diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..57a8363
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,26 @@
+# Rails Configuration
+SECRET_KEY_BASE=generate-with-bin-rails-secret
+RAILS_ENV=development
+
+# Database
+# SQLite database files are stored in the storage/ directory
+# In production with Docker, mount this as a persistent volume
+
+# SMTP Configuration (for sending emails)
+SMTP_ADDRESS=smtp.example.com
+SMTP_PORT=587
+SMTP_DOMAIN=example.com
+SMTP_USERNAME=your-username
+SMTP_PASSWORD=your-password
+SMTP_AUTHENTICATION=plain
+SMTP_ENABLE_STARTTLS=true
+
+# Application Configuration
+CLINCH_HOST=http://localhost:9000
+CLINCH_FROM_EMAIL=noreply@example.com
+
+# Optional: Force SSL in production
+# FORCE_SSL=true
+
+# Optional: Set custom port
+# PORT=9000
diff --git a/Procfile.dev b/Procfile.dev
index da151fe..f805780 100644
--- a/Procfile.dev
+++ b/Procfile.dev
@@ -1,2 +1,2 @@
-web: bin/rails server
+web: bin/rails server -b 0.0.0.0 -p 3035
 css: bin/rails tailwindcss:watch
diff --git a/README.md b/README.md
index 6ace77b..2cc989f 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Clinch
 
-**A lightweight, self-hosted identity & SSO portal for home-labs**
+**A lightweight, self-hosted identity & SSO portal**
 
 Clinch gives you one place to manage users and lets any web app authenticate against it without maintaining its own user table.
 
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
new file mode 100644
index 0000000..ce1b60d
--- /dev/null
+++ b/app/controllers/dashboard_controller.rb
@@ -0,0 +1,12 @@
+class DashboardController < ApplicationController
+  def index
+    # First run: redirect to signup
+    if User.count.zero?
+      redirect_to signup_path
+      return
+    end
+
+    # User must be authenticated
+    @user = Current.session.user
+  end
+end
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
new file mode 100644
index 0000000..f915c45
--- /dev/null
+++ b/app/controllers/profiles_controller.rb
@@ -0,0 +1,45 @@
+class ProfilesController < ApplicationController
+  def show
+    @user = Current.session.user
+    @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
+  end
+
+  def update
+    @user = Current.session.user
+
+    if params[:user][:password].present?
+      # Updating password - requires current password
+      unless @user.authenticate(params[:user][:current_password])
+        @user.errors.add(:current_password, "is incorrect")
+        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
+        render :show, status: :unprocessable_entity
+        return
+      end
+
+      if @user.update(password_params)
+        redirect_to profile_path, notice: "Password updated successfully."
+      else
+        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
+        render :show, status: :unprocessable_entity
+      end
+    else
+      # Updating email
+      if @user.update(email_params)
+        redirect_to profile_path, notice: "Email updated successfully."
+      else
+        @active_sessions = @user.sessions.active.order(last_activity_at: :desc)
+        render :show, status: :unprocessable_entity
+      end
+    end
+  end
+
+  private
+
+  def email_params
+    params.require(:user).permit(:email_address)
+  end
+
+  def password_params
+    params.require(:user).permit(:password, :password_confirmation)
+  end
+end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index cf7fccd..ebc5fa8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,21 +1,47 @@
 class SessionsController < ApplicationController
   allow_unauthenticated_access only: %i[ new create ]
-  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to signin_path, alert: "Too many attempts. Try again later." }
 
   def new
+    # Redirect to signup if this is first run
+    redirect_to signup_path if User.count.zero?
   end
 
   def create
-    if user = User.authenticate_by(params.permit(:email_address, :password))
-      start_new_session_for user
-      redirect_to after_authentication_url
-    else
-      redirect_to new_session_path, alert: "Try another email address or password."
+    user = User.authenticate_by(params.permit(:email_address, :password))
+
+    if user.nil?
+      redirect_to signin_path, alert: "Invalid email address or password."
+      return
     end
+
+    # Check if user is active
+    unless user.status == "active"
+      redirect_to signin_path, alert: "Your account is not active. Please contact an administrator."
+      return
+    end
+
+    # Check if TOTP is required
+    if user.totp_enabled?
+      # TODO: Implement TOTP verification flow
+      # For now, reject login if TOTP is enabled
+      redirect_to signin_path, alert: "Two-factor authentication is enabled but not yet implemented. Please contact an administrator."
+      return
+    end
+
+    # Sign in successful
+    start_new_session_for user
+    redirect_to after_authentication_url, notice: "Signed in successfully."
   end
 
   def destroy
     terminate_session
-    redirect_to new_session_path, status: :see_other
+    redirect_to signin_path, status: :see_other, notice: "Signed out successfully."
+  end
+
+  def destroy_other
+    session = Current.session.user.sessions.find(params[:id])
+    session.destroy
+    redirect_to profile_path, notice: "Session revoked successfully."
   end
 end
diff --git a/app/controllers/totp_controller.rb b/app/controllers/totp_controller.rb
new file mode 100644
index 0000000..dfa15c3
--- /dev/null
+++ b/app/controllers/totp_controller.rb
@@ -0,0 +1,84 @@
+class TotpController < ApplicationController
+  before_action :set_user
+  before_action :redirect_if_totp_enabled, only: [:new, :create]
+  before_action :require_totp_enabled, only: [:backup_codes, :verify_password, :destroy]
+
+  # GET /totp/new - Show QR code to set up TOTP
+  def new
+    # Generate TOTP secret but don't save yet
+    @totp_secret = ROTP::Base32.random
+    @provisioning_uri = ROTP::TOTP.new(@totp_secret, issuer: "Clinch").provisioning_uri(@user.email_address)
+
+    # Generate QR code
+    require "rqrcode"
+    @qr_code = RQRCode::QRCode.new(@provisioning_uri)
+  end
+
+  # POST /totp - Verify TOTP code and enable 2FA
+  def create
+    totp_secret = params[:totp_secret]
+    code = params[:code]
+
+    # Verify the code works
+    totp = ROTP::TOTP.new(totp_secret)
+    if totp.verify(code, drift_behind: 30, drift_ahead: 30)
+      # Save the secret and generate backup codes
+      @user.totp_secret = totp_secret
+      @user.backup_codes = generate_backup_codes
+      @user.save!
+
+      # Redirect to backup codes page with success message
+      redirect_to backup_codes_totp_path, notice: "Two-factor authentication has been enabled successfully! Save these backup codes now."
+    else
+      redirect_to new_totp_path, alert: "Invalid verification code. Please try again."
+    end
+  end
+
+  # GET /totp/backup_codes - Show backup codes (requires password)
+  def backup_codes
+    # This will be shown after password verification
+    @backup_codes = @user.parsed_backup_codes
+  end
+
+  # POST /totp/verify_password - Verify password before showing backup codes
+  def verify_password
+    if @user.authenticate(params[:password])
+      redirect_to backup_codes_totp_path
+    else
+      redirect_to profile_path, alert: "Incorrect password."
+    end
+  end
+
+  # DELETE /totp - Disable TOTP (requires password)
+  def destroy
+    unless @user.authenticate(params[:password])
+      redirect_to profile_path, alert: "Incorrect password. Could not disable 2FA."
+      return
+    end
+
+    @user.disable_totp!
+    redirect_to profile_path, notice: "Two-factor authentication has been disabled."
+  end
+
+  private
+
+  def set_user
+    @user = Current.session.user
+  end
+
+  def redirect_if_totp_enabled
+    if @user.totp_enabled?
+      redirect_to profile_path, alert: "Two-factor authentication is already enabled."
+    end
+  end
+
+  def require_totp_enabled
+    unless @user.totp_enabled?
+      redirect_to profile_path, alert: "Two-factor authentication is not enabled."
+    end
+  end
+
+  def generate_backup_codes
+    Array.new(10) { SecureRandom.alphanumeric(8).upcase }.to_json
+  end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
new file mode 100644
index 0000000..a7fc08c
--- /dev/null
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,36 @@
+class UsersController < ApplicationController
+  allow_unauthenticated_access only: %i[ new create ]
+  before_action :ensure_first_run, only: %i[ new create ]
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(user_params)
+
+    # First user becomes admin automatically
+    @user.admin = true if User.count.zero?
+    @user.status = "active"
+
+    if @user.save
+      start_new_session_for @user
+      redirect_to root_path, notice: "Welcome to Clinch! Your account has been created."
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(:email_address, :password, :password_confirmation)
+  end
+
+  def ensure_first_run
+    # Only allow signup if there are no users (first-run scenario)
+    if User.exists?
+      redirect_to signin_path, alert: "Registration is closed. Please sign in."
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index e67b459..cee6788 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ApplicationRecord
 
   validates :email_address, presence: true, uniqueness: { case_sensitive: false },
                            format: { with: URI::MailTo::EMAIL_REGEXP }
+  validates :password, length: { minimum: 8 }, allow_nil: true
   validates :status, presence: true,
                     inclusion: { in: %w[active disabled pending_invitation] }
 
diff --git a/app/views/dashboard/index.html.erb b/app/views/dashboard/index.html.erb
new file mode 100644
index 0000000..b474e6e
--- /dev/null
+++ b/app/views/dashboard/index.html.erb
@@ -0,0 +1,116 @@
+<div class="mb-8">
+  <h1 class="text-3xl font-bold text-gray-900">
+    Welcome, <%= @user.email_address %>
+  </h1>
+  <p class="mt-2 text-gray-600">
+    <% if @user.admin? %>
+      Administrator
+    <% else %>
+      User
+    <% end %>
+  </p>
+</div>
+
+<div class="grid grid-cols-1 gap-6 sm:grid-cols-2 lg:grid-cols-3">
+  <!-- Active Sessions Card -->
+  <div class="bg-white overflow-hidden shadow rounded-lg">
+    <div class="p-5">
+      <div class="flex items-center">
+        <div class="flex-shrink-0">
+          <svg class="h-6 w-6 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9.75 17L9 20l-1 1h8l-1-1-.75-3M3 13h18M5 17h14a2 2 0 002-2V5a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"></path>
+          </svg>
+        </div>
+        <div class="ml-5 w-0 flex-1">
+          <dl>
+            <dt class="text-sm font-medium text-gray-500 truncate">
+              Active Sessions
+            </dt>
+            <dd class="text-lg font-semibold text-gray-900">
+              <%= @user.sessions.active.count %>
+            </dd>
+          </dl>
+        </div>
+      </div>
+    </div>
+    <div class="bg-gray-50 px-5 py-3">
+      <%= link_to "View all sessions", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
+    </div>
+  </div>
+
+  <% if @user.totp_enabled? %>
+    <!-- 2FA Status Card -->
+    <div class="bg-white overflow-hidden shadow rounded-lg">
+      <div class="p-5">
+        <div class="flex items-center">
+          <div class="flex-shrink-0">
+            <svg class="h-6 w-6 text-green-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
+            </svg>
+          </div>
+          <div class="ml-5 w-0 flex-1">
+            <dl>
+              <dt class="text-sm font-medium text-gray-500 truncate">
+                Two-Factor Authentication
+              </dt>
+              <dd class="text-lg font-semibold text-green-600">
+                Enabled
+              </dd>
+            </dl>
+          </div>
+        </div>
+      </div>
+      <div class="bg-gray-50 px-5 py-3">
+        <%= link_to "Manage 2FA", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
+      </div>
+    </div>
+  <% else %>
+    <!-- 2FA Disabled Card -->
+    <div class="bg-white overflow-hidden shadow rounded-lg border-2 border-yellow-200">
+      <div class="p-5">
+        <div class="flex items-center">
+          <div class="flex-shrink-0">
+            <svg class="h-6 w-6 text-yellow-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+            </svg>
+          </div>
+          <div class="ml-5 w-0 flex-1">
+            <dl>
+              <dt class="text-sm font-medium text-gray-500 truncate">
+                Two-Factor Authentication
+              </dt>
+              <dd class="text-lg font-semibold text-yellow-600">
+                Not Enabled
+              </dd>
+            </dl>
+          </div>
+        </div>
+      </div>
+      <div class="bg-gray-50 px-5 py-3">
+        <%= link_to "Enable 2FA", profile_path, class: "text-sm font-medium text-blue-600 hover:text-blue-500" %>
+      </div>
+    </div>
+  <% end %>
+</div>
+
+<% if @user.admin? %>
+  <div class="mt-8">
+    <h2 class="text-xl font-semibold text-gray-900 mb-4">Admin Quick Actions</h2>
+    <div class="grid grid-cols-1 gap-4 sm:grid-cols-3">
+      <%= link_to admin_users_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
+        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Users</h3>
+        <p class="text-sm text-gray-600">View, edit, and invite users</p>
+      <% end %>
+
+      <%= link_to admin_applications_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
+        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Applications</h3>
+        <p class="text-sm text-gray-600">Register and configure applications</p>
+      <% end %>
+
+      <%= link_to admin_groups_path, class: "block p-6 bg-white rounded-lg border border-gray-200 shadow-sm hover:bg-gray-50 hover:shadow-md transition" do %>
+        <h3 class="text-lg font-semibold text-gray-900 mb-2">Manage Groups</h3>
+        <p class="text-sm text-gray-600">Create and organize user groups</p>
+      <% end %>
+    </div>
+  </div>
+<% end %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 516626d..f1fd876 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -24,8 +24,51 @@
   </head>
 
   <body>
-    <main class="container mx-auto mt-28 px-5 flex">
-      <%= yield %>
-    </main>
+    <% if authenticated? %>
+      <%= render "shared/sidebar" %>
+      <div class="lg:pl-64">
+        <!-- Mobile menu button -->
+        <div class="sticky top-0 z-40 flex h-16 shrink-0 items-center gap-x-4 border-b border-gray-200 bg-white px-4 shadow-sm sm:gap-x-6 sm:px-6 lg:hidden">
+          <button type="button" class="-m-2.5 p-2.5 text-gray-700" id="mobile-menu-button">
+            <span class="sr-only">Open sidebar</span>
+            <svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+              <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6.75h16.5M3.75 12h16.5m-16.5 5.25h16.5" />
+            </svg>
+          </button>
+        </div>
+
+        <main class="py-10">
+          <div class="px-4 sm:px-6 lg:px-8">
+            <%= render "shared/flash" %>
+            <%= yield %>
+          </div>
+        </main>
+      </div>
+    <% else %>
+      <!-- Public layout (signup/signin) -->
+      <main class="container mx-auto mt-28 px-5 flex">
+        <%= render "shared/flash" %>
+        <%= yield %>
+      </main>
+    <% end %>
+
+    <script>
+      // Mobile sidebar toggle
+      const mobileMenuButton = document.getElementById('mobile-menu-button');
+      const mobileMenuClose = document.getElementById('mobile-menu-close');
+      const mobileSidebarOverlay = document.getElementById('mobile-sidebar-overlay');
+
+      if (mobileMenuButton) {
+        mobileMenuButton.addEventListener('click', () => {
+          mobileSidebarOverlay?.classList.remove('hidden');
+        });
+      }
+
+      if (mobileMenuClose) {
+        mobileMenuClose.addEventListener('click', () => {
+          mobileSidebarOverlay?.classList.add('hidden');
+        });
+      }
+    </script>
   </body>
 </html>
diff --git a/app/views/profiles/show.html.erb b/app/views/profiles/show.html.erb
new file mode 100644
index 0000000..406b488
--- /dev/null
+++ b/app/views/profiles/show.html.erb
@@ -0,0 +1,246 @@
+<div class="space-y-8">
+  <div>
+    <h1 class="text-3xl font-bold text-gray-900">Profile & Settings</h1>
+    <p class="mt-2 text-sm text-gray-600">Manage your account settings and security preferences.</p>
+  </div>
+
+  <!-- Account Information -->
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <h3 class="text-lg font-medium leading-6 text-gray-900">Account Information</h3>
+      <div class="mt-5 space-y-6">
+        <%= form_with model: @user, url: profile_path, method: :patch, class: "space-y-6" do |form| %>
+          <% if @user.errors.any? %>
+            <div class="rounded-md bg-red-50 p-4">
+              <h3 class="text-sm font-medium text-red-800">
+                <%= pluralize(@user.errors.count, "error") %> prohibited this from being saved:
+              </h3>
+              <ul class="mt-2 list-disc list-inside text-sm text-red-700">
+                <% @user.errors.each do |error| %>
+                  <li><%= error.full_message %></li>
+                <% end %>
+              </ul>
+            </div>
+          <% end %>
+
+          <div>
+            <%= form.label :email_address, "Email Address", class: "block text-sm font-medium text-gray-700" %>
+            <%= form.email_field :email_address,
+                required: true,
+                autocomplete: "email",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+          </div>
+
+          <div>
+            <%= form.submit "Update Email", class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <!-- Change Password -->
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <h3 class="text-lg font-medium leading-6 text-gray-900">Change Password</h3>
+      <div class="mt-5">
+        <%= form_with model: @user, url: profile_path, method: :patch, class: "space-y-6" do |form| %>
+          <div>
+            <%= form.label :current_password, "Current Password", class: "block text-sm font-medium text-gray-700" %>
+            <%= form.password_field :current_password,
+                autocomplete: "current-password",
+                placeholder: "Enter current password",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+          </div>
+
+          <div>
+            <%= form.label :password, "New Password", class: "block text-sm font-medium text-gray-700" %>
+            <%= form.password_field :password,
+                autocomplete: "new-password",
+                placeholder: "Enter new password",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+            <p class="mt-1 text-sm text-gray-500">Must be at least 8 characters</p>
+          </div>
+
+          <div>
+            <%= form.label :password_confirmation, "Confirm New Password", class: "block text-sm font-medium text-gray-700" %>
+            <%= form.password_field :password_confirmation,
+                autocomplete: "new-password",
+                placeholder: "Confirm new password",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+          </div>
+
+          <div>
+            <%= form.submit "Update Password", class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <!-- Two-Factor Authentication -->
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <h3 class="text-lg font-medium leading-6 text-gray-900">Two-Factor Authentication</h3>
+      <div class="mt-2 max-w-xl text-sm text-gray-500">
+        <p>Add an extra layer of security to your account by enabling two-factor authentication.</p>
+      </div>
+      <div class="mt-5">
+        <% if @user.totp_enabled? %>
+          <div class="rounded-md bg-green-50 p-4">
+            <div class="flex">
+              <div class="flex-shrink-0">
+                <svg class="h-5 w-5 text-green-400" viewBox="0 0 20 20" fill="currentColor">
+                  <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.857-9.809a.75.75 0 00-1.214-.882l-3.483 4.79-1.88-1.88a.75.75 0 10-1.06 1.061l2.5 2.5a.75.75 0 001.137-.089l4-5.5z" clip-rule="evenodd" />
+                </svg>
+              </div>
+              <div class="ml-3 flex-1">
+                <p class="text-sm font-medium text-green-800">
+                  Two-factor authentication is enabled
+                </p>
+              </div>
+            </div>
+          </div>
+          <div class="mt-4 flex gap-3">
+            <button type="button" onclick="showDisable2FAModal()" class="inline-flex items-center rounded-md border border-red-300 bg-white px-4 py-2 text-sm font-medium text-red-700 shadow-sm hover:bg-red-50 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2">
+              Disable 2FA
+            </button>
+            <button type="button" onclick="showViewBackupCodesModal()" class="inline-flex items-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+              View Backup Codes
+            </button>
+          </div>
+        <% else %>
+          <%= link_to new_totp_path, class: "inline-flex items-center rounded-md border border-transparent bg-blue-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" do %>
+            Enable 2FA
+          <% end %>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <!-- Disable 2FA Modal -->
+  <div id="disable-2fa-modal" class="hidden fixed inset-0 bg-gray-500 bg-opacity-75 flex items-center justify-center z-50">
+    <div class="bg-white rounded-lg px-4 pt-5 pb-4 shadow-xl max-w-md w-full">
+      <div class="sm:flex sm:items-start">
+        <div class="mx-auto flex h-12 w-12 flex-shrink-0 items-center justify-center rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
+          <svg class="h-6 w-6 text-red-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" />
+          </svg>
+        </div>
+        <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left flex-1">
+          <h3 class="text-lg font-medium leading-6 text-gray-900">Disable Two-Factor Authentication</h3>
+          <div class="mt-2">
+            <p class="text-sm text-gray-500">Enter your password to disable 2FA. This will make your account less secure.</p>
+          </div>
+          <%= form_with url: totp_path, method: :delete, class: "mt-4" do |form| %>
+            <div>
+              <%= password_field_tag :password, nil,
+                  placeholder: "Enter your password",
+                  autocomplete: "current-password",
+                  required: true,
+                  class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-red-500 focus:ring-red-500 sm:text-sm" %>
+            </div>
+            <div class="mt-4 flex gap-3">
+              <%= form.submit "Disable 2FA",
+                  class: "inline-flex justify-center rounded-md border border-transparent bg-red-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-offset-2" %>
+              <button type="button" onclick="hideDisable2FAModal()" class="inline-flex justify-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+                Cancel
+              </button>
+            </div>
+          <% end %>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- View Backup Codes Modal -->
+  <div id="view-backup-codes-modal" class="hidden fixed inset-0 bg-gray-500 bg-opacity-75 flex items-center justify-center z-50">
+    <div class="bg-white rounded-lg px-4 pt-5 pb-4 shadow-xl max-w-md w-full">
+      <div>
+        <h3 class="text-lg font-medium leading-6 text-gray-900">View Backup Codes</h3>
+        <div class="mt-2">
+          <p class="text-sm text-gray-500">Enter your password to view your backup codes.</p>
+        </div>
+        <%= form_with url: verify_password_totp_path, method: :post, class: "mt-4" do |form| %>
+          <div>
+            <%= password_field_tag :password, nil,
+                placeholder: "Enter your password",
+                autocomplete: "current-password",
+                required: true,
+                class: "block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 sm:text-sm" %>
+          </div>
+          <div class="mt-4 flex gap-3">
+            <%= form.submit "View Codes",
+                class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 px-4 py-2 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+            <button type="button" onclick="hideViewBackupCodesModal()" class="inline-flex justify-center rounded-md border border-gray-300 bg-white px-4 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+              Cancel
+            </button>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <script>
+    function showDisable2FAModal() {
+      document.getElementById('disable-2fa-modal').classList.remove('hidden');
+    }
+
+    function hideDisable2FAModal() {
+      document.getElementById('disable-2fa-modal').classList.add('hidden');
+    }
+
+    function showViewBackupCodesModal() {
+      document.getElementById('view-backup-codes-modal').classList.remove('hidden');
+    }
+
+    function hideViewBackupCodesModal() {
+      document.getElementById('view-backup-codes-modal').classList.add('hidden');
+    }
+  </script>
+
+  <!-- Active Sessions -->
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <h3 class="text-lg font-medium leading-6 text-gray-900">Active Sessions</h3>
+      <div class="mt-2 max-w-xl text-sm text-gray-500">
+        <p>These devices are currently signed in to your account. Revoke any sessions that you don't recognize.</p>
+      </div>
+      <div class="mt-5">
+        <% if @active_sessions.any? %>
+          <ul role="list" class="divide-y divide-gray-200">
+            <% @active_sessions.each do |session| %>
+              <li class="py-4">
+                <div class="flex items-center justify-between">
+                  <div class="flex flex-col">
+                    <p class="text-sm font-medium text-gray-900">
+                      <%= session.device_name || "Unknown Device" %>
+                      <% if session.id == Current.session.id %>
+                        <span class="ml-2 inline-flex items-center rounded-full bg-green-100 px-2.5 py-0.5 text-xs font-medium text-green-800">
+                          This device
+                        </span>
+                      <% end %>
+                    </p>
+                    <p class="mt-1 text-sm text-gray-500">
+                      <%= session.ip_address %>
+                    </p>
+                    <p class="mt-1 text-xs text-gray-400">
+                      Last active <%= time_ago_in_words(session.last_activity_at || session.updated_at) %> ago
+                    </p>
+                  </div>
+                  <% if session.id != Current.session.id %>
+                    <%= button_to "Revoke", session_path(session), method: :delete,
+                        class: "inline-flex items-center rounded-md border border-gray-300 bg-white px-3 py-2 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2",
+                        form: { data: { turbo_confirm: "Are you sure you want to revoke this session?" } } %>
+                  <% end %>
+                </div>
+              </li>
+            <% end %>
+          </ul>
+        <% else %>
+          <p class="text-sm text-gray-500">No other active sessions.</p>
+        <% end %>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 308b04b..11d170b 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,31 +1,37 @@
 <div class="mx-auto md:w-2/3 w-full">
-  <% if alert = flash[:alert] %>
-    <p class="py-2 px-3 bg-red-50 mb-5 text-red-500 font-medium rounded-lg inline-block" id="alert"><%= alert %></p>
-  <% end %>
+  <div class="mb-8">
+    <h1 class="font-bold text-4xl">Sign in to Clinch</h1>
+  </div>
 
-  <% if notice = flash[:notice] %>
-    <p class="py-2 px-3 bg-green-50 mb-5 text-green-500 font-medium rounded-lg inline-block" id="notice"><%= notice %></p>
-  <% end %>
-
-  <h1 class="font-bold text-4xl">Sign in</h1>
-
-  <%= form_with url: session_url, class: "contents" do |form| %>
+  <%= form_with url: signin_path, class: "contents" do |form| %>
     <div class="my-5">
-      <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "username", placeholder: "Enter your email address", value: params[:email_address], class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+      <%= form.label :email_address, "Email Address", class: "block font-medium text-sm text-gray-700" %>
+      <%= form.email_field :email_address,
+          required: true,
+          autofocus: true,
+          autocomplete: "username",
+          placeholder: "your@email.com",
+          value: params[:email_address],
+          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
     </div>
 
     <div class="my-5">
-      <%= form.password_field :password, required: true, autocomplete: "current-password", placeholder: "Enter your password", maxlength: 72, class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+      <%= form.label :password, class: "block font-medium text-sm text-gray-700" %>
+      <%= form.password_field :password,
+          required: true,
+          autocomplete: "current-password",
+          placeholder: "Enter your password",
+          maxlength: 72,
+          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
     </div>
 
-    <div class="col-span-6 sm:flex sm:items-center sm:gap-4">
-      <div class="inline">
-        <%= form.submit "Sign in", class: "w-full sm:w-auto text-center rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white inline-block font-medium cursor-pointer" %>
-      </div>
+    <div class="my-5">
+      <%= form.submit "Sign in",
+          class: "w-full rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white font-medium cursor-pointer" %>
+    </div>
 
-      <div class="mt-4 text-sm text-gray-500 sm:mt-0">
-        <%= link_to "Forgot password?", new_password_path, class: "text-gray-700 underline hover:no-underline" %>
-      </div>
+    <div class="mt-4 text-sm text-gray-600 text-center">
+      <%= link_to "Forgot your password?", new_password_path, class: "text-blue-600 hover:text-blue-500 underline" %>
     </div>
   <% end %>
 </div>
diff --git a/app/views/shared/_flash.html.erb b/app/views/shared/_flash.html.erb
new file mode 100644
index 0000000..1d888e6
--- /dev/null
+++ b/app/views/shared/_flash.html.erb
@@ -0,0 +1,29 @@
+<% if flash[:alert] %>
+  <div class="mb-4 rounded-lg bg-red-50 p-4" role="alert">
+    <div class="flex">
+      <div class="flex-shrink-0">
+        <svg class="h-5 w-5 text-red-400" viewBox="0 0 20 20" fill="currentColor">
+          <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"/>
+        </svg>
+      </div>
+      <div class="ml-3">
+        <p class="text-sm font-medium text-red-800"><%= flash[:alert] %></p>
+      </div>
+    </div>
+  </div>
+<% end %>
+
+<% if flash[:notice] %>
+  <div class="mb-4 rounded-lg bg-green-50 p-4" role="alert">
+    <div class="flex">
+      <div class="flex-shrink-0">
+        <svg class="h-5 w-5 text-green-400" viewBox="0 0 20 20" fill="currentColor">
+          <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zm3.707-9.293a1 1 0 00-1.414-1.414L9 10.586 7.707 9.293a1 1 0 00-1.414 1.414l2 2a1 1 0 001.414 0l4-4z" clip-rule="evenodd"/>
+        </svg>
+      </div>
+      <div class="ml-3">
+        <p class="text-sm font-medium text-green-800"><%= flash[:notice] %></p>
+      </div>
+    </div>
+  </div>
+<% end %>
diff --git a/app/views/shared/_sidebar.html.erb b/app/views/shared/_sidebar.html.erb
new file mode 100644
index 0000000..3336732
--- /dev/null
+++ b/app/views/shared/_sidebar.html.erb
@@ -0,0 +1,186 @@
+<% if authenticated? %>
+  <%
+    current_path = request.path
+    user = Current.session.user
+  %>
+
+  <!-- Desktop sidebar -->
+  <div class="hidden lg:fixed lg:inset-y-0 lg:z-50 lg:flex lg:w-64 lg:flex-col">
+    <div class="flex grow flex-col gap-y-5 overflow-y-auto border-r border-gray-200 bg-white px-6 pb-4">
+      <!-- Branding and User Info -->
+      <div class="flex flex-col pt-5 pb-4 border-b border-gray-200">
+        <div class="flex items-center">
+          <h1 class="text-2xl font-bold text-gray-900">Clinch</h1>
+        </div>
+        <div class="mt-2">
+          <p class="text-sm text-gray-600 truncate"><%= user.email_address %></p>
+          <% if user.admin? %>
+            <span class="inline-flex items-center rounded-full bg-blue-100 px-2 py-0.5 text-xs font-medium text-blue-800 mt-1">
+              Administrator
+            </span>
+          <% end %>
+        </div>
+      </div>
+
+      <nav class="flex flex-1 flex-col">
+        <ul role="list" class="flex flex-1 flex-col gap-y-7">
+          <li>
+            <ul role="list" class="-mx-2 space-y-1">
+              <!-- Dashboard -->
+              <li>
+                <%= link_to root_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path == '/' ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M2.25 12l8.954-8.955c.44-.439 1.152-.439 1.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
+                  </svg>
+                  Dashboard
+                <% end %>
+              </li>
+
+              <% if user.admin? %>
+                <!-- Admin: Users -->
+                <li>
+                  <%= link_to admin_users_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/users') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M15 19.128a9.38 9.38 0 002.625.372 9.337 9.337 0 004.121-.952 4.125 4.125 0 00-7.533-2.493M15 19.128v-.003c0-1.113-.285-2.16-.786-3.07M15 19.128v.106A12.318 12.318 0 018.624 21c-2.331 0-4.512-.645-6.374-1.766l-.001-.109a6.375 6.375 0 0111.964-3.07M12 6.375a3.375 3.375 0 11-6.75 0 3.375 3.375 0 016.75 0zm8.25 2.25a2.625 2.625 0 11-5.25 0 2.625 2.625 0 015.25 0z" />
+                    </svg>
+                    Users
+                  <% end %>
+                </li>
+
+                <!-- Admin: Applications -->
+                <li>
+                  <%= link_to admin_applications_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/applications') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6A2.25 2.25 0 016 3.75h2.25A2.25 2.25 0 0110.5 6v2.25a2.25 2.25 0 01-2.25 2.25H6a2.25 2.25 0 01-2.25-2.25V6zM3.75 15.75A2.25 2.25 0 016 13.5h2.25a2.25 2.25 0 012.25 2.25V18a2.25 2.25 0 01-2.25 2.25H6A2.25 2.25 0 013.75 18v-2.25zM13.5 6a2.25 2.25 0 012.25-2.25H18A2.25 2.25 0 0120.25 6v2.25A2.25 2.25 0 0118 10.5h-2.25a2.25 2.25 0 01-2.25-2.25V6zM13.5 15.75a2.25 2.25 0 012.25-2.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-2.25A2.25 2.25 0 0113.5 18v-2.25z" />
+                    </svg>
+                    Applications
+                  <% end %>
+                </li>
+
+                <!-- Admin: Groups -->
+                <li>
+                  <%= link_to admin_groups_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path.start_with?('/admin/groups') ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M18 18.72a9.094 9.094 0 003.741-.479 3 3 0 00-4.682-2.72m.94 3.198l.001.031c0 .225-.012.447-.037.666A11.944 11.944 0 0112 21c-2.17 0-4.207-.576-5.963-1.584A6.062 6.062 0 016 18.719m12 0a5.971 5.971 0 00-.941-3.197m0 0A5.995 5.995 0 0012 12.75a5.995 5.995 0 00-5.058 2.772m0 0a3 3 0 00-4.681 2.72 8.986 8.986 0 003.74.477m.94-3.197a5.971 5.971 0 00-.94 3.197M15 6.75a3 3 0 11-6 0 3 3 0 016 0zm6 3a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0zm-13.5 0a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0z" />
+                    </svg>
+                    Groups
+                  <% end %>
+                </li>
+              <% end %>
+
+              <!-- Profile -->
+              <li>
+                <%= link_to profile_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 #{ current_path == '/profile' ? 'bg-gray-50 text-blue-600' : 'text-gray-700 hover:text-blue-600 hover:bg-gray-50' }" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M17.982 18.725A7.488 7.488 0 0012 15.75a7.488 7.488 0 00-5.982 2.975m11.963 0a9 9 0 10-11.963 0m11.963 0A8.966 8.966 0 0112 21a8.966 8.966 0 01-5.982-2.275M15 9.75a3 3 0 11-6 0 3 3 0 016 0z" />
+                  </svg>
+                  Profile
+                <% end %>
+              </li>
+
+              <!-- Sign Out -->
+              <li>
+                <%= link_to signout_path, data: { turbo_method: :delete }, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-red-600 hover:text-red-700 hover:bg-red-50" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15M12 9l-3 3m0 0l3 3m-3-3h12.75" />
+                  </svg>
+                  Sign Out
+                <% end %>
+              </li>
+            </ul>
+          </li>
+        </ul>
+      </nav>
+    </div>
+  </div>
+
+  <!-- Mobile sidebar overlay -->
+  <div class="relative z-50 lg:hidden hidden" id="mobile-sidebar-overlay">
+    <div class="fixed inset-0 bg-gray-900/80"></div>
+    <div class="fixed inset-0 flex">
+      <div class="relative mr-16 flex w-full max-w-xs flex-1">
+        <div class="absolute left-full top-0 flex w-16 justify-center pt-5">
+          <button type="button" class="-m-2.5 p-2.5" id="mobile-menu-close">
+            <span class="sr-only">Close sidebar</span>
+            <svg class="h-6 w-6 text-white" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+              <path stroke-linecap="round" stroke-linejoin="round" d="M6 18L18 6M6 6l12 12" />
+            </svg>
+          </button>
+        </div>
+
+        <div class="flex grow flex-col gap-y-5 overflow-y-auto bg-white px-6 pb-2">
+          <!-- Branding and User Info -->
+          <div class="flex flex-col pt-5 pb-4 border-b border-gray-200">
+            <div class="flex items-center">
+              <h1 class="text-2xl font-bold text-gray-900">Clinch</h1>
+            </div>
+            <div class="mt-2">
+              <p class="text-sm text-gray-600 truncate"><%= user.email_address %></p>
+              <% if user.admin? %>
+                <span class="inline-flex items-center rounded-full bg-blue-100 px-2 py-0.5 text-xs font-medium text-blue-800 mt-1">
+                  Administrator
+                </span>
+              <% end %>
+            </div>
+          </div>
+
+          <nav class="flex flex-1 flex-col">
+            <!-- Same nav items as desktop -->
+            <ul role="list" class="-mx-2 space-y-1">
+              <li>
+                <%= link_to root_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M2.25 12l8.954-8.955c.44-.439 1.152-.439 1.591 0L21.75 12M4.5 9.75v10.125c0 .621.504 1.125 1.125 1.125H9.75v-4.875c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21h4.125c.621 0 1.125-.504 1.125-1.125V9.75M8.25 21h8.25" />
+                  </svg>
+                  Dashboard
+                <% end %>
+              </li>
+              <% if user.admin? %>
+                <li>
+                  <%= link_to admin_users_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M15 19.128a9.38 9.38 0 002.625.372 9.337 9.337 0 004.121-.952 4.125 4.125 0 00-7.533-2.493M15 19.128v-.003c0-1.113-.285-2.16-.786-3.07M15 19.128v.106A12.318 12.318 0 018.624 21c-2.331 0-4.512-.645-6.374-1.766l-.001-.109a6.375 6.375 0 0111.964-3.07M12 6.375a3.375 3.375 0 11-6.75 0 3.375 3.375 0 016.75 0zm8.25 2.25a2.625 2.625 0 11-5.25 0 2.625 2.625 0 015.25 0z" />
+                    </svg>
+                    Users
+                  <% end %>
+                </li>
+                <li>
+                  <%= link_to admin_applications_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M3.75 6A2.25 2.25 0 016 3.75h2.25A2.25 2.25 0 0110.5 6v2.25a2.25 2.25 0 01-2.25 2.25H6a2.25 2.25 0 01-2.25-2.25V6zM3.75 15.75A2.25 2.25 0 016 13.5h2.25a2.25 2.25 0 012.25 2.25V18a2.25 2.25 0 01-2.25 2.25H6A2.25 2.25 0 013.75 18v-2.25zM13.5 6a2.25 2.25 0 012.25-2.25H18A2.25 2.25 0 0120.25 6v2.25A2.25 2.25 0 0118 10.5h-2.25a2.25 2.25 0 01-2.25-2.25V6zM13.5 15.75a2.25 2.25 0 012.25-2.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-2.25A2.25 2.25 0 0113.5 18v-2.25z" />
+                    </svg>
+                    Applications
+                  <% end %>
+                </li>
+                <li>
+                  <%= link_to admin_groups_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
+                    <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                      <path stroke-linecap="round" stroke-linejoin="round" d="M18 18.72a9.094 9.094 0 003.741-.479 3 3 0 00-4.682-2.72m.94 3.198l.001.031c0 .225-.012.447-.037.666A11.944 11.944 0 0112 21c-2.17 0-4.207-.576-5.963-1.584A6.062 6.062 0 016 18.719m12 0a5.971 5.971 0 00-.941-3.197m0 0A5.995 5.995 0 0012 12.75a5.995 5.995 0 00-5.058 2.772m0 0a3 3 0 00-4.681 2.72 8.986 8.986 0 003.74.477m.94-3.197a5.971 5.971 0 00-.94 3.197M15 6.75a3 3 0 11-6 0 3 3 0 016 0zm6 3a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0zm-13.5 0a2.25 2.25 0 11-4.5 0 2.25 2.25 0 014.5 0z" />
+                    </svg>
+                    Groups
+                  <% end %>
+                </li>
+              <% end %>
+              <li>
+                <%= link_to profile_path, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-gray-700 hover:text-blue-600 hover:bg-gray-50" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M17.982 18.725A7.488 7.488 0 0012 15.75a7.488 7.488 0 00-5.982 2.975m11.963 0a9 9 0 10-11.963 0m11.963 0A8.966 8.966 0 0112 21a8.966 8.966 0 01-5.982-2.275M15 9.75a3 3 0 11-6 0 3 3 0 016 0z" />
+                  </svg>
+                  Profile
+                <% end %>
+              </li>
+              <li>
+                <%= link_to signout_path, data: { turbo_method: :delete }, class: "group flex gap-x-3 rounded-md p-2 text-sm font-semibold leading-6 text-red-600 hover:text-red-700 hover:bg-red-50" do %>
+                  <svg class="h-6 w-6 shrink-0" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
+                    <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0013.5 3h-6a2.25 2.25 0 00-2.25 2.25v13.5A2.25 2.25 0 007.5 21h6a2.25 2.25 0 002.25-2.25V15M12 9l-3 3m0 0l3 3m-3-3h12.75" />
+                  </svg>
+                  Sign Out
+                <% end %>
+              </li>
+            </ul>
+          </nav>
+        </div>
+      </div>
+    </div>
+  </div>
+<% end %>
diff --git a/app/views/totp/backup_codes.html.erb b/app/views/totp/backup_codes.html.erb
new file mode 100644
index 0000000..7f8b1ef
--- /dev/null
+++ b/app/views/totp/backup_codes.html.erb
@@ -0,0 +1,78 @@
+<div class="max-w-2xl mx-auto">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Backup Codes</h1>
+    <p class="mt-2 text-sm text-gray-600">
+      Save these backup codes in a safe place. Each code can only be used once.
+    </p>
+  </div>
+
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <div class="rounded-md bg-yellow-50 p-4 mb-6">
+        <div class="flex">
+          <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
+            <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
+          </svg>
+          <div class="text-sm text-yellow-800">
+            <p class="font-medium">Save these codes now!</p>
+            <p class="mt-1">Store them somewhere safe. You won't be able to see them again without re-entering your password.</p>
+          </div>
+        </div>
+      </div>
+
+      <div class="grid grid-cols-2 gap-4 p-6 bg-gray-50 rounded-lg font-mono">
+        <% @backup_codes.each do |code| %>
+          <div class="text-center text-lg tracking-wider py-2 px-4 bg-white rounded border border-gray-200">
+            <%= code %>
+          </div>
+        <% end %>
+      </div>
+
+      <div class="mt-6 flex gap-3">
+        <button onclick="downloadBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4" />
+          </svg>
+          Download Codes
+        </button>
+
+        <button onclick="printBackupCodes()" class="inline-flex items-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2">
+          <svg class="h-4 w-4 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 17h2a2 2 0 002-2v-4a2 2 0 00-2-2H5a2 2 0 00-2 2v4a2 2 0 002 2h2m2 4h6a2 2 0 002-2v-4a2 2 0 00-2-2H9a2 2 0 00-2 2v4a2 2 0 002 2zm8-12V5a2 2 0 00-2-2H9a2 2 0 00-2 2v4h10z" />
+          </svg>
+          Print Codes
+        </button>
+      </div>
+
+      <div class="mt-8">
+        <%= link_to "Done", profile_path,
+            class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script>
+  const backupCodes = <%= raw @backup_codes.to_json %>;
+
+  function downloadBackupCodes() {
+    const content = "Clinch Backup Codes\n" +
+                    "===================\n\n" +
+                    backupCodes.join("\n") +
+                    "\n\nSave these codes in a secure location.";
+
+    const blob = new Blob([content], { type: 'text/plain' });
+    const url = window.URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = 'clinch-backup-codes.txt';
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    window.URL.revokeObjectURL(url);
+  }
+
+  function printBackupCodes() {
+    window.print();
+  }
+</script>
diff --git a/app/views/totp/new.html.erb b/app/views/totp/new.html.erb
new file mode 100644
index 0000000..3d7b55c
--- /dev/null
+++ b/app/views/totp/new.html.erb
@@ -0,0 +1,75 @@
+<div class="max-w-2xl mx-auto">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Enable Two-Factor Authentication</h1>
+    <p class="mt-2 text-sm text-gray-600">
+      Scan the QR code below with your authenticator app, then enter the verification code to confirm.
+    </p>
+  </div>
+
+  <div class="bg-white shadow sm:rounded-lg">
+    <div class="px-4 py-5 sm:p-6">
+      <!-- Step 1: Scan QR Code -->
+      <div class="mb-8">
+        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 1: Scan QR Code</h3>
+        <div class="flex justify-center p-6 bg-gray-50 rounded-lg">
+          <%= @qr_code.as_svg(
+                module_size: 4,
+                color: "000",
+                shape_rendering: "crispEdges",
+                standalone: true
+              ).html_safe %>
+        </div>
+        <p class="mt-4 text-sm text-gray-600 text-center">
+          Use an authenticator app like Google Authenticator, Authy, or 1Password to scan this code.
+        </p>
+      </div>
+
+      <!-- Manual Entry Option -->
+      <div class="mb-8 p-4 bg-blue-50 rounded-lg">
+        <p class="text-sm font-medium text-blue-900 mb-2">Can't scan the QR code?</p>
+        <p class="text-sm text-blue-800">Enter this key manually in your authenticator app:</p>
+        <code class="mt-2 block p-2 bg-white rounded text-sm font-mono break-all"><%= @totp_secret %></code>
+      </div>
+
+      <!-- Step 2: Verify -->
+      <div>
+        <h3 class="text-lg font-medium text-gray-900 mb-4">Step 2: Verify</h3>
+        <%= form_with url: totp_path, method: :post, class: "space-y-4" do |form| %>
+          <%= hidden_field_tag :totp_secret, @totp_secret %>
+
+          <div>
+            <%= label_tag :code, "Verification Code", class: "block text-sm font-medium text-gray-700" %>
+            <%= text_field_tag :code,
+                nil,
+                placeholder: "000000",
+                maxlength: 6,
+                required: true,
+                autofocus: true,
+                autocomplete: "off",
+                class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 text-center text-2xl tracking-widest font-mono" %>
+            <p class="mt-1 text-sm text-gray-500">Enter the 6-digit code from your authenticator app</p>
+          </div>
+
+          <div class="flex gap-3">
+            <%= form.submit "Verify and Enable 2FA",
+                class: "inline-flex justify-center rounded-md border border-transparent bg-blue-600 py-2 px-4 text-sm font-medium text-white shadow-sm hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+            <%= link_to "Cancel", profile_path,
+                class: "inline-flex justify-center rounded-md border border-gray-300 bg-white py-2 px-4 text-sm font-medium text-gray-700 shadow-sm hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-offset-2" %>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+
+  <div class="mt-6 p-4 bg-yellow-50 rounded-lg">
+    <div class="flex">
+      <svg class="h-5 w-5 text-yellow-400 mr-3 flex-shrink-0" viewBox="0 0 20 20" fill="currentColor">
+        <path fill-rule="evenodd" d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495zM10 5a.75.75 0 01.75.75v3.5a.75.75 0 01-1.5 0v-3.5A.75.75 0 0110 5zm0 9a1 1 0 100-2 1 1 0 000 2z" clip-rule="evenodd" />
+      </svg>
+      <div class="text-sm text-yellow-800">
+        <p class="font-medium">Important: Save your backup codes</p>
+        <p class="mt-1">After verifying, you'll be shown backup codes. Save these in a safe place - they can be used to access your account if you lose your device.</p>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
new file mode 100644
index 0000000..0308adc
--- /dev/null
+++ b/app/views/users/new.html.erb
@@ -0,0 +1,62 @@
+<div class="mx-auto md:w-2/3 w-full">
+  <div class="mb-8">
+    <h1 class="font-bold text-4xl">Welcome to Clinch</h1>
+    <p class="mt-2 text-gray-600">Create your admin account to get started</p>
+  </div>
+
+  <%= form_with model: @user, url: signup_path, class: "contents" do |form| %>
+    <% if @user.errors.any? %>
+      <div class="bg-red-50 text-red-500 px-3 py-2 font-medium rounded-lg mt-3">
+        <h2><%= pluralize(@user.errors.count, "error") %> prohibited this account from being saved:</h2>
+        <ul class="list-disc list-inside">
+          <% @user.errors.each do |error| %>
+            <li><%= error.full_message %></li>
+          <% end %>
+        </ul>
+      </div>
+    <% end %>
+
+    <div class="my-5">
+      <%= form.label :email_address, class: "block font-medium text-sm text-gray-700" %>
+      <%= form.email_field :email_address,
+          required: true,
+          autofocus: true,
+          autocomplete: "email",
+          placeholder: "admin@example.com",
+          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+    </div>
+
+    <div class="my-5">
+      <%= form.label :password, class: "block font-medium text-sm text-gray-700" %>
+      <%= form.password_field :password,
+          required: true,
+          autocomplete: "new-password",
+          placeholder: "Enter a strong password",
+          maxlength: 72,
+          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+      <p class="mt-1 text-sm text-gray-500">Must be at least 8 characters</p>
+    </div>
+
+    <div class="my-5">
+      <%= form.label :password_confirmation, "Confirm Password", class: "block font-medium text-sm text-gray-700" %>
+      <%= form.password_field :password_confirmation,
+          required: true,
+          autocomplete: "new-password",
+          placeholder: "Re-enter your password",
+          maxlength: 72,
+          class: "block shadow-sm rounded-md border border-gray-400 focus:outline-blue-600 px-3 py-2 mt-2 w-full" %>
+    </div>
+
+    <div class="my-5">
+      <%= form.submit "Create Admin Account",
+          class: "w-full rounded-md px-3.5 py-2.5 bg-blue-600 hover:bg-blue-500 text-white font-medium cursor-pointer" %>
+    </div>
+
+    <div class="mt-4 p-4 bg-blue-50 rounded-lg">
+      <p class="text-sm text-blue-900">
+        <strong>Note:</strong> This is a first-run setup. You're creating the initial administrator account.
+        After this, you'll be able to invite other users from the admin dashboard.
+      </p>
+    </div>
+  <% end %>
+</div>
diff --git a/config/cable.yml b/config/cable.yml
index b9adc5a..d3aa27b 100644
--- a/config/cable.yml
+++ b/config/cable.yml
@@ -1,9 +1,11 @@
-# Async adapter only works within the same process, so for manually triggering cable updates from a console,
-# and seeing results in the browser, you must do so from the web console (running inside the dev process),
-# not a terminal started via bin/rails console! Add "console" to any action or any ERB template view
-# to make the web console appear.
+# Using Solid Cable for development (same as production).
 development:
-  adapter: async
+  adapter: solid_cable
+  connects_to:
+    database:
+      writing: cable
+  polling_interval: 0.1.seconds
+  message_retention: 1.day
 
 test:
   adapter: test
diff --git a/config/cache.yml b/config/cache.yml
index 19d4908..2535887 100644
--- a/config/cache.yml
+++ b/config/cache.yml
@@ -6,6 +6,7 @@ default: &default
     namespace: <%= Rails.env %>
 
 development:
+  database: cache
   <<: *default
 
 test:
diff --git a/config/database.yml b/config/database.yml
index 693252b..1233d7a 100644
--- a/config/database.yml
+++ b/config/database.yml
@@ -10,8 +10,21 @@ default: &default
   timeout: 5000
 
 development:
-  <<: *default
-  database: storage/development.sqlite3
+  primary:
+    <<: *default
+    database: storage/development.sqlite3
+  cache:
+    <<: *default
+    database: storage/development_cache.sqlite3
+    migrations_paths: db/cache_migrate
+  queue:
+    <<: *default
+    database: storage/development_queue.sqlite3
+    migrations_paths: db/queue_migrate
+  cable:
+    <<: *default
+    database: storage/development_cable.sqlite3
+    migrations_paths: db/cable_migrate
 
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 75243c3..da13670 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -25,8 +25,8 @@ Rails.application.configure do
     config.action_controller.perform_caching = false
   end
 
-  # Change to :null_store to avoid any caching.
-  config.cache_store = :memory_store
+  # Use Solid Cache for development (same as production).
+  config.cache_store = :solid_cache_store
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
@@ -40,6 +40,9 @@ Rails.application.configure do
   # Set localhost to be used by links generated in mailer templates.
   config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
 
+  # Log with request_id as a tag (same as production).
+  config.log_tags = [ :request_id ]
+
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
@@ -55,6 +58,11 @@ Rails.application.configure do
   # Highlight code that enqueued background job in logs.
   config.active_job.verbose_enqueue_logs = true
 
+  # Use Solid Queue for background jobs (same as production).
+  config.active_job.queue_adapter = :solid_queue
+  config.solid_queue.connects_to = { database: { writing: :queue } }
+  
+
   # Highlight code that triggered redirect in logs.
   config.action_dispatch.verbose_redirect_logs = true
 
diff --git a/config/routes.rb b/config/routes.rb
index 29b007b..5127eab 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,16 +1,46 @@
 Rails.application.routes.draw do
   resource :session
   resources :passwords, param: :token
+  mount ActionCable.server => "/cable"
+
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
   # Can be used by load balancers and uptime monitors to verify that the app is live.
   get "up" => "rails/health#show", as: :rails_health_check
 
+  # Authentication routes
+  get "/signup", to: "users#new", as: :signup
+  post "/signup", to: "users#create"
+  get "/signin", to: "sessions#new", as: :signin
+  post "/signin", to: "sessions#create"
+  delete "/signout", to: "sessions#destroy", as: :signout
+
+  # Authenticated routes
+  root "dashboard#index"
+  resource :profile, only: [:show, :update]
+  resources :sessions, only: [] do
+    member do
+      delete :destroy, action: :destroy_other
+    end
+  end
+
+  # TOTP (2FA) routes
+  get '/totp/new', to: 'totp#new', as: :new_totp
+  post '/totp', to: 'totp#create', as: :totp
+  delete '/totp', to: 'totp#destroy'
+  get '/totp/backup_codes', to: 'totp#backup_codes', as: :backup_codes_totp
+  post '/totp/verify_password', to: 'totp#verify_password', as: :verify_password_totp
+
+  # Admin routes
+  namespace :admin do
+    root "dashboard#index"
+    resources :users
+    resources :applications
+    resources :groups
+  end
+
   # Render dynamic PWA files from app/views/pwa/* (remember to link manifest in application.html.erb)
   # get "manifest" => "rails/pwa#manifest", as: :pwa_manifest
   # get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
-
-  # Defines the root path route ("/")
-  # root "posts#index"
 end
diff --git a/db/cable_schema.rb b/db/cable_schema.rb
index 2366660..3aefc38 100644
--- a/db/cable_schema.rb
+++ b/db/cable_schema.rb
@@ -1,9 +1,21 @@
-ActiveRecord::Schema[7.1].define(version: 1) do
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[8.1].define(version: 1) do
   create_table "solid_cable_messages", force: :cascade do |t|
     t.binary "channel", limit: 1024, null: false
-    t.binary "payload", limit: 536870912, null: false
-    t.datetime "created_at", null: false
     t.integer "channel_hash", limit: 8, null: false
+    t.datetime "created_at", null: false
+    t.binary "payload", limit: 536870912, null: false
     t.index ["channel"], name: "index_solid_cable_messages_on_channel"
     t.index ["channel_hash"], name: "index_solid_cable_messages_on_channel_hash"
     t.index ["created_at"], name: "index_solid_cable_messages_on_created_at"
diff --git a/db/cache_schema.rb b/db/cache_schema.rb
index 6005a29..2016467 100644
--- a/db/cache_schema.rb
+++ b/db/cache_schema.rb
@@ -1,12 +1,22 @@
-# frozen_string_literal: true
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.2].define(version: 1) do
+ActiveRecord::Schema[8.1].define(version: 1) do
   create_table "solid_cache_entries", force: :cascade do |t|
-    t.binary "key", limit: 1024, null: false
-    t.binary "value", limit: 536870912, null: false
-    t.datetime "created_at", null: false
-    t.integer "key_hash", limit: 8, null: false
     t.integer "byte_size", limit: 4, null: false
+    t.datetime "created_at", null: false
+    t.binary "key", limit: 1024, null: false
+    t.integer "key_hash", limit: 8, null: false
+    t.binary "value", limit: 536870912, null: false
     t.index ["byte_size"], name: "index_solid_cache_entries_on_byte_size"
     t.index ["key_hash", "byte_size"], name: "index_solid_cache_entries_on_key_hash_and_byte_size"
     t.index ["key_hash"], name: "index_solid_cache_entries_on_key_hash", unique: true
diff --git a/db/queue_schema.rb b/db/queue_schema.rb
index 85194b6..f56798c 100644
--- a/db/queue_schema.rb
+++ b/db/queue_schema.rb
@@ -1,123 +1,135 @@
-ActiveRecord::Schema[7.1].define(version: 1) do
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema[8.1].define(version: 1) do
   create_table "solid_queue_blocked_executions", force: :cascade do |t|
-    t.bigint "job_id", null: false
-    t.string "queue_name", null: false
-    t.integer "priority", default: 0, null: false
     t.string "concurrency_key", null: false
-    t.datetime "expires_at", null: false
     t.datetime "created_at", null: false
-    t.index [ "concurrency_key", "priority", "job_id" ], name: "index_solid_queue_blocked_executions_for_release"
-    t.index [ "expires_at", "concurrency_key" ], name: "index_solid_queue_blocked_executions_for_maintenance"
-    t.index [ "job_id" ], name: "index_solid_queue_blocked_executions_on_job_id", unique: true
+    t.datetime "expires_at", null: false
+    t.bigint "job_id", null: false
+    t.integer "priority", default: 0, null: false
+    t.string "queue_name", null: false
+    t.index ["concurrency_key", "priority", "job_id"], name: "index_solid_queue_blocked_executions_for_release"
+    t.index ["expires_at", "concurrency_key"], name: "index_solid_queue_blocked_executions_for_maintenance"
+    t.index ["job_id"], name: "index_solid_queue_blocked_executions_on_job_id", unique: true
   end
 
   create_table "solid_queue_claimed_executions", force: :cascade do |t|
+    t.datetime "created_at", null: false
     t.bigint "job_id", null: false
     t.bigint "process_id"
-    t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_claimed_executions_on_job_id", unique: true
-    t.index [ "process_id", "job_id" ], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id"
+    t.index ["job_id"], name: "index_solid_queue_claimed_executions_on_job_id", unique: true
+    t.index ["process_id", "job_id"], name: "index_solid_queue_claimed_executions_on_process_id_and_job_id"
   end
 
   create_table "solid_queue_failed_executions", force: :cascade do |t|
-    t.bigint "job_id", null: false
-    t.text "error"
     t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_failed_executions_on_job_id", unique: true
+    t.text "error"
+    t.bigint "job_id", null: false
+    t.index ["job_id"], name: "index_solid_queue_failed_executions_on_job_id", unique: true
   end
 
   create_table "solid_queue_jobs", force: :cascade do |t|
-    t.string "queue_name", null: false
-    t.string "class_name", null: false
-    t.text "arguments"
-    t.integer "priority", default: 0, null: false
     t.string "active_job_id"
-    t.datetime "scheduled_at"
-    t.datetime "finished_at"
+    t.text "arguments"
+    t.string "class_name", null: false
     t.string "concurrency_key"
     t.datetime "created_at", null: false
+    t.datetime "finished_at"
+    t.integer "priority", default: 0, null: false
+    t.string "queue_name", null: false
+    t.datetime "scheduled_at"
     t.datetime "updated_at", null: false
-    t.index [ "active_job_id" ], name: "index_solid_queue_jobs_on_active_job_id"
-    t.index [ "class_name" ], name: "index_solid_queue_jobs_on_class_name"
-    t.index [ "finished_at" ], name: "index_solid_queue_jobs_on_finished_at"
-    t.index [ "queue_name", "finished_at" ], name: "index_solid_queue_jobs_for_filtering"
-    t.index [ "scheduled_at", "finished_at" ], name: "index_solid_queue_jobs_for_alerting"
+    t.index ["active_job_id"], name: "index_solid_queue_jobs_on_active_job_id"
+    t.index ["class_name"], name: "index_solid_queue_jobs_on_class_name"
+    t.index ["finished_at"], name: "index_solid_queue_jobs_on_finished_at"
+    t.index ["queue_name", "finished_at"], name: "index_solid_queue_jobs_for_filtering"
+    t.index ["scheduled_at", "finished_at"], name: "index_solid_queue_jobs_for_alerting"
   end
 
   create_table "solid_queue_pauses", force: :cascade do |t|
-    t.string "queue_name", null: false
     t.datetime "created_at", null: false
-    t.index [ "queue_name" ], name: "index_solid_queue_pauses_on_queue_name", unique: true
+    t.string "queue_name", null: false
+    t.index ["queue_name"], name: "index_solid_queue_pauses_on_queue_name", unique: true
   end
 
   create_table "solid_queue_processes", force: :cascade do |t|
+    t.datetime "created_at", null: false
+    t.string "hostname"
     t.string "kind", null: false
     t.datetime "last_heartbeat_at", null: false
-    t.bigint "supervisor_id"
-    t.integer "pid", null: false
-    t.string "hostname"
     t.text "metadata"
-    t.datetime "created_at", null: false
     t.string "name", null: false
-    t.index [ "last_heartbeat_at" ], name: "index_solid_queue_processes_on_last_heartbeat_at"
-    t.index [ "name", "supervisor_id" ], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true
-    t.index [ "supervisor_id" ], name: "index_solid_queue_processes_on_supervisor_id"
+    t.integer "pid", null: false
+    t.bigint "supervisor_id"
+    t.index ["last_heartbeat_at"], name: "index_solid_queue_processes_on_last_heartbeat_at"
+    t.index ["name", "supervisor_id"], name: "index_solid_queue_processes_on_name_and_supervisor_id", unique: true
+    t.index ["supervisor_id"], name: "index_solid_queue_processes_on_supervisor_id"
   end
 
   create_table "solid_queue_ready_executions", force: :cascade do |t|
-    t.bigint "job_id", null: false
-    t.string "queue_name", null: false
-    t.integer "priority", default: 0, null: false
     t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_ready_executions_on_job_id", unique: true
-    t.index [ "priority", "job_id" ], name: "index_solid_queue_poll_all"
-    t.index [ "queue_name", "priority", "job_id" ], name: "index_solid_queue_poll_by_queue"
+    t.bigint "job_id", null: false
+    t.integer "priority", default: 0, null: false
+    t.string "queue_name", null: false
+    t.index ["job_id"], name: "index_solid_queue_ready_executions_on_job_id", unique: true
+    t.index ["priority", "job_id"], name: "index_solid_queue_poll_all"
+    t.index ["queue_name", "priority", "job_id"], name: "index_solid_queue_poll_by_queue"
   end
 
   create_table "solid_queue_recurring_executions", force: :cascade do |t|
-    t.bigint "job_id", null: false
-    t.string "task_key", null: false
-    t.datetime "run_at", null: false
     t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_recurring_executions_on_job_id", unique: true
-    t.index [ "task_key", "run_at" ], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true
+    t.bigint "job_id", null: false
+    t.datetime "run_at", null: false
+    t.string "task_key", null: false
+    t.index ["job_id"], name: "index_solid_queue_recurring_executions_on_job_id", unique: true
+    t.index ["task_key", "run_at"], name: "index_solid_queue_recurring_executions_on_task_key_and_run_at", unique: true
   end
 
   create_table "solid_queue_recurring_tasks", force: :cascade do |t|
-    t.string "key", null: false
-    t.string "schedule", null: false
-    t.string "command", limit: 2048
-    t.string "class_name"
     t.text "arguments"
-    t.string "queue_name"
-    t.integer "priority", default: 0
-    t.boolean "static", default: true, null: false
-    t.text "description"
+    t.string "class_name"
+    t.string "command", limit: 2048
     t.datetime "created_at", null: false
+    t.text "description"
+    t.string "key", null: false
+    t.integer "priority", default: 0
+    t.string "queue_name"
+    t.string "schedule", null: false
+    t.boolean "static", default: true, null: false
     t.datetime "updated_at", null: false
-    t.index [ "key" ], name: "index_solid_queue_recurring_tasks_on_key", unique: true
-    t.index [ "static" ], name: "index_solid_queue_recurring_tasks_on_static"
+    t.index ["key"], name: "index_solid_queue_recurring_tasks_on_key", unique: true
+    t.index ["static"], name: "index_solid_queue_recurring_tasks_on_static"
   end
 
   create_table "solid_queue_scheduled_executions", force: :cascade do |t|
-    t.bigint "job_id", null: false
-    t.string "queue_name", null: false
-    t.integer "priority", default: 0, null: false
-    t.datetime "scheduled_at", null: false
     t.datetime "created_at", null: false
-    t.index [ "job_id" ], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true
-    t.index [ "scheduled_at", "priority", "job_id" ], name: "index_solid_queue_dispatch_all"
+    t.bigint "job_id", null: false
+    t.integer "priority", default: 0, null: false
+    t.string "queue_name", null: false
+    t.datetime "scheduled_at", null: false
+    t.index ["job_id"], name: "index_solid_queue_scheduled_executions_on_job_id", unique: true
+    t.index ["scheduled_at", "priority", "job_id"], name: "index_solid_queue_dispatch_all"
   end
 
   create_table "solid_queue_semaphores", force: :cascade do |t|
-    t.string "key", null: false
-    t.integer "value", default: 1, null: false
-    t.datetime "expires_at", null: false
     t.datetime "created_at", null: false
+    t.datetime "expires_at", null: false
+    t.string "key", null: false
     t.datetime "updated_at", null: false
-    t.index [ "expires_at" ], name: "index_solid_queue_semaphores_on_expires_at"
-    t.index [ "key", "value" ], name: "index_solid_queue_semaphores_on_key_and_value"
-    t.index [ "key" ], name: "index_solid_queue_semaphores_on_key", unique: true
+    t.integer "value", default: 1, null: false
+    t.index ["expires_at"], name: "index_solid_queue_semaphores_on_expires_at"
+    t.index ["key", "value"], name: "index_solid_queue_semaphores_on_key_and_value"
+    t.index ["key"], name: "index_solid_queue_semaphores_on_key", unique: true
   end
 
   add_foreign_key "solid_queue_blocked_executions", "solid_queue_jobs", column: "job_id", on_delete: :cascade