diff --git a/.github/workflows/test-build-deploy.yml b/.github/workflows/test-build-deploy.yml
index 51914182..2d286433 100644
--- a/.github/workflows/test-build-deploy.yml
+++ b/.github/workflows/test-build-deploy.yml
@@ -16,7 +16,7 @@ jobs:
   #       env:
   #         DATABASE_URL: ${{ secrets.DATABASE_URL }}
   #         JWT_SECRET: ${{ secrets.JWT_SECRET }}
-  #         NEXT_PUBLIC_APP_URL: http://localhost:8080
+  #         APP_URL: http://localhost:8080
   #         API_URL: http://localhost:3333
   #         LUNARY_PUBLIC_KEY: 259d2d94-9446-478a-ae04-484de705b522
   #         OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
diff --git a/.gitignore b/.gitignore
index c12aaad6..946050d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -200,8 +200,8 @@ entrypoint.sh
 
 
 # Python
-.venv
+venv
 __pycache__/
 *.pyc
-
+venv
 test_*.py
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e065131c..25ad9af0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,6 +6,23 @@
 4. Copy the content of `packages/backend/.env.example` to `packages/backend/.env` and fill the missing values
 5. Copy the content of `packages/frontend/.env.example` to `packages/backend/.env`
 6. Run `npm install`
-7. Run `npm run dev`
+7. Run `npm run migrate:db`
+8. Run `npm run dev`
 
-You can now open the dashboard at `http://localhost:8080`. When using our JS or Python SDK, you need to set the ennvironment variable `LUNARY_API_URL` to `http://localhost:3333`.
+You can now open the dashboard at `http://localhost:8080`. When using our JS or Python SDK, you need to set the environment variable `LUNARY_API_URL` to `http://localhost:3333`.
+
+## Contributing Guidelines
+
+We welcome contributions to this project!
+
+When contributing, please follow these guidelines:
+
+- Before starting work on a new feature or bug fix, open an issue to discuss the proposed changes. This allows for coordination and avoids duplication of effort.
+- Fork the repository and create a new branch for your changes. Use a descriptive branch name that reflects the purpose of your changes.
+- Write clear, concise commit messages that describe the purpose of each commit.
+- Make sure to update any relevant documentation, including README files and code comments.
+- Make sure all tests pass before submitting a pull request.
+- When submitting a pull request, provide a detailed description of your changes and reference any related issues.
+- Be responsive to feedback and be willing to make changes to your pull request if requested.
+
+Thank you for your contributions!
diff --git a/ops b/ops
index c03dfdb9..8c08efc6 160000
--- a/ops
+++ b/ops
@@ -1 +1 @@
-Subproject commit c03dfdb96464eb6d4894448dc308d84c48649472
+Subproject commit 8c08efc66fb13988c9d96da7e7066a8d6d564071
diff --git a/package-lock.json b/package-lock.json
index 71339baa..844302e5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4193,19 +4193,6 @@
         }
       }
     },
-    "node_modules/next-plausible": {
-      "version": "3.12.0",
-      "resolved": "https://registry.npmjs.org/next-plausible/-/next-plausible-3.12.0.tgz",
-      "integrity": "sha512-SSkEqKQ6PgR8fx3sYfIAT69k2xuCUXO5ngkSS19CjxY97lAoZxsfZpYednxB4zo0mHYv87JzhPynrdBPlCBVHg==",
-      "funding": {
-        "url": "https://github.com/4lejandrito/next-plausible?sponsor=1"
-      },
-      "peerDependencies": {
-        "next": "^11.1.0 || ^12.0.0 || ^13.0.0 || ^14.0.0",
-        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
-        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
-      }
-    },
     "node_modules/next-seo": {
       "version": "6.5.0",
       "resolved": "https://registry.npmjs.org/next-seo/-/next-seo-6.5.0.tgz",
@@ -6823,13 +6810,11 @@
         "@tanstack/react-virtual": "3.0.0-alpha.0",
         "bcrypt": "^5.1.1",
         "crisp-sdk-web": "^1.0.21",
-        "date-fns": "^3.3.1",
+        "date-fns": "^3.6.0",
         "jose": "^5.2.0",
         "jsonrepair": "^3.5.1",
         "next": "^14.1.0",
-        "next-plausible": "^3.12.0",
         "next-seo": "^6.4.0",
-        "postgres": "^3.4.3",
         "posthog-js": "^1.103.1",
         "random-word-slugs": "^0.1.7",
         "react": "18.2.0",
@@ -6859,8 +6844,9 @@
       }
     },
     "packages/frontend/node_modules/date-fns": {
-      "version": "3.3.1",
-      "license": "MIT",
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-3.6.0.tgz",
+      "integrity": "sha512-fRHTG8g/Gif+kSh50gaGEdToemgfj74aRX3swtiouboip5JDLAyDE9F11nHMIcvOaXeOC6D7SpNhi7uFyB7Uww==",
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/kossnocorp"
diff --git a/packages/backend/.env.example b/packages/backend/.env.example
index 96c4c790..a18af13f 100644
--- a/packages/backend/.env.example
+++ b/packages/backend/.env.example
@@ -1,10 +1,9 @@
 DATABASE_URL="postgresql://postgres:password@your-host:5432/postgres"
 JWT_SECRET=yoursupersecret
-NEXT_PUBLIC_APP_URL=http://localhost:8080
-SKIP_EMAIL_VERIFY=true
+APP_URL=http://localhost:8080
 
 
-# optionnal (for the playground, evaluation and radar features)
+# optional (for the playground, evaluation and radar features)
 LUNARY_PUBLIC_KEY=259d2d94-9446-478a-ae04-484de705b522 
 OPENAI_API_KEY=sk-...
 OPENROUTER_API_KEY=sk-...
diff --git a/packages/backend/src/api/v1/auth/index.ts b/packages/backend/src/api/v1/auth/index.ts
index 385e8fa9..d007eda2 100644
--- a/packages/backend/src/api/v1/auth/index.ts
+++ b/packages/backend/src/api/v1/auth/index.ts
@@ -46,13 +46,14 @@ auth.post("/method", async (ctx: Context) => {
 auth.post("/signup", async (ctx: Context) => {
   const bodySchema = z.object({
     email: z.string().email().transform(sanitizeEmail),
-    password: z.string().min(6),
+    password: z.string().min(6).optional(), // optional if SAML flow
     name: z.string(),
     orgName: z.string().optional(),
     projectName: z.string().optional(),
     employeeCount: z.string().optional(),
     orgId: z.string().optional(),
     token: z.string().optional(),
+    redirectUrl: z.string().optional(),
     signupMethod: z.enum(["signup", "join"]),
   })
 
@@ -65,30 +66,41 @@ auth.post("/signup", async (ctx: Context) => {
     employeeCount,
     orgId,
     signupMethod,
+    redirectUrl,
     token,
   } = bodySchema.parse(ctx.request.body)
 
+  // Spamming hotfix
   if (orgName?.includes("https://") || name.includes("http://")) {
     ctx.throw(403, "Bad request")
   }
 
-  const [existingUser] = await sql`
-    select * from account where lower(email) = lower(${email})
-  `
   if (signupMethod === "signup") {
     const { user, org } = await sql.begin(async (sql) => {
       const plan = process.env.DEFAULT_PLAN || "free"
 
+      const [existingUser] = await sql`
+        select * from account where lower(email) = lower(${email})
+      `
+
+      if (!password) {
+        ctx.throw(403, "Password is required")
+      }
+
+      if (existingUser) {
+        ctx.throw(403, "User already exists")
+      }
+
       const [org] =
         await sql`insert into org ${sql({ name: orgName || `${name}'s Org`, plan })} returning *`
 
       const newUser = {
         name,
-        passwordHash: await hashPassword(password),
+        passwordHash: await hashPassword(password!),
         email,
         orgId: org.id,
         role: "owner",
-        verified: process.env.SKIP_EMAIL_VERIFY ? true : false,
+        verified: !process.env.RESEND_KEY ? true : false,
         lastLoginAt: new Date(),
       }
 
@@ -114,7 +126,7 @@ auth.post("/signup", async (ctx: Context) => {
         projectId: project.id,
         apiKey: project.id,
       }
-      sql`
+      await sql`
         insert into api_key ${sql(publicKey)}
       `
       const privateKey = [
@@ -151,25 +163,24 @@ auth.post("/signup", async (ctx: Context) => {
     return
   } else if (signupMethod === "join") {
     const { payload } = await verifyJwt(token!)
+
     if (payload.email !== email) {
-      ctx.throw(403, "Wrong email")
+      ctx.throw(403, "Invalid token")
     }
 
-    const newUser = {
+    const update = {
       name,
-      passwordHash: await hashPassword(password),
-      email,
-      orgId,
-      role: "member",
       verified: true,
+      singleUseToken: null,
+    }
+
+    if (password) {
+      update.passwordHash = await hashPassword(password)
     }
-    const [user] = await sql`
-        update account set 
-          name = ${newUser.name},
-          password_hash = ${newUser.passwordHash}, 
-          verified = true, 
-          single_use_token = null
-        where email = ${newUser.email} 
+
+    await sql`
+        update account set ${sql(update)}
+        where email = ${email} and org_id = ${orgId!}
         returning *
      `
 
@@ -189,8 +200,6 @@ auth.get("/join-data", async (ctx: Context) => {
     select name, plan from org where id = ${orgId}
   `
 
-  console.log(org)
-
   const [orgUserCountResult] = await sql`
     select count(*) from account where org_id = ${orgId}
   `
@@ -272,7 +281,7 @@ auth.post("/request-password-reset", async (ctx: Context) => {
 
     await sql`update account set recovery_token = ${token} where id = ${user.id}`
 
-    const link = `${process.env.NEXT_PUBLIC_APP_URL}/reset-password?token=${token}`
+    const link = `${process.env.APP_URL}/reset-password?token=${token}`
 
     await sendEmail(RESET_PASSWORD(email, link))
 
diff --git a/packages/backend/src/api/v1/auth/saml.ts b/packages/backend/src/api/v1/auth/saml.ts
index f865d1cc..88a06ce0 100644
--- a/packages/backend/src/api/v1/auth/saml.ts
+++ b/packages/backend/src/api/v1/auth/saml.ts
@@ -15,8 +15,6 @@ const route = new Router({
   prefix: "/saml/:orgId",
 })
 
-const BASE_URL = process.env.SAML_BASE_URL || process.env.API_URL
-
 // This function generates a secure, one-time-use token
 export async function generateOneTimeToken(): Promise<string> {
   // Generate a 32-byte random buffer
@@ -37,9 +35,9 @@ function getSpMetadata(orgId: string) {
   return `<?xml version="1.0"?>
 <EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" entityID="${process.env.SAML_ENTITY_ID || "urn:lunary.ai:saml:sp"}">
     <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="${BASE_URL}/auth/saml/${orgId}/slo" />
+        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="${process.env.API_URL}/auth/saml/${orgId}/slo" />
         <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
-        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${BASE_URL}/auth/saml/${orgId}/acs" index="1" />
+        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="${process.env.API_URL}/auth/saml/${orgId}/acs" index="1" />
     </SPSSODescriptor>
     <Organization>
         <OrganizationName xml:lang="en-US">Lunary LLC</OrganizationName>
@@ -94,7 +92,7 @@ function parseAttributes(attributes: any) {
 route.get("/success", async (ctx: Context) => {
   const { orgId } = ctx.params as { orgId: string }
 
-  ctx.redirect(process.env.NEXT_PUBLIC_APP_URL!)
+  ctx.redirect(process.env.APP_URL!)
 })
 
 // Returns the Service Provider metadata
@@ -116,6 +114,7 @@ route.post("/download-idp-xml", async (ctx: Context) => {
 
   await sql`update org set saml_idp_xml = ${xml} where id = ${orgId}`
 
+  ctx.body = { success: true }
   ctx.status = 201
 })
 
@@ -146,10 +145,10 @@ route.post("/acs", async (ctx: Context) => {
 
   const { email, name } = parseAttributes(attributes)
 
-  const onetimeToken = await generateOneTimeToken()
+  const singleUseToken = await generateOneTimeToken()
 
   const [account] =
-    await sql`update account set ${sql({ name, onetimeToken, lastLoginAt: new Date() })} where email = ${email} and org_id = ${orgId} returning *`
+    await sql`update account set ${sql({ name, singleUseToken, lastLoginAt: new Date() })} where email = ${email} and org_id = ${orgId} returning *`
 
   if (!account) {
     ctx.throw(
@@ -159,7 +158,7 @@ route.post("/acs", async (ctx: Context) => {
   }
 
   // Redirect with an one-time token that can be exchanged for an auth token
-  ctx.redirect(`${process.env.NEXT_PUBLIC_APP_URL!}/login?ott=${onetimeToken}`)
+  ctx.redirect(`${process.env.APP_URL!}/login?ott=${singleUseToken}`)
 })
 
 route.post("/slo", async (ctx: Context) => {
diff --git a/packages/backend/src/api/v1/orgs.ts b/packages/backend/src/api/v1/orgs.ts
index 85d656d6..026b2c44 100644
--- a/packages/backend/src/api/v1/orgs.ts
+++ b/packages/backend/src/api/v1/orgs.ts
@@ -94,7 +94,7 @@ orgs.get("/billing-portal", async (ctx: Context) => {
 
   const session = await stripe.billingPortal.sessions.create({
     customer: org.stripeCustomer,
-    return_url: `${process.env.NEXT_PUBLIC_APP_URL}/billing`,
+    return_url: `${process.env.APP_URL}/billing`,
   })
 
   ctx.body = { url: session.url }
diff --git a/packages/backend/src/api/v1/users.ts b/packages/backend/src/api/v1/users.ts
index 2176f6fa..9770972d 100644
--- a/packages/backend/src/api/v1/users.ts
+++ b/packages/backend/src/api/v1/users.ts
@@ -113,7 +113,7 @@ users.get("/verify-email", async (ctx: Context) => {
 
   await sendEmail(WELCOME_EMAIL(email, name, id))
   // redirect to home page
-  ctx.redirect(process.env.NEXT_PUBLIC_APP_URL!)
+  ctx.redirect(process.env.APP_URL!)
 })
 
 users.post("/send-verification", async (ctx: Context) => {
@@ -205,7 +205,7 @@ users.post("/", checkAccess("teamMembers", "create"), async (ctx: Context) => {
   `
 
   if (!org.samlEnabled) {
-    const link = `${process.env.NEXT_PUBLIC_APP_URL}/join?token=${token}`
+    const link = `${process.env.APP_URL}/join?token=${token}`
     await sendEmail(INVITE_EMAIL(email, org.name, link))
   }
 
diff --git a/packages/backend/src/checks/ai/ner.ts b/packages/backend/src/checks/ai/ner.ts
deleted file mode 100644
index 637d5ceb..00000000
--- a/packages/backend/src/checks/ai/ner.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-// import { pipeline } from "@xenova/transformers"
-
-// let nerPipeline: any = null
-// let loading = false
-
-// type Output = {
-//   entity: string
-//   score: number
-//   index: number
-//   word: string
-//   start: null
-//   end: null
-// }[]
-
-// type Entities = {
-//   per: string[]
-//   loc: string[]
-//   org: string[]
-// }
-
-// export default async function aiNER(sentence?: string): Promise<Entities> {
-//   const entities: Entities = { per: [], loc: [], org: [] }
-
-//   if (!sentence) return { per: [], loc: [], org: [] }
-
-//   if (!nerPipeline) {
-//     // this prevents multiple loading of the pipeline simultaneously which causes extreme lag
-//     if (loading) {
-//       await new Promise((resolve) => setTimeout(resolve, 500))
-//       return aiNER(sentence)
-//     }
-
-//     loading = true
-//     nerPipeline = await pipeline(
-//       "ner",
-//       "Xenova/bert-base-multilingual-cased-ner-hrl",
-//     )
-//     loading = false
-//   }
-
-//   const output: Output = await nerPipeline(sentence)
-
-//   let currentEntity = { name: "", score: 0, type: "" }
-
-//   output.forEach((word) => {
-//     const entityType = word.entity.split("-")[1]
-//     if (word.entity.startsWith("B-")) {
-//       if (currentEntity.score > 0.5) {
-//         entities[currentEntity.type.toLowerCase()].push(
-//           currentEntity.name.trim(),
-//         )
-//       }
-//       currentEntity = { name: word.word, score: word.score, type: entityType }
-//     } else if (currentEntity.type === entityType) {
-//       currentEntity.name += word.word.includes("##")
-//         ? word.word.replace("##", "")
-//         : " " + word.word
-//       currentEntity.score *= word.score
-//     }
-//   })
-
-//   if (currentEntity.score > 0.5) {
-//     entities[currentEntity.type.toLowerCase()].push(currentEntity.name.trim())
-//   }
-
-//   return entities
-// }
diff --git a/packages/backend/src/checks/ai/toxic.ts b/packages/backend/src/checks/ai/toxic.ts
deleted file mode 100644
index 4448d50e..00000000
--- a/packages/backend/src/checks/ai/toxic.ts
+++ /dev/null
@@ -1,86 +0,0 @@
-// import { pipeline } from "@xenova/transformers"
-
-// // One of the only libraries that supports multiple languages
-// import badWords from "washyourmouthoutwithsoap/data/build.json"
-// import badWordsEnExtended from "washyourmouthoutwithsoap/data/_en.json"
-
-// // extend with more words
-// badWords.en = [...badWords.en, ...Object.keys(badWordsEnExtended)]
-// const allWords = Object.values(badWords).flat()
-
-// let nerPipeline: any = null
-// let loading = false
-
-// type Output = {
-//   label: string
-//   score: number
-// }[]
-
-// const profanityListCheck = (text: string) => {
-//   const words = []
-
-//   const clean = (text: string) => text.replace(/[^a-zA-Z ]/g, "").toLowerCase()
-//   const tokenize = (text: string) => {
-//     const withPunctuation = text.replace("/ {2,}/", " ").split(" ")
-//     const withoutPunctuation = text
-//       .replace(/[^\w\s]/g, "")
-//       .replace("/ {2,}/", " ")
-//       .split(" ")
-
-//     return (
-//       withPunctuation
-//         .concat(withoutPunctuation)
-//         // otherwise some false positives with short words
-//         .filter((w) => w.length > 3)
-//     )
-//   }
-
-//   // Clean and tokenize user input
-//   const tokens = tokenize(clean(text))
-
-//   // Check against list
-//   for (let i in tokens) {
-//     if (allWords.indexOf(tokens[i]) !== -1) words.push(tokens[i])
-//   }
-
-//   return [...new Set(words)] // remove duplicates
-// }
-
-// async function aiToxicity(sentences?: string[]): Promise<string[]> {
-//   if (!sentences) return []
-
-//   const cleaned = sentences.filter((s) => s && s.length > 3)
-//   if (!cleaned?.length) return []
-
-//   // check for profanity, more efficient in some cases
-//   const badWords = profanityListCheck(cleaned.join(" "))
-//   if (badWords.length) return badWords
-
-//   if (!nerPipeline) {
-//     // this prevents multiple loading of the pipeline simultaneously which causes extreme lag
-//     if (loading) {
-//       await new Promise((resolve) => setTimeout(resolve, 500))
-//       return aiToxicity(sentences)
-//     }
-
-//     loading = true
-//     nerPipeline = await pipeline("text-classification", "Xenova/toxic-bert")
-//     loading = false
-//   }
-
-//   const output: Output = await nerPipeline(cleaned, { topk: null })
-
-//   // remove duplicates and filter out low scores
-//   const result = [
-//     ...new Set(
-//       output
-//         .flat()
-//         .filter((l) => l.score > 0.8)
-//         .map((l) => l.label),
-//     ),
-//   ]
-
-//   return result
-// }
-
-// export default aiToxicity
diff --git a/packages/backend/src/utils/emails.ts b/packages/backend/src/utils/emails.ts
index e1647239..413992a0 100644
--- a/packages/backend/src/utils/emails.ts
+++ b/packages/backend/src/utils/emails.ts
@@ -7,10 +7,6 @@ function extractFirstName(name: string) {
 }
 
 export async function sendVerifyEmail(email: string, name: string) {
-  if (process.env.SKIP_EMAIL_VERIFY) {
-    return
-  }
-
   const token = await signJwt({ email })
 
   const confirmLink = `${process.env.API_URL}/v1/users/verify-email?token=${token}`
@@ -25,11 +21,19 @@ export function INVITE_EMAIL(email: string, orgName: string, link: string) {
     reply_to: "hello@lunary.ai",
     from: process.env.GENERIC_SENDER,
     text: `Hi, 
-You've been invited to join ${orgName} on Lunary. Please use the following link to accept the invitation: ${link}
+
+You've been invited to join ${orgName} on Lunary. 
+
+Please click on the following link to accept the invitation: 
+
+${link}
+
 We're looking forward to having you on board!
 
-Best,
-The Lunary Team`,
+You can reply to this email if you have any question.
+
+Thanks
+- The Lunary team`,
   }
 }
 
diff --git a/packages/backend/src/utils/ml.ts b/packages/backend/src/utils/ml.ts
index c38ed570..9d8c4fd0 100644
--- a/packages/backend/src/utils/ml.ts
+++ b/packages/backend/src/utils/ml.ts
@@ -1,6 +1,9 @@
 export async function callML(method: string, data: any) {
   const response = await fetch(`http://localhost:4242/${method}`, {
     method: "POST",
+    // For example at the first ML calls, it needs to DL the models, so it can take a while
+    // So add timeout
+    signal: AbortSignal.timeout(5000),
     headers: {
       "Content-Type": "application/json",
     },
diff --git a/packages/db/0006.sql b/packages/db/0006.sql
index 3be8c13b..3fdd9300 100644
--- a/packages/db/0006.sql
+++ b/packages/db/0006.sql
@@ -1,4 +1,5 @@
 alter table account add column if not exists single_use_token text;
+
 create table if not exists account_project (
     account_id uuid references account(id) on delete cascade,
     project_id uuid references project(id) on delete cascade,
diff --git a/packages/frontend/components/blocks/CopyText.tsx b/packages/frontend/components/blocks/CopyText.tsx
index 6d7c3191..bd7ce0be 100644
--- a/packages/frontend/components/blocks/CopyText.tsx
+++ b/packages/frontend/components/blocks/CopyText.tsx
@@ -1,4 +1,11 @@
-import { ActionIcon, Code, CopyButton, Group, Tooltip } from "@mantine/core"
+import {
+  ActionIcon,
+  Code,
+  CopyButton,
+  Group,
+  Input,
+  Tooltip,
+} from "@mantine/core"
 import { IconCheck, IconCopy } from "@tabler/icons-react"
 
 export const SuperCopyButton = ({ value }) => (
@@ -27,3 +34,13 @@ export default function CopyText({ c = "violet", value }) {
     </Group>
   )
 }
+
+export const CopyInput = ({ value, ...props }) => (
+  <Input
+    value={value}
+    styles={{ input: { contentEditable: false } }}
+    rightSectionPointerEvents="all"
+    rightSection={<SuperCopyButton value={value} />}
+    {...props}
+  />
+)
diff --git a/packages/frontend/components/blocks/SettingsCard.tsx b/packages/frontend/components/blocks/SettingsCard.tsx
new file mode 100644
index 00000000..ca424389
--- /dev/null
+++ b/packages/frontend/components/blocks/SettingsCard.tsx
@@ -0,0 +1,23 @@
+import { Card, Stack, Title } from "@mantine/core"
+
+// so we can have an harmonized title for all cards
+export function SettingsCard({
+  title,
+  children,
+  align,
+  gap = "lg",
+}: {
+  title
+  children: React.ReactNode
+  align?: string
+  gap?: string
+}) {
+  return (
+    <Card withBorder p="lg" style={{ overflow: "visible" }}>
+      <Stack gap={gap} align={align}>
+        <Title order={4}>{title}</Title>
+        {children}
+      </Stack>
+    </Card>
+  )
+}
diff --git a/packages/frontend/components/blocks/SocialProof.tsx b/packages/frontend/components/blocks/SocialProof.tsx
index 9f327e92..7b3fda96 100644
--- a/packages/frontend/components/blocks/SocialProof.tsx
+++ b/packages/frontend/components/blocks/SocialProof.tsx
@@ -22,7 +22,7 @@ export default function SocialProof() {
             span
             fw="bolder"
           >
-            1000+
+            1500+
           </Text>{" "}
           AI devs build better apps
         </Text>
diff --git a/packages/frontend/components/layout/Analytics.tsx b/packages/frontend/components/layout/Analytics.tsx
index 3d1e75cb..7763a146 100644
--- a/packages/frontend/components/layout/Analytics.tsx
+++ b/packages/frontend/components/layout/Analytics.tsx
@@ -3,7 +3,7 @@ import { useEffect, Component } from "react"
 import Script from "next/script"
 
 import { PostHogProvider } from "posthog-js/react"
-import PlausibleProvider from "next-plausible"
+
 import posthog from "posthog-js"
 
 import analytics from "@/utils/analytics"
@@ -37,32 +37,23 @@ export default function AnalyticsWrapper({ children }) {
   return (
     <>
       {process.env.NEXT_PUBLIC_CRISP_ID && <CrispChat />}
-      <PlausibleProvider
-        domain="app.lunary.ai,rollup.lunary.ai"
-        scriptProps={{
-          src: "https://www.lunary.ai/p/js/script.js",
-          // @ts-ignore
-          "data-api": "https://www.lunary.ai/p/event",
-        }}
-        customDomain="www.lunary.ai"
-      >
-        {process.env.NEXT_PUBLIC_CUSTOM_SCRIPT && (
-          <Script
-            id="custom-script"
-            dangerouslySetInnerHTML={{
-              __html: process.env.NEXT_PUBLIC_CUSTOM_SCRIPT,
-            }}
-            onLoad={() => console.log("Custom script loaded.")}
-            onError={() => console.log("Custom script failed to load.")}
-          />
-        )}
 
-        {process.env.NEXT_PUBLIC_POSTHOG_KEY ? (
-          <PostHogProvider client={posthog}>{children}</PostHogProvider>
-        ) : (
-          children
-        )}
-      </PlausibleProvider>
+      {process.env.NEXT_PUBLIC_CUSTOM_SCRIPT && (
+        <Script
+          id="custom-script"
+          dangerouslySetInnerHTML={{
+            __html: process.env.NEXT_PUBLIC_CUSTOM_SCRIPT,
+          }}
+          onLoad={() => console.log("Custom script loaded.")}
+          onError={() => console.log("Custom script failed to load.")}
+        />
+      )}
+
+      {process.env.NEXT_PUBLIC_POSTHOG_KEY ? (
+        <PostHogProvider client={posthog}>{children}</PostHogProvider>
+      ) : (
+        children
+      )}
     </>
   )
 }
diff --git a/packages/frontend/components/layout/Paywall.tsx b/packages/frontend/components/layout/Paywall.tsx
index c24abafc..4334934e 100644
--- a/packages/frontend/components/layout/Paywall.tsx
+++ b/packages/frontend/components/layout/Paywall.tsx
@@ -56,7 +56,7 @@ export default function Paywall({
 
   // Automatically disable paywall in these cases
   if (
-    ["custom", "enterprise", "unlimited", plan].includes(org?.plan) ||
+    ["custom", "unlimited", plan].includes(org?.plan) ||
     process.env.NEXT_PUBLIC_DEMO
   ) {
     return children
diff --git a/packages/frontend/components/layout/Sidebar.tsx b/packages/frontend/components/layout/Sidebar.tsx
index 61209313..e5150ee1 100644
--- a/packages/frontend/components/layout/Sidebar.tsx
+++ b/packages/frontend/components/layout/Sidebar.tsx
@@ -121,7 +121,9 @@ export default function Sidebar() {
 
   const combobox = useCombobox()
 
-  const billingEnabled = !!process.env.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY
+  const billingEnabled =
+    process.env.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY &&
+    !process.env.NEXT_PUBLIC_IS_SELF_HOSTED
 
   const orgMenu = [
     {
diff --git a/packages/frontend/load-env.sh b/packages/frontend/load-env.sh
index 82e06f1a..dbce1602 100644
--- a/packages/frontend/load-env.sh
+++ b/packages/frontend/load-env.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# This script is necessary because we need to be able to inject API_URL after build time, and Next does not provide and easy way to do that.
+# This script is necessary because we need to be able to inject API_URL and APP_URL after build time, and Next does not provide and easy way to do that.
 # This should work find both with npm run dev, locally and with docker
 
 # Loads .env
@@ -11,7 +11,7 @@ fi
 
 
 if [ -z "$API_URL" ] || [ -z "$APP_URL" ]; then
-  echo "Error: API_URL or APP_URL is not set. Please set the API_URL and APP_URL environment variables."
+  echo "Error: API_URL not set. Please set the API_URL environment variables."
   exit 1
 fi
 
diff --git a/packages/frontend/package.json b/packages/frontend/package.json
index 70ffc46e..73b809a4 100644
--- a/packages/frontend/package.json
+++ b/packages/frontend/package.json
@@ -19,13 +19,11 @@
     "@tanstack/react-virtual": "3.0.0-alpha.0",
     "bcrypt": "^5.1.1",
     "crisp-sdk-web": "^1.0.21",
-    "date-fns": "^3.3.1",
+    "date-fns": "^3.6.0",
     "jose": "^5.2.0",
     "jsonrepair": "^3.5.1",
     "next": "^14.1.0",
-    "next-plausible": "^3.12.0",
     "next-seo": "^6.4.0",
-    "postgres": "^3.4.3",
     "posthog-js": "^1.103.1",
     "random-word-slugs": "^0.1.7",
     "react": "18.2.0",
diff --git a/packages/frontend/pages/analytics.tsx b/packages/frontend/pages/analytics.tsx
index 5079b9d0..b8234bac 100644
--- a/packages/frontend/pages/analytics.tsx
+++ b/packages/frontend/pages/analytics.tsx
@@ -13,7 +13,6 @@ import {
   useProject,
   useRunsUsage,
   useRunsUsageByDay,
-  useUser,
 } from "@/utils/dataHooks"
 import {
   Center,
@@ -28,9 +27,6 @@ import {
 import { useLocalStorage } from "@mantine/hooks"
 import { IconChartAreaLine } from "@tabler/icons-react"
 import { NextSeo } from "next-seo"
-import { useEffect } from "react"
-import { useRouter } from "next/router"
-import { hasAccess } from "shared"
 
 const calculateDailyCost = (usage) => {
   // calculate using calcRunCost, reduce by model, and filter by type llm
@@ -54,16 +50,13 @@ const calculateDailyCost = (usage) => {
 }
 
 export default function Analytics() {
-  const router = useRouter()
   const [range, setRange] = useLocalStorage({
     key: "dateRange-analytics",
     defaultValue: 7,
   })
 
   const { project } = useProject()
-
   const { org } = useOrg()
-  const { user } = useUser()
 
   const { usage, loading: usageLoading } = useRunsUsage(range)
 
@@ -72,12 +65,6 @@ export default function Analytics() {
 
   const loading = usageLoading || dailyUsageLoading || usersLoading
 
-  useEffect(() => {
-    if (!hasAccess(user.role, "analytics", "read")) {
-      router.push("/prompts")
-    }
-  }, [router])
-
   if (loading)
     return (
       <Center h="60vh">
diff --git a/packages/frontend/pages/billing/index.tsx b/packages/frontend/pages/billing/index.tsx
index f8cc45fd..319af2bc 100644
--- a/packages/frontend/pages/billing/index.tsx
+++ b/packages/frontend/pages/billing/index.tsx
@@ -21,6 +21,7 @@ import useSWR from "swr"
 import { EVENTS_ALLOWANCE } from "@/utils/pricing"
 import { fetcher } from "@/utils/fetcher"
 import SeatAllowanceCard from "@/components/blocks/SeatAllowanceCard"
+import { SettingsCard } from "@/components/blocks/SettingsCard"
 
 export default function Billing() {
   const { org, loading } = useOrg()
@@ -98,7 +99,7 @@ export default function Billing() {
           )}
         </Stack>
 
-        {!["enterprise", "custom"].includes(plan) && (
+        {!["custom"].includes(plan) && (
           <Card withBorder radius="md" padding="xl">
             <Container size="lg">
               <UpgradePlans />
@@ -137,20 +138,16 @@ export default function Billing() {
         <SeatAllowanceCard />
 
         {org?.stripeCustomer && (
-          <Card withBorder radius="md" padding="xl">
-            <Stack align="start">
-              <Title order={3}>Customer Portal</Title>
-
-              <Text>
-                Use the Customer Portal to update your payment method, download
-                invoices and view your billing history.
-              </Text>
+          <SettingsCard title="Customer Portal">
+            <Text>
+              Use the Customer Portal to update your payment method, download
+              invoices and view your billing history.
+            </Text>
 
-              <Button size="sm" onClick={redirectToCustomerPortal}>
-                Manage Billing
-              </Button>
-            </Stack>
-          </Card>
+            <Button size="sm" onClick={redirectToCustomerPortal}>
+              Manage Billing
+            </Button>
+          </SettingsCard>
         )}
       </Stack>
     </Container>
diff --git a/packages/frontend/pages/index.tsx b/packages/frontend/pages/index.tsx
index 8de08453..f0063859 100644
--- a/packages/frontend/pages/index.tsx
+++ b/packages/frontend/pages/index.tsx
@@ -1,13 +1,30 @@
 import { useAuth } from "@/utils/auth"
+import { useUser } from "@/utils/dataHooks"
 import { Center, Loader } from "@mantine/core"
-import Router from "next/router"
+import { useRouter } from "next/router"
 import { useEffect } from "react"
+import { hasAccess } from "shared"
 
 function IndexPage() {
+  const router = useRouter()
   const { isSignedIn } = useAuth()
+  const { user } = useUser()
+
   useEffect(() => {
-    Router.replace(isSignedIn ? "/analytics" : "/login")
-  }, [])
+    if (!router.isReady) {
+      return
+    }
+    if (!isSignedIn) {
+      router.replace("/login")
+      return
+    }
+
+    if (hasAccess(user.role, "analytics", "read")) {
+      router.replace("/analytics")
+    } else {
+      router.replace("/prompts")
+    }
+  }, [user, router.isReady])
 
   return (
     <Center h="100vh" w="100vw">
diff --git a/packages/frontend/pages/join.tsx b/packages/frontend/pages/join.tsx
index 1d8634a5..d2c3aa58 100644
--- a/packages/frontend/pages/join.tsx
+++ b/packages/frontend/pages/join.tsx
@@ -65,6 +65,7 @@ export default function Join() {
 
   const [loading, setLoading] = useState(false)
   const [step, setStep] = useState(1)
+  const [ssoURI, setSsoURI] = useState<string | null>(null)
 
   useEffect(() => {
     if (router.isReady) {
@@ -78,72 +79,116 @@ export default function Join() {
       email: "",
       name: "",
       password: "",
+      confirmPassword: "",
     },
 
     validate: {
       email: (val) => (/^\S+@\S+$/.test(val) ? null : "Invalid email"),
       name: (val) => (val.length <= 2 ? "Your name that short :) ?" : null),
       password: (val) =>
-        val.length < 6 ? "Password must be at least 6 characters" : null,
+        step === 2 && val.length < 6
+          ? "Password must be at least 6 characters"
+          : null,
+      confirmPassword: (val) =>
+        step === 2 && val !== form.values.password
+          ? "Passwords do not match"
+          : null,
     },
   })
 
   const handleSignup = async ({
     email,
-    password,
     name,
+    redirectUrl,
+    password,
   }: {
     email: string
-    password: string
     name: string
+    redirectUrl?: string
+    password?: string
   }) => {
     setLoading(true)
 
+    const signupData = {
+      email,
+      name,
+      orgId,
+      signupMethod: "join",
+      token,
+      password,
+      redirectUrl,
+    }
+
+    console.log(signupData)
+
     const ok = await errorHandler(
       fetcher.post("/auth/signup", {
-        arg: {
-          email,
-          password,
-          name,
-          orgId,
-          signupMethod: "join",
-          token,
-        },
+        arg: signupData,
       }),
     )
 
     if (ok) {
-      Router.replace("/login")
+      analytics.track("Join", { email, name, orgId })
 
       notifications.show({
         icon: <IconCheck size={18} />,
         color: "teal",
         message: `You have joined ${orgName}`,
       })
-      analytics.track("Join", { email, name })
+
+      if (redirectUrl) {
+        window.location.href = redirectUrl
+      } else {
+        Router.replace("/login")
+      }
     }
 
     setLoading(false)
   }
 
-  const nextStep = () => {
-    if (step === 1) {
-      if (
-        form.validateField("email").hasError ||
-        form.validateField("password").hasError
-      ) {
-        return
+  const continueStep = async () => {
+    const { email, name, password } = form.values
+
+    setLoading(true)
+    try {
+      if (step === 1) {
+        const { method, redirect } = await fetcher.post("/auth/method", {
+          arg: {
+            email,
+          },
+        })
+
+        console.log(method, redirect)
+
+        if (method === "saml") {
+          setSsoURI(redirect)
+
+          await handleSignup({
+            email,
+            name,
+            redirectUrl: redirect,
+          })
+        }
+      } else if (step === 2) {
+        await handleSignup({
+          email,
+          name,
+          password,
+        })
+
+        setStep(3)
       }
+    } catch (error) {
+      console.error(error)
     }
-
-    setStep(step + 1)
+    setLoading(false)
   }
 
   if (!joinData) {
     return <Loader />
   }
+
   const { orgUserCount, orgName, orgId, orgPlan } = joinData
-  console.log(joinData)
 
   if (orgUserCount >= SEAT_ALLOWANCE[orgPlan]) {
     return <TeamFull orgName={orgName} />
@@ -161,13 +206,20 @@ export default function Join() {
           </Title>
         </Stack>
         <Paper radius="md" p="xl" withBorder miw={350}>
-          <form onSubmit={form.onSubmit(handleSignup)}>
+          <form onSubmit={form.onSubmit(continueStep)}>
             <Stack gap="xl">
-              {step === 1 && (
+              {step < 3 && (
                 <>
-                  <Title order={2} fw={700} ta="center">
-                    Get Started
-                  </Title>
+                  <TextInput
+                    label="Full Name"
+                    autoComplete="name"
+                    description="Only used to address you properly."
+                    leftSection={<IconUser size="16" />}
+                    placeholder="Your full name"
+                    error={form.errors.name && "This field is required"}
+                    {...form.getInputProps("name")}
+                  />
+
                   <TextInput
                     leftSection={<IconAt size="16" />}
                     label="Email"
@@ -178,70 +230,37 @@ export default function Join() {
                     {...form.getInputProps("email")}
                   />
 
-                  <PasswordInput
-                    label="Password"
-                    autoComplete="new-password"
-                    onKeyPress={(e) => {
-                      if (e.key === "Enter") {
-                        nextStep()
-                      }
-                    }}
-                    error={form.errors.password && "Invalid password"}
-                    placeholder="Your password"
-                    {...form.getInputProps("password")}
-                  />
+                  {step === 2 && (
+                    <>
+                      <PasswordInput
+                        label="Password"
+                        autoComplete="new-password"
+                        error={form.errors.password && "Invalid password"}
+                        placeholder="Your password"
+                        {...form.getInputProps("password")}
+                      />
+                      <PasswordInput
+                        label="Confirm Password"
+                        autoComplete="new-password"
+                        error={form.errors.password && "Invalid password"}
+                        placeholder="Your password"
+                        {...form.getInputProps("confirmPassword")}
+                      />
+                    </>
+                  )}
 
                   <Button
                     size="md"
                     mt="md"
-                    onClick={nextStep}
+                    type="submit"
                     fullWidth
                     loading={loading}
                   >
-                    {`Continue →`}
+                    {step === 2 ? `Confirm signup →` : `Continue →`}
                   </Button>
                 </>
               )}
 
-              {step === 2 && (
-                <>
-                  <Title order={2} fw={700} ta="center">
-                    Almost there...
-                  </Title>
-
-                  <TextInput
-                    label="Full Name"
-                    autoComplete="name"
-                    description="Only used to address you properly."
-                    leftSection={<IconUser size="16" />}
-                    placeholder="Your full name"
-                    error={form.errors.name && "This field is required"}
-                    {...form.getInputProps("name")}
-                  />
-
-                  <Stack>
-                    <Button
-                      size="md"
-                      mt="md"
-                      type="submit"
-                      fullWidth
-                      loading={loading}
-                    >
-                      {`Create account`}
-                    </Button>
-
-                    <Button
-                      size="sm"
-                      onClick={() => setStep(1)}
-                      fullWidth
-                      variant="transparent"
-                    >
-                      {`← Go back`}
-                    </Button>
-                  </Stack>
-                </>
-              )}
-
               {step === 3 && (
                 <>
                   <Confetti
@@ -253,12 +272,16 @@ export default function Join() {
                   <Stack align="center">
                     <IconAnalyze color={"#206dce"} size={60} />
                     <Title order={2} fw={700} size={40} ta="center">
-                      You&nbsp;re all set 🎉
+                      You're all set 🎉
                     </Title>
 
-                    <Text size="lg" mt="xs" mb="xl" fw={500}>
-                      Check your emails for the confirmation link.
-                    </Text>
+                    {!process.env.NEXT_PUBLIC_IS_SELF_HOSTED && (
+                      <>
+                        <Text size="lg" mt="xs" mb="xl" fw={500}>
+                          Check your emails for the confirmation link.
+                        </Text>
+                      </>
+                    )}
 
                     <Button
                       onClick={() => router.push("/")}
diff --git a/packages/frontend/pages/settings.tsx b/packages/frontend/pages/settings.tsx
index 2e1f0c3d..f70f4925 100644
--- a/packages/frontend/pages/settings.tsx
+++ b/packages/frontend/pages/settings.tsx
@@ -19,6 +19,7 @@ import { useOrg, useUser, useProject } from "@/utils/dataHooks"
 import useSWR from "swr"
 import RenamableField from "@/components/blocks/RenamableField"
 import { hasAccess } from "shared"
+import { SettingsCard } from "@/components/blocks/SettingsCard"
 
 export default function AppAnalytics() {
   const { org } = useOrg()
@@ -53,15 +54,8 @@ export default function AppAnalytics() {
           props={["count"]}
         />
 
-        <Card withBorder p="lg">
-          <Stack gap="lg">
-            <Group justify="space-between" align="center">
-              <Title order={3}>Keys</Title>
-              {/* <Button onClick={() => alert("TODO")}>
-                Refresh Api Key
-              </Button> */}
-            </Group>
-
+        {user.role !== "viewer" && (
+          <SettingsCard title="Keys">
             <Alert
               variant="light"
               title={
@@ -77,66 +71,33 @@ export default function AppAnalytics() {
                 track events and send requests to the API.
               </Text>
             </Alert>
-
-            {/* <Alert
-              variant="light"
-              title={
-                <Group>
-                  <Text fw={500}>Public Tracking Key: </Text>
-                  <CopyText c="green.8" value={project?.publicApiKey} />
-                </Group>
-              }
-              color="green"
-            >
-              <Text>
-                Public API keys can be used from your server or frontend code to
-                track events and send requests to the API.
-              </Text>
-            </Alert> */}
-
-            {/* <Alert
-              variant="light"
-              title={
-                <Group>
-                  <Text fw={500}>Private Key:</Text>
-                  <CopyText c="red.8" value={project?.privateApiKey} />
-                </Group>
-              }
-              color="red"
-            >
-              <Text>
-                Private API keys should be used only on your server – they give
-                read/write/delete API access to your project's resources.
-              </Text>
-            </Alert> */}
-          </Stack>
-        </Card>
+          </SettingsCard>
+        )}
 
         {user && hasAccess(user.role, "projects", "delete") && (
-          <Card withBorder p="lg" style={{ overflow: "visible" }}>
-            <Stack align="start">
-              <Title order={4}>Danger Zone</Title>
-
-              <Text>
-                Deleting your project is irreversible and it will delete all
-                associated data.
-                <br />
-                We <b>cannot</b> recover your data once it&apos;s deleted.
-              </Text>
+          <SettingsCard title="Danger Zone" align="start">
+            <Text>
+              Deleting your project is irreversible and it will delete all
+              associated data.
+              <br />
+              We <b>cannot</b> recover your data once it&apos;s deleted.
+            </Text>
 
-              <Popover width={200} position="bottom" shadow="md">
-                <Popover.Target>
-                  <Button color="red" data-testid="delete-project-button">
-                    Delete Project
-                  </Button>
-                </Popover.Target>
-                <Popover.Dropdown>
-                  <Text mb="md">
-                    Are you sure you want to delete this project? This action is
-                    irreversible and it will delete all associated data.
-                  </Text>
+            <Popover width={200} position="bottom" shadow="md">
+              <Popover.Target>
+                <Button color="red" data-testid="delete-project-button">
+                  Delete Project
+                </Button>
+              </Popover.Target>
+              <Popover.Dropdown>
+                <Text mb="md">
+                  Are you sure you want to delete this project? This action is
+                  irreversible and it will delete all associated data.
+                </Text>
+                <Group align="start">
                   <Button
                     color="red"
+                    w={80}
                     data-testid="delete-project-popover-button"
                     onClick={async () => {
                       const dropped = await drop()
@@ -148,10 +109,10 @@ export default function AppAnalytics() {
                   >
                     Delete
                   </Button>
-                </Popover.Dropdown>
-              </Popover>
-            </Stack>
-          </Card>
+                </Group>
+              </Popover.Dropdown>
+            </Popover>
+          </SettingsCard>
         )}
       </Stack>
     </Container>
diff --git a/packages/frontend/pages/signup.tsx b/packages/frontend/pages/signup.tsx
index 57aac018..579d1625 100644
--- a/packages/frontend/pages/signup.tsx
+++ b/packages/frontend/pages/signup.tsx
@@ -124,13 +124,16 @@ function SignupPage() {
 
       auth.setJwt(token)
 
-      if (!process.env.SKIP_EMAIL_VERIFY) {
+      if (!process.env.NEXT_PUBLIC_IS_SELF_HOSTED) {
         notifications.show({
           icon: <IconCheck size={18} />,
           color: "teal",
           title: "Email sent",
           message: "Check your emails for the confirmation link",
         })
+      } else {
+        // redirect to dashboard
+        window.location.href = "/"
       }
 
       analytics.track("Signup", {
diff --git a/packages/frontend/pages/team.module.css b/packages/frontend/pages/team.module.css
index a39aede1..86819466 100644
--- a/packages/frontend/pages/team.module.css
+++ b/packages/frontend/pages/team.module.css
@@ -1,11 +1,6 @@
-.root {
-  outline: 1px
-}
-
 .pillsList {
   flex-wrap: nowrap;
   overflow: hidden;
   text-overflow: ellipsis;
   white-space: nowrap;
 }
-
diff --git a/packages/frontend/pages/team.tsx b/packages/frontend/pages/team.tsx
index 882f1330..ffa160b6 100644
--- a/packages/frontend/pages/team.tsx
+++ b/packages/frontend/pages/team.tsx
@@ -23,6 +23,7 @@ import {
   Text,
   TextInput,
   Title,
+  Tooltip,
   useCombobox,
 } from "@mantine/core"
 import {
@@ -30,14 +31,12 @@ import {
   IconCopy,
   IconDotsVertical,
   IconDownload,
-  IconRefresh,
-  IconSearch,
   IconTrash,
 } from "@tabler/icons-react"
 import { NextSeo } from "next-seo"
 import { z } from "zod"
 
-import CopyText, { SuperCopyButton } from "@/components/blocks/CopyText"
+import { CopyInput } from "@/components/blocks/CopyText"
 import UserAvatar from "@/components/blocks/UserAvatar"
 import {
   // useInvitations,
@@ -49,14 +48,18 @@ import {
 import { fetcher } from "@/utils/fetcher"
 import { useDisclosure } from "@mantine/hooks"
 import { notifications } from "@mantine/notifications"
-import { roles } from "shared"
+import { hasAccess, roles } from "shared"
 import classes from "./team.module.css"
 import { useForm } from "@mantine/form"
+import SearchBar from "@/components/blocks/SearchBar"
+import { SettingsCard } from "@/components/blocks/SettingsCard"
+import { SEAT_ALLOWANCE } from "@/utils/pricing"
+import { openUpgrade } from "@/components/layout/UpgradeModal"
 
 function SAMLConfig() {
   const { org, updateOrg, mutate } = useOrg()
 
-  const [idpXml, setIdpXml] = useState(org?.saml_idp_xml)
+  const [idpXml, setIdpXml] = useState(org?.samlIdpXml)
   const [idpLoading, setIdpLoading] = useState(false)
   const [spLoading, setSpLoading] = useState(false)
 
@@ -67,13 +70,18 @@ function SAMLConfig() {
     setIdpLoading(true)
 
     if (idpXml.startsWith("http")) {
-      const res = await fetcher.post(`/auth/saml/${org?.id}/download-idp-xml`, {
+      await fetcher.post(`/auth/saml/${org?.id}/download-idp-xml`, {
         arg: {
           url: idpXml,
         },
       })
 
-      console.log(res)
+      notifications.show({
+        title: "IDP XML added",
+        message: "The IDP XML has been added successfully",
+        icon: <IconCheck />,
+        color: "green",
+      })
     } else {
       await updateOrg({ id: org?.id, saml_idp_xml: content })
     }
@@ -134,47 +142,42 @@ function SAMLConfig() {
             <Table.Tr>
               <Table.Td>Identifier (Entity ID):</Table.Td>
               <Table.Td>
-                <CopyText c="blue" value={"urn:lunary.ai:saml:sp"} />
+                <CopyInput value={"urn:lunary.ai:saml:sp"} />
               </Table.Td>
             </Table.Tr>
             <Table.Tr>
               <Table.Td>Assertion Consumer Service (ACS) URL:</Table.Td>
               <Table.Td>
-                <CopyText
-                  c="blue"
-                  value={`${process.env.NEXT_PUBLIC_API_URL}/auth/saml/${org?.id}/acs`}
+                <CopyInput
+                  value={`${window.API_URL}/auth/saml/${org?.id}/acs`}
                 />
               </Table.Td>
             </Table.Tr>
             <Table.Tr>
               <Table.Td>Single Logout Service (SLO) URL:</Table.Td>
               <Table.Td>
-                <CopyText
-                  c="blue"
-                  value={`${process.env.NEXT_PUBLIC_API_URL}/auth/saml/${org?.id}/slo`}
+                <CopyInput
+                  value={`${window.API_URL}/auth/saml/${org?.id}/slo`}
                 />
               </Table.Td>
             </Table.Tr>
             <Table.Tr>
               <Table.Td>Sign on URL:</Table.Td>
               <Table.Td>
-                <CopyText
-                  c="blue"
-                  value={`${process.env.NEXT_PUBLIC_API_URL}/login`}
+                <CopyInput value={`${window.APP_URL}/login`} />
+              </Table.Td>
+            </Table.Tr>
+            <Table.Tr>
+              <Table.Td>Single Logout URL:</Table.Td>
+              <Table.Td>
+                <CopyInput
+                  value={`${window.API_URL}/auth/saml/${org?.id}/slo`}
                 />
               </Table.Td>
             </Table.Tr>
           </Table.Tbody>
         </Table>
 
-        <Group wrap="nowrap">
-          <Text>Single Logout Service (SLO) URL</Text>
-          <CopyText
-            c="blue"
-            value={`${window.API_URL}/auth/saml/${org?.id}/slo`}
-          />
-        </Group>
-
         <Button
           onClick={() => downloadSpXml()}
           loading={spLoading}
@@ -199,12 +202,7 @@ function InviteLinkModal({ opened, setOpened, link }) {
         Send this link to the person you want to invite to your organization.
       </Text>
 
-      <Input
-        my="lg"
-        value={link}
-        rightSectionPointerEvents="all"
-        rightSection={<SuperCopyButton value={link} />}
-      />
+      <CopyInput my="lg" value={link} />
 
       <Button
         leftSection={<IconCopy size={18} />}
@@ -290,7 +288,7 @@ function UserMenu({ user, isInvitation }) {
             <Menu.Item
               onClick={() => {
                 navigator.clipboard.writeText(
-                  `${process.env.NEXT_PUBLIC_APP_URL}/join?token=${user.singleUseToken}`,
+                  `${window.APP_URL}/join?token=${user.singleUseToken}`,
                 )
                 notifications.show({
                   icon: <IconCheck size={18} />,
@@ -314,6 +312,7 @@ function UserMenu({ user, isInvitation }) {
 export function RoleSelect({
   value,
   setValue,
+  disabled = false,
   minimal = false,
   additionalOptions = [],
 }) {
@@ -321,19 +320,39 @@ export function RoleSelect({
     onDropdownClose: () => combobox.resetSelectedOption(),
   })
 
+  const { org } = useOrg()
+
+  const canUsePaidRoles = org?.plan === "custom"
+
   const options = Object.values(roles).map(
-    ({ value, name, description }) =>
+    ({ value, name, description, free }) =>
       value !== "owner" && (
-        <Combobox.Option value={value} key={value}>
-          <Text size="sm">{name}</Text>
-          {minimal !== true && (
-            <Text size="sm" c="dimmed">
-              {description}
-            </Text>
-          )}
-        </Combobox.Option>
+        <Tooltip
+          key={value}
+          label={
+            !free && !canUsePaidRoles
+              ? "This role is available on Enterprise plans"
+              : null
+          }
+          position="left"
+          disabled={free || canUsePaidRoles}
+        >
+          <Combobox.Option
+            value={value}
+            key={value}
+            disabled={!free && !canUsePaidRoles}
+          >
+            <Text size="sm">{name}</Text>
+            {minimal !== true && (
+              <Text size="sm" c="dimmed">
+                {description}
+              </Text>
+            )}
+          </Combobox.Option>
+        </Tooltip>
       ),
   )
+
   options.push(...additionalOptions)
 
   return (
@@ -349,6 +368,7 @@ export function RoleSelect({
           miw="200px"
           component="button"
           type="button"
+          disabled={disabled}
           pointer
           rightSection={<Combobox.Chevron />}
           onClick={() => combobox.toggleDropdown()}
@@ -405,7 +425,6 @@ function InviteMemberCard() {
 
   const [isLoading, setIsLoading] = useState(false)
   const { addUserToOrg } = useOrg()
-  const { user } = useUser()
 
   useEffect(() => {
     setSelectedProjects(projects.map((p) => p.id))
@@ -429,6 +448,10 @@ function InviteMemberCard() {
   })
 
   async function invite({ email }) {
+    if (org?.users?.length >= SEAT_ALLOWANCE[org?.plan]) {
+      return openUpgrade("team")
+    }
+
     try {
       setIsLoading(true)
       const { user: newUser } = await addUserToOrg({
@@ -446,7 +469,7 @@ function InviteMemberCard() {
         })
         return
       } else {
-        const link = `${process.env.NEXT_PUBLIC_APP_URL}/join?token=${newUser.singleUseToken}`
+        const link = `${window.APP_URL}/join?token=${newUser.singleUseToken}`
         setIsLoading(false)
         setInviteLink(link)
         setOpened(true)
@@ -459,14 +482,16 @@ function InviteMemberCard() {
     }
   }
 
+  const upgradeForGranular = org.plan !== "custom"
+
   return (
-    <Card withBorder p="lg">
+    <SettingsCard title="Invite Team Member">
       <InviteLinkModal
         opened={opened}
         setOpened={setOpened}
         link={inviteLink}
       />
-      <Text>Invite new team members</Text>
+
       <form onSubmit={form.onSubmit(invite)}>
         <Group grow={true}>
           <TextInput
@@ -481,13 +506,19 @@ function InviteMemberCard() {
             <RoleSelect value={role} setValue={setRole} />
           </Input.Wrapper>
           <Input.Wrapper mt="md" label="Projects">
-            <ProjectMultiSelect
-              value={selectedProjects}
-              setValue={setSelectedProjects}
-              disabled={
-                org.plan !== "custom" || ["admin", "billing"].includes(role)
-              }
-            />
+            <Tooltip
+              label="Upgrade to manage project access granuarly"
+              position="top"
+              disabled={!upgradeForGranular}
+            >
+              <ProjectMultiSelect
+                value={selectedProjects}
+                setValue={setSelectedProjects}
+                disabled={
+                  upgradeForGranular || ["admin", "billing"].includes(role)
+                }
+              />
+            </Tooltip>
           </Input.Wrapper>
         </Group>
 
@@ -497,7 +528,7 @@ function InviteMemberCard() {
           </Button>
         </Group>
       </form>
-    </Card>
+    </SettingsCard>
   )
 }
 
@@ -510,7 +541,6 @@ function UpdateUserForm({ user, onClose }) {
   const [isLoading, setIsLoading] = useState(false)
 
   useEffect(() => {
-    console.log(role)
     if (["admin", "billing"].includes(role)) {
       setUserProjects(projects.map((p) => p.id))
     }
@@ -601,98 +631,107 @@ function MemberList({ users, isInvitation }) {
         )}
       </Modal>
       <Stack gap="0">
-        <Group justify="space-between">
-          <TextInput
-            style={{ flexGrow: 1 }}
-            my="md"
-            leftSection={<IconSearch size="14" />}
-            value={searchValue}
-            onChange={(e) => setSearchValue(e.target.value)}
+        <Group w="100%" wrap="no-wrap">
+          <SearchBar
+            query={searchValue}
+            setQuery={setSearchValue}
             placeholder="Filter..."
+            my="md"
+            w="100%"
+          />
+
+          <RoleSelect
+            value={role}
+            disabled={org.plan !== "custom"}
+            setValue={setRole}
+            minimal={true}
+            additionalOptions={additionalOptions}
           />
-          {org.plan === "custom" && (
-            <RoleSelect
-              value={role}
-              setValue={setRole}
-              minimal={true}
-              additionalOptions={additionalOptions}
-            />
-          )}
         </Group>
 
-        <Card withBorder p="0">
-          {users?.map((user, i) => (
-            <React.Fragment key={i}>
-              <Group justify="space-between" p="lg">
-                <Group>
-                  <UserAvatar profile={user} size="30" />
-                  <Stack gap="0">
-                    <Text size="sm" fw="500">
-                      {isInvitation ? "Pending Invitation" : user.name}
-                    </Text>
-                    <Text c="dimmed" size="sm">
-                      {user.email}
+        {!!users?.length ? (
+          <Card withBorder p="0">
+            {users.map((user, i) => (
+              <React.Fragment key={i}>
+                <Group justify="space-between" p="lg">
+                  <Group>
+                    <UserAvatar profile={user} size="30" />
+                    <Stack gap="0">
+                      <Text size="sm" fw="500">
+                        {isInvitation ? "Pending Invitation" : user.name}
+                      </Text>
+                      <Text c="dimmed" size="sm">
+                        {user.email}
+                      </Text>
+                    </Stack>
+                    {user?.id === currentUser?.id ? (
+                      <Badge color="blue">You</Badge>
+                    ) : null}
+                  </Group>
+
+                  <Group>
+                    <Text size="sm" c="dimmed">
+                      {roles[user.role].name}
                     </Text>
-                  </Stack>
-                  {user?.id === currentUser?.id ? (
-                    <Badge color="blue">You</Badge>
-                  ) : null}
-                </Group>
-
-                <Group>
-                  <Text size="sm" c="dimmed">
-                    {roles[user.role].name}
-                  </Text>
-                  {currentUser?.id !== user.id && !isInvitation && (
-                    <>
-                      <Popover
-                        width={200}
-                        position="bottom"
-                        withArrow
-                        shadow="md"
-                        opened={opened}
-                      >
-                        <Popover.Target>
-                          <Badge
-                            // TODO: bug when hovering its opens for all users
-                            // onMouseEnter={open}
-                            // onMouseLeave={close}
-                            variant="light"
-                          >
-                            {user.projects.length} projects
-                          </Badge>
-                        </Popover.Target>
-                        <Popover.Dropdown style={{ pointerEvents: "none" }}>
-                          {user.projects.map((projectId) => (
-                            <Stack gap="lg" key={projectId}>
-                              <Text size="md">
-                                {
-                                  projects?.find((p) => p.id === projectId)
-                                    ?.name
-                                }
-                              </Text>
-                            </Stack>
-                          ))}
-                        </Popover.Dropdown>
-                      </Popover>
-                      {user.role !== "owner" && (
-                        <Button
-                          variant="default"
-                          onClick={() => handleOpenModal(user)}
+                    {currentUser?.id !== user.id && !isInvitation && (
+                      <>
+                        <Popover
+                          width={200}
+                          position="bottom"
+                          withArrow
+                          shadow="md"
+                          opened={opened}
                         >
-                          Manage Access
-                        </Button>
-                      )}
-                    </>
-                  )}
-                  <UserMenu user={user} isInvitation={isInvitation} />
+                          <Popover.Target>
+                            <Badge
+                              // TODO: bug when hovering its opens for all users
+                              // onMouseEnter={open}
+                              // onMouseLeave={close}
+                              variant="light"
+                            >
+                              {user.projects.length} projects
+                            </Badge>
+                          </Popover.Target>
+                          <Popover.Dropdown style={{ pointerEvents: "none" }}>
+                            {user.projects.map((projectId) => (
+                              <Stack gap="lg" key={projectId}>
+                                <Text size="md">
+                                  {
+                                    projects?.find((p) => p.id === projectId)
+                                      ?.name
+                                  }
+                                </Text>
+                              </Stack>
+                            ))}
+                          </Popover.Dropdown>
+                        </Popover>
+                        {hasAccess(
+                          currentUser.role,
+                          "teamMembers",
+                          "update",
+                        ) && (
+                          <Button
+                            variant="default"
+                            onClick={() => handleOpenModal(user)}
+                          >
+                            Manage Access
+                          </Button>
+                        )}
+                      </>
+                    )}
+                    <UserMenu user={user} isInvitation={isInvitation} />
+                  </Group>
                 </Group>
-              </Group>
 
-              {i !== users.length && <Divider />}
-            </React.Fragment>
-          ))}
-        </Card>
+                {i !== users.length - 1 && <Divider />}
+              </React.Fragment>
+            ))}
+          </Card>
+        ) : (
+          <Card withBorder p="lg">
+            <Text>Nothing here.</Text>
+          </Card>
+        )}
       </Stack>
     </>
   )
@@ -708,12 +747,11 @@ function MemberListCard() {
   )
 
   return (
-    <Tabs defaultValue="members" classNames={{ root: classes.root }}>
+    <Tabs defaultValue="members">
       <Tabs.List>
         <Tabs.Tab value="members">Team Members</Tabs.Tab>
-        {invitedUsers?.length >= 1 && (
-          <Tabs.Tab value="invitations">Pending Invitations</Tabs.Tab>
-        )}
+
+        <Tabs.Tab value="invitations">Pending Invitations</Tabs.Tab>
       </Tabs.List>
 
       <Tabs.Panel value="members">
@@ -730,6 +768,7 @@ function MemberListCard() {
 // TODO: put back at root level
 export default function Team() {
   const { org } = useOrg()
+  const { user } = useUser()
   const samlEnabled = org?.samlEnabled
 
   if (!org) {
@@ -740,12 +779,14 @@ export default function Team() {
     <Container className="unblockable">
       <NextSeo title="Team" />
 
-      <Stack gap="lg">
-        <Title order={2}>Team Members</Title>
+      <Stack gap="xl">
+        <Title order={2}>Manage Team</Title>
 
-        <InviteMemberCard />
+        {hasAccess(user.role, "teamMembers", "create") && <InviteMemberCard />}
         <MemberListCard />
-        {samlEnabled && <SAMLConfig />}
+        {samlEnabled && ["admin", "owner"].includes(user.role) && (
+          <SAMLConfig />
+        )}
       </Stack>
     </Container>
   )
diff --git a/packages/ml/README.md b/packages/ml/README.md
index cf6c4241..45b1190f 100644
--- a/packages/ml/README.md
+++ b/packages/ml/README.md
@@ -7,7 +7,7 @@ Communication is done using zerorpc between the JS backend and the Python script
 To create a virtual environment, run the following command:
 
 ```bash
-python3 -m venv .venv
+python3 -m venv venv
 ```
 
 ## Active venv
@@ -15,7 +15,7 @@ python3 -m venv .venv
 To activate the virtual environment, run the following command:
 
 ```bash
-source .venv/bin/activate
+source venv/bin/activate
 
 pip install -r requirements.txt
 ```
diff --git a/packages/ml/main.py b/packages/ml/main.py
index 8a79487a..b8608f53 100644
--- a/packages/ml/main.py
+++ b/packages/ml/main.py
@@ -2,9 +2,14 @@
 from lang import detect_lang
 from toxicity import detect_toxicity
 from pii import detect_pii
+import sys
 
 app = Flask(__name__)
 
+# Disable the Flask red warning server banner
+cli = sys.modules['flask.cli']
+cli.show_server_banner = lambda *x: None
+
 @app.route('/lang', methods=['POST'])
 def language_route():
     text = request.json['text']
@@ -29,4 +34,4 @@ def pii_route():
 if __name__ == '__main__':
     app.run(host='localhost', port=4242)
 
-print("Python Flask Server is running on port 4242")
+print("Python ML Server running on port 4242")
diff --git a/packages/shared/access-control/roles.ts b/packages/shared/access-control/roles.ts
index 576c8b07..cc25e215 100644
--- a/packages/shared/access-control/roles.ts
+++ b/packages/shared/access-control/roles.ts
@@ -26,6 +26,7 @@ export const roles: Record<
   {
     value: Role
     name: string
+    free?: boolean
     description: string
     permissions: Record<ResourceName, Partial<Record<Action, boolean>>>
   }
@@ -34,6 +35,7 @@ export const roles: Record<
     value: "owner",
     name: "Owner",
     description: "Owner of the organization",
+    free: true,
     permissions: {
       projects: {
         create: true,
@@ -119,6 +121,7 @@ export const roles: Record<
   admin: {
     value: "admin",
     name: "Admin",
+    free: true,
     description: "Admin-level access to the entire org",
     permissions: {
       projects: {
@@ -204,6 +207,7 @@ export const roles: Record<
   member: {
     value: "member",
     name: "Member",
+    free: true,
     description: "Full access to most resources",
     permissions: {
       projects: {