diff --git a/migrations/20250205180205.sql b/migrations/20250205180205.sql
deleted file mode 100644
index 3b3a95061..000000000
--- a/migrations/20250205180205.sql
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
-This migration adds team slugs and profile pictures to support user-friendly URLs and team branding.
-
-It performs the following steps:
-
-1. Adds two new columns to the teams table:
-   - slug: A URL-friendly version of the team name (e.g. "acme-inc")
-   - profile_picture_url: URL to the team's profile picture
-
-2. Creates a slug generation function that:
-   - Takes a team name and converts it to a URL-friendly format
-   - Removes special characters, accents, and spaces
-   - Handles email addresses by only using the part before @
-   - Converts to lowercase and replaces spaces with hyphens
-
-3. Installs the unaccent PostgreSQL extension for proper accent handling
-
-4. Generates initial slugs for all existing teams:
-   - Uses the team name as base for the slug
-   - If multiple teams would have the same slug, appends part of the team ID
-     to ensure uniqueness
-
-5. Sets up automatic slug generation for new teams:
-   - Creates a trigger that runs before team insertion
-   - Generates a unique slug using random suffixes if needed
-   - Only generates a slug if one isn't explicitly provided
-
-6. Enforces slug uniqueness with a database constraint
-*/
-
-ALTER TABLE teams
-ADD COLUMN slug TEXT,
-ADD COLUMN profile_picture_url TEXT;
-
-CREATE OR REPLACE FUNCTION generate_team_slug(name TEXT)
-RETURNS TEXT AS $$
-DECLARE
-  base_name TEXT;
-BEGIN
-  base_name := SPLIT_PART(name, '@', 1);
-
-  RETURN LOWER(
-    REGEXP_REPLACE(
-      REGEXP_REPLACE(
-        UNACCENT(TRIM(base_name)),
-        '[^a-zA-Z0-9\s-]',
-        '',
-        'g'
-      ),
-      '\s+',
-      '-',
-      'g'
-    )
-  );
-END;
-$$ LANGUAGE plpgsql;
-
-CREATE EXTENSION IF NOT EXISTS unaccent;
-
-WITH numbered_teams AS (
-  SELECT
-    id,
-    name,
-    generate_team_slug(name) as base_slug,
-    ROW_NUMBER() OVER (PARTITION BY generate_team_slug(name) ORDER BY created_at) as slug_count
-  FROM teams
-  WHERE slug IS NULL
-)
-UPDATE teams
-SET slug =
-  CASE
-    WHEN t.slug_count = 1 THEN t.base_slug
-    ELSE t.base_slug || '-' || SUBSTRING(teams.id::text, 1, 4)
-  END
-FROM numbered_teams t
-WHERE teams.id = t.id;
-
-CREATE OR REPLACE FUNCTION generate_team_slug_trigger()
-RETURNS TRIGGER AS $$
-DECLARE
-  base_slug TEXT;
-  test_slug TEXT;
-  suffix TEXT;
-BEGIN
-  IF NEW.slug IS NULL THEN
-    base_slug := generate_team_slug(NEW.name);
-    test_slug := base_slug;
-
-    WHILE EXISTS (SELECT 1 FROM teams WHERE slug = test_slug) LOOP
-      suffix := SUBSTRING(gen_random_uuid()::text, 1, 4);
-      test_slug := base_slug || '-' || suffix;
-    END LOOP;
-
-    NEW.slug := test_slug;
-  END IF;
-  RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-CREATE TRIGGER team_slug_trigger
-BEFORE INSERT ON teams
-FOR EACH ROW
-EXECUTE FUNCTION generate_team_slug_trigger();
-
-ALTER TABLE teams
-ADD CONSTRAINT teams_slug_unique UNIQUE (slug);
-
-ALTER TABLE teams
-ALTER COLUMN slug SET NOT NULL;
\ No newline at end of file
diff --git a/migrations/20250311144556.sql b/migrations/20250311144556.sql
deleted file mode 100644
index 16c4649f3..000000000
--- a/migrations/20250311144556.sql
+++ /dev/null
@@ -1,10 +0,0 @@
-CREATE OR REPLACE VIEW public.auth_users AS
-SELECT
-    id,
-    email
-FROM auth.users;
-
--- Revoke all permissions to ensure no public access
-REVOKE ALL ON public.auth_users FROM PUBLIC;
-REVOKE ALL ON public.auth_users FROM anon;
-REVOKE ALL ON public.auth_users FROM authenticated;
\ No newline at end of file
diff --git a/migrations/20250314133234.sql b/migrations/20250314133234.sql
deleted file mode 100644
index 0ce0801e8..000000000
--- a/migrations/20250314133234.sql
+++ /dev/null
@@ -1,14 +0,0 @@
--- Timestamp: 20250314133234
-
--- Create env_defaults table with RLS enabled
-CREATE TABLE "public"."env_defaults" (
-    env_id TEXT PRIMARY KEY REFERENCES "public"."envs"(id),
-    description TEXT
-);
-
--- Enable Row Level Security
-ALTER TABLE "public"."env_defaults" ENABLE ROW LEVEL SECURITY;
-
--- Create an index on the foreign key for better performance
-CREATE INDEX "env_defaults_env_id_idx" ON "public"."env_defaults"("env_id");
-
diff --git a/migrations/20260212120822.sql b/migrations/20260212120822.sql
deleted file mode 100644
index 7962bcd09..000000000
--- a/migrations/20260212120822.sql
+++ /dev/null
@@ -1,206 +0,0 @@
--- Timestamp: 20260212120822
-
-BEGIN;
-
-CREATE OR REPLACE FUNCTION public.list_team_builds_rpc(
-  p_team_id uuid,
-  p_statuses text[] DEFAULT ARRAY['waiting', 'building', 'uploaded', 'failed']::text[],
-  p_limit integer DEFAULT 50,
-  p_cursor_created_at timestamptz DEFAULT NULL,
-  p_cursor_id uuid DEFAULT NULL,
-  p_build_id_or_template text DEFAULT NULL
-)
-RETURNS TABLE (
-  id uuid,
-  status text,
-  reason jsonb,
-  created_at timestamptz,
-  finished_at timestamptz,
-  template_id text,
-  template_alias text
-)
-LANGUAGE sql
-STABLE
-SECURITY INVOKER
-SET search_path = pg_catalog, public
-AS $function$
-WITH params AS (
-  SELECT
-    p_team_id AS team_id,
-    CASE
-      WHEN p_statuses IS NULL OR CARDINALITY(p_statuses) = 0
-        THEN ARRAY['waiting', 'building', 'uploaded', 'failed']::text[]
-      ELSE p_statuses
-    END AS statuses,
-    GREATEST(1, LEAST(COALESCE(p_limit, 50), 100)) AS requested_limit,
-    p_cursor_created_at AS cursor_created_at,
-    p_cursor_id AS cursor_id,
-    NULLIF(BTRIM(p_build_id_or_template), '') AS search_term
-),
-resolved AS (
-  SELECT
-    p.*,
-    CASE
-      WHEN p.search_term ~* '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
-        THEN p.search_term::uuid
-      ELSE NULL
-    END AS candidate_build_id,
-    (
-      SELECT e.id
-      FROM public.envs e
-      WHERE e.team_id = p.team_id
-        AND e.id = p.search_term
-      LIMIT 1
-    ) AS resolved_template_id_by_id
-  FROM params p
-),
-resolved_with_alias AS (
-  SELECT
-    r.*,
-    COALESCE(
-      r.resolved_template_id_by_id,
-      (
-        SELECT ea.env_id
-        FROM public.env_aliases ea
-        JOIN public.envs e ON e.id = ea.env_id
-        WHERE e.team_id = r.team_id
-          AND ea.alias = r.search_term
-        ORDER BY ea.id ASC
-        LIMIT 1
-      )
-    ) AS resolved_template_id
-  FROM resolved r
-),
-page_ids AS (
-  SELECT DISTINCT ON (b.created_at, b.id)
-    b.id,
-    b.created_at,
-    a.env_id
-  FROM resolved_with_alias f
-  JOIN public.envs e
-    ON e.team_id = f.team_id
-  JOIN public.env_build_assignments a
-    ON a.env_id = e.id
-  JOIN public.env_builds b
-    ON b.id = a.build_id
-  WHERE b.status = ANY (f.statuses)
-    AND (
-      f.cursor_created_at IS NULL
-      OR (f.cursor_id IS NULL AND b.created_at < f.cursor_created_at)
-      OR (
-        f.cursor_id IS NOT NULL
-        AND (b.created_at, b.id) < (f.cursor_created_at, f.cursor_id)
-      )
-    )
-    AND (
-      f.search_term IS NULL
-      OR (
-        f.resolved_template_id IS NOT NULL
-        AND f.candidate_build_id IS NOT NULL
-        AND (a.env_id = f.resolved_template_id OR b.id = f.candidate_build_id)
-      )
-      OR (
-        f.resolved_template_id IS NOT NULL
-        AND f.candidate_build_id IS NULL
-        AND a.env_id = f.resolved_template_id
-      )
-      OR (
-        f.resolved_template_id IS NULL
-        AND f.candidate_build_id IS NOT NULL
-        AND b.id = f.candidate_build_id
-      )
-    )
-  ORDER BY
-    b.created_at DESC,
-    b.id DESC,
-    a.created_at DESC NULLS LAST,
-    a.id DESC
-  LIMIT (SELECT requested_limit + 1 FROM params)
-),
-page_data AS (
-  SELECT
-    p.id,
-    b.status,
-    b.reason::jsonb AS reason,
-    p.created_at,
-    b.finished_at,
-    p.env_id AS template_id
-  FROM page_ids p
-  JOIN public.env_builds b
-    ON b.id = p.id
-)
-SELECT
-  d.id,
-  d.status,
-  d.reason,
-  d.created_at,
-  CASE
-    WHEN d.finished_at IS NULL THEN NULL::timestamptz
-    ELSE d.finished_at
-  END AS finished_at,
-  d.template_id,
-  CASE
-    WHEN ea.alias IS NULL THEN NULL::text
-    ELSE ea.alias
-  END AS template_alias
-FROM page_data d
-LEFT JOIN LATERAL (
-  SELECT x.alias
-  FROM public.env_aliases x
-  WHERE x.env_id = d.template_id
-  ORDER BY x.id ASC
-  LIMIT 1
-) ea ON TRUE
-ORDER BY d.created_at DESC, d.id DESC;
-$function$;
-
-REVOKE ALL ON FUNCTION public.list_team_builds_rpc(uuid, text[], integer, timestamptz, uuid, text) FROM PUBLIC;
-GRANT EXECUTE ON FUNCTION public.list_team_builds_rpc(uuid, text[], integer, timestamptz, uuid, text) TO service_role;
-
-CREATE OR REPLACE FUNCTION public.list_team_running_build_statuses_rpc(
-  p_team_id uuid,
-  p_build_ids uuid[]
-)
-RETURNS TABLE (
-  id uuid,
-  status text,
-  reason jsonb,
-  finished_at timestamptz
-)
-LANGUAGE sql
-STABLE
-SECURITY INVOKER
-SET search_path = pg_catalog, public
-AS $function$
-WITH requested_builds AS (
-  SELECT DISTINCT requested.build_id
-  FROM UNNEST(COALESCE(p_build_ids, ARRAY[]::uuid[])) AS requested(build_id)
-),
-authorized_builds AS (
-  SELECT DISTINCT ON (a.build_id)
-    a.build_id
-  FROM requested_builds r
-  JOIN public.env_build_assignments a
-    ON a.build_id = r.build_id
-  JOIN public.envs e
-    ON e.id = a.env_id
-  WHERE e.team_id = p_team_id
-  ORDER BY
-    a.build_id ASC,
-    a.created_at DESC NULLS LAST,
-    a.id DESC
-)
-SELECT
-  b.id,
-  b.status,
-  b.reason::jsonb AS reason,
-  b.finished_at
-FROM authorized_builds ab
-JOIN public.env_builds b
-  ON b.id = ab.build_id;
-$function$;
-
-REVOKE ALL ON FUNCTION public.list_team_running_build_statuses_rpc(uuid, uuid[]) FROM PUBLIC;
-GRANT EXECUTE ON FUNCTION public.list_team_running_build_statuses_rpc(uuid, uuid[]) TO service_role;
-
-COMMIT;
diff --git a/migrations/20260217145145.sql b/migrations/20260217145145.sql
deleted file mode 100644
index 8f87f0c9d..000000000
--- a/migrations/20260217145145.sql
+++ /dev/null
@@ -1,107 +0,0 @@
--- Timestamp: 20260217145145
-
-BEGIN;
-
-CREATE OR REPLACE FUNCTION public.list_team_builds_rpc(
-  p_team_id uuid,
-  p_statuses text[] DEFAULT ARRAY['waiting', 'building', 'uploaded', 'failed']::text[],
-  p_limit integer DEFAULT 50,
-  p_cursor_created_at timestamptz DEFAULT NULL,
-  p_cursor_id uuid DEFAULT NULL,
-  p_build_id_or_template text DEFAULT NULL
-)
-RETURNS TABLE (
-  id uuid,
-  status text,
-  reason jsonb,
-  created_at timestamptz,
-  finished_at timestamptz,
-  template_id text,
-  template_alias text
-)
-LANGUAGE sql
-STABLE
-SECURITY INVOKER
-SET search_path = pg_catalog, public
-AS $function$
-WITH params AS (
-  SELECT
-    p_team_id AS team_id,
-    CASE
-      WHEN p_statuses IS NULL OR CARDINALITY(p_statuses) = 0
-        THEN ARRAY['waiting', 'building', 'uploaded', 'failed']::text[]
-      ELSE p_statuses
-    END AS statuses,
-    GREATEST(1, LEAST(COALESCE(p_limit, 50), 100)) AS requested_limit,
-    COALESCE(p_cursor_created_at, 'infinity'::timestamptz) AS cursor_created_at,
-    CASE
-      WHEN p_cursor_created_at IS NULL
-        THEN 'ffffffff-ffff-ffff-ffff-ffffffffffff'::uuid
-      WHEN p_cursor_id IS NULL
-        THEN '00000000-0000-0000-0000-000000000000'::uuid
-      ELSE p_cursor_id
-    END AS cursor_id,
-    NULLIF(BTRIM(p_build_id_or_template), '') AS search_term
-),
-resolved AS (
-  SELECT
-    p.*,
-    CASE
-      WHEN p.search_term ~* '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
-        THEN p.search_term::uuid
-      ELSE NULL
-    END AS candidate_build_id,
-    COALESCE(
-      (
-        SELECT e.id
-        FROM public.envs e
-        WHERE e.team_id = p.team_id
-          AND e.id = p.search_term
-        LIMIT 1
-      ),
-      (
-        SELECT ea.env_id
-        FROM public.env_aliases ea
-        JOIN public.envs e
-          ON e.id = ea.env_id
-        WHERE e.team_id = p.team_id
-          AND ea.alias = p.search_term
-        ORDER BY ea.alias ASC
-        LIMIT 1
-      )
-    ) AS resolved_template_id
-  FROM params p
-)
-SELECT
-  b.id,
-  b.status,
-  b.reason::jsonb AS reason,
-  b.created_at,
-  b.finished_at,
-  b.env_id AS template_id,
-  ea.alias AS template_alias
-FROM public.env_builds b
-JOIN resolved r
-  ON r.team_id = b.team_id
-LEFT JOIN LATERAL (
-  SELECT x.alias
-  FROM public.env_aliases x
-  WHERE x.env_id = b.env_id
-  ORDER BY x.alias ASC
-  LIMIT 1
-) ea ON TRUE
-WHERE (b.created_at, b.id) < (r.cursor_created_at, r.cursor_id)
-  AND (
-    r.search_term IS NULL
-    OR (r.candidate_build_id IS NOT NULL AND b.id = r.candidate_build_id)
-    OR (r.resolved_template_id IS NOT NULL AND b.env_id = r.resolved_template_id)
-  )
-  AND b.status = ANY (r.statuses)
-ORDER BY b.created_at DESC, b.id DESC
-LIMIT (SELECT requested_limit + 1 FROM params)
-$function$;
-
-REVOKE ALL ON FUNCTION public.list_team_builds_rpc(uuid, text[], integer, timestamptz, uuid, text) FROM PUBLIC;
-GRANT EXECUTE ON FUNCTION public.list_team_builds_rpc(uuid, text[], integer, timestamptz, uuid, text) TO service_role;
-
-COMMIT;
diff --git a/package.json b/package.json
index c47670b10..e24fa2a43 100644
--- a/package.json
+++ b/package.json
@@ -20,10 +20,10 @@
     "db:migrations:create": "bun run scripts:create-migration",
     "db:migrations:apply": "bun run scripts:apply-migrations",
     "<<<<<<< Gen": "",
-    "generate:infra": "bunx openapi-typescript ./spec/openapi.infra.yaml -o ./src/types/infra-api.types.ts",
-    "generate:dashboard-api": "bunx openapi-typescript ./spec/openapi.dashboard-api.yaml -o ./src/types/dashboard-api.types.ts",
-    "generate:argus": "bunx openapi-typescript ./spec/openapi.argus.yaml -o ./src/types/argus-api.types.ts",
-    "generate:supabase": "bunx supabase@latest gen types typescript --schema public > src/types/database.types.ts --project-id $SUPABASE_PROJECT_ID",
+    "generate:infra": "bunx openapi-typescript ./spec/openapi.infra.yaml -o ./src/core/shared/contracts/infra-api.types.ts",
+    "generate:dashboard-api": "bunx openapi-typescript ./spec/openapi.dashboard-api.yaml -o ./src/core/shared/contracts/dashboard-api.types.ts",
+    "generate:argus": "bunx openapi-typescript ./spec/openapi.argus.yaml -o ./src/core/shared/contracts/argus-api.types.ts",
+    "generate:supabase": "bunx supabase@latest gen types typescript --schema public > src/core/shared/contracts/database.types.ts --project-id $SUPABASE_PROJECT_ID",
     "<<<<<<< Scripts": "",
     "scripts:check-app-env": "bun scripts/check-app-env.ts",
     "scripts:check-e2e-env": "bun scripts/check-e2e-env.ts",
diff --git a/src/__test__/integration/auth.test.ts b/src/__test__/integration/auth.test.ts
index 8b9070347..429963f98 100644
--- a/src/__test__/integration/auth.test.ts
+++ b/src/__test__/integration/auth.test.ts
@@ -1,14 +1,14 @@
 import { redirect } from 'next/navigation'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { encodedRedirect } from '@/lib/utils/auth'
 import {
   forgotPasswordAction,
   signInAction,
   signInWithOAuthAction,
   signOutAction,
   signUpAction,
-} from '@/server/auth/auth-actions'
+} from '@/core/server/actions/auth-actions'
+import { encodedRedirect } from '@/lib/utils/auth'
 
 // Create hoisted mock functions that can be used throughout the file
 const { validateEmail, shouldWarnAboutAlternateEmail } = vi.hoisted(() => ({
@@ -44,11 +44,11 @@ const mockSupabaseClient = {
 }
 
 // Mock dependencies
-vi.mock('@/lib/clients/supabase/server', () => ({
+vi.mock('@/core/shared/clients/supabase/server', () => ({
   createClient: vi.fn(() => mockSupabaseClient),
 }))
 
-vi.mock('@/lib/clients/supabase/admin', () => ({
+vi.mock('@/core/shared/clients/supabase/admin', () => ({
   supabaseAdmin: {
     auth: vi.fn(),
   },
@@ -77,7 +77,7 @@ vi.mock('@/lib/utils/auth', () => ({
 }))
 
 // Use the hoisted mock functions in the module mock
-vi.mock('@/server/auth/validate-email', () => ({
+vi.mock('@/core/server/functions/auth/validate-email', () => ({
   validateEmail,
   shouldWarnAboutAlternateEmail,
 }))
@@ -266,10 +266,9 @@ describe('Auth Actions - Integration Tests', () => {
       // Missing password and confirmPassword
 
       // Execute: Call the sign-up action
-      // @ts-expect-error - we want to test the validation errors
       const result = await signUpAction({
         email: 'newuser@example.com',
-      })
+      } as never)
 
       // Verify: Check that the result contains validation errors
       expect(result).toBeDefined()
diff --git a/src/__test__/integration/dashboard-route.test.ts b/src/__test__/integration/dashboard-route.test.ts
index 0dee60fce..97ee5c4a4 100644
--- a/src/__test__/integration/dashboard-route.test.ts
+++ b/src/__test__/integration/dashboard-route.test.ts
@@ -17,7 +17,7 @@ import { PROTECTED_URLS } from '@/configs/urls'
  * 3. Tab parameter routing - all valid tabs and fallbacks
  * 4. Error handling - auth errors and missing teams
  * 5. Cookie setting - team persistence
- * 6. URL generation - correct paths for team slug/ID
+ * 6. URL generation - correct slug-backed paths
  */
 
 // create hoisted mocks
@@ -29,6 +29,7 @@ const {
 } = vi.hoisted(() => ({
   mockSupabaseClient: {
     auth: {
+      getSession: vi.fn(),
       getUser: vi.fn(),
       signOut: vi.fn(),
     },
@@ -43,11 +44,11 @@ const {
   mockResolveUserTeam: vi.fn(),
 }))
 
-vi.mock('@/lib/clients/supabase/server', () => ({
+vi.mock('@/core/shared/clients/supabase/server', () => ({
   createClient: vi.fn(() => mockSupabaseClient),
 }))
 
-vi.mock('@/lib/clients/supabase/admin', () => ({
+vi.mock('@/core/shared/clients/supabase/admin', () => ({
   supabaseAdmin: mockSupabaseAdmin,
 }))
 
@@ -63,7 +64,7 @@ vi.mock('@/lib/utils/auth', () => ({
   }),
 }))
 
-vi.mock('@/server/team/resolve-user-team', () => ({
+vi.mock('@/core/server/functions/team/resolve-user-team', () => ({
   resolveUserTeam: mockResolveUserTeam,
 }))
 
@@ -78,6 +79,9 @@ import { GET, TAB_URL_MAP } from '@/app/dashboard/route'
 describe('Dashboard Route - Team Resolution Integration Tests', () => {
   beforeEach(() => {
     vi.clearAllMocks()
+    mockSupabaseClient.auth.getSession.mockResolvedValue({
+      data: { session: { access_token: 'session-token' } },
+    })
   })
 
   afterEach(() => {
@@ -117,8 +121,8 @@ describe('Dashboard Route - Team Resolution Integration Tests', () => {
       // execute
       const response = await GET(request)
 
-      // verify: resolveUserTeam was called with user ID
-      expect(mockResolveUserTeam).toHaveBeenCalledWith('user-123')
+      // verify: resolveUserTeam was called with session access token
+      expect(mockResolveUserTeam).toHaveBeenCalledWith('session-token')
 
       // verify: redirects to sandboxes page
       expect(response.status).toBe(307) // temporary redirect
@@ -251,18 +255,11 @@ describe('Dashboard Route - Team Resolution Integration Tests', () => {
       expect(response.headers.get('location')).toContain(expectedPath)
     })
 
-    it('should use team ID as fallback when slug is empty', async () => {
-      const testTeamId = 'team-id-only'
-
-      mockResolveUserTeam.mockResolvedValue({
-        id: testTeamId,
-        slug: '',
-      })
-
-      const request = createRequest({ tab: 'billing' })
+    it('should default to sandboxes when tab matches an inherited object key', async () => {
+      const request = createRequest({ tab: 'constructor' })
       const response = await GET(request)
 
-      const expectedPath = TAB_URL_MAP['billing']!(testTeamId)
+      const expectedPath = PROTECTED_URLS.SANDBOXES(testTeamSlug)
       expect(response.headers.get('location')).toContain(expectedPath)
     })
   })
diff --git a/src/__test__/integration/inspect-sandbox.test.ts b/src/__test__/integration/inspect-sandbox.test.ts
index c45c9981e..316df4547 100644
--- a/src/__test__/integration/inspect-sandbox.test.ts
+++ b/src/__test__/integration/inspect-sandbox.test.ts
@@ -9,42 +9,55 @@ import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
 // MOCKS SETUP
 // ============================================================================
 
-const mockSupabaseClient = {
-  auth: {
-    getUser: vi.fn(),
-    getSession: vi.fn(),
+const {
+  mockSupabaseClient,
+  mockListUserTeams,
+  mockCreateUserTeamsRepository,
+  mockSetTeamCookies,
+} = vi.hoisted(() => ({
+  mockSupabaseClient: {
+    auth: {
+      getUser: vi.fn(),
+      getSession: vi.fn(),
+    },
   },
-}
+  mockListUserTeams: vi.fn(),
+  mockCreateUserTeamsRepository: vi.fn(),
+  mockSetTeamCookies: vi.fn(),
+}))
 
-vi.mock('@/lib/clients/supabase/server', () => ({
+vi.mock('@/core/shared/clients/supabase/server', () => ({
   createClient: vi.fn(() => Promise.resolve(mockSupabaseClient)),
 }))
 
-vi.mock('@/lib/clients/supabase/admin', () => ({
-  supabaseAdmin: {
-    from: vi.fn(),
-  },
+vi.mock('@/core/modules/teams/user-teams-repository.server', () => ({
+  createUserTeamsRepository: mockCreateUserTeamsRepository,
 }))
 
-vi.mock('@/lib/clients/kv', () => ({
+vi.mock('@/core/shared/clients/kv', () => ({
   kv: {
     get: vi.fn(),
     set: vi.fn(),
   },
 }))
 
-vi.mock('@/lib/clients/api', () => ({
+vi.mock('@/core/shared/clients/api', () => ({
   infra: {
     GET: vi.fn(),
   },
 }))
 
-vi.mock('@/lib/clients/logger/logger', () => ({
+vi.mock('@/core/shared/clients/logger/logger', () => ({
   l: {
     info: vi.fn(),
     warn: vi.fn(),
     error: vi.fn(),
   },
+  serializeErrorForLog: vi.fn((error) => error),
+}))
+
+vi.mock('@/lib/utils/cookies', () => ({
+  setTeamCookies: mockSetTeamCookies,
 }))
 
 vi.mock('next/headers', () => ({
@@ -82,8 +95,8 @@ vi.mock('next/server', async () => {
 })
 
 // Import mocked modules after mock setup
-import { infra } from '@/lib/clients/api'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
+import { infra } from '@/core/shared/clients/api'
+import { setTeamCookies } from '@/lib/utils/cookies'
 
 // ============================================================================
 // TEST HELPERS
@@ -117,24 +130,29 @@ function setupAuthenticatedUser(
 }
 
 function setupUserTeams(teams: Array<{ id: string; slug: string | null }>) {
-  const mockTeamsData = teams.map((team) => ({
-    teams: team,
-    is_default: false,
-  }))
-
-  vi.mocked(supabaseAdmin.from).mockImplementation(
-    () =>
-      ({
-        select: vi.fn(() => ({
-          eq: vi.fn(() =>
-            Promise.resolve({
-              data: mockTeamsData,
-              error: null,
-            })
-          ),
-        })),
-      }) as any
-  )
+  mockListUserTeams.mockResolvedValue({
+    ok: true,
+    data: teams.map((team) => ({
+      id: team.id,
+      slug: team.slug ?? '',
+      name: `Team ${team.id}`,
+      tier: 'pro',
+      email: `${team.id}@example.com`,
+      profilePictureUrl: null,
+      isBlocked: false,
+      isBanned: false,
+      blockedReason: null,
+      isDefault: false,
+      limits: {
+        maxLengthHours: 1,
+        concurrentSandboxes: 1,
+        concurrentTemplateBuilds: 1,
+        maxVcpu: 1,
+        maxRamMb: 512,
+        diskMb: 1024,
+      },
+    })),
+  })
 }
 
 function setupSandboxResponse(
@@ -142,45 +160,53 @@ function setupSandboxResponse(
   sandboxId: string,
   found: boolean
 ) {
-  vi.mocked(infra.GET).mockImplementation((path: string, options: any) => {
-    if (
-      path === '/sandboxes/{sandboxID}' &&
-      options.params.path.sandboxID === sandboxId &&
-      options.headers[SUPABASE_TEAM_HEADER] === teamId &&
-      Boolean(options.headers[SUPABASE_TOKEN_HEADER])
-    ) {
-      if (found) {
-        return Promise.resolve({
-          response: { status: 200 },
-          data: {
-            sandboxID: sandboxId,
-            templateID: 'template123',
-            clientID: 'client123',
-            startedAt: '2024-01-01T00:00:00Z',
-            endAt: '2024-01-02T00:00:00Z',
-            state: 'running',
-            cpuCount: 2,
-            memoryMB: 4096,
-            diskSizeMB: 10240,
-            envdVersion: '1.0.0',
-          },
-          error: null,
-        })
-      } else {
-        return Promise.resolve({
-          response: { status: 404 },
-          data: null,
-          error: { message: 'Sandbox not found' },
-        })
+  vi.mocked(infra.GET).mockImplementation(
+    (
+      path: string,
+      options: {
+        params: { path: { sandboxID: string } }
+        headers: Record<string, string | undefined>
+      }
+    ) => {
+      if (
+        path === '/sandboxes/{sandboxID}' &&
+        options.params.path.sandboxID === sandboxId &&
+        options.headers[SUPABASE_TEAM_HEADER] === teamId &&
+        Boolean(options.headers[SUPABASE_TOKEN_HEADER])
+      ) {
+        if (found) {
+          return Promise.resolve({
+            response: { status: 200 },
+            data: {
+              sandboxID: sandboxId,
+              templateID: 'template123',
+              clientID: 'client123',
+              startedAt: '2024-01-01T00:00:00Z',
+              endAt: '2024-01-02T00:00:00Z',
+              state: 'running',
+              cpuCount: 2,
+              memoryMB: 4096,
+              diskSizeMB: 10240,
+              envdVersion: '1.0.0',
+            },
+            error: null,
+          })
+        } else {
+          return Promise.resolve({
+            response: { status: 404 },
+            data: null,
+            error: { message: 'Sandbox not found' },
+          })
+        }
       }
-    }
 
-    return Promise.resolve({
-      response: { status: 404 },
-      data: null,
-      error: { message: 'Not found' },
-    })
-  })
+      return Promise.resolve({
+        response: { status: 404 },
+        data: null,
+        error: { message: 'Not found' },
+      })
+    }
+  )
 }
 
 // ============================================================================
@@ -188,11 +214,17 @@ function setupSandboxResponse(
 // ============================================================================
 
 describe('Sandbox Inspect Route - Integration Tests', () => {
-  let GET: any
+  let GET: (
+    request: NextRequest,
+    context: { params: Promise<{ sandboxId: string }> }
+  ) => Promise<Response>
 
   beforeEach(async () => {
     vi.clearAllMocks()
     mockRedirectCalls = []
+    mockCreateUserTeamsRepository.mockReturnValue({
+      listUserTeams: mockListUserTeams,
+    })
 
     // Dynamically import the route handler after mocks are set up
     const routeModule = await import(
@@ -303,7 +335,7 @@ describe('Sandbox Inspect Route - Integration Tests', () => {
      * SECURITY TEST: Verifies session errors are handled properly
      */
     it('redirects to sign-in when session is invalid', async () => {
-      setupAuthenticatedUser('user-123', null as any)
+      setupAuthenticatedUser('user-123')
 
       mockSupabaseClient.auth.getSession.mockResolvedValue({
         data: { session: null },
@@ -450,6 +482,10 @@ describe('Sandbox Inspect Route - Integration Tests', () => {
       expect(mockRedirectCalls[0]?.url).toContain(
         PROTECTED_URLS.SANDBOX('new-team', 'sbx789')
       )
+      expect(vi.mocked(setTeamCookies)).toHaveBeenCalledWith(
+        'team-456',
+        'new-team'
+      )
     })
   })
 
@@ -459,21 +495,10 @@ describe('Sandbox Inspect Route - Integration Tests', () => {
      */
     it('handles database errors gracefully', async () => {
       setupAuthenticatedUser()
-
-      // Setup: Database error when fetching teams
-      vi.mocked(supabaseAdmin.from).mockImplementation(
-        () =>
-          ({
-            select: vi.fn(() => ({
-              eq: vi.fn(() =>
-                Promise.resolve({
-                  data: null,
-                  error: { message: 'Database connection error' },
-                })
-              ),
-            })),
-          }) as any
-      )
+      mockListUserTeams.mockResolvedValue({
+        ok: false,
+        error: new Error('Database connection error'),
+      })
 
       const request = createMockRequest('sbx123')
       const params = createMockParams('sbx123')
diff --git a/src/__test__/integration/proxy.test.ts b/src/__test__/integration/proxy.test.ts
index fa970dff4..edc33fe78 100644
--- a/src/__test__/integration/proxy.test.ts
+++ b/src/__test__/integration/proxy.test.ts
@@ -15,10 +15,11 @@ vi.mock('@supabase/ssr', () => ({
 }))
 
 // mock logger to avoid noise in tests
-vi.mock('@/lib/clients/logger/logger', () => ({
+vi.mock('@/core/shared/clients/logger/logger', () => ({
   l: {
     error: vi.fn(),
   },
+  serializeErrorForLog: vi.fn((error) => error),
 }))
 
 // mock next/server to track redirects and responses
diff --git a/src/__test__/integration/resolve-user-team.test.ts b/src/__test__/integration/resolve-user-team.test.ts
index 8c26c2cdc..28b7a64b7 100644
--- a/src/__test__/integration/resolve-user-team.test.ts
+++ b/src/__test__/integration/resolve-user-team.test.ts
@@ -1,525 +1,209 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 import { COOKIE_KEYS } from '@/configs/cookies'
 
-/**
- * Integration tests for resolveUserTeam function
- *
- * This function is CRITICAL for security as it resolves which team a user should access.
- * It MUST always resolve an authorized team for the user, even if:
- * - User has cookies for a team they're not authorized to access
- * - User has no cookies at all
- * - User has invalid/stale cookies
- *
- * Test Coverage:
- * 1. Valid authorized cookies - should use cookies
- * 2. Invalid/unauthorized cookies - should fall back to DB (SECURITY CRITICAL)
- * 3. No cookies - should use default team from DB
- * 4. No cookies, no default - should use first team from DB
- * 5. No teams - should return null
- * 6. Partial cookies - should fall back to DB
- * 7. Database errors - should handle gracefully
- */
-
-// create hoisted mocks
-const { mockSupabaseAdmin, mockCookieStore, mockCheckUserTeamAuth } =
-  vi.hoisted(() => ({
-    mockSupabaseAdmin: {
-      from: vi.fn(),
-    },
-    mockCookieStore: {
-      get: vi.fn(),
-    },
-    mockCheckUserTeamAuth: vi.fn(),
-  }))
-
-vi.mock('@/lib/clients/supabase/admin', () => ({
-  supabaseAdmin: mockSupabaseAdmin,
+const {
+  mockCookieStore,
+  mockListUserTeams,
+  mockResolveTeamBySlug,
+  mockCreateUserTeamsRepository,
+} = vi.hoisted(() => ({
+  mockCookieStore: {
+    get: vi.fn(),
+  },
+  mockListUserTeams: vi.fn(),
+  mockResolveTeamBySlug: vi.fn(),
+  mockCreateUserTeamsRepository: vi.fn(),
 }))
 
 vi.mock('next/headers', () => ({
   cookies: vi.fn(() => mockCookieStore),
 }))
 
-vi.mock('@/server/auth/check-user-team-auth-cached', () => ({
-  checkUserTeamAuth: mockCheckUserTeamAuth,
+vi.mock('@/core/modules/teams/user-teams-repository.server', () => ({
+  createUserTeamsRepository: mockCreateUserTeamsRepository,
 }))
 
-// import after mocks are set up
-import { resolveUserTeam } from '@/server/team/resolve-user-team'
+import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
 
-describe('resolveUserTeam - Authorization Integration Tests', () => {
+function setupCookies(cookieValues: Record<string, string | undefined>) {
+  mockCookieStore.get.mockImplementation((key: string) => {
+    const value = cookieValues[key]
+    return typeof value === 'string' ? { value } : undefined
+  })
+}
+
+function createTeam(overrides: Record<string, unknown> = {}) {
+  return {
+    id: 'team-1',
+    slug: 'team-one',
+    isDefault: false,
+    name: 'Team One',
+    email: 'team-one@example.com',
+    ...overrides,
+  }
+}
+
+describe('resolveUserTeam', () => {
   beforeEach(() => {
     vi.clearAllMocks()
+    mockCreateUserTeamsRepository.mockReturnValue({
+      listUserTeams: mockListUserTeams,
+      resolveTeamBySlug: mockResolveTeamBySlug,
+    })
   })
 
   afterEach(() => {
     vi.resetAllMocks()
   })
 
-  /**
-   * Helper to setup cookie mock responses
-   */
-  function setupCookies(cookieValues: Record<string, string>) {
-    mockCookieStore.get.mockImplementation((key: string) => {
-      const value = cookieValues[key]
-      return value ? { value } : undefined
+  it('returns the cookie-backed team when the cookie slug resolves', async () => {
+    setupCookies({
+      [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-cookie-id',
+      [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'team-cookie-slug',
     })
-  }
-
-  /**
-   * Helper to setup database mock responses for users_teams query
-   */
-  function setupDatabaseMock(
-    teams: Array<{
-      team_id: string
-      is_default: boolean
-      team: { id: string; slug: string } | null
-    }> | null,
-    error: { message: string } | null = null
-  ) {
-    const selectMock = vi.fn().mockReturnThis()
-    const eqMock = vi.fn().mockResolvedValue({
-      data: teams,
-      error,
+    mockResolveTeamBySlug.mockResolvedValue({
+      ok: true,
+      data: {
+        id: 'team-cookie-id',
+        slug: 'team-cookie-slug',
+      },
     })
 
-    mockSupabaseAdmin.from.mockReturnValue({
-      select: selectMock,
-    })
+    const result = await resolveUserTeam('access-token')
 
-    selectMock.mockReturnValue({
-      eq: eqMock,
-    })
-
-    return { selectMock, eqMock }
-  }
-
-  describe('Valid Authorized Cookies', () => {
-    it('should use cookies when user is authorized for the team', async () => {
-      // setup: user has valid cookies
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-456',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'my-team',
-      })
-
-      // setup: authorization check passes
-      mockCheckUserTeamAuth.mockResolvedValue(true)
-
-      // execute
-      const result = await resolveUserTeam('user-123')
-
-      // verify: authorization was checked
-      expect(mockCheckUserTeamAuth).toHaveBeenCalledWith('user-123', 'team-456')
-
-      // verify: returns team from cookies
-      expect(result).toEqual({
-        id: 'team-456',
-        slug: 'my-team',
-      })
-
-      // verify: database was NOT queried (cookies used)
-      expect(mockSupabaseAdmin.from).not.toHaveBeenCalled()
-    })
-
-    it('should use cookies for user with multiple teams', async () => {
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-secondary',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'secondary-team',
-      })
-
-      mockCheckUserTeamAuth.mockResolvedValue(true)
-
-      const result = await resolveUserTeam('user-123')
-
-      expect(result).toEqual({
-        id: 'team-secondary',
-        slug: 'secondary-team',
-      })
-      expect(mockSupabaseAdmin.from).not.toHaveBeenCalled()
+    expect(result).toEqual({
+      id: 'team-cookie-id',
+      slug: 'team-cookie-slug',
     })
+    expect(mockResolveTeamBySlug).toHaveBeenCalledWith('team-cookie-slug')
+    expect(mockListUserTeams).not.toHaveBeenCalled()
   })
 
-  describe('Invalid/Unauthorized Cookies', () => {
-    it('should fall back to database when user has cookies for unauthorized team', async () => {
-      // user has cookies for a team they shouldn't access
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-unauthorized',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'unauthorized-team',
-      })
-
-      // setup: authorization check FAILS
-      mockCheckUserTeamAuth.mockResolvedValue(false)
-
-      // setup: database returns user's actual authorized teams
-      setupDatabaseMock([
-        {
-          team_id: 'team-authorized',
-          is_default: true,
-          team: { id: 'team-authorized', slug: 'authorized-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // verify: authorization was checked
-      expect(mockCheckUserTeamAuth).toHaveBeenCalledWith(
-        'user-123',
-        'team-unauthorized'
-      )
-
-      // verify: returns authorized team from DB, NOT from cookies
-      expect(result).toEqual({
-        id: 'team-authorized',
-        slug: 'authorized-team',
-      })
-
-      // verify: database was queried (fallback)
-      expect(mockSupabaseAdmin.from).toHaveBeenCalled()
+  it('returns the resolved team when the cookie id is stale but the slug is valid', async () => {
+    setupCookies({
+      [COOKIE_KEYS.SELECTED_TEAM_ID]: 'stale-team-id',
+      [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'team-cookie-slug',
     })
-
-    it('should use first team when unauthorized cookies and no default team', async () => {
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-unauthorized',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'unauthorized-team',
-      })
-
-      mockCheckUserTeamAuth.mockResolvedValue(false)
-
-      // no default team, but has teams
-      setupDatabaseMock([
-        {
-          team_id: 'team-first',
-          is_default: false,
-          team: { id: 'team-first', slug: 'first-team' },
-        },
-        {
-          team_id: 'team-second',
-          is_default: false,
-          team: { id: 'team-second', slug: 'second-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should use first team from list
-      expect(result).toEqual({
-        id: 'team-first',
-        slug: 'first-team',
-      })
+    mockResolveTeamBySlug.mockResolvedValue({
+      ok: true,
+      data: {
+        id: 'team-cookie-id',
+        slug: 'team-cookie-slug',
+      },
     })
 
-    it('should return null when unauthorized cookies and no teams in DB', async () => {
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-unauthorized',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'unauthorized-team',
-      })
-
-      mockCheckUserTeamAuth.mockResolvedValue(false)
-
-      // user has no teams
-      setupDatabaseMock([])
-
-      const result = await resolveUserTeam('user-123')
+    const result = await resolveUserTeam('access-token')
 
-      expect(result).toBeNull()
+    expect(result).toEqual({
+      id: 'team-cookie-id',
+      slug: 'team-cookie-slug',
     })
+    expect(mockListUserTeams).not.toHaveBeenCalled()
   })
 
-  describe('No Cookies', () => {
-    it('should use default team from database when no cookies exist', async () => {
-      // no cookies
-      setupCookies({})
-
-      // setup: database returns teams with a default
-      setupDatabaseMock([
-        {
-          team_id: 'team-default',
-          is_default: true,
-          team: { id: 'team-default', slug: 'default-team' },
-        },
-        {
-          team_id: 'team-other',
-          is_default: false,
-          team: { id: 'team-other', slug: 'other-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // verify: did not check authorization (no cookies to check)
-      expect(mockCheckUserTeamAuth).not.toHaveBeenCalled()
-
-      // verify: returns default team
-      expect(result).toEqual({
-        id: 'team-default',
-        slug: 'default-team',
-      })
+  it('returns the default slug-backed team when cookies are missing', async () => {
+    setupCookies({})
+    mockListUserTeams.mockResolvedValue({
+      ok: true,
+      data: [
+        createTeam({ id: 'team-a', slug: 'team-a' }),
+        createTeam({ id: 'team-b', slug: 'team-b', isDefault: true }),
+      ],
     })
 
-    it('should use first team when no cookies and no default team', async () => {
-      setupCookies({})
-
-      // no default team
-      setupDatabaseMock([
-        {
-          team_id: 'team-first',
-          is_default: false,
-          team: { id: 'team-first', slug: 'first-team' },
-        },
-        {
-          team_id: 'team-second',
-          is_default: false,
-          team: { id: 'team-second', slug: 'second-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should use first team from list
-      expect(result).toEqual({
-        id: 'team-first',
-        slug: 'first-team',
-      })
-    })
+    const result = await resolveUserTeam('access-token')
 
-    it('should handle team without slug (use ID instead)', async () => {
-      setupCookies({})
-
-      // team has no slug (edge case)
-      setupDatabaseMock([
-        {
-          team_id: 'team-id-only',
-          is_default: true,
-          team: { id: 'team-id-only', slug: '' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should fallback to ID when slug is empty
-      expect(result).toEqual({
-        id: 'team-id-only',
-        slug: 'team-id-only',
-      })
+    expect(result).toEqual({
+      id: 'team-b',
+      slug: 'team-b',
     })
-
-    it('should return null when no cookies and no teams', async () => {
-      setupCookies({})
-
-      setupDatabaseMock([])
-
-      const result = await resolveUserTeam('user-123')
-
-      expect(result).toBeNull()
+    expect(mockCreateUserTeamsRepository).toHaveBeenCalledWith({
+      accessToken: 'access-token',
     })
+  })
 
-    it('should return null when database returns null', async () => {
-      setupCookies({})
-
-      setupDatabaseMock(null)
+  it('falls back to the first slug-backed team when the default has no slug', async () => {
+    setupCookies({})
+    mockListUserTeams.mockResolvedValue({
+      ok: true,
+      data: [
+        createTeam({ id: 'team-default', slug: '', isDefault: true }),
+        createTeam({ id: 'team-slugged', slug: 'team-slugged' }),
+      ],
+    })
 
-      const result = await resolveUserTeam('user-123')
+    const result = await resolveUserTeam('access-token')
 
-      expect(result).toBeNull()
+    expect(result).toEqual({
+      id: 'team-slugged',
+      slug: 'team-slugged',
     })
   })
 
-  describe('Partial Cookies', () => {
-    it('should fall back to database when only team ID cookie exists', async () => {
-      // only team ID cookie, no slug
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-456',
-      })
-
-      setupDatabaseMock([
-        {
-          team_id: 'team-default',
-          is_default: true,
-          team: { id: 'team-default', slug: 'default-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // verify: did not check authorization (incomplete cookies)
-      expect(mockCheckUserTeamAuth).not.toHaveBeenCalled()
-
-      // verify: fell back to database
-      expect(result).toEqual({
-        id: 'team-default',
-        slug: 'default-team',
-      })
+  it('falls back to the repository when the cookie slug is no longer accessible', async () => {
+    setupCookies({
+      [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-cookie-id',
+      [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'team-cookie-slug',
     })
-
-    it('should fall back to database when only team slug cookie exists', async () => {
-      // only team slug cookie, no ID
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'my-team',
-      })
-
-      setupDatabaseMock([
-        {
-          team_id: 'team-default',
-          is_default: true,
-          team: { id: 'team-default', slug: 'default-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      expect(mockCheckUserTeamAuth).not.toHaveBeenCalled()
-      expect(result).toEqual({
-        id: 'team-default',
-        slug: 'default-team',
-      })
+    mockResolveTeamBySlug.mockResolvedValue({
+      ok: false,
+      error: new Error('Team not found'),
+    })
+    mockListUserTeams.mockResolvedValue({
+      ok: true,
+      data: [createTeam({ id: 'team-db', slug: 'team-db', isDefault: true })],
     })
-  })
-
-  describe('Database Errors', () => {
-    it('should return null when database query fails', async () => {
-      setupCookies({})
-
-      setupDatabaseMock(null, { message: 'Database connection failed' })
 
-      const result = await resolveUserTeam('user-123')
+    const result = await resolveUserTeam('access-token')
 
-      expect(result).toBeNull()
+    expect(result).toEqual({
+      id: 'team-db',
+      slug: 'team-db',
     })
+  })
 
-    it('should fall back to database when authorization check fails with error', async () => {
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-456',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'my-team',
-      })
-
-      // authorization check fails (returns false on error)
-      mockCheckUserTeamAuth.mockResolvedValue(false)
-
-      setupDatabaseMock([
-        {
-          team_id: 'team-default',
-          is_default: true,
-          team: { id: 'team-default', slug: 'default-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should still fall back to database
-      expect(result).toEqual({
-        id: 'team-default',
-        slug: 'default-team',
-      })
+  it('falls back to the repository when cookies are partial', async () => {
+    setupCookies({
+      [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-cookie-id',
+    })
+    mockListUserTeams.mockResolvedValue({
+      ok: true,
+      data: [createTeam({ id: 'team-db', slug: 'team-db', isDefault: true })],
     })
 
-    it('should return null when team relation is malformed', async () => {
-      setupCookies({})
-
-      // malformed data - team relation is null
-      setupDatabaseMock([
-        {
-          team_id: 'team-123',
-          is_default: true,
-          team: null, // malformed!
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
+    const result = await resolveUserTeam('access-token')
 
-      expect(result).toBeNull()
+    expect(result).toEqual({
+      id: 'team-db',
+      slug: 'team-db',
     })
+    expect(mockResolveTeamBySlug).not.toHaveBeenCalled()
   })
 
-  describe('Complex Scenarios', () => {
-    it('should prefer default team over first team when both exist', async () => {
-      setupCookies({})
-
-      setupDatabaseMock([
-        {
-          team_id: 'team-first',
-          is_default: false,
-          team: { id: 'team-first', slug: 'first-team' },
-        },
-        {
-          team_id: 'team-default',
-          is_default: true,
-          team: { id: 'team-default', slug: 'default-team' },
-        },
-        {
-          team_id: 'team-third',
-          is_default: false,
-          team: { id: 'team-third', slug: 'third-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should use default team, not first team
-      expect(result).toEqual({
-        id: 'team-default',
-        slug: 'default-team',
-      })
+  it('returns null when no slug-backed team can be resolved', async () => {
+    setupCookies({})
+    mockListUserTeams.mockResolvedValue({
+      ok: true,
+      data: [
+        createTeam({ id: 'team-a', slug: '', isDefault: true }),
+        createTeam({ id: 'team-b', slug: '' }),
+      ],
     })
 
-    it('should handle user switching teams correctly', async () => {
-      // first call - user has cookies for team A
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-a',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'team-a-slug',
-      })
-
-      mockCheckUserTeamAuth.mockResolvedValue(true)
-
-      let result = await resolveUserTeam('user-123')
+    const result = await resolveUserTeam('access-token')
 
-      expect(result).toEqual({
-        id: 'team-a',
-        slug: 'team-a-slug',
-      })
-
-      // second call - user switches to team B
-      vi.clearAllMocks()
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-b',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'team-b-slug',
-      })
-
-      mockCheckUserTeamAuth.mockResolvedValue(true)
-
-      result = await resolveUserTeam('user-123')
+    expect(result).toBeNull()
+  })
 
-      expect(result).toEqual({
-        id: 'team-b',
-        slug: 'team-b-slug',
-      })
+  it('returns null when listing teams fails', async () => {
+    setupCookies({})
+    mockListUserTeams.mockResolvedValue({
+      ok: false,
+      error: new Error('Failed to fetch user teams'),
     })
 
-    it('should prevent access when user loses team membership', async () => {
-      // user has cookies for a team they were previously a member of
-      setupCookies({
-        [COOKIE_KEYS.SELECTED_TEAM_ID]: 'team-removed',
-        [COOKIE_KEYS.SELECTED_TEAM_SLUG]: 'removed-team',
-      })
-
-      // authorization check fails (no longer a member)
-      mockCheckUserTeamAuth.mockResolvedValue(false)
-
-      // user has other teams
-      setupDatabaseMock([
-        {
-          team_id: 'team-remaining',
-          is_default: true,
-          team: { id: 'team-remaining', slug: 'remaining-team' },
-        },
-      ])
-
-      const result = await resolveUserTeam('user-123')
-
-      // should redirect to remaining team
-      expect(result).toEqual({
-        id: 'team-remaining',
-        slug: 'remaining-team',
-      })
-    })
+    const result = await resolveUserTeam('access-token')
+
+    expect(result).toBeNull()
   })
 })
diff --git a/src/__test__/setup.ts b/src/__test__/setup.ts
index 37226c0a9..551fdefc2 100644
--- a/src/__test__/setup.ts
+++ b/src/__test__/setup.ts
@@ -10,7 +10,7 @@ vi.mock('server-only', () => ({}))
 vi.mock('server-cli-only', () => ({}))
 
 // default mocks
-vi.mock('@/lib/clients/logger', () => ({
+vi.mock('@/core/shared/clients/logger', () => ({
   l: {
     error: console.error,
     info: console.info,
diff --git a/src/__test__/unit/chart-utils.test.ts b/src/__test__/unit/chart-utils.test.ts
index 6ff740a71..5b0ad4829 100644
--- a/src/__test__/unit/chart-utils.test.ts
+++ b/src/__test__/unit/chart-utils.test.ts
@@ -1,7 +1,7 @@
 import { describe, expect, it } from 'vitest'
+import type { ClientTeamMetric } from '@/core/modules/sandboxes/models.client'
 import { transformMetrics } from '@/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/utils'
 import { calculateAxisMax } from '@/lib/utils/chart'
-import type { ClientTeamMetric } from '@/types/sandboxes.types'
 
 describe('team-metrics-chart-utils', () => {
   describe('calculateYAxisMax', () => {
diff --git a/src/__test__/unit/fill-metrics-with-zeros.test.ts b/src/__test__/unit/fill-metrics-with-zeros.test.ts
index 40af27022..0afce30b5 100644
--- a/src/__test__/unit/fill-metrics-with-zeros.test.ts
+++ b/src/__test__/unit/fill-metrics-with-zeros.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from 'vitest'
-import { fillTeamMetricsWithZeros } from '@/server/sandboxes/utils'
-import type { ClientTeamMetrics } from '@/types/sandboxes.types'
+import type { ClientTeamMetrics } from '@/core/modules/sandboxes/models.client'
+import { fillTeamMetricsWithZeros } from '@/core/server/functions/sandboxes/utils'
 
 describe('fillTeamMetricsWithZeros', () => {
   describe('Empty data handling', () => {
diff --git a/src/__test__/unit/sandbox-lifecycle.test.ts b/src/__test__/unit/sandbox-lifecycle.test.ts
index 42f9d8f29..10fceb0a3 100644
--- a/src/__test__/unit/sandbox-lifecycle.test.ts
+++ b/src/__test__/unit/sandbox-lifecycle.test.ts
@@ -1,12 +1,12 @@
 import { describe, expect, it } from 'vitest'
 import {
   deriveSandboxLifecycleFromEvents,
-  type SandboxEventDTO,
-} from '@/server/api/models/sandboxes.models'
+  type SandboxEventModel,
+} from '@/core/modules/sandboxes/models'
 
 function createLifecycleEvent(
-  overrides: Partial<SandboxEventDTO> & Pick<SandboxEventDTO, 'id' | 'type'>
-): SandboxEventDTO {
+  overrides: Partial<SandboxEventModel> & Pick<SandboxEventModel, 'id' | 'type'>
+): SandboxEventModel {
   return {
     id: overrides.id,
     version: 'v1',
@@ -24,7 +24,7 @@ function createLifecycleEvent(
 
 describe('deriveSandboxLifecycleFromEvents', () => {
   it('derives createdAt, pausedAt and endedAt from a full lifecycle', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '5',
         type: 'sandbox.lifecycle.killed',
@@ -68,7 +68,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('keeps pausedAt when the sandbox is paused and not resumed yet', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
@@ -89,7 +89,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('uses first created event and the last killed event', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
@@ -119,7 +119,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('uses the last paused or killed event to constrain the lifecycle', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
@@ -160,7 +160,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('does not constrain when the last event is resumed', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
@@ -186,7 +186,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('does not constrain when the last event is updated', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
@@ -212,7 +212,7 @@ describe('deriveSandboxLifecycleFromEvents', () => {
   })
 
   it('ignores non-lifecycle events', () => {
-    const events: SandboxEventDTO[] = [
+    const events: SandboxEventModel[] = [
       createLifecycleEvent({
         id: '1',
         type: 'sandbox.lifecycle.created',
diff --git a/src/__test__/unit/sandbox-monitoring-chart-model.test.ts b/src/__test__/unit/sandbox-monitoring-chart-model.test.ts
index 67d932d47..848a982ef 100644
--- a/src/__test__/unit/sandbox-monitoring-chart-model.test.ts
+++ b/src/__test__/unit/sandbox-monitoring-chart-model.test.ts
@@ -1,9 +1,9 @@
 import { describe, expect, it } from 'vitest'
-import { buildMonitoringChartModel } from '@/features/dashboard/sandbox/monitoring/utils/chart-model'
 import type {
-  SandboxEventDTO,
+  SandboxEventModel,
   SandboxMetric,
-} from '@/server/api/models/sandboxes.models'
+} from '@/core/modules/sandboxes/models'
+import { buildMonitoringChartModel } from '@/features/dashboard/sandbox/monitoring/utils/chart-model'
 
 const baseMetric = {
   timestamp: '1970-01-01T00:00:00.000Z',
@@ -16,8 +16,8 @@ const baseMetric = {
 >
 
 function createLifecycleEvent(
-  overrides: Partial<SandboxEventDTO> & Pick<SandboxEventDTO, 'id' | 'type'>
-): SandboxEventDTO {
+  overrides: Partial<SandboxEventModel> & Pick<SandboxEventModel, 'id' | 'type'>
+): SandboxEventModel {
   return {
     id: overrides.id,
     version: 'v1',
@@ -148,7 +148,7 @@ describe('buildMonitoringChartModel', () => {
       },
     ]
 
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'pause',
         type: 'sandbox.lifecycle.paused',
@@ -233,7 +233,7 @@ describe('buildMonitoringChartModel', () => {
       },
     ]
 
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'pause-1',
         type: 'sandbox.lifecycle.paused',
@@ -276,7 +276,7 @@ describe('buildMonitoringChartModel', () => {
   })
 
   it('draws a synthetic dashed connector across an active lifecycle window when no metrics were collected', () => {
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'created',
         type: 'sandbox.lifecycle.created',
@@ -324,7 +324,7 @@ describe('buildMonitoringChartModel', () => {
   })
 
   it('draws a dashed connector from created to the first metric when the range starts at created', () => {
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'created',
         type: 'sandbox.lifecycle.created',
@@ -357,7 +357,7 @@ describe('buildMonitoringChartModel', () => {
   })
 
   it('draws a dashed connector from created to the first metric when the range starts before created', () => {
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'created',
         type: 'sandbox.lifecycle.created',
@@ -399,7 +399,7 @@ describe('buildMonitoringChartModel', () => {
   })
 
   it('builds visible lifecycle event markers for created, paused, resumed, and killed only', () => {
-    const lifecycleEvents: SandboxEventDTO[] = [
+    const lifecycleEvents: SandboxEventModel[] = [
       createLifecycleEvent({
         id: 'outside',
         type: 'sandbox.lifecycle.killed',
diff --git a/src/__test__/unit/team-display-name.test.ts b/src/__test__/unit/team-display-name.test.ts
new file mode 100644
index 000000000..377808f31
--- /dev/null
+++ b/src/__test__/unit/team-display-name.test.ts
@@ -0,0 +1,42 @@
+import { describe, expect, it } from 'vitest'
+import {
+  getTeamDisplayName,
+  getTransformedDefaultTeamName,
+} from '@/core/modules/teams/utils'
+
+describe('team display name', () => {
+  it('transforms unchanged default team email names', () => {
+    const transformed = getTransformedDefaultTeamName({
+      email: 'ben.fornefeld@gmail.com',
+      isDefault: true,
+      name: 'ben.fornefeld@gmail.com',
+    })
+
+    expect(transformed).toBe("Ben.fornefeld's Team")
+    expect(
+      getTeamDisplayName({
+        email: 'ben.fornefeld@gmail.com',
+        isDefault: true,
+        name: 'ben.fornefeld@gmail.com',
+      })
+    ).toBe("Ben.fornefeld's Team")
+  })
+
+  it('falls back to the raw team name otherwise', () => {
+    expect(
+      getTransformedDefaultTeamName({
+        email: 'ben.fornefeld@gmail.com',
+        isDefault: true,
+        name: 'Platform Team',
+      })
+    ).toBeNull()
+
+    expect(
+      getTeamDisplayName({
+        email: 'ben.fornefeld@gmail.com',
+        isDefault: false,
+        name: 'Platform Team',
+      })
+    ).toBe('Platform Team')
+  })
+})
diff --git a/src/app/(auth)/auth/cli/page.tsx b/src/app/(auth)/auth/cli/page.tsx
index d116b3c44..221daca26 100644
--- a/src/app/(auth)/auth/cli/page.tsx
+++ b/src/app/(auth)/auth/cli/page.tsx
@@ -1,13 +1,12 @@
 import { CloudIcon, LaptopIcon, Link2Icon } from 'lucide-react'
 import { redirect } from 'next/navigation'
 import { Suspense } from 'react'
-import { serializeError } from 'serialize-error'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
-import { createClient } from '@/lib/clients/supabase/server'
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import { encodedRedirect } from '@/lib/utils/auth'
 import { generateE2BUserAccessToken } from '@/lib/utils/server'
-import { getDefaultTeamRelation } from '@/server/auth/get-default-team'
 import { Alert, AlertDescription, AlertTitle } from '@/ui/primitives/alert'
 
 // Types
@@ -21,7 +20,6 @@ type CLISearchParams = Promise<{
 
 async function handleCLIAuth(
   next: string,
-  userId: string,
   userEmail: string,
   supabaseAccessToken: string
 ) {
@@ -29,20 +27,31 @@ async function handleCLIAuth(
     throw new Error('Invalid redirect URL')
   }
 
-  try {
-    const defaultTeam = await getDefaultTeamRelation(userId)
-    const e2bAccessToken = await generateE2BUserAccessToken(supabaseAccessToken)
+  const teamsResult = await createUserTeamsRepository({
+    accessToken: supabaseAccessToken,
+  }).listUserTeams()
 
-    const searchParams = new URLSearchParams({
-      email: userEmail,
-      accessToken: e2bAccessToken.token,
-      defaultTeamId: defaultTeam.team_id,
-    })
+  if (!teamsResult.ok) {
+    throw new Error('Failed to resolve default team')
+  }
 
-    return redirect(`${next}?${searchParams.toString()}`)
-  } catch (err) {
-    throw err
+  const defaultTeam =
+    teamsResult.data.find((team) => team.isDefault && team.slug) ??
+    teamsResult.data.find((team) => team.slug)
+
+  if (!defaultTeam) {
+    throw new Error('Failed to resolve default team')
   }
+
+  const e2bAccessToken = await generateE2BUserAccessToken(supabaseAccessToken)
+
+  const searchParams = new URLSearchParams({
+    email: userEmail,
+    accessToken: e2bAccessToken.token,
+    defaultTeamId: defaultTeam.id,
+  })
+
+  return redirect(`${next}?${searchParams.toString()}`)
 }
 
 // UI Components
@@ -131,12 +140,11 @@ export default async function CLIAuthPage({
         throw new Error('No provider access token found')
       }
 
-      return await handleCLIAuth(
-        next,
-        user.id,
-        user.email!,
-        session.access_token
-      )
+      if (!user.email) {
+        throw new Error('No user email found')
+      }
+
+      return await handleCLIAuth(next, user.email, session.access_token)
     } catch (err) {
       if (err instanceof Error && err.message.includes('NEXT_REDIRECT')) {
         throw err
@@ -145,7 +153,7 @@ export default async function CLIAuthPage({
       l.error(
         {
           key: 'cli_auth:unexpected_error',
-          error: serializeError(err),
+          error: serializeErrorForLog(err),
           user_id: user?.id,
           context: {
             next,
diff --git a/src/app/(auth)/confirm/page.tsx b/src/app/(auth)/confirm/page.tsx
index 7cfaf88f9..07cd39f90 100644
--- a/src/app/(auth)/confirm/page.tsx
+++ b/src/app/(auth)/confirm/page.tsx
@@ -4,13 +4,13 @@ import { useMutation } from '@tanstack/react-query'
 import { useRouter, useSearchParams } from 'next/navigation'
 import { useMemo, useTransition } from 'react'
 import { AUTH_URLS } from '@/configs/urls'
-import { AuthFormMessage } from '@/features/auth/form-message'
 import {
   type ConfirmEmailInput,
   ConfirmEmailInputSchema,
   type OtpType,
   OtpTypeSchema,
-} from '@/server/api/models/auth.models'
+} from '@/core/modules/auth/models'
+import { AuthFormMessage } from '@/features/auth/form-message'
 import { Button } from '@/ui/primitives/button'
 
 const OTP_TYPE_LABELS: Record<OtpType, string> = {
diff --git a/src/app/(auth)/forgot-password/page.tsx b/src/app/(auth)/forgot-password/page.tsx
index dc470821e..3aa518ee9 100644
--- a/src/app/(auth)/forgot-password/page.tsx
+++ b/src/app/(auth)/forgot-password/page.tsx
@@ -9,9 +9,9 @@ import {
   getTimeoutMsFromUserMessage,
   USER_MESSAGES,
 } from '@/configs/user-messages'
+import { forgotPasswordAction } from '@/core/server/actions/auth-actions'
+import { forgotPasswordSchema } from '@/core/server/functions/auth/auth.types'
 import { AuthFormMessage, type AuthMessage } from '@/features/auth/form-message'
-import { forgotPasswordSchema } from '@/server/auth/auth.types'
-import { forgotPasswordAction } from '@/server/auth/auth-actions'
 import { Button } from '@/ui/primitives/button'
 import { Input } from '@/ui/primitives/input'
 import { Label } from '@/ui/primitives/label'
diff --git a/src/app/(auth)/sign-in/page.tsx b/src/app/(auth)/sign-in/page.tsx
index d091d7674..7bc10651f 100644
--- a/src/app/(auth)/sign-in/page.tsx
+++ b/src/app/(auth)/sign-in/page.tsx
@@ -7,10 +7,10 @@ import { useSearchParams } from 'next/navigation'
 import { Suspense, useEffect, useState } from 'react'
 import { AUTH_URLS } from '@/configs/urls'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { signInAction } from '@/core/server/actions/auth-actions'
+import { signInSchema } from '@/core/server/functions/auth/auth.types'
 import { AuthFormMessage, type AuthMessage } from '@/features/auth/form-message'
 import { OAuthProviders } from '@/features/auth/oauth-provider-buttons'
-import { signInSchema } from '@/server/auth/auth.types'
-import { signInAction } from '@/server/auth/auth-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Form,
diff --git a/src/app/(auth)/sign-up/page.tsx b/src/app/(auth)/sign-up/page.tsx
index 7fdad1eb8..e1022c484 100644
--- a/src/app/(auth)/sign-up/page.tsx
+++ b/src/app/(auth)/sign-up/page.tsx
@@ -11,12 +11,12 @@ import {
   getTimeoutMsFromUserMessage,
   USER_MESSAGES,
 } from '@/configs/user-messages'
+import { signUpAction } from '@/core/server/actions/auth-actions'
+import { signUpSchema } from '@/core/server/functions/auth/auth.types'
 import { AuthFormMessage, type AuthMessage } from '@/features/auth/form-message'
 import { OAuthProviders } from '@/features/auth/oauth-provider-buttons'
 import { TurnstileWidget } from '@/features/auth/turnstile-widget'
 import { useTurnstile } from '@/features/auth/use-turnstile'
-import { signUpSchema } from '@/server/auth/auth.types'
-import { signUpAction } from '@/server/auth/auth-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Form,
diff --git a/src/app/(rewrites)/[[...slug]]/route.ts b/src/app/(rewrites)/[[...slug]]/route.ts
index d2115a635..43fe9e572 100644
--- a/src/app/(rewrites)/[[...slug]]/route.ts
+++ b/src/app/(rewrites)/[[...slug]]/route.ts
@@ -1,10 +1,9 @@
 import type { NextRequest } from 'next/server'
-import { serializeError } from 'serialize-error'
 import { constructSitemap } from '@/app/sitemap'
 import { ALLOW_SEO_INDEXING } from '@/configs/flags'
 import { ROUTE_REWRITE_CONFIG } from '@/configs/rewrites'
 import { BASE_URL } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import {
   getRewriteForPath,
   rewriteContentPagesHtml,
@@ -103,7 +102,7 @@ export async function GET(request: NextRequest): Promise<Response> {
   } catch (error) {
     l.error({
       key: 'url_rewrite:unexpected_error',
-      error: serializeError(error),
+      error: serializeErrorForLog(error),
     })
 
     return new Response(
diff --git a/src/app/api/auth/callback/route.ts b/src/app/api/auth/callback/route.ts
index 241b2d414..1f5ff8a2b 100644
--- a/src/app/api/auth/callback/route.ts
+++ b/src/app/api/auth/callback/route.ts
@@ -1,8 +1,7 @@
 import { redirect } from 'next/navigation'
-import { serializeError } from 'serialize-error'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
-import { createClient } from '@/lib/clients/supabase/server'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import { encodedRedirect } from '@/lib/utils/auth'
 
 export async function GET(request: Request) {
@@ -37,7 +36,7 @@ export async function GET(request: Request) {
       l.error(
         {
           key: 'auth_callback:supabase_error',
-          error: serializeError(error),
+          error: serializeErrorForLog(error),
           context: {
             code,
             origin,
diff --git a/src/app/api/auth/confirm/route.ts b/src/app/api/auth/confirm/route.ts
index ee0033f98..c622fec9d 100644
--- a/src/app/api/auth/confirm/route.ts
+++ b/src/app/api/auth/confirm/route.ts
@@ -2,9 +2,9 @@ import { redirect } from 'next/navigation'
 import type { NextRequest } from 'next/server'
 import { z } from 'zod'
 import { AUTH_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
+import { OtpTypeSchema } from '@/core/modules/auth/models'
+import { l } from '@/core/shared/clients/logger/logger'
 import { encodedRedirect, isExternalOrigin } from '@/lib/utils/auth'
-import { OtpTypeSchema } from '@/server/api/models/auth.models'
 
 const confirmSchema = z.object({
   token_hash: z.string().min(1),
diff --git a/src/app/api/auth/email-callback/route.tsx b/src/app/api/auth/email-callback/route.tsx
index 3fd46b5b4..24be4c0c3 100644
--- a/src/app/api/auth/email-callback/route.tsx
+++ b/src/app/api/auth/email-callback/route.tsx
@@ -1,6 +1,6 @@
 import { redirect } from 'next/navigation'
 import { PROTECTED_URLS } from '@/configs/urls'
-import { createClient } from '@/lib/clients/supabase/server'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import { encodedRedirect } from '@/lib/utils/auth'
 
 export async function GET(request: Request) {
diff --git a/src/app/api/auth/verify-otp/route.ts b/src/app/api/auth/verify-otp/route.ts
index 87f3cd02d..590361da0 100644
--- a/src/app/api/auth/verify-otp/route.ts
+++ b/src/app/api/auth/verify-otp/route.ts
@@ -1,13 +1,13 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { flattenError } from 'zod'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
-import { isExternalOrigin } from '@/lib/utils/auth'
 import {
   ConfirmEmailInputSchema,
   type OtpType,
-} from '@/server/api/models/auth.models'
-import { authRepo } from '@/server/api/repositories/auth.repository'
+} from '@/core/modules/auth/models'
+import { authRepository } from '@/core/modules/auth/repository.server'
+import { l } from '@/core/shared/clients/logger/logger'
+import { isExternalOrigin } from '@/lib/utils/auth'
 
 /**
  * Determines the redirect URL based on OTP type.
@@ -109,7 +109,14 @@ export async function POST(request: NextRequest) {
       `verifying OTP token: ${token_hash.slice(0, 10)}`
     )
 
-    await authRepo.verifyOtp(token_hash, type)
+    const verifyResult = await authRepository.verifyOtp(token_hash, type)
+    if (!verifyResult.ok) {
+      const errorRedirectUrl = buildErrorRedirectUrl(
+        origin,
+        verifyResult.error.message
+      )
+      return NextResponse.json({ redirectUrl: errorRedirectUrl })
+    }
 
     const redirectUrl = buildRedirectUrl(type, next, origin)
 
diff --git a/src/app/api/health/route.ts b/src/app/api/health/route.ts
index 56f59379d..8fc3aea0e 100644
--- a/src/app/api/health/route.ts
+++ b/src/app/api/health/route.ts
@@ -1,20 +1,16 @@
 import { NextResponse } from 'next/server'
-import { serializeError } from 'serialize-error'
-import { kv } from '@/lib/clients/kv'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-
-// NOTE - using cdn caching for rate limiting on db calls
+import { api } from '@/core/shared/clients/api'
+import { kv } from '@/core/shared/clients/kv'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 
 export const maxDuration = 10
 
 export async function GET() {
   const checks = {
     kv: false,
-    supabase: false,
+    dashboardApi: false,
   }
 
-  // check kv
   try {
     await kv.ping()
     checks.kv = true
@@ -22,32 +18,36 @@ export async function GET() {
     l.error(
       {
         key: 'health_check:kv_error',
-        error: serializeError(error),
+        error: serializeErrorForLog(error),
       },
       'KV health check failed'
     )
   }
 
-  // check supabase
-  const { data: _, error } = await supabaseAdmin
-    .from('teams')
-    .select('id')
-    .limit(1)
-    .single()
-
-  if (!error) {
-    checks.supabase = true
-  } else {
+  try {
+    const { error } = await api.GET('/health', {})
+    if (!error) {
+      checks.dashboardApi = true
+    } else {
+      l.error(
+        {
+          key: 'health_check:dashboard_api_error',
+          error,
+        },
+        'Dashboard API health check failed'
+      )
+    }
+  } catch (error) {
     l.error(
       {
-        key: 'health_check:supabase_error',
-        error: serializeError(error),
+        key: 'health_check:dashboard_api_error',
+        error: serializeErrorForLog(error),
       },
-      'Supabase health check failed'
+      'Dashboard API health check failed'
     )
   }
 
-  const allHealthy = checks.kv && checks.supabase
+  const allHealthy = checks.kv && checks.dashboardApi
 
   return NextResponse.json(
     {
diff --git a/src/app/api/teams/[teamId]/sandboxes/metrics/route.ts b/src/app/api/teams/[teamId]/sandboxes/metrics/route.ts
deleted file mode 100644
index cb410c4fc..000000000
--- a/src/app/api/teams/[teamId]/sandboxes/metrics/route.ts
+++ /dev/null
@@ -1,76 +0,0 @@
-import 'server-cli-only'
-
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { handleDefaultInfraError } from '@/lib/utils/action'
-import { getSessionInsecure } from '@/server/auth/get-session'
-import { transformMetricsToClientMetrics } from '@/server/sandboxes/utils'
-import { MetricsRequestSchema, type MetricsResponse } from './types'
-
-export async function POST(
-  request: Request,
-  { params }: { params: Promise<{ teamId: string }> }
-) {
-  try {
-    const { teamId } = await params
-
-    const { success, data } = MetricsRequestSchema.safeParse(
-      await request.json()
-    )
-
-    if (!success) {
-      return Response.json({ error: 'Invalid request' }, { status: 400 })
-    }
-
-    const { sandboxIds } = data
-
-    // fine to use here, we only need a token for the infra api request. it will validate the token.
-    const session = await getSessionInsecure()
-
-    if (!session) {
-      return Response.json({ error: 'Unauthenticated' }, { status: 401 })
-    }
-
-    const infraRes = await infra.GET('/sandboxes/metrics', {
-      params: {
-        query: {
-          sandbox_ids: sandboxIds,
-        },
-      },
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-      },
-      cache: 'no-store',
-    })
-
-    if (infraRes.error) {
-      const status = infraRes.response.status
-
-      l.error(
-        {
-          key: 'get_team_sandboxes_metrics',
-          error: infraRes.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            path: '/sandboxes/metrics',
-            status,
-          },
-        },
-        `Failed to get team sandbox metrics: ${infraRes.error.message}`
-      )
-
-      return Response.json(
-        { error: handleDefaultInfraError(status) },
-        { status }
-      )
-    }
-
-    const metrics = transformMetricsToClientMetrics(infraRes.data.sandboxes)
-
-    return Response.json({ metrics } satisfies MetricsResponse)
-  } catch (error) {
-    return Response.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
diff --git a/src/app/api/teams/[teamId]/sandboxes/metrics/types.ts b/src/app/api/teams/[teamId]/sandboxes/metrics/types.ts
deleted file mode 100644
index e2f6a0433..000000000
--- a/src/app/api/teams/[teamId]/sandboxes/metrics/types.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-import { z } from 'zod'
-import type { ClientSandboxesMetrics } from '@/types/sandboxes.types'
-
-export const MetricsRequestSchema = z.object({
-  sandboxIds: z.array(z.string()).min(1, 'Provide at least one sandbox id'),
-})
-
-export type MetricsRequest = z.infer<typeof MetricsRequestSchema>
-
-export type MetricsResponse = {
-  metrics: ClientSandboxesMetrics
-}
diff --git a/src/app/api/teams/[teamId]/metrics/route.ts b/src/app/api/teams/[teamSlug]/metrics/route.ts
similarity index 54%
rename from src/app/api/teams/[teamId]/metrics/route.ts
rename to src/app/api/teams/[teamSlug]/metrics/route.ts
index 3223e779a..bf1d7915a 100644
--- a/src/app/api/teams/[teamId]/metrics/route.ts
+++ b/src/app/api/teams/[teamSlug]/metrics/route.ts
@@ -1,17 +1,18 @@
 import 'server-cli-only'
 
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { getSessionInsecure } from '@/server/auth/get-session'
-import { getTeamMetricsCore } from '@/server/sandboxes/get-team-metrics-core'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import { getTeamMetricsCore } from '@/core/server/functions/sandboxes/get-team-metrics-core'
+import { getTeamIdFromSlug } from '@/core/server/functions/team/get-team-id-from-slug'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { getPublicErrorMessage } from '@/core/shared/errors'
 import { TeamMetricsRequestSchema, type TeamMetricsResponse } from './types'
 
 export async function POST(
   request: Request,
-  { params }: { params: Promise<{ teamId: string }> }
+  { params }: { params: Promise<{ teamSlug: string }> }
 ) {
   try {
-    const { teamId } = await params
+    const { teamSlug } = await params
 
     const parsedInput = TeamMetricsRequestSchema.safeParse(await request.json())
 
@@ -20,8 +21,8 @@ export async function POST(
       l.warn(
         {
           key: 'team_metrics_route_handler:invalid_request',
-          error: serializeError(parsedInput.error),
-          team_id: teamId,
+          error: serializeErrorForLog(parsedInput.error),
+          team_slug: teamSlug,
           context: {
             request: parsedInput.data,
           },
@@ -40,7 +41,7 @@ export async function POST(
       l.warn(
         {
           key: 'team_metrics_route_handler:unauthenticated',
-          team_id: teamId,
+          team_slug: teamSlug,
         },
         'team_metrics_route_handler: unauthenticated'
       )
@@ -48,6 +49,21 @@ export async function POST(
       return Response.json({ error: 'Unauthenticated' }, { status: 401 })
     }
 
+    const teamId = await getTeamIdFromSlug(teamSlug, session.access_token)
+
+    if (!teamId) {
+      l.warn(
+        {
+          key: 'team_metrics_route_handler:forbidden_team',
+          team_slug: teamSlug,
+          user_id: session.user.id,
+        },
+        'team_metrics_route_handler: forbidden team'
+      )
+
+      return Response.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
     const result = await getTeamMetricsCore({
       accessToken: session.access_token,
       teamId,
@@ -57,15 +73,15 @@ export async function POST(
     })
 
     if (result.error) {
-      // error already logged in core function
-      return Response.json({ error: result.error }, { status: result.status })
+      const safeMessage = getPublicErrorMessage({ status: result.status })
+      return Response.json({ error: safeMessage }, { status: result.status })
     }
 
     return Response.json(result.data! satisfies TeamMetricsResponse)
   } catch (error) {
     l.error({
       key: 'team_metrics_route_handler:unexpected_error',
-      error: serializeError(error),
+      error: serializeErrorForLog(error),
     })
 
     return Response.json({ error: 'Internal server error' }, { status: 500 })
diff --git a/src/app/api/teams/[teamId]/metrics/types.ts b/src/app/api/teams/[teamSlug]/metrics/types.ts
similarity index 93%
rename from src/app/api/teams/[teamId]/metrics/types.ts
rename to src/app/api/teams/[teamSlug]/metrics/types.ts
index b1306f467..d32af3573 100644
--- a/src/app/api/teams/[teamId]/metrics/types.ts
+++ b/src/app/api/teams/[teamSlug]/metrics/types.ts
@@ -1,6 +1,6 @@
 import { z } from 'zod'
+import type { ClientTeamMetrics } from '@/core/modules/sandboxes/models.client'
 import { MAX_DAYS_AGO } from '@/features/dashboard/sandboxes/monitoring/time-picker/constants'
-import type { ClientTeamMetrics } from '@/types/sandboxes.types'
 
 export const TeamMetricsRequestSchema = z
   .object({
diff --git a/src/app/api/teams/user/route.ts b/src/app/api/teams/user/route.ts
deleted file mode 100644
index d2dbd6066..000000000
--- a/src/app/api/teams/user/route.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-import { createClient } from '@/lib/clients/supabase/server'
-import getUserTeamsMemo from '@/server/team/get-user-teams-memo'
-import type { UserTeamsResponse } from './types'
-
-export async function GET() {
-  try {
-    const supabase = await createClient()
-    const {
-      data: { user },
-      error,
-    } = await supabase.auth.getUser()
-
-    if (error || !user) {
-      return Response.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const teams = await getUserTeamsMemo(user)
-
-    return Response.json({ teams } satisfies UserTeamsResponse)
-  } catch (error) {
-    if (
-      error instanceof Error &&
-      error.message.includes('During prerendering')
-    ) {
-      throw error
-    }
-
-    console.error('Error fetching user teams:', error)
-    return Response.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
diff --git a/src/app/api/teams/user/types.ts b/src/app/api/teams/user/types.ts
deleted file mode 100644
index 60b1fc766..000000000
--- a/src/app/api/teams/user/types.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-import type { ClientTeam } from '@/types/dashboard.types'
-
-export type UserTeamsResponse = { teams: ClientTeam[] }
diff --git a/src/app/api/trpc/[trpc]/route.ts b/src/app/api/trpc/[trpc]/route.ts
index 303157cac..ee154b2c6 100644
--- a/src/app/api/trpc/[trpc]/route.ts
+++ b/src/app/api/trpc/[trpc]/route.ts
@@ -1,8 +1,8 @@
 import { fetchRequestHandler } from '@trpc/server/adapters/fetch'
 import type { NextRequest } from 'next/server'
 
-import { createTRPCContext } from '@/server/api/init'
-import { trpcAppRouter } from '@/server/api/routers'
+import { trpcAppRouter } from '@/core/server/api/routers'
+import { createTRPCContext } from '@/core/server/trpc/init'
 
 /**
  * This wraps the `createTRPCContext` helper and provides the required context for the tRPC API when
diff --git a/src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts b/src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
index 08d788488..cc88a8310 100644
--- a/src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
+++ b/src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
@@ -1,14 +1,13 @@
 import { cookies } from 'next/headers'
 import { type NextRequest, NextResponse } from 'next/server'
-import { serializeError } from 'serialize-error'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { COOKIE_KEYS } from '@/configs/cookies'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { createClient } from '@/lib/clients/supabase/server'
-import { SandboxIdSchema } from '@/lib/schemas/api'
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { infra } from '@/core/shared/clients/api'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
+import { SandboxIdSchema } from '@/core/shared/schemas/api'
 import { setTeamCookies } from '@/lib/utils/cookies'
 
 export const dynamic = 'force-dynamic'
@@ -159,17 +158,16 @@ export async function GET(
     }
 
     const accessToken = sessionResponse.session.access_token
-    const { data: userTeamRows, error: teamQueryError } = await supabaseAdmin
-      .from('users_teams')
-      .select('teams!inner(id, slug)')
-      .eq('user_id', userId)
+    const teamsResult = await createUserTeamsRepository({
+      accessToken,
+    }).listUserTeams()
 
-    if (teamQueryError || !userTeamRows || userTeamRows.length === 0) {
+    if (!teamsResult.ok || teamsResult.data.length === 0) {
       l.warn({
         key: 'inspect_sandbox:teams_fetch_error',
         user_id: userId,
         sandbox_id: sandboxId,
-        error: teamQueryError,
+        error: !teamsResult.ok ? teamsResult.error : undefined,
       })
 
       return redirectToDashboardWithWarning(
@@ -182,9 +180,9 @@ export async function GET(
       )
     }
 
-    const userTeams: UserTeam[] = userTeamRows.map((row) => ({
-      id: row.teams.id,
-      slug: row.teams.slug,
+    const userTeams: UserTeam[] = teamsResult.data.map((team) => ({
+      id: team.id,
+      slug: team.slug,
     }))
 
     const cookieStore = await cookies()
@@ -231,7 +229,7 @@ export async function GET(
 
     return NextResponse.redirect(redirectUrl)
   } catch (error) {
-    const serializedError = serializeError(error)
+    const serializedError = serializeErrorForLog(error)
     const errorMessage =
       typeof serializedError === 'object' &&
       serializedError !== null &&
diff --git a/src/app/dashboard/[teamIdOrSlug]/layout.tsx b/src/app/dashboard/[teamIdOrSlug]/layout.tsx
deleted file mode 100644
index 624d2444a..000000000
--- a/src/app/dashboard/[teamIdOrSlug]/layout.tsx
+++ /dev/null
@@ -1,85 +0,0 @@
-import { cookies } from 'next/headers'
-import { redirect, unauthorized } from 'next/navigation'
-import type { Metadata } from 'next/types'
-import { serializeError } from 'serialize-error'
-import { COOKIE_KEYS } from '@/configs/cookies'
-import { METADATA } from '@/configs/metadata'
-import { AUTH_URLS } from '@/configs/urls'
-import { DashboardContextProvider } from '@/features/dashboard/context'
-import DashboardLayoutView from '@/features/dashboard/layouts/layout'
-import Sidebar from '@/features/dashboard/sidebar/sidebar'
-import { l } from '@/lib/clients/logger/logger'
-import { getSessionInsecure } from '@/server/auth/get-session'
-import getUserByToken from '@/server/auth/get-user-by-token'
-import { getTeam } from '@/server/team/get-team'
-import { SidebarInset, SidebarProvider } from '@/ui/primitives/sidebar'
-
-export const metadata: Metadata = {
-  title: 'Dashboard - E2B',
-  description: METADATA.description,
-  openGraph: METADATA.openGraph,
-  twitter: METADATA.twitter,
-  robots: 'noindex, nofollow',
-}
-
-export interface DashboardLayoutProps {
-  params: Promise<{
-    teamIdOrSlug: string
-  }>
-  children: React.ReactNode
-}
-
-export default async function DashboardLayout({
-  children,
-  params,
-}: DashboardLayoutProps) {
-  const cookieStore = await cookies()
-  const { teamIdOrSlug } = await params
-
-  const session = await getSessionInsecure()
-  const { error, data } = await getUserByToken(session?.access_token)
-
-  const sidebarState = cookieStore.get(COOKIE_KEYS.SIDEBAR_STATE)?.value
-  const defaultOpen = sidebarState === 'true'
-
-  if (error || !data.user) {
-    throw redirect(AUTH_URLS.SIGN_IN)
-  }
-
-  const teamRes = await getTeam({ teamIdOrSlug })
-  const team = teamRes?.data
-
-  if (!team) {
-    l.warn(
-      {
-        key: 'dashboard_layout:team_not_resolved',
-        user_id: data.user.id,
-        error: serializeError(teamRes?.serverError),
-        context: {
-          teamIdOrSlug,
-        },
-      },
-      `dashboard_layout:team_not_resolved - team not resolved for user (${data.user.id}) when accessing team (${teamIdOrSlug}) in dashboard layout`
-    )
-    throw unauthorized()
-  }
-
-  return (
-    <DashboardContextProvider initialTeam={team} initialUser={data.user}>
-      <SidebarProvider
-        defaultOpen={typeof sidebarState === 'undefined' ? true : defaultOpen}
-      >
-        <div className="fixed inset-0 flex max-h-full min-h-0 w-full flex-col overflow-hidden">
-          <div className="flex h-full max-h-full min-h-0 w-full flex-1 overflow-hidden">
-            <Sidebar />
-            <SidebarInset>
-              <DashboardLayoutView params={params}>
-                {children}
-              </DashboardLayoutView>
-            </SidebarInset>
-          </div>
-        </div>
-      </SidebarProvider>
-    </DashboardContextProvider>
-  )
-}
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/logs/page.tsx b/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/logs/page.tsx
deleted file mode 100644
index d42f68b53..000000000
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/logs/page.tsx
+++ /dev/null
@@ -1,11 +0,0 @@
-import SandboxLogsView from '@/features/dashboard/sandbox/logs/view'
-
-export default async function SandboxLogsPage({
-  params,
-}: {
-  params: Promise<{ teamIdOrSlug: string; sandboxId: string }>
-}) {
-  const { teamIdOrSlug, sandboxId } = await params
-
-  return <SandboxLogsView teamIdOrSlug={teamIdOrSlug} sandboxId={sandboxId} />
-}
diff --git a/src/app/dashboard/[teamIdOrSlug]/account/page.tsx b/src/app/dashboard/[teamSlug]/account/page.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/account/page.tsx
rename to src/app/dashboard/[teamSlug]/account/page.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/billing/page.tsx b/src/app/dashboard/[teamSlug]/billing/page.tsx
similarity index 63%
rename from src/app/dashboard/[teamIdOrSlug]/billing/page.tsx
rename to src/app/dashboard/[teamSlug]/billing/page.tsx
index 72ab6dbd7..4c7111e69 100644
--- a/src/app/dashboard/[teamIdOrSlug]/billing/page.tsx
+++ b/src/app/dashboard/[teamSlug]/billing/page.tsx
@@ -6,13 +6,13 @@ import { HydrateClient, prefetch, trpc } from '@/trpc/server'
 export default async function BillingPage({
   params,
 }: {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
-  prefetch(trpc.billing.getItems.queryOptions({ teamIdOrSlug }))
-  prefetch(trpc.billing.getUsage.queryOptions({ teamIdOrSlug }))
-  prefetch(trpc.billing.getInvoices.queryOptions({ teamIdOrSlug }))
+  prefetch(trpc.billing.getItems.queryOptions({ teamSlug }))
+  prefetch(trpc.billing.getUsage.queryOptions({ teamSlug }))
+  prefetch(trpc.billing.getInvoices.queryOptions({ teamSlug }))
 
   return (
     <HydrateClient>
diff --git a/src/app/dashboard/[teamIdOrSlug]/billing/plan/page.tsx b/src/app/dashboard/[teamSlug]/billing/plan/page.tsx
similarity index 65%
rename from src/app/dashboard/[teamIdOrSlug]/billing/plan/page.tsx
rename to src/app/dashboard/[teamSlug]/billing/plan/page.tsx
index 35d6b76b0..ee3f5f824 100644
--- a/src/app/dashboard/[teamIdOrSlug]/billing/plan/page.tsx
+++ b/src/app/dashboard/[teamSlug]/billing/plan/page.tsx
@@ -5,12 +5,11 @@ import { HydrateClient, prefetch, trpc } from '@/trpc/server'
 export default async function BillingPlanPage({
   params,
 }: {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
-  prefetch(trpc.billing.getItems.queryOptions({ teamIdOrSlug }))
-  prefetch(trpc.billing.getTeamLimits.queryOptions({ teamIdOrSlug }))
+  prefetch(trpc.billing.getItems.queryOptions({ teamSlug }))
 
   return (
     <HydrateClient>
diff --git a/src/app/dashboard/[teamIdOrSlug]/billing/plan/select/page.tsx b/src/app/dashboard/[teamSlug]/billing/plan/select/page.tsx
similarity index 69%
rename from src/app/dashboard/[teamIdOrSlug]/billing/plan/select/page.tsx
rename to src/app/dashboard/[teamSlug]/billing/plan/select/page.tsx
index a3b3130ce..18a0014bb 100644
--- a/src/app/dashboard/[teamIdOrSlug]/billing/plan/select/page.tsx
+++ b/src/app/dashboard/[teamSlug]/billing/plan/select/page.tsx
@@ -4,11 +4,11 @@ import { HydrateClient, prefetch, trpc } from '@/trpc/server'
 export default async function BillingPlanSelectPage({
   params,
 }: {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
-  prefetch(trpc.billing.getItems.queryOptions({ teamIdOrSlug }))
+  prefetch(trpc.billing.getItems.queryOptions({ teamSlug }))
 
   return (
     <HydrateClient>
diff --git a/src/app/dashboard/[teamIdOrSlug]/general/page.tsx b/src/app/dashboard/[teamSlug]/general/page.tsx
similarity index 97%
rename from src/app/dashboard/[teamIdOrSlug]/general/page.tsx
rename to src/app/dashboard/[teamSlug]/general/page.tsx
index 75a409635..60519292a 100644
--- a/src/app/dashboard/[teamIdOrSlug]/general/page.tsx
+++ b/src/app/dashboard/[teamSlug]/general/page.tsx
@@ -5,7 +5,7 @@ import Frame from '@/ui/frame'
 
 interface GeneralPageProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
diff --git a/src/app/dashboard/[teamIdOrSlug]/keys/page.tsx b/src/app/dashboard/[teamSlug]/keys/page.tsx
similarity index 98%
rename from src/app/dashboard/[teamIdOrSlug]/keys/page.tsx
rename to src/app/dashboard/[teamSlug]/keys/page.tsx
index 9589fdc82..7acc106ef 100644
--- a/src/app/dashboard/[teamIdOrSlug]/keys/page.tsx
+++ b/src/app/dashboard/[teamSlug]/keys/page.tsx
@@ -13,7 +13,7 @@ import {
 
 interface KeysPageClientProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
diff --git a/src/app/dashboard/[teamSlug]/layout.tsx b/src/app/dashboard/[teamSlug]/layout.tsx
new file mode 100644
index 000000000..eaf3ac776
--- /dev/null
+++ b/src/app/dashboard/[teamSlug]/layout.tsx
@@ -0,0 +1,72 @@
+import { cookies } from 'next/headers'
+import { redirect } from 'next/navigation'
+import type { Metadata } from 'next/types'
+import { DashboardTeamGate } from '@/app/dashboard/[teamSlug]/team-gate'
+import { COOKIE_KEYS } from '@/configs/cookies'
+import { METADATA } from '@/configs/metadata'
+import { AUTH_URLS } from '@/configs/urls'
+import { DASHBOARD_TEAMS_LIST_QUERY_OPTIONS } from '@/core/application/teams/queries'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import getUserByToken from '@/core/server/functions/auth/get-user-by-token'
+import DashboardLayoutView from '@/features/dashboard/layouts/layout'
+import Sidebar from '@/features/dashboard/sidebar/sidebar'
+import { HydrateClient, prefetchAsync, trpc } from '@/trpc/server'
+import { SidebarInset, SidebarProvider } from '@/ui/primitives/sidebar'
+
+export const metadata: Metadata = {
+  title: 'Dashboard - E2B',
+  description: METADATA.description,
+  openGraph: METADATA.openGraph,
+  twitter: METADATA.twitter,
+  robots: 'noindex, nofollow',
+}
+
+export interface DashboardLayoutProps {
+  params: Promise<{
+    teamSlug: string
+  }>
+  children: React.ReactNode
+}
+
+export default async function DashboardLayout({
+  children,
+  params,
+}: DashboardLayoutProps) {
+  const cookieStore = await cookies()
+  const { teamSlug } = await params
+
+  const session = await getSessionInsecure()
+  const { error, data } = await getUserByToken(session?.access_token)
+
+  const sidebarState = cookieStore.get(COOKIE_KEYS.SIDEBAR_STATE)?.value
+  const defaultOpen = sidebarState === 'true'
+
+  if (error || !data.user) {
+    throw redirect(AUTH_URLS.SIGN_IN)
+  }
+
+  await prefetchAsync(
+    trpc.teams.list.queryOptions(undefined, DASHBOARD_TEAMS_LIST_QUERY_OPTIONS)
+  )
+
+  return (
+    <HydrateClient>
+      <DashboardTeamGate teamSlug={teamSlug} user={data.user}>
+        <SidebarProvider
+          defaultOpen={typeof sidebarState === 'undefined' ? true : defaultOpen}
+        >
+          <div className="fixed inset-0 flex max-h-full min-h-0 w-full flex-col overflow-hidden">
+            <div className="flex h-full max-h-full min-h-0 w-full flex-1 overflow-hidden">
+              <Sidebar />
+              <SidebarInset>
+                <DashboardLayoutView params={params}>
+                  {children}
+                </DashboardLayoutView>
+              </SidebarInset>
+            </div>
+          </div>
+        </SidebarProvider>
+      </DashboardTeamGate>
+    </HydrateClient>
+  )
+}
diff --git a/src/app/dashboard/[teamIdOrSlug]/limits/loading.tsx b/src/app/dashboard/[teamSlug]/limits/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/limits/loading.tsx
rename to src/app/dashboard/[teamSlug]/limits/loading.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/limits/page.tsx b/src/app/dashboard/[teamSlug]/limits/page.tsx
similarity index 77%
rename from src/app/dashboard/[teamIdOrSlug]/limits/page.tsx
rename to src/app/dashboard/[teamSlug]/limits/page.tsx
index e27873368..e97b7f7b9 100644
--- a/src/app/dashboard/[teamIdOrSlug]/limits/page.tsx
+++ b/src/app/dashboard/[teamSlug]/limits/page.tsx
@@ -3,13 +3,13 @@ import { HydrateClient, prefetch, trpc } from '@/trpc/server'
 import Frame from '@/ui/frame'
 
 interface LimitsPageProps {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }
 
 export default async function LimitsPage({ params }: LimitsPageProps) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
-  prefetch(trpc.billing.getLimits.queryOptions({ teamIdOrSlug }))
+  prefetch(trpc.billing.getLimits.queryOptions({ teamSlug }))
 
   return (
     <HydrateClient>
diff --git a/src/app/dashboard/[teamIdOrSlug]/members/page.tsx b/src/app/dashboard/[teamSlug]/members/page.tsx
similarity index 95%
rename from src/app/dashboard/[teamIdOrSlug]/members/page.tsx
rename to src/app/dashboard/[teamSlug]/members/page.tsx
index c15f5ba6e..6ce32e938 100644
--- a/src/app/dashboard/[teamIdOrSlug]/members/page.tsx
+++ b/src/app/dashboard/[teamSlug]/members/page.tsx
@@ -3,7 +3,7 @@ import Frame from '@/ui/frame'
 
 interface MembersPageProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
diff --git a/src/app/dashboard/[teamIdOrSlug]/not-found.tsx b/src/app/dashboard/[teamSlug]/not-found.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/not-found.tsx
rename to src/app/dashboard/[teamSlug]/not-found.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@list/default.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@list/default.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@list/default.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@list/default.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@list/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@list/page.tsx
similarity index 81%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@list/page.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@list/page.tsx
index 2ecbacc8d..b33a23310 100644
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@list/page.tsx
+++ b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@list/page.tsx
@@ -5,12 +5,12 @@ import { HydrateClient, prefetch, trpc } from '@/trpc/server'
 
 export default async function ListPage({
   params,
-}: PageProps<'/dashboard/[teamIdOrSlug]/sandboxes'>) {
-  const { teamIdOrSlug } = await params
+}: PageProps<'/dashboard/[teamSlug]/sandboxes'>) {
+  const { teamSlug } = await params
 
   prefetch(
     trpc.sandboxes.getSandboxes.queryOptions({
-      teamIdOrSlug,
+      teamSlug,
     })
   )
 
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@monitoring/default.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@monitoring/default.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@monitoring/default.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@monitoring/default.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@monitoring/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@monitoring/page.tsx
similarity index 92%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@monitoring/page.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@monitoring/page.tsx
index 498cf481b..a80be0b05 100644
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/@monitoring/page.tsx
+++ b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/@monitoring/page.tsx
@@ -4,7 +4,7 @@ import SandboxesMonitoringHeader from '@/features/dashboard/sandboxes/monitoring
 export default async function MonitoringPage({
   params,
   searchParams,
-}: PageProps<'/dashboard/[teamIdOrSlug]/sandboxes'> & {
+}: PageProps<'/dashboard/[teamSlug]/sandboxes'> & {
   searchParams: Promise<{ start?: string; end?: string }>
 }) {
   return (
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/layout.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/layout.tsx
similarity index 92%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/layout.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/layout.tsx
index bb7d6a5ce..ef434b39e 100644
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/layout.tsx
+++ b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/layout.tsx
@@ -4,7 +4,7 @@ import { ListIcon, TrendIcon } from '@/ui/primitives/icons'
 export default function SandboxesLayout({
   list,
   monitoring,
-}: LayoutProps<'/dashboard/[teamIdOrSlug]/sandboxes'> & {
+}: LayoutProps<'/dashboard/[teamSlug]/sandboxes'> & {
   list: React.ReactNode
   monitoring: React.ReactNode
 }) {
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/(tabs)/page.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/(tabs)/page.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/(tabs)/page.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/filesystem/loading.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/filesystem/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/filesystem/loading.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/filesystem/loading.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/filesystem/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/filesystem/page.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/filesystem/page.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/filesystem/page.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/layout.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/layout.tsx
similarity index 85%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/layout.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/layout.tsx
index 8ee3d6715..238eb10af 100644
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/layout.tsx
+++ b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/layout.tsx
@@ -6,18 +6,18 @@ import { prefetch, trpc } from '@/trpc/server'
 
 interface SandboxLayoutProps {
   children: React.ReactNode
-  params: Promise<{ teamIdOrSlug: string; sandboxId: string }>
+  params: Promise<{ teamSlug: string; sandboxId: string }>
 }
 
 export default async function SandboxLayout({
   children,
   params,
 }: SandboxLayoutProps) {
-  const { teamIdOrSlug, sandboxId } = await params
+  const { teamSlug, sandboxId } = await params
 
   prefetch(
     trpc.sandbox.details.queryOptions(
-      { teamIdOrSlug, sandboxId },
+      { teamSlug, sandboxId },
       {
         retry: false,
         staleTime: Number.POSITIVE_INFINITY,
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/logs/loading.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/logs/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/logs/loading.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/logs/loading.tsx
diff --git a/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/logs/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/logs/page.tsx
new file mode 100644
index 000000000..8b352b588
--- /dev/null
+++ b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/logs/page.tsx
@@ -0,0 +1,11 @@
+import SandboxLogsView from '@/features/dashboard/sandbox/logs/view'
+
+export default async function SandboxLogsPage({
+  params,
+}: {
+  params: Promise<{ teamSlug: string; sandboxId: string }>
+}) {
+  const { teamSlug, sandboxId } = await params
+
+  return <SandboxLogsView teamSlug={teamSlug} sandboxId={sandboxId} />
+}
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/monitoring/loading.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/monitoring/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/monitoring/loading.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/monitoring/loading.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/monitoring/page.tsx b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/monitoring/page.tsx
similarity index 81%
rename from src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/monitoring/page.tsx
rename to src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/monitoring/page.tsx
index 2b0dbc4b2..4d8755ee6 100644
--- a/src/app/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]/monitoring/page.tsx
+++ b/src/app/dashboard/[teamSlug]/sandboxes/[sandboxId]/monitoring/page.tsx
@@ -3,7 +3,7 @@ import SandboxMonitoringView from '@/features/dashboard/sandbox/monitoring/compo
 export default async function SandboxMonitoringPage({
   params,
 }: {
-  params: Promise<{ teamIdOrSlug: string; sandboxId: string }>
+  params: Promise<{ teamSlug: string; sandboxId: string }>
 }) {
   const { sandboxId } = await params
 
diff --git a/src/app/dashboard/[teamSlug]/team-gate.tsx b/src/app/dashboard/[teamSlug]/team-gate.tsx
new file mode 100644
index 000000000..8e4cca6f4
--- /dev/null
+++ b/src/app/dashboard/[teamSlug]/team-gate.tsx
@@ -0,0 +1,47 @@
+'use client'
+
+import type { User } from '@supabase/supabase-js'
+import { useQuery } from '@tanstack/react-query'
+import { DASHBOARD_TEAMS_LIST_QUERY_OPTIONS } from '@/core/application/teams/queries'
+import { DashboardContextProvider } from '@/features/dashboard/context'
+import LoadingLayout from '@/features/dashboard/loading-layout'
+import { useTRPC } from '@/trpc/client'
+import Unauthorized from '../unauthorized'
+
+interface DashboardTeamGateProps {
+  teamSlug: string
+  user: User
+  children: React.ReactNode
+}
+
+export function DashboardTeamGate({
+  teamSlug,
+  user,
+  children,
+}: DashboardTeamGateProps) {
+  const trpc = useTRPC()
+
+  const { data: teams, isPending } = useQuery(
+    trpc.teams.list.queryOptions(undefined, DASHBOARD_TEAMS_LIST_QUERY_OPTIONS)
+  )
+
+  if (isPending) {
+    return <LoadingLayout />
+  }
+
+  const team = teams?.find((candidate) => candidate.slug === teamSlug)
+
+  if (!team || !teams) {
+    return <Unauthorized />
+  }
+
+  return (
+    <DashboardContextProvider
+      initialTeam={team}
+      initialTeams={teams}
+      initialUser={user}
+    >
+      {children}
+    </DashboardContextProvider>
+  )
+}
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@builds/default.tsx b/src/app/dashboard/[teamSlug]/templates/(tabs)/@builds/default.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@builds/default.tsx
rename to src/app/dashboard/[teamSlug]/templates/(tabs)/@builds/default.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@builds/page.tsx b/src/app/dashboard/[teamSlug]/templates/(tabs)/@builds/page.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@builds/page.tsx
rename to src/app/dashboard/[teamSlug]/templates/(tabs)/@builds/page.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@list/default.tsx b/src/app/dashboard/[teamSlug]/templates/(tabs)/@list/default.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@list/default.tsx
rename to src/app/dashboard/[teamSlug]/templates/(tabs)/@list/default.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@list/page.tsx b/src/app/dashboard/[teamSlug]/templates/(tabs)/@list/page.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/@list/page.tsx
rename to src/app/dashboard/[teamSlug]/templates/(tabs)/@list/page.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/layout.tsx b/src/app/dashboard/[teamSlug]/templates/(tabs)/layout.tsx
similarity index 92%
rename from src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/layout.tsx
rename to src/app/dashboard/[teamSlug]/templates/(tabs)/layout.tsx
index 4e7debefb..292e65e25 100644
--- a/src/app/dashboard/[teamIdOrSlug]/templates/(tabs)/layout.tsx
+++ b/src/app/dashboard/[teamSlug]/templates/(tabs)/layout.tsx
@@ -4,7 +4,7 @@ import { BuildIcon, ListIcon } from '@/ui/primitives/icons'
 export default function TemplatesLayout({
   list,
   builds,
-}: LayoutProps<'/dashboard/[teamIdOrSlug]/templates'> & {
+}: LayoutProps<'/dashboard/[teamSlug]/templates'> & {
   list: React.ReactNode
   builds: React.ReactNode
 }) {
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]/loading.tsx b/src/app/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]/loading.tsx
rename to src/app/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]/loading.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]/page.tsx b/src/app/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]/page.tsx
similarity index 87%
rename from src/app/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]/page.tsx
rename to src/app/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]/page.tsx
index 6866a84d1..3dd525bce 100644
--- a/src/app/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]/page.tsx
+++ b/src/app/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]/page.tsx
@@ -12,8 +12,8 @@ const REFETCH_INTERVAL_MS = 1_500
 
 export default function BuildPage({
   params,
-}: PageProps<'/dashboard/[teamIdOrSlug]/templates/[templateId]/builds/[buildId]'>) {
-  const { teamIdOrSlug, templateId, buildId } = use(params)
+}: PageProps<'/dashboard/[teamSlug]/templates/[templateId]/builds/[buildId]'>) {
+  const { teamSlug, templateId, buildId } = use(params)
   const trpc = useTRPC()
 
   const {
@@ -22,7 +22,7 @@ export default function BuildPage({
     isPending,
   } = useQuery(
     trpc.builds.buildDetails.queryOptions(
-      { teamIdOrSlug, templateId, buildId },
+      { teamSlug, templateId, buildId },
       {
         refetchIntervalInBackground: false,
         refetchOnWindowFocus: ({ state }) =>
@@ -55,7 +55,7 @@ export default function BuildPage({
       />
       <Logs
         buildDetails={buildDetails}
-        teamIdOrSlug={teamIdOrSlug}
+        teamSlug={teamSlug}
         templateId={templateId}
         buildId={buildId}
       />
diff --git a/src/app/dashboard/[teamIdOrSlug]/usage/loading.tsx b/src/app/dashboard/[teamSlug]/usage/loading.tsx
similarity index 100%
rename from src/app/dashboard/[teamIdOrSlug]/usage/loading.tsx
rename to src/app/dashboard/[teamSlug]/usage/loading.tsx
diff --git a/src/app/dashboard/[teamIdOrSlug]/usage/page.tsx b/src/app/dashboard/[teamSlug]/usage/page.tsx
similarity index 91%
rename from src/app/dashboard/[teamIdOrSlug]/usage/page.tsx
rename to src/app/dashboard/[teamSlug]/usage/page.tsx
index 220c0c330..aa80e4d88 100644
--- a/src/app/dashboard/[teamIdOrSlug]/usage/page.tsx
+++ b/src/app/dashboard/[teamSlug]/usage/page.tsx
@@ -1,16 +1,16 @@
+import { getUsage } from '@/core/server/functions/usage/get-usage'
 import { UsageChartsProvider } from '@/features/dashboard/usage/usage-charts-context'
 import { UsageMetricChart } from '@/features/dashboard/usage/usage-metric-chart'
-import { getUsage } from '@/server/usage/get-usage'
 import ErrorBoundary from '@/ui/error'
 import Frame from '@/ui/frame'
 
 export default async function UsagePage({
   params,
 }: {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }) {
-  const { teamIdOrSlug } = await params
-  const result = await getUsage({ teamIdOrSlug })
+  const { teamSlug } = await params
+  const result = await getUsage({ teamSlug })
 
   if (!result?.data || result.serverError || result.validationErrors) {
     return (
diff --git a/src/app/dashboard/[teamIdOrSlug]/webhooks/page.tsx b/src/app/dashboard/[teamSlug]/webhooks/page.tsx
similarity index 98%
rename from src/app/dashboard/[teamIdOrSlug]/webhooks/page.tsx
rename to src/app/dashboard/[teamSlug]/webhooks/page.tsx
index 911f43ab1..11146c781 100644
--- a/src/app/dashboard/[teamIdOrSlug]/webhooks/page.tsx
+++ b/src/app/dashboard/[teamSlug]/webhooks/page.tsx
@@ -14,7 +14,7 @@ import {
 
 interface WebhooksPageClientProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
diff --git a/src/app/dashboard/account/route.ts b/src/app/dashboard/account/route.ts
index 99b96ad44..0267ce345 100644
--- a/src/app/dashboard/account/route.ts
+++ b/src/app/dashboard/account/route.ts
@@ -1,9 +1,10 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { createClient } from '@/lib/clients/supabase/server'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import { encodedRedirect } from '@/lib/utils/auth'
 import { setTeamCookies } from '@/lib/utils/cookies'
-import { resolveUserTeam } from '@/server/team/resolve-user-team'
 
 export async function GET(request: NextRequest) {
   const supabase = await createClient()
@@ -13,11 +14,15 @@ export async function GET(request: NextRequest) {
     return NextResponse.redirect(new URL(AUTH_URLS.SIGN_IN, request.url))
   }
 
-  // Resolve team for the user
-  const team = await resolveUserTeam(data.user.id)
+  const session = await getSessionInsecure(supabase)
+
+  if (!session) {
+    return NextResponse.redirect(new URL(AUTH_URLS.SIGN_IN, request.url))
+  }
+
+  const team = await resolveUserTeam(session.access_token)
 
   if (!team) {
-    // UNEXPECTED STATE - sign out and redirect to sign-in
     await supabase.auth.signOut()
 
     const signInUrl = new URL(AUTH_URLS.SIGN_IN, request.url)
@@ -29,16 +34,11 @@ export async function GET(request: NextRequest) {
     )
   }
 
-  // Set team cookies for persistence
   await setTeamCookies(team.id, team.slug)
 
-  // Build redirect URL with team
-  const redirectPath = PROTECTED_URLS.RESOLVED_ACCOUNT_SETTINGS(
-    team.slug || team.id
-  )
+  const redirectPath = PROTECTED_URLS.RESOLVED_ACCOUNT_SETTINGS(team.slug)
   const redirectUrl = new URL(redirectPath, request.url)
 
-  // Preserve query parameters (e.g., reauth=1)
   request.nextUrl.searchParams.forEach((value, key) => {
     redirectUrl.searchParams.set(key, value)
   })
diff --git a/src/app/dashboard/route.ts b/src/app/dashboard/route.ts
index c0bc9617a..1af7ed56d 100644
--- a/src/app/dashboard/route.ts
+++ b/src/app/dashboard/route.ts
@@ -1,26 +1,38 @@
 import { type NextRequest, NextResponse } from 'next/server'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { createClient } from '@/lib/clients/supabase/server'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import { encodedRedirect } from '@/lib/utils/auth'
 import { setTeamCookies } from '@/lib/utils/cookies'
-import { resolveUserTeam } from '@/server/team/resolve-user-team'
-
-export const TAB_URL_MAP: Record<string, (teamId: string) => string> = {
-  sandboxes: (teamId) => PROTECTED_URLS.SANDBOXES(teamId),
-  templates: (teamId) => PROTECTED_URLS.TEMPLATES(teamId),
-  usage: (teamId) => PROTECTED_URLS.USAGE(teamId),
-  billing: (teamId) => PROTECTED_URLS.BILLING(teamId),
-  limits: (teamId) => PROTECTED_URLS.LIMITS(teamId),
-  keys: (teamId) => PROTECTED_URLS.KEYS(teamId),
-  settings: (teamId) => PROTECTED_URLS.GENERAL(teamId),
-  team: (teamId) => PROTECTED_URLS.GENERAL(teamId),
-  general: (teamId) => PROTECTED_URLS.GENERAL(teamId),
-  members: (teamId) => PROTECTED_URLS.MEMBERS(teamId),
+
+export const TAB_URL_MAP: Record<string, (teamSlug: string) => string> = {
+  sandboxes: (teamSlug) => PROTECTED_URLS.SANDBOXES(teamSlug),
+  templates: (teamSlug) => PROTECTED_URLS.TEMPLATES(teamSlug),
+  usage: (teamSlug) => PROTECTED_URLS.USAGE(teamSlug),
+  billing: (teamSlug) => PROTECTED_URLS.BILLING(teamSlug),
+  limits: (teamSlug) => PROTECTED_URLS.LIMITS(teamSlug),
+  keys: (teamSlug) => PROTECTED_URLS.KEYS(teamSlug),
+  settings: (teamSlug) => PROTECTED_URLS.GENERAL(teamSlug),
+  team: (teamSlug) => PROTECTED_URLS.GENERAL(teamSlug),
+  general: (teamSlug) => PROTECTED_URLS.GENERAL(teamSlug),
+  members: (teamSlug) => PROTECTED_URLS.MEMBERS(teamSlug),
   account: (_) => PROTECTED_URLS.ACCOUNT_SETTINGS,
   personal: (_) => PROTECTED_URLS.ACCOUNT_SETTINGS,
 
-  // back compatibility
-  budget: (teamId) => PROTECTED_URLS.LIMITS(teamId),
+  budget: (teamSlug) => PROTECTED_URLS.LIMITS(teamSlug),
+}
+
+function getTabRedirectPath(tab: string | null, teamSlug: string) {
+  if (tab && Object.hasOwn(TAB_URL_MAP, tab)) {
+    const urlGenerator = TAB_URL_MAP[tab]
+
+    if (urlGenerator) {
+      return urlGenerator(teamSlug)
+    }
+  }
+
+  return PROTECTED_URLS.SANDBOXES(teamSlug)
 }
 
 export async function GET(request: NextRequest) {
@@ -35,10 +47,15 @@ export async function GET(request: NextRequest) {
     return NextResponse.redirect(new URL('/sign-in', request.url))
   }
 
-  const team = await resolveUserTeam(data.user.id)
+  const session = await getSessionInsecure(supabase)
+
+  if (!session) {
+    return NextResponse.redirect(new URL('/sign-in', request.url))
+  }
+
+  const team = await resolveUserTeam(session.access_token)
 
   if (!team) {
-    // UNEXPECTED STATE - sign out and redirect to sign-in
     await supabase.auth.signOut()
 
     const signInUrl = new URL(AUTH_URLS.SIGN_IN, request.url)
@@ -50,18 +67,12 @@ export async function GET(request: NextRequest) {
     )
   }
 
-  // Set team cookies for persistence
   await setTeamCookies(team.id, team.slug)
 
-  // Determine redirect path based on tab parameter
-  const urlGenerator = tab ? TAB_URL_MAP[tab] : null
-  const redirectPath = urlGenerator
-    ? urlGenerator(team.slug || team.id)
-    : PROTECTED_URLS.SANDBOXES(team.slug || team.id)
+  const redirectPath = getTabRedirectPath(tab, team.slug)
 
   const redirectUrl = new URL(redirectPath, request.url)
 
-  // Forward ?support=true query param to auto-open the Contact Support dialog on the target page
   if (searchParams.get('support') === 'true') {
     redirectUrl.searchParams.set('support', 'true')
   }
diff --git a/src/app/dashboard/unauthorized.tsx b/src/app/dashboard/unauthorized.tsx
index 2d38b35b9..6a6a8fb8f 100644
--- a/src/app/dashboard/unauthorized.tsx
+++ b/src/app/dashboard/unauthorized.tsx
@@ -59,9 +59,9 @@ export default function Unauthorized() {
 
       {/* Background pattern */}
       <div className="fixed inset-0 flex overflow-hidden">
-        <div className="text-fill-highlight pointer-events-none absolute -top-30 -right-100 flex">
-          <AsciiBackgroundPattern className="w-1/2" />
-          <AsciiBackgroundPattern className="mi w-1/2 -scale-x-100" />
+        <div className="text-fill-highlight pointer-events-none absolute top-0 -left-250 flex justify-start overflow-hidden">
+          <AsciiBackgroundPattern className="w-auto text-right!" />
+          <AsciiBackgroundPattern className="w-auto text-right! -scale-x-100" />
         </div>
       </div>
     </div>
diff --git a/src/app/sbx/new/route.ts b/src/app/sbx/new/route.ts
index 63e6cb3a5..2b655219c 100644
--- a/src/app/sbx/new/route.ts
+++ b/src/app/sbx/new/route.ts
@@ -1,12 +1,11 @@
 import Sandbox from 'e2b'
 import { type NextRequest, NextResponse } from 'next/server'
-import { serializeError } from 'serialize-error'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
-import { createClient } from '@/lib/clients/supabase/server'
-import { getDefaultTeam } from '@/server/auth/get-default-team'
-import { getSessionInsecure } from '@/server/auth/get-session'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import { resolveUserTeam } from '@/core/server/functions/team/resolve-user-team'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
 
 export const GET = async (req: NextRequest) => {
   try {
@@ -35,17 +34,21 @@ export const GET = async (req: NextRequest) => {
       )
     }
 
-    const defaultTeam = await getDefaultTeam(data.user.id)
+    const team = await resolveUserTeam(session.access_token)
+
+    if (!team) {
+      return NextResponse.redirect(new URL(req.url).origin)
+    }
 
     const sbx = await Sandbox.create('base', {
       domain: process.env.NEXT_PUBLIC_E2B_DOMAIN,
       headers: {
-        ...SUPABASE_AUTH_HEADERS(session.access_token, defaultTeam.id),
+        ...SUPABASE_AUTH_HEADERS(session.access_token, team.id),
       },
     })
 
     const filesystemUrl = PROTECTED_URLS.SANDBOX_FILESYSTEM(
-      defaultTeam.slug,
+      team.slug,
       sbx.sandboxId
     )
 
@@ -54,7 +57,7 @@ export const GET = async (req: NextRequest) => {
     l.warn(
       {
         key: 'sbx_new:unexpected_error',
-        error: serializeError(error),
+        error: serializeErrorForLog(error),
       },
       `sbx_new: unexpected error`
     )
diff --git a/src/configs/cache.ts b/src/configs/cache.ts
index ab0042cca..a37acf7e8 100644
--- a/src/configs/cache.ts
+++ b/src/configs/cache.ts
@@ -1,23 +1,7 @@
-/**
- * Centralized cache tag configuration for Next.js "use cache" directive.
- */
 export const CACHE_TAGS = {
-  USER_TEAM_AUTHORIZATION: (userId: string, teamId: string) =>
-    `user-team-authorization-${userId}-${teamId}`,
-  USER_TEAMS: (userId: string) => `user-teams-${userId}`,
-
-  TEAM_ID_FROM_SEGMENT: (segment: string) => `team-id-from-segment-${segment}`,
-  TEAM_TIER_LIMITS: (teamId: string) => `team-tier-limits-${teamId}`,
-  TEAM_TEMPLATES: (teamId: string) => `team-templates-${teamId}`,
-  TEAM_SANDBOXES_LIST: (teamId: string) => `team-sandboxes-list-${teamId}`,
+  TEAM_ID_FROM_SLUG: (segment: string) => `team-id-from-slug-${segment}`,
   TEAM_USAGE: (teamId: string) => `team-usage-${teamId}`,
   TEAM_API_KEYS: (teamId: string) => `team-api-keys-${teamId}`,
-  TEAM_METRICS: (teamId: string, startMs: number, endMs: number) =>
-    `team-metrics-${teamId}-${startMs}-${endMs}`,
-
-  PASSWORD_SETTINGS_PAGE: (reauth: string) =>
-    `password-settings-page-${reauth}`,
 
   DEFAULT_TEMPLATES: 'default-templates',
-  NOT_FOUND_PAGE: 'not-found-page',
 } as const
diff --git a/src/configs/keys.ts b/src/configs/keys.ts
index 901f99109..ab622ea60 100644
--- a/src/configs/keys.ts
+++ b/src/configs/keys.ts
@@ -3,8 +3,8 @@
  * Note: Cookie keys have been moved to @/configs/cookies
  */
 export const KV_KEYS = {
-  USER_TEAM_ACCESS: (userId: string, teamIdOrSlug: string) =>
-    `user-team-access:${userId}:${teamIdOrSlug}`,
+  USER_TEAM_ACCESS: (userId: string, teamSlug: string) =>
+    `user-team-access:${userId}:${teamSlug}`,
   TEAM_SLUG_TO_ID: (slug: string) => `team-slug:${slug}:id`,
   TEAM_ID_TO_SLUG: (teamId: string) => `team-id:${teamId}:slug`,
   WARNED_ALTERNATE_EMAIL: (email: string) => `warned-alternate-email:${email}`,
@@ -15,20 +15,23 @@ export const KV_KEYS = {
  */
 export const SWR_KEYS = {
   // team metrics keys - all components using the same key share the same cache
-  TEAM_METRICS_RECENT: (teamId: string) =>
-    [`/api/teams/${teamId}/metrics`, teamId, 'recent'] as const,
-  TEAM_METRICS_MONITORING: (teamId: string, start: number, end: number) =>
-    [`/api/teams/${teamId}/metrics`, teamId, 'monitoring', start, end] as const,
-  TEAM_METRICS_HISTORICAL: (teamId: string, days: number) =>
-    [`/api/teams/${teamId}/metrics`, teamId, 'historical', days] as const,
+  TEAM_METRICS_RECENT: (teamSlug: string) =>
+    [`/api/teams/${teamSlug}/metrics`, teamSlug, 'recent'] as const,
+  TEAM_METRICS_MONITORING: (teamSlug: string, start: number, end: number) =>
+    [
+      `/api/teams/${teamSlug}/metrics`,
+      teamSlug,
+      'monitoring',
+      start,
+      end,
+    ] as const,
+  TEAM_METRICS_HISTORICAL: (teamSlug: string, days: number) =>
+    [`/api/teams/${teamSlug}/metrics`, teamSlug, 'historical', days] as const,
 
-  // sandbox metrics keys
-  SANDBOX_METRICS: (teamId: string, sandboxIds: string[]) =>
-    [`/api/teams/${teamId}/sandboxes/metrics`, sandboxIds] as const,
   SANDBOX_INFO: (sandboxId: string) =>
     [`/api/sandbox/details`, sandboxId] as const,
 
   // sandboxes list keys
-  SANDBOXES_LIST: (teamId: string) =>
-    [`/api/teams/${teamId}/sandboxes/list`] as const,
+  SANDBOXES_LIST: (teamSlug: string) =>
+    [`/api/teams/${teamSlug}/sandboxes/list`] as const,
 }
diff --git a/src/configs/layout.ts b/src/configs/layout.ts
index 2ae8dc7d1..e7a4d6e6a 100644
--- a/src/configs/layout.ts
+++ b/src/configs/layout.ts
@@ -1,5 +1,5 @@
 import micromatch from 'micromatch'
-import { l } from '@/lib/clients/logger/logger'
+import { l } from '@/core/shared/clients/logger/logger'
 import { PROTECTED_URLS } from './urls'
 
 export interface TitleSegment {
@@ -30,14 +30,14 @@ const DASHBOARD_LAYOUT_CONFIGS: Record<
   }),
   '/dashboard/*/sandboxes/*/*': (pathname) => {
     const parts = pathname.split('/')
-    const teamIdOrSlug = parts[2]!
+    const teamSlug = parts[2]!
     const sandboxId = parts[4]!
 
     return {
       title: [
         {
           label: 'Sandboxes',
-          href: PROTECTED_URLS.SANDBOXES_LIST(teamIdOrSlug),
+          href: PROTECTED_URLS.SANDBOXES_LIST(teamSlug),
         },
         { label: sandboxId },
       ],
@@ -54,7 +54,7 @@ const DASHBOARD_LAYOUT_CONFIGS: Record<
   }),
   '/dashboard/*/templates/*/builds/*': (pathname) => {
     const parts = pathname.split('/')
-    const teamIdOrSlug = parts[2]!
+    const teamSlug = parts[2]!
     const buildId = parts.pop()!
     const buildIdSliced = `${buildId.slice(0, 6)}...${buildId.slice(-6)}`
 
@@ -62,7 +62,7 @@ const DASHBOARD_LAYOUT_CONFIGS: Record<
       title: [
         {
           label: 'Templates',
-          href: PROTECTED_URLS.TEMPLATES_BUILDS(teamIdOrSlug),
+          href: PROTECTED_URLS.TEMPLATES_BUILDS(teamSlug),
         },
         { label: `Build ${buildIdSliced}` },
       ],
@@ -112,11 +112,11 @@ const DASHBOARD_LAYOUT_CONFIGS: Record<
   }),
   '/dashboard/*/billing/plan': (pathname) => {
     const parts = pathname.split('/')
-    const teamIdOrSlug = parts[2]!
+    const teamSlug = parts[2]!
 
     return {
       title: [
-        { label: 'Billing', href: PROTECTED_URLS.BILLING(teamIdOrSlug) },
+        { label: 'Billing', href: PROTECTED_URLS.BILLING(teamSlug) },
         {
           label: 'Plan & Add-ons',
         },
@@ -126,14 +126,14 @@ const DASHBOARD_LAYOUT_CONFIGS: Record<
   },
   '/dashboard/*/billing/plan/select': (pathname) => {
     const parts = pathname.split('/')
-    const teamIdOrSlug = parts[2]!
+    const teamSlug = parts[2]!
 
     return {
       title: [
-        { label: 'Billing', href: PROTECTED_URLS.BILLING(teamIdOrSlug) },
+        { label: 'Billing', href: PROTECTED_URLS.BILLING(teamSlug) },
         {
           label: 'Plan & Add-ons',
-          href: PROTECTED_URLS.BILLING_PLAN(teamIdOrSlug),
+          href: PROTECTED_URLS.BILLING_PLAN(teamSlug),
         },
         { label: 'Change Plan' },
       ],
diff --git a/src/configs/mock-data.ts b/src/configs/mock-data.ts
index aa1937a5c..bd8d40b57 100644
--- a/src/configs/mock-data.ts
+++ b/src/configs/mock-data.ts
@@ -1,16 +1,11 @@
 import { addHours, subHours } from 'date-fns'
 import { nanoid } from 'nanoid'
-import type { MetricsResponse } from '@/app/api/teams/[teamId]/sandboxes/metrics/types'
-import type {
-  DefaultTemplate,
-  Sandbox,
-  Sandboxes,
-  Template,
-} from '@/types/api.types'
+import type { Sandbox, Sandboxes } from '@/core/modules/sandboxes/models'
 import type {
   ClientSandboxesMetrics,
   ClientTeamMetrics,
-} from '@/types/sandboxes.types'
+} from '@/core/modules/sandboxes/models.client'
+import type { DefaultTemplate, Template } from '@/core/modules/templates/models'
 
 const DEFAULT_TEMPLATES: DefaultTemplate[] = [
   {
@@ -931,7 +926,9 @@ function generateMockSandboxes(count: number): Sandboxes {
   return sandboxes
 }
 
-function generateMockMetrics(sandboxes: Sandbox[]): MetricsResponse {
+function generateMockMetrics(sandboxes: Sandbox[]): {
+  metrics: ClientSandboxesMetrics
+} {
   const metrics: ClientSandboxesMetrics = {}
 
   // Define characteristics by template type
diff --git a/src/configs/sidebar.ts b/src/configs/sidebar.ts
index 65bf013f7..64f6102d6 100644
--- a/src/configs/sidebar.ts
+++ b/src/configs/sidebar.ts
@@ -15,7 +15,7 @@ import { INCLUDE_ARGUS, INCLUDE_BILLING } from './flags'
 import { PROTECTED_URLS } from './urls'
 
 type SidebarNavArgs = {
-  teamIdOrSlug?: string
+  teamSlug?: string
 }
 
 export type SidebarNavItem = {
@@ -34,13 +34,13 @@ export const SIDEBAR_MAIN_LINKS: SidebarNavItem[] = [
   // Base
   {
     label: 'Sandboxes',
-    href: (args) => PROTECTED_URLS.SANDBOXES(args.teamIdOrSlug!),
+    href: (args) => PROTECTED_URLS.SANDBOXES(args.teamSlug!),
     icon: Box,
     activeMatch: `/dashboard/*/sandboxes/**`,
   },
   {
     label: 'Templates',
-    href: (args) => PROTECTED_URLS.TEMPLATES(args.teamIdOrSlug!),
+    href: (args) => PROTECTED_URLS.TEMPLATES(args.teamSlug!),
     icon: Container,
     activeMatch: `/dashboard/*/templates/**`,
   },
@@ -52,7 +52,7 @@ export const SIDEBAR_MAIN_LINKS: SidebarNavItem[] = [
           label: 'Webhooks',
           group: 'integration',
           href: (args: SidebarNavArgs) =>
-            PROTECTED_URLS.WEBHOOKS(args.teamIdOrSlug!),
+            PROTECTED_URLS.WEBHOOKS(args.teamSlug!),
           icon: WebhookIcon,
           activeMatch: `/dashboard/*/webhooks`,
         },
@@ -62,21 +62,21 @@ export const SIDEBAR_MAIN_LINKS: SidebarNavItem[] = [
   // Team
   {
     label: 'General',
-    href: (args) => PROTECTED_URLS.GENERAL(args.teamIdOrSlug!),
+    href: (args) => PROTECTED_URLS.GENERAL(args.teamSlug!),
     icon: Settings,
     group: 'team',
     activeMatch: `/dashboard/*/general`,
   },
   {
     label: 'API Keys',
-    href: (args) => PROTECTED_URLS.KEYS(args.teamIdOrSlug!),
+    href: (args) => PROTECTED_URLS.KEYS(args.teamSlug!),
     icon: Key,
     group: 'team',
     activeMatch: `/dashboard/*/keys`,
   },
   {
     label: 'Members',
-    href: (args) => PROTECTED_URLS.MEMBERS(args.teamIdOrSlug!),
+    href: (args) => PROTECTED_URLS.MEMBERS(args.teamSlug!),
     icon: Users,
     group: 'team',
     activeMatch: `/dashboard/*/members`,
@@ -87,16 +87,14 @@ export const SIDEBAR_MAIN_LINKS: SidebarNavItem[] = [
     ? [
         {
           label: 'Usage',
-          href: (args: SidebarNavArgs) =>
-            PROTECTED_URLS.USAGE(args.teamIdOrSlug!),
+          href: (args: SidebarNavArgs) => PROTECTED_URLS.USAGE(args.teamSlug!),
           icon: Activity,
           group: 'billing',
           activeMatch: `/dashboard/*/usage/**`,
         },
         {
           label: 'Limits',
-          href: (args: SidebarNavArgs) =>
-            PROTECTED_URLS.LIMITS(args.teamIdOrSlug!),
+          href: (args: SidebarNavArgs) => PROTECTED_URLS.LIMITS(args.teamSlug!),
           group: 'billing',
           icon: GaugeIcon,
           activeMatch: `/dashboard/*/limits/**`,
@@ -104,7 +102,7 @@ export const SIDEBAR_MAIN_LINKS: SidebarNavItem[] = [
         {
           label: 'Billing',
           href: (args: SidebarNavArgs) =>
-            PROTECTED_URLS.BILLING(args.teamIdOrSlug!),
+            PROTECTED_URLS.BILLING(args.teamSlug!),
           icon: CreditCard,
           group: 'billing',
           activeMatch: `/dashboard/*/billing/**`,
diff --git a/src/configs/urls.ts b/src/configs/urls.ts
index 07ddf2521..768833627 100644
--- a/src/configs/urls.ts
+++ b/src/configs/urls.ts
@@ -14,46 +14,45 @@ export const PROTECTED_URLS = {
   NEW_TEAM: '/dashboard/teams/new',
   TEAMS: '/dashboard/teams',
 
-  RESOLVED_ACCOUNT_SETTINGS: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/account`,
+  RESOLVED_ACCOUNT_SETTINGS: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/account`,
 
-  GENERAL: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/general`,
-  KEYS: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/keys`,
-  MEMBERS: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/members`,
+  GENERAL: (teamSlug: string) => `/dashboard/${teamSlug}/general`,
+  KEYS: (teamSlug: string) => `/dashboard/${teamSlug}/keys`,
+  MEMBERS: (teamSlug: string) => `/dashboard/${teamSlug}/members`,
 
-  SANDBOXES: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes?tab=monitoring`,
-  SANDBOXES_MONITORING: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes?tab=monitoring`,
-  SANDBOXES_LIST: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes?tab=list`,
+  SANDBOXES: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/sandboxes?tab=monitoring`,
+  SANDBOXES_MONITORING: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/sandboxes?tab=monitoring`,
+  SANDBOXES_LIST: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/sandboxes?tab=list`,
 
-  SANDBOX: (teamIdOrSlug: string, sandboxId: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes/${sandboxId}/monitoring`,
-  SANDBOX_MONITORING: (teamIdOrSlug: string, sandboxId: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes/${sandboxId}/monitoring`,
-  SANDBOX_LOGS: (teamIdOrSlug: string, sandboxId: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes/${sandboxId}/logs`,
-  SANDBOX_FILESYSTEM: (teamIdOrSlug: string, sandboxId: string) =>
-    `/dashboard/${teamIdOrSlug}/sandboxes/${sandboxId}/filesystem`,
+  SANDBOX: (teamSlug: string, sandboxId: string) =>
+    `/dashboard/${teamSlug}/sandboxes/${sandboxId}/monitoring`,
+  SANDBOX_MONITORING: (teamSlug: string, sandboxId: string) =>
+    `/dashboard/${teamSlug}/sandboxes/${sandboxId}/monitoring`,
+  SANDBOX_LOGS: (teamSlug: string, sandboxId: string) =>
+    `/dashboard/${teamSlug}/sandboxes/${sandboxId}/logs`,
+  SANDBOX_FILESYSTEM: (teamSlug: string, sandboxId: string) =>
+    `/dashboard/${teamSlug}/sandboxes/${sandboxId}/filesystem`,
 
-  WEBHOOKS: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/webhooks`,
+  WEBHOOKS: (teamSlug: string) => `/dashboard/${teamSlug}/webhooks`,
 
-  TEMPLATES: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/templates`,
-  TEMPLATES_LIST: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/templates?tab=list`,
-  TEMPLATES_BUILDS: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/templates?tab=builds`,
-  TEMPLATE_BUILD: (teamIdOrSlug: string, templateId: string, buildId: string) =>
-    `/dashboard/${teamIdOrSlug}/templates/${templateId}/builds/${buildId}`,
+  TEMPLATES: (teamSlug: string) => `/dashboard/${teamSlug}/templates`,
+  TEMPLATES_LIST: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/templates?tab=list`,
+  TEMPLATES_BUILDS: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/templates?tab=builds`,
+  TEMPLATE_BUILD: (teamSlug: string, templateId: string, buildId: string) =>
+    `/dashboard/${teamSlug}/templates/${templateId}/builds/${buildId}`,
 
-  USAGE: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/usage`,
-  BILLING: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/billing`,
-  BILLING_PLAN: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/billing/plan`,
-  BILLING_PLAN_SELECT: (teamIdOrSlug: string) =>
-    `/dashboard/${teamIdOrSlug}/billing/plan/select`,
-  LIMITS: (teamIdOrSlug: string) => `/dashboard/${teamIdOrSlug}/limits`,
+  USAGE: (teamSlug: string) => `/dashboard/${teamSlug}/usage`,
+  BILLING: (teamSlug: string) => `/dashboard/${teamSlug}/billing`,
+  BILLING_PLAN: (teamSlug: string) => `/dashboard/${teamSlug}/billing/plan`,
+  BILLING_PLAN_SELECT: (teamSlug: string) =>
+    `/dashboard/${teamSlug}/billing/plan/select`,
+  LIMITS: (teamSlug: string) => `/dashboard/${teamSlug}/limits`,
 }
 
 export const RESOLVER_URLS = {
diff --git a/src/core/application/teams/queries.ts b/src/core/application/teams/queries.ts
new file mode 100644
index 000000000..a67699b1f
--- /dev/null
+++ b/src/core/application/teams/queries.ts
@@ -0,0 +1,6 @@
+export const DASHBOARD_TEAMS_LIST_QUERY_OPTIONS = {
+  staleTime: 5 * 60 * 1000,
+  refetchOnMount: false,
+  refetchOnWindowFocus: false,
+  refetchOnReconnect: false,
+} as const
diff --git a/src/server/api/models/auth.models.ts b/src/core/modules/auth/models.ts
similarity index 100%
rename from src/server/api/models/auth.models.ts
rename to src/core/modules/auth/models.ts
diff --git a/src/core/modules/auth/repository.server.ts b/src/core/modules/auth/repository.server.ts
new file mode 100644
index 000000000..0d6642361
--- /dev/null
+++ b/src/core/modules/auth/repository.server.ts
@@ -0,0 +1,79 @@
+import 'server-only'
+
+import type { OtpType } from '@/core/modules/auth/models'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+interface VerifyOtpResult {
+  userId: string
+}
+
+type AuthRepositoryDeps = {
+  createSupabaseClient: typeof createClient
+}
+
+export interface AuthRepository {
+  verifyOtp(
+    tokenHash: string,
+    type: OtpType
+  ): Promise<RepoResult<VerifyOtpResult>>
+}
+
+export function createAuthRepository(deps: AuthRepositoryDeps): AuthRepository {
+  return {
+    async verifyOtp(tokenHash, type) {
+      const supabase = await deps.createSupabaseClient()
+
+      const { data, error } = await supabase.auth.verifyOtp({
+        type,
+        token_hash: tokenHash,
+      })
+
+      if (error) {
+        l.error(
+          {
+            key: 'auth_repository:verify_otp:error',
+            error: serializeErrorForLog(error),
+            context: {
+              type,
+              token_hash_prefix: tokenHash.slice(0, 10),
+              error_code: error.code,
+              error_status: error.status,
+            },
+          },
+          `failed to verify OTP: ${error.message}`
+        )
+
+        if (error.status === 403 && error.code === 'otp_expired') {
+          return err(
+            repoErrorFromHttp(
+              400,
+              'Email link has expired. Please request a new one.',
+              error
+            )
+          )
+        }
+
+        return err(
+          repoErrorFromHttp(400, 'Invalid or expired verification link.', error)
+        )
+      }
+
+      if (!data.user) {
+        return err(
+          repoErrorFromHttp(500, 'Verification failed. Please try again.')
+        )
+      }
+
+      return ok({
+        userId: data.user.id,
+      })
+    },
+  }
+}
+
+export const authRepository = createAuthRepository({
+  createSupabaseClient: createClient,
+})
diff --git a/src/types/billing.types.ts b/src/core/modules/billing/models.ts
similarity index 56%
rename from src/types/billing.types.ts
rename to src/core/modules/billing/models.ts
index e7318dbd1..e79e3233e 100644
--- a/src/types/billing.types.ts
+++ b/src/core/modules/billing/models.ts
@@ -1,6 +1,4 @@
-import type { ADDON_500_SANDBOXES_ID } from '@/features/dashboard/billing/constants'
-
-interface Invoice {
+export interface Invoice {
   cost: number
   paid: boolean
   url: string
@@ -8,16 +6,16 @@ interface Invoice {
   credits_used: number
 }
 
-interface BillingLimit {
+export interface BillingLimit {
   limit_amount_gte: number | null
   alert_amount_gte: number | null
 }
 
-interface CustomerPortalResponse {
+export interface CustomerPortalResponse {
   url: string
 }
 
-interface UsageResponse {
+export interface UsageResponse {
   credits: number
   day_usages: {
     date: string
@@ -37,31 +35,31 @@ interface UsageResponse {
   }[]
 }
 
-interface CreateTeamsResponse {
+export interface CreateTeamsResponse {
   id: string
   slug: string
 }
 
-interface AddOnOrderItem {
-  name: typeof ADDON_500_SANDBOXES_ID
+export interface AddOnOrderItem {
+  name: string
   quantity: number
 }
 
-interface AddOnOrderCreateResponse {
+export interface AddOnOrderCreateResponse {
   id: string
   amount_due: number
   items: AddOnOrderItem[]
 }
 
-interface AddOnOrderConfirmResponse {
+export interface AddOnOrderConfirmResponse {
   client_secret: string
 }
 
-interface PaymentMethodsCustomerSession {
+export interface PaymentMethodsCustomerSession {
   client_secret: string
 }
 
-interface TierLimits {
+export interface TierLimits {
   sandbox_concurrency: number
   max_cpu: number
   max_ram_mib: number
@@ -69,49 +67,31 @@ interface TierLimits {
   disk_size_mib: number
 }
 
-interface TierInfo {
+export interface TierInfo {
   id: string
   name: string
   price_cents: number
   limits?: TierLimits
 }
 
-interface AddonInfo {
-  id: typeof ADDON_500_SANDBOXES_ID
+export interface AddonInfo {
+  id: string
   name: string
   price_cents: number
   quantity?: number
 }
 
-interface TeamAddons {
+export interface TeamAddons {
   current: AddonInfo[]
   available: AddonInfo[]
 }
 
-interface TeamTiers {
+export interface TeamTiers {
   current: string
   available: TierInfo[]
 }
 
-interface TeamItems {
+export interface TeamItems {
   tiers: TeamTiers
   addons: TeamAddons
 }
-
-export type {
-  AddonInfo,
-  AddOnOrderConfirmResponse,
-  AddOnOrderCreateResponse,
-  AddOnOrderItem,
-  BillingLimit,
-  CreateTeamsResponse,
-  CustomerPortalResponse,
-  Invoice,
-  PaymentMethodsCustomerSession,
-  TeamAddons,
-  TeamItems,
-  TeamTiers,
-  TierInfo,
-  TierLimits,
-  UsageResponse,
-}
diff --git a/src/core/modules/billing/repository.server.ts b/src/core/modules/billing/repository.server.ts
new file mode 100644
index 000000000..a0b5b9277
--- /dev/null
+++ b/src/core/modules/billing/repository.server.ts
@@ -0,0 +1,265 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type {
+  AddOnOrderConfirmResponse,
+  AddOnOrderCreateResponse,
+  BillingLimit,
+  CustomerPortalResponse,
+  Invoice,
+  PaymentMethodsCustomerSession,
+  TeamItems,
+  UsageResponse,
+} from '@/core/modules/billing/models'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type BillingRepositoryDeps = {
+  billingApiUrl: string
+}
+
+export type BillingScope = TeamRequestScope
+
+export interface BillingRepository {
+  createCheckout(tierId: string): Promise<RepoResult<{ url: string }>>
+  createCustomerPortalSession(
+    origin?: string | null
+  ): Promise<RepoResult<CustomerPortalResponse>>
+  getItems(): Promise<RepoResult<TeamItems>>
+  getUsage(): Promise<RepoResult<UsageResponse>>
+  getInvoices(): Promise<RepoResult<Invoice[]>>
+  getLimits(): Promise<RepoResult<BillingLimit>>
+  setLimit(key: string, value: number): Promise<RepoResult<void>>
+  clearLimit(key: string): Promise<RepoResult<void>>
+  createOrder(itemId: string): Promise<RepoResult<AddOnOrderCreateResponse>>
+  confirmOrder(orderId: string): Promise<RepoResult<AddOnOrderConfirmResponse>>
+  getCustomerSession(): Promise<RepoResult<PaymentMethodsCustomerSession>>
+}
+
+async function parseText(response: Response): Promise<string> {
+  return (await response.text()) || 'Request failed'
+}
+
+export function createBillingRepository(
+  scope: BillingScope,
+  deps: BillingRepositoryDeps = {
+    billingApiUrl: process.env.BILLING_API_URL ?? '',
+  }
+): BillingRepository {
+  return {
+    async createCheckout(tierId) {
+      const res = await fetch(`${deps.billingApiUrl}/checkouts`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+        },
+        body: JSON.stringify({
+          teamID: scope.teamId,
+          tierID: tierId,
+        }),
+      })
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      const data = (await res.json()) as { url: string; error?: string }
+      if (data.error) {
+        return err(repoErrorFromHttp(500, data.error))
+      }
+
+      return ok({ url: data.url })
+    },
+    async createCustomerPortalSession(origin) {
+      const res = await fetch(`${deps.billingApiUrl}/stripe/portal`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          ...(origin ? { Origin: origin } : {}),
+          ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as CustomerPortalResponse)
+    },
+    async getItems() {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/items`,
+        {
+          method: 'GET',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as TeamItems)
+    },
+    async getUsage() {
+      const res = await fetch(
+        `${deps.billingApiUrl}/v2/teams/${scope.teamId}/usage`,
+        {
+          method: 'GET',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      const responseData = (await res.json()) as UsageResponse
+      return ok({
+        ...responseData,
+        hour_usages: responseData.hour_usages.map((hour) => ({
+          ...hour,
+          timestamp: hour.timestamp * 1000,
+        })),
+      })
+    },
+    async getInvoices() {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/invoices`,
+        {
+          headers: {
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as Invoice[])
+    },
+    async getLimits() {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/billing-limits`,
+        {
+          method: 'GET',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as BillingLimit)
+    },
+    async setLimit(key, value) {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/billing-limits`,
+        {
+          method: 'PATCH',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+          body: JSON.stringify({
+            [key]: value,
+          }),
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok(undefined)
+    },
+    async clearLimit(key) {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/billing-limits/${key}`,
+        {
+          method: 'DELETE',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok(undefined)
+    },
+    async createOrder(itemId) {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/orders`,
+        {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+          body: JSON.stringify({
+            items: [{ name: itemId, quantity: 1 }],
+          }),
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as AddOnOrderCreateResponse)
+    },
+    async confirmOrder(orderId) {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/orders/${orderId}`,
+        {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as AddOnOrderConfirmResponse)
+    },
+    async getCustomerSession() {
+      const res = await fetch(
+        `${deps.billingApiUrl}/teams/${scope.teamId}/payment-methods/customer-session`,
+        {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            ...SUPABASE_AUTH_HEADERS(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!res.ok) {
+        return err(repoErrorFromHttp(res.status, await parseText(res)))
+      }
+
+      return ok((await res.json()) as PaymentMethodsCustomerSession)
+    },
+  }
+}
diff --git a/src/core/modules/builds/constants.ts b/src/core/modules/builds/constants.ts
new file mode 100644
index 000000000..dcaa92e49
--- /dev/null
+++ b/src/core/modules/builds/constants.ts
@@ -0,0 +1,7 @@
+import type { BuildStatus } from './models'
+
+export const INITIAL_BUILD_STATUSES: BuildStatus[] = [
+  'building',
+  'failed',
+  'success',
+]
diff --git a/src/server/api/models/builds.models.ts b/src/core/modules/builds/models.ts
similarity index 75%
rename from src/server/api/models/builds.models.ts
rename to src/core/modules/builds/models.ts
index 9d5d04e59..e94eb62c1 100644
--- a/src/server/api/models/builds.models.ts
+++ b/src/core/modules/builds/models.ts
@@ -1,6 +1,6 @@
 import { z } from 'zod'
-import type { components as dashboardComponents } from '@/types/dashboard-api.types'
-import type { components as infraComponents } from '@/types/infra-api.types'
+import type { components as dashboardComponents } from '@/contracts/dashboard-api'
+import type { components as infraComponents } from '@/contracts/infra-api'
 
 export type BuildStatus = dashboardComponents['schemas']['BuildStatus']
 
@@ -22,7 +22,7 @@ type _BuildStatusExhaustiveCheck = AssertTrue<
 // TypeCheck: End
 
 export const BuildStatusSchema = z.enum(BUILD_STATUS_VALUES)
-export interface ListedBuildDTO {
+export interface ListedBuildModel {
   id: string
   // id or alias
   template: string
@@ -33,25 +33,25 @@ export interface ListedBuildDTO {
   finishedAt: number | null
 }
 
-export interface RunningBuildStatusDTO {
+export interface RunningBuildStatusModel {
   id: string
   status: BuildStatus
   finishedAt: number | null
   statusMessage: string | null
 }
 
-export interface BuildLogDTO {
+export interface BuildLogModel {
   timestampUnix: number
   level: infraComponents['schemas']['LogLevel']
   message: string
 }
 
-export interface BuildLogsDTO {
-  logs: BuildLogDTO[]
+export interface BuildLogsModel {
+  logs: BuildLogModel[]
   nextCursor: number | null
 }
 
-export interface BuildDetailsDTO {
+export interface BuildDetailsModel {
   templateNames: string[] | null
   // id or alias
   template: string
diff --git a/src/core/modules/builds/repository.server.ts b/src/core/modules/builds/repository.server.ts
new file mode 100644
index 000000000..6148dc772
--- /dev/null
+++ b/src/core/modules/builds/repository.server.ts
@@ -0,0 +1,331 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type { components as InfraComponents } from '@/contracts/infra-api'
+import { INITIAL_BUILD_STATUSES } from '@/core/modules/builds/constants'
+import type {
+  BuildStatus,
+  ListedBuildModel,
+  RunningBuildStatusModel,
+} from '@/core/modules/builds/models'
+import { api, infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type BuildsRepositoryDeps = {
+  apiClient: typeof api
+  infraClient: typeof infra
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export type BuildsScope = TeamRequestScope
+
+export interface BuildsRepository {
+  listBuilds(
+    buildIdOrTemplate?: string,
+    statuses?: BuildStatus[],
+    options?: ListBuildsOptions
+  ): Promise<RepoResult<ListBuildsResult>>
+  getRunningStatuses(
+    buildIds: string[]
+  ): Promise<RepoResult<RunningBuildStatusModel[]>>
+  getBuildInfo(buildId: string): Promise<RepoResult<BuildInfoResult>>
+  getInfraBuildStatus(
+    templateId: string,
+    buildId: string
+  ): Promise<RepoResult<InfraComponents['schemas']['TemplateBuildInfo']>>
+  getInfraBuildLogs(
+    templateId: string,
+    buildId: string,
+    options?: GetInfraBuildLogsOptions
+  ): Promise<
+    RepoResult<InfraComponents['schemas']['TemplateBuildLogsResponse']>
+  >
+}
+
+const LIST_BUILDS_DEFAULT_LIMIT = 50
+const LIST_BUILDS_MIN_LIMIT = 1
+const LIST_BUILDS_MAX_LIMIT = 100
+
+function normalizeListBuildsLimit(limit?: number): number {
+  return Math.max(
+    LIST_BUILDS_MIN_LIMIT,
+    Math.min(limit ?? LIST_BUILDS_DEFAULT_LIMIT, LIST_BUILDS_MAX_LIMIT)
+  )
+}
+
+interface ListBuildsOptions {
+  limit?: number
+  cursor?: string
+}
+
+interface ListBuildsResult {
+  data: ListedBuildModel[]
+  nextCursor: string | null
+}
+
+interface BuildInfoResult {
+  names: string[] | null
+  createdAt: number
+  finishedAt: number | null
+  status: ListedBuildModel['status']
+  statusMessage: string | null
+}
+
+export interface GetInfraBuildLogsOptions {
+  cursor?: number
+  limit?: number
+  direction?: 'forward' | 'backward'
+  level?: 'debug' | 'info' | 'warn' | 'error'
+}
+
+export function createBuildsRepository(
+  scope: BuildsScope,
+  deps: BuildsRepositoryDeps = {
+    apiClient: api,
+    infraClient: infra,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): BuildsRepository {
+  return {
+    async listBuilds(
+      buildIdOrTemplate,
+      statuses = INITIAL_BUILD_STATUSES,
+      options = {}
+    ): Promise<RepoResult<ListBuildsResult>> {
+      const limit = normalizeListBuildsLimit(options.limit)
+      const result = await deps.apiClient.GET('/builds', {
+        params: {
+          query: {
+            build_id_or_template: buildIdOrTemplate?.trim() || undefined,
+            statuses,
+            limit,
+            cursor: options.cursor,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:builds:list_builds:dashboard_api_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/builds',
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch builds',
+            result.error
+          )
+        )
+      }
+
+      const builds = result.data?.data ?? []
+      if (builds.length === 0) {
+        return ok({
+          data: [],
+          nextCursor: null,
+        })
+      }
+
+      return ok({
+        data: builds.map(
+          (build): ListedBuildModel => ({
+            id: build.id,
+            template: build.template,
+            templateId: build.templateId,
+            status: build.status,
+            statusMessage: build.statusMessage,
+            createdAt: new Date(build.createdAt).getTime(),
+            finishedAt: build.finishedAt
+              ? new Date(build.finishedAt).getTime()
+              : null,
+          })
+        ),
+        nextCursor: result.data?.nextCursor ?? null,
+      })
+    },
+    async getRunningStatuses(buildIds) {
+      if (buildIds.length === 0) {
+        return ok([])
+      }
+
+      const result = await deps.apiClient.GET('/builds/statuses', {
+        params: {
+          query: {
+            build_ids: buildIds,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:builds:get_running_statuses:dashboard_api_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/builds/statuses',
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch build statuses',
+            result.error
+          )
+        )
+      }
+
+      return ok(
+        (result.data?.buildStatuses ?? []).map((row) => ({
+          id: row.id,
+          status: row.status,
+          finishedAt: row.finishedAt
+            ? new Date(row.finishedAt).getTime()
+            : null,
+          statusMessage: row.statusMessage,
+        }))
+      )
+    },
+    async getBuildInfo(buildId) {
+      const result = await deps.apiClient.GET('/builds/{build_id}', {
+        params: {
+          path: {
+            build_id: buildId,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:builds:get_build_info:dashboard_api_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/builds/{build_id}',
+            build_id: buildId,
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch build info',
+            result.error
+          )
+        )
+      }
+
+      const data = result.data
+
+      return ok({
+        names: data.names ?? null,
+        createdAt: new Date(data.createdAt).getTime(),
+        finishedAt: data.finishedAt
+          ? new Date(data.finishedAt).getTime()
+          : null,
+        status: data.status,
+        statusMessage: data.statusMessage,
+      })
+    },
+    async getInfraBuildStatus(templateId, buildId) {
+      const result = await deps.infraClient.GET(
+        '/templates/{templateID}/builds/{buildID}/status',
+        {
+          params: {
+            path: {
+              templateID: templateId,
+              buildID: buildId,
+            },
+            query: {
+              limit: 0,
+            },
+          },
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:builds:get_build_status:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/templates/{templateID}/builds/{buildID}/status',
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch build status',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+    async getInfraBuildLogs(templateId, buildId, options = {}) {
+      const result = await deps.infraClient.GET(
+        '/templates/{templateID}/builds/{buildID}/logs',
+        {
+          params: {
+            path: {
+              templateID: templateId,
+              buildID: buildId,
+            },
+            query: {
+              cursor: options.cursor,
+              limit: options.limit,
+              direction: options.direction,
+              level: options.level,
+            },
+          },
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:builds:get_build_logs:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/templates/{templateID}/builds/{buildID}/logs',
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch build logs',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+  }
+}
diff --git a/src/core/modules/keys/models.ts b/src/core/modules/keys/models.ts
new file mode 100644
index 000000000..ce1e5094e
--- /dev/null
+++ b/src/core/modules/keys/models.ts
@@ -0,0 +1,4 @@
+import type { components as InfraComponents } from '@/contracts/infra-api'
+
+export type CreatedTeamAPIKey = InfraComponents['schemas']['CreatedTeamAPIKey']
+export type TeamAPIKey = InfraComponents['schemas']['TeamAPIKey']
diff --git a/src/core/modules/keys/repository.server.ts b/src/core/modules/keys/repository.server.ts
new file mode 100644
index 000000000..030b2c4c7
--- /dev/null
+++ b/src/core/modules/keys/repository.server.ts
@@ -0,0 +1,97 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type { CreatedTeamAPIKey, TeamAPIKey } from '@/core/modules/keys/models'
+import { infra } from '@/core/shared/clients/api'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type KeysRepositoryDeps = {
+  infraClient: typeof infra
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export type KeysScope = TeamRequestScope
+
+export interface KeysRepository {
+  listTeamApiKeys(): Promise<RepoResult<TeamAPIKey[]>>
+  createApiKey(name: string): Promise<RepoResult<CreatedTeamAPIKey>>
+  deleteApiKey(apiKeyId: string): Promise<RepoResult<void>>
+}
+
+export function createKeysRepository(
+  scope: KeysScope,
+  deps: KeysRepositoryDeps = {
+    infraClient: infra,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): KeysRepository {
+  return {
+    async listTeamApiKeys() {
+      const res = await deps.infraClient.GET('/api-keys', {
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to get API keys',
+            res.error
+          )
+        )
+      }
+
+      return ok(res.data ?? [])
+    },
+    async createApiKey(name) {
+      const res = await deps.infraClient.POST('/api-keys', {
+        body: {
+          name,
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to create API key',
+            res.error
+          )
+        )
+      }
+
+      return ok(res.data)
+    },
+    async deleteApiKey(apiKeyId) {
+      const res = await deps.infraClient.DELETE('/api-keys/{apiKeyID}', {
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        params: {
+          path: {
+            apiKeyID: apiKeyId,
+          },
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to delete API key',
+            res.error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+  }
+}
diff --git a/src/types/sandboxes.types.ts b/src/core/modules/sandboxes/models.client.ts
similarity index 80%
rename from src/types/sandboxes.types.ts
rename to src/core/modules/sandboxes/models.client.ts
index fd3382d9c..0766be2f9 100644
--- a/src/types/sandboxes.types.ts
+++ b/src/core/modules/sandboxes/models.client.ts
@@ -1,4 +1,4 @@
-import type { TeamMetric } from './api.types'
+import type { TeamMetric } from './models'
 
 export type ClientSandboxMetric = {
   cpuCount: number
@@ -16,7 +16,7 @@ export type ClientTeamMetric = Pick<
   TeamMetric,
   'concurrentSandboxes' | 'sandboxStartRate'
 > & {
-  timestamp: number // unix timestamp in milliseconds
+  timestamp: number
 }
 
 export type ClientTeamMetrics = Array<ClientTeamMetric>
diff --git a/src/server/api/models/sandboxes.models.ts b/src/core/modules/sandboxes/models.ts
similarity index 70%
rename from src/server/api/models/sandboxes.models.ts
rename to src/core/modules/sandboxes/models.ts
index ef5afe02f..36044f9b3 100644
--- a/src/server/api/models/sandboxes.models.ts
+++ b/src/core/modules/sandboxes/models.ts
@@ -1,10 +1,16 @@
-import type { components as ArgusComponents } from '@/types/argus-api.types'
-import type { components as DashboardComponents } from '@/types/dashboard-api.types'
-import type { components as InfraComponents } from '@/types/infra-api.types'
+import type { components as ArgusComponents } from '@/contracts/argus-api'
+import type { components as DashboardComponents } from '@/contracts/dashboard-api'
+import type { components as InfraComponents } from '@/contracts/infra-api'
 
 export type SandboxLogLevel = InfraComponents['schemas']['LogLevel']
-
-interface SandboxDetailsBaseDTO {
+export type Sandbox = InfraComponents['schemas']['ListedSandbox']
+export type Sandboxes = InfraComponents['schemas']['ListedSandbox'][]
+export type SandboxesMetricsRecord =
+  InfraComponents['schemas']['SandboxesWithMetrics']['sandboxes']
+export type TeamMetric = InfraComponents['schemas']['TeamMetric']
+export type SandboxInfo = InfraComponents['schemas']['SandboxDetail']
+
+interface SandboxDetailsBaseModel {
   templateID: string
   alias?: string
   sandboxID: string
@@ -13,10 +19,10 @@ interface SandboxDetailsBaseDTO {
   cpuCount: number
   memoryMB: number
   diskSizeMB: number
-  lifecycle?: SandboxLifecycleDTO
+  lifecycle?: SandboxLifecycleModel
 }
 
-interface ActiveSandboxDetailsDTO extends SandboxDetailsBaseDTO {
+interface ActiveSandboxDetailsModel extends SandboxDetailsBaseModel {
   endAt: string
   envdVersion: string
   envdAccessToken?: string
@@ -24,35 +30,35 @@ interface ActiveSandboxDetailsDTO extends SandboxDetailsBaseDTO {
   state: InfraComponents['schemas']['SandboxState']
 }
 
-interface KilledSandboxDetailsDTO extends SandboxDetailsBaseDTO {
+interface KilledSandboxDetailsModel extends SandboxDetailsBaseModel {
   endAt: string | null
   stoppedAt: string | null
   state: 'killed'
 }
 
-export type SandboxDetailsDTO =
-  | ActiveSandboxDetailsDTO
-  | KilledSandboxDetailsDTO
+export type SandboxDetailsModel =
+  | ActiveSandboxDetailsModel
+  | KilledSandboxDetailsModel
 
-export interface SandboxLogDTO {
+export interface SandboxLogModel {
   timestampUnix: number
   level: SandboxLogLevel
   message: string
 }
 
-export interface SandboxLogsDTO {
-  logs: SandboxLogDTO[]
+export interface SandboxLogsModel {
+  logs: SandboxLogModel[]
   nextCursor: number | null
 }
 
 export type SandboxMetric = InfraComponents['schemas']['SandboxMetric']
-export type SandboxEventDTO = ArgusComponents['schemas']['SandboxEvent']
+export type SandboxEventModel = ArgusComponents['schemas']['SandboxEvent']
 
-export interface SandboxLifecycleDTO {
+export interface SandboxLifecycleModel {
   createdAt: string | null
   pausedAt: string | null
   endedAt: string | null
-  events: SandboxEventDTO[]
+  events: SandboxEventModel[]
 }
 
 const SANDBOX_LIFECYCLE_EVENT_PREFIX = 'sandbox.lifecycle.'
@@ -74,7 +80,9 @@ function parseEventTimestampMs(value: string): number | null {
   return timestampMs
 }
 
-function sortEventsByTimestamp(events: SandboxEventDTO[]): SandboxEventDTO[] {
+function sortEventsByTimestamp(
+  events: SandboxEventModel[]
+): SandboxEventModel[] {
   return [...events].sort((a, b) => {
     const timestampA =
       parseEventTimestampMs(a.timestamp) ?? Number.MAX_SAFE_INTEGER
@@ -89,8 +97,8 @@ function sortEventsByTimestamp(events: SandboxEventDTO[]): SandboxEventDTO[] {
 }
 
 export function deriveSandboxLifecycleFromEvents(
-  events: SandboxEventDTO[]
-): SandboxLifecycleDTO {
+  events: SandboxEventModel[]
+): SandboxLifecycleModel {
   const lifecycleEvents = sortEventsByTimestamp(
     events.filter((event) =>
       event.type.startsWith(SANDBOX_LIFECYCLE_EVENT_PREFIX)
@@ -100,7 +108,7 @@ export function deriveSandboxLifecycleFromEvents(
   let createdAt: string | null = null
   let pausedAt: string | null = null
   let endedAt: string | null = null
-  let lastEvent: SandboxEventDTO | null = null
+  let lastEvent: SandboxEventModel | null = null
 
   for (const event of lifecycleEvents) {
     const timestampMs = parseEventTimestampMs(event.timestamp)
@@ -133,9 +141,9 @@ export function deriveSandboxLifecycleFromEvents(
 
 // mappings
 
-export function mapInfraSandboxLogToDTO(
+export function mapInfraSandboxLogToModel(
   log: InfraComponents['schemas']['SandboxLogEntry']
-): SandboxLogDTO {
+): SandboxLogModel {
   return {
     timestampUnix: new Date(log.timestamp).getTime(),
     level: log.level,
@@ -143,9 +151,9 @@ export function mapInfraSandboxLogToDTO(
   }
 }
 
-export function mapInfraSandboxDetailsToDTO(
+export function mapInfraSandboxDetailsToModel(
   sandbox: InfraComponents['schemas']['SandboxDetail']
-): SandboxDetailsDTO {
+): SandboxDetailsModel {
   return {
     templateID: sandbox.templateID,
     alias: sandbox.alias,
@@ -163,9 +171,9 @@ export function mapInfraSandboxDetailsToDTO(
   }
 }
 
-export function mapApiSandboxRecordToDTO(
+export function mapApiSandboxRecordToModel(
   sandbox: DashboardComponents['schemas']['SandboxRecord']
-): KilledSandboxDetailsDTO {
+): KilledSandboxDetailsModel {
   const stoppedAt = sandbox.stoppedAt ?? null
 
   return {
diff --git a/src/core/modules/sandboxes/repository.server.ts b/src/core/modules/sandboxes/repository.server.ts
new file mode 100644
index 000000000..2f4ad1aba
--- /dev/null
+++ b/src/core/modules/sandboxes/repository.server.ts
@@ -0,0 +1,506 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type { components as DashboardComponents } from '@/contracts/dashboard-api'
+import type { components as InfraComponents } from '@/contracts/infra-api'
+import type {
+  SandboxEventModel,
+  Sandboxes,
+  SandboxesMetricsRecord,
+  TeamMetric,
+} from '@/core/modules/sandboxes/models'
+import { api, infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type SandboxesRepositoryDeps = {
+  apiClient: typeof api
+  infraClient: typeof infra
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export type SandboxesRequestScope = TeamRequestScope
+
+export interface GetSandboxLogsOptions {
+  cursor?: number
+  limit?: number
+  direction?: 'forward' | 'backward'
+  level?: 'debug' | 'info' | 'warn' | 'error'
+  search?: string
+}
+
+export interface GetSandboxMetricsOptions {
+  startUnixMs: number
+  endUnixMs: number
+}
+
+export interface SandboxesRepository {
+  getSandboxLogs(
+    sandboxId: string,
+    options?: GetSandboxLogsOptions
+  ): Promise<RepoResult<InfraComponents['schemas']['SandboxLogsV2Response']>>
+  getSandboxDetails(sandboxId: string): Promise<
+    RepoResult<
+      | {
+          source: 'infra'
+          details: InfraComponents['schemas']['SandboxDetail']
+        }
+      | {
+          source: 'database-record'
+          details: DashboardComponents['schemas']['SandboxRecord']
+        }
+    >
+  >
+  getSandboxLifecycleEvents(
+    sandboxId: string
+  ): Promise<RepoResult<SandboxEventModel[]>>
+  getSandboxMetrics(
+    sandboxId: string,
+    options: GetSandboxMetricsOptions
+  ): Promise<RepoResult<InfraComponents['schemas']['SandboxMetric'][]>>
+  listSandboxes(): Promise<RepoResult<Sandboxes>>
+  getSandboxesMetrics(
+    sandboxIds: string[]
+  ): Promise<RepoResult<SandboxesMetricsRecord>>
+  getTeamMetricsRange(
+    startUnixSeconds: number,
+    endUnixSeconds: number
+  ): Promise<RepoResult<TeamMetric[]>>
+  getTeamMetricsMax(
+    startUnixSeconds: number,
+    endUnixSeconds: number,
+    metric: 'concurrent_sandboxes' | 'sandbox_start_rate'
+  ): Promise<RepoResult<InfraComponents['schemas']['MaxTeamMetric']>>
+}
+
+const SANDBOX_NOT_FOUND_MESSAGE =
+  "Sandbox not found or you don't have access to it"
+const SANDBOX_EVENTS_PAGE_SIZE = 100
+const SANDBOX_EVENTS_MAX_PAGES = 50
+const SANDBOX_LIFECYCLE_EVENT_PREFIX = 'sandbox.lifecycle.'
+
+export function createSandboxesRepository(
+  scope: SandboxesRequestScope,
+  deps: SandboxesRepositoryDeps = {
+    apiClient: api,
+    infraClient: infra,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): SandboxesRepository {
+  return {
+    async getSandboxLogs(sandboxId, options = {}) {
+      const result = await deps.infraClient.GET(
+        '/v2/sandboxes/{sandboxID}/logs',
+        {
+          params: {
+            path: {
+              sandboxID: sandboxId,
+            },
+            query: {
+              cursor: options.cursor,
+              limit: options.limit,
+              direction: options.direction,
+              level: options.level,
+              search: options.search,
+            },
+          },
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!result.response.ok || result.error) {
+        const status = result.response.status
+
+        l.error(
+          {
+            key: 'repositories:sandboxes:get_sandbox_logs:infra_error',
+            error: result.error,
+            team_id: scope.teamId,
+            context: {
+              status,
+              path: '/v2/sandboxes/{sandboxID}/logs',
+              sandbox_id: sandboxId,
+            },
+          },
+          `failed to fetch /v2/sandboxes/{sandboxID}/logs: ${result.error?.message || 'Unknown error'}`
+        )
+
+        return err(
+          repoErrorFromHttp(
+            status,
+            status === 404
+              ? SANDBOX_NOT_FOUND_MESSAGE
+              : (result.error?.message ?? 'Failed to fetch sandbox logs'),
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+    async getSandboxDetails(sandboxId) {
+      const infraResult = await deps.infraClient.GET('/sandboxes/{sandboxID}', {
+        params: {
+          path: {
+            sandboxID: sandboxId,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        cache: 'no-store',
+      })
+
+      if (infraResult.response.ok && infraResult.data) {
+        return ok({
+          source: 'infra' as const,
+          details: infraResult.data,
+        })
+      }
+
+      const infraStatus = infraResult.response.status
+
+      if (infraStatus !== 404) {
+        l.error({
+          key: 'repositories:sandboxes:get_sandbox_details:infra_error',
+          error: infraResult.error,
+          team_id: scope.teamId,
+          context: {
+            status: infraStatus,
+            path: '/sandboxes/{sandboxID}',
+            sandbox_id: sandboxId,
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            infraStatus,
+            infraResult.error?.message ?? 'Failed to fetch sandbox details',
+            infraResult.error
+          )
+        )
+      }
+
+      const dashboardResult = await deps.apiClient.GET(
+        '/sandboxes/{sandboxID}/record',
+        {
+          params: {
+            path: {
+              sandboxID: sandboxId,
+            },
+          },
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+          cache: 'no-store',
+        }
+      )
+
+      if (dashboardResult.response.ok && dashboardResult.data) {
+        return ok({
+          source: 'database-record' as const,
+          details: dashboardResult.data,
+        })
+      }
+
+      const dashboardStatus = dashboardResult.response.status
+
+      if (dashboardStatus === 404) {
+        return err(repoErrorFromHttp(404, SANDBOX_NOT_FOUND_MESSAGE))
+      }
+
+      l.error({
+        key: 'repositories:sandboxes:get_sandbox_details:fallback_error',
+        error: dashboardResult.error,
+        team_id: scope.teamId,
+        context: {
+          status: dashboardStatus,
+          path: '/sandboxes/{sandboxID}/record',
+          infra_status: infraStatus,
+          sandbox_id: sandboxId,
+        },
+      })
+      return err(
+        repoErrorFromHttp(
+          dashboardStatus,
+          dashboardResult.error?.message ?? 'Failed to fetch sandbox details',
+          dashboardResult.error
+        )
+      )
+    },
+    async getSandboxLifecycleEvents(sandboxId) {
+      const lifecycleEvents: SandboxEventModel[] = []
+
+      for (
+        let pageIndex = 0, offset = 0;
+        pageIndex < SANDBOX_EVENTS_MAX_PAGES;
+        pageIndex += 1, offset += SANDBOX_EVENTS_PAGE_SIZE
+      ) {
+        try {
+          const result = await deps.infraClient.GET(
+            '/events/sandboxes/{sandboxID}',
+            {
+              params: {
+                path: {
+                  sandboxID: sandboxId,
+                },
+                query: {
+                  offset,
+                  limit: SANDBOX_EVENTS_PAGE_SIZE,
+                  orderAsc: true,
+                },
+              },
+              headers: {
+                ...deps.authHeaders(scope.accessToken, scope.teamId),
+              },
+              cache: 'no-store',
+            }
+          )
+
+          if (!result.response.ok || result.error) {
+            l.warn({
+              key: 'repositories:sandboxes:get_sandbox_lifecycle_events:infra_error',
+              error: result.error,
+              team_id: scope.teamId,
+              context: {
+                status: result.response.status,
+                path: '/events/sandboxes/{sandboxID}',
+                sandbox_id: sandboxId,
+                offset,
+                limit: SANDBOX_EVENTS_PAGE_SIZE,
+              },
+            })
+            break
+          }
+
+          const page = result.data ?? []
+          lifecycleEvents.push(
+            ...page.filter((event) =>
+              event.type.startsWith(SANDBOX_LIFECYCLE_EVENT_PREFIX)
+            )
+          )
+
+          if (page.length < SANDBOX_EVENTS_PAGE_SIZE) {
+            break
+          }
+        } catch (error) {
+          l.warn({
+            key: 'repositories:sandboxes:get_sandbox_lifecycle_events:infra_exception',
+            error,
+            team_id: scope.teamId,
+            context: {
+              path: '/events/sandboxes/{sandboxID}',
+              sandbox_id: sandboxId,
+              offset,
+              limit: SANDBOX_EVENTS_PAGE_SIZE,
+            },
+          })
+          break
+        }
+      }
+
+      return ok(lifecycleEvents)
+    },
+    async getSandboxMetrics(sandboxId, options) {
+      const startUnixSeconds = Math.floor(options.startUnixMs / 1000)
+      const endUnixSeconds = Math.floor(options.endUnixMs / 1000)
+
+      const result = await deps.infraClient.GET(
+        '/sandboxes/{sandboxID}/metrics',
+        {
+          params: {
+            path: {
+              sandboxID: sandboxId,
+            },
+            query: {
+              start: startUnixSeconds,
+              end: endUnixSeconds,
+            },
+          },
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+        }
+      )
+
+      if (!result.response.ok || result.error) {
+        const status = result.response.status
+
+        l.error(
+          {
+            key: 'repositories:sandboxes:get_sandbox_metrics:infra_error',
+            error: result.error,
+            team_id: scope.teamId,
+            context: {
+              status,
+              path: '/sandboxes/{sandboxID}/metrics',
+              sandbox_id: sandboxId,
+            },
+          },
+          `failed to fetch /sandboxes/{sandboxID}/metrics: ${result.error?.message || 'Unknown error'}`
+        )
+
+        return err(
+          repoErrorFromHttp(
+            status,
+            status === 404
+              ? SANDBOX_NOT_FOUND_MESSAGE
+              : (result.error?.message ?? 'Failed to fetch sandbox metrics'),
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+    async listSandboxes() {
+      const result = await deps.infraClient.GET('/sandboxes', {
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        cache: 'no-store',
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:sandboxes:list_sandboxes:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/sandboxes',
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to list sandboxes',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+    async getSandboxesMetrics(sandboxIds) {
+      const result = await deps.infraClient.GET('/sandboxes/metrics', {
+        params: {
+          query: {
+            sandbox_ids: sandboxIds,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        cache: 'no-store',
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:sandboxes:get_sandboxes_metrics:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/sandboxes/metrics',
+            sandbox_ids: sandboxIds,
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch sandboxes metrics',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data.sandboxes)
+    },
+    async getTeamMetricsRange(startUnixSeconds, endUnixSeconds) {
+      const result = await deps.infraClient.GET('/teams/{teamID}/metrics', {
+        params: {
+          path: {
+            teamID: scope.teamId,
+          },
+          query: {
+            start: startUnixSeconds,
+            end: endUnixSeconds,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        cache: 'no-store',
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:sandboxes:get_team_metrics:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/teams/{teamID}/metrics',
+            start_unix_seconds: startUnixSeconds,
+            end_unix_seconds: endUnixSeconds,
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch team metrics',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+    async getTeamMetricsMax(startUnixSeconds, endUnixSeconds, metric) {
+      const result = await deps.infraClient.GET('/teams/{teamID}/metrics/max', {
+        params: {
+          path: {
+            teamID: scope.teamId,
+          },
+          query: {
+            start: startUnixSeconds,
+            end: endUnixSeconds,
+            metric,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+        cache: 'no-store',
+      })
+
+      if (!result.response.ok || result.error) {
+        l.error({
+          key: 'repositories:sandboxes:get_team_metrics_max:infra_error',
+          error: result.error,
+          team_id: scope.teamId,
+          context: {
+            status: result.response.status,
+            path: '/teams/{teamID}/metrics/max',
+            start_unix_seconds: startUnixSeconds,
+            end_unix_seconds: endUnixSeconds,
+            metric,
+          },
+        })
+        return err(
+          repoErrorFromHttp(
+            result.response.status,
+            result.error?.message ?? 'Failed to fetch team metrics max',
+            result.error
+          )
+        )
+      }
+
+      return ok(result.data)
+    },
+  }
+}
diff --git a/src/server/api/schemas/sandboxes.ts b/src/core/modules/sandboxes/schemas.ts
similarity index 100%
rename from src/server/api/schemas/sandboxes.ts
rename to src/core/modules/sandboxes/schemas.ts
diff --git a/src/core/modules/support/repository.server.ts b/src/core/modules/support/repository.server.ts
new file mode 100644
index 000000000..91fa45a97
--- /dev/null
+++ b/src/core/modules/support/repository.server.ts
@@ -0,0 +1,264 @@
+import 'server-only'
+
+import { AttachmentType, PlainClient } from '@team-plain/typescript-sdk'
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+const MAX_FILE_SIZE = 10 * 1024 * 1024
+const MAX_FILES = 5
+
+interface FileInput {
+  name: string
+  type: string
+  base64: string
+}
+
+type SupportRepositoryDeps = {
+  createPlainClient: () => PlainClient
+}
+
+export type SupportScope = TeamRequestScope
+
+export interface SupportRepository {
+  getTeamSupportData(): Promise<
+    RepoResult<{
+      name: string
+      email: string
+      tier: string
+    }>
+  >
+  createSupportThread(input: {
+    description: string
+    files?: FileInput[]
+    teamId: string
+    teamName: string
+    customerEmail: string
+    accountOwnerEmail: string
+    customerTier: string
+  }): Promise<RepoResult<{ threadId: string }>>
+}
+
+function formatThreadText(input: {
+  description: string
+  teamId: string
+  customerEmail: string
+  accountOwnerEmail: string
+  customerTier: string
+}): string {
+  const {
+    description,
+    teamId,
+    customerEmail,
+    accountOwnerEmail,
+    customerTier,
+  } = input
+
+  const header = [
+    '########',
+    `Customer: ${customerEmail}`,
+    `Account Owner: ${accountOwnerEmail}`,
+    `Tier: ${customerTier}`,
+    `TeamID: ${teamId}`,
+    `Orbit: https://orbit.e2b.dev/teams/${teamId}/users`,
+    '########',
+  ].join('\n')
+
+  const truncatedDescription = description.slice(0, 10000)
+
+  return `${header}\n\n${truncatedDescription}`
+}
+
+async function uploadAttachmentToPlain(
+  client: PlainClient,
+  customerId: string,
+  file: FileInput
+): Promise<string> {
+  const buffer = Buffer.from(file.base64, 'base64')
+
+  if (buffer.byteLength > MAX_FILE_SIZE) {
+    throw new Error(`File ${file.name} exceeds 10MB limit`)
+  }
+
+  const uploadUrlResult = await client.createAttachmentUploadUrl({
+    customerId,
+    fileName: file.name,
+    fileSizeBytes: buffer.byteLength,
+    attachmentType: AttachmentType.CustomTimelineEntry,
+  })
+
+  if (uploadUrlResult.error) {
+    throw new Error(
+      `Failed to create upload URL for ${file.name}: ${uploadUrlResult.error.message}`
+    )
+  }
+
+  const { uploadFormUrl, uploadFormData, attachment } = uploadUrlResult.data
+  const formData = new FormData()
+  for (const { key, value } of uploadFormData) {
+    formData.append(key, value)
+  }
+  formData.append('file', new Blob([buffer], { type: file.type }), file.name)
+
+  const uploadResponse = await fetch(uploadFormUrl, {
+    method: 'POST',
+    body: formData,
+  })
+
+  if (!uploadResponse.ok) {
+    throw new Error(
+      `Failed to upload ${file.name}: ${uploadResponse.status} ${uploadResponse.statusText}`
+    )
+  }
+
+  return attachment.id
+}
+
+export function createSupportRepository(
+  scope: SupportScope,
+  deps: SupportRepositoryDeps = {
+    createPlainClient: () =>
+      new PlainClient({
+        apiKey: process.env.PLAIN_API_KEY ?? '',
+      }),
+  }
+): SupportRepository {
+  return {
+    async getTeamSupportData() {
+      const teamsResult = await createUserTeamsRepository({
+        accessToken: scope.accessToken,
+      }).listUserTeams()
+
+      if (!teamsResult.ok) {
+        l.error(
+          {
+            key: 'repositories:support:fetch_team_error',
+            error: teamsResult.error,
+            team_id: scope.teamId,
+          },
+          'failed to fetch team data'
+        )
+        return err(teamsResult.error)
+      }
+
+      const team = teamsResult.data.find(
+        (candidate) => candidate.id === scope.teamId
+      )
+
+      if (!team) {
+        return err(
+          repoErrorFromHttp(403, 'Team not found or access denied', {
+            teamId: scope.teamId,
+          })
+        )
+      }
+
+      return ok({ name: team.name, email: team.email, tier: team.tier })
+    },
+    async createSupportThread(input) {
+      if (!process.env.PLAIN_API_KEY) {
+        return err(repoErrorFromHttp(500, 'Support API not configured'))
+      }
+
+      const {
+        description,
+        files,
+        teamId,
+        teamName,
+        customerEmail,
+        accountOwnerEmail,
+        customerTier,
+      } = input
+
+      const client = deps.createPlainClient()
+      const customerResult = await client.upsertCustomer({
+        identifier: {
+          emailAddress: customerEmail,
+        },
+        onCreate: {
+          email: {
+            email: customerEmail,
+            isVerified: true,
+          },
+          fullName: customerEmail,
+        },
+        onUpdate: {},
+      })
+
+      if (customerResult.error) {
+        return err(
+          repoErrorFromHttp(
+            500,
+            'Failed to create support ticket',
+            customerResult.error
+          )
+        )
+      }
+
+      const customerId = customerResult.data.customer.id
+      const attachmentIds: string[] = []
+      const validFiles = (files ?? []).slice(0, MAX_FILES)
+
+      for (const file of validFiles) {
+        try {
+          const attachmentId = await uploadAttachmentToPlain(
+            client,
+            customerId,
+            file
+          )
+          attachmentIds.push(attachmentId)
+        } catch (error) {
+          l.error(
+            {
+              key: 'repositories:support:attachment_upload_error',
+              error: serializeErrorForLog(error),
+              team_id: teamId,
+              context: {
+                file_name: file.name,
+              },
+            },
+            'failed to upload support ticket attachment'
+          )
+        }
+      }
+
+      const title = `Support Request [${teamName}]`
+      const threadText = formatThreadText({
+        description,
+        teamId,
+        customerEmail,
+        accountOwnerEmail,
+        customerTier,
+      })
+
+      const result = await client.createThread({
+        title,
+        customerIdentifier: {
+          customerId,
+        },
+        components: [
+          {
+            componentText: {
+              text: threadText,
+            },
+          },
+        ],
+        ...(attachmentIds.length > 0 ? { attachmentIds } : {}),
+      })
+
+      if (result.error) {
+        return err(
+          repoErrorFromHttp(
+            500,
+            'Failed to create support ticket',
+            result.error
+          )
+        )
+      }
+
+      return ok({ threadId: result.data.id })
+    },
+  }
+}
diff --git a/src/core/modules/teams/models.ts b/src/core/modules/teams/models.ts
new file mode 100644
index 000000000..b77242521
--- /dev/null
+++ b/src/core/modules/teams/models.ts
@@ -0,0 +1,27 @@
+import type { components as DashboardComponents } from '@/contracts/dashboard-api'
+
+export type TeamModel = DashboardComponents['schemas']['UserTeam']
+export type TeamLimits = DashboardComponents['schemas']['UserTeamLimits']
+
+export type TeamMemberInfo = {
+  id: string
+  email: string
+  name?: string
+  avatar_url?: string
+  providers?: string[]
+}
+
+export type TeamMemberRelation = {
+  added_by: string | null
+  is_default: boolean
+}
+
+export type TeamMember = {
+  info: TeamMemberInfo
+  relation: TeamMemberRelation
+}
+
+export type ResolvedTeam = {
+  id: string
+  slug: string
+}
diff --git a/src/core/modules/teams/schemas.ts b/src/core/modules/teams/schemas.ts
new file mode 100644
index 000000000..91ea1d39f
--- /dev/null
+++ b/src/core/modules/teams/schemas.ts
@@ -0,0 +1,23 @@
+import { z } from 'zod'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+export { TeamSlugSchema }
+
+export const TeamNameSchema = z
+  .string()
+  .trim()
+  .min(1, { message: 'Team name cannot be empty' })
+  .max(32, { message: 'Team name cannot be longer than 32 characters' })
+  .regex(/^[a-zA-Z0-9]+(?:[ _.-][a-zA-Z0-9]+)*$/, {
+    message:
+      'Names can only contain letters and numbers, separated by spaces, underscores, hyphens, or dots',
+  })
+
+export const UpdateTeamNameSchema = z.object({
+  teamSlug: TeamSlugSchema,
+  name: TeamNameSchema,
+})
+
+export const CreateTeamSchema = z.object({
+  name: TeamNameSchema,
+})
diff --git a/src/core/modules/teams/teams-repository.server.ts b/src/core/modules/teams/teams-repository.server.ts
new file mode 100644
index 000000000..a3a5ef9df
--- /dev/null
+++ b/src/core/modules/teams/teams-repository.server.ts
@@ -0,0 +1,197 @@
+import 'server-only'
+
+import type { User } from '@supabase/supabase-js'
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type { components as DashboardComponents } from '@/contracts/dashboard-api'
+import { api } from '@/core/shared/clients/api'
+import { supabaseAdmin } from '@/core/shared/clients/supabase/admin'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+import type { TeamMember } from './models'
+
+type TeamsRepositoryDeps = {
+  apiClient: typeof api
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+  adminClient: typeof supabaseAdmin
+}
+
+export type TeamsRequestScope = TeamRequestScope
+
+export interface TeamsRepository {
+  listTeamMembers(): Promise<RepoResult<TeamMember[]>>
+  updateTeamName(
+    name: string
+  ): Promise<RepoResult<DashboardComponents['schemas']['UpdateTeamResponse']>>
+  addTeamMember(email: string): Promise<RepoResult<void>>
+  removeTeamMember(userId: string): Promise<RepoResult<void>>
+  updateTeamProfilePictureUrl(
+    profilePictureUrl: string
+  ): Promise<RepoResult<DashboardComponents['schemas']['UpdateTeamResponse']>>
+}
+
+function extractSignInProviders(user: User | null | undefined): string[] {
+  const appProviders = Array.isArray(user?.app_metadata?.providers)
+    ? user.app_metadata.providers.filter(
+        (provider): provider is string => typeof provider === 'string'
+      )
+    : []
+  const identityProviders =
+    user?.identities
+      ?.map((identity) => identity.provider)
+      .filter((provider): provider is string => typeof provider === 'string') ??
+    []
+
+  return [...new Set([...appProviders, ...identityProviders])]
+}
+
+export function createTeamsRepository(
+  scope: TeamsRequestScope,
+  deps: TeamsRepositoryDeps = {
+    apiClient: api,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+    adminClient: supabaseAdmin,
+  }
+): TeamsRepository {
+  return {
+    async listTeamMembers(): Promise<RepoResult<TeamMember[]>> {
+      const { data, error, response } = await deps.apiClient.GET(
+        '/teams/{teamID}/members',
+        {
+          params: { path: { teamID: scope.teamId } },
+          headers: deps.authHeaders(scope.accessToken, scope.teamId),
+        }
+      )
+
+      if (!response.ok || error) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to fetch team members',
+            error
+          )
+        )
+      }
+
+      const members = data?.members ?? []
+      const enrichedMembers = await Promise.all(
+        members.map(async (member) => {
+          const { data: userData } =
+            await deps.adminClient.auth.admin.getUserById(member.id)
+          const user = userData.user
+
+          return {
+            info: {
+              id: member.id,
+              email: member.email,
+              name: user?.user_metadata?.name,
+              avatar_url: user?.user_metadata?.avatar_url,
+              providers: extractSignInProviders(user),
+            },
+            relation: {
+              added_by: member.addedBy ?? null,
+              is_default: member.isDefault,
+            },
+          } satisfies TeamMember
+        })
+      )
+
+      return ok(enrichedMembers)
+    },
+    async updateTeamName(
+      name
+    ): Promise<
+      RepoResult<DashboardComponents['schemas']['UpdateTeamResponse']>
+    > {
+      const { data, error, response } = await deps.apiClient.PATCH(
+        '/teams/{teamID}',
+        {
+          params: { path: { teamID: scope.teamId } },
+          headers: deps.authHeaders(scope.accessToken, scope.teamId),
+          body: { name },
+        }
+      )
+
+      if (!response.ok || error || !data) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to update team name',
+            error
+          )
+        )
+      }
+
+      return ok(data)
+    },
+    async addTeamMember(email): Promise<RepoResult<void>> {
+      const { error, response } = await deps.apiClient.POST(
+        '/teams/{teamID}/members',
+        {
+          params: { path: { teamID: scope.teamId } },
+          headers: deps.authHeaders(scope.accessToken, scope.teamId),
+          body: { email },
+        }
+      )
+
+      if (!response.ok || error) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to add team member',
+            error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+    async removeTeamMember(userId): Promise<RepoResult<void>> {
+      const { error, response } = await deps.apiClient.DELETE(
+        '/teams/{teamID}/members/{userId}',
+        {
+          params: { path: { teamID: scope.teamId, userId } },
+          headers: deps.authHeaders(scope.accessToken, scope.teamId),
+        }
+      )
+
+      if (!response.ok || error) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to remove team member',
+            error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+    async updateTeamProfilePictureUrl(
+      profilePictureUrl
+    ): Promise<
+      RepoResult<DashboardComponents['schemas']['UpdateTeamResponse']>
+    > {
+      const { data, error, response } = await deps.apiClient.PATCH(
+        '/teams/{teamID}',
+        {
+          params: { path: { teamID: scope.teamId } },
+          headers: deps.authHeaders(scope.accessToken, scope.teamId),
+          body: { profilePictureUrl },
+        }
+      )
+
+      if (!response.ok || error || !data) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to update team profile picture',
+            error
+          )
+        )
+      }
+
+      return ok(data)
+    },
+  }
+}
diff --git a/src/core/modules/teams/user-teams-repository.server.ts b/src/core/modules/teams/user-teams-repository.server.ts
new file mode 100644
index 000000000..5e4277332
--- /dev/null
+++ b/src/core/modules/teams/user-teams-repository.server.ts
@@ -0,0 +1,93 @@
+import 'server-only'
+
+import { secondsInDay, secondsInMinute } from 'date-fns/constants'
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import { api } from '@/core/shared/clients/api'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { RequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+import type { ResolvedTeam, TeamModel } from './models'
+
+type UserTeamsRepositoryDeps = {
+  apiClient: typeof api
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export type UserTeamsRequestScope = RequestScope
+
+export interface UserTeamsRepository {
+  listUserTeams(): Promise<RepoResult<TeamModel[]>>
+  resolveTeamBySlug(
+    slug: string,
+    next?: { tags?: string[] }
+  ): Promise<RepoResult<ResolvedTeam>>
+}
+
+export function createUserTeamsRepository(
+  scope: UserTeamsRequestScope,
+  deps: UserTeamsRepositoryDeps = {
+    apiClient: api,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): UserTeamsRepository {
+  const listApiUserTeams = async (): Promise<RepoResult<TeamModel[]>> => {
+    const { data, error, response } = await deps.apiClient.GET('/teams', {
+      headers: deps.authHeaders(scope.accessToken),
+    })
+
+    if (!response.ok || error || !data?.teams) {
+      return err(
+        repoErrorFromHttp(
+          response.status,
+          error?.message ?? 'Failed to fetch user teams',
+          error
+        )
+      )
+    }
+
+    return ok(data.teams)
+  }
+
+  return {
+    async listUserTeams(): Promise<RepoResult<TeamModel[]>> {
+      const teamsResult = await listApiUserTeams()
+
+      if (!teamsResult.ok) {
+        return teamsResult
+      }
+
+      return ok(teamsResult.data)
+    },
+    async resolveTeamBySlug(
+      slug: string,
+      next?: { tags?: string[] }
+    ): Promise<RepoResult<ResolvedTeam>> {
+      const { data, error, response } = await deps.apiClient.GET(
+        '/teams/resolve',
+        {
+          params: { query: { slug } },
+          headers: deps.authHeaders(scope.accessToken),
+          next: {
+            revalidate: secondsInMinute * 5,
+            ...next,
+          },
+        }
+      )
+
+      if (!response.ok || error || !data) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to resolve team',
+            error
+          )
+        )
+      }
+
+      return ok({
+        id: data.id,
+        slug: data.slug,
+      })
+    },
+  }
+}
diff --git a/src/core/modules/teams/utils.ts b/src/core/modules/teams/utils.ts
new file mode 100644
index 000000000..702eefc9b
--- /dev/null
+++ b/src/core/modules/teams/utils.ts
@@ -0,0 +1,22 @@
+import type { TeamModel } from './models'
+
+export function getTransformedDefaultTeamName(
+  team: Pick<TeamModel, 'email' | 'isDefault' | 'name'>
+): string | null {
+  if (!team.isDefault || team.name !== team.email) {
+    return null
+  }
+
+  const [username] = team.email.split('@')
+  if (!username) {
+    return null
+  }
+
+  return `${username.charAt(0).toUpperCase()}${username.slice(1)}'s Team`
+}
+
+export function getTeamDisplayName(
+  team: Pick<TeamModel, 'email' | 'isDefault' | 'name'>
+): string {
+  return getTransformedDefaultTeamName(team) ?? team.name
+}
diff --git a/src/core/modules/templates/models.ts b/src/core/modules/templates/models.ts
new file mode 100644
index 000000000..aa08bebab
--- /dev/null
+++ b/src/core/modules/templates/models.ts
@@ -0,0 +1,25 @@
+import type { components as InfraComponents } from '@/contracts/infra-api'
+
+export type Template = Pick<
+  InfraComponents['schemas']['Template'],
+  | 'templateID'
+  | 'buildID'
+  | 'cpuCount'
+  | 'memoryMB'
+  | 'diskSizeMB'
+  | 'public'
+  | 'aliases'
+  | 'names'
+  | 'createdAt'
+  | 'updatedAt'
+  | 'createdBy'
+  | 'lastSpawnedAt'
+  | 'spawnCount'
+  | 'buildCount'
+  | 'envdVersion'
+>
+
+export type DefaultTemplate = Template & {
+  isDefault: true
+  defaultDescription?: string
+}
diff --git a/src/core/modules/templates/repository.server.ts b/src/core/modules/templates/repository.server.ts
new file mode 100644
index 000000000..c432b6a57
--- /dev/null
+++ b/src/core/modules/templates/repository.server.ts
@@ -0,0 +1,198 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import { CACHE_TAGS } from '@/configs/cache'
+import { USE_MOCK_DATA } from '@/configs/flags'
+import {
+  MOCK_DEFAULT_TEMPLATES_DATA,
+  MOCK_TEMPLATES_DATA,
+} from '@/configs/mock-data'
+import type { DefaultTemplate, Template } from '@/core/modules/templates/models'
+import { api, infra } from '@/core/shared/clients/api'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type {
+  RequestScope,
+  TeamRequestScope,
+} from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type TemplatesRepositoryDeps = {
+  apiClient: typeof api
+  infraClient: typeof infra
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export interface TeamTemplatesRepository {
+  getTeamTemplates(): Promise<RepoResult<{ templates: Template[] }>>
+  deleteTemplate(templateId: string): Promise<RepoResult<{ success: true }>>
+  updateTemplateVisibility(
+    templateId: string,
+    isPublic: boolean
+  ): Promise<RepoResult<{ success: true; public: boolean }>>
+}
+
+export interface DefaultTemplatesRepository {
+  getDefaultTemplatesCached(): Promise<
+    RepoResult<{ templates: DefaultTemplate[] }>
+  >
+}
+
+export function createTemplatesRepository(
+  scope: TeamRequestScope,
+  deps: TemplatesRepositoryDeps = {
+    apiClient: api,
+    infraClient: infra,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): TeamTemplatesRepository {
+  return {
+    async getTeamTemplates() {
+      if (USE_MOCK_DATA) {
+        return ok({
+          templates: MOCK_TEMPLATES_DATA,
+        })
+      }
+      const res = await deps.infraClient.GET('/templates', {
+        params: {
+          query: {
+            teamID: scope.teamId,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to fetch templates',
+            res.error
+          )
+        )
+      }
+
+      return ok({
+        templates: res.data,
+      })
+    },
+    async deleteTemplate(templateId) {
+      const res = await deps.infraClient.DELETE('/templates/{templateID}', {
+        params: {
+          path: {
+            templateID: templateId,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to delete template',
+            res.error
+          )
+        )
+      }
+
+      return ok({ success: true as const })
+    },
+    async updateTemplateVisibility(templateId, isPublic) {
+      const res = await deps.infraClient.PATCH('/v2/templates/{templateID}', {
+        body: {
+          public: isPublic,
+        },
+        params: {
+          path: {
+            templateID: templateId,
+          },
+        },
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!res.response.ok || res.error) {
+        return err(
+          repoErrorFromHttp(
+            res.response.status,
+            res.error?.message ?? 'Failed to update template',
+            res.error
+          )
+        )
+      }
+
+      return ok({ success: true as const, public: isPublic })
+    },
+  }
+}
+
+export function createDefaultTemplatesRepository(
+  scope: RequestScope,
+  deps: Pick<TemplatesRepositoryDeps, 'apiClient' | 'authHeaders'> = {
+    apiClient: api,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): DefaultTemplatesRepository {
+  return {
+    async getDefaultTemplatesCached() {
+      if (USE_MOCK_DATA) {
+        return ok({
+          templates: MOCK_DEFAULT_TEMPLATES_DATA,
+        })
+      }
+
+      const { data, error, response } = await deps.apiClient.GET(
+        '/templates/defaults',
+        {
+          headers: deps.authHeaders(scope.accessToken),
+          next: { tags: [CACHE_TAGS.DEFAULT_TEMPLATES] },
+        }
+      )
+
+      if (!response.ok || error) {
+        return err(
+          repoErrorFromHttp(
+            response.status,
+            error?.message ?? 'Failed to fetch default templates',
+            error
+          )
+        )
+      }
+
+      if (!data?.templates || data.templates.length === 0) {
+        return ok({ templates: [] })
+      }
+
+      const templates: DefaultTemplate[] = data.templates.map((t) => ({
+        templateID: t.id,
+        buildID: t.buildId,
+        cpuCount: t.vcpu,
+        memoryMB: t.ramMb,
+        diskSizeMB: t.totalDiskSizeMb ?? 0,
+        envdVersion: t.envdVersion ?? '',
+        public: t.public,
+        aliases: t.aliases.map((a) => a.alias),
+        names: t.aliases.map((a) => {
+          if (a.namespace && a.namespace.length > 0) {
+            return `${a.namespace}/${a.alias}`
+          }
+          return a.alias
+        }),
+        createdAt: t.createdAt,
+        updatedAt: t.createdAt,
+        createdBy: null,
+        lastSpawnedAt: t.createdAt,
+        spawnCount: t.spawnCount,
+        buildCount: t.buildCount,
+        isDefault: true as const,
+      }))
+
+      return ok({ templates })
+    },
+  }
+}
diff --git a/src/core/modules/webhooks/repository.server.ts b/src/core/modules/webhooks/repository.server.ts
new file mode 100644
index 000000000..f7188d7df
--- /dev/null
+++ b/src/core/modules/webhooks/repository.server.ts
@@ -0,0 +1,166 @@
+import 'server-only'
+
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import { infra } from '@/core/shared/clients/api'
+import type { components as ArgusComponents } from '@/core/shared/contracts/argus-api.types'
+import { repoErrorFromHttp } from '@/core/shared/errors'
+import type { TeamRequestScope } from '@/core/shared/repository-scope'
+import { err, ok, type RepoResult } from '@/core/shared/result'
+
+type WebhooksRepositoryDeps = {
+  infraClient: typeof infra
+  authHeaders: typeof SUPABASE_AUTH_HEADERS
+}
+
+export type WebhooksScope = TeamRequestScope
+
+export interface UpsertWebhookInput {
+  mode: 'create' | 'edit'
+  webhookId?: string
+  name: string
+  url: string
+  events: string[]
+  signatureSecret?: string
+  enabled: boolean
+}
+
+export interface WebhooksRepository {
+  listWebhooks(): Promise<
+    RepoResult<ArgusComponents['schemas']['WebhookDetail'][]>
+  >
+  upsertWebhook(input: UpsertWebhookInput): Promise<RepoResult<void>>
+  deleteWebhook(webhookId: string): Promise<RepoResult<void>>
+  updateWebhookSecret(
+    webhookId: string,
+    signatureSecret: string
+  ): Promise<RepoResult<void>>
+}
+
+export function createWebhooksRepository(
+  scope: WebhooksScope,
+  deps: WebhooksRepositoryDeps = {
+    infraClient: infra,
+    authHeaders: SUPABASE_AUTH_HEADERS,
+  }
+): WebhooksRepository {
+  return {
+    async listWebhooks() {
+      const response = await deps.infraClient.GET('/events/webhooks', {
+        headers: {
+          ...deps.authHeaders(scope.accessToken, scope.teamId),
+        },
+      })
+
+      if (!response.response.ok || response.error) {
+        if (response.response.status === 404) {
+          return ok([])
+        }
+
+        return err(
+          repoErrorFromHttp(
+            response.response.status,
+            response.error?.message ?? 'Failed to list webhooks',
+            response.error
+          )
+        )
+      }
+
+      return ok(response.data ?? [])
+    },
+    async upsertWebhook(input) {
+      const response =
+        input.mode === 'edit'
+          ? await deps.infraClient.PATCH('/events/webhooks/{webhookID}', {
+              headers: {
+                ...deps.authHeaders(scope.accessToken, scope.teamId),
+              },
+              params: {
+                path: { webhookID: input.webhookId ?? '' },
+              },
+              body: {
+                name: input.name,
+                url: input.url,
+                events: input.events,
+                enabled: input.enabled,
+              },
+            })
+          : await deps.infraClient.POST('/events/webhooks', {
+              headers: {
+                ...deps.authHeaders(scope.accessToken, scope.teamId),
+              },
+              body: {
+                name: input.name,
+                url: input.url,
+                events: input.events,
+                enabled: input.enabled,
+                signatureSecret: input.signatureSecret ?? '',
+              },
+            })
+
+      if (!response.response.ok || response.error) {
+        return err(
+          repoErrorFromHttp(
+            response.response.status,
+            response.error?.message ?? 'Failed to upsert webhook',
+            response.error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+    async deleteWebhook(webhookId) {
+      const response = await deps.infraClient.DELETE(
+        '/events/webhooks/{webhookID}',
+        {
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+          params: {
+            path: { webhookID: webhookId },
+          },
+        }
+      )
+
+      if (!response.response.ok || response.error) {
+        return err(
+          repoErrorFromHttp(
+            response.response.status,
+            response.error?.message ?? 'Failed to delete webhook',
+            response.error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+    async updateWebhookSecret(webhookId, signatureSecret) {
+      const response = await deps.infraClient.PATCH(
+        '/events/webhooks/{webhookID}',
+        {
+          headers: {
+            ...deps.authHeaders(scope.accessToken, scope.teamId),
+          },
+          params: {
+            path: { webhookID: webhookId },
+          },
+          body: {
+            signatureSecret,
+          },
+        }
+      )
+
+      if (!response.response.ok || response.error) {
+        return err(
+          repoErrorFromHttp(
+            response.response.status,
+            response.error?.message ?? 'Failed to update webhook secret',
+            response.error
+          )
+        )
+      }
+
+      return ok(undefined)
+    },
+  }
+}
diff --git a/src/server/auth/auth-actions.ts b/src/core/server/actions/auth-actions.ts
similarity index 94%
rename from src/server/auth/auth-actions.ts
rename to src/core/server/actions/auth-actions.ts
index ed00d4e10..84b7353be 100644
--- a/src/server/auth/auth-actions.ts
+++ b/src/core/server/actions/auth-actions.ts
@@ -7,18 +7,22 @@ import { z } from 'zod'
 import { CAPTCHA_REQUIRED_SERVER } from '@/configs/flags'
 import { AUTH_URLS, PROTECTED_URLS } from '@/configs/urls'
 import { USER_MESSAGES } from '@/configs/user-messages'
-import { verifyTurnstileToken } from '@/lib/captcha/turnstile'
-import { actionClient } from '@/lib/clients/action'
-import { l } from '@/lib/clients/logger/logger'
-import { createClient } from '@/lib/clients/supabase/server'
-import { relativeUrlSchema } from '@/lib/schemas/url'
-import { returnServerError } from '@/lib/utils/action'
-import { encodedRedirect } from '@/lib/utils/auth'
+import { actionClient } from '@/core/server/actions/client'
+import { returnServerError } from '@/core/server/actions/utils'
+import {
+  forgotPasswordSchema,
+  signInSchema,
+  signUpSchema,
+} from '@/core/server/functions/auth/auth.types'
 import {
   shouldWarnAboutAlternateEmail,
   validateEmail,
-} from '@/server/auth/validate-email'
-import { forgotPasswordSchema, signInSchema, signUpSchema } from './auth.types'
+} from '@/core/server/functions/auth/validate-email'
+import { l } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
+import { relativeUrlSchema } from '@/core/shared/schemas/url'
+import { verifyTurnstileToken } from '@/lib/captcha/turnstile'
+import { encodedRedirect } from '@/lib/utils/auth'
 
 async function validateCaptcha(captchaToken: string | undefined) {
   if (!CAPTCHA_REQUIRED_SERVER) {
diff --git a/src/core/server/actions/client.ts b/src/core/server/actions/client.ts
new file mode 100644
index 000000000..c57fe4b92
--- /dev/null
+++ b/src/core/server/actions/client.ts
@@ -0,0 +1,310 @@
+import { context, SpanStatusCode, trace } from '@opentelemetry/api'
+import type { Session, User } from '@supabase/supabase-js'
+import { unauthorized } from 'next/navigation'
+import { createMiddleware, createSafeActionClient } from 'next-safe-action'
+import { z } from 'zod'
+import {
+  getObservedError,
+  getObservedErrorMessage,
+  getObservedException,
+} from '@/core/server/adapters/errors'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import getUserByToken from '@/core/server/functions/auth/get-user-by-token'
+import { getTeamIdFromSlug } from '@/core/server/functions/team/get-team-id-from-slug'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { createClient } from '@/core/shared/clients/supabase/server'
+import { getTracer } from '@/core/shared/clients/tracer'
+import { UnauthenticatedError, UnknownError } from '@/core/shared/errors'
+import type {
+  RequestScope,
+  TeamRequestScope,
+} from '@/core/shared/repository-scope'
+import { ActionError, flattenClientInputValue } from './utils'
+
+type SupabaseServerClient = Awaited<ReturnType<typeof createClient>>
+
+export interface AuthActionContext {
+  user: User
+  session: Session
+  supabase: SupabaseServerClient
+}
+
+export interface TeamActionContext extends AuthActionContext {
+  teamId: string
+}
+
+export const actionClient = createSafeActionClient({
+  handleServerError(e) {
+    const s = trace.getActiveSpan()
+    const observedError = getObservedError(e)
+    const observedErrorMessage = getObservedErrorMessage(e)
+
+    s?.setStatus({
+      code: SpanStatusCode.ERROR,
+      message: observedErrorMessage,
+    })
+    s?.recordException(getObservedException(e))
+
+    if (e instanceof ActionError) {
+      const payload = {
+        key: e.expected
+          ? 'action_client:expected_server_error'
+          : 'action_client:unexpected_server_error',
+        public_message: e.message,
+        error: serializeErrorForLog(observedError),
+        transport_error:
+          observedError === e ? undefined : serializeErrorForLog(e),
+      }
+
+      if (e.expected) {
+        l.warn(payload, observedErrorMessage)
+      } else {
+        l.error(payload, observedErrorMessage)
+      }
+
+      return e.message
+    }
+
+    const sE = serializeErrorForLog(observedError) as {
+      code?: string
+      name?: string
+      message?: string
+    }
+
+    l.error(
+      {
+        key: 'action_client:unexpected_server_error',
+        error: sE,
+      },
+      `${sE.name && `${sE.name}: `} ${observedErrorMessage}`
+    )
+
+    return UnknownError().message
+  },
+  defineMetadataSchema() {
+    return z
+      .object({
+        actionName: z.string().optional(),
+        serverFunctionName: z.string().optional(),
+      })
+      .refine((data) => {
+        if (!data.actionName && !data.serverFunctionName) {
+          return 'actionName or serverFunctionName is required in definition metadata'
+        }
+        return true
+      })
+  },
+  defaultValidationErrorsShape: 'flattened',
+}).use(async ({ next, clientInput, metadata }) => {
+  const t = getTracer()
+
+  const actionOrFunctionName =
+    metadata?.serverFunctionName || metadata?.actionName || 'Unknown action'
+
+  const type = metadata?.serverFunctionName ? 'function' : 'action'
+  const name = actionOrFunctionName
+
+  const s = t.startSpan(`${type}:${name}`)
+
+  const startTime = performance.now()
+
+  const result = await context.with(
+    trace.setSpan(context.active(), s),
+    async () => {
+      return next()
+    }
+  )
+
+  const duration = performance.now() - startTime
+
+  const baseLogPayload = {
+    server_function_type: type,
+    server_function_name: name,
+    server_function_input: clientInput,
+    server_function_duration_ms: duration.toFixed(3),
+    team_id: flattenClientInputValue(clientInput, 'teamId'),
+    template_id: flattenClientInputValue(clientInput, 'templateId'),
+    sandbox_id: flattenClientInputValue(clientInput, 'sandboxId'),
+    user_id: flattenClientInputValue(clientInput, 'userId'),
+  }
+
+  s.setAttribute('server_function_type', type)
+  s.setAttribute('server_function_name', name)
+  s.setAttribute(
+    'server_function_duration_ms',
+    baseLogPayload.server_function_duration_ms
+  )
+  if (baseLogPayload.team_id) {
+    s.setAttribute('team_id', baseLogPayload.team_id)
+  }
+  if (baseLogPayload.template_id) {
+    s.setAttribute('template_id', baseLogPayload.template_id)
+  }
+  if (baseLogPayload.sandbox_id) {
+    s.setAttribute('sandbox_id', baseLogPayload.sandbox_id)
+  }
+  if (baseLogPayload.user_id) {
+    s.setAttribute('user_id', baseLogPayload.user_id)
+  }
+
+  const serverError = result.serverError
+  const validationErrors = result.validationErrors
+  const error = serverError || validationErrors
+
+  if (error) {
+    s.setStatus({ code: SpanStatusCode.ERROR })
+    s.recordException(getObservedException(error))
+
+    const sE = serializeErrorForLog(error) as
+      | string
+      | {
+          code?: string
+          name?: string
+          message?: string
+        }
+
+    l.warn(
+      {
+        key: validationErrors
+          ? 'action_client:validation_failure'
+          : 'action_client:failure',
+        ...baseLogPayload,
+        error: sE,
+      },
+      `${type} ${name} failed in ${baseLogPayload.server_function_duration_ms}ms: ${typeof sE === 'string' ? sE : ((sE.name || sE.code) && `${sE.name || sE.code}: ${sE.message}`) || 'Unknown error'}`
+    )
+  } else {
+    s.setStatus({ code: SpanStatusCode.OK })
+
+    l.info(
+      {
+        key: `action_client:success`,
+        ...baseLogPayload,
+      },
+      `${type} ${name} succeeded in ${baseLogPayload.server_function_duration_ms}ms`
+    )
+  }
+
+  s.end()
+
+  return result
+})
+
+export const authActionClient = actionClient.use(async ({ next }) => {
+  const supabase = await createClient()
+  const session = await getSessionInsecure(supabase)
+
+  if (!session) {
+    throw UnauthenticatedError()
+  }
+
+  const {
+    data: { user },
+  } = await getUserByToken(session.access_token)
+
+  if (!user || !session) {
+    throw UnauthenticatedError()
+  }
+
+  return next({
+    ctx: {
+      user,
+      session,
+      supabase,
+    },
+  })
+})
+
+export const withTeamSlugResolution = createMiddleware<{
+  ctx: AuthActionContext
+}>().define(async ({ next, clientInput, ctx }) => {
+  if (
+    !clientInput ||
+    typeof clientInput !== 'object' ||
+    !('teamSlug' in clientInput)
+  ) {
+    l.error(
+      {
+        key: 'with_team_slug_resolution:missing_team_slug',
+        context: {
+          teamSlug: (clientInput as { teamSlug?: string })?.teamSlug,
+        },
+      },
+      'Missing teamSlug when using withTeamSlugResolution middleware'
+    )
+
+    throw new Error(
+      'teamSlug is required when using withTeamSlugResolution middleware'
+    )
+  }
+
+  const teamId = await getTeamIdFromSlug(
+    clientInput.teamSlug as string,
+    ctx.session.access_token
+  )
+
+  if (!teamId) {
+    l.warn(
+      {
+        key: 'with_team_slug_resolution:invalid_team_slug',
+        context: {
+          teamSlug: clientInput.teamSlug,
+        },
+      },
+      `with_team_slug_resolution:invalid_team_slug - invalid team slug provided through withTeamSlugResolution middleware: ${clientInput.teamSlug}`
+    )
+
+    throw unauthorized()
+  }
+
+  return next({
+    ctx: {
+      teamId,
+    },
+  })
+})
+
+export function withAuthedRequestRepository<
+  TRepository,
+  TContextExtension extends object,
+>(
+  createRepository: (scope: RequestScope) => TRepository,
+  extendContext: (repository: TRepository) => TContextExtension
+) {
+  return createMiddleware<{
+    ctx: AuthActionContext
+  }>().define(async ({ next, ctx }) => {
+    const repository = createRepository({
+      accessToken: ctx.session.access_token,
+    })
+
+    return next({
+      ctx: {
+        ...extendContext(repository),
+      },
+    })
+  })
+}
+
+export function withTeamAuthedRequestRepository<
+  TRepository,
+  TContextExtension extends object,
+>(
+  createRepository: (scope: TeamRequestScope) => TRepository,
+  extendContext: (repository: TRepository) => TContextExtension
+) {
+  return createMiddleware<{
+    ctx: TeamActionContext
+  }>().define(async ({ next, ctx }) => {
+    const repository = createRepository({
+      accessToken: ctx.session.access_token,
+      teamId: ctx.teamId,
+    })
+
+    return next({
+      ctx: {
+        ...extendContext(repository),
+      },
+    })
+  })
+}
diff --git a/src/core/server/actions/key-actions.ts b/src/core/server/actions/key-actions.ts
new file mode 100644
index 000000000..5c5c1bb73
--- /dev/null
+++ b/src/core/server/actions/key-actions.ts
@@ -0,0 +1,100 @@
+'use server'
+
+import { revalidatePath, updateTag } from 'next/cache'
+import { z } from 'zod'
+import { CACHE_TAGS } from '@/configs/cache'
+import { createKeysRepository } from '@/core/modules/keys/repository.server'
+import {
+  authActionClient,
+  withTeamAuthedRequestRepository,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { returnServerError } from '@/core/server/actions/utils'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const withKeysRepository = withTeamAuthedRequestRepository(
+  createKeysRepository,
+  (keysRepository) => ({
+    keysRepository,
+  })
+)
+
+// Create API Key
+
+const CreateApiKeySchema = z.object({
+  teamSlug: TeamSlugSchema,
+  name: z
+    .string({ error: 'Name is required' })
+    .min(1, 'Name cannot be empty')
+    .max(50, 'Name cannot be longer than 50 characters')
+    .trim(),
+})
+
+export const createApiKeyAction = authActionClient
+  .schema(CreateApiKeySchema)
+  .metadata({ actionName: 'createApiKey' })
+  .use(withTeamSlugResolution)
+  .use(withKeysRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { name } = parsedInput
+
+    const result = await ctx.keysRepository.createApiKey(name)
+
+    if (!result.ok) {
+      l.error({
+        key: 'create_api_key:error',
+        message: result.error.message,
+        error: result.error,
+        team_id: ctx.teamId,
+        user_id: ctx.session.user.id,
+        context: {
+          name,
+        },
+      })
+
+      return returnServerError('Failed to create API Key')
+    }
+
+    updateTag(CACHE_TAGS.TEAM_API_KEYS(ctx.teamId))
+    revalidatePath(`/dashboard/${parsedInput.teamSlug}/keys`, 'page')
+
+    return {
+      createdApiKey: result.data,
+    }
+  })
+
+// Delete API Key
+
+const DeleteApiKeySchema = z.object({
+  teamSlug: TeamSlugSchema,
+  apiKeyId: z.uuid(),
+})
+
+export const deleteApiKeyAction = authActionClient
+  .schema(DeleteApiKeySchema)
+  .metadata({ actionName: 'deleteApiKey' })
+  .use(withTeamSlugResolution)
+  .use(withKeysRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { apiKeyId } = parsedInput
+    const result = await ctx.keysRepository.deleteApiKey(apiKeyId)
+
+    if (!result.ok) {
+      l.error({
+        key: 'delete_api_key_action:error',
+        message: result.error.message,
+        error: result.error,
+        team_id: ctx.teamId,
+        user_id: ctx.session.user.id,
+        context: {
+          apiKeyId,
+        },
+      })
+
+      return returnServerError('Failed to delete API Key')
+    }
+
+    updateTag(CACHE_TAGS.TEAM_API_KEYS(ctx.teamId))
+    revalidatePath(`/dashboard/${parsedInput.teamSlug}/keys`, 'page')
+  })
diff --git a/src/server/sandboxes/sandbox-actions.ts b/src/core/server/actions/sandbox-actions.ts
similarity index 63%
rename from src/server/sandboxes/sandbox-actions.ts
rename to src/core/server/actions/sandbox-actions.ts
index c01315e4b..b0c35cb27 100644
--- a/src/server/sandboxes/sandbox-actions.ts
+++ b/src/core/server/actions/sandbox-actions.ts
@@ -4,21 +4,24 @@ import { updateTag } from 'next/cache'
 import { z } from 'zod'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { CACHE_TAGS } from '@/configs/cache'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
+import {
+  authActionClient,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { returnServerError } from '@/core/server/actions/utils'
+import { infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
 
 const KillSandboxSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
+  teamSlug: TeamSlugSchema,
   sandboxId: z.string().min(1, 'Sandbox ID is required'),
 })
 
 export const killSandboxAction = authActionClient
   .schema(KillSandboxSchema)
   .metadata({ actionName: 'killSandbox' })
-  .use(withTeamIdResolution)
+  .use(withTeamSlugResolution)
   .action(async ({ parsedInput, ctx }) => {
     const { sandboxId } = parsedInput
     const { session, teamId } = ctx
@@ -58,17 +61,3 @@ export const killSandboxAction = authActionClient
       return returnServerError('Failed to kill sandbox')
     }
   })
-
-const RevalidateSandboxesSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const revalidateSandboxes = authActionClient
-  .metadata({ serverFunctionName: 'revalidateSandboxes' })
-  .inputSchema(RevalidateSandboxesSchema)
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput }) => {
-    const { teamIdOrSlug } = parsedInput
-
-    updateTag(CACHE_TAGS.TEAM_SANDBOXES_LIST(teamIdOrSlug))
-  })
diff --git a/src/core/server/actions/team-actions.ts b/src/core/server/actions/team-actions.ts
new file mode 100644
index 000000000..16044dca7
--- /dev/null
+++ b/src/core/server/actions/team-actions.ts
@@ -0,0 +1,222 @@
+'use server'
+
+import { fileTypeFromBuffer } from 'file-type'
+import { revalidatePath } from 'next/cache'
+import { after } from 'next/server'
+import { returnValidationErrors } from 'next-safe-action'
+import { z } from 'zod'
+import { zfd } from 'zod-form-data'
+import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
+import type { CreateTeamsResponse } from '@/core/modules/billing/models'
+import {
+  CreateTeamSchema,
+  UpdateTeamNameSchema,
+} from '@/core/modules/teams/schemas'
+import { createTeamsRepository } from '@/core/modules/teams/teams-repository.server'
+import {
+  authActionClient,
+  withTeamAuthedRequestRepository,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import {
+  handleDefaultInfraError,
+  returnServerError,
+} from '@/core/server/actions/utils'
+import { toActionErrorFromRepoError } from '@/core/server/adapters/errors'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { deleteFile, getFiles, uploadFile } from '@/core/shared/clients/storage'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const withTeamsRepository = withTeamAuthedRequestRepository(
+  createTeamsRepository,
+  (teamsRepository) => ({ teamsRepository })
+)
+
+export const updateTeamNameAction = authActionClient
+  .schema(UpdateTeamNameSchema)
+  .metadata({ actionName: 'updateTeamName' })
+  .use(withTeamSlugResolution)
+  .use(withTeamsRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { name, teamSlug } = parsedInput
+    const result = await ctx.teamsRepository.updateTeamName(name)
+
+    if (!result.ok) {
+      return toActionErrorFromRepoError(result.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/general`, 'page')
+
+    return result.data
+  })
+
+const AddTeamMemberSchema = z.object({
+  teamSlug: TeamSlugSchema,
+  email: z.email(),
+})
+
+export const addTeamMemberAction = authActionClient
+  .schema(AddTeamMemberSchema)
+  .metadata({ actionName: 'addTeamMember' })
+  .use(withTeamSlugResolution)
+  .use(withTeamsRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { email, teamSlug } = parsedInput
+    const result = await ctx.teamsRepository.addTeamMember(email)
+
+    if (!result.ok) {
+      return toActionErrorFromRepoError(result.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/general`, 'page')
+  })
+
+const RemoveTeamMemberSchema = z.object({
+  teamSlug: TeamSlugSchema,
+  userId: z.uuid(),
+})
+
+export const removeTeamMemberAction = authActionClient
+  .schema(RemoveTeamMemberSchema)
+  .metadata({ actionName: 'removeTeamMember' })
+  .use(withTeamSlugResolution)
+  .use(withTeamsRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { userId, teamSlug } = parsedInput
+    const result = await ctx.teamsRepository.removeTeamMember(userId)
+
+    if (!result.ok) {
+      return toActionErrorFromRepoError(result.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/general`, 'page')
+  })
+
+export const createTeamAction = authActionClient
+  .schema(CreateTeamSchema)
+  .metadata({ actionName: 'createTeam' })
+  .action(async ({ parsedInput, ctx }) => {
+    const { name } = parsedInput
+    const { session } = ctx
+
+    const response = await fetch(`${process.env.BILLING_API_URL}/teams`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...SUPABASE_AUTH_HEADERS(session.access_token),
+      },
+      body: JSON.stringify({ name }),
+    })
+
+    if (!response.ok) {
+      const status = response.status
+      const error = await response.json()
+
+      if (status === 400) {
+        return returnServerError(error?.message ?? 'Failed to create team')
+      }
+
+      return handleDefaultInfraError(status, error)
+    }
+
+    const data = (await response.json()) as CreateTeamsResponse
+
+    return data
+  })
+
+const UploadTeamProfilePictureSchema = zfd.formData(
+  z.object({
+    teamSlug: zfd.text(),
+    image: zfd.file(),
+  })
+)
+
+export const uploadTeamProfilePictureAction = authActionClient
+  .schema(UploadTeamProfilePictureSchema)
+  .metadata({ actionName: 'uploadTeamProfilePicture' })
+  .use(withTeamSlugResolution)
+  .use(withTeamsRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { image, teamSlug } = parsedInput
+    const { teamId, teamsRepository } = ctx
+
+    const allowedTypes = ['image/jpeg', 'image/png']
+
+    if (!allowedTypes.includes(image.type)) {
+      return returnValidationErrors(UploadTeamProfilePictureSchema, {
+        image: { _errors: ['File must be JPG or PNG format'] },
+      })
+    }
+
+    const MAX_FILE_SIZE = 5 * 1024 * 1024
+
+    if (image.size > MAX_FILE_SIZE) {
+      return returnValidationErrors(UploadTeamProfilePictureSchema, {
+        image: { _errors: ['File size must be less than 5MB'] },
+      })
+    }
+
+    const arrayBuffer = await image.arrayBuffer()
+    const buffer = Buffer.from(arrayBuffer)
+
+    const fileType = await fileTypeFromBuffer(buffer)
+
+    if (!fileType) {
+      return returnValidationErrors(UploadTeamProfilePictureSchema, {
+        image: { _errors: ['Unable to determine file type'] },
+      })
+    }
+
+    const allowedMimeTypes = ['image/jpeg', 'image/png']
+    if (!allowedMimeTypes.includes(fileType.mime)) {
+      return returnValidationErrors(UploadTeamProfilePictureSchema, {
+        image: {
+          _errors: [
+            'Invalid file type. Only JPEG and PNG images are allowed. File appears to be: ' +
+              fileType.mime,
+          ],
+        },
+      })
+    }
+
+    const extension = fileType.ext
+    const fileName = `${Date.now()}.${extension}`
+    const storagePath = `teams/${teamId}/${fileName}`
+
+    const publicUrl = await uploadFile(buffer, storagePath, fileType.mime)
+
+    const result = await teamsRepository.updateTeamProfilePictureUrl(publicUrl)
+    if (!result.ok) {
+      return toActionErrorFromRepoError(result.error)
+    }
+
+    after(async () => {
+      try {
+        const currentFileName = fileName
+        const folderPath = `teams/${teamId}`
+        const files = await getFiles(folderPath)
+
+        for (const file of files) {
+          const filePath = file.name
+          if (filePath === `${folderPath}/${currentFileName}`) {
+            continue
+          }
+
+          await deleteFile(filePath)
+        }
+      } catch (cleanupError) {
+        l.warn({
+          key: 'upload_team_profile_picture_action:cleanup_error',
+          error: serializeErrorForLog(cleanupError),
+          team_id: teamId,
+          context: {
+            image: image.name,
+          },
+        })
+      }
+    })
+
+    revalidatePath(`/dashboard/${teamSlug}/general`, 'page')
+
+    return result.data
+  })
diff --git a/src/server/user/user-actions.ts b/src/core/server/actions/user-actions.ts
similarity index 98%
rename from src/server/user/user-actions.ts
rename to src/core/server/actions/user-actions.ts
index dd230abd5..5ee67e6ff 100644
--- a/src/server/user/user-actions.ts
+++ b/src/core/server/actions/user-actions.ts
@@ -4,7 +4,7 @@ import { revalidatePath } from 'next/cache'
 import { headers } from 'next/headers'
 import { returnValidationErrors } from 'next-safe-action'
 import { z } from 'zod'
-import { authActionClient } from '@/lib/clients/action'
+import { authActionClient } from '@/core/server/actions/client'
 import { generateE2BUserAccessToken } from '@/lib/utils/server'
 
 const UpdateUserSchema = z
diff --git a/src/core/server/actions/utils.ts b/src/core/server/actions/utils.ts
new file mode 100644
index 000000000..a5cb0df5a
--- /dev/null
+++ b/src/core/server/actions/utils.ts
@@ -0,0 +1,46 @@
+import { getPublicErrorMessage } from '@/core/shared/errors'
+
+type ActionErrorOptions = {
+  cause?: unknown
+  expected?: boolean
+}
+
+export class ActionError extends Error {
+  public expected: boolean
+  public override cause?: unknown
+
+  constructor(message: string, options: ActionErrorOptions = {}) {
+    super(message)
+    this.name = 'ActionError'
+    this.expected = options.expected ?? true
+    this.cause = options.cause
+  }
+}
+
+export const returnServerError = (
+  message: string,
+  options?: ActionErrorOptions
+) => {
+  throw new ActionError(message, options)
+}
+
+export function handleDefaultInfraError(
+  status: number,
+  cause?: unknown
+): never {
+  return returnServerError(getPublicErrorMessage({ status }), {
+    cause,
+    expected: status < 500,
+  })
+}
+
+export const flattenClientInputValue = (
+  clientInput: unknown,
+  key: string
+): string | undefined => {
+  if (typeof clientInput === 'object' && clientInput && key in clientInput) {
+    return clientInput[key as keyof typeof clientInput]
+  }
+
+  return undefined
+}
diff --git a/src/core/server/actions/webhooks-actions.ts b/src/core/server/actions/webhooks-actions.ts
new file mode 100644
index 000000000..3f517ddc1
--- /dev/null
+++ b/src/core/server/actions/webhooks-actions.ts
@@ -0,0 +1,157 @@
+'use server'
+
+import { revalidatePath } from 'next/cache'
+import { createWebhooksRepository } from '@/core/modules/webhooks/repository.server'
+import {
+  authActionClient,
+  withTeamAuthedRequestRepository,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { handleDefaultInfraError } from '@/core/server/actions/utils'
+import {
+  DeleteWebhookSchema,
+  UpdateWebhookSecretSchema,
+  UpsertWebhookSchema,
+} from '@/core/server/functions/webhooks/schema'
+import { l } from '@/core/shared/clients/logger/logger'
+
+const withWebhooksRepository = withTeamAuthedRequestRepository(
+  createWebhooksRepository,
+  (webhooksRepository) => ({ webhooksRepository })
+)
+
+export const upsertWebhookAction = authActionClient
+  .schema(UpsertWebhookSchema)
+  .metadata({ actionName: 'upsertWebhook' })
+  .use(withTeamSlugResolution)
+  .use(withWebhooksRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const {
+      mode,
+      teamSlug,
+      webhookId,
+      name,
+      url,
+      events,
+      signatureSecret,
+      enabled,
+    } = parsedInput
+    const { session, teamId } = ctx
+
+    const response = await ctx.webhooksRepository.upsertWebhook({
+      mode: mode === 'add' ? 'create' : 'edit',
+      webhookId: webhookId ?? undefined,
+      name,
+      url,
+      events,
+      signatureSecret: signatureSecret ?? undefined,
+      enabled,
+    })
+
+    if (!response.ok) {
+      const status = response.error.status
+
+      l.error(
+        {
+          key:
+            mode === 'edit'
+              ? 'update_webhook:infra_error'
+              : 'create_webhook:infra_error',
+          error: response.error,
+          team_id: teamId,
+          user_id: session.user.id,
+          context: {
+            status,
+            teamId,
+            mode,
+            name,
+            url,
+            events,
+          },
+        },
+        `Failed to ${mode === 'edit' ? 'update' : 'create'} webhook: ${status}: ${response.error.message}`
+      )
+
+      return handleDefaultInfraError(status, response.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
+
+    return { success: true }
+  })
+
+export const deleteWebhookAction = authActionClient
+  .schema(DeleteWebhookSchema)
+  .metadata({ actionName: 'deleteWebhook' })
+  .use(withTeamSlugResolution)
+  .use(withWebhooksRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { teamSlug, webhookId } = parsedInput
+    const { session, teamId } = ctx
+
+    const response = await ctx.webhooksRepository.deleteWebhook(webhookId)
+
+    if (!response.ok) {
+      const status = response.error.status
+
+      l.error(
+        {
+          key: 'delete_webhook:infra_error',
+          status,
+          error: response.error,
+          team_id: teamId,
+          user_id: session.user.id,
+          context: {
+            teamId,
+          },
+        },
+        `Failed to delete webhook: ${status}: ${response.error.message}`
+      )
+
+      return handleDefaultInfraError(status, response.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
+
+    return { success: true }
+  })
+
+export const updateWebhookSecretAction = authActionClient
+  .schema(UpdateWebhookSecretSchema)
+  .metadata({ actionName: 'updateWebhookSecret' })
+  .use(withTeamSlugResolution)
+  .use(withWebhooksRepository)
+  .action(async ({ parsedInput, ctx }) => {
+    const { teamSlug, webhookId, signatureSecret } = parsedInput
+    const { session, teamId } = ctx
+
+    const response = await ctx.webhooksRepository.updateWebhookSecret(
+      webhookId,
+      signatureSecret
+    )
+
+    if (!response.ok) {
+      const status = response.error.status
+
+      l.error(
+        {
+          key: 'update_webhook_secret:infra_error',
+          error: response.error,
+          team_id: teamId,
+          user_id: session.user.id,
+          context: {
+            status,
+            teamId,
+            webhookId,
+          },
+        },
+        `Failed to update webhook secret: ${status}: ${response.error.message}`
+      )
+
+      return handleDefaultInfraError(status, response.error)
+    }
+
+    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
+
+    return { success: true }
+  })
diff --git a/src/core/server/adapters/errors.ts b/src/core/server/adapters/errors.ts
new file mode 100644
index 000000000..2a367419a
--- /dev/null
+++ b/src/core/server/adapters/errors.ts
@@ -0,0 +1,177 @@
+import { SpanStatusCode, trace } from '@opentelemetry/api'
+import { TRPCError } from '@trpc/server'
+import { ActionError } from '@/core/server/actions/utils'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import {
+  getPublicRepoErrorMessage,
+  PUBLIC_ERROR_MESSAGE_FORBIDDEN_TEAM,
+  PUBLIC_ERROR_MESSAGE_INTERNAL,
+  PUBLIC_ERROR_MESSAGE_UNAUTHENTICATED,
+} from '@/core/shared/errors'
+import type { RepoError } from '@/core/shared/result'
+
+export function getObservedError(error: unknown): unknown {
+  if (
+    typeof error === 'object' &&
+    error !== null &&
+    'cause' in error &&
+    error.cause !== undefined &&
+    error.cause !== null
+  ) {
+    return error.cause
+  }
+
+  return error
+}
+
+export function getObservedErrorMessage(error: unknown): string {
+  const observedError = getObservedError(error)
+
+  if (typeof observedError === 'string') {
+    return observedError
+  }
+
+  if (
+    typeof observedError === 'object' &&
+    observedError !== null &&
+    'message' in observedError &&
+    typeof observedError.message === 'string'
+  ) {
+    return observedError.message
+  }
+
+  return 'Unknown error'
+}
+
+export function getObservedException(error: unknown): Error {
+  const observedError = getObservedError(error)
+
+  if (observedError instanceof Error) {
+    return observedError
+  }
+
+  return new Error(getObservedErrorMessage(observedError))
+}
+
+export function isExpectedRepoError(error: RepoError): boolean {
+  switch (error.code) {
+    case 'unauthorized':
+    case 'forbidden':
+    case 'not_found':
+    case 'validation':
+    case 'conflict':
+      return true
+    default:
+      return false
+  }
+}
+
+export function isExpectedTRPCError(error: TRPCError): boolean {
+  switch (error.code) {
+    case 'UNAUTHORIZED':
+    case 'FORBIDDEN':
+    case 'NOT_FOUND':
+    case 'BAD_REQUEST':
+    case 'CONFLICT':
+      return true
+    default:
+      return false
+  }
+}
+
+export const forbiddenTeamAccessError = () =>
+  new TRPCError({
+    code: 'FORBIDDEN',
+    message: PUBLIC_ERROR_MESSAGE_FORBIDDEN_TEAM,
+  })
+
+export const unauthorizedUserError = () =>
+  new TRPCError({
+    code: 'UNAUTHORIZED',
+    message: PUBLIC_ERROR_MESSAGE_UNAUTHENTICATED,
+  })
+
+export const internalServerError = () =>
+  new TRPCError({
+    code: 'INTERNAL_SERVER_ERROR',
+    message: PUBLIC_ERROR_MESSAGE_INTERNAL,
+  })
+
+function trpcCodeFromRepoError(code: RepoError['code']): TRPCError['code'] {
+  switch (code) {
+    case 'unauthorized':
+      return 'UNAUTHORIZED'
+    case 'forbidden':
+      return 'FORBIDDEN'
+    case 'not_found':
+      return 'NOT_FOUND'
+    case 'validation':
+      return 'BAD_REQUEST'
+    case 'conflict':
+      return 'CONFLICT'
+    default:
+      return 'INTERNAL_SERVER_ERROR'
+  }
+}
+
+function logObfuscatedRepoError(
+  transport: 'trpc' | 'action' | 'route',
+  error: RepoError
+) {
+  const publicMessage = getPublicRepoErrorMessage(error)
+  if (publicMessage === error.message) {
+    return
+  }
+
+  const observedMessage = getObservedErrorMessage(error)
+  const span = trace.getActiveSpan()
+
+  span?.setStatus({
+    code: SpanStatusCode.ERROR,
+    message: observedMessage,
+  })
+  span?.recordException(getObservedException(error))
+
+  const payload = {
+    key: `transport:${transport}:repo_error`,
+    repo_error_code: error.code,
+    repo_error_status: error.status,
+    public_message: publicMessage,
+    error: serializeErrorForLog(error),
+  }
+
+  if (isExpectedRepoError(error)) {
+    l.warn(payload, `[${transport}] ${error.code}: ${observedMessage}`)
+    return
+  }
+
+  l.error(payload, `[${transport}] ${error.code}: ${observedMessage}`)
+}
+
+export function throwTRPCErrorFromRepoError(error: RepoError): never {
+  logObfuscatedRepoError('trpc', error)
+
+  throw new TRPCError({
+    code: trpcCodeFromRepoError(error.code),
+    message: getPublicRepoErrorMessage(error),
+    cause: error,
+  })
+}
+
+export function toActionErrorFromRepoError(error: RepoError): never {
+  logObfuscatedRepoError('action', error)
+
+  throw new ActionError(getPublicRepoErrorMessage(error), {
+    cause: error,
+    expected: isExpectedRepoError(error),
+  })
+}
+
+export function toRouteErrorResponse(error: RepoError): Response {
+  logObfuscatedRepoError('route', error)
+
+  return Response.json(
+    { error: getPublicRepoErrorMessage(error) },
+    { status: error.status }
+  )
+}
diff --git a/src/server/api/middlewares/auth.ts b/src/core/server/api/middlewares/auth.ts
similarity index 81%
rename from src/server/api/middlewares/auth.ts
rename to src/core/server/api/middlewares/auth.ts
index 9c7ec3e8b..76b4fb2a2 100644
--- a/src/server/api/middlewares/auth.ts
+++ b/src/core/server/api/middlewares/auth.ts
@@ -4,11 +4,11 @@ import {
   parseCookieHeader,
   serializeCookieHeader,
 } from '@supabase/ssr'
-import { getTracer } from '@/lib/clients/tracer'
-import { getSessionInsecure } from '@/server/auth/get-session'
-import getUserByToken from '@/server/auth/get-user-by-token'
-import { unauthorizedUserError } from '../errors'
-import { t } from '../init'
+import { unauthorizedUserError } from '@/core/server/adapters/errors'
+import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
+import getUserByToken from '@/core/server/functions/auth/get-user-by-token'
+import { t } from '@/core/server/trpc/init'
+import { getTracer } from '@/core/shared/clients/tracer'
 
 const createSupabaseServerClient = (headers: Headers) => {
   return createServerClient(
@@ -20,12 +20,12 @@ const createSupabaseServerClient = (headers: Headers) => {
           return parseCookieHeader(headers.get('cookie') ?? '')
         },
         setAll(cookiesToSet) {
-          cookiesToSet.forEach(({ name, value, options }) =>
+          cookiesToSet.forEach(({ name, value, options }) => {
             headers.append(
               'Set-Cookie',
               serializeCookieHeader(name, value, options)
             )
-          )
+          })
         },
       },
     }
diff --git a/src/core/server/api/middlewares/repository.ts b/src/core/server/api/middlewares/repository.ts
new file mode 100644
index 000000000..5d1b7b073
--- /dev/null
+++ b/src/core/server/api/middlewares/repository.ts
@@ -0,0 +1,77 @@
+import {
+  forbiddenTeamAccessError,
+  unauthorizedUserError,
+} from '@/core/server/adapters/errors'
+import { t } from '@/core/server/trpc/init'
+import type {
+  RequestScope,
+  TeamRequestScope,
+} from '@/core/shared/repository-scope'
+
+export function withAuthedRequestRepository<
+  TRepository,
+  TContextExtension extends object,
+>(
+  createRepository: (scope: RequestScope) => TRepository,
+  extendContext: (repository: TRepository) => TContextExtension
+) {
+  return t.middleware(({ ctx, next }) => {
+    if (!ctx.session) {
+      throw unauthorizedUserError()
+    }
+
+    if (!ctx.user) {
+      throw unauthorizedUserError()
+    }
+
+    const repository = createRepository({
+      accessToken: ctx.session.access_token,
+    })
+
+    return next({
+      ctx: {
+        ...ctx,
+        session: ctx.session,
+        user: ctx.user,
+        ...extendContext(repository),
+      },
+    })
+  })
+}
+
+export function withTeamAuthedRequestRepository<
+  TRepository,
+  TContextExtension extends object,
+>(
+  createRepository: (scope: TeamRequestScope) => TRepository,
+  extendContext: (repository: TRepository) => TContextExtension
+) {
+  return t.middleware(({ ctx, next }) => {
+    if (!ctx.session) {
+      throw unauthorizedUserError()
+    }
+
+    if (!ctx.user) {
+      throw unauthorizedUserError()
+    }
+
+    if (!ctx.teamId) {
+      throw forbiddenTeamAccessError()
+    }
+
+    const repository = createRepository({
+      accessToken: ctx.session.access_token,
+      teamId: ctx.teamId,
+    })
+
+    return next({
+      ctx: {
+        ...ctx,
+        session: ctx.session,
+        user: ctx.user,
+        teamId: ctx.teamId,
+        ...extendContext(repository),
+      },
+    })
+  })
+}
diff --git a/src/server/api/middlewares/telemetry.ts b/src/core/server/api/middlewares/telemetry.ts
similarity index 83%
rename from src/server/api/middlewares/telemetry.ts
rename to src/core/server/api/middlewares/telemetry.ts
index 573a0a53b..67011e9cd 100644
--- a/src/server/api/middlewares/telemetry.ts
+++ b/src/core/server/api/middlewares/telemetry.ts
@@ -8,13 +8,18 @@ import {
 } from '@opentelemetry/api'
 import type { User } from '@supabase/supabase-js'
 import { TRPCError } from '@trpc/server'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { getMeter } from '@/lib/clients/meter'
-import { getTracer } from '@/lib/clients/tracer'
-import { flattenClientInputValue } from '@/lib/utils/action'
-import { internalServerError } from '../errors'
-import { t } from '../init'
+import { flattenClientInputValue } from '@/core/server/actions/utils'
+import {
+  getObservedError,
+  getObservedErrorMessage,
+  getObservedException,
+  internalServerError,
+  isExpectedTRPCError,
+} from '@/core/server/adapters/errors'
+import { t } from '@/core/server/trpc/init'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { getMeter } from '@/core/shared/clients/meter'
+import { getTracer } from '@/core/shared/clients/tracer'
 
 /**
  * Telemetry State
@@ -198,6 +203,8 @@ export const endTelemetryMiddleware = t.middleware(
 
       if (!result.ok) {
         const error = result.error
+        const observedError = getObservedError(error)
+        const observedErrorMessage = getObservedErrorMessage(error)
 
         metrics.errorCounter.add(1, {
           ...metrics.attrs,
@@ -207,54 +214,46 @@ export const endTelemetryMiddleware = t.middleware(
 
         span.setStatus({
           code: SpanStatusCode.ERROR,
-          message: error.message,
+          message: observedErrorMessage,
         })
-        span.recordException(error)
+        span.recordException(getObservedException(error))
 
-        // internal errors are mostly unexpected - log as error and potentially obfuscate
-        if (error.code === 'INTERNAL_SERVER_ERROR') {
-          l.error(
-            {
-              key: 'trpc:unexpected_error',
+        const payload = {
+          ...contextAttrs,
 
-              ...contextAttrs,
+          'trpc.router.name': routerName,
+          'trpc.procedure.type': procedureType,
+          'trpc.procedure.name': procedureName,
+          'trpc.procedure.input': rawInput,
+          'trpc.procedure.duration_ms': durationMs,
 
-              'trpc.router.name': routerName,
-              'trpc.procedure.type': procedureType,
-              'trpc.procedure.name': procedureName,
-              'trpc.procedure.input': rawInput,
-              'trpc.procedure.duration_ms': durationMs,
+          error: serializeErrorForLog(observedError),
+          transport_error:
+            observedError === error ? undefined : serializeErrorForLog(error),
+        }
 
-              error: serializeError(error),
+        if (!isExpectedTRPCError(error)) {
+          l.error(
+            {
+              key: 'trpc:unexpected_error',
+              ...payload,
             },
-            `[tRPC] ${routerName}.${procedureName}: ${error.code} ${error?.cause?.message || error.message}`
+            `[tRPC] ${routerName}.${procedureName}: ${error.code} ${observedErrorMessage}`
           )
 
-          // when it's internal error AND has a cause (unhandled errors), obfuscate
           if (error.cause) {
             throw internalServerError()
           }
 
-          // otherwise return as is
           return result
         }
 
-        // expected errors (validation, not found, etc) - log as warning
         l.warn(
           {
             key: 'trpc:procedure_failure',
-
-            ...contextAttrs,
-
-            'trpc.router.name': routerName,
-            'trpc.procedure.type': procedureType,
-            'trpc.procedure.name': procedureName,
-            'trpc.procedure.input': rawInput,
-            'trpc.procedure.duration_ms': durationMs,
-
-            error: serializeError(error),
+            ...payload,
           },
-          `[tRPC] ${routerName}.${procedureName}: ${error.code} ${error.message}`
+          `[tRPC] ${routerName}.${procedureName}: ${error.code} ${observedErrorMessage}`
         )
 
         return result
@@ -293,7 +292,7 @@ export const endTelemetryMiddleware = t.middleware(
           'trpc.router.name': routerName,
           'trpc.procedure.name': procedureName,
 
-          error: serializeError(error),
+          error: serializeErrorForLog(error),
         },
         `[tRPC] telemetry error in ${routerName}.${procedureName}${error && typeof error === 'object' && error !== null && 'message' in error && typeof error.message === 'string' ? `: ${error.message}` : ''}`
       )
diff --git a/src/core/server/api/routers/billing.ts b/src/core/server/api/routers/billing.ts
new file mode 100644
index 000000000..2419c7ef1
--- /dev/null
+++ b/src/core/server/api/routers/billing.ts
@@ -0,0 +1,139 @@
+import { TRPCError } from '@trpc/server'
+import { headers } from 'next/headers'
+import { z } from 'zod'
+import { createBillingRepository } from '@/core/modules/billing/repository.server'
+import { createTeamsRepository } from '@/core/modules/teams/teams-repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withTeamAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedTeamProcedure } from '@/core/server/trpc/procedures'
+import {
+  ADDON_500_SANDBOXES_ID,
+  ADDON_PURCHASE_ACTION_ERRORS,
+} from '@/features/dashboard/billing/constants'
+
+function limitTypeToKey(type: 'limit' | 'alert') {
+  return type === 'limit' ? 'limit_amount_gte' : 'alert_amount_gte'
+}
+
+const billingRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createBillingRepository,
+    (billingRepository) => ({
+      billingRepository,
+    })
+  )
+)
+
+const billingAndTeamsRepositoryProcedure = billingRepositoryProcedure.use(
+  withTeamAuthedRequestRepository(createTeamsRepository, (teamsRepository) => ({
+    teamsRepository,
+  }))
+)
+
+export const billingRouter = createTRPCRouter({
+  createCheckout: billingRepositoryProcedure
+    .input(z.object({ tierId: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      const result = await ctx.billingRepository.createCheckout(input.tierId)
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+      return result.data
+    }),
+
+  createCustomerPortalSession: billingRepositoryProcedure.mutation(
+    async ({ ctx }) => {
+      const origin = (await headers()).get('origin')
+      const result =
+        await ctx.billingRepository.createCustomerPortalSession(origin)
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+      return { url: result.data.url }
+    }
+  ),
+
+  getItems: billingRepositoryProcedure.query(async ({ ctx }) => {
+    const result = await ctx.billingRepository.getItems()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+
+  getUsage: billingRepositoryProcedure.query(async ({ ctx }) => {
+    const result = await ctx.billingRepository.getUsage()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+
+  getInvoices: billingRepositoryProcedure.query(async ({ ctx }) => {
+    const result = await ctx.billingRepository.getInvoices()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+
+  getLimits: billingRepositoryProcedure.query(async ({ ctx }) => {
+    const result = await ctx.billingRepository.getLimits()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+
+  setLimit: billingRepositoryProcedure
+    .input(
+      z.object({
+        type: z.enum(['limit', 'alert']),
+        value: z.number().min(1),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const { type, value } = input
+      const result = await ctx.billingRepository.setLimit(
+        limitTypeToKey(type),
+        value
+      )
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    }),
+
+  clearLimit: billingRepositoryProcedure
+    .input(z.object({ type: z.enum(['limit', 'alert']) }))
+    .mutation(async ({ ctx, input }) => {
+      const { type } = input
+      const result = await ctx.billingRepository.clearLimit(
+        limitTypeToKey(type)
+      )
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    }),
+
+  createOrder: billingRepositoryProcedure
+    .input(z.object({ itemId: z.literal(ADDON_500_SANDBOXES_ID) }))
+    .mutation(async ({ ctx, input }) => {
+      const { itemId } = input
+      const result = await ctx.billingRepository.createOrder(itemId)
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+      return result.data
+    }),
+
+  confirmOrder: billingRepositoryProcedure
+    .input(z.object({ orderId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const { orderId } = input
+      const result = await ctx.billingRepository.confirmOrder(orderId)
+      if (!result.ok) {
+        if (
+          result.error.message.includes(
+            'Missing payment method, please update your payment information'
+          )
+        ) {
+          throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: ADDON_PURCHASE_ACTION_ERRORS.missingPaymentMethod,
+          })
+        }
+        throwTRPCErrorFromRepoError(result.error)
+      }
+
+      return result.data
+    }),
+
+  getCustomerSession: billingRepositoryProcedure.mutation(async ({ ctx }) => {
+    const result = await ctx.billingRepository.getCustomerSession()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+})
diff --git a/src/server/api/routers/builds.ts b/src/core/server/api/routers/builds.ts
similarity index 53%
rename from src/server/api/routers/builds.ts
rename to src/core/server/api/routers/builds.ts
index 327447c4a..98aab5bf8 100644
--- a/src/server/api/routers/builds.ts
+++ b/src/core/server/api/routers/builds.ts
@@ -1,19 +1,30 @@
 import { z } from 'zod'
-import { LOG_RETENTION_MS } from '@/features/dashboard/templates/builds/constants'
-import { buildsRepo } from '@/server/api/repositories/builds.repository'
-import { createTRPCRouter } from '../init'
 import {
-  type BuildDetailsDTO,
-  type BuildLogDTO,
-  type BuildLogsDTO,
+  type BuildDetailsModel,
+  type BuildLogModel,
+  type BuildLogsModel,
   BuildStatusSchema,
-} from '../models/builds.models'
-import { protectedTeamProcedure } from '../procedures'
+} from '@/core/modules/builds/models'
+import { createBuildsRepository } from '@/core/modules/builds/repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withTeamAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedTeamProcedure } from '@/core/server/trpc/procedures'
+import { LOG_RETENTION_MS } from '@/features/dashboard/templates/builds/constants'
+
+const buildsRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createBuildsRepository,
+    (buildsRepository) => ({
+      buildsRepository,
+    })
+  )
+)
 
 export const buildsRouter = createTRPCRouter({
   // QUERIES
 
-  list: protectedTeamProcedure
+  list: buildsRepositoryProcedure
     .input(
       z.object({
         buildIdOrTemplate: z.string().optional(),
@@ -23,36 +34,41 @@ export const buildsRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId } = ctx
       const { buildIdOrTemplate, statuses, limit, cursor } = input
 
-      return await buildsRepo.listBuilds(
-        ctx.session.access_token,
-        teamId,
+      const result = await ctx.buildsRepository.listBuilds(
         buildIdOrTemplate,
         statuses,
-        { limit, cursor }
+        {
+          limit,
+          cursor,
+        }
       )
+      if (!result.ok) {
+        throwTRPCErrorFromRepoError(result.error)
+      }
+
+      return result.data
     }),
 
-  runningStatuses: protectedTeamProcedure
+  runningStatuses: buildsRepositoryProcedure
     .input(
       z.object({
         buildIds: z.array(z.string()).max(100),
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId } = ctx
       const { buildIds } = input
 
-      return await buildsRepo.getRunningStatuses(
-        ctx.session.access_token,
-        teamId,
-        buildIds
-      )
+      const result = await ctx.buildsRepository.getRunningStatuses(buildIds)
+      if (!result.ok) {
+        throwTRPCErrorFromRepoError(result.error)
+      }
+
+      return result.data
     }),
 
-  buildDetails: protectedTeamProcedure
+  buildDetails: buildsRepositoryProcedure
     .input(
       z.object({
         templateId: z.string(),
@@ -60,16 +76,15 @@ export const buildsRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId } = ctx
       const { buildId, templateId } = input
 
-      const buildInfo = await buildsRepo.getBuildInfo(
-        ctx.session.access_token,
-        buildId,
-        teamId
-      )
+      const buildInfoResult = await ctx.buildsRepository.getBuildInfo(buildId)
+      if (!buildInfoResult.ok) {
+        throwTRPCErrorFromRepoError(buildInfoResult.error)
+      }
+      const buildInfo = buildInfoResult.data
 
-      const result: BuildDetailsDTO = {
+      const result: BuildDetailsModel = {
         templateNames: buildInfo.names,
         template: buildInfo.names?.[0] ?? templateId,
         startedAt: buildInfo.createdAt,
@@ -82,7 +97,7 @@ export const buildsRouter = createTRPCRouter({
       return result
     }),
 
-  buildLogsBackwardsReversed: protectedTeamProcedure
+  buildLogsBackwardsReversed: buildsRepositoryProcedure
     .input(
       z.object({
         templateId: z.string(),
@@ -92,24 +107,25 @@ export const buildsRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId } = ctx
       const { buildId, templateId, level } = input
       let { cursor } = input
 
-      cursor ??= new Date().getTime()
+      cursor ??= Date.now()
 
       const direction = 'backward'
       const limit = 100
 
-      const buildLogs = await buildsRepo.getInfraBuildLogs(
-        ctx.session.access_token,
-        teamId,
+      const buildLogsResult = await ctx.buildsRepository.getInfraBuildLogs(
         templateId,
         buildId,
         { cursor, limit, direction, level }
       )
+      if (!buildLogsResult.ok) {
+        throwTRPCErrorFromRepoError(buildLogsResult.error)
+      }
+      const buildLogs = buildLogsResult.data
 
-      const logs: BuildLogDTO[] = buildLogs.logs
+      const logs: BuildLogModel[] = buildLogs.logs
         .map((log) => ({
           timestampUnix: new Date(log.timestamp).getTime(),
           level: log.level,
@@ -121,7 +137,7 @@ export const buildsRouter = createTRPCRouter({
       const cursorLog = logs[0]
       const nextCursor = hasMore ? (cursorLog?.timestampUnix ?? null) : null
 
-      const result: BuildLogsDTO = {
+      const result: BuildLogsModel = {
         logs,
         nextCursor,
       }
@@ -129,7 +145,7 @@ export const buildsRouter = createTRPCRouter({
       return result
     }),
 
-  buildLogsForward: protectedTeamProcedure
+  buildLogsForward: buildsRepositoryProcedure
     .input(
       z.object({
         templateId: z.string(),
@@ -139,33 +155,40 @@ export const buildsRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId } = ctx
       const { buildId, templateId, level } = input
       let { cursor } = input
 
-      cursor ??= new Date().getTime()
+      cursor ??= Date.now()
 
       const direction = 'forward'
       const limit = 100
 
-      const buildLogs = await buildsRepo.getInfraBuildLogs(
-        ctx.session.access_token,
-        teamId,
+      const buildLogsResult = await ctx.buildsRepository.getInfraBuildLogs(
         templateId,
         buildId,
         { cursor, limit, direction, level }
       )
-
-      const logs: BuildLogDTO[] = buildLogs.logs.map((log) => ({
-        timestampUnix: new Date(log.timestamp).getTime(),
-        level: log.level,
-        message: log.message,
-      }))
+      if (!buildLogsResult.ok) {
+        throwTRPCErrorFromRepoError(buildLogsResult.error)
+      }
+      const buildLogs = buildLogsResult.data
+
+      const logs: BuildLogModel[] = buildLogs.logs.map(
+        (log: {
+          timestamp: string
+          level: BuildLogModel['level']
+          message: string
+        }) => ({
+          timestampUnix: new Date(log.timestamp).getTime(),
+          level: log.level,
+          message: log.message,
+        })
+      )
 
       const newestLog = logs[logs.length - 1]
       const nextCursor = newestLog?.timestampUnix ?? cursor
 
-      const result: BuildLogsDTO = {
+      const result: BuildLogsModel = {
         logs,
         nextCursor,
       }
@@ -175,5 +198,5 @@ export const buildsRouter = createTRPCRouter({
 })
 
 function checkIfBuildStillHasLogs(createdAt: number): boolean {
-  return new Date().getTime() - createdAt < LOG_RETENTION_MS
+  return Date.now() - createdAt < LOG_RETENTION_MS
 }
diff --git a/src/server/api/routers/index.ts b/src/core/server/api/routers/index.ts
similarity index 84%
rename from src/server/api/routers/index.ts
rename to src/core/server/api/routers/index.ts
index 27b9704d8..530503282 100644
--- a/src/server/api/routers/index.ts
+++ b/src/core/server/api/routers/index.ts
@@ -1,9 +1,10 @@
-import { createCallerFactory, createTRPCRouter } from '../init'
+import { createCallerFactory, createTRPCRouter } from '@/core/server/trpc/init'
 import { billingRouter } from './billing'
 import { buildsRouter } from './builds'
 import { sandboxRouter } from './sandbox'
 import { sandboxesRouter } from './sandboxes'
 import { supportRouter } from './support'
+import { teamsRouter } from './teams'
 import { templatesRouter } from './templates'
 
 export const trpcAppRouter = createTRPCRouter({
@@ -13,6 +14,7 @@ export const trpcAppRouter = createTRPCRouter({
   builds: buildsRouter,
   billing: billingRouter,
   support: supportRouter,
+  teams: teamsRouter,
 })
 
 export type TRPCAppRouter = typeof trpcAppRouter
diff --git a/src/server/api/routers/sandbox.ts b/src/core/server/api/routers/sandbox.ts
similarity index 57%
rename from src/server/api/routers/sandbox.ts
rename to src/core/server/api/routers/sandbox.ts
index 649822fbc..948367c59 100644
--- a/src/server/api/routers/sandbox.ts
+++ b/src/core/server/api/routers/sandbox.ts
@@ -1,50 +1,62 @@
 import { millisecondsInDay } from 'date-fns/constants'
 import { z } from 'zod'
-import { SANDBOX_MONITORING_METRICS_RETENTION_MS } from '@/features/dashboard/sandbox/monitoring/utils/constants'
-import { SandboxIdSchema } from '@/lib/schemas/api'
-import { createTRPCRouter } from '../init'
 import {
   deriveSandboxLifecycleFromEvents,
-  mapApiSandboxRecordToDTO,
-  mapInfraSandboxDetailsToDTO,
-  mapInfraSandboxLogToDTO,
-  type SandboxDetailsDTO,
-  type SandboxLogDTO,
-  type SandboxLogsDTO,
-} from '../models/sandboxes.models'
-import { protectedTeamProcedure } from '../procedures'
-import { sandboxesRepo } from '../repositories/sandboxes.repository'
+  mapApiSandboxRecordToModel,
+  mapInfraSandboxDetailsToModel,
+  mapInfraSandboxLogToModel,
+  type SandboxDetailsModel,
+  type SandboxLogModel,
+  type SandboxLogsModel,
+} from '@/core/modules/sandboxes/models'
+import { createSandboxesRepository } from '@/core/modules/sandboxes/repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withTeamAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedTeamProcedure } from '@/core/server/trpc/procedures'
+import { SandboxIdSchema } from '@/core/shared/schemas/api'
+import { SANDBOX_MONITORING_METRICS_RETENTION_MS } from '@/features/dashboard/sandbox/monitoring/utils/constants'
+
+const sandboxRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createSandboxesRepository,
+    (sandboxesRepository) => ({
+      sandboxesRepository,
+    })
+  )
+)
 
 export const sandboxRouter = createTRPCRouter({
   // QUERIES
 
-  details: protectedTeamProcedure
+  details: sandboxRepositoryProcedure
     .input(
       z.object({
         sandboxId: SandboxIdSchema,
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
       const { sandboxId } = input
 
-      const detailsResult = await sandboxesRepo.getSandboxDetails(
-        session.access_token,
-        teamId,
-        sandboxId
-      )
+      const detailsResult =
+        await ctx.sandboxesRepository.getSandboxDetails(sandboxId)
+      if (!detailsResult.ok) {
+        throwTRPCErrorFromRepoError(detailsResult.error)
+      }
 
-      const mappedDetails: SandboxDetailsDTO =
-        detailsResult.source === 'infra'
-          ? mapInfraSandboxDetailsToDTO(detailsResult.details)
-          : mapApiSandboxRecordToDTO(detailsResult.details)
+      const mappedDetails: SandboxDetailsModel =
+        detailsResult.data.source === 'infra'
+          ? mapInfraSandboxDetailsToModel(detailsResult.data.details)
+          : mapApiSandboxRecordToModel(detailsResult.data.details)
 
-      const lifecycleEvents = await sandboxesRepo.getSandboxLifecycleEvents(
-        session.access_token,
-        teamId,
-        sandboxId
+      const lifecycleEventsResult =
+        await ctx.sandboxesRepository.getSandboxLifecycleEvents(sandboxId)
+      if (!lifecycleEventsResult.ok) {
+        throwTRPCErrorFromRepoError(lifecycleEventsResult.error)
+      }
+      const derivedLifecycle = deriveSandboxLifecycleFromEvents(
+        lifecycleEventsResult.data
       )
-      const derivedLifecycle = deriveSandboxLifecycleFromEvents(lifecycleEvents)
       const fallbackPausedAt =
         mappedDetails.state === 'paused' ? mappedDetails.endAt : null
       const fallbackEndedAt =
@@ -63,7 +75,7 @@ export const sandboxRouter = createTRPCRouter({
       }
     }),
 
-  logsBackwardsReversed: protectedTeamProcedure
+  logsBackwardsReversed: sandboxRepositoryProcedure
     .input(
       z.object({
         sandboxId: SandboxIdSchema,
@@ -73,7 +85,6 @@ export const sandboxRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
       const { sandboxId, level, search } = input
       let { cursor } = input
 
@@ -82,22 +93,24 @@ export const sandboxRouter = createTRPCRouter({
       const direction = 'backward'
       const limit = 100
 
-      const sandboxLogs = await sandboxesRepo.getSandboxLogs(
-        session.access_token,
-        teamId,
+      const sandboxLogsResult = await ctx.sandboxesRepository.getSandboxLogs(
         sandboxId,
         { cursor, limit, direction, level, search }
       )
+      if (!sandboxLogsResult.ok) {
+        throwTRPCErrorFromRepoError(sandboxLogsResult.error)
+      }
+      const sandboxLogs = sandboxLogsResult.data
 
-      const logs: SandboxLogDTO[] = sandboxLogs.logs
-        .map(mapInfraSandboxLogToDTO)
+      const logs: SandboxLogModel[] = sandboxLogs.logs
+        .map(mapInfraSandboxLogToModel)
         .reverse()
 
       const hasMore = logs.length === limit
       const cursorLog = logs[0]
       const nextCursor = hasMore ? (cursorLog?.timestampUnix ?? null) : null
 
-      const result: SandboxLogsDTO = {
+      const result: SandboxLogsModel = {
         logs,
         nextCursor,
       }
@@ -105,7 +118,7 @@ export const sandboxRouter = createTRPCRouter({
       return result
     }),
 
-  logsForward: protectedTeamProcedure
+  logsForward: sandboxRepositoryProcedure
     .input(
       z.object({
         sandboxId: SandboxIdSchema,
@@ -115,7 +128,6 @@ export const sandboxRouter = createTRPCRouter({
       })
     )
     .query(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
       const { sandboxId, level, search } = input
       let { cursor } = input
 
@@ -124,21 +136,23 @@ export const sandboxRouter = createTRPCRouter({
       const direction = 'forward'
       const limit = 100
 
-      const sandboxLogs = await sandboxesRepo.getSandboxLogs(
-        session.access_token,
-        teamId,
+      const sandboxLogsResult = await ctx.sandboxesRepository.getSandboxLogs(
         sandboxId,
         { cursor, limit, direction, level, search }
       )
+      if (!sandboxLogsResult.ok) {
+        throwTRPCErrorFromRepoError(sandboxLogsResult.error)
+      }
+      const sandboxLogs = sandboxLogsResult.data
 
-      const logs: SandboxLogDTO[] = sandboxLogs.logs.map(
-        mapInfraSandboxLogToDTO
+      const logs: SandboxLogModel[] = sandboxLogs.logs.map(
+        mapInfraSandboxLogToModel
       )
 
       const newestLog = logs[logs.length - 1]
       const nextCursor = newestLog?.timestampUnix ?? cursor
 
-      const result: SandboxLogsDTO = {
+      const result: SandboxLogsModel = {
         logs,
         nextCursor,
       }
@@ -146,7 +160,7 @@ export const sandboxRouter = createTRPCRouter({
       return result
     }),
 
-  resourceMetrics: protectedTeamProcedure
+  resourceMetrics: sandboxRepositoryProcedure
     .input(
       z
         .object({
@@ -172,19 +186,20 @@ export const sandboxRouter = createTRPCRouter({
         )
     )
     .query(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
       const { sandboxId } = input
       const { startMs, endMs } = input
 
-      const metrics = await sandboxesRepo.getSandboxMetrics(
-        session.access_token,
-        teamId,
+      const metricsResult = await ctx.sandboxesRepository.getSandboxMetrics(
         sandboxId,
         {
           startUnixMs: startMs,
           endUnixMs: endMs,
         }
       )
+      if (!metricsResult.ok) {
+        throwTRPCErrorFromRepoError(metricsResult.error)
+      }
+      const metrics = metricsResult.data
 
       return metrics
     }),
diff --git a/src/core/server/api/routers/sandboxes.ts b/src/core/server/api/routers/sandboxes.ts
new file mode 100644
index 000000000..68b53f99b
--- /dev/null
+++ b/src/core/server/api/routers/sandboxes.ts
@@ -0,0 +1,184 @@
+import { z } from 'zod'
+import { USE_MOCK_DATA } from '@/configs/flags'
+import {
+  calculateTeamMetricsStep,
+  MOCK_SANDBOXES_DATA,
+  MOCK_TEAM_METRICS_DATA,
+  MOCK_TEAM_METRICS_MAX_DATA,
+} from '@/configs/mock-data'
+import { createSandboxesRepository } from '@/core/modules/sandboxes/repository.server'
+import {
+  GetTeamMetricsMaxSchema,
+  GetTeamMetricsSchema,
+} from '@/core/modules/sandboxes/schemas'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withTeamAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import {
+  fillTeamMetricsWithZeros,
+  transformMetricsToClientMetrics,
+} from '@/core/server/functions/sandboxes/utils'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedTeamProcedure } from '@/core/server/trpc/procedures'
+
+const sandboxesRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createSandboxesRepository,
+    (sandboxesRepository) => ({
+      sandboxesRepository,
+    })
+  )
+)
+
+export const sandboxesRouter = createTRPCRouter({
+  // QUERIES
+  getSandboxes: sandboxesRepositoryProcedure.query(async ({ ctx }) => {
+    if (USE_MOCK_DATA) {
+      await new Promise((resolve) => setTimeout(resolve, 200))
+
+      const sandboxes = MOCK_SANDBOXES_DATA()
+
+      return {
+        sandboxes,
+      }
+    }
+
+    const sandboxesResult = await ctx.sandboxesRepository.listSandboxes()
+    if (!sandboxesResult.ok) {
+      throwTRPCErrorFromRepoError(sandboxesResult.error)
+    }
+
+    return {
+      sandboxes: sandboxesResult.data,
+    }
+  }),
+
+  getSandboxesMetrics: sandboxesRepositoryProcedure
+    .input(
+      z.object({
+        sandboxIds: z.array(z.string()),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const { sandboxIds } = input
+
+      if (sandboxIds.length === 0 || USE_MOCK_DATA) {
+        return {
+          metrics: {},
+        }
+      }
+
+      const metricsDataResult =
+        await ctx.sandboxesRepository.getSandboxesMetrics(sandboxIds)
+      if (!metricsDataResult.ok) {
+        throwTRPCErrorFromRepoError(metricsDataResult.error)
+      }
+      const metricsData = metricsDataResult.data
+      const metrics = transformMetricsToClientMetrics(metricsData)
+
+      return {
+        metrics,
+      }
+    }),
+
+  getTeamMetrics: sandboxesRepositoryProcedure
+    .input(GetTeamMetricsSchema)
+    .query(async ({ ctx, input }) => {
+      const { startDate: startDateMs, endDate: endDateMs } = input
+
+      // use mock data if enabled
+      if (USE_MOCK_DATA) {
+        const mockData = MOCK_TEAM_METRICS_DATA(startDateMs, endDateMs)
+        const filledMetrics = fillTeamMetricsWithZeros(
+          mockData.metrics,
+          startDateMs,
+          endDateMs,
+          mockData.step
+        )
+        return {
+          metrics: filledMetrics,
+          step: mockData.step,
+        }
+      }
+
+      const startS = Math.floor(startDateMs / 1000)
+      const endS = Math.floor(endDateMs / 1000)
+
+      // calculate step to determine overfetch amount
+      const stepMs = calculateTeamMetricsStep(startDateMs, endDateMs)
+
+      // overfetch by one step
+      // the overfetch is accounted for when post-processing the data using fillTeamMetricsWithZeros
+      const overfetchS = Math.ceil(stepMs / 1000)
+
+      const metricDataResult =
+        await ctx.sandboxesRepository.getTeamMetricsRange(
+          startS,
+          endS + overfetchS
+        )
+      if (!metricDataResult.ok) {
+        throwTRPCErrorFromRepoError(metricDataResult.error)
+      }
+      const metricData = metricDataResult.data
+
+      // transform timestamps from seconds to milliseconds
+      const metrics = metricData.map(
+        (d: {
+          concurrentSandboxes: number
+          sandboxStartRate: number
+          timestampUnix: number
+        }) => ({
+          concurrentSandboxes: d.concurrentSandboxes,
+          sandboxStartRate: d.sandboxStartRate,
+          timestamp: d.timestampUnix * 1000,
+        })
+      )
+
+      // fill gaps with zeros for smooth visualization
+      const filledMetrics = fillTeamMetricsWithZeros(
+        metrics,
+        startDateMs,
+        endDateMs,
+        stepMs
+      )
+
+      return {
+        metrics: filledMetrics,
+        step: stepMs,
+      }
+    }),
+
+  getTeamMetricsMax: sandboxesRepositoryProcedure
+    .input(GetTeamMetricsMaxSchema)
+    .query(async ({ ctx, input }) => {
+      const { startDate: startDateMs, endDate: endDateMs, metric } = input
+
+      if (USE_MOCK_DATA) {
+        return MOCK_TEAM_METRICS_MAX_DATA(startDateMs, endDateMs, metric)
+      }
+
+      // convert milliseconds to seconds for the API
+      const startS = Math.floor(startDateMs / 1000)
+      const endS = Math.floor(endDateMs / 1000)
+
+      const maxMetricResult = await ctx.sandboxesRepository.getTeamMetricsMax(
+        startS,
+        endS,
+        metric
+      )
+      if (!maxMetricResult.ok) {
+        throwTRPCErrorFromRepoError(maxMetricResult.error)
+      }
+      const maxMetric = maxMetricResult.data
+
+      // since javascript timestamps are in milliseconds, we want to convert the timestamp back to milliseconds
+      const timestampMs = maxMetric.timestampUnix * 1000
+
+      return {
+        timestamp: timestampMs,
+        value: maxMetric.value,
+        metric,
+      }
+    }),
+
+  // MUTATIONS
+})
diff --git a/src/core/server/api/routers/support.ts b/src/core/server/api/routers/support.ts
new file mode 100644
index 000000000..5b3443898
--- /dev/null
+++ b/src/core/server/api/routers/support.ts
@@ -0,0 +1,70 @@
+import { TRPCError } from '@trpc/server'
+import { z } from 'zod'
+import { createSupportRepository } from '@/core/modules/support/repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withTeamAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedTeamProcedure } from '@/core/server/trpc/procedures'
+
+const E2B_API_KEY_REGEX = /e2b_[a-f0-9]{40}/i
+
+const fileSchema = z.object({
+  name: z.string(),
+  type: z.string(),
+  base64: z.string(),
+})
+
+const supportRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createSupportRepository,
+    (supportRepository) => ({
+      supportRepository,
+    })
+  )
+)
+
+export const supportRouter = createTRPCRouter({
+  contactSupport: supportRepositoryProcedure
+    .input(
+      z.object({
+        description: z.string().min(1),
+        files: z.array(fileSchema).max(5).optional(),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const { teamId, user } = ctx
+      const email = user.email
+
+      if (!email) {
+        throw new Error('Email not found')
+      }
+
+      if (E2B_API_KEY_REGEX.test(input.description)) {
+        throw new TRPCError({
+          code: 'BAD_REQUEST',
+          message:
+            'Your message contains an API key. Please remove it before sending.',
+        })
+      }
+
+      const teamResult = await ctx.supportRepository.getTeamSupportData()
+      if (!teamResult.ok) {
+        throwTRPCErrorFromRepoError(teamResult.error)
+      }
+
+      const createResult = await ctx.supportRepository.createSupportThread({
+        description: input.description,
+        files: input.files,
+        teamId,
+        teamName: teamResult.data.name,
+        customerEmail: email,
+        accountOwnerEmail: teamResult.data.email,
+        customerTier: teamResult.data.tier,
+      })
+      if (!createResult.ok) {
+        throwTRPCErrorFromRepoError(createResult.error)
+      }
+
+      return createResult.data
+    }),
+})
diff --git a/src/core/server/api/routers/teams.ts b/src/core/server/api/routers/teams.ts
new file mode 100644
index 000000000..03a2d6a88
--- /dev/null
+++ b/src/core/server/api/routers/teams.ts
@@ -0,0 +1,23 @@
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import { withAuthedRequestRepository } from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import { protectedProcedure } from '@/core/server/trpc/procedures'
+
+const teamsRepositoryProcedure = protectedProcedure.use(
+  withAuthedRequestRepository(createUserTeamsRepository, (teamsRepository) => ({
+    teamsRepository,
+  }))
+)
+
+export const teamsRouter = createTRPCRouter({
+  list: teamsRepositoryProcedure.query(async ({ ctx }) => {
+    const teamsResult = await ctx.teamsRepository.listUserTeams()
+
+    if (!teamsResult.ok) {
+      throwTRPCErrorFromRepoError(teamsResult.error)
+    }
+
+    return teamsResult.data
+  }),
+})
diff --git a/src/core/server/api/routers/templates.ts b/src/core/server/api/routers/templates.ts
new file mode 100644
index 000000000..d063c251c
--- /dev/null
+++ b/src/core/server/api/routers/templates.ts
@@ -0,0 +1,103 @@
+import { TRPCError } from '@trpc/server'
+import { z } from 'zod'
+import {
+  createDefaultTemplatesRepository,
+  createTemplatesRepository,
+} from '@/core/modules/templates/repository.server'
+import { throwTRPCErrorFromRepoError } from '@/core/server/adapters/errors'
+import {
+  withAuthedRequestRepository,
+  withTeamAuthedRequestRepository,
+} from '@/core/server/api/middlewares/repository'
+import { createTRPCRouter } from '@/core/server/trpc/init'
+import {
+  protectedProcedure,
+  protectedTeamProcedure,
+} from '@/core/server/trpc/procedures'
+
+const templatesRepositoryProcedure = protectedProcedure.use(
+  withAuthedRequestRepository(
+    createDefaultTemplatesRepository,
+    (templatesRepository) => ({
+      templatesRepository,
+    })
+  )
+)
+
+const teamTemplatesRepositoryProcedure = protectedTeamProcedure.use(
+  withTeamAuthedRequestRepository(
+    createTemplatesRepository,
+    (templatesRepository) => ({
+      templatesRepository,
+    })
+  )
+)
+
+export const templatesRouter = createTRPCRouter({
+  // QUERIES
+
+  getTemplates: teamTemplatesRepositoryProcedure.query(async ({ ctx }) => {
+    const result = await ctx.templatesRepository.getTeamTemplates()
+    if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+    return result.data
+  }),
+
+  getDefaultTemplatesCached: templatesRepositoryProcedure.query(
+    async ({ ctx }) => {
+      const result = await ctx.templatesRepository.getDefaultTemplatesCached()
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+      return result.data
+    }
+  ),
+
+  // MUTATIONS
+
+  deleteTemplate: teamTemplatesRepositoryProcedure
+    .input(
+      z.object({
+        templateId: z.string(),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const { templateId } = input
+
+      const result = await ctx.templatesRepository.deleteTemplate(templateId)
+
+      if (!result.ok) {
+        if (
+          result.error.status === 400 &&
+          result.error.message.includes(
+            'because there are paused sandboxes using it'
+          )
+        ) {
+          throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message:
+              'Cannot delete template because there are paused sandboxes using it',
+          })
+        }
+        throwTRPCErrorFromRepoError(result.error)
+      }
+
+      return result.data
+    }),
+
+  updateTemplate: teamTemplatesRepositoryProcedure
+    .input(
+      z.object({
+        templateId: z.string(),
+        public: z.boolean(),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const { templateId, public: isPublic } = input
+
+      const result = await ctx.templatesRepository.updateTemplateVisibility(
+        templateId,
+        isPublic
+      )
+      if (!result.ok) throwTRPCErrorFromRepoError(result.error)
+
+      return result.data
+    }),
+})
diff --git a/src/server/auth/auth.types.ts b/src/core/server/functions/auth/auth.types.ts
similarity index 94%
rename from src/server/auth/auth.types.ts
rename to src/core/server/functions/auth/auth.types.ts
index 98f0e3a81..42786c86b 100644
--- a/src/server/auth/auth.types.ts
+++ b/src/core/server/functions/auth/auth.types.ts
@@ -1,6 +1,6 @@
 import { z } from 'zod'
 import { CAPTCHA_REQUIRED_CLIENT } from '@/configs/flags'
-import { relativeUrlSchema } from '@/lib/schemas/url'
+import { relativeUrlSchema } from '@/core/shared/schemas/url'
 
 export const emailSchema = z.email('Valid email is required')
 
diff --git a/src/server/auth/get-session.ts b/src/core/server/functions/auth/get-session.ts
similarity index 96%
rename from src/server/auth/get-session.ts
rename to src/core/server/functions/auth/get-session.ts
index 3623d6459..eac071784 100644
--- a/src/server/auth/get-session.ts
+++ b/src/core/server/functions/auth/get-session.ts
@@ -1,4 +1,4 @@
-import { createClient } from '@/lib/clients/supabase/server'
+import { createClient } from '@/core/shared/clients/supabase/server'
 import 'server-cli-only'
 
 /**
diff --git a/src/server/auth/get-user-by-token.ts b/src/core/server/functions/auth/get-user-by-token.ts
similarity index 94%
rename from src/server/auth/get-user-by-token.ts
rename to src/core/server/functions/auth/get-user-by-token.ts
index 02d43d4ce..ce24da1a7 100644
--- a/src/server/auth/get-user-by-token.ts
+++ b/src/core/server/functions/auth/get-user-by-token.ts
@@ -2,7 +2,7 @@ import 'server-only'
 
 import { AuthSessionMissingError } from '@supabase/supabase-js'
 import { cache } from 'react'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
+import { supabaseAdmin } from '@/core/shared/clients/supabase/admin'
 
 /**
  * Retrieves a user from Supabase using their access token.
diff --git a/src/server/auth/validate-email.ts b/src/core/server/functions/auth/validate-email.ts
similarity index 96%
rename from src/server/auth/validate-email.ts
rename to src/core/server/functions/auth/validate-email.ts
index bf32b9f42..eb27bb83e 100644
--- a/src/server/auth/validate-email.ts
+++ b/src/core/server/functions/auth/validate-email.ts
@@ -1,7 +1,6 @@
 import { kv } from '@vercel/kv'
-import { serializeError } from 'serialize-error'
 import { KV_KEYS } from '@/configs/keys'
-import { l } from '@/lib/clients/logger/logger'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 
 /**
  * Response type from the ZeroBounce email validation API
@@ -90,7 +89,7 @@ export async function validateEmail(
   } catch (error) {
     l.error({
       key: 'validate_email:error',
-      error: serializeError(error),
+      error: serializeErrorForLog(error),
       context: {
         email,
       },
diff --git a/src/core/server/functions/keys/get-api-keys.ts b/src/core/server/functions/keys/get-api-keys.ts
new file mode 100644
index 000000000..8ec35cf7a
--- /dev/null
+++ b/src/core/server/functions/keys/get-api-keys.ts
@@ -0,0 +1,49 @@
+import { cacheLife, cacheTag } from 'next/cache'
+import { z } from 'zod'
+import { CACHE_TAGS } from '@/configs/cache'
+import { createKeysRepository } from '@/core/modules/keys/repository.server'
+import {
+  authActionClient,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { handleDefaultInfraError } from '@/core/server/actions/utils'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const GetApiKeysSchema = z.object({
+  teamSlug: TeamSlugSchema,
+})
+
+export const getTeamApiKeys = authActionClient
+  .schema(GetApiKeysSchema)
+  .metadata({ serverFunctionName: 'getTeamApiKeys' })
+  .use(withTeamSlugResolution)
+  .action(async ({ ctx }) => {
+    'use cache'
+    cacheLife('default')
+    const { session, teamId } = ctx
+    cacheTag(CACHE_TAGS.TEAM_API_KEYS(teamId))
+
+    const result = await createKeysRepository({
+      accessToken: session.access_token,
+      teamId,
+    }).listTeamApiKeys()
+
+    if (!result.ok) {
+      const status = result.error.status
+
+      l.error({
+        key: 'get_team_api_keys:error',
+        error: result.error,
+        team_id: teamId,
+        user_id: session.user.id,
+        context: {
+          status,
+        },
+      })
+
+      return handleDefaultInfraError(status, result.error)
+    }
+
+    return { apiKeys: result.data }
+  })
diff --git a/src/server/keys/types.ts b/src/core/server/functions/keys/types.ts
similarity index 100%
rename from src/server/keys/types.ts
rename to src/core/server/functions/keys/types.ts
diff --git a/src/server/sandboxes/get-team-metrics-core.ts b/src/core/server/functions/sandboxes/get-team-metrics-core.ts
similarity index 90%
rename from src/server/sandboxes/get-team-metrics-core.ts
rename to src/core/server/functions/sandboxes/get-team-metrics-core.ts
index 67262e638..2457b305a 100644
--- a/src/server/sandboxes/get-team-metrics-core.ts
+++ b/src/core/server/functions/sandboxes/get-team-metrics-core.ts
@@ -7,11 +7,11 @@ import {
   calculateTeamMetricsStep,
   MOCK_TEAM_METRICS_DATA,
 } from '@/configs/mock-data'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { handleDefaultInfraError } from '@/lib/utils/action'
-import { fillTeamMetricsWithZeros } from '@/server/sandboxes/utils'
-import type { ClientTeamMetrics } from '@/types/sandboxes.types'
+import type { ClientTeamMetrics } from '@/core/modules/sandboxes/models.client'
+import { handleDefaultInfraError } from '@/core/server/actions/utils'
+import { fillTeamMetricsWithZeros } from '@/core/server/functions/sandboxes/utils'
+import { infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
 
 interface GetTeamMetricsCoreParams {
   accessToken: string
@@ -115,7 +115,7 @@ export const getTeamMetricsCore = cache(
       )
 
       return {
-        error: handleDefaultInfraError(status),
+        error: handleDefaultInfraError(status, res.error),
         status,
       }
     }
diff --git a/src/server/sandboxes/get-team-metrics-max.ts b/src/core/server/functions/sandboxes/get-team-metrics-max.ts
similarity index 86%
rename from src/server/sandboxes/get-team-metrics-max.ts
rename to src/core/server/functions/sandboxes/get-team-metrics-max.ts
index 74d629e6d..0a2078f8a 100644
--- a/src/server/sandboxes/get-team-metrics-max.ts
+++ b/src/core/server/functions/sandboxes/get-team-metrics-max.ts
@@ -4,16 +4,19 @@ import { z } from 'zod'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { USE_MOCK_DATA } from '@/configs/flags'
 import { MOCK_TEAM_METRICS_MAX_DATA } from '@/configs/mock-data'
+import {
+  authActionClient,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { handleDefaultInfraError } from '@/core/server/actions/utils'
+import { infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
 import { MAX_DAYS_AGO } from '@/features/dashboard/sandboxes/monitoring/time-picker/constants'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { handleDefaultInfraError } from '@/lib/utils/action'
 
 export const GetTeamMetricsMaxSchema = z
   .object({
-    teamIdOrSlug: TeamIdOrSlugSchema,
+    teamSlug: TeamSlugSchema,
     startDate: z
       .number()
       .int()
@@ -51,7 +54,7 @@ export const GetTeamMetricsMaxSchema = z
 export const getTeamMetricsMax = authActionClient
   .metadata({ serverFunctionName: 'getTeamMetricsMax' })
   .schema(GetTeamMetricsMaxSchema)
-  .use(withTeamIdResolution)
+  .use(withTeamSlugResolution)
   .action(async ({ parsedInput, ctx }) => {
     const { session, teamId } = ctx
     const { startDate: startDateMs, endDate: endDateMs, metric } = parsedInput
@@ -100,7 +103,7 @@ export const getTeamMetricsMax = authActionClient
         `Failed to get team metrics max: ${res.error.message}`
       )
 
-      return handleDefaultInfraError(status)
+      return handleDefaultInfraError(status, res.error)
     }
 
     // since javascript timestamps are in milliseconds, we want to convert the timestamp back to milliseconds
diff --git a/src/server/sandboxes/get-team-metrics.ts b/src/core/server/functions/sandboxes/get-team-metrics.ts
similarity index 79%
rename from src/server/sandboxes/get-team-metrics.ts
rename to src/core/server/functions/sandboxes/get-team-metrics.ts
index ec99273a7..cc90ddacf 100644
--- a/src/server/sandboxes/get-team-metrics.ts
+++ b/src/core/server/functions/sandboxes/get-team-metrics.ts
@@ -1,15 +1,19 @@
 import 'server-only'
 
 import { z } from 'zod'
+import {
+  authActionClient,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { returnServerError } from '@/core/server/actions/utils'
+import { getPublicErrorMessage } from '@/core/shared/errors'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
 import { MAX_DAYS_AGO } from '@/features/dashboard/sandboxes/monitoring/time-picker/constants'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
 import { getTeamMetricsCore } from './get-team-metrics-core'
 
 export const GetTeamMetricsSchema = z
   .object({
-    teamIdOrSlug: TeamIdOrSlugSchema,
+    teamSlug: TeamSlugSchema,
     startDate: z
       .number()
       .int()
@@ -46,7 +50,7 @@ export const GetTeamMetricsSchema = z
 export const getTeamMetrics = authActionClient
   .schema(GetTeamMetricsSchema)
   .metadata({ serverFunctionName: 'getTeamMetrics' })
-  .use(withTeamIdResolution)
+  .use(withTeamSlugResolution)
   .action(async ({ parsedInput, ctx }) => {
     const { session, teamId } = ctx
 
@@ -61,8 +65,7 @@ export const getTeamMetrics = authActionClient
     })
 
     if (result.error) {
-      // error already logged in core function
-      return returnServerError(result.error)
+      return returnServerError(getPublicErrorMessage({ status: result.status }))
     }
 
     return result.data
diff --git a/src/server/sandboxes/utils.ts b/src/core/server/functions/sandboxes/utils.ts
similarity index 98%
rename from src/server/sandboxes/utils.ts
rename to src/core/server/functions/sandboxes/utils.ts
index 96e5622b7..4d0d2fda0 100644
--- a/src/server/sandboxes/utils.ts
+++ b/src/core/server/functions/sandboxes/utils.ts
@@ -1,9 +1,9 @@
 import { TEAM_METRICS_BACKEND_COLLECTION_INTERVAL_MS } from '@/configs/intervals'
-import type { SandboxesMetricsRecord } from '@/types/api.types'
+import type { SandboxesMetricsRecord } from '@/core/modules/sandboxes/models'
 import type {
   ClientSandboxesMetrics,
   ClientTeamMetrics,
-} from '@/types/sandboxes.types'
+} from '@/core/modules/sandboxes/models.client'
 
 export function transformMetricsToClientMetrics(
   metrics: SandboxesMetricsRecord
diff --git a/src/core/server/functions/team/get-team-id-from-slug.ts b/src/core/server/functions/team/get-team-id-from-slug.ts
new file mode 100644
index 000000000..1ce9aa68e
--- /dev/null
+++ b/src/core/server/functions/team/get-team-id-from-slug.ts
@@ -0,0 +1,43 @@
+import 'server-only'
+
+import { CACHE_TAGS } from '@/configs/cache'
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+export const getTeamIdFromSlug = async (
+  teamSlug: string,
+  accessToken: string
+) => {
+  if (!TeamSlugSchema.safeParse(teamSlug).success) {
+    l.warn(
+      {
+        key: 'get_team_id_from_slug:invalid_team_slug',
+        context: { teamSlug },
+      },
+      'get_team_id_from_slug - invalid team slug'
+    )
+
+    return null
+  }
+
+  const resolvedTeam = await createUserTeamsRepository({
+    accessToken,
+  }).resolveTeamBySlug(teamSlug, {
+    tags: [CACHE_TAGS.TEAM_ID_FROM_SLUG(teamSlug)],
+  })
+
+  if (!resolvedTeam.ok) {
+    l.warn(
+      {
+        key: 'get_team_id_from_slug:resolve_failed',
+        context: { teamSlug },
+      },
+      'get_team_id_from_slug - failed to resolve'
+    )
+
+    return null
+  }
+
+  return resolvedTeam.data.id
+}
diff --git a/src/core/server/functions/team/get-team-members.ts b/src/core/server/functions/team/get-team-members.ts
new file mode 100644
index 000000000..d8b8fffd4
--- /dev/null
+++ b/src/core/server/functions/team/get-team-members.ts
@@ -0,0 +1,33 @@
+import 'server-only'
+
+import { z } from 'zod'
+import { createTeamsRepository } from '@/core/modules/teams/teams-repository.server'
+import {
+  authActionClient,
+  withTeamAuthedRequestRepository,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { toActionErrorFromRepoError } from '@/core/server/adapters/errors'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const withTeamsRepository = withTeamAuthedRequestRepository(
+  createTeamsRepository,
+  (teamsRepository) => ({ teamsRepository })
+)
+
+const GetTeamMembersSchema = z.object({
+  teamSlug: TeamSlugSchema,
+})
+
+export const getTeamMembers = authActionClient
+  .schema(GetTeamMembersSchema)
+  .metadata({ serverFunctionName: 'getTeamMembers' })
+  .use(withTeamSlugResolution)
+  .use(withTeamsRepository)
+  .action(async ({ ctx }) => {
+    const result = await ctx.teamsRepository.listTeamMembers()
+    if (!result.ok) {
+      return toActionErrorFromRepoError(result.error)
+    }
+    return result.data
+  })
diff --git a/src/core/server/functions/team/resolve-user-team.ts b/src/core/server/functions/team/resolve-user-team.ts
new file mode 100644
index 000000000..e59375fcf
--- /dev/null
+++ b/src/core/server/functions/team/resolve-user-team.ts
@@ -0,0 +1,84 @@
+import 'server-only'
+
+import { cookies } from 'next/headers'
+import { COOKIE_KEYS } from '@/configs/cookies'
+import type { ResolvedTeam } from '@/core/modules/teams/models'
+import { createUserTeamsRepository } from '@/core/modules/teams/user-teams-repository.server'
+import { l } from '@/core/shared/clients/logger/logger'
+
+export async function resolveUserTeam(
+  accessToken: string
+): Promise<ResolvedTeam | null> {
+  const cookieStore = await cookies()
+  const teamsRepository = createUserTeamsRepository({
+    accessToken,
+  })
+
+  const cookieTeamId = cookieStore.get(COOKIE_KEYS.SELECTED_TEAM_ID)?.value
+  const cookieTeamSlug = cookieStore.get(COOKIE_KEYS.SELECTED_TEAM_SLUG)?.value
+
+  if (cookieTeamSlug) {
+    const resolvedCookieTeam =
+      await teamsRepository.resolveTeamBySlug(cookieTeamSlug)
+
+    if (resolvedCookieTeam.ok) {
+      if (cookieTeamId && cookieTeamId !== resolvedCookieTeam.data.id) {
+        l.warn(
+          {
+            key: 'resolve_user_team:cookie_team_id_mismatch',
+            team_id: cookieTeamId,
+            context: {
+              resolved_team_id: resolvedCookieTeam.data.id,
+              team_slug: cookieTeamSlug,
+            },
+          },
+          'Selected team cookie id did not match the resolved team'
+        )
+      }
+
+      return resolvedCookieTeam.data
+    }
+
+    l.warn(
+      {
+        key: 'resolve_user_team:stale_cookie_team',
+        team_id: cookieTeamId,
+        context: {
+          team_slug: cookieTeamSlug,
+        },
+      },
+      'Selected team cookie could not be resolved for the current user'
+    )
+  }
+
+  const teamsResult = await teamsRepository.listUserTeams()
+
+  if (!teamsResult.ok) {
+    l.error(
+      {
+        key: 'resolve_user_team:api_error',
+      },
+      'Failed to fetch user teams'
+    )
+    return null
+  }
+
+  if (teamsResult.data.length === 0) {
+    return null
+  }
+
+  const defaultTeam = teamsResult.data.find(
+    (team) => team.isDefault && team.slug
+  )
+  const team =
+    defaultTeam ?? teamsResult.data.find((candidate) => candidate.slug)
+
+  if (!team) {
+    return null
+  }
+
+  return {
+    id: team.id,
+    slug: team.slug,
+  }
+}
diff --git a/src/core/server/functions/team/types.ts b/src/core/server/functions/team/types.ts
new file mode 100644
index 000000000..616cb87a9
--- /dev/null
+++ b/src/core/server/functions/team/types.ts
@@ -0,0 +1,11 @@
+export type {
+  ResolvedTeam,
+  TeamMember,
+  TeamMemberInfo,
+  TeamMemberRelation,
+} from '@/core/modules/teams/models'
+export {
+  CreateTeamSchema,
+  TeamNameSchema,
+  UpdateTeamNameSchema,
+} from '@/core/modules/teams/schemas'
diff --git a/src/core/server/functions/usage/get-usage.ts b/src/core/server/functions/usage/get-usage.ts
new file mode 100644
index 000000000..e01c4aeaa
--- /dev/null
+++ b/src/core/server/functions/usage/get-usage.ts
@@ -0,0 +1,41 @@
+import 'server-only'
+
+import { cacheLife, cacheTag } from 'next/cache'
+import { z } from 'zod'
+import { CACHE_TAGS } from '@/configs/cache'
+import { createBillingRepository } from '@/core/modules/billing/repository.server'
+import {
+  authActionClient,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { returnServerError } from '@/core/server/actions/utils'
+import { getPublicRepoErrorMessage } from '@/core/shared/errors'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const GetUsageAuthActionSchema = z.object({
+  teamSlug: TeamSlugSchema,
+})
+
+export const getUsage = authActionClient
+  .schema(GetUsageAuthActionSchema)
+  .metadata({ serverFunctionName: 'getUsage' })
+  .use(withTeamSlugResolution)
+  .action(async ({ ctx }) => {
+    'use cache'
+
+    const { teamId } = ctx
+
+    cacheLife('hours')
+    cacheTag(CACHE_TAGS.TEAM_USAGE(teamId))
+
+    const result = await createBillingRepository({
+      accessToken: ctx.session.access_token,
+      teamId,
+    }).getUsage()
+
+    if (!result.ok) {
+      return returnServerError(getPublicRepoErrorMessage(result.error))
+    }
+
+    return result.data
+  })
diff --git a/src/core/server/functions/webhooks/get-webhooks.ts b/src/core/server/functions/webhooks/get-webhooks.ts
new file mode 100644
index 000000000..aa5da2408
--- /dev/null
+++ b/src/core/server/functions/webhooks/get-webhooks.ts
@@ -0,0 +1,50 @@
+import 'server-only'
+
+import { z } from 'zod'
+import { createWebhooksRepository } from '@/core/modules/webhooks/repository.server'
+import {
+  authActionClient,
+  withTeamAuthedRequestRepository,
+  withTeamSlugResolution,
+} from '@/core/server/actions/client'
+import { handleDefaultInfraError } from '@/core/server/actions/utils'
+import { l } from '@/core/shared/clients/logger/logger'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+
+const GetWebhooksSchema = z.object({
+  teamSlug: TeamSlugSchema,
+})
+
+const withWebhooksRepository = withTeamAuthedRequestRepository(
+  createWebhooksRepository,
+  (webhooksRepository) => ({ webhooksRepository })
+)
+
+export const getWebhooks = authActionClient
+  .schema(GetWebhooksSchema)
+  .metadata({ serverFunctionName: 'getWebhooks' })
+  .use(withTeamSlugResolution)
+  .use(withWebhooksRepository)
+  .action(async ({ ctx }) => {
+    const { session, teamId } = ctx
+
+    const result = await ctx.webhooksRepository.listWebhooks()
+
+    if (!result.ok) {
+      const status = result.error.status
+      l.error(
+        {
+          key: 'get_webhooks:infra_error',
+          status,
+          error: result.error,
+          team_id: teamId,
+          user_id: session.user.id,
+        },
+        `Failed to get webhooks: ${status}: ${result.error.message}`
+      )
+
+      return handleDefaultInfraError(status, result.error)
+    }
+
+    return { webhooks: result.data }
+  })
diff --git a/src/server/webhooks/schema.ts b/src/core/server/functions/webhooks/schema.ts
similarity index 88%
rename from src/server/webhooks/schema.ts
rename to src/core/server/functions/webhooks/schema.ts
index eda667cb7..5d61057d1 100644
--- a/src/server/webhooks/schema.ts
+++ b/src/core/server/functions/webhooks/schema.ts
@@ -1,5 +1,5 @@
 import { z } from 'zod'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
 
 const WebhookUrlSchema = z.httpUrl('Must be a valid URL').trim()
 const WebhookSecretSchema = z
@@ -9,7 +9,7 @@ const WebhookSecretSchema = z
 
 export const UpsertWebhookSchema = z
   .object({
-    teamIdOrSlug: TeamIdOrSlugSchema,
+    teamSlug: TeamSlugSchema,
     mode: z.enum(['add', 'edit']),
     webhookId: z.uuid().optional(),
     name: z.string().min(1, 'Name is required').trim(),
@@ -33,12 +33,12 @@ export const UpsertWebhookSchema = z
   )
 
 export const DeleteWebhookSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
+  teamSlug: TeamSlugSchema,
   webhookId: z.uuid(),
 })
 
 export const UpdateWebhookSecretSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
+  teamSlug: TeamSlugSchema,
   webhookId: z.uuid(),
   signatureSecret: WebhookSecretSchema,
 })
diff --git a/src/server/proxy.ts b/src/core/server/http/proxy.ts
similarity index 100%
rename from src/server/proxy.ts
rename to src/core/server/http/proxy.ts
diff --git a/src/server/api/init.ts b/src/core/server/trpc/init.ts
similarity index 80%
rename from src/server/api/init.ts
rename to src/core/server/trpc/init.ts
index 44f9523dc..016d01b65 100644
--- a/src/server/api/init.ts
+++ b/src/core/server/trpc/init.ts
@@ -1,3 +1,4 @@
+import type { Session, User } from '@supabase/supabase-js'
 import { initTRPC } from '@trpc/server'
 import superjson from 'superjson'
 import { flattenError, ZodError } from 'zod'
@@ -10,6 +11,9 @@ import { flattenError, ZodError } from 'zod'
 export const createTRPCContext = async (opts: { headers: Headers }) => {
   return {
     ...opts,
+    session: undefined as Session | undefined,
+    user: undefined as User | undefined,
+    teamId: undefined as string | undefined,
   }
 }
 
diff --git a/src/server/api/procedures.ts b/src/core/server/trpc/procedures.ts
similarity index 66%
rename from src/server/api/procedures.ts
rename to src/core/server/trpc/procedures.ts
index e95e777b9..94c03bb09 100644
--- a/src/server/api/procedures.ts
+++ b/src/core/server/trpc/procedures.ts
@@ -1,16 +1,15 @@
 import { context, SpanStatusCode, trace } from '@opentelemetry/api'
 import z from 'zod'
-import { getTracer } from '@/lib/clients/tracer'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import checkUserTeamAuthCached from '../auth/check-user-team-auth-cached'
-import { getTeamIdFromSegment } from '../team/get-team-id-from-segment'
-import { forbiddenTeamAccessError } from './errors'
-import { t } from './init'
-import { authMiddleware } from './middlewares/auth'
+import { forbiddenTeamAccessError } from '@/core/server/adapters/errors'
+import { authMiddleware } from '@/core/server/api/middlewares/auth'
 import {
   endTelemetryMiddleware,
   startTelemetryMiddleware,
-} from './middlewares/telemetry'
+} from '@/core/server/api/middlewares/telemetry'
+import { getTeamIdFromSlug } from '@/core/server/functions/team/get-team-id-from-slug'
+import { getTracer } from '@/core/shared/clients/tracer'
+import { TeamSlugSchema } from '@/core/shared/schemas/team'
+import { t } from './init'
 
 /**
  * IMPORTANT: Telemetry Middleware Usage
@@ -56,7 +55,7 @@ export const protectedProcedure = t.procedure
 /**
  * Protected Team Procedure
  *
- * Used to create protected routes that require authentication and a team authorization, via teamIdOrSlug.
+ * Used to create protected routes that require authentication and a team authorization, via teamSlug.
  *
  */
 export const protectedTeamProcedure = t.procedure
@@ -64,7 +63,7 @@ export const protectedTeamProcedure = t.procedure
   .use(authMiddleware)
   .input(
     z.object({
-      teamIdOrSlug: TeamIdOrSlugSchema,
+      teamSlug: TeamSlugSchema,
     })
   )
   .use(async ({ ctx, next, input }) => {
@@ -76,31 +75,17 @@ export const protectedTeamProcedure = t.procedure
       const teamId = await context.with(
         trace.setSpan(context.active(), span),
         async () => {
-          return await getTeamIdFromSegment(input.teamIdOrSlug)
+          return await getTeamIdFromSlug(
+            input.teamSlug,
+            ctx.session.access_token
+          )
         }
       )
 
       if (!teamId) {
         span.setStatus({
           code: SpanStatusCode.ERROR,
-          message: `teamId not found for teamIdOrSlug (${input.teamIdOrSlug})`,
-        })
-
-        // the actual error should be 400, but we want to prevent leaking information to bad actors
-        throw forbiddenTeamAccessError()
-      }
-
-      const isAuthorized = await context.with(
-        trace.setSpan(context.active(), span),
-        async () => {
-          return await checkUserTeamAuthCached(ctx.user.id, teamId)
-        }
-      )
-
-      if (!isAuthorized) {
-        span.setStatus({
-          code: SpanStatusCode.ERROR,
-          message: `user (${ctx.user.id}) not authorized to access team (${teamId})`,
+          message: `teamId not found for teamSlug (${input.teamSlug})`,
         })
 
         throw forbiddenTeamAccessError()
diff --git a/src/lib/clients/api.ts b/src/core/shared/clients/api.ts
similarity index 80%
rename from src/lib/clients/api.ts
rename to src/core/shared/clients/api.ts
index 60b906e96..181446a68 100644
--- a/src/lib/clients/api.ts
+++ b/src/core/shared/clients/api.ts
@@ -1,7 +1,7 @@
 import createClient from 'openapi-fetch'
-import type { paths as ArgusPaths } from '@/types/argus-api.types'
-import type { paths as DashboardPaths } from '@/types/dashboard-api.types'
-import type { paths as InfraPaths } from '@/types/infra-api.types'
+import type { paths as ArgusPaths } from '@/core/shared/contracts/argus-api.types'
+import type { paths as DashboardPaths } from '@/core/shared/contracts/dashboard-api.types'
+import type { paths as InfraPaths } from '@/core/shared/contracts/infra-api.types'
 
 type CombinedPaths = InfraPaths & ArgusPaths
 
diff --git a/src/lib/clients/kv.ts b/src/core/shared/clients/kv.ts
similarity index 100%
rename from src/lib/clients/kv.ts
rename to src/core/shared/clients/kv.ts
diff --git a/src/lib/clients/logger/logger.node.ts b/src/core/shared/clients/logger/logger.node.ts
similarity index 100%
rename from src/lib/clients/logger/logger.node.ts
rename to src/core/shared/clients/logger/logger.node.ts
diff --git a/src/lib/clients/logger/logger.ts b/src/core/shared/clients/logger/logger.ts
similarity index 62%
rename from src/lib/clients/logger/logger.ts
rename to src/core/shared/clients/logger/logger.ts
index 8bbe83528..4ed1f8f0e 100644
--- a/src/lib/clients/logger/logger.ts
+++ b/src/core/shared/clients/logger/logger.ts
@@ -1,48 +1,21 @@
-/**
- * Universal logger that picks the correct implementation for the current runtime
- * (Node, Edge, Browser) and exposes an API compatible with `pino`.
- *
- * In Node & Browser we return the real pino instance.
- * In Edge we fall back to the minimal JSON logger implemented in `logger.edge.ts`.
- */
-
 import pino, { type Logger } from 'pino'
-import type { ErrorObject } from 'serialize-error'
+import { type ErrorObject, serializeError } from 'serialize-error'
 
-/**
- * Represents platform-specific metadata that can be included in logs.
- * These are top-level properties that provide structured metadata for log filtering and analysis.
- */
 interface PlatformContextKeys {
-  /** Identifier for the team */
   team_id?: string
-  /** Identifier for the user */
   user_id?: string
-  /** Identifier for the sandbox */
-
   sandbox_id?: string
-  /** Identifier for the template */
   template_id?: string
 }
 
-/**
- * Context data structure for logging entries.
- * Extends platform-specific metadata with additional fields.
- */
 interface ILoggerContext extends Record<string, unknown>, PlatformContextKeys {
-  /** Key to help identify log entry in-code */
   key: string
-
-  /** Should contain Error */
   error?: ErrorObject | unknown
-
-  /** Should contain context around the log */
   context?: Record<string, unknown>
 }
 
 interface ILogger {
   child(bindings: Record<string, unknown>): Logger
-
   fatal(context: ILoggerContext, message?: string, ...args: unknown[]): void
   error(context: ILoggerContext, message?: string, ...args: unknown[]): void
   warn(context: ILoggerContext, message?: string, ...args: unknown[]): void
@@ -75,6 +48,34 @@ const REDACTION_PATHS = [
   '*.*.key',
 ]
 
+const stripStackFields = (
+  value: unknown,
+  seen = new WeakSet<object>()
+): unknown => {
+  if (Array.isArray(value)) {
+    return value.map((item) => stripStackFields(item, seen))
+  }
+
+  if (typeof value !== 'object' || value === null) {
+    return value
+  }
+
+  if (seen.has(value)) {
+    return '[Circular]'
+  }
+
+  seen.add(value)
+
+  const entries = Object.entries(value).filter(([key]) => key !== 'stack')
+
+  return Object.fromEntries(
+    entries.map(([key, item]) => [key, stripStackFields(item, seen)])
+  )
+}
+
+export const serializeErrorForLog = (error: unknown): ErrorObject | unknown =>
+  stripStackFields(serializeError(error)) as ErrorObject
+
 const createLogger = () => {
   const baseConfig = {
     redact: {
@@ -88,6 +89,5 @@ const createLogger = () => {
 }
 
 export const logger: ILogger = createLogger()
-
 export const l = logger
 export default logger
diff --git a/src/lib/clients/meter.ts b/src/core/shared/clients/meter.ts
similarity index 100%
rename from src/lib/clients/meter.ts
rename to src/core/shared/clients/meter.ts
diff --git a/src/lib/clients/storage.ts b/src/core/shared/clients/storage.ts
similarity index 67%
rename from src/lib/clients/storage.ts
rename to src/core/shared/clients/storage.ts
index 91618c883..a33877528 100644
--- a/src/lib/clients/storage.ts
+++ b/src/core/shared/clients/storage.ts
@@ -2,19 +2,12 @@ import type { FileObject } from '@supabase/storage-js'
 import { STORAGE_BUCKET_NAME } from '@/configs/storage'
 import { supabaseAdmin } from './supabase/admin'
 
-/**
- * Upload a file to Supabase Storage
- * @param fileBuffer - The file buffer to upload
- * @param destination - The destination path in the bucket
- * @param contentType - The content type of the file
- * @returns The public URL of the uploaded file
- */
 export async function uploadFile(
   fileBuffer: Buffer,
   destination: string,
   contentType: string
 ): Promise<string> {
-  const { data, error } = await supabaseAdmin.storage
+  const { error } = await supabaseAdmin.storage
     .from(STORAGE_BUCKET_NAME)
     .upload(destination, fileBuffer, {
       contentType,
@@ -33,11 +26,6 @@ export async function uploadFile(
   return urlData.publicUrl
 }
 
-/**
- * Get a list of files from Supabase Storage
- * @param folderPath - The path of the folder in the bucket
- * @returns The list of files
- */
 export async function getFiles(folderPath: string): Promise<FileObject[]> {
   const { data, error } = await supabaseAdmin.storage
     .from(STORAGE_BUCKET_NAME)
@@ -51,10 +39,7 @@ export async function getFiles(folderPath: string): Promise<FileObject[]> {
 
   return data
 }
-/**
- * Delete a file from Supabase Storage
- * @param filePath - The path of the file in the bucket
- */
+
 export async function deleteFile(filePath: string): Promise<void> {
   const { error } = await supabaseAdmin.storage
     .from(STORAGE_BUCKET_NAME)
@@ -65,12 +50,6 @@ export async function deleteFile(filePath: string): Promise<void> {
   }
 }
 
-/**
- * Get a signed URL for a file (for temporary access)
- * @param filePath - The path of the file in the bucket
- * @param expiresInMinutes - How long the URL should be valid for (in minutes)
- * @returns The signed URL
- */
 export async function getSignedUrl(
   filePath: string,
   expiresInMinutes = 15
diff --git a/src/lib/clients/supabase/admin.ts b/src/core/shared/clients/supabase/admin.ts
similarity index 81%
rename from src/lib/clients/supabase/admin.ts
rename to src/core/shared/clients/supabase/admin.ts
index 08df51274..0d9b8a887 100644
--- a/src/lib/clients/supabase/admin.ts
+++ b/src/core/shared/clients/supabase/admin.ts
@@ -1,7 +1,7 @@
 import 'server-cli-only'
 
 import { createClient } from '@supabase/supabase-js'
-import type { Database } from '@/types/database.types'
+import type { Database } from '@/core/shared/contracts/database.types'
 
 export const supabaseAdmin = createClient<Database>(
   process.env.NEXT_PUBLIC_SUPABASE_URL,
diff --git a/src/lib/clients/supabase/client.ts b/src/core/shared/clients/supabase/client.ts
similarity index 74%
rename from src/lib/clients/supabase/client.ts
rename to src/core/shared/clients/supabase/client.ts
index fad5b74c2..565be79c4 100644
--- a/src/lib/clients/supabase/client.ts
+++ b/src/core/shared/clients/supabase/client.ts
@@ -1,7 +1,7 @@
 'use client'
 
 import { createBrowserClient } from '@supabase/ssr'
-import type { Database } from '@/types/database.types'
+import type { Database } from '@/core/shared/contracts/database.types'
 
 export const supabase = createBrowserClient<Database>(
   process.env.NEXT_PUBLIC_SUPABASE_URL,
diff --git a/src/lib/clients/supabase/server.ts b/src/core/shared/clients/supabase/server.ts
similarity index 69%
rename from src/lib/clients/supabase/server.ts
rename to src/core/shared/clients/supabase/server.ts
index a1a9fe844..d82092614 100644
--- a/src/lib/clients/supabase/server.ts
+++ b/src/core/shared/clients/supabase/server.ts
@@ -1,6 +1,6 @@
 import { createServerClient } from '@supabase/ssr'
 import { cookies } from 'next/headers'
-import type { Database } from '@/types/database.types'
+import type { Database } from '@/core/shared/contracts/database.types'
 
 export const createClient = async () => {
   const cookieStore = await cookies()
@@ -18,11 +18,7 @@ export const createClient = async () => {
             cookiesToSet.forEach(({ name, value, options }) => {
               cookieStore.set(name, value, options)
             })
-          } catch (error) {
-            // The `set` method was called from a Server Component.
-            // This can be ignored since we have middleware refreshing
-            // user sessions.
-          }
+          } catch (_error) {}
         },
       },
     }
diff --git a/src/lib/clients/tracer.ts b/src/core/shared/clients/tracer.ts
similarity index 100%
rename from src/lib/clients/tracer.ts
rename to src/core/shared/clients/tracer.ts
diff --git a/src/types/argus-api.types.ts b/src/core/shared/contracts/argus-api.types.ts
similarity index 100%
rename from src/types/argus-api.types.ts
rename to src/core/shared/contracts/argus-api.types.ts
diff --git a/src/types/dashboard-api.types.ts b/src/core/shared/contracts/dashboard-api.types.ts
similarity index 100%
rename from src/types/dashboard-api.types.ts
rename to src/core/shared/contracts/dashboard-api.types.ts
diff --git a/src/types/database.types.ts b/src/core/shared/contracts/database.types.ts
similarity index 100%
rename from src/types/database.types.ts
rename to src/core/shared/contracts/database.types.ts
diff --git a/src/types/infra-api.types.ts b/src/core/shared/contracts/infra-api.types.ts
similarity index 100%
rename from src/types/infra-api.types.ts
rename to src/core/shared/contracts/infra-api.types.ts
diff --git a/src/core/shared/errors.ts b/src/core/shared/errors.ts
new file mode 100644
index 000000000..23f0566e1
--- /dev/null
+++ b/src/core/shared/errors.ts
@@ -0,0 +1,135 @@
+import type { RepoError, RepoErrorCode } from './result'
+
+export const PUBLIC_ERROR_MESSAGE_UNAUTHORIZED = 'Unauthorized'
+export const PUBLIC_ERROR_MESSAGE_FORBIDDEN =
+  'You are not authorized to access this resource'
+export const PUBLIC_ERROR_MESSAGE_FORBIDDEN_TEAM =
+  'You are not authorized to access this team'
+export const PUBLIC_ERROR_MESSAGE_UNAUTHENTICATED = 'User not authenticated'
+export const PUBLIC_ERROR_MESSAGE_INTERNAL =
+  'An Unexpected Error Occurred, please try again. If the problem persists, please contact support.'
+
+export type E2BErrorCode =
+  | 'UNAUTHENTICATED'
+  | 'UNAUTHORIZED'
+  | 'INVALID_PARAMETERS'
+  | 'INTERNAL_SERVER_ERROR'
+  | 'API_ERROR'
+  | 'UNKNOWN'
+  | string
+
+export class E2BError extends Error {
+  public code: E2BErrorCode
+
+  constructor(code: E2BErrorCode, message: string) {
+    super(message)
+    this.name = 'E2BError'
+    this.code = code
+  }
+}
+
+export const UnauthenticatedError = () =>
+  new E2BError('UNAUTHENTICATED', PUBLIC_ERROR_MESSAGE_UNAUTHENTICATED)
+
+export const UnauthorizedError = (message: string) =>
+  new E2BError('UNAUTHORIZED', message)
+
+export const InvalidApiKeyError = (message: string) =>
+  new E2BError('INVALID_API_KEY', message)
+
+export const InvalidParametersError = (message: string) =>
+  new E2BError('INVALID_PARAMETERS', message)
+
+export const ApiError = (message: string) => new E2BError('API_ERROR', message)
+
+export const UnknownError = (message?: string) =>
+  new E2BError('UNKNOWN', message ?? PUBLIC_ERROR_MESSAGE_INTERNAL)
+
+export function createRepoError(input: {
+  code: RepoErrorCode
+  status: number
+  message: string
+  cause?: unknown
+}): RepoError {
+  return {
+    code: input.code,
+    status: input.status,
+    message: input.message,
+    cause: input.cause,
+  }
+}
+
+export function getPublicErrorMessage(input: {
+  code?: RepoErrorCode | string
+  status?: number
+}): string {
+  const { code, status } = input
+
+  if (code === 'unauthorized' || status === 401)
+    return PUBLIC_ERROR_MESSAGE_UNAUTHORIZED
+  if (code === 'forbidden' || status === 403)
+    return PUBLIC_ERROR_MESSAGE_FORBIDDEN
+  if (
+    code === 'internal' ||
+    code === 'unavailable' ||
+    (status !== undefined && status >= 500)
+  )
+    return PUBLIC_ERROR_MESSAGE_INTERNAL
+
+  return PUBLIC_ERROR_MESSAGE_INTERNAL
+}
+
+export function getPublicRepoErrorMessage(error: RepoError): string {
+  switch (error.code) {
+    case 'not_found':
+    case 'validation':
+    case 'conflict':
+      return error.message
+    default:
+      return getPublicErrorMessage({ code: error.code, status: error.status })
+  }
+}
+
+export function repoErrorFromHttp(
+  status: number,
+  message: string,
+  cause?: unknown
+): RepoError {
+  switch (status) {
+    case 401:
+      return createRepoError({
+        code: 'unauthorized',
+        status,
+        message,
+        cause,
+      })
+    case 403:
+      return createRepoError({
+        code: 'forbidden',
+        status,
+        message,
+        cause,
+      })
+    case 404:
+      return createRepoError({
+        code: 'not_found',
+        status,
+        message,
+        cause,
+      })
+    case 409:
+      return createRepoError({
+        code: 'conflict',
+        status,
+        message,
+        cause,
+      })
+    default:
+      return createRepoError({
+        code: status >= 500 ? 'unavailable' : 'internal',
+        status,
+        message,
+        cause,
+      })
+  }
+}
diff --git a/src/core/shared/repository-scope.ts b/src/core/shared/repository-scope.ts
new file mode 100644
index 000000000..03af7669e
--- /dev/null
+++ b/src/core/shared/repository-scope.ts
@@ -0,0 +1,7 @@
+export interface RequestScope {
+  accessToken: string
+}
+
+export interface TeamRequestScope extends RequestScope {
+  teamId: string
+}
diff --git a/src/core/shared/result.ts b/src/core/shared/result.ts
new file mode 100644
index 000000000..ea022443e
--- /dev/null
+++ b/src/core/shared/result.ts
@@ -0,0 +1,37 @@
+export type RepoResult<T, E = RepoError> =
+  | {
+      ok: true
+      data: T
+      error?: undefined
+    }
+  | {
+      ok: false
+      data?: undefined
+      error: E
+    }
+
+export type RepoErrorCode =
+  | 'unauthorized'
+  | 'forbidden'
+  | 'not_found'
+  | 'validation'
+  | 'conflict'
+  | 'internal'
+  | 'unavailable'
+
+export type RepoError = {
+  code: RepoErrorCode
+  status: number
+  message: string
+  cause?: unknown
+}
+
+export const ok = <T>(data: T): RepoResult<T> => ({
+  ok: true,
+  data,
+})
+
+export const err = <E = RepoError>(error: E): RepoResult<never, E> => ({
+  ok: false,
+  error,
+})
diff --git a/src/core/shared/schemas/api.ts b/src/core/shared/schemas/api.ts
new file mode 100644
index 000000000..0440ef1b1
--- /dev/null
+++ b/src/core/shared/schemas/api.ts
@@ -0,0 +1,7 @@
+import z from 'zod'
+
+export const SandboxIdSchema = z
+  .string()
+  .min(1, 'Sandbox ID is required')
+  .max(100, 'Sandbox ID too long')
+  .regex(/^[a-z0-9]+$/, 'Invalid sandbox ID format')
diff --git a/src/core/shared/schemas/team.ts b/src/core/shared/schemas/team.ts
new file mode 100644
index 000000000..45a4beb53
--- /dev/null
+++ b/src/core/shared/schemas/team.ts
@@ -0,0 +1,3 @@
+import { z } from 'zod'
+
+export const TeamSlugSchema = z.string().trim().min(1)
diff --git a/src/lib/schemas/url.ts b/src/core/shared/schemas/url.ts
similarity index 100%
rename from src/lib/schemas/url.ts
rename to src/core/shared/schemas/url.ts
diff --git a/src/features/auth/oauth-provider-buttons.tsx b/src/features/auth/oauth-provider-buttons.tsx
index b6f4e4896..a7fd7855d 100644
--- a/src/features/auth/oauth-provider-buttons.tsx
+++ b/src/features/auth/oauth-provider-buttons.tsx
@@ -2,7 +2,7 @@
 
 import { useSearchParams } from 'next/navigation'
 import { useAction } from 'next-safe-action/hooks'
-import { signInWithOAuthAction } from '@/server/auth/auth-actions'
+import { signInWithOAuthAction } from '@/core/server/actions/auth-actions'
 import { Button } from '@/ui/primitives/button'
 
 export function OAuthProviders() {
diff --git a/src/features/dashboard/account/email-settings.tsx b/src/features/dashboard/account/email-settings.tsx
index 0bf3bee9c..af10e9441 100644
--- a/src/features/dashboard/account/email-settings.tsx
+++ b/src/features/dashboard/account/email-settings.tsx
@@ -7,6 +7,7 @@ import { useEffect, useMemo } from 'react'
 import { useForm } from 'react-hook-form'
 import { z } from 'zod'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { updateUserAction } from '@/core/server/actions/user-actions'
 import {
   defaultErrorToast,
   defaultSuccessToast,
@@ -14,7 +15,6 @@ import {
 } from '@/lib/hooks/use-toast'
 import { cn } from '@/lib/utils'
 import { getUserProviders } from '@/lib/utils/auth'
-import { updateUserAction } from '@/server/user/user-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Card,
diff --git a/src/features/dashboard/account/name-settings.tsx b/src/features/dashboard/account/name-settings.tsx
index 92f4818cf..95307e129 100644
--- a/src/features/dashboard/account/name-settings.tsx
+++ b/src/features/dashboard/account/name-settings.tsx
@@ -5,13 +5,13 @@ import { useAction } from 'next-safe-action/hooks'
 import { useForm } from 'react-hook-form'
 import { z } from 'zod'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { updateUserAction } from '@/core/server/actions/user-actions'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   useToast,
 } from '@/lib/hooks/use-toast'
 import { cn } from '@/lib/utils'
-import { updateUserAction } from '@/server/user/user-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Card,
diff --git a/src/features/dashboard/account/password-settings-server.tsx b/src/features/dashboard/account/password-settings-server.tsx
index ea74e0227..a92c9e2f8 100644
--- a/src/features/dashboard/account/password-settings-server.tsx
+++ b/src/features/dashboard/account/password-settings-server.tsx
@@ -1,4 +1,4 @@
-import type { AccountPageSearchParams } from '@/app/dashboard/[teamIdOrSlug]/account/page'
+import type { AccountPageSearchParams } from '@/app/dashboard/[teamSlug]/account/page'
 import { PasswordSettings } from './password-settings'
 
 interface PasswordSettingsServerProps {
diff --git a/src/features/dashboard/account/password-settings.tsx b/src/features/dashboard/account/password-settings.tsx
index 4b54f6943..8884ab479 100644
--- a/src/features/dashboard/account/password-settings.tsx
+++ b/src/features/dashboard/account/password-settings.tsx
@@ -6,6 +6,7 @@ import { useEffect, useMemo, useState } from 'react'
 import { useForm } from 'react-hook-form'
 import { z } from 'zod'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { updateUserAction } from '@/core/server/actions/user-actions'
 import {
   defaultErrorToast,
   defaultSuccessToast,
@@ -13,7 +14,6 @@ import {
 } from '@/lib/hooks/use-toast'
 import { cn } from '@/lib/utils'
 import { getUserProviders } from '@/lib/utils/auth'
-import { updateUserAction } from '@/server/user/user-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Card,
diff --git a/src/features/dashboard/account/reauth-dialog.tsx b/src/features/dashboard/account/reauth-dialog.tsx
index 810114dc0..37c0a0f4e 100644
--- a/src/features/dashboard/account/reauth-dialog.tsx
+++ b/src/features/dashboard/account/reauth-dialog.tsx
@@ -1,7 +1,7 @@
 'use client'
 
 import { PROTECTED_URLS } from '@/configs/urls'
-import { signOutAction } from '@/server/auth/auth-actions'
+import { signOutAction } from '@/core/server/actions/auth-actions'
 import { AlertDialog } from '@/ui/alert-dialog'
 
 interface ReauthDialogProps {
diff --git a/src/features/dashboard/account/user-access-token.tsx b/src/features/dashboard/account/user-access-token.tsx
index 159c0d405..e95070e22 100644
--- a/src/features/dashboard/account/user-access-token.tsx
+++ b/src/features/dashboard/account/user-access-token.tsx
@@ -3,8 +3,8 @@
 import { Eye, EyeOff } from 'lucide-react'
 import { useAction } from 'next-safe-action/hooks'
 import { useState } from 'react'
+import { getUserAccessTokenAction } from '@/core/server/actions/user-actions'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
-import { getUserAccessTokenAction } from '@/server/user/user-actions'
 import CopyButton from '@/ui/copy-button'
 import { Button } from '@/ui/primitives/button'
 import { Input } from '@/ui/primitives/input'
diff --git a/src/features/dashboard/billing/addons.tsx b/src/features/dashboard/billing/addons.tsx
index f67873ca5..eb12e5f6c 100644
--- a/src/features/dashboard/billing/addons.tsx
+++ b/src/features/dashboard/billing/addons.tsx
@@ -4,11 +4,11 @@ import { useMutation } from '@tanstack/react-query'
 import Link from 'next/link'
 import { useState } from 'react'
 import { PROTECTED_URLS } from '@/configs/urls'
+import type { AddonInfo } from '@/core/modules/billing/models'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
 import { formatCurrency } from '@/lib/utils/formatting'
 import { useTRPC } from '@/trpc/client'
-import type { AddonInfo } from '@/types/billing.types'
 import HelpTooltip from '@/ui/help-tooltip'
 import { Badge } from '@/ui/primitives/badge'
 import { Button } from '@/ui/primitives/button'
@@ -19,7 +19,7 @@ import { Skeleton } from '@/ui/primitives/skeleton'
 import { useDashboard } from '../context'
 import { ConcurrentSandboxAddOnPurchaseDialog } from './concurrent-sandboxes-addon-dialog'
 import { ADDON_500_SANDBOXES_ID, TIER_PRO_ID } from './constants'
-import { useBillingItems, useTeamLimits } from './hooks'
+import { useBillingItems } from './hooks'
 import { formatAddonQuantity } from './utils'
 
 interface AddonItemProps {
@@ -164,8 +164,7 @@ function AddonsLoading() {
 }
 
 function AddonsUpgradePlaceholder() {
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/billing/plan'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing/plan'>()
 
   return (
     <div className="flex flex-col">
@@ -175,7 +174,7 @@ function AddonsUpgradePlaceholder() {
           Upgrade to Pro to purchase add-ons for higher concurrency limits.
         </p>
         <Button variant="default" className="w-full sm:w-auto" asChild>
-          <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamIdOrSlug)}>
+          <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamSlug)}>
             <UpgradeIcon className="size-4" />
             Upgrade to Pro
           </Link>
@@ -188,13 +187,11 @@ function AddonsUpgradePlaceholder() {
 export default function Addons() {
   const { team } = useDashboard()
   const { toast } = useToast()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/billing/plan'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing/plan'>()
   const trpc = useTRPC()
   const [isDialogOpen, setIsDialogOpen] = useState(false)
   const { tierData, addonData, isLoading } = useBillingItems()
-  const { teamLimits } = useTeamLimits()
-  const currentConcurrentSandboxesLimit = teamLimits?.concurrentInstances ?? 0
+  const currentConcurrentSandboxesLimit = team.limits.concurrentSandboxes
 
   const selectedTierId = tierData?.selected?.id
   const currentAddon = addonData?.current
@@ -217,7 +214,7 @@ export default function Addons() {
     if (!team) return
 
     createOrderMutation.mutate({
-      teamIdOrSlug,
+      teamSlug,
       itemId: ADDON_500_SANDBOXES_ID,
     })
   }
diff --git a/src/features/dashboard/billing/concurrent-sandboxes-addon-dialog.tsx b/src/features/dashboard/billing/concurrent-sandboxes-addon-dialog.tsx
index 17a41935a..06eaed682 100644
--- a/src/features/dashboard/billing/concurrent-sandboxes-addon-dialog.tsx
+++ b/src/features/dashboard/billing/concurrent-sandboxes-addon-dialog.tsx
@@ -15,6 +15,7 @@ import {
 } from 'lucide-react'
 import { useRouter } from 'next/navigation'
 import { useState } from 'react'
+import { DASHBOARD_TEAMS_LIST_QUERY_OPTIONS } from '@/core/application/teams/queries'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
 import { useTRPC } from '@/trpc/client'
@@ -59,8 +60,7 @@ function DialogContent_Inner({
 }: Omit<ConcurrentSandboxAddOnPurchaseDialogProps, 'open'>) {
   const { team } = useDashboard()
   const { toast } = useToast()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/billing/plan'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing/plan'>()
   const trpc = useTRPC()
   const queryClient = useQueryClient()
   const [showPaymentForm, setShowPaymentForm] = useState(false)
@@ -89,20 +89,21 @@ function DialogContent_Inner({
     if (!team) return
     setClientSecret(clientSecret)
     setShowPaymentForm(true)
-    customerSessionMutation.mutate({ teamIdOrSlug })
+    customerSessionMutation.mutate({ teamSlug })
   }
 
   const itemsQueryKey = trpc.billing.getItems.queryOptions({
-    teamIdOrSlug,
-  }).queryKey
-  const teamLimitsQueryKey = trpc.billing.getTeamLimits.queryOptions({
-    teamIdOrSlug,
+    teamSlug,
   }).queryKey
+  const teamListQueryKey = trpc.teams.list.queryOptions(
+    undefined,
+    DASHBOARD_TEAMS_LIST_QUERY_OPTIONS
+  ).queryKey
 
   const { confirmPayment, isConfirming } = usePaymentConfirmation({
     onSuccess: () => {
       queryClient.invalidateQueries({ queryKey: itemsQueryKey })
-      queryClient.invalidateQueries({ queryKey: teamLimitsQueryKey })
+      queryClient.invalidateQueries({ queryKey: teamListQueryKey })
       onOpenChange(false)
     },
     onFallbackToPaymentElement: handleSwitchToPaymentElement,
@@ -135,7 +136,7 @@ function DialogContent_Inner({
   const handlePurchase = () => {
     if (!team) return
 
-    confirmOrderMutation.mutate({ teamIdOrSlug, orderId })
+    confirmOrderMutation.mutate({ teamSlug, orderId })
   }
 
   const limitIncreaseText = currentConcurrentSandboxesLimit ? (
diff --git a/src/features/dashboard/billing/hooks.ts b/src/features/dashboard/billing/hooks.ts
index a6a413327..de0d1f4c4 100644
--- a/src/features/dashboard/billing/hooks.ts
+++ b/src/features/dashboard/billing/hooks.ts
@@ -264,11 +264,11 @@ export function usePaymentConfirmation({
 export { stripePromise }
 
 export function useBillingItems() {
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/billing'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing'>()
   const trpc = useTRPC()
 
   const { data: items, isLoading } = useQuery({
-    ...trpc.billing.getItems.queryOptions({ teamIdOrSlug }),
+    ...trpc.billing.getItems.queryOptions({ teamSlug }),
     throwOnError: true,
   })
 
@@ -287,11 +287,11 @@ export function useBillingItems() {
 }
 
 export function useUsage() {
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/billing'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing'>()
   const trpc = useTRPC()
 
   const { data: usage, isLoading } = useQuery({
-    ...trpc.billing.getUsage.queryOptions({ teamIdOrSlug }),
+    ...trpc.billing.getUsage.queryOptions({ teamSlug }),
     throwOnError: true,
   })
 
@@ -303,14 +303,14 @@ export function useUsage() {
 }
 
 export function useInvoices() {
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/billing'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing'>()
   const trpc = useTRPC()
 
   const {
     data: invoices,
     isLoading,
     error,
-  } = useQuery(trpc.billing.getInvoices.queryOptions({ teamIdOrSlug }))
+  } = useQuery(trpc.billing.getInvoices.queryOptions({ teamSlug }))
 
   return {
     invoices,
@@ -318,18 +318,3 @@ export function useInvoices() {
     error,
   }
 }
-
-export function useTeamLimits() {
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/billing'>()
-  const trpc = useTRPC()
-
-  const { data: teamLimits, isLoading } = useQuery({
-    ...trpc.billing.getTeamLimits.queryOptions({ teamIdOrSlug }),
-    throwOnError: true,
-  })
-
-  return {
-    teamLimits,
-    isLoading,
-  }
-}
diff --git a/src/features/dashboard/billing/select-plan.tsx b/src/features/dashboard/billing/select-plan.tsx
index e6b3f6de9..0b243cde9 100644
--- a/src/features/dashboard/billing/select-plan.tsx
+++ b/src/features/dashboard/billing/select-plan.tsx
@@ -2,11 +2,12 @@
 
 import { useMutation } from '@tanstack/react-query'
 import { useRouter } from 'next/navigation'
+import type { TierInfo } from '@/core/modules/billing/models'
+import { getTeamDisplayName } from '@/core/modules/teams/utils'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
 import { formatCurrency } from '@/lib/utils/formatting'
 import { useTRPC } from '@/trpc/client'
-import type { TierInfo } from '@/types/billing.types'
 import { Badge } from '@/ui/primitives/badge'
 import { Button } from '@/ui/primitives/button'
 import {
@@ -175,7 +176,7 @@ function PlanCard({
     ? formatCurrency(tier.price_cents / 100)
     : 'FREE'
 
-  const teamDisplayName = team.transformed_default_name || team.name
+  const teamDisplayName = getTeamDisplayName(team)
 
   const buttonVariant = isBaseTier ? 'outline' : 'default'
   const buttonText = isBaseTier ? 'Downgrade' : 'Upgrade'
@@ -240,8 +241,8 @@ function PlanCard({
 export default function SelectPlan() {
   const { toast } = useToast()
   const { tierData, isLoading } = useBillingItems()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/billing/plan/select'>()
+  const { teamSlug } =
+    useRouteParams<'/dashboard/[teamSlug]/billing/plan/select'>()
   const router = useRouter()
   const trpc = useTRPC()
 
@@ -273,11 +274,11 @@ export default function SelectPlan() {
     )
 
   const handleUpgrade = (tierId: string) => {
-    createCheckout({ teamIdOrSlug, tierId })
+    createCheckout({ teamSlug, tierId })
   }
 
   const handleDowngrade = () => {
-    openCustomerPortal({ teamIdOrSlug })
+    openCustomerPortal({ teamSlug })
   }
 
   const baseTier = tierData?.base
diff --git a/src/features/dashboard/billing/selected-plan.tsx b/src/features/dashboard/billing/selected-plan.tsx
index 4dba6cde9..33bb57bd5 100644
--- a/src/features/dashboard/billing/selected-plan.tsx
+++ b/src/features/dashboard/billing/selected-plan.tsx
@@ -4,10 +4,10 @@ import { useMutation } from '@tanstack/react-query'
 import Link from 'next/link'
 import { usePathname, useRouter } from 'next/navigation'
 import { PROTECTED_URLS } from '@/configs/urls'
+import type { TeamLimits } from '@/core/modules/teams/models'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
 import { formatCurrency } from '@/lib/utils/formatting'
-import type { TeamLimits } from '@/server/team/get-team-limits'
 import { useTRPC } from '@/trpc/client'
 import { Badge } from '@/ui/primitives/badge'
 import { Button } from '@/ui/primitives/button'
@@ -23,7 +23,8 @@ import {
 import { Label } from '@/ui/primitives/label'
 import { Separator } from '@/ui/primitives/separator'
 import { Skeleton } from '@/ui/primitives/skeleton'
-import { useBillingItems, useTeamLimits } from './hooks'
+import { useDashboard } from '../context'
+import { useBillingItems } from './hooks'
 import { TierAvatarBorder } from './tier-avatar-border'
 import type { BillingTierData } from './types'
 import { formatHours, formatMibToGb, formatTierDisplayName } from './utils'
@@ -34,15 +35,15 @@ function formatCpu(vcpu: number): string {
 
 export default function SelectedPlan() {
   const { tierData, isLoading: isBillingLoading } = useBillingItems()
-  const { teamLimits, isLoading: isLimitsLoading } = useTeamLimits()
-  const isLoading = isBillingLoading || isLimitsLoading
+  const { team } = useDashboard()
+  const isLoading = isBillingLoading
 
   return (
     <section className="flex gap-5">
       <PlanAvatar selectedTier={tierData?.selected} isLoading={isLoading} />
       <PlanDetails
         selectedTier={tierData?.selected}
-        teamLimits={teamLimits}
+        teamLimits={team.limits}
         isLoading={isLoading}
       />
     </section>
@@ -87,7 +88,7 @@ function PlanDetails({
   isLoading,
 }: PlanDetailsProps) {
   const isBaseTier = !selectedTier || selectedTier.id.includes('base')
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/billing'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/billing'>()
   const pathname = usePathname()
   const router = useRouter()
   const { toast } = useToast()
@@ -109,7 +110,7 @@ function PlanDetails({
     )
 
   const handleManagePayment = () => {
-    openCustomerPortal({ teamIdOrSlug })
+    openCustomerPortal({ teamSlug })
   }
 
   return (
@@ -120,7 +121,7 @@ function PlanDetails({
         <div className="flex items-center gap-2 flex-wrap">
           {isOnPlanPage ? (
             <Button variant="outline" asChild>
-              <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamIdOrSlug)}>
+              <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamSlug)}>
                 Change Plan
               </Link>
             </Button>
@@ -130,14 +131,14 @@ function PlanDetails({
             <>
               {isBaseTier ? (
                 <Button variant="default" asChild>
-                  <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamIdOrSlug)}>
+                  <Link href={PROTECTED_URLS.BILLING_PLAN_SELECT(teamSlug)}>
                     <UpgradeIcon className="size-4" />
                     Upgrade for higher concurrency
                   </Link>
                 </Button>
               ) : (
                 <Button variant="outline" asChild>
-                  <Link href={PROTECTED_URLS.BILLING_PLAN(teamIdOrSlug)}>
+                  <Link href={PROTECTED_URLS.BILLING_PLAN(teamSlug)}>
                     Manage plan & add-ons
                   </Link>
                 </Button>
@@ -213,7 +214,7 @@ function PlanFeatures({ teamLimits, isLoading }: PlanFeaturesProps) {
   const features = [
     {
       icon: <SandboxIcon className="size-4" />,
-      label: `${teamLimits.concurrentInstances} concurrent sandboxes`,
+      label: `${teamLimits.concurrentSandboxes} concurrent sandboxes`,
     },
     {
       icon: <TimeIcon className="size-4" />,
diff --git a/src/features/dashboard/billing/types.ts b/src/features/dashboard/billing/types.ts
index e94d5092d..45fd3d40e 100644
--- a/src/features/dashboard/billing/types.ts
+++ b/src/features/dashboard/billing/types.ts
@@ -1,5 +1,5 @@
-import type { TeamLimits } from '@/server/team/get-team-limits'
-import type { TeamItems } from '@/types/billing.types'
+import type { TeamItems } from '@/core/modules/billing/models'
+import type { TeamLimits } from '@/core/modules/teams/models'
 
 export interface BillingData {
   items: TeamItems
diff --git a/src/features/dashboard/billing/utils.ts b/src/features/dashboard/billing/utils.ts
index 7768efa4c..a0aaa4bed 100644
--- a/src/features/dashboard/billing/utils.ts
+++ b/src/features/dashboard/billing/utils.ts
@@ -1,5 +1,5 @@
-import { l } from '@/lib/clients/logger/logger'
-import type { TeamItems } from '@/types/billing.types'
+import type { TeamItems } from '@/core/modules/billing/models'
+import { l } from '@/core/shared/clients/logger/logger'
 import { ADDON_500_SANDBOXES_ID, TIER_BASE_ID, TIER_PRO_ID } from './constants'
 import type { BillingAddonData, BillingTierData } from './types'
 
diff --git a/src/features/dashboard/build/build-logs-store.ts b/src/features/dashboard/build/build-logs-store.ts
index a479ab184..9d5b72d10 100644
--- a/src/features/dashboard/build/build-logs-store.ts
+++ b/src/features/dashboard/build/build-logs-store.ts
@@ -2,7 +2,7 @@
 
 import { create } from 'zustand'
 import { immer } from 'zustand/middleware/immer'
-import type { BuildLogDTO } from '@/server/api/models/builds.models'
+import type { BuildLogModel } from '@/core/modules/builds/models'
 import type { useTRPCClient } from '@/trpc/client'
 import {
   countLeadingAtTimestamp,
@@ -15,7 +15,7 @@ import type { LogLevelFilter } from './logs-filter-params'
 const EMPTY_INIT_FORWARD_LOOKBACK_MS = 5_000
 
 interface BuildLogsParams {
-  teamIdOrSlug: string
+  teamSlug: string
   templateId: string
   buildId: string
 }
@@ -23,7 +23,7 @@ interface BuildLogsParams {
 type TRPCClient = ReturnType<typeof useTRPCClient>
 
 interface BuildLogsState {
-  logs: BuildLogDTO[]
+  logs: BuildLogModel[]
   hasMoreBackwards: boolean
   isLoadingBackwards: boolean
   isLoadingForwards: boolean
@@ -95,7 +95,7 @@ export const createBuildLogsStore = () =>
         const paramsChanged =
           state._params?.buildId !== params.buildId ||
           state._params?.templateId !== params.templateId ||
-          state._params?.teamIdOrSlug !== params.teamIdOrSlug
+          state._params?.teamSlug !== params.teamSlug
         const levelChanged = state.level !== level
 
         if (paramsChanged || levelChanged || !state.isInitialized) {
@@ -118,7 +118,7 @@ export const createBuildLogsStore = () =>
 
           const result =
             await trpcClient.builds.buildLogsBackwardsReversed.query({
-              teamIdOrSlug: params.teamIdOrSlug,
+              teamSlug: params.teamSlug,
               templateId: params.templateId,
               buildId: params.buildId,
               level: level ?? undefined,
@@ -193,7 +193,7 @@ export const createBuildLogsStore = () =>
 
           const result =
             await state._trpcClient.builds.buildLogsBackwardsReversed.query({
-              teamIdOrSlug: state._params.teamIdOrSlug,
+              teamSlug: state._params.teamSlug,
               templateId: state._params.templateId,
               buildId: state._params.buildId,
               level: state.level ?? undefined,
@@ -253,7 +253,7 @@ export const createBuildLogsStore = () =>
           const seenAtCursor = state.forwardSeenAtCursor
 
           const result = await state._trpcClient.builds.buildLogsForward.query({
-            teamIdOrSlug: state._params.teamIdOrSlug,
+            teamSlug: state._params.teamSlug,
             templateId: state._params.templateId,
             buildId: state._params.buildId,
             level: state.level ?? undefined,
diff --git a/src/features/dashboard/build/header-cells.tsx b/src/features/dashboard/build/header-cells.tsx
index e4628638f..ede75eb91 100644
--- a/src/features/dashboard/build/header-cells.tsx
+++ b/src/features/dashboard/build/header-cells.tsx
@@ -23,8 +23,7 @@ export function Template({
   className?: string
 }) {
   const router = useRouter()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/templates'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/templates'>()
 
   return (
     <Button
@@ -38,7 +37,7 @@ export function Template({
         e.preventDefault()
 
         useTemplateTableStore.getState().setGlobalFilter(templateId)
-        router.push(PROTECTED_URLS.TEMPLATES_LIST(teamIdOrSlug))
+        router.push(PROTECTED_URLS.TEMPLATES_LIST(teamSlug))
       }}
     >
       <p className="truncate">{template}</p>
diff --git a/src/features/dashboard/build/header.tsx b/src/features/dashboard/build/header.tsx
index d40979ecc..48bba80f2 100644
--- a/src/features/dashboard/build/header.tsx
+++ b/src/features/dashboard/build/header.tsx
@@ -1,7 +1,7 @@
 'use client'
 
+import type { BuildDetailsModel } from '@/core/modules/builds/models'
 import { cn } from '@/lib/utils/ui'
-import type { BuildDetailsDTO } from '@/server/api/models/builds.models'
 import CopyButton from '@/ui/copy-button'
 import CopyButtonInline from '@/ui/copy-button-inline'
 import { CheckIcon, CloseIcon } from '@/ui/primitives/icons'
@@ -11,7 +11,7 @@ import { DetailsItem, DetailsRow } from '../layouts/details-row'
 import { RanFor, StartedAt, Template } from './header-cells'
 
 interface BuildHeaderProps {
-  buildDetails: BuildDetailsDTO | undefined
+  buildDetails: BuildDetailsModel | undefined
   buildId: string
   templateId: string
 }
@@ -74,8 +74,8 @@ export default function BuildHeader({
 }
 
 interface StatusBannerProps {
-  status: BuildDetailsDTO['status'] | undefined
-  statusMessage?: BuildDetailsDTO['statusMessage']
+  status: BuildDetailsModel['status'] | undefined
+  statusMessage?: BuildDetailsModel['statusMessage']
 }
 
 function StatusBanner({ status, statusMessage }: StatusBannerProps) {
diff --git a/src/features/dashboard/build/logs-cells.tsx b/src/features/dashboard/build/logs-cells.tsx
index b42f9e47a..620f1709c 100644
--- a/src/features/dashboard/build/logs-cells.tsx
+++ b/src/features/dashboard/build/logs-cells.tsx
@@ -1,15 +1,15 @@
 import { format } from 'date-fns'
 import { enUS } from 'date-fns/locale/en-US'
+import type { BuildLogModel } from '@/core/modules/builds/models'
 import {
   LogLevelBadge,
   LogMessage,
 } from '@/features/dashboard/common/log-cells'
 import { formatDurationCompact } from '@/lib/utils/formatting'
-import type { BuildLogDTO } from '@/server/api/models/builds.models'
 import CopyButtonInline from '@/ui/copy-button-inline'
 import { Badge, type BadgeProps } from '@/ui/primitives/badge'
 
-export const LogLevel = ({ level }: { level: BuildLogDTO['level'] }) => {
+export const LogLevel = ({ level }: { level: BuildLogModel['level'] }) => {
   return <LogLevelBadge level={level} />
 }
 
@@ -40,7 +40,7 @@ export const Timestamp = ({
 }
 
 interface MessageProps {
-  message: BuildLogDTO['message']
+  message: BuildLogModel['message']
 }
 
 export const Message = ({ message }: MessageProps) => {
diff --git a/src/features/dashboard/build/logs-filter-params.ts b/src/features/dashboard/build/logs-filter-params.ts
index d972fc419..802ccfa1e 100644
--- a/src/features/dashboard/build/logs-filter-params.ts
+++ b/src/features/dashboard/build/logs-filter-params.ts
@@ -1,7 +1,7 @@
 import { createLoader, parseAsStringEnum } from 'nuqs/server'
-import type { BuildLogDTO } from '@/server/api/models/builds.models'
+import type { BuildLogModel } from '@/core/modules/builds/models'
 
-export type LogLevelFilter = BuildLogDTO['level']
+export type LogLevelFilter = BuildLogModel['level']
 
 export const LOG_LEVELS: LogLevelFilter[] = ['debug', 'info', 'warn', 'error']
 
diff --git a/src/features/dashboard/build/logs.tsx b/src/features/dashboard/build/logs.tsx
index 7843380cd..3d177a474 100644
--- a/src/features/dashboard/build/logs.tsx
+++ b/src/features/dashboard/build/logs.tsx
@@ -6,6 +6,10 @@ import {
   type Virtualizer,
 } from '@tanstack/react-virtual'
 import { type RefObject, useCallback, useEffect, useRef, useState } from 'react'
+import type {
+  BuildDetailsModel,
+  BuildLogModel,
+} from '@/core/modules/builds/models'
 import {
   LOG_LEVEL_LEFT_BORDER_CLASS,
   type LogLevelValue,
@@ -19,10 +23,6 @@ import {
   LogVirtualRow,
 } from '@/features/dashboard/common/log-viewer-ui'
 import { cn } from '@/lib/utils'
-import type {
-  BuildDetailsDTO,
-  BuildLogDTO,
-} from '@/server/api/models/builds.models'
 import { Loader } from '@/ui/primitives/loader'
 import { Table, TableBody, TableCell } from '@/ui/primitives/table'
 import { LOG_RETENTION_MS } from '../templates/builds/constants'
@@ -39,15 +39,15 @@ const VIRTUAL_OVERSCAN = 16
 const SCROLL_LOAD_THRESHOLD_PX = 200
 
 interface LogsProps {
-  buildDetails: BuildDetailsDTO | undefined
-  teamIdOrSlug: string
+  buildDetails: BuildDetailsModel | undefined
+  teamSlug: string
   templateId: string
   buildId: string
 }
 
 export default function Logs({
   buildDetails,
-  teamIdOrSlug,
+  teamSlug,
   templateId,
   buildId,
 }: LogsProps) {
@@ -80,7 +80,7 @@ export default function Logs({
   return (
     <LogsContent
       buildDetails={buildDetails}
-      teamIdOrSlug={teamIdOrSlug}
+      teamSlug={teamSlug}
       templateId={templateId}
       buildId={buildId}
       level={level}
@@ -90,8 +90,8 @@ export default function Logs({
 }
 
 interface LogsContentProps {
-  buildDetails: BuildDetailsDTO
-  teamIdOrSlug: string
+  buildDetails: BuildDetailsModel
+  teamSlug: string
   templateId: string
   buildId: string
   level: BuildLogLevelFilter | null
@@ -100,14 +100,14 @@ interface LogsContentProps {
 
 function LogsContent({
   buildDetails,
-  teamIdOrSlug,
+  teamSlug,
   templateId,
   buildId,
   level,
   setLevel,
 }: LogsContentProps) {
   const scrollContainerRef = useRef<HTMLDivElement>(null)
-  const [lastNonEmptyLogs, setLastNonEmptyLogs] = useState<BuildLogDTO[]>([])
+  const [lastNonEmptyLogs, setLastNonEmptyLogs] = useState<BuildLogModel[]>([])
 
   const { isRefetchingFromFilterChange, onFetchComplete } =
     useFilterRefetchTracking(level)
@@ -120,7 +120,7 @@ function LogsContent({
     isFetching,
     fetchNextPage,
   } = useBuildLogs({
-    teamIdOrSlug,
+    teamSlug,
     templateId,
     buildId,
     level,
@@ -232,7 +232,7 @@ function EmptyBody({ hasRetainedLogs }: EmptyBodyProps) {
 }
 
 interface VirtualizedLogsBodyProps {
-  logs: BuildLogDTO[]
+  logs: BuildLogModel[]
   scrollContainerRef: RefObject<HTMLDivElement | null>
   startedAt: number
   onLoadMore: () => void
@@ -497,7 +497,7 @@ function useAutoScrollToBottom({
 }
 
 interface LogRowProps {
-  log: BuildLogDTO
+  log: BuildLogModel
   isZebraRow: boolean
   virtualRow: VirtualItem
   virtualizer: Virtualizer<HTMLDivElement, Element>
diff --git a/src/features/dashboard/build/use-build-logs.ts b/src/features/dashboard/build/use-build-logs.ts
index a1499bf3f..e61ef7292 100644
--- a/src/features/dashboard/build/use-build-logs.ts
+++ b/src/features/dashboard/build/use-build-logs.ts
@@ -3,7 +3,7 @@
 import { useQuery } from '@tanstack/react-query'
 import { useCallback, useEffect, useRef } from 'react'
 import { useStore } from 'zustand'
-import type { BuildStatus } from '@/server/api/models/builds.models'
+import type { BuildStatus } from '@/core/modules/builds/models'
 import { useTRPCClient } from '@/trpc/client'
 import { type BuildLogsStore, createBuildLogsStore } from './build-logs-store'
 import type { LogLevelFilter } from './logs-filter-params'
@@ -13,7 +13,7 @@ const DRAIN_AFTER_BUILD_STOP_WINDOW_MS = 10_000
 const MIN_EMPTY_DRAIN_POLLS = 2
 
 interface UseBuildLogsParams {
-  teamIdOrSlug: string
+  teamSlug: string
   templateId: string
   buildId: string
   level: LogLevelFilter | null
@@ -21,7 +21,7 @@ interface UseBuildLogsParams {
 }
 
 export function useBuildLogs({
-  teamIdOrSlug,
+  teamSlug,
   templateId,
   buildId,
   level,
@@ -43,10 +43,8 @@ export function useBuildLogs({
   const isLoadingForwards = useStore(store, (s) => s.isLoadingForwards)
 
   useEffect(() => {
-    store
-      .getState()
-      .init(trpcClient, { teamIdOrSlug, templateId, buildId }, level)
-  }, [store, trpcClient, teamIdOrSlug, templateId, buildId, level])
+    store.getState().init(trpcClient, { teamSlug, templateId, buildId }, level)
+  }, [store, trpcClient, teamSlug, templateId, buildId, level])
 
   const isBuilding = buildStatus === 'building'
   const isDraining = useRef(false)
@@ -76,7 +74,7 @@ export function useBuildLogs({
   const shouldPoll = isInitialized && (isBuilding || isDraining.current)
 
   const { isFetching: isPolling } = useQuery({
-    queryKey: ['buildLogsForward', teamIdOrSlug, templateId, buildId, level],
+    queryKey: ['buildLogsForward', teamSlug, templateId, buildId, level],
     queryFn: async () => {
       const { logsCount } = await store.getState().fetchMoreForwards()
 
diff --git a/src/features/dashboard/context.tsx b/src/features/dashboard/context.tsx
index ec8ec4505..fe7387e75 100644
--- a/src/features/dashboard/context.tsx
+++ b/src/features/dashboard/context.tsx
@@ -1,15 +1,14 @@
 'use client'
 
 import type { User } from '@supabase/supabase-js'
-import { createContext, type ReactNode, useContext, useState } from 'react'
-import type { ClientTeam } from '@/types/dashboard.types'
+import { createContext, type ReactNode, useContext, useEffect } from 'react'
+import { useDebounceCallback } from 'usehooks-ts'
+import type { TeamModel } from '@/core/modules/teams/models'
 
 interface DashboardContextValue {
-  team: ClientTeam
+  team: TeamModel
+  teams: TeamModel[]
   user: User
-
-  setTeam: (team: ClientTeam) => void
-  setUser: (user: User) => void
 }
 
 const DashboardContext = createContext<DashboardContextValue | undefined>(
@@ -18,24 +17,35 @@ const DashboardContext = createContext<DashboardContextValue | undefined>(
 
 interface DashboardContextProviderProps {
   children: ReactNode
-  initialTeam: ClientTeam
+  initialTeam: TeamModel
+  initialTeams: TeamModel[]
   initialUser: User
 }
 
 export function DashboardContextProvider({
   children,
   initialTeam,
+  initialTeams,
   initialUser,
 }: DashboardContextProviderProps) {
-  const [team, setTeam] = useState(initialTeam)
-  const [user, setUser] = useState(initialUser)
+  const updateTeamCookieState = useDebounceCallback(async (team: TeamModel) => {
+    await fetch('/api/team/state', {
+      method: 'POST',
+      body: JSON.stringify({
+        teamId: team.id,
+        teamSlug: team.slug,
+      }),
+    })
+  }, 1000)
 
-  const value = {
-    team,
-    user,
+  useEffect(() => {
+    updateTeamCookieState(initialTeam)
+  }, [initialTeam, updateTeamCookieState])
 
-    setTeam,
-    setUser,
+  const value = {
+    team: initialTeam,
+    teams: initialTeams,
+    user: initialUser,
   }
 
   return (
diff --git a/src/features/dashboard/layouts/layout.tsx b/src/features/dashboard/layouts/layout.tsx
index 2f0affe3e..5c6fa53a9 100644
--- a/src/features/dashboard/layouts/layout.tsx
+++ b/src/features/dashboard/layouts/layout.tsx
@@ -7,7 +7,7 @@ import DashboardLayoutWrapper from './wrapper'
 
 interface DashboardLayoutProps {
   children: React.ReactNode
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }
 
 export default function DashboardLayout({
diff --git a/src/features/dashboard/layouts/status-indicator.server.tsx b/src/features/dashboard/layouts/status-indicator.server.tsx
index e5f0c1bc7..1eed06e30 100644
--- a/src/features/dashboard/layouts/status-indicator.server.tsx
+++ b/src/features/dashboard/layouts/status-indicator.server.tsx
@@ -2,7 +2,7 @@ import 'server-only'
 
 import { cacheLife } from 'next/cache'
 import Link from 'next/link'
-import { l } from '@/lib/clients/logger/logger'
+import { l } from '@/core/shared/clients/logger/logger'
 import { LiveDot } from '@/ui/live'
 
 const STATUS_PAGE_URL = 'https://status.e2b.dev'
diff --git a/src/features/dashboard/limits/alert-card.tsx b/src/features/dashboard/limits/alert-card.tsx
index c5fbdbb69..d67bcd719 100644
--- a/src/features/dashboard/limits/alert-card.tsx
+++ b/src/features/dashboard/limits/alert-card.tsx
@@ -1,7 +1,7 @@
 'use client'
 
+import type { BillingLimit } from '@/core/modules/billing/models'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
-import type { BillingLimit } from '@/types/billing.types'
 import { Card, CardContent, CardHeader, CardTitle } from '@/ui/primitives/card'
 import { useDashboard } from '../context'
 import LimitForm from './limit-form'
@@ -13,7 +13,7 @@ interface AlertCardProps {
 
 export default function AlertCard({ className, value }: AlertCardProps) {
   const { team } = useDashboard()
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/limits'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/limits'>()
 
   if (!team) return null
 
@@ -25,7 +25,7 @@ export default function AlertCard({ className, value }: AlertCardProps) {
       <CardContent className="text-fg-secondary max-w-[500px]">
         <LimitForm
           className="mb-4"
-          teamIdOrSlug={teamIdOrSlug}
+          teamSlug={teamSlug}
           originalValue={value}
           type="alert"
         />
diff --git a/src/features/dashboard/limits/limit-card.tsx b/src/features/dashboard/limits/limit-card.tsx
index 39bad9af3..f668eb58f 100644
--- a/src/features/dashboard/limits/limit-card.tsx
+++ b/src/features/dashboard/limits/limit-card.tsx
@@ -1,7 +1,7 @@
 'use client'
 
+import type { BillingLimit } from '@/core/modules/billing/models'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
-import type { BillingLimit } from '@/types/billing.types'
 import { Card, CardContent, CardHeader, CardTitle } from '@/ui/primitives/card'
 import { useDashboard } from '../context'
 import LimitForm from './limit-form'
@@ -13,7 +13,7 @@ interface LimitCardProps {
 
 export default function LimitCard({ className, value }: LimitCardProps) {
   const { team } = useDashboard()
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/limits'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/limits'>()
 
   if (!team) return null
 
@@ -25,7 +25,7 @@ export default function LimitCard({ className, value }: LimitCardProps) {
       <CardContent className="text-fg-secondary max-w-[500px]">
         <LimitForm
           className="mb-4"
-          teamIdOrSlug={teamIdOrSlug}
+          teamSlug={teamSlug}
           originalValue={value}
           type="limit"
         />
diff --git a/src/features/dashboard/limits/limit-form.tsx b/src/features/dashboard/limits/limit-form.tsx
index 428f24a80..2d99dfa1a 100644
--- a/src/features/dashboard/limits/limit-form.tsx
+++ b/src/features/dashboard/limits/limit-form.tsx
@@ -24,7 +24,7 @@ import {
 } from '@/ui/primitives/form'
 
 interface LimitFormProps {
-  teamIdOrSlug: string
+  teamSlug: string
   className?: string
   originalValue: number | null
   type: 'limit' | 'alert'
@@ -40,7 +40,7 @@ const formSchema = z.object({
 type FormData = z.infer<typeof formSchema>
 
 export default function LimitForm({
-  teamIdOrSlug,
+  teamSlug,
   className,
   originalValue,
   type,
@@ -60,7 +60,7 @@ export default function LimitForm({
   })
 
   const limitsQueryKey = trpc.billing.getLimits.queryOptions({
-    teamIdOrSlug,
+    teamSlug,
   }).queryKey
 
   const setLimitMutation = useMutation(
@@ -114,7 +114,7 @@ export default function LimitForm({
     }
 
     setLimitMutation.mutate({
-      teamIdOrSlug,
+      teamSlug,
       type,
       value: data.value,
     })
@@ -122,7 +122,7 @@ export default function LimitForm({
 
   const handleClear = () => {
     clearLimitMutation.mutate({
-      teamIdOrSlug,
+      teamSlug,
       type,
     })
   }
diff --git a/src/features/dashboard/limits/usage-limits.tsx b/src/features/dashboard/limits/usage-limits.tsx
index 814c7f5ef..ca47b1eda 100644
--- a/src/features/dashboard/limits/usage-limits.tsx
+++ b/src/features/dashboard/limits/usage-limits.tsx
@@ -13,11 +13,11 @@ interface UsageLimitsProps {
 }
 
 export default function UsageLimits({ className }: UsageLimitsProps) {
-  const { teamIdOrSlug } = useRouteParams<'/dashboard/[teamIdOrSlug]/limits'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/limits'>()
   const trpc = useTRPC()
 
   const { data: limits, isLoading } = useQuery({
-    ...trpc.billing.getLimits.queryOptions({ teamIdOrSlug }),
+    ...trpc.billing.getLimits.queryOptions({ teamSlug }),
     throwOnError: true,
   })
 
diff --git a/src/features/dashboard/members/add-member-form.tsx b/src/features/dashboard/members/add-member-form.tsx
index e73ff6d6c..68f7f9130 100644
--- a/src/features/dashboard/members/add-member-form.tsx
+++ b/src/features/dashboard/members/add-member-form.tsx
@@ -4,13 +4,13 @@ import { zodResolver } from '@hookform/resolvers/zod'
 import { useAction } from 'next-safe-action/hooks'
 import { useForm } from 'react-hook-form'
 import { z } from 'zod'
+import { addTeamMemberAction } from '@/core/server/actions/team-actions'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   useToast,
 } from '@/lib/hooks/use-toast'
 import { cn } from '@/lib/utils'
-import { addTeamMemberAction } from '@/server/team/team-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Form,
@@ -62,7 +62,7 @@ export default function AddMemberForm({ className }: AddMemberFormProps) {
     }
 
     execute({
-      teamIdOrSlug: team.id,
+      teamSlug: team.slug,
       email: data.email,
     })
   }
diff --git a/src/features/dashboard/members/danger-zone.tsx b/src/features/dashboard/members/danger-zone.tsx
deleted file mode 100644
index e42e5ce2c..000000000
--- a/src/features/dashboard/members/danger-zone.tsx
+++ /dev/null
@@ -1,86 +0,0 @@
-import { getTeam } from '@/server/team/get-team'
-import { AlertDialog } from '@/ui/alert-dialog'
-import ErrorBoundary from '@/ui/error'
-import { Button } from '@/ui/primitives/button'
-import {
-  Card,
-  CardContent,
-  CardDescription,
-  CardHeader,
-  CardTitle,
-} from '@/ui/primitives/card'
-
-interface DangerZoneProps {
-  teamId: string
-}
-
-export function DangerZone({ teamId }: DangerZoneProps) {
-  return (
-    <Card>
-      <CardHeader>
-        <CardTitle>Danger Zone</CardTitle>
-        <CardDescription>
-          Actions here can't be undone. Please proceed with caution.
-        </CardDescription>
-      </CardHeader>
-      <CardContent className="flex flex-col gap-4">
-        <DangerZoneContent teamId={teamId} />
-      </CardContent>
-    </Card>
-  )
-}
-
-async function DangerZoneContent({ teamId }: { teamId: string }) {
-  const res = await getTeam({ teamIdOrSlug: teamId })
-
-  if (!res?.data || res.serverError || res.validationErrors) {
-    return (
-      <ErrorBoundary
-        error={
-          {
-            name: 'Team Error',
-            message: res?.serverError || 'Unknown error',
-          } satisfies Error
-        }
-        description={'Could not load team'}
-      />
-    )
-  }
-
-  const team = res.data
-
-  return (
-    <>
-      <div className="flex items-center justify-between p-4">
-        <div className="flex flex-col gap-1">
-          <h4 className="">Leave Team</h4>
-          <p className="text-fg-tertiary font-sans ">
-            Remove yourself from this Team
-          </p>
-        </div>
-
-        <AlertDialog
-          title="Leave Team"
-          description="Are you sure you want to leave this team?"
-          confirm="Leave"
-          onConfirm={() => {}}
-          trigger={
-            <Button variant="muted" disabled={!team || team?.is_default}>
-              Leave Team
-            </Button>
-          }
-        />
-      </div>
-
-      <div className="flex items-center justify-between p-4">
-        <div className="flex flex-col gap-1">
-          <h4 className="text-fg ">Delete Team</h4>
-          <p className="text-fg-tertiary font-sans ">
-            Permanently delete this team and all of its data
-          </p>
-        </div>
-        <Button variant="error">Delete Team</Button>
-      </div>
-    </>
-  )
-}
diff --git a/src/features/dashboard/members/member-card.tsx b/src/features/dashboard/members/member-card.tsx
index f288d3d42..8df8f25be 100644
--- a/src/features/dashboard/members/member-card.tsx
+++ b/src/features/dashboard/members/member-card.tsx
@@ -10,7 +10,7 @@ import MemberTable from './member-table'
 
 interface MemberCardProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
   className?: string
 }
diff --git a/src/features/dashboard/members/member-table-body.tsx b/src/features/dashboard/members/member-table-body.tsx
index 4eace9b97..ab218c0ca 100644
--- a/src/features/dashboard/members/member-table-body.tsx
+++ b/src/features/dashboard/members/member-table-body.tsx
@@ -1,4 +1,4 @@
-import { getTeamMembers } from '@/server/team/get-team-members'
+import { getTeamMembers } from '@/core/server/functions/team/get-team-members'
 import { ErrorIndicator } from '@/ui/error-indicator'
 import { Alert, AlertDescription, AlertTitle } from '@/ui/primitives/alert'
 import { TableCell, TableRow } from '@/ui/primitives/table'
@@ -6,17 +6,17 @@ import MemberTableRow from './member-table-row'
 
 interface TableBodyContentProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
 export default async function MemberTableBody({
   params,
 }: TableBodyContentProps) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
   try {
-    const result = await getTeamMembers({ teamIdOrSlug })
+    const result = await getTeamMembers({ teamSlug })
 
     if (!result?.data || result.serverError || result.validationErrors) {
       throw new Error(result?.serverError || 'Unknown error')
@@ -27,7 +27,7 @@ export default async function MemberTableBody({
     if (members.length === 0) {
       return (
         <TableRow>
-          <TableCell colSpan={5}>
+          <TableCell colSpan={6}>
             <Alert className="text-left" variant="info">
               <AlertTitle>No Members</AlertTitle>
               <AlertDescription>No team members found.</AlertDescription>
@@ -55,7 +55,7 @@ export default async function MemberTableBody({
   } catch (error) {
     return (
       <TableRow>
-        <TableCell colSpan={5}>
+        <TableCell colSpan={6}>
           <ErrorIndicator
             description={'Could not load team members'}
             message={error instanceof Error ? error.message : 'Unknown error'}
diff --git a/src/features/dashboard/members/member-table-row.tsx b/src/features/dashboard/members/member-table-row.tsx
index 83782682a..afd83c8ee 100644
--- a/src/features/dashboard/members/member-table-row.tsx
+++ b/src/features/dashboard/members/member-table-row.tsx
@@ -3,16 +3,20 @@
 import { useRouter } from 'next/navigation'
 import { useAction } from 'next-safe-action/hooks'
 import { useState } from 'react'
+import type { IconType } from 'react-icons'
+import { FaGithub, FaGoogle } from 'react-icons/fa'
+import { FiMail } from 'react-icons/fi'
 import { PROTECTED_URLS } from '@/configs/urls'
+import { removeTeamMemberAction } from '@/core/server/actions/team-actions'
+import type { TeamMember } from '@/core/server/functions/team/types'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   useToast,
 } from '@/lib/hooks/use-toast'
-import { removeTeamMemberAction } from '@/server/team/team-actions'
-import type { TeamMember } from '@/server/team/types'
 import { AlertDialog } from '@/ui/alert-dialog'
 import { Avatar, AvatarFallback, AvatarImage } from '@/ui/primitives/avatar'
+import { Badge } from '@/ui/primitives/badge'
 import { Button } from '@/ui/primitives/button'
 import { TableCell, TableRow } from '@/ui/primitives/table'
 import { useDashboard } from '../context'
@@ -23,6 +27,34 @@ interface TableRowProps {
   index: number
 }
 
+type MemberProvider = {
+  key: string
+  label: string
+  Icon: IconType
+}
+
+function normalizeProvider(provider: string): string {
+  const value = provider.toLowerCase()
+  if (value.includes('google')) return 'google'
+  if (value.includes('github')) return 'github'
+  if (value.includes('email')) return 'email'
+  return value
+}
+
+function toMemberProvider(provider: string): MemberProvider | null {
+  const normalized = normalizeProvider(provider)
+  if (normalized === 'google') {
+    return { key: normalized, label: 'Google', Icon: FaGoogle }
+  }
+  if (normalized === 'github') {
+    return { key: normalized, label: 'GitHub', Icon: FaGithub }
+  }
+  if (normalized === 'email') {
+    return { key: normalized, label: 'Email', Icon: FiMail }
+  }
+  return null
+}
+
 export default function MemberTableRow({
   member,
   addedByEmail,
@@ -58,11 +90,16 @@ export default function MemberTableRow({
 
   const handleRemoveMember = async (userId: string) => {
     removeMember({
-      teamIdOrSlug: team.id,
+      teamSlug: team.slug,
       userId,
     })
   }
 
+  const providers =
+    member.info.providers
+      ?.map(toMemberProvider)
+      .filter((provider): provider is MemberProvider => provider !== null) ?? []
+
   return (
     <TableRow key={`${member.info.id}-${index}`}>
       <TableCell>
@@ -79,6 +116,24 @@ export default function MemberTableRow({
           : (member.info.name ?? 'Anonymous')}
       </TableCell>
       <TableCell className="text-fg-tertiary">{member.info.email}</TableCell>
+      <TableCell>
+        {providers.length > 0 ? (
+          <div className="flex flex-wrap gap-1.5">
+            {providers.map(({ key, label, Icon }) => (
+              <Badge
+                key={key}
+                size="sm"
+                className="bg-bg-highlight text-fg-tertiary uppercase prose-label-numeric"
+              >
+                <Icon className="size-3.5 mr-0.5" />
+                {label}
+              </Badge>
+            ))}
+          </div>
+        ) : (
+          <span className="text-fg-muted">-</span>
+        )}
+      </TableCell>
       <TableCell className="text-fg-secondary">
         {member.relation.added_by === user?.id ? 'You' : (addedByEmail ?? '')}
       </TableCell>
diff --git a/src/features/dashboard/members/member-table.tsx b/src/features/dashboard/members/member-table.tsx
index 02bdff36d..4b08a33cb 100644
--- a/src/features/dashboard/members/member-table.tsx
+++ b/src/features/dashboard/members/member-table.tsx
@@ -14,19 +14,20 @@ import MemberTableBody from './member-table-body'
 
 interface MemberTableProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
   className?: string
 }
 
 const MemberTable: FC<MemberTableProps> = ({ params, className }) => {
   return (
-    <Table className={cn('min-w-[800px]', className)}>
+    <Table className={cn('min-w-[960px]', className)}>
       <TableHeader>
         <TableRow>
           <th className="w-[50px]"></th>
           <TableHead className="w-[200px]">Name</TableHead>
           <TableHead className="w-[250px]">E-Mail</TableHead>
+          <TableHead className="w-[200px]">Providers</TableHead>
           <TableHead className="w-[200px]">Added By</TableHead>
           <th className="w-[50px]"></th>
         </TableRow>
@@ -35,7 +36,7 @@ const MemberTable: FC<MemberTableProps> = ({ params, className }) => {
         <Suspense
           fallback={
             <TableRow>
-              <TableCell colSpan={5} className="h-24 text-left">
+              <TableCell colSpan={6} className="h-24 text-left">
                 <Alert className="w-full text-left" variant="info">
                   <AlertTitle className="flex items-center gap-2">
                     <Loader />
diff --git a/src/features/dashboard/navbar/dashboard-survey-popover.tsx b/src/features/dashboard/navbar/dashboard-survey-popover.tsx
index 29cc269ac..d1992d1f4 100644
--- a/src/features/dashboard/navbar/dashboard-survey-popover.tsx
+++ b/src/features/dashboard/navbar/dashboard-survey-popover.tsx
@@ -5,8 +5,8 @@ import { usePostHog } from 'posthog-js/react'
 import { useCallback, useState } from 'react'
 import { toast } from 'sonner'
 import { INCLUDE_DASHBOARD_FEEDBACK_SURVEY } from '@/configs/flags'
+import { l } from '@/core/shared/clients/logger/logger'
 import { useAppPostHogProvider } from '@/features/posthog-provider'
-import { l } from '@/lib/clients/logger/logger'
 import { Popover, PopoverContent } from '@/ui/primitives/popover'
 import { SurveyContent } from '@/ui/survey'
 
diff --git a/src/features/dashboard/navbar/report-issue-dialog.tsx b/src/features/dashboard/navbar/report-issue-dialog.tsx
index ce46520ed..5ff222a02 100644
--- a/src/features/dashboard/navbar/report-issue-dialog.tsx
+++ b/src/features/dashboard/navbar/report-issue-dialog.tsx
@@ -181,7 +181,7 @@ export default function ContactSupportDialog({
     )
 
     contactSupportMutation.mutate({
-      teamIdOrSlug: team.id,
+      teamSlug: team.slug,
       description,
       files: filePayloads.length > 0 ? filePayloads : undefined,
     })
diff --git a/src/features/dashboard/sandbox/context.tsx b/src/features/dashboard/sandbox/context.tsx
index ad15487b5..1ccf8794a 100644
--- a/src/features/dashboard/sandbox/context.tsx
+++ b/src/features/dashboard/sandbox/context.tsx
@@ -4,13 +4,13 @@ import { useQuery } from '@tanstack/react-query'
 import type { ReactNode } from 'react'
 import { createContext, useCallback, useContext, useMemo } from 'react'
 import { SANDBOXES_METRICS_POLLING_MS } from '@/configs/intervals'
+import type {
+  SandboxDetailsModel,
+  SandboxEventModel,
+} from '@/core/modules/sandboxes/models'
 import { useAlignedRefetchInterval } from '@/lib/hooks/use-aligned-refetch-interval'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { isNotFoundError } from '@/lib/utils/trpc-errors'
-import type {
-  SandboxDetailsDTO,
-  SandboxEventDTO,
-} from '@/server/api/models/sandboxes.models'
 import { useTRPC } from '@/trpc/client'
 import { SANDBOX_LIFECYCLE_EVENT_KILLED } from './monitoring/utils/constants'
 
@@ -18,11 +18,11 @@ export interface SandboxLifecycleState {
   createdAt: string | null
   pausedAt: string | null
   endedAt: string | null
-  events: SandboxEventDTO[]
+  events: SandboxEventModel[]
 }
 
 interface SandboxContextValue {
-  sandboxInfo?: SandboxDetailsDTO
+  sandboxInfo?: SandboxDetailsModel
   sandboxLifecycle: SandboxLifecycleState | null
   isRunning: boolean
   isSandboxNotFound: boolean
@@ -46,7 +46,7 @@ interface SandboxProviderProps {
 }
 
 function buildSandboxLifecycle(
-  sandboxInfo: SandboxDetailsDTO | undefined
+  sandboxInfo: SandboxDetailsModel | undefined
 ): SandboxLifecycleState | null {
   if (!sandboxInfo) {
     return null
@@ -68,8 +68,8 @@ function buildSandboxLifecycle(
 }
 
 export function SandboxProvider({ children }: SandboxProviderProps) {
-  const { teamIdOrSlug, sandboxId } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]'>()
+  const { teamSlug, sandboxId } =
+    useRouteParams<'/dashboard/[teamSlug]/sandboxes/[sandboxId]'>()
 
   const trpc = useTRPC()
   const getAlignedRefetchInterval = useAlignedRefetchInterval({
@@ -84,11 +84,13 @@ export function SandboxProvider({ children }: SandboxProviderProps) {
     refetch,
   } = useQuery(
     trpc.sandbox.details.queryOptions(
-      { teamIdOrSlug, sandboxId },
+      { teamSlug, sandboxId },
       {
         retry: false,
         refetchInterval: (query) => {
-          const sandboxInfo = query.state.data as SandboxDetailsDTO | undefined
+          const sandboxInfo = query.state.data as
+            | SandboxDetailsModel
+            | undefined
           const state = sandboxInfo?.state
 
           // Keep polling when killed but the killed lifecycle event hasn't
diff --git a/src/features/dashboard/sandbox/header/kill-button.tsx b/src/features/dashboard/sandbox/header/kill-button.tsx
index 5332d5dbb..e8c66bcaf 100644
--- a/src/features/dashboard/sandbox/header/kill-button.tsx
+++ b/src/features/dashboard/sandbox/header/kill-button.tsx
@@ -3,8 +3,8 @@
 import { useAction } from 'next-safe-action/hooks'
 import { useState } from 'react'
 import { toast } from 'sonner'
+import { killSandboxAction } from '@/core/server/actions/sandbox-actions'
 import { cn } from '@/lib/utils/ui'
-import { killSandboxAction } from '@/server/sandboxes/sandbox-actions'
 import { AlertPopover } from '@/ui/alert-popover'
 import { Button } from '@/ui/primitives/button'
 import { TrashIcon } from '@/ui/primitives/icons'
@@ -40,7 +40,7 @@ export default function KillButton({ className }: KillButtonProps) {
     if (!canKill || !sandboxInfo?.sandboxID) return
 
     execute({
-      teamIdOrSlug: team.id,
+      teamSlug: team.slug,
       sandboxId: sandboxInfo.sandboxID,
     })
   }
diff --git a/src/features/dashboard/sandbox/inspect/context.tsx b/src/features/dashboard/sandbox/inspect/context.tsx
index d9dd66414..e15acc0d7 100644
--- a/src/features/dashboard/sandbox/inspect/context.tsx
+++ b/src/features/dashboard/sandbox/inspect/context.tsx
@@ -13,7 +13,7 @@ import {
 } from 'react'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { AUTH_URLS } from '@/configs/urls'
-import { supabase } from '@/lib/clients/supabase/client'
+import { supabase } from '@/core/shared/clients/supabase/client'
 import { useSandboxInspectAnalytics } from '@/lib/hooks/use-analytics'
 import { getParentPath, normalizePath } from '@/lib/utils/filesystem'
 import { useDashboard } from '../../context'
diff --git a/src/features/dashboard/sandbox/inspect/incompatible.tsx b/src/features/dashboard/sandbox/inspect/incompatible.tsx
index 18a2639b2..9f94be982 100644
--- a/src/features/dashboard/sandbox/inspect/incompatible.tsx
+++ b/src/features/dashboard/sandbox/inspect/incompatible.tsx
@@ -21,30 +21,30 @@ import {
 
 interface SandboxInspectIncompatibleProps {
   templateNameOrId?: string
-  teamIdOrSlug: string
+  teamSlug: string
 }
 
 export default function SandboxInspectIncompatible({
   templateNameOrId,
-  teamIdOrSlug,
+  teamSlug,
 }: SandboxInspectIncompatibleProps) {
   const codeClassNames = 'mx-0.5 h-5.5 rounded-none align-middle'
   const { trackInteraction } = useSandboxInspectAnalytics()
 
   useEffect(() => {
-    if (!templateNameOrId || !teamIdOrSlug) return
+    if (!templateNameOrId || !teamSlug) return
 
     trackInteraction('viewed_incompatible', {
-      team_id: teamIdOrSlug,
+      team_id: teamSlug,
       template_name_or_id: templateNameOrId,
     })
-  }, [trackInteraction, teamIdOrSlug])
+  }, [trackInteraction, teamSlug])
 
   return (
     <div className="flex h-full w-full flex-col items-center justify-center p-4 md:justify-center">
-      <div className="text-fill-highlight pointer-events-none absolute -top-30 -right-100 -z-10 flex overflow-hidden">
-        <AsciiBackgroundPattern className="w-1/2" />
-        <AsciiBackgroundPattern className="mi w-1/2 -scale-x-100" />
+      <div className="text-fill-highlight pointer-events-none absolute top-0 -left-250 flex justify-start overflow-hidden">
+        <AsciiBackgroundPattern className="w-auto text-right!" />
+        <AsciiBackgroundPattern className="w-auto text-right! -scale-x-100" />
       </div>
       <motion.div
         initial={{ opacity: 0 }}
@@ -125,7 +125,7 @@ export default function SandboxInspectIncompatible({
               className="text-fg-tertiary hover:text-fg font-sans normal-case max-md:w-full max-md:justify-start"
               asChild
             >
-              <Link href={PROTECTED_URLS.SANDBOXES_LIST(teamIdOrSlug)}>
+              <Link href={PROTECTED_URLS.SANDBOXES_LIST(teamSlug)}>
                 <ChevronLeft className="size-5" />
                 Back to sandboxes
               </Link>
diff --git a/src/features/dashboard/sandbox/inspect/not-found.tsx b/src/features/dashboard/sandbox/inspect/not-found.tsx
index 55acaa472..884175ba2 100644
--- a/src/features/dashboard/sandbox/inspect/not-found.tsx
+++ b/src/features/dashboard/sandbox/inspect/not-found.tsx
@@ -3,9 +3,8 @@
 import { ArrowLeft, ArrowUp, Home, RefreshCw } from 'lucide-react'
 import { useParams, useRouter } from 'next/navigation'
 import { useCallback, useEffect, useState, useTransition } from 'react'
-import { serializeError } from 'serialize-error'
 import { PROTECTED_URLS } from '@/configs/urls'
-import { l } from '@/lib/clients/logger/logger'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import { useSandboxInspectAnalytics } from '@/lib/hooks/use-analytics'
 import { cn } from '@/lib/utils'
 import { Button } from '@/ui/primitives/button'
@@ -15,9 +14,8 @@ import SandboxInspectEmptyFrame from './empty'
 export default function SandboxInspectNotFound() {
   const router = useRouter()
   const { isRunning } = useSandboxContext()
-  const { trackInteraction } = useSandboxInspectAnalytics()
 
-  const { teamIdOrSlug } = useParams()
+  const { teamSlug } = useParams()
 
   const [pendingPath, setPendingPath] = useState<string | undefined>(undefined)
   const [isPending, startTransition] = useTransition()
@@ -34,7 +32,7 @@ export default function SandboxInspectNotFound() {
       l.error(
         {
           key: 'sandbox_inspect_not_found:save_root_path_failed',
-          error: serializeError(error),
+          error: serializeErrorForLog(error),
         },
         `${error instanceof Error ? error.message : 'Failed to save root path'}`
       )
@@ -105,9 +103,7 @@ export default function SandboxInspectNotFound() {
   ) : (
     <Button
       variant="outline"
-      onClick={() =>
-        router.push(PROTECTED_URLS.SANDBOXES(teamIdOrSlug as string))
-      }
+      onClick={() => router.push(PROTECTED_URLS.SANDBOXES(teamSlug as string))}
       className="w-full gap-2"
     >
       <ArrowLeft className="text-fg-tertiary h-4 w-4" />
diff --git a/src/features/dashboard/sandbox/inspect/root-path-input.tsx b/src/features/dashboard/sandbox/inspect/root-path-input.tsx
index 54739602d..3ee555ec3 100644
--- a/src/features/dashboard/sandbox/inspect/root-path-input.tsx
+++ b/src/features/dashboard/sandbox/inspect/root-path-input.tsx
@@ -3,8 +3,7 @@
 import { ArrowRight } from 'lucide-react'
 import { useRouter } from 'next/navigation'
 import { useEffect, useState, useTransition } from 'react'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import { useSandboxInspectAnalytics } from '@/lib/hooks/use-analytics'
 import { cn } from '@/lib/utils'
 import { Button } from '@/ui/primitives/button'
@@ -37,7 +36,7 @@ export default function RootPathInput({
         key: 'sandbox_inspect_root_path_input:save_root_path_failed',
         message:
           error instanceof Error ? error.message : 'Failed to save root path',
-        error: serializeError(error),
+        error: serializeErrorForLog(error),
       })
     }
   }
diff --git a/src/features/dashboard/sandbox/layout.tsx b/src/features/dashboard/sandbox/layout.tsx
index e05639922..89d7523ba 100644
--- a/src/features/dashboard/sandbox/layout.tsx
+++ b/src/features/dashboard/sandbox/layout.tsx
@@ -20,8 +20,8 @@ export default function SandboxLayout({
   header,
   tabsHeaderAccessory,
 }: SandboxLayoutProps) {
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/sandboxes/[sandboxId]'>()
+  const { teamSlug } =
+    useRouteParams<'/dashboard/[teamSlug]/sandboxes/[sandboxId]'>()
 
   const { sandboxInfo, isSandboxInfoLoading, isSandboxNotFound } =
     useSandboxContext()
@@ -82,7 +82,7 @@ export default function SandboxLayout({
           ) : (
             <SandboxInspectIncompatible
               templateNameOrId={sandboxInfo.alias || sandboxInfo.templateID}
-              teamIdOrSlug={teamIdOrSlug}
+              teamSlug={teamSlug}
             />
           )}
         </DashboardTab>
diff --git a/src/features/dashboard/sandbox/logs/logs-cells.tsx b/src/features/dashboard/sandbox/logs/logs-cells.tsx
index 29412fd9d..15c138a55 100644
--- a/src/features/dashboard/sandbox/logs/logs-cells.tsx
+++ b/src/features/dashboard/sandbox/logs/logs-cells.tsx
@@ -1,5 +1,5 @@
+import type { SandboxLogModel } from '@/core/modules/sandboxes/models'
 import { LogLevelBadge } from '@/features/dashboard/common/log-cells'
-import type { SandboxLogDTO } from '@/server/api/models/sandboxes.models'
 import CopyButtonInline from '@/ui/copy-button-inline'
 
 const LOCAL_DATE_FORMATTER = new Intl.DateTimeFormat(undefined, {
@@ -14,7 +14,7 @@ const LOCAL_TIME_FORMATTER = new Intl.DateTimeFormat(undefined, {
   hour12: false,
 })
 
-export const LogLevel = ({ level }: { level: SandboxLogDTO['level'] }) => {
+export const LogLevel = ({ level }: { level: SandboxLogModel['level'] }) => {
   return <LogLevelBadge level={level} />
 }
 
@@ -43,7 +43,7 @@ export const Timestamp = ({ timestampUnix }: TimestampProps) => {
 }
 
 interface MessageProps {
-  message: SandboxLogDTO['message']
+  message: SandboxLogModel['message']
   search: string
   shouldHighlight: boolean
 }
diff --git a/src/features/dashboard/sandbox/logs/logs-filter-params.ts b/src/features/dashboard/sandbox/logs/logs-filter-params.ts
index 912decd32..38138f4ca 100644
--- a/src/features/dashboard/sandbox/logs/logs-filter-params.ts
+++ b/src/features/dashboard/sandbox/logs/logs-filter-params.ts
@@ -1,7 +1,7 @@
 import { createLoader, parseAsString, parseAsStringEnum } from 'nuqs/server'
-import type { SandboxLogDTO } from '@/server/api/models/sandboxes.models'
+import type { SandboxLogModel } from '@/core/modules/sandboxes/models'
 
-export type LogLevelFilter = SandboxLogDTO['level']
+export type LogLevelFilter = SandboxLogModel['level']
 
 export const LOG_LEVELS: LogLevelFilter[] = ['debug', 'info', 'warn', 'error']
 
diff --git a/src/features/dashboard/sandbox/logs/logs.tsx b/src/features/dashboard/sandbox/logs/logs.tsx
index f53d34064..d9e276a8e 100644
--- a/src/features/dashboard/sandbox/logs/logs.tsx
+++ b/src/features/dashboard/sandbox/logs/logs.tsx
@@ -13,6 +13,7 @@ import {
   useState,
 } from 'react'
 import { LOG_RETENTION_MS } from '@/configs/logs'
+import type { SandboxLogModel } from '@/core/modules/sandboxes/models'
 import {
   LOG_LEVEL_LEFT_BORDER_CLASS,
   type LogLevelValue,
@@ -26,7 +27,6 @@ import {
   LogVirtualRow,
 } from '@/features/dashboard/common/log-viewer-ui'
 import { cn } from '@/lib/utils'
-import type { SandboxLogDTO } from '@/server/api/models/sandboxes.models'
 import { DebouncedInput } from '@/ui/primitives/input'
 import { Loader } from '@/ui/primitives/loader'
 import { Table, TableBody, TableCell } from '@/ui/primitives/table'
@@ -45,7 +45,7 @@ const SCROLL_LOAD_THRESHOLD_PX = 200
 const LOG_RETENTION_DAYS = LOG_RETENTION_MS / 24 / 60 / 60 / 1000
 
 interface LogsProps {
-  teamIdOrSlug: string
+  teamSlug: string
   sandboxId: string
 }
 
@@ -59,7 +59,7 @@ function checkIfSandboxStillHasLogs(startedAtIso: string) {
   return Date.now() - startedAtUnix < LOG_RETENTION_MS
 }
 
-export default function SandboxLogs({ teamIdOrSlug, sandboxId }: LogsProps) {
+export default function SandboxLogs({ teamSlug, sandboxId }: LogsProps) {
   'use no memo'
 
   const { sandboxInfo, sandboxLifecycle, isRunning } = useSandboxContext()
@@ -94,7 +94,7 @@ export default function SandboxLogs({ teamIdOrSlug, sandboxId }: LogsProps) {
 
   return (
     <LogsContent
-      teamIdOrSlug={teamIdOrSlug}
+      teamSlug={teamSlug}
       sandboxId={sandboxId}
       isRunning={isRunning}
       hasRetainedLogs={hasRetainedLogs}
@@ -107,7 +107,7 @@ export default function SandboxLogs({ teamIdOrSlug, sandboxId }: LogsProps) {
 }
 
 interface LogsContentProps {
-  teamIdOrSlug: string
+  teamSlug: string
   sandboxId: string
   isRunning: boolean
   hasRetainedLogs: boolean
@@ -118,7 +118,7 @@ interface LogsContentProps {
 }
 
 function LogsContent({
-  teamIdOrSlug,
+  teamSlug,
   sandboxId,
   isRunning,
   hasRetainedLogs,
@@ -129,7 +129,9 @@ function LogsContent({
 }: LogsContentProps) {
   const [scrollContainerElement, setScrollContainerElement] =
     useState<HTMLDivElement | null>(null)
-  const [lastNonEmptyLogs, setLastNonEmptyLogs] = useState<SandboxLogDTO[]>([])
+  const [lastNonEmptyLogs, setLastNonEmptyLogs] = useState<SandboxLogModel[]>(
+    []
+  )
 
   const {
     logs,
@@ -141,7 +143,7 @@ function LogsContent({
     isFetching,
     fetchNextPage,
   } = useSandboxLogs({
-    teamIdOrSlug,
+    teamSlug,
     sandboxId,
     isRunning,
     level,
@@ -309,7 +311,7 @@ function FiltersRow({
 }
 
 interface VirtualizedLogsBodyProps {
-  logs: SandboxLogDTO[]
+  logs: SandboxLogModel[]
   scrollContainerElement: HTMLDivElement
   onLoadMore: () => void
   hasNextPage: boolean
@@ -609,7 +611,7 @@ function useAutoScrollToBottom({
 }
 
 interface LogRowProps {
-  log: SandboxLogDTO
+  log: SandboxLogModel
   search: string
   shouldHighlight: boolean
   isZebraRow: boolean
diff --git a/src/features/dashboard/sandbox/logs/sandbox-logs-store.ts b/src/features/dashboard/sandbox/logs/sandbox-logs-store.ts
index 50a430229..2d78b8ef3 100644
--- a/src/features/dashboard/sandbox/logs/sandbox-logs-store.ts
+++ b/src/features/dashboard/sandbox/logs/sandbox-logs-store.ts
@@ -2,7 +2,7 @@
 
 import { create } from 'zustand'
 import { immer } from 'zustand/middleware/immer'
-import type { SandboxLogDTO } from '@/server/api/models/sandboxes.models'
+import type { SandboxLogModel } from '@/core/modules/sandboxes/models'
 import type { useTRPCClient } from '@/trpc/client'
 import {
   countLeadingAtTimestamp,
@@ -13,14 +13,14 @@ import {
 import type { LogLevelFilter } from './logs-filter-params'
 
 interface SandboxLogsParams {
-  teamIdOrSlug: string
+  teamSlug: string
   sandboxId: string
 }
 
 type TRPCClient = ReturnType<typeof useTRPCClient>
 
 interface SandboxLogsState {
-  logs: SandboxLogDTO[]
+  logs: SandboxLogModel[]
   hasMoreBackwards: boolean
   isLoadingBackwards: boolean
   isLoadingForwards: boolean
@@ -102,7 +102,7 @@ export const createSandboxLogsStore = () =>
         // reset if params changed
         const paramsChanged =
           state._params?.sandboxId !== params.sandboxId ||
-          state._params?.teamIdOrSlug !== params.teamIdOrSlug
+          state._params?.teamSlug !== params.teamSlug
         const filterChanged = state.level !== level || state.search !== search
 
         if (paramsChanged || filterChanged || !state.isInitialized) {
@@ -126,7 +126,7 @@ export const createSandboxLogsStore = () =>
           const initCursor = Date.now()
 
           const result = await trpcClient.sandbox.logsBackwardsReversed.query({
-            teamIdOrSlug: params.teamIdOrSlug,
+            teamSlug: params.teamSlug,
             sandboxId: params.sandboxId,
             cursor: initCursor,
             level: level ?? undefined,
@@ -208,7 +208,7 @@ export const createSandboxLogsStore = () =>
 
           const result =
             await state._trpcClient.sandbox.logsBackwardsReversed.query({
-              teamIdOrSlug: state._params.teamIdOrSlug,
+              teamSlug: state._params.teamSlug,
               sandboxId: state._params.sandboxId,
               cursor,
               level: state.level ?? undefined,
@@ -268,7 +268,7 @@ export const createSandboxLogsStore = () =>
           const seenAtCursor = state.forwardSeenAtCursor
 
           const result = await state._trpcClient.sandbox.logsForward.query({
-            teamIdOrSlug: state._params.teamIdOrSlug,
+            teamSlug: state._params.teamSlug,
             sandboxId: state._params.sandboxId,
             cursor,
             level: state.level ?? undefined,
diff --git a/src/features/dashboard/sandbox/logs/use-sandbox-logs.ts b/src/features/dashboard/sandbox/logs/use-sandbox-logs.ts
index 5f897560d..791668b22 100644
--- a/src/features/dashboard/sandbox/logs/use-sandbox-logs.ts
+++ b/src/features/dashboard/sandbox/logs/use-sandbox-logs.ts
@@ -15,7 +15,7 @@ const DRAIN_AFTER_STOP_WINDOW_MS = 10_000
 const MIN_EMPTY_DRAIN_POLLS = 2
 
 interface UseSandboxLogsParams {
-  teamIdOrSlug: string
+  teamSlug: string
   sandboxId: string
   isRunning: boolean
   level: LogLevelFilter | null
@@ -23,7 +23,7 @@ interface UseSandboxLogsParams {
 }
 
 export function useSandboxLogs({
-  teamIdOrSlug,
+  teamSlug,
   sandboxId,
   isRunning,
   level,
@@ -50,10 +50,8 @@ export function useSandboxLogs({
   const isLoadingForwards = useStore(store, (s) => s.isLoadingForwards)
 
   useLayoutEffect(() => {
-    store
-      .getState()
-      .init(trpcClient, { teamIdOrSlug, sandboxId }, level, search)
-  }, [store, trpcClient, teamIdOrSlug, sandboxId, level, search])
+    store.getState().init(trpcClient, { teamSlug, sandboxId }, level, search)
+  }, [store, trpcClient, teamSlug, sandboxId, level, search])
 
   const isDraining = useRef(false)
   const prevIsRunningRef = useRef(isRunning)
@@ -81,7 +79,7 @@ export function useSandboxLogs({
   const shouldPoll = isInitialized && (isRunning || isDraining.current)
 
   const { isFetching: isPolling } = useQuery({
-    queryKey: ['sandboxLogsForward', teamIdOrSlug, sandboxId, level, search],
+    queryKey: ['sandboxLogsForward', teamSlug, sandboxId, level, search],
     queryFn: async () => {
       const { logsCount } = await store.getState().fetchMoreForwards()
 
diff --git a/src/features/dashboard/sandbox/logs/view.tsx b/src/features/dashboard/sandbox/logs/view.tsx
index 246070451..1e64082b4 100644
--- a/src/features/dashboard/sandbox/logs/view.tsx
+++ b/src/features/dashboard/sandbox/logs/view.tsx
@@ -3,17 +3,17 @@
 import SandboxLogs from './logs'
 
 interface SandboxLogsViewProps {
-  teamIdOrSlug: string
+  teamSlug: string
   sandboxId: string
 }
 
 export default function SandboxLogsView({
-  teamIdOrSlug,
+  teamSlug,
   sandboxId,
 }: SandboxLogsViewProps) {
   return (
     <div className="flex min-h-0 flex-1 flex-col gap-4 overflow-hidden p-3 md:p-6">
-      <SandboxLogs teamIdOrSlug={teamIdOrSlug} sandboxId={sandboxId} />
+      <SandboxLogs teamSlug={teamSlug} sandboxId={sandboxId} />
     </div>
   )
 }
diff --git a/src/features/dashboard/sandbox/monitoring/components/monitoring-charts.tsx b/src/features/dashboard/sandbox/monitoring/components/monitoring-charts.tsx
index 6a5204b66..87062f40a 100644
--- a/src/features/dashboard/sandbox/monitoring/components/monitoring-charts.tsx
+++ b/src/features/dashboard/sandbox/monitoring/components/monitoring-charts.tsx
@@ -1,13 +1,13 @@
 'use client'
 
 import { useCallback, useEffect, useMemo, useState } from 'react'
+import type {
+  SandboxEventModel,
+  SandboxMetric,
+} from '@/core/modules/sandboxes/models'
 import LoadingLayout from '@/features/dashboard/loading-layout'
 import { useIsMobile } from '@/lib/hooks/use-mobile'
 import { cn } from '@/lib/utils'
-import type {
-  SandboxEventDTO,
-  SandboxMetric,
-} from '@/server/api/models/sandboxes.models'
 import { CpuIcon, MemoryIcon, StorageIcon } from '@/ui/primitives/icons'
 import { Separator } from '@/ui/primitives/separator'
 import { useSandboxMonitoringController } from '../state/use-sandbox-monitoring-controller'
@@ -43,14 +43,14 @@ interface RenderedMonitoringSnapshot {
   timeframe: { start: number; end: number }
   fetchTimeframe: { start: number; end: number }
   metrics: SandboxMetric[]
-  lifecycleEvents: SandboxEventDTO[]
+  lifecycleEvents: SandboxEventModel[]
 }
 
 function createRenderedMonitoringSnapshot(
   timeframe: { start: number; end: number },
   fetchTimeframe: { start: number; end: number },
   metrics: SandboxMetric[],
-  lifecycleEvents: SandboxEventDTO[]
+  lifecycleEvents: SandboxEventModel[]
 ): RenderedMonitoringSnapshot {
   return {
     timeframe: {
@@ -71,7 +71,7 @@ function isSameRenderedMonitoringSnapshot(
   timeframe: { start: number; end: number },
   fetchTimeframe: { start: number; end: number },
   metrics: SandboxMetric[],
-  lifecycleEvents: SandboxEventDTO[]
+  lifecycleEvents: SandboxEventModel[]
 ): boolean {
   return Boolean(
     snapshot &&
diff --git a/src/features/dashboard/sandbox/monitoring/state/use-sandbox-monitoring-controller.ts b/src/features/dashboard/sandbox/monitoring/state/use-sandbox-monitoring-controller.ts
index 438ec87b5..3478b2eef 100644
--- a/src/features/dashboard/sandbox/monitoring/state/use-sandbox-monitoring-controller.ts
+++ b/src/features/dashboard/sandbox/monitoring/state/use-sandbox-monitoring-controller.ts
@@ -3,10 +3,10 @@
 import { keepPreviousData, useQuery } from '@tanstack/react-query'
 import { parseAsInteger, parseAsString, useQueryStates } from 'nuqs'
 import { useCallback, useEffect, useMemo, useRef } from 'react'
+import type { SandboxMetric } from '@/core/modules/sandboxes/models'
 import { useDashboard } from '@/features/dashboard/context'
 import { useSandboxContext } from '@/features/dashboard/sandbox/context'
 import { getMsUntilNextAlignedInterval } from '@/lib/hooks/use-aligned-refetch-interval'
-import type { SandboxMetric } from '@/server/api/models/sandboxes.models'
 import { useTRPCClient } from '@/trpc/client'
 import {
   SANDBOX_LIFECYCLE_EVENT_KILLED,
@@ -213,29 +213,29 @@ export function useSandboxMonitoringController(sandboxId: string) {
     () =>
       [
         'sandboxMonitoringMetrics',
-        team?.id ?? '',
+        team?.slug ?? '',
         sandboxId,
         fetchTimeframe.start,
         fetchTimeframe.end,
       ] as const,
-    [sandboxId, fetchTimeframe.end, fetchTimeframe.start, team?.id]
+    [sandboxId, fetchTimeframe.end, fetchTimeframe.start, team?.slug]
   )
 
   const metricsQuery = useQuery<SandboxMetric[]>({
     queryKey,
-    enabled: Boolean(team?.id),
+    enabled: Boolean(team?.slug),
     placeholderData: keepPreviousData,
     refetchOnWindowFocus: !isLifecycleSettled,
     refetchOnReconnect: false,
     staleTime: SANDBOX_MONITORING_LIVE_POLLING_MS,
     refetchInterval: shouldPoll ? SANDBOX_MONITORING_LIVE_POLLING_MS : false,
     queryFn: async () => {
-      if (!team?.id) {
+      if (!team?.slug) {
         return []
       }
 
       return trpcClient.sandbox.resourceMetrics.query({
-        teamIdOrSlug: team.id,
+        teamSlug: team.slug,
         sandboxId,
         startMs: fetchTimeframe.start,
         endMs: fetchTimeframe.end,
diff --git a/src/features/dashboard/sandbox/monitoring/utils/chart-lifecycle.ts b/src/features/dashboard/sandbox/monitoring/utils/chart-lifecycle.ts
index f97cbcbe3..9fdbe1dec 100644
--- a/src/features/dashboard/sandbox/monitoring/utils/chart-lifecycle.ts
+++ b/src/features/dashboard/sandbox/monitoring/utils/chart-lifecycle.ts
@@ -1,4 +1,4 @@
-import type { SandboxEventDTO } from '@/server/api/models/sandboxes.models'
+import type { SandboxEventModel } from '@/core/modules/sandboxes/models'
 import type {
   SandboxMetricsDataPoint,
   SandboxMetricsLifecycleEventMarker,
@@ -76,8 +76,8 @@ const EVENT_STYLES: Record<string, { label: string; colorVar: string }> = {
 }
 
 function sortLifecycleEventsByTimestamp(
-  events: SandboxEventDTO[]
-): SandboxEventDTO[] {
+  events: SandboxEventModel[]
+): SandboxEventModel[] {
   return [...events].sort((a, b) => {
     const timestampA =
       parseDateTimestampMs(a.timestamp) ?? Number.MAX_SAFE_INTEGER
@@ -138,7 +138,7 @@ function toVisiblePauseWindow(
 }
 
 export function buildInactiveWindows(
-  lifecycleEvents: SandboxEventDTO[],
+  lifecycleEvents: SandboxEventModel[],
   rangeStart: number,
   rangeEnd: number
 ): LifecyclePauseWindow[] {
@@ -218,7 +218,7 @@ export function buildInactiveWindows(
 }
 
 export function buildLifecycleEventMarkers(
-  lifecycleEvents: SandboxEventDTO[],
+  lifecycleEvents: SandboxEventModel[],
   rangeStart: number,
   rangeEnd: number
 ): SandboxMetricsLifecycleEventMarker[] {
@@ -346,7 +346,7 @@ function hasValidDataWithinWindow(
 
 function buildSyntheticActiveWindowConnectors(
   data: SandboxMetricsDataPoint[],
-  lifecycleEvents: SandboxEventDTO[],
+  lifecycleEvents: SandboxEventModel[],
   rangeStart: number,
   rangeEnd: number
 ) {
@@ -395,7 +395,7 @@ function buildSyntheticActiveWindowConnectors(
 
 function buildActiveWindowStartConnectors(
   data: SandboxMetricsDataPoint[],
-  lifecycleEvents: SandboxEventDTO[],
+  lifecycleEvents: SandboxEventModel[],
   rangeStart: number,
   rangeEnd: number
 ) {
@@ -499,7 +499,7 @@ function injectGapNullPoints(
 export function applyPauseWindows(
   series: SandboxMetricsSeries[],
   pauseWindows: LifecyclePauseWindow[],
-  lifecycleEvents: SandboxEventDTO[],
+  lifecycleEvents: SandboxEventModel[],
   rangeStart: number,
   rangeEnd: number
 ): SandboxMetricsSeries[] {
diff --git a/src/features/dashboard/sandbox/monitoring/utils/chart-metrics.ts b/src/features/dashboard/sandbox/monitoring/utils/chart-metrics.ts
index 91f7e4fc5..152b5686b 100644
--- a/src/features/dashboard/sandbox/monitoring/utils/chart-metrics.ts
+++ b/src/features/dashboard/sandbox/monitoring/utils/chart-metrics.ts
@@ -1,5 +1,5 @@
 import { millisecondsInSecond } from 'date-fns/constants'
-import type { SandboxMetric } from '@/server/api/models/sandboxes.models'
+import type { SandboxMetric } from '@/core/modules/sandboxes/models'
 import type {
   SandboxMetricsDataPoint,
   SandboxMetricsSeries,
diff --git a/src/features/dashboard/sandbox/monitoring/utils/chart-model.ts b/src/features/dashboard/sandbox/monitoring/utils/chart-model.ts
index bca09249f..30946082a 100644
--- a/src/features/dashboard/sandbox/monitoring/utils/chart-model.ts
+++ b/src/features/dashboard/sandbox/monitoring/utils/chart-model.ts
@@ -1,7 +1,7 @@
 import type {
-  SandboxEventDTO,
+  SandboxEventModel,
   SandboxMetric,
-} from '@/server/api/models/sandboxes.models'
+} from '@/core/modules/sandboxes/models'
 import type { MonitoringChartModel } from '../types/sandbox-metrics-chart'
 import {
   applyPauseWindows,
@@ -18,7 +18,7 @@ import {
 
 interface BuildMonitoringChartModelOptions {
   metrics: SandboxMetric[]
-  lifecycleEvents?: SandboxEventDTO[]
+  lifecycleEvents?: SandboxEventModel[]
   startMs: number
   endMs: number
 }
diff --git a/src/features/dashboard/sandbox/monitoring/utils/timeframe.ts b/src/features/dashboard/sandbox/monitoring/utils/timeframe.ts
index 6e9b7bc17..713c76c30 100644
--- a/src/features/dashboard/sandbox/monitoring/utils/timeframe.ts
+++ b/src/features/dashboard/sandbox/monitoring/utils/timeframe.ts
@@ -1,5 +1,5 @@
+import type { SandboxDetailsModel } from '@/core/modules/sandboxes/models'
 import { calculateStepForDuration } from '@/features/dashboard/sandboxes/monitoring/utils'
-import type { SandboxDetailsDTO } from '@/server/api/models/sandboxes.models'
 import {
   SANDBOX_MONITORING_DEFAULT_RANGE_MS,
   SANDBOX_MONITORING_LIFECYCLE_PADDING_STEPS,
@@ -150,7 +150,7 @@ export interface SandboxLifecycleBounds {
 }
 
 export function getSandboxLifecycleBounds(
-  sandboxLifecycle: Pick<SandboxDetailsDTO, 'state'> & {
+  sandboxLifecycle: Pick<SandboxDetailsModel, 'state'> & {
     createdAt?: string | null
     pausedAt?: string | null
     endedAt?: string | null
diff --git a/src/features/dashboard/sandboxes/list/hooks/use-sandboxes-metrics.tsx b/src/features/dashboard/sandboxes/list/hooks/use-sandboxes-metrics.tsx
index 587d62bb4..87c207a16 100644
--- a/src/features/dashboard/sandboxes/list/hooks/use-sandboxes-metrics.tsx
+++ b/src/features/dashboard/sandboxes/list/hooks/use-sandboxes-metrics.tsx
@@ -3,9 +3,9 @@
 import { useQuery } from '@tanstack/react-query'
 import { useEffect, useMemo, useRef } from 'react'
 import { SANDBOXES_METRICS_POLLING_MS } from '@/configs/intervals'
+import type { Sandboxes } from '@/core/modules/sandboxes/models'
 import { areStringArraysEqual } from '@/lib/utils/array'
 import { useTRPC } from '@/trpc/client'
-import type { Sandboxes } from '@/types/api.types'
 import { useDashboard } from '../../../context'
 import { useSandboxMetricsStore } from '../stores/metrics-store'
 
@@ -56,10 +56,10 @@ export function useSandboxesMetrics({
 
   const metricsQueryInput = useMemo(
     () => ({
-      teamIdOrSlug: team.slug ?? team.id,
+      teamSlug: team.slug,
       sandboxIds: activeSandboxIds,
     }),
-    [activeSandboxIds, team.id, team.slug]
+    [activeSandboxIds, team.slug]
   )
 
   const { data } = useQuery(
diff --git a/src/features/dashboard/sandboxes/list/open-sandbox-dialog.tsx b/src/features/dashboard/sandboxes/list/open-sandbox-dialog.tsx
index e0ef97e39..9d9efb71b 100644
--- a/src/features/dashboard/sandboxes/list/open-sandbox-dialog.tsx
+++ b/src/features/dashboard/sandboxes/list/open-sandbox-dialog.tsx
@@ -4,8 +4,8 @@ import { useQueryClient } from '@tanstack/react-query'
 import { useRouter } from 'next/navigation'
 import { type FormEvent, useState } from 'react'
 import { PROTECTED_URLS } from '@/configs/urls'
+import { SandboxIdSchema } from '@/core/shared/schemas/api'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
-import { SandboxIdSchema } from '@/lib/schemas/api'
 import { isNotFoundError } from '@/lib/utils/trpc-errors'
 import { useTRPC } from '@/trpc/client'
 import { Button } from '@/ui/primitives/button'
@@ -26,8 +26,7 @@ type LookupState = 'idle' | 'not-found' | 'error'
 export function OpenSandboxDialog() {
   'use no memo'
 
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/sandboxes'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/sandboxes'>()
 
   const router = useRouter()
   const trpc = useTRPC()
@@ -72,13 +71,13 @@ export function OpenSandboxDialog() {
     try {
       await queryClient.fetchQuery(
         trpc.sandbox.details.queryOptions(
-          { teamIdOrSlug, sandboxId },
+          { teamSlug, sandboxId },
           {
             retry: false,
           }
         )
       )
-      router.push(PROTECTED_URLS.SANDBOX(teamIdOrSlug, sandboxId))
+      router.push(PROTECTED_URLS.SANDBOX(teamSlug, sandboxId))
       setOpen(false)
       resetState()
     } catch (error) {
diff --git a/src/features/dashboard/sandboxes/list/stores/metrics-store.ts b/src/features/dashboard/sandboxes/list/stores/metrics-store.ts
index d436ab01f..a7ed7fdbd 100644
--- a/src/features/dashboard/sandboxes/list/stores/metrics-store.ts
+++ b/src/features/dashboard/sandboxes/list/stores/metrics-store.ts
@@ -1,7 +1,7 @@
 'use client'
 
 import { create } from 'zustand'
-import type { ClientSandboxesMetrics } from '@/types/sandboxes.types'
+import type { ClientSandboxesMetrics } from '@/core/modules/sandboxes/models.client'
 
 // maximum number of sandbox metrics to keep in memory
 // this is to prevent the store from growing too large and causing performance issues
diff --git a/src/features/dashboard/sandboxes/list/table-cells.tsx b/src/features/dashboard/sandboxes/list/table-cells.tsx
index d5a08abe1..0144e961e 100644
--- a/src/features/dashboard/sandboxes/list/table-cells.tsx
+++ b/src/features/dashboard/sandboxes/list/table-cells.tsx
@@ -131,7 +131,7 @@ export function TemplateCell({
         }
 
         useTemplateTableStore.getState().setGlobalFilter(templateId)
-        router.push(PROTECTED_URLS.TEMPLATES(team.slug ?? team.id))
+        router.push(PROTECTED_URLS.TEMPLATES(team.slug))
       }}
     >
       <span className="min-w-0 truncate">{templateIdentifier}</span>
diff --git a/src/features/dashboard/sandboxes/list/table-config.tsx b/src/features/dashboard/sandboxes/list/table-config.tsx
index b2fa5a0ca..c317ea3fb 100644
--- a/src/features/dashboard/sandboxes/list/table-config.tsx
+++ b/src/features/dashboard/sandboxes/list/table-config.tsx
@@ -4,7 +4,7 @@ import { rankItem } from '@tanstack/match-sorter-utils'
 import type { ColumnDef, FilterFn, Table } from '@tanstack/react-table'
 import { isWithinInterval } from 'date-fns'
 import type { DateRange } from 'react-day-picker'
-import type { Sandbox } from '@/types/api.types'
+import type { Sandbox } from '@/core/modules/sandboxes/models'
 
 import {
   CpuUsageCell,
diff --git a/src/features/dashboard/sandboxes/list/table-row.tsx b/src/features/dashboard/sandboxes/list/table-row.tsx
index e206a7c8f..9eefe220a 100644
--- a/src/features/dashboard/sandboxes/list/table-row.tsx
+++ b/src/features/dashboard/sandboxes/list/table-row.tsx
@@ -13,12 +13,11 @@ interface SandboxesTableRowProps {
 export const SandboxesTableRow = memo(function SandboxesTableRow({
   row,
 }: SandboxesTableRowProps) {
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/sandboxes'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/sandboxes'>()
 
   return (
     <Link
-      href={PROTECTED_URLS.SANDBOX(teamIdOrSlug, row.original.sandboxID)}
+      href={PROTECTED_URLS.SANDBOX(teamSlug, row.original.sandboxID)}
       prefetch={false}
       passHref
     >
diff --git a/src/features/dashboard/sandboxes/list/table.tsx b/src/features/dashboard/sandboxes/list/table.tsx
index 857a43efc..3ff356aa7 100644
--- a/src/features/dashboard/sandboxes/list/table.tsx
+++ b/src/features/dashboard/sandboxes/list/table.tsx
@@ -81,8 +81,7 @@ export default function SandboxesTable() {
   'use no memo'
 
   const scrollRef = useRef<HTMLDivElement>(null)
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/sandboxes'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/sandboxes'>()
 
   const trpc = useTRPC()
 
@@ -97,7 +96,7 @@ export default function SandboxesTable() {
 
   const { data, refetch, isFetching } = useSuspenseQuery(
     trpc.sandboxes.getSandboxes.queryOptions(
-      { teamIdOrSlug },
+      { teamSlug },
       {
         refetchOnMount: 'always',
         refetchOnWindowFocus: true,
diff --git a/src/features/dashboard/sandboxes/live-counter.client.tsx b/src/features/dashboard/sandboxes/live-counter.client.tsx
index c35f0d658..e49977db2 100644
--- a/src/features/dashboard/sandboxes/live-counter.client.tsx
+++ b/src/features/dashboard/sandboxes/live-counter.client.tsx
@@ -2,7 +2,7 @@
 
 import type { InferSafeActionFnResult } from 'next-safe-action'
 import type { NonUndefined } from 'react-hook-form'
-import type { getTeamMetrics } from '@/server/sandboxes/get-team-metrics'
+import type { getTeamMetrics } from '@/core/server/functions/sandboxes/get-team-metrics'
 import { LiveSandboxCounter } from './live-counter'
 import { useRecentMetrics } from './monitoring/hooks/use-recent-metrics'
 
diff --git a/src/features/dashboard/sandboxes/live-counter.server.tsx b/src/features/dashboard/sandboxes/live-counter.server.tsx
index 5d0c6bd20..5f87fdda4 100644
--- a/src/features/dashboard/sandboxes/live-counter.server.tsx
+++ b/src/features/dashboard/sandboxes/live-counter.server.tsx
@@ -1,13 +1,13 @@
 import { Suspense } from 'react'
-import { l } from '@/lib/clients/logger/logger'
+import { getTeamMetrics } from '@/core/server/functions/sandboxes/get-team-metrics'
+import { l } from '@/core/shared/clients/logger/logger'
 import { cn } from '@/lib/utils'
 import { getNowMemo } from '@/lib/utils/server'
-import { getTeamMetrics } from '@/server/sandboxes/get-team-metrics'
 import { Skeleton } from '@/ui/primitives/skeleton'
 import { LiveSandboxCounterClient } from './live-counter.client'
 
 interface LiveSandboxCounterServerProps {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
   className?: string
 }
 
@@ -30,14 +30,14 @@ async function LiveSandboxCounterResolver({
   params,
   className,
 }: LiveSandboxCounterServerProps) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
   // use request-consistent timestamp for cache deduplication
   const now = getNowMemo()
   const start = now - 60_000
 
   const teamMetricsResult = await getTeamMetrics({
-    teamIdOrSlug,
+    teamSlug,
     startDate: start,
     endDate: now,
   })
@@ -47,7 +47,7 @@ async function LiveSandboxCounterResolver({
       {
         key: 'live_sandbox_counter:error',
         context: {
-          teamIdOrSlug,
+          teamSlug,
           serverError: teamMetricsResult?.serverError,
         },
       },
diff --git a/src/features/dashboard/sandboxes/monitoring/charts-context.tsx b/src/features/dashboard/sandboxes/monitoring/charts-context.tsx
index f2e6aeaf9..d330b5234 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts-context.tsx
+++ b/src/features/dashboard/sandboxes/monitoring/charts-context.tsx
@@ -8,7 +8,7 @@ import {
   useState,
 } from 'react'
 import useSWR from 'swr'
-import type { TeamMetricsResponse } from '@/app/api/teams/[teamId]/metrics/types'
+import type { TeamMetricsResponse } from '@/app/api/teams/[teamSlug]/metrics/types'
 import { useDashboard } from '../../context'
 import { useTimeframe } from './hooks/use-timeframe'
 
@@ -49,7 +49,7 @@ export function TeamMetricsChartsProvider({
   )
 
   const { data, error, isLoading, isValidating } = useSWR<TeamMetricsResponse>(
-    [`/api/teams/${team.id}/metrics`, timeframe.start, timeframe.end],
+    [`/api/teams/${team.slug}/metrics`, timeframe.start, timeframe.end],
     async ([url, start, end]: [string, number, number]) => {
       const response = await fetch(url, {
         method: 'POST',
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/charts.tsx b/src/features/dashboard/sandboxes/monitoring/charts/charts.tsx
index a858d5ede..4d1b5551a 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/charts.tsx
+++ b/src/features/dashboard/sandboxes/monitoring/charts/charts.tsx
@@ -1,14 +1,13 @@
 import { Suspense } from 'react'
 import { TEAM_METRICS_INITIAL_RANGE_MS } from '@/configs/intervals'
-import { getTeamMetrics } from '@/server/sandboxes/get-team-metrics'
-import { getTeamLimits } from '@/server/team/get-team-limits'
+import { getTeamMetrics } from '@/core/server/functions/sandboxes/get-team-metrics'
 import { TeamMetricsChartsProvider } from '../charts-context'
 import ConcurrentChartClient from './concurrent-chart'
 import ChartFallback from './fallback'
 import StartRateChartClient from './startrate-chart'
 
 interface TeamMetricsChartsProps {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
   searchParams: Promise<{ start?: string; end?: string }>
 }
 
@@ -37,7 +36,7 @@ async function TeamMetricsChartsResolver({
   params,
   searchParams,
 }: TeamMetricsChartsProps) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
   const { start: startParam, end: endParam } = await searchParams
 
   // parse start/end from URL params with defaults
@@ -47,14 +46,11 @@ async function TeamMetricsChartsResolver({
     : now - TEAM_METRICS_INITIAL_RANGE_MS
   const end = endParam ? parseInt(endParam, 10) : now
 
-  const [teamMetricsResult, tierLimitsResult] = await Promise.all([
-    getTeamMetrics({
-      teamIdOrSlug,
-      startDate: start,
-      endDate: end,
-    }),
-    getTeamLimits({ teamIdOrSlug }),
-  ])
+  const teamMetricsResult = await getTeamMetrics({
+    teamSlug,
+    startDate: start,
+    endDate: end,
+  })
 
   if (
     !teamMetricsResult?.data ||
@@ -82,13 +78,9 @@ async function TeamMetricsChartsResolver({
     )
   }
 
-  const concurrentInstancesLimit = tierLimitsResult?.data?.concurrentInstances
-
   return (
     <TeamMetricsChartsProvider initialData={teamMetricsResult.data}>
-      <ConcurrentChartClient
-        concurrentInstancesLimit={concurrentInstancesLimit}
-      />
+      <ConcurrentChartClient />
       <StartRateChartClient />
     </TeamMetricsChartsProvider>
   )
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/hooks.ts b/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/hooks.ts
index e61da8ceb..c0891cd68 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/hooks.ts
+++ b/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/hooks.ts
@@ -1,5 +1,5 @@
 import { useMemo } from 'react'
-import type { TeamMetricsResponse } from '@/app/api/teams/[teamId]/metrics/types'
+import type { TeamMetricsResponse } from '@/app/api/teams/[teamSlug]/metrics/types'
 import { formatCompactDate, formatNumber } from '@/lib/utils/formatting'
 import { formatTimeframeAsISO8601Interval } from '@/lib/utils/timeframe'
 import { transformMetrics } from '../team-metrics-chart'
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/index.tsx b/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/index.tsx
index e59b70be7..04f7ee7d9 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/index.tsx
+++ b/src/features/dashboard/sandboxes/monitoring/charts/concurrent-chart/index.tsx
@@ -1,6 +1,7 @@
 'use client'
 
 import { useCallback, useRef } from 'react'
+import { useDashboard } from '@/features/dashboard/context'
 import { ReactiveLiveBadge } from '@/ui/live'
 import { useTeamMetricsCharts } from '../../charts-context'
 import { AnimatedMetricDisplay } from '../animated-metric-display'
@@ -13,13 +14,8 @@ import {
   useTimeRangeDisplay,
 } from './hooks'
 
-interface ConcurrentChartProps {
-  concurrentInstancesLimit?: number
-}
-
-export default function ConcurrentChartClient({
-  concurrentInstancesLimit,
-}: ConcurrentChartProps) {
+export default function ConcurrentChartClient() {
+  const { team } = useDashboard()
   const {
     data,
     isPolling,
@@ -100,7 +96,7 @@ export default function ConcurrentChartClient({
         metrics={data.metrics}
         step={data.step}
         timeframe={timeframe}
-        concurrentLimit={concurrentInstancesLimit}
+        concurrentLimit={team.limits.concurrentSandboxes}
         onZoomEnd={(from, end) => setCustomRange(from, end)}
         onTooltipValueChange={handleTooltipValueChange}
         onHoverEnd={handleHoverEnd}
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/startrate-chart/hooks.ts b/src/features/dashboard/sandboxes/monitoring/charts/startrate-chart/hooks.ts
index ac3add85e..3e04a5def 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/startrate-chart/hooks.ts
+++ b/src/features/dashboard/sandboxes/monitoring/charts/startrate-chart/hooks.ts
@@ -1,5 +1,5 @@
 import { useMemo } from 'react'
-import type { TeamMetricsResponse } from '@/app/api/teams/[teamId]/metrics/types'
+import type { TeamMetricsResponse } from '@/app/api/teams/[teamSlug]/metrics/types'
 import { formatCompactDate, formatDecimal } from '@/lib/utils/formatting'
 import { transformMetrics } from '../team-metrics-chart'
 import { calculateAverage } from '../team-metrics-chart/utils'
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/types.ts b/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/types.ts
index 75dc33868..c1f649c55 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/types.ts
+++ b/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/types.ts
@@ -1,4 +1,4 @@
-import type { ClientTeamMetric } from '@/types/sandboxes.types'
+import type { ClientTeamMetric } from '@/core/modules/sandboxes/models.client'
 
 export type ChartType = 'concurrent' | 'start-rate'
 
diff --git a/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/utils.ts b/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/utils.ts
index d058b18aa..8a1d9e6ab 100644
--- a/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/utils.ts
+++ b/src/features/dashboard/sandboxes/monitoring/charts/team-metrics-chart/utils.ts
@@ -1,5 +1,5 @@
+import type { ClientTeamMetric } from '@/core/modules/sandboxes/models.client'
 import { formatAxisNumber } from '@/lib/utils/formatting'
-import type { ClientTeamMetric } from '@/types/sandboxes.types'
 import type { TeamMetricDataPoint } from './types'
 
 /**
diff --git a/src/features/dashboard/sandboxes/monitoring/header.client.tsx b/src/features/dashboard/sandboxes/monitoring/header.client.tsx
index 098ec85e3..b66c82ded 100644
--- a/src/features/dashboard/sandboxes/monitoring/header.client.tsx
+++ b/src/features/dashboard/sandboxes/monitoring/header.client.tsx
@@ -3,8 +3,9 @@
 import type { InferSafeActionFnResult } from 'next-safe-action'
 import { useMemo } from 'react'
 import type { NonUndefined } from 'react-hook-form'
+import type { getTeamMetrics } from '@/core/server/functions/sandboxes/get-team-metrics'
+import { useDashboard } from '@/features/dashboard/context'
 import { formatDecimal, formatNumber } from '@/lib/utils/formatting'
-import type { getTeamMetrics } from '@/server/sandboxes/get-team-metrics'
 import { AnimatedNumber } from '@/ui/primitives/animated-number'
 import { useRecentMetrics } from './hooks/use-recent-metrics'
 
@@ -12,14 +13,14 @@ interface TeamMonitoringHeaderClientProps {
   initialData: NonUndefined<
     InferSafeActionFnResult<typeof getTeamMetrics>['data']
   >
-  limit?: number
 }
 
 export function ConcurrentSandboxesClient({
   initialData,
-  limit,
 }: TeamMonitoringHeaderClientProps) {
+  const { team } = useDashboard()
   const { data } = useRecentMetrics({ initialData })
+  const limit = team.limits.concurrentSandboxes
 
   const lastConcurrentSandboxes = formatNumber(
     data?.metrics?.[(data?.metrics?.length ?? 0) - 1]?.concurrentSandboxes ?? 0
@@ -58,3 +59,25 @@ export function SandboxesStartRateClient({
     />
   )
 }
+
+interface MaxConcurrentSandboxesClientProps {
+  concurrentSandboxes: number
+}
+
+export function MaxConcurrentSandboxesClient({
+  concurrentSandboxes,
+}: MaxConcurrentSandboxesClientProps) {
+  const { team } = useDashboard()
+  const limit = team.limits.concurrentSandboxes
+
+  return (
+    <>
+      <span className="prose-value-big mt-1">
+        {formatNumber(concurrentSandboxes)}
+      </span>
+      <span className="absolute right-3 bottom-1 md:right-6 md:bottom-4 prose-label text-fg-tertiary ">
+        LIMIT: {formatNumber(limit)}
+      </span>
+    </>
+  )
+}
diff --git a/src/features/dashboard/sandboxes/monitoring/header.tsx b/src/features/dashboard/sandboxes/monitoring/header.tsx
index 295b9efe3..b7fa946c8 100644
--- a/src/features/dashboard/sandboxes/monitoring/header.tsx
+++ b/src/features/dashboard/sandboxes/monitoring/header.tsx
@@ -1,21 +1,20 @@
 import { AlertTriangle } from 'lucide-react'
 import { Suspense } from 'react'
-import { formatNumber } from '@/lib/utils/formatting'
+import { getTeamMetrics } from '@/core/server/functions/sandboxes/get-team-metrics'
+import { getTeamMetricsMax } from '@/core/server/functions/sandboxes/get-team-metrics-max'
 import { getNowMemo } from '@/lib/utils/server'
-import { getTeamMetrics } from '@/server/sandboxes/get-team-metrics'
-import { getTeamMetricsMax } from '@/server/sandboxes/get-team-metrics-max'
-import { getTeamLimits } from '@/server/team/get-team-limits'
 import ErrorTooltip from '@/ui/error-tooltip'
 import { SemiLiveBadge } from '@/ui/live'
 import { Skeleton } from '@/ui/primitives/skeleton'
 import {
   ConcurrentSandboxesClient,
+  MaxConcurrentSandboxesClient,
   SandboxesStartRateClient,
 } from './header.client'
 import { MAX_DAYS_AGO } from './time-picker/constants'
 
 interface MonitoringContentParams {
-  teamIdOrSlug: string
+  teamSlug: string
 }
 
 function BaseCard({ children }: { children: React.ReactNode }) {
@@ -100,20 +99,17 @@ export const ConcurrentSandboxes = async ({
 }: {
   params: Promise<MonitoringContentParams>
 }) => {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
   // use request-consistent timestamp for cache deduplication
   const now = getNowMemo()
   const start = now - 60_000
 
-  const [teamMetricsResult, teamLimitsResult] = await Promise.all([
-    getTeamMetrics({
-      teamIdOrSlug,
-      startDate: start,
-      endDate: now,
-    }),
-    getTeamLimits({ teamIdOrSlug }),
-  ])
+  const teamMetricsResult = await getTeamMetrics({
+    teamSlug,
+    startDate: start,
+    endDate: now,
+  })
 
   if (!teamMetricsResult?.data || teamMetricsResult.serverError) {
     return (
@@ -124,12 +120,7 @@ export const ConcurrentSandboxes = async ({
     )
   }
 
-  return (
-    <ConcurrentSandboxesClient
-      initialData={teamMetricsResult.data}
-      limit={teamLimitsResult?.data?.concurrentInstances}
-    />
-  )
+  return <ConcurrentSandboxesClient initialData={teamMetricsResult.data} />
 }
 
 export const SandboxesStartRate = async ({
@@ -137,14 +128,14 @@ export const SandboxesStartRate = async ({
 }: {
   params: Promise<MonitoringContentParams>
 }) => {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
   // use same request-consistent timestamp as ConcurrentSandboxes
   const now = getNowMemo()
   const start = now - 60_000
 
   const teamMetricsResult = await getTeamMetrics({
-    teamIdOrSlug,
+    teamSlug,
     startDate: start,
     endDate: now,
   })
@@ -166,20 +157,17 @@ export const MaxConcurrentSandboxes = async ({
 }: {
   params: Promise<MonitoringContentParams>
 }) => {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
   const end = Date.now()
   const start = end - (MAX_DAYS_AGO - 60_000) // 1 minute margin to avoid validation errors
 
-  const [teamMetricsResult, teamLimitsResult] = await Promise.all([
-    getTeamMetricsMax({
-      teamIdOrSlug,
-      startDate: start,
-      endDate: end,
-      metric: 'concurrent_sandboxes',
-    }),
-    getTeamLimits({ teamIdOrSlug }),
-  ])
+  const teamMetricsResult = await getTeamMetricsMax({
+    teamSlug,
+    startDate: start,
+    endDate: end,
+    metric: 'concurrent_sandboxes',
+  })
 
   if (!teamMetricsResult?.data || teamMetricsResult.serverError) {
     return (
@@ -190,20 +178,9 @@ export const MaxConcurrentSandboxes = async ({
     )
   }
 
-  const limit = teamLimitsResult?.data?.concurrentInstances
-
-  const concurrentSandboxes = teamMetricsResult.data.value
-
   return (
-    <>
-      <span className="prose-value-big mt-1">
-        {formatNumber(concurrentSandboxes)}
-      </span>
-      {!!limit && (
-        <span className="absolute right-3 bottom-1 md:right-6 md:bottom-4 prose-label text-fg-tertiary ">
-          LIMIT: {formatNumber(limit)}
-        </span>
-      )}
-    </>
+    <MaxConcurrentSandboxesClient
+      concurrentSandboxes={teamMetricsResult.data.value}
+    />
   )
 }
diff --git a/src/features/dashboard/sandboxes/monitoring/hooks/use-recent-metrics.ts b/src/features/dashboard/sandboxes/monitoring/hooks/use-recent-metrics.ts
index e093eaaa7..6493d693e 100644
--- a/src/features/dashboard/sandboxes/monitoring/hooks/use-recent-metrics.ts
+++ b/src/features/dashboard/sandboxes/monitoring/hooks/use-recent-metrics.ts
@@ -4,7 +4,7 @@ import { usePathname } from 'next/navigation'
 import { parseAsInteger, useQueryStates } from 'nuqs'
 import { useMemo } from 'react'
 import useSWR from 'swr'
-import type { TeamMetricsResponse } from '@/app/api/teams/[teamId]/metrics/types'
+import type { TeamMetricsResponse } from '@/app/api/teams/[teamSlug]/metrics/types'
 import { TEAM_METRICS_POLLING_INTERVAL_MS } from '@/configs/intervals'
 import { SWR_KEYS } from '@/configs/keys'
 import { useDashboard } from '@/features/dashboard/context'
@@ -64,17 +64,17 @@ export function useRecentMetrics({
   const swrKey: readonly [string | null, string | null, ...unknown[]] = team
     ? shouldSyncWithTimeframe
       ? [
-          ...SWR_KEYS.TEAM_METRICS_RECENT(team.id),
+          ...SWR_KEYS.TEAM_METRICS_RECENT(team.slug),
           timeframeParams.start,
           timeframeParams.end,
         ]
-      : SWR_KEYS.TEAM_METRICS_RECENT(team.id)
+      : SWR_KEYS.TEAM_METRICS_RECENT(team.slug)
     : [null, null]
 
   return useSWR<TeamMetricsResponse | undefined>(
     swrKey,
-    async ([url, teamId]: typeof swrKey) => {
-      if (!url || !teamId) return
+    async ([url, teamSlug]: typeof swrKey) => {
+      if (!url || !teamSlug) return
 
       const fetchEnd = Date.now()
       const fetchStart = fetchEnd - 60_000
diff --git a/src/features/dashboard/settings/general/name-card.tsx b/src/features/dashboard/settings/general/name-card.tsx
index 60219b59a..b9d629b78 100644
--- a/src/features/dashboard/settings/general/name-card.tsx
+++ b/src/features/dashboard/settings/general/name-card.tsx
@@ -2,8 +2,12 @@
 
 import { zodResolver } from '@hookform/resolvers/zod'
 import { useHookFormOptimisticAction } from '@next-safe-action/adapter-react-hook-form/hooks'
+import { useQueryClient } from '@tanstack/react-query'
 import { AnimatePresence, motion } from 'motion/react'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { getTransformedDefaultTeamName } from '@/core/modules/teams/utils'
+import { updateTeamNameAction } from '@/core/server/actions/team-actions'
+import { UpdateTeamNameSchema } from '@/core/server/functions/team/types'
 import { useDashboard } from '@/features/dashboard/context'
 import {
   defaultErrorToast,
@@ -11,8 +15,7 @@ import {
   useToast,
 } from '@/lib/hooks/use-toast'
 import { exponentialSmoothing } from '@/lib/utils'
-import { updateTeamNameAction } from '@/server/team/team-actions'
-import { UpdateTeamNameSchema } from '@/server/team/types'
+import { useTRPC } from '@/trpc/client'
 import { Button } from '@/ui/primitives/button'
 import {
   Card,
@@ -38,6 +41,8 @@ export function NameCard({ className }: NameCardProps) {
   'use no memo'
 
   const { team } = useDashboard()
+  const trpc = useTRPC()
+  const queryClient = useQueryClient()
 
   const { toast } = useToast()
 
@@ -51,7 +56,7 @@ export function NameCard({ className }: NameCardProps) {
     {
       formProps: {
         defaultValues: {
-          teamIdOrSlug: team.id,
+          teamSlug: team.slug,
           name: team.name,
         },
       },
@@ -70,6 +75,9 @@ export function NameCard({ className }: NameCardProps) {
           }
         },
         onSuccess: async () => {
+          await queryClient.invalidateQueries({
+            queryKey: trpc.teams.list.queryKey(),
+          })
           toast(defaultSuccessToast(USER_MESSAGES.teamNameUpdated.message))
         },
         onError: ({ error }) => {
@@ -86,6 +94,9 @@ export function NameCard({ className }: NameCardProps) {
   )
 
   const { watch } = form
+  const displayedNameHint = getTransformedDefaultTeamName(
+    optimisticState?.team ?? team
+  )
 
   return (
     <Card className={className}>
@@ -110,7 +121,7 @@ export function NameCard({ className }: NameCardProps) {
                     <Input placeholder="Acme, Inc." {...field} />
                   </FormControl>
                   <AnimatePresence initial={false}>
-                    {team.transformed_default_name && (
+                    {displayedNameHint && (
                       <motion.span
                         className="text-fg-tertiary ml-0.5 text-xs"
                         animate={{
@@ -126,7 +137,7 @@ export function NameCard({ className }: NameCardProps) {
                       >
                         Seen as -{' '}
                         <span className="text-accent-info-highlight">
-                          {team.transformed_default_name}
+                          {displayedNameHint}
                         </span>
                       </motion.span>
                     )}
diff --git a/src/features/dashboard/settings/general/profile-picture-card.tsx b/src/features/dashboard/settings/general/profile-picture-card.tsx
index 3505f1c41..e6193d522 100644
--- a/src/features/dashboard/settings/general/profile-picture-card.tsx
+++ b/src/features/dashboard/settings/general/profile-picture-card.tsx
@@ -1,10 +1,12 @@
 'use client'
 
+import { useQueryClient } from '@tanstack/react-query'
 import { AnimatePresence, motion } from 'framer-motion'
 import { ChevronsUp, ImagePlusIcon, Loader2, Pencil } from 'lucide-react'
 import { useAction } from 'next-safe-action/hooks'
 import { useRef, useState } from 'react'
 import { USER_MESSAGES } from '@/configs/user-messages'
+import { uploadTeamProfilePictureAction } from '@/core/server/actions/team-actions'
 import { useDashboard } from '@/features/dashboard/context'
 import {
   defaultErrorToast,
@@ -12,7 +14,7 @@ import {
   useToast,
 } from '@/lib/hooks/use-toast'
 import { cn, exponentialSmoothing } from '@/lib/utils'
-import { uploadTeamProfilePictureAction } from '@/server/team/team-actions'
+import { useTRPC } from '@/trpc/client'
 import { Avatar, AvatarFallback, AvatarImage } from '@/ui/primitives/avatar'
 import { Badge } from '@/ui/primitives/badge'
 import { cardVariants } from '@/ui/primitives/card'
@@ -23,6 +25,8 @@ interface ProfilePictureCardProps {
 
 export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
   const { team } = useDashboard()
+  const trpc = useTRPC()
+  const queryClient = useQueryClient()
   const { toast } = useToast()
   const fileInputRef = useRef<HTMLInputElement>(null)
   const [isHovered, setIsHovered] = useState(false)
@@ -30,7 +34,10 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
   const { execute: uploadProfilePicture, isExecuting: isUploading } = useAction(
     uploadTeamProfilePictureAction,
     {
-      onSuccess: () => {
+      onSuccess: async () => {
+        await queryClient.invalidateQueries({
+          queryKey: trpc.teams.list.queryKey(),
+        })
         toast(defaultSuccessToast(USER_MESSAGES.teamLogoUpdated.message))
       },
       onError: ({ error }) => {
@@ -54,9 +61,8 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
   )
 
   const handleUpload = (e: React.ChangeEvent<HTMLInputElement>) => {
-    if (e.target.files && e.target.files[0]) {
-      const file = e.target.files[0]
-
+    const file = e.target.files?.[0]
+    if (file) {
       const MAX_FILE_SIZE = 5 * 1024 * 1024 // 5MB in bytes
 
       if (file.size > MAX_FILE_SIZE) {
@@ -72,12 +78,8 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
         return
       }
 
-      const formData = new FormData()
-      formData.append('teamId', team.id)
-      formData.append('image', file)
-
       uploadProfilePicture({
-        teamIdOrSlug: team.id,
+        teamSlug: team.slug,
         image: file,
       })
     }
@@ -89,7 +91,9 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
 
   return (
     <>
-      <div
+      <button
+        type="button"
+        aria-label="Upload team profile picture"
         className="relative cursor-pointer p-4 pr-0 md:p-6 md:pr-0"
         onClick={handleAvatarClick}
         onMouseEnter={() => setIsHovered(true)}
@@ -99,13 +103,13 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
           className={cn(
             'relative h-24 w-24',
             {
-              'border-none drop-shadow-lg filter': team.profile_picture_url,
+              'border-none drop-shadow-lg filter': team.profilePictureUrl,
             },
             className
           )}
         >
           <AvatarImage
-            src={team.profile_picture_url || ''}
+            src={team.profilePictureUrl || ''}
             alt={`${team.name}'s profile picture`}
           />
           <AvatarFallback className="bg-bg-hover relative text-2xl ">
@@ -169,7 +173,7 @@ export function ProfilePictureCard({ className }: ProfilePictureCardProps) {
             ) : null}
           </AnimatePresence>
         </Avatar>
-      </div>
+      </button>
       <input
         type="file"
         ref={fileInputRef}
diff --git a/src/features/dashboard/settings/keys/create-api-key-dialog.tsx b/src/features/dashboard/settings/keys/create-api-key-dialog.tsx
index 27b83b745..d8f465449 100644
--- a/src/features/dashboard/settings/keys/create-api-key-dialog.tsx
+++ b/src/features/dashboard/settings/keys/create-api-key-dialog.tsx
@@ -7,8 +7,8 @@ import { usePostHog } from 'posthog-js/react'
 import { type FC, type ReactNode, useState } from 'react'
 import { useForm } from 'react-hook-form'
 import { z } from 'zod'
+import { createApiKeyAction } from '@/core/server/actions/key-actions'
 import { defaultErrorToast, useToast } from '@/lib/hooks/use-toast'
-import { createApiKeyAction } from '@/server/keys/key-actions'
 import CopyButton from '@/ui/copy-button'
 import { Alert, AlertDescription, AlertTitle } from '@/ui/primitives/alert'
 import { Button } from '@/ui/primitives/button'
@@ -49,7 +49,7 @@ interface CreateApiKeyDialogProps {
 const CreateApiKeyDialog: FC<CreateApiKeyDialogProps> = ({ children }) => {
   'use no memo'
 
-  const { teamIdOrSlug } = useParams() as { teamIdOrSlug: string }
+  const { teamSlug } = useParams() as { teamSlug: string }
 
   const [open, setOpen] = useState(false)
   const [createdApiKey, setCreatedApiKey] = useState<string | null>(null)
@@ -98,7 +98,7 @@ const CreateApiKeyDialog: FC<CreateApiKeyDialogProps> = ({ children }) => {
           <Form {...form}>
             <form
               onSubmit={form.handleSubmit((values) =>
-                createApiKey({ teamIdOrSlug, name: values.name })
+                createApiKey({ teamSlug, name: values.name })
               )}
               className="flex flex-col gap-6"
             >
diff --git a/src/features/dashboard/settings/keys/table-body.tsx b/src/features/dashboard/settings/keys/table-body.tsx
index 2a7a0f706..8843f55fb 100644
--- a/src/features/dashboard/settings/keys/table-body.tsx
+++ b/src/features/dashboard/settings/keys/table-body.tsx
@@ -1,20 +1,20 @@
 import { CLI_GENERATED_KEY_NAME } from '@/configs/api'
-import { getTeamApiKeys } from '@/server/keys/get-api-keys'
+import { getTeamApiKeys } from '@/core/server/functions/keys/get-api-keys'
 import { ErrorIndicator } from '@/ui/error-indicator'
 import { Alert, AlertDescription, AlertTitle } from '@/ui/primitives/alert'
 import { TableCell, TableRow } from '@/ui/primitives/table'
 import ApiKeyTableRow from './table-row'
 
 interface TableBodyContentProps {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
 }
 
 export default async function TableBodyContent({
   params,
 }: TableBodyContentProps) {
-  const { teamIdOrSlug } = await params
+  const { teamSlug } = await params
 
-  const result = await getTeamApiKeys({ teamIdOrSlug })
+  const result = await getTeamApiKeys({ teamSlug })
 
   if (!result?.data || result.serverError || result.validationErrors) {
     return (
diff --git a/src/features/dashboard/settings/keys/table-row.tsx b/src/features/dashboard/settings/keys/table-row.tsx
index fa81952ee..86f2467c4 100644
--- a/src/features/dashboard/settings/keys/table-row.tsx
+++ b/src/features/dashboard/settings/keys/table-row.tsx
@@ -5,6 +5,8 @@ import { motion } from 'motion/react'
 import { useAction } from 'next-safe-action/hooks'
 import { useState } from 'react'
 import { API_KEYS_LAST_USED_FIRST_COLLECTION_DATE } from '@/configs/versioning'
+import type { TeamAPIKey } from '@/core/modules/keys/models'
+import { deleteApiKeyAction } from '@/core/server/actions/key-actions'
 import { useDashboard } from '@/features/dashboard/context'
 import {
   defaultErrorToast,
@@ -12,8 +14,6 @@ import {
   useToast,
 } from '@/lib/hooks/use-toast'
 import { exponentialSmoothing } from '@/lib/utils'
-import { deleteApiKeyAction } from '@/server/keys/key-actions'
-import type { TeamAPIKey } from '@/types/api.types'
 import { AlertDialog } from '@/ui/alert-dialog'
 import { Button } from '@/ui/primitives/button'
 import {
@@ -63,7 +63,7 @@ export default function ApiKeyTableRow({
 
   const deleteKey = () => {
     executeDeleteKey({
-      teamIdOrSlug: team.id,
+      teamSlug: team.slug,
       apiKeyId: apiKey.id,
     })
   }
diff --git a/src/features/dashboard/settings/keys/table.tsx b/src/features/dashboard/settings/keys/table.tsx
index 989e29d4c..28fa4645d 100644
--- a/src/features/dashboard/settings/keys/table.tsx
+++ b/src/features/dashboard/settings/keys/table.tsx
@@ -11,7 +11,7 @@ import { TableLoader } from '@/ui/table-loader'
 import TableBodyContent from './table-body'
 
 interface ApiKeysTableProps {
-  params: Promise<{ teamIdOrSlug: string }>
+  params: Promise<{ teamSlug: string }>
   className?: string
 }
 
diff --git a/src/features/dashboard/settings/webhooks/add-edit-dialog-steps.tsx b/src/features/dashboard/settings/webhooks/add-edit-dialog-steps.tsx
index 96f129ba6..a4620b702 100644
--- a/src/features/dashboard/settings/webhooks/add-edit-dialog-steps.tsx
+++ b/src/features/dashboard/settings/webhooks/add-edit-dialog-steps.tsx
@@ -5,7 +5,7 @@ import { useEffect, useMemo, useState } from 'react'
 import type { UseFormReturn } from 'react-hook-form'
 import ShikiHighlighter from 'react-shiki'
 import { useShikiTheme } from '@/configs/shiki'
-import type { UpsertWebhookSchemaType } from '@/server/webhooks/schema'
+import type { UpsertWebhookSchemaType } from '@/core/server/functions/webhooks/schema'
 import { Button } from '@/ui/primitives/button'
 import { Checkbox } from '@/ui/primitives/checkbox'
 import {
diff --git a/src/features/dashboard/settings/webhooks/add-edit-dialog.tsx b/src/features/dashboard/settings/webhooks/add-edit-dialog.tsx
index 0c40d6de3..baf9fa112 100644
--- a/src/features/dashboard/settings/webhooks/add-edit-dialog.tsx
+++ b/src/features/dashboard/settings/webhooks/add-edit-dialog.tsx
@@ -4,13 +4,13 @@ import { zodResolver } from '@hookform/resolvers/zod'
 import { useHookFormAction } from '@next-safe-action/adapter-react-hook-form/hooks'
 import { PlusIcon } from 'lucide-react'
 import { useState } from 'react'
+import { upsertWebhookAction } from '@/core/server/actions/webhooks-actions'
+import { UpsertWebhookSchema } from '@/core/server/functions/webhooks/schema'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   toast,
 } from '@/lib/hooks/use-toast'
-import { UpsertWebhookSchema } from '@/server/webhooks/schema'
-import { upsertWebhookAction } from '@/server/webhooks/webhooks-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Dialog,
@@ -62,9 +62,9 @@ export default function WebhookAddEditDialog({
   } = useHookFormAction(upsertWebhookAction, zodResolver(UpsertWebhookSchema), {
     formProps: {
       mode: 'onChange',
-      disabled: !team.id,
+      disabled: !team.slug,
       defaultValues: {
-        teamIdOrSlug: team.id,
+        teamSlug: team.slug,
         webhookId: isEditMode ? webhook?.id : undefined,
         mode,
         name: webhook?.name || '',
@@ -74,7 +74,7 @@ export default function WebhookAddEditDialog({
         ...(isEditMode ? {} : { signatureSecret: '' }),
       },
       values: {
-        teamIdOrSlug: team.id,
+        teamSlug: team.slug,
         webhookId: isEditMode ? webhook?.id : undefined,
         mode,
         name: webhook?.name || '',
@@ -153,7 +153,7 @@ export default function WebhookAddEditDialog({
     if (currentEvents.includes(event)) {
       form.setValue(
         'events',
-        currentEvents.filter((e) => e !== event)
+        currentEvents.filter((eventName: string) => eventName !== event)
       )
     } else {
       form.setValue('events', [...currentEvents, event])
@@ -198,7 +198,7 @@ export default function WebhookAddEditDialog({
           <form onSubmit={handleSubmitWithAction} className="min-w-0">
             {/* Hidden fields */}
             <input type="hidden" {...form.register('mode')} />
-            <input type="hidden" {...form.register('teamIdOrSlug')} />
+            <input type="hidden" {...form.register('teamSlug')} />
 
             <div className="flex flex-col gap-4 pb-6 min-w-0 overflow-hidden min-h-[350px]">
               <WebhookAddEditDialogSteps
diff --git a/src/features/dashboard/settings/webhooks/delete-dialog.tsx b/src/features/dashboard/settings/webhooks/delete-dialog.tsx
index eb85a43b3..a6a0049a2 100644
--- a/src/features/dashboard/settings/webhooks/delete-dialog.tsx
+++ b/src/features/dashboard/settings/webhooks/delete-dialog.tsx
@@ -2,12 +2,13 @@
 
 import { useAction } from 'next-safe-action/hooks'
 import { useState } from 'react'
+import { deleteWebhookAction } from '@/core/server/actions/webhooks-actions'
+import { useDashboard } from '@/features/dashboard/context'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   useToast,
 } from '@/lib/hooks/use-toast'
-import { deleteWebhookAction } from '@/server/webhooks/webhooks-actions'
 import { AlertDialog } from '@/ui/alert-dialog'
 import { TrashIcon } from '@/ui/primitives/icons'
 import { Input } from '@/ui/primitives/input'
@@ -24,6 +25,7 @@ export default function WebhookDeleteDialog({
   children: trigger,
   webhook,
 }: WebhookDeleteDialogProps) {
+  const { team } = useDashboard()
   const { toast } = useToast()
   const [open, setOpen] = useState(false)
   const [confirmationUrl, setConfirmationUrl] = useState('')
@@ -81,7 +83,7 @@ export default function WebhookDeleteDialog({
       }}
       onConfirm={() => {
         executeDeleteWebhook({
-          teamIdOrSlug: webhook.teamId,
+          teamSlug: team.slug,
           webhookId: webhook.id,
         })
       }}
diff --git a/src/features/dashboard/settings/webhooks/edit-secret-dialog.tsx b/src/features/dashboard/settings/webhooks/edit-secret-dialog.tsx
index a900f3461..cb52a6a1e 100644
--- a/src/features/dashboard/settings/webhooks/edit-secret-dialog.tsx
+++ b/src/features/dashboard/settings/webhooks/edit-secret-dialog.tsx
@@ -3,13 +3,14 @@
 import { zodResolver } from '@hookform/resolvers/zod'
 import { useHookFormAction } from '@next-safe-action/adapter-react-hook-form/hooks'
 import { useState } from 'react'
+import { updateWebhookSecretAction } from '@/core/server/actions/webhooks-actions'
+import { UpdateWebhookSecretSchema } from '@/core/server/functions/webhooks/schema'
+import { useDashboard } from '@/features/dashboard/context'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   toast,
 } from '@/lib/hooks/use-toast'
-import { UpdateWebhookSecretSchema } from '@/server/webhooks/schema'
-import { updateWebhookSecretAction } from '@/server/webhooks/webhooks-actions'
 import { Button } from '@/ui/primitives/button'
 import {
   Dialog,
@@ -42,6 +43,7 @@ export default function WebhookEditSecretDialog({
 }: WebhookEditSecretDialogProps) {
   'use no memo'
 
+  const { team } = useDashboard()
   const [open, setOpen] = useState(false)
 
   const webhookName = webhook.name
@@ -58,7 +60,7 @@ export default function WebhookEditSecretDialog({
       formProps: {
         mode: 'onChange',
         defaultValues: {
-          teamIdOrSlug: webhook.teamId,
+          teamSlug: team.slug,
           webhookId: webhook.id,
           signatureSecret: '',
         },
@@ -135,7 +137,7 @@ export default function WebhookEditSecretDialog({
         <Form {...form}>
           <form onSubmit={handleSubmitWithAction} className="min-w-0">
             {/* Hidden fields */}
-            <input type="hidden" {...form.register('teamIdOrSlug')} />
+            <input type="hidden" {...form.register('teamSlug')} />
             <input type="hidden" {...form.register('webhookId')} />
 
             <div className="flex flex-col gap-4 pb-6 min-w-0">
diff --git a/src/features/dashboard/settings/webhooks/table-body.tsx b/src/features/dashboard/settings/webhooks/table-body.tsx
index 9498c3446..fa436a298 100644
--- a/src/features/dashboard/settings/webhooks/table-body.tsx
+++ b/src/features/dashboard/settings/webhooks/table-body.tsx
@@ -1,19 +1,19 @@
-import { getWebhooks } from '@/server/webhooks/get-webhooks'
+import { getWebhooks } from '@/core/server/functions/webhooks/get-webhooks'
 import { TableCell, TableRow } from '@/ui/primitives/table'
 import WebhooksEmpty from './empty'
 import WebhookTableRow from './table-row'
 
 interface TableBodyContentProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
 }
 
 export default async function TableBodyContent({
   params,
 }: TableBodyContentProps) {
-  const { teamIdOrSlug } = await params
-  const webhooksResult = await getWebhooks({ teamIdOrSlug })
+  const { teamSlug } = await params
+  const webhooksResult = await getWebhooks({ teamSlug })
 
   // undefined data indicates execution error so we disable the controls
   const hasError = webhooksResult?.data === undefined
diff --git a/src/features/dashboard/settings/webhooks/table.tsx b/src/features/dashboard/settings/webhooks/table.tsx
index 62384e58a..4c4342413 100644
--- a/src/features/dashboard/settings/webhooks/table.tsx
+++ b/src/features/dashboard/settings/webhooks/table.tsx
@@ -12,7 +12,7 @@ import TableBodyContent from './table-body'
 
 interface WebhooksTableProps {
   params: Promise<{
-    teamIdOrSlug: string
+    teamSlug: string
   }>
   className?: string
 }
diff --git a/src/features/dashboard/settings/webhooks/types.ts b/src/features/dashboard/settings/webhooks/types.ts
index 974a80788..4a1ed63e4 100644
--- a/src/features/dashboard/settings/webhooks/types.ts
+++ b/src/features/dashboard/settings/webhooks/types.ts
@@ -1,3 +1,3 @@
-import type { components as ArgusComponents } from '@/types/argus-api.types'
+import type { components as ArgusComponents } from '@/contracts/argus-api'
 
 export type Webhook = ArgusComponents['schemas']['WebhookDetail']
diff --git a/src/features/dashboard/sidebar/blocked-banner.tsx b/src/features/dashboard/sidebar/blocked-banner.tsx
index d4e9fdd90..eab172897 100644
--- a/src/features/dashboard/sidebar/blocked-banner.tsx
+++ b/src/features/dashboard/sidebar/blocked-banner.tsx
@@ -20,9 +20,10 @@ export default function TeamBlockageAlert({
   const router = useRouter()
 
   const isBillingLimit = useMemo(
-    () => team.blocked_reason?.toLowerCase().includes('billing limit'),
-    [team.blocked_reason]
+    () => team.blockedReason?.toLowerCase().includes('billing limit'),
+    [team.blockedReason]
   )
+
   const handleClick = () => {
     if (isBillingLimit) {
       router.push(PROTECTED_URLS.LIMITS(team.slug))
@@ -34,19 +35,17 @@ export default function TeamBlockageAlert({
 
   return (
     <AnimatePresence mode="wait">
-      {team.is_blocked && (
+      {team.isBlocked && (
         <SidebarMenuItem className={cn(className)}>
           <SidebarMenuButton
             variant="error"
             tooltip={{
-              children: team.blocked_reason ?? 'Team is blocked',
+              children: team.blockedReason ?? 'Team is blocked',
               className:
                 'bg-accent-error-bg text-accent-error-highlight border-accent-error-bg',
             }}
             onClick={handleClick}
-            className={cn('h-12 bg-accent-error-bg', {
-              'cursor-default': !handleClick,
-            })}
+            className="h-12 bg-accent-error-bg"
             asChild
           >
             <motion.button
@@ -55,14 +54,14 @@ export default function TeamBlockageAlert({
               exit={{ opacity: 0, filter: 'blur(8px)' }}
               transition={{ duration: 0.4, ease: exponentialSmoothing(4) }}
             >
-              <AlertOctagonIcon className="size-4 group-data-[collapsible=icon]:!size-5 transition-[size]" />
+              <AlertOctagonIcon className="size-4 group-data-[collapsible=icon]:size-5! transition-[size]" />
               <div className="flex flex-col gap-0 overflow-hidden">
                 <span className="prose-headline-small uppercase">
                   Team is Blocked
                 </span>
-                {team.blocked_reason && (
+                {team.blockedReason && (
                   <span className="text-accent-error-highlight/80 ml-0.25 truncate text-xs">
-                    {team.blocked_reason}
+                    {team.blockedReason}
                   </span>
                 )}
               </div>
diff --git a/src/features/dashboard/sidebar/command.tsx b/src/features/dashboard/sidebar/command.tsx
index e151f166f..7c4968853 100644
--- a/src/features/dashboard/sidebar/command.tsx
+++ b/src/features/dashboard/sidebar/command.tsx
@@ -81,7 +81,7 @@ export default function DashboardSidebarCommand({
                 onSelect={() => {
                   router.push(
                     link.href({
-                      teamIdOrSlug: team.slug ?? team.id,
+                      teamSlug: team.slug,
                     })
                   )
                   setOpen(false)
diff --git a/src/features/dashboard/sidebar/content.tsx b/src/features/dashboard/sidebar/content.tsx
index cd9657f0e..2bcc25591 100644
--- a/src/features/dashboard/sidebar/content.tsx
+++ b/src/features/dashboard/sidebar/content.tsx
@@ -37,7 +37,7 @@ const createGroupedLinks = (links: SidebarNavItem[]): GroupedLinks => {
 
 export default function DashboardSidebarContent() {
   const { team } = useDashboard()
-  const selectedTeamIdentifier = team.slug ?? team.id
+  const selectedTeamSlug = team.slug
 
   const pathname = usePathname()
   const isMobile = useIsMobile()
@@ -64,7 +64,7 @@ export default function DashboardSidebarContent() {
           <SidebarMenu>
             {links.map((item) => {
               const href = item.href({
-                teamIdOrSlug: selectedTeamIdentifier ?? undefined,
+                teamSlug: selectedTeamSlug,
               })
 
               return (
diff --git a/src/features/dashboard/sidebar/create-team-dialog.tsx b/src/features/dashboard/sidebar/create-team-dialog.tsx
index 5ba1759d7..0efc84d3f 100644
--- a/src/features/dashboard/sidebar/create-team-dialog.tsx
+++ b/src/features/dashboard/sidebar/create-team-dialog.tsx
@@ -4,13 +4,13 @@ import { zodResolver } from '@hookform/resolvers/zod'
 import { useHookFormAction } from '@next-safe-action/adapter-react-hook-form/hooks'
 import { useRouter } from 'next/navigation'
 import { PROTECTED_URLS } from '@/configs/urls'
+import { createTeamAction } from '@/core/server/actions/team-actions'
+import { CreateTeamSchema } from '@/core/server/functions/team/types'
 import {
   defaultErrorToast,
   defaultSuccessToast,
   toast,
 } from '@/lib/hooks/use-toast'
-import { createTeamAction } from '@/server/team/team-actions'
-import { CreateTeamSchema } from '@/server/team/types'
 import { Button } from '@/ui/primitives/button'
 import {
   Dialog,
diff --git a/src/features/dashboard/sidebar/menu-teams.tsx b/src/features/dashboard/sidebar/menu-teams.tsx
index d2fcda05c..1a41b6159 100644
--- a/src/features/dashboard/sidebar/menu-teams.tsx
+++ b/src/features/dashboard/sidebar/menu-teams.tsx
@@ -1,11 +1,9 @@
 import Link from 'next/link'
 import { usePathname, useSearchParams } from 'next/navigation'
 import { useCallback } from 'react'
-import useSWR from 'swr'
-import type { UserTeamsResponse } from '@/app/api/teams/user/types'
 import { TEAM_SPECIFIC_RESOURCE_SEGMENTS } from '@/configs/urls'
-import { useTeamCookieManager } from '@/lib/hooks/use-team'
-import type { ClientTeam } from '@/types/dashboard.types'
+import type { TeamModel } from '@/core/modules/teams/models'
+import { getTeamDisplayName } from '@/core/modules/teams/utils'
 import { Avatar, AvatarFallback, AvatarImage } from '@/ui/primitives/avatar'
 import {
   DropdownMenuItem,
@@ -13,7 +11,6 @@ import {
   DropdownMenuRadioGroup,
   DropdownMenuRadioItem,
 } from '@/ui/primitives/dropdown-menu'
-import { Skeleton } from '@/ui/primitives/skeleton'
 import { useDashboard } from '../context'
 
 const PRESERVED_SEARCH_PARAMS = ['tab'] as const
@@ -22,39 +19,10 @@ export default function DashboardSidebarMenuTeams() {
   const pathname = usePathname()
   const searchParams = useSearchParams()
 
-  const { user, team: selectedTeam } = useDashboard()
-
-  useTeamCookieManager()
-
-  const { data: teams, isLoading } = useSWR<ClientTeam[] | null>(
-    ['/api/teams/user', user?.id],
-    async ([url, userId]: [string, string | undefined]) => {
-      if (!userId) {
-        return null
-      }
-
-      const response = await fetch(url, {
-        method: 'GET',
-        headers: {
-          'Content-Type': 'application/json',
-        },
-      })
-
-      if (!response.ok) {
-        throw new Error(`Failed to fetch teams: ${response.status}`)
-      }
-
-      const { teams } = (await response.json()) as UserTeamsResponse
-
-      return teams
-    },
-    {
-      keepPreviousData: true,
-    }
-  )
+  const { user, team: selectedTeam, teams } = useDashboard()
 
   const getNextUrl = useCallback(
-    (team: ClientTeam) => {
+    (team: TeamModel) => {
       const splitPath = pathname.split('/')
       // splitPath: ["", "dashboard", teamIdOrSlug, section?, resourceId?, ...]
       const originalSlug = splitPath[2]
@@ -90,44 +58,23 @@ export default function DashboardSidebarMenuTeams() {
     [pathname, searchParams]
   )
 
-  if (isLoading) {
-    return (
-      <>
-        {user?.email && (
-          <DropdownMenuLabel className="mb-2">
-            <Skeleton className="h-3 w-40 bg-bg-inverted/10" />
-          </DropdownMenuLabel>
-        )}
-        {[1, 2].map((i) => (
-          <div
-            key={i}
-            className="relative flex select-none items-center gap-2 px-2 py-1.5 pr-10"
-          >
-            <Skeleton className="size-5 shrink-0 bg-bg-inverted/10" />
-            <Skeleton className="h-3.5 flex-1 bg-bg-inverted/10" />
-          </div>
-        ))}
-      </>
-    )
-  }
-
   return (
     <DropdownMenuRadioGroup value={selectedTeam?.id}>
       {user?.email && (
         <DropdownMenuLabel className="mb-2">{user.email}</DropdownMenuLabel>
       )}
-      {teams && teams.length > 0 ? (
+      {teams.length > 0 ? (
         teams.map((team) => (
           <Link href={getNextUrl(team)} passHref key={team.id}>
             <DropdownMenuRadioItem value={team.id}>
               <Avatar className="size-5 shrink-0 border-none">
-                <AvatarImage src={team.profile_picture_url || undefined} />
+                <AvatarImage src={team.profilePictureUrl || undefined} />
                 <AvatarFallback className="group-focus:text-accent-main-highlight text-fg-tertiary text-xs">
                   {team.name?.charAt(0).toUpperCase() || '?'}
                 </AvatarFallback>
               </Avatar>
               <span className="flex-1 truncate font-sans prose-label-highlight">
-                {team.transformed_default_name || team.name}
+                {getTeamDisplayName(team)}
               </span>
             </DropdownMenuRadioItem>
           </Link>
diff --git a/src/features/dashboard/sidebar/menu.tsx b/src/features/dashboard/sidebar/menu.tsx
index 2c5fa7158..8beb64593 100644
--- a/src/features/dashboard/sidebar/menu.tsx
+++ b/src/features/dashboard/sidebar/menu.tsx
@@ -4,8 +4,9 @@ import { ChevronsUpDown, LogOut, Plus, UserRoundCog } from 'lucide-react'
 import Link from 'next/link'
 import { useState } from 'react'
 import { PROTECTED_URLS } from '@/configs/urls'
+import { getTeamDisplayName } from '@/core/modules/teams/utils'
+import { signOutAction } from '@/core/server/actions/auth-actions'
 import { cn } from '@/lib/utils'
-import { signOutAction } from '@/server/auth/auth-actions'
 import { Avatar, AvatarFallback, AvatarImage } from '@/ui/primitives/avatar'
 import {
   DropdownMenu,
@@ -44,7 +45,7 @@ export default function DashboardSidebarMenu({
               size="lg"
               className={cn(
                 'h-14 flex',
-                'group-data-[collapsible=icon]:h-9 group-data-[collapsible=icon]:border-0 group-data-[collapsible=icon]:!px-0',
+                'group-data-[collapsible=icon]:h-9 group-data-[collapsible=icon]:border-0 group-data-[collapsible=icon]:px-0!',
                 className
               )}
             >
@@ -53,12 +54,12 @@ export default function DashboardSidebarMenu({
                   'shrink-0 transition-all duration-100 ease-in-out',
                   'group-data-[collapsible=icon]:block group-data-[collapsible=icon]:size-9 group-data-[collapsible=icon]:p-[5px]',
                   {
-                    'drop-shadow-sm filter': team.profile_picture_url,
+                    'drop-shadow-sm filter': team.profilePictureUrl,
                   }
                 )}
               >
                 <AvatarImage
-                  src={team.profile_picture_url || undefined}
+                  src={team.profilePictureUrl || undefined}
                   className="group-data-[collapsible=icon]:size-full object-cover object-center"
                 />
                 <AvatarFallback className="bg-bg-hover border-0">
@@ -70,7 +71,7 @@ export default function DashboardSidebarMenu({
                   TEAM
                 </span>
                 <span className="text-fg truncate prose-body-highlight normal-case">
-                  {team.transformed_default_name || team.name}
+                  {getTeamDisplayName(team)}
                 </span>
               </div>
               <ChevronsUpDown className="text-fg-tertiary ml-auto size-4" />
diff --git a/src/features/dashboard/templates/builds/constants.ts b/src/features/dashboard/templates/builds/constants.ts
index 1669ce53d..94cf4fa39 100644
--- a/src/features/dashboard/templates/builds/constants.ts
+++ b/src/features/dashboard/templates/builds/constants.ts
@@ -1,10 +1,5 @@
 import { millisecondsInDay } from 'date-fns/constants'
-import type { BuildStatus } from '@/server/api/models/builds.models'
 
-export const LOG_RETENTION_MS = 7 * millisecondsInDay // 7 days
+export { INITIAL_BUILD_STATUSES } from '@/core/modules/builds/constants'
 
-export const INITIAL_BUILD_STATUSES: BuildStatus[] = [
-  'building',
-  'failed',
-  'success',
-]
+export const LOG_RETENTION_MS = 7 * millisecondsInDay // 7 days
diff --git a/src/features/dashboard/templates/builds/header.tsx b/src/features/dashboard/templates/builds/header.tsx
index 99f79d676..a0d74c57e 100644
--- a/src/features/dashboard/templates/builds/header.tsx
+++ b/src/features/dashboard/templates/builds/header.tsx
@@ -1,8 +1,8 @@
 'use client'
 
 import { useEffect, useState } from 'react'
+import type { BuildStatus } from '@/core/modules/builds/models'
 import { cn } from '@/lib/utils'
-import type { BuildStatus } from '@/server/api/models/builds.models'
 import { Button } from '@/ui/primitives/button'
 import {
   DropdownMenu,
diff --git a/src/features/dashboard/templates/builds/table-cells.tsx b/src/features/dashboard/templates/builds/table-cells.tsx
index 2d2c814b1..c57e63a61 100644
--- a/src/features/dashboard/templates/builds/table-cells.tsx
+++ b/src/features/dashboard/templates/builds/table-cells.tsx
@@ -4,6 +4,10 @@ import { ArrowUpRight } from 'lucide-react'
 import { useRouter } from 'next/navigation'
 import { useEffect, useState } from 'react'
 import { PROTECTED_URLS } from '@/configs/urls'
+import type {
+  BuildStatus,
+  ListedBuildModel,
+} from '@/core/modules/builds/models'
 import { useTemplateTableStore } from '@/features/dashboard/templates/list/stores/table-store'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { cn } from '@/lib/utils'
@@ -11,10 +15,6 @@ import {
   formatDurationCompact,
   formatTimeAgoCompact,
 } from '@/lib/utils/formatting'
-import type {
-  BuildStatus,
-  ListedBuildDTO,
-} from '@/server/api/models/builds.models'
 import CopyButtonInline from '@/ui/copy-button-inline'
 import { Badge } from '@/ui/primitives/badge'
 import { Button } from '@/ui/primitives/button'
@@ -42,8 +42,7 @@ export function Template({
   className?: string
 }) {
   const router = useRouter()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/templates'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/templates'>()
 
   return (
     <Button
@@ -57,7 +56,7 @@ export function Template({
         e.preventDefault()
 
         useTemplateTableStore.getState().setGlobalFilter(templateId)
-        router.push(PROTECTED_URLS.TEMPLATES_LIST(teamIdOrSlug))
+        router.push(PROTECTED_URLS.TEMPLATES_LIST(teamSlug))
       }}
     >
       <p className="truncate">{template}</p>
@@ -176,7 +175,7 @@ export function Status({ status }: StatusProps) {
     },
   }
 
-  const { label, icon, variant } = config[status]
+  const { label, icon, variant } = config[status]!
 
   return (
     <div className="flex items-center gap-3 min-w-0">
@@ -196,7 +195,7 @@ export function Status({ status }: StatusProps) {
 export function Reason({
   statusMessage,
 }: {
-  statusMessage: ListedBuildDTO['statusMessage']
+  statusMessage: ListedBuildModel['statusMessage']
 }) {
   if (!statusMessage) return null
 
diff --git a/src/features/dashboard/templates/builds/table.tsx b/src/features/dashboard/templates/builds/table.tsx
index 8af706a66..493280d3e 100644
--- a/src/features/dashboard/templates/builds/table.tsx
+++ b/src/features/dashboard/templates/builds/table.tsx
@@ -9,12 +9,12 @@ import {
 import { useRouter } from 'next/navigation'
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react'
 import { PROTECTED_URLS } from '@/configs/urls'
+import type {
+  ListedBuildModel,
+  RunningBuildStatusModel,
+} from '@/core/modules/builds/models'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { cn } from '@/lib/utils/ui'
-import type {
-  ListedBuildDTO,
-  RunningBuildStatusDTO,
-} from '@/server/api/models/builds.models'
 import { useTRPC } from '@/trpc/client'
 import { ArrowDownIcon } from '@/ui/primitives/icons'
 import { Loader } from '@/ui/primitives/loader'
@@ -57,8 +57,7 @@ const BuildsTable = () => {
   const router = useRouter()
   const scrollContainerRef = useRef<HTMLDivElement>(null)
 
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/templates'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/templates'>()
   const { statuses, buildIdOrTemplate } = useFilters()
   const { isFilterRefetching, clearFilterRefetching } = useFilterChangeTracking(
     statuses,
@@ -76,7 +75,7 @@ const BuildsTable = () => {
     error: buildsError,
   } = useInfiniteQuery(
     trpc.builds.list.infiniteQueryOptions(
-      { teamIdOrSlug, statuses, buildIdOrTemplate },
+      { teamSlug, statuses, buildIdOrTemplate },
       {
         getNextPageParam: (page) => page.nextCursor ?? undefined,
         placeholderData: keepPreviousData,
@@ -110,7 +109,7 @@ const BuildsTable = () => {
 
   const { data: runningStatusesData } = useQuery(
     trpc.builds.runningStatuses.queryOptions(
-      { teamIdOrSlug, buildIds: runningBuildIds },
+      { teamSlug, buildIds: runningBuildIds },
       {
         enabled: runningBuildIds.length > 0,
         refetchInterval: (query) => {
@@ -133,7 +132,7 @@ const BuildsTable = () => {
 
   // Handlers
   const buildsQueryKey = trpc.builds.list.infiniteQueryOptions({
-    teamIdOrSlug,
+    teamSlug,
     statuses,
     buildIdOrTemplate,
   }).queryKey
@@ -238,7 +237,7 @@ const BuildsTable = () => {
                       onClick={() => {
                         router.push(
                           PROTECTED_URLS.TEMPLATE_BUILD(
-                            teamIdOrSlug,
+                            teamSlug,
                             build.templateId,
                             build.id
                           )
@@ -334,9 +333,9 @@ function useFilterChangeTracking(
 }
 
 function mergeBuildsWithLiveStatuses(
-  builds: ListedBuildDTO[],
-  runningStatusesData: RunningBuildStatusDTO[] | undefined
-): ListedBuildDTO[] {
+  builds: ListedBuildModel[],
+  runningStatusesData: RunningBuildStatusModel[] | undefined
+): ListedBuildModel[] {
   if (!runningStatusesData || runningStatusesData.length === 0) return builds
 
   const statusMap = new Map(runningStatusesData.map((s) => [s.id, s]))
diff --git a/src/features/dashboard/templates/builds/use-filters.tsx b/src/features/dashboard/templates/builds/use-filters.tsx
index 26950e3ea..1aad6b61e 100644
--- a/src/features/dashboard/templates/builds/use-filters.tsx
+++ b/src/features/dashboard/templates/builds/use-filters.tsx
@@ -3,7 +3,7 @@
 import { useQueryStates } from 'nuqs'
 import { useMemo } from 'react'
 import { useDebounceCallback } from 'usehooks-ts'
-import type { BuildStatus } from '@/server/api/models/builds.models'
+import type { BuildStatus } from '@/core/modules/builds/models'
 import { INITIAL_BUILD_STATUSES } from './constants'
 import { templateBuildsFilterParams } from './filter-params'
 
diff --git a/src/features/dashboard/templates/list/header.tsx b/src/features/dashboard/templates/list/header.tsx
index 92aeb678c..1b0f9120c 100644
--- a/src/features/dashboard/templates/list/header.tsx
+++ b/src/features/dashboard/templates/list/header.tsx
@@ -1,8 +1,6 @@
 import type { Table } from '@tanstack/react-table'
-import { Hexagon, ListFilter } from 'lucide-react'
 import { Suspense } from 'react'
-import type { Template } from '@/types/api.types'
-import { Badge } from '@/ui/primitives/badge'
+import type { Template } from '@/core/modules/templates/models'
 import TemplatesTableFilters from './table-filters'
 import { SearchInput } from './table-search'
 
@@ -13,12 +11,13 @@ interface TemplatesHeaderProps {
 export default function TemplatesHeader({ table }: TemplatesHeaderProps) {
   'use no memo'
 
-  const showFilteredRowCount =
-    Object.keys(table.getState().columnFilters).length > 0 ||
-    table.getState().globalFilter
+  const { columnFilters, globalFilter } = table.getState()
+  const showFilteredRowCount = columnFilters.length > 0 || Boolean(globalFilter)
 
-  const filteredCount = table.getFilteredRowModel().rows.length
-  const totalCount = table.getCoreRowModel().rows.length
+  const totalCount = table.options.data.length
+  const filteredCount = showFilteredRowCount
+    ? table.getFilteredRowModel().rows.length
+    : totalCount
 
   return (
     <div className="flex min-w-0 flex-wrap items-start gap-1 sm:items-center">
diff --git a/src/features/dashboard/templates/list/table-body.tsx b/src/features/dashboard/templates/list/table-body.tsx
index 6588119aa..56c06eff3 100644
--- a/src/features/dashboard/templates/list/table-body.tsx
+++ b/src/features/dashboard/templates/list/table-body.tsx
@@ -1,8 +1,8 @@
-import { flexRender, Row, type Table } from '@tanstack/react-table'
+import { flexRender, type Table } from '@tanstack/react-table'
 import { ExternalLink, X } from 'lucide-react'
 import type { RefObject } from 'react'
+import type { Template } from '@/core/modules/templates/models'
 import { useVirtualRows } from '@/lib/hooks/use-virtual-rows'
-import type { Template } from '@/types/api.types'
 import { DataTableBody, DataTableCell, DataTableRow } from '@/ui/data-table'
 import Empty from '@/ui/empty'
 import { Button } from '@/ui/primitives/button'
@@ -10,6 +10,7 @@ import { useTemplateTableStore } from './stores/table-store'
 
 const ROW_HEIGHT_PX = 32
 const VIRTUAL_OVERSCAN = 8
+const INITIAL_FALLBACK_ROW_COUNT = 100
 
 interface TemplatesTableBodyProps {
   templates: Template[] | undefined
@@ -38,9 +39,10 @@ export function TemplatesTableBody({
     overscan: VIRTUAL_OVERSCAN,
   })
 
-  // During initial virtualizer mount, virtualRows can be temporarily empty
-  // even when centerRows already has data.
-  const rows = virtualRows.length > 0 ? virtualRows : centerRows
+  const rows =
+    virtualRows.length > 0
+      ? virtualRows
+      : centerRows.slice(0, INITIAL_FALLBACK_ROW_COUNT)
 
   const isEmpty = templates && centerRows.length === 0
 
diff --git a/src/features/dashboard/templates/list/table-cells.tsx b/src/features/dashboard/templates/list/table-cells.tsx
index 8eeac4517..996117eea 100644
--- a/src/features/dashboard/templates/list/table-cells.tsx
+++ b/src/features/dashboard/templates/list/table-cells.tsx
@@ -4,6 +4,7 @@ import { useMutation, useQueryClient } from '@tanstack/react-query'
 import type { CellContext } from '@tanstack/react-table'
 import { Check, Copy, Lock, LockOpen, MoreVertical } from 'lucide-react'
 import { useMemo, useState } from 'react'
+import type { DefaultTemplate, Template } from '@/core/modules/templates/models'
 import { useClipboard } from '@/lib/hooks/use-clipboard'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import {
@@ -15,7 +16,6 @@ import { cn } from '@/lib/utils'
 import { formatLocalLogStyleTimestamp } from '@/lib/utils/formatting'
 import { isVersionCompatible } from '@/lib/utils/version'
 import { useTRPC } from '@/trpc/client'
-import type { DefaultTemplate, Template } from '@/types/api.types'
 import { AlertDialog } from '@/ui/alert-dialog'
 import { E2BBadge } from '@/ui/brand'
 import HelpTooltip from '@/ui/help-tooltip'
@@ -50,8 +50,7 @@ export function ActionsCell({
 }: CellContext<Template | DefaultTemplate, unknown>) {
   const template = row.original
   const { team } = useDashboard()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/templates'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/templates'>()
 
   const { toast } = useToast()
   const trpc = useTRPC()
@@ -75,13 +74,13 @@ export function ActionsCell({
 
         await queryClient.cancelQueries({
           queryKey: trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
         })
 
         queryClient.setQueryData(
           trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
           (old) => {
             if (!old?.templates) return old
@@ -108,7 +107,7 @@ export function ActionsCell({
       onSettled: () => {
         queryClient.invalidateQueries({
           queryKey: trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
         })
       },
@@ -133,13 +132,13 @@ export function ActionsCell({
 
         await queryClient.cancelQueries({
           queryKey: trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
         })
 
         queryClient.setQueryData(
           trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
 
           (old) => {
@@ -166,7 +165,7 @@ export function ActionsCell({
 
         queryClient.invalidateQueries({
           queryKey: trpc.templates.getTemplates.queryKey({
-            teamIdOrSlug,
+            teamSlug,
           }),
         })
       },
@@ -178,7 +177,7 @@ export function ActionsCell({
 
   const togglePublish = () => {
     updateTemplateMutation.mutate({
-      teamIdOrSlug: team.slug ?? team.id,
+      teamSlug: team.slug,
       templateId: template.templateID,
       public: !template.public,
     })
@@ -186,7 +185,7 @@ export function ActionsCell({
 
   const deleteTemplate = () => {
     deleteTemplateMutation.mutate({
-      teamIdOrSlug: team.slug ?? team.id,
+      teamSlug: team.slug,
       templateId: template.templateID,
     })
   }
diff --git a/src/features/dashboard/templates/list/table-config.tsx b/src/features/dashboard/templates/list/table-config.tsx
index 39f61b396..a2f051eab 100644
--- a/src/features/dashboard/templates/list/table-config.tsx
+++ b/src/features/dashboard/templates/list/table-config.tsx
@@ -11,7 +11,7 @@ import {
 } from '@tanstack/react-table'
 import posthog from 'posthog-js'
 import { useMemo } from 'react'
-import type { DefaultTemplate, Template } from '@/types/api.types'
+import type { DefaultTemplate, Template } from '@/core/modules/templates/models'
 import {
   ActionsCell,
   CpuCell,
diff --git a/src/features/dashboard/templates/list/table.tsx b/src/features/dashboard/templates/list/table.tsx
index c003348ee..922c195ef 100644
--- a/src/features/dashboard/templates/list/table.tsx
+++ b/src/features/dashboard/templates/list/table.tsx
@@ -10,11 +10,11 @@ import {
 } from '@tanstack/react-table'
 import { useEffect, useMemo, useRef, useState } from 'react'
 import { useLocalStorage } from 'usehooks-ts'
+import type { Template } from '@/core/modules/templates/models'
 import { useColumnSizeVars } from '@/lib/hooks/use-column-size-vars'
 import { useRouteParams } from '@/lib/hooks/use-route-params'
 import { cn } from '@/lib/utils'
 import { useTRPC } from '@/trpc/client'
-import type { Template } from '@/types/api.types'
 import ClientOnly from '@/ui/client-only'
 import {
   DataTable,
@@ -34,12 +34,11 @@ export default function TemplatesTable() {
   'use no memo'
 
   const trpc = useTRPC()
-  const { teamIdOrSlug } =
-    useRouteParams<'/dashboard/[teamIdOrSlug]/templates'>()
+  const { teamSlug } = useRouteParams<'/dashboard/[teamSlug]/templates'>()
 
   const { data: templatesData, error: templatesError } = useSuspenseQuery(
     trpc.templates.getTemplates.queryOptions(
-      { teamIdOrSlug },
+      { teamSlug },
       {
         refetchOnMount: false,
         refetchOnWindowFocus: false,
diff --git a/src/features/dashboard/usage/sampling-utils.ts b/src/features/dashboard/usage/sampling-utils.ts
index 4fd35581d..094305fc1 100644
--- a/src/features/dashboard/usage/sampling-utils.ts
+++ b/src/features/dashboard/usage/sampling-utils.ts
@@ -1,5 +1,5 @@
 import { startOfISOWeek } from 'date-fns'
-import type { UsageResponse } from '@/types/billing.types'
+import type { UsageResponse } from '@/core/modules/billing/models'
 import {
   HOURLY_SAMPLING_THRESHOLD_DAYS,
   WEEKLY_SAMPLING_THRESHOLD_DAYS,
diff --git a/src/features/dashboard/usage/usage-charts-context.tsx b/src/features/dashboard/usage/usage-charts-context.tsx
index 93ede8ee4..71d8614d6 100644
--- a/src/features/dashboard/usage/usage-charts-context.tsx
+++ b/src/features/dashboard/usage/usage-charts-context.tsx
@@ -9,8 +9,8 @@ import {
   useMemo,
   useState,
 } from 'react'
+import type { UsageResponse } from '@/core/modules/billing/models'
 import { fillTimeSeriesWithEmptyPoints } from '@/lib/utils/time-series'
-import type { UsageResponse } from '@/types/billing.types'
 import { INITIAL_TIMEFRAME_FALLBACK_RANGE_MS } from './constants'
 import {
   calculateTotals,
diff --git a/src/features/general-analytics-collector.tsx b/src/features/general-analytics-collector.tsx
index 5ff52b619..057350c7a 100644
--- a/src/features/general-analytics-collector.tsx
+++ b/src/features/general-analytics-collector.tsx
@@ -2,7 +2,7 @@
 
 import { usePostHog } from 'posthog-js/react'
 import { useEffect } from 'react'
-import { supabase } from '@/lib/clients/supabase/client'
+import { supabase } from '@/core/shared/clients/supabase/client'
 
 export function GeneralAnalyticsCollector() {
   const posthog = usePostHog()
diff --git a/src/lib/captcha/turnstile.ts b/src/lib/captcha/turnstile.ts
index 13aae6a20..82fc7c952 100644
--- a/src/lib/captcha/turnstile.ts
+++ b/src/lib/captcha/turnstile.ts
@@ -1,7 +1,7 @@
 'use server'
 
 import { CAPTCHA_REQUIRED_SERVER } from '@/configs/flags'
-import { l } from '@/lib/clients/logger/logger'
+import { l } from '@/core/shared/clients/logger/logger'
 
 interface TurnstileResponse {
   success: boolean
diff --git a/src/lib/clients/action.ts b/src/lib/clients/action.ts
deleted file mode 100644
index 5d8269db9..000000000
--- a/src/lib/clients/action.ts
+++ /dev/null
@@ -1,255 +0,0 @@
-import { context, SpanStatusCode, trace } from '@opentelemetry/api'
-import type { Session, User } from '@supabase/supabase-js'
-import { unauthorized } from 'next/navigation'
-import { createMiddleware, createSafeActionClient } from 'next-safe-action'
-import { serializeError } from 'serialize-error'
-import { z } from 'zod'
-import checkUserTeamAuthCached from '@/server/auth/check-user-team-auth-cached'
-import { getSessionInsecure } from '@/server/auth/get-session'
-import getUserByToken from '@/server/auth/get-user-by-token'
-import { getTeamIdFromSegment } from '@/server/team/get-team-id-from-segment'
-import { UnauthenticatedError, UnknownError } from '@/types/errors'
-import { ActionError, flattenClientInputValue } from '../utils/action'
-import { l } from './logger/logger'
-import { createClient } from './supabase/server'
-import { getTracer } from './tracer'
-
-export const actionClient = createSafeActionClient({
-  handleServerError(e) {
-    const s = trace.getActiveSpan()
-
-    s?.setStatus({ code: SpanStatusCode.ERROR })
-    s?.recordException(e)
-
-    // part of our strategy how to leak errors to a user
-    if (e instanceof ActionError) {
-      return e.message
-    }
-
-    const sE = serializeError(e)
-
-    l.error(
-      {
-        key: 'action_client:unexpected_server_error',
-        error: sE,
-      },
-      `${sE.name && `${sE.name}: `} ${sE.message || 'Unknown error'}`
-    )
-
-    return UnknownError().message
-  },
-  defineMetadataSchema() {
-    return z
-      .object({
-        actionName: z.string().optional(),
-        serverFunctionName: z.string().optional(),
-      })
-      .refine((data) => {
-        if (!data.actionName && !data.serverFunctionName) {
-          return 'actionName or serverFunctionName is required in definition metadata'
-        }
-        return true
-      })
-  },
-  defaultValidationErrorsShape: 'flattened',
-}).use(async ({ next, clientInput, metadata }) => {
-  const t = getTracer()
-
-  const actionOrFunctionName =
-    metadata?.serverFunctionName || metadata?.actionName || 'Unknown action'
-
-  const type = metadata?.serverFunctionName ? 'function' : 'action'
-  const name = actionOrFunctionName
-
-  const s = t.startSpan(`${type}:${name}`)
-
-  const startTime = performance.now()
-
-  const result = await context.with(
-    trace.setSpan(context.active(), s),
-    async () => {
-      return next()
-    }
-  )
-
-  const duration = performance.now() - startTime
-
-  const baseLogPayload = {
-    server_function_type: type,
-    server_function_name: name,
-    server_function_input: clientInput,
-    server_function_duration_ms: duration.toFixed(3),
-
-    team_id: flattenClientInputValue(clientInput, 'teamId'),
-    template_id: flattenClientInputValue(clientInput, 'templateId'),
-    sandbox_id: flattenClientInputValue(clientInput, 'sandboxId'),
-    user_id: flattenClientInputValue(clientInput, 'userId'),
-  }
-
-  s.setAttribute('server_function_type', type)
-  s.setAttribute('server_function_name', name)
-  s.setAttribute(
-    'server_function_duration_ms',
-    baseLogPayload.server_function_duration_ms
-  )
-  if (baseLogPayload.team_id) {
-    s.setAttribute('team_id', baseLogPayload.team_id)
-  }
-  if (baseLogPayload.template_id) {
-    s.setAttribute('template_id', baseLogPayload.template_id)
-  }
-  if (baseLogPayload.sandbox_id) {
-    s.setAttribute('sandbox_id', baseLogPayload.sandbox_id)
-  }
-  if (baseLogPayload.user_id) {
-    s.setAttribute('user_id', baseLogPayload.user_id)
-  }
-
-  const error = result.serverError || result.validationErrors
-
-  if (error) {
-    s.setStatus({ code: SpanStatusCode.ERROR })
-    s.recordException(error)
-
-    const sE = serializeError(error)
-
-    l.error(
-      {
-        key: 'action_client:failure',
-        ...baseLogPayload,
-        error: sE,
-      },
-      `${type} ${name} failed in ${baseLogPayload.server_function_duration_ms}ms: ${typeof sE === 'string' ? sE : ((sE.name || sE.code) && `${sE.name || sE.code}: ` + sE.message) || 'Unknown error'}`
-    )
-  } else {
-    s.setStatus({ code: SpanStatusCode.OK })
-
-    l.info(
-      {
-        key: `action_client:success`,
-        ...baseLogPayload,
-      },
-      `${type} ${name} succeeded in ${baseLogPayload.server_function_duration_ms}ms`
-    )
-  }
-
-  s.end()
-
-  return result
-})
-
-export const authActionClient = actionClient.use(async ({ next }) => {
-  const supabase = await createClient()
-
-  // retrieve session from storage medium (cookies)
-  // if no stored session found, not authenticated
-
-  // it's fine to use the "insecure" cookie session here, since we only use it for quick denial and do a proper auth check (auth.getUser) afterwards.
-  const session = await getSessionInsecure(supabase)
-
-  // early return if user is no session already
-  if (!session) {
-    throw UnauthenticatedError()
-  }
-
-  // now retrieve user from supabase to use further
-  const {
-    data: { user },
-  } = await getUserByToken(session.access_token)
-
-  if (!user || !session) {
-    throw UnauthenticatedError()
-  }
-
-  if (!session) {
-    throw UnauthenticatedError()
-  }
-
-  return next({ ctx: { user, session, supabase } })
-})
-
-/**
- * Middleware that automatically resolves team ID from teamIdOrSlug.
- *
- * This middleware:
- * 1. Requires that the client input contains a 'teamIdOrSlug' property
- * 2. Resolves the teamIdOrSlug to an actual team ID using getTeamIdFromSegmentMemo
- * 3. Throws unauthorized() if the team ID cannot be resolved (team doesn't exist or user lacks access)
- * 4. Adds the resolved teamId to the context for use in the action handler
- * 5. Throws an error if no teamIdOrSlug is provided
- *
- * @example
- * ```ts
- * const myAction = authActionClient
- *   .use(withTeamIdResolution)
- *   .schema(z.object({ teamIdOrSlug: z.string(), ... }))
- *   .action(async ({ parsedInput, ctx }) => {
- *     // ctx.teamId is now available and guaranteed to be valid
- *     const { teamId } = ctx
- *   })
- * ```
- */
-export const withTeamIdResolution = createMiddleware<{
-  ctx: {
-    user: User
-    session: Session
-    supabase: Awaited<ReturnType<typeof createClient>>
-  }
-}>().define(async ({ next, clientInput, ctx }) => {
-  if (
-    !clientInput ||
-    typeof clientInput !== 'object' ||
-    !('teamIdOrSlug' in clientInput)
-  ) {
-    l.error(
-      {
-        key: 'with_team_id_resolution:missing_team_id_or_slug',
-        context: {
-          teamIdOrSlug: (clientInput as { teamIdOrSlug?: string })
-            ?.teamIdOrSlug,
-        },
-      },
-      'Missing teamIdOrSlug when using withTeamIdResolution middleware'
-    )
-
-    throw new Error(
-      'teamIdOrSlug is required when using withTeamIdResolution middleware'
-    )
-  }
-
-  const teamId = await getTeamIdFromSegment(clientInput.teamIdOrSlug as string)
-
-  if (!teamId) {
-    l.warn(
-      {
-        key: 'with_team_id_resolution:invalid_team_id_or_slug',
-        context: {
-          teamIdOrSlug: clientInput.teamIdOrSlug,
-        },
-      },
-      `with_team_id_resolution:invalid_team_id_or_slug - invalid team id or slug provided through withTeamIdResolution middleware: ${clientInput.teamIdOrSlug}`
-    )
-
-    throw unauthorized()
-  }
-
-  const isAuthorized = await checkUserTeamAuthCached(ctx.user.id, teamId)
-
-  if (!isAuthorized) {
-    l.warn(
-      {
-        key: 'with_team_id_resolution:user_not_authorized',
-        context: {
-          teamIdOrSlug: clientInput.teamIdOrSlug,
-        },
-      },
-      `with_team_id_resolution:user_not_authorized - user not authorized to access team: ${clientInput.teamIdOrSlug}`
-    )
-
-    throw unauthorized()
-  }
-
-  return next({
-    ctx: { teamId },
-  })
-})
diff --git a/src/lib/hooks/use-team.ts b/src/lib/hooks/use-team.ts
deleted file mode 100644
index 542056b5c..000000000
--- a/src/lib/hooks/use-team.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-'use client'
-
-import { useEffect } from 'react'
-import { useDebounceCallback } from 'usehooks-ts'
-import { useDashboard } from '@/features/dashboard/context'
-import type { ClientTeam } from '@/types/dashboard.types'
-
-export const useTeamCookieManager = () => {
-  const { team } = useDashboard()
-
-  const updateTeamCookieState = useDebounceCallback(
-    async (iTeam: ClientTeam) => {
-      await fetch('/api/team/state', {
-        method: 'POST',
-        body: JSON.stringify({
-          teamId: iTeam.id,
-          teamSlug: iTeam.slug,
-        }),
-      })
-    },
-    1000
-  )
-
-  useEffect(() => {
-    if (!team) {
-      return
-    }
-
-    updateTeamCookieState(team)
-  }, [updateTeamCookieState, team])
-}
diff --git a/src/lib/hooks/use-user.ts b/src/lib/hooks/use-user.ts
index 7c616124c..72462a2bd 100644
--- a/src/lib/hooks/use-user.ts
+++ b/src/lib/hooks/use-user.ts
@@ -2,7 +2,7 @@
 
 import type { User } from '@supabase/supabase-js'
 import useSWR from 'swr'
-import { supabase } from '../clients/supabase/client'
+import { supabase } from '@/core/shared/clients/supabase/client'
 
 interface UseUserProps {
   initialData?: User
diff --git a/src/lib/schemas/api.ts b/src/lib/schemas/api.ts
deleted file mode 100644
index 12d038c72..000000000
--- a/src/lib/schemas/api.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import z from 'zod'
-
-/**
- * Sandbox ID validation schema
- * Accepts standard sandbox ID format (alphanumeric characters)
- * Maximum length of 100 characters to prevent DoS attacks
- * Example: i08krhnahpx21arf83wmz
- */
-export const SandboxIdSchema = z
-  .string()
-  .min(1, 'Sandbox ID is required')
-  .max(100, 'Sandbox ID too long')
-  .regex(/^[a-z0-9]+$/, 'Invalid sandbox ID format')
diff --git a/src/lib/schemas/team.ts b/src/lib/schemas/team.ts
deleted file mode 100644
index 1ffe1164e..000000000
--- a/src/lib/schemas/team.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { z } from 'zod'
-
-export const TeamIdOrSlugSchema = z.union([
-  z.uuid(),
-  z.string(),
-  // FIXME: Add correct team regex as in db slug generation
-  // .regex(
-  //   /^[a-z0-9]+(-[a-z0-9]+)*$/i,
-  //   'Must be a valid slug (words separated by hyphens)'
-  // ),
-])
diff --git a/src/lib/utils/action.ts b/src/lib/utils/action.ts
deleted file mode 100644
index 14e5b4135..000000000
--- a/src/lib/utils/action.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-import { UnauthorizedError, UnknownError } from '@/types/errors'
-
-/**
- * Custom error class for action-specific errors.
- *
- * @remarks
- * This error class is used in server actions but will be serialized and sent to the client.
- * Be careful not to include sensitive information in error messages as they will be exposed to the client.
- * When thrown in a server action, the message will be visible in client-side error handling.
- */
-export class ActionError extends Error {
-  constructor(message: string) {
-    super(message)
-    this.name = 'ActionError'
-  }
-}
-
-/**
- * Returns a server error to the client by throwing an ActionError.
- *
- * @param message - The error message to be sent to the client
- * @returns Never returns as it always throws an error
- *
- * @example
- * ```ts
- * if (error) {
- *   if (error.code === 'invalid_credentials') {
- *     return returnServerError('Invalid credentials')
- *   }
- *   throw error
- * }
- * ```
- *
- * @remarks
- * This function is used to return user-friendly error messages from server actions.
- * The error message will be serialized and sent to the client, so avoid including
- * sensitive information.
- */
-export const returnServerError = (message: string) => {
-  throw new ActionError(message)
-}
-
-export function handleDefaultInfraError(status: number) {
-  switch (status) {
-    case 403:
-      return returnServerError(
-        'You may have reached your billing limits or your account may be blocked. Please check your billing settings or contact support.'
-      )
-    case 401:
-      return returnServerError(UnauthorizedError('Unauthorized').message)
-    default:
-      return returnServerError(UnknownError().message)
-  }
-}
-
-export const flattenClientInputValue = (
-  clientInput: unknown,
-  key: string
-): string | undefined => {
-  if (typeof clientInput === 'object' && clientInput && key in clientInput) {
-    return clientInput[key as keyof typeof clientInput]
-  }
-
-  return undefined
-}
diff --git a/src/lib/utils/rewrites.ts b/src/lib/utils/rewrites.ts
index e354cbce9..a9a01eb3e 100644
--- a/src/lib/utils/rewrites.ts
+++ b/src/lib/utils/rewrites.ts
@@ -1,12 +1,11 @@
 import * as cheerio from 'cheerio'
-import { serializeError } from 'serialize-error'
 import {
   MIDDLEWARE_REWRITE_CONFIG,
   type RewriteConfigType,
   ROUTE_REWRITE_CONFIG,
 } from '@/configs/rewrites'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import type { RewriteConfig } from '@/types/rewrites.types'
-import { l } from '../clients/logger/logger'
 
 function getRewriteForPath(
   path: string,
@@ -117,7 +116,7 @@ function rewriteAbsoluteHrefsInDoc(
       l.warn(
         {
           key: 'cheerio_href_rewriter:failed',
-          error: serializeError(e),
+          error: serializeErrorForLog(e),
           context: { href },
         },
         `Failed to parse or set href="${href}"`
diff --git a/src/lib/utils/server.ts b/src/lib/utils/server.ts
index 8a9bd7107..40732c351 100644
--- a/src/lib/utils/server.ts
+++ b/src/lib/utils/server.ts
@@ -5,9 +5,9 @@ import { cache } from 'react'
 import { z } from 'zod'
 import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
 import { COOKIE_KEYS } from '@/configs/cookies'
-import { infra } from '../clients/api'
-import { l } from '../clients/logger/logger'
-import { returnServerError } from './action'
+import { returnServerError } from '@/core/server/actions/utils'
+import { infra } from '@/core/shared/clients/api'
+import { l } from '@/core/shared/clients/logger/logger'
 
 /*
  *  This function generates an e2b user access token for a given user.
@@ -46,7 +46,7 @@ export async function generateE2BUserAccessToken(supabaseAccessToken: string) {
   return res.data
 }
 
-export const getTeamMetadataFromCookies = async (teamIdOrSlug: string) => {
+export const getTeamMetadataFromCookies = async (teamSlug: string) => {
   const cookiesStore = await cookies()
 
   const cookieTeamId = cookiesStore.get(COOKIE_KEYS.SELECTED_TEAM_ID)?.value
@@ -56,18 +56,16 @@ export const getTeamMetadataFromCookies = async (teamIdOrSlug: string) => {
     return null
   }
 
-  const isSensical =
-    cookieTeamId === teamIdOrSlug || cookieTeamSlug === teamIdOrSlug
   const isUUID = z.uuid().safeParse(cookieTeamId).success
 
-  if (isUUID && isSensical) {
-    return {
-      id: cookieTeamId,
-      slug: cookieTeamSlug,
-    }
+  if (!isUUID || cookieTeamSlug !== teamSlug) {
+    return null
   }
 
-  return null
+  return {
+    id: cookieTeamId,
+    slug: cookieTeamSlug,
+  }
 }
 
 /**
diff --git a/src/lib/utils/trpc-errors.ts b/src/lib/utils/trpc-errors.ts
index 1ecec3f13..0ef73764b 100644
--- a/src/lib/utils/trpc-errors.ts
+++ b/src/lib/utils/trpc-errors.ts
@@ -1,5 +1,5 @@
 import { TRPCClientError, type TRPCClientErrorLike } from '@trpc/client'
-import type { TRPCAppRouter } from '@/server/api/routers'
+import type { TRPCAppRouter } from '@/core/server/api/routers'
 
 export function isNotFoundError(
   error: unknown
diff --git a/src/proxy.ts b/src/proxy.ts
index 64bf11665..b0416e2b6 100644
--- a/src/proxy.ts
+++ b/src/proxy.ts
@@ -1,11 +1,10 @@
 import { createServerClient } from '@supabase/ssr'
 import { type NextRequest, NextResponse } from 'next/server'
-import { serializeError } from 'serialize-error'
 import { ALLOW_SEO_INDEXING } from './configs/flags'
-import { l } from './lib/clients/logger/logger'
+import { getAuthRedirect } from './core/server/http/proxy'
+import { l, serializeErrorForLog } from './core/shared/clients/logger/logger'
 import { getMiddlewareRedirectFromPath } from './lib/utils/redirects'
 import { getRewriteForPath } from './lib/utils/rewrites'
-import { getAuthRedirect } from './server/proxy'
 
 export async function proxy(request: NextRequest) {
   try {
@@ -111,10 +110,10 @@ export async function proxy(request: NextRequest) {
     l.error(
       {
         key: 'middleware:unexpected_error',
-        error: serializeError(error),
+        error: serializeErrorForLog(error),
         context: {
           pathname: request.nextUrl.pathname,
-          teamIdOrSlug: request.nextUrl.pathname.split('/')[2],
+          teamSlug: request.nextUrl.pathname.split('/')[2],
         },
       },
       'middleware - unexpected error'
diff --git a/src/server/api/errors.ts b/src/server/api/errors.ts
deleted file mode 100644
index 2a4463e91..000000000
--- a/src/server/api/errors.ts
+++ /dev/null
@@ -1,93 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { l } from '@/lib/clients/logger/logger'
-
-export const forbiddenTeamAccessError = () =>
-  new TRPCError({
-    code: 'FORBIDDEN',
-    message: 'You are not authorized to access this team',
-  })
-
-export const unauthorizedUserError = () =>
-  new TRPCError({
-    code: 'UNAUTHORIZED',
-    message: 'You are not authenticated',
-  })
-
-export const internalServerError = () =>
-  new TRPCError({
-    code: 'INTERNAL_SERVER_ERROR',
-    message:
-      'An Unexpected Error Occurred, please try again. If the problem persists, contact support.',
-  })
-
-export const apiError = (status: number) => {
-  switch (status) {
-    case 403:
-      return forbiddenTeamAccessError()
-    case 401:
-      return unauthorizedUserError()
-    default:
-      return internalServerError()
-  }
-}
-
-interface HandleBackendApiErrorInput {
-  status: number
-  error: unknown
-  teamId: string
-  path: string
-  logKey: string
-  message: string
-  context?: Record<string, unknown>
-}
-
-function handleBackendApiError({
-  status,
-  error,
-  teamId,
-  path,
-  logKey,
-  message,
-  context,
-}: HandleBackendApiErrorInput): never {
-  l.error(
-    {
-      key: logKey,
-      error,
-      team_id: teamId,
-      context: {
-        status,
-        path,
-        ...(context ?? {}),
-      },
-    },
-    `${message}: ${((error as { message?: string })?.message as string) || 'Unknown error'}`
-  )
-
-  if (status === 404) {
-    throw new TRPCError({
-      code: 'NOT_FOUND',
-      message: "Build not found or you don't have access to it",
-    })
-  }
-
-  throw apiError(status)
-}
-
-export function handleDashboardApiError(
-  input: Omit<HandleBackendApiErrorInput, 'message'>
-): never {
-  return handleBackendApiError({
-    ...input,
-    message: `failed to fetch ${input.path}`,
-  })
-}
-
-export function handleInfraApiError(
-  input: Omit<HandleBackendApiErrorInput, 'message'>
-): never {
-  return handleBackendApiError({
-    ...input,
-    message: `failed to fetch ${input.path}`,
-  })
-}
diff --git a/src/server/api/repositories/auth.repository.ts b/src/server/api/repositories/auth.repository.ts
deleted file mode 100644
index 4f1c5182d..000000000
--- a/src/server/api/repositories/auth.repository.ts
+++ /dev/null
@@ -1,112 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { createClient } from '@/lib/clients/supabase/server'
-import type { OtpType } from '../models/auth.models'
-
-interface VerifyOtpResult {
-  userId: string
-}
-
-/**
- * Verifies an OTP token with Supabase Auth.
- * Creates a session and sets auth cookies on success.
- * @throws TRPCError on verification failure
- */
-async function verifyOtp(
-  tokenHash: string,
-  type: OtpType
-): Promise<VerifyOtpResult> {
-  const supabase = await createClient()
-
-  const { data, error } = await supabase.auth.verifyOtp({
-    type,
-    token_hash: tokenHash,
-  })
-
-  if (error) {
-    l.error(
-      {
-        key: 'auth_repository:verify_otp:error',
-        error: serializeError(error),
-        context: {
-          type,
-          token_hash_prefix: tokenHash.slice(0, 10),
-          error_code: error.code,
-          error_status: error.status,
-        },
-      },
-      `failed to verify OTP: ${error.message}`
-    )
-
-    if (error.status === 403 && error.code === 'otp_expired') {
-      throw new TRPCError({
-        code: 'BAD_REQUEST',
-        message: 'Email link has expired. Please request a new one.',
-      })
-    }
-
-    throw new TRPCError({
-      code: 'BAD_REQUEST',
-      message: 'Invalid or expired verification link.',
-    })
-  }
-
-  if (!data.user) {
-    l.error(
-      {
-        key: 'auth_repository:verify_otp:no_user',
-        context: {
-          type,
-          token_hash_prefix: tokenHash.slice(0, 10),
-        },
-      },
-      `failed to verify OTP: no user found`
-    )
-
-    throw new TRPCError({
-      code: 'INTERNAL_SERVER_ERROR',
-      message: 'Verification failed. Please try again.',
-    })
-  }
-
-  // verify session was created (cookies should be set by supabase client)
-  const hasSession = !!data.session
-  const hasAccessToken = !!data.session?.access_token
-  const hasRefreshToken = !!data.session?.refresh_token
-
-  l.info(
-    {
-      key: 'auth_repository:verify_otp:success',
-      user_id: data.user.id,
-      context: {
-        type,
-        token_hash_prefix: tokenHash.slice(0, 10),
-        has_session: !!data.session,
-        has_access_token: !!data.session?.access_token,
-        has_refresh_token: !!data.session?.refresh_token,
-        session_expires_at: data.session?.expires_at,
-      },
-    },
-    `verified OTP for user: ${data.user.id}`
-  )
-
-  if (!hasSession) {
-    l.warn(
-      {
-        key: 'auth_repository:verify_otp:no_session',
-        user_id: data.user.id,
-        context: { type, tokenHashPrefix: tokenHash.slice(0, 10) },
-      },
-      `OTP verified but no session returned - user may not be signed in`
-    )
-  }
-
-  return {
-    userId: data.user.id,
-  }
-}
-
-export const authRepo = {
-  verifyOtp,
-}
diff --git a/src/server/api/repositories/builds.repository.ts b/src/server/api/repositories/builds.repository.ts
deleted file mode 100644
index 55a875e22..000000000
--- a/src/server/api/repositories/builds.repository.ts
+++ /dev/null
@@ -1,279 +0,0 @@
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { INITIAL_BUILD_STATUSES } from '@/features/dashboard/templates/builds/constants'
-import { api, infra } from '@/lib/clients/api'
-import { handleDashboardApiError, handleInfraApiError } from '../errors'
-import type {
-  BuildStatus,
-  ListedBuildDTO,
-  RunningBuildStatusDTO,
-} from '../models/builds.models'
-
-// helpers
-
-const LIST_BUILDS_DEFAULT_LIMIT = 50
-const LIST_BUILDS_MIN_LIMIT = 1
-const LIST_BUILDS_MAX_LIMIT = 100
-
-function normalizeListBuildsLimit(limit?: number): number {
-  return Math.max(
-    LIST_BUILDS_MIN_LIMIT,
-    Math.min(limit ?? LIST_BUILDS_DEFAULT_LIMIT, LIST_BUILDS_MAX_LIMIT)
-  )
-}
-
-// list builds
-
-interface ListBuildsOptions {
-  limit?: number
-  cursor?: string
-}
-
-interface ListBuildsResult {
-  data: ListedBuildDTO[]
-  nextCursor: string | null
-}
-
-interface BuildInfoResult {
-  names: string[] | null
-  createdAt: number
-  finishedAt: number | null
-  status: ListedBuildDTO['status']
-  statusMessage: string | null
-}
-
-async function listBuilds(
-  accessToken: string,
-  teamId: string,
-  buildIdOrTemplate?: string,
-  statuses: BuildStatus[] = INITIAL_BUILD_STATUSES,
-  options: ListBuildsOptions = {}
-): Promise<ListBuildsResult> {
-  const limit = normalizeListBuildsLimit(options.limit)
-  const result = await api.GET('/builds', {
-    params: {
-      query: {
-        build_id_or_template: buildIdOrTemplate?.trim() || undefined,
-        statuses,
-        limit,
-        cursor: options.cursor,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-  })
-
-  if (!result.response.ok || result.error) {
-    handleDashboardApiError({
-      status: result.response.status,
-      error: result.error,
-      teamId,
-      path: '/builds',
-      logKey: 'repositories:builds:list_builds:dashboard_api_error',
-    })
-  }
-
-  const builds = result.data?.data ?? []
-  if (builds.length === 0) {
-    return {
-      data: [],
-      nextCursor: null,
-    }
-  }
-
-  return {
-    data: builds.map(
-      (build): ListedBuildDTO => ({
-        id: build.id,
-        template: build.template,
-        templateId: build.templateId,
-        status: build.status,
-        statusMessage: build.statusMessage,
-        createdAt: new Date(build.createdAt).getTime(),
-        finishedAt: build.finishedAt
-          ? new Date(build.finishedAt).getTime()
-          : null,
-      })
-    ),
-    nextCursor: result.data?.nextCursor ?? null,
-  }
-}
-
-// get running build statuses
-
-async function getRunningStatuses(
-  accessToken: string,
-  teamId: string,
-  buildIds: string[]
-): Promise<RunningBuildStatusDTO[]> {
-  if (buildIds.length === 0) {
-    return []
-  }
-
-  const result = await api.GET('/builds/statuses', {
-    params: {
-      query: {
-        build_ids: buildIds,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-  })
-
-  if (!result.response.ok || result.error) {
-    handleDashboardApiError({
-      status: result.response.status,
-      error: result.error,
-      teamId,
-      path: '/builds/statuses',
-      logKey: 'repositories:builds:get_running_statuses:dashboard_api_error',
-    })
-  }
-
-  return (result.data?.buildStatuses ?? []).map((row) => ({
-    id: row.id,
-    status: row.status,
-    finishedAt: row.finishedAt ? new Date(row.finishedAt).getTime() : null,
-    statusMessage: row.statusMessage,
-  }))
-}
-
-// get build details
-
-export async function getBuildInfo(
-  accessToken: string,
-  buildId: string,
-  teamId: string
-): Promise<BuildInfoResult> {
-  const result = await api.GET('/builds/{build_id}', {
-    params: {
-      path: {
-        build_id: buildId,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-  })
-
-  if (!result.response.ok || result.error) {
-    handleDashboardApiError({
-      status: result.response.status,
-      error: result.error,
-      teamId,
-      path: '/builds/{build_id}',
-      logKey: 'repositories:builds:get_build_info:dashboard_api_error',
-      context: {
-        build_id: buildId,
-      },
-    })
-  }
-
-  const data = result.data
-
-  return {
-    names: data.names ?? null,
-    createdAt: new Date(data.createdAt).getTime(),
-    finishedAt: data.finishedAt ? new Date(data.finishedAt).getTime() : null,
-    status: data.status,
-    statusMessage: data.statusMessage,
-  }
-}
-
-// get build status (without logs)
-
-export async function getInfraBuildStatus(
-  accessToken: string,
-  teamId: string,
-  templateId: string,
-  buildId: string
-) {
-  const result = await infra.GET(
-    `/templates/{templateID}/builds/{buildID}/status`,
-    {
-      params: {
-        path: {
-          templateID: templateId,
-          buildID: buildId,
-        },
-        query: {
-          limit: 0,
-        },
-      },
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-    }
-  )
-
-  if (!result.response.ok || result.error) {
-    handleInfraApiError({
-      status: result.response.status,
-      error: result.error,
-      teamId,
-      path: '/templates/{templateID}/builds/{buildID}/status',
-      logKey: 'repositories:builds:get_build_status:infra_error',
-    })
-  }
-
-  return result.data
-}
-
-// get build logs
-
-export interface GetInfraBuildLogsOptions {
-  cursor?: number
-  limit?: number
-  direction?: 'forward' | 'backward'
-  level?: 'debug' | 'info' | 'warn' | 'error'
-}
-
-export async function getInfraBuildLogs(
-  accessToken: string,
-  teamId: string,
-  templateId: string,
-  buildId: string,
-  options: GetInfraBuildLogsOptions = {}
-) {
-  const result = await infra.GET(
-    `/templates/{templateID}/builds/{buildID}/logs`,
-    {
-      params: {
-        path: {
-          templateID: templateId,
-          buildID: buildId,
-        },
-        query: {
-          cursor: options.cursor,
-          limit: options.limit,
-          direction: options.direction,
-          level: options.level,
-        },
-      },
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-    }
-  )
-
-  if (!result.response.ok || result.error) {
-    handleInfraApiError({
-      status: result.response.status,
-      error: result.error,
-      teamId,
-      path: '/templates/{templateID}/builds/{buildID}/logs',
-      logKey: 'repositories:builds:get_build_logs:infra_error',
-    })
-  }
-
-  return result.data
-}
-
-export const buildsRepo = {
-  listBuilds,
-  getRunningStatuses,
-  getBuildInfo,
-  getInfraBuildStatus,
-  getInfraBuildLogs,
-}
diff --git a/src/server/api/repositories/sandboxes.repository.ts b/src/server/api/repositories/sandboxes.repository.ts
deleted file mode 100644
index 3508d2e10..000000000
--- a/src/server/api/repositories/sandboxes.repository.ts
+++ /dev/null
@@ -1,302 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { api, infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import {
-  apiError,
-  handleDashboardApiError,
-  handleInfraApiError,
-} from '../errors'
-import type { SandboxEventDTO } from '../models/sandboxes.models'
-
-// get sandbox logs
-
-export interface GetSandboxLogsOptions {
-  cursor?: number
-  limit?: number
-  direction?: 'forward' | 'backward'
-  level?: 'debug' | 'info' | 'warn' | 'error'
-  search?: string
-}
-
-export async function getSandboxLogs(
-  accessToken: string,
-  teamId: string,
-  sandboxId: string,
-  options: GetSandboxLogsOptions = {}
-) {
-  const result = await infra.GET('/v2/sandboxes/{sandboxID}/logs', {
-    params: {
-      path: {
-        sandboxID: sandboxId,
-      },
-      query: {
-        cursor: options.cursor,
-        limit: options.limit,
-        direction: options.direction,
-        level: options.level,
-        search: options.search,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-  })
-
-  if (!result.response.ok || result.error) {
-    const status = result.response.status
-
-    l.error(
-      {
-        key: 'repositories:sandboxes:get_sandbox_logs:infra_error',
-        error: result.error,
-        team_id: teamId,
-        context: {
-          status,
-          path: '/v2/sandboxes/{sandboxID}/logs',
-          sandbox_id: sandboxId,
-        },
-      },
-      `failed to fetch /v2/sandboxes/{sandboxID}/logs: ${result.error?.message || 'Unknown error'}`
-    )
-
-    if (status === 404) {
-      throw new TRPCError({
-        code: 'NOT_FOUND',
-        message: "Sandbox not found or you don't have access to it",
-      })
-    }
-
-    throw apiError(status)
-  }
-
-  return result.data
-}
-
-export async function getSandboxDetails(
-  accessToken: string,
-  teamId: string,
-  sandboxId: string
-) {
-  const infraResult = await infra.GET('/sandboxes/{sandboxID}', {
-    params: {
-      path: {
-        sandboxID: sandboxId,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-    cache: 'no-store',
-  })
-
-  if (infraResult.response.ok && infraResult.data) {
-    return {
-      source: 'infra' as const,
-      details: infraResult.data,
-    }
-  }
-
-  const infraStatus = infraResult.response.status
-
-  if (infraStatus !== 404) {
-    handleInfraApiError({
-      status: infraStatus,
-      error: infraResult.error,
-      teamId,
-      path: '/sandboxes/{sandboxID}',
-      logKey: 'repositories:sandboxes:get_sandbox_details:infra_error',
-      context: {
-        sandbox_id: sandboxId,
-      },
-    })
-  }
-
-  const dashboardResult = await api.GET('/sandboxes/{sandboxID}/record', {
-    params: {
-      path: {
-        sandboxID: sandboxId,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-    cache: 'no-store',
-  })
-
-  if (dashboardResult.response.ok && dashboardResult.data) {
-    return {
-      source: 'database-record' as const,
-      details: dashboardResult.data,
-    }
-  }
-
-  const dashboardStatus = dashboardResult.response.status
-
-  if (dashboardStatus === 404) {
-    throw new TRPCError({
-      code: 'NOT_FOUND',
-      message: "Sandbox not found or you don't have access to it",
-    })
-  }
-
-  handleDashboardApiError({
-    status: dashboardStatus,
-    error: dashboardResult.error,
-    teamId,
-    path: '/sandboxes/{sandboxID}/record',
-    logKey: 'repositories:sandboxes:get_sandbox_details:fallback_error',
-    context: {
-      infra_status: infraStatus,
-      sandbox_id: sandboxId,
-    },
-  })
-}
-
-const SANDBOX_EVENTS_PAGE_SIZE = 100
-const SANDBOX_EVENTS_MAX_PAGES = 50
-const SANDBOX_LIFECYCLE_EVENT_PREFIX = 'sandbox.lifecycle.'
-
-export async function getSandboxLifecycleEvents(
-  accessToken: string,
-  teamId: string,
-  sandboxId: string
-) {
-  const lifecycleEvents: SandboxEventDTO[] = []
-
-  for (
-    let pageIndex = 0, offset = 0;
-    pageIndex < SANDBOX_EVENTS_MAX_PAGES;
-    pageIndex += 1, offset += SANDBOX_EVENTS_PAGE_SIZE
-  ) {
-    try {
-      const result = await infra.GET('/events/sandboxes/{sandboxID}', {
-        params: {
-          path: {
-            sandboxID: sandboxId,
-          },
-          query: {
-            offset,
-            limit: SANDBOX_EVENTS_PAGE_SIZE,
-            orderAsc: true,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-        },
-        cache: 'no-store',
-      })
-
-      if (!result.response.ok || result.error) {
-        l.warn({
-          key: 'repositories:sandboxes:get_sandbox_lifecycle_events:infra_error',
-          error: result.error,
-          team_id: teamId,
-          context: {
-            status: result.response.status,
-            path: '/events/sandboxes/{sandboxID}',
-            sandbox_id: sandboxId,
-            offset,
-            limit: SANDBOX_EVENTS_PAGE_SIZE,
-          },
-        })
-        break
-      }
-
-      const page = result.data ?? []
-      lifecycleEvents.push(
-        ...page.filter((event) =>
-          event.type.startsWith(SANDBOX_LIFECYCLE_EVENT_PREFIX)
-        )
-      )
-
-      if (page.length < SANDBOX_EVENTS_PAGE_SIZE) {
-        break
-      }
-    } catch (error) {
-      l.warn({
-        key: 'repositories:sandboxes:get_sandbox_lifecycle_events:infra_exception',
-        error,
-        team_id: teamId,
-        context: {
-          path: '/events/sandboxes/{sandboxID}',
-          sandbox_id: sandboxId,
-          offset,
-          limit: SANDBOX_EVENTS_PAGE_SIZE,
-        },
-      })
-      break
-    }
-  }
-
-  return lifecycleEvents
-}
-
-// get sandbox metrics
-
-export interface GetSandboxMetricsOptions {
-  startUnixMs: number
-  endUnixMs: number
-}
-
-export async function getSandboxMetrics(
-  accessToken: string,
-  teamId: string,
-  sandboxId: string,
-  options: GetSandboxMetricsOptions
-) {
-  // convert milliseconds to seconds for the API
-  const startUnixSeconds = Math.floor(options.startUnixMs / 1000)
-  const endUnixSeconds = Math.floor(options.endUnixMs / 1000)
-
-  const result = await infra.GET('/sandboxes/{sandboxID}/metrics', {
-    params: {
-      path: {
-        sandboxID: sandboxId,
-      },
-      query: {
-        start: startUnixSeconds,
-        end: endUnixSeconds,
-      },
-    },
-    headers: {
-      ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-    },
-  })
-
-  if (!result.response.ok || result.error) {
-    const status = result.response.status
-
-    l.error(
-      {
-        key: 'repositories:sandboxes:get_sandbox_metrics:infra_error',
-        error: result.error,
-        team_id: teamId,
-        context: {
-          status,
-          path: '/sandboxes/{sandboxID}/metrics',
-          sandbox_id: sandboxId,
-        },
-      },
-      `failed to fetch /sandboxes/{sandboxID}/metrics: ${result.error?.message || 'Unknown error'}`
-    )
-
-    if (status === 404) {
-      throw new TRPCError({
-        code: 'NOT_FOUND',
-        message: "Sandbox not found or you don't have access to it",
-      })
-    }
-
-    throw apiError(status)
-  }
-
-  return result.data
-}
-
-export const sandboxesRepo = {
-  getSandboxLogs,
-  getSandboxDetails,
-  getSandboxLifecycleEvents,
-  getSandboxMetrics,
-}
diff --git a/src/server/api/repositories/support.repository.ts b/src/server/api/repositories/support.repository.ts
deleted file mode 100644
index 1b8189c3c..000000000
--- a/src/server/api/repositories/support.repository.ts
+++ /dev/null
@@ -1,307 +0,0 @@
-import 'server-only'
-
-import { AttachmentType, PlainClient } from '@team-plain/typescript-sdk'
-import { TRPCError } from '@trpc/server'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-
-const MAX_FILE_SIZE = 10 * 1024 * 1024 // 10MB per file
-const MAX_FILES = 5
-
-interface FileInput {
-  name: string
-  type: string
-  base64: string
-}
-
-function formatThreadText(input: {
-  description: string
-  teamId: string
-  customerEmail: string
-  accountOwnerEmail: string
-  customerTier: string
-}): string {
-  const {
-    description,
-    teamId,
-    customerEmail,
-    accountOwnerEmail,
-    customerTier,
-  } = input
-
-  const header = [
-    '########',
-    `Customer: ${customerEmail}`,
-    `Account Owner: ${accountOwnerEmail}`,
-    `Tier: ${customerTier}`,
-    `TeamID: ${teamId}`,
-    `Orbit: https://orbit.e2b.dev/teams/${teamId}/users`,
-    '########',
-  ].join('\n')
-
-  const truncatedDescription = description.slice(0, 10000)
-
-  return `${header}\n\n${truncatedDescription}`
-}
-
-async function uploadAttachmentToPlain(
-  client: PlainClient,
-  customerId: string,
-  file: FileInput
-): Promise<string> {
-  const buffer = Buffer.from(file.base64, 'base64')
-
-  if (buffer.byteLength > MAX_FILE_SIZE) {
-    throw new Error(`File ${file.name} exceeds 10MB limit`)
-  }
-
-  l.info(
-    {
-      key: 'repositories:support:attachment_upload_start',
-      file_name: file.name,
-      file_size: buffer.byteLength,
-      file_type: file.type,
-      customer_id: customerId,
-    },
-    `starting attachment upload for ${file.name} (${buffer.byteLength} bytes, type: ${file.type})`
-  )
-
-  const uploadUrlResult = await client.createAttachmentUploadUrl({
-    customerId,
-    fileName: file.name,
-    fileSizeBytes: buffer.byteLength,
-    attachmentType: AttachmentType.CustomTimelineEntry,
-  })
-
-  if (uploadUrlResult.error) {
-    l.error(
-      {
-        key: 'repositories:support:attachment_create_url_error',
-        error: uploadUrlResult.error,
-        file_name: file.name,
-      },
-      `failed to create upload URL for ${file.name}: ${uploadUrlResult.error.message}`
-    )
-    throw new Error(
-      `Failed to create upload URL for ${file.name}: ${uploadUrlResult.error.message}`
-    )
-  }
-
-  const { uploadFormUrl, uploadFormData, attachment } = uploadUrlResult.data
-
-  l.info(
-    {
-      key: 'repositories:support:attachment_uploading',
-      file_name: file.name,
-      attachment_id: attachment.id,
-      upload_url: uploadFormUrl,
-      form_data_keys: uploadFormData.map((d) => d.key),
-    },
-    `uploading ${file.name} to Plain (attachment: ${attachment.id})`
-  )
-
-  const formData = new FormData()
-  for (const { key, value } of uploadFormData) {
-    formData.append(key, value)
-  }
-  formData.append('file', new Blob([buffer], { type: file.type }), file.name)
-
-  const uploadResponse = await fetch(uploadFormUrl, {
-    method: 'POST',
-    body: formData,
-  })
-
-  if (!uploadResponse.ok) {
-    const responseText = await uploadResponse
-      .text()
-      .catch(() => 'unable to read response body')
-    l.error(
-      {
-        key: 'repositories:support:attachment_upload_failed',
-        file_name: file.name,
-        status: uploadResponse.status,
-        status_text: uploadResponse.statusText,
-        response_body: responseText,
-      },
-      `failed to upload ${file.name}: ${uploadResponse.status} ${uploadResponse.statusText} - ${responseText}`
-    )
-    throw new Error(
-      `Failed to upload ${file.name}: ${uploadResponse.status} ${uploadResponse.statusText}`
-    )
-  }
-
-  l.info(
-    {
-      key: 'repositories:support:attachment_upload_success',
-      file_name: file.name,
-      attachment_id: attachment.id,
-    },
-    `successfully uploaded ${file.name} (attachment: ${attachment.id})`
-  )
-
-  return attachment.id
-}
-
-export async function getTeamSupportData(teamId: string) {
-  const { data: team, error: teamError } = await supabaseAdmin
-    .from('teams')
-    .select('name, email, tier')
-    .eq('id', teamId)
-    .single()
-
-  if (teamError || !team) {
-    l.error(
-      {
-        key: 'repositories:support:fetch_team_error',
-        error: teamError,
-        team_id: teamId,
-      },
-      `failed to fetch team data: ${teamError?.message}`
-    )
-    throw new TRPCError({
-      code: 'INTERNAL_SERVER_ERROR',
-      message: 'Failed to load team information',
-    })
-  }
-
-  return team
-}
-
-export async function createSupportThread(input: {
-  description: string
-  files?: FileInput[]
-  teamId: string
-  teamName: string
-  customerEmail: string
-  accountOwnerEmail: string
-  customerTier: string
-}) {
-  const {
-    description,
-    files,
-    teamId,
-    teamName,
-    customerEmail,
-    accountOwnerEmail,
-    customerTier,
-  } = input
-
-  if (!process.env.PLAIN_API_KEY) {
-    l.error(
-      { key: 'repositories:support:plain_not_configured' },
-      'PLAIN_API_KEY not configured'
-    )
-    throw new TRPCError({
-      code: 'INTERNAL_SERVER_ERROR',
-      message: 'Support API not configured',
-    })
-  }
-
-  const client = new PlainClient({
-    apiKey: process.env.PLAIN_API_KEY,
-  })
-
-  // Upsert customer in Plain
-  const customerResult = await client.upsertCustomer({
-    identifier: {
-      emailAddress: customerEmail,
-    },
-    onCreate: {
-      email: {
-        email: customerEmail,
-        isVerified: true,
-      },
-      fullName: customerEmail,
-    },
-    onUpdate: {},
-  })
-
-  if (customerResult.error) {
-    l.error(
-      {
-        key: 'repositories:support:upsert_customer_error',
-        error: customerResult.error,
-        customer_email: customerEmail,
-      },
-      `failed to upsert customer in Plain: ${customerResult.error.message}`
-    )
-    throw new TRPCError({
-      code: 'INTERNAL_SERVER_ERROR',
-      message: 'Failed to create support ticket',
-    })
-  }
-
-  const customerId = customerResult.data.customer.id
-
-  // Upload attachments to Plain
-  const attachmentIds: string[] = []
-  const validFiles = (files ?? []).slice(0, MAX_FILES)
-
-  for (const file of validFiles) {
-    try {
-      const attachmentId = await uploadAttachmentToPlain(
-        client,
-        customerId,
-        file
-      )
-      attachmentIds.push(attachmentId)
-    } catch (err) {
-      l.warn(
-        {
-          key: 'repositories:support:attachment_upload_error',
-          error: err,
-          file_name: file.name,
-        },
-        `failed to upload attachment ${file.name}`
-      )
-      // Continue with remaining files
-    }
-  }
-
-  // Create thread
-  const title = `Support Request [${teamName}]`
-  const threadText = formatThreadText({
-    description,
-    teamId,
-    customerEmail,
-    accountOwnerEmail,
-    customerTier,
-  })
-
-  const result = await client.createThread({
-    title,
-    customerIdentifier: {
-      customerId,
-    },
-    components: [
-      {
-        componentText: {
-          text: threadText,
-        },
-      },
-    ],
-    ...(attachmentIds.length > 0 ? { attachmentIds } : {}),
-  })
-
-  if (result.error) {
-    l.error(
-      {
-        key: 'repositories:support:create_thread_error',
-        error: result.error,
-        customer_email: customerEmail,
-      },
-      `failed to create Plain thread: ${result.error.message}`
-    )
-    throw new TRPCError({
-      code: 'INTERNAL_SERVER_ERROR',
-      message: 'Failed to create support ticket',
-    })
-  }
-
-  return { threadId: result.data.id }
-}
-
-export const supportRepo = {
-  getTeamSupportData,
-  createSupportThread,
-}
diff --git a/src/server/api/routers/billing.ts b/src/server/api/routers/billing.ts
deleted file mode 100644
index 49bccddf7..000000000
--- a/src/server/api/routers/billing.ts
+++ /dev/null
@@ -1,387 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { headers } from 'next/headers'
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import {
-  ADDON_500_SANDBOXES_ID,
-  ADDON_PURCHASE_ACTION_ERRORS,
-} from '@/features/dashboard/billing/constants'
-import getTeamLimitsMemo from '@/server/team/get-team-limits-memo'
-import type {
-  AddOnOrderConfirmResponse,
-  AddOnOrderCreateResponse,
-  BillingLimit,
-  CustomerPortalResponse,
-  Invoice,
-  PaymentMethodsCustomerSession,
-  TeamItems,
-  UsageResponse,
-} from '@/types/billing.types'
-import { createTRPCRouter } from '../init'
-import { protectedTeamProcedure } from '../procedures'
-
-function limitTypeToKey(type: 'limit' | 'alert') {
-  return type === 'limit' ? 'limit_amount_gte' : 'alert_amount_gte'
-}
-
-export const billingRouter = createTRPCRouter({
-  createCheckout: protectedTeamProcedure
-    .input(z.object({ tierId: z.string() }))
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
-      const { tierId } = input
-
-      const res = await fetch(`${process.env.BILLING_API_URL}/checkouts`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-        body: JSON.stringify({
-          teamID: teamId,
-          tierID: tierId,
-        }),
-      })
-
-      if (!res.ok) {
-        const text = await res.text()
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to create checkout session',
-        })
-      }
-
-      const data = (await res.json()) as { url: string; error?: string }
-
-      if (data.error) {
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: data.error,
-        })
-      }
-
-      return { url: data.url }
-    }),
-
-  createCustomerPortalSession: protectedTeamProcedure.mutation(
-    async ({ ctx }) => {
-      const { teamId, session } = ctx
-
-      const origin = (await headers()).get('origin')
-
-      const res = await fetch(`${process.env.BILLING_API_URL}/stripe/portal`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...(origin && { Origin: origin }),
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      })
-
-      if (!res.ok) {
-        const text = await res.text()
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to create customer portal session',
-        })
-      }
-
-      const data = (await res.json()) as CustomerPortalResponse
-
-      return { url: data.url }
-    }
-  ),
-
-  getItems: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { teamId, session } = ctx
-
-    const res = await fetch(
-      `${process.env.BILLING_API_URL}/teams/${teamId}/items`,
-      {
-        method: 'GET',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      }
-    )
-
-    if (!res.ok) {
-      const text = await res.text()
-
-      throw new TRPCError({
-        code: 'INTERNAL_SERVER_ERROR',
-        message:
-          text ?? `Failed to fetch billing endpoint: /teams/${teamId}/items`,
-      })
-    }
-
-    const items = (await res.json()) as TeamItems
-
-    return items
-  }),
-
-  getUsage: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { teamId, session } = ctx
-
-    const res = await fetch(
-      `${process.env.BILLING_API_URL}/v2/teams/${teamId}/usage`,
-      {
-        method: 'GET',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      }
-    )
-
-    if (!res.ok) {
-      const text = await res.text()
-
-      throw new TRPCError({
-        code: 'INTERNAL_SERVER_ERROR',
-        message: text ?? 'Failed to fetch usage data',
-      })
-    }
-
-    const responseData: UsageResponse = await res.json()
-
-    // convert unix seconds to milliseconds because JavaScript
-    const data: UsageResponse = {
-      ...responseData,
-      hour_usages: responseData.hour_usages.map((hour) => ({
-        ...hour,
-        timestamp: hour.timestamp * 1000,
-      })),
-    }
-
-    return data
-  }),
-
-  getInvoices: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { teamId, session } = ctx
-
-    const res = await fetch(
-      `${process.env.BILLING_API_URL}/teams/${teamId}/invoices`,
-      {
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      }
-    )
-
-    if (!res.ok) {
-      const text = await res.text()
-
-      throw new TRPCError({
-        code: 'INTERNAL_SERVER_ERROR',
-        message:
-          text ?? `Failed to fetch billing endpoint: /teams/${teamId}/invoices`,
-      })
-    }
-
-    const invoices = (await res.json()) as Invoice[]
-
-    return invoices
-  }),
-
-  getLimits: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { teamId, session } = ctx
-
-    const res = await fetch(
-      `${process.env.BILLING_API_URL}/teams/${teamId}/billing-limits`,
-      {
-        method: 'GET',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(session.access_token),
-        },
-      }
-    )
-
-    if (!res.ok) {
-      const text = await res.text()
-
-      throw new TRPCError({
-        code: 'INTERNAL_SERVER_ERROR',
-        message:
-          text ??
-          `Failed to fetch billing endpoint: /teams/${teamId}/billing-limits`,
-      })
-    }
-
-    const limits = (await res.json()) as BillingLimit
-
-    return limits
-  }),
-
-  getTeamLimits: protectedTeamProcedure.query(async ({ ctx }) => {
-    return await getTeamLimitsMemo(ctx.teamId, ctx.user.id)
-  }),
-
-  setLimit: protectedTeamProcedure
-    .input(
-      z.object({
-        type: z.enum(['limit', 'alert']),
-        value: z.number().min(1),
-      })
-    )
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
-      const { type, value } = input
-
-      const res = await fetch(
-        `${process.env.BILLING_API_URL}/teams/${teamId}/billing-limits`,
-        {
-          method: 'PATCH',
-          headers: {
-            'Content-Type': 'application/json',
-            ...SUPABASE_AUTH_HEADERS(session.access_token),
-          },
-          body: JSON.stringify({
-            [limitTypeToKey(type)]: value,
-          }),
-        }
-      )
-
-      if (!res.ok) {
-        const text = await res.text()
-
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to set limit',
-        })
-      }
-    }),
-
-  clearLimit: protectedTeamProcedure
-    .input(z.object({ type: z.enum(['limit', 'alert']) }))
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
-      const { type } = input
-
-      const res = await fetch(
-        `${process.env.BILLING_API_URL}/teams/${teamId}/billing-limits/${limitTypeToKey(type)}`,
-        {
-          method: 'DELETE',
-          headers: {
-            'Content-Type': 'application/json',
-            ...SUPABASE_AUTH_HEADERS(session.access_token),
-          },
-        }
-      )
-
-      if (!res.ok) {
-        const text = await res.text()
-
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to clear limit',
-        })
-      }
-    }),
-
-  createOrder: protectedTeamProcedure
-    .input(z.object({ itemId: z.literal(ADDON_500_SANDBOXES_ID) }))
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
-      const { itemId } = input
-
-      const res = await fetch(
-        `${process.env.BILLING_API_URL}/teams/${teamId}/orders`,
-        {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-          },
-          body: JSON.stringify({
-            items: [{ name: itemId, quantity: 1 }],
-          }),
-        }
-      )
-
-      if (!res.ok) {
-        const text = await res.text()
-
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to create order',
-        })
-      }
-
-      const data = (await res.json()) as AddOnOrderCreateResponse
-
-      return data
-    }),
-
-  confirmOrder: protectedTeamProcedure
-    .input(z.object({ orderId: z.string().uuid() }))
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, session } = ctx
-      const { orderId } = input
-
-      const res = await fetch(
-        `${process.env.BILLING_API_URL}/teams/${teamId}/orders/${orderId}`,
-        {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-          },
-        }
-      )
-
-      if (!res.ok) {
-        const text = await res.text()
-
-        if (
-          text.includes(
-            'Missing payment method, please update your payment information'
-          )
-        ) {
-          throw new TRPCError({
-            code: 'BAD_REQUEST',
-            message: ADDON_PURCHASE_ACTION_ERRORS.missingPaymentMethod,
-          })
-        }
-
-        throw new TRPCError({
-          code: 'INTERNAL_SERVER_ERROR',
-          message: text ?? 'Failed to confirm order',
-        })
-      }
-
-      const data = (await res.json()) as AddOnOrderConfirmResponse
-
-      return data
-    }),
-
-  getCustomerSession: protectedTeamProcedure.mutation(async ({ ctx }) => {
-    const { teamId, session } = ctx
-
-    const res = await fetch(
-      `${process.env.BILLING_API_URL}/teams/${teamId}/payment-methods/customer-session`,
-      {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      }
-    )
-
-    if (!res.ok) {
-      const text = await res.text()
-
-      throw new TRPCError({
-        code: 'INTERNAL_SERVER_ERROR',
-        message: text ?? 'Failed to fetch customer session',
-      })
-    }
-
-    const data = (await res.json()) as PaymentMethodsCustomerSession
-
-    return data
-  }),
-})
diff --git a/src/server/api/routers/sandboxes.ts b/src/server/api/routers/sandboxes.ts
deleted file mode 100644
index 8fcad8571..000000000
--- a/src/server/api/routers/sandboxes.ts
+++ /dev/null
@@ -1,283 +0,0 @@
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { USE_MOCK_DATA } from '@/configs/flags'
-import {
-  calculateTeamMetricsStep,
-  MOCK_SANDBOXES_DATA,
-  MOCK_TEAM_METRICS_DATA,
-  MOCK_TEAM_METRICS_MAX_DATA,
-} from '@/configs/mock-data'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import {
-  fillTeamMetricsWithZeros,
-  transformMetricsToClientMetrics,
-} from '@/server/sandboxes/utils'
-import { apiError } from '../errors'
-import { createTRPCRouter } from '../init'
-import { protectedTeamProcedure } from '../procedures'
-import {
-  GetTeamMetricsMaxSchema,
-  GetTeamMetricsSchema,
-} from '../schemas/sandboxes'
-
-export const sandboxesRouter = createTRPCRouter({
-  // QUERIES
-  getSandboxes: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { session, teamId } = ctx
-
-    if (USE_MOCK_DATA) {
-      await new Promise((resolve) => setTimeout(resolve, 200))
-
-      const sandboxes = MOCK_SANDBOXES_DATA()
-
-      return {
-        sandboxes,
-      }
-    }
-
-    const sandboxesResponse = await infra.GET('/sandboxes', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-      },
-      cache: 'no-store',
-    })
-
-    if (!sandboxesResponse.response.ok || sandboxesResponse.error) {
-      const status = sandboxesResponse.response.status
-
-      l.error(
-        {
-          key: 'trpc:sandboxes:get_team_sandboxes:infra_error',
-          error: sandboxesResponse.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            status,
-          },
-        },
-        `failed to fetch /sandboxes: ${sandboxesResponse.error?.message || 'Unknown error'}`
-      )
-
-      throw apiError(status)
-    }
-
-    return {
-      sandboxes: sandboxesResponse.data,
-    }
-  }),
-
-  getSandboxesMetrics: protectedTeamProcedure
-    .input(
-      z.object({
-        sandboxIds: z.array(z.string()),
-      })
-    )
-    .query(async ({ ctx, input }) => {
-      const { session, teamId } = ctx
-      const { sandboxIds } = input
-
-      if (sandboxIds.length === 0 || USE_MOCK_DATA) {
-        return {
-          metrics: {},
-        }
-      }
-
-      const metricsResponse = await infra.GET('/sandboxes/metrics', {
-        params: {
-          query: {
-            sandbox_ids: sandboxIds,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-        cache: 'no-store',
-      })
-
-      if (!metricsResponse.response.ok || metricsResponse.error) {
-        const status = metricsResponse.response.status
-
-        l.error(
-          {
-            key: 'trpc:sandboxes:get_team_sandboxes_metrics:infra_error',
-            error: metricsResponse.error,
-            team_id: teamId,
-            user_id: session.user.id,
-            context: {
-              status,
-              sandboxIds,
-              path: '/sandboxes/metrics',
-            },
-          },
-          `failed to fetch /sandboxes/metrics: ${metricsResponse.error?.message || 'Unknown error'}`
-        )
-
-        throw apiError(status)
-      }
-
-      const metrics = transformMetricsToClientMetrics(
-        metricsResponse.data.sandboxes
-      )
-
-      return {
-        metrics,
-      }
-    }),
-
-  getTeamMetrics: protectedTeamProcedure
-    .input(GetTeamMetricsSchema)
-    .query(async ({ ctx, input }) => {
-      const { session, teamId } = ctx
-      const { startDate: startDateMs, endDate: endDateMs } = input
-
-      // use mock data if enabled
-      if (USE_MOCK_DATA) {
-        const mockData = MOCK_TEAM_METRICS_DATA(startDateMs, endDateMs)
-        const filledMetrics = fillTeamMetricsWithZeros(
-          mockData.metrics,
-          startDateMs,
-          endDateMs,
-          mockData.step
-        )
-        return {
-          metrics: filledMetrics,
-          step: mockData.step,
-        }
-      }
-
-      const startS = Math.floor(startDateMs / 1000)
-      const endS = Math.floor(endDateMs / 1000)
-
-      // calculate step to determine overfetch amount
-      const stepMs = calculateTeamMetricsStep(startDateMs, endDateMs)
-
-      // overfetch by one step
-      // the overfetch is accounted for when post-processing the data using fillTeamMetricsWithZeros
-      const overfetchS = Math.ceil(stepMs / 1000)
-
-      const res = await infra.GET('/teams/{teamID}/metrics', {
-        params: {
-          path: {
-            teamID: teamId,
-          },
-          query: {
-            start: startS,
-            end: endS + overfetchS,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-        cache: 'no-store',
-      })
-
-      if (!res.response.ok || res.error) {
-        const status = res.response.status
-
-        l.warn(
-          {
-            key: `trpc:sandboxes:get_team_metrics:infra_error`,
-            error: res.error,
-            team_id: teamId,
-            user_id: session.user.id,
-            context: {
-              status,
-              startMs: startDateMs,
-              endMs: endDateMs,
-              stepMs,
-              overfetchS,
-            },
-          },
-          `failed to fetch /teams/{teamID}/metrics: ${res.error?.message || 'Unknown error'}`
-        )
-
-        throw apiError(status)
-      }
-
-      // transform timestamps from seconds to milliseconds
-      const metrics = res.data.map((d) => ({
-        concurrentSandboxes: d.concurrentSandboxes,
-        sandboxStartRate: d.sandboxStartRate,
-        timestamp: d.timestampUnix * 1000,
-      }))
-
-      // fill gaps with zeros for smooth visualization
-      const filledMetrics = fillTeamMetricsWithZeros(
-        metrics,
-        startDateMs,
-        endDateMs,
-        stepMs
-      )
-
-      return {
-        metrics: filledMetrics,
-        step: stepMs,
-      }
-    }),
-
-  getTeamMetricsMax: protectedTeamProcedure
-    .input(GetTeamMetricsMaxSchema)
-    .query(async ({ ctx, input }) => {
-      const { session, teamId } = ctx
-      const { startDate: startDateMs, endDate: endDateMs, metric } = input
-
-      if (USE_MOCK_DATA) {
-        return MOCK_TEAM_METRICS_MAX_DATA(startDateMs, endDateMs, metric)
-      }
-
-      // convert milliseconds to seconds for the API
-      const startS = Math.floor(startDateMs / 1000)
-      const endS = Math.floor(endDateMs / 1000)
-
-      const res = await infra.GET('/teams/{teamID}/metrics/max', {
-        params: {
-          path: {
-            teamID: teamId,
-          },
-          query: {
-            start: startS,
-            end: endS,
-            metric,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-        cache: 'no-store',
-      })
-
-      if (!res.response.ok || res.error) {
-        const status = res.response.status
-
-        l.error(
-          {
-            key: 'trpc:sandboxes:get_team_metrics_max:infra_error',
-            error: res.error,
-            team_id: teamId,
-            user_id: session.user.id,
-            context: {
-              status,
-              startDate: startDateMs,
-              endDate: endDateMs,
-              metric,
-            },
-          },
-          `failed to fetch /teams/{teamID}/metrics/max: ${res.error?.message || 'Unknown error'}`
-        )
-
-        throw apiError(status)
-      }
-
-      // since javascript timestamps are in milliseconds, we want to convert the timestamp back to milliseconds
-      const timestampMs = res.data.timestampUnix * 1000
-
-      return {
-        timestamp: timestampMs,
-        value: res.data.value,
-        metric,
-      }
-    }),
-
-  // MUTATIONS
-})
diff --git a/src/server/api/routers/support.ts b/src/server/api/routers/support.ts
deleted file mode 100644
index bee9c215d..000000000
--- a/src/server/api/routers/support.ts
+++ /dev/null
@@ -1,51 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { z } from 'zod'
-import { createTRPCRouter } from '../init'
-import { protectedTeamProcedure } from '../procedures'
-import { supportRepo } from '../repositories/support.repository'
-
-const E2B_API_KEY_REGEX = /e2b_[a-f0-9]{40}/i
-
-const fileSchema = z.object({
-  name: z.string(),
-  type: z.string(),
-  base64: z.string(),
-})
-
-export const supportRouter = createTRPCRouter({
-  contactSupport: protectedTeamProcedure
-    .input(
-      z.object({
-        description: z.string().min(1),
-        files: z.array(fileSchema).max(5).optional(),
-      })
-    )
-    .mutation(async ({ ctx, input }) => {
-      const { teamId, user } = ctx
-      const email = user.email
-
-      if (!email) {
-        throw new Error('Email not found')
-      }
-
-      if (E2B_API_KEY_REGEX.test(input.description)) {
-        throw new TRPCError({
-          code: 'BAD_REQUEST',
-          message:
-            'Your message contains an API key. Please remove it before sending.',
-        })
-      }
-
-      const team = await supportRepo.getTeamSupportData(teamId)
-
-      return supportRepo.createSupportThread({
-        description: input.description,
-        files: input.files,
-        teamId,
-        teamName: team.name,
-        customerEmail: email,
-        accountOwnerEmail: team.email,
-        customerTier: team.tier,
-      })
-    }),
-})
diff --git a/src/server/api/routers/templates.ts b/src/server/api/routers/templates.ts
deleted file mode 100644
index 29a898050..000000000
--- a/src/server/api/routers/templates.ts
+++ /dev/null
@@ -1,377 +0,0 @@
-import { TRPCError } from '@trpc/server'
-import { cacheLife, cacheTag } from 'next/cache'
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { CACHE_TAGS } from '@/configs/cache'
-import { USE_MOCK_DATA } from '@/configs/flags'
-import {
-  MOCK_DEFAULT_TEMPLATES_DATA,
-  MOCK_TEMPLATES_DATA,
-} from '@/configs/mock-data'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import type { DefaultTemplate } from '@/types/api.types'
-import { apiError } from '../errors'
-import { createTRPCRouter } from '../init'
-import { protectedProcedure, protectedTeamProcedure } from '../procedures'
-
-export const templatesRouter = createTRPCRouter({
-  // QUERIES
-
-  getTemplates: protectedTeamProcedure.query(async ({ ctx }) => {
-    const { session, teamId } = ctx
-
-    if (USE_MOCK_DATA) {
-      await new Promise((resolve) => setTimeout(resolve, 500))
-      return {
-        templates: MOCK_TEMPLATES_DATA,
-      }
-    }
-
-    const res = await infra.GET('/templates', {
-      params: {
-        query: {
-          teamID: teamId,
-        },
-      },
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-      },
-    })
-
-    if (!res.response.ok || res.error) {
-      const status = res.response.status
-
-      l.error(
-        {
-          key: 'trpc:templates:get_team_templates:infra_error',
-          error: res.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            status,
-          },
-        },
-        `failed to fetch /templates: ${res.error?.message || 'Unknown error'}`
-      )
-
-      throw apiError(status)
-    }
-
-    return {
-      templates: res.data,
-    }
-  }),
-
-  getDefaultTemplatesCached: protectedProcedure.query(async () => {
-    return getDefaultTemplatesCached()
-  }),
-
-  // MUTATIONS
-
-  deleteTemplate: protectedTeamProcedure
-    .input(
-      z.object({
-        templateId: z.string(),
-      })
-    )
-    .mutation(async ({ ctx, input }) => {
-      const { session, teamId } = ctx
-      const { templateId } = input
-
-      const res = await infra.DELETE('/templates/{templateID}', {
-        params: {
-          path: {
-            templateID: templateId,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      })
-
-      if (!res.response.ok || res.error) {
-        const status = res.response.status
-
-        l.error(
-          {
-            key: 'trpc:templates:delete_template:infra_error',
-            error: res.error,
-            user_id: session.user.id,
-            team_id: teamId,
-            template_id: templateId,
-            context: {
-              status,
-            },
-          },
-          `failed to delete /templates/{templateID}: ${res.error?.message || 'Unknown error'}`
-        )
-
-        if (status === 404) {
-          throw new TRPCError({
-            code: 'NOT_FOUND',
-            message: 'Template not found',
-          })
-        }
-
-        if (
-          status === 400 &&
-          res.error?.message?.includes(
-            'because there are paused sandboxes using it'
-          )
-        ) {
-          throw new TRPCError({
-            code: 'BAD_REQUEST',
-            message:
-              'Cannot delete template because there are paused sandboxes using it',
-          })
-        }
-
-        throw apiError(status)
-      }
-
-      return { success: true }
-    }),
-
-  updateTemplate: protectedTeamProcedure
-    .input(
-      z.object({
-        templateId: z.string(),
-        public: z.boolean(),
-      })
-    )
-    .mutation(async ({ ctx, input }) => {
-      const { session, teamId } = ctx
-      const { templateId, public: isPublic } = input
-
-      const res = await infra.PATCH('/v2/templates/{templateID}', {
-        body: {
-          public: isPublic,
-        },
-        params: {
-          path: {
-            templateID: templateId,
-          },
-        },
-        headers: {
-          ...SUPABASE_AUTH_HEADERS(session.access_token, teamId),
-        },
-      })
-
-      if (!res.response.ok || res.error) {
-        const status = res.response.status
-
-        l.error(
-          {
-            key: 'trpc:templates:update_template:infra_error',
-            error: res.error,
-            user_id: session.user.id,
-            team_id: teamId,
-            template_id: templateId,
-            context: {
-              status,
-            },
-          },
-          `failed to patch /v2/templates/{templateID}: ${res.error?.message || 'Unknown error'}`
-        )
-
-        if (status === 404) {
-          throw new TRPCError({
-            code: 'NOT_FOUND',
-            message: 'Template not found',
-          })
-        }
-
-        throw apiError(status)
-      }
-
-      return { success: true, public: isPublic }
-    }),
-})
-
-async function getDefaultTemplatesCached() {
-  'use cache: remote'
-  cacheTag(CACHE_TAGS.DEFAULT_TEMPLATES)
-  cacheLife('hours')
-
-  if (USE_MOCK_DATA) {
-    await new Promise((resolve) => setTimeout(resolve, 500))
-    return {
-      templates: MOCK_DEFAULT_TEMPLATES_DATA,
-    }
-  }
-
-  const { data: defaultEnvs, error: defaultEnvsError } = await supabaseAdmin
-    .from('env_defaults')
-    .select('*')
-
-  if (defaultEnvsError) {
-    throw defaultEnvsError
-  }
-
-  if (!defaultEnvs || defaultEnvs.length === 0) {
-    return {
-      templates: [],
-    }
-  }
-
-  const envIds = defaultEnvs.map((env) => env.env_id)
-
-  const { data: envs, error: envsError } = await supabaseAdmin
-    .from('envs')
-    .select(
-      `
-        id,
-        created_at,
-        updated_at,
-        public,
-        build_count,
-        spawn_count,
-        last_spawned_at,
-        created_by
-      `
-    )
-    .in('id', envIds)
-
-  if (envsError) {
-    throw envsError
-  }
-
-  const templates: DefaultTemplate[] = []
-
-  for (const env of envs) {
-    const { data: latestAssignment, error: latestAssignmentError } =
-      await supabaseAdmin
-        .from('env_build_assignments')
-        .select('build_id, env_id, env_builds!inner(status)')
-        .eq('env_id', env.id)
-        .eq('env_builds.status', 'uploaded')
-        .order('created_at', { ascending: false, nullsFirst: false })
-        .order('id', { ascending: false })
-        .limit(1)
-        .maybeSingle()
-
-    if (latestAssignmentError) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_build_assignments_supabase_error',
-          error: latestAssignmentError,
-          template_id: env.id,
-        },
-        `Failed to query latest uploaded template build assignment: ${latestAssignmentError.message || 'Unknown error'}`
-      )
-      continue
-    }
-
-    if (!latestAssignment) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_build_assignments_missing_latest',
-          template_id: env.id,
-        },
-        `Failed to get latest uploaded template build assignment: assignment not found`
-      )
-      continue
-    }
-    const latestBuildId = latestAssignment.build_id
-
-    const { data: latestBuild, error: buildError } = await supabaseAdmin
-      .from('env_builds')
-      .select('id, env_id, ram_mb, vcpu, total_disk_size_mb, envd_version')
-      .eq('id', latestBuildId)
-      .single()
-
-    if (buildError) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_builds_supabase_error',
-          error: buildError,
-          template_id: env.id,
-          build_id: latestBuildId,
-        },
-        `Failed to get template builds: ${buildError.message || 'Unknown error'}`
-      )
-      continue
-    }
-
-    if (latestAssignment.env_id !== env.id) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_build_assignment_mismatch',
-          template_id: env.id,
-          build_id: latestBuildId,
-          assignment_env_id: latestAssignment.env_id,
-        },
-        'Build assignment env_id mismatch with template env_id'
-      )
-      continue
-    }
-
-    const { data: aliases, error: aliasesError } = await supabaseAdmin
-      .from('env_aliases')
-      .select('alias, namespace')
-      .eq('env_id', env.id)
-
-    if (aliasesError) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_aliases_supabase_error',
-          error: aliasesError,
-          template_id: env.id,
-        },
-        `Failed to get template aliases: ${aliasesError.message || 'Unknown error'}`
-      )
-      continue
-    }
-
-    const diskSizeMB = latestBuild.total_disk_size_mb
-    const envdVersion = latestBuild.envd_version
-
-    if (
-      diskSizeMB == null ||
-      diskSizeMB <= 0 ||
-      envdVersion == null ||
-      envdVersion.trim().length === 0
-    ) {
-      l.error(
-        {
-          key: 'trpc:templates:get_default_templates:env_builds_missing_values',
-          template_id: env.id,
-        },
-        `Template build missing required values: total_disk_size_mb or envd_version`
-      )
-      continue
-    }
-
-    templates.push({
-      templateID: env.id,
-      buildID: latestBuild.id,
-      cpuCount: latestBuild.vcpu,
-      memoryMB: latestBuild.ram_mb,
-      diskSizeMB,
-      envdVersion,
-      public: env.public,
-      aliases: aliases.map((a) => a.alias),
-      names: aliases.map((a) => {
-        if (a.namespace && a.namespace.length > 0) {
-          return `${a.namespace}/${a.alias}`
-        }
-        return a.alias
-      }),
-      createdAt: env.created_at,
-      updatedAt: env.updated_at,
-      createdBy: null,
-      lastSpawnedAt: env.last_spawned_at ?? env.created_at,
-      spawnCount: env.spawn_count,
-      buildCount: env.build_count,
-      isDefault: true,
-      defaultDescription:
-        defaultEnvs.find((e) => e.env_id === env.id)?.description ?? undefined,
-    })
-  }
-
-  return {
-    templates: templates,
-  }
-}
diff --git a/src/server/auth/check-user-team-auth-cached.ts b/src/server/auth/check-user-team-auth-cached.ts
deleted file mode 100644
index 9d088f5c5..000000000
--- a/src/server/auth/check-user-team-auth-cached.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-import 'server-only'
-
-import { cacheTag } from 'next/cache'
-import { serializeError } from 'serialize-error'
-import { CACHE_TAGS } from '@/configs/cache'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-
-export async function checkUserTeamAuth(userId: string, teamId: string) {
-  const { data: userTeamsRelationData, error: userTeamsRelationError } =
-    await supabaseAdmin
-      .from('users_teams')
-      .select('*')
-      .eq('user_id', userId)
-      .eq('team_id', teamId)
-
-  if (userTeamsRelationError) {
-    l.error(
-      {
-        key: 'check_user_team_authorization:failed_to_fetch_users_teams_relation',
-        error: serializeError(userTeamsRelationError),
-        context: {
-          userId,
-          teamId,
-        },
-      },
-      `Failed to fetch users_teams relation (user: ${userId}, team: ${teamId})`
-    )
-
-    return false
-  }
-
-  return !!userTeamsRelationData.length
-}
-
-/*
- *  This function checks if a user is authorized to access a team.
- *  If the user is not authorized, it returns false.
- */
-export default async function checkUserTeamAuthCached(
-  userId: string,
-  teamId: string
-) {
-  'use cache'
-  cacheTag(CACHE_TAGS.USER_TEAM_AUTHORIZATION(userId, teamId))
-
-  return checkUserTeamAuth(userId, teamId)
-}
diff --git a/src/server/auth/get-default-team.ts b/src/server/auth/get-default-team.ts
deleted file mode 100644
index f3820d68f..000000000
--- a/src/server/auth/get-default-team.ts
+++ /dev/null
@@ -1,55 +0,0 @@
-import 'server-cli-only'
-
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-
-export async function getDefaultTeamRelation(userId: string) {
-  const { data, error } = await supabaseAdmin
-    .from('users_teams')
-    .select('*')
-    .eq('user_id', userId)
-    .eq('is_default', true)
-
-  if (error || data.length === 0) {
-    l.error({
-      key: 'get_default_team_relation:error',
-      error: serializeError(error),
-      user_id: userId,
-    })
-
-    throw new Error('No default team found')
-  }
-
-  return data[0]!
-}
-
-export async function getDefaultTeam(userId: string) {
-  const { data, error } = await supabaseAdmin
-    .from('users_teams')
-    .select(
-      `
-      team_id,
-      teams (
-        id,
-        name,
-        slug
-      )
-    `
-    )
-    .eq('user_id', userId)
-    .eq('is_default', true)
-    .single()
-
-  if (error || !data) {
-    l.error({
-      key: 'GET_DEFAULT_TEAM:ERROR',
-      message: error?.message,
-      error: serializeError(error),
-      user_id: userId,
-    })
-    throw new Error('No default team found')
-  }
-
-  return data.teams
-}
diff --git a/src/server/keys/get-api-keys.ts b/src/server/keys/get-api-keys.ts
deleted file mode 100644
index 14b519152..000000000
--- a/src/server/keys/get-api-keys.ts
+++ /dev/null
@@ -1,53 +0,0 @@
-import 'server-only'
-
-import { cacheLife, cacheTag } from 'next/cache'
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { CACHE_TAGS } from '@/configs/cache'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { handleDefaultInfraError } from '@/lib/utils/action'
-
-const GetApiKeysSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getTeamApiKeys = authActionClient
-  .schema(GetApiKeysSchema)
-  .metadata({ serverFunctionName: 'getTeamApiKeys' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx, parsedInput }) => {
-    'use cache'
-    cacheLife('default')
-    cacheTag(CACHE_TAGS.TEAM_API_KEYS(parsedInput.teamIdOrSlug))
-
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-
-    const res = await infra.GET('/api-keys', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-    })
-
-    if (res.error) {
-      const status = res.response.status
-
-      l.error({
-        key: 'get_team_api_keys:error',
-        error: res.error,
-        team_id: teamId,
-        user_id: session.user.id,
-        context: {
-          status,
-        },
-      })
-
-      return handleDefaultInfraError(status)
-    }
-
-    return { apiKeys: res.data }
-  })
diff --git a/src/server/keys/key-actions.ts b/src/server/keys/key-actions.ts
deleted file mode 100644
index d5c410feb..000000000
--- a/src/server/keys/key-actions.ts
+++ /dev/null
@@ -1,111 +0,0 @@
-'use server'
-
-import { revalidatePath, updateTag } from 'next/cache'
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { CACHE_TAGS } from '@/configs/cache'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
-
-// Create API Key
-
-const CreateApiKeySchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-  name: z
-    .string({ error: 'Name is required' })
-    .min(1, 'Name cannot be empty')
-    .max(50, 'Name cannot be longer than 50 characters')
-    .trim(),
-})
-
-export const createApiKeyAction = authActionClient
-  .schema(CreateApiKeySchema)
-  .metadata({ actionName: 'createApiKey' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { session, teamId } = ctx
-    const { name } = parsedInput
-
-    const accessToken = session.access_token
-
-    const res = await infra.POST('/api-keys', {
-      body: {
-        name,
-      },
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-    })
-
-    if (res.error) {
-      l.error({
-        key: 'create_api_key:error',
-        message: res.error.message,
-        error: res.error,
-        team_id: teamId,
-        user_id: session.user.id,
-        context: {
-          name,
-        },
-      })
-
-      return returnServerError('Failed to create API Key')
-    }
-
-    updateTag(CACHE_TAGS.TEAM_API_KEYS(parsedInput.teamIdOrSlug))
-    revalidatePath(`/dashboard/${parsedInput.teamIdOrSlug}/keys`, 'page')
-
-    return {
-      createdApiKey: res.data,
-    }
-  })
-
-// Delete API Key
-
-const DeleteApiKeySchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-  apiKeyId: z.uuid(),
-})
-
-export const deleteApiKeyAction = authActionClient
-  .schema(DeleteApiKeySchema)
-  .metadata({ actionName: 'deleteApiKey' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { apiKeyId } = parsedInput
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-
-    const res = await infra.DELETE('/api-keys/{apiKeyID}', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-      params: {
-        path: {
-          apiKeyID: apiKeyId,
-        },
-      },
-    })
-
-    if (res.error) {
-      l.error({
-        key: 'delete_api_key_action:error',
-        message: res.error.message,
-        error: res.error,
-        team_id: teamId,
-        user_id: session.user.id,
-        context: {
-          apiKeyId,
-        },
-      })
-
-      return returnServerError('Failed to delete API Key')
-    }
-
-    updateTag(CACHE_TAGS.TEAM_API_KEYS(parsedInput.teamIdOrSlug))
-    revalidatePath(`/dashboard/${parsedInput.teamIdOrSlug}/keys`, 'page')
-  })
diff --git a/src/server/team/get-team-id-from-segment.ts b/src/server/team/get-team-id-from-segment.ts
deleted file mode 100644
index c01a4d1f7..000000000
--- a/src/server/team/get-team-id-from-segment.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-import 'server-only'
-
-import { cacheLife } from 'next/dist/server/use-cache/cache-life'
-import { cacheTag } from 'next/dist/server/use-cache/cache-tag'
-import { serializeError } from 'serialize-error'
-import z from 'zod'
-import { CACHE_TAGS } from '@/configs/cache'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-
-export const getTeamIdFromSegment = async (segment: string) => {
-  'use cache'
-  cacheLife('default')
-  cacheTag(CACHE_TAGS.TEAM_ID_FROM_SEGMENT(segment))
-
-  if (!TeamIdOrSlugSchema.safeParse(segment).success) {
-    l.warn(
-      {
-        key: 'get_team_id_from_segment:invalid_segment',
-        context: {
-          segment,
-        },
-      },
-      'get_team_id_from_segment - invalid segment'
-    )
-
-    return null
-  }
-
-  if (z.uuid().safeParse(segment).success) {
-    // make sure this uuid is a valid teamId and is not it's slug
-    const { data } = await supabaseAdmin
-      .from('teams')
-      .select('id')
-      .not('slug', 'eq', segment)
-      .eq('id', segment)
-
-    if (data?.length) {
-      return data[0]!.id
-    }
-  }
-
-  const { data, error } = await supabaseAdmin
-    .from('teams')
-    .select('id')
-    .eq('slug', segment)
-
-  if (error || !data.length) {
-    l.warn(
-      {
-        key: 'get_team_id_from_segment:failed_to_get_team_id',
-        error: serializeError(error),
-        context: {
-          segment,
-        },
-      },
-      'get_team_id_from_segment - failed to get team id'
-    )
-
-    return null
-  }
-
-  return data[0]!.id
-}
diff --git a/src/server/team/get-team-limits-memo.ts b/src/server/team/get-team-limits-memo.ts
deleted file mode 100644
index 20d2ee6a8..000000000
--- a/src/server/team/get-team-limits-memo.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-import 'server-cli-only'
-
-import { cache } from 'react'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import type { TeamLimits } from './get-team-limits'
-
-/**
- * Internal function to fetch team limits from the database
- */
-async function _getTeamLimits(
-  teamId: string,
-  userId: string
-): Promise<TeamLimits | null> {
-  try {
-    const { data: teamData, error: teamError } = await supabaseAdmin
-      .from('team_limits')
-      .select('*')
-      .eq('id', teamId)
-      .single()
-
-    if (teamError) {
-      l.error({
-        key: 'get_team_limits_memo:team_query_error',
-        message: teamError.message,
-        error: serializeError(teamError),
-        team_id: teamId,
-        user_id: userId,
-      })
-      return null
-    }
-
-    if (!teamData) {
-      l.error({
-        key: 'get_team_limits_memo:no_team_data',
-        message: 'No data found for team',
-        team_id: teamId,
-        user_id: userId,
-      })
-      return null
-    }
-
-    return {
-      concurrentInstances: teamData.concurrent_sandboxes || 0,
-      diskMb: teamData.disk_mb || 0,
-      maxLengthHours: teamData.max_length_hours || 0,
-      maxRamMb: teamData.max_ram_mb || 0,
-      maxVcpu: teamData.max_vcpu || 0,
-    }
-  } catch (error) {
-    l.error({
-      key: 'get_team_limits_memo:unexpected_error',
-      message: 'Unexpected error fetching team limits',
-      error: serializeError(error),
-      team_id: teamId,
-      user_id: userId,
-    })
-    return null
-  }
-}
-
-const getTeamLimitsMemo = cache(_getTeamLimits)
-
-export default getTeamLimitsMemo
diff --git a/src/server/team/get-team-limits.ts b/src/server/team/get-team-limits.ts
deleted file mode 100644
index 1e70b6b91..000000000
--- a/src/server/team/get-team-limits.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-import 'server-only'
-
-import { z } from 'zod'
-import { USE_MOCK_DATA } from '@/configs/flags'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
-import getTeamLimitsMemo from './get-team-limits-memo'
-
-export interface TeamLimits {
-  concurrentInstances: number
-  diskMb: number
-  maxLengthHours: number
-  maxRamMb: number
-  maxVcpu: number
-}
-
-const MOCK_TIER_LIMITS: TeamLimits = {
-  concurrentInstances: 100_000,
-  diskMb: 102400,
-  maxLengthHours: 24,
-  maxRamMb: 65536,
-  maxVcpu: 32,
-}
-
-const GetTeamLimitsSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getTeamLimits = authActionClient
-  .schema(GetTeamLimitsSchema)
-  .metadata({ serverFunctionName: 'getTeamLimits' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx }) => {
-    const { user, teamId } = ctx
-
-    if (USE_MOCK_DATA) {
-      return MOCK_TIER_LIMITS
-    }
-
-    const tierLimits = await getTeamLimitsMemo(teamId, user.id)
-
-    if (!tierLimits) {
-      return returnServerError('Failed to fetch team limits')
-    }
-
-    return tierLimits
-  })
diff --git a/src/server/team/get-team-members.ts b/src/server/team/get-team-members.ts
deleted file mode 100644
index b0b7270db..000000000
--- a/src/server/team/get-team-members.ts
+++ /dev/null
@@ -1,57 +0,0 @@
-import 'server-only'
-
-import type { User } from '@supabase/supabase-js'
-import { z } from 'zod'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import type { TeamMemberInfo } from './types'
-
-const GetTeamMembersSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getTeamMembers = authActionClient
-  .schema(GetTeamMembersSchema)
-  .metadata({ serverFunctionName: 'getTeamMembers' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx }) => {
-    const { teamId } = ctx
-
-    const { data, error } = await supabaseAdmin
-      .from('users_teams')
-      .select('*')
-      .eq('team_id', teamId)
-
-    if (error) {
-      throw error
-    }
-
-    if (!data) {
-      return []
-    }
-
-    const userResponses = await Promise.all(
-      data.map(
-        async (userTeam) =>
-          (await supabaseAdmin.auth.admin.getUserById(userTeam.user_id)).data
-            .user
-      )
-    )
-
-    return userResponses
-      .filter((user) => user !== null)
-      .map((user) => ({
-        info: memberDTO(user),
-        relation: data.find((userTeam) => userTeam.user_id === user.id)!,
-      }))
-  })
-
-function memberDTO(user: User): TeamMemberInfo {
-  return {
-    id: user.id,
-    email: user.email!,
-    name: user.user_metadata?.name,
-    avatar_url: user.user_metadata?.avatar_url,
-  }
-}
diff --git a/src/server/team/get-team-memo.ts b/src/server/team/get-team-memo.ts
deleted file mode 100644
index f5a4c079c..000000000
--- a/src/server/team/get-team-memo.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-import { cache } from 'react'
-import { getTeamPure } from './get-team-pure'
-
-export default cache(getTeamPure)
diff --git a/src/server/team/get-team-pure.ts b/src/server/team/get-team-pure.ts
deleted file mode 100644
index cb28d7859..000000000
--- a/src/server/team/get-team-pure.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-import 'server-cli-only'
-
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { returnServerError } from '@/lib/utils/action'
-import type { ClientTeam } from '@/types/dashboard.types'
-
-export const getTeamPure = async (userId: string, teamId: string) => {
-  const { data: userTeamsRelationData, error: userTeamsRelationError } =
-    await supabaseAdmin
-      .from('users_teams')
-      .select('*')
-      .eq('user_id', userId)
-      .eq('team_id', teamId)
-
-  if (userTeamsRelationError) {
-    throw userTeamsRelationError
-  }
-
-  if (!userTeamsRelationData || userTeamsRelationData.length === 0) {
-    return returnServerError('User is not authorized to view this team')
-  }
-
-  const relation = userTeamsRelationData[0]!
-
-  const { data: team, error: teamError } = await supabaseAdmin
-    .from('teams')
-    .select('*')
-    .eq('id', teamId)
-    .single()
-
-  if (teamError) {
-    throw teamError
-  }
-
-  const ClientTeam: ClientTeam = {
-    ...team,
-    is_default: relation.is_default,
-  }
-
-  return ClientTeam
-}
diff --git a/src/server/team/get-team.ts b/src/server/team/get-team.ts
deleted file mode 100644
index a16e453bf..000000000
--- a/src/server/team/get-team.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-import 'server-cli-only'
-
-import { z } from 'zod'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
-import getTeamMemo from './get-team-memo'
-import getUserTeamsMemo from './get-user-teams-memo'
-
-const GetTeamSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getTeam = authActionClient
-  .schema(GetTeamSchema)
-  .metadata({ serverFunctionName: 'getTeam' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx }) => {
-    const { teamId, user } = ctx
-
-    const team = await getTeamMemo(user.id, teamId)
-
-    return team
-  })
-
-export const getUserTeams = authActionClient
-  .metadata({ serverFunctionName: 'getUserTeams' })
-  .action(async ({ ctx }) => {
-    const { user } = ctx
-
-    const teams = await getUserTeamsMemo(user)
-
-    if (!teams || teams.length === 0) {
-      return returnServerError('No teams found.')
-    }
-
-    return teams
-  })
diff --git a/src/server/team/get-user-teams-memo.ts b/src/server/team/get-user-teams-memo.ts
deleted file mode 100644
index b92ddb875..000000000
--- a/src/server/team/get-user-teams-memo.ts
+++ /dev/null
@@ -1,10 +0,0 @@
-import 'server-cli-only'
-
-import type { User } from '@supabase/supabase-js'
-import { cache } from 'react'
-
-import { getUserTeams } from './get-user-teams'
-
-const getUserTeamsMemo = cache((user: User) => getUserTeams(user))
-
-export default getUserTeamsMemo
diff --git a/src/server/team/get-user-teams.ts b/src/server/team/get-user-teams.ts
deleted file mode 100644
index 2aa93c51a..000000000
--- a/src/server/team/get-user-teams.ts
+++ /dev/null
@@ -1,100 +0,0 @@
-import 'server-cli-only'
-
-import type { User } from '@supabase/supabase-js'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import type { ClientTeam } from '@/types/dashboard.types'
-
-export async function getUserTeams(user: User): Promise<ClientTeam[]> {
-  const { data: usersTeamsData, error } = await supabaseAdmin
-    .from('users_teams')
-    .select('*, teams (*)')
-    .eq('user_id', user.id)
-
-  if (error) {
-    throw error
-  }
-
-  if (!usersTeamsData || usersTeamsData.length === 0) {
-    return []
-  }
-
-  const teamIds = usersTeamsData.map((userTeam) => userTeam.teams.id)
-
-  try {
-    const { data: allConnectedDefaultTeamRelations, error: relationsError } =
-      await supabaseAdmin
-        .from('users_teams')
-        .select('team_id, user_id, is_default')
-        .in('team_id', teamIds)
-        .eq('is_default', true)
-
-    if (relationsError) {
-      throw relationsError
-    }
-
-    const defaultUserIds = new Set(
-      allConnectedDefaultTeamRelations?.map((r) => r.user_id) ?? []
-    )
-
-    const { data: defaultTeamAuthUsers, error: authUsersError } =
-      await supabaseAdmin
-        .from('auth_users')
-        .select('id, email')
-        .in('id', Array.from(defaultUserIds))
-
-    if (authUsersError) {
-      l.error({
-        key: 'get_usr_teams:supabase_error',
-        message: authUsersError.message,
-        error: serializeError(authUsersError),
-        user_id: user.id,
-      })
-    }
-
-    const userEmailMap = new Map(
-      defaultTeamAuthUsers?.map((u) => [u.id, u.email]) ?? []
-    )
-
-    return usersTeamsData.map((userTeam) => {
-      const team = userTeam.teams
-      const defaultTeamRelation = allConnectedDefaultTeamRelations?.find(
-        (relation) => relation.team_id === team.id
-      )
-
-      let transformedDefaultName: string | undefined
-
-      if (
-        defaultTeamRelation &&
-        team.name === userEmailMap.get(defaultTeamRelation.user_id)
-      ) {
-        const [username] = team.name.split('@')
-        if (username) {
-          transformedDefaultName =
-            username.charAt(0).toUpperCase() + username.slice(1) + "'s Team"
-        }
-      }
-
-      return {
-        ...team,
-        is_default: userTeam.is_default,
-        transformed_default_name: transformedDefaultName,
-      }
-    })
-  } catch (err) {
-    l.error({
-      key: 'get_user_teams:unexpected_error',
-      error: serializeError(err),
-      user_id: user.id,
-      context: {
-        usersTeamsData,
-      },
-    })
-
-    return usersTeamsData.map((userTeam) => ({
-      ...userTeam.teams,
-      is_default: userTeam.is_default,
-    }))
-  }
-}
diff --git a/src/server/team/resolve-user-team.ts b/src/server/team/resolve-user-team.ts
deleted file mode 100644
index edb5fcd03..000000000
--- a/src/server/team/resolve-user-team.ts
+++ /dev/null
@@ -1,104 +0,0 @@
-import 'server-only'
-
-import { cookies } from 'next/headers'
-import { serializeError } from 'serialize-error'
-import { COOKIE_KEYS } from '@/configs/cookies'
-import { l } from '@/lib/clients/logger/logger'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { checkUserTeamAuth } from '../auth/check-user-team-auth-cached'
-import type { ResolvedTeam } from './types'
-
-/**
- * Resolves team ID and slug for a user using this priority:
- * 1. Cookie values (if exist and user is authorized)
- * 2. Database default team
- * 3. Database first team
- *
- * This function centralizes all team resolution logic used across route handlers.
- *
- * @param userId - The user ID to resolve team for
- * @returns ResolvedTeam with team ID and slug, or null if no team found
- */
-export async function resolveUserTeam(
-  userId: string
-): Promise<ResolvedTeam | null> {
-  const cookieStore = await cookies()
-
-  // Try to get team from cookies first
-  const cookieTeamId = cookieStore.get(COOKIE_KEYS.SELECTED_TEAM_ID)?.value
-  const cookieTeamSlug = cookieStore.get(COOKIE_KEYS.SELECTED_TEAM_SLUG)?.value
-
-  // If we have cookies, check if the user is authorized to access the team
-  if (cookieTeamId && cookieTeamSlug) {
-    const isAuthorized = await checkUserTeamAuth(userId, cookieTeamId)
-
-    if (isAuthorized) {
-      return {
-        id: cookieTeamId,
-        slug: cookieTeamSlug,
-      }
-    }
-  }
-
-  // No valid cookies, query database for user's teams
-  const { data: teamsData, error } = await supabaseAdmin
-    .from('users_teams')
-    .select(
-      `
-      team_id,
-      is_default,
-      team:teams(
-        id,
-        slug
-      )
-    `
-    )
-    .eq('user_id', userId)
-
-  if (error) {
-    l.error(
-      {
-        key: 'resolve_user_team:db_error',
-        userId,
-        error: serializeError(error),
-      },
-      'Failed to query user teams'
-    )
-    return null
-  }
-
-  if (!teamsData || teamsData.length === 0) {
-    return null
-  }
-
-  // Try to get default team first
-  const defaultTeam = teamsData.find((t) => t.is_default)
-
-  if (defaultTeam?.team) {
-    return {
-      id: defaultTeam.team_id,
-      slug: defaultTeam.team.slug || defaultTeam.team_id,
-    }
-  }
-
-  // Fallback to first team
-  const firstTeam = teamsData[0]!
-
-  if (firstTeam?.team) {
-    return {
-      id: firstTeam.team_id,
-      slug: firstTeam.team.slug || firstTeam.team_id,
-    }
-  }
-
-  l.error(
-    {
-      key: 'resolve_user_team:malformed_data',
-      userId,
-      teamsData,
-    },
-    'Teams data exists but malformed (no team relation)'
-  )
-
-  return null
-}
diff --git a/src/server/team/team-actions.ts b/src/server/team/team-actions.ts
deleted file mode 100644
index 677010ced..000000000
--- a/src/server/team/team-actions.ts
+++ /dev/null
@@ -1,309 +0,0 @@
-'use server'
-
-import { fileTypeFromBuffer } from 'file-type'
-import { revalidatePath, revalidateTag } from 'next/cache'
-import { after } from 'next/server'
-import { returnValidationErrors } from 'next-safe-action'
-import { serializeError } from 'serialize-error'
-import { z } from 'zod'
-import { zfd } from 'zod-form-data'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { CACHE_TAGS } from '@/configs/cache'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { l } from '@/lib/clients/logger/logger'
-import { deleteFile, getFiles, uploadFile } from '@/lib/clients/storage'
-import { supabaseAdmin } from '@/lib/clients/supabase/admin'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { handleDefaultInfraError, returnServerError } from '@/lib/utils/action'
-import { CreateTeamSchema, UpdateTeamNameSchema } from '@/server/team/types'
-import type { CreateTeamsResponse } from '@/types/billing.types'
-
-export const updateTeamNameAction = authActionClient
-  .schema(UpdateTeamNameSchema)
-  .metadata({ actionName: 'updateTeamName' })
-
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { name, teamIdOrSlug } = parsedInput
-    const { teamId } = ctx
-
-    const { data, error } = await supabaseAdmin
-      .from('teams')
-      .update({ name })
-      .eq('id', teamId)
-      .select()
-      .single()
-
-    if (error) {
-      return returnServerError(`Failed to update team name: ${error.message}`)
-    }
-
-    revalidatePath(`/dashboard/${teamIdOrSlug}/general`, 'page')
-
-    return data
-  })
-
-const AddTeamMemberSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-  email: z.email(),
-})
-
-export const addTeamMemberAction = authActionClient
-  .schema(AddTeamMemberSchema)
-  .metadata({ actionName: 'addTeamMember' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { email, teamIdOrSlug } = parsedInput
-    const { teamId, user } = ctx
-
-    const { data: existingUsers, error: userError } = await supabaseAdmin
-      .from('auth_users')
-      .select('*')
-      .eq('email', email)
-
-    if (userError) {
-      return returnServerError(`Error finding user: ${userError.message}`)
-    }
-
-    const existingUser = existingUsers?.[0]
-
-    if (!existingUser || !existingUser.id) {
-      return returnServerError(
-        'User with this email address does not exist. Please ask them to sign up first and try again.'
-      )
-    }
-
-    const { data: existingTeamMember } = await supabaseAdmin
-      .from('users_teams')
-      .select('*')
-      .eq('team_id', teamId)
-      .eq('user_id', existingUser.id)
-      .single()
-
-    if (existingTeamMember) {
-      return returnServerError('User is already a member of this team')
-    }
-
-    const { error: insertError } = await supabaseAdmin
-      .from('users_teams')
-      .insert({
-        team_id: teamId,
-        user_id: existingUser.id,
-        added_by: user.id,
-      })
-
-    if (insertError) {
-      return returnServerError(
-        `Failed to add team member: ${insertError.message}`
-      )
-    }
-
-    revalidateTag(CACHE_TAGS.USER_TEAM_AUTHORIZATION(existingUser.id, teamId), {
-      expire: 0,
-    })
-    revalidatePath(`/dashboard/${teamIdOrSlug}/general`, 'page')
-  })
-
-const RemoveTeamMemberSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-  userId: z.uuid(),
-})
-
-export const removeTeamMemberAction = authActionClient
-  .schema(RemoveTeamMemberSchema)
-  .metadata({ actionName: 'removeTeamMember' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { userId, teamIdOrSlug } = parsedInput
-    const { teamId, user } = ctx
-
-    const { data: teamMemberData, error: teamMemberError } = await supabaseAdmin
-      .from('users_teams')
-      .select('*')
-      .eq('team_id', teamId)
-      .eq('user_id', userId)
-
-    if (teamMemberError || !teamMemberData || teamMemberData.length === 0) {
-      return returnServerError('User is not a member of this team')
-    }
-
-    const teamMember = teamMemberData[0]!
-
-    if (teamMember.user_id !== user.id && teamMember.is_default) {
-      return returnServerError('Cannot remove a default team member')
-    }
-
-    const { count, error: countError } = await supabaseAdmin
-      .from('users_teams')
-      .select('*', { count: 'exact', head: true })
-      .eq('team_id', teamId)
-
-    if (countError) {
-      return returnServerError(
-        `Error checking team members: ${countError.message}`
-      )
-    }
-
-    if (count === 1) {
-      return returnServerError('Cannot remove the last team member')
-    }
-
-    const { error: removeError } = await supabaseAdmin
-      .from('users_teams')
-      .delete()
-      .eq('team_id', teamId)
-      .eq('user_id', userId)
-
-    if (removeError) {
-      throw removeError
-    }
-
-    revalidateTag(CACHE_TAGS.USER_TEAM_AUTHORIZATION(userId, teamId), {
-      expire: 0,
-    })
-    revalidatePath(`/dashboard/${teamIdOrSlug}/general`, 'page')
-  })
-
-export const createTeamAction = authActionClient
-  .schema(CreateTeamSchema)
-  .metadata({ actionName: 'createTeam' })
-  .action(async ({ parsedInput, ctx }) => {
-    const { name } = parsedInput
-    const { session } = ctx
-
-    const response = await fetch(`${process.env.BILLING_API_URL}/teams`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        ...SUPABASE_AUTH_HEADERS(session.access_token),
-      },
-      body: JSON.stringify({ name }),
-    })
-
-    if (!response.ok) {
-      const status = response.status
-      const error = await response.json()
-
-      if (status === 400) {
-        return returnServerError(error?.message ?? 'Failed to create team')
-      }
-
-      return handleDefaultInfraError(status)
-    }
-
-    const data = (await response.json()) as CreateTeamsResponse
-
-    return data
-  })
-
-const UploadTeamProfilePictureSchema = zfd.formData(
-  z.object({
-    teamIdOrSlug: zfd.text(),
-    image: zfd.file(),
-  })
-)
-
-export const uploadTeamProfilePictureAction = authActionClient
-  .schema(UploadTeamProfilePictureSchema)
-  .metadata({ actionName: 'uploadTeamProfilePicture' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { image, teamIdOrSlug } = parsedInput
-    const { teamId } = ctx
-
-    const allowedTypes = ['image/jpeg', 'image/png']
-
-    if (!allowedTypes.includes(image.type)) {
-      return returnValidationErrors(UploadTeamProfilePictureSchema, {
-        image: { _errors: ['File must be JPG or PNG format'] },
-      })
-    }
-
-    const MAX_FILE_SIZE = 5 * 1024 * 1024 // 5MB in bytes
-
-    if (image.size > MAX_FILE_SIZE) {
-      return returnValidationErrors(UploadTeamProfilePictureSchema, {
-        image: { _errors: ['File size must be less than 5MB'] },
-      })
-    }
-
-    const arrayBuffer = await image.arrayBuffer()
-    const buffer = Buffer.from(arrayBuffer)
-
-    // Verify actual file type using magic bytes (file signature)
-    const fileType = await fileTypeFromBuffer(buffer)
-
-    if (!fileType) {
-      return returnValidationErrors(UploadTeamProfilePictureSchema, {
-        image: { _errors: ['Unable to determine file type'] },
-      })
-    }
-
-    const allowedMimeTypes = ['image/jpeg', 'image/png']
-    if (!allowedMimeTypes.includes(fileType.mime)) {
-      return returnValidationErrors(UploadTeamProfilePictureSchema, {
-        image: {
-          _errors: [
-            'Invalid file type. Only JPEG and PNG images are allowed. File appears to be: ' +
-              fileType.mime,
-          ],
-        },
-      })
-    }
-
-    // Use the actual detected extension from file-type
-    const extension = fileType.ext
-    const fileName = `${Date.now()}.${extension}`
-    const filePath = `teams/${teamId}/${fileName}`
-
-    // Upload file to Supabase Storage
-    const publicUrl = await uploadFile(buffer, filePath, fileType.mime)
-
-    // Update team record with new profile picture URL
-    const { data, error } = await supabaseAdmin
-      .from('teams')
-      .update({ profile_picture_url: publicUrl })
-      .eq('id', teamId)
-      .select()
-      .single()
-
-    if (error) {
-      throw new Error(error.message)
-    }
-
-    // Clean up old profile pictures asynchronously in the background
-    after(async () => {
-      try {
-        // Get the current file name from the path
-        const currentFileName = fileName
-
-        // List all files in the team's folder from Supabase Storage
-        const folderPath = `teams/${teamId}`
-        const files = await getFiles(folderPath)
-
-        // Delete all old profile pictures except the one we just uploaded
-        for (const file of files) {
-          const filePath = file.name
-          // Skip the file we just uploaded
-          if (filePath === `${folderPath}/${currentFileName}`) {
-            continue
-          }
-
-          await deleteFile(filePath)
-        }
-      } catch (cleanupError) {
-        l.warn({
-          key: 'upload_team_profile_picture_action:cleanup_error',
-          error: serializeError(cleanupError),
-          team_id: teamId,
-          context: {
-            image: image.name,
-          },
-        })
-      }
-    })
-
-    revalidatePath(`/dashboard/${teamIdOrSlug}/general`, 'page')
-
-    return data
-  })
diff --git a/src/server/team/types.ts b/src/server/team/types.ts
deleted file mode 100644
index da7e90574..000000000
--- a/src/server/team/types.ts
+++ /dev/null
@@ -1,51 +0,0 @@
-import { z } from 'zod'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import type { Database } from '@/types/database.types'
-
-export type TeamMemberInfo = {
-  id: string
-  email: string
-  name: string
-  avatar_url: string
-}
-
-export type TeamMember = {
-  info: TeamMemberInfo
-  relation: Database['public']['Tables']['users_teams']['Row']
-}
-
-/**
- * Valid: "Team 1", "DevOps2023", "Engineering Team", "Dev-Ops", "Team_Name", "Team.Name"
- * Invalid: empty strings, "Team@Work", "Team--Name", names > 32 chars
- */
-export const TeamNameSchema = z
-  .string()
-  .trim()
-  .min(1, { message: 'Team name cannot be empty' })
-  .max(32, { message: 'Team name cannot be longer than 32 characters' })
-  .regex(/^[a-zA-Z0-9]+(?:[ _.-][a-zA-Z0-9]+)*$/, {
-    message:
-      'Names can only contain letters and numbers, separated by spaces, underscores, hyphens, or dots',
-  })
-
-// Shared schemas
-
-const UpdateTeamNameSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-  name: TeamNameSchema,
-})
-
-const CreateTeamSchema = z.object({
-  name: TeamNameSchema,
-})
-
-export { CreateTeamSchema, UpdateTeamNameSchema }
-
-/**
- * The result of resolving a team for a user.
- * Contains the team ID, slug.
- */
-export interface ResolvedTeam {
-  id: string
-  slug: string
-}
diff --git a/src/server/usage/get-usage.ts b/src/server/usage/get-usage.ts
deleted file mode 100644
index ac4449afa..000000000
--- a/src/server/usage/get-usage.ts
+++ /dev/null
@@ -1,58 +0,0 @@
-import 'server-only'
-
-import { cacheLife, cacheTag } from 'next/cache'
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { CACHE_TAGS } from '@/configs/cache'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { returnServerError } from '@/lib/utils/action'
-import type { UsageResponse } from '@/types/billing.types'
-
-const GetUsageAuthActionSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getUsage = authActionClient
-  .schema(GetUsageAuthActionSchema)
-  .metadata({ serverFunctionName: 'getUsage' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx }) => {
-    'use cache'
-
-    const { teamId } = ctx
-
-    cacheLife('hours')
-    cacheTag(CACHE_TAGS.TEAM_USAGE(teamId))
-
-    const accessToken = ctx.session.access_token
-
-    const response = await fetch(
-      `${process.env.BILLING_API_URL}/v2/teams/${teamId}/usage`,
-      {
-        method: 'GET',
-        headers: {
-          'Content-Type': 'application/json',
-          ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-        },
-      }
-    )
-
-    if (!response.ok) {
-      const text = (await response.text()) ?? 'Failed to fetch usage data'
-      return returnServerError(text)
-    }
-
-    const responseData: UsageResponse = await response.json()
-
-    // convert unix seconds to milliseconds because JavaScript
-    const data: UsageResponse = {
-      ...responseData,
-      hour_usages: responseData.hour_usages.map((hour) => ({
-        ...hour,
-        timestamp: hour.timestamp * 1000,
-      })),
-    }
-
-    return data
-  })
diff --git a/src/server/webhooks/get-webhooks.ts b/src/server/webhooks/get-webhooks.ts
deleted file mode 100644
index 53fedc0c2..000000000
--- a/src/server/webhooks/get-webhooks.ts
+++ /dev/null
@@ -1,54 +0,0 @@
-import 'server-only'
-
-import { z } from 'zod'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { TeamIdOrSlugSchema } from '@/lib/schemas/team'
-import { handleDefaultInfraError } from '@/lib/utils/action'
-
-const GetWebhooksSchema = z.object({
-  teamIdOrSlug: TeamIdOrSlugSchema,
-})
-
-export const getWebhooks = authActionClient
-  .schema(GetWebhooksSchema)
-  .metadata({ serverFunctionName: 'getWebhook' })
-  .use(withTeamIdResolution)
-  .action(async ({ ctx }) => {
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-
-    const response = await infra.GET('/events/webhooks', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-    })
-
-    if (response.error) {
-      const status = response.response.status
-
-      if (status === 404) {
-        return { webhooks: [] }
-      }
-
-      l.error(
-        {
-          key: 'get_webhooks:infra_error',
-          status,
-          error: response.error,
-          team_id: teamId,
-          user_id: session.user.id,
-        },
-        `Failed to get webhook: ${status}: ${response.error.message}`
-      )
-
-      return handleDefaultInfraError(status)
-    }
-
-    const data = response.data
-
-    return { webhooks: data }
-  })
diff --git a/src/server/webhooks/webhooks-actions.ts b/src/server/webhooks/webhooks-actions.ts
deleted file mode 100644
index 91adebac3..000000000
--- a/src/server/webhooks/webhooks-actions.ts
+++ /dev/null
@@ -1,199 +0,0 @@
-'use server'
-
-import { revalidatePath } from 'next/cache'
-import { cookies } from 'next/headers'
-import { SUPABASE_AUTH_HEADERS } from '@/configs/api'
-import { COOKIE_KEYS } from '@/configs/cookies'
-import { authActionClient, withTeamIdResolution } from '@/lib/clients/action'
-import { infra } from '@/lib/clients/api'
-import { l } from '@/lib/clients/logger/logger'
-import { handleDefaultInfraError } from '@/lib/utils/action'
-import {
-  DeleteWebhookSchema,
-  UpdateWebhookSecretSchema,
-  UpsertWebhookSchema,
-} from './schema'
-
-// Upsert Webhook (Create or Update)
-
-// NOTE: we combine insert and edit for now, since
-// the component calling these can be combined as well. [add-edit-dialog.tsx]
-// this results in less client side complexity.
-export const upsertWebhookAction = authActionClient
-  .schema(UpsertWebhookSchema)
-  .metadata({ actionName: 'upsertWebhook' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { mode, webhookId, name, url, events, signatureSecret, enabled } =
-      parsedInput
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-    const isEdit = mode === 'edit'
-
-    const response = isEdit
-      ? await infra.PATCH('/events/webhooks/{webhookID}', {
-          headers: {
-            ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-          },
-          params: {
-            path: { webhookID: webhookId! },
-          },
-          body: {
-            name,
-            url,
-            events,
-            enabled,
-          },
-        })
-      : await infra.POST('/events/webhooks', {
-          headers: {
-            ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-          },
-          body: {
-            name,
-            url,
-            events,
-            enabled,
-            signatureSecret: signatureSecret!,
-          },
-        })
-
-    if (response.error) {
-      const status = response.response.status
-
-      l.error(
-        {
-          key: isEdit
-            ? 'update_webhook:infra_error'
-            : 'create_webhook:infra_error',
-          error: response.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            status,
-            teamId,
-            mode,
-            name,
-            url,
-            events,
-          },
-        },
-        `Failed to ${isEdit ? 'update' : 'create'} webhook: ${status}: ${response.error.message}`
-      )
-
-      return handleDefaultInfraError(status)
-    }
-
-    const teamSlug = (await cookies()).get(
-      COOKIE_KEYS.SELECTED_TEAM_SLUG
-    )?.value
-
-    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
-
-    return { success: true }
-  })
-
-// Delete Webhook
-
-export const deleteWebhookAction = authActionClient
-  .schema(DeleteWebhookSchema)
-  .metadata({ actionName: 'deleteWebhook' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { webhookId } = parsedInput
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-
-    const response = await infra.DELETE('/events/webhooks/{webhookID}', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-      params: {
-        path: { webhookID: webhookId },
-      },
-    })
-
-    if (response.error) {
-      const status = response.response.status
-
-      l.error(
-        {
-          key: 'delete_webhook:infra_error',
-          status,
-          error: response.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            teamId,
-          },
-        },
-        `Failed to delete webhook: ${status}: ${response.error.message}`
-      )
-
-      return handleDefaultInfraError(status)
-    }
-
-    const teamSlug = (await cookies()).get(
-      COOKIE_KEYS.SELECTED_TEAM_SLUG
-    )?.value
-
-    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
-
-    return { success: true }
-  })
-
-// Update Webhook Secret
-
-export const updateWebhookSecretAction = authActionClient
-  .schema(UpdateWebhookSecretSchema)
-  .metadata({ actionName: 'updateWebhookSecret' })
-  .use(withTeamIdResolution)
-  .action(async ({ parsedInput, ctx }) => {
-    const { webhookId, signatureSecret } = parsedInput
-    const { session, teamId } = ctx
-
-    const accessToken = session.access_token
-
-    const response = await infra.PATCH('/events/webhooks/{webhookID}', {
-      headers: {
-        ...SUPABASE_AUTH_HEADERS(accessToken, teamId),
-      },
-      params: {
-        path: { webhookID: webhookId },
-      },
-      body: {
-        signatureSecret,
-      },
-    })
-
-    if (response.error) {
-      const status = response.response.status
-
-      l.error(
-        {
-          key: 'update_webhook_secret:infra_error',
-          error: response.error,
-          team_id: teamId,
-          user_id: session.user.id,
-          context: {
-            status,
-            teamId,
-            webhookId,
-          },
-        },
-        `Failed to update webhook secret: ${status}: ${response.error.message}`
-      )
-
-      return handleDefaultInfraError(status)
-    }
-
-    const teamSlug = (await cookies()).get(
-      COOKIE_KEYS.SELECTED_TEAM_SLUG
-    )?.value
-
-    revalidatePath(`/dashboard/${teamSlug}/webhooks`, 'page')
-
-    return { success: true }
-  })
diff --git a/src/trpc/client.tsx b/src/trpc/client.tsx
index 362435c67..9accffd8d 100644
--- a/src/trpc/client.tsx
+++ b/src/trpc/client.tsx
@@ -8,7 +8,7 @@ import type { inferRouterInputs, inferRouterOutputs } from '@trpc/server'
 import { createTRPCContext } from '@trpc/tanstack-react-query'
 import { useState } from 'react'
 import SuperJSON from 'superjson'
-import type { TRPCAppRouter } from '@/server/api/routers'
+import type { TRPCAppRouter } from '@/core/server/api/routers'
 import { createQueryClient } from './query-client'
 
 export const { TRPCProvider, useTRPC, useTRPCClient } =
diff --git a/src/trpc/server.tsx b/src/trpc/server.tsx
index 941427cce..54ab40f24 100644
--- a/src/trpc/server.tsx
+++ b/src/trpc/server.tsx
@@ -7,9 +7,8 @@ import {
 } from '@trpc/tanstack-react-query'
 import { headers } from 'next/headers'
 import { cache } from 'react'
-
-import { createTRPCContext } from '@/server/api/init'
-import { createTRPCCaller, trpcAppRouter } from '@/server/api/routers'
+import { createTRPCCaller, trpcAppRouter } from '@/core/server/api/routers'
+import { createTRPCContext } from '@/core/server/trpc/init'
 import { createQueryClient } from './query-client'
 
 /**
diff --git a/src/types/api.types.ts b/src/types/api.types.ts
deleted file mode 100644
index a01590613..000000000
--- a/src/types/api.types.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-import type { components as InfraComponents } from '@/types/infra-api.types'
-
-type Sandbox = InfraComponents['schemas']['ListedSandbox']
-
-type Sandboxes = InfraComponents['schemas']['ListedSandbox'][]
-
-type SandboxMetric = InfraComponents['schemas']['SandboxMetric']
-
-type SandboxesMetricsRecord =
-  InfraComponents['schemas']['SandboxesWithMetrics']['sandboxes']
-
-type TeamMetric = InfraComponents['schemas']['TeamMetric']
-
-type Template = Pick<
-  InfraComponents['schemas']['Template'],
-  | 'templateID'
-  | 'buildID'
-  | 'cpuCount'
-  | 'memoryMB'
-  | 'diskSizeMB'
-  | 'public'
-  | 'aliases'
-  | 'names'
-  | 'createdAt'
-  | 'updatedAt'
-  | 'createdBy'
-  | 'lastSpawnedAt'
-  | 'spawnCount'
-  | 'buildCount'
-  | 'envdVersion'
->
-
-type DefaultTemplate = Template & {
-  isDefault: true
-  defaultDescription?: string
-}
-
-type TeamUser = InfraComponents['schemas']['TeamUser']
-
-type IdentifierMaskingDetails =
-  InfraComponents['schemas']['IdentifierMaskingDetails']
-
-type CreatedAccessToken = InfraComponents['schemas']['CreatedAccessToken']
-
-type CreatedTeamAPIKey = InfraComponents['schemas']['CreatedTeamAPIKey']
-
-type TeamAPIKey = InfraComponents['schemas']['TeamAPIKey']
-
-type SandboxInfo = InfraComponents['schemas']['SandboxDetail']
-
-export type {
-  CreatedAccessToken,
-  CreatedTeamAPIKey,
-  DefaultTemplate,
-  IdentifierMaskingDetails,
-  Sandbox,
-  Sandboxes,
-  SandboxesMetricsRecord,
-  SandboxInfo,
-  SandboxMetric,
-  TeamAPIKey,
-  TeamMetric,
-  TeamUser,
-  Template,
-}
diff --git a/src/types/dashboard.types.ts b/src/types/dashboard.types.ts
deleted file mode 100644
index 974496149..000000000
--- a/src/types/dashboard.types.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import type { Database } from './database.types'
-
-export type ClientTeam = Database['public']['Tables']['teams']['Row'] & {
-  is_default?: boolean
-  // provides a transformed name for teams that are default ones and have "unchanged" default names
-  // e.g. "max.mustermann@gmail.com" -> "Max.mustermann's Team"
-  transformed_default_name?: string
-}
diff --git a/src/types/errors.ts b/src/types/errors.ts
deleted file mode 100644
index 04070a293..000000000
--- a/src/types/errors.ts
+++ /dev/null
@@ -1,43 +0,0 @@
-// Types
-
-export type E2BErrorCode =
-  | 'UNAUTHENTICATED'
-  | 'UNAUTHORIZED'
-  | 'INVALID_PARAMETERS'
-  | 'INTERNAL_SERVER_ERROR'
-  | 'API_ERROR'
-  | 'UNKNOWN'
-  | string
-
-export class E2BError extends Error {
-  public code: E2BErrorCode
-
-  constructor(code: E2BErrorCode, message: string) {
-    super(message)
-    this.name = 'E2BError'
-    this.code = code
-  }
-}
-
-// Errors
-
-export const UnauthenticatedError = () =>
-  new E2BError('UNAUTHENTICATED', 'User not authenticated')
-
-export const UnauthorizedError = (message: string) =>
-  new E2BError('UNAUTHORIZED', message)
-
-export const InvalidApiKeyError = (message: string) =>
-  new E2BError('INVALID_API_KEY', message)
-
-export const InvalidParametersError = (message: string) =>
-  new E2BError('INVALID_PARAMETERS', message)
-
-export const ApiError = (message: string) => new E2BError('API_ERROR', message)
-
-export const UnknownError = (message?: string) =>
-  new E2BError(
-    'UNKNOWN',
-    message ??
-      'An Unexpected Error Occurred, please try again. If the problem persists, please contact support.'
-  )
diff --git a/src/ui/error.tsx b/src/ui/error.tsx
index f51c67434..46a2dd2f9 100644
--- a/src/ui/error.tsx
+++ b/src/ui/error.tsx
@@ -2,8 +2,7 @@
 
 import { useEffect } from 'react'
 import { ErrorBoundary as ReactErrorBoundary } from 'react-error-boundary'
-import { serializeError } from 'serialize-error'
-import { l } from '@/lib/clients/logger/logger'
+import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import { cn } from '@/lib/utils'
 import { ErrorIndicator } from './error-indicator'
 import Frame from './frame'
@@ -23,7 +22,7 @@ export default function ErrorBoundary({
     l.error(
       {
         key: 'error_boundary',
-        error: serializeError(error),
+        error: serializeErrorForLog(error),
       },
       `${error.message}`
     )
diff --git a/tsconfig.json b/tsconfig.json
index 8175970da..ffdaf4893 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -20,6 +20,15 @@
       }
     ],
     "paths": {
+      "@/contracts/argus-api": [
+        "./src/core/shared/contracts/argus-api.types.ts"
+      ],
+      "@/contracts/dashboard-api": [
+        "./src/core/shared/contracts/dashboard-api.types.ts"
+      ],
+      "@/contracts/infra-api": [
+        "./src/core/shared/contracts/infra-api.types.ts"
+      ],
       "@/*": ["./src/*"]
     },
     "isolatedModules": true