
        hr: {
          render: 'HorizontalRule',
        },
      },
    }
  }
--- a/admin/app/services/download_service.ts
+++ b/admin/app/services/download_service.ts
@ -1,6 +1,7 @@
 import { inject } from '@adonisjs/core'
 import { QueueService } from './queue_service.js'
 import { RunDownloadJob } from '#jobs/run_download_job'
 import { DownloadModelJob } from '#jobs/download_model_job'
 import { DownloadJobWithProgress } from '../../types/downloads.js'
 import { normalize } from 'path'
@ -9,17 +10,55 @@ export class DownloadService {
  constructor(private queueService: QueueService) {}
  async listDownloadJobs(filetype?: string): Promise<DownloadJobWithProgress[]> {
    // Get regular file download jobs (zim, map, etc.)
    const queue = this.queueService.getQueue(RunDownloadJob.queue)
-    const jobs = await queue.getJobs(['waiting', 'active', 'delayed'])
+    const fileJobs = await queue.getJobs(['waiting', 'active', 'delayed', 'failed'])
-    return jobs
+    const fileDownloads = fileJobs.map((job) => ({
-      .map((job) => ({
+      jobId: job.id!.toString(),
-        jobId: job.id!.toString(),
+      url: job.data.url,
-        url: job.data.url,
+      progress: parseInt(job.progress.toString(), 10),
-        progress: parseInt(job.progress.toString(), 10),
+      filepath: normalize(job.data.filepath),
-        filepath: normalize(job.data.filepath),
+      filetype: job.data.filetype,
-        filetype: job.data.filetype,
+      status: (job.failedReason ? 'failed' : 'active') as 'active' | 'failed',
-      }))
+      failedReason: job.failedReason || undefined,
-      .filter((job) => !filetype || job.filetype === filetype)
+    }))
    // Get Ollama model download jobs
    const modelQueue = this.queueService.getQueue(DownloadModelJob.queue)
    const modelJobs = await modelQueue.getJobs(['waiting', 'active', 'delayed', 'failed'])
    const modelDownloads = modelJobs.map((job) => ({
      jobId: job.id!.toString(),
      url: job.data.modelName || 'Unknown Model', // Use model name as url
      progress: parseInt(job.progress.toString(), 10),
      filepath: job.data.modelName || 'Unknown Model', // Use model name as filepath
      filetype: 'model',
      status: (job.failedReason ? 'failed' : 'active') as 'active' | 'failed',
      failedReason: job.failedReason || undefined,
    }))
    const allDownloads = [...fileDownloads, ...modelDownloads]
    // Filter by filetype if specified
    const filtered = allDownloads.filter((job) => !filetype || job.filetype === filetype)
    // Sort: active downloads first (by progress desc), then failed at the bottom
    return filtered.sort((a, b) => {
      if (a.status === 'failed' && b.status !== 'failed') return 1
      if (a.status !== 'failed' && b.status === 'failed') return -1
      return b.progress - a.progress
    })
  }
  async removeFailedJob(jobId: string): Promise<void> {
    for (const queueName of [RunDownloadJob.queue, DownloadModelJob.queue]) {
      const queue = this.queueService.getQueue(queueName)
      const job = await queue.getJob(jobId)
      if (job) {
        await job.remove()
        return
      }
    }
  }
 }
--- a/admin/app/services/map_service.ts
+++ b/admin/app/services/map_service.ts
@ -1,6 +1,5 @@
 import { BaseStylesFile, MapLayer } from '../../types/maps.js'
 import {
  DownloadCollectionOperation,
  DownloadRemoteSuccessCallback,
  FileEntry,
 } from '../../types/files.js'
@ -14,16 +13,13 @@ import {
  getFile,
  ensureDirectoryExists,
 } from '../utils/fs.js'
-import { join } from 'path'
+import { join, resolve, sep } from 'path'
 import urlJoin from 'url-join'
 import axios from 'axios'
 import { RunDownloadJob } from '#jobs/run_download_job'
 import logger from '@adonisjs/core/services/logger'
-import { CuratedCollectionsFile, CuratedCollectionWithStatus } from '../../types/downloads.js'
+import InstalledResource from '#models/installed_resource'
-import CuratedCollection from '#models/curated_collection'
+import { CollectionManifestService } from './collection_manifest_service.js'
-import vine from '@vinejs/vine'
+import type { CollectionWithStatus, MapsSpec } from '../../types/collections.js'
 import { curatedCollectionsFileSchema } from '#validators/curated_collections'
 import CuratedCollectionResource from '#models/curated_collection_resource'
 const BASE_ASSETS_MIME_TYPES = [
  'application/gzip',
@ -31,15 +27,11 @@ const BASE_ASSETS_MIME_TYPES = [
  'application/octet-stream',
 ]
 const COLLECTIONS_URL =
  'https://github.com/Crosstalk-Solutions/project-nomad/raw/refs/heads/master/collections/maps.json'
 const PMTILES_ATTRIBUTION =
  '<a href="https://github.com/protomaps/basemaps">Protomaps</a> © <a href="https://openstreetmap.org">OpenStreetMap</a>'
 const PMTILES_MIME_TYPES = ['application/vnd.pmtiles', 'application/octet-stream']
 interface IMapService {
  downloadCollection: DownloadCollectionOperation
  downloadRemoteSuccessCallback: DownloadRemoteSuccessCallback
 }
@ -99,34 +91,33 @@ export class MapService implements IMapService {
    return true
  }
-  async downloadCollection(slug: string) {
+  async downloadCollection(slug: string): Promise<string[] | null> {
-    const collection = await CuratedCollection.query()
+    const manifestService = new CollectionManifestService()
-      .where('slug', slug)
+    const spec = await manifestService.getSpecWithFallback<MapsSpec>('maps')
-      .andWhere('type', 'map')
+    if (!spec) return null
      .first()
    if (!collection) {
      return null
    }
-    const resources = await collection.related('resources').query().where('downloaded', false)
+    const collection = spec.collections.find((c) => c.slug === slug)
-    if (resources.length === 0) {
+    if (!collection) return null
-      return null
+
-    }
+    // Filter out already installed
    const installed = await InstalledResource.query().where('resource_type', 'map')
    const installedIds = new Set(installed.map((r) => r.resource_id))
    const toDownload = collection.resources.filter((r) => !installedIds.has(r.id))
    if (toDownload.length === 0) return null
    const downloadUrls = resources.map((res) => res.url)
    const downloadFilenames: string[] = []
-    for (const url of downloadUrls) {
+    for (const resource of toDownload) {
-      const existing = await RunDownloadJob.getByUrl(url)
+      const existing = await RunDownloadJob.getByUrl(resource.url)
      if (existing) {
-        logger.warn(`[MapService] Download already in progress for URL ${url}, skipping.`)
+        logger.warn(`[MapService] Download already in progress for URL ${resource.url}, skipping.`)
        continue
      }
-      // Extract the filename from the URL
+      const filename = resource.url.split('/').pop()
      const filename = url.split('/').pop()
      if (!filename) {
-        logger.warn(`[MapService] Could not determine filename from URL ${url}, skipping.`)
+        logger.warn(`[MapService] Could not determine filename from URL ${resource.url}, skipping.`)
        continue
      }
@ -134,12 +125,17 @@ export class MapService implements IMapService {
      const filepath = join(process.cwd(), this.mapStoragePath, 'pmtiles', filename)
      await RunDownloadJob.dispatch({
-        url,
+        url: resource.url,
        filepath,
        timeout: 30000,
        allowedMimeTypes: PMTILES_MIME_TYPES,
        forceNew: true,
        filetype: 'map',
        resourceMetadata: {
          resource_id: resource.id,
          version: resource.version,
          collection_ref: slug,
        },
      })
    }
@ -147,11 +143,33 @@ export class MapService implements IMapService {
  }
  async downloadRemoteSuccessCallback(urls: string[], _: boolean) {
-    const resources = await CuratedCollectionResource.query().whereIn('url', urls)
+    // Create InstalledResource entries for downloaded map files
-    for (const resource of resources) {
+    for (const url of urls) {
-      resource.downloaded = true
+      const filename = url.split('/').pop()
-      await resource.save()
+      if (!filename) continue
-      logger.info(`[MapService] Marked resource as downloaded: ${resource.url}`)
+
      const parsed = CollectionManifestService.parseMapFilename(filename)
      if (!parsed) continue
      const filepath = join(process.cwd(), this.mapStoragePath, 'pmtiles', filename)
      const stats = await getFileStatsIfExists(filepath)
      try {
        const { DateTime } = await import('luxon')
        await InstalledResource.updateOrCreate(
          { resource_id: parsed.resource_id, resource_type: 'map' },
          {
            version: parsed.version,
            url: url,
            file_path: filepath,
            file_size_bytes: stats ? Number(stats.size) : null,
            installed_at: DateTime.now(),
          }
        )
        logger.info(`[MapService] Created InstalledResource entry for: ${parsed.resource_id}`)
      } catch (error) {
        logger.error(`[MapService] Failed to create InstalledResource for ${filename}:`, error)
      }
    }
  }
@ -182,6 +200,12 @@ export class MapService implements IMapService {
      )
    }
    // Parse resource metadata
    const parsedFilename = CollectionManifestService.parseMapFilename(filename)
    const resourceMetadata = parsedFilename
      ? { resource_id: parsedFilename.resource_id, version: parsedFilename.version, collection_ref: null }
      : undefined
    // Dispatch background job
    const result = await RunDownloadJob.dispatch({
      url,
@ -190,6 +214,7 @@ export class MapService implements IMapService {
      allowedMimeTypes: PMTILES_MIME_TYPES,
      forceNew: true,
      filetype: 'map',
      resourceMetadata,
    })
    if (!result.job) {
@ -219,6 +244,7 @@ export class MapService implements IMapService {
      }
      // Perform a HEAD request to get the content length
      const { default: axios } = await import('axios')
      const response = await axios.head(url)
      if (response.status !== 200) {
@ -229,12 +255,12 @@ export class MapService implements IMapService {
      const size = contentLength ? parseInt(contentLength, 10) : 0
      return { filename, size }
-    } catch (error) {
+    } catch (error: any) {
      return { message: `Preflight check failed: ${error.message}` }
    }
  }
-  async generateStylesJSON() {
+  async generateStylesJSON(host: string | null = null, protocol: string = 'http'): Promise<BaseStylesFile> {
    if (!(await this.checkBaseAssetsExist())) {
      throw new Error('Base map assets are missing from storage/maps')
    }
@ -248,9 +274,15 @@ export class MapService implements IMapService {
    const rawStyles = JSON.parse(baseStyle.toString()) as BaseStylesFile
    const regions = (await this.listRegions()).files
    const sources = this.generateSourcesArray(regions)
-    const baseUrl = this.getPublicFileBaseUrl(this.basemapsAssetsDir)
+    /** If we have the host, use it to build public URLs, otherwise we'll fallback to defaults
    * This is mainly useful because we need to know what host the user is accessing from in order to
    * properly generate URLs in the styles file
    * e.g. user is accessing from "example.com", but we would by default generate "localhost:8080/..." so maps would
    * fail to load.
    */
    const sources = this.generateSourcesArray(host, regions, protocol)
    const baseUrl = this.getPublicFileBaseUrl(host, this.basemapsAssetsDir, protocol)
    const styles = await this.generateStylesFile(
      rawStyles,
@ -262,45 +294,14 @@ export class MapService implements IMapService {
    return styles
  }
-  async listCuratedCollections(): Promise<CuratedCollectionWithStatus[]> {
+  async listCuratedCollections(): Promise<CollectionWithStatus[]> {
-    const collections = await CuratedCollection.query().where('type', 'map').preload('resources')
+    const manifestService = new CollectionManifestService()
-    return collections.map((collection) => ({
+    return manifestService.getMapCollectionsWithStatus()
      ...(collection.serialize() as CuratedCollection),
      all_downloaded: collection.resources.every((res) => res.downloaded),
    }))
  }
  async fetchLatestCollections(): Promise<boolean> {
-    try {
+    const manifestService = new CollectionManifestService()
-      const response = await axios.get<CuratedCollectionsFile>(COLLECTIONS_URL)
+    return manifestService.fetchAndCacheSpec('maps')
      const validated = await vine.validate({
        schema: curatedCollectionsFileSchema,
        data: response.data,
      })
      for (const collection of validated.collections) {
        const collectionResult = await CuratedCollection.updateOrCreate(
          { slug: collection.slug },
          {
            ...collection,
            type: 'map',
          }
        )
        logger.info(`[MapService] Upserted curated collection: ${collection.slug}`)
        await collectionResult.related('resources').createMany(collection.resources)
        logger.info(
          `[MapService] Upserted ${collection.resources.length} resources for collection: ${collection.slug}`
        )
      }
      return true
    } catch (error) {
      console.error(error)
      logger.error(`[MapService] Failed to download latest Kiwix collections:`, error)
      return false
    }
  }
  async ensureBaseAssets(): Promise<boolean> {
@ -341,13 +342,15 @@ export class MapService implements IMapService {
    return await listDirectoryContentsRecursive(this.baseDirPath)
  }
-  private generateSourcesArray(regions: FileEntry[]): BaseStylesFile['sources'][] {
+  private generateSourcesArray(host: string | null, regions: FileEntry[], protocol: string = 'http'): BaseStylesFile['sources'][] {
    const sources: BaseStylesFile['sources'][] = []
-    const baseUrl = this.getPublicFileBaseUrl('pmtiles')
+    const baseUrl = this.getPublicFileBaseUrl(host, 'pmtiles', protocol)
    for (const region of regions) {
      if (region.type === 'file' && region.name.endsWith('.pmtiles')) {
-        const regionName = region.name.replace('.pmtiles', '')
+        // Strip .pmtiles and date suffix (e.g. "alaska_2025-12" -> "alaska") for stable source names
        const parsed = CollectionManifestService.parseMapFilename(region.name)
        const regionName = parsed ? parsed.resource_id : region.name.replace('.pmtiles', '')
        const source: BaseStylesFile['sources'] = {}
        const sourceUrl = urlJoin(baseUrl, region.name)
@ -397,11 +400,17 @@ export class MapService implements IMapService {
  async delete(file: string): Promise<void> {
    let fileName = file
-    if (!fileName.endsWith('.zim')) {
+    if (!fileName.endsWith('.pmtiles')) {
-      fileName += '.zim'
+      fileName += '.pmtiles'
    }
-    const fullPath = join(this.baseDirPath, fileName)
+    const basePath = resolve(join(this.baseDirPath, 'pmtiles'))
    const fullPath = resolve(join(basePath, fileName))
    // Prevent path traversal — resolved path must stay within the storage directory
    if (!fullPath.startsWith(basePath + sep)) {
      throw new Error('Invalid filename')
    }
    const exists = await getFileStatsIfExists(fullPath)
    if (!exists) {
@ -409,12 +418,22 @@ export class MapService implements IMapService {
    }
    await deleteFileIfExists(fullPath)
    // Clean up InstalledResource entry
    const parsed = CollectionManifestService.parseMapFilename(fileName)
    if (parsed) {
      await InstalledResource.query()
        .where('resource_id', parsed.resource_id)
        .where('resource_type', 'map')
        .delete()
      logger.info(`[MapService] Deleted InstalledResource entry for: ${parsed.resource_id}`)
    }
  }
  /*
   * Gets the appropriate public URL for a map asset depending on environment
   */
-  private getPublicFileBaseUrl(childPath: string): string {
+  private getPublicFileBaseUrl(specifiedHost: string | null, childPath: string, protocol: string = 'http'): string {
    function getHost() {
      try {
        const localUrlRaw = env.get('URL')
@ -427,8 +446,8 @@ export class MapService implements IMapService {
      }
    }
-    const host = getHost()
+    const host = specifiedHost || getHost()
-    const withProtocol = host.startsWith('http') ? host : `http://${host}`
+    const withProtocol = host.startsWith('http') ? host : `${protocol}://${host}`
    const baseUrlPath =
      process.env.NODE_ENV === 'production' ? childPath : urlJoin(this.mapStoragePath, childPath)
--- a/admin/app/services/ollama_service.ts
+++ b/admin/app/services/ollama_service.ts
@ -0,0 +1,421 @@
 import { inject } from '@adonisjs/core'
 import { ChatRequest, Ollama } from 'ollama'
 import { NomadOllamaModel } from '../../types/ollama.js'
 import { FALLBACK_RECOMMENDED_OLLAMA_MODELS } from '../../constants/ollama.js'
 import fs from 'node:fs/promises'
 import path from 'node:path'
 import logger from '@adonisjs/core/services/logger'
 import axios from 'axios'
 import { DownloadModelJob } from '#jobs/download_model_job'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
 import transmit from '@adonisjs/transmit/services/main'
 import Fuse, { IFuseOptions } from 'fuse.js'
 import { BROADCAST_CHANNELS } from '../../constants/broadcast.js'
 import env from '#start/env'
 import { NOMAD_API_DEFAULT_BASE_URL } from '../../constants/misc.js'
 const NOMAD_MODELS_API_PATH = '/api/v1/ollama/models'
 const MODELS_CACHE_FILE = path.join(process.cwd(), 'storage', 'ollama-models-cache.json')
 const CACHE_MAX_AGE_MS = 24 * 60 * 60 * 1000 // 24 hours
@inject()
 export class OllamaService {
  private ollama: Ollama | null = null
  private ollamaInitPromise: Promise<void> | null = null
  constructor() { }
  private async _initializeOllamaClient() {
    if (!this.ollamaInitPromise) {
      this.ollamaInitPromise = (async () => {
        const dockerService = new (await import('./docker_service.js')).DockerService()
        const qdrantUrl = await dockerService.getServiceURL(SERVICE_NAMES.OLLAMA)
        if (!qdrantUrl) {
          throw new Error('Ollama service is not installed or running.')
        }
        this.ollama = new Ollama({ host: qdrantUrl })
      })()
    }
    return this.ollamaInitPromise
  }
  private async _ensureDependencies() {
    if (!this.ollama) {
      await this._initializeOllamaClient()
    }
  }
  /**
   * Downloads a model from the Ollama service with progress tracking. Where possible,
   * one should dispatch a background job instead of calling this method directly to avoid long blocking.
   * @param model Model name to download
   * @returns Success status and message
   */
  async downloadModel(model: string, progressCallback?: (percent: number) => void): Promise<{ success: boolean; message: string; retryable?: boolean }> {
    try {
      await this._ensureDependencies()
      if (!this.ollama) {
        throw new Error('Ollama client is not initialized.')
      }
      // See if model is already installed
      const installedModels = await this.getModels()
      if (installedModels && installedModels.some((m) => m.name === model)) {
        logger.info(`[OllamaService] Model "${model}" is already installed.`)
        return { success: true, message: 'Model is already installed.' }
      }
      // Returns AbortableAsyncIterator<ProgressResponse>
      const downloadStream = await this.ollama.pull({
        model,
        stream: true,
      })
      for await (const chunk of downloadStream) {
        if (chunk.completed && chunk.total) {
          const percent = ((chunk.completed / chunk.total) * 100).toFixed(2)
          const percentNum = parseFloat(percent)
          this.broadcastDownloadProgress(model, percentNum)
          if (progressCallback) {
            progressCallback(percentNum)
          }
        }
      }
      logger.info(`[OllamaService] Model "${model}" downloaded successfully.`)
      return { success: true, message: 'Model downloaded successfully.' }
    } catch (error) {
      const errorMessage = error instanceof Error ? error.message : String(error)
      logger.error(
        `[OllamaService] Failed to download model "${model}": ${errorMessage}`
      )
      // Check for version mismatch (Ollama 412 response)
      const isVersionMismatch = errorMessage.includes('newer version of Ollama')
      const userMessage = isVersionMismatch
        ? 'This model requires a newer version of Ollama. Please update AI Assistant from the Apps page.'
        : `Failed to download model: ${errorMessage}`
      // Broadcast failure to connected clients so UI can show the error
      this.broadcastDownloadError(model, userMessage)
      return { success: false, message: userMessage, retryable: !isVersionMismatch }
    }
  }
  async dispatchModelDownload(modelName: string): Promise<{ success: boolean; message: string }> {
    try {
      logger.info(`[OllamaService] Dispatching model download for ${modelName} via job queue`)
      await DownloadModelJob.dispatch({
        modelName,
      })
      return {
        success: true,
        message:
          'Model download has been queued successfully. It will start shortly after Ollama and Open WebUI are ready (if not already).',
      }
    } catch (error) {
      logger.error(
        `[OllamaService] Failed to dispatch model download for ${modelName}: ${error instanceof Error ? error.message : error}`
      )
      return {
        success: false,
        message: 'Failed to queue model download. Please try again.',
      }
    }
  }
  public async getClient() {
    await this._ensureDependencies()
    return this.ollama!
  }
  public async chat(chatRequest: ChatRequest & { stream?: boolean }) {
    await this._ensureDependencies()
    if (!this.ollama) {
      throw new Error('Ollama client is not initialized.')
    }
    return await this.ollama.chat({
      ...chatRequest,
      stream: false,
    })
  }
  public async chatStream(chatRequest: ChatRequest) {
    await this._ensureDependencies()
    if (!this.ollama) {
      throw new Error('Ollama client is not initialized.')
    }
    return await this.ollama.chat({
      ...chatRequest,
      stream: true,
    })
  }
  public async checkModelHasThinking(modelName: string): Promise<boolean> {
    await this._ensureDependencies()
    if (!this.ollama) {
      throw new Error('Ollama client is not initialized.')
    }
    const modelInfo = await this.ollama.show({
      model: modelName,
    })
    return modelInfo.capabilities.includes('thinking')
  }
  public async deleteModel(modelName: string) {
    await this._ensureDependencies()
    if (!this.ollama) {
      throw new Error('Ollama client is not initialized.')
    }
    return await this.ollama.delete({
      model: modelName,
    })
  }
  public async getModels(includeEmbeddings = false) {
    await this._ensureDependencies()
    if (!this.ollama) {
      throw new Error('Ollama client is not initialized.')
    }
    const response = await this.ollama.list()
    if (includeEmbeddings) {
      return response.models
    }
    // Filter out embedding models
    return response.models.filter((model) => !model.name.includes('embed'))
  }
  async getAvailableModels(
    { sort, recommendedOnly, query, limit, force }: { sort?: 'pulls' | 'name'; recommendedOnly?: boolean, query: string | null, limit?: number, force?: boolean } = {
      sort: 'pulls',
      recommendedOnly: false,
      query: null,
      limit: 15,
    }
  ): Promise<{ models: NomadOllamaModel[], hasMore: boolean } | null> {
    try {
      const models = await this.retrieveAndRefreshModels(sort, force)
      if (!models) {
        // If we fail to get models from the API, return the fallback recommended models
        logger.warn(
          '[OllamaService] Returning fallback recommended models due to failure in fetching available models'
        )
        return {
          models: FALLBACK_RECOMMENDED_OLLAMA_MODELS,
          hasMore: false
        }
      }
      if (!recommendedOnly) {
        const filteredModels = query ? this.fuseSearchModels(models, query) : models
        return {
          models: filteredModels.slice(0, limit || 15),
          hasMore: filteredModels.length > (limit || 15)
        }
      }
      // If recommendedOnly is true, only return the first three models (if sorted by pulls, these will be the top 3)
      const sortedByPulls = sort === 'pulls' ? models : this.sortModels(models, 'pulls')
      const firstThree = sortedByPulls.slice(0, 3)
      // Only return the first tag of each of these models (should be the most lightweight variant)
      const recommendedModels = firstThree.map((model) => {
        return {
          ...model,
          tags: model.tags && model.tags.length > 0 ? [model.tags[0]] : [],
        }
      })
      if (query) {
        const filteredRecommendedModels = this.fuseSearchModels(recommendedModels, query)
        return {
          models: filteredRecommendedModels,
          hasMore: filteredRecommendedModels.length > (limit || 15)
        }
      }
      return {
        models: recommendedModels,
        hasMore: recommendedModels.length > (limit || 15)
      }
    } catch (error) {
      logger.error(
        `[OllamaService] Failed to get available models: ${error instanceof Error ? error.message : error}`
      )
      return null
    }
  }
  private async retrieveAndRefreshModels(
    sort?: 'pulls' | 'name',
    force?: boolean
  ): Promise<NomadOllamaModel[] | null> {
    try {
      if (!force) {
        const cachedModels = await this.readModelsFromCache()
        if (cachedModels) {
          logger.info('[OllamaService] Using cached available models data')
          return this.sortModels(cachedModels, sort)
        }
      } else {
        logger.info('[OllamaService] Force refresh requested, bypassing cache')
      }
      logger.info('[OllamaService] Fetching fresh available models from API')
      const baseUrl = env.get('NOMAD_API_URL') || NOMAD_API_DEFAULT_BASE_URL
      const fullUrl = new URL(NOMAD_MODELS_API_PATH, baseUrl).toString()
      const response = await axios.get(fullUrl)
      if (!response.data || !Array.isArray(response.data.models)) {
        logger.warn(
          `[OllamaService] Invalid response format when fetching available models: ${JSON.stringify(response.data)}`
        )
        return null
      }
      const rawModels = response.data.models as NomadOllamaModel[]
      // Filter out tags where cloud is truthy, then remove models with no remaining tags
      const noCloud = rawModels
        .map((model) => ({
          ...model,
          tags: model.tags.filter((tag) => !tag.cloud),
        }))
        .filter((model) => model.tags.length > 0)
      await this.writeModelsToCache(noCloud)
      return this.sortModels(noCloud, sort)
    } catch (error) {
      logger.error(
        `[OllamaService] Failed to retrieve models from Nomad API: ${error instanceof Error ? error.message : error
        }`
      )
      return null
    }
  }
  private async readModelsFromCache(): Promise<NomadOllamaModel[] | null> {
    try {
      const stats = await fs.stat(MODELS_CACHE_FILE)
      const cacheAge = Date.now() - stats.mtimeMs
      if (cacheAge > CACHE_MAX_AGE_MS) {
        logger.info('[OllamaService] Cache is stale, will fetch fresh data')
        return null
      }
      const cacheData = await fs.readFile(MODELS_CACHE_FILE, 'utf-8')
      const models = JSON.parse(cacheData) as NomadOllamaModel[]
      if (!Array.isArray(models)) {
        logger.warn('[OllamaService] Invalid cache format, will fetch fresh data')
        return null
      }
      return models
    } catch (error) {
      // Cache doesn't exist or is invalid
      if ((error as NodeJS.ErrnoException).code !== 'ENOENT') {
        logger.warn(
          `[OllamaService] Error reading cache: ${error instanceof Error ? error.message : error}`
        )
      }
      return null
    }
  }
  private async writeModelsToCache(models: NomadOllamaModel[]): Promise<void> {
    try {
      await fs.mkdir(path.dirname(MODELS_CACHE_FILE), { recursive: true })
      await fs.writeFile(MODELS_CACHE_FILE, JSON.stringify(models, null, 2), 'utf-8')
      logger.info('[OllamaService] Successfully cached available models')
    } catch (error) {
      logger.warn(
        `[OllamaService] Failed to write models cache: ${error instanceof Error ? error.message : error}`
      )
    }
  }
  private sortModels(models: NomadOllamaModel[], sort?: 'pulls' | 'name'): NomadOllamaModel[] {
    if (sort === 'pulls') {
      // Sort by estimated pulls (it should be a string like "1.2K", "500", "4M" etc.)
      models.sort((a, b) => {
        const parsePulls = (pulls: string) => {
          const multiplier = pulls.endsWith('K')
            ? 1_000
            : pulls.endsWith('M')
              ? 1_000_000
              : pulls.endsWith('B')
                ? 1_000_000_000
                : 1
          return parseFloat(pulls) * multiplier
        }
        return parsePulls(b.estimated_pulls) - parsePulls(a.estimated_pulls)
      })
    } else if (sort === 'name') {
      models.sort((a, b) => a.name.localeCompare(b.name))
    }
    // Always sort model.tags by the size field in descending order
    // Size is a string like '75GB', '8.5GB', '2GB' etc. Smaller models first
    models.forEach((model) => {
      if (model.tags && Array.isArray(model.tags)) {
        model.tags.sort((a, b) => {
          const parseSize = (size: string) => {
            const multiplier = size.endsWith('KB')
              ? 1 / 1_000
              : size.endsWith('MB')
                ? 1 / 1_000_000
                : size.endsWith('GB')
                  ? 1
                  : size.endsWith('TB')
                    ? 1_000
                    : 0 // Unknown size format
            return parseFloat(size) * multiplier
          }
          return parseSize(a.size) - parseSize(b.size)
        })
      }
    })
    return models
  }
  private broadcastDownloadError(model: string, error: string) {
    transmit.broadcast(BROADCAST_CHANNELS.OLLAMA_MODEL_DOWNLOAD, {
      model,
      percent: -1,
      error,
      timestamp: new Date().toISOString(),
    })
  }
  private broadcastDownloadProgress(model: string, percent: number) {
    transmit.broadcast(BROADCAST_CHANNELS.OLLAMA_MODEL_DOWNLOAD, {
      model,
      percent,
      timestamp: new Date().toISOString(),
    })
    logger.info(`[OllamaService] Download progress for model "${model}": ${percent}%`)
  }
  private fuseSearchModels(models: NomadOllamaModel[], query: string): NomadOllamaModel[] {
    const options: IFuseOptions<NomadOllamaModel> = {
      ignoreDiacritics: true,
      keys: ['name', 'description', 'tags.name'],
      threshold: 0.3, // lower threshold for stricter matching
    }
    const fuse = new Fuse(models, options)
    return fuse.search(query).map(result => result.item)
  }
 }
--- a/admin/app/services/openwebui_service.ts
+++ b/admin/app/services/openwebui_service.ts
@ -1,646 +0,0 @@
 import { inject } from '@adonisjs/core'
 import logger from '@adonisjs/core/services/logger'
 import { DockerService } from './docker_service.js'
 import axios from 'axios'
 import { NomadOllamaModel, OllamaModelListing } from '../../types/ollama.js'
 import fs from 'node:fs/promises'
 import path from 'node:path'
 import { PassThrough } from 'node:stream'
 import { DownloadModelJob } from '#jobs/download_model_job'
 const NOMAD_MODELS_API_BASE_URL = 'https://api.projectnomad.us/api/v1/ollama/models'
 const MODELS_CACHE_FILE = path.join(process.cwd(), 'storage', 'ollama-models-cache.json')
 const CACHE_MAX_AGE_MS = 24 * 60 * 60 * 1000 // 24 hours
@inject()
 export class OpenWebUIService {
  constructor(private dockerService: DockerService) {}
  /** We need to call this in the DownloadModelJob, so it can't be private,
   * but shouldn't be called directly (dispatch job instead)
   */
  async _downloadModel(
    model: string,
    onProgress?: (progress: {
      status: string
      completed?: number
      total?: number
      percent?: number
    }) => void
  ): Promise<{ success: boolean; message: string }> {
    return new Promise((resolve) => {
      try {
        const container = this.dockerService.docker.getContainer(DockerService.OLLAMA_SERVICE_NAME)
        if (!container) {
          logger.warn('[OpenWebUIService] Ollama container is not running. Cannot download model.')
          resolve({
            success: false,
            message: 'Ollama is not running. Please start Ollama and try again.',
          })
          return
        }
        container.exec(
          {
            Cmd: ['ollama', 'pull', model],
            AttachStdout: true,
            AttachStderr: true,
          },
          (err, exec) => {
            if (err) {
              logger.error(
                `[OpenWebUIService] Failed to execute model download command: ${
                  err instanceof Error ? err.message : err
                }`
              )
              resolve({ success: false, message: 'Failed to execute download command.' })
              return
            }
            if (!exec) {
              logger.error('[OpenWebUIService] No exec instance returned from exec command')
              resolve({ success: false, message: 'Failed to create exec instance.' })
              return
            }
            exec.start(
              {
                hijack: true,
                stdin: false,
              },
              (startErr, stream) => {
                if (startErr) {
                  logger.error(
                    `[OpenWebUIService] Failed to start exec stream: ${
                      startErr instanceof Error ? startErr.message : startErr
                    }`
                  )
                  resolve({ success: false, message: 'Failed to start download stream.' })
                  return
                }
                if (!stream) {
                  logger.error('[OpenWebUIService] No stream returned when starting exec')
                  resolve({ success: false, message: 'No stream available.' })
                  return
                }
                // Create PassThrough streams to capture output
                const stdout = new PassThrough()
                const stderr = new PassThrough()
                // Demultiplex the Docker stream
                this.dockerService.docker.modem.demuxStream(stream, stdout, stderr)
                // Capture and parse stdout (if any)
                stdout.on('data', (chunk) => {
                  const output = chunk.toString()
                  logger.info(`[OpenWebUIService] Model download (stdout): ${output}`)
                })
                // Capture stderr - ollama sends progress/status here (not necessarily errors)
                stderr.on('data', (chunk) => {
                  const output = chunk.toString()
                  // Check if this is an actual error message
                  if (
                    output.toLowerCase().includes('error') ||
                    output.toLowerCase().includes('failed')
                  ) {
                    logger.error(`[OpenWebUIService] Model download error: ${output}`)
                  } else {
                    // This is normal progress/status output from ollama
                    logger.info(`[OpenWebUIService] Model download progress: ${output}`)
                    // Parse JSON progress if available
                    try {
                      const lines = output
                        .split('\n')
                        .filter(
                          (line: any) => typeof line.trim() === 'string' && line.trim().length > 0
                        )
                      for (const line of lines) {
                        const parsed = JSON.parse(line)
                        if (parsed.status) {
                          const progressData: {
                            status: string
                            completed?: number
                            total?: number
                            percent?: number
                          } = {
                            status: parsed.status,
                          }
                          // Extract byte progress if available
                          if (parsed.completed !== undefined && parsed.total !== undefined) {
                            progressData.completed = parsed.completed
                            progressData.total = parsed.total
                            progressData.percent = Math.round(
                              (parsed.completed / parsed.total) * 100
                            )
                          }
                          // Call progress callback
                          if (onProgress) {
                            onProgress(progressData)
                          }
                          // Log structured progress
                          if (progressData.percent !== undefined) {
                            logger.info(
                              `[OpenWebUIService] ${progressData.status}: ${progressData.percent}% (${progressData.completed}/${progressData.total} bytes)`
                            )
                          } else {
                            logger.info(`[OpenWebUIService] ${progressData.status}`)
                          }
                        }
                      }
                    } catch {
                      // Not JSON, already logged above
                    }
                  }
                })
                // Handle stream end
                stream.on('end', () => {
                  logger.info(
                    `[OpenWebUIService] Model download process ended for model "${model}"`
                  )
                  resolve({
                    success: true,
                    message: 'Model download completed successfully.',
                  })
                })
                // Handle stream errors
                stream.on('error', (streamErr) => {
                  logger.error(
                    `[OpenWebUIService] Error during model download stream: ${
                      streamErr instanceof Error ? streamErr.message : streamErr
                    }`
                  )
                  resolve({
                    success: false,
                    message: 'Error occurred during model download.',
                  })
                })
              }
            )
          }
        )
      } catch (error) {
        logger.error(
          `[OpenWebUIService] Failed to download model "${model}": ${
            error instanceof Error ? error.message : error
          }`
        )
        resolve({ success: false, message: 'Failed to download model.' })
      }
    })
  }
  async deleteModel(model: string): Promise<{ success: boolean; message: string }> {
    return new Promise((resolve) => {
      try {
        const container = this.dockerService.docker.getContainer(DockerService.OLLAMA_SERVICE_NAME)
        if (!container) {
          logger.warn('[OpenWebUIService] Ollama container is not running. Cannot remove model.')
          resolve({
            success: false,
            message: 'Ollama is not running. Please start Ollama and try again.',
          })
          return
        }
        container.exec(
          {
            Cmd: ['ollama', 'rm', model],
            AttachStdout: true,
            AttachStderr: true,
          },
          (err, exec) => {
            if (err) {
              logger.error(
                `[OpenWebUIService] Failed to execute model remove command: ${
                  err instanceof Error ? err.message : err
                }`
              )
              resolve({ success: false, message: 'Failed to execute remove command.' })
              return
            }
            if (!exec) {
              logger.error('[OpenWebUIService] No exec instance returned from remove command')
              resolve({ success: false, message: 'Failed to create exec instance.' })
              return
            }
            exec.start(
              {
                hijack: true,
                stdin: false,
              },
              (startErr, stream) => {
                if (startErr) {
                  logger.error(
                    `[OpenWebUIService] Failed to start exec stream for remove: ${
                      startErr instanceof Error ? startErr.message : startErr
                    }`
                  )
                  resolve({ success: false, message: 'Failed to start remove command.' })
                  return
                }
                if (!stream) {
                  logger.error('[OpenWebUIService] No stream returned for remove command')
                  resolve({ success: false, message: 'No stream available.' })
                  return
                }
                const stdout = new PassThrough()
                const stderr = new PassThrough()
                let output = ''
                let errorOutput = ''
                this.dockerService.docker.modem.demuxStream(stream, stdout, stderr)
                stdout.on('data', (chunk) => {
                  output += chunk.toString()
                })
                stderr.on('data', (chunk) => {
                  errorOutput += chunk.toString()
                })
                stream.on('end', () => {
                  if (errorOutput) {
                    logger.error(`[OpenWebUIService] Error removing model: ${errorOutput}`)
                    resolve({
                      success: false,
                      message: errorOutput.trim() || 'Failed to remove model.',
                    })
                    return
                  }
                  logger.info(`[OpenWebUIService] Successfully removed model "${model}"`)
                  if (output) {
                    logger.info(`[OpenWebUIService] Remove output: ${output}`)
                  }
                  resolve({
                    success: true,
                    message: 'Model removed successfully.',
                  })
                })
                stream.on('error', (streamErr) => {
                  logger.error(
                    `[OpenWebUIService] Stream error during model remove: ${
                      streamErr instanceof Error ? streamErr.message : streamErr
                    }`
                  )
                  resolve({
                    success: false,
                    message: 'Error occurred while removing model.',
                  })
                })
              }
            )
          }
        )
      } catch (error) {
        logger.error(
          `[OpenWebUIService] Failed to remove model "${model}": ${
            error instanceof Error ? error.message : error
          }`
        )
        resolve({ success: false, message: 'Failed to remove model.' })
      }
    })
  }
  async dispatchModelDownload(modelName: string): Promise<{ success: boolean; message: string }> {
    try {
      logger.info(`[OpenWebUIService] Dispatching model download for ${modelName} via job queue`)
      await DownloadModelJob.dispatch({
        modelName,
      })
      return {
        success: true,
        message:
          'Model download has been queued successfully. It will start shortly after Ollama and Open WebUI are ready (if not already).',
      }
    } catch (error) {
      logger.error(
        `[OpenWebUIService] Failed to dispatch model download for ${modelName}: ${error instanceof Error ? error.message : error}`
      )
      return {
        success: false,
        message: 'Failed to queue model download. Please try again.',
      }
    }
  }
  async getAvailableModels(
    { sort, recommendedOnly }: { sort?: 'pulls' | 'name'; recommendedOnly?: boolean } = {
      sort: 'pulls',
      recommendedOnly: false,
    }
  ): Promise<NomadOllamaModel[] | null> {
    try {
      const models = await this.retrieveAndRefreshModels(sort)
      if (!models) {
        return null
      }
      if (!recommendedOnly) {
        return models
      }
      // If recommendedOnly is true, only return the first three models (if sorted by pulls, these will be the top 3)
      const sortedByPulls = sort === 'pulls' ? models : this.sortModels(models, 'pulls')
      const firstThree = sortedByPulls.slice(0, 3)
      // Only return the first tag of each of these models (should be the most lightweight variant)
      const recommendedModels = firstThree.map((model) => {
        return {
          ...model,
          tags: model.tags && model.tags.length > 0 ? [model.tags[0]] : [],
        }
      })
      return recommendedModels
    } catch (error) {
      logger.error(
        `[OpenWebUIService] Failed to get available models: ${error instanceof Error ? error.message : error}`
      )
      return null
    }
  }
  async getInstalledModels(): Promise<OllamaModelListing[] | null> {
    return new Promise((resolve) => {
      try {
        const container = this.dockerService.docker.getContainer(DockerService.OLLAMA_SERVICE_NAME)
        if (!container) {
          logger.warn('[OpenWebUIService] Ollama container is not running. Cannot list models.')
          resolve(null)
          return
        }
        container.exec(
          {
            Cmd: ['ollama', 'list'],
            AttachStdout: true,
            AttachStderr: true,
          },
          (err, exec) => {
            if (err) {
              logger.error(
                `[OpenWebUIService] Failed to execute ollama list command: ${
                  err instanceof Error ? err.message : err
                }`
              )
              resolve(null)
              return
            }
            if (!exec) {
              logger.error('[OpenWebUIService] No exec instance returned from ollama list')
              resolve(null)
              return
            }
            exec.start(
              {
                hijack: true,
                stdin: false,
              },
              (startErr, stream) => {
                if (startErr) {
                  logger.error(
                    `[OpenWebUIService] Failed to start exec stream for ollama list: ${
                      startErr instanceof Error ? startErr.message : startErr
                    }`
                  )
                  resolve(null)
                  return
                }
                if (!stream) {
                  logger.error('[OpenWebUIService] No stream returned for ollama list')
                  resolve(null)
                  return
                }
                const stdout = new PassThrough()
                const stderr = new PassThrough()
                let output = ''
                let errorOutput = ''
                this.dockerService.docker.modem.demuxStream(stream, stdout, stderr)
                stdout.on('data', (chunk) => {
                  output += chunk.toString()
                })
                stderr.on('data', (chunk) => {
                  errorOutput += chunk.toString()
                })
                stream.on('end', () => {
                  if (errorOutput) {
                    logger.error(
                      `[OpenWebUIService] Error from ollama list command: ${errorOutput}`
                    )
                  }
                  if (!output) {
                    logger.info('[OpenWebUIService] No models installed')
                    resolve([])
                    return
                  }
                  try {
                    // Parse the tabular output from ollama list
                    // Expected format:
                    // NAME                    ID              SIZE      MODIFIED
                    // llama2:latest          abc123def456    3.8 GB    2 days ago
                    const lines = output.split('\n').filter((line) => line.trim())
                    // Skip header line and parse model entries
                    const models: OllamaModelListing[] = []
                    for (let i = 1; i < lines.length; i++) {
                      const line = lines[i].trim()
                      if (!line) continue
                      // Split by whitespace (2+ spaces to handle columns with spaces)
                      const parts = line.split(/\s{2,}/)
                      if (parts.length >= 4) {
                        models.push({
                          name: parts[0].trim(),
                          id: parts[1].trim(),
                          size: parts[2].trim(),
                          modified: parts[3].trim(),
                        })
                      }
                    }
                    logger.info(`[OpenWebUIService] Found ${models.length} installed models`)
                    resolve(models)
                  } catch (parseError) {
                    logger.error(
                      `[OpenWebUIService] Failed to parse ollama list output: ${
                        parseError instanceof Error ? parseError.message : parseError
                      }`
                    )
                    logger.debug(`[OpenWebUIService] Raw output: ${output}`)
                    resolve(null)
                  }
                })
                stream.on('error', (streamErr) => {
                  logger.error(
                    `[OpenWebUIService] Stream error during ollama list: ${
                      streamErr instanceof Error ? streamErr.message : streamErr
                    }`
                  )
                  resolve(null)
                })
              }
            )
          }
        )
      } catch (error) {
        logger.error(
          `[OpenWebUIService] Failed to get installed models: ${
            error instanceof Error ? error.message : error
          }`
        )
        resolve(null)
      }
    })
  }
  private async retrieveAndRefreshModels(
    sort?: 'pulls' | 'name'
  ): Promise<NomadOllamaModel[] | null> {
    try {
      const cachedModels = await this.readModelsFromCache()
      if (cachedModels) {
        logger.info('[OpenWebUIService] Using cached available models data')
        return this.sortModels(cachedModels, sort)
      }
      logger.info('[OpenWebUIService] Fetching fresh available models from API')
      const response = await axios.get(NOMAD_MODELS_API_BASE_URL)
      if (!response.data || !Array.isArray(response.data.models)) {
        logger.warn(
          `[OpenWebUIService] Invalid response format when fetching available models: ${JSON.stringify(response.data)}`
        )
        return null
      }
      const models = response.data.models as NomadOllamaModel[]
      await this.writeModelsToCache(models)
      return this.sortModels(models, sort)
    } catch (error) {
      logger.error(
        `[OpenWebUIService] Failed to retrieve models from Nomad API: ${
          error instanceof Error ? error.message : error
        }`
      )
      return null
    }
  }
  private async readModelsFromCache(): Promise<NomadOllamaModel[] | null> {
    try {
      const stats = await fs.stat(MODELS_CACHE_FILE)
      const cacheAge = Date.now() - stats.mtimeMs
      if (cacheAge > CACHE_MAX_AGE_MS) {
        logger.info('[OpenWebUIService] Cache is stale, will fetch fresh data')
        return null
      }
      const cacheData = await fs.readFile(MODELS_CACHE_FILE, 'utf-8')
      const models = JSON.parse(cacheData) as NomadOllamaModel[]
      if (!Array.isArray(models)) {
        logger.warn('[OpenWebUIService] Invalid cache format, will fetch fresh data')
        return null
      }
      return models
    } catch (error) {
      // Cache doesn't exist or is invalid
      if ((error as NodeJS.ErrnoException).code !== 'ENOENT') {
        logger.warn(
          `[OpenWebUIService] Error reading cache: ${error instanceof Error ? error.message : error}`
        )
      }
      return null
    }
  }
  private async writeModelsToCache(models: NomadOllamaModel[]): Promise<void> {
    try {
      await fs.mkdir(path.dirname(MODELS_CACHE_FILE), { recursive: true })
      await fs.writeFile(MODELS_CACHE_FILE, JSON.stringify(models, null, 2), 'utf-8')
      logger.info('[OpenWebUIService] Successfully cached available models')
    } catch (error) {
      logger.warn(
        `[OpenWebUIService] Failed to write models cache: ${error instanceof Error ? error.message : error}`
      )
    }
  }
  private sortModels(models: NomadOllamaModel[], sort?: 'pulls' | 'name'): NomadOllamaModel[] {
    if (sort === 'pulls') {
      // Sort by estimated pulls (it should be a string like "1.2K", "500", "4M" etc.)
      models.sort((a, b) => {
        const parsePulls = (pulls: string) => {
          const multiplier = pulls.endsWith('K')
            ? 1_000
            : pulls.endsWith('M')
              ? 1_000_000
              : pulls.endsWith('B')
                ? 1_000_000_000
                : 1
          return parseFloat(pulls) * multiplier
        }
        return parsePulls(b.estimated_pulls) - parsePulls(a.estimated_pulls)
      })
    } else if (sort === 'name') {
      models.sort((a, b) => a.name.localeCompare(b.name))
    }
    // Always sort model.tags by the size field in descending order
    // Size is a string like '75GB', '8.5GB', '2GB' etc. Smaller models first
    models.forEach((model) => {
      if (model.tags && Array.isArray(model.tags)) {
        model.tags.sort((a, b) => {
          const parseSize = (size: string) => {
            const multiplier = size.endsWith('KB')
              ? 1 / 1_000
              : size.endsWith('MB')
                ? 1 / 1_000_000
                : size.endsWith('GB')
                  ? 1
                  : size.endsWith('TB')
                    ? 1_000
                    : 0 // Unknown size format
            return parseFloat(size) * multiplier
          }
          return parseSize(a.size) - parseSize(b.size)
        })
      }
    })
    return models
  }
 }
--- a/admin/app/services/rag_service.ts
+++ b/admin/app/services/rag_service.ts
--- a/admin/app/services/system_service.ts
+++ b/admin/app/services/system_service.ts
@ -4,19 +4,29 @@ import { DockerService } from '#services/docker_service'
 import { ServiceSlim } from '../../types/services.js'
 import logger from '@adonisjs/core/services/logger'
 import si from 'systeminformation'
-import { NomadDiskInfo, NomadDiskInfoRaw, SystemInformationResponse } from '../../types/system.js'
+import { GpuHealthStatus, NomadDiskInfo, NomadDiskInfoRaw, SystemInformationResponse } from '../../types/system.js'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
 import { readFileSync } from 'fs'
 import path, { join } from 'path'
 import { getAllFilesystems, getFile } from '../utils/fs.js'
 import axios from 'axios'
 import env from '#start/env'
 import KVStore from '#models/kv_store'
 import { KV_STORE_SCHEMA, KVStoreKey } from '../../types/kv_store.js'
 import { isNewerVersion } from '../utils/version.js'
@inject()
 export class SystemService {
  private static appVersion: string | null = null
  private static diskInfoFile = '/storage/nomad-disk-info.json'
-  constructor(private dockerService: DockerService) {}
+  constructor(private dockerService: DockerService) { }
  async checkServiceInstalled(serviceName: string): Promise<boolean> {
    const services = await this.getServices({ installedOnly: true });
    return services.some(service => service.service_name === serviceName);
  }
  async getInternetStatus(): Promise<boolean> {
    const DEFAULT_TEST_URL = 'https://1.1.1.1/cdn-cgi/trace'
@ -57,6 +67,66 @@ export class SystemService {
    return false
  }
  async getNvidiaSmiInfo(): Promise<Array<{ vendor: string; model: string; vram: number; }> | { error: string } | 'OLLAMA_NOT_FOUND' | 'BAD_RESPONSE' | 'UNKNOWN_ERROR'> {
    try {
      const containers = await this.dockerService.docker.listContainers({ all: false })
      const ollamaContainer = containers.find((c) =>
        c.Names.includes(`/${SERVICE_NAMES.OLLAMA}`)
      )
      if (!ollamaContainer) {
        logger.info('Ollama container not found for nvidia-smi info retrieval. This is expected if Ollama is not installed.')
        return 'OLLAMA_NOT_FOUND'
      }
      // Execute nvidia-smi inside the Ollama container to get GPU info
      const container = this.dockerService.docker.getContainer(ollamaContainer.Id)
      const exec = await container.exec({
        Cmd: ['nvidia-smi', '--query-gpu=name,memory.total', '--format=csv,noheader,nounits'],
        AttachStdout: true,
        AttachStderr: true,
        Tty: true,
      })
      // Read the output stream with a timeout to prevent hanging if nvidia-smi fails
      const stream = await exec.start({ Tty: true })
      const output = await new Promise<string>((resolve) => {
        let data = ''
        const timeout = setTimeout(() => resolve(data), 5000)
        stream.on('data', (chunk: Buffer) => { data += chunk.toString() })
        stream.on('end', () => { clearTimeout(timeout); resolve(data) })
      })
      // Remove any non-printable characters and trim the output
      const cleaned = output.replace(/[\x00-\x08]/g, '').trim()
      if (cleaned && !cleaned.toLowerCase().includes('error') && !cleaned.toLowerCase().includes('not found')) {
        // Split by newlines to handle multiple GPUs installed
        const lines = cleaned.split('\n').filter(line => line.trim())
        // Map each line out to a useful structure for us
        const gpus = lines.map(line => {
          const parts = line.split(',').map((s) => s.trim())
          return {
            vendor: 'NVIDIA',
            model: parts[0] || 'NVIDIA GPU',
            vram: parts[1] ? parseInt(parts[1], 10) : 0,
          }
        })
        return gpus.length > 0 ? gpus : 'BAD_RESPONSE'
      }
      // If we got output but looks like an error, consider it a bad response from nvidia-smi
      return 'BAD_RESPONSE'
    }
    catch (error) {
      logger.error('Error getting nvidia-smi info:', error)
      if (error instanceof Error && error.message) {
        return { error: error.message }
      }
      return 'UNKNOWN_ERROR'
    }
  }
  async getServices({ installedOnly = true }: { installedOnly?: boolean }): Promise<ServiceSlim[]> {
    await this._syncContainersWithDatabase() // Sync up before fetching to ensure we have the latest status
@ -73,7 +143,9 @@ export class SystemService {
        'description',
        'icon',
        'powered_by',
-        'display_order'
+        'display_order',
        'container_image',
        'available_update_version'
      )
      .where('is_dependency_service', false)
    if (installedOnly) {
@ -103,6 +175,8 @@ export class SystemService {
        ui_location: service.ui_location || '',
        powered_by: service.powered_by,
        display_order: service.display_order,
        container_image: service.container_image,
        available_update_version: service.available_update_version,
      })
    }
@ -136,13 +210,14 @@ export class SystemService {
  async getSystemInfo(): Promise<SystemInformationResponse | undefined> {
    try {
-      const [cpu, mem, os, currentLoad, fsSize, uptime] = await Promise.all([
+      const [cpu, mem, os, currentLoad, fsSize, uptime, graphics] = await Promise.all([
        si.cpu(),
        si.mem(),
        si.osInfo(),
        si.currentLoad(),
        si.fsSize(),
        si.time(),
        si.graphics(),
      ])
      let diskInfo: NomadDiskInfoRaw | undefined
@ -165,6 +240,61 @@ export class SystemService {
        logger.error('Error reading disk info file:', error)
      }
      // GPU health tracking — detect when host has NVIDIA GPU but Ollama can't access it
      let gpuHealth: GpuHealthStatus = {
        status: 'no_gpu',
        hasNvidiaRuntime: false,
        ollamaGpuAccessible: false,
      }
      // Query Docker API for host-level info (hostname, OS, GPU runtime)
      // si.osInfo() returns the container's info inside Docker, not the host's
      try {
        const dockerInfo = await this.dockerService.docker.info()
        if (dockerInfo.Name) {
          os.hostname = dockerInfo.Name
        }
        if (dockerInfo.OperatingSystem) {
          os.distro = dockerInfo.OperatingSystem
        }
        if (dockerInfo.KernelVersion) {
          os.kernel = dockerInfo.KernelVersion
        }
        // If si.graphics() returned no controllers (common inside Docker),
        // fall back to nvidia runtime + nvidia-smi detection
        if (!graphics.controllers || graphics.controllers.length === 0) {
          const runtimes = dockerInfo.Runtimes || {}
          if ('nvidia' in runtimes) {
            gpuHealth.hasNvidiaRuntime = true
            const nvidiaInfo = await this.getNvidiaSmiInfo()
            if (Array.isArray(nvidiaInfo)) {
              graphics.controllers = nvidiaInfo.map((gpu) => ({
                model: gpu.model,
                vendor: gpu.vendor,
                bus: "",
                vram: gpu.vram,
                vramDynamic: false, // assume false here, we don't actually use this field for our purposes.
              }))
              gpuHealth.status = 'ok'
              gpuHealth.ollamaGpuAccessible = true
            } else if (nvidiaInfo === 'OLLAMA_NOT_FOUND') {
              gpuHealth.status = 'ollama_not_installed'
            } else {
              gpuHealth.status = 'passthrough_failed'
              logger.warn(`NVIDIA runtime detected but GPU passthrough failed: ${typeof nvidiaInfo === 'string' ? nvidiaInfo : JSON.stringify(nvidiaInfo)}`)
            }
          }
        } else {
          // si.graphics() returned controllers (host install, not Docker) — GPU is working
          gpuHealth.status = 'ok'
          gpuHealth.ollamaGpuAccessible = true
        }
      } catch {
        // Docker info query failed, skip host-level enrichment
      }
      return {
        cpu,
        mem,
@ -173,6 +303,8 @@ export class SystemService {
        currentLoad,
        fsSize,
        uptime,
        graphics,
        gpuHealth,
      }
    } catch (error) {
      logger.error('Error getting system info:', error)
@ -180,7 +312,7 @@ export class SystemService {
    }
  }
-  async checkLatestVersion(): Promise<{
+  async checkLatestVersion(force?: boolean): Promise<{
    success: boolean
    updateAvailable: boolean
    currentVersion: string
@ -188,25 +320,49 @@ export class SystemService {
    message?: string
  }> {
    try {
-      const response = await axios.get(
+      const currentVersion = SystemService.getAppVersion()
-        'https://api.github.com/repos/Crosstalk-Solutions/project-nomad/releases/latest',
+      const cachedUpdateAvailable = await KVStore.getValue('system.updateAvailable')
-        {
+      const cachedLatestVersion = await KVStore.getValue('system.latestVersion')
          headers: { Accept: 'application/vnd.github+json' },
          timeout: 5000,
        }
      )
-      if (!response || !response.data?.tag_name) {
+      // Use cached values if not forcing a fresh check.
-        throw new Error('Invalid response from GitHub API')
+      // the CheckUpdateJob will update these values every 12 hours
      if (!force) {
        return {
          success: true,
          updateAvailable: cachedUpdateAvailable ?? false,
          currentVersion,
          latestVersion: cachedLatestVersion || '',
        }
      }
-      const latestVersion = response.data.tag_name.replace(/^v/, '') // Remove leading 'v' if present
+      const earlyAccess = (await KVStore.getValue('system.earlyAccess')) ?? false
-      const currentVersion = SystemService.getAppVersion()
+
      let latestVersion: string
      if (earlyAccess) {
        const response = await axios.get(
          'https://api.github.com/repos/Crosstalk-Solutions/project-nomad/releases',
          { headers: { Accept: 'application/vnd.github+json' }, timeout: 5000 }
        )
        if (!response?.data?.length) throw new Error('No releases found')
        latestVersion = response.data[0].tag_name.replace(/^v/, '').trim()
      } else {
        const response = await axios.get(
          'https://api.github.com/repos/Crosstalk-Solutions/project-nomad/releases/latest',
          { headers: { Accept: 'application/vnd.github+json' }, timeout: 5000 }
        )
        if (!response?.data?.tag_name) throw new Error('Invalid response from GitHub API')
        latestVersion = response.data.tag_name.replace(/^v/, '').trim()
      }
      logger.info(`Current version: ${currentVersion}, Latest version: ${latestVersion}`)
-      // NOTE: this will always return true in dev environment! See getAppVersion()
+      const updateAvailable = process.env.NODE_ENV === 'development'
-      const updateAvailable = latestVersion !== currentVersion
+        ? false
        : isNewerVersion(latestVersion, currentVersion.trim(), earlyAccess)
      // Cache the results in KVStore for frontend checks
      await KVStore.setValue('system.updateAvailable', updateAvailable)
      await KVStore.setValue('system.latestVersion', latestVersion)
      return {
        success: true,
@ -240,7 +396,7 @@ export class SystemService {
          message: 'Successfully subscribed to release notes',
        }
      }
-      
+
      return {
        success: false,
        message: `Failed to subscribe: ${response.statusText}`,
@ -254,6 +410,125 @@ export class SystemService {
    }
  }
  async getDebugInfo(): Promise<string> {
    const appVersion = SystemService.getAppVersion()
    const environment = process.env.NODE_ENV || 'unknown'
    const [systemInfo, services, internetStatus, versionCheck] = await Promise.all([
      this.getSystemInfo(),
      this.getServices({ installedOnly: false }),
      this.getInternetStatus().catch(() => null),
      this.checkLatestVersion().catch(() => null),
    ])
    const lines: string[] = [
      'Project NOMAD Debug Info',
      '========================',
      `App Version: ${appVersion}`,
      `Environment: ${environment}`,
    ]
    if (systemInfo) {
      const { cpu, mem, os, disk, fsSize, uptime, graphics } = systemInfo
      lines.push('')
      lines.push('System:')
      if (os.distro) lines.push(`  OS: ${os.distro}`)
      if (os.hostname) lines.push(`  Hostname: ${os.hostname}`)
      if (os.kernel) lines.push(`  Kernel: ${os.kernel}`)
      if (os.arch) lines.push(`  Architecture: ${os.arch}`)
      if (uptime?.uptime) lines.push(`  Uptime: ${this._formatUptime(uptime.uptime)}`)
      lines.push('')
      lines.push('Hardware:')
      if (cpu.brand) {
        lines.push(`  CPU: ${cpu.brand} (${cpu.cores} cores)`)
      }
      if (mem.total) {
        const total = this._formatBytes(mem.total)
        const used = this._formatBytes(mem.total - (mem.available || 0))
        const available = this._formatBytes(mem.available || 0)
        lines.push(`  RAM: ${total} total, ${used} used, ${available} available`)
      }
      if (graphics.controllers && graphics.controllers.length > 0) {
        for (const gpu of graphics.controllers) {
          const vram = gpu.vram ? ` (${gpu.vram} MB VRAM)` : ''
          lines.push(`  GPU: ${gpu.model}${vram}`)
        }
      } else {
        lines.push('  GPU: None detected')
      }
      // Disk info — try disk array first, fall back to fsSize
      const diskEntries = disk.filter((d) => d.totalSize > 0)
      if (diskEntries.length > 0) {
        for (const d of diskEntries) {
          const size = this._formatBytes(d.totalSize)
          const type = d.tran?.toUpperCase() || (d.rota ? 'HDD' : 'SSD')
          lines.push(`  Disk: ${size}, ${Math.round(d.percentUsed)}% used, ${type}`)
        }
      } else if (fsSize.length > 0) {
        const realFs = fsSize.filter((f) => f.fs.startsWith('/dev/'))
        const seen = new Set<number>()
        for (const f of realFs) {
          if (seen.has(f.size)) continue
          seen.add(f.size)
          lines.push(`  Disk: ${this._formatBytes(f.size)}, ${Math.round(f.use)}% used`)
        }
      }
    }
    const installed = services.filter((s) => s.installed)
    lines.push('')
    if (installed.length > 0) {
      lines.push('Installed Services:')
      for (const svc of installed) {
        lines.push(`  ${svc.friendly_name} (${svc.service_name}): ${svc.status}`)
      }
    } else {
      lines.push('Installed Services: None')
    }
    if (internetStatus !== null) {
      lines.push('')
      lines.push(`Internet Status: ${internetStatus ? 'Online' : 'Offline'}`)
    }
    if (versionCheck?.success) {
      const updateMsg = versionCheck.updateAvailable
        ? `Yes (${versionCheck.latestVersion} available)`
        : `No (${versionCheck.currentVersion} is latest)`
      lines.push(`Update Available: ${updateMsg}`)
    }
    return lines.join('\n')
  }
  private _formatUptime(seconds: number): string {
    const days = Math.floor(seconds / 86400)
    const hours = Math.floor((seconds % 86400) / 3600)
    const minutes = Math.floor((seconds % 3600) / 60)
    if (days > 0) return `${days}d ${hours}h ${minutes}m`
    if (hours > 0) return `${hours}h ${minutes}m`
    return `${minutes}m`
  }
  private _formatBytes(bytes: number, decimals = 1): string {
    if (bytes === 0) return '0 Bytes'
    const k = 1024
    const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB']
    const i = Math.floor(Math.log(bytes) / Math.log(k))
    return parseFloat((bytes / Math.pow(k, i)).toFixed(decimals)) + ' ' + sizes[i]
  }
  async updateSetting(key: KVStoreKey, value: any): Promise<void> {
    if ((value === '' || value === undefined || value === null) && KV_STORE_SCHEMA[key] === 'string') {
      await KVStore.clearValue(key)
    } else {
      await KVStore.setValue(key, value)
    }
  }
  /**
   * Checks the current state of Docker containers against the database records and updates the database accordingly.
   * It will mark services as not installed if their corresponding containers do not exist, regardless of their running state.
@ -304,10 +579,21 @@ export class SystemService {
      return []
    }
    // Deduplicate: same device path mounted in multiple places (Docker bind-mounts)
    // Keep the entry with the largest size — that's the real partition
    const deduped = new Map<string, NomadDiskInfoRaw['fsSize'][0]>()
    for (const entry of fsSize) {
      const existing = deduped.get(entry.fs)
      if (!existing || entry.size > existing.size) {
        deduped.set(entry.fs, entry)
      }
    }
    const dedupedFsSize = Array.from(deduped.values())
    return diskLayout.blockdevices
      .filter((disk) => disk.type === 'disk') // Only physical disks
      .map((disk) => {
-        const filesystems = getAllFilesystems(disk, fsSize)
+        const filesystems = getAllFilesystems(disk, dedupedFsSize)
        // Across all partitions
        const totalUsed = filesystems.reduce((sum, p) => sum + (p.used || 0), 0)
@ -334,4 +620,5 @@ export class SystemService {
        }
      })
  }
 }
--- a/admin/app/services/system_update_service.ts
+++ b/admin/app/services/system_update_service.ts
@ -2,6 +2,7 @@ import logger from '@adonisjs/core/services/logger'
 import { readFileSync, existsSync } from 'fs'
 import { writeFile } from 'fs/promises'
 import { join } from 'path'
 import KVStore from '#models/kv_store'
 interface UpdateStatus {
  stage: 'idle' | 'starting' | 'pulling' | 'pulled' | 'recreating' | 'complete' | 'error'
@ -21,7 +22,7 @@ export class SystemUpdateService {
   */
  async requestUpdate(): Promise<{ success: boolean; message: string }> {
    try {
-      const currentStatus = this.getUpdateStatus()      
+      const currentStatus = this.getUpdateStatus()
      if (currentStatus && !['idle', 'complete', 'error'].includes(currentStatus.stage)) {
        return {
          success: false,
@ -29,13 +30,17 @@ export class SystemUpdateService {
        }
      }
      // Determine the Docker image tag to install.
      const latestVersion = await KVStore.getValue('system.latestVersion')
      const requestData = {
        requested_at: new Date().toISOString(),
        requester: 'admin-api',
        target_tag: latestVersion ? `v${latestVersion}` : 'latest',
      }
      await writeFile(SystemUpdateService.REQUEST_FILE, JSON.stringify(requestData, null, 2))
-      logger.info('[SystemUpdateService]: System update requested - sidecar will process shortly')
+      logger.info(`[SystemUpdateService]: System update requested (target tag: ${requestData.target_tag}) - sidecar will process shortly`)
      return {
        success: true,
--- a/admin/app/services/zim_extraction_service.ts
+++ b/admin/app/services/zim_extraction_service.ts
@ -0,0 +1,310 @@
 import { Archive, Entry } from '@openzim/libzim'
 import * as cheerio from 'cheerio'
 import { HTML_SELECTORS_TO_REMOVE, NON_CONTENT_HEADING_PATTERNS } from '../../constants/zim_extraction.js'
 import logger from '@adonisjs/core/services/logger'
 import { ExtractZIMChunkingStrategy, ExtractZIMContentOptions, ZIMContentChunk, ZIMArchiveMetadata } from '../../types/zim.js'
 import { randomUUID } from 'node:crypto'
 import { access } from 'node:fs/promises'
 export class ZIMExtractionService {
    private extractArchiveMetadata(archive: Archive): ZIMArchiveMetadata {
        try {
            return {
                title: archive.getMetadata('Title') || archive.getMetadata('Name') || 'Unknown',
                creator: archive.getMetadata('Creator') || 'Unknown',
                publisher: archive.getMetadata('Publisher') || 'Unknown',
                date: archive.getMetadata('Date') || 'Unknown',
                language: archive.getMetadata('Language') || 'Unknown',
                description: archive.getMetadata('Description') || '',
            }
        } catch (error) {
            logger.warn('[ZIMExtractionService]: Could not extract all metadata, using defaults', error)
            return {
                title: 'Unknown',
                creator: 'Unknown',
                publisher: 'Unknown',
                date: 'Unknown',
                language: 'Unknown',
                description: '',
            }
        }
    }
    /**
     * Breaks out a ZIM file's entries into their structured content form
     * to facilitate better indexing and retrieval.
     * Returns enhanced chunks with full article context and metadata.
     * 
     * @param filePath - Path to the ZIM file
     * @param opts - Options including maxArticles, strategy, onProgress, startOffset, and batchSize
     */
    async extractZIMContent(filePath: string, opts: ExtractZIMContentOptions = {}): Promise<ZIMContentChunk[]> {
        try {
            logger.info(`[ZIMExtractionService]: Processing ZIM file at path: ${filePath}`)
            // defensive - check if file still exists before opening
            // could have been deleted by another process or batch
            try {
                await access(filePath)
            } catch (error) {
                logger.error(`[ZIMExtractionService]: ZIM file not accessible: ${filePath}`)
                throw new Error(`ZIM file not found or not accessible: ${filePath}`)
            }
            const archive = new Archive(filePath)
            // Extract archive-level metadata once
            const archiveMetadata = this.extractArchiveMetadata(archive)
            logger.info(`[ZIMExtractionService]: Archive metadata - Title: ${archiveMetadata.title}, Language: ${archiveMetadata.language}`)
            let articlesProcessed = 0
            let articlesSkipped = 0
            const processedPaths = new Set<string>()
            const toReturn: ZIMContentChunk[] = []
            // Support batch processing to avoid lock timeouts on large ZIM files
            const startOffset = opts.startOffset || 0
            const batchSize = opts.batchSize || (opts.maxArticles || Infinity)
            for (const entry of archive.iterByPath()) {
                // Skip articles until we reach the start offset
                if (articlesSkipped < startOffset) {
                    if (this.isArticleEntry(entry) && !processedPaths.has(entry.path)) {
                        articlesSkipped++
                    }
                    continue
                }
                if (articlesProcessed >= batchSize) {
                    break
                }
                if (!this.isArticleEntry(entry)) {
                    logger.debug(`[ZIMExtractionService]: Skipping non-article entry at path: ${entry.path}`)
                    continue
                }
                if (processedPaths.has(entry.path)) {
                    logger.debug(`[ZIMExtractionService]: Skipping duplicate entry at path: ${entry.path}`)
                    continue
                }
                processedPaths.add(entry.path)
                const item = entry.item
                const blob = item.data
                const html = this.getCleanedHTMLString(blob.data)
                const strategy = opts.strategy || this.chooseChunkingStrategy(html);
                logger.debug(`[ZIMExtractionService]: Chosen chunking strategy for path ${entry.path}: ${strategy}`)
                // Generate a unique document ID. All chunks from same article will share it
                const documentId = randomUUID()
                const articleTitle = entry.title || entry.path
                let chunks: ZIMContentChunk[]
                if (strategy === 'structured') {
                    const structured = this.extractStructuredContent(html)
                    chunks = structured.sections.map(s => ({
                        text: s.text,
                        articleTitle,
                        articlePath: entry.path,
                        sectionTitle: s.heading,
                        fullTitle: `${articleTitle} - ${s.heading}`,
                        hierarchy: `${articleTitle} > ${s.heading}`,
                        sectionLevel: s.level,
                        documentId,
                        archiveMetadata,
                        strategy,
                    }))
                } else {
                    // Simple strategy - entire article as one chunk
                    const text = this.extractTextFromHTML(html) || ''
                    chunks = [{
                        text,
                        articleTitle,
                        articlePath: entry.path,
                        sectionTitle: articleTitle, // Same as article for simple strategy
                        fullTitle: articleTitle,
                        hierarchy: articleTitle,
                        documentId,
                        archiveMetadata,
                        strategy,
                    }]
                }
                logger.debug(`Extracted ${chunks.length} chunks from article at path: ${entry.path} using strategy: ${strategy}`)
                const nonEmptyChunks = chunks.filter(c => c.text.trim().length > 0)
                logger.debug(`After filtering empty chunks, ${nonEmptyChunks.length} chunks remain for article at path: ${entry.path}`)
                toReturn.push(...nonEmptyChunks)
                articlesProcessed++
                if (opts.onProgress) {
                    opts.onProgress(articlesProcessed, archive.articleCount)
                }
            }
            logger.info(`[ZIMExtractionService]: Completed processing ZIM file. Total articles processed: ${articlesProcessed}`)
            logger.debug("Final structured content sample:", toReturn.slice(0, 3).map(c => ({
                articleTitle: c.articleTitle,
                sectionTitle: c.sectionTitle,
                hierarchy: c.hierarchy,
                textPreview: c.text.substring(0, 100)
            })))
            logger.debug("Total structured sections extracted:", toReturn.length)
            return toReturn
        } catch (error) {
            logger.error('Error processing ZIM file:', error)
            throw error
        }
    }
    private chooseChunkingStrategy(html: string, options = {
        forceStrategy: null as ExtractZIMChunkingStrategy | null,
    }): ExtractZIMChunkingStrategy {
        const {
            forceStrategy = null,
        } = options;
        if (forceStrategy) return forceStrategy;
        // Use a simple analysis to determin if the HTML has any meaningful structure
        // that we can leverage for better chunking. If not, we'll just chunk it as one big piece of text.
        return this.hasStructuredHeadings(html) ? 'structured' : 'simple';
    }
    private getCleanedHTMLString(buff: Buffer<ArrayBufferLike>): string {
        const rawString = buff.toString('utf-8');
        const $ = cheerio.load(rawString);
        HTML_SELECTORS_TO_REMOVE.forEach((selector) => {
            $(selector).remove()
        });
        return $.html();
    }
    private extractTextFromHTML(html: string): string | null {
        try {
            const $ = cheerio.load(html)
            // Search body first, then root if body is absent
            const text = $('body').length ? $('body').text() : $.root().text()
            return text.replace(/\s+/g, ' ').replace(/\n\s*\n/g, '\n').trim()
        } catch (error) {
            logger.error('Error extracting text from HTML:', error)
            return null
        }
    }
    private extractStructuredContent(html: string) {
        const $ = cheerio.load(html);
        const title = $('h1').first().text().trim() || $('title').text().trim();
        // Extract sections with their headings and heading levels
        const sections: Array<{ heading: string; text: string; level: number }> = [];
        let currentSection = { heading: 'Introduction', content: [] as string[], level: 2 };
        $('body').children().each((_, element) => {
            const $el = $(element);
            const tagName = element.tagName?.toLowerCase();
            if (['h2', 'h3', 'h4'].includes(tagName)) {
                // Save current section if it has content
                if (currentSection.content.length > 0) {
                    sections.push({
                        heading: currentSection.heading,
                        text: currentSection.content.join(' ').replace(/\s+/g, ' ').trim(),
                        level: currentSection.level,
                    });
                }
                // Start new section
                const level = parseInt(tagName.substring(1)); // Extract number from h2, h3, h4
                currentSection = {
                    heading: $el.text().replace(/\[edit\]/gi, '').trim(),
                    content: [],
                    level,
                };
            } else if (['p', 'ul', 'ol', 'dl', 'table'].includes(tagName)) {
                const text = $el.text().trim();
                if (text.length > 0) {
                    currentSection.content.push(text);
                }
            }
        });
        // Push the last section if it has content
        if (currentSection.content.length > 0) {
            sections.push({
                heading: currentSection.heading,
                text: currentSection.content.join(' ').replace(/\s+/g, ' ').trim(),
                level: currentSection.level,
            });
        }
        return {
            title,
            sections,
            fullText: sections.map(s => `${s.heading}\n${s.text}`).join('\n\n'),
        };
    }
    private hasStructuredHeadings(html: string): boolean {
        const $ = cheerio.load(html);
        const headings = $('h2, h3').toArray();
        // Consider it structured if it has at least 2 headings to break content into meaningful sections
        if (headings.length < 2) return false;
        // Check that headings have substantial content between them
        let sectionsWithContent = 0;
        for (const heading of headings) {
            const $heading = $(heading);
            const headingText = $heading.text().trim();
            // Skip empty or very short headings, likely not meaningful
            if (headingText.length < 3) continue;
            // Skip common non-content headings
            if (NON_CONTENT_HEADING_PATTERNS.some(pattern => pattern.test(headingText))) {
                continue;
            }
            // Content until next heading
            let contentLength = 0;
            let $next = $heading.next();
            while ($next.length && !$next.is('h1, h2, h3, h4')) {
                contentLength += $next.text().trim().length;
                $next = $next.next();
            }
            // Consider it a real section if it has at least 100 chars of content
            if (contentLength >= 100) {
                sectionsWithContent++;
            }
        }
        // Require at least 2 sections with substantial content
        return sectionsWithContent >= 2;
    }
    private isArticleEntry(entry: Entry): boolean {
        try {
            if (entry.isRedirect) return false;
            const item = entry.item;
            const mimeType = item.mimetype;
            return mimeType === 'text/html' || mimeType === 'application/xhtml+xml';
        } catch {
            return false;
        }
    }
 }
--- a/admin/app/services/zim_service.ts
+++ b/admin/app/services/zim_service.ts
@ -16,31 +16,23 @@ import {
  listDirectoryContents,
  ZIM_STORAGE_PATH,
 } from '../utils/fs.js'
-import { join } from 'path'
+import { join, resolve, sep } from 'path'
-import { CuratedCategory, CuratedCollectionWithStatus, CuratedCollectionsFile } from '../../types/downloads.js'
+import { WikipediaOption, WikipediaState } from '../../types/downloads.js'
 import vine from '@vinejs/vine'
-import { curatedCategoriesFileSchema, curatedCollectionsFileSchema } from '#validators/curated_collections'
+import { wikipediaOptionsFileSchema } from '#validators/curated_collections'
-import CuratedCollection from '#models/curated_collection'
+import WikipediaSelection from '#models/wikipedia_selection'
-import CuratedCollectionResource from '#models/curated_collection_resource'
+import InstalledResource from '#models/installed_resource'
 import InstalledTier from '#models/installed_tier'
 import { RunDownloadJob } from '#jobs/run_download_job'
-import { DownloadCollectionOperation, DownloadRemoteSuccessCallback } from '../../types/files.js'
+import { SERVICE_NAMES } from '../../constants/service_names.js'
 import { CollectionManifestService } from './collection_manifest_service.js'
 import type { CategoryWithStatus } from '../../types/collections.js'
 const ZIM_MIME_TYPES = ['application/x-zim', 'application/x-openzim', 'application/octet-stream']
-const CATEGORIES_URL = 'https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/master/collections/kiwix-categories.json'
+const WIKIPEDIA_OPTIONS_URL = 'https://raw.githubusercontent.com/Crosstalk-Solutions/project-nomad/refs/heads/main/collections/wikipedia.json'
 const COLLECTIONS_URL =
  'https://github.com/Crosstalk-Solutions/project-nomad/raw/refs/heads/master/collections/kiwix.json'
 interface IZimService {
  downloadCollection: DownloadCollectionOperation
  downloadRemoteSuccessCallback: DownloadRemoteSuccessCallback
 }
@inject()
-export class ZimService implements IZimService {
+export class ZimService {
-  constructor(private dockerService: DockerService) {}
+  constructor(private dockerService: DockerService) { }
  async list() {
    const dirPath = join(process.cwd(), ZIM_STORAGE_PATH)
@ -164,6 +156,12 @@ export class ZimService implements IZimService {
    const filepath = join(process.cwd(), ZIM_STORAGE_PATH, filename)
    // Parse resource metadata for the download job
    const parsedFilename = CollectionManifestService.parseZimFilename(filename)
    const resourceMetadata = parsedFilename
      ? { resource_id: parsedFilename.resource_id, version: parsedFilename.version, collection_ref: null }
      : undefined
    // Dispatch a background download job
    const result = await RunDownloadJob.dispatch({
      url,
@ -172,6 +170,7 @@ export class ZimService implements IZimService {
      allowedMimeTypes: ZIM_MIME_TYPES,
      forceNew: true,
      filetype: 'zim',
      resourceMetadata,
    })
    if (!result || !result.job) {
@ -186,140 +185,144 @@ export class ZimService implements IZimService {
    }
  }
-  async downloadCollection(slug: string) {
+  async listCuratedCategories(): Promise<CategoryWithStatus[]> {
-    const collection = await CuratedCollection.query().where('slug', slug).andWhere('type', 'zim').first()
+    const manifestService = new CollectionManifestService()
-    if (!collection) {
+    return manifestService.getCategoriesWithStatus()
-      return null
+  }
  async downloadCategoryTier(categorySlug: string, tierSlug: string): Promise<string[] | null> {
    const manifestService = new CollectionManifestService()
    const spec = await manifestService.getSpecWithFallback<import('../../types/collections.js').ZimCategoriesSpec>('zim_categories')
    if (!spec) {
      throw new Error('Could not load ZIM categories spec')
    }
-    const resources = await collection.related('resources').query().where('downloaded', false)
+    const category = spec.categories.find((c) => c.slug === categorySlug)
-    if (resources.length === 0) {
+    if (!category) {
-      return null
+      throw new Error(`Category not found: ${categorySlug}`)
    }
-    const downloadUrls = resources.map((res) => res.url)
+    const tier = category.tiers.find((t) => t.slug === tierSlug)
    if (!tier) {
      throw new Error(`Tier not found: ${tierSlug}`)
    }
    const allResources = CollectionManifestService.resolveTierResources(tier, category.tiers)
    // Filter out already installed
    const installed = await InstalledResource.query().where('resource_type', 'zim')
    const installedIds = new Set(installed.map((r) => r.resource_id))
    const toDownload = allResources.filter((r) => !installedIds.has(r.id))
    if (toDownload.length === 0) return null
    const downloadFilenames: string[] = []
-    for (const url of downloadUrls) {
+    for (const resource of toDownload) {
-      const existing = await RunDownloadJob.getByUrl(url)
+      const existingJob = await RunDownloadJob.getByUrl(resource.url)
-      if (existing) {
+      if (existingJob) {
-        logger.warn(`[ZimService] Download already in progress for URL ${url}, skipping.`)
+        logger.warn(`[ZimService] Download already in progress for ${resource.url}, skipping.`)
        continue
      }
-      // Extract the filename from the URL
+      const filename = resource.url.split('/').pop()
-      const filename = url.split('/').pop()
+      if (!filename) continue
      if (!filename) {
        logger.warn(`[ZimService] Could not determine filename from URL ${url}, skipping.`)
        continue
      }
      downloadFilenames.push(filename)
      const filepath = join(process.cwd(), ZIM_STORAGE_PATH, filename)
      await RunDownloadJob.dispatch({
-        url,
+        url: resource.url,
        filepath,
        timeout: 30000,
        allowedMimeTypes: ZIM_MIME_TYPES,
        forceNew: true,
        filetype: 'zim',
        resourceMetadata: {
          resource_id: resource.id,
          version: resource.version,
          collection_ref: categorySlug,
        },
      })
    }
    return downloadFilenames.length > 0 ? downloadFilenames : null
-  } 
+  }
  async downloadRemoteSuccessCallback(urls: string[], restart = true) {
-    // Restart KIWIX container to pick up new ZIM file
+    // Check if any URL is a Wikipedia download and handle it
    for (const url of urls) {
      if (url.includes('wikipedia_en_')) {
        await this.onWikipediaDownloadComplete(url, true)
      }
    }
    if (restart) {
-      await this.dockerService
+      // Check if there are any remaining ZIM download jobs before restarting
-        .affectContainer(DockerService.KIWIX_SERVICE_NAME, 'restart')
+      const { QueueService } = await import('./queue_service.js')
-        .catch((error) => {
+      const queueService = new QueueService()
-          logger.error(`[ZimService] Failed to restart KIWIX container:`, error) // Don't stop the download completion, just log the error.
+      const queue = queueService.getQueue('downloads')
        })
    }
-    // Mark any curated collection resources with this download URL as downloaded
+      // Get all active and waiting jobs
-    const resources = await CuratedCollectionResource.query().whereIn('url', urls)
+      const [activeJobs, waitingJobs] = await Promise.all([
-    for (const resource of resources) {
+        queue.getActive(),
-      resource.downloaded = true
+        queue.getWaiting(),
-      await resource.save()
+      ])
    }
  }
-  async listCuratedCategories(): Promise<CuratedCategory[]> {
+      // Filter out completed jobs (progress === 100) to avoid race condition
-    try {
+      // where this job itself is still in the active queue
-      const response = await axios.get(CATEGORIES_URL)
+      const activeIncompleteJobs = activeJobs.filter((job) => {
-      const data = response.data
+        const progress = typeof job.progress === 'number' ? job.progress : 0
-
+        return progress < 100
      const validated = await vine.validate({
        schema: curatedCategoriesFileSchema,
        data,
      });
      // Look up installed tiers for all categories
      const installedTiers = await InstalledTier.all()
      const installedTierMap = new Map(
        installedTiers.map((t) => [t.category_slug, t.tier_slug])
      )
      // Add installedTierSlug to each category
      return validated.categories.map((category) => ({
        ...category,
        installedTierSlug: installedTierMap.get(category.slug),
      }))
    } catch (error) {
      logger.error(`[ZimService] Failed to fetch curated categories:`, error)
      throw new Error('Failed to fetch curated categories or invalid format was received')
    }
  }
  async saveInstalledTier(categorySlug: string, tierSlug: string): Promise<void> {
    await InstalledTier.updateOrCreate(
      { category_slug: categorySlug },
      { tier_slug: tierSlug }
    )
    logger.info(`[ZimService] Saved installed tier: ${categorySlug} -> ${tierSlug}`)
  }
  async listCuratedCollections(): Promise<CuratedCollectionWithStatus[]> {
    const collections = await CuratedCollection.query().where('type', 'zim').preload('resources')
    return collections.map((collection) => ({
      ...(collection.serialize() as CuratedCollection),
      all_downloaded: collection.resources.every((res) => res.downloaded),
    }))
  }
  async fetchLatestCollections(): Promise<boolean> {
    try {
      const response = await axios.get<CuratedCollectionsFile>(COLLECTIONS_URL)
      const validated = await vine.validate({
        schema: curatedCollectionsFileSchema,
        data: response.data,
      })
-      for (const collection of validated.collections) {
+      // Check if any remaining incomplete jobs are ZIM downloads
-        const collectionResult = await CuratedCollection.updateOrCreate(
+      const allJobs = [...activeIncompleteJobs, ...waitingJobs]
-          { slug: collection.slug },
+      const hasRemainingZimJobs = allJobs.some((job) => job.data.filetype === 'zim')
      if (hasRemainingZimJobs) {
        logger.info('[ZimService] Skipping container restart - more ZIM downloads pending')
      } else {
        // Restart KIWIX container to pick up new ZIM file
        logger.info('[ZimService] No more ZIM downloads pending - restarting KIWIX container')
        await this.dockerService
          .affectContainer(SERVICE_NAMES.KIWIX, 'restart')
          .catch((error) => {
            logger.error(`[ZimService] Failed to restart KIWIX container:`, error) // Don't stop the download completion, just log the error.
          })
      }
    }
    // Create InstalledResource entries for downloaded files
    for (const url of urls) {
      // Skip Wikipedia files (managed separately)
      if (url.includes('wikipedia_en_')) continue
      const filename = url.split('/').pop()
      if (!filename) continue
      const parsed = CollectionManifestService.parseZimFilename(filename)
      if (!parsed) continue
      const filepath = join(process.cwd(), ZIM_STORAGE_PATH, filename)
      const stats = await getFileStatsIfExists(filepath)
      try {
        const { DateTime } = await import('luxon')
        await InstalledResource.updateOrCreate(
          { resource_id: parsed.resource_id, resource_type: 'zim' },
          {
-            ...collection,
+            version: parsed.version,
-            type: 'zim',
+            url: url,
            file_path: filepath,
            file_size_bytes: stats ? Number(stats.size) : null,
            installed_at: DateTime.now(),
          }
        )
-        logger.info(`[ZimService] Upserted curated collection: ${collection.slug}`)
+        logger.info(`[ZimService] Created InstalledResource entry for: ${parsed.resource_id}`)
-
+      } catch (error) {
-        await collectionResult.related('resources').createMany(collection.resources)
+        logger.error(`[ZimService] Failed to create InstalledResource for ${filename}:`, error)
        logger.info(
          `[ZimService] Upserted ${collection.resources.length} resources for collection: ${collection.slug}`
        )
      }
      return true
    } catch (error) {
      logger.error(`[ZimService] Failed to download latest Kiwix collections:`, error)
      return false
    }
  }
@ -329,7 +332,13 @@ export class ZimService implements IZimService {
      fileName += '.zim'
    }
-    const fullPath = join(process.cwd(), ZIM_STORAGE_PATH, fileName)
+    const basePath = resolve(join(process.cwd(), ZIM_STORAGE_PATH))
    const fullPath = resolve(join(basePath, fileName))
    // Prevent path traversal — resolved path must stay within the storage directory
    if (!fullPath.startsWith(basePath + sep)) {
      throw new Error('Invalid filename')
    }
    const exists = await getFileStatsIfExists(fullPath)
    if (!exists) {
@ -337,5 +346,213 @@ export class ZimService implements IZimService {
    }
    await deleteFileIfExists(fullPath)
    // Clean up InstalledResource entry
    const parsed = CollectionManifestService.parseZimFilename(fileName)
    if (parsed) {
      await InstalledResource.query()
        .where('resource_id', parsed.resource_id)
        .where('resource_type', 'zim')
        .delete()
      logger.info(`[ZimService] Deleted InstalledResource entry for: ${parsed.resource_id}`)
    }
  }
  // Wikipedia selector methods
  async getWikipediaOptions(): Promise<WikipediaOption[]> {
    try {
      const response = await axios.get(WIKIPEDIA_OPTIONS_URL)
      const data = response.data
      const validated = await vine.validate({
        schema: wikipediaOptionsFileSchema,
        data,
      })
      return validated.options
    } catch (error) {
      logger.error(`[ZimService] Failed to fetch Wikipedia options:`, error)
      throw new Error('Failed to fetch Wikipedia options')
    }
  }
  async getWikipediaSelection(): Promise<WikipediaSelection | null> {
    // Get the single row from wikipedia_selections (there should only ever be one)
    return WikipediaSelection.query().first()
  }
  async getWikipediaState(): Promise<WikipediaState> {
    const options = await this.getWikipediaOptions()
    const selection = await this.getWikipediaSelection()
    return {
      options,
      currentSelection: selection
        ? {
          optionId: selection.option_id,
          status: selection.status,
          filename: selection.filename,
          url: selection.url,
        }
        : null,
    }
  }
  async selectWikipedia(optionId: string): Promise<{ success: boolean; jobId?: string; message?: string }> {
    const options = await this.getWikipediaOptions()
    const selectedOption = options.find((opt) => opt.id === optionId)
    if (!selectedOption) {
      throw new Error(`Invalid Wikipedia option: ${optionId}`)
    }
    const currentSelection = await this.getWikipediaSelection()
    // If same as currently installed, no action needed
    if (currentSelection?.option_id === optionId && currentSelection.status === 'installed') {
      return { success: true, message: 'Already installed' }
    }
    // Handle "none" option - delete current Wikipedia file and update DB
    if (optionId === 'none') {
      if (currentSelection?.filename) {
        try {
          await this.delete(currentSelection.filename)
          logger.info(`[ZimService] Deleted Wikipedia file: ${currentSelection.filename}`)
        } catch (error) {
          // File might already be deleted, that's OK
          logger.warn(`[ZimService] Could not delete Wikipedia file (may already be gone): ${currentSelection.filename}`)
        }
      }
      // Update or create the selection record (always use first record)
      if (currentSelection) {
        currentSelection.option_id = 'none'
        currentSelection.url = null
        currentSelection.filename = null
        currentSelection.status = 'none'
        await currentSelection.save()
      } else {
        await WikipediaSelection.create({
          option_id: 'none',
          url: null,
          filename: null,
          status: 'none',
        })
      }
      // Restart Kiwix to reflect the change
      await this.dockerService
        .affectContainer(SERVICE_NAMES.KIWIX, 'restart')
        .catch((error) => {
          logger.error(`[ZimService] Failed to restart Kiwix after Wikipedia removal:`, error)
        })
      return { success: true, message: 'Wikipedia removed' }
    }
    // Start download for the new Wikipedia option
    if (!selectedOption.url) {
      throw new Error('Selected Wikipedia option has no download URL')
    }
    // Check if already downloading
    const existingJob = await RunDownloadJob.getByUrl(selectedOption.url)
    if (existingJob) {
      return { success: false, message: 'Download already in progress' }
    }
    // Extract filename from URL
    const filename = selectedOption.url.split('/').pop()
    if (!filename) {
      throw new Error('Could not determine filename from URL')
    }
    const filepath = join(process.cwd(), ZIM_STORAGE_PATH, filename)
    // Update or create selection record to show downloading status
    let selection: WikipediaSelection
    if (currentSelection) {
      currentSelection.option_id = optionId
      currentSelection.url = selectedOption.url
      currentSelection.filename = filename
      currentSelection.status = 'downloading'
      await currentSelection.save()
      selection = currentSelection
    } else {
      selection = await WikipediaSelection.create({
        option_id: optionId,
        url: selectedOption.url,
        filename: filename,
        status: 'downloading',
      })
    }
    // Dispatch download job
    const result = await RunDownloadJob.dispatch({
      url: selectedOption.url,
      filepath,
      timeout: 30000,
      allowedMimeTypes: ZIM_MIME_TYPES,
      forceNew: true,
      filetype: 'zim',
    })
    if (!result || !result.job) {
      // Revert status on failure to dispatch
      selection.option_id = currentSelection?.option_id || 'none'
      selection.url = currentSelection?.url || null
      selection.filename = currentSelection?.filename || null
      selection.status = currentSelection?.status || 'none'
      await selection.save()
      throw new Error('Failed to dispatch download job')
    }
    logger.info(`[ZimService] Started Wikipedia download for ${optionId}: ${filename}`)
    return {
      success: true,
      jobId: result.job.id,
      message: 'Download started',
    }
  }
  async onWikipediaDownloadComplete(url: string, success: boolean): Promise<void> {
    const selection = await this.getWikipediaSelection()
    if (!selection || selection.url !== url) {
      logger.warn(`[ZimService] Wikipedia download complete callback for unknown URL: ${url}`)
      return
    }
    if (success) {
      // Update status to installed
      selection.status = 'installed'
      await selection.save()
      logger.info(`[ZimService] Wikipedia download completed successfully: ${selection.filename}`)
      // Delete the old Wikipedia file if it exists and is different
      // We need to find what was previously installed
      const existingFiles = await this.list()
      const wikipediaFiles = existingFiles.files.filter((f) =>
        f.name.startsWith('wikipedia_en_') && f.name !== selection.filename
      )
      for (const oldFile of wikipediaFiles) {
        try {
          await this.delete(oldFile.name)
          logger.info(`[ZimService] Deleted old Wikipedia file: ${oldFile.name}`)
        } catch (error) {
          logger.warn(`[ZimService] Could not delete old Wikipedia file: ${oldFile.name}`, error)
        }
      }
    } else {
      // Download failed - keep the selection record but mark as failed
      selection.status = 'failed'
      await selection.save()
      logger.error(`[ZimService] Wikipedia download failed for: ${selection.filename}`)
    }
  }
 }
--- a/admin/app/utils/downloads.ts
+++ b/admin/app/utils/downloads.ts
@ -88,10 +88,29 @@ export async function doResumableDownload({
    let lastProgressTime = Date.now()
    let lastDownloadedBytes = startByte
    // Stall detection: if no data arrives for 5 minutes, abort the download
    const STALL_TIMEOUT_MS = 5 * 60 * 1000
    let stallTimer: ReturnType<typeof setTimeout> | null = null
    const clearStallTimer = () => {
      if (stallTimer) {
        clearTimeout(stallTimer)
        stallTimer = null
      }
    }
    const resetStallTimer = () => {
      clearStallTimer()
      stallTimer = setTimeout(() => {
        cleanup(new Error('Download stalled - no data received for 5 minutes'))
      }, STALL_TIMEOUT_MS)
    }
    // Progress tracking stream to monitor data flow
    const progressStream = new Transform({
      transform(chunk: Buffer, _: any, callback: Function) {
        downloadedBytes += chunk.length
        resetStallTimer()
        // Update progress tracking
        const now = Date.now()
@ -118,6 +137,7 @@ export async function doResumableDownload({
    // Handle errors and cleanup
    const cleanup = (error?: Error) => {
      clearStallTimer()
      progressStream.destroy()
      response.data.destroy()
      writeStream.destroy()
@ -136,6 +156,7 @@ export async function doResumableDownload({
    })
    writeStream.on('finish', async () => {
      clearStallTimer()
      if (onProgress) {
        onProgress({
          downloadedBytes,
@ -151,7 +172,8 @@ export async function doResumableDownload({
      resolve(filepath)
    })
-    // Pipe: response -> progressStream -> writeStream
+    // Start stall timer and pipe: response -> progressStream -> writeStream
    resetStallTimer()
    response.data.pipe(progressStream).pipe(writeStream)
  })
 }
--- a/admin/app/utils/fs.ts
+++ b/admin/app/utils/fs.ts
@ -1,5 +1,5 @@
 import { mkdir, readdir, readFile, stat, unlink } from 'fs/promises'
-import { join } from 'path'
+import path, { join } from 'path'
 import { FileEntry } from '../../types/files.js'
 import { createReadStream } from 'fs'
 import { LSBlockDevice, NomadDiskInfoRaw } from '../../types/system.js'
@ -138,16 +138,39 @@ export function matchesDevice(fsPath: string, deviceName: string): boolean {
  // Remove /dev/ and /dev/mapper/ prefixes
  const normalized = fsPath.replace('/dev/mapper/', '').replace('/dev/', '')
-  // Direct match
+  // Direct match (covers /dev/sda1 ↔ sda1, /dev/nvme0n1p1 ↔ nvme0n1p1)
  if (normalized === deviceName) {
    return true
  }
-  // LVM volumes use dashes instead of slashes
+  // LVM/device-mapper: e.g., /dev/mapper/ubuntu--vg-ubuntu--lv contains "ubuntu--lv"
-  // e.g., ubuntu--vg-ubuntu--lv matches the device name
+  if (fsPath.startsWith('/dev/mapper/') && fsPath.includes(deviceName)) {
  if (fsPath.includes(deviceName)) {
    return true
  }
  return false
 }
 export function determineFileType(filename: string): 'image' | 'pdf' | 'text' | 'zim' | 'unknown' {
  const ext = path.extname(filename).toLowerCase()
  if (['.jpg', '.jpeg', '.png', '.gif', '.bmp', '.tiff', '.webp'].includes(ext)) {
    return 'image'
  } else if (ext === '.pdf') {
    return 'pdf'
  } else if (['.txt', '.md', '.docx', '.rtf'].includes(ext)) {
    return 'text'
  } else if (ext === '.zim') {
    return 'zim'
  } else {
    return 'unknown'
  }
 }
 /**
 * Sanitize a filename by removing potentially dangerous characters.
 * @param filename The original filename
 * @returns The sanitized filename
 */
 export function sanitizeFilename(filename: string): string {
  return filename.replace(/[^a-zA-Z0-9._-]/g, '_')
 }
--- a/admin/app/utils/misc.ts
+++ b/admin/app/utils/misc.ts
@ -3,3 +3,23 @@ export function formatSpeed(bytesPerSecond: number): string {
  if (bytesPerSecond < 1024 * 1024) return `${(bytesPerSecond / 1024).toFixed(1)} KB/s`
  return `${(bytesPerSecond / (1024 * 1024)).toFixed(1)} MB/s`
 }
 export function toTitleCase(str: string): string {
  return str
    .toLowerCase()
    .split(' ')
    .map((word) => word.charAt(0).toUpperCase() + word.slice(1))
    .join(' ')
 }
 export function parseBoolean(value: any): boolean {
  if (typeof value === 'boolean') return value
  if (typeof value === 'string') {
    const lower = value.toLowerCase()
    return lower === 'true' || lower === '1'
  }
  if (typeof value === 'number') {
    return value === 1
  }
  return false
 }
--- a/admin/app/utils/version.ts
+++ b/admin/app/utils/version.ts
@ -0,0 +1,49 @@
 /**
 * Compare two semantic version strings to determine if the first is newer than the second.
 * @param version1 - The version to check (e.g., "1.25.0")
 * @param version2 - The current version (e.g., "1.24.0")
 * @returns true if version1 is newer than version2
 */
 export function isNewerVersion(version1: string, version2: string, includePreReleases = false): boolean {
  const normalize = (v: string) => v.replace(/^v/, '')
  const [base1, pre1] = normalize(version1).split('-')
  const [base2, pre2] = normalize(version2).split('-')
  // If pre-releases are not included and version1 is a pre-release, don't consider it newer
  if (!includePreReleases && pre1) {
    return false
  }
  const v1Parts = base1.split('.').map((p) => parseInt(p, 10) || 0)
  const v2Parts = base2.split('.').map((p) => parseInt(p, 10) || 0)
  const maxLen = Math.max(v1Parts.length, v2Parts.length)
  for (let i = 0; i < maxLen; i++) {
    const a = v1Parts[i] || 0
    const b = v2Parts[i] || 0
    if (a > b) return true
    if (a < b) return false
  }
  // Base versions equal — GA > RC, RC.n+1 > RC.n
  if (!pre1 && pre2) return true // v1 is GA, v2 is RC → v1 is newer
  if (pre1 && !pre2) return false // v1 is RC, v2 is GA → v2 is newer
  if (!pre1 && !pre2) return false // both GA, equal
  // Both prerelease: compare numeric suffix (e.g. "rc.2" vs "rc.1")
  const pre1Num = parseInt(pre1.split('.')[1], 10) || 0
  const pre2Num = parseInt(pre2.split('.')[1], 10) || 0
  return pre1Num > pre2Num
 }
 /**
 * Parse the major version number from a tag string.
 * Strips the 'v' prefix if present.
 * @param tag - Version tag (e.g., "v3.8.1", "10.19.4")
 * @returns The major version number
 */
 export function parseMajorVersion(tag: string): number {
  const normalized = tag.replace(/^v/, '')
  const major = parseInt(normalized.split('.')[0], 10)
  return isNaN(major) ? 0 : major
 }
--- a/admin/app/validators/chat.ts
+++ b/admin/app/validators/chat.ts
@ -0,0 +1,22 @@
 import vine from '@vinejs/vine'
 export const createSessionSchema = vine.compile(
  vine.object({
    title: vine.string().trim().minLength(1).maxLength(200),
    model: vine.string().trim().optional(),
  })
 )
 export const updateSessionSchema = vine.compile(
  vine.object({
    title: vine.string().trim().minLength(1).maxLength(200).optional(),
    model: vine.string().trim().optional(),
  })
 )
 export const addMessageSchema = vine.compile(
  vine.object({
    role: vine.enum(['system', 'user', 'assistant'] as const),
    content: vine.string().trim().minLength(1),
  })
 )
--- a/admin/app/validators/common.ts
+++ b/admin/app/validators/common.ts
@ -1,23 +1,65 @@
 import vine from '@vinejs/vine'
 /**
 * Checks whether a URL points to a loopback or link-local address.
 * Used to prevent SSRF — the server should not fetch from localhost
 * or link-local/metadata endpoints (e.g. cloud instance metadata at 169.254.x.x).
 *
 * RFC1918 private ranges (10.x, 172.16-31.x, 192.168.x) are intentionally
 * ALLOWED because NOMAD is a LAN appliance and users may host content
 * mirrors on their local network.
 *
 * Throws an error if the URL is a loopback or link-local address.
 */
 export function assertNotPrivateUrl(urlString: string): void {
  const parsed = new URL(urlString)
  const hostname = parsed.hostname.toLowerCase()
  const blockedPatterns = [
    /^localhost$/,
    /^127\.\d+\.\d+\.\d+$/,
    /^0\.0\.0\.0$/,
    /^169\.254\.\d+\.\d+$/, // Link-local / cloud metadata
    /^\[::1\]$/,
    /^\[?fe80:/i, // IPv6 link-local
  ]
  if (blockedPatterns.some((re) => re.test(hostname))) {
    throw new Error(`Download URL must not point to a loopback or link-local address: ${hostname}`)
  }
 }
 export const remoteDownloadValidator = vine.compile(
  vine.object({
    url: vine
      .string()
-      .url({
+      .url({ require_tld: false }) // Allow LAN URLs (e.g. http://my-nas:8080/file.zim)
        require_tld: false, // Allow local URLs
      })
      .trim(),
  })
 )
 export const remoteDownloadWithMetadataValidator = vine.compile(
  vine.object({
    url: vine
      .string()
      .url({ require_tld: false }) // Allow LAN URLs
      .trim(),
    metadata: vine
      .object({
        title: vine.string().trim().minLength(1),
        summary: vine.string().trim().optional(),
        author: vine.string().trim().optional(),
        size_bytes: vine.number().optional(),
      })
      .optional(),
  })
 )
 export const remoteDownloadValidatorOptional = vine.compile(
  vine.object({
    url: vine
      .string()
-      .url({
+      .url({ require_tld: false }) // Allow LAN URLs
        require_tld: false, // Allow local URLs
      })
      .trim()
      .optional(),
  })
@ -37,9 +79,33 @@ export const downloadCollectionValidator = vine.compile(
  })
 )
-export const saveInstalledTierValidator = vine.compile(
+export const downloadCategoryTierValidator = vine.compile(
  vine.object({
    categorySlug: vine.string().trim().minLength(1),
    tierSlug: vine.string().trim().minLength(1),
  })
 )
 export const selectWikipediaValidator = vine.compile(
  vine.object({
    optionId: vine.string().trim().minLength(1),
  })
 )
 const resourceUpdateInfoBase = vine.object({
  resource_id: vine.string().trim().minLength(1),
  resource_type: vine.enum(['zim', 'map'] as const),
  installed_version: vine.string().trim(),
  latest_version: vine.string().trim().minLength(1),
  download_url: vine.string().url({ require_tld: false }).trim(),
 })
 export const applyContentUpdateValidator = vine.compile(resourceUpdateInfoBase)
 export const applyAllContentUpdatesValidator = vine.compile(
  vine.object({
    updates: vine
      .array(resourceUpdateInfoBase)
      .minLength(1),
  })
 )
--- a/admin/app/validators/curated_collections.ts
+++ b/admin/app/validators/curated_collections.ts
@ -1,30 +1,20 @@
 import vine from '@vinejs/vine'
-export const curatedCollectionResourceValidator = vine.object({
+// ---- Versioned resource validators (with id + version) ----
 export const specResourceValidator = vine.object({
  id: vine.string(),
  version: vine.string(),
  title: vine.string(),
  description: vine.string(),
  url: vine.string().url(),
  size_mb: vine.number().min(0).optional(),
 })
-export const curatedCollectionValidator = vine.object({
+// ---- ZIM Categories spec (versioned) ----
  slug: vine.string(),
  name: vine.string(),
  description: vine.string(),
  icon: vine.string(),
  language: vine.string().minLength(2).maxLength(5),
  resources: vine.array(curatedCollectionResourceValidator).minLength(1),
 })
-export const curatedCollectionsFileSchema = vine.object({
+export const zimCategoriesSpecSchema = vine.object({
-  collections: vine.array(curatedCollectionValidator).minLength(1),
+  spec_version: vine.string(),
 })
 /**
 * For validating the categories file, which has a different structure than the collections file
 * since it includes tiers within each category. 
 */
 export const curatedCategoriesFileSchema = vine.object({
  categories: vine.array(
    vine.object({
      name: vine.string(),
@ -39,9 +29,55 @@ export const curatedCategoriesFileSchema = vine.object({
          description: vine.string(),
          recommended: vine.boolean().optional(),
          includesTier: vine.string().optional(),
-          resources: vine.array(curatedCollectionResourceValidator),
+          resources: vine.array(specResourceValidator),
        })
      ),
    })
  ),
 })
 // ---- Maps spec (versioned) ----
 export const mapsSpecSchema = vine.object({
  spec_version: vine.string(),
  collections: vine.array(
    vine.object({
      slug: vine.string(),
      name: vine.string(),
      description: vine.string(),
      icon: vine.string(),
      language: vine.string().minLength(2).maxLength(5),
      resources: vine.array(specResourceValidator).minLength(1),
    })
  ).minLength(1),
 })
 // ---- Wikipedia spec (versioned) ----
 export const wikipediaSpecSchema = vine.object({
  spec_version: vine.string(),
  options: vine.array(
    vine.object({
      id: vine.string(),
      name: vine.string(),
      description: vine.string(),
      size_mb: vine.number().min(0),
      url: vine.string().url().nullable(),
      version: vine.string().nullable(),
    })
  ).minLength(1),
 })
 // ---- Wikipedia validators (used by ZimService) ----
 export const wikipediaOptionSchema = vine.object({
  id: vine.string(),
  name: vine.string(),
  description: vine.string(),
  size_mb: vine.number().min(0),
  url: vine.string().url().nullable(),
 })
 export const wikipediaOptionsFileSchema = vine.object({
  options: vine.array(wikipediaOptionSchema).minLength(1),
 })
--- a/admin/app/validators/ollama.ts
+++ b/admin/app/validators/ollama.ts
@ -0,0 +1,25 @@
 import vine from '@vinejs/vine'
 export const chatSchema = vine.compile(
  vine.object({
    model: vine.string().trim().minLength(1),
    messages: vine.array(
      vine.object({
        role: vine.enum(['system', 'user', 'assistant'] as const),
        content: vine.string(),
      })
    ),
    stream: vine.boolean().optional(),
    sessionId: vine.number().positive().optional(),
  })
 )
 export const getAvailableModelsSchema = vine.compile(
  vine.object({
    sort: vine.enum(['pulls', 'name'] as const).optional(),
    recommendedOnly: vine.boolean().optional(),
    query: vine.string().trim().optional(),
    limit: vine.number().positive().optional(),
    force: vine.boolean().optional(),
  })
 )
--- a/admin/app/validators/openwebui.ts
+++ b/admin/app/validators/openwebui.ts
@ -1,8 +0,0 @@
 import vine from '@vinejs/vine'
 export const getAvailableModelsSchema = vine.compile(
  vine.object({
    sort: vine.enum(['pulls', 'name'] as const).optional(),
    recommendedOnly: vine.boolean().optional(),
  })
 )
--- a/admin/app/validators/rag.ts
+++ b/admin/app/validators/rag.ts
@ -0,0 +1,13 @@
 import vine from '@vinejs/vine'
 export const getJobStatusSchema = vine.compile(
  vine.object({
    filePath: vine.string(),
  })
 )
 export const deleteFileSchema = vine.compile(
  vine.object({
    source: vine.string(),
  })
 )
--- a/admin/app/validators/settings.ts
+++ b/admin/app/validators/settings.ts
@ -0,0 +1,8 @@
 import vine from "@vinejs/vine";
 import { SETTINGS_KEYS } from "../../constants/kv_store.js";
 export const updateSettingSchema = vine.compile(vine.object({
    key: vine.enum(SETTINGS_KEYS),
    value: vine.any().optional(),
 }))
--- a/admin/app/validators/system.ts
+++ b/admin/app/validators/system.ts
@ -18,3 +18,16 @@ export const subscribeToReleaseNotesValidator = vine.compile(
    email: vine.string().email().trim(),
  })
 )
 export const checkLatestVersionValidator = vine.compile(
  vine.object({
    force: vine.boolean().optional(), // Optional flag to force bypassing cache and checking for updates immediately
  })
 )
 export const updateServiceValidator = vine.compile(
  vine.object({
    service_name: vine.string().trim(),
    target_version: vine.string().trim(),
  })
 )
--- a/admin/bin/server.ts
+++ b/admin/bin/server.ts
@ -36,6 +36,15 @@ new Ignitor(APP_ROOT, { importer: IMPORTER })
    })
    app.listen('SIGTERM', () => app.terminate())
    app.listenIf(app.managedByPm2, 'SIGINT', () => app.terminate())
    app.ready(async () => {
      try {
        const collectionManifestService = new (await import('#services/collection_manifest_service')).CollectionManifestService()
        await collectionManifestService.reconcileFromFilesystem()
      } catch (error) {
        // Catch and log any errors during reconciliation to prevent the server from crashing
        console.error('Error during collection manifest reconciliation:', error)
      }
    })
  })
  .httpServer()
  .start()
--- a/admin/commands/queue/work.ts
+++ b/admin/commands/queue/work.ts
@ -5,6 +5,9 @@ import queueConfig from '#config/queue'
 import { RunDownloadJob } from '#jobs/run_download_job'
 import { DownloadModelJob } from '#jobs/download_model_job'
 import { RunBenchmarkJob } from '#jobs/run_benchmark_job'
 import { EmbedFileJob } from '#jobs/embed_file_job'
 import { CheckUpdateJob } from '#jobs/check_update_job'
 import { CheckServiceUpdatesJob } from '#jobs/check_service_updates_job'
 export default class QueueWork extends BaseCommand {
  static commandName = 'queue:work'
@ -62,8 +65,23 @@ export default class QueueWork extends BaseCommand {
        }
      )
-      worker.on('failed', (job, err) => {
+      worker.on('failed', async (job, err) => {
        this.logger.error(`[${queueName}] Job failed: ${job?.id}, Error: ${err.message}`)
        // If this was a Wikipedia download, mark it as failed in the DB
        if (job?.data?.filetype === 'zim' && job?.data?.url?.includes('wikipedia_en_')) {
          try {
            const { DockerService } = await import('#services/docker_service')
            const { ZimService } = await import('#services/zim_service')
            const dockerService = new DockerService()
            const zimService = new ZimService(dockerService)
            await zimService.onWikipediaDownloadComplete(job.data.url, false)
          } catch (e: any) {
            this.logger.error(
              `[${queueName}] Failed to update Wikipedia status: ${e.message}`
            )
          }
        }
      })
      worker.on('completed', (job) => {
@ -74,6 +92,10 @@ export default class QueueWork extends BaseCommand {
      this.logger.info(`Worker started for queue: ${queueName}`)
    }
    // Schedule nightly update checks (idempotent, will persist over restarts)
    await CheckUpdateJob.scheduleNightly()
    await CheckServiceUpdatesJob.scheduleNightly()
    // Graceful shutdown for all workers
    process.on('SIGTERM', async () => {
      this.logger.info('SIGTERM received. Shutting down workers...')
@ -90,10 +112,16 @@ export default class QueueWork extends BaseCommand {
    handlers.set(RunDownloadJob.key, new RunDownloadJob())
    handlers.set(DownloadModelJob.key, new DownloadModelJob())
    handlers.set(RunBenchmarkJob.key, new RunBenchmarkJob())
    handlers.set(EmbedFileJob.key, new EmbedFileJob())
    handlers.set(CheckUpdateJob.key, new CheckUpdateJob())
    handlers.set(CheckServiceUpdatesJob.key, new CheckServiceUpdatesJob())
    queues.set(RunDownloadJob.key, RunDownloadJob.queue)
    queues.set(DownloadModelJob.key, DownloadModelJob.queue)
    queues.set(RunBenchmarkJob.key, RunBenchmarkJob.queue)
    queues.set(EmbedFileJob.key, EmbedFileJob.queue)
    queues.set(CheckUpdateJob.key, CheckUpdateJob.queue)
    queues.set(CheckServiceUpdatesJob.key, CheckServiceUpdatesJob.queue)
    return [handlers, queues]
  }
@ -107,6 +135,8 @@ export default class QueueWork extends BaseCommand {
      [RunDownloadJob.queue]: 3,
      [DownloadModelJob.queue]: 2, // Lower concurrency for resource-intensive model downloads
      [RunBenchmarkJob.queue]: 1, // Run benchmarks one at a time for accurate results
      [EmbedFileJob.queue]: 2, // Lower concurrency for embedding jobs, can be resource intensive
      [CheckUpdateJob.queue]: 1, // No need to run more than one update check at a time
      default: 3,
    }
--- a/admin/config/inertia.ts
+++ b/admin/config/inertia.ts
@ -1,3 +1,4 @@
 import KVStore from '#models/kv_store'
 import { SystemService } from '#services/system_service'
 import { defineConfig } from '@adonisjs/inertia'
 import type { InferSharedProps } from '@adonisjs/inertia/types'
@ -14,6 +15,10 @@ const inertiaConfig = defineConfig({
  sharedData: {
    appVersion: () => SystemService.getAppVersion(),
    environment: process.env.NODE_ENV || 'production',
    aiAssistantName: async () => {
      const customName = await KVStore.getValue('ai.assistantCustomName')
      return (customName && customName.trim()) ? customName : 'AI Assistant'
    },
  },
  /**
--- a/admin/config/logger.ts
+++ b/admin/config/logger.ts
@ -13,12 +13,12 @@ const loggerConfig = defineConfig({
    app: {
      enabled: true,
      name: env.get('APP_NAME'),
-      level: env.get('LOG_LEVEL'),
+      level: env.get('NODE_ENV') === 'production' ? env.get('LOG_LEVEL') : 'debug', // default to 'debug' in non-production envs
      transport: {
        targets:
          targets()
            .pushIf(!app.inProduction, targets.pretty())
-            .pushIf(app.inProduction, targets.file({ destination: "/app/storage/logs/admin.log" }))
+            .pushIf(app.inProduction, targets.file({ destination: "/app/storage/logs/admin.log", mkdir: true }))
            .toArray(),
      },
    },
--- a/admin/config/transmit.ts
+++ b/admin/config/transmit.ts
@ -1,6 +1,14 @@
 import env from '#start/env'
 import { defineConfig } from '@adonisjs/transmit'
 import { redis } from '@adonisjs/transmit/transports'
 export default defineConfig({
-  pingInterval: false,
+  pingInterval: '30s',
-  transport: null
+  transport: {
    driver: redis({
      host: env.get('REDIS_HOST'),
      port: env.get('REDIS_PORT'),
      keyPrefix: 'transmit:',
    })
  }
 })
--- a/admin/constants/broadcast.ts
+++ b/admin/constants/broadcast.ts
@ -0,0 +1,7 @@
 export const BROADCAST_CHANNELS = {
    BENCHMARK_PROGRESS: 'benchmark-progress',
    OLLAMA_MODEL_DOWNLOAD: 'ollama-model-download',
    SERVICE_INSTALLATION: 'service-installation',
    SERVICE_UPDATES: 'service-updates',
 }
--- a/admin/constants/kv_store.ts
+++ b/admin/constants/kv_store.ts
@ -0,0 +1,3 @@
 import { KVStoreKey } from "../types/kv_store.js";
 export const SETTINGS_KEYS: KVStoreKey[] = ['chat.suggestionsEnabled', 'chat.lastModel', 'ui.hasVisitedEasySetup', 'ui.theme', 'system.earlyAccess', 'ai.assistantCustomName'];
--- a/admin/constants/misc.ts
+++ b/admin/constants/misc.ts
@ -0,0 +1,2 @@
 export const NOMAD_API_DEFAULT_BASE_URL = 'https://api.projectnomad.us'
--- a/admin/constants/ollama.ts
+++ b/admin/constants/ollama.ts
@ -0,0 +1,157 @@
 import { NomadOllamaModel } from '../types/ollama.js'
 /**
 * Fallback basic recommended Ollama models in case fetching from the service fails.
 */
 export const FALLBACK_RECOMMENDED_OLLAMA_MODELS: NomadOllamaModel[] = [
  {
    name: 'llama3.1',
    description:
      'Llama 3.1 is a new state-of-the-art model from Meta available in 8B, 70B and 405B parameter sizes.',
    estimated_pulls: '109.3M',
    id: '9fe9c575-e77e-4a51-a743-07359458ee71',
    first_seen: '2026-01-28T23:37:31.000+00:00',
    model_last_updated: '1 year ago',
    tags: [
      {
        name: 'llama3.1:8b-text-q4_1',
        size: '5.1 GB',
        context: '128k',
        input: 'Text',
        cloud: false,
        thinking: false
      },
    ],
  },
  {
    name: 'deepseek-r1',
    description:
      'DeepSeek-R1 is a family of open reasoning models with performance approaching that of leading models, such as O3 and Gemini 2.5 Pro.',
    estimated_pulls: '77.2M',
    id: '0b566560-68a6-4964-b0d4-beb3ab1ad694',
    first_seen: '2026-01-28T23:37:31.000+00:00',
    model_last_updated: '7 months ago',
    tags: [
      {
        name: 'deepseek-r1:1.5b',
        size: '1.1 GB',
        context: '128k',
        input: 'Text',
        cloud: false,
        thinking: true
      },
    ],
  },
  {
    name: 'llama3.2',
    description: "Meta's Llama 3.2 goes small with 1B and 3B models.",
    estimated_pulls: '54.7M',
    id: 'c9a1bc23-b290-4501-a913-f7c9bb39c3ad',
    first_seen: '2026-01-28T23:37:31.000+00:00',
    model_last_updated: '1 year ago',
    tags: [
      {
        name: 'llama3.2:1b-text-q2_K',
        size: '581 MB',
        context: '128k',
        input: 'Text',
        cloud: false,
        thinking: false
      },
    ],
  },
 ]
 export const DEFAULT_QUERY_REWRITE_MODEL = 'qwen2.5:3b' // default to qwen2.5 for query rewriting with good balance of text task performance and resource usage
 /**
 * Adaptive RAG context limits based on model size.
 * Smaller models get overwhelmed with too much context, so we cap it.
 */
 export const RAG_CONTEXT_LIMITS: { maxParams: number; maxResults: number; maxTokens: number }[] = [
  { maxParams: 3, maxResults: 2, maxTokens: 1000 },   // 1-3B models
  { maxParams: 8, maxResults: 4, maxTokens: 2500 },   // 4-8B models
  { maxParams: Infinity, maxResults: 5, maxTokens: 0 }, // 13B+ (no cap)
 ]
 export const SYSTEM_PROMPTS = {
  default: `
 Format all responses using markdown for better readability. Vanilla markdown or GitHub-flavored markdown is preferred.
 - Use **bold** and *italic* for emphasis.
 - Use code blocks with language identifiers for code snippets.
 - Use headers (##, ###) to organize longer responses.
 - Use bullet points or numbered lists for clarity.
 - Use tables when presenting structured data.
 `,
  rag_context: (context: string) => `
 You have access to relevant information from the knowledge base. This context has been retrieved based on semantic similarity to the user's question.
 [Knowledge Base Context]
 ${context}
 IMPORTANT INSTRUCTIONS:
 1. If the user's question is directly related to the context above, use this information to provide accurate, detailed answers.
 2. Always cite or reference the context when using it (e.g., "According to the information available..." or "Based on the knowledge base...").
 3. If the context is only partially relevant, combine it with your general knowledge but be clear about what comes from the knowledge base.
 4. If the context is not relevant to the user's question, you can respond using your general knowledge without forcing the context into your answer. Do not mention the context if it's not relevant.
 5. Never fabricate information that isn't in the context or your training data.
 6. If you're unsure or you don't have enough information to answer the user's question, acknowledge the limitations.
 Format your response using markdown for readability.
 `,
  chat_suggestions: `
 You are a helpful assistant that generates conversation starter suggestions for a survivalist/prepper using an AI assistant.
 Provide exactly 3 conversation starter topics as direct questions that someone would ask.
 These should be clear, complete questions that can start meaningful conversations.
 Examples of good suggestions:
 - "How do I purify water in an emergency?"
 - "What are the best foods for long-term storage?"
 - "Help me create a 72-hour emergency kit"
 Do NOT use:
 - Follow-up questions seeking clarification
 - Vague or incomplete suggestions
 - Questions that assume prior context
 - Statements that are not suggestions themselves, such as praise for asking the question
 - Direct questions or commands to the user
 Return ONLY the 3 suggestions as a comma-separated list with no additional text, formatting, numbering, or quotation marks.
 The suggestions should be in title case.
 Ensure that your suggestions are comma-seperated with no conjunctions like "and" or "or".
 Do not use line breaks, new lines, or extra spacing to separate the suggestions.
 Format: suggestion1, suggestion2, suggestion3
 `,
  title_generation: `You are a title generator. Given the start of a conversation, generate a concise, descriptive title under 50 characters. Return ONLY the title text with no quotes, punctuation wrapping, or extra formatting.`,
  query_rewrite: `
 You are a query rewriting assistant. Your task is to reformulate the user's latest question to include relevant context from the conversation history.
 Given the conversation history, rewrite the user's latest question to be a standalone, context-aware search query that will retrieve the most relevant information.
 Rules:
 1. Keep the rewritten query concise (under 150 words)
 2. Include key entities, topics, and context from previous messages
 3. Make it a clear, searchable query
 4. Do NOT answer the question - only rewrite the user's query to be more effective for retrieval
 5. Output ONLY the rewritten query, nothing else
 Examples:
 Conversation:
 User: "How do I install Gentoo?"
 Assistant: [detailed installation guide]
 User: "Is an internet connection required to install?"
 Rewritten Query: "Is an internet connection required to install Gentoo Linux?"
 ---
 Conversation:
 User: "What's the best way to preserve meat?"
 Assistant: [preservation methods]
 User: "How long does it last?"
 Rewritten Query: "How long does preserved meat last using curing or smoking methods?"
 `,
 }
--- a/admin/constants/service_names.ts
+++ b/admin/constants/service_names.ts
@ -0,0 +1,8 @@
 export const SERVICE_NAMES = {
  KIWIX: 'nomad_kiwix_server',
  OLLAMA: 'nomad_ollama',
  QDRANT: 'nomad_qdrant',
  CYBERCHEF: 'nomad_cyberchef',
  FLATNOTES: 'nomad_flatnotes',
  KOLIBRI: 'nomad_kolibri',
 }
--- a/admin/constants/zim_extraction.ts
+++ b/admin/constants/zim_extraction.ts
@ -0,0 +1,48 @@
 export const HTML_SELECTORS_TO_REMOVE = [
    'script',
    'style',
    'nav',
    'header',
    'footer',
    'noscript',
    'iframe',
    'svg',
    '.navbox',
    '.sidebar',
    '.infobox',
    '.mw-editsection',
    '.reference',
    '.reflist',
    '.toc',
    '.noprint',
    '.mw-jump-link',
    '.mw-headline-anchor',
    '[role="navigation"]',
    '.navbar',
    '.hatnote',
    '.ambox',
    '.sistersitebox',
    '.portal',
    '#coordinates',
    '.geo-nondefault',
    '.authority-control',
 ]
 // Common heading names that usually don't have meaningful content under them
 export const NON_CONTENT_HEADING_PATTERNS = [
    /^see also$/i,
    /^references$/i,
    /^external links$/i,
    /^further reading$/i,
    /^notes$/i,
    /^bibliography$/i,
    /^navigation$/i,
 ]
 /**
 * Batch size for processing ZIM articles to prevent lock timeout errors.
 * Processing 50 articles at a time balances throughput with job duration.
 * Typical processing time: 2-5 minutes per batch depending on article complexity.
 */
 export const ZIM_BATCH_SIZE = 50
--- a/admin/database/migrations/1769300000002_update_services_friendly_names.ts
+++ b/admin/database/migrations/1769300000002_update_services_friendly_names.ts
@ -26,10 +26,11 @@ export default class extends BaseSchema {
    await this.db.rawQuery(`
      UPDATE services SET
        friendly_name = 'AI Assistant',
-        powered_by = 'Open WebUI + Ollama',
+        powered_by = 'Ollama',
        ui_location = '/chat',
        display_order = 3,
        description = 'Local AI chat that runs entirely on your hardware - no internet required'
-      WHERE service_name = 'nomad_open_webui'
+      WHERE service_name = 'nomad_ollama'
    `)
    await this.db.rawQuery(`
@ -49,12 +50,6 @@ export default class extends BaseSchema {
        description = 'Swiss Army knife for data encoding, encryption, and analysis'
      WHERE service_name = 'nomad_cyberchef'
    `)
    await this.db.rawQuery(`
      UPDATE services SET
        display_order = 100
      WHERE service_name = 'nomad_ollama'
    `)
  }
  async down() {
@ -79,11 +74,11 @@ export default class extends BaseSchema {
    await this.db.rawQuery(`
      UPDATE services SET
-        friendly_name = 'Open WebUI',
+        friendly_name = 'Ollama',
        powered_by = NULL,
        display_order = NULL,
-        description = 'A web interface for interacting with local AI models served by Ollama'
+        description = 'Local AI chat that runs entirely on your hardware - no internet required'
-      WHERE service_name = 'nomad_open_webui'
+      WHERE service_name = 'nomad_ollama'
    `)
    await this.db.rawQuery(`
@ -103,11 +98,5 @@ export default class extends BaseSchema {
        description = 'The Cyber Swiss Army Knife - a web app for encryption, encoding, and data analysis'
      WHERE service_name = 'nomad_cyberchef'
    `)
    await this.db.rawQuery(`
      UPDATE services SET
        display_order = NULL
      WHERE service_name = 'nomad_ollama'
    `)
  }
 }
--- a/admin/database/migrations/1769400000002_create_kv_store_table.ts
+++ b/admin/database/migrations/1769400000002_create_kv_store_table.ts
@ -0,0 +1,19 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'kv_store'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id')
      table.string('key').unique().notNullable()
      table.text('value').nullable()
      table.timestamp('created_at')
      table.timestamp('updated_at')
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1769500000001_create_wikipedia_selection_table.ts
+++ b/admin/database/migrations/1769500000001_create_wikipedia_selection_table.ts
@ -0,0 +1,21 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'wikipedia_selections'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id').primary()
      table.string('option_id').notNullable()
      table.string('url').nullable()
      table.string('filename').nullable()
      table.enum('status', ['none', 'downloading', 'installed', 'failed']).defaultTo('none')
      table.timestamp('created_at')
      table.timestamp('updated_at')
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1769646771604_create_create_chat_sessions_table.ts
+++ b/admin/database/migrations/1769646771604_create_create_chat_sessions_table.ts
@ -0,0 +1,19 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'chat_sessions'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id')
      table.string('title').notNullable()
      table.string('model').nullable()
      table.timestamp('created_at')
      table.timestamp('updated_at')
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1769646798266_create_create_chat_messages_table.ts
+++ b/admin/database/migrations/1769646798266_create_create_chat_messages_table.ts
@ -0,0 +1,20 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'chat_messages'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id')
      table.integer('session_id').unsigned().references('id').inTable('chat_sessions').onDelete('CASCADE')
      table.enum('role', ['system', 'user', 'assistant']).notNullable()
      table.text('content').notNullable()
      table.timestamp('created_at')
      table.timestamp('updated_at')
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1769700000001_create_zim_file_metadata_table.ts
+++ b/admin/database/migrations/1769700000001_create_zim_file_metadata_table.ts
@ -0,0 +1,22 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'zim_file_metadata'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id').primary()
      table.string('filename').notNullable().unique()
      table.string('title').notNullable()
      table.text('summary').nullable()
      table.string('author').nullable()
      table.bigInteger('size_bytes').nullable()
      table.timestamp('created_at')
      table.timestamp('updated_at')
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1770269324176_add_unique_constraint_to_curated_collection_resources_table.ts
+++ b/admin/database/migrations/1770269324176_add_unique_constraint_to_curated_collection_resources_table.ts
@ -0,0 +1,19 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'curated_collection_resources'
  async up() {
    this.schema.alterTable(this.tableName, (table) => {
      table.unique(['curated_collection_slug', 'url'], {
        indexName: 'curated_collection_resources_unique',
      })
    })
  }
  async down() {
    this.schema.alterTable(this.tableName, (table) => {
      table.dropUnique(['curated_collection_slug', 'url'], 'curated_collection_resources_unique')
    })
  }
 }
--- a/admin/database/migrations/1770273423670_drop_installed_tiers_table.ts
+++ b/admin/database/migrations/1770273423670_drop_installed_tiers_table.ts
@ -0,0 +1,20 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'installed_tiers'
  async up() {
    this.schema.dropTableIfExists(this.tableName)
  }
  async down() {
    // Recreate the table if we need to rollback
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id')
      table.string('category_slug').notNullable().unique()
      table.string('tier_slug').notNullable()
      table.timestamp('created_at', { useTz: true })
      table.timestamp('updated_at', { useTz: true })
    })
  }
 }
--- a/admin/database/migrations/1770849108030_create_create_collection_manifests_table.ts
+++ b/admin/database/migrations/1770849108030_create_create_collection_manifests_table.ts
@ -0,0 +1,18 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'collection_manifests'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.string('type').primary() // 'zim_categories' | 'maps' | 'wikipedia'
      table.string('spec_version').notNullable()
      table.json('spec_data').notNullable()
      table.timestamp('fetched_at').notNullable()
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1770849119787_create_create_installed_resources_table.ts
+++ b/admin/database/migrations/1770849119787_create_create_installed_resources_table.ts
@ -0,0 +1,25 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'installed_resources'
  async up() {
    this.schema.createTable(this.tableName, (table) => {
      table.increments('id').primary()
      table.string('resource_id').notNullable()
      table.enum('resource_type', ['zim', 'map']).notNullable()
      table.string('collection_ref').nullable()
      table.string('version').notNullable()
      table.string('url').notNullable()
      table.string('file_path').notNullable()
      table.bigInteger('file_size_bytes').nullable()
      table.timestamp('installed_at').notNullable()
      table.unique(['resource_id', 'resource_type'])
    })
  }
  async down() {
    this.schema.dropTable(this.tableName)
  }
 }
--- a/admin/database/migrations/1770850092871_create_drop_legacy_curated_tables_table.ts
+++ b/admin/database/migrations/1770850092871_create_drop_legacy_curated_tables_table.ts
@ -0,0 +1,13 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  async up() {
    this.schema.dropTableIfExists('curated_collection_resources')
    this.schema.dropTableIfExists('curated_collections')
    this.schema.dropTableIfExists('zim_file_metadata')
  }
  async down() {
    // These tables are legacy and intentionally not recreated
  }
 }
--- a/admin/database/migrations/1771000000001_add_update_fields_to_services.ts
+++ b/admin/database/migrations/1771000000001_add_update_fields_to_services.ts
@ -0,0 +1,21 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'services'
  async up() {
    this.schema.alterTable(this.tableName, (table) => {
      table.string('source_repo', 255).nullable()
      table.string('available_update_version', 50).nullable()
      table.timestamp('update_checked_at').nullable()
    })
  }
  async down() {
    this.schema.alterTable(this.tableName, (table) => {
      table.dropColumn('source_repo')
      table.dropColumn('available_update_version')
      table.dropColumn('update_checked_at')
    })
  }
 }
--- a/admin/database/migrations/1771000000002_pin_latest_service_images.ts
+++ b/admin/database/migrations/1771000000002_pin_latest_service_images.ts
@ -0,0 +1,61 @@
 import { BaseSchema } from '@adonisjs/lucid/schema'
 export default class extends BaseSchema {
  protected tableName = 'services'
  async up() {
    this.defer(async (db) => {
      // Pin :latest images to specific versions
      await db
        .from(this.tableName)
        .where('container_image', 'ghcr.io/gchq/cyberchef:latest')
        .update({ container_image: 'ghcr.io/gchq/cyberchef:10.19.4' })
      await db
        .from(this.tableName)
        .where('container_image', 'dullage/flatnotes:latest')
        .update({ container_image: 'dullage/flatnotes:v5.5.4' })
      await db
        .from(this.tableName)
        .where('container_image', 'treehouses/kolibri:latest')
        .update({ container_image: 'treehouses/kolibri:0.12.8' })
      // Populate source_repo for services whose images lack the OCI source label
      const sourceRepos: Record<string, string> = {
        nomad_kiwix_server: 'https://github.com/kiwix/kiwix-tools',
        nomad_ollama: 'https://github.com/ollama/ollama',
        nomad_qdrant: 'https://github.com/qdrant/qdrant',
        nomad_cyberchef: 'https://github.com/gchq/CyberChef',
        nomad_flatnotes: 'https://github.com/dullage/flatnotes',
        nomad_kolibri: 'https://github.com/learningequality/kolibri',
      }
      for (const [serviceName, repoUrl] of Object.entries(sourceRepos)) {
        await db
          .from(this.tableName)
          .where('service_name', serviceName)
          .update({ source_repo: repoUrl })
      }
    })
  }
  async down() {
    this.defer(async (db) => {
      await db
        .from(this.tableName)
        .where('container_image', 'ghcr.io/gchq/cyberchef:10.19.4')
        .update({ container_image: 'ghcr.io/gchq/cyberchef:latest' })
      await db
        .from(this.tableName)
        .where('container_image', 'dullage/flatnotes:v5.5.4')
        .update({ container_image: 'dullage/flatnotes:latest' })
      await db
        .from(this.tableName)
        .where('container_image', 'treehouses/kolibri:0.12.8')
        .update({ container_image: 'treehouses/kolibri:latest' })
    })
  }
 }
--- a/admin/database/seeders/service_seeder.ts
+++ b/admin/database/seeders/service_seeder.ts
@ -1,29 +1,37 @@
 import Service from '#models/service'
 import { DockerService } from '#services/docker_service'
 import { BaseSeeder } from '@adonisjs/lucid/seeders'
 import { ModelAttributes } from '@adonisjs/lucid/types/model'
 import env from '#start/env'
 import { SERVICE_NAMES } from '../../constants/service_names.js'
 export default class ServiceSeeder extends BaseSeeder {
  // Use environment variable with fallback to production default
-  private static NOMAD_STORAGE_ABS_PATH = env.get('NOMAD_STORAGE_PATH', '/opt/project-nomad/storage')
+  private static NOMAD_STORAGE_ABS_PATH = env.get(
-  private static DEFAULT_SERVICES: Omit<ModelAttributes<Service>, 'created_at' | 'updated_at' | 'metadata' | 'id'>[] = [
+    'NOMAD_STORAGE_PATH',
    '/opt/project-nomad/storage'
  )
  private static DEFAULT_SERVICES: Omit<
    ModelAttributes<Service>,
    'created_at' | 'updated_at' | 'metadata' | 'id' | 'available_update_version' | 'update_checked_at'
  >[] = [
    {
-      service_name: DockerService.KIWIX_SERVICE_NAME,
+      service_name: SERVICE_NAMES.KIWIX,
      friendly_name: 'Information Library',
      powered_by: 'Kiwix',
      display_order: 1,
-      description: 'Offline access to Wikipedia, medical references, how-to guides, and encyclopedias',
+      description:
        'Offline access to Wikipedia, medical references, how-to guides, and encyclopedias',
      icon: 'IconBooks',
      container_image: 'ghcr.io/kiwix/kiwix-serve:3.8.1',
      source_repo: 'https://github.com/kiwix/kiwix-tools',
      container_command: '*.zim --address=all',
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/zim:/data`],
-          PortBindings: { '8080/tcp': [{ HostPort: '8090' }] }
+          PortBindings: { '8080/tcp': [{ HostPort: '8090' }] },
        },
-        ExposedPorts: { '8080/tcp': {} }
+        ExposedPorts: { '8080/tcp': {} },
      }),
      ui_location: '8090',
      installed: false,
@ -32,67 +40,69 @@ export default class ServiceSeeder extends BaseSeeder {
      depends_on: null,
    },
    {
-      service_name: DockerService.OLLAMA_SERVICE_NAME,
+      service_name: SERVICE_NAMES.QDRANT,
-      friendly_name: 'Ollama',
+      friendly_name: 'Qdrant Vector Database',
      powered_by: null,
      display_order: 100, // Dependency service, not shown directly
-      description: 'Run local LLMs (AI models) with ease on your own hardware',
+      description: 'Vector database for storing and searching embeddings',
      icon: 'IconRobot',
-      container_image: 'ollama/ollama:latest',
+      container_image: 'qdrant/qdrant:v1.16',
-      container_command: 'serve',
+      source_repo: 'https://github.com/qdrant/qdrant',
      container_command: null,
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
-          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/ollama:/root/.ollama`],
+          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/qdrant:/qdrant/storage`],
-          PortBindings: { '11434/tcp': [{ HostPort: '11434' }] }
+          PortBindings: { '6333/tcp': [{ HostPort: '6333' }], '6334/tcp': [{ HostPort: '6334' }] },
        },
-        ExposedPorts: { '11434/tcp': {} }
+        ExposedPorts: { '6333/tcp': {}, '6334/tcp': {} },
      }),
-      ui_location: null,
+      ui_location: '6333',
      installed: false,
      installation_status: 'idle',
      is_dependency_service: true,
      depends_on: null,
    },
    {
-      service_name: DockerService.OPEN_WEBUI_SERVICE_NAME,
+      service_name: SERVICE_NAMES.OLLAMA,
      friendly_name: 'AI Assistant',
-      powered_by: 'Open WebUI + Ollama',
+      powered_by: 'Ollama',
      display_order: 3,
      description: 'Local AI chat that runs entirely on your hardware - no internet required',
      icon: 'IconWand',
-      container_image: 'ghcr.io/open-webui/open-webui:main',
+      container_image: 'ollama/ollama:0.18.1',
-      container_command: null,
+      source_repo: 'https://github.com/ollama/ollama',
      container_command: 'serve',
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
-          NetworkMode: 'host',
+          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/ollama:/root/.ollama`],
-          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/open-webui:/app/backend/data`],
+          PortBindings: { '11434/tcp': [{ HostPort: '11434' }] },
          PortBindings: { '8080/tcp': [{ HostPort: '3000' }] }
        },
-        Env: ['WEBUI_AUTH=False', 'PORT=3000', 'OLLAMA_BASE_URL=http://127.0.0.1:11434']
+        ExposedPorts: { '11434/tcp': {} },
      }),
-      ui_location: '3000',
+      ui_location: '/chat',
      installed: false,
      installation_status: 'idle',
      is_dependency_service: false,
-      depends_on: DockerService.OLLAMA_SERVICE_NAME,
+      depends_on: SERVICE_NAMES.QDRANT,
    },
    {
-      service_name: DockerService.CYBERCHEF_SERVICE_NAME,
+      service_name: SERVICE_NAMES.CYBERCHEF,
      friendly_name: 'Data Tools',
      powered_by: 'CyberChef',
      display_order: 11,
      description: 'Swiss Army knife for data encoding, encryption, and analysis',
      icon: 'IconChefHat',
-      container_image: 'ghcr.io/gchq/cyberchef:latest',
+      container_image: 'ghcr.io/gchq/cyberchef:10.22.1',
      source_repo: 'https://github.com/gchq/CyberChef',
      container_command: null,
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
-          PortBindings: { '80/tcp': [{ HostPort: '8100' }] }
+          PortBindings: { '80/tcp': [{ HostPort: '8100' }] },
        },
-        ExposedPorts: { '80/tcp': {} }
+        ExposedPorts: { '80/tcp': {} },
      }),
      ui_location: '8100',
      installed: false,
@ -101,22 +111,23 @@ export default class ServiceSeeder extends BaseSeeder {
      depends_on: null,
    },
    {
-      service_name: DockerService.FLATNOTES_SERVICE_NAME,
+      service_name: SERVICE_NAMES.FLATNOTES,
      friendly_name: 'Notes',
      powered_by: 'FlatNotes',
      display_order: 10,
      description: 'Simple note-taking app with local storage',
      icon: 'IconNotes',
-      container_image: 'dullage/flatnotes:latest',
+      container_image: 'dullage/flatnotes:v5.5.4',
      source_repo: 'https://github.com/dullage/flatnotes',
      container_command: null,
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
          PortBindings: { '8080/tcp': [{ HostPort: '8200' }] },
-          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/flatnotes:/data`]
+          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/flatnotes:/data`],
        },
        ExposedPorts: { '8080/tcp': {} },
-        Env: ['FLATNOTES_AUTH_TYPE=none']
+        Env: ['FLATNOTES_AUTH_TYPE=none'],
      }),
      ui_location: '8200',
      installed: false,
@ -125,19 +136,20 @@ export default class ServiceSeeder extends BaseSeeder {
      depends_on: null,
    },
    {
-      service_name: DockerService.KOLIBRI_SERVICE_NAME,
+      service_name: SERVICE_NAMES.KOLIBRI,
      friendly_name: 'Education Platform',
      powered_by: 'Kolibri',
      display_order: 2,
      description: 'Interactive learning platform with video courses and exercises',
      icon: 'IconSchool',
-      container_image: 'treehouses/kolibri:latest',
+      container_image: 'treehouses/kolibri:0.12.8',
      source_repo: 'https://github.com/learningequality/kolibri',
      container_command: null,
      container_config: JSON.stringify({
        HostConfig: {
          RestartPolicy: { Name: 'unless-stopped' },
          PortBindings: { '8080/tcp': [{ HostPort: '8300' }] },
-          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/kolibri:/root/.kolibri`]
+          Binds: [`${ServiceSeeder.NOMAD_STORAGE_ABS_PATH}/kolibri:/root/.kolibri`],
        },
        ExposedPorts: { '8080/tcp': {} },
      }),
@ -146,15 +158,17 @@ export default class ServiceSeeder extends BaseSeeder {
      installation_status: 'idle',
      is_dependency_service: false,
      depends_on: null,
-    }
+    },
  ]
  async run() {
    const existingServices = await Service.query().select('service_name')
-    const existingServiceNames = new Set(existingServices.map(service => service.service_name))
+    const existingServiceNames = new Set(existingServices.map((service) => service.service_name))
-    const newServices = ServiceSeeder.DEFAULT_SERVICES.filter(service => !existingServiceNames.has(service.service_name))
+    const newServices = ServiceSeeder.DEFAULT_SERVICES.filter(
      (service) => !existingServiceNames.has(service.service_name)
    )
    await Service.createMany([...newServices])
  }
-}
+}
--- a/admin/docs/about.md
+++ b/admin/docs/about.md
@ -1,5 +1,17 @@
 # About Project N.O.M.A.D.
-Project N.O.M.A.D. (Node for Offline Media, Archives, and Data; "Nomad" for short) is a project started in 2025 by Chris Sherwood of [Crosstalk Solutions, LLC.](https://crosstalksolutions.com). The goal of the project is not to create just another utility for storing offline resources, but rather to allow users to run their own ultime "survival computer".
+Project N.O.M.A.D. (Node for Offline Media, Archives, and Data; "Nomad" for short) is a project started in 2025 by Chris Sherwood of [Crosstalk Solutions, LLC](https://crosstalksolutions.com). The goal of the project is not to create just another utility for storing offline resources, but rather to allow users to run their own ultimate "survival computer".
-While many similar offline survival computers are designed to be run on bare-minimum, lightweight hardware, Project N.O.M.A.D. is quite the opposite. To install and run the available AI tools, we highly encourage the use of a beefy, GPU-backed device to make the most of your install.
+While many similar offline survival computers are designed to be run on bare-minimum, lightweight hardware, Project N.O.M.A.D. is quite the opposite. To install and run the available AI tools, we highly encourage the use of a beefy, GPU-backed device to make the most of your install. See the [Hardware Guide](https://www.projectnomad.us/hardware) for detailed build recommendations at three price points.
 Since its initial release, NOMAD has grown to include built-in AI chat with a Knowledge Base for document-aware responses, a System Benchmark with a community leaderboard, curated content collections with tiered options, and an Easy Setup Wizard to get new users up and running quickly.
 Project N.O.M.A.D. is open source, released under the [Apache License 2.0](https://github.com/Crosstalk-Solutions/project-nomad/blob/main/LICENSE).
 ## Links
 - **Website:** [www.projectnomad.us](https://www.projectnomad.us)
 - **Hardware Guide:** [www.projectnomad.us/hardware](https://www.projectnomad.us/hardware)
 - **Discord:** [Join the Community](https://discord.com/invite/crosstalksolutions)
 - **GitHub:** [Crosstalk-Solutions/project-nomad](https://github.com/Crosstalk-Solutions/project-nomad)
 - **Benchmark Leaderboard:** [benchmark.projectnomad.us](https://benchmark.projectnomad.us)
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,3 @@`
							`import { KVStoreKey } from "../types/kv_store.js";`

							`export const SETTINGS_KEYS: KVStoreKey[] = ['chat.suggestionsEnabled', 'chat.lastModel', 'ui.hasVisitedEasySetup', 'ui.theme', 'system.earlyAccess', 'ai.assistantCustomName'];`
		`@ -0,0 +1,2 @@`

							`export const NOMAD_API_DEFAULT_BASE_URL = 'https://api.projectnomad.us'`